diff options
Diffstat (limited to 'nixpkgs/nixos')
1937 files changed, 28579 insertions, 17791 deletions
diff --git a/nixpkgs/nixos/doc/manual/administration/system-state.chapter.md b/nixpkgs/nixos/doc/manual/administration/system-state.chapter.md index 6840cc390257..89013933cda5 100644 --- a/nixpkgs/nixos/doc/manual/administration/system-state.chapter.md +++ b/nixpkgs/nixos/doc/manual/administration/system-state.chapter.md @@ -7,7 +7,7 @@ However, it is possible and not-uncommon to create [impermanent systems], whose `rootfs` is either a `tmpfs` or reset during boot. While NixOS itself supports this kind of configuration, special care needs to be taken. -[impermanent systems]: https://nixos.wiki/wiki/Impermanence +[impermanent systems]: https://wiki.nixos.org/wiki/Impermanence ```{=include=} sections diff --git a/nixpkgs/nixos/doc/manual/configuration/abstractions.section.md b/nixpkgs/nixos/doc/manual/configuration/abstractions.section.md index 5bc44aa72245..06356c472ba9 100644 --- a/nixpkgs/nixos/doc/manual/configuration/abstractions.section.md +++ b/nixpkgs/nixos/doc/manual/configuration/abstractions.section.md @@ -35,7 +35,7 @@ in { services.httpd.virtualHosts = { "blog.example.org" = (commonConfig // { documentRoot = "/webroot/blog.example.org"; }); - "wiki.example.org" = (commonConfig // { documentRoot = "/webroot/wiki.example.com"; }); + "wiki.example.org" = (commonConfig // { documentRoot = "/webroot/wiki.example.org"; }); }; } ``` diff --git a/nixpkgs/nixos/doc/manual/configuration/customizing-packages.section.md b/nixpkgs/nixos/doc/manual/configuration/customizing-packages.section.md index a524ef266eaf..074932b3f110 100644 --- a/nixpkgs/nixos/doc/manual/configuration/customizing-packages.section.md +++ b/nixpkgs/nixos/doc/manual/configuration/customizing-packages.section.md @@ -1,11 +1,33 @@ # Customising Packages {#sec-customising-packages} -Some packages in Nixpkgs have options to enable or disable optional -functionality or change other aspects of the package. +The Nixpkgs configuration for a NixOS system is set by the {option}`nixpkgs.config` option. + +::::{.example} +# Globally allow unfree packages + +```nix +{ + nixpkgs.config = { + allowUnfree = true; + }; +} +``` + +:::{.note} +This only allows unfree software in the given NixOS configuration. +For users invoking Nix commands such as [`nix-build`](https://nixos.org/manual/nix/stable/command-ref/nix-build), Nixpkgs is configured independently. +See the [Nixpkgs manual section on global configuration](https://nixos.org/manual/nixpkgs/unstable/#chap-packageconfig) for details. +::: +:::: + +<!-- TODO(@fricklerhandwerk) +all of the following should go to the Nixpkgs manual, it has nothing to do with NixOS +--> + +Some packages in Nixpkgs have options to enable or disable optional functionality, or change other aspects of the package. ::: {.warning} -Unfortunately, Nixpkgs currently lacks a way to query available -configuration options. +Unfortunately, Nixpkgs currently lacks a way to query available package configuration options. ::: ::: {.note} diff --git a/nixpkgs/nixos/doc/manual/configuration/modularity.section.md b/nixpkgs/nixos/doc/manual/configuration/modularity.section.md index cb9f543797d2..ba3bc79a3631 100644 --- a/nixpkgs/nixos/doc/manual/configuration/modularity.section.md +++ b/nixpkgs/nixos/doc/manual/configuration/modularity.section.md @@ -27,7 +27,7 @@ Here, we include two modules from the same directory, `vpn.nix` and { config, pkgs, ... }: { services.xserver.enable = true; - services.xserver.displayManager.sddm.enable = true; + services.displayManager.sddm.enable = true; services.xserver.desktopManager.plasma5.enable = true; environment.systemPackages = [ pkgs.vim ]; } diff --git a/nixpkgs/nixos/doc/manual/configuration/profiles/demo.section.md b/nixpkgs/nixos/doc/manual/configuration/profiles/demo.section.md index 0a0df483c123..720fc101dc18 100644 --- a/nixpkgs/nixos/doc/manual/configuration/profiles/demo.section.md +++ b/nixpkgs/nixos/doc/manual/configuration/profiles/demo.section.md @@ -1,4 +1,4 @@ # Demo {#sec-profile-demo} This profile just enables a `demo` user, with password `demo`, uid `1000`, `wheel` group and -[autologin in the SDDM display manager](#opt-services.xserver.displayManager.autoLogin). +[autologin in the SDDM display manager](#opt-services.displayManager.autoLogin). diff --git a/nixpkgs/nixos/doc/manual/configuration/profiles/graphical.section.md b/nixpkgs/nixos/doc/manual/configuration/profiles/graphical.section.md index aaea5c8c0288..84fad5c0a612 100644 --- a/nixpkgs/nixos/doc/manual/configuration/profiles/graphical.section.md +++ b/nixpkgs/nixos/doc/manual/configuration/profiles/graphical.section.md @@ -4,7 +4,7 @@ Defines a NixOS configuration with the Plasma 5 desktop. It's used by the graphical installation CD. It sets [](#opt-services.xserver.enable), -[](#opt-services.xserver.displayManager.sddm.enable), +[](#opt-services.displayManager.sddm.enable), [](#opt-services.xserver.desktopManager.plasma5.enable), -and [](#opt-services.xserver.libinput.enable) to true. It also +and [](#opt-services.libinput.enable) to true. It also includes glxinfo and firefox in the system packages list. diff --git a/nixpkgs/nixos/doc/manual/configuration/sshfs-file-systems.section.md b/nixpkgs/nixos/doc/manual/configuration/sshfs-file-systems.section.md index e2e37454b7ea..32b4aac78304 100644 --- a/nixpkgs/nixos/doc/manual/configuration/sshfs-file-systems.section.md +++ b/nixpkgs/nixos/doc/manual/configuration/sshfs-file-systems.section.md @@ -26,8 +26,8 @@ To create a new key without a passphrase you can do: ```ShellSession $ ssh-keygen -t ed25519 -P '' -f example-key Generating public/private ed25519 key pair. -Your identification has been saved in test-key -Your public key has been saved in test-key.pub +Your identification has been saved in example-key +Your public key has been saved in example-key.pub The key fingerprint is: SHA256:yjxl3UbTn31fLWeyLYTAKYJPRmzknjQZoyG8gSNEoIE my-user@workstation ``` diff --git a/nixpkgs/nixos/doc/manual/configuration/x-windows.chapter.md b/nixpkgs/nixos/doc/manual/configuration/x-windows.chapter.md index 8162e38e9f5b..31752330dd9a 100644 --- a/nixpkgs/nixos/doc/manual/configuration/x-windows.chapter.md +++ b/nixpkgs/nixos/doc/manual/configuration/x-windows.chapter.md @@ -45,7 +45,7 @@ alternative one by picking one of the following lines: ```nix { - services.xserver.displayManager.sddm.enable = true; + services.displayManager.sddm.enable = true; services.xserver.displayManager.gdm.enable = true; } ``` @@ -99,7 +99,7 @@ your window manager, you'd define: ```nix { - services.xserver.displayManager.defaultSession = "none+i3"; + services.displayManager.defaultSession = "none+i3"; } ``` @@ -109,8 +109,8 @@ using lightdm for a user `alice`: ```nix { services.xserver.displayManager.lightdm.enable = true; - services.xserver.displayManager.autoLogin.enable = true; - services.xserver.displayManager.autoLogin.user = "alice"; + services.displayManager.autoLogin.enable = true; + services.displayManager.autoLogin.user = "alice"; } ``` @@ -207,7 +207,7 @@ Latitude series) can be enabled as follows: ```nix { - services.xserver.libinput.enable = true; + services.libinput.enable = true; } ``` @@ -216,7 +216,7 @@ For instance, the following disables tap-to-click behavior: ```nix { - services.xserver.libinput.touchpad.tapping = false; + services.libinput.touchpad.tapping = false; } ``` diff --git a/nixpkgs/nixos/doc/manual/configuration/xfce.chapter.md b/nixpkgs/nixos/doc/manual/configuration/xfce.chapter.md index fcc9bcc45641..302cf9fa093d 100644 --- a/nixpkgs/nixos/doc/manual/configuration/xfce.chapter.md +++ b/nixpkgs/nixos/doc/manual/configuration/xfce.chapter.md @@ -5,7 +5,7 @@ To enable the Xfce Desktop Environment, set ```nix { services.xserver.desktopManager.xfce.enable = true; - services.xserver.displayManager.defaultSession = "xfce"; + services.displayManager.defaultSession = "xfce"; } ``` diff --git a/nixpkgs/nixos/doc/manual/default.nix b/nixpkgs/nixos/doc/manual/default.nix index 5f51bb53ad7f..80916e9733c5 100644 --- a/nixpkgs/nixos/doc/manual/default.nix +++ b/nixpkgs/nixos/doc/manual/default.nix @@ -9,12 +9,20 @@ , prefix ? ../../.. }: -with pkgs; - let - inherit (lib) hasPrefix removePrefix; - - lib = pkgs.lib; + inherit (pkgs) buildPackages runCommand docbook_xsl_ns; + + inherit (pkgs.lib) + hasPrefix + removePrefix + flip + foldr + types + mkOption + escapeShellArg + concatMapStringsSep + sourceFilesBySuffices + ; common = import ./common.nix; @@ -27,7 +35,7 @@ let # E.g. if some `options` came from modules in ${pkgs.customModules}/nix, # you'd need to include `extraSources = [ pkgs.customModules ]` prefixesToStrip = map (p: "${toString p}/") ([ prefix ] ++ extraSources); - stripAnyPrefixes = lib.flip (lib.foldr lib.removePrefix) prefixesToStrip; + stripAnyPrefixes = flip (foldr removePrefix) prefixesToStrip; optionsDoc = buildPackages.nixosOptionsDoc { inherit options revision baseOptionsJSON warningsAreErrors; @@ -42,8 +50,8 @@ let testOptionsDoc = let eval = nixos-lib.evalTest { # Avoid evaluating a NixOS config prototype. - config.node.type = lib.types.deferredModule; - options._module.args = lib.mkOption { internal = true; }; + config.node.type = types.deferredModule; + options._module.args = mkOption { internal = true; }; }; in buildPackages.nixosOptionsDoc { inherit (eval) options; @@ -72,17 +80,17 @@ let cp -r --no-preserve=all $inputs/* . substituteInPlace ./manual.md \ - --replace '@NIXOS_VERSION@' "${version}" + --replace-fail '@NIXOS_VERSION@' "${version}" substituteInPlace ./configuration/configuration.md \ - --replace \ + --replace-fail \ '@MODULE_CHAPTERS@' \ - ${lib.escapeShellArg (lib.concatMapStringsSep "\n" (p: "${p.value}") config.meta.doc)} + ${escapeShellArg (concatMapStringsSep "\n" (p: "${p.value}") config.meta.doc)} substituteInPlace ./nixos-options.md \ - --replace \ + --replace-fail \ '@NIXOS_OPTIONS_JSON@' \ ${optionsDoc.optionsJSON}/${common.outputPath}/options.json substituteInPlace ./development/writing-nixos-tests.section.md \ - --replace \ + --replace-fail \ '@NIXOS_TEST_OPTIONS_JSON@' \ ${testOptionsDoc.optionsJSON}/${common.outputPath}/options.json sed -e '/@PYTHON_MACHINE_METHODS@/ {' -e 'r ${testDriverMachineDocstrings}/machine-methods.md' -e 'd' -e '}' \ @@ -95,7 +103,7 @@ in rec { # Generate the NixOS manual. manualHTML = runCommand "nixos-manual-html" { nativeBuildInputs = [ buildPackages.nixos-render-docs ]; - inputs = lib.sourceFilesBySuffices ./. [ ".md" ]; + inputs = sourceFilesBySuffices ./. [ ".md" ]; meta.description = "The NixOS manual in HTML format"; allowedReferences = ["out"]; } @@ -114,8 +122,8 @@ in rec { nixos-render-docs -j $NIX_BUILD_CORES manual html \ --manpage-urls ${manpageUrls} \ - --revision ${lib.escapeShellArg revision} \ - --generator "nixos-render-docs ${lib.version}" \ + --revision ${escapeShellArg revision} \ + --generator "nixos-render-docs ${pkgs.lib.version}" \ --stylesheet style.css \ --stylesheet highlightjs/mono-blue.css \ --script ./highlightjs/highlight.pack.js \ @@ -147,7 +155,7 @@ in rec { xml:id="book-nixos-manual"> <info> <title>NixOS Manual</title> - <subtitle>Version ${lib.version}</subtitle> + <subtitle>Version ${pkgs.lib.version}</subtitle> </info> <chapter> <title>Temporarily unavailable</title> @@ -199,7 +207,7 @@ in rec { # Generate manpages. mkdir -p $out/share/man/man5 nixos-render-docs -j $NIX_BUILD_CORES options manpage \ - --revision ${lib.escapeShellArg revision} \ + --revision ${escapeShellArg revision} \ ${optionsJSON}/${common.outputPath}/options.json \ $out/share/man/man5/configuration.nix.5 ''; diff --git a/nixpkgs/nixos/doc/manual/development/option-declarations.section.md b/nixpkgs/nixos/doc/manual/development/option-declarations.section.md index ad5857b11a2e..325f4d11cb08 100644 --- a/nixpkgs/nixos/doc/manual/development/option-declarations.section.md +++ b/nixpkgs/nixos/doc/manual/development/option-declarations.section.md @@ -12,7 +12,7 @@ looks like this: type = type specification; default = default value; example = example value; - description = lib.mdDoc "Description for use in the NixOS manual."; + description = "Description for use in the NixOS manual."; }; }; } @@ -58,12 +58,9 @@ The function `mkOption` accepts the following arguments. `description` -: A textual description of the option, in [Nixpkgs-flavored Markdown]( - https://nixos.org/nixpkgs/manual/#sec-contributing-markup) format, that will be - included in the NixOS manual. During the migration process from DocBook - it is necessary to mark descriptions written in CommonMark with `lib.mdDoc`. - The description may still be written in DocBook (without any marker), but this - is discouraged and will be deprecated in the future. +: A textual description of the option in [Nixpkgs-flavored Markdown]( + https://nixos.org/nixpkgs/manual/#sec-contributing-markup) format that will be + included in the NixOS manual. ## Utility functions for common option patterns {#sec-option-declarations-util} @@ -81,13 +78,13 @@ For example: ::: {#ex-options-declarations-util-mkEnableOption-magic .example} ### `mkEnableOption` usage ```nix -lib.mkEnableOption (lib.mdDoc "magic") +lib.mkEnableOption "magic" # is like lib.mkOption { type = lib.types.bool; default = false; example = true; - description = lib.mdDoc "Whether to enable magic."; + description = "Whether to enable magic."; } ``` ::: @@ -135,7 +132,7 @@ lib.mkOption { type = lib.types.package; default = pkgs.hello; defaultText = lib.literalExpression "pkgs.hello"; - description = lib.mdDoc "The hello package to use."; + description = "The hello package to use."; } ``` ::: @@ -153,7 +150,7 @@ lib.mkOption { default = pkgs.ghc; defaultText = lib.literalExpression "pkgs.ghc"; example = lib.literalExpression "pkgs.haskell.packages.ghc92.ghc.withPackages (hkgs: [ hkgs.primes ])"; - description = lib.mdDoc "The GHC package to use."; + description = "The GHC package to use."; } ``` ::: diff --git a/nixpkgs/nixos/doc/manual/development/option-types.section.md b/nixpkgs/nixos/doc/manual/development/option-types.section.md index 243039b01673..b44a84553b37 100644 --- a/nixpkgs/nixos/doc/manual/development/option-types.section.md +++ b/nixpkgs/nixos/doc/manual/development/option-types.section.md @@ -42,6 +42,9 @@ merging is handled. : One element of the list *`l`*, e.g. `types.enum [ "left" "right" ]`. Multiple definitions cannot be merged. + If you want to pair these values with more information, possibly of + distinct types, consider using a [sum type](#sec-option-types-sums). + `types.anything` : A type that accepts any value and recursively merges attribute sets @@ -279,6 +282,84 @@ Submodules are detailed in [Submodule](#section-option-types-submodule). more convenient and discoverable than expecting the module user to type-merge with the `attrsOf submodule` option. +## Union types {#sec-option-types-unions} + +A union of types is a type such that a value is valid when it is valid for at least one of those types. + +If some values are instances of more than one of the types, it is not possible to distinguish which type they are meant to be instances of. If that's needed, consider using a [sum type](#sec-option-types-sums). + +`types.either` *`t1 t2`* + +: Type *`t1`* or type *`t2`*, e.g. `with types; either int str`. + Multiple definitions cannot be merged. + +`types.oneOf` \[ *`t1 t2`* ... \] + +: Type *`t1`* or type *`t2`* and so forth, e.g. + `with types; oneOf [ int str bool ]`. Multiple definitions cannot be + merged. + +`types.nullOr` *`t`* + +: `null` or type *`t`*. Multiple definitions are merged according to + type *`t`*. + + +## Sum types {#sec-option-types-sums} + +A sum type can be thought of, conceptually, as a *`types.enum`* where each valid item is paired with at least a type, through some value syntax. +Nix does not have a built-in syntax for this pairing of a label and a type or value, so sum types may be represented in multiple ways. + +If the you're interested in can be distinguished without a label, you may simplify your value syntax with a [union type](#sec-option-types-unions) instead. + +`types.attrTag` *`{ attr1 = option1; attr2 = option2; ... }`* + +: An attribute set containing one attribute, whose name must be picked from + the attribute set (`attr1`, etc) and whose value consists of definitions that are valid for the corresponding option (`option1`, etc). + + This type appears in the documentation as _attribute-tagged union_. + + Example: + + ```nix + { lib, ... }: + let inherit (lib) type mkOption; + in { + options.toyRouter.rules = mkOption { + description = '' + Rules for a fictional packet routing service. + ''; + type = types.attrsOf ( + types.attrTag { + bounce = mkOption { + description = "Send back a packet explaining why it wasn't forwarded."; + type = types.submodule { + options.errorMessage = mkOption { … }; + }; + }; + forward = mkOption { + description = "Forward the packet."; + type = types.submodule { + options.destination = mkOption { … }; + }; + }; + ignore = types.mkOption { + description = "Drop the packet without sending anything back."; + type = types.submodule {}; + }; + }); + }; + config.toyRouter.rules = { + http = { + bounce = { + errorMessage = "Unencrypted HTTP is banned. You must always use https://."; + }; + }; + ssh = { drop = {}; }; + }; + } + ``` + ## Composed types {#sec-option-types-composed} Composed types are types that take a type as parameter. `listOf @@ -318,11 +399,6 @@ Composed types are types that take a type as parameter. `listOf returned instead for the same `mkIf false` definition. ::: -`types.nullOr` *`t`* - -: `null` or type *`t`*. Multiple definitions are merged according to - type *`t`*. - `types.uniq` *`t`* : Ensures that type *`t`* cannot be merged. It is used to ensure option @@ -334,17 +410,6 @@ Composed types are types that take a type as parameter. `listOf the line `The option <option path> is defined multiple times.` and before a list of definition locations. -`types.either` *`t1 t2`* - -: Type *`t1`* or type *`t2`*, e.g. `with types; either int str`. - Multiple definitions cannot be merged. - -`types.oneOf` \[ *`t1 t2`* ... \] - -: Type *`t1`* or type *`t2`* and so forth, e.g. - `with types; oneOf [ int str bool ]`. Multiple definitions cannot be - merged. - `types.coercedTo` *`from f to`* : Type *`to`* or type *`from`* which will be coerced to type *`to`* using diff --git a/nixpkgs/nixos/doc/manual/installation/installing.chapter.md b/nixpkgs/nixos/doc/manual/installation/installing.chapter.md index c7deb07352f1..b6db40878ba7 100644 --- a/nixpkgs/nixos/doc/manual/installation/installing.chapter.md +++ b/nixpkgs/nixos/doc/manual/installation/installing.chapter.md @@ -376,7 +376,7 @@ Use the following commands: ```ShellSession # mkdir -p /mnt/boot - # mount /dev/disk/by-label/boot /mnt/boot + # mount -o umask=077 /dev/disk/by-label/boot /mnt/boot ``` 3. If your machine has a limited amount of memory, you may want to @@ -572,7 +572,7 @@ With a partitioned disk. # mkfs.fat -F 32 -n boot /dev/sda3 # (for UEFI systems only) # mount /dev/disk/by-label/nixos /mnt # mkdir -p /mnt/boot # (for UEFI systems only) -# mount /dev/disk/by-label/boot /mnt/boot # (for UEFI systems only) +# mount -o umask=077 /dev/disk/by-label/boot /mnt/boot # (for UEFI systems only) # nixos-generate-config --root /mnt # nano /mnt/etc/nixos/configuration.nix # nixos-install diff --git a/nixpkgs/nixos/doc/manual/release-notes/rl-1909.section.md b/nixpkgs/nixos/doc/manual/release-notes/rl-1909.section.md index 2bd04f8dd40a..49fc98c313ac 100644 --- a/nixpkgs/nixos/doc/manual/release-notes/rl-1909.section.md +++ b/nixpkgs/nixos/doc/manual/release-notes/rl-1909.section.md @@ -230,7 +230,7 @@ When upgrading from a previous release, please be aware of the following incompa - The `documentation` module gained an option named `documentation.nixos.includeAllModules` which makes the generated configuration.nix 5 manual page include all options from all NixOS modules included in a given `configuration.nix` configuration file. Currently, it is set to `false` by default as enabling it frequently prevents evaluation. But the plan is to eventually have it set to `true` by default. Please set it to `true` now in your `configuration.nix` and fix all the bugs it uncovers. -- The `vlc` package gained support for Chromecast streaming, enabled by default. TCP port 8010 must be open for it to work, so something like `networking.firewall.allowedTCPPorts = [ 8010 ];` may be required in your configuration. Also consider enabling [ Accelerated Video Playback](https://nixos.wiki/wiki/Accelerated_Video_Playback) for better transcoding performance. +- The `vlc` package gained support for Chromecast streaming, enabled by default. TCP port 8010 must be open for it to work, so something like `networking.firewall.allowedTCPPorts = [ 8010 ];` may be required in your configuration. Also consider enabling [ Accelerated Video Playback](https://wiki.nixos.org/wiki/Accelerated_Video_Playback) for better transcoding performance. - The following changes apply if the `stateVersion` is changed to 19.09 or higher. For `stateVersion = "19.03"` or lower the old behavior is preserved. diff --git a/nixpkgs/nixos/doc/manual/release-notes/rl-2305.section.md b/nixpkgs/nixos/doc/manual/release-notes/rl-2305.section.md index ce874a6e0b2d..f5d1d3016a78 100644 --- a/nixpkgs/nixos/doc/manual/release-notes/rl-2305.section.md +++ b/nixpkgs/nixos/doc/manual/release-notes/rl-2305.section.md @@ -53,7 +53,7 @@ In addition to numerous new and updated packages, this release has the following - [alertmanager-irc-relay](https://github.com/google/alertmanager-irc-relay), a Prometheus Alertmanager IRC Relay. Available as [services.prometheus.alertmanagerIrcRelay](options.html#opt-services.prometheus.alertmanagerIrcRelay.enable). -- [alice-lg](github.com/alice-lg/alice-lg), a looking-glass for BGP sessions. Available as [services.alice-lg](#opt-services.alice-lg.enable). +- [alice-lg](https://github.com/alice-lg/alice-lg), a looking-glass for BGP sessions. Available as [services.alice-lg](#opt-services.alice-lg.enable). - [atuin](https://github.com/ellie/atuin), a sync server for shell history. Available as [services.atuin](#opt-services.atuin.enable). diff --git a/nixpkgs/nixos/doc/manual/release-notes/rl-2311.section.md b/nixpkgs/nixos/doc/manual/release-notes/rl-2311.section.md index 5313f04cb789..d837e0ff68b7 100644 --- a/nixpkgs/nixos/doc/manual/release-notes/rl-2311.section.md +++ b/nixpkgs/nixos/doc/manual/release-notes/rl-2311.section.md @@ -1001,7 +1001,7 @@ Make sure to also check the many updates in the [Nixpkgs library](#sec-release-2 Satellite](https://github.com/synesthesiam/homeassistant-satellite), a streaming audio satellite for Home Assistant voice pipelines, where you can reuse existing mic and speaker hardware. Available as - [services.homeassistant-satellite](#opt-services.homeassistant-satellite.enable). + `services.homeassistant-satellite`. - [Apache Guacamole](https://guacamole.apache.org/), a cross-platform, clientless remote desktop gateway. Available as diff --git a/nixpkgs/nixos/doc/manual/release-notes/rl-2405.section.md b/nixpkgs/nixos/doc/manual/release-notes/rl-2405.section.md index 2909c40fa291..e3880d3deec5 100644 --- a/nixpkgs/nixos/doc/manual/release-notes/rl-2405.section.md +++ b/nixpkgs/nixos/doc/manual/release-notes/rl-2405.section.md @@ -10,13 +10,13 @@ In addition to numerous new and upgraded packages, this release has the followin - `cryptsetup` has been upgraded from 2.6.1 to 2.7.0. Cryptsetup is a critical component enabling LUKS-based (but not only) full disk encryption. Take the time to review [the release notes](https://gitlab.com/cryptsetup/cryptsetup/-/raw/v2.7.0/docs/v2.7.0-ReleaseNotes). - One of the highlight is that it is now possible to use hardware OPAL-based encryption of your disk with `cryptsetup`, it has a lot of caveats, see the above notes for the full details. + One of the highlights is that it is now possible to use hardware OPAL-based encryption of your disk with `cryptsetup`. It has a lot of caveats, see the above notes for the full details. - `screen`'s module has been cleaned, and will now require you to set `programs.screen.enable` in order to populate `screenrc` and add the program to the environment. - `linuxPackages_testing_bcachefs` is now fully deprecated by `linuxPackages_latest`, and is therefore no longer available. -- The default kernel package has been updated from 6.1 to 6.6. All supported kernels remain available. +- (TODO not sure what path to use here) The default kernel package has been updated from 6.1 to 6.6. All supported kernels remain available. - NixOS now installs a stub ELF loader that prints an informative error message when users attempt to run binaries not made for NixOS. - This can be disabled through the `environment.stub-ld.enable` option. @@ -30,21 +30,27 @@ In addition to numerous new and upgraded packages, this release has the followin To disable this, set [nixpkgs.flake.setNixPath](#opt-nixpkgs.flake.setNixPath) and [nixpkgs.flake.setFlakeRegistry](#opt-nixpkgs.flake.setFlakeRegistry) to false. -- Julia environments can now be built with arbitrary packages from the ecosystem using the `.withPackages` function. For example: `julia.withPackages ["Plots"]`. +- `nixVersions.unstable` was removed. Instead the following attributes are provided: + - `nixVersions.git` which tracks the latest Nix master and is roughly updated once a week. This is intended to enable people to easily test unreleased changes of Nix to catch regressions earlier. + - `nixVersions.latest` which points to the latest Nix version packaged in nixpkgs. -- The PipeWire and WirePlumber modules have removed support for using +- `julia` environments can now be built with arbitrary packages from the ecosystem using the `.withPackages` function. For example: `julia.withPackages ["Plots"]`. + +- `pipewire` and `wireplumber` modules have removed support for using `environment.etc."pipewire/..."` and `environment.etc."wireplumber/..."`. Use `services.pipewire.extraConfig` or `services.pipewire.configPackages` for PipeWire and `services.pipewire.wireplumber.configPackages` for WirePlumber instead." -- A new option `systemd.sysusers.enable` was added. If enabled, users and - groups are created with systemd-sysusers instead of with a custom perl script. +- `teleport` has been upgraded from major version 14 to major version 15. + Refer to upstream [upgrade instructions](https://goteleport.com/docs/management/operations/upgrading/) + and release notes for [v15](https://goteleport.com/docs/changelog/#1500-013124). -- A new option `virtualisation.containers.cdi` was added. It contains `static` and `dynamic` attributes (corresponding to `/etc/cdi` and `/run/cdi` respectively) to configure the Container Device Interface (CDI). +- `systemd.sysusers.enable` option was added. If enabled, users and + groups are created with systemd-sysusers instead of with a custom perl script. -- `virtualisation.docker.enableNvidia` and `virtualisation.podman.enableNvidia` options are deprecated. `virtualisation.containers.cdi.dynamic.nvidia.enable` should be used instead. This option will expose GPUs on containers with the `--device` CLI option. This is supported by Docker 25, Podman 3.2.0 and Singularity 4. Any container runtime that supports the CDI specification will take advantage of this feature. +- `virtualisation.docker.enableNvidia` and `virtualisation.podman.enableNvidia` options are deprecated. `hardware.nvidia-container-toolkit.enable` should be used instead. This option will expose GPUs on containers with the `--device` CLI option. This is supported by Docker 25, Podman 3.2.0 and Singularity 4. Any container runtime that supports the CDI specification will take advantage of this feature. -- A new option `system.etc.overlay.enable` was added. If enabled, `/etc` is +- `system.etc.overlay.enable` option was added. If enabled, `/etc` is mounted via an overlayfs instead of being created by a custom perl script. - NixOS AMIs are now uploaded regularly to a new AWS Account. @@ -63,23 +69,40 @@ Use `services.pipewire.extraConfig` or `services.pipewire.configPackages` for Pi } ``` -- Plasma 6 is now available and can be installed with `services.xserver.desktopManager.plasma6.enable = true;`. Plasma 5 will likely be deprecated in the next release (24.11). Note that Plasma 6 runs as Wayland by default, and the X11 session needs to be explicitly selected if necessary. +- `virtialisation.incus` now defaults to the newly-added `incus-lts` release (v6.0.x). Users who wish to continue using the non-LTS release will need to set `virtualisation.incus.package = pkgs.incus`. Stable release users are encouraged to stay on the LTS release as non-LTS releases will by default not be backported. + +- Canonical `lxd` has been upgraded to v5.21.x, an LTS release. The LTS release is now the only supported LXD release. Users are encouraged to [migrate to Incus](https://linuxcontainers.org/incus/docs/main/howto/server_migrate_lxd/) for better support on NixOS. + +- `lua` interpreters default LUA_PATH and LUA_CPATH are not overriden by nixpkgs + anymore, we patch LUA_ROOT instead which is more respectful to upstream. + +- `plasma6` is now available and can be installed with `services.xserver.desktopManager.plasma6.enable = true;`. Plasma 5 will likely be deprecated in the next release (24.11). Note that Plasma 6 runs as Wayland by default, and the X11 session needs to be explicitly selected if necessary. + +- `lomiri` (formerly known as Unity8) desktop mode, using Mir 2.x to function as a Wayland compositor, is now available and can be installed with `services.desktopManager.lomiri.enable = true`. Note that some core applications, services and indicators have yet to be packaged, and some functions may remain incomplete, but the base experience should be there. ## New Services {#sec-release-24.05-new-services} <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> +- [ownCloud Infinite Scale Stack](https://owncloud.com/infinite-scale-4-0/), a modern and scalable rewrite of ownCloud. + - [Handheld Daemon](https://github.com/hhd-dev/hhd), support for gaming handhelds like the Legion Go, ROG Ally, and GPD Win. Available as [services.handheld-daemon](#opt-services.handheld-daemon.enable). - [Guix](https://guix.gnu.org), a functional package manager inspired by Nix. Available as [services.guix](#opt-services.guix.enable). - [PhotonVision](https://photonvision.org/), a free, fast, and easy-to-use computer vision solution for the FIRST® Robotics Competition. +- [clatd](https://github.com/toreanderson/clatd), a a CLAT / SIIT-DC Edge Relay implementation for Linux. + - [pyLoad](https://pyload.net/), a FOSS download manager written in Python. Available as [services.pyload](#opt-services.pyload.enable) - [maubot](https://github.com/maubot/maubot), a plugin-based Matrix bot framework. Available as [services.maubot](#opt-services.maubot.enable). -- systemd's gateway, upload, and remote services, which provides ways of sending journals across the network. Enable using [services.journald.gateway](#opt-services.journald.gateway.enable), [services.journald.upload](#opt-services.journald.upload.enable), and [services.journald.remote](#opt-services.journald.remote.enable). +- [ryzen-monitor-ng](https://github.com/mann1x/ryzen_monitor_ng), a desktop AMD CPU power monitor and controller, similar to Ryzen Master but for Linux. Available as [programs.ryzen-monitor-ng](#opt-programs.ryzen-monitor-ng.enable) + +- [ryzen-smu](https://gitlab.com/leogx9r/ryzen_smu), Linux kernel driver to expose the SMU (System Management Unit) for certain AMD Ryzen Processors. Includes the userspace program `monitor_cpu`. Available at [hardward.cpu.amd.ryzen-smu](#opt-hardware.cpu.amd.ryzen-smu.enable) + +- `systemd`'s `gateway`, `upload`, and `remote` services, which provide ways of sending journals across the network. Enable using [services.journald.gateway](#opt-services.journald.gateway.enable), [services.journald.upload](#opt-services.journald.upload.enable), and [services.journald.remote](#opt-services.journald.remote.enable). - [GNS3](https://www.gns3.com/), a network software emulator. Available as [services.gns3-server](#opt-services.gns3-server.enable). @@ -87,38 +110,56 @@ Use `services.pipewire.extraConfig` or `services.pipewire.configPackages` for Pi - [dnsproxy](https://github.com/AdguardTeam/dnsproxy), a simple DNS proxy with DoH, DoT, DoQ and DNSCrypt support. Available as [services.dnsproxy](#opt-services.dnsproxy.enable). +- [manticoresearch](https://manticoresearch.com), easy to use open source fast database for search. Available as [services.manticore](#opt-services.manticore.enable). + - [rspamd-trainer](https://gitlab.com/onlime/rspamd-trainer), script triggered by a helper which reads mails from a specific mail inbox and feeds them into rspamd for spam/ham training. - [ollama](https://ollama.ai), server for running large language models locally. -- [Mihomo](https://github.com/MetaCubeX/mihomo), a rule-based proxy in Go. Available as [services.mihomo.enable](#opt-services.mihomo.enable). +- [Mihomo](https://github.com/MetaCubeX/mihomo/tree/Alpha), a rule-based proxy in Go. Available as [services.mihomo.enable](#opt-services.mihomo.enable). - [hebbot](https://github.com/haecker-felix/hebbot), a Matrix bot to generate "This Week in X" like blog posts. Available as [services.hebbot](#opt-services.hebbot.enable). +- [Workout-tracker](https://github.com/jovandeginste/workout-tracker), a workout tracking web application for personal use. + - [Python Matter Server](https://github.com/home-assistant-libs/python-matter-server), a Matter Controller Server exposing websocket connections for use with other services, notably Home Assistant. Available as [services.matter-server](#opt-services.matter-server.enable) +- [db-rest](https://github.com/derhuerst/db-rest), a wrapper around Deutsche Bahn's internal API for public transport data. Available as [services.db-rest](#opt-services.db-rest.enable). + - [Anki Sync Server](https://docs.ankiweb.net/sync-server.html), the official sync server built into recent versions of Anki. Available as [services.anki-sync-server](#opt-services.anki-sync-server.enable). -The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been marked deprecated and will be dropped after 24.05 due to lack of maintenance of the anki-sync-server softwares. +The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been marked deprecated and will be dropped after 24.05 due to lack of maintenance of the anki-sync-server software. + +- [mautrix-meta](https://github.com/mautrix/meta), a Matrix <-> Facebook and Matrix <-> Instagram hybrid puppeting/relaybot bridge. Available as services.mautrix-meta + +- [Jottacloud Command-line Tool](https://docs.jottacloud.com/en/articles/1436834-jottacloud-command-line-tool), a CLI for the [Jottacloud](https://jottacloud.com/) cloud storage provider. Available as [user.services.jotta-cli](#opt-user.services.jotta-cli.enable). - [transfer-sh](https://github.com/dutchcoders/transfer.sh), a tool that supports easy and fast file sharing from the command-line. Available as [services.transfer-sh](#opt-services.transfer-sh.enable). +- [FCast Receiver](https://fcast.org), an open-source alternative to Chromecast and AirPlay. Available as [programs.fcast-receiver](#opt-programs.fcast-receiver.enable). + - [MollySocket](https://github.com/mollyim/mollysocket) which allows getting Signal notifications via UnifiedPush. - [Suwayomi Server](https://github.com/Suwayomi/Suwayomi-Server), a free and open source manga reader server that runs extensions built for [Tachiyomi](https://tachiyomi.org). Available as [services.suwayomi-server](#opt-services.suwayomi-server.enable). +- [Netbird](https://netbird.io), an open-source VPN management platform, now has a self-hosted management server. Available as [services.netbird.server](#opt-services.netbird.server.enable). + - [ping_exporter](https://github.com/czerwonk/ping_exporter), a Prometheus exporter for ICMP echo requests. Available as [services.prometheus.exporters.ping](#opt-services.prometheus.exporters.ping.enable). +- [Prometheus DNSSEC Exporter](https://github.com/chrj/prometheus-dnssec-exporter), check for validity and expiration in DNSSEC signatures and expose metrics for Prometheus. Available as [services.prometheus.exporters.dnssec](#opt-services.prometheus.exporters.dnssec.enable). + - [TigerBeetle](https://tigerbeetle.com/), a distributed financial accounting database designed for mission critical safety and performance. Available as [services.tigerbeetle](#opt-services.tigerbeetle.enable). - [go-camo](https://github.com/cactus/go-camo), a secure image proxy server. Available as [services.go-camo](#opt-services.go-camo.enable). - [Monado](https://monado.freedesktop.org/), an open source XR runtime. Available as [services.monado](#opt-services.monado.enable). -- [Pretix](https://pretix.eu/about/en/), an open source ticketing software for events. Available as [services.pretix]($opt-services-pretix.enable). +- [Pretix](https://pretix.eu/about/en/), an open source ticketing software for events. Available as [services.pretix](#opt-services.pretix.enable). -- [microsocks](https://github.com/rofl0r/microsocks), a tiny, portable SOCKS5 server with very moderate resource usage. Available as [services.microsocks]($opt-services-microsocks.enable). +- [microsocks](https://github.com/rofl0r/microsocks), a tiny, portable SOCKS5 server with very moderate resource usage. Available as [services.microsocks](#opt-services.microsocks.enable). + +- [inadyn](https://github.com/troglobit/inadyn), a Dynamic DNS client with built-in support for multiple providers. Available as [services.inadyn](#opt-services.inadyn.enable). - [Clevis](https://github.com/latchset/clevis), a pluggable framework for automated decryption, used to unlock encrypted devices in initrd. Available as [boot.initrd.clevis.enable](#opt-boot.initrd.clevis.enable). @@ -126,35 +167,77 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - [armagetronad](https://wiki.armagetronad.org), a mid-2000s 3D lightcycle game widely played at iD Tech Camps. You can define multiple servers using `services.armagetronad.<server>.enable`. +- [wyoming-satellite](https://github.com/rhasspy/wyoming-satellite), a voice assistant satellite for Home Assistant using the Wyoming protocol. Available as [services.wyoming.satellite](#opt-services.wyoming.satellite.enable). + - [TuxClocker](https://github.com/Lurkki14/tuxclocker), a hardware control and monitoring program. Available as [programs.tuxclocker](#opt-programs.tuxclocker.enable). +- [AppImage](https://appimage.org/), a tool to package desktop applications, now has a `binfmt` option to support running AppImages seamlessly on NixOS. Available as [programs.appimage.binfmt](#opt-programs.appimage.binfmt). + +- [nh](https://github.com/viperML/nh), yet another Nix CLI helper. Available as [programs.nh](#opt-programs.nh.enable). + - [ALVR](https://github.com/alvr-org/alvr), a VR desktop streamer. Available as [programs.alvr](#opt-programs.alvr.enable) -- [RustDesk](https://rustdesk.com), a full-featured open source remote control alternative for self-hosting and security with minimal configuration. Alternative to TeamViewer. +- [RustDesk](https://rustdesk.com), a full-featured open source remote control alternative for self-hosting and security with minimal configuration. Alternative to TeamViewer. Available as [services.rustdesk-server](#opt-services.rustdesk-server.enable). + +- [Scrutiny](https://github.com/AnalogJ/scrutiny), a S.M.A.R.T monitoring tool for hard disks with a web frontend. Available as [services.scrutiny](#opt-services.scrutiny.enable). -- [Scrutiny](https://github.com/AnalogJ/scrutiny), a S.M.A.R.T monitoring tool for hard disks with a web frontend. +- [davis](https://github.com/tchapi/davis), a simple CardDav and CalDav server inspired by Baïkal. Available as [services.davis](#opt-services.davis.enable). + +- [Firefly-iii](https://www.firefly-iii.org), a free and open source personal finance manager. Available as [services.firefly-iii](#opt-services.firefly-iii.enable) - [systemd-lock-handler](https://git.sr.ht/~whynothugo/systemd-lock-handler/), a bridge between logind D-Bus events and systemd targets. Available as [services.systemd-lock-handler.enable](#opt-services.systemd-lock-handler.enable). +- [wastebin](https://github.com/matze/wastebin), a pastebin server written in rust. Available as [services.wastebin](#opt-services.wastebin.enable). + - [Mealie](https://nightly.mealie.io/), a self-hosted recipe manager and meal planner with a RestAPI backend and a reactive frontend application built in NuxtJS for a pleasant user experience for the whole family. Available as [services.mealie](#opt-services.mealie.enable) +- [Sunshine](https://app.lizardbyte.dev/Sunshine), a self-hosted game stream host for Moonlight. Available as [services.sunshine](#opt-services.sunshine.enable). + +- [Uni-Sync](https://github.com/EightB1ts/uni-sync), a synchronization tool for Lian Li Uni Controllers. Available as [hardware.uni-sync](#opt-hardware.uni-sync.enable) + +- [prometheus-nats-exporter](https://github.com/nats-io/prometheus-nats-exporter), a Prometheus exporter for NATS. Available as [services.prometheus.exporters.nats](#opt-services.prometheus.exporters.nats.enable). + +- [isolate](https://github.com/ioi/isolate), a sandbox for securely executing untrusted programs. Available as [security.isolate](#opt-security.isolate.enable). + ## Backward Incompatibilities {#sec-release-24.05-incompatibilities} <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> - `k3s`: was updated to version [v1.29](https://github.com/k3s-io/k3s/releases/tag/v1.29.1%2Bk3s2), all previous versions (k3s_1_26, k3s_1_27, k3s_1_28) will be removed. See [changelog and upgrade notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#urgent-upgrade-notes) for more information. -- `himalaya` was updated to `v1.0.0-beta.3`, which introduces breaking changes. Check out the [release note](https://github.com/soywod/himalaya/releases/tag/v1.0.0-beta.3) for details. +- `himalaya` was updated to v1.0.0-beta.4, which introduces breaking changes. Check out the [release note](https://github.com/soywod/himalaya/releases/tag/v1.0.0-beta.4) for details. + +- `security.pam.enableSSHAgentAuth` was replaced by the `sshAgentAuth` attrset, and **only** + `authorized_keys` files listed in [`sshAgentAuth.authorizedKeysFiles`] are trusted, + defaulting to `/etc/ssh/authorized_keys.d/%u`. + ::: {.warning} + Users of {manpage}`pam_ssh_agent_auth(8)` must take care that the pubkeys they use (for instance with `sudo`) + are listed in [`sshAgentAuth.authorizedKeysFiles`]. + ::: + ::: {.note} + Previously, all `services.openssh.authorizedKeysFiles` were trusted, including `~/.ssh/authorized_keys`, + which results in an **insecure** configuration; see [#31611](https://github.com/NixOS/nixpkgs/issues/31611). + ::: + +[`sshAgentAuth.authorizedKeysFiles`]: #opt-security.pam.sshAgentAuth.authorizedKeysFiles - The `power.ups` module now generates `upsd.conf`, `upsd.users` and `upsmon.conf` automatically from a set of new configuration options. This breaks compatibility with existing `power.ups` setups where these files were created manually. Back up these files before upgrading NixOS. - `programs.nix-ld.libraries` no longer sets `baseLibraries` via the option's default but in config and now merges any additional libraries with the default ones. This means that `lib.mkForce` must be used to clear the list of default libraries. +- `cudaPackages.autoAddOpenGLRunpathHook` and `cudaPackages.autoAddDriverRunpath` have been deprecated for `pkgs.autoAddDriverRunpath`. Functionality has not changed, but the setuphook has been renamed and moved to the top-level package scope. + +- `cudaPackages.autoFixElfFiles` has been deprecated for `pkgs.autoFixElfFiles`. Functionality has not changed, but the setuphook has been renamed and moved to the top-level package scope. + +- `appimageTools.wrapAppImage` now creates the binary at `$out/bin/${pname}` rather than `$out/bin/${pname}-${version}`, which will break downstream workarounds. + - `pdns` was updated to version [v4.9.x](https://doc.powerdns.com/authoritative/changelog/4.9.html), which introduces breaking changes. Check out the [Upgrade Notes](https://doc.powerdns.com/authoritative/upgrading.html#to-4-9-0) for details. - `unrar` was updated to v7. See [changelog](https://www.rarlab.com/unrar7notes.htm) for more information. +- `git-town` was updated from version 11 to 13. See the [changelog](https://github.com/git-town/git-town/blob/main/CHANGELOG.md#1300-2024-03-22) for breaking changes. + - `k9s` was updated to v0.31. There have been various breaking changes in the config file format, check out the changelog of [v0.29](https://github.com/derailed/k9s/releases/tag/v0.29.0), [v0.30](https://github.com/derailed/k9s/releases/tag/v0.30.0) and @@ -167,45 +250,66 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m The list in `nixos/modules/virtualisation/amazon-ec2-amis.nix` will stop being updated and will be removed in the future. -- The option `services.postgresql.ensureUsers._.ensurePermissions` has been removed as it's +- The option `services.postgresql.ensureUsers._.ensurePermissions` has been removed as it is not declarative and is broken with newer postgresql versions. Consider using [](#opt-services.postgresql.ensureUsers._.ensureDBOwnership) - instead or a tool that's more suited for managing the data inside a postgresql database. + instead or a tool that is more suited for managing the data inside a postgresql database. - `idris2` was updated to v0.7.0. This version introduces breaking changes. Check out the [changelog](https://github.com/idris-lang/Idris2/blob/v0.7.0/CHANGELOG.md#v070) for details. - `nvtop` family of packages was reorganized into nested attrset. `nvtop` has been renamed to `nvtopPackages.full`, and all `nvtop-{amd,nvidia,intel,msm}` packages are now named as `nvtopPackages.{amd,nvidia,intel,msm}` -- `neo4j` has been updated to 5, you may want to read the [release notes for Neo4j 5](https://neo4j.com/release-notes/database/neo4j-5/) +- `neo4j` has been updated to version 5. You may want to read the [release notes for Neo4j 5](https://neo4j.com/release-notes/database/neo4j-5/). - `services.neo4j.allowUpgrade` was removed and no longer has any effect. Neo4j 5 supports automatic rolling upgrades. +- `unifiLTS`, `unifi5` and `unifi6` have been removed, as they require MongoDB versions which are end-of-life. All these versions can be upgraded to `unifi7` directly. + +- `mongodb-4_4` has been removed as it has reached end of life. Consequently, `unifi7` and `unifi8` now use MongoDB 5.0 by default. + - `nitter` requires a `guest_accounts.jsonl` to be provided as a path or loaded into the default location at `/var/lib/nitter/guest_accounts.jsonl`. See [Guest Account Branch Deployment](https://github.com/zedeus/nitter/wiki/Guest-Account-Branch-Deployment) for details. - `boot.supportedFilesystems` and `boot.initrd.supportedFilesystems` are now attribute sets instead of lists. Assignment from lists as done previously is still supported, but checking whether a filesystem is enabled must now by done using `supportedFilesystems.fs or false` instead of using `lib.elem "fs" supportedFilesystems` as was done previously. - `services.aria2.rpcSecret` has been replaced with `services.aria2.rpcSecretFile`. This was done so that secrets aren't stored in the world-readable nix store. - To migrate, you will have create a file with the same exact string, and change + To migrate, you will have to create a file with the same exact string, and change your module options to point to that file. For example, `services.aria2.rpcSecret = "mysecret"` becomes `services.aria2.rpcSecretFile = "/path/to/secret_file"` where the file `secret_file` contains the string `mysecret`. -- `buildGoModule` now throws error when `vendorHash` is not specified. `vendorSha256`, deprecated in Nixpkgs 23.11, is now ignored and is no longer a `vendorHash` alias. +- `openssh`, `openssh_hpn` and `openssh_gssapi` are now compiled without support for the DSA signature algorithm as it is being deprecated upstream. Users still relying on DSA keys should consider upgrading + to another signature algorithm. However, for the time being it is possible to restore DSA key support using `override` to set `dsaKeysSupport = true`. + +- `buildGoModule` now throws an error when `vendorHash` is not specified. `vendorSha256`, deprecated in Nixpkgs 23.11, is now ignored and is no longer a `vendorHash` alias. -- Invidious has changed its default database username from `kemal` to `invidious`. Setups involving an externally provisioned database (i.e. `services.invidious.database.createLocally == false`) should adjust their configuration accordingly. The old `kemal` user will not be removed automatically even when the database is provisioned automatically.(https://github.com/NixOS/nixpkgs/pull/265857) +- `services.invidious.settings.db.user`, the default database username has changed from `kemal` to `invidious`. Setups involving an externally-provisioned database (i.e. `services.invidious.database.createLocally == false`) should adjust their configuration accordingly. The old `kemal` user will not be removed automatically even when the database is provisioned automatically.(https://github.com/NixOS/nixpkgs/pull/265857) - `writeReferencesToFile` is deprecated in favour of the new trivial build helper `writeClosure`. The latter accepts a list of paths and has an unambiguous name and cleaner implementation. - `inetutils` now has a lower priority to avoid shadowing the commonly used `util-linux`. If one wishes to restore the default priority, simply use `lib.setPrio 5 inetutils` or override with `meta.priority = 5`. -- `paperless`' `services.paperless.extraConfig` setting has been removed and converted to the freeform type and option named `services.paperless.settings`. +- `paperless`' `services.paperless.extraConfig` setting has been removed and converted to the free-form type and option named `services.paperless.settings`. + +- `davfs2`' `services.davfs2.extraConfig` setting has been deprecated and converted to the free-form type option named `services.davfs2.settings` according to RFC42. -- `services.homepage-dashboard` now takes it's configuration using native Nix expressions, rather than dumping templated configurations into `/var/lib/homepage-dashboard` where they were previously managed manually. There are now new options which allow the configuration of bookmarks, services, widgets and custom CSS/JS natively in Nix. +- `services.homepage-dashboard` now takes its configuration using native Nix expressions, rather than dumping templated configurations into `/var/lib/homepage-dashboard` where they were previously managed manually. There are now new options which allow the configuration of bookmarks, services, widgets and custom CSS/JS natively in Nix. - `hare` may now be cross-compiled. For that to work, however, `haredoc` needed to stop being built together with it. Thus, the latter is now its own package with the name of `haredoc`. -- The legacy and long deprecated systemd target `network-interfaces.target` has been removed. Use `network.target` instead. +- `network-interfaces.target` system target was removed as it has been deprecated for a long time. Use `network.target` instead. + +- `services.redis.vmOverCommit` now defaults to `true` and no longer enforces Transparent Hugepages (THP) to be disabled. Redis only works with THP configured to `madvise` which is the kernel's default. + +- `azure-cli` now has extension support. For example, to install the `aks-preview` extension, use + + ```nix + environment.systemPackages = [ + (azure-cli.withExtensions [ azure-cli.extensions.aks-preview ]) + ]; + ``` + To make the `azure-cli` immutable and prevent clashes in case `azure-cli` is also installed via other package managers, some configuration files were moved into the derivation. + This can be disabled by overriding `withImmutableConfig = false` when building `azure-cli`. - `services.frp.settings` now generates the frp configuration file in TOML format as [recommended by upstream](https://github.com/fatedier/frp#configuration-files), instead of the legacy INI format. This has also introduced other changes in the configuration file structure and options. - The `settings.common` section in the configuration is no longer valid and all the options form inside it now goes directly under `settings`. @@ -217,11 +321,17 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m release notes of [v19](https://github.com/systemd/mkosi/releases/tag/v19) and [v20](https://github.com/systemd/mkosi/releases/tag/v20) for a list of changes. -- The `services.vikunja` systemd service now uses `vikunja` as dynamic user instead of `vikunja-api`. Database users might need to be changed. +- `gonic` has been updated to v0.16.4. Config now requires `playlists-path` to be set. See the rest of the [v0.16.0 release notes](https://github.com/sentriz/gonic/releases/tag/v0.16.0) for more details. + +- `services.vikunja` systemd service now uses `vikunja` as dynamic user instead of `vikunja-api`. Database users might need to be changed. -- The `services.vikunja.setupNginx` setting has been removed. Users now need to setup the webserver configuration on their own with a proxy pass to the vikunja service. +- `services.vikunja.setupNginx` setting has been removed. Users now need to setup the webserver configuration on their own with a proxy pass to the vikunja service. -- The `woodpecker-*` packages have been updated to v2 which includes [breaking changes](https://woodpecker-ci.org/docs/next/migrations#200). +- `services.vmagent` module deprecates `dataDir`, `group` and `user` setting in favor of systemd provided CacheDirectory and DynamicUser. + +- `services.vmagent.remoteWriteUrl` setting has been renamed to `services.vmagent.remoteWrite.url` and now defaults to `null`. + +- `woodpecker-*` packages have been updated to v2 which includes [breaking changes](https://woodpecker-ci.org/docs/next/migrations#200). - `services.nginx` will no longer advertise HTTP/3 availability automatically. This must now be manually added, preferably to each location block. Example: @@ -237,40 +347,63 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m } ``` -- The package `optparse-bash` is now dropped due to upstream inactivity. Alternatives available in Nixpkgs include [`argc`](https://github.com/sigoden/argc), [`argbash`](https://github.com/matejak/argbash), [`bashly`](https://github.com/DannyBen/bashly) and [`gum`](https://github.com/charmbracelet/gum), to name a few. +- `optparse-bash` is now dropped due to upstream inactivity. Alternatives available in Nixpkgs include [`argc`](https://github.com/sigoden/argc), [`argbash`](https://github.com/matejak/argbash), [`bashly`](https://github.com/DannyBen/bashly) and [`gum`](https://github.com/charmbracelet/gum), to name a few. -- The `kanata` package has been updated to v1.5.0, which includes [breaking changes](https://github.com/jtroo/kanata/releases/tag/v1.5.0). +- `kanata` package has been updated to v1.6.0, which includes breaking changes. Check out the changelog of [v1.5.0](https://github.com/jtroo/kanata/releases/tag/v1.5.0) and [v1.6.0](https://github.com/jtroo/kanata/releases/tag/v1.6.0) for details. -- The `craftos-pc` package has been updated to v2.8, which includes [breaking changes](https://github.com/MCJack123/craftos2/releases/tag/v2.8). +- `craftos-pc` package has been updated to v2.8, which includes [breaking changes](https://github.com/MCJack123/craftos2/releases/tag/v2.8). - Files are now handled in binary mode; this could break programs with embedded UTF-8 characters. - The ROM was updated to match ComputerCraft version v1.109.2. - The bundled Lua was updated to Lua v5.2, which includes breaking changes. See the [Lua manual](https://www.lua.org/manual/5.2/manual.html#8) for more information. - The WebSocket API [was rewritten](https://github.com/MCJack123/craftos2/issues/337), which introduced breaking changes. -- The `gtest` package has been updated past v1.13.0, which requires C++14 or higher. +- `gtest` package has been updated past v1.13.0, which requires C++14 or higher. + +- Nextcloud 26 has been removed since it's not maintained anymore by upstream. -- The latest available version of Nextcloud is v28 (available as `pkgs.nextcloud28`). The installation logic is as follows: +- The latest available version of Nextcloud is v29 (available as `pkgs.nextcloud29`). The installation logic is as follows: - If [`services.nextcloud.package`](#opt-services.nextcloud.package) is specified explicitly, this package will be installed (**recommended**) - - If [`system.stateVersion`](#opt-system.stateVersion) is >=24.05, `pkgs.nextcloud28` will be installed by default. + - If [`system.stateVersion`](#opt-system.stateVersion) is >=24.05, `pkgs.nextcloud29` will be installed by default. - If [`system.stateVersion`](#opt-system.stateVersion) is >=23.11, `pkgs.nextcloud27` will be installed by default. - - Please note that an upgrade from v26 (or older) to v28 directly is not possible. Please upgrade to `nextcloud27` (or earlier) first. Nextcloud prohibits skipping major versions while upgrading. You can upgrade by declaring [`services.nextcloud.package = pkgs.nextcloud27;`](options.html#opt-services.nextcloud.package). + - Please note that an upgrade from v27 (or older) to v29 directly is not possible. Please upgrade to `nextcloud28` (or earlier) first. Nextcloud prohibits skipping major versions while upgrading. You can upgrade by declaring [`services.nextcloud.package = pkgs.nextcloud28;`](options.html#opt-services.nextcloud.package). + - Known warnings after the upgrade are documented in [](#module-services-nextcloud-known-warnings). - The vendored third party libraries have been mostly removed from `cudaPackages.nsight_systems`, which we now only ship for `cudaPackages_11_8` and later due to outdated dependencies. Users comfortable with the vendored dependencies may use `overrideAttrs` to amend the `postPatch` phase and the `meta.broken` correspondingly. Alternatively, one could package the deprecated `boost170` locally, as required for `cudaPackages_11_4.nsight_systems`. -- The `cudaPackages` package scope has been updated to `cudaPackages_12`. +- `cudaPackages` package scope has been updated to `cudaPackages_12`. + +- The deprecated `cudaPackages.cudatoolkit` has been replaced with a + symlink-based wrapper for the splayed redistributable CUDA packages. The + wrapper only includes tools and libraries necessary to build common packages + like e.g. tensorflow. The original runfile-based `cudatoolkit` is still + available as `cudatoolkit-legacy-runfile`. + +- `halloy` package was updated past 2024.5 which introduced a breaking change by switching the config format from YAML to TOML. See https://github.com/squidowl/halloy/releases/tag/2024.5 for details. - Ada packages (libraries and tools) have been moved into the `gnatPackages` scope. `gnatPackages` uses the default GNAT compiler, `gnat12Packages` and `gnat13Packages` use the respective matching compiler version. +- Paths provided as `restartTriggers` and `reloadTriggers` for systemd units will now be copied into the nix store to make the behavior consistent. + Previously, `restartTriggers = [ ./config.txt ]`, if defined in a flake, would trigger a restart when any part of the flake changed; and if not defined in a flake, would never trigger a restart even if the contents of `config.txt` changed. + - `spark2014` has been renamed to `gnatprove`. A version of `gnatprove` matching different GNAT versions is available from the different `gnatPackages` sets. - `services.resolved.fallbackDns` can now be used to disable the upstream fallback servers entirely by setting it to an empty list. To get the previous behaviour of the upstream defaults set it to null, the new default, instead. +- `services.hledger-web.capabilities` options has been replaced by a new option `services.hledger-web.allow`. + + - `allow = "view"` means `capabilities = { view = true; }`; + - `allow = "add"` means `capabilities = { view = true; add = true; }`; + - `allow = "edit"` means `capabilities = { view = true; add = true; edit = true }`; + - `allow = "sandstorm"` reads permissions from the `X-Sandstorm-Permissions` request header. + - `xxd` has been moved from `vim` default output to its own output to reduce closure size. The canonical way to reference it across all platforms is `unixtools.xxd`. -- The `stalwart-mail` package has been updated to v0.5.3, which includes [breaking changes](https://github.com/stalwartlabs/mail-server/blob/v0.5.3/UPGRADING.md). +- `stalwart-mail` package has been updated to v0.5.3, which includes [breaking changes](https://github.com/stalwartlabs/mail-server/blob/v0.5.3/UPGRADING.md). - `services.zope2` has been removed as `zope2` is unmaintained and was relying on Python2. +- `services.oauth2_proxy` was renamed to `services.oauth2-proxy`. Also the corresponding service, user and group were renamed. + - `services.avahi.nssmdns` got split into `services.avahi.nssmdns4` and `services.avahi.nssmdns6` which enable the mDNS NSS switch for IPv4 and IPv6 respectively. Since most mDNS responders only register IPv4 addresses, most users want to keep the IPv6 support disabled to avoid long timeouts. @@ -284,6 +417,10 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - `services.archisteamfarm` no longer uses the abbreviation `asf` for its state directory (`/var/lib/asf`), user and group (both `asf`). Instead the long name `archisteamfarm` is used. Configurations with `system.stateVersion` 23.11 or earlier, default to the old stateDirectory until the 24.11 release and must either set the option explicitly or move the data to the new directory. +- `xfsprogs` was updated to version 6.6.0, which enables reverse mapping (rmapbt) and large extent counts (nrext64) by default. + Support for these features was added in kernel 4.9 and 5.19 and nrext64 was deemed stable in kernel 6.5. + Format your filesystems with `mkfs.xfs -i nrext64=0`, if they need to be readable by GRUB2 before 2.12 or kernels older than 5.19. + - `networking.iproute2.enable` now does not set `environment.etc."iproute2/rt_tables".text`. Setting `environment.etc."iproute2/{CONFIG_FILE_NAME}".text` will override the whole configuration file instead of appending it to the upstream configuration file. @@ -297,14 +434,18 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m upgrade NetBox by changing `services.netbox.package`. Database migrations will be run automatically. -- The executable file names for `firefox-devedition`, `firefox-beta`, `firefox-esr` now matches their package names, which is consistent with the `firefox-*-bin` packages. The desktop entries are also updated so that you can have multiple editions of firefox in your app launcher. +- `gauge` now supports installing plugins using nix. For the old imperative approach, switch to `gauge-unwrapped`. + You can load plugins from an existing gauge manifest file using `gauge.fromManifest ./path/to/manifest.json` or + specify plugins in nix using `gauge.withPlugins (p: with p; [ js html-report xml-report ])`. + +- `firefox-devedition`, `firefox-beta`, `firefox-esr` executable file names for now match their package names, which is consistent with the `firefox-*-bin` packages. The desktop entries are also updated so that you can have multiple editions of firefox in your app launcher. - switch-to-configuration does not directly call systemd-tmpfiles anymore. Instead, the new artificial sysinit-reactivation.target is introduced which allows to restart multiple services that are ordered before sysinit.target and respect the ordering between the services. -- The `systemd.oomd` module behavior is changed as: +- `systemd.oomd` module behavior is changed as: - Raise ManagedOOMMemoryPressureLimit from 50% to 80%. This should make systemd-oomd kill things less often, and fix issues like [this](https://pagure.io/fedora-workstation/issue/358). Reference: [commit](https://src.fedoraproject.org/rpms/systemd/c/806c95e1c70af18f81d499b24cd7acfa4c36ffd6?branch=806c95e1c70af18f81d499b24cd7acfa4c36ffd6) @@ -324,7 +465,7 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - [watchdogd](https://troglobit.com/projects/watchdogd/), a system and process supervisor using watchdog timers. Available as [services.watchdogd](#opt-services.watchdogd.enable). -- The `jdt-language-server` package now uses upstream's provided python wrapper instead of our own custom wrapper. This results in the following breaking and notable changes: +- `jdt-language-server` package now uses upstream's provided python wrapper instead of our own custom wrapper. This results in the following breaking and notable changes: - The main binary for the package is now named `jdtls` instead of `jdt-language-server`, equivalent to what most editors expect the binary to be named. @@ -338,30 +479,44 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - `nomad_1_4` has been removed, as it is now unsupported upstream. -- The `livebook` package is now built as a `mix release` instead of an `escript`. +- Dwarf Fortress has been updated to version 50, and its derivations continue to menace with spikes of Nix and bash. Version 50 is identical to the version on Steam, but without the paid elements like tilepacks. + dfhack and Dwarf Therapist still work, and older versions are still packaged in case you'd like to roll back. Note that DF 50 saves will not be compatible with DF 0.47 and earlier. + See [Bay 12 Games](http://www.bay12games.com/dwarves/) for more details on what's new in Dwarf Fortress. + + - Running an earlier version can be achieved through an override: `dwarf-fortress-packages.dwarf-fortress-full.override { dfVersion = "0.47.5"; }` + + - Ruby plugin support has been disabled in DFHack. Many of the Ruby plugins have been converted to Lua, and support was removed upstream due to frequent crashes. + +- `livebook` package is now built as a `mix release` instead of an `escript`. This means that configuration now has to be done using [environment variables](https://hexdocs.pm/livebook/readme.html#environment-variables) instead of command line arguments. This has the further implication that the `livebook` service configuration has changed: - - The `erlang_node_short_name`, `erlang_node_name`, `port` and `options` configuration parameters are gone, and have been replaced with an `environment` parameter. +- `erlang_node_short_name`, `erlang_node_name`, `port` and `options` configuration parameters are gone, and have been replaced with an `environment` parameter. Use the appropriate [environment variables](https://hexdocs.pm/livebook/readme.html#environment-variables) inside `environment` to configure the service instead. -- The `crystal` package has been updated to 1.11.x, which has some breaking changes. +- `akkoma` now requires explicitly setting the base URL for uploaded media (`settings."Pleroma.Upload".base_url`), as well as for the media proxy if enabled (`settings."Media"`). + This is recommended to be a separate (sub)domain to the one Akkoma is hosted at. + See [here](https://meta.akkoma.dev/t/akkoma-stable-2024-03-securer-i-barely-know-her/681#explicit-upload-and-media-proxy-domains-5) for more details. + +- `crystal` package has been updated to 1.11.x, which has some breaking changes. Refer to crystal's changelog for more information. ([v1.10](https://github.com/crystal-lang/crystal/blob/master/CHANGELOG.md#1100-2023-10-09), [v1.11](https://github.com/crystal-lang/crystal/blob/master/CHANGELOG.md#1110-2024-01-08)) +- `erlang-ls` package no longer ships the `els_dap` binary as of v0.51.0. + ## Other Notable Changes {#sec-release-24.05-notable-changes} <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> - `addDriverRunpath` has been added to facilitate the deprecation of the old `addOpenGLRunpath` setuphook. This change is motivated by the evolution of the setuphook to include all hardware acceleration. -- Cinnamon has been updated to 6.0. Please beware that the [Wayland session](https://blog.linuxmint.com/?p=4591) is still experimental in this release and could potentially [affect Xorg sessions](https://blog.linuxmint.com/?p=4639). We suggest a reboot when switching between sessions. +- `cinnamon` has been updated to 6.0. Please beware that the [Wayland session](https://blog.linuxmint.com/?p=4591) is still experimental in this release and could potentially [affect Xorg sessions](https://blog.linuxmint.com/?p=4639). We suggest a reboot when switching between sessions. -- MATE has been updated to 1.28. +- (TODO awaiting feedback on code-casing package names) MATE has been updated to 1.28. - To properly support panel plugins built with Wayland (in-process) support, we are introducing `services.xserver.desktopManager.mate.extraPanelApplets` option, please use that for installing panel applets. - Similarly, please use `services.xserver.desktopManager.mate.extraCajaExtensions` option for installing Caja extensions. - To use the Wayland session, enable `services.xserver.desktopManager.mate.enableWaylandSession`. This is opt-in for now as it is in early stage and introduces a new set of Wayfire closure. Due to [known issues with LightDM](https://github.com/canonical/lightdm/issues/63), we suggest using SDDM for display manager. -- The Budgie module installs gnome-terminal by default (instead of mate-terminal). +- `services.xserver.desktopManager.budgie` installs `gnome.gnome-terminal` by default (instead of `mate.mate-terminal`). - New `boot.loader.systemd-boot.xbootldrMountPoint` allows setting up a separate [XBOOTLDR partition](https://uapi-group.org/specifications/specs/boot_loader_specification/) to store boot files. Useful on systems with a small EFI System partition that cannot be easily repartitioned. @@ -370,16 +525,21 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - `services.postgresql.extraPlugins` changed its type from just a list of packages to also a function that returns such a list. For example a config line like ``services.postgresql.extraPlugins = with pkgs.postgresql_11.pkgs; [ postgis ];`` is recommended to be changed to ``services.postgresql.extraPlugins = ps: with ps; [ postgis ];``; -- The Matrix homeserver [Synapse](https://element-hq.github.io/synapse/) module now supports configuring UNIX domain socket [listeners](#opt-services.matrix-synapse.settings.listeners) through the `path` option. +- [`matrix-synapse`](https://element-hq.github.io/synapse/) homeserver module now supports configuring UNIX domain socket [`listeners`](#opt-services.matrix-synapse.settings.listeners) through the `path` option. The default replication worker on the main instance has been migrated away from TCP sockets to UNIX domain sockets. -- The initrd ssh daemon module got a new option to add authorized keys via a list of files using `boot.initrd.network.ssh.authorizedKeyFiles`. +- `boot.initrd.network.ssh.authorizedKeyFiles` is a new option in the initrd ssh daemon module, for adding authorized keys via list of files. + +- `appimage`, `appimageTools.wrapAppImage` and `buildFHSEnvBubblewrap` now properly accepts `pname` and `version`. - Programs written in [Nim](https://nim-lang.org/) are built with libraries selected by lockfiles. The `nimPackages` and `nim2Packages` sets have been removed. See https://nixos.org/manual/nixpkgs/unstable#nim for more information. -- [Portunus](https://github.com/majewsky/portunus) has been updated to major version 2. +- [TODO: reword to place an attribute at the front] Programs written in [D](https://dlang.org/) using the `dub` build system and package manager can now be built using `buildDubPackage` utilizing lockfiles provided by the new `dub-to-nix` helper program. + See the [D section](https://nixos.org/manual/nixpkgs/unstable#dlang) in the manual for more information. + +- [`portunus`](https://github.com/majewsky/portunus) has been updated to major version 2. This version of Portunus supports strong password hashes, but the legacy hash SHA-256 is also still supported to ensure a smooth migration of existing user accounts. After upgrading, follow the instructions on the [upstream release notes](https://github.com/majewsky/portunus/releases/tag/v2.0.0) to upgrade all user accounts to strong password hashes. Support for weak password hashes will be removed in NixOS 24.11. @@ -388,9 +548,11 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - `libass` now uses the native CoreText backend on Darwin, which may fix subtitle rendering issues with `mpv`, `ffmpeg`, etc. -- [Lilypond](https://lilypond.org/index.html) and [Denemo](https://www.denemo.org) are now compiled with Guile 3.0. +- [`lilypond`](https://lilypond.org/index.html) and [`denemo`](https://www.denemo.org) are now compiled with Guile 3.0. -- The EC2 image module now enables the [Amazon SSM Agent](https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent.html) by default. +- `garage` has been updated to v1.x.x. Users should read the [upstream release notes](https://git.deuxfleurs.fr/Deuxfleurs/garage/releases/tag/v1.0.0) and follow the documentation when changing over their `services.garage.package` and performing this manual upgrade. + +- [TODO: reword to place an attribute at the front] The EC2 image module now enables the [Amazon SSM Agent](https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent.html) by default. - The following options of the Nextcloud module were moved into [`services.nextcloud.settings`](#opt-services.nextcloud.settings) and renamed to match the name from Nextcloud's `config.php`: - `logLevel` -> [`loglevel`](#opt-services.nextcloud.settings.loglevel), @@ -402,7 +564,7 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - `extraTrustedDomains` -> [`trusted_domains`](#opt-services.nextcloud.settings.trusted_domains) and - `trustedProxies` -> [`trusted_proxies`](#opt-services.nextcloud.settings.trusted_proxies). -- The option [`services.nextcloud.config.dbport`] of the Nextcloud module was removed to match upstream. +- `services.nextcloud.config.dbport` option of the Nextcloud module was removed to match upstream. The port can be specified in [`services.nextcloud.config.dbhost`](#opt-services.nextcloud.config.dbhost). - A new abstraction to create both read-only as well as writable overlay file @@ -410,7 +572,7 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m [fileSystems.overlay](#opt-fileSystems._name_.overlay.lowerdir). See also the [NixOS docs](#sec-overlayfs). -- systemd units can now specify the `Upholds=` and `UpheldBy=` unit dependencies via the aptly +- `systemd` units can now specify the `Upholds=` and `UpheldBy=` unit dependencies via the aptly named `upholds` and `upheldBy` options. These options get systemd to enforce that the dependencies remain continuosly running for as long as the dependent unit is in a running state. @@ -423,81 +585,88 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - New options were added to the dnsdist module to enable and configure a DNSCrypt endpoint (see `services.dnsdist.dnscrypt.enable`, etc.). The module can generate the DNSCrypt provider key pair, certificates and also performs their rotation automatically with no downtime. -- With a bump to `sonarr` v4, existing config database files will be upgraded automatically, but note that some old apparently-working configs [might actually be corrupt and fail to upgrade cleanly](https://forums.sonarr.tv/t/sonarr-v4-released/33089). +- `sonarr` version bumped to from 3.0.10 to 4.0.3. Consequently existing config database files will be upgraded automatically, but note that some old apparently-working configs [might actually be corrupt and fail to upgrade cleanly](https://forums.sonarr.tv/t/sonarr-v4-released/33089). -- The Yama LSM is now enabled by default in the kernel, which prevents ptracing +- [TODO: reword to place an attribute at the front] The Yama LSM is now enabled by default in the kernel, which prevents ptracing non-child processes. This means you will not be able to attach gdb to an existing process, but will need to start that process from gdb (so it is a child). Or you can set `boot.kernel.sysctl."kernel.yama.ptrace_scope"` to 0. -- The netbird module now allows running multiple tunnels in parallel through [`services.netbird.tunnels`](#opt-services.netbird.tunnels). +- `netbird` module now allows running multiple tunnels in parallel through [`services.netbird.tunnels`](#opt-services.netbird.tunnels). - [Nginx virtual hosts](#opt-services.nginx.virtualHosts) using `forceSSL` or - `globalRedirect` can now have redirect codes other than 301 through + `globalRedirect` can now have redirect codes other than 301 through `redirectCode`. - `bacula` now allows to configure `TLS` for encrypted communication. - `redirectCode`. - -- `libjxl` 0.9.0 [dropped support for the butteraugli API](https://github.com/libjxl/libjxl/pull/2576). You will no longer be able to set `enableButteraugli` on `libaom`. - -- The source of the `mockgen` package has changed to the [go.uber.org/mock](https://github.com/uber-go/mock) fork because [the original repository is no longer maintained](https://github.com/golang/mock#gomock). +- `libjxl` version bumped from 0.8.2 to 0.9.1 [dropped support for the butteraugli API](https://github.com/libjxl/libjxl/pull/2576). You will no longer be able to set `enableButteraugli` on `libaom`. -- `security.pam.enableSSHAgentAuth` was renamed to `security.pam.sshAgentAuth.enable` and an `authorizedKeysFiles` - option was added, to control which `authorized_keys` files are trusted. It defaults to the previous behaviour, - **which is insecure**: see [#31611](https://github.com/NixOS/nixpkgs/issues/31611). +- `mockgen` package source has changed to the [go.uber.org/mock](https://github.com/uber-go/mock) fork because [the original repository is no longer maintained](https://github.com/golang/mock#gomock). - [](#opt-boot.kernel.sysctl._net.core.wmem_max_) changed from a string to an integer because of the addition of a custom merge option (taking the highest value defined to avoid conflicts between 2 services trying to set that value), just as [](#opt-boot.kernel.sysctl._net.core.rmem_max_) since 22.11. -- A new top-level package set, `pkgsExtraHardening` is added. This is a set of packages built with stricter hardening flags - those that have not yet received enough testing to be applied universally, those that are more likely to cause build failures or those that have drawbacks to their use (e.g. performance or required hardware features). +- [TODO: reword to place an attribute at the front] A new top-level package set, `pkgsExtraHardening` is added. This is a set of packages built with stricter hardening flags - those that have not yet received enough testing to be applied universally, those that are more likely to cause build failures or those that have drawbacks to their use (e.g. performance or required hardware features). - `services.zfs.zed.enableMail` now uses the global `sendmail` wrapper defined by an email module (such as msmtp or Postfix). It no longer requires using a special ZFS build with email support. +- `castopod` has some migration actions to be taken in case of a S3 setup. Some new features may also need some manual migration actions. See [https://code.castopod.org/adaures/castopod/-/releases](https://code.castopod.org/adaures/castopod/-/releases) for more informations. + - `nextcloud-setup.service` no longer changes the group of each file & directory inside `/var/lib/nextcloud/{config,data,store-apps}` if one of these directories has the wrong owner group. This was part of transitioning the group used for `/var/lib/nextcloud`, but isn't necessary anymore. -- `services.kavita` now uses the freeform option `services.kavita.settings` for the application settings file. +- `services.kavita` now uses the free-form option `services.kavita.settings` for the application settings file. The options `services.kavita.ipAdresses` and `services.kavita.port` now exist at `services.kavita.settings.IpAddresses` - and `services.kavita.settings.IpAddresses`. + and `services.kavita.settings.IpAddresses`. The file at `services.kavita.tokenKeyFile` now needs to contain a secret with + 512+ bits instead of 128+ bits. + +- `kavita` has been updated to 0.8.0, requiring a manual forced library scan on all libraries for migration. Refer to upstream's [release notes](https://github.com/Kareadita/Kavita/releases/tag/v0.8.0) for details. -- The `krb5` module has been rewritten and moved to `security.krb5`, moving all options but `security.krb5.enable` and `security.krb5.package` into `security.krb5.settings`. +- `krb5` module has been rewritten and moved to `security.krb5`, moving all options but `security.krb5.enable` and `security.krb5.package` into `security.krb5.settings`. -- Gitea 1.21 upgrade has several breaking changes, including: +- `services.soju` now has a wrapper for the `sojuctl` command, pointed at the service config file. It also has the new option `adminSocket.enable`, which creates a unix admin socket at `/run/soju/admin`. + +- `gitea` upgrade to 1.21 has several breaking changes, including: - Custom themes and other assets that were previously stored in `custom/public/*` now belong in `custom/public/assets/*` - New instances of Gitea using MySQL now ignore the `[database].CHARSET` config option and always use the `utf8mb4` charset, existing instances should migrate via the `gitea doctor convert` CLI command. -- The `services.paperless` module no longer uses the previously downloaded NLTK data stored in `/var/cache/paperless/nltk`. This directory can be removed. +- `services.paperless` module no longer uses the previously downloaded NLTK data stored in `/var/cache/paperless/nltk`. This directory can be removed. + +- `services.teeworlds` module now has a wealth of configuration options, including a new `package` option. -- The `services.teeworlds` module now has a wealth of configuration options, including a new `package` option. +- `hardware.pulseaudio` module now sets permission of pulse user home directory to 755 when running in "systemWide" mode. It fixes [issue 114399](https://github.com/NixOS/nixpkgs/issues/114399). -- The `hardware.pulseaudio` module now sets permission of pulse user home directory to 755 when running in "systemWide" mode. It fixes [issue 114399](https://github.com/NixOS/nixpkgs/issues/114399). +- `services.networkmanager.extraConfig` was renamed to `services.networkmanager.settings` and was changed to use the ini type instead of using a multiline string. -- The module `services.github-runner` has been removed. To configure a single GitHub Actions Runner refer to `services.github-runners.*`. Note that this will trigger a new runner registration. +- `services.github-runner` module has been removed. To configure a single GitHub Actions Runner refer to `services.github-runners.*`. Note that this will trigger a new runner registration. -- The `services.slskd` has been refactored to include more configuation options in - the freeform `services.slskd.settings` option, and some defaults (including listen ports) +- `services.slskd` has been refactored to include more configuation options in + the free-form `services.slskd.settings` option, and some defaults (including listen ports) have been changed to match the upstream defaults. Additionally, disk logging is now disabled by default, and the log rotation timer has been removed. The nginx virtualhost option is now of the `vhost-options` type. -- The `btrbk` module now automatically selects and provides required compression +- `services.btrbk` now automatically selects and provides required compression program depending on the configured `stream_compress` option. Since this replaces the need for the `extraPackages` option, this option will be deprecated in future releases. -- The `mpich` package expression now requires `withPm` to be a list, e.g. `"hydra:gforker"` becomes `[ "hydra" "gforker" ]`. +- `mpich` package expression now requires `withPm` to be a list, e.g. `"hydra:gforker"` becomes `[ "hydra" "gforker" ]`. -- When merging systemd unit options (of type `unitOption`), +- `systemd`: when merging unit options (of type `unitOption`), if at least one definition is a list, all those which aren't are now lifted into a list, making it possible to accumulate definitions without resorting to `mkForce`, hence to retain the definitions not anticipating that need. -- YouTrack is bumped to 2023.3. The update is not performed automatically, it requires manual interaction. See the YouTrack section in the manual for details. +- `youtrack` is bumped to 2023.3. The update is not performed automatically, it requires manual interaction. See the YouTrack section in the manual for details. - QtMultimedia has changed its default backend to `QT_MEDIA_BACKEND=ffmpeg` (previously `gstreamer` on Linux or `darwin` on MacOS). The previous native backends remain available but are now minimally maintained. Refer to [upstream documentation](https://doc.qt.io/qt-6/qtmultimedia-index.html#ffmpeg-as-the-default-backend) for further details about each platform. -- The oil shell's c++ version is now available as `oils-for-unix`. The python version is still available as `oil` +- `drbd` out-of-tree Linux kernel driver has been added in version 9.2.7. With it the DRBD 9.x features can be used instead of the 8.x features provided by the 8.4.11 in-tree driver. + +- [TODO: reword to place an attribute at the front] The oil shell's c++ version is now available as `oils-for-unix`. The python version is still available as `oil` - `documentation.man.mandoc` now by default uses `MANPATH` to set the directories where mandoc will search for manual pages. This enables mandoc to find manual pages in Nix profiles. To set the manual search paths via the `mandoc.conf` configuration file like before, use `documentation.man.mandoc.settings.manpath` instead. + +- `grafana-loki` package was updated to 3.0.0 which includes [breaking changes](https://github.com/grafana/loki/releases/tag/v3.0.0) diff --git a/nixpkgs/nixos/lib/make-options-doc/default.nix b/nixpkgs/nixos/lib/make-options-doc/default.nix index 4ae9d018e96f..17e03baf3bb7 100644 --- a/nixpkgs/nixos/lib/make-options-doc/default.nix +++ b/nixpkgs/nixos/lib/make-options-doc/default.nix @@ -117,9 +117,7 @@ # deprecated since 23.11. # TODO remove in a while. , allowDocBook ? false -# whether lib.mdDoc is required for descriptions to be read as markdown. -# deprecated since 23.11. -# TODO remove in a while. +# TODO remove in a while (see https://github.com/NixOS/nixpkgs/issues/300735) , markdownByDefault ? true }: diff --git a/nixpkgs/nixos/lib/qemu-common.nix b/nixpkgs/nixos/lib/qemu-common.nix index b946f62d93dc..f1e19c5b3b72 100644 --- a/nixpkgs/nixos/lib/qemu-common.nix +++ b/nixpkgs/nixos/lib/qemu-common.nix @@ -35,6 +35,8 @@ rec { aarch64-linux = "${qemuPkg}/bin/qemu-system-aarch64 -machine virt,gic-version=max,accel=kvm:tcg -cpu max"; powerpc64le-linux = "${qemuPkg}/bin/qemu-system-ppc64 -machine powernv"; powerpc64-linux = "${qemuPkg}/bin/qemu-system-ppc64 -machine powernv"; + riscv32-linux = "${qemuPkg}/bin/qemu-system-riscv32 -machine virt"; + riscv64-linux = "${qemuPkg}/bin/qemu-system-riscv64 -machine virt"; x86_64-darwin = "${qemuPkg}/bin/qemu-kvm -cpu max"; }; otherHostGuestMatrix = { diff --git a/nixpkgs/nixos/lib/systemd-lib.nix b/nixpkgs/nixos/lib/systemd-lib.nix index c00b2d0f207c..eef49f8c4ef3 100644 --- a/nixpkgs/nixos/lib/systemd-lib.nix +++ b/nixpkgs/nixos/lib/systemd-lib.nix @@ -1,8 +1,50 @@ -{ config, lib, pkgs }: - -with lib; +{ config, lib, pkgs, utils }: let + inherit (lib) + all + attrByPath + attrNames + concatLists + concatMap + concatMapStrings + concatStrings + concatStringsSep + const + elem + filter + filterAttrs + flatten + flip + head + isInt + isList + isPath + length + makeBinPath + makeSearchPathOutput + mapAttrs + mapAttrsToList + mkAfter + mkIf + optional + optionalAttrs + optionalString + pipe + range + replaceStrings + reverseList + splitString + stringLength + stringToCharacters + tail + toIntBase10 + trace + types + ; + + inherit (lib.strings) toJSON; + cfg = config.systemd; lndir = "${pkgs.buildPackages.xorg.lndir}/bin/lndir"; systemd = cfg.package; @@ -10,7 +52,7 @@ in rec { shellEscape = s: (replaceStrings [ "\\" ] [ "\\\\" ] s); - mkPathSafeName = lib.replaceStrings ["@" ":" "\\" "[" "]"] ["-" "-" "-" "" ""]; + mkPathSafeName = replaceStrings ["@" ":" "\\" "[" "]"] ["-" "-" "-" "" ""]; # a type for options that take a unit name unitNameType = types.strMatching "[a-zA-Z0-9@%:_.\\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"; @@ -109,6 +151,10 @@ in rec { optional (attr ? ${name} && !(min <= attr.${name} && max >= attr.${name})) "Systemd ${group} field `${name}' is outside the range [${toString min},${toString max}]"; + assertRangeOrOneOf = name: min: max: values: group: attr: + optional (attr ? ${name} && !((min <= attr.${name} && max >= attr.${name}) || elem attr.${name} values)) + "Systemd ${group} field `${name}' is not a value in range [${toString min},${toString max}], or one of ${toString values}"; + assertMinimum = name: min: group: attr: optional (attr ? ${name} && attr.${name} < min) "Systemd ${group} field `${name}' must be greater than or equal to ${toString min}"; @@ -133,7 +179,7 @@ in rec { )) attrs; errors = concatMap (c: c group defs) checks; in if errors == [] then true - else builtins.trace (concatStringsSep "\n" errors) false; + else trace (concatStringsSep "\n" errors) false; toOption = x: if x == true then "true" @@ -220,7 +266,7 @@ in rec { # upstream unit. for i in ${toString (mapAttrsToList (n: v: v.unit) - (lib.filterAttrs (n: v: (attrByPath [ "overrideStrategy" ] "asDropinIfExists" v) == "asDropinIfExists") units))}; do + (filterAttrs (n: v: (attrByPath [ "overrideStrategy" ] "asDropinIfExists" v) == "asDropinIfExists") units))}; do fn=$(basename $i/*) if [ -e $out/$fn ]; then if [ "$(readlink -f $i/$fn)" = /dev/null ]; then @@ -243,7 +289,7 @@ in rec { # treated as drop-in file. for i in ${toString (mapAttrsToList (n: v: v.unit) - (lib.filterAttrs (n: v: v ? overrideStrategy && v.overrideStrategy == "asDropin") units))}; do + (filterAttrs (n: v: v ? overrideStrategy && v.overrideStrategy == "asDropin") units))}; do fn=$(basename $i/*) mkdir -p $out/$fn.d ln -s $i/$fn $out/$fn.d/overrides.conf @@ -323,9 +369,17 @@ in rec { // optionalAttrs (config.requisite != []) { Requisite = toString config.requisite; } // optionalAttrs (config ? restartTriggers && config.restartTriggers != []) - { X-Restart-Triggers = "${pkgs.writeText "X-Restart-Triggers-${name}" (toString config.restartTriggers)}"; } + { X-Restart-Triggers = "${pkgs.writeText "X-Restart-Triggers-${name}" (pipe config.restartTriggers [ + flatten + (map (x: if isPath x then "${x}" else x)) + toString + ])}"; } // optionalAttrs (config ? reloadTriggers && config.reloadTriggers != []) - { X-Reload-Triggers = "${pkgs.writeText "X-Reload-Triggers-${name}" (toString config.reloadTriggers)}"; } + { X-Reload-Triggers = "${pkgs.writeText "X-Reload-Triggers-${name}" (pipe config.reloadTriggers [ + flatten + (map (x: if isPath x then "${x}" else x)) + toString + ])}"; } // optionalAttrs (config.description != "") { Description = config.description; } // optionalAttrs (config.documentation != []) { @@ -342,8 +396,41 @@ in rec { }; }; - serviceConfig = { config, ... }: { - config.environment.PATH = mkIf (config.path != []) "${makeBinPath config.path}:${makeSearchPathOutput "bin" "sbin" config.path}"; + serviceConfig = { name, config, ... }: { + config = { + name = "${name}.service"; + environment.PATH = mkIf (config.path != []) "${makeBinPath config.path}:${makeSearchPathOutput "bin" "sbin" config.path}"; + }; + }; + + pathConfig = { name, config, ... }: { + config = { + name = "${name}.path"; + }; + }; + + socketConfig = { name, config, ... }: { + config = { + name = "${name}.socket"; + }; + }; + + sliceConfig = { name, config, ... }: { + config = { + name = "${name}.slice"; + }; + }; + + targetConfig = { name, config, ... }: { + config = { + name = "${name}.target"; + }; + }; + + timerConfig = { name, config, ... }: { + config = { + name = "${name}.timer"; + }; }; stage2ServiceConfig = { @@ -362,6 +449,7 @@ in rec { mountConfig = { config, ... }: { config = { + name = "${utils.escapeSystemdPath config.where}.mount"; mountConfig = { What = config.what; Where = config.where; @@ -375,6 +463,7 @@ in rec { automountConfig = { config, ... }: { config = { + name = "${utils.escapeSystemdPath config.where}.automount"; automountConfig = { Where = config.where; }; @@ -384,14 +473,14 @@ in rec { commonUnitText = def: lines: '' [Unit] ${attrsToSection def.unitConfig} - '' + lines + lib.optionalString (def.wantedBy != [ ]) '' + '' + lines + optionalString (def.wantedBy != [ ]) '' [Install] WantedBy=${concatStringsSep " " def.wantedBy} ''; - targetToUnit = name: def: - { inherit (def) aliases wantedBy requiredBy upheldBy enable overrideStrategy; + targetToUnit = def: + { inherit (def) name aliases wantedBy requiredBy upheldBy enable overrideStrategy; text = '' [Unit] @@ -399,17 +488,17 @@ in rec { ''; }; - serviceToUnit = name: def: - { inherit (def) aliases wantedBy requiredBy upheldBy enable overrideStrategy; + serviceToUnit = def: + { inherit (def) name aliases wantedBy requiredBy upheldBy enable overrideStrategy; text = commonUnitText def ('' [Service] '' + (let env = cfg.globalEnvironment // def.environment; in concatMapStrings (n: let s = optionalString (env.${n} != null) - "Environment=${builtins.toJSON "${n}=${env.${n}}"}\n"; + "Environment=${toJSON "${n}=${env.${n}}"}\n"; # systemd max line length is now 1MiB # https://github.com/systemd/systemd/commit/e6dde451a51dc5aaa7f4d98d39b8fe735f73d2af - in if stringLength s >= 1048576 then throw "The value of the environment variable ‘${n}’ in systemd service ‘${name}.service’ is too long." else s) (attrNames env)) + in if stringLength s >= 1048576 then throw "The value of the environment variable ‘${n}’ in systemd service ‘${def.name}.service’ is too long." else s) (attrNames env)) + (if def ? reloadIfChanged && def.reloadIfChanged then '' X-ReloadIfChanged=true '' else if (def ? restartIfChanged && !def.restartIfChanged) then '' @@ -420,8 +509,8 @@ in rec { '' + attrsToSection def.serviceConfig); }; - socketToUnit = name: def: - { inherit (def) aliases wantedBy requiredBy upheldBy enable overrideStrategy; + socketToUnit = def: + { inherit (def) name aliases wantedBy requiredBy upheldBy enable overrideStrategy; text = commonUnitText def '' [Socket] ${attrsToSection def.socketConfig} @@ -430,40 +519,40 @@ in rec { ''; }; - timerToUnit = name: def: - { inherit (def) aliases wantedBy requiredBy upheldBy enable overrideStrategy; + timerToUnit = def: + { inherit (def) name aliases wantedBy requiredBy upheldBy enable overrideStrategy; text = commonUnitText def '' [Timer] ${attrsToSection def.timerConfig} ''; }; - pathToUnit = name: def: - { inherit (def) aliases wantedBy requiredBy upheldBy enable overrideStrategy; + pathToUnit = def: + { inherit (def) name aliases wantedBy requiredBy upheldBy enable overrideStrategy; text = commonUnitText def '' [Path] ${attrsToSection def.pathConfig} ''; }; - mountToUnit = name: def: - { inherit (def) aliases wantedBy requiredBy upheldBy enable overrideStrategy; + mountToUnit = def: + { inherit (def) name aliases wantedBy requiredBy upheldBy enable overrideStrategy; text = commonUnitText def '' [Mount] ${attrsToSection def.mountConfig} ''; }; - automountToUnit = name: def: - { inherit (def) aliases wantedBy requiredBy upheldBy enable overrideStrategy; + automountToUnit = def: + { inherit (def) name aliases wantedBy requiredBy upheldBy enable overrideStrategy; text = commonUnitText def '' [Automount] ${attrsToSection def.automountConfig} ''; }; - sliceToUnit = name: def: - { inherit (def) aliases wantedBy requiredBy upheldBy enable overrideStrategy; + sliceToUnit = def: + { inherit (def) name aliases wantedBy requiredBy upheldBy enable overrideStrategy; text = commonUnitText def '' [Slice] ${attrsToSection def.sliceConfig} @@ -475,15 +564,20 @@ in rec { # in that attrset are determined by the supplied format. definitions = directoryName: format: definitionAttrs: let - listOfDefinitions = lib.mapAttrsToList + listOfDefinitions = mapAttrsToList (name: format.generate "${name}.conf") definitionAttrs; in pkgs.runCommand directoryName { } '' mkdir -p $out - ${(lib.concatStringsSep "\n" + ${(concatStringsSep "\n" (map (pkg: "cp ${pkg} $out/${pkg.name}") listOfDefinitions) )} ''; + # The maximum number of characters allowed in a GPT partition label. This + # limit is specified by UEFI and enforced by systemd-repart. + # Corresponds to GPT_LABEL_MAX from systemd's gpt.h. + GPTMaxLabelLength = 36; + } diff --git a/nixpkgs/nixos/lib/systemd-network-units.nix b/nixpkgs/nixos/lib/systemd-network-units.nix index 1d5f823f3678..ae581495772a 100644 --- a/nixpkgs/nixos/lib/systemd-network-units.nix +++ b/nixpkgs/nixos/lib/systemd-network-units.nix @@ -1,8 +1,13 @@ { lib, systemdUtils }: -with lib; - let + inherit (lib) + concatMapStrings + concatStringsSep + flip + optionalString + ; + attrsToSection = systemdUtils.lib.attrsToSection; commonMatchText = def: optionalString (def.matchConfig != { }) '' @@ -20,6 +25,9 @@ in { commonMatchText def + '' [NetDev] ${attrsToSection def.netdevConfig} + '' + optionalString (def.bridgeConfig != { }) '' + [Bridge] + ${attrsToSection def.bridgeConfig} '' + optionalString (def.vlanConfig != { }) '' [VLAN] ${attrsToSection def.vlanConfig} diff --git a/nixpkgs/nixos/lib/systemd-types.nix b/nixpkgs/nixos/lib/systemd-types.nix index a109f248b170..f3bc8e06d9cb 100644 --- a/nixpkgs/nixos/lib/systemd-types.nix +++ b/nixpkgs/nixos/lib/systemd-types.nix @@ -1,47 +1,98 @@ { lib, systemdUtils, pkgs }: -with systemdUtils.lib; -with systemdUtils.unitOptions; -with lib; +let + inherit (systemdUtils.lib) + automountConfig + makeUnit + mountConfig + pathConfig + sliceConfig + socketConfig + stage1ServiceConfig + stage2ServiceConfig + targetConfig + timerConfig + unitConfig + ; -rec { - units = with types; - attrsOf (submodule ({ name, config, ... }: { - options = concreteUnitOptions; - config = { unit = mkDefault (systemdUtils.lib.makeUnit name config); }; - })); + inherit (systemdUtils.unitOptions) + concreteUnitOptions + stage1AutomountOptions + stage1CommonUnitOptions + stage1MountOptions + stage1PathOptions + stage1ServiceOptions + stage1SliceOptions + stage1SocketOptions + stage1TimerOptions + stage2AutomountOptions + stage2CommonUnitOptions + stage2MountOptions + stage2PathOptions + stage2ServiceOptions + stage2SliceOptions + stage2SocketOptions + stage2TimerOptions + ; - services = with types; attrsOf (submodule [ stage2ServiceOptions unitConfig stage2ServiceConfig ]); - initrdServices = with types; attrsOf (submodule [ stage1ServiceOptions unitConfig stage1ServiceConfig ]); + inherit (lib) + mkDefault + mkDerivedConfig + mkEnableOption + mkIf + mkOption + ; - targets = with types; attrsOf (submodule [ stage2CommonUnitOptions unitConfig ]); - initrdTargets = with types; attrsOf (submodule [ stage1CommonUnitOptions unitConfig ]); + inherit (lib.types) + attrsOf + lines + listOf + nullOr + path + submodule + ; +in - sockets = with types; attrsOf (submodule [ stage2SocketOptions unitConfig ]); - initrdSockets = with types; attrsOf (submodule [ stage1SocketOptions unitConfig ]); +{ + units = attrsOf (submodule ({ name, config, ... }: { + options = concreteUnitOptions; + config = { + name = mkDefault name; + unit = mkDefault (makeUnit name config); + }; + })); + + services = attrsOf (submodule [ stage2ServiceOptions unitConfig stage2ServiceConfig ]); + initrdServices = attrsOf (submodule [ stage1ServiceOptions unitConfig stage1ServiceConfig ]); + + targets = attrsOf (submodule [ stage2CommonUnitOptions unitConfig targetConfig ]); + initrdTargets = attrsOf (submodule [ stage1CommonUnitOptions unitConfig targetConfig ]); + + sockets = attrsOf (submodule [ stage2SocketOptions unitConfig socketConfig]); + initrdSockets = attrsOf (submodule [ stage1SocketOptions unitConfig socketConfig ]); - timers = with types; attrsOf (submodule [ stage2TimerOptions unitConfig ]); - initrdTimers = with types; attrsOf (submodule [ stage1TimerOptions unitConfig ]); + timers = attrsOf (submodule [ stage2TimerOptions unitConfig timerConfig ]); + initrdTimers = attrsOf (submodule [ stage1TimerOptions unitConfig timerConfig ]); - paths = with types; attrsOf (submodule [ stage2PathOptions unitConfig ]); - initrdPaths = with types; attrsOf (submodule [ stage1PathOptions unitConfig ]); + paths = attrsOf (submodule [ stage2PathOptions unitConfig pathConfig ]); + initrdPaths = attrsOf (submodule [ stage1PathOptions unitConfig pathConfig ]); - slices = with types; attrsOf (submodule [ stage2SliceOptions unitConfig ]); - initrdSlices = with types; attrsOf (submodule [ stage1SliceOptions unitConfig ]); + slices = attrsOf (submodule [ stage2SliceOptions unitConfig sliceConfig ]); + initrdSlices = attrsOf (submodule [ stage1SliceOptions unitConfig sliceConfig ]); - mounts = with types; listOf (submodule [ stage2MountOptions unitConfig mountConfig ]); - initrdMounts = with types; listOf (submodule [ stage1MountOptions unitConfig mountConfig ]); + mounts = listOf (submodule [ stage2MountOptions unitConfig mountConfig ]); + initrdMounts = listOf (submodule [ stage1MountOptions unitConfig mountConfig ]); - automounts = with types; listOf (submodule [ stage2AutomountOptions unitConfig automountConfig ]); - initrdAutomounts = with types; attrsOf (submodule [ stage1AutomountOptions unitConfig automountConfig ]); + automounts = listOf (submodule [ stage2AutomountOptions unitConfig automountConfig ]); + initrdAutomounts = attrsOf (submodule [ stage1AutomountOptions unitConfig automountConfig ]); - initrdContents = types.attrsOf (types.submodule ({ config, options, name, ... }: { + initrdContents = attrsOf (submodule ({ config, options, name, ... }: { options = { - enable = mkEnableOption (lib.mdDoc "copying of this file and symlinking it") // { default = true; }; + enable = (mkEnableOption "copying of this file and symlinking it") // { default = true; }; target = mkOption { - type = types.path; - description = lib.mdDoc '' + type = path; + description = '' Path of the symlink. ''; default = name; @@ -49,13 +100,13 @@ rec { text = mkOption { default = null; - type = types.nullOr types.lines; - description = lib.mdDoc "Text of the file."; + type = nullOr lines; + description = "Text of the file."; }; source = mkOption { - type = types.path; - description = lib.mdDoc "Path of the source file."; + type = path; + description = "Path of the source file."; }; }; diff --git a/nixpkgs/nixos/lib/systemd-unit-options.nix b/nixpkgs/nixos/lib/systemd-unit-options.nix index e4953ba72dd9..160f2bf9483a 100644 --- a/nixpkgs/nixos/lib/systemd-unit-options.nix +++ b/nixpkgs/nixos/lib/systemd-unit-options.nix @@ -1,9 +1,32 @@ { lib, systemdUtils }: -with systemdUtils.lib; -with lib; - let + inherit (systemdUtils.lib) + assertValueOneOf + automountConfig + checkUnitConfig + makeJobScript + mountConfig + serviceConfig + unitConfig + unitNameType + ; + + inherit (lib) + any + concatMap + filterOverrides + isList + mergeEqualOption + mkIf + mkMerge + mkOption + mkOptionType + singleton + toList + types + ; + checkService = checkUnitConfig "Service" [ (assertValueOneOf "Type" [ "exec" "simple" "forking" "oneshot" "dbus" "notify" "notify-reload" "idle" @@ -31,7 +54,7 @@ in rec { enable = mkOption { default = true; type = types.bool; - description = lib.mdDoc '' + description = '' If set to false, this unit will be a symlink to /dev/null. This is primarily useful to prevent specific template instances @@ -42,10 +65,18 @@ in rec { ''; }; + name = lib.mkOption { + type = lib.types.str; + description = '' + The name of this systemd unit, including its extension. + This can be used to refer to this unit from other systemd units. + ''; + }; + overrideStrategy = mkOption { default = "asDropinIfExists"; type = types.enum [ "asDropinIfExists" "asDropin" ]; - description = lib.mdDoc '' + description = '' Defines how unit configuration is provided for systemd: `asDropinIfExists` creates a unit file when no unit file is provided by the package @@ -61,7 +92,7 @@ in rec { requiredBy = mkOption { default = []; type = types.listOf unitNameType; - description = lib.mdDoc '' + description = '' Units that require (i.e. depend on and need to go down with) this unit. As discussed in the `wantedBy` option description this also creates `.requires` symlinks automatically. @@ -71,7 +102,7 @@ in rec { upheldBy = mkOption { default = []; type = types.listOf unitNameType; - description = lib.mdDoc '' + description = '' Keep this unit running as long as the listed units are running. This is a continuously enforced version of wantedBy. ''; @@ -80,7 +111,7 @@ in rec { wantedBy = mkOption { default = []; type = types.listOf unitNameType; - description = lib.mdDoc '' + description = '' Units that want (i.e. depend on) this unit. The default method for starting a unit by default at boot time is to set this option to `["multi-user.target"]` for system services. Likewise for user units @@ -98,7 +129,7 @@ in rec { aliases = mkOption { default = []; type = types.listOf unitNameType; - description = lib.mdDoc "Aliases of that unit."; + description = "Aliases of that unit."; }; }; @@ -108,12 +139,12 @@ in rec { text = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "Text of this systemd unit."; + description = "Text of this systemd unit."; }; unit = mkOption { internal = true; - description = lib.mdDoc "The generated unit."; + description = "The generated unit."; }; }; @@ -124,19 +155,19 @@ in rec { description = mkOption { default = ""; type = types.singleLineStr; - description = lib.mdDoc "Description of this unit used in systemd messages and progress indicators."; + description = "Description of this unit used in systemd messages and progress indicators."; }; documentation = mkOption { default = []; type = types.listOf types.str; - description = lib.mdDoc "A list of URIs referencing documentation for this unit or its configuration."; + description = "A list of URIs referencing documentation for this unit or its configuration."; }; requires = mkOption { default = []; type = types.listOf unitNameType; - description = lib.mdDoc '' + description = '' Start the specified units when this unit is started, and stop this unit when the specified units are stopped or fail. ''; @@ -145,7 +176,7 @@ in rec { wants = mkOption { default = []; type = types.listOf unitNameType; - description = lib.mdDoc '' + description = '' Start the specified units when this unit is started. ''; }; @@ -153,7 +184,7 @@ in rec { upholds = mkOption { default = []; type = types.listOf unitNameType; - description = lib.mdDoc '' + description = '' Keeps the specified running while this unit is running. A continuous version of `wants`. ''; }; @@ -161,7 +192,7 @@ in rec { after = mkOption { default = []; type = types.listOf unitNameType; - description = lib.mdDoc '' + description = '' If the specified units are started at the same time as this unit, delay this unit until they have started. ''; @@ -170,7 +201,7 @@ in rec { before = mkOption { default = []; type = types.listOf unitNameType; - description = lib.mdDoc '' + description = '' If the specified units are started at the same time as this unit, delay them until this unit has started. ''; @@ -179,7 +210,7 @@ in rec { bindsTo = mkOption { default = []; type = types.listOf unitNameType; - description = lib.mdDoc '' + description = '' Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well. ''; @@ -188,7 +219,7 @@ in rec { partOf = mkOption { default = []; type = types.listOf unitNameType; - description = lib.mdDoc '' + description = '' If the specified units are stopped or restarted, then this unit is stopped or restarted as well. ''; @@ -197,7 +228,7 @@ in rec { conflicts = mkOption { default = []; type = types.listOf unitNameType; - description = lib.mdDoc '' + description = '' If the specified units are started, then this unit is stopped and vice versa. ''; @@ -206,7 +237,7 @@ in rec { requisite = mkOption { default = []; type = types.listOf unitNameType; - description = lib.mdDoc '' + description = '' Similar to requires. However if the units listed are not started, they will not be started and the transaction will fail. ''; @@ -216,7 +247,7 @@ in rec { default = {}; example = { RequiresMountsFor = "/data"; }; type = types.attrsOf unitOption; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[Unit]` section of the unit. See {manpage}`systemd.unit(5)` for details. @@ -226,7 +257,7 @@ in rec { onFailure = mkOption { default = []; type = types.listOf unitNameType; - description = lib.mdDoc '' + description = '' A list of one or more units that are activated when this unit enters the "failed" state. ''; @@ -235,7 +266,7 @@ in rec { onSuccess = mkOption { default = []; type = types.listOf unitNameType; - description = lib.mdDoc '' + description = '' A list of one or more units that are activated when this unit enters the "inactive" state. ''; @@ -243,7 +274,7 @@ in rec { startLimitBurst = mkOption { type = types.int; - description = lib.mdDoc '' + description = '' Configure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more. @@ -252,7 +283,7 @@ in rec { startLimitIntervalSec = mkOption { type = types.int; - description = lib.mdDoc '' + description = '' Configure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more. @@ -271,7 +302,7 @@ in rec { restartTriggers = mkOption { default = []; type = types.listOf types.unspecified; - description = lib.mdDoc '' + description = '' An arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted. @@ -281,7 +312,7 @@ in rec { reloadTriggers = mkOption { default = []; type = types.listOf unitOption; - description = lib.mdDoc '' + description = '' An arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be reloaded. If anything but a reload trigger changes in the @@ -299,13 +330,13 @@ in rec { default = {}; type = with types; attrsOf (nullOr (oneOf [ str path package ])); example = { PATH = "/foo/bar/bin"; LANG = "nl_NL.UTF-8"; }; - description = lib.mdDoc "Environment variables passed to the service's processes."; + description = "Environment variables passed to the service's processes."; }; path = mkOption { default = []; type = with types; listOf (oneOf [ package str ]); - description = lib.mdDoc '' + description = '' Packages added to the service's {env}`PATH` environment variable. Both the {file}`bin` and {file}`sbin` subdirectories of each @@ -319,7 +350,7 @@ in rec { { RestartSec = 5; }; type = types.addCheck (types.attrsOf unitOption) checkService; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[Service]` section of the unit. See {manpage}`systemd.service(5)` for details. @@ -329,14 +360,14 @@ in rec { script = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Shell commands executed as the service's main process."; + description = "Shell commands executed as the service's main process."; }; scriptArgs = mkOption { type = types.str; default = ""; example = "%i"; - description = lib.mdDoc '' + description = '' Arguments passed to the main process script. Can contain specifiers (`%` placeholders expanded by systemd, see {manpage}`systemd.unit(5)`). ''; @@ -345,7 +376,7 @@ in rec { preStart = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Shell commands executed before the service's main process is started. ''; @@ -354,7 +385,7 @@ in rec { postStart = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Shell commands executed after the service's main process is started. ''; @@ -363,7 +394,7 @@ in rec { reload = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Shell commands executed when the service's main process is reloaded. ''; @@ -372,7 +403,7 @@ in rec { preStop = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Shell commands executed to stop the service. ''; }; @@ -380,7 +411,7 @@ in rec { postStop = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Shell commands executed after the service's main process has exited. ''; @@ -389,7 +420,7 @@ in rec { jobScripts = mkOption { type = with types; coercedTo path singleton (listOf path); internal = true; - description = lib.mdDoc "A list of all job script derivations of this unit."; + description = "A list of all job script derivations of this unit."; default = []; }; @@ -434,7 +465,7 @@ in rec { restartIfChanged = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether the service should be restarted during a NixOS configuration switch if its definition has changed. ''; @@ -443,7 +474,7 @@ in rec { reloadIfChanged = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether the service should be reloaded during a NixOS configuration switch if its definition has changed. If enabled, the value of {option}`restartIfChanged` is @@ -459,7 +490,7 @@ in rec { stopIfChanged = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' If set, a changed unit is restarted by calling {command}`systemctl stop` in the old configuration, then {command}`systemctl start` in the new one. @@ -475,7 +506,7 @@ in rec { type = with types; either str (listOf str); default = []; example = "Sun 14:00:00"; - description = lib.mdDoc '' + description = '' Automatically start this unit at the given date/time, which must be in the format described in {manpage}`systemd.time(7)`. This is equivalent @@ -502,7 +533,7 @@ in rec { default = []; type = types.listOf types.str; example = [ "0.0.0.0:993" "/run/my-socket" ]; - description = lib.mdDoc '' + description = '' For each item in this list, a `ListenStream` option in the `[Socket]` section will be created. ''; @@ -512,7 +543,7 @@ in rec { default = []; type = types.listOf types.str; example = [ "0.0.0.0:993" "/run/my-socket" ]; - description = lib.mdDoc '' + description = '' For each item in this list, a `ListenDatagram` option in the `[Socket]` section will be created. ''; @@ -522,7 +553,7 @@ in rec { default = {}; example = { ListenStream = "/run/my-socket"; }; type = types.attrsOf unitOption; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[Socket]` section of the unit. See {manpage}`systemd.socket(5)` for details. @@ -554,7 +585,7 @@ in rec { default = {}; example = { OnCalendar = "Sun 14:00:00"; Unit = "foo.service"; }; type = types.attrsOf unitOption; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[Timer]` section of the unit. See {manpage}`systemd.timer(5)` and @@ -587,7 +618,7 @@ in rec { default = {}; example = { PathChanged = "/some/path"; Unit = "changedpath.service"; }; type = types.attrsOf unitOption; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[Path]` section of the unit. See {manpage}`systemd.path(5)` for details. @@ -618,13 +649,13 @@ in rec { what = mkOption { example = "/dev/sda1"; type = types.str; - description = lib.mdDoc "Absolute path of device node, file or other resource. (Mandatory)"; + description = "Absolute path of device node, file or other resource. (Mandatory)"; }; where = mkOption { example = "/mnt"; type = types.str; - description = lib.mdDoc '' + description = '' Absolute path of a directory of the mount point. Will be created if it doesn't exist. (Mandatory) ''; @@ -634,21 +665,21 @@ in rec { default = ""; example = "ext4"; type = types.str; - description = lib.mdDoc "File system type."; + description = "File system type."; }; options = mkOption { default = ""; example = "noatime"; type = types.commas; - description = lib.mdDoc "Options used to mount the file system."; + description = "Options used to mount the file system."; }; mountConfig = mkOption { default = {}; example = { DirectoryMode = "0775"; }; type = types.attrsOf unitOption; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[Mount]` section of the unit. See {manpage}`systemd.mount(5)` for details. @@ -678,7 +709,7 @@ in rec { where = mkOption { example = "/mnt"; type = types.str; - description = lib.mdDoc '' + description = '' Absolute path of a directory of the mount point. Will be created if it doesn't exist. (Mandatory) ''; @@ -688,7 +719,7 @@ in rec { default = {}; example = { DirectoryMode = "0775"; }; type = types.attrsOf unitOption; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[Automount]` section of the unit. See {manpage}`systemd.automount(5)` for details. @@ -719,7 +750,7 @@ in rec { default = {}; example = { MemoryMax = "2G"; }; type = types.attrsOf unitOption; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[Slice]` section of the unit. See {manpage}`systemd.slice(5)` for details. diff --git a/nixpkgs/nixos/lib/test-driver/test_driver/machine.py b/nixpkgs/nixos/lib/test-driver/test_driver/machine.py index c117aab7c401..652cc600fad5 100644 --- a/nixpkgs/nixos/lib/test-driver/test_driver/machine.py +++ b/nixpkgs/nixos/lib/test-driver/test_driver/machine.py @@ -165,8 +165,6 @@ class StartCommand: ) if not allow_reboot: qemu_opts += " -no-reboot" - # TODO: qemu script already catpures this env variable, legacy? - qemu_opts += " " + os.environ.get("QEMU_OPTS", "") return ( f"{self._cmd}" diff --git a/nixpkgs/nixos/lib/testing/driver.nix b/nixpkgs/nixos/lib/testing/driver.nix index b6f01c38191d..7eb06e023918 100644 --- a/nixpkgs/nixos/lib/testing/driver.nix +++ b/nixpkgs/nixos/lib/testing/driver.nix @@ -1,6 +1,6 @@ { config, lib, hostPkgs, ... }: let - inherit (lib) mkOption types literalMD mdDoc; + inherit (lib) mkOption types literalMD; # Reifies and correctly wraps the python test driver for # the respective qemu version and with or without ocr support @@ -104,13 +104,13 @@ in options = { driver = mkOption { - description = mdDoc "Package containing a script that runs the test."; + description = "Package containing a script that runs the test."; type = types.package; defaultText = literalMD "set by the test framework"; }; hostPkgs = mkOption { - description = mdDoc "Nixpkgs attrset used outside the nodes."; + description = "Nixpkgs attrset used outside the nodes."; type = types.raw; example = lib.literalExpression '' import nixpkgs { inherit system config overlays; } @@ -118,14 +118,14 @@ in }; qemu.package = mkOption { - description = mdDoc "Which qemu package to use for the virtualisation of [{option}`nodes`](#test-opt-nodes)."; + description = "Which qemu package to use for the virtualisation of [{option}`nodes`](#test-opt-nodes)."; type = types.package; default = hostPkgs.qemu_test; defaultText = "hostPkgs.qemu_test"; }; globalTimeout = mkOption { - description = mdDoc '' + description = '' A global timeout for the complete test, expressed in seconds. Beyond that timeout, every resource will be killed and released and the test will fail. @@ -137,7 +137,7 @@ in }; enableOCR = mkOption { - description = mdDoc '' + description = '' Whether to enable Optical Character Recognition functionality for testing graphical programs. See [Machine objects](`ssec-machine-objects`). ''; @@ -146,7 +146,7 @@ in }; extraPythonPackages = mkOption { - description = mdDoc '' + description = '' Python packages to add to the test driver. The argument is a Python package set, similar to `pkgs.pythonPackages`. @@ -159,7 +159,7 @@ in }; extraDriverArgs = mkOption { - description = mdDoc '' + description = '' Extra arguments to pass to the test driver. They become part of [{option}`driver`](#test-opt-driver) via `wrapProgram`. @@ -171,7 +171,7 @@ in skipLint = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Do not run the linters. This may speed up your iteration cycle, but it is not something you should commit. ''; }; @@ -179,7 +179,7 @@ in skipTypeCheck = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Disable type checking. This must not be enabled for new NixOS tests. This may speed up your iteration cycle, unless you're working on the [{option}`testScript`](#test-opt-testScript). diff --git a/nixpkgs/nixos/lib/testing/interactive.nix b/nixpkgs/nixos/lib/testing/interactive.nix index 317ed4241882..0b1209669282 100644 --- a/nixpkgs/nixos/lib/testing/interactive.nix +++ b/nixpkgs/nixos/lib/testing/interactive.nix @@ -1,11 +1,11 @@ { config, lib, moduleType, hostPkgs, ... }: let - inherit (lib) mkOption types mdDoc; + inherit (lib) mkOption types; in { options = { interactive = mkOption { - description = mdDoc '' + description = '' Tests [can be run interactively](#sec-running-nixos-tests-interactively) using the program in the test derivation's `.driverInteractive` attribute. diff --git a/nixpkgs/nixos/lib/testing/meta.nix b/nixpkgs/nixos/lib/testing/meta.nix index 805b7520edff..bdf313e5b119 100644 --- a/nixpkgs/nixos/lib/testing/meta.nix +++ b/nixpkgs/nixos/lib/testing/meta.nix @@ -1,11 +1,11 @@ { lib, ... }: let - inherit (lib) types mkOption mdDoc; + inherit (lib) types mkOption; in { options = { meta = lib.mkOption { - description = mdDoc '' + description = '' The [`meta`](https://nixos.org/manual/nixpkgs/stable/#chap-meta) attributes that will be set on the returned derivations. Not all [`meta`](https://nixos.org/manual/nixpkgs/stable/#chap-meta) attributes are supported, but more can be added as desired. @@ -16,24 +16,31 @@ in maintainers = lib.mkOption { type = types.listOf types.raw; default = []; - description = mdDoc '' + description = '' The [list of maintainers](https://nixos.org/manual/nixpkgs/stable/#var-meta-maintainers) for this test. ''; }; timeout = lib.mkOption { type = types.nullOr types.int; default = 3600; # 1 hour - description = mdDoc '' + description = '' The [{option}`test`](#test-opt-test)'s [`meta.timeout`](https://nixos.org/manual/nixpkgs/stable/#var-meta-timeout) in seconds. ''; }; broken = lib.mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Sets the [`meta.broken`](https://nixos.org/manual/nixpkgs/stable/#var-meta-broken) attribute on the [{option}`test`](#test-opt-test) derivation. ''; }; + platforms = lib.mkOption { + type = types.listOf types.raw; + default = lib.platforms.linux ++ lib.platforms.darwin; + description = '' + Sets the [`meta.platforms`](https://nixos.org/manual/nixpkgs/stable/#var-meta-platforms) attribute on the [{option}`test`](#test-opt-test) derivation. + ''; + }; }; }; default = {}; diff --git a/nixpkgs/nixos/lib/testing/name.nix b/nixpkgs/nixos/lib/testing/name.nix index 0af593169eec..0682873c7bcd 100644 --- a/nixpkgs/nixos/lib/testing/name.nix +++ b/nixpkgs/nixos/lib/testing/name.nix @@ -1,10 +1,10 @@ { lib, ... }: let - inherit (lib) mkOption types mdDoc; + inherit (lib) mkOption types; in { options.name = mkOption { - description = mdDoc '' + description = '' The name of the test. This is used in the derivation names of the [{option}`driver`](#test-opt-driver) and [{option}`test`](#test-opt-test) runner. diff --git a/nixpkgs/nixos/lib/testing/network.nix b/nixpkgs/nixos/lib/testing/network.nix index 1edc9e276530..0f1615a0ad3b 100644 --- a/nixpkgs/nixos/lib/testing/network.nix +++ b/nixpkgs/nixos/lib/testing/network.nix @@ -5,7 +5,6 @@ let attrNames concatMap concatMapStrings flip forEach head listToAttrs mkDefault mkOption nameValuePair optionalString range toLower types zipListsWith zipLists - mdDoc ; nodeNumbers = @@ -89,7 +88,7 @@ let default = name; # We need to force this in specilisations, otherwise it'd be # readOnly = true; - description = mdDoc '' + description = '' The `name` in `nodes.<name>`; stable across `specialisations`. ''; }; @@ -98,7 +97,7 @@ let type = types.int; readOnly = true; default = nodeNumbers.${config.virtualisation.test.nodeName}; - description = mdDoc '' + description = '' A unique number assigned for each node in `nodes`. ''; }; diff --git a/nixpkgs/nixos/lib/testing/nodes.nix b/nixpkgs/nixos/lib/testing/nodes.nix index 7941d69e38d2..9aecca10ac6b 100644 --- a/nixpkgs/nixos/lib/testing/nodes.nix +++ b/nixpkgs/nixos/lib/testing/nodes.nix @@ -5,7 +5,6 @@ let literalExpression literalMD mapAttrs - mdDoc mkDefault mkIf mkOption mkForce @@ -76,7 +75,7 @@ in nodes = mkOption { type = types.lazyAttrsOf config.node.type; visible = "shallow"; - description = mdDoc '' + description = '' An attribute set of NixOS configuration modules. The configurations are augmented by the [`defaults`](#test-opt-defaults) option. @@ -88,7 +87,7 @@ in }; defaults = mkOption { - description = mdDoc '' + description = '' NixOS configuration that is applied to all [{option}`nodes`](#test-opt-nodes). ''; type = types.deferredModule; @@ -96,7 +95,7 @@ in }; extraBaseModules = mkOption { - description = mdDoc '' + description = '' NixOS configuration that, like [{option}`defaults`](#test-opt-defaults), is applied to all [{option}`nodes`](#test-opt-nodes) and can not be undone with [`specialisation.<name>.inheritParentConfig`](https://search.nixos.org/options?show=specialisation.%3Cname%3E.inheritParentConfig&from=0&size=50&sort=relevance&type=packages&query=specialisation). ''; type = types.deferredModule; @@ -104,7 +103,7 @@ in }; node.pkgs = mkOption { - description = mdDoc '' + description = '' The Nixpkgs to use for the nodes. Setting this will make the `nixpkgs.*` options read-only, to avoid mistakenly testing with a Nixpkgs configuration that diverges from regular use. @@ -117,7 +116,7 @@ in }; node.pkgsReadOnly = mkOption { - description = mdDoc '' + description = '' Whether to make the `nixpkgs.*` options read-only. This is only relevant when [`node.pkgs`](#test-opt-node.pkgs) is set. Set this to `false` when any of the [`nodes`](#test-opt-nodes) needs to configure any of the `nixpkgs.*` options. This will slow down evaluation of your test a bit. @@ -130,7 +129,7 @@ in node.specialArgs = mkOption { type = types.lazyAttrsOf types.raw; default = { }; - description = mdDoc '' + description = '' An attribute set of arbitrary values that will be made available as module arguments during the resolution of module `imports`. Note that it is not possible to override these from within the NixOS configurations. If you argument is not relevant to `imports`, consider setting {option}`defaults._module.args.<name>` instead. @@ -139,7 +138,7 @@ in nodesCompat = mkOption { internal = true; - description = mdDoc '' + description = '' Basically `_module.args.nodes`, but with backcompat and warnings added. This will go away. diff --git a/nixpkgs/nixos/lib/testing/run.nix b/nixpkgs/nixos/lib/testing/run.nix index de5a9b97e61d..218292121ee7 100644 --- a/nixpkgs/nixos/lib/testing/run.nix +++ b/nixpkgs/nixos/lib/testing/run.nix @@ -1,12 +1,12 @@ { config, hostPkgs, lib, ... }: let - inherit (lib) types mkOption mdDoc; + inherit (lib) types mkOption; in { options = { passthru = mkOption { type = types.lazyAttrsOf types.raw; - description = mdDoc '' + description = '' Attributes to add to the returned derivations, which are not necessarily part of the build. @@ -18,7 +18,7 @@ in rawTestDerivation = mkOption { type = types.package; - description = mdDoc '' + description = '' Unfiltered version of `test`, for troubleshooting the test framework and `testBuildFailure` in the test framework's test suite. This is not intended for general use. Use `test` instead. ''; @@ -28,7 +28,7 @@ in test = mkOption { type = types.package; # TODO: can the interactive driver be configured to access the network? - description = mdDoc '' + description = '' Derivation that runs the test as its "build" process. This implies that NixOS tests run isolated from the network, making them diff --git a/nixpkgs/nixos/lib/testing/testScript.nix b/nixpkgs/nixos/lib/testing/testScript.nix index 5c36d754d79d..09964777bd92 100644 --- a/nixpkgs/nixos/lib/testing/testScript.nix +++ b/nixpkgs/nixos/lib/testing/testScript.nix @@ -1,13 +1,13 @@ testModuleArgs@{ config, lib, hostPkgs, nodes, moduleType, ... }: let - inherit (lib) mkOption types mdDoc; + inherit (lib) mkOption types; inherit (types) either str functionTo; in { options = { testScript = mkOption { type = either str (functionTo str); - description = mdDoc '' + description = '' A series of python declarations and statements that you write to perform the test. ''; @@ -25,7 +25,7 @@ in }; withoutTestScriptReferences = mkOption { type = moduleType; - description = mdDoc '' + description = '' A parallel universe where the testScript is invalid and has no references. ''; internal = true; diff --git a/nixpkgs/nixos/lib/utils.nix b/nixpkgs/nixos/lib/utils.nix index 22a2c79843c6..c1c1828a2c12 100644 --- a/nixpkgs/nixos/lib/utils.nix +++ b/nixpkgs/nixos/lib/utils.nix @@ -1,9 +1,45 @@ -{ lib, config, pkgs }: with lib; +{ lib, config, pkgs }: -rec { +let + inherit (lib) + any + attrNames + concatMapStringsSep + concatStringsSep + elem + escapeShellArg + filter + flatten + getName + hasPrefix + hasSuffix + imap0 + imap1 + isAttrs + isDerivation + isFloat + isInt + isList + isPath + isString + listToAttrs + nameValuePair + optionalString + removePrefix + removeSuffix + replaceStrings + stringToCharacters + types + ; + + inherit (lib.strings) toJSON normalizePath escapeC; +in + +let +utils = rec { # Copy configuration files to avoid having the entire sources in the system closure - copyFile = filePath: pkgs.runCommand (builtins.unsafeDiscardStringContext (builtins.baseNameOf filePath)) {} '' + copyFile = filePath: pkgs.runCommand (builtins.unsafeDiscardStringContext (baseNameOf filePath)) {} '' cp ${filePath} $out ''; @@ -46,11 +82,11 @@ rec { escapeSystemdPath = s: let replacePrefix = p: r: s: (if (hasPrefix p s) then r + (removePrefix p s) else s); trim = s: removeSuffix "/" (removePrefix "/" s); - normalizedPath = strings.normalizePath s; + normalizedPath = normalizePath s; in replaceStrings ["/"] ["-"] - (replacePrefix "." (strings.escapeC ["."] ".") - (strings.escapeC (stringToCharacters " !\"#$%&'()*+,;<=>=@[\\]^`{|}~-") + (replacePrefix "." (escapeC ["."] ".") + (escapeC (stringToCharacters " !\"#$%&'()*+,;<=>=@[\\]^`{|}~-") (if normalizedPath == "/" then normalizedPath else trim normalizedPath))); # Quotes an argument for use in Exec* service lines. @@ -62,12 +98,12 @@ rec { # substitution for the directive. escapeSystemdExecArg = arg: let - s = if builtins.isPath arg then "${arg}" - else if builtins.isString arg then arg - else if builtins.isInt arg || builtins.isFloat arg || lib.isDerivation arg then toString arg + s = if isPath arg then "${arg}" + else if isString arg then arg + else if isInt arg || isFloat arg || isDerivation arg then toString arg else throw "escapeSystemdExecArg only allows strings, paths, numbers and derivations"; in - replaceStrings [ "%" "$" ] [ "%%" "$$" ] (builtins.toJSON s); + replaceStrings [ "%" "$" ] [ "%%" "$$" ] (toJSON s); # Quotes a list of arguments into a single string for use in a Exec* # line. @@ -197,7 +233,7 @@ rec { (attrNames secrets)) + "\n" + "${pkgs.jq}/bin/jq >'${output}' " - + lib.escapeShellArg (stringOrDefault + + escapeShellArg (stringOrDefault (concatStringsSep " | " (imap1 (index: name: ''${name} = $ENV.secret${toString index}'') @@ -205,7 +241,7 @@ rec { ".") + '' <<'EOF' - ${builtins.toJSON set} + ${toJSON set} EOF (( ! $inherit_errexit_enabled )) && shopt -u inherit_errexit ''; @@ -222,16 +258,17 @@ rec { */ removePackagesByName = packages: packagesToRemove: let - namesToRemove = map lib.getName packagesToRemove; + namesToRemove = map getName packagesToRemove; in - lib.filter (x: !(builtins.elem (lib.getName x) namesToRemove)) packages; + filter (x: !(elem (getName x) namesToRemove)) packages; systemdUtils = { - lib = import ./systemd-lib.nix { inherit lib config pkgs; }; + lib = import ./systemd-lib.nix { inherit lib config pkgs utils; }; unitOptions = import ./systemd-unit-options.nix { inherit lib systemdUtils; }; types = import ./systemd-types.nix { inherit lib systemdUtils pkgs; }; network = { units = import ./systemd-network-units.nix { inherit lib systemdUtils; }; }; }; -} +}; +in utils diff --git a/nixpkgs/nixos/maintainers/scripts/ec2/amazon-image.nix b/nixpkgs/nixos/maintainers/scripts/ec2/amazon-image.nix index 055d44ba6576..357b86367d98 100644 --- a/nixpkgs/nixos/maintainers/scripts/ec2/amazon-image.nix +++ b/nixpkgs/nixos/maintainers/scripts/ec2/amazon-image.nix @@ -23,7 +23,7 @@ in { options.amazonImage = { name = mkOption { type = types.str; - description = lib.mdDoc "The name of the generated derivation"; + description = "The name of the generated derivation"; default = "nixos-amazon-image-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}"; }; @@ -35,7 +35,7 @@ in { ] ''; default = []; - description = lib.mdDoc '' + description = '' This option lists files to be copied to fixed locations in the generated image. Glob patterns work. ''; @@ -45,13 +45,13 @@ in { type = with types; either (enum [ "auto" ]) int; default = 3072; example = 8192; - description = lib.mdDoc "The size in MB of the image"; + description = "The size in MB of the image"; }; format = mkOption { type = types.enum [ "raw" "qcow2" "vpc" ]; default = "vpc"; - description = lib.mdDoc "The image format to output"; + description = "The image format to output"; }; }; diff --git a/nixpkgs/nixos/maintainers/scripts/openstack/openstack-image-zfs.nix b/nixpkgs/nixos/maintainers/scripts/openstack/openstack-image-zfs.nix index 60f0535854dd..9799f333aec0 100644 --- a/nixpkgs/nixos/maintainers/scripts/openstack/openstack-image-zfs.nix +++ b/nixpkgs/nixos/maintainers/scripts/openstack/openstack-image-zfs.nix @@ -16,26 +16,26 @@ in options.openstackImage = { name = mkOption { type = types.str; - description = lib.mdDoc "The name of the generated derivation"; + description = "The name of the generated derivation"; default = "nixos-openstack-image-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}"; }; ramMB = mkOption { type = types.int; default = 1024; - description = lib.mdDoc "RAM allocation for build VM"; + description = "RAM allocation for build VM"; }; sizeMB = mkOption { type = types.int; default = 8192; - description = lib.mdDoc "The size in MB of the image"; + description = "The size in MB of the image"; }; format = mkOption { type = types.enum [ "raw" "qcow2" ]; default = "qcow2"; - description = lib.mdDoc "The image format to output"; + description = "The image format to output"; }; }; diff --git a/nixpkgs/nixos/modules/config/appstream.nix b/nixpkgs/nixos/modules/config/appstream.nix index 5b48f6e1705d..1712273eff7d 100644 --- a/nixpkgs/nixos/modules/config/appstream.nix +++ b/nixpkgs/nixos/modules/config/appstream.nix @@ -6,7 +6,7 @@ with lib; appstream.enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to install files to support the [AppStream metadata specification](https://www.freedesktop.org/software/appstream/docs/index.html). ''; diff --git a/nixpkgs/nixos/modules/config/console.nix b/nixpkgs/nixos/modules/config/console.nix index 442cfe9292ca..e27d7443bb1c 100644 --- a/nixpkgs/nixos/modules/config/console.nix +++ b/nixpkgs/nixos/modules/config/console.nix @@ -49,7 +49,7 @@ in ###### interface options.console = { - enable = mkEnableOption (lib.mdDoc "virtual console") // { + enable = mkEnableOption "virtual console" // { default = true; }; @@ -57,7 +57,7 @@ in type = with types; nullOr (either str path); default = null; example = "LatArCyrHeb-16"; - description = mdDoc '' + description = '' The font used for the virtual consoles. Can be `null`, a font name, or a path to a PSF font file. @@ -74,7 +74,7 @@ in type = with types; either str path; default = "us"; example = "fr"; - description = lib.mdDoc '' + description = '' The keyboard mapping table for the virtual consoles. ''; }; @@ -88,7 +88,7 @@ in "002b36" "cb4b16" "586e75" "657b83" "839496" "6c71c4" "93a1a1" "fdf6e3" ]; - description = lib.mdDoc '' + description = '' The 16 colors palette used by the virtual consoles. Leave empty to use the default colors. Colors must be in hexadecimal format and listed in @@ -100,7 +100,7 @@ in packages = mkOption { type = types.listOf types.package; default = [ ]; - description = lib.mdDoc '' + description = '' List of additional packages that provide console fonts, keymaps and other resources for virtual consoles use. ''; @@ -109,7 +109,7 @@ in useXkbConfig = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' If set, configure the virtual console keymap from the xserver keyboard settings. ''; @@ -118,7 +118,7 @@ in earlySetup = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Enable setting virtual console options as early as possible (in initrd). ''; }; diff --git a/nixpkgs/nixos/modules/config/debug-info.nix b/nixpkgs/nixos/modules/config/debug-info.nix index 78de26fda440..05a2fd2ceeea 100644 --- a/nixpkgs/nixos/modules/config/debug-info.nix +++ b/nixpkgs/nixos/modules/config/debug-info.nix @@ -9,7 +9,7 @@ with lib; environment.enableDebugInfo = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Some NixOS packages provide debug symbols. However, these are not included in the system closure by default to save disk space. Enabling this option causes the debug symbols to appear diff --git a/nixpkgs/nixos/modules/config/fanout.nix b/nixpkgs/nixos/modules/config/fanout.nix index 60ee145f19af..f775d2e9f22d 100644 --- a/nixpkgs/nixos/modules/config/fanout.nix +++ b/nixpkgs/nixos/modules/config/fanout.nix @@ -7,7 +7,7 @@ let in { options.services.fanout = { - enable = lib.mkEnableOption (lib.mdDoc "fanout"); + enable = lib.mkEnableOption "fanout"; fanoutDevices = lib.mkOption { type = lib.types.int; default = 1; diff --git a/nixpkgs/nixos/modules/config/fonts/fontconfig.nix b/nixpkgs/nixos/modules/config/fonts/fontconfig.nix index 5e2e054f7c4e..9a9ac08eefeb 100644 --- a/nixpkgs/nixos/modules/config/fonts/fontconfig.nix +++ b/nixpkgs/nixos/modules/config/fonts/fontconfig.nix @@ -278,7 +278,7 @@ in enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' If enabled, a Fontconfig configuration file will be built pointing to a set of default fonts. If you don't care about running X11 applications or any other program that uses @@ -291,7 +291,7 @@ in internal = true; type = with types; listOf path; default = [ ]; - description = lib.mdDoc '' + description = '' Fontconfig configuration packages. ''; }; @@ -299,7 +299,7 @@ in antialias = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Enable font antialiasing. At high resolution (> 200 DPI), antialiasing has no visible effect; users of such displays may want to disable this option. @@ -309,7 +309,7 @@ in localConf = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' System-wide customization file contents, has higher priority than `defaultFonts` settings. ''; @@ -319,7 +319,7 @@ in monospace = mkOption { type = types.listOf types.str; default = ["DejaVu Sans Mono"]; - description = lib.mdDoc '' + description = '' System-wide default monospace font(s). Multiple fonts may be listed in case multiple languages must be supported. ''; @@ -328,7 +328,7 @@ in sansSerif = mkOption { type = types.listOf types.str; default = ["DejaVu Sans"]; - description = lib.mdDoc '' + description = '' System-wide default sans serif font(s). Multiple fonts may be listed in case multiple languages must be supported. ''; @@ -337,7 +337,7 @@ in serif = mkOption { type = types.listOf types.str; default = ["DejaVu Serif"]; - description = lib.mdDoc '' + description = '' System-wide default serif font(s). Multiple fonts may be listed in case multiple languages must be supported. ''; @@ -346,7 +346,7 @@ in emoji = mkOption { type = types.listOf types.str; default = ["Noto Color Emoji"]; - description = lib.mdDoc '' + description = '' System-wide default emoji font(s). Multiple fonts may be listed in case a font does not support all emoji. @@ -363,7 +363,7 @@ in enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Enable font hinting. Hinting aligns glyphs to pixel boundaries to improve rendering sharpness at low resolution. At high resolution (> 200 dpi) hinting will do nothing (at best); users of such @@ -374,7 +374,7 @@ in autohint = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable the autohinter in place of the default interpreter. The results are usually lower quality than correctly-hinted fonts, but better than unhinted fonts. @@ -384,7 +384,7 @@ in style = mkOption { type = types.enum ["none" "slight" "medium" "full"]; default = "slight"; - description = lib.mdDoc '' + description = '' Hintstyle is the amount of font reshaping done to line up to the grid. @@ -407,7 +407,7 @@ in includeUserConf = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Include the user configuration from {file}`~/.config/fontconfig/fonts.conf` or {file}`~/.config/fontconfig/conf.d`. @@ -419,7 +419,7 @@ in rgba = mkOption { default = "none"; type = types.enum ["rgb" "bgr" "vrgb" "vbgr" "none"]; - description = lib.mdDoc '' + description = '' Subpixel order. The overwhelming majority of displays are `rgb` in their normal orientation. Select `vrgb` for mounting such a display 90 degrees @@ -435,7 +435,7 @@ in lcdfilter = mkOption { default = "default"; type = types.enum ["none" "default" "light" "legacy"]; - description = lib.mdDoc '' + description = '' FreeType LCD filter. At high resolution (> 200 DPI), LCD filtering has no visible effect; users of such displays may want to select `none`. @@ -447,7 +447,7 @@ in cache32Bit = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Generate system fonts cache for 32-bit applications. ''; }; @@ -455,7 +455,7 @@ in allowBitmaps = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Allow bitmap fonts. Set to `false` to ban all bitmap fonts. ''; @@ -464,7 +464,7 @@ in allowType1 = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Allow Type-1 fonts. Default is `false` because of poor rendering. ''; @@ -473,7 +473,7 @@ in useEmbeddedBitmaps = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Use embedded bitmaps in fonts like Calibri."; + description = "Use embedded bitmaps in fonts like Calibri."; }; }; diff --git a/nixpkgs/nixos/modules/config/fonts/fontdir.nix b/nixpkgs/nixos/modules/config/fonts/fontdir.nix index 3b5eaf5b2d7f..7b21fe30f607 100644 --- a/nixpkgs/nixos/modules/config/fonts/fontdir.nix +++ b/nixpkgs/nixos/modules/config/fonts/fontdir.nix @@ -30,7 +30,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to create a directory with links to all fonts in {file}`/run/current-system/sw/share/X11/fonts`. ''; @@ -40,7 +40,7 @@ in type = types.bool; default = config.programs.xwayland.enable; defaultText = literalExpression "config.programs.xwayland.enable"; - description = lib.mdDoc '' + description = '' Whether to decompress fonts in {file}`/run/current-system/sw/share/X11/fonts`. ''; diff --git a/nixpkgs/nixos/modules/config/fonts/ghostscript.nix b/nixpkgs/nixos/modules/config/fonts/ghostscript.nix index c41fcdaaa329..a5508b948990 100644 --- a/nixpkgs/nixos/modules/config/fonts/ghostscript.nix +++ b/nixpkgs/nixos/modules/config/fonts/ghostscript.nix @@ -7,7 +7,7 @@ with lib; fonts.enableGhostscriptFonts = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to add the fonts provided by Ghostscript (such as various URW fonts and the “Base-14” Postscript fonts) to the list of system fonts, making them available to X11 diff --git a/nixpkgs/nixos/modules/config/fonts/packages.nix b/nixpkgs/nixos/modules/config/fonts/packages.nix index 37b705ecb345..36eaa5791d67 100644 --- a/nixpkgs/nixos/modules/config/fonts/packages.nix +++ b/nixpkgs/nixos/modules/config/fonts/packages.nix @@ -16,13 +16,13 @@ in type = with lib.types; listOf path; default = []; example = lib.literalExpression "[ pkgs.dejavu_fonts ]"; - description = lib.mdDoc "List of primary font packages."; + description = "List of primary font packages."; }; enableDefaultPackages = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable a basic set of fonts providing several styles and families and reasonable coverage of Unicode. ''; diff --git a/nixpkgs/nixos/modules/config/gtk/gtk-icon-cache.nix b/nixpkgs/nixos/modules/config/gtk/gtk-icon-cache.nix index 62f0cc3f090f..0898260d4a59 100644 --- a/nixpkgs/nixos/modules/config/gtk/gtk-icon-cache.nix +++ b/nixpkgs/nixos/modules/config/gtk/gtk-icon-cache.nix @@ -7,7 +7,7 @@ with lib; type = types.bool; default = config.services.xserver.enable; defaultText = literalExpression "config.services.xserver.enable"; - description = lib.mdDoc '' + description = '' Whether to build icon theme caches for GTK applications. ''; }; diff --git a/nixpkgs/nixos/modules/config/i18n.nix b/nixpkgs/nixos/modules/config/i18n.nix index b19d38091e75..9d2d3c23beb3 100644 --- a/nixpkgs/nixos/modules/config/i18n.nix +++ b/nixpkgs/nixos/modules/config/i18n.nix @@ -21,7 +21,7 @@ with lib; } ''; example = literalExpression "pkgs.glibcLocales"; - description = lib.mdDoc '' + description = '' Customized pkg.glibcLocales package. Changing this option can disable handling of i18n.defaultLocale @@ -33,7 +33,7 @@ with lib; type = types.str; default = "en_US.UTF-8"; example = "nl_NL.UTF-8"; - description = lib.mdDoc '' + description = '' The default locale. It determines the language for program messages, the format for dates and times, sort order, and so on. It also determines the character set, such as UTF-8. @@ -44,7 +44,7 @@ with lib; type = types.attrsOf types.str; default = {}; example = { LC_MESSAGES = "en_US.UTF-8"; LC_TIME = "de_DE.UTF-8"; }; - description = lib.mdDoc '' + description = '' A set of additional system-wide locale settings other than `LANG` which can be configured with {option}`i18n.defaultLocale`. @@ -72,7 +72,7 @@ with lib; )) ''; example = ["en_US.UTF-8/UTF-8" "nl_NL.UTF-8/UTF-8" "nl_NL/ISO-8859-1"]; - description = lib.mdDoc '' + description = '' List of locales that the system should support. The value `"all"` means that all locales supported by Glibc will be installed. A full list of supported locales diff --git a/nixpkgs/nixos/modules/config/iproute2.nix b/nixpkgs/nixos/modules/config/iproute2.nix index 0cde57b759be..90f53c0eab69 100644 --- a/nixpkgs/nixos/modules/config/iproute2.nix +++ b/nixpkgs/nixos/modules/config/iproute2.nix @@ -7,11 +7,11 @@ let in { options.networking.iproute2 = { - enable = mkEnableOption (lib.mdDoc "copying IP route configuration files"); + enable = mkEnableOption "copying IP route configuration files"; rttablesExtraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Verbatim lines to add to /etc/iproute2/rt_tables ''; }; diff --git a/nixpkgs/nixos/modules/config/ldap.nix b/nixpkgs/nixos/modules/config/ldap.nix index e374e4a7a27e..7f79db8d0a60 100644 --- a/nixpkgs/nixos/modules/config/ldap.nix +++ b/nixpkgs/nixos/modules/config/ldap.nix @@ -59,36 +59,36 @@ in users.ldap = { - enable = mkEnableOption (lib.mdDoc "authentication against an LDAP server"); + enable = mkEnableOption "authentication against an LDAP server"; loginPam = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to include authentication against LDAP in login PAM."; + description = "Whether to include authentication against LDAP in login PAM."; }; nsswitch = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to include lookup against LDAP in NSS."; + description = "Whether to include lookup against LDAP in NSS."; }; server = mkOption { type = types.str; example = "ldap://ldap.example.org/"; - description = lib.mdDoc "The URL of the LDAP server."; + description = "The URL of the LDAP server."; }; base = mkOption { type = types.str; example = "dc=example,dc=org"; - description = lib.mdDoc "The distinguished name of the search base."; + description = "The distinguished name of the search base."; }; useTLS = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' If enabled, use TLS (encryption) over an LDAP (port 389) connection. The alternative is to specify an LDAPS server (port 636) in {option}`users.ldap.server` or to forego @@ -99,7 +99,7 @@ in timeLimit = mkOption { default = 0; type = types.int; - description = lib.mdDoc '' + description = '' Specifies the time limit (in seconds) to use when performing searches. A value of zero (0), which is the default, is to wait indefinitely for searches to be completed. @@ -110,7 +110,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to let the nslcd daemon (nss-pam-ldapd) handle the LDAP lookups for NSS and PAM. This can improve performance, and if you need to bind to the LDAP server with a password, @@ -125,17 +125,17 @@ in extraConfig = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Extra configuration options that will be added verbatim at the end of the nslcd configuration file (`nslcd.conf(5)`). - '' ; + ''; } ; rootpwmoddn = mkOption { default = ""; example = "cn=admin,dc=example,dc=com"; type = types.str; - description = lib.mdDoc '' + description = '' The distinguished name to use to bind to the LDAP server when the root user tries to modify a user's password. ''; @@ -145,7 +145,7 @@ in default = ""; example = "/run/keys/nslcd.rootpwmodpw"; type = types.str; - description = lib.mdDoc '' + description = '' The path to a file containing the credentials with which to bind to the LDAP server if the root user tries to change a user's password. ''; @@ -157,7 +157,7 @@ in default = ""; example = "cn=admin,dc=example,dc=com"; type = types.str; - description = lib.mdDoc '' + description = '' The distinguished name to bind to the LDAP server with. If this is not specified, an anonymous bind will be done. ''; @@ -166,7 +166,7 @@ in passwordFile = mkOption { default = "/etc/ldap/bind.password"; type = types.str; - description = lib.mdDoc '' + description = '' The path to a file containing the credentials to use when binding to the LDAP server (if not binding anonymously). ''; @@ -175,7 +175,7 @@ in timeLimit = mkOption { default = 30; type = types.int; - description = lib.mdDoc '' + description = '' Specifies the time limit (in seconds) to use when connecting to the directory server. This is distinct from the time limit specified in {option}`users.ldap.timeLimit` and affects @@ -186,7 +186,7 @@ in policy = mkOption { default = "hard_open"; type = types.enum [ "hard_open" "hard_init" "soft" ]; - description = lib.mdDoc '' + description = '' Specifies the policy to use for reconnecting to an unavailable LDAP server. The default is `hard_open`, which reconnects if opening the connection to the directory server @@ -205,13 +205,13 @@ in extraConfig = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Extra configuration options that will be added verbatim at the end of the ldap configuration file (`ldap.conf(5)`). If {option}`users.ldap.daemon` is enabled, this configuration will not be used. In that case, use {option}`users.ldap.daemon.extraConfig` instead. - '' ; + ''; }; }; diff --git a/nixpkgs/nixos/modules/config/ldso.nix b/nixpkgs/nixos/modules/config/ldso.nix index bd6f0dc5a83b..60156dd04098 100644 --- a/nixpkgs/nixos/modules/config/ldso.nix +++ b/nixpkgs/nixos/modules/config/ldso.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: let - inherit (lib) last splitString mkOption types mdDoc optionals; + inherit (lib) last splitString mkOption types optionals; libDir = pkgs.stdenv.hostPlatform.libDir; ldsoBasename = builtins.unsafeDiscardStringContext (last (splitString "/" pkgs.stdenv.cc.bintools.dynamicLinker)); @@ -14,7 +14,7 @@ in { environment.ldso = mkOption { type = types.nullOr types.path; default = null; - description = mdDoc '' + description = '' The executable to link into the normal FHS location of the ELF loader. ''; }; @@ -22,7 +22,7 @@ in { environment.ldso32 = mkOption { type = types.nullOr types.path; default = null; - description = mdDoc '' + description = '' The executable to link into the normal FHS location of the 32-bit ELF loader. This currently only works on x86_64 architectures. diff --git a/nixpkgs/nixos/modules/config/locale.nix b/nixpkgs/nixos/modules/config/locale.nix index 7716e121c712..486246081ec6 100644 --- a/nixpkgs/nixos/modules/config/locale.nix +++ b/nixpkgs/nixos/modules/config/locale.nix @@ -22,7 +22,7 @@ in default = null; type = timezone; example = "America/New_York"; - description = lib.mdDoc '' + description = '' The time zone used when displaying times and dates. See <https://en.wikipedia.org/wiki/List_of_tz_database_time_zones> for a comprehensive list of possible values for this setting. @@ -34,7 +34,7 @@ in hardwareClockInLocalTime = mkOption { default = false; type = types.bool; - description = lib.mdDoc "If set, keep the hardware clock in local time instead of UTC."; + description = "If set, keep the hardware clock in local time instead of UTC."; }; }; @@ -43,7 +43,7 @@ in latitude = mkOption { type = types.float; - description = lib.mdDoc '' + description = '' Your current latitude, between `-90.0` and `90.0`. Must be provided along with longitude. @@ -52,7 +52,7 @@ in longitude = mkOption { type = types.float; - description = lib.mdDoc '' + description = '' Your current longitude, between between `-180.0` and `180.0`. Must be provided along with latitude. @@ -62,7 +62,7 @@ in provider = mkOption { type = types.enum [ "manual" "geoclue2" ]; default = "manual"; - description = lib.mdDoc '' + description = '' The location provider to use for determining your location. If set to `manual` you must also provide latitude/longitude. ''; diff --git a/nixpkgs/nixos/modules/config/malloc.nix b/nixpkgs/nixos/modules/config/malloc.nix index 043f78c8214e..e414970b0be5 100644 --- a/nixpkgs/nixos/modules/config/malloc.nix +++ b/nixpkgs/nixos/modules/config/malloc.nix @@ -9,8 +9,23 @@ let graphene-hardened = { libPath = "${pkgs.graphene-hardened-malloc}/lib/libhardened_malloc.so"; description = '' - An allocator designed to mitigate memory corruption attacks, such as - those caused by use-after-free bugs. + Hardened memory allocator coming from GrapheneOS project. + The default configuration template has all normal optional security + features enabled and is quite aggressive in terms of sacrificing + performance and memory usage for security. + ''; + }; + + graphene-hardened-light = { + libPath = "${pkgs.graphene-hardened-malloc}/lib/libhardened_malloc-light.so"; + description = '' + Hardened memory allocator coming from GrapheneOS project. + The light configuration template disables the slab quarantines, + write after free check, slot randomization and raises the guard + slab interval from 1 to 8 but leaves zero-on-free and slab canaries enabled. + The light configuration has solid performance and memory usage while still + being far more secure than mainstream allocators with much better security + properties. ''; }; @@ -77,7 +92,7 @@ in environment.memoryAllocator.provider = mkOption { type = types.enum ([ "libc" ] ++ attrNames providers); default = "libc"; - description = lib.mdDoc '' + description = '' The system-wide memory allocator. Briefly, the system-wide memory allocator providers are: diff --git a/nixpkgs/nixos/modules/config/mysql.nix b/nixpkgs/nixos/modules/config/mysql.nix index 4f72d22c4f0e..e1f9e223cc59 100644 --- a/nixpkgs/nixos/modules/config/mysql.nix +++ b/nixpkgs/nixos/modules/config/mysql.nix @@ -10,41 +10,41 @@ in options = { users.mysql = { - enable = mkEnableOption (lib.mdDoc "Authentication against a MySQL/MariaDB database"); + enable = mkEnableOption "authentication against a MySQL/MariaDB database"; host = mkOption { type = types.str; example = "localhost"; - description = lib.mdDoc "The hostname of the MySQL/MariaDB server"; + description = "The hostname of the MySQL/MariaDB server"; }; database = mkOption { type = types.str; example = "auth"; - description = lib.mdDoc "The name of the database containing the users"; + description = "The name of the database containing the users"; }; user = mkOption { type = types.str; example = "nss-user"; - description = lib.mdDoc "The username to use when connecting to the database"; + description = "The username to use when connecting to the database"; }; passwordFile = mkOption { type = types.path; example = "/run/secrets/mysql-auth-db-passwd"; - description = lib.mdDoc "The path to the file containing the password for the user"; + description = "The path to the file containing the password for the user"; }; pam = mkOption { - description = lib.mdDoc "Settings for `pam_mysql`"; + description = "Settings for `pam_mysql`"; type = types.submodule { options = { table = mkOption { type = types.str; example = "users"; - description = lib.mdDoc "The name of table that maps unique login names to the passwords."; + description = "The name of table that maps unique login names to the passwords."; }; updateTable = mkOption { type = types.nullOr types.str; default = null; example = "users_updates"; - description = lib.mdDoc '' + description = '' The name of the table used for password alteration. If not defined, the value of the `table` option will be used instead. ''; @@ -52,18 +52,18 @@ in userColumn = mkOption { type = types.str; example = "username"; - description = lib.mdDoc "The name of the column that contains a unix login name."; + description = "The name of the column that contains a unix login name."; }; passwordColumn = mkOption { type = types.str; example = "password"; - description = lib.mdDoc "The name of the column that contains a (encrypted) password string."; + description = "The name of the column that contains a (encrypted) password string."; }; statusColumn = mkOption { type = types.nullOr types.str; default = null; example = "status"; - description = lib.mdDoc '' + description = '' The name of the column or an SQL expression that indicates the status of the user. The status is expressed by the combination of two bitfields shown below: @@ -93,7 +93,7 @@ in "8" "sha512" "9" "sha256" ]; - description = lib.mdDoc '' + description = '' The method to encrypt the user's password: - `0` (or `"plain"`): @@ -125,18 +125,18 @@ in type = types.nullOr (types.enum [ "md5" "sha256" "sha512" "blowfish" ]); default = null; example = "blowfish"; - description = lib.mdDoc "The default encryption method to use for `passwordCrypt = 1`."; + description = "The default encryption method to use for `passwordCrypt = 1`."; }; where = mkOption { type = types.nullOr types.str; default = null; example = "host.name='web' AND user.active=1"; - description = lib.mdDoc "Additional criteria for the query."; + description = "Additional criteria for the query."; }; verbose = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' If enabled, produces logs with detailed messages that describes what `pam_mysql` is doing. May be useful for debugging. ''; @@ -144,7 +144,7 @@ in disconnectEveryOperation = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' By default, `pam_mysql` keeps the connection to the MySQL database until the session is closed. If this option is set to true it disconnects every time the PAM operation has finished. This option may @@ -155,17 +155,17 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enables logging of authentication attempts in the MySQL database."; + description = "Enables logging of authentication attempts in the MySQL database."; }; table = mkOption { type = types.str; example = "logs"; - description = lib.mdDoc "The name of the table to which logs are written."; + description = "The name of the table to which logs are written."; }; msgColumn = mkOption { type = types.str; example = "msg"; - description = lib.mdDoc '' + description = '' The name of the column in the log table to which the description of the performed operation is stored. ''; @@ -173,7 +173,7 @@ in userColumn = mkOption { type = types.str; example = "user"; - description = lib.mdDoc '' + description = '' The name of the column in the log table to which the name of the user being authenticated is stored. ''; @@ -181,7 +181,7 @@ in pidColumn = mkOption { type = types.str; example = "pid"; - description = lib.mdDoc '' + description = '' The name of the column in the log table to which the pid of the process utilising the `pam_mysql` authentication service is stored. @@ -190,7 +190,7 @@ in hostColumn = mkOption { type = types.str; example = "host"; - description = lib.mdDoc '' + description = '' The name of the column in the log table to which the name of the user being authenticated is stored. ''; @@ -198,7 +198,7 @@ in rHostColumn = mkOption { type = types.str; example = "rhost"; - description = lib.mdDoc '' + description = '' The name of the column in the log table to which the name of the remote host that initiates the session is stored. The value is supposed to be set by the PAM-aware application with `pam_set_item(PAM_RHOST)`. @@ -207,7 +207,7 @@ in timeColumn = mkOption { type = types.str; example = "timestamp"; - description = lib.mdDoc '' + description = '' The name of the column in the log table to which the timestamp of the log entry is stored. ''; @@ -217,7 +217,7 @@ in }; }; nss = mkOption { - description = lib.mdDoc '' + description = '' Settings for `libnss-mysql`. All examples are from the [minimal example](https://github.com/saknopper/libnss-mysql/tree/master/sample/minimal) @@ -234,7 +234,7 @@ in WHERE username='%1$s' \ LIMIT 1 ''; - description = lib.mdDoc '' + description = '' SQL query for the [getpwnam](https://man7.org/linux/man-pages/man3/getpwnam.3.html) syscall. ''; @@ -248,7 +248,7 @@ in WHERE uid='%1$u' \ LIMIT 1 ''; - description = lib.mdDoc '' + description = '' SQL query for the [getpwuid](https://man7.org/linux/man-pages/man3/getpwuid.3.html) syscall. ''; @@ -262,7 +262,7 @@ in WHERE username='%1$s' \ LIMIT 1 ''; - description = lib.mdDoc '' + description = '' SQL query for the [getspnam](https://man7.org/linux/man-pages/man3/getspnam.3.html) syscall. ''; @@ -273,7 +273,7 @@ in example = literalExpression '' SELECT username,'x',uid,'5000','MySQL User', CONCAT('/home/',username),'/run/sw/current-system/bin/bash' FROM users ''; - description = lib.mdDoc '' + description = '' SQL query for the [getpwent](https://man7.org/linux/man-pages/man3/getpwent.3.html) syscall. ''; @@ -284,7 +284,7 @@ in example = literalExpression '' SELECT username,password,'1','0','99999','0','0','-1','0' FROM users ''; - description = lib.mdDoc '' + description = '' SQL query for the [getspent](https://man7.org/linux/man-pages/man3/getspent.3.html) syscall. ''; @@ -295,7 +295,7 @@ in example = literalExpression '' SELECT name,password,gid FROM groups WHERE name='%1$s' LIMIT 1 ''; - description = lib.mdDoc '' + description = '' SQL query for the [getgrnam](https://man7.org/linux/man-pages/man3/getgrnam.3.html) syscall. ''; @@ -306,7 +306,7 @@ in example = literalExpression '' SELECT name,password,gid FROM groups WHERE gid='%1$u' LIMIT 1 ''; - description = lib.mdDoc '' + description = '' SQL query for the [getgrgid](https://man7.org/linux/man-pages/man3/getgrgid.3.html) syscall. ''; @@ -317,7 +317,7 @@ in example = literalExpression '' SELECT name,password,gid FROM groups ''; - description = lib.mdDoc '' + description = '' SQL query for the [getgrent](https://man7.org/linux/man-pages/man3/getgrent.3.html) syscall. ''; @@ -328,7 +328,7 @@ in example = literalExpression '' SELECT username FROM grouplist WHERE gid='%1$u' ''; - description = lib.mdDoc '' + description = '' SQL query for the [memsbygid](https://man7.org/linux/man-pages/man3/memsbygid.3.html) syscall. ''; @@ -339,7 +339,7 @@ in example = literalExpression '' SELECT gid FROM grouplist WHERE username='%1$s' ''; - description = lib.mdDoc '' + description = '' SQL query for the [gidsbymem](https://man7.org/linux/man-pages/man3/gidsbymem.3.html) syscall. ''; diff --git a/nixpkgs/nixos/modules/config/networking.nix b/nixpkgs/nixos/modules/config/networking.nix index fc910fee94bf..96cd03ea8b15 100644 --- a/nixpkgs/nixos/modules/config/networking.nix +++ b/nixpkgs/nixos/modules/config/networking.nix @@ -28,7 +28,7 @@ in "192.168.0.2" = [ "fileserver.local" "nameserver.local" ]; }; ''; - description = lib.mdDoc '' + description = '' Locally defined maps of hostnames to IP addresses. ''; }; @@ -37,7 +37,7 @@ in type = types.listOf types.path; defaultText = literalMD "Hosts from {option}`networking.hosts` and {option}`networking.extraHosts`"; example = literalExpression ''[ "''${pkgs.my-blocklist-package}/share/my-blocklist/hosts" ]''; - description = lib.mdDoc '' + description = '' Files that should be concatenated together to form {file}`/etc/hosts`. ''; }; @@ -46,7 +46,7 @@ in type = types.lines; default = ""; example = "192.168.0.1 lanlocalhost"; - description = lib.mdDoc '' + description = '' Additional verbatim entries to be appended to {file}`/etc/hosts`. For adding hosts from derivation results, use {option}`networking.hostFiles` instead. ''; @@ -60,7 +60,7 @@ in "3.nixos.pool.ntp.org" ]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' The set of NTP servers from which to synchronise. ''; }; @@ -70,7 +70,7 @@ in default = lib.mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' This option specifies the default value for httpProxy, httpsProxy, ftpProxy and rsyncProxy. ''; example = "http://127.0.0.1:3128"; @@ -80,7 +80,7 @@ in type = types.nullOr types.str; default = cfg.proxy.default; defaultText = literalExpression "config.${opt.proxy.default}"; - description = lib.mdDoc '' + description = '' This option specifies the http_proxy environment variable. ''; example = "http://127.0.0.1:3128"; @@ -90,7 +90,7 @@ in type = types.nullOr types.str; default = cfg.proxy.default; defaultText = literalExpression "config.${opt.proxy.default}"; - description = lib.mdDoc '' + description = '' This option specifies the https_proxy environment variable. ''; example = "http://127.0.0.1:3128"; @@ -100,7 +100,7 @@ in type = types.nullOr types.str; default = cfg.proxy.default; defaultText = literalExpression "config.${opt.proxy.default}"; - description = lib.mdDoc '' + description = '' This option specifies the ftp_proxy environment variable. ''; example = "http://127.0.0.1:3128"; @@ -110,7 +110,7 @@ in type = types.nullOr types.str; default = cfg.proxy.default; defaultText = literalExpression "config.${opt.proxy.default}"; - description = lib.mdDoc '' + description = '' This option specifies the rsync_proxy environment variable. ''; example = "http://127.0.0.1:3128"; @@ -120,7 +120,7 @@ in type = types.nullOr types.str; default = cfg.proxy.default; defaultText = literalExpression "config.${opt.proxy.default}"; - description = lib.mdDoc '' + description = '' This option specifies the all_proxy environment variable. ''; example = "http://127.0.0.1:3128"; @@ -129,7 +129,7 @@ in noProxy = lib.mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' This option specifies the no_proxy environment variable. If a default proxy is used and noProxy is null, then noProxy will be set to 127.0.0.1,localhost. @@ -141,7 +141,7 @@ in type = types.attrs; internal = true; default = {}; - description = lib.mdDoc '' + description = '' Environment variables used for the network proxy. ''; }; diff --git a/nixpkgs/nixos/modules/config/nix-channel.nix b/nixpkgs/nixos/modules/config/nix-channel.nix index dd97cb730ae4..6498ce6c469c 100644 --- a/nixpkgs/nixos/modules/config/nix-channel.nix +++ b/nixpkgs/nixos/modules/config/nix-channel.nix @@ -23,7 +23,7 @@ in nix = { channel = { enable = mkOption { - description = lib.mdDoc '' + description = '' Whether the `nix-channel` command and state files are made available on the machine. The following files are initialized when enabled: @@ -57,7 +57,7 @@ in ] else []; ''; - description = lib.mdDoc '' + description = '' The default Nix expression search path, used by the Nix evaluator to look up paths enclosed in angle brackets (e.g. `<nixpkgs>`). @@ -70,7 +70,7 @@ in internal = true; type = types.str; default = "https://nixos.org/channels/nixos-unstable"; - description = lib.mdDoc "Default NixOS channel to which the root user is subscribed."; + description = "Default NixOS channel to which the root user is subscribed."; }; }; }; diff --git a/nixpkgs/nixos/modules/config/nix-flakes.nix b/nixpkgs/nixos/modules/config/nix-flakes.nix index 242d8d3b82b7..d6c31735a6ca 100644 --- a/nixpkgs/nixos/modules/config/nix-flakes.nix +++ b/nixpkgs/nixos/modules/config/nix-flakes.nix @@ -40,25 +40,25 @@ in from = mkOption { type = referenceAttrs; example = { type = "indirect"; id = "nixpkgs"; }; - description = lib.mdDoc "The flake reference to be rewritten."; + description = "The flake reference to be rewritten."; }; to = mkOption { type = referenceAttrs; example = { type = "github"; owner = "my-org"; repo = "my-nixpkgs"; }; - description = lib.mdDoc "The flake reference {option}`from` is rewritten to."; + description = "The flake reference {option}`from` is rewritten to."; }; flake = mkOption { type = types.nullOr types.attrs; default = null; example = literalExpression "nixpkgs"; - description = lib.mdDoc '' + description = '' The flake input {option}`from` is rewritten to. ''; }; exact = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether the {option}`from` reference needs to match exactly. If set, a {option}`from` reference like `nixpkgs` does not match with a reference like `nixpkgs/nixos-20.03`. @@ -79,7 +79,7 @@ in } )); default = { }; - description = lib.mdDoc '' + description = '' A system-wide flake registry. ''; }; diff --git a/nixpkgs/nixos/modules/config/nix-remote-build.nix b/nixpkgs/nixos/modules/config/nix-remote-build.nix index 98c8fc06d2ee..e8aa438a262d 100644 --- a/nixpkgs/nixos/modules/config/nix-remote-build.nix +++ b/nixpkgs/nixos/modules/config/nix-remote-build.nix @@ -58,7 +58,7 @@ in hostName = mkOption { type = types.str; example = "nixbuilder.example.org"; - description = lib.mdDoc '' + description = '' The hostname of the build machine. ''; }; @@ -66,7 +66,7 @@ in type = types.enum [ null "ssh" "ssh-ng" ]; default = "ssh"; example = "ssh-ng"; - description = lib.mdDoc '' + description = '' The protocol used for communicating with the build machine. Use `ssh-ng` if your remote builder and your local Nix version support that improved protocol. @@ -79,7 +79,7 @@ in type = types.nullOr types.str; default = null; example = "x86_64-linux"; - description = lib.mdDoc '' + description = '' The system type the build machine can execute derivations on. Either this attribute or {var}`systems` must be present, where {var}`system` takes precedence if @@ -90,7 +90,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "x86_64-linux" "aarch64-linux" ]; - description = lib.mdDoc '' + description = '' The system types the build machine can execute derivations on. Either this attribute or {var}`system` must be present, where {var}`system` takes precedence if @@ -101,7 +101,7 @@ in type = types.nullOr types.str; default = null; example = "builder"; - description = lib.mdDoc '' + description = '' The username to log in as on the remote host. This user must be able to log in and run nix commands non-interactively. It must also be privileged to build derivations, so must be included in @@ -112,7 +112,7 @@ in type = types.nullOr types.str; default = null; example = "/root/.ssh/id_buildhost_builduser"; - description = lib.mdDoc '' + description = '' The path to the SSH private key with which to authenticate on the build machine. The private key must not have a passphrase. If null, the building user (root on NixOS machines) must have an @@ -125,7 +125,7 @@ in maxJobs = mkOption { type = types.int; default = 1; - description = lib.mdDoc '' + description = '' The number of concurrent jobs the build machine supports. The build machine will enforce its own limits, but this allows hydra to schedule better since there is no work-stealing between build @@ -135,7 +135,7 @@ in speedFactor = mkOption { type = types.int; default = 1; - description = lib.mdDoc '' + description = '' The relative speed of this builder. This is an arbitrary integer that indicates the speed of this builder, relative to other builders. Higher is faster. @@ -145,7 +145,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "big-parallel" ]; - description = lib.mdDoc '' + description = '' A list of features mandatory for this builder. The builder will be ignored for derivations that don't require all features in this list. All mandatory features are automatically included in @@ -156,7 +156,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "kvm" "big-parallel" ]; - description = lib.mdDoc '' + description = '' A list of features supported by this builder. The builder will be ignored for derivations that require features not in this list. @@ -165,7 +165,7 @@ in publicHostKey = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The (base64-encoded) public host key of this builder. The field is calculated via {command}`base64 -w0 /etc/ssh/ssh_host_type_key.pub`. If null, SSH will use its regular known-hosts file when connecting. @@ -174,7 +174,7 @@ in }; }); default = [ ]; - description = lib.mdDoc '' + description = '' This option lists the machines to be used if distributed builds are enabled (see {option}`nix.distributedBuilds`). Nix will perform derivations on those machines via SSH by copying the @@ -186,7 +186,7 @@ in distributedBuilds = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to distribute builds to the machines listed in {option}`nix.buildMachines`. ''; diff --git a/nixpkgs/nixos/modules/config/nix.nix b/nixpkgs/nixos/modules/config/nix.nix index a40953a3a3c9..b5fe0a3bd1ce 100644 --- a/nixpkgs/nixos/modules/config/nix.nix +++ b/nixpkgs/nixos/modules/config/nix.nix @@ -154,7 +154,7 @@ in checkConfig = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' If enabled, checks that Nix can parse the generated nix.conf. ''; }; @@ -162,7 +162,7 @@ in checkAllErrors = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' If enabled, checks the nix.conf parsing for any kind of error. When disabled, checks only for unknown settings. ''; }; @@ -174,7 +174,7 @@ in keep-outputs = true keep-derivations = true ''; - description = lib.mdDoc "Additional text appended to {file}`nix.conf`."; + description = "Additional text appended to {file}`nix.conf`."; }; settings = mkOption { @@ -186,7 +186,7 @@ in type = types.either types.int (types.enum [ "auto" ]); default = "auto"; example = 64; - description = lib.mdDoc '' + description = '' This option defines the maximum number of jobs that Nix will try to build in parallel. The default is auto, which means it will use all available logical cores. It is recommend to set it to the total @@ -199,7 +199,7 @@ in type = types.bool; default = false; example = true; - description = lib.mdDoc '' + description = '' If set to true, Nix automatically detects files in the store that have identical contents, and replaces them with hard links to a single copy. This saves disk space. If set to false (the default), you can still run @@ -211,7 +211,7 @@ in type = types.int; default = 0; example = 64; - description = lib.mdDoc '' + description = '' This option defines the maximum number of concurrent tasks during one build. It affects, e.g., -j option for make. The special value 0 means that the builder should use all @@ -224,7 +224,7 @@ in sandbox = mkOption { type = types.either types.bool (types.enum [ "relaxed" ]); default = true; - description = lib.mdDoc '' + description = '' If set, Nix will perform builds in a sandboxed environment that it will set up automatically for each build. This prevents impurities in builds by disallowing access to dependencies outside of the Nix @@ -247,7 +247,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "/dev" "/proc" ]; - description = lib.mdDoc '' + description = '' Directories from the host filesystem to be included in the sandbox. ''; @@ -255,7 +255,7 @@ in substituters = mkOption { type = types.listOf types.str; - description = lib.mdDoc '' + description = '' List of binary cache URLs used to obtain pre-built binaries of Nix packages. @@ -267,7 +267,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "https://hydra.nixos.org/" ]; - description = lib.mdDoc '' + description = '' List of binary cache URLs that non-root users can use (in addition to those specified using {option}`nix.settings.substituters`) by passing @@ -278,7 +278,7 @@ in require-sigs = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' If enabled (the default), Nix will only download binaries from binary caches if they are cryptographically signed with any of the keys listed in {option}`nix.settings.trusted-public-keys`. If disabled, signatures are neither @@ -290,7 +290,7 @@ in trusted-public-keys = mkOption { type = types.listOf types.str; example = [ "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" ]; - description = lib.mdDoc '' + description = '' List of public keys used to sign binary caches. If {option}`nix.settings.trusted-public-keys` is enabled, then Nix will use a binary from a binary cache if and only @@ -304,7 +304,7 @@ in type = types.listOf types.str; default = [ "root" ]; example = [ "root" "alice" "@wheel" ]; - description = lib.mdDoc '' + description = '' A list of names of users that have additional rights when connecting to the Nix daemon, such as the ability to specify additional binary caches, or to import unsigned NARs. You @@ -318,7 +318,7 @@ in system-features = mkOption { type = types.listOf types.str; example = [ "kvm" "big-parallel" "gccarch-skylake" ]; - description = lib.mdDoc '' + description = '' The set of features supported by the machine. Derivations can express dependencies on system features through the `requiredSystemFeatures` attribute. @@ -333,7 +333,7 @@ in type = types.listOf types.str; default = [ "*" ]; example = [ "@wheel" "@builders" "alice" "bob" ]; - description = lib.mdDoc '' + description = '' A list of names of users (separated by whitespace) that are allowed to connect to the Nix daemon. As with {option}`nix.settings.trusted-users`, you can specify groups by @@ -355,7 +355,7 @@ in sandbox-paths = [ "/bin/sh=''${pkgs.busybox-sandbox-shell.out}/bin/busybox" ]; } ''; - description = lib.mdDoc '' + description = '' Configuration for Nix, see <https://nixos.org/manual/nix/stable/command-ref/conf-file.html> or {manpage}`nix.conf(5)` for available options. diff --git a/nixpkgs/nixos/modules/config/no-x-libs.nix b/nixpkgs/nixos/modules/config/no-x-libs.nix index fea6e0c4110b..1d7976cef36a 100644 --- a/nixpkgs/nixos/modules/config/no-x-libs.nix +++ b/nixpkgs/nixos/modules/config/no-x-libs.nix @@ -10,7 +10,7 @@ with lib; environment.noXlibs = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Switch off the options in the default configuration that require X11 libraries. This includes client-side font configuration and SSH forwarding of X11 authentication @@ -31,8 +31,11 @@ with lib; cairo = super.cairo.override { x11Support = false; }; dbus = super.dbus.override { x11Support = false; }; fastfetch = super.fastfetch.override { vulkanSupport = false; waylandSupport = false; x11Support = false; }; + ffmpeg = super.ffmpeg.override { ffmpegVariant = "headless"; }; ffmpeg_4 = super.ffmpeg_4.override { ffmpegVariant = "headless"; }; ffmpeg_5 = super.ffmpeg_5.override { ffmpegVariant = "headless"; }; + ffmpeg_6 = super.ffmpeg_6.override { ffmpegVariant = "headless"; }; + ffmpeg_7 = super.ffmpeg_7.override { ffmpegVariant = "headless"; }; # dep of graphviz, libXpm is optional for Xpm support gd = super.gd.override { withXorg = false; }; ghostscript = super.ghostscript.override { cupsSupport = false; x11Support = false; }; @@ -44,7 +47,7 @@ with lib; gst_all_1 = super.gst_all_1 // { gst-plugins-bad = super.gst_all_1.gst-plugins-bad.override { guiSupport = false; }; gst-plugins-base = super.gst_all_1.gst-plugins-base.override { enableWayland = false; enableX11 = false; }; - gst-plugins-good = super.gst_all_1.gst-plugins-good.override { enableX11 = false; }; + gst-plugins-good = super.gst_all_1.gst-plugins-good.override { enableWayland = false; enableX11 = false; gtkSupport = false; qt5Support = false; qt6Support = false; }; }; imagemagick = super.imagemagick.override { libX11Support = false; libXtSupport = false; }; imagemagickBig = super.imagemagickBig.override { libX11Support = false; libXtSupport = false; }; diff --git a/nixpkgs/nixos/modules/config/nsswitch.nix b/nixpkgs/nixos/modules/config/nsswitch.nix index b004072813bd..c7ba9b8eec6a 100644 --- a/nixpkgs/nixos/modules/config/nsswitch.nix +++ b/nixpkgs/nixos/modules/config/nsswitch.nix @@ -13,7 +13,7 @@ with lib; type = types.listOf types.path; internal = true; default = []; - description = lib.mdDoc '' + description = '' Search path for NSS (Name Service Switch) modules. This allows several DNS resolution methods to be specified via {file}`/etc/nsswitch.conf`. @@ -28,7 +28,7 @@ with lib; system.nssDatabases = { passwd = mkOption { type = types.listOf types.str; - description = lib.mdDoc '' + description = '' List of passwd entries to configure in {file}`/etc/nsswitch.conf`. Note that "files" is always prepended while "systemd" is appended if nscd is enabled. @@ -40,7 +40,7 @@ with lib; group = mkOption { type = types.listOf types.str; - description = lib.mdDoc '' + description = '' List of group entries to configure in {file}`/etc/nsswitch.conf`. Note that "files" is always prepended while "systemd" is appended if nscd is enabled. @@ -52,7 +52,7 @@ with lib; shadow = mkOption { type = types.listOf types.str; - description = lib.mdDoc '' + description = '' List of shadow entries to configure in {file}`/etc/nsswitch.conf`. Note that "files" is always prepended. @@ -64,7 +64,7 @@ with lib; hosts = mkOption { type = types.listOf types.str; - description = lib.mdDoc '' + description = '' List of hosts entries to configure in {file}`/etc/nsswitch.conf`. Note that "files" is always prepended, and "dns" and "myhostname" are always appended. @@ -76,7 +76,7 @@ with lib; services = mkOption { type = types.listOf types.str; - description = lib.mdDoc '' + description = '' List of services entries to configure in {file}`/etc/nsswitch.conf`. Note that "files" is always prepended. diff --git a/nixpkgs/nixos/modules/config/power-management.nix b/nixpkgs/nixos/modules/config/power-management.nix index e7fd02920e0d..70f2d199df10 100644 --- a/nixpkgs/nixos/modules/config/power-management.nix +++ b/nixpkgs/nixos/modules/config/power-management.nix @@ -19,8 +19,7 @@ in enable = mkOption { type = types.bool; default = true; - description = - lib.mdDoc '' + description = '' Whether to enable power management. This includes support for suspend-to-RAM and powersave features on laptops. ''; @@ -29,7 +28,7 @@ in resumeCommands = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Commands executed after the system resumes from suspend-to-RAM."; + description = "Commands executed after the system resumes from suspend-to-RAM."; }; powerUpCommands = mkOption { @@ -38,8 +37,7 @@ in example = literalExpression '' "''${pkgs.hdparm}/sbin/hdparm -B 255 /dev/sda" ''; - description = - lib.mdDoc '' + description = '' Commands executed when the machine powers up. That is, they're executed both when the system first boots and when it resumes from suspend or hibernation. @@ -52,8 +50,7 @@ in example = literalExpression '' "''${pkgs.hdparm}/sbin/hdparm -B 255 /dev/sda" ''; - description = - lib.mdDoc '' + description = '' Commands executed when the machine powers down. That is, they're executed both when the system shuts down and when it goes to suspend or hibernation. diff --git a/nixpkgs/nixos/modules/config/pulseaudio.nix b/nixpkgs/nixos/modules/config/pulseaudio.nix index 662959bf0071..7c3a284e8780 100644 --- a/nixpkgs/nixos/modules/config/pulseaudio.nix +++ b/nixpkgs/nixos/modules/config/pulseaudio.nix @@ -87,7 +87,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the PulseAudio sound server. ''; }; @@ -95,7 +95,7 @@ in { systemWide = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' If false, a PulseAudio server is launched automatically for each user that tries to use the sound system. The server runs with user privileges. If true, one system-wide PulseAudio @@ -110,7 +110,7 @@ in { support32Bit = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to include the 32-bit pulseaudio libraries in the system or not. This is only useful on 64-bit systems and currently limited to x86_64-linux. ''; @@ -118,7 +118,7 @@ in { configFile = mkOption { type = types.nullOr types.path; - description = lib.mdDoc '' + description = '' The path to the default configuration options the PulseAudio server should use. By default, the "default.pa" configuration from the PulseAudio distribution is used. @@ -128,7 +128,7 @@ in { extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Literal string to append to `configFile` and the config file generated by the pulseaudio module. ''; @@ -137,7 +137,7 @@ in { extraClientConf = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra configuration appended to pulse/client.conf file. ''; }; @@ -149,7 +149,7 @@ in { else pkgs.pulseaudio; defaultText = literalExpression "pkgs.pulseaudio"; example = literalExpression "pkgs.pulseaudioFull"; - description = lib.mdDoc '' + description = '' The PulseAudio derivation to use. This can be used to enable features (such as JACK support, Bluetooth) via the `pulseaudioFull` package. @@ -160,7 +160,7 @@ in { type = types.listOf types.package; default = []; example = literalExpression "[ pkgs.pulseaudio-modules-bt ]"; - description = lib.mdDoc '' + description = '' Extra pulseaudio modules to use. This is intended for out-of-tree pulseaudio modules like extra bluetooth codecs. @@ -172,7 +172,7 @@ in { logLevel = mkOption { type = types.str; default = "notice"; - description = lib.mdDoc '' + description = '' The log level that the system-wide pulseaudio daemon should use, if activated. ''; @@ -181,29 +181,29 @@ in { config = mkOption { type = types.attrsOf types.unspecified; default = {}; - description = lib.mdDoc "Config of the pulse daemon. See `man pulse-daemon.conf`."; + description = "Config of the pulse daemon. See `man pulse-daemon.conf`."; example = literalExpression ''{ realtime-scheduling = "yes"; }''; }; }; zeroconf = { discovery.enable = - mkEnableOption (lib.mdDoc "discovery of pulseaudio sinks in the local network"); + mkEnableOption "discovery of pulseaudio sinks in the local network"; publish.enable = - mkEnableOption (lib.mdDoc "publishing the pulseaudio sink in the local network"); + mkEnableOption "publishing the pulseaudio sink in the local network"; }; # TODO: enable by default? tcp = { - enable = mkEnableOption (lib.mdDoc "tcp streaming support"); + enable = mkEnableOption "tcp streaming support"; anonymousClients = { - allowAll = mkEnableOption (lib.mdDoc "all anonymous clients to stream to the server"); + allowAll = mkEnableOption "all anonymous clients to stream to the server"; allowedIpRanges = mkOption { type = types.listOf types.str; default = []; example = literalExpression ''[ "127.0.0.1" "192.168.1.0/24" ]''; - description = lib.mdDoc '' + description = '' A list of IP subnets that are allowed to stream to the server. ''; }; diff --git a/nixpkgs/nixos/modules/config/qt.nix b/nixpkgs/nixos/modules/config/qt.nix index f82b7ab85a8c..bf050f17620c 100644 --- a/nixpkgs/nixos/modules/config/qt.nix +++ b/nixpkgs/nixos/modules/config/qt.nix @@ -42,7 +42,7 @@ in options = { qt = { enable = lib.mkEnableOption "" // { - description = lib.mdDoc '' + description = '' Whether to enable Qt configuration, including theming. Enabling this option is necessary for Qt plugins to work in the @@ -66,7 +66,7 @@ in [ "qt6Packages" "qt6ct" ] [ "qt6Packages" "qt6gtk2" ] ]; - description = lib.mdDoc '' + description = '' Selects the platform theme to use for Qt applications. The options are @@ -93,7 +93,7 @@ in [ "qt6Packages" "qt6gtk2" ] [ "qt6Packages" "qtstyleplugin-kvantum" ] ]; - description = lib.mdDoc '' + description = '' Selects the style to use for Qt applications. The options are diff --git a/nixpkgs/nixos/modules/config/resolvconf.nix b/nixpkgs/nixos/modules/config/resolvconf.nix index 3b8cc0cb8f42..002a06be39a3 100644 --- a/nixpkgs/nixos/modules/config/resolvconf.nix +++ b/nixpkgs/nixos/modules/config/resolvconf.nix @@ -10,7 +10,8 @@ let resolvconfOptions = cfg.extraOptions ++ optional cfg.dnsSingleRequest "single-request" - ++ optional cfg.dnsExtensionMechanism "edns0"; + ++ optional cfg.dnsExtensionMechanism "edns0" + ++ optional cfg.useLocalResolver "trust-ad"; configText = '' @@ -27,9 +28,7 @@ let resolv_conf_options='${concatStringsSep " " resolvconfOptions}' '' + optionalString cfg.useLocalResolver '' # This hosts runs a full-blown DNS resolver. - name_servers='127.0.0.1' - '' + optionalString (cfg.useLocalResolver && config.networking.enableIPv6) '' - name_servers='::1' + name_servers='127.0.0.1${optionalString config.networking.enableIPv6 " ::1"}' '' + cfg.extraConfig; in @@ -51,7 +50,7 @@ in type = types.bool; default = !(config.environment.etc ? "resolv.conf"); defaultText = literalExpression ''!(config.environment.etc ? "resolv.conf")''; - description = lib.mdDoc '' + description = '' Whether DNS configuration is managed by resolvconf. ''; }; @@ -60,7 +59,7 @@ in type = types.package; default = pkgs.openresolv; defaultText = literalExpression "pkgs.openresolv"; - description = lib.mdDoc '' + description = '' The package that provides the system-wide resolvconf command. Defaults to `openresolv` if this module is enabled. Otherwise, can be used by other modules (for example {option}`services.resolved`) to provide a compatibility layer. @@ -72,7 +71,7 @@ in dnsSingleRequest = lib.mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Recent versions of glibc will issue both ipv4 (A) and ipv6 (AAAA) address queries at the same time, from the same port. Sometimes upstream routers will systemically drop the ipv4 queries. The symptom of this problem is @@ -85,7 +84,7 @@ in dnsExtensionMechanism = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Enable the `edns0` option in {file}`resolv.conf`. With that option set, `glibc` supports use of the extension mechanisms for DNS (EDNS) specified in RFC 2671. The most popular user of that feature is DNSSEC, @@ -97,7 +96,7 @@ in type = types.lines; default = ""; example = "libc=NO"; - description = lib.mdDoc '' + description = '' Extra configuration to append to {file}`resolvconf.conf`. ''; }; @@ -106,7 +105,7 @@ in type = types.listOf types.str; default = []; example = [ "ndots:1" "rotate" ]; - description = lib.mdDoc '' + description = '' Set the options in {file}`/etc/resolv.conf`. ''; }; @@ -114,7 +113,7 @@ in useLocalResolver = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Use local DNS server for resolving. ''; }; diff --git a/nixpkgs/nixos/modules/config/shells-environment.nix b/nixpkgs/nixos/modules/config/shells-environment.nix index a8476bd2aaed..2c19fb8a029d 100644 --- a/nixpkgs/nixos/modules/config/shells-environment.nix +++ b/nixpkgs/nixos/modules/config/shells-environment.nix @@ -35,20 +35,20 @@ in environment.variables = mkOption { default = {}; example = { EDITOR = "nvim"; VISUAL = "nvim"; }; - description = lib.mdDoc '' + description = '' A set of environment variables used in the global environment. These variables will be set on shell initialisation (e.g. in /etc/profile). The value of each variable can be either a string or a list of strings. The latter is concatenated, interspersed with colon characters. ''; - type = with types; attrsOf (oneOf [ (listOf str) str path ]); - apply = mapAttrs (n: v: if isList v then concatStringsSep ":" v else "${v}"); + type = with types; attrsOf (oneOf [ (listOf (oneOf [ float int str ])) float int str path ]); + apply = mapAttrs (n: v: if isList v then concatMapStringsSep ":" toString v else toString v); }; environment.profiles = mkOption { default = []; - description = lib.mdDoc '' + description = '' A list of profiles used to setup the global environment. ''; type = types.listOf types.str; @@ -57,7 +57,7 @@ in environment.profileRelativeEnvVars = mkOption { type = types.attrsOf (types.listOf types.str); example = { PATH = [ "/bin" ]; MANPATH = [ "/man" "/share/man" ]; }; - description = lib.mdDoc '' + description = '' Attribute set of environment variable. Each attribute maps to a list of relative paths. Each relative path is appended to the each profile of {option}`environment.profiles` to form the content of the @@ -68,7 +68,7 @@ in # !!! isn't there a better way? environment.extraInit = mkOption { default = ""; - description = lib.mdDoc '' + description = '' Shell script code called during global environment initialisation after all variables and profileVariables have been set. This code is assumed to be shell-independent, which means you should @@ -79,7 +79,7 @@ in environment.shellInit = mkOption { default = ""; - description = lib.mdDoc '' + description = '' Shell script code called during shell initialisation. This code is assumed to be shell-independent, which means you should stick to pure sh without sh word split. @@ -89,7 +89,7 @@ in environment.loginShellInit = mkOption { default = ""; - description = lib.mdDoc '' + description = '' Shell script code called during login shell initialisation. This code is assumed to be shell-independent, which means you should stick to pure sh without sh word split. @@ -99,7 +99,7 @@ in environment.interactiveShellInit = mkOption { default = ""; - description = lib.mdDoc '' + description = '' Shell script code called during interactive shell initialisation. This code is assumed to be shell-independent, which means you should stick to pure sh without sh word split. @@ -109,7 +109,7 @@ in environment.shellAliases = mkOption { example = { l = null; ll = "ls -l"; }; - description = lib.mdDoc '' + description = '' An attribute set that maps aliases (the top level attribute names in this option) to command strings or directly to build outputs. The aliases are added to all users' shells. @@ -119,7 +119,7 @@ in }; environment.homeBinInPath = mkOption { - description = lib.mdDoc '' + description = '' Include ~/bin/ in $PATH. ''; default = false; @@ -127,7 +127,7 @@ in }; environment.localBinInPath = mkOption { - description = lib.mdDoc '' + description = '' Add ~/.local/bin/ to $PATH ''; default = false; @@ -140,7 +140,7 @@ in example = literalExpression ''"''${pkgs.dash}/bin/dash"''; type = types.path; visible = false; - description = lib.mdDoc '' + description = '' The shell executable that is linked system-wide to `/bin/sh`. Please note that NixOS assumes all over the place that shell to be Bash, so override the default @@ -151,7 +151,7 @@ in environment.shells = mkOption { default = []; example = literalExpression "[ pkgs.bashInteractive pkgs.zsh ]"; - description = lib.mdDoc '' + description = '' A list of permissible login shells for user accounts. No need to mention `/bin/sh` here, it is placed into this list implicitly. diff --git a/nixpkgs/nixos/modules/config/stevenblack.nix b/nixpkgs/nixos/modules/config/stevenblack.nix index 7e6235169847..5b85073c6908 100644 --- a/nixpkgs/nixos/modules/config/stevenblack.nix +++ b/nixpkgs/nixos/modules/config/stevenblack.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: let - inherit (lib) optionals mkOption mkEnableOption types mkIf elem concatStringsSep maintainers mdDoc; + inherit (lib) optionals mkOption mkEnableOption types mkIf elem concatStringsSep maintainers; cfg = config.networking.stevenblack; # needs to be in a specific order @@ -15,12 +15,12 @@ let in { options.networking.stevenblack = { - enable = mkEnableOption (mdDoc "the stevenblack hosts file blocklist"); + enable = mkEnableOption "the stevenblack hosts file blocklist"; block = mkOption { type = types.listOf (types.enum [ "fakenews" "gambling" "porn" "social" ]); default = [ ]; - description = mdDoc "Additional blocklist extensions."; + description = "Additional blocklist extensions."; }; }; diff --git a/nixpkgs/nixos/modules/config/stub-ld.nix b/nixpkgs/nixos/modules/config/stub-ld.nix index 14c07466d061..87b7bdf07a2d 100644 --- a/nixpkgs/nixos/modules/config/stub-ld.nix +++ b/nixpkgs/nixos/modules/config/stub-ld.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: let - inherit (lib) optionalString mkOption types mdDoc mkIf mkDefault; + inherit (lib) optionalString mkOption types mkIf mkDefault; cfg = config.environment.stub-ld; @@ -38,7 +38,7 @@ in { type = types.bool; default = true; example = false; - description = mdDoc '' + description = '' Install a stub ELF loader to print an informative error message in the event that a user attempts to run an ELF binary not compiled for NixOS. diff --git a/nixpkgs/nixos/modules/config/swap.nix b/nixpkgs/nixos/modules/config/swap.nix index 21046d6f1697..a606ebd76759 100644 --- a/nixpkgs/nixos/modules/config/swap.nix +++ b/nixpkgs/nixos/modules/config/swap.nix @@ -14,7 +14,7 @@ let enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Encrypt swap device with a random key. This way you won't have a persistent swap device. WARNING: Don't try to hibernate when you have at least one swap partition with @@ -31,7 +31,7 @@ let default = "aes-xts-plain64"; example = "serpent-xts-plain64"; type = types.str; - description = lib.mdDoc '' + description = '' Use specified cipher for randomEncryption. Hint: Run "cryptsetup benchmark" to see which one is fastest on your machine. @@ -42,7 +42,7 @@ let default = null; example = "512"; type = types.nullOr types.int; - description = lib.mdDoc '' + description = '' Set the encryption key size for the plain device. If not specified, the amount of data to read from `source` will be @@ -56,7 +56,7 @@ let default = null; example = "4096"; type = types.nullOr types.int; - description = lib.mdDoc '' + description = '' Set the sector size for the plain encrypted device type. If not specified, the default sector size is determined from the @@ -70,7 +70,7 @@ let default = "/dev/urandom"; example = "/dev/random"; type = types.str; - description = lib.mdDoc '' + description = '' Define the source of randomness to obtain a random key for encryption. ''; }; @@ -78,7 +78,7 @@ let allowDiscards = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to allow TRIM requests to the underlying device. This option has security implications; please read the LUKS documentation before activating it. @@ -95,13 +95,13 @@ let device = mkOption { example = "/dev/sda3"; type = types.nonEmptyStr; - description = lib.mdDoc "Path of the device or swap file."; + description = "Path of the device or swap file."; }; label = mkOption { example = "swap"; type = types.str; - description = lib.mdDoc '' + description = '' Label of the device. Can be used instead of {var}`device`. ''; }; @@ -110,7 +110,7 @@ let default = null; example = 2048; type = types.nullOr types.int; - description = lib.mdDoc '' + description = '' If this option is set, ‘device’ is interpreted as the path of a swapfile that will be created automatically with the indicated size (in megabytes). @@ -121,7 +121,7 @@ let default = null; example = 2048; type = types.nullOr types.int; - description = lib.mdDoc '' + description = '' Specify the priority of the swap device. Priority is a value between 0 and 32767. Higher numbers indicate higher priority. null lets the kernel choose a priority, which will show up as a negative value. @@ -136,7 +136,7 @@ let source = "/dev/random"; }; type = types.coercedTo types.bool randomEncryptionCoerce (types.submodule randomEncryptionOpts); - description = lib.mdDoc '' + description = '' Encrypt swap device with a random key. This way you won't have a persistent swap device. HINT: run "cryptsetup benchmark" to test cipher performance on your machine. @@ -155,7 +155,7 @@ let default = null; example = "once"; type = types.nullOr (types.enum ["once" "pages" "both" ]); - description = lib.mdDoc '' + description = '' Specify the discard policy for the swap device. If "once", then the whole swap space is discarded at swapon invocation. If "pages", asynchronous discard on freed pages is performed, before returning to @@ -168,7 +168,7 @@ let default = [ "defaults" ]; example = [ "nofail" ]; type = types.listOf types.nonEmptyStr; - description = lib.mdDoc '' + description = '' Options used to mount the swap. ''; }; @@ -209,7 +209,7 @@ in { device = "/var/swapfile"; } { label = "bigswap"; } ]; - description = lib.mdDoc '' + description = '' The swap devices and swap files. These must have been initialised using {command}`mkswap`. Each element should be an attribute set specifying either the path of the diff --git a/nixpkgs/nixos/modules/config/sysctl.nix b/nixpkgs/nixos/modules/config/sysctl.nix index bedba984a3c2..34028ce82dd7 100644 --- a/nixpkgs/nixos/modules/config/sysctl.nix +++ b/nixpkgs/nixos/modules/config/sysctl.nix @@ -35,13 +35,13 @@ in "net.core.rmem_max" = mkOption { type = types.nullOr highestValueType; default = null; - description = lib.mdDoc "The maximum receive socket buffer size in bytes. In case of conflicting values, the highest will be used."; + description = "The maximum receive socket buffer size in bytes. In case of conflicting values, the highest will be used."; }; "net.core.wmem_max" = mkOption { type = types.nullOr highestValueType; default = null; - description = lib.mdDoc "The maximum send socket buffer size in bytes. In case of conflicting values, the highest will be used."; + description = "The maximum send socket buffer size in bytes. In case of conflicting values, the highest will be used."; }; }; }; @@ -49,7 +49,7 @@ in example = literalExpression '' { "net.ipv4.tcp_syncookies" = false; "vm.swappiness" = 60; } ''; - description = lib.mdDoc '' + description = '' Runtime parameters of the Linux kernel, as set by {manpage}`sysctl(8)`. Note that sysctl parameters names must be enclosed in quotes diff --git a/nixpkgs/nixos/modules/config/system-environment.nix b/nixpkgs/nixos/modules/config/system-environment.nix index 399304185223..3fd4ac730ab9 100644 --- a/nixpkgs/nixos/modules/config/system-environment.nix +++ b/nixpkgs/nixos/modules/config/system-environment.nix @@ -16,7 +16,7 @@ in environment.sessionVariables = mkOption { default = {}; - description = lib.mdDoc '' + description = '' A set of environment variables used in the global environment. These variables will be set by PAM early in the login process. @@ -38,7 +38,7 @@ in environment.profileRelativeSessionVariables = mkOption { type = types.attrsOf (types.listOf types.str); example = { PATH = [ "/bin" ]; MANPATH = [ "/man" "/share/man" ]; }; - description = lib.mdDoc '' + description = '' Attribute set of environment variable used in the global environment. These variables will be set by PAM early in the login process. diff --git a/nixpkgs/nixos/modules/config/system-path.nix b/nixpkgs/nixos/modules/config/system-path.nix index 71274ea8999f..562100ad6201 100644 --- a/nixpkgs/nixos/modules/config/system-path.nix +++ b/nixpkgs/nixos/modules/config/system-path.nix @@ -63,7 +63,7 @@ in type = types.listOf types.package; default = []; example = literalExpression "[ pkgs.firefox pkgs.thunderbird ]"; - description = lib.mdDoc '' + description = '' The set of packages that appear in /run/current-system/sw. These packages are automatically available to all users, and are @@ -84,7 +84,7 @@ in ${defaultPackagesText} ''; example = []; - description = lib.mdDoc '' + description = '' Set of default packages that aren't strictly necessary for a running system, entries can be removed for a more minimal NixOS installation. @@ -103,14 +103,14 @@ in # to work. default = []; example = ["/"]; - description = lib.mdDoc "List of directories to be symlinked in {file}`/run/current-system/sw`."; + description = "List of directories to be symlinked in {file}`/run/current-system/sw`."; }; extraOutputsToInstall = mkOption { type = types.listOf types.str; default = [ ]; example = [ "dev" "info" ]; - description = lib.mdDoc '' + description = '' Entries listed here will be appended to the `meta.outputsToInstall` attribute for each package in `environment.systemPackages`, and the files from the corresponding derivation outputs symlinked into {file}`/run/current-system/sw`. For example, this can be used to install the `dev` and `info` outputs for all packages in the system environment, if they are available. @@ -122,7 +122,7 @@ in extraSetup = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Shell fragments to be run after the system environment has been created. This should only be used for things that need to modify the internals of the environment, e.g. generating MIME caches. The environment being built can be accessed at $out."; + description = "Shell fragments to be run after the system environment has been created. This should only be used for things that need to modify the internals of the environment, e.g. generating MIME caches. The environment being built can be accessed at $out."; }; }; @@ -131,7 +131,7 @@ in path = mkOption { internal = true; - description = lib.mdDoc '' + description = '' The packages you want in the boot environment. ''; }; diff --git a/nixpkgs/nixos/modules/config/terminfo.nix b/nixpkgs/nixos/modules/config/terminfo.nix index ebd1aaea8f04..4b58605aa7f1 100644 --- a/nixpkgs/nixos/modules/config/terminfo.nix +++ b/nixpkgs/nixos/modules/config/terminfo.nix @@ -10,7 +10,7 @@ with lib; environment.enableAllTerminfo = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to install all terminfo outputs ''; }; @@ -18,7 +18,7 @@ with lib; security.sudo.keepTerminfo = mkOption { default = true; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to preserve the `TERMINFO` and `TERMINFO_DIRS` environment variables, for `root` and the `wheel` group. ''; diff --git a/nixpkgs/nixos/modules/config/unix-odbc-drivers.nix b/nixpkgs/nixos/modules/config/unix-odbc-drivers.nix index 7bd3fa1600b0..28cf7e84b7bc 100644 --- a/nixpkgs/nixos/modules/config/unix-odbc-drivers.nix +++ b/nixpkgs/nixos/modules/config/unix-odbc-drivers.nix @@ -20,7 +20,7 @@ in { type = types.listOf types.package; default = []; example = literalExpression "with pkgs.unixODBCDrivers; [ sqlite psql ]"; - description = lib.mdDoc '' + description = '' Specifies Unix ODBC drivers to be registered in {file}`/etc/odbcinst.ini`. You may also want to add `pkgs.unixODBC` to the system path to get diff --git a/nixpkgs/nixos/modules/config/users-groups.nix b/nixpkgs/nixos/modules/config/users-groups.nix index f9750b7263ca..3ef8993fa665 100644 --- a/nixpkgs/nixos/modules/config/users-groups.nix +++ b/nixpkgs/nixos/modules/config/users-groups.nix @@ -56,7 +56,7 @@ let name = mkOption { type = types.passwdEntry types.str; apply = x: assert (builtins.stringLength x < 32 || abort "Username '${x}' is longer than 31 characters which is not allowed!"); x; - description = lib.mdDoc '' + description = '' The name of the user account. If undefined, the name of the attribute set will be used. ''; @@ -66,7 +66,7 @@ let type = types.passwdEntry types.str; default = ""; example = "Alice Q. User"; - description = lib.mdDoc '' + description = '' A short description of the user account, typically the user's full name. This is actually the “GECOS” or “comment” field in {file}`/etc/passwd`. @@ -76,7 +76,7 @@ let uid = mkOption { type = with types; nullOr int; default = null; - description = lib.mdDoc '' + description = '' The account UID. If the UID is null, a free UID is picked on activation. ''; @@ -85,7 +85,7 @@ let isSystemUser = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Indicates if the user is a system user or not. This option only has an effect if {option}`uid` is {option}`null`, in which case it determines whether @@ -100,7 +100,7 @@ let isNormalUser = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Indicates whether this is an account for a “real” user. This automatically sets {option}`group` to `users`, {option}`createHome` to `true`, @@ -115,31 +115,31 @@ let type = types.str; apply = x: assert (builtins.stringLength x < 32 || abort "Group name '${x}' is longer than 31 characters which is not allowed!"); x; default = ""; - description = lib.mdDoc "The user's primary group."; + description = "The user's primary group."; }; extraGroups = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc "The user's auxiliary groups."; + description = "The user's auxiliary groups."; }; home = mkOption { type = types.passwdEntry types.path; default = "/var/empty"; - description = lib.mdDoc "The user's home directory."; + description = "The user's home directory."; }; homeMode = mkOption { type = types.strMatching "[0-7]{1,5}"; default = "700"; - description = lib.mdDoc "The user's home directory mode in numeric format. See chmod(1). The mode is only applied if {option}`users.users.<name>.createHome` is true."; + description = "The user's home directory mode in numeric format. See chmod(1). The mode is only applied if {option}`users.users.<name>.createHome` is true."; }; cryptHomeLuks = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Path to encrypted luks device that contains the user's home directory. ''; @@ -148,7 +148,7 @@ let pamMount = mkOption { type = with types; attrsOf str; default = {}; - description = lib.mdDoc '' + description = '' Attributes for user's entry in {file}`pam_mount.conf.xml`. Useful attributes might include `path`, @@ -163,7 +163,7 @@ let default = pkgs.shadow; defaultText = literalExpression "pkgs.shadow"; example = literalExpression "pkgs.bashInteractive"; - description = lib.mdDoc '' + description = '' The path to the user's shell. Can use shell derivations, like `pkgs.bashInteractive`. Don’t forget to enable your shell in @@ -175,7 +175,7 @@ let ignoreShellProgramCheck = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' By default, nixos will check that programs.SHELL.enable is set to true if the user has a custom shell specified. If that behavior isn't required and there are custom overrides in place to make sure that the @@ -190,7 +190,7 @@ let { startUid = 1000; count = 1; } { startUid = 100001; count = 65534; } ]; - description = lib.mdDoc '' + description = '' Subordinate user ids that user is allowed to use. They are set into {file}`/etc/subuid` and are used by `newuidmap` for user namespaces. @@ -204,7 +204,7 @@ let { startGid = 100; count = 1; } { startGid = 1001; count = 999; } ]; - description = lib.mdDoc '' + description = '' Subordinate group ids that user is allowed to use. They are set into {file}`/etc/subgid` and are used by `newgidmap` for user namespaces. @@ -215,7 +215,7 @@ let type = types.bool; default = false; example = true; - description = lib.mdDoc '' + description = '' Automatically allocate subordinate user and group ids for this user. Allocated range is currently always of size 65536. ''; @@ -224,7 +224,7 @@ let createHome = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to create the home directory and ensure ownership as well as permissions to match the user. ''; @@ -233,7 +233,7 @@ let useDefaultShell = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' If true, the user's shell will be set to {option}`users.defaultUserShell`. ''; @@ -242,7 +242,7 @@ let hashedPassword = mkOption { type = with types; nullOr (passwdEntry str); default = null; - description = lib.mdDoc '' + description = '' Specifies the hashed password for the user. ${passwordDescription} ${hashedPasswordDescription} @@ -252,7 +252,7 @@ let password = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Specifies the (clear text) password for the user. Warning: do not set confidential information here because it is world-readable in the Nix store. This option @@ -265,7 +265,7 @@ let type = with types; nullOr str; default = cfg.users.${name}.passwordFile; defaultText = literalExpression "null"; - description = lib.mdDoc '' + description = '' The full path to a file that contains the hash of the user's password. The password file is read on each system activation. The file should contain exactly one line, which should be the password in @@ -278,13 +278,13 @@ let type = with types; nullOr str; default = null; visible = false; - description = lib.mdDoc "Deprecated alias of hashedPasswordFile"; + description = "Deprecated alias of hashedPasswordFile"; }; initialHashedPassword = mkOption { type = with types; nullOr (passwdEntry str); default = null; - description = lib.mdDoc '' + description = '' Specifies the initial hashed password for the user, i.e. the hashed password assigned if the user does not already exist. If {option}`users.mutableUsers` is true, the @@ -302,7 +302,7 @@ let initialPassword = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Specifies the initial password for the user, i.e. the password assigned if the user does not already exist. If {option}`users.mutableUsers` is true, the password @@ -323,7 +323,7 @@ let type = types.listOf types.package; default = []; example = literalExpression "[ pkgs.firefox pkgs.thunderbird ]"; - description = lib.mdDoc '' + description = '' The set of packages that should be made available to the user. This is in contrast to {option}`environment.systemPackages`, which adds packages to all users. @@ -333,7 +333,7 @@ let expires = mkOption { type = types.nullOr (types.strMatching "[[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2}"); default = null; - description = lib.mdDoc '' + description = '' Set the date on which the user's account will no longer be accessible. The date is expressed in the format YYYY-MM-DD, or null to disable the expiry. @@ -345,7 +345,7 @@ let linger = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable lingering for this user. If true, systemd user units will start at boot, rather than starting at login and stopping at logout. This is the declarative equivalent of running @@ -390,7 +390,7 @@ let name = mkOption { type = types.passwdEntry types.str; - description = lib.mdDoc '' + description = '' The name of the group. If undefined, the name of the attribute set will be used. ''; @@ -399,7 +399,7 @@ let gid = mkOption { type = with types; nullOr int; default = null; - description = lib.mdDoc '' + description = '' The group GID. If the GID is null, a free GID is picked on activation. ''; @@ -408,7 +408,7 @@ let members = mkOption { type = with types; listOf (passwdEntry str); default = []; - description = lib.mdDoc '' + description = '' The user names of the group members, added to the `/etc/group` file. ''; @@ -430,7 +430,7 @@ let options = { startUid = mkOption { type = types.int; - description = lib.mdDoc '' + description = '' Start of the range of subordinate user ids that user is allowed to use. ''; @@ -438,7 +438,7 @@ let count = mkOption { type = types.int; default = 1; - description = lib.mdDoc "Count of subordinate user ids"; + description = "Count of subordinate user ids"; }; }; }; @@ -447,7 +447,7 @@ let options = { startGid = mkOption { type = types.int; - description = lib.mdDoc '' + description = '' Start of the range of subordinate group ids that user is allowed to use. ''; @@ -455,7 +455,7 @@ let count = mkOption { type = types.int; default = 1; - description = lib.mdDoc "Count of subordinate group ids"; + description = "Count of subordinate group ids"; }; }; }; @@ -510,7 +510,7 @@ in { users.mutableUsers = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' If set to `true`, you are free to add new users and groups to the system with the ordinary `useradd` and `groupadd` commands. On system activation, the @@ -535,7 +535,7 @@ in { users.enforceIdUniqueness = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to require that no two users/groups share the same uid/gid. ''; }; @@ -554,7 +554,7 @@ in { shell = "/bin/sh"; }; }; - description = lib.mdDoc '' + description = '' Additional user accounts to be created automatically by the system. This can also be used to set options for root. ''; @@ -567,7 +567,7 @@ in { hackers = { }; }; type = with types; attrsOf (submodule groupOpts); - description = lib.mdDoc '' + description = '' Additional groups to be created automatically by the system. ''; }; @@ -576,7 +576,7 @@ in { users.allowNoPasswordLogin = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Disable checking that at least the `root` user or a user in the `wheel` group can log in using a password or an SSH key. @@ -871,7 +871,6 @@ in { } { assertion = let - xor = a: b: a && !b || b && !a; isEffectivelySystemUser = user.isSystemUser || (user.uid != null && user.uid < 1000); in xor isEffectivelySystemUser user.isNormalUser; message = '' diff --git a/nixpkgs/nixos/modules/config/vte.nix b/nixpkgs/nixos/modules/config/vte.nix index 48f85246560a..e0b48c3fb4a8 100644 --- a/nixpkgs/nixos/modules/config/vte.nix +++ b/nixpkgs/nixos/modules/config/vte.nix @@ -23,7 +23,7 @@ in programs.bash.vteIntegration = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to enable Bash integration for VTE terminals. This allows it to preserve the current directory of the shell across terminals. @@ -33,7 +33,7 @@ in programs.zsh.vteIntegration = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to enable Zsh integration for VTE terminals. This allows it to preserve the current directory of the shell across terminals. diff --git a/nixpkgs/nixos/modules/config/xdg/autostart.nix b/nixpkgs/nixos/modules/config/xdg/autostart.nix index a4fdbda911a2..acdb7cd3adc6 100644 --- a/nixpkgs/nixos/modules/config/xdg/autostart.nix +++ b/nixpkgs/nixos/modules/config/xdg/autostart.nix @@ -10,7 +10,7 @@ with lib; xdg.autostart.enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to install files to support the [XDG Autostart specification](https://specifications.freedesktop.org/autostart-spec/autostart-spec-latest.html). ''; diff --git a/nixpkgs/nixos/modules/config/xdg/icons.nix b/nixpkgs/nixos/modules/config/xdg/icons.nix index 8d44a431445b..3f198101d306 100644 --- a/nixpkgs/nixos/modules/config/xdg/icons.nix +++ b/nixpkgs/nixos/modules/config/xdg/icons.nix @@ -10,7 +10,7 @@ with lib; xdg.icons.enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to install files to support the [XDG Icon Theme specification](https://specifications.freedesktop.org/icon-theme-spec/icon-theme-spec-latest.html). ''; diff --git a/nixpkgs/nixos/modules/config/xdg/menus.nix b/nixpkgs/nixos/modules/config/xdg/menus.nix index b8f829e81547..8510c2db654e 100644 --- a/nixpkgs/nixos/modules/config/xdg/menus.nix +++ b/nixpkgs/nixos/modules/config/xdg/menus.nix @@ -10,7 +10,7 @@ with lib; xdg.menus.enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to install files to support the [XDG Desktop Menu specification](https://specifications.freedesktop.org/menu-spec/menu-spec-latest.html). ''; diff --git a/nixpkgs/nixos/modules/config/xdg/mime.nix b/nixpkgs/nixos/modules/config/xdg/mime.nix index 3aa863083219..2cd88be5b023 100644 --- a/nixpkgs/nixos/modules/config/xdg/mime.nix +++ b/nixpkgs/nixos/modules/config/xdg/mime.nix @@ -18,7 +18,7 @@ in xdg.mime.enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to install files to support the [XDG Shared MIME-info specification](https://specifications.freedesktop.org/shared-mime-info-spec/shared-mime-info-spec-latest.html) and the [XDG MIME Applications specification](https://specifications.freedesktop.org/mime-apps-spec/mime-apps-spec-latest.html). @@ -32,7 +32,7 @@ in "application/pdf" = "firefox.desktop"; "text/xml" = [ "nvim.desktop" "codium.desktop" ]; }; - description = lib.mdDoc '' + description = '' Adds associations between mimetypes and applications. See the [ specifications](https://specifications.freedesktop.org/mime-apps-spec/mime-apps-spec-latest.html#associations) for more information. @@ -46,7 +46,7 @@ in "application/pdf" = "firefox.desktop"; "image/png" = [ "sxiv.desktop" "gimp.desktop" ]; }; - description = lib.mdDoc '' + description = '' Sets the default applications for given mimetypes. See the [ specifications](https://specifications.freedesktop.org/mime-apps-spec/mime-apps-spec-latest.html#default) for more information. @@ -60,7 +60,7 @@ in "audio/mp3" = [ "mpv.desktop" "umpv.desktop" ]; "inode/directory" = "codium.desktop"; }; - description = lib.mdDoc '' + description = '' Removes associations between mimetypes and applications. See the [ specifications](https://specifications.freedesktop.org/mime-apps-spec/mime-apps-spec-latest.html#associations) for more information. diff --git a/nixpkgs/nixos/modules/config/xdg/portal.nix b/nixpkgs/nixos/modules/config/xdg/portal.nix index 5aa23377f9ff..2c4d07c4953c 100644 --- a/nixpkgs/nixos/modules/config/xdg/portal.nix +++ b/nixpkgs/nixos/modules/config/xdg/portal.nix @@ -37,14 +37,14 @@ in options.xdg.portal = { enable = - mkEnableOption (lib.mdDoc ''[xdg desktop integration](https://github.com/flatpak/xdg-desktop-portal)'') // { + mkEnableOption ''[xdg desktop integration](https://github.com/flatpak/xdg-desktop-portal)'' // { default = false; }; extraPortals = mkOption { type = types.listOf types.package; default = [ ]; - description = lib.mdDoc '' + description = '' List of additional portals to add to path. Portals allow interaction with system, like choosing files or taking screenshots. At minimum, a desktop portal implementation should be listed. GNOME and KDE already @@ -58,7 +58,7 @@ in type = types.bool; visible = false; default = false; - description = lib.mdDoc '' + description = '' Sets environment variable `GTK_USE_PORTAL` to `1`. This will force GTK-based programs ran outside Flatpak to respect and use XDG Desktop Portals for features like file chooser but it is an unsupported hack that can easily break things. @@ -69,7 +69,7 @@ in xdgOpenUsePortal = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Sets environment variable `NIXOS_XDG_OPEN_USE_PORTAL` to `1` This will make `xdg-open` use the portal to open programs, which resolves bugs involving programs opening inside FHS envs or with unexpected env vars set from wrappers. @@ -92,7 +92,7 @@ in default = [ "gtk" ]; }; }; - description = lib.mdDoc '' + description = '' Sets which portal backend should be used to provide the implementation for the requested interface. For details check {manpage}`portals.conf(5)`. @@ -106,7 +106,7 @@ in type = types.listOf types.package; default = [ ]; example = lib.literalExpression "[ pkgs.gnome.gnome-session ]"; - description = lib.mdDoc '' + description = '' List of packages that provide XDG desktop portal configuration, usually in the form of `share/xdg-desktop-portal/$desktop-portals.conf`. diff --git a/nixpkgs/nixos/modules/config/xdg/portals/lxqt.nix b/nixpkgs/nixos/modules/config/xdg/portals/lxqt.nix index 18fcf3d81c02..23a1622308bd 100644 --- a/nixpkgs/nixos/modules/config/xdg/portals/lxqt.nix +++ b/nixpkgs/nixos/modules/config/xdg/portals/lxqt.nix @@ -12,13 +12,13 @@ in }; options.xdg.portal.lxqt = { - enable = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption '' the desktop portal for the LXQt desktop environment. This will add the `lxqt.xdg-desktop-portal-lxqt` package (with the extra Qt styles) into the {option}`xdg.portal.extraPortals` option - ''); + ''; styles = mkOption { type = types.listOf types.package; @@ -29,7 +29,7 @@ in pkgs.qtcurve ]; ''; - description = lib.mdDoc '' + description = '' Extra Qt styles that will be available to the `lxqt.xdg-desktop-portal-lxqt`. ''; diff --git a/nixpkgs/nixos/modules/config/xdg/portals/wlr.nix b/nixpkgs/nixos/modules/config/xdg/portals/wlr.nix index d84ae794e3bc..954830eff2d3 100644 --- a/nixpkgs/nixos/modules/config/xdg/portals/wlr.nix +++ b/nixpkgs/nixos/modules/config/xdg/portals/wlr.nix @@ -14,16 +14,16 @@ in }; options.xdg.portal.wlr = { - enable = mkEnableOption (lib.mdDoc '' - desktop portal for wlroots-based desktops + enable = mkEnableOption '' + desktop portal for wlroots-based desktops. This will add the `xdg-desktop-portal-wlr` package into the {option}`xdg.portal.extraPortals` option, and provide the configuration file - ''); + ''; settings = mkOption { - description = lib.mdDoc '' + description = '' Configuration for `xdg-desktop-portal-wlr`. See `xdg-desktop-portal-wlr(5)` for supported diff --git a/nixpkgs/nixos/modules/config/xdg/sounds.nix b/nixpkgs/nixos/modules/config/xdg/sounds.nix index 713d68131fc0..0aae77fe0107 100644 --- a/nixpkgs/nixos/modules/config/xdg/sounds.nix +++ b/nixpkgs/nixos/modules/config/xdg/sounds.nix @@ -10,7 +10,7 @@ with lib; xdg.sounds.enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to install files to support the [XDG Sound Theme specification](https://www.freedesktop.org/wiki/Specifications/sound-theme-spec/). ''; diff --git a/nixpkgs/nixos/modules/config/zram.nix b/nixpkgs/nixos/modules/config/zram.nix index ec8b4ed6e931..1846ac51eea6 100644 --- a/nixpkgs/nixos/modules/config/zram.nix +++ b/nixpkgs/nixos/modules/config/zram.nix @@ -22,7 +22,7 @@ in enable = lib.mkOption { default = false; type = lib.types.bool; - description = lib.mdDoc '' + description = '' Enable in-memory compressed devices and swap space provided by the zram kernel module. See [ @@ -34,7 +34,7 @@ in swapDevices = lib.mkOption { default = 1; type = lib.types.int; - description = lib.mdDoc '' + description = '' Number of zram devices to be used as swap, recommended is 1. ''; }; @@ -42,7 +42,7 @@ in memoryPercent = lib.mkOption { default = 50; type = lib.types.int; - description = lib.mdDoc '' + description = '' Maximum total amount of memory that can be stored in the zram swap devices (as a percentage of your total memory). Defaults to 1/2 of your total RAM. Run `zramctl` to check how good memory is compressed. @@ -53,7 +53,7 @@ in memoryMax = lib.mkOption { default = null; type = with lib.types; nullOr int; - description = lib.mdDoc '' + description = '' Maximum total amount of memory (in bytes) that can be stored in the zram swap devices. This doesn't define how much memory will be used by the zram swap devices. @@ -63,7 +63,7 @@ in priority = lib.mkOption { default = 5; type = lib.types.int; - description = lib.mdDoc '' + description = '' Priority of the zram swap devices. It should be a number higher than the priority of your disk-based swap devices (so that the system will fill the zram swap devices before falling back to disk swap). @@ -73,8 +73,8 @@ in algorithm = lib.mkOption { default = "zstd"; example = "lz4"; - type = with lib.types; either (enum [ "lzo" "lz4" "zstd" ]) str; - description = lib.mdDoc '' + type = with lib.types; either (enum [ "842" "lzo" "lzo-rle" "lz4" "lz4hc" "zstd" ]) str; + description = '' Compression algorithm. `lzo` has good compression, but is slow. `lz4` has bad compression, but is fast. `zstd` is both good compression and fast, but requires newer kernel. @@ -87,7 +87,7 @@ in default = null; example = "/dev/zvol/tarta-zoot/swap-writeback"; type = lib.types.nullOr lib.types.path; - description = lib.mdDoc '' + description = '' Write incompressible pages to this device, as there's no gain from keeping them in RAM. ''; diff --git a/nixpkgs/nixos/modules/hardware/acpilight.nix b/nixpkgs/nixos/modules/hardware/acpilight.nix index d8d82b0e81a4..2de448a265c7 100644 --- a/nixpkgs/nixos/modules/hardware/acpilight.nix +++ b/nixpkgs/nixos/modules/hardware/acpilight.nix @@ -10,7 +10,7 @@ in enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Enable acpilight. This will allow brightness control via xbacklight from users in the video group ''; diff --git a/nixpkgs/nixos/modules/hardware/bladeRF.nix b/nixpkgs/nixos/modules/hardware/bladeRF.nix index 52a1f52024c8..35b74b8382e3 100644 --- a/nixpkgs/nixos/modules/hardware/bladeRF.nix +++ b/nixpkgs/nixos/modules/hardware/bladeRF.nix @@ -12,7 +12,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enables udev rules for BladeRF devices. By default grants access to users in the "bladerf" group. You may want to install the libbladeRF package. diff --git a/nixpkgs/nixos/modules/hardware/brillo.nix b/nixpkgs/nixos/modules/hardware/brillo.nix index 612061718fad..8e36022a9a30 100644 --- a/nixpkgs/nixos/modules/hardware/brillo.nix +++ b/nixpkgs/nixos/modules/hardware/brillo.nix @@ -7,10 +7,10 @@ in { options = { hardware.brillo = { - enable = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption '' brillo in userspace. This will allow brightness control from users in the video group - ''); + ''; }; }; diff --git a/nixpkgs/nixos/modules/hardware/ckb-next.nix b/nixpkgs/nixos/modules/hardware/ckb-next.nix index 34f951a7446f..65e73833a759 100644 --- a/nixpkgs/nixos/modules/hardware/ckb-next.nix +++ b/nixpkgs/nixos/modules/hardware/ckb-next.nix @@ -13,13 +13,13 @@ in ]; options.hardware.ckb-next = { - enable = mkEnableOption (lib.mdDoc "the Corsair keyboard/mouse driver"); + enable = mkEnableOption "the Corsair keyboard/mouse driver"; gid = mkOption { type = types.nullOr types.int; default = null; example = 100; - description = lib.mdDoc '' + description = '' Limit access to the ckb daemon to a particular group. ''; }; diff --git a/nixpkgs/nixos/modules/hardware/corectrl.nix b/nixpkgs/nixos/modules/hardware/corectrl.nix index b1d3f2f0ce7e..9e8b69cf6277 100644 --- a/nixpkgs/nixos/modules/hardware/corectrl.nix +++ b/nixpkgs/nixos/modules/hardware/corectrl.nix @@ -7,24 +7,24 @@ let in { options.programs.corectrl = { - enable = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption '' CoreCtrl, a tool to overclock amd graphics cards and processors. Add your user to the corectrl group to run corectrl without needing to enter your password - ''); + ''; package = mkPackageOption pkgs "corectrl" { extraDescription = "Useful for overriding the configuration options used for the package."; }; gpuOverclock = { - enable = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption '' GPU overclocking - ''); + ''; ppfeaturemask = mkOption { type = types.str; default = "0xfffd7fff"; example = "0xffffffff"; - description = lib.mdDoc '' + description = '' Sets the `amdgpu.ppfeaturemask` kernel option. In particular, it is used here to set the overdrive bit. Default is `0xfffd7fff` as it is less likely to cause flicker issues. diff --git a/nixpkgs/nixos/modules/hardware/cpu/amd-microcode.nix b/nixpkgs/nixos/modules/hardware/cpu/amd-microcode.nix index 3f52cb1fca3e..621c7066bfe1 100644 --- a/nixpkgs/nixos/modules/hardware/cpu/amd-microcode.nix +++ b/nixpkgs/nixos/modules/hardware/cpu/amd-microcode.nix @@ -11,7 +11,7 @@ with lib; hardware.cpu.amd.updateMicrocode = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Update the CPU microcode for AMD processors. ''; }; diff --git a/nixpkgs/nixos/modules/hardware/cpu/amd-ryzen-smu.nix b/nixpkgs/nixos/modules/hardware/cpu/amd-ryzen-smu.nix new file mode 100644 index 000000000000..b1a5895aaa24 --- /dev/null +++ b/nixpkgs/nixos/modules/hardware/cpu/amd-ryzen-smu.nix @@ -0,0 +1,26 @@ +{ config +, lib +, ... +}: +let + inherit (lib) mkEnableOption mkIf; + cfg = config.hardware.cpu.amd.ryzen-smu; + ryzen-smu = config.boot.kernelPackages.ryzen-smu; +in +{ + options.hardware.cpu.amd.ryzen-smu = { + enable = mkEnableOption '' + ryzen_smu, a linux kernel driver that exposes access to the SMU (System Management Unit) for certain AMD Ryzen Processors. + + WARNING: Damage cause by use of your AMD processor outside of official AMD specifications or outside of factory settings are not covered under any AMD product warranty and may not be covered by your board or system manufacturer's warranty + ''; + }; + + config = mkIf cfg.enable { + boot.kernelModules = [ "ryzen-smu" ]; + boot.extraModulePackages = [ ryzen-smu ]; + environment.systemPackages = [ ryzen-smu ]; + }; + + meta.maintainers = with lib.maintainers; [ Cryolitia phdyellow ]; +} diff --git a/nixpkgs/nixos/modules/hardware/cpu/amd-sev.nix b/nixpkgs/nixos/modules/hardware/cpu/amd-sev.nix index 08e1de496383..d6225bc35a1e 100644 --- a/nixpkgs/nixos/modules/hardware/cpu/amd-sev.nix +++ b/nixpkgs/nixos/modules/hardware/cpu/amd-sev.nix @@ -5,19 +5,19 @@ let cfgSevGuest = config.hardware.cpu.amd.sevGuest; optionsFor = device: group: { - enable = mkEnableOption (lib.mdDoc "access to the AMD ${device} device"); + enable = mkEnableOption "access to the AMD ${device} device"; user = mkOption { - description = lib.mdDoc "Owner to assign to the ${device} device."; + description = "Owner to assign to the ${device} device."; type = types.str; default = "root"; }; group = mkOption { - description = lib.mdDoc "Group to assign to the ${device} device."; + description = "Group to assign to the ${device} device."; type = types.str; default = group; }; mode = mkOption { - description = lib.mdDoc "Mode to set for the ${device} device."; + description = "Mode to set for the ${device} device."; type = types.str; default = "0660"; }; diff --git a/nixpkgs/nixos/modules/hardware/cpu/intel-microcode.nix b/nixpkgs/nixos/modules/hardware/cpu/intel-microcode.nix index d30ebfefeeac..acce565fd808 100644 --- a/nixpkgs/nixos/modules/hardware/cpu/intel-microcode.nix +++ b/nixpkgs/nixos/modules/hardware/cpu/intel-microcode.nix @@ -11,7 +11,7 @@ with lib; hardware.cpu.intel.updateMicrocode = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Update the CPU microcode for Intel processors. ''; }; diff --git a/nixpkgs/nixos/modules/hardware/cpu/intel-sgx.nix b/nixpkgs/nixos/modules/hardware/cpu/intel-sgx.nix index 38a484cb126e..c66b43a2ec27 100644 --- a/nixpkgs/nixos/modules/hardware/cpu/intel-sgx.nix +++ b/nixpkgs/nixos/modules/hardware/cpu/intel-sgx.nix @@ -6,7 +6,7 @@ let in { options.hardware.cpu.intel.sgx.enableDcapCompat = mkOption { - description = lib.mdDoc '' + description = '' Whether to enable backward compatibility for SGX software build for the out-of-tree Intel SGX DCAP driver. @@ -20,19 +20,19 @@ in }; options.hardware.cpu.intel.sgx.provision = { - enable = mkEnableOption (lib.mdDoc "access to the Intel SGX provisioning device"); + enable = mkEnableOption "access to the Intel SGX provisioning device"; user = mkOption { - description = lib.mdDoc "Owner to assign to the SGX provisioning device."; + description = "Owner to assign to the SGX provisioning device."; type = types.str; default = "root"; }; group = mkOption { - description = lib.mdDoc "Group to assign to the SGX provisioning device."; + description = "Group to assign to the SGX provisioning device."; type = types.str; default = defaultPrvGroup; }; mode = mkOption { - description = lib.mdDoc "Mode to set for the SGX provisioning device."; + description = "Mode to set for the SGX provisioning device."; type = types.str; default = "0660"; }; diff --git a/nixpkgs/nixos/modules/hardware/cpu/x86-msr.nix b/nixpkgs/nixos/modules/hardware/cpu/x86-msr.nix index 554bec1b7db1..95e1be23cd95 100644 --- a/nixpkgs/nixos/modules/hardware/cpu/x86-msr.nix +++ b/nixpkgs/nixos/modules/hardware/cpu/x86-msr.nix @@ -5,7 +5,7 @@ }: let inherit (builtins) hasAttr; - inherit (lib) mkIf mdDoc; + inherit (lib) mkIf; cfg = config.hardware.cpu.x86.msr; opt = options.hardware.cpu.x86.msr; defaultGroup = "msr"; @@ -28,24 +28,24 @@ let in { options.hardware.cpu.x86.msr = with lib.options; with lib.types; { - enable = mkEnableOption (mdDoc "the `msr` (Model-Specific Registers) kernel module and configure `udev` rules for its devices (usually `/dev/cpu/*/msr`)"); + enable = mkEnableOption "the `msr` (Model-Specific Registers) kernel module and configure `udev` rules for its devices (usually `/dev/cpu/*/msr`)"; owner = mkOption { type = str; default = "root"; example = "nobody"; - description = mdDoc "Owner ${set}"; + description = "Owner ${set}"; }; group = mkOption { type = str; default = defaultGroup; example = "nobody"; - description = mdDoc "Group ${set}"; + description = "Group ${set}"; }; mode = mkOption { type = str; default = "0640"; example = "0660"; - description = mdDoc "Mode ${set}"; + description = "Mode ${set}"; }; settings = mkOption { type = submodule { diff --git a/nixpkgs/nixos/modules/hardware/device-tree.nix b/nixpkgs/nixos/modules/hardware/device-tree.nix index 6ab13c0eb709..a29cc76ea8f9 100644 --- a/nixpkgs/nixos/modules/hardware/device-tree.nix +++ b/nixpkgs/nixos/modules/hardware/device-tree.nix @@ -9,7 +9,7 @@ let options = { name = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Name of this overlay ''; }; @@ -18,14 +18,14 @@ let type = types.nullOr types.str; default = null; example = "*rpi*.dtb"; - description = lib.mdDoc '' + description = '' Only apply to .dtb files matching glob expression. ''; }; dtsFile = mkOption { type = types.nullOr types.path; - description = lib.mdDoc '' + description = '' Path to .dts overlay file, overlay is applied to each .dtb file matching "compatible" of the overlay. ''; @@ -36,7 +36,7 @@ let dtsText = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Literal DTS contents, overlay is applied to each .dtb file matching "compatible" of the overlay. ''; @@ -58,7 +58,7 @@ let dtboFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Path to .dtbo compiled overlay file. ''; }; @@ -105,7 +105,7 @@ in enable = mkOption { default = pkgs.stdenv.hostPlatform.linux-kernel.DTB or false; type = types.bool; - description = lib.mdDoc '' + description = '' Build device tree files. These are used to describe the non-discoverable hardware of a system. ''; @@ -116,7 +116,7 @@ in defaultText = literalExpression "config.boot.kernelPackages.kernel"; example = literalExpression "pkgs.linux_latest"; type = types.path; - description = lib.mdDoc '' + description = '' Kernel package where device tree include directory is from. Also used as default source of dtb package to apply overlays to ''; }; @@ -125,7 +125,7 @@ in default = []; example = literalExpression "[ \"-DMY_DTB_DEFINE\" ]"; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' Additional flags to pass to the preprocessor during dtbo compilations ''; }; @@ -139,7 +139,7 @@ in ] ''; type = types.listOf types.path; - description = lib.mdDoc '' + description = '' Additional include paths that will be passed to the preprocessor when creating the final .dts to compile into .dtbo ''; }; @@ -148,7 +148,7 @@ in default = "${cfg.kernelPackage}/dtbs"; defaultText = literalExpression "\${cfg.kernelPackage}/dtbs"; type = types.path; - description = lib.mdDoc '' + description = '' Path to dtb directory that overlays and other processing will be applied to. Uses device trees bundled with the Linux kernel by default. ''; @@ -158,7 +158,7 @@ in default = null; example = "some-dtb.dtb"; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' The name of an explicit dtb to be loaded, relative to the dtb base. Useful in extlinux scenarios if the bootloader doesn't pick the right .dtb file from FDTDIR. @@ -169,7 +169,7 @@ in type = types.nullOr types.str; default = null; example = "*rpi*.dtb"; - description = lib.mdDoc '' + description = '' Only include .dtb files matching glob expression. ''; }; @@ -190,7 +190,7 @@ in filter = null; dtboFile = path; }) overlayType); - description = lib.mdDoc '' + description = '' List of overlays to apply to base device-tree (.dtb) files. ''; }; @@ -199,7 +199,7 @@ in default = null; type = types.nullOr types.path; internal = true; - description = lib.mdDoc '' + description = '' A path containing the result of applying `overlays` to `kernelPackage`. ''; }; diff --git a/nixpkgs/nixos/modules/hardware/digitalbitbox.nix b/nixpkgs/nixos/modules/hardware/digitalbitbox.nix index ea04d72a63a5..7df15288ecfe 100644 --- a/nixpkgs/nixos/modules/hardware/digitalbitbox.nix +++ b/nixpkgs/nixos/modules/hardware/digitalbitbox.nix @@ -11,7 +11,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enables udev rules for Digital Bitbox devices. ''; }; diff --git a/nixpkgs/nixos/modules/hardware/flipperzero.nix b/nixpkgs/nixos/modules/hardware/flipperzero.nix index 82f9b76fa3a7..3a6d29d0f9eb 100644 --- a/nixpkgs/nixos/modules/hardware/flipperzero.nix +++ b/nixpkgs/nixos/modules/hardware/flipperzero.nix @@ -9,7 +9,7 @@ let in { - options.hardware.flipperzero.enable = mkEnableOption (mdDoc "udev rules and software for Flipper Zero devices"); + options.hardware.flipperzero.enable = mkEnableOption "udev rules and software for Flipper Zero devices"; config = mkIf cfg.enable { environment.systemPackages = [ pkgs.qFlipper ]; diff --git a/nixpkgs/nixos/modules/hardware/flirc.nix b/nixpkgs/nixos/modules/hardware/flirc.nix index 2fe40db947e4..94ec715b9fa5 100644 --- a/nixpkgs/nixos/modules/hardware/flirc.nix +++ b/nixpkgs/nixos/modules/hardware/flirc.nix @@ -3,7 +3,7 @@ let cfg = config.hardware.flirc; in { - options.hardware.flirc.enable = lib.mkEnableOption (lib.mdDoc "software to configure a Flirc USB device"); + options.hardware.flirc.enable = lib.mkEnableOption "software to configure a Flirc USB device"; config = lib.mkIf cfg.enable { environment.systemPackages = [ pkgs.flirc ]; diff --git a/nixpkgs/nixos/modules/hardware/gkraken.nix b/nixpkgs/nixos/modules/hardware/gkraken.nix index f427fec0a7cc..97d15369db0a 100644 --- a/nixpkgs/nixos/modules/hardware/gkraken.nix +++ b/nixpkgs/nixos/modules/hardware/gkraken.nix @@ -7,7 +7,7 @@ let in { options.hardware.gkraken = { - enable = mkEnableOption (lib.mdDoc "gkraken's udev rules for NZXT AIO liquid coolers"); + enable = mkEnableOption "gkraken's udev rules for NZXT AIO liquid coolers"; }; config = mkIf cfg.enable { diff --git a/nixpkgs/nixos/modules/hardware/glasgow.nix b/nixpkgs/nixos/modules/hardware/glasgow.nix index f8ebb772c47b..e63aa8bdb4bd 100644 --- a/nixpkgs/nixos/modules/hardware/glasgow.nix +++ b/nixpkgs/nixos/modules/hardware/glasgow.nix @@ -9,7 +9,7 @@ in enable = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Enables Glasgow udev rules and ensures 'plugdev' group exists. This is a prerequisite to using Glasgow without being root. ''; diff --git a/nixpkgs/nixos/modules/hardware/gpgsmartcards.nix b/nixpkgs/nixos/modules/hardware/gpgsmartcards.nix index 68e1e5f74e2e..cc3f4c769976 100644 --- a/nixpkgs/nixos/modules/hardware/gpgsmartcards.nix +++ b/nixpkgs/nixos/modules/hardware/gpgsmartcards.nix @@ -28,7 +28,7 @@ let cfg = config.hardware.gpgSmartcards; in { options.hardware.gpgSmartcards = { - enable = mkEnableOption (lib.mdDoc "udev rules for gnupg smart cards"); + enable = mkEnableOption "udev rules for gnupg smart cards"; }; config = mkIf cfg.enable { diff --git a/nixpkgs/nixos/modules/hardware/hackrf.nix b/nixpkgs/nixos/modules/hardware/hackrf.nix index 38ef7fa6d3d4..7f03b765bbda 100644 --- a/nixpkgs/nixos/modules/hardware/hackrf.nix +++ b/nixpkgs/nixos/modules/hardware/hackrf.nix @@ -9,7 +9,7 @@ in enable = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Enables hackrf udev rules and ensures 'plugdev' group exists. This is a prerequisite to using HackRF devices without being root, since HackRF USB descriptors will be owned by plugdev through udev. ''; diff --git a/nixpkgs/nixos/modules/hardware/i2c.nix b/nixpkgs/nixos/modules/hardware/i2c.nix index bd4c4ebe21bd..b1e5cfd9e025 100644 --- a/nixpkgs/nixos/modules/hardware/i2c.nix +++ b/nixpkgs/nixos/modules/hardware/i2c.nix @@ -8,16 +8,16 @@ in { options.hardware.i2c = { - enable = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption '' i2c devices support. By default access is granted to users in the "i2c" group (will be created if non-existent) and any user with a seat, meaning logged on the computer locally - ''); + ''; group = mkOption { type = types.str; default = "i2c"; - description = lib.mdDoc '' + description = '' Grant access to i2c devices (/dev/i2c-*) to users in this group. ''; }; diff --git a/nixpkgs/nixos/modules/hardware/infiniband.nix b/nixpkgs/nixos/modules/hardware/infiniband.nix index 962883fa7972..6780aee9f36b 100644 --- a/nixpkgs/nixos/modules/hardware/infiniband.nix +++ b/nixpkgs/nixos/modules/hardware/infiniband.nix @@ -36,7 +36,7 @@ in type = with types; listOf str; default = []; example = [ "0xe8ebd30000eee2e1" ]; - description = lib.mdDoc '' + description = '' A list of infiniband port guids on the system. This is discoverable using `ibstat -p` ''; }; diff --git a/nixpkgs/nixos/modules/hardware/keyboard/qmk.nix b/nixpkgs/nixos/modules/hardware/keyboard/qmk.nix index d95d36dedb44..b3e752ad66c5 100644 --- a/nixpkgs/nixos/modules/hardware/keyboard/qmk.nix +++ b/nixpkgs/nixos/modules/hardware/keyboard/qmk.nix @@ -2,12 +2,12 @@ let cfg = config.hardware.keyboard.qmk; - inherit (lib) mdDoc mkEnableOption mkIf; + inherit (lib) mkEnableOption mkIf; in { options.hardware.keyboard.qmk = { - enable = mkEnableOption (mdDoc "non-root access to the firmware of QMK keyboards"); + enable = mkEnableOption "non-root access to the firmware of QMK keyboards"; }; config = mkIf cfg.enable { diff --git a/nixpkgs/nixos/modules/hardware/keyboard/teck.nix b/nixpkgs/nixos/modules/hardware/keyboard/teck.nix index 8376c6b9c50b..8cb736dedac4 100644 --- a/nixpkgs/nixos/modules/hardware/keyboard/teck.nix +++ b/nixpkgs/nixos/modules/hardware/keyboard/teck.nix @@ -2,12 +2,12 @@ let cfg = config.hardware.keyboard.teck; - inherit (lib) mdDoc mkEnableOption mkIf; + inherit (lib) mkEnableOption mkIf; in { options.hardware.keyboard.teck = { - enable = mkEnableOption (mdDoc "non-root access to the firmware of TECK keyboards"); + enable = mkEnableOption "non-root access to the firmware of TECK keyboards"; }; config = mkIf cfg.enable { diff --git a/nixpkgs/nixos/modules/hardware/keyboard/uhk.nix b/nixpkgs/nixos/modules/hardware/keyboard/uhk.nix index ff984fa5daa6..a5bd35c2a550 100644 --- a/nixpkgs/nixos/modules/hardware/keyboard/uhk.nix +++ b/nixpkgs/nixos/modules/hardware/keyboard/uhk.nix @@ -2,17 +2,17 @@ let cfg = config.hardware.keyboard.uhk; - inherit (lib) mdDoc mkEnableOption mkIf; + inherit (lib) mkEnableOption mkIf; in { options.hardware.keyboard.uhk = { - enable = mkEnableOption (mdDoc '' + enable = mkEnableOption '' non-root access to the firmware of UHK keyboards. You need it when you want to flash a new firmware on the keyboard. Access to the keyboard is granted to users in the "input" group. You may want to install the uhk-agent package - ''); + ''; }; diff --git a/nixpkgs/nixos/modules/hardware/keyboard/zsa.nix b/nixpkgs/nixos/modules/hardware/keyboard/zsa.nix index 191fb12cca4f..42fac3b45bb9 100644 --- a/nixpkgs/nixos/modules/hardware/keyboard/zsa.nix +++ b/nixpkgs/nixos/modules/hardware/keyboard/zsa.nix @@ -2,17 +2,17 @@ let cfg = config.hardware.keyboard.zsa; - inherit (lib) mkEnableOption mkIf mdDoc; + inherit (lib) mkEnableOption mkIf; in { options.hardware.keyboard.zsa = { - enable = mkEnableOption (mdDoc '' + enable = mkEnableOption '' udev rules for keyboards from ZSA like the ErgoDox EZ, Planck EZ and Moonlander Mark I. You need it when you want to flash a new configuration on the keyboard or use their live training in the browser. You may want to install the wally-cli package - ''); + ''; }; config = mkIf cfg.enable { diff --git a/nixpkgs/nixos/modules/hardware/ksm.nix b/nixpkgs/nixos/modules/hardware/ksm.nix index 82d94e6ab57c..e0b5949ffb21 100644 --- a/nixpkgs/nixos/modules/hardware/ksm.nix +++ b/nixpkgs/nixos/modules/hardware/ksm.nix @@ -11,11 +11,11 @@ in { ]; options.hardware.ksm = { - enable = mkEnableOption (lib.mdDoc "Kernel Same-Page Merging"); + enable = mkEnableOption "Linux kernel Same-Page Merging"; sleep = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' How many milliseconds ksmd should sleep between scans. Setting it to `null` uses the kernel's default time. ''; diff --git a/nixpkgs/nixos/modules/hardware/ledger.nix b/nixpkgs/nixos/modules/hardware/ledger.nix index fcce4f61a870..41abe74315a0 100644 --- a/nixpkgs/nixos/modules/hardware/ledger.nix +++ b/nixpkgs/nixos/modules/hardware/ledger.nix @@ -6,7 +6,7 @@ let cfg = config.hardware.ledger; in { - options.hardware.ledger.enable = mkEnableOption (lib.mdDoc "udev rules for Ledger devices"); + options.hardware.ledger.enable = mkEnableOption "udev rules for Ledger devices"; config = mkIf cfg.enable { services.udev.packages = [ pkgs.ledger-udev-rules ]; diff --git a/nixpkgs/nixos/modules/hardware/logitech.nix b/nixpkgs/nixos/modules/hardware/logitech.nix index 9b06eb8a8b01..94a1287e051c 100644 --- a/nixpkgs/nixos/modules/hardware/logitech.nix +++ b/nixpkgs/nixos/modules/hardware/logitech.nix @@ -19,12 +19,12 @@ in options.hardware.logitech = { lcd = { - enable = mkEnableOption (lib.mdDoc "Logitech LCD Devices"); + enable = mkEnableOption "support for Logitech LCD Devices"; startWhenNeeded = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Only run the service when an actual supported device is plugged. ''; }; @@ -32,7 +32,7 @@ in devices = mkOption { type = types.listOf types.str; default = [ "0a07" "c222" "c225" "c227" "c251" ]; - description = lib.mdDoc '' + description = '' List of USB device ids supported by g15daemon. You most likely do not need to change this. @@ -41,12 +41,12 @@ in }; wireless = { - enable = mkEnableOption (lib.mdDoc "Logitech Wireless Devices"); + enable = mkEnableOption "support for Logitech Wireless Devices"; enableGraphical = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable graphical support applications."; + description = "Enable graphical support applications."; }; }; }; diff --git a/nixpkgs/nixos/modules/hardware/mcelog.nix b/nixpkgs/nixos/modules/hardware/mcelog.nix index be8fc8cd1925..13ad238870c2 100644 --- a/nixpkgs/nixos/modules/hardware/mcelog.nix +++ b/nixpkgs/nixos/modules/hardware/mcelog.nix @@ -10,7 +10,7 @@ with lib; enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable the Machine Check Exception logger. ''; }; diff --git a/nixpkgs/nixos/modules/hardware/network/ath-user-regd.nix b/nixpkgs/nixos/modules/hardware/network/ath-user-regd.nix index a7f023d26ce7..b5ade5ed5010 100644 --- a/nixpkgs/nixos/modules/hardware/network/ath-user-regd.nix +++ b/nixpkgs/nixos/modules/hardware/network/ath-user-regd.nix @@ -14,7 +14,7 @@ in options.networking.wireless.athUserRegulatoryDomain = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' If enabled, sets the ATH_USER_REGD kernel config switch to true to disable the enforcement of EEPROM regulatory restrictions for ath drivers. Requires at least Linux ${linuxKernelMinVersion}. diff --git a/nixpkgs/nixos/modules/hardware/network/b43.nix b/nixpkgs/nixos/modules/hardware/network/b43.nix index 7f045f7b70f9..eb03bf223ccf 100644 --- a/nixpkgs/nixos/modules/hardware/network/b43.nix +++ b/nixpkgs/nixos/modules/hardware/network/b43.nix @@ -13,7 +13,7 @@ let kernelVersion = config.boot.kernelPackages.kernel.version; in networking.enableB43Firmware = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Turn on this option if you want firmware for the NICs supported by the b43 module. ''; }; diff --git a/nixpkgs/nixos/modules/hardware/network/intel-2200bg.nix b/nixpkgs/nixos/modules/hardware/network/intel-2200bg.nix index e1ec8134129e..17b973474c93 100644 --- a/nixpkgs/nixos/modules/hardware/network/intel-2200bg.nix +++ b/nixpkgs/nixos/modules/hardware/network/intel-2200bg.nix @@ -9,7 +9,7 @@ networking.enableIntel2200BGFirmware = lib.mkOption { default = false; type = lib.types.bool; - description = lib.mdDoc '' + description = '' Turn on this option if you want firmware for the Intel PRO/Wireless 2200BG to be loaded automatically. This is required if you want to use this device. diff --git a/nixpkgs/nixos/modules/hardware/new-lg4ff.nix b/nixpkgs/nixos/modules/hardware/new-lg4ff.nix index fac376eb7a75..3c7f66f8d89b 100644 --- a/nixpkgs/nixos/modules/hardware/new-lg4ff.nix +++ b/nixpkgs/nixos/modules/hardware/new-lg4ff.nix @@ -10,7 +10,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enables improved Linux module drivers for Logitech driving wheels. This will replace the existing in-kernel hid-logitech modules. Works most notably on the Logitech G25, G27, G29 and Driving Force (GT). diff --git a/nixpkgs/nixos/modules/hardware/nitrokey.nix b/nixpkgs/nixos/modules/hardware/nitrokey.nix index e2e88a8eade4..9bc8da41a4a7 100644 --- a/nixpkgs/nixos/modules/hardware/nitrokey.nix +++ b/nixpkgs/nixos/modules/hardware/nitrokey.nix @@ -13,7 +13,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enables udev rules for Nitrokey devices. By default grants access to users in the "nitrokey" group. You may want to install the nitrokey-app package, depending on your device and needs. diff --git a/nixpkgs/nixos/modules/hardware/onlykey/default.nix b/nixpkgs/nixos/modules/hardware/onlykey/default.nix index 59e159dce482..07358c8a8782 100644 --- a/nixpkgs/nixos/modules/hardware/onlykey/default.nix +++ b/nixpkgs/nixos/modules/hardware/onlykey/default.nix @@ -12,7 +12,7 @@ with lib; enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable OnlyKey device (https://crp.to/p/) support. ''; }; diff --git a/nixpkgs/nixos/modules/hardware/opengl.nix b/nixpkgs/nixos/modules/hardware/opengl.nix index 0ff018ddc47d..25324fd8b0af 100644 --- a/nixpkgs/nixos/modules/hardware/opengl.nix +++ b/nixpkgs/nixos/modules/hardware/opengl.nix @@ -33,7 +33,7 @@ in hardware.opengl = { enable = mkOption { - description = lib.mdDoc '' + description = '' Whether to enable OpenGL drivers. This is needed to enable OpenGL support in X11 systems, as well as for Wayland compositors like sway and Weston. It is enabled by default @@ -49,7 +49,7 @@ in driSupport = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable accelerated OpenGL rendering through the Direct Rendering Interface (DRI). ''; @@ -58,7 +58,7 @@ in driSupport32Bit = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' On 64-bit systems, whether to support Direct Rendering for 32-bit applications (such as Wine). This is currently only supported for the `nvidia` as well as @@ -69,7 +69,7 @@ in package = mkOption { type = types.package; internal = true; - description = lib.mdDoc '' + description = '' The package that provides the OpenGL implementation. ''; }; @@ -77,7 +77,7 @@ in package32 = mkOption { type = types.package; internal = true; - description = lib.mdDoc '' + description = '' The package that provides the 32-bit OpenGL implementation on 64-bit systems. Used when {option}`driSupport32Bit` is set. @@ -88,7 +88,7 @@ in type = types.listOf types.package; default = []; example = literalExpression "with pkgs; [ intel-media-driver intel-ocl intel-vaapi-driver ]"; - description = lib.mdDoc '' + description = '' Additional packages to add to OpenGL drivers. This can be used to add OpenCL drivers, VA-API/VDPAU drivers etc. @@ -102,7 +102,7 @@ in type = types.listOf types.package; default = []; example = literalExpression "with pkgs.pkgsi686Linux; [ intel-media-driver intel-vaapi-driver ]"; - description = lib.mdDoc '' + description = '' Additional packages to add to 32-bit OpenGL drivers on 64-bit systems. Used when {option}`driSupport32Bit` is set. This can be used to add OpenCL drivers, VA-API/VDPAU drivers etc. @@ -116,7 +116,7 @@ in type = types.bool; internal = true; default = false; - description = lib.mdDoc '' + description = '' Whether the `LD_LIBRARY_PATH` environment variable should be set to the locations of driver libraries. Drivers which rely on overriding libraries should set this to true. Drivers which diff --git a/nixpkgs/nixos/modules/hardware/openrazer.nix b/nixpkgs/nixos/modules/hardware/openrazer.nix index abbafaee8950..5ba6abfdb3d7 100644 --- a/nixpkgs/nixos/modules/hardware/openrazer.nix +++ b/nixpkgs/nixos/modules/hardware/openrazer.nix @@ -19,7 +19,9 @@ let [Startup] sync_effects_enabled = ${toPyBoolStr cfg.syncEffectsEnabled} devices_off_on_screensaver = ${toPyBoolStr cfg.devicesOffOnScreensaver} - mouse_battery_notifier = ${toPyBoolStr cfg.mouseBatteryNotifier} + battery_notifier = ${toPyBoolStr (cfg.mouseBatteryNotifier || cfg.batteryNotifier.enable)} + battery_notifier_freq = ${builtins.toString cfg.batteryNotifier.frequency} + battery_notifier_percent = ${builtins.toString cfg.batteryNotifier.percentage} [Statistics] key_statistics = ${toPyBoolStr cfg.keyStatistics} @@ -49,14 +51,14 @@ in { options = { hardware.openrazer = { - enable = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption '' OpenRazer drivers and userspace daemon - ''); + ''; verboseLogging = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable verbose logging. Logs debug messages. ''; }; @@ -64,7 +66,7 @@ in syncEffectsEnabled = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Set the sync effects flag to true so any assignment of effects will work across devices. ''; @@ -73,7 +75,7 @@ in devicesOffOnScreensaver = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Turn off the devices when the systems screensaver kicks in. ''; }; @@ -81,15 +83,50 @@ in mouseBatteryNotifier = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Mouse battery notifier. ''; }; + batteryNotifier = mkOption { + description = '' + Settings for device battery notifications. + ''; + default = {}; + type = types.submodule { + options = { + enable = mkOption { + type = types.bool; + default = true; + description = '' + Mouse battery notifier. + ''; + }; + frequency = mkOption { + type = types.int; + default = 600; + description = '' + How often battery notifications should be shown (in seconds). + A value of 0 disables notifications. + ''; + }; + + percentage = mkOption { + type = types.int; + default = 33; + description = '' + At what battery percentage the device should reach before + sending notifications. + ''; + }; + }; + }; + }; + keyStatistics = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Collects number of keypresses per hour per key used to generate a heatmap. ''; @@ -98,7 +135,7 @@ in users = mkOption { type = with types; listOf str; default = []; - description = lib.mdDoc '' + description = '' Usernames to be added to the "openrazer" group, so that they can start and interact with the OpenRazer userspace daemon. ''; @@ -107,6 +144,13 @@ in }; config = mkIf cfg.enable { + warnings = flatten [ + (optional cfg.mouseBatteryNotifier '' + The option openrazer.mouseBatteryNotifier is deprecated. + Please use openrazer.batteryNotifier instead to enable and configure battery notifications. + '') + ]; + boot.extraModulePackages = [ kernelPackages.openrazer ]; boot.kernelModules = drivers; @@ -127,15 +171,15 @@ in systemd.user.services.openrazer-daemon = { description = "Daemon to manage razer devices in userspace"; unitConfig.Documentation = "man:openrazer-daemon(8)"; - # Requires a graphical session so the daemon knows when the screensaver - # starts. See the 'devicesOffOnScreensaver' option. - wantedBy = [ "graphical-session.target" ]; - partOf = [ "graphical-session.target" ]; - serviceConfig = { - Type = "dbus"; - BusName = "org.razer"; - ExecStart = "${daemonExe} --foreground"; - Restart = "always"; + # Requires a graphical session so the daemon knows when the screensaver + # starts. See the 'devicesOffOnScreensaver' option. + wantedBy = [ "graphical-session.target" ]; + partOf = [ "graphical-session.target" ]; + serviceConfig = { + Type = "dbus"; + BusName = "org.razer"; + ExecStart = "${daemonExe} --foreground"; + Restart = "always"; }; }; }; diff --git a/nixpkgs/nixos/modules/hardware/opentabletdriver.nix b/nixpkgs/nixos/modules/hardware/opentabletdriver.nix index f103da14c9dd..d8958ed4f68d 100644 --- a/nixpkgs/nixos/modules/hardware/opentabletdriver.nix +++ b/nixpkgs/nixos/modules/hardware/opentabletdriver.nix @@ -12,7 +12,7 @@ in enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Enable OpenTabletDriver udev rules, user service and blacklist kernel modules known to conflict with OpenTabletDriver. ''; @@ -21,7 +21,7 @@ in blacklistedKernelModules = mkOption { type = types.listOf types.str; default = [ "hid-uclogic" "wacom" ]; - description = lib.mdDoc '' + description = '' Blacklist of kernel modules known to conflict with OpenTabletDriver. ''; }; @@ -32,7 +32,7 @@ in enable = mkOption { default = true; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to start OpenTabletDriver daemon as a systemd user service. ''; }; diff --git a/nixpkgs/nixos/modules/hardware/pcmcia.nix b/nixpkgs/nixos/modules/hardware/pcmcia.nix index f7a5565d773e..aef35a28e54d 100644 --- a/nixpkgs/nixos/modules/hardware/pcmcia.nix +++ b/nixpkgs/nixos/modules/hardware/pcmcia.nix @@ -20,7 +20,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable this option to support PCMCIA card. ''; }; @@ -28,7 +28,7 @@ in firmware = mkOption { type = types.listOf types.path; default = []; - description = lib.mdDoc '' + description = '' List of firmware used to handle specific PCMCIA card. ''; }; @@ -36,7 +36,7 @@ in config = mkOption { default = null; type = types.nullOr types.path; - description = lib.mdDoc '' + description = '' Path to the configuration file which maps the memory, IRQs and ports used by the PCMCIA hardware. ''; diff --git a/nixpkgs/nixos/modules/hardware/printers.nix b/nixpkgs/nixos/modules/hardware/printers.nix index 4fb6a192cdd2..de2f84d4831b 100644 --- a/nixpkgs/nixos/modules/hardware/printers.nix +++ b/nixpkgs/nixos/modules/hardware/printers.nix @@ -35,12 +35,12 @@ in { ensureDefaultPrinter = mkOption { type = types.nullOr printerName; default = null; - description = lib.mdDoc '' + description = '' Ensures the named printer is the default CUPS printer / printer queue. ''; }; ensurePrinters = mkOption { - description = lib.mdDoc '' + description = '' Will regularly ensure that the given CUPS printers are configured as declared here. If a printer's options are manually changed afterwards, they will be overwritten eventually. This option will never delete any printer, even if removed from this list. @@ -54,7 +54,7 @@ in { name = mkOption { type = printerName; example = "BrotherHL_Workroom"; - description = lib.mdDoc '' + description = '' Name of the printer / printer queue. May contain any printable characters except "/", "#", and space. ''; @@ -63,7 +63,7 @@ in { type = types.nullOr types.str; default = null; example = "Workroom"; - description = lib.mdDoc '' + description = '' Optional human-readable location. ''; }; @@ -71,7 +71,7 @@ in { type = types.nullOr types.str; default = null; example = "Brother HL-5140"; - description = lib.mdDoc '' + description = '' Optional human-readable description. ''; }; @@ -81,7 +81,7 @@ in { "ipp://printserver.local/printers/BrotherHL_Workroom" "usb://HP/DESKJET%20940C?serial=CN16E6C364BH" ''; - description = lib.mdDoc '' + description = '' How to reach the printer. {command}`lpinfo -v` shows a list of supported device URIs and schemes. ''; @@ -91,7 +91,7 @@ in { example = literalExpression '' "gutenprint.''${lib.versions.majorMinor (lib.getVersion pkgs.gutenprint)}://brother-hl-5140/expert" ''; - description = lib.mdDoc '' + description = '' Location of the ppd driver file for the printer. {command}`lpinfo -m` shows a list of supported models. ''; @@ -103,7 +103,7 @@ in { Duplex = "DuplexNoTumble"; }; default = {}; - description = lib.mdDoc '' + description = '' Sets PPD options for the printer. {command}`lpoptions [-p printername] -l` shows supported PPD options for the given printer. ''; diff --git a/nixpkgs/nixos/modules/hardware/raid/hpsa.nix b/nixpkgs/nixos/modules/hardware/raid/hpsa.nix index 2934cd19a8c1..120348a74bfb 100644 --- a/nixpkgs/nixos/modules/hardware/raid/hpsa.nix +++ b/nixpkgs/nixos/modules/hardware/raid/hpsa.nix @@ -48,7 +48,7 @@ in { options = { hardware.raid.HPSmartArray = { - enable = mkEnableOption (lib.mdDoc "HP Smart Array kernel modules and CLI utility"); + enable = mkEnableOption "HP Smart Array kernel modules and CLI utility"; }; }; diff --git a/nixpkgs/nixos/modules/hardware/rtl-sdr.nix b/nixpkgs/nixos/modules/hardware/rtl-sdr.nix index 7f462005f157..e85fc04e29bb 100644 --- a/nixpkgs/nixos/modules/hardware/rtl-sdr.nix +++ b/nixpkgs/nixos/modules/hardware/rtl-sdr.nix @@ -8,7 +8,7 @@ in { enable = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Enables rtl-sdr udev rules, ensures 'plugdev' group exists, and blacklists DVB kernel modules. This is a prerequisite to using devices supported by rtl-sdr without being root, since rtl-sdr USB descriptors will be owned by plugdev through udev. ''; diff --git a/nixpkgs/nixos/modules/hardware/saleae-logic.nix b/nixpkgs/nixos/modules/hardware/saleae-logic.nix index f144814a06b7..a3810d640c48 100644 --- a/nixpkgs/nixos/modules/hardware/saleae-logic.nix +++ b/nixpkgs/nixos/modules/hardware/saleae-logic.nix @@ -5,13 +5,13 @@ let in { options.hardware.saleae-logic = { - enable = lib.mkEnableOption (lib.mdDoc "udev rules for Saleae Logic devices"); + enable = lib.mkEnableOption "udev rules for Saleae Logic devices"; package = lib.mkOption { type = lib.types.package; default = pkgs.saleae-logic-2; defaultText = lib.literalExpression "pkgs.saleae-logic-2"; - description = lib.mdDoc '' + description = '' Saleae Logic package to use. ''; }; diff --git a/nixpkgs/nixos/modules/hardware/sata.nix b/nixpkgs/nixos/modules/hardware/sata.nix index 5330ba9268b5..81592997d6e3 100644 --- a/nixpkgs/nixos/modules/hardware/sata.nix +++ b/nixpkgs/nixos/modules/hardware/sata.nix @@ -36,12 +36,12 @@ in meta.maintainers = with lib.maintainers; [ peterhoeg ]; options.hardware.sata.timeout = { - enable = mkEnableOption (lib.mdDoc "SATA drive timeouts"); + enable = mkEnableOption "SATA drive timeouts"; deciSeconds = mkOption { example = 70; type = types.int; - description = lib.mdDoc '' + description = '' Set SCT Error Recovery Control timeout in deciseconds for use in RAID configurations. Values are as follows: @@ -53,17 +53,17 @@ in }; drives = mkOption { - description = lib.mdDoc "List of drives for which to configure the timeout."; + description = "List of drives for which to configure the timeout."; type = types.listOf (types.submodule { options = { name = mkOption { - description = lib.mdDoc "Drive name without the full path."; + description = "Drive name without the full path."; type = types.str; }; idBy = mkOption { - description = lib.mdDoc "The method to identify the drive."; + description = "The method to identify the drive."; type = types.enum [ "path" "wwn" ]; default = "path"; }; diff --git a/nixpkgs/nixos/modules/hardware/sensor/hddtemp.nix b/nixpkgs/nixos/modules/hardware/sensor/hddtemp.nix index 1a3d211b858b..8ee60dc4d6dd 100644 --- a/nixpkgs/nixos/modules/hardware/sensor/hddtemp.nix +++ b/nixpkgs/nixos/modules/hardware/sensor/hddtemp.nix @@ -30,7 +30,7 @@ in options = { hardware.sensor.hddtemp = { enable = mkOption { - description = lib.mdDoc '' + description = '' Enable this option to support HDD/SSD temperature sensors. ''; type = types.bool; @@ -38,24 +38,24 @@ in }; drives = mkOption { - description = lib.mdDoc "List of drives to monitor. If you pass /dev/disk/by-path/* entries the symlinks will be resolved as hddtemp doesn't like names with colons."; + description = "List of drives to monitor. If you pass /dev/disk/by-path/* entries the symlinks will be resolved as hddtemp doesn't like names with colons."; type = types.listOf types.str; }; unit = mkOption { - description = lib.mdDoc "Celsius or Fahrenheit"; + description = "Celsius or Fahrenheit"; type = types.enum [ "C" "F" ]; default = "C"; }; dbEntries = mkOption { - description = lib.mdDoc "Additional DB entries"; + description = "Additional DB entries"; type = types.listOf types.str; default = [ ]; }; extraArgs = mkOption { - description = lib.mdDoc "Additional arguments passed to the daemon."; + description = "Additional arguments passed to the daemon."; type = types.listOf types.str; default = [ ]; }; diff --git a/nixpkgs/nixos/modules/hardware/sensor/iio.nix b/nixpkgs/nixos/modules/hardware/sensor/iio.nix index 6f7b1dc1f7f8..8b3ba87a7d9c 100644 --- a/nixpkgs/nixos/modules/hardware/sensor/iio.nix +++ b/nixpkgs/nixos/modules/hardware/sensor/iio.nix @@ -8,7 +8,7 @@ with lib; options = { hardware.sensor.iio = { enable = mkOption { - description = lib.mdDoc '' + description = '' Enable this option to support IIO sensors with iio-sensor-proxy. IIO sensors are used for orientation and ambient light diff --git a/nixpkgs/nixos/modules/hardware/steam-hardware.nix b/nixpkgs/nixos/modules/hardware/steam-hardware.nix index 07edf6870390..6218c9ffbb9b 100644 --- a/nixpkgs/nixos/modules/hardware/steam-hardware.nix +++ b/nixpkgs/nixos/modules/hardware/steam-hardware.nix @@ -13,7 +13,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable udev rules for Steam hardware such as the Steam Controller, other supported controllers and the HTC Vive"; + description = "Enable udev rules for Steam hardware such as the Steam Controller, other supported controllers and the HTC Vive"; }; }; diff --git a/nixpkgs/nixos/modules/hardware/system-76.nix b/nixpkgs/nixos/modules/hardware/system-76.nix index 3fb2c10a6e3b..ca40ee0ebb37 100644 --- a/nixpkgs/nixos/modules/hardware/system-76.nix +++ b/nixpkgs/nixos/modules/hardware/system-76.nix @@ -57,13 +57,13 @@ let in { options = { hardware.system76 = { - enableAll = mkEnableOption (lib.mdDoc "all recommended configuration for system76 systems"); + enableAll = mkEnableOption "all recommended configuration for system76 systems"; firmware-daemon.enable = mkOption { default = cfg.enableAll; defaultText = literalExpression "config.${opt.enableAll}"; example = true; - description = lib.mdDoc "Whether to enable the system76 firmware daemon"; + description = "Whether to enable the system76 firmware daemon"; type = types.bool; }; @@ -71,7 +71,7 @@ in { default = cfg.enableAll; defaultText = literalExpression "config.${opt.enableAll}"; example = true; - description = lib.mdDoc "Whether to make the system76 out-of-tree kernel modules available"; + description = "Whether to make the system76 out-of-tree kernel modules available"; type = types.bool; }; @@ -79,7 +79,7 @@ in { default = cfg.enableAll; defaultText = literalExpression "config.${opt.enableAll}"; example = true; - description = lib.mdDoc "Whether to enable the system76 power daemon"; + description = "Whether to enable the system76 power daemon"; type = types.bool; }; }; diff --git a/nixpkgs/nixos/modules/hardware/tuxedo-keyboard.nix b/nixpkgs/nixos/modules/hardware/tuxedo-keyboard.nix index fd8b48a5e9ea..f90dfc6e3134 100644 --- a/nixpkgs/nixos/modules/hardware/tuxedo-keyboard.nix +++ b/nixpkgs/nixos/modules/hardware/tuxedo-keyboard.nix @@ -8,7 +8,7 @@ let in { options.hardware.tuxedo-keyboard = { - enable = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption '' the tuxedo-keyboard driver. To configure the driver, pass the options to the {option}`boot.kernelParams` configuration. @@ -24,7 +24,7 @@ in "tuxedo_keyboard.color_left=0xff0a0a" ]; ``` - ''); + ''; }; config = mkIf cfg.enable diff --git a/nixpkgs/nixos/modules/hardware/ubertooth.nix b/nixpkgs/nixos/modules/hardware/ubertooth.nix index e2db2068d900..f65c2da25522 100644 --- a/nixpkgs/nixos/modules/hardware/ubertooth.nix +++ b/nixpkgs/nixos/modules/hardware/ubertooth.nix @@ -10,13 +10,13 @@ let }; in { options.hardware.ubertooth = { - enable = mkEnableOption (lib.mdDoc "Ubertooth software and its udev rules"); + enable = mkEnableOption "Ubertooth software and its udev rules"; group = mkOption { type = types.str; default = "ubertooth"; example = "wheel"; - description = lib.mdDoc "Group for Ubertooth's udev rules."; + description = "Group for Ubertooth's udev rules."; }; }; diff --git a/nixpkgs/nixos/modules/hardware/uinput.nix b/nixpkgs/nixos/modules/hardware/uinput.nix index 15fa66b8d83c..55e86bfa6bdb 100644 --- a/nixpkgs/nixos/modules/hardware/uinput.nix +++ b/nixpkgs/nixos/modules/hardware/uinput.nix @@ -4,7 +4,7 @@ let cfg = config.hardware.uinput; in { options.hardware.uinput = { - enable = lib.mkEnableOption (lib.mdDoc "uinput support"); + enable = lib.mkEnableOption "uinput support"; }; config = lib.mkIf cfg.enable { diff --git a/nixpkgs/nixos/modules/hardware/uni-sync.nix b/nixpkgs/nixos/modules/hardware/uni-sync.nix new file mode 100644 index 000000000000..dd230ae419a1 --- /dev/null +++ b/nixpkgs/nixos/modules/hardware/uni-sync.nix @@ -0,0 +1,117 @@ +{ config +, lib +, pkgs +, ... +}: +with lib; let + cfg = config.hardware.uni-sync; +in +{ + meta.maintainers = with maintainers; [ yunfachi ]; + + options.hardware.uni-sync = { + enable = mkEnableOption "udev rules and software for Lian Li Uni Controllers"; + package = mkPackageOption pkgs "uni-sync" { }; + + devices = mkOption { + default = [ ]; + example = literalExpression '' + [ + { + device_id = "VID:1111/PID:11111/SN:1111111111"; + sync_rgb = true; + channels = [ + { + mode = "PWM"; + } + { + mode = "Manual"; + speed = 100; + } + { + mode = "Manual"; + speed = 54; + } + { + mode = "Manual"; + speed = 0; + } + ]; + } + { + device_id = "VID:1010/PID:10101/SN:1010101010"; + sync_rgb = false; + channels = [ + { + mode = "Manual"; + speed = 0; + } + ]; + } + ] + ''; + description = "List of controllers with their configurations."; + type = types.listOf (types.submodule { + options = { + device_id = mkOption { + type = types.str; + example = "VID:1111/PID:11111/SN:1111111111"; + description = "Unique device ID displayed at each startup."; + }; + sync_rgb = mkOption { + type = types.bool; + default = false; + example = true; + description = "Enable ARGB header sync."; + }; + channels = mkOption { + default = [ ]; + example = literalExpression '' + [ + { + mode = "PWM"; + } + { + mode = "Manual"; + speed = 100; + } + { + mode = "Manual"; + speed = 54; + } + { + mode = "Manual"; + speed = 0; + } + ] + ''; + description = "List of channels connected to the controller."; + type = types.listOf (types.submodule { + options = { + mode = mkOption { + type = types.enum [ "Manual" "PWM" ]; + default = "Manual"; + example = "PWM"; + description = "\"PWM\" to enable PWM sync. \"Manual\" to set speed."; + }; + speed = mkOption { + type = types.int; + default = "50"; + example = "100"; + description = "Fan speed as percentage (clamped between 0 and 100)."; + }; + }; + }); + }; + }; + }); + }; + }; + + config = mkIf cfg.enable { + environment.etc."uni-sync/uni-sync.json".text = mkIf (cfg.devices != [ ]) (builtins.toJSON { configs = cfg.devices; }); + + environment.systemPackages = [ cfg.package ]; + services.udev.packages = [ cfg.package ]; + }; +} diff --git a/nixpkgs/nixos/modules/hardware/usb-modeswitch.nix b/nixpkgs/nixos/modules/hardware/usb-modeswitch.nix index 773891b0032f..f36d293a867f 100644 --- a/nixpkgs/nixos/modules/hardware/usb-modeswitch.nix +++ b/nixpkgs/nixos/modules/hardware/usb-modeswitch.nix @@ -11,7 +11,7 @@ with lib; enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable this option to support certain USB WLAN and WWAN adapters. These network adapters initial present themselves as Flash Drives containing their drivers. diff --git a/nixpkgs/nixos/modules/hardware/usb-storage.nix b/nixpkgs/nixos/modules/hardware/usb-storage.nix index 3cb2c60d7ccd..6e20b93d2262 100644 --- a/nixpkgs/nixos/modules/hardware/usb-storage.nix +++ b/nixpkgs/nixos/modules/hardware/usb-storage.nix @@ -5,7 +5,7 @@ with lib; options.hardware.usbStorage.manageStartStop = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Enable this option to gracefully spin-down external storage during shutdown. If you suspect improper head parking after poweroff, install `smartmontools` and check for the `Power-Off_Retract_Count` field for an increment. diff --git a/nixpkgs/nixos/modules/hardware/video/bumblebee.nix b/nixpkgs/nixos/modules/hardware/video/bumblebee.nix index 75f71d499e66..b6af4f80445a 100644 --- a/nixpkgs/nixos/modules/hardware/video/bumblebee.nix +++ b/nixpkgs/nixos/modules/hardware/video/bumblebee.nix @@ -29,7 +29,7 @@ in enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Enable the bumblebee daemon to manage Optimus hybrid video cards. This should power off secondary GPU until its use is requested by running an application with optirun. @@ -40,13 +40,13 @@ in default = "wheel"; example = "video"; type = types.str; - description = lib.mdDoc "Group for bumblebee socket"; + description = "Group for bumblebee socket"; }; connectDisplay = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Set to true if you intend to connect your discrete card to a monitor. This option will set up your Nvidia card for EDID discovery and to turn on the monitor signal. @@ -58,7 +58,7 @@ in driver = mkOption { default = "nvidia"; type = types.enum [ "nvidia" "nouveau" ]; - description = lib.mdDoc '' + description = '' Set driver used by bumblebeed. Supported are nouveau and nvidia. ''; }; @@ -66,7 +66,7 @@ in pmMethod = mkOption { default = "auto"; type = types.enum [ "auto" "bbswitch" "switcheroo" "none" ]; - description = lib.mdDoc '' + description = '' Set preferred power management method for unused card. ''; }; diff --git a/nixpkgs/nixos/modules/hardware/video/capture/mwprocapture.nix b/nixpkgs/nixos/modules/hardware/video/capture/mwprocapture.nix index ddd3f3ec7f32..c63535f0faa7 100644 --- a/nixpkgs/nixos/modules/hardware/video/capture/mwprocapture.nix +++ b/nixpkgs/nixos/modules/hardware/video/capture/mwprocapture.nix @@ -12,7 +12,7 @@ in { - options.hardware.mwProCapture.enable = mkEnableOption (lib.mdDoc "Magewell Pro Capture family kernel module"); + options.hardware.mwProCapture.enable = mkEnableOption "the Magewell Pro Capture family kernel module"; config = mkIf cfg.enable { diff --git a/nixpkgs/nixos/modules/hardware/video/nvidia.nix b/nixpkgs/nixos/modules/hardware/video/nvidia.nix index 352c8d8ead54..37d8e53a2e04 100644 --- a/nixpkgs/nixos/modules/hardware/video/nvidia.nix +++ b/nixpkgs/nixos/modules/hardware/video/nvidia.nix @@ -23,9 +23,9 @@ in { options = { hardware.nvidia = { - datacenter.enable = lib.mkEnableOption (lib.mdDoc '' + datacenter.enable = lib.mkEnableOption '' Data Center drivers for NVIDIA cards on a NVLink topology - ''); + ''; datacenter.settings = lib.mkOption { type = settingsFormat.type; default = { @@ -74,41 +74,41 @@ in { DATABASE_PATH="''${nvidia_x11.fabricmanager}/share/nvidia-fabricmanager/nvidia/nvswitch"; } ''; - description = lib.mdDoc '' + description = '' Additional configuration options for fabricmanager. ''; }; - powerManagement.enable = lib.mkEnableOption (lib.mdDoc '' + powerManagement.enable = lib.mkEnableOption '' experimental power management through systemd. For more information, see the NVIDIA docs, on Chapter 21. Configuring Power Management Support - ''); + ''; - powerManagement.finegrained = lib.mkEnableOption (lib.mdDoc '' + powerManagement.finegrained = lib.mkEnableOption '' experimental power management of PRIME offload. For more information, see the NVIDIA docs, on Chapter 22. PCI-Express Runtime D3 (RTD3) Power Management - ''); + ''; - dynamicBoost.enable = lib.mkEnableOption (lib.mdDoc '' + dynamicBoost.enable = lib.mkEnableOption '' dynamic Boost balances power between the CPU and the GPU for improved performance on supported laptops using the nvidia-powerd daemon. For more information, see the NVIDIA docs, on Chapter 23. Dynamic Boost on Linux - ''); + ''; - modesetting.enable = lib.mkEnableOption (lib.mdDoc '' + modesetting.enable = lib.mkEnableOption '' kernel modesetting when using the NVIDIA proprietary driver. Enabling this fixes screen tearing when using Optimus via PRIME (see {option}`hardware.nvidia.prime.sync.enable`. This is not enabled by default because it is not officially supported by NVIDIA and would not work with SLI - ''); + ''; prime.nvidiaBusId = lib.mkOption { type = busIDType; default = ""; example = "PCI:1:0:0"; - description = lib.mdDoc '' + description = '' Bus ID of the NVIDIA GPU. You can find it using lspci; for example if lspci shows the NVIDIA GPU at "01:00.0", set this option to "PCI:1:0:0". ''; @@ -118,7 +118,7 @@ in { type = busIDType; default = ""; example = "PCI:0:2:0"; - description = lib.mdDoc '' + description = '' Bus ID of the Intel GPU. You can find it using lspci; for example if lspci shows the Intel GPU at "00:02.0", set this option to "PCI:0:2:0". ''; @@ -128,13 +128,13 @@ in { type = busIDType; default = ""; example = "PCI:4:0:0"; - description = lib.mdDoc '' + description = '' Bus ID of the AMD APU. You can find it using lspci; for example if lspci shows the AMD APU at "04:00.0", set this option to "PCI:4:0:0". ''; }; - prime.sync.enable = lib.mkEnableOption (lib.mdDoc '' + prime.sync.enable = lib.mkEnableOption '' NVIDIA Optimus support using the NVIDIA proprietary driver via PRIME. If enabled, the NVIDIA GPU will be always on and used for all rendering, while enabling output to displays attached only to the integrated Intel/AMD @@ -156,30 +156,30 @@ in { Note that this configuration will only be successful when a display manager for which the {option}`services.xserver.displayManager.setupCommands` option is supported is used - ''); + ''; - prime.allowExternalGpu = lib.mkEnableOption (lib.mdDoc '' + prime.allowExternalGpu = lib.mkEnableOption '' configuring X to allow external NVIDIA GPUs when using Prime [Reverse] sync optimus - ''); + ''; - prime.offload.enable = lib.mkEnableOption (lib.mdDoc '' + prime.offload.enable = lib.mkEnableOption '' render offload support using the NVIDIA proprietary driver via PRIME. If this is enabled, then the bus IDs of the NVIDIA and Intel/AMD GPUs have to be specified ({option}`hardware.nvidia.prime.nvidiaBusId` and {option}`hardware.nvidia.prime.intelBusId` or {option}`hardware.nvidia.prime.amdgpuBusId`) - ''); + ''; - prime.offload.enableOffloadCmd = lib.mkEnableOption (lib.mdDoc '' + prime.offload.enableOffloadCmd = lib.mkEnableOption '' adding a `nvidia-offload` convenience script to {option}`environment.systemPackages` for offloading programs to an nvidia device. To work, should have also enabled {option}`hardware.nvidia.prime.offload.enable` or {option}`hardware.nvidia.prime.reverseSync.enable`. Example usage `nvidia-offload sauerbraten_client` - ''); + ''; - prime.reverseSync.enable = lib.mkEnableOption (lib.mdDoc '' + prime.reverseSync.enable = lib.mkEnableOption '' NVIDIA Optimus support using the NVIDIA proprietary driver via reverse PRIME. If enabled, the Intel/AMD GPU will be used for all rendering, while enabling output to displays attached only to the NVIDIA GPU without a @@ -205,40 +205,40 @@ in { Note that this configuration will only be successful when a display manager for which the {option}`services.xserver.displayManager.setupCommands` option is supported is used - ''); + ''; nvidiaSettings = - (lib.mkEnableOption (lib.mdDoc '' + (lib.mkEnableOption '' nvidia-settings, NVIDIA's GUI configuration tool - '')) + '') // {default = true;}; - nvidiaPersistenced = lib.mkEnableOption (lib.mdDoc '' + nvidiaPersistenced = lib.mkEnableOption '' nvidia-persistenced a update for NVIDIA GPU headless mode, i.e. It ensures all GPUs stay awake even during headless mode - ''); + ''; - forceFullCompositionPipeline = lib.mkEnableOption (lib.mdDoc '' + forceFullCompositionPipeline = lib.mkEnableOption '' forcefully the full composition pipeline. This sometimes fixes screen tearing issues. This has been reported to reduce the performance of some OpenGL applications and may produce issues in WebGL. It also drastically increases the time the driver needs to clock down after load - ''); + ''; package = lib.mkOption { default = config.boot.kernelPackages.nvidiaPackages."${if cfg.datacenter.enable then "dc" else "stable"}"; defaultText = lib.literalExpression '' config.boot.kernelPackages.nvidiaPackages."\$\{if cfg.datacenter.enable then "dc" else "stable"}" ''; - example = lib.mdDoc "config.boot.kernelPackages.nvidiaPackages.legacy_470"; - description = lib.mdDoc '' + example = "config.boot.kernelPackages.nvidiaPackages.legacy_470"; + description = '' The NVIDIA driver package to use. ''; }; - open = lib.mkEnableOption (lib.mdDoc '' + open = lib.mkEnableOption '' the open source NVIDIA kernel module - ''); + ''; }; }; diff --git a/nixpkgs/nixos/modules/hardware/video/uvcvideo/default.nix b/nixpkgs/nixos/modules/hardware/video/uvcvideo/default.nix index 6cfb8cc6ad29..901ff938d90e 100644 --- a/nixpkgs/nixos/modules/hardware/video/uvcvideo/default.nix +++ b/nixpkgs/nixos/modules/hardware/video/uvcvideo/default.nix @@ -22,7 +22,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable {command}`uvcvideo` dynamic controls. Note that enabling this brings the {command}`uvcdynctrl` tool @@ -34,7 +34,7 @@ in packages = mkOption { type = types.listOf types.path; example = literalExpression "[ pkgs.tiscamera ]"; - description = lib.mdDoc '' + description = '' List of packages containing {command}`uvcvideo` dynamic controls rules. All files found in {file}`«pkg»/share/uvcdynctrl/data` diff --git a/nixpkgs/nixos/modules/hardware/video/webcam/facetimehd.nix b/nixpkgs/nixos/modules/hardware/video/webcam/facetimehd.nix index a0ec9c98a54c..1e6e6442c372 100644 --- a/nixpkgs/nixos/modules/hardware/video/webcam/facetimehd.nix +++ b/nixpkgs/nixos/modules/hardware/video/webcam/facetimehd.nix @@ -12,13 +12,13 @@ in { - options.hardware.facetimehd.enable = mkEnableOption (lib.mdDoc "the facetimehd kernel module"); + options.hardware.facetimehd.enable = mkEnableOption "the facetimehd kernel module"; options.hardware.facetimehd.withCalibration = mkOption { default = false; example = true; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to include sensor calibration files for facetimehd. This makes colors look much better but is experimental, see <https://github.com/patjak/facetimehd/wiki/Extracting-the-sensor-calibration-files> diff --git a/nixpkgs/nixos/modules/hardware/video/webcam/ipu6.nix b/nixpkgs/nixos/modules/hardware/video/webcam/ipu6.nix index a7767e446bd4..de47fe3f6b5a 100644 --- a/nixpkgs/nixos/modules/hardware/video/webcam/ipu6.nix +++ b/nixpkgs/nixos/modules/hardware/video/webcam/ipu6.nix @@ -10,11 +10,11 @@ in options.hardware.ipu6 = { - enable = mkEnableOption (lib.mdDoc "support for Intel IPU6/MIPI cameras"); + enable = mkEnableOption "support for Intel IPU6/MIPI cameras"; platform = mkOption { type = types.enum [ "ipu6" "ipu6ep" "ipu6epmtl" ]; - description = lib.mdDoc '' + description = '' Choose the version for your hardware platform. Use `ipu6` for Tiger Lake, `ipu6ep` for Alder Lake or Raptor Lake, diff --git a/nixpkgs/nixos/modules/hardware/wooting.nix b/nixpkgs/nixos/modules/hardware/wooting.nix index 78bbcb61aca7..56ef77d31ef2 100644 --- a/nixpkgs/nixos/modules/hardware/wooting.nix +++ b/nixpkgs/nixos/modules/hardware/wooting.nix @@ -2,8 +2,8 @@ with lib; { - options.hardware.wooting.enable = mkEnableOption (lib.mdDoc ''support for Wooting keyboards. - Note that users must be in the "input" group for udev rules to apply''); + options.hardware.wooting.enable = mkEnableOption ''support for Wooting keyboards. + Note that users must be in the "input" group for udev rules to apply''; config = mkIf config.hardware.wooting.enable { environment.systemPackages = [ pkgs.wootility ]; diff --git a/nixpkgs/nixos/modules/hardware/xone.nix b/nixpkgs/nixos/modules/hardware/xone.nix index 211d3fce8679..89690d8c6fb1 100644 --- a/nixpkgs/nixos/modules/hardware/xone.nix +++ b/nixpkgs/nixos/modules/hardware/xone.nix @@ -6,7 +6,7 @@ let in { options.hardware.xone = { - enable = mkEnableOption (lib.mdDoc "the xone driver for Xbox One and Xbobx Series X|S accessories"); + enable = mkEnableOption "the xone driver for Xbox One and Xbobx Series X|S accessories"; }; config = mkIf cfg.enable { diff --git a/nixpkgs/nixos/modules/hardware/xpadneo.nix b/nixpkgs/nixos/modules/hardware/xpadneo.nix index a66e81d8b15b..474f0f7fcf64 100644 --- a/nixpkgs/nixos/modules/hardware/xpadneo.nix +++ b/nixpkgs/nixos/modules/hardware/xpadneo.nix @@ -6,7 +6,7 @@ let in { options.hardware.xpadneo = { - enable = mkEnableOption (lib.mdDoc "the xpadneo driver for Xbox One wireless controllers"); + enable = mkEnableOption "the xpadneo driver for Xbox One wireless controllers"; }; config = mkIf cfg.enable { diff --git a/nixpkgs/nixos/modules/i18n/input-method/default.nix b/nixpkgs/nixos/modules/i18n/input-method/default.nix index d967d4335c70..3b439c4231b3 100644 --- a/nixpkgs/nixos/modules/i18n/input-method/default.nix +++ b/nixpkgs/nixos/modules/i18n/input-method/default.nix @@ -32,7 +32,7 @@ in type = types.nullOr (types.enum [ "ibus" "fcitx5" "nabi" "uim" "hime" "kime" ]); default = null; example = "fcitx5"; - description = lib.mdDoc '' + description = '' Select the enabled input method. Input methods is a software to input symbols that are not available on standard input devices. Input methods are specially used to input Chinese, Japanese and Korean characters. @@ -52,7 +52,7 @@ in internal = true; type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' The input method method package. ''; }; diff --git a/nixpkgs/nixos/modules/i18n/input-method/fcitx5.nix b/nixpkgs/nixos/modules/i18n/input-method/fcitx5.nix index 755336220520..bb6661e248f2 100644 --- a/nixpkgs/nixos/modules/i18n/input-method/fcitx5.nix +++ b/nixpkgs/nixos/modules/i18n/input-method/fcitx5.nix @@ -18,14 +18,14 @@ in type = with types; listOf package; default = [ ]; example = literalExpression "with pkgs; [ fcitx5-rime ]"; - description = lib.mdDoc '' + description = '' Enabled Fcitx5 addons. ''; }; waylandFrontend = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Use the Wayland input method frontend. See [Using Fcitx 5 on Wayland](https://fcitx-im.org/wiki/Using_Fcitx_5_on_Wayland). ''; @@ -34,7 +34,7 @@ in type = types.bool; default = config.services.desktopManager.plasma6.enable; defaultText = literalExpression "config.services.desktopManager.plasma6.enable"; - description = lib.mdDoc '' + description = '' Use qt6 versions of fcitx5 packages. Required for configuring fcitx5 in KDE System Settings. ''; @@ -48,7 +48,7 @@ in angry = "( ̄ー ̄)"; } ''; - description = lib.mdDoc "Quick phrases."; + description = "Quick phrases."; }; quickPhraseFiles = mkOption { type = with types; attrsOf path; @@ -59,7 +59,7 @@ in numbers = ./numbers.mb; } ''; - description = lib.mdDoc "Quick phrase files."; + description = "Quick phrase files."; }; settings = { globalOptions = lib.mkOption { @@ -67,7 +67,7 @@ in freeformType = settingsFormat.type; }; default = { }; - description = lib.mdDoc '' + description = '' The global options in `config` file in ini format. ''; }; @@ -76,14 +76,14 @@ in freeformType = settingsFormat.type; }; default = { }; - description = lib.mdDoc '' + description = '' The input method configure in `profile` file in ini format. ''; }; addons = lib.mkOption { type = with lib.types; (attrsOf anything); default = { }; - description = lib.mdDoc '' + description = '' The addon configures in `conf` folder in ini format with global sections. Each item is written to the corresponding file. ''; @@ -93,7 +93,7 @@ in ignoreUserConfig = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Ignore the user configures. **Warning**: When this is enabled, the user config files are totally ignored and the user dict can't be saved and loaded. diff --git a/nixpkgs/nixos/modules/i18n/input-method/ibus.nix b/nixpkgs/nixos/modules/i18n/input-method/ibus.nix index a81ce828b13d..c82f0099253b 100644 --- a/nixpkgs/nixos/modules/i18n/input-method/ibus.nix +++ b/nixpkgs/nixos/modules/i18n/input-method/ibus.nix @@ -41,14 +41,13 @@ in enginesDrv = filterAttrs (const isDerivation) pkgs.ibus-engines; engines = concatStringsSep ", " (map (name: "`${name}`") (attrNames enginesDrv)); - in - lib.mdDoc "Enabled IBus engines. Available engines are: ${engines}."; + in "Enabled IBus engines. Available engines are: ${engines}."; }; panel = mkOption { type = with types; nullOr path; default = null; example = literalExpression ''"''${pkgs.plasma5Packages.plasma-desktop}/libexec/kimpanel-ibus-panel"''; - description = lib.mdDoc "Replace the IBus panel with another panel."; + description = "Replace the IBus panel with another panel."; }; }; }; diff --git a/nixpkgs/nixos/modules/i18n/input-method/kime.nix b/nixpkgs/nixos/modules/i18n/input-method/kime.nix index e82996926b28..1fea3aeccf0a 100644 --- a/nixpkgs/nixos/modules/i18n/input-method/kime.nix +++ b/nixpkgs/nixos/modules/i18n/input-method/kime.nix @@ -10,7 +10,7 @@ in { type = lib.types.listOf (lib.types.enum [ "Xim" "Wayland" "Indicator" ]); default = [ "Xim" "Wayland" "Indicator" ]; example = [ "Xim" "Indicator" ]; - description = lib.mdDoc '' + description = '' List of enabled daemon modules ''; }; @@ -18,14 +18,14 @@ in { type = lib.types.enum [ "Black" "White" ]; default = "Black"; example = "White"; - description = lib.mdDoc '' + description = '' Color of the indicator icon ''; }; extraConfig = lib.mkOption { type = lib.types.lines; default = ""; - description = lib.mdDoc '' + description = '' extra kime configuration. Refer to <https://github.com/Riey/kime/blob/v${pkgs.kime.version}/docs/CONFIGURATION.md> for details on supported values. ''; }; diff --git a/nixpkgs/nixos/modules/i18n/input-method/uim.nix b/nixpkgs/nixos/modules/i18n/input-method/uim.nix index 7225783b2a6f..6a636a771c1f 100644 --- a/nixpkgs/nixos/modules/i18n/input-method/uim.nix +++ b/nixpkgs/nixos/modules/i18n/input-method/uim.nix @@ -13,7 +13,7 @@ in type = types.enum [ "gtk" "gtk3" "gtk-systray" "gtk3-systray" "qt5" ]; default = "gtk"; example = "gtk-systray"; - description = lib.mdDoc '' + description = '' selected UIM toolbar. ''; }; diff --git a/nixpkgs/nixos/modules/image/repart-image.nix b/nixpkgs/nixos/modules/image/repart-image.nix index 83e766268cf0..59d5fc26efe9 100644 --- a/nixpkgs/nixos/modules/image/repart-image.nix +++ b/nixpkgs/nixos/modules/image/repart-image.nix @@ -41,6 +41,25 @@ }: let + systemdArch = let + inherit (stdenvNoCC) hostPlatform; + in + if hostPlatform.isAarch32 then "arm" + else if hostPlatform.isAarch64 then "arm64" + else if hostPlatform.isx86_32 then "x86" + else if hostPlatform.isx86_64 then "x86-64" + else if hostPlatform.isMips32 then "mips-le" + else if hostPlatform.isMips64 then "mips64-le" + else if hostPlatform.isPower then "ppc" + else if hostPlatform.isPower64 then "ppc64" + else if hostPlatform.isRiscV32 then "riscv32" + else if hostPlatform.isRiscV64 then "riscv64" + else if hostPlatform.isS390 then "s390" + else if hostPlatform.isS390x then "s390x" + else if hostPlatform.isLoongArch64 then "loongarch64" + else if hostPlatform.isAlpha then "alpha" + else hostPlatform.parsed.cpu.name; + amendRepartDefinitions = runCommand "amend-repart-definitions.py" { # TODO: ruff does not splice properly in nativeBuildInputs @@ -99,6 +118,7 @@ in finalRepartDefinitions = "repart.d"; systemdRepartFlags = [ + "--architecture=${systemdArch}" "--dry-run=no" "--size=auto" "--seed=${seed}" diff --git a/nixpkgs/nixos/modules/image/repart.nix b/nixpkgs/nixos/modules/image/repart.nix index 1a43297f4b43..e471f9485cd0 100644 --- a/nixpkgs/nixos/modules/image/repart.nix +++ b/nixpkgs/nixos/modules/image/repart.nix @@ -6,18 +6,20 @@ let cfg = config.image.repart; + inherit (utils.systemdUtils.lib) GPTMaxLabelLength; + partitionOptions = { options = { storePaths = lib.mkOption { type = with lib.types; listOf path; default = [ ]; - description = lib.mdDoc "The store paths to include in the partition."; + description = "The store paths to include in the partition."; }; stripNixStorePrefix = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to strip `/nix/store/` from the store paths. This is useful when you want to build a partition that only contains store paths and is mounted under `/nix/store`. @@ -29,7 +31,7 @@ let options = { source = lib.mkOption { type = types.path; - description = lib.mdDoc "Path of the source file."; + description = "Path of the source file."; }; }; }); @@ -42,7 +44,7 @@ let "/loader/entries/nixos.conf".source = systemdBootEntry; } ''; - description = lib.mdDoc "The contents to end up in the filesystem image."; + description = "The contents to end up in the filesystem image."; }; repartConfig = lib.mkOption { @@ -52,7 +54,7 @@ let SizeMinBytes = "512M"; SizeMaxBytes = "2G"; }; - description = lib.mdDoc '' + description = '' Specify the repart options for a partiton as a structural setting. See <https://www.freedesktop.org/software/systemd/man/repart.d.html> for all available options. @@ -71,7 +73,7 @@ in name = lib.mkOption { type = lib.types.str; - description = lib.mdDoc '' + description = '' Name of the image. If this option is unset but config.system.image.id is set, @@ -83,13 +85,13 @@ in type = lib.types.nullOr lib.types.str; default = config.system.image.version; defaultText = lib.literalExpression "config.system.image.version"; - description = lib.mdDoc "Version of the image"; + description = "Version of the image"; }; imageFileBasename = lib.mkOption { type = lib.types.str; readOnly = true; - description = lib.mdDoc '' + description = '' Basename of the image filename without any extension (e.g. `image_1`). ''; }; @@ -97,24 +99,24 @@ in imageFile = lib.mkOption { type = lib.types.str; readOnly = true; - description = lib.mdDoc '' + description = '' Filename of the image including all extensions (e.g `image_1.raw` or `image_1.raw.zst`). ''; }; compression = { - enable = lib.mkEnableOption (lib.mdDoc "Image compression"); + enable = lib.mkEnableOption "Image compression"; algorithm = lib.mkOption { type = lib.types.enum [ "zstd" "xz" ]; default = "zstd"; - description = lib.mdDoc "Compression algorithm"; + description = "Compression algorithm"; }; level = lib.mkOption { type = lib.types.int; - description = lib.mdDoc '' + description = '' Compression level. The available range depends on the used algorithm. ''; }; @@ -124,7 +126,7 @@ in type = with lib.types; nullOr str; # Generated with `uuidgen`. Random but fixed to improve reproducibility. default = "0867da16-f251-457d-a9e8-c31f9a3c220b"; - description = lib.mdDoc '' + description = '' A UUID to use as a seed. You can set this to `null` to explicitly randomize the partition UUIDs. ''; @@ -133,7 +135,7 @@ in split = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Enables generation of split artifacts from partitions. If enabled, for each partition with SplitName= set, a separate output file containing just the contents of that partition is generated. @@ -144,7 +146,7 @@ in type = with lib.types; nullOr int; default = 512; example = lib.literalExpression "4096"; - description = lib.mdDoc '' + description = '' The sector size of the disk image produced by systemd-repart. This value must be a power of 2 between 512 and 4096. ''; @@ -182,7 +184,7 @@ in }; }; ''; - description = lib.mdDoc '' + description = '' Specify partitions as a set of the names of the partitions with their configuration as the key. ''; @@ -196,7 +198,7 @@ in vfat = [ "-S 512" "-c" ]; } ''; - description = lib.mdDoc '' + description = '' Specify extra options for created file systems. The specified options are converted to individual environment variables of the format `SYSTEMD_REPART_MKFS_OPTIONS_<FSTYPE>`. @@ -215,7 +217,7 @@ in type = lib.types.attrs; internal = true; readOnly = true; - description = lib.mdDoc '' + description = '' Convenience option to access partitions with added closures. ''; }; @@ -224,6 +226,42 @@ in config = { + assertions = lib.mapAttrsToList (fileName: partitionConfig: + let + inherit (partitionConfig) repartConfig; + labelLength = builtins.stringLength repartConfig.Label; + in + { + assertion = repartConfig ? Label -> GPTMaxLabelLength >= labelLength; + message = '' + The partition label '${repartConfig.Label}' + defined for '${fileName}' is ${toString labelLength} characters long, + but the maximum label length supported by UEFI is ${toString + GPTMaxLabelLength}. + ''; + } + ) cfg.partitions; + + warnings = lib.filter (v: v != null) (lib.mapAttrsToList (fileName: partitionConfig: + let + inherit (partitionConfig) repartConfig; + suggestedMaxLabelLength = GPTMaxLabelLength - 2; + labelLength = builtins.stringLength repartConfig.Label; + in + if (repartConfig ? Label && labelLength >= suggestedMaxLabelLength) then '' + The partition label '${repartConfig.Label}' + defined for '${fileName}' is ${toString labelLength} characters long. + The suggested maximum label length is ${toString + suggestedMaxLabelLength}. + + If you use sytemd-sysupdate style A/B updates, this might + not leave enough space to increment the version number included in + the label in a future release. For example, if your label is + ${toString GPTMaxLabelLength} characters long (the maximum enforced by UEFI) and + you're at version 9, you cannot increment this to 10. + '' else null + ) cfg.partitions); + image.repart = let version = config.image.repart.version; diff --git a/nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-graphical-calamares-gnome.nix b/nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-graphical-calamares-gnome.nix index d1a4c27432c2..1de5ba113875 100644 --- a/nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-graphical-calamares-gnome.nix +++ b/nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-graphical-calamares-gnome.nix @@ -35,20 +35,19 @@ QT_QPA_PLATFORM = "$([[ $XDG_SESSION_TYPE = \"wayland\" ]] && echo \"wayland\")"; }; - services.xserver.displayManager = { - gdm = { - enable = true; - # autoSuspend makes the machine automatically suspend after inactivity. - # It's possible someone could/try to ssh'd into the machine and obviously - # have issues because it's inactive. - # See: - # * https://github.com/NixOS/nixpkgs/pull/63790 - # * https://gitlab.gnome.org/GNOME/gnome-control-center/issues/22 - autoSuspend = false; - }; - autoLogin = { - enable = true; - user = "nixos"; - }; + services.xserver.displayManager.gdm = { + enable = true; + # autoSuspend makes the machine automatically suspend after inactivity. + # It's possible someone could/try to ssh'd into the machine and obviously + # have issues because it's inactive. + # See: + # * https://github.com/NixOS/nixpkgs/pull/63790 + # * https://gitlab.gnome.org/GNOME/gnome-control-center/issues/22 + autoSuspend = false; + }; + + services.displayManager.autoLogin = { + enable = true; + user = "nixos"; }; } diff --git a/nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-graphical-calamares-plasma5.nix b/nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-graphical-calamares-plasma5.nix index a4c46d58c85a..61e94ffed889 100644 --- a/nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-graphical-calamares-plasma5.nix +++ b/nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-graphical-calamares-plasma5.nix @@ -8,18 +8,16 @@ isoImage.edition = "plasma5"; - services.xserver = { - desktopManager.plasma5 = { - enable = true; - }; + services.xserver.desktopManager.plasma5 = { + enable = true; + }; - # Automatically login as nixos. - displayManager = { - sddm.enable = true; - autoLogin = { - enable = true; - user = "nixos"; - }; + # Automatically login as nixos. + services.displayManager = { + sddm.enable = true; + autoLogin = { + enable = true; + user = "nixos"; }; }; diff --git a/nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-graphical-calamares-plasma6.nix b/nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-graphical-calamares-plasma6.nix index 11118db3aae2..bdcf751bf629 100644 --- a/nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-graphical-calamares-plasma6.nix +++ b/nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-graphical-calamares-plasma6.nix @@ -7,16 +7,14 @@ isoImage.edition = "plasma6"; - services.xserver = { - desktopManager.plasma6.enable = true; - - # Automatically login as nixos. - displayManager = { - sddm.enable = true; - autoLogin = { - enable = true; - user = "nixos"; - }; + services.desktopManager.plasma6.enable = true; + + # Automatically login as nixos. + services.displayManager = { + sddm.enable = true; + autoLogin = { + enable = true; + user = "nixos"; }; }; diff --git a/nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-graphical-gnome.nix b/nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-graphical-gnome.nix index 573b31b439c2..b3c605e3f94d 100644 --- a/nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-graphical-gnome.nix +++ b/nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-graphical-gnome.nix @@ -16,21 +16,19 @@ enable = true; }; - services.xserver.displayManager = { - gdm = { - enable = true; - # autoSuspend makes the machine automatically suspend after inactivity. - # It's possible someone could/try to ssh'd into the machine and obviously - # have issues because it's inactive. - # See: - # * https://github.com/NixOS/nixpkgs/pull/63790 - # * https://gitlab.gnome.org/GNOME/gnome-control-center/issues/22 - autoSuspend = false; - }; - autoLogin = { - enable = true; - user = "nixos"; - }; + services.xserver.displayManager.gdm = { + enable = true; + # autoSuspend makes the machine automatically suspend after inactivity. + # It's possible someone could/try to ssh'd into the machine and obviously + # have issues because it's inactive. + # See: + # * https://github.com/NixOS/nixpkgs/pull/63790 + # * https://gitlab.gnome.org/GNOME/gnome-control-center/issues/22 + autoSuspend = false; }; + services.displayManager.autoLogin = { + enable = true; + user = "nixos"; + }; } diff --git a/nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-graphical-plasma5.nix b/nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-graphical-plasma5.nix index 5c7617c9f8c1..ce111bcebd5c 100644 --- a/nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-graphical-plasma5.nix +++ b/nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-graphical-plasma5.nix @@ -8,18 +8,16 @@ isoImage.edition = "plasma5"; - services.xserver = { - desktopManager.plasma5 = { - enable = true; - }; + services.xserver.desktopManager.plasma5 = { + enable = true; + }; - # Automatically login as nixos. - displayManager = { - sddm.enable = true; - autoLogin = { - enable = true; - user = "nixos"; - }; + # Automatically login as nixos. + services.displayManager = { + sddm.enable = true; + autoLogin = { + enable = true; + user = "nixos"; }; }; diff --git a/nixpkgs/nixos/modules/installer/cd-dvd/iso-image.nix b/nixpkgs/nixos/modules/installer/cd-dvd/iso-image.nix index f5b6af3a6b7f..06949bda1cb2 100644 --- a/nixpkgs/nixos/modules/installer/cd-dvd/iso-image.nix +++ b/nixpkgs/nixos/modules/installer/cd-dvd/iso-image.nix @@ -483,7 +483,7 @@ in isoImage.isoName = mkOption { default = "${config.isoImage.isoBaseName}.iso"; type = lib.types.str; - description = lib.mdDoc '' + description = '' Name of the generated ISO image file. ''; }; @@ -491,7 +491,7 @@ in isoImage.isoBaseName = mkOption { default = config.system.nixos.distroId; type = lib.types.str; - description = lib.mdDoc '' + description = '' Prefix of the name of the generated ISO image file. ''; }; @@ -499,7 +499,7 @@ in isoImage.compressImage = mkOption { default = false; type = lib.types.bool; - description = lib.mdDoc '' + description = '' Whether the ISO image should be compressed using {command}`zstd`. ''; @@ -513,7 +513,7 @@ in + lib.optionalString (isPower && is32bit && isBigEndian) "-Xbcj powerpc" + lib.optionalString (isSparc) "-Xbcj sparc"; type = lib.types.nullOr lib.types.str; - description = lib.mdDoc '' + description = '' Compression settings to use for the squashfs nix store. `null` disables compression. ''; @@ -523,7 +523,7 @@ in isoImage.edition = mkOption { default = ""; type = lib.types.str; - description = lib.mdDoc '' + description = '' Specifies which edition string to use in the volume ID of the generated ISO image. ''; @@ -533,7 +533,7 @@ in # nixos-$EDITION-$RELEASE-$ARCH default = "nixos${optionalString (config.isoImage.edition != "") "-${config.isoImage.edition}"}-${config.system.nixos.release}-${pkgs.stdenv.hostPlatform.uname.processor}"; type = lib.types.str; - description = lib.mdDoc '' + description = '' Specifies the label or volume ID of the generated ISO image. Note that the label is used by stage 1 of the boot process to mount the CD, so it should be reasonably distinctive. @@ -547,7 +547,7 @@ in } ] ''; - description = lib.mdDoc '' + description = '' This option lists files to be copied to fixed locations in the generated ISO image. ''; @@ -555,7 +555,7 @@ in isoImage.storeContents = mkOption { example = literalExpression "[ pkgs.stdenv ]"; - description = lib.mdDoc '' + description = '' This option lists additional derivations to be included in the Nix store in the generated ISO image. ''; @@ -564,7 +564,7 @@ in isoImage.includeSystemBuildDependencies = mkOption { default = false; type = lib.types.bool; - description = lib.mdDoc '' + description = '' Set this option to include all the needed sources etc in the image. It significantly increases image size. Use that when you want to be able to keep all the sources needed to build your @@ -586,7 +586,7 @@ in e.g. i686 and x86_64. ''; type = lib.types.bool; - description = lib.mdDoc '' + description = '' Whether the ISO image should be a BIOS-bootable disk. ''; }; @@ -594,7 +594,7 @@ in isoImage.makeEfiBootable = mkOption { default = false; type = lib.types.bool; - description = lib.mdDoc '' + description = '' Whether the ISO image should be an EFI-bootable volume. ''; }; @@ -602,7 +602,7 @@ in isoImage.makeUsbBootable = mkOption { default = false; type = lib.types.bool; - description = lib.mdDoc '' + description = '' Whether the ISO image should be bootable from CD as well as USB. ''; }; @@ -612,7 +612,7 @@ in url = "https://raw.githubusercontent.com/NixOS/nixos-artwork/a9e05d7deb38a8e005a2b52575a3f59a63a4dba0/bootloader/efi-background.png"; sha256 = "18lfwmp8yq923322nlb9gxrh5qikj1wsk6g5qvdh31c4h5b1538x"; }; - description = lib.mdDoc '' + description = '' The splash image to use in the EFI bootloader. ''; }; @@ -622,7 +622,7 @@ in url = "https://raw.githubusercontent.com/NixOS/nixos-artwork/a9e05d7deb38a8e005a2b52575a3f59a63a4dba0/bootloader/isolinux/bios-boot.png"; sha256 = "1wp822zrhbg4fgfbwkr7cbkr4labx477209agzc0hr6k62fr6rxd"; }; - description = lib.mdDoc '' + description = '' The splash image to use in the legacy-boot bootloader. ''; }; @@ -630,7 +630,7 @@ in isoImage.grubTheme = mkOption { default = pkgs.nixos-grub2-theme; type = types.nullOr (types.either types.path types.package); - description = lib.mdDoc '' + description = '' The grub2 theme used for UEFI boot. ''; }; @@ -661,7 +661,7 @@ in MENU COLOR SEL 7;37;40 #FFFFFFFF #FF5277C3 std ''; type = types.str; - description = lib.mdDoc '' + description = '' The syslinux theme used for BIOS boot. ''; }; @@ -670,7 +670,7 @@ in default = ""; type = types.str; example = "Install "; - description = lib.mdDoc '' + description = '' The string to prepend before the menu label for the NixOS system. This will be directly prepended (without whitespace) to the NixOS version string, like for example if it is set to `XXX`: @@ -683,7 +683,7 @@ in default = " Installer"; type = types.str; example = " Live System"; - description = lib.mdDoc '' + description = '' The string to append after the menu label for the NixOS system. This will be directly appended (without whitespace) to the NixOS version string, like for example if it is set to `XXX`: @@ -696,7 +696,7 @@ in default = false; type = types.bool; example = true; - description = lib.mdDoc '' + description = '' Whether to use text mode instead of graphical grub. A value of `true` means graphical mode is not tried to be used. diff --git a/nixpkgs/nixos/modules/installer/netboot/netboot.nix b/nixpkgs/nixos/modules/installer/netboot/netboot.nix index 028a2d74041e..c88a53393d13 100644 --- a/nixpkgs/nixos/modules/installer/netboot/netboot.nix +++ b/nixpkgs/nixos/modules/installer/netboot/netboot.nix @@ -15,7 +15,7 @@ with lib; + lib.optionalString isAarch "-Xbcj arm" + lib.optionalString (isPower && is32bit && isBigEndian) "-Xbcj powerpc" + lib.optionalString (isSparc) "-Xbcj sparc"; - description = lib.mdDoc '' + description = '' Compression settings to use for the squashfs nix store. ''; example = "zstd -Xcompression-level 6"; @@ -24,7 +24,7 @@ with lib; netboot.storeContents = mkOption { example = literalExpression "[ pkgs.stdenv ]"; - description = lib.mdDoc '' + description = '' This option lists additional derivations to be included in the Nix store in the generated netboot image. ''; diff --git a/nixpkgs/nixos/modules/installer/sd-card/sd-image.nix b/nixpkgs/nixos/modules/installer/sd-card/sd-image.nix index ad9b803b1d1e..1c79bf4ac3ef 100644 --- a/nixpkgs/nixos/modules/installer/sd-card/sd-image.nix +++ b/nixpkgs/nixos/modules/installer/sd-card/sd-image.nix @@ -35,14 +35,14 @@ in options.sdImage = { imageName = mkOption { default = "${config.sdImage.imageBaseName}-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.img"; - description = lib.mdDoc '' + description = '' Name of the generated image file. ''; }; imageBaseName = mkOption { default = "nixos-sd-image"; - description = lib.mdDoc '' + description = '' Prefix of the name of the generated image file. ''; }; @@ -50,7 +50,7 @@ in storePaths = mkOption { type = with types; listOf package; example = literalExpression "[ pkgs.stdenv ]"; - description = lib.mdDoc '' + description = '' Derivations to be included in the Nix store in the generated SD image. ''; }; @@ -58,7 +58,7 @@ in firmwarePartitionOffset = mkOption { type = types.int; default = 8; - description = lib.mdDoc '' + description = '' Gap in front of the /boot/firmware partition, in mebibytes (1024×1024 bytes). Can be increased to make more space for boards requiring to dd u-boot @@ -74,7 +74,7 @@ in firmwarePartitionID = mkOption { type = types.str; default = "0x2178694e"; - description = lib.mdDoc '' + description = '' Volume ID for the /boot/firmware partition on the SD card. This value must be a 32-bit hexadecimal number. ''; @@ -83,7 +83,7 @@ in firmwarePartitionName = mkOption { type = types.str; default = "FIRMWARE"; - description = lib.mdDoc '' + description = '' Name of the filesystem which holds the boot firmware. ''; }; @@ -92,7 +92,7 @@ in type = types.nullOr types.str; default = null; example = "14e19a7b-0ae0-484d-9d54-43bd6fdc20c7"; - description = lib.mdDoc '' + description = '' UUID for the filesystem on the main NixOS partition on the SD card. ''; }; @@ -101,14 +101,14 @@ in type = types.int; # As of 2019-08-18 the Raspberry pi firmware + u-boot takes ~18MiB default = 30; - description = lib.mdDoc '' + description = '' Size of the /boot/firmware partition, in megabytes. ''; }; populateFirmwareCommands = mkOption { example = literalExpression "'' cp \${pkgs.myBootLoader}/u-boot.bin firmware/ ''"; - description = lib.mdDoc '' + description = '' Shell commands to populate the ./firmware directory. All files in that directory are copied to the /boot/firmware partition on the SD image. @@ -117,7 +117,7 @@ in populateRootCommands = mkOption { example = literalExpression "''\${config.boot.loader.generic-extlinux-compatible.populateCmd} -c \${config.system.build.toplevel} -d ./files/boot''"; - description = lib.mdDoc '' + description = '' Shell commands to populate the ./files directory. All files in that directory are copied to the root (/) partition on the SD image. Use this to @@ -128,7 +128,7 @@ in postBuildCommands = mkOption { example = literalExpression "'' dd if=\${pkgs.myBootLoader}/SPL of=$img bs=1024 seek=1 conv=notrunc ''"; default = ""; - description = lib.mdDoc '' + description = '' Shell commands to run after the image is built. Can be used for boards requiring to dd u-boot SPL before actual partitions. ''; @@ -137,7 +137,7 @@ in compressImage = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether the SD image should be compressed using {command}`zstd`. ''; @@ -146,7 +146,7 @@ in expandOnBoot = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to configure the sd image to expand it's partition on boot. ''; }; diff --git a/nixpkgs/nixos/modules/installer/tools/nixos-generate-config.pl b/nixpkgs/nixos/modules/installer/tools/nixos-generate-config.pl index ef25b8b296e6..cf4173638b1a 100644 --- a/nixpkgs/nixos/modules/installer/tools/nixos-generate-config.pl +++ b/nixpkgs/nixos/modules/installer/tools/nixos-generate-config.pl @@ -453,6 +453,17 @@ EOF } } + # Preserve umask (fmask, dmask) settings for vfat filesystems. + # (The default is to mount these world-readable, but that's a security risk + # for the EFI System Partition.) + if ($fsType eq "vfat") { + for (@superOptions) { + if ($_ =~ /fmask|dmask/) { + push @extraOptions, $_; + } + } + } + # is this a stratis fs? my $stableDevPath = findStableDevPath $device; my $stratisPool; diff --git a/nixpkgs/nixos/modules/installer/tools/tools.nix b/nixpkgs/nixos/modules/installer/tools/tools.nix index a7d11370d445..7f16b97440c1 100644 --- a/nixpkgs/nixos/modules/installer/tools/tools.nix +++ b/nixpkgs/nixos/modules/installer/tools/tools.nix @@ -87,7 +87,7 @@ in configuration = mkOption { internal = true; type = types.str; - description = lib.mdDoc '' + description = '' The NixOS module that `nixos-generate-config` saves to `/etc/nixos/configuration.nix`. @@ -104,7 +104,7 @@ in internal = true; type = types.listOf types.lines; default = []; - description = lib.mdDoc '' + description = '' Text to preseed the desktop configuration that `nixos-generate-config` saves to `/etc/nixos/configuration.nix`. @@ -122,7 +122,7 @@ in internal = true; type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Disable nixos-rebuild, nixos-generate-config, nixos-installer and other NixOS tools. This is useful to shrink embedded, read-only systems which are not expected to be rebuild or @@ -177,11 +177,15 @@ in # services.printing.enable = true; # Enable sound. - # sound.enable = true; # hardware.pulseaudio.enable = true; + # OR + # services.pipewire = { + # enable = true; + # pulse.enable = true; + # }; # Enable touchpad support (enabled default in most desktopManager). - # services.xserver.libinput.enable = true; + # services.libinput.enable = true; # Define a user account. Don't forget to set a password with ‘passwd’. # users.users.alice = { diff --git a/nixpkgs/nixos/modules/installer/virtualbox-demo.nix b/nixpkgs/nixos/modules/installer/virtualbox-demo.nix index 01931b2acfca..289a8cf9e506 100644 --- a/nixpkgs/nixos/modules/installer/virtualbox-demo.nix +++ b/nixpkgs/nixos/modules/installer/virtualbox-demo.nix @@ -40,7 +40,7 @@ with lib; # If you prefer another desktop manager or display manager, you may want # to disable the default. # services.xserver.desktopManager.plasma5.enable = lib.mkForce false; - # services.xserver.displayManager.sddm.enable = lib.mkForce false; + # services.displayManager.sddm.enable = lib.mkForce false; # Enable GDM/GNOME by uncommenting above two lines and two lines below. # services.xserver.displayManager.gdm.enable = true; diff --git a/nixpkgs/nixos/modules/misc/assertions.nix b/nixpkgs/nixos/modules/misc/assertions.nix index 364bb02be82d..550b3ac97f6a 100644 --- a/nixpkgs/nixos/modules/misc/assertions.nix +++ b/nixpkgs/nixos/modules/misc/assertions.nix @@ -11,7 +11,7 @@ with lib; internal = true; default = []; example = [ { assertion = false; message = "you can't enable this for that reason"; } ]; - description = lib.mdDoc '' + description = '' This option allows modules to express conditions that must hold for the evaluation of the system configuration to succeed, along with associated error messages for the user. @@ -23,7 +23,7 @@ with lib; default = []; type = types.listOf types.str; example = [ "The `foo' service is deprecated and will go away soon!" ]; - description = lib.mdDoc '' + description = '' This option allows modules to show warnings to users during the evaluation of the system configuration. ''; diff --git a/nixpkgs/nixos/modules/misc/crashdump.nix b/nixpkgs/nixos/modules/misc/crashdump.nix index 4ae18984ee5f..b0f75d9caaa3 100644 --- a/nixpkgs/nixos/modules/misc/crashdump.nix +++ b/nixpkgs/nixos/modules/misc/crashdump.nix @@ -16,7 +16,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' If enabled, NixOS will set up a kernel that will boot on crash, and leave the user in systemd rescue to be able to save the crashed kernel dump at @@ -27,7 +27,7 @@ in reservedMemory = mkOption { default = "128M"; type = types.str; - description = lib.mdDoc '' + description = '' The amount of memory reserved for the crashdump kernel. If you choose a too high value, dmesg will mention "crashkernel reservation failed". @@ -36,7 +36,7 @@ in kernelParams = mkOption { type = types.listOf types.str; default = [ "1" "boot.shell_on_fail" ]; - description = lib.mdDoc '' + description = '' Parameters that will be passed to the kernel kexec-ed on crash. ''; }; diff --git a/nixpkgs/nixos/modules/misc/documentation.nix b/nixpkgs/nixos/modules/misc/documentation.nix index eca8cc0b450d..318918cc53c1 100644 --- a/nixpkgs/nixos/modules/misc/documentation.nix +++ b/nixpkgs/nixos/modules/misc/documentation.nix @@ -1,8 +1,32 @@ { config, options, lib, pkgs, utils, modules, baseModules, extraModules, modulesPath, specialArgs, ... }: -with lib; - let + inherit (lib) + cleanSourceFilter + concatMapStringsSep + evalModules + filter + functionArgs + hasSuffix + isAttrs + isDerivation + isFunction + isPath + literalExpression + mapAttrs + mkIf + mkMerge + mkOption + mkRemovedOptionModule + mkRenamedOptionModule + optional + optionalAttrs + optionals + partition + removePrefix + types + warn + ; cfg = config.documentation; allOpts = options; @@ -13,7 +37,7 @@ let instance = f (mapAttrs (n: _: abort "evaluating ${n} for `meta` failed") (functionArgs f)); in cfg.nixos.options.splitBuild - && builtins.isPath m + && isPath m && isFunction f && instance ? options && instance.meta.buildDocsInSandbox or true; @@ -51,12 +75,12 @@ let (name: value: let wholeName = "${namePrefix}.${name}"; - guard = lib.warn "Attempt to evaluate package ${wholeName} in option documentation; this is not supported and will eventually be an error. Use `mkPackageOption{,MD}` or `literalExpression` instead."; + guard = warn "Attempt to evaluate package ${wholeName} in option documentation; this is not supported and will eventually be an error. Use `mkPackageOption{,MD}` or `literalExpression` instead."; in if isAttrs value then scrubDerivations wholeName value // optionalAttrs (isDerivation value) { outPath = guard "\${${wholeName}}"; - drvPath = guard drvPath; + drvPath = guard value.drvPath; } else value ) @@ -77,6 +101,7 @@ let libPath = filter (pkgs.path + "/lib"); pkgsLibPath = filter (pkgs.path + "/pkgs/pkgs-lib"); nixosPath = filter (pkgs.path + "/nixos"); + NIX_ABORT_ON_WARN = warningsAreErrors; modules = "[ " + concatMapStringsSep " " (p: ''"${removePrefix "${modulesPath}/" (toString p)}"'') docModules.lazy @@ -176,7 +201,7 @@ in enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to install documentation of packages from {option}`environment.systemPackages` into the generated system path. @@ -188,7 +213,7 @@ in man.enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to install manual pages. This also includes `man` outputs. ''; @@ -205,7 +230,7 @@ in man.generateCaches = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Whether to generate the manual page index caches. This allows searching for a page or keyword using utilities like {manpage}`apropos(1)` @@ -217,7 +242,7 @@ in info.enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to install info pages and the {command}`info` command. This also includes "info" outputs. ''; @@ -226,7 +251,7 @@ in doc.enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to install documentation distributed in packages' `/share/doc`. Usually plain text and/or HTML. This also includes "doc" outputs. @@ -236,7 +261,7 @@ in dev.enable = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Whether to install documentation targeted at developers. * This includes man pages targeted at developers if {option}`documentation.man.enable` is set (this also includes "devman" outputs). @@ -250,7 +275,7 @@ in nixos.enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to install NixOS's own documentation. - This includes man pages like @@ -264,7 +289,7 @@ in nixos.extraModules = mkOption { type = types.listOf types.raw; default = []; - description = lib.mdDoc '' + description = '' Modules for which to show options even when not imported. ''; }; @@ -272,7 +297,7 @@ in nixos.options.splitBuild = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to split the option docs build into a cacheable and an uncacheable part. Splitting the build can substantially decrease the amount of time needed to build the manual, but some user modules may be incompatible with this splitting. @@ -282,7 +307,7 @@ in nixos.options.warningsAreErrors = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Treat warning emitted during the option documentation build (eg for missing option descriptions) as errors. ''; @@ -291,7 +316,7 @@ in nixos.includeAllModules = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether the generated NixOS's documentation should include documentation for all the options from all the NixOS modules included in the current `configuration.nix`. Disabling this will make the manual @@ -302,7 +327,7 @@ in nixos.extraModuleSources = mkOption { type = types.listOf (types.either types.path types.str); default = [ ]; - description = lib.mdDoc '' + description = '' Which extra NixOS module paths the generated NixOS's documentation should strip from options. ''; diff --git a/nixpkgs/nixos/modules/misc/documentation/test.nix b/nixpkgs/nixos/modules/misc/documentation/test.nix index dd1588abdb43..1eaa63b1fb6c 100644 --- a/nixpkgs/nixos/modules/misc/documentation/test.nix +++ b/nixpkgs/nixos/modules/misc/documentation/test.nix @@ -30,7 +30,7 @@ let specialArgs.someArg.myModule = { lib, ... }: { options.foobar = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "The foobar option was added via specialArgs"; + description = "The foobar option was added via specialArgs"; default = "qux"; }; }; diff --git a/nixpkgs/nixos/modules/misc/ids.nix b/nixpkgs/nixos/modules/misc/ids.nix index cfa98c838af5..f26917c0bad5 100644 --- a/nixpkgs/nixos/modules/misc/ids.nix +++ b/nixpkgs/nixos/modules/misc/ids.nix @@ -19,7 +19,7 @@ in ids.uids = lib.mkOption { internal = true; - description = lib.mdDoc '' + description = '' The user IDs used in NixOS. ''; type = types.attrsOf types.int; @@ -27,7 +27,7 @@ in ids.gids = lib.mkOption { internal = true; - description = lib.mdDoc '' + description = '' The group IDs used in NixOS. ''; type = types.attrsOf types.int; diff --git a/nixpkgs/nixos/modules/misc/label.nix b/nixpkgs/nixos/modules/misc/label.nix index 44ee812249ce..c7177f65a0fd 100644 --- a/nixpkgs/nixos/modules/misc/label.nix +++ b/nixpkgs/nixos/modules/misc/label.nix @@ -12,7 +12,7 @@ in nixos.label = mkOption { type = types.strMatching "[a-zA-Z0-9:_\\.-]*"; - description = lib.mdDoc '' + description = '' NixOS version name to be used in the names of generated outputs and boot labels. @@ -47,7 +47,7 @@ in type = types.listOf types.str; default = []; example = [ "with-xen" ]; - description = lib.mdDoc '' + description = '' Strings to prefix to the default {option}`system.nixos.label`. diff --git a/nixpkgs/nixos/modules/misc/lib.nix b/nixpkgs/nixos/modules/misc/lib.nix index f97e9209e2f1..121f396701ea 100644 --- a/nixpkgs/nixos/modules/misc/lib.nix +++ b/nixpkgs/nixos/modules/misc/lib.nix @@ -7,7 +7,7 @@ type = lib.types.attrsOf lib.types.attrs; - description = lib.mdDoc '' + description = '' This option allows modules to define helper functions, constants, etc. ''; }; diff --git a/nixpkgs/nixos/modules/misc/locate.nix b/nixpkgs/nixos/modules/misc/locate.nix index 0dd4bf3f16f3..84c711c2b4ef 100644 --- a/nixpkgs/nixos/modules/misc/locate.nix +++ b/nixpkgs/nixos/modules/misc/locate.nix @@ -20,7 +20,7 @@ in enable = mkOption { type = bool; default = false; - description = lib.mdDoc '' + description = '' If enabled, NixOS will periodically update the database of files used by the {command}`locate` command. ''; @@ -34,7 +34,7 @@ in type = str; default = "02:15"; example = "hourly"; - description = lib.mdDoc '' + description = '' Update the locate database at this interval. Updates by default at 2:15 AM every day. @@ -49,7 +49,7 @@ in extraFlags = mkOption { type = listOf str; default = [ ]; - description = lib.mdDoc '' + description = '' Extra flags to pass to {command}`updatedb`. ''; }; @@ -57,7 +57,7 @@ in output = mkOption { type = path; default = "/var/cache/locatedb"; - description = lib.mdDoc '' + description = '' The database file to build. ''; }; @@ -65,7 +65,7 @@ in localuser = mkOption { type = nullOr str; default = "nobody"; - description = lib.mdDoc '' + description = '' The user to search non-network directories as, using {command}`su`. ''; @@ -153,7 +153,7 @@ in "vboxsf" "vperfctrfs" ]; - description = lib.mdDoc '' + description = '' Which filesystem types to exclude from indexing ''; }; @@ -170,7 +170,7 @@ in "/nix/store" "/nix/var/log/nix" ]; - description = lib.mdDoc '' + description = '' Which paths to exclude from indexing ''; }; @@ -182,7 +182,7 @@ in `[ ".bzr" ".cache" ".git" ".hg" ".svn" ]`, if supported by the locate implementation (i.e. mlocate or plocate). ''; - description = lib.mdDoc '' + description = '' Directory components which should exclude paths containing them from indexing ''; }; @@ -190,7 +190,7 @@ in pruneBindMounts = mkOption { type = bool; default = false; - description = lib.mdDoc '' + description = '' Whether not to index bind mounts ''; }; diff --git a/nixpkgs/nixos/modules/misc/man-db.nix b/nixpkgs/nixos/modules/misc/man-db.nix index 75f822c3448f..c1505d5f9832 100644 --- a/nixpkgs/nixos/modules/misc/man-db.nix +++ b/nixpkgs/nixos/modules/misc/man-db.nix @@ -7,7 +7,7 @@ in { options = { documentation.man.man-db = { - enable = lib.mkEnableOption (lib.mdDoc "man-db as the default man page viewer") // { + enable = lib.mkEnableOption "man-db as the default man page viewer" // { default = config.documentation.man.enable; defaultText = lib.literalExpression "config.documentation.man.enable"; example = false; @@ -17,7 +17,7 @@ in type = lib.types.listOf lib.types.package; default = []; internal = true; - description = lib.mdDoc '' + description = '' Packages to *not* include in the man-db. This can be useful to avoid unnecessary rebuilds due to packages that change frequently, like nixos-version. ''; @@ -34,7 +34,7 @@ in ignoreCollisions = true; }; defaultText = lib.literalMD "all man pages in {option}`config.environment.systemPackages`"; - description = lib.mdDoc '' + description = '' The manual pages to generate caches for if {option}`documentation.man.generateCaches` is enabled. Must be a path to a directory with man pages under `/share/man`; see the source for an example. @@ -46,7 +46,7 @@ in type = lib.types.package; default = pkgs.man-db; defaultText = lib.literalExpression "pkgs.man-db"; - description = lib.mdDoc '' + description = '' The `man-db` derivation to use. Useful to override configuration options used for the package. ''; diff --git a/nixpkgs/nixos/modules/misc/meta.nix b/nixpkgs/nixos/modules/misc/meta.nix index 95f2765aff1e..e5ab3a951537 100644 --- a/nixpkgs/nixos/modules/misc/meta.nix +++ b/nixpkgs/nixos/modules/misc/meta.nix @@ -38,7 +38,7 @@ in internal = true; default = []; example = literalExpression ''[ lib.maintainers.all ]''; - description = lib.mdDoc '' + description = '' List of maintainers of each module. This option should be defined at most once per module. ''; @@ -48,7 +48,7 @@ in type = docFile; internal = true; example = "./meta.chapter.md"; - description = lib.mdDoc '' + description = '' Documentation prologue for the set of options of each module. This option should be defined at most once per module. ''; @@ -60,7 +60,7 @@ in }; internal = true; default = true; - description = lib.mdDoc '' + description = '' Whether to include this module in the split options doc build. Disable if the module references `config`, `pkgs` or other module arguments that cannot be evaluated as constants. diff --git a/nixpkgs/nixos/modules/misc/nixops-autoluks.nix b/nixpkgs/nixos/modules/misc/nixops-autoluks.nix index e6817633119d..9b5a376027f5 100644 --- a/nixpkgs/nixos/modules/misc/nixops-autoluks.nix +++ b/nixpkgs/nixos/modules/misc/nixops-autoluks.nix @@ -5,7 +5,7 @@ let inherit (config.nixops) enableDeprecatedAutoLuks; in { - options.nixops.enableDeprecatedAutoLuks = lib.mkEnableOption (lib.mdDoc "the deprecated NixOps AutoLuks module"); + options.nixops.enableDeprecatedAutoLuks = lib.mkEnableOption "the deprecated NixOps AutoLuks module"; config = { assertions = [ diff --git a/nixpkgs/nixos/modules/misc/nixpkgs-flake.nix b/nixpkgs/nixos/modules/misc/nixpkgs-flake.nix index 8bfe05ca1994..f58c3fbbe2e2 100644 --- a/nixpkgs/nixos/modules/misc/nixpkgs-flake.nix +++ b/nixpkgs/nixos/modules/misc/nixpkgs-flake.nix @@ -20,7 +20,7 @@ in example = ''builtins.fetchTarball { name = "source"; sha256 = "${lib.fakeHash}"; url = "https://github.com/nixos/nixpkgs/archive/somecommit.tar.gz"; }''; - description = mdDoc '' + description = '' The path to the nixpkgs sources used to build the system. This is automatically set up to be the store path of the nixpkgs flake used to build the system if using `nixpkgs.lib.nixosSystem`, and is otherwise null by default. @@ -40,7 +40,7 @@ in default = cfg.source != null; defaultText = "config.nixpkgs.flake.source != null"; - description = mdDoc '' + description = '' Whether to set {env}`NIX_PATH` to include `nixpkgs=flake:nixpkgs` such that `<nixpkgs>` lookups receive the version of nixpkgs that the system was built with, in concert with {option}`nixpkgs.flake.setFlakeRegistry`. @@ -60,7 +60,7 @@ in default = cfg.source != null; defaultText = "config.nixpkgs.flake.source != null"; - description = mdDoc '' + description = '' Whether to pin nixpkgs in the system-wide flake registry (`/etc/nix/registry.json`) to the store path of the sources of nixpkgs used to build the NixOS system. diff --git a/nixpkgs/nixos/modules/misc/nixpkgs.nix b/nixpkgs/nixos/modules/misc/nixpkgs.nix index 10f800cd741a..60a6fb57c7a2 100644 --- a/nixpkgs/nixos/modules/misc/nixpkgs.nix +++ b/nixpkgs/nixos/modules/misc/nixpkgs.nix @@ -112,7 +112,7 @@ in ''; type = pkgsType; example = literalExpression "import <nixpkgs> {}"; - description = lib.mdDoc '' + description = '' If set, the pkgs argument to all NixOS modules is the value of this option, extended with `nixpkgs.overlays`, if that is also set. Either `nixpkgs.crossSystem` or @@ -152,12 +152,11 @@ in { allowBroken = true; allowUnfree = true; } ''; type = configType; - description = lib.mdDoc '' - The configuration of the Nix Packages collection. (For - details, see the Nixpkgs documentation.) It allows you to set - package configuration options. + description = '' + Global configuration for Nixpkgs. + The complete list of [Nixpkgs configuration options](https://nixos.org/manual/nixpkgs/unstable/#sec-config-options-reference) is in the [Nixpkgs manual section on global configuration](https://nixos.org/manual/nixpkgs/unstable/#chap-packageconfig). - Ignored when `nixpkgs.pkgs` is set. + Ignored when {option}`nixpkgs.pkgs` is set. ''; }; @@ -175,7 +174,7 @@ in ] ''; type = types.listOf overlayType; - description = lib.mdDoc '' + description = '' List of overlays to apply to Nixpkgs. This option allows modifying the Nixpkgs package set accessed through the `pkgs` module argument. @@ -193,7 +192,7 @@ in apply = lib.systems.elaborate; defaultText = literalExpression ''(import "''${nixos}/../lib").lib.systems.examples.aarch64-multiplatform''; - description = lib.mdDoc '' + description = '' Specifies the platform where the NixOS configuration will run. To cross-compile, set also `nixpkgs.buildPlatform`. @@ -215,7 +214,7 @@ in else elaborated; defaultText = literalExpression ''config.nixpkgs.hostPlatform''; - description = lib.mdDoc '' + description = '' Specifies the platform on which NixOS should be built. By default, NixOS is built on the system where it runs, but you can change where it's built. Setting this option will cause NixOS to be @@ -238,7 +237,7 @@ in apply = lib.systems.elaborate; defaultText = literalExpression ''(import "''${nixos}/../lib").lib.systems.examples.aarch64-multiplatform''; - description = lib.mdDoc '' + description = '' Systems with a recently generated `hardware-configuration.nix` do not need to specify this option, unless cross-compiling, in which case you should set *only* {option}`nixpkgs.buildPlatform`. @@ -267,7 +266,7 @@ in type = types.nullOr types.attrs; # TODO utilize lib.systems.parsedPlatform default = null; example = { system = "aarch64-linux"; }; - description = lib.mdDoc '' + description = '' Systems with a recently generated `hardware-configuration.nix` may instead specify *only* {option}`nixpkgs.buildPlatform`, or fall back to removing the {option}`nixpkgs.hostPlatform` line from the generated config. @@ -306,7 +305,7 @@ in defaultText = lib.literalMD '' Traditionally `builtins.currentSystem`, but unset when invoking NixOS through `lib.nixosSystem`. ''; - description = lib.mdDoc '' + description = '' This option does not need to be specified for NixOS configurations with a recently generated `hardware-configuration.nix`. diff --git a/nixpkgs/nixos/modules/misc/nixpkgs/read-only.nix b/nixpkgs/nixos/modules/misc/nixpkgs/read-only.nix index 2a783216a9d5..e3c4525e7db3 100644 --- a/nixpkgs/nixos/modules/misc/nixpkgs/read-only.nix +++ b/nixpkgs/nixos/modules/misc/nixpkgs/read-only.nix @@ -24,33 +24,33 @@ in nixpkgs = { pkgs = mkOption { type = lib.types.pkgs; - description = lib.mdDoc ''The pkgs module argument.''; + description = ''The pkgs module argument.''; }; config = mkOption { internal = true; type = types.unique { message = "nixpkgs.config is set to read-only"; } types.anything; - description = lib.mdDoc '' + description = '' The Nixpkgs `config` that `pkgs` was initialized with. ''; }; overlays = mkOption { internal = true; type = types.unique { message = "nixpkgs.overlays is set to read-only"; } types.anything; - description = lib.mdDoc '' + description = '' The Nixpkgs overlays that `pkgs` was initialized with. ''; }; hostPlatform = mkOption { internal = true; readOnly = true; - description = lib.mdDoc '' + description = '' The platform of the machine that is running the NixOS configuration. ''; }; buildPlatform = mkOption { internal = true; readOnly = true; - description = lib.mdDoc '' + description = '' The platform of the machine that built the NixOS configuration. ''; }; diff --git a/nixpkgs/nixos/modules/misc/passthru.nix b/nixpkgs/nixos/modules/misc/passthru.nix index beb9d7829037..4e99631fdd85 100644 --- a/nixpkgs/nixos/modules/misc/passthru.nix +++ b/nixpkgs/nixos/modules/misc/passthru.nix @@ -7,7 +7,7 @@ options = { passthru = lib.mkOption { visible = false; - description = lib.mdDoc '' + description = '' This attribute set will be exported as a system attribute. You can put whatever you want here. ''; diff --git a/nixpkgs/nixos/modules/misc/version.nix b/nixpkgs/nixos/modules/misc/version.nix index 79b95ac654d5..d582e0c162de 100644 --- a/nixpkgs/nixos/modules/misc/version.nix +++ b/nixpkgs/nixos/modules/misc/version.nix @@ -65,55 +65,55 @@ in version = mkOption { internal = true; type = types.str; - description = lib.mdDoc "The full NixOS version (e.g. `16.03.1160.f2d4ee1`)."; + description = "The full NixOS version (e.g. `16.03.1160.f2d4ee1`)."; }; release = mkOption { readOnly = true; type = types.str; default = trivial.release; - description = lib.mdDoc "The NixOS release (e.g. `16.03`)."; + description = "The NixOS release (e.g. `16.03`)."; }; versionSuffix = mkOption { internal = true; type = types.str; default = trivial.versionSuffix; - description = lib.mdDoc "The NixOS version suffix (e.g. `1160.f2d4ee1`)."; + description = "The NixOS version suffix (e.g. `1160.f2d4ee1`)."; }; revision = mkOption { internal = true; type = types.nullOr types.str; default = trivial.revisionWithDefault null; - description = lib.mdDoc "The Git revision from which this NixOS configuration was built."; + description = "The Git revision from which this NixOS configuration was built."; }; codeName = mkOption { readOnly = true; type = types.str; default = trivial.codeName; - description = lib.mdDoc "The NixOS release code name (e.g. `Emu`)."; + description = "The NixOS release code name (e.g. `Emu`)."; }; distroId = mkOption { internal = true; type = types.str; default = "nixos"; - description = lib.mdDoc "The id of the operating system"; + description = "The id of the operating system"; }; distroName = mkOption { internal = true; type = types.str; default = "NixOS"; - description = lib.mdDoc "The name of the operating system"; + description = "The name of the operating system"; }; variant_id = mkOption { type = types.nullOr (types.strMatching "^[a-z0-9._-]+$"); default = null; - description = lib.mdDoc "A lower-case string identifying a specific variant or edition of the operating system"; + description = "A lower-case string identifying a specific variant or edition of the operating system"; example = "installer"; }; }; @@ -123,7 +123,7 @@ in id = lib.mkOption { type = types.nullOr (types.strMatching "^[a-z0-9._-]+$"); default = null; - description = lib.mdDoc '' + description = '' Image identifier. This corresponds to the IMAGE_ID field in os-release. See the @@ -137,7 +137,7 @@ in version = lib.mkOption { type = types.nullOr (types.strMatching "^[a-z0-9._-]+$"); default = null; - description = lib.mdDoc '' + description = '' Image version. This corresponds to the IMAGE_VERSION field in os-release. See the @@ -160,7 +160,7 @@ in v; default = cfg.release; defaultText = literalExpression "config.${opt.release}"; - description = lib.mdDoc '' + description = '' This option defines the first version of NixOS you have installed on this particular machine, and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. @@ -193,7 +193,7 @@ in configurationRevision = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "The Git revision of the top-level flake from which this configuration was built."; + description = "The Git revision of the top-level flake from which this configuration was built."; }; }; diff --git a/nixpkgs/nixos/modules/misc/wordlist.nix b/nixpkgs/nixos/modules/misc/wordlist.nix index f01fcb6f5a91..988b522d7431 100644 --- a/nixpkgs/nixos/modules/misc/wordlist.nix +++ b/nixpkgs/nixos/modules/misc/wordlist.nix @@ -8,7 +8,7 @@ in { options = { environment.wordlist = { - enable = mkEnableOption (lib.mdDoc "environment variables for lists of words"); + enable = mkEnableOption "environment variables for lists of words"; lists = mkOption { type = types.attrsOf (types.nonEmptyListOf types.path); @@ -23,7 +23,7 @@ in } ''; - description = lib.mdDoc '' + description = '' A set with the key names being the environment variable you'd like to set and the values being a list of paths to text documents containing lists of words. The various files will be merged, sorted, duplicates diff --git a/nixpkgs/nixos/modules/module-list.nix b/nixpkgs/nixos/modules/module-list.nix index 2ee646291e3b..a3fcbca29bdf 100644 --- a/nixpkgs/nixos/modules/module-list.nix +++ b/nixpkgs/nixos/modules/module-list.nix @@ -54,6 +54,7 @@ ./hardware/corectrl.nix ./hardware/cpu/amd-microcode.nix ./hardware/cpu/amd-sev.nix + ./hardware/cpu/amd-ryzen-smu.nix ./hardware/cpu/intel-microcode.nix ./hardware/cpu/intel-sgx.nix ./hardware/cpu/x86-msr.nix @@ -98,6 +99,7 @@ ./hardware/tuxedo-keyboard.nix ./hardware/ubertooth.nix ./hardware/uinput.nix + ./hardware/uni-sync.nix ./hardware/usb-modeswitch.nix ./hardware/usb-storage.nix ./hardware/video/amdgpu-pro.nix @@ -142,6 +144,7 @@ ./programs/adb.nix ./programs/alvr.nix ./programs/appgate-sdp.nix + ./programs/appimage.nix ./programs/atop.nix ./programs/ausweisapp.nix ./programs/autojump.nix @@ -176,6 +179,7 @@ ./programs/environment.nix ./programs/evince.nix ./programs/extra-container.nix + ./programs/fcast-receiver.nix ./programs/feedbackd.nix ./programs/file-roller.nix ./programs/firefox.nix @@ -210,6 +214,8 @@ ./programs/kbdlight.nix ./programs/kclock.nix ./programs/kdeconnect.nix + ./programs/lazygit.nix + ./programs/kubeswitch.nix ./programs/less.nix ./programs/liboping.nix ./programs/light.nix @@ -228,6 +234,7 @@ ./programs/neovim.nix ./programs/nethoscope.nix ./programs/nexttrace.nix + ./programs/nh.nix ./programs/nix-index.nix ./programs/nix-ld.nix ./programs/nm-applet.nix @@ -249,6 +256,7 @@ ./programs/regreet.nix ./programs/rog-control-center.nix ./programs/rust-motd.nix + ./programs/ryzen-monitor-ng.nix ./programs/screen.nix ./programs/seahorse.nix ./programs/sedutil.nix @@ -258,6 +266,7 @@ ./programs/skim.nix ./programs/slock.nix ./programs/sniffnet.nix + ./programs/soundmodem.nix ./programs/spacefm.nix ./programs/ssh.nix ./programs/starship.nix @@ -279,8 +288,8 @@ ./programs/virt-manager.nix ./programs/wavemon.nix ./programs/wayland/cardboard.nix - ./programs/wayland/labwc.nix ./programs/wayland/hyprland.nix + ./programs/wayland/labwc.nix ./programs/wayland/river.nix ./programs/wayland/sway.nix ./programs/wayland/waybar.nix @@ -316,6 +325,7 @@ ./security/duosec.nix ./security/google_oslogin.nix ./security/ipa.nix + ./security/isolate.nix ./security/krb5 ./security/lock-kernel-modules.nix ./security/misc.nix @@ -331,6 +341,7 @@ ./security/systemd-confinement.nix ./security/tpm2.nix ./security/wrappers/default.nix + ./services/admin/docuum.nix ./services/admin/meshcentral.nix ./services/admin/oxidized.nix ./services/admin/pgadmin.nix @@ -340,7 +351,6 @@ ./services/amqp/rabbitmq.nix ./services/audio/alsa.nix ./services/audio/botamusique.nix - ./services/audio/castopod.nix ./services/audio/gmediarender.nix ./services/audio/gonic.nix ./services/audio/goxlr-utility.nix @@ -362,9 +372,6 @@ ./services/audio/spotifyd.nix ./services/audio/squeezelite.nix ./services/audio/tts.nix - ./services/audio/wyoming/faster-whisper.nix - ./services/audio/wyoming/openwakeword.nix - ./services/audio/wyoming/piper.nix ./services/audio/ympd.nix ./services/backup/automysqlbackup.nix ./services/backup/bacula.nix @@ -509,7 +516,9 @@ ./services/development/nixseparatedebuginfod.nix ./services/development/rstudio-server/default.nix ./services/development/zammad.nix + ./services/display-managers/default.nix ./services/display-managers/greetd.nix + ./services/display-managers/sddm.nix ./services/editors/emacs.nix ./services/editors/haste.nix ./services/editors/infinoted.nix @@ -551,8 +560,9 @@ ./services/hardware/joycond.nix ./services/hardware/kanata.nix ./services/hardware/lcd.nix + ./services/hardware/libinput.nix ./services/hardware/lirc.nix - ./services/hardware/nvidia-container-toolkit-cdi-generator + ./services/hardware/nvidia-container-toolkit ./services/hardware/monado.nix ./services/hardware/nvidia-optimus.nix ./services/hardware/openrgb.nix @@ -588,8 +598,11 @@ ./services/home-automation/evcc.nix ./services/home-automation/govee2mqtt.nix ./services/home-automation/home-assistant.nix - ./services/home-automation/homeassistant-satellite.nix ./services/home-automation/matter-server.nix + ./services/home-automation/wyoming/faster-whisper.nix + ./services/home-automation/wyoming/openwakeword.nix + ./services/home-automation/wyoming/piper.nix + ./services/home-automation/wyoming/satellite.nix ./services/home-automation/zigbee2mqtt.nix ./services/home-automation/zwave-js.nix ./services/logging/SystemdJournal2Gelf.nix @@ -651,6 +664,7 @@ ./services/matrix/hebbot.nix ./services/matrix/maubot.nix ./services/matrix/mautrix-facebook.nix + ./services/matrix/mautrix-meta.nix ./services/matrix/mautrix-telegram.nix ./services/matrix/mautrix-whatsapp.nix ./services/matrix/mjolnir.nix @@ -681,6 +695,7 @@ ./services/misc/clipmenu.nix ./services/misc/confd.nix ./services/misc/cpuminer-cryptonight.nix + ./services/misc/db-rest.nix ./services/misc/devmon.nix ./services/misc/dictd.nix ./services/misc/disnix.nix @@ -706,6 +721,7 @@ ./services/misc/gogs.nix ./services/misc/gollum.nix ./services/misc/gpsd.nix + ./services/misc/graphical-desktop.nix ./services/misc/greenclip.nix ./services/misc/guix ./services/misc/headphones.nix @@ -713,6 +729,7 @@ ./services/misc/homepage-dashboard.nix ./services/misc/ihaskell.nix ./services/misc/input-remapper.nix + ./services/misc/invidious-router.nix ./services/misc/irkerd.nix ./services/misc/jackett.nix ./services/misc/jellyfin.nix @@ -797,7 +814,9 @@ ./services/misc/transfer-sh.nix ./services/misc/tzupdate.nix ./services/misc/uhub.nix + ./services/misc/wastebin.nix ./services/misc/weechat.nix + ./services/misc/workout-tracker.nix ./services/misc/xmr-stak.nix ./services/misc/xmrig.nix ./services/misc/zoneminder.nix @@ -837,6 +856,7 @@ ./services/monitoring/munin.nix ./services/monitoring/nagios.nix ./services/monitoring/netdata.nix + ./services/monitoring/nezha-agent.nix ./services/monitoring/ocsinventory-agent.nix ./services/monitoring/opentelemetry-collector.nix ./services/monitoring/osquery.nix @@ -927,6 +947,7 @@ ./services/networking/charybdis.nix ./services/networking/chisel-server.nix ./services/networking/cjdns.nix + ./services/networking/clatd.nix ./services/networking/cloudflare-dyndns.nix ./services/networking/cloudflared.nix ./services/networking/cntlm.nix @@ -995,6 +1016,7 @@ ./services/networking/icecream/daemon.nix ./services/networking/icecream/scheduler.nix ./services/networking/imaginary.nix + ./services/networking/inadyn.nix ./services/networking/inspircd.nix ./services/networking/iodine.nix ./services/networking/iperf3.nix @@ -1009,6 +1031,7 @@ ./services/networking/jigasi.nix ./services/networking/jitsi-videobridge.nix ./services/networking/jool.nix + ./services/networking/jotta-cli.nix ./services/networking/kea.nix ./services/networking/keepalived/default.nix ./services/networking/keybase.nix @@ -1053,6 +1076,7 @@ ./services/networking/ndppd.nix ./services/networking/nebula.nix ./services/networking/netbird.nix + ./services/networking/netbird/server.nix ./services/networking/netclient.nix ./services/networking/networkd-dispatcher.nix ./services/networking/networkmanager.nix @@ -1143,15 +1167,18 @@ ./services/networking/strongswan.nix ./services/networking/stubby.nix ./services/networking/stunnel.nix + ./services/networking/sunshine.nix ./services/networking/supplicant.nix ./services/networking/supybot.nix ./services/networking/syncplay.nix ./services/networking/syncthing-relay.nix ./services/networking/syncthing.nix ./services/networking/tailscale.nix + ./services/networking/tailscale-auth.nix ./services/networking/tayga.nix ./services/networking/tcpcrypt.nix ./services/networking/teamspeak3.nix + ./services/networking/technitium-dns-server.nix ./services/networking/teleport.nix ./services/networking/tetrd.nix ./services/networking/tftpd.nix @@ -1204,6 +1231,7 @@ ./services/search/elasticsearch-curator.nix ./services/search/elasticsearch.nix ./services/search/hound.nix + ./services/search/manticore.nix ./services/search/meilisearch.nix ./services/search/opensearch.nix ./services/search/qdrant.nix @@ -1231,8 +1259,8 @@ ./services/security/kanidm.nix ./services/security/munge.nix ./services/security/nginx-sso.nix - ./services/security/oauth2_proxy.nix - ./services/security/oauth2_proxy_nginx.nix + ./services/security/oauth2-proxy.nix + ./services/security/oauth2-proxy-nginx.nix ./services/security/opensnitch.nix ./services/security/pass-secret-service.nix ./services/security/physlock.nix @@ -1299,12 +1327,15 @@ ./services/web-apps/bookstack.nix ./services/web-apps/c2fmzq-server.nix ./services/web-apps/calibre-web.nix + ./services/web-apps/castopod.nix ./services/web-apps/coder.nix ./services/web-apps/changedetection-io.nix ./services/web-apps/chatgpt-retrieval-plugin.nix ./services/web-apps/cloudlog.nix ./services/web-apps/code-server.nix ./services/web-apps/convos.nix + ./services/web-apps/crabfit.nix + ./services/web-apps/davis.nix ./services/web-apps/dex.nix ./services/web-apps/discourse.nix ./services/web-apps/documize.nix @@ -1312,6 +1343,7 @@ ./services/web-apps/dolibarr.nix ./services/web-apps/engelsystem.nix ./services/web-apps/ethercalc.nix + ./services/web-apps/firefly-iii.nix ./services/web-apps/fluidd.nix ./services/web-apps/freshrss.nix ./services/web-apps/galene.nix @@ -1351,12 +1383,14 @@ ./services/web-apps/miniflux.nix ./services/web-apps/monica.nix ./services/web-apps/moodle.nix + ./services/web-apps/movim.nix ./services/web-apps/netbox.nix ./services/web-apps/nextcloud.nix ./services/web-apps/nextcloud-notify_push.nix ./services/web-apps/nexus.nix ./services/web-apps/nifi.nix ./services/web-apps/node-red.nix + ./services/web-apps/ocis.nix ./services/web-apps/onlyoffice.nix ./services/web-apps/openvscode-server.nix ./services/web-apps/mobilizon.nix @@ -1380,6 +1414,7 @@ ./services/web-apps/rss-bridge.nix ./services/web-apps/selfoss.nix ./services/web-apps/shiori.nix + ./services/web-apps/silverbullet.nix ./services/web-apps/slskd.nix ./services/web-apps/snipe-it.nix ./services/web-apps/sogo.nix @@ -1433,7 +1468,6 @@ ./services/x11/display-managers/default.nix ./services/x11/display-managers/gdm.nix ./services/x11/display-managers/lightdm.nix - ./services/x11/display-managers/sddm.nix ./services/x11/display-managers/slim.nix ./services/x11/display-managers/startx.nix ./services/x11/display-managers/sx.nix @@ -1443,7 +1477,6 @@ ./services/x11/gdk-pixbuf.nix ./services/x11/hardware/cmt.nix ./services/x11/hardware/digimend.nix - ./services/x11/hardware/libinput.nix ./services/x11/hardware/synaptics.nix ./services/x11/hardware/wacom.nix ./services/x11/imwheel.nix diff --git a/nixpkgs/nixos/modules/profiles/clone-config.nix b/nixpkgs/nixos/modules/profiles/clone-config.nix index ba65a250d25a..3f669ba7d2e1 100644 --- a/nixpkgs/nixos/modules/profiles/clone-config.nix +++ b/nixpkgs/nixos/modules/profiles/clone-config.nix @@ -61,7 +61,7 @@ in installer.cloneConfig = mkOption { default = true; - description = lib.mdDoc '' + description = '' Try to clone the installation-device configuration by re-using it's profile from the list of imported modules. ''; @@ -70,14 +70,14 @@ in installer.cloneConfigIncludes = mkOption { default = []; example = [ "./nixos/modules/hardware/network/rt73.nix" ]; - description = lib.mdDoc '' + description = '' List of modules used to re-build this installation device profile. ''; }; installer.cloneConfigExtra = mkOption { default = ""; - description = lib.mdDoc '' + description = '' Extra text to include in the cloned configuration.nix included in this installer. ''; diff --git a/nixpkgs/nixos/modules/profiles/demo.nix b/nixpkgs/nixos/modules/profiles/demo.nix index 4e8c74deedba..52ba40902e87 100644 --- a/nixpkgs/nixos/modules/profiles/demo.nix +++ b/nixpkgs/nixos/modules/profiles/demo.nix @@ -11,7 +11,7 @@ uid = 1000; }; - services.xserver.displayManager = { + services.displayManager = { autoLogin = { enable = true; user = "demo"; diff --git a/nixpkgs/nixos/modules/profiles/graphical.nix b/nixpkgs/nixos/modules/profiles/graphical.nix index d80456cede56..72b865c584f0 100644 --- a/nixpkgs/nixos/modules/profiles/graphical.nix +++ b/nixpkgs/nixos/modules/profiles/graphical.nix @@ -6,10 +6,11 @@ { services.xserver = { enable = true; + desktopManager.plasma5.enable = true; + }; + + services = { displayManager.sddm.enable = true; - desktopManager.plasma5 = { - enable = true; - }; libinput.enable = true; # for touchpad support on many laptops }; diff --git a/nixpkgs/nixos/modules/programs/_1password-gui.nix b/nixpkgs/nixos/modules/programs/_1password-gui.nix index eb2effee4326..b21e8783f660 100644 --- a/nixpkgs/nixos/modules/programs/_1password-gui.nix +++ b/nixpkgs/nixos/modules/programs/_1password-gui.nix @@ -16,13 +16,13 @@ in options = { programs._1password-gui = { - enable = mkEnableOption (lib.mdDoc "the 1Password GUI application"); + enable = mkEnableOption "the 1Password GUI application"; polkitPolicyOwners = mkOption { type = types.listOf types.str; default = [ ]; example = literalExpression ''["user1" "user2" "user3"]''; - description = lib.mdDoc '' + description = '' A list of users who should be able to integrate 1Password with polkit-based authentication mechanisms. ''; }; diff --git a/nixpkgs/nixos/modules/programs/_1password.nix b/nixpkgs/nixos/modules/programs/_1password.nix index 91246150755d..b87e9b776e85 100644 --- a/nixpkgs/nixos/modules/programs/_1password.nix +++ b/nixpkgs/nixos/modules/programs/_1password.nix @@ -16,7 +16,7 @@ in options = { programs._1password = { - enable = mkEnableOption (lib.mdDoc "the 1Password CLI tool"); + enable = mkEnableOption "the 1Password CLI tool"; package = mkPackageOption pkgs "1Password CLI" { default = [ "_1password" ]; diff --git a/nixpkgs/nixos/modules/programs/adb.nix b/nixpkgs/nixos/modules/programs/adb.nix index e5b0abd9fcfe..d8c700bc36b6 100644 --- a/nixpkgs/nixos/modules/programs/adb.nix +++ b/nixpkgs/nixos/modules/programs/adb.nix @@ -11,7 +11,7 @@ with lib; enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to configure system to use Android Debug Bridge (adb). To grant access to a user, it must be part of adbusers group: `users.users.alice.extraGroups = ["adbusers"];` diff --git a/nixpkgs/nixos/modules/programs/alvr.nix b/nixpkgs/nixos/modules/programs/alvr.nix index c01b74ad3a51..e5de06f1157a 100644 --- a/nixpkgs/nixos/modules/programs/alvr.nix +++ b/nixpkgs/nixos/modules/programs/alvr.nix @@ -8,14 +8,14 @@ in { options = { programs.alvr = { - enable = mkEnableOption (lib.mdDoc "ALVR, the VR desktop streamer"); + enable = mkEnableOption "ALVR, the VR desktop streamer"; package = mkPackageOption pkgs "alvr" { }; openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to open the default ports in the firewall for the ALVR server. ''; }; diff --git a/nixpkgs/nixos/modules/programs/appgate-sdp.nix b/nixpkgs/nixos/modules/programs/appgate-sdp.nix index bdd538dc2f1f..6d61c87eeb61 100644 --- a/nixpkgs/nixos/modules/programs/appgate-sdp.nix +++ b/nixpkgs/nixos/modules/programs/appgate-sdp.nix @@ -5,7 +5,7 @@ with lib; { options = { programs.appgate-sdp = { - enable = mkEnableOption (lib.mdDoc "AppGate SDP VPN client"); + enable = mkEnableOption "the AppGate SDP VPN client"; }; }; diff --git a/nixpkgs/nixos/modules/programs/appimage.nix b/nixpkgs/nixos/modules/programs/appimage.nix new file mode 100644 index 000000000000..0011c2ff578d --- /dev/null +++ b/nixpkgs/nixos/modules/programs/appimage.nix @@ -0,0 +1,33 @@ +{ lib, config, pkgs, ... }: + +let + cfg = config.programs.appimage; +in + +{ + options.programs.appimage = { + enable = lib.mkEnableOption "appimage-run wrapper script for executing appimages on NixOS"; + binfmt = lib.mkEnableOption "binfmt registration to run appimages via appimage-run seamlessly"; + package = lib.mkPackageOption pkgs "appimage-run" { + example = '' + pkgs.appimage-run.override { + extraPkgs = pkgs: [ pkgs.ffmpeg pkgs.imagemagick ]; + } + ''; + }; + }; + + config = lib.mkIf cfg.enable { + boot.binfmt.registrations.appimage = lib.mkIf cfg.binfmt { + wrapInterpreterInShell = false; + interpreter = lib.getExe cfg.package; + recognitionType = "magic"; + offset = 0; + mask = ''\xff\xff\xff\xff\x00\x00\x00\x00\xff\xff\xff''; + magicOrExtension = ''\x7fELF....AI\x02''; + }; + environment.systemPackages = [ cfg.package ]; + }; + + meta.maintainers = with lib.maintainers; [ jopejoe1 atemu ]; +} diff --git a/nixpkgs/nixos/modules/programs/atop.nix b/nixpkgs/nixos/modules/programs/atop.nix index 003cfdbfc8fa..618b64114359 100644 --- a/nixpkgs/nixos/modules/programs/atop.nix +++ b/nixpkgs/nixos/modules/programs/atop.nix @@ -14,7 +14,7 @@ in programs.atop = rec { - enable = mkEnableOption (lib.mdDoc "Atop"); + enable = mkEnableOption "Atop, a tool for monitoring system resources"; package = mkPackageOption pkgs "atop" { }; @@ -22,7 +22,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to install and enable the netatop kernel module. Note: this sets the kernel taint flag "O" for loading out-of-tree modules. ''; @@ -31,7 +31,7 @@ in type = types.package; default = config.boot.kernelPackages.netatop; defaultText = literalExpression "config.boot.kernelPackages.netatop"; - description = lib.mdDoc '' + description = '' Which package to use for netatop. ''; }; @@ -40,7 +40,7 @@ in atopgpu.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to install and enable the atopgpud daemon to get information about NVIDIA gpus. ''; @@ -49,7 +49,7 @@ in setuidWrapper.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to install a setuid wrapper for Atop. This is required to use some of the features as non-root user (e.g.: ipc information, netatop, atopgpu). Atop tries to drop the root privileges shortly after starting. @@ -59,7 +59,7 @@ in atopService.enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable the atop service responsible for storing statistics for long-term analysis. ''; @@ -67,7 +67,7 @@ in atopRotateTimer.enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable the atop-rotate timer, which restarts the atop service daily to make sure the data files are rotate. ''; @@ -75,7 +75,7 @@ in atopacctService.enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable the atopacct service which manages process accounting. This allows Atop to gather data about processes that disappeared in between two refresh intervals. @@ -88,7 +88,7 @@ in flags = "a1f"; interval = 5; }; - description = lib.mdDoc '' + description = '' Parameters to be written to {file}`/etc/atoprc`. ''; }; diff --git a/nixpkgs/nixos/modules/programs/ausweisapp.nix b/nixpkgs/nixos/modules/programs/ausweisapp.nix index 91870df20246..0359e58c554c 100644 --- a/nixpkgs/nixos/modules/programs/ausweisapp.nix +++ b/nixpkgs/nixos/modules/programs/ausweisapp.nix @@ -7,10 +7,10 @@ let in { options.programs.ausweisapp = { - enable = mkEnableOption (lib.mdDoc "AusweisApp"); + enable = mkEnableOption "AusweisApp"; openFirewall = mkOption { - description = lib.mdDoc '' + description = '' Whether to open the required firewall ports for the Smartphone as Card Reader (SaC) functionality of AusweisApp. ''; default = false; diff --git a/nixpkgs/nixos/modules/programs/autojump.nix b/nixpkgs/nixos/modules/programs/autojump.nix index dde6870d9890..ecfc2f658079 100644 --- a/nixpkgs/nixos/modules/programs/autojump.nix +++ b/nixpkgs/nixos/modules/programs/autojump.nix @@ -13,7 +13,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable autojump. ''; }; diff --git a/nixpkgs/nixos/modules/programs/bandwhich.nix b/nixpkgs/nixos/modules/programs/bandwhich.nix index aa6a0dfb6ffd..2c78584f2d24 100644 --- a/nixpkgs/nixos/modules/programs/bandwhich.nix +++ b/nixpkgs/nixos/modules/programs/bandwhich.nix @@ -11,7 +11,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to add bandwhich to the global environment and configure a setcap wrapper for it. ''; diff --git a/nixpkgs/nixos/modules/programs/bash-my-aws.nix b/nixpkgs/nixos/modules/programs/bash-my-aws.nix index 10f16cae651b..15e429a75497 100644 --- a/nixpkgs/nixos/modules/programs/bash-my-aws.nix +++ b/nixpkgs/nixos/modules/programs/bash-my-aws.nix @@ -13,7 +13,7 @@ in { options = { programs.bash-my-aws = { - enable = mkEnableOption (lib.mdDoc "bash-my-aws"); + enable = mkEnableOption "bash-my-aws"; }; }; diff --git a/nixpkgs/nixos/modules/programs/bash/bash-completion.nix b/nixpkgs/nixos/modules/programs/bash/bash-completion.nix index 96fbe0126d66..b8e5b1bfa336 100644 --- a/nixpkgs/nixos/modules/programs/bash/bash-completion.nix +++ b/nixpkgs/nixos/modules/programs/bash/bash-completion.nix @@ -7,7 +7,7 @@ let in { options = { - programs.bash.enableCompletion = mkEnableOption (lib.mdDoc "Bash completion for all interactive bash shells") // { + programs.bash.enableCompletion = mkEnableOption "Bash completion for all interactive bash shells" // { default = true; }; }; diff --git a/nixpkgs/nixos/modules/programs/bash/bash.nix b/nixpkgs/nixos/modules/programs/bash/bash.nix index 7d3322ea5e50..21ef8338d8dd 100644 --- a/nixpkgs/nixos/modules/programs/bash/bash.nix +++ b/nixpkgs/nixos/modules/programs/bash/bash.nix @@ -30,7 +30,7 @@ in /* enable = mkOption { default = true; - description = lib.mdDoc '' + description = '' Whenever to configure Bash as an interactive shell. Note that this tries to make Bash the default {option}`users.defaultUserShell`, @@ -44,7 +44,7 @@ in shellAliases = mkOption { default = {}; - description = lib.mdDoc '' + description = '' Set of aliases for bash shell, which overrides {option}`environment.shellAliases`. See {option}`environment.shellAliases` for an option format description. ''; @@ -53,7 +53,7 @@ in shellInit = mkOption { default = ""; - description = lib.mdDoc '' + description = '' Shell script code called during bash shell initialisation. ''; type = types.lines; @@ -61,7 +61,7 @@ in loginShellInit = mkOption { default = ""; - description = lib.mdDoc '' + description = '' Shell script code called during login bash shell initialisation. ''; type = types.lines; @@ -69,7 +69,7 @@ in interactiveShellInit = mkOption { default = ""; - description = lib.mdDoc '' + description = '' Shell script code called during interactive bash shell initialisation. ''; type = types.lines; @@ -92,7 +92,7 @@ in fi fi ''; - description = lib.mdDoc '' + description = '' Shell script code used to initialise the bash prompt. ''; type = types.lines; @@ -100,7 +100,7 @@ in promptPluginInit = mkOption { default = ""; - description = lib.mdDoc '' + description = '' Shell script code used to initialise bash prompt plugins. ''; type = types.lines; diff --git a/nixpkgs/nixos/modules/programs/bash/blesh.nix b/nixpkgs/nixos/modules/programs/bash/blesh.nix index 8fa51bef7744..ea342b0ce3ee 100644 --- a/nixpkgs/nixos/modules/programs/bash/blesh.nix +++ b/nixpkgs/nixos/modules/programs/bash/blesh.nix @@ -4,7 +4,7 @@ let cfg = config.programs.bash.blesh; in { options = { - programs.bash.blesh.enable = mkEnableOption (mdDoc "blesh"); + programs.bash.blesh.enable = mkEnableOption "blesh, a full-featured line editor written in pure Bash"; }; config = mkIf cfg.enable { diff --git a/nixpkgs/nixos/modules/programs/bash/ls-colors.nix b/nixpkgs/nixos/modules/programs/bash/ls-colors.nix index 6a5253a3cca2..254ee14c477d 100644 --- a/nixpkgs/nixos/modules/programs/bash/ls-colors.nix +++ b/nixpkgs/nixos/modules/programs/bash/ls-colors.nix @@ -7,7 +7,7 @@ let in { options = { - programs.bash.enableLsColors = mkEnableOption (lib.mdDoc "extra colors in directory listings") // { + programs.bash.enableLsColors = mkEnableOption "extra colors in directory listings" // { default = true; }; }; diff --git a/nixpkgs/nixos/modules/programs/bash/undistract-me.nix b/nixpkgs/nixos/modules/programs/bash/undistract-me.nix index 587b649377df..0e6465e048a1 100644 --- a/nixpkgs/nixos/modules/programs/bash/undistract-me.nix +++ b/nixpkgs/nixos/modules/programs/bash/undistract-me.nix @@ -8,13 +8,13 @@ in { options = { programs.bash.undistractMe = { - enable = mkEnableOption (lib.mdDoc "notifications when long-running terminal commands complete"); + enable = mkEnableOption "notifications when long-running terminal commands complete"; - playSound = mkEnableOption (lib.mdDoc "notification sounds when long-running terminal commands complete"); + playSound = mkEnableOption "notification sounds when long-running terminal commands complete"; timeout = mkOption { default = 10; - description = lib.mdDoc '' + description = '' Number of seconds it would take for a command to be considered long-running. ''; type = types.int; diff --git a/nixpkgs/nixos/modules/programs/bcc.nix b/nixpkgs/nixos/modules/programs/bcc.nix index ff29d56bedb9..f799524b9c07 100644 --- a/nixpkgs/nixos/modules/programs/bcc.nix +++ b/nixpkgs/nixos/modules/programs/bcc.nix @@ -1,6 +1,6 @@ { config, pkgs, lib, ... }: { - options.programs.bcc.enable = lib.mkEnableOption (lib.mdDoc "bcc"); + options.programs.bcc.enable = lib.mkEnableOption "bcc, tools for BPF-based Linux IO analysis, networking, monitoring, and more"; config = lib.mkIf config.programs.bcc.enable { environment.systemPackages = [ pkgs.bcc ]; diff --git a/nixpkgs/nixos/modules/programs/browserpass.nix b/nixpkgs/nixos/modules/programs/browserpass.nix index a9670a37e618..2894e237e3d4 100644 --- a/nixpkgs/nixos/modules/programs/browserpass.nix +++ b/nixpkgs/nixos/modules/programs/browserpass.nix @@ -4,7 +4,7 @@ with lib; { - options.programs.browserpass.enable = mkEnableOption (lib.mdDoc "Browserpass native messaging host"); + options.programs.browserpass.enable = mkEnableOption "Browserpass native messaging host"; config = mkIf config.programs.browserpass.enable { environment.etc = let diff --git a/nixpkgs/nixos/modules/programs/calls.nix b/nixpkgs/nixos/modules/programs/calls.nix index 3d757bc1fc32..0cf05f8a2ea0 100644 --- a/nixpkgs/nixos/modules/programs/calls.nix +++ b/nixpkgs/nixos/modules/programs/calls.nix @@ -7,9 +7,9 @@ let in { options = { programs.calls = { - enable = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption '' GNOME calls: a phone dialer and call handler - ''); + ''; }; }; diff --git a/nixpkgs/nixos/modules/programs/captive-browser.nix b/nixpkgs/nixos/modules/programs/captive-browser.nix index 1c3ee7638ee0..8f0aa2fe1e6a 100644 --- a/nixpkgs/nixos/modules/programs/captive-browser.nix +++ b/nixpkgs/nixos/modules/programs/captive-browser.nix @@ -49,13 +49,13 @@ in options = { programs.captive-browser = { - enable = mkEnableOption (lib.mdDoc "captive browser"); + enable = mkEnableOption "captive browser, a dedicated Chrome instance to log into captive portals without messing with DNS settings"; package = mkPackageOption pkgs "captive-browser" { }; interface = mkOption { type = types.str; - description = lib.mdDoc "your public network interface (wlp3s0, wlan0, eth0, ...)"; + description = "your public network interface (wlp3s0, wlan0, eth0, ...)"; }; # the options below are the same as in "captive-browser.toml" @@ -63,7 +63,7 @@ in type = types.str; default = browserDefault pkgs.chromium; defaultText = literalExpression (browserDefault "\${pkgs.chromium}"); - description = lib.mdDoc '' + description = '' The shell (/bin/sh) command executed once the proxy starts. When browser exits, the proxy exits. An extra env var PROXY is available. @@ -79,7 +79,7 @@ in dhcp-dns = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The shell (/bin/sh) command executed to obtain the DHCP DNS server address. The first match of an IPv4 regex is used. IPv4 only, because let's be real, it's a captive portal. @@ -89,13 +89,13 @@ in socks5-addr = mkOption { type = types.str; default = "localhost:1666"; - description = lib.mdDoc "the listen address for the SOCKS5 proxy server"; + description = "the listen address for the SOCKS5 proxy server"; }; bindInterface = mkOption { default = true; type = types.bool; - description = lib.mdDoc '' + description = '' Binds `captive-browser` to the network interface declared in `cfg.interface`. This can be used to avoid collisions with private subnets. diff --git a/nixpkgs/nixos/modules/programs/ccache.nix b/nixpkgs/nixos/modules/programs/ccache.nix index 7972b2ac4a56..bfcbe39b3ff0 100644 --- a/nixpkgs/nixos/modules/programs/ccache.nix +++ b/nixpkgs/nixos/modules/programs/ccache.nix @@ -5,28 +5,28 @@ let in { options.programs.ccache = { # host configuration - enable = lib.mkEnableOption (lib.mdDoc "CCache"); + enable = lib.mkEnableOption "CCache, a compiler cache for fast recompilation of C/C++ code"; cacheDir = lib.mkOption { type = lib.types.path; - description = lib.mdDoc "CCache directory"; + description = "CCache directory"; default = "/var/cache/ccache"; }; # target configuration packageNames = lib.mkOption { type = lib.types.listOf lib.types.str; - description = lib.mdDoc "Nix top-level packages to be compiled using CCache"; + description = "Nix top-level packages to be compiled using CCache"; default = []; example = [ "wxGTK32" "ffmpeg" "libav_all" ]; }; owner = lib.mkOption { type = lib.types.str; default = "root"; - description = lib.mdDoc "Owner of CCache directory"; + description = "Owner of CCache directory"; }; group = lib.mkOption { type = lib.types.str; default = "nixbld"; - description = lib.mdDoc "Group owner of CCache directory"; + description = "Group owner of CCache directory"; }; }; diff --git a/nixpkgs/nixos/modules/programs/cdemu.nix b/nixpkgs/nixos/modules/programs/cdemu.nix index 7eba4d29d83b..3ee8b2d8fcd6 100644 --- a/nixpkgs/nixos/modules/programs/cdemu.nix +++ b/nixpkgs/nixos/modules/programs/cdemu.nix @@ -10,7 +10,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' {command}`cdemu` for members of {option}`programs.cdemu.group`. ''; @@ -18,21 +18,21 @@ in { group = mkOption { type = types.str; default = "cdrom"; - description = lib.mdDoc '' + description = '' Group that users must be in to use {command}`cdemu`. ''; }; gui = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to install the {command}`cdemu` GUI (gCDEmu). ''; }; image-analyzer = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to install the image analyzer. ''; }; diff --git a/nixpkgs/nixos/modules/programs/cfs-zen-tweaks.nix b/nixpkgs/nixos/modules/programs/cfs-zen-tweaks.nix index fc05bcd11ecb..28d1ef5992d7 100644 --- a/nixpkgs/nixos/modules/programs/cfs-zen-tweaks.nix +++ b/nixpkgs/nixos/modules/programs/cfs-zen-tweaks.nix @@ -17,7 +17,7 @@ in }; options = { - programs.cfs-zen-tweaks.enable = mkEnableOption (lib.mdDoc "CFS Zen Tweaks"); + programs.cfs-zen-tweaks.enable = mkEnableOption "CFS Zen Tweaks"; }; config = mkIf cfg.enable { diff --git a/nixpkgs/nixos/modules/programs/chromium.nix b/nixpkgs/nixos/modules/programs/chromium.nix index 5e8983730048..fa5abe957a90 100644 --- a/nixpkgs/nixos/modules/programs/chromium.nix +++ b/nixpkgs/nixos/modules/programs/chromium.nix @@ -19,15 +19,15 @@ in options = { programs.chromium = { - enable = mkEnableOption (lib.mdDoc "{command}`chromium` policies"); + enable = mkEnableOption "{command}`chromium` policies"; - enablePlasmaBrowserIntegration = mkEnableOption (lib.mdDoc "Native Messaging Host for Plasma Browser Integration"); + enablePlasmaBrowserIntegration = mkEnableOption "Native Messaging Host for Plasma Browser Integration"; plasmaBrowserIntegrationPackage = mkPackageOption pkgs [ "plasma5Packages" "plasma-browser-integration" ] { }; extensions = mkOption { type = with types; nullOr (listOf str); - description = lib.mdDoc '' + description = '' List of chromium extensions to install. For list of plugins ids see id in url of extensions on [chrome web store](https://chrome.google.com/webstore/category/extensions) @@ -50,35 +50,35 @@ in homepageLocation = mkOption { type = types.nullOr types.str; - description = lib.mdDoc "Chromium default homepage"; + description = "Chromium default homepage"; default = null; example = "https://nixos.org"; }; defaultSearchProviderEnabled = mkOption { type = types.nullOr types.bool; - description = lib.mdDoc "Enable the default search provider."; + description = "Enable the default search provider."; default = null; example = true; }; defaultSearchProviderSearchURL = mkOption { type = types.nullOr types.str; - description = lib.mdDoc "Chromium default search provider url."; + description = "Chromium default search provider url."; default = null; example = "https://encrypted.google.com/search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}"; }; defaultSearchProviderSuggestURL = mkOption { type = types.nullOr types.str; - description = lib.mdDoc "Chromium default search provider url for suggestions."; + description = "Chromium default search provider url for suggestions."; default = null; example = "https://encrypted.google.com/complete/search?output=chrome&q={searchTerms}"; }; extraOpts = mkOption { type = types.attrs; - description = lib.mdDoc '' + description = '' Extra chromium policy options. A list of available policies can be found in the Chrome Enterprise documentation: <https://cloud.google.com/docs/chrome-enterprise/policies/> @@ -101,7 +101,7 @@ in initialPrefs = mkOption { type = types.attrs; - description = lib.mdDoc '' + description = '' Initial preferences are used to configure the browser for the first run. Unlike {option}`programs.chromium.extraOpts`, initialPrefs can be changed by users in the browser settings. More information can be found in the Chromium documentation: diff --git a/nixpkgs/nixos/modules/programs/clash-verge.nix b/nixpkgs/nixos/modules/programs/clash-verge.nix index e1afafa7cadc..4425fe1a9fe7 100644 --- a/nixpkgs/nixos/modules/programs/clash-verge.nix +++ b/nixpkgs/nixos/modules/programs/clash-verge.nix @@ -2,10 +2,10 @@ { options.programs.clash-verge = { - enable = lib.mkEnableOption (lib.mdDoc "Clash Verge"); + enable = lib.mkEnableOption "Clash Verge"; package = lib.mkPackageOption pkgs "clash-verge" {}; - autoStart = lib.mkEnableOption (lib.mdDoc "Clash Verge auto launch"); - tunMode = lib.mkEnableOption (lib.mdDoc "Clash Verge TUN mode"); + autoStart = lib.mkEnableOption "Clash Verge auto launch"; + tunMode = lib.mkEnableOption "Clash Verge TUN mode"; }; config = diff --git a/nixpkgs/nixos/modules/programs/cnping.nix b/nixpkgs/nixos/modules/programs/cnping.nix index 143267fc9a42..77cbf4d82086 100644 --- a/nixpkgs/nixos/modules/programs/cnping.nix +++ b/nixpkgs/nixos/modules/programs/cnping.nix @@ -8,7 +8,7 @@ in { options = { programs.cnping = { - enable = mkEnableOption (lib.mdDoc "a setcap wrapper for cnping"); + enable = mkEnableOption "a setcap wrapper for cnping"; }; }; diff --git a/nixpkgs/nixos/modules/programs/command-not-found/command-not-found.nix b/nixpkgs/nixos/modules/programs/command-not-found/command-not-found.nix index b5c7626bd207..4d2a89b51584 100644 --- a/nixpkgs/nixos/modules/programs/command-not-found/command-not-found.nix +++ b/nixpkgs/nixos/modules/programs/command-not-found/command-not-found.nix @@ -26,7 +26,7 @@ in enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether interactive shells should show which Nix package (if any) provides a missing command. ''; @@ -34,7 +34,7 @@ in dbPath = mkOption { default = "/nix/var/nix/profiles/per-user/root/channels/nixos/programs.sqlite" ; - description = lib.mdDoc '' + description = '' Absolute path to programs.sqlite. By default this file will be provided by your channel diff --git a/nixpkgs/nixos/modules/programs/coolercontrol.nix b/nixpkgs/nixos/modules/programs/coolercontrol.nix index 6e7299ad16b7..8c9a39d2eba9 100644 --- a/nixpkgs/nixos/modules/programs/coolercontrol.nix +++ b/nixpkgs/nixos/modules/programs/coolercontrol.nix @@ -10,28 +10,50 @@ in { ##### interface options = { - programs.coolercontrol.enable = lib.mkEnableOption (lib.mdDoc "CoolerControl GUI & its background services"); + programs.coolercontrol = { + enable = lib.mkEnableOption "CoolerControl GUI & its background services"; + + nvidiaSupport = lib.mkOption { + type = lib.types.bool; + default = lib.elem "nvidia" config.services.xserver.videoDrivers; + defaultText = lib.literalExpression "lib.elem \"nvidia\" config.services.xserver.videoDrivers"; + description = '' + Enable support for Nvidia GPUs. + ''; + }; + }; }; ##### implementation - config = lib.mkIf cfg.enable { - environment.systemPackages = with pkgs.coolercontrol; [ - coolercontrol-gui - ]; - - systemd = { - packages = with pkgs.coolercontrol; [ - coolercontrol-liqctld - coolercontrold + config = lib.mkIf cfg.enable (lib.mkMerge [ + # Common + ({ + environment.systemPackages = with pkgs.coolercontrol; [ + coolercontrol-gui ]; - # https://github.com/NixOS/nixpkgs/issues/81138 - services = { - coolercontrol-liqctld.wantedBy = [ "multi-user.target" ]; - coolercontrold.wantedBy = [ "multi-user.target" ]; + systemd = { + packages = with pkgs.coolercontrol; [ + coolercontrol-liqctld + coolercontrold + ]; + + # https://github.com/NixOS/nixpkgs/issues/81138 + services = { + coolercontrol-liqctld.wantedBy = [ "multi-user.target" ]; + coolercontrold.wantedBy = [ "multi-user.target" ]; + }; }; - }; - }; + }) + + # Nvidia support + (lib.mkIf cfg.nvidiaSupport { + systemd.services.coolercontrold.path = with config.boot.kernelPackages; [ + nvidia_x11 # nvidia-smi + nvidia_x11.settings # nvidia-settings + ]; + }) + ]); meta.maintainers = with lib.maintainers; [ OPNA2608 codifryed ]; } diff --git a/nixpkgs/nixos/modules/programs/criu.nix b/nixpkgs/nixos/modules/programs/criu.nix index 9f03b0c6431a..9414d0b27f0d 100644 --- a/nixpkgs/nixos/modules/programs/criu.nix +++ b/nixpkgs/nixos/modules/programs/criu.nix @@ -10,7 +10,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Install {command}`criu` along with necessary kernel options. ''; }; diff --git a/nixpkgs/nixos/modules/programs/darling.nix b/nixpkgs/nixos/modules/programs/darling.nix index 589a9dd5d603..194b1648b78f 100644 --- a/nixpkgs/nixos/modules/programs/darling.nix +++ b/nixpkgs/nixos/modules/programs/darling.nix @@ -5,7 +5,7 @@ let in { options = { programs.darling = { - enable = lib.mkEnableOption (lib.mdDoc "Darling, a Darwin/macOS compatibility layer for Linux"); + enable = lib.mkEnableOption "Darling, a Darwin/macOS compatibility layer for Linux"; package = lib.mkPackageOption pkgs "darling" {}; }; }; diff --git a/nixpkgs/nixos/modules/programs/dconf.nix b/nixpkgs/nixos/modules/programs/dconf.nix index cf53658c4fad..e6738617c8e3 100644 --- a/nixpkgs/nixos/modules/programs/dconf.nix +++ b/nixpkgs/nixos/modules/programs/dconf.nix @@ -93,12 +93,12 @@ let keyfiles = lib.mkOption { type = listOf (oneOf [ path package ]); default = [ ]; - description = lib.mdDoc "A list of dconf keyfile directories."; + description = "A list of dconf keyfile directories."; }; settings = lib.mkOption { type = attrs; default = { }; - description = lib.mdDoc "An attrset used to generate dconf keyfile."; + description = "An attrset used to generate dconf keyfile."; example = literalExpression '' with lib.gvariant; { @@ -112,7 +112,7 @@ let locks = lib.mkOption { type = with lib.types; listOf str; default = [ ]; - description = lib.mdDoc '' + description = '' A list of dconf keys to be lockdown. This doesn't take effect if `lockAll` is set. ''; @@ -123,7 +123,7 @@ let lockAll = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc "Lockdown all dconf keys in `settings`."; + description = "Lockdown all dconf keys in `settings`."; }; }; }; @@ -133,7 +133,7 @@ let enableUserDb = lib.mkOption { type = bool; default = true; - description = lib.mdDoc "Add `user-db:user` at the beginning of the profile."; + description = "Add `user-db:user` at the beginning of the profile."; }; databases = lib.mkOption { @@ -143,7 +143,7 @@ let dconfDatabase ]); default = [ ]; - description = lib.mdDoc '' + description = '' List of data sources for the profile. An element can be an attrset, or the path of an already compiled database. Each element is converted to a file-db. @@ -161,7 +161,7 @@ in { options = { programs.dconf = { - enable = lib.mkEnableOption (lib.mdDoc "dconf"); + enable = lib.mkEnableOption "dconf"; profiles = lib.mkOption { type = with lib.types; attrsOf (oneOf [ @@ -170,7 +170,7 @@ in dconfProfile ]); default = { }; - description = lib.mdDoc '' + description = '' Attrset of dconf profiles. By default the `user` profile is used which ends up in `/etc/dconf/profile/user`. ''; @@ -193,7 +193,7 @@ in packages = lib.mkOption { type = lib.types.listOf lib.types.package; default = [ ]; - description = lib.mdDoc "A list of packages which provide dconf profiles and databases in {file}`/etc/dconf`."; + description = "A list of packages which provide dconf profiles and databases in {file}`/etc/dconf`."; }; }; }; diff --git a/nixpkgs/nixos/modules/programs/digitalbitbox/default.nix b/nixpkgs/nixos/modules/programs/digitalbitbox/default.nix index bdacbc010c41..10b5a88171fc 100644 --- a/nixpkgs/nixos/modules/programs/digitalbitbox/default.nix +++ b/nixpkgs/nixos/modules/programs/digitalbitbox/default.nix @@ -11,7 +11,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Installs the Digital Bitbox application and enables the complementary hardware module. ''; }; diff --git a/nixpkgs/nixos/modules/programs/direnv.nix b/nixpkgs/nixos/modules/programs/direnv.nix index fdc646eb4b16..6061de58eb8e 100644 --- a/nixpkgs/nixos/modules/programs/direnv.nix +++ b/nixpkgs/nixos/modules/programs/direnv.nix @@ -8,11 +8,11 @@ in { options.programs.direnv = { - enable = lib.mkEnableOption (lib.mdDoc '' + enable = lib.mkEnableOption '' direnv integration. Takes care of both installation and setting up the sourcing of the shell. Additionally enables nix-direnv integration. Note that you need to logout and login for this change to apply - ''); + ''; package = lib.mkPackageOption pkgs "direnv" {}; @@ -23,28 +23,28 @@ in { export FOO="foo" echo "loaded direnv!" ''; - description = lib.mdDoc '' + description = '' Extra lines to append to the sourced direnvrc ''; }; - silent = lib.mkEnableOption (lib.mdDoc '' + silent = lib.mkEnableOption '' the hiding of direnv logging - ''); + ''; loadInNixShell = - lib.mkEnableOption (lib.mdDoc '' + lib.mkEnableOption '' loading direnv in `nix-shell` `nix shell` or `nix develop` - '') + '' // { default = true; }; nix-direnv = { enable = - (lib.mkEnableOption (lib.mdDoc '' + (lib.mkEnableOption '' a faster, persistent implementation of use_nix and use_flake, to replace the built-in one - '')) + '') // { default = true; }; @@ -53,7 +53,7 @@ in { default = pkgs.nix-direnv.override { nix = config.nix.package; }; defaultText = "pkgs.nix-direnv"; type = lib.types.package; - description = lib.mdDoc '' + description = '' The nix-direnv package to use ''; }; diff --git a/nixpkgs/nixos/modules/programs/dmrconfig.nix b/nixpkgs/nixos/modules/programs/dmrconfig.nix index 29268cdfeb50..15338681e642 100644 --- a/nixpkgs/nixos/modules/programs/dmrconfig.nix +++ b/nixpkgs/nixos/modules/programs/dmrconfig.nix @@ -14,7 +14,7 @@ in { enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to configure system to enable use of dmrconfig. This enables the required udev rules and installs the program. ''; diff --git a/nixpkgs/nixos/modules/programs/droidcam.nix b/nixpkgs/nixos/modules/programs/droidcam.nix index c9b4457d1d18..9843a1f5be25 100644 --- a/nixpkgs/nixos/modules/programs/droidcam.nix +++ b/nixpkgs/nixos/modules/programs/droidcam.nix @@ -4,7 +4,7 @@ with lib; { options.programs.droidcam = { - enable = mkEnableOption (lib.mdDoc "DroidCam client"); + enable = mkEnableOption "DroidCam client"; }; config = lib.mkIf config.programs.droidcam.enable { diff --git a/nixpkgs/nixos/modules/programs/dublin-traceroute.nix b/nixpkgs/nixos/modules/programs/dublin-traceroute.nix index cfcd6e8308ff..6ff8a5bdefc3 100644 --- a/nixpkgs/nixos/modules/programs/dublin-traceroute.nix +++ b/nixpkgs/nixos/modules/programs/dublin-traceroute.nix @@ -10,9 +10,9 @@ in { options = { programs.dublin-traceroute = { - enable = mkEnableOption (mdDoc '' + enable = mkEnableOption '' dublin-traceroute, add it to the global environment and configure a setcap wrapper for it. - ''); + ''; package = mkPackageOption pkgs "dublin-traceroute" { }; }; diff --git a/nixpkgs/nixos/modules/programs/ecryptfs.nix b/nixpkgs/nixos/modules/programs/ecryptfs.nix index 63c1a3ad4419..ced5eb26fb9a 100644 --- a/nixpkgs/nixos/modules/programs/ecryptfs.nix +++ b/nixpkgs/nixos/modules/programs/ecryptfs.nix @@ -7,7 +7,7 @@ let in { options.programs.ecryptfs = { - enable = mkEnableOption (lib.mdDoc "ecryptfs setuid mount wrappers"); + enable = mkEnableOption "ecryptfs setuid mount wrappers"; }; config = mkIf cfg.enable { diff --git a/nixpkgs/nixos/modules/programs/evince.nix b/nixpkgs/nixos/modules/programs/evince.nix index ed543d35cc5e..a27e75e6626d 100644 --- a/nixpkgs/nixos/modules/programs/evince.nix +++ b/nixpkgs/nixos/modules/programs/evince.nix @@ -2,29 +2,19 @@ { config, pkgs, lib, ... }: -with lib; - let cfg = config.programs.evince; in { - # Added 2019-08-09 - imports = [ - (mkRenamedOptionModule - [ "services" "gnome3" "evince" "enable" ] - [ "programs" "evince" "enable" ]) - ]; - ###### interface options = { programs.evince = { - enable = mkEnableOption - (lib.mdDoc "Evince, the GNOME document viewer"); + enable = lib.mkEnableOption "Evince, the GNOME document viewer"; - package = mkPackageOption pkgs "evince" { }; + package = lib.mkPackageOption pkgs "evince" { }; }; @@ -33,7 +23,7 @@ in { ###### implementation - config = mkIf config.programs.evince.enable { + config = lib.mkIf config.programs.evince.enable { environment.systemPackages = [ cfg.package ]; diff --git a/nixpkgs/nixos/modules/programs/extra-container.nix b/nixpkgs/nixos/modules/programs/extra-container.nix index 5e717c4d8223..c10ccd769168 100644 --- a/nixpkgs/nixos/modules/programs/extra-container.nix +++ b/nixpkgs/nixos/modules/programs/extra-container.nix @@ -5,10 +5,10 @@ let cfg = config.programs.extra-container; in { options = { - programs.extra-container.enable = mkEnableOption (lib.mdDoc '' + programs.extra-container.enable = mkEnableOption '' extra-container, a tool for running declarative NixOS containers without host system rebuilds - ''); + ''; }; config = mkIf cfg.enable { environment.systemPackages = [ pkgs.extra-container ]; diff --git a/nixpkgs/nixos/modules/programs/fcast-receiver.nix b/nixpkgs/nixos/modules/programs/fcast-receiver.nix new file mode 100644 index 000000000000..2e4e6bf8b242 --- /dev/null +++ b/nixpkgs/nixos/modules/programs/fcast-receiver.nix @@ -0,0 +1,31 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.programs.fcast-receiver; +in +{ + meta = { + maintainers = pkgs.fcast-receiver.meta.maintainers; + }; + + options.programs.fcast-receiver = { + enable = mkEnableOption "FCast Receiver"; + openFirewall = mkOption { + type = types.bool; + default = false; + description = '' + Open ports needed for the functionality of the program. + ''; + }; + package = mkPackageOption pkgs "fcast-receiver" { }; + }; + + config = mkIf cfg.enable { + environment.systemPackages = [ cfg.package ]; + networking.firewall = mkIf cfg.openFirewall { + allowedTCPPorts = [ 46899 ]; + }; + }; +} diff --git a/nixpkgs/nixos/modules/programs/feedbackd.nix b/nixpkgs/nixos/modules/programs/feedbackd.nix index 010287e5cd56..9de604c34a7e 100644 --- a/nixpkgs/nixos/modules/programs/feedbackd.nix +++ b/nixpkgs/nixos/modules/programs/feedbackd.nix @@ -7,11 +7,11 @@ let in { options = { programs.feedbackd = { - enable = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption '' the feedbackd D-BUS service and udev rules. Your user needs to be in the `feedbackd` group to trigger effects - ''); + ''; package = mkPackageOption pkgs "feedbackd" { }; }; }; diff --git a/nixpkgs/nixos/modules/programs/file-roller.nix b/nixpkgs/nixos/modules/programs/file-roller.nix index a343d4a261c9..f64bd732855b 100644 --- a/nixpkgs/nixos/modules/programs/file-roller.nix +++ b/nixpkgs/nixos/modules/programs/file-roller.nix @@ -2,28 +2,19 @@ { config, pkgs, lib, ... }: -with lib; - let cfg = config.programs.file-roller; in { - # Added 2019-08-09 - imports = [ - (mkRenamedOptionModule - [ "services" "gnome3" "file-roller" "enable" ] - [ "programs" "file-roller" "enable" ]) - ]; - ###### interface options = { programs.file-roller = { - enable = mkEnableOption (lib.mdDoc "File Roller, an archive manager for GNOME"); + enable = lib.mkEnableOption "File Roller, an archive manager for GNOME"; - package = mkPackageOption pkgs [ "gnome" "file-roller" ] { }; + package = lib.mkPackageOption pkgs [ "gnome" "file-roller" ] { }; }; @@ -32,7 +23,7 @@ in { ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.systemPackages = [ cfg.package ]; diff --git a/nixpkgs/nixos/modules/programs/firefox.nix b/nixpkgs/nixos/modules/programs/firefox.nix index 29c567783e27..39b30be48de9 100644 --- a/nixpkgs/nixos/modules/programs/firefox.nix +++ b/nixpkgs/nixos/modules/programs/firefox.nix @@ -62,12 +62,12 @@ let in { options.programs.firefox = { - enable = mkEnableOption (mdDoc "the Firefox web browser"); + enable = mkEnableOption "the Firefox web browser"; package = mkOption { type = types.package; default = pkgs.firefox; - description = mdDoc "Firefox package to use."; + description = "Firefox package to use."; defaultText = literalExpression "pkgs.firefox"; relatedPackages = [ "firefox" @@ -81,13 +81,13 @@ in wrapperConfig = mkOption { type = types.attrs; default = {}; - description = mdDoc "Arguments to pass to Firefox wrapper"; + description = "Arguments to pass to Firefox wrapper"; }; policies = mkOption { type = policyFormat.type; default = { }; - description = mdDoc '' + description = '' Group policies to install. See [Mozilla's documentation](https://mozilla.github.io/policy-templates/) @@ -103,7 +103,7 @@ in preferences = mkOption { type = with types; attrsOf (oneOf [ bool int str ]); default = { }; - description = mdDoc '' + description = '' Preferences to set from `about:config`. Some of these might be able to be configured more ergonomically @@ -116,7 +116,7 @@ in preferencesStatus = mkOption { type = types.enum [ "default" "locked" "user" "clear" ]; default = "locked"; - description = mdDoc '' + description = '' The status of `firefox.preferences`. `status` can assume the following values: @@ -230,7 +230,7 @@ in "zh-TW" ])); default = [ ]; - description = mdDoc '' + description = '' The language packs to install. ''; }; @@ -238,7 +238,7 @@ in autoConfig = mkOption { type = types.lines; default = ""; - description = mdDoc '' + description = '' AutoConfig files can be used to set and lock preferences that are not covered by the policies.json for Mac and Linux. This method can be used to automatically change user preferences or prevent the end user from modifiying specific @@ -250,11 +250,11 @@ in packages = mkOption { type = types.listOf types.package; default = []; - description = mdDoc '' + description = '' Additional packages containing native messaging hosts that should be made available to Firefox extensions. ''; }; - }) // (mapAttrs (k: v: mkEnableOption (mdDoc "${v.name} support")) nmhOptions); + }) // (mapAttrs (k: v: mkEnableOption "${v.name} support") nmhOptions); }; config = let diff --git a/nixpkgs/nixos/modules/programs/firejail.nix b/nixpkgs/nixos/modules/programs/firejail.nix index 046c31ce64f6..0510cf8c610d 100644 --- a/nixpkgs/nixos/modules/programs/firejail.nix +++ b/nixpkgs/nixos/modules/programs/firejail.nix @@ -40,32 +40,32 @@ let in { options.programs.firejail = { - enable = mkEnableOption (lib.mdDoc "firejail"); + enable = mkEnableOption "firejail, a sandboxing tool for Linux"; wrappedBinaries = mkOption { type = types.attrsOf (types.either types.path (types.submodule { options = { executable = mkOption { type = types.path; - description = lib.mdDoc "Executable to run sandboxed"; + description = "Executable to run sandboxed"; example = literalExpression ''"''${lib.getBin pkgs.firefox}/bin/firefox"''; }; desktop = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc ".desktop file to modify. Only necessary if it uses the absolute path to the executable."; + description = ".desktop file to modify. Only necessary if it uses the absolute path to the executable."; example = literalExpression ''"''${pkgs.firefox}/share/applications/firefox.desktop"''; }; profile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc "Profile to use"; + description = "Profile to use"; example = literalExpression ''"''${pkgs.firejail}/etc/firejail/firefox.profile"''; }; extraArgs = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc "Extra arguments to pass to firejail"; + description = "Extra arguments to pass to firejail"; example = [ "--private=~/.firejail_home" ]; }; }; @@ -83,7 +83,7 @@ in { }; } ''; - description = lib.mdDoc '' + description = '' Wrap the binaries in firejail and place them in the global path. ''; }; diff --git a/nixpkgs/nixos/modules/programs/fish.nix b/nixpkgs/nixos/modules/programs/fish.nix index a4c20560bc9b..2102a07cd0bc 100644 --- a/nixpkgs/nixos/modules/programs/fish.nix +++ b/nixpkgs/nixos/modules/programs/fish.nix @@ -49,7 +49,7 @@ in enable = mkOption { default = false; - description = lib.mdDoc '' + description = '' Whether to configure fish as an interactive shell. ''; type = types.bool; @@ -58,7 +58,7 @@ in useBabelfish = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' If enabled, the configured environment will be translated to native fish using [babelfish](https://github.com/bouk/babelfish). Otherwise, [foreign-env](https://github.com/oh-my-fish/plugin-foreign-env) will be used. ''; @@ -67,7 +67,7 @@ in vendor.config.enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether fish should source configuration snippets provided by other packages. ''; }; @@ -75,7 +75,7 @@ in vendor.completions.enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether fish should use completion files provided by other packages. ''; }; @@ -83,7 +83,7 @@ in vendor.functions.enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether fish should autoload fish functions provided by other packages. ''; }; @@ -94,7 +94,7 @@ in gco = "git checkout"; npu = "nix-prefetch-url"; }; - description = lib.mdDoc '' + description = '' Set of fish abbreviations. ''; type = with types; attrsOf str; @@ -102,7 +102,7 @@ in shellAliases = mkOption { default = {}; - description = lib.mdDoc '' + description = '' Set of aliases for fish shell, which overrides {option}`environment.shellAliases`. See {option}`environment.shellAliases` for an option format description. ''; @@ -111,7 +111,7 @@ in shellInit = mkOption { default = ""; - description = lib.mdDoc '' + description = '' Shell script code called during fish shell initialisation. ''; type = types.lines; @@ -119,7 +119,7 @@ in loginShellInit = mkOption { default = ""; - description = lib.mdDoc '' + description = '' Shell script code called during fish login shell initialisation. ''; type = types.lines; @@ -127,7 +127,7 @@ in interactiveShellInit = mkOption { default = ""; - description = lib.mdDoc '' + description = '' Shell script code called during interactive fish shell initialisation. ''; type = types.lines; @@ -135,7 +135,7 @@ in promptInit = mkOption { default = ""; - description = lib.mdDoc '' + description = '' Shell script code used to initialise fish prompt. ''; type = types.lines; diff --git a/nixpkgs/nixos/modules/programs/flashrom.nix b/nixpkgs/nixos/modules/programs/flashrom.nix index f954bc2197b1..1b9b4493ef20 100644 --- a/nixpkgs/nixos/modules/programs/flashrom.nix +++ b/nixpkgs/nixos/modules/programs/flashrom.nix @@ -10,7 +10,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Installs flashrom and configures udev rules for programmers used by flashrom. Grants access to users in the "flashrom" group. diff --git a/nixpkgs/nixos/modules/programs/flexoptix-app.nix b/nixpkgs/nixos/modules/programs/flexoptix-app.nix index 6f37fe54667c..47a76da125f0 100644 --- a/nixpkgs/nixos/modules/programs/flexoptix-app.nix +++ b/nixpkgs/nixos/modules/programs/flexoptix-app.nix @@ -7,7 +7,7 @@ let in { options = { programs.flexoptix-app = { - enable = mkEnableOption (lib.mdDoc "FLEXOPTIX app + udev rules"); + enable = mkEnableOption "FLEXOPTIX app + udev rules"; package = mkPackageOption pkgs "flexoptix-app" { }; }; diff --git a/nixpkgs/nixos/modules/programs/freetds.nix b/nixpkgs/nixos/modules/programs/freetds.nix index 98274fa9b562..8b52fc37c5e0 100644 --- a/nixpkgs/nixos/modules/programs/freetds.nix +++ b/nixpkgs/nixos/modules/programs/freetds.nix @@ -25,8 +25,7 @@ in '''; } ''; - description = - lib.mdDoc '' + description = '' Configure freetds database entries. Each attribute denotes a section within freetds.conf, and the value (a string) is the config content for that section. When at least one entry is configured diff --git a/nixpkgs/nixos/modules/programs/fuse.nix b/nixpkgs/nixos/modules/programs/fuse.nix index b82d37a051e7..c15896efbb51 100644 --- a/nixpkgs/nixos/modules/programs/fuse.nix +++ b/nixpkgs/nixos/modules/programs/fuse.nix @@ -13,7 +13,7 @@ in { # negative numbers obviously make no sense: type = types.ints.between 0 32767; # 2^15 - 1 default = 1000; - description = lib.mdDoc '' + description = '' Set the maximum number of FUSE mounts allowed to non-root users. ''; }; @@ -21,7 +21,7 @@ in { userAllowOther = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Allow non-root users to specify the allow_other or allow_root mount options, see mount.fuse3(8). ''; diff --git a/nixpkgs/nixos/modules/programs/fzf.nix b/nixpkgs/nixos/modules/programs/fzf.nix index 7c4f338e29b3..66ad7d418de6 100644 --- a/nixpkgs/nixos/modules/programs/fzf.nix +++ b/nixpkgs/nixos/modules/programs/fzf.nix @@ -1,32 +1,39 @@ { pkgs, config, lib, ... }: -with lib; + let cfg = config.programs.fzf; in { options = { programs.fzf = { - fuzzyCompletion = mkEnableOption (mdDoc "fuzzy completion with fzf"); - keybindings = mkEnableOption (mdDoc "fzf keybindings"); + fuzzyCompletion = lib.mkEnableOption "fuzzy completion with fzf"; + keybindings = lib.mkEnableOption "fzf keybindings"; }; }; - config = { - environment.systemPackages = optional (cfg.keybindings || cfg.fuzzyCompletion) pkgs.fzf; - programs.bash.interactiveShellInit = optionalString cfg.fuzzyCompletion '' - source ${pkgs.fzf}/share/fzf/completion.bash - '' + optionalString cfg.keybindings '' - source ${pkgs.fzf}/share/fzf/key-bindings.bash - ''; + config = lib.mkIf (cfg.keybindings || cfg.fuzzyCompletion) { + environment.systemPackages = lib.mkIf (cfg.keybindings || cfg.fuzzyCompletion) [ pkgs.fzf ]; - programs.zsh.interactiveShellInit = optionalString (!config.programs.zsh.ohMyZsh.enable) - (optionalString cfg.fuzzyCompletion '' - source ${pkgs.fzf}/share/fzf/completion.zsh - '' + optionalString cfg.keybindings '' - source ${pkgs.fzf}/share/fzf/key-bindings.zsh + programs = { + # load after programs.bash.enableCompletion + bash.promptPluginInit = lib.mkAfter (lib.optionalString cfg.fuzzyCompletion '' + source ${pkgs.fzf}/share/fzf/completion.bash + '' + lib.optionalString cfg.keybindings '' + source ${pkgs.fzf}/share/fzf/key-bindings.bash ''); - programs.zsh.ohMyZsh.plugins = lib.mkIf (cfg.keybindings || cfg.fuzzyCompletion) [ "fzf" ]; + zsh = { + interactiveShellInit = lib.optionalString (!config.programs.zsh.ohMyZsh.enable) + (lib.optionalString cfg.fuzzyCompletion '' + source ${pkgs.fzf}/share/fzf/completion.zsh + '' + lib.optionalString cfg.keybindings '' + source ${pkgs.fzf}/share/fzf/key-bindings.zsh + ''); + + ohMyZsh.plugins = lib.mkIf config.programs.zsh.ohMyZsh.enable [ "fzf" ]; + }; + }; }; - meta.maintainers = with maintainers; [ laalsaas ]; + + meta.maintainers = with lib.maintainers; [ laalsaas ]; } diff --git a/nixpkgs/nixos/modules/programs/gamemode.nix b/nixpkgs/nixos/modules/programs/gamemode.nix index 2bb92ed8e0ef..878f785074f1 100644 --- a/nixpkgs/nixos/modules/programs/gamemode.nix +++ b/nixpkgs/nixos/modules/programs/gamemode.nix @@ -10,16 +10,16 @@ in { options = { programs.gamemode = { - enable = mkEnableOption (lib.mdDoc "GameMode to optimise system performance on demand"); + enable = mkEnableOption "GameMode to optimise system performance on demand"; - enableRenice = mkEnableOption (lib.mdDoc "CAP_SYS_NICE on gamemoded to support lowering process niceness") // { + enableRenice = mkEnableOption "CAP_SYS_NICE on gamemoded to support lowering process niceness" // { default = true; }; settings = mkOption { type = settingsFormat.type; default = { }; - description = lib.mdDoc '' + description = '' System-wide configuration for GameMode (/etc/gamemode.ini). See gamemoded(8) man page for available settings. ''; diff --git a/nixpkgs/nixos/modules/programs/gamescope.nix b/nixpkgs/nixos/modules/programs/gamescope.nix index 594e5be5fd58..af9ced471539 100644 --- a/nixpkgs/nixos/modules/programs/gamescope.nix +++ b/nixpkgs/nixos/modules/programs/gamescope.nix @@ -21,14 +21,14 @@ with lib; let in { options.programs.gamescope = { - enable = mkEnableOption (mdDoc "gamescope"); + enable = mkEnableOption "gamescope, the SteamOS session compositing window manager"; package = mkPackageOption pkgs "gamescope" { }; capSysNice = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Add cap_sys_nice capability to the GameScope binary so that it may renice itself. ''; @@ -38,7 +38,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "--rt" "--prefer-vk-device 8086:9bc4" ]; - description = mdDoc '' + description = '' Arguments passed to GameScope on startup. ''; }; @@ -55,7 +55,7 @@ in __GLX_VENDOR_LIBRARY_NAME = "nvidia"; } ''; - description = mdDoc '' + description = '' Default environment variables available to the GameScope process, overridable at runtime. ''; }; diff --git a/nixpkgs/nixos/modules/programs/geary.nix b/nixpkgs/nixos/modules/programs/geary.nix index d9454a2247fd..6103ee7df859 100644 --- a/nixpkgs/nixos/modules/programs/geary.nix +++ b/nixpkgs/nixos/modules/programs/geary.nix @@ -11,7 +11,7 @@ in { }; options = { - programs.geary.enable = mkEnableOption (lib.mdDoc "Geary, a Mail client for GNOME 3"); + programs.geary.enable = mkEnableOption "Geary, a Mail client for GNOME"; }; config = mkIf cfg.enable { diff --git a/nixpkgs/nixos/modules/programs/git.nix b/nixpkgs/nixos/modules/programs/git.nix index 8fb69cbae28f..2a5d52f2d191 100644 --- a/nixpkgs/nixos/modules/programs/git.nix +++ b/nixpkgs/nixos/modules/programs/git.nix @@ -9,7 +9,7 @@ in { options = { programs.git = { - enable = mkEnableOption (lib.mdDoc "git"); + enable = mkEnableOption "git, a distributed version control system"; package = mkPackageOption pkgs "git" { example = "gitFull"; @@ -43,7 +43,7 @@ in init.defaultBranch = "main"; url."https://github.com/".insteadOf = [ "gh:" "github:" ]; }; - description = lib.mdDoc '' + description = '' Configuration to write to /etc/gitconfig. A list can also be specified to keep the configuration in order. For example, setting `config` to `[ { foo.x = 42; } { bar.y = 42; }]` will put the `foo` @@ -59,7 +59,7 @@ in }; lfs = { - enable = mkEnableOption (lib.mdDoc "git-lfs"); + enable = mkEnableOption "git-lfs (Large File Storage)"; package = mkPackageOption pkgs "git-lfs" { }; }; diff --git a/nixpkgs/nixos/modules/programs/gnome-disks.nix b/nixpkgs/nixos/modules/programs/gnome-disks.nix index dcb20bd6037c..954f1fd9bc07 100644 --- a/nixpkgs/nixos/modules/programs/gnome-disks.nix +++ b/nixpkgs/nixos/modules/programs/gnome-disks.nix @@ -2,31 +2,22 @@ { config, pkgs, lib, ... }: -with lib; - { meta = { - maintainers = teams.gnome.members; + maintainers = lib.teams.gnome.members; }; - # Added 2019-08-09 - imports = [ - (mkRenamedOptionModule - [ "services" "gnome3" "gnome-disks" "enable" ] - [ "programs" "gnome-disks" "enable" ]) - ]; - ###### interface options = { programs.gnome-disks = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable GNOME Disks daemon, a program designed to be a UDisks2 graphical front-end. ''; @@ -39,7 +30,7 @@ with lib; ###### implementation - config = mkIf config.programs.gnome-disks.enable { + config = lib.mkIf config.programs.gnome-disks.enable { environment.systemPackages = [ pkgs.gnome.gnome-disk-utility ]; diff --git a/nixpkgs/nixos/modules/programs/gnome-terminal.nix b/nixpkgs/nixos/modules/programs/gnome-terminal.nix index a8d82e0b018c..a5dda83edd11 100644 --- a/nixpkgs/nixos/modules/programs/gnome-terminal.nix +++ b/nixpkgs/nixos/modules/programs/gnome-terminal.nix @@ -2,8 +2,6 @@ { config, pkgs, lib, ... }: -with lib; - let cfg = config.programs.gnome-terminal; @@ -13,21 +11,14 @@ in { meta = { - maintainers = teams.gnome.members; + maintainers = lib.teams.gnome.members; }; - # Added 2019-08-19 - imports = [ - (mkRenamedOptionModule - [ "services" "gnome3" "gnome-terminal-server" "enable" ] - [ "programs" "gnome-terminal" "enable" ]) - ]; - options = { - programs.gnome-terminal.enable = mkEnableOption (lib.mdDoc "GNOME Terminal"); + programs.gnome-terminal.enable = lib.mkEnableOption "GNOME Terminal"; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.systemPackages = [ pkgs.gnome.gnome-terminal ]; services.dbus.packages = [ pkgs.gnome.gnome-terminal ]; systemd.packages = [ pkgs.gnome.gnome-terminal ]; diff --git a/nixpkgs/nixos/modules/programs/gnupg.nix b/nixpkgs/nixos/modules/programs/gnupg.nix index 66be1f247fbd..c755d110170c 100644 --- a/nixpkgs/nixos/modules/programs/gnupg.nix +++ b/nixpkgs/nixos/modules/programs/gnupg.nix @@ -36,7 +36,7 @@ in agent.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enables GnuPG agent with socket-activation for every user session. ''; }; @@ -44,7 +44,7 @@ in agent.enableSSHSupport = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable SSH agent support in GnuPG agent. Also sets SSH_AUTH_SOCK environment variable correctly. This will disable socket-activation and thus always start a GnuPG agent per user session. @@ -54,7 +54,7 @@ in agent.enableExtraSocket = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable extra socket for GnuPG agent. ''; }; @@ -62,7 +62,7 @@ in agent.enableBrowserSocket = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable browser socket for GnuPG agent. ''; }; @@ -72,7 +72,7 @@ in example = lib.literalMD "pkgs.pinentry-gnome3"; default = pkgs.pinentry-curses; defaultText = lib.literalMD "matching the configured desktop environment or `pkgs.pinentry-curses`"; - description = lib.mdDoc '' + description = '' Which pinentry package to use. The path to the mainProgram as defined in the package's meta attriutes will be set in /etc/gnupg/gpg-agent.conf. If not set by the user, it'll pick an appropriate flavor depending on the @@ -87,7 +87,7 @@ in example = { default-cache-ttl = 600; }; - description = lib.mdDoc '' + description = '' Configuration for /etc/gnupg/gpg-agent.conf. See {manpage}`gpg-agent(1)` for supported options. ''; @@ -96,7 +96,7 @@ in dirmngr.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enables GnuPG network certificate management daemon with socket-activation for every user session. ''; }; diff --git a/nixpkgs/nixos/modules/programs/gpaste.nix b/nixpkgs/nixos/modules/programs/gpaste.nix index 37172c9583a3..32b81434bdd9 100644 --- a/nixpkgs/nixos/modules/programs/gpaste.nix +++ b/nixpkgs/nixos/modules/programs/gpaste.nix @@ -1,24 +1,15 @@ # GPaste. { config, lib, pkgs, ... }: -with lib; - { - # Added 2019-08-09 - imports = [ - (mkRenamedOptionModule - [ "services" "gnome3" "gpaste" "enable" ] - [ "programs" "gpaste" "enable" ]) - ]; - ###### interface options = { programs.gpaste = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable GPaste, a clipboard manager. ''; }; @@ -26,7 +17,7 @@ with lib; }; ###### implementation - config = mkIf config.programs.gpaste.enable { + config = lib.mkIf config.programs.gpaste.enable { environment.systemPackages = [ pkgs.gnome.gpaste ]; services.dbus.packages = [ pkgs.gnome.gpaste ]; systemd.packages = [ pkgs.gnome.gpaste ]; diff --git a/nixpkgs/nixos/modules/programs/gphoto2.nix b/nixpkgs/nixos/modules/programs/gphoto2.nix index f31b1863963d..d99259b54582 100644 --- a/nixpkgs/nixos/modules/programs/gphoto2.nix +++ b/nixpkgs/nixos/modules/programs/gphoto2.nix @@ -11,7 +11,7 @@ with lib; enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to configure system to use gphoto2. To grant digital camera access to a user, the user must be part of the camera group: diff --git a/nixpkgs/nixos/modules/programs/haguichi.nix b/nixpkgs/nixos/modules/programs/haguichi.nix index 699327c28c61..4f48551cf1da 100644 --- a/nixpkgs/nixos/modules/programs/haguichi.nix +++ b/nixpkgs/nixos/modules/programs/haguichi.nix @@ -4,7 +4,7 @@ with lib; { options.programs.haguichi = { - enable = mkEnableOption (lib.mdDoc "Haguichi, a Linux GUI frontend to the proprietary LogMeIn Hamachi"); + enable = mkEnableOption "Haguichi, a Linux GUI frontend to the proprietary LogMeIn Hamachi"; }; config = mkIf config.programs.haguichi.enable { diff --git a/nixpkgs/nixos/modules/programs/hamster.nix b/nixpkgs/nixos/modules/programs/hamster.nix index f50438cc1704..0bb56ad7ff36 100644 --- a/nixpkgs/nixos/modules/programs/hamster.nix +++ b/nixpkgs/nixos/modules/programs/hamster.nix @@ -6,7 +6,7 @@ with lib; meta.maintainers = pkgs.hamster.meta.maintainers; options.programs.hamster.enable = - mkEnableOption (lib.mdDoc "hamster, a time tracking program"); + mkEnableOption "hamster, a time tracking program"; config = lib.mkIf config.programs.hamster.enable { environment.systemPackages = [ pkgs.hamster ]; diff --git a/nixpkgs/nixos/modules/programs/htop.nix b/nixpkgs/nixos/modules/programs/htop.nix index 9dbab954b2bb..bf3d85108170 100644 --- a/nixpkgs/nixos/modules/programs/htop.nix +++ b/nixpkgs/nixos/modules/programs/htop.nix @@ -20,7 +20,7 @@ in options.programs.htop = { package = mkPackageOption pkgs "htop" { }; - enable = mkEnableOption (lib.mdDoc "htop process monitor"); + enable = mkEnableOption "htop process monitor"; settings = mkOption { type = with types; attrsOf (oneOf [ str int bool (listOf (oneOf [ str int bool ])) ]); @@ -29,7 +29,7 @@ in hide_kernel_threads = true; hide_userland_threads = true; }; - description = lib.mdDoc '' + description = '' Extra global default configuration for htop which is read on first startup only. Htop subsequently uses ~/.config/htop/htoprc diff --git a/nixpkgs/nixos/modules/programs/i3lock.nix b/nixpkgs/nixos/modules/programs/i3lock.nix index 44e2e04c2799..8068ecaf08ca 100644 --- a/nixpkgs/nixos/modules/programs/i3lock.nix +++ b/nixpkgs/nixos/modules/programs/i3lock.nix @@ -12,7 +12,7 @@ in { options = { programs.i3lock = { - enable = mkEnableOption (mdDoc "i3lock"); + enable = mkEnableOption "i3lock"; package = mkPackageOption pkgs "i3lock" { example = "i3lock-color"; extraDescription = '' @@ -25,7 +25,7 @@ in { type = types.bool; default = false; example = true; - description = mdDoc '' + description = '' Whether to enable U2F support in the i3lock program. U2F enables authentication using a hardware device, such as a security key. When U2F support is enabled, the i3lock program will set the setuid bit on the i3lock binary and enable the pam u2fAuth service, diff --git a/nixpkgs/nixos/modules/programs/iay.nix b/nixpkgs/nixos/modules/programs/iay.nix index 1fa00e43795a..bbd401144311 100644 --- a/nixpkgs/nixos/modules/programs/iay.nix +++ b/nixpkgs/nixos/modules/programs/iay.nix @@ -5,13 +5,13 @@ let inherit (lib) mkEnableOption mkIf mkOption mkPackageOption optionalString types; in { options.programs.iay = { - enable = mkEnableOption (lib.mdDoc "iay"); + enable = mkEnableOption "iay, a minimalistic shell prompt"; package = mkPackageOption pkgs "iay" {}; minimalPrompt = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Use minimal one-liner prompt."; + description = "Use minimal one-liner prompt."; }; }; diff --git a/nixpkgs/nixos/modules/programs/iftop.nix b/nixpkgs/nixos/modules/programs/iftop.nix index 1db018858b65..c74714a9a6d6 100644 --- a/nixpkgs/nixos/modules/programs/iftop.nix +++ b/nixpkgs/nixos/modules/programs/iftop.nix @@ -6,7 +6,7 @@ let cfg = config.programs.iftop; in { options = { - programs.iftop.enable = mkEnableOption (lib.mdDoc "iftop + setcap wrapper"); + programs.iftop.enable = mkEnableOption "iftop + setcap wrapper"; }; config = mkIf cfg.enable { environment.systemPackages = [ pkgs.iftop ]; diff --git a/nixpkgs/nixos/modules/programs/iotop.nix b/nixpkgs/nixos/modules/programs/iotop.nix index 0eb60b989eb3..b7c1c69f9ddd 100644 --- a/nixpkgs/nixos/modules/programs/iotop.nix +++ b/nixpkgs/nixos/modules/programs/iotop.nix @@ -6,7 +6,7 @@ let cfg = config.programs.iotop; in { options = { - programs.iotop.enable = mkEnableOption (lib.mdDoc "iotop + setcap wrapper"); + programs.iotop.enable = mkEnableOption "iotop + setcap wrapper"; }; config = mkIf cfg.enable { security.wrappers.iotop = { diff --git a/nixpkgs/nixos/modules/programs/java.nix b/nixpkgs/nixos/modules/programs/java.nix index 251192183ebf..f201f67b42e4 100644 --- a/nixpkgs/nixos/modules/programs/java.nix +++ b/nixpkgs/nixos/modules/programs/java.nix @@ -14,8 +14,8 @@ in programs.java = { - enable = mkEnableOption (lib.mdDoc "java") // { - description = lib.mdDoc '' + enable = mkEnableOption "java" // { + description = '' Install and setup the Java development kit. ::: {.note} @@ -34,7 +34,7 @@ in example = "jre"; }; - binfmt = mkEnableOption (lib.mdDoc "binfmt to execute java jar's and classes"); + binfmt = mkEnableOption "binfmt to execute java jar's and classes"; }; diff --git a/nixpkgs/nixos/modules/programs/joycond-cemuhook.nix b/nixpkgs/nixos/modules/programs/joycond-cemuhook.nix index 7b129868db28..ebb0198ee60c 100644 --- a/nixpkgs/nixos/modules/programs/joycond-cemuhook.nix +++ b/nixpkgs/nixos/modules/programs/joycond-cemuhook.nix @@ -2,7 +2,7 @@ with lib; { options.programs.joycond-cemuhook = { - enable = mkEnableOption (lib.mdDoc "joycond-cemuhook, a program to enable support for cemuhook's UDP protocol for joycond devices."); + enable = mkEnableOption "joycond-cemuhook, a program to enable support for cemuhook's UDP protocol for joycond devices."; }; config = lib.mkIf config.programs.joycond-cemuhook.enable { diff --git a/nixpkgs/nixos/modules/programs/k3b.nix b/nixpkgs/nixos/modules/programs/k3b.nix index 5d19e4f1cc4f..4d6385dab4f0 100644 --- a/nixpkgs/nixos/modules/programs/k3b.nix +++ b/nixpkgs/nixos/modules/programs/k3b.nix @@ -8,7 +8,7 @@ with lib; enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable k3b, the KDE disk burning application. Additionally to installing `k3b` enabling this will diff --git a/nixpkgs/nixos/modules/programs/k40-whisperer.nix b/nixpkgs/nixos/modules/programs/k40-whisperer.nix index 96cf159f2cf7..156ded6c39fe 100644 --- a/nixpkgs/nixos/modules/programs/k40-whisperer.nix +++ b/nixpkgs/nixos/modules/programs/k40-whisperer.nix @@ -10,11 +10,11 @@ let in { options.programs.k40-whisperer = { - enable = mkEnableOption (lib.mdDoc "K40-Whisperer"); + enable = mkEnableOption "K40-Whisperer"; group = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Group assigned to the device when connected. ''; default = "k40"; diff --git a/nixpkgs/nixos/modules/programs/kbdlight.nix b/nixpkgs/nixos/modules/programs/kbdlight.nix index 6c3c79ddb4aa..8a2a0057cf2d 100644 --- a/nixpkgs/nixos/modules/programs/kbdlight.nix +++ b/nixpkgs/nixos/modules/programs/kbdlight.nix @@ -7,7 +7,7 @@ let in { - options.programs.kbdlight.enable = mkEnableOption (lib.mdDoc "kbdlight"); + options.programs.kbdlight.enable = mkEnableOption "kbdlight"; config = mkIf cfg.enable { environment.systemPackages = [ pkgs.kbdlight ]; diff --git a/nixpkgs/nixos/modules/programs/kclock.nix b/nixpkgs/nixos/modules/programs/kclock.nix index 63d6fb1e2d7f..c2299a3f1b03 100644 --- a/nixpkgs/nixos/modules/programs/kclock.nix +++ b/nixpkgs/nixos/modules/programs/kclock.nix @@ -4,7 +4,7 @@ let cfg = config.programs.kclock; kclockPkg = pkgs.libsForQt5.kclock; in { - options.programs.kclock = { enable = mkEnableOption (lib.mdDoc "KClock"); }; + options.programs.kclock = { enable = mkEnableOption "KClock"; }; config = mkIf cfg.enable { services.dbus.packages = [ kclockPkg ]; diff --git a/nixpkgs/nixos/modules/programs/kdeconnect.nix b/nixpkgs/nixos/modules/programs/kdeconnect.nix index 8cdf1eb4e645..143128140596 100644 --- a/nixpkgs/nixos/modules/programs/kdeconnect.nix +++ b/nixpkgs/nixos/modules/programs/kdeconnect.nix @@ -2,7 +2,7 @@ with lib; { options.programs.kdeconnect = { - enable = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption '' kdeconnect. Note that it will open the TCP and UDP port from @@ -10,7 +10,7 @@ with lib; You can use the {option}`package` to use `gnomeExtensions.gsconnect` as an alternative implementation if you use Gnome - ''); + ''; package = mkPackageOption pkgs [ "plasma5Packages" "kdeconnect-kde" ] { example = "gnomeExtensions.gsconnect"; }; diff --git a/nixpkgs/nixos/modules/programs/kubeswitch.nix b/nixpkgs/nixos/modules/programs/kubeswitch.nix new file mode 100644 index 000000000000..304df48e3c11 --- /dev/null +++ b/nixpkgs/nixos/modules/programs/kubeswitch.nix @@ -0,0 +1,56 @@ +{ + config, + pkgs, + lib, + ... +}: +let + cfg = config.programs.kubeswitch; +in +{ + options = { + programs.kubeswitch = { + enable = lib.mkEnableOption "kubeswitch"; + + commandName = lib.mkOption { + type = lib.types.str; + default = "kswitch"; + description = "The name of the command to use"; + }; + + package = lib.mkOption { + type = lib.types.package; + default = pkgs.kubeswitch; + defaultText = lib.literalExpression "pkgs.kubeswitch"; + description = "The package to install for kubeswitch"; + }; + }; + }; + + config = + let + shell_files = pkgs.stdenv.mkDerivation rec { + name = "kubeswitch-shell-files"; + phases = [ "installPhase" ]; + installPhase = '' + mkdir -p $out/share + for shell in bash zsh; do + ${cfg.package}/bin/switcher init $shell | sed 's/switch(/${cfg.commandName}(/' > $out/share/${cfg.commandName}_init.$shell + ${cfg.package}/bin/switcher --cmd ${cfg.commandName} completion $shell > $out/share/${cfg.commandName}_completion.$shell + done + ''; + }; + in + lib.mkIf cfg.enable { + environment.systemPackages = [ cfg.package ]; + + programs.bash.interactiveShellInit = '' + source ${shell_files}/share/${cfg.commandName}_init.bash + source ${shell_files}/share/${cfg.commandName}_completion.bash + ''; + programs.zsh.interactiveShellInit = '' + source ${shell_files}/share/${cfg.commandName}_init.zsh + source ${shell_files}/share/${cfg.commandName}_completion.zsh + ''; + }; +} diff --git a/nixpkgs/nixos/modules/programs/lazygit.nix b/nixpkgs/nixos/modules/programs/lazygit.nix new file mode 100644 index 000000000000..3e36a0e0c4a8 --- /dev/null +++ b/nixpkgs/nixos/modules/programs/lazygit.nix @@ -0,0 +1,37 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.programs.lazygit; + + settingsFormat = pkgs.formats.yaml { }; +in +{ + options.programs.lazygit = { + enable = lib.mkEnableOption "lazygit, a simple terminal UI for git commands"; + + package = lib.mkPackageOption pkgs "lazygit" { }; + + settings = lib.mkOption { + inherit (settingsFormat) type; + default = { }; + description = '' + Lazygit configuration. + + See https://github.com/jesseduffield/lazygit/blob/master/docs/Config.md for documentation. + ''; + }; + }; + + config = lib.mkIf cfg.enable { + environment = { + systemPackages = [ cfg.package ]; + etc = lib.mkIf (cfg.settings != { }) { + "xdg/lazygit/config.yml".source = settingsFormat.generate "lazygit-config.yml" cfg.settings; + }; + }; + }; + + meta = { + maintainers = with lib.maintainers; [ linsui ]; + }; +} diff --git a/nixpkgs/nixos/modules/programs/less.nix b/nixpkgs/nixos/modules/programs/less.nix index 81c68307aee1..2cb762007511 100644 --- a/nixpkgs/nixos/modules/programs/less.nix +++ b/nixpkgs/nixos/modules/programs/less.nix @@ -35,13 +35,13 @@ in # note that environment.nix sets PAGER=less, and # therefore also enables this module - enable = mkEnableOption (lib.mdDoc "less"); + enable = mkEnableOption "less, a file pager"; configFile = mkOption { type = types.nullOr types.path; default = null; example = literalExpression ''"''${pkgs.my-configs}/lesskey"''; - description = lib.mdDoc '' + description = '' Path to lesskey configuration file. {option}`configFile` takes precedence over {option}`commands`, @@ -57,13 +57,13 @@ in h = "noaction 5\\e("; l = "noaction 5\\e)"; }; - description = lib.mdDoc "Defines new command keys."; + description = "Defines new command keys."; }; clearDefaultCommands = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Clear all default commands. You should remember to set the quit key. Otherwise you will not be able to leave less without killing it. @@ -76,7 +76,7 @@ in example = { e = "abort"; }; - description = lib.mdDoc "Defines new line-editing keys."; + description = "Defines new line-editing keys."; }; envVariables = mkOption { @@ -87,14 +87,14 @@ in example = { LESS = "--quit-if-one-screen"; }; - description = lib.mdDoc "Defines environment variables."; + description = "Defines environment variables."; }; lessopen = mkOption { type = types.nullOr types.str; default = "|${pkgs.lesspipe}/bin/lesspipe.sh %s"; defaultText = literalExpression ''"|''${pkgs.lesspipe}/bin/lesspipe.sh %s"''; - description = lib.mdDoc '' + description = '' Before less opens a file, it first gives your input preprocessor a chance to modify the way the contents of the file are displayed. ''; }; @@ -102,7 +102,7 @@ in lessclose = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' When less closes a file opened in such a way, it will call another program, called the input postprocessor, which may perform any desired clean-up action (such as deleting the replacement file created by LESSOPEN). ''; diff --git a/nixpkgs/nixos/modules/programs/liboping.nix b/nixpkgs/nixos/modules/programs/liboping.nix index 39e75ba90c9d..4433f9767d6e 100644 --- a/nixpkgs/nixos/modules/programs/liboping.nix +++ b/nixpkgs/nixos/modules/programs/liboping.nix @@ -6,7 +6,7 @@ let cfg = config.programs.liboping; in { options.programs.liboping = { - enable = mkEnableOption (lib.mdDoc "liboping"); + enable = mkEnableOption "liboping"; }; config = mkIf cfg.enable { environment.systemPackages = with pkgs; [ liboping ]; diff --git a/nixpkgs/nixos/modules/programs/light.nix b/nixpkgs/nixos/modules/programs/light.nix index 1cdf22a7699d..b1584a1b3d28 100644 --- a/nixpkgs/nixos/modules/programs/light.nix +++ b/nixpkgs/nixos/modules/programs/light.nix @@ -13,7 +13,7 @@ in enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to install Light backlight control command and udev rules granting access to members of the "video" group. ''; diff --git a/nixpkgs/nixos/modules/programs/mdevctl.nix b/nixpkgs/nixos/modules/programs/mdevctl.nix index 2b7285233350..be33835639d2 100644 --- a/nixpkgs/nixos/modules/programs/mdevctl.nix +++ b/nixpkgs/nixos/modules/programs/mdevctl.nix @@ -5,7 +5,7 @@ let cfg = config.programs.mdevctl; in { options.programs.mdevctl = { - enable = mkEnableOption (lib.mdDoc "Mediated Device Management"); + enable = mkEnableOption "Mediated Device Management"; }; config = mkIf cfg.enable { diff --git a/nixpkgs/nixos/modules/programs/mepo.nix b/nixpkgs/nixos/modules/programs/mepo.nix index 4b1706a2a0e5..22596892ff5d 100644 --- a/nixpkgs/nixos/modules/programs/mepo.nix +++ b/nixpkgs/nixos/modules/programs/mepo.nix @@ -5,13 +5,13 @@ let in { options.programs.mepo = { - enable = mkEnableOption (mdDoc "Mepo"); + enable = mkEnableOption "Mepo, a fast, simple and hackable OSM map viewer"; locationBackends = { gpsd = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Whether to enable location detection via gpsd. This may require additional configuration of gpsd, see [here](#opt-services.gpsd.enable) ''; @@ -20,7 +20,7 @@ in geoclue = mkOption { type = types.bool; default = true; - description = mdDoc "Whether to enable location detection via geoclue"; + description = "Whether to enable location detection via geoclue"; }; }; }; diff --git a/nixpkgs/nixos/modules/programs/mininet.nix b/nixpkgs/nixos/modules/programs/mininet.nix index 3568736854d8..a9190ed98900 100644 --- a/nixpkgs/nixos/modules/programs/mininet.nix +++ b/nixpkgs/nixos/modules/programs/mininet.nix @@ -8,7 +8,7 @@ let cfg = config.programs.mininet; in { - options.programs.mininet.enable = mkEnableOption (lib.mdDoc "Mininet"); + options.programs.mininet.enable = mkEnableOption "Mininet, an emulator for rapid prototyping of Software Defined Networks"; config = mkIf cfg.enable { diff --git a/nixpkgs/nixos/modules/programs/minipro.nix b/nixpkgs/nixos/modules/programs/minipro.nix index 8cb64866a84c..e5846d13fa40 100644 --- a/nixpkgs/nixos/modules/programs/minipro.nix +++ b/nixpkgs/nixos/modules/programs/minipro.nix @@ -6,9 +6,9 @@ in { options = { programs.minipro = { - enable = lib.mkEnableOption (lib.mdDoc "minipro") // { - description = lib.mdDoc '' - Installs minipro and its udev rules. + enable = lib.mkEnableOption "minipro" // { + description = '' + Whether to enable minipro and its udev rules. Users of the `plugdev` group can interact with connected MiniPRO chip programmers. ''; }; diff --git a/nixpkgs/nixos/modules/programs/miriway.nix b/nixpkgs/nixos/modules/programs/miriway.nix index e8a10770b6a3..00c1356ab083 100644 --- a/nixpkgs/nixos/modules/programs/miriway.nix +++ b/nixpkgs/nixos/modules/programs/miriway.nix @@ -4,12 +4,12 @@ let cfg = config.programs.miriway; in { options.programs.miriway = { - enable = lib.mkEnableOption (lib.mdDoc '' + enable = lib.mkEnableOption '' Miriway, a Mir based Wayland compositor. You can manually launch Miriway by executing "exec miriway" on a TTY, or launch it from a display manager. Copy /etc/xdg/xdg-miriway/miriway-shell.config to ~/.config/miriway-shell.config to modify the system-wide configuration on a per-user basis. See <https://github.com/Miriway/Miriway>, - and "miriway --help" for more information''); + and "miriway --help" for more information''; config = lib.mkOption { type = lib.types.lines; @@ -50,7 +50,7 @@ in { meta=Page_Down:@workspace-down ctrl-alt=BackSpace:@exit ''; - description = lib.mdDoc '' + description = '' Miriway's config. This will be installed system-wide. The default will install the miriway package's barebones example config. ''; @@ -71,7 +71,7 @@ in { programs.xwayland.enable = lib.mkDefault true; # To make the Miriway session available if a display manager like SDDM is enabled: - services.xserver.displayManager.sessionPackages = [ pkgs.miriway ]; + services.displayManager.sessionPackages = [ pkgs.miriway ]; }; meta.maintainers = with lib.maintainers; [ OPNA2608 ]; diff --git a/nixpkgs/nixos/modules/programs/mosh.nix b/nixpkgs/nixos/modules/programs/mosh.nix index 593246ab6dcd..897bcf941a5d 100644 --- a/nixpkgs/nixos/modules/programs/mosh.nix +++ b/nixpkgs/nixos/modules/programs/mosh.nix @@ -13,7 +13,7 @@ in default = true; }; withUtempter = lib.mkEnableOption "" // { - description = lib.mdDoc '' + description = '' Whether to enable libutempter for mosh. This is required so that mosh can write to /var/run/utmp (which can be queried with `who` to display currently connected user sessions). diff --git a/nixpkgs/nixos/modules/programs/msmtp.nix b/nixpkgs/nixos/modules/programs/msmtp.nix index a9aed027bdb7..9c067bdc9695 100644 --- a/nixpkgs/nixos/modules/programs/msmtp.nix +++ b/nixpkgs/nixos/modules/programs/msmtp.nix @@ -10,12 +10,12 @@ in { options = { programs.msmtp = { - enable = mkEnableOption (lib.mdDoc "msmtp - an SMTP client"); + enable = mkEnableOption "msmtp - an SMTP client"; setSendmail = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to set the system sendmail to msmtp's. ''; }; @@ -28,7 +28,7 @@ in { port = 587; tls = true; }; - description = lib.mdDoc '' + description = '' Default values applied to all accounts. See msmtp(1) for the available options. ''; @@ -45,7 +45,7 @@ in { passwordeval = "cat /secrets/password.txt"; }; }; - description = lib.mdDoc '' + description = '' Named accounts and their respective configurations. The special name "default" allows a default account to be defined. See msmtp(1) for the available options. @@ -62,7 +62,7 @@ in { extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra lines to add to the msmtp configuration verbatim. See msmtp(1) for the syntax and available options. ''; diff --git a/nixpkgs/nixos/modules/programs/mtr.nix b/nixpkgs/nixos/modules/programs/mtr.nix index e247d645b861..6a767df15f09 100644 --- a/nixpkgs/nixos/modules/programs/mtr.nix +++ b/nixpkgs/nixos/modules/programs/mtr.nix @@ -11,7 +11,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to add mtr to the global environment and configure a setcap wrapper for it. ''; diff --git a/nixpkgs/nixos/modules/programs/nano.nix b/nixpkgs/nixos/modules/programs/nano.nix index 461681b59863..10fa2a0dfbcd 100644 --- a/nixpkgs/nixos/modules/programs/nano.nix +++ b/nixpkgs/nixos/modules/programs/nano.nix @@ -7,7 +7,7 @@ in { options = { programs.nano = { - enable = lib.mkEnableOption (lib.mdDoc "nano") // { + enable = lib.mkEnableOption "nano, a small user-friendly console text editor" // { default = true; }; @@ -16,7 +16,7 @@ in nanorc = lib.mkOption { type = lib.types.lines; default = ""; - description = lib.mdDoc '' + description = '' The system-wide nano configuration. See {manpage}`nanorc(5)`. ''; @@ -30,7 +30,7 @@ in syntaxHighlight = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc "Whether to enable syntax highlight for various languages."; + description = "Whether to enable syntax highlight for various languages."; }; }; }; diff --git a/nixpkgs/nixos/modules/programs/nautilus-open-any-terminal.nix b/nixpkgs/nixos/modules/programs/nautilus-open-any-terminal.nix index d205fb3ec916..8a38c4cb5e48 100644 --- a/nixpkgs/nixos/modules/programs/nautilus-open-any-terminal.nix +++ b/nixpkgs/nixos/modules/programs/nautilus-open-any-terminal.nix @@ -5,12 +5,12 @@ let in { options.programs.nautilus-open-any-terminal = { - enable = lib.mkEnableOption (lib.mdDoc "nautilus-open-any-terminal"); + enable = lib.mkEnableOption "nautilus-open-any-terminal"; terminal = lib.mkOption { type = with lib.types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' The terminal emulator to add to context-entry of nautilus. Supported terminal emulators are listed in https://github.com/Stunkymonkey/nautilus-open-any-terminal#supported-terminal-emulators. ''; diff --git a/nixpkgs/nixos/modules/programs/nbd.nix b/nixpkgs/nixos/modules/programs/nbd.nix index a44403021e35..fea9bc1ff71a 100644 --- a/nixpkgs/nixos/modules/programs/nbd.nix +++ b/nixpkgs/nixos/modules/programs/nbd.nix @@ -8,7 +8,7 @@ in { options = { programs.nbd = { - enable = mkEnableOption (lib.mdDoc "Network Block Device (nbd) support"); + enable = mkEnableOption "Network Block Device (nbd) support"; }; }; diff --git a/nixpkgs/nixos/modules/programs/neovim.nix b/nixpkgs/nixos/modules/programs/neovim.nix index 77abec7ef7e9..6f6829444a64 100644 --- a/nixpkgs/nixos/modules/programs/neovim.nix +++ b/nixpkgs/nixos/modules/programs/neovim.nix @@ -11,7 +11,7 @@ in type = types.bool; default = false; example = true; - description = lib.mdDoc '' + description = '' Whether to enable Neovim. When enabled through this option, Neovim is wrapped to use a @@ -24,7 +24,7 @@ in defaultEditor = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' When enabled, installs neovim and configures neovim to be the default editor using the EDITOR environment variable. ''; @@ -33,7 +33,7 @@ in viAlias = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Symlink {command}`vi` to {command}`nvim` binary. ''; }; @@ -41,7 +41,7 @@ in vimAlias = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Symlink {command}`vim` to {command}`nvim` binary. ''; }; @@ -49,19 +49,19 @@ in withRuby = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Enable Ruby provider."; + description = "Enable Ruby provider."; }; withPython3 = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Enable Python 3 provider."; + description = "Enable Python 3 provider."; }; withNodeJs = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable Node provider."; + description = "Enable Node provider."; }; configure = mkOption { @@ -80,7 +80,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' Generate your init file from your list of plugins and custom commands. Neovim will then be wrapped to load {command}`nvim -u /nix/store/«hash»-vimrc` ''; @@ -92,7 +92,7 @@ in type = types.package; visible = false; readOnly = true; - description = lib.mdDoc "Resulting customized neovim package."; + description = "Resulting customized neovim package."; }; runtime = mkOption { @@ -100,7 +100,7 @@ in example = literalExpression '' { "ftplugin/c.vim".text = "setlocal omnifunc=v:lua.vim.lsp.omnifunc"; } ''; - description = lib.mdDoc '' + description = '' Set of files that have to be linked in {file}`runtime`. ''; @@ -112,7 +112,7 @@ in enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether this runtime directory should be generated. This option allows specific runtime files to be disabled. ''; @@ -120,7 +120,7 @@ in target = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Name of symlink. Defaults to the attribute name. ''; @@ -129,13 +129,13 @@ in text = mkOption { default = null; type = types.nullOr types.lines; - description = lib.mdDoc "Text of the file."; + description = "Text of the file."; }; source = mkOption { default = null; type = types.nullOr types.path; - description = lib.mdDoc "Path of the source file."; + description = "Path of the source file."; }; }; diff --git a/nixpkgs/nixos/modules/programs/nethoscope.nix b/nixpkgs/nixos/modules/programs/nethoscope.nix index d8ece61c90a2..495548e9c656 100644 --- a/nixpkgs/nixos/modules/programs/nethoscope.nix +++ b/nixpkgs/nixos/modules/programs/nethoscope.nix @@ -12,7 +12,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to add nethoscope to the global environment and configure a setcap wrapper for it. ''; diff --git a/nixpkgs/nixos/modules/programs/nexttrace.nix b/nixpkgs/nixos/modules/programs/nexttrace.nix index 09143c5f861d..9380a988088b 100644 --- a/nixpkgs/nixos/modules/programs/nexttrace.nix +++ b/nixpkgs/nixos/modules/programs/nexttrace.nix @@ -7,7 +7,7 @@ in { options = { programs.nexttrace = { - enable = lib.mkEnableOption (lib.mdDoc "Nexttrace to the global environment and configure a setcap wrapper for it"); + enable = lib.mkEnableOption "Nexttrace to the global environment and configure a setcap wrapper for it"; package = lib.mkPackageOption pkgs "nexttrace" { }; }; }; diff --git a/nixpkgs/nixos/modules/programs/nh.nix b/nixpkgs/nixos/modules/programs/nh.nix new file mode 100644 index 000000000000..c42fb2fc724a --- /dev/null +++ b/nixpkgs/nixos/modules/programs/nh.nix @@ -0,0 +1,96 @@ +{ config +, lib +, pkgs +, ... +}: +let + cfg = config.programs.nh; +in +{ + meta.maintainers = [ lib.maintainers.viperML ]; + + options.programs.nh = { + enable = lib.mkEnableOption "nh, yet another Nix CLI helper"; + + package = lib.mkPackageOption pkgs "nh" { }; + + flake = lib.mkOption { + type = lib.types.nullOr lib.types.path; + default = null; + description = '' + The path that will be used for the `FLAKE` environment variable. + + `FLAKE` is used by nh as the default flake for performing actions, like `nh os switch`. + ''; + }; + + clean = { + enable = lib.mkEnableOption "periodic garbage collection with nh clean all"; + + dates = lib.mkOption { + type = lib.types.singleLineStr; + default = "weekly"; + description = '' + How often cleanup is performed. Passed to systemd.time + + The format is described in + {manpage}`systemd.time(7)`. + ''; + }; + + extraArgs = lib.mkOption { + type = lib.types.singleLineStr; + default = ""; + example = "--keep 5 --keep-since 3d"; + description = '' + Options given to nh clean when the service is run automatically. + + See `nh clean all --help` for more information. + ''; + }; + }; + }; + + config = { + warnings = + if (!(cfg.clean.enable -> !config.nix.gc.automatic)) then [ + "programs.nh.clean.enable and nix.gc.automatic are both enabled. Please use one or the other to avoid conflict." + ] else [ ]; + + assertions = [ + # Not strictly required but probably a good assertion to have + { + assertion = cfg.clean.enable -> cfg.enable; + message = "programs.nh.clean.enable requires programs.nh.enable"; + } + + { + assertion = (cfg.flake != null) -> !(lib.hasSuffix ".nix" cfg.flake); + message = "nh.flake must be a directory, not a nix file"; + } + ]; + + environment = lib.mkIf cfg.enable { + systemPackages = [ cfg.package ]; + variables = lib.mkIf (cfg.flake != null) { + FLAKE = cfg.flake; + }; + }; + + systemd = lib.mkIf cfg.clean.enable { + services.nh-clean = { + description = "Nh clean"; + script = "exec ${lib.getExe cfg.package} clean all ${cfg.clean.extraArgs}"; + startAt = cfg.clean.dates; + path = [ config.nix.package ]; + serviceConfig.Type = "oneshot"; + }; + + timers.nh-clean = { + timerConfig = { + Persistent = true; + }; + }; + }; + }; +} diff --git a/nixpkgs/nixos/modules/programs/nix-index.nix b/nixpkgs/nixos/modules/programs/nix-index.nix index f3e7d22737fa..76d7c3d8c532 100644 --- a/nixpkgs/nixos/modules/programs/nix-index.nix +++ b/nixpkgs/nixos/modules/programs/nix-index.nix @@ -3,19 +3,19 @@ let cfg = config.programs.nix-index; in { options.programs.nix-index = with lib; { - enable = mkEnableOption (lib.mdDoc "nix-index, a file database for nixpkgs"); + enable = mkEnableOption "nix-index, a file database for nixpkgs"; package = mkPackageOption pkgs "nix-index" { }; - enableBashIntegration = mkEnableOption (lib.mdDoc "Bash integration") // { + enableBashIntegration = mkEnableOption "Bash integration" // { default = true; }; - enableZshIntegration = mkEnableOption (lib.mdDoc "Zsh integration") // { + enableZshIntegration = mkEnableOption "Zsh integration" // { default = true; }; - enableFishIntegration = mkEnableOption (lib.mdDoc "Fish integration") // { + enableFishIntegration = mkEnableOption "Fish integration" // { default = true; }; }; diff --git a/nixpkgs/nixos/modules/programs/nix-ld.nix b/nixpkgs/nixos/modules/programs/nix-ld.nix index b095437733cc..770cccd13b50 100644 --- a/nixpkgs/nixos/modules/programs/nix-ld.nix +++ b/nixpkgs/nixos/modules/programs/nix-ld.nix @@ -17,11 +17,11 @@ in { meta.maintainers = [ lib.maintainers.mic92 ]; options.programs.nix-ld = { - enable = lib.mkEnableOption (lib.mdDoc ''nix-ld, Documentation: <https://github.com/Mic92/nix-ld>''); + enable = lib.mkEnableOption ''nix-ld, Documentation: <https://github.com/Mic92/nix-ld>''; package = lib.mkPackageOption pkgs "nix-ld" { }; libraries = lib.mkOption { type = lib.types.listOf lib.types.package; - description = lib.mdDoc "Libraries that automatically become available to all programs. The default set includes common libraries."; + description = "Libraries that automatically become available to all programs. The default set includes common libraries."; default = [ ]; defaultText = lib.literalExpression "baseLibraries derived from systemd and nix dependencies."; }; diff --git a/nixpkgs/nixos/modules/programs/nm-applet.nix b/nixpkgs/nixos/modules/programs/nm-applet.nix index 4b09b1884d7e..ed048192e2e0 100644 --- a/nixpkgs/nixos/modules/programs/nm-applet.nix +++ b/nixpkgs/nixos/modules/programs/nm-applet.nix @@ -6,12 +6,12 @@ }; options.programs.nm-applet = { - enable = lib.mkEnableOption (lib.mdDoc "nm-applet"); + enable = lib.mkEnableOption "nm-applet, a NetworkManager control applet for GNOME"; indicator = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to use indicator instead of status icon. It is needed for Appindicator environments, like Enlightenment. ''; diff --git a/nixpkgs/nixos/modules/programs/nncp.nix b/nixpkgs/nixos/modules/programs/nncp.nix index e078b718410c..aa2e7c7a6e5b 100644 --- a/nixpkgs/nixos/modules/programs/nncp.nix +++ b/nixpkgs/nixos/modules/programs/nncp.nix @@ -11,12 +11,12 @@ in { options.programs.nncp = { enable = - mkEnableOption (lib.mdDoc "NNCP (Node to Node copy) utilities and configuration"); + mkEnableOption "NNCP (Node to Node copy) utilities and configuration"; group = mkOption { type = types.str; default = "uucp"; - description = lib.mdDoc '' + description = '' The group under which NNCP files shall be owned. Any member of this group may access the secret keys of this NNCP node. @@ -28,7 +28,7 @@ in { secrets = mkOption { type = with types; listOf str; example = [ "/run/keys/nncp.hjson" ]; - description = lib.mdDoc '' + description = '' A list of paths to NNCP configuration files that should not be in the Nix store. These files are layered on top of the values at [](#opt-programs.nncp.settings). @@ -37,7 +37,7 @@ in { settings = mkOption { type = settingsFormat.type; - description = lib.mdDoc '' + description = '' NNCP configuration, see <http://www.nncpgo.org/Configuration.html>. At runtime these settings will be overlayed by the contents of diff --git a/nixpkgs/nixos/modules/programs/noisetorch.nix b/nixpkgs/nixos/modules/programs/noisetorch.nix index d8135877d02f..70a0441bd767 100644 --- a/nixpkgs/nixos/modules/programs/noisetorch.nix +++ b/nixpkgs/nixos/modules/programs/noisetorch.nix @@ -6,7 +6,7 @@ let cfg = config.programs.noisetorch; in { options.programs.noisetorch = { - enable = mkEnableOption (lib.mdDoc "noisetorch + setcap wrapper"); + enable = mkEnableOption "noisetorch (+ setcap wrapper), a virtual microphone device with noise suppression"; package = mkPackageOption pkgs "noisetorch" { }; }; diff --git a/nixpkgs/nixos/modules/programs/npm.nix b/nixpkgs/nixos/modules/programs/npm.nix index 8113ea1ba4ea..b379f0165bfe 100644 --- a/nixpkgs/nixos/modules/programs/npm.nix +++ b/nixpkgs/nixos/modules/programs/npm.nix @@ -11,7 +11,7 @@ in options = { programs.npm = { - enable = mkEnableOption (lib.mdDoc "{command}`npm` global config"); + enable = mkEnableOption "{command}`npm` global config"; package = mkPackageOption pkgs [ "nodePackages" "npm" ] { example = "nodePackages_13_x.npm"; @@ -19,7 +19,7 @@ in npmrc = mkOption { type = lib.types.lines; - description = lib.mdDoc '' + description = '' The system-wide npm configuration. See <https://docs.npmjs.com/misc/config>. ''; diff --git a/nixpkgs/nixos/modules/programs/ns-usbloader.nix b/nixpkgs/nixos/modules/programs/ns-usbloader.nix index 8d0b698d6b4c..1f4b931e1cc1 100644 --- a/nixpkgs/nixos/modules/programs/ns-usbloader.nix +++ b/nixpkgs/nixos/modules/programs/ns-usbloader.nix @@ -5,7 +5,7 @@ in { options = { programs.ns-usbloader = { - enable = lib.mkEnableOption (lib.mdDoc "ns-usbloader application with udev rules applied"); + enable = lib.mkEnableOption "ns-usbloader application with udev rules applied"; }; }; diff --git a/nixpkgs/nixos/modules/programs/oddjobd.nix b/nixpkgs/nixos/modules/programs/oddjobd.nix index 08bb8b268473..019ca58a6048 100644 --- a/nixpkgs/nixos/modules/programs/oddjobd.nix +++ b/nixpkgs/nixos/modules/programs/oddjobd.nix @@ -4,26 +4,28 @@ let cfg = config.programs.oddjobd; in { - options.programs.oddjobd = { - enable = lib.mkEnableOption "oddjob"; - package = lib.mkPackageOption pkgs "oddjob" {}; + options = { + programs.oddjobd = { + enable = lib.mkEnableOption "oddjob, a D-Bus service which runs odd jobs on behalf of client applications"; + package = lib.mkPackageOption pkgs "oddjob" {}; + }; }; config = lib.mkIf cfg.enable { - systemd.packages = [ cfg.package ]; - systemd.services.oddjobd = { - wantedBy = [ "multi-user.target"]; - after = [ "network.target"]; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" "dbus.service" ]; description = "DBUS Odd-job Daemon"; enable = true; documentation = [ "man:oddjobd(8)" "man:oddjobd.conf(5)" ]; serviceConfig = { - Type = "dbus"; - BusName = "org.freedesktop.oddjob"; - ExecStart = "${lib.getBin cfg.package}/bin/oddjobd"; + Type = "simple"; + PIDFile = "/run/oddjobd.pid"; + ExecStart = "${lib.getBin cfg.package}/bin/oddjobd -n -p /run/oddjobd.pid -t 300"; }; }; + + services.dbus.packages = [ cfg.package ]; }; meta.maintainers = with lib.maintainers; [ SohamG ]; diff --git a/nixpkgs/nixos/modules/programs/openvpn3.nix b/nixpkgs/nixos/modules/programs/openvpn3.nix index 37a1bfeb0c3e..6415cccecb4f 100644 --- a/nixpkgs/nixos/modules/programs/openvpn3.nix +++ b/nixpkgs/nixos/modules/programs/openvpn3.nix @@ -7,7 +7,7 @@ let in { options.programs.openvpn3 = { - enable = mkEnableOption (lib.mdDoc "the openvpn3 client"); + enable = mkEnableOption "the openvpn3 client"; package = mkOption { type = types.package; default = pkgs.openvpn3.override { @@ -16,7 +16,7 @@ in defaultText = literalExpression ''pkgs.openvpn3.override { enableSystemdResolved = config.services.resolved.enable; }''; - description = lib.mdDoc '' + description = '' Which package to use for `openvpn3`. ''; }; diff --git a/nixpkgs/nixos/modules/programs/pantheon-tweaks.nix b/nixpkgs/nixos/modules/programs/pantheon-tweaks.nix index 82f93619db15..0b8a19ea22c0 100644 --- a/nixpkgs/nixos/modules/programs/pantheon-tweaks.nix +++ b/nixpkgs/nixos/modules/programs/pantheon-tweaks.nix @@ -9,7 +9,7 @@ with lib; ###### interface options = { - programs.pantheon-tweaks.enable = mkEnableOption (lib.mdDoc "Pantheon Tweaks, an unofficial system settings panel for Pantheon"); + programs.pantheon-tweaks.enable = mkEnableOption "Pantheon Tweaks, an unofficial system settings panel for Pantheon"; }; ###### implementation diff --git a/nixpkgs/nixos/modules/programs/partition-manager.nix b/nixpkgs/nixos/modules/programs/partition-manager.nix index cf0491ff028f..1a66a3f04c41 100644 --- a/nixpkgs/nixos/modules/programs/partition-manager.nix +++ b/nixpkgs/nixos/modules/programs/partition-manager.nix @@ -1,19 +1,21 @@ { config, lib, pkgs, ... }: -with lib; +let + cfg = config.programs.partition-manager; +in { + meta.maintainers = [ lib.maintainers.oxalica ]; -{ - meta.maintainers = [ maintainers.oxalica ]; - - ###### interface options = { - programs.partition-manager.enable = mkEnableOption (lib.mdDoc "KDE Partition Manager"); + programs.partition-manager = { + enable = lib.mkEnableOption "KDE Partition Manager"; + + package = lib.mkPackageOption pkgs [ "libsForQt5" "partitionmanager" ] { }; + }; }; - ###### implementation - config = mkIf config.programs.partition-manager.enable { - services.dbus.packages = [ pkgs.libsForQt5.kpmcore ]; + config = lib.mkIf config.programs.partition-manager.enable { + services.dbus.packages = [ cfg.package.kpmcore ]; # `kpmcore` need to be installed to pull in polkit actions. - environment.systemPackages = [ pkgs.libsForQt5.kpmcore pkgs.libsForQt5.partitionmanager ]; + environment.systemPackages = [ cfg.package.kpmcore cfg.package ]; }; } diff --git a/nixpkgs/nixos/modules/programs/plotinus.nix b/nixpkgs/nixos/modules/programs/plotinus.nix index c2b6884d6490..41c75b69a2d2 100644 --- a/nixpkgs/nixos/modules/programs/plotinus.nix +++ b/nixpkgs/nixos/modules/programs/plotinus.nix @@ -17,7 +17,7 @@ in programs.plotinus = { enable = mkOption { default = false; - description = lib.mdDoc '' + description = '' Whether to enable the Plotinus GTK 3 plugin. Plotinus provides a popup (triggered by Ctrl-Shift-P) to search the menus of a compatible application. diff --git a/nixpkgs/nixos/modules/programs/projecteur.nix b/nixpkgs/nixos/modules/programs/projecteur.nix index 140de0209e68..af186e3d250b 100644 --- a/nixpkgs/nixos/modules/programs/projecteur.nix +++ b/nixpkgs/nixos/modules/programs/projecteur.nix @@ -5,7 +5,7 @@ let in { options.programs.projecteur = { - enable = lib.mkEnableOption (lib.mdDoc "projecteur"); + enable = lib.mkEnableOption "projecteur, an application for the Logitech Spotlight device (and similar)"; package = lib.mkPackageOption pkgs "projecteur" { }; }; diff --git a/nixpkgs/nixos/modules/programs/proxychains.nix b/nixpkgs/nixos/modules/programs/proxychains.nix index acd41f355244..b15475dac075 100644 --- a/nixpkgs/nixos/modules/programs/proxychains.nix +++ b/nixpkgs/nixos/modules/programs/proxychains.nix @@ -22,21 +22,21 @@ let proxyOptions = { options = { - enable = mkEnableOption (lib.mdDoc "this proxy"); + enable = mkEnableOption "this proxy"; type = mkOption { type = types.enum [ "http" "socks4" "socks5" ]; - description = lib.mdDoc "Proxy type."; + description = "Proxy type."; }; host = mkOption { type = types.str; - description = lib.mdDoc "Proxy host or IP address."; + description = "Proxy host or IP address."; }; port = mkOption { type = types.port; - description = lib.mdDoc "Proxy port"; + description = "Proxy port"; }; }; }; @@ -49,7 +49,7 @@ in { programs.proxychains = { - enable = mkEnableOption (lib.mdDoc "installing proxychains configuration"); + enable = mkEnableOption "proxychains configuration"; package = mkPackageOption pkgs "proxychains" { example = "proxychains-ng"; @@ -59,7 +59,7 @@ in { type = mkOption { type = types.enum [ "dynamic" "strict" "random" ]; default = "strict"; - description = lib.mdDoc '' + description = '' `dynamic` - Each connection will be done via chained proxies all proxies chained in the order as they appear in the list at least one proxy must be online to play in chain @@ -78,7 +78,7 @@ in { length = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' Chain length for random chain. ''; }; @@ -87,15 +87,15 @@ in { proxyDNS = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Proxy DNS requests - no leak for DNS data."; + description = "Proxy DNS requests - no leak for DNS data."; }; - quietMode = mkEnableOption (lib.mdDoc "Quiet mode (no output from the library)"); + quietMode = mkEnableOption "Quiet mode (no output from the library)"; remoteDNSSubnet = mkOption { type = types.enum [ 10 127 224 ]; default = 224; - description = lib.mdDoc '' + description = '' Set the class A subnet number to use for the internal remote DNS mapping, uses the reserved 224.x.x.x range by default. ''; }; @@ -103,24 +103,24 @@ in { tcpReadTimeOut = mkOption { type = types.int; default = 15000; - description = lib.mdDoc "Connection read time-out in milliseconds."; + description = "Connection read time-out in milliseconds."; }; tcpConnectTimeOut = mkOption { type = types.int; default = 8000; - description = lib.mdDoc "Connection time-out in milliseconds."; + description = "Connection time-out in milliseconds."; }; localnet = mkOption { type = types.str; default = "127.0.0.0/255.0.0.0"; - description = lib.mdDoc "By default enable localnet for loopback address ranges."; + description = "By default enable localnet for loopback address ranges."; }; proxies = mkOption { type = types.attrsOf (types.submodule proxyOptions); - description = lib.mdDoc '' + description = '' Proxies to be used by proxychains. ''; diff --git a/nixpkgs/nixos/modules/programs/qdmr.nix b/nixpkgs/nixos/modules/programs/qdmr.nix index 03ad4d008873..efd0e1fc9885 100644 --- a/nixpkgs/nixos/modules/programs/qdmr.nix +++ b/nixpkgs/nixos/modules/programs/qdmr.nix @@ -12,7 +12,7 @@ in { options = { programs.qdmr = { - enable = lib.mkEnableOption (lib.mdDoc "QDMR - a GUI application and command line tool for programming DMR radios"); + enable = lib.mkEnableOption "QDMR - a GUI application and command line tool for programming DMR radios"; package = lib.mkPackageOption pkgs "qdmr" { }; }; }; diff --git a/nixpkgs/nixos/modules/programs/regreet.nix b/nixpkgs/nixos/modules/programs/regreet.nix index 55d0c11781ab..0db1f59e5912 100644 --- a/nixpkgs/nixos/modules/programs/regreet.nix +++ b/nixpkgs/nixos/modules/programs/regreet.nix @@ -10,7 +10,7 @@ in { options.programs.regreet = { enable = lib.mkEnableOption null // { - description = lib.mdDoc '' + description = '' Enable ReGreet, a clean and customizable greeter for greetd. To use ReGreet, {option}`services.greetd` has to be enabled and @@ -29,7 +29,7 @@ in settings = lib.mkOption { type = lib.types.either lib.types.path settingsFormat.type; default = { }; - description = lib.mdDoc '' + description = '' ReGreet configuration file. Refer <https://github.com/rharish101/ReGreet/blob/main/regreet.sample.toml> for options. @@ -43,7 +43,7 @@ in '' [ "-s" "-m" "last" ] ''; - description = lib.mdDoc '' + description = '' Additional arguments to be passed to [cage](https://github.com/cage-kiosk/cage). ''; @@ -52,7 +52,7 @@ in extraCss = lib.mkOption { type = lib.types.either lib.types.path lib.types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra CSS rules to apply on top of the GTK theme. Refer to [GTK CSS Properties](https://docs.gtk.org/gtk4/css-properties.html) for modifiable properties. diff --git a/nixpkgs/nixos/modules/programs/rog-control-center.nix b/nixpkgs/nixos/modules/programs/rog-control-center.nix index 4aef5143ac7f..7413ca3daf05 100644 --- a/nixpkgs/nixos/modules/programs/rog-control-center.nix +++ b/nixpkgs/nixos/modules/programs/rog-control-center.nix @@ -6,12 +6,12 @@ in { options = { programs.rog-control-center = { - enable = lib.mkEnableOption (lib.mdDoc "the rog-control-center application"); + enable = lib.mkEnableOption "the rog-control-center application"; autoStart = lib.mkOption { default = false; type = lib.types.bool; - description = lib.mdDoc "Whether rog-control-center should be started automatically."; + description = "Whether rog-control-center should be started automatically."; }; }; }; diff --git a/nixpkgs/nixos/modules/programs/rust-motd.nix b/nixpkgs/nixos/modules/programs/rust-motd.nix index 4c9b1018596b..93240fcdd85e 100644 --- a/nixpkgs/nixos/modules/programs/rust-motd.nix +++ b/nixpkgs/nixos/modules/programs/rust-motd.nix @@ -24,11 +24,11 @@ let ''; in { options.programs.rust-motd = { - enable = mkEnableOption (lib.mdDoc "rust-motd"); + enable = mkEnableOption "rust-motd, a Message Of The Day (MOTD) generator"; enableMotdInSSHD = mkOption { default = true; type = types.bool; - description = mdDoc '' + description = '' Whether to let `openssh` print the result when entering a new `ssh`-session. By default either nothing or a static file defined via @@ -39,7 +39,7 @@ in { refreshInterval = mkOption { default = "*:0/5"; type = types.str; - description = mdDoc '' + description = '' Interval in which the {manpage}`motd(5)` file is refreshed. For possible formats, please refer to {manpage}`systemd.time(7)`. ''; @@ -48,7 +48,7 @@ in { type = types.listOf types.str; default = attrNames cfg.settings; defaultText = literalExpression "attrNames cfg.settings"; - description = mdDoc '' + description = '' The order of the sections in [](#opt-programs.rust-motd.settings). By default they are ordered alphabetically. @@ -81,7 +81,7 @@ in { }; settings = mkOption { type = types.attrsOf format.type; - description = mdDoc '' + description = '' Settings on what to generate. Please read the [upstream documentation](https://github.com/rust-motd/rust-motd/blob/main/README.md#configuration) for further information. diff --git a/nixpkgs/nixos/modules/programs/ryzen-monitor-ng.nix b/nixpkgs/nixos/modules/programs/ryzen-monitor-ng.nix new file mode 100644 index 000000000000..cb0c391ce6b1 --- /dev/null +++ b/nixpkgs/nixos/modules/programs/ryzen-monitor-ng.nix @@ -0,0 +1,35 @@ +{ pkgs +, config +, lib +, ... +}: +let + inherit (lib) mkEnableOption mkPackageOption mkIf; + cfg = config.programs.ryzen-monitor-ng; +in +{ + options = { + programs.ryzen-monitor-ng = { + enable = mkEnableOption '' + ryzen_monitor_ng, a userspace application for setting and getting Ryzen SMU (System Management Unit) parameters via the ryzen_smu kernel driver. + + Monitor power information of Ryzen processors via the PM table of the SMU. + + SMU Set and Get for many parameters and CO counts. + + https://github.com/mann1x/ryzen_monitor_ng + + WARNING: Damage cause by use of your AMD processor outside of official AMD specifications or outside of factory settings are not covered under any AMD product warranty and may not be covered by your board or system manufacturer's warranty + ''; + + package = mkPackageOption pkgs "ryzen-monitor-ng" {}; + }; + }; + + config = mkIf cfg.enable { + environment.systemPackages = [ cfg.package ]; + hardware.cpu.amd.ryzen-smu.enable = true; + }; + + meta.maintainers = with lib.maintainers; [ Cryolitia phdyellow ]; +} diff --git a/nixpkgs/nixos/modules/programs/screen.nix b/nixpkgs/nixos/modules/programs/screen.nix index 41bfb5d7809a..01af5b4c9597 100644 --- a/nixpkgs/nixos/modules/programs/screen.nix +++ b/nixpkgs/nixos/modules/programs/screen.nix @@ -7,7 +7,7 @@ in { options = { programs.screen = { - enable = lib.mkEnableOption (lib.mdDoc "screen, a basic terminal multiplexer"); + enable = lib.mkEnableOption "screen, a basic terminal multiplexer"; package = lib.mkPackageOptionMD pkgs "screen" { }; @@ -17,7 +17,7 @@ in defscrollback 10000 startup_message off ''; - description = lib.mdDoc "The contents of {file}`/etc/screenrc` file"; + description = "The contents of {file}`/etc/screenrc` file"; }; }; }; diff --git a/nixpkgs/nixos/modules/programs/seahorse.nix b/nixpkgs/nixos/modules/programs/seahorse.nix index 5e179c1446ed..53fff50e0a8b 100644 --- a/nixpkgs/nixos/modules/programs/seahorse.nix +++ b/nixpkgs/nixos/modules/programs/seahorse.nix @@ -2,25 +2,15 @@ { config, pkgs, lib, ... }: -with lib; - { - # Added 2019-08-27 - imports = [ - (mkRenamedOptionModule - [ "services" "gnome3" "seahorse" "enable" ] - [ "programs" "seahorse" "enable" ]) - ]; - - ###### interface options = { programs.seahorse = { - enable = mkEnableOption (lib.mdDoc "Seahorse, a GNOME application for managing encryption keys and passwords in the GNOME Keyring"); + enable = lib.mkEnableOption "Seahorse, a GNOME application for managing encryption keys and passwords in the GNOME Keyring"; }; @@ -29,9 +19,9 @@ with lib; ###### implementation - config = mkIf config.programs.seahorse.enable { + config = lib.mkIf config.programs.seahorse.enable { - programs.ssh.askPassword = mkDefault "${pkgs.gnome.seahorse}/libexec/seahorse/ssh-askpass"; + programs.ssh.askPassword = lib.mkDefault "${pkgs.gnome.seahorse}/libexec/seahorse/ssh-askpass"; environment.systemPackages = [ pkgs.gnome.seahorse diff --git a/nixpkgs/nixos/modules/programs/sedutil.nix b/nixpkgs/nixos/modules/programs/sedutil.nix index d5e20a8815d4..c62ca24eaa01 100644 --- a/nixpkgs/nixos/modules/programs/sedutil.nix +++ b/nixpkgs/nixos/modules/programs/sedutil.nix @@ -6,7 +6,7 @@ let cfg = config.programs.sedutil; in { - options.programs.sedutil.enable = mkEnableOption (lib.mdDoc "sedutil"); + options.programs.sedutil.enable = mkEnableOption "sedutil, to manage self encrypting drives that conform to the Trusted Computing Group OPAL 2.0 SSC specification"; config = mkIf cfg.enable { boot.kernelParams = [ diff --git a/nixpkgs/nixos/modules/programs/shadow.nix b/nixpkgs/nixos/modules/programs/shadow.nix index b232767385c5..2d20644ec51e 100644 --- a/nixpkgs/nixos/modules/programs/shadow.nix +++ b/nixpkgs/nixos/modules/programs/shadow.nix @@ -10,7 +10,7 @@ in package = mkPackageOption pkgs "shadow" { }; chfnRestrict = mkOption { - description = mdDoc '' + description = '' Use chfn SUID to allow non-root users to change their account GECOS information. ''; type = nullOr str; @@ -18,7 +18,7 @@ in }; settings = mkOption { - description = mdDoc '' + description = '' Config options for the /etc/login.defs file, that defines the site-specific configuration for the shadow password suite. See login.defs(5) man page for available options. @@ -36,68 +36,68 @@ in */ options = { DEFAULT_HOME = mkOption { - description = mdDoc "Indicate if login is allowed if we can't cd to the home directory."; + description = "Indicate if login is allowed if we can't cd to the home directory."; default = "yes"; type = enum [ "yes" "no" ]; }; ENCRYPT_METHOD = mkOption { - description = mdDoc "This defines the system default encryption algorithm for encrypting passwords."; + description = "This defines the system default encryption algorithm for encrypting passwords."; # The default crypt() method, keep in sync with the PAM default default = "YESCRYPT"; type = enum [ "YESCRYPT" "SHA512" "SHA256" "MD5" "DES"]; }; SYS_UID_MIN = mkOption { - description = mdDoc "Range of user IDs used for the creation of system users by useradd or newusers."; + description = "Range of user IDs used for the creation of system users by useradd or newusers."; default = 400; type = int; }; SYS_UID_MAX = mkOption { - description = mdDoc "Range of user IDs used for the creation of system users by useradd or newusers."; + description = "Range of user IDs used for the creation of system users by useradd or newusers."; default = 999; type = int; }; UID_MIN = mkOption { - description = mdDoc "Range of user IDs used for the creation of regular users by useradd or newusers."; + description = "Range of user IDs used for the creation of regular users by useradd or newusers."; default = 1000; type = int; }; UID_MAX = mkOption { - description = mdDoc "Range of user IDs used for the creation of regular users by useradd or newusers."; + description = "Range of user IDs used for the creation of regular users by useradd or newusers."; default = 29999; type = int; }; SYS_GID_MIN = mkOption { - description = mdDoc "Range of group IDs used for the creation of system groups by useradd, groupadd, or newusers"; + description = "Range of group IDs used for the creation of system groups by useradd, groupadd, or newusers"; default = 400; type = int; }; SYS_GID_MAX = mkOption { - description = mdDoc "Range of group IDs used for the creation of system groups by useradd, groupadd, or newusers"; + description = "Range of group IDs used for the creation of system groups by useradd, groupadd, or newusers"; default = 999; type = int; }; GID_MIN = mkOption { - description = mdDoc "Range of group IDs used for the creation of regular groups by useradd, groupadd, or newusers."; + description = "Range of group IDs used for the creation of regular groups by useradd, groupadd, or newusers."; default = 1000; type = int; }; GID_MAX = mkOption { - description = mdDoc "Range of group IDs used for the creation of regular groups by useradd, groupadd, or newusers."; + description = "Range of group IDs used for the creation of regular groups by useradd, groupadd, or newusers."; default = 29999; type = int; }; TTYGROUP = mkOption { - description = mdDoc '' + description = '' The terminal permissions: the login tty will be owned by the TTYGROUP group, and the permissions will be set to TTYPERM''; default = "tty"; @@ -105,7 +105,7 @@ in }; TTYPERM = mkOption { - description = mdDoc '' + description = '' The terminal permissions: the login tty will be owned by the TTYGROUP group, and the permissions will be set to TTYPERM''; default = "0620"; @@ -114,7 +114,7 @@ in # Ensure privacy for newly created home directories. UMASK = mkOption { - description = mdDoc "The file mode creation mask is initialized to this value."; + description = "The file mode creation mask is initialized to this value."; default = "077"; type = str; }; @@ -125,7 +125,7 @@ in }; users.defaultUserShell = mkOption { - description = mdDoc '' + description = '' This option defines the default shell assigned to user accounts. This can be either a full system path or a shell package. diff --git a/nixpkgs/nixos/modules/programs/sharing.nix b/nixpkgs/nixos/modules/programs/sharing.nix index 9ab51859dc51..211dc9815166 100644 --- a/nixpkgs/nixos/modules/programs/sharing.nix +++ b/nixpkgs/nixos/modules/programs/sharing.nix @@ -2,11 +2,11 @@ with lib; { options.programs.sharing = { - enable = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption '' sharing, a CLI tool for sharing files. Note that it will opens the 7478 port for TCP in the firewall, which is needed for it to function properly - ''); + ''; }; config = let diff --git a/nixpkgs/nixos/modules/programs/singularity.nix b/nixpkgs/nixos/modules/programs/singularity.nix index 7f285ab05537..f4c0a6fe487e 100644 --- a/nixpkgs/nixos/modules/programs/singularity.nix +++ b/nixpkgs/nixos/modules/programs/singularity.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; let @@ -7,18 +12,16 @@ in { options.programs.singularity = { - enable = mkEnableOption (mdDoc "singularity") // { - description = mdDoc '' + enable = mkEnableOption "singularity" // { + description = '' Whether to install Singularity/Apptainer with system-level overriding such as SUID support. ''; }; - package = mkPackageOption pkgs "singularity" { - example = "apptainer"; - }; + package = mkPackageOption pkgs "singularity" { example = "apptainer"; }; packageOverriden = mkOption { type = types.nullOr types.package; default = null; - description = mdDoc '' + description = '' This option provides access to the overridden result of `programs.singularity.package`. For example, the following configuration makes all the Nixpkgs packages use the overridden `singularity`: @@ -43,7 +46,7 @@ in type = types.bool; default = true; example = false; - description = mdDoc '' + description = '' Whether to use top-level directories as LOCALSTATEDIR instead of the store path ones. This affects the SESSIONDIR of Apptainer/Singularity. @@ -55,7 +58,7 @@ in type = types.bool; default = true; example = false; - description = mdDoc '' + description = '' Whether to enable the `--fakeroot` support of Singularity/Apptainer. ''; }; @@ -68,24 +71,26 @@ in default = cfg.package.projectName != "apptainer"; defaultText = literalExpression ''config.services.singularity.package.projectName != "apptainer"''; example = false; - description = mdDoc '' + description = '' Whether to enable the SUID support of Singularity/Apptainer. ''; }; }; config = mkIf cfg.enable { - programs.singularity.packageOverriden = (cfg.package.override ( - optionalAttrs cfg.enableExternalLocalStateDir { - externalLocalStateDir = "/var/lib"; - } // optionalAttrs cfg.enableFakeroot { - newuidmapPath = "/run/wrappers/bin/newuidmap"; - newgidmapPath = "/run/wrappers/bin/newgidmap"; - } // optionalAttrs cfg.enableSuid { - enableSuid = true; - starterSuidPath = "/run/wrappers/bin/${cfg.package.projectName}-suid"; - } - )); + programs.singularity.packageOverriden = ( + cfg.package.override ( + optionalAttrs cfg.enableExternalLocalStateDir { externalLocalStateDir = "/var/lib"; } + // optionalAttrs cfg.enableFakeroot { + newuidmapPath = "/run/wrappers/bin/newuidmap"; + newgidmapPath = "/run/wrappers/bin/newgidmap"; + } + // optionalAttrs cfg.enableSuid { + enableSuid = true; + starterSuidPath = "/run/wrappers/bin/${cfg.package.projectName}-suid"; + } + ) + ); environment.systemPackages = [ cfg.packageOverriden ]; security.wrappers."${cfg.packageOverriden.projectName}-suid" = mkIf cfg.enableSuid { setuid = true; @@ -97,5 +102,4 @@ in "d /var/lib/${cfg.packageOverriden.projectName}/mnt/session 0770 root root -" ]; }; - } diff --git a/nixpkgs/nixos/modules/programs/skim.nix b/nixpkgs/nixos/modules/programs/skim.nix index 57a5d68ec3d5..9c573b39bbbc 100644 --- a/nixpkgs/nixos/modules/programs/skim.nix +++ b/nixpkgs/nixos/modules/programs/skim.nix @@ -1,13 +1,13 @@ { pkgs, config, lib, ... }: let - inherit (lib) mdDoc mkEnableOption mkPackageOption optional optionalString; + inherit (lib) mkEnableOption mkPackageOption optional optionalString; cfg = config.programs.skim; in { options = { programs.skim = { - fuzzyCompletion = mkEnableOption (mdDoc "fuzzy completion with skim"); - keybindings = mkEnableOption (mdDoc "skim keybindings"); + fuzzyCompletion = mkEnableOption "fuzzy completion with skim"; + keybindings = mkEnableOption "skim keybindings"; package = mkPackageOption pkgs "skim" {}; }; }; diff --git a/nixpkgs/nixos/modules/programs/slock.nix b/nixpkgs/nixos/modules/programs/slock.nix index 3db9866d9f1c..f39b4d5e9280 100644 --- a/nixpkgs/nixos/modules/programs/slock.nix +++ b/nixpkgs/nixos/modules/programs/slock.nix @@ -12,20 +12,21 @@ in enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to install slock screen locker with setuid wrapper. ''; }; + package = mkPackageOption pkgs "slock" {}; }; }; config = mkIf cfg.enable { - environment.systemPackages = [ pkgs.slock ]; + environment.systemPackages = [ cfg.package ]; security.wrappers.slock = { setuid = true; owner = "root"; group = "root"; - source = "${pkgs.slock.out}/bin/slock"; + source = lib.getExe cfg.package; }; }; } diff --git a/nixpkgs/nixos/modules/programs/sniffnet.nix b/nixpkgs/nixos/modules/programs/sniffnet.nix index 98e9f628a9bc..631a155e35b5 100644 --- a/nixpkgs/nixos/modules/programs/sniffnet.nix +++ b/nixpkgs/nixos/modules/programs/sniffnet.nix @@ -7,7 +7,7 @@ in { options = { programs.sniffnet = { - enable = lib.mkEnableOption (lib.mdDoc "sniffnet"); + enable = lib.mkEnableOption "sniffnet, a network traffic monitor application"; }; }; diff --git a/nixpkgs/nixos/modules/programs/soundmodem.nix b/nixpkgs/nixos/modules/programs/soundmodem.nix new file mode 100644 index 000000000000..ab992c63c608 --- /dev/null +++ b/nixpkgs/nixos/modules/programs/soundmodem.nix @@ -0,0 +1,34 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.programs.soundmodem; +in +{ + options = { + programs.soundmodem = { + enable = mkOption { + type = types.bool; + default = false; + description = '' + Whether to add Soundmodem to the global environment and configure a + wrapper for 'soundmodemconfig' for users in the 'soundmodem' group. + ''; + }; + package = mkPackageOption pkgs "soundmodem" { }; + }; + }; + + config = mkIf cfg.enable { + environment.systemPackages = [ cfg.package ]; + users.groups.soundmodem = { }; + + security.wrappers.soundmodemconfig = { + source = "${cfg.package}/bin/soundmodemconfig"; + owner = "root"; + group = "soundmodem"; + permissions = "u+rx,g+x"; + }; + }; +} diff --git a/nixpkgs/nixos/modules/programs/spacefm.nix b/nixpkgs/nixos/modules/programs/spacefm.nix index b4ba9dcdea56..fec14fca48e1 100644 --- a/nixpkgs/nixos/modules/programs/spacefm.nix +++ b/nixpkgs/nixos/modules/programs/spacefm.nix @@ -17,7 +17,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to install SpaceFM and create {file}`/etc/spacefm/spacefm.conf`. ''; }; @@ -34,7 +34,7 @@ in terminal_su = "''${pkgs.sudo}/bin/sudo"; } ''; - description = lib.mdDoc '' + description = '' The system-wide spacefm configuration. Parameters to be written to {file}`/etc/spacefm/spacefm.conf`. Refer to the [relevant entry](https://ignorantguru.github.io/spacefm/spacefm-manual-en.html#programfiles-etc) in the SpaceFM manual. diff --git a/nixpkgs/nixos/modules/programs/ssh.nix b/nixpkgs/nixos/modules/programs/ssh.nix index 0c1461709c22..2d25c7a93662 100644 --- a/nixpkgs/nixos/modules/programs/ssh.nix +++ b/nixpkgs/nixos/modules/programs/ssh.nix @@ -40,20 +40,20 @@ in type = types.bool; default = config.services.xserver.enable; defaultText = literalExpression "config.services.xserver.enable"; - description = lib.mdDoc "Whether to configure SSH_ASKPASS in the environment."; + description = "Whether to configure SSH_ASKPASS in the environment."; }; askPassword = mkOption { type = types.str; default = "${pkgs.x11_ssh_askpass}/libexec/x11-ssh-askpass"; defaultText = literalExpression ''"''${pkgs.x11_ssh_askpass}/libexec/x11-ssh-askpass"''; - description = lib.mdDoc "Program used by SSH to ask for passwords."; + description = "Program used by SSH to ask for passwords."; }; forwardX11 = mkOption { type = with lib.types; nullOr bool; default = false; - description = lib.mdDoc '' + description = '' Whether to request X11 forwarding on outgoing connections by default. If set to null, the option is not set at all. This is useful for running graphical programs on the remote machine and have them display to your local X11 server. @@ -67,7 +67,7 @@ in setXAuthLocation = mkOption { type = types.bool; - description = lib.mdDoc '' + description = '' Whether to set the path to {command}`xauth` for X11-forwarded connections. This causes a dependency on X11 packages. ''; @@ -77,7 +77,7 @@ in type = types.listOf types.str; default = []; example = [ "ssh-ed25519" "ssh-rsa" ]; - description = lib.mdDoc '' + description = '' Specifies the key types that will be used for public key authentication. ''; }; @@ -86,7 +86,7 @@ in type = types.listOf types.str; default = []; example = [ "ssh-ed25519" "ssh-rsa" ]; - description = lib.mdDoc '' + description = '' Specifies the host key algorithms that the client wants to use in order of preference. ''; }; @@ -94,7 +94,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra configuration text prepended to {file}`ssh_config`. Other generated options will be added after a `Host *` pattern. See {manpage}`ssh_config(5)` @@ -105,7 +105,7 @@ in startAgent = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to start the OpenSSH agent when you log in. The OpenSSH agent remembers private keys for you so that you don't have to type in passphrases every time you make an SSH connection. Use @@ -117,7 +117,7 @@ in type = types.nullOr types.str; default = null; example = "1h"; - description = lib.mdDoc '' + description = '' How long to keep the private keys in memory. Use null to keep them forever. ''; }; @@ -126,7 +126,7 @@ in type = types.nullOr types.str; default = null; example = literalExpression ''"''${pkgs.opensc}/lib/opensc-pkcs11.so"''; - description = lib.mdDoc '' + description = '' A pattern-list of acceptable paths for PKCS#11 shared libraries that may be used with the -s option to ssh-add. ''; @@ -141,7 +141,7 @@ in certAuthority = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' This public key is an SSH certificate authority, rather than an individual host's key. ''; @@ -150,7 +150,7 @@ in type = types.listOf types.str; default = [ name ] ++ config.extraHostNames; defaultText = literalExpression "[ ${name} ] ++ config.${options.extraHostNames}"; - description = lib.mdDoc '' + description = '' A list of host names and/or IP numbers used for accessing the host's ssh service. This list includes the name of the containing `knownHosts` attribute by default @@ -163,7 +163,7 @@ in extraHostNames = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' A list of additional host names and/or IP numbers used for accessing the host's ssh service. This list is ignored if `hostNames` is set explicitly. @@ -173,7 +173,7 @@ in default = null; type = types.nullOr types.str; example = "ecdsa-sha2-nistp521 AAAAE2VjZHN...UEPg=="; - description = lib.mdDoc '' + description = '' The public key data for the host. You can fetch a public key from a running SSH server with the {command}`ssh-keyscan` command. The public key should not include any host names, only @@ -183,7 +183,7 @@ in publicKeyFile = mkOption { default = null; type = types.nullOr types.path; - description = lib.mdDoc '' + description = '' The path to the public key file for the host. The public key file is read at build time and saved in the Nix store. You can fetch a public key file from a running SSH server @@ -196,7 +196,7 @@ in }; }; })); - description = lib.mdDoc '' + description = '' The set of system-wide known SSH hosts. To make simple setups more convenient the name of an attribute in this set is used as a host name for the entry. This behaviour can be disabled by setting @@ -222,7 +222,7 @@ in knownHostsFiles = mkOption { default = []; type = with types; listOf path; - description = lib.mdDoc '' + description = '' Files containing SSH host keys to set as global known hosts. `/etc/ssh/ssh_known_hosts` (which is generated by {option}`programs.ssh.knownHosts`) is @@ -244,7 +244,7 @@ in type = types.nullOr (types.listOf types.str); default = null; example = [ "curve25519-sha256@libssh.org" "diffie-hellman-group-exchange-sha256" ]; - description = lib.mdDoc '' + description = '' Specifies the available KEX (Key Exchange) algorithms. ''; }; @@ -253,7 +253,7 @@ in type = types.nullOr (types.listOf types.str); default = null; example = [ "chacha20-poly1305@openssh.com" "aes256-gcm@openssh.com" ]; - description = lib.mdDoc '' + description = '' Specifies the ciphers allowed and their order of preference. ''; }; @@ -262,7 +262,7 @@ in type = types.nullOr (types.listOf types.str); default = null; example = [ "hmac-sha2-512-etm@openssh.com" "hmac-sha1" ]; - description = lib.mdDoc '' + description = '' Specifies the MAC (message authentication code) algorithms in order of preference. The MAC algorithm is used for data integrity protection. ''; diff --git a/nixpkgs/nixos/modules/programs/steam.nix b/nixpkgs/nixos/modules/programs/steam.nix index bab9bf8107b6..58aa0aa25b08 100644 --- a/nixpkgs/nixos/modules/programs/steam.nix +++ b/nixpkgs/nixos/modules/programs/steam.nix @@ -24,7 +24,7 @@ let '').overrideAttrs (_: { passthru.providedSessions = [ "steam" ]; }); in { options.programs.steam = { - enable = mkEnableOption (lib.mdDoc "steam"); + enable = mkEnableOption "steam"; package = mkOption { type = types.package; @@ -62,7 +62,7 @@ in { bubblewrap = "${config.security.wrapperDir}/.."; }; }); - description = lib.mdDoc '' + description = '' The Steam package to use. Additional libraries are added from the system configuration to ensure graphics work properly. @@ -79,7 +79,7 @@ in { proton-ge-bin ] ''; - description = lib.mdDoc '' + description = '' Extra packages to be used as compatibility tools for Steam on Linux. Packages will be included in the `STEAM_EXTRA_COMPAT_TOOLS_PATHS` environmental variable. For more information see https://github.com/ValveSoftware/steam-for-linux/issues/6310. @@ -91,7 +91,7 @@ in { remotePlay.openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Open ports in the firewall for Steam Remote Play. ''; }; @@ -99,7 +99,7 @@ in { dedicatedServer.openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Open ports in the firewall for Source Dedicated Server. ''; }; @@ -107,21 +107,21 @@ in { localNetworkGameTransfers.openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Open ports in the firewall for Steam Local Network Game Transfers. ''; }; gamescopeSession = mkOption { - description = mdDoc "Run a GameScope driven Steam session from your display-manager"; + description = "Run a GameScope driven Steam session from your display-manager"; default = {}; type = types.submodule { options = { - enable = mkEnableOption (mdDoc "GameScope Session"); + enable = mkEnableOption "GameScope Session"; args = mkOption { type = types.listOf types.str; default = [ ]; - description = mdDoc '' + description = '' Arguments to be passed to GameScope for the session. ''; }; @@ -129,7 +129,7 @@ in { env = mkOption { type = types.attrsOf types.str; default = { }; - description = mdDoc '' + description = '' Environmental variables to be passed to GameScope for the session. ''; }; @@ -137,10 +137,10 @@ in { }; }; - extest.enable = mkEnableOption (lib.mdDoc '' + extest.enable = mkEnableOption '' Load the extest library into Steam, to translate X11 input events to uinput events (e.g. for using Steam Input on Wayland) - ''); + ''; }; config = mkIf cfg.enable { @@ -161,7 +161,7 @@ in { }; programs.gamescope.enable = mkDefault cfg.gamescopeSession.enable; - services.xserver.displayManager.sessionPackages = mkIf cfg.gamescopeSession.enable [ gamescopeSessionFile ]; + services.displayManager.sessionPackages = mkIf cfg.gamescopeSession.enable [ gamescopeSessionFile ]; # optionally enable 32bit pulseaudio support if pulseaudio is enabled hardware.pulseaudio.support32Bit = config.hardware.pulseaudio.enable; diff --git a/nixpkgs/nixos/modules/programs/streamdeck-ui.nix b/nixpkgs/nixos/modules/programs/streamdeck-ui.nix index 47b1681cd634..6bec2abdfbec 100644 --- a/nixpkgs/nixos/modules/programs/streamdeck-ui.nix +++ b/nixpkgs/nixos/modules/programs/streamdeck-ui.nix @@ -7,12 +7,12 @@ let in { options.programs.streamdeck-ui = { - enable = mkEnableOption (lib.mdDoc "streamdeck-ui"); + enable = mkEnableOption "streamdeck-ui"; autoStart = mkOption { default = true; type = types.bool; - description = lib.mdDoc "Whether streamdeck-ui should be started automatically."; + description = "Whether streamdeck-ui should be started automatically."; }; package = mkPackageOption pkgs "streamdeck-ui" { diff --git a/nixpkgs/nixos/modules/programs/sysdig.nix b/nixpkgs/nixos/modules/programs/sysdig.nix index ccb1e1d4c5f1..cf2cbab5cf6e 100644 --- a/nixpkgs/nixos/modules/programs/sysdig.nix +++ b/nixpkgs/nixos/modules/programs/sysdig.nix @@ -5,7 +5,7 @@ with lib; let cfg = config.programs.sysdig; in { - options.programs.sysdig.enable = mkEnableOption (lib.mdDoc "sysdig"); + options.programs.sysdig.enable = mkEnableOption "sysdig, a tracing tool"; config = mkIf cfg.enable { environment.systemPackages = [ pkgs.sysdig ]; diff --git a/nixpkgs/nixos/modules/programs/system-config-printer.nix b/nixpkgs/nixos/modules/programs/system-config-printer.nix index 7c7eea580545..34592dd7064b 100644 --- a/nixpkgs/nixos/modules/programs/system-config-printer.nix +++ b/nixpkgs/nixos/modules/programs/system-config-printer.nix @@ -10,7 +10,7 @@ with lib; programs.system-config-printer = { - enable = mkEnableOption (lib.mdDoc "system-config-printer, a Graphical user interface for CUPS administration"); + enable = mkEnableOption "system-config-printer, a Graphical user interface for CUPS administration"; }; diff --git a/nixpkgs/nixos/modules/programs/systemtap.nix b/nixpkgs/nixos/modules/programs/systemtap.nix index cbb9ec164c6c..d23bd13fdd85 100644 --- a/nixpkgs/nixos/modules/programs/systemtap.nix +++ b/nixpkgs/nixos/modules/programs/systemtap.nix @@ -10,7 +10,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Install {command}`systemtap` along with necessary kernel options. ''; }; diff --git a/nixpkgs/nixos/modules/programs/thefuck.nix b/nixpkgs/nixos/modules/programs/thefuck.nix index e057d1ca657d..ba2e39c013ae 100644 --- a/nixpkgs/nixos/modules/programs/thefuck.nix +++ b/nixpkgs/nixos/modules/programs/thefuck.nix @@ -16,13 +16,13 @@ in { options = { programs.thefuck = { - enable = mkEnableOption (lib.mdDoc "thefuck"); + enable = mkEnableOption "thefuck, an app which corrects your previous console command"; alias = mkOption { default = "fuck"; type = types.str; - description = lib.mdDoc '' + description = '' `thefuck` needs an alias to be configured. The default value is `fuck`, but you can use anything else as well. ''; diff --git a/nixpkgs/nixos/modules/programs/thunar.nix b/nixpkgs/nixos/modules/programs/thunar.nix index cb85b3886c13..5ea2982dd93c 100644 --- a/nixpkgs/nixos/modules/programs/thunar.nix +++ b/nixpkgs/nixos/modules/programs/thunar.nix @@ -11,12 +11,12 @@ in { options = { programs.thunar = { - enable = mkEnableOption (lib.mdDoc "Thunar, the Xfce file manager"); + enable = mkEnableOption "Thunar, the Xfce file manager"; plugins = mkOption { default = []; type = types.listOf types.package; - description = lib.mdDoc "List of thunar plugins to install."; + description = "List of thunar plugins to install."; example = literalExpression "with pkgs.xfce; [ thunar-archive-plugin thunar-volman ]"; }; diff --git a/nixpkgs/nixos/modules/programs/tmux.nix b/nixpkgs/nixos/modules/programs/tmux.nix index 0d1c7c9cdf0f..b4b476a801dd 100644 --- a/nixpkgs/nixos/modules/programs/tmux.nix +++ b/nixpkgs/nixos/modules/programs/tmux.nix @@ -72,14 +72,14 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whenever to configure {command}`tmux` system-wide."; + description = "Whenever to configure {command}`tmux` system-wide."; relatedPackages = [ "tmux" ]; }; aggressiveResize = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Resize the window to the size of the smallest session for which it is the current window. ''; }; @@ -88,31 +88,31 @@ in { default = 0; example = 1; type = types.int; - description = lib.mdDoc "Base index for windows and panes."; + description = "Base index for windows and panes."; }; clock24 = mkOption { default = false; type = types.bool; - description = lib.mdDoc "Use 24 hour clock."; + description = "Use 24 hour clock."; }; customPaneNavigationAndResize = mkOption { default = false; type = types.bool; - description = lib.mdDoc "Override the hjkl and HJKL bindings for pane navigation and resizing in VI mode."; + description = "Override the hjkl and HJKL bindings for pane navigation and resizing in VI mode."; }; escapeTime = mkOption { default = 500; example = 0; type = types.int; - description = lib.mdDoc "Time in milliseconds for which tmux waits after an escape is input."; + description = "Time in milliseconds for which tmux waits after an escape is input."; }; extraConfigBeforePlugins = mkOption { default = ""; - description = lib.mdDoc '' + description = '' Additional contents of /etc/tmux.conf, to be run before sourcing plugins. ''; type = types.lines; @@ -120,7 +120,7 @@ in { extraConfig = mkOption { default = ""; - description = lib.mdDoc '' + description = '' Additional contents of /etc/tmux.conf, to be run after sourcing plugins. ''; type = types.lines; @@ -130,47 +130,47 @@ in { default = 2000; example = 5000; type = types.int; - description = lib.mdDoc "Maximum number of lines held in window history."; + description = "Maximum number of lines held in window history."; }; keyMode = mkOption { default = defaultKeyMode; example = "vi"; type = types.enum [ "emacs" "vi" ]; - description = lib.mdDoc "VI or Emacs style shortcuts."; + description = "VI or Emacs style shortcuts."; }; newSession = mkOption { default = false; type = types.bool; - description = lib.mdDoc "Automatically spawn a session if trying to attach and none are running."; + description = "Automatically spawn a session if trying to attach and none are running."; }; reverseSplit = mkOption { default = false; type = types.bool; - description = lib.mdDoc "Reverse the window split shortcuts."; + description = "Reverse the window split shortcuts."; }; resizeAmount = mkOption { default = defaultResize; example = 10; type = types.int; - description = lib.mdDoc "Number of lines/columns when resizing."; + description = "Number of lines/columns when resizing."; }; shortcut = mkOption { default = defaultShortcut; example = "a"; type = types.str; - description = lib.mdDoc "Ctrl following by this key is used as the main shortcut."; + description = "Ctrl following by this key is used as the main shortcut."; }; terminal = mkOption { default = defaultTerminal; example = "screen-256color"; type = types.str; - description = lib.mdDoc '' + description = '' Set the $TERM variable. Use tmux-direct if italics or 24bit true color support is needed. ''; @@ -179,7 +179,7 @@ in { secureSocket = mkOption { default = true; type = types.bool; - description = lib.mdDoc '' + description = '' Store tmux socket under /run, which is more secure than /tmp, but as a downside it doesn't survive user logout. ''; @@ -188,12 +188,12 @@ in { plugins = mkOption { default = []; type = types.listOf types.package; - description = lib.mdDoc "List of plugins to install."; + description = "List of plugins to install."; example = lib.literalExpression "[ pkgs.tmuxPlugins.nord ]"; }; withUtempter = mkOption { - description = lib.mdDoc '' + description = '' Whether to enable libutempter for tmux. This is required so that tmux can write to /var/run/utmp (which can be queried with `who` to display currently connected user sessions). Note, this will add a guid wrapper for the group utmp! diff --git a/nixpkgs/nixos/modules/programs/traceroute.nix b/nixpkgs/nixos/modules/programs/traceroute.nix index df5f10b87d5f..6e04057ac503 100644 --- a/nixpkgs/nixos/modules/programs/traceroute.nix +++ b/nixpkgs/nixos/modules/programs/traceroute.nix @@ -10,7 +10,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to configure a setcap wrapper for traceroute. ''; }; diff --git a/nixpkgs/nixos/modules/programs/trippy.nix b/nixpkgs/nixos/modules/programs/trippy.nix index 6e31aea43e75..707370fb31a5 100644 --- a/nixpkgs/nixos/modules/programs/trippy.nix +++ b/nixpkgs/nixos/modules/programs/trippy.nix @@ -7,7 +7,7 @@ in { options = { programs.trippy = { - enable = lib.mkEnableOption (lib.mdDoc "trippy"); + enable = lib.mkEnableOption "trippy, a network diagnostic tool"; }; }; diff --git a/nixpkgs/nixos/modules/programs/tsm-client.nix b/nixpkgs/nixos/modules/programs/tsm-client.nix index d31a1fb3f375..82fbc9b26e2d 100644 --- a/nixpkgs/nixos/modules/programs/tsm-client.nix +++ b/nixpkgs/nixos/modules/programs/tsm-client.nix @@ -22,12 +22,12 @@ let serverOptions = { name, config, ... }: { freeformType = attrsOf (either scalarType (listOf scalarType)); # Client system-options file directives are explained here: - # https://www.ibm.com/docs/en/storage-protect/8.1.21?topic=commands-processing-options + # https://www.ibm.com/docs/en/storage-protect/8.1.22?topic=commands-processing-options options.servername = mkOption { type = servernameType; default = name; example = "mainTsmServer"; - description = lib.mdDoc '' + description = '' Local name of the IBM TSM server, must not contain space or more than 64 chars. ''; @@ -35,14 +35,14 @@ let options.tcpserveraddress = mkOption { type = nonEmptyStr; example = "tsmserver.company.com"; - description = lib.mdDoc '' + description = '' Host/domain name or IP address of the IBM TSM server. ''; }; options.tcpport = mkOption { type = addCheck port (p: p<=32767); default = 1500; # official default - description = lib.mdDoc '' + description = '' TCP port of the IBM TSM server. TSM does not support ports above 32767. ''; @@ -50,11 +50,11 @@ let options.nodename = mkOption { type = nonEmptyStr; example = "MY-TSM-NODE"; - description = lib.mdDoc '' + description = '' Target node name on the IBM TSM server. ''; }; - options.genPasswd = mkEnableOption (lib.mdDoc '' + options.genPasswd = mkEnableOption '' automatic client password generation. This option does *not* cause a line in {file}`dsm.sys` by itself, but generates a @@ -65,7 +65,7 @@ let If this option is enabled and the server forces to renew the password (e.g. on first connection), a random password will be generated and stored - ''); + ''; options.passwordaccess = mkOption { type = enum [ "generate" "prompt" ]; visible = false; @@ -74,7 +74,7 @@ let type = nullOr path; default = null; example = "/home/alice/tsm-password"; - description = lib.mdDoc '' + description = '' Directory that holds the TSM node's password information. ''; @@ -88,7 +88,7 @@ let exclude.dir /nix/store include.encrypt /home/.../* ''; - description = lib.mdDoc '' + description = '' Text lines with `include.*` and `exclude.*` directives to be used when sending files to the IBM TSM server, or an absolute path pointing to a file with such lines. @@ -112,11 +112,11 @@ let }; options.programs.tsmClient = { - enable = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption '' IBM Storage Protect (Tivoli Storage Manager, TSM) client command line applications with a client system-options file "dsm.sys" - ''); + ''; servers = mkOption { type = attrsOf (submodule serverOptions); default = {}; @@ -125,7 +125,7 @@ let nodename = "MY-TSM-NODE"; compression = "yes"; }; - description = lib.mdDoc '' + description = '' Server definitions ("stanzas") for the client system-options file. The name of each entry will be used for @@ -145,7 +145,7 @@ let type = nullOr servernameType; default = null; example = "mainTsmServer"; - description = lib.mdDoc '' + description = '' If multiple server stanzas are declared with {option}`programs.tsmClient.servers`, this option may be used to name a default @@ -158,7 +158,7 @@ let dsmSysText = mkOption { type = lines; readOnly = true; - description = lib.mdDoc '' + description = '' This configuration key contains the effective text of the client system-options file "dsm.sys". It should not be changed, but may be diff --git a/nixpkgs/nixos/modules/programs/turbovnc.nix b/nixpkgs/nixos/modules/programs/turbovnc.nix index 511b6badc041..fbb3a7bf22e9 100644 --- a/nixpkgs/nixos/modules/programs/turbovnc.nix +++ b/nixpkgs/nixos/modules/programs/turbovnc.nix @@ -15,7 +15,7 @@ in ensureHeadlessSoftwareOpenGL = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to set up NixOS such that TurboVNC's built-in software OpenGL implementation works. diff --git a/nixpkgs/nixos/modules/programs/udevil.nix b/nixpkgs/nixos/modules/programs/udevil.nix index b0f00b4b541b..44b9dd9234b3 100644 --- a/nixpkgs/nixos/modules/programs/udevil.nix +++ b/nixpkgs/nixos/modules/programs/udevil.nix @@ -6,7 +6,7 @@ let cfg = config.programs.udevil; in { - options.programs.udevil.enable = mkEnableOption (lib.mdDoc "udevil"); + options.programs.udevil.enable = mkEnableOption "udevil, to mount filesystems without password"; config = mkIf cfg.enable { security.wrappers.udevil = diff --git a/nixpkgs/nixos/modules/programs/usbtop.nix b/nixpkgs/nixos/modules/programs/usbtop.nix index e262ae3745be..4f13ce5f6262 100644 --- a/nixpkgs/nixos/modules/programs/usbtop.nix +++ b/nixpkgs/nixos/modules/programs/usbtop.nix @@ -6,7 +6,7 @@ let cfg = config.programs.usbtop; in { options = { - programs.usbtop.enable = mkEnableOption (lib.mdDoc "usbtop and required kernel module"); + programs.usbtop.enable = mkEnableOption "usbtop and required kernel module, to show estimated USB bandwidth"; }; config = mkIf cfg.enable { diff --git a/nixpkgs/nixos/modules/programs/vim.nix b/nixpkgs/nixos/modules/programs/vim.nix index da2813f4bb53..eb3499fd243f 100644 --- a/nixpkgs/nixos/modules/programs/vim.nix +++ b/nixpkgs/nixos/modules/programs/vim.nix @@ -9,7 +9,7 @@ in { defaultEditor = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' When enabled, installs vim and configures vim to be the default editor using the EDITOR environment variable. ''; diff --git a/nixpkgs/nixos/modules/programs/wavemon.nix b/nixpkgs/nixos/modules/programs/wavemon.nix index 4dbf2748913e..e5ccacba75d4 100644 --- a/nixpkgs/nixos/modules/programs/wavemon.nix +++ b/nixpkgs/nixos/modules/programs/wavemon.nix @@ -10,7 +10,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to add wavemon to the global environment and configure a setcap wrapper for it. ''; diff --git a/nixpkgs/nixos/modules/programs/wayland/cardboard.nix b/nixpkgs/nixos/modules/programs/wayland/cardboard.nix index 77a094a71700..96089bdf94ed 100644 --- a/nixpkgs/nixos/modules/programs/wayland/cardboard.nix +++ b/nixpkgs/nixos/modules/programs/wayland/cardboard.nix @@ -7,7 +7,7 @@ in meta.maintainers = with lib.maintainers; [ AndersonTorres ]; options.programs.cardboard = { - enable = lib.mkEnableOption (lib.mdDoc "cardboard"); + enable = lib.mkEnableOption "cardboard"; package = lib.mkPackageOption pkgs "cardboard" { }; }; @@ -17,7 +17,7 @@ in environment.systemPackages = [ cfg.package ]; # To make a cardboard session available for certain DMs like SDDM - services.xserver.displayManager.sessionPackages = [ cfg.package ]; + services.displayManager.sessionPackages = [ cfg.package ]; } (import ./wayland-session.nix { inherit lib pkgs; }) ]); diff --git a/nixpkgs/nixos/modules/programs/wayland/hyprland.nix b/nixpkgs/nixos/modules/programs/wayland/hyprland.nix index 9061ce5da83a..e648eaa1b68e 100644 --- a/nixpkgs/nixos/modules/programs/wayland/hyprland.nix +++ b/nixpkgs/nixos/modules/programs/wayland/hyprland.nix @@ -13,8 +13,8 @@ in { options.programs.hyprland = { enable = mkEnableOption null // { - description = mdDoc '' - Hyprland, the dynamic tiling Wayland compositor that doesn't sacrifice on its looks. + description = '' + Whether to enable Hyprland, the dynamic tiling Wayland compositor that doesn't sacrifice on its looks. You can manually launch Hyprland by executing {command}`Hyprland` on a TTY. @@ -33,14 +33,33 @@ in }; defaultText = literalExpression "`programs.hyprland.package` with applied configuration"; - description = mdDoc '' + description = '' The Hyprland package after applying configuration. ''; }; portalPackage = mkPackageOption pkgs "xdg-desktop-portal-hyprland" { }; - xwayland.enable = mkEnableOption (mdDoc "XWayland") // { default = true; }; + xwayland.enable = mkEnableOption ("XWayland") // { default = true; }; + + envVars.enable = mkEnableOption null // { + default = true; + example = false; + description = '' + Set environment variables for Hyprland to work properly. + Enabled by default. + ''; + }; + + systemd.setPath.enable = mkEnableOption null // { + default = true; + example = false; + description = '' + Set environment path of systemd to include the current system's bin directory. + This is needed in Hyprland setups, where opening links in applications do not work. + Enabled by default. + ''; + }; }; config = mkIf cfg.enable { @@ -56,13 +75,28 @@ in security.polkit.enable = true; - services.xserver.displayManager.sessionPackages = [ cfg.finalPackage ]; + services.displayManager.sessionPackages = [ cfg.finalPackage ]; xdg.portal = { enable = mkDefault true; extraPortals = [ finalPortalPackage ]; configPackages = mkDefault [ cfg.finalPackage ]; }; + + environment.sessionVariables = mkIf cfg.envVars.enable { + XDG_CURRENT_DESKTOP = "Hyprland"; + XDG_SESSION_DESKTOP = "Hyprland"; + XDG_SESSION_TYPE = "wayland"; + GDK_BACKEND = "wayland,x11"; + QT_QPA_PLATFORM = "wayland;xcb"; + _JAVA_AWT_WM_NONREPARENTING = "1"; # Fix for Java applications on tiling window managers + }; + + systemd = mkIf cfg.systemd.setPath.enable { + user.extraConfig = '' + DefaultEnvironment="PATH=$PATH:/run/current-system/sw/bin:/etc/profiles/per-user/%u/bin:/run/wrappers/bin" + ''; + }; }; imports = with lib; [ diff --git a/nixpkgs/nixos/modules/programs/wayland/labwc.nix b/nixpkgs/nixos/modules/programs/wayland/labwc.nix index d0806c3aa5d0..c09ab8240d9f 100644 --- a/nixpkgs/nixos/modules/programs/wayland/labwc.nix +++ b/nixpkgs/nixos/modules/programs/wayland/labwc.nix @@ -7,7 +7,7 @@ in meta.maintainers = with lib.maintainers; [ AndersonTorres ]; options.programs.labwc = { - enable = lib.mkEnableOption (lib.mdDoc "labwc"); + enable = lib.mkEnableOption "labwc"; package = lib.mkPackageOption pkgs "labwc" { }; }; @@ -18,7 +18,7 @@ in xdg.portal.config.wlroots.default = lib.mkDefault [ "wlr" "gtk" ]; # To make a labwc session available for certain DMs like SDDM - services.xserver.displayManager.sessionPackages = [ cfg.package ]; + services.displayManager.sessionPackages = [ cfg.package ]; } (import ./wayland-session.nix { inherit lib pkgs; }) ]); diff --git a/nixpkgs/nixos/modules/programs/wayland/river.nix b/nixpkgs/nixos/modules/programs/wayland/river.nix index 995129b9710a..d0e309646b0e 100644 --- a/nixpkgs/nixos/modules/programs/wayland/river.nix +++ b/nixpkgs/nixos/modules/programs/wayland/river.nix @@ -8,7 +8,7 @@ with lib; let cfg = config.programs.river; in { options.programs.river = { - enable = mkEnableOption (lib.mdDoc "river, a dynamic tiling Wayland compositor"); + enable = mkEnableOption "river, a dynamic tiling Wayland compositor"; package = mkPackageOption pkgs "river" { nullable = true; @@ -33,7 +33,7 @@ in { termite rofi light ] ''; - description = lib.mdDoc '' + description = '' Extra packages to be installed system wide. See [Common X11 apps used on i3 with Wayland alternatives](https://github.com/swaywm/sway/wiki/i3-Migration-Guide#common-x11-apps-used-on-i3-with-wayland-alternatives) for a list of useful software. @@ -47,7 +47,7 @@ in { environment.systemPackages = optional (cfg.package != null) cfg.package ++ cfg.extraPackages; # To make a river session available if a display manager like SDDM is enabled: - services.xserver.displayManager.sessionPackages = optionals (cfg.package != null) [ cfg.package ]; + services.displayManager.sessionPackages = optionals (cfg.package != null) [ cfg.package ]; # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050913 xdg.portal.config.river.default = mkDefault [ "wlr" "gtk" ]; diff --git a/nixpkgs/nixos/modules/programs/wayland/sway.nix b/nixpkgs/nixos/modules/programs/wayland/sway.nix index 2bd297af5254..348e1db7cdc1 100644 --- a/nixpkgs/nixos/modules/programs/wayland/sway.nix +++ b/nixpkgs/nixos/modules/programs/wayland/sway.nix @@ -12,7 +12,7 @@ let type = types.bool; inherit default; example = !default; - description = lib.mdDoc "Whether to make use of the ${description}"; + description = "Whether to make use of the ${description}"; }; in { base = mkWrapperFeature true '' @@ -50,19 +50,19 @@ let }; in { options.programs.sway = { - enable = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption '' Sway, the i3-compatible tiling Wayland compositor. You can manually launch Sway by executing "exec sway" on a TTY. Copy /etc/sway/config to ~/.config/sway/config to modify the default configuration. See <https://github.com/swaywm/sway/wiki> and - "man 5 sway" for more information''); + "man 5 sway" for more information''; package = mkOption { type = with types; nullOr package; default = pkgs.sway; apply = p: if p == null then null else genFinalPackage p; defaultText = literalExpression "pkgs.sway"; - description = lib.mdDoc '' + description = '' Sway package to use. If the package does not contain the override arguments `extraSessionCommands`, `extraOptions`, `withBaseWrapper`, `withGtkWrapper`, `isNixOS`, then the module options {option}`wrapperFeatures`, @@ -76,7 +76,7 @@ in { type = wrapperOptions; default = { }; example = { gtk = true; }; - description = lib.mdDoc '' + description = '' Attribute set of features to enable in the wrapper. ''; }; @@ -94,7 +94,7 @@ in { # use this if they aren't displayed properly: export _JAVA_AWT_WM_NONREPARENTING=1 ''; - description = lib.mdDoc '' + description = '' Shell commands executed just before Sway is started. See <https://github.com/swaywm/sway/wiki/Running-programs-natively-under-wayland> and <https://github.com/swaywm/wlroots/blob/master/docs/env_vars.md> @@ -110,7 +110,7 @@ in { "--debug" "--unsupported-gpu" ]; - description = lib.mdDoc '' + description = '' Command line arguments passed to launch Sway. Please DO NOT report issues if you use an unsupported GPU (proprietary drivers). ''; @@ -130,7 +130,7 @@ in { termite rofi light ] ''; - description = lib.mdDoc '' + description = '' Extra packages to be installed system wide. See <https://github.com/swaywm/sway/wiki/Useful-add-ons-for-sway> and <https://github.com/swaywm/sway/wiki/i3-Migration-Guide#common-x11-apps-used-on-i3-with-wayland-alternatives> @@ -174,7 +174,7 @@ in { xdg.portal.config.sway.default = mkDefault [ "wlr" "gtk" ]; # To make a Sway session available if a display manager like SDDM is enabled: - services.xserver.displayManager.sessionPackages = optionals (cfg.package != null) [ cfg.package ]; } + services.displayManager.sessionPackages = optionals (cfg.package != null) [ cfg.package ]; } (import ./wayland-session.nix { inherit lib pkgs; }) ]); diff --git a/nixpkgs/nixos/modules/programs/wayland/waybar.nix b/nixpkgs/nixos/modules/programs/wayland/waybar.nix index ec60b84f6997..ffe889504cd3 100644 --- a/nixpkgs/nixos/modules/programs/wayland/waybar.nix +++ b/nixpkgs/nixos/modules/programs/wayland/waybar.nix @@ -7,7 +7,7 @@ let in { options.programs.waybar = { - enable = mkEnableOption (lib.mdDoc "waybar"); + enable = mkEnableOption "waybar, a highly customizable Wayland bar for Sway and Wlroots based compositors"; package = mkPackageOption pkgs "waybar" { }; }; diff --git a/nixpkgs/nixos/modules/programs/wayland/wayfire.nix b/nixpkgs/nixos/modules/programs/wayland/wayfire.nix index 0840246e5e3e..7acc5b2739cb 100644 --- a/nixpkgs/nixos/modules/programs/wayland/wayfire.nix +++ b/nixpkgs/nixos/modules/programs/wayland/wayfire.nix @@ -6,7 +6,7 @@ in meta.maintainers = with lib.maintainers; [ rewine ]; options.programs.wayfire = { - enable = lib.mkEnableOption (lib.mdDoc "Wayfire, a wayland compositor based on wlroots"); + enable = lib.mkEnableOption "Wayfire, a wayland compositor based on wlroots"; package = lib.mkPackageOption pkgs "wayfire" { }; @@ -21,7 +21,7 @@ in wayfire-plugins-extra ]; ''; - description = lib.mdDoc '' + description = '' Additional plugins to use with the wayfire window manager. ''; }; @@ -38,7 +38,7 @@ in finalPackage ]; - services.xserver.displayManager.sessionPackages = [ finalPackage ]; + services.displayManager.sessionPackages = [ finalPackage ]; xdg.portal = { enable = lib.mkDefault true; diff --git a/nixpkgs/nixos/modules/programs/weylus.nix b/nixpkgs/nixos/modules/programs/weylus.nix index f40dfd5c9613..a47dccb95cd9 100644 --- a/nixpkgs/nixos/modules/programs/weylus.nix +++ b/nixpkgs/nixos/modules/programs/weylus.nix @@ -7,12 +7,12 @@ let in { options.programs.weylus = with types; { - enable = mkEnableOption (lib.mdDoc "weylus"); + enable = mkEnableOption "weylus, which turns your smart phone into a graphic tablet/touch screen for your computer"; openFirewall = mkOption { type = bool; default = false; - description = lib.mdDoc '' + description = '' Open ports needed for the functionality of the program. ''; }; @@ -20,7 +20,7 @@ in users = mkOption { type = listOf str; default = [ ]; - description = lib.mdDoc '' + description = '' To enable stylus and multi-touch support, the user you're going to use must be added to this list. These users can synthesize input events system-wide, even when another user is logged in - untrusted users should not be added. ''; diff --git a/nixpkgs/nixos/modules/programs/wireshark.nix b/nixpkgs/nixos/modules/programs/wireshark.nix index c0dc349cca4a..2d947154e822 100644 --- a/nixpkgs/nixos/modules/programs/wireshark.nix +++ b/nixpkgs/nixos/modules/programs/wireshark.nix @@ -11,7 +11,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to add Wireshark to the global environment and configure a setcap wrapper for 'dumpcap' for users in the 'wireshark' group. ''; diff --git a/nixpkgs/nixos/modules/programs/wshowkeys.nix b/nixpkgs/nixos/modules/programs/wshowkeys.nix index ebb5c5509442..1fef33e04717 100644 --- a/nixpkgs/nixos/modules/programs/wshowkeys.nix +++ b/nixpkgs/nixos/modules/programs/wshowkeys.nix @@ -1,27 +1,31 @@ -{ config, lib, pkgs, ... }: - -with lib; - +{ + config, + lib, + pkgs, + ... +}: let cfg = config.programs.wshowkeys; -in { - meta.maintainers = with maintainers; [ primeos ]; - +in +{ options = { programs.wshowkeys = { - enable = mkEnableOption (lib.mdDoc '' + enable = lib.mkEnableOption '' wshowkeys (displays keypresses on screen on supported Wayland compositors). It requires root permissions to read input events, but - these permissions are dropped after startup''); + these permissions are dropped after startup''; + package = lib.mkPackageOption pkgs "wshowkeys" { }; }; }; - config = mkIf cfg.enable { - security.wrappers.wshowkeys = - { setuid = true; - owner = "root"; - group = "root"; - source = "${pkgs.wshowkeys}/bin/wshowkeys"; - }; + config = lib.mkIf cfg.enable { + security.wrappers.wshowkeys = { + setuid = true; + owner = "root"; + group = "root"; + source = lib.getExe cfg.package; + }; }; + + meta.maintainers = with lib.maintainers; [ primeos ]; } diff --git a/nixpkgs/nixos/modules/programs/xastir.nix b/nixpkgs/nixos/modules/programs/xastir.nix index 6d5fc59aac50..d9c687289ec2 100644 --- a/nixpkgs/nixos/modules/programs/xastir.nix +++ b/nixpkgs/nixos/modules/programs/xastir.nix @@ -8,7 +8,7 @@ in { meta.maintainers = with maintainers; [ melling ]; options.programs.xastir = { - enable = mkEnableOption (mdDoc "Xastir Graphical APRS client"); + enable = mkEnableOption "Xastir Graphical APRS client"; }; config = mkIf cfg.enable { diff --git a/nixpkgs/nixos/modules/programs/xfconf.nix b/nixpkgs/nixos/modules/programs/xfconf.nix index b0f45339335d..8e854b40e513 100644 --- a/nixpkgs/nixos/modules/programs/xfconf.nix +++ b/nixpkgs/nixos/modules/programs/xfconf.nix @@ -11,7 +11,7 @@ in { options = { programs.xfconf = { - enable = mkEnableOption (lib.mdDoc "Xfconf, the Xfce configuration storage system"); + enable = mkEnableOption "Xfconf, the Xfce configuration storage system"; }; }; diff --git a/nixpkgs/nixos/modules/programs/xfs_quota.nix b/nixpkgs/nixos/modules/programs/xfs_quota.nix index 0fc2958b3f38..8f70cc2d9416 100644 --- a/nixpkgs/nixos/modules/programs/xfs_quota.nix +++ b/nixpkgs/nixos/modules/programs/xfs_quota.nix @@ -28,37 +28,37 @@ in options = { id = mkOption { type = types.int; - description = lib.mdDoc "Project ID."; + description = "Project ID."; }; fileSystem = mkOption { type = types.str; - description = lib.mdDoc "XFS filesystem hosting the xfs_quota project."; + description = "XFS filesystem hosting the xfs_quota project."; default = "/"; }; path = mkOption { type = types.str; - description = lib.mdDoc "Project directory."; + description = "Project directory."; }; sizeSoftLimit = mkOption { type = types.nullOr types.str; default = null; example = "30g"; - description = lib.mdDoc "Soft limit of the project size"; + description = "Soft limit of the project size"; }; sizeHardLimit = mkOption { type = types.nullOr types.str; default = null; example = "50g"; - description = lib.mdDoc "Hard limit of the project size."; + description = "Hard limit of the project size."; }; }; }); - description = lib.mdDoc "Setup of xfs_quota projects. Make sure the filesystem is mounted with the pquota option."; + description = "Setup of xfs_quota projects. Make sure the filesystem is mounted with the pquota option."; example = { projname = { diff --git a/nixpkgs/nixos/modules/programs/xonsh.nix b/nixpkgs/nixos/modules/programs/xonsh.nix index 2ece772c929e..fefe6b456c96 100644 --- a/nixpkgs/nixos/modules/programs/xonsh.nix +++ b/nixpkgs/nixos/modules/programs/xonsh.nix @@ -18,7 +18,7 @@ in enable = mkOption { default = false; - description = lib.mdDoc '' + description = '' Whether to configure xonsh as an interactive shell. ''; type = types.bool; @@ -30,7 +30,7 @@ in config = mkOption { default = ""; - description = lib.mdDoc "Control file to customize your shell behavior."; + description = "Control file to customize your shell behavior."; type = types.lines; }; diff --git a/nixpkgs/nixos/modules/programs/xss-lock.nix b/nixpkgs/nixos/modules/programs/xss-lock.nix index 87b3957ab834..1bb73905599f 100644 --- a/nixpkgs/nixos/modules/programs/xss-lock.nix +++ b/nixpkgs/nixos/modules/programs/xss-lock.nix @@ -7,21 +7,21 @@ let in { options.programs.xss-lock = { - enable = mkEnableOption (lib.mdDoc "xss-lock"); + enable = mkEnableOption "xss-lock"; lockerCommand = mkOption { default = "${pkgs.i3lock}/bin/i3lock"; defaultText = literalExpression ''"''${pkgs.i3lock}/bin/i3lock"''; example = literalExpression ''"''${pkgs.i3lock-fancy}/bin/i3lock-fancy"''; type = types.separatedString " "; - description = lib.mdDoc "Locker to be used with xsslock"; + description = "Locker to be used with xsslock"; }; extraOptions = mkOption { default = [ ]; example = [ "--ignore-sleep" ]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' Additional command-line arguments to pass to {command}`xss-lock`. ''; @@ -40,6 +40,7 @@ in "--" cfg.lockerCommand ]); + serviceConfig.Restart = "always"; }; }; } diff --git a/nixpkgs/nixos/modules/programs/xwayland.nix b/nixpkgs/nixos/modules/programs/xwayland.nix index 8d13e4c22b5b..3a8080fa4c4d 100644 --- a/nixpkgs/nixos/modules/programs/xwayland.nix +++ b/nixpkgs/nixos/modules/programs/xwayland.nix @@ -10,7 +10,7 @@ in { options.programs.xwayland = { - enable = mkEnableOption (lib.mdDoc "Xwayland (an X server for interfacing X11 apps with the Wayland protocol)"); + enable = mkEnableOption "Xwayland (an X server for interfacing X11 apps with the Wayland protocol)"; defaultFontPath = mkOption { type = types.str; @@ -19,7 +19,7 @@ in defaultText = literalExpression '' optionalString config.fonts.fontDir.enable "/run/current-system/sw/share/X11/fonts" ''; - description = lib.mdDoc '' + description = '' Default font path. Setting this option causes Xwayland to be rebuilt. ''; }; @@ -34,7 +34,7 @@ in inherit (config.programs.xwayland) defaultFontPath; }) ''; - description = lib.mdDoc "The Xwayland package to use."; + description = "The Xwayland package to use."; }; }; diff --git a/nixpkgs/nixos/modules/programs/yabar.nix b/nixpkgs/nixos/modules/programs/yabar.nix index 58ffe555715d..6e117506a2dc 100644 --- a/nixpkgs/nixos/modules/programs/yabar.nix +++ b/nixpkgs/nixos/modules/programs/yabar.nix @@ -41,7 +41,7 @@ let in { options.programs.yabar = { - enable = mkEnableOption (lib.mdDoc "yabar"); + enable = mkEnableOption "yabar, a status bar for X window managers"; package = mkOption { default = pkgs.yabar-unstable; @@ -62,7 +62,7 @@ in to use `yabar-unstable'. ''; - description = lib.mdDoc '' + description = '' The package which contains the `yabar` binary. Nixpkgs provides the `yabar` and `yabar-unstable` @@ -79,7 +79,7 @@ in example = "Droid Sans, FontAwesome Bold 9"; type = types.str; - description = lib.mdDoc '' + description = '' The font that will be used to draw the status bar. ''; }; @@ -89,7 +89,7 @@ in example = "bottom"; type = types.enum [ "top" "bottom" ]; - description = lib.mdDoc '' + description = '' The position where the bar will be rendered. ''; }; @@ -98,7 +98,7 @@ in default = {}; type = types.attrsOf types.str; - description = lib.mdDoc '' + description = '' An attribute set which contains further attributes of a bar. ''; }; @@ -109,7 +109,7 @@ in options.exec = mkOption { example = "YABAR_DATE"; type = types.str; - description = lib.mdDoc '' + description = '' The type of the indicator to be executed. ''; }; @@ -119,7 +119,7 @@ in example = "right"; type = types.enum [ "left" "center" "right" ]; - description = lib.mdDoc '' + description = '' Whether to align the indicator at the left or right of the bar. ''; }; @@ -128,20 +128,20 @@ in default = {}; type = types.attrsOf (types.either types.str types.int); - description = lib.mdDoc '' + description = '' An attribute set which contains further attributes of a indicator. ''; }; }); - description = lib.mdDoc '' + description = '' Indicators that should be rendered by yabar. ''; }; }; }); - description = lib.mdDoc '' + description = '' List of bars that should be rendered by yabar. ''; }; diff --git a/nixpkgs/nixos/modules/programs/yazi.nix b/nixpkgs/nixos/modules/programs/yazi.nix index 338eddb60d80..5905f2afb946 100644 --- a/nixpkgs/nixos/modules/programs/yazi.nix +++ b/nixpkgs/nixos/modules/programs/yazi.nix @@ -9,7 +9,7 @@ let in { options.programs.yazi = { - enable = lib.mkEnableOption (lib.mdDoc "yazi terminal file manager"); + enable = lib.mkEnableOption "yazi terminal file manager"; package = lib.mkPackageOption pkgs "yazi" { }; @@ -19,7 +19,7 @@ in (name: lib.nameValuePair name (lib.mkOption { inherit (settingsFormat) type; default = { }; - description = lib.mdDoc '' + description = '' Configuration included in `${name}.toml`. See https://yazi-rs.github.io/docs/configuration/${name}/ for documentation. @@ -28,7 +28,7 @@ in names); }; default = { }; - description = lib.mdDoc '' + description = '' Configuration included in `$YAZI_CONFIG_HOME`. ''; }; diff --git a/nixpkgs/nixos/modules/programs/zmap.nix b/nixpkgs/nixos/modules/programs/zmap.nix index 056f78883061..827d9bedca13 100644 --- a/nixpkgs/nixos/modules/programs/zmap.nix +++ b/nixpkgs/nixos/modules/programs/zmap.nix @@ -6,7 +6,7 @@ let cfg = config.programs.zmap; in { options.programs.zmap = { - enable = mkEnableOption (lib.mdDoc "ZMap"); + enable = mkEnableOption "ZMap, a network scanner designed for Internet-wide network surveys"; }; config = mkIf cfg.enable { diff --git a/nixpkgs/nixos/modules/programs/zsh/oh-my-zsh.nix b/nixpkgs/nixos/modules/programs/zsh/oh-my-zsh.nix index 09c3bb974a50..f2a5a7560e40 100644 --- a/nixpkgs/nixos/modules/programs/zsh/oh-my-zsh.nix +++ b/nixpkgs/nixos/modules/programs/zsh/oh-my-zsh.nix @@ -41,7 +41,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable oh-my-zsh. ''; }; @@ -51,7 +51,7 @@ in plugins = mkOption { default = []; type = types.listOf(types.str); - description = lib.mdDoc '' + description = '' List of oh-my-zsh plugins ''; }; @@ -59,7 +59,7 @@ in custom = mkOption { default = null; type = with types; nullOr str; - description = lib.mdDoc '' + description = '' Path to a custom oh-my-zsh package to override config of oh-my-zsh. (Can't be used along with `customPkgs`). ''; @@ -68,7 +68,7 @@ in customPkgs = mkOption { default = []; type = types.listOf types.package; - description = lib.mdDoc '' + description = '' List of custom packages that should be loaded into `oh-my-zsh`. ''; }; @@ -76,7 +76,7 @@ in theme = mkOption { default = ""; type = types.str; - description = lib.mdDoc '' + description = '' Name of the theme to be used by oh-my-zsh. ''; }; @@ -84,7 +84,7 @@ in cacheDir = mkOption { default = "$HOME/.cache/oh-my-zsh"; type = types.str; - description = lib.mdDoc '' + description = '' Cache directory to be used by `oh-my-zsh`. Without this option it would default to the read-only nix store. ''; diff --git a/nixpkgs/nixos/modules/programs/zsh/zsh-autoenv.nix b/nixpkgs/nixos/modules/programs/zsh/zsh-autoenv.nix index 0894bfc3fdda..f07fb5c24d7b 100644 --- a/nixpkgs/nixos/modules/programs/zsh/zsh-autoenv.nix +++ b/nixpkgs/nixos/modules/programs/zsh/zsh-autoenv.nix @@ -7,7 +7,7 @@ let in { options = { programs.zsh.zsh-autoenv = { - enable = mkEnableOption (lib.mdDoc "zsh-autoenv"); + enable = mkEnableOption "zsh-autoenv"; package = mkPackageOption pkgs "zsh-autoenv" { }; }; }; diff --git a/nixpkgs/nixos/modules/programs/zsh/zsh-autosuggestions.nix b/nixpkgs/nixos/modules/programs/zsh/zsh-autosuggestions.nix index d3a9c372e89b..2e53e907d547 100644 --- a/nixpkgs/nixos/modules/programs/zsh/zsh-autosuggestions.nix +++ b/nixpkgs/nixos/modules/programs/zsh/zsh-autosuggestions.nix @@ -12,19 +12,19 @@ in options.programs.zsh.autosuggestions = { - enable = mkEnableOption (lib.mdDoc "zsh-autosuggestions"); + enable = mkEnableOption "zsh-autosuggestions"; highlightStyle = mkOption { type = types.str; default = "fg=8"; # https://github.com/zsh-users/zsh-autosuggestions/tree/v0.4.3#suggestion-highlight-style - description = lib.mdDoc "Highlight style for suggestions ({fore,back}ground color)"; + description = "Highlight style for suggestions ({fore,back}ground color)"; example = "fg=cyan"; }; strategy = mkOption { type = types.listOf (types.enum [ "history" "completion" "match_prev_cmd" ]); default = [ "history" ]; - description = lib.mdDoc '' + description = '' `ZSH_AUTOSUGGEST_STRATEGY` is an array that specifies how suggestions should be generated. The strategies in the array are tried successively until a suggestion is found. There are currently three built-in strategies to choose from: @@ -40,14 +40,14 @@ in async = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to fetch suggestions asynchronously"; + description = "Whether to fetch suggestions asynchronously"; example = false; }; extraConfig = mkOption { type = with types; attrsOf str; default = {}; - description = lib.mdDoc "Attribute set with additional configuration values"; + description = "Attribute set with additional configuration values"; example = literalExpression '' { "ZSH_AUTOSUGGEST_BUFFER_MAX_SIZE" = "20"; diff --git a/nixpkgs/nixos/modules/programs/zsh/zsh-syntax-highlighting.nix b/nixpkgs/nixos/modules/programs/zsh/zsh-syntax-highlighting.nix index cec4be1cb01e..46bc4fcb87f4 100644 --- a/nixpkgs/nixos/modules/programs/zsh/zsh-syntax-highlighting.nix +++ b/nixpkgs/nixos/modules/programs/zsh/zsh-syntax-highlighting.nix @@ -15,7 +15,7 @@ in options = { programs.zsh.syntaxHighlighting = { - enable = mkEnableOption (lib.mdDoc "zsh-syntax-highlighting"); + enable = mkEnableOption "zsh-syntax-highlighting"; highlighters = mkOption { default = [ "main" ]; @@ -31,7 +31,7 @@ in "line" ])); - description = lib.mdDoc '' + description = '' Specifies the highlighters to be used by zsh-syntax-highlighting. The following defined options can be found here: @@ -49,7 +49,7 @@ in } ''; - description = lib.mdDoc '' + description = '' Specifies custom patterns to be highlighted by zsh-syntax-highlighting. Please refer to the docs for more information about the usage: @@ -66,7 +66,7 @@ in } ''; - description = lib.mdDoc '' + description = '' Specifies custom styles to be highlighted by zsh-syntax-highlighting. Please refer to the docs for more information about the usage: diff --git a/nixpkgs/nixos/modules/programs/zsh/zsh.nix b/nixpkgs/nixos/modules/programs/zsh/zsh.nix index cad639f299c8..d7e300b50136 100644 --- a/nixpkgs/nixos/modules/programs/zsh/zsh.nix +++ b/nixpkgs/nixos/modules/programs/zsh/zsh.nix @@ -44,7 +44,7 @@ in enable = mkOption { default = false; - description = lib.mdDoc '' + description = '' Whether to configure zsh as an interactive shell. To enable zsh for a particular user, use the {option}`users.users.<name?>.shell` option for that user. To enable zsh system-wide use the @@ -55,7 +55,7 @@ in shellAliases = mkOption { default = { }; - description = lib.mdDoc '' + description = '' Set of aliases for zsh shell, which overrides {option}`environment.shellAliases`. See {option}`environment.shellAliases` for an option format description. ''; @@ -64,7 +64,7 @@ in shellInit = mkOption { default = ""; - description = lib.mdDoc '' + description = '' Shell script code called during zsh shell initialisation. ''; type = types.lines; @@ -72,7 +72,7 @@ in loginShellInit = mkOption { default = ""; - description = lib.mdDoc '' + description = '' Shell script code called during zsh login shell initialisation. ''; type = types.lines; @@ -80,7 +80,7 @@ in interactiveShellInit = mkOption { default = ""; - description = lib.mdDoc '' + description = '' Shell script code called during interactive zsh shell initialisation. ''; type = types.lines; @@ -94,7 +94,7 @@ in # a lot of different prompt variables. autoload -U promptinit && promptinit && prompt suse && setopt prompt_sp ''; - description = lib.mdDoc '' + description = '' Shell script code used to initialise the zsh prompt. ''; type = types.lines; @@ -102,7 +102,7 @@ in histSize = mkOption { default = 2000; - description = lib.mdDoc '' + description = '' Change history size. ''; type = types.int; @@ -110,7 +110,7 @@ in histFile = mkOption { default = "$HOME/.zsh_history"; - description = lib.mdDoc '' + description = '' Change history file. ''; type = types.str; @@ -124,7 +124,7 @@ in "HIST_FCNTL_LOCK" ]; example = [ "EXTENDED_HISTORY" "RM_STAR_WAIT" ]; - description = lib.mdDoc '' + description = '' Configure zsh options. See {manpage}`zshoptions(1)`. ''; @@ -132,7 +132,7 @@ in enableCompletion = mkOption { default = true; - description = lib.mdDoc '' + description = '' Enable zsh completion for all interactive zsh shells. ''; type = types.bool; @@ -140,7 +140,7 @@ in enableBashCompletion = mkOption { default = false; - description = lib.mdDoc '' + description = '' Enable compatibility with bash's programmable completion system. ''; type = types.bool; @@ -149,7 +149,7 @@ in enableGlobalCompInit = mkOption { default = cfg.enableCompletion; defaultText = literalExpression "config.${opt.enableCompletion}"; - description = lib.mdDoc '' + description = '' Enable execution of compinit call for all interactive zsh shells. This option can be disabled if the user wants to extend its @@ -161,7 +161,7 @@ in enableLsColors = mkOption { default = true; - description = lib.mdDoc '' + description = '' Enable extra colors in directory listings (used by `ls` and `tree`). ''; type = types.bool; diff --git a/nixpkgs/nixos/modules/rename.nix b/nixpkgs/nixos/modules/rename.nix index 0a975fcd98c8..01985995a651 100644 --- a/nixpkgs/nixos/modules/rename.nix +++ b/nixpkgs/nixos/modules/rename.nix @@ -62,6 +62,7 @@ in (mkRemovedOptionModule [ "services" "fourStoreEndpoint" ] "The fourStoreEndpoint module has been removed") (mkRemovedOptionModule [ "services" "fprot" ] "The corresponding package was removed from nixpkgs.") (mkRemovedOptionModule [ "services" "frab" ] "The frab module has been removed") + (mkRemovedOptionModule [ "services" "homeassistant-satellite"] "The `services.homeassistant-satellite` module has been replaced by `services.wyoming-satellite`.") (mkRemovedOptionModule [ "services" "ihatemoney" ] "The ihatemoney module has been removed for lack of downstream maintainer") (mkRemovedOptionModule [ "services" "kippo" ] "The corresponding package was removed from nixpkgs.") (mkRemovedOptionModule [ "services" "mailpile" ] "The corresponding package was removed from nixpkgs.") @@ -92,7 +93,7 @@ in The services.xserver.displayManager.auto module has been removed because it was only intended for use in internal NixOS tests, and gave the false impression of it being a special display manager when it's actually - LightDM. Please use the services.xserver.displayManager.autoLogin options + LightDM. Please use the services.displayManager.autoLogin options instead, or any other display manager in NixOS as they all support auto-login. '') (mkRemovedOptionModule [ "services" "xserver" "multitouch" ] '' diff --git a/nixpkgs/nixos/modules/security/acme/default.nix b/nixpkgs/nixos/modules/security/acme/default.nix index 19297d267851..5ffafdc37fef 100644 --- a/nixpkgs/nixos/modules/security/acme/default.nix +++ b/nixpkgs/nixos/modules/security/acme/default.nix @@ -515,19 +515,19 @@ let validMinDays = mkOption { type = types.int; inherit (defaultAndText "validMinDays" 30) default defaultText; - description = lib.mdDoc "Minimum remaining validity before renewal in days."; + description = "Minimum remaining validity before renewal in days."; }; renewInterval = mkOption { type = types.str; inherit (defaultAndText "renewInterval" "daily") default defaultText; - description = lib.mdDoc '' + description = '' Systemd calendar expression when to check for renewal. See {manpage}`systemd.time(7)`. ''; }; - enableDebugLogs = mkEnableOption (lib.mdDoc "debug logging for this certificate") // { + enableDebugLogs = mkEnableOption "debug logging for this certificate" // { inherit (defaultAndText "enableDebugLogs" true) default defaultText; }; @@ -535,7 +535,7 @@ let type = types.nullOr types.str; inherit (defaultAndText "webroot" null) default defaultText; example = "/var/lib/acme/acme-challenge"; - description = lib.mdDoc '' + description = '' Where the webroot of the HTTP vhost is located. {file}`.well-known/acme-challenge/` directory will be created below the webroot if it doesn't exist. @@ -548,7 +548,7 @@ let type = types.str; inherit (defaultAndText "server" "https://acme-v02.api.letsencrypt.org/directory") default defaultText; example = "https://acme-staging-v02.api.letsencrypt.org/directory"; - description = lib.mdDoc '' + description = '' ACME Directory Resource URI. Defaults to Let's Encrypt's production endpoint. For testing Let's Encrypt's [staging endpoint](https://letsencrypt.org/docs/staging-environment/) @@ -559,7 +559,7 @@ let email = mkOption { type = types.nullOr types.str; inherit (defaultAndText "email" null) default defaultText; - description = lib.mdDoc '' + description = '' Email address for account creation and correspondence from the CA. It is recommended to use the same email for all certs to avoid account creation limits. @@ -569,13 +569,13 @@ let group = mkOption { type = types.str; inherit (defaultAndText "group" "acme") default defaultText; - description = lib.mdDoc "Group running the ACME client."; + description = "Group running the ACME client."; }; reloadServices = mkOption { type = types.listOf types.str; inherit (defaultAndText "reloadServices" []) default defaultText; - description = lib.mdDoc '' + description = '' The list of systemd services to call `systemctl try-reload-or-restart` on. ''; @@ -585,7 +585,7 @@ let type = types.lines; inherit (defaultAndText "postRun" "") default defaultText; example = "cp full.pem backup.pem"; - description = lib.mdDoc '' + description = '' Commands to run after new certificates go live. Note that these commands run as the root user. @@ -596,7 +596,7 @@ let keyType = mkOption { type = types.str; inherit (defaultAndText "keyType" "ec256") default defaultText; - description = lib.mdDoc '' + description = '' Key type to use for private keys. For an up to date list of supported values check the --key-type option at <https://go-acme.github.io/lego/usage/cli/options/>. @@ -607,7 +607,7 @@ let type = types.nullOr types.str; inherit (defaultAndText "dnsProvider" null) default defaultText; example = "route53"; - description = lib.mdDoc '' + description = '' DNS Challenge provider. For a list of supported providers, see the "code" field of the DNS providers listed at <https://go-acme.github.io/lego/dns/>. ''; @@ -617,7 +617,7 @@ let type = types.nullOr types.str; inherit (defaultAndText "dnsResolver" null) default defaultText; example = "1.1.1.1:53"; - description = lib.mdDoc '' + description = '' Set the resolver to use for performing recursive DNS queries. Supported: host:port. The default is to use the system resolvers, or Google's DNS resolvers if the system's cannot be determined. @@ -627,7 +627,7 @@ let environmentFile = mkOption { type = types.nullOr types.path; inherit (defaultAndText "environmentFile" null) default defaultText; - description = lib.mdDoc '' + description = '' Path to an EnvironmentFile for the cert's service containing any required and optional environment variables for your selected dnsProvider. To find out what values you need to set, consult the documentation at @@ -639,7 +639,7 @@ let credentialFiles = mkOption { type = types.attrsOf (types.path); inherit (defaultAndText "credentialFiles" {}) default defaultText; - description = lib.mdDoc '' + description = '' Environment variables suffixed by "_FILE" to set for the cert's service for your selected dnsProvider. To find out what values you need to set, consult the documentation at @@ -657,7 +657,7 @@ let dnsPropagationCheck = mkOption { type = types.bool; inherit (defaultAndText "dnsPropagationCheck" true) default defaultText; - description = lib.mdDoc '' + description = '' Toggles lego DNS propagation check, which is used alongside DNS-01 challenge to ensure the DNS entries required are available. ''; @@ -666,7 +666,7 @@ let ocspMustStaple = mkOption { type = types.bool; inherit (defaultAndText "ocspMustStaple" false) default defaultText; - description = lib.mdDoc '' + description = '' Turns on the OCSP Must-Staple TLS extension. Make sure you know what you're doing! See: @@ -678,7 +678,7 @@ let extraLegoFlags = mkOption { type = types.listOf types.str; inherit (defaultAndText "extraLegoFlags" []) default defaultText; - description = lib.mdDoc '' + description = '' Additional global flags to pass to all lego commands. ''; }; @@ -686,7 +686,7 @@ let extraLegoRenewFlags = mkOption { type = types.listOf types.str; inherit (defaultAndText "extraLegoRenewFlags" []) default defaultText; - description = lib.mdDoc '' + description = '' Additional flags to pass to lego renew. ''; }; @@ -694,7 +694,7 @@ let extraLegoRunFlags = mkOption { type = types.listOf types.str; inherit (defaultAndText "extraLegoRunFlags" []) default defaultText; - description = lib.mdDoc '' + description = '' Additional flags to pass to lego run. ''; }; @@ -725,13 +725,13 @@ let type = types.str; readOnly = true; default = "/var/lib/acme/${name}"; - description = lib.mdDoc "Directory where certificate and other state is stored."; + description = "Directory where certificate and other state is stored."; }; domain = mkOption { type = types.str; default = name; - description = lib.mdDoc "Domain to fetch certificate for (defaults to the entry name)."; + description = "Domain to fetch certificate for (defaults to the entry name)."; }; extraDomainNames = mkOption { @@ -743,7 +743,7 @@ let "mydomain.org" ] ''; - description = lib.mdDoc '' + description = '' A list of extra domain names, which are included in the one certificate to be issued. ''; }; @@ -755,7 +755,7 @@ let type = types.nullOr types.str; default = null; example = ":1360"; - description = lib.mdDoc '' + description = '' Interface and port to listen on to solve HTTP challenges in the form [INTERFACE]:PORT. If you use a port other than 80, you must proxy port 80 to this port. @@ -766,7 +766,7 @@ let type = types.nullOr types.str; default = null; example = "acme"; - description = lib.mdDoc '' + description = '' S3 bucket name to use for HTTP-01 based challenges. Challenges will be written to the S3 bucket. ''; }; @@ -774,7 +774,7 @@ let inheritDefaults = mkOption { default = true; example = true; - description = lib.mdDoc "Whether to inherit values set in `security.acme.defaults` or not."; + description = "Whether to inherit values set in `security.acme.defaults` or not."; type = lib.types.bool; }; }; @@ -787,7 +787,7 @@ in { preliminarySelfsigned = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether a preliminary self-signed certificate should be generated before doing ACME requests. This can be useful when certificates are required in a webserver, but ACME needs the webserver to make its requests. @@ -800,7 +800,7 @@ in { acceptTerms = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Accept the CA's terms of service. The default provider is Let's Encrypt, you can find their ToS at <https://letsencrypt.org/repository/>. ''; @@ -809,7 +809,7 @@ in { useRoot = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to use the root user when generating certs. This is not recommended for security + compatibility reasons. If a service requires root owned certificates consider following the guide on "Using ACME with services demanding root @@ -820,7 +820,7 @@ in { defaults = mkOption { type = types.submodule (inheritableModule true); - description = lib.mdDoc '' + description = '' Default values inheritable by all configured certs. You can use this to define options shared by all your certs. These defaults can also be ignored on a per-cert basis using the @@ -831,7 +831,7 @@ in { certs = mkOption { default = { }; type = with types; attrsOf (submodule [ (inheritableModule false) certOpts ]); - description = lib.mdDoc '' + description = '' Attribute set of certificates to get signed and renewed. Creates `acme-''${cert}.{service,timer}` systemd units for each certificate defined here. Other services can add dependencies @@ -855,7 +855,7 @@ in { maxConcurrentRenewals = mkOption { default = 5; type = types.int; - description = lib.mdDoc '' + description = '' Maximum number of concurrent certificate generation or renewal jobs. All other jobs will queue and wait running jobs to finish. Reduces the system load of certificate generation. diff --git a/nixpkgs/nixos/modules/security/apparmor.nix b/nixpkgs/nixos/modules/security/apparmor.nix index ea1af6c6e2f2..a4b3807e4e0f 100644 --- a/nixpkgs/nixos/modules/security/apparmor.nix +++ b/nixpkgs/nixos/modules/security/apparmor.nix @@ -7,7 +7,7 @@ let inherit (lib) types; inherit (config.environment) etc; cfg = config.security.apparmor; - mkDisableOption = name: mkEnableOption (lib.mdDoc name) // { + mkDisableOption = name: mkEnableOption name // { default = true; example = false; }; @@ -24,7 +24,7 @@ in options = { security.apparmor = { - enable = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption '' the AppArmor Mandatory Access Control system. If you're enabling this module on a running system, @@ -40,9 +40,9 @@ in Enable [](#opt-security.apparmor.killUnconfinedConfinables) if you want this service to do such killing - by sending a `SIGTERM` to those running processes''); + by sending a `SIGTERM` to those running processes''; policies = mkOption { - description = lib.mdDoc '' + description = '' AppArmor policies. ''; type = types.attrsOf (types.submodule ({ name, config, ... }: { @@ -50,7 +50,7 @@ in enable = mkDisableOption "loading of the profile into the kernel"; enforce = mkDisableOption "enforcing of the policy or only complain in the logs"; profile = mkOption { - description = lib.mdDoc "The policy of the profile."; + description = "The policy of the profile."; type = types.lines; apply = pkgs.writeText name; }; @@ -61,7 +61,7 @@ in includes = mkOption { type = types.attrsOf types.lines; default = {}; - description = lib.mdDoc '' + description = '' List of paths to be added to AppArmor's searched paths when resolving `include` directives. ''; @@ -70,16 +70,16 @@ in packages = mkOption { type = types.listOf types.package; default = []; - description = lib.mdDoc "List of packages to be added to AppArmor's include path"; + description = "List of packages to be added to AppArmor's include path"; }; - enableCache = mkEnableOption (lib.mdDoc '' + enableCache = mkEnableOption '' caching of AppArmor policies in `/var/cache/apparmor/`. Beware that AppArmor policies almost always contain Nix store paths, and thus produce at each change of these paths - a new cached version accumulating in the cache''); - killUnconfinedConfinables = mkEnableOption (lib.mdDoc '' + a new cached version accumulating in the cache''; + killUnconfinedConfinables = mkEnableOption '' killing of processes which have an AppArmor profile enabled (in [](#opt-security.apparmor.policies)) but are not confined (because AppArmor can only confine new processes). @@ -88,7 +88,7 @@ in not a `SIGKILL`. Beware that due to a current limitation of AppArmor, - only profiles with exact paths (and no name) can enable such kills''); + only profiles with exact paths (and no name) can enable such kills''; }; }; diff --git a/nixpkgs/nixos/modules/security/audit.nix b/nixpkgs/nixos/modules/security/audit.nix index afc7dd13039d..403aeff020dc 100644 --- a/nixpkgs/nixos/modules/security/audit.nix +++ b/nixpkgs/nixos/modules/security/audit.nix @@ -56,7 +56,7 @@ in { enable = mkOption { type = types.enum [ false true "lock" ]; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the Linux audit system. The special `lock` value can be used to enable auditing and prevent disabling it until a restart. Be careful about locking this, as it will prevent you from changing your audit configuration until you @@ -67,13 +67,13 @@ in { failureMode = mkOption { type = types.enum [ "silent" "printk" "panic" ]; default = "printk"; - description = lib.mdDoc "How to handle critical errors in the auditing system"; + description = "How to handle critical errors in the auditing system"; }; backlogLimit = mkOption { type = types.int; default = 64; # Apparently the kernel default - description = lib.mdDoc '' + description = '' The maximum number of outstanding audit buffers allowed; exceeding this is considered a failure and handled in a manner specified by failureMode. ''; @@ -82,7 +82,7 @@ in { rateLimit = mkOption { type = types.int; default = 0; - description = lib.mdDoc '' + description = '' The maximum messages per second permitted before triggering a failure as specified by failureMode. Setting it to zero disables the limit. ''; @@ -92,7 +92,7 @@ in { type = types.listOf types.str; # (types.either types.str (types.submodule rule)); default = []; example = [ "-a exit,always -F arch=b64 -S execve" ]; - description = lib.mdDoc '' + description = '' The ordered audit rules, with each string appearing as one line of the audit.rules file. ''; }; diff --git a/nixpkgs/nixos/modules/security/auditd.nix b/nixpkgs/nixos/modules/security/auditd.nix index 253ee1d4dd0e..cd377c66f86d 100644 --- a/nixpkgs/nixos/modules/security/auditd.nix +++ b/nixpkgs/nixos/modules/security/auditd.nix @@ -3,7 +3,7 @@ with lib; { - options.security.auditd.enable = mkEnableOption (lib.mdDoc "the Linux Audit daemon"); + options.security.auditd.enable = mkEnableOption "the Linux Audit daemon"; config = mkIf config.security.auditd.enable { boot.kernelParams = [ "audit=1" ]; diff --git a/nixpkgs/nixos/modules/security/ca.nix b/nixpkgs/nixos/modules/security/ca.nix index ae188ea709dd..af5d91b35f2e 100644 --- a/nixpkgs/nixos/modules/security/ca.nix +++ b/nixpkgs/nixos/modules/security/ca.nix @@ -19,7 +19,7 @@ in { options = { - security.pki.installCACerts = mkEnableOption "Add CA certificates to system" // { + security.pki.installCACerts = mkEnableOption "installing CA certificates to the system" // { default = true; internal = true; }; @@ -39,7 +39,7 @@ in type = types.listOf types.path; default = []; example = literalExpression ''[ "''${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ]''; - description = lib.mdDoc '' + description = '' A list of files containing trusted root certificates in PEM format. These are concatenated to form {file}`/etc/ssl/certs/ca-certificates.crt`, which is @@ -63,7 +63,7 @@ in ''' ] ''; - description = lib.mdDoc '' + description = '' A list of trusted root certificates in PEM format. ''; }; @@ -76,7 +76,7 @@ in "CA WoSign ECC Root" "Certification Authority of WoSign G2" ]; - description = lib.mdDoc '' + description = '' A list of blacklisted CA certificate names that won't be imported from the Mozilla Trust Store into {file}`/etc/ssl/certs/ca-certificates.crt`. Use the diff --git a/nixpkgs/nixos/modules/security/chromium-suid-sandbox.nix b/nixpkgs/nixos/modules/security/chromium-suid-sandbox.nix index cab4b9f8d3ab..bb99c053f718 100644 --- a/nixpkgs/nixos/modules/security/chromium-suid-sandbox.nix +++ b/nixpkgs/nixos/modules/security/chromium-suid-sandbox.nix @@ -14,7 +14,7 @@ in options.security.chromiumSuidSandbox.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to install the Chromium SUID sandbox which is an executable that Chromium may use in order to achieve sandboxing. diff --git a/nixpkgs/nixos/modules/security/dhparams.nix b/nixpkgs/nixos/modules/security/dhparams.nix index 9fed7e012b1e..738062c95c47 100644 --- a/nixpkgs/nixos/modules/security/dhparams.nix +++ b/nixpkgs/nixos/modules/security/dhparams.nix @@ -15,7 +15,7 @@ let type = bitType; default = cfg.defaultBitSize; defaultText = literalExpression "config.${opt.defaultBitSize}"; - description = lib.mdDoc '' + description = '' The bit size for the prime that is used during a Diffie-Hellman key exchange. ''; @@ -24,7 +24,7 @@ let options.path = mkOption { type = types.path; readOnly = true; - description = lib.mdDoc '' + description = '' The resulting path of the generated Diffie-Hellman parameters file for other services to reference. This could be either a store path or a file inside the directory specified by @@ -45,7 +45,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to generate new DH params and clean up old DH params. ''; }; @@ -56,7 +56,7 @@ in { in attrsOf (coercedTo int coerce (submodule paramsSubmodule)); default = {}; example = lib.literalExpression "{ nginx.bits = 3072; }"; - description = lib.mdDoc '' + description = '' Diffie-Hellman parameters to generate. The value is the size (in bits) of the DH params to generate. The @@ -91,7 +91,7 @@ in { stateful = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether generation of Diffie-Hellman parameters should be stateful or not. If this is enabled, PEM-encoded files for Diffie-Hellman parameters are placed in the directory specified by @@ -109,7 +109,7 @@ in { defaultBitSize = mkOption { type = bitType; default = 2048; - description = lib.mdDoc '' + description = '' This allows to override the default bit size for all of the Diffie-Hellman parameters set in {option}`security.dhparams.params`. @@ -119,7 +119,7 @@ in { path = mkOption { type = types.str; default = "/var/lib/dhparams"; - description = lib.mdDoc '' + description = '' Path to the directory in which Diffie-Hellman parameters will be stored. This only is relevant if {option}`security.dhparams.stateful` is diff --git a/nixpkgs/nixos/modules/security/doas.nix b/nixpkgs/nixos/modules/security/doas.nix index 115ca33efb5c..457a48a987aa 100644 --- a/nixpkgs/nixos/modules/security/doas.nix +++ b/nixpkgs/nixos/modules/security/doas.nix @@ -53,7 +53,7 @@ in enable = mkOption { type = with types; bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the {command}`doas` command, which allows non-root users to execute commands as root. ''; @@ -62,7 +62,7 @@ in wheelNeedsPassword = mkOption { type = with types; bool; default = true; - description = lib.mdDoc '' + description = '' Whether users of the `wheel` group must provide a password to run commands as super user via {command}`doas`. ''; @@ -70,7 +70,7 @@ in extraRules = mkOption { default = []; - description = lib.mdDoc '' + description = '' Define specific rules to be set in the {file}`/etc/doas.conf` file. More specific rules should come after more general ones in order to yield the expected behavior. @@ -115,7 +115,7 @@ in noPass = mkOption { type = with types; bool; default = false; - description = lib.mdDoc '' + description = '' If `true`, the user is not required to enter a password. ''; @@ -124,7 +124,7 @@ in noLog = mkOption { type = with types; bool; default = false; - description = lib.mdDoc '' + description = '' If `true`, successful executions will not be logged to {manpage}`syslogd(8)`. @@ -134,7 +134,7 @@ in persist = mkOption { type = with types; bool; default = false; - description = lib.mdDoc '' + description = '' If `true`, do not ask for a password again for some time after the user successfully authenticates. ''; @@ -143,7 +143,7 @@ in keepEnv = mkOption { type = with types; bool; default = false; - description = lib.mdDoc '' + description = '' If `true`, environment variables other than those listed in {manpage}`doas(1)` @@ -154,7 +154,7 @@ in setEnv = mkOption { type = with types; listOf str; default = []; - description = lib.mdDoc '' + description = '' Keep or set the specified variables. Variables may also be removed with a leading '-' or set using `variable=value`. If the first character of @@ -173,19 +173,19 @@ in users = mkOption { type = with types; listOf (either str int); default = []; - description = lib.mdDoc "The usernames / UIDs this rule should apply for."; + description = "The usernames / UIDs this rule should apply for."; }; groups = mkOption { type = with types; listOf (either str int); default = []; - description = lib.mdDoc "The groups / GIDs this rule should apply for."; + description = "The groups / GIDs this rule should apply for."; }; runAs = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Which user or group the specified command is allowed to run as. When set to `null` (the default), all users are allowed. @@ -199,7 +199,7 @@ in cmd = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' The command the user is allowed to run. When set to `null` (the default), all commands are allowed. @@ -212,7 +212,7 @@ in args = mkOption { type = with types; nullOr (listOf str); default = null; - description = lib.mdDoc '' + description = '' Arguments that must be provided to the command. When set to `[]`, the command must be run without any arguments. ''; @@ -225,7 +225,7 @@ in extraConfig = mkOption { type = with types; lines; default = ""; - description = lib.mdDoc '' + description = '' Extra configuration text appended to {file}`doas.conf`. Be aware that this option cannot be used to override the behaviour allowing passwordless operation for root. diff --git a/nixpkgs/nixos/modules/security/duosec.nix b/nixpkgs/nixos/modules/security/duosec.nix index ef76bfeb6d66..e755b5f0ee53 100644 --- a/nixpkgs/nixos/modules/security/duosec.nix +++ b/nixpkgs/nixos/modules/security/duosec.nix @@ -36,24 +36,24 @@ in ssh.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "If enabled, protect SSH logins with Duo Security."; + description = "If enabled, protect SSH logins with Duo Security."; }; pam.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "If enabled, protect logins with Duo Security using PAM support."; + description = "If enabled, protect logins with Duo Security using PAM support."; }; integrationKey = mkOption { type = types.str; - description = lib.mdDoc "Integration key."; + description = "Integration key."; }; secretKeyFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' A file containing your secret key. The security of your Duo application is tied to the security of your secret key. ''; example = "/run/keys/duo-skey"; @@ -61,14 +61,14 @@ in host = mkOption { type = types.str; - description = lib.mdDoc "Duo API hostname."; + description = "Duo API hostname."; }; groups = mkOption { type = types.str; default = ""; example = "users,!wheel,!*admin guests"; - description = lib.mdDoc '' + description = '' If specified, Duo authentication is required only for users whose primary group or supplementary group list matches one of the space-separated pattern lists. Refer to @@ -79,7 +79,7 @@ in failmode = mkOption { type = types.enum [ "safe" "secure" ]; default = "safe"; - description = lib.mdDoc '' + description = '' On service or configuration errors that prevent Duo authentication, fail "safe" (allow access) or "secure" (deny access). The default is "safe". @@ -89,7 +89,7 @@ in pushinfo = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Include information such as the command to be executed in the Duo Push message. ''; @@ -98,7 +98,7 @@ in autopush = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' If `true`, Duo Unix will automatically send a push login request to the user’s phone, falling back on a phone call if push is unavailable. If @@ -112,7 +112,7 @@ in motd = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Print the contents of `/etc/motd` to screen after a successful login. ''; @@ -121,7 +121,7 @@ in prompts = mkOption { type = types.enum [ 1 2 3 ]; default = 3; - description = lib.mdDoc '' + description = '' If a user fails to authenticate with a second factor, Duo Unix will prompt the user to authenticate again. This option sets the maximum number of prompts that Duo Unix will @@ -142,7 +142,7 @@ in acceptEnvFactor = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Look for factor selection or passcode in the `$DUO_PASSCODE` environment variable before prompting the user for input. @@ -157,7 +157,7 @@ in fallbackLocalIP = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Duo Unix reports the IP address of the authorizing user, for the purposes of authorization and whitelisting. If Duo Unix cannot detect the IP address of the client, setting @@ -173,7 +173,7 @@ in allowTcpForwarding = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' By default, when SSH forwarding, enabling Duo Security will disable TCP forwarding. By enabling this, you potentially undermine some of the SSH based login security. Note this is @@ -200,7 +200,8 @@ in unitConfig.DefaultDependencies = false; script = '' if test -f "${cfg.secretKeyFile}"; then - mkdir -m 0755 -p /etc/duo + mkdir -p /etc/duo + chmod 0755 /etc/duo umask 0077 conf="$(mktemp)" @@ -222,7 +223,8 @@ in unitConfig.DefaultDependencies = false; script = '' if test -f "${cfg.secretKeyFile}"; then - mkdir -m 0755 -p /etc/duo + mkdir -p /etc/duo + chmod 0755 /etc/duo umask 0077 conf="$(mktemp)" diff --git a/nixpkgs/nixos/modules/security/google_oslogin.nix b/nixpkgs/nixos/modules/security/google_oslogin.nix index 95975943ff80..227e3b5bc4b9 100644 --- a/nixpkgs/nixos/modules/security/google_oslogin.nix +++ b/nixpkgs/nixos/modules/security/google_oslogin.nix @@ -16,7 +16,7 @@ in security.googleOsLogin.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable Google OS Login. The OS Login package enables the following components: diff --git a/nixpkgs/nixos/modules/security/ipa.nix b/nixpkgs/nixos/modules/security/ipa.nix index 3bf8b11f8626..543b1abfa672 100644 --- a/nixpkgs/nixos/modules/security/ipa.nix +++ b/nixpkgs/nixos/modules/security/ipa.nix @@ -31,11 +31,11 @@ with lib; let in { options = { security.ipa = { - enable = mkEnableOption (lib.mdDoc "FreeIPA domain integration"); + enable = mkEnableOption "FreeIPA domain integration"; certificate = mkOption { type = types.package; - description = lib.mdDoc '' + description = '' IPA server CA certificate. Use `nix-prefetch-url http://$server/ipa/config/ca.crt` to @@ -52,64 +52,64 @@ in { domain = mkOption { type = types.str; example = "example.com"; - description = lib.mdDoc "Domain of the IPA server."; + description = "Domain of the IPA server."; }; realm = mkOption { type = types.str; example = "EXAMPLE.COM"; - description = lib.mdDoc "Kerberos realm."; + description = "Kerberos realm."; }; server = mkOption { type = types.str; example = "ipa.example.com"; - description = lib.mdDoc "IPA Server hostname."; + description = "IPA Server hostname."; }; basedn = mkOption { type = types.str; example = "dc=example,dc=com"; - description = lib.mdDoc "Base DN to use when performing LDAP operations."; + description = "Base DN to use when performing LDAP operations."; }; offlinePasswords = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to store offline passwords when the server is down."; + description = "Whether to store offline passwords when the server is down."; }; cacheCredentials = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to cache credentials."; + description = "Whether to cache credentials."; }; ifpAllowedUids = mkOption { type = types.listOf types.str; default = ["root"]; - description = lib.mdDoc "A list of users allowed to access the ifp dbus interface."; + description = "A list of users allowed to access the ifp dbus interface."; }; dyndns = { enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to enable FreeIPA automatic hostname updates."; + description = "Whether to enable FreeIPA automatic hostname updates."; }; interface = mkOption { type = types.str; example = "eth0"; default = "*"; - description = lib.mdDoc "Network interface to perform hostname updates through."; + description = "Network interface to perform hostname updates through."; }; }; chromiumSupport = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to whitelist the FreeIPA domain in Chromium."; + description = "Whether to whitelist the FreeIPA domain in Chromium."; }; }; }; diff --git a/nixpkgs/nixos/modules/security/isolate.nix b/nixpkgs/nixos/modules/security/isolate.nix new file mode 100644 index 000000000000..3cc0176f3db3 --- /dev/null +++ b/nixpkgs/nixos/modules/security/isolate.nix @@ -0,0 +1,133 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkEnableOption mkPackageOption mkOption types mkIf maintainers; + + cfg = config.security.isolate; + configFile = pkgs.writeText "isolate-config.cf" '' + box_root=${cfg.boxRoot} + lock_root=${cfg.lockRoot} + cg_root=${cfg.cgRoot} + first_uid=${toString cfg.firstUid} + first_gid=${toString cfg.firstGid} + num_boxes=${toString cfg.numBoxes} + restricted_init=${if cfg.restrictedInit then "1" else "0"} + ${cfg.extraConfig} + ''; + isolate = pkgs.symlinkJoin { + name = "isolate-wrapped-${pkgs.isolate.version}"; + + paths = [ pkgs.isolate ]; + + nativeBuildInputs = [ pkgs.makeWrapper ]; + + postBuild = '' + wrapProgram $out/bin/isolate \ + --set ISOLATE_CONFIG_FILE ${configFile} + + wrapProgram $out/bin/isolate-cg-keeper \ + --set ISOLATE_CONFIG_FILE ${configFile} + ''; + }; +in +{ + options.security.isolate = { + enable = mkEnableOption '' + Sandbox for securely executing untrusted programs + ''; + + package = mkPackageOption pkgs "isolate-unwrapped" { }; + + boxRoot = mkOption { + type = types.path; + default = "/var/lib/isolate/boxes"; + description = '' + All sandboxes are created under this directory. + To avoid symlink attacks, this directory and all its ancestors + must be writeable only by root. + ''; + }; + + lockRoot = mkOption { + type = types.path; + default = "/run/isolate/locks"; + description = '' + Directory where lock files are created. + ''; + }; + + cgRoot = mkOption { + type = types.str; + default = "auto:/run/isolate/cgroup"; + description = '' + Control group which subgroups are placed under. + Either an explicit path to a subdirectory in cgroupfs, or "auto:file" to read + the path from "file", where it is put by `isolate-cg-helper`. + ''; + }; + + firstUid = mkOption { + type = types.numbers.between 1000 65533; + default = 60000; + description = '' + Start of block of UIDs reserved for sandboxes. + ''; + }; + + firstGid = mkOption { + type = types.numbers.between 1000 65533; + default = 60000; + description = '' + Start of block of GIDs reserved for sandboxes. + ''; + }; + + numBoxes = mkOption { + type = types.numbers.between 1000 65533; + default = 1000; + description = '' + Number of UIDs and GIDs to reserve, starting from + {option}`firstUid` and {option}`firstGid`. + ''; + }; + + restrictedInit = mkOption { + type = types.bool; + default = false; + description = '' + If true, only root can create sandboxes. + ''; + }; + + extraConfig = mkOption { + type = types.str; + default = ""; + description = '' + Extra configuration to append to the configuration file. + ''; + }; + }; + + config = mkIf cfg.enable { + environment.systemPackages = [ + isolate + ]; + + systemd.services.isolate = { + description = "Isolate control group hierarchy daemon"; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Type = "notify"; + ExecStart = "${isolate}/bin/isolate-cg-keeper"; + Slice = "isolate.slice"; + Delegate = true; + }; + }; + + systemd.slices.isolate = { + description = "Isolate sandbox slice"; + }; + + meta.maintainers = with maintainers; [ virchau13 ]; + }; +} diff --git a/nixpkgs/nixos/modules/security/krb5/default.nix b/nixpkgs/nixos/modules/security/krb5/default.nix index 5921982f954c..78426c07cbc9 100644 --- a/nixpkgs/nixos/modules/security/krb5/default.nix +++ b/nixpkgs/nixos/modules/security/krb5/default.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: let - inherit (lib) mdDoc mkIf mkOption mkPackageOption mkRemovedOptionModule; + inherit (lib) mkIf mkOption mkPackageOption mkRemovedOptionModule; inherit (lib.types) bool; mkRemovedOptionModule' = name: reason: mkRemovedOptionModule ["krb5" name] reason; @@ -30,7 +30,7 @@ in { security.krb5 = { enable = mkOption { default = false; - description = mdDoc "Enable and configure Kerberos utilities"; + description = "Enable and configure Kerberos utilities"; type = bool; }; @@ -41,7 +41,7 @@ in { settings = mkOption { default = { }; type = format.type; - description = mdDoc '' + description = '' Structured contents of the {file}`krb5.conf` file. See {manpage}`krb5.conf(5)` for details about configuration. ''; diff --git a/nixpkgs/nixos/modules/security/krb5/krb5-conf-format.nix b/nixpkgs/nixos/modules/security/krb5/krb5-conf-format.nix index d01e47a40be0..5a6bbed9fd18 100644 --- a/nixpkgs/nixos/modules/security/krb5/krb5-conf-format.nix +++ b/nixpkgs/nixos/modules/security/krb5/krb5-conf-format.nix @@ -6,7 +6,7 @@ let inherit (lib) boolToString concatMapStringsSep concatStringsSep filter - isAttrs isBool isList mapAttrsToList mdDoc mkOption singleton splitString; + isAttrs isBool isList mapAttrsToList mkOption singleton splitString; inherit (lib.types) attrsOf bool coercedTo either int listOf oneOf path str submodule; in @@ -21,21 +21,21 @@ in options = { include = mkOption { default = [ ]; - description = mdDoc '' + description = '' Files to include in the Kerberos configuration. ''; type = coercedTo path singleton (listOf path); }; includedir = mkOption { default = [ ]; - description = mdDoc '' + description = '' Directories containing files to include in the Kerberos configuration. ''; type = coercedTo path singleton (listOf path); }; module = mkOption { default = [ ]; - description = mdDoc '' + description = '' Modules to obtain Kerberos configuration from. ''; type = coercedTo path singleton (listOf path); diff --git a/nixpkgs/nixos/modules/security/lock-kernel-modules.nix b/nixpkgs/nixos/modules/security/lock-kernel-modules.nix index 461b9ffe7ee0..3a1ad4d8b374 100644 --- a/nixpkgs/nixos/modules/security/lock-kernel-modules.nix +++ b/nixpkgs/nixos/modules/security/lock-kernel-modules.nix @@ -11,7 +11,7 @@ with lib; security.lockKernelModules = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Disable kernel module loading once the system is fully initialised. Module loading is disabled until the next reboot. Problems caused by delayed module loading can be fixed by adding the module(s) in diff --git a/nixpkgs/nixos/modules/security/misc.nix b/nixpkgs/nixos/modules/security/misc.nix index cd48eade7784..5e13b4caddd8 100644 --- a/nixpkgs/nixos/modules/security/misc.nix +++ b/nixpkgs/nixos/modules/security/misc.nix @@ -15,7 +15,7 @@ with lib; security.allowUserNamespaces = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to allow creation of user namespaces. The motivation for disabling user namespaces is the potential @@ -34,7 +34,7 @@ with lib; security.unprivilegedUsernsClone = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' When disabled, unprivileged users will not be able to create new namespaces. By default unprivileged user namespaces are disabled. This option only works in a hardened profile. @@ -44,7 +44,7 @@ with lib; security.protectKernelImage = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to prevent replacing the running kernel image. ''; }; @@ -52,7 +52,7 @@ with lib; security.allowSimultaneousMultithreading = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to allow SMT/hyperthreading. Disabling SMT means that only physical CPU cores will be usable at runtime, potentially at significant performance cost. @@ -71,7 +71,7 @@ with lib; security.forcePageTableIsolation = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to force-enable the Page Table Isolation (PTI) Linux kernel feature even on CPU models that claim to be safe from Meltdown. @@ -83,7 +83,7 @@ with lib; security.virtualisation.flushL1DataCache = mkOption { type = types.nullOr (types.enum [ "never" "cond" "always" ]); default = null; - description = lib.mdDoc '' + description = '' Whether the hypervisor should flush the L1 data cache before entering guests. See also [](#opt-security.allowSimultaneousMultithreading). diff --git a/nixpkgs/nixos/modules/security/oath.nix b/nixpkgs/nixos/modules/security/oath.nix index 334286653846..93bdc851117a 100644 --- a/nixpkgs/nixos/modules/security/oath.nix +++ b/nixpkgs/nixos/modules/security/oath.nix @@ -11,7 +11,7 @@ with lib; enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable the OATH (one-time password) PAM module. ''; }; @@ -19,7 +19,7 @@ with lib; digits = mkOption { type = types.enum [ 6 7 8 ]; default = 6; - description = lib.mdDoc '' + description = '' Specify the length of the one-time password in number of digits. ''; @@ -28,7 +28,7 @@ with lib; window = mkOption { type = types.int; default = 5; - description = lib.mdDoc '' + description = '' Specify the number of one-time passwords to check in order to accommodate for situations where the system and the client are slightly out of sync (iteration for HOTP or time @@ -39,7 +39,7 @@ with lib; usersFile = mkOption { type = types.path; default = "/etc/users.oath"; - description = lib.mdDoc '' + description = '' Set the path to file where the user's credentials are stored. This file must not be world readable! ''; diff --git a/nixpkgs/nixos/modules/security/pam.nix b/nixpkgs/nixos/modules/security/pam.nix index 26dc724ae159..5d3bed2fb02c 100644 --- a/nixpkgs/nixos/modules/security/pam.nix +++ b/nixpkgs/nixos/modules/security/pam.nix @@ -9,7 +9,7 @@ let mkRulesTypeOption = type: mkOption { # These options are experimental and subject to breaking changes without notice. - description = lib.mdDoc '' + description = '' PAM `${type}` rules for this service. Attribute keys are the name of each rule. @@ -18,7 +18,7 @@ let options = { name = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Name of this rule. ''; internal = true; @@ -27,13 +27,13 @@ let enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether this rule is added to the PAM service config file. ''; }; order = mkOption { type = types.int; - description = lib.mdDoc '' + description = '' Order of this rule in the service file. Rules are arranged in ascending order of this value. ::: {.warning} @@ -50,19 +50,19 @@ let }; control = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Indicates the behavior of the PAM-API should the module fail to succeed in its authentication task. See `control` in {manpage}`pam.conf(5)` for details. ''; }; modulePath = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Either the full filename of the PAM to be used by the application (it begins with a '/'), or a relative pathname from the default module location. See `module-path` in {manpage}`pam.conf(5)` for details. ''; }; args = mkOption { type = types.listOf types.str; - description = lib.mdDoc '' + description = '' Tokens that can be used to modify the specific behavior of the given PAM. Such arguments will be documented for each individual module. See `module-arguments` in {manpage}`pam.conf(5)` for details. Escaping rules for spaces and square brackets are automatically applied. @@ -73,7 +73,7 @@ let settings = mkOption { type = with types; attrsOf (nullOr (oneOf [ bool str int pathInStore ])); default = {}; - description = lib.mdDoc '' + description = '' Settings to add as `module-arguments`. Boolean values render just the key if true, and nothing if false. Null values are ignored. All other values are rendered as key-value pairs. @@ -105,14 +105,14 @@ let name = mkOption { example = "sshd"; type = types.str; - description = lib.mdDoc "Name of the PAM service."; + description = "Name of the PAM service."; }; rules = mkOption { # This option is experimental and subject to breaking changes without notice. visible = false; - description = lib.mdDoc '' + description = '' PAM rules for this service. ::: {.warning} @@ -133,7 +133,7 @@ let unixAuth = mkOption { default = true; type = types.bool; - description = lib.mdDoc '' + description = '' Whether users can log in with passwords defined in {file}`/etc/shadow`. ''; @@ -142,7 +142,7 @@ let rootOK = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' If set, root doesn't need to authenticate (e.g. for the {command}`useradd` service). ''; @@ -152,7 +152,7 @@ let default = config.security.pam.p11.enable; defaultText = literalExpression "config.security.pam.p11.enable"; type = types.bool; - description = lib.mdDoc '' + description = '' If set, keys listed in {file}`~/.ssh/authorized_keys` and {file}`~/.eid/authorized_certificates` @@ -164,7 +164,7 @@ let default = config.security.pam.u2f.enable; defaultText = literalExpression "config.security.pam.u2f.enable"; type = types.bool; - description = lib.mdDoc '' + description = '' If set, users listed in {file}`$XDG_CONFIG_HOME/Yubico/u2f_keys` (or {file}`$HOME/.config/Yubico/u2f_keys` if XDG variable is @@ -176,7 +176,7 @@ let usshAuth = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' If set, users with an SSH certificate containing an authorized principal in their SSH agent are able to log in. Specific options are controlled using the {option}`security.pam.ussh` options. @@ -190,7 +190,7 @@ let default = config.security.pam.yubico.enable; defaultText = literalExpression "config.security.pam.yubico.enable"; type = types.bool; - description = lib.mdDoc '' + description = '' If set, users listed in {file}`~/.yubico/authorized_yubikeys` are able to log in with the associated Yubikey tokens. @@ -201,7 +201,7 @@ let enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' If set, users with enabled Google Authenticator (created {file}`~/.google_authenticator`) will be required to provide Google Authenticator token to log in. @@ -213,7 +213,7 @@ let default = config.security.pam.enableOTPW; defaultText = literalExpression "config.security.pam.enableOTPW"; type = types.bool; - description = lib.mdDoc '' + description = '' If set, the OTPW system will be used (if {file}`~/.otpw` exists). ''; @@ -222,7 +222,7 @@ let googleOsLoginAccountVerification = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' If set, will use the Google OS Login PAM modules (`pam_oslogin_login`, `pam_oslogin_admin`) to verify possible OS Login @@ -235,7 +235,7 @@ let googleOsLoginAuthentication = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' If set, will use the `pam_oslogin_login`'s user authentication methods to authenticate users using 2FA. This only makes sense to enable for the `sshd` PAM @@ -247,7 +247,7 @@ let default = config.users.mysql.enable; defaultText = literalExpression "config.users.mysql.enable"; type = types.bool; - description = lib.mdDoc '' + description = '' If set, the `pam_mysql` module will be used to authenticate users against a MySQL/MariaDB database. ''; @@ -257,7 +257,7 @@ let default = config.services.fprintd.enable; defaultText = literalExpression "config.services.fprintd.enable"; type = types.bool; - description = lib.mdDoc '' + description = '' If set, fingerprint reader will be used (if exists and your fingerprints are enrolled). ''; @@ -267,7 +267,7 @@ let default = config.security.pam.oath.enable; defaultText = literalExpression "config.security.pam.oath.enable"; type = types.bool; - description = lib.mdDoc '' + description = '' If set, the OATH Toolkit will be used. ''; }; @@ -275,7 +275,7 @@ let sshAgentAuth = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' If set, the calling user's SSH agent is used to authenticate against the keys in the calling user's {file}`~/.ssh/authorized_keys`. This is useful @@ -287,7 +287,7 @@ let enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' If set, use the Duo Security pam module `pam_duo` for authentication. Requires configuration of {option}`security.duosec` options. @@ -298,7 +298,7 @@ let startSession = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' If set, the service will register a new session with systemd's login manager. For local sessions, this will give the user access to audio devices, CD-ROM drives. In the @@ -310,7 +310,7 @@ let setEnvironment = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether the service should set the environment variables listed in {option}`environment.sessionVariables` using `pam_env.so`. @@ -319,7 +319,7 @@ let setLoginUid = mkOption { type = types.bool; - description = lib.mdDoc '' + description = '' Set the login uid of the process ({file}`/proc/self/loginuid`) for auditing purposes. The login uid is only set by ‘entry points’ like @@ -332,7 +332,7 @@ let enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable or disable TTY auditing for specified users ''; }; @@ -340,7 +340,7 @@ let enablePattern = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' For each user matching one of comma-separated glob patterns, enable TTY auditing ''; @@ -349,7 +349,7 @@ let disablePattern = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' For each user matching one of comma-separated glob patterns, disable TTY auditing ''; @@ -358,7 +358,7 @@ let openOnly = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Set the TTY audit flag when opening the session, but do not restore it when closing the session. Using this option is necessary for some services @@ -371,7 +371,7 @@ let forwardXAuth = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether X authentication keys should be passed from the calling user to the target user (e.g. for {command}`su`) @@ -382,7 +382,7 @@ let default = config.security.pam.mount.enable; defaultText = literalExpression "config.security.pam.mount.enable"; type = types.bool; - description = lib.mdDoc '' + description = '' Enable PAM mount (pam_mount) system to mount filesystems on user login. ''; }; @@ -390,7 +390,7 @@ let allowNullPassword = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to allow logging into accounts that have no password set (i.e., have an empty password field in {file}`/etc/passwd` or @@ -405,7 +405,7 @@ let nodelay = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether the delay after typing a wrong password should be disabled. ''; }; @@ -413,7 +413,7 @@ let requireWheel = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to permit root access only to members of group wheel. ''; }; @@ -421,7 +421,7 @@ let limits = mkOption { default = []; type = limitsType; - description = lib.mdDoc '' + description = '' Attribute set describing resource limits. Defaults to the value of {option}`security.pam.loginLimits`. The meaning of the values is explained in {manpage}`limits.conf(5)`. @@ -431,13 +431,13 @@ let showMotd = mkOption { default = false; type = types.bool; - description = lib.mdDoc "Whether to show the message of the day."; + description = "Whether to show the message of the day."; }; makeHomeDir = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to try to create home directories for users with `$HOME`s pointing to nonexistent locations on session login. @@ -447,19 +447,19 @@ let updateWtmp = mkOption { default = false; type = types.bool; - description = lib.mdDoc "Whether to update {file}`/var/log/wtmp`."; + description = "Whether to update {file}`/var/log/wtmp`."; }; logFailures = mkOption { default = false; type = types.bool; - description = lib.mdDoc "Whether to log authentication failures in {file}`/var/log/faillog`."; + description = "Whether to log authentication failures in {file}`/var/log/faillog`."; }; enableAppArmor = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Enable support for attaching AppArmor profiles at the user/group level, e.g., as part of a role based access control scheme. @@ -470,7 +470,7 @@ let enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' If enabled, pam_wallet will attempt to automatically unlock the user's default KDE wallet upon login. If the user has no wallet named "kdewallet", or the login password does not match their wallet @@ -486,13 +486,13 @@ let sssdStrictAccess = mkOption { default = false; type = types.bool; - description = lib.mdDoc "enforce sssd access control"; + description = "enforce sssd access control"; }; enableGnomeKeyring = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' If enabled, pam_gnome_keyring will attempt to automatically unlock the user's default Gnome keyring upon login. If the user login password does not match their keyring password, Gnome Keyring will prompt separately @@ -504,7 +504,7 @@ let enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' If enabled, this will replace the `FAIL_DELAY` setting from `login.defs`. Change the delay on failure per-application. ''; @@ -514,7 +514,7 @@ let default = 3000000; type = types.int; example = 1000000; - description = lib.mdDoc "The delay time (in microseconds) on failure."; + description = "The delay time (in microseconds) on failure."; }; }; @@ -522,7 +522,7 @@ let enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' If enabled, pam_gnupg will attempt to automatically unlock the user's GPG keys with the login password via {command}`gpg-agent`. The keygrips of all keys to be @@ -537,7 +537,7 @@ let noAutostart = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Don't start {command}`gpg-agent` if it is not running. Useful in conjunction with starting {command}`gpg-agent` as a systemd user service. @@ -547,7 +547,7 @@ let storeOnly = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Don't send the password immediately after login, but store for PAM `session`. ''; @@ -558,14 +558,14 @@ let default = config.security.pam.zfs.enable; defaultText = literalExpression "config.security.pam.zfs.enable"; type = types.bool; - description = lib.mdDoc '' + description = '' Enable unlocking and mounting of encrypted ZFS home dataset at login. ''; }; text = mkOption { type = types.nullOr types.lines; - description = lib.mdDoc "Contents of the PAM service file."; + description = "Contents of the PAM service file."; }; }; @@ -887,19 +887,19 @@ let limitsType = with lib.types; listOf (submodule ({ ... }: { options = { domain = mkOption { - description = lib.mdDoc "Username, groupname, or wildcard this limit applies to"; + description = "Username, groupname, or wildcard this limit applies to"; example = "@wheel"; type = str; }; type = mkOption { - description = lib.mdDoc "Type of this limit"; + description = "Type of this limit"; type = enum [ "-" "hard" "soft" ]; default = "-"; }; item = mkOption { - description = lib.mdDoc "Item this limit applies to"; + description = "Item this limit applies to"; type = enum [ "core" "data" @@ -923,7 +923,7 @@ let }; value = mkOption { - description = lib.mdDoc "Value of this limit"; + description = "Value of this limit"; type = oneOf [ str int ]; }; }; @@ -974,7 +974,7 @@ in } ]; - description = lib.mdDoc '' + description = '' Define resource limits that should apply to users or groups. Each item in the list should be an attribute set with a {var}`domain`, {var}`type`, @@ -991,8 +991,7 @@ in security.pam.services = mkOption { default = {}; type = with types; attrsOf (submodule pamOpts); - description = - lib.mdDoc '' + description = '' This option defines the PAM services. A service typically corresponds to a program that uses PAM, e.g. {command}`login` or {command}`passwd`. @@ -1005,7 +1004,7 @@ in type = types.str; default = "/var/empty"; example = "/etc/skel"; - description = lib.mdDoc '' + description = '' Path to skeleton directory whose contents are copied to home directories newly created by `pam_mkhomedir`. ''; @@ -1015,7 +1014,7 @@ in type = types.str; default = "0077"; example = "0022"; - description = lib.mdDoc '' + description = '' The user file mode creation mask to use on home directories newly created by `pam_mkhomedir`. ''; @@ -1045,34 +1044,30 @@ in See [issue #31611](https://github.com/NixOS/nixpkgs/issues/31611) ::: ''; - example = [ "/etc/ssh/authorized_keys.d/%u" ]; - default = config.services.openssh.authorizedKeysFiles; - defaultText = literalExpression "config.services.openssh.authorizedKeysFiles"; + default = [ "/etc/ssh/authorized_keys.d/%u" ]; }; }; - security.pam.enableOTPW = mkEnableOption (lib.mdDoc "the OTPW (one-time password) PAM module"); + security.pam.enableOTPW = mkEnableOption "the OTPW (one-time password) PAM module"; security.pam.dp9ik = { - enable = mkEnableOption ( - lib.mdDoc '' + enable = mkEnableOption '' the dp9ik pam module provided by tlsclient. If set, users can be authenticated against the 9front authentication server given in {option}`security.pam.dp9ik.authserver`. - '' - ); + ''; control = mkOption { default = "sufficient"; type = types.str; - description = lib.mdDoc '' + description = '' This option sets the pam "control" used for this module. ''; }; authserver = mkOption { default = null; type = with types; nullOr str; - description = lib.mdDoc '' + description = '' This controls the hostname for the 9front authentication server that users will be authenticated against. ''; @@ -1084,7 +1079,7 @@ in default = config.security.krb5.enable; defaultText = literalExpression "config.security.krb5.enable"; type = types.bool; - description = lib.mdDoc '' + description = '' Enables Kerberos PAM modules (`pam-krb5`, `pam-ccreds`). @@ -1103,7 +1098,7 @@ in enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Enables P11 PAM (`pam_p11`) module. If set, users can log in with SSH keys and PKCS#11 tokens. @@ -1115,7 +1110,7 @@ in control = mkOption { default = "sufficient"; type = types.enum [ "required" "requisite" "sufficient" "optional" ]; - description = lib.mdDoc '' + description = '' This option sets pam "control". If you want to have multi factor authentication, use "required". If you want to use the PKCS#11 device instead of the regular password, @@ -1132,7 +1127,7 @@ in enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Enables U2F PAM (`pam-u2f`) module. If set, users listed in @@ -1152,7 +1147,7 @@ in authFile = mkOption { default = null; type = with types; nullOr path; - description = lib.mdDoc '' + description = '' By default `pam-u2f` module reads the keys from {file}`$XDG_CONFIG_HOME/Yubico/u2f_keys` (or {file}`$HOME/.config/Yubico/u2f_keys` if XDG variable is @@ -1173,7 +1168,7 @@ in appId = mkOption { default = null; type = with types; nullOr str; - description = lib.mdDoc '' + description = '' By default `pam-u2f` module sets the application ID to `pam://$HOSTNAME`. @@ -1187,7 +1182,7 @@ in origin = mkOption { default = null; type = with types; nullOr str; - description = lib.mdDoc '' + description = '' By default `pam-u2f` module sets the origin to `pam://$HOSTNAME`. Setting origin to an host independent value will allow you to @@ -1203,7 +1198,7 @@ in control = mkOption { default = "sufficient"; type = types.enum [ "required" "requisite" "sufficient" "optional" ]; - description = lib.mdDoc '' + description = '' This option sets pam "control". If you want to have multi factor authentication, use "required". If you want to use U2F device instead of regular password, use "sufficient". @@ -1217,7 +1212,7 @@ in debug = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Debug output to stderr. ''; }; @@ -1225,7 +1220,7 @@ in interactive = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Set to prompt a message and wait before testing the presence of a U2F device. Recommended if your device doesn’t have a tactile trigger. ''; @@ -1234,7 +1229,7 @@ in cue = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' By default `pam-u2f` module does not inform user that he needs to use the u2f device, it just waits without a prompt. @@ -1249,7 +1244,7 @@ in enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Enables Uber's USSH PAM (`pam-ussh`) module. This is similar to `pam-ssh-agent`, except that @@ -1266,7 +1261,7 @@ in caFile = mkOption { default = null; type = with types; nullOr path; - description = lib.mdDoc '' + description = '' By default `pam-ussh` reads the trusted user CA keys from {file}`/etc/ssh/trusted_user_ca`. @@ -1278,7 +1273,7 @@ in authorizedPrincipals = mkOption { default = null; type = with types; nullOr commas; - description = lib.mdDoc '' + description = '' Comma-separated list of authorized principals to permit; if the user presents a certificate with one of these principals, then they will be authorized. @@ -1294,7 +1289,7 @@ in authorizedPrincipalsFile = mkOption { default = null; type = with types; nullOr path; - description = lib.mdDoc '' + description = '' Path to a list of principals; if the user presents a certificate with one of these principals, then they will be authorized. @@ -1309,7 +1304,7 @@ in group = mkOption { default = null; type = with types; nullOr str; - description = lib.mdDoc '' + description = '' If set, then the authenticating user must be a member of this group to use this module. ''; @@ -1318,7 +1313,7 @@ in control = mkOption { default = "sufficient"; type = types.enum [ "required" "requisite" "sufficient" "optional" ]; - description = lib.mdDoc '' + description = '' This option sets pam "control". If you want to have multi factor authentication, use "required". If you want to use the SSH certificate instead of the regular password, @@ -1335,7 +1330,7 @@ in enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Enables Yubico PAM (`yubico-pam`) module. If set, users listed in @@ -1350,7 +1345,7 @@ in control = mkOption { default = "sufficient"; type = types.enum [ "required" "requisite" "sufficient" "optional" ]; - description = lib.mdDoc '' + description = '' This option sets pam "control". If you want to have multi factor authentication, use "required". If you want to use Yubikey instead of regular password, use "sufficient". @@ -1363,20 +1358,20 @@ in id = mkOption { example = "42"; type = types.str; - description = lib.mdDoc "client id"; + description = "client id"; }; debug = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Debug output to stderr. ''; }; mode = mkOption { default = "client"; type = types.enum [ "client" "challenge-response" ]; - description = lib.mdDoc '' + description = '' Mode of operation. Use "client" for online validation with a YubiKey validation service such as @@ -1392,7 +1387,7 @@ in challengeResponsePath = mkOption { default = null; type = types.nullOr types.path; - description = lib.mdDoc '' + description = '' If not null, set the path used by yubico pam module where the challenge expected response is stored. More information can be found [here](https://developers.yubico.com/yubico-pam/Authentication_Using_Challenge-Response.html). @@ -1404,7 +1399,7 @@ in enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Enable unlocking and mounting of encrypted ZFS home dataset at login. ''; }; @@ -1413,7 +1408,7 @@ in example = "rpool/home"; default = "rpool/home"; type = types.str; - description = lib.mdDoc '' + description = '' Prefix of home datasets. This value will be concatenated with `"/" + <username>` in order to determine the home dataset to unlock. ''; @@ -1422,34 +1417,34 @@ in noUnmount = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Do not unmount home dataset on logout. ''; }; }; - security.pam.enableEcryptfs = mkEnableOption (lib.mdDoc "eCryptfs PAM module (mounting ecryptfs home directory on login)"); - security.pam.enableFscrypt = mkEnableOption (lib.mdDoc '' - fscrypt to automatically unlock directories with the user's login password. + security.pam.enableEcryptfs = mkEnableOption "eCryptfs PAM module (mounting ecryptfs home directory on login)"; + security.pam.enableFscrypt = mkEnableOption '' + fscrypt, to automatically unlock directories with the user's login password. This also enables a service at security.pam.services.fscrypt which is used by fscrypt to verify the user's password when setting up a new protector. If you use something other than pam_unix to verify user passwords, please remember to - adjust this PAM service. - ''); + adjust this PAM service + ''; users.motd = mkOption { default = null; example = "Today is Sweetmorn, the 4th day of The Aftermath in the YOLD 3178."; type = types.nullOr types.lines; - description = lib.mdDoc "Message of the day shown to users when they log in."; + description = "Message of the day shown to users when they log in."; }; users.motdFile = mkOption { default = null; example = "/etc/motd"; type = types.nullOr types.path; - description = lib.mdDoc "A file containing the message of the day shown to users when they log in."; + description = "A file containing the message of the day shown to users when they log in."; }; }; diff --git a/nixpkgs/nixos/modules/security/pam_mount.nix b/nixpkgs/nixos/modules/security/pam_mount.nix index 26f906f2a76a..bc0c5c5fbfbc 100644 --- a/nixpkgs/nixos/modules/security/pam_mount.nix +++ b/nixpkgs/nixos/modules/security/pam_mount.nix @@ -23,7 +23,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable PAM mount system to mount filesystems on user login. ''; }; @@ -31,7 +31,7 @@ in extraVolumes = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' List of volume definitions for pam_mount. For more information, visit <https://pam-mount.sourceforge.net/pam_mount.conf.5.html>. ''; @@ -41,7 +41,7 @@ in type = types.listOf types.package; default = []; example = literalExpression "[ pkgs.bindfs ]"; - description = lib.mdDoc '' + description = '' Additional programs to include in the search path of pam_mount. Useful for example if you want to use some FUSE filesystems like bindfs. ''; @@ -53,7 +53,7 @@ in example = literalExpression '' [ "allow_discard" ] ''; - description = lib.mdDoc '' + description = '' Global mount options that apply to every crypt volume. You can define volume-specific options in the volume definitions. ''; @@ -65,7 +65,7 @@ in example = literalExpression '' [ "nodev" "nosuid" "force-user=%(USER)" "gid=%(USERGID)" "perms=0700" "chmod-deny" "chown-deny" "chgrp-deny" ] ''; - description = lib.mdDoc '' + description = '' Global mount options that apply to every FUSE volume. You can define volume-specific options in the volume definitions. ''; @@ -75,7 +75,7 @@ in type = types.int; default = 0; example = 1; - description = lib.mdDoc '' + description = '' Sets the Debug-Level. 0 disables debugging, 1 enables pam_mount tracing, and 2 additionally enables tracing in mount.crypt. The default is 0. For more information, visit <https://pam-mount.sourceforge.net/pam_mount.conf.5.html>. @@ -85,7 +85,7 @@ in logoutWait = mkOption { type = types.int; default = 0; - description = lib.mdDoc '' + description = '' Amount of microseconds to wait until killing remaining processes after final logout. For more information, visit <https://pam-mount.sourceforge.net/pam_mount.conf.5.html>. @@ -95,7 +95,7 @@ in logoutHup = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Kill remaining processes after logout by sending a SIGHUP. ''; }; @@ -103,7 +103,7 @@ in logoutTerm = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Kill remaining processes after logout by sending a SIGTERM. ''; }; @@ -111,7 +111,7 @@ in logoutKill = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Kill remaining processes after logout by sending a SIGKILL. ''; }; @@ -119,7 +119,7 @@ in createMountPoints = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Create mountpoints for volumes if they do not exist. ''; }; @@ -127,7 +127,7 @@ in removeCreatedMountPoints = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Remove mountpoints created by pam_mount after logout. This only affects mountpoints that have been created by pam_mount in the same session. diff --git a/nixpkgs/nixos/modules/security/please.nix b/nixpkgs/nixos/modules/security/please.nix index ff4bfc9f1be1..39df5dfd50d5 100644 --- a/nixpkgs/nixos/modules/security/please.nix +++ b/nixpkgs/nixos/modules/security/please.nix @@ -8,17 +8,17 @@ let in { options.security.please = { - enable = mkEnableOption (mdDoc '' + enable = mkEnableOption '' please, a Sudo clone which allows a users to execute a command or edit a file as another user - ''); + ''; package = mkPackageOption pkgs "please" { }; wheelNeedsPassword = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether users of the `wheel` group must provide a password to run commands or edit files with {command}`please` and {command}`pleaseedit` respectively. @@ -45,7 +45,7 @@ in require_pass = true; }; }; - description = mdDoc '' + description = '' Please configuration. Refer to <https://github.com/edneville/please/blob/master/please.ini.md> for details. diff --git a/nixpkgs/nixos/modules/security/polkit.nix b/nixpkgs/nixos/modules/security/polkit.nix index 327f49c0b637..f7ee4f0068dd 100644 --- a/nixpkgs/nixos/modules/security/polkit.nix +++ b/nixpkgs/nixos/modules/security/polkit.nix @@ -12,9 +12,9 @@ in options = { - security.polkit.enable = mkEnableOption (lib.mdDoc "polkit"); + security.polkit.enable = mkEnableOption "polkit"; - security.polkit.debug = mkEnableOption (lib.mdDoc "debug logs from polkit. This is required in order to see log messages from rule definitions"); + security.polkit.debug = mkEnableOption "debug logs from polkit. This is required in order to see log messages from rule definitions"; security.polkit.extraConfig = mkOption { type = types.lines; @@ -32,7 +32,7 @@ in if (subject.local) return "yes"; }); ''; - description = lib.mdDoc + description = '' Any polkit rules to be added to config (in JavaScript ;-). See: <https://www.freedesktop.org/software/polkit/docs/latest/polkit.8.html#polkit-rules> @@ -43,7 +43,7 @@ in type = types.listOf types.str; default = [ "unix-group:wheel" ]; example = [ "unix-user:alice" "unix-group:admin" ]; - description = lib.mdDoc + description = '' Specifies which users are considered “administrators”, for those actions that require the user to authenticate as an diff --git a/nixpkgs/nixos/modules/security/rtkit.nix b/nixpkgs/nixos/modules/security/rtkit.nix index 0f58b4dce84a..ad8746808e85 100644 --- a/nixpkgs/nixos/modules/security/rtkit.nix +++ b/nixpkgs/nixos/modules/security/rtkit.nix @@ -12,7 +12,7 @@ with lib; security.rtkit.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the RealtimeKit system service, which hands out realtime scheduling priority to user processes on demand. For example, the PulseAudio server uses this to diff --git a/nixpkgs/nixos/modules/security/sudo-rs.nix b/nixpkgs/nixos/modules/security/sudo-rs.nix index b4376562c34d..6ccf42ed7f08 100644 --- a/nixpkgs/nixos/modules/security/sudo-rs.nix +++ b/nixpkgs/nixos/modules/security/sudo-rs.nix @@ -33,23 +33,23 @@ in defaultOptions = mkOption { type = with types; listOf str; default = []; - description = mdDoc '' + description = '' Options used for the default rules, granting `root` and the `wheel` group permission to run any command as any user. ''; }; - enable = mkEnableOption (mdDoc '' + enable = mkEnableOption '' a memory-safe implementation of the {command}`sudo` command, which allows non-root users to execute commands as root. - ''); + ''; package = mkPackageOption pkgs "sudo-rs" { }; wheelNeedsPassword = mkOption { type = types.bool; default = true; - description = mdDoc '' + description = '' Whether users of the `wheel` group must provide a password to run commands as super user via {command}`sudo`. ''; @@ -58,7 +58,7 @@ in execWheelOnly = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Only allow members of the `wheel` group to execute sudo by setting the executable's permissions accordingly. This prevents users that are not members of `wheel` from @@ -70,14 +70,14 @@ in type = types.lines; # Note: if syntax errors are detected in this file, the NixOS # configuration will fail to build. - description = mdDoc '' + description = '' This string contains the contents of the {file}`sudoers` file. ''; }; extraRules = mkOption { - description = mdDoc '' + description = '' Define specific rules to be in the {file}`sudoers` file. More specific rules should come after more general ones in order to yield the expected behavior. You can use mkBefore/mkAfter to ensure @@ -107,7 +107,7 @@ in options = { users = mkOption { type = with types; listOf (either str int); - description = mdDoc '' + description = '' The usernames / UIDs this rule should apply for. ''; default = []; @@ -115,7 +115,7 @@ in groups = mkOption { type = with types; listOf (either str int); - description = mdDoc '' + description = '' The groups / GIDs this rule should apply for. ''; default = []; @@ -124,7 +124,7 @@ in host = mkOption { type = types.str; default = "ALL"; - description = mdDoc '' + description = '' For what host this rule should apply. ''; }; @@ -132,7 +132,7 @@ in runAs = mkOption { type = with types; str; default = "ALL:ALL"; - description = mdDoc '' + description = '' Under which user/group the specified command is allowed to run. A user can be specified using just the username: `"foo"`. @@ -142,7 +142,7 @@ in }; commands = mkOption { - description = mdDoc '' + description = '' The commands for which the rule should apply. ''; type = with types; listOf (either str (submodule { @@ -150,7 +150,7 @@ in options = { command = mkOption { type = with types; str; - description = mdDoc '' + description = '' A command being either just a path to a binary to allow any arguments, the full command with arguments pre-set or with `""` used as the argument, not allowing arguments to the command at all. @@ -159,7 +159,7 @@ in options = mkOption { type = with types; listOf (enum [ "NOPASSWD" "PASSWD" "NOEXEC" "EXEC" "SETENV" "NOSETENV" "LOG_INPUT" "NOLOG_INPUT" "LOG_OUTPUT" "NOLOG_OUTPUT" ]); - description = mdDoc '' + description = '' Options for running the command. Refer to the [sudo manual](https://www.sudo.ws/man/1.7.10/sudoers.man.html). ''; default = []; @@ -175,7 +175,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = mdDoc '' + description = '' Extra configuration text appended to {file}`sudoers`. ''; }; diff --git a/nixpkgs/nixos/modules/security/sudo.nix b/nixpkgs/nixos/modules/security/sudo.nix index 6aa9445eab65..2959efd05091 100644 --- a/nixpkgs/nixos/modules/security/sudo.nix +++ b/nixpkgs/nixos/modules/security/sudo.nix @@ -33,7 +33,7 @@ in defaultOptions = mkOption { type = with types; listOf str; default = [ "SETENV" ]; - description = mdDoc '' + description = '' Options used for the default rules, granting `root` and the `wheel` group permission to run any command as any user. ''; @@ -42,8 +42,7 @@ in enable = mkOption { type = types.bool; default = true; - description = - lib.mdDoc '' + description = '' Whether to enable the {command}`sudo` command, which allows non-root users to execute commands as root. ''; @@ -54,7 +53,7 @@ in wheelNeedsPassword = mkOption { type = types.bool; default = true; - description = mdDoc '' + description = '' Whether users of the `wheel` group must provide a password to run commands as super user via {command}`sudo`. ''; @@ -63,7 +62,7 @@ in execWheelOnly = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Only allow members of the `wheel` group to execute sudo by setting the executable's permissions accordingly. This prevents users that are not members of `wheel` from @@ -75,14 +74,14 @@ in type = types.lines; # Note: if syntax errors are detected in this file, the NixOS # configuration will fail to build. - description = mdDoc '' + description = '' This string contains the contents of the {file}`sudoers` file. ''; }; extraRules = mkOption { - description = mdDoc '' + description = '' Define specific rules to be in the {file}`sudoers` file. More specific rules should come after more general ones in order to yield the expected behavior. You can use mkBefore/mkAfter to ensure @@ -112,7 +111,7 @@ in options = { users = mkOption { type = with types; listOf (either str int); - description = mdDoc '' + description = '' The usernames / UIDs this rule should apply for. ''; default = []; @@ -120,7 +119,7 @@ in groups = mkOption { type = with types; listOf (either str int); - description = mdDoc '' + description = '' The groups / GIDs this rule should apply for. ''; default = []; @@ -129,7 +128,7 @@ in host = mkOption { type = types.str; default = "ALL"; - description = mdDoc '' + description = '' For what host this rule should apply. ''; }; @@ -137,7 +136,7 @@ in runAs = mkOption { type = with types; str; default = "ALL:ALL"; - description = mdDoc '' + description = '' Under which user/group the specified command is allowed to run. A user can be specified using just the username: `"foo"`. @@ -147,7 +146,7 @@ in }; commands = mkOption { - description = mdDoc '' + description = '' The commands for which the rule should apply. ''; type = with types; listOf (either str (submodule { @@ -155,7 +154,7 @@ in options = { command = mkOption { type = with types; str; - description = mdDoc '' + description = '' A command being either just a path to a binary to allow any arguments, the full command with arguments pre-set or with `""` used as the argument, not allowing arguments to the command at all. @@ -163,9 +162,9 @@ in }; options = mkOption { - type = with types; listOf (enum [ "NOPASSWD" "PASSWD" "NOEXEC" "EXEC" "SETENV" "NOSETENV" "LOG_INPUT" "NOLOG_INPUT" "LOG_OUTPUT" "NOLOG_OUTPUT" ]); - description = mdDoc '' - Options for running the command. Refer to the [sudo manual](https://www.sudo.ws/man/1.7.10/sudoers.man.html). + type = with types; listOf (enum [ "NOPASSWD" "PASSWD" "NOEXEC" "EXEC" "SETENV" "NOSETENV" "LOG_INPUT" "NOLOG_INPUT" "LOG_OUTPUT" "NOLOG_OUTPUT" "MAIL" "NOMAIL" "FOLLOW" "NOFLLOW" "INTERCEPT" "NOINTERCEPT"]); + description = '' + Options for running the command. Refer to the [sudo manual](https://www.sudo.ws/docs/man/1.9.15/sudoers.man/#Tag_Spec). ''; default = []; }; @@ -180,7 +179,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = mdDoc '' + description = '' Extra configuration text appended to {file}`sudoers`. ''; }; diff --git a/nixpkgs/nixos/modules/security/systemd-confinement.nix b/nixpkgs/nixos/modules/security/systemd-confinement.nix index cdf6c22ef1b6..0304749b8d10 100644 --- a/nixpkgs/nixos/modules/security/systemd-confinement.nix +++ b/nixpkgs/nixos/modules/security/systemd-confinement.nix @@ -10,7 +10,7 @@ in { options.confinement.enable = lib.mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' If set, all the required runtime store paths for this service are bind-mounted into a `tmpfs`-based {manpage}`chroot(2)`. @@ -20,7 +20,7 @@ in { options.confinement.fullUnit = lib.mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to include the full closure of the systemd unit file into the chroot, instead of just the dependencies for the executables. @@ -39,7 +39,7 @@ in { default = []; description = let mkScOption = optName: "{option}`serviceConfig.${optName}`"; - in lib.mdDoc '' + in '' Additional packages or strings with context to add to the closure of the chroot. By default, this includes all the packages from the ${lib.concatMapStringsSep ", " mkScOption [ @@ -63,7 +63,7 @@ in { default = toplevelConfig.environment.binsh; defaultText = lib.literalExpression "config.environment.binsh"; example = lib.literalExpression ''"''${pkgs.dash}/bin/dash"''; - description = lib.mdDoc '' + description = '' The program to make available as {file}`/bin/sh` inside the chroot. If this is set to `null`, no {file}`/bin/sh` is provided at all. @@ -76,7 +76,7 @@ in { options.confinement.mode = lib.mkOption { type = types.enum [ "full-apivfs" "chroot-only" ]; default = "full-apivfs"; - description = lib.mdDoc '' + description = '' The value `full-apivfs` (the default) sets up private {file}`/dev`, {file}`/proc`, {file}`/sys` and {file}`/tmp` file systems in a separate user diff --git a/nixpkgs/nixos/modules/security/tpm2.nix b/nixpkgs/nixos/modules/security/tpm2.nix index 708c3a69d174..bd3c8a5b0c43 100644 --- a/nixpkgs/nixos/modules/security/tpm2.nix +++ b/nixpkgs/nixos/modules/security/tpm2.nix @@ -17,10 +17,10 @@ let in { options.security.tpm2 = { - enable = lib.mkEnableOption (lib.mdDoc "Trusted Platform Module 2 support"); + enable = lib.mkEnableOption "Trusted Platform Module 2 support"; tssUser = lib.mkOption { - description = lib.mdDoc '' + description = '' Name of the tpm device-owner and service user, set if applyUdevRules is set. ''; @@ -30,7 +30,7 @@ in { }; tssGroup = lib.mkOption { - description = lib.mdDoc '' + description = '' Group of the tpm kernel resource manager (tpmrm) device-group, set if applyUdevRules is set. ''; @@ -39,7 +39,7 @@ in { }; applyUdevRules = lib.mkOption { - description = lib.mdDoc '' + description = '' Whether to make the /dev/tpm[0-9] devices accessible by the tssUser, or the /dev/tpmrm[0-9] by tssGroup respectively ''; @@ -48,12 +48,12 @@ in { }; abrmd = { - enable = lib.mkEnableOption (lib.mdDoc '' + enable = lib.mkEnableOption '' Trusted Platform 2 userspace resource manager daemon - ''); + ''; package = lib.mkOption { - description = lib.mdDoc "tpm2-abrmd package to use"; + description = "tpm2-abrmd package to use"; type = lib.types.package; default = pkgs.tpm2-abrmd; defaultText = lib.literalExpression "pkgs.tpm2-abrmd"; @@ -61,13 +61,13 @@ in { }; pkcs11 = { - enable = lib.mkEnableOption (lib.mdDoc '' + enable = lib.mkEnableOption '' TPM2 PKCS#11 tool and shared library in system path (`/run/current-system/sw/lib/libtpm2_pkcs11.so`) - ''); + ''; package = lib.mkOption { - description = lib.mdDoc "tpm2-pkcs11 package to use"; + description = "tpm2-pkcs11 package to use"; type = lib.types.package; default = pkgs.tpm2-pkcs11; defaultText = lib.literalExpression "pkgs.tpm2-pkcs11"; @@ -76,7 +76,7 @@ in { tctiEnvironment = { enable = lib.mkOption { - description = lib.mdDoc '' + description = '' Set common TCTI environment variables to the specified value. The variables are - `TPM2TOOLS_TCTI` @@ -87,7 +87,7 @@ in { }; interface = lib.mkOption { - description = lib.mdDoc '' + description = '' The name of the TPM command transmission interface (TCTI) library to use. ''; @@ -96,7 +96,7 @@ in { }; deviceConf = lib.mkOption { - description = lib.mdDoc '' + description = '' Configuration part of the device TCTI, e.g. the path to the TPM device. Applies if interface is set to "device". The format is specified in the @@ -108,7 +108,7 @@ in { }; tabrmdConf = lib.mkOption { - description = lib.mdDoc '' + description = '' Configuration part of the tabrmd TCTI, like the D-Bus bus name. Applies if interface is set to "tabrmd". The format is specified in the diff --git a/nixpkgs/nixos/modules/security/wrappers/default.nix b/nixpkgs/nixos/modules/security/wrappers/default.nix index a298686b34e9..606b620ef120 100644 --- a/nixpkgs/nixos/modules/security/wrappers/default.nix +++ b/nixpkgs/nixos/modules/security/wrappers/default.nix @@ -43,28 +43,28 @@ let wrapperType = lib.types.submodule ({ name, config, ... }: { options.source = lib.mkOption { type = lib.types.path; - description = lib.mdDoc "The absolute path to the program to be wrapped."; + description = "The absolute path to the program to be wrapped."; }; options.program = lib.mkOption { type = with lib.types; nullOr str; default = name; - description = lib.mdDoc '' + description = '' The name of the wrapper program. Defaults to the attribute name. ''; }; options.owner = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "The owner of the wrapper program."; + description = "The owner of the wrapper program."; }; options.group = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "The group of the wrapper program."; + description = "The group of the wrapper program."; }; options.permissions = lib.mkOption { type = fileModeType; default = "u+rx,g+x,o+x"; example = "a+rx"; - description = lib.mdDoc '' + description = '' The permissions of the wrapper program. The format is that of a symbolic or numeric file mode understood by {command}`chmod`. ''; @@ -72,7 +72,7 @@ let options.capabilities = lib.mkOption { type = lib.types.commas; default = ""; - description = lib.mdDoc '' + description = '' A comma-separated list of capability clauses to be given to the wrapper program. The format for capability clauses is described in the “TEXTUAL REPRESENTATION” section of the {manpage}`cap_from_text(3)` @@ -92,12 +92,12 @@ let options.setuid = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc "Whether to add the setuid bit the wrapper program."; + description = "Whether to add the setuid bit the wrapper program."; }; options.setgid = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc "Whether to add the setgid bit the wrapper program."; + description = "Whether to add the setgid bit the wrapper program."; }; }); @@ -196,7 +196,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' This option effectively allows adding setuid/setgid bits, capabilities, changing file ownership and permissions of a program without directly modifying it. This works by creating a wrapper program under the @@ -209,7 +209,7 @@ in default = "50%"; example = "10G"; type = lib.types.str; - description = lib.mdDoc '' + description = '' Size limit for the /run/wrappers tmpfs. Look at mount(8), tmpfs size option, for the accepted syntax. WARNING: don't set to less than 64MB. ''; @@ -219,7 +219,7 @@ in type = lib.types.path; default = "/run/wrappers/bin"; internal = true; - description = lib.mdDoc '' + description = '' This option defines the path to the wrapper programs. It should not be overridden. ''; diff --git a/nixpkgs/nixos/modules/services/admin/docuum.nix b/nixpkgs/nixos/modules/services/admin/docuum.nix new file mode 100644 index 000000000000..6f6cd4e02733 --- /dev/null +++ b/nixpkgs/nixos/modules/services/admin/docuum.nix @@ -0,0 +1,45 @@ +{ config, pkgs, lib, utils, ... }: + +let + cfg = config.services.docuum; + inherit (lib) mkIf mkEnableOption mkOption getExe types; +in +{ + options.services.docuum = { + enable = mkEnableOption "docuum daemon"; + + threshold = mkOption { + description = "Threshold for deletion in bytes, like `10 GB`, `10 GiB`, `10GB` or percentage-based thresholds like `50%`"; + type = types.str; + default = "10 GB"; + example = "50%"; + }; + }; + + config = mkIf cfg.enable { + assertions = [ + { + assertion = config.virtualisation.docker.enable; + message = "docuum requires docker on the host"; + } + ]; + + systemd.services.docuum = { + after = [ "docker.socket" ]; + requires = [ "docker.socket" ]; + wantedBy = [ "multi-user.target" ]; + path = [ config.virtualisation.docker.package ]; + environment.HOME = "/var/lib/docuum"; + + serviceConfig = { + DynamicUser = true; + StateDirectory = "docuum"; + SupplementaryGroups = [ "docker" ]; + ExecStart = utils.escapeSystemdExecArgs [ + (getExe pkgs.docuum) + "--threshold" cfg.threshold + ]; + }; + }; + }; +} diff --git a/nixpkgs/nixos/modules/services/admin/meshcentral.nix b/nixpkgs/nixos/modules/services/admin/meshcentral.nix index d056356568da..25779e01123e 100644 --- a/nixpkgs/nixos/modules/services/admin/meshcentral.nix +++ b/nixpkgs/nixos/modules/services/admin/meshcentral.nix @@ -5,10 +5,10 @@ let configFile = configFormat.generate "meshcentral-config.json" cfg.settings; in with lib; { options.services.meshcentral = with types; { - enable = mkEnableOption (lib.mdDoc "MeshCentral computer management server"); + enable = mkEnableOption "MeshCentral computer management server"; package = mkPackageOption pkgs "meshcentral" { }; settings = mkOption { - description = lib.mdDoc '' + description = '' Settings for MeshCentral. Refer to upstream documentation for details: - [JSON Schema definition](https://github.com/Ylianst/MeshCentral/blob/master/meshcentral-config-schema.json) diff --git a/nixpkgs/nixos/modules/services/admin/oxidized.nix b/nixpkgs/nixos/modules/services/admin/oxidized.nix index 56f33031498a..49ea3ced76a4 100644 --- a/nixpkgs/nixos/modules/services/admin/oxidized.nix +++ b/nixpkgs/nixos/modules/services/admin/oxidized.nix @@ -7,12 +7,12 @@ let in { options.services.oxidized = { - enable = mkEnableOption (lib.mdDoc "the oxidized configuration backup service"); + enable = mkEnableOption "the oxidized configuration backup service"; user = mkOption { type = types.str; default = "oxidized"; - description = lib.mdDoc '' + description = '' User under which the oxidized service runs. ''; }; @@ -20,7 +20,7 @@ in group = mkOption { type = types.str; default = "oxidized"; - description = lib.mdDoc '' + description = '' Group under which the oxidized service runs. ''; }; @@ -28,7 +28,7 @@ in dataDir = mkOption { type = types.path; default = "/var/lib/oxidized"; - description = lib.mdDoc "State directory for the oxidized service."; + description = "State directory for the oxidized service."; }; configFile = mkOption { @@ -62,7 +62,7 @@ in # ... additional config '''; ''; - description = lib.mdDoc '' + description = '' Path to the oxidized configuration file. ''; }; @@ -76,7 +76,7 @@ in # ... additional hosts ''' ''; - description = lib.mdDoc '' + description = '' Path to the file/database which contains the targets for oxidized. ''; }; diff --git a/nixpkgs/nixos/modules/services/admin/pgadmin.nix b/nixpkgs/nixos/modules/services/admin/pgadmin.nix index 20b6b6670d9c..ead0c3c6c9a3 100644 --- a/nixpkgs/nixos/modules/services/admin/pgadmin.nix +++ b/nixpkgs/nixos/modules/services/admin/pgadmin.nix @@ -27,10 +27,10 @@ let in { options.services.pgadmin = { - enable = mkEnableOption (lib.mdDoc "PostgreSQL Admin 4"); + enable = mkEnableOption "PostgreSQL Admin 4"; port = mkOption { - description = lib.mdDoc "Port for pgadmin4 to run on"; + description = "Port for pgadmin4 to run on"; type = types.port; default = 5050; }; @@ -38,12 +38,12 @@ in package = mkPackageOptionMD pkgs "pgadmin4" { }; initialEmail = mkOption { - description = lib.mdDoc "Initial email for the pgAdmin account"; + description = "Initial email for the pgAdmin account"; type = types.str; }; initialPasswordFile = mkOption { - description = lib.mdDoc '' + description = '' Initial password file for the pgAdmin account. Minimum length by default is 6. Please see `services.pgadmin.minimumPasswordLength`. NOTE: Should be string not a store path, to prevent the password from being world readable @@ -52,53 +52,53 @@ in }; minimumPasswordLength = mkOption { - description = lib.mdDoc "Minimum length of the password"; + description = "Minimum length of the password"; type = types.int; default = 6; }; emailServer = { enable = mkOption { - description = lib.mdDoc '' + description = '' Enable SMTP email server. This is necessary, if you want to use password recovery or change your own password ''; type = types.bool; default = false; }; address = mkOption { - description = lib.mdDoc "SMTP server for email delivery"; + description = "SMTP server for email delivery"; type = types.str; default = "localhost"; }; port = mkOption { - description = lib.mdDoc "SMTP server port for email delivery"; + description = "SMTP server port for email delivery"; type = types.port; default = 25; }; useSSL = mkOption { - description = lib.mdDoc "SMTP server should use SSL"; + description = "SMTP server should use SSL"; type = types.bool; default = false; }; useTLS = mkOption { - description = lib.mdDoc "SMTP server should use TLS"; + description = "SMTP server should use TLS"; type = types.bool; default = false; }; username = mkOption { - description = lib.mdDoc "SMTP server username for email delivery"; + description = "SMTP server username for email delivery"; type = types.nullOr types.str; default = null; }; sender = mkOption { - description = lib.mdDoc '' + description = '' SMTP server sender email for email delivery. Some servers require this to be a valid email address from that server ''; type = types.str; example = "noreply@example.com"; }; passwordFile = mkOption { - description = lib.mdDoc '' + description = '' Password for SMTP email account. NOTE: Should be string not a store path, to prevent the password from being world readable ''; @@ -106,10 +106,10 @@ in }; }; - openFirewall = mkEnableOption (lib.mdDoc "firewall passthrough for pgadmin4"); + openFirewall = mkEnableOption "firewall passthrough for pgadmin4"; settings = mkOption { - description = lib.mdDoc '' + description = '' Settings for pgadmin4. [Documentation](https://www.pgadmin.org/docs/pgadmin4/development/config_py.html) ''; diff --git a/nixpkgs/nixos/modules/services/admin/salt/master.nix b/nixpkgs/nixos/modules/services/admin/salt/master.nix index 4346022970e1..c447540da1f8 100644 --- a/nixpkgs/nixos/modules/services/admin/salt/master.nix +++ b/nixpkgs/nixos/modules/services/admin/salt/master.nix @@ -20,11 +20,11 @@ in { options = { services.salt.master = { - enable = mkEnableOption (lib.mdDoc "Salt master service"); + enable = mkEnableOption "Salt configuration management system master service"; configuration = mkOption { type = types.attrs; default = {}; - description = lib.mdDoc "Salt master configuration as Nix attribute set."; + description = "Salt master configuration as Nix attribute set."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/admin/salt/minion.nix b/nixpkgs/nixos/modules/services/admin/salt/minion.nix index 3ae02a4cc5d5..5d4efc6541c7 100644 --- a/nixpkgs/nixos/modules/services/admin/salt/minion.nix +++ b/nixpkgs/nixos/modules/services/admin/salt/minion.nix @@ -21,11 +21,11 @@ in { options = { services.salt.minion = { - enable = mkEnableOption (lib.mdDoc "Salt minion service"); + enable = mkEnableOption "Salt configuration management system minion service"; configuration = mkOption { type = types.attrs; default = {}; - description = lib.mdDoc '' + description = '' Salt minion configuration as Nix attribute set. See <https://docs.saltstack.com/en/latest/ref/configuration/minion.html> for details. diff --git a/nixpkgs/nixos/modules/services/amqp/activemq/default.nix b/nixpkgs/nixos/modules/services/amqp/activemq/default.nix index b1f9b7a3bb1f..5c886161e44c 100644 --- a/nixpkgs/nixos/modules/services/amqp/activemq/default.nix +++ b/nixpkgs/nixos/modules/services/amqp/activemq/default.nix @@ -26,7 +26,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable the Apache ActiveMQ message broker service. ''; }; @@ -34,7 +34,7 @@ in default = "${activemq}/conf"; defaultText = literalExpression ''"''${pkgs.activemq}/conf"''; type = types.str; - description = lib.mdDoc '' + description = '' The base directory for ActiveMQ's configuration. By default, this directory is searched for a file named activemq.xml, which should contain the configuration for the broker service. @@ -43,7 +43,7 @@ in configurationURI = mkOption { type = types.str; default = "xbean:activemq.xml"; - description = lib.mdDoc '' + description = '' The URI that is passed along to the BrokerFactory to set up the configuration of the ActiveMQ broker service. You should not need to change this. For custom configuration, @@ -54,7 +54,7 @@ in baseDir = mkOption { type = types.str; default = "/var/activemq"; - description = lib.mdDoc '' + description = '' The base directory where ActiveMQ stores its persistent data and logs. This will be overridden if you set "activemq.base" and "activemq.data" in the `javaProperties` option. You can also override @@ -75,7 +75,7 @@ in "activemq.conf" = "${cfg.configurationDir}"; "activemq.home" = "${activemq}"; } // attrs; - description = lib.mdDoc '' + description = '' Specifies Java properties that are sent to the ActiveMQ broker service with the "-D" option. You can set properties here to change the behaviour and configuration of the broker. @@ -87,7 +87,7 @@ in type = types.separatedString " "; default = ""; example = "-Xmx2G -Xms2G -XX:MaxPermSize=512M"; - description = lib.mdDoc '' + description = '' Add extra options here that you want to be sent to the Java runtime when the broker service is started. ''; diff --git a/nixpkgs/nixos/modules/services/amqp/rabbitmq.nix b/nixpkgs/nixos/modules/services/amqp/rabbitmq.nix index f2dee07c91ab..b5aebaaf1275 100644 --- a/nixpkgs/nixos/modules/services/amqp/rabbitmq.nix +++ b/nixpkgs/nixos/modules/services/amqp/rabbitmq.nix @@ -29,7 +29,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the RabbitMQ server, an Advanced Message Queuing Protocol (AMQP) broker. ''; @@ -40,7 +40,7 @@ in listenAddress = mkOption { default = "127.0.0.1"; example = ""; - description = lib.mdDoc '' + description = '' IP address on which RabbitMQ will listen for AMQP connections. Set to the empty string to listen on all interfaces. Note that RabbitMQ creates a user named @@ -57,7 +57,7 @@ in port = mkOption { default = 5672; - description = lib.mdDoc '' + description = '' Port on which RabbitMQ will listen for AMQP connections. ''; type = types.port; @@ -66,7 +66,7 @@ in dataDir = mkOption { type = types.path; default = "/var/lib/rabbitmq"; - description = lib.mdDoc '' + description = '' Data directory for rabbitmq. ''; }; @@ -74,7 +74,7 @@ in unsafeCookie = mkOption { default = ""; type = types.str; - description = lib.mdDoc '' + description = '' Erlang cookie is a string of arbitrary length which must be the same for several nodes to be allowed to communicate. Leave empty to generate automatically. @@ -95,7 +95,7 @@ in "auth_backends.1.authz" = "rabbit_auth_backend_internal"; } ''; - description = lib.mdDoc '' + description = '' Configuration options in RabbitMQ's new config file format, which is a simple key-value format that can not express nested data structures. This is known as the `rabbitmq.conf` file, @@ -115,7 +115,7 @@ in config = mkOption { default = ""; type = types.str; - description = lib.mdDoc '' + description = '' Verbatim advanced configuration file contents using the Erlang syntax. This is also known as the `advanced.config` file or the old config format. @@ -133,21 +133,21 @@ in plugins = mkOption { default = [ ]; type = types.listOf types.str; - description = lib.mdDoc "The names of plugins to enable"; + description = "The names of plugins to enable"; }; pluginDirs = mkOption { default = [ ]; type = types.listOf types.path; - description = lib.mdDoc "The list of directories containing external plugins"; + description = "The list of directories containing external plugins"; }; managementPlugin = { - enable = mkEnableOption (lib.mdDoc "the management plugin"); + enable = mkEnableOption "the management plugin"; port = mkOption { default = 15672; type = types.port; - description = lib.mdDoc '' + description = '' On which port to run the management plugin ''; }; diff --git a/nixpkgs/nixos/modules/services/audio/alsa.nix b/nixpkgs/nixos/modules/services/audio/alsa.nix index 155780199fd6..e53da4b64e7b 100644 --- a/nixpkgs/nixos/modules/services/audio/alsa.nix +++ b/nixpkgs/nixos/modules/services/audio/alsa.nix @@ -25,7 +25,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable ALSA sound. ''; }; @@ -33,7 +33,7 @@ in enableOSSEmulation = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable ALSA OSS emulation (with certain cards sound mixing may not work!). ''; }; @@ -44,7 +44,7 @@ in example = '' defaults.pcm.!card 3 ''; - description = lib.mdDoc '' + description = '' Set addition configuration for system-wide alsa. ''; }; @@ -54,7 +54,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable volume and capture control with keyboard media keys. You want to leave this disabled if you run a desktop environment @@ -70,7 +70,7 @@ in type = types.str; default = "1"; example = "1%"; - description = lib.mdDoc '' + description = '' The value by which to increment/decrement volume on media keys. See amixer(1) for allowed values. diff --git a/nixpkgs/nixos/modules/services/audio/botamusique.nix b/nixpkgs/nixos/modules/services/audio/botamusique.nix index 42227cb14722..c764a79b1166 100644 --- a/nixpkgs/nixos/modules/services/audio/botamusique.nix +++ b/nixpkgs/nixos/modules/services/audio/botamusique.nix @@ -12,7 +12,7 @@ in meta.maintainers = with lib.maintainers; [ hexa ]; options.services.botamusique = { - enable = mkEnableOption (lib.mdDoc "botamusique, a bot to play audio streams on mumble"); + enable = mkEnableOption "botamusique, a bot to play audio streams on mumble"; package = mkPackageOption pkgs "botamusique" { }; @@ -24,30 +24,30 @@ in type = types.str; default = "localhost"; example = "mumble.example.com"; - description = lib.mdDoc "Hostname of the mumble server to connect to."; + description = "Hostname of the mumble server to connect to."; }; server.port = mkOption { type = types.port; default = 64738; - description = lib.mdDoc "Port of the mumble server to connect to."; + description = "Port of the mumble server to connect to."; }; bot.username = mkOption { type = types.str; default = "botamusique"; - description = lib.mdDoc "Name the bot should appear with."; + description = "Name the bot should appear with."; }; bot.comment = mkOption { type = types.str; default = "Hi, I'm here to play radio, local music or youtube/soundcloud music. Have fun!"; - description = lib.mdDoc "Comment displayed for the bot."; + description = "Comment displayed for the bot."; }; }; }; default = {}; - description = lib.mdDoc '' + description = '' Your {file}`configuration.ini` as a Nix attribute set. Look up possible options in the [configuration.example.ini](https://github.com/azlux/botamusique/blob/master/configuration.example.ini). ''; diff --git a/nixpkgs/nixos/modules/services/audio/gmediarender.nix b/nixpkgs/nixos/modules/services/audio/gmediarender.nix index a4cb89098db7..3f031aeedb7b 100644 --- a/nixpkgs/nixos/modules/services/audio/gmediarender.nix +++ b/nixpkgs/nixos/modules/services/audio/gmediarender.nix @@ -7,12 +7,12 @@ let in { options.services.gmediarender = { - enable = mkEnableOption (mdDoc "the gmediarender DLNA renderer"); + enable = mkEnableOption "the gmediarender DLNA renderer"; audioDevice = mkOption { type = types.nullOr types.str; default = null; - description = mdDoc '' + description = '' The audio device to use. ''; }; @@ -20,7 +20,7 @@ in audioSink = mkOption { type = types.nullOr types.str; default = null; - description = mdDoc '' + description = '' The audio sink to use. ''; }; @@ -28,7 +28,7 @@ in friendlyName = mkOption { type = types.nullOr types.str; default = null; - description = mdDoc '' + description = '' A "friendly name" for identifying the endpoint. ''; }; @@ -36,7 +36,7 @@ in initialVolume = mkOption { type = types.nullOr types.int; default = 0; - description = mdDoc '' + description = '' A default volume attenuation (in dB) for the endpoint. ''; }; @@ -48,13 +48,13 @@ in port = mkOption { type = types.nullOr types.port; default = null; - description = mdDoc "Port that will be used to accept client connections."; + description = "Port that will be used to accept client connections."; }; uuid = mkOption { type = types.nullOr types.str; default = null; - description = mdDoc '' + description = '' A UUID for uniquely identifying the endpoint. If you have multiple renderers on your network, you MUST set this. ''; diff --git a/nixpkgs/nixos/modules/services/audio/gonic.nix b/nixpkgs/nixos/modules/services/audio/gonic.nix index 66daeb60b503..15a35571acba 100644 --- a/nixpkgs/nixos/modules/services/audio/gonic.nix +++ b/nixpkgs/nixos/modules/services/audio/gonic.nix @@ -13,7 +13,7 @@ in options = { services.gonic = { - enable = mkEnableOption (lib.mdDoc "Gonic music server"); + enable = mkEnableOption "Gonic music server"; settings = mkOption rec { type = settingsFormat.type; @@ -28,7 +28,7 @@ in music-path = [ "/mnt/music" ]; podcast-path = "/mnt/podcasts"; }; - description = lib.mdDoc '' + description = '' Configuration for Gonic, see <https://github.com/sentriz/gonic#configuration-options> for supported values. ''; }; @@ -55,6 +55,9 @@ in RuntimeDirectory = "gonic"; RootDirectory = "/run/gonic"; ReadWritePaths = ""; + BindPaths = [ + cfg.settings.playlists-path + ]; BindReadOnlyPaths = [ # gonic can access scrobbling services "-/etc/resolv.conf" diff --git a/nixpkgs/nixos/modules/services/audio/goxlr-utility.nix b/nixpkgs/nixos/modules/services/audio/goxlr-utility.nix index c047dbb221b1..6081b3707f54 100644 --- a/nixpkgs/nixos/modules/services/audio/goxlr-utility.nix +++ b/nixpkgs/nixos/modules/services/audio/goxlr-utility.nix @@ -12,7 +12,7 @@ with lib; enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to enable goxlr-utility for controlling your TC-Helicon GoXLR or GoXLR Mini ''; }; @@ -20,7 +20,7 @@ with lib; autoStart.xdg = mkOption { default = true; type = with types; bool; - description = lib.mdDoc '' + description = '' Start the daemon automatically using XDG autostart. Sets `xdg.autostart.enable = true` if not already enabled. ''; diff --git a/nixpkgs/nixos/modules/services/audio/hqplayerd.nix b/nixpkgs/nixos/modules/services/audio/hqplayerd.nix index d54400b18e30..d6ac8c58c03a 100644 --- a/nixpkgs/nixos/modules/services/audio/hqplayerd.nix +++ b/nixpkgs/nixos/modules/services/audio/hqplayerd.nix @@ -12,13 +12,13 @@ in { options = { services.hqplayerd = { - enable = mkEnableOption (lib.mdDoc "HQPlayer Embedded"); + enable = mkEnableOption "HQPlayer Embedded"; auth = { username = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Username used for HQPlayer's WebUI. Without this you will need to manually create the credentials after @@ -29,7 +29,7 @@ in password = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Password used for HQPlayer's WebUI. Without this you will need to manually create the credentials after @@ -41,7 +41,7 @@ in licenseFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Path to the HQPlayer license key file. Without this, the service will run in trial mode and restart every 30 @@ -52,7 +52,7 @@ in openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Opens ports needed for the WebUI and controller API. ''; }; @@ -60,7 +60,7 @@ in config = mkOption { type = types.nullOr types.lines; default = null; - description = lib.mdDoc '' + description = '' HQplayer daemon configuration, written to /etc/hqplayer/hqplayerd.xml. Refer to share/doc/hqplayerd/readme.txt in the hqplayerd derivation for possible values. diff --git a/nixpkgs/nixos/modules/services/audio/icecast.nix b/nixpkgs/nixos/modules/services/audio/icecast.nix index 63049bd93ab9..9237baa007da 100644 --- a/nixpkgs/nixos/modules/services/audio/icecast.nix +++ b/nixpkgs/nixos/modules/services/audio/icecast.nix @@ -44,11 +44,11 @@ in { services.icecast = { - enable = mkEnableOption (lib.mdDoc "Icecast server"); + enable = mkEnableOption "Icecast server"; hostname = mkOption { type = types.nullOr types.str; - description = lib.mdDoc "DNS name or IP address that will be used for the stream directory lookups or possibly the playlist generation if a Host header is not provided."; + description = "DNS name or IP address that will be used for the stream directory lookups or possibly the playlist generation if a Host header is not provided."; default = config.networking.domain; defaultText = literalExpression "config.networking.domain"; }; @@ -56,51 +56,51 @@ in { admin = { user = mkOption { type = types.str; - description = lib.mdDoc "Username used for all administration functions."; + description = "Username used for all administration functions."; default = "admin"; }; password = mkOption { type = types.str; - description = lib.mdDoc "Password used for all administration functions."; + description = "Password used for all administration functions."; }; }; logDir = mkOption { type = types.path; - description = lib.mdDoc "Base directory used for logging."; + description = "Base directory used for logging."; default = "/var/log/icecast"; }; listen = { port = mkOption { type = types.port; - description = lib.mdDoc "TCP port that will be used to accept client connections."; + description = "TCP port that will be used to accept client connections."; default = 8000; }; address = mkOption { type = types.str; - description = lib.mdDoc "Address Icecast will listen on."; + description = "Address Icecast will listen on."; default = "::"; }; }; user = mkOption { type = types.str; - description = lib.mdDoc "User privileges for the server."; + description = "User privileges for the server."; default = "nobody"; }; group = mkOption { type = types.str; - description = lib.mdDoc "Group privileges for the server."; + description = "Group privileges for the server."; default = "nogroup"; }; extraConf = mkOption { type = types.lines; - description = lib.mdDoc "icecast.xml content."; + description = "icecast.xml content."; default = ""; }; diff --git a/nixpkgs/nixos/modules/services/audio/jack.nix b/nixpkgs/nixos/modules/services/audio/jack.nix index 3869bd974cce..20ba091542fe 100644 --- a/nixpkgs/nixos/modules/services/audio/jack.nix +++ b/nixpkgs/nixos/modules/services/audio/jack.nix @@ -16,9 +16,9 @@ in { options = { services.jack = { jackd = { - enable = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption '' JACK Audio Connection Kit. You need to add yourself to the "jackaudio" group - ''); + ''; package = mkPackageOption pkgs "jack2" { example = "jack1"; @@ -35,14 +35,14 @@ in { example = literalExpression '' [ "-dalsa" "--device" "hw:1" ]; ''; - description = lib.mdDoc '' + description = '' Specifies startup command line arguments to pass to JACK server. ''; }; session = mkOption { type = types.lines; - description = lib.mdDoc '' + description = '' Commands to run after JACK is started. ''; }; @@ -53,7 +53,7 @@ in { enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Route audio to/from generic ALSA-using applications using ALSA JACK PCM plugin. ''; }; @@ -61,7 +61,7 @@ in { support32Bit = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to support sound for 32-bit ALSA applications on 64-bit system. ''; }; @@ -71,7 +71,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Create ALSA loopback device, instead of using PCM plugin. Has broader application support (things like Steam will work), but may need fine-tuning for concrete hardware. @@ -81,14 +81,14 @@ in { index = mkOption { type = types.int; default = 10; - description = lib.mdDoc '' + description = '' Index of an ALSA loopback device. ''; }; config = mkOption { type = types.lines; - description = lib.mdDoc '' + description = '' ALSA config for loopback device. ''; }; @@ -100,7 +100,7 @@ in { period_size 2048 periods 2 ''; - description = lib.mdDoc '' + description = '' For music production software that still doesn't support JACK natively you would like to put buffer/period adjustments here to decrease dmix device latency. @@ -109,7 +109,7 @@ in { session = mkOption { type = types.lines; - description = lib.mdDoc '' + description = '' Additional commands to run to setup loopback device. ''; }; diff --git a/nixpkgs/nixos/modules/services/audio/jmusicbot.nix b/nixpkgs/nixos/modules/services/audio/jmusicbot.nix index e7803677d0fd..5507f4859058 100644 --- a/nixpkgs/nixos/modules/services/audio/jmusicbot.nix +++ b/nixpkgs/nixos/modules/services/audio/jmusicbot.nix @@ -7,13 +7,13 @@ in { options = { services.jmusicbot = { - enable = mkEnableOption (lib.mdDoc "jmusicbot, a Discord music bot that's easy to set up and run yourself"); + enable = mkEnableOption "jmusicbot, a Discord music bot that's easy to set up and run yourself"; package = mkPackageOption pkgs "jmusicbot" { }; stateDir = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' The directory where config.txt and serversettings.json is saved. If left as the default value this directory will automatically be created before JMusicBot starts, otherwise the sysadmin is responsible for ensuring the directory exists with appropriate ownership and permissions. Untouched by the value of this option config.txt needs to be placed manually into this directory. diff --git a/nixpkgs/nixos/modules/services/audio/liquidsoap.nix b/nixpkgs/nixos/modules/services/audio/liquidsoap.nix index 9e61a7979619..bd35e01b60d6 100644 --- a/nixpkgs/nixos/modules/services/audio/liquidsoap.nix +++ b/nixpkgs/nixos/modules/services/audio/liquidsoap.nix @@ -31,8 +31,7 @@ in services.liquidsoap.streams = mkOption { - description = - lib.mdDoc '' + description = '' Set of Liquidsoap streams to start, one systemd service per stream. ''; diff --git a/nixpkgs/nixos/modules/services/audio/mopidy.nix b/nixpkgs/nixos/modules/services/audio/mopidy.nix index 8eebf0f9d1e1..1d6c45b64a16 100644 --- a/nixpkgs/nixos/modules/services/audio/mopidy.nix +++ b/nixpkgs/nixos/modules/services/audio/mopidy.nix @@ -26,12 +26,12 @@ in { services.mopidy = { - enable = mkEnableOption (lib.mdDoc "Mopidy, a music player daemon"); + enable = mkEnableOption "Mopidy, a music player daemon"; dataDir = mkOption { default = "/var/lib/mopidy"; type = types.str; - description = lib.mdDoc '' + description = '' The directory where Mopidy stores its state. ''; }; @@ -40,7 +40,7 @@ in { default = []; type = types.listOf types.package; example = literalExpression "[ pkgs.mopidy-spotify ]"; - description = lib.mdDoc '' + description = '' Mopidy extensions that should be loaded by the service. ''; }; @@ -48,7 +48,7 @@ in { configuration = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' The configuration that Mopidy should use. ''; }; @@ -56,7 +56,7 @@ in { extraConfigFiles = mkOption { default = []; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' Extra config file read by Mopidy when the service starts. Later files in the list overrides earlier configuration. ''; diff --git a/nixpkgs/nixos/modules/services/audio/mpd.nix b/nixpkgs/nixos/modules/services/audio/mpd.nix index 3c853973c872..b5e33f3c0986 100644 --- a/nixpkgs/nixos/modules/services/audio/mpd.nix +++ b/nixpkgs/nixos/modules/services/audio/mpd.nix @@ -56,7 +56,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable MPD, the music player daemon. ''; }; @@ -64,7 +64,7 @@ in { startWhenNeeded = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' If set, {command}`mpd` is socket-activated; that is, instead of having it permanently running as a daemon, systemd will start it on the first incoming connection. @@ -75,7 +75,7 @@ in { type = with types; either path (strMatching "(http|https|nfs|smb)://.+"); default = "${cfg.dataDir}/music"; defaultText = literalExpression ''"''${dataDir}/music"''; - description = lib.mdDoc '' + description = '' The directory or NFS/SMB network share where MPD reads music from. If left as the default value this directory will automatically be created before the MPD server starts, otherwise the sysadmin is responsible for ensuring @@ -87,7 +87,7 @@ in { type = types.path; default = "${cfg.dataDir}/playlists"; defaultText = literalExpression ''"''${dataDir}/playlists"''; - description = lib.mdDoc '' + description = '' The directory where MPD stores playlists. If left as the default value this directory will automatically be created before the MPD server starts, otherwise the sysadmin is responsible for ensuring the directory exists @@ -98,7 +98,7 @@ in { extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra directives added to to the end of MPD's configuration file, mpd.conf. Basic configuration like file location and uid/gid is added automatically to the beginning of the file. For available @@ -109,7 +109,7 @@ in { dataDir = mkOption { type = types.path; default = "/var/lib/${name}"; - description = lib.mdDoc '' + description = '' The directory where MPD stores its state, tag cache, playlists etc. If left as the default value this directory will automatically be created before the MPD server starts, otherwise the sysadmin is responsible for @@ -120,13 +120,13 @@ in { user = mkOption { type = types.str; default = name; - description = lib.mdDoc "User account under which MPD runs."; + description = "User account under which MPD runs."; }; group = mkOption { type = types.str; default = name; - description = lib.mdDoc "Group account under which MPD runs."; + description = "Group account under which MPD runs."; }; network = { @@ -135,7 +135,7 @@ in { type = types.str; default = "127.0.0.1"; example = "any"; - description = lib.mdDoc '' + description = '' The address for the daemon to listen on. Use `any` to listen on all addresses. ''; @@ -144,7 +144,7 @@ in { port = mkOption { type = types.port; default = 6600; - description = lib.mdDoc '' + description = '' This setting is the TCP port that is desired for the daemon to get assigned to. ''; @@ -156,7 +156,7 @@ in { type = types.nullOr types.str; default = "${cfg.dataDir}/tag_cache"; defaultText = literalExpression ''"''${dataDir}/tag_cache"''; - description = lib.mdDoc '' + description = '' The path to MPD's database. If set to `null` the parameter is omitted from the configuration. ''; @@ -167,7 +167,7 @@ in { options = { passwordFile = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' Path to file containing the password. ''; }; @@ -176,14 +176,14 @@ in { in mkOption { type = types.listOf (types.enum perms); default = [ "read" ]; - description = lib.mdDoc '' + description = '' List of permissions that are granted with this password. Permissions can be "${concatStringsSep "\", \"" perms}". ''; }; }; }); - description = lib.mdDoc '' + description = '' Credentials and permissions for accessing the mpd server. ''; default = []; @@ -196,7 +196,7 @@ in { fluidsynth = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' If set, add fluidsynth soundfont and configure the plugin. ''; }; diff --git a/nixpkgs/nixos/modules/services/audio/mpdscribble.nix b/nixpkgs/nixos/modules/services/audio/mpdscribble.nix index 132d9ad32588..3c7270a3a4a4 100644 --- a/nixpkgs/nixos/modules/services/audio/mpdscribble.nix +++ b/nixpkgs/nixos/modules/services/audio/mpdscribble.nix @@ -77,12 +77,12 @@ in { options.services.mpdscribble = { - enable = mkEnableOption (lib.mdDoc "mpdscribble"); + enable = mkEnableOption "mpdscribble, an MPD client which submits info about tracks being played to Last.fm (formerly AudioScrobbler)"; proxy = mkOption { default = null; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' HTTP proxy URL. ''; }; @@ -90,7 +90,7 @@ in { verbose = mkOption { default = 1; type = types.int; - description = lib.mdDoc '' + description = '' Log level for the mpdscribble daemon. ''; }; @@ -99,7 +99,7 @@ in { default = 600; example = 60; type = types.int; - description = lib.mdDoc '' + description = '' How often should mpdscribble save the journal file? [seconds] ''; }; @@ -115,7 +115,7 @@ in { else "localhost" ''; type = types.str; - description = lib.mdDoc '' + description = '' Host for the mpdscribble daemon to search for a mpd daemon on. ''; }; @@ -133,7 +133,7 @@ in { otherwise `null`. ''; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' File containing the password for the mpd daemon. If there is a local mpd configured using {option}`services.mpd.credentials` the default is automatically set to a matching passwordFile of the local mpd. @@ -144,7 +144,7 @@ in { default = mpdCfg.network.port; defaultText = literalExpression "config.${mpdOpt.network.port}"; type = types.port; - description = lib.mdDoc '' + description = '' Port for the mpdscribble daemon to search for a mpd daemon on. ''; }; @@ -156,19 +156,17 @@ in { url = mkOption { type = types.str; default = endpointUrls.${name} or ""; - description = - lib.mdDoc "The url endpoint where the scrobble API is listening."; + description = "The url endpoint where the scrobble API is listening."; }; username = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Username for the scrobble service. ''; }; passwordFile = mkOption { type = types.nullOr types.str; - description = - lib.mdDoc "File containing the password, either as MD5SUM or cleartext."; + description = "File containing the password, either as MD5SUM or cleartext."; }; }; }; @@ -180,7 +178,7 @@ in { passwordFile = "/run/secrets/lastfm_password"; }; }; - description = lib.mdDoc '' + description = '' Endpoints to scrobble to. If the endpoint is one of "${ concatStringsSep "\", \"" (attrNames endpointUrls) diff --git a/nixpkgs/nixos/modules/services/audio/mympd.nix b/nixpkgs/nixos/modules/services/audio/mympd.nix index f1c7197085d7..cb1357b61a80 100644 --- a/nixpkgs/nixos/modules/services/audio/mympd.nix +++ b/nixpkgs/nixos/modules/services/audio/mympd.nix @@ -7,14 +7,14 @@ in { services.mympd = { - enable = lib.mkEnableOption (lib.mdDoc "MyMPD server"); + enable = lib.mkEnableOption "MyMPD server"; package = lib.mkPackageOption pkgs "mympd" {}; openFirewall = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Open ports needed for the functionality of the program. ''; }; @@ -23,7 +23,7 @@ in { type = lib.types.listOf lib.types.str; default = [ ]; example = [ "music" ]; - description = lib.mdDoc '' + description = '' Additional groups for the systemd service. ''; }; @@ -34,7 +34,7 @@ in { options = { http_port = lib.mkOption { type = lib.types.port; - description = lib.mdDoc '' + description = '' The HTTP port where mympd's web interface will be available. The HTTPS/SSL port can be configured via {option}`config`. @@ -44,7 +44,7 @@ in { ssl = lib.mkOption { type = lib.types.bool; - description = lib.mdDoc '' + description = '' Whether to enable listening on the SSL port. Refer to <https://jcorporation.github.io/myMPD/configuration/configuration-files#ssl-options> @@ -54,7 +54,7 @@ in { }; }; }; - description = lib.mdDoc '' + description = '' Manages the configuration files declaratively. For all the configuration options, see <https://jcorporation.github.io/myMPD/configuration/configuration-files>. diff --git a/nixpkgs/nixos/modules/services/audio/navidrome.nix b/nixpkgs/nixos/modules/services/audio/navidrome.nix index 912edb03aa4c..a5a7e805e3d6 100644 --- a/nixpkgs/nixos/modules/services/audio/navidrome.nix +++ b/nixpkgs/nixos/modules/services/audio/navidrome.nix @@ -9,7 +9,7 @@ in { options = { services.navidrome = { - enable = mkEnableOption (lib.mdDoc "Navidrome music server"); + enable = mkEnableOption "Navidrome music server"; package = mkPackageOption pkgs "navidrome" { }; @@ -23,7 +23,7 @@ in { example = { MusicFolder = "/mnt/music"; }; - description = lib.mdDoc '' + description = '' Configuration for Navidrome, see <https://www.navidrome.org/docs/usage/configuration-options/> for supported values. ''; }; @@ -31,7 +31,7 @@ in { openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to open the TCP port in the firewall"; + description = "Whether to open the TCP port in the firewall"; }; }; }; diff --git a/nixpkgs/nixos/modules/services/audio/networkaudiod.nix b/nixpkgs/nixos/modules/services/audio/networkaudiod.nix index 11486429e667..265a4e1d95d6 100644 --- a/nixpkgs/nixos/modules/services/audio/networkaudiod.nix +++ b/nixpkgs/nixos/modules/services/audio/networkaudiod.nix @@ -8,7 +8,7 @@ let in { options = { services.networkaudiod = { - enable = mkEnableOption (lib.mdDoc "Networkaudiod (NAA)"); + enable = mkEnableOption "Networkaudiod (NAA)"; }; }; diff --git a/nixpkgs/nixos/modules/services/audio/roon-bridge.nix b/nixpkgs/nixos/modules/services/audio/roon-bridge.nix index 027b0332fd1e..218bbb2a4845 100644 --- a/nixpkgs/nixos/modules/services/audio/roon-bridge.nix +++ b/nixpkgs/nixos/modules/services/audio/roon-bridge.nix @@ -8,25 +8,25 @@ let in { options = { services.roon-bridge = { - enable = mkEnableOption (lib.mdDoc "Roon Bridge"); + enable = mkEnableOption "Roon Bridge"; openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Open ports in the firewall for the bridge. ''; }; user = mkOption { type = types.str; default = "roon-bridge"; - description = lib.mdDoc '' + description = '' User to run the Roon bridge as. ''; }; group = mkOption { type = types.str; default = "roon-bridge"; - description = lib.mdDoc '' + description = '' Group to run the Roon Bridge as. ''; }; diff --git a/nixpkgs/nixos/modules/services/audio/roon-server.nix b/nixpkgs/nixos/modules/services/audio/roon-server.nix index 8a6cf6ec6a41..d3b3752dd728 100644 --- a/nixpkgs/nixos/modules/services/audio/roon-server.nix +++ b/nixpkgs/nixos/modules/services/audio/roon-server.nix @@ -8,26 +8,26 @@ let in { options = { services.roon-server = { - enable = mkEnableOption (lib.mdDoc "Roon Server"); + enable = mkEnableOption "Roon Server"; package = lib.mkPackageOption pkgs "roon-server" { }; openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Open ports in the firewall for the server. ''; }; user = mkOption { type = types.str; default = "roon-server"; - description = lib.mdDoc '' + description = '' User to run the Roon Server as. ''; }; group = mkOption { type = types.str; default = "roon-server"; - description = lib.mdDoc '' + description = '' Group to run the Roon Server as. ''; }; diff --git a/nixpkgs/nixos/modules/services/audio/slimserver.nix b/nixpkgs/nixos/modules/services/audio/slimserver.nix index 73cda08c5742..a7f8968ef017 100644 --- a/nixpkgs/nixos/modules/services/audio/slimserver.nix +++ b/nixpkgs/nixos/modules/services/audio/slimserver.nix @@ -14,7 +14,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable slimserver. ''; }; @@ -24,7 +24,7 @@ in { dataDir = mkOption { type = types.path; default = "/var/lib/slimserver"; - description = lib.mdDoc '' + description = '' The directory where slimserver stores its state, tag cache, playlists etc. ''; diff --git a/nixpkgs/nixos/modules/services/audio/snapserver.nix b/nixpkgs/nixos/modules/services/audio/snapserver.nix index dbab741bf6fc..f79fb7a07d79 100644 --- a/nixpkgs/nixos/modules/services/audio/snapserver.nix +++ b/nixpkgs/nixos/modules/services/audio/snapserver.nix @@ -12,7 +12,7 @@ let sampleFormat = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Default sample format. ''; example = "48000:16:2"; @@ -21,7 +21,7 @@ let codec = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Default audio compression method. ''; example = "flac"; @@ -77,7 +77,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable snapserver. ''; }; @@ -86,7 +86,7 @@ in { type = types.str; default = "::"; example = "0.0.0.0"; - description = lib.mdDoc '' + description = '' The address where snapclients can connect. ''; }; @@ -94,7 +94,7 @@ in { port = mkOption { type = types.port; default = 1704; - description = lib.mdDoc '' + description = '' The port that snapclients can connect to. ''; }; @@ -102,7 +102,7 @@ in { openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to automatically open the specified ports in the firewall. ''; }; @@ -113,7 +113,7 @@ in { streamBuffer = mkOption { type = with types; nullOr int; default = null; - description = lib.mdDoc '' + description = '' Stream read (input) buffer in ms. ''; example = 20; @@ -122,7 +122,7 @@ in { buffer = mkOption { type = with types; nullOr int; default = null; - description = lib.mdDoc '' + description = '' Network buffer in ms. ''; example = 1000; @@ -131,7 +131,7 @@ in { sendToMuted = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Send audio to muted clients. ''; }; @@ -139,7 +139,7 @@ in { tcp.enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable the JSON-RPC via TCP. ''; }; @@ -148,7 +148,7 @@ in { type = types.str; default = "::"; example = "0.0.0.0"; - description = lib.mdDoc '' + description = '' The address where the TCP JSON-RPC listens on. ''; }; @@ -156,7 +156,7 @@ in { tcp.port = mkOption { type = types.port; default = 1705; - description = lib.mdDoc '' + description = '' The port where the TCP JSON-RPC listens on. ''; }; @@ -164,7 +164,7 @@ in { http.enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable the JSON-RPC via HTTP. ''; }; @@ -173,7 +173,7 @@ in { type = types.str; default = "::"; example = "0.0.0.0"; - description = lib.mdDoc '' + description = '' The address where the HTTP JSON-RPC listens on. ''; }; @@ -181,7 +181,7 @@ in { http.port = mkOption { type = types.port; default = 1780; - description = lib.mdDoc '' + description = '' The port where the HTTP JSON-RPC listens on. ''; }; @@ -189,7 +189,7 @@ in { http.docRoot = mkOption { type = with types; nullOr path; default = null; - description = lib.mdDoc '' + description = '' Path to serve from the HTTP servers root. ''; }; @@ -199,7 +199,7 @@ in { options = { location = mkOption { type = types.oneOf [ types.path types.str ]; - description = lib.mdDoc '' + description = '' For type `pipe` or `file`, the path to the pipe or file. For type `librespot`, `airplay` or `process`, the path to the corresponding binary. For type `tcp`, the `host:port` address to connect to or listen on. @@ -216,14 +216,14 @@ in { type = mkOption { type = types.enum [ "pipe" "librespot" "airplay" "file" "process" "tcp" "alsa" "spotify" "meta" ]; default = "pipe"; - description = lib.mdDoc '' + description = '' The type of input stream. ''; }; query = mkOption { type = attrsOf str; default = {}; - description = lib.mdDoc '' + description = '' Key-value pairs that convey additional parameters about a stream. ''; example = literalExpression '' @@ -251,7 +251,7 @@ in { }; }); default = { default = {}; }; - description = lib.mdDoc '' + description = '' The definition for an input source. ''; example = literalExpression '' diff --git a/nixpkgs/nixos/modules/services/audio/spotifyd.nix b/nixpkgs/nixos/modules/services/audio/spotifyd.nix index 04bb523e25b1..60a7f0fd4e94 100644 --- a/nixpkgs/nixos/modules/services/audio/spotifyd.nix +++ b/nixpkgs/nixos/modules/services/audio/spotifyd.nix @@ -17,12 +17,12 @@ in { options = { services.spotifyd = { - enable = mkEnableOption (lib.mdDoc "spotifyd, a Spotify playing daemon"); + enable = mkEnableOption "spotifyd, a Spotify playing daemon"; config = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' (Deprecated) Configuration for Spotifyd. For syntax and directives, see <https://docs.spotifyd.rs/config/File.html>. ''; @@ -32,7 +32,7 @@ in default = {}; type = toml.type; example = { global.bitrate = 320; }; - description = lib.mdDoc '' + description = '' Configuration for Spotifyd. For syntax and directives, see <https://docs.spotifyd.rs/config/File.html>. ''; diff --git a/nixpkgs/nixos/modules/services/audio/squeezelite.nix b/nixpkgs/nixos/modules/services/audio/squeezelite.nix index 30dc12552f00..36295e21c60f 100644 --- a/nixpkgs/nixos/modules/services/audio/squeezelite.nix +++ b/nixpkgs/nixos/modules/services/audio/squeezelite.nix @@ -14,14 +14,14 @@ in ###### interface options.services.squeezelite = { - enable = mkEnableOption (lib.mdDoc "Squeezelite, a software Squeezebox emulator"); + enable = mkEnableOption "Squeezelite, a software Squeezebox emulator"; - pulseAudio = mkEnableOption (lib.mdDoc "pulseaudio support"); + pulseAudio = mkEnableOption "pulseaudio support"; extraArguments = mkOption { default = ""; type = types.str; - description = lib.mdDoc '' + description = '' Additional command line arguments to pass to Squeezelite. ''; }; diff --git a/nixpkgs/nixos/modules/services/audio/tts.nix b/nixpkgs/nixos/modules/services/audio/tts.nix index 0d93224ec030..4db624229aa8 100644 --- a/nixpkgs/nixos/modules/services/audio/tts.nix +++ b/nixpkgs/nixos/modules/services/audio/tts.nix @@ -10,18 +10,18 @@ in { options.services.tts = let - inherit (lib) literalExpression mkOption mdDoc mkEnableOption types; + inherit (lib) literalExpression mkOption mkEnableOption types; in { servers = mkOption { type = types.attrsOf (types.submodule ( { ... }: { options = { - enable = mkEnableOption (mdDoc "Coqui TTS server"); + enable = mkEnableOption "Coqui TTS server"; port = mkOption { type = types.port; example = 5000; - description = mdDoc '' + description = '' Port to bind the TTS server to. ''; }; @@ -30,7 +30,7 @@ in type = types.nullOr types.str; default = "tts_models/en/ljspeech/tacotron2-DDC"; example = null; - description = mdDoc '' + description = '' Name of the model to download and use for speech synthesis. Check `tts-server --list_models` for possible values. @@ -43,7 +43,7 @@ in type = types.bool; default = false; example = true; - description = mdDoc '' + description = '' Whether to offload computation onto a CUDA compatible GPU. ''; }; @@ -51,7 +51,7 @@ in extraArgs = mkOption { type = types.listOf types.str; default = []; - description = mdDoc '' + description = '' Extra arguments to pass to the server commandline. ''; }; @@ -75,7 +75,7 @@ in }; } ''; - description = mdDoc '' + description = '' TTS server instances. ''; }; diff --git a/nixpkgs/nixos/modules/services/audio/ympd.nix b/nixpkgs/nixos/modules/services/audio/ympd.nix index 6e8d22dab3c8..ebbe59ca67c3 100644 --- a/nixpkgs/nixos/modules/services/audio/ympd.nix +++ b/nixpkgs/nixos/modules/services/audio/ympd.nix @@ -12,12 +12,12 @@ in { services.ympd = { - enable = mkEnableOption (lib.mdDoc "ympd, the MPD Web GUI"); + enable = mkEnableOption "ympd, the MPD Web GUI"; webPort = mkOption { type = types.either types.str types.port; # string for backwards compat default = "8080"; - description = lib.mdDoc "The port where ympd's web interface will be available."; + description = "The port where ympd's web interface will be available."; example = "ssl://8080:/path/to/ssl-private-key.pem"; }; @@ -25,14 +25,14 @@ in { host = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc "The host where MPD is listening."; + description = "The host where MPD is listening."; }; port = mkOption { type = types.port; default = config.services.mpd.network.port; defaultText = literalExpression "config.services.mpd.network.port"; - description = lib.mdDoc "The port where MPD is listening."; + description = "The port where MPD is listening."; example = 6600; }; }; diff --git a/nixpkgs/nixos/modules/services/backup/automysqlbackup.nix b/nixpkgs/nixos/modules/services/backup/automysqlbackup.nix index 27bbff813b10..cf3b6b8d13a4 100644 --- a/nixpkgs/nixos/modules/services/backup/automysqlbackup.nix +++ b/nixpkgs/nixos/modules/services/backup/automysqlbackup.nix @@ -34,12 +34,12 @@ in options = { services.automysqlbackup = { - enable = mkEnableOption (lib.mdDoc "AutoMySQLBackup"); + enable = mkEnableOption "AutoMySQLBackup"; calendar = mkOption { type = types.str; default = "01:15:00"; - description = lib.mdDoc '' + description = '' Configured when to run the backup service systemd unit (DayOfWeek Year-Month-Day Hour:Minute:Second). ''; }; @@ -47,7 +47,7 @@ in settings = mkOption { type = with types; attrsOf (oneOf [ str int bool (listOf str) ]); default = {}; - description = lib.mdDoc '' + description = '' automysqlbackup configuration. Refer to {file}`''${pkgs.automysqlbackup}/etc/automysqlbackup.conf` for details on supported values. diff --git a/nixpkgs/nixos/modules/services/backup/bacula.nix b/nixpkgs/nixos/modules/services/backup/bacula.nix index 39975adf5909..94f6e6ba4fd5 100644 --- a/nixpkgs/nixos/modules/services/backup/bacula.nix +++ b/nixpkgs/nixos/modules/services/backup/bacula.nix @@ -10,7 +10,6 @@ let concatStringsSep literalExpression mapAttrsToList - mdDoc mkIf mkOption optional @@ -147,7 +146,7 @@ let enable = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Specifies if TLS should be enabled. If this set to `false` TLS will be completely disabled, even if ${tlsLink "tls.require" submodulePath} is true. ''; @@ -155,7 +154,7 @@ let require = mkOption { type = types.nullOr types.bool; default = null; - description = mdDoc '' + description = '' Require TLS or TLS-PSK encryption. This directive is ignored unless one of ${tlsLink "tls.enable" submodulePath} is true or TLS PSK Enable is set to `yes`. If TLS is not required while TLS or TLS-PSK are enabled, then the Bacula component @@ -168,7 +167,7 @@ let certificate = mkOption { type = types.nullOr types.path; default = null; - description = mdDoc '' + description = '' The full path to the PEM encoded TLS certificate. It will be used as either a client or server certificate, depending on the connection direction. @@ -179,7 +178,7 @@ let }; key = mkOption { type = types.path; - description = mdDoc '' + description = '' The path of a PEM encoded TLS private key. It must correspond to the TLS certificate. ''; @@ -187,7 +186,7 @@ let verifyPeer = mkOption { type = types.nullOr types.bool; default = null; - description = mdDoc '' + description = '' Verify peer certificate. Instructs server to request and verify the client's X.509 certificate. Any client certificate signed by a known-CA will be accepted. @@ -203,7 +202,7 @@ let allowedCN = mkOption { type = types.listOf types.str; default = [ ]; - description = mdDoc '' + description = '' Common name attribute of allowed peer certificates. This directive is valid for a server and in a client context. If this directive is specified, the peer certificate will be verified against this list. @@ -214,7 +213,7 @@ let caCertificateFile = mkOption { type = types.nullOr types.path; default = null; - description = mdDoc '' + description = '' The path specifying a PEM encoded TLS CA certificate(s). Multiple certificates are permitted in the file. One of TLS CA Certificate File or TLS CA Certificate Dir are required in a server context, unless @@ -230,7 +229,7 @@ let password = mkOption { type = types.str; # TODO: required? - description = mdDoc '' + description = '' Specifies the password that must be supplied for the default Bacula Console to be authorized. The same password must appear in the Director resource of the Console configuration file. For added @@ -251,7 +250,7 @@ let type = types.enum [ "no" "yes" ]; default = "no"; example = "yes"; - description = mdDoc '' + description = '' If Monitor is set to `no`, this director will have full access to this Storage daemon. If Monitor is set to `yes`, this director will only be able to fetch the @@ -265,7 +264,7 @@ let tls = mkOption { type = types.submodule (tlsOptions "${submodulePath}.director.<name>"); - description = mdDoc '' + description = '' TLS Options for the Director in this Configuration. ''; }; @@ -277,7 +276,7 @@ let options = { changerDevice = mkOption { type = types.str; - description = mdDoc '' + description = '' The specified name-string must be the generic SCSI device name of the autochanger that corresponds to the normal read/write Archive Device specified in the Device resource. This generic SCSI device name @@ -296,7 +295,7 @@ let changerCommand = mkOption { type = types.str; - description = mdDoc '' + description = '' The name-string specifies an external program to be called that will automatically change volumes as required by Bacula. Normally, this directive will be specified only in the AutoChanger resource, which @@ -318,14 +317,14 @@ let }; devices = mkOption { - description = mdDoc ""; + description = ""; type = types.listOf types.str; }; extraAutochangerConfig = mkOption { default = ""; type = types.lines; - description = mdDoc '' + description = '' Extra configuration to be passed in Autochanger directive. ''; example = '' @@ -342,7 +341,7 @@ let archiveDevice = mkOption { # TODO: required? type = types.str; - description = mdDoc '' + description = '' The specified name-string gives the system file name of the storage device managed by this storage daemon. This will usually be the device file name of a removable storage device (tape drive), for @@ -359,7 +358,7 @@ let mediaType = mkOption { # TODO: required? type = types.str; - description = mdDoc '' + description = '' The specified name-string names the type of media supported by this device, for example, `DLT7000`. Media type names are arbitrary in that you set them to anything you want, but they must be @@ -397,7 +396,7 @@ let extraDeviceConfig = mkOption { default = ""; type = types.lines; - description = mdDoc '' + description = '' Extra configuration to be passed in Device directive. ''; example = '' @@ -418,7 +417,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Whether to enable the Bacula File Daemon. ''; }; @@ -427,7 +426,7 @@ in { default = "${config.networking.hostName}-fd"; defaultText = literalExpression ''"''${config.networking.hostName}-fd"''; type = types.str; - description = mdDoc '' + description = '' The client name that must be used by the Director when connecting. Generally, it is a good idea to use a name related to the machine so that error messages can be easily identified if you have multiple @@ -438,7 +437,7 @@ in { port = mkOption { default = 9102; type = types.port; - description = mdDoc '' + description = '' This specifies the port number on which the Client listens for Director connections. It must agree with the FDPort specified in the Client resource of the Director's configuration file. @@ -447,7 +446,7 @@ in { director = mkOption { default = {}; - description = mdDoc '' + description = '' This option defines director resources in Bacula File Daemon. ''; type = types.attrsOf (types.submodule (directorOptions "services.bacula-fd")); @@ -457,7 +456,7 @@ in { tls = mkOption { type = types.submodule (tlsOptions "services.bacula-fd"); default = { }; - description = mdDoc '' + description = '' TLS Options for the File Daemon. Important notice: The backup won't be encrypted. ''; @@ -466,7 +465,7 @@ in { extraClientConfig = mkOption { default = ""; type = types.lines; - description = mdDoc '' + description = '' Extra configuration to be passed in Client directive. ''; example = '' @@ -478,7 +477,7 @@ in { extraMessagesConfig = mkOption { default = ""; type = types.lines; - description = mdDoc '' + description = '' Extra configuration to be passed in Messages directive. ''; example = '' @@ -491,7 +490,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Whether to enable Bacula Storage Daemon. ''; }; @@ -500,7 +499,7 @@ in { default = "${config.networking.hostName}-sd"; defaultText = literalExpression ''"''${config.networking.hostName}-sd"''; type = types.str; - description = mdDoc '' + description = '' Specifies the Name of the Storage daemon. ''; }; @@ -508,7 +507,7 @@ in { port = mkOption { default = 9103; type = types.port; - description = mdDoc '' + description = '' Specifies port number on which the Storage daemon listens for Director connections. ''; @@ -516,7 +515,7 @@ in { director = mkOption { default = {}; - description = mdDoc '' + description = '' This option defines Director resources in Bacula Storage Daemon. ''; type = types.attrsOf (types.submodule (directorOptions "services.bacula-sd")); @@ -524,7 +523,7 @@ in { device = mkOption { default = {}; - description = mdDoc '' + description = '' This option defines Device resources in Bacula Storage Daemon. ''; type = types.attrsOf (types.submodule deviceOptions); @@ -532,7 +531,7 @@ in { autochanger = mkOption { default = {}; - description = mdDoc '' + description = '' This option defines Autochanger resources in Bacula Storage Daemon. ''; type = types.attrsOf (types.submodule autochangerOptions); @@ -541,7 +540,7 @@ in { extraStorageConfig = mkOption { default = ""; type = types.lines; - description = mdDoc '' + description = '' Extra configuration to be passed in Storage directive. ''; example = '' @@ -553,7 +552,7 @@ in { extraMessagesConfig = mkOption { default = ""; type = types.lines; - description = mdDoc '' + description = '' Extra configuration to be passed in Messages directive. ''; example = '' @@ -563,7 +562,7 @@ in { tls = mkOption { type = types.submodule (tlsOptions "services.bacula-sd"); default = { }; - description = mdDoc '' + description = '' TLS Options for the Storage Daemon. Important notice: The backup won't be encrypted. ''; @@ -575,7 +574,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Whether to enable Bacula Director Daemon. ''; }; @@ -584,7 +583,7 @@ in { default = "${config.networking.hostName}-dir"; defaultText = literalExpression ''"''${config.networking.hostName}-dir"''; type = types.str; - description = mdDoc '' + description = '' The director name used by the system administrator. This directive is required. ''; @@ -593,7 +592,7 @@ in { port = mkOption { default = 9101; type = types.port; - description = mdDoc '' + description = '' Specify the port (a positive integer) on which the Director daemon will listen for Bacula Console connections. This same port number must be specified in the Director resource of the Console @@ -606,7 +605,7 @@ in { password = mkOption { # TODO: required? type = types.str; - description = mdDoc '' + description = '' Specifies the password that must be supplied for a Director. ''; }; @@ -614,7 +613,7 @@ in { extraMessagesConfig = mkOption { default = ""; type = types.lines; - description = mdDoc '' + description = '' Extra configuration to be passed in Messages directive. ''; example = '' @@ -625,7 +624,7 @@ in { extraDirectorConfig = mkOption { default = ""; type = types.lines; - description = mdDoc '' + description = '' Extra configuration to be passed in Director directive. ''; example = '' @@ -637,7 +636,7 @@ in { extraConfig = mkOption { default = ""; type = types.lines; - description = mdDoc '' + description = '' Extra configuration for Bacula Director Daemon. ''; example = '' @@ -648,7 +647,7 @@ in { tls = mkOption { type = types.submodule (tlsOptions "services.bacula-dir"); default = { }; - description = mdDoc '' + description = '' TLS Options for the Director. Important notice: The backup won't be encrypted. ''; diff --git a/nixpkgs/nixos/modules/services/backup/borgbackup.nix b/nixpkgs/nixos/modules/services/backup/borgbackup.nix index 6f4455d3be60..570f8931bd9e 100644 --- a/nixpkgs/nixos/modules/services/backup/borgbackup.nix +++ b/nixpkgs/nixos/modules/services/backup/borgbackup.nix @@ -123,6 +123,7 @@ let }; # if remote-backup wait for network after = optional (cfg.persistentTimer && !isLocalPath cfg.repo) "network-online.target"; + wants = optional (cfg.persistentTimer && !isLocalPath cfg.repo) "network-online.target"; }; # utility function around makeWrapper @@ -147,6 +148,9 @@ let let settings = { inherit (cfg) user group; }; in lib.nameValuePair "borgbackup-job-${name}" ({ + # Create parent dirs separately, to ensure correct ownership. + "${config.users.users."${cfg.user}".home}/.config".d = settings; + "${config.users.users."${cfg.user}".home}/.cache".d = settings; "${config.users.users."${cfg.user}".home}/.config/borg".d = settings; "${config.users.users."${cfg.user}".home}/.cache/borg".d = settings; } // optionalAttrs (isLocalPath cfg.repo && !cfg.removableDevice) { @@ -229,7 +233,7 @@ in { options.services.borgbackup.package = mkPackageOption pkgs "borgbackup" { }; options.services.borgbackup.jobs = mkOption { - description = lib.mdDoc '' + description = '' Deduplicating backups using BorgBackup. Adding a job will cause a borg-job-NAME wrapper to be added to your system path, so that you can perform maintenance easily. @@ -275,7 +279,7 @@ in { paths = mkOption { type = with types; nullOr (coercedTo str lib.singleton (listOf str)); default = null; - description = lib.mdDoc '' + description = '' Path(s) to back up. Mutually exclusive with {option}`dumpCommand`. ''; @@ -285,7 +289,7 @@ in { dumpCommand = mkOption { type = with types; nullOr path; default = null; - description = lib.mdDoc '' + description = '' Backup the stdout of this program instead of filesystem paths. Mutually exclusive with {option}`paths`. ''; @@ -294,21 +298,21 @@ in { repo = mkOption { type = types.str; - description = lib.mdDoc "Remote or local repository to back up to."; + description = "Remote or local repository to back up to."; example = "user@machine:/path/to/repo"; }; removableDevice = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether the repo (which must be local) is a removable device."; + description = "Whether the repo (which must be local) is a removable device."; }; archiveBaseName = mkOption { type = types.nullOr (types.strMatching "[^/{}]+"); default = "${globalConfig.networking.hostName}-${name}"; defaultText = literalExpression ''"''${config.networking.hostName}-<name>"''; - description = lib.mdDoc '' + description = '' How to name the created archives. A timestamp, whose format is determined by {option}`dateFormat`, will be appended. The full name can be modified at runtime (`$archiveName`). @@ -319,7 +323,7 @@ in { dateFormat = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Arguments passed to {command}`date` to create a timestamp suffix for the archive name. ''; @@ -330,7 +334,7 @@ in { startAt = mkOption { type = with types; either str (listOf str); default = "daily"; - description = lib.mdDoc '' + description = '' When or how often the backup should run. Must be in the format described in {manpage}`systemd.time(7)`. @@ -345,7 +349,7 @@ in { default = false; type = types.bool; example = true; - description = lib.mdDoc '' + description = '' Set the `persistentTimer` option for the {manpage}`systemd.timer(5)` which triggers the backup immediately if the last trigger @@ -357,14 +361,14 @@ in { default = false; type = types.bool; example = true; - description = lib.mdDoc '' + description = '' Prevents the system from sleeping while backing up. ''; }; user = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The user {command}`borg` is run as. User or group need read permission for the specified {option}`paths`. @@ -374,7 +378,7 @@ in { group = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The group borg is run as. User or group needs read permission for the specified {option}`paths`. ''; @@ -388,7 +392,7 @@ in { "authenticated" "authenticated-blake2" "none" ]; - description = lib.mdDoc '' + description = '' Encryption mode to use. Setting a mode other than `"none"` requires you to specify a {option}`passCommand` @@ -399,7 +403,7 @@ in { encryption.passCommand = mkOption { type = with types; nullOr str; - description = lib.mdDoc '' + description = '' A command which prints the passphrase to stdout. Mutually exclusive with {option}`passphrase`. ''; @@ -409,7 +413,7 @@ in { encryption.passphrase = mkOption { type = with types; nullOr str; - description = lib.mdDoc '' + description = '' The passphrase the backups are encrypted with. Mutually exclusive with {option}`passCommand`. If you do not want the passphrase to be stored in the @@ -423,7 +427,7 @@ in { # compression mode must be given, # compression level is optional type = types.strMatching "none|(auto,)?(lz4|zstd|zlib|lzma)(,[[:digit:]]{1,2})?"; - description = lib.mdDoc '' + description = '' Compression method to use. Refer to {command}`borg help compression` for all available options. @@ -434,7 +438,7 @@ in { exclude = mkOption { type = with types; listOf str; - description = lib.mdDoc '' + description = '' Exclude paths matching any of the given patterns. See {command}`borg help patterns` for pattern syntax. ''; @@ -447,7 +451,7 @@ in { patterns = mkOption { type = with types; listOf str; - description = lib.mdDoc '' + description = '' Include/exclude paths matching the given patterns. The first matching patterns is used, so if an include pattern (prefix `+`) matches before an exclude pattern (prefix `-`), the file is @@ -462,7 +466,7 @@ in { readWritePaths = mkOption { type = with types; listOf path; - description = lib.mdDoc '' + description = '' By default, borg cannot write anywhere on the system but `$HOME/.config/borg` and `$HOME/.cache/borg`. If, for example, your preHook script needs to dump files @@ -476,7 +480,7 @@ in { privateTmp = mkOption { type = types.bool; - description = lib.mdDoc '' + description = '' Set the `PrivateTmp` option for the systemd-service. Set to false if you need sockets or other files from global /tmp. @@ -486,7 +490,7 @@ in { doInit = mkOption { type = types.bool; - description = lib.mdDoc '' + description = '' Run {command}`borg init` if the specified {option}`repo` does not exist. You should set this to `false` @@ -498,7 +502,7 @@ in { appendFailedSuffix = mkOption { type = types.bool; - description = lib.mdDoc '' + description = '' Append a `.failed` suffix to the archive name, which is only removed if {command}`borg create` has a zero exit status. @@ -511,7 +515,7 @@ in { # means there is no limit of yearly archives to keep # The regex is for use with e.g. --keep-within 1y type = with types; attrsOf (either int (strMatching "[[:digit:]]+[Hdwmy]")); - description = lib.mdDoc '' + description = '' Prune a repository by deleting all archives not matching any of the specified retention options. See {command}`borg help prune` for the available options. @@ -529,7 +533,7 @@ in { prune.prefix = mkOption { type = types.nullOr (types.str); - description = lib.mdDoc '' + description = '' Only consider archive names starting with this prefix for pruning. By default, only archives created by this job are considered. Use `""` or `null` to consider all archives. @@ -540,7 +544,7 @@ in { environment = mkOption { type = with types; attrsOf str; - description = lib.mdDoc '' + description = '' Environment variables passed to the backup script. You can for example specify which SSH key to use. ''; @@ -550,7 +554,7 @@ in { preHook = mkOption { type = types.lines; - description = lib.mdDoc '' + description = '' Shell commands to run before the backup. This can for example be used to mount file systems. ''; @@ -563,7 +567,7 @@ in { postInit = mkOption { type = types.lines; - description = lib.mdDoc '' + description = '' Shell commands to run after {command}`borg init`. ''; default = ""; @@ -571,7 +575,7 @@ in { postCreate = mkOption { type = types.lines; - description = lib.mdDoc '' + description = '' Shell commands to run after {command}`borg create`. The name of the created archive is stored in `$archiveName`. ''; @@ -580,7 +584,7 @@ in { postPrune = mkOption { type = types.lines; - description = lib.mdDoc '' + description = '' Shell commands to run after {command}`borg prune`. ''; default = ""; @@ -588,7 +592,7 @@ in { postHook = mkOption { type = types.lines; - description = lib.mdDoc '' + description = '' Shell commands to run just before exit. They are executed even if a previous command exits with a non-zero exit code. The latter is available as `$exitStatus`. @@ -598,7 +602,7 @@ in { extraArgs = mkOption { type = with types; coercedTo (listOf str) escapeShellArgs str; - description = lib.mdDoc '' + description = '' Additional arguments for all {command}`borg` calls the service has. Handle with care. ''; @@ -608,7 +612,7 @@ in { extraInitArgs = mkOption { type = with types; coercedTo (listOf str) escapeShellArgs str; - description = lib.mdDoc '' + description = '' Additional arguments for {command}`borg init`. Can also be set at runtime using `$extraInitArgs`. ''; @@ -618,7 +622,7 @@ in { extraCreateArgs = mkOption { type = with types; coercedTo (listOf str) escapeShellArgs str; - description = lib.mdDoc '' + description = '' Additional arguments for {command}`borg create`. Can also be set at runtime using `$extraCreateArgs`. ''; @@ -631,7 +635,7 @@ in { extraPruneArgs = mkOption { type = with types; coercedTo (listOf str) escapeShellArgs str; - description = lib.mdDoc '' + description = '' Additional arguments for {command}`borg prune`. Can also be set at runtime using `$extraPruneArgs`. ''; @@ -641,7 +645,7 @@ in { extraCompactArgs = mkOption { type = with types; coercedTo (listOf str) escapeShellArgs str; - description = lib.mdDoc '' + description = '' Additional arguments for {command}`borg compact`. Can also be set at runtime using `$extraCompactArgs`. ''; @@ -654,7 +658,7 @@ in { }; options.services.borgbackup.repos = mkOption { - description = lib.mdDoc '' + description = '' Serve BorgBackup repositories to given public SSH keys, restricting their access to the repository only. See also the chapter about BorgBackup in the NixOS manual. @@ -667,7 +671,7 @@ in { options = { path = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' Where to store the backups. Note that the directory is created automatically, with correct permissions. ''; @@ -676,7 +680,7 @@ in { user = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The user {command}`borg serve` is run as. User or group needs write permission for the specified {option}`path`. @@ -686,7 +690,7 @@ in { group = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The group {command}`borg serve` is run as. User or group needs write permission for the specified {option}`path`. @@ -696,7 +700,7 @@ in { authorizedKeys = mkOption { type = with types; listOf str; - description = lib.mdDoc '' + description = '' Public SSH keys that are given full write access to this repository. You should use a different SSH key for each repository you write to, because the specified keys are restricted to running {command}`borg serve` @@ -707,7 +711,7 @@ in { authorizedKeysAppendOnly = mkOption { type = with types; listOf str; - description = lib.mdDoc '' + description = '' Public SSH keys that can only be used to append new data (archives) to the repository. Note that archives can still be marked as deleted and are subsequently removed from disk upon accessing the repo with full write access, e.g. when pruning. @@ -717,7 +721,7 @@ in { allowSubRepos = mkOption { type = types.bool; - description = lib.mdDoc '' + description = '' Allow clients to create repositories in subdirectories of the specified {option}`path`. These can be accessed using `user@machine:path/to/subrepo`. Note that a @@ -731,7 +735,7 @@ in { quota = mkOption { # See the definition of parse_file_size() in src/borg/helpers/parseformat.py type = with types; nullOr (strMatching "[[:digit:].]+[KMGTP]?"); - description = lib.mdDoc '' + description = '' Storage quota for the repository. This quota is ensured for all sub-repositories if {option}`allowSubRepos` is enabled but not for the overall storage space used. diff --git a/nixpkgs/nixos/modules/services/backup/borgmatic.nix b/nixpkgs/nixos/modules/services/backup/borgmatic.nix index b27dd2817120..5da78828bfa8 100644 --- a/nixpkgs/nixos/modules/services/backup/borgmatic.nix +++ b/nixpkgs/nixos/modules/services/backup/borgmatic.nix @@ -10,13 +10,13 @@ let options = { path = mkOption { type = str; - description = mdDoc '' + description = '' Path to the repository ''; }; label = mkOption { type = str; - description = mdDoc '' + description = '' Label to the repository ''; }; @@ -28,7 +28,7 @@ let source_directories = mkOption { type = nullOr (listOf str); default = null; - description = mdDoc '' + description = '' List of source directories and files to backup. Globs and tildes are expanded. Do not backslash spaces in path names. ''; @@ -37,7 +37,7 @@ let repositories = mkOption { type = nullOr (listOf repository); default = null; - description = mdDoc '' + description = '' A required list of local or remote repositories with paths and optional labels (which can be used with the --repository flag to select a repository). Tildes are expanded. Multiple repositories are @@ -59,10 +59,10 @@ let in { options.services.borgmatic = { - enable = mkEnableOption (mdDoc "borgmatic"); + enable = mkEnableOption "borgmatic"; settings = mkOption { - description = mdDoc '' + description = '' See https://torsion.org/borgmatic/docs/reference/configuration/ ''; default = null; @@ -70,7 +70,7 @@ in }; configurations = mkOption { - description = mdDoc '' + description = '' Set of borgmatic configurations, see https://torsion.org/borgmatic/docs/reference/configuration/ ''; default = { }; diff --git a/nixpkgs/nixos/modules/services/backup/btrbk.nix b/nixpkgs/nixos/modules/services/backup/btrbk.nix index 364b77b6a21c..06ca4236eaf2 100644 --- a/nixpkgs/nixos/modules/services/backup/btrbk.nix +++ b/nixpkgs/nixos/modules/services/backup/btrbk.nix @@ -109,7 +109,7 @@ in options = { services.btrbk = { extraPackages = mkOption { - description = lib.mdDoc '' + description = '' Extra packages for btrbk, like compression utilities for `stream_compress`. **Note**: This option will get deprecated in future releases. @@ -122,17 +122,17 @@ in example = literalExpression "[ pkgs.xz ]"; }; niceness = mkOption { - description = lib.mdDoc "Niceness for local instances of btrbk. Also applies to remote ones connecting via ssh when positive."; + description = "Niceness for local instances of btrbk. Also applies to remote ones connecting via ssh when positive."; type = types.ints.between (-20) 19; default = 10; }; ioSchedulingClass = mkOption { - description = lib.mdDoc "IO scheduling class for btrbk (see ionice(1) for a quick description). Applies to local instances, and remote ones connecting by ssh if set to idle."; + description = "IO scheduling class for btrbk (see ionice(1) for a quick description). Applies to local instances, and remote ones connecting by ssh if set to idle."; type = types.enum [ "idle" "best-effort" "realtime" ]; default = "best-effort"; }; instances = mkOption { - description = lib.mdDoc "Set of btrbk instances. The instance named `btrbk` is the default one."; + description = "Set of btrbk instances. The instance named `btrbk` is the default one."; type = with types; attrsOf ( submodule { @@ -140,7 +140,7 @@ in onCalendar = mkOption { type = types.nullOr types.str; default = "daily"; - description = lib.mdDoc '' + description = '' How often this btrbk instance is started. See systemd.time(7) for more information about the format. Setting it to null disables the timer, thus this instance can only be started manually. ''; @@ -150,7 +150,7 @@ in freeformType = let t = types.attrsOf (types.either types.str (t // { description = "instances of this type recursively"; })); in t; options = { stream_compress = mkOption { - description = lib.mdDoc '' + description = '' Compress the btrfs send stream before transferring it from/to remote locations using a compression command. ''; @@ -173,7 +173,7 @@ in }; }; }; - description = lib.mdDoc "configuration options for btrbk. Nested attrsets translate to subsections."; + description = "configuration options for btrbk. Nested attrsets translate to subsections."; }; }; } @@ -181,18 +181,18 @@ in default = { }; }; sshAccess = mkOption { - description = lib.mdDoc "SSH keys that should be able to make or push snapshots on this system remotely with btrbk"; + description = "SSH keys that should be able to make or push snapshots on this system remotely with btrbk"; type = with types; listOf ( submodule { options = { key = mkOption { type = str; - description = lib.mdDoc "SSH public key allowed to login as user `btrbk` to run remote backups."; + description = "SSH public key allowed to login as user `btrbk` to run remote backups."; }; roles = mkOption { type = listOf (enum [ "info" "source" "target" "delete" "snapshot" "send" "receive" ]); example = [ "source" "info" "send" ]; - description = lib.mdDoc "What actions can be performed with this SSH key. See ssh_filter_btrbk(1) for details"; + description = "What actions can be performed with this SSH key. See ssh_filter_btrbk(1) for details"; }; }; } diff --git a/nixpkgs/nixos/modules/services/backup/duplicati.nix b/nixpkgs/nixos/modules/services/backup/duplicati.nix index bd433b777ec4..2b9e171d7d80 100644 --- a/nixpkgs/nixos/modules/services/backup/duplicati.nix +++ b/nixpkgs/nixos/modules/services/backup/duplicati.nix @@ -8,14 +8,14 @@ in { options = { services.duplicati = { - enable = mkEnableOption (lib.mdDoc "Duplicati"); + enable = mkEnableOption "Duplicati"; package = mkPackageOption pkgs "duplicati" { }; port = mkOption { default = 8200; type = types.port; - description = lib.mdDoc '' + description = '' Port serving the web interface ''; }; @@ -23,7 +23,7 @@ in dataDir = mkOption { type = types.str; default = "/var/lib/duplicati"; - description = lib.mdDoc '' + description = '' The directory where Duplicati stores its data files. ::: {.note} @@ -37,7 +37,7 @@ in interface = mkOption { default = "127.0.0.1"; type = types.str; - description = lib.mdDoc '' + description = '' Listening interface for the web UI Set it to "any" to listen on all available interfaces ''; @@ -46,7 +46,7 @@ in user = mkOption { default = "duplicati"; type = types.str; - description = lib.mdDoc '' + description = '' Duplicati runs as it's own user. It will only be able to backup world-readable files. Run as root with special care. ''; diff --git a/nixpkgs/nixos/modules/services/backup/duplicity.nix b/nixpkgs/nixos/modules/services/backup/duplicity.nix index 05ec997ab66b..033d0cffd8d6 100644 --- a/nixpkgs/nixos/modules/services/backup/duplicity.nix +++ b/nixpkgs/nixos/modules/services/backup/duplicity.nix @@ -13,12 +13,12 @@ let in { options.services.duplicity = { - enable = mkEnableOption (lib.mdDoc "backups with duplicity"); + enable = mkEnableOption "backups with duplicity"; root = mkOption { type = types.path; default = "/"; - description = lib.mdDoc '' + description = '' Root directory to backup. ''; }; @@ -27,7 +27,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "/home" ]; - description = lib.mdDoc '' + description = '' List of paths to include into the backups. See the FILE SELECTION section in {manpage}`duplicity(1)` for details on the syntax. ''; @@ -36,7 +36,7 @@ in exclude = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc '' + description = '' List of paths to exclude from backups. See the FILE SELECTION section in {manpage}`duplicity(1)` for details on the syntax. ''; @@ -45,7 +45,7 @@ in targetUrl = mkOption { type = types.str; example = "s3://host:port/prefix"; - description = lib.mdDoc '' + description = '' Target url to backup to. See the URL FORMAT section in {manpage}`duplicity(1)` for supported urls. ''; @@ -54,7 +54,7 @@ in secretFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Path of a file containing secrets (gpg passphrase, access key...) in the format of EnvironmentFile as described by {manpage}`systemd.exec(5)`. For example: @@ -69,7 +69,7 @@ in frequency = mkOption { type = types.nullOr types.str; default = "daily"; - description = lib.mdDoc '' + description = '' Run duplicity with the given frequency (see {manpage}`systemd.time(7)` for the format). If null, do not run automatically. @@ -80,7 +80,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "--backend-retry-delay" "100" ]; - description = lib.mdDoc '' + description = '' Extra command-line flags passed to duplicity. See {manpage}`duplicity(1)`. ''; @@ -90,7 +90,7 @@ in type = types.str; default = "never"; example = "1M"; - description = lib.mdDoc '' + description = '' If `"never"` (the default) always do incremental backups (the first backup will be a full backup, of course). If `"always"` always do full backups. Otherwise, this @@ -105,7 +105,7 @@ in type = types.nullOr types.str; default = null; example = "6M"; - description = lib.mdDoc '' + description = '' If non-null, delete all backup sets older than the given time. Old backup sets will not be deleted if backup sets newer than time depend on them. ''; @@ -114,7 +114,7 @@ in type = types.nullOr types.int; default = null; example = 2; - description = lib.mdDoc '' + description = '' If non-null, delete all backups sets that are older than the count:th last full backup (in other words, keep the last count full backups and associated incremental sets). @@ -124,7 +124,7 @@ in type = types.nullOr types.int; default = null; example = 1; - description = lib.mdDoc '' + description = '' If non-null, delete incremental sets of all backups sets that are older than the count:th last full backup (in other words, keep only old full backups and not their increments). diff --git a/nixpkgs/nixos/modules/services/backup/mysql-backup.nix b/nixpkgs/nixos/modules/services/backup/mysql-backup.nix index 9fbc599cd41a..00381be4b75d 100644 --- a/nixpkgs/nixos/modules/services/backup/mysql-backup.nix +++ b/nixpkgs/nixos/modules/services/backup/mysql-backup.nix @@ -37,12 +37,12 @@ in services.mysqlBackup = { - enable = mkEnableOption (lib.mdDoc "MySQL backups"); + enable = mkEnableOption "MySQL backups"; calendar = mkOption { type = types.str; default = "01:15:00"; - description = lib.mdDoc '' + description = '' Configured when to run the backup service systemd unit (DayOfWeek Year-Month-Day Hour:Minute:Second). ''; }; @@ -50,7 +50,7 @@ in user = mkOption { type = types.str; default = defaultUser; - description = lib.mdDoc '' + description = '' User to be used to perform backup. ''; }; @@ -58,7 +58,7 @@ in databases = mkOption { default = []; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' List of database names to dump. ''; }; @@ -66,7 +66,7 @@ in location = mkOption { type = types.path; default = "/var/backup/mysql"; - description = lib.mdDoc '' + description = '' Location to put the gzipped MySQL database dumps. ''; }; @@ -74,7 +74,7 @@ in singleTransaction = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to create database dump in a single transaction ''; }; diff --git a/nixpkgs/nixos/modules/services/backup/postgresql-backup.nix b/nixpkgs/nixos/modules/services/backup/postgresql-backup.nix index 82067d8ade34..5dd9e075862d 100644 --- a/nixpkgs/nixos/modules/services/backup/postgresql-backup.nix +++ b/nixpkgs/nixos/modules/services/backup/postgresql-backup.nix @@ -71,12 +71,12 @@ in { options = { services.postgresqlBackup = { - enable = mkEnableOption (lib.mdDoc "PostgreSQL dumps"); + enable = mkEnableOption "PostgreSQL dumps"; startAt = mkOption { default = "*-*-* 01:15:00"; type = with types; either (listOf str) str; - description = lib.mdDoc '' + description = '' This option defines (see `systemd.time` for format) when the databases should be dumped. The default is to update at 01:15 (at night) every day. @@ -87,7 +87,7 @@ in { default = cfg.databases == []; defaultText = literalExpression "services.postgresqlBackup.databases == []"; type = lib.types.bool; - description = lib.mdDoc '' + description = '' Backup all databases using pg_dumpall. This option is mutual exclusive to `services.postgresqlBackup.databases`. @@ -99,7 +99,7 @@ in { databases = mkOption { default = []; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' List of database names to dump. ''; }; @@ -107,7 +107,7 @@ in { location = mkOption { default = "/var/backup/postgresql"; type = types.path; - description = lib.mdDoc '' + description = '' Path of directory where the PostgreSQL database dumps will be placed. ''; }; @@ -115,7 +115,7 @@ in { pgdumpOptions = mkOption { type = types.separatedString " "; default = "-C"; - description = lib.mdDoc '' + description = '' Command line options for pg_dump. This options is not used if `config.services.postgresqlBackup.backupAll` is enabled. Note that config.services.postgresqlBackup.backupAll is also active, @@ -126,7 +126,7 @@ in { compression = mkOption { type = types.enum ["none" "gzip" "zstd"]; default = "gzip"; - description = lib.mdDoc '' + description = '' The type of compression to use on the generated database dump. ''; }; @@ -134,7 +134,7 @@ in { compressionLevel = mkOption { type = types.ints.between 1 19; default = 6; - description = lib.mdDoc '' + description = '' The compression level used when compression is enabled. gzip accepts levels 1 to 9. zstd accepts levels 1 to 19. ''; diff --git a/nixpkgs/nixos/modules/services/backup/postgresql-wal-receiver.nix b/nixpkgs/nixos/modules/services/backup/postgresql-wal-receiver.nix index 332a32d37052..a8f2cf514d54 100644 --- a/nixpkgs/nixos/modules/services/backup/postgresql-wal-receiver.nix +++ b/nixpkgs/nixos/modules/services/backup/postgresql-wal-receiver.nix @@ -12,7 +12,7 @@ let directory = mkOption { type = types.path; example = literalExpression "/mnt/pg_wal/main/"; - description = lib.mdDoc '' + description = '' Directory to write the output to. ''; }; @@ -20,7 +20,7 @@ let statusInterval = mkOption { type = types.int; default = 10; - description = lib.mdDoc '' + description = '' Specifies the number of seconds between status packets sent back to the server. This allows for easier monitoring of the progress from server. A value of zero disables the periodic status updates completely, @@ -32,7 +32,7 @@ let type = types.str; default = ""; example = "some_slot_name"; - description = lib.mdDoc '' + description = '' Require {command}`pg_receivewal` to use an existing replication slot (see [Section 26.2.6 of the PostgreSQL manual](https://www.postgresql.org/docs/current/warm-standby.html#STREAMING-REPLICATION-SLOTS)). When this option is used, {command}`pg_receivewal` will report a flush position to the server, @@ -48,7 +48,7 @@ let synchronous = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Flush the WAL data to disk immediately after it has been received. Also send a status packet back to the server immediately after flushing, regardless of {option}`statusInterval`. @@ -60,7 +60,7 @@ let compress = mkOption { type = types.ints.between 0 9; default = 0; - description = lib.mdDoc '' + description = '' Enables gzip compression of write-ahead logs, and specifies the compression level (`0` through `9`, `0` being no compression and `9` being best compression). The suffix `.gz` will automatically be added to all filenames. @@ -72,7 +72,7 @@ let connection = mkOption { type = types.str; example = "postgresql://user@somehost"; - description = lib.mdDoc '' + description = '' Specifies parameters used to connect to the server, as a connection string. See [Section 34.1.1 of the PostgreSQL manual](https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING) for more information. @@ -89,7 +89,7 @@ let "--no-sync" ] ''; - description = lib.mdDoc '' + description = '' A list of extra arguments to pass to the {command}`pg_receivewal` command. ''; }; @@ -103,7 +103,7 @@ let PGSSLMODE = "require"; } ''; - description = lib.mdDoc '' + description = '' Environment variables passed to the service. Usable parameters are listed in [Section 34.14 of the PostgreSQL manual](https://www.postgresql.org/docs/current/libpq-envars.html). ''; @@ -127,7 +127,7 @@ in { }; } ''; - description = lib.mdDoc '' + description = '' PostgreSQL WAL receivers. Stream write-ahead logs from a PostgreSQL server using {command}`pg_receivewal` (formerly {command}`pg_receivexlog`). See [the man page](https://www.postgresql.org/docs/current/app-pgreceivewal.html) for more information. diff --git a/nixpkgs/nixos/modules/services/backup/restic-rest-server.nix b/nixpkgs/nixos/modules/services/backup/restic-rest-server.nix index 105a05caf304..935907643bd2 100644 --- a/nixpkgs/nixos/modules/services/backup/restic-rest-server.nix +++ b/nixpkgs/nixos/modules/services/backup/restic-rest-server.nix @@ -9,25 +9,25 @@ in meta.maintainers = [ maintainers.bachp ]; options.services.restic.server = { - enable = mkEnableOption (lib.mdDoc "Restic REST Server"); + enable = mkEnableOption "Restic REST Server"; listenAddress = mkOption { - default = ":8000"; + default = "8000"; example = "127.0.0.1:8080"; type = types.str; - description = lib.mdDoc "Listen on a specific IP address and port."; + description = "Listen on a specific IP address and port."; }; dataDir = mkOption { default = "/var/lib/restic"; type = types.path; - description = lib.mdDoc "The directory for storing the restic repository."; + description = "The directory for storing the restic repository."; }; appendOnly = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Enable append only mode. This mode allows creation of new backups but prevents deletion and modification of existing backups. This can be useful when backing up systems that have a potential of being hacked. @@ -37,7 +37,7 @@ in privateRepos = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Enable private repos. Grants access only when a subdirectory with the same name as the user is specified in the repository URL. ''; @@ -46,13 +46,13 @@ in prometheus = mkOption { default = false; type = types.bool; - description = lib.mdDoc "Enable Prometheus metrics at /metrics."; + description = "Enable Prometheus metrics at /metrics."; }; extraFlags = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' Extra commandline options to pass to Restic REST server. ''; }; @@ -61,14 +61,19 @@ in }; config = mkIf cfg.enable { + assertions = [{ + assertion = lib.substring 0 1 cfg.listenAddress != ":"; + message = "The restic-rest-server now uses systemd socket activation, which expects only the Port number: services.restic.server.listenAddress = \"${lib.substring 1 6 cfg.listenAddress}\";"; + }]; + systemd.services.restic-rest-server = { description = "Restic REST Server"; - after = [ "network.target" ]; + after = [ "network.target" "restic-rest-server.socket" ]; + requires = [ "restic-rest-server.socket" ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { ExecStart = '' ${cfg.package}/bin/rest-server \ - --listen ${cfg.listenAddress} \ --path ${cfg.dataDir} \ ${optionalString cfg.appendOnly "--append-only"} \ ${optionalString cfg.privateRepos "--private-repos"} \ @@ -80,16 +85,40 @@ in Group = "restic"; # Security hardening - ReadWritePaths = [ cfg.dataDir ]; + CapabilityBoundingSet = ""; + LockPersonality = true; + MemoryDenyWriteExecute = true; + NoNewPrivileges = true; + PrivateNetwork = true; PrivateTmp = true; + PrivateUsers = true; + ProtectClock = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectProc = "invisible"; ProtectSystem = "strict"; ProtectKernelTunables = true; ProtectKernelModules = true; ProtectControlGroups = true; PrivateDevices = true; + ReadWritePaths = [ cfg.dataDir ]; + RemoveIPC = true; + RestrictAddressFamilies = "none"; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + SystemCallArchitectures = "native"; + SystemCallFilter = "@system-service"; + UMask = 027; }; }; + systemd.sockets.restic-rest-server = { + listenStreams = [ cfg.listenAddress ]; + wantedBy = [ "sockets.target" ]; + }; + systemd.tmpfiles.rules = mkIf cfg.privateRepos [ "f ${cfg.dataDir}/.htpasswd 0700 restic restic -" ]; diff --git a/nixpkgs/nixos/modules/services/backup/restic.nix b/nixpkgs/nixos/modules/services/backup/restic.nix index b222dd952d15..8b56636c7969 100644 --- a/nixpkgs/nixos/modules/services/backup/restic.nix +++ b/nixpkgs/nixos/modules/services/backup/restic.nix @@ -8,14 +8,14 @@ let in { options.services.restic.backups = mkOption { - description = lib.mdDoc '' + description = '' Periodic backups to create with Restic. ''; type = types.attrsOf (types.submodule ({ config, name, ... }: { options = { passwordFile = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Read the repository password from a file. ''; example = "/etc/nixos/restic-password"; @@ -24,7 +24,7 @@ in environmentFile = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' file containing the credentials to access the repository, in the format of an EnvironmentFile as described by systemd.exec(5) ''; @@ -33,7 +33,7 @@ in rcloneOptions = mkOption { type = with types; nullOr (attrsOf (oneOf [ str bool ])); default = null; - description = lib.mdDoc '' + description = '' Options to pass to rclone to control its behavior. See <https://rclone.org/docs/#options> for available options. When specifying option names, strip the @@ -50,7 +50,7 @@ in rcloneConfig = mkOption { type = with types; nullOr (attrsOf (oneOf [ str bool ])); default = null; - description = lib.mdDoc '' + description = '' Configuration for the rclone remote being used for backup. See the remote's specific options under rclone's docs at <https://rclone.org/docs/>. When specifying @@ -74,7 +74,7 @@ in rcloneConfigFile = mkOption { type = with types; nullOr path; default = null; - description = lib.mdDoc '' + description = '' Path to the file containing rclone configuration. This file must contain configuration for the remote specified in this backup set and also must be readable by root. Options set in @@ -86,7 +86,7 @@ in repository = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' repository to backup to. ''; example = "sftp:backup@192.168.1.100:/backups/${name}"; @@ -95,7 +95,7 @@ in repositoryFile = mkOption { type = with types; nullOr path; default = null; - description = lib.mdDoc '' + description = '' Path to the file containing the repository location to backup to. ''; }; @@ -105,7 +105,7 @@ in # after some time has passed since this comment was added. type = types.nullOr (types.listOf types.str); default = [ ]; - description = lib.mdDoc '' + description = '' Which paths to backup, in addition to ones specified via `dynamicFilesFrom`. If null or an empty array and `dynamicFilesFrom` is also null, no backup command will be run. @@ -120,7 +120,7 @@ in exclude = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc '' + description = '' Patterns to exclude when backing up. See https://restic.readthedocs.io/en/latest/040_backup.html#excluding-files for details on syntax. @@ -138,7 +138,7 @@ in OnCalendar = "daily"; Persistent = true; }; - description = lib.mdDoc '' + description = '' When to run the backup. See {manpage}`systemd.timer(5)` for details. If null no timer is created and the backup will only run when explicitly started. @@ -153,7 +153,7 @@ in user = mkOption { type = types.str; default = "root"; - description = lib.mdDoc '' + description = '' As which user the backup should run. ''; example = "postgresql"; @@ -162,7 +162,7 @@ in extraBackupArgs = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc '' + description = '' Extra arguments passed to restic backup. ''; example = [ @@ -173,7 +173,7 @@ in extraOptions = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc '' + description = '' Extra extended options to be passed to the restic --option flag. ''; example = [ @@ -184,7 +184,7 @@ in initialize = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Create the repository if it doesn't exist. ''; }; @@ -192,7 +192,7 @@ in pruneOpts = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc '' + description = '' A list of options (--keep-\* et al.) for 'restic forget --prune', to automatically prune old snapshots. The 'forget' command is run *after* the 'backup' command, so @@ -209,7 +209,7 @@ in checkOpts = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc '' + description = '' A list of options for 'restic check', which is run after pruning. ''; @@ -221,7 +221,7 @@ in dynamicFilesFrom = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' A script that produces a list of files to back up. The results of this command are given to the '--files-from' option. The result is merged with paths specified via `paths`. @@ -232,7 +232,7 @@ in backupPrepareCommand = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' A script that must run before starting the backup process. ''; }; @@ -240,7 +240,7 @@ in backupCleanupCommand = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' A script that must run after finishing the backup process. ''; }; diff --git a/nixpkgs/nixos/modules/services/backup/rsnapshot.nix b/nixpkgs/nixos/modules/services/backup/rsnapshot.nix index 0b9bb60af0ea..6635a51ec2c6 100644 --- a/nixpkgs/nixos/modules/services/backup/rsnapshot.nix +++ b/nixpkgs/nixos/modules/services/backup/rsnapshot.nix @@ -22,9 +22,9 @@ in { options = { services.rsnapshot = { - enable = mkEnableOption (lib.mdDoc "rsnapshot backups"); + enable = mkEnableOption "rsnapshot backups"; enableManualRsnapshot = mkOption { - description = lib.mdDoc "Whether to enable manual usage of the rsnapshot command with this module."; + description = "Whether to enable manual usage of the rsnapshot command with this module."; default = true; type = types.bool; }; @@ -37,7 +37,7 @@ in backup /home/ localhost/ ''; type = types.lines; - description = lib.mdDoc '' + description = '' rsnapshot configuration option in addition to the defaults from rsnapshot and this module. @@ -53,7 +53,7 @@ in default = {}; example = { hourly = "0 * * * *"; daily = "50 21 * * *"; }; type = types.attrsOf types.str; - description = lib.mdDoc '' + description = '' Periodicity at which intervals should be run by cron. Note that the intervals also have to exist in configuration as retain options. diff --git a/nixpkgs/nixos/modules/services/backup/sanoid.nix b/nixpkgs/nixos/modules/services/backup/sanoid.nix index 46d1de4ed934..1b9ace358cab 100644 --- a/nixpkgs/nixos/modules/services/backup/sanoid.nix +++ b/nixpkgs/nixos/modules/services/backup/sanoid.nix @@ -12,37 +12,37 @@ let commonOptions = { hourly = mkOption { - description = lib.mdDoc "Number of hourly snapshots."; + description = "Number of hourly snapshots."; type = with types; nullOr ints.unsigned; default = null; }; daily = mkOption { - description = lib.mdDoc "Number of daily snapshots."; + description = "Number of daily snapshots."; type = with types; nullOr ints.unsigned; default = null; }; monthly = mkOption { - description = lib.mdDoc "Number of monthly snapshots."; + description = "Number of monthly snapshots."; type = with types; nullOr ints.unsigned; default = null; }; yearly = mkOption { - description = lib.mdDoc "Number of yearly snapshots."; + description = "Number of yearly snapshots."; type = with types; nullOr ints.unsigned; default = null; }; autoprune = mkOption { - description = lib.mdDoc "Whether to automatically prune old snapshots."; + description = "Whether to automatically prune old snapshots."; type = with types; nullOr bool; default = null; }; autosnap = mkOption { - description = lib.mdDoc "Whether to automatically take snapshots."; + description = "Whether to automatically take snapshots."; type = with types; nullOr bool; default = null; }; @@ -50,7 +50,7 @@ let datasetOptions = rec { use_template = mkOption { - description = lib.mdDoc "Names of the templates to use for this dataset."; + description = "Names of the templates to use for this dataset."; type = types.listOf (types.str // { check = (types.enum (attrNames cfg.templates)).check; description = "configured template name"; @@ -60,7 +60,7 @@ let useTemplate = use_template; recursive = mkOption { - description = lib.mdDoc '' + description = '' Whether to recursively snapshot dataset children. You can also set this to `"zfs"` to handle datasets recursively in an atomic way without the possibility to @@ -71,7 +71,7 @@ let }; process_children_only = mkOption { - description = lib.mdDoc "Whether to only snapshot child datasets if recursing."; + description = "Whether to only snapshot child datasets if recursing."; type = types.bool; default = false; }; @@ -112,7 +112,7 @@ in # Interface options.services.sanoid = { - enable = mkEnableOption (lib.mdDoc "Sanoid ZFS snapshotting service"); + enable = mkEnableOption "Sanoid ZFS snapshotting service"; package = lib.mkPackageOption pkgs "sanoid" {}; @@ -120,7 +120,7 @@ in type = types.str; default = "hourly"; example = "daily"; - description = lib.mdDoc '' + description = '' Run sanoid at this interval. The default is to run hourly. The format is described in @@ -136,7 +136,7 @@ in config.process_children_only = modules.mkAliasAndWrapDefsWithPriority id (options.processChildrenOnly or { }); })); default = { }; - description = lib.mdDoc "Datasets to snapshot."; + description = "Datasets to snapshot."; }; templates = mkOption { @@ -145,12 +145,12 @@ in options = commonOptions; }); default = { }; - description = lib.mdDoc "Templates for datasets."; + description = "Templates for datasets."; }; settings = mkOption { type = types.attrsOf datasetSettingsType; - description = lib.mdDoc '' + description = '' Free-form settings written directly to the config file. See <https://github.com/jimsalterjrs/sanoid/blob/master/sanoid.defaults.conf> for allowed values. @@ -161,7 +161,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "--verbose" "--readonly" "--debug" ]; - description = lib.mdDoc '' + description = '' Extra arguments to pass to sanoid. See <https://github.com/jimsalterjrs/sanoid/#sanoid-command-line-options> for allowed options. diff --git a/nixpkgs/nixos/modules/services/backup/snapraid.nix b/nixpkgs/nixos/modules/services/backup/snapraid.nix index c9b2550e80e8..a621c9f62ff7 100644 --- a/nixpkgs/nixos/modules/services/backup/snapraid.nix +++ b/nixpkgs/nixos/modules/services/backup/snapraid.nix @@ -11,7 +11,7 @@ in ]; options.services.snapraid = with types; { - enable = mkEnableOption (lib.mdDoc "SnapRAID"); + enable = mkEnableOption "SnapRAID"; dataDisks = mkOption { default = { }; example = { @@ -19,7 +19,7 @@ in d2 = "/mnt/disk2/"; d3 = "/mnt/disk3/"; }; - description = lib.mdDoc "SnapRAID data disks."; + description = "SnapRAID data disks."; type = attrsOf str; }; parityFiles = mkOption { @@ -32,7 +32,7 @@ in "/mnt/diskt/snapraid.5-parity" "/mnt/disku/snapraid.6-parity" ]; - description = lib.mdDoc "SnapRAID parity files."; + description = "SnapRAID parity files."; type = listOf str; }; contentFiles = mkOption { @@ -42,46 +42,46 @@ in "/mnt/disk1/snapraid.content" "/mnt/disk2/snapraid.content" ]; - description = lib.mdDoc "SnapRAID content list files."; + description = "SnapRAID content list files."; type = listOf str; }; exclude = mkOption { default = [ ]; example = [ "*.unrecoverable" "/tmp/" "/lost+found/" ]; - description = lib.mdDoc "SnapRAID exclude directives."; + description = "SnapRAID exclude directives."; type = listOf str; }; touchBeforeSync = mkOption { default = true; example = false; - description = lib.mdDoc + description = "Whether {command}`snapraid touch` should be run before {command}`snapraid sync`."; type = bool; }; sync.interval = mkOption { default = "01:00"; example = "daily"; - description = lib.mdDoc "How often to run {command}`snapraid sync`."; + description = "How often to run {command}`snapraid sync`."; type = str; }; scrub = { interval = mkOption { default = "Mon *-*-* 02:00:00"; example = "weekly"; - description = lib.mdDoc "How often to run {command}`snapraid scrub`."; + description = "How often to run {command}`snapraid scrub`."; type = str; }; plan = mkOption { default = 8; example = 5; - description = lib.mdDoc + description = "Percent of the array that should be checked by {command}`snapraid scrub`."; type = int; }; olderThan = mkOption { default = 10; example = 20; - description = lib.mdDoc + description = "Number of days since data was last scrubbed before it can be scrubbed again."; type = int; }; @@ -95,7 +95,7 @@ in autosave 500 pool /pool ''; - description = lib.mdDoc "Extra config options for SnapRAID."; + description = "Extra config options for SnapRAID."; type = lines; }; }; diff --git a/nixpkgs/nixos/modules/services/backup/syncoid.nix b/nixpkgs/nixos/modules/services/backup/syncoid.nix index 4a04f0aa1622..ec9ccaa46d42 100644 --- a/nixpkgs/nixos/modules/services/backup/syncoid.nix +++ b/nixpkgs/nixos/modules/services/backup/syncoid.nix @@ -85,7 +85,7 @@ in # Interface options.services.syncoid = { - enable = mkEnableOption (lib.mdDoc "Syncoid ZFS synchronization service"); + enable = mkEnableOption "Syncoid ZFS synchronization service"; package = lib.mkPackageOption pkgs "sanoid" {}; @@ -93,7 +93,7 @@ in type = types.str; default = "hourly"; example = "*-*-* *:15:00"; - description = lib.mdDoc '' + description = '' Run syncoid at this interval. The default is to run hourly. The format is described in @@ -105,7 +105,7 @@ in type = types.str; default = "syncoid"; example = "backup"; - description = lib.mdDoc '' + description = '' The user for the service. ZFS privilege delegation will be automatically configured for any local pools used by syncoid if this option is set to a user other than root. The user will be given the @@ -119,13 +119,13 @@ in type = types.str; default = "syncoid"; example = "backup"; - description = lib.mdDoc "The group for the service."; + description = "The group for the service."; }; sshKey = mkOption { type = with types; nullOr (coercedTo path toString str); default = null; - description = lib.mdDoc '' + description = '' SSH private key file to use to login to the remote system. Can be overridden in individual commands. ''; @@ -135,7 +135,7 @@ in type = types.listOf types.str; # Permissions snapshot and destroy are in case --no-sync-snap is not used default = [ "bookmark" "hold" "send" "snapshot" "destroy" "mount" ]; - description = lib.mdDoc '' + description = '' Permissions granted for the {option}`services.syncoid.user` user for local source datasets. See <https://openzfs.github.io/openzfs-docs/man/8/zfs-allow.8.html> @@ -147,7 +147,7 @@ in type = types.listOf types.str; default = [ "change-key" "compression" "create" "mount" "mountpoint" "receive" "rollback" ]; example = [ "create" "mount" "receive" "rollback" ]; - description = lib.mdDoc '' + description = '' Permissions granted for the {option}`services.syncoid.user` user for local target datasets. See <https://openzfs.github.io/openzfs-docs/man/8/zfs-allow.8.html> @@ -162,7 +162,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "--no-sync-snap" ]; - description = lib.mdDoc '' + description = '' Arguments to add to every syncoid command, unless disabled for that command. See <https://github.com/jimsalterjrs/sanoid/#syncoid-command-line-options> @@ -173,7 +173,7 @@ in service = mkOption { type = types.attrs; default = { }; - description = lib.mdDoc '' + description = '' Systemd configuration common to all syncoid services. ''; }; @@ -184,7 +184,7 @@ in source = mkOption { type = types.str; example = "pool/dataset"; - description = lib.mdDoc '' + description = '' Source ZFS dataset. Can be either local or remote. Defaults to the attribute name. ''; @@ -193,18 +193,18 @@ in target = mkOption { type = types.str; example = "user@server:pool/dataset"; - description = lib.mdDoc '' + description = '' Target ZFS dataset. Can be either local («pool/dataset») or remote («user@server:pool/dataset»). ''; }; - recursive = mkEnableOption (lib.mdDoc ''the transfer of child datasets''); + recursive = mkEnableOption ''the transfer of child datasets''; sshKey = mkOption { type = with types; nullOr (coercedTo path toString str); - description = lib.mdDoc '' + description = '' SSH private key file to use to login to the remote system. Defaults to {option}`services.syncoid.sshKey` option. ''; @@ -212,7 +212,7 @@ in localSourceAllow = mkOption { type = types.listOf types.str; - description = lib.mdDoc '' + description = '' Permissions granted for the {option}`services.syncoid.user` user for local source datasets. See <https://openzfs.github.io/openzfs-docs/man/8/zfs-allow.8.html> @@ -223,7 +223,7 @@ in localTargetAllow = mkOption { type = types.listOf types.str; - description = lib.mdDoc '' + description = '' Permissions granted for the {option}`services.syncoid.user` user for local target datasets. See <https://openzfs.github.io/openzfs-docs/man/8/zfs-allow.8.html> @@ -238,7 +238,7 @@ in type = types.separatedString " "; default = ""; example = "Lc e"; - description = lib.mdDoc '' + description = '' Advanced options to pass to zfs send. Options are specified without their leading dashes and separated by spaces. ''; @@ -248,7 +248,7 @@ in type = types.separatedString " "; default = ""; example = "ux recordsize o compression=lz4"; - description = lib.mdDoc '' + description = '' Advanced options to pass to zfs recv. Options are specified without their leading dashes and separated by spaces. ''; @@ -257,7 +257,7 @@ in useCommonArgs = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to add the configured common arguments to this command. ''; }; @@ -265,7 +265,7 @@ in service = mkOption { type = types.attrs; default = { }; - description = lib.mdDoc '' + description = '' Systemd configuration specific to this syncoid service. ''; }; @@ -274,7 +274,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "--sshport 2222" ]; - description = lib.mdDoc "Extra syncoid arguments for this command."; + description = "Extra syncoid arguments for this command."; }; }; config = { @@ -290,7 +290,7 @@ in "pool/test".target = "root@target:pool/test"; } ''; - description = lib.mdDoc "Syncoid commands to run."; + description = "Syncoid commands to run."; }; }; diff --git a/nixpkgs/nixos/modules/services/backup/tarsnap.nix b/nixpkgs/nixos/modules/services/backup/tarsnap.nix index 9e1db23ca22a..b8f848451d40 100644 --- a/nixpkgs/nixos/modules/services/backup/tarsnap.nix +++ b/nixpkgs/nixos/modules/services/backup/tarsnap.nix @@ -30,14 +30,14 @@ in options = { services.tarsnap = { - enable = mkEnableOption (lib.mdDoc "periodic tarsnap backups"); + enable = mkEnableOption "periodic tarsnap backups"; package = mkPackageOption pkgs "tarsnap" { }; keyfile = mkOption { type = types.str; default = "/root/tarsnap.key"; - description = lib.mdDoc '' + description = '' The keyfile which associates this machine with your tarsnap account. Create the keyfile with {command}`tarsnap-keygen`. @@ -69,7 +69,7 @@ in type = types.str; default = gcfg.keyfile; defaultText = literalExpression "config.${opt.keyfile}"; - description = lib.mdDoc '' + description = '' Set a specific keyfile for this archive. This defaults to `"/root/tarsnap.key"` if left unspecified. @@ -94,7 +94,7 @@ in defaultText = literalExpression '' "/var/cache/tarsnap/''${utils.escapeSystemdPath config.${options.keyfile}}" ''; - description = lib.mdDoc '' + description = '' The cache allows tarsnap to identify previously stored data blocks, reducing archival time and bandwidth usage. @@ -109,7 +109,7 @@ in nodump = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Exclude files with the `nodump` flag. ''; }; @@ -117,7 +117,7 @@ in printStats = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Print global archive statistics upon completion. The output is available via {command}`systemctl status tarsnap-archive-name`. @@ -127,7 +127,7 @@ in checkpointBytes = mkOption { type = types.nullOr types.str; default = "1GB"; - description = lib.mdDoc '' + description = '' Create a checkpoint every `checkpointBytes` of uploaded data (optionally specified using an SI prefix). @@ -142,7 +142,7 @@ in type = types.str; default = "01:15"; example = "hourly"; - description = lib.mdDoc '' + description = '' Create archive at this interval. The format is described in @@ -153,7 +153,7 @@ in aggressiveNetworking = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Upload data over multiple TCP connections, potentially increasing tarsnap's bandwidth utilisation at the cost of slowing down all other network traffic. Not @@ -165,13 +165,13 @@ in directories = mkOption { type = types.listOf types.path; default = []; - description = lib.mdDoc "List of filesystem paths to archive."; + description = "List of filesystem paths to archive."; }; excludes = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' Exclude files and directories matching these patterns. ''; }; @@ -179,7 +179,7 @@ in includes = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' Include only files and directories matching these patterns (the empty list includes everything). @@ -190,7 +190,7 @@ in lowmem = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Reduce memory consumption by not caching small files. Possibly beneficial if the average file size is smaller than 1 MB and the number of files is lower than the @@ -201,7 +201,7 @@ in verylowmem = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Reduce memory consumption by a factor of 2 beyond what `lowmem` does, at the cost of significantly slowing down the archiving process. @@ -211,7 +211,7 @@ in maxbw = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' Abort archival if upstream bandwidth usage in bytes exceeds this threshold. ''; @@ -221,7 +221,7 @@ in type = types.nullOr types.int; default = null; example = literalExpression "25 * 1000"; - description = lib.mdDoc '' + description = '' Upload bandwidth rate limit in bytes. ''; }; @@ -230,7 +230,7 @@ in type = types.nullOr types.int; default = null; example = literalExpression "50 * 1000"; - description = lib.mdDoc '' + description = '' Download bandwidth rate limit in bytes. ''; }; @@ -238,21 +238,21 @@ in verbose = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to produce verbose logging output. ''; }; explicitSymlinks = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to follow symlinks specified as archives. ''; }; followSymlinks = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to follow all symlinks in archive trees. ''; }; @@ -275,7 +275,7 @@ in } ''; - description = lib.mdDoc '' + description = '' Tarsnap archive configurations. Each attribute names an archive to be created at a given time interval, according to the options associated with it. When uploading to the tarsnap server, diff --git a/nixpkgs/nixos/modules/services/backup/tsm.nix b/nixpkgs/nixos/modules/services/backup/tsm.nix index 2d727dccdece..dc5d8f09e069 100644 --- a/nixpkgs/nixos/modules/services/backup/tsm.nix +++ b/nixpkgs/nixos/modules/services/backup/tsm.nix @@ -9,17 +9,17 @@ let inherit (lib.types) nonEmptyStr nullOr; options.services.tsmBackup = { - enable = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption '' automatic backups with the IBM Storage Protect (Tivoli Storage Manager, TSM) client. This also enables {option}`programs.tsmClient.enable` - ''); + ''; command = mkOption { type = nonEmptyStr; default = "backup"; example = "incr"; - description = lib.mdDoc '' + description = '' The actual command passed to the `dsmc` executable to start the backup. ''; @@ -27,7 +27,7 @@ let servername = mkOption { type = nonEmptyStr; example = "mainTsmServer"; - description = lib.mdDoc '' + description = '' Create a systemd system service `tsm-backup.service` that starts a backup based on the given servername's stanza. @@ -45,7 +45,7 @@ let type = nullOr nonEmptyStr; default = null; example = "12:00"; - description = lib.mdDoc '' + description = '' The backup service will be invoked automatically at the given date/time, which must be in the format described in @@ -90,7 +90,7 @@ in environment.HOME = "/var/lib/tsm-backup"; serviceConfig = { # for exit status description see - # https://www.ibm.com/docs/en/storage-protect/8.1.21?topic=clients-client-return-codes + # https://www.ibm.com/docs/en/storage-protect/8.1.22?topic=clients-client-return-codes SuccessExitStatus = "4 8"; # The `-se` option must come after the command. # The `-optfile` option suppresses a `dsm.opt`-not-found warning. diff --git a/nixpkgs/nixos/modules/services/backup/zfs-replication.nix b/nixpkgs/nixos/modules/services/backup/zfs-replication.nix index 8e7059e5b59d..c89d6fb8ad60 100644 --- a/nixpkgs/nixos/modules/services/backup/zfs-replication.nix +++ b/nixpkgs/nixos/modules/services/backup/zfs-replication.nix @@ -9,46 +9,46 @@ let in { options = { services.zfs.autoReplication = { - enable = mkEnableOption (lib.mdDoc "ZFS snapshot replication"); + enable = mkEnableOption "ZFS snapshot replication"; followDelete = mkOption { - description = lib.mdDoc "Remove remote snapshots that don't have a local correspondent."; + description = "Remove remote snapshots that don't have a local correspondent."; default = true; type = types.bool; }; host = mkOption { - description = lib.mdDoc "Remote host where snapshots should be sent. `lz4` is expected to be installed on this host."; + description = "Remote host where snapshots should be sent. `lz4` is expected to be installed on this host."; example = "example.com"; type = types.str; }; identityFilePath = mkOption { - description = lib.mdDoc "Path to SSH key used to login to host."; + description = "Path to SSH key used to login to host."; example = "/home/username/.ssh/id_rsa"; type = types.path; }; localFilesystem = mkOption { - description = lib.mdDoc "Local ZFS filesystem from which snapshots should be sent. Defaults to the attribute name."; + description = "Local ZFS filesystem from which snapshots should be sent. Defaults to the attribute name."; example = "pool/file/path"; type = types.str; }; remoteFilesystem = mkOption { - description = lib.mdDoc "Remote ZFS filesystem where snapshots should be sent."; + description = "Remote ZFS filesystem where snapshots should be sent."; example = "pool/file/path"; type = types.str; }; recursive = mkOption { - description = lib.mdDoc "Recursively discover snapshots to send."; + description = "Recursively discover snapshots to send."; default = true; type = types.bool; }; username = mkOption { - description = lib.mdDoc "Username used by SSH to login to remote host."; + description = "Username used by SSH to login to remote host."; example = "username"; type = types.str; }; diff --git a/nixpkgs/nixos/modules/services/backup/znapzend.nix b/nixpkgs/nixos/modules/services/backup/znapzend.nix index 2ebe8ad2f69a..7f2c89edbf37 100644 --- a/nixpkgs/nixos/modules/services/backup/znapzend.nix +++ b/nixpkgs/nixos/modules/services/backup/znapzend.nix @@ -52,24 +52,24 @@ let label = mkOption { type = str; - description = lib.mdDoc "Label for this destination. Defaults to the attribute name."; + description = "Label for this destination. Defaults to the attribute name."; }; plan = mkOption { type = str; - description = lib.mdDoc planDescription; + description = planDescription; example = planExample; }; dataset = mkOption { type = str; - description = lib.mdDoc "Dataset name to send snapshots to."; + description = "Dataset name to send snapshots to."; example = "tank/main"; }; host = mkOption { type = nullOr str; - description = lib.mdDoc '' + description = '' Host to use for the destination dataset. Can be prefixed with `user@` to specify the ssh user. ''; @@ -79,7 +79,7 @@ let presend = mkOption { type = nullOr str; - description = lib.mdDoc '' + description = '' Command to run before sending the snapshot to the destination. Intended to run a remote script via {command}`ssh` on the destination, e.g. to bring up a backup disk or server or to put a @@ -91,7 +91,7 @@ let postsend = mkOption { type = nullOr str; - description = lib.mdDoc '' + description = '' Command to run after sending the snapshot to the destination. Intended to run a remote script via {command}`ssh` on the destination, e.g. to bring up a backup disk or server or to put a @@ -115,26 +115,26 @@ let enable = mkOption { type = bool; - description = lib.mdDoc "Whether to enable this source."; + description = "Whether to enable this source."; default = true; }; recursive = mkOption { type = bool; - description = lib.mdDoc "Whether to do recursive snapshots."; + description = "Whether to do recursive snapshots."; default = false; }; mbuffer = { enable = mkOption { type = bool; - description = lib.mdDoc "Whether to use {command}`mbuffer`."; + description = "Whether to use {command}`mbuffer`."; default = false; }; port = mkOption { type = nullOr ints.u16; - description = lib.mdDoc '' + description = '' Port to use for {command}`mbuffer`. If this is null, it will run {command}`mbuffer` through @@ -149,7 +149,7 @@ let size = mkOption { type = mbufferSizeType; - description = lib.mdDoc '' + description = '' The size for {command}`mbuffer`. Supports the units b, k, M, G. ''; @@ -160,7 +160,7 @@ let presnap = mkOption { type = nullOr str; - description = lib.mdDoc '' + description = '' Command to run before snapshots are taken on the source dataset, e.g. for database locking/flushing. See also {option}`postsnap`. @@ -173,7 +173,7 @@ let postsnap = mkOption { type = nullOr str; - description = lib.mdDoc '' + description = '' Command to run after snapshots are taken on the source dataset, e.g. for database unlocking. See also {option}`presnap`. ''; @@ -185,7 +185,7 @@ let timestampFormat = mkOption { type = timestampType; - description = lib.mdDoc '' + description = '' The timestamp format to use for constructing snapshot names. The syntax is `strftime`-like. The string must consist of the mandatory `%Y %m %d %H %M %S`. @@ -199,7 +199,7 @@ let sendDelay = mkOption { type = int; - description = lib.mdDoc '' + description = '' Specify delay (in seconds) before sending snaps to the destination. May be useful if you want to control sending time. ''; @@ -209,19 +209,19 @@ let plan = mkOption { type = str; - description = lib.mdDoc planDescription; + description = planDescription; example = planExample; }; dataset = mkOption { type = str; - description = lib.mdDoc "The dataset to use for this source."; + description = "The dataset to use for this source."; example = "tank/home"; }; destinations = mkOption { type = attrsOf (destType config); - description = lib.mdDoc "Additional destinations."; + description = "Additional destinations."; default = {}; example = literalExpression '' { @@ -294,13 +294,13 @@ in { options = { services.znapzend = { - enable = mkEnableOption (lib.mdDoc "ZnapZend ZFS backup daemon"); + enable = mkEnableOption "ZnapZend ZFS backup daemon"; logLevel = mkOption { default = "debug"; example = "warning"; type = enum ["debug" "info" "warning" "err" "alert"]; - description = lib.mdDoc '' + description = '' The log level when logging to file. Any of debug, info, warning, err, alert. Default in daemonized form is debug. ''; @@ -310,26 +310,34 @@ in type = str; default = "syslog::daemon"; example = "/var/log/znapzend.log"; - description = lib.mdDoc '' + description = '' Where to log to (syslog::\<facility\> or \<filepath\>). ''; }; + mailErrorSummaryTo = mkOption { + type = singleLineStr; + default = ""; + description = '' + Email address to send a summary to if "send task(s) failed". + ''; + }; + noDestroy = mkOption { type = bool; default = false; - description = lib.mdDoc "Does all changes to the filesystem except destroy."; + description = "Does all changes to the filesystem except destroy."; }; autoCreation = mkOption { type = bool; default = false; - description = lib.mdDoc "Automatically create the destination dataset if it does not exist."; + description = "Automatically create the destination dataset if it does not exist."; }; zetup = mkOption { type = attrsOf srcType; - description = lib.mdDoc "Znapzend configuration."; + description = "Znapzend configuration."; default = {}; example = literalExpression '' { @@ -350,7 +358,7 @@ in pure = mkOption { type = bool; - description = lib.mdDoc '' + description = '' Do not persist any stateful znapzend setups. If this option is enabled, your previously set znapzend setups will be cleared and only the ones defined with this module will be applied. @@ -358,17 +366,17 @@ in default = false; }; - features.oracleMode = mkEnableOption (lib.mdDoc '' + features.oracleMode = mkEnableOption '' destroying snapshots one by one instead of using one long argument list. If source and destination are out of sync for a long time, you may have so many snapshots to destroy that the argument gets is too long and the command fails - ''); - features.recvu = mkEnableOption (lib.mdDoc '' + ''; + features.recvu = mkEnableOption '' recvu feature which uses `-u` on the receiving end to keep the destination filesystem unmounted - ''); - features.compressed = mkEnableOption (lib.mdDoc '' + ''; + features.compressed = mkEnableOption '' compressed feature which adds the options `-Lce` to the {command}`zfs send` command. When this is enabled, make sure that both the sending and receiving pool have the same relevant @@ -378,8 +386,8 @@ in {manpage}`znapzend(1)` and {manpage}`zfs(8)` for more info - ''); - features.sendRaw = mkEnableOption (lib.mdDoc '' + ''; + features.sendRaw = mkEnableOption '' sendRaw feature which adds the options `-w` to the {command}`zfs send` command. For encrypted source datasets this instructs zfs not to decrypt before sending which results in a remote @@ -387,23 +395,23 @@ in when the remote isn't fully trusted or not physically secure. This option must be used consistently, raw incrementals cannot be based on non-raw snapshots and vice versa - ''); - features.skipIntermediates = mkEnableOption (lib.mdDoc '' + ''; + features.skipIntermediates = mkEnableOption '' the skipIntermediates feature to send a single increment between latest common snapshot and the newly made one. It may skip several source snaps if the destination was offline for some time, and it should skip snapshots not managed by znapzend. Normally for online destinations, the new snapshot is sent as soon as it is created on the source, so there are no automatic increments to skip - ''); - features.lowmemRecurse = mkEnableOption (lib.mdDoc '' + ''; + features.lowmemRecurse = mkEnableOption '' use lowmemRecurse on systems where you have too many datasets, so a recursive listing of attributes to find backup plans exhausts the memory available to {command}`znapzend`: instead, go the slower way to first list all impacted dataset names, and then query their configs one by one - ''); - features.zfsGetType = mkEnableOption (lib.mdDoc '' + ''; + features.zfsGetType = mkEnableOption '' using zfsGetType if your {command}`zfs get` supports a `-t` argument for filtering by dataset type at all AND lists properties for snapshots by default when recursing, so that there @@ -413,7 +421,7 @@ in differ by hundreds of times (depending on the amount of snapshots in that dataset tree... and a decent backup plan will ensure you have a lot of those), so you would benefit from requesting this feature - ''); + ''; }; }; @@ -455,6 +463,8 @@ in "--loglevel=${cfg.logLevel}" (optionalString cfg.noDestroy "--nodestroy") (optionalString cfg.autoCreation "--autoCreation") + (optionalString (cfg.mailErrorSummaryTo != "") + "--mailErrorSummaryTo=${cfg.mailErrorSummaryTo}") (optionalString (enabledFeatures != []) "--features=${concatStringsSep "," enabledFeatures}") ]; in "${pkgs.znapzend}/bin/znapzend ${args}"; @@ -465,5 +475,5 @@ in }; }; - meta.maintainers = with maintainers; [ infinisil SlothOfAnarchy ]; + meta.maintainers = with maintainers; [ SlothOfAnarchy ]; } diff --git a/nixpkgs/nixos/modules/services/backup/zrepl.nix b/nixpkgs/nixos/modules/services/backup/zrepl.nix index 8475a347429e..a0e9a0da7e49 100644 --- a/nixpkgs/nixos/modules/services/backup/zrepl.nix +++ b/nixpkgs/nixos/modules/services/backup/zrepl.nix @@ -11,13 +11,13 @@ in options = { services.zrepl = { - enable = mkEnableOption (lib.mdDoc "zrepl"); + enable = mkEnableOption "zrepl"; package = mkPackageOption pkgs "zrepl" { }; settings = mkOption { default = { }; - description = lib.mdDoc '' + description = '' Configuration for zrepl. See <https://zrepl.github.io/configuration.html> for more information. ''; diff --git a/nixpkgs/nixos/modules/services/blockchain/ethereum/erigon.nix b/nixpkgs/nixos/modules/services/blockchain/ethereum/erigon.nix index b8edee33e7c6..24705b3433df 100644 --- a/nixpkgs/nixos/modules/services/blockchain/ethereum/erigon.nix +++ b/nixpkgs/nixos/modules/services/blockchain/ethereum/erigon.nix @@ -11,19 +11,19 @@ in { options = { services.erigon = { - enable = mkEnableOption (lib.mdDoc "Ethereum implementation on the efficiency frontier"); + enable = mkEnableOption "Ethereum implementation on the efficiency frontier"; package = mkPackageOption pkgs "erigon" { }; extraArgs = mkOption { type = types.listOf types.str; - description = lib.mdDoc "Additional arguments passed to Erigon"; + description = "Additional arguments passed to Erigon"; default = [ ]; }; secretJwtPath = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' Path to the secret jwt used for the http api authentication. ''; default = ""; @@ -31,7 +31,7 @@ in { }; settings = mkOption { - description = lib.mdDoc '' + description = '' Configuration for Erigon Refer to <https://github.com/ledgerwatch/erigon#usage> for details on supported values. ''; diff --git a/nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix b/nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix index f07dfa4dc711..f2a7e080ada1 100644 --- a/nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix +++ b/nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix @@ -9,129 +9,129 @@ let options = { - enable = lib.mkEnableOption (lib.mdDoc "Go Ethereum Node"); + enable = lib.mkEnableOption "Go Ethereum Node"; port = mkOption { type = types.port; default = 30303; - description = lib.mdDoc "Port number Go Ethereum will be listening on, both TCP and UDP."; + description = "Port number Go Ethereum will be listening on, both TCP and UDP."; }; http = { - enable = lib.mkEnableOption (lib.mdDoc "Go Ethereum HTTP API"); + enable = lib.mkEnableOption "Go Ethereum HTTP API"; address = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc "Listen address of Go Ethereum HTTP API."; + description = "Listen address of Go Ethereum HTTP API."; }; port = mkOption { type = types.port; default = 8545; - description = lib.mdDoc "Port number of Go Ethereum HTTP API."; + description = "Port number of Go Ethereum HTTP API."; }; apis = mkOption { type = types.nullOr (types.listOf types.str); default = null; - description = lib.mdDoc "APIs to enable over WebSocket"; + description = "APIs to enable over WebSocket"; example = ["net" "eth"]; }; }; websocket = { - enable = lib.mkEnableOption (lib.mdDoc "Go Ethereum WebSocket API"); + enable = lib.mkEnableOption "Go Ethereum WebSocket API"; address = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc "Listen address of Go Ethereum WebSocket API."; + description = "Listen address of Go Ethereum WebSocket API."; }; port = mkOption { type = types.port; default = 8546; - description = lib.mdDoc "Port number of Go Ethereum WebSocket API."; + description = "Port number of Go Ethereum WebSocket API."; }; apis = mkOption { type = types.nullOr (types.listOf types.str); default = null; - description = lib.mdDoc "APIs to enable over WebSocket"; + description = "APIs to enable over WebSocket"; example = ["net" "eth"]; }; }; authrpc = { - enable = lib.mkEnableOption (lib.mdDoc "Go Ethereum Auth RPC API"); + enable = lib.mkEnableOption "Go Ethereum Auth RPC API"; address = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc "Listen address of Go Ethereum Auth RPC API."; + description = "Listen address of Go Ethereum Auth RPC API."; }; port = mkOption { type = types.port; default = 8551; - description = lib.mdDoc "Port number of Go Ethereum Auth RPC API."; + description = "Port number of Go Ethereum Auth RPC API."; }; vhosts = mkOption { type = types.nullOr (types.listOf types.str); default = ["localhost"]; - description = lib.mdDoc "List of virtual hostnames from which to accept requests."; + description = "List of virtual hostnames from which to accept requests."; example = ["localhost" "geth.example.org"]; }; jwtsecret = mkOption { type = types.str; default = ""; - description = lib.mdDoc "Path to a JWT secret for authenticated RPC endpoint."; + description = "Path to a JWT secret for authenticated RPC endpoint."; example = "/var/run/geth/jwtsecret"; }; }; metrics = { - enable = lib.mkEnableOption (lib.mdDoc "Go Ethereum prometheus metrics"); + enable = lib.mkEnableOption "Go Ethereum prometheus metrics"; address = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc "Listen address of Go Ethereum metrics service."; + description = "Listen address of Go Ethereum metrics service."; }; port = mkOption { type = types.port; default = 6060; - description = lib.mdDoc "Port number of Go Ethereum metrics service."; + description = "Port number of Go Ethereum metrics service."; }; }; network = mkOption { type = types.nullOr (types.enum [ "goerli" "rinkeby" "yolov2" "ropsten" ]); default = null; - description = lib.mdDoc "The network to connect to. Mainnet (null) is the default ethereum network."; + description = "The network to connect to. Mainnet (null) is the default ethereum network."; }; syncmode = mkOption { type = types.enum [ "snap" "fast" "full" "light" ]; default = "snap"; - description = lib.mdDoc "Blockchain sync mode."; + description = "Blockchain sync mode."; }; gcmode = mkOption { type = types.enum [ "full" "archive" ]; default = "full"; - description = lib.mdDoc "Blockchain garbage collection mode."; + description = "Blockchain garbage collection mode."; }; maxpeers = mkOption { type = types.int; default = 50; - description = lib.mdDoc "Maximum peers to connect to."; + description = "Maximum peers to connect to."; }; extraArgs = mkOption { type = types.listOf types.str; - description = lib.mdDoc "Additional arguments passed to Go Ethereum."; + description = "Additional arguments passed to Go Ethereum."; default = []; }; @@ -148,7 +148,7 @@ in services.geth = mkOption { type = types.attrsOf (types.submodule gethOpts); default = {}; - description = lib.mdDoc "Specification of one or more geth instances."; + description = "Specification of one or more geth instances."; }; }; diff --git a/nixpkgs/nixos/modules/services/blockchain/ethereum/lighthouse.nix b/nixpkgs/nixos/modules/services/blockchain/ethereum/lighthouse.nix index 863e737d908a..dcf56e187eae 100644 --- a/nixpkgs/nixos/modules/services/blockchain/ethereum/lighthouse.nix +++ b/nixpkgs/nixos/modules/services/blockchain/ethereum/lighthouse.nix @@ -9,16 +9,16 @@ in { options = { services.lighthouse = { beacon = mkOption { - description = lib.mdDoc "Beacon node"; + description = "Beacon node"; default = {}; type = types.submodule { options = { - enable = lib.mkEnableOption (lib.mdDoc "Lightouse Beacon node"); + enable = lib.mkEnableOption "Lightouse Beacon node"; dataDir = mkOption { type = types.str; default = "/var/lib/lighthouse-beacon"; - description = lib.mdDoc '' + description = '' Directory where data will be stored. Each chain will be stored under it's own specific subdirectory. ''; }; @@ -26,7 +26,7 @@ in { address = mkOption { type = types.str; default = "0.0.0.0"; - description = lib.mdDoc '' + description = '' Listen address of Beacon node. ''; }; @@ -34,7 +34,7 @@ in { port = mkOption { type = types.port; default = 9000; - description = lib.mdDoc '' + description = '' Port number the Beacon node will be listening on. ''; }; @@ -42,7 +42,7 @@ in { openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Open the port in the firewall ''; }; @@ -50,7 +50,7 @@ in { disableDepositContractSync = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Explicitly disables syncing of deposit logs from the execution node. This overrides any previous option that depends on it. Useful if you intend to run a non-validating beacon node. @@ -61,7 +61,7 @@ in { address = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc '' + description = '' Listen address for the execution layer. ''; }; @@ -69,7 +69,7 @@ in { port = mkOption { type = types.port; default = 8551; - description = lib.mdDoc '' + description = '' Port number the Beacon node will be listening on for the execution layer. ''; }; @@ -77,18 +77,18 @@ in { jwtPath = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Path for the jwt secret required to connect to the execution layer. ''; }; }; http = { - enable = lib.mkEnableOption (lib.mdDoc "Beacon node http api"); + enable = lib.mkEnableOption "Beacon node http api"; port = mkOption { type = types.port; default = 5052; - description = lib.mdDoc '' + description = '' Port number of Beacon node RPC service. ''; }; @@ -96,18 +96,18 @@ in { address = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc '' + description = '' Listen address of Beacon node RPC service. ''; }; }; metrics = { - enable = lib.mkEnableOption (lib.mdDoc "Beacon node prometheus metrics"); + enable = lib.mkEnableOption "Beacon node prometheus metrics"; address = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc '' + description = '' Listen address of Beacon node metrics service. ''; }; @@ -115,7 +115,7 @@ in { port = mkOption { type = types.port; default = 5054; - description = lib.mdDoc '' + description = '' Port number of Beacon node metrics service. ''; }; @@ -123,7 +123,7 @@ in { extraArgs = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Additional arguments passed to the lighthouse beacon command. ''; default = ""; @@ -134,20 +134,20 @@ in { }; validator = mkOption { - description = lib.mdDoc "Validator node"; + description = "Validator node"; default = {}; type = types.submodule { options = { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable Lightouse Validator node."; + description = "Enable Lightouse Validator node."; }; dataDir = mkOption { type = types.str; default = "/var/lib/lighthouse-validator"; - description = lib.mdDoc '' + description = '' Directory where data will be stored. Each chain will be stored under it's own specific subdirectory. ''; }; @@ -155,17 +155,17 @@ in { beaconNodes = mkOption { type = types.listOf types.str; default = ["http://localhost:5052"]; - description = lib.mdDoc '' + description = '' Beacon nodes to connect to. ''; }; metrics = { - enable = lib.mkEnableOption (lib.mdDoc "Validator node prometheus metrics"); + enable = lib.mkEnableOption "Validator node prometheus metrics"; address = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc '' + description = '' Listen address of Validator node metrics service. ''; }; @@ -173,7 +173,7 @@ in { port = mkOption { type = types.port; default = 5056; - description = lib.mdDoc '' + description = '' Port number of Validator node metrics service. ''; }; @@ -181,7 +181,7 @@ in { extraArgs = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Additional arguments passed to the lighthouse validator command. ''; default = ""; @@ -194,14 +194,14 @@ in { network = mkOption { type = types.enum [ "mainnet" "prater" "goerli" "gnosis" "kiln" "ropsten" "sepolia" ]; default = "mainnet"; - description = lib.mdDoc '' + description = '' The network to connect to. Mainnet is the default ethereum network. ''; }; extraArgs = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Additional arguments passed to every lighthouse command. ''; default = ""; diff --git a/nixpkgs/nixos/modules/services/cluster/corosync/default.nix b/nixpkgs/nixos/modules/services/cluster/corosync/default.nix index 477ffbcdb7c7..cf3448620a5d 100644 --- a/nixpkgs/nixos/modules/services/cluster/corosync/default.nix +++ b/nixpkgs/nixos/modules/services/cluster/corosync/default.nix @@ -7,38 +7,38 @@ in { # interface options.services.corosync = { - enable = mkEnableOption (lib.mdDoc "corosync"); + enable = mkEnableOption "corosync"; package = mkPackageOption pkgs "corosync" { }; clusterName = mkOption { type = types.str; default = "nixcluster"; - description = lib.mdDoc "Name of the corosync cluster."; + description = "Name of the corosync cluster."; }; extraOptions = mkOption { type = with types; listOf str; default = []; - description = lib.mdDoc "Additional options with which to start corosync."; + description = "Additional options with which to start corosync."; }; nodelist = mkOption { - description = lib.mdDoc "Corosync nodelist: all cluster members."; + description = "Corosync nodelist: all cluster members."; default = []; type = with types; listOf (submodule { options = { nodeid = mkOption { type = int; - description = lib.mdDoc "Node ID number"; + description = "Node ID number"; }; name = mkOption { type = str; - description = lib.mdDoc "Node name"; + description = "Node name"; }; ring_addrs = mkOption { type = listOf str; - description = lib.mdDoc "List of addresses, one for each ring."; + description = "List of addresses, one for each ring."; }; }; }); diff --git a/nixpkgs/nixos/modules/services/cluster/hadoop/default.nix b/nixpkgs/nixos/modules/services/cluster/hadoop/default.nix index 6fa91d2f047e..4b255a97f561 100644 --- a/nixpkgs/nixos/modules/services/cluster/hadoop/default.nix +++ b/nixpkgs/nixos/modules/services/cluster/hadoop/default.nix @@ -16,7 +16,7 @@ with lib; "fs.defaultFS" = "hdfs://localhost"; } ''; - description = lib.mdDoc '' + description = '' Hadoop core-site.xml definition <https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/core-default.xml> ''; @@ -25,7 +25,7 @@ with lib; default = {}; type = types.attrsOf types.anything; internal = true; - description = lib.mdDoc '' + description = '' Internal option to add configs to core-site.xml based on module options ''; }; @@ -38,7 +38,7 @@ with lib; "dfs.namenode.http-bind-host" = "0.0.0.0"; }; type = types.attrsOf types.anything; - description = lib.mdDoc '' + description = '' Default options for hdfs-site.xml ''; }; @@ -50,7 +50,7 @@ with lib; "dfs.nameservices" = "namenode1"; } ''; - description = lib.mdDoc '' + description = '' Additional options and overrides for hdfs-site.xml <https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-hdfs/hdfs-default.xml> ''; @@ -59,7 +59,7 @@ with lib; default = {}; type = types.attrsOf types.anything; internal = true; - description = lib.mdDoc '' + description = '' Internal option to add configs to hdfs-site.xml based on module options ''; }; @@ -80,7 +80,7 @@ with lib; } ''; type = types.attrsOf types.anything; - description = lib.mdDoc '' + description = '' Default options for mapred-site.xml ''; }; @@ -92,7 +92,7 @@ with lib; "mapreduce.map.java.opts" = "-Xmx900m -XX:+UseParallelGC"; } ''; - description = lib.mdDoc '' + description = '' Additional options and overrides for mapred-site.xml <https://hadoop.apache.org/docs/current/hadoop-mapreduce-client/hadoop-mapreduce-client-core/mapred-default.xml> ''; @@ -113,7 +113,7 @@ with lib; "yarn.resourcemanager.scheduler.class" = "org.apache.hadoop.yarn.server.resourcemanager.scheduler.fair.FairScheduler"; }; type = types.attrsOf types.anything; - description = lib.mdDoc '' + description = '' Default options for yarn-site.xml ''; }; @@ -125,7 +125,7 @@ with lib; "yarn.resourcemanager.hostname" = "''${config.networking.hostName}"; } ''; - description = lib.mdDoc '' + description = '' Additional options and overrides for yarn-site.xml <https://hadoop.apache.org/docs/current/hadoop-yarn/hadoop-yarn-common/yarn-default.xml> ''; @@ -134,7 +134,7 @@ with lib; default = {}; type = types.attrsOf types.anything; internal = true; - description = lib.mdDoc '' + description = '' Internal option to add configs to yarn-site.xml based on module options ''; }; @@ -147,7 +147,7 @@ with lib; "hadoop.http.max.threads" = 500; } ''; - description = lib.mdDoc '' + description = '' Hadoop httpfs-site.xml definition <https://hadoop.apache.org/docs/current/hadoop-hdfs-httpfs/httpfs-default.html> ''; @@ -162,7 +162,7 @@ with lib; example = literalExpression '' "''${pkgs.hadoop}/etc/hadoop/log4j.properties"; ''; - description = lib.mdDoc "log4j.properties file added to HADOOP_CONF_DIR"; + description = "log4j.properties file added to HADOOP_CONF_DIR"; }; containerExecutorCfg = mkOption { @@ -179,7 +179,7 @@ with lib; "feature.terminal.enabled" = 0; } ''; - description = lib.mdDoc '' + description = '' Yarn container-executor.cfg definition <https://hadoop.apache.org/docs/r2.7.2/hadoop-yarn/hadoop-yarn-site/SecureContainer.html> ''; @@ -194,10 +194,10 @@ with lib; ./extraYARNConfs ] ''; - description = lib.mdDoc "Directories containing additional config files to be added to HADOOP_CONF_DIR"; + description = "Directories containing additional config files to be added to HADOOP_CONF_DIR"; }; - gatewayRole.enable = mkEnableOption (lib.mdDoc "gateway role for deploying hadoop configs"); + gatewayRole.enable = mkEnableOption "gateway role for deploying hadoop configs"; package = mkPackageOption pkgs "hadoop" { }; }; diff --git a/nixpkgs/nixos/modules/services/cluster/hadoop/hbase.nix b/nixpkgs/nixos/modules/services/cluster/hadoop/hbase.nix index 6801e505db64..8eb8d83fd84c 100644 --- a/nixpkgs/nixos/modules/services/cluster/hadoop/hbase.nix +++ b/nixpkgs/nixos/modules/services/cluster/hadoop/hbase.nix @@ -7,25 +7,25 @@ let mkIfNotNull = x: mkIf (x != null) x; # generic hbase role options hbaseRoleOption = name: extraOpts: { - enable = mkEnableOption (mdDoc "HBase ${name}"); + enable = mkEnableOption "HBase ${name}"; openFirewall = mkOption { type = types.bool; default = false; - description = mdDoc "Open firewall ports for HBase ${name}."; + description = "Open firewall ports for HBase ${name}."; }; restartIfChanged = mkOption { type = types.bool; default = false; - description = mdDoc "Restart ${name} con config change."; + description = "Restart ${name} con config change."; }; extraFlags = mkOption { type = with types; listOf str; default = []; example = literalExpression ''[ "--backup" ]''; - description = mdDoc "Extra flags for the ${name} service."; + description = "Extra flags for the ${name} service."; }; environment = mkOption { @@ -36,7 +36,7 @@ let HBASE_MASTER_OPTS = "-Dcom.sun.management.jmxremote.ssl=true"; } ''; - description = mdDoc "Environment variables passed to ${name}."; + description = "Environment variables passed to ${name}."; }; } // extraOpts; # generic hbase role configs @@ -93,7 +93,7 @@ in { options.services.hadoop = { - gatewayRole.enableHbaseCli = mkEnableOption (mdDoc "HBase CLI tools"); + gatewayRole.enableHbaseCli = mkEnableOption "HBase CLI tools"; hbaseSiteDefault = mkOption { default = { @@ -105,7 +105,7 @@ in "hbase.cluster.distributed" = "true"; }; type = types.attrsOf types.anything; - description = mdDoc '' + description = '' Default options for hbase-site.xml ''; }; @@ -118,7 +118,7 @@ in "hbase.table.normalization.enabled" = "true"; } ''; - description = mdDoc '' + description = '' Additional options and overrides for hbase-site.xml <https://github.com/apache/hbase/blob/rel/2.4.11/hbase-common/src/main/resources/hbase-default.xml> ''; @@ -127,7 +127,7 @@ in default = {}; type = with types; attrsOf anything; internal = true; - description = mdDoc '' + description = '' Internal option to add configs to hbase-site.xml based on module options ''; }; @@ -137,7 +137,7 @@ in package = mkPackageOption pkgs "hbase" { }; rootdir = mkOption { - description = mdDoc '' + description = '' This option will set "hbase.rootdir" in hbase-site.xml and determine the directory shared by region servers and into which HBase persists. The URL should be 'fully-qualified' to include the filesystem scheme. @@ -151,7 +151,7 @@ in default = "/hbase"; }; zookeeperQuorum = mkOption { - description = mdDoc '' + description = '' This option will set "hbase.zookeeper.quorum" in hbase-site.xml. Comma separated list of servers in the ZooKeeper ensemble. ''; @@ -164,20 +164,20 @@ in port = mkOption { type = types.int; default = port; - description = mdDoc "RPC port"; + description = "RPC port"; }; infoPort = mkOption { type = types.int; default = infoPort; - description = mdDoc "web UI port"; + description = "web UI port"; }; }; in mapAttrs hbaseRoleOption { - master.initHDFS = mkEnableOption (mdDoc "initialization of the hbase directory on HDFS"); + master.initHDFS = mkEnableOption "initialization of the hbase directory on HDFS"; regionServer.overrideHosts = mkOption { type = types.bool; default = true; - description = mdDoc '' + description = '' Remove /etc/hosts entries for "127.0.0.2" and "::1" defined in nixos/modules/config/networking.nix Regionservers must be able to resolve their hostnames to their IP addresses, through PTR records or /etc/hosts entries. diff --git a/nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix b/nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix index 4a49bd0ddd43..1f61acf4012d 100644 --- a/nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix +++ b/nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix @@ -8,10 +8,10 @@ let # Generator for HDFS service options hadoopServiceOption = { serviceName, firewallOption ? true, extraOpts ? null }: { - enable = mkEnableOption (lib.mdDoc serviceName); + enable = mkEnableOption serviceName; restartIfChanged = mkOption { type = types.bool; - description = lib.mdDoc '' + description = '' Automatically restart the service on config change. This can be set to false to defer restarts on clusters running critical applications. Please consider the security implications of inadvertently running an older version, @@ -22,7 +22,7 @@ let extraFlags = mkOption{ type = with types; listOf str; default = []; - description = lib.mdDoc "Extra command line flags to pass to ${serviceName}"; + description = "Extra command line flags to pass to ${serviceName}"; example = [ "-Dcom.sun.management.jmxremote" "-Dcom.sun.management.jmxremote.port=8010" @@ -31,13 +31,13 @@ let extraEnv = mkOption{ type = with types; attrsOf str; default = {}; - description = lib.mdDoc "Extra environment variables for ${serviceName}"; + description = "Extra environment variables for ${serviceName}"; }; } // (optionalAttrs firewallOption { openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Open firewall ports for ${serviceName}."; + description = "Open firewall ports for ${serviceName}."; }; }) // (optionalAttrs (extraOpts != null) extraOpts); @@ -83,7 +83,7 @@ in formatOnInit = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Format HDFS namenode on first start. This is useful for quickly spinning up ephemeral HDFS clusters with a single namenode. For HA clusters, initialization involves multiple steps across multiple nodes. @@ -96,19 +96,19 @@ in datanode = hadoopServiceOption { serviceName = "HDFS DataNode"; } // { dataDirs = mkOption { default = null; - description = lib.mdDoc "Tier and path definitions for datanode storage."; + description = "Tier and path definitions for datanode storage."; type = with types; nullOr (listOf (submodule { options = { type = mkOption { type = enum [ "SSD" "DISK" "ARCHIVE" "RAM_DISK" ]; - description = lib.mdDoc '' + description = '' Storage types ([SSD]/[DISK]/[ARCHIVE]/[RAM_DISK]) for HDFS storage policies. ''; }; path = mkOption { type = path; example = [ "/var/lib/hadoop/hdfs/dn" ]; - description = lib.mdDoc "Determines where on the local filesystem a data node should store its blocks."; + description = "Determines where on the local filesystem a data node should store its blocks."; }; }; })); @@ -126,7 +126,7 @@ in tempPath = mkOption { type = types.path; default = "/tmp/hadoop/httpfs"; - description = lib.mdDoc "HTTPFS_TEMP path used by HTTPFS"; + description = "HTTPFS_TEMP path used by HTTPFS"; }; }; diff --git a/nixpkgs/nixos/modules/services/cluster/hadoop/yarn.nix b/nixpkgs/nixos/modules/services/cluster/hadoop/yarn.nix index a49aafbd1dca..0a7b4b7e67b0 100644 --- a/nixpkgs/nixos/modules/services/cluster/hadoop/yarn.nix +++ b/nixpkgs/nixos/modules/services/cluster/hadoop/yarn.nix @@ -5,7 +5,7 @@ let hadoopConf = "${import ./conf.nix { inherit cfg pkgs lib; }}/"; restartIfChanged = mkOption { type = types.bool; - description = lib.mdDoc '' + description = '' Automatically restart the service on config change. This can be set to false to defer restarts on clusters running critical applications. Please consider the security implications of inadvertently running an older version, @@ -16,7 +16,7 @@ let extraFlags = mkOption{ type = with types; listOf str; default = []; - description = lib.mdDoc "Extra command line flags to pass to the service"; + description = "Extra command line flags to pass to the service"; example = [ "-Dcom.sun.management.jmxremote" "-Dcom.sun.management.jmxremote.port=8010" @@ -25,45 +25,45 @@ let extraEnv = mkOption{ type = with types; attrsOf str; default = {}; - description = lib.mdDoc "Extra environment variables"; + description = "Extra environment variables"; }; in { options.services.hadoop.yarn = { resourcemanager = { - enable = mkEnableOption (lib.mdDoc "Hadoop YARN ResourceManager"); + enable = mkEnableOption "Hadoop YARN ResourceManager"; inherit restartIfChanged extraFlags extraEnv; openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Open firewall ports for resourcemanager ''; }; }; nodemanager = { - enable = mkEnableOption (lib.mdDoc "Hadoop YARN NodeManager"); + enable = mkEnableOption "Hadoop YARN NodeManager"; inherit restartIfChanged extraFlags extraEnv; resource = { cpuVCores = mkOption { - description = lib.mdDoc "Number of vcores that can be allocated for containers."; + description = "Number of vcores that can be allocated for containers."; type = with types; nullOr ints.positive; default = null; }; maximumAllocationVCores = mkOption { - description = lib.mdDoc "The maximum virtual CPU cores any container can be allocated."; + description = "The maximum virtual CPU cores any container can be allocated."; type = with types; nullOr ints.positive; default = null; }; memoryMB = mkOption { - description = lib.mdDoc "Amount of physical memory, in MB, that can be allocated for containers."; + description = "Amount of physical memory, in MB, that can be allocated for containers."; type = with types; nullOr ints.positive; default = null; }; maximumAllocationMB = mkOption { - description = lib.mdDoc "The maximum physical memory any container can be allocated."; + description = "The maximum physical memory any container can be allocated."; type = with types; nullOr ints.positive; default = null; }; @@ -72,13 +72,13 @@ in useCGroups = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Use cgroups to enforce resource limits on containers ''; }; localDir = mkOption { - description = lib.mdDoc "List of directories to store localized files in."; + description = "List of directories to store localized files in."; type = with types; nullOr (listOf path); example = [ "/var/lib/hadoop/yarn/nm" ]; default = null; @@ -87,14 +87,14 @@ in addBinBash = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Add /bin/bash. This is needed by the linux container executor's launch script. ''; }; openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Open firewall ports for nodemanager. Because containers can listen on any ephemeral port, TCP ports 1024–65535 will be opened. ''; diff --git a/nixpkgs/nixos/modules/services/cluster/k3s/default.nix b/nixpkgs/nixos/modules/services/cluster/k3s/default.nix index dc71f1372d7a..040cf7640de1 100644 --- a/nixpkgs/nixos/modules/services/cluster/k3s/default.nix +++ b/nixpkgs/nixos/modules/services/cluster/k3s/default.nix @@ -13,12 +13,12 @@ in # interface options.services.k3s = { - enable = mkEnableOption (lib.mdDoc "k3s"); + enable = mkEnableOption "k3s"; package = mkPackageOption pkgs "k3s" { }; role = mkOption { - description = lib.mdDoc '' + description = '' Whether k3s should run as a server or agent. If it's a server: @@ -38,7 +38,7 @@ in serverAddr = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The k3s server to connect to. Servers and agents need to communicate each other. Read @@ -52,7 +52,7 @@ in clusterInit = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Initialize HA cluster using an embedded etcd datastore. If this option is `false` and `role` is `server` @@ -73,7 +73,7 @@ in token = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The k3s token to use when connecting to a server. WARNING: This option will expose store your token unencrypted world-readable in the nix store. @@ -84,12 +84,12 @@ in tokenFile = mkOption { type = types.nullOr types.path; - description = lib.mdDoc "File path containing k3s token to use when connecting to the server."; + description = "File path containing k3s token to use when connecting to the server."; default = null; }; extraFlags = mkOption { - description = lib.mdDoc "Extra flags to pass to the k3s command."; + description = "Extra flags to pass to the k3s command."; type = types.str; default = ""; example = "--no-deploy traefik --cluster-cidr 10.24.0.0/16"; @@ -98,12 +98,12 @@ in disableAgent = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Only run the server. This option only makes sense for a server."; + description = "Only run the server. This option only makes sense for a server."; }; environmentFile = mkOption { type = types.nullOr types.path; - description = lib.mdDoc '' + description = '' File path containing environment variables for configuring the k3s service in the format of an EnvironmentFile. See systemd.exec(5). ''; default = null; @@ -112,7 +112,7 @@ in configPath = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc "File path containing the k3s YAML config. This is useful when the config is generated (for example on boot)."; + description = "File path containing the k3s YAML config. This is useful when the config is generated (for example on boot)."; }; }; diff --git a/nixpkgs/nixos/modules/services/cluster/kubernetes/addon-manager.nix b/nixpkgs/nixos/modules/services/cluster/kubernetes/addon-manager.nix index dc851688fbec..522cb0dd16da 100644 --- a/nixpkgs/nixos/modules/services/cluster/kubernetes/addon-manager.nix +++ b/nixpkgs/nixos/modules/services/cluster/kubernetes/addon-manager.nix @@ -21,7 +21,7 @@ in options.services.kubernetes.addonManager = with lib.types; { bootstrapAddons = mkOption { - description = lib.mdDoc '' + description = '' Bootstrap addons are like regular addons, but they are applied with cluster-admin rights. They are applied at addon-manager startup only. ''; @@ -43,7 +43,7 @@ in }; addons = mkOption { - description = lib.mdDoc "Kubernetes addons (any kind of Kubernetes resource can be an addon)."; + description = "Kubernetes addons (any kind of Kubernetes resource can be an addon)."; default = { }; type = attrsOf (either attrs (listOf attrs)); example = literalExpression '' @@ -62,7 +62,7 @@ in ''; }; - enable = mkEnableOption (lib.mdDoc "Kubernetes addon manager"); + enable = mkEnableOption "Kubernetes addon manager"; }; ###### implementation diff --git a/nixpkgs/nixos/modules/services/cluster/kubernetes/addons/dns.nix b/nixpkgs/nixos/modules/services/cluster/kubernetes/addons/dns.nix index 1c00329e6ccf..f18003527064 100644 --- a/nixpkgs/nixos/modules/services/cluster/kubernetes/addons/dns.nix +++ b/nixpkgs/nixos/modules/services/cluster/kubernetes/addons/dns.nix @@ -12,10 +12,10 @@ let }; in { options.services.kubernetes.addons.dns = { - enable = mkEnableOption (lib.mdDoc "kubernetes dns addon"); + enable = mkEnableOption "kubernetes dns addon"; clusterIp = mkOption { - description = lib.mdDoc "Dns addon clusterIP"; + description = "Dns addon clusterIP"; # this default is also what kubernetes users default = ( @@ -31,19 +31,19 @@ in { }; clusterDomain = mkOption { - description = lib.mdDoc "Dns cluster domain"; + description = "Dns cluster domain"; default = "cluster.local"; type = types.str; }; replicas = mkOption { - description = lib.mdDoc "Number of DNS pod replicas to deploy in the cluster."; + description = "Number of DNS pod replicas to deploy in the cluster."; default = 2; type = types.int; }; reconcileMode = mkOption { - description = lib.mdDoc '' + description = '' Controls the addon manager reconciliation mode for the DNS addon. Setting reconcile mode to EnsureExists makes it possible to tailor DNS behavior by editing the coredns ConfigMap. @@ -55,7 +55,7 @@ in { }; coredns = mkOption { - description = lib.mdDoc "Docker image to seed for the CoreDNS container."; + description = "Docker image to seed for the CoreDNS container."; type = types.attrs; default = { imageName = "coredns/coredns"; @@ -66,7 +66,7 @@ in { }; corefile = mkOption { - description = lib.mdDoc '' + description = '' Custom coredns corefile configuration. See: <https://coredns.io/manual/toc/#configuration>. diff --git a/nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix b/nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix index d5ec1e5e6d26..fe9dacb8b93d 100644 --- a/nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix +++ b/nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix @@ -31,7 +31,7 @@ in options.services.kubernetes.apiserver = with lib.types; { advertiseAddress = mkOption { - description = lib.mdDoc '' + description = '' Kubernetes apiserver IP address on which to advertise the apiserver to members of the cluster. This address must be reachable by the rest of the cluster. @@ -41,13 +41,13 @@ in }; allowPrivileged = mkOption { - description = lib.mdDoc "Whether to allow privileged containers on Kubernetes."; + description = "Whether to allow privileged containers on Kubernetes."; default = false; type = bool; }; authorizationMode = mkOption { - description = lib.mdDoc '' + description = '' Kubernetes apiserver authorization mode (AlwaysAllow/AlwaysDeny/ABAC/Webhook/RBAC/Node). See <https://kubernetes.io/docs/reference/access-authn-authz/authorization/> ''; @@ -56,7 +56,7 @@ in }; authorizationPolicy = mkOption { - description = lib.mdDoc '' + description = '' Kubernetes apiserver authorization policy file. See <https://kubernetes.io/docs/reference/access-authn-authz/authorization/> ''; @@ -65,7 +65,7 @@ in }; basicAuthFile = mkOption { - description = lib.mdDoc '' + description = '' Kubernetes apiserver basic authentication file. See <https://kubernetes.io/docs/reference/access-authn-authz/authentication> ''; @@ -74,7 +74,7 @@ in }; bindAddress = mkOption { - description = lib.mdDoc '' + description = '' The IP address on which to listen for the --secure-port port. The associated interface(s) must be reachable by the rest of the cluster, and by CLI/web clients. @@ -84,14 +84,14 @@ in }; clientCaFile = mkOption { - description = lib.mdDoc "Kubernetes apiserver CA file for client auth."; + description = "Kubernetes apiserver CA file for client auth."; default = top.caFile; defaultText = literalExpression "config.${otop.caFile}"; type = nullOr path; }; disableAdmissionPlugins = mkOption { - description = lib.mdDoc '' + description = '' Kubernetes admission control plugins to disable. See <https://kubernetes.io/docs/admin/admission-controllers/> ''; @@ -99,10 +99,10 @@ in type = listOf str; }; - enable = mkEnableOption (lib.mdDoc "Kubernetes apiserver"); + enable = mkEnableOption "Kubernetes apiserver"; enableAdmissionPlugins = mkOption { - description = lib.mdDoc '' + description = '' Kubernetes admission control plugins to enable. See <https://kubernetes.io/docs/admin/admission-controllers/> ''; @@ -121,25 +121,25 @@ in etcd = { servers = mkOption { - description = lib.mdDoc "List of etcd servers."; + description = "List of etcd servers."; default = ["http://127.0.0.1:2379"]; type = types.listOf types.str; }; keyFile = mkOption { - description = lib.mdDoc "Etcd key file."; + description = "Etcd key file."; default = null; type = types.nullOr types.path; }; certFile = mkOption { - description = lib.mdDoc "Etcd cert file."; + description = "Etcd cert file."; default = null; type = types.nullOr types.path; }; caFile = mkOption { - description = lib.mdDoc "Etcd ca file."; + description = "Etcd ca file."; default = top.caFile; defaultText = literalExpression "config.${otop.caFile}"; type = types.nullOr types.path; @@ -147,63 +147,63 @@ in }; extraOpts = mkOption { - description = lib.mdDoc "Kubernetes apiserver extra command line options."; + description = "Kubernetes apiserver extra command line options."; default = ""; type = separatedString " "; }; extraSANs = mkOption { - description = lib.mdDoc "Extra x509 Subject Alternative Names to be added to the kubernetes apiserver tls cert."; + description = "Extra x509 Subject Alternative Names to be added to the kubernetes apiserver tls cert."; default = []; type = listOf str; }; featureGates = mkOption { - description = lib.mdDoc "List set of feature gates"; + description = "List set of feature gates"; default = top.featureGates; defaultText = literalExpression "config.${otop.featureGates}"; type = listOf str; }; kubeletClientCaFile = mkOption { - description = lib.mdDoc "Path to a cert file for connecting to kubelet."; + description = "Path to a cert file for connecting to kubelet."; default = top.caFile; defaultText = literalExpression "config.${otop.caFile}"; type = nullOr path; }; kubeletClientCertFile = mkOption { - description = lib.mdDoc "Client certificate to use for connections to kubelet."; + description = "Client certificate to use for connections to kubelet."; default = null; type = nullOr path; }; kubeletClientKeyFile = mkOption { - description = lib.mdDoc "Key to use for connections to kubelet."; + description = "Key to use for connections to kubelet."; default = null; type = nullOr path; }; preferredAddressTypes = mkOption { - description = lib.mdDoc "List of the preferred NodeAddressTypes to use for kubelet connections."; + description = "List of the preferred NodeAddressTypes to use for kubelet connections."; type = nullOr str; default = null; }; proxyClientCertFile = mkOption { - description = lib.mdDoc "Client certificate to use for connections to proxy."; + description = "Client certificate to use for connections to proxy."; default = null; type = nullOr path; }; proxyClientKeyFile = mkOption { - description = lib.mdDoc "Key to use for connections to proxy."; + description = "Key to use for connections to proxy."; default = null; type = nullOr path; }; runtimeConfig = mkOption { - description = lib.mdDoc '' + description = '' Api runtime configuration. See <https://kubernetes.io/docs/tasks/administer-cluster/cluster-management/> ''; @@ -213,7 +213,7 @@ in }; storageBackend = mkOption { - description = lib.mdDoc '' + description = '' Kubernetes apiserver storage backend. ''; default = "etcd3"; @@ -221,13 +221,13 @@ in }; securePort = mkOption { - description = lib.mdDoc "Kubernetes apiserver secure port."; + description = "Kubernetes apiserver secure port."; default = 6443; type = int; }; apiAudiences = mkOption { - description = lib.mdDoc '' + description = '' Kubernetes apiserver ServiceAccount issuer. ''; default = "api,https://kubernetes.default.svc"; @@ -235,7 +235,7 @@ in }; serviceAccountIssuer = mkOption { - description = lib.mdDoc '' + description = '' Kubernetes apiserver ServiceAccount issuer. ''; default = "https://kubernetes.default.svc"; @@ -243,7 +243,7 @@ in }; serviceAccountSigningKeyFile = mkOption { - description = lib.mdDoc '' + description = '' Path to the file that contains the current private key of the service account token issuer. The issuer will sign issued ID tokens with this private key. @@ -252,7 +252,7 @@ in }; serviceAccountKeyFile = mkOption { - description = lib.mdDoc '' + description = '' File containing PEM-encoded x509 RSA or ECDSA private or public keys, used to verify ServiceAccount tokens. The specified file can contain multiple keys, and the flag can be specified multiple times with @@ -263,7 +263,7 @@ in }; serviceClusterIpRange = mkOption { - description = lib.mdDoc '' + description = '' A CIDR notation IP range from which to assign service cluster IPs. This must not overlap with any IP ranges assigned to nodes for pods. ''; @@ -272,19 +272,19 @@ in }; tlsCertFile = mkOption { - description = lib.mdDoc "Kubernetes apiserver certificate file."; + description = "Kubernetes apiserver certificate file."; default = null; type = nullOr path; }; tlsKeyFile = mkOption { - description = lib.mdDoc "Kubernetes apiserver private key file."; + description = "Kubernetes apiserver private key file."; default = null; type = nullOr path; }; tokenAuthFile = mkOption { - description = lib.mdDoc '' + description = '' Kubernetes apiserver token authentication file. See <https://kubernetes.io/docs/reference/access-authn-authz/authentication> ''; @@ -293,7 +293,7 @@ in }; verbosity = mkOption { - description = lib.mdDoc '' + description = '' Optional glog verbosity level for logging statements. See <https://github.com/kubernetes/community/blob/master/contributors/devel/logging.md> ''; @@ -302,7 +302,7 @@ in }; webhookConfig = mkOption { - description = lib.mdDoc '' + description = '' Kubernetes apiserver Webhook config file. It uses the kubeconfig file format. See <https://kubernetes.io/docs/reference/access-authn-authz/webhook/> ''; diff --git a/nixpkgs/nixos/modules/services/cluster/kubernetes/controller-manager.nix b/nixpkgs/nixos/modules/services/cluster/kubernetes/controller-manager.nix index 18c82fc23593..453043e507d9 100644 --- a/nixpkgs/nixos/modules/services/cluster/kubernetes/controller-manager.nix +++ b/nixpkgs/nixos/modules/services/cluster/kubernetes/controller-manager.nix @@ -17,34 +17,34 @@ in options.services.kubernetes.controllerManager = with lib.types; { allocateNodeCIDRs = mkOption { - description = lib.mdDoc "Whether to automatically allocate CIDR ranges for cluster nodes."; + description = "Whether to automatically allocate CIDR ranges for cluster nodes."; default = true; type = bool; }; bindAddress = mkOption { - description = lib.mdDoc "Kubernetes controller manager listening address."; + description = "Kubernetes controller manager listening address."; default = "127.0.0.1"; type = str; }; clusterCidr = mkOption { - description = lib.mdDoc "Kubernetes CIDR Range for Pods in cluster."; + description = "Kubernetes CIDR Range for Pods in cluster."; default = top.clusterCidr; defaultText = literalExpression "config.${otop.clusterCidr}"; type = str; }; - enable = mkEnableOption (lib.mdDoc "Kubernetes controller manager"); + enable = mkEnableOption "Kubernetes controller manager"; extraOpts = mkOption { - description = lib.mdDoc "Kubernetes controller manager extra command line options."; + description = "Kubernetes controller manager extra command line options."; default = ""; type = separatedString " "; }; featureGates = mkOption { - description = lib.mdDoc "List set of feature gates"; + description = "List set of feature gates"; default = top.featureGates; defaultText = literalExpression "config.${otop.featureGates}"; type = listOf str; @@ -53,13 +53,13 @@ in kubeconfig = top.lib.mkKubeConfigOptions "Kubernetes controller manager"; leaderElect = mkOption { - description = lib.mdDoc "Whether to start leader election before executing main loop."; + description = "Whether to start leader election before executing main loop."; type = bool; default = true; }; rootCaFile = mkOption { - description = lib.mdDoc '' + description = '' Kubernetes controller manager certificate authority file included in service account's token secret. ''; @@ -69,13 +69,13 @@ in }; securePort = mkOption { - description = lib.mdDoc "Kubernetes controller manager secure listening port."; + description = "Kubernetes controller manager secure listening port."; default = 10252; type = int; }; serviceAccountKeyFile = mkOption { - description = lib.mdDoc '' + description = '' Kubernetes controller manager PEM-encoded private RSA key file used to sign service account tokens ''; @@ -84,19 +84,19 @@ in }; tlsCertFile = mkOption { - description = lib.mdDoc "Kubernetes controller-manager certificate file."; + description = "Kubernetes controller-manager certificate file."; default = null; type = nullOr path; }; tlsKeyFile = mkOption { - description = lib.mdDoc "Kubernetes controller-manager private key file."; + description = "Kubernetes controller-manager private key file."; default = null; type = nullOr path; }; verbosity = mkOption { - description = lib.mdDoc '' + description = '' Optional glog verbosity level for logging statements. See <https://github.com/kubernetes/community/blob/master/contributors/devel/logging.md> ''; diff --git a/nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix b/nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix index a920b6cb1268..89bbedf4d040 100644 --- a/nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix +++ b/nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix @@ -77,25 +77,25 @@ let mkKubeConfigOptions = prefix: { server = mkOption { - description = lib.mdDoc "${prefix} kube-apiserver server address."; + description = "${prefix} kube-apiserver server address."; type = types.str; }; caFile = mkOption { - description = lib.mdDoc "${prefix} certificate authority file used to connect to kube-apiserver."; + description = "${prefix} certificate authority file used to connect to kube-apiserver."; type = types.nullOr types.path; default = cfg.caFile; defaultText = literalExpression "config.${opt.caFile}"; }; certFile = mkOption { - description = lib.mdDoc "${prefix} client certificate file used to connect to kube-apiserver."; + description = "${prefix} client certificate file used to connect to kube-apiserver."; type = types.nullOr types.path; default = null; }; keyFile = mkOption { - description = lib.mdDoc "${prefix} client key file used to connect to kube-apiserver."; + description = "${prefix} client key file used to connect to kube-apiserver."; type = types.nullOr types.path; default = null; }; @@ -111,7 +111,7 @@ in { options.services.kubernetes = { roles = mkOption { - description = lib.mdDoc '' + description = '' Kubernetes role that this machine should take. Master role will enable etcd, apiserver, scheduler, controller manager @@ -127,7 +127,7 @@ in { kubeconfig = mkKubeConfigOptions "Default kubeconfig"; apiserverAddress = mkOption { - description = lib.mdDoc '' + description = '' Clusterwide accessible address for the kubernetes apiserver, including protocol and optional port. ''; @@ -136,49 +136,49 @@ in { }; caFile = mkOption { - description = lib.mdDoc "Default kubernetes certificate authority"; + description = "Default kubernetes certificate authority"; type = types.nullOr types.path; default = null; }; dataDir = mkOption { - description = lib.mdDoc "Kubernetes root directory for managing kubelet files."; + description = "Kubernetes root directory for managing kubelet files."; default = "/var/lib/kubernetes"; type = types.path; }; easyCerts = mkOption { - description = lib.mdDoc "Automatically setup x509 certificates and keys for the entire cluster."; + description = "Automatically setup x509 certificates and keys for the entire cluster."; default = false; type = types.bool; }; featureGates = mkOption { - description = lib.mdDoc "List set of feature gates."; + description = "List set of feature gates."; default = []; type = types.listOf types.str; }; masterAddress = mkOption { - description = lib.mdDoc "Clusterwide available network address or hostname for the kubernetes master server."; + description = "Clusterwide available network address or hostname for the kubernetes master server."; example = "master.example.com"; type = types.str; }; path = mkOption { - description = lib.mdDoc "Packages added to the services' PATH environment variable. Both the bin and sbin subdirectories of each package are added."; + description = "Packages added to the services' PATH environment variable. Both the bin and sbin subdirectories of each package are added."; type = types.listOf types.package; default = []; }; clusterCidr = mkOption { - description = lib.mdDoc "Kubernetes controller manager and proxy CIDR Range for Pods in cluster."; + description = "Kubernetes controller manager and proxy CIDR Range for Pods in cluster."; default = "10.1.0.0/16"; type = types.nullOr types.str; }; lib = mkOption { - description = lib.mdDoc "Common functions for the kubernetes modules."; + description = "Common functions for the kubernetes modules."; default = { inherit mkCert; inherit mkKubeConfig; @@ -188,7 +188,7 @@ in { }; secretsPath = mkOption { - description = lib.mdDoc "Default location for kubernetes secrets. Not a store location."; + description = "Default location for kubernetes secrets. Not a store location."; type = types.path; default = cfg.dataDir + "/secrets"; defaultText = literalExpression '' diff --git a/nixpkgs/nixos/modules/services/cluster/kubernetes/flannel.nix b/nixpkgs/nixos/modules/services/cluster/kubernetes/flannel.nix index dca8996df083..93a460971055 100644 --- a/nixpkgs/nixos/modules/services/cluster/kubernetes/flannel.nix +++ b/nixpkgs/nixos/modules/services/cluster/kubernetes/flannel.nix @@ -12,10 +12,10 @@ in { ###### interface options.services.kubernetes.flannel = { - enable = mkEnableOption (lib.mdDoc "flannel networking"); + enable = mkEnableOption "flannel networking"; openFirewallPorts = mkOption { - description = lib.mdDoc '' + description = '' Whether to open the Flannel UDP ports in the firewall on all interfaces.''; type = types.bool; default = true; diff --git a/nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix b/nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix index 313dbe234018..c841f4e5f186 100644 --- a/nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix +++ b/nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix @@ -73,17 +73,17 @@ let taintOptions = with lib.types; { name, ... }: { options = { key = mkOption { - description = lib.mdDoc "Key of taint."; + description = "Key of taint."; default = name; defaultText = literalMD "Name of this submodule."; type = str; }; value = mkOption { - description = lib.mdDoc "Value of taint."; + description = "Value of taint."; type = str; }; effect = mkOption { - description = lib.mdDoc "Effect of taint."; + description = "Effect of taint."; example = "NoSchedule"; type = enum ["NoSchedule" "PreferNoSchedule" "NoExecute"]; }; @@ -105,26 +105,26 @@ in options.services.kubernetes.kubelet = with lib.types; { address = mkOption { - description = lib.mdDoc "Kubernetes kubelet info server listening address."; + description = "Kubernetes kubelet info server listening address."; default = "0.0.0.0"; type = str; }; clusterDns = mkOption { - description = lib.mdDoc "Use alternative DNS."; + description = "Use alternative DNS."; default = "10.1.0.1"; type = str; }; clusterDomain = mkOption { - description = lib.mdDoc "Use alternative domain."; + description = "Use alternative domain."; default = config.services.kubernetes.addons.dns.clusterDomain; defaultText = literalExpression "config.${options.services.kubernetes.addons.dns.clusterDomain}"; type = str; }; clientCaFile = mkOption { - description = lib.mdDoc "Kubernetes apiserver CA file for client authentication."; + description = "Kubernetes apiserver CA file for client authentication."; default = top.caFile; defaultText = literalExpression "config.${otop.caFile}"; type = nullOr path; @@ -132,13 +132,13 @@ in cni = { packages = mkOption { - description = lib.mdDoc "List of network plugin packages to install."; + description = "List of network plugin packages to install."; type = listOf package; default = []; }; config = mkOption { - description = lib.mdDoc "Kubernetes CNI configuration."; + description = "Kubernetes CNI configuration."; type = listOf attrs; default = []; example = literalExpression '' @@ -164,28 +164,28 @@ in }; configDir = mkOption { - description = lib.mdDoc "Path to Kubernetes CNI configuration directory."; + description = "Path to Kubernetes CNI configuration directory."; type = nullOr path; default = null; }; }; containerRuntimeEndpoint = mkOption { - description = lib.mdDoc "Endpoint at which to find the container runtime api interface/socket"; + description = "Endpoint at which to find the container runtime api interface/socket"; type = str; default = "unix:///run/containerd/containerd.sock"; }; - enable = mkEnableOption (lib.mdDoc "Kubernetes kubelet"); + enable = mkEnableOption "Kubernetes kubelet"; extraOpts = mkOption { - description = lib.mdDoc "Kubernetes kubelet extra command line options."; + description = "Kubernetes kubelet extra command line options."; default = ""; type = separatedString " "; }; featureGates = mkOption { - description = lib.mdDoc "List set of feature gates"; + description = "List set of feature gates"; default = top.featureGates; defaultText = literalExpression "config.${otop.featureGates}"; type = listOf str; @@ -193,20 +193,20 @@ in healthz = { bind = mkOption { - description = lib.mdDoc "Kubernetes kubelet healthz listening address."; + description = "Kubernetes kubelet healthz listening address."; default = "127.0.0.1"; type = str; }; port = mkOption { - description = lib.mdDoc "Kubernetes kubelet healthz port."; + description = "Kubernetes kubelet healthz port."; default = 10248; type = port; }; }; hostname = mkOption { - description = lib.mdDoc "Kubernetes kubelet hostname override."; + description = "Kubernetes kubelet hostname override."; defaultText = literalExpression "config.networking.fqdnOrHostName"; type = str; }; @@ -214,61 +214,61 @@ in kubeconfig = top.lib.mkKubeConfigOptions "Kubelet"; manifests = mkOption { - description = lib.mdDoc "List of manifests to bootstrap with kubelet (only pods can be created as manifest entry)"; + description = "List of manifests to bootstrap with kubelet (only pods can be created as manifest entry)"; type = attrsOf attrs; default = {}; }; nodeIp = mkOption { - description = lib.mdDoc "IP address of the node. If set, kubelet will use this IP address for the node."; + description = "IP address of the node. If set, kubelet will use this IP address for the node."; default = null; type = nullOr str; }; registerNode = mkOption { - description = lib.mdDoc "Whether to auto register kubelet with API server."; + description = "Whether to auto register kubelet with API server."; default = true; type = bool; }; port = mkOption { - description = lib.mdDoc "Kubernetes kubelet info server listening port."; + description = "Kubernetes kubelet info server listening port."; default = 10250; type = port; }; seedDockerImages = mkOption { - description = lib.mdDoc "List of docker images to preload on system"; + description = "List of docker images to preload on system"; default = []; type = listOf package; }; taints = mkOption { - description = lib.mdDoc "Node taints (https://kubernetes.io/docs/concepts/configuration/assign-pod-node/)."; + description = "Node taints (https://kubernetes.io/docs/concepts/configuration/assign-pod-node/)."; default = {}; type = attrsOf (submodule [ taintOptions ]); }; tlsCertFile = mkOption { - description = lib.mdDoc "File containing x509 Certificate for HTTPS."; + description = "File containing x509 Certificate for HTTPS."; default = null; type = nullOr path; }; tlsKeyFile = mkOption { - description = lib.mdDoc "File containing x509 private key matching tlsCertFile."; + description = "File containing x509 private key matching tlsCertFile."; default = null; type = nullOr path; }; unschedulable = mkOption { - description = lib.mdDoc "Whether to set node taint to unschedulable=true as it is the case of node that has only master role."; + description = "Whether to set node taint to unschedulable=true as it is the case of node that has only master role."; default = false; type = bool; }; verbosity = mkOption { - description = lib.mdDoc '' + description = '' Optional glog verbosity level for logging statements. See <https://github.com/kubernetes/community/blob/master/contributors/devel/logging.md> ''; diff --git a/nixpkgs/nixos/modules/services/cluster/kubernetes/pki.nix b/nixpkgs/nixos/modules/services/cluster/kubernetes/pki.nix index a4b5cb8eda86..5e725df41f43 100644 --- a/nixpkgs/nixos/modules/services/cluster/kubernetes/pki.nix +++ b/nixpkgs/nixos/modules/services/cluster/kubernetes/pki.nix @@ -41,16 +41,16 @@ in ###### interface options.services.kubernetes.pki = with lib.types; { - enable = mkEnableOption (lib.mdDoc "easyCert issuer service"); + enable = mkEnableOption "easyCert issuer service"; certs = mkOption { - description = lib.mdDoc "List of certificate specs to feed to cert generator."; + description = "List of certificate specs to feed to cert generator."; default = {}; type = attrs; }; genCfsslCACert = mkOption { - description = lib.mdDoc '' + description = '' Whether to automatically generate cfssl CA certificate and key, if they don't exist. ''; @@ -59,7 +59,7 @@ in }; genCfsslAPICerts = mkOption { - description = lib.mdDoc '' + description = '' Whether to automatically generate cfssl API webserver TLS cert and key, if they don't exist. ''; @@ -68,7 +68,7 @@ in }; cfsslAPIExtraSANs = mkOption { - description = lib.mdDoc '' + description = '' Extra x509 Subject Alternative Names to be added to the cfssl API webserver TLS cert. ''; default = []; @@ -77,7 +77,7 @@ in }; genCfsslAPIToken = mkOption { - description = lib.mdDoc '' + description = '' Whether to automatically generate cfssl API-token secret, if they doesn't exist. ''; @@ -86,13 +86,13 @@ in }; pkiTrustOnBootstrap = mkOption { - description = lib.mdDoc "Whether to always trust remote cfssl server upon initial PKI bootstrap."; + description = "Whether to always trust remote cfssl server upon initial PKI bootstrap."; default = true; type = bool; }; caCertPathPrefix = mkOption { - description = lib.mdDoc '' + description = '' Path-prefrix for the CA-certificate to be used for cfssl signing. Suffixes ".pem" and "-key.pem" will be automatically appended for the public and private keys respectively. @@ -103,7 +103,7 @@ in }; caSpec = mkOption { - description = lib.mdDoc "Certificate specification for the auto-generated CAcert."; + description = "Certificate specification for the auto-generated CAcert."; default = { CN = "kubernetes-cluster-ca"; O = "NixOS"; @@ -114,7 +114,7 @@ in }; etcClusterAdminKubeconfig = mkOption { - description = lib.mdDoc '' + description = '' Symlink a kubeconfig with cluster-admin privileges to environment path (/etc/\<path\>). ''; diff --git a/nixpkgs/nixos/modules/services/cluster/kubernetes/proxy.nix b/nixpkgs/nixos/modules/services/cluster/kubernetes/proxy.nix index 015784f7e311..c09e7695f2a4 100644 --- a/nixpkgs/nixos/modules/services/cluster/kubernetes/proxy.nix +++ b/nixpkgs/nixos/modules/services/cluster/kubernetes/proxy.nix @@ -16,28 +16,28 @@ in options.services.kubernetes.proxy = with lib.types; { bindAddress = mkOption { - description = lib.mdDoc "Kubernetes proxy listening address."; + description = "Kubernetes proxy listening address."; default = "0.0.0.0"; type = str; }; - enable = mkEnableOption (lib.mdDoc "Kubernetes proxy"); + enable = mkEnableOption "Kubernetes proxy"; extraOpts = mkOption { - description = lib.mdDoc "Kubernetes proxy extra command line options."; + description = "Kubernetes proxy extra command line options."; default = ""; type = separatedString " "; }; featureGates = mkOption { - description = lib.mdDoc "List set of feature gates"; + description = "List set of feature gates"; default = top.featureGates; defaultText = literalExpression "config.${otop.featureGates}"; type = listOf str; }; hostname = mkOption { - description = lib.mdDoc "Kubernetes proxy hostname override."; + description = "Kubernetes proxy hostname override."; default = config.networking.hostName; defaultText = literalExpression "config.networking.hostName"; type = str; @@ -46,7 +46,7 @@ in kubeconfig = top.lib.mkKubeConfigOptions "Kubernetes proxy"; verbosity = mkOption { - description = lib.mdDoc '' + description = '' Optional glog verbosity level for logging statements. See <https://github.com/kubernetes/community/blob/master/contributors/devel/logging.md> ''; diff --git a/nixpkgs/nixos/modules/services/cluster/kubernetes/scheduler.nix b/nixpkgs/nixos/modules/services/cluster/kubernetes/scheduler.nix index f31a92f36840..da2f39226a24 100644 --- a/nixpkgs/nixos/modules/services/cluster/kubernetes/scheduler.nix +++ b/nixpkgs/nixos/modules/services/cluster/kubernetes/scheduler.nix @@ -12,21 +12,21 @@ in options.services.kubernetes.scheduler = with lib.types; { address = mkOption { - description = lib.mdDoc "Kubernetes scheduler listening address."; + description = "Kubernetes scheduler listening address."; default = "127.0.0.1"; type = str; }; - enable = mkEnableOption (lib.mdDoc "Kubernetes scheduler"); + enable = mkEnableOption "Kubernetes scheduler"; extraOpts = mkOption { - description = lib.mdDoc "Kubernetes scheduler extra command line options."; + description = "Kubernetes scheduler extra command line options."; default = ""; type = separatedString " "; }; featureGates = mkOption { - description = lib.mdDoc "List set of feature gates"; + description = "List set of feature gates"; default = top.featureGates; defaultText = literalExpression "config.${otop.featureGates}"; type = listOf str; @@ -35,19 +35,19 @@ in kubeconfig = top.lib.mkKubeConfigOptions "Kubernetes scheduler"; leaderElect = mkOption { - description = lib.mdDoc "Whether to start leader election before executing main loop."; + description = "Whether to start leader election before executing main loop."; type = bool; default = true; }; port = mkOption { - description = lib.mdDoc "Kubernetes scheduler listening port."; + description = "Kubernetes scheduler listening port."; default = 10251; type = port; }; verbosity = mkOption { - description = lib.mdDoc '' + description = '' Optional glog verbosity level for logging statements. See <https://github.com/kubernetes/community/blob/master/contributors/devel/logging.md> ''; diff --git a/nixpkgs/nixos/modules/services/cluster/pacemaker/default.nix b/nixpkgs/nixos/modules/services/cluster/pacemaker/default.nix index 255bb107796f..005a952e8025 100644 --- a/nixpkgs/nixos/modules/services/cluster/pacemaker/default.nix +++ b/nixpkgs/nixos/modules/services/cluster/pacemaker/default.nix @@ -7,7 +7,7 @@ in { # interface options.services.pacemaker = { - enable = mkEnableOption (lib.mdDoc "pacemaker"); + enable = mkEnableOption "pacemaker"; package = mkPackageOption pkgs "pacemaker" { }; }; diff --git a/nixpkgs/nixos/modules/services/cluster/patroni/default.nix b/nixpkgs/nixos/modules/services/cluster/patroni/default.nix index 5ab016a9f59f..d1a165603fda 100644 --- a/nixpkgs/nixos/modules/services/cluster/patroni/default.nix +++ b/nixpkgs/nixos/modules/services/cluster/patroni/default.nix @@ -12,12 +12,12 @@ in { options.services.patroni = { - enable = mkEnableOption (lib.mdDoc "Patroni"); + enable = mkEnableOption "Patroni"; postgresqlPackage = mkOption { type = types.package; example = literalExpression "pkgs.postgresql_14"; - description = mdDoc '' + description = '' PostgreSQL package to use. Plugins can be enabled like this `pkgs.postgresql_14.withPackages (p: [ p.pg_safeupdate p.postgis ])`. ''; @@ -28,7 +28,7 @@ in defaultText = literalExpression ''"/var/lib/postgresql/''${config.services.patroni.postgresqlPackage.psqlSchema}"''; example = "/var/lib/postgresql/14"; default = "/var/lib/postgresql/${cfg.postgresqlPackage.psqlSchema}"; - description = mdDoc '' + description = '' The data directory for PostgreSQL. If left as the default value this directory will automatically be created before the PostgreSQL server starts, otherwise the sysadmin is responsible for ensuring the directory exists with appropriate ownership @@ -39,7 +39,7 @@ in postgresqlPort = mkOption { type = types.port; default = 5432; - description = mdDoc '' + description = '' The port on which PostgreSQL listens. ''; }; @@ -48,7 +48,7 @@ in type = types.str; default = defaultUser; example = "postgres"; - description = mdDoc '' + description = '' The user for the service. If left as the default value this user will automatically be created, otherwise the sysadmin is responsible for ensuring the user exists. ''; @@ -58,7 +58,7 @@ in type = types.str; default = defaultGroup; example = "postgres"; - description = mdDoc '' + description = '' The group for the service. If left as the default value this group will automatically be created, otherwise the sysadmin is responsible for ensuring the group exists. ''; @@ -67,7 +67,7 @@ in dataDir = mkOption { type = types.path; default = "/var/lib/patroni"; - description = mdDoc '' + description = '' Folder where Patroni data will be written, used by Raft as well if enabled. ''; }; @@ -75,7 +75,7 @@ in scope = mkOption { type = types.str; example = "cluster1"; - description = mdDoc '' + description = '' Cluster name. ''; }; @@ -83,7 +83,7 @@ in name = mkOption { type = types.str; example = "node1"; - description = mdDoc '' + description = '' The name of the host. Must be unique for the cluster. ''; }; @@ -91,7 +91,7 @@ in namespace = mkOption { type = types.str; default = "/service"; - description = mdDoc '' + description = '' Path within the configuration store where Patroni will keep information about the cluster. ''; }; @@ -99,7 +99,7 @@ in nodeIp = mkOption { type = types.str; example = "192.168.1.1"; - description = mdDoc '' + description = '' IP address of this node. ''; }; @@ -107,7 +107,7 @@ in otherNodesIps = mkOption { type = types.listOf types.str; example = [ "192.168.1.2" "192.168.1.3" ]; - description = mdDoc '' + description = '' IP addresses of the other nodes. ''; }; @@ -115,7 +115,7 @@ in restApiPort = mkOption { type = types.port; default = 8008; - description = mdDoc '' + description = '' The port on Patroni's REST api listens. ''; }; @@ -123,7 +123,7 @@ in raft = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' This will configure Patroni to use its own RAFT implementation instead of using a dedicated DCS. ''; }; @@ -131,7 +131,7 @@ in raftPort = mkOption { type = types.port; default = 5010; - description = mdDoc '' + description = '' The port on which RAFT listens. ''; }; @@ -139,7 +139,7 @@ in softwareWatchdog = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' This will configure Patroni to use the software watchdog built into the Linux kernel as described in the [documentation](https://patroni.readthedocs.io/en/latest/watchdog.html#setting-up-software-watchdog-on-linux). ''; @@ -148,7 +148,7 @@ in settings = mkOption { type = format.type; default = { }; - description = mdDoc '' + description = '' The primary patroni configuration. See the [documentation](https://patroni.readthedocs.io/en/latest/SETTINGS.html) for possible values. Secrets should be passed in by using the `environmentFiles` option. @@ -162,7 +162,7 @@ in PATRONI_REPLICATION_PASSWORD = "/secret/file"; PATRONI_SUPERUSER_PASSWORD = "/secret/file"; }; - description = mdDoc "Environment variables made available to Patroni as files content, useful for providing secrets from files."; + description = "Environment variables made available to Patroni as files content, useful for providing secrets from files."; }; }; diff --git a/nixpkgs/nixos/modules/services/cluster/spark/default.nix b/nixpkgs/nixos/modules/services/cluster/spark/default.nix index b3e1ac399ae9..7a3f768471c2 100644 --- a/nixpkgs/nixos/modules/services/cluster/spark/default.nix +++ b/nixpkgs/nixos/modules/services/cluster/spark/default.nix @@ -7,16 +7,16 @@ with lib; options = { services.spark = { master = { - enable = mkEnableOption (lib.mdDoc "Spark master service"); + enable = mkEnableOption "Spark master service"; bind = mkOption { type = types.str; - description = lib.mdDoc "Address the spark master binds to."; + description = "Address the spark master binds to."; default = "127.0.0.1"; example = "0.0.0.0"; }; restartIfChanged = mkOption { type = types.bool; - description = lib.mdDoc '' + description = '' Automatically restart master service on config change. This can be set to false to defer restarts on clusters running critical applications. Please consider the security implications of inadvertently running an older version, @@ -26,7 +26,7 @@ with lib; }; extraEnvironment = mkOption { type = types.attrsOf types.str; - description = lib.mdDoc "Extra environment variables to pass to spark master. See spark-standalone documentation."; + description = "Extra environment variables to pass to spark master. See spark-standalone documentation."; default = {}; example = { SPARK_MASTER_WEBUI_PORT = 8181; @@ -35,20 +35,20 @@ with lib; }; }; worker = { - enable = mkEnableOption (lib.mdDoc "Spark worker service"); + enable = mkEnableOption "Spark worker service"; workDir = mkOption { type = types.path; - description = lib.mdDoc "Spark worker work dir."; + description = "Spark worker work dir."; default = "/var/lib/spark"; }; master = mkOption { type = types.str; - description = lib.mdDoc "Address of the spark master."; + description = "Address of the spark master."; default = "127.0.0.1:7077"; }; restartIfChanged = mkOption { type = types.bool; - description = lib.mdDoc '' + description = '' Automatically restart worker service on config change. This can be set to false to defer restarts on clusters running critical applications. Please consider the security implications of inadvertently running an older version, @@ -58,7 +58,7 @@ with lib; }; extraEnvironment = mkOption { type = types.attrsOf types.str; - description = lib.mdDoc "Extra environment variables to pass to spark worker."; + description = "Extra environment variables to pass to spark worker."; default = {}; example = { SPARK_WORKER_CORES = 5; @@ -68,13 +68,13 @@ with lib; }; confDir = mkOption { type = types.path; - description = lib.mdDoc "Spark configuration directory. Spark will use the configuration files (spark-defaults.conf, spark-env.sh, log4j.properties, etc) from this directory."; + description = "Spark configuration directory. Spark will use the configuration files (spark-defaults.conf, spark-env.sh, log4j.properties, etc) from this directory."; default = "${cfg.package}/conf"; defaultText = literalExpression ''"''${package}/conf"''; }; logDir = mkOption { type = types.path; - description = lib.mdDoc "Spark log directory."; + description = "Spark log directory."; default = "/var/log/spark"; }; package = mkPackageOption pkgs "spark" { diff --git a/nixpkgs/nixos/modules/services/computing/boinc/client.nix b/nixpkgs/nixos/modules/services/computing/boinc/client.nix index c2132149a3f5..f5d7ab8d8cb2 100644 --- a/nixpkgs/nixos/modules/services/computing/boinc/client.nix +++ b/nixpkgs/nixos/modules/services/computing/boinc/client.nix @@ -19,7 +19,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the BOINC distributed computing client. If this option is set to true, the boinc_client daemon will be run as a background service. The boinccmd command can be used to control the @@ -34,7 +34,7 @@ in dataDir = mkOption { type = types.path; default = "/var/lib/boinc"; - description = lib.mdDoc '' + description = '' The directory in which to store BOINC's configuration and data files. ''; }; @@ -42,7 +42,7 @@ in allowRemoteGuiRpc = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' If set to true, any remote host can connect to and control this BOINC client (subject to password authentication). If instead set to false, only the hosts listed in {var}`dataDir`/remote_hosts.cfg will be allowed to @@ -56,7 +56,7 @@ in type = types.listOf types.package; default = []; example = literalExpression "[ pkgs.virtualbox ]"; - description = lib.mdDoc '' + description = '' Additional packages to make available in the environment in which BOINC will run. Common choices are: diff --git a/nixpkgs/nixos/modules/services/computing/foldingathome/client.nix b/nixpkgs/nixos/modules/services/computing/foldingathome/client.nix index 09f31cda769c..8d330fd8717b 100644 --- a/nixpkgs/nixos/modules/services/computing/foldingathome/client.nix +++ b/nixpkgs/nixos/modules/services/computing/foldingathome/client.nix @@ -18,14 +18,14 @@ in '') ]; options.services.foldingathome = { - enable = mkEnableOption (lib.mdDoc "Folding@home client"); + enable = mkEnableOption "Folding@home client"; package = mkPackageOption pkgs "fahclient" { }; user = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The user associated with the reported computation results. This will be used in the ranking statistics. ''; @@ -34,7 +34,7 @@ in team = mkOption { type = types.int; default = 236565; - description = lib.mdDoc '' + description = '' The team ID associated with the reported computation results. This will be used in the ranking statistics. @@ -45,7 +45,7 @@ in daemonNiceLevel = mkOption { type = types.ints.between (-20) 19; default = 0; - description = lib.mdDoc '' + description = '' Daemon process priority for FAHClient. 0 is the default Unix process priority, 19 is the lowest. ''; @@ -54,7 +54,7 @@ in extraArgs = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' Extra startup options for the FAHClient. Run `fah-client --help` to find all the available options. ''; diff --git a/nixpkgs/nixos/modules/services/computing/slurm/slurm.nix b/nixpkgs/nixos/modules/services/computing/slurm/slurm.nix index 9212fe39fd83..360a72677ce0 100644 --- a/nixpkgs/nixos/modules/services/computing/slurm/slurm.nix +++ b/nixpkgs/nixos/modules/services/computing/slurm/slurm.nix @@ -66,7 +66,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the slurm control daemon. Note that the standard authentication method is "munge". The "munge" service needs to be provided with a password file in order for @@ -76,13 +76,13 @@ in }; dbdserver = { - enable = mkEnableOption (lib.mdDoc "SlurmDBD service"); + enable = mkEnableOption "SlurmDBD service"; dbdHost = mkOption { type = types.str; default = config.networking.hostName; defaultText = literalExpression "config.networking.hostName"; - description = lib.mdDoc '' + description = '' Hostname of the machine where `slurmdbd` is running (i.e. name returned by `hostname -s`). ''; @@ -92,7 +92,7 @@ in type = types.str; default = cfg.user; defaultText = literalExpression "config.${opt.user}"; - description = lib.mdDoc '' + description = '' Database user name. ''; }; @@ -100,7 +100,7 @@ in storagePassFile = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Path to file with database password. The content of this will be used to create the password for the `StoragePass` option. ''; @@ -109,7 +109,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra configuration for `slurmdbd.conf` See also: {manpage}`slurmdbd.conf(8)`. ''; @@ -117,13 +117,13 @@ in }; client = { - enable = mkEnableOption (lib.mdDoc "slurm client daemon"); + enable = mkEnableOption "slurm client daemon"; }; enableStools = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to provide a slurm.conf file. Enable this option if you do not run a slurm daemon on this host (i.e. `server.enable` and `client.enable` are `false`) @@ -141,7 +141,7 @@ in type = types.nullOr types.str; default = null; example = null; - description = lib.mdDoc '' + description = '' The short hostname of the machine where SLURM control functions are executed (i.e. the name returned by the command "hostname -s", use "tux001" rather than "tux001.my.com"). @@ -153,7 +153,7 @@ in default = cfg.controlMachine; defaultText = literalExpression "config.${opt.controlMachine}"; example = null; - description = lib.mdDoc '' + description = '' Name that ControlMachine should be referred to in establishing a communications path. ''; @@ -163,7 +163,7 @@ in type = types.str; default = "default"; example = "myCluster"; - description = lib.mdDoc '' + description = '' Necessary to distinguish accounting records in a multi-cluster environment. ''; }; @@ -172,7 +172,7 @@ in type = types.listOf types.str; default = []; example = literalExpression ''[ "linux[1-32] CPUs=1 State=UNKNOWN" ];''; - description = lib.mdDoc '' + description = '' Name that SLURM uses to refer to a node (or base partition for BlueGene systems). Typically this would be the string that "/bin/hostname -s" returns. Note that now you have to write node's parameters after the name. @@ -183,7 +183,7 @@ in type = types.listOf types.str; default = []; example = literalExpression ''[ "debug Nodes=linux[1-32] Default=YES MaxTime=INFINITE State=UP" ];''; - description = lib.mdDoc '' + description = '' Name by which the partition may be referenced. Note that now you have to write the partition's parameters after the name. ''; @@ -192,7 +192,7 @@ in enableSrunX11 = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' If enabled srun will accept the option "--x11" to allow for X11 forwarding from within an interactive session or a batch job. This activates the slurm-spank-x11 module. Note that this option also enables @@ -210,7 +210,7 @@ in procTrackType = mkOption { type = types.str; default = "proctrack/linuxproc"; - description = lib.mdDoc '' + description = '' Plugin to be used for process tracking on a job step basis. The slurmd daemon uses this mechanism to identify all processes which are children of processes it spawns for a user job step. @@ -220,7 +220,7 @@ in stateSaveLocation = mkOption { type = types.str; default = "/var/spool/slurmctld"; - description = lib.mdDoc '' + description = '' Directory into which the Slurm controller, slurmctld, saves its state. ''; }; @@ -228,7 +228,7 @@ in user = mkOption { type = types.str; default = defaultUser; - description = lib.mdDoc '' + description = '' Set this option when you want to run the slurmctld daemon as something else than the default slurm user "slurm". Note that the UID of this user needs to be the same @@ -239,7 +239,7 @@ in extraConfig = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Extra configuration options that will be added verbatim at the end of the slurm configuration file. ''; @@ -248,7 +248,7 @@ in extraPlugstackConfig = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Extra configuration that will be added to the end of `plugstack.conf`. ''; }; @@ -256,7 +256,7 @@ in extraCgroupConfig = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Extra configuration for `cgroup.conf`. This file is used when `procTrackType=proctrack/cgroup`. ''; @@ -265,7 +265,7 @@ in extraConfigPaths = mkOption { type = with types; listOf path; default = []; - description = lib.mdDoc '' + description = '' Slurm expects config files for plugins in the same path as `slurm.conf`. Add extra nix store paths that should be merged into same directory as @@ -281,7 +281,7 @@ in Directory created from generated config files and `config.${opt.extraConfigPaths}`. ''; - description = lib.mdDoc '' + description = '' Path to directory with slurm config files. This option is set by default from the Slurm module and is meant to make the Slurm config file available to other modules. ''; diff --git a/nixpkgs/nixos/modules/services/computing/torque/mom.nix b/nixpkgs/nixos/modules/services/computing/torque/mom.nix index 5dd41429bf81..6747bd4b0d5a 100644 --- a/nixpkgs/nixos/modules/services/computing/torque/mom.nix +++ b/nixpkgs/nixos/modules/services/computing/torque/mom.nix @@ -17,11 +17,11 @@ in options = { services.torque.mom = { - enable = mkEnableOption (lib.mdDoc "torque computing node"); + enable = mkEnableOption "torque computing node"; serverNode = mkOption { type = types.str; - description = lib.mdDoc "Hostname running pbs server."; + description = "Hostname running pbs server."; }; }; diff --git a/nixpkgs/nixos/modules/services/computing/torque/server.nix b/nixpkgs/nixos/modules/services/computing/torque/server.nix index 02f20fb37c10..8d923fc04d46 100644 --- a/nixpkgs/nixos/modules/services/computing/torque/server.nix +++ b/nixpkgs/nixos/modules/services/computing/torque/server.nix @@ -11,7 +11,7 @@ in services.torque.server = { - enable = mkEnableOption (lib.mdDoc "torque server"); + enable = mkEnableOption "torque server"; }; diff --git a/nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix b/nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix index 9f702b17937c..a4a9eee672cf 100644 --- a/nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix +++ b/nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix @@ -64,7 +64,7 @@ in { factorySteps = mkOption { type = types.listOf types.str; - description = lib.mdDoc "Factory Steps"; + description = "Factory Steps"; default = []; example = [ "steps.Git(repourl='https://github.com/buildbot/pyflakes.git', mode='incremental')" @@ -74,7 +74,7 @@ in { changeSource = mkOption { type = types.listOf types.str; - description = lib.mdDoc "List of Change Sources."; + description = "List of Change Sources."; default = []; example = [ "changes.GitPoller('https://github.com/buildbot/pyflakes.git', workdir='gitpoller-workdir', branch='master', pollinterval=300)" @@ -83,7 +83,7 @@ in { configurators = mkOption { type = types.listOf types.str; - description = lib.mdDoc "Configurator Steps, see https://docs.buildbot.net/latest/manual/configuration/configurators.html"; + description = "Configurator Steps, see https://docs.buildbot.net/latest/manual/configuration/configurators.html"; default = []; example = [ "util.JanitorConfigurator(logHorizon=timedelta(weeks=4), hour=12, dayOfWeek=6)" @@ -93,25 +93,25 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the Buildbot continuous integration server."; + description = "Whether to enable the Buildbot continuous integration server."; }; extraConfig = mkOption { type = types.str; - description = lib.mdDoc "Extra configuration to append to master.cfg"; + description = "Extra configuration to append to master.cfg"; default = "c['buildbotNetUsageData'] = None"; }; extraImports = mkOption { type = types.str; - description = lib.mdDoc "Extra python imports to prepend to master.cfg"; + description = "Extra python imports to prepend to master.cfg"; default = ""; example = "from buildbot.process.project import Project"; }; masterCfg = mkOption { type = types.path; - description = lib.mdDoc "Optionally pass master.cfg path. Other options in this configuration will be ignored."; + description = "Optionally pass master.cfg path. Other options in this configuration will be ignored."; default = defaultMasterCfg; defaultText = literalMD ''generated configuration file''; example = "/etc/nixos/buildbot/master.cfg"; @@ -119,7 +119,7 @@ in { schedulers = mkOption { type = types.listOf types.str; - description = lib.mdDoc "List of Schedulers."; + description = "List of Schedulers."; default = [ "schedulers.SingleBranchScheduler(name='all', change_filter=util.ChangeFilter(branch='master'), treeStableTimer=None, builderNames=['runtests'])" "schedulers.ForceScheduler(name='force',builderNames=['runtests'])" @@ -128,7 +128,7 @@ in { builders = mkOption { type = types.listOf types.str; - description = lib.mdDoc "List of Builders."; + description = "List of Builders."; default = [ "util.BuilderConfig(name='runtests',workernames=['example-worker'],factory=factory)" ]; @@ -136,52 +136,52 @@ in { workers = mkOption { type = types.listOf types.str; - description = lib.mdDoc "List of Workers."; + description = "List of Workers."; default = [ "worker.Worker('example-worker', 'pass')" ]; }; reporters = mkOption { default = []; type = types.listOf types.str; - description = lib.mdDoc "List of reporter objects used to present build status to various users."; + description = "List of reporter objects used to present build status to various users."; }; user = mkOption { default = "buildbot"; type = types.str; - description = lib.mdDoc "User the buildbot server should execute under."; + description = "User the buildbot server should execute under."; }; group = mkOption { default = "buildbot"; type = types.str; - description = lib.mdDoc "Primary group of buildbot user."; + description = "Primary group of buildbot user."; }; extraGroups = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc "List of extra groups that the buildbot user should be a part of."; + description = "List of extra groups that the buildbot user should be a part of."; }; home = mkOption { default = "/home/buildbot"; type = types.path; - description = lib.mdDoc "Buildbot home directory."; + description = "Buildbot home directory."; }; buildbotDir = mkOption { default = "${cfg.home}/master"; defaultText = literalExpression ''"''${config.${opt.home}}/master"''; type = types.path; - description = lib.mdDoc "Specifies the Buildbot directory."; + description = "Specifies the Buildbot directory."; }; pbPort = mkOption { default = 9989; type = types.either types.str types.int; example = "'tcp:9990:interface=127.0.0.1'"; - description = lib.mdDoc '' + description = '' The buildmaster will listen on a TCP port of your choosing for connections from workers. It can also use this port for connections from remote Change Sources, @@ -196,37 +196,37 @@ in { listenAddress = mkOption { default = "0.0.0.0"; type = types.str; - description = lib.mdDoc "Specifies the bind address on which the buildbot HTTP interface listens."; + description = "Specifies the bind address on which the buildbot HTTP interface listens."; }; buildbotUrl = mkOption { default = "http://localhost:8010/"; type = types.str; - description = lib.mdDoc "Specifies the Buildbot URL."; + description = "Specifies the Buildbot URL."; }; title = mkOption { default = "Buildbot"; type = types.str; - description = lib.mdDoc "Specifies the Buildbot Title."; + description = "Specifies the Buildbot Title."; }; titleUrl = mkOption { default = "Buildbot"; type = types.str; - description = lib.mdDoc "Specifies the Buildbot TitleURL."; + description = "Specifies the Buildbot TitleURL."; }; dbUrl = mkOption { default = "sqlite:///state.sqlite"; type = types.str; - description = lib.mdDoc "Specifies the database connection string."; + description = "Specifies the database connection string."; }; port = mkOption { default = 8010; type = types.port; - description = lib.mdDoc "Specifies port number on which the buildbot HTTP interface listens."; + description = "Specifies port number on which the buildbot HTTP interface listens."; }; package = mkPackageOption pkgs "buildbot-full" { @@ -237,14 +237,14 @@ in { default = [ pkgs.git ]; defaultText = literalExpression "[ pkgs.git ]"; type = types.listOf types.package; - description = lib.mdDoc "Packages to add to PATH for the buildbot process."; + description = "Packages to add to PATH for the buildbot process."; }; pythonPackages = mkOption { type = types.functionTo (types.listOf types.package); default = pythonPackages: with pythonPackages; [ ]; defaultText = literalExpression "pythonPackages: with pythonPackages; [ ]"; - description = lib.mdDoc "Packages to add the to the PYTHONPATH of the buildbot process."; + description = "Packages to add the to the PYTHONPATH of the buildbot process."; example = literalExpression "pythonPackages: with pythonPackages; [ requests ]"; }; }; diff --git a/nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix b/nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix index 9c7b2bdd06e0..1534ca6f5785 100644 --- a/nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix +++ b/nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix @@ -50,79 +50,79 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the Buildbot Worker."; + description = "Whether to enable the Buildbot Worker."; }; user = mkOption { default = "bbworker"; type = types.str; - description = lib.mdDoc "User the buildbot Worker should execute under."; + description = "User the buildbot Worker should execute under."; }; group = mkOption { default = "bbworker"; type = types.str; - description = lib.mdDoc "Primary group of buildbot Worker user."; + description = "Primary group of buildbot Worker user."; }; extraGroups = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc "List of extra groups that the Buildbot Worker user should be a part of."; + description = "List of extra groups that the Buildbot Worker user should be a part of."; }; home = mkOption { default = "/home/bbworker"; type = types.path; - description = lib.mdDoc "Buildbot home directory."; + description = "Buildbot home directory."; }; buildbotDir = mkOption { default = "${cfg.home}/worker"; defaultText = literalExpression ''"''${config.${opt.home}}/worker"''; type = types.path; - description = lib.mdDoc "Specifies the Buildbot directory."; + description = "Specifies the Buildbot directory."; }; workerUser = mkOption { default = "example-worker"; type = types.str; - description = lib.mdDoc "Specifies the Buildbot Worker user."; + description = "Specifies the Buildbot Worker user."; }; workerPass = mkOption { default = "pass"; type = types.str; - description = lib.mdDoc "Specifies the Buildbot Worker password."; + description = "Specifies the Buildbot Worker password."; }; workerPassFile = mkOption { type = types.path; - description = lib.mdDoc "File used to store the Buildbot Worker password"; + description = "File used to store the Buildbot Worker password"; }; hostMessage = mkOption { default = null; type = types.nullOr types.str; - description = lib.mdDoc "Description of this worker"; + description = "Description of this worker"; }; adminMessage = mkOption { default = null; type = types.nullOr types.str; - description = lib.mdDoc "Name of the administrator of this worker"; + description = "Name of the administrator of this worker"; }; masterUrl = mkOption { default = "localhost:9989"; type = types.str; - description = lib.mdDoc "Specifies the Buildbot Worker connection string."; + description = "Specifies the Buildbot Worker connection string."; }; keepalive = mkOption { default = 600; type = types.int; - description = lib.mdDoc '' + description = '' This is a number that indicates how frequently keepalive messages should be sent from the worker to the buildmaster, expressed in seconds. ''; @@ -134,7 +134,7 @@ in { default = with pkgs; [ git ]; defaultText = literalExpression "[ pkgs.git ]"; type = types.listOf types.package; - description = lib.mdDoc "Packages to add to PATH for the buildbot process."; + description = "Packages to add to PATH for the buildbot process."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix b/nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix index 2e488f83d4c3..fc30172c6499 100644 --- a/nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix +++ b/nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix @@ -19,38 +19,38 @@ let enable = lib.mkOption { default = true; type = lib.types.bool; - description = lib.mdDoc "Whether to enable this buildkite agent"; + description = "Whether to enable this buildkite agent"; }; package = lib.mkOption { default = pkgs.buildkite-agent; defaultText = lib.literalExpression "pkgs.buildkite-agent"; - description = lib.mdDoc "Which buildkite-agent derivation to use"; + description = "Which buildkite-agent derivation to use"; type = lib.types.package; }; dataDir = lib.mkOption { default = "/var/lib/buildkite-agent-${name}"; - description = lib.mdDoc "The workdir for the agent"; + description = "The workdir for the agent"; type = lib.types.str; }; extraGroups = lib.mkOption { default = [ "keys" ]; - description = lib.mdDoc "Groups the user for this buildkite agent should belong to"; + description = "Groups the user for this buildkite agent should belong to"; type = lib.types.listOf lib.types.str; }; runtimePackages = lib.mkOption { default = [ pkgs.bash pkgs.gnutar pkgs.gzip pkgs.git pkgs.nix ]; defaultText = lib.literalExpression "[ pkgs.bash pkgs.gnutar pkgs.gzip pkgs.git pkgs.nix ]"; - description = lib.mdDoc "Add programs to the buildkite-agent environment"; + description = "Add programs to the buildkite-agent environment"; type = lib.types.listOf lib.types.package; }; tokenPath = lib.mkOption { type = lib.types.path; - description = lib.mdDoc '' + description = '' The token from your Buildkite "Agents" page. A run-time path to the token file, which is supposed to be provisioned @@ -61,7 +61,7 @@ let name = lib.mkOption { type = lib.types.str; default = "%hostname-${name}-%n"; - description = lib.mdDoc '' + description = '' The name of the agent as seen in the buildkite dashboard. ''; }; @@ -70,7 +70,7 @@ let type = lib.types.attrsOf (lib.types.either lib.types.str (lib.types.listOf lib.types.str)); default = { }; example = { queue = "default"; docker = "true"; ruby2 = "true"; }; - description = lib.mdDoc '' + description = '' Tags for the agent. ''; }; @@ -79,7 +79,7 @@ let type = lib.types.lines; default = ""; example = "debug=true"; - description = lib.mdDoc '' + description = '' Extra lines to be added verbatim to the configuration file. ''; }; @@ -91,7 +91,7 @@ let ## don't end up in the Nix store. apply = final: if final == null then null else toString final; - description = lib.mdDoc '' + description = '' OpenSSH private key A run-time path to the key file, which is supposed to be provisioned @@ -108,7 +108,7 @@ let export SECRET_VAR=`head -1 /run/keys/secret` '''; }''; - description = lib.mdDoc '' + description = '' "Agent" hooks to install. See <https://buildkite.com/docs/agent/v3/hooks> for possible options. ''; @@ -118,7 +118,7 @@ let type = lib.types.path; default = hooksDir config.hooks; defaultText = lib.literalMD "generated from {option}`services.buildkite-agents.<name>.hooks`"; - description = lib.mdDoc '' + description = '' Path to the directory storing the hooks. Consider using {option}`services.buildkite-agents.<name>.hooks.<name>` instead. @@ -129,7 +129,7 @@ let type = lib.types.str; default = "${pkgs.bash}/bin/bash -e -c"; defaultText = lib.literalExpression ''"''${pkgs.bash}/bin/bash -e -c"''; - description = lib.mdDoc '' + description = '' Command that buildkite-agent 3 will execute when it spawns a shell. ''; }; @@ -142,7 +142,7 @@ in options.services.buildkite-agents = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule buildkiteOptions); default = { }; - description = lib.mdDoc '' + description = '' Attribute set of buildkite agents. The attribute key is combined with the hostname and a unique integer to create the final agent name. This can be overridden by setting the `name` diff --git a/nixpkgs/nixos/modules/services/continuous-integration/gitea-actions-runner.nix b/nixpkgs/nixos/modules/services/continuous-integration/gitea-actions-runner.nix index 06f0da3451a6..30be56f8eeab 100644 --- a/nixpkgs/nixos/modules/services/continuous-integration/gitea-actions-runner.nix +++ b/nixpkgs/nixos/modules/services/continuous-integration/gitea-actions-runner.nix @@ -60,17 +60,17 @@ in instances = mkOption { default = {}; - description = lib.mdDoc '' + description = '' Gitea Actions Runner instances. ''; type = attrsOf (submodule { options = { - enable = mkEnableOption (lib.mdDoc "Gitea Actions Runner instance"); + enable = mkEnableOption "Gitea Actions Runner instance"; name = mkOption { type = str; example = literalExpression "config.networking.hostName"; - description = lib.mdDoc '' + description = '' The name identifying the runner instance towards the Gitea/Forgejo instance. ''; }; @@ -78,7 +78,7 @@ in url = mkOption { type = str; example = "https://forge.example.com"; - description = lib.mdDoc '' + description = '' Base URL of your Gitea/Forgejo instance. ''; }; @@ -86,7 +86,7 @@ in token = mkOption { type = nullOr str; default = null; - description = lib.mdDoc '' + description = '' Plain token to register at the configured Gitea/Forgejo instance. ''; }; @@ -94,7 +94,7 @@ in tokenFile = mkOption { type = nullOr (either str path); default = null; - description = lib.mdDoc '' + description = '' Path to an environment file, containing the `TOKEN` environment variable, that holds a token to register at the configured Gitea/Forgejo instance. @@ -113,7 +113,7 @@ in #"native:host" ] ''; - description = lib.mdDoc '' + description = '' Labels used to map jobs to their runtime environment. Changing these labels currently requires a new registration token. @@ -122,7 +122,7 @@ in ''; }; settings = mkOption { - description = lib.mdDoc '' + description = '' Configuration for `act_runner daemon`. See https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml for an example configuration ''; @@ -158,7 +158,7 @@ in wget ] ''; - description = lib.mdDoc '' + description = '' List of packages, that are available to actions, when the runner is configured with a host execution label. ''; @@ -203,6 +203,8 @@ in TOKEN = "${instance.token}"; } // optionalAttrs (wantsPodman) { DOCKER_HOST = "unix:///run/podman/podman.sock"; + } // { + HOME = "/var/lib/gitea-runner/${name}"; }; path = with pkgs; [ coreutils @@ -236,7 +238,8 @@ in --instance ${escapeShellArg instance.url} \ --token "$TOKEN" \ --name ${escapeShellArg instance.name} \ - --labels ${escapeShellArg (concatStringsSep "," instance.labels)} + --labels ${escapeShellArg (concatStringsSep "," instance.labels)} \ + --config ${configFile} # and write back the configured labels echo "$LABELS_WANTED" > "$LABELS_FILE" diff --git a/nixpkgs/nixos/modules/services/continuous-integration/github-runner/options.nix b/nixpkgs/nixos/modules/services/continuous-integration/github-runner/options.nix index 193261fc2a9f..6ace6a1b187f 100644 --- a/nixpkgs/nixos/modules/services/continuous-integration/github-runner/options.nix +++ b/nixpkgs/nixos/modules/services/continuous-integration/github-runner/options.nix @@ -6,7 +6,7 @@ with lib; { options.services.github-runners = mkOption { - description = mdDoc '' + description = '' Multiple GitHub Runners. ''; example = { @@ -30,7 +30,7 @@ with lib; enable = mkOption { default = false; example = true; - description = mdDoc '' + description = '' Whether to enable GitHub Actions runner. Note: GitHub recommends using self-hosted runners with private repositories only. Learn more here: @@ -41,7 +41,7 @@ with lib; url = mkOption { type = types.str; - description = mdDoc '' + description = '' Repository to add the runner to. Changing this option triggers a new runner registration. @@ -59,7 +59,7 @@ with lib; tokenFile = mkOption { type = types.path; - description = mdDoc '' + description = '' The full path to a file which contains either * a fine-grained personal access token (PAT), @@ -102,7 +102,7 @@ with lib; name = mkOption { type = types.nullOr types.str; - description = mdDoc '' + description = '' Name of the runner to configure. If null, defaults to the hostname. Changing this option triggers a new runner registration. @@ -113,7 +113,7 @@ with lib; runnerGroup = mkOption { type = types.nullOr types.str; - description = mdDoc '' + description = '' Name of the runner group to add this runner to (defaults to the default runner group). Changing this option triggers a new runner registration. @@ -123,7 +123,7 @@ with lib; extraLabels = mkOption { type = types.listOf types.str; - description = mdDoc '' + description = '' Extra labels in addition to the default (unless disabled through the `noDefaultLabels` option). Changing this option triggers a new runner registration. @@ -134,7 +134,7 @@ with lib; noDefaultLabels = mkOption { type = types.bool; - description = mdDoc '' + description = '' Disables adding the default labels. Also see the `extraLabels` option. Changing this option triggers a new runner registration. @@ -144,7 +144,7 @@ with lib; replace = mkOption { type = types.bool; - description = mdDoc '' + description = '' Replace any existing runner with the same name. Without this flag, registering a new runner with the same name fails. @@ -154,7 +154,7 @@ with lib; extraPackages = mkOption { type = types.listOf types.package; - description = mdDoc '' + description = '' Extra packages to add to `PATH` of the service to make them available to workflows. ''; default = [ ]; @@ -162,7 +162,7 @@ with lib; extraEnvironment = mkOption { type = types.attrs; - description = mdDoc '' + description = '' Extra environment variables to set for the runner, as an attrset. ''; example = { @@ -173,7 +173,7 @@ with lib; serviceOverrides = mkOption { type = types.attrs; - description = mdDoc '' + description = '' Modify the systemd service. Can be used to, e.g., adjust the sandboxing options. See {manpage}`systemd.exec(5)` for more options. ''; @@ -188,7 +188,7 @@ with lib; ephemeral = mkOption { type = types.bool; - description = mdDoc '' + description = '' If enabled, causes the following behavior: - Passes the `--ephemeral` flag to the runner configuration script @@ -208,7 +208,7 @@ with lib; user = mkOption { type = types.nullOr types.str; - description = mdDoc '' + description = '' User under which to run the service. If this option and the `group` option is set to `null`, @@ -222,7 +222,7 @@ with lib; group = mkOption { type = types.nullOr types.str; - description = mdDoc '' + description = '' Group under which to run the service. The effect of this option depends on the value of the `user` option: @@ -241,7 +241,7 @@ with lib; workDir = mkOption { type = with types; nullOr str; - description = mdDoc '' + description = '' Working directory, available as `$GITHUB_WORKSPACE` during workflow runs and used as a default for [repository checkouts](https://github.com/actions/checkout). The service cleans this directory on every service start. @@ -256,7 +256,7 @@ with lib; nodeRuntimes = mkOption { type = with types; nonEmptyListOf (enum [ "node20" ]); default = [ "node20" ]; - description = mdDoc '' + description = '' List of Node.js runtimes the runner should support. ''; }; diff --git a/nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix b/nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix index 05b2449936bc..62c62c5d2360 100644 --- a/nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix +++ b/nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix @@ -151,11 +151,11 @@ let ''; in { options.services.gitlab-runner = { - enable = mkEnableOption (lib.mdDoc "Gitlab Runner"); + enable = mkEnableOption "Gitlab Runner"; configFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Configuration file for gitlab-runner. {option}`configFile` takes precedence over {option}`services`. @@ -172,7 +172,7 @@ in { freeformType = (pkgs.formats.json { }).type; }; default = { }; - description = lib.mdDoc '' + description = '' Global gitlab-runner configuration. See <https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section> for supported values. @@ -181,7 +181,7 @@ in { gracefulTermination = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Finish all remaining jobs before stopping. If not set gitlab-runner will stop immediately without waiting for jobs to finish, which will lead to failed builds. @@ -191,7 +191,7 @@ in { type = types.str; default = "infinity"; example = "5min 20s"; - description = lib.mdDoc '' + description = '' Time to wait until a graceful shutdown is turned into a forceful one. ''; }; @@ -201,12 +201,12 @@ in { extraPackages = mkOption { type = types.listOf types.package; default = [ ]; - description = lib.mdDoc '' + description = '' Extra packages to add to PATH for the gitlab-runner process. ''; }; services = mkOption { - description = lib.mdDoc "GitLab Runner services."; + description = "GitLab Runner services."; default = { }; example = literalExpression '' { @@ -288,7 +288,7 @@ in { options = { registrationConfigFile = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' Absolute path to a file with environment variables used for gitlab-runner registration. A list of all supported environment variables can be found in @@ -308,7 +308,7 @@ in { type = types.listOf types.str; default = [ ]; example = [ "--docker-helper-image my/gitlab-runner-helper" ]; - description = lib.mdDoc '' + description = '' Extra command-line flags passed to `gitlab-runner register`. Execute `gitlab-runner register --help` @@ -319,7 +319,7 @@ in { type = types.attrsOf types.str; default = { }; example = { NAME = "value"; }; - description = lib.mdDoc '' + description = '' Custom environment variables injected to build environment. For secrets you can use {option}`registrationConfigFile` with `RUNNER_ENV` variable set. @@ -328,14 +328,14 @@ in { description = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Name/description of the runner. ''; }; executor = mkOption { type = types.str; default = "docker"; - description = lib.mdDoc '' + description = '' Select executor, eg. shell, docker, etc. See [runner documentation](https://docs.gitlab.com/runner/executors/README.html) for more information. ''; @@ -344,7 +344,7 @@ in { type = types.nullOr types.path; default = null; example = "/var/lib/gitlab-runner/builds"; - description = lib.mdDoc '' + description = '' Absolute path to a directory where builds will be stored in context of selected executor (Locally, Docker, SSH). ''; @@ -353,14 +353,14 @@ in { type = types.nullOr types.str; default = null; example = "http://gitlab.example.local"; - description = lib.mdDoc '' + description = '' Overwrite the URL for the GitLab instance. Used if the Runner can’t connect to GitLab on the URL GitLab exposes itself. ''; }; dockerImage = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Docker image to be used. ''; }; @@ -368,7 +368,7 @@ in { type = types.listOf types.str; default = [ ]; example = [ "/var/run/docker.sock:/var/run/docker.sock" ]; - description = lib.mdDoc '' + description = '' Bind-mount a volume and create it if it doesn't exist prior to mounting. ''; @@ -376,14 +376,14 @@ in { dockerDisableCache = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Disable all container caching. ''; }; dockerPrivileged = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Give extended privileges to container. ''; }; @@ -391,7 +391,7 @@ in { type = types.listOf types.str; default = [ ]; example = [ "other-host:127.0.0.1" ]; - description = lib.mdDoc '' + description = '' Add a custom host-to-IP mapping. ''; }; @@ -399,7 +399,7 @@ in { type = types.listOf types.str; default = [ ]; example = [ "ruby:*" "python:*" "php:*" "my.registry.tld:5000/*:*" ]; - description = lib.mdDoc '' + description = '' Whitelist allowed images. ''; }; @@ -407,21 +407,21 @@ in { type = types.listOf types.str; default = [ ]; example = [ "postgres:9" "redis:*" "mysql:*" ]; - description = lib.mdDoc '' + description = '' Whitelist allowed services. ''; }; preCloneScript = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Runner-specific command script executed before code is pulled. ''; }; preBuildScript = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Runner-specific command script executed after code is pulled, just before build executes. ''; @@ -429,7 +429,7 @@ in { postBuildScript = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Runner-specific command script executed after code is pulled and just after build executes. ''; @@ -437,14 +437,14 @@ in { tagList = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc '' + description = '' Tag list. ''; }; runUntagged = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Register to run untagged builds; defaults to `true` when {option}`tagList` is empty. ''; @@ -452,7 +452,7 @@ in { limit = mkOption { type = types.int; default = 0; - description = lib.mdDoc '' + description = '' Limit how many jobs can be handled concurrently by this service. 0 (default) simply means don't limit. ''; @@ -460,14 +460,14 @@ in { requestConcurrency = mkOption { type = types.int; default = 0; - description = lib.mdDoc '' + description = '' Limit number of concurrent requests for new jobs from GitLab. ''; }; maximumTimeout = mkOption { type = types.int; default = 0; - description = lib.mdDoc '' + description = '' What is the maximum timeout (in seconds) that will be set for job when using this Runner. 0 (default) simply means don't limit. ''; @@ -475,7 +475,7 @@ in { protected = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' When set to true Runner will only run on pipelines triggered on protected branches. ''; @@ -483,7 +483,7 @@ in { debugTraceDisabled = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' When set to true Runner will disable the possibility of using the `CI_DEBUG_TRACE` feature. ''; @@ -495,7 +495,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to periodically prune gitlab runner's Docker resources. If enabled, a systemd timer will run {command}`clear-docker-cache` as specified by the `dates` option. @@ -506,7 +506,7 @@ in { type = types.listOf types.str; default = [ ]; example = [ "prune" ]; - description = lib.mdDoc '' + description = '' Any additional flags passed to {command}`clear-docker-cache`. ''; }; @@ -514,7 +514,7 @@ in { dates = mkOption { default = "weekly"; type = types.str; - description = lib.mdDoc '' + description = '' Specification (in the format described by {manpage}`systemd.time(7)`) of the time at which the prune will occur. @@ -525,7 +525,7 @@ in { default = config.virtualisation.docker.package; defaultText = literalExpression "config.virtualisation.docker.package"; example = literalExpression "pkgs.docker"; - description = lib.mdDoc "Docker package to use for clearing up docker cache."; + description = "Docker package to use for clearing up docker cache."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/continuous-integration/gocd-agent/default.nix b/nixpkgs/nixos/modules/services/continuous-integration/gocd-agent/default.nix index c0d752443a16..0e61b253f17e 100644 --- a/nixpkgs/nixos/modules/services/continuous-integration/gocd-agent/default.nix +++ b/nixpkgs/nixos/modules/services/continuous-integration/gocd-agent/default.nix @@ -8,12 +8,12 @@ let in { options = { services.gocd-agent = { - enable = mkEnableOption (lib.mdDoc "gocd-agent"); + enable = mkEnableOption "gocd-agent"; user = mkOption { default = "gocd-agent"; type = types.str; - description = lib.mdDoc '' + description = '' User the Go.CD agent should execute under. ''; }; @@ -21,7 +21,7 @@ in { group = mkOption { default = "gocd-agent"; type = types.str; - description = lib.mdDoc '' + description = '' If the default user "gocd-agent" is configured then this is the primary group of that user. ''; @@ -31,7 +31,7 @@ in { type = types.listOf types.str; default = [ ]; example = [ "wheel" "docker" ]; - description = lib.mdDoc '' + description = '' List of extra groups that the "gocd-agent" user should be a part of. ''; }; @@ -40,7 +40,7 @@ in { default = [ pkgs.stdenv pkgs.jre pkgs.git config.programs.ssh.package pkgs.nix ]; defaultText = literalExpression "[ pkgs.stdenv pkgs.jre pkgs.git config.programs.ssh.package pkgs.nix ]"; type = types.listOf types.package; - description = lib.mdDoc '' + description = '' Packages to add to PATH for the Go.CD agent process. ''; }; @@ -53,7 +53,7 @@ in { agent.auto.register.environments=QA,Performance agent.auto.register.hostname=Agent01 ''; - description = lib.mdDoc '' + description = '' Agent registration configuration. ''; }; @@ -61,7 +61,7 @@ in { goServer = mkOption { default = "https://127.0.0.1:8154/go"; type = types.str; - description = lib.mdDoc '' + description = '' URL of the GoCD Server to attach the Go.CD Agent to. ''; }; @@ -69,7 +69,7 @@ in { workDir = mkOption { default = "/var/lib/go-agent"; type = types.str; - description = lib.mdDoc '' + description = '' Specifies the working directory in which the Go.CD agent java archive resides. ''; }; @@ -77,7 +77,7 @@ in { initialJavaHeapSize = mkOption { default = "128m"; type = types.str; - description = lib.mdDoc '' + description = '' Specifies the initial java heap memory size for the Go.CD agent java process. ''; }; @@ -85,7 +85,7 @@ in { maxJavaHeapMemory = mkOption { default = "256m"; type = types.str; - description = lib.mdDoc '' + description = '' Specifies the java maximum heap memory size for the Go.CD agent java process. ''; }; @@ -108,7 +108,7 @@ in { "-Djava.security.egd=file:/dev/./urandom" ] ''; - description = lib.mdDoc '' + description = '' Specifies startup command line arguments to pass to Go.CD agent java process. ''; @@ -127,7 +127,7 @@ in { "-XX:+PrintGCDetails" "-XX:+PrintGC" ]; - description = lib.mdDoc '' + description = '' Specifies additional command line arguments to pass to Go.CD agent java process. Example contains debug and gcLog arguments. ''; @@ -136,7 +136,7 @@ in { environment = mkOption { default = { }; type = with types; attrsOf str; - description = lib.mdDoc '' + description = '' Additional environment variables to be passed to the Go.CD agent process. As a base environment, Go.CD agent receives NIX_PATH from {option}`environment.sessionVariables`, NIX_REMOTE is set to diff --git a/nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix b/nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix index bf7fd529bfca..a1fb740c269d 100644 --- a/nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix +++ b/nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix @@ -8,12 +8,12 @@ let in { options = { services.gocd-server = { - enable = mkEnableOption (lib.mdDoc "gocd-server"); + enable = mkEnableOption "gocd-server"; user = mkOption { default = "gocd-server"; type = types.str; - description = lib.mdDoc '' + description = '' User the Go.CD server should execute under. ''; }; @@ -21,7 +21,7 @@ in { group = mkOption { default = "gocd-server"; type = types.str; - description = lib.mdDoc '' + description = '' If the default user "gocd-server" is configured then this is the primary group of that user. ''; }; @@ -30,7 +30,7 @@ in { default = [ ]; type = types.listOf types.str; example = [ "wheel" "docker" ]; - description = lib.mdDoc '' + description = '' List of extra groups that the "gocd-server" user should be a part of. ''; }; @@ -39,7 +39,7 @@ in { default = "0.0.0.0"; example = "localhost"; type = types.str; - description = lib.mdDoc '' + description = '' Specifies the bind address on which the Go.CD server HTTP interface listens. ''; }; @@ -47,7 +47,7 @@ in { port = mkOption { default = 8153; type = types.port; - description = lib.mdDoc '' + description = '' Specifies port number on which the Go.CD server HTTP interface listens. ''; }; @@ -55,7 +55,7 @@ in { sslPort = mkOption { default = 8154; type = types.int; - description = lib.mdDoc '' + description = '' Specifies port number on which the Go.CD server HTTPS interface listens. ''; }; @@ -63,7 +63,7 @@ in { workDir = mkOption { default = "/var/lib/go-server"; type = types.str; - description = lib.mdDoc '' + description = '' Specifies the working directory in which the Go.CD server java archive resides. ''; }; @@ -72,7 +72,7 @@ in { default = [ pkgs.stdenv pkgs.jre pkgs.git config.programs.ssh.package pkgs.nix ]; defaultText = literalExpression "[ pkgs.stdenv pkgs.jre pkgs.git config.programs.ssh.package pkgs.nix ]"; type = types.listOf types.package; - description = lib.mdDoc '' + description = '' Packages to add to PATH for the Go.CD server's process. ''; }; @@ -80,7 +80,7 @@ in { initialJavaHeapSize = mkOption { default = "512m"; type = types.str; - description = lib.mdDoc '' + description = '' Specifies the initial java heap memory size for the Go.CD server's java process. ''; }; @@ -88,7 +88,7 @@ in { maxJavaHeapMemory = mkOption { default = "1024m"; type = types.str; - description = lib.mdDoc '' + description = '' Specifies the java maximum heap memory size for the Go.CD server's java process. ''; }; @@ -126,7 +126,7 @@ in { ] ''; - description = lib.mdDoc '' + description = '' Specifies startup command line arguments to pass to Go.CD server java process. ''; @@ -145,7 +145,7 @@ in { "-XX:+PrintGCDetails" "-XX:+PrintGC" ]; - description = lib.mdDoc '' + description = '' Specifies additional command line arguments to pass to Go.CD server's java process. Example contains debug and gcLog arguments. ''; @@ -154,7 +154,7 @@ in { environment = mkOption { default = { }; type = with types; attrsOf str; - description = lib.mdDoc '' + description = '' Additional environment variables to be passed to the gocd-server process. As a base environment, gocd-server receives NIX_PATH from {option}`environment.sessionVariables`, NIX_REMOTE is set to diff --git a/nixpkgs/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix b/nixpkgs/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix index 7d33989044de..a0d4a78a5f34 100644 --- a/nixpkgs/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix +++ b/nixpkgs/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix @@ -36,7 +36,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable to run Hercules CI Agent as a system service. [Hercules CI](https://hercules-ci.com) is a @@ -47,7 +47,7 @@ in }; package = mkPackageOption pkgs "hercules-ci-agent" { }; settings = mkOption { - description = lib.mdDoc '' + description = '' These settings are written to the `agent.toml` file. Not all settings are listed as options, can be set nonetheless. @@ -67,7 +67,7 @@ in type = types.path; internal = true; defaultText = lib.literalMD "generated `hercules-ci-agent.toml`"; - description = lib.mdDoc '' + description = '' The fully assembled config file. ''; }; diff --git a/nixpkgs/nixos/modules/services/continuous-integration/hercules-ci-agent/settings.nix b/nixpkgs/nixos/modules/services/continuous-integration/hercules-ci-agent/settings.nix index 8eb902313ee8..e6e73090d4be 100644 --- a/nixpkgs/nixos/modules/services/continuous-integration/hercules-ci-agent/settings.nix +++ b/nixpkgs/nixos/modules/services/continuous-integration/hercules-ci-agent/settings.nix @@ -13,7 +13,7 @@ let freeformType = format.type; options = { apiBaseUrl = mkOption { - description = lib.mdDoc '' + description = '' API base URL that the agent will connect to. When using Hercules CI Enterprise, set this to the URL where your @@ -25,12 +25,12 @@ let baseDirectory = mkOption { type = types.path; default = "/var/lib/hercules-ci-agent"; - description = lib.mdDoc '' + description = '' State directory (secrets, work directory, etc) for agent ''; }; concurrentTasks = mkOption { - description = lib.mdDoc '' + description = '' Number of tasks to perform simultaneously. A task is a single derivation build, an evaluation or an effect run. @@ -54,7 +54,7 @@ let ''; }; labels = mkOption { - description = lib.mdDoc '' + description = '' A key-value map of user data. This data will be available to organization members in the dashboard and API. @@ -73,7 +73,7 @@ let ''; }; workDirectory = mkOption { - description = lib.mdDoc '' + description = '' The directory in which temporary subdirectories are created for task state. This includes sources for Nix evaluation. ''; type = types.path; @@ -81,7 +81,7 @@ let defaultText = literalExpression ''baseDirectory + "/work"''; }; staticSecretsDirectory = mkOption { - description = lib.mdDoc '' + description = '' This is the default directory to look for statically configured secrets like `cluster-join-token.key`. See also `clusterJoinTokenPath` and `binaryCachesPath` for fine-grained configuration. @@ -91,7 +91,7 @@ let defaultText = literalExpression ''baseDirectory + "/secrets"''; }; clusterJoinTokenPath = mkOption { - description = lib.mdDoc '' + description = '' Location of the cluster-join-token.key file. You can retrieve the contents of the file when creating a new agent via @@ -108,7 +108,7 @@ let defaultText = literalExpression ''staticSecretsDirectory + "/cluster-join-token.key"''; }; binaryCachesPath = mkOption { - description = lib.mdDoc '' + description = '' Path to a JSON file containing binary cache secret keys. As these values are confidential, they should not be in the store, but @@ -122,7 +122,7 @@ let defaultText = literalExpression ''staticSecretsDirectory + "/binary-caches.json"''; }; secretsJsonPath = mkOption { - description = lib.mdDoc '' + description = '' Path to a JSON file containing secrets for effects. As these values are confidential, they should not be in the store, but diff --git a/nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix b/nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix index 10e1f0532c84..23f07eb64b92 100644 --- a/nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix +++ b/nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix @@ -78,7 +78,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to run Hydra services. ''; }; @@ -87,7 +87,7 @@ in type = types.str; default = localDB; example = "dbi:Pg:dbname=hydra;host=postgres.example.org;user=foo;"; - description = lib.mdDoc '' + description = '' The DBI string for Hydra database connection. NOTE: Attempts to set `application_name` will be overridden by @@ -101,7 +101,7 @@ in hydraURL = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The base URL for the Hydra webserver instance. Used for links in emails. ''; }; @@ -110,7 +110,7 @@ in type = types.str; default = "*"; example = "localhost"; - description = lib.mdDoc '' + description = '' The hostname or address to listen on or `*` to listen on all interfaces. ''; @@ -119,7 +119,7 @@ in port = mkOption { type = types.port; default = 3000; - description = lib.mdDoc '' + description = '' TCP port the web server should listen to. ''; }; @@ -127,7 +127,7 @@ in minimumDiskFree = mkOption { type = types.int; default = 0; - description = lib.mdDoc '' + description = '' Threshold of minimum disk space (GiB) to determine if the queue runner should run or not. ''; }; @@ -135,14 +135,14 @@ in minimumDiskFreeEvaluator = mkOption { type = types.int; default = 0; - description = lib.mdDoc '' + description = '' Threshold of minimum disk space (GiB) to determine if the evaluator should run or not. ''; }; notificationSender = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Sender email address used for email notifications. ''; }; @@ -151,7 +151,7 @@ in type = types.nullOr types.str; default = null; example = "localhost"; - description = lib.mdDoc '' + description = '' Hostname of the SMTP server to use to send email. ''; }; @@ -159,7 +159,7 @@ in tracker = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Piece of HTML that is included on all pages. ''; }; @@ -167,7 +167,7 @@ in logo = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Path to a file containing the logo of your Hydra instance. ''; }; @@ -175,42 +175,42 @@ in debugServer = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to run the server in debug mode."; + description = "Whether to run the server in debug mode."; }; maxServers = mkOption { type = types.int; default = 25; - description = lib.mdDoc "Maximum number of starman workers to spawn."; + description = "Maximum number of starman workers to spawn."; }; minSpareServers = mkOption { type = types.int; default = 4; - description = lib.mdDoc "Minimum number of spare starman workers to keep."; + description = "Minimum number of spare starman workers to keep."; }; maxSpareServers = mkOption { type = types.int; default = 5; - description = lib.mdDoc "Maximum number of spare starman workers to keep."; + description = "Maximum number of spare starman workers to keep."; }; extraConfig = mkOption { type = types.lines; - description = lib.mdDoc "Extra lines for the Hydra configuration."; + description = "Extra lines for the Hydra configuration."; }; extraEnv = mkOption { type = types.attrsOf types.str; default = {}; - description = lib.mdDoc "Extra environment variables for Hydra."; + description = "Extra environment variables for Hydra."; }; gcRootsDir = mkOption { type = types.path; default = "/nix/var/nix/gcroots/hydra"; - description = lib.mdDoc "Directory that holds Hydra garbage collector roots."; + description = "Directory that holds Hydra garbage collector roots."; }; buildMachinesFiles = mkOption { @@ -218,13 +218,13 @@ in default = optional (config.nix.buildMachines != []) "/etc/nix/machines"; defaultText = literalExpression ''optional (config.nix.buildMachines != []) "/etc/nix/machines"''; example = [ "/etc/nix/machines" "/var/lib/hydra/provisioner/machines" ]; - description = lib.mdDoc "List of files containing build machines."; + description = "List of files containing build machines."; }; useSubstitutes = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to use binary caches for downloading store paths. Note that binary substitutions trigger (a potentially large number of) additional HTTP requests that slow down the queue monitor thread significantly. diff --git a/nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix b/nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix index d69cf4587aab..7b671ba9ed9d 100644 --- a/nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix +++ b/nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix @@ -9,7 +9,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the jenkins continuous integration server. ''; }; @@ -17,7 +17,7 @@ in { user = mkOption { default = "jenkins"; type = types.str; - description = lib.mdDoc '' + description = '' User the jenkins server should execute under. ''; }; @@ -25,7 +25,7 @@ in { group = mkOption { default = "jenkins"; type = types.str; - description = lib.mdDoc '' + description = '' If the default user "jenkins" is configured then this is the primary group of that user. ''; @@ -35,7 +35,7 @@ in { type = types.listOf types.str; default = [ ]; example = [ "wheel" "dialout" ]; - description = lib.mdDoc '' + description = '' List of extra groups that the "jenkins" user should be a part of. ''; }; @@ -43,7 +43,7 @@ in { home = mkOption { default = "/var/lib/jenkins"; type = types.path; - description = lib.mdDoc '' + description = '' The path to use as JENKINS_HOME. If the default user "jenkins" is configured then this is the home of the "jenkins" user. ''; @@ -53,7 +53,7 @@ in { default = "0.0.0.0"; example = "localhost"; type = types.str; - description = lib.mdDoc '' + description = '' Specifies the bind address on which the jenkins HTTP interface listens. The default is the wildcard address. ''; @@ -62,7 +62,7 @@ in { port = mkOption { default = 8080; type = types.port; - description = lib.mdDoc '' + description = '' Specifies port number on which the jenkins HTTP interface listens. The default is 8080. ''; @@ -72,7 +72,7 @@ in { default = ""; example = "/jenkins"; type = types.str; - description = lib.mdDoc '' + description = '' Specifies a urlPrefix to use with jenkins. If the example /jenkins is given, the jenkins server will be accessible using localhost:8080/jenkins. @@ -85,7 +85,7 @@ in { default = [ pkgs.stdenv pkgs.git pkgs.jdk17 config.programs.ssh.package pkgs.nix ]; defaultText = literalExpression "[ pkgs.stdenv pkgs.git pkgs.jdk17 config.programs.ssh.package pkgs.nix ]"; type = types.listOf types.package; - description = lib.mdDoc '' + description = '' Packages to add to PATH for the jenkins process. ''; }; @@ -93,7 +93,7 @@ in { environment = mkOption { default = { }; type = with types; attrsOf str; - description = lib.mdDoc '' + description = '' Additional environment variables to be passed to the jenkins process. As a base environment, jenkins receives NIX_PATH from {option}`environment.sessionVariables`, NIX_REMOTE is set to @@ -107,7 +107,7 @@ in { plugins = mkOption { default = null; type = types.nullOr (types.attrsOf types.package); - description = lib.mdDoc '' + description = '' A set of plugins to activate. Note that this will completely remove and replace any previously installed plugins. If you have manually-installed plugins that you want to keep while @@ -124,7 +124,7 @@ in { type = types.listOf types.str; default = [ ]; example = [ "--debug=9" ]; - description = lib.mdDoc '' + description = '' Additional command line arguments to pass to Jenkins. ''; }; @@ -133,7 +133,7 @@ in { type = types.listOf types.str; default = [ ]; example = [ "-Xmx80m" ]; - description = lib.mdDoc '' + description = '' Additional command line arguments to pass to the Java run time (as opposed to Jenkins). ''; }; @@ -141,7 +141,7 @@ in { withCLI = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to make the CLI available. More info about the CLI available at diff --git a/nixpkgs/nixos/modules/services/continuous-integration/jenkins/job-builder.nix b/nixpkgs/nixos/modules/services/continuous-integration/jenkins/job-builder.nix index a8e3effd1f72..6400da13d3a8 100644 --- a/nixpkgs/nixos/modules/services/continuous-integration/jenkins/job-builder.nix +++ b/nixpkgs/nixos/modules/services/continuous-integration/jenkins/job-builder.nix @@ -9,7 +9,7 @@ let in { options = { services.jenkins.jobBuilder = { - enable = mkEnableOption (mdDoc '' + enable = mkEnableOption '' the Jenkins Job Builder (JJB) service. It allows defining jobs for Jenkins in a declarative manner. @@ -22,12 +22,12 @@ in { Please see the Jenkins Job Builder documentation for more info: <https://jenkins-job-builder.readthedocs.io/> - ''); + ''; accessUser = mkOption { default = "admin"; type = types.str; - description = lib.mdDoc '' + description = '' User id in Jenkins used to reload config. ''; }; @@ -35,7 +35,7 @@ in { accessToken = mkOption { default = ""; type = types.str; - description = lib.mdDoc '' + description = '' User token in Jenkins used to reload config. WARNING: This token will be world readable in the Nix store. To keep it secret, use the {option}`accessTokenFile` option instead. @@ -47,7 +47,7 @@ in { defaultText = literalExpression ''"''${config.services.jenkins.home}/secrets/initialAdminPassword"''; type = types.str; example = "/run/keys/jenkins-job-builder-access-token"; - description = lib.mdDoc '' + description = '' File containing the API token for the {option}`accessUser` user. ''; @@ -62,7 +62,7 @@ in { builders: - shell: echo 'Hello world!' ''; - description = lib.mdDoc '' + description = '' Job descriptions for Jenkins Job Builder in YAML format. ''; }; @@ -82,7 +82,7 @@ in { ''' ] ''; - description = lib.mdDoc '' + description = '' Job descriptions for Jenkins Job Builder in JSON format. ''; }; @@ -100,7 +100,7 @@ in { } ] ''; - description = lib.mdDoc '' + description = '' Job descriptions for Jenkins Job Builder in Nix format. This is a trivial wrapper around jsonJobs, using builtins.toJSON diff --git a/nixpkgs/nixos/modules/services/continuous-integration/jenkins/slave.nix b/nixpkgs/nixos/modules/services/continuous-integration/jenkins/slave.nix index 82d34a058c57..c0599a65b480 100644 --- a/nixpkgs/nixos/modules/services/continuous-integration/jenkins/slave.nix +++ b/nixpkgs/nixos/modules/services/continuous-integration/jenkins/slave.nix @@ -14,7 +14,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' If true the system will be configured to work as a jenkins slave. If the system is also configured to work as a jenkins master then this has no effect. In progress: Currently only assures the jenkins user is configured. @@ -24,7 +24,7 @@ in { user = mkOption { default = "jenkins"; type = types.str; - description = lib.mdDoc '' + description = '' User the jenkins slave agent should execute under. ''; }; @@ -32,7 +32,7 @@ in { group = mkOption { default = "jenkins"; type = types.str; - description = lib.mdDoc '' + description = '' If the default slave agent user "jenkins" is configured then this is the primary group of that user. ''; @@ -41,7 +41,7 @@ in { home = mkOption { default = "/var/lib/jenkins"; type = types.path; - description = lib.mdDoc '' + description = '' The path to use as JENKINS_HOME. If the default user "jenkins" is configured then this is the home of the "jenkins" user. ''; diff --git a/nixpkgs/nixos/modules/services/continuous-integration/woodpecker/agents.nix b/nixpkgs/nixos/modules/services/continuous-integration/woodpecker/agents.nix index ef7bf3fd2a6e..ce5926a246bb 100644 --- a/nixpkgs/nixos/modules/services/continuous-integration/woodpecker/agents.nix +++ b/nixpkgs/nixos/modules/services/continuous-integration/woodpecker/agents.nix @@ -9,7 +9,7 @@ let agentModule = lib.types.submodule { options = { - enable = lib.mkEnableOption (lib.mdDoc "this Woodpecker-Agent. Agents execute tasks generated by a Server, every install will need one server and at least one agent"); + enable = lib.mkEnableOption "this Woodpecker-Agent. Agents execute tasks generated by a Server, every install will need one server and at least one agent"; package = lib.mkPackageOption pkgs "woodpecker-agent" { }; @@ -23,14 +23,14 @@ let DOCKER_HOST = "unix:///run/podman/podman.sock"; } ''; - description = lib.mdDoc "woodpecker-agent config environment variables, for other options read the [documentation](https://woodpecker-ci.org/docs/administration/agent-config)"; + description = "woodpecker-agent config environment variables, for other options read the [documentation](https://woodpecker-ci.org/docs/administration/agent-config)"; }; extraGroups = lib.mkOption { type = lib.types.listOf lib.types.str; default = [ ]; example = [ "podman" ]; - description = lib.mdDoc '' + description = '' Additional groups for the systemd service. ''; }; @@ -39,7 +39,7 @@ let type = lib.types.listOf lib.types.package; default = [ ]; example = [ "" ]; - description = lib.mdDoc '' + description = '' Additional packages that should be added to the agent's `PATH`. Mostly useful for the `local` backend. ''; @@ -49,7 +49,7 @@ let type = lib.types.listOf lib.types.path; default = [ ]; example = [ "/var/secrets/woodpecker-agent.env" ]; - description = lib.mdDoc '' + description = '' File to load environment variables from. This is helpful for specifying secrets. Example content of environmentFile: @@ -151,7 +151,7 @@ in }; } ''; - description = lib.mdDoc "woodpecker-agents configurations"; + description = "woodpecker-agents configurations"; }; }; }; diff --git a/nixpkgs/nixos/modules/services/continuous-integration/woodpecker/server.nix b/nixpkgs/nixos/modules/services/continuous-integration/woodpecker/server.nix index 4a0f15756c30..54d8da8a59e5 100644 --- a/nixpkgs/nixos/modules/services/continuous-integration/woodpecker/server.nix +++ b/nixpkgs/nixos/modules/services/continuous-integration/woodpecker/server.nix @@ -13,7 +13,7 @@ in options = { services.woodpecker-server = { - enable = lib.mkEnableOption (lib.mdDoc "the Woodpecker-Server, a CI/CD application for automatic builds, deployments and tests"); + enable = lib.mkEnableOption "the Woodpecker-Server, a CI/CD application for automatic builds, deployments and tests"; package = lib.mkPackageOption pkgs "woodpecker-server" { }; environment = lib.mkOption { default = { }; @@ -28,13 +28,13 @@ in WOODPECKER_GITEA_URL = "https://git.example.com"; } ''; - description = lib.mdDoc "woodpecker-server config environment variables, for other options read the [documentation](https://woodpecker-ci.org/docs/administration/server-config)"; + description = "woodpecker-server config environment variables, for other options read the [documentation](https://woodpecker-ci.org/docs/administration/server-config)"; }; environmentFile = lib.mkOption { type = with lib.types; coercedTo path (f: [ f ]) (listOf path); default = [ ]; example = [ "/root/woodpecker-server.env" ]; - description = lib.mdDoc '' + description = '' File to load environment variables from. This is helpful for specifying secrets. Example content of environmentFile: diff --git a/nixpkgs/nixos/modules/services/databases/aerospike.nix b/nixpkgs/nixos/modules/services/databases/aerospike.nix index 4923c0f00ddb..676341084acb 100644 --- a/nixpkgs/nixos/modules/services/databases/aerospike.nix +++ b/nixpkgs/nixos/modules/services/databases/aerospike.nix @@ -39,14 +39,14 @@ in options = { services.aerospike = { - enable = mkEnableOption (lib.mdDoc "Aerospike server"); + enable = mkEnableOption "Aerospike server"; package = mkPackageOption pkgs "aerospike" { }; workDir = mkOption { type = types.str; default = "/var/lib/aerospike"; - description = lib.mdDoc "Location where Aerospike stores its files"; + description = "Location where Aerospike stores its files"; }; networkConfig = mkOption { @@ -75,7 +75,7 @@ in port 3003 } ''; - description = lib.mdDoc "network section of configuration file"; + description = "network section of configuration file"; }; extraConfig = mkOption { @@ -89,7 +89,7 @@ in storage-engine memory } ''; - description = lib.mdDoc "Extra configuration"; + description = "Extra configuration"; }; }; diff --git a/nixpkgs/nixos/modules/services/databases/cassandra.nix b/nixpkgs/nixos/modules/services/databases/cassandra.nix index adf7213dd13f..c8fce9b939db 100644 --- a/nixpkgs/nixos/modules/services/databases/cassandra.nix +++ b/nixpkgs/nixos/modules/services/databases/cassandra.nix @@ -9,7 +9,6 @@ let optionalAttrs optionals recursiveUpdate - mdDoc mkEnableOption mkPackageOption mkIf @@ -122,14 +121,14 @@ in { options.services.cassandra = { - enable = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption '' Apache Cassandra – Scalable and highly available database - ''); + ''; clusterName = mkOption { type = types.str; default = "Test Cluster"; - description = mdDoc '' + description = '' The name of the cluster. This setting prevents nodes in one logical cluster from joining another. All nodes in a cluster must have the same value. @@ -139,19 +138,19 @@ in user = mkOption { type = types.str; default = defaultUser; - description = mdDoc "Run Apache Cassandra under this user."; + description = "Run Apache Cassandra under this user."; }; group = mkOption { type = types.str; default = defaultUser; - description = mdDoc "Run Apache Cassandra under this group."; + description = "Run Apache Cassandra under this group."; }; homeDir = mkOption { type = types.path; default = "/var/lib/cassandra"; - description = mdDoc '' + description = '' Home directory for Apache Cassandra. ''; }; @@ -163,7 +162,7 @@ in jvmOpts = mkOption { type = types.listOf types.str; default = [ ]; - description = mdDoc '' + description = '' Populate the `JVM_OPT` environment variable. ''; }; @@ -172,7 +171,7 @@ in type = types.nullOr types.str; default = "127.0.0.1"; example = null; - description = mdDoc '' + description = '' Address or interface to bind to and tell other Cassandra nodes to connect to. You _must_ change this if you want multiple nodes to be able to communicate! @@ -193,7 +192,7 @@ in type = types.nullOr types.str; default = null; example = "eth1"; - description = mdDoc '' + description = '' Set `listenAddress` OR `listenInterface`, not both. Interfaces must correspond to a single address, IP aliasing is not supported. @@ -204,7 +203,7 @@ in type = types.nullOr types.str; default = "127.0.0.1"; example = null; - description = mdDoc '' + description = '' The address or interface to bind the native transport server to. Set {option}`rpcAddress` OR {option}`rpcInterface`, not both. @@ -226,7 +225,7 @@ in type = types.nullOr types.str; default = null; example = "eth1"; - description = mdDoc '' + description = '' Set {option}`rpcAddress` OR {option}`rpcInterface`, not both. Interfaces must correspond to a single address, IP aliasing is not supported. ''; @@ -249,7 +248,7 @@ in <logger name="com.thinkaurelius.thrift" level="ERROR"/> </configuration> ''; - description = mdDoc '' + description = '' XML logback configuration for cassandra ''; }; @@ -257,7 +256,7 @@ in seedAddresses = mkOption { type = types.listOf types.str; default = [ "127.0.0.1" ]; - description = mdDoc '' + description = '' The addresses of hosts designated as contact points in the cluster. A joining node contacts one of the nodes in the seeds list to learn the topology of the ring. @@ -268,7 +267,7 @@ in allowClients = mkOption { type = types.bool; default = true; - description = mdDoc '' + description = '' Enables or disables the native transport server (CQL binary protocol). This server uses the same address as the {option}`rpcAddress`, but the port it uses is not `rpc_port` but @@ -285,7 +284,7 @@ in { commitlog_sync_batch_window_in_ms = 3; }; - description = mdDoc '' + description = '' Extra options to be merged into {file}`cassandra.yaml` as nix attribute set. ''; }; @@ -294,7 +293,7 @@ in type = types.lines; default = ""; example = literalExpression ''"CLASSPATH=$CLASSPATH:''${extraJar}"''; - description = mdDoc '' + description = '' Extra shell lines to be appended onto {file}`cassandra-env.sh`. ''; }; @@ -303,7 +302,7 @@ in type = types.nullOr types.str; default = "3w"; example = null; - description = mdDoc '' + description = '' Set the interval how often full repairs are run, i.e. {command}`nodetool repair --full` is executed. See <https://cassandra.apache.org/doc/latest/operating/repair.html> @@ -317,7 +316,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "--partitioner-range" ]; - description = mdDoc '' + description = '' Options passed through to the full repair command. ''; }; @@ -326,7 +325,7 @@ in type = types.nullOr types.str; default = "3d"; example = null; - description = mdDoc '' + description = '' Set the interval how often incremental repairs are run, i.e. {command}`nodetool repair` is executed. See <https://cassandra.apache.org/doc/latest/operating/repair.html> @@ -340,7 +339,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "--partitioner-range" ]; - description = mdDoc '' + description = '' Options passed through to the incremental repair command. ''; }; @@ -349,7 +348,7 @@ in type = types.nullOr types.str; default = null; example = "4G"; - description = mdDoc '' + description = '' Must be left blank or set together with {option}`heapNewSize`. If left blank a sensible value for the available amount of RAM and CPU cores is calculated. @@ -370,7 +369,7 @@ in type = types.nullOr types.str; default = null; example = "800M"; - description = mdDoc '' + description = '' Must be left blank or set together with {option}`heapNewSize`. If left blank a sensible value for the available amount of RAM and CPU cores is calculated. @@ -394,7 +393,7 @@ in type = types.nullOr types.int; default = null; example = 4; - description = mdDoc '' + description = '' Set this to control the amount of arenas per-thread in glibc. ''; }; @@ -402,7 +401,7 @@ in remoteJmx = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Cassandra ships with JMX accessible *only* from localhost. To enable remote JMX connections set to true. @@ -414,7 +413,7 @@ in jmxPort = mkOption { type = types.int; default = 7199; - description = mdDoc '' + description = '' Specifies the default port over which Cassandra will be available for JMX connections. For security reasons, you should not expose this port to the internet. @@ -424,7 +423,7 @@ in jmxRoles = mkOption { default = [ ]; - description = mdDoc '' + description = '' Roles that are allowed to access the JMX (e.g. {command}`nodetool`) BEWARE: The passwords will be stored world readable in the nix store. It's recommended to use your own protected file using @@ -437,11 +436,11 @@ in options = { username = mkOption { type = types.str; - description = lib.mdDoc "Username for JMX"; + description = "Username for JMX"; }; password = mkOption { type = types.str; - description = lib.mdDoc "Password for JMX"; + description = "Password for JMX"; }; }; }); @@ -455,7 +454,7 @@ in else null; defaultText = literalMD ''generated configuration file if version is at least 3.11, otherwise `null`''; example = "/var/lib/cassandra/jmx.password"; - description = lib.mdDoc '' + description = '' Specify your own jmx roles file. Make sure the permissions forbid "others" from reading the file if diff --git a/nixpkgs/nixos/modules/services/databases/clickhouse.nix b/nixpkgs/nixos/modules/services/databases/clickhouse.nix index 288046677721..37a1fe5d5b6c 100644 --- a/nixpkgs/nixos/modules/services/databases/clickhouse.nix +++ b/nixpkgs/nixos/modules/services/databases/clickhouse.nix @@ -11,7 +11,7 @@ with lib; services.clickhouse = { - enable = mkEnableOption (lib.mdDoc "ClickHouse database server"); + enable = mkEnableOption "ClickHouse database server"; package = mkPackageOption pkgs "clickhouse" { }; diff --git a/nixpkgs/nixos/modules/services/databases/cockroachdb.nix b/nixpkgs/nixos/modules/services/databases/cockroachdb.nix index 789f086158db..34e4e8760742 100644 --- a/nixpkgs/nixos/modules/services/databases/cockroachdb.nix +++ b/nixpkgs/nixos/modules/services/databases/cockroachdb.nix @@ -35,13 +35,13 @@ let address = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc "Address to bind to for ${descr}"; + description = "Address to bind to for ${descr}"; }; port = mkOption { type = types.port; default = defaultPort; - description = lib.mdDoc "Port to bind to for ${descr}"; + description = "Port to bind to for ${descr}"; }; }; in @@ -49,7 +49,7 @@ in { options = { services.cockroachdb = { - enable = mkEnableOption (lib.mdDoc "CockroachDB Server"); + enable = mkEnableOption "CockroachDB Server"; listen = addressOption "intra-cluster communication" 26257; @@ -58,7 +58,7 @@ in locality = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' An ordered, comma-separated list of key-value pairs that describe the topography of the machine. Topography might include country, datacenter or rack designations. Data is automatically replicated to @@ -80,43 +80,43 @@ in join = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "The addresses for connecting the node to a cluster."; + description = "The addresses for connecting the node to a cluster."; }; insecure = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Run in insecure mode."; + description = "Run in insecure mode."; }; certsDir = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc "The path to the certificate directory."; + description = "The path to the certificate directory."; }; user = mkOption { type = types.str; default = "cockroachdb"; - description = lib.mdDoc "User account under which CockroachDB runs"; + description = "User account under which CockroachDB runs"; }; group = mkOption { type = types.str; default = "cockroachdb"; - description = lib.mdDoc "User account under which CockroachDB runs"; + description = "User account under which CockroachDB runs"; }; openPorts = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Open firewall ports for cluster communication by default"; + description = "Open firewall ports for cluster communication by default"; }; cache = mkOption { type = types.str; default = "25%"; - description = lib.mdDoc '' + description = '' The total size for caches. This can be a percentage, expressed with a fraction sign or as a @@ -132,7 +132,7 @@ in maxSqlMemory = mkOption { type = types.str; default = "25%"; - description = lib.mdDoc '' + description = '' The maximum in-memory storage capacity available to store temporary data for SQL queries. @@ -157,7 +157,7 @@ in type = types.listOf types.str; default = []; example = [ "--advertise-addr" "[fe80::f6f2:::]" ]; - description = lib.mdDoc '' + description = '' Extra CLI arguments passed to {command}`cockroach start`. For the full list of supported arguments, check <https://www.cockroachlabs.com/docs/stable/cockroach-start.html#flags> ''; diff --git a/nixpkgs/nixos/modules/services/databases/couchdb.nix b/nixpkgs/nixos/modules/services/databases/couchdb.nix index 72212c390413..e007bfce77ab 100644 --- a/nixpkgs/nixos/modules/services/databases/couchdb.nix +++ b/nixpkgs/nixos/modules/services/databases/couchdb.nix @@ -34,14 +34,14 @@ in { services.couchdb = { - enable = mkEnableOption (lib.mdDoc "CouchDB Server"); + enable = mkEnableOption "CouchDB Server"; package = mkPackageOption pkgs "couchdb3" { }; adminUser = mkOption { type = types.str; default = "admin"; - description = lib.mdDoc '' + description = '' Couchdb (i.e. fauxton) account with permission for all dbs and tasks. ''; @@ -50,7 +50,7 @@ in { adminPass = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Couchdb (i.e. fauxton) account with permission for all dbs and tasks. ''; @@ -59,7 +59,7 @@ in { user = mkOption { type = types.str; default = "couchdb"; - description = lib.mdDoc '' + description = '' User account under which couchdb runs. ''; }; @@ -67,7 +67,7 @@ in { group = mkOption { type = types.str; default = "couchdb"; - description = lib.mdDoc '' + description = '' Group account under which couchdb runs. ''; }; @@ -77,7 +77,7 @@ in { databaseDir = mkOption { type = types.path; default = "/var/lib/couchdb"; - description = lib.mdDoc '' + description = '' Specifies location of CouchDB database files (*.couch named). This location should be writable and readable for the user the CouchDB service runs as (couchdb by default). @@ -87,7 +87,7 @@ in { uriFile = mkOption { type = types.path; default = "/run/couchdb/couchdb.uri"; - description = lib.mdDoc '' + description = '' This file contains the full URI that can be used to access this instance of CouchDB. It is used to help discover the port CouchDB is running on (if it was set to 0 (e.g. automatically assigned any free @@ -99,7 +99,7 @@ in { viewIndexDir = mkOption { type = types.path; default = "/var/lib/couchdb"; - description = lib.mdDoc '' + description = '' Specifies location of CouchDB view index files. This location should be writable and readable for the user that runs the CouchDB service (couchdb by default). @@ -109,7 +109,7 @@ in { bindAddress = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc '' + description = '' Defines the IP address by which CouchDB will be accessible. ''; }; @@ -117,7 +117,7 @@ in { port = mkOption { type = types.port; default = 5984; - description = lib.mdDoc '' + description = '' Defined the port number to listen. ''; }; @@ -125,7 +125,7 @@ in { logFile = mkOption { type = types.path; default = "/var/log/couchdb.log"; - description = lib.mdDoc '' + description = '' Specifies the location of file for logging output. ''; }; @@ -133,7 +133,7 @@ in { extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra configuration. Overrides any other configuration. ''; }; @@ -142,14 +142,14 @@ in { type = types.path; default = "${cfg.package}/etc/vm.args"; defaultText = literalExpression ''"config.${opt.package}/etc/vm.args"''; - description = lib.mdDoc '' + description = '' vm.args configuration. Overrides Couchdb's Erlang VM parameters file. ''; }; configFile = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' Configuration file for persisting runtime changes. File needs to be readable and writable from couchdb user/group. ''; diff --git a/nixpkgs/nixos/modules/services/databases/dgraph.nix b/nixpkgs/nixos/modules/services/databases/dgraph.nix index 479754a6447d..00a11d6b686e 100644 --- a/nixpkgs/nixos/modules/services/databases/dgraph.nix +++ b/nixpkgs/nixos/modules/services/databases/dgraph.nix @@ -53,14 +53,14 @@ in { options = { services.dgraph = { - enable = mkEnableOption (lib.mdDoc "Dgraph native GraphQL database with a graph backend"); + enable = mkEnableOption "Dgraph native GraphQL database with a graph backend"; package = lib.mkPackageOption pkgs "dgraph" { }; settings = mkOption { type = settingsFormat.type; default = {}; - description = lib.mdDoc '' + description = '' Contents of the dgraph config. For more details see https://dgraph.io/docs/deploy/config ''; }; @@ -69,14 +69,14 @@ in host = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc '' + description = '' The host which dgraph alpha will be run on. ''; }; port = mkOption { type = types.port; default = 7080; - description = lib.mdDoc '' + description = '' The port which to run dgraph alpha on. ''; }; @@ -87,14 +87,14 @@ in host = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc '' + description = '' The host which dgraph zero will be run on. ''; }; port = mkOption { type = types.port; default = 5080; - description = lib.mdDoc '' + description = '' The port which to run dgraph zero on. ''; }; diff --git a/nixpkgs/nixos/modules/services/databases/dragonflydb.nix b/nixpkgs/nixos/modules/services/databases/dragonflydb.nix index 46a0c188c3ae..220605c8b475 100644 --- a/nixpkgs/nixos/modules/services/databases/dragonflydb.nix +++ b/nixpkgs/nixos/modules/services/databases/dragonflydb.nix @@ -25,24 +25,24 @@ in options = { services.dragonflydb = { - enable = mkEnableOption (lib.mdDoc "DragonflyDB"); + enable = mkEnableOption "DragonflyDB"; user = mkOption { type = types.str; default = "dragonfly"; - description = lib.mdDoc "The user to run DragonflyDB as"; + description = "The user to run DragonflyDB as"; }; port = mkOption { type = types.port; default = 6379; - description = lib.mdDoc "The TCP port to accept connections."; + description = "The TCP port to accept connections."; }; bind = mkOption { type = with types; nullOr str; default = "127.0.0.1"; - description = lib.mdDoc '' + description = '' The IP interface to bind to. `null` means "all interfaces". ''; @@ -51,14 +51,14 @@ in requirePass = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc "Password for database"; + description = "Password for database"; example = "letmein!"; }; maxMemory = mkOption { type = with types; nullOr ints.unsigned; default = null; - description = lib.mdDoc '' + description = '' The maximum amount of memory to use for storage (in bytes). `null` means this will be automatically set. ''; @@ -67,7 +67,7 @@ in memcachePort = mkOption { type = with types; nullOr port; default = null; - description = lib.mdDoc '' + description = '' To enable memcached compatible API on this port. `null` means disabled. ''; @@ -76,7 +76,7 @@ in keysOutputLimit = mkOption { type = types.ints.unsigned; default = 8192; - description = lib.mdDoc '' + description = '' Maximum number of returned keys in keys command. `keys` is a dangerous command. We truncate its result to avoid blowup in memory when fetching too many keys. @@ -86,13 +86,13 @@ in dbNum = mkOption { type = with types; nullOr ints.unsigned; default = null; - description = lib.mdDoc "Maximum number of supported databases for `select`"; + description = "Maximum number of supported databases for `select`"; }; cacheMode = mkOption { type = with types; nullOr bool; default = null; - description = lib.mdDoc '' + description = '' Once this mode is on, Dragonfly will evict items least likely to be stumbled upon in the future but only when it is near maxmemory limit. ''; diff --git a/nixpkgs/nixos/modules/services/databases/etcd.nix b/nixpkgs/nixos/modules/services/databases/etcd.nix index a5b3abdbcb59..ebc905ad08f6 100644 --- a/nixpkgs/nixos/modules/services/databases/etcd.nix +++ b/nixpkgs/nixos/modules/services/databases/etcd.nix @@ -10,7 +10,7 @@ in { options.services.etcd = { enable = mkOption { - description = lib.mdDoc "Whether to enable etcd."; + description = "Whether to enable etcd."; default = false; type = types.bool; }; @@ -18,83 +18,83 @@ in { package = mkPackageOption pkgs "etcd" { }; name = mkOption { - description = lib.mdDoc "Etcd unique node name."; + description = "Etcd unique node name."; default = config.networking.hostName; defaultText = literalExpression "config.networking.hostName"; type = types.str; }; advertiseClientUrls = mkOption { - description = lib.mdDoc "Etcd list of this member's client URLs to advertise to the rest of the cluster."; + description = "Etcd list of this member's client URLs to advertise to the rest of the cluster."; default = cfg.listenClientUrls; defaultText = literalExpression "config.${opt.listenClientUrls}"; type = types.listOf types.str; }; listenClientUrls = mkOption { - description = lib.mdDoc "Etcd list of URLs to listen on for client traffic."; + description = "Etcd list of URLs to listen on for client traffic."; default = ["http://127.0.0.1:2379"]; type = types.listOf types.str; }; listenPeerUrls = mkOption { - description = lib.mdDoc "Etcd list of URLs to listen on for peer traffic."; + description = "Etcd list of URLs to listen on for peer traffic."; default = ["http://127.0.0.1:2380"]; type = types.listOf types.str; }; initialAdvertisePeerUrls = mkOption { - description = lib.mdDoc "Etcd list of this member's peer URLs to advertise to rest of the cluster."; + description = "Etcd list of this member's peer URLs to advertise to rest of the cluster."; default = cfg.listenPeerUrls; defaultText = literalExpression "config.${opt.listenPeerUrls}"; type = types.listOf types.str; }; initialCluster = mkOption { - description = lib.mdDoc "Etcd initial cluster configuration for bootstrapping."; + description = "Etcd initial cluster configuration for bootstrapping."; default = ["${cfg.name}=http://127.0.0.1:2380"]; defaultText = literalExpression ''["''${config.${opt.name}}=http://127.0.0.1:2380"]''; type = types.listOf types.str; }; initialClusterState = mkOption { - description = lib.mdDoc "Etcd initial cluster configuration for bootstrapping."; + description = "Etcd initial cluster configuration for bootstrapping."; default = "new"; type = types.enum ["new" "existing"]; }; initialClusterToken = mkOption { - description = lib.mdDoc "Etcd initial cluster token for etcd cluster during bootstrap."; + description = "Etcd initial cluster token for etcd cluster during bootstrap."; default = "etcd-cluster"; type = types.str; }; discovery = mkOption { - description = lib.mdDoc "Etcd discovery url"; + description = "Etcd discovery url"; default = ""; type = types.str; }; clientCertAuth = mkOption { - description = lib.mdDoc "Whether to use certs for client authentication"; + description = "Whether to use certs for client authentication"; default = false; type = types.bool; }; trustedCaFile = mkOption { - description = lib.mdDoc "Certificate authority file to use for clients"; + description = "Certificate authority file to use for clients"; default = null; type = types.nullOr types.path; }; certFile = mkOption { - description = lib.mdDoc "Cert file to use for clients"; + description = "Cert file to use for clients"; default = null; type = types.nullOr types.path; }; keyFile = mkOption { - description = lib.mdDoc "Key file to use for clients"; + description = "Key file to use for clients"; default = null; type = types.nullOr types.path; }; @@ -102,7 +102,7 @@ in { openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Open etcd ports in the firewall. Ports opened: - 2379/tcp for client requests @@ -111,34 +111,34 @@ in { }; peerCertFile = mkOption { - description = lib.mdDoc "Cert file to use for peer to peer communication"; + description = "Cert file to use for peer to peer communication"; default = cfg.certFile; defaultText = literalExpression "config.${opt.certFile}"; type = types.nullOr types.path; }; peerKeyFile = mkOption { - description = lib.mdDoc "Key file to use for peer to peer communication"; + description = "Key file to use for peer to peer communication"; default = cfg.keyFile; defaultText = literalExpression "config.${opt.keyFile}"; type = types.nullOr types.path; }; peerTrustedCaFile = mkOption { - description = lib.mdDoc "Certificate authority file to use for peer to peer communication"; + description = "Certificate authority file to use for peer to peer communication"; default = cfg.trustedCaFile; defaultText = literalExpression "config.${opt.trustedCaFile}"; type = types.nullOr types.path; }; peerClientCertAuth = mkOption { - description = lib.mdDoc "Whether to check all incoming peer requests from the cluster for valid client certificates signed by the supplied CA"; + description = "Whether to check all incoming peer requests from the cluster for valid client certificates signed by the supplied CA"; default = false; type = types.bool; }; extraConf = mkOption { - description = lib.mdDoc '' + description = '' Etcd extra configuration. See <https://github.com/coreos/etcd/blob/master/Documentation/op-guide/configuration.md#configuration-flags> ''; @@ -158,7 +158,7 @@ in { dataDir = mkOption { type = types.path; default = "/var/lib/etcd"; - description = lib.mdDoc "Etcd data directory."; + description = "Etcd data directory."; }; }; diff --git a/nixpkgs/nixos/modules/services/databases/firebird.nix b/nixpkgs/nixos/modules/services/databases/firebird.nix index 431233ce5ed4..17606218b633 100644 --- a/nixpkgs/nixos/modules/services/databases/firebird.nix +++ b/nixpkgs/nixos/modules/services/databases/firebird.nix @@ -40,7 +40,7 @@ in services.firebird = { - enable = mkEnableOption (lib.mdDoc "the Firebird super server"); + enable = mkEnableOption "the Firebird super server"; package = mkPackageOption pkgs "firebird" { example = "firebird_3"; @@ -52,7 +52,7 @@ in port = mkOption { default = 3050; type = types.port; - description = lib.mdDoc '' + description = '' Port Firebird uses. ''; }; @@ -60,7 +60,7 @@ in user = mkOption { default = "firebird"; type = types.str; - description = lib.mdDoc '' + description = '' User account under which firebird runs. ''; }; @@ -68,7 +68,7 @@ in baseDir = mkOption { default = "/var/lib/firebird"; type = types.str; - description = lib.mdDoc '' + description = '' Location containing data/ and system/ directories. data/ stores the databases, system/ stores the password database security2.fdb. ''; diff --git a/nixpkgs/nixos/modules/services/databases/foundationdb.nix b/nixpkgs/nixos/modules/services/databases/foundationdb.nix index 48e9898a68c2..670a149ea5e7 100644 --- a/nixpkgs/nixos/modules/services/databases/foundationdb.nix +++ b/nixpkgs/nixos/modules/services/databases/foundationdb.nix @@ -62,11 +62,11 @@ in { options.services.foundationdb = { - enable = mkEnableOption (lib.mdDoc "FoundationDB Server"); + enable = mkEnableOption "FoundationDB Server"; package = mkOption { type = types.package; - description = lib.mdDoc '' + description = '' The FoundationDB package to use for this server. This must be specified by the user in order to ensure migrations and upgrades are controlled appropriately. ''; @@ -75,19 +75,19 @@ in publicAddress = mkOption { type = types.str; default = "auto"; - description = lib.mdDoc "Publicly visible IP address of the process. Port is determined by process ID"; + description = "Publicly visible IP address of the process. Port is determined by process ID"; }; listenAddress = mkOption { type = types.str; default = "public"; - description = lib.mdDoc "Publicly visible IP address of the process. Port is determined by process ID"; + description = "Publicly visible IP address of the process. Port is determined by process ID"; }; listenPortStart = mkOption { type = types.int; default = 4500; - description = lib.mdDoc '' + description = '' Starting port number for database listening sockets. Every FDB process binds to a subsequent port, to this number reflects the start of the overall range. e.g. having 8 server processes will use all ports between 4500 and 4507. @@ -97,7 +97,7 @@ in openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Open the firewall ports corresponding to FoundationDB processes and coordinators using {option}`config.networking.firewall.*`. ''; @@ -106,43 +106,43 @@ in dataDir = mkOption { type = types.path; default = "/var/lib/foundationdb"; - description = lib.mdDoc "Data directory. All cluster data will be put under here."; + description = "Data directory. All cluster data will be put under here."; }; logDir = mkOption { type = types.path; default = "/var/log/foundationdb"; - description = lib.mdDoc "Log directory."; + description = "Log directory."; }; user = mkOption { type = types.str; default = "foundationdb"; - description = lib.mdDoc "User account under which FoundationDB runs."; + description = "User account under which FoundationDB runs."; }; group = mkOption { type = types.str; default = "foundationdb"; - description = lib.mdDoc "Group account under which FoundationDB runs."; + description = "Group account under which FoundationDB runs."; }; class = mkOption { type = types.nullOr (types.enum [ "storage" "transaction" "stateless" ]); default = null; - description = lib.mdDoc "Process class"; + description = "Process class"; }; restartDelay = mkOption { type = types.int; default = 10; - description = lib.mdDoc "Number of seconds to wait before restarting servers."; + description = "Number of seconds to wait before restarting servers."; }; logSize = mkOption { type = types.str; default = "10MiB"; - description = lib.mdDoc '' + description = '' Roll over to a new log file after the current log file reaches the specified size. ''; @@ -151,7 +151,7 @@ in maxLogSize = mkOption { type = types.str; default = "100MiB"; - description = lib.mdDoc '' + description = '' Delete the oldest log file when the total size of all log files exceeds the specified size. If set to 0, old log files will not be deleted. @@ -161,19 +161,19 @@ in serverProcesses = mkOption { type = types.int; default = 1; - description = lib.mdDoc "Number of fdbserver processes to run."; + description = "Number of fdbserver processes to run."; }; backupProcesses = mkOption { type = types.int; default = 1; - description = lib.mdDoc "Number of backup_agent processes to run for snapshots."; + description = "Number of backup_agent processes to run for snapshots."; }; memory = mkOption { type = types.str; default = "8GiB"; - description = lib.mdDoc '' + description = '' Maximum memory used by the process. The default value is `8GiB`. When specified without a unit, `MiB` is assumed. This parameter does not @@ -195,7 +195,7 @@ in storageMemory = mkOption { type = types.str; default = "1GiB"; - description = lib.mdDoc '' + description = '' Maximum memory used for data storage. The default value is `1GiB`. When specified without a unit, `MB` is assumed. Clusters using the memory @@ -210,7 +210,7 @@ in tls = mkOption { default = null; - description = lib.mdDoc '' + description = '' FoundationDB Transport Security Layer (TLS) settings. ''; @@ -218,7 +218,7 @@ in options = { certificate = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Path to the TLS certificate file. This certificate will be offered to, and may be verified by, clients. ''; @@ -226,13 +226,13 @@ in key = mkOption { type = types.str; - description = lib.mdDoc "Private key file for the certificate."; + description = "Private key file for the certificate."; }; allowedPeers = mkOption { type = types.str; default = "Check.Valid=1,Check.Unexpired=1"; - description = lib.mdDoc '' + description = '' "Peer verification string". This may be used to adjust which TLS client certificates a server will accept, as a form of user authorization; for example, it may only accept TLS clients who @@ -253,7 +253,7 @@ in dataHall = null; }; - description = lib.mdDoc '' + description = '' FoundationDB locality settings. ''; @@ -262,7 +262,7 @@ in machineId = mkOption { default = null; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' Machine identifier key. All processes on a machine should share a unique id. By default, processes on a machine determine a unique id to share. This does not generally need to be set. @@ -272,7 +272,7 @@ in zoneId = mkOption { default = null; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' Zone identifier key. Processes that share a zone id are considered non-unique for the purposes of data replication. If unset, defaults to machine id. @@ -282,7 +282,7 @@ in datacenterId = mkOption { default = null; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' Data center identifier key. All processes physically located in a data center should share the id. If you are depending on data center based replication this must be set on all processes. @@ -292,7 +292,7 @@ in dataHall = mkOption { default = null; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' Data hall identifier key. All processes physically located in a data hall should share the id. If you are depending on data hall based replication this must be set on all processes. @@ -305,7 +305,7 @@ in extraReadWritePaths = mkOption { default = [ ]; type = types.listOf types.path; - description = lib.mdDoc '' + description = '' An extra set of filesystem paths that FoundationDB can read to and write from. By default, FoundationDB runs under a heavily namespaced systemd environment without write access to most of @@ -319,13 +319,13 @@ in pidfile = mkOption { type = types.path; default = "/run/foundationdb.pid"; - description = lib.mdDoc "Path to pidfile for fdbmonitor."; + description = "Path to pidfile for fdbmonitor."; }; traceFormat = mkOption { type = types.enum [ "xml" "json" ]; default = "xml"; - description = lib.mdDoc "Trace logging format."; + description = "Trace logging format."; }; }; diff --git a/nixpkgs/nixos/modules/services/databases/hbase-standalone.nix b/nixpkgs/nixos/modules/services/databases/hbase-standalone.nix index 08ae7625d50a..ac37e3932932 100644 --- a/nixpkgs/nixos/modules/services/databases/hbase-standalone.nix +++ b/nixpkgs/nixos/modules/services/databases/hbase-standalone.nix @@ -41,17 +41,17 @@ in { options = { services.hbase-standalone = { - enable = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption '' HBase master in standalone mode with embedded regionserver and zookeper. - Do not use this configuration for production nor for evaluating HBase performance. - ''); + Do not use this configuration for production nor for evaluating HBase performance + ''; package = mkPackageOption pkgs "hbase" { }; user = mkOption { type = types.str; default = "hbase"; - description = lib.mdDoc '' + description = '' User account under which HBase runs. ''; }; @@ -59,7 +59,7 @@ in { group = mkOption { type = types.str; default = "hbase"; - description = lib.mdDoc '' + description = '' Group account under which HBase runs. ''; }; @@ -67,7 +67,7 @@ in { dataDir = mkOption { type = types.path; default = "/var/lib/hbase"; - description = lib.mdDoc '' + description = '' Specifies location of HBase database files. This location should be writable and readable for the user the HBase service runs as (hbase by default). @@ -77,7 +77,7 @@ in { logDir = mkOption { type = types.path; default = "/var/log/hbase"; - description = lib.mdDoc '' + description = '' Specifies the location of HBase log files. ''; }; @@ -94,7 +94,7 @@ in { "hbase.zookeeper.property.dataDir" = "''${config.${opt.dataDir}}/zookeeper"; } ''; - description = lib.mdDoc '' + description = '' configurations in hbase-site.xml, see <https://github.com/apache/hbase/blob/master/hbase-server/src/test/resources/hbase-site.xml> for details. ''; }; diff --git a/nixpkgs/nixos/modules/services/databases/influxdb.nix b/nixpkgs/nixos/modules/services/databases/influxdb.nix index adb212ab08d0..6dd4ca3b71cd 100644 --- a/nixpkgs/nixos/modules/services/databases/influxdb.nix +++ b/nixpkgs/nixos/modules/services/databases/influxdb.nix @@ -112,7 +112,7 @@ in enable = mkOption { default = false; - description = lib.mdDoc "Whether to enable the influxdb server"; + description = "Whether to enable the influxdb server"; type = types.bool; }; @@ -120,25 +120,25 @@ in user = mkOption { default = "influxdb"; - description = lib.mdDoc "User account under which influxdb runs"; + description = "User account under which influxdb runs"; type = types.str; }; group = mkOption { default = "influxdb"; - description = lib.mdDoc "Group under which influxdb runs"; + description = "Group under which influxdb runs"; type = types.str; }; dataDir = mkOption { default = "/var/db/influxdb"; - description = lib.mdDoc "Data directory for influxd data files."; + description = "Data directory for influxd data files."; type = types.path; }; extraConfig = mkOption { default = {}; - description = lib.mdDoc "Extra configuration options for influxdb"; + description = "Extra configuration options for influxdb"; type = types.attrs; }; }; diff --git a/nixpkgs/nixos/modules/services/databases/influxdb2.nix b/nixpkgs/nixos/modules/services/databases/influxdb2.nix index 2a67d87d4bbb..a534cdfbe165 100644 --- a/nixpkgs/nixos/modules/services/databases/influxdb2.nix +++ b/nixpkgs/nixos/modules/services/databases/influxdb2.nix @@ -17,7 +17,6 @@ let listToAttrs literalExpression mapAttrsToList - mdDoc mkEnableOption mkPackageOption mkIf @@ -130,32 +129,32 @@ let in { options = { present = mkOption { - description = mdDoc "Whether to ensure that this organization is present or absent."; + description = "Whether to ensure that this organization is present or absent."; type = types.bool; default = true; }; description = mkOption { - description = mdDoc "Optional description for the organization."; + description = "Optional description for the organization."; default = null; type = types.nullOr types.str; }; buckets = mkOption { - description = mdDoc "Buckets to provision in this organization."; + description = "Buckets to provision in this organization."; default = {}; type = types.attrsOf (types.submodule (bucketSubmod: let bucket = bucketSubmod.config._module.args.name; in { options = { present = mkOption { - description = mdDoc "Whether to ensure that this bucket is present or absent."; + description = "Whether to ensure that this bucket is present or absent."; type = types.bool; default = true; }; description = mkOption { - description = mdDoc "Optional description for the bucket."; + description = "Optional description for the bucket."; default = null; type = types.nullOr types.str; }; @@ -163,21 +162,21 @@ let retention = mkOption { type = types.ints.unsigned; default = 0; - description = mdDoc "The duration in seconds for which the bucket will retain data (0 is infinite)."; + description = "The duration in seconds for which the bucket will retain data (0 is infinite)."; }; }; })); }; auths = mkOption { - description = mdDoc "API tokens to provision for the user in this organization."; + description = "API tokens to provision for the user in this organization."; default = {}; type = types.attrsOf (types.submodule (authSubmod: let auth = authSubmod.config._module.args.name; in { options = { id = mkOption { - description = mdDoc "A unique identifier for this authentication token. Since influx doesn't store names for tokens, this will be hashed and appended to the description to identify the token."; + description = "A unique identifier for this authentication token. Since influx doesn't store names for tokens, this will be hashed and appended to the description to identify the token."; readOnly = true; default = builtins.substring 0 32 (builtins.hashString "sha256" "${org}:${auth}"); defaultText = "<a hash derived from org and name>"; @@ -185,7 +184,7 @@ let }; present = mkOption { - description = mdDoc "Whether to ensure that this user is present or absent."; + description = "Whether to ensure that this user is present or absent."; type = types.bool; default = true; }; @@ -204,23 +203,23 @@ let tokenFile = mkOption { type = types.nullOr types.path; default = null; - description = mdDoc "The token value. If not given, influx will automatically generate one."; + description = "The token value. If not given, influx will automatically generate one."; }; operator = mkOption { - description = mdDoc "Grants all permissions in all organizations."; + description = "Grants all permissions in all organizations."; default = false; type = types.bool; }; allAccess = mkOption { - description = mdDoc "Grants all permissions in the associated organization."; + description = "Grants all permissions in the associated organization."; default = false; type = types.bool; }; readPermissions = mkOption { - description = mdDoc '' + description = '' The read permissions to include for this token. Access is usually granted only for resources in the associated organization. @@ -239,7 +238,7 @@ let }; writePermissions = mkOption { - description = mdDoc '' + description = '' The read permissions to include for this token. Access is usually granted only for resources in the associated organization. @@ -258,13 +257,13 @@ let }; readBuckets = mkOption { - description = mdDoc "The organization's buckets which should be allowed to be read"; + description = "The organization's buckets which should be allowed to be read"; default = []; type = types.listOf types.str; }; writeBuckets = mkOption { - description = mdDoc "The organization's buckets which should be allowed to be written"; + description = "The organization's buckets which should be allowed to be written"; default = []; type = types.listOf types.str; }; @@ -277,13 +276,13 @@ in { options = { services.influxdb2 = { - enable = mkEnableOption (mdDoc "the influxdb2 server"); + enable = mkEnableOption "the influxdb2 server"; package = mkPackageOption pkgs "influxdb2" { }; settings = mkOption { default = { }; - description = mdDoc ''configuration options for influxdb2, see <https://docs.influxdata.com/influxdb/v2.0/reference/config-options> for details.''; + description = ''configuration options for influxdb2, see <https://docs.influxdata.com/influxdb/v2.0/reference/config-options> for details.''; type = format.type; }; @@ -294,40 +293,40 @@ in organization = mkOption { type = types.str; example = "main"; - description = mdDoc "Primary organization name"; + description = "Primary organization name"; }; bucket = mkOption { type = types.str; example = "example"; - description = mdDoc "Primary bucket name"; + description = "Primary bucket name"; }; username = mkOption { type = types.str; default = "admin"; - description = mdDoc "Primary username"; + description = "Primary username"; }; retention = mkOption { type = types.ints.unsigned; default = 0; - description = mdDoc "The duration in seconds for which the bucket will retain data (0 is infinite)."; + description = "The duration in seconds for which the bucket will retain data (0 is infinite)."; }; passwordFile = mkOption { type = types.path; - description = mdDoc "Password for primary user. Don't use a file from the nix store!"; + description = "Password for primary user. Don't use a file from the nix store!"; }; tokenFile = mkOption { type = types.path; - description = mdDoc "API Token to set for the admin user. Don't use a file from the nix store!"; + description = "API Token to set for the admin user. Don't use a file from the nix store!"; }; }; organizations = mkOption { - description = mdDoc "Organizations to provision."; + description = "Organizations to provision."; example = literalExpression '' { myorg = { @@ -348,7 +347,7 @@ in }; users = mkOption { - description = mdDoc "Users to provision."; + description = "Users to provision."; default = {}; example = literalExpression '' { @@ -362,13 +361,13 @@ in in { options = { present = mkOption { - description = mdDoc "Whether to ensure that this user is present or absent."; + description = "Whether to ensure that this user is present or absent."; type = types.bool; default = true; }; passwordFile = mkOption { - description = mdDoc "Password for the user. If unset, the user will not be able to log in until a password is set by an operator! Don't use a file from the nix store!"; + description = "Password for the user. If unset, the user will not be able to log in until a password is set by an operator! Don't use a file from the nix store!"; default = null; type = types.nullOr types.path; }; diff --git a/nixpkgs/nixos/modules/services/databases/lldap.nix b/nixpkgs/nixos/modules/services/databases/lldap.nix index 033de7af886f..e014a88b3c4f 100644 --- a/nixpkgs/nixos/modules/services/databases/lldap.nix +++ b/nixpkgs/nixos/modules/services/databases/lldap.nix @@ -6,7 +6,7 @@ let in { options.services.lldap = with lib; { - enable = mkEnableOption (mdDoc "lldap"); + enable = mkEnableOption "lldap, a lightweight authentication server that provides an opinionated, simplified LDAP interface for authentication"; package = mkPackageOption pkgs "lldap" { }; @@ -17,7 +17,7 @@ in LLDAP_JWT_SECRET_FILE = "/run/lldap/jwt_secret"; LLDAP_LDAP_USER_PASS_FILE = "/run/lldap/user_password"; }; - description = lib.mdDoc '' + description = '' Environment variables passed to the service. Any config option name prefixed with `LLDAP_` takes priority over the one in the configuration file. ''; @@ -26,13 +26,13 @@ in environmentFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Environment file as defined in {manpage}`systemd.exec(5)` passed to the service. ''; }; settings = mkOption { - description = mdDoc '' + description = '' Free-form settings written directly to the `lldap_config.toml` file. Refer to <https://github.com/lldap/lldap/blob/main/lldap_config.docker_template.toml> for supported values. ''; @@ -44,55 +44,55 @@ in options = { ldap_host = mkOption { type = types.str; - description = mdDoc "The host address that the LDAP server will be bound to."; + description = "The host address that the LDAP server will be bound to."; default = "::"; }; ldap_port = mkOption { type = types.port; - description = mdDoc "The port on which to have the LDAP server."; + description = "The port on which to have the LDAP server."; default = 3890; }; http_host = mkOption { type = types.str; - description = mdDoc "The host address that the HTTP server will be bound to."; + description = "The host address that the HTTP server will be bound to."; default = "::"; }; http_port = mkOption { type = types.port; - description = mdDoc "The port on which to have the HTTP server, for user login and administration."; + description = "The port on which to have the HTTP server, for user login and administration."; default = 17170; }; http_url = mkOption { type = types.str; - description = mdDoc "The public URL of the server, for password reset links."; + description = "The public URL of the server, for password reset links."; default = "http://localhost"; }; ldap_base_dn = mkOption { type = types.str; - description = mdDoc "Base DN for LDAP."; + description = "Base DN for LDAP."; example = "dc=example,dc=com"; }; ldap_user_dn = mkOption { type = types.str; - description = mdDoc "Admin username"; + description = "Admin username"; default = "admin"; }; ldap_user_email = mkOption { type = types.str; - description = mdDoc "Admin email."; + description = "Admin email."; default = "admin@example.com"; }; database_url = mkOption { type = types.str; - description = mdDoc "Database URL."; + description = "Database URL."; default = "sqlite://./users.db?mode=rwc"; example = "postgres://postgres-user:password@postgres-server/my-database"; }; diff --git a/nixpkgs/nixos/modules/services/databases/memcached.nix b/nixpkgs/nixos/modules/services/databases/memcached.nix index fd943c20091a..e38931b6b7ea 100644 --- a/nixpkgs/nixos/modules/services/databases/memcached.nix +++ b/nixpkgs/nixos/modules/services/databases/memcached.nix @@ -17,44 +17,44 @@ in options = { services.memcached = { - enable = mkEnableOption (lib.mdDoc "Memcached"); + enable = mkEnableOption "Memcached"; user = mkOption { type = types.str; default = "memcached"; - description = lib.mdDoc "The user to run Memcached as"; + description = "The user to run Memcached as"; }; listen = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc "The IP address to bind to."; + description = "The IP address to bind to."; }; port = mkOption { type = types.port; default = 11211; - description = lib.mdDoc "The port to bind to."; + description = "The port to bind to."; }; - enableUnixSocket = mkEnableOption (lib.mdDoc "Unix Domain Socket at /run/memcached/memcached.sock instead of listening on an IP address and port. The `listen` and `port` options are ignored."); + enableUnixSocket = mkEnableOption "Unix Domain Socket at /run/memcached/memcached.sock instead of listening on an IP address and port. The `listen` and `port` options are ignored."; maxMemory = mkOption { type = types.ints.unsigned; default = 64; - description = lib.mdDoc "The maximum amount of memory to use for storage, in megabytes."; + description = "The maximum amount of memory to use for storage, in megabytes."; }; maxConnections = mkOption { type = types.ints.unsigned; default = 1024; - description = lib.mdDoc "The maximum number of simultaneous connections."; + description = "The maximum number of simultaneous connections."; }; extraOptions = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc "A list of extra options that will be added as a suffix when running memcached."; + description = "A list of extra options that will be added as a suffix when running memcached."; }; }; diff --git a/nixpkgs/nixos/modules/services/databases/monetdb.nix b/nixpkgs/nixos/modules/services/databases/monetdb.nix index 1dddeda0959c..5025eb30369b 100644 --- a/nixpkgs/nixos/modules/services/databases/monetdb.nix +++ b/nixpkgs/nixos/modules/services/databases/monetdb.nix @@ -12,39 +12,39 @@ in { options = { services.monetdb = { - enable = mkEnableOption (lib.mdDoc "the MonetDB database server"); + enable = mkEnableOption "the MonetDB database server"; package = mkPackageOption pkgs "monetdb" { }; user = mkOption { type = types.str; default = "monetdb"; - description = lib.mdDoc "User account under which MonetDB runs."; + description = "User account under which MonetDB runs."; }; group = mkOption { type = types.str; default = "monetdb"; - description = lib.mdDoc "Group under which MonetDB runs."; + description = "Group under which MonetDB runs."; }; dataDir = mkOption { type = types.path; default = "/var/lib/monetdb"; - description = lib.mdDoc "Data directory for the dbfarm."; + description = "Data directory for the dbfarm."; }; port = mkOption { type = types.ints.u16; default = 50000; - description = lib.mdDoc "Port to listen on."; + description = "Port to listen on."; }; listenAddress = mkOption { type = types.str; default = "127.0.0.1"; example = "0.0.0.0"; - description = lib.mdDoc "Address to listen on."; + description = "Address to listen on."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/databases/mongodb.nix b/nixpkgs/nixos/modules/services/databases/mongodb.nix index f10364bc76c1..8b8a664107f2 100644 --- a/nixpkgs/nixos/modules/services/databases/mongodb.nix +++ b/nixpkgs/nixos/modules/services/databases/mongodb.nix @@ -29,56 +29,56 @@ in services.mongodb = { - enable = mkEnableOption (lib.mdDoc "the MongoDB server"); + enable = mkEnableOption "the MongoDB server"; package = mkPackageOption pkgs "mongodb" { }; user = mkOption { type = types.str; default = "mongodb"; - description = lib.mdDoc "User account under which MongoDB runs"; + description = "User account under which MongoDB runs"; }; bind_ip = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc "IP to bind to"; + description = "IP to bind to"; }; quiet = mkOption { type = types.bool; default = false; - description = lib.mdDoc "quieter output"; + description = "quieter output"; }; enableAuth = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable client authentication. Creates a default superuser with username root!"; + description = "Enable client authentication. Creates a default superuser with username root!"; }; initialRootPassword = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "Password for the root user if auth is enabled."; + description = "Password for the root user if auth is enabled."; }; dbpath = mkOption { type = types.str; default = "/var/db/mongodb"; - description = lib.mdDoc "Location where MongoDB stores its files"; + description = "Location where MongoDB stores its files"; }; pidFile = mkOption { type = types.str; default = "/run/mongodb.pid"; - description = lib.mdDoc "Location of MongoDB pid file"; + description = "Location of MongoDB pid file"; }; replSetName = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' If this instance is part of a replica set, set its name here. Otherwise, leave empty to run as single node. ''; @@ -90,13 +90,13 @@ in example = '' storage.journal.enabled: false ''; - description = lib.mdDoc "MongoDB extra configuration in YAML format"; + description = "MongoDB extra configuration in YAML format"; }; initialScript = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' A file containing MongoDB statements to execute on first startup. ''; }; diff --git a/nixpkgs/nixos/modules/services/databases/mysql.nix b/nixpkgs/nixos/modules/services/databases/mysql.nix index a6d71cca88de..4b2e83e71e20 100644 --- a/nixpkgs/nixos/modules/services/databases/mysql.nix +++ b/nixpkgs/nixos/modules/services/databases/mysql.nix @@ -34,12 +34,12 @@ in services.mysql = { - enable = mkEnableOption (lib.mdDoc "MySQL server"); + enable = mkEnableOption "MySQL server"; package = mkOption { type = types.package; example = literalExpression "pkgs.mariadb"; - description = lib.mdDoc '' + description = '' Which MySQL derivation to use. MariaDB packages are supported too. ''; }; @@ -47,7 +47,7 @@ in user = mkOption { type = types.str; default = "mysql"; - description = lib.mdDoc '' + description = '' User account under which MySQL runs. ::: {.note} @@ -61,7 +61,7 @@ in group = mkOption { type = types.str; default = "mysql"; - description = lib.mdDoc '' + description = '' Group account under which MySQL runs. ::: {.note} @@ -75,7 +75,7 @@ in dataDir = mkOption { type = types.path; example = "/var/lib/mysql"; - description = lib.mdDoc '' + description = '' The data directory for MySQL. ::: {.note} @@ -91,7 +91,7 @@ in defaultText = '' A configuration file automatically generated by NixOS. ''; - description = lib.mdDoc '' + description = '' Override the configuration file used by MySQL. By default, NixOS generates one automatically from {option}`services.mysql.settings`. ''; @@ -110,7 +110,7 @@ in settings = mkOption { type = format.type; default = {}; - description = lib.mdDoc '' + description = '' MySQL configuration. Refer to <https://dev.mysql.com/doc/refman/5.7/en/server-system-variables.html>, <https://dev.mysql.com/doc/refman/8.0/en/server-system-variables.html>, @@ -144,14 +144,14 @@ in options = { name = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The name of the database to create. ''; }; schema = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' The initial schema of the database; if null (the default), an empty database is created. ''; @@ -159,7 +159,7 @@ in }; }); default = []; - description = lib.mdDoc '' + description = '' List of database names and their initial schemas that should be used to create databases on the first startup of MySQL. The schema attribute is optional: If not specified, an empty database is created. ''; @@ -174,13 +174,13 @@ in initialScript = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc "A file containing SQL statements to be executed on the first startup. Can be used for granting certain permissions on the database."; + description = "A file containing SQL statements to be executed on the first startup. Can be used for granting certain permissions on the database."; }; ensureDatabases = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' Ensures that the specified databases exist. This option will never delete existing databases, especially not when the value of this option is changed. This means that databases created once through this option or @@ -197,14 +197,14 @@ in options = { name = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Name of the user to ensure. ''; }; ensurePermissions = mkOption { type = types.attrsOf types.str; default = {}; - description = lib.mdDoc '' + description = '' Permissions to ensure for the user, specified as attribute set. The attribute names specify the database and tables to grant the permissions for, separated by a dot. You may use wildcards here. @@ -226,7 +226,7 @@ in }; }); default = []; - description = lib.mdDoc '' + description = '' Ensures that the specified users exist and have at least the ensured permissions. The MySQL users will be identified using Unix socket authentication. This authenticates the Unix user with the same name only, and that without the need for a password. @@ -256,39 +256,39 @@ in role = mkOption { type = types.enum [ "master" "slave" "none" ]; default = "none"; - description = lib.mdDoc "Role of the MySQL server instance."; + description = "Role of the MySQL server instance."; }; serverId = mkOption { type = types.int; default = 1; - description = lib.mdDoc "Id of the MySQL server instance. This number must be unique for each instance."; + description = "Id of the MySQL server instance. This number must be unique for each instance."; }; masterHost = mkOption { type = types.str; - description = lib.mdDoc "Hostname of the MySQL master server."; + description = "Hostname of the MySQL master server."; }; slaveHost = mkOption { type = types.str; - description = lib.mdDoc "Hostname of the MySQL slave server."; + description = "Hostname of the MySQL slave server."; }; masterUser = mkOption { type = types.str; - description = lib.mdDoc "Username of the MySQL replication user."; + description = "Username of the MySQL replication user."; }; masterPassword = mkOption { type = types.str; - description = lib.mdDoc "Password of the MySQL replication user."; + description = "Password of the MySQL replication user."; }; masterPort = mkOption { type = types.port; default = 3306; - description = lib.mdDoc "Port number on which the MySQL master server runs."; + description = "Port number on which the MySQL master server runs."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/databases/neo4j.nix b/nixpkgs/nixos/modules/services/databases/neo4j.nix index 45630e2d4488..4369ec2007dc 100644 --- a/nixpkgs/nixos/modules/services/databases/neo4j.nix +++ b/nixpkgs/nixos/modules/services/databases/neo4j.nix @@ -121,7 +121,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable Neo4j Community Edition. ''; }; @@ -129,7 +129,7 @@ in { constrainLoadCsv = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Sets the root directory for file URLs used with the Cypher `LOAD CSV` clause to be that defined by {option}`directories.imports`. It restricts @@ -144,7 +144,7 @@ in { defaultListenAddress = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc '' + description = '' Default network interface to listen for incoming connections. To listen for connections on all interfaces, use "0.0.0.0". @@ -158,7 +158,7 @@ in { extraServerConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra configuration for Neo4j Community server. Refer to the [complete reference](https://neo4j.com/docs/operations-manual/current/reference/configuration-settings/) of Neo4j configuration settings. @@ -170,7 +170,7 @@ in { readOnly = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Only allow read operations from this Neo4j instance. ''; }; @@ -178,7 +178,7 @@ in { workerCount = mkOption { type = types.ints.between 0 44738; default = 0; - description = lib.mdDoc '' + description = '' Number of Neo4j worker threads, where the default of `0` indicates a worker count equal to the number of available processors. @@ -189,7 +189,7 @@ in { enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Enable the BOLT connector for Neo4j. Setting this option to `false` will stop Neo4j from listening for incoming connections on the BOLT port (7687 by default). @@ -199,7 +199,7 @@ in { listenAddress = mkOption { type = types.str; default = ":7687"; - description = lib.mdDoc '' + description = '' Neo4j listen address for BOLT traffic. The listen address is expressed in the format `<ip-address>:<port-number>`. ''; @@ -208,7 +208,7 @@ in { sslPolicy = mkOption { type = types.str; default = "legacy"; - description = lib.mdDoc '' + description = '' Neo4j SSL policy for BOLT traffic. The legacy policy is a special policy which is not defined in @@ -226,7 +226,7 @@ in { tlsLevel = mkOption { type = types.enum [ "REQUIRED" "OPTIONAL" "DISABLED" ]; default = "OPTIONAL"; - description = lib.mdDoc '' + description = '' SSL/TSL requirement level for BOLT traffic. ''; }; @@ -237,7 +237,7 @@ in { type = types.path; default = "${cfg.directories.home}/certificates"; defaultText = literalExpression ''"''${config.${opt.directories.home}}/certificates"''; - description = lib.mdDoc '' + description = '' Directory for storing certificates to be used by Neo4j for TLS connections. @@ -260,7 +260,7 @@ in { type = types.path; default = "${cfg.directories.home}/data"; defaultText = literalExpression ''"''${config.${opt.directories.home}}/data"''; - description = lib.mdDoc '' + description = '' Path of the data directory. You must not configure more than one Neo4j installation to use the same data directory. @@ -273,7 +273,7 @@ in { home = mkOption { type = types.path; default = "/var/lib/neo4j"; - description = lib.mdDoc '' + description = '' Path of the Neo4j home directory. Other default directories are subdirectories of this path. This directory will be created if non-existent, and its ownership will be {command}`chown` to @@ -285,7 +285,7 @@ in { type = types.path; default = "${cfg.directories.home}/import"; defaultText = literalExpression ''"''${config.${opt.directories.home}}/import"''; - description = lib.mdDoc '' + description = '' The root directory for file URLs used with the Cypher `LOAD CSV` clause. Only meaningful when {option}`constrainLoadCvs` is set to @@ -301,7 +301,7 @@ in { type = types.path; default = "${cfg.directories.home}/plugins"; defaultText = literalExpression ''"''${config.${opt.directories.home}}/plugins"''; - description = lib.mdDoc '' + description = '' Path of the database plugin directory. Compiled Java JAR files that contain database procedures will be loaded if they are placed in this directory. @@ -317,7 +317,7 @@ in { enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Enable the HTTP connector for Neo4j. Setting this option to `false` will stop Neo4j from listening for incoming connections on the HTTPS port (7474 by default). @@ -327,7 +327,7 @@ in { listenAddress = mkOption { type = types.str; default = ":7474"; - description = lib.mdDoc '' + description = '' Neo4j listen address for HTTP traffic. The listen address is expressed in the format `<ip-address>:<port-number>`. ''; @@ -338,7 +338,7 @@ in { enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Enable the HTTPS connector for Neo4j. Setting this option to `false` will stop Neo4j from listening for incoming connections on the HTTPS port (7473 by default). @@ -348,7 +348,7 @@ in { listenAddress = mkOption { type = types.str; default = ":7473"; - description = lib.mdDoc '' + description = '' Neo4j listen address for HTTPS traffic. The listen address is expressed in the format `<ip-address>:<port-number>`. ''; @@ -357,7 +357,7 @@ in { sslPolicy = mkOption { type = types.str; default = "legacy"; - description = lib.mdDoc '' + description = '' Neo4j SSL policy for HTTPS traffic. The legacy policy is a special policy which is not defined in the @@ -373,7 +373,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable a remote shell server which Neo4j Shell clients can log in to. Only applicable to {command}`neo4j-shell`. ''; @@ -387,7 +387,7 @@ in { allowKeyGeneration = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Allows the generation of a private key and associated self-signed certificate. Only performed when both objects cannot be found for this policy. It is recommended to turn this off again after keys @@ -406,7 +406,7 @@ in { type = types.path; default = "${cfg.directories.certificates}/${name}"; defaultText = literalExpression ''"''${config.${opt.directories.certificates}}/''${name}"''; - description = lib.mdDoc '' + description = '' The mandatory base directory for cryptographic objects of this policy. This path is only automatically generated when this option as well as {option}`directories.certificates` are @@ -423,7 +423,7 @@ in { ciphers = mkOption { type = types.nullOr (types.listOf types.str); default = null; - description = lib.mdDoc '' + description = '' Restrict the allowed ciphers of this policy to those defined here. The default ciphers are those of the JVM platform. ''; @@ -432,7 +432,7 @@ in { clientAuth = mkOption { type = types.enum [ "NONE" "OPTIONAL" "REQUIRE" ]; default = "REQUIRE"; - description = lib.mdDoc '' + description = '' The client authentication stance for this policy. ''; }; @@ -440,7 +440,7 @@ in { privateKey = mkOption { type = types.str; default = "private.key"; - description = lib.mdDoc '' + description = '' The name of private PKCS #8 key file for this policy to be found in the {option}`baseDirectory`, or the absolute path to the key file. It is mandatory that a key can be found or generated. @@ -450,7 +450,7 @@ in { publicCertificate = mkOption { type = types.str; default = "public.crt"; - description = lib.mdDoc '' + description = '' The name of public X.509 certificate (chain) file in PEM format for this policy to be found in the {option}`baseDirectory`, or the absolute path to the certificate file. It is mandatory @@ -466,7 +466,7 @@ in { type = types.path; default = "${config.baseDirectory}/revoked"; defaultText = literalExpression ''"''${config.${options.baseDirectory}}/revoked"''; - description = lib.mdDoc '' + description = '' Path to directory of CRLs (Certificate Revocation Lists) in PEM format. Must be an absolute path. The existence of this directory is mandatory and will need to be created manually when: @@ -481,7 +481,7 @@ in { tlsVersions = mkOption { type = types.listOf types.str; default = [ "TLSv1.2" ]; - description = lib.mdDoc '' + description = '' Restrict the TLS protocol versions of this policy to those defined here. ''; @@ -490,7 +490,7 @@ in { trustAll = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Makes this policy trust all remote parties. Enabling this is not recommended and the policy's trusted directory will be ignored. Use of this mode is discouraged. It would offer encryption but @@ -502,7 +502,7 @@ in { type = types.path; default = "${config.baseDirectory}/trusted"; defaultText = literalExpression ''"''${config.${options.baseDirectory}}/trusted"''; - description = lib.mdDoc '' + description = '' Path to directory of X.509 certificates in PEM format for trusted parties. Must be an absolute path. The existence of this directory is mandatory and will need to be created manually when: @@ -522,7 +522,7 @@ in { type = types.listOf types.path; internal = true; readOnly = true; - description = lib.mdDoc '' + description = '' Directories of this policy that will be created automatically when the certificates directory is left at its default value. This includes all options of type path that are left at their @@ -538,7 +538,7 @@ in { })); default = {}; - description = lib.mdDoc '' + description = '' Defines the SSL policies for use with Neo4j connectors. Each attribute of this set defines a policy, with the attribute name defining the name of the policy and its namespace. Refer to the operations manual section diff --git a/nixpkgs/nixos/modules/services/databases/openldap.nix b/nixpkgs/nixos/modules/services/databases/openldap.nix index df36e37976a4..feb974cdf6d3 100644 --- a/nixpkgs/nixos/modules/services/databases/openldap.nix +++ b/nixpkgs/nixos/modules/services/databases/openldap.nix @@ -31,7 +31,7 @@ let attrs = mkOption { type = types.attrsOf ldapValueType; default = {}; - description = lib.mdDoc "Attributes of the parent entry."; + description = "Attributes of the parent entry."; }; children = mkOption { # Hide the child attributes, to avoid infinite recursion in e.g. documentation @@ -40,7 +40,7 @@ let hiddenOptions = lib.mapAttrs (name: attr: attr // { visible = false; }) options; in types.attrsOf (types.submodule { options = hiddenOptions; }); default = {}; - description = lib.mdDoc "Child entries of the current entry, with recursively the same structure."; + description = "Child entries of the current entry, with recursively the same structure."; example = lib.literalExpression '' { "cn=schema" = { @@ -59,7 +59,7 @@ let includes = mkOption { type = types.listOf types.path; default = []; - description = lib.mdDoc '' + description = '' LDIF files to include after the parent's attributes but before its children. ''; }; @@ -88,7 +88,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the ldap server."; + description = "Whether to enable the ldap server."; }; package = mkPackageOption pkgs "openldap" { @@ -102,25 +102,25 @@ in { user = mkOption { type = types.str; default = "openldap"; - description = lib.mdDoc "User account under which slapd runs."; + description = "User account under which slapd runs."; }; group = mkOption { type = types.str; default = "openldap"; - description = lib.mdDoc "Group account under which slapd runs."; + description = "Group account under which slapd runs."; }; urlList = mkOption { type = types.listOf types.str; default = [ "ldap:///" ]; - description = lib.mdDoc "URL list slapd should listen on."; + description = "URL list slapd should listen on."; example = [ "ldaps:///" ]; }; settings = mkOption { type = ldapAttrsType; - description = lib.mdDoc "Configuration for OpenLDAP, in OLC format"; + description = "Configuration for OpenLDAP, in OLC format"; example = lib.literalExpression '' { attrs.olcLogLevel = [ "stats" ]; @@ -168,7 +168,7 @@ in { configDir = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Use this config directory instead of generating one from the `settings` option. Overrides all NixOS settings. ''; @@ -178,7 +178,7 @@ in { mutableConfig = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to allow writable on-line configuration. If `true`, the NixOS settings will only be used to initialize the OpenLDAP configuration if it does not exist, and are @@ -189,7 +189,7 @@ in { declarativeContents = mkOption { type = with types; attrsOf lines; default = {}; - description = lib.mdDoc '' + description = '' Declarative contents for the LDAP database, in LDIF format by suffix. All data will be erased when starting the LDAP server. Modifications diff --git a/nixpkgs/nixos/modules/services/databases/opentsdb.nix b/nixpkgs/nixos/modules/services/databases/opentsdb.nix index 25f413db809f..e104c42f8b24 100644 --- a/nixpkgs/nixos/modules/services/databases/opentsdb.nix +++ b/nixpkgs/nixos/modules/services/databases/opentsdb.nix @@ -15,14 +15,14 @@ in { services.opentsdb = { - enable = mkEnableOption (lib.mdDoc "OpenTSDB"); + enable = mkEnableOption "OpenTSDB"; package = mkPackageOption pkgs "opentsdb" { }; user = mkOption { type = types.str; default = "opentsdb"; - description = lib.mdDoc '' + description = '' User account under which OpenTSDB runs. ''; }; @@ -30,7 +30,7 @@ in { group = mkOption { type = types.str; default = "opentsdb"; - description = lib.mdDoc '' + description = '' Group account under which OpenTSDB runs. ''; }; @@ -38,7 +38,7 @@ in { port = mkOption { type = types.port; default = 4242; - description = lib.mdDoc '' + description = '' Which port OpenTSDB listens on. ''; }; @@ -49,7 +49,7 @@ in { tsd.core.auto_create_metrics = true tsd.http.request.enable_chunked = true ''; - description = lib.mdDoc '' + description = '' The contents of OpenTSDB's configuration file ''; }; diff --git a/nixpkgs/nixos/modules/services/databases/pgbouncer.nix b/nixpkgs/nixos/modules/services/databases/pgbouncer.nix index 157d49c13161..32538789fb17 100644 --- a/nixpkgs/nixos/modules/services/databases/pgbouncer.nix +++ b/nixpkgs/nixos/modules/services/databases/pgbouncer.nix @@ -77,14 +77,14 @@ in { # NixOS settings - enable = mkEnableOption (lib.mdDoc "PostgreSQL connection pooler"); + enable = mkEnableOption "PostgreSQL connection pooler"; package = mkPackageOption pkgs "pgbouncer" { }; openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to automatically open the specified TCP port in the firewall. ''; }; @@ -94,7 +94,7 @@ in { logFile = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Specifies a log file in addition to journald. ''; }; @@ -103,7 +103,7 @@ in { type = types.nullOr types.commas; example = "*"; default = null; - description = lib.mdDoc '' + description = '' Specifies a list (comma-separated) of addresses where to listen for TCP connections. You may also use * meaning “listen on all addresses”. When not set, only Unix socket connections are accepted. @@ -115,7 +115,7 @@ in { listenPort = mkOption { type = types.port; default = 6432; - description = lib.mdDoc '' + description = '' Which port to listen on. Applies to both TCP and Unix sockets. ''; }; @@ -123,7 +123,7 @@ in { poolMode = mkOption { type = types.enum [ "session" "transaction" "statement" ]; default = "session"; - description = lib.mdDoc '' + description = '' Specifies when a server connection can be reused by other clients. session @@ -139,7 +139,7 @@ in { maxClientConn = mkOption { type = types.int; default = 100; - description = lib.mdDoc '' + description = '' Maximum number of client connections allowed. When this setting is increased, then the file descriptor limits in the operating system @@ -160,7 +160,7 @@ in { defaultPoolSize = mkOption { type = types.int; default = 20; - description = lib.mdDoc '' + description = '' How many server connections to allow per user/database pair. Can be overridden in the per-database configuration. ''; @@ -169,7 +169,7 @@ in { maxDbConnections = mkOption { type = types.int; default = 0; - description = lib.mdDoc '' + description = '' Do not allow more than this many server connections per database (regardless of user). This considers the PgBouncer database that the client has connected to, not the PostgreSQL database of the outgoing connection. @@ -189,7 +189,7 @@ in { maxUserConnections = mkOption { type = types.int; default = 0; - description = lib.mdDoc '' + description = '' Do not allow more than this many server connections per user (regardless of database). This considers the PgBouncer user that is associated with a pool, which is either the user specified for the server connection @@ -211,7 +211,7 @@ in { type = types.nullOr types.commas; example = "extra_float_digits"; default = null; - description = lib.mdDoc '' + description = '' By default, PgBouncer allows only parameters it can keep track of in startup packets: client_encoding, datestyle, timezone and standard_conforming_strings. @@ -236,7 +236,7 @@ in { bardb = "host=localhost dbname=bazdb"; foodb = "host=host1.example.com port=5432"; }; - description = lib.mdDoc '' + description = '' Detailed information about PostgreSQL database definitions: <https://www.pgbouncer.org/config.html#section-databases> ''; @@ -249,7 +249,7 @@ in { example = { user1 = "pool_mode=session"; }; - description = lib.mdDoc '' + description = '' Optional. Detailed information about PostgreSQL user definitions: @@ -265,7 +265,7 @@ in { "1" = "host=host1.example.com"; "2" = "host=/tmp/pgbouncer-2 port=5555"; }; - description = lib.mdDoc '' + description = '' Optional. Detailed information about PostgreSQL database definitions: @@ -277,7 +277,7 @@ in { authType = mkOption { type = types.enum [ "cert" "md5" "scram-sha-256" "plain" "trust" "any" "hba" "pam" ]; default = "md5"; - description = lib.mdDoc '' + description = '' How to authenticate users. cert @@ -312,7 +312,7 @@ in { type = types.nullOr types.path; default = null; example = "/secrets/pgbouncer_hba"; - description = lib.mdDoc '' + description = '' HBA configuration file to use when authType is hba. See HBA file format details: @@ -324,7 +324,7 @@ in { type = types.nullOr types.path; default = null; example = "/secrets/pgbouncer_authfile"; - description = lib.mdDoc '' + description = '' The name of the file to load user names and passwords from. See section Authentication file format details: @@ -339,7 +339,7 @@ in { type = types.nullOr types.str; default = null; example = "pgbouncer"; - description = lib.mdDoc '' + description = '' If authUser is set, then any user not specified in authFile will be queried through the authQuery query from pg_shadow in the database, using authUser. The password of authUser will be taken from authFile. @@ -354,7 +354,7 @@ in { type = types.nullOr types.str; default = null; example = "SELECT usename, passwd FROM pg_shadow WHERE usename=$1"; - description = lib.mdDoc '' + description = '' Query to load user's password from database. Direct access to pg_shadow requires admin rights. @@ -369,7 +369,7 @@ in { type = types.nullOr types.str; default = null; example = "authdb"; - description = lib.mdDoc '' + description = '' Database name in the [database] section to be used for authentication purposes. This option can be either global or overriden in the connection string if this parameter is specified. ''; @@ -382,7 +382,7 @@ in { sslmode = mkOption { type = types.enum [ "disable" "allow" "prefer" "require" "verify-ca" "verify-full" ]; default = "disable"; - description = lib.mdDoc '' + description = '' TLS mode to use for connections from clients. TLS connections are disabled by default. @@ -409,22 +409,22 @@ in { certFile = mkOption { type = types.path; example = "/secrets/pgbouncer.key"; - description = lib.mdDoc "Path to certificate for private key. Clients can validate it"; + description = "Path to certificate for private key. Clients can validate it"; }; keyFile = mkOption { type = types.path; example = "/secrets/pgbouncer.crt"; - description = lib.mdDoc "Path to private key for PgBouncer to accept client connections"; + description = "Path to private key for PgBouncer to accept client connections"; }; caFile = mkOption { type = types.path; example = "/secrets/pgbouncer.crt"; - description = lib.mdDoc "Path to root certificate file to validate client certificates"; + description = "Path to root certificate file to validate client certificates"; }; }; }); default = null; - description = lib.mdDoc '' + description = '' <https://www.pgbouncer.org/config.html#tls-settings> ''; }; @@ -435,7 +435,7 @@ in { sslmode = mkOption { type = types.enum [ "disable" "allow" "prefer" "require" "verify-ca" "verify-full" ]; default = "disable"; - description = lib.mdDoc '' + description = '' TLS mode to use for connections to PostgreSQL servers. TLS connections are disabled by default. @@ -461,22 +461,22 @@ in { certFile = mkOption { type = types.path; example = "/secrets/pgbouncer_server.key"; - description = lib.mdDoc "Certificate for private key. PostgreSQL server can validate it."; + description = "Certificate for private key. PostgreSQL server can validate it."; }; keyFile = mkOption { type = types.path; example = "/secrets/pgbouncer_server.crt"; - description = lib.mdDoc "Private key for PgBouncer to authenticate against PostgreSQL server."; + description = "Private key for PgBouncer to authenticate against PostgreSQL server."; }; caFile = mkOption { type = types.path; example = "/secrets/pgbouncer_server.crt"; - description = lib.mdDoc "Root certificate file to validate PostgreSQL server certificates."; + description = "Root certificate file to validate PostgreSQL server certificates."; }; }; }); default = null; - description = lib.mdDoc '' + description = '' <https://www.pgbouncer.org/config.html#tls-settings> ''; }; @@ -488,28 +488,28 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Toggles syslog on/off. ''; }; syslogIdent = mkOption { type = types.str; default = "pgbouncer"; - description = lib.mdDoc '' + description = '' Under what name to send logs to syslog. ''; }; syslogFacility = mkOption { type = types.enum [ "auth" "authpriv" "daemon" "user" "local0" "local1" "local2" "local3" "local4" "local5" "local6" "local7" ]; default = "daemon"; - description = lib.mdDoc '' + description = '' Under what facility to send logs to syslog. ''; }; }; }); default = null; - description = lib.mdDoc '' + description = '' <https://www.pgbouncer.org/config.html#log-settings> ''; }; @@ -517,7 +517,7 @@ in { verbose = lib.mkOption { type = lib.types.int; default = 0; - description = lib.mdDoc '' + description = '' Increase verbosity. Mirrors the “-v” switch on the command line. ''; }; @@ -526,7 +526,7 @@ in { adminUsers = mkOption { type = types.nullOr types.commas; default = null; - description = lib.mdDoc '' + description = '' Comma-separated list of database users that are allowed to connect and run all commands on the console. Ignored when authType is any, in which case any user name is allowed in as admin. ''; @@ -535,7 +535,7 @@ in { statsUsers = mkOption { type = types.nullOr types.commas; default = null; - description = lib.mdDoc '' + description = '' Comma-separated list of database users that are allowed to connect and run read-only queries on the console. That means all SHOW commands except SHOW FDS. ''; @@ -545,7 +545,7 @@ in { openFilesLimit = lib.mkOption { type = lib.types.int; default = 65536; - description = lib.mdDoc '' + description = '' Maximum number of open files. ''; }; @@ -553,7 +553,7 @@ in { user = mkOption { type = types.str; default = "pgbouncer"; - description = lib.mdDoc '' + description = '' The user pgbouncer is run as. ''; }; @@ -561,7 +561,7 @@ in { group = mkOption { type = types.str; default = "pgbouncer"; - description = lib.mdDoc '' + description = '' The group pgbouncer is run as. ''; }; @@ -569,7 +569,7 @@ in { homeDir = mkOption { type = types.path; default = "/var/lib/pgbouncer"; - description = lib.mdDoc '' + description = '' Specifies the home directory. ''; }; @@ -577,7 +577,7 @@ in { # Extra settings extraConfig = mkOption { type = types.lines; - description = lib.mdDoc '' + description = '' Any additional text to be appended to config.ini <https://www.pgbouncer.org/config.html>. ''; diff --git a/nixpkgs/nixos/modules/services/databases/pgmanage.nix b/nixpkgs/nixos/modules/services/databases/pgmanage.nix index 4b963aee4640..c405162ed87e 100644 --- a/nixpkgs/nixos/modules/services/databases/pgmanage.nix +++ b/nixpkgs/nixos/modules/services/databases/pgmanage.nix @@ -44,7 +44,7 @@ let in { options.services.pgmanage = { - enable = mkEnableOption (lib.mdDoc "PostgreSQL Administration for the web"); + enable = mkEnableOption "PostgreSQL Administration for the web"; package = mkPackageOption pkgs "pgmanage" { }; @@ -55,7 +55,7 @@ in { nuc-server = "hostaddr=192.168.0.100 port=5432 dbname=postgres"; mini-server = "hostaddr=127.0.0.1 port=5432 dbname=postgres sslmode=require"; }; - description = lib.mdDoc '' + description = '' pgmanage requires at least one PostgreSQL server be defined. Detailed information about PostgreSQL connection strings is available at: @@ -71,7 +71,7 @@ in { allowCustomConnections = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' This tells pgmanage whether or not to allow anyone to use a custom connection from the login screen. ''; @@ -80,7 +80,7 @@ in { port = mkOption { type = types.port; default = 8080; - description = lib.mdDoc '' + description = '' This tells pgmanage what port to listen on for browser requests. ''; }; @@ -88,7 +88,7 @@ in { localOnly = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' This tells pgmanage whether or not to set the listening socket to local addresses only. ''; @@ -97,7 +97,7 @@ in { superOnly = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' This tells pgmanage whether or not to only allow super users to login. The recommended value is true and will restrict users who are not super users from logging in to any PostgreSQL instance through @@ -109,7 +109,7 @@ in { loginGroup = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' This tells pgmanage to only allow users in a certain PostgreSQL group to login to pgmanage. Note that a connection will be made to PostgreSQL in order to test if the user is a member of the login group. @@ -119,7 +119,7 @@ in { loginTimeout = mkOption { type = types.int; default = 3600; - description = lib.mdDoc '' + description = '' Number of seconds of inactivity before user is automatically logged out. ''; @@ -128,7 +128,7 @@ in { sqlRoot = mkOption { type = types.str; default = "/var/lib/pgmanage"; - description = lib.mdDoc '' + description = '' This tells pgmanage where to put the SQL file history. All tabs are saved to this location so that if you get disconnected from pgmanage you don't lose your work. @@ -140,16 +140,16 @@ in { options = { cert = mkOption { type = types.str; - description = lib.mdDoc "TLS certificate"; + description = "TLS certificate"; }; key = mkOption { type = types.str; - description = lib.mdDoc "TLS key"; + description = "TLS key"; }; }; }); default = null; - description = lib.mdDoc '' + description = '' These options tell pgmanage where the TLS Certificate and Key files reside. If you use these options then you'll only be able to access pgmanage through a secure TLS connection. These options are only @@ -165,7 +165,7 @@ in { logLevel = mkOption { type = types.enum ["error" "warn" "notice" "info"]; default = "error"; - description = lib.mdDoc '' + description = '' Verbosity of logs ''; }; diff --git a/nixpkgs/nixos/modules/services/databases/postgresql.md b/nixpkgs/nixos/modules/services/databases/postgresql.md index 6cce8f542a53..8a587832cd8c 100644 --- a/nixpkgs/nixos/modules/services/databases/postgresql.md +++ b/nixpkgs/nixos/modules/services/databases/postgresql.md @@ -118,7 +118,7 @@ are already created. before = "service1.service"; after = "postgresql.service"; serviceConfig.User = "postgres"; - environment.PSQL = "psql --port=${toString services.postgresql.port}"; + environment.PSQL = "psql --port=${toString services.postgresql.settings.port}"; path = [ postgresql ]; script = '' $PSQL service1 -c 'GRANT SELECT ON ALL TABLES IN SCHEMA public TO "extraUser1"' @@ -139,7 +139,7 @@ are already created. ```nix { - environment.PSQL = "psql --port=${toString services.postgresql.port}"; + environment.PSQL = "psql --port=${toString services.postgresql.settings.port}"; path = [ postgresql ]; systemd.services."service1".preStart = '' $PSQL -c 'GRANT SELECT ON ALL TABLES IN SCHEMA public TO "extraUser1"' @@ -159,7 +159,7 @@ are already created. before = "service1.service"; after = "postgresql.service"; serviceConfig.User = "service1"; - environment.PSQL = "psql --port=${toString services.postgresql.port}"; + environment.PSQL = "psql --port=${toString services.postgresql.settings.port}"; path = [ postgresql ]; script = '' $PSQL -c 'GRANT SELECT ON ALL TABLES IN SCHEMA public TO "extraUser1"' diff --git a/nixpkgs/nixos/modules/services/databases/postgresql.nix b/nixpkgs/nixos/modules/services/databases/postgresql.nix index c3f3b98ae5e7..35d3ba0aa209 100644 --- a/nixpkgs/nixos/modules/services/databases/postgresql.nix +++ b/nixpkgs/nixos/modules/services/databases/postgresql.nix @@ -1,8 +1,31 @@ { config, lib, pkgs, ... }: -with lib; - let + inherit (lib) + attrValues + concatMapStrings + concatStringsSep + const + elem + filterAttrs + isString + literalExpression + mapAttrs + mapAttrsToList + mkAfter + mkBefore + mkDefault + mkEnableOption + mkIf + mkMerge + mkOption + mkPackageOption + mkRemovedOptionModule + mkRenamedOptionModule + optionalString + types + versionAtLeast + ; cfg = config.services.postgresql; @@ -24,10 +47,10 @@ let if true == value then "yes" else if false == value then "no" else if isString value then "'${lib.replaceStrings ["'"] ["''"] value}'" - else toString value; + else builtins.toString value; # The main PostgreSQL configuration file. - configFile = pkgs.writeTextDir "postgresql.conf" (concatStringsSep "\n" (mapAttrsToList (n: v: "${n} = ${toStr v}") cfg.settings)); + configFile = pkgs.writeTextDir "postgresql.conf" (concatStringsSep "\n" (mapAttrsToList (n: v: "${n} = ${toStr v}") (filterAttrs (const (x: x != null)) cfg.settings))); configFileCheck = pkgs.runCommand "postgresql-configfile-check" {} '' ${cfg.package}/bin/postgres -D${configFile} -C config_file >/dev/null @@ -41,6 +64,9 @@ in { imports = [ (mkRemovedOptionModule [ "services" "postgresql" "extraConfig" ] "Use services.postgresql.settings instead.") + + (mkRenamedOptionModule [ "services" "postgresql" "logLinePrefix" ] [ "services" "postgresql" "settings" "log_line_prefix" ]) + (mkRenamedOptionModule [ "services" "postgresql" "port" ] [ "services" "postgresql" "settings" "port" ]) ]; ###### interface @@ -49,33 +75,25 @@ in services.postgresql = { - enable = mkEnableOption (lib.mdDoc "PostgreSQL Server"); + enable = mkEnableOption "PostgreSQL Server"; - enableJIT = mkEnableOption (lib.mdDoc "JIT support"); + enableJIT = mkEnableOption "JIT support"; package = mkPackageOption pkgs "postgresql" { example = "postgresql_15"; }; - port = mkOption { - type = types.port; - default = 5432; - description = lib.mdDoc '' - The port on which PostgreSQL listens. - ''; - }; - checkConfig = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Check the syntax of the configuration file at compile time"; + description = "Check the syntax of the configuration file at compile time"; }; dataDir = mkOption { type = types.path; defaultText = literalExpression ''"/var/lib/postgresql/''${config.services.postgresql.package.psqlSchema}"''; example = "/var/lib/postgresql/15"; - description = lib.mdDoc '' + description = '' The data directory for PostgreSQL. If left as the default value this directory will automatically be created before the PostgreSQL server starts, otherwise the sysadmin is responsible for ensuring the directory exists with appropriate ownership @@ -86,7 +104,7 @@ in authentication = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Defines how users authenticate themselves to the server. See the [PostgreSQL documentation for pg_hba.conf](https://www.postgresql.org/docs/current/auth-pg-hba-conf.html) for details on the expected format of this option. By default, @@ -106,7 +124,7 @@ in map-name-0 system-username-0 database-username-0 map-name-1 system-username-1 database-username-1 ''; - description = lib.mdDoc '' + description = '' Defines the mapping from system users to database users. See the [auth doc](https://postgresql.org/docs/current/auth-username-maps.html). @@ -117,7 +135,7 @@ in type = with types; listOf str; default = []; example = [ "--data-checksums" "--allow-group-access" ]; - description = lib.mdDoc '' + description = '' Additional arguments passed to `initdb` during data dir initialisation. ''; @@ -131,7 +149,7 @@ in alter user postgres with password 'myPassword'; ''';''; - description = lib.mdDoc '' + description = '' A file containing SQL statements to execute on first startup. ''; }; @@ -139,7 +157,7 @@ in ensureDatabases = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' Ensures that the specified databases exist. This option will never delete existing databases, especially not when the value of this option is changed. This means that databases created once through this option or @@ -156,7 +174,7 @@ in options = { name = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Name of the user to ensure. ''; }; @@ -164,7 +182,7 @@ in ensureDBOwnership = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Grants the user ownership to a database with the same name. This database must be defined manually in [](#opt-services.postgresql.ensureDatabases). @@ -172,7 +190,7 @@ in }; ensureClauses = mkOption { - description = lib.mdDoc '' + description = '' An attrset of clauses to grant to the user. Under the hood this uses the [ALTER USER syntax](https://www.postgresql.org/docs/current/sql-alteruser.html) for each attrName where the attrValue is true in the attrSet: @@ -197,7 +215,7 @@ in in { superuser = mkOption { type = types.nullOr types.bool; - description = lib.mdDoc '' + description = '' Grants the user, created by the ensureUser attr, superuser permissions. From the postgres docs: A database superuser bypasses all permission checks, @@ -214,7 +232,7 @@ in }; createrole = mkOption { type = types.nullOr types.bool; - description = lib.mdDoc '' + description = '' Grants the user, created by the ensureUser attr, createrole permissions. From the postgres docs: A role must be explicitly given permission to create more @@ -233,7 +251,7 @@ in }; createdb = mkOption { type = types.nullOr types.bool; - description = lib.mdDoc '' + description = '' Grants the user, created by the ensureUser attr, createdb permissions. From the postgres docs: A role must be explicitly given permission to create @@ -248,7 +266,7 @@ in }; "inherit" = mkOption { type = types.nullOr types.bool; - description = lib.mdDoc '' + description = '' Grants the user created inherit permissions. From the postgres docs: A role is given permission to inherit the privileges of @@ -263,7 +281,7 @@ in }; login = mkOption { type = types.nullOr types.bool; - description = lib.mdDoc '' + description = '' Grants the user, created by the ensureUser attr, login permissions. From the postgres docs: Only roles that have the LOGIN attribute can be used as @@ -285,7 +303,7 @@ in }; replication = mkOption { type = types.nullOr types.bool; - description = lib.mdDoc '' + description = '' Grants the user, created by the ensureUser attr, replication permissions. From the postgres docs: A role must explicitly be given permission to initiate @@ -301,7 +319,7 @@ in }; bypassrls = mkOption { type = types.nullOr types.bool; - description = lib.mdDoc '' + description = '' Grants the user, created by the ensureUser attr, replication permissions. From the postgres docs: A role must be explicitly given permission to bypass @@ -321,7 +339,7 @@ in }; }); default = []; - description = lib.mdDoc '' + description = '' Ensures that the specified users exist. The PostgreSQL users will be identified using peer authentication. This authenticates the Unix user with the same name only, and that without the need for a password. @@ -345,37 +363,57 @@ in enableTCPIP = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether PostgreSQL should listen on all network interfaces. If disabled, the database can only be accessed via its Unix domain socket or via TCP connections to localhost. ''; }; - logLinePrefix = mkOption { - type = types.str; - default = "[%p] "; - example = "%m [%p] "; - description = lib.mdDoc '' - A printf-style string that is output at the beginning of each log line. - Upstream default is `'%m [%p] '`, i.e. it includes the timestamp. We do - not include the timestamp, because journal has it anyway. - ''; - }; - extraPlugins = mkOption { type = with types; coercedTo (listOf path) (path: _ignorePg: path) (functionTo (listOf path)); default = _: []; example = literalExpression "ps: with ps; [ postgis pg_repack ]"; - description = lib.mdDoc '' + description = '' List of PostgreSQL plugins. ''; }; settings = mkOption { - type = with types; attrsOf (oneOf [ bool float int str ]); + type = with types; submodule { + freeformType = attrsOf (oneOf [ bool float int str ]); + options = { + shared_preload_libraries = mkOption { + type = nullOr (coercedTo (listOf str) (concatStringsSep ", ") str); + default = null; + example = literalExpression ''[ "auto_explain" "anon" ]''; + description = '' + List of libraries to be preloaded. + ''; + }; + + log_line_prefix = mkOption { + type = types.str; + default = "[%p] "; + example = "%m [%p] "; + description = '' + A printf-style string that is output at the beginning of each log line. + Upstream default is `'%m [%p] '`, i.e. it includes the timestamp. We do + not include the timestamp, because journal has it anyway. + ''; + }; + + port = mkOption { + type = types.port; + default = 5432; + description = '' + The port on which PostgreSQL listens. + ''; + }; + }; + }; default = {}; - description = lib.mdDoc '' + description = '' PostgreSQL configuration. Refer to <https://www.postgresql.org/docs/current/config-setting.html#CONFIG-SETTING-CONFIGURATION-FILE> for an overview of `postgresql.conf`. @@ -399,7 +437,7 @@ in recoveryConfig = mkOption { type = types.nullOr types.lines; default = null; - description = lib.mdDoc '' + description = '' Contents of the {file}`recovery.conf` file. ''; }; @@ -409,7 +447,7 @@ in default = "postgres"; internal = true; readOnly = true; - description = lib.mdDoc '' + description = '' PostgreSQL superuser account to use for various operations. Internal since changing this value would lead to breakage while setting up databases. ''; @@ -424,7 +462,7 @@ in config = mkIf cfg.enable { assertions = map ({ name, ensureDBOwnership, ... }: { - assertion = ensureDBOwnership -> builtins.elem name cfg.ensureDatabases; + assertion = ensureDBOwnership -> elem name cfg.ensureDatabases; message = '' For each database user defined with `services.postgresql.ensureUsers` and `ensureDBOwnership = true;`, a database with the same name must be defined @@ -439,9 +477,7 @@ in hba_file = "${pkgs.writeText "pg_hba.conf" cfg.authentication}"; ident_file = "${pkgs.writeText "pg_ident.conf" cfg.identMap}"; log_destination = "stderr"; - log_line_prefix = cfg.logLinePrefix; listen_addresses = if cfg.enableTCPIP then "*" else "localhost"; - port = cfg.port; jit = mkDefault (if cfg.enableJIT then "on" else "off"); }; @@ -524,7 +560,7 @@ in # Wait for PostgreSQL to be ready to accept connections. postStart = '' - PSQL="psql --port=${toString cfg.port}" + PSQL="psql --port=${builtins.toString cfg.settings.port}" while ! $PSQL -d postgres -c "" 2> /dev/null; do if ! kill -0 "$MAINPID"; then exit 1; fi diff --git a/nixpkgs/nixos/modules/services/databases/redis.nix b/nixpkgs/nixos/modules/services/databases/redis.nix index 2e644895a260..ad88a4f589a2 100644 --- a/nixpkgs/nixos/modules/services/databases/redis.nix +++ b/nixpkgs/nixos/modules/services/databases/redis.nix @@ -56,22 +56,22 @@ in { services.redis = { package = mkPackageOption pkgs "redis" { }; - vmOverCommit = mkEnableOption (lib.mdDoc '' - setting of vm.overcommit_memory to 1 + vmOverCommit = mkEnableOption '' + set `vm.overcommit_memory` sysctl to 1 (Suggested for Background Saving: <https://redis.io/docs/get-started/faq/>) - ''); + '' // { default = true; }; servers = mkOption { type = with types; attrsOf (submodule ({ config, name, ... }: { options = { - enable = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption '' Redis server. Note that the NixOS module for Redis disables kernel support for Transparent Huge Pages (THP), because this features causes major performance problems for Redis, e.g. (https://redis.io/topics/latency) - ''); + ''; user = mkOption { type = types.str; @@ -79,14 +79,14 @@ in { defaultText = literalExpression '' if name == "" then "redis" else "redis-''${name}" ''; - description = lib.mdDoc "The username and groupname for redis-server."; + description = "The username and groupname for redis-server."; }; port = mkOption { type = types.port; default = if name == "" then 6379 else 0; defaultText = literalExpression ''if name == "" then 6379 else 0''; - description = lib.mdDoc '' + description = '' The TCP port to accept connections. If port 0 is specified Redis will not listen on a TCP socket. ''; @@ -95,7 +95,7 @@ in { openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to open ports in the firewall for the server. ''; }; @@ -103,14 +103,14 @@ in { extraParams = mkOption { type = with types; listOf str; default = []; - description = lib.mdDoc "Extra parameters to append to redis-server invocation"; + description = "Extra parameters to append to redis-server invocation"; example = [ "--sentinel" ]; }; bind = mkOption { type = with types; nullOr str; default = "127.0.0.1"; - description = lib.mdDoc '' + description = '' The IP interface to bind to. `null` means "all interfaces". ''; @@ -123,13 +123,13 @@ in { defaultText = literalExpression '' if name == "" then "/run/redis/redis.sock" else "/run/redis-''${name}/redis.sock" ''; - description = lib.mdDoc "The path to the socket to bind to."; + description = "The path to the socket to bind to."; }; unixSocketPerm = mkOption { type = types.int; default = 660; - description = lib.mdDoc "Change permissions for the socket"; + description = "Change permissions for the socket"; example = 600; }; @@ -137,38 +137,38 @@ in { type = types.str; default = "notice"; # debug, verbose, notice, warning example = "debug"; - description = lib.mdDoc "Specify the server verbosity level, options: debug, verbose, notice, warning."; + description = "Specify the server verbosity level, options: debug, verbose, notice, warning."; }; logfile = mkOption { type = types.str; default = "/dev/null"; - description = lib.mdDoc "Specify the log file name. Also 'stdout' can be used to force Redis to log on the standard output."; + description = "Specify the log file name. Also 'stdout' can be used to force Redis to log on the standard output."; example = "/var/log/redis.log"; }; syslog = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Enable logging to the system logger."; + description = "Enable logging to the system logger."; }; databases = mkOption { type = types.int; default = 16; - description = lib.mdDoc "Set the number of databases."; + description = "Set the number of databases."; }; maxclients = mkOption { type = types.int; default = 10000; - description = lib.mdDoc "Set the max number of connected clients at the same time."; + description = "Set the max number of connected clients at the same time."; }; save = mkOption { type = with types; listOf (listOf int); default = [ [900 1] [300 10] [60 10000] ]; - description = mdDoc '' + description = '' The schedule in which data is persisted to disk, represented as a list of lists where the first element represent the amount of seconds and the second the number of changes. If set to the empty list (`[]`) then RDB persistence will be disabled (useful if you are using AOF or don't want any persistence). @@ -180,27 +180,27 @@ in { options = { ip = mkOption { type = str; - description = lib.mdDoc "IP of the Redis master"; + description = "IP of the Redis master"; example = "192.168.1.100"; }; port = mkOption { type = port; - description = lib.mdDoc "port of the Redis master"; + description = "port of the Redis master"; default = 6379; }; }; })); default = null; - description = lib.mdDoc "IP and port to which this redis instance acts as a slave."; + description = "IP and port to which this redis instance acts as a slave."; example = { ip = "192.168.1.100"; port = 6379; }; }; masterAuth = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc ''If the master is password protected (using the requirePass configuration) + description = ''If the master is password protected (using the requirePass configuration) it is possible to tell the slave to authenticate before starting the replication synchronization process, otherwise the master will refuse the slave request. (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)''; @@ -209,7 +209,7 @@ in { requirePass = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Password for database (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE). Use requirePassFile to store it outside of the nix store in a dedicated file. ''; @@ -219,40 +219,40 @@ in { requirePassFile = mkOption { type = with types; nullOr path; default = null; - description = lib.mdDoc "File with password for the database."; + description = "File with password for the database."; example = "/run/keys/redis-password"; }; appendOnly = mkOption { type = types.bool; default = false; - description = lib.mdDoc "By default data is only periodically persisted to disk, enable this option to use an append-only file for improved persistence."; + description = "By default data is only periodically persisted to disk, enable this option to use an append-only file for improved persistence."; }; appendFsync = mkOption { type = types.str; default = "everysec"; # no, always, everysec - description = lib.mdDoc "How often to fsync the append-only log, options: no, always, everysec."; + description = "How often to fsync the append-only log, options: no, always, everysec."; }; slowLogLogSlowerThan = mkOption { type = types.int; default = 10000; - description = lib.mdDoc "Log queries whose execution take longer than X in milliseconds."; + description = "Log queries whose execution take longer than X in milliseconds."; example = 1000; }; slowLogMaxLen = mkOption { type = types.int; default = 128; - description = lib.mdDoc "Maximum number of items to keep in slow log."; + description = "Maximum number of items to keep in slow log."; }; settings = mkOption { # TODO: this should be converted to freeformType type = with types; attrsOf (oneOf [ bool int str (listOf str) ]); default = {}; - description = lib.mdDoc '' + description = '' Redis configuration. Refer to <https://redis.io/topics/config> for details on supported values. @@ -292,7 +292,7 @@ in { (mkIf (config.requirePass != null) { requirepass = config.requirePass; }) ]; })); - description = lib.mdDoc "Configuration of multiple `redis-server` instances."; + description = "Configuration of multiple `redis-server` instances."; default = {}; }; }; @@ -312,10 +312,9 @@ in { ''; }) enabledServers); - boot.kernel.sysctl = mkMerge [ - { "vm.nr_hugepages" = "0"; } - ( mkIf cfg.vmOverCommit { "vm.overcommit_memory" = "1"; } ) - ]; + boot.kernel.sysctl = mkIf cfg.vmOverCommit { + "vm.overcommit_memory" = "1"; + }; networking.firewall.allowedTCPPorts = concatMap (conf: optional conf.openFirewall conf.port @@ -338,7 +337,7 @@ in { after = [ "network.target" ]; serviceConfig = { - ExecStart = "${cfg.package}/bin/redis-server /var/lib/${redisName name}/redis.conf ${escapeShellArgs conf.extraParams}"; + ExecStart = "${cfg.package}/bin/${cfg.package.serverBin or "redis-server"} /var/lib/${redisName name}/redis.conf ${escapeShellArgs conf.extraParams}"; ExecStartPre = "+"+pkgs.writeShellScript "${redisName name}-prep-conf" (let redisConfVar = "/var/lib/${redisName name}/redis.conf"; redisConfRun = "/run/${redisName name}/nixos.conf"; @@ -391,7 +390,8 @@ in { RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ]; RestrictNamespaces = true; LockPersonality = true; - MemoryDenyWriteExecute = true; + # we need to disable MemoryDenyWriteExecute for keydb + MemoryDenyWriteExecute = cfg.package.pname != "keydb"; RestrictRealtime = true; RestrictSUIDSGID = true; PrivateMounts = true; diff --git a/nixpkgs/nixos/modules/services/databases/rethinkdb.nix b/nixpkgs/nixos/modules/services/databases/rethinkdb.nix index f5391b48e89c..c764d6c21c6c 100644 --- a/nixpkgs/nixos/modules/services/databases/rethinkdb.nix +++ b/nixpkgs/nixos/modules/services/databases/rethinkdb.nix @@ -15,7 +15,7 @@ in services.rethinkdb = { - enable = mkEnableOption (lib.mdDoc "RethinkDB server"); + enable = mkEnableOption "RethinkDB server"; #package = mkOption { # default = pkgs.rethinkdb; @@ -24,22 +24,22 @@ in user = mkOption { default = "rethinkdb"; - description = lib.mdDoc "User account under which RethinkDB runs."; + description = "User account under which RethinkDB runs."; }; group = mkOption { default = "rethinkdb"; - description = lib.mdDoc "Group which rethinkdb user belongs to."; + description = "Group which rethinkdb user belongs to."; }; dbpath = mkOption { default = "/var/db/rethinkdb"; - description = lib.mdDoc "Location where RethinkDB stores its data, 1 data directory per instance."; + description = "Location where RethinkDB stores its data, 1 data directory per instance."; }; pidpath = mkOption { default = "/run/rethinkdb"; - description = lib.mdDoc "Location where each instance's pid file is located."; + description = "Location where each instance's pid file is located."; }; #cfgpath = mkOption { diff --git a/nixpkgs/nixos/modules/services/databases/surrealdb.nix b/nixpkgs/nixos/modules/services/databases/surrealdb.nix index 55216d022d1c..08a6cca043ca 100644 --- a/nixpkgs/nixos/modules/services/databases/surrealdb.nix +++ b/nixpkgs/nixos/modules/services/databases/surrealdb.nix @@ -8,13 +8,13 @@ in { options = { services.surrealdb = { - enable = mkEnableOption (lib.mdDoc "SurrealDB, a scalable, distributed, collaborative, document-graph database, for the realtime web"); + enable = mkEnableOption "SurrealDB, a scalable, distributed, collaborative, document-graph database, for the realtime web"; package = mkPackageOption pkgs "surrealdb" { }; dbPath = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The path that surrealdb will write data to. Use null for in-memory. Can be one of "memory", "file://:path", "tikv://:addr". ''; @@ -24,7 +24,7 @@ in { host = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The host that surrealdb will connect to. ''; default = "127.0.0.1"; @@ -33,7 +33,7 @@ in { port = mkOption { type = types.port; - description = lib.mdDoc '' + description = '' The port that surrealdb will connect to. ''; default = 8000; @@ -44,7 +44,7 @@ in { type = types.listOf types.str; default = []; example = [ "--allow-all" "--auth" "--user root" "--pass root" ]; - description = lib.mdDoc '' + description = '' Specify a list of additional command line flags, which get escaped and are then passed to surrealdb. ''; diff --git a/nixpkgs/nixos/modules/services/databases/tigerbeetle.nix b/nixpkgs/nixos/modules/services/databases/tigerbeetle.nix index b90a0703175f..a9c7a24250a6 100644 --- a/nixpkgs/nixos/modules/services/databases/tigerbeetle.nix +++ b/nixpkgs/nixos/modules/services/databases/tigerbeetle.nix @@ -11,14 +11,14 @@ in options = { services.tigerbeetle = with lib; { - enable = mkEnableOption (mdDoc "TigerBeetle server"); + enable = mkEnableOption "TigerBeetle server"; package = mkPackageOption pkgs "tigerbeetle" { }; clusterId = mkOption { type = types.either types.ints.unsigned (types.strMatching "[0-9]+"); default = 0; - description = lib.mdDoc '' + description = '' The 128-bit cluster ID used to create the replica data file (if needed). Since Nix only supports integers up to 64 bits, you need to pass a string to this if the cluster ID can't fit in 64 bits. Otherwise, you can pass the cluster ID as either an integer or a string. @@ -28,7 +28,7 @@ in replicaIndex = mkOption { type = types.ints.unsigned; default = 0; - description = lib.mdDoc '' + description = '' The index (starting at 0) of the replica in the cluster. ''; }; @@ -36,7 +36,7 @@ in replicaCount = mkOption { type = types.ints.unsigned; default = 1; - description = lib.mdDoc '' + description = '' The number of replicas participating in replication of the cluster. ''; }; @@ -44,7 +44,7 @@ in cacheGridSize = mkOption { type = types.strMatching "[0-9]+(K|M|G)B"; default = "1GB"; - description = lib.mdDoc '' + description = '' The grid cache size. The grid cache acts like a page cache for TigerBeetle. It is recommended to set this as large as possible. @@ -54,7 +54,7 @@ in addresses = mkOption { type = types.listOf types.nonEmptyStr; default = [ "3001" ]; - description = lib.mdDoc '' + description = '' The addresses of all replicas in the cluster. This should be a list of IPv4/IPv6 addresses with port numbers. Either the address or port number (but not both) may be omitted, in which case a default of 127.0.0.1 or 3001 will be used. diff --git a/nixpkgs/nixos/modules/services/databases/victoriametrics.nix b/nixpkgs/nixos/modules/services/databases/victoriametrics.nix index 0ad2028c95b0..923163a8049e 100644 --- a/nixpkgs/nixos/modules/services/databases/victoriametrics.nix +++ b/nixpkgs/nixos/modules/services/databases/victoriametrics.nix @@ -2,26 +2,26 @@ let cfg = config.services.victoriametrics; in { options.services.victoriametrics = with lib; { - enable = mkEnableOption (lib.mdDoc "victoriametrics"); + enable = mkEnableOption "VictoriaMetrics, a time series database, long-term remote storage for Prometheus"; package = mkPackageOption pkgs "victoriametrics" { }; listenAddress = mkOption { default = ":8428"; type = types.str; - description = lib.mdDoc '' + description = '' The listen address for the http interface. ''; }; retentionPeriod = mkOption { type = types.int; default = 1; - description = lib.mdDoc '' + description = '' Retention period in months. ''; }; extraOptions = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' Extra options to pass to VictoriaMetrics. See the README: <https://github.com/VictoriaMetrics/VictoriaMetrics/blob/master/README.md> or {command}`victoriametrics -help` for more diff --git a/nixpkgs/nixos/modules/services/desktop-managers/lomiri.nix b/nixpkgs/nixos/modules/services/desktop-managers/lomiri.nix new file mode 100644 index 000000000000..e11867b69107 --- /dev/null +++ b/nixpkgs/nixos/modules/services/desktop-managers/lomiri.nix @@ -0,0 +1,171 @@ +{ config, pkgs, lib, ... }: + +let + cfg = config.services.desktopManager.lomiri; +in { + options.services.desktopManager.lomiri = { + enable = lib.mkEnableOption '' + the Lomiri graphical shell (formerly known as Unity8) + ''; + }; + + config = lib.mkIf cfg.enable { + environment = { + systemPackages = (with pkgs; [ + glib # XDG MIME-related tools identify it as GNOME, add gio for MIME identification to work + libayatana-common + ubports-click + ]) ++ (with pkgs.lomiri; [ + content-hub + hfd-service + history-service + libusermetrics + lomiri + lomiri-download-manager + lomiri-schemas # exposes some required dbus interfaces + lomiri-session # wrappers to properly launch the session + lomiri-sounds + lomiri-system-settings + lomiri-terminal-app + lomiri-thumbnailer + lomiri-url-dispatcher + lomiri-wallpapers + mediascanner2 # TODO possibly needs to be kicked off by graphical-session.target + morph-browser + qtmir # not having its desktop file for Xwayland available causes any X11 application to crash the session + suru-icon-theme + telephony-service + ]); + }; + + networking.networkmanager.enable = lib.mkDefault true; + + systemd.packages = with pkgs.lomiri; [ + hfd-service + lomiri-download-manager + ]; + + services.dbus.packages = with pkgs.lomiri; [ + hfd-service + libusermetrics + lomiri-download-manager + ]; + + fonts.packages = with pkgs; [ + # Applications tend to default to Ubuntu font + ubuntu_font_family + ]; + + # Copy-pasted basic stuff + hardware.opengl.enable = lib.mkDefault true; + fonts.enableDefaultPackages = lib.mkDefault true; + programs.dconf.enable = lib.mkDefault true; + + # Xwayland is partly hardcoded in Mir so it can't really be fully turned off, and it must be on PATH for X11 apps *and Lomiri's web browser* to work. + # Until Mir/Lomiri can be properly used without it, force it on so everything behaves as expected. + programs.xwayland.enable = lib.mkForce true; + + services.accounts-daemon.enable = true; + + services.ayatana-indicators = { + enable = true; + packages = (with pkgs; [ + ayatana-indicator-datetime + ayatana-indicator-messages + ayatana-indicator-session + ]) ++ (with pkgs.lomiri; [ + telephony-service + ] ++ lib.optionals config.networking.networkmanager.enable [ + lomiri-indicator-network + ]); + }; + + services.udisks2.enable = true; + services.upower.enable = true; + services.geoclue2.enable = true; + + services.gnome.evolution-data-server = { + enable = true; + plugins = with pkgs; [ + # TODO: lomiri.address-book-service + ]; + }; + + services.telepathy.enable = true; + + services.displayManager = { + defaultSession = lib.mkDefault "lomiri"; + sessionPackages = with pkgs.lomiri; [ lomiri-session ]; + }; + + services.xserver = { + enable = lib.mkDefault true; + displayManager.lightdm = { + enable = lib.mkDefault true; + greeters.lomiri.enable = lib.mkDefault true; + }; + }; + + environment.pathsToLink = [ + # Configs for inter-app data exchange system + "/share/content-hub/peers" + # Configs for inter-app URL requests + "/share/lomiri-url-dispatcher/urls" + # Splash screens & other images for desktop apps launched via lomiri-app-launch + "/share/lomiri-app-launch" + # TODO Try to get maliit stuff working + "/share/maliit/plugins" + # At least the network indicator is still under the unity name, due to leftover Unity-isms + "/share/unity" + # Data + "/share/locale" # TODO LUITK hardcoded default locale path, fix individual apps to not rely on it + "/share/sounds" + "/share/wallpapers" + ]; + + systemd.user.services = { + # Unconditionally run service that collects system-installed URL handlers before LUD + # TODO also run user-installed one? + "lomiri-url-dispatcher-update-system-dir" = { + description = "Lomiri URL dispatcher system directory updater"; + wantedBy = [ "lomiri-url-dispatcher.service" ]; + before = [ "lomiri-url-dispatcher.service" ]; + serviceConfig = { + Type = "oneshot"; + ExecStart = "${pkgs.lomiri.lomiri-url-dispatcher}/libexec/lomiri-url-dispatcher/lomiri-update-directory /run/current-system/sw/share/lomiri-url-dispatcher/urls/"; + }; + }; + }; + + systemd.services = { + "dbus-com.lomiri.UserMetrics" = { + serviceConfig = { + Type = "dbus"; + BusName = "com.lomiri.UserMetrics"; + User = "usermetrics"; + StandardOutput = "syslog"; + SyslogIdentifier = "com.lomiri.UserMetrics"; + ExecStart = "${pkgs.lomiri.libusermetrics}/libexec/libusermetrics/usermetricsservice"; + } // lib.optionalAttrs (!config.security.apparmor.enable) { + # Due to https://gitlab.com/ubports/development/core/libusermetrics/-/issues/8, auth must be disabled when not using AppArmor, lest the next database usage breaks + Environment = "USERMETRICS_NO_AUTH=1"; + }; + }; + }; + + users.users.usermetrics = { + group = "usermetrics"; + home = "/var/lib/usermetrics"; + createHome = true; + isSystemUser = true; + }; + + users.groups.usermetrics = { }; + + # TODO content-hub cannot pass files between applications without asking AA for permissions. And alot of the Lomiri stack is designed with AA availability in mind. This might be a requirement to be closer to upstream? + # But content-hub currently fails to pass files between applications even with AA enabled, and we can get away without AA in many places. Let's see how this develops before requiring this for good. + # security.apparmor.enable = true; + }; + + meta.maintainers = lib.teams.lomiri.members; +} diff --git a/nixpkgs/nixos/modules/services/desktop-managers/plasma6.nix b/nixpkgs/nixos/modules/services/desktop-managers/plasma6.nix index e20b431f0b58..08507b4d370a 100644 --- a/nixpkgs/nixos/modules/services/desktop-managers/plasma6.nix +++ b/nixpkgs/nixos/modules/services/desktop-managers/plasma6.nix @@ -20,13 +20,13 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable the Plasma 6 (KDE 6) desktop environment."; + description = "Enable the Plasma 6 (KDE 6) desktop environment."; }; enableQt5Integration = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Enable Qt 5 integration (theming, etc). Disable for a pure Qt 6 system."; + description = "Enable Qt 5 integration (theming, etc). Disable for a pure Qt 6 system."; }; notoPackage = mkPackageOptionMD pkgs "Noto fonts - used for UI by default" { @@ -36,7 +36,7 @@ in { }; environment.plasma6.excludePackages = mkOption { - description = lib.mdDoc "List of default packages to exclude from the configuration"; + description = "List of default packages to exclude from the configuration"; type = types.listOf types.package; default = []; example = literalExpression "[ pkgs.kdePackages.elisa ]"; @@ -170,7 +170,17 @@ in { breeze.qt5 plasma-integration.qt5 pkgs.plasma5Packages.kwayland-integration - pkgs.plasma5Packages.kio + ( + # Only symlink the KIO plugins, so we don't accidentally pull any services + # like KCMs or kcookiejar + let + kioPluginPath = "${pkgs.plasma5Packages.qtbase.qtPluginPrefix}/kf5/kio"; + inherit (pkgs.plasma5Packages) kio; + in pkgs.runCommand "kio5-plugins-only" {} '' + mkdir -p $out/${kioPluginPath} + ln -s ${kio}/${kioPluginPath}/* $out/${kioPluginPath} + '' + ) kio-extras-kf5 ] # Optional hardware support features @@ -228,7 +238,7 @@ in { services.system-config-printer.enable = mkIf config.services.printing.enable (mkDefault true); services.udisks2.enable = true; services.upower.enable = config.powerManagement.enable; - services.xserver.libinput.enable = mkDefault true; + services.libinput.enable = mkDefault true; # Extra UDEV rules used by Solid services.udev.packages = [ @@ -246,11 +256,11 @@ in { xdg.portal.configPackages = mkDefault [kdePackages.xdg-desktop-portal-kde]; services.pipewire.enable = mkDefault true; - services.xserver.displayManager = { + services.displayManager = { sessionPackages = [kdePackages.plasma-workspace]; defaultSession = mkDefault "plasma"; }; - services.xserver.displayManager.sddm = { + services.displayManager.sddm = { package = kdePackages.sddm; theme = mkDefault "breeze"; wayland.compositor = "kwin"; @@ -286,6 +296,7 @@ in { }; programs.kdeconnect.package = kdePackages.kdeconnect-kde; + programs.partition-manager.package = kdePackages.partitionmanager; # FIXME: ugly hack. See #292632 for details. system.userActivationScripts.rebuildSycoca = activationScript; diff --git a/nixpkgs/nixos/modules/services/desktops/accountsservice.nix b/nixpkgs/nixos/modules/services/desktops/accountsservice.nix index af62850acdc1..ae2ecb5ffeb7 100644 --- a/nixpkgs/nixos/modules/services/desktops/accountsservice.nix +++ b/nixpkgs/nixos/modules/services/desktops/accountsservice.nix @@ -19,7 +19,7 @@ with lib; enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable AccountsService, a DBus service for accessing the list of user accounts and information attached to those accounts. ''; diff --git a/nixpkgs/nixos/modules/services/desktops/ayatana-indicators.nix b/nixpkgs/nixos/modules/services/desktops/ayatana-indicators.nix index abc687bbd43d..613a2f03ea05 100644 --- a/nixpkgs/nixos/modules/services/desktops/ayatana-indicators.nix +++ b/nixpkgs/nixos/modules/services/desktops/ayatana-indicators.nix @@ -9,15 +9,15 @@ let in { options.services.ayatana-indicators = { - enable = lib.mkEnableOption (lib.mdDoc '' + enable = lib.mkEnableOption '' Ayatana Indicators, a continuation of Canonical's Application Indicators - ''); + ''; packages = lib.mkOption { type = lib.types.listOf lib.types.package; default = [ ]; example = lib.literalExpression "with pkgs; [ ayatana-indicator-messages ]"; - description = lib.mdDoc '' + description = '' List of packages containing Ayatana Indicator services that should be brought up by the SystemD "ayatana-indicators" user target. diff --git a/nixpkgs/nixos/modules/services/desktops/bamf.nix b/nixpkgs/nixos/modules/services/desktops/bamf.nix index 3e40a7055348..13de3a44328f 100644 --- a/nixpkgs/nixos/modules/services/desktops/bamf.nix +++ b/nixpkgs/nixos/modules/services/desktops/bamf.nix @@ -13,7 +13,7 @@ with lib; options = { services.bamf = { - enable = mkEnableOption (lib.mdDoc "bamf"); + enable = mkEnableOption "bamf"; }; }; diff --git a/nixpkgs/nixos/modules/services/desktops/blueman.nix b/nixpkgs/nixos/modules/services/desktops/blueman.nix index fad2f21bce5b..28c2daa7191d 100644 --- a/nixpkgs/nixos/modules/services/desktops/blueman.nix +++ b/nixpkgs/nixos/modules/services/desktops/blueman.nix @@ -9,7 +9,7 @@ in { ###### interface options = { services.blueman = { - enable = mkEnableOption (lib.mdDoc "blueman"); + enable = mkEnableOption "blueman, a bluetooth manager"; }; }; diff --git a/nixpkgs/nixos/modules/services/desktops/cpupower-gui.nix b/nixpkgs/nixos/modules/services/desktops/cpupower-gui.nix index 47071aebce8d..f66afc0a3dc1 100644 --- a/nixpkgs/nixos/modules/services/desktops/cpupower-gui.nix +++ b/nixpkgs/nixos/modules/services/desktops/cpupower-gui.nix @@ -11,7 +11,7 @@ in { type = lib.types.bool; default = false; example = true; - description = lib.mdDoc '' + description = '' Enables dbus/systemd service needed by cpupower-gui. These services are responsible for retrieving and modifying cpu power saving settings. diff --git a/nixpkgs/nixos/modules/services/desktops/deepin/app-services.nix b/nixpkgs/nixos/modules/services/desktops/deepin/app-services.nix index a6c33af03e95..4702274df374 100644 --- a/nixpkgs/nixos/modules/services/desktops/deepin/app-services.nix +++ b/nixpkgs/nixos/modules/services/desktops/deepin/app-services.nix @@ -14,7 +14,7 @@ with lib; services.deepin.app-services = { - enable = mkEnableOption (lib.mdDoc "service collection of DDE applications, including dconfig-center"); + enable = mkEnableOption "service collection of DDE applications, including dconfig-center"; }; diff --git a/nixpkgs/nixos/modules/services/desktops/deepin/dde-api.nix b/nixpkgs/nixos/modules/services/desktops/deepin/dde-api.nix index 459876febf21..36f9881fc766 100644 --- a/nixpkgs/nixos/modules/services/desktops/deepin/dde-api.nix +++ b/nixpkgs/nixos/modules/services/desktops/deepin/dde-api.nix @@ -14,10 +14,10 @@ with lib; services.deepin.dde-api = { - enable = mkEnableOption (lib.mdDoc '' - some dbus interfaces that is used for screen zone detecting, + enable = mkEnableOption '' + the DDE API, which provides some dbus interfaces that is used for screen zone detecting, thumbnail generating, and sound playing in Deepin Desktop Environment - ''); + ''; }; diff --git a/nixpkgs/nixos/modules/services/desktops/deepin/dde-daemon.nix b/nixpkgs/nixos/modules/services/desktops/deepin/dde-daemon.nix index 356d323bcbdf..ed4cd15bc271 100644 --- a/nixpkgs/nixos/modules/services/desktops/deepin/dde-daemon.nix +++ b/nixpkgs/nixos/modules/services/desktops/deepin/dde-daemon.nix @@ -14,7 +14,7 @@ with lib; services.deepin.dde-daemon = { - enable = mkEnableOption (lib.mdDoc "daemon for handling the deepin session settings"); + enable = mkEnableOption "daemon for handling the deepin session settings"; }; diff --git a/nixpkgs/nixos/modules/services/desktops/dleyna-renderer.nix b/nixpkgs/nixos/modules/services/desktops/dleyna-renderer.nix index daf65180b36f..7f88605f627c 100644 --- a/nixpkgs/nixos/modules/services/desktops/dleyna-renderer.nix +++ b/nixpkgs/nixos/modules/services/desktops/dleyna-renderer.nix @@ -10,7 +10,7 @@ with lib; enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable dleyna-renderer service, a DBus service for handling DLNA renderers. ''; diff --git a/nixpkgs/nixos/modules/services/desktops/dleyna-server.nix b/nixpkgs/nixos/modules/services/desktops/dleyna-server.nix index 9cbcd2a9cdae..9a131a5e700f 100644 --- a/nixpkgs/nixos/modules/services/desktops/dleyna-server.nix +++ b/nixpkgs/nixos/modules/services/desktops/dleyna-server.nix @@ -10,7 +10,7 @@ with lib; enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable dleyna-server service, a DBus service for handling DLNA servers. ''; diff --git a/nixpkgs/nixos/modules/services/desktops/espanso.nix b/nixpkgs/nixos/modules/services/desktops/espanso.nix index cbc48034795e..4ef6724dda0a 100644 --- a/nixpkgs/nixos/modules/services/desktops/espanso.nix +++ b/nixpkgs/nixos/modules/services/desktops/espanso.nix @@ -6,7 +6,7 @@ in { meta = { maintainers = with lib.maintainers; [ numkem ]; }; options = { - services.espanso = { enable = options.mkEnableOption (lib.mdDoc "Espanso"); }; + services.espanso = { enable = options.mkEnableOption "Espanso"; }; }; config = mkIf cfg.enable { diff --git a/nixpkgs/nixos/modules/services/desktops/flatpak.nix b/nixpkgs/nixos/modules/services/desktops/flatpak.nix index 62ef38a3d554..cda0a17d0475 100644 --- a/nixpkgs/nixos/modules/services/desktops/flatpak.nix +++ b/nixpkgs/nixos/modules/services/desktops/flatpak.nix @@ -14,7 +14,7 @@ in { ###### interface options = { services.flatpak = { - enable = mkEnableOption (lib.mdDoc "flatpak"); + enable = mkEnableOption "flatpak"; }; }; diff --git a/nixpkgs/nixos/modules/services/desktops/geoclue2.nix b/nixpkgs/nixos/modules/services/desktops/geoclue2.nix index 2a68bb0b55f3..72a26933b222 100644 --- a/nixpkgs/nixos/modules/services/desktops/geoclue2.nix +++ b/nixpkgs/nixos/modules/services/desktops/geoclue2.nix @@ -16,19 +16,19 @@ let options = { desktopID = mkOption { type = types.str; - description = lib.mdDoc "Desktop ID of the application."; + description = "Desktop ID of the application."; }; isAllowed = mkOption { type = types.bool; - description = lib.mdDoc '' + description = '' Whether the application will be allowed access to location information. ''; }; isSystem = mkOption { type = types.bool; - description = lib.mdDoc '' + description = '' Whether the application is a system component or not. ''; }; @@ -36,7 +36,7 @@ let users = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' List of UIDs of all users for which this application is allowed location info access, Defaults to an empty string to allow it for all users. ''; @@ -67,7 +67,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable GeoClue 2 daemon, a DBus service that provides location information for accessing. ''; @@ -76,7 +76,7 @@ in enableDemoAgent = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to use the GeoClue demo agent. This should be overridden by desktop environments that provide their own agent. @@ -86,7 +86,7 @@ in enableNmea = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to fetch location from NMEA sources on local network. ''; }; @@ -94,7 +94,7 @@ in enable3G = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable 3G source. ''; }; @@ -102,7 +102,7 @@ in enableCDMA = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable CDMA source. ''; }; @@ -110,7 +110,7 @@ in enableModemGPS = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable Modem-GPS source. ''; }; @@ -118,7 +118,7 @@ in enableWifi = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable WiFi source. ''; }; @@ -127,7 +127,7 @@ in type = types.str; default = "https://location.services.mozilla.com/v1/geolocate?key=geoclue"; example = "https://www.googleapis.com/geolocation/v1/geolocate?key=YOUR_KEY"; - description = lib.mdDoc '' + description = '' The url to the wifi GeoLocation Service. ''; }; @@ -135,7 +135,7 @@ in submitData = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to submit data to a GeoLocation Service. ''; }; @@ -143,7 +143,7 @@ in submissionUrl = mkOption { type = types.str; default = "https://location.services.mozilla.com/v1/submit?key=geoclue"; - description = lib.mdDoc '' + description = '' The url to submit data to a GeoLocation Service. ''; }; @@ -151,7 +151,7 @@ in submissionNick = mkOption { type = types.str; default = "geoclue"; - description = lib.mdDoc '' + description = '' A nickname to submit network data with. Must be 2-32 characters long. ''; @@ -167,7 +167,7 @@ in users = [ "300" ]; }; ''; - description = lib.mdDoc '' + description = '' Specify extra settings per application. ''; }; diff --git a/nixpkgs/nixos/modules/services/desktops/gnome/at-spi2-core.nix b/nixpkgs/nixos/modules/services/desktops/gnome/at-spi2-core.nix index d0320c1e6307..6ed5b198fe4f 100644 --- a/nixpkgs/nixos/modules/services/desktops/gnome/at-spi2-core.nix +++ b/nixpkgs/nixos/modules/services/desktops/gnome/at-spi2-core.nix @@ -2,32 +2,21 @@ { config, lib, pkgs, ... }: -with lib; - { meta = { - maintainers = teams.gnome.members; + maintainers = lib.teams.gnome.members; }; ###### interface - - # Added 2021-05-07 - imports = [ - (mkRenamedOptionModule - [ "services" "gnome3" "at-spi2-core" "enable" ] - [ "services" "gnome" "at-spi2-core" "enable" ] - ) - ]; - options = { services.gnome.at-spi2-core = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable at-spi2-core, a service for the Assistive Technologies available on the GNOME platform. @@ -43,14 +32,14 @@ with lib; ###### implementation - config = mkMerge [ - (mkIf config.services.gnome.at-spi2-core.enable { + config = lib.mkMerge [ + (lib.mkIf config.services.gnome.at-spi2-core.enable { environment.systemPackages = [ pkgs.at-spi2-core ]; services.dbus.packages = [ pkgs.at-spi2-core ]; systemd.packages = [ pkgs.at-spi2-core ]; }) - (mkIf (!config.services.gnome.at-spi2-core.enable) { + (lib.mkIf (!config.services.gnome.at-spi2-core.enable) { environment.sessionVariables = { NO_AT_BRIDGE = "1"; GTK_A11Y = "none"; diff --git a/nixpkgs/nixos/modules/services/desktops/gnome/evolution-data-server.nix b/nixpkgs/nixos/modules/services/desktops/gnome/evolution-data-server.nix index a8db7dce8fdf..a43e8dadb421 100644 --- a/nixpkgs/nixos/modules/services/desktops/gnome/evolution-data-server.nix +++ b/nixpkgs/nixos/modules/services/desktops/gnome/evolution-data-server.nix @@ -2,45 +2,31 @@ { config, lib, pkgs, ... }: -with lib; - { meta = { - maintainers = teams.gnome.members; + maintainers = lib.teams.gnome.members; }; - # Added 2021-05-07 - imports = [ - (mkRenamedOptionModule - [ "services" "gnome3" "evolution-data-server" "enable" ] - [ "services" "gnome" "evolution-data-server" "enable" ] - ) - (mkRenamedOptionModule - [ "services" "gnome3" "evolution-data-server" "plugins" ] - [ "services" "gnome" "evolution-data-server" "plugins" ] - ) - ]; - ###### interface options = { services.gnome.evolution-data-server = { - enable = mkEnableOption (lib.mdDoc "Evolution Data Server, a collection of services for storing addressbooks and calendars"); - plugins = mkOption { - type = types.listOf types.package; + enable = lib.mkEnableOption "Evolution Data Server, a collection of services for storing addressbooks and calendars"; + plugins = lib.mkOption { + type = lib.types.listOf lib.types.package; default = [ ]; - description = lib.mdDoc "Plugins for Evolution Data Server."; + description = "Plugins for Evolution Data Server."; }; }; programs.evolution = { - enable = mkEnableOption (lib.mdDoc "Evolution, a Personal information management application that provides integrated mail, calendaring and address book functionality"); - plugins = mkOption { - type = types.listOf types.package; + enable = lib.mkEnableOption "Evolution, a Personal information management application that provides integrated mail, calendaring and address book functionality"; + plugins = lib.mkOption { + type = lib.types.listOf lib.types.package; default = [ ]; - example = literalExpression "[ pkgs.evolution-ews ]"; - description = lib.mdDoc "Plugins for Evolution."; + example = lib.literalExpression "[ pkgs.evolution-ews ]"; + description = "Plugins for Evolution."; }; }; @@ -52,15 +38,15 @@ with lib; let bundle = pkgs.evolutionWithPlugins.override { inherit (config.services.gnome.evolution-data-server) plugins; }; in - mkMerge [ - (mkIf config.services.gnome.evolution-data-server.enable { + lib.mkMerge [ + (lib.mkIf config.services.gnome.evolution-data-server.enable { environment.systemPackages = [ bundle ]; services.dbus.packages = [ bundle ]; systemd.packages = [ bundle ]; }) - (mkIf config.programs.evolution.enable { + (lib.mkIf config.programs.evolution.enable { services.gnome.evolution-data-server = { enable = true; plugins = [ pkgs.evolution ] ++ config.programs.evolution.plugins; diff --git a/nixpkgs/nixos/modules/services/desktops/gnome/glib-networking.nix b/nixpkgs/nixos/modules/services/desktops/gnome/glib-networking.nix index 6b54f46f0cf5..905901f47084 100644 --- a/nixpkgs/nixos/modules/services/desktops/gnome/glib-networking.nix +++ b/nixpkgs/nixos/modules/services/desktops/gnome/glib-networking.nix @@ -2,29 +2,19 @@ { config, pkgs, lib, ... }: -with lib; - { meta = { - maintainers = teams.gnome.members; + maintainers = lib.teams.gnome.members; }; - # Added 2021-05-07 - imports = [ - (mkRenamedOptionModule - [ "services" "gnome3" "glib-networking" "enable" ] - [ "services" "gnome" "glib-networking" "enable" ] - ) - ]; - ###### interface options = { services.gnome.glib-networking = { - enable = mkEnableOption (lib.mdDoc "network extensions for GLib"); + enable = lib.mkEnableOption "network extensions for GLib"; }; @@ -32,7 +22,7 @@ with lib; ###### implementation - config = mkIf config.services.gnome.glib-networking.enable { + config = lib.mkIf config.services.gnome.glib-networking.enable { services.dbus.packages = [ pkgs.glib-networking ]; diff --git a/nixpkgs/nixos/modules/services/desktops/gnome/gnome-browser-connector.nix b/nixpkgs/nixos/modules/services/desktops/gnome/gnome-browser-connector.nix index 4f680eabbe15..4f0c36883a3f 100644 --- a/nixpkgs/nixos/modules/services/desktops/gnome/gnome-browser-connector.nix +++ b/nixpkgs/nixos/modules/services/desktops/gnome/gnome-browser-connector.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: let - inherit (lib) mdDoc mkEnableOption mkIf mkRenamedOptionModule teams; + inherit (lib) mkEnableOption mkIf mkRenamedOptionModule teams; in { @@ -9,24 +9,11 @@ in maintainers = teams.gnome.members; }; - imports = [ - # Added 2021-05-07 - (mkRenamedOptionModule - [ "services" "gnome3" "chrome-gnome-shell" "enable" ] - [ "services" "gnome" "gnome-browser-connector" "enable" ] - ) - # Added 2022-07-25 - (mkRenamedOptionModule - [ "services" "gnome" "chrome-gnome-shell" "enable" ] - [ "services" "gnome" "gnome-browser-connector" "enable" ] - ) - ]; - options = { - services.gnome.gnome-browser-connector.enable = mkEnableOption (mdDoc '' + services.gnome.gnome-browser-connector.enable = mkEnableOption '' native host connector for the GNOME Shell browser extension, a DBus service allowing to install GNOME Shell extensions from a web browser - ''); + ''; }; config = mkIf config.services.gnome.gnome-browser-connector.enable { diff --git a/nixpkgs/nixos/modules/services/desktops/gnome/gnome-initial-setup.nix b/nixpkgs/nixos/modules/services/desktops/gnome/gnome-initial-setup.nix index 6eaf861e4974..8deb12ec18bf 100644 --- a/nixpkgs/nixos/modules/services/desktops/gnome/gnome-initial-setup.nix +++ b/nixpkgs/nixos/modules/services/desktops/gnome/gnome-initial-setup.nix @@ -2,8 +2,6 @@ { config, pkgs, lib, ... }: -with lib; - let # GNOME initial setup's run is conditioned on whether @@ -45,24 +43,16 @@ in { meta = { - maintainers = teams.gnome.members; + maintainers = lib.teams.gnome.members; }; - # Added 2021-05-07 - imports = [ - (mkRenamedOptionModule - [ "services" "gnome3" "gnome-initial-setup" "enable" ] - [ "services" "gnome" "gnome-initial-setup" "enable" ] - ) - ]; - ###### interface options = { services.gnome.gnome-initial-setup = { - enable = mkEnableOption (lib.mdDoc "GNOME Initial Setup, a Simple, easy, and safe way to prepare a new system"); + enable = lib.mkEnableOption "GNOME Initial Setup, a Simple, easy, and safe way to prepare a new system"; }; @@ -71,12 +61,12 @@ in ###### implementation - config = mkIf config.services.gnome.gnome-initial-setup.enable { + config = lib.mkIf config.services.gnome.gnome-initial-setup.enable { environment.systemPackages = [ pkgs.gnome.gnome-initial-setup ] - ++ optional (versionOlder config.system.stateVersion "20.03") createGisStampFilesAutostart + ++ lib.optional (lib.versionOlder config.system.stateVersion "20.03") createGisStampFilesAutostart ; systemd.packages = [ diff --git a/nixpkgs/nixos/modules/services/desktops/gnome/gnome-keyring.nix b/nixpkgs/nixos/modules/services/desktops/gnome/gnome-keyring.nix index 6c7e713b32d5..79bce0ade2fc 100644 --- a/nixpkgs/nixos/modules/services/desktops/gnome/gnome-keyring.nix +++ b/nixpkgs/nixos/modules/services/desktops/gnome/gnome-keyring.nix @@ -2,32 +2,22 @@ { config, pkgs, lib, ... }: -with lib; - { meta = { - maintainers = teams.gnome.members; + maintainers = lib.teams.gnome.members; }; - # Added 2021-05-07 - imports = [ - (mkRenamedOptionModule - [ "services" "gnome3" "gnome-keyring" "enable" ] - [ "services" "gnome" "gnome-keyring" "enable" ] - ) - ]; - ###### interface options = { services.gnome.gnome-keyring = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable GNOME Keyring daemon, a service designed to take care of the user's security credentials, such as user names and passwords. @@ -41,7 +31,7 @@ with lib; ###### implementation - config = mkIf config.services.gnome.gnome-keyring.enable { + config = lib.mkIf config.services.gnome.gnome-keyring.enable { environment.systemPackages = [ pkgs.gnome.gnome-keyring ]; diff --git a/nixpkgs/nixos/modules/services/desktops/gnome/gnome-online-accounts.nix b/nixpkgs/nixos/modules/services/desktops/gnome/gnome-online-accounts.nix index ed5e000cae3e..de3c3789594a 100644 --- a/nixpkgs/nixos/modules/services/desktops/gnome/gnome-online-accounts.nix +++ b/nixpkgs/nixos/modules/services/desktops/gnome/gnome-online-accounts.nix @@ -2,32 +2,22 @@ { config, pkgs, lib, ... }: -with lib; - { meta = { - maintainers = teams.gnome.members; + maintainers = lib.teams.gnome.members; }; - # Added 2021-05-07 - imports = [ - (mkRenamedOptionModule - [ "services" "gnome3" "gnome-online-accounts" "enable" ] - [ "services" "gnome" "gnome-online-accounts" "enable" ] - ) - ]; - ###### interface options = { services.gnome.gnome-online-accounts = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable GNOME Online Accounts daemon, a service that provides a single sign-on framework for the GNOME desktop. ''; @@ -40,7 +30,7 @@ with lib; ###### implementation - config = mkIf config.services.gnome.gnome-online-accounts.enable { + config = lib.mkIf config.services.gnome.gnome-online-accounts.enable { environment.systemPackages = [ pkgs.gnome-online-accounts ]; diff --git a/nixpkgs/nixos/modules/services/desktops/gnome/gnome-online-miners.nix b/nixpkgs/nixos/modules/services/desktops/gnome/gnome-online-miners.nix index 7cf1bfa1b046..9496752ed3a2 100644 --- a/nixpkgs/nixos/modules/services/desktops/gnome/gnome-online-miners.nix +++ b/nixpkgs/nixos/modules/services/desktops/gnome/gnome-online-miners.nix @@ -2,32 +2,22 @@ { config, pkgs, lib, ... }: -with lib; - { meta = { - maintainers = teams.gnome.members; + maintainers = lib.teams.gnome.members; }; - # Added 2021-05-07 - imports = [ - (mkRenamedOptionModule - [ "services" "gnome3" "gnome-online-miners" "enable" ] - [ "services" "gnome" "gnome-online-miners" "enable" ] - ) - ]; - ###### interface options = { services.gnome.gnome-online-miners = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable GNOME Online Miners, a service that crawls through your online content. ''; @@ -40,7 +30,7 @@ with lib; ###### implementation - config = mkIf config.services.gnome.gnome-online-miners.enable { + config = lib.mkIf config.services.gnome.gnome-online-miners.enable { environment.systemPackages = [ pkgs.gnome.gnome-online-miners ]; diff --git a/nixpkgs/nixos/modules/services/desktops/gnome/gnome-remote-desktop.nix b/nixpkgs/nixos/modules/services/desktops/gnome/gnome-remote-desktop.nix index 0a5b67eb2722..b56027b6eb4b 100644 --- a/nixpkgs/nixos/modules/services/desktops/gnome/gnome-remote-desktop.nix +++ b/nixpkgs/nixos/modules/services/desktops/gnome/gnome-remote-desktop.nix @@ -1,30 +1,20 @@ # Remote desktop daemon using Pipewire. { config, lib, pkgs, ... }: -with lib; - { meta = { - maintainers = teams.gnome.members; + maintainers = lib.teams.gnome.members; }; - # Added 2021-05-07 - imports = [ - (mkRenamedOptionModule - [ "services" "gnome3" "gnome-remote-desktop" "enable" ] - [ "services" "gnome" "gnome-remote-desktop" "enable" ] - ) - ]; - ###### interface options = { services.gnome.gnome-remote-desktop = { - enable = mkEnableOption (lib.mdDoc "Remote Desktop support using Pipewire"); + enable = lib.mkEnableOption "Remote Desktop support using Pipewire"; }; }; ###### implementation - config = mkIf config.services.gnome.gnome-remote-desktop.enable { + config = lib.mkIf config.services.gnome.gnome-remote-desktop.enable { services.pipewire.enable = true; systemd.packages = [ pkgs.gnome.gnome-remote-desktop ]; diff --git a/nixpkgs/nixos/modules/services/desktops/gnome/gnome-settings-daemon.nix b/nixpkgs/nixos/modules/services/desktops/gnome/gnome-settings-daemon.nix index ca739b06a5a5..30b35f669092 100644 --- a/nixpkgs/nixos/modules/services/desktops/gnome/gnome-settings-daemon.nix +++ b/nixpkgs/nixos/modules/services/desktops/gnome/gnome-settings-daemon.nix @@ -2,8 +2,6 @@ { config, lib, pkgs, ... }: -with lib; - let cfg = config.services.gnome.gnome-settings-daemon; @@ -13,28 +11,16 @@ in { meta = { - maintainers = teams.gnome.members; + maintainers = lib.teams.gnome.members; }; - imports = [ - (mkRemovedOptionModule - ["services" "gnome3" "gnome-settings-daemon" "package"] - "") - - # Added 2021-05-07 - (mkRenamedOptionModule - [ "services" "gnome3" "gnome-settings-daemon" "enable" ] - [ "services" "gnome" "gnome-settings-daemon" "enable" ] - ) - ]; - ###### interface options = { services.gnome.gnome-settings-daemon = { - enable = mkEnableOption (lib.mdDoc "GNOME Settings Daemon"); + enable = lib.mkEnableOption "GNOME Settings Daemon"; }; @@ -43,7 +29,7 @@ in ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.systemPackages = [ pkgs.gnome.gnome-settings-daemon diff --git a/nixpkgs/nixos/modules/services/desktops/gnome/gnome-user-share.nix b/nixpkgs/nixos/modules/services/desktops/gnome/gnome-user-share.nix index 0c88d13b343d..2c6d94b7bdfc 100644 --- a/nixpkgs/nixos/modules/services/desktops/gnome/gnome-user-share.nix +++ b/nixpkgs/nixos/modules/services/desktops/gnome/gnome-user-share.nix @@ -2,29 +2,19 @@ { config, pkgs, lib, ... }: -with lib; - { meta = { - maintainers = teams.gnome.members; + maintainers = lib.teams.gnome.members; }; - imports = [ - # Added 2021-05-07 - (mkRenamedOptionModule - [ "services" "gnome3" "gnome-user-share" "enable" ] - [ "services" "gnome" "gnome-user-share" "enable" ] - ) - ]; - ###### interface options = { services.gnome.gnome-user-share = { - enable = mkEnableOption (lib.mdDoc "GNOME User Share, a user-level file sharing service for GNOME"); + enable = lib.mkEnableOption "GNOME User Share, a user-level file sharing service for GNOME"; }; @@ -33,7 +23,7 @@ with lib; ###### implementation - config = mkIf config.services.gnome.gnome-user-share.enable { + config = lib.mkIf config.services.gnome.gnome-user-share.enable { environment.systemPackages = [ pkgs.gnome.gnome-user-share diff --git a/nixpkgs/nixos/modules/services/desktops/gnome/rygel.nix b/nixpkgs/nixos/modules/services/desktops/gnome/rygel.nix index 9c0faaa4885b..c980b239d521 100644 --- a/nixpkgs/nixos/modules/services/desktops/gnome/rygel.nix +++ b/nixpkgs/nixos/modules/services/desktops/gnome/rygel.nix @@ -1,38 +1,28 @@ # rygel service. { config, lib, pkgs, ... }: -with lib; - { meta = { - maintainers = teams.gnome.members; + maintainers = lib.teams.gnome.members; }; - imports = [ - # Added 2021-05-07 - (mkRenamedOptionModule - [ "services" "gnome3" "rygel" "enable" ] - [ "services" "gnome" "rygel" "enable" ] - ) - ]; - ###### interface options = { services.gnome.rygel = { - enable = mkOption { + enable = lib.mkOption { default = false; - description = lib.mdDoc '' + description = '' Whether to enable Rygel UPnP Mediaserver. You will need to also allow UPnP connections in firewall, see the following [comment](https://github.com/NixOS/nixpkgs/pull/45045#issuecomment-416030795). ''; - type = types.bool; + type = lib.types.bool; }; }; }; ###### implementation - config = mkIf config.services.gnome.rygel.enable { + config = lib.mkIf config.services.gnome.rygel.enable { environment.systemPackages = [ pkgs.gnome.rygel ]; services.dbus.packages = [ pkgs.gnome.rygel ]; diff --git a/nixpkgs/nixos/modules/services/desktops/gnome/sushi.nix b/nixpkgs/nixos/modules/services/desktops/gnome/sushi.nix index 446851f434d8..946030e4bb22 100644 --- a/nixpkgs/nixos/modules/services/desktops/gnome/sushi.nix +++ b/nixpkgs/nixos/modules/services/desktops/gnome/sushi.nix @@ -2,32 +2,22 @@ { config, lib, pkgs, ... }: -with lib; - { meta = { - maintainers = teams.gnome.members; + maintainers = lib.teams.gnome.members; }; - imports = [ - # Added 2021-05-07 - (mkRenamedOptionModule - [ "services" "gnome3" "sushi" "enable" ] - [ "services" "gnome" "sushi" "enable" ] - ) - ]; - ###### interface options = { services.gnome.sushi = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable Sushi, a quick previewer for nautilus. ''; }; @@ -39,7 +29,7 @@ with lib; ###### implementation - config = mkIf config.services.gnome.sushi.enable { + config = lib.mkIf config.services.gnome.sushi.enable { environment.systemPackages = [ pkgs.gnome.sushi ]; diff --git a/nixpkgs/nixos/modules/services/desktops/gnome/tracker-miners.nix b/nixpkgs/nixos/modules/services/desktops/gnome/tracker-miners.nix index a3c58f374208..d5d42cee9f8b 100644 --- a/nixpkgs/nixos/modules/services/desktops/gnome/tracker-miners.nix +++ b/nixpkgs/nixos/modules/services/desktops/gnome/tracker-miners.nix @@ -2,32 +2,22 @@ { config, pkgs, lib, ... }: -with lib; - { meta = { - maintainers = teams.gnome.members; + maintainers = lib.teams.gnome.members; }; - imports = [ - # Added 2021-05-07 - (mkRenamedOptionModule - [ "services" "gnome3" "tracker-miners" "enable" ] - [ "services" "gnome" "tracker-miners" "enable" ] - ) - ]; - ###### interface options = { services.gnome.tracker-miners = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable Tracker miners, indexing services for Tracker search engine and metadata storage system. ''; @@ -39,7 +29,7 @@ with lib; ###### implementation - config = mkIf config.services.gnome.tracker-miners.enable { + config = lib.mkIf config.services.gnome.tracker-miners.enable { environment.systemPackages = [ pkgs.tracker-miners ]; diff --git a/nixpkgs/nixos/modules/services/desktops/gnome/tracker.nix b/nixpkgs/nixos/modules/services/desktops/gnome/tracker.nix index e6404c84a26f..45b679571c70 100644 --- a/nixpkgs/nixos/modules/services/desktops/gnome/tracker.nix +++ b/nixpkgs/nixos/modules/services/desktops/gnome/tracker.nix @@ -2,45 +2,35 @@ { config, pkgs, lib, ... }: -with lib; - let cfg = config.services.gnome.tracker; in { meta = { - maintainers = teams.gnome.members; + maintainers = lib.teams.gnome.members; }; - imports = [ - # Added 2021-05-07 - (mkRenamedOptionModule - [ "services" "gnome3" "tracker" "enable" ] - [ "services" "gnome" "tracker" "enable" ] - ) - ]; - ###### interface options = { services.gnome.tracker = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable Tracker services, a search engine, search tool and metadata storage system. ''; }; - subcommandPackages = mkOption { - type = types.listOf types.package; + subcommandPackages = lib.mkOption { + type = lib.types.listOf lib.types.package; default = [ ]; internal = true; - description = lib.mdDoc '' + description = '' List of packages containing tracker3 subcommands. ''; }; @@ -52,7 +42,7 @@ in ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.systemPackages = [ pkgs.tracker ]; diff --git a/nixpkgs/nixos/modules/services/desktops/gsignond.nix b/nixpkgs/nixos/modules/services/desktops/gsignond.nix index cf80fd75452b..465acd73fa64 100644 --- a/nixpkgs/nixos/modules/services/desktops/gsignond.nix +++ b/nixpkgs/nixos/modules/services/desktops/gsignond.nix @@ -20,7 +20,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable gSignOn daemon, a DBus service which performs user authentication on behalf of its clients. ''; @@ -29,7 +29,7 @@ in plugins = mkOption { type = types.listOf types.package; default = []; - description = lib.mdDoc '' + description = '' What plugins to use with the gSignOn daemon. ''; }; diff --git a/nixpkgs/nixos/modules/services/desktops/gvfs.nix b/nixpkgs/nixos/modules/services/desktops/gvfs.nix index a4770d703f54..8a02cdd4a650 100644 --- a/nixpkgs/nixos/modules/services/desktops/gvfs.nix +++ b/nixpkgs/nixos/modules/services/desktops/gvfs.nix @@ -2,8 +2,6 @@ { config, lib, pkgs, ... }: -with lib; - let cfg = config.services.gvfs; @@ -13,26 +11,19 @@ in { meta = { - maintainers = teams.gnome.members; + maintainers = lib.teams.gnome.members; }; - # Added 2019-08-19 - imports = [ - (mkRenamedOptionModule - [ "services" "gnome3" "gvfs" "enable" ] - [ "services" "gvfs" "enable" ]) - ]; - ###### interface options = { services.gvfs = { - enable = mkEnableOption (lib.mdDoc "GVfs, a userspace virtual filesystem"); + enable = lib.mkEnableOption "GVfs, a userspace virtual filesystem"; # gvfs can be built with multiple configurations - package = mkPackageOption pkgs [ "gnome" "gvfs" ] { }; + package = lib.mkPackageOption pkgs [ "gnome" "gvfs" ] { }; }; @@ -41,7 +32,7 @@ in ###### implementation - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { environment.systemPackages = [ cfg.package ]; diff --git a/nixpkgs/nixos/modules/services/desktops/malcontent.nix b/nixpkgs/nixos/modules/services/desktops/malcontent.nix index 27b4577f4c2a..1fbeb17e6aeb 100644 --- a/nixpkgs/nixos/modules/services/desktops/malcontent.nix +++ b/nixpkgs/nixos/modules/services/desktops/malcontent.nix @@ -12,7 +12,7 @@ with lib; services.malcontent = { - enable = mkEnableOption (lib.mdDoc "Malcontent, parental control support for applications"); + enable = mkEnableOption "Malcontent, parental control support for applications"; }; diff --git a/nixpkgs/nixos/modules/services/desktops/neard.nix b/nixpkgs/nixos/modules/services/desktops/neard.nix index 9130b8d3d216..5459d2e5a1e5 100644 --- a/nixpkgs/nixos/modules/services/desktops/neard.nix +++ b/nixpkgs/nixos/modules/services/desktops/neard.nix @@ -7,7 +7,7 @@ with lib; ###### interface options = { services.neard = { - enable = mkEnableOption (lib.mdDoc "neard, NFC daemon"); + enable = mkEnableOption "neard, an NFC daemon"; }; }; diff --git a/nixpkgs/nixos/modules/services/desktops/pipewire/wireplumber.nix b/nixpkgs/nixos/modules/services/desktops/pipewire/wireplumber.nix index 6ab62eb03c25..c924801bcd8b 100644 --- a/nixpkgs/nixos/modules/services/desktops/pipewire/wireplumber.nix +++ b/nixpkgs/nixos/modules/services/desktops/pipewire/wireplumber.nix @@ -1,18 +1,40 @@ { config, lib, pkgs, ... }: let - inherit (builtins) attrNames concatMap length; + inherit (builtins) concatMap; inherit (lib) maintainers; - inherit (lib.attrsets) attrByPath filterAttrs; + inherit (lib.attrsets) attrByPath mapAttrsToList; inherit (lib.lists) flatten optional; inherit (lib.modules) mkIf; inherit (lib.options) literalExpression mkOption; - inherit (lib.strings) hasPrefix; - inherit (lib.types) bool listOf package; + inherit (lib.strings) concatStringsSep makeSearchPath; + inherit (lib.types) bool listOf attrsOf package lines; + inherit (lib.path) subpath; pwCfg = config.services.pipewire; cfg = pwCfg.wireplumber; pwUsedForAudio = pwCfg.audio.enable; + + json = pkgs.formats.json { }; + + configSectionsToConfFile = path: value: + pkgs.writeTextDir + path + (concatStringsSep "\n" ( + mapAttrsToList + (section: content: "${section} = " + (builtins.toJSON content)) + value + )); + + mapConfigToFiles = config: + mapAttrsToList + (name: value: configSectionsToConfFile "share/wireplumber/wireplumber.conf.d/${name}.conf" value) + config; + + mapScriptsToFiles = scripts: + mapAttrsToList + (relativePath: value: pkgs.writeTextDir (subpath.join ["share/wireplumber/scripts" relativePath]) value) + scripts; in { meta.maintainers = [ maintainers.k900 ]; @@ -33,6 +55,114 @@ in description = "The WirePlumber derivation to use."; }; + extraConfig = mkOption { + # Two layer attrset is necessary before using JSON, because of the whole + # config file not being a JSON object, but a concatenation of JSON objects + # in sections. + type = attrsOf (attrsOf json.type); + default = { }; + example = literalExpression ''{ + "log-level-debug" = { + "context.properties" = { + # Output Debug log messages as opposed to only the default level (Notice) + "log.level" = "D"; + }; + }; + "wh-1000xm3-ldac-hq" = { + "monitor.bluez.rules" = [ + { + matches = [ + { + # Match any bluetooth device with ids equal to that of a WH-1000XM3 + "device.name" = "~bluez_card.*"; + "device.product.id" = "0x0cd3"; + "device.vendor.id" = "usb:054c"; + } + ]; + actions = { + update-props = { + # Set quality to high quality instead of the default of auto + "bluez5.a2dp.ldac.quality" = "hq"; + }; + }; + } + ]; + }; + }''; + description = '' + Additional configuration for the WirePlumber daemon when run in + single-instance mode (the default in nixpkgs and currently the only + supported way to run WirePlumber configured via `extraConfig`). + + See also: + - [The configuration file][docs-the-conf-file] + - [Modifying configuration][docs-modifying-config] + - [Locations of files][docs-file-locations] + - and the [configuration section][docs-config-section] of the docs in general + + Note that WirePlumber (and PipeWire) use dotted attribute names like + `device.product.id`. These are not nested, but flat objects for WirePlumber/PipeWire, + so to write these in nix expressions, remember to quote them like `"device.product.id"`. + Have a look at the example for this. + + [docs-the-conf-file]: https://pipewire.pages.freedesktop.org/wireplumber/daemon/configuration/conf_file.html + [docs-modifying-config]: https://pipewire.pages.freedesktop.org/wireplumber/daemon/configuration/modifying_configuration.html + [docs-file-locations]: https://pipewire.pages.freedesktop.org/wireplumber/daemon/configuration/locations.html + [docs-config-section]: https://pipewire.pages.freedesktop.org/wireplumber/daemon/configuration.html + ''; + }; + + extraScripts = mkOption { + type = attrsOf lines; + default = { }; + example = { + "test/hello-world.lua" = '' + print("Hello, world!") + ''; + }; + description = '' + Additional scripts for WirePlumber to be used by configuration files. + + Every item in this attrset becomes a separate lua file with the path + relative to the `scripts` directory specified in the name of the item. + The scripts get passed to the WirePlumber service via the `XDG_DATA_DIRS` + variable. Scripts specified here are preferred over those shipped with + WirePlumber if they occupy the same relative path. + + For a script to be loaded, it needs to be specified as part of a component, + and that component needs to be required by an active profile (e.g. `main`). + Components can be defined in config files either via `extraConfig` or `configPackages`. + + For the hello-world example, you'd have to add the following `extraConfig`: + ```nix + services.pipewire.wireplumber.extraConfig."99-hello-world" = { + "wireplumber.components" = [ + { + name = "test/hello-world.lua"; + type = "script/lua"; + provides = "custom.hello-world"; + } + ]; + + "wireplumber.profiles" = { + main = { + "custom.hello-world" = "required"; + }; + }; + }; + ``` + + See also: + - [Location of scripts][docs-file-locations-scripts] + - [Components & Profiles][docs-components-profiles] + - [Migration - Loading custom scripts][docs-migration-loading-custom-scripts] + + [docs-file-locations-scripts]: https://pipewire.pages.freedesktop.org/wireplumber/daemon/locations.html#location-of-scripts + [docs-components-profiles]: https://pipewire.pages.freedesktop.org/wireplumber/daemon/configuration/components_and_profiles.html + [docs-migration-loading-custom-scripts]: https://pipewire.pages.freedesktop.org/wireplumber/daemon/configuration/migration.html#loading-custom-scripts + ''; + }; + configPackages = mkOption { type = listOf package; default = [ ]; @@ -57,7 +187,7 @@ in extraLv2Packages = mkOption { type = listOf package; - default = []; + default = [ ]; example = literalExpression "[ pkgs.lsp-plugins ]"; description = '' List of packages that provide LV2 plugins in `lib/lv2` that should @@ -96,9 +226,22 @@ in } ''; + extraConfigPkg = pkgs.buildEnv { + name = "wireplumber-extra-config"; + paths = mapConfigToFiles cfg.extraConfig; + pathsToLink = [ "/share/wireplumber/wireplumber.conf.d" ]; + }; + + extraScriptsPkg = pkgs.buildEnv { + name = "wireplumber-extra-scrips"; + paths = mapScriptsToFiles cfg.extraScripts; + pathsToLink = [ "/share/wireplumber/scripts" ]; + }; + configPackages = cfg.configPackages - ++ optional (!pwUsedForAudio) pwNotForAudioConfigPkg - ++ optional pwCfg.systemWide systemwideConfigPkg; + ++ [ extraConfigPkg extraScriptsPkg ] + ++ optional (!pwUsedForAudio) pwNotForAudioConfigPkg + ++ optional pwCfg.systemWide systemwideConfigPkg; configs = pkgs.buildEnv { name = "wireplumber-configs"; @@ -110,7 +253,7 @@ in ( concatMap (p: - attrByPath ["passthru" "requiredLv2Packages"] [] p + attrByPath [ "passthru" "requiredLv2Packages" ] [ ] p ) configPackages ); @@ -127,24 +270,10 @@ in assertion = !config.hardware.bluetooth.hsphfpd.enable; message = "Using WirePlumber conflicts with hsphfpd, as it provides the same functionality. `hardware.bluetooth.hsphfpd.enable` needs be set to false"; } - { - assertion = length - (attrNames - ( - filterAttrs - (name: value: - hasPrefix "wireplumber/" name || name == "wireplumber" - ) - config.environment.etc - )) == 1; - message = "Using `environment.etc.\"wireplumber<...>\"` directly is no longer supported in 24.05. Use `services.pipewire.wireplumber.configPackages` instead."; - } ]; environment.systemPackages = [ cfg.package ]; - environment.etc.wireplumber.source = "${configs}/share/wireplumber"; - systemd.packages = [ cfg.package ]; systemd.services.wireplumber.enable = pwCfg.systemWide; @@ -156,10 +285,16 @@ in systemd.services.wireplumber.environment = mkIf pwCfg.systemWide { # Force WirePlumber to use system dbus. DBUS_SESSION_BUS_ADDRESS = "unix:path=/run/dbus/system_bus_socket"; + + # Make WirePlumber find our config/script files and lv2 plugins required by those + # (but also the configs/scripts shipped with WirePlumber) + XDG_DATA_DIRS = makeSearchPath "share" [ configs cfg.package ]; LV2_PATH = "${lv2Plugins}/lib/lv2"; }; - systemd.user.services.wireplumber.environment.LV2_PATH = - mkIf (!pwCfg.systemWide) "${lv2Plugins}/lib/lv2"; + systemd.user.services.wireplumber.environment = mkIf (!pwCfg.systemWide) { + XDG_DATA_DIRS = makeSearchPath "share" [ configs cfg.package ]; + LV2_PATH = "${lv2Plugins}/lib/lv2"; + }; }; } diff --git a/nixpkgs/nixos/modules/services/desktops/profile-sync-daemon.nix b/nixpkgs/nixos/modules/services/desktops/profile-sync-daemon.nix index e307c6735004..6206295272fc 100644 --- a/nixpkgs/nixos/modules/services/desktops/profile-sync-daemon.nix +++ b/nixpkgs/nixos/modules/services/desktops/profile-sync-daemon.nix @@ -9,7 +9,7 @@ in { enable = mkOption { type = bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the Profile Sync daemon. ''; }; @@ -17,7 +17,7 @@ in { type = str; default = "1h"; example = "1h 30min"; - description = lib.mdDoc '' + description = '' The amount of time to wait before syncing browser profiles back to the disk. diff --git a/nixpkgs/nixos/modules/services/desktops/seatd.nix b/nixpkgs/nixos/modules/services/desktops/seatd.nix index 51977dfd2153..fb20750f0429 100644 --- a/nixpkgs/nixos/modules/services/desktops/seatd.nix +++ b/nixpkgs/nixos/modules/services/desktops/seatd.nix @@ -2,28 +2,28 @@ let cfg = config.services.seatd; - inherit (lib) mkEnableOption mkOption mdDoc types; + inherit (lib) mkEnableOption mkOption types; in { meta.maintainers = with lib.maintainers; [ sinanmohd ]; options.services.seatd = { - enable = mkEnableOption (mdDoc "seatd"); + enable = mkEnableOption "seatd"; user = mkOption { type = types.str; default = "root"; - description = mdDoc "User to own the seatd socket"; + description = "User to own the seatd socket"; }; group = mkOption { type = types.str; default = "seat"; - description = mdDoc "Group to own the seatd socket"; + description = "Group to own the seatd socket"; }; logLevel = mkOption { type = types.enum [ "debug" "info" "error" "silent" ]; default = "info"; - description = mdDoc "Logging verbosity"; + description = "Logging verbosity"; }; }; diff --git a/nixpkgs/nixos/modules/services/desktops/system-config-printer.nix b/nixpkgs/nixos/modules/services/desktops/system-config-printer.nix index caebfabf146c..55f27b0e6534 100644 --- a/nixpkgs/nixos/modules/services/desktops/system-config-printer.nix +++ b/nixpkgs/nixos/modules/services/desktops/system-config-printer.nix @@ -10,7 +10,7 @@ with lib; services.system-config-printer = { - enable = mkEnableOption (lib.mdDoc "system-config-printer, a service for CUPS administration used by printing interfaces"); + enable = mkEnableOption "system-config-printer, a service for CUPS administration used by printing interfaces"; }; diff --git a/nixpkgs/nixos/modules/services/desktops/system76-scheduler.nix b/nixpkgs/nixos/modules/services/desktops/system76-scheduler.nix index 267b528cc5dd..b021ae6bfbfa 100644 --- a/nixpkgs/nixos/modules/services/desktops/system76-scheduler.nix +++ b/nixpkgs/nixos/modules/services/desktops/system76-scheduler.nix @@ -4,7 +4,7 @@ let cfg = config.services.system76-scheduler; inherit (builtins) concatStringsSep map toString attrNames; - inherit (lib) boolToString types mkOption literalExpression mdDoc optional mkIf mkMerge; + inherit (lib) boolToString types mkOption literalExpression optional mkIf mkMerge; inherit (types) nullOr listOf bool int ints float str enum; withDefaults = optionSpecs: defaults: @@ -16,49 +16,49 @@ let latencyProfile = withDefaults { latency = { type = int; - description = mdDoc "`sched_latency_ns`."; + description = "`sched_latency_ns`."; }; nr-latency = { type = int; - description = mdDoc "`sched_nr_latency`."; + description = "`sched_nr_latency`."; }; wakeup-granularity = { type = float; - description = mdDoc "`sched_wakeup_granularity_ns`."; + description = "`sched_wakeup_granularity_ns`."; }; bandwidth-size = { type = int; - description = mdDoc "`sched_cfs_bandwidth_slice_us`."; + description = "`sched_cfs_bandwidth_slice_us`."; }; preempt = { type = enum [ "none" "voluntary" "full" ]; - description = mdDoc "Preemption mode."; + description = "Preemption mode."; }; }; schedulerProfile = withDefaults { nice = { type = nullOr (ints.between (-20) 19); - description = mdDoc "Niceness."; + description = "Niceness."; }; class = { type = nullOr (enum [ "idle" "batch" "other" "rr" "fifo" ]); example = literalExpression "\"batch\""; - description = mdDoc "CPU scheduler class."; + description = "CPU scheduler class."; }; prio = { type = nullOr (ints.between 1 99); example = literalExpression "49"; - description = mdDoc "CPU scheduler priority."; + description = "CPU scheduler priority."; }; ioClass = { type = nullOr (enum [ "idle" "best-effort" "realtime" ]); example = literalExpression "\"best-effort\""; - description = mdDoc "IO scheduler class."; + description = "IO scheduler class."; }; ioPrio = { type = nullOr (ints.between 0 7); example = literalExpression "4"; - description = mdDoc "IO scheduler priority."; + description = "IO scheduler priority."; }; matchers = { type = nullOr (listOf str); @@ -69,7 +69,7 @@ let "emacs" ] ''; - description = mdDoc "Process matchers."; + description = "Process matchers."; }; }; @@ -91,19 +91,19 @@ let in { options = { services.system76-scheduler = { - enable = lib.mkEnableOption (lib.mdDoc "system76-scheduler"); + enable = lib.mkEnableOption "system76-scheduler"; package = mkOption { type = types.package; default = config.boot.kernelPackages.system76-scheduler; defaultText = literalExpression "config.boot.kernelPackages.system76-scheduler"; - description = mdDoc "Which System76-Scheduler package to use."; + description = "Which System76-Scheduler package to use."; }; useStockConfig = mkOption { type = bool; default = true; - description = mdDoc '' + description = '' Use the (reasonable and featureful) stock configuration. When this option is `true`, `services.system76-scheduler.settings` @@ -116,7 +116,7 @@ in { enable = mkOption { type = bool; default = true; - description = mdDoc "Tweak CFS latency parameters when going on/off battery"; + description = "Tweak CFS latency parameters when going on/off battery"; }; default = latencyProfile { @@ -139,26 +139,26 @@ in { enable = mkOption { type = bool; default = true; - description = mdDoc "Tweak scheduling of individual processes in real time."; + description = "Tweak scheduling of individual processes in real time."; }; useExecsnoop = mkOption { type = bool; default = true; - description = mdDoc "Use execsnoop (otherwise poll the precess list periodically)."; + description = "Use execsnoop (otherwise poll the precess list periodically)."; }; refreshInterval = mkOption { type = int; default = 60; - description = mdDoc "Process list poll interval, in seconds"; + description = "Process list poll interval, in seconds"; }; foregroundBoost = { enable = mkOption { type = bool; default = true; - description = mdDoc '' + description = '' Boost foreground process priorities. (And de-boost background ones). Note that this option needs cooperation @@ -181,7 +181,7 @@ in { enable = mkOption { type = bool; default = true; - description = mdDoc "Boost Pipewire client priorities."; + description = "Boost Pipewire client priorities."; }; profile = schedulerProfile { nice = -6; @@ -209,7 +209,7 @@ in { }; } ''; - description = mdDoc "Process profile assignments."; + description = "Process profile assignments."; }; exceptions = mkOption { @@ -221,7 +221,7 @@ in { "schedtool" ] ''; - description = mdDoc "Processes that are left alone."; + description = "Processes that are left alone."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/desktops/telepathy.nix b/nixpkgs/nixos/modules/services/desktops/telepathy.nix index cdc6eb26de7e..b5f6a5fcbcfd 100644 --- a/nixpkgs/nixos/modules/services/desktops/telepathy.nix +++ b/nixpkgs/nixos/modules/services/desktops/telepathy.nix @@ -19,7 +19,7 @@ with lib; enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable Telepathy service, a communications framework that enables real-time communication via pluggable protocol backends. ''; diff --git a/nixpkgs/nixos/modules/services/desktops/tumbler.nix b/nixpkgs/nixos/modules/services/desktops/tumbler.nix index 203071ec660d..f5341df2f7a4 100644 --- a/nixpkgs/nixos/modules/services/desktops/tumbler.nix +++ b/nixpkgs/nixos/modules/services/desktops/tumbler.nix @@ -28,7 +28,7 @@ in services.tumbler = { - enable = mkEnableOption (lib.mdDoc "Tumbler, A D-Bus thumbnailer service"); + enable = mkEnableOption "Tumbler, A D-Bus thumbnailer service"; }; diff --git a/nixpkgs/nixos/modules/services/desktops/zeitgeist.nix b/nixpkgs/nixos/modules/services/desktops/zeitgeist.nix index 0eb2a4c9c371..f170e90a2a41 100644 --- a/nixpkgs/nixos/modules/services/desktops/zeitgeist.nix +++ b/nixpkgs/nixos/modules/services/desktops/zeitgeist.nix @@ -14,7 +14,7 @@ with lib; options = { services.zeitgeist = { - enable = mkEnableOption (lib.mdDoc "zeitgeist"); + enable = mkEnableOption "zeitgeist, a service which logs the users' activities and events"; }; }; diff --git a/nixpkgs/nixos/modules/services/development/athens.nix b/nixpkgs/nixos/modules/services/development/athens.nix index 34f8964a3bd5..55ec065f1689 100644 --- a/nixpkgs/nixos/modules/services/development/athens.nix +++ b/nixpkgs/nixos/modules/services/development/athens.nix @@ -157,13 +157,13 @@ in }; options.services.athens = { - enable = mkEnableOption (lib.mdDoc "Go module datastore and proxy"); + enable = mkEnableOption "Go module datastore and proxy"; package = mkOption { default = pkgs.athens; defaultText = literalExpression "pkgs.athens"; example = "pkgs.athens"; - description = lib.mdDoc "Which athens derivation to use"; + description = "Which athens derivation to use"; type = types.package; }; @@ -172,7 +172,7 @@ in default = pkgs.go; defaultText = literalExpression "pkgs.go"; example = "pkgs.go_1_21"; - description = lib.mdDoc '' + description = '' The Go package used by Athens at runtime. Athens primarily runs two Go commands: @@ -183,14 +183,14 @@ in goEnv = mkOption { type = types.enum [ "development" "production" ]; - description = lib.mdDoc "Specifies the type of environment to run. One of 'development' or 'production'."; + description = "Specifies the type of environment to run. One of 'development' or 'production'."; default = "development"; example = "production"; }; goBinaryEnvVars = mkOption { type = types.attrs; - description = lib.mdDoc "Environment variables to pass to the Go binary."; + description = "Environment variables to pass to the Go binary."; example = '' { "GOPROXY" = "direct", "GODEBUG" = "true" } ''; @@ -199,14 +199,14 @@ in goGetWorkers = mkOption { type = types.int; - description = lib.mdDoc "Number of workers concurrently downloading modules."; + description = "Number of workers concurrently downloading modules."; default = 10; example = 32; }; goGetDir = mkOption { type = types.nullOr types.path; - description = lib.mdDoc '' + description = '' Temporary directory that Athens will use to fetch modules from VCS prior to persisting them to a storage backend. @@ -220,13 +220,13 @@ in protocolWorkers = mkOption { type = types.int; - description = lib.mdDoc "Number of workers concurrently serving protocol paths."; + description = "Number of workers concurrently serving protocol paths."; default = 30; }; logLevel = mkOption { type = types.nullOr (types.enum [ "panic" "fatal" "error" "warning" "info" "debug" "trace" ]); - description = lib.mdDoc '' + description = '' Log level for Athens. Supports all logrus log levels (https://github.com/Sirupsen/logrus#level-logging)". ''; @@ -236,7 +236,7 @@ in cloudRuntime = mkOption { type = types.enum [ "GCP" "none" ]; - description = lib.mdDoc '' + description = '' Specifies the Cloud Provider on which the Proxy/registry is running. ''; default = "none"; @@ -245,20 +245,20 @@ in enablePprof = mkOption { type = types.bool; - description = lib.mdDoc "Enable pprof endpoints."; + description = "Enable pprof endpoints."; default = false; }; pprofPort = mkOption { type = types.port; - description = lib.mdDoc "Port number for pprof endpoints."; + description = "Port number for pprof endpoints."; default = 3301; example = 443; }; filterFile = mkOption { type = types.nullOr types.path; - description = lib.mdDoc ''Filename for the include exclude filter.''; + description = ''Filename for the include exclude filter.''; default = null; example = literalExpression '' pkgs.writeText "filterFile" ''' @@ -271,34 +271,34 @@ in robotsFile = mkOption { type = types.nullOr types.path; - description = lib.mdDoc ''Provides /robots.txt for net crawlers.''; + description = ''Provides /robots.txt for net crawlers.''; default = null; example = literalExpression ''pkgs.writeText "robots.txt" "# my custom robots.txt ..."''; }; timeout = mkOption { type = types.int; - description = lib.mdDoc "Timeout for external network calls in seconds."; + description = "Timeout for external network calls in seconds."; default = 300; example = 3; }; storageType = mkOption { type = types.enum [ "memory" "disk" "mongo" "gcp" "minio" "s3" "azureblob" "external" ]; - description = lib.mdDoc "Specifies the type of storage backend to use."; + description = "Specifies the type of storage backend to use."; default = "disk"; }; tlsCertFile = mkOption { type = types.nullOr types.path; - description = lib.mdDoc "Path to the TLS certificate file."; + description = "Path to the TLS certificate file."; default = null; example = "/etc/ssl/certs/athens.crt"; }; tlsKeyFile = mkOption { type = types.nullOr types.path; - description = lib.mdDoc "Path to the TLS key file."; + description = "Path to the TLS key file."; default = null; example = "/etc/ssl/certs/athens.key"; }; @@ -306,7 +306,7 @@ in port = mkOption { type = types.port; default = 3000; - description = lib.mdDoc '' + description = '' Port number Athens listens on. ''; example = 443; @@ -314,7 +314,7 @@ in unixSocket = mkOption { type = types.nullOr types.path; - description = lib.mdDoc '' + description = '' Path to the unix socket file. If set, Athens will listen on the unix socket instead of TCP socket. ''; @@ -324,7 +324,7 @@ in globalEndpoint = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Endpoint for a package registry in case of a proxy cache miss. ''; default = ""; @@ -333,7 +333,7 @@ in basicAuthUser = mkOption { type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' Username for basic auth. ''; default = null; @@ -342,7 +342,7 @@ in basicAuthPass = mkOption { type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' Password for basic auth. Warning: this is stored in plain text in the config file. ''; default = null; @@ -351,7 +351,7 @@ in forceSSL = mkOption { type = types.bool; - description = lib.mdDoc '' + description = '' Force SSL redirects for incoming requests. ''; default = false; @@ -359,7 +359,7 @@ in validatorHook = mkOption { type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' Endpoint to validate modules against. Not used if empty. @@ -370,7 +370,7 @@ in pathPrefix = mkOption { type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' Sets basepath for all routes. ''; default = null; @@ -379,7 +379,7 @@ in netrcPath = mkOption { type = types.nullOr types.path; - description = lib.mdDoc '' + description = '' Path to the .netrc file. ''; default = null; @@ -388,7 +388,7 @@ in githubToken = mkOption { type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' Creates .netrc file with the given token to be used for GitHub. Warning: this is stored in plain text in the config file. ''; @@ -398,7 +398,7 @@ in hgrcPath = mkOption { type = types.nullOr types.path; - description = lib.mdDoc '' + description = '' Path to the .hgrc file. ''; default = null; @@ -407,7 +407,7 @@ in traceExporter = mkOption { type = types.nullOr (types.enum [ "jaeger" "datadog" ]); - description = lib.mdDoc '' + description = '' Trace exporter to use. ''; default = null; @@ -415,7 +415,7 @@ in traceExporterURL = mkOption { type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' URL endpoint that traces will be sent to. ''; default = null; @@ -424,13 +424,13 @@ in statsExporter = mkOption { type = types.nullOr (types.enum [ "prometheus" ]); - description = lib.mdDoc "Stats exporter to use."; + description = "Stats exporter to use."; default = null; }; sumDBs = mkOption { type = types.listOf types.str; - description = lib.mdDoc '' + description = '' List of fully qualified URLs that Athens will proxy that the go command can use a checksum verifier. ''; @@ -439,7 +439,7 @@ in noSumPatterns = mkOption { type = types.listOf types.str; - description = lib.mdDoc '' + description = '' List of patterns that Athens sum db proxy will return a 403 for. ''; default = [ ]; @@ -448,7 +448,7 @@ in downloadMode = mkOption { type = types.oneOf [ (types.enum [ "sync" "async" "redirect" "async_redirect" "none" ]) (types.strMatching "^file:.*$|^custom:.*$") ]; - description = lib.mdDoc '' + description = '' Defines how Athens behaves when a module@version is not found in storage. There are 7 options: 1. "sync": download the module synchronously and @@ -472,7 +472,7 @@ in networkMode = mkOption { type = types.enum [ "strict" "offline" "fallback" ]; - description = lib.mdDoc '' + description = '' Configures how Athens will return the results of the /list endpoint as it can be assembled from both its own storage and the upstream VCS. @@ -492,13 +492,13 @@ in downloadURL = mkOption { type = types.str; - description = lib.mdDoc "URL used if DownloadMode is set to redirect."; + description = "URL used if DownloadMode is set to redirect."; default = "https://proxy.golang.org"; }; singleFlightType = mkOption { type = types.enum [ "memory" "etcd" "redis" "redis-sentinel" "gcp" "azureblob" ]; - description = lib.mdDoc '' + description = '' Determines what mechanism Athens uses to manage concurrency flowing into the Athens backend. ''; default = "memory"; @@ -506,7 +506,7 @@ in indexType = mkOption { type = types.enum [ "none" "memory" "mysql" "postgres" ]; - description = lib.mdDoc '' + description = '' Type of index backend Athens will use. ''; default = "none"; @@ -514,7 +514,7 @@ in shutdownTimeout = mkOption { type = types.int; - description = lib.mdDoc '' + description = '' Number of seconds to wait for the server to shutdown gracefully. ''; default = 60; @@ -525,7 +525,7 @@ in etcd = { endpoints = mkOption { type = types.listOf types.str; - description = lib.mdDoc "URLs that determine all distributed etcd servers."; + description = "URLs that determine all distributed etcd servers."; default = [ ]; example = [ "localhost:2379" ]; }; @@ -533,13 +533,13 @@ in redis = { endpoint = mkOption { type = types.str; - description = lib.mdDoc "URL of the redis server."; + description = "URL of the redis server."; default = ""; example = "localhost:6379"; }; password = mkOption { type = types.str; - description = lib.mdDoc "Password for the redis server. Warning: this is stored in plain text in the config file."; + description = "Password for the redis server. Warning: this is stored in plain text in the config file."; default = ""; example = "swordfish"; }; @@ -547,19 +547,19 @@ in lockConfig = { ttl = mkOption { type = types.int; - description = lib.mdDoc "TTL for the lock in seconds."; + description = "TTL for the lock in seconds."; default = 900; example = 1; }; timeout = mkOption { type = types.int; - description = lib.mdDoc "Timeout for the lock in seconds."; + description = "Timeout for the lock in seconds."; default = 15; example = 1; }; maxRetries = mkOption { type = types.int; - description = lib.mdDoc "Maximum number of retries for the lock."; + description = "Maximum number of retries for the lock."; default = 10; example = 1; }; @@ -569,19 +569,19 @@ in redisSentinel = { endpoints = mkOption { type = types.listOf types.str; - description = lib.mdDoc "URLs that determine all distributed redis servers."; + description = "URLs that determine all distributed redis servers."; default = [ ]; example = [ "localhost:26379" ]; }; masterName = mkOption { type = types.str; - description = lib.mdDoc "Name of the sentinel master server."; + description = "Name of the sentinel master server."; default = ""; example = "redis-1"; }; sentinelPassword = mkOption { type = types.str; - description = lib.mdDoc "Password for the sentinel server. Warning: this is stored in plain text in the config file."; + description = "Password for the sentinel server. Warning: this is stored in plain text in the config file."; default = ""; example = "swordfish"; }; @@ -589,19 +589,19 @@ in lockConfig = { ttl = mkOption { type = types.int; - description = lib.mdDoc "TTL for the lock in seconds."; + description = "TTL for the lock in seconds."; default = 900; example = 1; }; timeout = mkOption { type = types.int; - description = lib.mdDoc "Timeout for the lock in seconds."; + description = "Timeout for the lock in seconds."; default = 15; example = 1; }; maxRetries = mkOption { type = types.int; - description = lib.mdDoc "Maximum number of retries for the lock."; + description = "Maximum number of retries for the lock."; default = 10; example = 1; }; @@ -613,7 +613,7 @@ in cdn = { endpoint = mkOption { type = types.nullOr types.str; - description = lib.mdDoc "hostname of the CDN server."; + description = "hostname of the CDN server."; example = "cdn.example.com"; default = null; }; @@ -622,7 +622,7 @@ in disk = { rootPath = mkOption { type = types.nullOr types.path; - description = lib.mdDoc "Athens disk root folder."; + description = "Athens disk root folder."; default = "/var/lib/athens"; }; }; @@ -630,19 +630,19 @@ in gcp = { projectID = mkOption { type = types.nullOr types.str; - description = lib.mdDoc "GCP project ID."; + description = "GCP project ID."; example = "my-project"; default = null; }; bucket = mkOption { type = types.nullOr types.str; - description = lib.mdDoc "GCP backend storage bucket."; + description = "GCP backend storage bucket."; example = "my-bucket"; default = null; }; jsonKey = mkOption { type = types.nullOr types.str; - description = lib.mdDoc "Base64 encoded GCP service account key. Warning: this is stored in plain text in the config file."; + description = "Base64 encoded GCP service account key. Warning: this is stored in plain text in the config file."; default = null; }; }; @@ -650,36 +650,36 @@ in minio = { endpoint = mkOption { type = types.nullOr types.str; - description = lib.mdDoc "Endpoint of the minio storage backend."; + description = "Endpoint of the minio storage backend."; example = "minio.example.com:9001"; default = null; }; key = mkOption { type = types.nullOr types.str; - description = lib.mdDoc "Access key id for the minio storage backend."; + description = "Access key id for the minio storage backend."; example = "minio"; default = null; }; secret = mkOption { type = types.nullOr types.str; - description = lib.mdDoc "Secret key for the minio storage backend. Warning: this is stored in plain text in the config file."; + description = "Secret key for the minio storage backend. Warning: this is stored in plain text in the config file."; example = "minio123"; default = null; }; enableSSL = mkOption { type = types.bool; - description = lib.mdDoc "Enable SSL for the minio storage backend."; + description = "Enable SSL for the minio storage backend."; default = false; }; bucket = mkOption { type = types.nullOr types.str; - description = lib.mdDoc "Bucket name for the minio storage backend."; + description = "Bucket name for the minio storage backend."; example = "gomods"; default = null; }; region = mkOption { type = types.nullOr types.str; - description = lib.mdDoc "Region for the minio storage backend."; + description = "Region for the minio storage backend."; example = "us-east-1"; default = null; }; @@ -688,25 +688,25 @@ in mongo = { url = mkOption { type = types.nullOr types.str; - description = lib.mdDoc "URL of the mongo database."; + description = "URL of the mongo database."; example = "mongodb://localhost:27017"; default = null; }; defaultDBName = mkOption { type = types.nullOr types.str; - description = lib.mdDoc "Name of the mongo database."; + description = "Name of the mongo database."; example = "athens"; default = null; }; certPath = mkOption { type = types.nullOr types.path; - description = lib.mdDoc "Path to the certificate file for the mongo database."; + description = "Path to the certificate file for the mongo database."; example = "/etc/ssl/mongo.pem"; default = null; }; insecure = mkOption { type = types.bool; - description = lib.mdDoc "Allow insecure connections to the mongo database."; + description = "Allow insecure connections to the mongo database."; default = false; }; }; @@ -714,55 +714,55 @@ in s3 = { region = mkOption { type = types.nullOr types.str; - description = lib.mdDoc "Region of the S3 storage backend."; + description = "Region of the S3 storage backend."; example = "eu-west-3"; default = null; }; key = mkOption { type = types.nullOr types.str; - description = lib.mdDoc "Access key id for the S3 storage backend."; + description = "Access key id for the S3 storage backend."; example = "minio"; default = null; }; secret = mkOption { type = types.str; - description = lib.mdDoc "Secret key for the S3 storage backend. Warning: this is stored in plain text in the config file."; + description = "Secret key for the S3 storage backend. Warning: this is stored in plain text in the config file."; default = ""; }; token = mkOption { type = types.nullOr types.str; - description = lib.mdDoc "Token for the S3 storage backend. Warning: this is stored in plain text in the config file."; + description = "Token for the S3 storage backend. Warning: this is stored in plain text in the config file."; default = null; }; bucket = mkOption { type = types.nullOr types.str; - description = lib.mdDoc "Bucket name for the S3 storage backend."; + description = "Bucket name for the S3 storage backend."; example = "gomods"; default = null; }; forcePathStyle = mkOption { type = types.bool; - description = lib.mdDoc "Force path style for the S3 storage backend."; + description = "Force path style for the S3 storage backend."; default = false; }; useDefaultConfiguration = mkOption { type = types.bool; - description = lib.mdDoc "Use default configuration for the S3 storage backend."; + description = "Use default configuration for the S3 storage backend."; default = false; }; credentialsEndpoint = mkOption { type = types.str; - description = lib.mdDoc "Credentials endpoint for the S3 storage backend."; + description = "Credentials endpoint for the S3 storage backend."; default = ""; }; awsContainerCredentialsRelativeURI = mkOption { type = types.nullOr types.str; - description = lib.mdDoc "Container relative url (used by fargate)."; + description = "Container relative url (used by fargate)."; default = null; }; endpoint = mkOption { type = types.nullOr types.str; - description = lib.mdDoc "Endpoint for the S3 storage backend."; + description = "Endpoint for the S3 storage backend."; default = null; }; }; @@ -770,17 +770,17 @@ in azureblob = { accountName = mkOption { type = types.nullOr types.str; - description = lib.mdDoc "Account name for the Azure Blob storage backend."; + description = "Account name for the Azure Blob storage backend."; default = null; }; accountKey = mkOption { type = types.nullOr types.str; - description = lib.mdDoc "Account key for the Azure Blob storage backend. Warning: this is stored in plain text in the config file."; + description = "Account key for the Azure Blob storage backend. Warning: this is stored in plain text in the config file."; default = null; }; containerName = mkOption { type = types.nullOr types.str; - description = lib.mdDoc "Container name for the Azure Blob storage backend."; + description = "Container name for the Azure Blob storage backend."; default = null; }; }; @@ -788,7 +788,7 @@ in external = { url = mkOption { type = types.nullOr types.str; - description = lib.mdDoc "URL of the backend storage layer."; + description = "URL of the backend storage layer."; example = "https://athens.example.com"; default = null; }; @@ -799,43 +799,43 @@ in mysql = { protocol = mkOption { type = types.str; - description = lib.mdDoc "Protocol for the MySQL database."; + description = "Protocol for the MySQL database."; default = "tcp"; }; host = mkOption { type = types.str; - description = lib.mdDoc "Host for the MySQL database."; + description = "Host for the MySQL database."; default = "localhost"; }; port = mkOption { type = types.int; - description = lib.mdDoc "Port for the MySQL database."; + description = "Port for the MySQL database."; default = 3306; }; user = mkOption { type = types.str; - description = lib.mdDoc "User for the MySQL database."; + description = "User for the MySQL database."; default = "root"; }; password = mkOption { type = types.nullOr types.str; - description = lib.mdDoc "Password for the MySQL database. Warning: this is stored in plain text in the config file."; + description = "Password for the MySQL database. Warning: this is stored in plain text in the config file."; default = null; }; database = mkOption { type = types.str; - description = lib.mdDoc "Database name for the MySQL database."; + description = "Database name for the MySQL database."; default = "athens"; }; params = { parseTime = mkOption { type = types.nullOr types.str; - description = lib.mdDoc "Parse time for the MySQL database."; + description = "Parse time for the MySQL database."; default = "true"; }; timeout = mkOption { type = types.nullOr types.str; - description = lib.mdDoc "Timeout for the MySQL database."; + description = "Timeout for the MySQL database."; default = "30s"; }; }; @@ -844,38 +844,38 @@ in postgres = { host = mkOption { type = types.str; - description = lib.mdDoc "Host for the Postgres database."; + description = "Host for the Postgres database."; default = "localhost"; }; port = mkOption { type = types.int; - description = lib.mdDoc "Port for the Postgres database."; + description = "Port for the Postgres database."; default = 5432; }; user = mkOption { type = types.str; - description = lib.mdDoc "User for the Postgres database."; + description = "User for the Postgres database."; default = "postgres"; }; password = mkOption { type = types.nullOr types.str; - description = lib.mdDoc "Password for the Postgres database. Warning: this is stored in plain text in the config file."; + description = "Password for the Postgres database. Warning: this is stored in plain text in the config file."; default = null; }; database = mkOption { type = types.str; - description = lib.mdDoc "Database name for the Postgres database."; + description = "Database name for the Postgres database."; default = "athens"; }; params = { connect_timeout = mkOption { type = types.nullOr types.str; - description = lib.mdDoc "Connect timeout for the Postgres database."; + description = "Connect timeout for the Postgres database."; default = "30s"; }; sslmode = mkOption { type = types.nullOr types.str; - description = lib.mdDoc "SSL mode for the Postgres database."; + description = "SSL mode for the Postgres database."; default = "disable"; }; }; @@ -884,7 +884,7 @@ in extraConfig = mkOption { type = types.attrs; - description = lib.mdDoc '' + description = '' Extra configuration options for the athens config file. ''; default = { }; diff --git a/nixpkgs/nixos/modules/services/development/blackfire.nix b/nixpkgs/nixos/modules/services/development/blackfire.nix index 3c98d7a281c6..9b76cfbca078 100644 --- a/nixpkgs/nixos/modules/services/development/blackfire.nix +++ b/nixpkgs/nixos/modules/services/development/blackfire.nix @@ -16,9 +16,9 @@ in { options = { services.blackfire-agent = { - enable = lib.mkEnableOption (lib.mdDoc "Blackfire profiler agent"); + enable = lib.mkEnableOption "Blackfire profiler agent"; settings = lib.mkOption { - description = lib.mdDoc '' + description = '' See https://blackfire.io/docs/up-and-running/configuration/agent ''; type = lib.types.submodule { @@ -27,7 +27,7 @@ in { options = { server-id = lib.mkOption { type = lib.types.str; - description = lib.mdDoc '' + description = '' Sets the server id used to authenticate with Blackfire You can find your personal server-id at https://blackfire.io/my/settings/credentials @@ -36,7 +36,7 @@ in { server-token = lib.mkOption { type = lib.types.str; - description = lib.mdDoc '' + description = '' Sets the server token used to authenticate with Blackfire You can find your personal server-token at https://blackfire.io/my/settings/credentials diff --git a/nixpkgs/nixos/modules/services/development/bloop.nix b/nixpkgs/nixos/modules/services/development/bloop.nix index 27da76a74432..c1180a8bbdd4 100644 --- a/nixpkgs/nixos/modules/services/development/bloop.nix +++ b/nixpkgs/nixos/modules/services/development/bloop.nix @@ -17,7 +17,7 @@ in { "-J-XX:MaxInlineLevel=20" "-J-XX:+UseParallelGC" ]; - description = lib.mdDoc '' + description = '' Specifies additional command line argument to pass to bloop java process. ''; @@ -26,7 +26,7 @@ in { install = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to install a user service for the Bloop server. The service must be manually started for each user with diff --git a/nixpkgs/nixos/modules/services/development/distccd.nix b/nixpkgs/nixos/modules/services/development/distccd.nix index c33bf436bffb..916c0905034c 100644 --- a/nixpkgs/nixos/modules/services/development/distccd.nix +++ b/nixpkgs/nixos/modules/services/development/distccd.nix @@ -8,13 +8,13 @@ in { options = { services.distccd = { - enable = mkEnableOption (lib.mdDoc "distccd"); + enable = mkEnableOption "distccd, a distributed C/C++ compiler"; allowedClients = mkOption { type = types.listOf types.str; default = [ "127.0.0.1" ]; example = [ "127.0.0.1" "192.168.0.0/24" "10.0.0.0/24" ]; - description = lib.mdDoc '' + description = '' Client IPs which are allowed to connect to distccd in CIDR notation. Anyone who can connect to the distccd server can run arbitrary @@ -26,7 +26,7 @@ in jobTimeout = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' Maximum duration, in seconds, of a single compilation request. ''; }; @@ -34,7 +34,7 @@ in logLevel = mkOption { type = types.nullOr (types.enum [ "critical" "error" "warning" "notice" "info" "debug" ]); default = "warning"; - description = lib.mdDoc '' + description = '' Set the minimum severity of error that will be included in the log file. Useful if you only want to see error messages rather than an entry for each connection. @@ -44,7 +44,7 @@ in maxJobs = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' Maximum number of tasks distccd should execute at any time. ''; }; @@ -53,7 +53,7 @@ in nice = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' Niceness of the compilation tasks. ''; }; @@ -61,7 +61,7 @@ in openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Opens the specified TCP port for distcc. ''; }; @@ -71,17 +71,17 @@ in port = mkOption { type = types.port; default = 3632; - description = lib.mdDoc '' + description = '' The TCP port which distccd will listen on. ''; }; stats = { - enable = mkEnableOption (lib.mdDoc "statistics reporting via HTTP server"); + enable = mkEnableOption "statistics reporting via HTTP server"; port = mkOption { type = types.port; default = 3633; - description = lib.mdDoc '' + description = '' The TCP port which the distccd statistics HTTP server will listen on. ''; @@ -91,7 +91,7 @@ in zeroconf = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to register via mDNS/DNS-SD ''; }; diff --git a/nixpkgs/nixos/modules/services/development/gemstash.nix b/nixpkgs/nixos/modules/services/development/gemstash.nix index eb7ccb98bde8..367930dadfb8 100644 --- a/nixpkgs/nixos/modules/services/development/gemstash.nix +++ b/nixpkgs/nixos/modules/services/development/gemstash.nix @@ -24,19 +24,19 @@ let in { options.services.gemstash = { - enable = mkEnableOption (lib.mdDoc "gemstash service"); + enable = mkEnableOption "gemstash, a cache for rubygems.org and a private gem server"; openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to open the firewall for the port in {option}`services.gemstash.bind`. ''; }; settings = mkOption { default = {}; - description = lib.mdDoc '' + description = '' Configuration for Gemstash. The details can be found at in [gemstash documentation](https://github.com/rubygems/gemstash/blob/master/man/gemstash-configuration.5.md). Each key set here is automatically prefixed with ":" to match the gemstash expectations. @@ -47,22 +47,22 @@ in base_path = mkOption { type = types.path; default = "/var/lib/gemstash"; - description = lib.mdDoc "Path to store the gem files and the sqlite database. If left unchanged, the directory will be created."; + description = "Path to store the gem files and the sqlite database. If left unchanged, the directory will be created."; }; bind = mkOption { type = types.str; default = "tcp://0.0.0.0:9292"; - description = lib.mdDoc "Host and port combination for the server to listen on."; + description = "Host and port combination for the server to listen on."; }; db_adapter = mkOption { type = types.nullOr (types.enum [ "sqlite3" "postgres" "mysql" "mysql2" ]); default = null; - description = lib.mdDoc "Which database type to use. For choices other than sqlite3, the dbUrl has to be specified as well."; + description = "Which database type to use. For choices other than sqlite3, the dbUrl has to be specified as well."; }; db_url = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "The database to connect to when using postgres, mysql, or mysql2."; + description = "The database to connect to when using postgres, mysql, or mysql2."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/development/hoogle.nix b/nixpkgs/nixos/modules/services/development/hoogle.nix index c90bb7f01902..1747ef391290 100644 --- a/nixpkgs/nixos/modules/services/development/hoogle.nix +++ b/nixpkgs/nixos/modules/services/development/hoogle.nix @@ -14,12 +14,12 @@ let in { options.services.hoogle = { - enable = mkEnableOption (lib.mdDoc "Haskell documentation server"); + enable = mkEnableOption "Haskell documentation server"; port = mkOption { type = types.port; default = 8080; - description = lib.mdDoc '' + description = '' Port number Hoogle will be listening to. ''; }; @@ -29,7 +29,7 @@ in { default = hp: []; defaultText = literalExpression "hp: []"; example = literalExpression "hp: with hp; [ text lens ]"; - description = lib.mdDoc '' + description = '' The Haskell packages to generate documentation for. The option value is a function that takes the package set specified in @@ -39,7 +39,7 @@ in { }; haskellPackages = mkOption { - description = lib.mdDoc "Which haskell package set to use."; + description = "Which haskell package set to use."; type = types.attrs; default = pkgs.haskellPackages; defaultText = literalExpression "pkgs.haskellPackages"; @@ -47,13 +47,13 @@ in { home = mkOption { type = types.str; - description = lib.mdDoc "Url for hoogle logo"; + description = "Url for hoogle logo"; default = "https://hoogle.haskell.org"; }; host = mkOption { type = types.str; - description = lib.mdDoc "Set the host to bind on."; + description = "Set the host to bind on."; default = "127.0.0.1"; }; @@ -61,7 +61,7 @@ in { type = types.listOf types.str; default = []; example = [ "--no-security-headers" ]; - description = lib.mdDoc '' + description = '' Additional command-line arguments to pass to {command}`hoogle server` ''; diff --git a/nixpkgs/nixos/modules/services/development/jupyter/default.nix b/nixpkgs/nixos/modules/services/development/jupyter/default.nix index da8c7547fdd7..561ea86ea18b 100644 --- a/nixpkgs/nixos/modules/services/development/jupyter/default.nix +++ b/nixpkgs/nixos/modules/services/development/jupyter/default.nix @@ -24,12 +24,12 @@ in { meta.maintainers = with maintainers; [ aborsu ]; options.services.jupyter = { - enable = mkEnableOption (lib.mdDoc "Jupyter development server"); + enable = mkEnableOption "Jupyter development server"; ip = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc '' + description = '' IP address Jupyter will be listening on. ''; }; @@ -43,7 +43,7 @@ in { type = types.str; default = "jupyter-notebook"; example = "jupyter-lab"; - description = lib.mdDoc '' + description = '' Which command the service runs. Note that not all jupyter packages have all commands, e.g. jupyter-lab isn't present in the default package. ''; @@ -52,7 +52,7 @@ in { port = mkOption { type = types.port; default = 8888; - description = lib.mdDoc '' + description = '' Port number Jupyter will be listening on. ''; }; @@ -60,7 +60,7 @@ in { notebookDir = mkOption { type = types.str; default = "~/"; - description = lib.mdDoc '' + description = '' Root directory for notebooks. ''; }; @@ -68,7 +68,7 @@ in { user = mkOption { type = types.str; default = "jupyter"; - description = lib.mdDoc '' + description = '' Name of the user used to run the jupyter service. For security reason, jupyter should really not be run as root. If not set (jupyter), the service will create a jupyter user with appropriate settings. @@ -79,7 +79,7 @@ in { group = mkOption { type = types.str; default = "jupyter"; - description = lib.mdDoc '' + description = '' Name of the group used to run the jupyter service. Use this if you want to create a group of users that are able to view the notebook directory's content. ''; @@ -88,7 +88,7 @@ in { password = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Password to use with notebook. Can be generated using: In [1]: from notebook.auth import passwd @@ -105,7 +105,7 @@ in { notebookConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Raw jupyter config. ''; }; @@ -142,7 +142,7 @@ in { }; } ''; - description = lib.mdDoc '' + description = '' Declarative kernel config. Kernels can be declared in any language that supports and has the required diff --git a/nixpkgs/nixos/modules/services/development/jupyter/kernel-options.nix b/nixpkgs/nixos/modules/services/development/jupyter/kernel-options.nix index 6e406152de47..8a91125e6cce 100644 --- a/nixpkgs/nixos/modules/services/development/jupyter/kernel-options.nix +++ b/nixpkgs/nixos/modules/services/development/jupyter/kernel-options.nix @@ -15,7 +15,7 @@ with lib; "Python 3" "Python 3 for Data Science" ''; - description = lib.mdDoc '' + description = '' Name that will be shown to the user. ''; }; @@ -29,7 +29,7 @@ with lib; "-f" "{connection_file}" ]; - description = lib.mdDoc '' + description = '' Command and arguments to start the kernel. ''; }; @@ -37,7 +37,7 @@ with lib; language = mkOption { type = types.str; example = "python"; - description = lib.mdDoc '' + description = '' Language of the environment. Typically the name of the binary. ''; }; @@ -46,7 +46,7 @@ with lib; type = types.attrsOf types.str; default = { }; example = { OMP_NUM_THREADS = "1"; }; - description = lib.mdDoc '' + description = '' Environment variables to set for the kernel. ''; }; @@ -55,7 +55,7 @@ with lib; type = types.nullOr types.path; default = null; example = literalExpression ''"''${env.sitePackages}/ipykernel/resources/logo-32x32.png"''; - description = lib.mdDoc '' + description = '' Path to 32x32 logo png. ''; }; @@ -63,7 +63,7 @@ with lib; type = types.nullOr types.path; default = null; example = literalExpression ''"''${env.sitePackages}/ipykernel/resources/logo-64x64.png"''; - description = lib.mdDoc '' + description = '' Path to 64x64 logo png. ''; }; @@ -72,7 +72,7 @@ with lib; type = types.attrsOf types.path; default = { }; example = literalExpression ''"{ examples = ''${env.sitePack}/IRkernel/kernelspec/kernel.js"; }''; - description = lib.mdDoc '' + description = '' Extra paths to link in kernel directory ''; }; diff --git a/nixpkgs/nixos/modules/services/development/jupyterhub/default.nix b/nixpkgs/nixos/modules/services/development/jupyterhub/default.nix index cebc35a50476..d9a37ad915d4 100644 --- a/nixpkgs/nixos/modules/services/development/jupyterhub/default.nix +++ b/nixpkgs/nixos/modules/services/development/jupyterhub/default.nix @@ -30,12 +30,12 @@ in { meta.maintainers = with maintainers; [ costrouc ]; options.services.jupyterhub = { - enable = mkEnableOption (lib.mdDoc "Jupyterhub development server"); + enable = mkEnableOption "Jupyterhub development server"; authentication = mkOption { type = types.str; default = "jupyterhub.auth.PAMAuthenticator"; - description = lib.mdDoc '' + description = '' Jupyterhub authentication to use There are many authenticators available including: oauth, pam, @@ -46,7 +46,7 @@ in { spawner = mkOption { type = types.str; default = "systemdspawner.SystemdSpawner"; - description = lib.mdDoc '' + description = '' Jupyterhub spawner to use There are many spawners available including: local process, @@ -57,7 +57,7 @@ in { extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra contents appended to the jupyterhub configuration Jupyterhub configuration is a normal python file using @@ -84,7 +84,7 @@ in { jupyterhub-systemdspawner ]) ''; - description = lib.mdDoc '' + description = '' Python environment to run jupyterhub Customizing will affect the packages available in the hub and @@ -106,7 +106,7 @@ in { jupyterlab ]) ''; - description = lib.mdDoc '' + description = '' Python environment to run jupyterlab Customizing will affect the packages available in the @@ -146,7 +146,7 @@ in { }; } ''; - description = lib.mdDoc '' + description = '' Declarative kernel config Kernels can be declared in any language that supports and has @@ -159,7 +159,7 @@ in { port = mkOption { type = types.port; default = 8000; - description = lib.mdDoc '' + description = '' Port number Jupyterhub will be listening on ''; }; @@ -167,7 +167,7 @@ in { host = mkOption { type = types.str; default = "0.0.0.0"; - description = lib.mdDoc '' + description = '' Bind IP JupyterHub will be listening on ''; }; @@ -175,7 +175,7 @@ in { stateDirectory = mkOption { type = types.str; default = "jupyterhub"; - description = lib.mdDoc '' + description = '' Directory for jupyterhub state (token + database) ''; }; diff --git a/nixpkgs/nixos/modules/services/development/livebook.nix b/nixpkgs/nixos/modules/services/development/livebook.nix index df0e6e01e97c..c7a6e3537579 100644 --- a/nixpkgs/nixos/modules/services/development/livebook.nix +++ b/nixpkgs/nixos/modules/services/development/livebook.nix @@ -17,7 +17,7 @@ in environment = mkOption { type = with types; attrsOf (nullOr (oneOf [ bool int str ])); default = { }; - description = lib.mdDoc '' + description = '' Environment variables to set. Livebook is configured through the use of environment variables. The @@ -47,7 +47,7 @@ in environmentFile = mkOption { type = with types; nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Additional dnvironment file as defined in {manpage}`systemd.exec(5)`. Secrets like {env}`LIVEBOOK_PASSWORD` (which is used to specify the @@ -75,7 +75,7 @@ in extraPackages = mkOption { type = with types; listOf package; default = [ ]; - description = lib.mdDoc '' + description = '' Extra packages to make available to the Livebook service. ''; example = literalExpression "with pkgs; [ gcc gnumake ]"; diff --git a/nixpkgs/nixos/modules/services/development/lorri.nix b/nixpkgs/nixos/modules/services/development/lorri.nix index df3d814d7444..4aba3836e323 100644 --- a/nixpkgs/nixos/modules/services/development/lorri.nix +++ b/nixpkgs/nixos/modules/services/development/lorri.nix @@ -9,7 +9,7 @@ in { enable = lib.mkOption { default = false; type = lib.types.bool; - description = lib.mdDoc '' + description = '' Enables the daemon for `lorri`, a nix-shell replacement for project development. The socket-activated daemon starts on the first request issued by the `lorri` command. @@ -18,7 +18,7 @@ in { package = lib.mkOption { default = pkgs.lorri; type = lib.types.package; - description = lib.mdDoc '' + description = '' The lorri package to use. ''; defaultText = lib.literalExpression "pkgs.lorri"; diff --git a/nixpkgs/nixos/modules/services/development/rstudio-server/default.nix b/nixpkgs/nixos/modules/services/development/rstudio-server/default.nix index fc3756edf0ab..0126e105b3d3 100644 --- a/nixpkgs/nixos/modules/services/development/rstudio-server/default.nix +++ b/nixpkgs/nixos/modules/services/development/rstudio-server/default.nix @@ -21,12 +21,12 @@ in meta.maintainers = with maintainers; [ jbedo cfhammill ]; options.services.rstudio-server = { - enable = mkEnableOption (lib.mdDoc "RStudio server"); + enable = mkEnableOption "RStudio server"; serverWorkingDir = mkOption { type = types.str; default = "/var/lib/rstudio-server"; - description = lib.mdDoc '' + description = '' Default working directory for server (server-working-dir in rserver.conf). ''; }; @@ -34,7 +34,7 @@ in listenAddr = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc '' + description = '' Address to listen on (www-address in rserver.conf). ''; }; @@ -46,7 +46,7 @@ in rserverExtraConfig = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Extra contents for rserver.conf. ''; }; @@ -54,7 +54,7 @@ in rsessionExtraConfig = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Extra contents for resssion.conf. ''; }; diff --git a/nixpkgs/nixos/modules/services/development/zammad.nix b/nixpkgs/nixos/modules/services/development/zammad.nix index c084d6541ad3..0659c48e815e 100644 --- a/nixpkgs/nixos/modules/services/development/zammad.nix +++ b/nixpkgs/nixos/modules/services/development/zammad.nix @@ -29,14 +29,14 @@ in options = { services.zammad = { - enable = mkEnableOption (lib.mdDoc "Zammad, a web-based, open source user support/ticketing solution"); + enable = mkEnableOption "Zammad, a web-based, open source user support/ticketing solution"; package = mkPackageOption pkgs "zammad" { }; dataDir = mkOption { type = types.path; default = "/var/lib/zammad"; - description = lib.mdDoc '' + description = '' Path to a folder that will contain Zammad working directory. ''; }; @@ -45,38 +45,38 @@ in type = types.str; default = "127.0.0.1"; example = "192.168.23.42"; - description = lib.mdDoc "Host address."; + description = "Host address."; }; openPorts = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to open firewall ports for Zammad"; + description = "Whether to open firewall ports for Zammad"; }; port = mkOption { type = types.port; default = 3000; - description = lib.mdDoc "Web service port."; + description = "Web service port."; }; websocketPort = mkOption { type = types.port; default = 6042; - description = lib.mdDoc "Websocket service port."; + description = "Websocket service port."; }; redis = { createLocally = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to create a local redis automatically."; + description = "Whether to create a local redis automatically."; }; name = mkOption { type = types.str; default = "zammad"; - description = lib.mdDoc '' + description = '' Name of the redis server. Only used if `createLocally` is set to true. ''; }; @@ -84,7 +84,7 @@ in host = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc '' + description = '' Redis server address. ''; }; @@ -92,7 +92,7 @@ in port = mkOption { type = types.port; default = 6379; - description = lib.mdDoc "Port of the redis server."; + description = "Port of the redis server."; }; }; @@ -101,7 +101,7 @@ in type = types.enum [ "PostgreSQL" "MySQL" ]; default = "PostgreSQL"; example = "MySQL"; - description = lib.mdDoc "Database engine to use."; + description = "Database engine to use."; }; host = mkOption { @@ -116,7 +116,7 @@ in MySQL = "localhost"; }.''${config.services.zammad.database.type}; ''; - description = lib.mdDoc '' + description = '' Database host address. ''; }; @@ -124,13 +124,13 @@ in port = mkOption { type = types.nullOr types.port; default = null; - description = lib.mdDoc "Database port. Use `null` for default port."; + description = "Database port. Use `null` for default port."; }; name = mkOption { type = types.str; default = "zammad"; - description = lib.mdDoc '' + description = '' Database name. ''; }; @@ -138,14 +138,14 @@ in user = mkOption { type = types.nullOr types.str; default = "zammad"; - description = lib.mdDoc "Database user."; + description = "Database user."; }; passwordFile = mkOption { type = types.nullOr types.path; default = null; example = "/run/keys/zammad-dbpassword"; - description = lib.mdDoc '' + description = '' A file containing the password for {option}`services.zammad.database.user`. ''; }; @@ -153,7 +153,7 @@ in createLocally = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to create a local database automatically."; + description = "Whether to create a local database automatically."; }; settings = mkOption { @@ -163,7 +163,7 @@ in { } ''; - description = lib.mdDoc '' + description = '' The {file}`database.yml` configuration file as key value set. See \<TODO\> for list of configuration parameters. @@ -175,7 +175,7 @@ in type = types.nullOr types.path; default = null; example = "/run/keys/secret_key_base"; - description = lib.mdDoc '' + description = '' The path to a file containing the `secret_key_base` secret. diff --git a/nixpkgs/nixos/modules/services/display-managers/default.nix b/nixpkgs/nixos/modules/services/display-managers/default.nix new file mode 100644 index 000000000000..005ae8f1c8a5 --- /dev/null +++ b/nixpkgs/nixos/modules/services/display-managers/default.nix @@ -0,0 +1,233 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.services.displayManager; + + installedSessions = pkgs.runCommand "desktops" + { # trivial derivation + preferLocalBuild = true; + allowSubstitutes = false; + } + '' + mkdir -p "$out/share/"{xsessions,wayland-sessions} + + ${lib.concatMapStrings (pkg: '' + for n in ${lib.concatStringsSep " " pkg.providedSessions}; do + if ! test -f ${pkg}/share/wayland-sessions/$n.desktop -o \ + -f ${pkg}/share/xsessions/$n.desktop; then + echo "Couldn't find provided session name, $n.desktop, in session package ${pkg.name}:" + echo " ${pkg}" + return 1 + fi + done + + if test -d ${pkg}/share/xsessions; then + ${pkgs.buildPackages.xorg.lndir}/bin/lndir ${pkg}/share/xsessions $out/share/xsessions + fi + if test -d ${pkg}/share/wayland-sessions; then + ${pkgs.buildPackages.xorg.lndir}/bin/lndir ${pkg}/share/wayland-sessions $out/share/wayland-sessions + fi + '') cfg.sessionPackages} + ''; +in +{ + options = { + services.displayManager = { + enable = lib.mkEnableOption "systemd's display-manager service"; + + preStart = lib.mkOption { + type = lib.types.lines; + default = ""; + example = "rm -f /var/log/my-display-manager.log"; + description = "Script executed before the display manager is started."; + }; + + execCmd = lib.mkOption { + type = lib.types.str; + example = lib.literalExpression ''"''${pkgs.lightdm}/bin/lightdm"''; + description = "Command to start the display manager."; + }; + + environment = lib.mkOption { + type = with lib.types; attrsOf unspecified; + default = {}; + description = "Additional environment variables needed by the display manager."; + }; + + hiddenUsers = lib.mkOption { + type = with lib.types; listOf str; + default = [ "nobody" ]; + description = '' + A list of users which will not be shown in the display manager. + ''; + }; + + logToFile = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + Whether the display manager redirects the output of the + session script to {file}`~/.xsession-errors`. + ''; + }; + + logToJournal = lib.mkOption { + type = lib.types.bool; + default = true; + description = '' + Whether the display manager redirects the output of the + session script to the systemd journal. + ''; + }; + + # Configuration for automatic login. Common for all DM. + autoLogin = lib.mkOption { + type = lib.types.submodule ({ config, options, ... }: { + options = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.user != null; + defaultText = lib.literalExpression "config.${options.user} != null"; + description = '' + Automatically log in as {option}`autoLogin.user`. + ''; + }; + + user = lib.mkOption { + type = with lib.types; nullOr str; + default = null; + description = '' + User to be used for the automatic login. + ''; + }; + }; + }); + + default = {}; + description = '' + Auto login configuration attrset. + ''; + }; + + defaultSession = lib.mkOption { + type = lib.types.nullOr lib.types.str // { + description = "session name"; + check = d: + lib.assertMsg (d != null -> (lib.types.str.check d && lib.elem d config.services.displayManager.sessionData.sessionNames)) '' + Default graphical session, '${d}', not found. + Valid names for 'services.displayManager.defaultSession' are: + ${lib.concatStringsSep "\n " cfg.displayManager.sessionData.sessionNames} + ''; + }; + default = null; + example = "gnome"; + description = '' + Graphical session to pre-select in the session chooser (only effective for GDM, LightDM and SDDM). + + On GDM, LightDM and SDDM, it will also be used as a session for auto-login. + ''; + }; + + sessionData = lib.mkOption { + description = "Data exported for display managers’ convenience"; + internal = true; + default = {}; + }; + + sessionPackages = lib.mkOption { + type = lib.types.listOf (lib.types.package // { + description = "package with provided sessions"; + check = p: lib.assertMsg + (lib.types.package.check p && p ? providedSessions + && p.providedSessions != [] && lib.all lib.isString p.providedSessions) + '' + Package, '${p.name}', did not specify any session names, as strings, in + 'passthru.providedSessions'. This is required when used as a session package. + + The session names can be looked up in: + ${p}/share/xsessions + ${p}/share/wayland-sessions + ''; + }); + default = []; + description = '' + A list of packages containing x11 or wayland session files to be passed to the display manager. + ''; + }; + }; + }; + + imports = [ + (lib.mkRenamedOptionModule [ "services" "xserver" "displayManager" "autoLogin" ] [ "services" "displayManager" "autoLogin" ]) + (lib.mkRenamedOptionModule [ "services" "xserver" "displayManager" "defaultSession" ] [ "services" "displayManager" "defaultSession" ]) + (lib.mkRenamedOptionModule [ "services" "xserver" "displayManager" "hiddenUsers" ] [ "services" "displayManager" "hiddenUsers" ]) + (lib.mkRenamedOptionModule [ "services" "xserver" "displayManager" "job" "environment" ] [ "services" "displayManager" "environment" ]) + (lib.mkRenamedOptionModule [ "services" "xserver" "displayManager" "job" "execCmd" ] [ "services" "displayManager" "execCmd" ]) + (lib.mkRenamedOptionModule [ "services" "xserver" "displayManager" "job" "logToFile" ] [ "services" "displayManager" "logToFile" ]) + (lib.mkRenamedOptionModule [ "services" "xserver" "displayManager" "job" "logToJournal" ] [ "services" "displayManager" "logToJournal" ]) + (lib.mkRenamedOptionModule [ "services" "xserver" "displayManager" "job" "preStart" ] [ "services" "displayManager" "preStart" ]) + (lib.mkRenamedOptionModule [ "services" "xserver" "displayManager" "sessionData" ] [ "services" "displayManager" "sessionData" ]) + (lib.mkRenamedOptionModule [ "services" "xserver" "displayManager" "sessionPackages" ] [ "services" "displayManager" "sessionPackages" ]) + ]; + + config = lib.mkIf cfg.enable { + assertions = [ + { assertion = cfg.autoLogin.enable -> cfg.autoLogin.user != null; + message = '' + services.displayManager.autoLogin.enable requires services.displayManager.autoLogin.user to be set + ''; + } + ]; + + # Make xsessions and wayland sessions available in XDG_DATA_DIRS + # as some programs have behavior that depends on them being present + environment.sessionVariables.XDG_DATA_DIRS = lib.mkIf (cfg.sessionPackages != [ ]) [ + "${cfg.sessionData.desktops}/share" + ]; + + services.displayManager.sessionData = { + desktops = installedSessions; + sessionNames = lib.concatMap (p: p.providedSessions) config.services.displayManager.sessionPackages; + # We do not want to force users to set defaultSession when they have only single DE. + autologinSession = + if cfg.defaultSession != null then + cfg.defaultSession + else if cfg.sessionData.sessionNames != [] then + lib.head cfg.sessionData.sessionNames + else + null; + }; + + # so that the service won't be enabled when only startx is used + systemd.services.display-manager.enable = + let dmConf = config.services.xserver.displayManager; + noDmUsed = !(dmConf.gdm.enable + || cfg.sddm.enable + || dmConf.xpra.enable + || dmConf.lightdm.enable); + in lib.mkIf noDmUsed (lib.mkDefault false); + + systemd.services.display-manager = { + description = "Display Manager"; + after = [ "acpid.service" "systemd-logind.service" "systemd-user-sessions.service" ]; + restartIfChanged = false; + + environment = lib.optionalAttrs config.hardware.opengl.setLdLibraryPath { + LD_LIBRARY_PATH = lib.makeLibraryPath [ pkgs.addOpenGLRunpath.driverLink ]; + } // cfg.environment; + + preStart = cfg.preStart; + script = lib.mkIf (config.systemd.services.display-manager.enable == true) cfg.execCmd; + + # Stop restarting if the display manager stops (crashes) 2 times + # in one minute. Starting X typically takes 3-4s. + startLimitIntervalSec = 30; + startLimitBurst = 3; + serviceConfig = { + Restart = "always"; + RestartSec = "200ms"; + SyslogIdentifier = "display-manager"; + }; + }; + }; +} diff --git a/nixpkgs/nixos/modules/services/display-managers/greetd.nix b/nixpkgs/nixos/modules/services/display-managers/greetd.nix index 5ce67c3fb3fd..c07b225fc4d9 100644 --- a/nixpkgs/nixos/modules/services/display-managers/greetd.nix +++ b/nixpkgs/nixos/modules/services/display-managers/greetd.nix @@ -8,7 +8,7 @@ let in { options.services.greetd = { - enable = mkEnableOption (lib.mdDoc "greetd"); + enable = mkEnableOption "greetd, a minimal and flexible login manager daemon"; package = mkPackageOption pkgs [ "greetd" "greetd" ] { }; @@ -21,7 +21,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' greetd configuration ([documentation](https://man.sr.ht/~kennylevinsen/greetd/)) as a Nix attribute set. ''; @@ -30,7 +30,7 @@ in vt = mkOption { type = types.int; default = 1; - description = lib.mdDoc '' + description = '' The virtual console (tty) that greetd should use. This option also disables getty on that tty. ''; }; @@ -39,7 +39,7 @@ in type = types.bool; default = !(cfg.settings ? initial_session); defaultText = literalExpression "!(config.services.greetd.settings ? initial_session)"; - description = lib.mdDoc '' + description = '' Whether to restart greetd when it terminates (e.g. on failure). This is usually desirable so a user can always log in, but should be disabled when using 'settings.initial_session' (autologin), because every greetd restart will trigger the autologin again. @@ -60,6 +60,9 @@ in # This prevents nixos-rebuild from killing greetd by activating getty again systemd.services."autovt@${tty}".enable = false; + # Enable desktop session data + services.displayManager.enable = lib.mkDefault true; + systemd.services.greetd = { aliases = [ "display-manager.service" ]; diff --git a/nixpkgs/nixos/modules/services/x11/display-managers/sddm.nix b/nixpkgs/nixos/modules/services/display-managers/sddm.nix index a315a3ebf322..a6bfa213fe38 100644 --- a/nixpkgs/nixos/modules/services/x11/display-managers/sddm.nix +++ b/nixpkgs/nixos/modules/services/display-managers/sddm.nix @@ -2,8 +2,8 @@ let xcfg = config.services.xserver; - dmcfg = xcfg.displayManager; - cfg = dmcfg.sddm; + dmcfg = config.services.displayManager; + cfg = config.services.displayManager.sddm; xEnv = config.systemd.services.display-manager.environment; sddm = cfg.package.override (old: { @@ -21,12 +21,12 @@ let xserverWrapper = pkgs.writeShellScript "xserver-wrapper" '' ${concatMapStrings (n: "export ${n}=\"${getAttr n xEnv}\"\n") (attrNames xEnv)} - exec systemd-cat -t xserver-wrapper ${dmcfg.xserverBin} ${toString dmcfg.xserverArgs} "$@" + exec systemd-cat -t xserver-wrapper ${xcfg.displayManager.xserverBin} ${toString xcfg.displayManager.xserverArgs} "$@" ''; Xsetup = pkgs.writeShellScript "Xsetup" '' ${cfg.setupScript} - ${dmcfg.setupCommands} + ${xcfg.displayManager.setupCommands} ''; Xstop = pkgs.writeShellScript "Xstop" '' @@ -40,7 +40,7 @@ let Numlock = if cfg.autoNumlock then "on" else "none"; # on, off none # Implementation is done via pkgs/applications/display-managers/sddm/sddm-default-session.patch - DefaultSession = optionalString (dmcfg.defaultSession != null) "${dmcfg.defaultSession}.desktop"; + DefaultSession = optionalString (config.services.displayManager.defaultSession != null) "${config.services.displayManager.defaultSession}.desktop"; DisplayServer = if cfg.wayland.enable then "wayland" else "x11"; } // optionalAttrs (cfg.wayland.compositor == "kwin") { @@ -66,7 +66,7 @@ let HideShells = "/run/current-system/sw/bin/nologin"; }; - X11 = { + X11 = optionalAttrs xcfg.enable { MinimumVT = if xcfg.tty != null then xcfg.tty else 7; ServerPath = toString xserverWrapper; XephyrPath = "${pkgs.xorg.xorgserver.out}/bin/Xephyr"; @@ -111,8 +111,8 @@ let let westonIni = (pkgs.formats.ini { }).generate "weston.ini" { libinput = { - enable-tap = xcfg.libinput.mouse.tapping; - left-handed = xcfg.libinput.mouse.leftHanded; + enable-tap = config.services.libinput.mouse.tapping; + left-handed = config.services.libinput.mouse.leftHanded; }; keyboard = { keymap_model = xcfg.xkb.model; @@ -128,27 +128,40 @@ let in { imports = [ + (mkRenamedOptionModule [ "services" "xserver" "displayManager" "sddm" "autoLogin" "minimumUid" ] [ "services" "displayManager" "sddm" "autoLogin" "minimumUid" ]) + (mkRenamedOptionModule [ "services" "xserver" "displayManager" "sddm" "autoLogin" "relogin" ] [ "services" "displayManager" "sddm" "autoLogin" "relogin" ]) + (mkRenamedOptionModule [ "services" "xserver" "displayManager" "sddm" "autoNumlock" ] [ "services" "displayManager" "sddm" "autoNumlock" ]) + (mkRenamedOptionModule [ "services" "xserver" "displayManager" "sddm" "enable" ] [ "services" "displayManager" "sddm" "enable" ]) + (mkRenamedOptionModule [ "services" "xserver" "displayManager" "sddm" "enableHidpi" ] [ "services" "displayManager" "sddm" "enableHidpi" ]) + (mkRenamedOptionModule [ "services" "xserver" "displayManager" "sddm" "extraPackages" ] [ "services" "displayManager" "sddm" "extraPackages" ]) + (mkRenamedOptionModule [ "services" "xserver" "displayManager" "sddm" "package" ] [ "services" "displayManager" "sddm" "package" ]) + (mkRenamedOptionModule [ "services" "xserver" "displayManager" "sddm" "settings" ] [ "services" "displayManager" "sddm" "settings" ]) + (mkRenamedOptionModule [ "services" "xserver" "displayManager" "sddm" "setupScript" ] [ "services" "displayManager" "sddm" "setupScript" ]) + (mkRenamedOptionModule [ "services" "xserver" "displayManager" "sddm" "stopScript" ] [ "services" "displayManager" "sddm" "stopScript" ]) + (mkRenamedOptionModule [ "services" "xserver" "displayManager" "sddm" "theme" ] [ "services" "displayManager" "sddm" "theme" ]) + (mkRenamedOptionModule [ "services" "xserver" "displayManager" "sddm" "wayland" "enable" ] [ "services" "displayManager" "sddm" "wayland" "enable" ]) + (mkRemovedOptionModule - [ "services" "xserver" "displayManager" "sddm" "themes" ] - "Set the option `services.xserver.displayManager.sddm.package' instead.") + [ "services" "displayManager" "sddm" "themes" ] + "Set the option `services.displayManager.sddm.package' instead.") (mkRenamedOptionModule - [ "services" "xserver" "displayManager" "sddm" "autoLogin" "enable" ] - [ "services" "xserver" "displayManager" "autoLogin" "enable" ]) + [ "services" "displayManager" "sddm" "autoLogin" "enable" ] + [ "services" "displayManager" "autoLogin" "enable" ]) (mkRenamedOptionModule - [ "services" "xserver" "displayManager" "sddm" "autoLogin" "user" ] - [ "services" "xserver" "displayManager" "autoLogin" "user" ]) + [ "services" "displayManager" "sddm" "autoLogin" "user" ] + [ "services" "displayManager" "autoLogin" "user" ]) (mkRemovedOptionModule - [ "services" "xserver" "displayManager" "sddm" "extraConfig" ] - "Set the option `services.xserver.displayManager.sddm.settings' instead.") + [ "services" "displayManager" "sddm" "extraConfig" ] + "Set the option `services.displayManager.sddm.settings' instead.") ]; options = { - services.xserver.displayManager.sddm = { + services.displayManager.sddm = { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable sddm as the display manager. ''; }; @@ -158,7 +171,7 @@ in enableHidpi = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable automatic HiDPI mode. ''; }; @@ -172,7 +185,7 @@ in Session = "plasma.desktop"; }; }; - description = lib.mdDoc '' + description = '' Extra settings merged in and overwriting defaults in sddm.conf. ''; }; @@ -180,7 +193,7 @@ in theme = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Greeter theme to use. ''; }; @@ -189,7 +202,7 @@ in type = types.listOf types.package; default = [ ]; defaultText = "[]"; - description = lib.mdDoc '' + description = '' Extra Qt plugins / QML libraries to add to the environment. ''; }; @@ -197,7 +210,7 @@ in autoNumlock = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable numlock at login. ''; }; @@ -210,7 +223,7 @@ in xrandr --setprovideroutputsource modesetting NVIDIA-0 xrandr --auto ''; - description = lib.mdDoc '' + description = '' A script to execute when starting the display server. DEPRECATED, please use {option}`services.xserver.displayManager.setupCommands`. ''; @@ -219,7 +232,7 @@ in stopScript = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' A script to execute when stopping the display server. ''; }; @@ -229,7 +242,7 @@ in relogin = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' If true automatic login will kick in again on session exit (logout), otherwise it will only log in automatically when the display-manager is started. ''; @@ -238,7 +251,7 @@ in minimumUid = mkOption { type = types.ints.u16; default = 1000; - description = lib.mdDoc '' + description = '' Minimum user ID for auto-login user. ''; }; @@ -249,7 +262,7 @@ in enable = mkEnableOption "experimental Wayland support"; compositor = mkOption { - description = lib.mdDoc "The compositor to use: ${lib.concatStringsSep ", " (builtins.attrNames compositorCmds)}"; + description = "The compositor to use: ${lib.concatStringsSep ", " (builtins.attrNames compositorCmds)}"; type = types.enum (builtins.attrNames compositorCmds); default = "weston"; }; @@ -258,7 +271,7 @@ in type = types.str; internal = true; default = compositorCmds.${cfg.wayland.compositor}; - description = lib.mdDoc "Command used to start the selected compositor"; + description = "Command used to start the selected compositor"; }; }; }; @@ -268,19 +281,24 @@ in assertions = [ { - assertion = xcfg.enable; + assertion = xcfg.enable || cfg.wayland.enable; message = '' - SDDM requires services.xserver.enable to be true + SDDM requires either services.xserver.enable or services.displayManager.sddm.wayland.enable to be true ''; } { - assertion = dmcfg.autoLogin.enable -> autoLoginSessionName != null; + assertion = config.services.displayManager.autoLogin.enable -> autoLoginSessionName != null; message = '' - SDDM auto-login requires that services.xserver.displayManager.defaultSession is set. + SDDM auto-login requires that services.displayManager.defaultSession is set. ''; } ]; + services.displayManager = { + enable = true; + execCmd = "exec /run/current-system/sw/bin/sddm"; + }; + security.pam.services = { sddm.text = '' auth substack login @@ -338,7 +356,6 @@ in services = { dbus.packages = [ sddm ]; xserver = { - displayManager.job.execCmd = "exec /run/current-system/sw/bin/sddm"; # To enable user switching, allow sddm to allocate TTYs/displays dynamically. tty = null; display = null; diff --git a/nixpkgs/nixos/modules/services/editors/emacs.md b/nixpkgs/nixos/modules/services/editors/emacs.md index 885f927422bd..da1028675155 100644 --- a/nixpkgs/nixos/modules/services/editors/emacs.md +++ b/nixpkgs/nixos/modules/services/editors/emacs.md @@ -366,44 +366,3 @@ convenient if you regularly edit Nix files. You can use `woman` to get completion of all available man pages. For example, type `M-x woman <RET> nixos-rebuild <RET>.` -### Editing DocBook 5 XML Documents {#sec-emacs-docbook-xml} - -Emacs includes -[nXML](https://www.gnu.org/software/emacs/manual/html_node/nxml-mode/Introduction.html), -a major-mode for validating and editing XML documents. When editing DocBook -5.0 documents, such as [this one](#book-nixos-manual), -nXML needs to be configured with the relevant schema, which is not -included. - -To install the DocBook 5.0 schemas, either add -{var}`pkgs.docbook5` to [](#opt-environment.systemPackages) -([NixOS](#sec-declarative-package-mgmt)), or run -`nix-env -f '<nixpkgs>' -iA docbook5` -([Nix](#sec-ad-hoc-packages)). - -Then customize the variable {var}`rng-schema-locating-files` to -include {file}`~/.emacs.d/schemas.xml` and put the following -text into that file: -::: {.example #ex-emacs-docbook-xml} -### nXML Schema Configuration (`~/.emacs.d/schemas.xml`) - -```xml -<?xml version="1.0"?> -<!-- - To let emacs find this file, evaluate: - (add-to-list 'rng-schema-locating-files "~/.emacs.d/schemas.xml") ---> -<locatingRules xmlns="http://thaiopensource.com/ns/locating-rules/1.0"> - <!-- - Use this variation if pkgs.docbook5 is added to environment.systemPackages - --> - <namespace ns="http://docbook.org/ns/docbook" - uri="/run/current-system/sw/share/xml/docbook-5.0/rng/docbookxi.rnc"/> - <!-- - Use this variation if installing schema with "nix-env -iA pkgs.docbook5". - <namespace ns="http://docbook.org/ns/docbook" - uri="../.nix-profile/share/xml/docbook-5.0/rng/docbookxi.rnc"/> - --> -</locatingRules> -``` -::: diff --git a/nixpkgs/nixos/modules/services/editors/emacs.nix b/nixpkgs/nixos/modules/services/editors/emacs.nix index ff6fd85d8a9b..35f257cee1e3 100644 --- a/nixpkgs/nixos/modules/services/editors/emacs.nix +++ b/nixpkgs/nixos/modules/services/editors/emacs.nix @@ -22,7 +22,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable a user service for the Emacs daemon. Use `emacsclient` to connect to the daemon. If `true`, {var}`services.emacs.install` is considered `true`, whatever its value. @@ -32,7 +32,7 @@ in install = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to install a user service for the Emacs daemon. Once the service is started, use emacsclient to connect to the daemon. @@ -49,7 +49,7 @@ in defaultEditor = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' When enabled, configures emacsclient to be the default editor using the EDITOR environment variable. ''; @@ -59,7 +59,7 @@ in type = types.bool; default = config.services.xserver.enable; defaultText = literalExpression "config.services.xserver.enable"; - description = lib.mdDoc '' + description = '' Start emacs with the graphical session instead of any session. Without this, emacs clients will not be able to create frames in the graphical session. ''; }; diff --git a/nixpkgs/nixos/modules/services/editors/haste.nix b/nixpkgs/nixos/modules/services/editors/haste.nix index a46415d43634..f2a40e62e718 100644 --- a/nixpkgs/nixos/modules/services/editors/haste.nix +++ b/nixpkgs/nixos/modules/services/editors/haste.nix @@ -10,11 +10,11 @@ let in { options.services.haste-server = { - enable = mkEnableOption (lib.mdDoc "haste-server"); - openFirewall = mkEnableOption (lib.mdDoc "firewall passthrough for haste-server"); + enable = mkEnableOption "haste-server"; + openFirewall = mkEnableOption "firewall passthrough for haste-server"; settings = mkOption { - description = lib.mdDoc '' + description = '' Configuration for haste-server. For documentation see [project readme](https://github.com/toptal/haste-server#settings) ''; diff --git a/nixpkgs/nixos/modules/services/editors/infinoted.nix b/nixpkgs/nixos/modules/services/editors/infinoted.nix index 976163d4d0b2..2a7f1d45c2d8 100644 --- a/nixpkgs/nixos/modules/services/editors/infinoted.nix +++ b/nixpkgs/nixos/modules/services/editors/infinoted.nix @@ -6,14 +6,14 @@ let cfg = config.services.infinoted; in { options.services.infinoted = { - enable = mkEnableOption (lib.mdDoc "infinoted"); + enable = mkEnableOption "infinoted"; package = mkPackageOption pkgs "libinfinity" { }; keyFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Private key to use for TLS ''; }; @@ -21,7 +21,7 @@ in { certificateFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Server certificate to use for TLS ''; }; @@ -29,7 +29,7 @@ in { certificateChain = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Chain of CA-certificates to which our `certificateFile` is relative. Optional for TLS. ''; @@ -38,7 +38,7 @@ in { securityPolicy = mkOption { type = types.enum ["no-tls" "allow-tls" "require-tls"]; default = "require-tls"; - description = lib.mdDoc '' + description = '' How strictly to enforce clients connection with TLS. ''; }; @@ -46,7 +46,7 @@ in { port = mkOption { type = types.port; default = 6523; - description = lib.mdDoc '' + description = '' Port to listen on ''; }; @@ -54,7 +54,7 @@ in { rootDirectory = mkOption { type = types.path; default = "/var/lib/infinoted/documents/"; - description = lib.mdDoc '' + description = '' Root of the directory structure to serve ''; }; @@ -62,7 +62,7 @@ in { plugins = mkOption { type = types.listOf types.str; default = [ "note-text" "note-chat" "logging" "autosave" ]; - description = lib.mdDoc '' + description = '' Plugins to enable ''; }; @@ -70,7 +70,7 @@ in { passwordFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' File to read server-wide password from ''; }; @@ -81,7 +81,7 @@ in { [autosave] interval=10 ''; - description = lib.mdDoc '' + description = '' Additional configuration to append to infinoted.conf ''; }; @@ -89,7 +89,7 @@ in { user = mkOption { type = types.str; default = "infinoted"; - description = lib.mdDoc '' + description = '' What to call the dedicated user under which infinoted is run ''; }; @@ -97,7 +97,7 @@ in { group = mkOption { type = types.str; default = "infinoted"; - description = lib.mdDoc '' + description = '' What to call the primary group of the dedicated user under which infinoted is run ''; }; diff --git a/nixpkgs/nixos/modules/services/finance/odoo.nix b/nixpkgs/nixos/modules/services/finance/odoo.nix index aa9bd0014d98..45fb9c7c2397 100644 --- a/nixpkgs/nixos/modules/services/finance/odoo.nix +++ b/nixpkgs/nixos/modules/services/finance/odoo.nix @@ -9,7 +9,7 @@ in { options = { services.odoo = { - enable = mkEnableOption (lib.mdDoc "odoo"); + enable = mkEnableOption "odoo, an open source ERP and CRM system"; package = mkPackageOption pkgs "odoo" { }; @@ -17,13 +17,13 @@ in type = with types; listOf package; default = []; example = literalExpression "[ pkgs.odoo_enterprise ]"; - description = lib.mdDoc "Odoo addons."; + description = "Odoo addons."; }; settings = mkOption { type = format.type; default = {}; - description = lib.mdDoc '' + description = '' Odoo configuration settings. For more details see <https://www.odoo.com/documentation/15.0/administration/install/deploy.html> ''; example = literalExpression '' @@ -36,7 +36,7 @@ in domain = mkOption { type = with types; nullOr str; - description = lib.mdDoc "Domain to host Odoo with nginx"; + description = "Domain to host Odoo with nginx"; default = null; }; }; diff --git a/nixpkgs/nixos/modules/services/games/archisteamfarm.nix b/nixpkgs/nixos/modules/services/games/archisteamfarm.nix index 4bb7234f430f..33898f8387e9 100644 --- a/nixpkgs/nixos/modules/services/games/archisteamfarm.nix +++ b/nixpkgs/nixos/modules/services/games/archisteamfarm.nix @@ -31,7 +31,7 @@ in options.services.archisteamfarm = { enable = lib.mkOption { type = lib.types.bool; - description = lib.mdDoc '' + description = '' If enabled, starts the ArchisSteamFarm service. For configuring the SteamGuard token you will need to use the web-ui, which is enabled by default over on 127.0.0.1:1242. You cannot configure ASF in any way outside of nix, since all the config files get wiped on restart and replaced with the programnatically set ones by nix. @@ -43,7 +43,7 @@ in type = lib.types.submodule { options = { enable = lib.mkEnableOption "" // { - description = lib.mdDoc "Whether to start the web-ui. This is the preferred way of configuring things such as the steam guard token."; + description = "Whether to start the web-ui. This is the preferred way of configuring things such as the steam guard token."; }; package = lib.mkPackageOption pkgs [ "ArchiSteamFarm" "ui" ] { @@ -61,7 +61,7 @@ in example = { enable = false; }; - description = lib.mdDoc "The Web-UI hosted on 127.0.0.1:1242."; + description = "The Web-UI hosted on 127.0.0.1:1242."; }; package = lib.mkPackageOption pkgs "ArchiSteamFarm" { @@ -76,14 +76,14 @@ in dataDir = lib.mkOption { type = lib.types.path; default = "/var/lib/archisteamfarm"; - description = lib.mdDoc '' + description = '' The ASF home directory used to store all data. If left as the default value this directory will automatically be created before the ASF server starts, otherwise the sysadmin is responsible for ensuring the directory exists with appropriate ownership and permissions.''; }; settings = lib.mkOption { type = format.type; - description = lib.mdDoc '' + description = '' The ASF.json file, all the options are documented [here](https://github.com/JustArchiNET/ArchiSteamFarm/wiki/Configuration#global-config). Do note that `AutoRestart` and `UpdateChannel` is always to `false` respectively `0` because NixOS takes care of updating everything. `Headless` is also always set to `true` because there is no way to provide inputs via a systemd service. @@ -98,12 +98,12 @@ in ipcPasswordFile = lib.mkOption { type = with lib.types; nullOr path; default = null; - description = lib.mdDoc "Path to a file containing the password. The file must be readable by the `archisteamfarm` user/group."; + description = "Path to a file containing the password. The file must be readable by the `archisteamfarm` user/group."; }; ipcSettings = lib.mkOption { type = format.type; - description = lib.mdDoc '' + description = '' Settings to write to IPC.config. All options can be found [here](https://github.com/JustArchiNET/ArchiSteamFarm/wiki/IPC#custom-configuration). ''; @@ -124,13 +124,13 @@ in options = { username = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "Name of the user to log in. Default is attribute name."; + description = "Name of the user to log in. Default is attribute name."; default = ""; }; passwordFile = lib.mkOption { type = with lib.types; nullOr path; default = null; - description = lib.mdDoc '' + description = '' Path to a file containing the password. The file must be readable by the `archisteamfarm` user/group. Omit or set to null to provide the password a different way, such as through the web-ui. ''; @@ -138,18 +138,18 @@ in enabled = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc "Whether to enable the bot on startup."; + description = "Whether to enable the bot on startup."; }; settings = lib.mkOption { type = lib.types.attrs; - description = lib.mdDoc '' + description = '' Additional settings that are documented [here](https://github.com/JustArchiNET/ArchiSteamFarm/wiki/Configuration#bot-config). ''; default = { }; }; }; }); - description = lib.mdDoc '' + description = '' Bots name and configuration. ''; example = { @@ -255,7 +255,7 @@ in ln -fs ${ipc-config} config/IPC.config ''} - ${lib.optionalString (cfg.ipcSettings != {}) '' + ${lib.optionalString (cfg.bots != {}) '' ln -fs ${createBotsScript}/* config/ ''} diff --git a/nixpkgs/nixos/modules/services/games/armagetronad.nix b/nixpkgs/nixos/modules/services/games/armagetronad.nix index f79818e0e53b..71c8528a9f6e 100644 --- a/nixpkgs/nixos/modules/services/games/armagetronad.nix +++ b/nixpkgs/nixos/modules/services/games/armagetronad.nix @@ -30,11 +30,11 @@ in options = { services.armagetronad = { servers = mkOption { - description = lib.mdDoc "Armagetron server definitions."; + description = "Armagetron server definitions."; default = { }; type = types.attrsOf (types.submodule { options = { - enable = mkEnableOption (lib.mdDoc "armagetronad"); + enable = mkEnableOption "armagetronad"; package = lib.mkPackageOptionMD pkgs "armagetronad-dedicated" { example = '' @@ -48,25 +48,25 @@ in host = mkOption { type = types.str; default = "0.0.0.0"; - description = lib.mdDoc "Host to listen on. Used for SERVER_IP."; + description = "Host to listen on. Used for SERVER_IP."; }; port = mkOption { type = types.port; default = 4534; - description = lib.mdDoc "Port to listen on. Used for SERVER_PORT."; + description = "Port to listen on. Used for SERVER_PORT."; }; dns = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "DNS address to use for this server. Optional."; + description = "DNS address to use for this server. Optional."; }; openFirewall = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Set to true to open the configured UDP port for Armagetron Advanced."; + description = "Set to true to open the configured UDP port for Armagetron Advanced."; }; name = mkOption { @@ -77,7 +77,7 @@ in settings = mkOption { type = settingsFormat.type; default = { }; - description = lib.mdDoc '' + description = '' Armagetron Advanced server rules configuration. Refer to: <https://wiki.armagetronad.org/index.php?title=Console_Commands> or `armagetronad-dedicated --doc` for a list. @@ -95,7 +95,7 @@ in roundSettings = mkOption { type = settingsFormat.type; default = { }; - description = lib.mdDoc '' + description = '' Armagetron Advanced server per-round configuration. Refer to: <https://wiki.armagetronad.org/index.php?title=Console_Commands> or `armagetronad-dedicated --doc` for a list. diff --git a/nixpkgs/nixos/modules/services/games/crossfire-server.nix b/nixpkgs/nixos/modules/services/games/crossfire-server.nix index b19a86253cb4..314b4bad9a29 100644 --- a/nixpkgs/nixos/modules/services/games/crossfire-server.nix +++ b/nixpkgs/nixos/modules/services/games/crossfire-server.nix @@ -10,7 +10,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' If enabled, the Crossfire game server will be started at boot. ''; }; @@ -27,7 +27,7 @@ in { type = types.str; default = "${cfg.package}/share/crossfire"; defaultText = literalExpression ''"''${config.services.crossfire.package}/share/crossfire"''; - description = lib.mdDoc '' + description = '' Where to load readonly data from -- maps, archetypes, treasure tables, and the like. If you plan to edit the data on the live server (rather than overlaying the crossfire-maps and crossfire-arch packages and @@ -39,7 +39,7 @@ in { stateDir = mkOption { type = types.str; default = "/var/lib/crossfire"; - description = lib.mdDoc '' + description = '' Where to store runtime data (save files, persistent items, etc). If left at the default, this will be automatically created on server @@ -52,14 +52,14 @@ in { openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to open ports in the firewall for the server. ''; }; configFiles = mkOption { type = types.attrsOf types.str; - description = lib.mdDoc '' + description = '' Text to append to the corresponding configuration files. Note that the files given in the example are *not* the complete set of files available to customize; look in /etc/crossfire after enabling the server to see diff --git a/nixpkgs/nixos/modules/services/games/deliantra-server.nix b/nixpkgs/nixos/modules/services/games/deliantra-server.nix index b405f338fe3d..401a453ba932 100644 --- a/nixpkgs/nixos/modules/services/games/deliantra-server.nix +++ b/nixpkgs/nixos/modules/services/games/deliantra-server.nix @@ -10,7 +10,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' If enabled, the Deliantra game server will be started at boot. ''; }; @@ -27,7 +27,7 @@ in { type = types.str; default = "${pkgs.deliantra-data}"; defaultText = literalExpression ''"''${pkgs.deliantra-data}"''; - description = lib.mdDoc '' + description = '' Where to store readonly data (maps, archetypes, sprites, etc). Note that if you plan to use the live map editor (rather than editing the maps offline and then nixos-rebuilding), THIS MUST BE WRITEABLE -- @@ -39,7 +39,7 @@ in { stateDir = mkOption { type = types.str; default = "/var/lib/deliantra"; - description = lib.mdDoc '' + description = '' Where to store runtime data (save files, persistent items, etc). If left at the default, this will be automatically created on server @@ -52,14 +52,14 @@ in { openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to open ports in the firewall for the server. ''; }; configFiles = mkOption { type = types.attrsOf types.str; - description = lib.mdDoc '' + description = '' Contents of the server configuration files. These will be appended to the example configurations the server comes with and overwrite any default settings defined therein. diff --git a/nixpkgs/nixos/modules/services/games/factorio.nix b/nixpkgs/nixos/modules/services/games/factorio.nix index 14bb80c2d112..3dce60163a0e 100644 --- a/nixpkgs/nixos/modules/services/games/factorio.nix +++ b/nixpkgs/nixos/modules/services/games/factorio.nix @@ -45,11 +45,11 @@ in { options = { services.factorio = { - enable = mkEnableOption (lib.mdDoc name); + enable = mkEnableOption name; port = mkOption { type = types.port; default = 34197; - description = lib.mdDoc '' + description = '' The port to which the service should bind. ''; }; @@ -57,7 +57,7 @@ in bind = mkOption { type = types.str; default = "0.0.0.0"; - description = lib.mdDoc '' + description = '' The address to which the service should bind. ''; }; @@ -66,7 +66,7 @@ in type = types.listOf types.str; default = []; example = [ "username" ]; - description = lib.mdDoc '' + description = '' List of player names which will be admin. ''; }; @@ -74,14 +74,14 @@ in openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to automatically open the specified UDP port in the firewall. ''; }; saveName = mkOption { type = types.str; default = "default"; - description = lib.mdDoc '' + description = '' The name of the savegame that will be used by the server. When not present in /var/lib/''${config.services.factorio.stateDirName}/saves, @@ -91,7 +91,7 @@ in loadLatestSave = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Load the latest savegame on startup. This overrides saveName, in that the latest save will always be used even if a saved game of the given name exists. It still controls the 'canonical' name of the savegame. @@ -108,7 +108,7 @@ in type = types.path; default = configFile; defaultText = literalExpression "configFile"; - description = lib.mdDoc '' + description = '' The server's configuration file. The default file generated by this module contains lines essential to @@ -119,7 +119,7 @@ in extraSettingsFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' File, which is dynamically applied to server-settings.json before startup. @@ -136,7 +136,7 @@ in stateDirName = mkOption { type = types.str; default = "factorio"; - description = lib.mdDoc '' + description = '' Name of the directory under /var/lib holding the server's data. The configuration and map will be stored here. @@ -145,7 +145,7 @@ in mods = mkOption { type = types.listOf types.package; default = []; - description = lib.mdDoc '' + description = '' Mods the server should install and activate. The derivations in this list must "build" the mod by simply copying @@ -157,7 +157,7 @@ in mods-dat = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Mods settings can be changed by specifying a dat file, in the [mod settings file format](https://wiki.factorio.com/Mod_settings_file_format). @@ -166,14 +166,14 @@ in game-name = mkOption { type = types.nullOr types.str; default = "Factorio Game"; - description = lib.mdDoc '' + description = '' Name of the game as it will appear in the game listing. ''; }; description = mkOption { type = types.nullOr types.str; default = ""; - description = lib.mdDoc '' + description = '' Description of the game that will appear in the listing. ''; }; @@ -181,28 +181,28 @@ in type = types.attrs; default = {}; example = { admins = [ "username" ];}; - description = lib.mdDoc '' + description = '' Extra game configuration that will go into server-settings.json ''; }; public = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Game will be published on the official Factorio matching server. ''; }; lan = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Game will be broadcast on LAN. ''; }; username = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Your factorio.com login credentials. Required for games with visibility public. This option is insecure. Use extraSettingsFile instead. @@ -214,7 +214,7 @@ in password = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Your factorio.com login credentials. Required for games with visibility public. This option is insecure. Use extraSettingsFile instead. @@ -223,14 +223,14 @@ in token = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Authentication token. May be used instead of 'password' above. ''; }; game-password = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Game password. This option is insecure. Use extraSettingsFile instead. @@ -239,7 +239,7 @@ in requireUserVerification = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' When set to true, the server will only allow clients that have a valid factorio.com account. ''; }; @@ -247,14 +247,14 @@ in type = types.nullOr types.int; default = null; example = 10; - description = lib.mdDoc '' + description = '' Autosave interval in minutes. ''; }; nonBlockingSaving = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Highly experimental feature, enable only at your own risk of losing your saves. On UNIX systems, server will fork itself to create an autosave. Autosaving on connected Windows clients will be disabled regardless of autosave_only_on_server option. diff --git a/nixpkgs/nixos/modules/services/games/freeciv.nix b/nixpkgs/nixos/modules/services/games/freeciv.nix index bba27ae4cb5f..e4c05af3caba 100644 --- a/nixpkgs/nixos/modules/services/games/freeciv.nix +++ b/nixpkgs/nixos/modules/services/games/freeciv.nix @@ -25,9 +25,9 @@ in { options = { services.freeciv = { - enable = mkEnableOption (lib.mdDoc ''freeciv''); + enable = mkEnableOption ''freeciv''; settings = mkOption { - description = lib.mdDoc '' + description = '' Parameters of freeciv-server. ''; default = {}; @@ -36,9 +36,9 @@ in options.Announce = mkOption { type = types.enum ["IPv4" "IPv6" "none"]; default = "none"; - description = lib.mdDoc "Announce game in LAN using given protocol."; + description = "Announce game in LAN using given protocol."; }; - options.auth = mkEnableOption (lib.mdDoc "server authentication"); + options.auth = mkEnableOption "server authentication"; options.Database = mkOption { type = types.nullOr types.str; apply = pkgs.writeText "auth.conf"; @@ -47,25 +47,25 @@ in backend="sqlite" database="/var/lib/freeciv/auth.sqlite" ''; - description = lib.mdDoc "Enable database connection with given configuration."; + description = "Enable database connection with given configuration."; }; options.debug = mkOption { type = types.ints.between 0 3; default = 0; - description = lib.mdDoc "Set debug log level."; + description = "Set debug log level."; }; - options.exit-on-end = mkEnableOption (lib.mdDoc "exit instead of restarting when a game ends"); - options.Guests = mkEnableOption (lib.mdDoc "guests to login if auth is enabled"); - options.Newusers = mkEnableOption (lib.mdDoc "new users to login if auth is enabled"); + options.exit-on-end = mkEnableOption "exit instead of restarting when a game ends"; + options.Guests = mkEnableOption "guests to login if auth is enabled"; + options.Newusers = mkEnableOption "new users to login if auth is enabled"; options.port = mkOption { type = types.port; default = 5556; - description = lib.mdDoc "Listen for clients on given port"; + description = "Listen for clients on given port"; }; options.quitidle = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc "Quit if no players for given time in seconds."; + description = "Quit if no players for given time in seconds."; }; options.read = mkOption { type = types.lines; @@ -73,12 +73,12 @@ in default = '' /fcdb lua sqlite_createdb() ''; - description = lib.mdDoc "Startup script."; + description = "Startup script."; }; options.saves = mkOption { type = types.nullOr types.str; default = "/var/lib/freeciv/saves/"; - description = lib.mdDoc '' + description = '' Save games to given directory, a sub-directory named after the starting date of the service will me inserted to preserve older saves. @@ -86,7 +86,7 @@ in }; }; }; - openFirewall = mkEnableOption (lib.mdDoc "opening the firewall for the port listening for clients"); + openFirewall = mkEnableOption "opening the firewall for the port listening for clients"; }; }; config = mkIf cfg.enable { diff --git a/nixpkgs/nixos/modules/services/games/mchprs.nix b/nixpkgs/nixos/modules/services/games/mchprs.nix index 71e546049c58..50db7cf66bb5 100644 --- a/nixpkgs/nixos/modules/services/games/mchprs.nix +++ b/nixpkgs/nixos/modules/services/games/mchprs.nix @@ -22,12 +22,12 @@ in { options = { services.mchprs = { - enable = mkEnableOption "MCHPRS"; + enable = mkEnableOption "MCHPRS, a Minecraft server"; declarativeSettings = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Whether to use a declarative configuration for MCHPRS. ''; }; @@ -35,7 +35,7 @@ in declarativeWhitelist = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Whether to use a declarative whitelist. The options {option}`services.mchprs.whitelist.list` will be applied if and only if set to `true`. @@ -45,7 +45,7 @@ in dataDir = mkOption { type = types.path; default = "/var/lib/mchprs"; - description = mdDoc '' + description = '' Directory to store MCHPRS database and other state/data files. ''; }; @@ -53,7 +53,7 @@ in openFirewall = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Whether to open ports in the firewall for the server. Only has effect when {option}`services.mchprs.declarativeSettings` is `true`. @@ -64,7 +64,7 @@ in type = types.str; default = "infinity"; example = "7d"; - description = mdDoc '' + description = '' Automatically restart the server after {option}`services.mchprs.maxRuntime`. The time span format is described here: @@ -83,7 +83,7 @@ in port = mkOption { type = types.port; default = 25565; - description = mdDoc '' + description = '' Port for the server. Only has effect when {option}`services.mchprs.declarativeSettings` is `true`. @@ -93,7 +93,7 @@ in address = mkOption { type = types.str; default = "0.0.0.0"; - description = mdDoc '' + description = '' Address for the server. Please use enclosing square brackets when using ipv6. Only has effect when @@ -104,7 +104,7 @@ in motd = mkOption { type = types.str; default = "Minecraft High Performance Redstone Server"; - description = mdDoc '' + description = '' Message of the day. Only has effect when {option}`services.mchprs.declarativeSettings` is `true`. @@ -114,7 +114,7 @@ in chat_format = mkOption { type = types.str; default = "<{username}> {message}"; - description = mdDoc '' + description = '' How to format chat message interpolating `username` and `message` with curly braces. Only has effect when @@ -125,7 +125,7 @@ in max_players = mkOption { type = types.ints.positive; default = 99999; - description = mdDoc '' + description = '' Maximum number of simultaneous players. Only has effect when {option}`services.mchprs.declarativeSettings` is `true`. @@ -135,7 +135,7 @@ in view_distance = mkOption { type = types.ints.positive; default = 8; - description = mdDoc '' + description = '' Maximal distance (in chunks) between players and loaded chunks. Only has effect when {option}`services.mchprs.declarativeSettings` is `true`. @@ -145,7 +145,7 @@ in bungeecord = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Enable compatibility with [BungeeCord](https://github.com/SpigotMC/BungeeCord). Only has effect when @@ -156,7 +156,7 @@ in schemati = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Mimic the verification and directory layout used by the Open Redstone Engineers [Schemati plugin](https://github.com/OpenRedstoneEngineers/Schemati). @@ -168,7 +168,7 @@ in block_in_hitbox = mkOption { type = types.bool; default = true; - description = mdDoc '' + description = '' Allow placing blocks inside of players (hitbox logic is simplified). Only has effect when @@ -179,7 +179,7 @@ in auto_redpiler = mkOption { type = types.bool; default = true; - description = mdDoc '' + description = '' Use redpiler automatically. Only has effect when {option}`services.mchprs.declarativeSettings` is `true`. @@ -189,7 +189,7 @@ in }; default = { }; - description = mdDoc '' + description = '' Configuration for MCHPRS via `Config.toml`. See https://github.com/MCHPR/MCHPRS/blob/master/README.md for documentation. ''; @@ -199,7 +199,7 @@ in enable = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Whether or not the whitelist (in `whitelist.json`) shoud be enabled. Only has effect when {option}`services.mchprs.declarativeSettings` is `true`. ''; @@ -221,7 +221,7 @@ in username2 = "yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy"; }; ''; - description = mdDoc '' + description = '' Whitelisted players, only has an effect when {option}`services.mchprs.declarativeWhitelist` is `true` and the whitelist is enabled diff --git a/nixpkgs/nixos/modules/services/games/minecraft-server.nix b/nixpkgs/nixos/modules/services/games/minecraft-server.nix index 116fc533dfd8..00af8dce6603 100644 --- a/nixpkgs/nixos/modules/services/games/minecraft-server.nix +++ b/nixpkgs/nixos/modules/services/games/minecraft-server.nix @@ -54,7 +54,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' If enabled, start a Minecraft Server. The server data will be loaded from and saved to {option}`services.minecraft-server.dataDir`. @@ -64,7 +64,7 @@ in { declarative = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to use a declarative Minecraft server configuration. Only if set to `true`, the options {option}`services.minecraft-server.whitelist` and @@ -76,7 +76,7 @@ in { eula = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether you agree to [ Mojangs EULA](https://account.mojang.com/documents/minecraft_eula). This option must be set to @@ -87,7 +87,7 @@ in { dataDir = mkOption { type = types.path; default = "/var/lib/minecraft"; - description = lib.mdDoc '' + description = '' Directory to store Minecraft database and other state/data files. ''; }; @@ -95,7 +95,7 @@ in { openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to open ports in the firewall for the server. ''; }; @@ -108,7 +108,7 @@ in { }; in types.attrsOf minecraftUUID; default = {}; - description = lib.mdDoc '' + description = '' Whitelisted players, only has an effect when {option}`services.minecraft-server.declarative` is `true` and the whitelist is enabled @@ -141,7 +141,7 @@ in { "rcon.password" = "hunter2"; } ''; - description = lib.mdDoc '' + description = '' Minecraft server properties for the server.properties file. Only has an effect when {option}`services.minecraft-server.declarative` is set to `true`. See @@ -161,7 +161,7 @@ in { example = "-Xms4092M -Xmx4092M -XX:+UseG1GC -XX:+CMSIncrementalPacing " + "-XX:+CMSClassUnloadingEnabled -XX:ParallelGCThreads=2 " + "-XX:MinHeapFreeRatio=5 -XX:MaxHeapFreeRatio=10"; - description = lib.mdDoc "JVM options for the Minecraft server."; + description = "JVM options for the Minecraft server."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/games/minetest-server.nix b/nixpkgs/nixos/modules/services/games/minetest-server.nix index 8dc360153497..7fa687d2c7ed 100644 --- a/nixpkgs/nixos/modules/services/games/minetest-server.nix +++ b/nixpkgs/nixos/modules/services/games/minetest-server.nix @@ -56,13 +56,13 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "If enabled, starts a Minetest Server."; + description = "If enabled, starts a Minetest Server."; }; gameId = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Id of the game to use. To list available games run `minetestserver --gameid list`. @@ -73,7 +73,7 @@ in world = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Name of the world to use. To list available worlds run `minetestserver --world list`. @@ -84,7 +84,7 @@ in configPath = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Path to the config to use. If set to null, the config of the running user will be used: @@ -95,7 +95,7 @@ in config = mkOption { type = types.attrsOf types.anything; default = {}; - description = lib.mdDoc '' + description = '' Settings to add to the minetest config file. This option is ignored if `configPath` is set. @@ -105,7 +105,7 @@ in logPath = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Path to logfile for logging. If set to null, logging will be output to stdout which means @@ -116,7 +116,7 @@ in port = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' Port number to bind to. If set to null, the default 30000 will be used. @@ -126,7 +126,7 @@ in extraArgs = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' Additional command line flags to pass to the minetest executable. ''; }; diff --git a/nixpkgs/nixos/modules/services/games/openarena.nix b/nixpkgs/nixos/modules/services/games/openarena.nix index 14e485b06a0d..a80c427dba5f 100644 --- a/nixpkgs/nixos/modules/services/games/openarena.nix +++ b/nixpkgs/nixos/modules/services/games/openarena.nix @@ -7,19 +7,19 @@ in { options = { services.openarena = { - enable = mkEnableOption (lib.mdDoc "OpenArena"); + enable = mkEnableOption "OpenArena game server"; package = lib.mkPackageOption pkgs "openarena" { }; openPorts = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to open firewall ports for OpenArena"; + description = "Whether to open firewall ports for OpenArena"; }; extraFlags = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc "Extra flags to pass to {command}`oa_ded`"; + description = "Extra flags to pass to {command}`oa_ded`"; example = [ "+set dedicated 2" "+set sv_hostname 'My NixOS OpenArena Server'" diff --git a/nixpkgs/nixos/modules/services/games/quake3-server.nix b/nixpkgs/nixos/modules/services/games/quake3-server.nix index 41688d56173b..7b1a50c313f4 100644 --- a/nixpkgs/nixos/modules/services/games/quake3-server.nix +++ b/nixpkgs/nixos/modules/services/games/quake3-server.nix @@ -40,13 +40,13 @@ let in { options = { services.quake3-server = { - enable = mkEnableOption (lib.mdDoc "Quake 3 dedicated server"); + enable = mkEnableOption "Quake 3 dedicated server"; package = lib.mkPackageOption pkgs "ioquake3" { }; port = mkOption { type = types.port; default = 27960; - description = lib.mdDoc '' + description = '' UDP Port the server should listen on. ''; }; @@ -54,7 +54,7 @@ in { openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Open the firewall. ''; }; @@ -66,7 +66,7 @@ in { seta rconPassword "superSecret" // sets RCON password for remote console seta sv_hostname "My Quake 3 server" // name that appears in server list ''; - description = lib.mdDoc '' + description = '' Extra configuration options. Note that options changed via RCON will not be persisted. To list all possible options, use "cvarlist 1" via RCON. ''; @@ -77,7 +77,7 @@ in { default = defaultBaseq3; defaultText = literalMD "Manually downloaded Quake 3 installation directory."; example = "/var/lib/q3ds"; - description = lib.mdDoc '' + description = '' Path to the baseq3 files (pak*.pk3). If this is on the nix store (type = package) all .pk3 files should be saved in the top-level directory. If this is on another filesystem (e.g /var/lib/baseq3) the .pk3 files are searched in $baseq3/.q3a/baseq3/ diff --git a/nixpkgs/nixos/modules/services/games/teeworlds.nix b/nixpkgs/nixos/modules/services/games/teeworlds.nix index 04b611fb3cb1..1958fd414178 100644 --- a/nixpkgs/nixos/modules/services/games/teeworlds.nix +++ b/nixpkgs/nixos/modules/services/games/teeworlds.nix @@ -93,20 +93,20 @@ in { options = { services.teeworlds = { - enable = mkEnableOption (lib.mdDoc "Teeworlds Server"); + enable = mkEnableOption "Teeworlds Server"; package = mkPackageOptionMD pkgs "teeworlds-server" { }; openPorts = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to open firewall ports for Teeworlds."; + description = "Whether to open firewall ports for Teeworlds."; }; name = mkOption { type = types.str; default = "unnamed server"; - description = lib.mdDoc '' + description = '' Name of the server. ''; }; @@ -115,7 +115,7 @@ in type = types.bool; example = true; default = false; - description = lib.mdDoc '' + description = '' Whether the server registers as a public server in the global server list. This is disabled by default for privacy reasons. ''; }; @@ -123,7 +123,7 @@ in motd = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The server's message of the day text. ''; }; @@ -131,7 +131,7 @@ in password = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Password to connect to the server. ''; }; @@ -139,7 +139,7 @@ in rconPassword = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Password to access the remote console. If not set, a randomly generated one is displayed in the server log. ''; }; @@ -147,7 +147,7 @@ in port = mkOption { type = types.port; default = 8303; - description = lib.mdDoc '' + description = '' Port the server will listen on. ''; }; @@ -155,7 +155,7 @@ in extraOptions = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' Extra configuration lines for the {file}`teeworlds.cfg`. See [Teeworlds Documentation](https://www.teeworlds.com/?page=docs&wiki=server_settings). ''; example = [ "sv_map dm1" "sv_gametype dm" ]; @@ -165,7 +165,7 @@ in bindAddr = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The address the server will bind to. ''; }; @@ -173,7 +173,7 @@ in enableHighBandwidth = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable high bandwidth mode on LAN servers. This will double the amount of bandwidth required for running the server. ''; }; @@ -181,7 +181,7 @@ in hostName = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Hostname for the server. ''; }; @@ -190,7 +190,7 @@ in type = types.enum [ "spectator" "spectator/kick" "kick" ]; example = "spectator"; default = "spectator/kick"; - description = lib.mdDoc '' + description = '' Specify what to do when a client goes inactive (see [](#opt-services.teeworlds.server.inactiveTime)). - `spectator`: send the client into spectator mode @@ -204,7 +204,7 @@ in kickInactiveSpectators = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to kick inactive spectators. ''; }; @@ -212,7 +212,7 @@ in inactiveTime = mkOption { type = types.ints.unsigned; default = 3; - description = lib.mdDoc '' + description = '' The amount of minutes a client has to idle before it is considered inactive. ''; }; @@ -220,7 +220,7 @@ in maxClients = mkOption { type = types.ints.unsigned; default = 12; - description = lib.mdDoc '' + description = '' The maximum amount of clients that can be connected to the server at the same time. ''; }; @@ -228,7 +228,7 @@ in maxClientsPerIP = mkOption { type = types.ints.unsigned; default = 12; - description = lib.mdDoc '' + description = '' The maximum amount of clients with the same IP address that can be connected to the server at the same time. ''; }; @@ -236,7 +236,7 @@ in skillLevel = mkOption { type = types.enum [ "casual" "normal" "competitive" ]; default = "normal"; - description = lib.mdDoc '' + description = '' The skill level shown in the server browser. ''; }; @@ -244,7 +244,7 @@ in enableSpamProtection = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable chat spam protection. ''; }; @@ -255,7 +255,7 @@ in type = types.str; example = "ctf"; default = "dm"; - description = lib.mdDoc '' + description = '' The game type to use on the server. The default gametypes are `dm`, `tdm`, `ctf`, `lms`, and `lts`. @@ -266,7 +266,7 @@ in type = types.str; example = "ctf5"; default = "dm1"; - description = lib.mdDoc '' + description = '' The map to use on the server. ''; }; @@ -274,7 +274,7 @@ in swapTeams = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to swap teams each round. ''; }; @@ -282,7 +282,7 @@ in enableReadyMode = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable "ready mode"; where players can pause/unpause the game and start the game in warmup, using their ready state. ''; @@ -291,7 +291,7 @@ in playerSlots = mkOption { type = types.ints.unsigned; default = 8; - description = lib.mdDoc '' + description = '' The amount of slots to reserve for players (as opposed to spectators). ''; }; @@ -299,7 +299,7 @@ in enablePowerups = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to allow powerups such as the ninja. ''; }; @@ -308,7 +308,7 @@ in type = types.ints.unsigned; example = 400; default = 20; - description = lib.mdDoc '' + description = '' The score limit needed to win a round. ''; }; @@ -316,7 +316,7 @@ in restrictSpectators = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to restrict access to information such as health, ammo and armour in spectator mode. ''; }; @@ -324,7 +324,7 @@ in enableTeamDamage = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable team damage; whether to allow team mates to inflict damage on one another. ''; }; @@ -332,7 +332,7 @@ in timeLimit = mkOption { type = types.ints.unsigned; default = 0; - description = lib.mdDoc '' + description = '' Time limit of the game. In cases of equal points, there will be sudden death. Setting this to 0 disables a time limit. ''; @@ -341,7 +341,7 @@ in tournamentMode = mkOption { type = types.enum [ "disable" "enable" "restrictSpectators" ]; default = "disable"; - description = lib.mdDoc '' + description = '' Whether to enable tournament mode. In tournament mode, players join as spectators. If this is set to `restrictSpectators`, tournament mode is enabled but spectator chat is restricted. ''; @@ -350,7 +350,7 @@ in enableVoteKick = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable voting to kick players. ''; }; @@ -358,7 +358,7 @@ in voteKickBanTime = mkOption { type = types.ints.unsigned; default = 5; - description = lib.mdDoc '' + description = '' The amount of minutes that a player is banned for if they get kicked by a vote. ''; }; @@ -366,7 +366,7 @@ in voteKickMinimumPlayers = mkOption { type = types.ints.unsigned; default = 5; - description = lib.mdDoc '' + description = '' The minimum amount of players required to start a kick vote. ''; }; diff --git a/nixpkgs/nixos/modules/services/games/terraria.nix b/nixpkgs/nixos/modules/services/games/terraria.nix index ccdd779165b8..57417b614f71 100644 --- a/nixpkgs/nixos/modules/services/games/terraria.nix +++ b/nixpkgs/nixos/modules/services/games/terraria.nix @@ -36,7 +36,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' If enabled, starts a Terraria server. The server can be connected to via `tmux -S ''${config.${opt.dataDir}}/terraria.sock attach` for administration by users who are a part of the `terraria` group (use `C-b d` shortcut to detach again). ''; @@ -45,7 +45,7 @@ in port = mkOption { type = types.port; default = 7777; - description = lib.mdDoc '' + description = '' Specifies the port to listen on. ''; }; @@ -53,7 +53,7 @@ in maxPlayers = mkOption { type = types.ints.u8; default = 255; - description = lib.mdDoc '' + description = '' Sets the max number of players (between 1 and 255). ''; }; @@ -61,7 +61,7 @@ in password = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Sets the server password. Leave `null` for no password. ''; }; @@ -69,7 +69,7 @@ in messageOfTheDay = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Set the server message of the day text. ''; }; @@ -77,7 +77,7 @@ in worldPath = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' The path to the world file (`.wld`) which should be loaded. If no world exists at this path, one will be created with the size specified by `autoCreatedWorldSize`. @@ -87,7 +87,7 @@ in autoCreatedWorldSize = mkOption { type = types.enum [ "small" "medium" "large" ]; default = "medium"; - description = lib.mdDoc '' + description = '' Specifies the size of the auto-created world if `worldPath` does not point to an existing world. ''; @@ -96,7 +96,7 @@ in banListPath = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' The path to the ban list. ''; }; @@ -104,26 +104,26 @@ in secure = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Adds additional cheat protection to the server."; + description = "Adds additional cheat protection to the server."; }; noUPnP = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Disables automatic Universal Plug and Play."; + description = "Disables automatic Universal Plug and Play."; }; openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to open ports in the firewall"; + description = "Whether to open ports in the firewall"; }; dataDir = mkOption { type = types.str; default = "/var/lib/terraria"; example = "/srv/terraria"; - description = lib.mdDoc "Path to variable state data directory for terraria."; + description = "Path to variable state data directory for terraria."; }; }; }; @@ -148,16 +148,13 @@ in serviceConfig = { User = "terraria"; + Group = "terraria"; Type = "forking"; GuessMainPID = true; + UMask = 007; ExecStart = "${getBin pkgs.tmux}/bin/tmux -S ${cfg.dataDir}/terraria.sock new -d ${pkgs.terraria-server}/bin/TerrariaServer ${concatStringsSep " " flags}"; ExecStop = "${stopScript} $MAINPID"; }; - - postStart = '' - ${pkgs.coreutils}/bin/chmod 660 ${cfg.dataDir}/terraria.sock - ${pkgs.coreutils}/bin/chgrp terraria ${cfg.dataDir}/terraria.sock - ''; }; networking.firewall = mkIf cfg.openFirewall { diff --git a/nixpkgs/nixos/modules/services/games/xonotic.nix b/nixpkgs/nixos/modules/services/games/xonotic.nix index c84347ddc981..2b79e1183806 100644 --- a/nixpkgs/nixos/modules/services/games/xonotic.nix +++ b/nixpkgs/nixos/modules/services/games/xonotic.nix @@ -36,14 +36,14 @@ in { options.services.xonotic = { - enable = lib.mkEnableOption (lib.mdDoc "Xonotic dedicated server"); + enable = lib.mkEnableOption "Xonotic dedicated server"; package = lib.mkPackageOption pkgs "xonotic-dedicated" {}; openFirewall = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Open the firewall for TCP and UDP on the specified port. ''; }; @@ -52,13 +52,13 @@ in type = lib.types.path; readOnly = true; default = "/var/lib/xonotic"; - description = lib.mdDoc '' + description = '' Data directory. ''; }; settings = lib.mkOption { - description = lib.mdDoc '' + description = '' Generates the `server.cfg` file. Refer to [upstream's example][0] for details. @@ -75,7 +75,7 @@ in type = lib.types.int; default = 0; example = [ (-1) 1 ]; - description = lib.mdDoc '' + description = '' Controls whether the server will be publicly listed. ''; }; @@ -83,7 +83,7 @@ in options.hostname = lib.mkOption { type = lib.types.singleLineStr; default = "Xonotic $g_xonoticversion Server"; - description = lib.mdDoc '' + description = '' The name that will appear in the server list. `$g_xonoticversion` gets replaced with the current version. ''; @@ -92,7 +92,7 @@ in options.sv_motd = lib.mkOption { type = lib.types.singleLineStr; default = ""; - description = lib.mdDoc '' + description = '' Text displayed when players join the server. ''; }; @@ -100,7 +100,7 @@ in options.sv_termsofservice_url = lib.mkOption { type = lib.types.singleLineStr; default = ""; - description = lib.mdDoc '' + description = '' URL for the Terms of Service for playing on your server. ''; }; @@ -108,7 +108,7 @@ in options.maxplayers = lib.mkOption { type = lib.types.int; default = 16; - description = lib.mdDoc '' + description = '' Number of player slots on the server, including spectators. ''; }; @@ -116,7 +116,7 @@ in options.net_address = lib.mkOption { type = lib.types.singleLineStr; default = "0.0.0.0"; - description = lib.mdDoc '' + description = '' The address Xonotic will listen on. ''; }; @@ -124,7 +124,7 @@ in options.port = lib.mkOption { type = lib.types.port; default = 26000; - description = lib.mdDoc '' + description = '' The port Xonotic will listen on. ''; }; @@ -136,7 +136,7 @@ in appendConfig = lib.mkOption { type = with lib.types; nullOr lines; default = null; - description = lib.mdDoc '' + description = '' Literal text to insert at the end of `server.cfg`. ''; }; @@ -145,7 +145,7 @@ in prependConfig = lib.mkOption { type = with lib.types; nullOr lines; default = null; - description = lib.mdDoc '' + description = '' Literal text to insert at the start of `server.cfg`. ''; }; diff --git a/nixpkgs/nixos/modules/services/hardware/acpid.nix b/nixpkgs/nixos/modules/services/hardware/acpid.nix index 821f4ef205fc..581b6cb40136 100644 --- a/nixpkgs/nixos/modules/services/hardware/acpid.nix +++ b/nixpkgs/nixos/modules/services/hardware/acpid.nix @@ -48,12 +48,12 @@ in services.acpid = { - enable = mkEnableOption (lib.mdDoc "the ACPI daemon"); + enable = mkEnableOption "the ACPI daemon"; logEvents = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Log all event activity."; + description = "Log all event activity."; }; handlers = mkOption { @@ -62,17 +62,17 @@ in event = mkOption { type = types.str; example = literalExpression ''"button/power.*" "button/lid.*" "ac_adapter.*" "button/mute.*" "button/volumedown.*" "cd/play.*" "cd/next.*"''; - description = lib.mdDoc "Event type."; + description = "Event type."; }; action = mkOption { type = types.lines; - description = lib.mdDoc "Shell commands to execute when the event is triggered."; + description = "Shell commands to execute when the event is triggered."; }; }; }); - description = lib.mdDoc '' + description = '' Event handlers. ::: {.note} @@ -104,19 +104,19 @@ in powerEventCommands = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Shell commands to execute on a button/power.* event."; + description = "Shell commands to execute on a button/power.* event."; }; lidEventCommands = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Shell commands to execute on a button/lid.* event."; + description = "Shell commands to execute on a button/lid.* event."; }; acEventCommands = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Shell commands to execute on an ac_adapter.* event."; + description = "Shell commands to execute on an ac_adapter.* event."; }; }; diff --git a/nixpkgs/nixos/modules/services/hardware/actkbd.nix b/nixpkgs/nixos/modules/services/hardware/actkbd.nix index 1718d179bf5e..335e9b2fdf5a 100644 --- a/nixpkgs/nixos/modules/services/hardware/actkbd.nix +++ b/nixpkgs/nixos/modules/services/hardware/actkbd.nix @@ -20,25 +20,25 @@ let keys = mkOption { type = types.listOf types.int; - description = lib.mdDoc "List of keycodes to match."; + description = "List of keycodes to match."; }; events = mkOption { type = types.listOf (types.enum ["key" "rep" "rel"]); default = [ "key" ]; - description = lib.mdDoc "List of events to match."; + description = "List of events to match."; }; attributes = mkOption { type = types.listOf types.str; default = [ "exec" ]; - description = lib.mdDoc "List of attributes."; + description = "List of attributes."; }; command = mkOption { type = types.str; default = ""; - description = lib.mdDoc "What to run."; + description = "What to run."; }; }; @@ -57,7 +57,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the {command}`actkbd` key mapping daemon. Turning this on will start an {command}`actkbd` @@ -78,7 +78,7 @@ in [ { keys = [ 113 ]; events = [ "key" ]; command = "''${pkgs.alsa-utils}/bin/amixer -q set Master toggle"; } ] ''; - description = lib.mdDoc '' + description = '' Key bindings for {command}`actkbd`. See {command}`actkbd` {file}`README` for documentation. @@ -90,7 +90,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Literal contents to append to the end of actkbd configuration file. ''; }; diff --git a/nixpkgs/nixos/modules/services/hardware/argonone.nix b/nixpkgs/nixos/modules/services/hardware/argonone.nix index e67c2625062e..b767388128c8 100644 --- a/nixpkgs/nixos/modules/services/hardware/argonone.nix +++ b/nixpkgs/nixos/modules/services/hardware/argonone.nix @@ -5,12 +5,12 @@ let in { options.services.hardware.argonone = { - enable = lib.mkEnableOption (lib.mdDoc "the driver for Argon One Raspberry Pi case fan and power button"); + enable = lib.mkEnableOption "the driver for Argon One Raspberry Pi case fan and power button"; package = lib.mkOption { type = lib.types.package; default = pkgs.argononed; defaultText = lib.literalExpression "pkgs.argononed"; - description = lib.mdDoc '' + description = '' The package implementing the Argon One driver ''; }; diff --git a/nixpkgs/nixos/modules/services/hardware/asusd.nix b/nixpkgs/nixos/modules/services/hardware/asusd.nix index ff9a751e5be8..2dfe761a2172 100644 --- a/nixpkgs/nixos/modules/services/hardware/asusd.nix +++ b/nixpkgs/nixos/modules/services/hardware/asusd.nix @@ -6,14 +6,14 @@ in { options = { services.asusd = { - enable = lib.mkEnableOption (lib.mdDoc "the asusd service for ASUS ROG laptops"); + enable = lib.mkEnableOption "the asusd service for ASUS ROG laptops"; package = lib.mkPackageOption pkgs "asusctl" { }; enableUserService = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Activate the asusd-user service. ''; }; @@ -21,7 +21,7 @@ in animeConfig = lib.mkOption { type = lib.types.nullOr lib.types.str; default = null; - description = lib.mdDoc '' + description = '' The content of /etc/asusd/anime.ron. See https://asus-linux.org/asusctl/#anime-control. ''; @@ -30,7 +30,7 @@ in asusdConfig = lib.mkOption { type = lib.types.nullOr lib.types.str; default = null; - description = lib.mdDoc '' + description = '' The content of /etc/asusd/asusd.ron. See https://asus-linux.org/asusctl/. ''; @@ -39,7 +39,7 @@ in auraConfig = lib.mkOption { type = lib.types.nullOr lib.types.str; default = null; - description = lib.mdDoc '' + description = '' The content of /etc/asusd/aura.ron. See https://asus-linux.org/asusctl/#led-keyboard-control. ''; @@ -48,7 +48,7 @@ in profileConfig = lib.mkOption { type = lib.types.nullOr lib.types.str; default = null; - description = lib.mdDoc '' + description = '' The content of /etc/asusd/profile.ron. See https://asus-linux.org/asusctl/#profiles. ''; @@ -57,7 +57,7 @@ in fanCurvesConfig = lib.mkOption { type = lib.types.nullOr lib.types.str; default = null; - description = lib.mdDoc '' + description = '' The content of /etc/asusd/fan_curves.ron. See https://asus-linux.org/asusctl/#fan-curves. ''; @@ -66,7 +66,7 @@ in userLedModesConfig = lib.mkOption { type = lib.types.nullOr lib.types.str; default = null; - description = lib.mdDoc '' + description = '' The content of /etc/asusd/asusd-user-ledmodes.ron. See https://asus-linux.org/asusctl/#led-keyboard-control. ''; diff --git a/nixpkgs/nixos/modules/services/hardware/auto-cpufreq.nix b/nixpkgs/nixos/modules/services/hardware/auto-cpufreq.nix index 9c69ba8920f3..f61fa38be175 100644 --- a/nixpkgs/nixos/modules/services/hardware/auto-cpufreq.nix +++ b/nixpkgs/nixos/modules/services/hardware/auto-cpufreq.nix @@ -9,10 +9,10 @@ let in { options = { services.auto-cpufreq = { - enable = mkEnableOption (lib.mdDoc "auto-cpufreq daemon"); + enable = mkEnableOption "auto-cpufreq daemon"; settings = mkOption { - description = lib.mdDoc '' + description = '' Configuration for `auto-cpufreq`. The available options can be found in [the example configuration file](https://github.com/AdnanHodzic/auto-cpufreq/blob/v${pkgs.auto-cpufreq.version}/auto-cpufreq.conf-example). diff --git a/nixpkgs/nixos/modules/services/hardware/auto-epp.nix b/nixpkgs/nixos/modules/services/hardware/auto-epp.nix index 84b6a337d28a..b568dec26f4c 100644 --- a/nixpkgs/nixos/modules/services/hardware/auto-epp.nix +++ b/nixpkgs/nixos/modules/services/hardware/auto-epp.nix @@ -8,7 +8,7 @@ let in { options = { services.auto-epp = { - enable = lib.mkEnableOption (lib.mdDoc "auto-epp for amd active pstate"); + enable = lib.mkEnableOption "auto-epp for amd active pstate"; package = lib.mkPackageOptionMD pkgs "auto-epp" {}; @@ -20,7 +20,7 @@ in { epp_state_for_AC = mkOption { type = types.str; default = "balance_performance"; - description = lib.mdDoc '' + description = '' energy_performance_preference when on plugged in ::: {.note} @@ -33,7 +33,7 @@ in { epp_state_for_BAT = mkOption { type = types.str; default = "power"; - description = lib.mdDoc '' + description = '' `energy_performance_preference` when on battery ::: {.note} @@ -46,7 +46,7 @@ in { }; }; default = {}; - description = lib.mdDoc '' + description = '' Settings for the auto-epp application. See upstream example: <https://github.com/jothi-prasath/auto-epp/blob/master/sample-auto-epp.conf> ''; diff --git a/nixpkgs/nixos/modules/services/hardware/bluetooth.nix b/nixpkgs/nixos/modules/services/hardware/bluetooth.nix index 51ec12f96537..a73cc970576a 100644 --- a/nixpkgs/nixos/modules/services/hardware/bluetooth.nix +++ b/nixpkgs/nixos/modules/services/hardware/bluetooth.nix @@ -36,14 +36,14 @@ in options = { hardware.bluetooth = { - enable = mkEnableOption (lib.mdDoc "support for Bluetooth"); + enable = mkEnableOption "support for Bluetooth"; - hsphfpd.enable = mkEnableOption (lib.mdDoc "support for hsphfpd[-prototype] implementation"); + hsphfpd.enable = mkEnableOption "support for hsphfpd[-prototype] implementation"; powerOnBoot = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to power up the default Bluetooth controller on boot."; + description = "Whether to power up the default Bluetooth controller on boot."; }; package = mkPackageOption pkgs "bluez" { }; @@ -51,7 +51,7 @@ in disabledPlugins = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc "Built-in plugins to disable"; + description = "Built-in plugins to disable"; }; settings = mkOption { @@ -62,7 +62,7 @@ in ControllerMode = "bredr"; }; }; - description = lib.mdDoc "Set configuration for system-wide bluetooth (/etc/bluetooth/main.conf)."; + description = "Set configuration for system-wide bluetooth (/etc/bluetooth/main.conf)."; }; input = mkOption { @@ -74,7 +74,7 @@ in ClassicBondedOnly = true; }; }; - description = lib.mdDoc "Set configuration for the input service (/etc/bluetooth/input.conf)."; + description = "Set configuration for the input service (/etc/bluetooth/input.conf)."; }; network = mkOption { @@ -85,7 +85,7 @@ in DisableSecurity = true; }; }; - description = lib.mdDoc "Set configuration for the network service (/etc/bluetooth/network.conf)."; + description = "Set configuration for the network service (/etc/bluetooth/network.conf)."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/hardware/bolt.nix b/nixpkgs/nixos/modules/services/hardware/bolt.nix index 3bdf67cc1758..729273f94f12 100644 --- a/nixpkgs/nixos/modules/services/hardware/bolt.nix +++ b/nixpkgs/nixos/modules/services/hardware/bolt.nix @@ -11,7 +11,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable Bolt, a userspace daemon to enable security levels for Thunderbolt 3 on GNU/Linux. diff --git a/nixpkgs/nixos/modules/services/hardware/brltty.nix b/nixpkgs/nixos/modules/services/hardware/brltty.nix index f96760e92c57..bdec5d79be96 100644 --- a/nixpkgs/nixos/modules/services/hardware/brltty.nix +++ b/nixpkgs/nixos/modules/services/hardware/brltty.nix @@ -25,7 +25,7 @@ in { services.brltty.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the BRLTTY daemon."; + description = "Whether to enable the BRLTTY daemon."; }; }; diff --git a/nixpkgs/nixos/modules/services/hardware/ddccontrol.nix b/nixpkgs/nixos/modules/services/hardware/ddccontrol.nix index 0f1e8bf0d26c..f0b5a9c81960 100644 --- a/nixpkgs/nixos/modules/services/hardware/ddccontrol.nix +++ b/nixpkgs/nixos/modules/services/hardware/ddccontrol.nix @@ -13,7 +13,7 @@ in options = { services.ddccontrol = { - enable = lib.mkEnableOption (lib.mdDoc "ddccontrol for controlling displays"); + enable = lib.mkEnableOption "ddccontrol for controlling displays"; }; }; diff --git a/nixpkgs/nixos/modules/services/hardware/fancontrol.nix b/nixpkgs/nixos/modules/services/hardware/fancontrol.nix index 993c37b2364f..f9fc8593f852 100644 --- a/nixpkgs/nixos/modules/services/hardware/fancontrol.nix +++ b/nixpkgs/nixos/modules/services/hardware/fancontrol.nix @@ -9,11 +9,11 @@ let in { options.hardware.fancontrol = { - enable = mkEnableOption (lib.mdDoc "software fan control (requires fancontrol.config)"); + enable = mkEnableOption "software fan control (requires fancontrol.config)"; config = mkOption { type = types.lines; - description = lib.mdDoc "Required fancontrol configuration file content. See {manpage}`pwmconfig(8)` from the lm_sensors package."; + description = "Required fancontrol configuration file content. See {manpage}`pwmconfig(8)` from the lm_sensors package."; example = '' # Configuration file generated by pwmconfig INTERVAL=10 diff --git a/nixpkgs/nixos/modules/services/hardware/freefall.nix b/nixpkgs/nixos/modules/services/hardware/freefall.nix index 2985739bc2df..4ac7c54d4d8a 100644 --- a/nixpkgs/nixos/modules/services/hardware/freefall.nix +++ b/nixpkgs/nixos/modules/services/hardware/freefall.nix @@ -13,7 +13,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to protect HP/Dell laptop hard drives (not SSDs) in free fall. ''; }; @@ -23,7 +23,7 @@ in { devices = mkOption { type = types.listOf types.str; default = [ "/dev/sda" ]; - description = lib.mdDoc '' + description = '' Device paths to all internal spinning hard drives. ''; }; diff --git a/nixpkgs/nixos/modules/services/hardware/fwupd.nix b/nixpkgs/nixos/modules/services/hardware/fwupd.nix index c4837ff80ec7..bdbd0ac2440b 100644 --- a/nixpkgs/nixos/modules/services/hardware/fwupd.nix +++ b/nixpkgs/nixos/modules/services/hardware/fwupd.nix @@ -64,7 +64,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable fwupd, a DBus service that allows applications to update firmware. ''; @@ -74,7 +74,7 @@ in { type = types.listOf types.path; default = []; example = literalExpression "[ /etc/nixos/fwupd/myfirmware.pem ]"; - description = lib.mdDoc '' + description = '' Installing a public key allows firmware signed with a matching private key to be recognized as trusted, which may require less authentication to install than for untrusted files. By default trusted firmware can be upgraded (but not downgraded) without the user or administrator password. Only very few keys are installed by default. ''; }; @@ -83,7 +83,7 @@ in { type = with types; listOf str; default = []; example = [ "lvfs-testing" ]; - description = lib.mdDoc '' + description = '' Enables extra remotes in fwupd. See `/etc/fwupd/remotes.d`. ''; }; @@ -98,7 +98,7 @@ in { type = types.listOf types.str; default = []; example = [ "2082b5e0-7a64-478a-b1b2-e3404fab6dad" ]; - description = lib.mdDoc '' + description = '' List of device GUIDs to be disabled. ''; }; @@ -107,7 +107,7 @@ in { type = types.listOf types.str; default = []; example = [ "udev" ]; - description = lib.mdDoc '' + description = '' List of plugins to be disabled. ''; }; @@ -116,7 +116,7 @@ in { type = types.path; default = config.boot.loader.efi.efiSysMountPoint; defaultText = lib.literalExpression "config.boot.loader.efi.efiSysMountPoint"; - description = lib.mdDoc '' + description = '' The EFI system partition (ESP) path used if UDisks is not available or if this partition is not mounted at /boot/efi, /boot, or /efi ''; @@ -126,7 +126,7 @@ in { internal = true; type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Create virtual test devices and remote for validating daemon flows. This is only intended for CI testing and development purposes. ''; @@ -134,7 +134,7 @@ in { }; }; default = {}; - description = lib.mdDoc '' + description = '' Configurations for the fwupd daemon. ''; }; @@ -144,7 +144,7 @@ in { freeformType = format.type.nestedTypes.elemType; }; default = {}; - description = lib.mdDoc '' + description = '' UEFI capsule configurations for the fwupd daemon. ''; }; diff --git a/nixpkgs/nixos/modules/services/hardware/handheld-daemon.nix b/nixpkgs/nixos/modules/services/hardware/handheld-daemon.nix index e8a7a39f441d..6c9d5aa3e22c 100644 --- a/nixpkgs/nixos/modules/services/hardware/handheld-daemon.nix +++ b/nixpkgs/nixos/modules/services/hardware/handheld-daemon.nix @@ -13,7 +13,7 @@ in user = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The user to run Handheld Daemon with. ''; }; diff --git a/nixpkgs/nixos/modules/services/hardware/hddfancontrol.nix b/nixpkgs/nixos/modules/services/hardware/hddfancontrol.nix index 746154e7aa17..e8cab0e22bef 100644 --- a/nixpkgs/nixos/modules/services/hardware/hddfancontrol.nix +++ b/nixpkgs/nixos/modules/services/hardware/hddfancontrol.nix @@ -8,12 +8,12 @@ in { options = { - services.hddfancontrol.enable = lib.mkEnableOption (lib.mdDoc "hddfancontrol daemon"); + services.hddfancontrol.enable = lib.mkEnableOption "hddfancontrol daemon"; services.hddfancontrol.disks = lib.mkOption { type = with types; listOf path; default = []; - description = lib.mdDoc '' + description = '' Drive(s) to get temperature from ''; example = ["/dev/sda"]; @@ -22,7 +22,7 @@ in services.hddfancontrol.pwmPaths = lib.mkOption { type = with types; listOf path; default = []; - description = lib.mdDoc '' + description = '' PWM filepath(s) to control fan speed (under /sys) ''; example = ["/sys/class/hwmon/hwmon2/pwm1"]; @@ -31,7 +31,7 @@ in services.hddfancontrol.smartctl = lib.mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Probe temperature using smartctl instead of hddtemp or hdparm ''; }; @@ -39,7 +39,7 @@ in services.hddfancontrol.extraArgs = lib.mkOption { type = with types; listOf str; default = []; - description = lib.mdDoc '' + description = '' Extra commandline arguments for hddfancontrol ''; example = ["--pwm-start-value=32" diff --git a/nixpkgs/nixos/modules/services/hardware/illum.nix b/nixpkgs/nixos/modules/services/hardware/illum.nix index 46172fb7b53a..7f7a85000234 100644 --- a/nixpkgs/nixos/modules/services/hardware/illum.nix +++ b/nixpkgs/nixos/modules/services/hardware/illum.nix @@ -13,7 +13,7 @@ in { enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Enable illum, a daemon for controlling screen brightness with brightness buttons. ''; }; diff --git a/nixpkgs/nixos/modules/services/hardware/interception-tools.nix b/nixpkgs/nixos/modules/services/hardware/interception-tools.nix index 4f86bd470ea7..e69c05841ee0 100644 --- a/nixpkgs/nixos/modules/services/hardware/interception-tools.nix +++ b/nixpkgs/nixos/modules/services/hardware/interception-tools.nix @@ -9,14 +9,14 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the interception tools service."; + description = "Whether to enable the interception tools service."; }; plugins = mkOption { type = types.listOf types.package; default = [ pkgs.interception-tools-plugins.caps2esc ]; defaultText = literalExpression "[ pkgs.interception-tools-plugins.caps2esc ]"; - description = lib.mdDoc '' + description = '' A list of interception tools plugins that will be made available to use inside the udevmon configuration. ''; @@ -36,7 +36,7 @@ in { EVENTS: EV_KEY: [KEY_X, KEY_Y] ''; - description = lib.mdDoc '' + description = '' String of udevmon YAML configuration, or path to a udevmon YAML configuration file. ''; diff --git a/nixpkgs/nixos/modules/services/hardware/iptsd.nix b/nixpkgs/nixos/modules/services/hardware/iptsd.nix index 8af0a6d6bbe1..3a299c2428df 100644 --- a/nixpkgs/nixos/modules/services/hardware/iptsd.nix +++ b/nixpkgs/nixos/modules/services/hardware/iptsd.nix @@ -6,11 +6,11 @@ let configFile = format.generate "iptsd.conf" cfg.config; in { options.services.iptsd = { - enable = lib.mkEnableOption (lib.mdDoc "the userspace daemon for Intel Precise Touch & Stylus"); + enable = lib.mkEnableOption "the userspace daemon for Intel Precise Touch & Stylus"; config = lib.mkOption { default = { }; - description = lib.mdDoc '' + description = '' Configuration for IPTSD. See the [reference configuration](https://github.com/linux-surface/iptsd/blob/master/etc/iptsd.conf) for available options and defaults. @@ -21,19 +21,19 @@ in { Touch = { DisableOnPalm = lib.mkOption { default = false; - description = lib.mdDoc "Ignore all touch inputs if a palm was registered on the display."; + description = "Ignore all touch inputs if a palm was registered on the display."; type = lib.types.bool; }; DisableOnStylus = lib.mkOption { default = false; - description = lib.mdDoc "Ignore all touch inputs if a stylus is in proximity."; + description = "Ignore all touch inputs if a stylus is in proximity."; type = lib.types.bool; }; }; Stylus = { Disable = lib.mkOption { default = false; - description = lib.mdDoc "Disables the stylus. No stylus data will be processed."; + description = "Disables the stylus. No stylus data will be processed."; type = lib.types.bool; }; }; diff --git a/nixpkgs/nixos/modules/services/hardware/irqbalance.nix b/nixpkgs/nixos/modules/services/hardware/irqbalance.nix index 8ba0a73d895d..c79e0eb83ece 100644 --- a/nixpkgs/nixos/modules/services/hardware/irqbalance.nix +++ b/nixpkgs/nixos/modules/services/hardware/irqbalance.nix @@ -9,7 +9,7 @@ let in { - options.services.irqbalance.enable = mkEnableOption (lib.mdDoc "irqbalance daemon"); + options.services.irqbalance.enable = mkEnableOption "irqbalance daemon"; config = mkIf cfg.enable { diff --git a/nixpkgs/nixos/modules/services/hardware/joycond.nix b/nixpkgs/nixos/modules/services/hardware/joycond.nix index 060303b520e5..106c19243c49 100644 --- a/nixpkgs/nixos/modules/services/hardware/joycond.nix +++ b/nixpkgs/nixos/modules/services/hardware/joycond.nix @@ -8,7 +8,7 @@ with lib; { options.services.joycond = { - enable = mkEnableOption (lib.mdDoc "support for Nintendo Pro Controllers and Joycons"); + enable = mkEnableOption "support for Nintendo Pro Controllers and Joycons"; package = mkPackageOption pkgs "joycond" { }; }; diff --git a/nixpkgs/nixos/modules/services/hardware/kanata.nix b/nixpkgs/nixos/modules/services/hardware/kanata.nix index 05e76d843215..333b2d2a88a5 100644 --- a/nixpkgs/nixos/modules/services/hardware/kanata.nix +++ b/nixpkgs/nixos/modules/services/hardware/kanata.nix @@ -11,7 +11,7 @@ let type = types.listOf types.str; default = [ ]; example = [ "/dev/input/by-id/usb-0000_0000-event-kbd" ]; - description = mdDoc '' + description = '' Paths to keyboard devices. An empty list, the default value, lets kanata detect which @@ -39,7 +39,7 @@ let ;; tap within 100ms for capslk, hold more than 100ms for lctl cap (tap-hold 100 100 caps lctl)) ''; - description = mdDoc '' + description = '' Configuration other than `defcfg`. See [example config files](https://github.com/jtroo/kanata) @@ -50,7 +50,7 @@ let type = types.lines; default = ""; example = "danger-enable-cmd yes"; - description = mdDoc '' + description = '' Configuration of `defcfg` other than `linux-dev` (generated from the devices option) and `linux-continue-if-no-devs-found` (hardcoded to be yes). @@ -62,13 +62,13 @@ let extraArgs = mkOption { type = types.listOf types.str; default = [ ]; - description = mdDoc "Extra command line arguments passed to kanata."; + description = "Extra command line arguments passed to kanata."; }; port = mkOption { type = types.nullOr types.port; default = null; example = 6666; - description = mdDoc '' + description = '' Port to run the TCP server on. `null` will not run the server. ''; }; @@ -151,7 +151,7 @@ let in { options.services.kanata = { - enable = mkEnableOption (mdDoc "kanata"); + enable = mkEnableOption "kanata, a tool to improve keyboard comfort and usability with advanced customization"; package = mkPackageOption pkgs "kanata" { example = "kanata-with-cmd"; extraDescription = '' @@ -164,7 +164,7 @@ in keyboards = mkOption { type = types.attrsOf (types.submodule keyboard); default = { }; - description = mdDoc "Keyboard configurations."; + description = "Keyboard configurations."; }; }; diff --git a/nixpkgs/nixos/modules/services/hardware/keyd.nix b/nixpkgs/nixos/modules/services/hardware/keyd.nix index 77297401a51c..2aee7817c6f3 100644 --- a/nixpkgs/nixos/modules/services/hardware/keyd.nix +++ b/nixpkgs/nixos/modules/services/hardware/keyd.nix @@ -9,7 +9,7 @@ let type = types.listOf types.str; default = [ "*" ]; example = [ "*" "-0123:0456" ]; - description = lib.mdDoc '' + description = '' Device identifiers, as shown by {manpage}`keyd(1)`. ''; }; @@ -30,7 +30,7 @@ let l = "right"; }; }; - description = lib.mdDoc '' + description = '' Configuration, except `ids` section, that is written to {file}`/etc/keyd/<keyboard>.conf`. Appropriate names can be used to write non-alpha keys, for example "equal" instead of "=" sign (see <https://github.com/NixOS/nixpkgs/issues/236622>). See <https://github.com/rvaiya/keyd> how to configure. @@ -44,7 +44,7 @@ let [control+shift] h = left ''; - description = lib.mdDoc '' + description = '' Extra configuration that is appended to the end of the file. **Do not** write `ids` section here, use a separate option for it. You can use this option to define compound layers that must always be defined after the layer they are comprised. @@ -62,7 +62,7 @@ in ]; options.services.keyd = { - enable = mkEnableOption (lib.mdDoc "keyd, a key remapping daemon"); + enable = mkEnableOption "keyd, a key remapping daemon"; keyboards = mkOption { type = types.attrsOf (types.submodule keyboardOptions); @@ -87,7 +87,7 @@ in }; } ''; - description = mdDoc '' + description = '' Configuration for one or more device IDs. Corresponding files in the /etc/keyd/ directory are created according to the name of the keys (like `default` or `externalKeyboard`). ''; }; diff --git a/nixpkgs/nixos/modules/services/hardware/lcd.nix b/nixpkgs/nixos/modules/services/hardware/lcd.nix index 8d682d137f44..d52d5f391911 100644 --- a/nixpkgs/nixos/modules/services/hardware/lcd.nix +++ b/nixpkgs/nixos/modules/services/hardware/lcd.nix @@ -36,32 +36,32 @@ in with lib; { serverHost = mkOption { type = str; default = "localhost"; - description = lib.mdDoc "Host on which LCDd is listening."; + description = "Host on which LCDd is listening."; }; serverPort = mkOption { type = int; default = 13666; - description = lib.mdDoc "Port on which LCDd is listening."; + description = "Port on which LCDd is listening."; }; server = { enable = mkOption { type = bool; default = false; - description = lib.mdDoc "Enable the LCD panel server (LCDd)"; + description = "Enable the LCD panel server (LCDd)"; }; openPorts = mkOption { type = bool; default = false; - description = lib.mdDoc "Open the ports in the firewall"; + description = "Open the ports in the firewall"; }; usbPermissions = mkOption { type = bool; default = false; - description = lib.mdDoc '' + description = '' Set group-write permissions on a USB device. A USB connected LCD panel will most likely require having its @@ -83,25 +83,25 @@ in with lib; { usbVid = mkOption { type = str; default = ""; - description = lib.mdDoc "The vendor ID of the USB device to claim."; + description = "The vendor ID of the USB device to claim."; }; usbPid = mkOption { type = str; default = ""; - description = lib.mdDoc "The product ID of the USB device to claim."; + description = "The product ID of the USB device to claim."; }; usbGroup = mkOption { type = str; default = "dialout"; - description = lib.mdDoc "The group to use for settings permissions. This group must exist or you will have to create it."; + description = "The group to use for settings permissions. This group must exist or you will have to create it."; }; extraConfig = mkOption { type = lines; default = ""; - description = lib.mdDoc "Additional configuration added verbatim to the server config."; + description = "Additional configuration added verbatim to the server config."; }; }; @@ -109,19 +109,19 @@ in with lib; { enable = mkOption { type = bool; default = false; - description = lib.mdDoc "Enable the LCD panel client (LCDproc)"; + description = "Enable the LCD panel client (LCDproc)"; }; extraConfig = mkOption { type = lines; default = ""; - description = lib.mdDoc "Additional configuration added verbatim to the client config."; + description = "Additional configuration added verbatim to the client config."; }; restartForever = mkOption { type = bool; default = true; - description = lib.mdDoc "Try restarting the client forever."; + description = "Try restarting the client forever."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/x11/hardware/libinput.nix b/nixpkgs/nixos/modules/services/hardware/libinput.nix index 0ea21eb1dce3..b8aa59035d33 100644 --- a/nixpkgs/nixos/modules/services/x11/hardware/libinput.nix +++ b/nixpkgs/nixos/modules/services/hardware/libinput.nix @@ -2,7 +2,7 @@ with lib; -let cfg = config.services.xserver.libinput; +let cfg = config.services.libinput; xorgBool = v: if v then "on" else "off"; @@ -11,8 +11,7 @@ let cfg = config.services.xserver.libinput; type = types.nullOr types.str; default = null; example = "/dev/input/event0"; - description = - lib.mdDoc '' + description = '' Path for ${deviceType} device. Set to `null` to apply to any auto-detected ${deviceType}. ''; @@ -22,8 +21,7 @@ let cfg = config.services.xserver.libinput; type = types.enum [ "flat" "adaptive" ]; default = "adaptive"; example = "flat"; - description = - lib.mdDoc '' + description = '' Sets the pointer acceleration profile to the given profile. Permitted values are `adaptive`, `flat`. Not all devices support this option or all profiles. @@ -39,15 +37,14 @@ let cfg = config.services.xserver.libinput; type = types.nullOr types.str; default = null; example = "-0.5"; - description = lib.mdDoc "Cursor acceleration (how fast speed increases from minSpeed to maxSpeed)."; + description = "Cursor acceleration (how fast speed increases from minSpeed to maxSpeed)."; }; buttonMapping = mkOption { type = types.nullOr types.str; default = null; example = "1 6 3 4 5 0 7"; - description = - lib.mdDoc '' + description = '' Sets the logical button mapping for this device, see XSetPointerMapping(3). The string must be a space-separated list of button mappings in the order of the logical buttons on the device, starting with button 1. The default mapping is "1 2 3 ... 32". A mapping of 0 deac‐ @@ -61,8 +58,7 @@ let cfg = config.services.xserver.libinput; type = types.nullOr types.str; default = null; example = "0.5 0 0 0 0.8 0.1 0 0 1"; - description = - lib.mdDoc '' + description = '' A string of 9 space-separated floating point numbers. Sets the calibration matrix to the 3x3 matrix where the first row is (abc), the second row is (def) and the third row is (ghi). ''; @@ -72,8 +68,7 @@ let cfg = config.services.xserver.libinput; type = types.nullOr (types.enum [ "none" "buttonareas" "clickfinger" ]); default = null; example = "buttonareas"; - description = - lib.mdDoc '' + description = '' Enables a click method. Permitted values are `none`, `buttonareas`, `clickfinger`. Not all devices support all methods, if an option is unsupported, @@ -84,14 +79,13 @@ let cfg = config.services.xserver.libinput; leftHanded = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enables left-handed button orientation, i.e. swapping left and right buttons."; + description = "Enables left-handed button orientation, i.e. swapping left and right buttons."; }; middleEmulation = mkOption { type = types.bool; default = true; - description = - lib.mdDoc '' + description = '' Enables middle button emulation. When enabled, pressing the left and right buttons simultaneously produces a middle mouse button click. ''; @@ -100,15 +94,14 @@ let cfg = config.services.xserver.libinput; naturalScrolling = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enables or disables natural scrolling behavior."; + description = "Enables or disables natural scrolling behavior."; }; scrollButton = mkOption { type = types.nullOr types.int; default = null; example = 1; - description = - lib.mdDoc '' + description = '' Designates a button as scroll button. If the ScrollMethod is button and the button is logically held down, x/y axis movement is converted into scroll events. ''; @@ -118,8 +111,7 @@ let cfg = config.services.xserver.libinput; type = types.enum [ "twofinger" "edge" "button" "none" ]; default = "twofinger"; example = "edge"; - description = - lib.mdDoc '' + description = '' Specify the scrolling method: `twofinger`, `edge`, `button`, or `none` ''; @@ -128,8 +120,7 @@ let cfg = config.services.xserver.libinput; horizontalScrolling = mkOption { type = types.bool; default = true; - description = - lib.mdDoc '' + description = '' Enables or disables horizontal scrolling. When disabled, this driver will discard any horizontal scroll events from libinput. This does not disable horizontal scroll events from libinput; it merely discards the horizontal axis from any scroll events. @@ -140,8 +131,7 @@ let cfg = config.services.xserver.libinput; type = types.enum [ "disabled" "enabled" "disabled-on-external-mouse" ]; default = "enabled"; example = "disabled"; - description = - lib.mdDoc '' + description = '' Sets the send events mode to `disabled`, `enabled`, or `disabled-on-external-mouse` ''; @@ -150,8 +140,7 @@ let cfg = config.services.xserver.libinput; tapping = mkOption { type = types.bool; default = true; - description = - lib.mdDoc '' + description = '' Enables or disables tap-to-click behavior. ''; }; @@ -159,7 +148,7 @@ let cfg = config.services.xserver.libinput; tappingButtonMap = mkOption { type = types.nullOr (types.enum [ "lrm" "lmr" ]); default = null; - description = lib.mdDoc '' + description = '' Set the button mapping for 1/2/3-finger taps to left/right/middle or left/middle/right, respectively. ''; }; @@ -167,8 +156,7 @@ let cfg = config.services.xserver.libinput; tappingDragLock = mkOption { type = types.bool; default = true; - description = - lib.mdDoc '' + description = '' Enables or disables drag lock during tapping behavior. When enabled, a finger up during tap- and-drag will not immediately release the button. If the finger is set down again within the timeout, the dragging process continues. @@ -179,7 +167,7 @@ let cfg = config.services.xserver.libinput; type = types.nullOr types.str; default = null; example = "0.5 0 0 0 0.8 0.1 0 0 1"; - description = lib.mdDoc '' + description = '' A string of 9 space-separated floating point numbers. Sets the transformation matrix to the 3x3 matrix where the first row is (abc), the second row is (def) and the third row is (ghi). ''; @@ -188,8 +176,7 @@ let cfg = config.services.xserver.libinput; disableWhileTyping = mkOption { type = types.bool; default = false; - description = - lib.mdDoc '' + description = '' Disable input method while typing. ''; }; @@ -201,7 +188,7 @@ let cfg = config.services.xserver.libinput; '' Option "DragLockButtons" "L1 B1 L2 B2" ''; - description = lib.mdDoc '' + description = '' Additional options for libinput ${deviceType} driver. See {manpage}`libinput(4)` for available options."; @@ -236,7 +223,7 @@ let cfg = config.services.xserver.libinput; in { imports = - (map (option: mkRenamedOptionModule ([ "services" "xserver" "libinput" option ]) [ "services" "xserver" "libinput" "touchpad" option ]) [ + (map (option: mkRenamedOptionModule ([ "services" "xserver" "libinput" option ]) [ "services" "libinput" "touchpad" option ]) [ "accelProfile" "accelSpeed" "buttonMapping" @@ -255,12 +242,16 @@ in { "transformationMatrix" "disableWhileTyping" "additionalOptions" - ]); + ]) ++ [ + (mkRenamedOptionModule [ "services" "xserver" "libinput" "enable" ] [ "services" "libinput" "enable" ]) + (mkRenamedOptionModule [ "services" "xserver" "libinput" "mouse" ] [ "services" "libinput" "mouse" ]) + (mkRenamedOptionModule [ "services" "xserver" "libinput" "touchpad" ] [ "services" "libinput" "touchpad" ]) + ]; options = { - services.xserver.libinput = { - enable = mkEnableOption (lib.mdDoc "libinput") // { + services.libinput = { + enable = mkEnableOption "libinput" // { default = config.services.xserver.enable; defaultText = lib.literalExpression "config.services.xserver.enable"; }; diff --git a/nixpkgs/nixos/modules/services/hardware/lirc.nix b/nixpkgs/nixos/modules/services/hardware/lirc.nix index 5b1a8d10c729..8103dbeb2d48 100644 --- a/nixpkgs/nixos/modules/services/hardware/lirc.nix +++ b/nixpkgs/nixos/modules/services/hardware/lirc.nix @@ -11,7 +11,7 @@ in { options = { services.lirc = { - enable = mkEnableOption (lib.mdDoc "LIRC daemon"); + enable = mkEnableOption "the LIRC daemon, to receive and send infrared signals"; options = mkOption { type = types.lines; @@ -19,18 +19,18 @@ in { [lircd] nodaemon = False ''; - description = lib.mdDoc "LIRC default options described in man:lircd(8) ({file}`lirc_options.conf`)"; + description = "LIRC default options described in man:lircd(8) ({file}`lirc_options.conf`)"; }; configs = mkOption { type = types.listOf types.lines; - description = lib.mdDoc "Configurations for lircd to load, see man:lircd.conf(5) for details ({file}`lircd.conf`)"; + description = "Configurations for lircd to load, see man:lircd.conf(5) for details ({file}`lircd.conf`)"; }; extraArguments = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc "Extra arguments to lircd."; + description = "Extra arguments to lircd."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/hardware/nvidia-container-toolkit-cdi-generator/cdi-generate.nix b/nixpkgs/nixos/modules/services/hardware/nvidia-container-toolkit-cdi-generator/cdi-generate.nix deleted file mode 100644 index 1aaa2d07b9bd..000000000000 --- a/nixpkgs/nixos/modules/services/hardware/nvidia-container-toolkit-cdi-generator/cdi-generate.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ - addDriverRunpath, - glibc, - jq, - lib, - nvidia-container-toolkit, - nvidia-driver, - runtimeShell, - writeScriptBin, -}: -let - mountOptions = { options = ["ro" "nosuid" "nodev" "bind"]; }; - mounts = [ - # FIXME: Making /usr mounts optional - { hostPath = lib.getExe' nvidia-driver "nvidia-cuda-mps-control"; - containerPath = "/usr/bin/nvidia-cuda-mps-control"; } - { hostPath = lib.getExe' nvidia-driver "nvidia-cuda-mps-server"; - containerPath = "/usr/bin/nvidia-cuda-mps-server"; } - { hostPath = lib.getExe' nvidia-driver "nvidia-debugdump"; - containerPath = "/usr/bin/nvidia-debugdump"; } - { hostPath = lib.getExe' nvidia-driver "nvidia-powerd"; - containerPath = "/usr/bin/nvidia-powerd"; } - { hostPath = lib.getExe' nvidia-driver "nvidia-smi"; - containerPath = "/usr/bin/nvidia-smi"; } - { hostPath = lib.getExe' nvidia-container-toolkit "nvidia-ctk"; - containerPath = "/usr/bin/nvidia-ctk"; } - { hostPath = "${lib.getLib glibc}/lib"; - containerPath = "${lib.getLib glibc}/lib"; } - - # FIXME: use closureinfo - { - hostPath = addDriverRunpath.driverLink; - containerPath = addDriverRunpath.driverLink; - } - { hostPath = "${lib.getLib glibc}/lib"; - containerPath = "${lib.getLib glibc}/lib"; } - { hostPath = "${lib.getLib glibc}/lib64"; - containerPath = "${lib.getLib glibc}/lib64"; } - ]; - jqAddMountExpression = ".containerEdits.mounts[.containerEdits.mounts | length] |= . +"; - mountsToJq = lib.concatMap - (mount: - ["${lib.getExe jq} '${jqAddMountExpression} ${builtins.toJSON (mount // mountOptions)}'"]) - mounts; -in -writeScriptBin "nvidia-cdi-generator" -'' -#! ${runtimeShell} - -function cdiGenerate { - ${lib.getExe' nvidia-container-toolkit "nvidia-ctk"} cdi generate \ - --format json \ - --ldconfig-path ${lib.getExe' glibc "ldconfig"} \ - --library-search-path ${lib.getLib nvidia-driver}/lib \ - --nvidia-ctk-path ${lib.getExe' nvidia-container-toolkit "nvidia-ctk"} -} - -cdiGenerate | \ - ${lib.concatStringsSep " | " mountsToJq} > $RUNTIME_DIRECTORY/nvidia-container-toolkit.json -'' diff --git a/nixpkgs/nixos/modules/services/hardware/nvidia-container-toolkit-cdi-generator/default.nix b/nixpkgs/nixos/modules/services/hardware/nvidia-container-toolkit-cdi-generator/default.nix deleted file mode 100644 index b95bdf191fad..000000000000 --- a/nixpkgs/nixos/modules/services/hardware/nvidia-container-toolkit-cdi-generator/default.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - - options = { - - hardware.nvidia-container-toolkit-cdi-generator.enable = lib.mkOption { - default = false; - internal = true; - visible = false; - type = lib.types.bool; - description = lib.mdDoc '' - Enable dynamic CDI configuration for NVidia devices by running - nvidia-container-toolkit on boot. - ''; - }; - - }; - - config = { - - systemd.services.nvidia-container-toolkit-cdi-generator = lib.mkIf config.hardware.nvidia-container-toolkit-cdi-generator.enable { - description = "Container Device Interface (CDI) for Nvidia generator"; - wantedBy = [ "multi-user.target" ]; - after = [ "systemd-udev-settle.service" ]; - serviceConfig = { - RuntimeDirectory = "cdi"; - RemainAfterExit = true; - ExecStart = - let - script = pkgs.callPackage ./cdi-generate.nix { nvidia-driver = config.hardware.nvidia.package; }; - in - lib.getExe script; - Type = "oneshot"; - }; - }; - - }; - -} diff --git a/nixpkgs/nixos/modules/services/hardware/nvidia-container-toolkit/cdi-generate.nix b/nixpkgs/nixos/modules/services/hardware/nvidia-container-toolkit/cdi-generate.nix new file mode 100644 index 000000000000..ca769cc44e5c --- /dev/null +++ b/nixpkgs/nixos/modules/services/hardware/nvidia-container-toolkit/cdi-generate.nix @@ -0,0 +1,35 @@ +{ + glibc, + jq, + lib, + mounts, + nvidia-container-toolkit, + nvidia-driver, + runtimeShell, + writeScriptBin, +}: let + mkMount = {hostPath, containerPath, mountOptions}: { + inherit hostPath containerPath; + options = mountOptions; + }; + jqAddMountExpression = ".containerEdits.mounts[.containerEdits.mounts | length] |= . +"; + allJqMounts = lib.concatMap + (mount: + ["${lib.getExe jq} '${jqAddMountExpression} ${builtins.toJSON (mkMount mount)}'"]) + mounts; +in +writeScriptBin "nvidia-cdi-generator" +'' +#! ${runtimeShell} + +function cdiGenerate { + ${lib.getExe' nvidia-container-toolkit "nvidia-ctk"} cdi generate \ + --format json \ + --ldconfig-path ${lib.getExe' glibc "ldconfig"} \ + --library-search-path ${lib.getLib nvidia-driver}/lib \ + --nvidia-ctk-path ${lib.getExe' nvidia-container-toolkit "nvidia-ctk"} +} + +cdiGenerate | \ + ${lib.concatStringsSep " | " allJqMounts} > $RUNTIME_DIRECTORY/nvidia-container-toolkit.json +'' diff --git a/nixpkgs/nixos/modules/services/hardware/nvidia-container-toolkit/default.nix b/nixpkgs/nixos/modules/services/hardware/nvidia-container-toolkit/default.nix new file mode 100644 index 000000000000..6c6bc667e649 --- /dev/null +++ b/nixpkgs/nixos/modules/services/hardware/nvidia-container-toolkit/default.nix @@ -0,0 +1,127 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + (lib.mkRenamedOptionModule + [ "virtualisation" "containers" "cdi" "dynamic" "nvidia" "enable" ] + [ "hardware" "nvidia-container-toolkit" "enable" ]) + ]; + + options = let + mountType = { + options = { + hostPath = lib.mkOption { + type = lib.types.str; + description = "Host path."; + }; + containerPath = lib.mkOption { + type = lib.types.str; + description = "Container path."; + }; + mountOptions = lib.mkOption { + default = [ "ro" "nosuid" "nodev" "bind" ]; + type = lib.types.listOf lib.types.str; + description = "Mount options."; + }; + }; + }; + in { + + hardware.nvidia-container-toolkit = { + enable = lib.mkOption { + default = false; + type = lib.types.bool; + description = '' + Enable dynamic CDI configuration for NVidia devices by running + nvidia-container-toolkit on boot. + ''; + }; + + mounts = lib.mkOption { + type = lib.types.listOf (lib.types.submodule mountType); + default = []; + description = "Mounts to be added to every container under the Nvidia CDI profile."; + }; + + mount-nvidia-executables = lib.mkOption { + default = true; + type = lib.types.bool; + description = '' + Mount executables nvidia-smi, nvidia-cuda-mps-control, nvidia-cuda-mps-server, + nvidia-debugdump, nvidia-powerd and nvidia-ctk on containers. + ''; + }; + + mount-nvidia-docker-1-directories = lib.mkOption { + default = true; + type = lib.types.bool; + description = '' + Mount nvidia-docker-1 directories on containers: /usr/local/nvidia/lib and + /usr/local/nvidia/lib64. + ''; + }; + }; + + }; + + config = { + + virtualisation.docker.daemon.settings = lib.mkIf + (config.hardware.nvidia-container-toolkit.enable && + (lib.versionAtLeast config.virtualisation.docker.package.version "25")) { + features.cdi = true; + }; + + hardware.nvidia-container-toolkit.mounts = let + nvidia-driver = config.hardware.nvidia.package; + in (lib.mkMerge [ + [{ hostPath = pkgs.addDriverRunpath.driverLink; + containerPath = pkgs.addDriverRunpath.driverLink; } + { hostPath = "${lib.getLib pkgs.glibc}/lib"; + containerPath = "${lib.getLib pkgs.glibc}/lib"; } + { hostPath = "${lib.getLib pkgs.glibc}/lib64"; + containerPath = "${lib.getLib pkgs.glibc}/lib64"; }] + (lib.mkIf config.hardware.nvidia-container-toolkit.mount-nvidia-executables + [{ hostPath = lib.getExe' nvidia-driver "nvidia-cuda-mps-control"; + containerPath = "/usr/bin/nvidia-cuda-mps-control"; } + { hostPath = lib.getExe' nvidia-driver "nvidia-cuda-mps-server"; + containerPath = "/usr/bin/nvidia-cuda-mps-server"; } + { hostPath = lib.getExe' nvidia-driver "nvidia-debugdump"; + containerPath = "/usr/bin/nvidia-debugdump"; } + { hostPath = lib.getExe' nvidia-driver "nvidia-powerd"; + containerPath = "/usr/bin/nvidia-powerd"; } + { hostPath = lib.getExe' nvidia-driver "nvidia-smi"; + containerPath = "/usr/bin/nvidia-smi"; }]) + # nvidia-docker 1.0 uses /usr/local/nvidia/lib{,64} + # e.g. + # - https://gitlab.com/nvidia/container-images/cuda/-/blob/e3ff10eab3a1424fe394899df0e0f8ca5a410f0f/dist/12.3.1/ubi9/base/Dockerfile#L44 + # - https://github.com/NVIDIA/nvidia-docker/blob/01d2c9436620d7dde4672e414698afe6da4a282f/src/nvidia/volumes.go#L104-L173 + (lib.mkIf config.hardware.nvidia-container-toolkit.mount-nvidia-docker-1-directories + [{ hostPath = "${lib.getLib nvidia-driver}/lib"; + containerPath = "/usr/local/nvidia/lib"; } + { hostPath = "${lib.getLib nvidia-driver}/lib"; + containerPath = "/usr/local/nvidia/lib64"; }]) + ]); + + systemd.services.nvidia-container-toolkit-cdi-generator = lib.mkIf config.hardware.nvidia-container-toolkit.enable { + description = "Container Device Interface (CDI) for Nvidia generator"; + wantedBy = [ "multi-user.target" ]; + after = [ "systemd-udev-settle.service" ]; + serviceConfig = { + RuntimeDirectory = "cdi"; + RemainAfterExit = true; + ExecStart = + let + script = pkgs.callPackage ./cdi-generate.nix { + inherit (config.hardware.nvidia-container-toolkit) mounts; + nvidia-driver = config.hardware.nvidia.package; + }; + in + lib.getExe script; + Type = "oneshot"; + }; + }; + + }; + +} diff --git a/nixpkgs/nixos/modules/services/hardware/nvidia-optimus.nix b/nixpkgs/nixos/modules/services/hardware/nvidia-optimus.nix index 5b5273ed7823..d53175052c74 100644 --- a/nixpkgs/nixos/modules/services/hardware/nvidia-optimus.nix +++ b/nixpkgs/nixos/modules/services/hardware/nvidia-optimus.nix @@ -11,7 +11,7 @@ let kernel = config.boot.kernelPackages; in hardware.nvidiaOptimus.disable = lib.mkOption { default = false; type = lib.types.bool; - description = lib.mdDoc '' + description = '' Completely disable the NVIDIA graphics card and use the integrated graphics processor instead. ''; diff --git a/nixpkgs/nixos/modules/services/hardware/openrgb.nix b/nixpkgs/nixos/modules/services/hardware/openrgb.nix index 81b199e50778..6ae5b4e587c6 100644 --- a/nixpkgs/nixos/modules/services/hardware/openrgb.nix +++ b/nixpkgs/nixos/modules/services/hardware/openrgb.nix @@ -6,7 +6,7 @@ let cfg = config.services.hardware.openrgb; in { options.services.hardware.openrgb = { - enable = mkEnableOption (lib.mdDoc "OpenRGB server"); + enable = mkEnableOption "OpenRGB server, for RGB lighting control"; package = mkPackageOption pkgs "openrgb" { }; @@ -20,13 +20,13 @@ in { else if config.hardware.cpu.amd.updateMicrocode then "amd" else null; ''; - description = lib.mdDoc "CPU family of motherboard. Allows for addition motherboard i2c support."; + description = "CPU family of motherboard. Allows for addition motherboard i2c support."; }; server.port = mkOption { type = types.port; default = 6742; - description = lib.mdDoc "Set server port of openrgb."; + description = "Set server port of openrgb."; }; }; diff --git a/nixpkgs/nixos/modules/services/hardware/pcscd.nix b/nixpkgs/nixos/modules/services/hardware/pcscd.nix index 77c2d9b53f03..17bab2c5bf20 100644 --- a/nixpkgs/nixos/modules/services/hardware/pcscd.nix +++ b/nixpkgs/nixos/modules/services/hardware/pcscd.nix @@ -18,13 +18,13 @@ let in { options.services.pcscd = { - enable = mkEnableOption (lib.mdDoc "PCSC-Lite daemon"); + enable = mkEnableOption "PCSC-Lite daemon, to access smart cards using SCard API (PC/SC)"; plugins = mkOption { type = types.listOf types.package; defaultText = literalExpression "[ pkgs.ccid ]"; example = literalExpression "[ pkgs.pcsc-cyberjack ]"; - description = lib.mdDoc "Plugin packages to be used for PCSC-Lite."; + description = "Plugin packages to be used for PCSC-Lite."; }; readerConfig = mkOption { @@ -36,7 +36,7 @@ in LIBPATH /path/to/serial_reader.so CHANNELID 1 ''; - description = lib.mdDoc '' + description = '' Configuration for devices that aren't hotpluggable. See {manpage}`reader.conf(5)` for valid options. @@ -46,7 +46,7 @@ in extraArgs = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc "Extra command line arguments to be passed to the PCSC daemon."; + description = "Extra command line arguments to be passed to the PCSC daemon."; }; }; diff --git a/nixpkgs/nixos/modules/services/hardware/pommed.nix b/nixpkgs/nixos/modules/services/hardware/pommed.nix index a71004c1767c..9cdb2d4d1af8 100644 --- a/nixpkgs/nixos/modules/services/hardware/pommed.nix +++ b/nixpkgs/nixos/modules/services/hardware/pommed.nix @@ -13,7 +13,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to use the pommed tool to handle Apple laptop keyboard hotkeys. ''; @@ -22,7 +22,7 @@ in { configFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' The path to the {file}`pommed.conf` file. Leave to null to use the default config file ({file}`/etc/pommed.conf.mactel`). See the diff --git a/nixpkgs/nixos/modules/services/hardware/power-profiles-daemon.nix b/nixpkgs/nixos/modules/services/hardware/power-profiles-daemon.nix index 1d84bf8ac937..05e5b7a00b42 100644 --- a/nixpkgs/nixos/modules/services/hardware/power-profiles-daemon.nix +++ b/nixpkgs/nixos/modules/services/hardware/power-profiles-daemon.nix @@ -15,7 +15,7 @@ in enable = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable power-profiles-daemon, a DBus daemon that allows changing system behavior based upon user-selected power profiles. ''; diff --git a/nixpkgs/nixos/modules/services/hardware/rasdaemon.nix b/nixpkgs/nixos/modules/services/hardware/rasdaemon.nix index a1334684b7d5..3fe75984b3fb 100644 --- a/nixpkgs/nixos/modules/services/hardware/rasdaemon.nix +++ b/nixpkgs/nixos/modules/services/hardware/rasdaemon.nix @@ -10,18 +10,18 @@ in { options.hardware.rasdaemon = { - enable = mkEnableOption (lib.mdDoc "RAS logging daemon"); + enable = mkEnableOption "RAS logging daemon"; record = mkOption { type = types.bool; default = true; - description = lib.mdDoc "record events via sqlite3, required for ras-mc-ctl"; + description = "record events via sqlite3, required for ras-mc-ctl"; }; mainboard = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Custom mainboard description, see {manpage}`ras-mc-ctl(8)` for more details."; + description = "Custom mainboard description, see {manpage}`ras-mc-ctl(8)` for more details."; example = '' vendor = ASRock model = B450M Pro4 @@ -40,7 +40,7 @@ in labels = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Additional memory module label descriptions to be placed in /etc/ras/dimm_labels.d/labels"; + description = "Additional memory module label descriptions to be placed in /etc/ras/dimm_labels.d/labels"; example = '' # vendor and model may be shown by 'ras-mc-ctl --mainboard' vendor: ASRock @@ -57,7 +57,7 @@ in config = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' rasdaemon configuration, currently only used for CE PFA for details, read rasdaemon.outPath/etc/sysconfig/rasdaemon's comments ''; @@ -72,11 +72,11 @@ in extraModules = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc "extra kernel modules to load"; + description = "extra kernel modules to load"; example = [ "i7core_edac" ]; }; - testing = mkEnableOption (lib.mdDoc "error injection infrastructure"); + testing = mkEnableOption "error injection infrastructure"; }; config = mkIf cfg.enable { diff --git a/nixpkgs/nixos/modules/services/hardware/ratbagd.nix b/nixpkgs/nixos/modules/services/hardware/ratbagd.nix index 5567bcbafd16..4398e8d582ea 100644 --- a/nixpkgs/nixos/modules/services/hardware/ratbagd.nix +++ b/nixpkgs/nixos/modules/services/hardware/ratbagd.nix @@ -10,7 +10,7 @@ in options = { services.ratbagd = { - enable = mkEnableOption (lib.mdDoc "ratbagd for configuring gaming mice"); + enable = mkEnableOption "ratbagd for configuring gaming mice"; package = mkPackageOption pkgs "libratbag" { }; }; diff --git a/nixpkgs/nixos/modules/services/hardware/sane.nix b/nixpkgs/nixos/modules/services/hardware/sane.nix index 8f64afe60734..5f166bb320ba 100644 --- a/nixpkgs/nixos/modules/services/hardware/sane.nix +++ b/nixpkgs/nixos/modules/services/hardware/sane.nix @@ -48,7 +48,7 @@ in hardware.sane.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable support for SANE scanners. ::: {.note} @@ -61,19 +61,19 @@ in type = types.package; default = pkgs.sane-backends; defaultText = literalExpression "pkgs.sane-backends"; - description = lib.mdDoc "Backends driver package to use."; + description = "Backends driver package to use."; }; hardware.sane.snapshot = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Use a development snapshot of SANE scanner drivers."; + description = "Use a development snapshot of SANE scanner drivers."; }; hardware.sane.extraBackends = mkOption { type = types.listOf types.path; default = []; - description = lib.mdDoc '' + description = '' Packages providing extra SANE backends to enable. ::: {.note} @@ -89,7 +89,7 @@ in type = types.listOf types.str; default = []; example = [ "v4l" ]; - description = lib.mdDoc '' + description = '' Names of backends which are enabled by default but should be disabled. See `$SANE_CONFIG_DIR/dll.conf` for the list of possible names. ''; @@ -98,14 +98,14 @@ in hardware.sane.configDir = mkOption { type = types.str; internal = true; - description = lib.mdDoc "The value of SANE_CONFIG_DIR."; + description = "The value of SANE_CONFIG_DIR."; }; hardware.sane.netConf = mkOption { type = types.lines; default = ""; example = "192.168.0.16"; - description = lib.mdDoc '' + description = '' Network hosts that should be probed for remote scanners. ''; }; @@ -114,7 +114,7 @@ in type = types.bool; default = false; example = true; - description = lib.mdDoc '' + description = '' Whether to enable drivers for the Fujitsu ScanSnap scanners. The driver files are unfree and extracted from the Windows driver image. @@ -133,7 +133,7 @@ in hardware.sane.openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Open ports needed for discovery of scanners on the local network, e.g. needed for Canon scanners (BJNP protocol). ''; @@ -142,7 +142,7 @@ in services.saned.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable saned network daemon for remote connection to scanners. saned would be run from `scanner` user; to allow @@ -155,7 +155,7 @@ in type = types.lines; default = ""; example = "192.168.0.0/24"; - description = lib.mdDoc '' + description = '' Extra saned configuration lines. ''; }; diff --git a/nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix b/nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix index e737a4ce20de..8f9998108406 100644 --- a/nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix +++ b/nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix @@ -15,7 +15,7 @@ let name = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The friendly name you give to the network device. If undefined, the name of attribute will be used. ''; @@ -25,7 +25,7 @@ let model = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The model of the network device. ''; @@ -35,7 +35,7 @@ let ip = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' The ip address of the device. If undefined, you will have to provide a nodename. ''; @@ -46,7 +46,7 @@ let nodename = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' The node name of the device. If undefined, you will have to provide an ip. ''; @@ -68,8 +68,8 @@ in options = { hardware.sane.brscan4.enable = - mkEnableOption (lib.mdDoc "Brother's brscan4 scan backend") // { - description = lib.mdDoc '' + mkEnableOption "Brother's brscan4 scan backend" // { + description = '' When enabled, will automatically register the "brscan4" sane backend and bring configuration files to their expected location. ''; @@ -82,7 +82,7 @@ in office2 = { model = "MFC-7860DW"; nodename = "BRW0080927AFBCE"; }; }; type = with types; attrsOf (submodule netDeviceOpts); - description = lib.mdDoc '' + description = '' The list of network devices that will be registered against the brscan4 sane backend. ''; diff --git a/nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan5.nix b/nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan5.nix index a4f93221475d..5236970337d8 100644 --- a/nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan5.nix +++ b/nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan5.nix @@ -15,7 +15,7 @@ let name = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The friendly name you give to the network device. If undefined, the name of attribute will be used. ''; @@ -25,7 +25,7 @@ let model = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The model of the network device. ''; @@ -35,7 +35,7 @@ let ip = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' The ip address of the device. If undefined, you will have to provide a nodename. ''; @@ -46,7 +46,7 @@ let nodename = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' The node name of the device. If undefined, you will have to provide an ip. ''; @@ -68,7 +68,7 @@ in options = { hardware.sane.brscan5.enable = - mkEnableOption (lib.mdDoc "the Brother brscan5 sane backend"); + mkEnableOption "the Brother brscan5 sane backend"; hardware.sane.brscan5.netDevices = mkOption { default = {}; @@ -77,7 +77,7 @@ in office2 = { model = "MFC-7860DW"; nodename = "BRW0080927AFBCE"; }; }; type = with types; attrsOf (submodule netDeviceOpts); - description = lib.mdDoc '' + description = '' The list of network devices that will be registered against the brscan5 sane backend. ''; diff --git a/nixpkgs/nixos/modules/services/hardware/sane_extra_backends/dsseries.nix b/nixpkgs/nixos/modules/services/hardware/sane_extra_backends/dsseries.nix index 5b05694abc01..d71a17f5ea6b 100644 --- a/nixpkgs/nixos/modules/services/hardware/sane_extra_backends/dsseries.nix +++ b/nixpkgs/nixos/modules/services/hardware/sane_extra_backends/dsseries.nix @@ -6,8 +6,8 @@ with lib; options = { hardware.sane.dsseries.enable = - mkEnableOption (lib.mdDoc "Brother DSSeries scan backend") // { - description = lib.mdDoc '' + mkEnableOption "Brother DSSeries scan backend" // { + description = '' When enabled, will automatically register the "dsseries" SANE backend. This supports the Brother DSmobile scanner series, including the diff --git a/nixpkgs/nixos/modules/services/hardware/spacenavd.nix b/nixpkgs/nixos/modules/services/hardware/spacenavd.nix index 36f132439377..69ca6f102efe 100644 --- a/nixpkgs/nixos/modules/services/hardware/spacenavd.nix +++ b/nixpkgs/nixos/modules/services/hardware/spacenavd.nix @@ -8,7 +8,7 @@ in { options = { hardware.spacenavd = { - enable = mkEnableOption (lib.mdDoc "spacenavd to support 3DConnexion devices"); + enable = mkEnableOption "spacenavd to support 3DConnexion devices"; }; }; diff --git a/nixpkgs/nixos/modules/services/hardware/supergfxd.nix b/nixpkgs/nixos/modules/services/hardware/supergfxd.nix index f7af993d7238..62296014a8dc 100644 --- a/nixpkgs/nixos/modules/services/hardware/supergfxd.nix +++ b/nixpkgs/nixos/modules/services/hardware/supergfxd.nix @@ -7,12 +7,12 @@ in { options = { services.supergfxd = { - enable = lib.mkEnableOption (lib.mdDoc "the supergfxd service"); + enable = lib.mkEnableOption "the supergfxd service"; settings = lib.mkOption { type = lib.types.nullOr json.type; default = null; - description = lib.mdDoc '' + description = '' The content of /etc/supergfxd.conf. See https://gitlab.com/asus-linux/supergfxctl/#config-options-etcsupergfxdconf. ''; diff --git a/nixpkgs/nixos/modules/services/hardware/tcsd.nix b/nixpkgs/nixos/modules/services/hardware/tcsd.nix index f22924d410d5..e414b9647c9b 100644 --- a/nixpkgs/nixos/modules/services/hardware/tcsd.nix +++ b/nixpkgs/nixos/modules/services/hardware/tcsd.nix @@ -40,7 +40,7 @@ in enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to enable tcsd, a Trusted Computing management service that provides TCG Software Stack (TSS). The tcsd daemon is the only portal to the Trusted Platform Module (TPM), a hardware @@ -51,19 +51,19 @@ in user = mkOption { default = "tss"; type = types.str; - description = lib.mdDoc "User account under which tcsd runs."; + description = "User account under which tcsd runs."; }; group = mkOption { default = "tss"; type = types.str; - description = lib.mdDoc "Group account under which tcsd runs."; + description = "Group account under which tcsd runs."; }; stateDir = mkOption { default = "/var/lib/tpm"; type = types.path; - description = lib.mdDoc '' + description = '' The location of the system persistent storage file. The system persistent storage file holds keys and data across restarts of the TCSD and system reboots. @@ -73,20 +73,20 @@ in firmwarePCRs = mkOption { default = "0,1,2,3,4,5,6,7"; type = types.str; - description = lib.mdDoc "PCR indices used in the TPM for firmware measurements."; + description = "PCR indices used in the TPM for firmware measurements."; }; kernelPCRs = mkOption { default = "8,9,10,11,12"; type = types.str; - description = lib.mdDoc "PCR indices used in the TPM for kernel measurements."; + description = "PCR indices used in the TPM for kernel measurements."; }; platformCred = mkOption { default = "${cfg.stateDir}/platform.cert"; defaultText = literalExpression ''"''${config.${opt.stateDir}}/platform.cert"''; type = types.path; - description = lib.mdDoc '' + description = '' Path to the platform credential for your TPM. Your TPM manufacturer may have provided you with a set of credentials (certificates) that should be used when creating identities @@ -100,7 +100,7 @@ in default = "${cfg.stateDir}/conformance.cert"; defaultText = literalExpression ''"''${config.${opt.stateDir}}/conformance.cert"''; type = types.path; - description = lib.mdDoc '' + description = '' Path to the conformance credential for your TPM. See also the platformCred option''; }; @@ -109,7 +109,7 @@ in default = "${cfg.stateDir}/endorsement.cert"; defaultText = literalExpression ''"''${config.${opt.stateDir}}/endorsement.cert"''; type = types.path; - description = lib.mdDoc '' + description = '' Path to the endorsement credential for your TPM. See also the platformCred option''; }; diff --git a/nixpkgs/nixos/modules/services/hardware/thermald.nix b/nixpkgs/nixos/modules/services/hardware/thermald.nix index a4839f326cc4..4f9202d13d90 100644 --- a/nixpkgs/nixos/modules/services/hardware/thermald.nix +++ b/nixpkgs/nixos/modules/services/hardware/thermald.nix @@ -9,12 +9,12 @@ in ###### interface options = { services.thermald = { - enable = mkEnableOption (lib.mdDoc "thermald, the temperature management daemon"); + enable = mkEnableOption "thermald, the temperature management daemon"; debug = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable debug logging. ''; }; @@ -22,13 +22,13 @@ in ignoreCpuidCheck = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to ignore the cpuid check to allow running on unsupported platforms"; + description = "Whether to ignore the cpuid check to allow running on unsupported platforms"; }; configFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc "the thermald manual configuration file."; + description = "the thermald manual configuration file."; }; package = mkPackageOption pkgs "thermald" { }; diff --git a/nixpkgs/nixos/modules/services/hardware/thinkfan.nix b/nixpkgs/nixos/modules/services/hardware/thinkfan.nix index b62fb5e9f8c9..37c9fef03d78 100644 --- a/nixpkgs/nixos/modules/services/hardware/thinkfan.nix +++ b/nixpkgs/nixos/modules/services/hardware/thinkfan.nix @@ -29,7 +29,7 @@ let options = { type = mkOption { type = types.enum [ "hwmon" "atasmart" "tpacpi" "nvml" ]; - description = lib.mdDoc '' + description = '' The ${name} type, can be `hwmon` for standard ${name}s, @@ -43,7 +43,7 @@ let }; query = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The query string used to match one or more ${name}s: can be a fullpath to the temperature file (single ${name}) or a fullpath to a driver directory (multiple ${name}s). @@ -57,7 +57,7 @@ let indices = mkOption { type = with types; nullOr (listOf ints.unsigned); default = null; - description = lib.mdDoc '' + description = '' A list of ${name}s to pick in case multiple ${name}s match the query. ::: {.note} @@ -69,7 +69,7 @@ let correction = mkOption { type = with types; nullOr (listOf int); default = null; - description = lib.mdDoc '' + description = '' A list of values to be added to the temperature of each sensor, can be used to equalize small discrepancies in temperature ratings. ''; @@ -106,7 +106,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable thinkfan, a fan control program. ::: {.note} @@ -120,7 +120,7 @@ in { smartSupport = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to build thinkfan with S.M.A.R.T. support to read temperatures directly from hard disks. ''; @@ -133,7 +133,7 @@ in { query = "/proc/acpi/ibm/thermal"; } ]; - description = lib.mdDoc '' + description = '' List of temperature sensors thinkfan will monitor. ${syntaxNote "thermal"} @@ -147,7 +147,7 @@ in { query = "/proc/acpi/ibm/fan"; } ]; - description = lib.mdDoc '' + description = '' List of fans thinkfan will control. ${syntaxNote "fan"} @@ -165,7 +165,7 @@ in { [7 60 85] ["level auto" 80 32767] ]; - description = lib.mdDoc '' + description = '' [LEVEL LOW HIGH] LEVEL is the fan level to use: it can be an integer (0-7 with thinkpad_acpi), @@ -181,7 +181,7 @@ in { type = types.listOf types.str; default = [ ]; example = [ "-b" "0" ]; - description = lib.mdDoc '' + description = '' A list of extra command line arguments to pass to thinkfan. Check the thinkfan(1) manpage for available arguments. ''; @@ -190,7 +190,7 @@ in { settings = mkOption { type = types.attrsOf settingsFormat.type; default = { }; - description = lib.mdDoc '' + description = '' Thinkfan settings. Use this option to configure thinkfan settings not exposed in a NixOS option or to bypass one. Before changing this, read the `thinkfan.conf(5)` diff --git a/nixpkgs/nixos/modules/services/hardware/throttled.nix b/nixpkgs/nixos/modules/services/hardware/throttled.nix index 0f1f00348ee8..143dc83a1d8b 100644 --- a/nixpkgs/nixos/modules/services/hardware/throttled.nix +++ b/nixpkgs/nixos/modules/services/hardware/throttled.nix @@ -7,12 +7,12 @@ let in { options = { services.throttled = { - enable = mkEnableOption (lib.mdDoc "fix for Intel CPU throttling"); + enable = mkEnableOption "fix for Intel CPU throttling"; extraConfig = mkOption { type = types.str; default = ""; - description = lib.mdDoc "Alternative configuration"; + description = "Alternative configuration"; }; }; }; diff --git a/nixpkgs/nixos/modules/services/hardware/tlp.nix b/nixpkgs/nixos/modules/services/hardware/tlp.nix index 0b7f98ab6a6d..148a88e2030f 100644 --- a/nixpkgs/nixos/modules/services/hardware/tlp.nix +++ b/nixpkgs/nixos/modules/services/hardware/tlp.nix @@ -20,7 +20,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the TLP power management daemon."; + description = "Whether to enable the TLP power management daemon."; }; settings = mkOption {type = with types; attrsOf (oneOf [bool int float str (listOf str)]); @@ -29,7 +29,7 @@ in SATA_LINKPWR_ON_BAT = "med_power_with_dipm"; USB_BLACKLIST_PHONE = 1; }; - description = lib.mdDoc '' + description = '' Options passed to TLP. See https://linrunner.de/tlp for all supported options.. ''; }; @@ -37,7 +37,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Verbatim additional configuration variables for TLP. DEPRECATED: use services.tlp.settings instead. ''; diff --git a/nixpkgs/nixos/modules/services/hardware/trezord.nix b/nixpkgs/nixos/modules/services/hardware/trezord.nix index b2217fc97124..097acb03631f 100644 --- a/nixpkgs/nixos/modules/services/hardware/trezord.nix +++ b/nixpkgs/nixos/modules/services/hardware/trezord.nix @@ -18,7 +18,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable Trezor bridge daemon, for use with Trezor hardware bitcoin wallets. ''; }; @@ -26,7 +26,7 @@ in { emulator.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable Trezor emulator support. ''; }; @@ -34,7 +34,7 @@ in { emulator.port = mkOption { type = types.port; default = 21324; - description = lib.mdDoc '' + description = '' Listening port for the Trezor emulator. ''; }; diff --git a/nixpkgs/nixos/modules/services/hardware/triggerhappy.nix b/nixpkgs/nixos/modules/services/hardware/triggerhappy.nix index 54eac70643ff..89f8754c0e68 100644 --- a/nixpkgs/nixos/modules/services/hardware/triggerhappy.nix +++ b/nixpkgs/nixos/modules/services/hardware/triggerhappy.nix @@ -22,18 +22,18 @@ let keys = mkOption { type = types.listOf types.str; - description = lib.mdDoc "List of keys to match. Key names as defined in linux/input-event-codes.h"; + description = "List of keys to match. Key names as defined in linux/input-event-codes.h"; }; event = mkOption { type = types.enum ["press" "hold" "release"]; default = "press"; - description = lib.mdDoc "Event to match."; + description = "Event to match."; }; cmd = mkOption { type = types.str; - description = lib.mdDoc "What to run."; + description = "What to run."; }; }; @@ -52,7 +52,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the {command}`triggerhappy` hotkey daemon. ''; }; @@ -61,7 +61,7 @@ in type = types.str; default = "nobody"; example = "root"; - description = lib.mdDoc '' + description = '' User account under which {command}`triggerhappy` runs. ''; }; @@ -72,7 +72,7 @@ in example = lib.literalExpression '' [ { keys = ["PLAYPAUSE"]; cmd = "''${pkgs.mpc-cli}/bin/mpc -q toggle"; } ] ''; - description = lib.mdDoc '' + description = '' Key bindings for {command}`triggerhappy`. ''; }; @@ -80,7 +80,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Literal contents to append to the end of {command}`triggerhappy` configuration file. ''; }; diff --git a/nixpkgs/nixos/modules/services/hardware/tuxedo-rs.nix b/nixpkgs/nixos/modules/services/hardware/tuxedo-rs.nix index 0daccfef3a53..506454c1cadf 100644 --- a/nixpkgs/nixos/modules/services/hardware/tuxedo-rs.nix +++ b/nixpkgs/nixos/modules/services/hardware/tuxedo-rs.nix @@ -9,9 +9,9 @@ in { options = { hardware.tuxedo-rs = { - enable = mkEnableOption (lib.mdDoc "Rust utilities for interacting with hardware from TUXEDO Computers"); + enable = mkEnableOption "Rust utilities for interacting with hardware from TUXEDO Computers"; - tailor-gui.enable = mkEnableOption (lib.mdDoc "tailor-gui, an alternative to TUXEDO Control Center, written in Rust"); + tailor-gui.enable = mkEnableOption "tailor-gui, an alternative to TUXEDO Control Center, written in Rust"; }; }; diff --git a/nixpkgs/nixos/modules/services/hardware/udev.nix b/nixpkgs/nixos/modules/services/hardware/udev.nix index 670b9087f110..3db661644281 100644 --- a/nixpkgs/nixos/modules/services/hardware/udev.nix +++ b/nixpkgs/nixos/modules/services/hardware/udev.nix @@ -191,7 +191,7 @@ in boot.hardwareScan = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to try to load kernel modules for all detected hardware. Usually this does a good job of providing you with the modules you need, but sometimes it can crash the system or cause other @@ -200,14 +200,14 @@ in }; services.udev = { - enable = mkEnableOption (lib.mdDoc "udev") // { + enable = mkEnableOption "udev, a device manager for the Linux kernel" // { default = true; }; packages = mkOption { type = types.listOf types.path; default = []; - description = lib.mdDoc '' + description = '' List of packages containing {command}`udev` rules. All files found in {file}`«pkg»/etc/udev/rules.d` and @@ -220,7 +220,7 @@ in path = mkOption { type = types.listOf types.path; default = []; - description = lib.mdDoc '' + description = '' Packages added to the {env}`PATH` environment variable when executing programs from Udev rules. @@ -235,7 +235,7 @@ in ENV{ID_VENDOR_ID}=="046d", ENV{ID_MODEL_ID}=="0825", ENV{PULSE_IGNORE}="1" ''; type = types.lines; - description = lib.mdDoc '' + description = '' Additional {command}`udev` rules. They'll be written into file {file}`99-local.rules`. Thus they are read and applied after all other rules. @@ -250,7 +250,7 @@ in KEYBOARD_KEY_700e2=leftctrl ''; type = types.lines; - description = lib.mdDoc '' + description = '' Additional {command}`hwdb` files. They'll be written into file {file}`99-local.hwdb`. Thus they are read after all other files. @@ -262,7 +262,7 @@ in hardware.firmware = mkOption { type = types.listOf types.package; default = []; - description = lib.mdDoc '' + description = '' List of packages containing firmware files. Such files will be loaded automatically if the kernel asks for them (i.e., when it has detected specific hardware that requires @@ -282,7 +282,7 @@ in networking.usePredictableInterfaceNames = mkOption { default = true; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to assign [predictable names to network interfaces](https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/). If enabled, interfaces are assigned names that contain topology information @@ -300,7 +300,7 @@ in packages = mkOption { type = types.listOf types.path; default = []; - description = lib.mdDoc '' + description = '' *This will only be used when systemd is used in stage 1.* List of packages containing {command}`udev` rules that will be copied to stage 1. @@ -314,7 +314,7 @@ in binPackages = mkOption { type = types.listOf types.path; default = []; - description = lib.mdDoc '' + description = '' *This will only be used when systemd is used in stage 1.* Packages to search for binaries that are referenced by the udev rules in stage 1. @@ -329,7 +329,7 @@ in SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:1D:60:B9:6D:4F", KERNEL=="eth*", NAME="my_fast_network_card" ''; type = types.lines; - description = lib.mdDoc '' + description = '' {command}`udev` rules to include in the initrd *only*. They'll be written into file {file}`99-local.rules`. Thus they are read and applied @@ -401,17 +401,19 @@ in })) ]; - environment.etc = - { - "udev/rules.d".source = udevRulesFor { - name = "udev-rules"; - udevPackages = cfg.packages; - systemd = config.systemd.package; - binPackages = cfg.packages; - inherit udevPath udev; - }; - "udev/hwdb.bin".source = hwdbBin; + environment.etc = { + "udev/rules.d".source = udevRulesFor { + name = "udev-rules"; + udevPackages = cfg.packages; + systemd = config.systemd.package; + binPackages = cfg.packages; + inherit udevPath udev; }; + "udev/hwdb.bin".source = hwdbBin; + } // lib.optionalAttrs config.boot.modprobeConfig.enable { + # We don't place this into `extraModprobeConfig` so that stage-1 ramdisk doesn't bloat. + "modprobe.d/firmware.conf".text = "options firmware_class path=${config.hardware.firmware}/lib/firmware"; + }; system.requiredKernelConfig = with config.lib.kernelConfig; [ (isEnabled "UNIX") @@ -419,21 +421,17 @@ in (isYes "NET") ]; - # We don't place this into `extraModprobeConfig` so that stage-1 ramdisk doesn't bloat. - environment.etc."modprobe.d/firmware.conf".text = "options firmware_class path=${config.hardware.firmware}/lib/firmware"; - - system.activationScripts.udevd = - '' - # The deprecated hotplug uevent helper is not used anymore - if [ -e /proc/sys/kernel/hotplug ]; then - echo "" > /proc/sys/kernel/hotplug - fi + system.activationScripts.udevd = lib.mkIf config.boot.kernel.enable '' + # The deprecated hotplug uevent helper is not used anymore + if [ -e /proc/sys/kernel/hotplug ]; then + echo "" > /proc/sys/kernel/hotplug + fi - # Allow the kernel to find our firmware. - if [ -e /sys/module/firmware_class/parameters/path ]; then - echo -n "${config.hardware.firmware}/lib/firmware" > /sys/module/firmware_class/parameters/path - fi - ''; + # Allow the kernel to find our firmware. + if [ -e /sys/module/firmware_class/parameters/path ]; then + echo -n "${config.hardware.firmware}/lib/firmware" > /sys/module/firmware_class/parameters/path + fi + ''; systemd.services.systemd-udevd = { restartTriggers = cfg.packages; diff --git a/nixpkgs/nixos/modules/services/hardware/udisks2.nix b/nixpkgs/nixos/modules/services/hardware/udisks2.nix index 5c058f1f0a6f..46a72b961501 100644 --- a/nixpkgs/nixos/modules/services/hardware/udisks2.nix +++ b/nixpkgs/nixos/modules/services/hardware/udisks2.nix @@ -18,12 +18,12 @@ in services.udisks2 = { - enable = mkEnableOption (mdDoc "udisks2, a DBus service that allows applications to query and manipulate storage devices"); + enable = mkEnableOption "udisks2, a DBus service that allows applications to query and manipulate storage devices"; mountOnMedia = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' When enabled, instructs udisks2 to mount removable drives under `/media/` directory, instead of the default, ACL-controlled `/run/media/$USER/`. Since `/media/` is not mounted as tmpfs by default, it requires cleanup to get rid of stale mountpoints; enabling this option will take care of this at boot. @@ -53,7 +53,7 @@ in }; }; ''; - description = mdDoc '' + description = '' Options passed to udisksd. See [here](http://manpages.ubuntu.com/manpages/latest/en/man5/udisks2.conf.5.html) and drive configuration in [here](http://manpages.ubuntu.com/manpages/latest/en/man8/udisks.8.html) for supported options. diff --git a/nixpkgs/nixos/modules/services/hardware/undervolt.nix b/nixpkgs/nixos/modules/services/hardware/undervolt.nix index c4d4c6791a21..23bc848b2398 100644 --- a/nixpkgs/nixos/modules/services/hardware/undervolt.nix +++ b/nixpkgs/nixos/modules/services/hardware/undervolt.nix @@ -34,16 +34,16 @@ let in { options.services.undervolt = { - enable = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption '' Undervolting service for Intel CPUs. - Warning: This service is not endorsed by Intel and may permanently damage your hardware. Use at your own risk! - ''); + Warning: This service is not endorsed by Intel and may permanently damage your hardware. Use at your own risk + ''; verbose = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable verbose logging. ''; }; @@ -53,7 +53,7 @@ in coreOffset = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' The amount of voltage in mV to offset the CPU cores by. ''; }; @@ -61,7 +61,7 @@ in gpuOffset = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' The amount of voltage in mV to offset the GPU by. ''; }; @@ -69,7 +69,7 @@ in uncoreOffset = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' The amount of voltage in mV to offset uncore by. ''; }; @@ -77,7 +77,7 @@ in analogioOffset = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' The amount of voltage in mV to offset analogio by. ''; }; @@ -85,7 +85,7 @@ in temp = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' The temperature target in Celsius degrees. ''; }; @@ -93,7 +93,7 @@ in tempAc = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' The temperature target on AC power in Celsius degrees. ''; }; @@ -101,7 +101,7 @@ in tempBat = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' The temperature target on battery power in Celsius degrees. ''; }; @@ -109,7 +109,7 @@ in turbo = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' Changes the Intel Turbo feature status (1 is disabled and 0 is enabled). ''; }; @@ -117,7 +117,7 @@ in p1.limit = mkOption { type = with types; nullOr int; default = null; - description = lib.mdDoc '' + description = '' The P1 Power Limit in Watts. Both limit and window must be set. ''; @@ -125,7 +125,7 @@ in p1.window = mkOption { type = with types; nullOr (oneOf [ float int ]); default = null; - description = lib.mdDoc '' + description = '' The P1 Time Window in seconds. Both limit and window must be set. ''; @@ -134,7 +134,7 @@ in p2.limit = mkOption { type = with types; nullOr int; default = null; - description = lib.mdDoc '' + description = '' The P2 Power Limit in Watts. Both limit and window must be set. ''; @@ -142,7 +142,7 @@ in p2.window = mkOption { type = with types; nullOr (oneOf [ float int ]); default = null; - description = lib.mdDoc '' + description = '' The P2 Time Window in seconds. Both limit and window must be set. ''; @@ -151,7 +151,7 @@ in useTimer = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to set a timer that applies the undervolt settings every 30s. This will cause spam in the journal but might be required for some hardware under specific conditions. diff --git a/nixpkgs/nixos/modules/services/hardware/upower.nix b/nixpkgs/nixos/modules/services/hardware/upower.nix index 0ae31d99aa86..3d0edb0467ea 100644 --- a/nixpkgs/nixos/modules/services/hardware/upower.nix +++ b/nixpkgs/nixos/modules/services/hardware/upower.nix @@ -21,7 +21,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable Upower, a DBus service that provides power management support to applications. ''; @@ -32,7 +32,7 @@ in enableWattsUpPro = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable the Watts Up Pro device. The Watts Up Pro contains a generic FTDI USB device without a specific @@ -50,7 +50,7 @@ in noPollBatteries = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Don't poll the kernel for battery level changes. Some hardware will send us battery level changes through @@ -62,7 +62,7 @@ in ignoreLid = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Do we ignore the lid state Some laptops are broken. The lid state is either inverted, or stuck @@ -76,7 +76,7 @@ in usePercentageForPolicy = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Policy for warnings and action based on battery levels Whether battery percentage based policy should be used. The default @@ -90,7 +90,7 @@ in percentageLow = mkOption { type = types.ints.unsigned; default = 10; - description = lib.mdDoc '' + description = '' When `usePercentageForPolicy` is `true`, the levels at which UPower will consider the battery low. @@ -108,7 +108,7 @@ in percentageCritical = mkOption { type = types.ints.unsigned; default = 3; - description = lib.mdDoc '' + description = '' When `usePercentageForPolicy` is `true`, the levels at which UPower will consider the battery critical. @@ -126,7 +126,7 @@ in percentageAction = mkOption { type = types.ints.unsigned; default = 2; - description = lib.mdDoc '' + description = '' When `usePercentageForPolicy` is `true`, the levels at which UPower will take action for the critical battery level. @@ -144,7 +144,7 @@ in timeLow = mkOption { type = types.ints.unsigned; default = 1200; - description = lib.mdDoc '' + description = '' When `usePercentageForPolicy` is `false`, the time remaining in seconds at which UPower will consider the battery low. @@ -158,7 +158,7 @@ in timeCritical = mkOption { type = types.ints.unsigned; default = 300; - description = lib.mdDoc '' + description = '' When `usePercentageForPolicy` is `false`, the time remaining in seconds at which UPower will consider the battery critical. @@ -172,7 +172,7 @@ in timeAction = mkOption { type = types.ints.unsigned; default = 120; - description = lib.mdDoc '' + description = '' When `usePercentageForPolicy` is `false`, the time remaining in seconds at which UPower will take action for the critical battery level. @@ -186,7 +186,7 @@ in criticalPowerAction = mkOption { type = types.enum [ "PowerOff" "Hibernate" "HybridSleep" ]; default = "HybridSleep"; - description = lib.mdDoc '' + description = '' The action to take when `timeAction` or `percentageAction` has been reached for the batteries (UPS or laptop batteries) supplying the computer diff --git a/nixpkgs/nixos/modules/services/hardware/usbmuxd.nix b/nixpkgs/nixos/modules/services/hardware/usbmuxd.nix index d05ad3af8b12..891619934eb6 100644 --- a/nixpkgs/nixos/modules/services/hardware/usbmuxd.nix +++ b/nixpkgs/nixos/modules/services/hardware/usbmuxd.nix @@ -17,7 +17,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable the usbmuxd ("USB multiplexing daemon") service. This daemon is in charge of multiplexing connections over USB to an iOS device. This is needed for transferring data from and to iOS devices (see ifuse). Also @@ -28,7 +28,7 @@ in user = mkOption { type = types.str; default = defaultUserGroup; - description = lib.mdDoc '' + description = '' The user usbmuxd should use to run after startup. ''; }; @@ -36,7 +36,7 @@ in group = mkOption { type = types.str; default = defaultUserGroup; - description = lib.mdDoc '' + description = '' The group usbmuxd should use to run after startup. ''; }; @@ -45,7 +45,7 @@ in type = types.package; default = pkgs.usbmuxd; defaultText = literalExpression "pkgs.usbmuxd"; - description = lib.mdDoc "Which package to use for the usbmuxd daemon."; + description = "Which package to use for the usbmuxd daemon."; relatedPackages = [ "usbmuxd" "usbmuxd2" ]; }; diff --git a/nixpkgs/nixos/modules/services/hardware/usbrelayd.nix b/nixpkgs/nixos/modules/services/hardware/usbrelayd.nix index 01d3a5ba8bee..31e56ab1d16c 100644 --- a/nixpkgs/nixos/modules/services/hardware/usbrelayd.nix +++ b/nixpkgs/nixos/modules/services/hardware/usbrelayd.nix @@ -5,11 +5,11 @@ let in { options.services.usbrelayd = with types; { - enable = mkEnableOption (lib.mdDoc "USB Relay MQTT daemon"); + enable = mkEnableOption "USB Relay MQTT daemon"; broker = mkOption { type = str; - description = lib.mdDoc "Hostname or IP address of your MQTT Broker."; + description = "Hostname or IP address of your MQTT Broker."; default = "127.0.0.1"; example = [ "mqtt" @@ -19,7 +19,7 @@ in clientName = mkOption { type = str; - description = lib.mdDoc "Name, your client connects as."; + description = "Name, your client connects as."; default = "MyUSBRelay"; }; }; diff --git a/nixpkgs/nixos/modules/services/hardware/vdr.nix b/nixpkgs/nixos/modules/services/hardware/vdr.nix index 689d83f7eedc..6adab680257f 100644 --- a/nixpkgs/nixos/modules/services/hardware/vdr.nix +++ b/nixpkgs/nixos/modules/services/hardware/vdr.nix @@ -3,13 +3,13 @@ let cfg = config.services.vdr; inherit (lib) - mkEnableOption mkPackageOption mkOption types mkIf optional mdDoc; + mkEnableOption mkPackageOption mkOption types mkIf optional; in { options = { services.vdr = { - enable = mkEnableOption (mdDoc "Start VDR"); + enable = mkEnableOption "VDR, a video disk recorder"; package = mkPackageOption pkgs "vdr" { example = "wrapVdr.override { plugins = with pkgs.vdrPlugins; [ hello ]; }"; @@ -18,21 +18,21 @@ in videoDir = mkOption { type = types.path; default = "/srv/vdr/video"; - description = mdDoc "Recording directory"; + description = "Recording directory"; }; extraArguments = mkOption { type = types.listOf types.str; default = [ ]; - description = mdDoc "Additional command line arguments to pass to VDR."; + description = "Additional command line arguments to pass to VDR."; }; - enableLirc = mkEnableOption (mdDoc "LIRC"); + enableLirc = mkEnableOption "LIRC"; user = mkOption { type = types.str; default = "vdr"; - description = mdDoc '' + description = '' User under which the VDR service runs. ''; }; @@ -40,7 +40,7 @@ in group = mkOption { type = types.str; default = "vdr"; - description = mdDoc '' + description = '' Group under which the VDRvdr service runs. ''; }; diff --git a/nixpkgs/nixos/modules/services/home-automation/ebusd.nix b/nixpkgs/nixos/modules/services/home-automation/ebusd.nix index f68a8bdb6bfa..d388022d7b50 100644 --- a/nixpkgs/nixos/modules/services/home-automation/ebusd.nix +++ b/nixpkgs/nixos/modules/services/home-automation/ebusd.nix @@ -44,13 +44,13 @@ in meta.maintainers = with maintainers; [ nathan-gs ]; options.services.ebusd = { - enable = mkEnableOption (lib.mdDoc "ebusd service"); + enable = mkEnableOption "ebusd, a daemon for communication with eBUS heating systems"; device = mkOption { type = types.str; default = ""; example = "IP:PORT"; - description = lib.mdDoc '' + description = '' Use DEV as eBUS device [/dev/ttyUSB0]. This can be either: enh:DEVICE or enh:IP:PORT for enhanced device (only adapter v3 and newer), @@ -64,7 +64,7 @@ in port = mkOption { default = 8888; type = types.port; - description = lib.mdDoc '' + description = '' The port on which to listen on ''; }; @@ -72,7 +72,7 @@ in readonly = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Only read from device, never write to it ''; }; @@ -80,7 +80,7 @@ in configpath = mkOption { type = types.str; default = "https://cfg.ebusd.eu/"; - description = lib.mdDoc '' + description = '' Read CSV config files from PATH (local folder or HTTPS URL) [https://cfg.ebusd.eu/] ''; }; @@ -88,7 +88,7 @@ in scanconfig = mkOption { type = types.str; default = "full"; - description = lib.mdDoc '' + description = '' Pick CSV config files matching initial scan ("none" or empty for no initial scan message, "full" for full scan, or a single hex address to scan, default is to send a broadcast ident message). If combined with --checkconfig, you can add scan message data as arguments for checking a particular scan configuration, e.g. "FF08070400/0AB5454850303003277201". For further details on this option, see [Automatic configuration](https://github.com/john30/ebusd/wiki/4.7.-Automatic-configuration). @@ -97,50 +97,50 @@ in logs = { main = mkOption { - type = types.enum [ "error" "notice" "info" "debug"]; + type = types.enum [ "none" "error" "notice" "info" "debug"]; default = "info"; - description = lib.mdDoc '' - Only write log for matching AREAs (main|network|bus|update|other|all) below or equal to LEVEL (error|notice|info|debug) [all:notice]. + description = '' + Only write log for matching AREAs (main|network|bus|update|other|all) below or equal to LEVEL (none|error|notice|info|debug) [all:notice]. ''; }; network = mkOption { - type = types.enum [ "error" "notice" "info" "debug"]; + type = types.enum [ "none" "error" "notice" "info" "debug"]; default = "info"; - description = lib.mdDoc '' - Only write log for matching AREAs (main|network|bus|update|other|all) below or equal to LEVEL (error|notice|info|debug) [all:notice]. + description = '' + Only write log for matching AREAs (main|network|bus|update|other|all) below or equal to LEVEL (none|error|notice|info|debug) [all:notice]. ''; }; bus = mkOption { - type = types.enum [ "error" "notice" "info" "debug"]; + type = types.enum [ "none" "error" "notice" "info" "debug"]; default = "info"; - description = lib.mdDoc '' - Only write log for matching AREAs (main|network|bus|update|other|all) below or equal to LEVEL (error|notice|info|debug) [all:notice]. + description = '' + Only write log for matching AREAs (main|network|bus|update|other|all) below or equal to LEVEL (none|error|notice|info|debug) [all:notice]. ''; }; update = mkOption { - type = types.enum [ "error" "notice" "info" "debug"]; + type = types.enum [ "none" "error" "notice" "info" "debug"]; default = "info"; - description = lib.mdDoc '' - Only write log for matching AREAs (main|network|bus|update|other|all) below or equal to LEVEL (error|notice|info|debug) [all:notice]. + description = '' + Only write log for matching AREAs (main|network|bus|update|other|all) below or equal to LEVEL (none|error|notice|info|debug) [all:notice]. ''; }; other = mkOption { - type = types.enum [ "error" "notice" "info" "debug"]; + type = types.enum [ "none" "error" "notice" "info" "debug"]; default = "info"; - description = lib.mdDoc '' - Only write log for matching AREAs (main|network|bus|update|other|all) below or equal to LEVEL (error|notice|info|debug) [all:notice]. + description = '' + Only write log for matching AREAs (main|network|bus|update|other|all) below or equal to LEVEL (none|error|notice|info|debug) [all:notice]. ''; }; all = mkOption { - type = types.enum [ "error" "notice" "info" "debug"]; + type = types.enum [ "none" "error" "notice" "info" "debug"]; default = "info"; - description = lib.mdDoc '' - Only write log for matching AREAs (main|network|bus|update|other|all) below or equal to LEVEL (error|notice|info|debug) [all:notice]. + description = '' + Only write log for matching AREAs (main|network|bus|update|other|all) below or equal to LEVEL (none|error|notice|info|debug) [all:notice]. ''; }; }; @@ -150,7 +150,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Adds support for MQTT ''; }; @@ -158,7 +158,7 @@ in host = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc '' + description = '' Connect to MQTT broker on HOST. ''; }; @@ -166,7 +166,7 @@ in port = mkOption { default = 1883; type = types.port; - description = lib.mdDoc '' + description = '' The port on which to connect to MQTT ''; }; @@ -174,7 +174,7 @@ in home-assistant = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Adds the Home Assistant topics to MQTT, read more at [MQTT Integration](https://github.com/john30/ebusd/wiki/MQTT-integration) ''; }; @@ -182,21 +182,21 @@ in retain = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Set the retain flag on all topics instead of only selected global ones ''; }; user = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The MQTT user to use ''; }; password = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The MQTT password. ''; }; @@ -206,7 +206,7 @@ in extraArguments = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' Extra arguments to the ebus daemon ''; }; diff --git a/nixpkgs/nixos/modules/services/home-automation/esphome.nix b/nixpkgs/nixos/modules/services/home-automation/esphome.nix index 3c0fd8aed08a..faae5ec8ff45 100644 --- a/nixpkgs/nixos/modules/services/home-automation/esphome.nix +++ b/nixpkgs/nixos/modules/services/home-automation/esphome.nix @@ -7,7 +7,6 @@ let mkEnableOption mkIf mkOption - mdDoc types ; @@ -24,38 +23,38 @@ in meta.maintainers = with maintainers; [ oddlama ]; options.services.esphome = { - enable = mkEnableOption (mdDoc "esphome"); + enable = mkEnableOption "esphome, for making custom firmwares for ESP32/ESP8266"; package = lib.mkPackageOption pkgs "esphome" { }; enableUnixSocket = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Listen on a unix socket `/run/esphome/esphome.sock` instead of the TCP port."; + description = "Listen on a unix socket `/run/esphome/esphome.sock` instead of the TCP port."; }; address = mkOption { type = types.str; default = "localhost"; - description = mdDoc "esphome address"; + description = "esphome address"; }; port = mkOption { type = types.port; default = 6052; - description = mdDoc "esphome port"; + description = "esphome port"; }; openFirewall = mkOption { default = false; type = types.bool; - description = mdDoc "Whether to open the firewall for the specified port."; + description = "Whether to open the firewall for the specified port."; }; allowedDevices = mkOption { default = ["char-ttyS" "char-ttyUSB"]; example = ["/dev/serial/by-id/usb-Silicon_Labs_CP2102_USB_to_UART_Bridge_Controller_0001-if00-port0"]; - description = lib.mdDoc '' + description = '' A list of device nodes to which {command}`esphome` has access to. Refer to DeviceAllow in systemd.resource-control(5) for more information. Beware that if a device is referred to by an absolute path instead of a device category, @@ -67,7 +66,7 @@ in usePing = mkOption { default = false; type = types.bool; - description = lib.mdDoc "Use ping to check online status of devices instead of mDNS"; + description = "Use ping to check online status of devices instead of mDNS"; }; }; diff --git a/nixpkgs/nixos/modules/services/home-automation/evcc.nix b/nixpkgs/nixos/modules/services/home-automation/evcc.nix index f360f525b04b..a952437b1b56 100644 --- a/nixpkgs/nixos/modules/services/home-automation/evcc.nix +++ b/nixpkgs/nixos/modules/services/home-automation/evcc.nix @@ -19,19 +19,19 @@ in meta.maintainers = with lib.maintainers; [ hexa ]; options.services.evcc = with types; { - enable = mkEnableOption (lib.mdDoc "EVCC, the extensible EV Charge Controller with PV integration"); + enable = mkEnableOption "EVCC, the extensible EV Charge Controller with PV integration"; extraArgs = mkOption { type = listOf str; default = []; - description = lib.mdDoc '' + description = '' Extra arguments to pass to the evcc executable. ''; }; settings = mkOption { type = format.type; - description = lib.mdDoc '' + description = '' evcc configuration as a Nix attribute set. Check for possible options in the sample [evcc.dist.yaml](https://github.com/andig/evcc/blob/${package.version}/evcc.dist.yaml]. @@ -63,6 +63,7 @@ in DynamicUser = true; LockPersonality = true; MemoryDenyWriteExecute = true; + Restart = "on-failure"; RestrictAddressFamilies = [ "AF_INET" "AF_INET6" diff --git a/nixpkgs/nixos/modules/services/home-automation/home-assistant.nix b/nixpkgs/nixos/modules/services/home-automation/home-assistant.nix index 3423eebe9ed6..d94adfb4aa1c 100644 --- a/nixpkgs/nixos/modules/services/home-automation/home-assistant.nix +++ b/nixpkgs/nixos/modules/services/home-automation/home-assistant.nix @@ -95,12 +95,12 @@ in { options.services.home-assistant = { # Running home-assistant on NixOS is considered an installation method that is unsupported by the upstream project. # https://github.com/home-assistant/architecture/blob/master/adr/0012-define-supported-installation-method.md#decision - enable = mkEnableOption (lib.mdDoc "Home Assistant. Please note that this installation method is unsupported upstream"); + enable = mkEnableOption "Home Assistant. Please note that this installation method is unsupported upstream"; configDir = mkOption { default = "/var/lib/hass"; type = types.path; - description = lib.mdDoc "The config directory, where your {file}`configuration.yaml` is located."; + description = "The config directory, where your {file}`configuration.yaml` is located."; }; defaultIntegrations = mkOption { @@ -164,7 +164,7 @@ in { "wled" ] ''; - description = lib.mdDoc '' + description = '' List of [components](https://www.home-assistant.io/integrations/) that have their dependencies included in the package. The component name can be found in the URL, for example `https://www.home-assistant.io/integrations/ffmpeg/` would map to `ffmpeg`. @@ -183,7 +183,7 @@ in { psycopg2 ]; ''; - description = lib.mdDoc '' + description = '' List of packages to add to propagatedBuildInputs. A popular example is `python3Packages.psycopg2` @@ -199,7 +199,7 @@ in { prometheus_sensor ]; ''; - description = lib.mdDoc '' + description = '' List of custom component packages to install. Available components can be found below `pkgs.home-assistant-custom-components`. @@ -215,7 +215,7 @@ in { mini-media-player ]; ''; - description = lib.mdDoc '' + description = '' List of custom lovelace card packages to load as lovelace resources. Available cards can be found below `pkgs.home-assistant-custom-lovelace-modules`. @@ -240,7 +240,7 @@ in { type = types.nullOr types.str; default = null; example = "Home"; - description = lib.mdDoc '' + description = '' Name of the location where Home Assistant is running. ''; }; @@ -249,7 +249,7 @@ in { type = types.nullOr (types.either types.float types.str); default = null; example = 52.3; - description = lib.mdDoc '' + description = '' Latitude of your location required to calculate the time the sun rises and sets. ''; }; @@ -258,7 +258,7 @@ in { type = types.nullOr (types.either types.float types.str); default = null; example = 4.9; - description = lib.mdDoc '' + description = '' Longitude of your location required to calculate the time the sun rises and sets. ''; }; @@ -267,7 +267,7 @@ in { type = types.nullOr (types.enum [ "metric" "imperial" ]); default = null; example = "metric"; - description = lib.mdDoc '' + description = '' The unit system to use. This also sets temperature_unit, Celsius for Metric and Fahrenheit for Imperial. ''; }; @@ -276,7 +276,7 @@ in { type = types.nullOr (types.enum [ "C" "F" ]); default = null; example = "C"; - description = lib.mdDoc '' + description = '' Override temperature unit set by unit_system. `C` for Celsius, `F` for Fahrenheit. ''; }; @@ -288,7 +288,7 @@ in { config.time.timeZone or null ''; example = "Europe/Amsterdam"; - description = lib.mdDoc '' + description = '' Pick your time zone from the column TZ of Wikipedia’s [list of tz database time zones](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones). ''; }; @@ -303,7 +303,7 @@ in { "::" ]; example = "::1"; - description = lib.mdDoc '' + description = '' Only listen to incoming requests on specific IP/host. The default listed assumes support for IPv4 and IPv6. ''; }; @@ -311,7 +311,7 @@ in { server_port = mkOption { default = 8123; type = types.port; - description = lib.mdDoc '' + description = '' The port on which to listen. ''; }; @@ -330,7 +330,7 @@ in { else "storage"; ''; example = "yaml"; - description = lib.mdDoc '' + description = '' In what mode should the main Lovelace panel be, `yaml` or `storage` (UI managed). ''; }; @@ -354,7 +354,7 @@ in { feedreader.urls = [ "https://nixos.org/blogs.xml" ]; } ''; - description = lib.mdDoc '' + description = '' Your {file}`configuration.yaml` as a Nix attribute set. YAML functions like [secrets](https://www.home-assistant.io/docs/configuration/secrets/) @@ -369,7 +369,7 @@ in { configWritable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to make {file}`configuration.yaml` writable. This will allow you to edit it from Home Assistant's web interface. @@ -396,7 +396,7 @@ in { } ]; } ''; - description = lib.mdDoc '' + description = '' Your {file}`ui-lovelace.yaml` as a Nix attribute set. Setting this option will automatically set `lovelace.mode` to `yaml`. @@ -407,7 +407,7 @@ in { lovelaceConfigWritable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to make {file}`ui-lovelace.yaml` writable. This will allow you to edit it from Home Assistant's web interface. @@ -439,7 +439,7 @@ in { ]; } ''; - description = lib.mdDoc '' + description = '' The Home Assistant package to use. ''; }; @@ -447,7 +447,7 @@ in { openFirewall = mkOption { default = false; type = types.bool; - description = lib.mdDoc "Whether to open the firewall for the specified port."; + description = "Whether to open the firewall for the specified port."; }; }; diff --git a/nixpkgs/nixos/modules/services/home-automation/homeassistant-satellite.nix b/nixpkgs/nixos/modules/services/home-automation/homeassistant-satellite.nix deleted file mode 100644 index 6ca428f2af81..000000000000 --- a/nixpkgs/nixos/modules/services/home-automation/homeassistant-satellite.nix +++ /dev/null @@ -1,225 +0,0 @@ -{ config -, lib -, pkgs -, ... -}: - -let - cfg = config.services.homeassistant-satellite; - - inherit (lib) - escapeShellArg - escapeShellArgs - mkOption - mdDoc - mkEnableOption - mkIf - mkPackageOption - types - ; - - inherit (builtins) - toString - ; - - # override the package with the relevant vad dependencies - package = cfg.package.overridePythonAttrs (oldAttrs: { - propagatedBuildInputs = oldAttrs.propagatedBuildInputs - ++ lib.optional (cfg.vad == "webrtcvad") cfg.package.optional-dependencies.webrtc - ++ lib.optional (cfg.vad == "silero") cfg.package.optional-dependencies.silerovad - ++ lib.optional (cfg.pulseaudio.enable) cfg.package.optional-dependencies.pulseaudio; - }); - -in - -{ - meta.buildDocsInSandbox = false; - - options.services.homeassistant-satellite = with types; { - enable = mkEnableOption (mdDoc "Home Assistant Satellite"); - - package = mkPackageOption pkgs "homeassistant-satellite" { }; - - user = mkOption { - type = str; - example = "alice"; - description = mdDoc '' - User to run homeassistant-satellite under. - ''; - }; - - group = mkOption { - type = str; - default = "users"; - description = mdDoc '' - Group to run homeassistant-satellite under. - ''; - }; - - host = mkOption { - type = str; - example = "home-assistant.local"; - description = mdDoc '' - Hostname on which your Home Assistant instance can be reached. - ''; - }; - - port = mkOption { - type = port; - example = 8123; - description = mdDoc '' - Port on which your Home Assistance can be reached. - ''; - apply = toString; - }; - - protocol = mkOption { - type = enum [ "http" "https" ]; - default = "http"; - example = "https"; - description = mdDoc '' - The transport protocol used to connect to Home Assistant. - ''; - }; - - tokenFile = mkOption { - type = path; - example = "/run/keys/hass-token"; - description = mdDoc '' - Path to a file containing a long-lived access token for your Home Assistant instance. - ''; - apply = escapeShellArg; - }; - - sounds = { - awake = mkOption { - type = nullOr str; - default = null; - description = mdDoc '' - Audio file to play when the wake word is detected. - ''; - }; - - done = mkOption { - type = nullOr str; - default = null; - description = mdDoc '' - Audio file to play when the voice command is done. - ''; - }; - }; - - vad = mkOption { - type = enum [ "disabled" "webrtcvad" "silero" ]; - default = "disabled"; - example = "silero"; - description = mdDoc '' - Voice activity detection model. With `disabled` sound will be transmitted continously. - ''; - }; - - pulseaudio = { - enable = mkEnableOption "recording/playback via PulseAudio or PipeWire"; - - socket = mkOption { - type = nullOr str; - default = null; - example = "/run/user/1000/pulse/native"; - description = mdDoc '' - Path or hostname to connect with the PulseAudio server. - ''; - }; - - duckingVolume = mkOption { - type = nullOr float; - default = null; - example = 0.4; - description = mdDoc '' - Reduce output volume (between 0 and 1) to this percentage value while recording. - ''; - }; - - echoCancellation = mkEnableOption "acoustic echo cancellation"; - }; - - extraArgs = mkOption { - type = listOf str; - default = [ ]; - description = mdDoc '' - Extra arguments to pass to the commandline. - ''; - apply = escapeShellArgs; - }; - }; - - config = mkIf cfg.enable { - systemd.services."homeassistant-satellite" = { - description = "Home Assistant Satellite"; - after = [ - "network-online.target" - ]; - wants = [ - "network-online.target" - ]; - wantedBy = [ - "multi-user.target" - ]; - path = with pkgs; [ - ffmpeg-headless - ] ++ lib.optionals (!cfg.pulseaudio.enable) [ - alsa-utils - ]; - serviceConfig = { - User = cfg.user; - Group = cfg.group; - # https://github.com/rhasspy/hassio-addons/blob/master/assist_microphone/rootfs/etc/s6-overlay/s6-rc.d/assist_microphone/run - ExecStart = '' - ${package}/bin/homeassistant-satellite \ - --host ${cfg.host} \ - --port ${cfg.port} \ - --protocol ${cfg.protocol} \ - --token-file ${cfg.tokenFile} \ - --vad ${cfg.vad} \ - ${lib.optionalString cfg.pulseaudio.enable "--pulseaudio"}${lib.optionalString (cfg.pulseaudio.socket != null) "=${cfg.pulseaudio.socket}"} \ - ${lib.optionalString (cfg.pulseaudio.enable && cfg.pulseaudio.duckingVolume != null) "--ducking-volume=${toString cfg.pulseaudio.duckingVolume}"} \ - ${lib.optionalString (cfg.pulseaudio.enable && cfg.pulseaudio.echoCancellation) "--echo-cancel"} \ - ${lib.optionalString (cfg.sounds.awake != null) "--awake-sound=${toString cfg.sounds.awake}"} \ - ${lib.optionalString (cfg.sounds.done != null) "--done-sound=${toString cfg.sounds.done}"} \ - ${cfg.extraArgs} - ''; - CapabilityBoundingSet = ""; - DeviceAllow = ""; - DevicePolicy = "closed"; - LockPersonality = true; - MemoryDenyWriteExecute = false; # onnxruntime/capi/onnxruntime_pybind11_state.so: cannot enable executable stack as shared object requires: Operation not permitted - PrivateDevices = true; - PrivateUsers = true; - ProtectHome = false; # Would deny access to local pulse/pipewire server - ProtectHostname = true; - ProtectKernelLogs = true; - ProtectKernelModules = true; - ProtectKernelTunables = true; - ProtectControlGroups = true; - ProtectProc = "invisible"; - ProcSubset = "all"; # Error in cpuinfo: failed to parse processor information from /proc/cpuinfo - Restart = "always"; - RestrictAddressFamilies = [ - "AF_INET" - "AF_INET6" - "AF_UNIX" - ]; - RestrictNamespaces = true; - RestrictRealtime = true; - SupplementaryGroups = [ - "audio" - ]; - SystemCallArchitectures = "native"; - SystemCallFilter = [ - "@system-service" - "~@privileged" - ]; - UMask = "0077"; - }; - }; - }; -} diff --git a/nixpkgs/nixos/modules/services/home-automation/matter-server.nix b/nixpkgs/nixos/modules/services/home-automation/matter-server.nix index 864ef9e20083..7bf1cfe54d17 100644 --- a/nixpkgs/nixos/modules/services/home-automation/matter-server.nix +++ b/nixpkgs/nixos/modules/services/home-automation/matter-server.nix @@ -17,7 +17,7 @@ in meta.maintainers = with lib.maintainers; [ leonm1 ]; options.services.matter-server = with types; { - enable = mkEnableOption (lib.mdDoc "Matter-server"); + enable = mkEnableOption "Matter-server"; package = mkPackageOptionMD pkgs "python-matter-server" { }; diff --git a/nixpkgs/nixos/modules/services/audio/wyoming/faster-whisper.nix b/nixpkgs/nixos/modules/services/home-automation/wyoming/faster-whisper.nix index 0c36e8c9ab05..d0fca6a41c7b 100644 --- a/nixpkgs/nixos/modules/services/audio/wyoming/faster-whisper.nix +++ b/nixpkgs/nixos/modules/services/home-automation/wyoming/faster-whisper.nix @@ -10,7 +10,6 @@ let inherit (lib) escapeShellArgs mkOption - mdDoc mkEnableOption mkPackageOption types @@ -28,19 +27,19 @@ in servers = mkOption { default = {}; - description = mdDoc '' + description = '' Attribute set of faster-whisper instances to spawn. ''; type = types.attrsOf (types.submodule ( { ... }: { options = { - enable = mkEnableOption (mdDoc "Wyoming faster-whisper server"); + enable = mkEnableOption "Wyoming faster-whisper server"; model = mkOption { type = str; default = "tiny-int8"; example = "Systran/faster-distil-whisper-small.en"; - description = mdDoc '' + description = '' Name of the voice model to use. Check the [2.0.0 release notes](https://github.com/rhasspy/wyoming-faster-whisper/releases/tag/v2.0.0) for possible values. @@ -50,7 +49,7 @@ in uri = mkOption { type = strMatching "^(tcp|unix)://.*$"; example = "tcp://0.0.0.0:10300"; - description = mdDoc '' + description = '' URI to bind the wyoming server to. ''; }; @@ -63,7 +62,7 @@ in "auto" ]; default = "cpu"; - description = mdDoc '' + description = '' Determines the platform faster-whisper is run on. CPU works everywhere, CUDA requires a compatible NVIDIA GPU. ''; }; @@ -74,7 +73,7 @@ in "auto" "af" "am" "ar" "as" "az" "ba" "be" "bg" "bn" "bo" "br" "bs" "ca" "cs" "cy" "da" "de" "el" "en" "es" "et" "eu" "fa" "fi" "fo" "fr" "gl" "gu" "ha" "haw" "he" "hi" "hr" "ht" "hu" "hy" "id" "is" "it" "ja" "jw" "ka" "kk" "km" "kn" "ko" "la" "lb" "ln" "lo" "lt" "lv" "mg" "mi" "mk" "ml" "mn" "mr" "ms" "mt" "my" "ne" "nl" "nn" "no" "oc" "pa" "pl" "ps" "pt" "ro" "ru" "sa" "sd" "si" "sk" "sl" "sn" "so" "sq" "sr" "su" "sv" "sw" "ta" "te" "tg" "th" "tk" "tl" "tr" "tt" "uk" "ur" "uz" "vi" "yi" "yo" "zh" ]; example = "en"; - description = mdDoc '' + description = '' The language used to to parse words and sentences. ''; }; @@ -83,7 +82,7 @@ in type = ints.unsigned; default = 1; example = 5; - description = mdDoc '' + description = '' The number of beams to use in beam search. ''; apply = toString; @@ -92,7 +91,7 @@ in extraArgs = mkOption { type = listOf str; default = [ ]; - description = mdDoc '' + description = '' Extra arguments to pass to the server commandline. ''; apply = escapeShellArgs; @@ -120,6 +119,8 @@ in wantedBy = [ "multi-user.target" ]; + # https://github.com/rhasspy/wyoming-faster-whisper/issues/27 + environment."HF_HUB_CACHE" = "/tmp"; serviceConfig = { DynamicUser = true; User = "wyoming-faster-whisper"; diff --git a/nixpkgs/nixos/modules/services/audio/wyoming/openwakeword.nix b/nixpkgs/nixos/modules/services/home-automation/wyoming/openwakeword.nix index 252f70be2baa..856a4ef7366d 100644 --- a/nixpkgs/nixos/modules/services/audio/wyoming/openwakeword.nix +++ b/nixpkgs/nixos/modules/services/home-automation/wyoming/openwakeword.nix @@ -12,7 +12,6 @@ let concatMapStringsSep escapeShellArgs mkOption - mdDoc mkEnableOption mkIf mkPackageOption @@ -34,7 +33,7 @@ in meta.buildDocsInSandbox = false; options.services.wyoming.openwakeword = with types; { - enable = mkEnableOption (mdDoc "Wyoming openWakeWord server"); + enable = mkEnableOption "Wyoming openWakeWord server"; package = mkPackageOption pkgs "wyoming-openwakeword" { }; @@ -42,7 +41,7 @@ in type = strMatching "^(tcp|unix)://.*$"; default = "tcp://0.0.0.0:10400"; example = "tcp://192.0.2.1:5000"; - description = mdDoc '' + description = '' URI to bind the wyoming server to. ''; }; @@ -50,7 +49,7 @@ in customModelsDirectories = mkOption { type = listOf types.path; default = []; - description = lib.mdDoc '' + description = '' Paths to directories with custom wake word models (*.tflite model files). ''; }; @@ -68,7 +67,7 @@ in "hey_rhasspy" "ok_nabu" ]; - description = mdDoc '' + description = '' List of wake word models to preload after startup. ''; }; @@ -76,7 +75,7 @@ in threshold = mkOption { type = float; default = 0.5; - description = mdDoc '' + description = '' Activation threshold (0-1), where higher means fewer activations. See trigger level for the relationship between activations and @@ -88,7 +87,7 @@ in triggerLevel = mkOption { type = int; default = 1; - description = mdDoc '' + description = '' Number of activations before a detection is registered. A higher trigger level means fewer detections. @@ -99,7 +98,7 @@ in extraArgs = mkOption { type = listOf str; default = [ ]; - description = mdDoc '' + description = '' Extra arguments to pass to the server commandline. ''; apply = escapeShellArgs; diff --git a/nixpkgs/nixos/modules/services/audio/wyoming/piper.nix b/nixpkgs/nixos/modules/services/home-automation/wyoming/piper.nix index 2828fdf07892..5b5f898d7ca3 100644 --- a/nixpkgs/nixos/modules/services/audio/wyoming/piper.nix +++ b/nixpkgs/nixos/modules/services/home-automation/wyoming/piper.nix @@ -10,7 +10,6 @@ let inherit (lib) escapeShellArgs mkOption - mdDoc mkEnableOption mkPackageOption types @@ -30,20 +29,20 @@ in servers = mkOption { default = {}; - description = mdDoc '' + description = '' Attribute set of piper instances to spawn. ''; type = types.attrsOf (types.submodule ( { ... }: { options = { - enable = mkEnableOption (mdDoc "Wyoming Piper server"); + enable = mkEnableOption "Wyoming Piper server"; piper = mkPackageOption pkgs "piper-tts" { }; voice = mkOption { type = str; example = "en-us-ryan-medium"; - description = mdDoc '' + description = '' Name of the voice model to use. See the following website for samples: https://rhasspy.github.io/piper-samples/ ''; @@ -52,7 +51,7 @@ in uri = mkOption { type = strMatching "^(tcp|unix)://.*$"; example = "tcp://0.0.0.0:10200"; - description = mdDoc '' + description = '' URI to bind the wyoming server to. ''; }; @@ -60,7 +59,7 @@ in speaker = mkOption { type = ints.unsigned; default = 0; - description = mdDoc '' + description = '' ID of a specific speaker in a multi-speaker model. ''; apply = toString; @@ -69,7 +68,7 @@ in noiseScale = mkOption { type = float; default = 0.667; - description = mdDoc '' + description = '' Generator noise value. ''; apply = toString; @@ -78,7 +77,7 @@ in noiseWidth = mkOption { type = float; default = 0.333; - description = mdDoc '' + description = '' Phoneme width noise value. ''; apply = toString; @@ -87,7 +86,7 @@ in lengthScale = mkOption { type = float; default = 1.0; - description = mdDoc '' + description = '' Phoneme length value. ''; apply = toString; @@ -96,7 +95,7 @@ in extraArgs = mkOption { type = listOf str; default = [ ]; - description = mdDoc '' + description = '' Extra arguments to pass to the server commandline. ''; apply = escapeShellArgs; diff --git a/nixpkgs/nixos/modules/services/home-automation/wyoming/satellite.nix b/nixpkgs/nixos/modules/services/home-automation/wyoming/satellite.nix new file mode 100644 index 000000000000..531d375e703a --- /dev/null +++ b/nixpkgs/nixos/modules/services/home-automation/wyoming/satellite.nix @@ -0,0 +1,244 @@ +{ config +, lib +, pkgs +, ... +}: + +let + cfg = config.services.wyoming.satellite; + + inherit (lib) + elem + escapeShellArgs + getExe + literalExpression + mkOption + mkEnableOption + mkIf + mkPackageOption + optional + optionals + types + ; + + finalPackage = cfg.package.overridePythonAttrs (oldAttrs: { + propagatedBuildInputs = oldAttrs.propagatedBuildInputs + # for audio enhancements like auto-gain, noise suppression + ++ cfg.package.optional-dependencies.webrtc + # vad is currently optional, because it is broken on aarch64-linux + ++ optionals cfg.vad.enable cfg.package.optional-dependencies.silerovad; + }); +in + +{ + meta.buildDocsInSandbox = false; + + options.services.wyoming.satellite = with types; { + enable = mkEnableOption "Wyoming Satellite"; + + package = mkPackageOption pkgs "wyoming-satellite" { }; + + user = mkOption { + type = str; + example = "alice"; + description = '' + User to run wyoming-satellite under. + ''; + }; + + group = mkOption { + type = str; + default = "users"; + description = '' + Group to run wyoming-satellite under. + ''; + }; + + uri = mkOption { + type = str; + default = "tcp://0.0.0.0:10700"; + description = '' + URI where wyoming-satellite will bind its socket. + ''; + }; + + name = mkOption { + type = str; + default = config.networking.hostName; + defaultText = literalExpression '' + config.networking.hostName + ''; + description = '' + Name of the satellite. + ''; + }; + + area = mkOption { + type = nullOr str; + default = null; + example = "Kitchen"; + description = '' + Area to the satellite. + ''; + }; + + microphone = { + command = mkOption { + type = str; + default = "arecord -r 16000 -c 1 -f S16_LE -t raw"; + description = '' + Program to run for audio input. + ''; + }; + + autoGain = mkOption { + type = ints.between 0 31; + default = 5; + example = 15; + description = '' + Automatic gain control in dbFS, with 31 being the loudest value. Set to 0 to disable. + ''; + }; + + noiseSuppression = mkOption { + type = ints.between 0 4; + default = 2; + example = 3; + description = '' + Noise suppression level with 4 being the maximum suppression, + which may cause audio distortion. Set to 0 to disable. + ''; + }; + }; + + sound = { + command = mkOption { + type = nullOr str; + default = "aplay -r 22050 -c 1 -f S16_LE -t raw"; + description = '' + Program to run for sound output. + ''; + }; + }; + + sounds = { + awake = mkOption { + type = nullOr path; + default = null; + description = '' + Path to audio file in WAV format to play when wake word is detected. + ''; + }; + + done = mkOption { + type = nullOr path; + default = null; + description = '' + Path to audio file in WAV format to play when voice command recording has ended. + ''; + }; + }; + + vad = { + enable = mkOption { + type = bool; + default = true; + description = '' + Whether to enable voice activity detection. + + Enabling will result in only streaming audio, when speech gets + detected. + ''; + }; + }; + + extraArgs = mkOption { + type = listOf str; + default = [ ]; + description = '' + Extra arguments to pass to the executable. + + Check `wyoming-satellite --help` for possible options. + ''; + }; + }; + + config = mkIf cfg.enable { + systemd.services."wyoming-satellite" = { + description = "Wyoming Satellite"; + after = [ + "network-online.target" + "sound.target" + ]; + wants = [ + "network-online.target" + "sound.target" + ]; + wantedBy = [ + "multi-user.target" + ]; + path = with pkgs; [ + alsa-utils + ]; + script = let + optionalParam = param: argument: optionals (!elem argument [ null 0 false ]) [ + param argument + ]; + in '' + export XDG_RUNTIME_DIR=/run/user/$UID + ${escapeShellArgs ([ + (getExe finalPackage) + "--uri" cfg.uri + "--name" cfg.name + "--mic-command" cfg.microphone.command + ] + ++ optionalParam "--mic-auto-gain" cfg.microphone.autoGain + ++ optionalParam "--mic-noise-suppression" cfg.microphone.noiseSuppression + ++ optionalParam "--area" cfg.area + ++ optionalParam "--snd-command" cfg.sound.command + ++ optionalParam "--awake-wav" cfg.sounds.awake + ++ optionalParam "--done-wav" cfg.sounds.done + ++ optional cfg.vad.enable "--vad" + ++ cfg.extraArgs)} + ''; + serviceConfig = { + User = cfg.user; + Group = cfg.group; + # https://github.com/rhasspy/hassio-addons/blob/master/assist_microphone/rootfs/etc/s6-overlay/s6-rc.d/assist_microphone/run + CapabilityBoundingSet = ""; + DeviceAllow = ""; + DevicePolicy = "closed"; + LockPersonality = true; + MemoryDenyWriteExecute = false; # onnxruntime/capi/onnxruntime_pybind11_state.so: cannot enable executable stack as shared object requires: Operation not permitted + PrivateDevices = true; + PrivateUsers = true; + ProtectHome = false; # Would deny access to local pulse/pipewire server + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectControlGroups = true; + ProtectProc = "invisible"; + ProcSubset = "all"; # Error in cpuinfo: failed to parse processor information from /proc/cpuinfo + Restart = "always"; + RestrictAddressFamilies = [ + "AF_INET" + "AF_INET6" + "AF_UNIX" + "AF_NETLINK" + ]; + RestrictNamespaces = true; + RestrictRealtime = true; + SupplementaryGroups = [ + "audio" + ]; + SystemCallArchitectures = "native"; + SystemCallFilter = [ + "@system-service" + "~@privileged" + ]; + UMask = "0077"; + }; + }; + }; +} diff --git a/nixpkgs/nixos/modules/services/home-automation/zigbee2mqtt.nix b/nixpkgs/nixos/modules/services/home-automation/zigbee2mqtt.nix index a653e49a09f6..f1d150487379 100644 --- a/nixpkgs/nixos/modules/services/home-automation/zigbee2mqtt.nix +++ b/nixpkgs/nixos/modules/services/home-automation/zigbee2mqtt.nix @@ -18,12 +18,12 @@ in ]; options.services.zigbee2mqtt = { - enable = mkEnableOption (lib.mdDoc "zigbee2mqtt service"); + enable = mkEnableOption "zigbee2mqtt service"; package = mkPackageOption pkgs "zigbee2mqtt" { }; dataDir = mkOption { - description = lib.mdDoc "Zigbee2mqtt data directory"; + description = "Zigbee2mqtt data directory"; default = "/var/lib/zigbee2mqtt"; type = types.path; }; @@ -40,7 +40,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' Your {file}`configuration.yaml` as a Nix attribute set. Check the [documentation](https://www.zigbee2mqtt.io/information/configuration.html) for possible options. diff --git a/nixpkgs/nixos/modules/services/home-automation/zwave-js.nix b/nixpkgs/nixos/modules/services/home-automation/zwave-js.nix index 9821da7ef6ed..2138719ec6fa 100644 --- a/nixpkgs/nixos/modules/services/home-automation/zwave-js.nix +++ b/nixpkgs/nixos/modules/services/home-automation/zwave-js.nix @@ -8,21 +8,21 @@ let settingsFormat = pkgs.formats.json {}; in { options.services.zwave-js = { - enable = mkEnableOption (mdDoc "the zwave-js server on boot"); + enable = mkEnableOption "the zwave-js server on boot"; package = mkPackageOption pkgs "zwave-js-server" { }; port = mkOption { type = types.port; default = 3000; - description = mdDoc '' + description = '' Port for the server to listen on. ''; }; serialPort = mkOption { type = types.path; - description = mdDoc '' + description = '' Serial port device path for Z-Wave controller. ''; example = "/dev/ttyUSB0"; @@ -30,7 +30,7 @@ in { secretsConfigFile = mkOption { type = types.path; - description = mdDoc '' + description = '' JSON file containing secret keys. A dummy example: ``` @@ -72,13 +72,13 @@ in { type = types.path; default = "/var/cache/zwave-js"; readOnly = true; - description = lib.mdDoc "Cache directory"; + description = "Cache directory"; }; }; }; }; default = {}; - description = mdDoc '' + description = '' Configuration settings for the generated config file. ''; @@ -88,7 +88,7 @@ in { type = with lib.types; listOf str; default = [ ]; example = [ "--mock-driver" ]; - description = lib.mdDoc '' + description = '' Extra flags to pass to command ''; }; diff --git a/nixpkgs/nixos/modules/services/logging/SystemdJournal2Gelf.nix b/nixpkgs/nixos/modules/services/logging/SystemdJournal2Gelf.nix index 429dde33b521..7c50e9e2c42f 100644 --- a/nixpkgs/nixos/modules/services/logging/SystemdJournal2Gelf.nix +++ b/nixpkgs/nixos/modules/services/logging/SystemdJournal2Gelf.nix @@ -10,7 +10,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable SystemdJournal2Gelf. ''; }; @@ -18,7 +18,7 @@ in graylogServer = mkOption { type = types.str; example = "graylog2.example.com:11201"; - description = lib.mdDoc '' + description = '' Host and port of your graylog2 input. This should be a GELF UDP input. ''; @@ -27,7 +27,7 @@ in extraOptions = mkOption { type = types.separatedString " "; default = ""; - description = lib.mdDoc '' + description = '' Any extra flags to pass to SystemdJournal2Gelf. Note that these are basically `journalctl` flags. ''; diff --git a/nixpkgs/nixos/modules/services/logging/awstats.nix b/nixpkgs/nixos/modules/services/logging/awstats.nix index 708775bfcf03..a5b0e6347b2b 100644 --- a/nixpkgs/nixos/modules/services/logging/awstats.nix +++ b/nixpkgs/nixos/modules/services/logging/awstats.nix @@ -11,21 +11,21 @@ let type = types.enum [ "mail" "web" ]; default = "web"; example = "mail"; - description = lib.mdDoc '' + description = '' The type of log being collected. ''; }; domain = mkOption { type = types.str; default = name; - description = lib.mdDoc "The domain name to collect stats for."; + description = "The domain name to collect stats for."; example = "example.com"; }; logFile = mkOption { type = types.str; example = "/var/log/nginx/access.log"; - description = lib.mdDoc '' + description = '' The log file to be scanned. For mail, set this to @@ -38,7 +38,7 @@ let logFormat = mkOption { type = types.str; default = "1"; - description = lib.mdDoc '' + description = '' The log format being used. For mail, set this to @@ -52,7 +52,7 @@ let type = types.listOf types.str; default = []; example = [ "www.example.org" ]; - description = lib.mdDoc '' + description = '' List of aliases the site has. ''; }; @@ -65,22 +65,22 @@ let "ValidHTTPCodes" = "404"; } ''; - description = lib.mdDoc "Extra configuration to be appended to awstats.\${name}.conf."; + description = "Extra configuration to be appended to awstats.\${name}.conf."; }; webService = { - enable = mkEnableOption (lib.mdDoc "awstats web service"); + enable = mkEnableOption "awstats web service"; hostname = mkOption { type = types.str; default = config.domain; - description = lib.mdDoc "The hostname the web service appears under."; + description = "The hostname the web service appears under."; }; urlPrefix = mkOption { type = types.str; default = "/awstats"; - description = lib.mdDoc "The URL prefix under which the awstats pages appear."; + description = "The URL prefix under which the awstats pages appear."; }; }; }; @@ -95,12 +95,12 @@ in ]; options.services.awstats = { - enable = mkEnableOption (lib.mdDoc "awstats"); + enable = mkEnableOption "awstats, a real-time logfile analyzer"; dataDir = mkOption { type = types.path; default = "/var/lib/awstats"; - description = lib.mdDoc "The directory where awstats data will be stored."; + description = "The directory where awstats data will be stored."; }; configs = mkOption { @@ -114,14 +114,14 @@ in }; } ''; - description = lib.mdDoc "Attribute set of domains to collect stats for."; + description = "Attribute set of domains to collect stats for."; }; updateAt = mkOption { type = types.nullOr types.str; default = null; example = "hourly"; - description = lib.mdDoc '' + description = '' Specification of the time at which awstats will get updated. (in the format described by {manpage}`systemd.time(7)`) ''; diff --git a/nixpkgs/nixos/modules/services/logging/filebeat.nix b/nixpkgs/nixos/modules/services/logging/filebeat.nix index 071e001eb3c5..57e0c6073578 100644 --- a/nixpkgs/nixos/modules/services/logging/filebeat.nix +++ b/nixpkgs/nixos/modules/services/logging/filebeat.nix @@ -19,14 +19,14 @@ in services.filebeat = { - enable = mkEnableOption (lib.mdDoc "filebeat"); + enable = mkEnableOption "filebeat"; package = mkPackageOption pkgs "filebeat" { example = "filebeat7"; }; inputs = mkOption { - description = lib.mdDoc '' + description = '' Inputs specify how Filebeat locates and processes input data. This is like `services.filebeat.settings.filebeat.inputs`, @@ -48,7 +48,7 @@ in type = mkOption { type = types.str; default = name; - description = lib.mdDoc '' + description = '' The input type. Look for the value after `type:` on @@ -72,7 +72,7 @@ in }; modules = mkOption { - description = lib.mdDoc '' + description = '' Filebeat modules provide a quick way to get started processing common log formats. They contain default configurations, Elasticsearch ingest pipeline definitions, @@ -98,7 +98,7 @@ in module = mkOption { type = types.str; default = name; - description = lib.mdDoc '' + description = '' The name of the module. Look for the value after `module:` on @@ -134,7 +134,7 @@ in type = with types; listOf str; default = [ "127.0.0.1:9200" ]; example = [ "myEShost:9200" ]; - description = lib.mdDoc '' + description = '' The list of Elasticsearch nodes to connect to. The events are distributed to these nodes in round @@ -154,7 +154,7 @@ in type = types.listOf json.type; default = []; internal = true; - description = lib.mdDoc '' + description = '' Inputs specify how Filebeat locates and processes input data. Use [](#opt-services.filebeat.inputs) instead. @@ -165,7 +165,7 @@ in type = types.listOf json.type; default = []; internal = true; - description = lib.mdDoc '' + description = '' Filebeat modules provide a quick way to get started processing common log formats. They contain default configurations, Elasticsearch ingest pipeline @@ -194,7 +194,7 @@ in }; ''; - description = lib.mdDoc '' + description = '' Configuration for filebeat. See <https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-reference-yml.html> for supported values. diff --git a/nixpkgs/nixos/modules/services/logging/fluentd.nix b/nixpkgs/nixos/modules/services/logging/fluentd.nix index c8718f26db38..bbf905eca06b 100644 --- a/nixpkgs/nixos/modules/services/logging/fluentd.nix +++ b/nixpkgs/nixos/modules/services/logging/fluentd.nix @@ -12,12 +12,12 @@ in { options = { services.fluentd = { - enable = mkEnableOption (lib.mdDoc "fluentd"); + enable = mkEnableOption "fluentd, a data/log collector"; config = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Fluentd config."; + description = "Fluentd config."; }; package = mkPackageOption pkgs "fluentd" { }; @@ -25,7 +25,7 @@ in { plugins = mkOption { type = types.listOf types.path; default = []; - description = lib.mdDoc '' + description = '' A list of plugin paths to pass into fluentd. It will make plugins defined in ruby files there available in your config. ''; diff --git a/nixpkgs/nixos/modules/services/logging/graylog.nix b/nixpkgs/nixos/modules/services/logging/graylog.nix index 673930c4cb5c..25982022c068 100644 --- a/nixpkgs/nixos/modules/services/logging/graylog.nix +++ b/nixpkgs/nixos/modules/services/logging/graylog.nix @@ -33,36 +33,36 @@ in services.graylog = { - enable = mkEnableOption (lib.mdDoc "Graylog"); + enable = mkEnableOption "Graylog, a log management solution"; package = mkOption { type = types.package; default = if versionOlder config.system.stateVersion "23.05" then pkgs.graylog-3_3 else pkgs.graylog-5_1; defaultText = literalExpression (if versionOlder config.system.stateVersion "23.05" then "pkgs.graylog-3_3" else "pkgs.graylog-5_1"); - description = lib.mdDoc "Graylog package to use."; + description = "Graylog package to use."; }; user = mkOption { type = types.str; default = "graylog"; - description = lib.mdDoc "User account under which graylog runs"; + description = "User account under which graylog runs"; }; isMaster = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether this is the master instance of your Graylog cluster"; + description = "Whether this is the master instance of your Graylog cluster"; }; nodeIdFile = mkOption { type = types.str; default = "/var/lib/graylog/server/node-id"; - description = lib.mdDoc "Path of the file containing the graylog node-id"; + description = "Path of the file containing the graylog node-id"; }; passwordSecret = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters. Generate one by using for example: pwgen -N 1 -s 96 ''; @@ -71,13 +71,13 @@ in rootUsername = mkOption { type = types.str; default = "admin"; - description = lib.mdDoc "Name of the default administrator user"; + description = "Name of the default administrator user"; }; rootPasswordSha2 = mkOption { type = types.str; example = "e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e952"; - description = lib.mdDoc '' + description = '' You MUST specify a hash password for the root user (which you only need to initially set up the system and in case you lose connectivity to your authentication backend) This password cannot be changed using the API or via the web interface. If you need to change it, @@ -90,29 +90,29 @@ in elasticsearchHosts = mkOption { type = types.listOf types.str; example = literalExpression ''[ "http://node1:9200" "http://user:password@node2:19200" ]''; - description = lib.mdDoc "List of valid URIs of the http ports of your elastic nodes. If one or more of your elasticsearch hosts require authentication, include the credentials in each node URI that requires authentication"; + description = "List of valid URIs of the http ports of your elastic nodes. If one or more of your elasticsearch hosts require authentication, include the credentials in each node URI that requires authentication"; }; messageJournalDir = mkOption { type = types.str; default = "/var/lib/graylog/data/journal"; - description = lib.mdDoc "The directory which will be used to store the message journal. The directory must be exclusively used by Graylog and must not contain any other files than the ones created by Graylog itself"; + description = "The directory which will be used to store the message journal. The directory must be exclusively used by Graylog and must not contain any other files than the ones created by Graylog itself"; }; mongodbUri = mkOption { type = types.str; default = "mongodb://localhost/graylog"; - description = lib.mdDoc "MongoDB connection string. See http://docs.mongodb.org/manual/reference/connection-string/ for details"; + description = "MongoDB connection string. See http://docs.mongodb.org/manual/reference/connection-string/ for details"; }; extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Any other configuration options you might want to add"; + description = "Any other configuration options you might want to add"; }; plugins = mkOption { - description = lib.mdDoc "Extra graylog plugins"; + description = "Extra graylog plugins"; default = [ ]; type = types.listOf types.package; }; diff --git a/nixpkgs/nixos/modules/services/logging/heartbeat.nix b/nixpkgs/nixos/modules/services/logging/heartbeat.nix index 768ffe5315fe..1a264cebf6a2 100644 --- a/nixpkgs/nixos/modules/services/logging/heartbeat.nix +++ b/nixpkgs/nixos/modules/services/logging/heartbeat.nix @@ -18,7 +18,7 @@ in services.heartbeat = { - enable = mkEnableOption (lib.mdDoc "heartbeat"); + enable = mkEnableOption "heartbeat, uptime monitoring"; package = mkPackageOption pkgs "heartbeat" { example = "heartbeat7"; @@ -27,19 +27,19 @@ in name = mkOption { type = types.str; default = "heartbeat"; - description = lib.mdDoc "Name of the beat"; + description = "Name of the beat"; }; tags = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc "Tags to place on the shipped log messages"; + description = "Tags to place on the shipped log messages"; }; stateDir = mkOption { type = types.str; default = "/var/lib/heartbeat"; - description = lib.mdDoc "The state directory. heartbeat's own logs and other data are stored here."; + description = "The state directory. heartbeat's own logs and other data are stored here."; }; extraConfig = mkOption { @@ -50,7 +50,7 @@ in urls: ["http://localhost:9200"] schedule: '@every 10s' ''; - description = lib.mdDoc "Any other configuration options you want to add"; + description = "Any other configuration options you want to add"; }; }; diff --git a/nixpkgs/nixos/modules/services/logging/journalbeat.nix b/nixpkgs/nixos/modules/services/logging/journalbeat.nix index 80933d6a0f96..e7d726ab1f61 100644 --- a/nixpkgs/nixos/modules/services/logging/journalbeat.nix +++ b/nixpkgs/nixos/modules/services/logging/journalbeat.nix @@ -18,26 +18,26 @@ in services.journalbeat = { - enable = mkEnableOption (lib.mdDoc "journalbeat"); + enable = mkEnableOption "journalbeat"; package = mkPackageOption pkgs "journalbeat" { }; name = mkOption { type = types.str; default = "journalbeat"; - description = lib.mdDoc "Name of the beat"; + description = "Name of the beat"; }; tags = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc "Tags to place on the shipped log messages"; + description = "Tags to place on the shipped log messages"; }; stateDir = mkOption { type = types.str; default = "journalbeat"; - description = lib.mdDoc '' + description = '' Directory below `/var/lib/` to store journalbeat's own logs and other data. This directory will be created automatically using systemd's StateDirectory mechanism. @@ -47,7 +47,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Any other configuration options you want to add"; + description = "Any other configuration options you want to add"; }; }; diff --git a/nixpkgs/nixos/modules/services/logging/journaldriver.nix b/nixpkgs/nixos/modules/services/logging/journaldriver.nix index 4d21464018aa..bb82f8cf30cc 100644 --- a/nixpkgs/nixos/modules/services/logging/journaldriver.nix +++ b/nixpkgs/nixos/modules/services/logging/journaldriver.nix @@ -17,7 +17,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable journaldriver to forward journald logs to Stackdriver Logging. ''; @@ -26,7 +26,7 @@ in { logLevel = mkOption { type = types.str; default = "info"; - description = lib.mdDoc '' + description = '' Log level at which journaldriver logs its own output. ''; }; @@ -34,7 +34,7 @@ in { logName = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Configures the name of the target log in Stackdriver Logging. This option can be set to, for example, the hostname of a machine to improve the user experience in the logging @@ -45,7 +45,7 @@ in { googleCloudProject = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Configures the name of the Google Cloud project to which to forward journald logs. @@ -57,7 +57,7 @@ in { logStream = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Configures the name of the Stackdriver Logging log stream into which to write journald entries. @@ -69,7 +69,7 @@ in { applicationCredentials = mkOption { type = with types; nullOr path; default = null; - description = lib.mdDoc '' + description = '' Path to the service account private key (in JSON-format) used to forward log entries to Stackdriver Logging on non-GCP instances. diff --git a/nixpkgs/nixos/modules/services/logging/journalwatch.nix b/nixpkgs/nixos/modules/services/logging/journalwatch.nix index 55e2d600ee4f..71b29d57b7eb 100644 --- a/nixpkgs/nixos/modules/services/logging/journalwatch.nix +++ b/nixpkgs/nixos/modules/services/logging/journalwatch.nix @@ -51,7 +51,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' If enabled, periodically check the journal with journalwatch and report the results by mail. ''; }; @@ -59,7 +59,7 @@ in { priority = mkOption { type = types.int; default = 6; - description = lib.mdDoc '' + description = '' Lowest priority of message to be considered. A value between 7 ("debug"), and 0 ("emerg"). Defaults to 6 ("info"). If you don't care about anything with "info" priority, you can reduce @@ -75,7 +75,7 @@ in { type = types.str; default = "journalwatch@${config.networking.hostName}"; defaultText = literalExpression ''"journalwatch@''${config.networking.hostName}"''; - description = lib.mdDoc '' + description = '' Mail address to send journalwatch reports from. ''; }; @@ -83,7 +83,7 @@ in { mailTo = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Mail address to send journalwatch reports to. ''; }; @@ -91,7 +91,7 @@ in { mailBinary = mkOption { type = types.path; default = "/run/wrappers/bin/sendmail"; - description = lib.mdDoc '' + description = '' Sendmail-compatible binary to be used to send the messages. ''; }; @@ -99,7 +99,7 @@ in { extraConfig = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Extra lines to be added verbatim to the journalwatch/config configuration file. You can add any commandline argument to the config, without the '--'. See `journalwatch --help` for all arguments and their description. @@ -112,7 +112,7 @@ in { match = mkOption { type = types.str; example = "SYSLOG_IDENTIFIER = systemd"; - description = lib.mdDoc '' + description = '' Syntax: `field = value` Specifies the log entry `field` this block should apply to. If the `field` of a message matches this `value`, @@ -129,7 +129,7 @@ in { (Stopped|Stopping|Starting|Started) .* (Reached target|Stopped target) .* ''; - description = lib.mdDoc '' + description = '' The filters to apply on all messages which satisfy {option}`match`. Any of those messages that match any specified filter will be removed from journalwatch's output. Each filter is an extended Python regular expression. @@ -175,7 +175,7 @@ in { ]; - description = lib.mdDoc '' + description = '' filterBlocks can be defined to blacklist journal messages which are not errors. Each block matches on a log entry field, and the filters in that block then are matched against all messages with a matching log entry field. @@ -191,7 +191,7 @@ in { interval = mkOption { type = types.str; default = "hourly"; - description = lib.mdDoc '' + description = '' How often to run journalwatch. The format is described in systemd.time(7). @@ -200,7 +200,7 @@ in { accuracy = mkOption { type = types.str; default = "10min"; - description = lib.mdDoc '' + description = '' The time window around the interval in which the journalwatch run will be scheduled. The format is described in systemd.time(7). diff --git a/nixpkgs/nixos/modules/services/logging/logcheck.nix b/nixpkgs/nixos/modules/services/logging/logcheck.nix index 5d87fc87d416..bda7f9a607e1 100644 --- a/nixpkgs/nixos/modules/services/logging/logcheck.nix +++ b/nixpkgs/nixos/modules/services/logging/logcheck.nix @@ -56,7 +56,7 @@ let levelOption = mkOption { default = "server"; type = types.enum [ "workstation" "server" "paranoid" ]; - description = lib.mdDoc '' + description = '' Set the logcheck level. ''; }; @@ -68,7 +68,7 @@ let regex = mkOption { default = ""; type = types.str; - description = lib.mdDoc '' + description = '' Regex specifying which log lines to ignore. ''; }; @@ -80,7 +80,7 @@ let user = mkOption { default = "root"; type = types.str; - description = lib.mdDoc '' + description = '' User that runs the cronjob. ''; }; @@ -88,7 +88,7 @@ let cmdline = mkOption { default = ""; type = types.str; - description = lib.mdDoc '' + description = '' Command line for the cron job. Will be turned into a regex for the logcheck ignore rule. ''; }; @@ -97,7 +97,7 @@ let default = null; type = types.nullOr (types.str); example = "02 06 * * *"; - description = lib.mdDoc '' + description = '' "min hr dom mon dow" crontab time args, to auto-create a cronjob too. Leave at null to not do this and just add a logcheck ignore rule. ''; @@ -109,12 +109,12 @@ in { options = { services.logcheck = { - enable = mkEnableOption (lib.mdDoc "logcheck cron job"); + enable = mkEnableOption "logcheck cron job, to mail anomalies in the system logfiles to the administrator"; user = mkOption { default = "logcheck"; type = types.str; - description = lib.mdDoc '' + description = '' Username for the logcheck user. ''; }; @@ -123,7 +123,7 @@ in default = "*"; example = "6"; type = types.str; - description = lib.mdDoc '' + description = '' Time of day to run logcheck. A logcheck will be scheduled at xx:02 each day. Leave default (*) to run every hour. Of course when nothing special was logged, logcheck will be silent. @@ -134,7 +134,7 @@ in default = "root"; example = "you@domain.com"; type = types.str; - description = lib.mdDoc '' + description = '' Email address to send reports to. ''; }; @@ -142,7 +142,7 @@ in level = mkOption { default = "server"; type = types.str; - description = lib.mdDoc '' + description = '' Set the logcheck level. Either "workstation", "server", or "paranoid". ''; }; @@ -150,7 +150,7 @@ in config = mkOption { default = "FQDN=1"; type = types.lines; - description = lib.mdDoc '' + description = '' Config options that you would like in logcheck.conf. ''; }; @@ -159,7 +159,7 @@ in default = [ "/var/log/messages" ]; type = types.listOf types.path; example = [ "/var/log/messages" "/var/log/mail" ]; - description = lib.mdDoc '' + description = '' Which log files to check. ''; }; @@ -168,14 +168,14 @@ in default = []; example = [ "/etc/logcheck" ]; type = types.listOf types.path; - description = lib.mdDoc '' + description = '' Directories with extra rules. ''; }; ignore = mkOption { default = {}; - description = lib.mdDoc '' + description = '' This option defines extra ignore rules. ''; type = with types; attrsOf (submodule ignoreOptions); @@ -183,7 +183,7 @@ in ignoreCron = mkOption { default = {}; - description = lib.mdDoc '' + description = '' This option defines extra ignore rules for cronjobs. ''; type = with types; attrsOf (submodule ignoreCronOptions); @@ -193,7 +193,7 @@ in default = []; type = types.listOf types.str; example = [ "postdrop" "mongodb" ]; - description = lib.mdDoc '' + description = '' Extra groups for the logcheck user, for example to be able to use sendmail, or to access certain log files. ''; diff --git a/nixpkgs/nixos/modules/services/logging/logrotate.nix b/nixpkgs/nixos/modules/services/logging/logrotate.nix index ba1445f08397..9344277fc1e0 100644 --- a/nixpkgs/nixos/modules/services/logging/logrotate.nix +++ b/nixpkgs/nixos/modules/services/logging/logrotate.nix @@ -95,18 +95,21 @@ in options = { services.logrotate = { - enable = mkEnableOption (lib.mdDoc "the logrotate systemd service") // { + enable = mkEnableOption "the logrotate systemd service" // { default = foldr (n: a: a || n.enable) false (attrValues cfg.settings); defaultText = literalExpression "cfg.settings != {}"; }; settings = mkOption { default = { }; - description = lib.mdDoc '' + description = '' logrotate freeform settings: each attribute here will define its own section, - ordered by priority, which can either define files to rotate with their settings + ordered by {option}`services.logrotate.settings.<name>.priority`, + which can either define files to rotate with their settings or settings common to all further files settings. - Refer to <https://linux.die.net/man/8/logrotate> for details. + All attribute names not explicitly defined as sub-options here are passed through + as logrotate config directives, + refer to <https://linux.die.net/man/8/logrotate> for details. ''; example = literalExpression '' { @@ -125,20 +128,28 @@ in "/var/log/second.log" ]; }; + # specify custom order of sections + "/var/log/myservice/*.log" = { + # ensure lower priority + priority = 110; + postrotate = ''' + systemctl reload myservice + '''; + }; }; ''; type = types.attrsOf (types.submodule ({ name, ... }: { freeformType = with types; attrsOf (nullOr (oneOf [ int bool str ])); options = { - enable = mkEnableOption (lib.mdDoc "setting individual kill switch") // { + enable = mkEnableOption "setting individual kill switch" // { default = true; }; global = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether this setting is a global option or not: set to have these settings apply to all files settings with a higher priority. ''; @@ -149,7 +160,7 @@ in defaultText = '' The attrset name if not specified ''; - description = lib.mdDoc '' + description = '' Single or list of files for which rules are defined. The files are quoted with double-quotes in logrotate configuration, so globs and spaces are supported. @@ -160,7 +171,7 @@ in frequency = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' How often to rotate the logs. Defaults to previously set global setting, which itself defaults to weekly. ''; @@ -169,7 +180,7 @@ in priority = mkOption { type = types.int; default = 1000; - description = lib.mdDoc '' + description = '' Order of this logrotate block in relation to the others. The semantics are the same as with `lib.mkOrder`. Smaller values are inserted first. ''; @@ -185,7 +196,7 @@ in defaultText = '' A configuration file automatically generated by NixOS. ''; - description = lib.mdDoc '' + description = '' Override the configuration file used by logrotate. By default, NixOS generates one automatically from [](#opt-services.logrotate.settings). ''; @@ -203,7 +214,7 @@ in checkConfig = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether the config should be checked at build time. Some options are not checkable at build time because of the build sandbox: @@ -213,7 +224,7 @@ in and users are replaced by dummy users), so tests are complemented by a logrotate-checkconf service that is enabled by default. This extra check can be disabled by disabling it at the systemd level with the - {option}`services.systemd.services.logrotate-checkconf.enable` option. + {option}`systemd.services.logrotate-checkconf.enable` option. Conversely there are still things that might make this check fail incorrectly (e.g. a file path where we don't have access to intermediate directories): diff --git a/nixpkgs/nixos/modules/services/logging/logstash.nix b/nixpkgs/nixos/modules/services/logging/logstash.nix index 22292dbd931b..53e2e91d6212 100644 --- a/nixpkgs/nixos/modules/services/logging/logstash.nix +++ b/nixpkgs/nixos/modules/services/logging/logstash.nix @@ -51,7 +51,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable logstash."; + description = "Enable logstash."; }; package = mkPackageOption pkgs "logstash" { }; @@ -60,13 +60,13 @@ in type = types.listOf types.path; default = [ ]; example = literalExpression "[ pkgs.logstash-contrib ]"; - description = lib.mdDoc "The paths to find other logstash plugins in."; + description = "The paths to find other logstash plugins in."; }; dataDir = mkOption { type = types.str; default = "/var/lib/logstash"; - description = lib.mdDoc '' + description = '' A path to directory writable by logstash that it uses to store data. Plugins will also have access to this path. ''; @@ -75,31 +75,31 @@ in logLevel = mkOption { type = types.enum [ "debug" "info" "warn" "error" "fatal" ]; default = "warn"; - description = lib.mdDoc "Logging verbosity level."; + description = "Logging verbosity level."; }; filterWorkers = mkOption { type = types.int; default = 1; - description = lib.mdDoc "The quantity of filter workers to run."; + description = "The quantity of filter workers to run."; }; listenAddress = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc "Address on which to start webserver."; + description = "Address on which to start webserver."; }; port = mkOption { type = types.str; default = "9292"; - description = lib.mdDoc "Port on which to start webserver."; + description = "Port on which to start webserver."; }; inputConfig = mkOption { type = types.lines; default = "generator { }"; - description = lib.mdDoc "Logstash input configuration."; + description = "Logstash input configuration."; example = literalExpression '' ''' # Read from journal @@ -114,7 +114,7 @@ in filterConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "logstash filter configuration."; + description = "logstash filter configuration."; example = '' if [type] == "syslog" { # Keep only relevant systemd fields @@ -132,7 +132,7 @@ in outputConfig = mkOption { type = types.lines; default = "stdout { codec => rubydebug }"; - description = lib.mdDoc "Logstash output configuration."; + description = "Logstash output configuration."; example = '' redis { host => ["localhost"] data_type => "list" key => "logstash" codec => json } elasticsearch { } @@ -142,7 +142,7 @@ in extraSettings = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Extra Logstash settings in YAML format."; + description = "Extra Logstash settings in YAML format."; example = '' pipeline: batch: @@ -154,7 +154,7 @@ in extraJvmOptions = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Extra JVM options, one per line (jvm.options format)."; + description = "Extra JVM options, one per line (jvm.options format)."; example = '' -Xms2g -Xmx2g diff --git a/nixpkgs/nixos/modules/services/logging/promtail.nix b/nixpkgs/nixos/modules/services/logging/promtail.nix index 9db82fd42b28..a34bc07b6ab2 100644 --- a/nixpkgs/nixos/modules/services/logging/promtail.nix +++ b/nixpkgs/nixos/modules/services/logging/promtail.nix @@ -12,12 +12,12 @@ let positionsFile = cfg.configuration.positions.filename; in { options.services.promtail = with types; { - enable = mkEnableOption (lib.mdDoc "the Promtail ingresser"); + enable = mkEnableOption "the Promtail ingresser"; configuration = mkOption { type = (pkgs.formats.json {}).type; - description = lib.mdDoc '' + description = '' Specify the configuration for Promtail in Nix. ''; }; @@ -26,7 +26,7 @@ in { type = listOf str; default = []; example = [ "--server.http-listen-port=3101" ]; - description = lib.mdDoc '' + description = '' Specify a list of additional command line flags, which get escaped and are then passed to Loki. ''; diff --git a/nixpkgs/nixos/modules/services/logging/rsyslogd.nix b/nixpkgs/nixos/modules/services/logging/rsyslogd.nix index 207d416c1a88..25b6eec5056c 100644 --- a/nixpkgs/nixos/modules/services/logging/rsyslogd.nix +++ b/nixpkgs/nixos/modules/services/logging/rsyslogd.nix @@ -39,7 +39,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable syslogd. Note that systemd also logs syslog messages, so you normally don't need to run syslogd. ''; @@ -48,7 +48,7 @@ in defaultConfig = mkOption { type = types.lines; default = defaultConf; - description = lib.mdDoc '' + description = '' The default {file}`syslog.conf` file configures a fairly standard setup of log files, which can be extended by means of {var}`extraConfig`. @@ -59,7 +59,7 @@ in type = types.lines; default = ""; example = "news.* -/var/log/news"; - description = lib.mdDoc '' + description = '' Additional text appended to {file}`syslog.conf`, i.e. the contents of {var}`defaultConfig`. ''; @@ -69,7 +69,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "-m 0" ]; - description = lib.mdDoc '' + description = '' Additional parameters passed to {command}`rsyslogd`. ''; }; diff --git a/nixpkgs/nixos/modules/services/logging/syslog-ng.nix b/nixpkgs/nixos/modules/services/logging/syslog-ng.nix index eea236263f7e..14e18d3f0eef 100644 --- a/nixpkgs/nixos/modules/services/logging/syslog-ng.nix +++ b/nixpkgs/nixos/modules/services/logging/syslog-ng.nix @@ -36,7 +36,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the syslog-ng daemon. ''; }; @@ -44,7 +44,7 @@ in { extraModulePaths = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' A list of paths that should be included in syslog-ng's `--module-path` option. They should usually end in `/lib/syslog-ng` @@ -53,7 +53,7 @@ in { extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Configuration added to the end of `syslog-ng.conf`. ''; }; @@ -63,7 +63,7 @@ in { @version: 4.4 @include "scl.conf" ''; - description = lib.mdDoc '' + description = '' The very first lines of the configuration file. Should usually contain the syslog-ng version header. ''; diff --git a/nixpkgs/nixos/modules/services/logging/syslogd.nix b/nixpkgs/nixos/modules/services/logging/syslogd.nix index 553973e255f7..8674fad69658 100644 --- a/nixpkgs/nixos/modules/services/logging/syslogd.nix +++ b/nixpkgs/nixos/modules/services/logging/syslogd.nix @@ -39,7 +39,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable syslogd. Note that systemd also logs syslog messages, so you normally don't need to run syslogd. ''; @@ -48,7 +48,7 @@ in tty = mkOption { type = types.str; default = "tty10"; - description = lib.mdDoc '' + description = '' The tty device on which syslogd will print important log messages. Leave this option blank to disable tty logging. ''; @@ -57,7 +57,7 @@ in defaultConfig = mkOption { type = types.lines; default = defaultConf; - description = lib.mdDoc '' + description = '' The default {file}`syslog.conf` file configures a fairly standard setup of log files, which can be extended by means of {var}`extraConfig`. @@ -67,7 +67,7 @@ in enableNetworkInput = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Accept logging through UDP. Option -r of syslogd(8). ''; }; @@ -76,7 +76,7 @@ in type = types.lines; default = ""; example = "news.* -/var/log/news"; - description = lib.mdDoc '' + description = '' Additional text appended to {file}`syslog.conf`, i.e. the contents of {var}`defaultConfig`. ''; @@ -86,7 +86,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "-m 0" ]; - description = lib.mdDoc '' + description = '' Additional parameters passed to {command}`syslogd`. ''; }; diff --git a/nixpkgs/nixos/modules/services/logging/ulogd.nix b/nixpkgs/nixos/modules/services/logging/ulogd.nix index 05c9797bb28b..5bd51ef88fe5 100644 --- a/nixpkgs/nixos/modules/services/logging/ulogd.nix +++ b/nixpkgs/nixos/modules/services/logging/ulogd.nix @@ -8,7 +8,7 @@ let in { options = { services.ulogd = { - enable = mkEnableOption (lib.mdDoc "ulogd"); + enable = mkEnableOption "ulogd, a userspace logging daemon for netfilter/iptables related logging"; settings = mkOption { example = { @@ -31,14 +31,14 @@ in { }; type = settingsFormat.type; default = { }; - description = lib.mdDoc + description = "Configuration for ulogd. See {file}`/share/doc/ulogd/` in `pkgs.ulogd.doc`."; }; logLevel = mkOption { type = types.enum [ 1 3 5 7 8 ]; default = 5; - description = lib.mdDoc + description = "Log level (1 = debug, 3 = info, 5 = notice, 7 = error, 8 = fatal)"; }; }; diff --git a/nixpkgs/nixos/modules/services/logging/vector.nix b/nixpkgs/nixos/modules/services/logging/vector.nix index 9ccf8a4fa061..129a38b1d20f 100644 --- a/nixpkgs/nixos/modules/services/logging/vector.nix +++ b/nixpkgs/nixos/modules/services/logging/vector.nix @@ -6,14 +6,14 @@ let cfg = config.services.vector; in { options.services.vector = { - enable = mkEnableOption (lib.mdDoc "Vector"); + enable = mkEnableOption "Vector, a high-performance observability data pipeline"; package = mkPackageOption pkgs "vector" { }; journaldAccess = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable Vector to access journald. ''; }; @@ -21,7 +21,7 @@ in settings = mkOption { type = (pkgs.formats.json { }).type; default = { }; - description = lib.mdDoc '' + description = '' Specify the configuration for Vector in Nix. ''; }; diff --git a/nixpkgs/nixos/modules/services/mail/clamsmtp.nix b/nixpkgs/nixos/modules/services/mail/clamsmtp.nix index a0de25962845..5bcf8ecdde1a 100644 --- a/nixpkgs/nixos/modules/services/mail/clamsmtp.nix +++ b/nixpkgs/nixos/modules/services/mail/clamsmtp.nix @@ -12,17 +12,16 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable clamsmtp."; + description = "Whether to enable clamsmtp."; }; instances = mkOption { - description = lib.mdDoc "Instances of clamsmtp to run."; + description = "Instances of clamsmtp to run."; type = types.listOf (types.submodule { options = { action = mkOption { type = types.enum [ "bounce" "drop" "pass" ]; default = "drop"; - description = - lib.mdDoc '' + description = '' Action to take when a virus is detected. Note that viruses often spoof sender addresses, so bouncing is @@ -34,8 +33,7 @@ in type = types.str; default = ""; example = "X-Virus-Scanned: ClamAV using ClamSMTP"; - description = - lib.mdDoc '' + description = '' A header to add to scanned messages. See clamsmtpd.conf(5) for more details. Empty means no header. ''; @@ -44,8 +42,7 @@ in keepAlives = mkOption { type = types.int; default = 0; - description = - lib.mdDoc '' + description = '' Number of seconds to wait between each NOOP sent to the sending server. 0 to disable. @@ -57,8 +54,7 @@ in listen = mkOption { type = types.str; example = "127.0.0.1:10025"; - description = - lib.mdDoc '' + description = '' Address to wait for incoming SMTP connections on. See clamsmtpd.conf(5) for more details. ''; @@ -67,8 +63,7 @@ in quarantine = mkOption { type = types.bool; default = false; - description = - lib.mdDoc '' + description = '' Whether to quarantine files that contain viruses by leaving them in the temporary directory. ''; @@ -77,13 +72,12 @@ in maxConnections = mkOption { type = types.int; default = 64; - description = lib.mdDoc "Maximum number of connections to accept at once."; + description = "Maximum number of connections to accept at once."; }; outAddress = mkOption { type = types.str; - description = - lib.mdDoc '' + description = '' Address of the SMTP server to send email to once it has been scanned. ''; @@ -92,8 +86,7 @@ in tempDirectory = mkOption { type = types.str; default = "/tmp"; - description = - lib.mdDoc '' + description = '' Temporary directory that needs to be accessible to both clamd and clamsmtpd. ''; @@ -102,20 +95,19 @@ in timeout = mkOption { type = types.int; default = 180; - description = lib.mdDoc "Time-out for network connections."; + description = "Time-out for network connections."; }; transparentProxy = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable clamsmtp's transparent proxy support."; + description = "Enable clamsmtp's transparent proxy support."; }; virusAction = mkOption { type = with types; nullOr path; default = null; - description = - lib.mdDoc '' + description = '' Command to run when a virus is found. Please see VIRUS ACTION in clamsmtpd(8) for a discussion of this option and its safe use. ''; @@ -124,8 +116,7 @@ in xClient = mkOption { type = types.bool; default = false; - description = - lib.mdDoc '' + description = '' Send the XCLIENT command to the receiving server, for forwarding client addresses and connection information if the receiving server supports this feature. diff --git a/nixpkgs/nixos/modules/services/mail/davmail.nix b/nixpkgs/nixos/modules/services/mail/davmail.nix index 9cdb435af4a1..46ddaedd4bf6 100644 --- a/nixpkgs/nixos/modules/services/mail/davmail.nix +++ b/nixpkgs/nixos/modules/services/mail/davmail.nix @@ -25,18 +25,18 @@ in { options.services.davmail = { - enable = mkEnableOption (lib.mdDoc "davmail, an MS Exchange gateway"); + enable = mkEnableOption "davmail, an MS Exchange gateway"; url = mkOption { type = types.str; - description = lib.mdDoc "Outlook Web Access URL to access the exchange server, i.e. the base webmail URL."; + description = "Outlook Web Access URL to access the exchange server, i.e. the base webmail URL."; example = "https://outlook.office365.com/EWS/Exchange.asmx"; }; config = mkOption { type = configType; default = {}; - description = lib.mdDoc '' + description = '' Davmail configuration. Refer to <http://davmail.sourceforge.net/serversetup.html> and <http://davmail.sourceforge.net/advanced.html> diff --git a/nixpkgs/nixos/modules/services/mail/dkimproxy-out.nix b/nixpkgs/nixos/modules/services/mail/dkimproxy-out.nix index 6f9cbc4e9d4d..48ccf2dda601 100644 --- a/nixpkgs/nixos/modules/services/mail/dkimproxy-out.nix +++ b/nixpkgs/nixos/modules/services/mail/dkimproxy-out.nix @@ -14,8 +14,7 @@ in enable = mkOption { type = types.bool; default = false; - description = - lib.mdDoc '' + description = '' Whether to enable dkimproxy_out. Note that a key will be auto-generated, and can be found in @@ -26,26 +25,25 @@ in listen = mkOption { type = types.str; example = "127.0.0.1:10027"; - description = lib.mdDoc "Address:port DKIMproxy should listen on."; + description = "Address:port DKIMproxy should listen on."; }; relay = mkOption { type = types.str; example = "127.0.0.1:10028"; - description = lib.mdDoc "Address:port DKIMproxy should forward mail to."; + description = "Address:port DKIMproxy should forward mail to."; }; domains = mkOption { type = with types; listOf str; example = [ "example.org" "example.com" ]; - description = lib.mdDoc "List of domains DKIMproxy can sign for."; + description = "List of domains DKIMproxy can sign for."; }; selector = mkOption { type = types.str; example = "selector1"; - description = - lib.mdDoc '' + description = '' The selector to use for DKIM key identification. For example, if 'selector1' is used here, then for each domain @@ -58,8 +56,7 @@ in keySize = mkOption { type = types.int; default = 2048; - description = - lib.mdDoc '' + description = '' Size of the RSA key to use to sign outgoing emails. Note that the maximum mandatorily verified as per RFC6376 is 2048. ''; diff --git a/nixpkgs/nixos/modules/services/mail/dovecot.nix b/nixpkgs/nixos/modules/services/mail/dovecot.nix index 71baa2bb1852..b2a6b3ab6784 100644 --- a/nixpkgs/nixos/modules/services/mail/dovecot.nix +++ b/nixpkgs/nixos/modules/services/mail/dovecot.nix @@ -195,25 +195,25 @@ let example = "Spam"; default = name; readOnly = true; - description = lib.mdDoc "The name of the mailbox."; + description = "The name of the mailbox."; }; auto = mkOption { type = types.enum [ "no" "create" "subscribe" ]; default = "no"; example = "subscribe"; - description = lib.mdDoc "Whether to automatically create or create and subscribe to the mailbox or not."; + description = "Whether to automatically create or create and subscribe to the mailbox or not."; }; specialUse = mkOption { type = types.nullOr (types.enum [ "All" "Archive" "Drafts" "Flagged" "Junk" "Sent" "Trash" ]); default = null; example = "Junk"; - description = lib.mdDoc "Null if no special use flag is set. Other than that every use flag mentioned in the RFC is valid."; + description = "Null if no special use flag is set. Other than that every use flag mentioned in the RFC is valid."; }; autoexpunge = mkOption { type = types.nullOr types.str; default = null; example = "60d"; - description = lib.mdDoc '' + description = '' To automatically remove all email from the mailbox which is older than the specified time. ''; @@ -228,37 +228,37 @@ in ]; options.services.dovecot2 = { - enable = mkEnableOption (lib.mdDoc "the dovecot 2.x POP3/IMAP server"); + enable = mkEnableOption "the dovecot 2.x POP3/IMAP server"; - enablePop3 = mkEnableOption (lib.mdDoc "starting the POP3 listener (when Dovecot is enabled)"); + enablePop3 = mkEnableOption "starting the POP3 listener (when Dovecot is enabled)"; - enableImap = mkEnableOption (lib.mdDoc "starting the IMAP listener (when Dovecot is enabled)") // { default = true; }; + enableImap = mkEnableOption "starting the IMAP listener (when Dovecot is enabled)" // { default = true; }; - enableLmtp = mkEnableOption (lib.mdDoc "starting the LMTP listener (when Dovecot is enabled)"); + enableLmtp = mkEnableOption "starting the LMTP listener (when Dovecot is enabled)"; protocols = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc "Additional listeners to start when Dovecot is enabled."; + description = "Additional listeners to start when Dovecot is enabled."; }; user = mkOption { type = types.str; default = "dovecot2"; - description = lib.mdDoc "Dovecot user name."; + description = "Dovecot user name."; }; group = mkOption { type = types.str; default = "dovecot2"; - description = lib.mdDoc "Dovecot group name."; + description = "Dovecot group name."; }; extraConfig = mkOption { type = types.lines; default = ""; example = "mail_debug = yes"; - description = lib.mdDoc "Additional entries to put verbatim into Dovecot's config file."; + description = "Additional entries to put verbatim into Dovecot's config file."; }; mailPlugins = @@ -268,7 +268,7 @@ in enable = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc "mail plugins to enable as a list of strings to append to the ${hint} `$mail_plugins` configuration variable"; + description = "mail plugins to enable as a list of strings to append to the ${hint} `$mail_plugins` configuration variable"; }; }; }; @@ -277,20 +277,20 @@ in type = with types; submodule { options = { globally = mkOption { - description = lib.mdDoc "Additional entries to add to the mail_plugins variable for all protocols"; + description = "Additional entries to add to the mail_plugins variable for all protocols"; type = plugins "top-level"; example = { enable = [ "virtual" ]; }; default = { enable = []; }; }; perProtocol = mkOption { - description = lib.mdDoc "Additional entries to add to the mail_plugins variable, per protocol"; + description = "Additional entries to add to the mail_plugins variable, per protocol"; type = attrsOf (plugins "corresponding per-protocol"); default = {}; example = { imap = [ "imap_acl" ]; }; }; }; }; - description = lib.mdDoc "Additional entries to add to the mail_plugins variable, globally and per protocol"; + description = "Additional entries to add to the mail_plugins variable, globally and per protocol"; example = { globally.enable = [ "acl" ]; perProtocol.imap.enable = [ "imap_acl" ]; @@ -301,7 +301,7 @@ in configFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc "Config file used for the whole dovecot configuration."; + description = "Config file used for the whole dovecot configuration."; apply = v: if v != null then v else pkgs.writeText "dovecot.conf" dovecotConf; }; @@ -309,7 +309,7 @@ in type = types.str; default = "maildir:/var/spool/mail/%u"; /* Same as inbox, as postfix */ example = "maildir:~/mail:INBOX=/var/spool/mail/%u"; - description = lib.mdDoc '' + description = '' Location that dovecot will use for mail folders. Dovecot mail_location option. ''; }; @@ -317,24 +317,24 @@ in mailUser = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "Default user to store mail for virtual users."; + description = "Default user to store mail for virtual users."; }; mailGroup = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "Default group to store mail for virtual users."; + description = "Default group to store mail for virtual users."; }; - createMailUser = mkEnableOption (lib.mdDoc ''automatically creating the user + createMailUser = mkEnableOption ''automatically creating the user given in {option}`services.dovecot.user` and the group - given in {option}`services.dovecot.group`.'') // { default = true; }; + given in {option}`services.dovecot.group`.'' // { default = true; }; modules = mkOption { type = types.listOf types.package; default = []; example = literalExpression "[ pkgs.dovecot_pigeonhole ]"; - description = lib.mdDoc '' + description = '' Symlinks the contents of lib/dovecot of every given package into /etc/dovecot/modules. This will make the given modules available if a dovecot package with the module_dir patch applied is being used. @@ -344,26 +344,26 @@ in sslCACert = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "Path to the server's CA certificate key."; + description = "Path to the server's CA certificate key."; }; sslServerCert = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "Path to the server's public key."; + description = "Path to the server's public key."; }; sslServerKey = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "Path to the server's private key."; + description = "Path to the server's private key."; }; - enablePAM = mkEnableOption (lib.mdDoc "creating a own Dovecot PAM service and configure PAM user logins") // { default = true; }; + enablePAM = mkEnableOption "creating a own Dovecot PAM service and configure PAM user logins" // { default = true; }; - enableDHE = mkEnableOption (lib.mdDoc "ssl_dh and generation of primes for the key exchange") // { default = true; }; + enableDHE = mkEnableOption "ssl_dh and generation of primes for the key exchange" // { default = true; }; - showPAMFailure = mkEnableOption (lib.mdDoc "showing the PAM failure message on authentication error (useful for OTPW)"); + showPAMFailure = mkEnableOption "showing the PAM failure message on authentication error (useful for OTPW)"; mailboxes = mkOption { type = with types; coercedTo @@ -376,15 +376,15 @@ in Spam = { specialUse = "Junk"; auto = "create"; }; } ''; - description = lib.mdDoc "Configure mailboxes and auto create or subscribe them."; + description = "Configure mailboxes and auto create or subscribe them."; }; - enableQuota = mkEnableOption (lib.mdDoc "the dovecot quota service"); + enableQuota = mkEnableOption "the dovecot quota service"; quotaPort = mkOption { type = types.str; default = "12340"; - description = lib.mdDoc '' + description = '' The Port the dovecot quota service binds to. If using postfix, add check_policy_service inet:localhost:12340 to your smtpd_recipient_restrictions in your postfix config. ''; @@ -393,7 +393,7 @@ in type = types.str; default = "100G"; example = "10G"; - description = lib.mdDoc "Quota limit for the user in bytes. Supports suffixes b, k, M, G, T and %."; + description = "Quota limit for the user in bytes. Supports suffixes b, k, M, G, T and %."; }; @@ -505,7 +505,7 @@ in scripts = mkOption { type = types.attrsOf types.path; default = {}; - description = lib.mdDoc "Sieve scripts to be executed. Key is a sequence, e.g. 'before2', 'after' etc."; + description = "Sieve scripts to be executed. Key is a sequence, e.g. 'before2', 'after' etc."; }; pipeBins = mkOption { diff --git a/nixpkgs/nixos/modules/services/mail/dspam.nix b/nixpkgs/nixos/modules/services/mail/dspam.nix index 4fccd452a4fe..b81fe2652402 100644 --- a/nixpkgs/nixos/modules/services/mail/dspam.nix +++ b/nixpkgs/nixos/modules/services/mail/dspam.nix @@ -38,43 +38,43 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the dspam spam filter."; + description = "Whether to enable the dspam spam filter."; }; user = mkOption { type = types.str; default = "dspam"; - description = lib.mdDoc "User for the dspam daemon."; + description = "User for the dspam daemon."; }; group = mkOption { type = types.str; default = "dspam"; - description = lib.mdDoc "Group for the dspam daemon."; + description = "Group for the dspam daemon."; }; storageDriver = mkOption { type = types.str; default = "hash"; - description = lib.mdDoc "Storage driver backend to use for dspam."; + description = "Storage driver backend to use for dspam."; }; domainSocket = mkOption { type = types.nullOr types.path; default = defaultSock; - description = lib.mdDoc "Path to local domain socket which is used for communication with the daemon. Set to null to disable UNIX socket."; + description = "Path to local domain socket which is used for communication with the daemon. Set to null to disable UNIX socket."; }; extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Additional dspam configuration."; + description = "Additional dspam configuration."; }; maintenanceInterval = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "If set, maintenance script will be run at specified (in systemd.timer format) interval"; + description = "If set, maintenance script will be run at specified (in systemd.timer format) interval"; }; }; diff --git a/nixpkgs/nixos/modules/services/mail/exim.nix b/nixpkgs/nixos/modules/services/mail/exim.nix index 63d3fa54b23d..0a5ba9d76d15 100644 --- a/nixpkgs/nixos/modules/services/mail/exim.nix +++ b/nixpkgs/nixos/modules/services/mail/exim.nix @@ -17,13 +17,13 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the Exim mail transfer agent."; + description = "Whether to enable the Exim mail transfer agent."; }; config = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Verbatim Exim configuration. This should not contain exim_user, exim_group, exim_path, or spool_directory. ''; @@ -32,7 +32,7 @@ in user = mkOption { type = types.str; default = "exim"; - description = lib.mdDoc '' + description = '' User to use when no root privileges are required. In particular, this applies when receiving messages and when doing remote deliveries. (Local deliveries run as various non-root users, @@ -44,7 +44,7 @@ in group = mkOption { type = types.str; default = "exim"; - description = lib.mdDoc '' + description = '' Group to use when no root privileges are required. ''; }; @@ -52,7 +52,7 @@ in spoolDir = mkOption { type = types.path; default = "/var/spool/exim"; - description = lib.mdDoc '' + description = '' Location of the spool directory of exim. ''; }; @@ -66,7 +66,7 @@ in queueRunnerInterval = mkOption { type = types.str; default = "5m"; - description = lib.mdDoc '' + description = '' How often to spawn a new queue runner. ''; }; diff --git a/nixpkgs/nixos/modules/services/mail/goeland.nix b/nixpkgs/nixos/modules/services/mail/goeland.nix index 13092a65ed90..158b9ef982cc 100644 --- a/nixpkgs/nixos/modules/services/mail/goeland.nix +++ b/nixpkgs/nixos/modules/services/mail/goeland.nix @@ -8,10 +8,10 @@ let in { options.services.goeland = { - enable = mkEnableOption (mdDoc "goeland"); + enable = mkEnableOption "goeland, an alternative to rss2email"; settings = mkOption { - description = mdDoc '' + description = '' Configuration of goeland. See the [example config file](https://github.com/slurdge/goeland/blob/master/cmd/asset/config.default.toml) for the available options. ''; @@ -22,12 +22,12 @@ in type = types.str; default = "12h"; example = "Mon, 00:00:00"; - description = mdDoc "How often to run goeland, in systemd time format."; + description = "How often to run goeland, in systemd time format."; }; stateDir = mkOption { type = types.path; default = "/var/lib/goeland"; - description = mdDoc '' + description = '' The data directory for goeland where the database will reside if using the unseen filter. If left as the default value this directory will automatically be created before the goeland server starts, otherwise you are responsible for ensuring the directory exists with diff --git a/nixpkgs/nixos/modules/services/mail/listmonk.nix b/nixpkgs/nixos/modules/services/mail/listmonk.nix index d6399304cc10..482bc42696f9 100644 --- a/nixpkgs/nixos/modules/services/mail/listmonk.nix +++ b/nixpkgs/nixos/modules/services/mail/listmonk.nix @@ -35,20 +35,20 @@ let "app.notify_emails" = mkOption { type = listOf str; default = [ ]; - description = lib.mdDoc "Administrator emails for system notifications"; + description = "Administrator emails for system notifications"; }; "privacy.exportable" = mkOption { type = listOf str; default = [ "profile" "subscriptions" "campaign_views" "link_clicks" ]; - description = lib.mdDoc + description = "List of fields which can be exported through an automatic export request"; }; "privacy.domain_blocklist" = mkOption { type = listOf str; default = [ ]; - description = lib.mdDoc + description = "E-mail addresses with these domains are disallowed from subscribing."; }; @@ -57,30 +57,29 @@ let freeformType = with types; attrsOf anything; options = { - enabled = mkEnableOption (lib.mdDoc "this SMTP server for listmonk"); + enabled = mkEnableOption "this SMTP server for listmonk"; host = mkOption { type = types.str; - description = lib.mdDoc "Hostname for the SMTP server"; + description = "Hostname for the SMTP server"; }; port = mkOption { type = types.port; - description = lib.mdDoc "Port for the SMTP server"; + description = "Port for the SMTP server"; }; max_conns = mkOption { type = types.int; - description = lib.mdDoc + description = "Maximum number of simultaneous connections, defaults to 1"; default = 1; }; tls_type = mkOption { type = types.enum [ "none" "STARTTLS" "TLS" ]; - description = - lib.mdDoc "Type of TLS authentication with the SMTP server"; + description = "Type of TLS authentication with the SMTP server"; }; }; }); - description = lib.mdDoc "List of outgoing SMTP servers"; + description = "List of outgoing SMTP servers"; }; # TODO: refine this type based on the smtp one. @@ -88,13 +87,13 @@ let type = listOf (submodule { freeformType = with types; listOf (attrsOf anything); }); default = [ ]; - description = lib.mdDoc "List of bounce mailboxes"; + description = "List of bounce mailboxes"; }; messengers = mkOption { type = listOf str; default = [ ]; - description = lib.mdDoc + description = "List of messengers, see: <https://github.com/knadh/listmonk/blob/master/models/settings.go#L64-L74> for options."; }; }; @@ -103,26 +102,25 @@ in { ###### interface options = { services.listmonk = { - enable = mkEnableOption - (lib.mdDoc "Listmonk, this module assumes a reverse proxy to be set"); + enable = mkEnableOption "Listmonk, this module assumes a reverse proxy to be set"; database = { createLocally = mkOption { type = types.bool; default = false; - description = lib.mdDoc + description = "Create the PostgreSQL database and database user locally."; }; settings = mkOption { default = null; type = with types; nullOr (submodule databaseSettingsOpts); - description = lib.mdDoc + description = "Dynamic settings in the PostgreSQL database, set by a SQL script, see <https://github.com/knadh/listmonk/blob/master/schema.sql#L177-L230> for details."; }; mutableSettings = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Database settings will be reset to the value set in this module if this is not enabled. Enable this if you want to persist changes you have done in the application. ''; @@ -131,7 +129,7 @@ in { package = mkPackageOption pkgs "listmonk" {}; settings = mkOption { type = types.submodule { freeformType = tomlFormat.type; }; - description = lib.mdDoc '' + description = '' Static settings set in the config.toml, see <https://github.com/knadh/listmonk/blob/master/config.toml.sample> for details. You can set secrets using the secretFile option with environment variables following <https://listmonk.app/docs/configuration/#environment-variables>. ''; @@ -139,7 +137,7 @@ in { secretFile = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc + description = "A file containing secrets as environment variables. See <https://listmonk.app/docs/configuration/#environment-variables> for details on supported values."; }; }; diff --git a/nixpkgs/nixos/modules/services/mail/maddy.nix b/nixpkgs/nixos/modules/services/mail/maddy.nix index 2c4d75e8391a..7c67d4e6135e 100644 --- a/nixpkgs/nixos/modules/services/mail/maddy.nix +++ b/nixpkgs/nixos/modules/services/mail/maddy.nix @@ -138,12 +138,12 @@ in { options = { services.maddy = { - enable = mkEnableOption (lib.mdDoc "Maddy, a free an open source mail server"); + enable = mkEnableOption "Maddy, a free an open source mail server"; user = mkOption { default = "maddy"; type = with types; uniq str; - description = lib.mdDoc '' + description = '' User account under which maddy runs. ::: {.note} @@ -157,7 +157,7 @@ in { group = mkOption { default = "maddy"; type = with types; uniq str; - description = lib.mdDoc '' + description = '' Group account under which maddy runs. ::: {.note} @@ -172,7 +172,7 @@ in { default = "localhost"; type = with types; uniq str; example = ''example.com''; - description = lib.mdDoc '' + description = '' Hostname to use. It should be FQDN. ''; }; @@ -181,7 +181,7 @@ in { default = "localhost"; type = with types; uniq str; example = ''mail.example.com''; - description = lib.mdDoc '' + description = '' Primary MX domain to use. It should be FQDN. ''; }; @@ -194,7 +194,7 @@ in { "example.com" "other.example.com" ]; - description = lib.mdDoc '' + description = '' Define list of allowed domains. ''; }; @@ -202,7 +202,7 @@ in { config = mkOption { type = with types; nullOr lines; default = defaultConfig; - description = lib.mdDoc '' + description = '' Server configuration, see [https://maddy.email](https://maddy.email) for more information. The default configuration of this module will setup @@ -218,7 +218,7 @@ in { loader = mkOption { type = with types; nullOr (enum [ "off" "file" "acme" ]); default = "off"; - description = lib.mdDoc '' + description = '' TLS certificates are obtained by modules called "certificate loaders". @@ -243,14 +243,14 @@ in { keyPath = mkOption { type = types.path; example = "/etc/ssl/mx1.example.org.key"; - description = lib.mdDoc '' + description = '' Path to the private key used for TLS. ''; }; certPath = mkOption { type = types.path; example = "/etc/ssl/mx1.example.org.crt"; - description = lib.mdDoc '' + description = '' Path to the certificate used for TLS. ''; }; @@ -263,7 +263,7 @@ in { certPath = "/etc/ssl/mx1.example.org.crt"; }] ''; - description = lib.mdDoc '' + description = '' A list of attribute sets containing paths to TLS certificates and keys. Maddy will use SNI if multiple pairs are selected. ''; @@ -271,7 +271,7 @@ in { extraConfig = mkOption { type = with types; nullOr lines; - description = lib.mdDoc '' + description = '' Arguments for the specified certificate loader. In case the `tls` loader is set, the defaults are considered secure @@ -287,7 +287,7 @@ in { openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Open the configured incoming and outgoing mail server ports. ''; }; @@ -295,7 +295,7 @@ in { ensureAccounts = mkOption { type = with types; listOf str; default = []; - description = lib.mdDoc '' + description = '' List of IMAP accounts which get automatically created. Note that for a complete setup, user credentials for these accounts are required and can be created using the `ensureCredentials` option. @@ -309,7 +309,7 @@ in { ensureCredentials = mkOption { default = {}; - description = lib.mdDoc '' + description = '' List of user accounts which get automatically created if they don't exist yet. Note that for a complete setup, corresponding mail boxes have to get created using the `ensureAccounts` option. @@ -325,7 +325,7 @@ in { type = types.path; example = "/path/to/file"; default = null; - description = lib.mdDoc '' + description = '' Specifies the path to a file containing the clear text password for the user. ''; @@ -336,7 +336,7 @@ in { secrets = lib.mkOption { type = with types; listOf path; - description = lib.mdDoc '' + description = '' A list of files containing the various secrets. Should be in the format expected by systemd's `EnvironmentFile` directory. Secrets can be referenced in the format `{env:VAR}`. diff --git a/nixpkgs/nixos/modules/services/mail/mail.nix b/nixpkgs/nixos/modules/services/mail/mail.nix index 8e1424595b51..fcc7ff6db91b 100644 --- a/nixpkgs/nixos/modules/services/mail/mail.nix +++ b/nixpkgs/nixos/modules/services/mail/mail.nix @@ -14,7 +14,7 @@ with lib; type = types.nullOr options.security.wrappers.type.nestedTypes.elemType; default = null; internal = true; - description = lib.mdDoc '' + description = '' Configuration for the sendmail setuid wapper. ''; }; diff --git a/nixpkgs/nixos/modules/services/mail/mailcatcher.nix b/nixpkgs/nixos/modules/services/mail/mailcatcher.nix index d0f4550c1926..6728bbcd3b8e 100644 --- a/nixpkgs/nixos/modules/services/mail/mailcatcher.nix +++ b/nixpkgs/nixos/modules/services/mail/mailcatcher.nix @@ -11,37 +11,37 @@ in options = { services.mailcatcher = { - enable = mkEnableOption (lib.mdDoc "MailCatcher"); + enable = mkEnableOption "MailCatcher, an SMTP server and web interface to locally test outbound emails"; http.ip = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc "The ip address of the http server."; + description = "The ip address of the http server."; }; http.port = mkOption { type = types.port; default = 1080; - description = lib.mdDoc "The port address of the http server."; + description = "The port address of the http server."; }; http.path = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc "Prefix to all HTTP paths."; + description = "Prefix to all HTTP paths."; example = "/mailcatcher"; }; smtp.ip = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc "The ip address of the smtp server."; + description = "The ip address of the smtp server."; }; smtp.port = mkOption { type = types.port; default = 1025; - description = lib.mdDoc "The port address of the smtp server."; + description = "The port address of the smtp server."; }; }; diff --git a/nixpkgs/nixos/modules/services/mail/mailhog.nix b/nixpkgs/nixos/modules/services/mail/mailhog.nix index 7ae62de291ba..455e5095495e 100644 --- a/nixpkgs/nixos/modules/services/mail/mailhog.nix +++ b/nixpkgs/nixos/modules/services/mail/mailhog.nix @@ -27,36 +27,36 @@ in options = { services.mailhog = { - enable = mkEnableOption (lib.mdDoc "MailHog"); + enable = mkEnableOption "MailHog, web and API based SMTP testing"; storage = mkOption { type = types.enum [ "maildir" "memory" ]; default = "memory"; - description = lib.mdDoc "Store mails on disk or in memory."; + description = "Store mails on disk or in memory."; }; apiPort = mkOption { type = types.port; default = 8025; - description = lib.mdDoc "Port on which the API endpoint will listen."; + description = "Port on which the API endpoint will listen."; }; smtpPort = mkOption { type = types.port; default = 1025; - description = lib.mdDoc "Port on which the SMTP endpoint will listen."; + description = "Port on which the SMTP endpoint will listen."; }; uiPort = mkOption { type = types.port; default = 8025; - description = lib.mdDoc "Port on which the HTTP UI will listen."; + description = "Port on which the HTTP UI will listen."; }; extraArgs = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc "List of additional arguments to pass to the MailHog process."; + description = "List of additional arguments to pass to the MailHog process."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/mail/mailman.nix b/nixpkgs/nixos/modules/services/mail/mailman.nix index 6b1aef68245b..8e934233617e 100644 --- a/nixpkgs/nixos/modules/services/mail/mailman.nix +++ b/nixpkgs/nixos/modules/services/mail/mailman.nix @@ -88,29 +88,29 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable Mailman on this host. Requires an active MTA on the host (e.g. Postfix)."; + description = "Enable Mailman on this host. Requires an active MTA on the host (e.g. Postfix)."; }; ldap = { - enable = mkEnableOption (lib.mdDoc "LDAP auth"); + enable = mkEnableOption "LDAP auth"; serverUri = mkOption { type = types.str; example = "ldaps://ldap.host"; - description = lib.mdDoc '' + description = '' LDAP host to connect against. ''; }; bindDn = mkOption { type = types.str; example = "cn=root,dc=nixos,dc=org"; - description = lib.mdDoc '' + description = '' Service account to bind against. ''; }; bindPasswordFile = mkOption { type = types.str; example = "/run/secrets/ldap-bind"; - description = lib.mdDoc '' + description = '' Path to the file containing the bind password of the service account defined by [](#opt-services.mailman.ldap.bindDn). ''; @@ -119,7 +119,7 @@ in { type = types.nullOr types.str; default = null; example = "cn=admin,ou=groups,dc=nixos,dc=org"; - description = lib.mdDoc '' + description = '' Group where a user must be a member of to gain superuser rights. ''; }; @@ -127,14 +127,14 @@ in { query = mkOption { type = types.str; example = "(&(objectClass=inetOrgPerson)(|(uid=%(user)s)(mail=%(user)s)))"; - description = lib.mdDoc '' + description = '' Query to find a user in the LDAP database. ''; }; ou = mkOption { type = types.str; example = "ou=users,dc=nixos,dc=org"; - description = lib.mdDoc '' + description = '' Organizational unit to look up a user. ''; }; @@ -148,21 +148,21 @@ in { ]; default = "posixGroup"; apply = v: "${toUpper (substring 0 1 v)}${substring 1 (stringLength v) v}Type"; - description = lib.mdDoc '' + description = '' Type of group to perform a group search against. ''; }; query = mkOption { type = types.str; example = "(objectClass=groupOfNames)"; - description = lib.mdDoc '' + description = '' Query to find a group associated to a user in the LDAP database. ''; }; ou = mkOption { type = types.str; example = "ou=groups,dc=nixos,dc=org"; - description = lib.mdDoc '' + description = '' Organizational unit to look up a group. ''; }; @@ -171,28 +171,28 @@ in { username = mkOption { default = "uid"; type = types.str; - description = lib.mdDoc '' + description = '' LDAP-attribute that corresponds to the `username`-attribute in mailman. ''; }; firstName = mkOption { default = "givenName"; type = types.str; - description = lib.mdDoc '' + description = '' LDAP-attribute that corresponds to the `firstName`-attribute in mailman. ''; }; lastName = mkOption { default = "sn"; type = types.str; - description = lib.mdDoc '' + description = '' LDAP-attribute that corresponds to the `lastName`-attribute in mailman. ''; }; email = mkOption { default = "mail"; type = types.str; - description = lib.mdDoc '' + description = '' LDAP-attribute that corresponds to the `email`-attribute in mailman. ''; }; @@ -203,7 +203,7 @@ in { type = types.bool; default = true; example = false; - description = lib.mdDoc '' + description = '' Enable Postfix integration. Requires an active Postfix installation. If you want to use another MTA, set this option to false and configure @@ -216,7 +216,7 @@ in { siteOwner = mkOption { type = types.str; example = "postmaster@example.org"; - description = lib.mdDoc '' + description = '' Certain messages that must be delivered to a human, but which can't be delivered to a list owner (e.g. a bounce from a list owner), will be sent to this address. It should point to a human. @@ -226,7 +226,7 @@ in { webHosts = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' The list of hostnames and/or IP addresses from which the Mailman Web UI will accept requests. By default, "localhost" and "127.0.0.1" are enabled. All additional names under which your web server accepts @@ -238,7 +238,7 @@ in { webUser = mkOption { type = types.str; default = "mailman-web"; - description = lib.mdDoc '' + description = '' User to run mailman-web as ''; }; @@ -246,7 +246,7 @@ in { webSettings = mkOption { type = types.attrs; default = {}; - description = lib.mdDoc '' + description = '' Overrides for the default mailman-web Django settings. ''; }; @@ -254,37 +254,37 @@ in { restApiPassFile = mkOption { default = null; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' Path to the file containing the value for `MAILMAN_REST_API_PASS`. ''; }; serve = { - enable = mkEnableOption (lib.mdDoc "automatic nginx and uwsgi setup for mailman-web"); + enable = mkEnableOption "automatic nginx and uwsgi setup for mailman-web"; virtualRoot = mkOption { default = "/"; example = lib.literalExpression "/lists"; type = types.str; - description = lib.mdDoc '' + description = '' Path to mount the mailman-web django application on. ''; }; }; - settings = mkOption { - description = lib.mdDoc "Settings for mailman.cfg"; + settings = mkOption { + description = "Settings for mailman.cfg"; type = types.attrsOf (types.attrsOf types.str); default = {}; }; hyperkitty = { - enable = mkEnableOption (lib.mdDoc "the Hyperkitty archiver for Mailman"); + enable = mkEnableOption "the Hyperkitty archiver for Mailman"; baseUrl = mkOption { type = types.str; default = "http://localhost:18507/archives/"; - description = lib.mdDoc '' + description = '' Where can Mailman connect to Hyperkitty's internal API, preferably on localhost? ''; @@ -520,14 +520,11 @@ in { hyperkittyApiKey=$(tr -dc A-Za-z0-9 < /dev/urandom | head -c 64) secretKey=$(tr -dc A-Za-z0-9 < /dev/urandom | head -c 64) - mailmanWebCfgTmp=$(mktemp) - jq -n '.MAILMAN_ARCHIVER_KEY=$archiver_key | .SECRET_KEY=$secret_key' \ + install -m 0440 -o root -g mailman \ + <(jq -n '.MAILMAN_ARCHIVER_KEY=$archiver_key | .SECRET_KEY=$secret_key' \ --arg archiver_key "$hyperkittyApiKey" \ - --arg secret_key "$secretKey" \ - >"$mailmanWebCfgTmp" - chown root:mailman "$mailmanWebCfgTmp" - chmod 440 "$mailmanWebCfgTmp" - mv -n "$mailmanWebCfgTmp" "$mailmanWebCfg" + --arg secret_key "$secretKey") \ + "$mailmanWebCfg" fi hyperkittyApiKey="$(jq -r .MAILMAN_ARCHIVER_KEY "$mailmanWebCfg")" diff --git a/nixpkgs/nixos/modules/services/mail/mlmmj.nix b/nixpkgs/nixos/modules/services/mail/mlmmj.nix index 66106a14499b..80fd6d9f4e57 100644 --- a/nixpkgs/nixos/modules/services/mail/mlmmj.nix +++ b/nixpkgs/nixos/modules/services/mail/mlmmj.nix @@ -56,37 +56,37 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable mlmmj"; + description = "Enable mlmmj"; }; user = mkOption { type = types.str; default = "mlmmj"; - description = lib.mdDoc "mailinglist local user"; + description = "mailinglist local user"; }; group = mkOption { type = types.str; default = "mlmmj"; - description = lib.mdDoc "mailinglist local group"; + description = "mailinglist local group"; }; listDomain = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc "Set the mailing list domain"; + description = "Set the mailing list domain"; }; mailLists = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc "The collection of hosted maillists"; + description = "The collection of hosted maillists"; }; maintInterval = mkOption { type = types.str; default = "20min"; - description = lib.mdDoc '' + description = '' Time interval between mlmmj-maintd runs, see {manpage}`systemd.time(7)` for format information. ''; diff --git a/nixpkgs/nixos/modules/services/mail/nullmailer.nix b/nixpkgs/nixos/modules/services/mail/nullmailer.nix index 4fd0026dbe4e..55a85a354452 100644 --- a/nixpkgs/nixos/modules/services/mail/nullmailer.nix +++ b/nixpkgs/nixos/modules/services/mail/nullmailer.nix @@ -10,13 +10,13 @@ with lib; enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable nullmailer daemon."; + description = "Whether to enable nullmailer daemon."; }; user = mkOption { type = types.str; default = "nullmailer"; - description = lib.mdDoc '' + description = '' User to use to run nullmailer-send. ''; }; @@ -24,7 +24,7 @@ with lib; group = mkOption { type = types.str; default = "nullmailer"; - description = lib.mdDoc '' + description = '' Group to use to run nullmailer-send. ''; }; @@ -32,13 +32,13 @@ with lib; setSendmail = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to set the system sendmail to nullmailer's."; + description = "Whether to set the system sendmail to nullmailer's."; }; remotesFile = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Path to the `remotes` control file. This file contains a list of remote servers to which to send each message. @@ -51,7 +51,7 @@ with lib; adminaddr = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' If set, all recipients to users at either "localhost" (the literal string) or the canonical host name (from the me control attribute) are remapped to this address. This is provided to allow local daemons to be able to send email to @@ -64,7 +64,7 @@ with lib; allmailfrom = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' If set, content will override the envelope sender on all messages. ''; }; @@ -72,7 +72,7 @@ with lib; defaultdomain = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The content of this attribute is appended to any host name that does not contain a period (except localhost), including defaulthost and idhost. Defaults to the value of the me attribute, if it exists, @@ -83,7 +83,7 @@ with lib; defaulthost = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The content of this attribute is appended to any address that is missing a host name. Defaults to the value of the me control attribute, if it exists, otherwise the literal name defaulthost. @@ -93,7 +93,7 @@ with lib; doublebounceto = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' If the original sender was empty (the original message was a delivery status or disposition notification), the double bounce is sent to the address in this attribute. @@ -103,7 +103,7 @@ with lib; helohost = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Sets the environment variable $HELOHOST which is used by the SMTP protocol module to set the parameter given to the HELO command. Defaults to the value of the me configuration attribute. @@ -113,7 +113,7 @@ with lib; idhost = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The content of this attribute is used when building the message-id string for the message. Defaults to the canonicalized value of defaulthost. ''; @@ -122,7 +122,7 @@ with lib; maxpause = mkOption { type = with types; nullOr (oneOf [ str int ]); default = null; - description = lib.mdDoc '' + description = '' The maximum time to pause between successive queue runs, in seconds. Defaults to 24 hours (86400). ''; @@ -131,7 +131,7 @@ with lib; me = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The fully-qualifiled host name of the computer running nullmailer. Defaults to the literal name me. ''; @@ -140,7 +140,7 @@ with lib; pausetime = mkOption { type = with types; nullOr (oneOf [ str int ]); default = null; - description = lib.mdDoc '' + description = '' The minimum time to pause between successive queue runs when there are messages in the queue, in seconds. Defaults to 1 minute (60). Each time this timeout is reached, the timeout is doubled to a @@ -153,7 +153,7 @@ with lib; remotes = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' A list of remote servers to which to send each message. Each line contains a remote host name or address followed by an optional protocol string, separated by white space. @@ -170,7 +170,7 @@ with lib; sendtimeout = mkOption { type = with types; nullOr (oneOf [ str int ]); default = null; - description = lib.mdDoc '' + description = '' The time to wait for a remote module listed above to complete sending a message before killing it and trying again, in seconds. Defaults to 1 hour (3600). If this is set to 0, nullmailer-send diff --git a/nixpkgs/nixos/modules/services/mail/offlineimap.nix b/nixpkgs/nixos/modules/services/mail/offlineimap.nix index 0166ec4e8d4e..f1517232c48d 100644 --- a/nixpkgs/nixos/modules/services/mail/offlineimap.nix +++ b/nixpkgs/nixos/modules/services/mail/offlineimap.nix @@ -7,12 +7,12 @@ let in { options.services.offlineimap = { - enable = mkEnableOption (lib.mdDoc "OfflineIMAP, a software to dispose your mailbox(es) as a local Maildir(s)"); + enable = mkEnableOption "OfflineIMAP, a software to dispose your mailbox(es) as a local Maildir(s)"; install = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to install a user service for Offlineimap. Once the service is started, emails will be fetched automatically. @@ -28,19 +28,19 @@ in { type = types.listOf types.path; default = []; example = literalExpression "[ pkgs.pass pkgs.bash pkgs.notmuch ]"; - description = lib.mdDoc "List of derivations to put in Offlineimap's path."; + description = "List of derivations to put in Offlineimap's path."; }; onCalendar = mkOption { type = types.str; default = "*:0/3"; # every 3 minutes - description = lib.mdDoc "How often is offlineimap started. Default is '*:0/3' meaning every 3 minutes. See systemd.time(7) for more information about the format."; + description = "How often is offlineimap started. Default is '*:0/3' meaning every 3 minutes. See systemd.time(7) for more information about the format."; }; timeoutStartSec = mkOption { type = types.str; default = "120sec"; # Kill if still alive after 2 minutes - description = lib.mdDoc "How long waiting for offlineimap before killing it. Default is '120sec' meaning every 2 minutes. See systemd.time(7) for more information about the format."; + description = "How long waiting for offlineimap before killing it. Default is '120sec' meaning every 2 minutes. See systemd.time(7) for more information about the format."; }; }; config = mkIf (cfg.enable || cfg.install) { diff --git a/nixpkgs/nixos/modules/services/mail/opendkim.nix b/nixpkgs/nixos/modules/services/mail/opendkim.nix index a377fccc7bd2..0460764ef094 100644 --- a/nixpkgs/nixos/modules/services/mail/opendkim.nix +++ b/nixpkgs/nixos/modules/services/mail/opendkim.nix @@ -31,25 +31,25 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the OpenDKIM sender authentication system."; + description = "Whether to enable the OpenDKIM sender authentication system."; }; socket = mkOption { type = types.str; default = defaultSock; - description = lib.mdDoc "Socket which is used for communication with OpenDKIM."; + description = "Socket which is used for communication with OpenDKIM."; }; user = mkOption { type = types.str; default = "opendkim"; - description = lib.mdDoc "User for the daemon."; + description = "User for the daemon."; }; group = mkOption { type = types.str; default = "opendkim"; - description = lib.mdDoc "Group for the daemon."; + description = "Group for the daemon."; }; domains = mkOption { @@ -57,7 +57,7 @@ in { default = "csl:${config.networking.hostName}"; defaultText = literalExpression ''"csl:''${config.networking.hostName}"''; example = "csl:example.com,mydomain.net"; - description = lib.mdDoc '' + description = '' Local domains set (see `opendkim(8)` for more information on datasets). Messages from them are signed, not verified. ''; @@ -65,7 +65,7 @@ in { keyPath = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' The path that opendkim should put its generated private keys into. The DNS settings will be found in this directory with the name selector.txt. ''; @@ -74,13 +74,13 @@ in { selector = mkOption { type = types.str; - description = lib.mdDoc "Selector to use when signing."; + description = "Selector to use when signing."; }; configFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc "Additional opendkim configuration."; + description = "Additional opendkim configuration."; }; }; diff --git a/nixpkgs/nixos/modules/services/mail/opensmtpd.nix b/nixpkgs/nixos/modules/services/mail/opensmtpd.nix index a65c8e05a9ce..88e7bc0193b5 100644 --- a/nixpkgs/nixos/modules/services/mail/opensmtpd.nix +++ b/nixpkgs/nixos/modules/services/mail/opensmtpd.nix @@ -28,7 +28,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the OpenSMTPD server."; + description = "Whether to enable the OpenSMTPD server."; }; package = mkPackageOption pkgs "opensmtpd" { }; @@ -36,14 +36,14 @@ in { setSendmail = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to set the system sendmail to OpenSMTPD's."; + description = "Whether to set the system sendmail to OpenSMTPD's."; }; extraServerArgs = mkOption { type = types.listOf types.str; default = []; example = [ "-v" "-P mta" ]; - description = lib.mdDoc '' + description = '' Extra command line arguments provided when the smtpd process is started. ''; @@ -55,7 +55,7 @@ in { listen on lo accept for any deliver to lmtp localhost:24 ''; - description = lib.mdDoc '' + description = '' The contents of the smtpd.conf configuration file. See the OpenSMTPD documentation for syntax information. ''; @@ -64,7 +64,7 @@ in { procPackages = mkOption { type = types.listOf types.package; default = []; - description = lib.mdDoc '' + description = '' Packages to search for filters, tables, queues, and schedulers. Add OpenSMTPD-extras here if you want to use the filters, etc. from diff --git a/nixpkgs/nixos/modules/services/mail/pfix-srsd.nix b/nixpkgs/nixos/modules/services/mail/pfix-srsd.nix index 237f36945e4b..7ad2b20454d0 100644 --- a/nixpkgs/nixos/modules/services/mail/pfix-srsd.nix +++ b/nixpkgs/nixos/modules/services/mail/pfix-srsd.nix @@ -12,17 +12,17 @@ with lib; enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc "Whether to run the postfix sender rewriting scheme daemon."; + description = "Whether to run the postfix sender rewriting scheme daemon."; }; domain = mkOption { - description = lib.mdDoc "The domain for which to enable srs"; + description = "The domain for which to enable srs"; type = types.str; example = "example.com"; }; secretsFile = mkOption { - description = lib.mdDoc '' + description = '' The secret data used to encode the SRS address. to generate, use a command like: `for n in $(seq 5); do dd if=/dev/urandom count=1 bs=1024 status=none | sha256sum | sed 's/ -$//' | sed 's/^/ /'; done` diff --git a/nixpkgs/nixos/modules/services/mail/postfix.nix b/nixpkgs/nixos/modules/services/mail/postfix.nix index 209e066a19ef..fd78c98d0cb4 100644 --- a/nixpkgs/nixos/modules/services/mail/postfix.nix +++ b/nixpkgs/nixos/modules/services/mail/postfix.nix @@ -45,7 +45,7 @@ let type = types.str; default = name; example = "smtp"; - description = lib.mdDoc '' + description = '' The name of the service to run. Defaults to the attribute set key. ''; }; @@ -54,13 +54,13 @@ let type = types.enum [ "inet" "unix" "unix-dgram" "fifo" "pass" ]; default = "unix"; example = "inet"; - description = lib.mdDoc "The type of the service"; + description = "The type of the service"; }; private = mkOption { type = types.bool; example = false; - description = lib.mdDoc '' + description = '' Whether the service's sockets and storage directory is restricted to be only available via the mail system. If `null` is given it uses the postfix default `true`. @@ -70,13 +70,13 @@ let privileged = mkOption { type = types.bool; example = true; - description = lib.mdDoc ""; + description = ""; }; chroot = mkOption { type = types.bool; example = true; - description = lib.mdDoc '' + description = '' Whether the service is chrooted to have only access to the {option}`services.postfix.queueDir` and the closure of store paths specified by the {option}`program` option. @@ -86,7 +86,7 @@ let wakeup = mkOption { type = types.int; example = 60; - description = lib.mdDoc '' + description = '' Automatically wake up the service after the specified number of seconds. If `0` is given, never wake the service up. @@ -96,7 +96,7 @@ let wakeupUnusedComponent = mkOption { type = types.bool; example = false; - description = lib.mdDoc '' + description = '' If set to `false` the component will only be woken up if it is used. This is equivalent to postfix' notion of adding a question mark behind the wakeup time in @@ -107,7 +107,7 @@ let maxproc = mkOption { type = types.int; example = 1; - description = lib.mdDoc '' + description = '' The maximum number of processes to spawn for this service. If the value is `0` it doesn't have any limit. If `null` is given it uses the postfix default of @@ -119,7 +119,7 @@ let type = types.str; default = name; example = "smtpd"; - description = lib.mdDoc '' + description = '' A program name specifying a Postfix service/daemon process. By default it's the attribute {option}`name`. ''; @@ -129,7 +129,7 @@ let type = types.listOf types.str; default = []; example = [ "-o" "smtp_helo_timeout=5" ]; - description = lib.mdDoc '' + description = '' Arguments to pass to the {option}`command`. There is no shell processing involved and shell syntax is passed verbatim to the process. @@ -140,7 +140,7 @@ let type = types.listOf types.str; default = []; internal = true; - description = lib.mdDoc '' + description = '' The raw configuration line for the {file}`master.cf`. ''; }; @@ -221,13 +221,13 @@ let type = types.str; default = "/^.*/"; example = "/^X-Mailer:/"; - description = lib.mdDoc "A regexp pattern matching the header"; + description = "A regexp pattern matching the header"; }; action = mkOption { type = types.str; default = "DUNNO"; example = "BCC mail@example.com"; - description = lib.mdDoc "The action to be executed when the pattern is matched"; + description = "The action to be executed when the pattern is matched"; }; }; }; @@ -267,25 +267,25 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to run the Postfix mail server."; + description = "Whether to run the Postfix mail server."; }; enableSmtp = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to enable smtp in master.cf."; + description = "Whether to enable smtp in master.cf."; }; enableSubmission = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable smtp submission."; + description = "Whether to enable smtp submission."; }; enableSubmissions = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable smtp submission via smtps. According to RFC 8314 this should be preferred @@ -308,7 +308,7 @@ in smtpd_client_restrictions = "permit_sasl_authenticated,reject"; milter_macro_daemon_name = "ORIGINATING"; }; - description = lib.mdDoc "Options for the submission config in master.cf"; + description = "Options for the submission config in master.cf"; }; submissionsOptions = mkOption { @@ -324,7 +324,7 @@ in smtpd_client_restrictions = "permit_sasl_authenticated,reject"; milter_macro_daemon_name = "ORIGINATING"; }; - description = lib.mdDoc '' + description = '' Options for the submission config via smtps in master.cf. smtpd_tls_security_level will be set to encrypt, if it is missing @@ -337,25 +337,25 @@ in setSendmail = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to set the system sendmail to postfix's."; + description = "Whether to set the system sendmail to postfix's."; }; user = mkOption { type = types.str; default = "postfix"; - description = lib.mdDoc "What to call the Postfix user (must be used only for postfix)."; + description = "What to call the Postfix user (must be used only for postfix)."; }; group = mkOption { type = types.str; default = "postfix"; - description = lib.mdDoc "What to call the Postfix group (must be used only for postfix)."; + description = "What to call the Postfix group (must be used only for postfix)."; }; setgidGroup = mkOption { type = types.str; default = "postdrop"; - description = lib.mdDoc '' + description = '' How to call postfix setgid group (for postdrop). Should be uniquely used group. ''; @@ -365,7 +365,7 @@ in type = types.nullOr (types.listOf types.str); default = null; example = ["192.168.0.1/24"]; - description = lib.mdDoc '' + description = '' Net masks for trusted - allowed to relay mail to third parties - hosts. Leave empty to use mynetworks_style configuration or use default (localhost-only). @@ -375,7 +375,7 @@ in networksStyle = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Name of standard way of trusted network specification to use, leave blank if you specify it explicitly or if you want to use default (localhost-only). @@ -385,7 +385,7 @@ in hostname = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Hostname to use. Leave blank to use just the hostname of machine. It should be FQDN. ''; @@ -394,7 +394,7 @@ in domain = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Domain to use. Leave blank to use hostname minus first component. ''; }; @@ -402,7 +402,7 @@ in origin = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Origin to use in outgoing e-mail. Leave blank to use hostname. ''; }; @@ -411,7 +411,7 @@ in type = types.nullOr (types.listOf types.str); default = null; example = ["localhost"]; - description = lib.mdDoc '' + description = '' Full (!) list of domains we deliver locally. Leave blank for acceptable Postfix default. ''; @@ -421,7 +421,7 @@ in type = types.nullOr (types.listOf types.str); default = null; example = ["localdomain"]; - description = lib.mdDoc '' + description = '' List of domains we agree to relay to. Default is empty. ''; }; @@ -429,7 +429,7 @@ in relayHost = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Mail relay for outbound mail. ''; }; @@ -437,7 +437,7 @@ in relayPort = mkOption { type = types.int; default = 25; - description = lib.mdDoc '' + description = '' SMTP port for relay mail relay. ''; }; @@ -445,7 +445,7 @@ in lookupMX = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether relay specified is just domain whose MX must be used. ''; }; @@ -453,7 +453,7 @@ in postmasterAlias = mkOption { type = types.str; default = "root"; - description = lib.mdDoc '' + description = '' Who should receive postmaster e-mail. Multiple values can be added by separating values with comma. ''; @@ -462,7 +462,7 @@ in rootAlias = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Who should receive root e-mail. Blank for no redirection. Multiple values can be added by separating values with comma. ''; @@ -471,7 +471,7 @@ in extraAliases = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Additional entries to put verbatim into aliases file, cf. man-page aliases(8). ''; }; @@ -480,12 +480,12 @@ in type = with types; enum [ "hash" "regexp" "pcre" ]; default = "hash"; example = "regexp"; - description = lib.mdDoc "The format the alias map should have. Use regexp if you want to use regular expressions."; + description = "The format the alias map should have. Use regexp if you want to use regular expressions."; }; config = mkOption { type = with types; attrsOf (oneOf [ bool str (listOf str) ]); - description = lib.mdDoc '' + description = '' The main.cf configuration file as key value set. ''; example = { @@ -497,7 +497,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra lines to be added verbatim to the main.cf configuration file. ''; }; @@ -506,7 +506,7 @@ in type = types.str; default = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; defaultText = literalExpression ''"''${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"''; - description = lib.mdDoc '' + description = '' File containing trusted certification authorities (CA) to verify certificates of mailservers contacted for mail delivery. This basically sets smtp_tls_CAfile and enables opportunistic tls. Defaults to NixOS trusted certification authorities. ''; }; @@ -514,20 +514,20 @@ in sslCert = mkOption { type = types.str; default = ""; - description = lib.mdDoc "SSL certificate to use."; + description = "SSL certificate to use."; }; sslKey = mkOption { type = types.str; default = ""; - description = lib.mdDoc "SSL key to use."; + description = "SSL key to use."; }; recipientDelimiter = mkOption { type = types.str; default = ""; example = "+"; - description = lib.mdDoc '' + description = '' Delimiter for address extension: so mail to user+test can be handled by ~user/.forward+test ''; }; @@ -535,7 +535,7 @@ in canonical = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Entries for the {manpage}`canonical(5)` table. ''; }; @@ -543,7 +543,7 @@ in virtual = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Entries for the virtual alias map, cf. man-page virtual(5). ''; }; @@ -551,7 +551,7 @@ in virtualMapType = mkOption { type = types.enum ["hash" "regexp" "pcre"]; default = "hash"; - description = lib.mdDoc '' + description = '' What type of virtual alias map file to use. Use `"regexp"` for regular expressions. ''; }; @@ -559,7 +559,7 @@ in localRecipients = mkOption { type = with types; nullOr (listOf str); default = null; - description = lib.mdDoc '' + description = '' List of accepted local users. Specify a bare username, an `"@domain.tld"` wild-card, or a complete `"user@domain.tld"` address. If set, these names end @@ -572,7 +572,7 @@ in transport = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Entries for the transport map, cf. man-page transport(8). ''; }; @@ -580,13 +580,13 @@ in dnsBlacklists = mkOption { default = []; type = with types; listOf str; - description = lib.mdDoc "dns blacklist servers to use with smtpd_client_restrictions"; + description = "dns blacklist servers to use with smtpd_client_restrictions"; }; dnsBlacklistOverrides = mkOption { default = ""; type = types.lines; - description = lib.mdDoc "contents of check_client_access for overriding dnsBlacklists"; + description = "contents of check_client_access for overriding dnsBlacklists"; }; masterConfig = mkOption { @@ -598,7 +598,7 @@ in args = [ "-o" "smtpd_tls_security_level=encrypt" ]; }; }; - description = lib.mdDoc '' + description = '' An attribute set of service options, which correspond to the service definitions usually done within the Postfix {file}`master.cf` file. @@ -609,46 +609,46 @@ in type = types.lines; default = ""; example = "submission inet n - n - - smtpd"; - description = lib.mdDoc "Extra lines to append to the generated master.cf file."; + description = "Extra lines to append to the generated master.cf file."; }; enableHeaderChecks = mkOption { type = types.bool; default = false; example = true; - description = lib.mdDoc "Whether to enable postfix header checks"; + description = "Whether to enable postfix header checks"; }; headerChecks = mkOption { type = types.listOf (types.submodule headerCheckOptions); default = []; example = [ { pattern = "/^X-Spam-Flag:/"; action = "REDIRECT spam@example.com"; } ]; - description = lib.mdDoc "Postfix header checks."; + description = "Postfix header checks."; }; extraHeaderChecks = mkOption { type = types.lines; default = ""; example = "/^X-Spam-Flag:/ REDIRECT spam@example.com"; - description = lib.mdDoc "Extra lines to /etc/postfix/header_checks file."; + description = "Extra lines to /etc/postfix/header_checks file."; }; aliasFiles = mkOption { type = types.attrsOf types.path; default = {}; - description = lib.mdDoc "Aliases' tables to be compiled and placed into /var/lib/postfix/conf."; + description = "Aliases' tables to be compiled and placed into /var/lib/postfix/conf."; }; mapFiles = mkOption { type = types.attrsOf types.path; default = {}; - description = lib.mdDoc "Maps to be compiled and placed into /var/lib/postfix/conf."; + description = "Maps to be compiled and placed into /var/lib/postfix/conf."; }; useSrs = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable sender rewriting scheme"; + description = "Whether to enable sender rewriting scheme"; }; }; diff --git a/nixpkgs/nixos/modules/services/mail/postfixadmin.nix b/nixpkgs/nixos/modules/services/mail/postfixadmin.nix index e7ebb6fbd648..87a9f963b195 100644 --- a/nixpkgs/nixos/modules/services/mail/postfixadmin.nix +++ b/nixpkgs/nixos/modules/services/mail/postfixadmin.nix @@ -13,7 +13,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable postfixadmin. Also enables nginx virtual host management. @@ -25,13 +25,13 @@ in hostName = mkOption { type = types.str; example = "postfixadmin.example.com"; - description = lib.mdDoc "Hostname to use for the nginx vhost"; + description = "Hostname to use for the nginx vhost"; }; adminEmail = mkOption { type = types.str; example = "postmaster@example.com"; - description = lib.mdDoc '' + description = '' Defines the Site Admin's email address. This will be used to send emails from to create mailboxes and from Send Email / Broadcast message pages. @@ -40,7 +40,7 @@ in setupPasswordFile = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' Password file for the admin. Generate with `php -r "echo password_hash('some password here', PASSWORD_DEFAULT);"` ''; @@ -50,7 +50,7 @@ in username = mkOption { type = types.str; default = "postfixadmin"; - description = lib.mdDoc '' + description = '' Username for the postgresql connection. If `database.host` is set to `localhost`, a unix user and group of the same name will be created as well. ''; @@ -58,7 +58,7 @@ in host = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc '' + description = '' Host of the postgresql server. If this is not set to `localhost`, you have to create the postgresql user and database yourself, with appropriate @@ -67,19 +67,19 @@ in }; passwordFile = mkOption { type = types.path; - description = lib.mdDoc "Password file for the postgresql connection. Must be readable by user `nginx`."; + description = "Password file for the postgresql connection. Must be readable by user `nginx`."; }; dbname = mkOption { type = types.str; default = "postfixadmin"; - description = lib.mdDoc "Name of the postgresql database"; + description = "Name of the postgresql database"; }; }; extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Extra configuration for the postfixadmin instance, see postfixadmin's config.inc.php for available options."; + description = "Extra configuration for the postfixadmin instance, see postfixadmin's config.inc.php for available options."; }; }; diff --git a/nixpkgs/nixos/modules/services/mail/postgrey.nix b/nixpkgs/nixos/modules/services/mail/postgrey.nix index fdfa08946ddf..7c206e3725e6 100644 --- a/nixpkgs/nixos/modules/services/mail/postgrey.nix +++ b/nixpkgs/nixos/modules/services/mail/postgrey.nix @@ -15,12 +15,12 @@ with lib; let type = nullOr str; default = null; example = "127.0.0.1"; - description = lib.mdDoc "The address to bind to. Localhost if null"; + description = "The address to bind to. Localhost if null"; }; port = mkOption { type = natural'; default = 10030; - description = lib.mdDoc "Tcp port to bind to"; + description = "Tcp port to bind to"; }; }; }; @@ -30,13 +30,13 @@ with lib; let path = mkOption { type = path; default = "/run/postgrey.sock"; - description = lib.mdDoc "Path of the unix socket"; + description = "Path of the unix socket"; }; mode = mkOption { type = str; default = "0777"; - description = lib.mdDoc "Mode of the unix socket"; + description = "Mode of the unix socket"; }; }; }; @@ -59,7 +59,7 @@ in { enable = mkOption { type = bool; default = false; - description = lib.mdDoc "Whether to run the Postgrey daemon"; + description = "Whether to run the Postgrey daemon"; }; socket = mkOption { type = socket; @@ -71,73 +71,73 @@ in { addr = "127.0.0.1"; port = 10030; }; - description = lib.mdDoc "Socket to bind to"; + description = "Socket to bind to"; }; greylistText = mkOption { type = str; default = "Greylisted for %%s seconds"; - description = lib.mdDoc "Response status text for greylisted messages; use %%s for seconds left until greylisting is over and %%r for mail domain of recipient"; + description = "Response status text for greylisted messages; use %%s for seconds left until greylisting is over and %%r for mail domain of recipient"; }; greylistAction = mkOption { type = str; default = "DEFER_IF_PERMIT"; - description = lib.mdDoc "Response status for greylisted messages (see access(5))"; + description = "Response status for greylisted messages (see access(5))"; }; greylistHeader = mkOption { type = str; default = "X-Greylist: delayed %%t seconds by postgrey-%%v at %%h; %%d"; - description = lib.mdDoc "Prepend header to greylisted mails; use %%t for seconds delayed due to greylisting, %%v for the version of postgrey, %%d for the date, and %%h for the host"; + description = "Prepend header to greylisted mails; use %%t for seconds delayed due to greylisting, %%v for the version of postgrey, %%d for the date, and %%h for the host"; }; delay = mkOption { type = natural; default = 300; - description = lib.mdDoc "Greylist for N seconds"; + description = "Greylist for N seconds"; }; maxAge = mkOption { type = natural; default = 35; - description = lib.mdDoc "Delete entries from whitelist if they haven't been seen for N days"; + description = "Delete entries from whitelist if they haven't been seen for N days"; }; retryWindow = mkOption { type = either str natural; default = 2; example = "12h"; - description = lib.mdDoc "Allow N days for the first retry. Use string with appended 'h' to specify time in hours"; + description = "Allow N days for the first retry. Use string with appended 'h' to specify time in hours"; }; lookupBySubnet = mkOption { type = bool; default = true; - description = lib.mdDoc "Strip the last N bits from IP addresses, determined by IPv4CIDR and IPv6CIDR"; + description = "Strip the last N bits from IP addresses, determined by IPv4CIDR and IPv6CIDR"; }; IPv4CIDR = mkOption { type = natural; default = 24; - description = lib.mdDoc "Strip N bits from IPv4 addresses if lookupBySubnet is true"; + description = "Strip N bits from IPv4 addresses if lookupBySubnet is true"; }; IPv6CIDR = mkOption { type = natural; default = 64; - description = lib.mdDoc "Strip N bits from IPv6 addresses if lookupBySubnet is true"; + description = "Strip N bits from IPv6 addresses if lookupBySubnet is true"; }; privacy = mkOption { type = bool; default = true; - description = lib.mdDoc "Store data using one-way hash functions (SHA1)"; + description = "Store data using one-way hash functions (SHA1)"; }; autoWhitelist = mkOption { type = nullOr natural'; default = 5; - description = lib.mdDoc "Whitelist clients after successful delivery of N messages"; + description = "Whitelist clients after successful delivery of N messages"; }; whitelistClients = mkOption { type = listOf path; default = []; - description = lib.mdDoc "Client address whitelist files (see postgrey(8))"; + description = "Client address whitelist files (see postgrey(8))"; }; whitelistRecipients = mkOption { type = listOf path; default = []; - description = lib.mdDoc "Recipient address whitelist files (see postgrey(8))"; + description = "Recipient address whitelist files (see postgrey(8))"; }; }; }; diff --git a/nixpkgs/nixos/modules/services/mail/postsrsd.nix b/nixpkgs/nixos/modules/services/mail/postsrsd.nix index 41301c8697d7..2ebc675ab10a 100644 --- a/nixpkgs/nixos/modules/services/mail/postsrsd.nix +++ b/nixpkgs/nixos/modules/services/mail/postsrsd.nix @@ -17,24 +17,24 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the postsrsd SRS server for Postfix."; + description = "Whether to enable the postsrsd SRS server for Postfix."; }; secretsFile = mkOption { type = types.path; default = "/var/lib/postsrsd/postsrsd.secret"; - description = lib.mdDoc "Secret keys used for signing and verification"; + description = "Secret keys used for signing and verification"; }; domain = mkOption { type = types.str; - description = lib.mdDoc "Domain name for rewrite"; + description = "Domain name for rewrite"; }; separator = mkOption { type = types.enum ["-" "=" "+"]; default = "="; - description = lib.mdDoc "First separator character in generated addresses"; + description = "First separator character in generated addresses"; }; # bindAddress = mkOption { # uncomment once 1.5 is released @@ -46,37 +46,37 @@ in { forwardPort = mkOption { type = types.int; default = 10001; - description = lib.mdDoc "Port for the forward SRS lookup"; + description = "Port for the forward SRS lookup"; }; reversePort = mkOption { type = types.int; default = 10002; - description = lib.mdDoc "Port for the reverse SRS lookup"; + description = "Port for the reverse SRS lookup"; }; timeout = mkOption { type = types.int; default = 1800; - description = lib.mdDoc "Timeout for idle client connections in seconds"; + description = "Timeout for idle client connections in seconds"; }; excludeDomains = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc "Origin domains to exclude from rewriting in addition to primary domain"; + description = "Origin domains to exclude from rewriting in addition to primary domain"; }; user = mkOption { type = types.str; default = "postsrsd"; - description = lib.mdDoc "User for the daemon"; + description = "User for the daemon"; }; group = mkOption { type = types.str; default = "postsrsd"; - description = lib.mdDoc "Group for the daemon"; + description = "Group for the daemon"; }; }; diff --git a/nixpkgs/nixos/modules/services/mail/public-inbox.nix b/nixpkgs/nixos/modules/services/mail/public-inbox.nix index 014e619d6f7f..ea0dfda0e695 100644 --- a/nixpkgs/nixos/modules/services/mail/public-inbox.nix +++ b/nixpkgs/nixos/modules/services/mail/public-inbox.nix @@ -16,12 +16,12 @@ let args = mkOption { type = with types; listOf str; default = []; - description = lib.mdDoc "Command-line arguments to pass to {manpage}`public-inbox-${proto}d(1)`."; + description = "Command-line arguments to pass to {manpage}`public-inbox-${proto}d(1)`."; }; port = mkOption { type = with types; nullOr (either str port); default = defaultPort; - description = lib.mdDoc '' + description = '' Listening port. Beware that public-inbox uses well-known ports number to decide whether to enable TLS or not. Set to null and use `systemd.sockets.public-inbox-${proto}d.listenStreams` @@ -32,13 +32,13 @@ let type = with types; nullOr str; default = null; example = "/path/to/fullchain.pem"; - description = lib.mdDoc "Path to TLS certificate to use for connections to {manpage}`public-inbox-${proto}d(1)`."; + description = "Path to TLS certificate to use for connections to {manpage}`public-inbox-${proto}d(1)`."; }; key = mkOption { type = with types; nullOr str; default = null; example = "/path/to/key.pem"; - description = lib.mdDoc "Path to TLS key to use for connections to {manpage}`public-inbox-${proto}d(1)`."; + description = "Path to TLS key to use for connections to {manpage}`public-inbox-${proto}d(1)`."; }; }; @@ -143,19 +143,19 @@ in { options.services.public-inbox = { - enable = mkEnableOption (lib.mdDoc "the public-inbox mail archiver"); + enable = mkEnableOption "the public-inbox mail archiver"; package = mkPackageOption pkgs "public-inbox" { }; path = mkOption { type = with types; listOf package; default = []; example = literalExpression "with pkgs; [ spamassassin ]"; - description = lib.mdDoc '' + description = '' Additional packages to place in the path of public-inbox-mda, public-inbox-watch, etc. ''; }; inboxes = mkOption { - description = lib.mdDoc '' + description = '' Inboxes to configure, where attribute names are inbox names. ''; default = {}; @@ -164,22 +164,22 @@ in options.inboxdir = mkOption { type = types.str; default = "${stateDir}/inboxes/${name}"; - description = lib.mdDoc "The absolute path to the directory which hosts the public-inbox."; + description = "The absolute path to the directory which hosts the public-inbox."; }; options.address = mkOption { type = with types; listOf str; example = "example-discuss@example.org"; - description = lib.mdDoc "The email addresses of the public-inbox."; + description = "The email addresses of the public-inbox."; }; options.url = mkOption { type = types.nonEmptyStr; example = "https://example.org/lists/example-discuss"; - description = lib.mdDoc "URL where this inbox can be accessed over HTTP."; + description = "URL where this inbox can be accessed over HTTP."; }; options.description = mkOption { type = types.str; example = "user/dev discussion of public-inbox itself"; - description = lib.mdDoc "User-visible description for the repository."; + description = "User-visible description for the repository."; apply = pkgs.writeText "public-inbox-description-${name}"; }; options.hide = mkOption { @@ -191,19 +191,19 @@ in options.newsgroup = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc "NNTP group name for the inbox."; + description = "NNTP group name for the inbox."; }; options.watch = mkOption { type = with types; listOf str; default = []; - description = lib.mdDoc "Paths for {manpage}`public-inbox-watch(1)` to monitor for new mail."; + description = "Paths for {manpage}`public-inbox-watch(1)` to monitor for new mail."; example = [ "maildir:/path/to/test.example.com.git" ]; }; options.watchheader = mkOption { type = with types; nullOr str; default = null; example = "List-Id:<test@example.com>"; - description = lib.mdDoc '' + description = '' If specified, {manpage}`public-inbox-watch(1)` will only process mail containing a matching header. ''; @@ -213,20 +213,20 @@ in description = "list of coderepo names"; }; default = []; - description = lib.mdDoc "Nicknames of a 'coderepo' section associated with the inbox."; + description = "Nicknames of a 'coderepo' section associated with the inbox."; }; })); }; imap = { - enable = mkEnableOption (lib.mdDoc "the public-inbox IMAP server"); + enable = mkEnableOption "the public-inbox IMAP server"; } // publicInboxDaemonOptions "imap" 993; http = { - enable = mkEnableOption (lib.mdDoc "the public-inbox HTTP server"); + enable = mkEnableOption "the public-inbox HTTP server"; mounts = mkOption { type = with types; listOf str; default = [ "/" ]; example = [ "/lists/archives" ]; - description = lib.mdDoc '' + description = '' Root paths or URLs that public-inbox will be served on. If domain parts are present, only requests to those domains will be accepted. @@ -237,7 +237,7 @@ in type = with types; nullOr (either str port); default = 80; example = "/run/public-inbox-httpd.sock"; - description = lib.mdDoc '' + description = '' Listening port or systemd's ListenStream= entry to be used as a reverse proxy, eg. in nginx: `locations."/inbox".proxyPass = "http://unix:''${config.services.public-inbox.http.port}:/inbox";` @@ -247,25 +247,25 @@ in }; }; mda = { - enable = mkEnableOption (lib.mdDoc "the public-inbox Mail Delivery Agent"); + enable = mkEnableOption "the public-inbox Mail Delivery Agent"; args = mkOption { type = with types; listOf str; default = []; - description = lib.mdDoc "Command-line arguments to pass to {manpage}`public-inbox-mda(1)`."; + description = "Command-line arguments to pass to {manpage}`public-inbox-mda(1)`."; }; }; - postfix.enable = mkEnableOption (lib.mdDoc "the integration into Postfix"); + postfix.enable = mkEnableOption "the integration into Postfix"; nntp = { - enable = mkEnableOption (lib.mdDoc "the public-inbox NNTP server"); + enable = mkEnableOption "the public-inbox NNTP server"; } // publicInboxDaemonOptions "nntp" 563; spamAssassinRules = mkOption { type = with types; nullOr path; default = "${cfg.package.sa_config}/user/.spamassassin/user_prefs"; defaultText = literalExpression "\${cfg.package.sa_config}/user/.spamassassin/user_prefs"; - description = lib.mdDoc "SpamAssassin configuration specific to public-inbox."; + description = "SpamAssassin configuration specific to public-inbox."; }; settings = mkOption { - description = lib.mdDoc '' + description = '' Settings for the [public-inbox config file](https://public-inbox.org/public-inbox-config.html). ''; default = {}; @@ -273,7 +273,7 @@ in freeformType = gitIni.type; options.publicinbox = mkOption { default = {}; - description = lib.mdDoc "public inboxes"; + description = "public inboxes"; type = types.submodule { # Support both global options like `services.public-inbox.settings.publicinbox.imapserver` # and inbox specific options like `services.public-inbox.settings.publicinbox.foo.address`. @@ -282,25 +282,25 @@ in options.css = mkOption { type = with types; listOf str; default = []; - description = lib.mdDoc "The local path name of a CSS file for the PSGI web interface."; + description = "The local path name of a CSS file for the PSGI web interface."; }; options.imapserver = mkOption { type = with types; listOf str; default = []; example = [ "imap.public-inbox.org" ]; - description = lib.mdDoc "IMAP URLs to this public-inbox instance"; + description = "IMAP URLs to this public-inbox instance"; }; options.nntpserver = mkOption { type = with types; listOf str; default = []; example = [ "nntp://news.public-inbox.org" "nntps://news.public-inbox.org" ]; - description = lib.mdDoc "NNTP URLs to this public-inbox instance"; + description = "NNTP URLs to this public-inbox instance"; }; options.pop3server = mkOption { type = with types; listOf str; default = []; example = [ "pop.public-inbox.org" ]; - description = lib.mdDoc "POP3 URLs to this public-inbox instance"; + description = "POP3 URLs to this public-inbox instance"; }; options.sourceinfo = mkOption { type = with types; nullOr str; @@ -311,7 +311,7 @@ in options.wwwlisting = mkOption { type = with types; enum [ "all" "404" "match=domain" ]; default = "404"; - description = lib.mdDoc '' + description = '' Controls which lists (if any) are listed for when the root public-inbox URL is accessed over HTTP. ''; @@ -321,7 +321,7 @@ in options.publicinboxmda.spamcheck = mkOption { type = with types; enum [ "spamc" "none" ]; default = "none"; - description = lib.mdDoc '' + description = '' If set to spamc, {manpage}`public-inbox-watch(1)` will filter spam using SpamAssassin. ''; @@ -329,7 +329,7 @@ in options.publicinboxwatch.spamcheck = mkOption { type = with types; enum [ "spamc" "none" ]; default = "none"; - description = lib.mdDoc '' + description = '' If set to spamc, {manpage}`public-inbox-watch(1)` will filter spam using SpamAssassin. ''; @@ -338,30 +338,30 @@ in type = with types; nullOr str; default = null; example = "maildir:/path/to/spam"; - description = lib.mdDoc '' + description = '' If set, mail in this maildir will be trained as spam and deleted from all watched inboxes ''; }; options.coderepo = mkOption { default = {}; - description = lib.mdDoc "code repositories"; + description = "code repositories"; type = types.attrsOf (types.submodule { freeformType = types.attrsOf iniAtom; options.cgitUrl = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc "URL of a cgit instance"; + description = "URL of a cgit instance"; }; options.dir = mkOption { type = types.str; - description = lib.mdDoc "Path to a git repository"; + description = "Path to a git repository"; }; }); }; }; }; - openFirewall = mkEnableOption (lib.mdDoc "opening the firewall when using a port option"); + openFirewall = mkEnableOption "opening the firewall when using a port option"; }; config = mkIf cfg.enable { assertions = [ diff --git a/nixpkgs/nixos/modules/services/mail/roundcube.nix b/nixpkgs/nixos/modules/services/mail/roundcube.nix index 3f1a695ab91a..78f627d33e2d 100644 --- a/nixpkgs/nixos/modules/services/mail/roundcube.nix +++ b/nixpkgs/nixos/modules/services/mail/roundcube.nix @@ -7,14 +7,14 @@ let fpm = config.services.phpfpm.pools.roundcube; localDB = cfg.database.host == "localhost"; user = cfg.database.username; - phpWithPspell = pkgs.php81.withExtensions ({ enabled, all }: [ all.pspell ] ++ enabled); + phpWithPspell = pkgs.php83.withExtensions ({ enabled, all }: [ all.pspell ] ++ enabled); in { options.services.roundcube = { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable roundcube. Also enables nginx virtual host management. @@ -26,7 +26,7 @@ in hostName = mkOption { type = types.str; example = "webmail.example.com"; - description = lib.mdDoc "Hostname to use for the nginx vhost"; + description = "Hostname to use for the nginx vhost"; }; package = mkPackageOption pkgs "roundcube" { @@ -37,7 +37,7 @@ in username = mkOption { type = types.str; default = "roundcube"; - description = lib.mdDoc '' + description = '' Username for the postgresql connection. If `database.host` is set to `localhost`, a unix user and group of the same name will be created as well. ''; @@ -45,7 +45,7 @@ in host = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc '' + description = '' Host of the postgresql server. If this is not set to `localhost`, you have to create the postgresql user and database yourself, with appropriate @@ -54,12 +54,12 @@ in }; password = mkOption { type = types.str; - description = lib.mdDoc "Password for the postgresql connection. Do not use: the password will be stored world readable in the store; use `passwordFile` instead."; + description = "Password for the postgresql connection. Do not use: the password will be stored world readable in the store; use `passwordFile` instead."; default = ""; }; passwordFile = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Password file for the postgresql connection. Must be formatted according to PostgreSQL .pgpass standard (see https://www.postgresql.org/docs/current/libpq-pgpass.html) but only one line, no comments and readable by user `nginx`. @@ -69,14 +69,14 @@ in dbname = mkOption { type = types.str; default = "roundcube"; - description = lib.mdDoc "Name of the postgresql database"; + description = "Name of the postgresql database"; }; }; plugins = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' List of roundcube plugins to enable. Currently, only those directly shipped with Roundcube are supported. ''; }; @@ -85,7 +85,7 @@ in type = types.listOf types.package; default = []; example = literalExpression "with pkgs.aspellDicts; [ en fr de ]"; - description = lib.mdDoc '' + description = '' List of aspell dictionaries for spell checking. If empty, spell checking is disabled. ''; }; @@ -93,7 +93,7 @@ in maxAttachmentSize = mkOption { type = types.int; default = 18; - description = lib.mdDoc '' + description = '' The maximum attachment size in MB. Note: Since roundcube only uses 70% of max upload values configured in php @@ -105,13 +105,13 @@ in configureNginx = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc "Configure nginx as a reverse proxy for roundcube."; + description = "Configure nginx as a reverse proxy for roundcube."; }; extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Extra configuration for roundcube webmail instance"; + description = "Extra configuration for roundcube webmail instance"; }; }; @@ -247,14 +247,15 @@ in (mkIf (cfg.database.host == "localhost") { requires = [ "postgresql.service" ]; after = [ "postgresql.service" ]; - path = [ config.services.postgresql.package ]; }) { wants = [ "network-online.target" ]; after = [ "network-online.target" ]; wantedBy = [ "multi-user.target" ]; + + path = [ config.services.postgresql.package ]; script = let - psql = "${lib.optionalString (!localDB) "PGPASSFILE=${cfg.database.passwordFile}"} ${pkgs.postgresql}/bin/psql ${lib.optionalString (!localDB) "-h ${cfg.database.host} -U ${cfg.database.username} "} ${cfg.database.dbname}"; + psql = "${lib.optionalString (!localDB) "PGPASSFILE=${cfg.database.passwordFile}"} psql ${lib.optionalString (!localDB) "-h ${cfg.database.host} -U ${cfg.database.username} "} ${cfg.database.dbname}"; in '' version="$(${psql} -t <<< "select value from system where name = 'roundcube-version';" || true)" diff --git a/nixpkgs/nixos/modules/services/mail/rspamd-trainer.nix b/nixpkgs/nixos/modules/services/mail/rspamd-trainer.nix index bb78ddf9dd47..81a0c460f0c3 100644 --- a/nixpkgs/nixos/modules/services/mail/rspamd-trainer.nix +++ b/nixpkgs/nixos/modules/services/mail/rspamd-trainer.nix @@ -10,11 +10,11 @@ let in { options.services.rspamd-trainer = { - enable = mkEnableOption (mdDoc "Spam/ham trainer for rspamd"); + enable = mkEnableOption "Spam/ham trainer for rspamd"; settings = mkOption { default = { }; - description = mdDoc '' + description = '' IMAP authentication configuration for rspamd-trainer. For supplying the IMAP password, use the `secrets` option. ''; @@ -32,7 +32,7 @@ in { secrets = lib.mkOption { type = with types; listOf path; - description = lib.mdDoc '' + description = '' A list of files containing the various secrets. Should be in the format expected by systemd's `EnvironmentFile` directory. For the IMAP account password use `PASSWORD = mypassword`. diff --git a/nixpkgs/nixos/modules/services/mail/rspamd.nix b/nixpkgs/nixos/modules/services/mail/rspamd.nix index ca88d8122179..c61ddcac954a 100644 --- a/nixpkgs/nixos/modules/services/mail/rspamd.nix +++ b/nixpkgs/nixos/modules/services/mail/rspamd.nix @@ -13,24 +13,24 @@ let socket = mkOption { type = types.str; example = "localhost:11333"; - description = lib.mdDoc '' + description = '' Socket for this worker to listen on in a format acceptable by rspamd. ''; }; mode = mkOption { type = types.str; default = "0644"; - description = lib.mdDoc "Mode to set on unix socket"; + description = "Mode to set on unix socket"; }; owner = mkOption { type = types.str; default = "${cfg.user}"; - description = lib.mdDoc "Owner to set on unix socket"; + description = "Owner to set on unix socket"; }; group = mkOption { type = types.str; default = "${cfg.group}"; - description = lib.mdDoc "Group to set on unix socket"; + description = "Group to set on unix socket"; }; rawEntry = mkOption { type = types.str; @@ -52,18 +52,18 @@ let enable = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc "Whether to run the rspamd worker."; + description = "Whether to run the rspamd worker."; }; name = mkOption { type = types.nullOr types.str; default = name; - description = lib.mdDoc "Name of the worker"; + description = "Name of the worker"; }; type = mkOption { type = types.nullOr (types.enum [ "normal" "controller" "fuzzy" "rspamd_proxy" "lua" "proxy" ]); - description = lib.mdDoc '' + description = '' The type of this worker. The type `proxy` is deprecated and only kept for backwards compatibility and should be replaced with `rspamd_proxy`. @@ -77,7 +77,7 @@ let bindSockets = mkOption { type = types.listOf (types.either types.str (types.submodule bindSocketOpts)); default = []; - description = lib.mdDoc '' + description = '' List of sockets to listen, in format acceptable by rspamd ''; example = [{ @@ -94,21 +94,21 @@ let count = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' Number of worker instances to run ''; }; includes = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' List of files to include in configuration ''; }; extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Additional entries to put verbatim into worker section of rspamd config file."; + description = "Additional entries to put verbatim into worker section of rspamd config file."; }; }; config = mkIf (name == "normal" || name == "controller" || name == "fuzzy" || name == "rspamd_proxy") { @@ -186,7 +186,7 @@ let enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether this file ${prefix} should be generated. This option allows specific ${prefix} files to be disabled. ''; @@ -195,12 +195,12 @@ let text = mkOption { default = null; type = types.nullOr types.lines; - description = lib.mdDoc "Text of the file."; + description = "Text of the file."; }; source = mkOption { type = types.path; - description = lib.mdDoc "Path of the source file."; + description = "Path of the source file."; }; }; config = { @@ -227,18 +227,18 @@ in services.rspamd = { - enable = mkEnableOption (lib.mdDoc "rspamd, the Rapid spam filtering system"); + enable = mkEnableOption "rspamd, the Rapid spam filtering system"; debug = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to run the rspamd daemon in debug mode."; + description = "Whether to run the rspamd daemon in debug mode."; }; locals = mkOption { type = with types; attrsOf (submodule (configFileModule "locals")); default = {}; - description = lib.mdDoc '' + description = '' Local configuration files, written into {file}`/etc/rspamd/local.d/{name}`. ''; example = literalExpression '' @@ -251,7 +251,7 @@ in overrides = mkOption { type = with types; attrsOf (submodule (configFileModule "overrides")); default = {}; - description = lib.mdDoc '' + description = '' Overridden configuration files, written into {file}`/etc/rspamd/override.d/{name}`. ''; example = literalExpression '' @@ -264,7 +264,7 @@ in localLuaRules = mkOption { default = null; type = types.nullOr types.path; - description = lib.mdDoc '' + description = '' Path of file to link to {file}`/etc/rspamd/rspamd.local.lua` for local rules written in Lua ''; @@ -272,7 +272,7 @@ in workers = mkOption { type = with types; attrsOf (submodule workerOpts); - description = lib.mdDoc '' + description = '' Attribute set of workers to start. ''; default = { @@ -301,7 +301,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra configuration to add at the end of the rspamd configuration file. ''; @@ -310,7 +310,7 @@ in user = mkOption { type = types.str; default = "rspamd"; - description = lib.mdDoc '' + description = '' User to use when no root privileges are required. ''; }; @@ -318,7 +318,7 @@ in group = mkOption { type = types.str; default = "rspamd"; - description = lib.mdDoc '' + description = '' Group to use when no root privileges are required. ''; }; @@ -327,12 +327,12 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Add rspamd milter to postfix main.conf"; + description = "Add rspamd milter to postfix main.conf"; }; config = mkOption { type = with types; attrsOf (oneOf [ bool str (listOf str) ]); - description = lib.mdDoc '' + description = '' Addon to postfix configuration ''; default = { diff --git a/nixpkgs/nixos/modules/services/mail/rss2email.nix b/nixpkgs/nixos/modules/services/mail/rss2email.nix index bd5cfd437838..7cc76a30409b 100644 --- a/nixpkgs/nixos/modules/services/mail/rss2email.nix +++ b/nixpkgs/nixos/modules/services/mail/rss2email.nix @@ -15,24 +15,24 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable rss2email."; + description = "Whether to enable rss2email."; }; to = mkOption { type = types.str; - description = lib.mdDoc "Mail address to which to send emails"; + description = "Mail address to which to send emails"; }; interval = mkOption { type = types.str; default = "12h"; - description = lib.mdDoc "How often to check the feeds, in systemd interval format"; + description = "How often to check the feeds, in systemd interval format"; }; config = mkOption { type = with types; attrsOf (oneOf [ str int bool ]); default = {}; - description = lib.mdDoc '' + description = '' The configuration to give rss2email. Default will use system-wide `sendmail` to send the @@ -49,18 +49,18 @@ in { }; feeds = mkOption { - description = lib.mdDoc "The feeds to watch."; + description = "The feeds to watch."; type = types.attrsOf (types.submodule { options = { url = mkOption { type = types.str; - description = lib.mdDoc "The URL at which to fetch the feed."; + description = "The URL at which to fetch the feed."; }; to = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Email address to which to send feed items. If `null`, this will not be set in the diff --git a/nixpkgs/nixos/modules/services/mail/schleuder.nix b/nixpkgs/nixos/modules/services/mail/schleuder.nix index 2991418dd804..ca07b879071c 100644 --- a/nixpkgs/nixos/modules/services/mail/schleuder.nix +++ b/nixpkgs/nixos/modules/services/mail/schleuder.nix @@ -18,10 +18,10 @@ let in { options.services.schleuder = { - enable = lib.mkEnableOption (lib.mdDoc "Schleuder secure remailer"); - enablePostfix = lib.mkEnableOption (lib.mdDoc "automatic postfix integration") // { default = true; }; + enable = lib.mkEnableOption "Schleuder secure remailer"; + enablePostfix = lib.mkEnableOption "automatic postfix integration" // { default = true; }; lists = lib.mkOption { - description = lib.mdDoc '' + description = '' List of list addresses that should be handled by Schleuder. Note that this is only handled by the postfix integration, and @@ -42,7 +42,7 @@ in }; */ settings = lib.mkOption { - description = lib.mdDoc '' + description = '' Settings for schleuder.yml. Check the [example configuration](https://0xacab.org/schleuder/schleuder/blob/master/etc/schleuder.yml) for possible values. @@ -51,7 +51,7 @@ in freeformType = settingsFormat.type; options.keyserver = lib.mkOption { type = lib.types.str; - description = lib.mdDoc '' + description = '' Key server from which to fetch and update keys. Note that NixOS uses a different default from upstream, since the upstream default sks-keyservers.net is deprecated. @@ -62,12 +62,12 @@ in default = { }; }; extraSettingsFile = lib.mkOption { - description = lib.mdDoc "YAML file to merge into the schleuder config at runtime. This can be used for secrets such as API keys."; + description = "YAML file to merge into the schleuder config at runtime. This can be used for secrets such as API keys."; type = lib.types.nullOr lib.types.path; default = null; }; listDefaults = lib.mkOption { - description = lib.mdDoc '' + description = '' Default settings for lists (list-defaults.yml). Check the [example configuration](https://0xacab.org/schleuder/schleuder/-/blob/master/etc/list-defaults.yml) for possible values. diff --git a/nixpkgs/nixos/modules/services/mail/spamassassin.nix b/nixpkgs/nixos/modules/services/mail/spamassassin.nix index 072172e31451..e51cc0239a82 100644 --- a/nixpkgs/nixos/modules/services/mail/spamassassin.nix +++ b/nixpkgs/nixos/modules/services/mail/spamassassin.nix @@ -12,17 +12,17 @@ in options = { services.spamassassin = { - enable = mkEnableOption (lib.mdDoc "the SpamAssassin daemon"); + enable = mkEnableOption "the SpamAssassin daemon"; debug = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to run the SpamAssassin daemon in debug mode"; + description = "Whether to run the SpamAssassin daemon in debug mode"; }; config = mkOption { type = types.lines; - description = lib.mdDoc '' + description = '' The SpamAssassin local.cf config If you are using this configuration: @@ -57,7 +57,7 @@ in initPreConf = mkOption { type = with types; either str path; - description = lib.mdDoc "The SpamAssassin init.pre config."; + description = "The SpamAssassin init.pre config."; apply = val: if builtins.isPath val then val else pkgs.writeText "init.pre" val; default = '' diff --git a/nixpkgs/nixos/modules/services/mail/stalwart-mail.nix b/nixpkgs/nixos/modules/services/mail/stalwart-mail.nix index 8ab3497f7a17..9cc919fd117d 100644 --- a/nixpkgs/nixos/modules/services/mail/stalwart-mail.nix +++ b/nixpkgs/nixos/modules/services/mail/stalwart-mail.nix @@ -10,13 +10,13 @@ let in { options.services.stalwart-mail = { - enable = mkEnableOption (mdDoc "the Stalwart all-in-one email server"); + enable = mkEnableOption "the Stalwart all-in-one email server"; package = mkPackageOption pkgs "stalwart-mail" { }; settings = mkOption { inherit (configFormat) type; default = { }; - description = mdDoc '' + description = '' Configuration options for the Stalwart email server. See <https://stalw.art/docs/category/configuration> for available options. diff --git a/nixpkgs/nixos/modules/services/mail/sympa.nix b/nixpkgs/nixos/modules/services/mail/sympa.nix index 13fc8656a2b5..fa8d3b82aaa0 100644 --- a/nixpkgs/nixos/modules/services/mail/sympa.nix +++ b/nixpkgs/nixos/modules/services/mail/sympa.nix @@ -80,13 +80,13 @@ in ###### interface options.services.sympa = with types; { - enable = mkEnableOption (lib.mdDoc "Sympa mailing list manager"); + enable = mkEnableOption "Sympa mailing list manager"; lang = mkOption { type = str; default = "en_US"; example = "cs"; - description = lib.mdDoc '' + description = '' Default Sympa language. See <https://github.com/sympa-community/sympa/tree/sympa-6.2/po/sympa> for available options. @@ -96,7 +96,7 @@ in listMasters = mkOption { type = listOf str; example = [ "postmaster@sympa.example.org" ]; - description = lib.mdDoc '' + description = '' The list of the email addresses of the listmasters (users authorized to perform global server commands). ''; @@ -106,7 +106,7 @@ in type = nullOr str; default = null; example = "lists.example.org"; - description = lib.mdDoc '' + description = '' Main domain to be used in {file}`sympa.conf`. If `null`, one of the {option}`services.sympa.domains` is chosen for you. ''; @@ -119,7 +119,7 @@ in type = nullOr str; default = null; example = "archive.example.org"; - description = lib.mdDoc '' + description = '' Domain part of the web interface URL (no web interface for this domain if `null`). DNS record of type A (or AAAA or CNAME) has to exist with this value. ''; @@ -128,7 +128,7 @@ in type = str; default = "/"; example = "/sympa"; - description = lib.mdDoc "URL path part of the web interface."; + description = "URL path part of the web interface."; }; settings = mkOption { type = attrsOf (oneOf [ str int bool ]); @@ -136,7 +136,7 @@ in example = { default_max_list_members = 3; }; - description = lib.mdDoc '' + description = '' The {file}`robot.conf` configuration file as key value set. See <https://sympa-community.github.io/gpldoc/man/sympa.conf.5.html> for list of configuration parameters. @@ -149,7 +149,7 @@ in }; })); - description = lib.mdDoc '' + description = '' Email domains handled by this instance. There have to be MX records for keys of this attribute set. ''; @@ -172,13 +172,13 @@ in type = enum [ "SQLite" "PostgreSQL" "MySQL" ]; default = "SQLite"; example = "MySQL"; - description = lib.mdDoc "Database engine to use."; + description = "Database engine to use."; }; host = mkOption { type = nullOr str; default = null; - description = lib.mdDoc '' + description = '' Database host address. For MySQL, use `localhost` to connect using Unix domain socket. @@ -194,14 +194,14 @@ in port = mkOption { type = nullOr port; default = null; - description = lib.mdDoc "Database port. Use `null` for default port."; + description = "Database port. Use `null` for default port."; }; name = mkOption { type = str; default = if cfg.database.type == "SQLite" then "${dataDir}/sympa.sqlite" else "sympa"; defaultText = literalExpression ''if database.type == "SQLite" then "${dataDir}/sympa.sqlite" else "sympa"''; - description = lib.mdDoc '' + description = '' Database name. When using SQLite this must be an absolute path to the database file. ''; @@ -210,14 +210,14 @@ in user = mkOption { type = nullOr str; default = user; - description = lib.mdDoc "Database user. The system user name is used as a default."; + description = "Database user. The system user name is used as a default."; }; passwordFile = mkOption { type = nullOr path; default = null; example = "/run/keys/sympa-dbpassword"; - description = lib.mdDoc '' + description = '' A file containing the password for {option}`services.sympa.database.name`. ''; }; @@ -225,7 +225,7 @@ in createLocally = mkOption { type = bool; default = true; - description = lib.mdDoc "Whether to create a local database automatically."; + description = "Whether to create a local database automatically."; }; }; @@ -233,13 +233,13 @@ in enable = mkOption { type = bool; default = true; - description = lib.mdDoc "Whether to enable Sympa web interface."; + description = "Whether to enable Sympa web interface."; }; server = mkOption { type = enum [ "nginx" "none" ]; default = "nginx"; - description = lib.mdDoc '' + description = '' The webserver used for the Sympa web interface. Set it to `none` if you want to configure it yourself. Further nginx configuration can be done by adapting {option}`services.nginx.virtualHosts.«name»`. @@ -249,7 +249,7 @@ in https = mkOption { type = bool; default = true; - description = lib.mdDoc '' + description = '' Whether to use HTTPS. When nginx integration is enabled, this option forces SSL and enables ACME. Please note that Sympa web interface always uses https links even when this option is disabled. ''; @@ -258,7 +258,7 @@ in fcgiProcs = mkOption { type = ints.positive; default = 2; - description = lib.mdDoc "Number of FastCGI processes to fork."; + description = "Number of FastCGI processes to fork."; }; }; @@ -266,7 +266,7 @@ in type = mkOption { type = enum [ "postfix" "none" ]; default = "postfix"; - description = lib.mdDoc '' + description = '' Mail transfer agent (MTA) integration. Use `none` if you want to configure it yourself. The `postfix` integration sets up local Postfix instance that will pass incoming @@ -285,7 +285,7 @@ in viewlogs_page_size = 50; } ''; - description = lib.mdDoc '' + description = '' The {file}`sympa.conf` configuration file as key value set. See <https://sympa-community.github.io/gpldoc/man/sympa.conf.5.html> for list of configuration parameters. @@ -298,16 +298,16 @@ in enable = mkOption { type = bool; default = true; - description = lib.mdDoc "Whether this file should be generated. This option allows specific files to be disabled."; + description = "Whether this file should be generated. This option allows specific files to be disabled."; }; text = mkOption { default = null; type = nullOr lines; - description = lib.mdDoc "Text of the file."; + description = "Text of the file."; }; source = mkOption { type = path; - description = lib.mdDoc "Path of the source file."; + description = "Path of the source file."; }; }; @@ -321,7 +321,7 @@ in }; } ''; - description = lib.mdDoc "Set of files to be linked in {file}`${dataDir}`."; + description = "Set of files to be linked in {file}`${dataDir}`."; }; }; diff --git a/nixpkgs/nixos/modules/services/mail/zeyple.nix b/nixpkgs/nixos/modules/services/mail/zeyple.nix index 9d4bc7f712d6..6f6a1799bc0a 100644 --- a/nixpkgs/nixos/modules/services/mail/zeyple.nix +++ b/nixpkgs/nixos/modules/services/mail/zeyple.nix @@ -16,12 +16,12 @@ let ''; in { options.services.zeyple = { - enable = mkEnableOption (lib.mdDoc "Zeyple, an utility program to automatically encrypt outgoing emails with GPG"); + enable = mkEnableOption "Zeyple, an utility program to automatically encrypt outgoing emails with GPG"; user = mkOption { type = types.str; default = "zeyple"; - description = lib.mdDoc '' + description = '' User to run Zeyple as. ::: {.note} @@ -35,7 +35,7 @@ in { group = mkOption { type = types.str; default = "zeyple"; - description = lib.mdDoc '' + description = '' Group to use to run Zeyple. ::: {.note} @@ -49,7 +49,7 @@ in { settings = mkOption { type = ini.type; default = { }; - description = lib.mdDoc '' + description = '' Zeyple configuration. refer to <https://github.com/infertux/zeyple/blob/master/zeyple/zeyple.conf.example> for details on supported values. @@ -58,13 +58,13 @@ in { keys = mkOption { type = with types; listOf path; - description = lib.mdDoc "List of public key files that will be imported by gpg."; + description = "List of public key files that will be imported by gpg."; }; rotateLogs = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to enable rotation of log files."; + description = "Whether to enable rotation of log files."; }; }; diff --git a/nixpkgs/nixos/modules/services/matrix/appservice-discord.nix b/nixpkgs/nixos/modules/services/matrix/appservice-discord.nix index c2c3abb79f97..7f3a1ed3e20a 100644 --- a/nixpkgs/nixos/modules/services/matrix/appservice-discord.nix +++ b/nixpkgs/nixos/modules/services/matrix/appservice-discord.nix @@ -13,7 +13,7 @@ let in { options = { services.matrix-appservice-discord = { - enable = mkEnableOption (lib.mdDoc "a bridge between Matrix and Discord"); + enable = mkEnableOption "a bridge between Matrix and Discord"; package = mkPackageOption pkgs "matrix-appservice-discord" { }; @@ -41,7 +41,7 @@ in { }; } ''; - description = lib.mdDoc '' + description = '' {file}`config.yaml` configuration as a Nix attribute set. Configuration options should match those described in @@ -58,7 +58,7 @@ in { environmentFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' File containing environment variables to be passed to the matrix-appservice-discord service, in which secret tokens can be specified securely by defining values for `APPSERVICE_DISCORD_AUTH_CLIENT_I_D` and @@ -70,7 +70,7 @@ in { type = types.str; default = "http://localhost:${toString cfg.port}"; defaultText = literalExpression ''"http://localhost:''${toString config.${opt.port}}"''; - description = lib.mdDoc '' + description = '' The URL where the application service is listening for HS requests. ''; }; @@ -78,7 +78,7 @@ in { port = mkOption { type = types.port; default = 9005; # from https://github.com/Half-Shot/matrix-appservice-discord/blob/master/package.json#L11 - description = lib.mdDoc '' + description = '' Port number on which the bridge should listen for internal communication with the Matrix homeserver. ''; }; @@ -86,7 +86,7 @@ in { localpart = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' The user_id localpart to assign to the AS. ''; }; @@ -97,7 +97,7 @@ in { defaultText = literalExpression '' optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit ''; - description = lib.mdDoc '' + description = '' List of Systemd services to require and wait for when starting the application service, such as the Matrix homeserver if it's running on the same host. ''; diff --git a/nixpkgs/nixos/modules/services/matrix/appservice-irc.nix b/nixpkgs/nixos/modules/services/matrix/appservice-irc.nix index c79cd799b4d0..f4539a90f2e6 100644 --- a/nixpkgs/nixos/modules/services/matrix/appservice-irc.nix +++ b/nixpkgs/nixos/modules/services/matrix/appservice-irc.nix @@ -26,30 +26,30 @@ let registrationFile = "/var/lib/matrix-appservice-irc/registration.yml"; in { options.services.matrix-appservice-irc = with types; { - enable = mkEnableOption (lib.mdDoc "the Matrix/IRC bridge"); + enable = mkEnableOption "the Matrix/IRC bridge"; port = mkOption { type = port; - description = lib.mdDoc "The port to listen on"; + description = "The port to listen on"; default = 8009; }; needBindingCap = mkOption { type = bool; - description = lib.mdDoc "Whether the daemon needs to bind to ports below 1024 (e.g. for the ident service)"; + description = "Whether the daemon needs to bind to ports below 1024 (e.g. for the ident service)"; default = false; }; passwordEncryptionKeyLength = mkOption { type = ints.unsigned; - description = lib.mdDoc "Length of the key to encrypt IRC passwords with"; + description = "Length of the key to encrypt IRC passwords with"; default = 4096; example = 8192; }; registrationUrl = mkOption { type = str; - description = lib.mdDoc '' + description = '' The URL where the application service is listening for homeserver requests, from the Matrix homeserver perspective. ''; @@ -58,12 +58,12 @@ in { localpart = mkOption { type = str; - description = lib.mdDoc "The user_id localpart to assign to the appservice"; + description = "The user_id localpart to assign to the appservice"; default = "appservice-irc"; }; settings = mkOption { - description = lib.mdDoc '' + description = '' Configuration for the appservice, see <https://github.com/matrix-org/matrix-appservice-irc/blob/${pkgs.matrix-appservice-irc.version}/config.sample.yaml> for supported values @@ -74,7 +74,7 @@ in { options = { homeserver = mkOption { - description = lib.mdDoc "Homeserver configuration"; + description = "Homeserver configuration"; default = {}; type = submodule { freeformType = jsonType; @@ -82,12 +82,12 @@ in { options = { url = mkOption { type = str; - description = lib.mdDoc "The URL to the home server for client-server API calls"; + description = "The URL to the home server for client-server API calls"; }; domain = mkOption { type = str; - description = lib.mdDoc '' + description = '' The 'domain' part for user IDs on this home server. Usually (but not always) is the "domain name" part of the homeserver URL. ''; @@ -98,21 +98,21 @@ in { database = mkOption { default = {}; - description = lib.mdDoc "Configuration for the database"; + description = "Configuration for the database"; type = submodule { freeformType = jsonType; options = { engine = mkOption { type = str; - description = lib.mdDoc "Which database engine to use"; + description = "Which database engine to use"; default = "nedb"; example = "postgres"; }; connectionString = mkOption { type = str; - description = lib.mdDoc "The database connection string"; + description = "The database connection string"; default = "nedb://var/lib/matrix-appservice-irc/data"; example = "postgres://username:password@host:port/databasename"; }; @@ -122,14 +122,14 @@ in { ircService = mkOption { default = {}; - description = lib.mdDoc "IRC bridge configuration"; + description = "IRC bridge configuration"; type = submodule { freeformType = jsonType; options = { passwordEncryptionKeyPath = mkOption { type = str; - description = lib.mdDoc '' + description = '' Location of the key with which IRC passwords are encrypted for storage. Will be generated on first run if not present. ''; @@ -138,7 +138,7 @@ in { servers = mkOption { type = submodule { freeformType = jsonType; }; - description = lib.mdDoc "IRC servers to connect to"; + description = "IRC servers to connect to"; }; }; }; @@ -214,8 +214,9 @@ in { RestrictRealtime = true; PrivateMounts = true; SystemCallFilter = [ - "@system-service @pkey @chown" + "@system-service @pkey" "~@privileged @resources" + "@chown" ]; SystemCallArchitectures = "native"; # AF_UNIX is required to connect to a postgres socket. diff --git a/nixpkgs/nixos/modules/services/matrix/conduit.nix b/nixpkgs/nixos/modules/services/matrix/conduit.nix index b0fc85dbda7b..9b8a4f45c268 100644 --- a/nixpkgs/nixos/modules/services/matrix/conduit.nix +++ b/nixpkgs/nixos/modules/services/matrix/conduit.nix @@ -11,11 +11,11 @@ in { meta.maintainers = with maintainers; [ pstn piegames ]; options.services.matrix-conduit = { - enable = mkEnableOption (lib.mdDoc "matrix-conduit"); + enable = mkEnableOption "matrix-conduit"; extraEnvironment = mkOption { type = types.attrsOf types.str; - description = lib.mdDoc "Extra Environment variables to pass to the conduit server."; + description = "Extra Environment variables to pass to the conduit server."; default = {}; example = { RUST_BACKTRACE="yes"; }; }; @@ -29,50 +29,50 @@ in global.server_name = mkOption { type = types.str; example = "example.com"; - description = lib.mdDoc "The server_name is the name of this server. It is used as a suffix for user # and room ids."; + description = "The server_name is the name of this server. It is used as a suffix for user # and room ids."; }; global.port = mkOption { type = types.port; default = 6167; - description = lib.mdDoc "The port Conduit will be running on. You need to set up a reverse proxy in your web server (e.g. apache or nginx), so all requests to /_matrix on port 443 and 8448 will be forwarded to the Conduit instance running on this port"; + description = "The port Conduit will be running on. You need to set up a reverse proxy in your web server (e.g. apache or nginx), so all requests to /_matrix on port 443 and 8448 will be forwarded to the Conduit instance running on this port"; }; global.max_request_size = mkOption { type = types.ints.positive; default = 20000000; - description = lib.mdDoc "Max request size in bytes. Don't forget to also change it in the proxy."; + description = "Max request size in bytes. Don't forget to also change it in the proxy."; }; global.allow_registration = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether new users can register on this server."; + description = "Whether new users can register on this server."; }; global.allow_encryption = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether new encrypted rooms can be created. Note: existing rooms will continue to work."; + description = "Whether new encrypted rooms can be created. Note: existing rooms will continue to work."; }; global.allow_federation = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether this server federates with other servers. ''; }; global.trusted_servers = mkOption { type = types.listOf types.str; default = [ "matrix.org" ]; - description = lib.mdDoc "Servers trusted with signing server keys."; + description = "Servers trusted with signing server keys."; }; global.address = mkOption { type = types.str; default = "::1"; - description = lib.mdDoc "Address to listen on for connections by the reverse proxy/tls terminator."; + description = "Address to listen on for connections by the reverse proxy/tls terminator."; }; global.database_path = mkOption { type = types.str; default = "/var/lib/matrix-conduit/"; readOnly = true; - description = lib.mdDoc '' + description = '' Path to the conduit database, the directory where conduit will save its data. Note that due to using the DynamicUser feature of systemd, this value should not be changed and is set to be read only. @@ -82,7 +82,7 @@ in type = types.enum [ "sqlite" "rocksdb" ]; default = "sqlite"; example = "rocksdb"; - description = lib.mdDoc '' + description = '' The database backend for the service. Switching it on an existing instance will require manual migration of data. ''; @@ -90,7 +90,7 @@ in global.allow_check_for_updates = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to allow Conduit to automatically contact <https://conduit.rs> hourly to check for important Conduit news. @@ -100,9 +100,9 @@ in }; }; default = {}; - description = lib.mdDoc '' + description = '' Generates the conduit.toml configuration file. Refer to - <https://gitlab.com/famedly/conduit/-/blob/master/conduit-example.toml> + <https://docs.conduit.rs/configuration.html> for details on supported values. Note that database_path can not be edited because the service's reliance on systemd StateDir. ''; diff --git a/nixpkgs/nixos/modules/services/matrix/dendrite.nix b/nixpkgs/nixos/modules/services/matrix/dendrite.nix index 244c15fbf7a9..5152dfadf2e5 100644 --- a/nixpkgs/nixos/modules/services/matrix/dendrite.nix +++ b/nixpkgs/nixos/modules/services/matrix/dendrite.nix @@ -7,18 +7,18 @@ let in { options.services.dendrite = { - enable = lib.mkEnableOption (lib.mdDoc "matrix.org dendrite"); + enable = lib.mkEnableOption "matrix.org dendrite"; httpPort = lib.mkOption { type = lib.types.nullOr lib.types.port; default = 8008; - description = lib.mdDoc '' + description = '' The port to listen for HTTP requests on. ''; }; httpsPort = lib.mkOption { type = lib.types.nullOr lib.types.port; default = null; - description = lib.mdDoc '' + description = '' The port to listen for HTTPS requests on. ''; }; @@ -26,7 +26,7 @@ in type = lib.types.nullOr lib.types.path; example = "/var/lib/dendrite/server.cert"; default = null; - description = lib.mdDoc '' + description = '' The path to the TLS certificate. ``` @@ -38,7 +38,7 @@ in type = lib.types.nullOr lib.types.path; example = "/var/lib/dendrite/server.key"; default = null; - description = lib.mdDoc '' + description = '' The path to the TLS key. ``` @@ -50,7 +50,7 @@ in type = lib.types.nullOr lib.types.path; example = "/var/lib/dendrite/registration_secret"; default = null; - description = lib.mdDoc '' + description = '' Environment file as defined in {manpage}`systemd.exec(5)`. Secrets may be passed to the service without adding them to the world-readable Nix store, by specifying placeholder variables as the option value in Nix and @@ -76,7 +76,7 @@ in type = lib.types.listOf lib.types.str; default = [ ]; example = [ "private_key:/path/to/my_private_key" ]; - description = lib.mdDoc '' + description = '' This can be used to pass secrets to the systemd service without adding them to the nix store. To use the example setting, see the example of @@ -91,7 +91,7 @@ in server_name = lib.mkOption { type = lib.types.str; example = "example.com"; - description = lib.mdDoc '' + description = '' The domain name of the server, with optional explicit port. This is used by remote servers to connect to this server. This is also the last part of your UserID. @@ -102,7 +102,7 @@ in lib.types.path (lib.types.strMatching "^\\$CREDENTIALS_DIRECTORY/.+"); example = "$CREDENTIALS_DIRECTORY/private_key"; - description = lib.mdDoc '' + description = '' The path to the signing private key file, used to sign requests and events. @@ -115,7 +115,7 @@ in type = lib.types.listOf lib.types.str; example = [ "matrix.org" ]; default = [ "matrix.org" "vector.im" ]; - description = lib.mdDoc '' + description = '' Lists of domains that the server will trust as identity servers to verify third party identifiers such as phone numbers and email addresses @@ -126,7 +126,7 @@ in connection_string = lib.mkOption { type = lib.types.str; default = "file:federationapi.db"; - description = lib.mdDoc '' + description = '' Database for the Appservice API. ''; }; @@ -135,7 +135,7 @@ in registration_disabled = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to disable user registration to the server without the shared secret. ''; @@ -145,7 +145,7 @@ in connection_string = lib.mkOption { type = lib.types.str; default = "file:federationapi.db"; - description = lib.mdDoc '' + description = '' Database for the Federation API. ''; }; @@ -154,7 +154,7 @@ in connection_string = lib.mkOption { type = lib.types.str; default = "file:keyserver.db"; - description = lib.mdDoc '' + description = '' Database for the Key Server (for end-to-end encryption). ''; }; @@ -163,7 +163,7 @@ in connection_string = lib.mkOption { type = lib.types.str; default = "file:relayapi.db"; - description = lib.mdDoc '' + description = '' Database for the Relay Server. ''; }; @@ -173,7 +173,7 @@ in connection_string = lib.mkOption { type = lib.types.str; default = "file:mediaapi.db"; - description = lib.mdDoc '' + description = '' Database for the Media API. ''; }; @@ -181,7 +181,7 @@ in base_path = lib.mkOption { type = lib.types.str; default = "${workingDir}/media_store"; - description = lib.mdDoc '' + description = '' Storage path for uploaded media. ''; }; @@ -190,7 +190,7 @@ in connection_string = lib.mkOption { type = lib.types.str; default = "file:roomserver.db"; - description = lib.mdDoc '' + description = '' Database for the Room Server. ''; }; @@ -199,24 +199,24 @@ in connection_string = lib.mkOption { type = lib.types.str; default = "file:syncserver.db"; - description = lib.mdDoc '' + description = '' Database for the Sync API. ''; }; }; options.sync_api.search = { - enable = lib.mkEnableOption (lib.mdDoc "Dendrite's full-text search engine"); + enable = lib.mkEnableOption "Dendrite's full-text search engine"; index_path = lib.mkOption { type = lib.types.str; default = "${workingDir}/searchindex"; - description = lib.mdDoc '' + description = '' The path the search index will be created in. ''; }; language = lib.mkOption { type = lib.types.str; default = "en"; - description = lib.mdDoc '' + description = '' The language most likely to be used on the server - used when indexing, to ensure the returned results match expectations. A full list of possible languages can be found at https://github.com/blevesearch/bleve/tree/master/analysis/lang @@ -228,7 +228,7 @@ in connection_string = lib.mkOption { type = lib.types.str; default = "file:userapi_accounts.db"; - description = lib.mdDoc '' + description = '' Database for the User API, accounts. ''; }; @@ -237,7 +237,7 @@ in connection_string = lib.mkOption { type = lib.types.str; default = "file:userapi_devices.db"; - description = lib.mdDoc '' + description = '' Database for the User API, devices. ''; }; @@ -248,7 +248,7 @@ in connection_string = lib.mkOption { type = lib.types.str; default = "file:mscs.db"; - description = lib.mdDoc '' + description = '' Database for exerimental MSC's. ''; }; @@ -256,7 +256,7 @@ in }; }; default = { }; - description = lib.mdDoc '' + description = '' Configuration for dendrite, see: <https://github.com/matrix-org/dendrite/blob/master/dendrite-config.yaml> for available options with which to populate settings. @@ -265,7 +265,7 @@ in openRegistration = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Allow open registration without secondary verification (reCAPTCHA). ''; }; diff --git a/nixpkgs/nixos/modules/services/matrix/hebbot.nix b/nixpkgs/nixos/modules/services/matrix/hebbot.nix index ebf175464ddd..9f344fbe08d0 100644 --- a/nixpkgs/nixos/modules/services/matrix/hebbot.nix +++ b/nixpkgs/nixos/modules/services/matrix/hebbot.nix @@ -11,7 +11,7 @@ let settingsFile = format.generate "config.toml" cfg.settings; mkTemplateOption = templateName: mkOption { type = types.path; - description = lib.mdDoc '' + description = '' A path to the Markdown file for the ${templateName}. ''; }; @@ -22,7 +22,7 @@ in enable = mkEnableOption "hebbot"; botPasswordFile = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' A path to the password file for your bot. Consider using a path that does not end up in your Nix store @@ -37,7 +37,7 @@ in settings = mkOption { type = format.type; default = { }; - description = lib.mdDoc '' + description = '' Configuration for Hebbot, see, for examples: - <https://github.com/matrix-org/twim-config/blob/master/config.toml> diff --git a/nixpkgs/nixos/modules/services/matrix/matrix-sliding-sync.nix b/nixpkgs/nixos/modules/services/matrix/matrix-sliding-sync.nix index d62e41bebd64..d273bba3e52d 100644 --- a/nixpkgs/nixos/modules/services/matrix/matrix-sliding-sync.nix +++ b/nixpkgs/nixos/modules/services/matrix/matrix-sliding-sync.nix @@ -9,7 +9,7 @@ in ]; options.services.matrix-sliding-sync = { - enable = lib.mkEnableOption (lib.mdDoc "sliding sync"); + enable = lib.mkEnableOption "sliding sync"; package = lib.mkPackageOption pkgs "matrix-sliding-sync" { }; @@ -19,7 +19,7 @@ in options = { SYNCV3_SERVER = lib.mkOption { type = lib.types.str; - description = lib.mdDoc '' + description = '' The destination homeserver to talk to not including `/_matrix/` e.g `https://matrix.example.org`. ''; }; @@ -27,7 +27,7 @@ in SYNCV3_DB = lib.mkOption { type = lib.types.str; default = "postgresql:///matrix-sliding-sync?host=/run/postgresql"; - description = lib.mdDoc '' + description = '' The postgres connection string. Refer to <https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING>. ''; @@ -37,18 +37,18 @@ in type = lib.types.str; default = "127.0.0.1:8009"; example = "[::]:8008"; - description = lib.mdDoc "The interface and port or path (for unix socket) to listen on."; + description = "The interface and port or path (for unix socket) to listen on."; }; SYNCV3_LOG_LEVEL = lib.mkOption { type = lib.types.enum [ "trace" "debug" "info" "warn" "error" "fatal" ]; default = "info"; - description = lib.mdDoc "The level of verbosity for messages logged."; + description = "The level of verbosity for messages logged."; }; }; }; default = { }; - description = lib.mdDoc '' + description = '' Freeform environment variables passed to the sliding sync proxy. Refer to <https://github.com/matrix-org/sliding-sync#setup> for all supported values. ''; @@ -57,7 +57,7 @@ in createDatabase = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable and configure `services.postgres` to ensure that the database user `matrix-sliding-sync` and the database `matrix-sliding-sync` exist. ''; @@ -65,7 +65,7 @@ in environmentFile = lib.mkOption { type = lib.types.str; - description = lib.mdDoc '' + description = '' Environment file as defined in {manpage}`systemd.exec(5)`. This must contain the {env}`SYNCV3_SECRET` variable which should diff --git a/nixpkgs/nixos/modules/services/matrix/maubot.nix b/nixpkgs/nixos/modules/services/matrix/maubot.nix index bc96ca03b1fc..7aea88bd273d 100644 --- a/nixpkgs/nixos/modules/services/matrix/maubot.nix +++ b/nixpkgs/nixos/modules/services/matrix/maubot.nix @@ -57,7 +57,7 @@ let in { options.services.maubot = with lib; { - enable = mkEnableOption (mdDoc "maubot"); + enable = mkEnableOption "maubot"; package = lib.mkPackageOption pkgs "maubot" { }; @@ -70,7 +70,7 @@ in xyz.maubot.rss ]; ''; - description = mdDoc '' + description = '' List of additional maubot plugins to make available. ''; }; @@ -83,7 +83,7 @@ in aiohttp ]; ''; - description = mdDoc '' + description = '' List of additional Python packages to make available for maubot. ''; }; @@ -91,7 +91,7 @@ in dataDir = mkOption { type = types.str; default = "/var/lib/maubot"; - description = mdDoc '' + description = '' The directory where maubot stores its stateful data. ''; }; @@ -100,7 +100,7 @@ in type = types.str; default = "./config.yaml"; defaultText = literalExpression ''"''${config.services.maubot.dataDir}/config.yaml"''; - description = mdDoc '' + description = '' A file for storing secrets. You can pass homeserver registration keys here. If it already exists, **it must contain `server.unshared_secret`** which is used for signing API keys. If `configMutable` is not set to true, **maubot user must have write access to this file**. @@ -110,14 +110,14 @@ in configMutable = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Whether maubot should write updated config into `extraConfigFile`. **This will make your Nix module settings have no effect besides the initial config, as extraConfigFile takes precedence over NixOS settings!** ''; }; settings = mkOption { default = { }; - description = mdDoc '' + description = '' YAML settings for maubot. See the [example configuration](https://github.com/maubot/maubot/blob/master/maubot/example-config.yaml) for more info. @@ -130,7 +130,7 @@ in type = str; default = "sqlite:maubot.db"; example = "postgresql://username:password@hostname/dbname"; - description = mdDoc '' + description = '' The full URI to the database. SQLite and Postgres are fully supported. Other DBMSes supported by SQLAlchemy may or may not work. ''; @@ -140,7 +140,7 @@ in type = str; default = "default"; example = "postgresql://username:password@hostname/dbname"; - description = mdDoc '' + description = '' Separate database URL for the crypto database. By default, the regular database is also used for crypto. ''; }; @@ -148,21 +148,21 @@ in database_opts = mkOption { type = types.attrs; default = { }; - description = mdDoc '' + description = '' Additional arguments for asyncpg.create_pool() or sqlite3.connect() ''; }; plugin_directories = mkOption { default = { }; - description = mdDoc "Plugin directory paths"; + description = "Plugin directory paths"; type = submodule { options = { upload = mkOption { type = types.str; default = "./plugins"; defaultText = literalExpression ''"''${config.services.maubot.dataDir}/plugins"''; - description = mdDoc '' + description = '' The directory where uploaded new plugins should be stored. ''; }; @@ -170,7 +170,7 @@ in type = types.listOf types.str; default = [ "./plugins" ]; defaultText = literalExpression ''[ "''${config.services.maubot.dataDir}/plugins" ]''; - description = mdDoc '' + description = '' The directories from which plugins should be loaded. Duplicate plugin IDs will be moved to the trash. ''; }; @@ -178,7 +178,7 @@ in type = with types; nullOr str; default = "./trash"; defaultText = literalExpression ''"''${config.services.maubot.dataDir}/trash"''; - description = mdDoc '' + description = '' The directory where old plugin versions and conflicting plugins should be moved. Set to null to delete files immediately. ''; }; @@ -187,7 +187,7 @@ in }; plugin_databases = mkOption { - description = mdDoc "Plugin database settings"; + description = "Plugin database settings"; default = { }; type = submodule { options = { @@ -195,7 +195,7 @@ in type = types.str; default = "./plugins"; defaultText = literalExpression ''"''${config.services.maubot.dataDir}/plugins"''; - description = mdDoc '' + description = '' The directory where SQLite plugin databases should be stored. ''; }; @@ -204,7 +204,7 @@ in type = types.nullOr types.str; default = if isPostgresql cfg.settings.database then "default" else null; defaultText = literalExpression ''if isPostgresql config.services.maubot.settings.database then "default" else null''; - description = mdDoc '' + description = '' The connection URL for plugin database. See [example config](https://github.com/maubot/maubot/blob/master/maubot/example-config.yaml) for exact format. ''; }; @@ -212,7 +212,7 @@ in postgres_max_conns_per_plugin = mkOption { type = types.nullOr types.int; default = 3; - description = mdDoc '' + description = '' Maximum number of connections per plugin instance. ''; }; @@ -220,7 +220,7 @@ in postgres_opts = mkOption { type = types.attrs; default = { }; - description = mdDoc '' + description = '' Overrides for the default database_opts when using a non-default postgres connection URL. ''; }; @@ -230,20 +230,20 @@ in server = mkOption { default = { }; - description = mdDoc "Listener config"; + description = "Listener config"; type = submodule { options = { hostname = mkOption { type = types.str; default = "127.0.0.1"; - description = mdDoc '' + description = '' The IP to listen on ''; }; port = mkOption { type = types.port; default = 29316; - description = mdDoc '' + description = '' The port to listen on ''; }; @@ -251,14 +251,14 @@ in type = types.str; default = "http://${cfg.settings.server.hostname}:${toString cfg.settings.server.port}"; defaultText = literalExpression ''"http://''${config.services.maubot.settings.server.hostname}:''${toString config.services.maubot.settings.server.port}"''; - description = mdDoc '' + description = '' Public base URL where the server is visible. ''; }; ui_base_path = mkOption { type = types.str; default = "/_matrix/maubot"; - description = mdDoc '' + description = '' The base path for the UI. ''; }; @@ -268,14 +268,14 @@ in defaultText = literalExpression '' "''${config.services.maubot.settings.server.ui_base_path}/plugin/" ''; - description = mdDoc '' + description = '' The base path for plugin endpoints. The instance ID will be appended directly. ''; }; override_resource_path = mkOption { type = types.nullOr types.str; default = null; - description = mdDoc '' + description = '' Override path from where to load UI resources. ''; }; @@ -288,7 +288,7 @@ in options = { url = mkOption { type = types.str; - description = mdDoc '' + description = '' Client-server API URL ''; }; @@ -299,7 +299,7 @@ in url = "https://matrix-client.matrix.org"; }; }; - description = mdDoc '' + description = '' Known homeservers. This is required for the `mbc auth` command and also allows more convenient access from the management UI. If you want to specify registration secrets, pass this via extraConfigFile instead. ''; @@ -308,7 +308,7 @@ in admins = mkOption { type = types.attrsOf types.str; default = { root = ""; }; - description = mdDoc '' + description = '' List of administrator users. Plaintext passwords will be bcrypted on startup. Set empty password to prevent normal login. Root is a special user that can't have a password and will always exist. ''; @@ -328,14 +328,14 @@ in dev_open = true; log = true; }; - description = mdDoc '' + description = '' API feature switches. ''; }; logging = mkOption { type = types.attrs; - description = mdDoc '' + description = '' Python logging configuration. See [section 16.7.2 of the Python documentation](https://docs.python.org/3.6/library/logging.config.html#configuration-dictionary-schema) for more info. diff --git a/nixpkgs/nixos/modules/services/matrix/mautrix-facebook.nix b/nixpkgs/nixos/modules/services/matrix/mautrix-facebook.nix index d7cf024bb807..4d5217ee4367 100644 --- a/nixpkgs/nixos/modules/services/matrix/mautrix-facebook.nix +++ b/nixpkgs/nixos/modules/services/matrix/mautrix-facebook.nix @@ -17,7 +17,7 @@ let in { options = { services.mautrix-facebook = { - enable = mkEnableOption (lib.mdDoc "Mautrix-Facebook, a Matrix-Facebook hybrid puppeting/relaybot bridge"); + enable = mkEnableOption "Mautrix-Facebook, a Matrix-Facebook hybrid puppeting/relaybot bridge"; settings = mkOption rec { apply = recursiveUpdate default; @@ -83,7 +83,7 @@ in { }; } ''; - description = lib.mdDoc '' + description = '' {file}`config.yaml` configuration as a Nix attribute set. Configuration options should match those described in [example-config.yaml](https://github.com/mautrix/facebook/blob/master/mautrix_facebook/example-config.yaml). @@ -96,7 +96,7 @@ in { environmentFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' File containing environment variables to be passed to the mautrix-facebook service. Any config variable can be overridden by setting `MAUTRIX_FACEBOOK_SOME_KEY` to override the `some.key` variable. @@ -106,7 +106,7 @@ in { configurePostgresql = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Enable PostgreSQL and create a user and database for mautrix-facebook. The default `settings` reference this database, if you disable this option you must provide a database URL. ''; }; @@ -114,7 +114,7 @@ in { registrationData = mkOption { type = types.attrs; default = {}; - description = lib.mdDoc '' + description = '' Output data for appservice registration. Simply make any desired changes and serialize to JSON. Note that this data contains secrets so think twice before putting it into the nix store. Currently `as_token` and `hs_token` need to be added as they are not known to this module. diff --git a/nixpkgs/nixos/modules/services/matrix/mautrix-meta.nix b/nixpkgs/nixos/modules/services/matrix/mautrix-meta.nix new file mode 100644 index 000000000000..f0905c3af129 --- /dev/null +++ b/nixpkgs/nixos/modules/services/matrix/mautrix-meta.nix @@ -0,0 +1,562 @@ +{ config, pkgs, lib, ... }: + +let + settingsFormat = pkgs.formats.yaml {}; + + upperConfig = config; + cfg = config.services.mautrix-meta; + upperCfg = cfg; + + fullDataDir = cfg: "/var/lib/${cfg.dataDir}"; + + settingsFile = cfg: "${fullDataDir cfg}/config.yaml"; + settingsFileUnsubstituted = cfg: settingsFormat.generate "mautrix-meta-config.yaml" cfg.settings; + + metaName = name: "mautrix-meta-${name}"; + + enabledInstances = lib.filterAttrs (name: config: config.enable) config.services.mautrix-meta.instances; + registerToSynapseInstances = lib.filterAttrs (name: config: config.enable && config.registerToSynapse) config.services.mautrix-meta.instances; +in { + options = { + services.mautrix-meta = { + + package = lib.mkPackageOption pkgs "mautrix-meta" { }; + + instances = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({ config, name, ... }: { + + options = { + + enable = lib.mkEnableOption "Mautrix-Meta, a Matrix <-> Facebook and Matrix <-> Instagram hybrid puppeting/relaybot bridge"; + + dataDir = lib.mkOption { + type = lib.types.str; + default = metaName name; + description = '' + Path to the directory with database, registration, and other data for the bridge service. + This path is relative to `/var/lib`, it cannot start with `../` (it cannot be outside of `/var/lib`). + ''; + }; + + registrationFile = lib.mkOption { + type = lib.types.path; + readOnly = true; + description = '' + Path to the yaml registration file of the appservice. + ''; + }; + + registerToSynapse = lib.mkOption { + type = lib.types.bool; + default = true; + description = '' + Whether to add registration file to `services.matrix-synapse.settings.app_service_config_files` and + make Synapse wait for registration service. + ''; + }; + + settings = lib.mkOption rec { + apply = lib.recursiveUpdate default; + inherit (settingsFormat) type; + default = { + homeserver = { + software = "standard"; + + domain = ""; + address = ""; + }; + + appservice = { + id = ""; + + database = { + type = "sqlite3-fk-wal"; + uri = "file:${fullDataDir config}/mautrix-meta.db?_txlock=immediate"; + }; + + bot = { + username = ""; + }; + + hostname = "localhost"; + port = 29319; + address = "http://${config.settings.appservice.hostname}:${toString config.settings.appservice.port}"; + }; + + meta = { + mode = ""; + }; + + bridge = { + # Enable encryption by default to make the bridge more secure + encryption = { + allow = true; + default = true; + require = true; + + # Recommended options from mautrix documentation + # for additional security. + delete_keys = { + dont_store_outbound = true; + ratchet_on_decrypt = true; + delete_fully_used_on_decrypt = true; + delete_prev_on_new_session = true; + delete_on_device_delete = true; + periodically_delete_expired = true; + delete_outdated_inbound = true; + }; + + verification_levels = { + receive = "cross-signed-tofu"; + send = "cross-signed-tofu"; + share = "cross-signed-tofu"; + }; + }; + + permissions = {}; + }; + + logging = { + min_level = "info"; + writers = lib.singleton { + type = "stdout"; + format = "pretty-colored"; + time_format = " "; + }; + }; + }; + defaultText = '' + { + homeserver = { + software = "standard"; + address = "https://''${config.settings.homeserver.domain}"; + }; + + appservice = { + database = { + type = "sqlite3-fk-wal"; + uri = "file:''${fullDataDir config}/mautrix-meta.db?_txlock=immediate"; + }; + + hostname = "localhost"; + port = 29319; + address = "http://''${config.settings.appservice.hostname}:''${toString config.settings.appservice.port}"; + }; + + bridge = { + # Require encryption by default to make the bridge more secure + encryption = { + allow = true; + default = true; + require = true; + + # Recommended options from mautrix documentation + # for optimal security. + delete_keys = { + dont_store_outbound = true; + ratchet_on_decrypt = true; + delete_fully_used_on_decrypt = true; + delete_prev_on_new_session = true; + delete_on_device_delete = true; + periodically_delete_expired = true; + delete_outdated_inbound = true; + }; + + verification_levels = { + receive = "cross-signed-tofu"; + send = "cross-signed-tofu"; + share = "cross-signed-tofu"; + }; + }; + }; + + logging = { + min_level = "info"; + writers = lib.singleton { + type = "stdout"; + format = "pretty-colored"; + time_format = " "; + }; + }; + }; + ''; + description = '' + {file}`config.yaml` configuration as a Nix attribute set. + Configuration options should match those described in + [example-config.yaml](https://github.com/mautrix/meta/blob/main/example-config.yaml). + + Secret tokens should be specified using {option}`environmentFile` + instead + ''; + }; + + environmentFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; + default = null; + description = '' + File containing environment variables to substitute when copying the configuration + out of Nix store to the `services.mautrix-meta.dataDir`. + + Can be used for storing the secrets without making them available in the Nix store. + + For example, you can set `services.mautrix-meta.settings.appservice.as_token = "$MAUTRIX_META_APPSERVICE_AS_TOKEN"` + and then specify `MAUTRIX_META_APPSERVICE_AS_TOKEN="{token}"` in the environment file. + This value will get substituted into the configuration file as as token. + ''; + }; + + serviceDependencies = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = + [ config.registrationServiceUnit ] ++ + (lib.lists.optional upperConfig.services.matrix-synapse.enable upperConfig.services.matrix-synapse.serviceUnit) ++ + (lib.lists.optional upperConfig.services.matrix-conduit.enable "matrix-conduit.service") ++ + (lib.lists.optional upperConfig.services.dendrite.enable "dendrite.service"); + + defaultText = '' + [ config.registrationServiceUnit ] ++ + (lib.lists.optional upperConfig.services.matrix-synapse.enable upperConfig.services.matrix-synapse.serviceUnit) ++ + (lib.lists.optional upperConfig.services.matrix-conduit.enable "matrix-conduit.service") ++ + (lib.lists.optional upperConfig.services.dendrite.enable "dendrite.service"); + ''; + description = '' + List of Systemd services to require and wait for when starting the application service. + ''; + }; + + serviceUnit = lib.mkOption { + type = lib.types.str; + readOnly = true; + description = '' + The systemd unit (a service or a target) for other services to depend on if they + need to be started after matrix-synapse. + + This option is useful as the actual parent unit for all matrix-synapse processes + changes when configuring workers. + ''; + }; + + registrationServiceUnit = lib.mkOption { + type = lib.types.str; + readOnly = true; + description = '' + The registration service that generates the registration file. + + Systemd unit (a service or a target) for other services to depend on if they + need to be started after mautrix-meta registration service. + + This option is useful as the actual parent unit for all matrix-synapse processes + changes when configuring workers. + ''; + }; + }; + + config = { + serviceUnit = (metaName name) + ".service"; + registrationServiceUnit = (metaName name) + "-registration.service"; + registrationFile = (fullDataDir config) + "/meta-registration.yaml"; + }; + })); + + description = '' + Configuration of multiple `mautrix-meta` instances. + `services.mautrix-meta.instances.facebook` and `services.mautrix-meta.instances.instagram` + come preconfigured with meta.mode, appservice.id, bot username, display name and avatar. + ''; + + example = '' + { + facebook = { + enable = true; + settings = { + homeserver.domain = "example.com"; + }; + }; + + instagram = { + enable = true; + settings = { + homeserver.domain = "example.com"; + }; + }; + + messenger = { + enable = true; + settings = { + meta.mode = "messenger"; + homeserver.domain = "example.com"; + appservice = { + id = "messenger"; + bot = { + username = "messengerbot"; + displayname = "Messenger bridge bot"; + avatar = "mxc://maunium.net/ygtkteZsXnGJLJHRchUwYWak"; + }; + }; + }; + }; + } + ''; + }; + }; + }; + + config = lib.mkMerge [ + (lib.mkIf (enabledInstances != {}) { + assertions = lib.mkMerge (lib.attrValues (lib.mapAttrs (name: cfg: [ + { + assertion = cfg.settings.homeserver.domain != "" && cfg.settings.homeserver.address != ""; + message = '' + The options with information about the homeserver: + `services.mautrix-meta.instances.${name}.settings.homeserver.domain` and + `services.mautrix-meta.instances.${name}.settings.homeserver.address` have to be set. + ''; + } + { + assertion = builtins.elem cfg.settings.meta.mode [ "facebook" "facebook-tor" "messenger" "instagram" ]; + message = '' + The option `services.mautrix-meta.instances.${name}.settings.meta.mode` has to be set + to one of: facebook, facebook-tor, messenger, instagram. + This configures the mode of the bridge. + ''; + } + { + assertion = cfg.settings.bridge.permissions != {}; + message = '' + The option `services.mautrix-meta.instances.${name}.settings.bridge.permissions` has to be set. + ''; + } + { + assertion = cfg.settings.appservice.id != ""; + message = '' + The option `services.mautrix-meta.instances.${name}.settings.appservice.id` has to be set. + ''; + } + { + assertion = cfg.settings.appservice.bot.username != ""; + message = '' + The option `services.mautrix-meta.instances.${name}.settings.appservice.bot.username` has to be set. + ''; + } + ]) enabledInstances)); + + users.users = lib.mapAttrs' (name: cfg: lib.nameValuePair "mautrix-meta-${name}" { + isSystemUser = true; + group = "mautrix-meta"; + extraGroups = [ "mautrix-meta-registration" ]; + description = "Mautrix-Meta-${name} bridge user"; + }) enabledInstances; + + users.groups.mautrix-meta = {}; + users.groups.mautrix-meta-registration = { + members = lib.lists.optional config.services.matrix-synapse.enable "matrix-synapse"; + }; + + services.matrix-synapse = lib.mkIf (config.services.matrix-synapse.enable) (let + registrationFiles = lib.attrValues + (lib.mapAttrs (name: cfg: cfg.registrationFile) registerToSynapseInstances); + in { + settings.app_service_config_files = registrationFiles; + }); + + systemd.services = lib.mkMerge [ + { + matrix-synapse = lib.mkIf (config.services.matrix-synapse.enable) (let + registrationServices = lib.attrValues + (lib.mapAttrs (name: cfg: cfg.registrationServiceUnit) registerToSynapseInstances); + in { + wants = registrationServices; + after = registrationServices; + }); + } + + (lib.mapAttrs' (name: cfg: lib.nameValuePair "${metaName name}-registration" { + description = "Mautrix-Meta registration generation service - ${metaName name}"; + + path = [ + pkgs.yq + pkgs.envsubst + upperCfg.package + ]; + + script = '' + # substitute the settings file by environment variables + # in this case read from EnvironmentFile + rm -f '${settingsFile cfg}' + old_umask=$(umask) + umask 0177 + envsubst \ + -o '${settingsFile cfg}' \ + -i '${settingsFileUnsubstituted cfg}' + + config_has_tokens=$(yq '.appservice | has("as_token") and has("hs_token")' '${settingsFile cfg}') + registration_already_exists=$([[ -f '${cfg.registrationFile}' ]] && echo "true" || echo "false") + + echo "There are tokens in the config: $config_has_tokens" + echo "Registration already existed: $registration_already_exists" + + # tokens not configured from config/environment file, and registration file + # is already generated, override tokens in config to make sure they are not lost + if [[ $config_has_tokens == "false" && $registration_already_exists == "true" ]]; then + echo "Copying as_token, hs_token from registration into configuration" + yq -sY '.[0].appservice.as_token = .[1].as_token + | .[0].appservice.hs_token = .[1].hs_token + | .[0]' '${settingsFile cfg}' '${cfg.registrationFile}' \ + > '${settingsFile cfg}.tmp' + mv '${settingsFile cfg}.tmp' '${settingsFile cfg}' + fi + + # make sure --generate-registration does not affect config.yaml + cp '${settingsFile cfg}' '${settingsFile cfg}.tmp' + + echo "Generating registration file" + mautrix-meta \ + --generate-registration \ + --config='${settingsFile cfg}.tmp' \ + --registration='${cfg.registrationFile}' + + rm '${settingsFile cfg}.tmp' + + # no tokens configured, and new were just generated by generate registration for first time + if [[ $config_has_tokens == "false" && $registration_already_exists == "false" ]]; then + echo "Copying newly generated as_token, hs_token from registration into configuration" + yq -sY '.[0].appservice.as_token = .[1].as_token + | .[0].appservice.hs_token = .[1].hs_token + | .[0]' '${settingsFile cfg}' '${cfg.registrationFile}' \ + > '${settingsFile cfg}.tmp' + mv '${settingsFile cfg}.tmp' '${settingsFile cfg}' + fi + + # Make sure correct tokens are in the registration file + if [[ $config_has_tokens == "true" || $registration_already_exists == "true" ]]; then + echo "Copying as_token, hs_token from configuration to the registration file" + yq -sY '.[1].as_token = .[0].appservice.as_token + | .[1].hs_token = .[0].appservice.hs_token + | .[1]' '${settingsFile cfg}' '${cfg.registrationFile}' \ + > '${cfg.registrationFile}.tmp' + mv '${cfg.registrationFile}.tmp' '${cfg.registrationFile}' + fi + + umask $old_umask + + chown :mautrix-meta-registration '${cfg.registrationFile}' + chmod 640 '${cfg.registrationFile}' + ''; + + serviceConfig = { + Type = "oneshot"; + UMask = 0027; + + User = "mautrix-meta-${name}"; + Group = "mautrix-meta"; + + SystemCallFilter = [ "@system-service" ]; + + ProtectSystem = "strict"; + ProtectHome = true; + + ReadWritePaths = fullDataDir cfg; + StateDirectory = cfg.dataDir; + EnvironmentFile = cfg.environmentFile; + }; + + restartTriggers = [ (settingsFileUnsubstituted cfg) ]; + }) enabledInstances) + + (lib.mapAttrs' (name: cfg: lib.nameValuePair "${metaName name}" { + description = "Mautrix-Meta bridge - ${metaName name}"; + wantedBy = [ "multi-user.target" ]; + wants = [ "network-online.target" ] ++ cfg.serviceDependencies; + after = [ "network-online.target" ] ++ cfg.serviceDependencies; + + serviceConfig = { + Type = "simple"; + + User = "mautrix-meta-${name}"; + Group = "mautrix-meta"; + PrivateUsers = true; + + LockPersonality = true; + MemoryDenyWriteExecute = true; + NoNewPrivileges = true; + PrivateDevices = true; + PrivateTmp = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectSystem = "strict"; + Restart = "on-failure"; + RestartSec = "30s"; + RestrictRealtime = true; + RestrictSUIDSGID = true; + SystemCallArchitectures = "native"; + SystemCallErrorNumber = "EPERM"; + SystemCallFilter = ["@system-service"]; + UMask = 0027; + + WorkingDirectory = fullDataDir cfg; + ReadWritePaths = fullDataDir cfg; + StateDirectory = cfg.dataDir; + EnvironmentFile = cfg.environmentFile; + + ExecStart = lib.escapeShellArgs [ + (lib.getExe upperCfg.package) + "--config=${settingsFile cfg}" + ]; + }; + restartTriggers = [ (settingsFileUnsubstituted cfg) ]; + }) enabledInstances) + ]; + }) + { + services.mautrix-meta.instances = let + inherit (lib.modules) mkDefault; + in { + instagram = { + settings = { + meta.mode = mkDefault "instagram"; + + bridge = { + username_template = mkDefault "instagram_{{.}}"; + }; + + appservice = { + id = mkDefault "instagram"; + port = mkDefault 29320; + bot = { + username = mkDefault "instagrambot"; + displayname = mkDefault "Instagram bridge bot"; + avatar = mkDefault "mxc://maunium.net/JxjlbZUlCPULEeHZSwleUXQv"; + }; + }; + }; + }; + facebook = { + settings = { + meta.mode = mkDefault "facebook"; + + bridge = { + username_template = mkDefault "facebook_{{.}}"; + }; + + appservice = { + id = mkDefault "facebook"; + port = mkDefault 29321; + bot = { + username = mkDefault "facebookbot"; + displayname = mkDefault "Facebook bridge bot"; + avatar = mkDefault "mxc://maunium.net/ygtkteZsXnGJLJHRchUwYWak"; + }; + }; + }; + }; + }; + } + ]; + + meta.maintainers = with lib.maintainers; [ rutherther ]; +} diff --git a/nixpkgs/nixos/modules/services/matrix/mautrix-telegram.nix b/nixpkgs/nixos/modules/services/matrix/mautrix-telegram.nix index 168c8bf436ac..a1ffaf9debe5 100644 --- a/nixpkgs/nixos/modules/services/matrix/mautrix-telegram.nix +++ b/nixpkgs/nixos/modules/services/matrix/mautrix-telegram.nix @@ -13,7 +13,7 @@ let in { options = { services.mautrix-telegram = { - enable = mkEnableOption (lib.mdDoc "Mautrix-Telegram, a Matrix-Telegram hybrid puppeting/relaybot bridge"); + enable = mkEnableOption "Mautrix-Telegram, a Matrix-Telegram hybrid puppeting/relaybot bridge"; settings = mkOption rec { apply = recursiveUpdate default; @@ -85,7 +85,7 @@ in { }; } ''; - description = lib.mdDoc '' + description = '' {file}`config.yaml` configuration as a Nix attribute set. Configuration options should match those described in [example-config.yaml](https://github.com/mautrix/telegram/blob/master/mautrix_telegram/example-config.yaml). @@ -98,7 +98,7 @@ in { environmentFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' File containing environment variables to be passed to the mautrix-telegram service, in which secret tokens can be specified securely by defining values for e.g. `MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN`, @@ -126,7 +126,7 @@ in { defaultText = literalExpression '' optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit ''; - description = lib.mdDoc '' + description = '' List of Systemd services to require and wait for when starting the application service. ''; }; diff --git a/nixpkgs/nixos/modules/services/matrix/mautrix-whatsapp.nix b/nixpkgs/nixos/modules/services/matrix/mautrix-whatsapp.nix index 4b561a4b07a3..31f64c16d791 100644 --- a/nixpkgs/nixos/modules/services/matrix/mautrix-whatsapp.nix +++ b/nixpkgs/nixos/modules/services/matrix/mautrix-whatsapp.nix @@ -47,12 +47,12 @@ in { options.services.mautrix-whatsapp = { - enable = lib.mkEnableOption (lib.mdDoc "mautrix-whatsapp, a puppeting/relaybot bridge between Matrix and WhatsApp."); + enable = lib.mkEnableOption "mautrix-whatsapp, a puppeting/relaybot bridge between Matrix and WhatsApp."; settings = lib.mkOption { type = settingsFormat.type; default = defaultConfig; - description = lib.mdDoc '' + description = '' {file}`config.yaml` configuration as a Nix attribute set. Configuration options should match those described in [example-config.yaml](https://github.com/mautrix/whatsapp/blob/master/example-config.yaml). @@ -91,7 +91,7 @@ in { environmentFile = lib.mkOption { type = lib.types.nullOr lib.types.path; default = null; - description = lib.mdDoc '' + description = '' File containing environment variables to be passed to the mautrix-whatsapp service, in which secret tokens can be specified securely by optionally defining a value for `MAUTRIX_WHATSAPP_BRIDGE_LOGIN_SHARED_SECRET`. @@ -104,7 +104,7 @@ in { defaultText = lib.literalExpression '' optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnits ''; - description = lib.mdDoc '' + description = '' List of Systemd services to require and wait for when starting the application service. ''; }; diff --git a/nixpkgs/nixos/modules/services/matrix/mjolnir.nix b/nixpkgs/nixos/modules/services/matrix/mjolnir.nix index 4e9a915c23c7..d01c058e7396 100644 --- a/nixpkgs/nixos/modules/services/matrix/mjolnir.nix +++ b/nixpkgs/nixos/modules/services/matrix/mjolnir.nix @@ -65,12 +65,12 @@ let in { options.services.mjolnir = { - enable = mkEnableOption (lib.mdDoc "Mjolnir, a moderation tool for Matrix"); + enable = mkEnableOption "Mjolnir, a moderation tool for Matrix"; homeserverUrl = mkOption { type = types.str; default = "https://matrix.org"; - description = lib.mdDoc '' + description = '' Where the homeserver is located (client-server URL). If `pantalaimon.enable` is `true`, this option will become the homeserver to which `pantalaimon` connects. @@ -81,13 +81,13 @@ in accessTokenFile = mkOption { type = with types; nullOr path; default = null; - description = lib.mdDoc '' + description = '' File containing the matrix access token for the `mjolnir` user. ''; }; pantalaimon = mkOption { - description = lib.mdDoc '' + description = '' `pantalaimon` options (enables E2E Encryption support). This will create a `pantalaimon` instance with the name "mjolnir". @@ -95,20 +95,20 @@ in default = { }; type = types.submodule { options = { - enable = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption '' ignoring the accessToken. If true, accessToken is ignored and the username/password below will be used instead. The access token of the bot will be stored in the dataPath - ''); + ''; username = mkOption { type = types.str; - description = lib.mdDoc "The username to login with."; + description = "The username to login with."; }; passwordFile = mkOption { type = with types; nullOr path; default = null; - description = lib.mdDoc '' + description = '' File containing the matrix password for the `mjolnir` user. ''; }; @@ -116,7 +116,7 @@ in options = mkOption { type = types.submodule (import ./pantalaimon-options.nix); default = { }; - description = lib.mdDoc '' + description = '' passthrough additional options to the `pantalaimon` service. ''; }; @@ -127,7 +127,7 @@ in dataPath = mkOption { type = types.path; default = "/var/lib/mjolnir"; - description = lib.mdDoc '' + description = '' The directory the bot should store various bits of information in. ''; }; @@ -135,7 +135,7 @@ in managementRoom = mkOption { type = types.str; default = "#moderators:example.org"; - description = lib.mdDoc '' + description = '' The room ID where people can use the bot. The bot has no access controls, so anyone in this room can use the bot - secure your room! This should be a room alias or room ID - not a matrix.to URL. @@ -152,7 +152,7 @@ in "https://matrix.to/#/#anotherroom:example.org" ] ''; - description = lib.mdDoc '' + description = '' A list of rooms to protect (matrix.to URLs). ''; }; @@ -166,7 +166,7 @@ in automaticallyRedactForReasons = [ "spam" "advertising" ]; } ''; - description = lib.mdDoc '' + description = '' Additional settings (see [mjolnir default config](https://github.com/matrix-org/mjolnir/blob/main/config/default.yaml) for available settings). These settings will override settings made by the module config. ''; }; diff --git a/nixpkgs/nixos/modules/services/matrix/mx-puppet-discord.nix b/nixpkgs/nixos/modules/services/matrix/mx-puppet-discord.nix index 70828804b556..2b3a46193177 100644 --- a/nixpkgs/nixos/modules/services/matrix/mx-puppet-discord.nix +++ b/nixpkgs/nixos/modules/services/matrix/mx-puppet-discord.nix @@ -12,10 +12,10 @@ let in { options = { services.mx-puppet-discord = { - enable = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption '' mx-puppet-discord is a discord puppeting bridge for matrix. It handles bridging private and group DMs, as well as Guilds (servers) - ''); + ''; settings = mkOption rec { apply = recursiveUpdate default; @@ -57,7 +57,7 @@ in { relay.whitelist = [ "@.*:example.com" ]; } ''; - description = lib.mdDoc '' + description = '' {file}`config.yaml` configuration as a Nix attribute set. Configuration options should match those described in [ @@ -70,7 +70,7 @@ in { defaultText = literalExpression '' optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit ''; - description = lib.mdDoc '' + description = '' List of Systemd services to require and wait for when starting the application service. ''; }; diff --git a/nixpkgs/nixos/modules/services/matrix/pantalaimon-options.nix b/nixpkgs/nixos/modules/services/matrix/pantalaimon-options.nix index 3945a70fc86b..4243513788b5 100644 --- a/nixpkgs/nixos/modules/services/matrix/pantalaimon-options.nix +++ b/nixpkgs/nixos/modules/services/matrix/pantalaimon-options.nix @@ -6,7 +6,7 @@ with lib; dataPath = mkOption { type = types.path; default = "/var/lib/pantalaimon-${name}"; - description = lib.mdDoc '' + description = '' The directory where `pantalaimon` should store its state such as the database file. ''; }; @@ -14,7 +14,7 @@ with lib; logLevel = mkOption { type = types.enum [ "info" "warning" "error" "debug" ]; default = "warning"; - description = lib.mdDoc '' + description = '' Set the log level of the daemon. ''; }; @@ -22,7 +22,7 @@ with lib; homeserver = mkOption { type = types.str; example = "https://matrix.org"; - description = lib.mdDoc '' + description = '' The URI of the homeserver that the `pantalaimon` proxy should forward requests to, without the matrix API path but including the http(s) schema. @@ -32,7 +32,7 @@ with lib; ssl = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether or not SSL verification should be enabled for outgoing connections to the homeserver. ''; @@ -41,7 +41,7 @@ with lib; listenAddress = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc '' + description = '' The address where the daemon will listen to client connections for this homeserver. ''; @@ -50,7 +50,7 @@ with lib; listenPort = mkOption { type = types.port; default = 8009; - description = lib.mdDoc '' + description = '' The port where the daemon will listen to client connections for this homeserver. Note that the listen address/port combination needs to be unique between different homeservers. @@ -60,7 +60,7 @@ with lib; extraSettings = mkOption { type = types.attrs; default = { }; - description = lib.mdDoc '' + description = '' Extra configuration options. See [pantalaimon(5)](https://github.com/matrix-org/pantalaimon/blob/master/docs/man/pantalaimon.5.md) for available options. diff --git a/nixpkgs/nixos/modules/services/matrix/pantalaimon.nix b/nixpkgs/nixos/modules/services/matrix/pantalaimon.nix index 591ba9a7ab55..6f3fefdb3430 100644 --- a/nixpkgs/nixos/modules/services/matrix/pantalaimon.nix +++ b/nixpkgs/nixos/modules/services/matrix/pantalaimon.nix @@ -51,7 +51,7 @@ in options.services.pantalaimon-headless.instances = mkOption { default = { }; type = types.attrsOf (types.submodule (import ./pantalaimon-options.nix)); - description = lib.mdDoc '' + description = '' Declarative instance config. Note: to use pantalaimon interactively, e.g. for a Matrix client which does not diff --git a/nixpkgs/nixos/modules/services/matrix/synapse.md b/nixpkgs/nixos/modules/services/matrix/synapse.md index 7f6587ce09df..0ce13550d5b2 100644 --- a/nixpkgs/nixos/modules/services/matrix/synapse.md +++ b/nixpkgs/nixos/modules/services/matrix/synapse.md @@ -18,7 +18,27 @@ around Matrix. [Synapse](https://github.com/element-hq/synapse) is the reference homeserver implementation of Matrix from the core development -team at matrix.org. The following configuration example will set up a +team at matrix.org. + +Before deploying synapse server, a postgresql database must be set up. +For that, please make sure that postgresql is running and the following +SQL statements to create a user & database called `matrix-synapse` were +executed before synapse starts up: + +```sql +CREATE ROLE "matrix-synapse"; +CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; +``` + +Usually, it's sufficient to do this once manually before +continuing with the installation. + +Please make sure to set a different password. + +The following configuration example will set up a synapse server for the `example.org` domain, served from the host `myhostname.example.org`. For more information, please refer to the @@ -41,13 +61,6 @@ in { networking.firewall.allowedTCPPorts = [ 80 443 ]; services.postgresql.enable = true; - services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" '' - CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; - CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - ''; services.nginx = { enable = true; diff --git a/nixpkgs/nixos/modules/services/matrix/synapse.nix b/nixpkgs/nixos/modules/services/matrix/synapse.nix index 7291c0fcbcdd..bc88fb53012b 100644 --- a/nixpkgs/nixos/modules/services/matrix/synapse.nix +++ b/nixpkgs/nixos/modules/services/matrix/synapse.nix @@ -219,7 +219,7 @@ in { type = types.nullOr types.port; default = null; example = 8448; - description = lib.mdDoc '' + description = '' The port to listen for HTTP(S) requests on. ''; }; @@ -245,7 +245,7 @@ in { "0.0.0.0" ] ''; - description = lib.mdDoc '' + description = '' IP addresses to bind the listener to. ''; }; @@ -288,7 +288,7 @@ in { ]; default = "http"; example = "metrics"; - description = lib.mdDoc '' + description = '' The type of the listener, usually http. ''; }; @@ -303,7 +303,7 @@ in { Enabled for the main instance listener, unless it is configured with a UNIX domain socket path. ''; example = false; - description = lib.mdDoc '' + description = '' Whether to enable TLS on the listener socket. ::: {.note} @@ -319,7 +319,7 @@ in { Enabled if the listener is configured with a UNIX domain socket path ''; example = true; - description = lib.mdDoc '' + description = '' Use the X-Forwarded-For (XFF) header as the client IP and not the actual client IP. ''; @@ -341,7 +341,7 @@ in { "replication" "static" ]); - description = lib.mdDoc '' + description = '' List of resources to host on this listener. ''; example = [ @@ -351,7 +351,7 @@ in { compress = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether synapse should compress HTTP responses to clients that support it. This should be disabled if running synapse behind a load balancer that can do automatic compression. @@ -359,7 +359,7 @@ in { }; }; }); - description = lib.mdDoc '' + description = '' List of HTTP resources to serve on this listener. ''; }; @@ -367,7 +367,7 @@ in { }); in { services.matrix-synapse = { - enable = mkEnableOption (lib.mdDoc "matrix.org synapse"); + enable = mkEnableOption "matrix.org synapse, the reference homeserver"; enableRegistrationScript = mkOption { type = types.bool; @@ -389,7 +389,7 @@ in { serviceUnit = lib.mkOption { type = lib.types.str; readOnly = true; - description = lib.mdDoc '' + description = '' The systemd unit (a service or a target) for other services to depend on if they need to be started after matrix-synapse. @@ -401,7 +401,7 @@ in { configFile = mkOption { type = types.path; readOnly = true; - description = lib.mdDoc '' + description = '' Path to the configuration file on the target system. Useful to configure e.g. workers that also need this. ''; @@ -410,7 +410,7 @@ in { package = mkOption { type = types.package; readOnly = true; - description = lib.mdDoc '' + description = '' Reference to the `matrix-synapse` wrapper with all extras (e.g. for `oidc` or `saml2`) added to the `PYTHONPATH` of all executables. @@ -445,7 +445,7 @@ in { "user-search" # Support internationalized domain names in user-search ] ''; - description = lib.mdDoc '' + description = '' Explicitly install extras provided by matrix-synapse. Most will require some additional configuration. @@ -467,7 +467,7 @@ in { matrix-synapse-pam ]; ''; - description = lib.mdDoc '' + description = '' List of additional Matrix plugins to make available. ''; }; @@ -475,7 +475,7 @@ in { withJemalloc = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to preload jemalloc to reduce memory fragmentation and overall usage. ''; }; @@ -483,7 +483,7 @@ in { dataDir = mkOption { type = types.str; default = "/var/lib/matrix-synapse"; - description = lib.mdDoc '' + description = '' The directory where matrix-synapse stores its stateful data such as certificates, media and uploads. ''; @@ -492,7 +492,7 @@ in { log = mkOption { type = types.attrsOf format.type; defaultText = literalExpression defaultCommonLogConfigText; - description = mdDoc '' + description = '' Default configuration for the loggers used by `matrix-synapse` and its workers. The defaults are added with the default priority which means that these will be merged with additional declarations. These additional @@ -534,7 +534,7 @@ in { settings = mkOption { default = { }; - description = mdDoc '' + description = '' The primary synapse configuration. See the [sample configuration](https://github.com/element-hq/synapse/blob/v${pkgs.matrix-synapse-unwrapped.version}/docs/sample_config.yaml) for possible values. @@ -553,7 +553,7 @@ in { example = "example.com"; default = config.networking.hostName; defaultText = literalExpression "config.networking.hostName"; - description = lib.mdDoc '' + description = '' The domain name of the server, with optional explicit port. This is used by remote servers to look up the server address. This is also the last part of your UserID. @@ -565,7 +565,7 @@ in { enable_registration = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable registration for new users. ''; }; @@ -573,7 +573,7 @@ in { registration_shared_secret = mkOption { type = types.nullOr types.str; default = null; - description = mdDoc '' + description = '' If set, allows registration by anyone who also has the shared secret, even if registration is otherwise disabled. @@ -584,7 +584,7 @@ in { macaroon_secret_key = mkOption { type = types.nullOr types.str; default = null; - description = mdDoc '' + description = '' Secret key for authentication tokens. If none is specified, the registration_shared_secret is used, if one is given; otherwise, a secret key is derived from the signing key. @@ -596,7 +596,7 @@ in { enable_metrics = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable collection and rendering of performance metrics ''; }; @@ -604,7 +604,7 @@ in { report_stats = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether or not to report anonymized homeserver usage statistics. ''; }; @@ -612,7 +612,7 @@ in { signing_key_path = mkOption { type = types.path; default = "${cfg.dataDir}/homeserver.signing.key"; - description = lib.mdDoc '' + description = '' Path to the signing key to sign messages with. ''; }; @@ -621,7 +621,7 @@ in { type = types.path; default = "/run/matrix-synapse.pid"; readOnly = true; - description = lib.mdDoc '' + description = '' The file to store the PID in. ''; }; @@ -630,7 +630,7 @@ in { type = types.path; default = genLogConfigFile "synapse"; defaultText = logConfigText "synapse"; - description = lib.mdDoc '' + description = '' The file that holds the logging configuration. ''; }; @@ -641,7 +641,7 @@ in { then "${cfg.dataDir}/media_store" else "${cfg.dataDir}/media"; defaultText = "${cfg.dataDir}/media_store for when system.stateVersion is at least 22.05, ${cfg.dataDir}/media when lower than 22.05"; - description = lib.mdDoc '' + description = '' Directory where uploaded images and attachments are stored. ''; }; @@ -650,7 +650,7 @@ in { type = types.nullOr types.str; default = null; example = "https://example.com:8448/"; - description = lib.mdDoc '' + description = '' The public-facing base URL for the client API (not including _matrix/...) ''; }; @@ -659,7 +659,7 @@ in { type = types.nullOr types.str; default = null; example = "/var/lib/acme/example.com/fullchain.pem"; - description = lib.mdDoc '' + description = '' PEM encoded X509 certificate for TLS. You can replace the self-signed certificate that synapse autogenerates on launch with your own SSL certificate + key pair @@ -672,7 +672,7 @@ in { type = types.nullOr types.str; default = null; example = "/var/lib/acme/example.com/key.pem"; - description = lib.mdDoc '' + description = '' PEM encoded private key for TLS. Specify null if synapse is not speaking TLS directly. ''; @@ -682,7 +682,7 @@ in { type = types.bool; default = true; example = false; - description = lib.mdDoc '' + description = '' Whether to enable presence tracking. Presence tracking allows users to see the state (e.g online/offline) @@ -713,7 +713,7 @@ in { compress = false; }]; }; - description = lib.mdDoc '' + description = '' List of ports that Synapse should listen on, their purpose and their configuration. By default, synapse will be configured for client and federation traffic on port 8008, and @@ -735,7 +735,7 @@ in { then "psycopg2" else "sqlite3" ''; - description = lib.mdDoc '' + description = '' The database engine name. Can be sqlite3 or psycopg2. ''; }; @@ -752,7 +752,7 @@ in { psycopg2 = "matrix-synapse"; }.''${${options.services.matrix-synapse.settings}.database.name}; ''; - description = lib.mdDoc '' + description = '' Name of the database when using the psycopg2 backend, path to the database location when using sqlite3. ''; @@ -770,7 +770,7 @@ in { psycopg2 = "matrix-synapse"; }.''${cfg.settings.database.name}; ''; - description = lib.mdDoc '' + description = '' Username to connect with psycopg2, set to null when using sqlite3. ''; @@ -780,7 +780,7 @@ in { type = types.bool; default = true; example = false; - description = lib.mdDoc '' + description = '' Is the preview URL API enabled? If enabled, you *must* specify an explicit url_preview_ip_range_blacklist of IPs that the spider is denied from accessing. @@ -810,7 +810,7 @@ in { "fec0::/10" "ff00::/8" ]; - description = lib.mdDoc '' + description = '' List of IP address CIDR ranges that the URL preview spider is denied from accessing. ''; @@ -819,7 +819,7 @@ in { url_preview_ip_range_whitelist = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc '' + description = '' List of IP address CIDR ranges that the URL preview spider is allowed to access even if they are specified in url_preview_ip_range_blacklist. ''; @@ -847,7 +847,7 @@ in { { netloc = "www.acme.com"; path = "/foo"; } # block http(s)://www.acme.com/foo ] ''; - description = lib.mdDoc '' + description = '' Optional list of URL matches that the URL preview spider is denied from accessing. ''; @@ -857,7 +857,7 @@ in { type = types.str; default = "50M"; example = "100M"; - description = lib.mdDoc '' + description = '' The largest allowed upload size in bytes ''; }; @@ -866,7 +866,7 @@ in { type = types.str; default = "32M"; example = "64M"; - description = lib.mdDoc '' + description = '' Maximum number of pixels that will be thumbnailed ''; }; @@ -875,7 +875,7 @@ in { type = types.bool; default = false; example = true; - description = lib.mdDoc '' + description = '' Whether to generate new thumbnails on the fly to precisely match the resolution requested by the client. If true then whenever a new resolution is requested by the client the server will @@ -893,7 +893,7 @@ in { "turns:turn.example.com:5349?transport=udp" "turns:turn.example.com:5349?transport=tcp" ]; - description = lib.mdDoc '' + description = '' The public URIs of the TURN server to give to clients ''; }; @@ -903,7 +903,7 @@ in { example = literalExpression '' config.services.coturn.static-auth-secret ''; - description = mdDoc '' + description = '' The shared secret used to compute passwords for the TURN server. Secrets should be passed in via `extraConfigFiles`! @@ -917,7 +917,7 @@ in { server_name = mkOption { type = types.str; example = "matrix.org"; - description = lib.mdDoc '' + description = '' Hostname of the trusted server. ''; }; @@ -929,7 +929,7 @@ in { "ed25519:auto" = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"; }; }]; - description = lib.mdDoc '' + description = '' The trusted servers to download signing keys from. ''; }; @@ -937,7 +937,7 @@ in { app_service_config_files = mkOption { type = types.listOf types.path; default = [ ]; - description = lib.mdDoc '' + description = '' A list of application service config file to use ''; }; @@ -949,14 +949,14 @@ in { enabled = lib.mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to use redis support ''; }; }; }; default = { }; - description = lib.mdDoc '' + description = '' Redis configuration for synapse. See the @@ -970,7 +970,7 @@ in { workers = lib.mkOption { default = { }; - description = lib.mdDoc '' + description = '' Options for configuring workers. Worker support will be enabled if at least one worker is configured here. See the [worker documention](https://element-hq.github.io/synapse/latest/workers.html#worker-configuration) @@ -1007,7 +1007,7 @@ in { worker_listeners = lib.mkOption { default = [ ]; type = types.listOf (listenerType true); - description = lib.mdDoc '' + description = '' List of ports that this worker should listen on, their purpose and their configuration. ''; }; @@ -1015,7 +1015,7 @@ in { type = types.path; default = genLogConfigFile "synapse-${name}"; defaultText = logConfigText "synapse-${name}"; - description = lib.mdDoc '' + description = '' The file for log configuration. See the [python documentation](https://docs.python.org/3/library/logging.config.html#configuration-dictionary-schema) @@ -1050,7 +1050,7 @@ in { extraConfigFiles = mkOption { type = types.listOf types.path; default = [ ]; - description = lib.mdDoc '' + description = '' Extra config files to include. The configuration files will be included based on the command line @@ -1063,7 +1063,7 @@ in { configureRedisLocally = lib.mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to automatically configure a local redis server for matrix-synapse. ''; }; diff --git a/nixpkgs/nixos/modules/services/misc/airsonic.nix b/nixpkgs/nixos/modules/services/misc/airsonic.nix index 6ba6ff5ca3cb..6095268eb960 100644 --- a/nixpkgs/nixos/modules/services/misc/airsonic.nix +++ b/nixpkgs/nixos/modules/services/misc/airsonic.nix @@ -9,18 +9,18 @@ in { options = { services.airsonic = { - enable = mkEnableOption (lib.mdDoc "Airsonic, the Free and Open Source media streaming server (fork of Subsonic and Libresonic)"); + enable = mkEnableOption "Airsonic, the Free and Open Source media streaming server (fork of Subsonic and Libresonic)"; user = mkOption { type = types.str; default = "airsonic"; - description = lib.mdDoc "User account under which airsonic runs."; + description = "User account under which airsonic runs."; }; home = mkOption { type = types.path; default = "/var/lib/airsonic"; - description = lib.mdDoc '' + description = '' The directory where Airsonic will create files. Make sure it is writable. ''; @@ -29,7 +29,7 @@ in { virtualHost = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Name of the nginx virtualhost to use and setup. If null, do not setup any virtualhost. ''; }; @@ -37,7 +37,7 @@ in { listenAddress = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc '' + description = '' The host name or IP address on which to bind Airsonic. The default value is appropriate for first launch, when the default credentials are easy to guess. It is also appropriate @@ -50,7 +50,7 @@ in { port = mkOption { type = types.port; default = 4040; - description = lib.mdDoc '' + description = '' The port on which Airsonic will listen for incoming HTTP traffic. Set to 0 to disable. ''; @@ -59,7 +59,7 @@ in { contextPath = mkOption { type = types.path; default = "/"; - description = lib.mdDoc '' + description = '' The context path, i.e., the last part of the Airsonic URL. Typically '/' or '/airsonic'. Default '/' ''; @@ -68,7 +68,7 @@ in { maxMemory = mkOption { type = types.int; default = 100; - description = lib.mdDoc '' + description = '' The memory limit (max Java heap size) in megabytes. Default: 100 ''; @@ -78,7 +78,7 @@ in { type = types.listOf types.path; default = [ "${pkgs.ffmpeg.bin}/bin/ffmpeg" ]; defaultText = literalExpression ''[ "''${pkgs.ffmpeg.bin}/bin/ffmpeg" ]''; - description = lib.mdDoc '' + description = '' List of paths to transcoder executables that should be accessible from Airsonic. Symlinks will be created to each executable inside ''${config.${opt.home}}/transcoders. @@ -98,11 +98,11 @@ in { type = types.path; default = "${pkgs.airsonic}/webapps/airsonic.war"; defaultText = literalExpression ''"''${pkgs.airsonic}/webapps/airsonic.war"''; - description = lib.mdDoc "Airsonic war file to use."; + description = "Airsonic war file to use."; }; jvmOptions = mkOption { - description = lib.mdDoc '' + description = '' Extra command line options for the JVM running AirSonic. Useful for sending jukebox output to non-default alsa devices. diff --git a/nixpkgs/nixos/modules/services/misc/amazon-ssm-agent.nix b/nixpkgs/nixos/modules/services/misc/amazon-ssm-agent.nix index 89a1c0766510..9ab4a7f96d08 100644 --- a/nixpkgs/nixos/modules/services/misc/amazon-ssm-agent.nix +++ b/nixpkgs/nixos/modules/services/misc/amazon-ssm-agent.nix @@ -27,11 +27,11 @@ in { ]; options.services.amazon-ssm-agent = { - enable = mkEnableOption (lib.mdDoc "Amazon SSM agent"); + enable = mkEnableOption "Amazon SSM agent"; package = mkOption { type = types.path; - description = lib.mdDoc "The Amazon SSM agent package to use"; + description = "The Amazon SSM agent package to use"; default = pkgs.amazon-ssm-agent.override { overrideEtc = false; }; defaultText = literalExpression "pkgs.amazon-ssm-agent.override { overrideEtc = false; }"; }; diff --git a/nixpkgs/nixos/modules/services/misc/ananicy.nix b/nixpkgs/nixos/modules/services/misc/ananicy.nix index 01e1053c9e0e..f7ab41fcce61 100644 --- a/nixpkgs/nixos/modules/services/misc/ananicy.nix +++ b/nixpkgs/nixos/modules/services/misc/ananicy.nix @@ -13,7 +13,7 @@ in { options = { services.ananicy = { - enable = mkEnableOption (lib.mdDoc "Ananicy, an auto nice daemon"); + enable = mkEnableOption "Ananicy, an auto nice daemon"; package = mkPackageOption pkgs "ananicy" { example = "ananicy-cpp"; @@ -22,7 +22,7 @@ in rulesProvider = mkPackageOption pkgs "ananicy" { example = "ananicy-cpp"; } // { - description = lib.mdDoc '' + description = '' Which package to copy default rules,types,cgroups from. ''; }; @@ -33,7 +33,7 @@ in example = { apply_nice = false; }; - description = lib.mdDoc '' + description = '' See <https://github.com/Nefelim4ag/Ananicy/blob/master/ananicy.d/ananicy.conf> ''; }; @@ -41,7 +41,7 @@ in extraRules = mkOption { type = with types; listOf attrs; default = [ ]; - description = lib.mdDoc '' + description = '' Rules to write in 'nixRules.rules'. See: <https://github.com/Nefelim4ag/Ananicy#configuration> <https://gitlab.com/ananicy-cpp/ananicy-cpp/#global-configuration> @@ -54,7 +54,7 @@ in extraTypes = mkOption { type = with types; listOf attrs; default = [ ]; - description = lib.mdDoc '' + description = '' Types to write in 'nixTypes.types'. See: <https://gitlab.com/ananicy-cpp/ananicy-cpp/#types> ''; @@ -66,7 +66,7 @@ in extraCgroups = mkOption { type = with types; listOf attrs; default = [ ]; - description = lib.mdDoc '' + description = '' Cgroups to write in 'nixCgroups.cgroups'. See: <https://gitlab.com/ananicy-cpp/ananicy-cpp/#cgroups> ''; diff --git a/nixpkgs/nixos/modules/services/misc/ankisyncd.nix b/nixpkgs/nixos/modules/services/misc/ankisyncd.nix index f5acfbb0ee96..b999b02534e7 100644 --- a/nixpkgs/nixos/modules/services/misc/ankisyncd.nix +++ b/nixpkgs/nixos/modules/services/misc/ankisyncd.nix @@ -22,26 +22,26 @@ let in { options.services.ankisyncd = { - enable = mkEnableOption (lib.mdDoc "ankisyncd"); + enable = mkEnableOption "ankisyncd, a standalone unofficial anky sync server"; package = mkPackageOption pkgs "ankisyncd" { }; host = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc "ankisyncd host"; + description = "ankisyncd host"; }; port = mkOption { type = types.port; default = 27701; - description = lib.mdDoc "ankisyncd port"; + description = "ankisyncd port"; }; openFirewall = mkOption { default = false; type = types.bool; - description = lib.mdDoc "Whether to open the firewall for the specified port."; + description = "Whether to open the firewall for the specified port."; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/apache-kafka.nix b/nixpkgs/nixos/modules/services/misc/apache-kafka.nix index b7281a0d9d5f..d1a3d92f2e22 100644 --- a/nixpkgs/nixos/modules/services/misc/apache-kafka.nix +++ b/nixpkgs/nixos/modules/services/misc/apache-kafka.nix @@ -32,10 +32,10 @@ let in { options.services.apache-kafka = { - enable = mkEnableOption (lib.mdDoc "Apache Kafka event streaming broker"); + enable = mkEnableOption "Apache Kafka event streaming broker"; settings = mkOption { - description = lib.mdDoc '' + description = '' [Kafka broker configuration](https://kafka.apache.org/documentation.html#brokerconfigs) {file}`server.properties`. @@ -51,13 +51,13 @@ in { options = { "broker.id" = mkOption { - description = lib.mdDoc "Broker ID. -1 or null to auto-allocate in zookeeper mode."; + description = "Broker ID. -1 or null to auto-allocate in zookeeper mode."; default = null; type = with types; nullOr int; }; "log.dirs" = mkOption { - description = lib.mdDoc "Log file directories."; + description = "Log file directories."; # Deliberaly leave out old default and use the rewrite opportunity # to have users choose a safer value -- /tmp might be volatile and is a # slightly scary default choice. @@ -66,7 +66,7 @@ in { }; "listeners" = mkOption { - description = lib.mdDoc '' + description = '' Kafka Listener List. See [listeners](https://kafka.apache.org/documentation/#brokerconfigs_listeners). ''; @@ -78,7 +78,7 @@ in { }; clusterId = mkOption { - description = lib.mdDoc '' + description = '' KRaft mode ClusterId used for formatting log directories. Can be generated with `kafka-storage.sh random-uuid` ''; type = with types; nullOr str; @@ -86,7 +86,7 @@ in { }; configFiles.serverProperties = mkOption { - description = lib.mdDoc '' + description = '' Kafka server.properties configuration file path. Defaults to the rendered `settings`. ''; @@ -94,14 +94,14 @@ in { }; configFiles.log4jProperties = mkOption { - description = lib.mdDoc "Kafka log4j property configuration file path"; + description = "Kafka log4j property configuration file path"; type = types.path; default = pkgs.writeText "log4j.properties" cfg.log4jProperties; defaultText = ''pkgs.writeText "log4j.properties" cfg.log4jProperties''; }; formatLogDirs = mkOption { - description = lib.mdDoc '' + description = '' Whether to format log dirs in KRaft mode if all log dirs are unformatted, ie. they contain no meta.properties. ''; @@ -110,7 +110,7 @@ in { }; formatLogDirsIgnoreFormatted = mkOption { - description = lib.mdDoc '' + description = '' Whether to ignore already formatted log dirs when formatting log dirs, instead of failing. Useful when replacing or adding disks. ''; @@ -119,7 +119,7 @@ in { }; log4jProperties = mkOption { - description = lib.mdDoc "Kafka log4j property configuration."; + description = "Kafka log4j property configuration."; default = '' log4j.rootLogger=INFO, stdout @@ -131,7 +131,7 @@ in { }; jvmOptions = mkOption { - description = lib.mdDoc "Extra command line options for the JVM running Kafka."; + description = "Extra command line options for the JVM running Kafka."; default = []; type = types.listOf types.str; example = [ @@ -144,7 +144,7 @@ in { package = mkPackageOption pkgs "apacheKafka" { }; jre = mkOption { - description = lib.mdDoc "The JRE with which to run Kafka"; + description = "The JRE with which to run Kafka"; default = cfg.package.passthru.jre; defaultText = literalExpression "pkgs.apacheKafka.passthru.jre"; type = types.package; diff --git a/nixpkgs/nixos/modules/services/misc/atuin.nix b/nixpkgs/nixos/modules/services/misc/atuin.nix index 7e89929884d6..79c2c2a171e8 100644 --- a/nixpkgs/nixos/modules/services/misc/atuin.nix +++ b/nixpkgs/nixos/modules/services/misc/atuin.nix @@ -1,63 +1,63 @@ { config, pkgs, lib, ... }: let - inherit (lib) mkOption types mdDoc mkIf; + inherit (lib) mkOption types mkIf; cfg = config.services.atuin; in { options = { services.atuin = { - enable = lib.mkEnableOption (mdDoc "Atuin server for shell history sync"); + enable = lib.mkEnableOption "Atuin server for shell history sync"; package = lib.mkPackageOption pkgs "atuin" { }; openRegistration = mkOption { type = types.bool; default = false; - description = mdDoc "Allow new user registrations with the atuin server."; + description = "Allow new user registrations with the atuin server."; }; path = mkOption { type = types.str; default = ""; - description = mdDoc "A path to prepend to all the routes of the server."; + description = "A path to prepend to all the routes of the server."; }; host = mkOption { type = types.str; default = "127.0.0.1"; - description = mdDoc "The host address the atuin server should listen on."; + description = "The host address the atuin server should listen on."; }; maxHistoryLength = mkOption { type = types.int; default = 8192; - description = mdDoc "The max length of each history item the atuin server should store."; + description = "The max length of each history item the atuin server should store."; }; port = mkOption { type = types.port; default = 8888; - description = mdDoc "The port the atuin server should listen on."; + description = "The port the atuin server should listen on."; }; openFirewall = mkOption { type = types.bool; default = false; - description = mdDoc "Open ports in the firewall for the atuin server."; + description = "Open ports in the firewall for the atuin server."; }; database = { createLocally = mkOption { type = types.bool; default = true; - description = mdDoc "Create the database and database user locally."; + description = "Create the database and database user locally."; }; uri = mkOption { type = types.nullOr types.str; default = "postgresql:///atuin?host=/run/postgresql"; example = "postgresql://atuin@localhost:5432/atuin"; - description = mdDoc '' + description = '' URI to the database. Can be set to null in which case ATUIN_DB_URI should be set through an EnvironmentFile ''; diff --git a/nixpkgs/nixos/modules/services/misc/autofs.nix b/nixpkgs/nixos/modules/services/misc/autofs.nix index 723b67e8bb6b..d94fae3edebf 100644 --- a/nixpkgs/nixos/modules/services/misc/autofs.nix +++ b/nixpkgs/nixos/modules/services/misc/autofs.nix @@ -21,7 +21,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Mount filesystems on demand. Unmount them automatically. You may also be interested in afuse. ''; @@ -46,7 +46,7 @@ in /auto file:''${mapConf} ''' ''; - description = lib.mdDoc '' + description = '' Contents of `/etc/auto.master` file. See {command}`auto.master(5)` and {command}`autofs(5)`. ''; }; @@ -54,13 +54,13 @@ in timeout = mkOption { type = types.int; default = 600; - description = lib.mdDoc "Set the global minimum timeout, in seconds, until directories are unmounted"; + description = "Set the global minimum timeout, in seconds, until directories are unmounted"; }; debug = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Pass -d and -7 to automount and write log to the system journal. ''; }; diff --git a/nixpkgs/nixos/modules/services/misc/autorandr.nix b/nixpkgs/nixos/modules/services/misc/autorandr.nix index aa96acb61306..1dbfc4caa31d 100644 --- a/nixpkgs/nixos/modules/services/misc/autorandr.nix +++ b/nixpkgs/nixos/modules/services/misc/autorandr.nix @@ -27,7 +27,7 @@ let options = { fingerprint = mkOption { type = types.attrsOf types.str; - description = lib.mdDoc '' + description = '' Output name to EDID mapping. Use `autorandr --fingerprint` to get current setup values. ''; @@ -36,13 +36,13 @@ let config = mkOption { type = types.attrsOf configModule; - description = lib.mdDoc "Per output profile configuration."; + description = "Per output profile configuration."; default = { }; }; hooks = mkOption { type = hooksModule; - description = lib.mdDoc "Profile hook scripts."; + description = "Profile hook scripts."; default = { }; }; }; @@ -52,54 +52,54 @@ let options = { enable = mkOption { type = types.bool; - description = lib.mdDoc "Whether to enable the output."; + description = "Whether to enable the output."; default = true; }; crtc = mkOption { type = types.nullOr types.ints.unsigned; - description = lib.mdDoc "Output video display controller."; + description = "Output video display controller."; default = null; example = 0; }; primary = mkOption { type = types.bool; - description = lib.mdDoc "Whether output should be marked as primary"; + description = "Whether output should be marked as primary"; default = false; }; position = mkOption { type = types.str; - description = lib.mdDoc "Output position"; + description = "Output position"; default = ""; example = "5760x0"; }; mode = mkOption { type = types.str; - description = lib.mdDoc "Output resolution."; + description = "Output resolution."; default = ""; example = "3840x2160"; }; rate = mkOption { type = types.str; - description = lib.mdDoc "Output framerate."; + description = "Output framerate."; default = ""; example = "60.00"; }; gamma = mkOption { type = types.str; - description = lib.mdDoc "Output gamma configuration."; + description = "Output gamma configuration."; default = ""; example = "1.0:0.909:0.833"; }; rotate = mkOption { type = types.nullOr (types.enum [ "normal" "left" "right" "inverted" ]); - description = lib.mdDoc "Output rotate configuration."; + description = "Output rotate configuration."; default = null; example = "left"; }; @@ -114,7 +114,7 @@ let [ 0.0 0.0 1.0 ] ] ''; - description = lib.mdDoc '' + description = '' Refer to {manpage}`xrandr(1)` for the documentation of the transform matrix. @@ -123,7 +123,7 @@ let dpi = mkOption { type = types.nullOr types.ints.positive; - description = lib.mdDoc "Output DPI configuration."; + description = "Output DPI configuration."; default = null; example = 96; }; @@ -133,23 +133,23 @@ let options = { method = mkOption { type = types.enum [ "factor" "pixel" ]; - description = lib.mdDoc "Output scaling method."; + description = "Output scaling method."; default = "factor"; example = "pixel"; }; x = mkOption { type = types.either types.float types.ints.positive; - description = lib.mdDoc "Horizontal scaling factor/pixels."; + description = "Horizontal scaling factor/pixels."; }; y = mkOption { type = types.either types.float types.ints.positive; - description = lib.mdDoc "Vertical scaling factor/pixels."; + description = "Vertical scaling factor/pixels."; }; }; }); - description = lib.mdDoc '' + description = '' Output scale configuration. Either configure by pixels or a scaling factor. When using pixel method the @@ -178,19 +178,19 @@ let options = { postswitch = mkOption { type = types.attrsOf hookType; - description = lib.mdDoc "Postswitch hook executed after mode switch."; + description = "Postswitch hook executed after mode switch."; default = { }; }; preswitch = mkOption { type = types.attrsOf hookType; - description = lib.mdDoc "Preswitch hook executed before mode switch."; + description = "Preswitch hook executed before mode switch."; default = { }; }; predetect = mkOption { type = types.attrsOf hookType; - description = lib.mdDoc '' + description = '' Predetect hook executed before autorandr attempts to run xrandr. ''; default = { }; @@ -242,12 +242,12 @@ in { options = { services.autorandr = { - enable = mkEnableOption (lib.mdDoc "handling of hotplug and sleep events by autorandr"); + enable = mkEnableOption "handling of hotplug and sleep events by autorandr"; defaultTarget = mkOption { default = "default"; type = types.str; - description = lib.mdDoc '' + description = '' Fallback if no monitor layout can be detected. See the docs (https://github.com/phillipberndt/autorandr/blob/v1.0/README.md#how-to-use) for further reference. @@ -257,12 +257,18 @@ in { ignoreLid = mkOption { default = false; type = types.bool; - description = lib.mdDoc "Treat outputs as connected even if their lids are closed"; + description = "Treat outputs as connected even if their lids are closed"; + }; + + matchEdid = mkOption { + default = false; + type = types.bool; + description = "Match displays based on edid instead of name"; }; hooks = mkOption { type = hooksModule; - description = lib.mdDoc "Global hook scripts"; + description = "Global hook scripts"; default = { }; example = literalExpression '' { @@ -292,7 +298,7 @@ in { }; profiles = mkOption { type = types.attrsOf profileModule; - description = lib.mdDoc "Autorandr profiles specification."; + description = "Autorandr profiles specification."; default = { }; example = literalExpression '' { @@ -351,7 +357,8 @@ in { --batch \ --change \ --default ${cfg.defaultTarget} \ - ${optionalString cfg.ignoreLid "--ignore-lid"} + ${optionalString cfg.ignoreLid "--ignore-lid"} \ + ${optionalString cfg.matchEdid "--match-edid"} ''; Type = "oneshot"; RemainAfterExit = false; diff --git a/nixpkgs/nixos/modules/services/misc/autosuspend.nix b/nixpkgs/nixos/modules/services/misc/autosuspend.nix index 28dfa12105ec..a41ad43c4429 100644 --- a/nixpkgs/nixos/modules/services/misc/autosuspend.nix +++ b/nixpkgs/nixos/modules/services/misc/autosuspend.nix @@ -1,7 +1,7 @@ { config, pkgs, lib, ... }: let inherit (lib) mapAttrs' nameValuePair filterAttrs types mkEnableOption - mdDoc mkPackageOption mkOption literalExpression mkIf flatten + mkPackageOption mkOption literalExpression mkIf flatten maintainers attrValues; cfg = config.services.autosuspend; @@ -38,7 +38,7 @@ let checkType = types.submodule { freeformType = settingsFormat.type.nestedTypes.elemType; - options.enabled = mkEnableOption (mdDoc "this activity check") // { default = true; }; + options.enabled = mkEnableOption "this activity check" // { default = true; }; options.class = mkOption { default = null; @@ -61,7 +61,7 @@ let "XIdleTime" "XPath" ]); - description = mdDoc '' + description = '' Name of the class implementing the check. If this option is not specified, the check's name must represent a valid internal check class. ''; @@ -71,7 +71,7 @@ let wakeupType = types.submodule { freeformType = settingsFormat.type.nestedTypes.elemType; - options.enabled = mkEnableOption (mdDoc "this wake-up check") // { default = true; }; + options.enabled = mkEnableOption "this wake-up check" // { default = true; }; options.class = mkOption { default = null; @@ -84,7 +84,7 @@ let "XPath" "XPathDelta" ]); - description = mdDoc '' + description = '' Name of the class implementing the check. If this option is not specified, the check's name must represent a valid internal check class. ''; @@ -94,7 +94,7 @@ in { options = { services.autosuspend = { - enable = mkEnableOption (mdDoc "the autosuspend daemon"); + enable = mkEnableOption "the autosuspend daemon"; package = mkPackageOption pkgs "autosuspend" { }; @@ -107,7 +107,7 @@ in suspend_cmd = mkOption { default = "systemctl suspend"; type = with types; str; - description = mdDoc '' + description = '' The command to execute in case the host shall be suspended. This line can contain additional command line arguments to the command to execute. ''; @@ -115,7 +115,7 @@ in wakeup_cmd = mkOption { default = ''sh -c 'echo 0 > /sys/class/rtc/rtc0/wakealarm && echo {timestamp:.0f} > /sys/class/rtc/rtc0/wakealarm' ''; type = with types; str; - description = mdDoc '' + description = '' The command to execute for scheduling a wake up of the system. The given string is processed using Python’s `str.format()` and a format argument called `timestamp` encodes the UTC timestamp of the planned wake up time (float). Additionally `iso` @@ -132,7 +132,7 @@ in idle_time = 120; } ''; - description = mdDoc '' + description = '' Configuration for autosuspend, see <https://autosuspend.readthedocs.io/en/latest/configuration_file.html#general-configuration> for supported values. @@ -142,7 +142,7 @@ in checks = mkOption { default = { }; type = with types; attrsOf checkType; - description = mdDoc '' + description = '' Checks for activity. For more information, see: - <https://autosuspend.readthedocs.io/en/latest/configuration_file.html#activity-check-configuration> - <https://autosuspend.readthedocs.io/en/latest/available_checks.html> @@ -184,7 +184,7 @@ in wakeups = mkOption { default = { }; type = with types; attrsOf wakeupType; - description = mdDoc '' + description = '' Checks for wake up. For more information, see: - <https://autosuspend.readthedocs.io/en/latest/configuration_file.html#wake-up-check-configuration> - <https://autosuspend.readthedocs.io/en/latest/available_wakeups.html> diff --git a/nixpkgs/nixos/modules/services/misc/bazarr.nix b/nixpkgs/nixos/modules/services/misc/bazarr.nix index 07c935053591..99343a146a7a 100644 --- a/nixpkgs/nixos/modules/services/misc/bazarr.nix +++ b/nixpkgs/nixos/modules/services/misc/bazarr.nix @@ -8,30 +8,30 @@ in { options = { services.bazarr = { - enable = mkEnableOption (lib.mdDoc "bazarr, a subtitle manager for Sonarr and Radarr"); + enable = mkEnableOption "bazarr, a subtitle manager for Sonarr and Radarr"; openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Open ports in the firewall for the bazarr web interface."; + description = "Open ports in the firewall for the bazarr web interface."; }; listenPort = mkOption { type = types.port; default = 6767; - description = lib.mdDoc "Port on which the bazarr web interface should listen"; + description = "Port on which the bazarr web interface should listen"; }; user = mkOption { type = types.str; default = "bazarr"; - description = lib.mdDoc "User account under which bazarr runs."; + description = "User account under which bazarr runs."; }; group = mkOption { type = types.str; default = "bazarr"; - description = lib.mdDoc "Group under which bazarr runs."; + description = "Group under which bazarr runs."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/bcg.nix b/nixpkgs/nixos/modules/services/misc/bcg.nix index ad0b9c871342..626a67f66d08 100644 --- a/nixpkgs/nixos/modules/services/misc/bcg.nix +++ b/nixpkgs/nixos/modules/services/misc/bcg.nix @@ -25,13 +25,13 @@ in { options = { services.bcg = { - enable = mkEnableOption (mdDoc "BigClown gateway"); + enable = mkEnableOption "BigClown gateway"; package = mkPackageOption pkgs [ "python3Packages" "bcg" ] { }; environmentFiles = mkOption { type = types.listOf types.path; default = []; example = [ "/run/keys/bcg.env" ]; - description = mdDoc '' + description = '' File to load as environment file. Environment variables from this file will be interpolated into the config file using envsubst with this syntax: `$ENVIRONMENT` or `''${VARIABLE}`. @@ -41,16 +41,16 @@ in verbose = mkOption { type = types.enum ["CRITICAL" "ERROR" "WARNING" "INFO" "DEBUG"]; default = "WARNING"; - description = mdDoc "Verbosity level."; + description = "Verbosity level."; }; device = mkOption { type = types.str; - description = mdDoc "Device name to configure gateway to use."; + description = "Device name to configure gateway to use."; }; name = mkOption { type = with types; nullOr str; default = null; - description = mdDoc '' + description = '' Name for the device. Supported variables: @@ -64,78 +64,78 @@ in host = mkOption { type = types.str; default = "127.0.0.1"; - description = mdDoc "Host where MQTT server is running."; + description = "Host where MQTT server is running."; }; port = mkOption { type = types.port; default = 1883; - description = mdDoc "Port of MQTT server."; + description = "Port of MQTT server."; }; username = mkOption { type = with types; nullOr str; default = null; - description = mdDoc "MQTT server access username."; + description = "MQTT server access username."; }; password = mkOption { type = with types; nullOr str; default = null; - description = mdDoc "MQTT server access password."; + description = "MQTT server access password."; }; cafile = mkOption { type = with types; nullOr str; default = null; - description = mdDoc "Certificate Authority file for MQTT server access."; + description = "Certificate Authority file for MQTT server access."; }; certfile = mkOption { type = with types; nullOr str; default = null; - description = mdDoc "Certificate file for MQTT server access."; + description = "Certificate file for MQTT server access."; }; keyfile = mkOption { type = with types; nullOr str; default = null; - description = mdDoc "Key file for MQTT server access."; + description = "Key file for MQTT server access."; }; }; retainNodeMessages = mkOption { type = types.bool; default = false; - description = mdDoc "Specify that node messages should be retaied in MQTT broker."; + description = "Specify that node messages should be retaied in MQTT broker."; }; qosNodeMessages = mkOption { type = types.int; default = 1; - description = mdDoc "Set the guarantee of MQTT message delivery."; + description = "Set the guarantee of MQTT message delivery."; }; baseTopicPrefix = mkOption { type = types.str; default = ""; - description = mdDoc "Topic prefix added to all MQTT messages."; + description = "Topic prefix added to all MQTT messages."; }; automaticRemoveKitFromNames = mkOption { type = types.bool; default = true; - description = mdDoc "Automatically remove kits."; + description = "Automatically remove kits."; }; automaticRenameKitNodes = mkOption { type = types.bool; default = true; - description = mdDoc "Automatically rename kit's nodes."; + description = "Automatically rename kit's nodes."; }; automaticRenameGenericNodes = mkOption { type = types.bool; default = true; - description = mdDoc "Automatically rename generic nodes."; + description = "Automatically rename generic nodes."; }; automaticRenameNodes = mkOption { type = types.bool; default = true; - description = mdDoc "Automatically rename all nodes."; + description = "Automatically rename all nodes."; }; rename = mkOption { type = with types; attrsOf str; default = {}; - description = mdDoc "Rename nodes to different name."; + description = "Rename nodes to different name."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/beanstalkd.nix b/nixpkgs/nixos/modules/services/misc/beanstalkd.nix index 4262cae323b9..b8f163cbfadf 100644 --- a/nixpkgs/nixos/modules/services/misc/beanstalkd.nix +++ b/nixpkgs/nixos/modules/services/misc/beanstalkd.nix @@ -12,18 +12,18 @@ in options = { services.beanstalkd = { - enable = mkEnableOption (lib.mdDoc "the Beanstalk work queue"); + enable = mkEnableOption "the Beanstalk work queue"; listen = { port = mkOption { type = types.port; - description = lib.mdDoc "TCP port that will be used to accept client connections."; + description = "TCP port that will be used to accept client connections."; default = 11300; }; address = mkOption { type = types.str; - description = lib.mdDoc "IP address to listen on."; + description = "IP address to listen on."; default = "127.0.0.1"; example = "0.0.0.0"; }; @@ -32,7 +32,7 @@ in openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to open ports in the firewall for the server."; + description = "Whether to open ports in the firewall for the server."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/bees.nix b/nixpkgs/nixos/modules/services/misc/bees.nix index 37f90c682221..a0fd3cd43d62 100644 --- a/nixpkgs/nixos/modules/services/misc/bees.nix +++ b/nixpkgs/nixos/modules/services/misc/bees.nix @@ -11,7 +11,7 @@ let fsOptions = with types; { options.spec = mkOption { type = str; - description = lib.mdDoc '' + description = '' Description of how to identify the filesystem to be duplicated by this instance of bees. Note that deduplication crosses subvolumes; one must not configure multiple instances for subvolumes of the same filesystem @@ -28,7 +28,7 @@ let options.hashTableSizeMB = mkOption { type = types.addCheck types.int (n: mod n 16 == 0); default = 1024; # 1GB; default from upstream beesd script - description = lib.mdDoc '' + description = '' Hash table size in MB; must be a multiple of 16. A larger ratio of index size to storage size means smaller blocks of @@ -44,12 +44,12 @@ let type = types.enum (attrNames logLevels ++ attrValues logLevels); apply = v: if isString v then logLevels.${v} else v; default = "info"; - description = lib.mdDoc "Log verbosity (syslog keyword/level)."; + description = "Log verbosity (syslog keyword/level)."; }; options.workDir = mkOption { type = str; default = ".beeshome"; - description = lib.mdDoc '' + description = '' Name (relative to the root of the filesystem) of the subvolume where the hash table will be stored. ''; @@ -57,7 +57,7 @@ let options.extraOptions = mkOption { type = listOf str; default = [ ]; - description = lib.mdDoc '' + description = '' Extra command-line options passed to the daemon. See upstream bees documentation. ''; example = literalExpression '' @@ -72,7 +72,7 @@ in options.services.beesd = { filesystems = mkOption { type = with types; attrsOf (submodule fsOptions); - description = lib.mdDoc "BTRFS filesystems to run block-level deduplication on."; + description = "BTRFS filesystems to run block-level deduplication on."; default = { }; example = literalExpression '' { diff --git a/nixpkgs/nixos/modules/services/misc/bepasty.nix b/nixpkgs/nixos/modules/services/misc/bepasty.nix index 70d07629493b..fad4827c6650 100644 --- a/nixpkgs/nixos/modules/services/misc/bepasty.nix +++ b/nixpkgs/nixos/modules/services/misc/bepasty.nix @@ -13,11 +13,11 @@ let in { options.services.bepasty = { - enable = mkEnableOption (lib.mdDoc "Bepasty servers"); + enable = mkEnableOption "bepasty, a binary pastebin server"; servers = mkOption { default = {}; - description = lib.mdDoc '' + description = '' configure a number of bepasty servers which will be started with gunicorn. ''; @@ -27,7 +27,7 @@ in bind = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Bind address to be used for this server. ''; example = "0.0.0.0:8000"; @@ -36,7 +36,7 @@ in dataDir = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Path to the directory where the pastes will be saved to ''; default = default_home+"/data"; @@ -44,7 +44,7 @@ in defaultPermissions = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' default permissions for all unauthenticated accesses. ''; example = "read,create,delete"; @@ -53,7 +53,7 @@ in extraConfig = mkOption { type = types.lines; - description = lib.mdDoc '' + description = '' Extra configuration for bepasty server to be appended on the configuration. see https://bepasty-server.readthedocs.org/en/latest/quickstart.html#configuring-bepasty @@ -70,7 +70,7 @@ in secretKey = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' server secret for safe session cookies, must be set. Warning: this secret is stored in the WORLD-READABLE Nix store! @@ -84,7 +84,7 @@ in secretKeyFile = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' A file that contains the server secret for safe session cookies, must be set. {option}`secretKeyFile` takes precedence over {option}`secretKey`. @@ -96,7 +96,7 @@ in workDir = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Path to the working directory (used for config and pidfile). Defaults to the users home directory. ''; diff --git a/nixpkgs/nixos/modules/services/misc/calibre-server.nix b/nixpkgs/nixos/modules/services/misc/calibre-server.nix index 66ae5fa91bb6..8e2ce2909239 100644 --- a/nixpkgs/nixos/modules/services/misc/calibre-server.nix +++ b/nixpkgs/nixos/modules/services/misc/calibre-server.nix @@ -32,13 +32,13 @@ in options = { services.calibre-server = { - enable = mkEnableOption (lib.mdDoc "calibre-server"); + enable = mkEnableOption "calibre-server (e-book software)"; package = lib.mkPackageOption pkgs "calibre" { }; libraries = mkOption { type = types.listOf types.path; default = [ "/var/lib/calibre-server" ]; - description = lib.mdDoc '' + description = '' Make sure each library path is initialized before service startup. The directories of the libraries to serve. They must be readable for the user under which the server runs. See the [calibredb documentation](${documentationLink}/generated/en/calibredb.html#add) for details. @@ -48,20 +48,20 @@ in user = mkOption { type = types.str; default = "calibre-server"; - description = lib.mdDoc "The user under which calibre-server runs."; + description = "The user under which calibre-server runs."; }; group = mkOption { type = types.str; default = "calibre-server"; - description = lib.mdDoc "The group under which calibre-server runs."; + description = "The group under which calibre-server runs."; }; host = mkOption { type = types.str; default = "0.0.0.0"; example = "::1"; - description = lib.mdDoc '' + description = '' The interface on which to listen for connections. See the [calibre-server documentation](${generatedDocumentationLink}#cmdoption-calibre-server-listen-on) for details. ''; @@ -70,7 +70,7 @@ in port = mkOption { default = 8080; type = types.port; - description = lib.mdDoc '' + description = '' The port on which to listen for connections. See the [calibre-server documentation](${generatedDocumentationLink}#cmdoption-calibre-server-port) for details. ''; @@ -80,7 +80,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Password based authentication to access the server. See the [calibre-server documentation](${generatedDocumentationLink}#cmdoption-calibre-server-enable-auth) for details. ''; @@ -89,7 +89,7 @@ in mode = mkOption { type = types.enum [ "auto" "basic" "digest" ]; default = "auto"; - description = lib.mdDoc '' + description = '' Choose the type of authentication used. Set the HTTP authentication mode used by the server. See the [calibre-server documentation](${generatedDocumentationLink}#cmdoption-calibre-server-auth-mode) for details. @@ -99,7 +99,7 @@ in userDb = mkOption { default = null; type = types.nullOr types.path; - description = lib.mdDoc '' + description = '' Choose users database file to use for authentication. Make sure users database file is initialized before service startup. See the [calibre-server documentation](${documentationLink}/server.html#managing-user-accounts-from-the-command-line-only) for details. diff --git a/nixpkgs/nixos/modules/services/misc/canto-daemon.nix b/nixpkgs/nixos/modules/services/misc/canto-daemon.nix index 8150e038bc13..db51a263aab5 100644 --- a/nixpkgs/nixos/modules/services/misc/canto-daemon.nix +++ b/nixpkgs/nixos/modules/services/misc/canto-daemon.nix @@ -16,7 +16,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the canto RSS daemon."; + description = "Whether to enable the canto RSS daemon."; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/cfdyndns.nix b/nixpkgs/nixos/modules/services/misc/cfdyndns.nix index dba8ac200151..506e5f7613c0 100644 --- a/nixpkgs/nixos/modules/services/misc/cfdyndns.nix +++ b/nixpkgs/nixos/modules/services/misc/cfdyndns.nix @@ -14,11 +14,11 @@ in options = { services.cfdyndns = { - enable = mkEnableOption (lib.mdDoc "Cloudflare Dynamic DNS Client"); + enable = mkEnableOption "Cloudflare Dynamic DNS Client"; email = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The email address to use to authenticate to CloudFlare. ''; }; @@ -26,7 +26,7 @@ in apiTokenFile = mkOption { default = null; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' The path to a file containing the API Token used to authenticate with CloudFlare. ''; @@ -35,7 +35,7 @@ in apikeyFile = mkOption { default = null; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' The path to a file containing the API Key used to authenticate with CloudFlare. ''; @@ -45,7 +45,7 @@ in default = []; example = [ "host.tld" ]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' The records to update in CloudFlare. ''; }; diff --git a/nixpkgs/nixos/modules/services/misc/cgminer.nix b/nixpkgs/nixos/modules/services/misc/cgminer.nix index ad6cbf50918d..dd857124b226 100644 --- a/nixpkgs/nixos/modules/services/misc/cgminer.nix +++ b/nixpkgs/nixos/modules/services/misc/cgminer.nix @@ -31,20 +31,20 @@ in services.cgminer = { - enable = mkEnableOption (lib.mdDoc "cgminer, an ASIC/FPGA/GPU miner for bitcoin and litecoin"); + enable = mkEnableOption "cgminer, an ASIC/FPGA/GPU miner for bitcoin and litecoin"; package = mkPackageOption pkgs "cgminer" { }; user = mkOption { type = types.str; default = "cgminer"; - description = lib.mdDoc "User account under which cgminer runs"; + description = "User account under which cgminer runs"; }; pools = mkOption { default = []; # Run benchmark type = types.listOf (types.attrsOf types.str); - description = lib.mdDoc "List of pools where to mine"; + description = "List of pools where to mine"; example = [{ url = "http://p2pool.org:9332"; username = "17EUZxTvs9uRmPsjPZSYUU3zCz9iwstudk"; @@ -55,7 +55,7 @@ in hardware = mkOption { default = []; # Run without options type = types.listOf (types.attrsOf (types.either types.str types.int)); - description= lib.mdDoc "List of config options for every GPU"; + description= "List of config options for every GPU"; example = [ { intensity = 9; @@ -82,7 +82,7 @@ in config = mkOption { default = {}; type = types.attrsOf (types.either types.bool types.int); - description = lib.mdDoc "Additional config"; + description = "Additional config"; example = { auto-fan = true; auto-gpu = true; diff --git a/nixpkgs/nixos/modules/services/misc/clipcat.nix b/nixpkgs/nixos/modules/services/misc/clipcat.nix index fb6442709530..fa608e73c7d6 100644 --- a/nixpkgs/nixos/modules/services/misc/clipcat.nix +++ b/nixpkgs/nixos/modules/services/misc/clipcat.nix @@ -7,7 +7,7 @@ let in { options.services.clipcat= { - enable = mkEnableOption (lib.mdDoc "Clipcat clipboard daemon"); + enable = mkEnableOption "Clipcat clipboard daemon"; package = mkPackageOption pkgs "clipcat" { }; }; diff --git a/nixpkgs/nixos/modules/services/misc/clipmenu.nix b/nixpkgs/nixos/modules/services/misc/clipmenu.nix index 343167b1df2e..71d36f9ef130 100644 --- a/nixpkgs/nixos/modules/services/misc/clipmenu.nix +++ b/nixpkgs/nixos/modules/services/misc/clipmenu.nix @@ -7,7 +7,7 @@ let in { options.services.clipmenu = { - enable = mkEnableOption (lib.mdDoc "clipmenu, the clipboard management daemon"); + enable = mkEnableOption "clipmenu, the clipboard management daemon"; package = mkPackageOption pkgs "clipmenu" { }; }; diff --git a/nixpkgs/nixos/modules/services/misc/confd.nix b/nixpkgs/nixos/modules/services/misc/confd.nix index 93731547ede8..836a1119a577 100644 --- a/nixpkgs/nixos/modules/services/misc/confd.nix +++ b/nixpkgs/nixos/modules/services/misc/confd.nix @@ -17,46 +17,46 @@ let in { options.services.confd = { - enable = mkEnableOption (lib.mdDoc "confd service"); + enable = mkEnableOption "confd, a service to manage local application configuration files using templates and data from etcd/consul/redis/zookeeper"; backend = mkOption { - description = lib.mdDoc "Confd config storage backend to use."; + description = "Confd config storage backend to use."; default = "etcd"; type = types.enum ["etcd" "consul" "redis" "zookeeper"]; }; interval = mkOption { - description = lib.mdDoc "Confd check interval."; + description = "Confd check interval."; default = 10; type = types.int; }; nodes = mkOption { - description = lib.mdDoc "Confd list of nodes to connect to."; + description = "Confd list of nodes to connect to."; default = [ "http://127.0.0.1:2379" ]; type = types.listOf types.str; }; watch = mkOption { - description = lib.mdDoc "Confd, whether to watch etcd config for changes."; + description = "Confd, whether to watch etcd config for changes."; default = true; type = types.bool; }; prefix = mkOption { - description = lib.mdDoc "The string to prefix to keys."; + description = "The string to prefix to keys."; default = "/"; type = types.path; }; logLevel = mkOption { - description = lib.mdDoc "Confd log level."; + description = "Confd log level."; default = "info"; type = types.enum ["info" "debug"]; }; confDir = mkOption { - description = lib.mdDoc "The path to the confd configs."; + description = "The path to the confd configs."; default = "/etc/confd"; type = types.path; }; diff --git a/nixpkgs/nixos/modules/services/misc/cpuminer-cryptonight.nix b/nixpkgs/nixos/modules/services/misc/cpuminer-cryptonight.nix index 7b18c6b3cd20..907b9d90da29 100644 --- a/nixpkgs/nixos/modules/services/misc/cpuminer-cryptonight.nix +++ b/nixpkgs/nixos/modules/services/misc/cpuminer-cryptonight.nix @@ -23,27 +23,27 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the cpuminer cryptonight miner. ''; }; url = mkOption { type = types.str; - description = lib.mdDoc "URL of mining server"; + description = "URL of mining server"; }; user = mkOption { type = types.str; - description = lib.mdDoc "Username for mining server"; + description = "Username for mining server"; }; pass = mkOption { type = types.str; default = "x"; - description = lib.mdDoc "Password for mining server"; + description = "Password for mining server"; }; threads = mkOption { type = types.int; default = 0; - description = lib.mdDoc "Number of miner threads, defaults to available processors"; + description = "Number of miner threads, defaults to available processors"; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/db-rest.nix b/nixpkgs/nixos/modules/services/misc/db-rest.nix new file mode 100644 index 000000000000..fbf8b327af04 --- /dev/null +++ b/nixpkgs/nixos/modules/services/misc/db-rest.nix @@ -0,0 +1,182 @@ +{ config, pkgs, lib, ... }: +let + inherit (lib) mkOption types mkIf mkMerge mkDefault mkEnableOption mkPackageOption maintainers; + cfg = config.services.db-rest; +in +{ + options = { + services.db-rest = { + enable = mkEnableOption "db-rest service"; + + user = mkOption { + type = types.str; + default = "db-rest"; + description = "User account under which db-rest runs."; + }; + + group = mkOption { + type = types.str; + default = "db-rest"; + description = "Group under which db-rest runs."; + }; + + host = mkOption { + type = types.str; + default = "127.0.0.1"; + description = "The host address the db-rest server should listen on."; + }; + + port = mkOption { + type = types.port; + default = 3000; + description = "The port the db-rest server should listen on."; + }; + + redis = { + enable = mkOption { + type = types.bool; + default = false; + description = "Enable caching with redis for db-rest."; + }; + + createLocally = mkOption { + type = types.bool; + default = true; + description = "Configure a local redis server for db-rest."; + }; + + host = mkOption { + type = with types; nullOr str; + default = null; + description = "Redis host."; + }; + + port = mkOption { + type = with types; nullOr port; + default = null; + description = "Redis port."; + }; + + user = mkOption { + type = with types; nullOr str; + default = null; + description = "Optional username used for authentication with redis."; + }; + + passwordFile = mkOption { + type = with types; nullOr path; + default = null; + example = "/run/keys/db-rest/pasword-redis-db"; + description = "Path to a file containing the redis password."; + }; + + useSSL = mkOption { + type = types.bool; + default = true; + description = "Use SSL if using a redis network connection."; + }; + }; + + package = mkPackageOption pkgs "db-rest" { }; + }; + }; + + config = mkIf cfg.enable { + assertions = [ + { + assertion = (cfg.redis.enable && !cfg.redis.createLocally) -> (cfg.redis.host != null && cfg.redis.port != null); + message = '' + {option}`services.db-rest.redis.createLocally` and redis network connection ({option}`services.db-rest.redis.host` or {option}`services.db-rest.redis.port`) enabled. Disable either of them. + ''; + } + { + assertion = (cfg.redis.enable && !cfg.redis.createLocally) -> (cfg.redis.passwordFile != null); + message = '' + {option}`services.db-rest.redis.createLocally` is disabled, but {option}`services.db-rest.redis.passwordFile` is not set. + ''; + } + ]; + + systemd.services.db-rest = mkMerge [ + { + description = "db-rest service"; + after = [ "network.target" ] + ++ lib.optional cfg.redis.createLocally "redis-db-rest.service"; + requires = lib.optional cfg.redis.createLocally "redis-db-rest.service"; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Type = "simple"; + Restart = "always"; + RestartSec = 5; + WorkingDirectory = cfg.package; + User = cfg.user; + Group = cfg.group; + RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ]; + MemoryDenyWriteExecute = false; + LoadCredential = lib.optional (cfg.redis.enable && cfg.redis.passwordFile != null) "REDIS_PASSWORD:${cfg.redis.passwordFile}"; + ExecStart = mkDefault "${cfg.package}/bin/db-rest"; + + RemoveIPC = true; + NoNewPrivileges = true; + PrivateDevices = true; + ProtectClock = true; + ProtectKernelLogs = true; + ProtectControlGroups = true; + ProtectKernelModules = true; + PrivateMounts = true; + SystemCallArchitectures = "native"; + ProtectHostname = true; + LockPersonality = true; + ProtectKernelTunables = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + RestrictNamespaces = true; + ProtectSystem = "strict"; + ProtectProc = "invisible"; + ProcSubset = "pid"; + ProtectHome = true; + PrivateUsers = true; + PrivateTmp = true; + CapabilityBoundingSet = ""; + }; + environment = { + NODE_ENV = "production"; + NODE_EXTRA_CA_CERTS = "/etc/ssl/certs/ca-certificates.crt"; + HOSTNAME = cfg.host; + PORT = toString cfg.port; + }; + } + (mkIf cfg.redis.enable (if cfg.redis.createLocally then + { environment.REDIS_URL = config.services.redis.servers.db-rest.unixSocket; } + else + { + script = + let + username = lib.optionalString (cfg.redis.user != null) (cfg.redis.user); + host = cfg.redis.host; + port = toString cfg.redis.port; + protocol = if cfg.redis.useSSL then "rediss" else "redis"; + in + '' + export REDIS_URL="${protocol}://${username}:$(${config.systemd.package}/bin/systemd-creds cat REDIS_PASSWORD)@${host}:${port}" + exec ${cfg.package}/bin/db-rest + ''; + })) + ]; + + users.users = lib.mkMerge [ + (lib.mkIf (cfg.user == "db-rest") { + db-rest = { + isSystemUser = true; + group = cfg.group; + }; + }) + (lib.mkIf cfg.redis.createLocally { ${cfg.user}.extraGroups = [ "redis-db-rest" ]; }) + ]; + + users.groups = lib.mkIf (cfg.group == "db-rest") { db-rest = { }; }; + + services.redis.servers.db-rest.enable = cfg.redis.enable && cfg.redis.createLocally; + }; + meta.maintainers = with maintainers; [ marie ]; +} diff --git a/nixpkgs/nixos/modules/services/misc/devmon.nix b/nixpkgs/nixos/modules/services/misc/devmon.nix index bd0b738b7018..e4a3348646b1 100644 --- a/nixpkgs/nixos/modules/services/misc/devmon.nix +++ b/nixpkgs/nixos/modules/services/misc/devmon.nix @@ -8,7 +8,7 @@ let in { options = { services.devmon = { - enable = mkEnableOption (lib.mdDoc "devmon, an automatic device mounting daemon"); + enable = mkEnableOption "devmon, an automatic device mounting daemon"; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/dictd.nix b/nixpkgs/nixos/modules/services/misc/dictd.nix index 4b714b84f3b2..8cb51bb0b7a7 100644 --- a/nixpkgs/nixos/modules/services/misc/dictd.nix +++ b/nixpkgs/nixos/modules/services/misc/dictd.nix @@ -17,7 +17,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the DICT.org dictionary server. ''; }; @@ -27,7 +27,7 @@ in default = with pkgs.dictdDBs; [ wiktionary wordnet ]; defaultText = literalExpression "with pkgs.dictdDBs; [ wiktionary wordnet ]"; example = literalExpression "[ pkgs.dictdDBs.nld2eng ]"; - description = lib.mdDoc "List of databases to make available."; + description = "List of databases to make available."; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/disnix.nix b/nixpkgs/nixos/modules/services/misc/disnix.nix index ee342cbc2e47..80e749204993 100644 --- a/nixpkgs/nixos/modules/services/misc/disnix.nix +++ b/nixpkgs/nixos/modules/services/misc/disnix.nix @@ -17,24 +17,24 @@ in services.disnix = { - enable = mkEnableOption (lib.mdDoc "Disnix"); + enable = mkEnableOption "Disnix"; enableMultiUser = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to support multi-user mode by enabling the Disnix D-Bus service"; + description = "Whether to support multi-user mode by enabling the Disnix D-Bus service"; }; - useWebServiceInterface = mkEnableOption (lib.mdDoc "the DisnixWebService interface running on Apache Tomcat"); + useWebServiceInterface = mkEnableOption "the DisnixWebService interface running on Apache Tomcat"; package = mkPackageOption pkgs "disnix" {}; - enableProfilePath = mkEnableOption (lib.mdDoc "exposing the Disnix profiles in the system's PATH"); + enableProfilePath = mkEnableOption "exposing the Disnix profiles in the system's PATH"; profiles = mkOption { type = types.listOf types.str; default = [ "default" ]; - description = lib.mdDoc "Names of the Disnix profiles to expose in the system's PATH"; + description = "Names of the Disnix profiles to expose in the system's PATH"; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/docker-registry.nix b/nixpkgs/nixos/modules/services/misc/docker-registry.nix index 78d1d6339ed6..93bf71ea3ecc 100644 --- a/nixpkgs/nixos/modules/services/misc/docker-registry.nix +++ b/nixpkgs/nixos/modules/services/misc/docker-registry.nix @@ -41,24 +41,23 @@ let }; }; - configFile = pkgs.writeText "docker-registry-config.yml" (builtins.toJSON (recursiveUpdate registryConfig cfg.extraConfig)); - + configFile = cfg.configFile; in { options.services.dockerRegistry = { - enable = mkEnableOption (lib.mdDoc "Docker Registry"); + enable = mkEnableOption "Docker Registry"; package = mkPackageOption pkgs "docker-distribution" { example = "gitlab-container-registry"; }; listenAddress = mkOption { - description = lib.mdDoc "Docker registry host or ip to bind to."; + description = "Docker registry host or ip to bind to."; default = "127.0.0.1"; type = types.str; }; port = mkOption { - description = lib.mdDoc "Docker registry port to bind to."; + description = "Docker registry port to bind to."; default = 5000; type = types.port; }; @@ -66,13 +65,13 @@ in { openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Opens the port used by the firewall."; + description = "Opens the port used by the firewall."; }; storagePath = mkOption { type = types.nullOr types.path; default = "/var/lib/docker-registry"; - description = lib.mdDoc '' + description = '' Docker registry storage path for the filesystem storage backend. Set to null to configure another backend via extraConfig. ''; @@ -81,37 +80,48 @@ in { enableDelete = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable delete for manifests and blobs."; + description = "Enable delete for manifests and blobs."; }; - enableRedisCache = mkEnableOption (lib.mdDoc "redis as blob cache"); + enableRedisCache = mkEnableOption "redis as blob cache"; redisUrl = mkOption { type = types.str; default = "localhost:6379"; - description = lib.mdDoc "Set redis host and port."; + description = "Set redis host and port."; }; redisPassword = mkOption { type = types.str; default = ""; - description = lib.mdDoc "Set redis password."; + description = "Set redis password."; }; extraConfig = mkOption { - description = lib.mdDoc '' + description = '' Docker extra registry configuration via environment variables. ''; default = {}; type = types.attrs; }; - enableGarbageCollect = mkEnableOption (lib.mdDoc "garbage collect"); + configFile = lib.mkOption { + default = pkgs.writeText "docker-registry-config.yml" (builtins.toJSON (recursiveUpdate registryConfig cfg.extraConfig)); + defaultText = literalExpression ''pkgs.writeText "docker-registry-config.yml" "# my custom docker-registry-config.yml ..."''; + description = '' + Path to CNCF distribution config file. + + Setting this option will override any configuration applied by the extraConfig option. + ''; + type = types.path; + }; + + enableGarbageCollect = mkEnableOption "garbage collect"; garbageCollectDates = mkOption { default = "daily"; type = types.str; - description = lib.mdDoc '' + description = '' Specification (in the format described by {manpage}`systemd.time(7)`) of the time at which the garbage collect will occur. diff --git a/nixpkgs/nixos/modules/services/misc/domoticz.nix b/nixpkgs/nixos/modules/services/misc/domoticz.nix index 315092f93351..52443f49f7b3 100644 --- a/nixpkgs/nixos/modules/services/misc/domoticz.nix +++ b/nixpkgs/nixos/modules/services/misc/domoticz.nix @@ -12,18 +12,18 @@ in { options = { services.domoticz = { - enable = mkEnableOption (lib.mdDoc pkgDesc); + enable = mkEnableOption pkgDesc; bind = mkOption { type = types.str; default = "0.0.0.0"; - description = lib.mdDoc "IP address to bind to."; + description = "IP address to bind to."; }; port = mkOption { type = types.port; default = 8080; - description = lib.mdDoc "Port to bind to for HTTP, set to 0 to disable HTTP."; + description = "Port to bind to for HTTP, set to 0 to disable HTTP."; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/duckling.nix b/nixpkgs/nixos/modules/services/misc/duckling.nix index 4d06ca7fa667..77d2a92380b0 100644 --- a/nixpkgs/nixos/modules/services/misc/duckling.nix +++ b/nixpkgs/nixos/modules/services/misc/duckling.nix @@ -7,12 +7,12 @@ let in { options = { services.duckling = { - enable = mkEnableOption (lib.mdDoc "duckling"); + enable = mkEnableOption "duckling"; port = mkOption { type = types.port; default = 8080; - description = lib.mdDoc '' + description = '' Port on which duckling will run. ''; }; diff --git a/nixpkgs/nixos/modules/services/misc/dwm-status.nix b/nixpkgs/nixos/modules/services/misc/dwm-status.nix index 351adf31d922..081451f2ace9 100644 --- a/nixpkgs/nixos/modules/services/misc/dwm-status.nix +++ b/nixpkgs/nixos/modules/services/misc/dwm-status.nix @@ -22,7 +22,7 @@ in services.dwm-status = { - enable = mkEnableOption (lib.mdDoc "dwm-status user service"); + enable = mkEnableOption "dwm-status user service"; package = mkPackageOption pkgs "dwm-status" { example = "dwm-status.override { enableAlsaUtils = false; }"; @@ -30,7 +30,7 @@ in order = mkOption { type = types.listOf (types.enum [ "audio" "backlight" "battery" "cpu_load" "network" "time" ]); - description = lib.mdDoc '' + description = '' List of enabled features in order. ''; }; @@ -38,7 +38,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra config in TOML format. ''; }; diff --git a/nixpkgs/nixos/modules/services/misc/dysnomia.nix b/nixpkgs/nixos/modules/services/misc/dysnomia.nix index 129345e38106..8150b7876221 100644 --- a/nixpkgs/nixos/modules/services/misc/dysnomia.nix +++ b/nixpkgs/nixos/modules/services/misc/dysnomia.nix @@ -87,52 +87,52 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable Dysnomia"; + description = "Whether to enable Dysnomia"; }; enableAuthentication = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to publish privacy-sensitive authentication credentials"; + description = "Whether to publish privacy-sensitive authentication credentials"; }; package = mkOption { type = types.path; - description = lib.mdDoc "The Dysnomia package"; + description = "The Dysnomia package"; }; properties = mkOption { - description = lib.mdDoc "An attribute set in which each attribute represents a machine property. Optionally, these values can be shell substitutions."; + description = "An attribute set in which each attribute represents a machine property. Optionally, these values can be shell substitutions."; default = {}; type = types.attrs; }; containers = mkOption { - description = lib.mdDoc "An attribute set in which each key represents a container and each value an attribute set providing its configuration properties"; + description = "An attribute set in which each key represents a container and each value an attribute set providing its configuration properties"; default = {}; type = types.attrsOf types.attrs; }; components = mkOption { - description = lib.mdDoc "An attribute set in which each key represents a container and each value an attribute set in which each key represents a component and each value a derivation constructing its initial state"; + description = "An attribute set in which each key represents a container and each value an attribute set in which each key represents a component and each value a derivation constructing its initial state"; default = {}; type = types.attrsOf types.attrs; }; extraContainerProperties = mkOption { - description = lib.mdDoc "An attribute set providing additional container settings in addition to the default properties"; + description = "An attribute set providing additional container settings in addition to the default properties"; default = {}; type = types.attrs; }; extraContainerPaths = mkOption { - description = lib.mdDoc "A list of paths containing additional container configurations that are added to the search folders"; + description = "A list of paths containing additional container configurations that are added to the search folders"; default = []; type = types.listOf types.path; }; extraModulePaths = mkOption { - description = lib.mdDoc "A list of paths containing additional modules that are added to the search folders"; + description = "A list of paths containing additional modules that are added to the search folders"; default = []; type = types.listOf types.path; }; @@ -140,7 +140,7 @@ in enableLegacyModules = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to enable Dysnomia legacy process and wrapper modules"; + description = "Whether to enable Dysnomia legacy process and wrapper modules"; }; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/errbot.nix b/nixpkgs/nixos/modules/services/misc/errbot.nix index a650bc5bbd92..b447ba5d438d 100644 --- a/nixpkgs/nixos/modules/services/misc/errbot.nix +++ b/nixpkgs/nixos/modules/services/misc/errbot.nix @@ -27,48 +27,48 @@ in { options = { services.errbot.instances = mkOption { default = {}; - description = lib.mdDoc "Errbot instance configs"; + description = "Errbot instance configs"; type = types.attrsOf (types.submodule { options = { dataDir = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc "Data directory for errbot instance."; + description = "Data directory for errbot instance."; }; plugins = mkOption { type = types.listOf types.package; default = []; - description = lib.mdDoc "List of errbot plugin derivations."; + description = "List of errbot plugin derivations."; }; logLevel = mkOption { type = types.str; default = "INFO"; - description = lib.mdDoc "Errbot log level"; + description = "Errbot log level"; }; admins = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc "List of identifiers of errbot admins."; + description = "List of identifiers of errbot admins."; }; backend = mkOption { type = types.str; default = "XMPP"; - description = lib.mdDoc "Errbot backend name."; + description = "Errbot backend name."; }; identity = mkOption { type = types.attrs; - description = lib.mdDoc "Errbot identity configuration"; + description = "Errbot identity configuration"; }; extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "String to be appended to the config verbatim"; + description = "String to be appended to the config verbatim"; }; }; }); diff --git a/nixpkgs/nixos/modules/services/misc/etebase-server.nix b/nixpkgs/nixos/modules/services/misc/etebase-server.nix index 6ec3807f0fb2..7b6b5249f230 100644 --- a/nixpkgs/nixos/modules/services/misc/etebase-server.nix +++ b/nixpkgs/nixos/modules/services/misc/etebase-server.nix @@ -33,7 +33,7 @@ in type = types.bool; default = false; example = true; - description = lib.mdDoc '' + description = '' Whether to enable the Etebase server. Once enabled you need to create an admin user by invoking the @@ -47,25 +47,25 @@ in type = types.package; default = pkgs.python3.pkgs.etebase-server; defaultText = literalExpression "pkgs.python3.pkgs.etebase-server"; - description = lib.mdDoc "etebase-server package to use."; + description = "etebase-server package to use."; }; dataDir = mkOption { type = types.str; default = "/var/lib/etebase-server"; - description = lib.mdDoc "Directory to store the Etebase server data."; + description = "Directory to store the Etebase server data."; }; port = mkOption { type = with types; nullOr port; default = 8001; - description = lib.mdDoc "Port to listen on."; + description = "Port to listen on."; }; openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to open ports in the firewall for the server. ''; }; @@ -73,7 +73,7 @@ in unixSocket = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc "The path to the socket to bind to."; + description = "The path to the socket to bind to."; example = "/run/etebase-server/etebase-server.sock"; }; @@ -86,14 +86,14 @@ in debug = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to set django's DEBUG flag. ''; }; secret_file = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' The path to a file containing the secret used as django's SECRET_KEY. ''; @@ -102,13 +102,13 @@ in type = types.str; default = "${cfg.dataDir}/static"; defaultText = literalExpression ''"''${config.services.etebase-server.dataDir}/static"''; - description = lib.mdDoc "The directory for static files."; + description = "The directory for static files."; }; media_root = mkOption { type = types.str; default = "${cfg.dataDir}/media"; defaultText = literalExpression ''"''${config.services.etebase-server.dataDir}/media"''; - description = lib.mdDoc "The media directory."; + description = "The media directory."; }; }; allowed_hosts = { @@ -116,7 +116,7 @@ in type = types.str; default = "0.0.0.0"; example = "localhost"; - description = lib.mdDoc '' + description = '' The main host that is allowed access. ''; }; @@ -125,19 +125,19 @@ in engine = mkOption { type = types.enum [ "django.db.backends.sqlite3" "django.db.backends.postgresql" ]; default = "django.db.backends.sqlite3"; - description = lib.mdDoc "The database engine to use."; + description = "The database engine to use."; }; name = mkOption { type = types.str; default = "${cfg.dataDir}/db.sqlite3"; defaultText = literalExpression ''"''${config.services.etebase-server.dataDir}/db.sqlite3"''; - description = lib.mdDoc "The database name."; + description = "The database name."; }; }; }; }; default = {}; - description = lib.mdDoc '' + description = '' Configuration for `etebase-server`. Refer to <https://github.com/etesync/server/blob/master/etebase-server.ini.example> and <https://github.com/etesync/server/wiki> @@ -157,7 +157,7 @@ in user = mkOption { type = types.str; default = defaultUser; - description = lib.mdDoc "User under which Etebase server runs."; + description = "User under which Etebase server runs."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/etesync-dav.nix b/nixpkgs/nixos/modules/services/misc/etesync-dav.nix index ae2b5ad04343..ea659c61bd5a 100644 --- a/nixpkgs/nixos/modules/services/misc/etesync-dav.nix +++ b/nixpkgs/nixos/modules/services/misc/etesync-dav.nix @@ -7,37 +7,37 @@ let in { options.services.etesync-dav = { - enable = mkEnableOption (lib.mdDoc "etesync-dav"); + enable = mkEnableOption "etesync-dav, end-to-end encrypted sync for contacts, calendars and tasks"; host = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc "The server host address."; + description = "The server host address."; }; port = mkOption { type = types.port; default = 37358; - description = lib.mdDoc "The server host port."; + description = "The server host port."; }; apiUrl = mkOption { type = types.str; default = "https://api.etesync.com/"; - description = lib.mdDoc "The url to the etesync API."; + description = "The url to the etesync API."; }; openFirewall = mkOption { default = false; type = types.bool; - description = lib.mdDoc "Whether to open the firewall for the specified port."; + description = "Whether to open the firewall for the specified port."; }; sslCertificate = mkOption { type = types.nullOr types.path; default = null; example = "/var/etesync.crt"; - description = lib.mdDoc '' + description = '' Path to server SSL certificate. It will be copied into etesync-dav's data directory. ''; @@ -47,7 +47,7 @@ in type = types.nullOr types.path; default = null; example = "/var/etesync.key"; - description = lib.mdDoc '' + description = '' Path to server SSL certificate key. It will be copied into etesync-dav's data directory. ''; diff --git a/nixpkgs/nixos/modules/services/misc/evdevremapkeys.nix b/nixpkgs/nixos/modules/services/misc/evdevremapkeys.nix index 11ea6a5f03f2..e559dd89dc9f 100644 --- a/nixpkgs/nixos/modules/services/misc/evdevremapkeys.nix +++ b/nixpkgs/nixos/modules/services/misc/evdevremapkeys.nix @@ -8,12 +8,12 @@ let in { options.services.evdevremapkeys = { - enable = mkEnableOption (lib.mdDoc ''evdevremapkeys''); + enable = mkEnableOption ''evdevremapkeys, a daemon to remap events on linux input devices''; settings = mkOption { type = format.type; default = { }; - description = lib.mdDoc '' + description = '' config.yaml for evdevremapkeys ''; }; diff --git a/nixpkgs/nixos/modules/services/misc/felix.nix b/nixpkgs/nixos/modules/services/misc/felix.nix index 306d4cf0d7cf..0283de128afe 100644 --- a/nixpkgs/nixos/modules/services/misc/felix.nix +++ b/nixpkgs/nixos/modules/services/misc/felix.nix @@ -17,25 +17,25 @@ in services.felix = { - enable = mkEnableOption (lib.mdDoc "the Apache Felix OSGi service"); + enable = mkEnableOption "the Apache Felix OSGi service"; bundles = mkOption { type = types.listOf types.package; default = [ pkgs.felix_remoteshell ]; defaultText = literalExpression "[ pkgs.felix_remoteshell ]"; - description = lib.mdDoc "List of bundles that should be activated on startup"; + description = "List of bundles that should be activated on startup"; }; user = mkOption { type = types.str; default = "osgi"; - description = lib.mdDoc "User account under which Apache Felix runs."; + description = "User account under which Apache Felix runs."; }; group = mkOption { type = types.str; default = "osgi"; - description = lib.mdDoc "Group account under which Apache Felix runs."; + description = "Group account under which Apache Felix runs."; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/forgejo.nix b/nixpkgs/nixos/modules/services/misc/forgejo.nix index 08cddc3a0710..babed2d5acd4 100644 --- a/nixpkgs/nixos/modules/services/misc/forgejo.nix +++ b/nixpkgs/nixos/modules/services/misc/forgejo.nix @@ -14,7 +14,6 @@ let inherit (lib) literalExpression - mdDoc mkChangedOptionModule mkDefault mkEnableOption @@ -55,14 +54,14 @@ in options = { services.forgejo = { - enable = mkEnableOption (mdDoc "Forgejo"); + enable = mkEnableOption "Forgejo, a software forge"; package = mkPackageOption pkgs "forgejo" { }; useWizard = mkOption { default = false; type = types.bool; - description = mdDoc '' + description = '' Whether to use the built-in installation wizard instead of declaratively managing the {file}`app.ini` config file in nix. ''; @@ -71,14 +70,14 @@ in stateDir = mkOption { default = "/var/lib/forgejo"; type = types.str; - description = mdDoc "Forgejo data directory."; + description = "Forgejo data directory."; }; customDir = mkOption { default = "${cfg.stateDir}/custom"; defaultText = literalExpression ''"''${config.${opt.stateDir}}/custom"''; type = types.str; - description = mdDoc '' + description = '' Base directory for custom templates and other options. If {option}`${opt.useWizard}` is disabled (default), this directory will also @@ -89,13 +88,13 @@ in user = mkOption { type = types.str; default = "forgejo"; - description = mdDoc "User account under which Forgejo runs."; + description = "User account under which Forgejo runs."; }; group = mkOption { type = types.str; default = "forgejo"; - description = mdDoc "Group under which Forgejo runs."; + description = "Group under which Forgejo runs."; }; database = { @@ -103,43 +102,43 @@ in type = types.enum [ "sqlite3" "mysql" "postgres" ]; example = "mysql"; default = "sqlite3"; - description = mdDoc "Database engine to use."; + description = "Database engine to use."; }; host = mkOption { type = types.str; default = "127.0.0.1"; - description = mdDoc "Database host address."; + description = "Database host address."; }; port = mkOption { type = types.port; - default = if !usePostgresql then 3306 else pg.port; + default = if usePostgresql then pg.settings.port else 3306; defaultText = literalExpression '' if config.${opt.database.type} != "postgresql" then 3306 - else config.${options.services.postgresql.port} + else 5432 ''; - description = mdDoc "Database host port."; + description = "Database host port."; }; name = mkOption { type = types.str; default = "forgejo"; - description = mdDoc "Database name."; + description = "Database name."; }; user = mkOption { type = types.str; default = "forgejo"; - description = mdDoc "Database user."; + description = "Database user."; }; passwordFile = mkOption { type = types.nullOr types.path; default = null; example = "/run/keys/forgejo-dbpassword"; - description = mdDoc '' + description = '' A file containing the password corresponding to {option}`${opt.database.user}`. ''; @@ -150,31 +149,31 @@ in default = if (cfg.database.createDatabase && usePostgresql) then "/run/postgresql" else if (cfg.database.createDatabase && useMysql) then "/run/mysqld/mysqld.sock" else null; defaultText = literalExpression "null"; example = "/run/mysqld/mysqld.sock"; - description = mdDoc "Path to the unix socket file to use for authentication."; + description = "Path to the unix socket file to use for authentication."; }; path = mkOption { type = types.str; default = "${cfg.stateDir}/data/forgejo.db"; defaultText = literalExpression ''"''${config.${opt.stateDir}}/data/forgejo.db"''; - description = mdDoc "Path to the sqlite3 database file."; + description = "Path to the sqlite3 database file."; }; createDatabase = mkOption { type = types.bool; default = true; - description = mdDoc "Whether to create a local database automatically."; + description = "Whether to create a local database automatically."; }; }; dump = { - enable = mkEnableOption (mdDoc "periodic dumps via the [built-in {command}`dump` command](https://forgejo.org/docs/latest/admin/command-line/#dump)"); + enable = mkEnableOption "periodic dumps via the [built-in {command}`dump` command](https://forgejo.org/docs/latest/admin/command-line/#dump)"; interval = mkOption { type = types.str; default = "04:31"; example = "hourly"; - description = mdDoc '' + description = '' Run a Forgejo dump at this interval. Runs by default at 04:31 every day. The format is described in @@ -186,19 +185,19 @@ in type = types.str; default = "${cfg.stateDir}/dump"; defaultText = literalExpression ''"''${config.${opt.stateDir}}/dump"''; - description = mdDoc "Path to the directory where the dump archives will be stored."; + description = "Path to the directory where the dump archives will be stored."; }; type = mkOption { type = types.enum [ "zip" "tar" "tar.sz" "tar.gz" "tar.xz" "tar.bz2" "tar.br" "tar.lz4" "tar.zst" ]; default = "zip"; - description = mdDoc "Archive format used to store the dump file."; + description = "Archive format used to store the dump file."; }; file = mkOption { type = types.nullOr types.str; default = null; - description = mdDoc "Filename to be used for the dump. If `null` a default name is chosen by forgejo."; + description = "Filename to be used for the dump. If `null` a default name is chosen by forgejo."; example = "forgejo-dump"; }; }; @@ -207,14 +206,14 @@ in enable = mkOption { type = types.bool; default = false; - description = mdDoc "Enables git-lfs support."; + description = "Enables git-lfs support."; }; contentDir = mkOption { type = types.str; default = "${cfg.stateDir}/data/lfs"; defaultText = literalExpression ''"''${config.${opt.stateDir}}/data/lfs"''; - description = mdDoc "Where to store LFS files."; + description = "Where to store LFS files."; }; }; @@ -222,19 +221,19 @@ in type = types.str; default = "${cfg.stateDir}/repositories"; defaultText = literalExpression ''"''${config.${opt.stateDir}}/repositories"''; - description = mdDoc "Path to the git repositories."; + description = "Path to the git repositories."; }; mailerPasswordFile = mkOption { type = types.nullOr types.str; default = null; example = "/run/keys/forgejo-mailpw"; - description = mdDoc "Path to a file containing the SMTP password."; + description = "Path to a file containing the SMTP password."; }; settings = mkOption { default = { }; - description = mdDoc '' + description = '' Free-form settings written directly to the `app.ini` configfile file. Refer to <https://forgejo.org/docs/latest/admin/config-cheat-sheet/> for supported values. ''; @@ -267,12 +266,12 @@ in default = "${cfg.stateDir}/log"; defaultText = literalExpression ''"''${config.${opt.stateDir}}/log"''; type = types.str; - description = mdDoc "Root path for log files."; + description = "Root path for log files."; }; LEVEL = mkOption { default = "Info"; type = types.enum [ "Trace" "Debug" "Info" "Warn" "Error" "Critical" ]; - description = mdDoc "General log level."; + description = "General log level."; }; }; @@ -280,33 +279,33 @@ in PROTOCOL = mkOption { type = types.enum [ "http" "https" "fcgi" "http+unix" "fcgi+unix" ]; default = "http"; - description = mdDoc ''Listen protocol. `+unix` means "over unix", not "in addition to."''; + description = ''Listen protocol. `+unix` means "over unix", not "in addition to."''; }; HTTP_ADDR = mkOption { type = types.either types.str types.path; default = if lib.hasSuffix "+unix" cfg.settings.server.PROTOCOL then "/run/forgejo/forgejo.sock" else "0.0.0.0"; defaultText = literalExpression ''if lib.hasSuffix "+unix" cfg.settings.server.PROTOCOL then "/run/forgejo/forgejo.sock" else "0.0.0.0"''; - description = mdDoc "Listen address. Must be a path when using a unix socket."; + description = "Listen address. Must be a path when using a unix socket."; }; HTTP_PORT = mkOption { type = types.port; default = 3000; - description = mdDoc "Listen port. Ignored when using a unix socket."; + description = "Listen port. Ignored when using a unix socket."; }; DOMAIN = mkOption { type = types.str; default = "localhost"; - description = mdDoc "Domain name of your server."; + description = "Domain name of your server."; }; ROOT_URL = mkOption { type = types.str; default = "http://${cfg.settings.server.DOMAIN}:${toString cfg.settings.server.HTTP_PORT}/"; defaultText = literalExpression ''"http://''${config.services.forgejo.settings.server.DOMAIN}:''${toString config.services.forgejo.settings.server.HTTP_PORT}/"''; - description = mdDoc "Full public URL of Forgejo server."; + description = "Full public URL of Forgejo server."; }; STATIC_ROOT_PATH = mkOption { @@ -314,20 +313,20 @@ in default = cfg.package.data; defaultText = literalExpression "config.${opt.package}.data"; example = "/var/lib/forgejo/data"; - description = mdDoc "Upper level of template and static files path."; + description = "Upper level of template and static files path."; }; DISABLE_SSH = mkOption { type = types.bool; default = false; - description = mdDoc "Disable external SSH feature."; + description = "Disable external SSH feature."; }; SSH_PORT = mkOption { type = types.port; default = 22; example = 2222; - description = mdDoc '' + description = '' SSH port displayed in clone URL. The option is required to configure a service when the external visible port differs from the local listening port i.e. if port forwarding is used. @@ -339,7 +338,7 @@ in COOKIE_SECURE = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Marks session cookies as "secure" as a hint for browsers to only send them via HTTPS. This option is recommend, if Forgejo is being served over HTTPS. ''; diff --git a/nixpkgs/nixos/modules/services/misc/freeswitch.nix b/nixpkgs/nixos/modules/services/misc/freeswitch.nix index a8f7b3d0c3ae..e90d9838fcb7 100644 --- a/nixpkgs/nixos/modules/services/misc/freeswitch.nix +++ b/nixpkgs/nixos/modules/services/misc/freeswitch.nix @@ -18,11 +18,11 @@ let in { options = { services.freeswitch = { - enable = mkEnableOption (lib.mdDoc "FreeSWITCH"); + enable = mkEnableOption "FreeSWITCH"; enableReload = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Issue the `reloadxml` command to FreeSWITCH when configuration directory changes (instead of restart). See [FreeSWITCH documentation](https://freeswitch.org/confluence/display/FREESWITCH/Reloading) for more info. The configuration directory is exposed at {file}`/etc/freeswitch`. @@ -34,7 +34,7 @@ in { default = "${config.services.freeswitch.package}/share/freeswitch/conf/vanilla"; defaultText = literalExpression ''"''${config.services.freeswitch.package}/share/freeswitch/conf/vanilla"''; example = literalExpression ''"''${config.services.freeswitch.package}/share/freeswitch/conf/minimal"''; - description = lib.mdDoc '' + description = '' Configuration template to use. See available templates in [FreeSWITCH repository](https://github.com/signalwire/freeswitch/tree/master/conf). You can also set your own configuration directory. @@ -51,7 +51,7 @@ in { '''; } ''; - description = lib.mdDoc '' + description = '' Override file in FreeSWITCH config template directory. Each top-level attribute denotes a file path in the configuration directory, its value is the file path. See [FreeSWITCH documentation](https://freeswitch.org/confluence/display/FREESWITCH/Default+Configuration) for more info. diff --git a/nixpkgs/nixos/modules/services/misc/fstrim.nix b/nixpkgs/nixos/modules/services/misc/fstrim.nix index 55fb24e29272..d2dda2636ef1 100644 --- a/nixpkgs/nixos/modules/services/misc/fstrim.nix +++ b/nixpkgs/nixos/modules/services/misc/fstrim.nix @@ -11,12 +11,12 @@ in { options = { services.fstrim = { - enable = mkEnableOption (lib.mdDoc "periodic SSD TRIM of mounted partitions in background"); + enable = mkEnableOption "periodic SSD TRIM of mounted partitions in background"; interval = mkOption { type = types.str; default = "weekly"; - description = lib.mdDoc '' + description = '' How often we run fstrim. For most desktop and server systems a sufficient trimming frequency is once a week. diff --git a/nixpkgs/nixos/modules/services/misc/gammu-smsd.nix b/nixpkgs/nixos/modules/services/misc/gammu-smsd.nix index eff725f5a868..b30258333af2 100644 --- a/nixpkgs/nixos/modules/services/misc/gammu-smsd.nix +++ b/nixpkgs/nixos/modules/services/misc/gammu-smsd.nix @@ -53,44 +53,44 @@ in { options = { services.gammu-smsd = { - enable = mkEnableOption (lib.mdDoc "gammu-smsd daemon"); + enable = mkEnableOption "gammu-smsd daemon"; user = mkOption { type = types.str; default = "smsd"; - description = lib.mdDoc "User that has access to the device"; + description = "User that has access to the device"; }; device = { path = mkOption { type = types.path; - description = lib.mdDoc "Device node or address of the phone"; + description = "Device node or address of the phone"; example = "/dev/ttyUSB2"; }; group = mkOption { type = types.str; default = "root"; - description = lib.mdDoc "Owner group of the device"; + description = "Owner group of the device"; example = "dialout"; }; connection = mkOption { type = types.str; default = "at"; - description = lib.mdDoc "Protocol which will be used to talk to the phone"; + description = "Protocol which will be used to talk to the phone"; }; synchronizeTime = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to set time from computer to the phone during starting connection"; + description = "Whether to set time from computer to the phone during starting connection"; }; pin = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "PIN code for the simcard"; + description = "PIN code for the simcard"; }; }; @@ -99,13 +99,13 @@ in { file = mkOption { type = types.str; default = "syslog"; - description = lib.mdDoc "Path to file where information about communication will be stored"; + description = "Path to file where information about communication will be stored"; }; format = mkOption { type = types.enum [ "nothing" "text" "textall" "textalldate" "errors" "errorsdate" "binary" ]; default = "errors"; - description = lib.mdDoc "Determines what will be logged to the LogFile"; + description = "Determines what will be logged to the LogFile"; }; }; @@ -114,14 +114,14 @@ in { gammu = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Extra config lines to be added into [gammu] section"; + description = "Extra config lines to be added into [gammu] section"; }; smsd = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Extra config lines to be added into [smsd] section"; + description = "Extra config lines to be added into [smsd] section"; }; }; @@ -130,69 +130,69 @@ in { service = mkOption { type = types.enum [ "null" "files" "sql" ]; default = "null"; - description = lib.mdDoc "Service to use to store sms data."; + description = "Service to use to store sms data."; }; files = { inboxPath = mkOption { type = types.path; default = "/var/spool/sms/inbox/"; - description = lib.mdDoc "Where the received SMSes are stored"; + description = "Where the received SMSes are stored"; }; outboxPath = mkOption { type = types.path; default = "/var/spool/sms/outbox/"; - description = lib.mdDoc "Where SMSes to be sent should be placed"; + description = "Where SMSes to be sent should be placed"; }; sentSMSPath = mkOption { type = types.path; default = "/var/spool/sms/sent/"; - description = lib.mdDoc "Where the transmitted SMSes are placed"; + description = "Where the transmitted SMSes are placed"; }; errorSMSPath = mkOption { type = types.path; default = "/var/spool/sms/error/"; - description = lib.mdDoc "Where SMSes with error in transmission is placed"; + description = "Where SMSes with error in transmission is placed"; }; }; sql = { driver = mkOption { type = types.enum [ "native_mysql" "native_pgsql" "odbc" "dbi" ]; - description = lib.mdDoc "DB driver to use"; + description = "DB driver to use"; }; sqlDialect = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "SQL dialect to use (odbc driver only)"; + description = "SQL dialect to use (odbc driver only)"; }; database = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "Database name to store sms data"; + description = "Database name to store sms data"; }; host = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc "Database server address"; + description = "Database server address"; }; user = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "User name used for connection to the database"; + description = "User name used for connection to the database"; }; password = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "User password used for connection to the database"; + description = "User password used for connection to the database"; }; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/geoipupdate.nix b/nixpkgs/nixos/modules/services/misc/geoipupdate.nix index 27c1157e9a8c..f46bf7b394fe 100644 --- a/nixpkgs/nixos/modules/services/misc/geoipupdate.nix +++ b/nixpkgs/nixos/modules/services/misc/geoipupdate.nix @@ -11,14 +11,14 @@ in options = { services.geoipupdate = { - enable = lib.mkEnableOption (lib.mdDoc '' - periodic downloading of GeoIP databases using geoipupdate. - ''); + enable = lib.mkEnableOption '' + periodic downloading of GeoIP databases using geoipupdate + ''; interval = lib.mkOption { type = lib.types.str; default = "weekly"; - description = lib.mdDoc '' + description = '' Update the GeoIP databases at this time / interval. The format is described in {manpage}`systemd.time(7)`. @@ -35,7 +35,7 @@ in ProxyUserPassword = { _secret = "/run/keys/proxy_pass"; }; } ''; - description = lib.mdDoc '' + description = '' geoipupdate configuration options. See <https://github.com/maxmind/geoipupdate/blob/main/doc/GeoIP.conf.md> for a full list of available options. @@ -62,7 +62,7 @@ in AccountID = lib.mkOption { type = lib.types.int; - description = lib.mdDoc '' + description = '' Your MaxMind account ID. ''; }; @@ -74,7 +74,7 @@ in "GeoLite2-City" "GeoLite2-Country" ]; - description = lib.mdDoc '' + description = '' List of database edition IDs. This includes new string IDs like `GeoIP2-City` and old numeric IDs like `106`. @@ -83,7 +83,7 @@ in LicenseKey = lib.mkOption { type = with lib.types; either path (attrsOf path); - description = lib.mdDoc '' + description = '' A file containing the MaxMind license key. Always handled as a secret whether the value is @@ -98,7 +98,7 @@ in type = lib.types.path; default = "/var/lib/GeoIP"; example = "/run/GeoIP"; - description = lib.mdDoc '' + description = '' The directory to store the database files in. The directory will be automatically created, the owner changed to `geoip` and permissions diff --git a/nixpkgs/nixos/modules/services/misc/gitea.nix b/nixpkgs/nixos/modules/services/misc/gitea.nix index 08feea853e47..a8526688b074 100644 --- a/nixpkgs/nixos/modules/services/misc/gitea.nix +++ b/nixpkgs/nixos/modules/services/misc/gitea.nix @@ -48,7 +48,7 @@ in enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc "Enable Gitea Service."; + description = "Enable Gitea Service."; }; package = mkPackageOption pkgs "gitea" { }; @@ -56,32 +56,32 @@ in useWizard = mkOption { default = false; type = types.bool; - description = lib.mdDoc "Do not generate a configuration and use gitea' installation wizard instead. The first registered user will be administrator."; + description = "Do not generate a configuration and use gitea' installation wizard instead. The first registered user will be administrator."; }; stateDir = mkOption { default = "/var/lib/gitea"; type = types.str; - description = lib.mdDoc "Gitea data directory."; + description = "Gitea data directory."; }; customDir = mkOption { default = "${cfg.stateDir}/custom"; defaultText = literalExpression ''"''${config.${opt.stateDir}}/custom"''; type = types.str; - description = lib.mdDoc "Gitea custom directory. Used for config, custom templates and other options."; + description = "Gitea custom directory. Used for config, custom templates and other options."; }; user = mkOption { type = types.str; default = "gitea"; - description = lib.mdDoc "User account under which gitea runs."; + description = "User account under which gitea runs."; }; group = mkOption { type = types.str; default = "gitea"; - description = lib.mdDoc "Group under which gitea runs."; + description = "Group under which gitea runs."; }; database = { @@ -89,42 +89,42 @@ in type = types.enum [ "sqlite3" "mysql" "postgres" ]; example = "mysql"; default = "sqlite3"; - description = lib.mdDoc "Database engine to use."; + description = "Database engine to use."; }; host = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc "Database host address."; + description = "Database host address."; }; port = mkOption { type = types.port; - default = if !usePostgresql then 3306 else pg.port; + default = if usePostgresql then pg.settings.port else 3306; defaultText = literalExpression '' if config.${opt.database.type} != "postgresql" then 3306 - else config.${options.services.postgresql.port} + else 5432 ''; - description = lib.mdDoc "Database host port."; + description = "Database host port."; }; name = mkOption { type = types.str; default = "gitea"; - description = lib.mdDoc "Database name."; + description = "Database name."; }; user = mkOption { type = types.str; default = "gitea"; - description = lib.mdDoc "Database user."; + description = "Database user."; }; password = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' The password corresponding to {option}`database.user`. Warning: this is stored in cleartext in the Nix store! Use {option}`database.passwordFile` instead. @@ -135,7 +135,7 @@ in type = types.nullOr types.path; default = null; example = "/run/keys/gitea-dbpassword"; - description = lib.mdDoc '' + description = '' A file containing the password corresponding to {option}`database.user`. ''; @@ -146,20 +146,20 @@ in default = if (cfg.database.createDatabase && usePostgresql) then "/run/postgresql" else if (cfg.database.createDatabase && useMysql) then "/run/mysqld/mysqld.sock" else null; defaultText = literalExpression "null"; example = "/run/mysqld/mysqld.sock"; - description = lib.mdDoc "Path to the unix socket file to use for authentication."; + description = "Path to the unix socket file to use for authentication."; }; path = mkOption { type = types.str; default = "${cfg.stateDir}/data/gitea.db"; defaultText = literalExpression ''"''${config.${opt.stateDir}}/data/gitea.db"''; - description = lib.mdDoc "Path to the sqlite3 database file."; + description = "Path to the sqlite3 database file."; }; createDatabase = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to create a local database automatically."; + description = "Whether to create a local database automatically."; }; }; @@ -167,7 +167,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable a timer that runs gitea dump to generate backup-files of the current gitea database and repositories. ''; @@ -177,7 +177,7 @@ in type = types.str; default = "04:31"; example = "hourly"; - description = lib.mdDoc '' + description = '' Run a gitea dump at this interval. Runs by default at 04:31 every day. The format is described in @@ -189,19 +189,19 @@ in type = types.str; default = "${cfg.stateDir}/dump"; defaultText = literalExpression ''"''${config.${opt.stateDir}}/dump"''; - description = lib.mdDoc "Path to the dump files."; + description = "Path to the dump files."; }; type = mkOption { type = types.enum [ "zip" "rar" "tar" "sz" "tar.gz" "tar.xz" "tar.bz2" "tar.br" "tar.lz4" "tar.zst" ]; default = "zip"; - description = lib.mdDoc "Archive format used to store the dump file."; + description = "Archive format used to store the dump file."; }; file = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "Filename to be used for the dump. If `null` a default name is chosen by gitea."; + description = "Filename to be used for the dump. If `null` a default name is chosen by gitea."; example = "gitea-dump"; }; }; @@ -210,54 +210,54 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enables git-lfs support."; + description = "Enables git-lfs support."; }; contentDir = mkOption { type = types.str; default = "${cfg.stateDir}/data/lfs"; defaultText = literalExpression ''"''${config.${opt.stateDir}}/data/lfs"''; - description = lib.mdDoc "Where to store LFS files."; + description = "Where to store LFS files."; }; }; appName = mkOption { type = types.str; default = "gitea: Gitea Service"; - description = lib.mdDoc "Application name."; + description = "Application name."; }; repositoryRoot = mkOption { type = types.str; default = "${cfg.stateDir}/repositories"; defaultText = literalExpression ''"''${config.${opt.stateDir}}/repositories"''; - description = lib.mdDoc "Path to the git repositories."; + description = "Path to the git repositories."; }; camoHmacKeyFile = mkOption { type = types.nullOr types.str; default = null; example = "/var/lib/secrets/gitea/camoHmacKey"; - description = lib.mdDoc "Path to a file containing the camo HMAC key."; + description = "Path to a file containing the camo HMAC key."; }; mailerPasswordFile = mkOption { type = types.nullOr types.str; default = null; example = "/var/lib/secrets/gitea/mailpw"; - description = lib.mdDoc "Path to a file containing the SMTP password."; + description = "Path to a file containing the SMTP password."; }; metricsTokenFile = mkOption { type = types.nullOr types.str; default = null; example = "/var/lib/secrets/gitea/metrics_token"; - description = lib.mdDoc "Path to a file containing the metrics authentication token."; + description = "Path to a file containing the metrics authentication token."; }; settings = mkOption { default = {}; - description = lib.mdDoc '' + description = '' Gitea configuration. Refer to <https://docs.gitea.io/en-us/config-cheat-sheet/> for details on supported values. ''; @@ -287,12 +287,12 @@ in default = "${cfg.stateDir}/log"; defaultText = literalExpression ''"''${config.${opt.stateDir}}/log"''; type = types.str; - description = lib.mdDoc "Root path for log files."; + description = "Root path for log files."; }; LEVEL = mkOption { default = "Info"; type = types.enum [ "Trace" "Debug" "Info" "Warn" "Error" "Critical" ]; - description = lib.mdDoc "General log level."; + description = "General log level."; }; }; @@ -300,33 +300,33 @@ in PROTOCOL = mkOption { type = types.enum [ "http" "https" "fcgi" "http+unix" "fcgi+unix" ]; default = "http"; - description = lib.mdDoc ''Listen protocol. `+unix` means "over unix", not "in addition to."''; + description = ''Listen protocol. `+unix` means "over unix", not "in addition to."''; }; HTTP_ADDR = mkOption { type = types.either types.str types.path; default = if lib.hasSuffix "+unix" cfg.settings.server.PROTOCOL then "/run/gitea/gitea.sock" else "0.0.0.0"; defaultText = literalExpression ''if lib.hasSuffix "+unix" cfg.settings.server.PROTOCOL then "/run/gitea/gitea.sock" else "0.0.0.0"''; - description = lib.mdDoc "Listen address. Must be a path when using a unix socket."; + description = "Listen address. Must be a path when using a unix socket."; }; HTTP_PORT = mkOption { type = types.port; default = 3000; - description = lib.mdDoc "Listen port. Ignored when using a unix socket."; + description = "Listen port. Ignored when using a unix socket."; }; DOMAIN = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc "Domain name of your server."; + description = "Domain name of your server."; }; ROOT_URL = mkOption { type = types.str; default = "http://${cfg.settings.server.DOMAIN}:${toString cfg.settings.server.HTTP_PORT}/"; defaultText = literalExpression ''"http://''${config.services.gitea.settings.server.DOMAIN}:''${toString config.services.gitea.settings.server.HTTP_PORT}/"''; - description = lib.mdDoc "Full public URL of gitea server."; + description = "Full public URL of gitea server."; }; STATIC_ROOT_PATH = mkOption { @@ -334,20 +334,20 @@ in default = cfg.package.data; defaultText = literalExpression "config.${opt.package}.data"; example = "/var/lib/gitea/data"; - description = lib.mdDoc "Upper level of template and static files path."; + description = "Upper level of template and static files path."; }; DISABLE_SSH = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Disable external SSH feature."; + description = "Disable external SSH feature."; }; SSH_PORT = mkOption { type = types.port; default = 22; example = 2222; - description = lib.mdDoc '' + description = '' SSH port displayed in clone URL. The option is required to configure a service when the external visible port differs from the local listening port i.e. if port forwarding is used. @@ -356,8 +356,8 @@ in }; service = { - DISABLE_REGISTRATION = mkEnableOption (lib.mdDoc "the registration lock") // { - description = lib.mdDoc '' + DISABLE_REGISTRATION = mkEnableOption "the registration lock" // { + description = '' By default any user can create an account on this `gitea` instance. This can be disabled by using this option. @@ -373,7 +373,7 @@ in COOKIE_SECURE = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Marks session cookies as "secure" as a hint for browsers to only send them via HTTPS. This option is recommend, if gitea is being served over HTTPS. ''; @@ -386,7 +386,7 @@ in extraConfig = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc "Configuration lines appended to the generated gitea configuration file."; + description = "Configuration lines appended to the generated gitea configuration file."; }; }; }; @@ -722,5 +722,5 @@ in timerConfig.OnCalendar = cfg.dump.interval; }; }; - meta.maintainers = with lib.maintainers; [ srhb ma27 thehedgeh0g ]; + meta.maintainers = with lib.maintainers; [ srhb ma27 pyrox0 ]; } diff --git a/nixpkgs/nixos/modules/services/misc/gitlab.nix b/nixpkgs/nixos/modules/services/misc/gitlab.nix index e95ab0a112bc..7b96a182f0d9 100644 --- a/nixpkgs/nixos/modules/services/misc/gitlab.nix +++ b/nixpkgs/nixos/modules/services/misc/gitlab.nix @@ -18,6 +18,8 @@ let gitalySocket = "${cfg.statePath}/tmp/sockets/gitaly.socket"; pathUrlQuote = url: replaceStrings ["/"] ["%2F"] url; + gitlabVersionAtLeast = version: lib.versionAtLeast (lib.getVersion cfg.packages.gitlab) version; + databaseConfig = let val = { adapter = "postgresql"; @@ -27,10 +29,16 @@ let encoding = "utf8"; pool = cfg.databasePool; } // cfg.extraDatabaseConfig; - in if lib.versionAtLeast (lib.getVersion cfg.packages.gitlab) "15.0" then { - production.main = val; - } else { - production = val; + in { + production = ( + if (gitlabVersionAtLeast "15.0") + then { main = val; } + else val + ) // lib.optionalAttrs (gitlabVersionAtLeast "15.9") { + ci = val // { + database_tasks = false; + }; + }; }; # We only want to create a database if we're actually going to connect to it. @@ -253,7 +261,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable the gitlab service. ''; }; @@ -273,7 +281,7 @@ in { statePath = mkOption { type = types.str; default = "/var/gitlab/state"; - description = lib.mdDoc '' + description = '' GitLab state directory. Configuration, repositories and logs, among other things, are stored here. @@ -287,7 +295,7 @@ in { extraEnv = mkOption { type = types.attrsOf types.str; default = {}; - description = lib.mdDoc '' + description = '' Additional environment variables for the GitLab environment. ''; }; @@ -296,7 +304,7 @@ in { type = with types; either str (listOf str); default = []; example = "03:00"; - description = lib.mdDoc '' + description = '' The time(s) to run automatic backup of GitLab state. Specified in systemd's time format; see {manpage}`systemd.time(7)`. @@ -307,7 +315,7 @@ in { type = types.str; default = cfg.statePath + "/backup"; defaultText = literalExpression ''config.${opt.statePath} + "/backup"''; - description = lib.mdDoc "GitLab path for backups."; + description = "GitLab path for backups."; }; backup.keepTime = mkOption { @@ -315,7 +323,7 @@ in { default = 0; example = 48; apply = x: x * 60 * 60; - description = lib.mdDoc '' + description = '' How long to keep the backups around, in hours. `0` means “keep forever”. ''; @@ -339,7 +347,7 @@ in { default = []; example = [ "artifacts" "lfs" ]; apply = x: if isString x then x else concatStringsSep "," x; - description = lib.mdDoc '' + description = '' Directories to exclude from the backup. The example excludes CI artifacts and LFS objects from the backups. The `tar` option skips the creation of a tar @@ -378,7 +386,7 @@ in { storage_class = "STANDARD"; }; ''; - description = lib.mdDoc '' + description = '' GitLab automatic upload specification. Tells GitLab to upload the backup to a remote location when done. @@ -391,7 +399,7 @@ in { databaseHost = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' GitLab database hostname. An empty string means “use local unix socket connection”. ''; @@ -400,7 +408,7 @@ in { databasePasswordFile = mkOption { type = with types; nullOr path; default = null; - description = lib.mdDoc '' + description = '' File containing the GitLab database user password. This should be a string, not a nix path, since nix paths are @@ -411,7 +419,7 @@ in { databaseCreateLocally = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether a database should be automatically created on the local host. Set this to `false` if you plan on provisioning a local database yourself. This has no effect @@ -422,32 +430,32 @@ in { databaseName = mkOption { type = types.str; default = "gitlab"; - description = lib.mdDoc "GitLab database name."; + description = "GitLab database name."; }; databaseUsername = mkOption { type = types.str; default = "gitlab"; - description = lib.mdDoc "GitLab database user."; + description = "GitLab database user."; }; databasePool = mkOption { type = types.int; default = 5; - description = lib.mdDoc "Database connection pool size."; + description = "Database connection pool size."; }; extraDatabaseConfig = mkOption { type = types.attrs; default = {}; - description = lib.mdDoc "Extra configuration in config/database.yml."; + description = "Extra configuration in config/database.yml."; }; redisUrl = mkOption { type = types.str; default = "unix:/run/gitlab/redis.sock"; example = "redis://localhost:6379/"; - description = lib.mdDoc "Redis URL for all GitLab services."; + description = "Redis URL for all GitLab services."; }; extraGitlabRb = mkOption { @@ -463,7 +471,7 @@ in { } end ''; - description = lib.mdDoc '' + description = '' Extra configuration to be placed in config/extra-gitlab.rb. This can be used to add configuration not otherwise exposed through this module's options. @@ -474,13 +482,13 @@ in { type = types.str; default = config.networking.hostName; defaultText = literalExpression "config.networking.hostName"; - description = lib.mdDoc "GitLab host name. Used e.g. for copy-paste URLs."; + description = "GitLab host name. Used e.g. for copy-paste URLs."; }; port = mkOption { type = types.port; default = 8080; - description = lib.mdDoc '' + description = '' GitLab server port for copy-paste URLs, e.g. 80 or 443 if you're service over https. ''; @@ -489,25 +497,25 @@ in { https = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether gitlab prints URLs with https as scheme."; + description = "Whether gitlab prints URLs with https as scheme."; }; user = mkOption { type = types.str; default = "gitlab"; - description = lib.mdDoc "User to run gitlab and all related services."; + description = "User to run gitlab and all related services."; }; group = mkOption { type = types.str; default = "gitlab"; - description = lib.mdDoc "Group to run gitlab and all related services."; + description = "Group to run gitlab and all related services."; }; initialRootEmail = mkOption { type = types.str; default = "admin@local.host"; - description = lib.mdDoc '' + description = '' Initial email address of the root account if this is a new install. ''; }; @@ -515,7 +523,7 @@ in { initialRootPasswordFile = mkOption { type = with types; nullOr path; default = null; - description = lib.mdDoc '' + description = '' File containing the initial password of the root account if this is a new install. @@ -528,7 +536,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable GitLab container registry."; + description = "Enable GitLab container registry."; }; package = mkOption { type = types.package; @@ -537,7 +545,7 @@ in { then pkgs.gitlab-container-registry else pkgs.docker-distribution; defaultText = literalExpression "pkgs.docker-distribution"; - description = lib.mdDoc '' + description = '' Container registry package to use. External container registries such as `pkgs.docker-distribution` are not supported @@ -548,45 +556,45 @@ in { type = types.str; default = config.services.gitlab.host; defaultText = literalExpression "config.services.gitlab.host"; - description = lib.mdDoc "GitLab container registry host name."; + description = "GitLab container registry host name."; }; port = mkOption { type = types.port; default = 4567; - description = lib.mdDoc "GitLab container registry port."; + description = "GitLab container registry port."; }; certFile = mkOption { type = types.path; - description = lib.mdDoc "Path to GitLab container registry certificate."; + description = "Path to GitLab container registry certificate."; }; keyFile = mkOption { type = types.path; - description = lib.mdDoc "Path to GitLab container registry certificate-key."; + description = "Path to GitLab container registry certificate-key."; }; defaultForProjects = mkOption { type = types.bool; default = cfg.registry.enable; defaultText = literalExpression "config.${opt.registry.enable}"; - description = lib.mdDoc "If GitLab container registry should be enabled by default for projects."; + description = "If GitLab container registry should be enabled by default for projects."; }; issuer = mkOption { type = types.str; default = "gitlab-issuer"; - description = lib.mdDoc "GitLab container registry issuer."; + description = "GitLab container registry issuer."; }; serviceName = mkOption { type = types.str; default = "container_registry"; - description = lib.mdDoc "GitLab container registry service name."; + description = "GitLab container registry service name."; }; externalAddress = mkOption { type = types.str; default = ""; - description = lib.mdDoc "External address used to access registry from the internet"; + description = "External address used to access registry from the internet"; }; externalPort = mkOption { type = types.int; - description = lib.mdDoc "External port used to access registry from the internet"; + description = "External port used to access registry from the internet"; }; }; @@ -594,31 +602,31 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable gitlab mail delivery over SMTP."; + description = "Enable gitlab mail delivery over SMTP."; }; address = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc "Address of the SMTP server for GitLab."; + description = "Address of the SMTP server for GitLab."; }; port = mkOption { type = types.port; default = 25; - description = lib.mdDoc "Port of the SMTP server for GitLab."; + description = "Port of the SMTP server for GitLab."; }; username = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc "Username of the SMTP server for GitLab."; + description = "Username of the SMTP server for GitLab."; }; passwordFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' File containing the password of the SMTP server for GitLab. This should be a string, not a nix path, since nix paths @@ -629,35 +637,35 @@ in { domain = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc "HELO domain to use for outgoing mail."; + description = "HELO domain to use for outgoing mail."; }; authentication = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc "Authentication type to use, see http://api.rubyonrails.org/classes/ActionMailer/Base.html"; + description = "Authentication type to use, see http://api.rubyonrails.org/classes/ActionMailer/Base.html"; }; enableStartTLSAuto = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to try to use StartTLS."; + description = "Whether to try to use StartTLS."; }; tls = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to use TLS wrapper-mode."; + description = "Whether to use TLS wrapper-mode."; }; opensslVerifyMode = mkOption { type = types.str; default = "peer"; - description = lib.mdDoc "How OpenSSL checks the certificate, see http://api.rubyonrails.org/classes/ActionMailer/Base.html"; + description = "How OpenSSL checks the certificate, see http://api.rubyonrails.org/classes/ActionMailer/Base.html"; }; }; - pages.enable = mkEnableOption (lib.mdDoc "the GitLab Pages service"); + pages.enable = mkEnableOption "the GitLab Pages service"; pages.settings = mkOption { example = literalExpression '' @@ -671,7 +679,7 @@ in { } ''; - description = lib.mdDoc '' + description = '' Configuration options to set in the GitLab Pages config file. @@ -693,7 +701,7 @@ in { type = with types; listOf str; apply = x: if x == [] then null else lib.concatStringsSep "," x; default = []; - description = lib.mdDoc '' + description = '' The address(es) to listen on for HTTP requests. ''; }; @@ -702,7 +710,7 @@ in { type = with types; listOf str; apply = x: if x == [] then null else lib.concatStringsSep "," x; default = []; - description = lib.mdDoc '' + description = '' The address(es) to listen on for HTTPS requests. ''; }; @@ -711,7 +719,7 @@ in { type = with types; listOf str; apply = x: if x == [] then null else lib.concatStringsSep "," x; default = [ "127.0.0.1:8090" ]; - description = lib.mdDoc '' + description = '' The address(es) to listen on for proxy requests. ''; }; @@ -721,7 +729,7 @@ in { default = "http${optionalString cfg.https "s"}://${cfg.host}/api/v4"; defaultText = "http(s)://<services.gitlab.host>/api/v4"; example = "https://gitlab.example.com/api/v4"; - description = lib.mdDoc '' + description = '' API URL to proxy artifact requests to. ''; }; @@ -731,7 +739,7 @@ in { default = "http${optionalString cfg.https "s"}://${cfg.host}"; defaultText = "http(s)://<services.gitlab.host>"; example = "https://gitlab.example.com"; - description = lib.mdDoc '' + description = '' Public GitLab server URL. ''; }; @@ -741,7 +749,7 @@ in { default = null; defaultText = "http(s)://<services.gitlab.host>"; example = "https://gitlab.example.internal"; - description = lib.mdDoc '' + description = '' Internal GitLab server used for API requests, useful if you want to send that traffic over an internal load balancer. By default, the value of @@ -754,7 +762,7 @@ in { type = with types; nullOr str; default = "${cfg.statePath}/gitlab_pages_secret"; internal = true; - description = lib.mdDoc '' + description = '' File with secret key used to authenticate with the GitLab API. ''; @@ -763,7 +771,7 @@ in { pages-domain = mkOption { type = with types; nullOr str; example = "example.com"; - description = lib.mdDoc '' + description = '' The domain to serve static pages on. ''; }; @@ -772,7 +780,7 @@ in { type = types.str; default = "${gitlabConfig.production.shared.path}/pages"; defaultText = literalExpression ''config.${opt.extraConfig}.production.shared.path + "/pages"''; - description = lib.mdDoc '' + description = '' The directory where pages are stored. ''; }; @@ -783,7 +791,7 @@ in { secrets.secretFile = mkOption { type = with types; nullOr path; default = null; - description = lib.mdDoc '' + description = '' A file containing the secret used to encrypt variables in the DB. If you change or lose this key you will be unable to access variables stored in database. @@ -799,7 +807,7 @@ in { secrets.dbFile = mkOption { type = with types; nullOr path; default = null; - description = lib.mdDoc '' + description = '' A file containing the secret used to encrypt variables in the DB. If you change or lose this key you will be unable to access variables stored in database. @@ -815,7 +823,7 @@ in { secrets.otpFile = mkOption { type = with types; nullOr path; default = null; - description = lib.mdDoc '' + description = '' A file containing the secret used to encrypt secrets for OTP tokens. If you change or lose this key, users which have 2FA enabled for login won't be able to login anymore. @@ -831,7 +839,7 @@ in { secrets.jwsFile = mkOption { type = with types; nullOr path; default = null; - description = lib.mdDoc '' + description = '' A file containing the secret used to encrypt session keys. If you change or lose this key, users will be disconnected. @@ -849,14 +857,14 @@ in { extraShellConfig = mkOption { type = types.attrs; default = {}; - description = lib.mdDoc "Extra configuration to merge into shell-config.yml"; + description = "Extra configuration to merge into shell-config.yml"; }; puma.workers = mkOption { type = types.int; default = 2; apply = x: builtins.toString x; - description = lib.mdDoc '' + description = '' The number of worker processes Puma should spawn. This controls the amount of parallel Ruby code can be executed. GitLab recommends `Number of CPU cores - 1`, but at least two. @@ -872,7 +880,7 @@ in { type = types.int; default = 0; apply = x: builtins.toString x; - description = lib.mdDoc '' + description = '' The minimum number of threads Puma should use per worker. @@ -887,7 +895,7 @@ in { type = types.int; default = 4; apply = x: builtins.toString x; - description = lib.mdDoc '' + description = '' The maximum number of threads Puma should use per worker. This limits how many threads Puma will automatically spawn in response to requests. In contrast to workers, @@ -901,10 +909,20 @@ in { ''; }; + sidekiq.concurrency = mkOption { + type = with types; nullOr int; + default = null; + description = '' + How many processor threads to use for processing sidekiq background job queues. When null, the GitLab default is used. + + See <https://docs.gitlab.com/ee/administration/sidekiq/extra_sidekiq_processes.html#manage-thread-counts-explicitly> for details. + ''; + }; + sidekiq.memoryKiller.enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether the Sidekiq MemoryKiller should be turned on. MemoryKiller kills Sidekiq when its memory consumption exceeds a certain limit. @@ -918,7 +936,7 @@ in { type = types.int; default = 2000; apply = x: builtins.toString (x * 1024); - description = lib.mdDoc '' + description = '' The maximum amount of memory, in MiB, a Sidekiq worker is allowed to consume before being killed. ''; @@ -928,7 +946,7 @@ in { type = types.int; default = 900; apply = x: builtins.toString x; - description = lib.mdDoc '' + description = '' The time MemoryKiller waits after noticing excessive memory consumption before killing Sidekiq. ''; @@ -938,7 +956,7 @@ in { type = types.int; default = 30; apply = x: builtins.toString x; - description = lib.mdDoc '' + description = '' The time allowed for all jobs to finish before Sidekiq is killed forcefully. ''; @@ -948,7 +966,7 @@ in { enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Enable rotation of log files. ''; }; @@ -956,13 +974,13 @@ in { frequency = mkOption { type = types.str; default = "daily"; - description = lib.mdDoc "How often to rotate the logs."; + description = "How often to rotate the logs."; }; keep = mkOption { type = types.int; default = 30; - description = lib.mdDoc "How many rotations to keep."; + description = "How many rotations to keep."; }; }; @@ -978,7 +996,7 @@ in { }; }; ''; - description = lib.mdDoc '' + description = '' Configuration options to add to Workhorse's configuration file. @@ -1037,7 +1055,7 @@ in { }; }; ''; - description = lib.mdDoc '' + description = '' Extra options to be added under `production` in {file}`config/gitlab.yml`, as a nix attribute @@ -1158,7 +1176,7 @@ in { set -eu PSQL() { - psql --port=${toString pgsql.port} "$@" + psql --port=${toString pgsql.settings.port} "$@" } PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = '${cfg.databaseName}'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "${cfg.databaseName}" OWNER "${cfg.databaseUsername}"' @@ -1338,7 +1356,7 @@ in { rm -f '${cfg.statePath}/config/database.yml' - ${if cfg.databasePasswordFile != null then '' + ${lib.optionalString (cfg.databasePasswordFile != null) '' db_password="$(<'${cfg.databasePasswordFile}')" export db_password @@ -1346,16 +1364,24 @@ in { >&2 echo "Database password was an empty string!" exit 1 fi + ''} - jq <${pkgs.writeText "database.yml" (builtins.toJSON databaseConfig)} \ - '.${if lib.versionAtLeast (lib.getVersion cfg.packages.gitlab) "15.0" then "production.main" else "production"}.password = $ENV.db_password' \ - >'${cfg.statePath}/config/database.yml' - '' - else '' - jq <${pkgs.writeText "database.yml" (builtins.toJSON databaseConfig)} \ - >'${cfg.statePath}/config/database.yml' - '' - } + # GitLab expects the `production.main` section to be the first entry in the file. + jq <${pkgs.writeText "database.yml" (builtins.toJSON databaseConfig)} '{ + production: [ + ${lib.optionalString (cfg.databasePasswordFile != null) ( + builtins.concatStringsSep "\n " ( + [ ".production${lib.optionalString (gitlabVersionAtLeast "15.0") ".main"}.password = $ENV.db_password" ] + ++ lib.optional (gitlabVersionAtLeast "15.9") "| .production.ci.password = $ENV.db_password" + ++ [ "|" ] + ) + )} .production + | to_entries[] + ] + | sort_by(.key) + | reverse + | from_entries + }' >'${cfg.statePath}/config/database.yml' ${utils.genJqSecretsReplacementSnippet gitlabConfig @@ -1454,12 +1480,17 @@ in { TimeoutSec = "infinity"; Restart = "always"; WorkingDirectory = "${cfg.packages.gitlab}/share/gitlab"; - ExecStart = utils.escapeSystemdExecArgs [ - "${cfg.packages.gitlab}/share/gitlab/bin/sidekiq-cluster" - "-e" "production" - "-r" "." - "*" # all queue groups - ]; + ExecStart = utils.escapeSystemdExecArgs ( + [ + "${cfg.packages.gitlab}/share/gitlab/bin/sidekiq-cluster" + "*" # all queue groups + ] ++ lib.optionals (cfg.sidekiq.concurrency != null) [ + "--concurrency" (toString cfg.sidekiq.concurrency) + ] ++ [ + "--environment" "production" + "--require" "." + ] + ); }; }; @@ -1578,7 +1609,9 @@ in { rm "${cfg.statePath}/config/gitlab-workhorse.json" ''; ExecStart = - "${cfg.packages.gitlab-workhorse}/bin/workhorse " + "${cfg.packages.gitlab-workhorse}/bin/${ + optionalString (lib.versionAtLeast (lib.getVersion cfg.packages.gitlab-workhorse) "16.10") "gitlab-" + }workhorse " + "-listenUmask 0 " + "-listenNetwork unix " + "-listenAddr /run/gitlab/gitlab-workhorse.socket " diff --git a/nixpkgs/nixos/modules/services/misc/gitolite.nix b/nixpkgs/nixos/modules/services/misc/gitolite.nix index 012abda2d76f..89f72c046755 100644 --- a/nixpkgs/nixos/modules/services/misc/gitolite.nix +++ b/nixpkgs/nixos/modules/services/misc/gitolite.nix @@ -14,7 +14,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable gitolite management under the `gitolite` user. After switching to a configuration with Gitolite enabled, you can @@ -25,7 +25,7 @@ in dataDir = mkOption { type = types.str; default = "/var/lib/gitolite"; - description = lib.mdDoc '' + description = '' The gitolite home directory used to store all repositories. If left as the default value this directory will automatically be created before the gitolite server starts, otherwise the sysadmin is responsible for ensuring the directory exists with appropriate ownership @@ -35,7 +35,7 @@ in adminPubkey = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Initial administrative public key for Gitolite. This should be an SSH Public Key. Note that this key will only be used once, upon the first initialization of the Gitolite user. @@ -46,7 +46,7 @@ in enableGitAnnex = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable git-annex support. Uses the `extraGitoliteRc` option to apply the necessary configuration. ''; @@ -55,7 +55,7 @@ in commonHooks = mkOption { type = types.listOf types.path; default = []; - description = lib.mdDoc '' + description = '' A list of custom git hooks that get copied to `~/.gitolite/hooks/common`. ''; }; @@ -71,7 +71,7 @@ in @{$RC{ENABLE}} = grep { $_ ne 'desc' } @{$RC{ENABLE}}; # disable the command/feature ''' ''; - description = lib.mdDoc '' + description = '' Extra configuration to append to the default `~/.gitolite.rc`. This should be Perl code that modifies the `%RC` @@ -96,7 +96,7 @@ in user = mkOption { type = types.str; default = "gitolite"; - description = lib.mdDoc '' + description = '' Gitolite user account. This is the username of the gitolite endpoint. ''; }; @@ -104,7 +104,7 @@ in description = mkOption { type = types.str; default = "Gitolite user"; - description = lib.mdDoc '' + description = '' Gitolite user account's description. ''; }; @@ -112,7 +112,7 @@ in group = mkOption { type = types.str; default = "gitolite"; - description = lib.mdDoc '' + description = '' Primary group of the Gitolite user account. ''; }; diff --git a/nixpkgs/nixos/modules/services/misc/gitweb.nix b/nixpkgs/nixos/modules/services/misc/gitweb.nix index aac0dac8a080..ec08ab51a457 100644 --- a/nixpkgs/nixos/modules/services/misc/gitweb.nix +++ b/nixpkgs/nixos/modules/services/misc/gitweb.nix @@ -13,7 +13,7 @@ in projectroot = mkOption { default = "/srv/git"; type = types.path; - description = lib.mdDoc '' + description = '' Path to git projects (bare repositories) that should be served by gitweb. Must not end with a slash. ''; @@ -22,7 +22,7 @@ in extraConfig = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Verbatim configuration text appended to the generated gitweb.conf file. ''; example = '' @@ -35,7 +35,7 @@ in gitwebTheme = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Use an alternative theme for gitweb, strongly inspired by GitHub. ''; }; diff --git a/nixpkgs/nixos/modules/services/misc/gogs.nix b/nixpkgs/nixos/modules/services/misc/gogs.nix index 9bf7e4aab814..e4e23d597237 100644 --- a/nixpkgs/nixos/modules/services/misc/gogs.nix +++ b/nixpkgs/nixos/modules/services/misc/gogs.nix @@ -48,31 +48,31 @@ in enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc "Enable Go Git Service."; + description = "Enable Go Git Service."; }; useWizard = mkOption { default = false; type = types.bool; - description = lib.mdDoc "Do not generate a configuration and use Gogs' installation wizard instead. The first registered user will be administrator."; + description = "Do not generate a configuration and use Gogs' installation wizard instead. The first registered user will be administrator."; }; stateDir = mkOption { default = "/var/lib/gogs"; type = types.str; - description = lib.mdDoc "Gogs data directory."; + description = "Gogs data directory."; }; user = mkOption { type = types.str; default = "gogs"; - description = lib.mdDoc "User account under which Gogs runs."; + description = "User account under which Gogs runs."; }; group = mkOption { type = types.str; default = "gogs"; - description = lib.mdDoc "Group account under which Gogs runs."; + description = "Group account under which Gogs runs."; }; database = { @@ -80,37 +80,37 @@ in type = types.enum [ "sqlite3" "mysql" "postgres" ]; example = "mysql"; default = "sqlite3"; - description = lib.mdDoc "Database engine to use."; + description = "Database engine to use."; }; host = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc "Database host address."; + description = "Database host address."; }; port = mkOption { type = types.port; default = 3306; - description = lib.mdDoc "Database host port."; + description = "Database host port."; }; name = mkOption { type = types.str; default = "gogs"; - description = lib.mdDoc "Database name."; + description = "Database name."; }; user = mkOption { type = types.str; default = "gogs"; - description = lib.mdDoc "Database user."; + description = "Database user."; }; password = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' The password corresponding to {option}`database.user`. Warning: this is stored in cleartext in the Nix store! Use {option}`database.passwordFile` instead. @@ -121,7 +121,7 @@ in type = types.nullOr types.path; default = null; example = "/run/keys/gogs-dbpassword"; - description = lib.mdDoc '' + description = '' A file containing the password corresponding to {option}`database.user`. ''; @@ -131,51 +131,51 @@ in type = types.str; default = "${cfg.stateDir}/data/gogs.db"; defaultText = literalExpression ''"''${config.${opt.stateDir}}/data/gogs.db"''; - description = lib.mdDoc "Path to the sqlite3 database file."; + description = "Path to the sqlite3 database file."; }; }; appName = mkOption { type = types.str; default = "Gogs: Go Git Service"; - description = lib.mdDoc "Application name."; + description = "Application name."; }; repositoryRoot = mkOption { type = types.str; default = "${cfg.stateDir}/repositories"; defaultText = literalExpression ''"''${config.${opt.stateDir}}/repositories"''; - description = lib.mdDoc "Path to the git repositories."; + description = "Path to the git repositories."; }; domain = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc "Domain name of your server."; + description = "Domain name of your server."; }; rootUrl = mkOption { type = types.str; default = "http://localhost:3000/"; - description = lib.mdDoc "Full public URL of Gogs server."; + description = "Full public URL of Gogs server."; }; httpAddress = mkOption { type = types.str; default = "0.0.0.0"; - description = lib.mdDoc "HTTP listen address."; + description = "HTTP listen address."; }; httpPort = mkOption { type = types.port; default = 3000; - description = lib.mdDoc "HTTP listen port."; + description = "HTTP listen port."; }; cookieSecure = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Marks session cookies as "secure" as a hint for browsers to only send them via HTTPS. This option is recommend, if Gogs is being served over HTTPS. ''; @@ -184,7 +184,7 @@ in extraConfig = mkOption { type = types.str; default = ""; - description = lib.mdDoc "Configuration lines appended to the generated Gogs configuration file."; + description = "Configuration lines appended to the generated Gogs configuration file."; }; }; }; @@ -217,7 +217,6 @@ in sed -e "s,#secretkey#,$KEY,g" \ -e "s,#dbpass#,$DBPASS,g" \ -i ${runConfig} - chmod 440 ${runConfig} ${secretKey} ''} mkdir -p ${cfg.repositoryRoot} @@ -239,6 +238,7 @@ in WorkingDirectory = cfg.stateDir; ExecStart = "${pkgs.gogs}/bin/gogs web"; Restart = "always"; + UMask = "0027"; }; environment = { diff --git a/nixpkgs/nixos/modules/services/misc/gollum.nix b/nixpkgs/nixos/modules/services/misc/gollum.nix index e31eeaf8a30a..3966ef036bec 100644 --- a/nixpkgs/nixos/modules/services/misc/gollum.nix +++ b/nixpkgs/nixos/modules/services/misc/gollum.nix @@ -8,79 +8,79 @@ in { options.services.gollum = { - enable = mkEnableOption (lib.mdDoc "Gollum service"); + enable = mkEnableOption "Gollum, a git-powered wiki service"; address = mkOption { type = types.str; default = "0.0.0.0"; - description = lib.mdDoc "IP address on which the web server will listen."; + description = "IP address on which the web server will listen."; }; port = mkOption { type = types.port; default = 4567; - description = lib.mdDoc "Port on which the web server will run."; + description = "Port on which the web server will run."; }; extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Content of the configuration file"; + description = "Content of the configuration file"; }; mathjax = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable support for math rendering using MathJax"; + description = "Enable support for math rendering using MathJax"; }; allowUploads = mkOption { type = types.nullOr (types.enum [ "dir" "page" ]); default = null; - description = lib.mdDoc "Enable uploads of external files"; + description = "Enable uploads of external files"; }; user-icons = mkOption { type = types.nullOr (types.enum [ "gravatar" "identicon" ]); default = null; - description = lib.mdDoc "Enable specific user icons for history view"; + description = "Enable specific user icons for history view"; }; emoji = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Parse and interpret emoji tags"; + description = "Parse and interpret emoji tags"; }; h1-title = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Use the first h1 as page title"; + description = "Use the first h1 as page title"; }; no-edit = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Disable editing pages"; + description = "Disable editing pages"; }; local-time = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Use the browser's local timezone instead of the server's for displaying dates."; + description = "Use the browser's local timezone instead of the server's for displaying dates."; }; branch = mkOption { type = types.str; default = "master"; example = "develop"; - description = lib.mdDoc "Git branch to serve"; + description = "Git branch to serve"; }; stateDir = mkOption { type = types.path; default = "/var/lib/gollum"; - description = lib.mdDoc "Specifies the path of the repository directory. If it does not exist, Gollum will create it on startup."; + description = "Specifies the path of the repository directory. If it does not exist, Gollum will create it on startup."; }; package = mkPackageOption pkgs "gollum" { }; @@ -88,13 +88,13 @@ in user = mkOption { type = types.str; default = "gollum"; - description = lib.mdDoc "Specifies the owner of the wiki directory"; + description = "Specifies the owner of the wiki directory"; }; group = mkOption { type = types.str; default = "gollum"; - description = lib.mdDoc "Specifies the owner group of the wiki directory"; + description = "Specifies the owner group of the wiki directory"; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/gpsd.nix b/nixpkgs/nixos/modules/services/misc/gpsd.nix index 5d2e806181df..6f7aec0784a0 100644 --- a/nixpkgs/nixos/modules/services/misc/gpsd.nix +++ b/nixpkgs/nixos/modules/services/misc/gpsd.nix @@ -24,7 +24,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable `gpsd`, a GPS service daemon. ''; }; @@ -32,7 +32,7 @@ in { devices = mkOption { type = types.listOf types.str; default = [ "/dev/ttyUSB0" ]; - description = lib.mdDoc '' + description = '' List of devices that `gpsd` should subscribe to. A device may be a local serial device for GPS input, or a @@ -46,7 +46,7 @@ in { readonly = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable the broken-device-safety, otherwise known as read-only mode. Some popular bluetooth and USB receivers lock up or become totally inaccessible when @@ -63,7 +63,7 @@ in { nowait = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' don't wait for client connects to poll GPS ''; }; @@ -71,7 +71,7 @@ in { port = mkOption { type = types.port; default = 2947; - description = lib.mdDoc '' + description = '' The port where to listen for TCP connections. ''; }; @@ -79,7 +79,7 @@ in { debugLevel = mkOption { type = types.int; default = 0; - description = lib.mdDoc '' + description = '' The debugging level. ''; }; @@ -87,7 +87,7 @@ in { listenany = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Listen on all addresses rather than just loopback. ''; }; @@ -96,7 +96,7 @@ in { type = types.listOf types.str; default = [ ]; example = [ "-r" "-s" "19200" ]; - description = lib.mdDoc '' + description = '' A list of extra command line arguments to pass to gpsd. Check gpsd(8) mangpage for possible arguments. ''; diff --git a/nixpkgs/nixos/modules/services/misc/graphical-desktop.nix b/nixpkgs/nixos/modules/services/misc/graphical-desktop.nix new file mode 100644 index 000000000000..a88c02e610bf --- /dev/null +++ b/nixpkgs/nixos/modules/services/misc/graphical-desktop.nix @@ -0,0 +1,54 @@ +{ + config, + lib, + pkgs, + ... +}: +let + xcfg = config.services.xserver; + dmcfg = config.services.displayManager; +in +{ + config = lib.mkIf (xcfg.enable || dmcfg.enable) { + # The default max inotify watches is 8192. + # Nowadays most apps require a good number of inotify watches, + # the value below is used by default on several other distros. + boot.kernel.sysctl = { + "fs.inotify.max_user_instances" = lib.mkDefault 524288; + "fs.inotify.max_user_watches" = lib.mkDefault 524288; + }; + + environment = { + # localectl looks into 00-keyboard.conf + etc."X11/xorg.conf.d/00-keyboard.conf".text = '' + Section "InputClass" + Identifier "Keyboard catchall" + MatchIsKeyboard "on" + Option "XkbModel" "${xcfg.xkb.model}" + Option "XkbLayout" "${xcfg.xkb.layout}" + Option "XkbOptions" "${xcfg.xkb.options}" + Option "XkbVariant" "${xcfg.xkb.variant}" + EndSection + ''; + systemPackages = with pkgs; [ + nixos-icons # needed for gnome and pantheon about dialog, nixos-manual and maybe more + xdg-utils + ]; + }; + + fonts.enableDefaultPackages = lib.mkDefault true; + + hardware.opengl.enable = lib.mkDefault true; + + programs.gnupg.agent.pinentryPackage = lib.mkOverride 1100 pkgs.pinentry-gnome3; + + systemd.defaultUnit = lib.mkIf (xcfg.autorun || dmcfg.enable) "graphical.target"; + + xdg = { + autostart.enable = true; + menus.enable = true; + mime.enable = true; + icons.enable = true; + }; + }; +} diff --git a/nixpkgs/nixos/modules/services/misc/greenclip.nix b/nixpkgs/nixos/modules/services/misc/greenclip.nix index ecfb864ab2b7..d92cd1854877 100644 --- a/nixpkgs/nixos/modules/services/misc/greenclip.nix +++ b/nixpkgs/nixos/modules/services/misc/greenclip.nix @@ -7,7 +7,7 @@ let in { options.services.greenclip = { - enable = mkEnableOption (lib.mdDoc "Greenclip daemon"); + enable = mkEnableOption "Greenclip, a clipboard manager"; package = mkPackageOption pkgs [ "haskellPackages" "greenclip" ] { }; }; @@ -18,7 +18,10 @@ in { description = "greenclip daemon"; wantedBy = [ "graphical-session.target" ]; after = [ "graphical-session.target" ]; - serviceConfig.ExecStart = "${cfg.package}/bin/greenclip daemon"; + serviceConfig = { + ExecStart = "${cfg.package}/bin/greenclip daemon"; + Restart = "always"; + }; }; environment.systemPackages = [ cfg.package ]; diff --git a/nixpkgs/nixos/modules/services/misc/headphones.nix b/nixpkgs/nixos/modules/services/misc/headphones.nix index 472b330fff15..31bd61cb4c20 100644 --- a/nixpkgs/nixos/modules/services/misc/headphones.nix +++ b/nixpkgs/nixos/modules/services/misc/headphones.nix @@ -20,38 +20,38 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the headphones server."; + description = "Whether to enable the headphones server."; }; dataDir = mkOption { type = types.path; default = "/var/lib/${name}"; - description = lib.mdDoc "Path where to store data files."; + description = "Path where to store data files."; }; configFile = mkOption { type = types.path; default = "${cfg.dataDir}/config.ini"; defaultText = literalExpression ''"''${config.${opt.dataDir}}/config.ini"''; - description = lib.mdDoc "Path to config file."; + description = "Path to config file."; }; host = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc "Host to listen on."; + description = "Host to listen on."; }; port = mkOption { type = types.ints.u16; default = 8181; - description = lib.mdDoc "Port to bind to."; + description = "Port to bind to."; }; user = mkOption { type = types.str; default = name; - description = lib.mdDoc "User to run the service as"; + description = "User to run the service as"; }; group = mkOption { type = types.str; default = name; - description = lib.mdDoc "Group to run the service as"; + description = "Group to run the service as"; }; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/heisenbridge.nix b/nixpkgs/nixos/modules/services/misc/heisenbridge.nix index d7ce9c605c9e..de109e726633 100644 --- a/nixpkgs/nixos/modules/services/misc/heisenbridge.nix +++ b/nixpkgs/nixos/modules/services/misc/heisenbridge.nix @@ -23,19 +23,19 @@ let in { options.services.heisenbridge = { - enable = mkEnableOption (lib.mdDoc "the Matrix to IRC bridge"); + enable = mkEnableOption "the Matrix to IRC bridge"; package = mkPackageOption pkgs "heisenbridge" { }; homeserver = mkOption { type = types.str; - description = lib.mdDoc "The URL to the home server for client-server API calls"; + description = "The URL to the home server for client-server API calls"; example = "http://localhost:8008"; }; registrationUrl = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The URL where the application service is listening for HS requests, from the Matrix HS perspective.# The default value assumes the bridge runs on the same host as the home server, in the same network. ''; @@ -46,26 +46,26 @@ in address = mkOption { type = types.str; - description = lib.mdDoc "Address to listen on. IPv6 does not seem to be supported."; + description = "Address to listen on. IPv6 does not seem to be supported."; default = "127.0.0.1"; example = "0.0.0.0"; }; port = mkOption { type = types.port; - description = lib.mdDoc "The port to listen on"; + description = "The port to listen on"; default = 9898; }; debug = mkOption { type = types.bool; - description = lib.mdDoc "More verbose logging. Recommended during initial setup."; + description = "More verbose logging. Recommended during initial setup."; default = false; }; owner = mkOption { type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' Set owner MXID otherwise first talking local user will claim the bridge ''; default = null; @@ -73,7 +73,7 @@ in }; namespaces = mkOption { - description = lib.mdDoc "Configure the 'namespaces' section of the registration.yml for the bridge and the server"; + description = "Configure the 'namespaces' section of the registration.yml for the bridge and the server"; # TODO link to Matrix documentation of the format type = types.submodule { freeformType = jsonType; @@ -91,16 +91,16 @@ in }; }; - identd.enable = mkEnableOption (lib.mdDoc "identd service support"); + identd.enable = mkEnableOption "identd service support"; identd.port = mkOption { type = types.port; - description = lib.mdDoc "identd listen port"; + description = "identd listen port"; default = 113; }; extraArgs = mkOption { type = types.listOf types.str; - description = lib.mdDoc "Heisenbridge is configured over the command line. Append extra arguments here"; + description = "Heisenbridge is configured over the command line. Append extra arguments here"; default = [ ]; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/homepage-dashboard.nix b/nixpkgs/nixos/modules/services/misc/homepage-dashboard.nix index 02f1378cb0d5..29fda16aa66f 100644 --- a/nixpkgs/nixos/modules/services/misc/homepage-dashboard.nix +++ b/nixpkgs/nixos/modules/services/misc/homepage-dashboard.nix @@ -12,20 +12,20 @@ in { options = { services.homepage-dashboard = { - enable = lib.mkEnableOption (lib.mdDoc "Homepage Dashboard"); + enable = lib.mkEnableOption "Homepage Dashboard, a highly customizable application dashboard"; package = lib.mkPackageOption pkgs "homepage-dashboard" { }; openFirewall = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc "Open ports in the firewall for Homepage."; + description = "Open ports in the firewall for Homepage."; }; listenPort = lib.mkOption { type = lib.types.int; default = 8082; - description = lib.mdDoc "Port for Homepage to bind to."; + description = "Port for Homepage to bind to."; }; environmentFile = lib.mkOption { @@ -44,7 +44,7 @@ in customCSS = lib.mkOption { type = lib.types.lines; - description = lib.mdDoc '' + description = '' Custom CSS for styling Homepage. See https://gethomepage.dev/latest/configs/custom-css-js/. @@ -54,7 +54,7 @@ in customJS = lib.mkOption { type = lib.types.lines; - description = lib.mdDoc '' + description = '' Custom Javascript for Homepage. See https://gethomepage.dev/latest/configs/custom-css-js/. @@ -64,7 +64,7 @@ in bookmarks = lib.mkOption { inherit (settingsFormat) type; - description = lib.mdDoc '' + description = '' Homepage bookmarks configuration. See https://gethomepage.dev/latest/configs/bookmarks/. @@ -87,7 +87,7 @@ in services = lib.mkOption { inherit (settingsFormat) type; - description = lib.mdDoc '' + description = '' Homepage services configuration. See https://gethomepage.dev/latest/configs/services/. @@ -120,7 +120,7 @@ in widgets = lib.mkOption { inherit (settingsFormat) type; - description = lib.mdDoc '' + description = '' Homepage widgets configuration. See https://gethomepage.dev/latest/configs/service-widgets/. @@ -146,7 +146,7 @@ in kubernetes = lib.mkOption { inherit (settingsFormat) type; - description = lib.mdDoc '' + description = '' Homepage kubernetes configuration. See https://gethomepage.dev/latest/configs/kubernetes/. @@ -156,7 +156,7 @@ in docker = lib.mkOption { inherit (settingsFormat) type; - description = lib.mdDoc '' + description = '' Homepage docker configuration. See https://gethomepage.dev/latest/configs/docker/. @@ -166,7 +166,7 @@ in settings = lib.mkOption { inherit (settingsFormat) type; - description = lib.mdDoc '' + description = '' Homepage settings. See https://gethomepage.dev/latest/configs/settings/. diff --git a/nixpkgs/nixos/modules/services/misc/ihaskell.nix b/nixpkgs/nixos/modules/services/misc/ihaskell.nix index 4782053c4fb8..186ff7345ab3 100644 --- a/nixpkgs/nixos/modules/services/misc/ihaskell.nix +++ b/nixpkgs/nixos/modules/services/misc/ihaskell.nix @@ -17,7 +17,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Autostart an IHaskell notebook service."; + description = "Autostart an IHaskell notebook service."; }; extraPackages = mkOption { @@ -30,7 +30,7 @@ in haskellPackages.lens ] ''; - description = lib.mdDoc '' + description = '' Extra packages available to ghc when running ihaskell. The value must be a function which receives the attrset defined in {var}`haskellPackages` as the sole argument. diff --git a/nixpkgs/nixos/modules/services/misc/input-remapper.nix b/nixpkgs/nixos/modules/services/misc/input-remapper.nix index 5b9f16e019d8..94c2ece52f98 100644 --- a/nixpkgs/nixos/modules/services/misc/input-remapper.nix +++ b/nixpkgs/nixos/modules/services/misc/input-remapper.nix @@ -6,14 +6,14 @@ let cfg = config.services.input-remapper; in { options = { services.input-remapper = { - enable = mkEnableOption (lib.mdDoc "input-remapper, an easy to use tool to change the mapping of your input device buttons"); + enable = mkEnableOption "input-remapper, an easy to use tool to change the mapping of your input device buttons"; package = mkPackageOption pkgs "input-remapper" { }; - enableUdevRules = mkEnableOption (lib.mdDoc "udev rules added by input-remapper to handle hotplugged devices. Currently disabled by default due to https://github.com/sezanzeb/input-remapper/issues/140"); + enableUdevRules = mkEnableOption "udev rules added by input-remapper to handle hotplugged devices. Currently disabled by default due to https://github.com/sezanzeb/input-remapper/issues/140"; serviceWantedBy = mkOption { default = [ "graphical.target" ]; example = [ "multi-user.target" ]; type = types.listOf types.str; - description = lib.mdDoc "Specifies the WantedBy setting for the input-remapper service."; + description = "Specifies the WantedBy setting for the input-remapper service."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/invidious-router.nix b/nixpkgs/nixos/modules/services/misc/invidious-router.nix new file mode 100644 index 000000000000..33da7e96b523 --- /dev/null +++ b/nixpkgs/nixos/modules/services/misc/invidious-router.nix @@ -0,0 +1,121 @@ +{ + config, + lib, + pkgs, + ... +}: let + cfg = config.services.invidious-router; + settingsFormat = pkgs.formats.yaml {}; + configFile = settingsFormat.generate "config.yaml" cfg.settings; +in { + meta.maintainers = [lib.maintainers.s1ls]; + + options.services.invidious-router = { + enable = lib.mkEnableOption "Enables the invidious-router service"; + port = lib.mkOption { + type = lib.types.port; + default = 8050; + description = '' + Port to bind to. + ''; + }; + address = lib.mkOption { + type = lib.types.str; + default = "127.0.0.1"; + description = '' + Address on which invidious-router should listen on. + ''; + }; + settings = lib.mkOption { + type = lib.types.submodule { + freeformType = settingsFormat.type; + }; + default = { + app = { + listen = "127.0.0.1:8050"; + enable_youtube_fallback = false; + reload_instance_list_interval = "60s"; + }; + api = { + enabled = true; + url = "https://api.invidious.io/instances.json"; + filter_regions = true; + allowed_regions = [ + "AT" + "DE" + "CH" + ]; + }; + healthcheck = { + path = "/"; + allowed_status_codes = [ + 200 + ]; + timeout = "1s"; + interval = "10s"; + filter_by_response_time = { + enabled = true; + qty_of_top_results = 3; + }; + minimum_ratio = 0.2; + remove_no_ratio = true; + text_not_present = "YouTube is currently trying to block Invidious instances"; + }; + }; + description = '' + Configuration for invidious-router. + Check https://gitlab.com/gaincoder/invidious-router#configuration + for configuration options. + ''; + }; + package = lib.mkOption { + type = lib.types.package; + default = pkgs.invidious-router; + defaultText = lib.literalExpression "pkgs.invidious-router"; + description = '' + The invidious-router package to use. + ''; + }; + nginx = { + enable = lib.mkEnableOption '' + Automatic nginx proxy configuration + ''; + domain = lib.mkOption { + type = lib.types.str; + example = "invidious-router.example.com"; + description = '' + The domain on which invidious-router should be served. + ''; + }; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = []; + description = '' + Additional domains to serve invidious-router on. + ''; + }; + }; + }; + config = lib.mkIf cfg.enable { + systemd.services.invidious-router = { + wantedBy = ["multi-user.target"]; + serviceConfig = { + Restart = "on-failure"; + ExecStart = "${lib.getExe cfg.package} --configfile ${configFile}"; + DynamicUser = "yes"; + }; + }; + + services.nginx.virtualHosts = lib.mkIf cfg.nginx.enable { + ${cfg.nginx.domain} = { + locations."/" = { + recommendedProxySettings = true; + proxyPass = "http://${cfg.address}:${toString cfg.port}"; + }; + enableACME = true; + forceSSL = true; + serverAliases = cfg.nginx.extraDomains; + }; + }; + }; +} diff --git a/nixpkgs/nixos/modules/services/misc/irkerd.nix b/nixpkgs/nixos/modules/services/misc/irkerd.nix index d080cc0a7358..993d77ba424c 100644 --- a/nixpkgs/nixos/modules/services/misc/irkerd.nix +++ b/nixpkgs/nixos/modules/services/misc/irkerd.nix @@ -9,13 +9,13 @@ in { options.services.irkerd = { enable = mkOption { - description = lib.mdDoc "Whether to enable irker, an IRC notification daemon."; + description = "Whether to enable irker, an IRC notification daemon."; default = false; type = types.bool; }; openPorts = mkOption { - description = lib.mdDoc "Open ports in the firewall for irkerd"; + description = "Open ports in the firewall for irkerd"; default = false; type = types.bool; }; @@ -24,7 +24,7 @@ in default = "localhost"; example = "0.0.0.0"; type = types.str; - description = lib.mdDoc '' + description = '' Specifies the bind address on which the irker daemon listens. The default is localhost. @@ -36,7 +36,7 @@ in nick = mkOption { default = "irker"; type = types.str; - description = lib.mdDoc "Nick to use for irker"; + description = "Nick to use for irker"; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/jackett.nix b/nixpkgs/nixos/modules/services/misc/jackett.nix index c0bb0a575f01..8b5011ce0d81 100644 --- a/nixpkgs/nixos/modules/services/misc/jackett.nix +++ b/nixpkgs/nixos/modules/services/misc/jackett.nix @@ -9,30 +9,30 @@ in { options = { services.jackett = { - enable = mkEnableOption (lib.mdDoc "Jackett"); + enable = mkEnableOption "Jackett, API support for your favorite torrent trackers"; dataDir = mkOption { type = types.str; default = "/var/lib/jackett/.config/Jackett"; - description = lib.mdDoc "The directory where Jackett stores its data files."; + description = "The directory where Jackett stores its data files."; }; openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Open ports in the firewall for the Jackett web interface."; + description = "Open ports in the firewall for the Jackett web interface."; }; user = mkOption { type = types.str; default = "jackett"; - description = lib.mdDoc "User account under which Jackett runs."; + description = "User account under which Jackett runs."; }; group = mkOption { type = types.str; default = "jackett"; - description = lib.mdDoc "Group under which Jackett runs."; + description = "Group under which Jackett runs."; }; package = mkPackageOption pkgs "jackett" { }; diff --git a/nixpkgs/nixos/modules/services/misc/jellyseerr.nix b/nixpkgs/nixos/modules/services/misc/jellyseerr.nix index 31e0c5beb673..7599a1af3384 100644 --- a/nixpkgs/nixos/modules/services/misc/jellyseerr.nix +++ b/nixpkgs/nixos/modules/services/misc/jellyseerr.nix @@ -8,18 +8,18 @@ in meta.maintainers = [ maintainers.camillemndn ]; options.services.jellyseerr = { - enable = mkEnableOption (mdDoc ''Jellyseerr, a requests manager for Jellyfin''); + enable = mkEnableOption ''Jellyseerr, a requests manager for Jellyfin''; openFirewall = mkOption { type = types.bool; default = false; - description = mdDoc ''Open port in the firewall for the Jellyseerr web interface.''; + description = ''Open port in the firewall for the Jellyseerr web interface.''; }; port = mkOption { type = types.port; default = 5055; - description = mdDoc ''The port which the Jellyseerr web UI should listen to.''; + description = ''The port which the Jellyseerr web UI should listen to.''; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/klipper.nix b/nixpkgs/nixos/modules/services/misc/klipper.nix index a0eb409599b5..5e20b32bc8fd 100644 --- a/nixpkgs/nixos/modules/services/misc/klipper.nix +++ b/nixpkgs/nixos/modules/services/misc/klipper.nix @@ -14,7 +14,7 @@ in ##### interface options = { services.klipper = { - enable = mkEnableOption (lib.mdDoc "Klipper, the 3D printer firmware"); + enable = mkEnableOption "Klipper, the 3D printer firmware"; package = mkPackageOption pkgs "klipper" { }; @@ -22,7 +22,7 @@ in type = types.nullOr types.path; default = null; example = "/var/lib/klipper/klipper.log"; - description = lib.mdDoc '' + description = '' Path of the file Klipper should log to. If `null`, it logs to stdout, which is not recommended by upstream. ''; @@ -31,20 +31,20 @@ in inputTTY = mkOption { type = types.path; default = "/run/klipper/tty"; - description = lib.mdDoc "Path of the virtual printer symlink to create."; + description = "Path of the virtual printer symlink to create."; }; apiSocket = mkOption { type = types.nullOr types.path; default = "/run/klipper/api"; - description = lib.mdDoc "Path of the API socket to create."; + description = "Path of the API socket to create."; }; mutableConfig = mkOption { type = types.bool; default = false; example = true; - description = lib.mdDoc '' + description = '' Whether to copy the config to a mutable directory instead of using the one directly from the nix store. This will only copy the config if the file at `services.klipper.mutableConfigPath` doesn't exist. ''; @@ -53,13 +53,13 @@ in mutableConfigFolder = mkOption { type = types.path; default = "/var/lib/klipper"; - description = lib.mdDoc "Path to mutable Klipper config file."; + description = "Path to mutable Klipper config file."; }; configFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Path to default Klipper config. ''; }; @@ -67,13 +67,13 @@ in octoprintIntegration = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Allows Octoprint to control Klipper."; + description = "Allows Octoprint to control Klipper."; }; user = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' User account under which Klipper runs. If null is specified (default), a temporary user will be created by systemd. @@ -83,7 +83,7 @@ in group = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Group account under which Klipper runs. If null is specified (default), a temporary user will be created by systemd. @@ -93,32 +93,32 @@ in settings = mkOption { type = types.nullOr format.type; default = null; - description = lib.mdDoc '' + description = '' Configuration for Klipper. See the [documentation](https://www.klipper3d.org/Overview.html#configuration-and-tuning-guides) for supported values. ''; }; firmwares = mkOption { - description = lib.mdDoc "Firmwares klipper should manage"; + description = "Firmwares klipper should manage"; default = { }; type = with types; attrsOf (submodule { options = { - enable = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption '' building of firmware for manual flashing - ''); - enableKlipperFlash = mkEnableOption (lib.mdDoc '' + ''; + enableKlipperFlash = mkEnableOption '' flashings scripts for firmware. This will add `klipper-flash-$mcu` scripts to your environment which can be called to flash the firmware. Please check the configs at [klipper](https://github.com/Klipper3d/klipper/tree/master/config) whether your board supports flashing via `make flash` - ''); + ''; serial = mkOption { type = types.nullOr path; - description = lib.mdDoc "Path to serial port this printer is connected to. Leave `null` to derive it from `service.klipper.settings`."; + description = "Path to serial port this printer is connected to. Leave `null` to derive it from `service.klipper.settings`."; }; configFile = mkOption { type = path; - description = lib.mdDoc "Path to firmware config which is generated using `klipper-genconf`"; + description = "Path to firmware config which is generated using `klipper-genconf`"; }; }; }); diff --git a/nixpkgs/nixos/modules/services/misc/languagetool.nix b/nixpkgs/nixos/modules/services/misc/languagetool.nix index 9adf792373b5..ba563dace473 100644 --- a/nixpkgs/nixos/modules/services/misc/languagetool.nix +++ b/nixpkgs/nixos/modules/services/misc/languagetool.nix @@ -7,24 +7,24 @@ let settingsFormat = pkgs.formats.javaProperties {}; in { options.services.languagetool = { - enable = mkEnableOption (mdDoc "the LanguageTool server"); + enable = mkEnableOption "the LanguageTool server, a multilingual spelling, style, and grammar checker that helps correct or paraphrase texts"; port = mkOption { type = types.port; default = 8081; example = 8081; - description = mdDoc '' + description = '' Port on which LanguageTool listens. ''; }; - public = mkEnableOption (mdDoc "access from anywhere (rather than just localhost)"); + public = mkEnableOption "access from anywhere (rather than just localhost)"; allowOrigin = mkOption { type = types.nullOr types.str; default = null; example = "https://my-website.org"; - description = mdDoc '' + description = '' Set the Access-Control-Allow-Origin header in the HTTP response, used for direct (non-proxy) JavaScript-based access from browsers. `null` to allow access from all sites. @@ -39,11 +39,11 @@ in { type = types.ints.unsigned; default = 1000; apply = toString; - description = mdDoc "Number of sentences cached."; + description = "Number of sentences cached."; }; }; default = {}; - description = mdDoc '' + description = '' Configuration file options for LanguageTool, see 'languagetool-http-server --help' for supported settings. diff --git a/nixpkgs/nixos/modules/services/misc/leaps.nix b/nixpkgs/nixos/modules/services/misc/leaps.nix index 5522223ecc97..c6f5a1252332 100644 --- a/nixpkgs/nixos/modules/services/misc/leaps.nix +++ b/nixpkgs/nixos/modules/services/misc/leaps.nix @@ -9,22 +9,22 @@ in { options = { services.leaps = { - enable = mkEnableOption (lib.mdDoc "leaps"); + enable = mkEnableOption "leaps, a pair programming service"; port = mkOption { type = types.port; default = 8080; - description = lib.mdDoc "A port where leaps listens for incoming http requests"; + description = "A port where leaps listens for incoming http requests"; }; address = mkOption { default = ""; type = types.str; example = "127.0.0.1"; - description = lib.mdDoc "Hostname or IP-address to listen to. By default it will listen on all interfaces."; + description = "Hostname or IP-address to listen to. By default it will listen on all interfaces."; }; path = mkOption { default = "/"; type = types.path; - description = lib.mdDoc "Subdirectory used for reverse proxy setups"; + description = "Subdirectory used for reverse proxy setups"; }; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/libreddit.nix b/nixpkgs/nixos/modules/services/misc/libreddit.nix index 02d71c198e78..c1f6b276ad9f 100644 --- a/nixpkgs/nixos/modules/services/misc/libreddit.nix +++ b/nixpkgs/nixos/modules/services/misc/libreddit.nix @@ -13,7 +13,7 @@ in { options = { services.libreddit = { - enable = mkEnableOption (lib.mdDoc "Private front-end for Reddit"); + enable = mkEnableOption "Private front-end for Reddit"; package = mkPackageOption pkgs "libreddit" { }; @@ -21,20 +21,20 @@ in default = "0.0.0.0"; example = "127.0.0.1"; type = types.str; - description = lib.mdDoc "The address to listen on"; + description = "The address to listen on"; }; port = mkOption { default = 8080; example = 8000; type = types.port; - description = lib.mdDoc "The port to listen on"; + description = "The port to listen on"; }; openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Open ports in the firewall for the libreddit web interface"; + description = "Open ports in the firewall for the libreddit web interface"; }; }; @@ -47,7 +47,7 @@ in after = [ "network.target" ]; serviceConfig = { DynamicUser = true; - ExecStart = "${cfg.package}/bin/libreddit ${args}"; + ExecStart = "${lib.getExe cfg.package} ${args}"; AmbientCapabilities = lib.mkIf (cfg.port < 1024) [ "CAP_NET_BIND_SERVICE" ]; Restart = "on-failure"; RestartSec = "2s"; diff --git a/nixpkgs/nixos/modules/services/misc/lidarr.nix b/nixpkgs/nixos/modules/services/misc/lidarr.nix index 8ceb567e8801..5f7b5c293a25 100644 --- a/nixpkgs/nixos/modules/services/misc/lidarr.nix +++ b/nixpkgs/nixos/modules/services/misc/lidarr.nix @@ -8,12 +8,12 @@ in { options = { services.lidarr = { - enable = mkEnableOption (lib.mdDoc "Lidarr"); + enable = mkEnableOption "Lidarr, a Usenet/BitTorrent music downloader"; dataDir = mkOption { type = types.str; default = "/var/lib/lidarr/.config/Lidarr"; - description = lib.mdDoc "The directory where Lidarr stores its data files."; + description = "The directory where Lidarr stores its data files."; }; package = mkPackageOption pkgs "lidarr" { }; @@ -21,7 +21,7 @@ in openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Open ports in the firewall for Lidarr ''; }; @@ -29,7 +29,7 @@ in user = mkOption { type = types.str; default = "lidarr"; - description = lib.mdDoc '' + description = '' User account under which Lidarr runs. ''; }; @@ -37,7 +37,7 @@ in group = mkOption { type = types.str; default = "lidarr"; - description = lib.mdDoc '' + description = '' Group under which Lidarr runs. ''; }; diff --git a/nixpkgs/nixos/modules/services/misc/lifecycled.nix b/nixpkgs/nixos/modules/services/misc/lifecycled.nix index fb5cabb4f038..8b80af392492 100644 --- a/nixpkgs/nixos/modules/services/misc/lifecycled.nix +++ b/nixpkgs/nixos/modules/services/misc/lifecycled.nix @@ -25,15 +25,15 @@ in options = { services.lifecycled = { - enable = mkEnableOption (lib.mdDoc "lifecycled"); + enable = mkEnableOption "lifecycled, a daemon for responding to AWS AutoScaling Lifecycle Hooks"; queueCleaner = { - enable = mkEnableOption (lib.mdDoc "lifecycled-queue-cleaner"); + enable = mkEnableOption "lifecycled-queue-cleaner"; frequency = mkOption { type = types.str; default = "hourly"; - description = lib.mdDoc '' + description = '' How often to trigger the queue cleaner. NOTE: This string should be a valid value for a systemd @@ -46,7 +46,7 @@ in parallel = mkOption { type = types.ints.unsigned; default = 20; - description = lib.mdDoc '' + description = '' The number of parallel deletes to run. ''; }; @@ -55,7 +55,7 @@ in instanceId = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The instance ID to listen for events for. ''; }; @@ -63,7 +63,7 @@ in snsTopic = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The SNS topic that receives events. ''; }; @@ -71,14 +71,14 @@ in noSpot = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Disable the spot termination listener. ''; }; handler = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' The script to invoke to handle events. ''; }; @@ -86,7 +86,7 @@ in json = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable JSON logging. ''; }; @@ -94,7 +94,7 @@ in cloudwatchGroup = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Write logs to a specific Cloudwatch Logs group. ''; }; @@ -102,7 +102,7 @@ in cloudwatchStream = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Write logs to a specific Cloudwatch Logs stream. Defaults to the instance ID. ''; }; @@ -110,7 +110,7 @@ in debug = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable debugging information. ''; }; @@ -120,7 +120,7 @@ in awsRegion = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The region used for accessing AWS services. ''; }; diff --git a/nixpkgs/nixos/modules/services/misc/llama-cpp.nix b/nixpkgs/nixos/modules/services/misc/llama-cpp.nix index 305d4538e89a..c73cff027e22 100644 --- a/nixpkgs/nixos/modules/services/misc/llama-cpp.nix +++ b/nixpkgs/nixos/modules/services/misc/llama-cpp.nix @@ -20,7 +20,7 @@ in { extraFlags = lib.mkOption { type = lib.types.listOf lib.types.str; description = "Extra flags passed to llama-cpp-server."; - example = ["-c" "4096" "-ngl" "32" "--numa"]; + example = ["-c" "4096" "-ngl" "32" "--numa" "numactl"]; default = []; }; diff --git a/nixpkgs/nixos/modules/services/misc/logkeys.nix b/nixpkgs/nixos/modules/services/misc/logkeys.nix index 75d073a0c94b..0fb4fa6cf8de 100644 --- a/nixpkgs/nixos/modules/services/misc/logkeys.nix +++ b/nixpkgs/nixos/modules/services/misc/logkeys.nix @@ -6,10 +6,10 @@ let cfg = config.services.logkeys; in { options.services.logkeys = { - enable = mkEnableOption (lib.mdDoc "logkeys service"); + enable = mkEnableOption "logkeys, a keylogger service"; device = mkOption { - description = lib.mdDoc "Use the given device as keyboard input event device instead of /dev/input/eventX default."; + description = "Use the given device as keyboard input event device instead of /dev/input/eventX default."; default = null; type = types.nullOr types.str; example = "/dev/input/event15"; diff --git a/nixpkgs/nixos/modules/services/misc/mame.nix b/nixpkgs/nixos/modules/services/misc/mame.nix index 6e9d2fd26cff..6c7f08d48be1 100644 --- a/nixpkgs/nixos/modules/services/misc/mame.nix +++ b/nixpkgs/nixos/modules/services/misc/mame.nix @@ -12,19 +12,19 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to setup TUN/TAP Ethernet interface for MAME emulator. ''; }; user = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' User from which you run MAME binary. ''; }; hostAddr = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' IP address of the host system. Usually an address of the main network adapter or the adapter through which you get an internet connection. ''; @@ -32,7 +32,7 @@ in }; emuAddr = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' IP address of the guest system. The same you set inside guest OS under MAME. Should be on the same subnet as {option}`services.mame.hostAddr`. ''; diff --git a/nixpkgs/nixos/modules/services/misc/mbpfan.nix b/nixpkgs/nixos/modules/services/misc/mbpfan.nix index ef56ea49d1a9..1d9b7ae87ca0 100644 --- a/nixpkgs/nixos/modules/services/misc/mbpfan.nix +++ b/nixpkgs/nixos/modules/services/misc/mbpfan.nix @@ -4,55 +4,54 @@ with lib; let cfg = config.services.mbpfan; verbose = optionalString cfg.verbose "v"; - settingsFormat = pkgs.formats.ini {}; - settingsFile = settingsFormat.generate "mbpfan.ini" cfg.settings; + format = pkgs.formats.ini {}; + cfgfile = format.generate "mbpfan.ini" cfg.settings; in { options.services.mbpfan = { - enable = mkEnableOption (lib.mdDoc "mbpfan, fan controller daemon for Apple Macs and MacBooks"); - - package = mkPackageOption pkgs "mbpfan" { }; + enable = mkEnableOption "mbpfan, fan controller daemon for Apple Macs and MacBooks"; + package = mkPackageOption pkgs "mbpfan" {}; verbose = mkOption { type = types.bool; default = false; - description = lib.mdDoc "If true, sets the log level to verbose."; + description = "If true, sets the log level to verbose."; }; aggressive = mkOption { type = types.bool; default = true; - description = lib.mdDoc "If true, favors higher default fan speeds."; + description = "If true, favors higher default fan speeds."; }; settings = mkOption { default = {}; - description = lib.mdDoc "INI configuration for Mbpfan."; + description = "INI configuration for Mbpfan."; type = types.submodule { - freeformType = settingsFormat.type; + freeformType = format.type; options.general.low_temp = mkOption { type = types.int; default = (if cfg.aggressive then 55 else 63); defaultText = literalExpression "55"; - description = lib.mdDoc "If temperature is below this, fans will run at minimum speed."; + description = "If temperature is below this, fans will run at minimum speed."; }; options.general.high_temp = mkOption { type = types.int; default = (if cfg.aggressive then 58 else 66); defaultText = literalExpression "58"; - description = lib.mdDoc "If temperature is above this, fan speed will gradually increase."; + description = "If temperature is above this, fan speed will gradually increase."; }; options.general.max_temp = mkOption { type = types.int; default = (if cfg.aggressive then 78 else 86); defaultText = literalExpression "78"; - description = lib.mdDoc "If temperature is above this, fans will run at maximum speed."; + description = "If temperature is above this, fans will run at maximum speed."; }; options.general.polling_interval = mkOption { type = types.int; default = 1; - description = lib.mdDoc "The polling interval."; + description = "The polling interval."; }; }; }; @@ -70,12 +69,12 @@ in { config = mkIf cfg.enable { boot.kernelModules = [ "coretemp" "applesmc" ]; environment.systemPackages = [ cfg.package ]; - environment.etc."mbpfan.conf".source = settingsFile; + environment.etc."mbpfan.conf".source = cfgfile; systemd.services.mbpfan = { description = "A fan manager daemon for MacBook Pro"; wantedBy = [ "sysinit.target" ]; - after = [ "syslog.target" "sysinit.target" ]; + after = [ "sysinit.target" ]; restartTriggers = [ config.environment.etc."mbpfan.conf".source ]; serviceConfig = { diff --git a/nixpkgs/nixos/modules/services/misc/mediatomb.nix b/nixpkgs/nixos/modules/services/misc/mediatomb.nix index 03235e9a1265..932558e25802 100644 --- a/nixpkgs/nixos/modules/services/misc/mediatomb.nix +++ b/nixpkgs/nixos/modules/services/misc/mediatomb.nix @@ -15,19 +15,19 @@ let options = { path = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Absolute directory path to the media directory to index. ''; }; recursive = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether the indexation must take place recursively or not."; + description = "Whether the indexation must take place recursively or not."; }; hidden-files = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to index the hidden files or not."; + description = "Whether to index the hidden files or not."; }; }; }; @@ -202,7 +202,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the Gerbera/Mediatomb DLNA server. ''; }; @@ -210,7 +210,7 @@ in { serverName = mkOption { type = types.str; default = "Gerbera (Mediatomb)"; - description = lib.mdDoc '' + description = '' How to identify the server on the network. ''; }; @@ -220,7 +220,7 @@ in { ps3Support = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable ps3 specific tweaks. WARNING: incompatible with DSM 320 support. ''; @@ -229,7 +229,7 @@ in { dsmSupport = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable D-Link DSM 320 specific tweaks. WARNING: incompatible with ps3 support. ''; @@ -238,7 +238,7 @@ in { tg100Support = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable Telegent TG100 specific tweaks. ''; }; @@ -246,7 +246,7 @@ in { transcoding = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable transcoding. ''; }; @@ -255,7 +255,7 @@ in { type = types.path; default = "/var/lib/${name}"; defaultText = literalExpression ''"/var/lib/''${config.${opt.package}.pname}"''; - description = lib.mdDoc '' + description = '' The directory where Gerbera/Mediatomb stores its state, data, etc. ''; }; @@ -263,7 +263,7 @@ in { pcDirectoryHide = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to list the top-level directory or not (from upnp client standpoint). ''; }; @@ -271,19 +271,19 @@ in { user = mkOption { type = types.str; default = "mediatomb"; - description = lib.mdDoc "User account under which the service runs."; + description = "User account under which the service runs."; }; group = mkOption { type = types.str; default = "mediatomb"; - description = lib.mdDoc "Group account under which the service runs."; + description = "Group account under which the service runs."; }; port = mkOption { type = types.port; default = 49152; - description = lib.mdDoc '' + description = '' The network port to listen on. ''; }; @@ -291,7 +291,7 @@ in { interface = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' A specific interface to bind to. ''; }; @@ -299,7 +299,7 @@ in { openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' If false (the default), this is up to the user to declare the firewall rules. If true, this opens port 1900 (tcp and udp) and the port specified by {option}`sercvices.mediatomb.port`. @@ -313,7 +313,7 @@ in { uuid = mkOption { type = types.str; default = "fdfc8a4e-a3ad-4c1d-b43d-a2eedb03a687"; - description = lib.mdDoc '' + description = '' A unique (on your network) to identify the server by. ''; }; @@ -321,7 +321,7 @@ in { mediaDirectories = mkOption { type = with types; listOf (submodule mediaDirectory); default = []; - description = lib.mdDoc '' + description = '' Declare media directories to index. ''; example = [ @@ -333,7 +333,7 @@ in { customCfg = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Allow the service to create and use its own config file inside the `dataDir` as configured by {option}`services.mediatomb.dataDir`. Deactivated by default, the service then runs with the configuration generated from this module. diff --git a/nixpkgs/nixos/modules/services/misc/metabase.nix b/nixpkgs/nixos/modules/services/misc/metabase.nix index 5fc18e27eaae..eebe582548a5 100644 --- a/nixpkgs/nixos/modules/services/misc/metabase.nix +++ b/nixpkgs/nixos/modules/services/misc/metabase.nix @@ -13,13 +13,13 @@ in { options = { services.metabase = { - enable = mkEnableOption (lib.mdDoc "Metabase service"); + enable = mkEnableOption "Metabase service"; listen = { ip = mkOption { type = types.str; default = "0.0.0.0"; - description = lib.mdDoc '' + description = '' IP address that Metabase should listen on. ''; }; @@ -27,7 +27,7 @@ in { port = mkOption { type = types.port; default = 3000; - description = lib.mdDoc '' + description = '' Listen port for Metabase. ''; }; @@ -37,7 +37,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable SSL (https) support. ''; }; @@ -45,7 +45,7 @@ in { port = mkOption { type = types.port; default = 8443; - description = lib.mdDoc '' + description = '' Listen port over SSL (https) for Metabase. ''; }; @@ -54,7 +54,7 @@ in { type = types.nullOr types.path; default = "${dataDir}/metabase.jks"; example = "/etc/secrets/keystore.jks"; - description = lib.mdDoc '' + description = '' [Java KeyStore](https://www.digitalocean.com/community/tutorials/java-keytool-essentials-working-with-java-keystores) file containing the certificates. ''; }; @@ -64,7 +64,7 @@ in { openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Open ports in the firewall for Metabase. ''; }; diff --git a/nixpkgs/nixos/modules/services/misc/moonraker.nix b/nixpkgs/nixos/modules/services/misc/moonraker.nix index f043cc83bf05..1461f1048b03 100644 --- a/nixpkgs/nixos/modules/services/misc/moonraker.nix +++ b/nixpkgs/nixos/modules/services/misc/moonraker.nix @@ -16,7 +16,7 @@ let in { options = { services.moonraker = { - enable = mkEnableOption (lib.mdDoc "Moonraker, an API web server for Klipper"); + enable = mkEnableOption "Moonraker, an API web server for Klipper"; package = mkPackageOption pkgs "moonraker" { nullable = true; @@ -27,19 +27,19 @@ in { type = types.path; default = config.services.klipper.apiSocket; defaultText = literalExpression "config.services.klipper.apiSocket"; - description = lib.mdDoc "Path to Klipper's API socket."; + description = "Path to Klipper's API socket."; }; stateDir = mkOption { type = types.path; default = "/var/lib/moonraker"; - description = lib.mdDoc "The directory containing the Moonraker databases."; + description = "The directory containing the Moonraker databases."; }; configDir = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Deprecated directory containing client-writable configuration files. Clients will be able to edit files in this directory via the API. This directory must be writable. @@ -49,26 +49,26 @@ in { user = mkOption { type = types.str; default = "moonraker"; - description = lib.mdDoc "User account under which Moonraker runs."; + description = "User account under which Moonraker runs."; }; group = mkOption { type = types.str; default = "moonraker"; - description = lib.mdDoc "Group account under which Moonraker runs."; + description = "Group account under which Moonraker runs."; }; address = mkOption { type = types.str; default = "127.0.0.1"; example = "0.0.0.0"; - description = lib.mdDoc "The IP or host to listen on."; + description = "The IP or host to listen on."; }; port = mkOption { type = types.ints.unsigned; default = 7125; - description = lib.mdDoc "The port to listen on."; + description = "The port to listen on."; }; settings = mkOption { @@ -80,7 +80,7 @@ in { cors_domains = [ "https://app.fluidd.xyz" "https://my.mainsail.xyz" ]; }; }; - description = lib.mdDoc '' + description = '' Configuration for Moonraker. See the [documentation](https://moonraker.readthedocs.io/en/latest/configuration/) for supported values. ''; @@ -89,7 +89,7 @@ in { allowSystemControl = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to allow Moonraker to perform system-level operations. Moonraker exposes APIs to perform system-level operations, such as diff --git a/nixpkgs/nixos/modules/services/misc/mqtt2influxdb.nix b/nixpkgs/nixos/modules/services/misc/mqtt2influxdb.nix index 621f51a4e7fd..a2d6a2b34a23 100644 --- a/nixpkgs/nixos/modules/services/misc/mqtt2influxdb.nix +++ b/nixpkgs/nixos/modules/services/misc/mqtt2influxdb.nix @@ -21,11 +21,11 @@ let options = { measurement = mkOption { type = types.str; - description = mdDoc "Name of the measurement"; + description = "Name of the measurement"; }; topic = mkOption { type = types.str; - description = mdDoc "MQTT topic to subscribe to."; + description = "MQTT topic to subscribe to."; }; fields = mkOption { type = types.submodule { @@ -33,21 +33,21 @@ let value = mkOption { type = types.str; default = "$.payload"; - description = mdDoc "Value to be picked up"; + description = "Value to be picked up"; }; type = mkOption { type = with types; nullOr str; default = null; - description = mdDoc "Type to be picked up"; + description = "Type to be picked up"; }; }; }; - description = mdDoc "Field selector."; + description = "Field selector."; }; tags = mkOption { type = with types; attrsOf str; default = {}; - description = mdDoc "Tags applied"; + description = "Tags applied"; }; }; }; @@ -124,12 +124,12 @@ let in { options = { services.mqtt2influxdb = { - enable = mkEnableOption (mdDoc "BigClown MQTT to InfluxDB bridge."); + enable = mkEnableOption "BigClown MQTT to InfluxDB bridge."; environmentFiles = mkOption { type = types.listOf types.path; default = []; example = [ "/run/keys/mqtt2influxdb.env" ]; - description = mdDoc '' + description = '' File to load as environment file. Environment variables from this file will be interpolated into the config file using envsubst with this syntax: `$ENVIRONMENT` or `''${VARIABLE}`. @@ -140,22 +140,22 @@ in { host = mkOption { type = types.str; default = "127.0.0.1"; - description = mdDoc "Host where MQTT server is running."; + description = "Host where MQTT server is running."; }; port = mkOption { type = types.port; default = 1883; - description = mdDoc "MQTT server port."; + description = "MQTT server port."; }; username = mkOption { type = with types; nullOr str; default = null; - description = mdDoc "Username used to connect to the MQTT server."; + description = "Username used to connect to the MQTT server."; }; password = mkOption { type = with types; nullOr str; default = null; - description = mdDoc '' + description = '' MQTT password. It is highly suggested to use here replacement through @@ -166,43 +166,43 @@ in { cafile = mkOption { type = with types; nullOr path; default = null; - description = mdDoc "Certification Authority file for MQTT"; + description = "Certification Authority file for MQTT"; }; certfile = mkOption { type = with types; nullOr path; default = null; - description = mdDoc "Certificate file for MQTT"; + description = "Certificate file for MQTT"; }; keyfile = mkOption { type = with types; nullOr path; default = null; - description = mdDoc "Key file for MQTT"; + description = "Key file for MQTT"; }; }; influxdb = { host = mkOption { type = types.str; default = "127.0.0.1"; - description = mdDoc "Host where InfluxDB server is running."; + description = "Host where InfluxDB server is running."; }; port = mkOption { type = types.port; default = 8086; - description = mdDoc "InfluxDB server port"; + description = "InfluxDB server port"; }; database = mkOption { type = types.str; - description = mdDoc "Name of the InfluxDB database."; + description = "Name of the InfluxDB database."; }; username = mkOption { type = with types; nullOr str; default = null; - description = mdDoc "Username for InfluxDB login."; + description = "Username for InfluxDB login."; }; password = mkOption { type = with types; nullOr str; default = null; - description = mdDoc '' + description = '' Password for InfluxDB login. It is highly suggested to use here replacement through @@ -213,18 +213,18 @@ in { ssl = mkOption { type = types.bool; default = false; - description = mdDoc "Use SSL to connect to the InfluxDB server."; + description = "Use SSL to connect to the InfluxDB server."; }; verify_ssl = mkOption { type = types.bool; default = true; - description = mdDoc "Verify SSL certificate when connecting to the InfluxDB server."; + description = "Verify SSL certificate when connecting to the InfluxDB server."; }; }; points = mkOption { type = types.listOf pointType; default = defaultPoints; - description = mdDoc "Points to bridge from MQTT to InfluxDB."; + description = "Points to bridge from MQTT to InfluxDB."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/n8n.nix b/nixpkgs/nixos/modules/services/misc/n8n.nix index 2af37fba910a..231470b9937a 100644 --- a/nixpkgs/nixos/modules/services/misc/n8n.nix +++ b/nixpkgs/nixos/modules/services/misc/n8n.nix @@ -9,18 +9,18 @@ let in { options.services.n8n = { - enable = mkEnableOption (lib.mdDoc "n8n server"); + enable = mkEnableOption "n8n server"; openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Open ports in the firewall for the n8n web interface."; + description = "Open ports in the firewall for the n8n web interface."; }; settings = mkOption { type = format.type; default = {}; - description = lib.mdDoc '' + description = '' Configuration for n8n, see <https://docs.n8n.io/hosting/environment-variables/configuration-methods/> for supported values. ''; @@ -29,7 +29,7 @@ in webhookUrl = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' WEBHOOK_URL for n8n, in case we're running behind a reverse proxy. This cannot be set through configuration and must reside in an environment variable. ''; diff --git a/nixpkgs/nixos/modules/services/misc/nitter.nix b/nixpkgs/nixos/modules/services/misc/nitter.nix index d2cf7c0de2b7..f8be2aed70c9 100644 --- a/nixpkgs/nixos/modules/services/misc/nitter.nix +++ b/nixpkgs/nixos/modules/services/misc/nitter.nix @@ -52,7 +52,7 @@ in options = { services.nitter = { - enable = mkEnableOption (lib.mdDoc "Nitter"); + enable = mkEnableOption "Nitter, an alternative Twitter front-end"; package = mkPackageOption pkgs "nitter" { }; @@ -61,46 +61,46 @@ in type = types.str; default = "0.0.0.0"; example = "127.0.0.1"; - description = lib.mdDoc "The address to listen on."; + description = "The address to listen on."; }; port = mkOption { type = types.port; default = 8080; example = 8000; - description = lib.mdDoc "The port to listen on."; + description = "The port to listen on."; }; https = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Set secure attribute on cookies. Keep it disabled to enable cookies when not using HTTPS."; + description = "Set secure attribute on cookies. Keep it disabled to enable cookies when not using HTTPS."; }; httpMaxConnections = mkOption { type = types.int; default = 100; - description = lib.mdDoc "Maximum number of HTTP connections."; + description = "Maximum number of HTTP connections."; }; staticDir = mkOption { type = types.path; default = "${cfg.package}/share/nitter/public"; defaultText = literalExpression ''"''${config.services.nitter.package}/share/nitter/public"''; - description = lib.mdDoc "Path to the static files directory."; + description = "Path to the static files directory."; }; title = mkOption { type = types.str; default = "nitter"; - description = lib.mdDoc "Title of the instance."; + description = "Title of the instance."; }; hostname = mkOption { type = types.str; default = "localhost"; example = "nitter.net"; - description = lib.mdDoc "Hostname of the instance."; + description = "Hostname of the instance."; }; }; @@ -108,37 +108,37 @@ in listMinutes = mkOption { type = types.int; default = 240; - description = lib.mdDoc "How long to cache list info (not the tweets, so keep it high)."; + description = "How long to cache list info (not the tweets, so keep it high)."; }; rssMinutes = mkOption { type = types.int; default = 10; - description = lib.mdDoc "How long to cache RSS queries."; + description = "How long to cache RSS queries."; }; redisHost = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc "Redis host."; + description = "Redis host."; }; redisPort = mkOption { type = types.port; default = 6379; - description = lib.mdDoc "Redis port."; + description = "Redis port."; }; redisConnections = mkOption { type = types.int; default = 20; - description = lib.mdDoc "Redis connection pool size."; + description = "Redis connection pool size."; }; redisMaxConnections = mkOption { type = types.int; default = 30; - description = lib.mdDoc '' + description = '' Maximum number of connections to Redis. New connections are opened when none are available, but if the @@ -152,29 +152,29 @@ in base64Media = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Use base64 encoding for proxied media URLs."; + description = "Use base64 encoding for proxied media URLs."; }; - enableRSS = mkEnableOption (lib.mdDoc "RSS feeds") // { default = true; }; + enableRSS = mkEnableOption "RSS feeds" // { default = true; }; - enableDebug = mkEnableOption (lib.mdDoc "request logs and debug endpoints"); + enableDebug = mkEnableOption "request logs and debug endpoints"; proxy = mkOption { type = types.str; default = ""; - description = lib.mdDoc "URL to a HTTP/HTTPS proxy."; + description = "URL to a HTTP/HTTPS proxy."; }; proxyAuth = mkOption { type = types.str; default = ""; - description = lib.mdDoc "Credentials for proxy."; + description = "Credentials for proxy."; }; tokenCount = mkOption { type = types.int; default = 10; - description = lib.mdDoc '' + description = '' Minimum amount of usable tokens. Tokens are used to authorize API requests, but they expire after @@ -191,112 +191,112 @@ in type = types.str; default = ""; example = "nitter.net"; - description = lib.mdDoc "Replace Twitter links with links to this instance (blank to disable)."; + description = "Replace Twitter links with links to this instance (blank to disable)."; }; replaceYouTube = mkOption { type = types.str; default = ""; example = "piped.kavin.rocks"; - description = lib.mdDoc "Replace YouTube links with links to this instance (blank to disable)."; + description = "Replace YouTube links with links to this instance (blank to disable)."; }; replaceReddit = mkOption { type = types.str; default = ""; example = "teddit.net"; - description = lib.mdDoc "Replace Reddit links with links to this instance (blank to disable)."; + description = "Replace Reddit links with links to this instance (blank to disable)."; }; mp4Playback = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Enable MP4 video playback."; + description = "Enable MP4 video playback."; }; hlsPlayback = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable HLS video streaming (requires JavaScript)."; + description = "Enable HLS video streaming (requires JavaScript)."; }; proxyVideos = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Proxy video streaming through the server (might be slow)."; + description = "Proxy video streaming through the server (might be slow)."; }; muteVideos = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Mute videos by default."; + description = "Mute videos by default."; }; autoplayGifs = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Autoplay GIFs."; + description = "Autoplay GIFs."; }; theme = mkOption { type = types.str; default = "Nitter"; - description = lib.mdDoc "Instance theme."; + description = "Instance theme."; }; infiniteScroll = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Infinite scrolling (requires JavaScript, experimental!)."; + description = "Infinite scrolling (requires JavaScript, experimental!)."; }; stickyProfile = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Make profile sidebar stick to top."; + description = "Make profile sidebar stick to top."; }; bidiSupport = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Support bidirectional text (makes clicking on tweets harder)."; + description = "Support bidirectional text (makes clicking on tweets harder)."; }; hideTweetStats = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Hide tweet stats (replies, retweets, likes)."; + description = "Hide tweet stats (replies, retweets, likes)."; }; hideBanner = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Hide profile banner."; + description = "Hide profile banner."; }; hidePins = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Hide pinned tweets."; + description = "Hide pinned tweets."; }; hideReplies = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Hide tweet replies."; + description = "Hide tweet replies."; }; squareAvatars = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Square profile pictures."; + description = "Square profile pictures."; }; }; settings = mkOption { type = types.attrs; default = {}; - description = lib.mdDoc '' + description = '' Add settings here to override NixOS module generated settings. Check the official repository for the available settings: @@ -307,7 +307,7 @@ in guestAccounts = mkOption { type = types.path; default = "/var/lib/nitter/guest_accounts.jsonl"; - description = lib.mdDoc '' + description = '' Path to the guest accounts file. This file contains a list of guest accounts that can be used to @@ -324,13 +324,13 @@ in redisCreateLocally = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Configure local Redis server for Nitter."; + description = "Configure local Redis server for Nitter."; }; openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Open ports in the firewall for Nitter web interface."; + description = "Open ports in the firewall for Nitter web interface."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/nix-gc.nix b/nixpkgs/nixos/modules/services/misc/nix-gc.nix index 656cbad81373..9caca5d74079 100644 --- a/nixpkgs/nixos/modules/services/misc/nix-gc.nix +++ b/nixpkgs/nixos/modules/services/misc/nix-gc.nix @@ -15,14 +15,14 @@ in automatic = lib.mkOption { default = false; type = lib.types.bool; - description = lib.mdDoc "Automatically run the garbage collector at a specific time."; + description = "Automatically run the garbage collector at a specific time."; }; dates = lib.mkOption { type = lib.types.singleLineStr; default = "03:15"; example = "weekly"; - description = lib.mdDoc '' + description = '' How often or when garbage collection is performed. For most desktop and server systems a sufficient garbage collection is once a week. @@ -35,7 +35,7 @@ in default = "0"; type = lib.types.singleLineStr; example = "45min"; - description = lib.mdDoc '' + description = '' Add a randomized delay before each garbage collection. The delay will be chosen between zero and this value. This value must be a time span in the format specified by @@ -47,7 +47,7 @@ in default = true; type = lib.types.bool; example = false; - description = lib.mdDoc '' + description = '' Takes a boolean argument. If true, the time when the service unit was last triggered is stored on disk. When the timer is activated, the service unit is triggered immediately if it @@ -63,7 +63,7 @@ in default = ""; example = "--max-freed $((64 * 1024**3))"; type = lib.types.singleLineStr; - description = lib.mdDoc '' + description = '' Options given to [`nix-collect-garbage`](https://nixos.org/manual/nix/stable/command-ref/nix-collect-garbage) when the garbage collector is run automatically. ''; }; diff --git a/nixpkgs/nixos/modules/services/misc/nix-optimise.nix b/nixpkgs/nixos/modules/services/misc/nix-optimise.nix index 0398229a13da..ed33f6746a4e 100644 --- a/nixpkgs/nixos/modules/services/misc/nix-optimise.nix +++ b/nixpkgs/nixos/modules/services/misc/nix-optimise.nix @@ -10,13 +10,13 @@ in automatic = lib.mkOption { default = false; type = lib.types.bool; - description = lib.mdDoc "Automatically run the nix store optimiser at a specific time."; + description = "Automatically run the nix store optimiser at a specific time."; }; dates = lib.mkOption { default = ["03:45"]; type = with lib.types; listOf str; - description = lib.mdDoc '' + description = '' Specification (in the format described by {manpage}`systemd.time(7)`) of the time at which the optimiser will run. @@ -42,9 +42,11 @@ in startAt = lib.optionals cfg.automatic cfg.dates; }; - timers.nix-optimise.timerConfig = { - Persistent = true; - RandomizedDelaySec = 1800; + timers.nix-optimise = lib.mkIf cfg.automatic { + timerConfig = { + Persistent = true; + RandomizedDelaySec = 1800; + }; }; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/nix-ssh-serve.nix b/nixpkgs/nixos/modules/services/misc/nix-ssh-serve.nix index cf9d6339c69b..f60736c688d9 100644 --- a/nixpkgs/nixos/modules/services/misc/nix-ssh-serve.nix +++ b/nixpkgs/nixos/modules/services/misc/nix-ssh-serve.nix @@ -14,26 +14,26 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable serving the Nix store as a remote store via SSH."; + description = "Whether to enable serving the Nix store as a remote store via SSH."; }; write = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable writing to the Nix store as a remote store via SSH. Note: the sshServe user is named nix-ssh and is not a trusted-user. nix-ssh should be added to the {option}`nix.settings.trusted-users` option in most use cases, such as allowing remote building of derivations."; + description = "Whether to enable writing to the Nix store as a remote store via SSH. Note: the sshServe user is named nix-ssh and is not a trusted-user. nix-ssh should be added to the {option}`nix.settings.trusted-users` option in most use cases, such as allowing remote building of derivations."; }; keys = mkOption { type = types.listOf types.str; default = []; example = [ "ssh-dss AAAAB3NzaC1k... alice@example.org" ]; - description = lib.mdDoc "A list of SSH public keys allowed to access the binary cache via SSH."; + description = "A list of SSH public keys allowed to access the binary cache via SSH."; }; protocol = mkOption { type = types.enum [ "ssh" "ssh-ng" ]; default = "ssh"; - description = lib.mdDoc "The specific Nix-over-SSH protocol to use."; + description = "The specific Nix-over-SSH protocol to use."; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/novacomd.nix b/nixpkgs/nixos/modules/services/misc/novacomd.nix index bde8328d46f8..7cfc68d2b673 100644 --- a/nixpkgs/nixos/modules/services/misc/novacomd.nix +++ b/nixpkgs/nixos/modules/services/misc/novacomd.nix @@ -10,7 +10,7 @@ in { options = { services.novacomd = { - enable = mkEnableOption (lib.mdDoc "Novacom service for connecting to WebOS devices"); + enable = mkEnableOption "Novacom service for connecting to WebOS devices"; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/ntfy-sh.nix b/nixpkgs/nixos/modules/services/misc/ntfy-sh.nix index b8b077240115..ae6ab9571d0f 100644 --- a/nixpkgs/nixos/modules/services/misc/ntfy-sh.nix +++ b/nixpkgs/nixos/modules/services/misc/ntfy-sh.nix @@ -10,20 +10,20 @@ in { options.services.ntfy-sh = { - enable = mkEnableOption (mdDoc "[ntfy-sh](https://ntfy.sh), a push notification service"); + enable = mkEnableOption "[ntfy-sh](https://ntfy.sh), a push notification service"; package = mkPackageOption pkgs "ntfy-sh" { }; user = mkOption { default = "ntfy-sh"; type = types.str; - description = lib.mdDoc "User the ntfy-sh server runs under."; + description = "User the ntfy-sh server runs under."; }; group = mkOption { default = "ntfy-sh"; type = types.str; - description = lib.mdDoc "Primary group of ntfy-sh user."; + description = "Primary group of ntfy-sh user."; }; settings = mkOption { @@ -33,7 +33,7 @@ in base-url = mkOption { type = types.str; example = "https://ntfy.example"; - description = lib.mdDoc '' + description = '' Public facing base URL of the service This setting is required for any of the following features: @@ -55,7 +55,7 @@ in } ''; - description = mdDoc '' + description = '' Configuration for ntfy.sh, supported values are [here](https://ntfy.sh/docs/config/#config-options). ''; }; diff --git a/nixpkgs/nixos/modules/services/misc/nzbget.nix b/nixpkgs/nixos/modules/services/misc/nzbget.nix index d02fda62fa4f..c961fe9b2877 100644 --- a/nixpkgs/nixos/modules/services/misc/nzbget.nix +++ b/nixpkgs/nixos/modules/services/misc/nzbget.nix @@ -25,24 +25,24 @@ in options = { services.nzbget = { - enable = mkEnableOption (lib.mdDoc "NZBGet"); + enable = mkEnableOption "NZBGet, for downloading files from news servers"; user = mkOption { type = types.str; default = "nzbget"; - description = lib.mdDoc "User account under which NZBGet runs"; + description = "User account under which NZBGet runs"; }; group = mkOption { type = types.str; default = "nzbget"; - description = lib.mdDoc "Group under which NZBGet runs"; + description = "Group under which NZBGet runs"; }; settings = mkOption { type = with types; attrsOf (oneOf [ bool int str ]); default = {}; - description = lib.mdDoc '' + description = '' NZBGet configuration, passed via command line using switch -o. Refer to <https://github.com/nzbget/nzbget/blob/master/nzbget.conf> for details on supported values. diff --git a/nixpkgs/nixos/modules/services/misc/nzbhydra2.nix b/nixpkgs/nixos/modules/services/misc/nzbhydra2.nix index 536a4e4b0075..8246ea52f978 100644 --- a/nixpkgs/nixos/modules/services/misc/nzbhydra2.nix +++ b/nixpkgs/nixos/modules/services/misc/nzbhydra2.nix @@ -7,19 +7,18 @@ let cfg = config.services.nzbhydra2; in { options = { services.nzbhydra2 = { - enable = mkEnableOption (lib.mdDoc "NZBHydra2"); + enable = mkEnableOption "NZBHydra2, Usenet meta search"; dataDir = mkOption { type = types.str; default = "/var/lib/nzbhydra2"; - description = lib.mdDoc "The directory where NZBHydra2 stores its data files."; + description = "The directory where NZBHydra2 stores its data files."; }; openFirewall = mkOption { type = types.bool; default = false; - description = - lib.mdDoc "Open ports in the firewall for the NZBHydra2 web interface."; + description = "Open ports in the firewall for the NZBHydra2 web interface."; }; package = mkPackageOption pkgs "nzbhydra2" { }; diff --git a/nixpkgs/nixos/modules/services/misc/octoprint.nix b/nixpkgs/nixos/modules/services/misc/octoprint.nix index 43e0ce0c21d3..6290a6a7a537 100644 --- a/nixpkgs/nixos/modules/services/misc/octoprint.nix +++ b/nixpkgs/nixos/modules/services/misc/octoprint.nix @@ -29,12 +29,12 @@ in services.octoprint = { - enable = mkEnableOption (lib.mdDoc "OctoPrint, web interface for 3D printers"); + enable = mkEnableOption "OctoPrint, web interface for 3D printers"; host = mkOption { type = types.str; default = "0.0.0.0"; - description = lib.mdDoc '' + description = '' Host to bind OctoPrint to. ''; }; @@ -42,7 +42,7 @@ in port = mkOption { type = types.port; default = 5000; - description = lib.mdDoc '' + description = '' Port to bind OctoPrint to. ''; }; @@ -50,25 +50,25 @@ in openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Open ports in the firewall for OctoPrint."; + description = "Open ports in the firewall for OctoPrint."; }; user = mkOption { type = types.str; default = "octoprint"; - description = lib.mdDoc "User for the daemon."; + description = "User for the daemon."; }; group = mkOption { type = types.str; default = "octoprint"; - description = lib.mdDoc "Group for the daemon."; + description = "Group for the daemon."; }; stateDir = mkOption { type = types.path; default = "/var/lib/octoprint"; - description = lib.mdDoc "State directory of the daemon."; + description = "State directory of the daemon."; }; plugins = mkOption { @@ -76,13 +76,13 @@ in default = plugins: [ ]; defaultText = literalExpression "plugins: []"; example = literalExpression "plugins: with plugins; [ themeify stlviewer ]"; - description = lib.mdDoc "Additional plugins to be used. Available plugins are passed through the plugins input."; + description = "Additional plugins to be used. Available plugins are passed through the plugins input."; }; extraConfig = mkOption { type = types.attrs; default = { }; - description = lib.mdDoc "Extra options which are added to OctoPrint's YAML configuration file."; + description = "Extra options which are added to OctoPrint's YAML configuration file."; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/ollama.nix b/nixpkgs/nixos/modules/services/misc/ollama.nix index 7a5661510e25..c0341984aa35 100644 --- a/nixpkgs/nixos/modules/services/misc/ollama.nix +++ b/nixpkgs/nixos/modules/services/misc/ollama.nix @@ -15,6 +15,55 @@ in services.ollama = { enable = lib.mkEnableOption "ollama server for local large language models"; package = lib.mkPackageOption pkgs "ollama" { }; + home = lib.mkOption { + type = types.str; + default = "%S/ollama"; + example = "/home/foo"; + description = '' + The home directory that the ollama service is started in. + + See also `services.ollama.writablePaths` and `services.ollama.sandbox`. + ''; + }; + models = lib.mkOption { + type = types.str; + default = "%S/ollama/models"; + example = "/path/to/ollama/models"; + description = '' + The directory that the ollama service will read models from and download new models to. + + See also `services.ollama.writablePaths` and `services.ollama.sandbox` + if downloading models or other mutation of the filesystem is required. + ''; + }; + sandbox = lib.mkOption { + type = types.bool; + default = true; + example = false; + description = '' + Whether to enable systemd's sandboxing capabilities. + + This sets [`DynamicUser`]( + https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#DynamicUser= + ), which runs the server as a unique user with read-only access to most of the filesystem. + + See also `services.ollama.writablePaths`. + ''; + }; + writablePaths = lib.mkOption { + type = types.listOf types.str; + default = [ ]; + example = [ "/home/foo" "/mnt/foo" ]; + description = '' + Paths that the server should have write access to. + + This sets [`ReadWritePaths`]( + https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#ReadWritePaths= + ), which allows specified paths to be written to through the default sandboxing. + + See also `services.ollama.sandbox`. + ''; + }; listenAddress = lib.mkOption { type = types.str; default = "127.0.0.1:11434"; @@ -24,22 +73,27 @@ in ''; }; acceleration = lib.mkOption { - type = types.nullOr (types.enum [ "rocm" "cuda" ]); + type = types.nullOr (types.enum [ false "rocm" "cuda" ]); default = null; example = "rocm"; description = '' What interface to use for hardware acceleration. - - `rocm`: supported by modern AMD GPUs - - `cuda`: supported by modern NVIDIA GPUs + - `null`: default behavior + if `nixpkgs.config.rocmSupport` is enabled, uses `"rocm"` + if `nixpkgs.config.cudaSupport` is enabled, uses `"cuda"` + otherwise defaults to `false` + - `false`: disable GPU, only use CPU + - `"rocm"`: supported by most modern AMD GPUs + - `"cuda"`: supported by most modern NVIDIA GPUs ''; }; environmentVariables = lib.mkOption { type = types.attrsOf types.str; default = { }; example = { - HOME = "/tmp"; OLLAMA_LLM_LIBRARY = "cpu"; + HIP_VISIBLE_DEVICES = "0,1"; }; description = '' Set arbitrary environment variables for the ollama service. @@ -58,15 +112,16 @@ in wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; environment = cfg.environmentVariables // { - HOME = "%S/ollama"; - OLLAMA_MODELS = "%S/ollama/models"; + HOME = cfg.home; + OLLAMA_MODELS = cfg.models; OLLAMA_HOST = cfg.listenAddress; }; serviceConfig = { ExecStart = "${lib.getExe ollamaPackage} serve"; - WorkingDirectory = "%S/ollama"; + WorkingDirectory = cfg.home; StateDirectory = [ "ollama" ]; - DynamicUser = true; + DynamicUser = cfg.sandbox; + ReadWritePaths = cfg.writablePaths; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/ombi.nix b/nixpkgs/nixos/modules/services/misc/ombi.nix index 8bf6a9b116ec..9b2e3cf84e5d 100644 --- a/nixpkgs/nixos/modules/services/misc/ombi.nix +++ b/nixpkgs/nixos/modules/services/misc/ombi.nix @@ -7,40 +7,42 @@ let cfg = config.services.ombi; in { options = { services.ombi = { - enable = mkEnableOption (lib.mdDoc '' - Ombi. + enable = mkEnableOption '' + Ombi, a web application that automatically gives your shared Plex or + Emby users the ability to request content by themselves! + Optionally see <https://docs.ombi.app/info/reverse-proxy> on how to set up a reverse proxy - ''); + ''; dataDir = mkOption { type = types.str; default = "/var/lib/ombi"; - description = lib.mdDoc "The directory where Ombi stores its data files."; + description = "The directory where Ombi stores its data files."; }; port = mkOption { type = types.port; default = 5000; - description = lib.mdDoc "The port for the Ombi web interface."; + description = "The port for the Ombi web interface."; }; openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Open ports in the firewall for the Ombi web interface."; + description = "Open ports in the firewall for the Ombi web interface."; }; user = mkOption { type = types.str; default = "ombi"; - description = lib.mdDoc "User account under which Ombi runs."; + description = "User account under which Ombi runs."; }; group = mkOption { type = types.str; default = "ombi"; - description = lib.mdDoc "Group under which Ombi runs."; + description = "Group under which Ombi runs."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/osrm.nix b/nixpkgs/nixos/modules/services/misc/osrm.nix index 12c908a761e3..a93337dc75e3 100644 --- a/nixpkgs/nixos/modules/services/misc/osrm.nix +++ b/nixpkgs/nixos/modules/services/misc/osrm.nix @@ -11,44 +11,44 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable the OSRM service."; + description = "Enable the OSRM service."; }; address = mkOption { type = types.str; default = "0.0.0.0"; - description = lib.mdDoc "IP address on which the web server will listen."; + description = "IP address on which the web server will listen."; }; port = mkOption { type = types.port; default = 5000; - description = lib.mdDoc "Port on which the web server will run."; + description = "Port on which the web server will run."; }; threads = mkOption { type = types.int; default = 4; - description = lib.mdDoc "Number of threads to use."; + description = "Number of threads to use."; }; algorithm = mkOption { type = types.enum [ "CH" "CoreCH" "MLD" ]; default = "MLD"; - description = lib.mdDoc "Algorithm to use for the data. Must be one of CH, CoreCH, MLD"; + description = "Algorithm to use for the data. Must be one of CH, CoreCH, MLD"; }; extraFlags = mkOption { type = types.listOf types.str; default = []; example = [ "--max-table-size 1000" "--max-matching-size 1000" ]; - description = lib.mdDoc "Extra command line arguments passed to osrm-routed"; + description = "Extra command line arguments passed to osrm-routed"; }; dataFile = mkOption { type = types.path; example = "/var/lib/osrm/berlin-latest.osrm"; - description = lib.mdDoc "Data file location"; + description = "Data file location"; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/owncast.nix b/nixpkgs/nixos/modules/services/misc/owncast.nix index 01fe34cf50fe..94f0f4e998c4 100644 --- a/nixpkgs/nixos/modules/services/misc/owncast.nix +++ b/nixpkgs/nixos/modules/services/misc/owncast.nix @@ -5,12 +5,12 @@ in { options.services.owncast = { - enable = mkEnableOption (lib.mdDoc "owncast"); + enable = mkEnableOption "owncast, a video live streaming solution"; dataDir = mkOption { type = types.str; default = "/var/lib/owncast"; - description = lib.mdDoc '' + description = '' The directory where owncast stores its data files. If left as the default value this directory will automatically be created before the owncast server starts, otherwise the sysadmin is responsible for ensuring the directory exists with appropriate ownership and permissions. ''; }; @@ -18,7 +18,7 @@ in { openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Open the appropriate ports in the firewall for owncast. ''; }; @@ -26,26 +26,26 @@ in { user = mkOption { type = types.str; default = "owncast"; - description = lib.mdDoc "User account under which owncast runs."; + description = "User account under which owncast runs."; }; group = mkOption { type = types.str; default = "owncast"; - description = lib.mdDoc "Group under which owncast runs."; + description = "Group under which owncast runs."; }; listen = mkOption { type = types.str; default = "127.0.0.1"; example = "0.0.0.0"; - description = lib.mdDoc "The IP address to bind the owncast web server to."; + description = "The IP address to bind the owncast web server to."; }; port = mkOption { type = types.port; default = 8080; - description = lib.mdDoc '' + description = '' TCP port where owncast web-gui listens. ''; }; @@ -53,7 +53,7 @@ in { rtmp-port = mkOption { type = types.port; default = 1935; - description = lib.mdDoc '' + description = '' TCP port where owncast rtmp service listens. ''; }; diff --git a/nixpkgs/nixos/modules/services/misc/packagekit.nix b/nixpkgs/nixos/modules/services/misc/packagekit.nix index f4191a4453ca..1be689794d9f 100644 --- a/nixpkgs/nixos/modules/services/misc/packagekit.nix +++ b/nixpkgs/nixos/modules/services/misc/packagekit.nix @@ -39,22 +39,22 @@ in ]; options.services.packagekit = { - enable = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption '' PackageKit, a cross-platform D-Bus abstraction layer for installing software. Software utilizing PackageKit can install software regardless of the package manager - ''); + ''; settings = mkOption { type = iniFmt.type; default = { }; - description = lib.mdDoc "Additional settings passed straight through to PackageKit.conf"; + description = "Additional settings passed straight through to PackageKit.conf"; }; vendorSettings = mkOption { type = iniFmt.type; default = { }; - description = lib.mdDoc "Additional settings passed straight through to Vendor.conf"; + description = "Additional settings passed straight through to Vendor.conf"; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/paperless.nix b/nixpkgs/nixos/modules/services/misc/paperless.nix index 9301d1f68725..e564fe3b8317 100644 --- a/nixpkgs/nixos/modules/services/misc/paperless.nix +++ b/nixpkgs/nixos/modules/services/misc/paperless.nix @@ -3,7 +3,6 @@ with lib; let cfg = config.services.paperless; - pkg = cfg.package; defaultUser = "paperless"; defaultFont = "${pkgs.liberation_ttf}/share/fonts/truetype/LiberationSerif-Regular.ttf"; @@ -25,7 +24,7 @@ let } // optionalAttrs (cfg.settings.PAPERLESS_ENABLE_NLTK or true) { PAPERLESS_NLTK_DIR = pkgs.symlinkJoin { name = "paperless_ngx_nltk_data"; - paths = pkg.nltkData; + paths = cfg.package.nltkData; }; } // optionalAttrs (cfg.openMPThreadingWorkaround) { OMP_NUM_THREADS = "1"; @@ -38,7 +37,7 @@ let manage = pkgs.writeShellScript "manage" '' set -o allexport # Export the following env vars ${lib.toShellVars env} - exec ${pkg}/bin/paperless-ngx "$@" + exec ${cfg.package}/bin/paperless-ngx "$@" ''; # Secure the services @@ -96,7 +95,7 @@ in enable = mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable Paperless. When started, the Paperless database is automatically created if it doesn't @@ -111,34 +110,34 @@ in dataDir = mkOption { type = types.str; default = "/var/lib/paperless"; - description = lib.mdDoc "Directory to store the Paperless data."; + description = "Directory to store the Paperless data."; }; mediaDir = mkOption { type = types.str; default = "${cfg.dataDir}/media"; defaultText = literalExpression ''"''${dataDir}/media"''; - description = lib.mdDoc "Directory to store the Paperless documents."; + description = "Directory to store the Paperless documents."; }; consumptionDir = mkOption { type = types.str; default = "${cfg.dataDir}/consume"; defaultText = literalExpression ''"''${dataDir}/consume"''; - description = lib.mdDoc "Directory from which new documents are imported."; + description = "Directory from which new documents are imported."; }; consumptionDirIsPublic = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether all users can write to the consumption dir."; + description = "Whether all users can write to the consumption dir."; }; passwordFile = mkOption { type = types.nullOr types.path; default = null; example = "/run/keys/paperless-password"; - description = lib.mdDoc '' + description = '' A file containing the superuser password. A superuser is required to access the web interface. @@ -159,13 +158,13 @@ in address = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc "Web interface address."; + description = "Web interface address."; }; port = mkOption { type = types.port; default = 28981; - description = lib.mdDoc "Web interface port."; + description = "Web interface port."; }; settings = mkOption { @@ -175,7 +174,7 @@ in in oneOf (typeList ++ [ (listOf (oneOf typeList)) (attrsOf (oneOf typeList)) ])); }; default = { }; - description = lib.mdDoc '' + description = '' Extra paperless config options. See [the documentation](https://docs.paperless-ngx.com/configuration/) for available options. @@ -197,10 +196,23 @@ in user = mkOption { type = types.str; default = defaultUser; - description = lib.mdDoc "User under which Paperless runs."; + description = "User under which Paperless runs."; }; - package = mkPackageOption pkgs "paperless-ngx" { }; + package = mkPackageOption pkgs "paperless-ngx" { } // { + apply = pkg: pkg.override { + tesseract5 = pkg.tesseract5.override { + # always enable detection modules + # tesseract fails to build when eng is not present + enableLanguages = if cfg.settings ? PAPERLESS_OCR_LANGUAGE then + lists.unique ( + [ "equ" "osd" "eng" ] + ++ lib.splitString "+" cfg.settings.PAPERLESS_OCR_LANGUAGE + ) + else null; + }; + }; + }; openMPThreadingWorkaround = mkEnableOption '' a workaround for document classifier timeouts. @@ -220,15 +232,16 @@ in config = mkIf cfg.enable { services.redis.servers.paperless.enable = mkIf enableRedis true; - systemd.tmpfiles.rules = [ - "d '${cfg.dataDir}' - ${cfg.user} ${config.users.users.${cfg.user}.group} - -" - "d '${cfg.mediaDir}' - ${cfg.user} ${config.users.users.${cfg.user}.group} - -" - (if cfg.consumptionDirIsPublic then - "d '${cfg.consumptionDir}' 777 - - - -" - else - "d '${cfg.consumptionDir}' - ${cfg.user} ${config.users.users.${cfg.user}.group} - -" - ) - ]; + systemd.tmpfiles.settings."10-paperless" = let + defaultRule = { + inherit (cfg) user; + inherit (config.users.users.${cfg.user}) group; + }; + in { + "${cfg.dataDir}".d = defaultRule; + "${cfg.mediaDir}".d = defaultRule; + "${cfg.consumptionDir}".d = if cfg.consumptionDirIsPublic then { mode = "777"; } else defaultRule; + }; systemd.services.paperless-scheduler = { description = "Paperless Celery Beat"; @@ -236,8 +249,9 @@ in wants = [ "paperless-consumer.service" "paperless-web.service" "paperless-task-queue.service" ]; serviceConfig = defaultServiceConfig // { User = cfg.user; - ExecStart = "${pkg}/bin/celery --app paperless beat --loglevel INFO"; + ExecStart = "${cfg.package}/bin/celery --app paperless beat --loglevel INFO"; Restart = "on-failure"; + LoadCredential = lib.optionalString (cfg.passwordFile != null) "PAPERLESS_ADMIN_PASSWORD:${cfg.passwordFile}"; }; environment = env; @@ -248,8 +262,8 @@ in versionFile="${cfg.dataDir}/src-version" version=$(cat "$versionFile" 2>/dev/null || echo 0) - if [[ $version != ${pkg.version} ]]; then - ${pkg}/bin/paperless-ngx migrate + if [[ $version != ${cfg.package.version} ]]; then + ${cfg.package}/bin/paperless-ngx migrate # Parse old version string format for backwards compatibility version=$(echo "$version" | grep -ohP '[^-]+$') @@ -262,20 +276,20 @@ in if versionLessThan 1.12.0; then # Reindex documents as mentioned in https://github.com/paperless-ngx/paperless-ngx/releases/tag/v1.12.1 echo "Reindexing documents, to allow searching old comments. Required after the 1.12.x upgrade." - ${pkg}/bin/paperless-ngx document_index reindex + ${cfg.package}/bin/paperless-ngx document_index reindex fi - echo ${pkg.version} > "$versionFile" + echo ${cfg.package.version} > "$versionFile" fi '' + optionalString (cfg.passwordFile != null) '' export PAPERLESS_ADMIN_USER="''${PAPERLESS_ADMIN_USER:-admin}" - export PAPERLESS_ADMIN_PASSWORD=$(cat "${cfg.dataDir}/superuser-password") + export PAPERLESS_ADMIN_PASSWORD=$(cat $CREDENTIALS_DIRECTORY/PAPERLESS_ADMIN_PASSWORD) superuserState="$PAPERLESS_ADMIN_USER:$PAPERLESS_ADMIN_PASSWORD" superuserStateFile="${cfg.dataDir}/superuser-state" if [[ $(cat "$superuserStateFile" 2>/dev/null) != $superuserState ]]; then - ${pkg}/bin/paperless-ngx manage_superuser + ${cfg.package}/bin/paperless-ngx manage_superuser echo "$superuserState" > "$superuserStateFile" fi ''; @@ -288,7 +302,7 @@ in after = [ "paperless-scheduler.service" ]; serviceConfig = defaultServiceConfig // { User = cfg.user; - ExecStart = "${pkg}/bin/celery --app paperless worker --loglevel INFO"; + ExecStart = "${cfg.package}/bin/celery --app paperless worker --loglevel INFO"; Restart = "on-failure"; # The `mbind` syscall is needed for running the classifier. SystemCallFilter = defaultServiceConfig.SystemCallFilter ++ [ "mbind" ]; @@ -298,19 +312,6 @@ in environment = env; }; - # Reading the user-provided password file requires root access - systemd.services.paperless-copy-password = mkIf (cfg.passwordFile != null) { - requiredBy = [ "paperless-scheduler.service" ]; - before = [ "paperless-scheduler.service" ]; - serviceConfig = { - ExecStart = '' - ${pkgs.coreutils}/bin/install --mode 600 --owner '${cfg.user}' --compare \ - '${cfg.passwordFile}' '${cfg.dataDir}/superuser-password' - ''; - Type = "oneshot"; - }; - }; - systemd.services.paperless-consumer = { description = "Paperless document consumer"; # Bind to `paperless-scheduler` so that the consumer never runs @@ -319,7 +320,7 @@ in after = [ "paperless-scheduler.service" ]; serviceConfig = defaultServiceConfig // { User = cfg.user; - ExecStart = "${pkg}/bin/paperless-ngx document_consumer"; + ExecStart = "${cfg.package}/bin/paperless-ngx document_consumer"; Restart = "on-failure"; }; environment = env; @@ -351,8 +352,8 @@ in echo "PAPERLESS_SECRET_KEY is empty, refusing to start." exit 1 fi - exec ${pkg.python.pkgs.gunicorn}/bin/gunicorn \ - -c ${pkg}/lib/paperless-ngx/gunicorn.conf.py paperless.asgi:application + exec ${cfg.package.python.pkgs.gunicorn}/bin/gunicorn \ + -c ${cfg.package}/lib/paperless-ngx/gunicorn.conf.py paperless.asgi:application ''; serviceConfig = defaultServiceConfig // { User = cfg.user; @@ -368,7 +369,7 @@ in CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ]; }; environment = env // { - PYTHONPATH = "${pkg.python.pkgs.makePythonPath pkg.propagatedBuildInputs}:${pkg}/lib/paperless-ngx/src"; + PYTHONPATH = "${cfg.package.python.pkgs.makePythonPath cfg.package.propagatedBuildInputs}:${cfg.package}/lib/paperless-ngx/src"; }; # Allow the web interface to access the private /tmp directory of the server. # This is required to support uploading files via the web interface. diff --git a/nixpkgs/nixos/modules/services/misc/parsoid.nix b/nixpkgs/nixos/modules/services/misc/parsoid.nix index 6f4a340c8a18..a1935d202172 100644 --- a/nixpkgs/nixos/modules/services/misc/parsoid.nix +++ b/nixpkgs/nixos/modules/services/misc/parsoid.nix @@ -39,7 +39,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable Parsoid -- bidirectional wikitext parser. ''; @@ -48,7 +48,7 @@ in wikis = mkOption { type = types.listOf (types.either types.str types.attrs); example = [ "http://localhost/api.php" ]; - description = lib.mdDoc '' + description = '' Used MediaWiki API endpoints. ''; }; @@ -56,7 +56,7 @@ in workers = mkOption { type = types.int; default = 2; - description = lib.mdDoc '' + description = '' Number of Parsoid workers. ''; }; @@ -64,7 +64,7 @@ in interface = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc '' + description = '' Interface to listen on. ''; }; @@ -72,7 +72,7 @@ in port = mkOption { type = types.port; default = 8000; - description = lib.mdDoc '' + description = '' Port to listen on. ''; }; @@ -80,7 +80,7 @@ in extraConfig = mkOption { type = types.attrs; default = {}; - description = lib.mdDoc '' + description = '' Extra configuration to add to parsoid configuration. ''; }; diff --git a/nixpkgs/nixos/modules/services/misc/persistent-evdev.nix b/nixpkgs/nixos/modules/services/misc/persistent-evdev.nix index b1f367fec7fb..650752abd215 100644 --- a/nixpkgs/nixos/modules/services/misc/persistent-evdev.nix +++ b/nixpkgs/nixos/modules/services/misc/persistent-evdev.nix @@ -11,12 +11,12 @@ let in { options.services.persistent-evdev = { - enable = lib.mkEnableOption (lib.mdDoc "virtual input devices that persist even if the backing device is hotplugged"); + enable = lib.mkEnableOption "virtual input devices that persist even if the backing device is hotplugged"; devices = lib.mkOption { default = {}; type = with lib.types; attrsOf str; - description = lib.mdDoc '' + description = '' A set of virtual proxy device labels with backing physical device ids. Physical devices should already exist in {file}`/dev/input/by-id/`. diff --git a/nixpkgs/nixos/modules/services/misc/pinnwand.nix b/nixpkgs/nixos/modules/services/misc/pinnwand.nix index 5fca9f4125a8..9c26864dab56 100644 --- a/nixpkgs/nixos/modules/services/misc/pinnwand.nix +++ b/nixpkgs/nixos/modules/services/misc/pinnwand.nix @@ -10,17 +10,17 @@ let in { options.services.pinnwand = { - enable = mkEnableOption (lib.mdDoc "Pinnwand"); + enable = mkEnableOption "Pinnwand, a pastebin"; port = mkOption { type = types.port; - description = lib.mdDoc "The port to listen on."; + description = "The port to listen on."; default = 8000; }; settings = mkOption { default = {}; - description = lib.mdDoc '' + description = '' Your {file}`pinnwand.toml` as a Nix attribute set. Look up possible options in the [documentation](https://pinnwand.readthedocs.io/en/v${pkgs.pinnwand.version}/configuration.html). ''; @@ -31,7 +31,7 @@ in type = types.str; default = "sqlite:////var/lib/pinnwand/pinnwand.db"; example = "sqlite:///:memory"; - description = lib.mdDoc '' + description = '' Database URI compatible with [SQLAlchemyhttps://docs.sqlalchemy.org/en/14/core/engines.html#database-urls]. Additional packages may need to be introduced into the environment for certain databases. @@ -42,7 +42,7 @@ in type = types.ints.positive; default = 262144; example = 524288; - description = lib.mdDoc '' + description = '' Maximum size of a paste in bytes. ''; }; @@ -51,7 +51,7 @@ in default = '' <p>Welcome to pinnwand, this site is a pastebin. It allows you to share code with others. If you write code in the text area below and press the paste button you will be given a link you can share with others so they can view your code as well.</p><p>People with the link can view your pasted code, only you can remove your paste and it expires automatically. Note that anyone could guess the URI to your paste so don't rely on it being private.</p> ''; - description = lib.mdDoc '' + description = '' Raw HTML help text shown in the header area. ''; }; @@ -60,7 +60,7 @@ in default = '' View <a href="//github.com/supakeen/pinnwand" target="_BLANK">source code</a>, the <a href="/removal">removal</a> or <a href="/expiry">expiry</a> stories, or read the <a href="/about">about</a> page. ''; - description = lib.mdDoc '' + description = '' The footer in raw HTML. ''; }; diff --git a/nixpkgs/nixos/modules/services/misc/plex.nix b/nixpkgs/nixos/modules/services/misc/plex.nix index 164801605713..fcd8ebbac6ed 100644 --- a/nixpkgs/nixos/modules/services/misc/plex.nix +++ b/nixpkgs/nixos/modules/services/misc/plex.nix @@ -12,12 +12,12 @@ in options = { services.plex = { - enable = mkEnableOption (lib.mdDoc "Plex Media Server"); + enable = mkEnableOption "Plex Media Server"; dataDir = mkOption { type = types.str; default = "/var/lib/plex"; - description = lib.mdDoc '' + description = '' The directory where Plex stores its data files. ''; }; @@ -25,7 +25,7 @@ in openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Open ports in the firewall for the media server. ''; }; @@ -33,7 +33,7 @@ in user = mkOption { type = types.str; default = "plex"; - description = lib.mdDoc '' + description = '' User account under which Plex runs. ''; }; @@ -41,7 +41,7 @@ in group = mkOption { type = types.str; default = "plex"; - description = lib.mdDoc '' + description = '' Group under which Plex runs. ''; }; @@ -49,7 +49,7 @@ in extraPlugins = mkOption { type = types.listOf types.path; default = []; - description = lib.mdDoc '' + description = '' A list of paths to extra plugin bundles to install in Plex's plugin directory. Every time the systemd unit for Plex starts up, all of the symlinks in Plex's plugin directory will be cleared and this module @@ -73,7 +73,7 @@ in extraScanners = mkOption { type = types.listOf types.path; default = []; - description = lib.mdDoc '' + description = '' A list of paths to extra scanners to install in Plex's scanners directory. diff --git a/nixpkgs/nixos/modules/services/misc/plikd.nix b/nixpkgs/nixos/modules/services/misc/plikd.nix index 9b0825bf40c9..ec94cfc02979 100644 --- a/nixpkgs/nixos/modules/services/misc/plikd.nix +++ b/nixpkgs/nixos/modules/services/misc/plikd.nix @@ -11,18 +11,18 @@ in { options = { services.plikd = { - enable = mkEnableOption (lib.mdDoc "the plikd server"); + enable = mkEnableOption "plikd, a temporary file upload system"; openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Open ports in the firewall for the plikd."; + description = "Open ports in the firewall for the plikd."; }; settings = mkOption { type = format.type; default = {}; - description = lib.mdDoc '' + description = '' Configuration for plikd, see <https://github.com/root-gg/plik/blob/master/server/plikd.cfg> for supported values. ''; diff --git a/nixpkgs/nixos/modules/services/misc/podgrab.nix b/nixpkgs/nixos/modules/services/misc/podgrab.nix index c596122fd31c..50dc70e2bd76 100644 --- a/nixpkgs/nixos/modules/services/misc/podgrab.nix +++ b/nixpkgs/nixos/modules/services/misc/podgrab.nix @@ -1,16 +1,18 @@ { config, lib, pkgs, ... }: let cfg = config.services.podgrab; + + stateDir = "/var/lib/podgrab"; in { options.services.podgrab = with lib; { - enable = mkEnableOption (lib.mdDoc "Podgrab, a self-hosted podcast manager"); + enable = mkEnableOption "Podgrab, a self-hosted podcast manager"; passwordFile = mkOption { type = with types; nullOr str; default = null; example = "/run/secrets/password.env"; - description = lib.mdDoc '' + description = '' The path to a file containing the PASSWORD environment variable definition for Podgrab's authentication. ''; @@ -20,30 +22,61 @@ in type = types.port; default = 8080; example = 4242; - description = lib.mdDoc "The port on which Podgrab will listen for incoming HTTP traffic."; + description = "The port on which Podgrab will listen for incoming HTTP traffic."; + }; + + dataDirectory = mkOption { + type = types.path; + default = "${stateDir}/data"; + example = "/mnt/podcasts"; + description = "Directory to store downloads."; + }; + + user = mkOption { + type = types.str; + default = "podgrab"; + description = "User under which Podgrab runs, and which owns the download directory."; + }; + + group = mkOption { + type = types.str; + default = "podgrab"; + description = "Group under which Podgrab runs, and which owns the download directory."; }; }; config = lib.mkIf cfg.enable { + systemd.tmpfiles.settings."10-pyload" = { + ${cfg.dataDirectory}.d = { inherit (cfg) user group; }; + }; + systemd.services.podgrab = { description = "Podgrab podcast manager"; wantedBy = [ "multi-user.target" ]; environment = { - CONFIG = "/var/lib/podgrab/config"; - DATA = "/var/lib/podgrab/data"; + CONFIG = "${stateDir}/config"; + DATA = cfg.dataDirectory; GIN_MODE = "release"; PORT = toString cfg.port; }; serviceConfig = { - DynamicUser = true; + User = cfg.user; + Group = cfg.group; EnvironmentFile = lib.optionals (cfg.passwordFile != null) [ cfg.passwordFile ]; ExecStart = "${pkgs.podgrab}/bin/podgrab"; WorkingDirectory = "${pkgs.podgrab}/share"; - StateDirectory = [ "podgrab/config" "podgrab/data" ]; + StateDirectory = [ "podgrab/config" ]; }; }; + + users.users.podgrab = lib.mkIf (cfg.user == "podgrab") { + isSystemUser = true; + group = cfg.group; + }; + + users.groups.podgrab = lib.mkIf (cfg.group == "podgrab") { }; }; meta.maintainers = with lib.maintainers; [ ambroisie ]; diff --git a/nixpkgs/nixos/modules/services/misc/polaris.nix b/nixpkgs/nixos/modules/services/misc/polaris.nix index 83da486083b4..4ac99eaad384 100644 --- a/nixpkgs/nixos/modules/services/misc/polaris.nix +++ b/nixpkgs/nixos/modules/services/misc/polaris.nix @@ -11,33 +11,33 @@ in { options = { services.polaris = { - enable = mkEnableOption (lib.mdDoc "Polaris Music Server"); + enable = mkEnableOption "Polaris Music Server"; package = mkPackageOption pkgs "polaris" { }; user = mkOption { type = types.str; default = "polaris"; - description = lib.mdDoc "User account under which Polaris runs."; + description = "User account under which Polaris runs."; }; group = mkOption { type = types.str; default = "polaris"; - description = lib.mdDoc "Group under which Polaris is run."; + description = "Group under which Polaris is run."; }; extraGroups = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc "Polaris' auxiliary groups."; + description = "Polaris' auxiliary groups."; example = literalExpression ''["media" "music"]''; }; port = mkOption { type = types.port; default = 5050; - description = lib.mdDoc '' + description = '' The port which the Polaris REST api and web UI should listen to. Note: polaris is hardcoded to listen to the hostname "0.0.0.0". ''; @@ -46,7 +46,7 @@ in settings = mkOption { type = settingsFormat.type; default = {}; - description = lib.mdDoc '' + description = '' Contents for the TOML Polaris config, applied each start. Although poorly documented, an example may be found here: [test-config.toml](https://github.com/agersant/polaris/blob/374d0ca56fc0a466d797a4b252e2078607476797/test-data/config.toml) @@ -73,7 +73,7 @@ in openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Open the configured port in the firewall. ''; }; diff --git a/nixpkgs/nixos/modules/services/misc/portunus.nix b/nixpkgs/nixos/modules/services/misc/portunus.nix index ebb3bc8f0851..ab78479c96cd 100644 --- a/nixpkgs/nixos/modules/services/misc/portunus.nix +++ b/nixpkgs/nixos/modules/services/misc/portunus.nix @@ -8,18 +8,18 @@ let in { options.services.portunus = { - enable = mkEnableOption (lib.mdDoc "Portunus, a self-contained user/group management and authentication service for LDAP"); + enable = mkEnableOption "Portunus, a self-contained user/group management and authentication service for LDAP"; domain = mkOption { type = types.str; example = "sso.example.com"; - description = lib.mdDoc "Subdomain which gets reverse proxied to Portunus webserver."; + description = "Subdomain which gets reverse proxied to Portunus webserver."; }; port = mkOption { type = types.port; default = 8080; - description = lib.mdDoc '' + description = '' Port where the Portunus webserver should listen on. This must be put behind a TLS-capable reverse proxy because Portunus only listens on localhost. @@ -31,7 +31,7 @@ in seedPath = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Path to a portunus seed file in json format. See <https://github.com/majewsky/portunus#seeding-users-and-groups-from-static-configuration> for available options. ''; @@ -40,7 +40,7 @@ in seedSettings = lib.mkOption { type = with lib.types; nullOr (attrsOf (listOf (attrsOf anything))); default = null; - description = lib.mdDoc '' + description = '' Seed settings for users and groups. See upstream for format <https://github.com/majewsky/portunus#seeding-users-and-groups-from-static-configuration> ''; @@ -49,40 +49,40 @@ in stateDir = mkOption { type = types.path; default = "/var/lib/portunus"; - description = lib.mdDoc "Path where Portunus stores its state."; + description = "Path where Portunus stores its state."; }; user = mkOption { type = types.str; default = "portunus"; - description = lib.mdDoc "User account under which Portunus runs its webserver."; + description = "User account under which Portunus runs its webserver."; }; group = mkOption { type = types.str; default = "portunus"; - description = lib.mdDoc "Group account under which Portunus runs its webserver."; + description = "Group account under which Portunus runs its webserver."; }; dex = { - enable = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption '' Dex ldap connector. To activate dex, first a search user must be created in the Portunus web ui and then the password must to be set as the `DEX_SEARCH_USER_PASSWORD` environment variable in the [](#opt-services.dex.environmentFile) setting. - ''); + ''; oidcClients = mkOption { type = types.listOf (types.submodule { options = { callbackURL = mkOption { type = types.str; - description = lib.mdDoc "URL where the OIDC client should redirect"; + description = "URL where the OIDC client should redirect"; }; id = mkOption { type = types.str; - description = lib.mdDoc "ID of the OIDC client"; + description = "ID of the OIDC client"; }; }; }); @@ -93,7 +93,7 @@ in id = "service"; } ]; - description = lib.mdDoc '' + description = '' List of OIDC clients. The OIDC secret must be set as the `DEX_CLIENT_''${id}` environment variable @@ -104,7 +104,7 @@ in port = mkOption { type = types.port; default = 5556; - description = lib.mdDoc "Port where dex should listen on."; + description = "Port where dex should listen on."; }; }; @@ -116,14 +116,14 @@ in # TODO: remove in NixOS 24.11 (cf. same note on pkgs/servers/portunus/default.nix) default = pkgs.openldap.override { libxcrypt = pkgs.libxcrypt-legacy; }; defaultText = lib.literalExpression "pkgs.openldap.override { libxcrypt = pkgs.libxcrypt-legacy; }"; - description = lib.mdDoc "The OpenLDAP package to use."; + description = "The OpenLDAP package to use."; }; searchUserName = mkOption { type = types.str; default = ""; example = "admin"; - description = lib.mdDoc '' + description = '' The login name of the search user. This user account must be configured in Portunus either manually or via seeding. ''; @@ -132,7 +132,7 @@ in suffix = mkOption { type = types.str; example = "dc=example,dc=org"; - description = lib.mdDoc '' + description = '' The DN of the topmost entry in your LDAP directory. Please refer to the Portunus documentation for more information on how this impacts the structure of the LDAP directory. ''; @@ -141,7 +141,7 @@ in tls = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable LDAPS protocol. This also adds two entries to the `/etc/hosts` file to point [](#opt-services.portunus.domain) to localhost, so that CLIs and programs can use ldaps protocol and verify the certificate without opening the firewall port for the protocol. @@ -153,13 +153,13 @@ in user = mkOption { type = types.str; default = "openldap"; - description = lib.mdDoc "User account under which Portunus runs its LDAP server."; + description = "User account under which Portunus runs its LDAP server."; }; group = mkOption { type = types.str; default = "openldap"; - description = lib.mdDoc "Group account under which Portunus runs its LDAP server."; + description = "Group account under which Portunus runs its LDAP server."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/prowlarr.nix b/nixpkgs/nixos/modules/services/misc/prowlarr.nix index 84d365003992..c94882a4f72a 100644 --- a/nixpkgs/nixos/modules/services/misc/prowlarr.nix +++ b/nixpkgs/nixos/modules/services/misc/prowlarr.nix @@ -9,14 +9,14 @@ in { options = { services.prowlarr = { - enable = mkEnableOption (lib.mdDoc "Prowlarr"); + enable = mkEnableOption "Prowlarr, an indexer manager/proxy for Torrent trackers and Usenet indexers"; package = mkPackageOption pkgs "prowlarr" { }; openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Open ports in the firewall for the Prowlarr web interface."; + description = "Open ports in the firewall for the Prowlarr web interface."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/pufferpanel.nix b/nixpkgs/nixos/modules/services/misc/pufferpanel.nix index b951d60cc5b9..3679d25861e6 100644 --- a/nixpkgs/nixos/modules/services/misc/pufferpanel.nix +++ b/nixpkgs/nixos/modules/services/misc/pufferpanel.nix @@ -7,7 +7,7 @@ in enable = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable PufferPanel game management server. Note that [PufferPanel templates] and binaries downloaded by PufferPanel @@ -39,7 +39,7 @@ in type = lib.types.listOf lib.types.str; default = [ ]; example = [ "podman" ]; - description = lib.mdDoc '' + description = '' Additional groups for the systemd service. ''; }; @@ -48,7 +48,7 @@ in type = lib.types.listOf lib.types.package; default = [ ]; example = lib.literalExpression "[ pkgs.jre ]"; - description = lib.mdDoc '' + description = '' Packages to add to the PATH environment variable. Both the {file}`bin` and {file}`sbin` subdirectories of each package are added. ''; @@ -66,7 +66,7 @@ in PUFFER_PANEL_REGISTRATIONENABLED = "false"; } ''; - description = lib.mdDoc '' + description = '' Environment variables to set for the service. Secrets should be specified using {option}`environmentFile`. @@ -93,7 +93,7 @@ in environmentFile = lib.mkOption { type = lib.types.nullOr lib.types.path; default = null; - description = lib.mdDoc '' + description = '' File to load environment variables from. Loaded variables override values set in {option}`environment`. ''; diff --git a/nixpkgs/nixos/modules/services/misc/pykms.nix b/nixpkgs/nixos/modules/services/misc/pykms.nix index be3accc0d7e5..d1b209e38932 100644 --- a/nixpkgs/nixos/modules/services/misc/pykms.nix +++ b/nixpkgs/nixos/modules/services/misc/pykms.nix @@ -18,43 +18,43 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the PyKMS service."; + description = "Whether to enable the PyKMS service."; }; listenAddress = mkOption { type = types.str; default = "0.0.0.0"; - description = lib.mdDoc "The IP address on which to listen."; + description = "The IP address on which to listen."; }; port = mkOption { type = types.port; default = 1688; - description = lib.mdDoc "The port on which to listen."; + description = "The port on which to listen."; }; openFirewallPort = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether the listening port should be opened automatically."; + description = "Whether the listening port should be opened automatically."; }; memoryLimit = mkOption { type = types.str; default = "64M"; - description = lib.mdDoc "How much memory to use at most."; + description = "How much memory to use at most."; }; logLevel = mkOption { type = types.enum [ "CRITICAL" "ERROR" "WARNING" "INFO" "DEBUG" "MININFO" ]; default = "INFO"; - description = lib.mdDoc "How much to log"; + description = "How much to log"; }; extraArgs = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc "Additional arguments"; + description = "Additional arguments"; }; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/radarr.nix b/nixpkgs/nixos/modules/services/misc/radarr.nix index a5f264331ed3..d9f78c4e8ee6 100644 --- a/nixpkgs/nixos/modules/services/misc/radarr.nix +++ b/nixpkgs/nixos/modules/services/misc/radarr.nix @@ -9,32 +9,32 @@ in { options = { services.radarr = { - enable = mkEnableOption (lib.mdDoc "Radarr"); + enable = mkEnableOption "Radarr, a UsetNet/BitTorrent movie downloader"; package = mkPackageOption pkgs "radarr" { }; dataDir = mkOption { type = types.str; default = "/var/lib/radarr/.config/Radarr"; - description = lib.mdDoc "The directory where Radarr stores its data files."; + description = "The directory where Radarr stores its data files."; }; openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Open ports in the firewall for the Radarr web interface."; + description = "Open ports in the firewall for the Radarr web interface."; }; user = mkOption { type = types.str; default = "radarr"; - description = lib.mdDoc "User account under which Radarr runs."; + description = "User account under which Radarr runs."; }; group = mkOption { type = types.str; default = "radarr"; - description = lib.mdDoc "Group under which Radarr runs."; + description = "Group under which Radarr runs."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/readarr.nix b/nixpkgs/nixos/modules/services/misc/readarr.nix index 73868b4baa95..b76a70859f75 100644 --- a/nixpkgs/nixos/modules/services/misc/readarr.nix +++ b/nixpkgs/nixos/modules/services/misc/readarr.nix @@ -8,12 +8,12 @@ in { options = { services.readarr = { - enable = mkEnableOption (lib.mdDoc "Readarr"); + enable = mkEnableOption "Readarr, a Usenet/BitTorrent ebook downloader"; dataDir = mkOption { type = types.str; default = "/var/lib/readarr/"; - description = lib.mdDoc "The directory where Readarr stores its data files."; + description = "The directory where Readarr stores its data files."; }; package = mkPackageOption pkgs "readarr" { }; @@ -21,7 +21,7 @@ in openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Open ports in the firewall for Readarr ''; }; @@ -29,7 +29,7 @@ in user = mkOption { type = types.str; default = "readarr"; - description = lib.mdDoc '' + description = '' User account under which Readarr runs. ''; }; @@ -37,7 +37,7 @@ in group = mkOption { type = types.str; default = "readarr"; - description = lib.mdDoc '' + description = '' Group under which Readarr runs. ''; }; diff --git a/nixpkgs/nixos/modules/services/misc/redmine.nix b/nixpkgs/nixos/modules/services/misc/redmine.nix index c1209e34a92b..af1773dab267 100644 --- a/nixpkgs/nixos/modules/services/misc/redmine.nix +++ b/nixpkgs/nixos/modules/services/misc/redmine.nix @@ -10,16 +10,22 @@ let format = pkgs.formats.yaml {}; bundle = "${cfg.package}/share/redmine/bin/bundle"; - databaseYml = pkgs.writeText "database.yml" '' - production: - adapter: ${cfg.database.type} - database: ${cfg.database.name} - host: ${if (cfg.database.type == "postgresql" && cfg.database.socket != null) then cfg.database.socket else cfg.database.host} - port: ${toString cfg.database.port} - username: ${cfg.database.user} - password: #dbpass# - ${optionalString (cfg.database.type == "mysql2" && cfg.database.socket != null) "socket: ${cfg.database.socket}"} - ''; + databaseSettings = { + production = { + adapter = cfg.database.type; + database = if cfg.database.type == "sqlite3" then "${cfg.stateDir}/database.sqlite3" else cfg.database.name; + } // optionalAttrs (cfg.database.type != "sqlite3") { + host = if (cfg.database.type == "postgresql" && cfg.database.socket != null) then cfg.database.socket else cfg.database.host; + port = cfg.database.port; + username = cfg.database.user; + } // optionalAttrs (cfg.database.type != "sqlite3" && cfg.database.passwordFile != null) { + password = "#dbpass#"; + } // optionalAttrs (cfg.database.type == "mysql2" && cfg.database.socket != null) { + socket = cfg.database.socket; + }; + }; + + databaseYml = format.generate "database.yml" databaseSettings; configurationYml = format.generate "configuration.yml" cfg.settings; additionalEnvironment = pkgs.writeText "additional_environment.rb" cfg.extraEnv; @@ -50,7 +56,7 @@ in # interface options = { services.redmine = { - enable = mkEnableOption (lib.mdDoc "Redmine"); + enable = mkEnableOption "Redmine, a project management web application"; package = mkPackageOption pkgs "redmine" { example = "redmine.override { ruby = pkgs.ruby_3_2; }"; @@ -59,31 +65,31 @@ in user = mkOption { type = types.str; default = "redmine"; - description = lib.mdDoc "User under which Redmine is ran."; + description = "User under which Redmine is ran."; }; group = mkOption { type = types.str; default = "redmine"; - description = lib.mdDoc "Group under which Redmine is ran."; + description = "Group under which Redmine is ran."; }; port = mkOption { type = types.port; default = 3000; - description = lib.mdDoc "Port on which Redmine is ran."; + description = "Port on which Redmine is ran."; }; stateDir = mkOption { type = types.str; default = "/var/lib/redmine"; - description = lib.mdDoc "The state directory, logs and plugins are stored here."; + description = "The state directory, logs and plugins are stored here."; }; settings = mkOption { type = format.type; default = {}; - description = lib.mdDoc '' + description = '' Redmine configuration ({file}`configuration.yml`). Refer to <https://guides.rubyonrails.org/action_mailer_basics.html#action-mailer-configuration> for details. @@ -104,7 +110,7 @@ in extraEnv = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra configuration in additional_environment.rb. See <https://svn.redmine.org/redmine/trunk/config/additional_environment.rb.example> @@ -118,7 +124,7 @@ in themes = mkOption { type = types.attrsOf types.path; default = {}; - description = lib.mdDoc "Set of themes."; + description = "Set of themes."; example = literalExpression '' { dkuk-redmine_alex_skin = builtins.fetchurl { @@ -132,7 +138,7 @@ in plugins = mkOption { type = types.attrsOf types.path; default = {}; - description = lib.mdDoc "Set of plugins."; + description = "Set of plugins."; example = literalExpression '' { redmine_env_auth = builtins.fetchurl { @@ -145,42 +151,42 @@ in database = { type = mkOption { - type = types.enum [ "mysql2" "postgresql" ]; + type = types.enum [ "mysql2" "postgresql" "sqlite3" ]; example = "postgresql"; default = "mysql2"; - description = lib.mdDoc "Database engine to use."; + description = "Database engine to use."; }; host = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc "Database host address."; + description = "Database host address."; }; port = mkOption { type = types.port; default = if cfg.database.type == "postgresql" then 5432 else 3306; defaultText = literalExpression "3306"; - description = lib.mdDoc "Database host port."; + description = "Database host port."; }; name = mkOption { type = types.str; default = "redmine"; - description = lib.mdDoc "Database name."; + description = "Database name."; }; user = mkOption { type = types.str; default = "redmine"; - description = lib.mdDoc "Database user."; + description = "Database user."; }; passwordFile = mkOption { type = types.nullOr types.path; default = null; example = "/run/keys/redmine-dbpassword"; - description = lib.mdDoc '' + description = '' A file containing the password corresponding to {option}`database.user`. ''; @@ -194,13 +200,13 @@ in else null; defaultText = literalExpression "/run/mysqld/mysqld.sock"; example = "/run/mysqld/mysqld.sock"; - description = lib.mdDoc "Path to the unix socket file to use for authentication."; + description = "Path to the unix socket file to use for authentication."; }; createLocally = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Create the database and database user locally."; + description = "Create the database and database user locally."; }; }; @@ -208,49 +214,49 @@ in subversion = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Subversion integration."; + description = "Subversion integration."; }; mercurial = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Mercurial integration."; + description = "Mercurial integration."; }; git = mkOption { type = types.bool; default = false; - description = lib.mdDoc "git integration."; + description = "git integration."; }; cvs = mkOption { type = types.bool; default = false; - description = lib.mdDoc "cvs integration."; + description = "cvs integration."; }; breezy = mkOption { type = types.bool; default = false; - description = lib.mdDoc "bazaar integration."; + description = "bazaar integration."; }; imagemagick = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Allows exporting Gant diagrams as PNG."; + description = "Allows exporting Gant diagrams as PNG."; }; ghostscript = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Allows exporting Gant diagrams as PDF."; + description = "Allows exporting Gant diagrams as PDF."; }; minimagick_font_path = mkOption { type = types.str; default = ""; - description = lib.mdDoc "MiniMagick font path"; + description = "MiniMagick font path"; example = "/run/current-system/sw/share/X11/fonts/LiberationSans-Regular.ttf"; }; }; @@ -261,7 +267,7 @@ in config = mkIf cfg.enable { assertions = [ - { assertion = cfg.database.passwordFile != null || cfg.database.socket != null; + { assertion = cfg.database.type != "sqlite3" -> cfg.database.passwordFile != null || cfg.database.socket != null; message = "one of services.redmine.database.socket or services.redmine.database.passwordFile must be set"; } { assertion = cfg.database.createLocally -> cfg.database.user == cfg.user; @@ -270,8 +276,8 @@ in { assertion = pgsqlLocal -> cfg.database.user == cfg.database.name; message = "services.redmine.database.user and services.redmine.database.name must be the same when using a local postgresql database"; } - { assertion = cfg.database.createLocally -> cfg.database.socket != null; - message = "services.redmine.database.socket must be set if services.redmine.database.createLocally is set to true"; + { assertion = (cfg.database.createLocally && cfg.database.type != "sqlite3") -> cfg.database.socket != null; + message = "services.redmine.database.socket must be set if services.redmine.database.createLocally is set to true and no sqlite database is used"; } { assertion = cfg.database.createLocally -> cfg.database.host == "localhost"; message = "services.redmine.database.host must be set to localhost if services.redmine.database.createLocally is set to true"; @@ -395,9 +401,13 @@ in # handle database.passwordFile & permissions - DBPASS=${optionalString (cfg.database.passwordFile != null) "$(head -n1 ${cfg.database.passwordFile})"} cp -f ${databaseYml} "${cfg.stateDir}/config/database.yml" - sed -e "s,#dbpass#,$DBPASS,g" -i "${cfg.stateDir}/config/database.yml" + + ${optionalString ((cfg.database.type != "sqlite3") && (cfg.database.passwordFile != null)) '' + DBPASS="$(head -n1 ${cfg.database.passwordFile})" + sed -e "s,#dbpass#,$DBPASS,g" -i "${cfg.stateDir}/config/database.yml" + ''} + chmod 440 "${cfg.stateDir}/config/database.yml" diff --git a/nixpkgs/nixos/modules/services/misc/ripple-data-api.nix b/nixpkgs/nixos/modules/services/misc/ripple-data-api.nix index 30623a321338..a699ce95cf0e 100644 --- a/nixpkgs/nixos/modules/services/misc/ripple-data-api.nix +++ b/nixpkgs/nixos/modules/services/misc/ripple-data-api.nix @@ -35,47 +35,47 @@ let in { options = { services.rippleDataApi = { - enable = mkEnableOption (lib.mdDoc "ripple data api"); + enable = mkEnableOption "ripple data api"; port = mkOption { - description = lib.mdDoc "Ripple data api port"; + description = "Ripple data api port"; default = 5993; type = types.port; }; importMode = mkOption { - description = lib.mdDoc "Ripple data api import mode."; + description = "Ripple data api import mode."; default = "liveOnly"; type = types.enum ["live" "liveOnly"]; }; minLedger = mkOption { - description = lib.mdDoc "Ripple data api minimal ledger to fetch."; + description = "Ripple data api minimal ledger to fetch."; default = null; type = types.nullOr types.int; }; maxLedger = mkOption { - description = lib.mdDoc "Ripple data api maximal ledger to fetch."; + description = "Ripple data api maximal ledger to fetch."; default = null; type = types.nullOr types.int; }; redis = { enable = mkOption { - description = lib.mdDoc "Whether to enable caching of ripple data to redis."; + description = "Whether to enable caching of ripple data to redis."; default = true; type = types.bool; }; host = mkOption { - description = lib.mdDoc "Ripple data api redis host."; + description = "Ripple data api redis host."; default = "localhost"; type = types.str; }; port = mkOption { - description = lib.mdDoc "Ripple data api redis port."; + description = "Ripple data api redis port."; default = 5984; type = types.port; }; @@ -83,44 +83,44 @@ in { couchdb = { host = mkOption { - description = lib.mdDoc "Ripple data api couchdb host."; + description = "Ripple data api couchdb host."; default = "localhost"; type = types.str; }; port = mkOption { - description = lib.mdDoc "Ripple data api couchdb port."; + description = "Ripple data api couchdb port."; default = 5984; type = types.port; }; db = mkOption { - description = lib.mdDoc "Ripple data api couchdb database."; + description = "Ripple data api couchdb database."; default = "rippled"; type = types.str; }; user = mkOption { - description = lib.mdDoc "Ripple data api couchdb username."; + description = "Ripple data api couchdb username."; default = "rippled"; type = types.str; }; pass = mkOption { - description = lib.mdDoc "Ripple data api couchdb password."; + description = "Ripple data api couchdb password."; default = ""; type = types.str; }; create = mkOption { - description = lib.mdDoc "Whether to create couchdb database needed by ripple data api."; + description = "Whether to create couchdb database needed by ripple data api."; type = types.bool; default = true; }; }; rippleds = mkOption { - description = lib.mdDoc "List of rippleds to be used by ripple data api."; + description = "List of rippleds to be used by ripple data api."; default = [ "http://s_east.ripple.com:51234" "http://s_west.ripple.com:51234" diff --git a/nixpkgs/nixos/modules/services/misc/rippled.nix b/nixpkgs/nixos/modules/services/misc/rippled.nix index 68a831894250..3a906f3e714f 100644 --- a/nixpkgs/nixos/modules/services/misc/rippled.nix +++ b/nixpkgs/nixos/modules/services/misc/rippled.nix @@ -92,41 +92,41 @@ let ip = mkOption { default = "127.0.0.1"; - description = lib.mdDoc "Ip where rippled listens."; + description = "Ip where rippled listens."; type = types.str; }; port = mkOption { - description = lib.mdDoc "Port where rippled listens."; + description = "Port where rippled listens."; type = types.port; }; protocol = mkOption { - description = lib.mdDoc "Protocols expose by rippled."; + description = "Protocols expose by rippled."; type = types.listOf (types.enum ["http" "https" "ws" "wss" "peer"]); }; user = mkOption { - description = lib.mdDoc "When set, these credentials will be required on HTTP/S requests."; + description = "When set, these credentials will be required on HTTP/S requests."; type = types.str; default = ""; }; password = mkOption { - description = lib.mdDoc "When set, these credentials will be required on HTTP/S requests."; + description = "When set, these credentials will be required on HTTP/S requests."; type = types.str; default = ""; }; admin = mkOption { - description = lib.mdDoc "A comma-separated list of admin IP addresses."; + description = "A comma-separated list of admin IP addresses."; type = types.listOf types.str; default = ["127.0.0.1"]; }; ssl = { key = mkOption { - description = lib.mdDoc '' + description = '' Specifies the filename holding the SSL key in PEM format. ''; default = null; @@ -134,7 +134,7 @@ let }; cert = mkOption { - description = lib.mdDoc '' + description = '' Specifies the path to the SSL certificate file in PEM format. This is not needed if the chain includes it. ''; @@ -143,7 +143,7 @@ let }; chain = mkOption { - description = lib.mdDoc '' + description = '' If you need a certificate chain, specify the path to the certificate chain here. The chain may include the end certificate. ''; @@ -157,33 +157,33 @@ let dbOptions = { options = { type = mkOption { - description = lib.mdDoc "Rippled database type."; + description = "Rippled database type."; type = types.enum ["rocksdb" "nudb"]; default = "rocksdb"; }; path = mkOption { - description = lib.mdDoc "Location to store the database."; + description = "Location to store the database."; type = types.path; default = cfg.databasePath; defaultText = literalExpression "config.${opt.databasePath}"; }; compression = mkOption { - description = lib.mdDoc "Whether to enable snappy compression."; + description = "Whether to enable snappy compression."; type = types.nullOr types.bool; default = null; }; onlineDelete = mkOption { - description = lib.mdDoc "Enable automatic purging of older ledger information."; + description = "Enable automatic purging of older ledger information."; type = types.nullOr (types.addCheck types.int (v: v > 256)); default = cfg.ledgerHistory; defaultText = literalExpression "config.${opt.ledgerHistory}"; }; advisoryDelete = mkOption { - description = lib.mdDoc '' + description = '' If set, then require administrative RPC call "can_delete" to enable online deletion of ledger records. ''; @@ -192,7 +192,7 @@ let }; extraOpts = mkOption { - description = lib.mdDoc "Extra database options."; + description = "Extra database options."; type = types.lines; default = ""; }; @@ -207,12 +207,12 @@ in options = { services.rippled = { - enable = mkEnableOption (lib.mdDoc "rippled"); + enable = mkEnableOption "rippled, a decentralized cryptocurrency blockchain daemon implementing the XRP Ledger protocol in C++"; package = mkPackageOption pkgs "rippled" { }; ports = mkOption { - description = lib.mdDoc "Ports exposed by rippled"; + description = "Ports exposed by rippled"; type = with types; attrsOf (submodule portOptions); default = { rpc = { @@ -236,7 +236,7 @@ in }; nodeDb = mkOption { - description = lib.mdDoc "Rippled main database options."; + description = "Rippled main database options."; type = with types; nullOr (submodule dbOptions); default = { type = "rocksdb"; @@ -251,19 +251,19 @@ in }; tempDb = mkOption { - description = lib.mdDoc "Rippled temporary database options."; + description = "Rippled temporary database options."; type = with types; nullOr (submodule dbOptions); default = null; }; importDb = mkOption { - description = lib.mdDoc "Settings for performing a one-time import."; + description = "Settings for performing a one-time import."; type = with types; nullOr (submodule dbOptions); default = null; }; nodeSize = mkOption { - description = lib.mdDoc '' + description = '' Rippled size of the node you are running. "tiny", "small", "medium", "large", and "huge" ''; @@ -272,7 +272,7 @@ in }; ips = mkOption { - description = lib.mdDoc '' + description = '' List of hostnames or ips where the Ripple protocol is served. For a starter list, you can either copy entries from: https://ripple.com/ripple.txt or if you prefer you can let it @@ -287,7 +287,7 @@ in }; ipsFixed = mkOption { - description = lib.mdDoc '' + description = '' List of IP addresses or hostnames to which rippled should always attempt to maintain peer connections with. This is useful for manually forming private networks, for example to configure a @@ -301,7 +301,7 @@ in }; validators = mkOption { - description = lib.mdDoc '' + description = '' List of nodes to always accept as validators. Nodes are specified by domain or public key. ''; @@ -316,7 +316,7 @@ in }; databasePath = mkOption { - description = lib.mdDoc '' + description = '' Path to the ripple database. ''; type = types.path; @@ -324,7 +324,7 @@ in }; validationQuorum = mkOption { - description = lib.mdDoc '' + description = '' The minimum number of trusted validations a ledger must have before the server considers it fully validated. ''; @@ -333,7 +333,7 @@ in }; ledgerHistory = mkOption { - description = lib.mdDoc '' + description = '' The number of past ledgers to acquire on server startup and the minimum to maintain while running. ''; @@ -342,7 +342,7 @@ in }; fetchDepth = mkOption { - description = lib.mdDoc '' + description = '' The number of past ledgers to serve to other peers that request historical ledger data (or "full" for no limit). ''; @@ -351,7 +351,7 @@ in }; sntpServers = mkOption { - description = lib.mdDoc '' + description = '' IP address or domain of NTP servers to use for time synchronization.; ''; type = types.listOf types.str; @@ -364,22 +364,22 @@ in }; logLevel = mkOption { - description = lib.mdDoc "Logging verbosity."; + description = "Logging verbosity."; type = types.enum ["debug" "error" "info"]; default = "error"; }; statsd = { - enable = mkEnableOption (lib.mdDoc "statsd monitoring for rippled"); + enable = mkEnableOption "statsd monitoring for rippled"; address = mkOption { - description = lib.mdDoc "The UDP address and port of the listening StatsD server."; + description = "The UDP address and port of the listening StatsD server."; default = "127.0.0.1:8125"; type = types.str; }; prefix = mkOption { - description = lib.mdDoc "A string prepended to each collected metric."; + description = "A string prepended to each collected metric."; default = ""; type = types.str; }; @@ -388,7 +388,7 @@ in extraConfig = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Extra lines to be added verbatim to the rippled.cfg configuration file. ''; }; diff --git a/nixpkgs/nixos/modules/services/misc/rkvm.nix b/nixpkgs/nixos/modules/services/misc/rkvm.nix index 582e8511ed96..9d41669e00f6 100644 --- a/nixpkgs/nixos/modules/services/misc/rkvm.nix +++ b/nixpkgs/nixos/modules/services/misc/rkvm.nix @@ -14,7 +14,7 @@ in default = cfg.server.enable || cfg.client.enable; defaultText = literalExpression "config.${opt.server.enable} || config.${opt.client.enable}"; type = types.bool; - description = mdDoc '' + description = '' Whether to enable rkvm, a Virtual KVM switch for Linux machines. ''; }; @@ -32,7 +32,7 @@ in listen = mkOption { type = types.str; default = "0.0.0.0:5258"; - description = mdDoc '' + description = '' An internet socket address to listen on, either IPv4 or IPv6. ''; }; @@ -40,7 +40,7 @@ in switch-keys = mkOption { type = types.listOf types.str; default = [ "left-alt" "left-ctrl" ]; - description = mdDoc '' + description = '' A key list specifying a host switch combination. _A list of key names is available in <https://github.com/htrefil/rkvm/blob/master/switch-keys.md>._ @@ -50,7 +50,7 @@ in certificate = mkOption { type = types.path; default = "/etc/rkvm/certificate.pem"; - description = mdDoc '' + description = '' TLS certificate path. ::: {.note} @@ -62,7 +62,7 @@ in key = mkOption { type = types.path; default = "/etc/rkvm/key.pem"; - description = mdDoc '' + description = '' TLS key path. ::: {.note} @@ -73,7 +73,7 @@ in password = mkOption { type = types.str; - description = mdDoc '' + description = '' Shared secret token to authenticate the client. Make sure this matches your client's config. ''; @@ -82,7 +82,7 @@ in }; default = { }; - description = mdDoc "Structured server daemon configuration"; + description = "Structured server daemon configuration"; }; }; @@ -97,7 +97,7 @@ in server = mkOption { type = types.str; example = "192.168.0.123:5258"; - description = mdDoc '' + description = '' An RKVM server's internet socket address, either IPv4 or IPv6. ''; }; @@ -105,7 +105,7 @@ in certificate = mkOption { type = types.path; default = "/etc/rkvm/certificate.pem"; - description = mdDoc '' + description = '' TLS ceritficate path. ::: {.note} @@ -116,7 +116,7 @@ in password = mkOption { type = types.str; - description = mdDoc '' + description = '' Shared secret token to authenticate the client. Make sure this matches your server's config. ''; @@ -125,7 +125,7 @@ in }; default = {}; - description = mdDoc "Structured client daemon configuration"; + description = "Structured client daemon configuration"; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/rmfakecloud.nix b/nixpkgs/nixos/modules/services/misc/rmfakecloud.nix index 979f4f14d383..6cc87753aa25 100644 --- a/nixpkgs/nixos/modules/services/misc/rmfakecloud.nix +++ b/nixpkgs/nixos/modules/services/misc/rmfakecloud.nix @@ -9,7 +9,7 @@ let in { options = { services.rmfakecloud = { - enable = mkEnableOption (lib.mdDoc "rmfakecloud remarkable self-hosted cloud"); + enable = mkEnableOption "rmfakecloud remarkable self-hosted cloud"; package = mkPackageOption pkgs "rmfakecloud" { extraDescription = '' @@ -22,7 +22,7 @@ in { storageUrl = mkOption { type = types.str; example = "https://local.appspot.com"; - description = lib.mdDoc '' + description = '' URL used by the tablet to access the rmfakecloud service. ''; }; @@ -30,7 +30,7 @@ in { port = mkOption { type = types.port; default = 3000; - description = lib.mdDoc '' + description = '' Listening port number. ''; }; @@ -38,7 +38,7 @@ in { logLevel = mkOption { type = types.enum [ "info" "debug" "warn" "error" ]; default = "info"; - description = lib.mdDoc '' + description = '' Logging level. ''; }; @@ -47,7 +47,7 @@ in { type = with types; attrsOf str; default = { }; example = { DATADIR = "/custom/path/for/rmfakecloud/data"; }; - description = lib.mdDoc '' + description = '' Extra settings in the form of a set of key-value pairs. For tokens and secrets, use `environmentFile` instead. @@ -60,7 +60,7 @@ in { type = with types; nullOr path; default = null; example = "/etc/secrets/rmfakecloud.env"; - description = lib.mdDoc '' + description = '' Path to an environment file loaded for the rmfakecloud service. This can be used to securely store tokens and secrets outside of the diff --git a/nixpkgs/nixos/modules/services/misc/rshim.nix b/nixpkgs/nixos/modules/services/misc/rshim.nix index ae13f7d208f6..4a66f61fa40a 100644 --- a/nixpkgs/nixos/modules/services/misc/rshim.nix +++ b/nixpkgs/nixos/modules/services/misc/rshim.nix @@ -12,13 +12,13 @@ let in { options.services.rshim = { - enable = lib.mkEnableOption (lib.mdDoc "user-space rshim driver for the BlueField SoC"); + enable = lib.mkEnableOption "user-space rshim driver for the BlueField SoC"; package = lib.mkPackageOption pkgs "rshim-user-space" { }; backend = lib.mkOption { type = with lib.types; nullOr (enum [ "usb" "pcie" "pcie_lf" ]); - description = lib.mdDoc '' + description = '' Specify the backend to attach. If not specified, the driver will scan all rshim backends unless the `device` option is given with a device name specified. @@ -29,7 +29,7 @@ in device = lib.mkOption { type = with lib.types; nullOr str; - description = lib.mdDoc '' + description = '' Specify the device name to attach. The backend driver can be deduced from the device name, thus the `backend` option is not needed. ''; @@ -39,7 +39,7 @@ in index = lib.mkOption { type = with lib.types; nullOr int; - description = lib.mdDoc '' + description = '' Specify the index to create device path `/dev/rshim<index>`. It's also used to create network interface name `tmfifo_net<index>`. This option is needed when multiple rshim instances are running. @@ -50,7 +50,7 @@ in log-level = lib.mkOption { type = lib.types.int; - description = lib.mdDoc '' + description = '' Specify the log level (0:none, 1:error, 2:warning, 3:notice, 4:debug). ''; default = 2; @@ -59,7 +59,7 @@ in config = lib.mkOption { type = with lib.types; attrsOf (oneOf [ int str ]); - description = lib.mdDoc '' + description = '' Structural setting for the rshim configuration file (`/etc/rshim.conf`). It can be used to specify the static mapping between rshim devices and rshim names. It can also be used to ignore diff --git a/nixpkgs/nixos/modules/services/misc/safeeyes.nix b/nixpkgs/nixos/modules/services/misc/safeeyes.nix index 9dfa2001bcb7..38970fd77527 100644 --- a/nixpkgs/nixos/modules/services/misc/safeeyes.nix +++ b/nixpkgs/nixos/modules/services/misc/safeeyes.nix @@ -16,7 +16,7 @@ in services.safeeyes = { - enable = mkEnableOption (lib.mdDoc "the safeeyes OSGi service"); + enable = mkEnableOption "the safeeyes OSGi service"; }; diff --git a/nixpkgs/nixos/modules/services/misc/sdrplay.nix b/nixpkgs/nixos/modules/services/misc/sdrplay.nix index 2d5333e3885b..d56b1e4124d6 100644 --- a/nixpkgs/nixos/modules/services/misc/sdrplay.nix +++ b/nixpkgs/nixos/modules/services/misc/sdrplay.nix @@ -5,7 +5,7 @@ with lib; enable = mkOption { default = false; example = true; - description = lib.mdDoc '' + description = '' Whether to enable the SDRplay API service and udev rules. ::: {.note} diff --git a/nixpkgs/nixos/modules/services/misc/serviio.nix b/nixpkgs/nixos/modules/services/misc/serviio.nix index 18e64030d79d..a9449e54f5b0 100644 --- a/nixpkgs/nixos/modules/services/misc/serviio.nix +++ b/nixpkgs/nixos/modules/services/misc/serviio.nix @@ -31,7 +31,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the Serviio Media Server. ''; }; @@ -39,7 +39,7 @@ in { dataDir = mkOption { type = types.path; default = "/var/lib/serviio"; - description = lib.mdDoc '' + description = '' The directory where serviio stores its state, data, etc. ''; }; diff --git a/nixpkgs/nixos/modules/services/misc/sickbeard.nix b/nixpkgs/nixos/modules/services/misc/sickbeard.nix index f141660ced86..51179fdb14d3 100644 --- a/nixpkgs/nixos/modules/services/misc/sickbeard.nix +++ b/nixpkgs/nixos/modules/services/misc/sickbeard.nix @@ -20,7 +20,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the sickbeard server."; + description = "Whether to enable the sickbeard server."; }; package = mkPackageOption pkgs "sickbeard" { example = "sickrage"; @@ -32,28 +32,28 @@ in dataDir = mkOption { type = types.path; default = "/var/lib/${name}"; - description = lib.mdDoc "Path where to store data files."; + description = "Path where to store data files."; }; configFile = mkOption { type = types.path; default = "${cfg.dataDir}/config.ini"; defaultText = literalExpression ''"''${config.${opt.dataDir}}/config.ini"''; - description = lib.mdDoc "Path to config file."; + description = "Path to config file."; }; port = mkOption { type = types.ints.u16; default = 8081; - description = lib.mdDoc "Port to bind to."; + description = "Port to bind to."; }; user = mkOption { type = types.str; default = name; - description = lib.mdDoc "User to run the service as"; + description = "User to run the service as"; }; group = mkOption { type = types.str; default = name; - description = lib.mdDoc "Group to run the service as"; + description = "Group to run the service as"; }; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/signald.nix b/nixpkgs/nixos/modules/services/misc/signald.nix index 32ba154506ce..45cf1434882f 100644 --- a/nixpkgs/nixos/modules/services/misc/signald.nix +++ b/nixpkgs/nixos/modules/services/misc/signald.nix @@ -8,24 +8,24 @@ let in { options.services.signald = { - enable = mkEnableOption (lib.mdDoc "the signald service"); + enable = mkEnableOption "signald, the unofficial daemon for interacting with Signal"; user = mkOption { type = types.str; default = defaultUser; - description = lib.mdDoc "User under which signald runs."; + description = "User under which signald runs."; }; group = mkOption { type = types.str; default = defaultUser; - description = lib.mdDoc "Group under which signald runs."; + description = "Group under which signald runs."; }; socketPath = mkOption { type = types.str; default = "/run/signald/signald.sock"; - description = lib.mdDoc "Path to the signald socket"; + description = "Path to the signald socket"; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/siproxd.nix b/nixpkgs/nixos/modules/services/misc/siproxd.nix index 3890962b7cfb..bedc91e3b43c 100644 --- a/nixpkgs/nixos/modules/services/misc/siproxd.nix +++ b/nixpkgs/nixos/modules/services/misc/siproxd.nix @@ -37,7 +37,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the Siproxd SIP proxy/masquerading daemon. ''; @@ -46,20 +46,20 @@ in ifInbound = mkOption { type = types.str; example = "eth0"; - description = lib.mdDoc "Local network interface"; + description = "Local network interface"; }; ifOutbound = mkOption { type = types.str; example = "ppp0"; - description = lib.mdDoc "Public network interface"; + description = "Public network interface"; }; hostsAllowReg = mkOption { type = types.listOf types.str; default = [ ]; example = [ "192.168.1.0/24" "192.168.2.0/24" ]; - description = lib.mdDoc '' + description = '' Access control list for incoming SIP registrations. ''; }; @@ -68,7 +68,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "123.45.0.0/16" "123.46.0.0/16" ]; - description = lib.mdDoc '' + description = '' Access control list for incoming SIP traffic. ''; }; @@ -77,7 +77,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "10.0.0.0/8" "11.0.0.0/8" ]; - description = lib.mdDoc '' + description = '' Access control list for denying incoming SIP registrations and traffic. ''; @@ -86,7 +86,7 @@ in sipListenPort = mkOption { type = types.int; default = 5060; - description = lib.mdDoc '' + description = '' Port to listen for incoming SIP messages. ''; }; @@ -94,7 +94,7 @@ in rtpPortLow = mkOption { type = types.int; default = 7070; - description = lib.mdDoc '' + description = '' Bottom of UDP port range for incoming and outgoing RTP traffic ''; }; @@ -102,7 +102,7 @@ in rtpPortHigh = mkOption { type = types.int; default = 7089; - description = lib.mdDoc '' + description = '' Top of UDP port range for incoming and outgoing RTP traffic ''; }; @@ -110,7 +110,7 @@ in rtpTimeout = mkOption { type = types.int; default = 300; - description = lib.mdDoc '' + description = '' Timeout for an RTP stream. If for the specified number of seconds no data is relayed on an active stream, it is considered dead and will be killed. @@ -120,7 +120,7 @@ in rtpDscp = mkOption { type = types.int; default = 46; - description = lib.mdDoc '' + description = '' DSCP (differentiated services) value to be assigned to RTP packets. Allows QOS aware routers to handle different types traffic with different priorities. @@ -130,7 +130,7 @@ in sipDscp = mkOption { type = types.int; default = 0; - description = lib.mdDoc '' + description = '' DSCP (differentiated services) value to be assigned to SIP packets. Allows QOS aware routers to handle different types traffic with different priorities. @@ -140,7 +140,7 @@ in passwordFile = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Path to per-user password file. ''; }; @@ -148,7 +148,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra configuration to add to siproxd configuration. ''; }; diff --git a/nixpkgs/nixos/modules/services/misc/snapper.nix b/nixpkgs/nixos/modules/services/misc/snapper.nix index 569433c3c71d..3a3ed1b5c0f5 100644 --- a/nixpkgs/nixos/modules/services/misc/snapper.nix +++ b/nixpkgs/nixos/modules/services/misc/snapper.nix @@ -25,7 +25,7 @@ let configOptions = { SUBVOLUME = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' Path of the subvolume or mount point. This path is a subvolume and has to contain a subvolume named .snapshots. @@ -36,7 +36,7 @@ let FSTYPE = mkOption { type = types.enum [ "btrfs" ]; default = "btrfs"; - description = lib.mdDoc '' + description = '' Filesystem type. Only btrfs is stable and tested. ''; }; @@ -44,7 +44,7 @@ let ALLOW_GROUPS = mkOption { type = types.listOf safeStr; default = []; - description = lib.mdDoc '' + description = '' List of groups allowed to operate with the config. Also see the PERMISSIONS section in man:snapper(8). @@ -55,7 +55,7 @@ let type = types.listOf safeStr; default = []; example = [ "alice" ]; - description = lib.mdDoc '' + description = '' List of users allowed to operate with the config. "root" is always implicitly included. @@ -66,7 +66,7 @@ let TIMELINE_CLEANUP = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Defines whether the timeline cleanup algorithm should be run for the config. ''; }; @@ -74,7 +74,7 @@ let TIMELINE_CREATE = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Defines whether hourly snapshots should be created. ''; }; @@ -87,7 +87,7 @@ in snapshotRootOnBoot = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to snapshot root on boot ''; }; @@ -95,7 +95,7 @@ in snapshotInterval = mkOption { type = types.str; default = "hourly"; - description = lib.mdDoc '' + description = '' Snapshot interval. The format is described in @@ -106,7 +106,7 @@ in cleanupInterval = mkOption { type = types.str; default = "1d"; - description = lib.mdDoc '' + description = '' Cleanup interval. The format is described in @@ -117,7 +117,7 @@ in filters = mkOption { type = types.nullOr types.lines; default = null; - description = lib.mdDoc '' + description = '' Global display difference filter. See man:snapper(8) for more details. ''; }; @@ -135,7 +135,7 @@ in } ''; - description = lib.mdDoc '' + description = '' Subvolume configuration. Any option mentioned in man:snapper-configs(5) is valid here, even if NixOS doesn't document it. ''; diff --git a/nixpkgs/nixos/modules/services/misc/soft-serve.nix b/nixpkgs/nixos/modules/services/misc/soft-serve.nix index 2b63b6bcd867..1907d92adb85 100644 --- a/nixpkgs/nixos/modules/services/misc/soft-serve.nix +++ b/nixpkgs/nixos/modules/services/misc/soft-serve.nix @@ -19,7 +19,7 @@ in settings = mkOption { type = format.type; default = { }; - description = mdDoc '' + description = '' The contents of the configuration file for soft-serve. See <${docUrl}>. diff --git a/nixpkgs/nixos/modules/services/misc/sonarr.nix b/nixpkgs/nixos/modules/services/misc/sonarr.nix index ec59988d2b9a..228a2d48f5a9 100644 --- a/nixpkgs/nixos/modules/services/misc/sonarr.nix +++ b/nixpkgs/nixos/modules/services/misc/sonarr.nix @@ -8,18 +8,18 @@ in { options = { services.sonarr = { - enable = mkEnableOption (lib.mdDoc "Sonarr"); + enable = mkEnableOption "Sonarr"; dataDir = mkOption { type = types.str; default = "/var/lib/sonarr/.config/NzbDrone"; - description = lib.mdDoc "The directory where Sonarr stores its data files."; + description = "The directory where Sonarr stores its data files."; }; openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Open ports in the firewall for the Sonarr web interface ''; }; @@ -27,13 +27,13 @@ in user = mkOption { type = types.str; default = "sonarr"; - description = lib.mdDoc "User account under which Sonaar runs."; + description = "User account under which Sonaar runs."; }; group = mkOption { type = types.str; default = "sonarr"; - description = lib.mdDoc "Group under which Sonaar runs."; + description = "Group under which Sonaar runs."; }; package = mkPackageOption pkgs "sonarr" { }; diff --git a/nixpkgs/nixos/modules/services/misc/sourcehut/default.nix b/nixpkgs/nixos/modules/services/misc/sourcehut/default.nix index 557d6d7e7168..94a96dba6790 100644 --- a/nixpkgs/nixos/modules/services/misc/sourcehut/default.nix +++ b/nixpkgs/nixos/modules/services/misc/sourcehut/default.nix @@ -56,38 +56,38 @@ let }))); commonServiceSettings = srv: { origin = mkOption { - description = lib.mdDoc "URL ${srv}.sr.ht is being served at (protocol://domain)"; + description = "URL ${srv}.sr.ht is being served at (protocol://domain)"; type = types.str; default = "https://${srv}.${domain}"; defaultText = "https://${srv}.example.com"; }; debug-host = mkOption { - description = lib.mdDoc "Address to bind the debug server to."; + description = "Address to bind the debug server to."; type = with types; nullOr str; default = null; }; debug-port = mkOption { - description = lib.mdDoc "Port to bind the debug server to."; + description = "Port to bind the debug server to."; type = with types; nullOr str; default = null; }; connection-string = mkOption { - description = lib.mdDoc "SQLAlchemy connection string for the database."; + description = "SQLAlchemy connection string for the database."; type = types.str; default = "postgresql:///localhost?user=${srv}srht&host=/run/postgresql"; }; - migrate-on-upgrade = mkEnableOption (lib.mdDoc "automatic migrations on package upgrade") // { default = true; }; + migrate-on-upgrade = mkEnableOption "automatic migrations on package upgrade" // { default = true; }; oauth-client-id = mkOption { - description = lib.mdDoc "${srv}.sr.ht's OAuth client id for meta.sr.ht."; + description = "${srv}.sr.ht's OAuth client id for meta.sr.ht."; type = types.str; }; oauth-client-secret = mkOption { - description = lib.mdDoc "${srv}.sr.ht's OAuth client secret for meta.sr.ht."; + description = "${srv}.sr.ht's OAuth client secret for meta.sr.ht."; type = types.path; apply = s: "<" + toString s; }; api-origin = mkOption { - description = lib.mdDoc "Origin URL for the API"; + description = "Origin URL for the API"; type = types.str; default = "http://${cfg.listenAddress}:${toString (cfg.${srv}.port + 100)}"; defaultText = lib.literalMD '' @@ -117,57 +117,57 @@ let todosrht ]); mkOptionNullOrStr = description: mkOption { - description = lib.mdDoc description; + description = description; type = with types; nullOr str; default = null; }; in { options.services.sourcehut = { - enable = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption '' sourcehut - git hosting, continuous integration, mailing list, ticket tracking, wiki and account management services - ''); + ''; listenAddress = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc "Address to bind to."; + description = "Address to bind to."; }; python = mkOption { internal = true; type = types.package; default = python; - description = lib.mdDoc '' + description = '' The python package to use. It should contain references to the *srht modules and also gunicorn. ''; }; minio = { - enable = mkEnableOption (lib.mdDoc ''local minio integration''); + enable = mkEnableOption ''local minio integration''; }; nginx = { - enable = mkEnableOption (lib.mdDoc ''local nginx integration''); + enable = mkEnableOption ''local nginx integration''; virtualHost = mkOption { type = types.attrs; default = {}; - description = lib.mdDoc "Virtual-host configuration merged with all Sourcehut's virtual-hosts."; + description = "Virtual-host configuration merged with all Sourcehut's virtual-hosts."; }; }; postfix = { - enable = mkEnableOption (lib.mdDoc ''local postfix integration''); + enable = mkEnableOption ''local postfix integration''; }; postgresql = { - enable = mkEnableOption (lib.mdDoc ''local postgresql integration''); + enable = mkEnableOption ''local postgresql integration''; }; redis = { - enable = mkEnableOption (lib.mdDoc ''local redis integration in a dedicated redis-server''); + enable = mkEnableOption ''local redis integration in a dedicated redis-server''; }; settings = mkOption { @@ -175,17 +175,17 @@ in freeformType = settingsFormat.type; options."sr.ht" = { global-domain = mkOption { - description = lib.mdDoc "Global domain name."; + description = "Global domain name."; type = types.str; example = "example.com"; }; environment = mkOption { - description = lib.mdDoc "Values other than \"production\" adds a banner to each page."; + description = "Values other than \"production\" adds a banner to each page."; type = types.enum [ "development" "production" ]; default = "development"; }; network-key = mkOption { - description = lib.mdDoc '' + description = '' An absolute file path (which should be outside the Nix-store) to a secret key to encrypt internal messages with. Use `srht-keygen network` to generate this key. It must be consistent between all services and nodes. @@ -194,27 +194,27 @@ in apply = s: "<" + toString s; }; owner-email = mkOption { - description = lib.mdDoc "Owner's email."; + description = "Owner's email."; type = types.str; default = "contact@example.com"; }; owner-name = mkOption { - description = lib.mdDoc "Owner's name."; + description = "Owner's name."; type = types.str; default = "John Doe"; }; site-blurb = mkOption { - description = lib.mdDoc "Blurb for your site."; + description = "Blurb for your site."; type = types.str; default = "the hacker's forge"; }; site-info = mkOption { - description = lib.mdDoc "The top-level info page for your site."; + description = "The top-level info page for your site."; type = types.str; default = "https://sourcehut.org"; }; service-key = mkOption { - description = lib.mdDoc '' + description = '' An absolute file path (which should be outside the Nix-store) to a key used for encrypting session cookies. Use `srht-keygen service` to generate the service key. This must be shared between each node of the same @@ -226,12 +226,12 @@ in apply = s: "<" + toString s; }; site-name = mkOption { - description = lib.mdDoc "The name of your network of sr.ht-based sites."; + description = "The name of your network of sr.ht-based sites."; type = types.str; default = "sourcehut"; }; source-url = mkOption { - description = lib.mdDoc "The source code for your fork of sr.ht."; + description = "The source code for your fork of sr.ht."; type = types.str; default = "https://git.sr.ht/~sircmpwn/srht"; }; @@ -239,7 +239,7 @@ in options.mail = { smtp-host = mkOptionNullOrStr "Outgoing SMTP host."; smtp-port = mkOption { - description = lib.mdDoc "Outgoing SMTP port."; + description = "Outgoing SMTP port."; type = with types; nullOr port; default = null; }; @@ -247,13 +247,13 @@ in smtp-password = mkOptionNullOrStr "Outgoing SMTP password."; smtp-from = mkOption { type = types.str; - description = lib.mdDoc "Outgoing SMTP FROM."; + description = "Outgoing SMTP FROM."; }; error-to = mkOptionNullOrStr "Address receiving application exceptions"; error-from = mkOptionNullOrStr "Address sending application exceptions"; pgp-privkey = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' An absolute file path (which should be outside the Nix-store) to an OpenPGP private key. @@ -265,26 +265,26 @@ in }; pgp-pubkey = mkOption { type = with types; either path str; - description = lib.mdDoc "OpenPGP public key."; + description = "OpenPGP public key."; }; pgp-key-id = mkOption { type = types.str; - description = lib.mdDoc "OpenPGP key identifier."; + description = "OpenPGP key identifier."; }; }; options.objects = { s3-upstream = mkOption { - description = lib.mdDoc "Configure the S3-compatible object storage service."; + description = "Configure the S3-compatible object storage service."; type = with types; nullOr str; default = null; }; s3-access-key = mkOption { - description = lib.mdDoc "Access key to the S3-compatible object storage service"; + description = "Access key to the S3-compatible object storage service"; type = with types; nullOr str; default = null; }; s3-secret-key = mkOption { - description = lib.mdDoc '' + description = '' An absolute file path (which should be outside the Nix-store) to the secret key of the S3-compatible object storage service. ''; @@ -295,7 +295,7 @@ in }; options.webhooks = { private-key = mkOption { - description = lib.mdDoc '' + description = '' An absolute file path (which should be outside the Nix-store) to a base64-encoded Ed25519 key for signing webhook payloads. This should be consistent for all *.sr.ht sites, @@ -309,14 +309,14 @@ in }; options."builds.sr.ht" = commonServiceSettings "builds" // { - allow-free = mkEnableOption (lib.mdDoc "nonpaying users to submit builds"); + allow-free = mkEnableOption "nonpaying users to submit builds"; redis = mkOption { - description = lib.mdDoc "The Redis connection used for the Celery worker."; + description = "The Redis connection used for the Celery worker."; type = types.str; default = "redis+socket:///run/redis-sourcehut-buildsrht/redis.sock?virtual_host=2"; }; shell = mkOption { - description = lib.mdDoc '' + description = '' Scripts used to launch on SSH connection. `/usr/bin/master-shell` on master, `/usr/bin/runner-shell` on runner. @@ -329,19 +329,19 @@ in }; options."builds.sr.ht::worker" = { bind-address = mkOption { - description = lib.mdDoc '' + description = '' HTTP bind address for serving local build information/monitoring. ''; type = types.str; default = "localhost:8080"; }; buildlogs = mkOption { - description = lib.mdDoc "Path to write build logs."; + description = "Path to write build logs."; type = types.str; default = "/var/log/sourcehut/buildsrht-worker"; }; name = mkOption { - description = lib.mdDoc '' + description = '' Listening address and listening port of the build runner (with HTTP port if not 80). ''; @@ -349,7 +349,7 @@ in default = "localhost:5020"; }; timeout = mkOption { - description = lib.mdDoc '' + description = '' Max build duration. See <https://golang.org/pkg/time/#ParseDuration>. ''; @@ -360,12 +360,12 @@ in options."git.sr.ht" = commonServiceSettings "git" // { outgoing-domain = mkOption { - description = lib.mdDoc "Outgoing domain."; + description = "Outgoing domain."; type = types.str; default = "https://git.localhost.localdomain"; }; post-update-script = mkOption { - description = lib.mdDoc '' + description = '' A post-update script which is installed in every git repo. This setting is propagated to newer and existing repositories. ''; @@ -374,7 +374,7 @@ in defaultText = "\${pkgs.sourcehut.gitsrht}/bin/gitsrht-update-hook"; }; repos = mkOption { - description = lib.mdDoc '' + description = '' Path to git repositories on disk. If changing the default, you must ensure that the gitsrht's user as read and write access to it. @@ -383,14 +383,14 @@ in default = "/var/lib/sourcehut/gitsrht/repos"; }; webhooks = mkOption { - description = lib.mdDoc "The Redis connection used for the webhooks worker."; + description = "The Redis connection used for the webhooks worker."; type = types.str; default = "redis+socket:///run/redis-sourcehut-gitsrht/redis.sock?virtual_host=1"; }; }; options."git.sr.ht::api" = { internal-ipnet = mkOption { - description = lib.mdDoc '' + description = '' Set of IP subnets which are permitted to utilize internal API authentication. This should be limited to the subnets from which your *.sr.ht services are running. @@ -403,7 +403,7 @@ in options."hg.sr.ht" = commonServiceSettings "hg" // { changegroup-script = mkOption { - description = lib.mdDoc '' + description = '' A changegroup script which is installed in every mercurial repo. This setting is propagated to newer and existing repositories. ''; @@ -412,7 +412,7 @@ in defaultText = "\${pkgs.sourcehut.hgsrht}/bin/hgsrht-hook-changegroup"; }; repos = mkOption { - description = lib.mdDoc '' + description = '' Path to mercurial repositories on disk. If changing the default, you must ensure that the hgsrht's user as read and write access to it. @@ -425,18 +425,18 @@ in (defaults to where the hgsrht code is) ''; clone_bundle_threshold = mkOption { - description = lib.mdDoc ".hg/store size (in MB) past which the nightly job generates clone bundles."; + description = ".hg/store size (in MB) past which the nightly job generates clone bundles."; type = types.ints.unsigned; default = 50; }; hg_ssh = mkOption { - description = lib.mdDoc "Path to hg-ssh (if not in $PATH)."; + description = "Path to hg-ssh (if not in $PATH)."; type = types.str; default = "${pkgs.mercurial}/bin/hg-ssh"; defaultText = "\${pkgs.mercurial}/bin/hg-ssh"; }; webhooks = mkOption { - description = lib.mdDoc "The Redis connection used for the webhooks worker."; + description = "The Redis connection used for the webhooks worker."; type = types.str; default = "redis+socket:///run/redis-sourcehut-hgsrht/redis.sock?virtual_host=1"; }; @@ -446,31 +446,31 @@ in }; options."lists.sr.ht" = commonServiceSettings "lists" // { - allow-new-lists = mkEnableOption (lib.mdDoc "creation of new lists"); + allow-new-lists = mkEnableOption "creation of new lists"; notify-from = mkOption { - description = lib.mdDoc "Outgoing email for notifications generated by users."; + description = "Outgoing email for notifications generated by users."; type = types.str; default = "lists-notify@localhost.localdomain"; }; posting-domain = mkOption { - description = lib.mdDoc "Posting domain."; + description = "Posting domain."; type = types.str; default = "lists.localhost.localdomain"; }; redis = mkOption { - description = lib.mdDoc "The Redis connection used for the Celery worker."; + description = "The Redis connection used for the Celery worker."; type = types.str; default = "redis+socket:///run/redis-sourcehut-listssrht/redis.sock?virtual_host=2"; }; webhooks = mkOption { - description = lib.mdDoc "The Redis connection used for the webhooks worker."; + description = "The Redis connection used for the webhooks worker."; type = types.str; default = "redis+socket:///run/redis-sourcehut-listssrht/redis.sock?virtual_host=1"; }; }; options."lists.sr.ht::worker" = { reject-mimetypes = mkOption { - description = lib.mdDoc '' + description = '' Comma-delimited list of Content-Types to reject. Messages with Content-Types included in this list are rejected. Multipart messages are always supported, and each part is checked against this list. @@ -481,12 +481,12 @@ in default = ["text/html"]; }; reject-url = mkOption { - description = lib.mdDoc "Reject URL."; + description = "Reject URL."; type = types.str; default = "https://man.sr.ht/lists.sr.ht/etiquette.md"; }; sock = mkOption { - description = lib.mdDoc '' + description = '' Path for the lmtp daemon's unix socket. Direct incoming mail to this socket. Alternatively, specify IP:PORT and an SMTP server will be run instead. ''; @@ -494,7 +494,7 @@ in default = "/tmp/lists.sr.ht-lmtp.sock"; }; sock-group = mkOption { - description = lib.mdDoc '' + description = '' The lmtp daemon will make the unix socket group-read/write for users in this group. ''; @@ -510,15 +510,15 @@ in removeAttrs (commonServiceSettings "meta") ["oauth-client-id" "oauth-client-secret"] // { webhooks = mkOption { - description = lib.mdDoc "The Redis connection used for the webhooks worker."; + description = "The Redis connection used for the webhooks worker."; type = types.str; default = "redis+socket:///run/redis-sourcehut-metasrht/redis.sock?virtual_host=1"; }; - welcome-emails = mkEnableOption (lib.mdDoc "sending stock sourcehut welcome emails after signup"); + welcome-emails = mkEnableOption "sending stock sourcehut welcome emails after signup"; }; options."meta.sr.ht::api" = { internal-ipnet = mkOption { - description = lib.mdDoc '' + description = '' Set of IP subnets which are permitted to utilize internal API authentication. This should be limited to the subnets from which your *.sr.ht services are running. @@ -529,13 +529,13 @@ in }; }; options."meta.sr.ht::aliases" = mkOption { - description = lib.mdDoc "Aliases for the client IDs of commonly used OAuth clients."; + description = "Aliases for the client IDs of commonly used OAuth clients."; type = with types; attrsOf int; default = {}; example = { "git.sr.ht" = 12345; }; }; options."meta.sr.ht::billing" = { - enabled = mkEnableOption (lib.mdDoc "the billing system"); + enabled = mkEnableOption "the billing system"; stripe-public-key = mkOptionNullOrStr "Public key for Stripe. Get your keys at https://dashboard.stripe.com/account/apikeys"; stripe-secret-key = mkOptionNullOrStr '' An absolute file path (which should be outside the Nix-store) @@ -545,14 +545,14 @@ in }; }; options."meta.sr.ht::settings" = { - registration = mkEnableOption (lib.mdDoc "public registration"); + registration = mkEnableOption "public registration"; onboarding-redirect = mkOption { - description = lib.mdDoc "Where to redirect new users upon registration."; + description = "Where to redirect new users upon registration."; type = types.str; default = "https://meta.localhost.localdomain"; }; user-invites = mkOption { - description = lib.mdDoc '' + description = '' How many invites each user is issued upon registration (only applicable if open registration is disabled). ''; @@ -563,7 +563,7 @@ in options."pages.sr.ht" = commonServiceSettings "pages" // { gemini-certs = mkOption { - description = lib.mdDoc '' + description = '' An absolute file path (which should be outside the Nix-store) to Gemini certificates. ''; @@ -571,12 +571,12 @@ in default = null; }; max-site-size = mkOption { - description = lib.mdDoc "Maximum size of any given site (post-gunzip), in MiB."; + description = "Maximum size of any given site (post-gunzip), in MiB."; type = types.int; default = 1024; }; user-domain = mkOption { - description = lib.mdDoc '' + description = '' Configures the user domain, if enabled. All users are given \<username\>.this.domain. ''; @@ -586,7 +586,7 @@ in }; options."pages.sr.ht::api" = { internal-ipnet = mkOption { - description = lib.mdDoc '' + description = '' Set of IP subnets which are permitted to utilize internal API authentication. This should be limited to the subnets from which your *.sr.ht services are running. @@ -602,24 +602,24 @@ in options."todo.sr.ht" = commonServiceSettings "todo" // { notify-from = mkOption { - description = lib.mdDoc "Outgoing email for notifications generated by users."; + description = "Outgoing email for notifications generated by users."; type = types.str; default = "todo-notify@localhost.localdomain"; }; webhooks = mkOption { - description = lib.mdDoc "The Redis connection used for the webhooks worker."; + description = "The Redis connection used for the webhooks worker."; type = types.str; default = "redis+socket:///run/redis-sourcehut-todosrht/redis.sock?virtual_host=1"; }; }; options."todo.sr.ht::mail" = { posting-domain = mkOption { - description = lib.mdDoc "Posting domain."; + description = "Posting domain."; type = types.str; default = "todo.localhost.localdomain"; }; sock = mkOption { - description = lib.mdDoc '' + description = '' Path for the lmtp daemon's unix socket. Direct incoming mail to this socket. Alternatively, specify IP:PORT and an SMTP server will be run instead. ''; @@ -627,7 +627,7 @@ in default = "/tmp/todo.sr.ht-lmtp.sock"; }; sock-group = mkOption { - description = lib.mdDoc '' + description = '' The lmtp daemon will make the unix socket group-read/write for users in this group. ''; @@ -637,13 +637,13 @@ in }; }; default = { }; - description = lib.mdDoc '' + description = '' The configuration for the sourcehut network. ''; }; builds = { - enableWorker = mkEnableOption (lib.mdDoc '' + enableWorker = mkEnableOption '' worker for builds.sr.ht ::: {.warning} @@ -653,7 +653,7 @@ in (e.g. automatic testing of patches via listssrht). See <https://man.sr.ht/builds.sr.ht/configuration.md#security-model>. ::: - ''); + ''; images = mkOption { type = with types; attrsOf (attrsOf (attrsOf package)); @@ -673,7 +673,7 @@ in nixos.unstable.x86_64 = image_from_nixpkgs; } )''; - description = lib.mdDoc '' + description = '' Images for builds.sr.ht. Each package should be distro.release.arch and point to a /nix/store/package/root.img.qcow2. ''; }; @@ -684,7 +684,7 @@ in example = "gitFull"; }; fcgiwrap.preforkProcess = mkOption { - description = lib.mdDoc "Number of fcgiwrap processes to prefork."; + description = "Number of fcgiwrap processes to prefork."; type = types.int; default = 4; }; @@ -695,7 +695,7 @@ in cloneBundles = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Generate clonebundles (which require more disk space but dramatically speed up cloning large repositories). ''; }; @@ -706,12 +706,12 @@ in extraArgs = mkOption { type = with types; listOf str; default = [ "--loglevel DEBUG" "--pool eventlet" "--without-heartbeat" ]; - description = lib.mdDoc "Extra arguments passed to the Celery responsible for processing mails."; + description = "Extra arguments passed to the Celery responsible for processing mails."; }; celeryConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Content of the `celeryconfig.py` used by the Celery of `listssrht-process`."; + description = "Content of the `celeryconfig.py` used by the Celery of `listssrht-process`."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/sourcehut/service.nix b/nixpkgs/nixos/modules/services/misc/sourcehut/service.nix index 4a8289b4d403..ce5a0e78627c 100644 --- a/nixpkgs/nixos/modules/services/misc/sourcehut/service.nix +++ b/nixpkgs/nixos/modules/services/misc/sourcehut/service.nix @@ -133,12 +133,12 @@ let in { options.services.sourcehut.${srv} = { - enable = mkEnableOption (lib.mdDoc "${srv} service"); + enable = mkEnableOption "${srv} service"; user = mkOption { type = types.str; default = srvsrht; - description = lib.mdDoc '' + description = '' User for ${srv}.sr.ht. ''; }; @@ -146,7 +146,7 @@ in group = mkOption { type = types.str; default = srvsrht; - description = lib.mdDoc '' + description = '' Group for ${srv}.sr.ht. Membership grants access to the Git/Mercurial repositories by default, but not to the config.ini file (where secrets are). @@ -156,7 +156,7 @@ in port = mkOption { type = types.port; default = port; - description = lib.mdDoc '' + description = '' Port on which the "${srv}" backend should listen. ''; }; @@ -166,7 +166,7 @@ in type = types.str; default = "unix:///run/redis-sourcehut-${srvsrht}/redis.sock?db=0"; example = "redis://shared.wireguard:6379/0"; - description = lib.mdDoc '' + description = '' The redis host URL. This is used for caching and temporary storage, and must be shared between nodes (e.g. git1.sr.ht and git2.sr.ht), but need not be shared between services. It may be shared between services, however, with no @@ -179,7 +179,7 @@ in database = mkOption { type = types.str; default = "${srv}.sr.ht"; - description = lib.mdDoc '' + description = '' PostgreSQL database name for the ${srv}.sr.ht service, used if [](#opt-services.sourcehut.postgresql.enable) is `true`. ''; @@ -190,7 +190,7 @@ in extraArgs = mkOption { type = with types; listOf str; default = [ "--timeout 120" "--workers 1" "--log-level=info" ]; - description = lib.mdDoc "Extra arguments passed to Gunicorn."; + description = "Extra arguments passed to Gunicorn."; }; }; } // optionalAttrs webhooks { @@ -198,12 +198,12 @@ in extraArgs = mkOption { type = with types; listOf str; default = [ "--loglevel DEBUG" "--pool eventlet" "--without-heartbeat" ]; - description = lib.mdDoc "Extra arguments passed to the Celery responsible for webhooks."; + description = "Extra arguments passed to the Celery responsible for webhooks."; }; celeryConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Content of the `celeryconfig.py` used by the Celery responsible for webhooks."; + description = "Content of the `celeryconfig.py` used by the Celery responsible for webhooks."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/spice-autorandr.nix b/nixpkgs/nixos/modules/services/misc/spice-autorandr.nix index 0d8830dbd5be..0d58d2865717 100644 --- a/nixpkgs/nixos/modules/services/misc/spice-autorandr.nix +++ b/nixpkgs/nixos/modules/services/misc/spice-autorandr.nix @@ -6,7 +6,7 @@ in { options = { services.spice-autorandr = { - enable = lib.mkEnableOption (lib.mdDoc "spice-autorandr service that will automatically resize display to match SPICE client window size."); + enable = lib.mkEnableOption "spice-autorandr service that will automatically resize display to match SPICE client window size."; package = lib.mkPackageOption pkgs "spice-autorandr" { }; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/spice-vdagentd.nix b/nixpkgs/nixos/modules/services/misc/spice-vdagentd.nix index bde64847d89e..2dd9fcf68ab0 100644 --- a/nixpkgs/nixos/modules/services/misc/spice-vdagentd.nix +++ b/nixpkgs/nixos/modules/services/misc/spice-vdagentd.nix @@ -7,7 +7,7 @@ in { options = { services.spice-vdagentd = { - enable = mkEnableOption (lib.mdDoc "Spice guest vdagent daemon"); + enable = mkEnableOption "Spice guest vdagent daemon"; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/spice-webdavd.nix b/nixpkgs/nixos/modules/services/misc/spice-webdavd.nix index 2b4304365618..9df0f7a420e7 100644 --- a/nixpkgs/nixos/modules/services/misc/spice-webdavd.nix +++ b/nixpkgs/nixos/modules/services/misc/spice-webdavd.nix @@ -7,7 +7,7 @@ in { options = { services.spice-webdavd = { - enable = mkEnableOption (lib.mdDoc "the spice guest webdav proxy daemon"); + enable = mkEnableOption "the spice guest webdav proxy daemon"; package = mkPackageOption pkgs "phodav" { }; }; diff --git a/nixpkgs/nixos/modules/services/misc/sssd.nix b/nixpkgs/nixos/modules/services/misc/sssd.nix index f83c82bbb7d7..4429b20174d9 100644 --- a/nixpkgs/nixos/modules/services/misc/sssd.nix +++ b/nixpkgs/nixos/modules/services/misc/sssd.nix @@ -10,11 +10,11 @@ let in { options = { services.sssd = { - enable = mkEnableOption (lib.mdDoc "the System Security Services Daemon"); + enable = mkEnableOption "the System Security Services Daemon"; config = mkOption { type = types.lines; - description = lib.mdDoc "Contents of {file}`sssd.conf`."; + description = "Contents of {file}`sssd.conf`."; default = '' [sssd] config_file_version = 2 @@ -37,7 +37,7 @@ in { sshAuthorizedKeysIntegration = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to make sshd look up authorized keys from SSS. For this to work, the `ssh` SSS service must be enabled in the sssd configuration. ''; @@ -46,7 +46,7 @@ in { kcm = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to use SSS as a Kerberos Cache Manager (KCM). Kerberos will be configured to cache credentials in SSS. ''; @@ -54,7 +54,7 @@ in { environmentFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Environment file as defined in {manpage}`systemd.exec(5)`. Secrets may be passed to the service without adding them to the world-readable diff --git a/nixpkgs/nixos/modules/services/misc/subsonic.nix b/nixpkgs/nixos/modules/services/misc/subsonic.nix index 0862d5782595..2dda8970dd30 100644 --- a/nixpkgs/nixos/modules/services/misc/subsonic.nix +++ b/nixpkgs/nixos/modules/services/misc/subsonic.nix @@ -8,12 +8,12 @@ let in { options = { services.subsonic = { - enable = mkEnableOption (lib.mdDoc "Subsonic daemon"); + enable = mkEnableOption "Subsonic daemon"; home = mkOption { type = types.path; default = "/var/lib/subsonic"; - description = lib.mdDoc '' + description = '' The directory where Subsonic will create files. Make sure it is writable. ''; @@ -22,7 +22,7 @@ in { listenAddress = mkOption { type = types.str; default = "0.0.0.0"; - description = lib.mdDoc '' + description = '' The host name or IP address on which to bind Subsonic. Only relevant if you have multiple network interfaces and want to make Subsonic available on only one of them. The default value @@ -33,7 +33,7 @@ in { port = mkOption { type = types.port; default = 4040; - description = lib.mdDoc '' + description = '' The port on which Subsonic will listen for incoming HTTP traffic. Set to 0 to disable. ''; @@ -42,7 +42,7 @@ in { httpsPort = mkOption { type = types.port; default = 0; - description = lib.mdDoc '' + description = '' The port on which Subsonic will listen for incoming HTTPS traffic. Set to 0 to disable. ''; @@ -51,7 +51,7 @@ in { contextPath = mkOption { type = types.path; default = "/"; - description = lib.mdDoc '' + description = '' The context path, i.e., the last part of the Subsonic URL. Typically '/' or '/subsonic'. Default '/' ''; @@ -60,7 +60,7 @@ in { maxMemory = mkOption { type = types.int; default = 100; - description = lib.mdDoc '' + description = '' The memory limit (max Java heap size) in megabytes. Default: 100 ''; @@ -69,7 +69,7 @@ in { defaultMusicFolder = mkOption { type = types.path; default = "/var/music"; - description = lib.mdDoc '' + description = '' Configure Subsonic to use this folder for music. This option only has effect the first time Subsonic is started. ''; @@ -78,7 +78,7 @@ in { defaultPodcastFolder = mkOption { type = types.path; default = "/var/music/Podcast"; - description = lib.mdDoc '' + description = '' Configure Subsonic to use this folder for Podcasts. This option only has effect the first time Subsonic is started. ''; @@ -87,7 +87,7 @@ in { defaultPlaylistFolder = mkOption { type = types.path; default = "/var/playlists"; - description = lib.mdDoc '' + description = '' Configure Subsonic to use this folder for playlists. This option only has effect the first time Subsonic is started. ''; @@ -97,7 +97,7 @@ in { type = types.listOf types.path; default = [ "${pkgs.ffmpeg.bin}/bin/ffmpeg" ]; defaultText = literalExpression ''[ "''${pkgs.ffmpeg.bin}/bin/ffmpeg" ]''; - description = lib.mdDoc '' + description = '' List of paths to transcoder executables that should be accessible from Subsonic. Symlinks will be created to each executable inside ''${config.${opt.home}}/transcoders. diff --git a/nixpkgs/nixos/modules/services/misc/sundtek.nix b/nixpkgs/nixos/modules/services/misc/sundtek.nix index e85d7c5b92b9..e3234518c940 100644 --- a/nixpkgs/nixos/modules/services/misc/sundtek.nix +++ b/nixpkgs/nixos/modules/services/misc/sundtek.nix @@ -8,7 +8,7 @@ let in { options.services.sundtek = { - enable = mkEnableOption (lib.mdDoc "Sundtek driver"); + enable = mkEnableOption "Sundtek driver"; }; config = mkIf cfg.enable { diff --git a/nixpkgs/nixos/modules/services/misc/svnserve.nix b/nixpkgs/nixos/modules/services/misc/svnserve.nix index a0103641c650..5fa262ca3b94 100644 --- a/nixpkgs/nixos/modules/services/misc/svnserve.nix +++ b/nixpkgs/nixos/modules/services/misc/svnserve.nix @@ -20,13 +20,13 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable svnserve to serve Subversion repositories through the SVN protocol."; + description = "Whether to enable svnserve to serve Subversion repositories through the SVN protocol."; }; svnBaseDir = mkOption { type = types.str; default = "/repos"; - description = lib.mdDoc "Base directory from which Subversion repositories are accessed."; + description = "Base directory from which Subversion repositories are accessed."; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/synergy.nix b/nixpkgs/nixos/modules/services/misc/synergy.nix index 0cbdc7599c0f..fb664fc071d1 100644 --- a/nixpkgs/nixos/modules/services/misc/synergy.nix +++ b/nixpkgs/nixos/modules/services/misc/synergy.nix @@ -19,19 +19,19 @@ in # !!! All these option descriptions needs to be cleaned up. client = { - enable = mkEnableOption (lib.mdDoc "the Synergy client (receive keyboard and mouse events from a Synergy server)"); + enable = mkEnableOption "the Synergy client (receive keyboard and mouse events from a Synergy server)"; screenName = mkOption { default = ""; type = types.str; - description = lib.mdDoc '' + description = '' Use the given name instead of the hostname to identify ourselves to the server. ''; }; serverAddress = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The server address is of the form: [hostname][:port]. The hostname must be the address or hostname of the server. The port overrides the default port, 24800. @@ -40,22 +40,22 @@ in autoStart = mkOption { default = true; type = types.bool; - description = lib.mdDoc "Whether the Synergy client should be started automatically."; + description = "Whether the Synergy client should be started automatically."; }; }; server = { - enable = mkEnableOption (lib.mdDoc "the Synergy server (send keyboard and mouse events)"); + enable = mkEnableOption "the Synergy server (send keyboard and mouse events)"; configFile = mkOption { type = types.path; default = "/etc/synergy-server.conf"; - description = lib.mdDoc "The Synergy server configuration file."; + description = "The Synergy server configuration file."; }; screenName = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Use the given name instead of the hostname to identify this screen in the configuration. ''; @@ -63,18 +63,18 @@ in address = mkOption { type = types.str; default = ""; - description = lib.mdDoc "Address on which to listen for clients."; + description = "Address on which to listen for clients."; }; autoStart = mkOption { default = true; type = types.bool; - description = lib.mdDoc "Whether the Synergy server should be started automatically."; + description = "Whether the Synergy server should be started automatically."; }; tls = { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether TLS encryption should be used. Using this requires a TLS certificate that can be @@ -87,7 +87,7 @@ in type = types.nullOr types.str; default = null; example = "~/.synergy/SSL/Synergy.pem"; - description = lib.mdDoc "The TLS certificate to use for encryption."; + description = "The TLS certificate to use for encryption."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/sysprof.nix b/nixpkgs/nixos/modules/services/misc/sysprof.nix index 25c5b0fabf61..ab91a8b586a2 100644 --- a/nixpkgs/nixos/modules/services/misc/sysprof.nix +++ b/nixpkgs/nixos/modules/services/misc/sysprof.nix @@ -3,7 +3,7 @@ { options = { services.sysprof = { - enable = lib.mkEnableOption (lib.mdDoc "sysprof profiling daemon"); + enable = lib.mkEnableOption "sysprof profiling daemon"; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/tabby.nix b/nixpkgs/nixos/modules/services/misc/tabby.nix index a3072e5df75e..d63a6b24ae3d 100644 --- a/nixpkgs/nixos/modules/services/misc/tabby.nix +++ b/nixpkgs/nixos/modules/services/misc/tabby.nix @@ -11,16 +11,14 @@ in { options = { services.tabby = { - enable = lib.mkEnableOption ( - lib.mdDoc "Self-hosted AI coding assistant using large language models" - ); + enable = lib.mkEnableOption "Self-hosted AI coding assistant using large language models"; package = lib.mkPackageOption pkgs "tabby" { }; port = lib.mkOption { type = types.port; default = 11029; - description = lib.mdDoc '' + description = '' Specifies the bind port on which the tabby server HTTP interface listens. ''; }; @@ -28,7 +26,7 @@ in model = lib.mkOption { type = types.str; default = "TabbyML/StarCoder-1B"; - description = lib.mdDoc '' + description = '' Specify the model that tabby will use to generate completions. This model will be downloaded automatically if it is not already present. @@ -60,7 +58,7 @@ in type = types.nullOr (types.enum [ "cpu" "rocm" "cuda" "metal" ]); default = null; example = "rocm"; - description = lib.mdDoc '' + description = '' Specifies the device to use for hardware acceleration. - `cpu`: no acceleration just use the CPU @@ -85,7 +83,7 @@ in settings = lib.mkOption { inherit (format) type; default = { }; - description = lib.mdDoc '' + description = '' Tabby scheduler configuration See for more details: @@ -108,7 +106,7 @@ in usageCollection = lib.mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable sending anonymous usage data. See for more details: @@ -120,7 +118,7 @@ in type = types.str; default = "5hours"; example = "5hours"; - description = lib.mdDoc '' + description = '' Run tabby scheduler to generate the index database at this interval. Updates by default every 5 hours. This value applies to `OnUnitInactiveSec` diff --git a/nixpkgs/nixos/modules/services/misc/tandoor-recipes.nix b/nixpkgs/nixos/modules/services/misc/tandoor-recipes.nix index 1b1fde78ad0a..a2210f3d7db5 100644 --- a/nixpkgs/nixos/modules/services/misc/tandoor-recipes.nix +++ b/nixpkgs/nixos/modules/services/misc/tandoor-recipes.nix @@ -33,7 +33,7 @@ in enable = mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable Tandoor Recipes. When started, the Tandoor Recipes database is automatically created if @@ -48,19 +48,19 @@ in address = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc "Web interface address."; + description = "Web interface address."; }; port = mkOption { type = types.port; default = 8080; - description = lib.mdDoc "Web interface port."; + description = "Web interface port."; }; extraConfig = mkOption { type = types.attrs; default = { }; - description = lib.mdDoc '' + description = '' Extra tandoor recipes config options. See [the example dot-env file](https://raw.githubusercontent.com/vabene1111/recipes/master/.env.template) diff --git a/nixpkgs/nixos/modules/services/misc/taskserver/default.nix b/nixpkgs/nixos/modules/services/misc/taskserver/default.nix index 775b3b6d2eae..d359bf899768 100644 --- a/nixpkgs/nixos/modules/services/misc/taskserver/default.nix +++ b/nixpkgs/nixos/modules/services/misc/taskserver/default.nix @@ -10,7 +10,7 @@ let mkManualPkiOption = desc: mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' ${desc} ::: {.note} @@ -37,7 +37,7 @@ let ''; }; - mkAutoDesc = preamble: lib.mdDoc '' + mkAutoDesc = preamble: '' ${preamble} ::: {.note} @@ -91,7 +91,7 @@ let type = types.uniq (types.listOf types.str); default = []; example = [ "alice" "bob" ]; - description = lib.mdDoc '' + description = '' A list of user names that belong to the organization. ''; }; @@ -100,7 +100,7 @@ let type = types.listOf types.str; default = []; example = [ "workers" "slackers" ]; - description = lib.mdDoc '' + description = '' A list of group names that belong to the organization. ''; }; @@ -142,7 +142,7 @@ in { default = false; description = let url = "https://nixos.org/manual/nixos/stable/index.html#module-services-taskserver"; - in lib.mdDoc '' + in '' Whether to enable the Taskwarrior server. More instructions about NixOS in conjunction with Taskserver can be @@ -153,19 +153,19 @@ in { user = mkOption { type = types.str; default = "taskd"; - description = lib.mdDoc "User for Taskserver."; + description = "User for Taskserver."; }; group = mkOption { type = types.str; default = "taskd"; - description = lib.mdDoc "Group for Taskserver."; + description = "Group for Taskserver."; }; dataDir = mkOption { type = types.path; default = "/var/lib/taskserver"; - description = lib.mdDoc "Data directory for Taskserver."; + description = "Data directory for Taskserver."; }; ciphers = mkOption { @@ -174,7 +174,7 @@ in { example = "NORMAL:-VERS-SSL3.0"; description = let url = "https://gnutls.org/manual/html_node/Priority-Strings.html"; - in lib.mdDoc '' + in '' List of GnuTLS ciphers to use. See the GnuTLS documentation about priority strings at <${url}> for full details. ''; @@ -186,7 +186,7 @@ in { example.myShinyOrganisation.users = [ "alice" "bob" ]; example.myShinyOrganisation.groups = [ "staff" "outsiders" ]; example.yetAnotherOrganisation.users = [ "foo" "bar" ]; - description = lib.mdDoc '' + description = '' An attribute set where the keys name the organisation and the values are a set of lists of {option}`users` and {option}`groups`. @@ -196,7 +196,7 @@ in { confirmation = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Determines whether certain commands are confirmed. ''; }; @@ -204,7 +204,7 @@ in { debug = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Logs debugging information. ''; }; @@ -212,7 +212,7 @@ in { extensions = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Fully qualified path of the Taskserver extension scripts. Currently there are none. ''; @@ -221,7 +221,7 @@ in { ipLog = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Logs the IP addresses of incoming requests. ''; }; @@ -229,7 +229,7 @@ in { queueSize = mkOption { type = types.int; default = 10; - description = lib.mdDoc '' + description = '' Size of the connection backlog, see {manpage}`listen(2)`. ''; }; @@ -237,7 +237,7 @@ in { requestLimit = mkOption { type = types.int; default = 1048576; - description = lib.mdDoc '' + description = '' Size limit of incoming requests, in bytes. ''; }; @@ -246,7 +246,7 @@ in { type = with types; either str (listOf str); default = []; example = [ "[Tt]ask [2-9]+" ]; - description = lib.mdDoc '' + description = '' A list of regular expressions that are matched against the reported client id (such as `task 2.3.0`). @@ -260,7 +260,7 @@ in { type = with types; either str (listOf str); default = []; example = [ "[Tt]ask [2-9]+" ]; - description = lib.mdDoc '' + description = '' A list of regular expressions that are matched against the reported client id (such as `task 2.3.0`). @@ -274,7 +274,7 @@ in { type = types.str; default = "localhost"; example = "::"; - description = lib.mdDoc '' + description = '' The address (IPv4, IPv6 or DNS) to listen on. ''; }; @@ -282,7 +282,7 @@ in { listenPort = mkOption { type = types.int; default = 53589; - description = lib.mdDoc '' + description = '' Port number of the Taskserver. ''; }; @@ -290,7 +290,7 @@ in { openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to open the firewall for the specified Taskserver port. ''; }; @@ -298,7 +298,7 @@ in { fqdn = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc '' + description = '' The fully qualified domain name of this server, which is also used as the common name in the certificates. ''; @@ -307,7 +307,7 @@ in { trust = mkOption { type = types.enum [ "allow all" "strict" ]; default = "strict"; - description = lib.mdDoc '' + description = '' Determines how client certificates are validated. The value `allow all` performs no client @@ -323,7 +323,7 @@ in { config = mkOption { type = types.attrs; example.client.cert = "/tmp/debugging.cert"; - description = lib.mdDoc '' + description = '' Configuration options to pass to Taskserver. The options here are the same as described in diff --git a/nixpkgs/nixos/modules/services/misc/tautulli.nix b/nixpkgs/nixos/modules/services/misc/tautulli.nix index e379628c8ce6..6afdbd212aa8 100644 --- a/nixpkgs/nixos/modules/services/misc/tautulli.nix +++ b/nixpkgs/nixos/modules/services/misc/tautulli.nix @@ -12,42 +12,42 @@ in options = { services.tautulli = { - enable = mkEnableOption (lib.mdDoc "Tautulli Plex Monitor"); + enable = mkEnableOption "Tautulli Plex Monitor"; dataDir = mkOption { type = types.str; default = "/var/lib/plexpy"; - description = lib.mdDoc "The directory where Tautulli stores its data files."; + description = "The directory where Tautulli stores its data files."; }; configFile = mkOption { type = types.str; default = "/var/lib/plexpy/config.ini"; - description = lib.mdDoc "The location of Tautulli's config file."; + description = "The location of Tautulli's config file."; }; port = mkOption { type = types.port; default = 8181; - description = lib.mdDoc "TCP port where Tautulli listens."; + description = "TCP port where Tautulli listens."; }; openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Open ports in the firewall for Tautulli."; + description = "Open ports in the firewall for Tautulli."; }; user = mkOption { type = types.str; default = "plexpy"; - description = lib.mdDoc "User account under which Tautulli runs."; + description = "User account under which Tautulli runs."; }; group = mkOption { type = types.str; default = "nogroup"; - description = lib.mdDoc "Group under which Tautulli runs."; + description = "Group under which Tautulli runs."; }; package = mkPackageOption pkgs "tautulli" { }; diff --git a/nixpkgs/nixos/modules/services/misc/tiddlywiki.nix b/nixpkgs/nixos/modules/services/misc/tiddlywiki.nix index 849f53ca2d48..7ae657dd862d 100644 --- a/nixpkgs/nixos/modules/services/misc/tiddlywiki.nix +++ b/nixpkgs/nixos/modules/services/misc/tiddlywiki.nix @@ -14,7 +14,7 @@ in { options.services.tiddlywiki = { - enable = mkEnableOption (lib.mdDoc "TiddlyWiki nodejs server"); + enable = mkEnableOption "TiddlyWiki nodejs server"; listenOptions = mkOption { type = types.attrs; @@ -24,7 +24,7 @@ in { readers="(authenticated)"; port = 3456; }; - description = lib.mdDoc '' + description = '' Parameters passed to `--listen` command. Refer to <https://tiddlywiki.com/#WebServer> for details on supported values. diff --git a/nixpkgs/nixos/modules/services/misc/tp-auto-kbbl.nix b/nixpkgs/nixos/modules/services/misc/tp-auto-kbbl.nix index f6f2d49733e6..4ea356a133d8 100644 --- a/nixpkgs/nixos/modules/services/misc/tp-auto-kbbl.nix +++ b/nixpkgs/nixos/modules/services/misc/tp-auto-kbbl.nix @@ -9,14 +9,14 @@ in { options = { services.tp-auto-kbbl = { - enable = mkEnableOption (lib.mdDoc "auto toggle keyboard back-lighting on Thinkpads (and maybe other laptops) for Linux"); + enable = mkEnableOption "auto toggle keyboard back-lighting on Thinkpads (and maybe other laptops) for Linux"; package = mkPackageOption pkgs "tp-auto-kbbl" { }; arguments = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc '' + description = '' List of arguments appended to `./tp-auto-kbbl --device [device] [arguments]` ''; }; @@ -24,7 +24,7 @@ in { device = mkOption { type = types.str; default = "/dev/input/event0"; - description = lib.mdDoc "Device watched for activities."; + description = "Device watched for activities."; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/transfer-sh.nix b/nixpkgs/nixos/modules/services/misc/transfer-sh.nix index 899d9dfc3c10..150af2337e14 100644 --- a/nixpkgs/nixos/modules/services/misc/transfer-sh.nix +++ b/nixpkgs/nixos/modules/services/misc/transfer-sh.nix @@ -4,11 +4,11 @@ let cfg = config.services.transfer-sh; inherit (lib) mkDefault mkEnableOption mkPackageOption mkIf mkOption - types mapAttrs isBool getExe boolToString mdDoc optionalAttrs; + types mapAttrs isBool getExe boolToString optionalAttrs; in { options.services.transfer-sh = { - enable = mkEnableOption (mdDoc "Easy and fast file sharing from the command-line"); + enable = mkEnableOption "Easy and fast file sharing from the command-line"; package = mkPackageOption pkgs "transfer-sh" { }; @@ -20,7 +20,7 @@ in BASEDIR = "/var/lib/transfer.sh"; TLS_LISTENER_ONLY = false; }; - description = mdDoc '' + description = '' Additional configuration for transfer-sh, see <https://github.com/dutchcoders/transfer.sh#usage-1> for supported values. @@ -32,14 +32,14 @@ in provider = mkOption { type = types.enum [ "local" "s3" "storj" "gdrive" ]; default = "local"; - description = mdDoc "Storage providers to use"; + description = "Storage providers to use"; }; secretFile = mkOption { type = types.nullOr types.path; default = null; example = "/run/secrets/transfer-sh.env"; - description = mdDoc '' + description = '' Path to file containing environment variables. Useful for passing down secrets. Some variables that can be considered secrets are: diff --git a/nixpkgs/nixos/modules/services/misc/tuxclocker.nix b/nixpkgs/nixos/modules/services/misc/tuxclocker.nix index 5969f75b8e30..4c2f9e39bcfc 100644 --- a/nixpkgs/nixos/modules/services/misc/tuxclocker.nix +++ b/nixpkgs/nixos/modules/services/misc/tuxclocker.nix @@ -7,20 +7,20 @@ let in { options.programs.tuxclocker = { - enable = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption '' TuxClocker, a hardware control and monitoring program - ''); + ''; - enableAMD = mkEnableOption (lib.mdDoc '' + enableAMD = mkEnableOption '' AMD GPU controls. Sets the `amdgpu.ppfeaturemask` kernel parameter to 0xfffd7fff to enable all TuxClocker controls - ''); + ''; enabledNVIDIADevices = mkOption { type = types.listOf types.int; default = [ ]; example = [ 0 1 ]; - description = lib.mdDoc '' + description = '' Enable NVIDIA GPU controls for a device by index. Sets the `Coolbits` Xorg option to enable all TuxClocker controls. ''; @@ -30,7 +30,7 @@ in type = types.bool; default = false; example = true; - description = lib.mdDoc '' + description = '' Whether to use components requiring unfree dependencies. Disabling this allows you to get everything from the binary cache. ''; diff --git a/nixpkgs/nixos/modules/services/misc/tzupdate.nix b/nixpkgs/nixos/modules/services/misc/tzupdate.nix index 300a578f7c4a..eac1e1112a5a 100644 --- a/nixpkgs/nixos/modules/services/misc/tzupdate.nix +++ b/nixpkgs/nixos/modules/services/misc/tzupdate.nix @@ -9,7 +9,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable the tzupdate timezone updating service. This provides a one-shot service which can be activated with systemctl to update the timezone. diff --git a/nixpkgs/nixos/modules/services/misc/uhub.nix b/nixpkgs/nixos/modules/services/misc/uhub.nix index 80266b024e35..99774fbb920a 100644 --- a/nixpkgs/nixos/modules/services/misc/uhub.nix +++ b/nixpkgs/nixos/modules/services/misc/uhub.nix @@ -15,21 +15,21 @@ in { services.uhub = mkOption { default = { }; - description = lib.mdDoc "Uhub ADC hub instances"; + description = "Uhub ADC hub instances"; type = types.attrsOf (types.submodule { options = { - enable = mkEnableOption (lib.mdDoc "hub instance") // { default = true; }; + enable = mkEnableOption "hub instance" // { default = true; }; enableTLS = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable TLS support."; + description = "Whether to enable TLS support."; }; settings = mkOption { inherit (settingsFormat) type; - description = lib.mdDoc '' + description = '' Configuration of uhub. See https://www.uhub.org/doc/config.php for a list of options. ''; @@ -44,7 +44,7 @@ in { }; plugins = mkOption { - description = lib.mdDoc "Uhub plugin configuration."; + description = "Uhub plugin configuration."; type = with types; listOf (submodule { options = { @@ -52,10 +52,10 @@ in { type = path; example = literalExpression "$${pkgs.uhub}/plugins/mod_auth_sqlite.so"; - description = lib.mdDoc "Path to plugin file."; + description = "Path to plugin file."; }; settings = mkOption { - description = lib.mdDoc "Settings specific to this plugin."; + description = "Settings specific to this plugin."; type = with types; attrsOf str; example = { file = "/etc/uhub/users.db"; }; }; diff --git a/nixpkgs/nixos/modules/services/misc/wastebin.nix b/nixpkgs/nixos/modules/services/misc/wastebin.nix new file mode 100644 index 000000000000..3d0af2862683 --- /dev/null +++ b/nixpkgs/nixos/modules/services/misc/wastebin.nix @@ -0,0 +1,158 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.services.wastebin; + inherit (lib) + mkEnableOption mkPackageOption mkIf mkOption + types mapAttrs isBool getExe boolToString optionalAttrs; +in +{ + + options.services.wastebin = { + + enable = mkEnableOption "Wastenbin pastebin service"; + + package = mkPackageOption pkgs "wastebin" { }; + + stateDir = mkOption { + type = types.path; + default = "/var/lib/wastebin"; + description = "State directory of the daemon."; + }; + + secretFile = mkOption { + type = types.nullOr types.path; + default = null; + example = "/run/secrets/wastebin.env"; + description = '' + Path to file containing sensitive environment variables. + Some variables that can be considered secrets are: + + - WASTEBIN_PASSWORD_SALT: + salt used to hash user passwords used for encrypting pastes. + + - WASTEBIN_SIGNING_KEY: + sets the key to sign cookies. If not set, a random key will be + generated which means cookies will become invalid after restarts and + paste creators will not be able to delete their pastes anymore. + ''; + }; + + settings = mkOption { + + description = '' + Additional configuration for wastebin, see + <https://github.com/matze/wastebin#usage> for supported values. + For secrets use secretFile option instead. + ''; + + type = types.submodule { + + freeformType = with types; attrsOf (oneOf [ bool int str ]); + + options = { + + WASTEBIN_ADDRESS_PORT = mkOption { + type = types.str; + default = "0.0.0.0:8088"; + description = "Address and port to bind to"; + }; + + WASTEBIN_BASE_URL = mkOption { + default = "http://localhost"; + example = "https://myhost.tld"; + type = types.str; + description = '' + Base URL for the QR code display. If not set, the user agent's Host + header field is used as an approximation. + ''; + }; + + WASTEBIN_CACHE_SIZE = mkOption { + default = 128; + type = types.int; + description = "Number of rendered syntax highlight items to cache. Can be disabled by setting to 0."; + }; + + WASTEBIN_DATABASE_PATH = mkOption { + default = "/var/lib/wastebin/sqlite3.db"; # TODO make this default to stateDir/sqlite3.db + type = types.str; + description = "Path to the sqlite3 database file. If not set, an in-memory database is used."; + }; + + WASTEBIN_HTTP_TIMEOUT = mkOption { + default = 5; + type = types.int; + description = "Maximum number of seconds a request can be processed until wastebin responds with 408"; + }; + + WASTEBIN_MAX_BODY_SIZE = mkOption { + default = 1024; + type = types.int; + description = "Number of bytes to accept for POST requests"; + }; + + WASTEBIN_TITLE = mkOption { + default = "wastebin"; + type = types.str; + description = "Overrides the HTML page title"; + }; + + RUST_LOG = mkOption { + default = "info"; + type = types.str; + description = + '' + Influences logging. Besides the typical trace, debug, info etc. + keys, you can also set the tower_http key to some log level to get + additional information request and response logs. + ''; + }; + }; + }; + + default = { }; + + example = { + WASTEBIN_TITLE = "My awesome pastebin"; + }; + }; + }; + + config = mkIf cfg.enable + { + systemd.services.wastebin = { + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + environment = mapAttrs (_: v: if isBool v then boolToString v else toString v) cfg.settings; + serviceConfig = { + CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ]; + DevicePolicy = "closed"; + DynamicUser = true; + ExecStart = "${getExe cfg.package}"; + LockPersonality = true; + MemoryDenyWriteExecute = true; + PrivateDevices = true; + PrivateUsers = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectProc = "invisible"; + RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; + RestrictNamespaces = true; + RestrictRealtime = true; + SystemCallArchitectures = [ "native" ]; + SystemCallFilter = [ "@system-service" ]; + StateDirectory = baseNameOf cfg.stateDir; + ReadWritePaths = cfg.stateDir; + } // optionalAttrs (cfg.secretFile != null) { + EnvironmentFile = cfg.secretFile; + }; + }; + }; + + meta.maintainers = with lib.maintainers; [ pinpox ]; +} diff --git a/nixpkgs/nixos/modules/services/misc/weechat.nix b/nixpkgs/nixos/modules/services/misc/weechat.nix index 338493e3cd37..6f6c78b1c9dc 100644 --- a/nixpkgs/nixos/modules/services/misc/weechat.nix +++ b/nixpkgs/nixos/modules/services/misc/weechat.nix @@ -8,20 +8,20 @@ in { options.services.weechat = { - enable = mkEnableOption (lib.mdDoc "weechat"); + enable = mkEnableOption "weechat"; root = mkOption { - description = lib.mdDoc "Weechat state directory."; + description = "Weechat state directory."; type = types.str; default = "/var/lib/weechat"; }; sessionName = mkOption { - description = lib.mdDoc "Name of the `screen` session for weechat."; + description = "Name of the `screen` session for weechat."; default = "weechat-screen"; type = types.str; }; binary = mkOption { type = types.path; - description = lib.mdDoc "Binary to execute."; + description = "Binary to execute."; default = "${pkgs.weechat}/bin/weechat"; defaultText = literalExpression ''"''${pkgs.weechat}/bin/weechat"''; example = literalExpression ''"''${pkgs.weechat}/bin/weechat-headless"''; diff --git a/nixpkgs/nixos/modules/services/misc/workout-tracker.nix b/nixpkgs/nixos/modules/services/misc/workout-tracker.nix new file mode 100644 index 000000000000..13555504be30 --- /dev/null +++ b/nixpkgs/nixos/modules/services/misc/workout-tracker.nix @@ -0,0 +1,83 @@ +{ + config, + lib, + pkgs, + ... +}: + +let + inherit (lib) types; + cfg = config.services.workout-tracker; + stateDir = "workout-tracker"; +in + +{ + options = { + services.workout-tracker = { + enable = lib.mkEnableOption "workout tracking web application for personal use (or family, friends), geared towards running and other GPX-based activities"; + + package = lib.mkPackageOption pkgs "workout-tracker" { }; + + address = lib.mkOption { + type = types.str; + default = "127.0.0.1"; + description = "Web interface address."; + }; + + port = lib.mkOption { + type = types.port; + default = 8080; + description = "Web interface port."; + }; + + environmentFile = lib.mkOption { + type = types.nullOr types.path; + default = null; + example = "/run/keys/workout-tracker.env"; + description = '' + An environment file as defined in {manpage}`systemd.exec(5)`. + + Secrets like `WT_JWT_ENCRYPTION_KEY` may be passed to the service without adding them + to the world-readable Nix store. + ''; + }; + + settings = lib.mkOption { + type = types.attrsOf types.str; + + default = { }; + description = '' + Extra config options. + ''; + example = { + WT_LOGGING = "true"; + WT_DEBUG = "false"; + WT_DATABASE_DRIVER = "sqlite"; + WT_DSN = "./database.db"; + }; + }; + }; + }; + + config = lib.mkIf cfg.enable { + systemd.services.workout-tracker = { + description = "A workout tracking web application for personal use (or family, friends), geared towards running and other GPX-based activities"; + wantedBy = [ "multi-user.target" ]; + environment = { + WT_BIND = "${cfg.address}:${toString cfg.port}"; + WT_DATABASE_DRIVER = "sqlite"; + WT_DSN = "./database.db"; + } // cfg.settings; + serviceConfig = { + ExecStart = lib.getExe cfg.package; + DynamicUser = true; + StateDirectory = stateDir; + WorkingDirectory = "%S/${stateDir}"; + Restart = "always"; + EnvironmentFile = lib.optional (cfg.environmentFile != null) cfg.environmentFile; + }; + }; + }; + + meta.maintainers = with lib.maintainers; [ bhankas ]; +} diff --git a/nixpkgs/nixos/modules/services/misc/xmr-stak.nix b/nixpkgs/nixos/modules/services/misc/xmr-stak.nix index 54efae48d5d2..3015e3cb12a8 100644 --- a/nixpkgs/nixos/modules/services/misc/xmr-stak.nix +++ b/nixpkgs/nixos/modules/services/misc/xmr-stak.nix @@ -15,14 +15,14 @@ in { options = { services.xmr-stak = { - enable = mkEnableOption (lib.mdDoc "xmr-stak miner"); - openclSupport = mkEnableOption (lib.mdDoc "support for OpenCL (AMD/ATI graphics cards)"); + enable = mkEnableOption "xmr-stak miner"; + openclSupport = mkEnableOption "support for OpenCL (AMD/ATI graphics cards)"; extraArgs = mkOption { type = types.listOf types.str; default = []; example = [ "--noCPU" "--currency monero" ]; - description = lib.mdDoc "List of parameters to pass to xmr-stak."; + description = "List of parameters to pass to xmr-stak."; }; configFiles = mkOption { @@ -51,7 +51,7 @@ in '''; } ''; - description = lib.mdDoc '' + description = '' Content of config files like config.txt, pools.txt or cpu.txt. ''; }; diff --git a/nixpkgs/nixos/modules/services/misc/xmrig.nix b/nixpkgs/nixos/modules/services/misc/xmrig.nix index 8ad2d049f8a9..d4e1be779972 100644 --- a/nixpkgs/nixos/modules/services/misc/xmrig.nix +++ b/nixpkgs/nixos/modules/services/misc/xmrig.nix @@ -13,7 +13,7 @@ with lib; { options = { services.xmrig = { - enable = mkEnableOption (lib.mdDoc "XMRig Mining Software"); + enable = mkEnableOption "XMRig Mining Software"; package = mkPackageOption pkgs "xmrig" { example = "xmrig-mo"; @@ -38,7 +38,7 @@ with lib; ] } ''; - description = lib.mdDoc '' + description = '' XMRig configuration. Refer to <https://xmrig.com/docs/miner/config> for details on supported values. diff --git a/nixpkgs/nixos/modules/services/misc/zoneminder.nix b/nixpkgs/nixos/modules/services/misc/zoneminder.nix index fca03b2ad4e1..84c3a6710c0d 100644 --- a/nixpkgs/nixos/modules/services/misc/zoneminder.nix +++ b/nixpkgs/nixos/modules/services/misc/zoneminder.nix @@ -66,7 +66,7 @@ let in { options = { services.zoneminder = with lib; { - enable = lib.mkEnableOption (lib.mdDoc '' + enable = lib.mkEnableOption '' ZoneMinder. If you intend to run the database locally, you should set @@ -75,12 +75,12 @@ in { and database user as well as populate the database yourself. Additionally, you will need to run `zmupdate.pl` yourself when upgrading to a newer version - ''); + ''; webserver = mkOption { type = types.enum [ "nginx" "none" ]; default = "nginx"; - description = lib.mdDoc '' + description = '' The webserver to configure for the PHP frontend. Set it to `none` if you want to configure it yourself. PRs are welcome @@ -91,7 +91,7 @@ in { hostname = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc '' + description = '' The hostname on which to listen. ''; }; @@ -99,7 +99,7 @@ in { port = mkOption { type = types.port; default = 8095; - description = lib.mdDoc '' + description = '' The port on which to listen. ''; }; @@ -107,7 +107,7 @@ in { openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Open the firewall port(s). ''; }; @@ -116,7 +116,7 @@ in { createLocally = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Create the database and database user locally. ''; }; @@ -124,7 +124,7 @@ in { host = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc '' + description = '' Hostname hosting the database. ''; }; @@ -132,7 +132,7 @@ in { name = mkOption { type = types.str; default = "zm"; - description = lib.mdDoc '' + description = '' Name of database. ''; }; @@ -140,7 +140,7 @@ in { username = mkOption { type = types.str; default = "zmuser"; - description = lib.mdDoc '' + description = '' Username for accessing the database. ''; }; @@ -148,7 +148,7 @@ in { password = mkOption { type = types.str; default = "zmpass"; - description = lib.mdDoc '' + description = '' Username for accessing the database. Not used if `createLocally` is set. ''; @@ -158,7 +158,7 @@ in { cameras = mkOption { type = types.int; default = 1; - description = lib.mdDoc '' + description = '' Set this to the number of cameras you expect to support. ''; }; @@ -167,7 +167,7 @@ in { type = types.nullOr types.str; default = null; example = "/storage/tank"; - description = lib.mdDoc '' + description = '' ZoneMinder can generate quite a lot of data, so in case you don't want to use the default ${defaultDir}, you can override the path here. ''; @@ -176,7 +176,7 @@ in { extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Additional configuration added verbatim to the configuration file. ''; }; diff --git a/nixpkgs/nixos/modules/services/misc/zookeeper.nix b/nixpkgs/nixos/modules/services/misc/zookeeper.nix index b1c0b80648c6..3861a3cd2f4d 100644 --- a/nixpkgs/nixos/modules/services/misc/zookeeper.nix +++ b/nixpkgs/nixos/modules/services/misc/zookeeper.nix @@ -24,22 +24,22 @@ let in { options.services.zookeeper = { - enable = mkEnableOption (lib.mdDoc "Zookeeper"); + enable = mkEnableOption "Zookeeper"; port = mkOption { - description = lib.mdDoc "Zookeeper Client port."; + description = "Zookeeper Client port."; default = 2181; type = types.port; }; id = mkOption { - description = lib.mdDoc "Zookeeper ID."; + description = "Zookeeper ID."; default = 0; type = types.int; }; purgeInterval = mkOption { - description = lib.mdDoc '' + description = '' The time interval in hours for which the purge task has to be triggered. Set to a positive integer (1 and above) to enable the auto purging. ''; default = 1; @@ -47,7 +47,7 @@ in { }; extraConf = mkOption { - description = lib.mdDoc "Extra configuration for Zookeeper."; + description = "Extra configuration for Zookeeper."; type = types.lines; default = '' initLimit=5 @@ -57,7 +57,7 @@ in { }; servers = mkOption { - description = lib.mdDoc "All Zookeeper Servers."; + description = "All Zookeeper Servers."; default = ""; type = types.lines; example = '' @@ -68,7 +68,7 @@ in { }; logging = mkOption { - description = lib.mdDoc "Zookeeper logging configuration."; + description = "Zookeeper logging configuration."; default = '' zookeeper.root.logger=INFO, CONSOLE log4j.rootLogger=INFO, CONSOLE @@ -83,13 +83,13 @@ in { dataDir = mkOption { type = types.path; default = "/var/lib/zookeeper"; - description = lib.mdDoc '' + description = '' Data directory for Zookeeper ''; }; extraCmdLineOptions = mkOption { - description = lib.mdDoc "Extra command line options for the Zookeeper launcher."; + description = "Extra command line options for the Zookeeper launcher."; default = [ "-Dcom.sun.management.jmxremote" "-Dcom.sun.management.jmxremote.local.only=true" ]; type = types.listOf types.str; example = [ "-Djava.net.preferIPv4Stack=true" "-Dcom.sun.management.jmxremote" "-Dcom.sun.management.jmxremote.local.only=true" ]; @@ -98,7 +98,7 @@ in { preferIPv4 = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Add the -Djava.net.preferIPv4Stack=true flag to the Zookeeper server. ''; }; @@ -106,7 +106,7 @@ in { package = mkPackageOption pkgs "zookeeper" { }; jre = mkOption { - description = lib.mdDoc "The JRE with which to run Zookeeper"; + description = "The JRE with which to run Zookeeper"; default = cfg.package.jre; defaultText = literalExpression "pkgs.zookeeper.jre"; example = literalExpression "pkgs.jre"; diff --git a/nixpkgs/nixos/modules/services/monitoring/alerta.nix b/nixpkgs/nixos/modules/services/monitoring/alerta.nix index 0b0ab177e5e1..32c71e730102 100644 --- a/nixpkgs/nixos/modules/services/monitoring/alerta.nix +++ b/nixpkgs/nixos/modules/services/monitoring/alerta.nix @@ -21,58 +21,58 @@ let in { options.services.alerta = { - enable = mkEnableOption (lib.mdDoc "alerta"); + enable = mkEnableOption "alerta"; port = mkOption { type = types.port; default = 5000; - description = lib.mdDoc "Port of Alerta"; + description = "Port of Alerta"; }; bind = mkOption { type = types.str; default = "0.0.0.0"; - description = lib.mdDoc "Address to bind to. The default is to bind to all addresses"; + description = "Address to bind to. The default is to bind to all addresses"; }; logDir = mkOption { type = types.path; - description = lib.mdDoc "Location where the logfiles are stored"; + description = "Location where the logfiles are stored"; default = "/var/log/alerta"; }; databaseUrl = mkOption { type = types.str; - description = lib.mdDoc "URL of the MongoDB or PostgreSQL database to connect to"; + description = "URL of the MongoDB or PostgreSQL database to connect to"; default = "mongodb://localhost"; }; databaseName = mkOption { type = types.str; - description = lib.mdDoc "Name of the database instance to connect to"; + description = "Name of the database instance to connect to"; default = "monitoring"; }; corsOrigins = mkOption { type = types.listOf types.str; - description = lib.mdDoc "List of URLs that can access the API for Cross-Origin Resource Sharing (CORS)"; + description = "List of URLs that can access the API for Cross-Origin Resource Sharing (CORS)"; default = [ "http://localhost" "http://localhost:5000" ]; }; authenticationRequired = mkOption { type = types.bool; - description = lib.mdDoc "Whether users must authenticate when using the web UI or command-line tool"; + description = "Whether users must authenticate when using the web UI or command-line tool"; default = false; }; signupEnabled = mkOption { type = types.bool; - description = lib.mdDoc "Whether to prevent sign-up of new users via the web UI"; + description = "Whether to prevent sign-up of new users via the web UI"; default = true; }; extraConfig = mkOption { - description = lib.mdDoc "These lines go into alertad.conf verbatim."; + description = "These lines go into alertad.conf verbatim."; default = ""; type = types.lines; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/apcupsd.nix b/nixpkgs/nixos/modules/services/monitoring/apcupsd.nix index 666479c78a84..09cf593f5d5e 100644 --- a/nixpkgs/nixos/modules/services/monitoring/apcupsd.nix +++ b/nixpkgs/nixos/modules/services/monitoring/apcupsd.nix @@ -90,7 +90,7 @@ in enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to enable the APC UPS daemon. apcupsd monitors your UPS and permits orderly shutdown of your computer in the event of a power failure. User manual: http://www.apcupsd.com/manual/manual.html. @@ -107,7 +107,7 @@ in MINUTES 5 ''; type = types.lines; - description = lib.mdDoc '' + description = '' Contents of the runtime configuration file, apcupsd.conf. The default settings makes apcupsd autodetect USB UPSes, limit network access to localhost and shutdown the system when the battery level is below 50 @@ -122,7 +122,7 @@ in doshutdown = "# shell commands to notify that the computer is shutting down"; }; type = types.attrsOf types.lines; - description = lib.mdDoc '' + description = '' Each attribute in this option names an apcupsd event and the string value it contains will be executed in a shell, in response to that event (prior to the default action). See "man apccontrol" for the diff --git a/nixpkgs/nixos/modules/services/monitoring/arbtt.nix b/nixpkgs/nixos/modules/services/monitoring/arbtt.nix index a1a228d6e420..6dad6bdec328 100644 --- a/nixpkgs/nixos/modules/services/monitoring/arbtt.nix +++ b/nixpkgs/nixos/modules/services/monitoring/arbtt.nix @@ -7,7 +7,7 @@ let in { options = { services.arbtt = { - enable = mkEnableOption (lib.mdDoc "Arbtt statistics capture service"); + enable = mkEnableOption "Arbtt statistics capture service"; package = mkPackageOption pkgs [ "haskellPackages" "arbtt" ] { }; @@ -15,7 +15,7 @@ in { type = types.str; default = "%h/.arbtt/capture.log"; example = "/home/username/.arbtt-capture.log"; - description = lib.mdDoc '' + description = '' The log file for captured samples. ''; }; @@ -24,7 +24,7 @@ in { type = types.int; default = 60; example = 120; - description = lib.mdDoc '' + description = '' The sampling interval in seconds. ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/below.nix b/nixpkgs/nixos/modules/services/monitoring/below.nix index 4a7135162ac4..729734828142 100644 --- a/nixpkgs/nixos/modules/services/monitoring/below.nix +++ b/nixpkgs/nixos/modules/services/monitoring/below.nix @@ -13,10 +13,10 @@ let mkDisableOption = n: mkOption { type = types.bool; default = true; - description = mdDoc "Whether to enable ${n}."; + description = "Whether to enable ${n}."; }; optionalType = ty: x: mkOption (x // { - description = mdDoc x.description; + description = x.description; type = (types.nullOr ty); default = null; }); @@ -26,7 +26,7 @@ let in { options = { services.below = { - enable = mkEnableOption (mdDoc "'below' resource monitor"); + enable = mkEnableOption "'below' resource monitor"; cgroupFilterOut = optionalStr { description = "A regexp matching the full paths of cgroups whose data shouldn't be collected"; @@ -34,10 +34,10 @@ in { }; collect = { diskStats = mkDisableOption "dist_stat collection"; - ioStats = mkEnableOption (mdDoc "io.stat collection for cgroups"); + ioStats = mkEnableOption "io.stat collection for cgroups"; exitStats = mkDisableOption "eBPF-based exitstats"; }; - compression.enable = mkEnableOption (mdDoc "data compression"); + compression.enable = mkEnableOption "data compression"; retention = { size = optionalInt { description = '' diff --git a/nixpkgs/nixos/modules/services/monitoring/bosun.nix b/nixpkgs/nixos/modules/services/monitoring/bosun.nix index fb412d43ec27..4b855b96e949 100644 --- a/nixpkgs/nixos/modules/services/monitoring/bosun.nix +++ b/nixpkgs/nixos/modules/services/monitoring/bosun.nix @@ -22,14 +22,14 @@ in { services.bosun = { - enable = mkEnableOption (lib.mdDoc "bosun"); + enable = mkEnableOption "bosun"; package = mkPackageOption pkgs "bosun" { }; user = mkOption { type = types.str; default = "bosun"; - description = lib.mdDoc '' + description = '' User account under which bosun runs. ''; }; @@ -37,7 +37,7 @@ in { group = mkOption { type = types.str; default = "bosun"; - description = lib.mdDoc '' + description = '' Group account under which bosun runs. ''; }; @@ -45,7 +45,7 @@ in { opentsdbHost = mkOption { type = types.nullOr types.str; default = "localhost:4242"; - description = lib.mdDoc '' + description = '' Host and port of the OpenTSDB database that stores bosun data. To disable opentsdb you can pass null as parameter. ''; @@ -55,7 +55,7 @@ in { type = types.nullOr types.str; default = null; example = "localhost:8086"; - description = lib.mdDoc '' + description = '' Host and port of the influxdb database. ''; }; @@ -63,7 +63,7 @@ in { listenAddress = mkOption { type = types.str; default = ":8070"; - description = lib.mdDoc '' + description = '' The host address and port that bosun's web interface will listen on. ''; }; @@ -71,7 +71,7 @@ in { stateFile = mkOption { type = types.path; default = "/var/lib/bosun/bosun.state"; - description = lib.mdDoc '' + description = '' Path to bosun's state file. ''; }; @@ -79,7 +79,7 @@ in { ledisDir = mkOption { type = types.path; default = "/var/lib/bosun/ledis_data"; - description = lib.mdDoc '' + description = '' Path to bosun's ledis data dir ''; }; @@ -87,7 +87,7 @@ in { checkFrequency = mkOption { type = types.str; default = "5m"; - description = lib.mdDoc '' + description = '' Bosun's check frequency ''; }; @@ -95,7 +95,7 @@ in { extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra configuration options for Bosun. You should describe your desired templates, alerts, macros, etc through this configuration option. diff --git a/nixpkgs/nixos/modules/services/monitoring/cadvisor.nix b/nixpkgs/nixos/modules/services/monitoring/cadvisor.nix index 68e6e8e40b31..6b0852cfe3ef 100644 --- a/nixpkgs/nixos/modules/services/monitoring/cadvisor.nix +++ b/nixpkgs/nixos/modules/services/monitoring/cadvisor.nix @@ -8,49 +8,49 @@ let in { options = { services.cadvisor = { - enable = mkEnableOption (lib.mdDoc "Cadvisor service"); + enable = mkEnableOption "Cadvisor service"; listenAddress = mkOption { default = "127.0.0.1"; type = types.str; - description = lib.mdDoc "Cadvisor listening host"; + description = "Cadvisor listening host"; }; port = mkOption { default = 8080; type = types.port; - description = lib.mdDoc "Cadvisor listening port"; + description = "Cadvisor listening port"; }; storageDriver = mkOption { default = null; type = types.nullOr types.str; example = "influxdb"; - description = lib.mdDoc "Cadvisor storage driver."; + description = "Cadvisor storage driver."; }; storageDriverHost = mkOption { default = "localhost:8086"; type = types.str; - description = lib.mdDoc "Cadvisor storage driver host."; + description = "Cadvisor storage driver host."; }; storageDriverDb = mkOption { default = "root"; type = types.str; - description = lib.mdDoc "Cadvisord storage driver database name."; + description = "Cadvisord storage driver database name."; }; storageDriverUser = mkOption { default = "root"; type = types.str; - description = lib.mdDoc "Cadvisor storage driver username."; + description = "Cadvisor storage driver username."; }; storageDriverPassword = mkOption { default = "root"; type = types.str; - description = lib.mdDoc '' + description = '' Cadvisor storage driver password. Warning: this password is stored in the world-readable Nix store. It's @@ -62,7 +62,7 @@ in { storageDriverPasswordFile = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' File that contains the cadvisor storage driver password. {option}`storageDriverPasswordFile` takes precedence over {option}`storageDriverPassword` @@ -78,13 +78,13 @@ in { storageDriverSecure = mkOption { default = false; type = types.bool; - description = lib.mdDoc "Cadvisor storage driver, enable secure communication."; + description = "Cadvisor storage driver, enable secure communication."; }; extraOptions = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' Additional cadvisor options. See <https://github.com/google/cadvisor/blob/master/docs/runtime_options.md> for available options. diff --git a/nixpkgs/nixos/modules/services/monitoring/cockpit.nix b/nixpkgs/nixos/modules/services/monitoring/cockpit.nix index 45389a3174e1..64e26ce4e127 100644 --- a/nixpkgs/nixos/modules/services/monitoring/cockpit.nix +++ b/nixpkgs/nixos/modules/services/monitoring/cockpit.nix @@ -2,12 +2,12 @@ let cfg = config.services.cockpit; - inherit (lib) types mkEnableOption mkOption mkIf mdDoc literalMD mkPackageOption; + inherit (lib) types mkEnableOption mkOption mkIf literalMD mkPackageOption; settingsFormat = pkgs.formats.ini {}; in { options = { services.cockpit = { - enable = mkEnableOption (mdDoc "Cockpit"); + enable = mkEnableOption "Cockpit"; package = mkPackageOption pkgs "Cockpit" { default = [ "cockpit" ]; @@ -18,7 +18,7 @@ in { default = {}; - description = mdDoc '' + description = '' Settings for cockpit that will be saved in /etc/cockpit/cockpit.conf. See the [documentation](https://cockpit-project.org/guide/latest/cockpit.conf.5.html), that is also available with `man cockpit.conf.5` for details. @@ -26,13 +26,13 @@ in { }; port = mkOption { - description = mdDoc "Port where cockpit will listen."; + description = "Port where cockpit will listen."; type = types.port; default = 9090; }; openFirewall = mkOption { - description = mdDoc "Open port for cockpit."; + description = "Open port for cockpit."; type = types.bool; default = false; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/collectd.nix b/nixpkgs/nixos/modules/services/monitoring/collectd.nix index 3e62ef422bad..fe9b1214e5c1 100644 --- a/nixpkgs/nixos/modules/services/monitoring/collectd.nix +++ b/nixpkgs/nixos/modules/services/monitoring/collectd.nix @@ -29,11 +29,11 @@ let in { options.services.collectd = with types; { - enable = mkEnableOption (lib.mdDoc "collectd agent"); + enable = mkEnableOption "collectd agent"; validateConfig = mkOption { default = true; - description = lib.mdDoc '' + description = '' Validate the syntax of collectd configuration file at build time. Disable this if you use the Include directive on files unavailable in the build sandbox, or when cross-compiling. @@ -45,7 +45,7 @@ in { buildMinimalPackage = mkOption { default = false; - description = lib.mdDoc '' + description = '' Build a minimal collectd package with only the configured `services.collectd.plugins` ''; type = bool; @@ -53,7 +53,7 @@ in { user = mkOption { default = "collectd"; - description = lib.mdDoc '' + description = '' User under which to run collectd. ''; type = nullOr str; @@ -61,7 +61,7 @@ in { dataDir = mkOption { default = "/var/lib/collectd"; - description = lib.mdDoc '' + description = '' Data directory for collectd agent. ''; type = path; @@ -69,7 +69,7 @@ in { autoLoadPlugin = mkOption { default = false; - description = lib.mdDoc '' + description = '' Enable plugin autoloading. ''; type = bool; @@ -77,7 +77,7 @@ in { include = mkOption { default = []; - description = lib.mdDoc '' + description = '' Additional paths to load config from. ''; type = listOf str; @@ -86,7 +86,7 @@ in { plugins = mkOption { default = {}; example = { cpu = ""; memory = ""; network = "Server 192.168.1.1 25826"; }; - description = lib.mdDoc '' + description = '' Attribute set of plugin names to plugin config segments ''; type = attrsOf lines; @@ -94,7 +94,7 @@ in { extraConfig = mkOption { default = ""; - description = lib.mdDoc '' + description = '' Extra configuration for collectd. Use mkBefore to add lines before the default config, and mkAfter to add them below. ''; diff --git a/nixpkgs/nixos/modules/services/monitoring/das_watchdog.nix b/nixpkgs/nixos/modules/services/monitoring/das_watchdog.nix index fd420b0c8a06..88ca3a9227d2 100644 --- a/nixpkgs/nixos/modules/services/monitoring/das_watchdog.nix +++ b/nixpkgs/nixos/modules/services/monitoring/das_watchdog.nix @@ -12,7 +12,7 @@ in { ###### interface options = { - services.das_watchdog.enable = mkEnableOption (lib.mdDoc "realtime watchdog"); + services.das_watchdog.enable = mkEnableOption "realtime watchdog"; }; ###### implementation diff --git a/nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix b/nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix index 7b07c80c8d7b..5ac98bdf0382 100644 --- a/nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix +++ b/nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix @@ -49,7 +49,7 @@ let }; in { options.services.datadog-agent = { - enable = mkEnableOption (lib.mdDoc "Datadog-agent v7 monitoring service"); + enable = mkEnableOption "Datadog-agent v7 monitoring service"; package = mkPackageOption pkgs "datadog-agent" { extraDescription = '' @@ -61,7 +61,7 @@ in { }; apiKeyFile = mkOption { - description = lib.mdDoc '' + description = '' Path to a file containing the Datadog API key to associate the agent with your account. ''; @@ -70,7 +70,7 @@ in { }; ddUrl = mkOption { - description = lib.mdDoc '' + description = '' Custom dd_url to configure the agent with. Useful if traffic to datadog needs to go through a proxy. Don't use this to point to another datadog site (EU) - use site instead. @@ -81,7 +81,7 @@ in { }; site = mkOption { - description = lib.mdDoc '' + description = '' The datadog site to point the agent towards. Set to datadoghq.eu to point it to their EU site. ''; @@ -91,21 +91,21 @@ in { }; tags = mkOption { - description = lib.mdDoc "The tags to mark this Datadog agent"; + description = "The tags to mark this Datadog agent"; example = [ "test" "service" ]; default = null; type = types.nullOr (types.listOf types.str); }; hostname = mkOption { - description = lib.mdDoc "The hostname to show in the Datadog dashboard (optional)"; + description = "The hostname to show in the Datadog dashboard (optional)"; default = null; example = "mymachine.mydomain"; type = types.nullOr types.str; }; logLevel = mkOption { - description = lib.mdDoc "Logging verbosity."; + description = "Logging verbosity."; default = null; type = types.nullOr (types.enum ["DEBUG" "INFO" "WARN" "ERROR"]); }; @@ -114,7 +114,7 @@ in { default = {}; type = types.attrs; - description = lib.mdDoc '' + description = '' Extra integrations from the Datadog core-integrations repository that should be built and included. @@ -136,14 +136,14 @@ in { extraConfig = mkOption { default = {}; type = types.attrs; - description = lib.mdDoc '' + description = '' Extra configuration options that will be merged into the main config file {file}`datadog.yaml`. ''; }; enableLiveProcessCollection = mkOption { - description = lib.mdDoc '' + description = '' Whether to enable the live process collection agent. ''; default = false; @@ -153,7 +153,7 @@ in { processAgentPackage = mkOption { default = pkgs.datadog-process-agent; defaultText = literalExpression "pkgs.datadog-process-agent"; - description = lib.mdDoc '' + description = '' Which DataDog v7 agent package to use. Note that the provided package is expected to have an overridable `pythonPackages`-attribute which configures the Python environment with the Datadog @@ -163,7 +163,7 @@ in { }; enableTraceAgent = mkOption { - description = lib.mdDoc '' + description = '' Whether to enable the trace agent. ''; default = false; @@ -171,7 +171,7 @@ in { }; checks = mkOption { - description = lib.mdDoc '' + description = '' Configuration for all Datadog checks. Keys of this attribute set will be used as the name of the check to create the appropriate configuration in `conf.d/$check.d/conf.yaml`. @@ -210,7 +210,7 @@ in { }; diskCheck = mkOption { - description = lib.mdDoc "Disk check config"; + description = "Disk check config"; type = types.attrs; default = { init_config = {}; @@ -219,7 +219,7 @@ in { }; networkCheck = mkOption { - description = lib.mdDoc "Network check config"; + description = "Network check config"; type = types.attrs; default = { init_config = {}; diff --git a/nixpkgs/nixos/modules/services/monitoring/do-agent.nix b/nixpkgs/nixos/modules/services/monitoring/do-agent.nix index c1788c640c23..4dfb6236727b 100644 --- a/nixpkgs/nixos/modules/services/monitoring/do-agent.nix +++ b/nixpkgs/nixos/modules/services/monitoring/do-agent.nix @@ -8,7 +8,7 @@ let in { options.services.do-agent = { - enable = mkEnableOption (lib.mdDoc "do-agent, the DigitalOcean droplet metrics agent"); + enable = mkEnableOption "do-agent, the DigitalOcean droplet metrics agent"; }; config = mkIf cfg.enable { diff --git a/nixpkgs/nixos/modules/services/monitoring/fusion-inventory.nix b/nixpkgs/nixos/modules/services/monitoring/fusion-inventory.nix index 7b28e8de1229..9b65c76ce02e 100644 --- a/nixpkgs/nixos/modules/services/monitoring/fusion-inventory.nix +++ b/nixpkgs/nixos/modules/services/monitoring/fusion-inventory.nix @@ -22,11 +22,11 @@ in { services.fusionInventory = { - enable = mkEnableOption (lib.mdDoc "Fusion Inventory Agent"); + enable = mkEnableOption "Fusion Inventory Agent"; servers = mkOption { type = types.listOf types.str; - description = lib.mdDoc '' + description = '' The urls of the OCS/GLPI servers to connect to. ''; }; @@ -34,7 +34,7 @@ in { extraConfig = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Configuration that is injected verbatim into the configuration file. ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/goss.nix b/nixpkgs/nixos/modules/services/monitoring/goss.nix index 1b973bbbf45c..00246752a7cd 100644 --- a/nixpkgs/nixos/modules/services/monitoring/goss.nix +++ b/nixpkgs/nixos/modules/services/monitoring/goss.nix @@ -14,7 +14,7 @@ in { options = { services.goss = { - enable = lib.mkEnableOption (lib.mdDoc "Goss daemon"); + enable = lib.mkEnableOption "Goss daemon"; package = lib.mkPackageOption pkgs "goss" { }; @@ -26,7 +26,7 @@ in { GOSS_LOGLEVEL = "FATAL"; GOSS_LISTEN = ":8080"; }; - description = lib.mdDoc '' + description = '' Environment variables to set for the goss service. See <https://github.com/goss-org/goss/blob/master/docs/manual.md> @@ -46,7 +46,7 @@ in { running = true; }; }; - description = lib.mdDoc '' + description = '' The global options in `config` file in yaml format. Refer to <https://github.com/goss-org/goss/blob/master/docs/goss-json-schema.yaml> for schema. diff --git a/nixpkgs/nixos/modules/services/monitoring/grafana-agent.nix b/nixpkgs/nixos/modules/services/monitoring/grafana-agent.nix index e8d38a453176..655ec8ded1e0 100644 --- a/nixpkgs/nixos/modules/services/monitoring/grafana-agent.nix +++ b/nixpkgs/nixos/modules/services/monitoring/grafana-agent.nix @@ -11,12 +11,12 @@ in }; options.services.grafana-agent = { - enable = mkEnableOption (lib.mdDoc "grafana-agent"); + enable = mkEnableOption "grafana-agent"; package = mkPackageOption pkgs "grafana-agent" { }; credentials = mkOption { - description = lib.mdDoc '' + description = '' Credentials to load at service startup. Keys that are UPPER_SNAKE will be loaded as env vars. Values are absolute paths to the credentials. ''; type = types.attrsOf types.str; @@ -36,7 +36,7 @@ in type = with types; listOf str; default = [ ]; example = [ "-enable-features=integrations-next" "-disable-reporting" ]; - description = lib.mdDoc '' + description = '' Extra command-line flags passed to {command}`grafana-agent`. See <https://grafana.com/docs/agent/latest/static/configuration/flags/> @@ -44,7 +44,7 @@ in }; settings = mkOption { - description = lib.mdDoc '' + description = '' Configuration for {command}`grafana-agent`. See <https://grafana.com/docs/agent/latest/configuration/> diff --git a/nixpkgs/nixos/modules/services/monitoring/grafana-image-renderer.nix b/nixpkgs/nixos/modules/services/monitoring/grafana-image-renderer.nix index afe9eb4d7b95..e06720b15302 100644 --- a/nixpkgs/nixos/modules/services/monitoring/grafana-image-renderer.nix +++ b/nixpkgs/nixos/modules/services/monitoring/grafana-image-renderer.nix @@ -10,18 +10,18 @@ let configFile = format.generate "grafana-image-renderer-config.json" cfg.settings; in { options.services.grafana-image-renderer = { - enable = mkEnableOption (lib.mdDoc "grafana-image-renderer"); + enable = mkEnableOption "grafana-image-renderer"; chromium = mkOption { type = types.package; - description = lib.mdDoc '' + description = '' The chromium to use for image rendering. ''; }; - verbose = mkEnableOption (lib.mdDoc "verbosity for the service"); + verbose = mkEnableOption "verbosity for the service"; - provisionGrafana = mkEnableOption (lib.mdDoc "Grafana configuration for grafana-image-renderer"); + provisionGrafana = mkEnableOption "Grafana configuration for grafana-image-renderer"; settings = mkOption { type = types.submodule { @@ -32,14 +32,14 @@ in { port = mkOption { type = types.port; default = 8081; - description = lib.mdDoc '' + description = '' The TCP port to use for the rendering server. ''; }; logging.level = mkOption { type = types.enum [ "error" "warning" "info" "debug" ]; default = "info"; - description = lib.mdDoc '' + description = '' The log-level of the {file}`grafana-image-renderer.service`-unit. ''; }; @@ -48,21 +48,21 @@ in { width = mkOption { default = 1000; type = types.ints.positive; - description = lib.mdDoc '' + description = '' Width of the PNG used to display the alerting graph. ''; }; height = mkOption { default = 500; type = types.ints.positive; - description = lib.mdDoc '' + description = '' Height of the PNG used to display the alerting graph. ''; }; mode = mkOption { default = "default"; type = types.enum [ "default" "reusable" "clustered" ]; - description = lib.mdDoc '' + description = '' Rendering mode of `grafana-image-renderer`: - `default:` Creates on browser-instance @@ -77,7 +77,7 @@ in { args = mkOption { type = types.listOf types.str; default = [ "--no-sandbox" ]; - description = lib.mdDoc '' + description = '' List of CLI flags passed to `chromium`. ''; }; @@ -87,7 +87,7 @@ in { default = {}; - description = lib.mdDoc '' + description = '' Configuration attributes for `grafana-image-renderer`. See <https://github.com/grafana/grafana-image-renderer/blob/ce1f81438e5f69c7fd7c73ce08bab624c4c92e25/default.json> diff --git a/nixpkgs/nixos/modules/services/monitoring/grafana-reporter.nix b/nixpkgs/nixos/modules/services/monitoring/grafana-reporter.nix index eac304d63aa1..340ab7abd19b 100644 --- a/nixpkgs/nixos/modules/services/monitoring/grafana-reporter.nix +++ b/nixpkgs/nixos/modules/services/monitoring/grafana-reporter.nix @@ -7,40 +7,40 @@ let in { options.services.grafana_reporter = { - enable = mkEnableOption (lib.mdDoc "grafana_reporter"); + enable = mkEnableOption "grafana_reporter"; grafana = { protocol = mkOption { - description = lib.mdDoc "Grafana protocol."; + description = "Grafana protocol."; default = "http"; type = types.enum ["http" "https"]; }; addr = mkOption { - description = lib.mdDoc "Grafana address."; + description = "Grafana address."; default = "127.0.0.1"; type = types.str; }; port = mkOption { - description = lib.mdDoc "Grafana port."; + description = "Grafana port."; default = 3000; type = types.port; }; }; addr = mkOption { - description = lib.mdDoc "Listening address."; + description = "Listening address."; default = "127.0.0.1"; type = types.str; }; port = mkOption { - description = lib.mdDoc "Listening port."; + description = "Listening port."; default = 8686; type = types.port; }; templateDir = mkOption { - description = lib.mdDoc "Optional template directory to use custom tex templates"; + description = "Optional template directory to use custom tex templates"; default = pkgs.grafana_reporter; defaultText = literalExpression "pkgs.grafana_reporter"; type = types.either types.str types.path; diff --git a/nixpkgs/nixos/modules/services/monitoring/grafana.nix b/nixpkgs/nixos/modules/services/monitoring/grafana.nix index 5ac010bf81ee..9d453c539482 100644 --- a/nixpkgs/nixos/modules/services/monitoring/grafana.nix +++ b/nixpkgs/nixos/modules/services/monitoring/grafana.nix @@ -95,41 +95,41 @@ let options = { name = mkOption { type = types.str; - description = lib.mdDoc "Name of the datasource. Required."; + description = "Name of the datasource. Required."; }; type = mkOption { type = types.str; - description = lib.mdDoc "Datasource type. Required."; + description = "Datasource type. Required."; }; access = mkOption { type = types.enum [ "proxy" "direct" ]; default = "proxy"; - description = lib.mdDoc "Access mode. proxy or direct (Server or Browser in the UI). Required."; + description = "Access mode. proxy or direct (Server or Browser in the UI). Required."; }; uid = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "Custom UID which can be used to reference this datasource in other parts of the configuration, if not specified will be generated automatically."; + description = "Custom UID which can be used to reference this datasource in other parts of the configuration, if not specified will be generated automatically."; }; url = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc "Url of the datasource."; + description = "Url of the datasource."; }; editable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Allow users to edit datasources from the UI."; + description = "Allow users to edit datasources from the UI."; }; jsonData = mkOption { type = types.nullOr types.attrs; default = null; - description = lib.mdDoc "Extra data for datasource plugins."; + description = "Extra data for datasource plugins."; }; secureJsonData = mkOption { type = types.nullOr types.attrs; default = null; - description = lib.mdDoc '' + description = '' Datasource specific secure configuration. Please note that the contents of this option will end up in a world-readable Nix store. Use the file provider pointing at a reasonably secured file in the local filesystem @@ -148,16 +148,16 @@ let name = mkOption { type = types.str; default = "default"; - description = lib.mdDoc "A unique provider name."; + description = "A unique provider name."; }; type = mkOption { type = types.str; default = "file"; - description = lib.mdDoc "Dashboard provider type."; + description = "Dashboard provider type."; }; options.path = mkOption { type = types.path; - description = lib.mdDoc "Path grafana will watch for dashboards. Required when using the 'file' type."; + description = "Path grafana will watch for dashboards. Required when using the 'file' type."; }; }; }; @@ -167,55 +167,55 @@ let name = mkOption { type = types.str; default = "default"; - description = lib.mdDoc "Notifier name."; + description = "Notifier name."; }; type = mkOption { type = types.enum [ "dingding" "discord" "email" "googlechat" "hipchat" "kafka" "line" "teams" "opsgenie" "pagerduty" "prometheus-alertmanager" "pushover" "sensu" "sensugo" "slack" "telegram" "threema" "victorops" "webhook" ]; - description = lib.mdDoc "Notifier type."; + description = "Notifier type."; }; uid = mkOption { type = types.str; - description = lib.mdDoc "Unique notifier identifier."; + description = "Unique notifier identifier."; }; org_id = mkOption { type = types.int; default = 1; - description = lib.mdDoc "Organization ID."; + description = "Organization ID."; }; org_name = mkOption { type = types.str; default = "Main Org."; - description = lib.mdDoc "Organization name."; + description = "Organization name."; }; is_default = mkOption { type = types.bool; - description = lib.mdDoc "Is the default notifier."; + description = "Is the default notifier."; default = false; }; send_reminder = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Should the notifier be sent reminder notifications while alerts continue to fire."; + description = "Should the notifier be sent reminder notifications while alerts continue to fire."; }; frequency = mkOption { type = types.str; default = "5m"; - description = lib.mdDoc "How frequently should the notifier be sent reminders."; + description = "How frequently should the notifier be sent reminders."; }; disable_resolve_message = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Turn off the message that sends when an alert returns to OK."; + description = "Turn off the message that sends when an alert returns to OK."; }; settings = mkOption { type = types.nullOr types.attrs; default = null; - description = lib.mdDoc "Settings for the notifier type."; + description = "Settings for the notifier type."; }; secure_settings = mkOption { type = types.nullOr types.attrs; default = null; - description = lib.mdDoc '' + description = '' Secure settings for the notifier type. Please note that the contents of this option will end up in a world-readable Nix store. Use the file provider pointing at a reasonably secured file in the local filesystem @@ -297,12 +297,12 @@ in ]; options.services.grafana = { - enable = mkEnableOption (lib.mdDoc "grafana"); + enable = mkEnableOption "grafana"; declarativePlugins = mkOption { type = with types; nullOr (listOf path); default = null; - description = lib.mdDoc "If non-null, then a list of packages containing Grafana plugins to install. If set, plugins cannot be manually installed."; + description = "If non-null, then a list of packages containing Grafana plugins to install. If set, plugins cannot be manually installed."; example = literalExpression "with pkgs.grafanaPlugins; [ grafana-piechart-panel ]"; # Make sure each plugin is added only once; otherwise building # the link farm fails, since the same path is added multiple @@ -313,13 +313,13 @@ in package = mkPackageOption pkgs "grafana" { }; dataDir = mkOption { - description = lib.mdDoc "Data directory."; + description = "Data directory."; default = "/var/lib/grafana"; type = types.path; }; settings = mkOption { - description = lib.mdDoc '' + description = '' Grafana settings. See <https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/> for available options. INI format is used. ''; @@ -329,14 +329,14 @@ in options = { paths = { plugins = mkOption { - description = lib.mdDoc "Directory where grafana will automatically scan and look for plugins"; + description = "Directory where grafana will automatically scan and look for plugins"; default = if (cfg.declarativePlugins == null) then "${cfg.dataDir}/plugins" else declarativePlugins; defaultText = literalExpression "if (cfg.declarativePlugins == null) then \"\${cfg.dataDir}/plugins\" else declarativePlugins"; type = types.path; }; provisioning = mkOption { - description = lib.mdDoc '' + description = '' Folder that contains provisioning config files that grafana will apply on startup and while running. Don't change the value of this option if you are planning to use `services.grafana.provision` options. ''; @@ -348,7 +348,7 @@ in server = { protocol = mkOption { - description = lib.mdDoc "Which protocol to listen."; + description = "Which protocol to listen."; default = "http"; type = types.enum [ "http" "https" "h2" "socket" ]; }; @@ -356,7 +356,7 @@ in http_addr = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc '' + description = '' Listening address. ::: {.note} @@ -366,13 +366,13 @@ in }; http_port = mkOption { - description = lib.mdDoc "Listening port."; + description = "Listening port."; default = 3000; type = types.port; }; domain = mkOption { - description = lib.mdDoc '' + description = '' The public facing domain name used to access grafana from a browser. This setting is only used in the default value of the `root_url` setting. @@ -383,7 +383,7 @@ in }; enforce_domain = mkOption { - description = lib.mdDoc '' + description = '' Redirect to correct domain if the host header does not match the domain. Prevents DNS rebinding attacks. ''; @@ -392,7 +392,7 @@ in }; root_url = mkOption { - description = lib.mdDoc '' + description = '' This is the full URL used to access Grafana from a web browser. This is important if you use Google or GitHub OAuth authentication (for the callback URL to be correct). @@ -404,7 +404,7 @@ in }; serve_from_sub_path = mkOption { - description = lib.mdDoc '' + description = '' Serve Grafana from subpath specified in the `root_url` setting. By default it is set to `false` for compatibility reasons. @@ -418,7 +418,7 @@ in }; router_logging = mkOption { - description = lib.mdDoc '' + description = '' Set to `true` for Grafana to log all HTTP requests (not just errors). These are logged as Info level events to the Grafana log. ''; @@ -427,14 +427,14 @@ in }; static_root_path = mkOption { - description = lib.mdDoc "Root path for static assets."; + description = "Root path for static assets."; default = "${cfg.package}/share/grafana/public"; defaultText = literalExpression ''"''${package}/share/grafana/public"''; type = types.str; }; enable_gzip = mkOption { - description = lib.mdDoc '' + description = '' Set this option to `true` to enable HTTP compression, this can improve transfer speed and bandwidth utilization. It is recommended that most users set it to `true`. By default it is set to `false` for compatibility reasons. ''; @@ -443,7 +443,7 @@ in }; cert_file = mkOption { - description = lib.mdDoc '' + description = '' Path to the certificate file (if `protocol` is set to `https` or `h2`). ''; default = null; @@ -451,7 +451,7 @@ in }; cert_key = mkOption { - description = lib.mdDoc '' + description = '' Path to the certificate key file (if `protocol` is set to `https` or `h2`). ''; default = null; @@ -459,7 +459,7 @@ in }; socket_gid = mkOption { - description = lib.mdDoc '' + description = '' GID where the socket should be set when `protocol=socket`. Make sure that the target group is in the group of Grafana process and that Grafana process is the file owner before you change this setting. It is recommended to set the gid as http server user gid. @@ -470,7 +470,7 @@ in }; socket_mode = mkOption { - description = lib.mdDoc '' + description = '' Mode where the socket should be set when `protocol=socket`. Make sure that Grafana process is the file owner before you change this setting. ''; @@ -482,7 +482,7 @@ in }; socket = mkOption { - description = lib.mdDoc '' + description = '' Path where the socket should be created when `protocol=socket`. Make sure that Grafana has appropriate permissions before you change this setting. ''; @@ -491,7 +491,7 @@ in }; cdn_url = mkOption { - description = lib.mdDoc '' + description = '' Specify a full HTTP URL address to the root of your Grafana CDN assets. Grafana will add edition and version paths. @@ -503,7 +503,7 @@ in }; read_timeout = mkOption { - description = lib.mdDoc '' + description = '' Sets the maximum time using a duration format (5s/5m/5ms) before timing out read of an incoming request and closing idle connections. 0 means there is no timeout for reading the request. @@ -515,13 +515,13 @@ in database = { type = mkOption { - description = lib.mdDoc "Database type."; + description = "Database type."; default = "sqlite3"; type = types.enum [ "mysql" "sqlite3" "postgres" ]; }; host = mkOption { - description = lib.mdDoc '' + description = '' Only applicable to MySQL or Postgres. Includes IP or hostname and port or in case of Unix sockets the path to it. For example, for MySQL running on the same host as Grafana: `host = "127.0.0.1:3306"` @@ -532,19 +532,19 @@ in }; name = mkOption { - description = lib.mdDoc "The name of the Grafana database."; + description = "The name of the Grafana database."; default = "grafana"; type = types.str; }; user = mkOption { - description = lib.mdDoc "The database user (not applicable for `sqlite3`)."; + description = "The database user (not applicable for `sqlite3`)."; default = "root"; type = types.str; }; password = mkOption { - description = lib.mdDoc '' + description = '' The database user's password (not applicable for `sqlite3`). Please note that the contents of this option @@ -558,19 +558,19 @@ in }; max_idle_conn = mkOption { - description = lib.mdDoc "The maximum number of connections in the idle connection pool."; + description = "The maximum number of connections in the idle connection pool."; default = 2; type = types.int; }; max_open_conn = mkOption { - description = lib.mdDoc "The maximum number of open connections to the database."; + description = "The maximum number of open connections to the database."; default = 0; type = types.int; }; conn_max_lifetime = mkOption { - description = lib.mdDoc '' + description = '' Sets the maximum amount of time a connection may be reused. The default is 14400 (which means 14400 seconds or 4 hours). For MySQL, this setting should be shorter than the `wait_timeout` variable. @@ -580,7 +580,7 @@ in }; locking_attempt_timeout_sec = mkOption { - description = lib.mdDoc '' + description = '' For `mysql`, if the `migrationLocking` feature toggle is set, specify the time (in seconds) to wait before failing to lock the database for the migrations. ''; @@ -589,13 +589,13 @@ in }; log_queries = mkOption { - description = lib.mdDoc "Set to `true` to log the sql calls and execution times"; + description = "Set to `true` to log the sql calls and execution times"; default = false; type = types.bool; }; ssl_mode = mkOption { - description = lib.mdDoc '' + description = '' For Postgres, use either `disable`, `require` or `verify-full`. For MySQL, use either `true`, `false`, or `skip-verify`. ''; @@ -604,7 +604,7 @@ in }; isolation_level = mkOption { - description = lib.mdDoc '' + description = '' Only the MySQL driver supports isolation levels in Grafana. In case the value is empty, the driver's default isolation level is applied. ''; @@ -613,25 +613,25 @@ in }; ca_cert_path = mkOption { - description = lib.mdDoc "The path to the CA certificate to use."; + description = "The path to the CA certificate to use."; default = null; type = types.nullOr types.str; }; client_key_path = mkOption { - description = lib.mdDoc "The path to the client key. Only if server requires client authentication."; + description = "The path to the client key. Only if server requires client authentication."; default = null; type = types.nullOr types.str; }; client_cert_path = mkOption { - description = lib.mdDoc "The path to the client cert. Only if server requires client authentication."; + description = "The path to the client cert. Only if server requires client authentication."; default = null; type = types.nullOr types.str; }; server_cert_name = mkOption { - description = lib.mdDoc '' + description = '' The common name field of the certificate used by the `mysql` or `postgres` server. Not necessary if `ssl_mode` is set to `skip-verify`. ''; @@ -640,14 +640,14 @@ in }; path = mkOption { - description = lib.mdDoc "Only applicable to `sqlite3` database. The file path where the database will be stored."; + description = "Only applicable to `sqlite3` database. The file path where the database will be stored."; default = "${cfg.dataDir}/data/grafana.db"; defaultText = literalExpression ''"''${config.${opt.dataDir}}/data/grafana.db"''; type = types.path; }; cache_mode = mkOption { - description = lib.mdDoc '' + description = '' For `sqlite3` only. [Shared cache](https://www.sqlite.org/sharedcache.html) setting used for connecting to the database. ''; @@ -656,7 +656,7 @@ in }; wal = mkOption { - description = lib.mdDoc '' + description = '' For `sqlite3` only. Setting to enable/disable [Write-Ahead Logging](https://sqlite.org/wal.html). ''; @@ -665,7 +665,7 @@ in }; query_retries = mkOption { - description = lib.mdDoc '' + description = '' This setting applies to `sqlite3` only and controls the number of times the system retries a query when the database is locked. ''; default = 0; @@ -673,7 +673,7 @@ in }; transaction_retries = mkOption { - description = lib.mdDoc '' + description = '' This setting applies to `sqlite3` only and controls the number of times the system retries a transaction when the database is locked. ''; default = 5; @@ -682,7 +682,7 @@ in # TODO Add "instrument_queries" option when upgrading to grafana 10.0 # instrument_queries = mkOption { - # description = lib.mdDoc "Set to `true` to add metrics and tracing for database queries."; + # description = "Set to `true` to add metrics and tracing for database queries."; # default = false; # type = types.bool; # }; @@ -690,19 +690,19 @@ in security = { disable_initial_admin_creation = mkOption { - description = lib.mdDoc "Disable creation of admin user on first start of Grafana."; + description = "Disable creation of admin user on first start of Grafana."; default = false; type = types.bool; }; admin_user = mkOption { - description = lib.mdDoc "Default admin username."; + description = "Default admin username."; default = "admin"; type = types.str; }; admin_password = mkOption { - description = lib.mdDoc '' + description = '' Default admin password. Please note that the contents of this option will end up in a world-readable Nix store. Use the file provider pointing at a reasonably secured file in the local filesystem @@ -714,13 +714,13 @@ in }; admin_email = mkOption { - description = lib.mdDoc "The email of the default Grafana Admin, created on startup."; + description = "The email of the default Grafana Admin, created on startup."; default = "admin@localhost"; type = types.str; }; secret_key = mkOption { - description = lib.mdDoc '' + description = '' Secret key used for signing. Please note that the contents of this option will end up in a world-readable Nix store. Use the file provider pointing at a reasonably secured file in the local filesystem @@ -732,13 +732,13 @@ in }; disable_gravatar = mkOption { - description = lib.mdDoc "Set to `true` to disable the use of Gravatar for user profile images."; + description = "Set to `true` to disable the use of Gravatar for user profile images."; default = false; type = types.bool; }; data_source_proxy_whitelist = mkOption { - description = lib.mdDoc '' + description = '' Define a whitelist of allowed IP addresses or domains, with ports, to be used in data source URLs with the Grafana data source proxy. Format: `ip_or_domain:port` separated by spaces. @@ -749,19 +749,19 @@ in }; disable_brute_force_login_protection = mkOption { - description = lib.mdDoc "Set to `true` to disable [brute force login protection](https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html#account-lockout)."; + description = "Set to `true` to disable [brute force login protection](https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html#account-lockout)."; default = false; type = types.bool; }; cookie_secure = mkOption { - description = lib.mdDoc "Set to `true` if you host Grafana behind HTTPS."; + description = "Set to `true` if you host Grafana behind HTTPS."; default = false; type = types.bool; }; cookie_samesite = mkOption { - description = lib.mdDoc '' + description = '' Sets the `SameSite` cookie attribute and prevents the browser from sending this cookie along with cross-site requests. The main goal is to mitigate the risk of cross-origin information leakage. This setting also provides some protection against cross-site request forgery attacks (CSRF), @@ -773,7 +773,7 @@ in }; allow_embedding = mkOption { - description = lib.mdDoc '' + description = '' When `false`, the HTTP header `X-Frame-Options: deny` will be set in Grafana HTTP responses which will instruct browsers to not allow rendering Grafana in a `<frame>`, `<iframe>`, `<embed>` or `<object>`. The main goal is to mitigate the risk of [Clickjacking](https://owasp.org/www-community/attacks/Clickjacking). @@ -783,7 +783,7 @@ in }; strict_transport_security = mkOption { - description = lib.mdDoc '' + description = '' Set to `true` if you want to enable HTTP `Strict-Transport-Security` (HSTS) response header. Only use this when HTTPS is enabled in your configuration, or when there is another upstream system that ensures your application does HTTPS (like a frontend load balancer). @@ -794,7 +794,7 @@ in }; strict_transport_security_max_age_seconds = mkOption { - description = lib.mdDoc '' + description = '' Sets how long a browser should cache HSTS in seconds. Only applied if `strict_transport_security` is enabled. ''; @@ -803,7 +803,7 @@ in }; strict_transport_security_preload = mkOption { - description = lib.mdDoc '' + description = '' Set to `true` to enable HSTS `preloading` option. Only applied if `strict_transport_security` is enabled. ''; @@ -812,7 +812,7 @@ in }; strict_transport_security_subdomains = mkOption { - description = lib.mdDoc '' + description = '' Set to `true` to enable HSTS `includeSubDomains` option. Only applied if `strict_transport_security` is enabled. ''; @@ -821,7 +821,7 @@ in }; x_content_type_options = mkOption { - description = lib.mdDoc '' + description = '' Set to `false` to disable the `X-Content-Type-Options` response header. The `X-Content-Type-Options` response HTTP header is a marker used by the server to indicate that the MIME types advertised in the `Content-Type` headers should not be changed and be followed. @@ -831,7 +831,7 @@ in }; x_xss_protection = mkOption { - description = lib.mdDoc '' + description = '' Set to `false` to disable the `X-XSS-Protection` header, which tells browsers to stop pages from loading when they detect reflected cross-site scripting (XSS) attacks. ''; @@ -840,7 +840,7 @@ in }; content_security_policy = mkOption { - description = lib.mdDoc '' + description = '' Set to `true` to add the `Content-Security-Policy` header to your requests. CSP allows to control resources that the user agent can load and helps prevent XSS attacks. ''; @@ -849,7 +849,7 @@ in }; content_security_policy_report_only = mkOption { - description = lib.mdDoc '' + description = '' Set to `true` to add the `Content-Security-Policy-Report-Only` header to your requests. CSP in Report Only mode enables you to experiment with policies by monitoring their effects without enforcing them. You can enable both policies simultaneously. @@ -868,7 +868,7 @@ in # https://github.com/grafana/grafana/blob/916d9793aa81c2990640b55a15dee0db6b525e41/pkg/middleware/csrf/csrf.go#L37-L38 csrf_trusted_origins = mkOption { - description = lib.mdDoc '' + description = '' List of additional allowed URLs to pass by the CSRF check. Suggested when authentication comes from an IdP. ''; @@ -877,7 +877,7 @@ in }; csrf_additional_headers = mkOption { - description = lib.mdDoc '' + description = '' List of allowed headers to be set by the user. Suggested to use for if authentication lives behind reverse proxies. ''; @@ -888,25 +888,25 @@ in smtp = { enabled = mkOption { - description = lib.mdDoc "Whether to enable SMTP."; + description = "Whether to enable SMTP."; default = false; type = types.bool; }; host = mkOption { - description = lib.mdDoc "Host to connect to."; + description = "Host to connect to."; default = "localhost:25"; type = types.str; }; user = mkOption { - description = lib.mdDoc "User used for authentication."; + description = "User used for authentication."; default = null; type = types.nullOr types.str; }; password = mkOption { - description = lib.mdDoc '' + description = '' Password used for authentication. Please note that the contents of this option will end up in a world-readable Nix store. Use the file provider pointing at a reasonably secured file in the local filesystem @@ -918,43 +918,43 @@ in }; cert_file = mkOption { - description = lib.mdDoc "File path to a cert file."; + description = "File path to a cert file."; default = null; type = types.nullOr types.str; }; key_file = mkOption { - description = lib.mdDoc "File path to a key file."; + description = "File path to a key file."; default = null; type = types.nullOr types.str; }; skip_verify = mkOption { - description = lib.mdDoc "Verify SSL for SMTP server."; + description = "Verify SSL for SMTP server."; default = false; type = types.bool; }; from_address = mkOption { - description = lib.mdDoc "Address used when sending out emails."; + description = "Address used when sending out emails."; default = "admin@grafana.localhost"; type = types.str; }; from_name = mkOption { - description = lib.mdDoc "Name to be used as client identity for EHLO in SMTP dialog."; + description = "Name to be used as client identity for EHLO in SMTP dialog."; default = "Grafana"; type = types.str; }; ehlo_identity = mkOption { - description = lib.mdDoc "Name to be used as client identity for EHLO in SMTP dialog."; + description = "Name to be used as client identity for EHLO in SMTP dialog."; default = null; type = types.nullOr types.str; }; startTLS_policy = mkOption { - description = lib.mdDoc "StartTLS policy when connecting to server."; + description = "StartTLS policy when connecting to server."; default = null; type = types.nullOr (types.enum [ "OpportunisticStartTLS" "MandatoryStartTLS" "NoStartTLS" ]); }; @@ -962,7 +962,7 @@ in users = { allow_sign_up = mkOption { - description = lib.mdDoc '' + description = '' Set to false to prohibit users from being able to sign up / create user accounts. The admin user can still create users. ''; @@ -971,13 +971,13 @@ in }; allow_org_create = mkOption { - description = lib.mdDoc "Set to `false` to prohibit users from creating new organizations."; + description = "Set to `false` to prohibit users from creating new organizations."; default = false; type = types.bool; }; auto_assign_org = mkOption { - description = lib.mdDoc '' + description = '' Set to `true` to automatically add new users to the main organization (id 1). When set to `false,` new users automatically cause a new organization to be created for that new user. The organization will be created even if the `allow_org_create` setting is set to `false`. @@ -987,7 +987,7 @@ in }; auto_assign_org_id = mkOption { - description = lib.mdDoc '' + description = '' Set this value to automatically add new users to the provided org. This requires `auto_assign_org` to be set to `true`. Please make sure that this organization already exists. @@ -997,7 +997,7 @@ in }; auto_assign_org_role = mkOption { - description = lib.mdDoc '' + description = '' The role new users will be assigned for the main organization (if the `auto_assign_org` setting is set to `true`). ''; default = "Viewer"; @@ -1005,37 +1005,37 @@ in }; verify_email_enabled = mkOption { - description = lib.mdDoc "Require email validation before sign up completes."; + description = "Require email validation before sign up completes."; default = false; type = types.bool; }; login_hint = mkOption { - description = lib.mdDoc "Text used as placeholder text on login page for login/username input."; + description = "Text used as placeholder text on login page for login/username input."; default = "email or username"; type = types.str; }; password_hint = mkOption { - description = lib.mdDoc "Text used as placeholder text on login page for password input."; + description = "Text used as placeholder text on login page for password input."; default = "password"; type = types.str; }; default_theme = mkOption { - description = lib.mdDoc "Sets the default UI theme. `system` matches the user's system theme."; + description = "Sets the default UI theme. `system` matches the user's system theme."; default = "dark"; type = types.enum [ "dark" "light" "system" ]; }; default_language = mkOption { - description = lib.mdDoc "This setting configures the default UI language, which must be a supported IETF language tag, such as `en-US`."; + description = "This setting configures the default UI language, which must be a supported IETF language tag, such as `en-US`."; default = "en-US"; type = types.str; }; home_page = mkOption { - description = lib.mdDoc '' + description = '' Path to a custom home page. Users are only redirected to this if the default home dashboard is used. It should match a frontend route and contain a leading slash. @@ -1045,7 +1045,7 @@ in }; viewers_can_edit = mkOption { - description = lib.mdDoc '' + description = '' Viewers can access and use Explore and perform temporary edits on panels in dashboards they have access to. They cannot save their changes. ''; @@ -1054,13 +1054,13 @@ in }; editors_can_admin = mkOption { - description = lib.mdDoc "Editors can administrate dashboards, folders and teams they create."; + description = "Editors can administrate dashboards, folders and teams they create."; default = false; type = types.bool; }; user_invite_max_lifetime_duration = mkOption { - description = lib.mdDoc '' + description = '' The duration in time a user invitation remains valid before expiring. This setting should be expressed as a duration. Examples: `6h` (hours), `2d` (days), `1w` (week). @@ -1073,7 +1073,7 @@ in # Lists are joined via space, so this option can't be a list. # Users have to manually join their values. hidden_users = mkOption { - description = lib.mdDoc '' + description = '' This is a comma-separated list of usernames. Users specified here are hidden in the Grafana UI. They are still visible to Grafana administrators and to themselves. @@ -1085,7 +1085,7 @@ in analytics = { reporting_enabled = mkOption { - description = lib.mdDoc '' + description = '' When enabled Grafana will send anonymous usage statistics to `stats.grafana.org`. No IP addresses are being tracked, only simple counters to track running instances, versions, dashboard and error counts. Counters are sent every 24 hours. @@ -1095,7 +1095,7 @@ in }; check_for_updates = mkOption { - description = lib.mdDoc '' + description = '' When set to `false`, disables checking for new versions of Grafana from Grafana's GitHub repository. When enabled, the check for a new version runs every 10 minutes. It will notify, via the UI, when a new version is available. @@ -1106,7 +1106,7 @@ in }; check_for_plugin_updates = mkOption { - description = lib.mdDoc '' + description = '' When set to `false`, disables checking for new versions of installed plugins from https://grafana.com. When enabled, the check for a new plugin runs every 10 minutes. It will notify, via the UI, when a new plugin update exists. @@ -1118,7 +1118,7 @@ in }; feedback_links_enabled = mkOption { - description = lib.mdDoc "Set to `false` to remove all feedback links from the UI."; + description = "Set to `false` to remove all feedback links from the UI."; default = true; type = types.bool; }; @@ -1128,16 +1128,16 @@ in }; provision = { - enable = mkEnableOption (lib.mdDoc "provision"); + enable = mkEnableOption "provision"; datasources = mkOption { - description = lib.mdDoc '' + description = '' Declaratively provision Grafana's datasources. ''; default = { }; type = types.submodule { options.settings = mkOption { - description = lib.mdDoc '' + description = '' Grafana datasource configuration in Nix. Can't be used with [](#opt-services.grafana.provision.datasources.path) simultaneously. See <https://grafana.com/docs/grafana/latest/administration/provisioning/#data-sources> @@ -1147,28 +1147,28 @@ in type = types.nullOr (types.submodule { options = { apiVersion = mkOption { - description = lib.mdDoc "Config file version."; + description = "Config file version."; default = 1; type = types.int; }; datasources = mkOption { - description = lib.mdDoc "List of datasources to insert/update."; + description = "List of datasources to insert/update."; default = [ ]; type = types.listOf grafanaTypes.datasourceConfig; }; deleteDatasources = mkOption { - description = lib.mdDoc "List of datasources that should be deleted from the database."; + description = "List of datasources that should be deleted from the database."; default = [ ]; type = types.listOf (types.submodule { options.name = mkOption { - description = lib.mdDoc "Name of the datasource to delete."; + description = "Name of the datasource to delete."; type = types.str; }; options.orgId = mkOption { - description = lib.mdDoc "Organization ID of the datasource to delete."; + description = "Organization ID of the datasource to delete."; type = types.int; }; }); @@ -1193,7 +1193,7 @@ in }; options.path = mkOption { - description = lib.mdDoc '' + description = '' Path to YAML datasource configuration. Can't be used with [](#opt-services.grafana.provision.datasources.settings) simultaneously. Can be either a directory or a single YAML file. Will end up in the store. @@ -1206,13 +1206,13 @@ in dashboards = mkOption { - description = lib.mdDoc '' + description = '' Declaratively provision Grafana's dashboards. ''; default = { }; type = types.submodule { options.settings = mkOption { - description = lib.mdDoc '' + description = '' Grafana dashboard configuration in Nix. Can't be used with [](#opt-services.grafana.provision.dashboards.path) simultaneously. See <https://grafana.com/docs/grafana/latest/administration/provisioning/#dashboards> @@ -1221,13 +1221,13 @@ in default = null; type = types.nullOr (types.submodule { options.apiVersion = mkOption { - description = lib.mdDoc "Config file version."; + description = "Config file version."; default = 1; type = types.int; }; options.providers = mkOption { - description = lib.mdDoc "List of dashboards to insert/update."; + description = "List of dashboards to insert/update."; default = [ ]; type = types.listOf grafanaTypes.dashboardConfig; }; @@ -1245,7 +1245,7 @@ in }; options.path = mkOption { - description = lib.mdDoc '' + description = '' Path to YAML dashboard configuration. Can't be used with [](#opt-services.grafana.provision.dashboards.settings) simultaneously. Can be either a directory or a single YAML file. Will end up in the store. @@ -1258,7 +1258,7 @@ in notifiers = mkOption { - description = lib.mdDoc "Grafana notifier configuration."; + description = "Grafana notifier configuration."; default = [ ]; type = types.listOf grafanaTypes.notifierConfig; apply = x: map _filter x; @@ -1268,7 +1268,7 @@ in alerting = { rules = { path = mkOption { - description = lib.mdDoc '' + description = '' Path to YAML rules configuration. Can't be used with [](#opt-services.grafana.provision.alerting.rules.settings) simultaneously. Can be either a directory or a single YAML file. Will end up in the store. @@ -1278,7 +1278,7 @@ in }; settings = mkOption { - description = lib.mdDoc '' + description = '' Grafana rules configuration in Nix. Can't be used with [](#opt-services.grafana.provision.alerting.rules.path) simultaneously. See <https://grafana.com/docs/grafana/latest/administration/provisioning/#rules> @@ -1288,46 +1288,46 @@ in type = types.nullOr (types.submodule { options = { apiVersion = mkOption { - description = lib.mdDoc "Config file version."; + description = "Config file version."; default = 1; type = types.int; }; groups = mkOption { - description = lib.mdDoc "List of rule groups to import or update."; + description = "List of rule groups to import or update."; default = [ ]; type = types.listOf (types.submodule { freeformType = provisioningSettingsFormat.type; options.name = mkOption { - description = lib.mdDoc "Name of the rule group. Required."; + description = "Name of the rule group. Required."; type = types.str; }; options.folder = mkOption { - description = lib.mdDoc "Name of the folder the rule group will be stored in. Required."; + description = "Name of the folder the rule group will be stored in. Required."; type = types.str; }; options.interval = mkOption { - description = lib.mdDoc "Interval that the rule group should be evaluated at. Required."; + description = "Interval that the rule group should be evaluated at. Required."; type = types.str; }; }); }; deleteRules = mkOption { - description = lib.mdDoc "List of alert rule UIDs that should be deleted."; + description = "List of alert rule UIDs that should be deleted."; default = [ ]; type = types.listOf (types.submodule { options.orgId = mkOption { - description = lib.mdDoc "Organization ID, default = 1"; + description = "Organization ID, default = 1"; default = 1; type = types.int; }; options.uid = mkOption { - description = lib.mdDoc "Unique identifier for the rule. Required."; + description = "Unique identifier for the rule. Required."; type = types.str; }; }); @@ -1392,7 +1392,7 @@ in contactPoints = { path = mkOption { - description = lib.mdDoc '' + description = '' Path to YAML contact points configuration. Can't be used with [](#opt-services.grafana.provision.alerting.contactPoints.settings) simultaneously. Can be either a directory or a single YAML file. Will end up in the store. @@ -1402,7 +1402,7 @@ in }; settings = mkOption { - description = lib.mdDoc '' + description = '' Grafana contact points configuration in Nix. Can't be used with [](#opt-services.grafana.provision.alerting.contactPoints.path) simultaneously. See <https://grafana.com/docs/grafana/latest/administration/provisioning/#contact-points> @@ -1412,36 +1412,36 @@ in type = types.nullOr (types.submodule { options = { apiVersion = mkOption { - description = lib.mdDoc "Config file version."; + description = "Config file version."; default = 1; type = types.int; }; contactPoints = mkOption { - description = lib.mdDoc "List of contact points to import or update."; + description = "List of contact points to import or update."; default = [ ]; type = types.listOf (types.submodule { freeformType = provisioningSettingsFormat.type; options.name = mkOption { - description = lib.mdDoc "Name of the contact point. Required."; + description = "Name of the contact point. Required."; type = types.str; }; }); }; deleteContactPoints = mkOption { - description = lib.mdDoc "List of receivers that should be deleted."; + description = "List of receivers that should be deleted."; default = [ ]; type = types.listOf (types.submodule { options.orgId = mkOption { - description = lib.mdDoc "Organization ID, default = 1."; + description = "Organization ID, default = 1."; default = 1; type = types.int; }; options.uid = mkOption { - description = lib.mdDoc "Unique identifier for the receiver. Required."; + description = "Unique identifier for the receiver. Required."; type = types.str; }; }); @@ -1473,7 +1473,7 @@ in policies = { path = mkOption { - description = lib.mdDoc '' + description = '' Path to YAML notification policies configuration. Can't be used with [](#opt-services.grafana.provision.alerting.policies.settings) simultaneously. Can be either a directory or a single YAML file. Will end up in the store. @@ -1483,7 +1483,7 @@ in }; settings = mkOption { - description = lib.mdDoc '' + description = '' Grafana notification policies configuration in Nix. Can't be used with [](#opt-services.grafana.provision.alerting.policies.path) simultaneously. See <https://grafana.com/docs/grafana/latest/administration/provisioning/#notification-policies> @@ -1493,13 +1493,13 @@ in type = types.nullOr (types.submodule { options = { apiVersion = mkOption { - description = lib.mdDoc "Config file version."; + description = "Config file version."; default = 1; type = types.int; }; policies = mkOption { - description = lib.mdDoc "List of contact points to import or update."; + description = "List of contact points to import or update."; default = [ ]; type = types.listOf (types.submodule { freeformType = provisioningSettingsFormat.type; @@ -1507,7 +1507,7 @@ in }; resetPolicies = mkOption { - description = lib.mdDoc "List of orgIds that should be reset to the default policy."; + description = "List of orgIds that should be reset to the default policy."; default = [ ]; type = types.listOf types.int; }; @@ -1543,7 +1543,7 @@ in templates = { path = mkOption { - description = lib.mdDoc '' + description = '' Path to YAML templates configuration. Can't be used with [](#opt-services.grafana.provision.alerting.templates.settings) simultaneously. Can be either a directory or a single YAML file. Will end up in the store. @@ -1553,7 +1553,7 @@ in }; settings = mkOption { - description = lib.mdDoc '' + description = '' Grafana templates configuration in Nix. Can't be used with [](#opt-services.grafana.provision.alerting.templates.path) simultaneously. See <https://grafana.com/docs/grafana/latest/administration/provisioning/#templates> @@ -1563,41 +1563,41 @@ in type = types.nullOr (types.submodule { options = { apiVersion = mkOption { - description = lib.mdDoc "Config file version."; + description = "Config file version."; default = 1; type = types.int; }; templates = mkOption { - description = lib.mdDoc "List of templates to import or update."; + description = "List of templates to import or update."; default = [ ]; type = types.listOf (types.submodule { freeformType = provisioningSettingsFormat.type; options.name = mkOption { - description = lib.mdDoc "Name of the template, must be unique. Required."; + description = "Name of the template, must be unique. Required."; type = types.str; }; options.template = mkOption { - description = lib.mdDoc "Alerting with a custom text template"; + description = "Alerting with a custom text template"; type = types.str; }; }); }; deleteTemplates = mkOption { - description = lib.mdDoc "List of alert rule UIDs that should be deleted."; + description = "List of alert rule UIDs that should be deleted."; default = [ ]; type = types.listOf (types.submodule { options.orgId = mkOption { - description = lib.mdDoc "Organization ID, default = 1."; + description = "Organization ID, default = 1."; default = 1; type = types.int; }; options.name = mkOption { - description = lib.mdDoc "Name of the template, must be unique. Required."; + description = "Name of the template, must be unique. Required."; type = types.str; }; }); @@ -1625,7 +1625,7 @@ in muteTimings = { path = mkOption { - description = lib.mdDoc '' + description = '' Path to YAML mute timings configuration. Can't be used with [](#opt-services.grafana.provision.alerting.muteTimings.settings) simultaneously. Can be either a directory or a single YAML file. Will end up in the store. @@ -1635,7 +1635,7 @@ in }; settings = mkOption { - description = lib.mdDoc '' + description = '' Grafana mute timings configuration in Nix. Can't be used with [](#opt-services.grafana.provision.alerting.muteTimings.path) simultaneously. See <https://grafana.com/docs/grafana/latest/administration/provisioning/#mute-timings> @@ -1645,36 +1645,36 @@ in type = types.nullOr (types.submodule { options = { apiVersion = mkOption { - description = lib.mdDoc "Config file version."; + description = "Config file version."; default = 1; type = types.int; }; muteTimes = mkOption { - description = lib.mdDoc "List of mute time intervals to import or update."; + description = "List of mute time intervals to import or update."; default = [ ]; type = types.listOf (types.submodule { freeformType = provisioningSettingsFormat.type; options.name = mkOption { - description = lib.mdDoc "Name of the mute time interval, must be unique. Required."; + description = "Name of the mute time interval, must be unique. Required."; type = types.str; }; }); }; deleteMuteTimes = mkOption { - description = lib.mdDoc "List of mute time intervals that should be deleted."; + description = "List of mute time intervals that should be deleted."; default = [ ]; type = types.listOf (types.submodule { options.orgId = mkOption { - description = lib.mdDoc "Organization ID, default = 1."; + description = "Organization ID, default = 1."; default = 1; type = types.int; }; options.name = mkOption { - description = lib.mdDoc "Name of the mute time interval, must be unique. Required."; + description = "Name of the mute time interval, must be unique. Required."; type = types.str; }; }); diff --git a/nixpkgs/nixos/modules/services/monitoring/graphite.nix b/nixpkgs/nixos/modules/services/monitoring/graphite.nix index cc3d70976204..3a8f41f32078 100644 --- a/nixpkgs/nixos/modules/services/monitoring/graphite.nix +++ b/nixpkgs/nixos/modules/services/monitoring/graphite.nix @@ -73,26 +73,26 @@ in { dataDir = mkOption { type = types.path; default = "/var/db/graphite"; - description = lib.mdDoc '' + description = '' Data directory for graphite. ''; }; web = { enable = mkOption { - description = lib.mdDoc "Whether to enable graphite web frontend."; + description = "Whether to enable graphite web frontend."; default = false; type = types.bool; }; listenAddress = mkOption { - description = lib.mdDoc "Graphite web frontend listen address."; + description = "Graphite web frontend listen address."; default = "127.0.0.1"; type = types.str; }; port = mkOption { - description = lib.mdDoc "Graphite web frontend port."; + description = "Graphite web frontend port."; default = 8080; type = types.port; }; @@ -100,7 +100,7 @@ in { extraConfig = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Graphite webapp settings. See: <https://graphite.readthedocs.io/en/latest/config-local-settings.html> ''; @@ -109,7 +109,7 @@ in { carbon = { config = mkOption { - description = lib.mdDoc "Content of carbon configuration file."; + description = "Content of carbon configuration file."; default = '' [cache] # Listen on localhost by default for security reasons @@ -125,13 +125,13 @@ in { }; enableCache = mkOption { - description = lib.mdDoc "Whether to enable carbon cache, the graphite storage daemon."; + description = "Whether to enable carbon cache, the graphite storage daemon."; default = false; type = types.bool; }; storageAggregation = mkOption { - description = lib.mdDoc "Defines how to aggregate data to lower-precision retentions."; + description = "Defines how to aggregate data to lower-precision retentions."; default = null; type = types.nullOr types.str; example = '' @@ -143,7 +143,7 @@ in { }; storageSchemas = mkOption { - description = lib.mdDoc "Defines retention rates for storing metrics."; + description = "Defines retention rates for storing metrics."; default = ""; type = types.nullOr types.str; example = '' @@ -154,21 +154,21 @@ in { }; blacklist = mkOption { - description = lib.mdDoc "Any metrics received which match one of the expressions will be dropped."; + description = "Any metrics received which match one of the expressions will be dropped."; default = null; type = types.nullOr types.str; example = "^some\\.noisy\\.metric\\.prefix\\..*"; }; whitelist = mkOption { - description = lib.mdDoc "Only metrics received which match one of the expressions will be persisted."; + description = "Only metrics received which match one of the expressions will be persisted."; default = null; type = types.nullOr types.str; example = ".*"; }; rewriteRules = mkOption { - description = lib.mdDoc '' + description = '' Regular expression patterns that can be used to rewrite metric names in a search and replace fashion. ''; @@ -182,13 +182,13 @@ in { }; enableRelay = mkOption { - description = lib.mdDoc "Whether to enable carbon relay, the carbon replication and sharding service."; + description = "Whether to enable carbon relay, the carbon replication and sharding service."; default = false; type = types.bool; }; relayRules = mkOption { - description = lib.mdDoc "Relay rules are used to send certain metrics to a certain backend."; + description = "Relay rules are used to send certain metrics to a certain backend."; default = null; type = types.nullOr types.str; example = '' @@ -199,13 +199,13 @@ in { }; enableAggregator = mkOption { - description = lib.mdDoc "Whether to enable carbon aggregator, the carbon buffering service."; + description = "Whether to enable carbon aggregator, the carbon buffering service."; default = false; type = types.bool; }; aggregationRules = mkOption { - description = lib.mdDoc "Defines if and how received metrics will be aggregated."; + description = "Defines if and how received metrics will be aggregated."; default = null; type = types.nullOr types.str; example = '' @@ -217,13 +217,13 @@ in { seyren = { enable = mkOption { - description = lib.mdDoc "Whether to enable seyren service."; + description = "Whether to enable seyren service."; default = false; type = types.bool; }; port = mkOption { - description = lib.mdDoc "Seyren listening port."; + description = "Seyren listening port."; default = 8081; type = types.port; }; @@ -231,27 +231,27 @@ in { seyrenUrl = mkOption { default = "http://localhost:${toString cfg.seyren.port}/"; defaultText = literalExpression ''"http://localhost:''${toString config.${opt.seyren.port}}/"''; - description = lib.mdDoc "Host where seyren is accessible."; + description = "Host where seyren is accessible."; type = types.str; }; graphiteUrl = mkOption { default = "http://${cfg.web.listenAddress}:${toString cfg.web.port}"; defaultText = literalExpression ''"http://''${config.${opt.web.listenAddress}}:''${toString config.${opt.web.port}}"''; - description = lib.mdDoc "Host where graphite service runs."; + description = "Host where graphite service runs."; type = types.str; }; mongoUrl = mkOption { default = "mongodb://${config.services.mongodb.bind_ip}:27017/seyren"; defaultText = literalExpression ''"mongodb://''${config.services.mongodb.bind_ip}:27017/seyren"''; - description = lib.mdDoc "Mongodb connection string."; + description = "Mongodb connection string."; type = types.str; }; extraConfig = mkOption { default = {}; - description = lib.mdDoc '' + description = '' Extra seyren configuration. See <https://github.com/scobal/seyren#config> ''; diff --git a/nixpkgs/nixos/modules/services/monitoring/hdaps.nix b/nixpkgs/nixos/modules/services/monitoring/hdaps.nix index 59b8b9b3c054..366367ef835c 100644 --- a/nixpkgs/nixos/modules/services/monitoring/hdaps.nix +++ b/nixpkgs/nixos/modules/services/monitoring/hdaps.nix @@ -8,11 +8,10 @@ let in { options = { - services.hdapsd.enable = mkEnableOption - (lib.mdDoc '' + services.hdapsd.enable = mkEnableOption '' Hard Drive Active Protection System Daemon, devices are detected and managed automatically by udev and systemd - ''); + ''; }; config = mkIf cfg.enable { diff --git a/nixpkgs/nixos/modules/services/monitoring/heapster.nix b/nixpkgs/nixos/modules/services/monitoring/heapster.nix index 9f9c24949fc9..b8ba3632caca 100644 --- a/nixpkgs/nixos/modules/services/monitoring/heapster.nix +++ b/nixpkgs/nixos/modules/services/monitoring/heapster.nix @@ -6,22 +6,22 @@ let cfg = config.services.heapster; in { options.services.heapster = { - enable = mkEnableOption (lib.mdDoc "Heapster monitoring"); + enable = mkEnableOption "Heapster monitoring"; source = mkOption { - description = lib.mdDoc "Heapster metric source"; + description = "Heapster metric source"; example = "kubernetes:https://kubernetes.default"; type = types.str; }; sink = mkOption { - description = lib.mdDoc "Heapster metic sink"; + description = "Heapster metic sink"; example = "influxdb:http://localhost:8086"; type = types.str; }; extraOpts = mkOption { - description = lib.mdDoc "Heapster extra options"; + description = "Heapster extra options"; default = ""; type = types.separatedString " "; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/incron.nix b/nixpkgs/nixos/modules/services/monitoring/incron.nix index 3766f1fa238d..58b07bf97f1d 100644 --- a/nixpkgs/nixos/modules/services/monitoring/incron.nix +++ b/nixpkgs/nixos/modules/services/monitoring/incron.nix @@ -17,7 +17,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the incron daemon. Note that commands run under incrontab only support common Nix profiles for the {env}`PATH` provided variable. @@ -27,7 +27,7 @@ in allow = mkOption { type = types.nullOr (types.listOf types.str); default = null; - description = lib.mdDoc '' + description = '' Users allowed to use incrontab. If empty then no user will be allowed to have their own incrontab. @@ -40,13 +40,13 @@ in deny = mkOption { type = types.nullOr (types.listOf types.str); default = null; - description = lib.mdDoc "Users forbidden from using incrontab."; + description = "Users forbidden from using incrontab."; }; systab = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "The system incrontab contents."; + description = "The system incrontab contents."; example = '' /var/mail IN_CLOSE_WRITE abc $@/$# /tmp IN_ALL_EVENTS efg $@/$# $& @@ -57,7 +57,7 @@ in type = types.listOf types.package; default = []; example = literalExpression "[ pkgs.rsync ]"; - description = lib.mdDoc "Extra packages available to the system incrontab."; + description = "Extra packages available to the system incrontab."; }; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/kapacitor.nix b/nixpkgs/nixos/modules/services/monitoring/kapacitor.nix index c90878656899..01919e73f734 100644 --- a/nixpkgs/nixos/modules/services/monitoring/kapacitor.nix +++ b/nixpkgs/nixos/modules/services/monitoring/kapacitor.nix @@ -57,29 +57,29 @@ let in { options.services.kapacitor = { - enable = mkEnableOption (lib.mdDoc "kapacitor"); + enable = mkEnableOption "kapacitor"; dataDir = mkOption { type = types.path; default = "/var/lib/kapacitor"; - description = lib.mdDoc "Location where Kapacitor stores its state"; + description = "Location where Kapacitor stores its state"; }; port = mkOption { type = types.port; default = 9092; - description = lib.mdDoc "Port of Kapacitor"; + description = "Port of Kapacitor"; }; bind = mkOption { type = types.str; default = ""; example = "0.0.0.0"; - description = lib.mdDoc "Address to bind to. The default is to bind to all addresses"; + description = "Address to bind to. The default is to bind to all addresses"; }; extraConfig = mkOption { - description = lib.mdDoc "These lines go into kapacitord.conf verbatim."; + description = "These lines go into kapacitord.conf verbatim."; default = ""; type = types.lines; }; @@ -87,70 +87,70 @@ in user = mkOption { type = types.str; default = "kapacitor"; - description = lib.mdDoc "User account under which Kapacitor runs"; + description = "User account under which Kapacitor runs"; }; group = mkOption { type = types.str; default = "kapacitor"; - description = lib.mdDoc "Group under which Kapacitor runs"; + description = "Group under which Kapacitor runs"; }; taskSnapshotInterval = mkOption { type = types.str; - description = lib.mdDoc "Specifies how often to snapshot the task state (in InfluxDB time units)"; + description = "Specifies how often to snapshot the task state (in InfluxDB time units)"; default = "1m0s"; }; loadDirectory = mkOption { type = types.nullOr types.path; - description = lib.mdDoc "Directory where to load services from, such as tasks, templates and handlers (or null to disable service loading on startup)"; + description = "Directory where to load services from, such as tasks, templates and handlers (or null to disable service loading on startup)"; default = null; }; defaultDatabase = { - enable = mkEnableOption (lib.mdDoc "kapacitor.defaultDatabase"); + enable = mkEnableOption "kapacitor.defaultDatabase"; url = mkOption { - description = lib.mdDoc "The URL to an InfluxDB server that serves as the default database"; + description = "The URL to an InfluxDB server that serves as the default database"; example = "http://localhost:8086"; type = types.str; }; username = mkOption { - description = lib.mdDoc "The username to connect to the remote InfluxDB server"; + description = "The username to connect to the remote InfluxDB server"; type = types.str; }; password = mkOption { - description = lib.mdDoc "The password to connect to the remote InfluxDB server"; + description = "The password to connect to the remote InfluxDB server"; type = types.str; }; }; alerta = { - enable = mkEnableOption (lib.mdDoc "kapacitor alerta integration"); + enable = mkEnableOption "kapacitor alerta integration"; url = mkOption { - description = lib.mdDoc "The URL to the Alerta REST API"; + description = "The URL to the Alerta REST API"; default = "http://localhost:5000"; type = types.str; }; token = mkOption { - description = lib.mdDoc "Default Alerta authentication token"; + description = "Default Alerta authentication token"; type = types.str; default = ""; }; environment = mkOption { - description = lib.mdDoc "Default Alerta environment"; + description = "Default Alerta environment"; type = types.str; default = "Production"; }; origin = mkOption { - description = lib.mdDoc "Default origin of alert"; + description = "Default origin of alert"; type = types.str; default = "kapacitor"; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/karma.nix b/nixpkgs/nixos/modules/services/monitoring/karma.nix index 9883ec4fe841..b7ec5e4ae6fb 100644 --- a/nixpkgs/nixos/modules/services/monitoring/karma.nix +++ b/nixpkgs/nixos/modules/services/monitoring/karma.nix @@ -6,7 +6,7 @@ let in { options.services.karma = { - enable = mkEnableOption (mdDoc "the Karma dashboard service"); + enable = mkEnableOption "the Karma dashboard service"; package = mkPackageOption pkgs "karma" { }; @@ -14,7 +14,7 @@ in type = types.path; default = yaml.generate "karma.yaml" cfg.settings; defaultText = "A configuration file generated from the provided nix attributes settings option."; - description = mdDoc '' + description = '' A YAML config file which can be used to configure karma instead of the nix-generated file. ''; example = "/etc/karma/karma.conf"; @@ -23,7 +23,7 @@ in environment = mkOption { type = with types; attrsOf str; default = {}; - description = mdDoc '' + description = '' Additional environment variables to provide to karma. ''; example = { @@ -35,7 +35,7 @@ in openFirewall = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Whether to open ports in the firewall needed for karma to function. ''; }; @@ -43,7 +43,7 @@ in extraOptions = mkOption { type = with types; listOf str; default = []; - description = mdDoc '' + description = '' Extra command line options. ''; example = [ @@ -59,7 +59,7 @@ in address = mkOption { type = types.str; default = "127.0.0.1"; - description = mdDoc '' + description = '' Hostname or IP to listen on. ''; example = "[::]"; @@ -68,7 +68,7 @@ in port = mkOption { type = types.port; default = 8080; - description = mdDoc '' + description = '' HTTP port to listen on. ''; example = 8182; @@ -80,7 +80,7 @@ in address = "127.0.0.1"; }; }; - description = mdDoc '' + description = '' Karma dashboard configuration as nix attributes. Reference: <https://github.com/prymitive/karma/blob/main/docs/CONFIGURATION.md> diff --git a/nixpkgs/nixos/modules/services/monitoring/kthxbye.nix b/nixpkgs/nixos/modules/services/monitoring/kthxbye.nix index 3be002445722..81f47fba6679 100644 --- a/nixpkgs/nixos/modules/services/monitoring/kthxbye.nix +++ b/nixpkgs/nixos/modules/services/monitoring/kthxbye.nix @@ -7,14 +7,14 @@ in { options.services.kthxbye = { - enable = mkEnableOption (mdDoc "kthxbye alert acknowledgement management daemon"); + enable = mkEnableOption "kthxbye alert acknowledgement management daemon"; package = mkPackageOption pkgs "kthxbye" { }; openFirewall = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Whether to open ports in the firewall needed for the daemon to function. ''; }; @@ -22,7 +22,7 @@ in extraOptions = mkOption { type = with types; listOf str; default = []; - description = mdDoc '' + description = '' Extra command line options. Documentation can be found [here](https://github.com/prymitive/kthxbye/blob/main/README.md). @@ -38,7 +38,7 @@ in timeout = mkOption { type = types.str; default = "1m0s"; - description = mdDoc '' + description = '' Alertmanager request timeout duration in the [time.Duration](https://pkg.go.dev/time#ParseDuration) format. ''; example = "30s"; @@ -46,7 +46,7 @@ in uri = mkOption { type = types.str; default = "http://localhost:9093"; - description = mdDoc '' + description = '' Alertmanager URI to use. ''; example = "https://alertmanager.example.com"; @@ -56,7 +56,7 @@ in extendBy = mkOption { type = types.str; default = "15m0s"; - description = mdDoc '' + description = '' Extend silences by adding DURATION seconds. DURATION should be provided in the [time.Duration](https://pkg.go.dev/time#ParseDuration) format. @@ -67,7 +67,7 @@ in extendIfExpiringIn = mkOption { type = types.str; default = "5m0s"; - description = mdDoc '' + description = '' Extend silences that are about to expire in the next DURATION seconds. DURATION should be provided in the [time.Duration](https://pkg.go.dev/time#ParseDuration) format. @@ -78,7 +78,7 @@ in extendWithPrefix = mkOption { type = types.str; default = "ACK!"; - description = mdDoc '' + description = '' Extend silences with comment starting with PREFIX string. ''; example = "!perma-silence"; @@ -87,7 +87,7 @@ in interval = mkOption { type = types.str; default = "45s"; - description = mdDoc '' + description = '' Silence check interval duration in the [time.Duration](https://pkg.go.dev/time#ParseDuration) format. ''; example = "30s"; @@ -96,7 +96,7 @@ in listenAddress = mkOption { type = types.str; default = "0.0.0.0"; - description = mdDoc '' + description = '' The address to listen on for HTTP requests. ''; example = "127.0.0.1"; @@ -105,7 +105,7 @@ in port = mkOption { type = types.port; default = 8080; - description = mdDoc '' + description = '' The port to listen on for HTTP requests. ''; }; @@ -113,7 +113,7 @@ in logJSON = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Format logged messages as JSON. ''; }; @@ -121,7 +121,7 @@ in maxDuration = mkOption { type = with types; nullOr str; default = null; - description = mdDoc '' + description = '' Maximum duration of a silence, it won't be extended anymore after reaching it. Duration should be provided in the [time.Duration](https://pkg.go.dev/time#ParseDuration) format. diff --git a/nixpkgs/nixos/modules/services/monitoring/loki.nix b/nixpkgs/nixos/modules/services/monitoring/loki.nix index fade3c4fbad3..ba63f95e7f1a 100644 --- a/nixpkgs/nixos/modules/services/monitoring/loki.nix +++ b/nixpkgs/nixos/modules/services/monitoring/loki.nix @@ -12,12 +12,12 @@ let in { options.services.loki = { - enable = mkEnableOption (lib.mdDoc "loki"); + enable = mkEnableOption "loki"; user = mkOption { type = types.str; default = "loki"; - description = lib.mdDoc '' + description = '' User under which the Loki service runs. ''; }; @@ -27,7 +27,7 @@ in { group = mkOption { type = types.str; default = "loki"; - description = lib.mdDoc '' + description = '' Group under which the Loki service runs. ''; }; @@ -35,7 +35,7 @@ in { dataDir = mkOption { type = types.path; default = "/var/lib/loki"; - description = lib.mdDoc '' + description = '' Specify the directory for Loki. ''; }; @@ -43,7 +43,7 @@ in { configuration = mkOption { type = (pkgs.formats.json {}).type; default = {}; - description = lib.mdDoc '' + description = '' Specify the configuration for Loki in Nix. ''; }; @@ -51,7 +51,7 @@ in { configFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Specify a configuration file that Loki should use. ''; }; @@ -60,7 +60,7 @@ in { type = types.listOf types.str; default = []; example = [ "--server.http-listen-port=3101" ]; - description = lib.mdDoc '' + description = '' Specify a list of additional command line flags, which get escaped and are then passed to Loki. ''; diff --git a/nixpkgs/nixos/modules/services/monitoring/longview.nix b/nixpkgs/nixos/modules/services/monitoring/longview.nix index 5825cab0134c..aafe54b994ab 100644 --- a/nixpkgs/nixos/modules/services/monitoring/longview.nix +++ b/nixpkgs/nixos/modules/services/monitoring/longview.nix @@ -16,7 +16,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' If enabled, system metrics will be sent to Linode LongView. ''; }; @@ -25,7 +25,7 @@ in { type = types.str; default = ""; example = "01234567-89AB-CDEF-0123456789ABCDEF"; - description = lib.mdDoc '' + description = '' Longview API key. To get this, look in Longview settings which are found at https://manager.linode.com/longview/. @@ -38,7 +38,7 @@ in { type = types.nullOr types.path; default = null; example = "/run/keys/longview-api-key"; - description = lib.mdDoc '' + description = '' A file containing the Longview API key. To get this, look in Longview settings which are found at https://manager.linode.com/longview/. @@ -51,7 +51,7 @@ in { type = types.str; default = ""; example = "http://127.0.0.1/server-status"; - description = lib.mdDoc '' + description = '' The Apache status page URL. If provided, Longview will gather statistics from this location. This requires Apache mod_status to be loaded and enabled. @@ -62,7 +62,7 @@ in { type = types.str; default = ""; example = "http://127.0.0.1/nginx_status"; - description = lib.mdDoc '' + description = '' The Nginx status page URL. Longview will gather statistics from this URL. This requires the Nginx stub_status module to be enabled and configured at the given location. @@ -72,7 +72,7 @@ in { mysqlUser = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' The user for connecting to the MySQL database. If provided, Longview will connect to MySQL and collect statistics about queries, etc. This user does not need to have been granted @@ -83,7 +83,7 @@ in { mysqlPassword = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' The password corresponding to {option}`mysqlUser`. Warning: this is stored in cleartext in the Nix store! Use {option}`mysqlPasswordFile` instead. @@ -94,7 +94,7 @@ in { type = types.nullOr types.path; default = null; example = "/run/keys/dbpassword"; - description = lib.mdDoc '' + description = '' A file containing the password corresponding to {option}`mysqlUser`. ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/mackerel-agent.nix b/nixpkgs/nixos/modules/services/monitoring/mackerel-agent.nix index d1e84c0359dc..d218c18c4354 100644 --- a/nixpkgs/nixos/modules/services/monitoring/mackerel-agent.nix +++ b/nixpkgs/nixos/modules/services/monitoring/mackerel-agent.nix @@ -7,20 +7,20 @@ let settingsFmt = pkgs.formats.toml {}; in { options.services.mackerel-agent = { - enable = mkEnableOption (lib.mdDoc "mackerel.io agent"); + enable = mkEnableOption "mackerel.io agent"; # the upstream package runs as root, but doesn't seem to be strictly # necessary for basic functionality - runAsRoot = mkEnableOption (lib.mdDoc "running as root"); + runAsRoot = mkEnableOption "running as root"; - autoRetirement = mkEnableOption (lib.mdDoc '' + autoRetirement = mkEnableOption '' retiring the host upon OS shutdown - ''); + ''; apiKeyFile = mkOption { type = types.path; example = "/run/keys/mackerel-api-key"; - description = lib.mdDoc '' + description = '' Path to file containing the Mackerel API key. The file should contain a single line of the following form: @@ -29,7 +29,7 @@ in { }; settings = mkOption { - description = lib.mdDoc '' + description = '' Options for mackerel-agent.conf. Documentation: @@ -48,18 +48,18 @@ in { options.host_status = { on_start = mkOption { type = types.enum [ "working" "standby" "maintenance" "poweroff" ]; - description = lib.mdDoc "Host status after agent startup."; + description = "Host status after agent startup."; default = "working"; }; on_stop = mkOption { type = types.enum [ "working" "standby" "maintenance" "poweroff" ]; - description = lib.mdDoc "Host status after agent shutdown."; + description = "Host status after agent shutdown."; default = "poweroff"; }; }; options.diagnostic = - mkEnableOption (lib.mdDoc "collecting memory usage for the agent itself"); + mkEnableOption "collecting memory usage for the agent itself"; }; }; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/metricbeat.nix b/nixpkgs/nixos/modules/services/monitoring/metricbeat.nix index c3320f695564..fe6f7f1cfcfa 100644 --- a/nixpkgs/nixos/modules/services/monitoring/metricbeat.nix +++ b/nixpkgs/nixos/modules/services/monitoring/metricbeat.nix @@ -20,14 +20,14 @@ in services.metricbeat = { - enable = mkEnableOption (lib.mdDoc "metricbeat"); + enable = mkEnableOption "metricbeat"; package = mkPackageOption pkgs "metricbeat" { example = "metricbeat7"; }; modules = mkOption { - description = lib.mdDoc '' + description = '' Metricbeat modules are responsible for reading metrics from the various sources. This is like `services.metricbeat.settings.metricbeat.modules`, @@ -46,7 +46,7 @@ in module = mkOption { type = types.str; default = name; - description = lib.mdDoc '' + description = '' The name of the module. Look for the value after `module:` on the individual @@ -75,7 +75,7 @@ in name = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Name of the beat. Defaults to the hostname. See <https://www.elastic.co/guide/en/beats/metricbeat/current/configuration-general-options.html#_name>. ''; @@ -84,7 +84,7 @@ in tags = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' Tags to place on the shipped metrics. See <https://www.elastic.co/guide/en/beats/metricbeat/current/configuration-general-options.html#_tags_2>. ''; @@ -94,7 +94,7 @@ in type = types.listOf settingsFormat.type; default = []; internal = true; - description = lib.mdDoc '' + description = '' The metric collecting modules. Use [](#opt-services.metricbeat.modules) instead. See <https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-modules.html>. @@ -103,7 +103,7 @@ in }; }; default = {}; - description = lib.mdDoc '' + description = '' Configuration for metricbeat. See <https://www.elastic.co/guide/en/beats/metricbeat/current/configuring-howto-metricbeat.html> for supported values. ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/mimir.nix b/nixpkgs/nixos/modules/services/monitoring/mimir.nix index 117cbf6a4a8c..76fff95ae597 100644 --- a/nixpkgs/nixos/modules/services/monitoring/mimir.nix +++ b/nixpkgs/nixos/modules/services/monitoring/mimir.nix @@ -8,12 +8,12 @@ let settingsFormat = pkgs.formats.yaml {}; in { options.services.mimir = { - enable = mkEnableOption (lib.mdDoc "mimir"); + enable = mkEnableOption "mimir"; configuration = mkOption { type = (pkgs.formats.json {}).type; default = {}; - description = lib.mdDoc '' + description = '' Specify the configuration for Mimir in Nix. ''; }; @@ -21,7 +21,7 @@ in { configFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Specify a configuration file that Mimir should use. ''; }; @@ -32,7 +32,7 @@ in { type = types.listOf types.str; default = []; example = [ "--config.expand-env=true" ]; - description = lib.mdDoc '' + description = '' Specify a list of additional command line flags, which get escaped and are then passed to Mimir. ''; diff --git a/nixpkgs/nixos/modules/services/monitoring/monit.nix b/nixpkgs/nixos/modules/services/monitoring/monit.nix index a22bbc9046ba..379ee967620e 100644 --- a/nixpkgs/nixos/modules/services/monitoring/monit.nix +++ b/nixpkgs/nixos/modules/services/monitoring/monit.nix @@ -9,12 +9,12 @@ in { options.services.monit = { - enable = mkEnableOption (lib.mdDoc "Monit"); + enable = mkEnableOption "Monit"; config = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "monitrc content"; + description = "monitrc content"; }; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/munin.nix b/nixpkgs/nixos/modules/services/monitoring/munin.nix index 456a14169b95..401f6383cb57 100644 --- a/nixpkgs/nixos/modules/services/monitoring/munin.nix +++ b/nixpkgs/nixos/modules/services/monitoring/munin.nix @@ -143,7 +143,7 @@ in enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Enable Munin Node agent. Munin node listens on 0.0.0.0 and by default accepts connections only from 127.0.0.1 for security reasons. @@ -154,7 +154,7 @@ in extraConfig = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' {file}`munin-node.conf` extra configuration. See <https://guide.munin-monitoring.org/en/latest/reference/munin-node.conf.html> ''; @@ -163,7 +163,7 @@ in extraPluginConfig = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' {file}`plugin-conf.d` extra plugin configuration. See <https://guide.munin-monitoring.org/en/latest/plugin/use.html> ''; @@ -176,7 +176,7 @@ in extraPlugins = mkOption { default = {}; type = with types; attrsOf path; - description = lib.mdDoc '' + description = '' Additional Munin plugins to activate. Keys are the name of the plugin symlink, values are the path to the underlying plugin script. You can use the same plugin script multiple times (e.g. for wildcard @@ -206,7 +206,7 @@ in extraAutoPlugins = mkOption { default = []; type = with types; listOf path; - description = lib.mdDoc '' + description = '' Additional Munin plugins to autoconfigure, using `munin-node-configure --suggest`. These should be the actual paths to the plugin files (or directories containing them), @@ -239,7 +239,7 @@ in # NaNs in the output. default = [ "munin_stats" ]; type = with types; listOf str; - description = lib.mdDoc '' + description = '' Munin plugins to disable, even if `munin-node-configure --suggest` tries to enable them. To disable a wildcard plugin, use an actual wildcard, as in @@ -258,7 +258,7 @@ in enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Enable munin-cron. Takes care of all heavy lifting to collect data from nodes and draws graphs to html. Runs munin-update, munin-limits, munin-graphs and munin-html in that order. @@ -271,7 +271,7 @@ in extraGlobalConfig = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' {file}`munin.conf` extra global configuration. See <https://guide.munin-monitoring.org/en/latest/reference/munin.conf.html>. Useful to setup notifications, see @@ -285,7 +285,7 @@ in hosts = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Definitions of hosts of nodes to collect data from. Needs at least one host for cron to succeed. See <https://guide.munin-monitoring.org/en/latest/reference/munin.conf.html> @@ -301,7 +301,7 @@ in extraCSS = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Custom styling for the HTML that munin-cron generates. This will be appended to the CSS files used by munin-cron and will thus take precedence over the builtin styles. diff --git a/nixpkgs/nixos/modules/services/monitoring/nagios.nix b/nixpkgs/nixos/modules/services/monitoring/nagios.nix index dc5fa1be2922..27fc0a1ff3b9 100644 --- a/nixpkgs/nixos/modules/services/monitoring/nagios.nix +++ b/nixpkgs/nixos/modules/services/monitoring/nagios.nix @@ -88,10 +88,10 @@ in options = { services.nagios = { - enable = mkEnableOption (lib.mdDoc ''[Nagios](https://www.nagios.org/) to monitor your system or network.''); + enable = mkEnableOption ''[Nagios](https://www.nagios.org/) to monitor your system or network.''; objectDefs = mkOption { - description = lib.mdDoc '' + description = '' A list of Nagios object configuration files that must define the hosts, host groups, services and contacts for the network that you want Nagios to monitor. @@ -104,7 +104,7 @@ in type = types.listOf types.package; default = with pkgs; [ monitoring-plugins msmtp mailutils ]; defaultText = literalExpression "[pkgs.monitoring-plugins pkgs.msmtp pkgs.mailutils]"; - description = lib.mdDoc '' + description = '' Packages to be added to the Nagios {env}`PATH`. Typically used to add plugins, but can be anything. ''; @@ -113,7 +113,7 @@ in mainConfigFile = mkOption { type = types.nullOr types.package; default = null; - description = lib.mdDoc '' + description = '' If non-null, overrides the main configuration file of Nagios. ''; }; @@ -125,21 +125,21 @@ in debug_file = "/var/log/nagios/debug.log"; }; default = {}; - description = lib.mdDoc "Configuration to add to /etc/nagios.cfg"; + description = "Configuration to add to /etc/nagios.cfg"; }; validateConfig = mkOption { type = types.bool; default = pkgs.stdenv.hostPlatform == pkgs.stdenv.buildPlatform; defaultText = literalExpression "pkgs.stdenv.hostPlatform == pkgs.stdenv.buildPlatform"; - description = lib.mdDoc "if true, the syntax of the nagios configuration file is checked at build time"; + description = "if true, the syntax of the nagios configuration file is checked at build time"; }; cgiConfigFile = mkOption { type = types.package; default = nagiosCGICfgFile; defaultText = literalExpression "nagiosCGICfgFile"; - description = lib.mdDoc '' + description = '' Derivation for the configuration file of Nagios CGI scripts that can be used in web servers for running the Nagios web interface. ''; @@ -148,7 +148,7 @@ in enableWebInterface = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the Nagios web interface. You should also enable Apache ({option}`services.httpd.enable`). ''; @@ -164,7 +164,7 @@ in sslServerKey = "/var/lib/acme/example.org/key.pem"; } ''; - description = lib.mdDoc '' + description = '' Apache configuration can be done by adapting {option}`services.httpd.virtualHosts`. See [](#opt-services.httpd.virtualHosts) for further information. ''; diff --git a/nixpkgs/nixos/modules/services/monitoring/netdata.nix b/nixpkgs/nixos/modules/services/monitoring/netdata.nix index 5cf3c096397c..90e00e91deed 100644 --- a/nixpkgs/nixos/modules/services/monitoring/netdata.nix +++ b/nixpkgs/nixos/modules/services/monitoring/netdata.nix @@ -50,25 +50,25 @@ let in { options = { services.netdata = { - enable = mkEnableOption (lib.mdDoc "netdata"); + enable = mkEnableOption "netdata"; package = mkPackageOption pkgs "netdata" { }; user = mkOption { type = types.str; default = "netdata"; - description = lib.mdDoc "User account under which netdata runs."; + description = "User account under which netdata runs."; }; group = mkOption { type = types.str; default = "netdata"; - description = lib.mdDoc "Group under which netdata runs."; + description = "Group under which netdata runs."; }; configText = mkOption { type = types.nullOr types.lines; - description = lib.mdDoc "Verbatim netdata.conf, cannot be combined with config."; + description = "Verbatim netdata.conf, cannot be combined with config."; default = null; example = '' [global] @@ -82,7 +82,7 @@ in { enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable python-based plugins ''; }; @@ -97,7 +97,7 @@ in { ps.dnspython ] ''; - description = lib.mdDoc '' + description = '' Extra python packages available at runtime to enable additional python plugins. ''; @@ -110,7 +110,7 @@ in { example = literalExpression '' [ "/path/to/plugins.d" ] ''; - description = lib.mdDoc '' + description = '' Extra paths to add to the netdata global "plugins directory" option. Useful for when you want to include your own collection scripts. @@ -125,7 +125,7 @@ in { config = mkOption { type = types.attrsOf types.attrs; default = {}; - description = lib.mdDoc "netdata.conf configuration as nix attributes. cannot be combined with configText."; + description = "netdata.conf configuration as nix attributes. cannot be combined with configText."; example = literalExpression '' global = { "debug log" = "syslog"; @@ -138,7 +138,7 @@ in { configDir = mkOption { type = types.attrsOf types.path; default = {}; - description = lib.mdDoc '' + description = '' Complete netdata config directory except netdata.conf. The default configuration is merged with changes defined in this option. @@ -158,7 +158,7 @@ in { claimTokenFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' If set, automatically registers the agent using the given claim token file. ''; @@ -167,7 +167,7 @@ in { enableAnalyticsReporting = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable reporting of anonymous usage statistics to Netdata Inc. via either Google Analytics (in versions prior to 1.29.4), or Netdata Inc.'s self-hosted PostHog (in versions 1.29.4 and later). @@ -178,7 +178,7 @@ in { deadlineBeforeStopSec = mkOption { type = types.int; default = 120; - description = lib.mdDoc '' + description = '' In order to detect when netdata is misbehaving, we run a concurrent task pinging netdata (wait-for-netdata-up) in the systemd unit. diff --git a/nixpkgs/nixos/modules/services/monitoring/nezha-agent.nix b/nixpkgs/nixos/modules/services/monitoring/nezha-agent.nix new file mode 100644 index 000000000000..8312a425d28f --- /dev/null +++ b/nixpkgs/nixos/modules/services/monitoring/nezha-agent.nix @@ -0,0 +1,103 @@ +{ + config, + lib, + pkgs, + ... +}: +let + cfg = config.services.nezha-agent; +in +{ + meta = { + maintainers = with lib.maintainers; [ moraxyc ]; + }; + options = { + services.nezha-agent = { + enable = lib.mkEnableOption "Agent of Nezha Monitoring"; + + package = lib.mkPackageOption pkgs "nezha-agent" { }; + debug = lib.mkEnableOption "verbose log"; + tls = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + Enable SSL/TLS encryption. + ''; + }; + disableCommandExecute = lib.mkOption { + type = lib.types.bool; + default = true; + description = '' + Disable executing the command from dashboard. + ''; + }; + skipConnection = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + Do not monitor the number of connections. + ''; + }; + skipProcess = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + Do not monitor the number of processes. + ''; + }; + reportDelay = lib.mkOption { + type = lib.types.enum [ 1 2 3 4 ]; + default = 1; + description = '' + The interval between system status reportings. + The value must be an integer from 1 to 4 + ''; + }; + passwordFile = lib.mkOption { + type = with lib.types; nullOr str; + default = null; + description = '' + Path to the file contained the password from dashboard. + ''; + }; + server = lib.mkOption { + type = lib.types.str; + description = '' + Address to the dashboard + ''; + }; + }; + }; + + config = lib.mkIf cfg.enable { + systemd.packages = [ cfg.package ]; + + systemd.services.nezha-agent = { + serviceConfig = { + ProtectSystem = "full"; + PrivateDevices = "yes"; + PrivateTmp = "yes"; + NoNewPrivileges = true; + }; + path = [ cfg.package ]; + startLimitIntervalSec = 10; + startLimitBurst = 3; + script = lib.concatStringsSep " " ( + [ + "${cfg.package}/bin/agent" + "--disable-auto-update" + "--disable-force-update" + "--password $(cat ${cfg.passwordFile})" + ] + ++ lib.optional cfg.debug "--debug" + ++ lib.optional cfg.disableCommandExecute "--disable-command-execute" + ++ lib.optional (cfg.reportDelay != null) "--report-delay ${toString cfg.reportDelay}" + ++ lib.optional (cfg.server != null) "--server ${cfg.server}" + ++ lib.optional cfg.skipConnection "--skip-conn" + ++ lib.optional cfg.skipProcess "--skip-procs" + ++ lib.optional cfg.tls "--tls" + ); + wantedBy = [ "multi-user.target" ]; + }; + }; +} diff --git a/nixpkgs/nixos/modules/services/monitoring/ocsinventory-agent.nix b/nixpkgs/nixos/modules/services/monitoring/ocsinventory-agent.nix index a36375587759..591738ed4ef7 100644 --- a/nixpkgs/nixos/modules/services/monitoring/ocsinventory-agent.nix +++ b/nixpkgs/nixos/modules/services/monitoring/ocsinventory-agent.nix @@ -16,7 +16,7 @@ in options = { services.ocsinventory-agent = { - enable = lib.mkEnableOption (lib.mdDoc "OCS Inventory Agent"); + enable = lib.mkEnableOption "OCS Inventory Agent"; package = lib.mkPackageOption pkgs "ocsinventory-agent" { }; @@ -29,7 +29,7 @@ in type = lib.types.nullOr lib.types.str; example = "https://ocsinventory.localhost:8080/ocsinventory"; default = null; - description = lib.mdDoc '' + description = '' The URI of the OCS Inventory server where to send the inventory file. This option is ignored if {option}`services.ocsinventory-agent.settings.local` is set. @@ -40,7 +40,7 @@ in type = lib.types.nullOr lib.types.path; example = "/var/lib/ocsinventory-agent/reports"; default = null; - description = lib.mdDoc '' + description = '' If specified, the OCS Inventory Agent will run in offline mode and the resulting inventory file will be stored in the specified path. ''; @@ -49,7 +49,7 @@ in ca = lib.mkOption { type = lib.types.path; default = "/etc/ssl/certs/ca-certificates.crt"; - description = lib.mdDoc '' + description = '' Path to CA certificates file in PEM format, for server SSL certificate validation. ''; @@ -59,10 +59,10 @@ in type = lib.types.nullOr lib.types.str; default = null; example = "01234567890123"; - description = lib.mdDoc "Tag for the generated inventory."; + description = "Tag for the generated inventory."; }; - debug = lib.mkEnableOption (lib.mdDoc "debug mode"); + debug = lib.mkEnableOption "debug mode"; }; }; default = { }; @@ -72,7 +72,7 @@ in server = "https://ocsinventory.localhost:8080/ocsinventory"; tag = "01234567890123"; }; - description = lib.mdDoc '' + description = '' Configuration for /etc/ocsinventory-agent/ocsinventory-agent.cfg. Refer to @@ -84,7 +84,7 @@ in type = lib.types.str; default = "daily"; example = "06:00"; - description = lib.mdDoc '' + description = '' How often we run the ocsinventory-agent service. Runs by default every daily. The format is described in diff --git a/nixpkgs/nixos/modules/services/monitoring/opentelemetry-collector.nix b/nixpkgs/nixos/modules/services/monitoring/opentelemetry-collector.nix index 83ad550dcdf3..459cc8532490 100644 --- a/nixpkgs/nixos/modules/services/monitoring/opentelemetry-collector.nix +++ b/nixpkgs/nixos/modules/services/monitoring/opentelemetry-collector.nix @@ -9,14 +9,14 @@ let settingsFormat = pkgs.formats.yaml {}; in { options.services.opentelemetry-collector = { - enable = mkEnableOption (lib.mdDoc "Opentelemetry Collector"); + enable = mkEnableOption "Opentelemetry Collector"; package = mkPackageOption pkgs "opentelemetry-collector" { }; settings = mkOption { type = settingsFormat.type; default = {}; - description = lib.mdDoc '' + description = '' Specify the configuration for Opentelemetry Collector in Nix. See https://opentelemetry.io/docs/collector/configuration/ for available options. @@ -26,7 +26,7 @@ in { configFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Specify a path to a configuration file that Opentelemetry Collector should use. ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/osquery.nix b/nixpkgs/nixos/modules/services/monitoring/osquery.nix index 86ef3fc73213..872f5e96a412 100644 --- a/nixpkgs/nixos/modules/services/monitoring/osquery.nix +++ b/nixpkgs/nixos/modules/services/monitoring/osquery.nix @@ -26,11 +26,11 @@ let in { options.services.osquery = { - enable = mkEnableOption (mdDoc "osqueryd daemon"); + enable = mkEnableOption "osqueryd daemon"; settings = mkOption { default = { }; - description = mdDoc '' + description = '' Configuration to be written to the osqueryd JSON configuration file. To understand the configuration format, refer to https://osquery.readthedocs.io/en/stable/deployment/configuration/#configuration-components. ''; @@ -42,7 +42,7 @@ in flags = mkOption { default = { }; - description = mdDoc '' + description = '' Attribute set of flag names and values to be written to the osqueryd flagfile. For more information, refer to https://osquery.readthedocs.io/en/stable/installation/cli-flags. ''; @@ -56,19 +56,19 @@ in database_path = mkOption { default = "/var/lib/osquery/osquery.db"; readOnly = true; - description = mdDoc "Path used for the database file."; + description = "Path used for the database file."; type = path; }; logger_path = mkOption { default = "/var/log/osquery"; readOnly = true; - description = mdDoc "Base directory used for logging."; + description = "Base directory used for logging."; type = path; }; pidfile = mkOption { default = "/run/osquery/osqueryd.pid"; readOnly = true; - description = mdDoc "Path used for pid file."; + description = "Path used for pid file."; type = path; }; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix b/nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix index a146e7ab9543..a14ade59c29e 100644 --- a/nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix +++ b/nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix @@ -20,16 +20,16 @@ in { options.services.parsedmarc = { - enable = lib.mkEnableOption (lib.mdDoc '' + enable = lib.mkEnableOption '' parsedmarc, a DMARC report monitoring service - ''); + ''; provision = { localMail = { enable = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether Postfix and Dovecot should be set up to receive mail locally. parsedmarc will be configured to watch the local inbox as the automatically created user specified in @@ -40,7 +40,7 @@ in recipientName = lib.mkOption { type = lib.types.str; default = "dmarc"; - description = lib.mdDoc '' + description = '' The DMARC mail recipient name, i.e. the name part of the email address which receives DMARC reports. @@ -54,7 +54,7 @@ in default = config.networking.fqdn; defaultText = lib.literalExpression "config.networking.fqdn"; example = "monitoring.example.com"; - description = lib.mdDoc '' + description = '' The hostname to use when configuring Postfix. Should correspond to the host's fully qualified domain @@ -68,7 +68,7 @@ in geoIp = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable and configure the [geoipupdate](#opt-services.geoipupdate.enable) service to automatically fetch GeoIP databases. Not crucial, but recommended for full functionality. @@ -82,7 +82,7 @@ in elasticsearch = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to set up and use a local instance of Elasticsearch. ''; }; @@ -95,7 +95,7 @@ in config.${opt.provision.elasticsearch} && config.${options.services.grafana.enable} ''; apply = x: x && cfg.provision.elasticsearch; - description = lib.mdDoc '' + description = '' Whether the automatically provisioned Elasticsearch instance should be added as a grafana datasource. Has no effect unless @@ -108,7 +108,7 @@ in type = lib.types.bool; default = config.services.grafana.enable; defaultText = lib.literalExpression "config.services.grafana.enable"; - description = lib.mdDoc '' + description = '' Whether the official parsedmarc grafana dashboard should be provisioned to the local grafana instance. ''; @@ -135,7 +135,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' Configuration parameters to set in {file}`parsedmarc.ini`. For a full list of available parameters, see @@ -159,7 +159,7 @@ in save_aggregate = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc '' + description = '' Save aggregate report data to Elasticsearch and/or Splunk. ''; }; @@ -167,7 +167,7 @@ in save_forensic = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc '' + description = '' Save forensic report data to Elasticsearch and/or Splunk. ''; }; @@ -177,7 +177,7 @@ in watch = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc '' + description = '' Use the IMAP IDLE command to process messages as they arrive. ''; }; @@ -185,7 +185,7 @@ in delete = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Delete messages after processing them, instead of archiving them. ''; }; @@ -195,7 +195,7 @@ in host = lib.mkOption { type = lib.types.str; default = "localhost"; - description = lib.mdDoc '' + description = '' The IMAP server hostname or IP address. ''; }; @@ -203,7 +203,7 @@ in port = lib.mkOption { type = lib.types.port; default = 993; - description = lib.mdDoc '' + description = '' The IMAP server port. ''; }; @@ -211,7 +211,7 @@ in ssl = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc '' + description = '' Use an encrypted SSL/TLS connection. ''; }; @@ -219,7 +219,7 @@ in user = lib.mkOption { type = with lib.types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' The IMAP server username. ''; }; @@ -227,7 +227,7 @@ in password = lib.mkOption { type = with lib.types; nullOr (either path (attrsOf path)); default = null; - description = lib.mdDoc '' + description = '' The IMAP server password. Always handled as a secret whether the value is @@ -243,7 +243,7 @@ in host = lib.mkOption { type = with lib.types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' The SMTP server hostname or IP address. ''; }; @@ -251,7 +251,7 @@ in port = lib.mkOption { type = with lib.types; nullOr port; default = null; - description = lib.mdDoc '' + description = '' The SMTP server port. ''; }; @@ -259,7 +259,7 @@ in ssl = lib.mkOption { type = with lib.types; nullOr bool; default = null; - description = lib.mdDoc '' + description = '' Use an encrypted SSL/TLS connection. ''; }; @@ -267,7 +267,7 @@ in user = lib.mkOption { type = with lib.types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' The SMTP server username. ''; }; @@ -275,7 +275,7 @@ in password = lib.mkOption { type = with lib.types; nullOr (either path (attrsOf path)); default = null; - description = lib.mdDoc '' + description = '' The SMTP server password. Always handled as a secret whether the value is @@ -289,7 +289,7 @@ in from = lib.mkOption { type = with lib.types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' The `From` address to use for the outgoing mail. ''; @@ -298,10 +298,10 @@ in to = lib.mkOption { type = with lib.types; nullOr (listOf str); default = null; - description = lib.mdDoc '' + description = '' The addresses to send outgoing mail to. ''; - apply = x: if x == [] then null else lib.concatStringsSep "," x; + apply = x: if x == [] || x == null then null else lib.concatStringsSep "," x; }; }; @@ -310,7 +310,7 @@ in default = []; type = with lib.types; listOf str; apply = x: if x == [] then null else lib.concatStringsSep "," x; - description = lib.mdDoc '' + description = '' A list of Elasticsearch hosts to push parsed reports to. ''; @@ -319,7 +319,7 @@ in user = lib.mkOption { type = with lib.types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Username to use when connecting to Elasticsearch, if required. ''; @@ -328,7 +328,7 @@ in password = lib.mkOption { type = with lib.types; nullOr (either path (attrsOf path)); default = null; - description = lib.mdDoc '' + description = '' The password to use when connecting to Elasticsearch, if required. @@ -343,7 +343,7 @@ in ssl = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to use an encrypted SSL/TLS connection. ''; }; @@ -351,7 +351,7 @@ in cert_path = lib.mkOption { type = lib.types.path; default = "/etc/ssl/certs/ca-certificates.crt"; - description = lib.mdDoc '' + description = '' The path to a TLS certificate bundle used to verify the server's certificate. ''; @@ -438,7 +438,7 @@ in ]; dashboards.settings.providers = lib.mkIf cfg.provision.grafana.dashboard [{ name = "parsedmarc"; - options.path = "${pkgs.python3Packages.parsedmarc.dashboard}"; + options.path = "${pkgs.parsedmarc.dashboard}"; }]; }; }; @@ -446,7 +446,7 @@ in services.parsedmarc.settings = lib.mkMerge [ (lib.mkIf cfg.provision.elasticsearch { elasticsearch = { - hosts = [ "localhost:9200" ]; + hosts = [ "http://localhost:9200" ]; ssl = false; }; }) @@ -530,7 +530,7 @@ in MemoryDenyWriteExecute = true; LockPersonality = true; SystemCallArchitectures = "native"; - ExecStart = "${pkgs.python3Packages.parsedmarc}/bin/parsedmarc -c /run/parsedmarc/parsedmarc.ini"; + ExecStart = "${lib.getExe pkgs.parsedmarc} -c /run/parsedmarc/parsedmarc.ini"; }; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager-irc-relay.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager-irc-relay.nix index 9b9bafa09441..eda4277c1bac 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager-irc-relay.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager-irc-relay.nix @@ -10,14 +10,14 @@ let in { options.services.prometheus.alertmanagerIrcRelay = { - enable = mkEnableOption (mdDoc "Alertmanager IRC Relay"); + enable = mkEnableOption "Alertmanager IRC Relay"; package = mkPackageOption pkgs "alertmanager-irc-relay" { }; extraFlags = mkOption { type = types.listOf types.str; default = []; - description = mdDoc "Extra command line options to pass to alertmanager-irc-relay."; + description = "Extra command line options to pass to alertmanager-irc-relay."; }; settings = mkOption { @@ -36,7 +36,7 @@ in ]; } ''; - description = mdDoc '' + description = '' Configuration for Alertmanager IRC Relay as a Nix attribute set. For a reference, check out the [example configuration](https://github.com/google/alertmanager-irc-relay#configuring-and-running-the-bot) diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix index bb426d8b7beb..d1d8f2caaf63 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix @@ -42,14 +42,14 @@ in { options = { services.prometheus.alertmanager = { - enable = mkEnableOption (lib.mdDoc "Prometheus Alertmanager"); + enable = mkEnableOption "Prometheus Alertmanager"; package = mkPackageOption pkgs "prometheus-alertmanager" { }; configuration = mkOption { type = types.nullOr types.attrs; default = null; - description = lib.mdDoc '' + description = '' Alertmanager configuration as nix attribute set. ''; }; @@ -57,7 +57,7 @@ in { configText = mkOption { type = types.nullOr types.lines; default = null; - description = lib.mdDoc '' + description = '' Alertmanager configuration as YAML text. If non-null, this option defines the text that is written to alertmanager.yml. If null, the contents of alertmanager.yml is generated from the structured config @@ -68,7 +68,7 @@ in { checkConfig = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Check configuration with `amtool check-config`. The call to `amtool` is subject to sandboxing by Nix. @@ -82,7 +82,7 @@ in { logFormat = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' If set use a syslog logger or JSON logging. ''; }; @@ -90,7 +90,7 @@ in { logLevel = mkOption { type = types.enum ["debug" "info" "warn" "error" "fatal"]; default = "warn"; - description = lib.mdDoc '' + description = '' Only log messages with the given severity or above. ''; }; @@ -98,7 +98,7 @@ in { webExternalUrl = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The URL under which Alertmanager is externally reachable (for example, if Alertmanager is served via a reverse proxy). Used for generating relative and absolute links back to Alertmanager itself. If the URL has a path portion, it will be used to prefix all HTTP endoints served by Alertmanager. @@ -109,7 +109,7 @@ in { listenAddress = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Address to listen on for the web interface and API. Empty string will listen on all interfaces. "localhost" will listen on 127.0.0.1 (but not ::1). ''; @@ -118,7 +118,7 @@ in { port = mkOption { type = types.port; default = 9093; - description = lib.mdDoc '' + description = '' Port to listen on for the web interface and API. ''; }; @@ -126,7 +126,7 @@ in { openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Open port in firewall for incoming connections. ''; }; @@ -134,7 +134,7 @@ in { clusterPeers = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' Initial peers for HA cluster. ''; }; @@ -142,7 +142,7 @@ in { extraFlags = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' Extra commandline options when launching the Alertmanager. ''; }; @@ -151,7 +151,7 @@ in { type = types.nullOr types.path; default = null; example = "/root/alertmanager.env"; - description = lib.mdDoc '' + description = '' File to load as environment file. Environment variables from this file will be interpolated into the config file using envsubst with this syntax: diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix index b4ac8e21451a..7e707a13b790 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix @@ -110,7 +110,7 @@ let mkOpt = type: description: mkOption { type = types.nullOr type; default = null; - description = lib.mdDoc description; + description = description; }; mkSdConfigModule = extraOptions: types.submodule { @@ -188,7 +188,7 @@ let options = { username = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' HTTP username ''; }; @@ -255,13 +255,13 @@ let authorization = mkOption { type = types.nullOr types.attrs; default = null; - description = lib.mdDoc '' + description = '' Sets the `Authorization` header on every scrape request with the configured credentials. ''; }; job_name = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The job name assigned to scraped metrics by default. ''; }; @@ -516,7 +516,7 @@ let subscription_id = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The subscription ID. ''; }; @@ -537,7 +537,7 @@ let Refresh interval to re-read the instance list. ''; - port = mkDefOpt types.int "80" '' + port = mkDefOpt types.port "80" '' The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. @@ -609,7 +609,7 @@ let }; promTypes.digitalocean_sd_config = mkSdConfigModule { - port = mkDefOpt types.int "80" '' + port = mkDefOpt types.port "80" '' The port to scrape metrics from. ''; @@ -621,12 +621,12 @@ let mkDockerSdConfigModule = extraOptions: mkSdConfigModule ({ host = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Address of the Docker daemon. ''; }; - port = mkDefOpt types.int "80" '' + port = mkDefOpt types.port "80" '' The port to scrape metrics from, when `role` is nodes, and for discovered tasks and services that don't have published ports. ''; @@ -636,7 +636,7 @@ let options = { name = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Name of the filter. The available filters are listed in the upstream documentation: Services: <https://docs.docker.com/engine/api/v1.40/#operation/ServiceList> Tasks: <https://docs.docker.com/engine/api/v1.40/#operation/TaskList> @@ -645,7 +645,7 @@ let }; values = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Value for the filter. ''; }; @@ -668,7 +668,7 @@ let promTypes.dockerswarm_sd_config = mkDockerSdConfigModule { role = mkOption { type = types.enum [ "services" "tasks" "nodes" ]; - description = lib.mdDoc '' + description = '' Role of the targets to retrieve. Must be `services`, `tasks`, or `nodes`. ''; }; @@ -678,7 +678,7 @@ let options = { names = mkOption { type = types.listOf types.str; - description = lib.mdDoc '' + description = '' A list of DNS SRV record names to be queried. ''; }; @@ -687,7 +687,7 @@ let The type of DNS query to perform. One of SRV, A, or AAAA. ''; - port = mkOpt types.int '' + port = mkOpt types.port '' The port number used if the query type is not SRV. ''; @@ -701,7 +701,7 @@ let options = { region = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The AWS Region. If blank, the region from the instance metadata is used. ''; }; @@ -731,7 +731,7 @@ let Refresh interval to re-read the instance list. ''; - port = mkDefOpt types.int "80" '' + port = mkDefOpt types.port "80" '' The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. @@ -742,7 +742,7 @@ let options = { name = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' See [this list](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html) for the available filters. ''; @@ -751,7 +751,7 @@ let values = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc '' + description = '' Value of the filter. ''; }; @@ -765,7 +765,7 @@ let promTypes.eureka_sd_config = mkSdConfigModule { server = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The URL to connect to the Eureka server. ''; }; @@ -775,7 +775,7 @@ let options = { files = mkOption { type = types.listOf types.str; - description = lib.mdDoc '' + description = '' Patterns for files from which target groups are extracted. Refer to the Prometheus documentation for permitted filename patterns and formats. @@ -794,14 +794,14 @@ let # required configuration values for `gce_sd_config`. project = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The GCP Project. ''; }; zone = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The zone of the scrape targets. If you need multiple zones use multiple gce_sd_configs. ''; @@ -834,13 +834,13 @@ let promTypes.hetzner_sd_config = mkSdConfigModule { role = mkOption { type = types.enum [ "robot" "hcloud" ]; - description = lib.mdDoc '' + description = '' The Hetzner role of entities that should be discovered. One of `robot` or `hcloud`. ''; }; - port = mkDefOpt types.int "80" '' + port = mkDefOpt types.port "80" '' The port to scrape metrics from. ''; @@ -853,7 +853,7 @@ let options = { url = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' URL from which the targets are fetched. ''; }; @@ -890,7 +890,7 @@ let role = mkOption { type = types.enum [ "endpoints" "service" "pod" "node" "ingress" ]; - description = lib.mdDoc '' + description = '' The Kubernetes role of entities that should be discovered. One of endpoints, service, pod, node, or ingress. ''; @@ -921,7 +921,7 @@ let options = { role = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Selector role ''; }; @@ -955,7 +955,7 @@ let promTypes.kuma_sd_config = mkSdConfigModule { server = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Address of the Kuma Control Plane's MADS xDS server. ''; }; @@ -999,7 +999,7 @@ let Refresh interval to re-read the instance list. ''; - port = mkDefOpt types.int "80" '' + port = mkDefOpt types.port "80" '' The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. ''; @@ -1007,7 +1007,7 @@ let }; promTypes.linode_sd_config = mkSdConfigModule { - port = mkDefOpt types.int "80" '' + port = mkDefOpt types.port "80" '' The port to scrape metrics from. ''; @@ -1023,7 +1023,7 @@ let promTypes.marathon_sd_config = mkSdConfigModule { servers = mkOption { type = types.listOf types.str; - description = lib.mdDoc '' + description = '' List of URLs to be used to contact Marathon servers. You need to provide at least one server URL. ''; }; @@ -1049,14 +1049,14 @@ let options = { servers = mkOption { type = types.listOf types.str; - description = lib.mdDoc '' + description = '' The Zookeeper servers. ''; }; paths = mkOption { type = types.listOf types.str; - description = lib.mdDoc '' + description = '' Paths can point to a single service, or the root of a tree of services. ''; }; @@ -1098,14 +1098,14 @@ let { role = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The OpenStack role of entities that should be discovered. ''; }; region = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The OpenStack Region. ''; }; @@ -1148,7 +1148,7 @@ let Refresh interval to re-read the instance list. ''; - port = mkDefOpt types.int "80" '' + port = mkDefOpt types.port "80" '' The port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule. ''; @@ -1166,14 +1166,14 @@ let promTypes.puppetdb_sd_config = mkSdConfigModule { url = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The URL of the PuppetDB root query endpoint. ''; }; query = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Puppet Query Language (PQL) query. Only resources are supported. https://puppet.com/docs/puppetdb/latest/api/query/v4/pql.html ''; @@ -1193,7 +1193,7 @@ let Refresh interval to re-read the resources list. ''; - port = mkDefOpt types.int "80" '' + port = mkDefOpt types.port "80" '' The port to scrape metrics from. ''; }; @@ -1202,7 +1202,7 @@ let options = { access_key = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Access key to use. https://console.scaleway.com/project/credentials ''; }; @@ -1219,19 +1219,19 @@ let project_id = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Project ID of the targets. ''; }; role = mkOption { type = types.enum [ "instance" "baremetal" ]; - description = lib.mdDoc '' + description = '' Role of the targets to retrieve. Must be `instance` or `baremetal`. ''; }; - port = mkDefOpt types.int "80" '' + port = mkDefOpt types.port "80" '' The port to scrape metrics from. ''; @@ -1276,7 +1276,7 @@ let options = { account = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The account to use for discovering new targets. ''; }; @@ -1289,14 +1289,14 @@ let dns_suffix = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The DNS suffix which should be applied to target. ''; }; endpoint = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The Triton discovery endpoint (e.g. `cmon.us-east-3b.triton.zone`). This is often the same value as dns_suffix. ''; @@ -1307,7 +1307,7 @@ let If omitted all containers owned by the requesting account are scraped. ''; - port = mkDefOpt types.int "9163" '' + port = mkDefOpt types.port "9163" '' The port to use for discovery and metric scraping. ''; @@ -1328,21 +1328,21 @@ let promTypes.uyuni_sd_config = mkSdConfigModule { server = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The URL to connect to the Uyuni server. ''; }; username = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Credentials are used to authenticate the requests to Uyuni API. ''; }; password = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Credentials are used to authenticate the requests to Uyuni API. ''; }; @@ -1364,14 +1364,14 @@ let options = { targets = mkOption { type = types.listOf types.str; - description = lib.mdDoc '' + description = '' The targets specified by the target group. ''; }; labels = mkOption { type = types.attrsOf types.str; default = { }; - description = lib.mdDoc '' + description = '' Labels assigned to all metrics scraped from the targets. ''; }; @@ -1427,7 +1427,7 @@ let options = { url = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' ServerName extension to indicate the name of the server. http://tools.ietf.org/html/rfc4366#section-3.1 ''; @@ -1517,7 +1517,7 @@ let options = { url = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' ServerName extension to indicate the name of the server. http://tools.ietf.org/html/rfc4366#section-3.1 ''; @@ -1575,14 +1575,14 @@ in options.services.prometheus = { - enable = mkEnableOption (lib.mdDoc "Prometheus monitoring daemon"); + enable = mkEnableOption "Prometheus monitoring daemon"; package = mkPackageOption pkgs "prometheus" { }; port = mkOption { type = types.port; default = 9090; - description = lib.mdDoc '' + description = '' Port to listen on. ''; }; @@ -1590,7 +1590,7 @@ in listenAddress = mkOption { type = types.str; default = "0.0.0.0"; - description = lib.mdDoc '' + description = '' Address to listen on for the web interface, API, and telemetry. ''; }; @@ -1598,7 +1598,7 @@ in stateDir = mkOption { type = types.str; default = "prometheus2"; - description = lib.mdDoc '' + description = '' Directory below `/var/lib` to store Prometheus metrics data. This directory will be created automatically using systemd's StateDirectory mechanism. ''; @@ -1607,7 +1607,7 @@ in extraFlags = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc '' + description = '' Extra commandline options when launching Prometheus. ''; }; @@ -1615,7 +1615,7 @@ in enableReload = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Reload prometheus when configuration file changes (instead of restart). The following property holds: switching to a configuration @@ -1625,12 +1625,12 @@ in ''; }; - enableAgentMode = mkEnableOption (lib.mdDoc "agent mode"); + enableAgentMode = mkEnableOption "agent mode"; configText = mkOption { type = types.nullOr types.lines; default = null; - description = lib.mdDoc '' + description = '' If non-null, this option defines the text that is written to prometheus.yml. If null, the contents of prometheus.yml is generated from the structured config options. @@ -1640,7 +1640,7 @@ in globalConfig = mkOption { type = promTypes.globalConfig; default = { }; - description = lib.mdDoc '' + description = '' Parameters that are valid in all configuration contexts. They also serve as defaults for other configuration sections ''; @@ -1649,7 +1649,7 @@ in remoteRead = mkOption { type = types.listOf promTypes.remote_read; default = [ ]; - description = lib.mdDoc '' + description = '' Parameters of the endpoints to query from. See [the official documentation](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_read) for more information. ''; @@ -1658,7 +1658,7 @@ in remoteWrite = mkOption { type = types.listOf promTypes.remote_write; default = [ ]; - description = lib.mdDoc '' + description = '' Parameters of the endpoints to send samples to. See [the official documentation](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_write) for more information. ''; @@ -1667,7 +1667,7 @@ in rules = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc '' + description = '' Alerting and/or Recording rules to evaluate at runtime. ''; }; @@ -1675,7 +1675,7 @@ in ruleFiles = mkOption { type = types.listOf types.path; default = [ ]; - description = lib.mdDoc '' + description = '' Any additional rules files to include in this configuration. ''; }; @@ -1683,7 +1683,7 @@ in scrapeConfigs = mkOption { type = types.listOf promTypes.scrape_config; default = [ ]; - description = lib.mdDoc '' + description = '' A list of scrape configurations. ''; }; @@ -1702,7 +1702,7 @@ in } ] ''; default = [ ]; - description = lib.mdDoc '' + description = '' A list of alertmanagers to send alerts to. See [the official documentation](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config) for more information. ''; @@ -1711,7 +1711,7 @@ in alertmanagerNotificationQueueCapacity = mkOption { type = types.int; default = 10000; - description = lib.mdDoc '' + description = '' The capacity of the queue for pending alert manager notifications. ''; }; @@ -1720,7 +1720,7 @@ in type = types.nullOr types.str; default = null; example = "https://example.com/"; - description = lib.mdDoc '' + description = '' The URL under which Prometheus is externally reachable (for example, if Prometheus is served via a reverse proxy). ''; @@ -1729,7 +1729,7 @@ in webConfigFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Specifies which file should be used as web.config.file and be passed on startup. See https://prometheus.io/docs/prometheus/latest/configuration/https/ for valid options. ''; @@ -1739,7 +1739,7 @@ in type = with types; either bool (enum [ "syntax-only" ]); default = true; example = "syntax-only"; - description = lib.mdDoc '' + description = '' Check configuration with `promtool check`. The call to `promtool` is subject to sandboxing by Nix. @@ -1756,7 +1756,7 @@ in type = types.nullOr types.str; default = null; example = "15d"; - description = lib.mdDoc '' + description = '' How long to retain samples in storage. ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.md b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.md index b344534f6aee..d291020d3673 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.md +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.md @@ -72,6 +72,7 @@ example: - `extraFlags` - `openFirewall` - `firewallFilter` + - `firewallRules` - `user` - `group` - As there is already a package available, the module can now be added. This diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix index 8c5ec2992eda..2dc12a221bf0 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix @@ -31,6 +31,7 @@ let "collectd" "dmarc" "dnsmasq" + "dnssec" "domain" "dovecot" "fastly" @@ -55,6 +56,7 @@ let "modemmanager" "mongodb" "mysqld" + "nats" "nextcloud" "nginx" "nginxlog" @@ -128,32 +130,32 @@ let ); mkExporterOpts = ({ name, port }: { - enable = mkEnableOption (lib.mdDoc "the prometheus ${name} exporter"); + enable = mkEnableOption "the prometheus ${name} exporter"; port = mkOption { type = types.port; default = port; - description = lib.mdDoc '' + description = '' Port to listen on. ''; }; listenAddress = mkOption { type = types.str; default = "0.0.0.0"; - description = lib.mdDoc '' + description = '' Address to listen on. ''; }; extraFlags = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' Extra commandline options to pass to the ${name} exporter. ''; }; openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Open port in firewall for incoming connections. ''; }; @@ -163,23 +165,34 @@ let example = literalExpression '' "-i eth0 -p tcp -m tcp --dport ${toString port}" ''; - description = lib.mdDoc '' + description = '' Specify a filter for iptables to use when {option}`services.prometheus.exporters.${name}.openFirewall` is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`. ''; }; + firewallRules = mkOption { + type = types.nullOr types.lines; + default = null; + example = literalExpression '' + iifname "eth0" tcp dport ${toString port} counter accept + ''; + description = '' + Specify rules for nftables to add to the input chain + when {option}`services.prometheus.exporters.${name}.openFirewall` is true. + ''; + }; user = mkOption { type = types.str; default = "${name}-exporter"; - description = lib.mdDoc '' + description = '' User name under which the ${name} exporter shall be run. ''; }; group = mkOption { type = types.str; default = "${name}-exporter"; - description = lib.mdDoc '' + description = '' Group under which the ${name} exporter shall be run. ''; }; @@ -194,6 +207,7 @@ let } // extraOpts); } ({ config, ... }: mkIf config.openFirewall { firewallFilter = mkDefault "-p tcp -m tcp --dport ${toString config.port}"; + firewallRules = mkDefault ''tcp dport ${toString config.port} accept comment "${name}-exporter"''; })]; internal = true; default = {}; @@ -212,6 +226,7 @@ let mkExporterConf = { name, conf, serviceOpts }: let enableDynamicUser = serviceOpts.serviceConfig.DynamicUser or true; + nftables = config.networking.nftables.enable; in mkIf conf.enable { warnings = conf.warnings or []; @@ -223,10 +238,11 @@ let users.groups = (mkIf (conf.group == "${name}-exporter" && !enableDynamicUser) { "${name}-exporter" = {}; }); - networking.firewall.extraCommands = mkIf conf.openFirewall (concatStrings [ + networking.firewall.extraCommands = mkIf (conf.openFirewall && !nftables) (concatStrings [ "ip46tables -A nixos-fw ${conf.firewallFilter} " "-m comment --comment ${name}-exporter -j nixos-fw-accept" ]); + networking.firewall.extraInputRules = mkIf (conf.openFirewall && nftables) conf.firewallRules; systemd.services."prometheus-${name}-exporter" = mkMerge ([{ wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; @@ -279,7 +295,7 @@ in (lib.mkRenamedOptionModule [ "unifi-poller" ] [ "unpoller" ]) ]; }; - description = lib.mdDoc "Prometheus exporter configuration"; + description = "Prometheus exporter configuration"; default = {}; example = literalExpression '' { diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/apcupsd.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/apcupsd.nix index de6cda18bc37..f188fe1f68fb 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/apcupsd.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/apcupsd.nix @@ -1,9 +1,8 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.apcupsd; + inherit (lib) mkOption types concatStringsSep; in { port = 9162; @@ -11,7 +10,7 @@ in apcupsdAddress = mkOption { type = types.str; default = ":3551"; - description = lib.mdDoc '' + description = '' Address of the apcupsd Network Information Server (NIS). ''; }; @@ -19,7 +18,7 @@ in apcupsdNetwork = mkOption { type = types.enum ["tcp" "tcp4" "tcp6"]; default = "tcp"; - description = lib.mdDoc '' + description = '' Network of the apcupsd Network Information Server (NIS): one of "tcp", "tcp4", or "tcp6". ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/artifactory.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/artifactory.nix index b3afdb596686..e98982c0dd31 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/artifactory.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/artifactory.nix @@ -1,9 +1,8 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.artifactory; + inherit (lib) mkOption types concatStringsSep; in { port = 9531; @@ -11,14 +10,14 @@ in scrapeUri = mkOption { type = types.str; default = "http://localhost:8081/artifactory"; - description = lib.mdDoc '' + description = '' URI on which to scrape JFrog Artifactory. ''; }; artiUsername = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Username for authentication against JFrog Artifactory API. ''; }; @@ -26,7 +25,7 @@ in artiPassword = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Password for authentication against JFrog Artifactory API. One of the password or access token needs to be set. ''; @@ -35,7 +34,7 @@ in artiAccessToken = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Access token for authentication against JFrog Artifactory API. One of the password or access token needs to be set. ''; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/bind.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/bind.nix index 100446c1a4eb..1c7dcf8b1ef0 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/bind.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/bind.nix @@ -1,9 +1,8 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.bind; + inherit (lib) mkOption types concatStringsSep; in { port = 9119; @@ -11,28 +10,28 @@ in bindURI = mkOption { type = types.str; default = "http://localhost:8053/"; - description = lib.mdDoc '' + description = '' HTTP XML API address of an Bind server. ''; }; bindTimeout = mkOption { type = types.str; default = "10s"; - description = lib.mdDoc '' + description = '' Timeout for trying to get stats from Bind. ''; }; bindVersion = mkOption { type = types.enum [ "xml.v2" "xml.v3" "auto" ]; default = "auto"; - description = lib.mdDoc '' + description = '' BIND statistics version. Can be detected automatically. ''; }; bindGroups = mkOption { type = types.listOf (types.enum [ "server" "view" "tasks" ]); default = [ "server" "view" ]; - description = lib.mdDoc '' + description = '' List of statistics to collect. Available: [server, view, tasks] ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/bird.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/bird.nix index fc52135e3b45..5d91eeed106d 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/bird.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/bird.nix @@ -1,9 +1,13 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.bird; + inherit (lib) + mkOption + types + concatStringsSep + singleton + ; in { port = 9324; @@ -11,21 +15,21 @@ in birdVersion = mkOption { type = types.enum [ 1 2 ]; default = 2; - description = lib.mdDoc '' + description = '' Specifies whether BIRD1 or BIRD2 is in use. ''; }; birdSocket = mkOption { type = types.path; default = "/run/bird/bird.ctl"; - description = lib.mdDoc '' + description = '' Path to BIRD2 (or BIRD1 v4) socket. ''; }; newMetricFormat = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Enable the new more-generic metric format. ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/bitcoin.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/bitcoin.nix index 45f00a04a86c..e44140b1f51a 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/bitcoin.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/bitcoin.nix @@ -1,9 +1,8 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.bitcoin; + inherit (lib) mkOption types concatStringsSep; in { port = 9332; @@ -11,14 +10,14 @@ in rpcUser = mkOption { type = types.str; default = "bitcoinrpc"; - description = lib.mdDoc '' + description = '' RPC user name. ''; }; rpcPasswordFile = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' File containing RPC password. ''; }; @@ -26,7 +25,7 @@ in rpcScheme = mkOption { type = types.enum [ "http" "https" ]; default = "http"; - description = lib.mdDoc '' + description = '' Whether to connect to bitcoind over http or https. ''; }; @@ -34,7 +33,7 @@ in rpcHost = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc '' + description = '' RPC host. ''; }; @@ -42,7 +41,7 @@ in rpcPort = mkOption { type = types.port; default = 8332; - description = lib.mdDoc '' + description = '' RPC port number. ''; }; @@ -50,7 +49,7 @@ in refreshSeconds = mkOption { type = types.ints.unsigned; default = 300; - description = lib.mdDoc '' + description = '' How often to ask bitcoind for metrics. ''; }; @@ -58,7 +57,7 @@ in extraEnv = mkOption { type = types.attrsOf types.str; default = {}; - description = lib.mdDoc '' + description = '' Extra environment variables for the exporter. ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/blackbox.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/blackbox.nix index e8399e1bec80..33a1fdc52805 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/blackbox.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/blackbox.nix @@ -1,10 +1,14 @@ { config, lib, pkgs, options, ... }: -with lib; - let logPrefix = "services.prometheus.exporter.blackbox"; cfg = config.services.prometheus.exporters.blackbox; + inherit (lib) + mkOption + types + concatStringsSep + escapeShellArg + ; # This ensures that we can deal with string paths, path types and # store-path strings with context. @@ -35,14 +39,14 @@ in { extraOpts = { configFile = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' Path to configuration file. ''; }; enableConfigCheck = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to run a correctness check for the configuration file. This depends on the configuration file residing in the nix-store. Paths passed as string will be copied to the store. diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/buildkite-agent.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/buildkite-agent.nix index 6bfadc3b7632..0af1e33b2c44 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/buildkite-agent.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/buildkite-agent.nix @@ -1,9 +1,14 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.buildkite-agent; + inherit (lib) + mkOption + types + concatStringsSep + optionalString + literalExpression + ; in { port = 9876; @@ -11,7 +16,7 @@ in tokenPath = mkOption { type = types.nullOr types.path; apply = final: if final == null then null else toString final; - description = lib.mdDoc '' + description = '' The token from your Buildkite "Agents" page. A run-time path to the token file, which is supposed to be provisioned @@ -22,14 +27,14 @@ in type = types.str; default = "30s"; example = "1min"; - description = lib.mdDoc '' + description = '' How often to update metrics. ''; }; endpoint = mkOption { type = types.str; default = "https://agent.buildkite.com/v3"; - description = lib.mdDoc '' + description = '' The Buildkite Agent API endpoint. ''; }; @@ -37,7 +42,7 @@ in type = with types; nullOr (listOf str); default = null; example = literalExpression ''[ "my-queue1" "my-queue2" ]''; - description = lib.mdDoc '' + description = '' Which specific queues to process. ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/collectd.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/collectd.nix index 3b2b123bbd07..6f4c936fd409 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/collectd.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/collectd.nix @@ -1,32 +1,38 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.collectd; + inherit (lib) + mkOption + mkEnableOption + types + optionalString + concatStringsSep + escapeShellArg + ; in { port = 9103; extraOpts = { collectdBinary = { - enable = mkEnableOption (lib.mdDoc "collectd binary protocol receiver"); + enable = mkEnableOption "collectd binary protocol receiver"; authFile = mkOption { default = null; type = types.nullOr types.path; - description = lib.mdDoc "File mapping user names to pre-shared keys (passwords)."; + description = "File mapping user names to pre-shared keys (passwords)."; }; port = mkOption { type = types.port; default = 25826; - description = lib.mdDoc "Network address on which to accept collectd binary network packets."; + description = "Network address on which to accept collectd binary network packets."; }; listenAddress = mkOption { type = types.str; default = "0.0.0.0"; - description = lib.mdDoc '' + description = '' Address to listen on for binary network packets. ''; }; @@ -34,7 +40,7 @@ in securityLevel = mkOption { type = types.enum ["None" "Sign" "Encrypt"]; default = "None"; - description = lib.mdDoc '' + description = '' Minimum required security level for accepted packets. ''; }; @@ -44,7 +50,7 @@ in type = types.enum [ "logfmt" "json" ]; default = "logfmt"; example = "json"; - description = lib.mdDoc '' + description = '' Set the log format. ''; }; @@ -52,7 +58,7 @@ in logLevel = mkOption { type = types.enum ["debug" "info" "warn" "error" "fatal"]; default = "info"; - description = lib.mdDoc '' + description = '' Only log messages with the given severity or above. ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/dmarc.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/dmarc.nix index a4a917b473ce..3674fab1e4f8 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/dmarc.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/dmarc.nix @@ -1,9 +1,8 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.dmarc; + inherit (lib) mkOption types optionalString; json = builtins.toJSON { inherit (cfg) folders port; @@ -24,28 +23,28 @@ in { host = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc '' + description = '' Hostname of IMAP server to connect to. ''; }; port = mkOption { type = types.port; default = 993; - description = lib.mdDoc '' + description = '' Port of the IMAP server to connect to. ''; }; username = mkOption { type = types.str; example = "postmaster@example.org"; - description = lib.mdDoc '' + description = '' Login username for the IMAP connection. ''; }; passwordFile = mkOption { type = types.str; example = "/run/secrets/dovecot_pw"; - description = lib.mdDoc '' + description = '' File containing the login password for the IMAP connection. ''; }; @@ -54,21 +53,21 @@ in { inbox = mkOption { type = types.str; default = "INBOX"; - description = lib.mdDoc '' + description = '' IMAP mailbox that is checked for incoming DMARC aggregate reports ''; }; done = mkOption { type = types.str; default = "Archive"; - description = lib.mdDoc '' + description = '' IMAP mailbox that successfully processed reports are moved to. ''; }; error = mkOption { type = types.str; default = "Invalid"; - description = lib.mdDoc '' + description = '' IMAP mailbox that emails are moved to that could not be processed. ''; }; @@ -76,7 +75,7 @@ in { pollIntervalSeconds = mkOption { type = types.ints.unsigned; default = 60; - description = lib.mdDoc '' + description = '' How often to poll the IMAP server in seconds. ''; }; @@ -84,7 +83,7 @@ in { type = types.ints.unsigned; default = 604800; defaultText = "7 days (in seconds)"; - description = lib.mdDoc '' + description = '' How long individual report IDs will be remembered to avoid counting double delivered reports twice. ''; @@ -92,7 +91,7 @@ in { debug = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to declare enable `--debug`. ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/dnsmasq.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/dnsmasq.nix index 4cfee7c54a41..ba438ea74a3b 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/dnsmasq.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/dnsmasq.nix @@ -1,9 +1,13 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.dnsmasq; + inherit (lib) + mkOption + types + concatStringsSep + escapeShellArg + ; in { port = 9153; @@ -11,7 +15,7 @@ in dnsmasqListenAddress = mkOption { type = types.str; default = "localhost:53"; - description = lib.mdDoc '' + description = '' Address on which dnsmasq listens. ''; }; @@ -19,7 +23,7 @@ in type = types.path; default = "/var/lib/misc/dnsmasq.leases"; example = "/var/lib/dnsmasq/dnsmasq.leases"; - description = lib.mdDoc '' + description = '' Path to the `dnsmasq.leases` file. ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/dnssec.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/dnssec.nix new file mode 100644 index 000000000000..dda1ad1988a6 --- /dev/null +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/dnssec.nix @@ -0,0 +1,90 @@ +{ config, lib, pkgs, ... }: +let + cfg = config.services.prometheus.exporters.dnssec; + configFormat = pkgs.formats.toml { }; + configFile = configFormat.generate "dnssec-checks.toml" cfg.configuration; +in { + port = 9204; + extraOpts = { + configuration = lib.mkOption { + type = lib.types.nullOr lib.types.attrs; + default = null; + description = '' + dnssec exporter configuration as nix attribute set. + + See <https://github.com/chrj/prometheus-dnssec-exporter/blob/master/README.md> + for the description of the configuration file format. + ''; + example = lib.literalExpression '' + { + records = [ + { + zone = "ietf.org"; + record = "@"; + type = "SOA"; + } + { + zone = "verisigninc.com"; + record = "@"; + type = "SOA"; + } + ]; + } + ''; + }; + + listenAddress = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = '' + Listen address as host IP and port definition. + ''; + example = ":9204"; + }; + + resolvers = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ ]; + description = '' + DNSSEC capable resolver to be used for the check. + ''; + example = [ "0.0.0.0:53" ]; + }; + + timeout = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = '' + DNS request timeout duration. + ''; + example = "10s"; + }; + + extraFlags = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ ]; + description = '' + Extra commandline options when launching Prometheus. + ''; + }; + }; + + serviceOpts = { + serviceConfig = let + startScript = pkgs.writeShellScriptBin "prometheus-dnssec-exporter-start" + "${lib.concatStringsSep " " + ([ "${pkgs.prometheus-dnssec-exporter}/bin/prometheus-dnssec-exporter" ] + ++ lib.optionals (cfg.configuration != null) + [ "-config ${configFile}" ] + ++ lib.optionals (cfg.listenAddress != null) + [ "-listen-address ${lib.escapeShellArg cfg.listenAddress}" ] + ++ lib.optionals (cfg.resolvers != [ ]) [ + "-resolvers ${ + lib.escapeShellArg (lib.concatStringsSep "," cfg.resolvers) + }" + ] ++ lib.optionals (cfg.timeout != null) + [ "-timeout ${lib.escapeShellArg cfg.timeout}" ] ++ cfg.extraFlags)}"; + in { ExecStart = lib.getExe startScript; }; + }; +} + diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/domain.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/domain.nix index b2c8e6664c0f..c271a040d288 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/domain.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/domain.nix @@ -1,9 +1,8 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.domain; + inherit (lib) concatStringsSep; in { port = 9222; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/dovecot.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/dovecot.nix index df6b1ef3200c..f11e91fd761a 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/dovecot.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/dovecot.nix @@ -1,9 +1,13 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.dovecot; + inherit (lib) + mkOption + types + escapeShellArg + concatStringsSep + ; in { port = 9166; @@ -11,7 +15,7 @@ in telemetryPath = mkOption { type = types.str; default = "/metrics"; - description = lib.mdDoc '' + description = '' Path under which to expose metrics. ''; }; @@ -19,7 +23,7 @@ in type = types.path; default = "/var/run/dovecot/stats"; example = "/var/run/dovecot2/old-stats"; - description = lib.mdDoc '' + description = '' Path under which the stats socket is placed. The user/group under which the exporter runs, should be able to access the socket in order @@ -67,7 +71,7 @@ in type = types.listOf types.str; default = [ "user" ]; example = [ "user" "global" ]; - description = lib.mdDoc '' + description = '' Stats scopes to query. ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/exportarr.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/exportarr.nix index c632b0290262..45c2c697519c 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/exportarr.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/exportarr.nix @@ -16,7 +16,7 @@ in url = lib.mkOption { type = lib.types.str; default = "http://127.0.0.1"; - description = lib.mdDoc '' + description = '' The full URL to Sonarr, Radarr, or Lidarr. ''; }; @@ -24,7 +24,7 @@ in apiKeyFile = lib.mkOption { type = lib.types.nullOr lib.types.path; default = null; - description = lib.mdDoc '' + description = '' File containing the api-key. ''; }; @@ -34,7 +34,7 @@ in environment = lib.mkOption { type = lib.types.attrsOf lib.types.str; default = { }; - description = lib.mdDoc '' + description = '' See [the configuration guide](https://github.com/onedr0p/exportarr#configuration) for available options. ''; example = { diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/flow.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/flow.nix index 42292abeada2..7719215952a5 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/flow.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/flow.nix @@ -1,28 +1,33 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.flow; + inherit (lib) + mkOption + types + literalExpression + concatStringsSep + optionalString + ; in { port = 9590; extraOpts = { brokers = mkOption { type = types.listOf types.str; example = literalExpression ''[ "kafka.example.org:19092" ]''; - description = lib.mdDoc "List of Kafka brokers to connect to."; + description = "List of Kafka brokers to connect to."; }; asn = mkOption { type = types.ints.positive; example = 65542; - description = lib.mdDoc "The ASN being monitored."; + description = "The ASN being monitored."; }; partitions = mkOption { type = types.listOf types.int; default = []; - description = lib.mdDoc '' + description = '' The number of the partitions to consume, none means all. ''; }; @@ -30,7 +35,7 @@ in { topic = mkOption { type = types.str; example = "pmacct.acct"; - description = lib.mdDoc "The Kafka topic to consume from."; + description = "The Kafka topic to consume from."; }; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/fritz.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/fritz.nix index c3a962b576a5..fcf7e8784f60 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/fritz.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/fritz.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, utils, ... }: let - inherit (lib) mkOption types mdDoc; + inherit (lib) mkOption types; cfg = config.services.prometheus.exporters.fritz; yaml = pkgs.formats.yaml { }; configFile = yaml.generate "fritz-exporter.yaml" cfg.settings; @@ -10,7 +10,7 @@ in extraOpts = { settings = mkOption { - description = mdDoc "Configuration settings for fritz-exporter."; + description = "Configuration settings for fritz-exporter."; type = types.submodule { freeformType = yaml.type; @@ -32,7 +32,7 @@ in log_level = mkOption { type = types.enum [ "DEBUG" "INFO" "WARNING" "ERROR" "CRITICAL" ]; default = "INFO"; - description = mdDoc '' + description = '' Log level to use for the exporter. ''; }; @@ -46,33 +46,33 @@ in name = mkOption { type = types.str; default = ""; - description = mdDoc '' + description = '' Name to use for the device. ''; }; hostname = mkOption { type = types.str; default = "fritz.box"; - description = mdDoc '' + description = '' Hostname under which the target device is reachable. ''; }; username = mkOption { type = types.str; - description = mdDoc '' + description = '' Username to authenticate with the target device. ''; }; password_file = mkOption { type = types.path; - description = mdDoc '' + description = '' Path to a file which contains the password to authenticate with the target device. Needs to be readable by the user the exporter runs under. ''; }; host_info = mkOption { type = types.bool; - description = mdDoc '' + description = '' Enable extended host info for this device. *Warning*: This will heavily increase scrape time. ''; default = false; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/fritzbox.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/fritzbox.nix index 7b881a8e2693..29470147c13f 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/fritzbox.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/fritzbox.nix @@ -1,9 +1,8 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.fritzbox; + inherit (lib) mkOption types concatStringsSep; in { port = 9133; @@ -11,7 +10,7 @@ in gatewayAddress = mkOption { type = types.str; default = "fritz.box"; - description = lib.mdDoc '' + description = '' The hostname or IP of the FRITZ!Box. ''; }; @@ -19,7 +18,7 @@ in gatewayPort = mkOption { type = types.int; default = 49000; - description = lib.mdDoc '' + description = '' The port of the FRITZ!Box UPnP service. ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/graphite.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/graphite.nix index 07c06afe1409..523a720425c0 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/graphite.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/graphite.nix @@ -10,7 +10,7 @@ in graphitePort = lib.mkOption { type = lib.types.port; default = 9109; - description = lib.mdDoc '' + description = '' Port to use for the graphite server. ''; }; @@ -20,7 +20,7 @@ in options = { }; }; default = { }; - description = lib.mdDoc '' + description = '' Mapping configuration for the exporter, see <https://github.com/prometheus/graphite_exporter#yaml-config> for available options. diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/idrac.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/idrac.nix index 78ae4826215c..54696187feb1 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/idrac.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/idrac.nix @@ -1,8 +1,8 @@ { config, lib, pkgs, options, ... }: -with lib; let cfg = config.services.prometheus.exporters.idrac; + inherit (lib) mkOption types; configFile = if cfg.configurationPath != null then cfg.configurationPath @@ -15,7 +15,7 @@ in type = with types; nullOr path; default = null; example = "/etc/prometheus-idrac-exporter/idrac.yml"; - description = lib.mdDoc '' + description = '' Path to the service's config file. This path can either be a computed path in /nix/store or a path in the local filesystem. The config file should NOT be stored in /nix/store as it will contain passwords and/or keys in plain text. @@ -27,7 +27,7 @@ in }; configuration = mkOption { type = types.nullOr types.attrs; - description = lib.mdDoc '' + description = '' Configuration for iDRAC exporter, as a nix attribute set. Configuration reference: https://github.com/mrlhansen/idrac_exporter/#configuration diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/imap-mailstat.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/imap-mailstat.nix index 68fc63e40fcd..92d02a3f1463 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/imap-mailstat.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/imap-mailstat.nix @@ -1,7 +1,5 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.imap-mailstat; valueToString = value: @@ -13,6 +11,15 @@ let else "XXX ${toString value}" ) ); + inherit (lib) + mkOption + types + concatStrings + concatStringsSep + attrValues + mapAttrs + optionalString + ; createConfigFile = accounts: # unfortunately on toTOML yet # https://github.com/NixOS/nix/issues/3929 @@ -22,7 +29,7 @@ let mkOpt = type: description: mkOption { type = types.nullOr type; default = null; - description = lib.mdDoc description; + description = description; }; accountOptions.options = { mailaddress = mkOpt types.str "Your email address (at the moment used as login name)"; @@ -39,21 +46,21 @@ in oldestUnseenDate = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable metric with timestamp of oldest unseen mail ''; }; accounts = mkOption { type = types.attrsOf (types.submodule accountOptions); default = {}; - description = lib.mdDoc '' + description = '' Accounts to monitor ''; }; configurationFile = mkOption { type = types.path; example = "/path/to/config-file"; - description = lib.mdDoc '' + description = '' File containing the configuration ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/influxdb.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/influxdb.nix index d0d7f16bdadf..3a5680439d4c 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/influxdb.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/influxdb.nix @@ -1,9 +1,8 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.influxdb; + inherit (lib) mkOption types concatStringsSep; in { port = 9122; @@ -12,13 +11,13 @@ in type = types.str; default = "5m"; example = "10m"; - description = lib.mdDoc "How long a sample is valid for"; + description = "How long a sample is valid for"; }; udpBindAddress = mkOption { type = types.str; default = ":9122"; example = "192.0.2.1:9122"; - description = lib.mdDoc "Address on which to listen for udp packets"; + description = "Address on which to listen for udp packets"; }; }; serviceOpts = { diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/ipmi.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/ipmi.nix index fe9734d33c7c..51db6059081f 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/ipmi.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/ipmi.nix @@ -1,10 +1,15 @@ { config, lib, pkgs, options, ... }: -with lib; - let logPrefix = "services.prometheus.exporter.ipmi"; cfg = config.services.prometheus.exporters.ipmi; + inherit (lib) + mkOption + types + concatStringsSep + optionals + escapeShellArg + ; in { port = 9290; @@ -12,7 +17,7 @@ in { configFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Path to configuration file. ''; }; @@ -20,7 +25,7 @@ in { webConfigFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Path to configuration file that can enable TLS or authentication. ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/jitsi.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/jitsi.nix index bc670ba9cc0e..6a6c003c1977 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/jitsi.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/jitsi.nix @@ -1,9 +1,13 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.jitsi; + inherit (lib) + mkOption + types + escapeShellArg + concatStringsSep + ; in { port = 9700; @@ -11,7 +15,7 @@ in url = mkOption { type = types.str; default = "http://localhost:8080/colibri/stats"; - description = lib.mdDoc '' + description = '' Jitsi Videobridge metrics URL to monitor. This is usually /colibri/stats on port 8080 of the jitsi videobridge host. ''; @@ -20,7 +24,7 @@ in type = types.str; default = "30s"; example = "1min"; - description = lib.mdDoc '' + description = '' How often to scrape new data ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/json.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/json.nix index 7f78985d80cd..1c8db0ea3e0b 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/json.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/json.nix @@ -1,16 +1,21 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.json; + inherit (lib) + mkOption + types + escapeShellArg + concatStringsSep + mkRemovedOptionModule + ; in { port = 7979; extraOpts = { configFile = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' Path to configuration file. ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/junos-czerwonk.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/junos-czerwonk.nix index 72119d17fcb7..3519cce6e821 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/junos-czerwonk.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/junos-czerwonk.nix @@ -1,9 +1,14 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.junos-czerwonk; + inherit (lib) + mkOption + types + escapeShellArg + mkIf + concatStringsSep + ; configFile = if cfg.configuration != null then configurationFile else (escapeShellArg cfg.configurationFile); @@ -15,21 +20,21 @@ in environmentFile = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' File containing env-vars to be substituted into the exporter's config. ''; }; configurationFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Specify the JunOS exporter configuration file to use. ''; }; configuration = mkOption { type = types.nullOr types.attrs; default = null; - description = lib.mdDoc '' + description = '' JunOS exporter configuration as nix attribute set. Mutually exclusive with the `configurationFile` option. ''; example = { @@ -44,7 +49,7 @@ in telemetryPath = mkOption { type = types.str; default = "/metrics"; - description = lib.mdDoc '' + description = '' Path under which to expose metrics. ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/kea.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/kea.nix index ccfdd98b8db9..d0f2eb6b8a3c 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/kea.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/kea.nix @@ -5,10 +5,14 @@ , ... }: -with lib; - let cfg = config.services.prometheus.exporters.kea; + inherit (lib) + mkOption + types + mkRenamedOptionModule + literalExpression + ; in { imports = [ (mkRenamedOptionModule [ "controlSocketPaths" ] [ "targets" ]) @@ -24,7 +28,7 @@ in { "http://127.0.0.1:8547" ] ''; - description = lib.mdDoc '' + description = '' Paths or URLs to the Kea control socket. ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/keylight.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/keylight.nix index afdb664a0de5..44169cce6745 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/keylight.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/keylight.nix @@ -1,9 +1,8 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.keylight; + inherit (lib) concatStringsSep; in { port = 9288; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/knot.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/knot.nix index 0352aff8b013..ed902fc27c15 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/knot.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/knot.nix @@ -1,9 +1,13 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.knot; + inherit (lib) + mkOption + types + literalExpression + concatStringsSep + ; in { port = 9433; extraOpts = { @@ -11,7 +15,7 @@ in { type = types.nullOr types.str; default = null; example = literalExpression ''"''${pkgs.knot-dns.out}/lib/libknot.so"''; - description = lib.mdDoc '' + description = '' Path to the library of `knot-dns`. ''; }; @@ -19,7 +23,7 @@ in { knotSocketPath = mkOption { type = types.str; default = "/run/knot/knot.sock"; - description = lib.mdDoc '' + description = '' Socket path of {manpage}`knotd(8)`. ''; }; @@ -27,7 +31,7 @@ in { knotSocketTimeout = mkOption { type = types.ints.positive; default = 2000; - description = lib.mdDoc '' + description = '' Timeout in seconds. ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/lnd.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/lnd.nix index 66d9c02f904b..edface276f54 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/lnd.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/lnd.nix @@ -1,9 +1,8 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.lnd; + inherit (lib) mkOption types concatStringsSep; in { port = 9092; @@ -11,21 +10,21 @@ in lndHost = mkOption { type = types.str; default = "localhost:10009"; - description = lib.mdDoc '' + description = '' lnd instance gRPC address:port. ''; }; lndTlsPath = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' Path to lnd TLS certificate. ''; }; lndMacaroonDir = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' Path to lnd macaroons. ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/mail.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/mail.nix index 8c88f47ab86a..f6dd6f7eb994 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/mail.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/mail.nix @@ -1,9 +1,19 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.mail; + inherit (lib) + mkOption + types + mapAttrs' + nameValuePair + toLower + filterAttrs + escapeShellArg + literalExpression + mkIf + concatStringsSep + ; configFile = if cfg.configuration != null then configurationFile else (escapeShellArg cfg.configFile); @@ -22,41 +32,41 @@ let serverOptions.options = { name = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Value for label 'configname' which will be added to all metrics. ''; }; server = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Hostname of the server that should be probed. ''; }; port = mkOption { type = types.port; example = 587; - description = lib.mdDoc '' + description = '' Port to use for SMTP. ''; }; from = mkOption { type = types.str; example = "exporteruser@domain.tld"; - description = lib.mdDoc '' + description = '' Content of 'From' Header for probing mails. ''; }; to = mkOption { type = types.str; example = "exporteruser@domain.tld"; - description = lib.mdDoc '' + description = '' Content of 'To' Header for probing mails. ''; }; detectionDir = mkOption { type = types.path; example = "/var/spool/mail/exporteruser/new"; - description = lib.mdDoc '' + description = '' Directory in which new mails for the exporter user are placed. Note that this needs to exist when the exporter starts. ''; @@ -65,14 +75,14 @@ let type = types.nullOr types.str; default = null; example = "exporteruser@domain.tld"; - description = lib.mdDoc '' + description = '' Username to use for SMTP authentication. ''; }; passphrase = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Password to use for SMTP authentication. ''; }; @@ -82,20 +92,20 @@ let monitoringInterval = mkOption { type = types.str; example = "10s"; - description = lib.mdDoc '' + description = '' Time interval between two probe attempts. ''; }; mailCheckTimeout = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Timeout until mails are considered "didn't make it". ''; }; disableFileDeletion = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Disables the exporter's function to delete probing mails. ''; }; @@ -112,7 +122,7 @@ let detectionDir = "/path/to/Maildir/new"; } ] ''; - description = lib.mdDoc '' + description = '' List of servers that should be probed. *Note:* if your mailserver has {manpage}`rspamd(8)` configured, @@ -141,28 +151,28 @@ in environmentFile = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' File containing env-vars to be substituted into the exporter's config. ''; }; configFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Specify the mailexporter configuration file to use. ''; }; configuration = mkOption { type = types.nullOr (types.submodule exporterOptions); default = null; - description = lib.mdDoc '' + description = '' Specify the mailexporter configuration file to use. ''; }; telemetryPath = mkOption { type = types.str; default = "/metrics"; - description = lib.mdDoc '' + description = '' Path under which to expose metrics. ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/mikrotik.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/mikrotik.nix index a8dba75251d8..cd438f13edd2 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/mikrotik.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/mikrotik.nix @@ -1,9 +1,14 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.mikrotik; + inherit (lib) + mkOption + types + literalExpression + concatStringsSep + escapeShellArg + ; in { port = 9436; @@ -11,7 +16,7 @@ in configFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Path to a mikrotik exporter configuration file. Mutually exclusive with {option}`configuration` option. ''; @@ -21,7 +26,7 @@ in configuration = mkOption { type = types.nullOr types.attrs; default = null; - description = lib.mdDoc '' + description = '' Mikrotik exporter configuration as nix attribute set. Mutually exclusive with {option}`configFile` option. diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/minio.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/minio.nix index e24d4f766e30..8faff5908b8a 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/minio.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/minio.nix @@ -1,9 +1,14 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.minio; + inherit (lib) + mkOption + types + optionalString + concatStringsSep + escapeShellArg + ; in { port = 9290; @@ -11,7 +16,7 @@ in minioAddress = mkOption { type = types.str; example = "https://10.0.0.1:9000"; - description = lib.mdDoc '' + description = '' The URL of the minio server. Use HTTPS if Minio accepts secure connections only. By default this connects to the local minio server if enabled. @@ -21,7 +26,7 @@ in minioAccessKey = mkOption { type = types.str; example = "yourMinioAccessKey"; - description = lib.mdDoc '' + description = '' The value of the Minio access key. It is required in order to connect to the server. By default this uses the one from the local minio server if enabled @@ -31,7 +36,7 @@ in minioAccessSecret = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The value of the Minio access secret. It is required in order to connect to the server. By default this uses the one from the local minio server if enabled @@ -42,7 +47,7 @@ in minioBucketStats = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Collect statistics about the buckets and files in buckets. It requires more computation, use it carefully in case of large buckets.. ''; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/modemmanager.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/modemmanager.nix index 0eb193c0021f..37ff49b27000 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/modemmanager.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/modemmanager.nix @@ -1,9 +1,8 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.modemmanager; + inherit (lib) mkOption types concatStringsSep; in { port = 9539; @@ -11,7 +10,7 @@ in refreshRate = mkOption { type = types.str; default = "5s"; - description = lib.mdDoc '' + description = '' How frequently ModemManager will refresh the extended signal quality information for each modem. The duration should be specified in seconds ("5s"), minutes ("1m"), or hours ("1h"). diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/mongodb.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/mongodb.nix index 1ed6bbf0325d..288434e93abb 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/mongodb.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/mongodb.nix @@ -1,9 +1,17 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.mongodb; + inherit (lib) + mkOption + types + optionalString + getExe + length + concatStringsSep + concatMapStringsSep + escapeShellArgs + ; in { port = 9216; @@ -12,13 +20,13 @@ in type = types.str; default = "mongodb://localhost:27017/test"; example = "mongodb://localhost:27017/test"; - description = lib.mdDoc "MongoDB URI to connect to."; + description = "MongoDB URI to connect to."; }; collStats = mkOption { type = types.listOf types.str; default = [ ]; example = [ "db1.coll1" "db2" ]; - description = lib.mdDoc '' + description = '' List of comma separared databases.collections to get $collStats ''; }; @@ -26,7 +34,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "db1.coll1" "db2" ]; - description = lib.mdDoc '' + description = '' List of comma separared databases.collections to get $indexStats ''; }; @@ -34,12 +42,12 @@ in type = types.listOf types.str; default = [ ]; example = [ "diagnosticdata" "replicasetstatus" "dbstats" "topmetrics" "currentopmetrics" "indexstats" "dbstats" "profile" ]; - description = lib.mdDoc "Enabled collectors"; + description = "Enabled collectors"; }; collectAll = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable all collectors. Same as specifying all --collector.<name> ''; }; @@ -47,7 +55,7 @@ in type = types.str; default = "/metrics"; example = "/metrics"; - description = lib.mdDoc "Metrics expose path"; + description = "Metrics expose path"; }; }; serviceOpts = { diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/mysqld.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/mysqld.nix index c6da052ccdf3..5b2c2274f053 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/mysqld.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/mysqld.nix @@ -1,14 +1,14 @@ { config, lib, pkgs, options, ... }: let cfg = config.services.prometheus.exporters.mysqld; - inherit (lib) types mkOption mdDoc mkIf mkForce cli concatStringsSep optionalString escapeShellArgs; + inherit (lib) types mkOption mkIf mkForce cli concatStringsSep optionalString escapeShellArgs; in { port = 9104; extraOpts = { telemetryPath = mkOption { type = types.str; default = "/metrics"; - description = mdDoc '' + description = '' Path under which to expose metrics. ''; }; @@ -16,7 +16,7 @@ in { runAsLocalSuperUser = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Whether to run the exporter as {option}`services.mysql.user`. ''; }; @@ -24,7 +24,7 @@ in { configFile = mkOption { type = types.path; example = "/var/lib/prometheus-mysqld-exporter.cnf"; - description = mdDoc '' + description = '' Path to the services config file. See <https://github.com/prometheus/mysqld_exporter#running> for more information about diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/nats.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/nats.nix new file mode 100644 index 000000000000..224ce474d537 --- /dev/null +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/nats.nix @@ -0,0 +1,31 @@ +{ config, lib, pkgs, options, ... }: + +let + cfg = config.services.prometheus.exporters.nats; + inherit (lib) mkOption types concatStringsSep; +in +{ + port = 7777; + + extraOpts = { + url = mkOption { + type = types.str; + default = "http://127.0.0.1:8222"; + description = '' + NATS monitor endpoint to query. + ''; + }; + }; + + serviceOpts = { + serviceConfig = { + ExecStart = '' + ${pkgs.prometheus-nats-exporter}/bin/prometheus-nats-exporter \ + -addr ${cfg.listenAddress} \ + -port ${toString cfg.port} \ + ${concatStringsSep " \\\n " cfg.extraFlags} \ + ${cfg.url} + ''; + }; + }; +} diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/nextcloud.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/nextcloud.nix index 82deea6864e8..d221bac8421a 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/nextcloud.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/nextcloud.nix @@ -1,9 +1,13 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.nextcloud; + inherit (lib) + mkOption + types + escapeShellArg + concatStringsSep + ; in { port = 9205; @@ -11,7 +15,7 @@ in url = mkOption { type = types.str; example = "https://domain.tld"; - description = lib.mdDoc '' + description = '' URL to the Nextcloud serverinfo page. Adding the path to the serverinfo API is optional, it defaults to `/ocs/v2.php/apps/serverinfo/api/v1/info`. @@ -20,7 +24,7 @@ in username = mkOption { type = types.str; default = "nextcloud-exporter"; - description = lib.mdDoc '' + description = '' Username for connecting to Nextcloud. Note that this account needs to have admin privileges in Nextcloud. Unused when using token authentication. @@ -30,7 +34,7 @@ in type = types.nullOr types.path; default = null; example = "/path/to/password-file"; - description = lib.mdDoc '' + description = '' File containing the password for connecting to Nextcloud. Make sure that this file is readable by the exporter user. ''; @@ -39,7 +43,7 @@ in type = types.nullOr types.path; default = null; example = "/path/to/token-file"; - description = lib.mdDoc '' + description = '' File containing the token for connecting to Nextcloud. Make sure that this file is readable by the exporter user. ''; @@ -47,7 +51,7 @@ in timeout = mkOption { type = types.str; default = "5s"; - description = lib.mdDoc '' + description = '' Timeout for getting server info document. ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/nginx.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/nginx.nix index 339749226aa4..091ad2291d2a 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/nginx.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/nginx.nix @@ -1,9 +1,16 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.nginx; + inherit (lib) + mkOption + types + mkMerge + mkRemovedOptionModule + mkRenamedOptionModule + mkIf + concatStringsSep + ; in { port = 9113; @@ -11,7 +18,7 @@ in scrapeUri = mkOption { type = types.str; default = "http://localhost/nginx_status"; - description = lib.mdDoc '' + description = '' Address to access the nginx status page. Can be enabled with services.nginx.statusPage = true. ''; @@ -19,14 +26,14 @@ in telemetryPath = mkOption { type = types.str; default = "/metrics"; - description = lib.mdDoc '' + description = '' Path under which to expose metrics. ''; }; sslVerify = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to perform certificate verification for https. ''; }; @@ -37,7 +44,7 @@ in "label1=value1" "label2=value2" ]; - description = lib.mdDoc '' + description = '' A list of constant labels that will be used in every metric. ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/nginxlog.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/nginxlog.nix index b79a034e1384..2b4fd12895a3 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/nginxlog.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/nginxlog.nix @@ -1,16 +1,15 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.nginxlog; + inherit (lib) mkOption types; in { port = 9117; extraOpts = { settings = mkOption { type = types.attrs; default = {}; - description = lib.mdDoc '' + description = '' All settings of nginxlog expressed as an Nix attrset. Check the official documentation for the corresponding YAML @@ -24,7 +23,7 @@ in { metricsEndpoint = mkOption { type = types.str; default = "/metrics"; - description = lib.mdDoc '' + description = '' Path under which to expose metrics. ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/node.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/node.nix index 9b8a0d2c6bc2..9d6b51ad140d 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/node.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/node.nix @@ -1,9 +1,15 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.node; + inherit (lib) + mkOption + types + concatStringsSep + concatMapStringsSep + any + optionals + ; collectorIsEnabled = final: any (collector: (final == collector)) cfg.enabledCollectors; collectorIsDisabled = final: any (collector: (final == collector)) cfg.disabledCollectors; in @@ -14,7 +20,7 @@ in type = types.listOf types.str; default = []; example = [ "systemd" ]; - description = lib.mdDoc '' + description = '' Collectors to enable. The collectors listed here are enabled in addition to the default ones. ''; }; @@ -22,7 +28,7 @@ in type = types.listOf types.str; default = []; example = [ "timex" ]; - description = lib.mdDoc '' + description = '' Collectors to disable which are enabled by default. ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/nut.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/nut.nix index a14e379079b0..157bdadddfc9 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/nut.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/nut.nix @@ -1,9 +1,13 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.nut; + inherit (lib) + mkOption + types + optionalString + concatStringsSep + ; in { port = 9199; @@ -11,7 +15,7 @@ in nutServer = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc '' + description = '' Hostname or address of the NUT server ''; }; @@ -19,7 +23,7 @@ in type = types.str; default = ""; example = "nut"; - description = lib.mdDoc '' + description = '' The user to log in into NUT server. If set, passwordPath should also be set. @@ -31,7 +35,7 @@ in type = types.nullOr types.path; default = null; apply = final: if final == null then null else toString final; - description = lib.mdDoc '' + description = '' A run-time path to the nutUser password file, which should be provisioned outside of Nix store. ''; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/openldap.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/openldap.nix index aee3ae5bb2d4..bb65bd270933 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/openldap.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/openldap.nix @@ -1,16 +1,15 @@ { config, lib, pkgs, ... }: -with lib; - let cfg = config.services.prometheus.exporters.openldap; + inherit (lib) mkOption types concatStringsSep; in { port = 9330; extraOpts = { ldapCredentialFile = mkOption { type = types.path; example = "/run/keys/ldap_pass"; - description = lib.mdDoc '' + description = '' Environment file to contain the credentials to authenticate against `openldap`. @@ -26,21 +25,21 @@ in { default = "tcp"; example = "udp"; type = types.str; - description = lib.mdDoc '' + description = '' Which protocol to use to connect against `openldap`. ''; }; ldapAddr = mkOption { default = "localhost:389"; type = types.str; - description = lib.mdDoc '' + description = '' Address of the `openldap`-instance. ''; }; metricsPath = mkOption { default = "/metrics"; type = types.str; - description = lib.mdDoc '' + description = '' URL path where metrics should be exposed. ''; }; @@ -48,7 +47,7 @@ in { default = "30s"; type = types.str; example = "1m"; - description = lib.mdDoc '' + description = '' Scrape interval of the exporter. ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/pgbouncer.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/pgbouncer.nix index 9587403c7802..71b602638632 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/pgbouncer.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/pgbouncer.nix @@ -1,9 +1,14 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.pgbouncer; + inherit (lib) + mkOption + types + optionals + escapeShellArg + concatStringsSep + ; in { port = 9127; @@ -12,7 +17,7 @@ in telemetryPath = mkOption { type = types.str; default = "/metrics"; - description = lib.mdDoc '' + description = '' Path under which to expose metrics. ''; }; @@ -21,7 +26,7 @@ in type = types.str; default = ""; example = "postgres://admin:@localhost:6432/pgbouncer?sslmode=require"; - description = lib.mdDoc '' + description = '' Connection string for accessing pgBouncer. NOTE: You MUST keep pgbouncer as database name (special internal db)!!! @@ -38,7 +43,7 @@ in type = types.nullOr types.path; default = null; example = "/run/keys/pgBouncer-connection-string"; - description = lib.mdDoc '' + description = '' File that contains pgBouncer connection string in format: postgres://admin:@localhost:6432/pgbouncer?sslmode=require @@ -54,7 +59,7 @@ in pidFile = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Path to PgBouncer pid file. If provided, the standard process metrics get exported for the PgBouncer @@ -70,7 +75,7 @@ in webSystemdSocket = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Use systemd socket activation listeners instead of port listeners (Linux only). ''; }; @@ -78,7 +83,7 @@ in logLevel = mkOption { type = types.enum ["debug" "info" "warn" "error" ]; default = "info"; - description = lib.mdDoc '' + description = '' Only log messages with the given severity or above. ''; }; @@ -86,7 +91,7 @@ in logFormat = mkOption { type = types.enum ["logfmt" "json"]; default = "logfmt"; - description = lib.mdDoc '' + description = '' Output format of log messages. One of: [logfmt, json] ''; }; @@ -94,7 +99,7 @@ in webConfigFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Path to configuration file that can enable TLS or authentication. ''; }; @@ -102,7 +107,7 @@ in extraFlags = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc '' + description = '' Extra commandline options when launching Prometheus. ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/php-fpm.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/php-fpm.nix index 4ea5f64012c0..5d8253f26c43 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/php-fpm.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/php-fpm.nix @@ -16,7 +16,7 @@ in { telemetryPath = lib.mkOption { type = lib.types.str; default = "/metrics"; - description = lib.mdDoc '' + description = '' Path under which to expose metrics. ''; }; @@ -25,7 +25,7 @@ in { type = lib.types.nullOr lib.types.path; default = null; example = "/root/prometheus-php-fpm-exporter.env"; - description = lib.mdDoc '' + description = '' Environment file as defined in {manpage}`systemd.exec(5)`. Secrets may be passed to the service without adding them to the diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/pihole.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/pihole.nix index 4b7eca7493a6..30b260dc3792 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/pihole.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/pihole.nix @@ -1,9 +1,13 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.pihole; + inherit (lib) + mkOption + types + mkRemovedOptionModule + optionalString + ; in { imports = [ @@ -17,7 +21,7 @@ in type = types.str; default = ""; example = "580a770cb40511eb85290242ac130003580a770cb40511eb85290242ac130003"; - description = lib.mdDoc '' + description = '' Pi-Hole API token which can be used instead of a password ''; }; @@ -25,7 +29,7 @@ in type = types.str; default = ""; example = "password"; - description = lib.mdDoc '' + description = '' The password to login into Pi-Hole. An api token can be used instead. ''; }; @@ -33,7 +37,7 @@ in type = types.str; default = "pihole"; example = "127.0.0.1"; - description = lib.mdDoc '' + description = '' Hostname or address where to find the Pi-Hole webinterface ''; }; @@ -41,7 +45,7 @@ in type = types.port; default = 80; example = 443; - description = lib.mdDoc '' + description = '' The port Pi-Hole webinterface is reachable on ''; }; @@ -49,14 +53,14 @@ in type = types.enum [ "http" "https" ]; default = "http"; example = "https"; - description = lib.mdDoc '' + description = '' The protocol which is used to connect to Pi-Hole ''; }; timeout = mkOption { type = types.str; default = "5s"; - description = lib.mdDoc '' + description = '' Controls the timeout to connect to a Pi-Hole instance ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/ping.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/ping.nix index bda5038a0c64..9122a6be66e6 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/ping.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/ping.nix @@ -1,9 +1,9 @@ { config, lib, pkgs, options, ... }: -with lib; let cfg = config.services.prometheus.exporters.ping; + inherit (lib) mkOption types concatStringsSep; settingsFormat = pkgs.formats.yaml {}; configFile = settingsFormat.generate "config.yml" cfg.settings; @@ -23,7 +23,7 @@ in type = settingsFormat.type; default = {}; - description = lib.mdDoc '' + description = '' Configuration for ping_exporter, see <https://github.com/czerwonk/ping_exporter> for supported values. diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/postfix.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/postfix.nix index ead8e806f85a..7aa3622f16d6 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/postfix.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/postfix.nix @@ -1,16 +1,22 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.postfix; + inherit (lib) + mkOption + types + mkIf + escapeShellArg + concatStringsSep + optional + ; in { port = 9154; extraOpts = { group = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Group under which the postfix exporter shall be run. It should match the group that is allowed to access the `showq` socket in the `queue/public/` directory. @@ -20,7 +26,7 @@ in telemetryPath = mkOption { type = types.str; default = "/metrics"; - description = lib.mdDoc '' + description = '' Path under which to expose metrics. ''; }; @@ -28,7 +34,7 @@ in type = types.path; default = "/var/log/postfix_exporter_input.log"; example = "/var/log/mail.log"; - description = lib.mdDoc '' + description = '' Path where Postfix writes log entries. This file will be truncated by this exporter! ''; @@ -37,7 +43,7 @@ in type = types.path; default = "/var/lib/postfix/queue/public/showq"; example = "/var/spool/postfix/public/showq"; - description = lib.mdDoc '' + description = '' Path where Postfix places its showq socket. ''; }; @@ -45,21 +51,21 @@ in enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable reading metrics from the systemd journal instead of from a logfile ''; }; unit = mkOption { type = types.str; default = "postfix.service"; - description = lib.mdDoc '' + description = '' Name of the postfix systemd unit. ''; }; slice = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Name of the postfix systemd slice. This overrides the {option}`systemd.unit`. ''; @@ -67,7 +73,7 @@ in journalPath = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Path to the systemd journal. ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/postgres.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/postgres.nix index 514b2d0c8f2d..bf392382660a 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/postgres.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/postgres.nix @@ -1,9 +1,14 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.postgres; + inherit (lib) + mkOption + types + mkIf + mkForce + concatStringsSep + ; in { port = 9187; @@ -11,7 +16,7 @@ in telemetryPath = mkOption { type = types.str; default = "/metrics"; - description = lib.mdDoc '' + description = '' Path under which to expose metrics. ''; }; @@ -19,14 +24,14 @@ in type = types.str; default = "user=postgres database=postgres host=/run/postgresql sslmode=disable"; example = "postgresql://username:password@localhost:5432/postgres?sslmode=disable"; - description = lib.mdDoc '' + description = '' Accepts PostgreSQL URI form and key=value form arguments. ''; }; runAsLocalSuperUser = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to run the exporter as the local 'postgres' super user. ''; }; @@ -36,7 +41,7 @@ in type = types.nullOr types.path; default = null; example = "/root/prometheus-postgres-exporter.env"; - description = lib.mdDoc '' + description = '' Environment file as defined in {manpage}`systemd.exec(5)`. Secrets may be passed to the service without adding them to the diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/process.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/process.nix index 86c71a88e28b..8e5eceee067c 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/process.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/process.nix @@ -1,9 +1,13 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.process; + inherit (lib) + mkOption + types + literalExpression + concatStringsSep + ; configFile = pkgs.writeText "process-exporter.yaml" (builtins.toJSON cfg.settings); in { @@ -18,7 +22,7 @@ in { name = "{{.Matches.Wrapped}} {{ .Matches.Args }}"; cmdline = [ "^/nix/store[^ ]*/(?P<Wrapped>[^ /]*) (?P<Args>.*)" ]; } ] ''; - description = lib.mdDoc '' + description = '' All settings expressed as an Nix attrset. Check the official documentation for the corresponding YAML diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/pve.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/pve.nix index 96db49d9591f..8928577b6953 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/pve.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/pve.nix @@ -1,8 +1,14 @@ { config, lib, pkgs, options, ... }: -with lib; let cfg = config.services.prometheus.exporters.pve; + inherit (lib) + mkOption + types + mkPackageOption + optionalString + optionalAttrs + ; # pve exporter requires a config file so create an empty one if configFile is not provided emptyConfigFile = pkgs.writeTextFile { diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/py-air-control.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/py-air-control.nix index 60243e0ed069..d788ce363d61 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/py-air-control.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/py-air-control.nix @@ -1,9 +1,8 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.py-air-control; + inherit (lib) mkOption types; workingDir = "/var/lib/${cfg.stateDir}"; @@ -14,14 +13,14 @@ in deviceHostname = mkOption { type = types.str; example = "192.168.1.123"; - description = lib.mdDoc '' + description = '' The hostname of the air purification device from which to scrape the metrics. ''; }; protocol = mkOption { type = types.str; default = "http"; - description = lib.mdDoc '' + description = '' The protocol to use when communicating with the air purification device. Available: [http, coap, plain_coap] ''; @@ -29,7 +28,7 @@ in stateDir = mkOption { type = types.str; default = "prometheus-py-air-control-exporter"; - description = lib.mdDoc '' + description = '' Directory below `/var/lib` to store runtime data. This directory will be created automatically using systemd's StateDirectory mechanism. ''; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/redis.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/redis.nix index 71f94a700efd..672e3dfe7b05 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/redis.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/redis.nix @@ -1,14 +1,14 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.redis; + inherit (lib) concatStringsSep; in { port = 9121; serviceOpts = { serviceConfig = { + RestrictAddressFamilies = [ "AF_UNIX" ]; ExecStart = '' ${pkgs.prometheus-redis-exporter}/bin/redis_exporter \ -web.listen-address ${cfg.listenAddress}:${toString cfg.port} \ diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/restic.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/restic.nix index 12962af5f111..ef44803ba053 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/restic.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/restic.nix @@ -1,16 +1,25 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.restic; + inherit (lib) + mkOption + types + concatStringsSep + mkIf + mapAttrs' + splitString + toUpper + optionalAttrs + nameValuePair + ; in { port = 9753; extraOpts = { repository = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' URI pointing to the repository to monitor. ''; example = "sftp:backup@192.168.1.100:/backups/example"; @@ -18,7 +27,7 @@ in passwordFile = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' File containing the password to the repository. ''; example = "/etc/nixos/restic-password"; @@ -27,7 +36,7 @@ in environmentFile = mkOption { type = with types; nullOr path; default = null; - description = lib.mdDoc '' + description = '' File containing the credentials to access the repository, in the format of an EnvironmentFile as described by systemd.exec(5) ''; @@ -36,7 +45,7 @@ in refreshInterval = mkOption { type = types.ints.unsigned; default = 60; - description = lib.mdDoc '' + description = '' Refresh interval for the metrics in seconds. Computing the metrics is an expensive task, keep this value as high as possible. ''; @@ -45,7 +54,7 @@ in rcloneOptions = mkOption { type = with types; attrsOf (oneOf [ str bool ]); default = { }; - description = lib.mdDoc '' + description = '' Options to pass to rclone to control its behavior. See <https://rclone.org/docs/#options> for available options. When specifying option names, strip the @@ -58,7 +67,7 @@ in rcloneConfig = mkOption { type = with types; attrsOf (oneOf [ str bool ]); default = { }; - description = lib.mdDoc '' + description = '' Configuration for the rclone remote being used for backup. See the remote's specific options under rclone's docs at <https://rclone.org/docs/>. When specifying @@ -79,7 +88,7 @@ in rcloneConfigFile = mkOption { type = with types; nullOr path; default = null; - description = lib.mdDoc '' + description = '' Path to the file containing rclone configuration. This file must contain configuration for the remote specified in this backup set and also must be readable by root. diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/rspamd.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/rspamd.nix index 8169d4075a9f..8993aee5d248 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/rspamd.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/rspamd.nix @@ -1,9 +1,16 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.rspamd; + inherit (lib) + mkOption + types + replaceStrings + mkRemovedOptionModule + recursiveUpdate + concatStringsSep + literalExpression + ; mkFile = conf: pkgs.writeText "rspamd-exporter-config.yml" (builtins.toJSON conf); @@ -69,7 +76,7 @@ in custom_label = "some_value"; } ''; - description = lib.mdDoc "Set of labels added to each metric."; + description = "Set of labels added to each metric."; }; }; serviceOpts.serviceConfig.ExecStart = '' diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/rtl_433.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/rtl_433.nix index 42b659501161..02624a0e80e7 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/rtl_433.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/rtl_433.nix @@ -12,15 +12,15 @@ in options = { name = lib.mkOption { type = str; - description = lib.mdDoc "Name to match."; + description = "Name to match."; }; "${field}" = lib.mkOption { type = int; - description = lib.mdDoc description; + description = description; }; location = lib.mkOption { type = str; - description = lib.mdDoc "Location to match."; + description = "Location to match."; }; }; }); @@ -30,7 +30,7 @@ in type = lib.types.str; default = "-C si"; example = "-C si -R 19"; - description = lib.mdDoc '' + description = '' Flags passed verbatim to rtl_433 binary. Having `-C si` (the default) is recommended since only Celsius temperatures are parsed. ''; @@ -41,7 +41,7 @@ in example = [ { name = "Acurite"; channel = 6543; location = "Kitchen"; } ]; - description = lib.mdDoc '' + description = '' List of channel matchers to export. ''; }; @@ -51,7 +51,7 @@ in example = [ { name = "Nexus"; id = 1; location = "Bedroom"; } ]; - description = lib.mdDoc '' + description = '' List of ID matchers to export. ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/scaphandre.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/scaphandre.nix index d4c929d88b9c..fbee2850db74 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/scaphandre.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/scaphandre.nix @@ -14,7 +14,7 @@ in { telemetryPath = lib.mkOption { type = lib.types.str; default = "/metrics"; - description = lib.mdDoc '' + description = '' Path under which to expose metrics. ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/script.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/script.nix index f37fa456d27c..0967ce236a62 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/script.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/script.nix @@ -1,9 +1,13 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.script; + inherit (lib) + mkOption + types + literalExpression + concatStringsSep + ; configFile = pkgs.writeText "script-exporter.yaml" (builtins.toJSON cfg.settings); in { @@ -15,18 +19,18 @@ in name = mkOption { type = str; example = "sleep"; - description = lib.mdDoc "Name of the script."; + description = "Name of the script."; }; script = mkOption { type = str; example = "sleep 5"; - description = lib.mdDoc "Shell script to execute when metrics are requested."; + description = "Shell script to execute when metrics are requested."; }; timeout = mkOption { type = nullOr int; default = null; example = 60; - description = lib.mdDoc "Optional timeout for the script in seconds."; + description = "Optional timeout for the script in seconds."; }; }; }); @@ -37,7 +41,7 @@ in ]; } ''; - description = lib.mdDoc '' + description = '' All settings expressed as an Nix attrset. Check the official documentation for the corresponding YAML diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/shelly.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/shelly.nix index 1d2329dfbae1..be3e483c6ee1 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/shelly.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/shelly.nix @@ -1,16 +1,15 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.shelly; + inherit (lib) mkOption types; in { port = 9784; extraOpts = { metrics-file = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' Path to the JSON file with the metric definitions ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/smartctl.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/smartctl.nix index 1040e9ecadbd..8aadd87abbed 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/smartctl.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/smartctl.nix @@ -1,9 +1,8 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.smartctl; + inherit (lib) mkOption types literalExpression; args = lib.escapeShellArgs ([ "--web.listen-address=${cfg.listenAddress}:${toString cfg.port}" "--smartctl.path=${pkgs.smartmontools}/bin/smartctl" @@ -20,7 +19,7 @@ in { example = literalExpression '' [ "/dev/sda", "/dev/nvme0n1" ]; ''; - description = lib.mdDoc '' + description = '' Paths to the disks that will be monitored. Will autodiscover all disks if none given. ''; @@ -29,7 +28,7 @@ in { type = types.str; default = "60s"; example = "2m"; - description = lib.mdDoc '' + description = '' Interval that limits how often a disk can be queried. ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/smokeping.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/smokeping.nix index 2bacc9cd7cac..c3baed150376 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/smokeping.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/smokeping.nix @@ -1,9 +1,8 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.smokeping; + inherit (lib) mkOption types concatStringsSep; goDuration = types.mkOptionType { name = "goDuration"; description = "Go duration (https://golang.org/pkg/time/#ParseDuration)"; @@ -17,27 +16,27 @@ in telemetryPath = mkOption { type = types.str; default = "/metrics"; - description = lib.mdDoc '' + description = '' Path under which to expose metrics. ''; }; pingInterval = mkOption { type = goDuration; default = "1s"; - description = lib.mdDoc '' + description = '' Interval between pings. ''; }; buckets = mkOption { type = types.commas; default = "5e-05,0.0001,0.0002,0.0004,0.0008,0.0016,0.0032,0.0064,0.0128,0.0256,0.0512,0.1024,0.2048,0.4096,0.8192,1.6384,3.2768,6.5536,13.1072,26.2144"; - description = lib.mdDoc '' + description = '' List of buckets to use for the response duration histogram. ''; }; hosts = mkOption { type = with types; listOf str; - description = lib.mdDoc '' + description = '' List of endpoints to probe. ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/snmp.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/snmp.nix index 207446e39f49..dc10a9a2f92e 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/snmp.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/snmp.nix @@ -1,10 +1,15 @@ { config, lib, pkgs, options, ... }: -with lib; - let logPrefix = "services.prometheus.exporters.snmp"; cfg = config.services.prometheus.exporters.snmp; + inherit (lib) + mkOption + types + literalExpression + escapeShellArg + concatStringsSep + ; # This ensures that we can deal with string paths, path types and # store-path strings with context. @@ -31,7 +36,7 @@ in configurationPath = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Path to a snmp exporter configuration file. Mutually exclusive with 'configuration' option. ''; example = literalExpression "./snmp.yml"; @@ -40,7 +45,7 @@ in configuration = mkOption { type = types.nullOr types.attrs; default = null; - description = lib.mdDoc '' + description = '' Snmp exporter configuration as nix attribute set. Mutually exclusive with 'configurationPath' option. ''; example = { @@ -54,7 +59,7 @@ in enableConfigCheck = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to run a correctness check for the configuration file. This depends on the configuration file residing in the nix-store. Paths passed as string will be copied to the store. @@ -64,7 +69,7 @@ in logFormat = mkOption { type = types.enum ["logfmt" "json"]; default = "logfmt"; - description = lib.mdDoc '' + description = '' Output format of log messages. ''; }; @@ -72,7 +77,7 @@ in logLevel = mkOption { type = types.enum ["debug" "info" "warn" "error"]; default = "info"; - description = lib.mdDoc '' + description = '' Only log messages with the given severity or above. ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/sql.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/sql.nix index dbfa69678a0c..59715f5d33e2 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/sql.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/sql.nix @@ -1,13 +1,19 @@ { config, lib, pkgs, options, ... }: -with lib; let cfg = config.services.prometheus.exporters.sql; + inherit (lib) + mkOption + types + mapAttrs + mapAttrsToList + concatStringsSep + ; cfgOptions = { options = with types; { jobs = mkOption { type = attrsOf (submodule jobOptions); default = { }; - description = lib.mdDoc "An attrset of metrics scraping jobs to run."; + description = "An attrset of metrics scraping jobs to run."; }; }; }; @@ -15,23 +21,23 @@ let options = with types; { interval = mkOption { type = str; - description = lib.mdDoc '' + description = '' How often to run this job, specified in [Go duration](https://golang.org/pkg/time/#ParseDuration) format. ''; }; connections = mkOption { type = listOf str; - description = lib.mdDoc "A list of connection strings of the SQL servers to scrape metrics from"; + description = "A list of connection strings of the SQL servers to scrape metrics from"; }; startupSql = mkOption { type = listOf str; default = []; - description = lib.mdDoc "A list of SQL statements to execute once after making a connection."; + description = "A list of SQL statements to execute once after making a connection."; }; queries = mkOption { type = attrsOf (submodule queryOptions); - description = lib.mdDoc "SQL queries to run."; + description = "SQL queries to run."; }; }; }; @@ -40,20 +46,20 @@ let help = mkOption { type = nullOr str; default = null; - description = lib.mdDoc "A human-readable description of this metric."; + description = "A human-readable description of this metric."; }; labels = mkOption { type = listOf str; default = [ ]; - description = lib.mdDoc "A set of columns that will be used as Prometheus labels."; + description = "A set of columns that will be used as Prometheus labels."; }; query = mkOption { type = str; - description = lib.mdDoc "The SQL query to run."; + description = "The SQL query to run."; }; values = mkOption { type = listOf str; - description = lib.mdDoc "A set of columns that will be used as values of this metric."; + description = "A set of columns that will be used as values of this metric."; }; }; }; @@ -77,14 +83,14 @@ in configFile = mkOption { type = with types; nullOr path; default = null; - description = lib.mdDoc '' + description = '' Path to configuration file. ''; }; configuration = mkOption { type = with types; nullOr (submodule cfgOptions); default = null; - description = lib.mdDoc '' + description = '' Exporter configuration as nix attribute set. Mutually exclusive with 'configFile' option. ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/statsd.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/statsd.nix index 94df86167e8c..b1bc65c9a492 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/statsd.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/statsd.nix @@ -1,9 +1,8 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.statsd; + inherit (lib) concatStringsSep; in { port = 9102; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/surfboard.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/surfboard.nix index 337ebd4ed66f..d848e263a3b6 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/surfboard.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/surfboard.nix @@ -1,9 +1,8 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.surfboard; + inherit (lib) mkOption types concatStringsSep; in { port = 9239; @@ -11,7 +10,7 @@ in modemAddress = mkOption { type = types.str; default = "192.168.100.1"; - description = lib.mdDoc '' + description = '' The hostname or IP of the cable modem. ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/systemd.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/systemd.nix index 2edd1de83e1b..52bad81ed7d5 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/systemd.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/systemd.nix @@ -1,9 +1,8 @@ { config, pkgs, lib, ... }: -with lib; - -let cfg = config.services.prometheus.exporters.systemd; - +let + cfg = config.services.prometheus.exporters.systemd; + inherit (lib) concatStringsSep; in { port = 9558; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/tor.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/tor.nix index b91f69aded3d..d39112d0c283 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/tor.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/tor.nix @@ -1,9 +1,8 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.tor; + inherit (lib) mkOption types concatStringsSep; in { port = 9130; @@ -11,7 +10,7 @@ in torControlAddress = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc '' + description = '' Tor control IP address or hostname. ''; }; @@ -19,7 +18,7 @@ in torControlPort = mkOption { type = types.port; default = 9051; - description = lib.mdDoc '' + description = '' Tor control port. ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/unbound.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/unbound.nix index 2f4444a96c69..df6011e2434b 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/unbound.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/unbound.nix @@ -5,10 +5,17 @@ , ... }: -with lib; - let cfg = config.services.prometheus.exporters.unbound; + inherit (lib) + mkOption + types + mkRemovedOptionModule + optionalAttrs + optionalString + mkMerge + mkIf + ; in { imports = [ @@ -22,7 +29,7 @@ in telemetryPath = mkOption { type = types.str; default = "/metrics"; - description = lib.mdDoc '' + description = '' Path under which to expose metrics. ''; }; @@ -59,7 +66,7 @@ in type = types.str; default = "tcp://127.0.0.1:8953"; example = "unix:///run/unbound/unbound.socket"; - description = lib.mdDoc '' + description = '' Path to the unbound control socket. Supports unix domain sockets, as well as the TCP interface. ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/unifi.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/unifi.nix index b7addcd56827..07d177251f40 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/unifi.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/unifi.nix @@ -1,9 +1,14 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.unifi; + inherit (lib) + mkOption + types + escapeShellArg + optionalString + concatStringsSep + ; in { port = 9130; @@ -11,7 +16,7 @@ in unifiAddress = mkOption { type = types.str; example = "https://10.0.0.1:8443"; - description = lib.mdDoc '' + description = '' URL of the UniFi Controller API. ''; }; @@ -19,7 +24,7 @@ in unifiInsecure = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' If enabled skip the verification of the TLS certificate of the UniFi Controller API. Use with caution. ''; @@ -28,14 +33,14 @@ in unifiUsername = mkOption { type = types.str; example = "ReadOnlyUser"; - description = lib.mdDoc '' + description = '' username for authentication against UniFi Controller API. ''; }; unifiPassword = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Password for authentication against UniFi Controller API. ''; }; @@ -44,7 +49,7 @@ in type = types.str; default = "5s"; example = "2m"; - description = lib.mdDoc '' + description = '' Timeout including unit for UniFi Controller API requests. ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/unpoller.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/unpoller.nix index aff1197a8775..7b9ba4c5d1ed 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/unpoller.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/unpoller.nix @@ -1,9 +1,8 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.unpoller; + inherit (lib) mkEnableOption generators; configFile = pkgs.writeText "prometheus-unpoller-exporter.json" (generators.toJSON {} { poller = { inherit (cfg.log) debug quiet; }; @@ -24,9 +23,9 @@ in { inherit (options.services.unpoller.unifi) controllers; inherit (options.services.unpoller) loki; log = { - debug = mkEnableOption (lib.mdDoc "debug logging including line numbers, high resolution timestamps, per-device logs"); - quiet = mkEnableOption (lib.mdDoc "startup and error logs only"); - prometheusErrors = mkEnableOption (lib.mdDoc "emitting errors to prometheus"); + debug = mkEnableOption "debug logging including line numbers, high resolution timestamps, per-device logs"; + quiet = mkEnableOption "startup and error logs only"; + prometheusErrors = mkEnableOption "emitting errors to prometheus"; }; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/v2ray.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/v2ray.nix index 7b21e5fc7cb7..4fda15c9ee4e 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/v2ray.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/v2ray.nix @@ -1,9 +1,8 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.v2ray; + inherit (lib) mkOption types concatStringsSep; in { port = 9299; @@ -11,7 +10,7 @@ in v2rayEndpoint = mkOption { type = types.str; default = "127.0.0.1:54321"; - description = lib.mdDoc '' + description = '' v2ray grpc api endpoint ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/varnish.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/varnish.nix index 98fbba82c8e9..e94c513ae84f 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/varnish.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/varnish.nix @@ -1,9 +1,15 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.varnish; + inherit (lib) + mkOption + types + mkDefault + optional + escapeShellArg + concatStringsSep + ; in { port = 9131; @@ -11,35 +17,35 @@ in noExit = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Do not exit server on Varnish scrape errors. ''; }; withGoMetrics = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Export go runtime and http handler metrics. ''; }; verbose = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable verbose logging. ''; }; raw = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable raw stdout logging without timestamps. ''; }; varnishStatPath = mkOption { type = types.str; default = "varnishstat"; - description = lib.mdDoc '' + description = '' Path to varnishstat. ''; }; @@ -47,21 +53,21 @@ in type = types.nullOr types.str; default = config.services.varnish.stateDir; defaultText = lib.literalExpression "config.services.varnish.stateDir"; - description = lib.mdDoc '' + description = '' varnishstat -n value. ''; }; healthPath = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Path under which to expose healthcheck. Disabled unless configured. ''; }; telemetryPath = mkOption { type = types.str; default = "/metrics"; - description = lib.mdDoc '' + description = '' Path under which to expose metrics. ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/wireguard.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/wireguard.nix index 127c8021a9f0..7a48c836425f 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/wireguard.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/wireguard.nix @@ -1,9 +1,15 @@ { config, lib, pkgs, options, ... }: -with lib; - let cfg = config.services.prometheus.exporters.wireguard; + inherit (lib) + mkOption + types + mkRenamedOptionModule + mkEnableOption + optionalString + escapeShellArg + ; in { port = 9586; imports = [ @@ -11,13 +17,13 @@ in { ({ options.warnings = options.warnings; options.assertions = options.assertions; }) ]; extraOpts = { - verbose = mkEnableOption (lib.mdDoc "verbose logging mode for prometheus-wireguard-exporter"); + verbose = mkEnableOption "verbose logging mode for prometheus-wireguard-exporter"; wireguardConfig = mkOption { type = with types; nullOr (either path str); default = null; - description = lib.mdDoc '' + description = '' Path to the Wireguard Config to [add the peer's name to the stats of a peer](https://github.com/MindFlavor/prometheus_wireguard_exporter/tree/2.0.0#usage). @@ -31,7 +37,7 @@ in { singleSubnetPerField = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' By default, all allowed IPs and subnets are comma-separated in the `allowed_ips` field. With this option enabled, a single IP and subnet will be listed in fields like `allowed_ip_0`, @@ -42,7 +48,7 @@ in { withRemoteIp = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether or not the remote IP of a WireGuard peer should be exposed via prometheus. ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/zfs.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/zfs.nix index 21f6354cc4a2..a685b94b827f 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/zfs.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/exporters/zfs.nix @@ -1,9 +1,14 @@ { config, lib, pkgs, options, ... }: -with lib; let cfg = config.services.prometheus.exporters.zfs; + inherit (lib) + mkOption + types + concatStringsSep + concatMapStringsSep + ; in { port = 9134; @@ -12,7 +17,7 @@ in telemetryPath = mkOption { type = types.str; default = "/metrics"; - description = lib.mdDoc '' + description = '' Path under which to expose metrics. ''; }; @@ -20,7 +25,7 @@ in pools = mkOption { type = with types; nullOr (listOf str); default = [ ]; - description = lib.mdDoc '' + description = '' Name of the pool(s) to collect, repeat for multiple pools (default: all pools). ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/pushgateway.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/pushgateway.nix index e93924e4fba8..80e2339f5925 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/pushgateway.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/pushgateway.nix @@ -21,14 +21,14 @@ let in { options = { services.prometheus.pushgateway = { - enable = mkEnableOption (lib.mdDoc "Prometheus Pushgateway"); + enable = mkEnableOption "Prometheus Pushgateway"; package = mkPackageOption pkgs "prometheus-pushgateway" { }; web.listen-address = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Address to listen on for the web interface, API and telemetry. `null` will default to `:9091`. @@ -38,7 +38,7 @@ in { web.telemetry-path = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Path under which to expose metrics. `null` will default to `/metrics`. @@ -48,7 +48,7 @@ in { web.external-url = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The URL under which Pushgateway is externally reachable. ''; }; @@ -56,7 +56,7 @@ in { web.route-prefix = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Prefix for the internal routes of web endpoints. Defaults to the path of @@ -68,7 +68,7 @@ in { type = types.nullOr types.str; default = null; example = "10m"; - description = lib.mdDoc '' + description = '' The minimum interval at which to write out the persistence file. `null` will default to `5m`. @@ -78,7 +78,7 @@ in { log.level = mkOption { type = types.nullOr (types.enum ["debug" "info" "warn" "error" "fatal"]); default = null; - description = lib.mdDoc '' + description = '' Only log messages with the given severity or above. `null` will default to `info`. @@ -89,7 +89,7 @@ in { type = types.nullOr types.str; default = null; example = "logger:syslog?appname=bob&local=7"; - description = lib.mdDoc '' + description = '' Set the log target and format. `null` will default to `logger:stderr`. @@ -99,7 +99,7 @@ in { extraFlags = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' Extra commandline options when launching the Pushgateway. ''; }; @@ -107,7 +107,7 @@ in { persistMetrics = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to persist metrics to a file. When enabled metrics will be saved to a file called @@ -121,7 +121,7 @@ in { stateDir = mkOption { type = types.str; default = "pushgateway"; - description = lib.mdDoc '' + description = '' Directory below `/var/lib` to store metrics. This directory will be created automatically using systemd's diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/sachet.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/sachet.nix index c908d599bd4e..3deb29aeb222 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/sachet.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/sachet.nix @@ -9,7 +9,7 @@ in { options = { services.prometheus.sachet = { - enable = mkEnableOption (lib.mdDoc "Sachet, an SMS alerting tool for the Prometheus Alertmanager"); + enable = mkEnableOption "Sachet, an SMS alerting tool for the Prometheus Alertmanager"; configuration = mkOption { type = types.nullOr types.attrs; @@ -32,7 +32,7 @@ in }]; } ''; - description = lib.mdDoc '' + description = '' Sachet's configuration as a nix attribute set. ''; }; @@ -40,7 +40,7 @@ in address = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc '' + description = '' The address Sachet will listen to. ''; }; @@ -48,7 +48,7 @@ in port = mkOption { type = types.port; default = 9876; - description = lib.mdDoc '' + description = '' The port Sachet will listen to. ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/xmpp-alerts.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/xmpp-alerts.nix index 4545ca37d278..f3f553cd8642 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/xmpp-alerts.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/xmpp-alerts.nix @@ -15,13 +15,13 @@ in ]; options.services.prometheus.xmpp-alerts = { - enable = mkEnableOption (lib.mdDoc "XMPP Web hook service for Alertmanager"); + enable = mkEnableOption "XMPP Web hook service for Alertmanager"; settings = mkOption { type = settingsFormat.type; default = {}; - description = lib.mdDoc '' + description = '' Configuration for prometheus xmpp-alerts, see <https://github.com/jelmer/prometheus-xmpp-alerts/blob/master/xmpp-alerts.yml.example> for supported values. diff --git a/nixpkgs/nixos/modules/services/monitoring/riemann-dash.nix b/nixpkgs/nixos/modules/services/monitoring/riemann-dash.nix index 1622d7a9b920..243d0edb3aae 100644 --- a/nixpkgs/nixos/modules/services/monitoring/riemann-dash.nix +++ b/nixpkgs/nixos/modules/services/monitoring/riemann-dash.nix @@ -26,20 +26,20 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable the riemann-dash dashboard daemon. ''; }; config = mkOption { type = types.lines; - description = lib.mdDoc '' + description = '' Contents added to the end of the riemann-dash configuration file. ''; }; dataDir = mkOption { type = types.str; default = "/var/riemann-dash"; - description = lib.mdDoc '' + description = '' Location of the riemann-base dir. The dashboard configuration file is is stored to this directory. The directory is created automatically on service start, and owner is set to the riemanndash user. diff --git a/nixpkgs/nixos/modules/services/monitoring/riemann-tools.nix b/nixpkgs/nixos/modules/services/monitoring/riemann-tools.nix index 28821267b4f3..86a11694e7b4 100644 --- a/nixpkgs/nixos/modules/services/monitoring/riemann-tools.nix +++ b/nixpkgs/nixos/modules/services/monitoring/riemann-tools.nix @@ -23,21 +23,21 @@ in { enableHealth = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable the riemann-health daemon. ''; }; riemannHost = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc '' + description = '' Address of the host riemann node. Defaults to localhost. ''; }; extraArgs = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' A list of commandline-switches forwarded to a riemann-tool. See for example `riemann-health --help` for available options. ''; diff --git a/nixpkgs/nixos/modules/services/monitoring/riemann.nix b/nixpkgs/nixos/modules/services/monitoring/riemann.nix index 7ab8af85ed79..fd625e34e013 100644 --- a/nixpkgs/nixos/modules/services/monitoring/riemann.nix +++ b/nixpkgs/nixos/modules/services/monitoring/riemann.nix @@ -27,11 +27,11 @@ in { options = { services.riemann = { - enable = mkEnableOption (lib.mdDoc "Riemann network monitoring daemon"); + enable = mkEnableOption "Riemann network monitoring daemon"; config = mkOption { type = types.lines; - description = lib.mdDoc '' + description = '' Contents of the Riemann configuration file. For more complicated config you should use configFile. ''; @@ -39,7 +39,7 @@ in { configFiles = mkOption { type = with types; listOf path; default = []; - description = lib.mdDoc '' + description = '' Extra files containing Riemann configuration. These files will be loaded at runtime by Riemann (with Clojure's `load-file` function) at the end of the @@ -49,7 +49,7 @@ in { }; configFile = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' A Riemann config file. Any files in the same directory as this file will be added to the classpath by Riemann. ''; @@ -57,14 +57,14 @@ in { extraClasspathEntries = mkOption { type = with types; listOf str; default = []; - description = lib.mdDoc '' + description = '' Extra entries added to the Java classpath when running Riemann. ''; }; extraJavaOpts = mkOption { type = with types; listOf str; default = []; - description = lib.mdDoc '' + description = '' Extra Java options used when launching Riemann. ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/rustdesk-server.nix b/nixpkgs/nixos/modules/services/monitoring/rustdesk-server.nix index fcfd57167dd8..21e6128c7226 100644 --- a/nixpkgs/nixos/modules/services/monitoring/rustdesk-server.nix +++ b/nixpkgs/nixos/modules/services/monitoring/rustdesk-server.nix @@ -53,15 +53,14 @@ in { Slice = "system-rustdesk.slice"; User = "rustdesk"; Group = "rustdesk"; + DynamicUser = "yes"; Environment = []; WorkingDirectory = "/var/lib/rustdesk"; StateDirectory = "rustdesk"; StateDirectoryMode = "0750"; LockPersonality = true; - NoNewPrivileges = true; PrivateDevices = true; PrivateMounts = true; - PrivateTmp = true; PrivateUsers = true; ProtectClock = true; ProtectControlGroups = true; @@ -71,10 +70,7 @@ in { ProtectKernelModules = true; ProtectKernelTunables = true; ProtectProc = "invisible"; - ProtectSystem = "strict"; - RemoveIPC = true; RestrictNamespaces = true; - RestrictSUIDSGID = true; }; }; in lib.mkIf cfg.enable { diff --git a/nixpkgs/nixos/modules/services/monitoring/scollector.nix b/nixpkgs/nixos/modules/services/monitoring/scollector.nix index 0011d56a066a..49c3788e086f 100644 --- a/nixpkgs/nixos/modules/services/monitoring/scollector.nix +++ b/nixpkgs/nixos/modules/services/monitoring/scollector.nix @@ -35,7 +35,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to run scollector. ''; }; @@ -45,7 +45,7 @@ in { user = mkOption { type = types.str; default = "scollector"; - description = lib.mdDoc '' + description = '' User account under which scollector runs. ''; }; @@ -53,7 +53,7 @@ in { group = mkOption { type = types.str; default = "scollector"; - description = lib.mdDoc '' + description = '' Group account under which scollector runs. ''; }; @@ -61,7 +61,7 @@ in { bosunHost = mkOption { type = types.str; default = "localhost:8070"; - description = lib.mdDoc '' + description = '' Host and port of the bosun server that will store the collected data. ''; @@ -71,7 +71,7 @@ in { type = with types; attrsOf (listOf path); default = {}; example = literalExpression ''{ "0" = [ "''${postgresStats}/bin/collect-stats" ]; }''; - description = lib.mdDoc '' + description = '' An attribute set mapping the frequency of collection to a list of binaries that should be executed at that frequency. You can use "0" to run a binary forever. @@ -82,7 +82,7 @@ in { type = with types; listOf str; default = []; example = [ "-d" ]; - description = lib.mdDoc '' + description = '' Extra scollector command line options ''; }; @@ -90,7 +90,7 @@ in { extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra scollector configuration added to the end of scollector.toml ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/smartd.nix b/nixpkgs/nixos/modules/services/monitoring/smartd.nix index 8b79ac0e0c1e..2c05eaad25ac 100644 --- a/nixpkgs/nixos/modules/services/monitoring/smartd.nix +++ b/nixpkgs/nixos/modules/services/monitoring/smartd.nix @@ -71,14 +71,14 @@ let device = mkOption { example = "/dev/sda"; type = types.str; - description = lib.mdDoc "Location of the device."; + description = "Location of the device."; }; options = mkOption { default = ""; example = "-d sat"; type = types.separatedString " "; - description = lib.mdDoc "Options that determine how smartd monitors the device."; + description = "Options that determine how smartd monitors the device."; }; }; @@ -94,12 +94,12 @@ in services.smartd = { - enable = mkEnableOption (lib.mdDoc "smartd daemon from `smartmontools` package"); + enable = mkEnableOption "smartd daemon from `smartmontools` package"; autodetect = mkOption { default = true; type = types.bool; - description = lib.mdDoc '' + description = '' Whenever smartd should monitor all devices connected to the machine at the time it's being started (the default). @@ -112,7 +112,7 @@ in default = []; type = types.listOf types.str; example = ["-A /var/log/smartd/" "--interval=3600"]; - description = lib.mdDoc '' + description = '' Extra command-line options passed to the `smartd` daemon on startup. @@ -127,14 +127,14 @@ in default = config.services.mail.sendmailSetuidWrapper != null; defaultText = literalExpression "config.services.mail.sendmailSetuidWrapper != null"; type = types.bool; - description = lib.mdDoc "Whenever to send e-mail notifications."; + description = "Whenever to send e-mail notifications."; }; sender = mkOption { default = "root"; example = "example@domain.tld"; type = types.str; - description = lib.mdDoc '' + description = '' Sender of the notification messages. Acts as the value of `email` in the emails' `From: ...` field. ''; @@ -143,13 +143,13 @@ in recipient = mkOption { default = "root"; type = types.str; - description = lib.mdDoc "Recipient of the notification messages."; + description = "Recipient of the notification messages."; }; mailer = mkOption { default = "/run/wrappers/bin/sendmail"; type = types.path; - description = lib.mdDoc '' + description = '' Sendmail-compatible binary to be used to send the messages. You should probably enable @@ -163,7 +163,7 @@ in enable = mkOption { default = true; type = types.bool; - description = lib.mdDoc "Whenever to send wall notifications to all users."; + description = "Whenever to send wall notifications to all users."; }; }; @@ -172,21 +172,21 @@ in default = config.services.xserver.enable; defaultText = literalExpression "config.services.xserver.enable"; type = types.bool; - description = lib.mdDoc "Whenever to send X11 xmessage notifications."; + description = "Whenever to send X11 xmessage notifications."; }; display = mkOption { default = ":${toString config.services.xserver.display}"; defaultText = literalExpression ''":''${toString config.services.xserver.display}"''; type = types.str; - description = lib.mdDoc "DISPLAY to send X11 notifications to."; + description = "DISPLAY to send X11 notifications to."; }; }; test = mkOption { default = false; type = types.bool; - description = lib.mdDoc "Whenever to send a test notification on startup."; + description = "Whenever to send a test notification on startup."; }; }; @@ -196,7 +196,7 @@ in default = "-a"; type = types.separatedString " "; example = "-a -o on -s (S/../.././02|L/../../7/04)"; - description = lib.mdDoc '' + description = '' Common default options for explicitly monitored (listed in {option}`services.smartd.devices`) devices. @@ -213,7 +213,7 @@ in default = cfg.defaults.monitored; defaultText = literalExpression "config.${opt.defaults.monitored}"; type = types.separatedString " "; - description = lib.mdDoc '' + description = '' Like {option}`services.smartd.defaults.monitored`, but for the autodetected devices. ''; @@ -224,7 +224,7 @@ in default = []; example = [ { device = "/dev/sda"; } { device = "/dev/sdb"; options = "-d sat"; } ]; type = with types; listOf (submodule smartdDeviceOpts); - description = lib.mdDoc "List of devices to monitor."; + description = "List of devices to monitor."; }; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/snmpd.nix b/nixpkgs/nixos/modules/services/monitoring/snmpd.nix index f2d3953e6a62..bff9ce3fbc88 100644 --- a/nixpkgs/nixos/modules/services/monitoring/snmpd.nix +++ b/nixpkgs/nixos/modules/services/monitoring/snmpd.nix @@ -15,7 +15,7 @@ in { listenAddress = lib.mkOption { type = lib.types.str; default = "0.0.0.0"; - description = lib.mdDoc '' + description = '' The address to listen on for SNMP and AgentX messages. ''; example = "127.0.0.1"; @@ -24,7 +24,7 @@ in { port = lib.mkOption { type = lib.types.port; default = 161; - description = lib.mdDoc '' + description = '' The port to listen on for SNMP and AgentX messages. ''; }; @@ -32,7 +32,7 @@ in { openFirewall = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Open port in firewall for snmpd. ''; }; @@ -40,7 +40,7 @@ in { configText = lib.mkOption { type = lib.types.lines; default = ""; - description = lib.mdDoc '' + description = '' The contents of the snmpd.conf. If the {option}`configFile` option is set, this value will be ignored. @@ -54,7 +54,7 @@ in { type = lib.types.path; default = configFile; defaultText = lib.literalMD "The value of {option}`configText`."; - description = lib.mdDoc '' + description = '' Path to the snmpd.conf file. By default, if {option}`configText` is set, a config file will be automatically generated. ''; diff --git a/nixpkgs/nixos/modules/services/monitoring/statsd.nix b/nixpkgs/nixos/modules/services/monitoring/statsd.nix index bbc1c7146a84..30b2916a9928 100644 --- a/nixpkgs/nixos/modules/services/monitoring/statsd.nix +++ b/nixpkgs/nixos/modules/services/monitoring/statsd.nix @@ -56,34 +56,34 @@ in options.services.statsd = { - enable = mkEnableOption (lib.mdDoc "statsd"); + enable = mkEnableOption "statsd"; listenAddress = mkOption { - description = lib.mdDoc "Address that statsd listens on over UDP"; + description = "Address that statsd listens on over UDP"; default = "127.0.0.1"; type = types.str; }; port = mkOption { - description = lib.mdDoc "Port that stats listens for messages on over UDP"; + description = "Port that stats listens for messages on over UDP"; default = 8125; type = types.int; }; mgmt_address = mkOption { - description = lib.mdDoc "Address to run management TCP interface on"; + description = "Address to run management TCP interface on"; default = "127.0.0.1"; type = types.str; }; mgmt_port = mkOption { - description = lib.mdDoc "Port to run the management TCP interface on"; + description = "Port to run the management TCP interface on"; default = 8126; type = types.int; }; backends = mkOption { - description = lib.mdDoc "List of backends statsd will use for data persistence"; + description = "List of backends statsd will use for data persistence"; default = []; example = [ "graphite" @@ -97,19 +97,19 @@ in }; graphiteHost = mkOption { - description = lib.mdDoc "Hostname or IP of Graphite server"; + description = "Hostname or IP of Graphite server"; default = null; type = types.nullOr types.str; }; graphitePort = mkOption { - description = lib.mdDoc "Port of Graphite server (i.e. carbon-cache)."; + description = "Port of Graphite server (i.e. carbon-cache)."; default = null; type = types.nullOr types.int; }; extraConfig = mkOption { - description = lib.mdDoc "Extra configuration options for statsd"; + description = "Extra configuration options for statsd"; default = ""; type = types.nullOr types.str; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/sysstat.nix b/nixpkgs/nixos/modules/services/monitoring/sysstat.nix index 5468fc3aa454..ca2cff827232 100644 --- a/nixpkgs/nixos/modules/services/monitoring/sysstat.nix +++ b/nixpkgs/nixos/modules/services/monitoring/sysstat.nix @@ -5,12 +5,12 @@ let in { options = { services.sysstat = { - enable = mkEnableOption (lib.mdDoc "sar system activity collection"); + enable = mkEnableOption "sar system activity collection"; collect-frequency = mkOption { type = types.str; default = "*:00/10"; - description = lib.mdDoc '' + description = '' OnCalendar specification for sysstat-collect ''; }; @@ -18,7 +18,7 @@ in { collect-args = mkOption { type = types.str; default = "1 1"; - description = lib.mdDoc '' + description = '' Arguments to pass sa1 when collecting statistics ''; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/teamviewer.nix b/nixpkgs/nixos/modules/services/monitoring/teamviewer.nix index 7c45247aa6d5..360cdd1c6b6a 100644 --- a/nixpkgs/nixos/modules/services/monitoring/teamviewer.nix +++ b/nixpkgs/nixos/modules/services/monitoring/teamviewer.nix @@ -14,7 +14,7 @@ in options = { - services.teamviewer.enable = mkEnableOption (lib.mdDoc "TeamViewer daemon"); + services.teamviewer.enable = mkEnableOption "TeamViewer daemon"; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/telegraf.nix b/nixpkgs/nixos/modules/services/monitoring/telegraf.nix index 3bab8aba7bd6..8c51a2838e05 100644 --- a/nixpkgs/nixos/modules/services/monitoring/telegraf.nix +++ b/nixpkgs/nixos/modules/services/monitoring/telegraf.nix @@ -11,7 +11,7 @@ in { ###### interface options = { services.telegraf = { - enable = mkEnableOption (lib.mdDoc "telegraf server"); + enable = mkEnableOption "telegraf server"; package = mkPackageOption pkgs "telegraf" { }; @@ -19,7 +19,7 @@ in { type = types.listOf types.path; default = []; example = [ "/run/keys/telegraf.env" ]; - description = lib.mdDoc '' + description = '' File to load as environment file. Environment variables from this file will be interpolated into the config file using envsubst with this syntax: `$ENVIRONMENT` or `''${VARIABLE}`. @@ -29,7 +29,7 @@ in { extraConfig = mkOption { default = {}; - description = lib.mdDoc "Extra configuration options for telegraf"; + description = "Extra configuration options for telegraf"; type = settingsFormat.type; example = { outputs.influxdb = { diff --git a/nixpkgs/nixos/modules/services/monitoring/thanos.nix b/nixpkgs/nixos/modules/services/monitoring/thanos.nix index 02502816ef5d..f4cec0a545cb 100644 --- a/nixpkgs/nixos/modules/services/monitoring/thanos.nix +++ b/nixpkgs/nixos/modules/services/monitoring/thanos.nix @@ -14,7 +14,6 @@ let literalMD mapAttrsRecursiveCond mapAttrsToList - mdDoc mkEnableOption mkIf mkMerge @@ -31,7 +30,7 @@ let nullOpt = type: description: mkOption { type = types.nullOr type; default = null; - description = mdDoc description; + description = description; }; optionToArgs = opt: v : optional (v != null) ''--${opt}="${toString v}"''; @@ -55,7 +54,7 @@ let option = mkOption { type = types.bool; default = false; - description = mdDoc description; + description = description; }; }; @@ -64,7 +63,7 @@ let option = mkOption { type = types.listOf types.str; default = []; - description = mdDoc description; + description = description; }; }; @@ -73,7 +72,7 @@ let option = mkOption { type = types.attrsOf types.str; default = {}; - description = mdDoc description; + description = description; }; }; @@ -82,7 +81,7 @@ let option = mkOption { type = types.str; inherit default; - description = mdDoc description; + description = description; }; }; @@ -109,7 +108,7 @@ let defaultText = literalMD '' calculated from `config.services.thanos.${cmd}` ''; - description = mdDoc '' + description = '' Arguments to the `thanos ${cmd}` command. Defaults to a list of arguments formed by converting the structured @@ -150,7 +149,7 @@ let if config.services.thanos.<cmd>.tracing.config == null then null else toString (toYAML "tracing.yaml" config.services.thanos.<cmd>.tracing.config); ''; - description = mdDoc '' + description = '' Path to YAML file that contains tracing configuration. See format details: <https://thanos.io/tip/thanos/tracing.md/#configuration> @@ -215,7 +214,7 @@ let if config.services.thanos.<cmd>.objstore.config == null then null else toString (toYAML "objstore.yaml" config.services.thanos.<cmd>.objstore.config); ''; - description = mdDoc '' + description = '' Path to YAML file that contains object store configuration. See format details: <https://thanos.io/tip/thanos/storage.md/#configuring-access-to-object-storage> @@ -254,7 +253,7 @@ let type = types.str; default = "/var/lib/${config.services.prometheus.stateDir}/data"; defaultText = literalExpression ''"/var/lib/''${config.services.prometheus.stateDir}/data"''; - description = mdDoc '' + description = '' Data directory of TSDB. ''; }; @@ -353,6 +352,10 @@ let See <https://tools.ietf.org/html/rfc4366#section-3.1> ''; + grpc-compression = mkParam types.str '' + Compression algorithm to use for gRPC requests to other clients. + ''; + web.route-prefix = mkParam types.str '' Prefix for API and UI endpoints. @@ -642,6 +645,10 @@ let receive = params.common cfg.receive // params.objstore cfg.receive // { + receive.grpc-compression = mkParam types.str '' + Compression algorithm to use for gRPC requests to other receivers. + ''; + remote-write.address = mkParamDef types.str "0.0.0.0:19291" '' Address to listen on for remote write requests. ''; @@ -684,53 +691,45 @@ in { package = mkPackageOption pkgs "thanos" {}; sidecar = paramsToOptions params.sidecar // { - enable = mkEnableOption - (mdDoc "the Thanos sidecar for Prometheus server"); + enable = mkEnableOption "the Thanos sidecar for Prometheus server"; arguments = mkArgumentsOption "sidecar"; }; store = paramsToOptions params.store // { - enable = mkEnableOption - (mdDoc "the Thanos store node giving access to blocks in a bucket provider."); + enable = mkEnableOption "the Thanos store node giving access to blocks in a bucket provider."; arguments = mkArgumentsOption "store"; }; query = paramsToOptions params.query // { - enable = mkEnableOption - (mdDoc ("the Thanos query node exposing PromQL enabled Query API " + - "with data retrieved from multiple store nodes")); + enable = mkEnableOption ("the Thanos query node exposing PromQL enabled Query API " + + "with data retrieved from multiple store nodes"); arguments = mkArgumentsOption "query"; }; query-frontend = paramsToOptions params.query-frontend // { - enable = mkEnableOption - (mdDoc ("the Thanos query frontend implements a service deployed in front of queriers to - improve query parallelization and caching.")); + enable = mkEnableOption ("the Thanos query frontend implements a service deployed in front of queriers to + improve query parallelization and caching."); arguments = mkArgumentsOption "query-frontend"; }; rule = paramsToOptions params.rule // { - enable = mkEnableOption - (mdDoc ("the Thanos ruler service which evaluates Prometheus rules against" + - " given Query nodes, exposing Store API and storing old blocks in bucket")); + enable = mkEnableOption ("the Thanos ruler service which evaluates Prometheus rules against" + + " given Query nodes, exposing Store API and storing old blocks in bucket"); arguments = mkArgumentsOption "rule"; }; compact = paramsToOptions params.compact // { - enable = mkEnableOption - (mdDoc "the Thanos compactor which continuously compacts blocks in an object store bucket"); + enable = mkEnableOption "the Thanos compactor which continuously compacts blocks in an object store bucket"; arguments = mkArgumentsOption "compact"; }; downsample = paramsToOptions params.downsample // { - enable = mkEnableOption - (mdDoc "the Thanos downsampler which continuously downsamples blocks in an object store bucket"); + enable = mkEnableOption "the Thanos downsampler which continuously downsamples blocks in an object store bucket"; arguments = mkArgumentsOption "downsample"; }; receive = paramsToOptions params.receive // { - enable = mkEnableOption - (mdDoc ("the Thanos receiver which accept Prometheus remote write API requests and write to local tsdb")); + enable = mkEnableOption ("the Thanos receiver which accept Prometheus remote write API requests and write to local tsdb"); arguments = mkArgumentsOption "receive"; }; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/tremor-rs.nix b/nixpkgs/nixos/modules/services/monitoring/tremor-rs.nix index 213e8a474868..c8a77ab93def 100644 --- a/nixpkgs/nixos/modules/services/monitoring/tremor-rs.nix +++ b/nixpkgs/nixos/modules/services/monitoring/tremor-rs.nix @@ -11,34 +11,34 @@ in { options = { services.tremor-rs = { - enable = lib.mkEnableOption (lib.mdDoc "Tremor event- or stream-processing system"); + enable = lib.mkEnableOption "Tremor event- or stream-processing system"; troyFileList = mkOption { type = types.listOf types.path; default = []; - description = lib.mdDoc "List of troy files to load."; + description = "List of troy files to load."; }; tremorLibDir = mkOption { type = types.path; default = ""; - description = lib.mdDoc "Directory where to find /lib containing tremor script files"; + description = "Directory where to find /lib containing tremor script files"; }; host = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc "The host tremor should be listening on"; + description = "The host tremor should be listening on"; }; port = mkOption { type = types.port; default = 9898; - description = lib.mdDoc "the port tremor should be listening on"; + description = "the port tremor should be listening on"; }; loggerSettings = mkOption { - description = lib.mdDoc "Tremor logger configuration"; + description = "Tremor logger configuration"; default = {}; type = loggerSettingsFormat.type; diff --git a/nixpkgs/nixos/modules/services/monitoring/tuptime.nix b/nixpkgs/nixos/modules/services/monitoring/tuptime.nix index 97cc37526254..334f911a6c71 100644 --- a/nixpkgs/nixos/modules/services/monitoring/tuptime.nix +++ b/nixpkgs/nixos/modules/services/monitoring/tuptime.nix @@ -10,19 +10,19 @@ in { options.services.tuptime = { - enable = mkEnableOption (lib.mdDoc "the total uptime service"); + enable = mkEnableOption "the total uptime service"; timer = { enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to regularly log uptime to detect bad shutdowns."; + description = "Whether to regularly log uptime to detect bad shutdowns."; }; period = mkOption { type = types.str; default = "*:0/5"; - description = lib.mdDoc "systemd calendar event"; + description = "systemd calendar event"; }; }; }; diff --git a/nixpkgs/nixos/modules/services/monitoring/unpoller.nix b/nixpkgs/nixos/modules/services/monitoring/unpoller.nix index 557e2bff4c26..1b4acb5d938f 100644 --- a/nixpkgs/nixos/modules/services/monitoring/unpoller.nix +++ b/nixpkgs/nixos/modules/services/monitoring/unpoller.nix @@ -15,13 +15,13 @@ in { ]; options.services.unpoller = { - enable = mkEnableOption (lib.mdDoc "unpoller"); + enable = mkEnableOption "unpoller"; poller = { debug = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Turns on line numbers, microsecond logging, and a per-device log. This may be noisy if you have a lot of devices. It adds one line per device. ''; @@ -29,14 +29,14 @@ in { quiet = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Turns off per-interval logs. Only startup and error logs will be emitted. ''; }; plugins = mkOption { type = with types; listOf str; default = []; - description = lib.mdDoc '' + description = '' Load additional plugins. ''; }; @@ -46,21 +46,21 @@ in { disable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to disable the prometheus output plugin. ''; }; http_listen = mkOption { type = types.str; default = "[::]:9130"; - description = lib.mdDoc '' + description = '' Bind the prometheus exporter to this IP or hostname. ''; }; report_errors = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to report errors. ''; }; @@ -70,21 +70,21 @@ in { disable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to disable the influxdb output plugin. ''; }; url = mkOption { type = types.str; default = "http://127.0.0.1:8086"; - description = lib.mdDoc '' + description = '' URL of the influxdb host. ''; }; user = mkOption { type = types.str; default = "unifipoller"; - description = lib.mdDoc '' + description = '' Username for the influxdb. ''; }; @@ -92,7 +92,7 @@ in { type = types.path; default = pkgs.writeText "unpoller-influxdb-default.password" "unifipoller"; defaultText = literalExpression "unpoller-influxdb-default.password"; - description = lib.mdDoc '' + description = '' Path of a file containing the password for influxdb. This file needs to be readable by the unifi-poller user. ''; @@ -101,21 +101,21 @@ in { db = mkOption { type = types.str; default = "unifi"; - description = lib.mdDoc '' + description = '' Database name. Database should exist. ''; }; verify_ssl = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Verify the influxdb's certificate. ''; }; interval = mkOption { type = types.str; default = "30s"; - description = lib.mdDoc '' + description = '' Setting this lower than the Unifi controller's refresh interval may lead to zeroes in your database. ''; @@ -126,14 +126,14 @@ in { url = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' URL of the Loki host. ''; }; user = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Username for Loki. ''; }; @@ -141,7 +141,7 @@ in { type = types.path; default = pkgs.writeText "unpoller-loki-default.password" ""; defaultText = "unpoller-influxdb-default.password"; - description = lib.mdDoc '' + description = '' Path of a file containing the password for Loki. This file needs to be readable by the unifi-poller user. ''; @@ -150,28 +150,28 @@ in { verify_ssl = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Verify Loki's certificate. ''; }; tenant_id = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Tenant ID to use in Loki. ''; }; interval = mkOption { type = types.str; default = "2m"; - description = lib.mdDoc '' + description = '' How often the events are polled and pushed to Loki. ''; }; timeout = mkOption { type = types.str; default = "10s"; - description = lib.mdDoc '' + description = '' Should be increased in case of timeout errors. ''; }; @@ -182,7 +182,7 @@ in { user = mkOption { type = types.str; default = "unifi"; - description = lib.mdDoc '' + description = '' Unifi service user name. ''; }; @@ -190,7 +190,7 @@ in { type = types.path; default = pkgs.writeText "unpoller-unifi-default.password" "unifi"; defaultText = literalExpression "unpoller-unifi-default.password"; - description = lib.mdDoc '' + description = '' Path of a file containing the password for the unifi service user. This file needs to be readable by the unifi-poller user. ''; @@ -199,14 +199,14 @@ in { url = mkOption { type = types.str; default = "https://unifi:8443"; - description = lib.mdDoc '' + description = '' URL of the Unifi controller. ''; }; sites = mkOption { type = with types; either (enum [ "default" "all" ]) (listOf str); default = "all"; - description = lib.mdDoc '' + description = '' List of site names for which statistics should be exported. Or the string "default" for the default site or the string "all" for all sites. ''; @@ -215,35 +215,35 @@ in { save_ids = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Collect and save data from the intrusion detection system to influxdb and Loki. ''; }; save_events = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Collect and save data from UniFi events to influxdb and Loki. ''; }; save_alarms = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Collect and save data from UniFi alarms to influxdb and Loki. ''; }; save_anomalies = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Collect and save data from UniFi anomalies to influxdb and Loki. ''; }; save_dpi = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Collect and save data from deep packet inspection. Adds around 150 data points and impacts performance. ''; @@ -251,14 +251,14 @@ in { save_sites = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Collect and save site data. ''; }; hash_pii = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Hash, with md5, client names and MAC addresses. This attempts to protect personally identifiable information. ''; @@ -266,7 +266,7 @@ in { verify_ssl = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Verify the Unifi controller's certificate. ''; }; @@ -276,7 +276,7 @@ in { dynamic = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Let prometheus select which controller to poll when scraping. Use with default credentials. See unifi-poller wiki for more. ''; @@ -287,7 +287,7 @@ in { controllers = mkOption { type = with types; listOf (submodule { options = controllerOptions; }); default = []; - description = lib.mdDoc '' + description = '' List of Unifi controllers to poll. Use defaults if empty. ''; apply = map (flip removeAttrs [ "_module" ]); diff --git a/nixpkgs/nixos/modules/services/monitoring/ups.nix b/nixpkgs/nixos/modules/services/monitoring/ups.nix index 63afb5deb5bd..0a0d5eadccd3 100644 --- a/nixpkgs/nixos/modules/services/monitoring/ups.nix +++ b/nixpkgs/nixos/modules/services/monitoring/ups.nix @@ -90,7 +90,7 @@ let # /nix/store/nut/share/driver.list driver = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Specify the program to run to talk to this UPS. apcsmart, bestups, and sec are some examples. ''; @@ -98,7 +98,7 @@ let port = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The serial port to which your UPS is connected. /dev/ttyS0 is usually the first port on Linux boxes, for example. ''; @@ -107,7 +107,7 @@ let shutdownOrder = mkOption { default = 0; type = types.int; - description = lib.mdDoc '' + description = '' When you have multiple UPSes on your system, you usually need to turn them off in a certain order. upsdrvctl shuts down all the 0s, then the 1s, 2s, and so on. To exclude a UPS from the @@ -118,7 +118,7 @@ let maxStartDelay = mkOption { default = null; type = types.uniq (types.nullOr types.int); - description = lib.mdDoc '' + description = '' This can be set as a global variable above your first UPS definition and it can also be set in a UPS section. This value controls how long upsdrvctl will wait for the driver to finish @@ -130,7 +130,7 @@ let description = mkOption { default = ""; type = types.str; - description = lib.mdDoc '' + description = '' Description of the UPS. ''; }; @@ -138,7 +138,7 @@ let directives = mkOption { default = []; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' List of configuration directives for this UPS. ''; }; @@ -146,7 +146,7 @@ let summary = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Lines which would be added inside ups.conf for handling this UPS. ''; }; @@ -173,7 +173,7 @@ let options = { address = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Address of the interface for `upsd` to listen on. See `man upsd.conf` for details. ''; @@ -182,7 +182,7 @@ let port = mkOption { type = types.port; default = defaultPort; - description = lib.mdDoc '' + description = '' TCP port for `upsd` to listen on. See `man upsd.conf` for details. ''; @@ -195,7 +195,7 @@ let enable = mkOption { type = types.bool; defaultText = literalMD "`true` if `mode` is one of `standalone`, `netserver`"; - description = mdDoc "Whether to enable `upsd`."; + description = "Whether to enable `upsd`."; }; listen = mkOption { @@ -210,7 +210,7 @@ let port = 5923; } ]; - description = lib.mdDoc '' + description = '' Address of the interface for `upsd` to listen on. See `man upsd` for details`. ''; @@ -219,7 +219,7 @@ let extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Additional lines to add to `upsd.conf`. ''; }; @@ -236,7 +236,7 @@ let system = mkOption { type = types.str; default = name; - description = lib.mdDoc '' + description = '' Identifier of the UPS to monitor, in this form: `<upsname>[@<hostname>[:<port>]]` See `upsmon.conf` for details. ''; @@ -245,7 +245,7 @@ let powerValue = mkOption { type = types.int; default = 1; - description = lib.mdDoc '' + description = '' Number of power supplies that the UPS feeds on this system. See `upsmon.conf` for details. ''; @@ -253,7 +253,7 @@ let user = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Username from `upsd.users` for accessing this UPS. See `upsmon.conf` for details. ''; @@ -262,7 +262,7 @@ let passwordFile = mkOption { type = types.str; defaultText = literalMD "power.ups.users.\${user}.passwordFile"; - description = lib.mdDoc '' + description = '' The full path to a file containing the password from `upsd.users` for accessing this UPS. The password file is read on service start. @@ -273,7 +273,7 @@ let type = mkOption { type = types.str; default = "master"; - description = lib.mdDoc '' + description = '' The relationship with `upsd`. See `upsmon.conf` for details. ''; @@ -290,13 +290,13 @@ let enable = mkOption { type = types.bool; defaultText = literalMD "`true` if `mode` is one of `standalone`, `netserver`, `netclient`"; - description = mdDoc "Whether to enable `upsmon`."; + description = "Whether to enable `upsmon`."; }; monitor = mkOption { type = with types; attrsOf (submodule monitorOptions); default = {}; - description = lib.mdDoc '' + description = '' Set of UPS to monitor. See `man upsmon.conf` for details. ''; }; @@ -312,7 +312,7 @@ let SHUTDOWNCMD = "''${pkgs.systemd}/bin/shutdown now"; } ''; - description = mdDoc "Additional settings to add to `upsmon.conf`."; + description = "Additional settings to add to `upsmon.conf`."; example = literalMD '' { MINSUPPLIES = 2; @@ -341,7 +341,7 @@ let options = { passwordFile = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The full path to a file that contains the user's (clear text) password. The password file is read on service start. ''; @@ -350,7 +350,7 @@ let actions = mkOption { type = with types; listOf str; default = []; - description = lib.mdDoc '' + description = '' Allow the user to do certain things with upsd. See `man upsd.users` for details. ''; @@ -359,7 +359,7 @@ let instcmds = mkOption { type = with types; listOf str; default = []; - description = lib.mdDoc '' + description = '' Let the user initiate specific instant commands. Use "ALL" to grant all commands automatically. For the full list of what your UPS supports, use "upscmd -l". See `man upsd.users` for details. ''; @@ -368,7 +368,7 @@ let upsmon = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Add the necessary actions for a upsmon process to work. See `man upsd.users` for details. ''; @@ -384,15 +384,15 @@ in # powerManagement.powerDownCommands power.ups = { - enable = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption '' Enables support for Power Devices, such as Uninterruptible Power Supplies, Power Distribution Units and Solar Controllers. - ''); + ''; mode = mkOption { default = "standalone"; type = types.enum [ "none" "standalone" "netserver" "netclient" ]; - description = lib.mdDoc '' + description = '' The MODE determines which part of the NUT is to be started, and which configuration files must be modified. @@ -419,7 +419,7 @@ in schedulerRules = mkOption { example = "/etc/nixos/upssched.conf"; type = types.str; - description = lib.mdDoc '' + description = '' File which contains the rules to handle UPS events. ''; }; @@ -427,7 +427,7 @@ in openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Open ports in the firewall for `upsd`. ''; }; @@ -435,7 +435,7 @@ in maxStartDelay = mkOption { default = 45; type = types.int; - description = lib.mdDoc '' + description = '' This can be set as a global variable above your first UPS definition and it can also be set in a UPS section. This value controls how long upsdrvctl will wait for the driver to finish @@ -446,7 +446,7 @@ in upsmon = mkOption { default = {}; - description = lib.mdDoc '' + description = '' Options for the `upsmon.conf` configuration file. ''; type = types.submodule upsmonOptions; @@ -454,7 +454,7 @@ in upsd = mkOption { default = {}; - description = lib.mdDoc '' + description = '' Options for the `upsd.conf` configuration file. ''; type = types.submodule upsdOptions; @@ -463,7 +463,7 @@ in ups = mkOption { default = {}; # see nut/etc/ups.conf.sample - description = lib.mdDoc '' + description = '' This is where you configure all the UPSes that this system will be monitoring directly. These are usually attached to serial ports, but USB devices are also supported. @@ -473,7 +473,7 @@ in users = mkOption { default = {}; - description = lib.mdDoc '' + description = '' Users that can access upsd. See `man upsd.users`. ''; type = with types; attrsOf (submodule userOptions); diff --git a/nixpkgs/nixos/modules/services/monitoring/uptime-kuma.nix b/nixpkgs/nixos/modules/services/monitoring/uptime-kuma.nix index f3a41de7536a..4c7dd900f52b 100644 --- a/nixpkgs/nixos/modules/services/monitoring/uptime-kuma.nix +++ b/nixpkgs/nixos/modules/services/monitoring/uptime-kuma.nix @@ -11,11 +11,11 @@ in options = { services.uptime-kuma = { - enable = mkEnableOption (mdDoc "Uptime Kuma, this assumes a reverse proxy to be set"); + enable = mkEnableOption "Uptime Kuma, this assumes a reverse proxy to be set"; package = mkPackageOption pkgs "uptime-kuma" { }; - appriseSupport = mkEnableOption (mdDoc "apprise support for notifications"); + appriseSupport = mkEnableOption "apprise support for notifications"; settings = lib.mkOption { type = lib.types.submodule { freeformType = with lib.types; attrsOf str; }; @@ -24,7 +24,7 @@ in PORT = "4000"; NODE_EXTRA_CA_CERTS = "/etc/ssl/certs/ca-certificates.crt"; }; - description = lib.mdDoc '' + description = '' Additional configuration for Uptime Kuma, see <https://github.com/louislam/uptime-kuma/wiki/Environment-Variables> for supported values. diff --git a/nixpkgs/nixos/modules/services/monitoring/uptime.nix b/nixpkgs/nixos/modules/services/monitoring/uptime.nix index 7bf9e593c95e..79b86be6cc71 100644 --- a/nixpkgs/nixos/modules/services/monitoring/uptime.nix +++ b/nixpkgs/nixos/modules/services/monitoring/uptime.nix @@ -26,7 +26,7 @@ let in { options.services.uptime = { configFile = mkOption { - description = lib.mdDoc '' + description = '' The uptime configuration file If mongodb: server != localhost, please set usesRemoteMongo = true @@ -44,22 +44,22 @@ in { }; usesRemoteMongo = mkOption { - description = lib.mdDoc "Whether the configuration file specifies a remote mongo instance"; + description = "Whether the configuration file specifies a remote mongo instance"; default = false; type = types.bool; }; - enableWebService = mkEnableOption (lib.mdDoc "the uptime monitoring program web service"); + enableWebService = mkEnableOption "the uptime monitoring program web service"; - enableSeparateMonitoringService = mkEnableOption (lib.mdDoc "the uptime monitoring service") // { + enableSeparateMonitoringService = mkEnableOption "the uptime monitoring service" // { default = cfg.enableWebService; defaultText = literalExpression "config.${opt.enableWebService}"; }; nodeEnv = mkOption { - description = lib.mdDoc "The node environment to run in (development, production, etc.)"; + description = "The node environment to run in (development, production, etc.)"; type = types.str; diff --git a/nixpkgs/nixos/modules/services/monitoring/vmagent.nix b/nixpkgs/nixos/modules/services/monitoring/vmagent.nix index bd3ef756959d..4838e0709d09 100644 --- a/nixpkgs/nixos/modules/services/monitoring/vmagent.nix +++ b/nixpkgs/nixos/modules/services/monitoring/vmagent.nix @@ -1,65 +1,64 @@ { config, pkgs, lib, ... }: -with lib; + let cfg = config.services.vmagent; settingsFormat = pkgs.formats.json { }; in { - options.services.vmagent = { - enable = mkEnableOption (lib.mdDoc "vmagent"); - - user = mkOption { - default = "vmagent"; - type = types.str; - description = lib.mdDoc '' - User account under which vmagent runs. - ''; - }; + imports = [ + (lib.mkRemovedOptionModule [ "services" "vmagent" "dataDir" ] "dataDir has been deprecated in favor of systemd provided CacheDirectory") + (lib.mkRemovedOptionModule [ "services" "vmagent" "user" ] "user has been deprecated in favor of systemd DynamicUser") + (lib.mkRemovedOptionModule [ "services" "vmagent" "group" ] "group has been deprecated in favor of systemd DynamicUser") + (lib.mkRenamedOptionModule [ "services" "vmagent" "remoteWriteUrl" ] [ "services" "vmagent" "remoteWrite" "url" ]) + ]; - group = mkOption { - type = types.str; - default = "vmagent"; - description = lib.mdDoc '' - Group under which vmagent runs. - ''; - }; - - package = mkPackageOption pkgs "vmagent" { }; + options.services.vmagent = { + enable = lib.mkEnableOption "vmagent"; - dataDir = mkOption { - type = types.str; - default = "/var/lib/vmagent"; - description = lib.mdDoc '' - The directory where vmagent stores its data files. - ''; - }; + package = lib.mkPackageOption pkgs "vmagent" { }; - remoteWriteUrl = mkOption { - default = "http://localhost:8428/api/v1/write"; - type = types.str; - description = lib.mdDoc '' - The storage endpoint such as VictoriaMetrics - ''; + remoteWrite = { + url = lib.mkOption { + default = null; + type = lib.types.nullOr lib.types.str; + description = '' + Endpoint for prometheus compatible remote_write + ''; + }; + basicAuthUsername = lib.mkOption { + default = null; + type = lib.types.nullOr lib.types.str; + description = '' + Basic Auth username used to connect to remote_write endpoint + ''; + }; + basicAuthPasswordFile = lib.mkOption { + default = null; + type = lib.types.nullOr lib.types.str; + description = '' + File that contains the Basic Auth password used to connect to remote_write endpoint + ''; + }; }; - prometheusConfig = mkOption { + prometheusConfig = lib.mkOption { type = lib.types.submodule { freeformType = settingsFormat.type; }; - description = lib.mdDoc '' + description = '' Config for prometheus style metrics ''; }; - openFirewall = mkOption { - type = types.bool; + openFirewall = lib.mkOption { + type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to open the firewall for the default ports. ''; }; - extraArgs = mkOption { - type = types.listOf types.str; + extraArgs = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; - description = lib.mdDoc '' + description = '' Extra args to pass to `vmagent`. See the docs: <https://docs.victoriametrics.com/vmagent.html#advanced-usage> or {command}`vmagent -help` for more information. @@ -67,37 +66,36 @@ in { }; }; - config = mkIf cfg.enable { - users.groups = mkIf (cfg.group == "vmagent") { vmagent = { }; }; - - users.users = mkIf (cfg.user == "vmagent") { - vmagent = { - group = cfg.group; - description = "vmagent daemon user"; - home = cfg.dataDir; - isSystemUser = true; - }; - }; - - networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ 8429 ]; + config = lib.mkIf cfg.enable { + networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall [ 8429 ]; systemd.services.vmagent = let prometheusConfig = settingsFormat.generate "prometheusConfig.yaml" cfg.prometheusConfig; + startCommandLine = lib.concatStringsSep " " ([ + "${cfg.package}/bin/vmagent" + "-promscrape.config=${prometheusConfig}" + ] ++ cfg.extraArgs + ++ lib.optionals (cfg.remoteWrite.url != null) [ + "-remoteWrite.url=${cfg.remoteWrite.url}" + "-remoteWrite.tmpDataPath=%C/vmagent/remote_write_tmp" + ] ++ lib.optional (cfg.remoteWrite.basicAuthUsername != null) "-remoteWrite.basicAuth.username=${cfg.remoteWrite.basicAuthUsername}" + ++ lib.optional (cfg.remoteWrite.basicAuthPasswordFile != null) "-remoteWrite.basicAuth.passwordFile=\${CREDENTIALS_DIRECTORY}/remote_write_basic_auth_password"); in { wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; description = "vmagent system service"; serviceConfig = { - User = cfg.user; - Group = cfg.group; + DynamicUser = true; + User = "vmagent"; + Group = "vmagent"; Type = "simple"; Restart = "on-failure"; - WorkingDirectory = cfg.dataDir; - ExecStart = "${cfg.package}/bin/vmagent -remoteWrite.url=${cfg.remoteWriteUrl} -promscrape.config=${prometheusConfig} ${escapeShellArgs cfg.extraArgs}"; + CacheDirectory = "vmagent"; + ExecStart = startCommandLine; + LoadCredential = lib.optional (cfg.remoteWrite.basicAuthPasswordFile != null) [ + "remote_write_basic_auth_password:${cfg.remoteWrite.basicAuthPasswordFile}" + ]; }; }; - - systemd.tmpfiles.rules = - [ "d '${cfg.dataDir}' 0755 ${cfg.user} ${cfg.group} -" ]; }; } diff --git a/nixpkgs/nixos/modules/services/monitoring/vmalert.nix b/nixpkgs/nixos/modules/services/monitoring/vmalert.nix index 1c64f7e100fa..65db6fab77db 100644 --- a/nixpkgs/nixos/modules/services/monitoring/vmalert.nix +++ b/nixpkgs/nixos/modules/services/monitoring/vmalert.nix @@ -20,7 +20,7 @@ in { # interface options.services.vmalert = { - enable = mkEnableOption (mdDoc "vmalert"); + enable = mkEnableOption "vmalert"; package = mkPackageOption pkgs "victoriametrics" { }; @@ -32,7 +32,7 @@ in "datasource.url" = mkOption { type = types.nonEmptyStr; example = "http://localhost:8428"; - description = mdDoc '' + description = '' Datasource compatible with Prometheus HTTP API. ''; }; @@ -41,14 +41,14 @@ in type = with types; listOf nonEmptyStr; default = []; example = [ "http://127.0.0.1:9093" ]; - description = mdDoc '' + description = '' Prometheus Alertmanager URL. List all Alertmanager URLs if it runs in the cluster mode to ensure high availability. ''; }; "rule" = mkOption { type = with types; listOf path; - description = mdDoc '' + description = '' Path to the files with alerting and/or recording rules. ::: {.note} @@ -70,7 +70,7 @@ in "dir/*.yaml" ]; }; - description = mdDoc '' + description = '' `vmalert` configuration, passed via command line flags. Refer to <https://github.com/VictoriaMetrics/VictoriaMetrics/blob/master/app/vmalert/README.md#configuration> for details on supported values. @@ -94,7 +94,7 @@ in } ]; }; - description = mdDoc '' + description = '' A list of the given alerting or recording rules against configured `"datasource.url"` compatible with Prometheus HTTP API for `vmalert` to execute. Refer to <https://github.com/VictoriaMetrics/VictoriaMetrics/blob/master/app/vmalert/README.md#rules> diff --git a/nixpkgs/nixos/modules/services/monitoring/vnstat.nix b/nixpkgs/nixos/modules/services/monitoring/vnstat.nix index a498962ae57e..5e19c399568d 100644 --- a/nixpkgs/nixos/modules/services/monitoring/vnstat.nix +++ b/nixpkgs/nixos/modules/services/monitoring/vnstat.nix @@ -6,7 +6,7 @@ let cfg = config.services.vnstat; in { options.services.vnstat = { - enable = mkEnableOption (lib.mdDoc "update of network usage statistics via vnstatd"); + enable = mkEnableOption "update of network usage statistics via vnstatd"; }; config = mkIf cfg.enable { diff --git a/nixpkgs/nixos/modules/services/monitoring/zabbix-agent.nix b/nixpkgs/nixos/modules/services/monitoring/zabbix-agent.nix index b195366123ab..b3850baa738b 100644 --- a/nixpkgs/nixos/modules/services/monitoring/zabbix-agent.nix +++ b/nixpkgs/nixos/modules/services/monitoring/zabbix-agent.nix @@ -29,7 +29,7 @@ in options = { services.zabbixAgent = { - enable = mkEnableOption (lib.mdDoc "the Zabbix Agent"); + enable = mkEnableOption "the Zabbix Agent"; package = mkPackageOption pkgs [ "zabbix" "agent" ] { }; @@ -38,7 +38,7 @@ in default = with pkgs; [ nettools ]; defaultText = literalExpression "with pkgs; [ nettools ]"; example = literalExpression "with pkgs; [ nettools mysql ]"; - description = lib.mdDoc '' + description = '' Packages to be added to the Zabbix {env}`PATH`. Typically used to add executables for scripts, but can be anything. ''; @@ -46,7 +46,7 @@ in modules = mkOption { type = types.attrsOf types.package; - description = lib.mdDoc "A set of modules to load."; + description = "A set of modules to load."; default = {}; example = literalExpression '' { @@ -66,7 +66,7 @@ in server = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The IP address or hostname of the Zabbix server to connect to. ''; }; @@ -75,7 +75,7 @@ in ip = mkOption { type = types.str; default = "0.0.0.0"; - description = lib.mdDoc '' + description = '' List of comma delimited IP addresses that the agent should listen on. ''; }; @@ -83,7 +83,7 @@ in port = mkOption { type = types.port; default = 10050; - description = lib.mdDoc '' + description = '' Agent will listen on this port for connections from the server. ''; }; @@ -92,7 +92,7 @@ in openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Open ports in the firewall for the Zabbix Agent. ''; }; @@ -100,7 +100,7 @@ in settings = mkOption { type = with types; attrsOf (oneOf [ int str (listOf str) ]); default = {}; - description = lib.mdDoc '' + description = '' Zabbix Agent configuration. Refer to <https://www.zabbix.com/documentation/current/manual/appendix/config/zabbix_agentd> for details on supported values. diff --git a/nixpkgs/nixos/modules/services/monitoring/zabbix-proxy.nix b/nixpkgs/nixos/modules/services/monitoring/zabbix-proxy.nix index fea5704af6f6..7fa471b6404a 100644 --- a/nixpkgs/nixos/modules/services/monitoring/zabbix-proxy.nix +++ b/nixpkgs/nixos/modules/services/monitoring/zabbix-proxy.nix @@ -38,11 +38,11 @@ in options = { services.zabbixProxy = { - enable = mkEnableOption (lib.mdDoc "the Zabbix Proxy"); + enable = mkEnableOption "the Zabbix Proxy"; server = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The IP address or hostname of the Zabbix server to connect to. ''; }; @@ -54,14 +54,14 @@ in else if cfg.database.type == "pgsql" then pkgs.zabbix.proxy-pgsql else pkgs.zabbix.proxy-sqlite; defaultText = literalExpression "pkgs.zabbix.proxy-pgsql"; - description = lib.mdDoc "The Zabbix package to use."; + description = "The Zabbix package to use."; }; extraPackages = mkOption { type = types.listOf types.package; default = with pkgs; [ nettools nmap traceroute ]; defaultText = literalExpression "[ nettools nmap traceroute ]"; - description = lib.mdDoc '' + description = '' Packages to be added to the Zabbix {env}`PATH`. Typically used to add executables for scripts, but can be anything. ''; @@ -69,7 +69,7 @@ in modules = mkOption { type = types.attrsOf types.package; - description = lib.mdDoc "A set of modules to load."; + description = "A set of modules to load."; default = {}; example = literalExpression '' { @@ -92,44 +92,44 @@ in type = types.enum [ "mysql" "pgsql" "sqlite" ]; example = "mysql"; default = "pgsql"; - description = lib.mdDoc "Database engine to use."; + description = "Database engine to use."; }; host = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc "Database host address."; + description = "Database host address."; }; port = mkOption { type = types.port; - default = if cfg.database.type == "mysql" then mysql.port else pgsql.port; + default = if cfg.database.type == "mysql" then mysql.port else pgsql.services.port; defaultText = literalExpression '' if config.${opt.database.type} == "mysql" then config.${options.services.mysql.port} - else config.${options.services.postgresql.port} + else config.services.postgresql.settings.port ''; - description = lib.mdDoc "Database host port."; + description = "Database host port."; }; name = mkOption { type = types.str; default = if cfg.database.type == "sqlite" then "${stateDir}/zabbix.db" else "zabbix"; defaultText = literalExpression "zabbix"; - description = lib.mdDoc "Database name."; + description = "Database name."; }; user = mkOption { type = types.str; default = "zabbix"; - description = lib.mdDoc "Database user."; + description = "Database user."; }; passwordFile = mkOption { type = types.nullOr types.path; default = null; example = "/run/keys/zabbix-dbpassword"; - description = lib.mdDoc '' + description = '' A file containing the password corresponding to {option}`database.user`. ''; @@ -139,13 +139,13 @@ in type = types.nullOr types.path; default = null; example = "/run/postgresql"; - description = lib.mdDoc "Path to the unix socket file to use for authentication."; + description = "Path to the unix socket file to use for authentication."; }; createLocally = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to create a local database automatically."; + description = "Whether to create a local database automatically."; }; }; @@ -153,7 +153,7 @@ in ip = mkOption { type = types.str; default = "0.0.0.0"; - description = lib.mdDoc '' + description = '' List of comma delimited IP addresses that the trapper should listen on. Trapper will listen on all network interfaces if this parameter is missing. ''; @@ -162,7 +162,7 @@ in port = mkOption { type = types.port; default = 10051; - description = lib.mdDoc '' + description = '' Listen port for trapper. ''; }; @@ -171,7 +171,7 @@ in openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Open ports in the firewall for the Zabbix Proxy. ''; }; @@ -179,7 +179,7 @@ in settings = mkOption { type = with types; attrsOf (oneOf [ int str (listOf str) ]); default = {}; - description = lib.mdDoc '' + description = '' Zabbix Proxy configuration. Refer to <https://www.zabbix.com/documentation/current/manual/appendix/config/zabbix_proxy> for details on supported values. diff --git a/nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix b/nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix index f2fb5fbe7ac6..3c6f60b9d722 100644 --- a/nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix +++ b/nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix @@ -40,20 +40,20 @@ in options = { services.zabbixServer = { - enable = mkEnableOption (lib.mdDoc "the Zabbix Server"); + enable = mkEnableOption "the Zabbix Server"; package = mkOption { type = types.package; default = if cfg.database.type == "mysql" then pkgs.zabbix.server-mysql else pkgs.zabbix.server-pgsql; defaultText = literalExpression "pkgs.zabbix.server-pgsql"; - description = lib.mdDoc "The Zabbix package to use."; + description = "The Zabbix package to use."; }; extraPackages = mkOption { type = types.listOf types.package; default = with pkgs; [ nettools nmap traceroute ]; defaultText = literalExpression "[ nettools nmap traceroute ]"; - description = lib.mdDoc '' + description = '' Packages to be added to the Zabbix {env}`PATH`. Typically used to add executables for scripts, but can be anything. ''; @@ -61,7 +61,7 @@ in modules = mkOption { type = types.attrsOf types.package; - description = lib.mdDoc "A set of modules to load."; + description = "A set of modules to load."; default = {}; example = literalExpression '' { @@ -84,43 +84,43 @@ in type = types.enum [ "mysql" "pgsql" ]; example = "mysql"; default = "pgsql"; - description = lib.mdDoc "Database engine to use."; + description = "Database engine to use."; }; host = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc "Database host address."; + description = "Database host address."; }; port = mkOption { type = types.port; - default = if cfg.database.type == "mysql" then mysql.port else pgsql.port; + default = if cfg.database.type == "mysql" then mysql.port else pgsql.settings.port; defaultText = literalExpression '' if config.${opt.database.type} == "mysql" then config.${options.services.mysql.port} - else config.${options.services.postgresql.port} + else config.services.postgresql.settings.port ''; - description = lib.mdDoc "Database host port."; + description = "Database host port."; }; name = mkOption { type = types.str; default = "zabbix"; - description = lib.mdDoc "Database name."; + description = "Database name."; }; user = mkOption { type = types.str; default = "zabbix"; - description = lib.mdDoc "Database user."; + description = "Database user."; }; passwordFile = mkOption { type = types.nullOr types.path; default = null; example = "/run/keys/zabbix-dbpassword"; - description = lib.mdDoc '' + description = '' A file containing the password corresponding to {option}`database.user`. ''; @@ -130,13 +130,13 @@ in type = types.nullOr types.path; default = null; example = "/run/postgresql"; - description = lib.mdDoc "Path to the unix socket file to use for authentication."; + description = "Path to the unix socket file to use for authentication."; }; createLocally = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to create a local database automatically."; + description = "Whether to create a local database automatically."; }; }; @@ -144,7 +144,7 @@ in ip = mkOption { type = types.str; default = "0.0.0.0"; - description = lib.mdDoc '' + description = '' List of comma delimited IP addresses that the trapper should listen on. Trapper will listen on all network interfaces if this parameter is missing. ''; @@ -153,7 +153,7 @@ in port = mkOption { type = types.port; default = 10051; - description = lib.mdDoc '' + description = '' Listen port for trapper. ''; }; @@ -162,7 +162,7 @@ in openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Open ports in the firewall for the Zabbix Server. ''; }; @@ -170,7 +170,7 @@ in settings = mkOption { type = with types; attrsOf (oneOf [ int str (listOf str) ]); default = {}; - description = lib.mdDoc '' + description = '' Zabbix Server configuration. Refer to <https://www.zabbix.com/documentation/current/manual/appendix/config/zabbix_server> for details on supported values. diff --git a/nixpkgs/nixos/modules/services/network-filesystems/cachefilesd.nix b/nixpkgs/nixos/modules/services/network-filesystems/cachefilesd.nix index 3fb6a19c6fa3..8db0fdb8a417 100644 --- a/nixpkgs/nixos/modules/services/network-filesystems/cachefilesd.nix +++ b/nixpkgs/nixos/modules/services/network-filesystems/cachefilesd.nix @@ -20,20 +20,20 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable cachefilesd network filesystems caching daemon."; + description = "Whether to enable cachefilesd network filesystems caching daemon."; }; cacheDir = mkOption { type = types.str; default = "/var/cache/fscache"; - description = lib.mdDoc "Directory to contain filesystem cache."; + description = "Directory to contain filesystem cache."; }; extraConfig = mkOption { type = types.lines; default = ""; example = "brun 10%"; - description = lib.mdDoc "Additional configuration file entries. See cachefilesd.conf(5) for more information."; + description = "Additional configuration file entries. See cachefilesd.conf(5) for more information."; }; }; diff --git a/nixpkgs/nixos/modules/services/network-filesystems/ceph.nix b/nixpkgs/nixos/modules/services/network-filesystems/ceph.nix index df9a2f802bb9..d375434a1bd4 100644 --- a/nixpkgs/nixos/modules/services/network-filesystems/ceph.nix +++ b/nixpkgs/nixos/modules/services/network-filesystems/ceph.nix @@ -71,7 +71,7 @@ in options.services.ceph = { # Ceph has a monolithic configuration file but different sections for # each daemon, a separate client section and a global section - enable = mkEnableOption (lib.mdDoc "Ceph global configuration"); + enable = mkEnableOption "Ceph global configuration"; global = { fsid = mkOption { @@ -79,7 +79,7 @@ in example = '' 433a2193-4f8a-47a0-95d2-209d7ca2cca5 ''; - description = lib.mdDoc '' + description = '' Filesystem ID, a generated uuid, its must be generated and set before attempting to start a cluster ''; @@ -88,7 +88,7 @@ in clusterName = mkOption { type = types.str; default = "ceph"; - description = lib.mdDoc '' + description = '' Name of cluster ''; }; @@ -97,7 +97,7 @@ in type = types.path; default = "${pkgs.ceph.lib}/lib/ceph/mgr"; defaultText = literalExpression ''"''${pkgs.ceph.lib}/lib/ceph/mgr"''; - description = lib.mdDoc '' + description = '' Path at which to find ceph-mgr modules. ''; }; @@ -108,7 +108,7 @@ in example = '' node0, node1, node2 ''; - description = lib.mdDoc '' + description = '' List of hosts that will be used as monitors at startup. ''; }; @@ -119,7 +119,7 @@ in example = '' 10.10.0.1, 10.10.0.2, 10.10.0.3 ''; - description = lib.mdDoc '' + description = '' List of hostname shortnames/IP addresses of the initial monitors. ''; }; @@ -127,7 +127,7 @@ in maxOpenFiles = mkOption { type = types.int; default = 131072; - description = lib.mdDoc '' + description = '' Max open files for each OSD daemon. ''; }; @@ -135,7 +135,7 @@ in authClusterRequired = mkOption { type = types.enum [ "cephx" "none" ]; default = "cephx"; - description = lib.mdDoc '' + description = '' Enables requiring daemons to authenticate with eachother in the cluster. ''; }; @@ -143,7 +143,7 @@ in authServiceRequired = mkOption { type = types.enum [ "cephx" "none" ]; default = "cephx"; - description = lib.mdDoc '' + description = '' Enables requiring clients to authenticate with the cluster to access services in the cluster (e.g. radosgw, mds or osd). ''; }; @@ -151,7 +151,7 @@ in authClientRequired = mkOption { type = types.enum [ "cephx" "none" ]; default = "cephx"; - description = lib.mdDoc '' + description = '' Enables requiring the cluster to authenticate itself to the client. ''; }; @@ -162,7 +162,7 @@ in example = '' 10.20.0.0/24, 192.168.1.0/24 ''; - description = lib.mdDoc '' + description = '' A comma-separated list of subnets that will be used as public networks in the cluster. ''; }; @@ -173,7 +173,7 @@ in example = '' 10.10.0.0/24, 192.168.0.0/24 ''; - description = lib.mdDoc '' + description = '' A comma-separated list of subnets that will be used as cluster networks in the cluster. ''; }; @@ -182,7 +182,7 @@ in type = with types; nullOr path; default = "${pkgs.mailcap}/etc/mime.types"; defaultText = literalExpression ''"''${pkgs.mailcap}/etc/mime.types"''; - description = lib.mdDoc '' + description = '' Path to mime types used by radosgw. ''; }; @@ -194,18 +194,18 @@ in example = { "ms bind ipv6" = "true"; }; - description = lib.mdDoc '' + description = '' Extra configuration to add to the global section. Use for setting values that are common for all daemons in the cluster. ''; }; mgr = { - enable = mkEnableOption (lib.mdDoc "Ceph MGR daemon"); + enable = mkEnableOption "Ceph MGR daemon"; daemons = mkOption { type = with types; listOf str; default = []; example = [ "name1" "name2" ]; - description = lib.mdDoc '' + description = '' A list of names for manager daemons that should have a service created. The names correspond to the id part in ceph i.e. [ "name1" ] would result in mgr.name1 ''; @@ -214,19 +214,19 @@ in extraConfig = mkOption { type = with types; attrsOf str; default = {}; - description = lib.mdDoc '' + description = '' Extra configuration to add to the global section for manager daemons. ''; }; }; mon = { - enable = mkEnableOption (lib.mdDoc "Ceph MON daemon"); + enable = mkEnableOption "Ceph MON daemon"; daemons = mkOption { type = with types; listOf str; default = []; example = [ "name1" "name2" ]; - description = lib.mdDoc '' + description = '' A list of monitor daemons that should have a service created. The names correspond to the id part in ceph i.e. [ "name1" ] would result in mon.name1 ''; @@ -235,19 +235,19 @@ in extraConfig = mkOption { type = with types; attrsOf str; default = {}; - description = lib.mdDoc '' + description = '' Extra configuration to add to the monitor section. ''; }; }; osd = { - enable = mkEnableOption (lib.mdDoc "Ceph OSD daemon"); + enable = mkEnableOption "Ceph OSD daemon"; daemons = mkOption { type = with types; listOf str; default = []; example = [ "name1" "name2" ]; - description = lib.mdDoc '' + description = '' A list of OSD daemons that should have a service created. The names correspond to the id part in ceph i.e. [ "name1" ] would result in osd.name1 ''; @@ -263,19 +263,19 @@ in "osd pool default pgp num" = "200"; "osd crush chooseleaf type" = "1"; }; - description = lib.mdDoc '' + description = '' Extra configuration to add to the OSD section. ''; }; }; mds = { - enable = mkEnableOption (lib.mdDoc "Ceph MDS daemon"); + enable = mkEnableOption "Ceph MDS daemon"; daemons = mkOption { type = with types; listOf str; default = []; example = [ "name1" "name2" ]; - description = lib.mdDoc '' + description = '' A list of metadata service daemons that should have a service created. The names correspond to the id part in ceph i.e. [ "name1" ] would result in mds.name1 ''; @@ -284,20 +284,20 @@ in extraConfig = mkOption { type = with types; attrsOf str; default = {}; - description = lib.mdDoc '' + description = '' Extra configuration to add to the MDS section. ''; }; }; rgw = { - enable = mkEnableOption (lib.mdDoc "Ceph RadosGW daemon"); + enable = mkEnableOption "Ceph RadosGW daemon"; package = mkPackageOption pkgs "ceph" { }; daemons = mkOption { type = with types; listOf str; default = []; example = [ "name1" "name2" ]; - description = lib.mdDoc '' + description = '' A list of rados gateway daemons that should have a service created. The names correspond to the id part in ceph i.e. [ "name1" ] would result in client.name1, radosgw daemons aren't daemons to cluster in the sense that OSD, MGR or MON daemons are. They are simply @@ -307,7 +307,7 @@ in }; client = { - enable = mkEnableOption (lib.mdDoc "Ceph client configuration"); + enable = mkEnableOption "Ceph client configuration"; extraConfig = mkOption { type = with types; attrsOf (attrsOf str); default = {}; @@ -318,7 +318,7 @@ in "client.radosgw.node0" = { "some config option" = "true"; }; }; ''; - description = lib.mdDoc '' + description = '' Extra configuration to add to the client section. Configuration for rados gateways would be added here, with their own sections, see example. ''; diff --git a/nixpkgs/nixos/modules/services/network-filesystems/davfs2.nix b/nixpkgs/nixos/modules/services/network-filesystems/davfs2.nix index 8024cfba08be..23c04658031f 100644 --- a/nixpkgs/nixos/modules/services/network-filesystems/davfs2.nix +++ b/nixpkgs/nixos/modules/services/network-filesystems/davfs2.nix @@ -1,38 +1,52 @@ { config, lib, pkgs, ... }: -with lib; - let + inherit (lib.attrsets) optionalAttrs; + inherit (lib.generators) toINIWithGlobalSection; + inherit (lib.lists) optional; + inherit (lib.modules) mkIf; + inherit (lib.options) literalExpression mkEnableOption mkOption; + inherit (lib.strings) escape; + inherit (lib.types) attrsOf bool int lines oneOf str submodule; + cfg = config.services.davfs2; - cfgFile = pkgs.writeText "davfs2.conf" '' - dav_user ${cfg.davUser} - dav_group ${cfg.davGroup} - ${cfg.extraConfig} - ''; + + escapeString = escape ["\"" "\\"]; + + formatValue = value: + if true == value then "1" + else if false == value then "0" + else if builtins.isString value then "\"${escapeString value}\"" + else toString value; + + configFile = pkgs.writeText "davfs2.conf" ( + if (cfg.settings != { }) then + (toINIWithGlobalSection { + mkSectionName = escapeString; + mkKeyValue = k: v: "${k} ${formatValue v}"; + } cfg.settings) + else + cfg.extraConfig + ); in { + options.services.davfs2 = { - enable = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc '' - Whether to enable davfs2. - ''; - }; + enable = mkEnableOption "davfs2"; davUser = mkOption { - type = types.str; + type = str; default = "davfs2"; - description = lib.mdDoc '' + description = '' When invoked by root the mount.davfs daemon will run as this user. Value must be given as name, not as numerical id. ''; }; davGroup = mkOption { - type = types.str; + type = str; default = "davfs2"; - description = lib.mdDoc '' + description = '' The group of the running mount.davfs daemon. Ordinary users must be member of this group in order to mount a davfs2 file system. Value must be given as name, not as numerical id. @@ -40,22 +54,85 @@ in }; extraConfig = mkOption { - type = types.lines; + type = lines; default = ""; example = '' - kernel_fs coda proxy foo.bar:8080 use_locks 0 + + [/media/dav] + use_locks 1 + + [/home/otto/mywebspace] + gui_optimize 1 ''; - description = lib.mdDoc '' + description = '' Extra lines appended to the configuration of davfs2. + See {manpage}`davfs2.conf(5)` for available settings. + + **Note**: Please pass structured settings via + {option}`settings` instead, this option + will get deprecated in the future. + '' ; + }; + + settings = mkOption { + type = submodule { + freeformType = let + valueTypes = [ bool int str ]; + in + attrsOf (attrsOf (oneOf (valueTypes ++ [ (attrsOf (oneOf valueTypes)) ] ))); + }; + default = { }; + example = literalExpression '' + { + globalSection = { + proxy = "foo.bar:8080"; + use_locks = false; + }; + sections = { + "/media/dav" = { + use_locks = true; + }; + "/home/otto/mywebspace" = { + gui_optimize = true; + }; + }; + } + ''; + description = '' + Extra settings appended to the configuration of davfs2. + See {manpage}`davfs2.conf(5)` for available settings. '' ; }; }; config = mkIf cfg.enable { + + assertions = [ + { + assertion = cfg.extraConfig != "" -> cfg.settings == { }; + message = '' + services.davfs2.extraConfig and services.davfs2.settings cannot be used together. + Please prefer using services.davfs2.settings. + ''; + } + ]; + + warnings = optional (cfg.extraConfig != "") '' + services.davfs2.extraConfig will be deprecated in future releases; + please use services.davfs2.settings instead. + ''; + environment.systemPackages = [ pkgs.davfs2 ]; - environment.etc."davfs2/davfs2.conf".source = cfgFile; + environment.etc."davfs2/davfs2.conf".source = configFile; + + services.davfs2.settings = { + globalSection = { + dav_user = cfg.davUser; + dav_group = cfg.davGroup; + }; + }; users.groups = optionalAttrs (cfg.davGroup == "davfs2") { davfs2.gid = config.ids.gids.davfs2; diff --git a/nixpkgs/nixos/modules/services/network-filesystems/diod.nix b/nixpkgs/nixos/modules/services/network-filesystems/diod.nix index 541b4ffd6b46..063bae6ddb1d 100644 --- a/nixpkgs/nixos/modules/services/network-filesystems/diod.nix +++ b/nixpkgs/nixos/modules/services/network-filesystems/diod.nix @@ -26,13 +26,13 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the diod 9P file server."; + description = "Whether to enable the diod 9P file server."; }; listen = mkOption { type = types.listOf types.str; default = [ "0.0.0.0:564" ]; - description = lib.mdDoc '' + description = '' [ "IP:PORT" [,"IP:PORT",...] ] List the interfaces and ports that diod should listen on. ''; @@ -41,7 +41,7 @@ in exports = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' List the file systems that clients will be allowed to mount. All paths should be fully qualified. The exports table can include two types of element: a string element (as above), @@ -57,7 +57,7 @@ in exportall = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Export all file systems listed in /proc/mounts. If new file systems are mounted after diod has started, they will become immediately mountable. If there is a duplicate entry for a file system in the exports list, any options listed in @@ -68,7 +68,7 @@ in exportopts = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' Establish a default set of export options. These are overridden, not appended to, by opts attributes in an "exports" entry. ''; @@ -77,7 +77,7 @@ in nwthreads = mkOption { type = types.int; default = 16; - description = lib.mdDoc '' + description = '' Sets the (fixed) number of worker threads created to handle 9P requests for a unique aname. ''; @@ -86,7 +86,7 @@ in authRequired = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Allow clients to connect without authentication, i.e. without a valid MUNGE credential. ''; }; @@ -94,7 +94,7 @@ in userdb = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' This option disables password/group lookups. It allows any uid to attach and assumes gid=uid, and supplementary groups contain only the primary gid. ''; @@ -103,7 +103,7 @@ in allsquash = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Remap all users to "nobody". The attaching user need not be present in the password file. ''; @@ -112,7 +112,7 @@ in squashuser = mkOption { type = types.str; default = "nobody"; - description = lib.mdDoc '' + description = '' Change the squash user. The squash user must be present in the password file. ''; }; @@ -120,7 +120,7 @@ in logdest = mkOption { type = types.str; default = "syslog:daemon:err"; - description = lib.mdDoc '' + description = '' Set the destination for logging. The value has the form of "syslog:facility:level" or "filename". ''; @@ -130,7 +130,7 @@ in statfsPassthru = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' This option configures statfs to return the host file system's type rather than V9FS_MAGIC. ''; @@ -139,7 +139,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Extra configuration options for diod.conf."; + description = "Extra configuration options for diod.conf."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/network-filesystems/drbd.nix b/nixpkgs/nixos/modules/services/network-filesystems/drbd.nix index 79a1b768b461..b971fadebf71 100644 --- a/nixpkgs/nixos/modules/services/network-filesystems/drbd.nix +++ b/nixpkgs/nixos/modules/services/network-filesystems/drbd.nix @@ -15,7 +15,7 @@ let cfg = config.services.drbd; in services.drbd.enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to enable support for DRBD, the Distributed Replicated Block Device. ''; @@ -24,7 +24,7 @@ let cfg = config.services.drbd; in services.drbd.config = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Contents of the {file}`drbd.conf` configuration file. ''; }; diff --git a/nixpkgs/nixos/modules/services/network-filesystems/glusterfs.nix b/nixpkgs/nixos/modules/services/network-filesystems/glusterfs.nix index ee03bada492d..f23e2842f3a8 100644 --- a/nixpkgs/nixos/modules/services/network-filesystems/glusterfs.nix +++ b/nixpkgs/nixos/modules/services/network-filesystems/glusterfs.nix @@ -33,17 +33,17 @@ in services.glusterfs = { - enable = mkEnableOption (lib.mdDoc "GlusterFS Daemon"); + enable = mkEnableOption "GlusterFS Daemon"; logLevel = mkOption { type = types.enum ["DEBUG" "INFO" "WARNING" "ERROR" "CRITICAL" "TRACE" "NONE"]; - description = lib.mdDoc "Log level used by the GlusterFS daemon"; + description = "Log level used by the GlusterFS daemon"; default = "INFO"; }; useRpcbind = mkOption { type = types.bool; - description = lib.mdDoc '' + description = '' Enable use of rpcbind. This is required for Gluster's NFS functionality. You may want to turn it off to reduce the attack surface for DDoS reflection attacks. @@ -56,13 +56,13 @@ in enableGlustereventsd = mkOption { type = types.bool; - description = lib.mdDoc "Whether to enable the GlusterFS Events Daemon"; + description = "Whether to enable the GlusterFS Events Daemon"; default = true; }; killMode = mkOption { type = types.enum ["control-group" "process" "mixed" "none"]; - description = lib.mdDoc '' + description = '' The systemd KillMode to use for glusterd. glusterd spawns other daemons like gsyncd. @@ -79,7 +79,7 @@ in stopKillTimeout = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The systemd TimeoutStopSec to use. After this time after having been asked to shut down, glusterd @@ -94,12 +94,12 @@ in extraFlags = mkOption { type = types.listOf types.str; - description = lib.mdDoc "Extra flags passed to the GlusterFS daemon"; + description = "Extra flags passed to the GlusterFS daemon"; default = []; }; tlsSettings = mkOption { - description = lib.mdDoc '' + description = '' Make the server communicate via TLS. This means it will only connect to other gluster servers having certificates signed by the same CA. @@ -114,17 +114,17 @@ in options = { tlsKeyPath = mkOption { type = types.str; - description = lib.mdDoc "Path to the private key used for TLS."; + description = "Path to the private key used for TLS."; }; tlsPem = mkOption { type = types.path; - description = lib.mdDoc "Path to the certificate used for TLS."; + description = "Path to the certificate used for TLS."; }; caCert = mkOption { type = types.path; - description = lib.mdDoc "Path certificate authority used to sign the cluster certificates."; + description = "Path certificate authority used to sign the cluster certificates."; }; }; }); diff --git a/nixpkgs/nixos/modules/services/network-filesystems/kbfs.nix b/nixpkgs/nixos/modules/services/network-filesystems/kbfs.nix index 578675e75dc3..903cae379986 100644 --- a/nixpkgs/nixos/modules/services/network-filesystems/kbfs.nix +++ b/nixpkgs/nixos/modules/services/network-filesystems/kbfs.nix @@ -15,13 +15,13 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to mount the Keybase filesystem."; + description = "Whether to mount the Keybase filesystem."; }; enableRedirector = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the Keybase root redirector service, allowing any user to access KBFS files via `/keybase`, which will show different contents depending on the requester. @@ -32,7 +32,7 @@ in { type = types.str; default = "%h/keybase"; example = "/keybase"; - description = lib.mdDoc "Mountpoint for the Keybase filesystem."; + description = "Mountpoint for the Keybase filesystem."; }; extraFlags = mkOption { @@ -42,7 +42,7 @@ in { "-label kbfs" "-mount-type normal" ]; - description = lib.mdDoc '' + description = '' Additional flags to pass to the Keybase filesystem on launch. ''; }; diff --git a/nixpkgs/nixos/modules/services/network-filesystems/kubo.nix b/nixpkgs/nixos/modules/services/network-filesystems/kubo.nix index 9a05a28550d3..d4ffda7c374e 100644 --- a/nixpkgs/nixos/modules/services/network-filesystems/kubo.nix +++ b/nixpkgs/nixos/modules/services/network-filesystems/kubo.nix @@ -99,25 +99,25 @@ in services.kubo = { - enable = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption '' the Interplanetary File System (WARNING: may cause severe network degradation). NOTE: after enabling this option and rebuilding your system, you need to log out and back in for the `IPFS_PATH` environment variable to be present in your shell. Until you do that, the CLI tools won't be able to talk to the daemon by default - ''); + ''; package = mkPackageOption pkgs "kubo" { }; user = mkOption { type = types.str; default = "ipfs"; - description = lib.mdDoc "User under which the Kubo daemon runs"; + description = "User under which the Kubo daemon runs"; }; group = mkOption { type = types.str; default = "ipfs"; - description = lib.mdDoc "Group under which the Kubo daemon runs"; + description = "Group under which the Kubo daemon runs"; }; dataDir = mkOption { @@ -131,37 +131,37 @@ in then "/var/lib/ipfs" else "/var/lib/ipfs/.ipfs" ''; - description = lib.mdDoc "The data dir for Kubo"; + description = "The data dir for Kubo"; }; defaultMode = mkOption { type = types.enum [ "online" "offline" "norouting" ]; default = "online"; - description = lib.mdDoc "systemd service that is enabled by default"; + description = "systemd service that is enabled by default"; }; autoMount = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether Kubo should try to mount /ipfs and /ipns at startup."; + description = "Whether Kubo should try to mount /ipfs and /ipns at startup."; }; autoMigrate = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether Kubo should try to run the fs-repo-migration at startup."; + description = "Whether Kubo should try to run the fs-repo-migration at startup."; }; enableGC = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable automatic garbage collection"; + description = "Whether to enable automatic garbage collection"; }; emptyRepo = mkOption { type = types.bool; default = true; - description = lib.mdDoc "If set to false, the repo will be initialized with help files"; + description = "If set to false, the repo will be initialized with help files"; }; settings = mkOption { @@ -172,7 +172,7 @@ in Addresses.API = mkOption { type = types.oneOf [ types.str (types.listOf types.str) ]; default = [ ]; - description = lib.mdDoc '' + description = '' Multiaddr or array of multiaddrs describing the address to serve the local HTTP API on. In addition to the multiaddrs listed here, the daemon will also listen on a Unix domain socket. To allow the ipfs CLI tools to communicate with the daemon over that socket, @@ -183,7 +183,7 @@ in Addresses.Gateway = mkOption { type = types.oneOf [ types.str (types.listOf types.str) ]; default = "/ip4/127.0.0.1/tcp/8080"; - description = lib.mdDoc "Where the IPFS Gateway can be reached"; + description = "Where the IPFS Gateway can be reached"; }; Addresses.Swarm = mkOption { @@ -196,23 +196,23 @@ in "/ip6/::/udp/4001/quic-v1" "/ip6/::/udp/4001/quic-v1/webtransport" ]; - description = lib.mdDoc "Where Kubo listens for incoming p2p connections"; + description = "Where Kubo listens for incoming p2p connections"; }; Mounts.IPFS = mkOption { type = types.str; default = "/ipfs"; - description = lib.mdDoc "Where to mount the IPFS namespace to"; + description = "Where to mount the IPFS namespace to"; }; Mounts.IPNS = mkOption { type = types.str; default = "/ipns"; - description = lib.mdDoc "Where to mount the IPNS namespace to"; + description = "Where to mount the IPNS namespace to"; }; }; }; - description = lib.mdDoc '' + description = '' Attrset of daemon configuration. See [https://github.com/ipfs/kubo/blob/master/docs/config.md](https://github.com/ipfs/kubo/blob/master/docs/config.md) for reference. You can't set `Identity` or `Pinning`. @@ -232,13 +232,13 @@ in extraFlags = mkOption { type = types.listOf types.str; - description = lib.mdDoc "Extra flags passed to the Kubo daemon"; + description = "Extra flags passed to the Kubo daemon"; default = [ ]; }; localDiscovery = mkOption { type = types.bool; - description = lib.mdDoc ''Whether to enable local discovery for the Kubo daemon. + description = ''Whether to enable local discovery for the Kubo daemon. This will allow Kubo to scan ports on your local network. Some hosting services will ban you if you do this. ''; default = false; @@ -247,14 +247,14 @@ in serviceFdlimit = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc "The fdlimit for the Kubo systemd unit or `null` to have the daemon attempt to manage it"; + description = "The fdlimit for the Kubo systemd unit or `null` to have the daemon attempt to manage it"; example = 64 * 1024; }; startWhenNeeded = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to use socket activation to start Kubo when needed."; + description = "Whether to use socket activation to start Kubo when needed."; }; }; diff --git a/nixpkgs/nixos/modules/services/network-filesystems/litestream/default.nix b/nixpkgs/nixos/modules/services/network-filesystems/litestream/default.nix index afc38fcebcff..87f07b0501be 100644 --- a/nixpkgs/nixos/modules/services/network-filesystems/litestream/default.nix +++ b/nixpkgs/nixos/modules/services/network-filesystems/litestream/default.nix @@ -8,12 +8,12 @@ let in { options.services.litestream = { - enable = mkEnableOption (lib.mdDoc "litestream"); + enable = mkEnableOption "litestream"; package = mkPackageOption pkgs "litestream" { }; settings = mkOption { - description = lib.mdDoc '' + description = '' See the [documentation](https://litestream.io/reference/config/). ''; type = settingsFormat.type; @@ -35,7 +35,7 @@ in type = types.nullOr types.path; default = null; example = "/run/secrets/litestream"; - description = lib.mdDoc '' + description = '' Environment file as defined in {manpage}`systemd.exec(5)`. Secrets may be passed to the service without adding them to the diff --git a/nixpkgs/nixos/modules/services/network-filesystems/moosefs.nix b/nixpkgs/nixos/modules/services/network-filesystems/moosefs.nix index 49cbc89d5a91..8d29148883ab 100644 --- a/nixpkgs/nixos/modules/services/network-filesystems/moosefs.nix +++ b/nixpkgs/nixos/modules/services/network-filesystems/moosefs.nix @@ -75,22 +75,22 @@ in { masterHost = mkOption { type = types.str; default = null; - description = lib.mdDoc "IP or DNS name of master host."; + description = "IP or DNS name of master host."; }; runAsUser = mkOption { type = types.bool; default = true; example = true; - description = lib.mdDoc "Run daemons as user moosefs instead of root."; + description = "Run daemons as user moosefs instead of root."; }; - client.enable = mkEnableOption (lib.mdDoc "Moosefs client"); + client.enable = mkEnableOption "Moosefs client"; master = { enable = mkOption { type = types.bool; - description = lib.mdDoc '' + description = '' Enable Moosefs master daemon. You need to run `mfsmaster-init` on a freshly installed master server to @@ -102,7 +102,7 @@ in { exports = mkOption { type = with types; listOf str; default = null; - description = lib.mdDoc "Paths to export (see mfsexports.cfg)."; + description = "Paths to export (see mfsexports.cfg)."; example = [ "* / rw,alldirs,admin,maproot=0:0" "* . rw" @@ -111,7 +111,7 @@ in { openFirewall = mkOption { type = types.bool; - description = lib.mdDoc "Whether to automatically open the necessary ports in the firewall."; + description = "Whether to automatically open the necessary ports in the firewall."; default = false; }; @@ -122,16 +122,16 @@ in { options.DATA_PATH = mkOption { type = types.str; default = "/var/lib/mfs"; - description = lib.mdDoc "Data storage directory."; + description = "Data storage directory."; }; }; - description = lib.mdDoc "Contents of config file (mfsmaster.cfg)."; + description = "Contents of config file (mfsmaster.cfg)."; }; }; metalogger = { - enable = mkEnableOption (lib.mdDoc "Moosefs metalogger daemon"); + enable = mkEnableOption "Moosefs metalogger daemon"; settings = mkOption { type = types.submodule { @@ -140,27 +140,27 @@ in { options.DATA_PATH = mkOption { type = types.str; default = "/var/lib/mfs"; - description = lib.mdDoc "Data storage directory"; + description = "Data storage directory"; }; }; - description = lib.mdDoc "Contents of metalogger config file (mfsmetalogger.cfg)."; + description = "Contents of metalogger config file (mfsmetalogger.cfg)."; }; }; chunkserver = { - enable = mkEnableOption (lib.mdDoc "Moosefs chunkserver daemon"); + enable = mkEnableOption "Moosefs chunkserver daemon"; openFirewall = mkOption { type = types.bool; - description = lib.mdDoc "Whether to automatically open the necessary ports in the firewall."; + description = "Whether to automatically open the necessary ports in the firewall."; default = false; }; hdds = mkOption { type = with types; listOf str; default = null; - description = lib.mdDoc "Mount points to be used by chunkserver for storage (see mfshdd.cfg)."; + description = "Mount points to be used by chunkserver for storage (see mfshdd.cfg)."; example = [ "/mnt/hdd1" ]; }; @@ -171,11 +171,11 @@ in { options.DATA_PATH = mkOption { type = types.str; default = "/var/lib/mfs"; - description = lib.mdDoc "Directory for lock file."; + description = "Directory for lock file."; }; }; - description = lib.mdDoc "Contents of chunkserver config file (mfschunkserver.cfg)."; + description = "Contents of chunkserver config file (mfschunkserver.cfg)."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/network-filesystems/netatalk.nix b/nixpkgs/nixos/modules/services/network-filesystems/netatalk.nix index a40f68557c0e..d7eef33ad96c 100644 --- a/nixpkgs/nixos/modules/services/network-filesystems/netatalk.nix +++ b/nixpkgs/nixos/modules/services/network-filesystems/netatalk.nix @@ -10,12 +10,12 @@ in { options = { services.netatalk = { - enable = mkEnableOption (lib.mdDoc "the Netatalk AFP fileserver"); + enable = mkEnableOption "the Netatalk AFP fileserver"; port = mkOption { type = types.port; default = 548; - description = lib.mdDoc "TCP port to be used for AFP."; + description = "TCP port to be used for AFP."; }; settings = mkOption { @@ -32,7 +32,7 @@ in { "read only" = true; }; }; - description = lib.mdDoc '' + description = '' Configuration for Netatalk. See {manpage}`afp.conf(5)`. ''; @@ -41,7 +41,7 @@ in { extmap = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' File name extension mappings. See {manpage}`extmap.conf(5)`. for more information. ''; diff --git a/nixpkgs/nixos/modules/services/network-filesystems/nfsd.nix b/nixpkgs/nixos/modules/services/network-filesystems/nfsd.nix index c9e1cbcbbda4..c40bcf28c28f 100644 --- a/nixpkgs/nixos/modules/services/network-filesystems/nfsd.nix +++ b/nixpkgs/nixos/modules/services/network-filesystems/nfsd.nix @@ -26,7 +26,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the kernel's NFS server. ''; }; @@ -34,7 +34,7 @@ in extraNfsdConfig = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Extra configuration options for the [nfsd] section of /etc/nfs.conf. ''; }; @@ -42,7 +42,7 @@ in exports = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Contents of the /etc/exports file. See {manpage}`exports(5)` for the format. ''; @@ -51,7 +51,7 @@ in hostName = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Hostname or address on which NFS requests will be accepted. Default is all. See the {option}`-H` option in {manpage}`nfsd(8)`. @@ -61,7 +61,7 @@ in nproc = mkOption { type = types.int; default = 8; - description = lib.mdDoc '' + description = '' Number of NFS server threads. Defaults to the recommended value of 8. ''; }; @@ -69,14 +69,14 @@ in createMountPoints = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to create the mount points in the exports file at startup time."; + description = "Whether to create the mount points in the exports file at startup time."; }; mountdPort = mkOption { type = types.nullOr types.int; default = null; example = 4002; - description = lib.mdDoc '' + description = '' Use fixed port for rpc.mountd, useful if server is behind firewall. ''; }; @@ -85,7 +85,7 @@ in type = types.nullOr types.int; default = null; example = 4001; - description = lib.mdDoc '' + description = '' Use a fixed port for the NFS lock manager kernel module (`lockd/nlockmgr`). This is useful if the NFS server is behind a firewall. @@ -96,7 +96,7 @@ in type = types.nullOr types.int; default = null; example = 4000; - description = lib.mdDoc '' + description = '' Use a fixed port for {command}`rpc.statd`. This is useful if the NFS server is behind a firewall. ''; @@ -113,25 +113,6 @@ in config = mkIf cfg.enable { - services.nfs.extraConfig = '' - [nfsd] - threads=${toString cfg.nproc} - ${optionalString (cfg.hostName != null) "host=${cfg.hostName}"} - ${cfg.extraNfsdConfig} - - [mountd] - ${optionalString (cfg.mountdPort != null) "port=${toString cfg.mountdPort}"} - - [statd] - ${optionalString (cfg.statdPort != null) "port=${toString cfg.statdPort}"} - - [lockd] - ${optionalString (cfg.lockdPort != null) '' - port=${toString cfg.lockdPort} - udp-port=${toString cfg.lockdPort} - ''} - ''; - services.rpcbind.enable = true; boot.supportedFilesystems = [ "nfs" ]; # needed for statd and idmapd diff --git a/nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix b/nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix index 02c3482ec657..e7c2b9526328 100644 --- a/nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix +++ b/nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix @@ -33,26 +33,26 @@ in enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc "Whether to enable the OpenAFS client."; + description = "Whether to enable the OpenAFS client."; }; afsdb = mkOption { default = true; type = types.bool; - description = lib.mdDoc "Resolve cells via AFSDB DNS records."; + description = "Resolve cells via AFSDB DNS records."; }; cellName = mkOption { default = ""; type = types.str; - description = lib.mdDoc "Cell name."; + description = "Cell name."; example = "grand.central.org"; }; cellServDB = mkOption { default = []; type = with types; listOf (submodule { options = cellServDBConfig; }); - description = lib.mdDoc '' + description = '' This cell's database server records, added to the global CellServDB. See CellServDB(5) man page for syntax. Ignored when `afsdb` is set to `true`. @@ -67,13 +67,13 @@ in blocks = mkOption { default = 100000; type = types.int; - description = lib.mdDoc "Cache size in 1KB blocks."; + description = "Cache size in 1KB blocks."; }; chunksize = mkOption { default = 0; type = types.ints.between 0 30; - description = lib.mdDoc '' + description = '' Size of each cache chunk given in powers of 2. `0` resets the chunk size to its default values (13 (8 KB) for memcache, 18-20 (256 KB to 1 MB) for @@ -85,13 +85,13 @@ in directory = mkOption { default = "/var/cache/openafs"; type = types.str; - description = lib.mdDoc "Cache directory."; + description = "Cache directory."; }; diskless = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Use in-memory cache for diskless machines. Has no real performance benefit anymore. ''; @@ -101,13 +101,13 @@ in crypt = mkOption { default = true; type = types.bool; - description = lib.mdDoc "Whether to enable (weak) protocol encryption."; + description = "Whether to enable (weak) protocol encryption."; }; daemons = mkOption { default = 2; type = types.int; - description = lib.mdDoc '' + description = '' Number of daemons to serve user requests. Numbers higher than 6 usually do no increase performance. Default is sufficient for up to five concurrent users. @@ -117,7 +117,7 @@ in fakestat = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Return fake data on stat() calls. If `true`, always do so. If `false`, only do so for cross-cell mounts (as these are potentially expensive). @@ -127,7 +127,7 @@ in inumcalc = mkOption { default = "compat"; type = types.strMatching "compat|md5"; - description = lib.mdDoc '' + description = '' Inode calculation method. `compat` is computationally less expensive, but `md5` greatly reduces the likelihood of inode collisions in larger scenarios @@ -138,7 +138,7 @@ in mountPoint = mkOption { default = "/afs"; type = types.str; - description = lib.mdDoc '' + description = '' Mountpoint of the AFS file tree, conventionally `/afs`. When set to a different value, only cross-cells that use the same value can be accessed. @@ -150,26 +150,26 @@ in default = config.boot.kernelPackages.openafs; defaultText = literalExpression "config.boot.kernelPackages.openafs"; type = types.package; - description = lib.mdDoc "OpenAFS kernel module package. MUST match the userland package!"; + description = "OpenAFS kernel module package. MUST match the userland package!"; }; programs = mkOption { default = getBin pkgs.openafs; defaultText = literalExpression "getBin pkgs.openafs"; type = types.package; - description = lib.mdDoc "OpenAFS programs package. MUST match the kernel module package!"; + description = "OpenAFS programs package. MUST match the kernel module package!"; }; }; sparse = mkOption { default = true; type = types.bool; - description = lib.mdDoc "Minimal cell list in /afs."; + description = "Minimal cell list in /afs."; }; startDisconnected = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Start up in disconnected mode. You need to execute `fs disco online` (as root) to switch to connected mode. Useful for roaming devices. diff --git a/nixpkgs/nixos/modules/services/network-filesystems/openafs/lib.nix b/nixpkgs/nixos/modules/services/network-filesystems/openafs/lib.nix index e5e147a8dc33..726c47b70575 100644 --- a/nixpkgs/nixos/modules/services/network-filesystems/openafs/lib.nix +++ b/nixpkgs/nixos/modules/services/network-filesystems/openafs/lib.nix @@ -17,13 +17,13 @@ in { type = types.str; default = ""; example = "1.2.3.4"; - description = lib.mdDoc "IP Address of a database server"; + description = "IP Address of a database server"; }; dnsname = mkOption { type = types.str; default = ""; example = "afs.example.org"; - description = lib.mdDoc "DNS full-qualified domain name of a database server"; + description = "DNS full-qualified domain name of a database server"; }; }; diff --git a/nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix b/nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix index 14bdf2f33865..a399aa6c23bc 100644 --- a/nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix +++ b/nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix @@ -71,7 +71,7 @@ in { enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to enable the OpenAFS server. An OpenAFS server needs a complex setup. So, be aware that enabling this service and setting some options does not give you a turn-key-ready solution. You need @@ -85,20 +85,20 @@ in { advertisedAddresses = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc "List of IP addresses this server is advertised under. See NetInfo(5)"; + description = "List of IP addresses this server is advertised under. See NetInfo(5)"; }; cellName = mkOption { default = ""; type = types.str; - description = lib.mdDoc "Cell name, this server will serve."; + description = "Cell name, this server will serve."; example = "grand.central.org"; }; cellServDB = mkOption { default = []; type = with types; listOf (submodule [ { options = cellServDBConfig;} ]); - description = lib.mdDoc "Definition of all cell-local database server machines."; + description = "Definition of all cell-local database server machines."; }; package = mkPackageOption pkgs "openafs" { }; @@ -108,33 +108,33 @@ in { enable = mkOption { default = true; type = types.bool; - description = lib.mdDoc "Fileserver role, serves files and volumes from its local storage."; + description = "Fileserver role, serves files and volumes from its local storage."; }; fileserverArgs = mkOption { default = "-vattachpar 128 -vhashsize 11 -L -rxpck 400 -cb 1000000"; type = types.str; - description = lib.mdDoc "Arguments to the dafileserver process. See its man page."; + description = "Arguments to the dafileserver process. See its man page."; }; volserverArgs = mkOption { default = ""; type = types.str; - description = lib.mdDoc "Arguments to the davolserver process. See its man page."; + description = "Arguments to the davolserver process. See its man page."; example = "-sync never"; }; salvageserverArgs = mkOption { default = ""; type = types.str; - description = lib.mdDoc "Arguments to the salvageserver process. See its man page."; + description = "Arguments to the salvageserver process. See its man page."; example = "-showlog"; }; salvagerArgs = mkOption { default = ""; type = types.str; - description = lib.mdDoc "Arguments to the dasalvager process. See its man page."; + description = "Arguments to the dasalvager process. See its man page."; example = "-showlog -showmounts"; }; }; @@ -143,7 +143,7 @@ in { enable = mkOption { default = true; type = types.bool; - description = lib.mdDoc '' + description = '' Database server role, maintains the Volume Location Database, Protection Database (and Backup Database, see `backup` role). There can be multiple @@ -158,20 +158,20 @@ in { vlserverArgs = mkOption { default = ""; type = types.str; - description = lib.mdDoc "Arguments to the vlserver process. See its man page."; + description = "Arguments to the vlserver process. See its man page."; example = "-rxbind"; }; ptserverArgs = mkOption { default = ""; type = types.str; - description = lib.mdDoc "Arguments to the ptserver process. See its man page."; + description = "Arguments to the ptserver process. See its man page."; example = "-restricted -default_access S---- S-M---"; }; }; backup = { - enable = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption '' the backup server role. When using OpenAFS built-in buserver, use in conjunction with the `database` role to maintain the Backup Database. Normally only used in conjunction with tape storage @@ -179,24 +179,24 @@ in { For a modern backup server, enable this role and see {option}`enableFabs` - ''); + ''; - enableFabs = mkEnableOption (lib.mdDoc '' + enableFabs = mkEnableOption '' FABS, the flexible AFS backup system. It stores volumes as dump files, relying on other pre-existing backup solutions for handling them. - ''); + ''; buserverArgs = mkOption { default = ""; type = types.str; - description = lib.mdDoc "Arguments to the buserver process. See its man page."; + description = "Arguments to the buserver process. See its man page."; example = "-p 8"; }; cellServDB = mkOption { default = []; type = with types; listOf (submodule [ { options = cellServDBConfig;} ]); - description = lib.mdDoc '' + description = '' Definition of all cell-local backup database server machines. Use this when your cell uses less backup database servers than other database server machines. @@ -206,7 +206,7 @@ in { fabsArgs = mkOption { default = ""; type = types.str; - description = lib.mdDoc '' + description = '' Arguments to the fabsys process. See {manpage}`fabsys_server(1)` and {manpage}`fabsys_config(1)`. @@ -216,7 +216,7 @@ in { fabsExtraConfig = mkOption { default = {}; type = types.attrs; - description = lib.mdDoc '' + description = '' Additional configuration parameters for the FABS backup server. ''; example = literalExpression '' @@ -232,7 +232,7 @@ in { dottedPrincipals= mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' If enabled, allow principal names containing (.) dots. Enabling this has security implications! ''; @@ -241,7 +241,7 @@ in { udpPacketSize = mkOption { default = 1310720; type = types.int; - description = lib.mdDoc '' + description = '' UDP packet size to use in Bytes. Higher values can speed up communications. The default of 1 MB is a sufficient in most cases. Make sure to increase the kernel's UDP buffer size diff --git a/nixpkgs/nixos/modules/services/network-filesystems/orangefs/client.nix b/nixpkgs/nixos/modules/services/network-filesystems/orangefs/client.nix index 68f23f477af1..0632a9bc9527 100644 --- a/nixpkgs/nixos/modules/services/network-filesystems/orangefs/client.nix +++ b/nixpkgs/nixos/modules/services/network-filesystems/orangefs/client.nix @@ -10,16 +10,16 @@ in { options = { services.orangefs.client = { - enable = mkEnableOption (lib.mdDoc "OrangeFS client daemon"); + enable = mkEnableOption "OrangeFS client daemon"; extraOptions = mkOption { type = with types; listOf str; default = []; - description = lib.mdDoc "Extra command line options for pvfs2-client."; + description = "Extra command line options for pvfs2-client."; }; fileSystems = mkOption { - description = lib.mdDoc '' + description = '' The orangefs file systems to be mounted. This option is preferred over using {option}`fileSystems` directly since the pvfs client service needs to be running for it to be mounted. @@ -36,19 +36,19 @@ in { mountPoint = mkOption { type = types.str; default = "/orangefs"; - description = lib.mdDoc "Mount point."; + description = "Mount point."; }; options = mkOption { type = with types; listOf str; default = []; - description = lib.mdDoc "Mount options"; + description = "Mount options"; }; target = mkOption { type = types.str; example = "tcp://server:3334/orangefs"; - description = lib.mdDoc "Target URL"; + description = "Target URL"; }; }; })); diff --git a/nixpkgs/nixos/modules/services/network-filesystems/orangefs/server.nix b/nixpkgs/nixos/modules/services/network-filesystems/orangefs/server.nix index 085b64e4c040..9fbf37f0d00a 100644 --- a/nixpkgs/nixos/modules/services/network-filesystems/orangefs/server.nix +++ b/nixpkgs/nixos/modules/services/network-filesystems/orangefs/server.nix @@ -74,45 +74,45 @@ in { options = { services.orangefs.server = { - enable = mkEnableOption (lib.mdDoc "OrangeFS server"); + enable = mkEnableOption "OrangeFS server"; logType = mkOption { type = with types; enum [ "file" "syslog" ]; default = "syslog"; - description = lib.mdDoc "Destination for log messages."; + description = "Destination for log messages."; }; dataStorageSpace = mkOption { type = types.nullOr types.str; default = null; example = "/data/storage"; - description = lib.mdDoc "Directory for data storage."; + description = "Directory for data storage."; }; metadataStorageSpace = mkOption { type = types.nullOr types.str; default = null; example = "/data/meta"; - description = lib.mdDoc "Directory for meta data storage."; + description = "Directory for meta data storage."; }; BMIModules = mkOption { type = with types; listOf str; default = [ "bmi_tcp" ]; example = [ "bmi_tcp" "bmi_ib"]; - description = lib.mdDoc "List of BMI modules to load."; + description = "List of BMI modules to load."; }; extraDefaults = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Extra config for `<Defaults>` section."; + description = "Extra config for `<Defaults>` section."; }; extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Extra config for the global section."; + description = "Extra config for the global section."; }; servers = mkOption { @@ -122,11 +122,11 @@ in { node1 = "tcp://node1:3334"; node2 = "tcp://node2:3334"; }; - description = lib.mdDoc "URLs for storage server including port. The attribute names define the server alias."; + description = "URLs for storage server including port. The attribute names define the server alias."; }; fileSystems = mkOption { - description = lib.mdDoc '' + description = '' These options will create the `<FileSystem>` sections of config file. ''; default = { orangefs = {}; }; @@ -146,37 +146,37 @@ in { id = mkOption { type = types.int; default = 1; - description = lib.mdDoc "File system ID (must be unique within configuration)."; + description = "File system ID (must be unique within configuration)."; }; rootHandle = mkOption { type = types.int; default = 3; - description = lib.mdDoc "File system root ID."; + description = "File system root ID."; }; extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Extra config for `<FileSystem>` section."; + description = "Extra config for `<FileSystem>` section."; }; troveSyncMeta = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Sync meta data."; + description = "Sync meta data."; }; troveSyncData = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Sync data."; + description = "Sync data."; }; extraStorageHints = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Extra config for `<StorageHints>` section."; + description = "Extra config for `<StorageHints>` section."; }; }; })); diff --git a/nixpkgs/nixos/modules/services/network-filesystems/rsyncd.nix b/nixpkgs/nixos/modules/services/network-filesystems/rsyncd.nix index c9d7475395fe..49bc7caf2ee4 100644 --- a/nixpkgs/nixos/modules/services/network-filesystems/rsyncd.nix +++ b/nixpkgs/nixos/modules/services/network-filesystems/rsyncd.nix @@ -10,12 +10,12 @@ in { options = { services.rsyncd = { - enable = mkEnableOption (lib.mdDoc "the rsync daemon"); + enable = mkEnableOption "the rsync daemon"; port = mkOption { default = 873; type = types.port; - description = lib.mdDoc "TCP port the daemon will listen on."; + description = "TCP port the daemon will listen on."; }; settings = mkOption { @@ -39,7 +39,7 @@ in { "secrets file" = "/etc/rsyncd.secrets"; }; }; - description = lib.mdDoc '' + description = '' Configuration for rsyncd. See {manpage}`rsyncd.conf(5)`. ''; @@ -48,8 +48,7 @@ in { socketActivated = mkOption { default = false; type = types.bool; - description = - lib.mdDoc "If enabled Rsync will be socket-activated rather than run persistently."; + description = "If enabled Rsync will be socket-activated rather than run persistently."; }; }; diff --git a/nixpkgs/nixos/modules/services/network-filesystems/samba-wsdd.nix b/nixpkgs/nixos/modules/services/network-filesystems/samba-wsdd.nix index ad600796217b..608b48cf0305 100644 --- a/nixpkgs/nixos/modules/services/network-filesystems/samba-wsdd.nix +++ b/nixpkgs/nixos/modules/services/network-filesystems/samba-wsdd.nix @@ -8,24 +8,24 @@ let in { options = { services.samba-wsdd = { - enable = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption '' Web Services Dynamic Discovery host daemon. This enables (Samba) hosts, like your local NAS device, to be found by Web Service Discovery Clients like Windows. - ''); + ''; interface = mkOption { type = types.nullOr types.str; default = null; example = "eth0"; - description = lib.mdDoc "Interface or address to use."; + description = "Interface or address to use."; }; hoplimit = mkOption { type = types.nullOr types.int; default = null; example = 2; - description = lib.mdDoc "Hop limit for multicast packets (default = 1)."; + description = "Hop limit for multicast packets (default = 1)."; }; openFirewall = mkOption { - description = lib.mdDoc '' + description = '' Whether to open the required firewall ports in the firewall. ''; default = false; @@ -35,34 +35,34 @@ in { type = types.nullOr types.str; default = null; example = "HOME"; - description = lib.mdDoc "Set workgroup name (default WORKGROUP)."; + description = "Set workgroup name (default WORKGROUP)."; }; hostname = mkOption { type = types.nullOr types.str; default = null; example = "FILESERVER"; - description = lib.mdDoc "Override (NetBIOS) hostname to be used (default hostname)."; + description = "Override (NetBIOS) hostname to be used (default hostname)."; }; domain = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "Set domain name (disables workgroup)."; + description = "Set domain name (disables workgroup)."; }; discovery = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable discovery operation mode."; + description = "Enable discovery operation mode."; }; listen = mkOption { type = types.str; default = "/run/wsdd/wsdd.sock"; - description = lib.mdDoc "Listen on path or localhost port in discovery mode."; + description = "Listen on path or localhost port in discovery mode."; }; extraOptions = mkOption { type = types.listOf types.str; default = [ "--shortlog" ]; example = [ "--verbose" "--no-http" "--ipv4only" "--no-host" ]; - description = lib.mdDoc "Additional wsdd options."; + description = "Additional wsdd options."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/network-filesystems/samba.nix b/nixpkgs/nixos/modules/services/network-filesystems/samba.nix index ef368ddbeefd..66ef3f14ed70 100644 --- a/nixpkgs/nixos/modules/services/network-filesystems/samba.nix +++ b/nixpkgs/nixos/modules/services/network-filesystems/samba.nix @@ -80,7 +80,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable Samba, which provides file and print services to Windows clients through the SMB/CIFS protocol. @@ -95,7 +95,7 @@ in openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to automatically open the necessary ports in the firewall. ''; }; @@ -103,7 +103,7 @@ in enableNmbd = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable Samba's nmbd, which replies to NetBIOS over IP name service requests. It also participates in the browsing protocols which make up the Windows "Network Neighborhood" view. @@ -113,7 +113,7 @@ in enableWinbindd = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable Samba's winbindd, which provides a number of services to the Name Service Switch capability found in most modern C libraries, to arbitrary applications via PAM and ntlm_auth and to Samba itself. @@ -127,7 +127,7 @@ in invalidUsers = mkOption { type = types.listOf types.str; default = [ "root" ]; - description = lib.mdDoc '' + description = '' List of users who are denied to login via Samba. ''; }; @@ -135,7 +135,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Additional global section and extra section lines go in here. ''; example = '' @@ -147,7 +147,7 @@ in configText = mkOption { type = types.nullOr types.lines; default = null; - description = lib.mdDoc '' + description = '' Verbatim contents of smb.conf. If null (default), use the autogenerated file from NixOS instead. ''; @@ -156,13 +156,13 @@ in securityType = mkOption { type = types.enum [ "auto" "user" "domain" "ads" ]; default = "user"; - description = lib.mdDoc "Samba security type"; + description = "Samba security type"; }; nsswins = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to enable the WINS NSS (Name Service Switch) plug-in. Enabling it allows applications to resolve WINS/NetBIOS names (a.k.a. Windows machine names) by transparently querying the winbindd daemon. @@ -171,7 +171,7 @@ in shares = mkOption { default = {}; - description = lib.mdDoc '' + description = '' A set describing shared resources. See {command}`man smb.conf` for options. ''; diff --git a/nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix b/nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix index d016d4a38fb9..cfda62020a1e 100644 --- a/nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix +++ b/nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix @@ -12,21 +12,21 @@ in options = { nickname = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The nickname of this Tahoe introducer. ''; }; tub.port = mkOption { default = 3458; type = types.port; - description = lib.mdDoc '' + description = '' The port on which the introducer will listen. ''; }; tub.location = mkOption { default = null; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' The external location that the introducer should listen on. If specified, the port should be included. @@ -35,7 +35,7 @@ in package = mkPackageOption pkgs "tahoelafs" { }; }; }); - description = lib.mdDoc '' + description = '' The Tahoe introducers. ''; }; @@ -45,14 +45,14 @@ in options = { nickname = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The nickname of this Tahoe node. ''; }; tub.port = mkOption { default = 3457; type = types.port; - description = lib.mdDoc '' + description = '' The port on which the tub will listen. This is the correct setting to tweak if you want Tahoe's storage @@ -62,7 +62,7 @@ in tub.location = mkOption { default = null; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' The external location that the node should listen on. This is the setting to tweak if there are multiple interfaces @@ -74,7 +74,7 @@ in web.port = mkOption { default = 3456; type = types.port; - description = lib.mdDoc '' + description = '' The port on which the Web server will listen. This is the correct setting to tweak if you want Tahoe's WUI to @@ -84,7 +84,7 @@ in client.introducer = mkOption { default = null; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' The furl for a Tahoe introducer node. Like all furls, keep this safe and don't share it. @@ -93,7 +93,7 @@ in client.helper = mkOption { default = null; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' The furl for a Tahoe helper node. Like all furls, keep this safe and don't share it. @@ -102,14 +102,14 @@ in client.shares.needed = mkOption { default = 3; type = types.int; - description = lib.mdDoc '' + description = '' The number of shares required to reconstitute a file. ''; }; client.shares.happy = mkOption { default = 7; type = types.int; - description = lib.mdDoc '' + description = '' The number of distinct storage nodes required to store a file. ''; @@ -117,24 +117,24 @@ in client.shares.total = mkOption { default = 10; type = types.int; - description = lib.mdDoc '' + description = '' The number of shares required to store a file. ''; }; - storage.enable = mkEnableOption (lib.mdDoc "storage service"); + storage.enable = mkEnableOption "storage service"; storage.reservedSpace = mkOption { default = "1G"; type = types.str; - description = lib.mdDoc '' + description = '' The amount of filesystem space to not use for storage. ''; }; - helper.enable = mkEnableOption (lib.mdDoc "helper service"); - sftpd.enable = mkEnableOption (lib.mdDoc "SFTP service"); + helper.enable = mkEnableOption "helper service"; + sftpd.enable = mkEnableOption "SFTP service"; sftpd.port = mkOption { default = null; type = types.nullOr types.int; - description = lib.mdDoc '' + description = '' The port on which the SFTP server will listen. This is the correct setting to tweak if you want Tahoe's SFTP @@ -144,35 +144,35 @@ in sftpd.hostPublicKeyFile = mkOption { default = null; type = types.nullOr types.path; - description = lib.mdDoc '' + description = '' Path to the SSH host public key. ''; }; sftpd.hostPrivateKeyFile = mkOption { default = null; type = types.nullOr types.path; - description = lib.mdDoc '' + description = '' Path to the SSH host private key. ''; }; sftpd.accounts.file = mkOption { default = null; type = types.nullOr types.path; - description = lib.mdDoc '' + description = '' Path to the accounts file. ''; }; sftpd.accounts.url = mkOption { default = null; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' URL of the accounts server. ''; }; package = mkPackageOption pkgs "tahoelafs" { }; }; }); - description = lib.mdDoc '' + description = '' The Tahoe nodes. ''; }; diff --git a/nixpkgs/nixos/modules/services/network-filesystems/u9fs.nix b/nixpkgs/nixos/modules/services/network-filesystems/u9fs.nix index d6968b2cb826..2233d6f2a60d 100644 --- a/nixpkgs/nixos/modules/services/network-filesystems/u9fs.nix +++ b/nixpkgs/nixos/modules/services/network-filesystems/u9fs.nix @@ -14,14 +14,14 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to run the u9fs 9P server for Unix."; + description = "Whether to run the u9fs 9P server for Unix."; }; listenStreams = mkOption { type = types.listOf types.str; default = [ "564" ]; example = [ "192.168.16.1:564" ]; - description = lib.mdDoc '' + description = '' Sockets to listen for clients on. See {command}`man 5 systemd.socket` for socket syntax. ''; @@ -30,16 +30,14 @@ in user = mkOption { type = types.str; default = "nobody"; - description = - lib.mdDoc "User to run u9fs under."; + description = "User to run u9fs under."; }; extraArgs = mkOption { type = types.str; default = ""; example = "-a none"; - description = - lib.mdDoc '' + description = '' Extra arguments to pass on invocation, see {command}`man 4 u9fs` ''; diff --git a/nixpkgs/nixos/modules/services/network-filesystems/webdav-server-rs.nix b/nixpkgs/nixos/modules/services/network-filesystems/webdav-server-rs.nix index 34e717025e64..7e83d78db5b0 100644 --- a/nixpkgs/nixos/modules/services/network-filesystems/webdav-server-rs.nix +++ b/nixpkgs/nixos/modules/services/network-filesystems/webdav-server-rs.nix @@ -14,30 +14,30 @@ in { options = { services.webdav-server-rs = { - enable = mkEnableOption (lib.mdDoc "WebDAV server"); + enable = mkEnableOption "WebDAV server"; user = mkOption { type = types.str; default = "webdav"; - description = lib.mdDoc "User to run under when setuid is not enabled."; + description = "User to run under when setuid is not enabled."; }; group = mkOption { type = types.str; default = "webdav"; - description = lib.mdDoc "Group to run under when setuid is not enabled."; + description = "Group to run under when setuid is not enabled."; }; debug = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable debug mode."; + description = "Enable debug mode."; }; settings = mkOption { type = format.type; default = { }; - description = lib.mdDoc '' + description = '' Attrset that is converted and passed as config file. Available options can be found at [here](https://github.com/miquels/webdav-server-rs/blob/master/webdav-server.toml). @@ -79,7 +79,7 @@ in type = types.path; default = format.generate "webdav-server.toml" settings; defaultText = "Config file generated from services.webdav-server-rs.settings"; - description = lib.mdDoc '' + description = '' Path to config file. If this option is set, it will override any configuration done in services.webdav-server-rs.settings. ''; diff --git a/nixpkgs/nixos/modules/services/network-filesystems/webdav.nix b/nixpkgs/nixos/modules/services/network-filesystems/webdav.nix index a384e58c96bf..7e435fc65253 100644 --- a/nixpkgs/nixos/modules/services/network-filesystems/webdav.nix +++ b/nixpkgs/nixos/modules/services/network-filesystems/webdav.nix @@ -8,24 +8,24 @@ in { options = { services.webdav = { - enable = mkEnableOption (lib.mdDoc "WebDAV server"); + enable = mkEnableOption "WebDAV server"; user = mkOption { type = types.str; default = "webdav"; - description = lib.mdDoc "User account under which WebDAV runs."; + description = "User account under which WebDAV runs."; }; group = mkOption { type = types.str; default = "webdav"; - description = lib.mdDoc "Group under which WebDAV runs."; + description = "Group under which WebDAV runs."; }; settings = mkOption { type = format.type; default = { }; - description = lib.mdDoc '' + description = '' Attrset that is converted and passed as config file. Available options can be found at [here](https://github.com/hacdias/webdav). @@ -57,7 +57,7 @@ in type = types.path; default = format.generate "webdav.yaml" cfg.settings; defaultText = "Config file generated from services.webdav.settings"; - description = lib.mdDoc '' + description = '' Path to config file. If this option is set, it will override any configuration done in options.services.webdav.settings. ''; @@ -67,7 +67,7 @@ in environmentFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Environment file as defined in {manpage}`systemd.exec(5)`. ''; }; diff --git a/nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix b/nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix index 866661cf4e6f..78a0272c0567 100644 --- a/nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix +++ b/nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix @@ -89,12 +89,12 @@ in services.xtreemfs = { - enable = mkEnableOption (lib.mdDoc "XtreemFS"); + enable = mkEnableOption "XtreemFS"; homeDir = mkOption { type = types.path; default = "/var/lib/xtreemfs"; - description = lib.mdDoc '' + description = '' XtreemFS home dir for the xtreemfs user. ''; }; @@ -103,7 +103,7 @@ in enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable XtreemFS DIR service. ''; }; @@ -111,7 +111,7 @@ in uuid = mkOption { example = "eacb6bab-f444-4ebf-a06a-3f72d7465e40"; type = types.str; - description = lib.mdDoc '' + description = '' Must be set to a unique identifier, preferably a UUID according to RFC 4122. UUIDs can be generated with `uuidgen` command, found in the `util-linux` package. @@ -120,7 +120,7 @@ in port = mkOption { default = 32638; type = types.port; - description = lib.mdDoc '' + description = '' The port to listen on for incoming connections (TCP). ''; }; @@ -128,7 +128,7 @@ in type = types.str; example = "127.0.0.1"; default = ""; - description = lib.mdDoc '' + description = '' If specified, it defines the interface to listen on. If not specified, the service will listen on all interfaces (any). ''; @@ -136,7 +136,7 @@ in httpPort = mkOption { default = 30638; type = types.port; - description = lib.mdDoc '' + description = '' Specifies the listen port for the HTTP service that returns the status page. ''; @@ -145,7 +145,7 @@ in type = types.enum [ "ASYNC" "SYNC_WRITE_METADATA" "SYNC_WRITE" "FDATASYNC" "FSYNC" ]; default = "FSYNC"; example = "FDATASYNC"; - description = lib.mdDoc '' + description = '' The sync mode influences how operations are committed to the disk log before the operation is acknowledged to the caller. @@ -173,14 +173,14 @@ in ssl.trusted_certs.pw = jks_passphrase ssl.trusted_certs.container = jks ''; - description = lib.mdDoc '' + description = '' Configuration of XtreemFS DIR service. WARNING: configuration is saved as plaintext inside nix store. For more options: https://www.xtreemfs.org/xtfs-guide-1.5.1/index.html ''; }; replication = { - enable = mkEnableOption (lib.mdDoc "XtreemFS DIR replication plugin"); + enable = mkEnableOption "XtreemFS DIR replication plugin"; extraConfig = mkOption { type = types.lines; example = '' @@ -215,7 +215,7 @@ in babudb.ssl.authenticationWithoutEncryption = false ''; - description = lib.mdDoc '' + description = '' Configuration of XtreemFS DIR replication plugin. WARNING: configuration is saved as plaintext inside nix store. For more options: https://www.xtreemfs.org/xtfs-guide-1.5.1/index.html @@ -228,7 +228,7 @@ in enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable XtreemFS MRC service. ''; }; @@ -236,7 +236,7 @@ in uuid = mkOption { example = "eacb6bab-f444-4ebf-a06a-3f72d7465e41"; type = types.str; - description = lib.mdDoc '' + description = '' Must be set to a unique identifier, preferably a UUID according to RFC 4122. UUIDs can be generated with `uuidgen` command, found in the `util-linux` package. @@ -245,7 +245,7 @@ in port = mkOption { default = 32636; type = types.port; - description = lib.mdDoc '' + description = '' The port to listen on for incoming connections (TCP). ''; }; @@ -253,7 +253,7 @@ in example = "127.0.0.1"; type = types.str; default = ""; - description = lib.mdDoc '' + description = '' If specified, it defines the interface to listen on. If not specified, the service will listen on all interfaces (any). ''; @@ -261,7 +261,7 @@ in httpPort = mkOption { default = 30636; type = types.port; - description = lib.mdDoc '' + description = '' Specifies the listen port for the HTTP service that returns the status page. ''; @@ -270,7 +270,7 @@ in default = "FSYNC"; type = types.enum [ "ASYNC" "SYNC_WRITE_METADATA" "SYNC_WRITE" "FDATASYNC" "FSYNC" ]; example = "FDATASYNC"; - description = lib.mdDoc '' + description = '' The sync mode influences how operations are committed to the disk log before the operation is acknowledged to the caller. @@ -316,14 +316,14 @@ in ssl.trusted_certs.pw = jks_passphrase ssl.trusted_certs.container = jks ''; - description = lib.mdDoc '' + description = '' Configuration of XtreemFS MRC service. WARNING: configuration is saved as plaintext inside nix store. For more options: https://www.xtreemfs.org/xtfs-guide-1.5.1/index.html ''; }; replication = { - enable = mkEnableOption (lib.mdDoc "XtreemFS MRC replication plugin"); + enable = mkEnableOption "XtreemFS MRC replication plugin"; extraConfig = mkOption { type = types.lines; example = '' @@ -358,7 +358,7 @@ in babudb.ssl.authenticationWithoutEncryption = false ''; - description = lib.mdDoc '' + description = '' Configuration of XtreemFS MRC replication plugin. WARNING: configuration is saved as plaintext inside nix store. For more options: https://www.xtreemfs.org/xtfs-guide-1.5.1/index.html @@ -371,7 +371,7 @@ in enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable XtreemFS OSD service. ''; }; @@ -379,7 +379,7 @@ in uuid = mkOption { example = "eacb6bab-f444-4ebf-a06a-3f72d7465e42"; type = types.str; - description = lib.mdDoc '' + description = '' Must be set to a unique identifier, preferably a UUID according to RFC 4122. UUIDs can be generated with `uuidgen` command, found in the `util-linux` package. @@ -388,7 +388,7 @@ in port = mkOption { default = 32640; type = types.port; - description = lib.mdDoc '' + description = '' The port to listen on for incoming connections (TCP and UDP). ''; }; @@ -396,7 +396,7 @@ in example = "127.0.0.1"; type = types.str; default = ""; - description = lib.mdDoc '' + description = '' If specified, it defines the interface to listen on. If not specified, the service will listen on all interfaces (any). ''; @@ -404,7 +404,7 @@ in httpPort = mkOption { default = 30640; type = types.port; - description = lib.mdDoc '' + description = '' Specifies the listen port for the HTTP service that returns the status page. ''; @@ -435,7 +435,7 @@ in ssl.trusted_certs.pw = jks_passphrase ssl.trusted_certs.container = jks ''; - description = lib.mdDoc '' + description = '' Configuration of XtreemFS OSD service. WARNING: configuration is saved as plaintext inside nix store. For more options: https://www.xtreemfs.org/xtfs-guide-1.5.1/index.html diff --git a/nixpkgs/nixos/modules/services/network-filesystems/yandex-disk.nix b/nixpkgs/nixos/modules/services/network-filesystems/yandex-disk.nix index 1078df0bed25..de5d42a4bcde 100644 --- a/nixpkgs/nixos/modules/services/network-filesystems/yandex-disk.nix +++ b/nixpkgs/nixos/modules/services/network-filesystems/yandex-disk.nix @@ -23,7 +23,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable Yandex-disk client. See https://disk.yandex.ru/ ''; }; @@ -31,7 +31,7 @@ in username = mkOption { default = ""; type = types.str; - description = lib.mdDoc '' + description = '' Your yandex.com login name. ''; }; @@ -39,7 +39,7 @@ in password = mkOption { default = ""; type = types.str; - description = lib.mdDoc '' + description = '' Your yandex.com password. Warning: it will be world-readable in /nix/store. ''; }; @@ -47,7 +47,7 @@ in user = mkOption { default = null; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' The user the yandex-disk daemon should run as. ''; }; @@ -55,14 +55,14 @@ in directory = mkOption { type = types.path; default = "/home/Yandex.Disk"; - description = lib.mdDoc "The directory to use for Yandex.Disk storage"; + description = "The directory to use for Yandex.Disk storage"; }; excludes = mkOption { default = ""; type = types.commas; example = "data,backup"; - description = lib.mdDoc '' + description = '' Comma-separated list of directories which are excluded from synchronization. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/3proxy.nix b/nixpkgs/nixos/modules/services/networking/3proxy.nix index ef695a7f49fa..865916f7aff5 100644 --- a/nixpkgs/nixos/modules/services/networking/3proxy.nix +++ b/nixpkgs/nixos/modules/services/networking/3proxy.nix @@ -6,11 +6,11 @@ let optionalList = list: if list == [ ] then "*" else concatMapStringsSep "," toString list; in { options.services._3proxy = { - enable = mkEnableOption (lib.mdDoc "3proxy"); + enable = mkEnableOption "3proxy"; confFile = mkOption { type = types.path; example = "/var/lib/3proxy/3proxy.conf"; - description = lib.mdDoc '' + description = '' Ignore all other 3proxy options and load configuration from this file. ''; }; @@ -18,7 +18,7 @@ in { type = types.nullOr types.path; default = null; example = "/var/lib/3proxy/3proxy.passwd"; - description = lib.mdDoc '' + description = '' Load users and passwords from this file. Example users file with plain-text passwords: @@ -55,7 +55,7 @@ in { "udppm" ]; example = "proxy"; - description = lib.mdDoc '' + description = '' Service type. The following values are valid: - `"proxy"`: HTTP/HTTPS proxy (default port 3128). @@ -72,7 +72,7 @@ in { type = types.str; default = "[::]"; example = "127.0.0.1"; - description = lib.mdDoc '' + description = '' Address used for service. ''; }; @@ -80,7 +80,7 @@ in { type = types.nullOr types.int; default = null; example = 3128; - description = lib.mdDoc '' + description = '' Override default port used for service. ''; }; @@ -88,14 +88,14 @@ in { type = types.int; default = 100; example = 1000; - description = lib.mdDoc '' + description = '' Maximum number of simulationeous connections to this service. ''; }; auth = mkOption { type = types.listOf (types.enum [ "none" "iponly" "strong" ]); example = [ "iponly" "strong" ]; - description = lib.mdDoc '' + description = '' Authentication type. The following values are valid: - `"none"`: disables both authentication and authorization. You can not use ACLs. @@ -128,7 +128,7 @@ in { rule = mkOption { type = types.enum [ "allow" "deny" ]; example = "allow"; - description = lib.mdDoc '' + description = '' ACL rule. The following values are valid: - `"allow"`: connections allowed. @@ -139,7 +139,7 @@ in { type = types.listOf types.str; default = [ ]; example = [ "user1" "user2" "user3" ]; - description = lib.mdDoc '' + description = '' List of users, use empty list for any. ''; }; @@ -147,7 +147,7 @@ in { type = types.listOf types.str; default = [ ]; example = [ "127.0.0.1" "192.168.1.0/24" ]; - description = lib.mdDoc '' + description = '' List of source IP range, use empty list for any. ''; }; @@ -155,7 +155,7 @@ in { type = types.listOf types.str; default = [ ]; example = [ "127.0.0.1" "192.168.1.0/24" ]; - description = lib.mdDoc '' + description = '' List of target IP ranges, use empty list for any. May also contain host names instead of addresses. It's possible to use wildmask in the beginning and in the the end of hostname, e.g. `*badsite.com` or `*badcontent*`. @@ -166,7 +166,7 @@ in { type = types.listOf types.int; default = [ ]; example = [ 80 443 ]; - description = lib.mdDoc '' + description = '' List of target ports, use empty list for any. ''; }; @@ -188,7 +188,7 @@ in { } ] ''; - description = lib.mdDoc '' + description = '' Use this option to limit user access to resources. ''; }; @@ -196,7 +196,7 @@ in { type = types.nullOr types.str; default = null; example = "-46"; - description = lib.mdDoc '' + description = '' Extra arguments for service. Consult "Options" section in [documentation](https://github.com/z3APA3A/3proxy/wiki/3proxy.cfg) for available arguments. ''; @@ -204,7 +204,7 @@ in { extraConfig = mkOption { type = types.nullOr types.lines; default = null; - description = lib.mdDoc '' + description = '' Extra configuration for service. Use this to configure things like bandwidth limiter or ACL-based redirection. Consult [documentation](https://github.com/z3APA3A/3proxy/wiki/3proxy.cfg) for available options. ''; @@ -234,14 +234,14 @@ in { } ] ''; - description = lib.mdDoc '' + description = '' Use this option to define 3proxy services. ''; }; denyPrivate = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to deny access to private IP ranges including loopback. ''; }; @@ -258,7 +258,7 @@ in { "::1" "fc00::/7" ]; - description = lib.mdDoc '' + description = '' What IP ranges to deny access when denyPrivate is set tu true. ''; }; @@ -269,7 +269,7 @@ in { type = types.listOf types.str; default = [ ]; example = [ "127.0.0.53" "192.168.1.3:5353/tcp" ]; - description = lib.mdDoc '' + description = '' List of nameservers to use. Up to 5 nservers may be specified. If no nserver is configured, @@ -279,12 +279,12 @@ in { nscache = mkOption { type = types.int; default = 65535; - description = lib.mdDoc "Set name cache size for IPv4."; + description = "Set name cache size for IPv4."; }; nscache6 = mkOption { type = types.int; default = 65535; - description = lib.mdDoc "Set name cache size for IPv6."; + description = "Set name cache size for IPv6."; }; nsrecord = mkOption { type = types.attrsOf types.str; @@ -295,19 +295,19 @@ in { "site.local" = "192.168.1.43"; } ''; - description = lib.mdDoc "Adds static nsrecords."; + description = "Adds static nsrecords."; }; }; }; default = { }; - description = lib.mdDoc '' + description = '' Use this option to configure name resolution and DNS caching. ''; }; extraConfig = mkOption { type = types.nullOr types.lines; default = null; - description = lib.mdDoc '' + description = '' Extra configuration, appended to the 3proxy configuration file. Consult [documentation](https://github.com/z3APA3A/3proxy/wiki/3proxy.cfg) for available options. ''; diff --git a/nixpkgs/nixos/modules/services/networking/acme-dns.nix b/nixpkgs/nixos/modules/services/networking/acme-dns.nix index 08fde65e4ca4..08e0e1d17317 100644 --- a/nixpkgs/nixos/modules/services/networking/acme-dns.nix +++ b/nixpkgs/nixos/modules/services/networking/acme-dns.nix @@ -9,7 +9,6 @@ let format = pkgs.formats.toml { }; inherit (lib) literalExpression - mdDoc mkEnableOption mkOption mkPackageOption @@ -19,12 +18,12 @@ let in { options.services.acme-dns = { - enable = mkEnableOption (mdDoc "acme-dns"); + enable = mkEnableOption "acme-dns"; package = mkPackageOption pkgs "acme-dns" { }; settings = mkOption { - description = mdDoc '' + description = '' Free-form settings written directly to the `acme-dns.cfg` file. Refer to <https://github.com/joohoi/acme-dns/blob/master/README.md#configuration> for supported values. ''; @@ -37,38 +36,38 @@ in general = { listen = mkOption { type = types.str; - description = mdDoc "IP+port combination to bind and serve the DNS server on."; + description = "IP+port combination to bind and serve the DNS server on."; default = "[::]:53"; example = "127.0.0.1:53"; }; protocol = mkOption { type = types.enum [ "both" "both4" "both6" "udp" "udp4" "udp6" "tcp" "tcp4" "tcp6" ]; - description = mdDoc "Protocols to serve DNS responses on."; + description = "Protocols to serve DNS responses on."; default = "both"; }; domain = mkOption { type = types.str; - description = mdDoc "Domain name to serve the requests off of."; + description = "Domain name to serve the requests off of."; example = domain; }; nsname = mkOption { type = types.str; - description = mdDoc "Zone name server."; + description = "Zone name server."; example = domain; }; nsadmin = mkOption { type = types.str; - description = mdDoc "Zone admin email address for `SOA`."; + description = "Zone admin email address for `SOA`."; example = "admin.example.com"; }; records = mkOption { type = types.listOf types.str; - description = mdDoc "Predefined DNS records served in addition to the `_acme-challenge` TXT records."; + description = "Predefined DNS records served in addition to the `_acme-challenge` TXT records."; example = literalExpression '' [ # replace with your acme-dns server's public IPv4 @@ -85,12 +84,12 @@ in database = { engine = mkOption { type = types.enum [ "sqlite3" "postgres" ]; - description = mdDoc "Database engine to use."; + description = "Database engine to use."; default = "sqlite3"; }; connection = mkOption { type = types.str; - description = mdDoc "Database connection string."; + description = "Database connection string."; example = "postgres://user:password@localhost/acmedns"; default = "/var/lib/acme-dns/acme-dns.db"; }; @@ -99,14 +98,14 @@ in api = { ip = mkOption { type = types.str; - description = mdDoc "IP to bind the HTTP API on."; + description = "IP to bind the HTTP API on."; default = "[::]"; example = "127.0.0.1"; }; port = mkOption { type = types.port; - description = mdDoc "Listen port for the HTTP API."; + description = "Listen port for the HTTP API."; default = 8080; # acme-dns expects this value to be a string apply = toString; @@ -114,14 +113,14 @@ in disable_registration = mkOption { type = types.bool; - description = mdDoc "Whether to disable the HTTP registration endpoint."; + description = "Whether to disable the HTTP registration endpoint."; default = false; example = true; }; tls = mkOption { type = types.enum [ "letsencrypt" "letsencryptstaging" "cert" "none" ]; - description = mdDoc "TLS backend to use."; + description = "TLS backend to use."; default = "none"; }; }; @@ -130,7 +129,7 @@ in logconfig = { loglevel = mkOption { type = types.enum [ "error" "warning" "info" "debug" ]; - description = mdDoc "Level to log on."; + description = "Level to log on."; default = "info"; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/adguardhome.nix b/nixpkgs/nixos/modules/services/networking/adguardhome.nix index 399d838ccc69..df9927351edc 100644 --- a/nixpkgs/nixos/modules/services/networking/adguardhome.nix +++ b/nixpkgs/nixos/modules/services/networking/adguardhome.nix @@ -4,6 +4,7 @@ with lib; let cfg = config.services.adguardhome; + settingsFormat = pkgs.formats.yaml { }; args = concatStringsSep " " ([ "--no-check-update" @@ -12,41 +13,47 @@ let "--config /var/lib/AdGuardHome/AdGuardHome.yaml" ] ++ cfg.extraArgs); - configFile = pkgs.writeTextFile { - name = "AdGuardHome.yaml"; - text = builtins.toJSON cfg.settings; - checkPhase = "${pkgs.adguardhome}/bin/adguardhome -c $out --check-config"; - }; - defaultBindPort = 3000; - -in -{ - - imports = - let cfgPath = [ "services" "adguardhome" ]; - in - [ - (mkRenamedOptionModuleWith { sinceRelease = 2211; from = cfgPath ++ [ "host" ]; to = cfgPath ++ [ "settings" "bind_host" ]; }) - (mkRenamedOptionModuleWith { sinceRelease = 2211; from = cfgPath ++ [ "port" ]; to = cfgPath ++ [ "settings" "bind_port" ]; }) - ]; - + settings = if (cfg.settings != null) then + cfg.settings // (if cfg.settings.schema_version < 23 then { + bind_host = cfg.host; + bind_port = cfg.port; + } else { + http.address = "${cfg.host}:${toString cfg.port}"; + }) + else + null; + + configFile = + (settingsFormat.generate "AdGuardHome.yaml" settings).overrideAttrs (_: { + checkPhase = "${cfg.package}/bin/adguardhome -c $out --check-config"; + }); +in { options.services.adguardhome = with types; { - enable = mkEnableOption (lib.mdDoc "AdGuard Home network-wide ad blocker"); + enable = mkEnableOption "AdGuard Home network-wide ad blocker"; + + package = mkOption { + type = package; + default = pkgs.adguardhome; + defaultText = literalExpression "pkgs.adguardhome"; + description = '' + The package that runs adguardhome. + ''; + }; openFirewall = mkOption { default = false; type = bool; - description = lib.mdDoc '' + description = '' Open ports in the firewall for the AdGuard Home web interface. Does not open the port needed to access the DNS resolver. ''; }; allowDHCP = mkOption { - default = cfg.settings.dhcp.enabled or false; - defaultText = literalExpression ''config.services.adguardhome.settings.dhcp.enabled or false''; + default = settings.dhcp.enabled or false; + defaultText = literalExpression "config.services.adguardhome.settings.dhcp.enabled or false"; type = bool; - description = lib.mdDoc '' + description = '' Allows AdGuard Home to open raw sockets (`CAP_NET_RAW`), which is required for the integrated DHCP server. @@ -59,43 +66,45 @@ in mutableSettings = mkOption { default = true; type = bool; - description = lib.mdDoc '' + description = '' Allow changes made on the AdGuard Home web interface to persist between service restarts. ''; }; + host = mkOption { + default = "0.0.0.0"; + type = str; + description = '' + Host address to bind HTTP server to. + ''; + }; + + port = mkOption { + default = 3000; + type = port; + description = '' + Port to serve HTTP pages on. + ''; + }; + settings = mkOption { default = null; type = nullOr (submodule { - freeformType = (pkgs.formats.yaml { }).type; + freeformType = settingsFormat.type; options = { schema_version = mkOption { - default = pkgs.adguardhome.schema_version; - defaultText = literalExpression "pkgs.adguardhome.schema_version"; + default = cfg.package.schema_version; + defaultText = literalExpression "cfg.package.schema_version"; type = int; - description = lib.mdDoc '' + description = '' Schema version for the configuration. - Defaults to the `schema_version` supplied by `pkgs.adguardhome`. - ''; - }; - bind_host = mkOption { - default = "0.0.0.0"; - type = str; - description = lib.mdDoc '' - Host address to bind HTTP server to. - ''; - }; - bind_port = mkOption { - default = defaultBindPort; - type = port; - description = lib.mdDoc '' - Port to serve HTTP pages on. + Defaults to the `schema_version` supplied by `cfg.package`. ''; }; }; }); - description = lib.mdDoc '' + description = '' AdGuard Home configuration. Refer to <https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration#configuration-file> for details on supported values. @@ -107,7 +116,7 @@ in Set this to `null` (default) for a non-declarative configuration without any Nix-supplied values. - Declarative configurations are supplied with a default `schema_version`, `bind_host`, and `bind_port`. + Declarative configurations are supplied with a default `schema_version`, and `http.address`. ::: ''; }; @@ -115,7 +124,7 @@ in extraArgs = mkOption { default = [ ]; type = listOf str; - description = lib.mdDoc '' + description = '' Extra command line parameters to be passed to the adguardhome binary. ''; }; @@ -124,17 +133,25 @@ in config = mkIf cfg.enable { assertions = [ { - assertion = cfg.settings != null -> cfg.mutableSettings - || (hasAttrByPath [ "dns" "bind_host" ] cfg.settings) - || (hasAttrByPath [ "dns" "bind_hosts" ] cfg.settings); - message = - "AdGuard setting dns.bind_host or dns.bind_hosts needs to be configured for a minimal working configuration"; + assertion = cfg.settings != null + -> !(hasAttrByPath [ "bind_host" ] cfg.settings); + message = "AdGuard option `settings.bind_host' has been superseded by `services.adguardhome.host'"; + } + { + assertion = cfg.settings != null + -> !(hasAttrByPath [ "bind_port" ] cfg.settings); + message = "AdGuard option `settings.bind_host' has been superseded by `services.adguardhome.port'"; + } + { + assertion = settings != null -> cfg.mutableSettings + || hasAttrByPath [ "dns" "bootstrap_dns" ] settings; + message = "AdGuard setting dns.bootstrap_dns needs to be configured for a minimal working configuration"; } { - assertion = cfg.settings != null -> cfg.mutableSettings - || hasAttrByPath [ "dns" "bootstrap_dns" ] cfg.settings; - message = - "AdGuard setting dns.bootstrap_dns needs to be configured for a minimal working configuration"; + assertion = settings != null -> cfg.mutableSettings + || hasAttrByPath [ "dns" "bootstrap_dns" ] settings + && isList settings.dns.bootstrap_dns; + message = "AdGuard setting dns.bootstrap_dns needs to be a list"; } ]; @@ -147,7 +164,7 @@ in StartLimitBurst = 10; }; - preStart = optionalString (cfg.settings != null) '' + preStart = optionalString (settings != null) '' if [ -e "$STATE_DIRECTORY/AdGuardHome.yaml" ] \ && [ "${toString cfg.mutableSettings}" = "1" ]; then # Writing directly to AdGuardHome.yaml results in empty file @@ -161,8 +178,9 @@ in serviceConfig = { DynamicUser = true; - ExecStart = "${pkgs.adguardhome}/bin/adguardhome ${args}"; - AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ] ++ optionals cfg.allowDHCP [ "CAP_NET_RAW" ]; + ExecStart = "${cfg.package}/bin/adguardhome ${args}"; + AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ] + ++ optionals cfg.allowDHCP [ "CAP_NET_RAW" ]; Restart = "always"; RestartSec = 10; RuntimeDirectory = "AdGuardHome"; @@ -170,6 +188,6 @@ in }; }; - networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.settings.bind_port or defaultBindPort ]; + networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.port ]; }; } diff --git a/nixpkgs/nixos/modules/services/networking/alice-lg.nix b/nixpkgs/nixos/modules/services/networking/alice-lg.nix index fbf127d9410f..dab2d38ca353 100644 --- a/nixpkgs/nixos/modules/services/networking/alice-lg.nix +++ b/nixpkgs/nixos/modules/services/networking/alice-lg.nix @@ -9,14 +9,14 @@ in { options = { services.alice-lg = { - enable = mkEnableOption (lib.mdDoc "Alice Looking Glass"); + enable = mkEnableOption "Alice Looking Glass"; package = mkPackageOption pkgs "alice-lg" { }; settings = mkOption { type = settingsFormat.type; default = { }; - description = lib.mdDoc '' + description = '' alice-lg configuration, for configuration options see the example on [github](https://github.com/alice-lg/alice-lg/blob/main/etc/alice-lg/alice.example.conf) ''; example = literalExpression '' diff --git a/nixpkgs/nixos/modules/services/networking/amuled.nix b/nixpkgs/nixos/modules/services/networking/amuled.nix index 1cd543358196..aa72a047526b 100644 --- a/nixpkgs/nixos/modules/services/networking/amuled.nix +++ b/nixpkgs/nixos/modules/services/networking/amuled.nix @@ -19,7 +19,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to run the AMule daemon. You need to manually run "amuled --ec-config" to configure the service for the first time. ''; }; @@ -30,7 +30,7 @@ in defaultText = literalExpression '' "/home/''${config.${opt.user}}/" ''; - description = lib.mdDoc '' + description = '' The directory holding configuration, incoming and temporary files. ''; }; @@ -38,7 +38,7 @@ in user = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The user the AMule daemon should run as. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/antennas.nix b/nixpkgs/nixos/modules/services/networking/antennas.nix index c0e56890864a..ef98af22f20f 100644 --- a/nixpkgs/nixos/modules/services/networking/antennas.nix +++ b/nixpkgs/nixos/modules/services/networking/antennas.nix @@ -8,30 +8,30 @@ in { options = { services.antennas = { - enable = mkEnableOption (lib.mdDoc "Antennas"); + enable = mkEnableOption "Antennas"; tvheadendUrl = mkOption { type = types.str; default = "http://localhost:9981"; - description = lib.mdDoc "URL of Tvheadend."; + description = "URL of Tvheadend."; }; antennasUrl = mkOption { type = types.str; default = "http://127.0.0.1:5004"; - description = lib.mdDoc "URL of Antennas."; + description = "URL of Antennas."; }; tunerCount = mkOption { type = types.int; default = 6; - description = lib.mdDoc "Numbers of tuners in tvheadend."; + description = "Numbers of tuners in tvheadend."; }; deviceUUID = mkOption { type = types.str; default = "2f70c0d7-90a3-4429-8275-cbeeee9cd605"; - description = lib.mdDoc "Device tuner UUID. Change this if you are running multiple instances."; + description = "Device tuner UUID. Change this if you are running multiple instances."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/aria2.nix b/nixpkgs/nixos/modules/services/networking/aria2.nix index 1fb55b836798..f32f5682c980 100644 --- a/nixpkgs/nixos/modules/services/networking/aria2.nix +++ b/nixpkgs/nixos/modules/services/networking/aria2.nix @@ -31,7 +31,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether or not to enable the headless Aria2 daemon service. Aria2 daemon can be controlled via the RPC interface using @@ -44,7 +44,7 @@ in openPorts = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Open listen and RPC ports found in listenPortRange and rpcListenPort options in the firewall. ''; @@ -52,26 +52,26 @@ in downloadDir = mkOption { type = types.path; default = downloadDir; - description = lib.mdDoc '' + description = '' Directory to store downloaded files. ''; }; listenPortRange = mkOption { type = types.listOf types.attrs; default = [ { from = 6881; to = 6999; } ]; - description = lib.mdDoc '' + description = '' Set UDP listening port range used by DHT(IPv4, IPv6) and UDP tracker. ''; }; rpcListenPort = mkOption { type = types.int; default = 6800; - description = lib.mdDoc "Specify a port number for JSON-RPC/XML-RPC server to listen to. Possible Values: 1024-65535"; + description = "Specify a port number for JSON-RPC/XML-RPC server to listen to. Possible Values: 1024-65535"; }; rpcSecretFile = mkOption { type = types.path; example = "/run/secrets/aria2-rpc-token.txt"; - description = lib.mdDoc '' + description = '' A file containing the RPC secret authorization token. Read https://aria2.github.io/manual/en/html/aria2c.html#rpc-auth to know how this option value is used. ''; @@ -80,7 +80,7 @@ in type = types.separatedString " "; example = "--rpc-listen-all --remote-time=true"; default = ""; - description = lib.mdDoc '' + description = '' Additional arguments to be passed to Aria2. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/asterisk.nix b/nixpkgs/nixos/modules/services/networking/asterisk.nix index 78a69efc86af..187dd5c3ccab 100644 --- a/nixpkgs/nixos/modules/services/networking/asterisk.nix +++ b/nixpkgs/nixos/modules/services/networking/asterisk.nix @@ -59,7 +59,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the Asterisk PBX server. ''; }; @@ -72,7 +72,7 @@ in verbose=3 debug=3 ''; - description = lib.mdDoc '' + description = '' Extra configuration options appended to the default `asterisk.conf` file. ''; @@ -127,7 +127,7 @@ in '''; } ''; - description = lib.mdDoc '' + description = '' Sets the content of config files (typically ending with `.conf`) in the Asterisk configuration directory. @@ -148,7 +148,7 @@ in default = [ "ari.conf" "acl.conf" "agents.conf" "amd.conf" "calendar.conf" "cdr.conf" "cdr_syslog.conf" "cdr_custom.conf" "cel.conf" "cel_custom.conf" "cli_aliases.conf" "confbridge.conf" "dundi.conf" "features.conf" "hep.conf" "iax.conf" "pjsip.conf" "pjsip_wizard.conf" "phone.conf" "phoneprov.conf" "queues.conf" "res_config_sqlite3.conf" "res_parking.conf" "statsd.conf" "udptl.conf" "unistim.conf" ]; type = types.listOf types.str; example = [ "sip.conf" "dundi.conf" ]; - description = lib.mdDoc ''Sets these config files to the default content. The default value for + description = ''Sets these config files to the default content. The default value for this option contains all necesscary files to avoid errors at startup. This does not override settings via {option}`services.asterisk.confFiles`. ''; @@ -159,7 +159,7 @@ in type = types.listOf types.str; example = [ "-vvvddd" "-e" "1024" ]; - description = lib.mdDoc '' + description = '' Additional command line arguments to pass to Asterisk. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/atftpd.nix b/nixpkgs/nixos/modules/services/networking/atftpd.nix index e31b447e6c5b..da5e305201f8 100644 --- a/nixpkgs/nixos/modules/services/networking/atftpd.nix +++ b/nixpkgs/nixos/modules/services/networking/atftpd.nix @@ -19,7 +19,7 @@ in enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to enable the atftpd TFTP server. By default, the server binds to address 0.0.0.0. ''; @@ -33,7 +33,7 @@ in "--verbose=7" ] ''; - description = lib.mdDoc '' + description = '' Extra command line arguments to pass to atftp. ''; }; @@ -41,7 +41,7 @@ in root = mkOption { default = "/srv/tftp"; type = types.path; - description = lib.mdDoc '' + description = '' Document root directory for the atftpd. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/autossh.nix b/nixpkgs/nixos/modules/services/networking/autossh.nix index ed9c07d9a147..245f2bfc2cf3 100644 --- a/nixpkgs/nixos/modules/services/networking/autossh.nix +++ b/nixpkgs/nixos/modules/services/networking/autossh.nix @@ -22,18 +22,18 @@ in name = mkOption { type = types.str; example = "socks-peer"; - description = lib.mdDoc "Name of the local AutoSSH session"; + description = "Name of the local AutoSSH session"; }; user = mkOption { type = types.str; example = "bill"; - description = lib.mdDoc "Name of the user the AutoSSH session should run as"; + description = "Name of the user the AutoSSH session should run as"; }; monitoringPort = mkOption { type = types.int; default = 0; example = 20000; - description = lib.mdDoc '' + description = '' Port to be used by AutoSSH for peer monitoring. Note, that AutoSSH also uses mport+1. Value of 0 disables the keep-alive style monitoring @@ -42,7 +42,7 @@ in extraArguments = mkOption { type = types.separatedString " "; example = "-N -D4343 bill@socks.example.net"; - description = lib.mdDoc '' + description = '' Arguments to be passed to AutoSSH and retransmitted to SSH process. Some meaningful options include -N (don't run remote command), -D (open SOCKS proxy on local port), -R (forward @@ -54,7 +54,7 @@ in }); default = []; - description = lib.mdDoc '' + description = '' List of AutoSSH sessions to start as systemd services. Each service is named 'autossh-{session.name}'. ''; diff --git a/nixpkgs/nixos/modules/services/networking/avahi-daemon.nix b/nixpkgs/nixos/modules/services/networking/avahi-daemon.nix index 782681018116..8bb8e71ec3fb 100644 --- a/nixpkgs/nixos/modules/services/networking/avahi-daemon.nix +++ b/nixpkgs/nixos/modules/services/networking/avahi-daemon.nix @@ -49,7 +49,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to run the Avahi daemon, which allows Avahi clients to use Avahi's service discovery facilities and also allows the local machine to advertise its presence and services @@ -63,7 +63,7 @@ in type = types.str; default = config.networking.hostName; defaultText = literalExpression "config.networking.hostName"; - description = lib.mdDoc '' + description = '' Host name advertised on the LAN. If not set, avahi will use the value of {option}`config.networking.hostName`. ''; @@ -72,7 +72,7 @@ in domainName = mkOption { type = types.str; default = "local"; - description = lib.mdDoc '' + description = '' Domain name for all advertisements. ''; }; @@ -81,7 +81,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "0pointer.de" "zeroconf.org" ]; - description = lib.mdDoc '' + description = '' List of non-local DNS domains to be browsed. ''; }; @@ -89,19 +89,19 @@ in ipv4 = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to use IPv4."; + description = "Whether to use IPv4."; }; ipv6 = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to use IPv6."; + description = "Whether to use IPv6."; }; allowInterfaces = mkOption { type = types.nullOr (types.listOf types.str); default = null; - description = lib.mdDoc '' + description = '' List of network interfaces that should be used by the {command}`avahi-daemon`. Other interfaces will be ignored. If `null`, all local interfaces except loopback and point-to-point will be used. @@ -111,7 +111,7 @@ in denyInterfaces = mkOption { type = types.nullOr (types.listOf types.str); default = null; - description = lib.mdDoc '' + description = '' List of network interfaces that should be ignored by the {command}`avahi-daemon`. Other unspecified interfaces will be used, unless {option}`allowInterfaces` is set. This option takes precedence @@ -122,7 +122,7 @@ in openFirewall = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to open the firewall for UDP port 5353. Disabling this setting also disables discovering of network devices. ''; @@ -131,7 +131,7 @@ in allowPointToPoint = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to use POINTTOPOINT interfaces. Might make mDNS unreliable due to usually large latencies with such links and opens a potential security hole by allowing mDNS access from Internet connections. @@ -141,13 +141,13 @@ in wideArea = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to enable wide-area service discovery."; + description = "Whether to enable wide-area service discovery."; }; reflector = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Reflect incoming mDNS requests to all allowed network interfaces."; + description = "Reflect incoming mDNS requests to all allowed network interfaces."; }; extraServiceFiles = mkOption { @@ -169,7 +169,7 @@ in '''; } ''; - description = lib.mdDoc '' + description = '' Specify custom service definitions which are placed in the avahi service directory. See the {manpage}`avahi.service(5)` manpage for detailed information. ''; @@ -179,25 +179,25 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to allow publishing in general."; + description = "Whether to allow publishing in general."; }; userServices = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to publish user services. Will set `addresses=true`."; + description = "Whether to publish user services. Will set `addresses=true`."; }; addresses = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to register mDNS address records for all local IP addresses."; + description = "Whether to register mDNS address records for all local IP addresses."; }; hinfo = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to register a mDNS HINFO record which contains information about the local operating system and CPU. ''; @@ -206,7 +206,7 @@ in workstation = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to register a service of type "_workstation._tcp" on the local LAN. ''; }; @@ -214,14 +214,14 @@ in domain = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to announce the locally used domain name for browsing by other hosts."; + description = "Whether to announce the locally used domain name for browsing by other hosts."; }; }; nssmdns4 = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the mDNS NSS (Name Service Switch) plug-in for IPv4. Enabling it allows applications to resolve names in the `.local` domain by transparently querying the Avahi daemon. @@ -231,7 +231,7 @@ in nssmdns6 = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the mDNS NSS (Name Service Switch) plug-in for IPv6. Enabling it allows applications to resolve names in the `.local` domain by transparently querying the Avahi daemon. @@ -246,7 +246,7 @@ in cacheEntriesMax = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' Number of resource records to be cached per interface. Use 0 to disable caching. Avahi daemon defaults to 4096 if not set. ''; @@ -255,7 +255,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra config to append to avahi-daemon.conf. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/babeld.nix b/nixpkgs/nixos/modules/services/networking/babeld.nix index ff1ac6998ee9..5a3e92d9c813 100644 --- a/nixpkgs/nixos/modules/services/networking/babeld.nix +++ b/nixpkgs/nixos/modules/services/networking/babeld.nix @@ -40,11 +40,11 @@ in services.babeld = { - enable = mkEnableOption (lib.mdDoc "the babeld network routing daemon"); + enable = mkEnableOption "the babeld network routing daemon"; interfaceDefaults = mkOption { default = null; - description = lib.mdDoc '' + description = '' A set describing default parameters for babeld interfaces. See {manpage}`babeld(8)` for options. ''; @@ -58,7 +58,7 @@ in interfaces = mkOption { default = {}; - description = lib.mdDoc '' + description = '' A set describing babeld interfaces. See {manpage}`babeld(8)` for options. ''; @@ -75,7 +75,7 @@ in extraConfig = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Options that will be copied to babeld.conf. See {manpage}`babeld(8)` for details. ''; diff --git a/nixpkgs/nixos/modules/services/networking/bee.nix b/nixpkgs/nixos/modules/services/networking/bee.nix index a4d20494bf6b..da11ac9399ab 100644 --- a/nixpkgs/nixos/modules/services/networking/bee.nix +++ b/nixpkgs/nixos/modules/services/networking/bee.nix @@ -15,7 +15,7 @@ in { options = { services.bee = { - enable = mkEnableOption (lib.mdDoc "Ethereum Swarm Bee"); + enable = mkEnableOption "Ethereum Swarm Bee"; package = mkPackageOption pkgs "bee" { example = "bee-unstable"; @@ -23,7 +23,7 @@ in { settings = mkOption { type = format.type; - description = lib.mdDoc '' + description = '' Ethereum Swarm Bee configuration. Refer to <https://gateway.ethswarm.org/bzz/docs.swarm.eth/docs/installation/configuration/> for details on supported values. @@ -33,7 +33,7 @@ in { daemonNiceLevel = mkOption { type = types.int; default = 0; - description = lib.mdDoc '' + description = '' Daemon process priority for bee. 0 is the default Unix process priority, 19 is the lowest. ''; @@ -42,7 +42,7 @@ in { user = mkOption { type = types.str; default = "bee"; - description = lib.mdDoc '' + description = '' User the bee binary should execute under. ''; }; @@ -50,7 +50,7 @@ in { group = mkOption { type = types.str; default = "bee"; - description = lib.mdDoc '' + description = '' Group the bee binary should execute under. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/biboumi.nix b/nixpkgs/nixos/modules/services/networking/biboumi.nix index d44a46b35a29..d92290626c31 100644 --- a/nixpkgs/nixos/modules/services/networking/biboumi.nix +++ b/nixpkgs/nixos/modules/services/networking/biboumi.nix @@ -15,10 +15,10 @@ in { options = { services.biboumi = { - enable = mkEnableOption (lib.mdDoc "the Biboumi XMPP gateway to IRC"); + enable = mkEnableOption "the Biboumi XMPP gateway to IRC"; settings = mkOption { - description = lib.mdDoc '' + description = '' See [biboumi 8.5](https://lab.louiz.org/louiz/biboumi/blob/8.5/doc/biboumi.1.rst) for documentation. ''; @@ -33,7 +33,7 @@ in default = []; example = ["admin@example.org"]; apply = concatStringsSep ":"; - description = lib.mdDoc '' + description = '' The bare JID of the gateway administrator. This JID will have more privileges than other standard users, for example some administration ad-hoc commands will only be available to that JID. @@ -42,7 +42,7 @@ in options.ca_file = mkOption { type = types.path; default = "/etc/ssl/certs/ca-certificates.crt"; - description = lib.mdDoc '' + description = '' Specifies which file should be used as the list of trusted CA when negotiating a TLS session. ''; @@ -50,7 +50,7 @@ in options.db_name = mkOption { type = with types; either path str; default = "${stateDir}/biboumi.sqlite"; - description = lib.mdDoc '' + description = '' The name of the database to use. ''; example = "postgresql://user:secret@localhost"; @@ -58,7 +58,7 @@ in options.hostname = mkOption { type = types.str; example = "biboumi.example.org"; - description = lib.mdDoc '' + description = '' The hostname served by the XMPP gateway. This domain must be configured in the XMPP server as an external component. @@ -68,21 +68,21 @@ in type = types.port; default = 113; example = 0; - description = lib.mdDoc '' + description = '' The TCP port on which to listen for identd queries. ''; }; options.log_level = mkOption { type = types.ints.between 0 3; default = 1; - description = lib.mdDoc '' + description = '' Indicate what type of log messages to write in the logs. 0 is debug, 1 is info, 2 is warning, 3 is error. ''; }; options.password = mkOption { type = with types; nullOr str; - description = lib.mdDoc '' + description = '' The password used to authenticate the XMPP component to your XMPP server. This password must be configured in the XMPP server, associated with the external component on @@ -95,7 +95,7 @@ in options.persistent_by_default = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether all rooms will be persistent by default: the value of the “persistent” option in the global configuration of each user will be “true”, but the value of each individual room will still @@ -107,7 +107,7 @@ in type = types.path; default = "${pkgs.biboumi}/etc/biboumi"; defaultText = literalExpression ''"''${pkgs.biboumi}/etc/biboumi"''; - description = lib.mdDoc '' + description = '' A directory that should contain the policy files, used to customize Botan’s behaviour when negotiating the TLS connections with the IRC servers. @@ -116,14 +116,14 @@ in options.port = mkOption { type = types.port; default = 5347; - description = lib.mdDoc '' + description = '' The TCP port to use to connect to the local XMPP component. ''; }; options.realname_customization = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether the users will be able to use the ad-hoc commands that lets them configure their realname and username. @@ -132,7 +132,7 @@ in options.realname_from_jid = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether the realname and username of each biboumi user will be extracted from their JID. Otherwise they will be set to the nick @@ -142,7 +142,7 @@ in options.xmpp_server_ip = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc '' + description = '' The IP address to connect to the XMPP server on. The connection to the XMPP server is unencrypted, so the biboumi instance and the server should @@ -154,7 +154,7 @@ in credentialsFile = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' Path to a configuration file to be merged with the settings. Beware not to surround "=" with spaces when setting biboumi's options in this file. Useful to merge a file which is better kept out of the Nix store @@ -165,7 +165,7 @@ in example = "/run/keys/biboumi.cfg"; }; - openFirewall = mkEnableOption (lib.mdDoc "opening of the identd port in the firewall"); + openFirewall = mkEnableOption "opening of the identd port in the firewall"; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/bind.nix b/nixpkgs/nixos/modules/services/networking/bind.nix index da8633d5066f..03c20f3fe3d3 100644 --- a/nixpkgs/nixos/modules/services/networking/bind.nix +++ b/nixpkgs/nixos/modules/services/networking/bind.nix @@ -17,28 +17,28 @@ let name = mkOption { type = types.str; default = name; - description = lib.mdDoc "Name of the zone."; + description = "Name of the zone."; }; master = mkOption { - description = lib.mdDoc "Master=false means slave server"; + description = "Master=false means slave server"; type = types.bool; }; file = mkOption { type = types.either types.str types.path; - description = lib.mdDoc "Zone file resource records contain columns of data, separated by whitespace, that define the record."; + description = "Zone file resource records contain columns of data, separated by whitespace, that define the record."; }; masters = mkOption { type = types.listOf types.str; - description = lib.mdDoc "List of servers for inclusion in stub and secondary zones."; + description = "List of servers for inclusion in stub and secondary zones."; }; slaves = mkOption { type = types.listOf types.str; - description = lib.mdDoc "Addresses who may request zone transfers."; + description = "Addresses who may request zone transfers."; default = [ ]; }; allowQuery = mkOption { type = types.listOf types.str; - description = lib.mdDoc '' + description = '' List of address ranges allowed to query this zone. Instead of the address(es), this may instead contain the single string "any". @@ -49,7 +49,7 @@ let }; extraConfig = mkOption { type = types.str; - description = lib.mdDoc "Extra zone config to be appended at the end of the zone section."; + description = "Extra zone config to be appended at the end of the zone section."; default = ""; }; }; @@ -115,15 +115,15 @@ in services.bind = { - enable = mkEnableOption (lib.mdDoc "BIND domain name server"); + enable = mkEnableOption "BIND domain name server"; package = mkPackageOption pkgs "bind" { }; cacheNetworks = mkOption { - default = [ "127.0.0.0/24" ]; + default = [ "127.0.0.0/24" "::1/128" ]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' What networks are allowed to use us as a resolver. Note that this is for recursive queries -- all networks are allowed to query zones configured with the `zones` option @@ -137,7 +137,7 @@ in blockedNetworks = mkOption { default = [ ]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' What networks are just blocked. ''; }; @@ -145,7 +145,7 @@ in ipv4Only = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Only use ipv4, even if the host supports ipv6. ''; }; @@ -154,7 +154,7 @@ in default = config.networking.nameservers; defaultText = literalExpression "config.networking.nameservers"; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' List of servers we should forward requests to. ''; }; @@ -162,7 +162,7 @@ in forward = mkOption { default = "first"; type = types.enum ["first" "only"]; - description = lib.mdDoc '' + description = '' Whether to forward 'first' (try forwarding but lookup directly if forwarding fails) or 'only'. ''; }; @@ -170,7 +170,7 @@ in listenOn = mkOption { default = [ "any" ]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' Interfaces to listen on. ''; }; @@ -178,7 +178,7 @@ in listenOnIpv6 = mkOption { default = [ "any" ]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' Ipv6 interfaces to listen on. ''; }; @@ -186,13 +186,13 @@ in directory = mkOption { type = types.str; default = "/run/named"; - description = lib.mdDoc "Working directory of BIND."; + description = "Working directory of BIND."; }; zones = mkOption { default = [ ]; type = with types; coercedTo (listOf attrs) bindZoneCoerce (attrsOf (types.submodule bindZoneOptions)); - description = lib.mdDoc '' + description = '' List of zones we claim authority over. ''; example = { @@ -209,7 +209,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra lines to be added verbatim to the generated named configuration file. ''; }; @@ -217,7 +217,7 @@ in extraOptions = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra lines to be added verbatim to the options section of the generated named configuration file. ''; @@ -227,7 +227,7 @@ in type = types.path; default = confFile; defaultText = literalExpression "confFile"; - description = lib.mdDoc '' + description = '' Overridable config file to use for named. By default, that generated by nixos. ''; diff --git a/nixpkgs/nixos/modules/services/networking/bird-lg.nix b/nixpkgs/nixos/modules/services/networking/bird-lg.nix index 1c59f7a6ae7c..0c69b72fec10 100644 --- a/nixpkgs/nixos/modules/services/networking/bird-lg.nix +++ b/nixpkgs/nixos/modules/services/networking/bird-lg.nix @@ -56,123 +56,123 @@ in user = mkOption { type = types.str; default = "bird-lg"; - description = lib.mdDoc "User to run the service."; + description = "User to run the service."; }; group = mkOption { type = types.str; default = "bird-lg"; - description = lib.mdDoc "Group to run the service."; + description = "Group to run the service."; }; frontend = { - enable = mkEnableOption (lib.mdDoc "Bird Looking Glass Frontend Webserver"); + enable = mkEnableOption "Bird Looking Glass Frontend Webserver"; listenAddress = mkOption { type = types.str; default = "127.0.0.1:5000"; - description = lib.mdDoc "Address to listen on."; + description = "Address to listen on."; }; proxyPort = mkOption { type = types.port; default = 8000; - description = lib.mdDoc "Port bird-lg-proxy is running on."; + description = "Port bird-lg-proxy is running on."; }; domain = mkOption { type = types.str; example = "dn42.lantian.pub"; - description = lib.mdDoc "Server name domain suffixes."; + description = "Server name domain suffixes."; }; servers = mkOption { type = types.listOf types.str; example = [ "gigsgigscloud" "hostdare" ]; - description = lib.mdDoc "Server name prefixes."; + description = "Server name prefixes."; }; whois = mkOption { type = types.str; default = "whois.verisign-grs.com"; - description = lib.mdDoc "Whois server for queries."; + description = "Whois server for queries."; }; dnsInterface = mkOption { type = types.str; default = "asn.cymru.com"; - description = lib.mdDoc "DNS zone to query ASN information."; + description = "DNS zone to query ASN information."; }; bgpMapInfo = mkOption { type = types.listOf types.str; default = [ "asn" "as-name" "ASName" "descr" ]; - description = lib.mdDoc "Information displayed in bgpmap."; + description = "Information displayed in bgpmap."; }; titleBrand = mkOption { type = types.str; default = "Bird-lg Go"; - description = lib.mdDoc "Prefix of page titles in browser tabs."; + description = "Prefix of page titles in browser tabs."; }; netSpecificMode = mkOption { type = types.str; default = ""; example = "dn42"; - description = lib.mdDoc "Apply network-specific changes for some networks."; + description = "Apply network-specific changes for some networks."; }; protocolFilter = mkOption { type = types.listOf types.str; default = [ ]; example = [ "ospf" ]; - description = lib.mdDoc "Information displayed in bgpmap."; + description = "Information displayed in bgpmap."; }; nameFilter = mkOption { type = types.str; default = ""; example = "^ospf"; - description = lib.mdDoc "Protocol names to hide in summary tables (RE2 syntax),"; + description = "Protocol names to hide in summary tables (RE2 syntax),"; }; timeout = mkOption { type = types.int; default = 120; - description = lib.mdDoc "Time before request timed out, in seconds."; + description = "Time before request timed out, in seconds."; }; navbar = { brand = mkOption { type = types.str; default = "Bird-lg Go"; - description = lib.mdDoc "Brand to show in the navigation bar ."; + description = "Brand to show in the navigation bar ."; }; brandURL = mkOption { type = types.str; default = "/"; - description = lib.mdDoc "URL of the brand to show in the navigation bar."; + description = "URL of the brand to show in the navigation bar."; }; allServers = mkOption { type = types.str; default = "ALL Servers"; - description = lib.mdDoc "Text of 'All server' button in the navigation bar."; + description = "Text of 'All server' button in the navigation bar."; }; allServersURL = mkOption { type = types.str; default = "all"; - description = lib.mdDoc "URL of 'All servers' button."; + description = "URL of 'All servers' button."; }; }; extraArgs = mkOption { type = with types; either lines (listOf str); default = [ ]; - description = lib.mdDoc '' + description = '' Extra parameters documented [here](https://github.com/xddxdd/bird-lg-go#frontend). :::{.note} @@ -183,25 +183,25 @@ in }; proxy = { - enable = mkEnableOption (lib.mdDoc "Bird Looking Glass Proxy"); + enable = mkEnableOption "Bird Looking Glass Proxy"; listenAddress = mkOption { type = types.str; default = "127.0.0.1:8000"; - description = lib.mdDoc "Address to listen on."; + description = "Address to listen on."; }; allowedIPs = mkOption { type = types.listOf types.str; default = [ ]; example = [ "192.168.25.52" "192.168.25.53" "192.168.0.0/24" ]; - description = lib.mdDoc "List of IPs or networks to allow (default all allowed)."; + description = "List of IPs or networks to allow (default all allowed)."; }; birdSocket = mkOption { type = types.str; default = "/var/run/bird/bird.ctl"; - description = lib.mdDoc "Bird control socket path."; + description = "Bird control socket path."; }; traceroute = { @@ -209,26 +209,26 @@ in type = types.str; default = "${pkgs.traceroute}/bin/traceroute"; defaultText = literalExpression ''"''${pkgs.traceroute}/bin/traceroute"''; - description = lib.mdDoc "Traceroute's binary path."; + description = "Traceroute's binary path."; }; flags = mkOption { type = with types; listOf str; default = [ ]; - description = lib.mdDoc "Flags for traceroute process"; + description = "Flags for traceroute process"; }; rawOutput = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Display traceroute output in raw format."; + description = "Display traceroute output in raw format."; }; }; extraArgs = mkOption { type = with types; either lines (listOf str); default = [ ]; - description = lib.mdDoc '' + description = '' Extra parameters documented [here](https://github.com/xddxdd/bird-lg-go#proxy). :::{.note} diff --git a/nixpkgs/nixos/modules/services/networking/bird.nix b/nixpkgs/nixos/modules/services/networking/bird.nix index e25f5c7b0379..01a5a48f1ed5 100644 --- a/nixpkgs/nixos/modules/services/networking/bird.nix +++ b/nixpkgs/nixos/modules/services/networking/bird.nix @@ -10,10 +10,10 @@ in ###### interface options = { services.bird2 = { - enable = mkEnableOption (lib.mdDoc "BIRD Internet Routing Daemon"); + enable = mkEnableOption "BIRD Internet Routing Daemon"; config = mkOption { type = types.lines; - description = lib.mdDoc '' + description = '' BIRD Internet Routing Daemon configuration file. <http://bird.network.cz/> ''; @@ -21,14 +21,14 @@ in autoReload = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether bird2 should be automatically reloaded when the configuration changes. ''; }; checkConfig = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether the config should be checked at build time. When the config can't be checked during build time, for example when it includes other files, either disable this option or use `preCheckConfig` to create @@ -41,7 +41,7 @@ in example = '' echo "cost 100;" > include.conf ''; - description = lib.mdDoc '' + description = '' Commands to execute before the config file check. The file to be checked will be available as `bird2.conf` in the current directory. diff --git a/nixpkgs/nixos/modules/services/networking/birdwatcher.nix b/nixpkgs/nixos/modules/services/networking/birdwatcher.nix index c8ebb2269764..4baab1e60a2d 100644 --- a/nixpkgs/nixos/modules/services/networking/birdwatcher.nix +++ b/nixpkgs/nixos/modules/services/networking/birdwatcher.nix @@ -9,12 +9,12 @@ in options = { services.birdwatcher = { package = mkPackageOption pkgs "birdwatcher" { }; - enable = mkEnableOption (lib.mdDoc "Birdwatcher"); + enable = mkEnableOption "Birdwatcher"; flags = mkOption { default = [ ]; type = types.listOf types.str; example = [ "-worker-pool-size 16" "-6" ]; - description = lib.mdDoc '' + description = '' Flags to append to the program call ''; }; @@ -22,7 +22,7 @@ in settings = mkOption { type = types.lines; default = { }; - description = lib.mdDoc '' + description = '' birdwatcher configuration, for configuration options see the example on [github](https://github.com/alice-lg/birdwatcher/blob/master/etc/birdwatcher/birdwatcher.conf) ''; example = literalExpression '' diff --git a/nixpkgs/nixos/modules/services/networking/bitcoind.nix b/nixpkgs/nixos/modules/services/networking/bitcoind.nix index 59722e31c62a..36cdcd49ea15 100644 --- a/nixpkgs/nixos/modules/services/networking/bitcoind.nix +++ b/nixpkgs/nixos/modules/services/networking/bitcoind.nix @@ -10,14 +10,14 @@ let name = mkOption { type = types.str; example = "alice"; - description = lib.mdDoc '' + description = '' Username for JSON-RPC connections. ''; }; passwordHMAC = mkOption { type = types.uniq (types.strMatching "[0-9a-f]+\\$[0-9a-f]{64}"); example = "f7efda5c189b999524f151318c0c86$d5b51b3beffbc02b724e5d095828e0bc8b2456e9ac8757ae3211a5d9b16a22ae"; - description = lib.mdDoc '' + description = '' Password HMAC-SHA-256 for JSON-RPC connections. Must be a string of the format \<SALT-HEX\>$\<HMAC-HEX\>. @@ -34,7 +34,7 @@ let bitcoindOpts = { config, lib, name, ...}: { options = { - enable = mkEnableOption (lib.mdDoc "Bitcoin daemon"); + enable = mkEnableOption "Bitcoin daemon"; package = mkPackageOption pkgs "bitcoind" { }; @@ -42,7 +42,7 @@ let type = types.nullOr types.path; default = null; example = "/var/lib/${name}/bitcoin.conf"; - description = lib.mdDoc "The configuration file path to supply bitcoind."; + description = "The configuration file path to supply bitcoind."; }; extraConfig = mkOption { @@ -53,32 +53,32 @@ let rpcthreads=16 logips=1 ''; - description = lib.mdDoc "Additional configurations to be appended to {file}`bitcoin.conf`."; + description = "Additional configurations to be appended to {file}`bitcoin.conf`."; }; dataDir = mkOption { type = types.path; default = "/var/lib/bitcoind-${name}"; - description = lib.mdDoc "The data directory for bitcoind."; + description = "The data directory for bitcoind."; }; user = mkOption { type = types.str; default = "bitcoind-${name}"; - description = lib.mdDoc "The user as which to run bitcoind."; + description = "The user as which to run bitcoind."; }; group = mkOption { type = types.str; default = config.user; - description = lib.mdDoc "The group as which to run bitcoind."; + description = "The group as which to run bitcoind."; }; rpc = { port = mkOption { type = types.nullOr types.port; default = null; - description = lib.mdDoc "Override the default port on which to listen for JSON-RPC connections."; + description = "Override the default port on which to listen for JSON-RPC connections."; }; users = mkOption { default = {}; @@ -89,33 +89,33 @@ let } ''; type = types.attrsOf (types.submodule rpcUserOpts); - description = lib.mdDoc "RPC user information for JSON-RPC connections."; + description = "RPC user information for JSON-RPC connections."; }; }; pidFile = mkOption { type = types.path; default = "${config.dataDir}/bitcoind.pid"; - description = lib.mdDoc "Location of bitcoind pid file."; + description = "Location of bitcoind pid file."; }; testnet = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to use the testnet instead of mainnet."; + description = "Whether to use the testnet instead of mainnet."; }; port = mkOption { type = types.nullOr types.port; default = null; - description = lib.mdDoc "Override the default port on which to listen for connections."; + description = "Override the default port on which to listen for connections."; }; dbCache = mkOption { type = types.nullOr (types.ints.between 4 16384); default = null; example = 4000; - description = lib.mdDoc "Override the default database cache size in MiB."; + description = "Override the default database cache size in MiB."; }; prune = mkOption { @@ -126,7 +126,7 @@ let ); default = null; example = 10000; - description = lib.mdDoc '' + description = '' Reduce storage requirements by enabling pruning (deleting) of old blocks. This allows the pruneblockchain RPC to be called to delete specific blocks, and enables automatic pruning of old blocks if a @@ -141,7 +141,7 @@ let extraCmdlineOptions = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' Extra command line options to pass to bitcoind. Run bitcoind --help to list all available options. ''; @@ -155,7 +155,7 @@ in services.bitcoind = mkOption { type = types.attrsOf (types.submodule bitcoindOpts); default = {}; - description = lib.mdDoc "Specification of one or more bitcoind instances."; + description = "Specification of one or more bitcoind instances."; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/bitlbee.nix b/nixpkgs/nixos/modules/services/networking/bitlbee.nix index 146bffaa6edf..20488e5f33fe 100644 --- a/nixpkgs/nixos/modules/services/networking/bitlbee.nix +++ b/nixpkgs/nixos/modules/services/networking/bitlbee.nix @@ -49,7 +49,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to run the BitlBee IRC to other chat network gateway. Running it allows you to access the MSN, Jabber, Yahoo! and ICQ chat networks via an IRC client. @@ -59,7 +59,7 @@ in interface = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc '' + description = '' The interface the BitlBee daemon will be listening to. If `127.0.0.1`, only clients on the local host can connect to it; if `0.0.0.0`, clients can access it from any network interface. @@ -69,7 +69,7 @@ in portNumber = mkOption { default = 6667; type = types.port; - description = lib.mdDoc '' + description = '' Number of the port BitlBee will be listening to. ''; }; @@ -77,7 +77,7 @@ in authBackend = mkOption { default = "storage"; type = types.enum [ "storage" "pam" ]; - description = lib.mdDoc '' + description = '' How users are authenticated storage -- save passwords internally pam -- Linux PAM authentication @@ -87,7 +87,7 @@ in authMode = mkOption { default = "Open"; type = types.enum [ "Open" "Closed" "Registered" ]; - description = lib.mdDoc '' + description = '' The following authentication modes are available: Open -- Accept connections from anyone, use NickServ for user authentication. Closed -- Require authorization (using the PASS command during login) before allowing the user to connect at all. @@ -98,7 +98,7 @@ in hostName = mkOption { default = ""; type = types.str; - description = lib.mdDoc '' + description = '' Normally, BitlBee gets a hostname using getsockname(). If you have a nicer alias for your BitlBee daemon, you can set it here and BitlBee will identify itself with that name instead. @@ -109,7 +109,7 @@ in type = types.listOf types.package; default = []; example = literalExpression "[ pkgs.bitlbee-facebook ]"; - description = lib.mdDoc '' + description = '' The list of bitlbee plugins to install. ''; }; @@ -118,7 +118,7 @@ in type = types.listOf types.package; default = []; example = literalExpression "[ pkgs.purple-matrix ]"; - description = lib.mdDoc '' + description = '' The list of libpurple plugins to install. ''; }; @@ -126,7 +126,7 @@ in configDir = mkOption { default = "/var/lib/bitlbee"; type = types.path; - description = lib.mdDoc '' + description = '' Specify an alternative directory to store all the per-user configuration files. ''; @@ -135,7 +135,7 @@ in protocols = mkOption { default = ""; type = types.str; - description = lib.mdDoc '' + description = '' This option allows to remove the support of protocol, even if compiled in. If nothing is given, there are no restrictions. ''; @@ -144,7 +144,7 @@ in extraSettings = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Will be inserted in the Settings section of the config file. ''; }; @@ -152,7 +152,7 @@ in extraDefaults = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Will be inserted in the Default section of the config file. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix b/nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix index bf476d814140..504c98e9ab8e 100644 --- a/nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix +++ b/nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix @@ -10,27 +10,27 @@ let options = { - enable = mkEnableOption (lib.mdDoc "blockbook-frontend application"); + enable = mkEnableOption "blockbook-frontend application"; package = mkPackageOption pkgs "blockbook" { }; user = mkOption { type = types.str; default = "blockbook-frontend-${name}"; - description = lib.mdDoc "The user as which to run blockbook-frontend-${name}."; + description = "The user as which to run blockbook-frontend-${name}."; }; group = mkOption { type = types.str; default = "${config.user}"; - description = lib.mdDoc "The group as which to run blockbook-frontend-${name}."; + description = "The group as which to run blockbook-frontend-${name}."; }; certFile = mkOption { type = types.nullOr types.path; default = null; example = "/etc/secrets/blockbook-frontend-${name}/certFile"; - description = lib.mdDoc '' + description = '' To enable SSL, specify path to the name of certificate files without extension. Expecting {file}`certFile.crt` and {file}`certFile.key`. ''; @@ -40,13 +40,13 @@ let type = with types; nullOr path; default = null; example = "${config.dataDir}/config.json"; - description = lib.mdDoc "Location of the blockbook configuration file."; + description = "Location of the blockbook configuration file."; }; coinName = mkOption { type = types.str; default = "Bitcoin"; - description = lib.mdDoc '' + description = '' See <https://github.com/trezor/blockbook/blob/master/bchain/coins/blockchain.go#L61> for current of coins supported in master (Note: may differ from release). ''; @@ -57,7 +57,7 @@ let default = "${config.package}/share/css/"; defaultText = literalExpression ''"''${package}/share/css/"''; example = literalExpression ''"''${dataDir}/static/css/"''; - description = lib.mdDoc '' + description = '' Location of the dir with {file}`main.css` CSS file. By default, the one shipped with the package is used. ''; @@ -66,56 +66,56 @@ let dataDir = mkOption { type = types.path; default = "/var/lib/blockbook-frontend-${name}"; - description = lib.mdDoc "Location of blockbook-frontend-${name} data directory."; + description = "Location of blockbook-frontend-${name} data directory."; }; debug = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Debug mode, return more verbose errors, reload templates on each request."; + description = "Debug mode, return more verbose errors, reload templates on each request."; }; internal = mkOption { type = types.nullOr types.str; default = ":9030"; - description = lib.mdDoc "Internal http server binding `[address]:port`."; + description = "Internal http server binding `[address]:port`."; }; messageQueueBinding = mkOption { type = types.str; default = "tcp://127.0.0.1:38330"; - description = lib.mdDoc "Message Queue Binding `address:port`."; + description = "Message Queue Binding `address:port`."; }; public = mkOption { type = types.nullOr types.str; default = ":9130"; - description = lib.mdDoc "Public http server binding `[address]:port`."; + description = "Public http server binding `[address]:port`."; }; rpc = { url = mkOption { type = types.str; default = "http://127.0.0.1"; - description = lib.mdDoc "URL for JSON-RPC connections."; + description = "URL for JSON-RPC connections."; }; port = mkOption { type = types.port; default = 8030; - description = lib.mdDoc "Port for JSON-RPC connections."; + description = "Port for JSON-RPC connections."; }; user = mkOption { type = types.str; default = "rpc"; - description = lib.mdDoc "Username for JSON-RPC connections."; + description = "Username for JSON-RPC connections."; }; password = mkOption { type = types.str; default = "rpc"; - description = lib.mdDoc '' + description = '' RPC password for JSON-RPC connections. Warning: this is stored in cleartext in the Nix store!!! Use `configFile` or `passwordFile` if needed. @@ -125,7 +125,7 @@ let passwordFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' File containing password of the RPC user. Note: This options is ignored when `configFile` is used. ''; @@ -135,7 +135,7 @@ let sync = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Synchronizes until tip, if together with zeromq, keeps index synchronized."; + description = "Synchronizes until tip, if together with zeromq, keeps index synchronized."; }; templateDir = mkOption { @@ -143,7 +143,7 @@ let default = "${config.package}/share/templates/"; defaultText = literalExpression ''"''${package}/share/templates/"''; example = literalExpression ''"''${dataDir}/templates/static/"''; - description = lib.mdDoc "Location of the HTML templates. By default, ones shipped with the package are used."; + description = "Location of the HTML templates. By default, ones shipped with the package are used."; }; extraConfig = mkOption { @@ -166,7 +166,7 @@ let "mempool_sub_workers" = 2; "block_addresses_to_keep" = 300; }''; - description = lib.mdDoc '' + description = '' Additional configurations to be appended to {file}`coin.conf`. Overrides any already defined configuration options. See <https://github.com/trezor/blockbook/tree/master/configs/coins> @@ -178,7 +178,7 @@ let type = types.listOf types.str; default = []; example = [ "-workers=1" "-dbcache=0" "-logtosderr" ]; - description = lib.mdDoc '' + description = '' Extra command line options to pass to Blockbook. Run blockbook --help to list all available options. ''; @@ -193,7 +193,7 @@ in services.blockbook-frontend = mkOption { type = types.attrsOf (types.submodule blockbookOpts); default = {}; - description = lib.mdDoc "Specification of one or more blockbook-frontend instances."; + description = "Specification of one or more blockbook-frontend instances."; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/blocky.nix b/nixpkgs/nixos/modules/services/networking/blocky.nix index 30a41fa6a421..b98c8b7bdb73 100644 --- a/nixpkgs/nixos/modules/services/networking/blocky.nix +++ b/nixpkgs/nixos/modules/services/networking/blocky.nix @@ -10,12 +10,12 @@ let in { options.services.blocky = { - enable = mkEnableOption (lib.mdDoc "blocky, a fast and lightweight DNS proxy as ad-blocker for local network with many features"); + enable = mkEnableOption "blocky, a fast and lightweight DNS proxy as ad-blocker for local network with many features"; settings = mkOption { type = format.type; default = { }; - description = lib.mdDoc '' + description = '' Blocky configuration. Refer to <https://0xerr0r.github.io/blocky/configuration/> for details on supported values. diff --git a/nixpkgs/nixos/modules/services/networking/centrifugo.nix b/nixpkgs/nixos/modules/services/networking/centrifugo.nix index 7c6c9a362fd2..65df02513d6e 100644 --- a/nixpkgs/nixos/modules/services/networking/centrifugo.nix +++ b/nixpkgs/nixos/modules/services/networking/centrifugo.nix @@ -8,14 +8,14 @@ let in { options.services.centrifugo = { - enable = lib.mkEnableOption (lib.mdDoc "Centrifugo messaging server"); + enable = lib.mkEnableOption "Centrifugo messaging server"; package = lib.mkPackageOption pkgs "centrifugo" { }; settings = lib.mkOption { type = settingsFormat.type; default = { }; - description = lib.mdDoc '' + description = '' Declarative Centrifugo configuration. See the [Centrifugo documentation] for a list of options. @@ -29,7 +29,7 @@ in example = { CENTRIFUGO_UNI_GRPC_TLS_KEY = "/run/keys/centrifugo-uni-grpc-tls.key"; }; - description = lib.mdDoc '' + description = '' Environment variables with absolute paths to credentials files to load on service startup. ''; @@ -38,7 +38,7 @@ in environmentFiles = lib.mkOption { type = lib.types.listOf lib.types.path; default = [ ]; - description = lib.mdDoc '' + description = '' Files to load environment variables from. Options set via environment variables take precedence over {option}`settings`. @@ -53,7 +53,7 @@ in type = lib.types.listOf lib.types.str; default = [ ]; example = [ "redis-centrifugo" ]; - description = lib.mdDoc '' + description = '' Additional groups for the systemd service. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/cgit.nix b/nixpkgs/nixos/modules/services/networking/cgit.nix index 3de2eb192ed1..0ccbef756812 100644 --- a/nixpkgs/nixos/modules/services/networking/cgit.nix +++ b/nixpkgs/nixos/modules/services/networking/cgit.nix @@ -96,30 +96,30 @@ in { options = { services.cgit = mkOption { - description = mdDoc "Configure cgit instances."; + description = "Configure cgit instances."; default = {}; type = types.attrsOf (types.submodule ({ config, ... }: { options = { - enable = mkEnableOption (mdDoc "cgit"); + enable = mkEnableOption "cgit"; package = mkPackageOption pkgs "cgit" {}; nginx.virtualHost = mkOption { - description = mdDoc "VirtualHost to serve cgit on, defaults to the attribute name."; + description = "VirtualHost to serve cgit on, defaults to the attribute name."; type = types.str; default = config._module.args.name; example = "git.example.com"; }; nginx.location = mkOption { - description = mdDoc "Location to serve cgit under."; + description = "Location to serve cgit under."; type = types.str; default = "/"; example = "/git/"; }; repos = mkOption { - description = mdDoc "cgit repository settings, see cgitrc(5)"; + description = "cgit repository settings, see cgitrc(5)"; type = with types; attrsOf (attrsOf settingType); default = {}; example = { @@ -131,14 +131,14 @@ in }; scanPath = mkOption { - description = mdDoc "A path which will be scanned for repositories."; + description = "A path which will be scanned for repositories."; type = types.nullOr types.path; default = null; example = "/var/lib/git"; }; settings = mkOption { - description = mdDoc "cgit configuration, see cgitrc(5)"; + description = "cgit configuration, see cgitrc(5)"; type = types.attrsOf settingType; default = {}; example = literalExpression '' @@ -150,7 +150,7 @@ in }; extraConfig = mkOption { - description = mdDoc "These lines go to the end of cgitrc verbatim."; + description = "These lines go to the end of cgitrc verbatim."; type = types.lines; default = ""; }; diff --git a/nixpkgs/nixos/modules/services/networking/charybdis.nix b/nixpkgs/nixos/modules/services/networking/charybdis.nix index 6eacdde7bb93..6aaad823702c 100644 --- a/nixpkgs/nixos/modules/services/networking/charybdis.nix +++ b/nixpkgs/nixos/modules/services/networking/charybdis.nix @@ -18,11 +18,11 @@ in services.charybdis = { - enable = mkEnableOption (lib.mdDoc "Charybdis IRC daemon"); + enable = mkEnableOption "Charybdis IRC daemon"; config = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Charybdis IRC daemon configuration file. ''; }; @@ -30,7 +30,7 @@ in statedir = mkOption { type = types.path; default = "/var/lib/charybdis"; - description = lib.mdDoc '' + description = '' Location of the state directory of charybdis. ''; }; @@ -38,7 +38,7 @@ in user = mkOption { type = types.str; default = "ircd"; - description = lib.mdDoc '' + description = '' Charybdis IRC daemon user. ''; }; @@ -46,7 +46,7 @@ in group = mkOption { type = types.str; default = "ircd"; - description = lib.mdDoc '' + description = '' Charybdis IRC daemon group. ''; }; @@ -54,7 +54,7 @@ in motd = mkOption { type = types.nullOr types.lines; default = null; - description = lib.mdDoc '' + description = '' Charybdis MOTD text. Charybdis will read its MOTD from /etc/charybdis/ircd.motd . diff --git a/nixpkgs/nixos/modules/services/networking/chisel-server.nix b/nixpkgs/nixos/modules/services/networking/chisel-server.nix index 134c71430cd0..9c6391701faf 100644 --- a/nixpkgs/nixos/modules/services/networking/chisel-server.nix +++ b/nixpkgs/nixos/modules/services/networking/chisel-server.nix @@ -8,42 +8,42 @@ let in { options = { services.chisel-server = { - enable = mkEnableOption (mdDoc "Chisel Tunnel Server"); + enable = mkEnableOption "Chisel Tunnel Server"; host = mkOption { - description = mdDoc "Address to listen on, falls back to 0.0.0.0"; + description = "Address to listen on, falls back to 0.0.0.0"; type = with types; nullOr str; default = null; example = "[::1]"; }; port = mkOption { - description = mdDoc "Port to listen on, falls back to 8080"; + description = "Port to listen on, falls back to 8080"; type = with types; nullOr port; default = null; }; authfile = mkOption { - description = mdDoc "Path to auth.json file"; + description = "Path to auth.json file"; type = with types; nullOr path; default = null; }; keepalive = mkOption { - description = mdDoc "Keepalive interval, falls back to 25s"; + description = "Keepalive interval, falls back to 25s"; type = with types; nullOr str; default = null; example = "5s"; }; backend = mkOption { - description = mdDoc "HTTP server to proxy normal requests to"; + description = "HTTP server to proxy normal requests to"; type = with types; nullOr str; default = null; example = "http://127.0.0.1:8888"; }; socks5 = mkOption { - description = mdDoc "Allow clients access to internal SOCKS5 proxy"; + description = "Allow clients access to internal SOCKS5 proxy"; type = types.bool; default = false; }; reverse = mkOption { - description = mdDoc "Allow clients reverse port forwarding"; + description = "Allow clients reverse port forwarding"; type = types.bool; default = false; }; diff --git a/nixpkgs/nixos/modules/services/networking/cjdns.nix b/nixpkgs/nixos/modules/services/networking/cjdns.nix index 80085da92702..f50031eb2ec4 100644 --- a/nixpkgs/nixos/modules/services/networking/cjdns.nix +++ b/nixpkgs/nixos/modules/services/networking/cjdns.nix @@ -13,27 +13,27 @@ let { options = { password = mkOption { type = types.str; - description = lib.mdDoc "Authorized password to the opposite end of the tunnel."; + description = "Authorized password to the opposite end of the tunnel."; }; login = mkOption { default = ""; type = types.str; - description = lib.mdDoc "(optional) name your peer has for you"; + description = "(optional) name your peer has for you"; }; peerName = mkOption { default = ""; type = types.str; - description = lib.mdDoc "(optional) human-readable name for peer"; + description = "(optional) human-readable name for peer"; }; publicKey = mkOption { type = types.str; - description = lib.mdDoc "Public key at the opposite end of the tunnel."; + description = "Public key at the opposite end of the tunnel."; }; hostname = mkOption { default = ""; example = "foobar.hype"; type = types.str; - description = lib.mdDoc "Optional hostname to add to /etc/hosts; prevents reverse lookup failures."; + description = "Optional hostname to add to /etc/hosts; prevents reverse lookup failures."; }; }; }; @@ -87,7 +87,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the cjdns network encryption and routing engine. A file at /etc/cjdns.keys will be created if it does not exist to contain a random @@ -99,7 +99,7 @@ in type = types.attrs; default = {}; example = { router.interface.tunDevice = "tun10"; }; - description = lib.mdDoc '' + description = '' Extra configuration, given as attrs, that will be merged recursively with the rest of the JSON generated by this module, at the root node. ''; @@ -109,7 +109,7 @@ in type = types.nullOr types.path; default = null; example = "/etc/cjdroute.conf"; - description = lib.mdDoc '' + description = '' Ignore all other cjdns options and load configuration from this file. ''; }; @@ -122,7 +122,7 @@ in "z9md3t4p45mfrjzdjurxn4wuj0d8swv" "49275fut6tmzu354pq70sr5b95qq0vj" ]; - description = lib.mdDoc '' + description = '' Any remote cjdns nodes that offer these passwords on connection will be allowed to route through this node. ''; @@ -132,7 +132,7 @@ in bind = mkOption { type = types.str; default = "127.0.0.1:11234"; - description = lib.mdDoc '' + description = '' Bind the administration port to this address and port. ''; }; @@ -143,7 +143,7 @@ in type = types.str; default = ""; example = "192.168.1.32:43211"; - description = lib.mdDoc '' + description = '' Address and port to bind UDP tunnels to. ''; }; @@ -159,7 +159,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' Credentials for making UDP tunnels. ''; }; @@ -170,8 +170,7 @@ in type = types.str; default = ""; example = "eth0"; - description = - lib.mdDoc '' + description = '' Bind to this device for native ethernet operation. `all` is a pseudo-name which will try to connect to all devices. ''; @@ -180,7 +179,7 @@ in beacon = mkOption { type = types.int; default = 2; - description = lib.mdDoc '' + description = '' Auto-connect to other cjdns nodes on the same network. Options: 0: Disabled. @@ -206,7 +205,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' Credentials for connecting look similar to UDP credientials except they begin with the mac address. ''; @@ -216,7 +215,7 @@ in addExtraHosts = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to add cjdns peers with an associated hostname to {file}`/etc/hosts`. Beware that enabling this incurs heavy eval-time costs. @@ -246,12 +245,8 @@ in shopt -s lastpipe ${pkg}/bin/makekeys | { read private ipv6 public; } - umask 0077 - echo "CJDNS_PRIVATE_KEY=$private" >> /etc/cjdns.keys - echo -e "CJDNS_IPV6=$ipv6\nCJDNS_PUBLIC_KEY=$public" > /etc/cjdns.public - - chmod 600 /etc/cjdns.keys - chmod 444 /etc/cjdns.public + install -m 600 <(echo "CJDNS_PRIVATE_KEY=$private") /etc/cjdns.keys + install -m 444 <(echo -e "CJDNS_IPV6=$ipv6\nCJDNS_PUBLIC_KEY=$public") /etc/cjdns.public fi if [ -z "$CJDNS_ADMIN_PASSWORD" ]; then diff --git a/nixpkgs/nixos/modules/services/networking/clatd.nix b/nixpkgs/nixos/modules/services/networking/clatd.nix new file mode 100644 index 000000000000..76e0c130ca46 --- /dev/null +++ b/nixpkgs/nixos/modules/services/networking/clatd.nix @@ -0,0 +1,82 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.services.clatd; + + settingsFormat = pkgs.formats.keyValue {}; + + configFile = settingsFormat.generate "clatd.conf" cfg.settings; +in +{ + options = { + services.clatd = { + enable = mkEnableOption "clatd"; + + package = mkPackageOption pkgs "clatd" { }; + + settings = mkOption { + type = types.submodule ({ name, ... }: { + freeformType = settingsFormat.type; + }); + default = { }; + example = literalExpression '' + { + plat-prefix = "64:ff9b::/96"; + } + ''; + description = '' + Configuration of clatd. See [clatd Documentation](https://github.com/toreanderson/clatd/blob/master/README.pod#configuration). + ''; + }; + }; + }; + + config = mkIf cfg.enable { + systemd.services.clatd = { + description = "464XLAT CLAT daemon"; + documentation = [ "man:clatd(8)" ]; + wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" ]; + wants = [ "network-online.target" ]; + startLimitIntervalSec = 0; + + serviceConfig = { + ExecStart = "${cfg.package}/bin/clatd -c ${configFile}"; + startLimitIntervalSec = 0; + + # Hardening + CapabilityBoundingSet = [ + "CAP_NET_ADMIN" + ]; + LockPersonality = true; + MemoryDenyWriteExecute = true; + NoNewPrivileges = true; + PrivateTmp = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectProc = "invisible"; + ProtectSystem = true; + RestrictAddressFamilies = [ + "AF_INET" + "AF_INET6" + "AF_NETLINK" + ]; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + SystemCallArchitectures = "native"; + SystemCallFilter = [ + "@network-io" + "@system-service" + "~@privileged" + "~@resources" + ]; + }; + }; + }; +} diff --git a/nixpkgs/nixos/modules/services/networking/cloudflare-dyndns.nix b/nixpkgs/nixos/modules/services/networking/cloudflare-dyndns.nix index 627fdb880a67..ab5b1a08539a 100644 --- a/nixpkgs/nixos/modules/services/networking/cloudflare-dyndns.nix +++ b/nixpkgs/nixos/modules/services/networking/cloudflare-dyndns.nix @@ -8,12 +8,12 @@ in { options = { services.cloudflare-dyndns = { - enable = mkEnableOption (lib.mdDoc "Cloudflare Dynamic DNS Client"); + enable = mkEnableOption "Cloudflare Dynamic DNS Client"; apiTokenFile = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The path to a file containing the CloudFlare API token. The file must have the form `CLOUDFLARE_API_TOKEN=...` @@ -23,7 +23,7 @@ in domains = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc '' + description = '' List of domain names to update records for. ''; }; @@ -31,7 +31,7 @@ in proxied = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether this is a DNS-only record, or also being proxied through CloudFlare. ''; }; @@ -39,7 +39,7 @@ in ipv4 = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable setting IPv4 A records. ''; }; @@ -47,7 +47,7 @@ in ipv6 = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable setting IPv6 AAAA records. ''; }; @@ -55,7 +55,7 @@ in deleteMissing = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to delete the record when no IP address is found. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/cloudflared.nix b/nixpkgs/nixos/modules/services/networking/cloudflared.nix index b9556bfa60d0..60f6b7c46689 100644 --- a/nixpkgs/nixos/modules/services/networking/cloudflared.nix +++ b/nixpkgs/nixos/modules/services/networking/cloudflared.nix @@ -10,8 +10,8 @@ let type = with types; nullOr str; default = null; example = "30s"; - description = lib.mdDoc '' - Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by [https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/local-management/ingress/#tlstimeout](tlsTimeout). + description = '' + Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by [tlsTimeout](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/local-management/ingress/#tlstimeout). ''; }; @@ -19,7 +19,7 @@ let type = with types; nullOr str; default = null; example = "10s"; - description = lib.mdDoc '' + description = '' Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server. ''; }; @@ -28,7 +28,7 @@ let type = with types; nullOr str; default = null; example = "30s"; - description = lib.mdDoc '' + description = '' The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server. ''; }; @@ -37,7 +37,7 @@ let type = with types; nullOr bool; default = null; example = false; - description = lib.mdDoc '' + description = '' Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols. ''; }; @@ -46,7 +46,7 @@ let type = with types; nullOr int; default = null; example = 100; - description = lib.mdDoc '' + description = '' Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections. ''; }; @@ -55,7 +55,7 @@ let type = with types; nullOr str; default = null; example = "1m30s"; - description = lib.mdDoc '' + description = '' Timeout after which an idle keepalive connection can be discarded. ''; }; @@ -64,7 +64,7 @@ let type = with types; nullOr str; default = null; example = ""; - description = lib.mdDoc '' + description = '' Sets the HTTP `Host` header on requests sent to the local service. ''; }; @@ -73,7 +73,7 @@ let type = with types; nullOr str; default = null; example = ""; - description = lib.mdDoc '' + description = '' Hostname that `cloudflared` should expect from your origin server certificate. ''; }; @@ -82,7 +82,7 @@ let type = with types; nullOr (either str path); default = null; example = ""; - description = lib.mdDoc '' + description = '' Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare. ''; }; @@ -91,7 +91,7 @@ let type = with types; nullOr bool; default = null; example = false; - description = lib.mdDoc '' + description = '' Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted. ''; }; @@ -100,7 +100,7 @@ let type = with types; nullOr bool; default = null; example = false; - description = lib.mdDoc '' + description = '' Disables chunked transfer encoding. Useful if you are running a WSGI server. ''; }; @@ -109,7 +109,7 @@ let type = with types; nullOr str; default = null; example = "127.0.0.1"; - description = lib.mdDoc '' + description = '' `cloudflared` starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures the listen address for that proxy. ''; }; @@ -118,7 +118,7 @@ let type = with types; nullOr int; default = null; example = 0; - description = lib.mdDoc '' + description = '' `cloudflared` starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures the listen port for that proxy. If set to zero, an unused port will randomly be chosen. ''; }; @@ -127,7 +127,7 @@ let type = with types; nullOr (enum [ "" "socks" ]); default = null; example = ""; - description = lib.mdDoc '' + description = '' `cloudflared` starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are: - `""` for the regular proxy @@ -138,24 +138,24 @@ let in { options.services.cloudflared = { - enable = mkEnableOption (lib.mdDoc "Cloudflare Tunnel client daemon (formerly Argo Tunnel)"); + enable = mkEnableOption "Cloudflare Tunnel client daemon (formerly Argo Tunnel)"; user = mkOption { type = types.str; default = "cloudflared"; - description = lib.mdDoc "User account under which Cloudflared runs."; + description = "User account under which Cloudflared runs."; }; group = mkOption { type = types.str; default = "cloudflared"; - description = lib.mdDoc "Group under which cloudflared runs."; + description = "Group under which cloudflared runs."; }; package = mkPackageOption pkgs "cloudflared" { }; tunnels = mkOption { - description = lib.mdDoc '' + description = '' Cloudflare tunnels. ''; type = types.attrsOf (types.submodule ({ name, ... }: { @@ -164,7 +164,7 @@ in credentialsFile = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Credential file. See [https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-useful-terms/#credentials-file](Credentials file). @@ -175,7 +175,7 @@ in enabled = mkOption { type = with types; nullOr bool; default = null; - description = lib.mdDoc '' + description = '' Enable warp routing. See [https://developers.cloudflare.com/cloudflare-one/tutorials/warp-to-tunnel/](Connect from WARP to a private network on Cloudflare using Cloudflare Tunnel). @@ -185,7 +185,7 @@ in default = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Catch-all service if no ingress matches. See `service`. @@ -201,7 +201,7 @@ in service = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Service to pass the traffic. See [https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/local-management/ingress/#supported-protocols](Supported protocols). @@ -212,7 +212,7 @@ in path = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Path filter. If not specified, all paths will be matched. @@ -223,7 +223,7 @@ in }; }))); default = { }; - description = lib.mdDoc '' + description = '' Ingress rules. See [https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/local-management/ingress/](Ingress rules). diff --git a/nixpkgs/nixos/modules/services/networking/cntlm.nix b/nixpkgs/nixos/modules/services/networking/cntlm.nix index 41510a8f074d..16e9c3bb87b5 100644 --- a/nixpkgs/nixos/modules/services/networking/cntlm.nix +++ b/nixpkgs/nixos/modules/services/networking/cntlm.nix @@ -33,37 +33,37 @@ in options.services.cntlm = { - enable = mkEnableOption (lib.mdDoc "cntlm, which starts a local proxy"); + enable = mkEnableOption "cntlm, which starts a local proxy"; username = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Proxy account name, without the possibility to include domain name ('at' sign is interpreted literally). ''; }; domain = mkOption { type = types.str; - description = lib.mdDoc "Proxy account domain/workgroup name."; + description = "Proxy account domain/workgroup name."; }; password = mkOption { default = "/etc/cntlm.password"; type = types.str; - description = lib.mdDoc "Proxy account password. Note: use chmod 0600 on /etc/cntlm.password for security."; + description = "Proxy account password. Note: use chmod 0600 on /etc/cntlm.password for security."; }; netbios_hostname = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' The hostname of your machine. ''; }; proxy = mkOption { type = types.listOf types.str; - description = lib.mdDoc '' + description = '' A list of NTLM/NTLMv2 authenticating HTTP proxies. Parent proxy, which requires authentication. The same as proxy on the command-line, can be used more than once to specify unlimited @@ -74,7 +74,7 @@ in }; noproxy = mkOption { - description = lib.mdDoc '' + description = '' A list of domains where the proxy is skipped. ''; default = []; @@ -85,19 +85,19 @@ in port = mkOption { default = [3128]; type = types.listOf types.port; - description = lib.mdDoc "Specifies on which ports the cntlm daemon listens."; + description = "Specifies on which ports the cntlm daemon listens."; }; extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Additional config appended to the end of the generated {file}`cntlm.conf`."; + description = "Additional config appended to the end of the generated {file}`cntlm.conf`."; }; configText = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Verbatim contents of {file}`cntlm.conf`."; + description = "Verbatim contents of {file}`cntlm.conf`."; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/connman.nix b/nixpkgs/nixos/modules/services/networking/connman.nix index c626945ccd0c..39bc348dd00f 100644 --- a/nixpkgs/nixos/modules/services/networking/connman.nix +++ b/nixpkgs/nixos/modules/services/networking/connman.nix @@ -23,14 +23,14 @@ in { enable = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to use ConnMan for managing your network connections. ''; }; package = lib.mkOption { type = lib.types.package; - description = lib.mdDoc "The connman package / build flavor"; + description = "The connman package / build flavor"; default = pkgs.connman; defaultText = lib.literalExpression "pkgs.connman"; example = lib.literalExpression "pkgs.connmanFull"; @@ -39,7 +39,7 @@ in { enableVPN = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable ConnMan VPN service. ''; }; @@ -47,7 +47,7 @@ in { extraConfig = lib.mkOption { type = lib.types.lines; default = ""; - description = lib.mdDoc '' + description = '' Configuration lines appended to the generated connman configuration file. ''; }; @@ -55,7 +55,7 @@ in { networkInterfaceBlacklist = lib.mkOption { type = with lib.types; listOf str; default = [ "vmnet" "vboxnet" "virbr" "ifb" "ve" ]; - description = lib.mdDoc '' + description = '' Default blacklisted interfaces, this includes NixOS containers interfaces (ve). ''; }; @@ -64,7 +64,7 @@ in { backend = lib.mkOption { type = lib.types.enum [ "wpa_supplicant" "iwd" ]; default = "wpa_supplicant"; - description = lib.mdDoc '' + description = '' Specify the Wi-Fi backend used. Currently supported are {option}`wpa_supplicant` or {option}`iwd`. ''; @@ -75,7 +75,7 @@ in { type = with lib.types; listOf str; default = [ ]; example = [ "--nodnsproxy" ]; - description = lib.mdDoc '' + description = '' Extra flags to pass to connmand ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/consul.nix b/nixpkgs/nixos/modules/services/networking/consul.nix index 1a0910fc9344..2d9b10514a72 100644 --- a/nixpkgs/nixos/modules/services/networking/consul.nix +++ b/nixpkgs/nixos/modules/services/networking/consul.nix @@ -28,7 +28,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enables the consul daemon. ''; }; @@ -38,7 +38,7 @@ in webUi = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enables the web interface on the consul http port. ''; }; @@ -46,7 +46,7 @@ in leaveOnStop = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' If enabled, causes a leave action to be sent when closing consul. This allows a clean termination of the node, but permanently removes it from the cluster. You probably don't want this option unless you @@ -60,7 +60,7 @@ in advertise = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The name of the interface to pull the advertise_addr from. ''; }; @@ -68,7 +68,7 @@ in bind = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The name of the interface to pull the bind_addr from. ''; }; @@ -77,7 +77,7 @@ in forceAddrFamily = mkOption { type = types.enum [ "any" "ipv4" "ipv6" ]; default = "any"; - description = lib.mdDoc '' + description = '' Whether to bind ipv4/ipv6 or both kind of addresses. ''; }; @@ -85,7 +85,7 @@ in forceIpv4 = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Deprecated: Use consul.forceAddrFamily instead. Whether we should force the interfaces to only pull ipv4 addresses. ''; @@ -94,7 +94,7 @@ in dropPrivileges = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether the consul agent should be run as a non-root consul user. ''; }; @@ -102,7 +102,7 @@ in extraConfig = mkOption { default = { }; type = types.attrsOf types.anything; - description = lib.mdDoc '' + description = '' Extra configuration options which are serialized to json and added to the config.json file. ''; @@ -111,37 +111,37 @@ in extraConfigFiles = mkOption { default = [ ]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' Additional configuration files to pass to consul NOTE: These will not trigger the service to be restarted when altered. ''; }; alerts = { - enable = mkEnableOption (lib.mdDoc "consul-alerts"); + enable = mkEnableOption "consul-alerts"; package = mkPackageOption pkgs "consul-alerts" { }; listenAddr = mkOption { - description = lib.mdDoc "Api listening address."; + description = "Api listening address."; default = "localhost:9000"; type = types.str; }; consulAddr = mkOption { - description = lib.mdDoc "Consul api listening address"; + description = "Consul api listening address"; default = "localhost:8500"; type = types.str; }; watchChecks = mkOption { - description = lib.mdDoc "Whether to enable check watcher."; + description = "Whether to enable check watcher."; default = true; type = types.bool; }; watchEvents = mkOption { - description = lib.mdDoc "Whether to enable event watcher."; + description = "Whether to enable event watcher."; default = true; type = types.bool; }; diff --git a/nixpkgs/nixos/modules/services/networking/coredns.nix b/nixpkgs/nixos/modules/services/networking/coredns.nix index f6eec2f962dd..370b9e6e8043 100644 --- a/nixpkgs/nixos/modules/services/networking/coredns.nix +++ b/nixpkgs/nixos/modules/services/networking/coredns.nix @@ -7,7 +7,7 @@ let configFile = pkgs.writeText "Corefile" cfg.config; in { options.services.coredns = { - enable = mkEnableOption (lib.mdDoc "Coredns dns server"); + enable = mkEnableOption "Coredns dns server"; config = mkOption { default = ""; @@ -17,7 +17,7 @@ in { } ''; type = types.lines; - description = lib.mdDoc '' + description = '' Verbatim Corefile to use. See <https://coredns.io/manual/toc/#configuration> for details. ''; @@ -29,7 +29,7 @@ in { default = []; example = [ "-dns.port=53" ]; type = types.listOf types.str; - description = lib.mdDoc "Extra arguments to pass to coredns."; + description = "Extra arguments to pass to coredns."; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/corerad.nix b/nixpkgs/nixos/modules/services/networking/corerad.nix index 33ea2862174e..2203aa30c161 100644 --- a/nixpkgs/nixos/modules/services/networking/corerad.nix +++ b/nixpkgs/nixos/modules/services/networking/corerad.nix @@ -10,7 +10,7 @@ in { meta.maintainers = with maintainers; [ mdlayher ]; options.services.corerad = { - enable = mkEnableOption (lib.mdDoc "CoreRAD IPv6 NDP RA daemon"); + enable = mkEnableOption "CoreRAD IPv6 NDP RA daemon"; settings = mkOption { type = settingsFormat.type; @@ -36,7 +36,7 @@ in { }; } ''; - description = lib.mdDoc '' + description = '' Configuration for CoreRAD, see <https://github.com/mdlayher/corerad/blob/main/internal/config/reference.toml> for supported values. Ignored if configFile is set. ''; @@ -45,7 +45,7 @@ in { configFile = mkOption { type = types.path; example = literalExpression ''"''${pkgs.corerad}/etc/corerad/corerad.toml"''; - description = lib.mdDoc "Path to CoreRAD TOML configuration file."; + description = "Path to CoreRAD TOML configuration file."; }; package = mkPackageOption pkgs "corerad" { }; diff --git a/nixpkgs/nixos/modules/services/networking/coturn.nix b/nixpkgs/nixos/modules/services/networking/coturn.nix index 2f34a72377ce..3166c0dfb578 100644 --- a/nixpkgs/nixos/modules/services/networking/coturn.nix +++ b/nixpkgs/nixos/modules/services/networking/coturn.nix @@ -40,11 +40,11 @@ ${cfg.extraConfig} in { options = { services.coturn = { - enable = mkEnableOption (lib.mdDoc "coturn TURN server"); + enable = mkEnableOption "coturn TURN server"; listening-port = mkOption { type = types.int; default = 3478; - description = lib.mdDoc '' + description = '' TURN listener port for UDP and TCP. Note: actually, TLS and DTLS sessions can connect to the "plain" TCP and UDP port(s), too - if allowed by configuration. @@ -53,7 +53,7 @@ in { tls-listening-port = mkOption { type = types.int; default = 5349; - description = lib.mdDoc '' + description = '' TURN listener port for TLS. Note: actually, "plain" TCP and UDP sessions can connect to the TLS and DTLS port(s), too - if allowed by configuration. The TURN server @@ -69,7 +69,7 @@ in { type = types.int; default = cfg.listening-port + 1; defaultText = literalExpression "listening-port + 1"; - description = lib.mdDoc '' + description = '' Alternative listening port for UDP and TCP listeners; default (or zero) value means "listening port plus one". This is needed for RFC 5780 support @@ -84,7 +84,7 @@ in { type = types.int; default = cfg.tls-listening-port + 1; defaultText = literalExpression "tls-listening-port + 1"; - description = lib.mdDoc '' + description = '' Alternative listening port for TLS and DTLS protocols. ''; }; @@ -92,7 +92,7 @@ in { type = types.listOf types.str; default = []; example = [ "203.0.113.42" "2001:DB8::42" ]; - description = lib.mdDoc '' + description = '' Listener IP addresses of relay server. If no IP(s) specified in the config file or in the command line options, then all IPv4 and IPv6 system IPs will be used for listening. @@ -102,7 +102,7 @@ in { type = types.listOf types.str; default = []; example = [ "203.0.113.42" "2001:DB8::42" ]; - description = lib.mdDoc '' + description = '' Relay address (the local IP address that will be used to relay the packets to the peer). Multiple relay addresses may be used. @@ -118,28 +118,28 @@ in { min-port = mkOption { type = types.int; default = 49152; - description = lib.mdDoc '' + description = '' Lower bound of UDP relay endpoints ''; }; max-port = mkOption { type = types.int; default = 65535; - description = lib.mdDoc '' + description = '' Upper bound of UDP relay endpoints ''; }; lt-cred-mech = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Use long-term credential mechanism. ''; }; no-auth = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' This option is opposite to lt-cred-mech. (TURN Server with no-auth option allows anonymous access). If neither option is defined, and no users are defined, @@ -151,7 +151,7 @@ in { use-auth-secret = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' TURN REST API flag. Flag that sets a special authorization option that is based upon authentication secret. This feature can be used with the long-term authentication mechanism, only. @@ -175,7 +175,7 @@ in { static-auth-secret = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' 'Static' authentication secret value (a string) for TURN REST API only. If not set, then the turn server will try to use the 'dynamic' value in turn_secret table @@ -186,7 +186,7 @@ in { static-auth-secret-file = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Path to the file containing the static authentication secret. ''; }; @@ -195,7 +195,7 @@ in { default = config.networking.hostName; defaultText = literalExpression "config.networking.hostName"; example = "example.com"; - description = lib.mdDoc '' + description = '' The default realm to be used for the users when no explicit origin/realm relationship was found in the database, or if the TURN server is not using any database (just the commands-line settings @@ -207,7 +207,7 @@ in { type = types.nullOr types.str; default = null; example = "/var/lib/acme/example.com/fullchain.pem"; - description = lib.mdDoc '' + description = '' Certificate file in PEM format. ''; }; @@ -215,21 +215,21 @@ in { type = types.nullOr types.str; default = null; example = "/var/lib/acme/example.com/key.pem"; - description = lib.mdDoc '' + description = '' Private key file in PEM format. ''; }; dh-file = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Use custom DH TLS key, stored in PEM format in the file. ''; }; secure-stun = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Require authentication of the STUN Binding request. By default, the clients are allowed anonymous access to the STUN Binding functionality. ''; @@ -237,28 +237,28 @@ in { no-cli = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Turn OFF the CLI support. ''; }; cli-ip = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc '' + description = '' Local system IP address to be used for CLI server endpoint. ''; }; cli-port = mkOption { type = types.int; default = 5766; - description = lib.mdDoc '' + description = '' CLI server port. ''; }; cli-password = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' CLI access password. For the security reasons, it is recommended to use the encrypted for of the password (see the -P command in the turnadmin utility). @@ -267,37 +267,37 @@ in { no-udp = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Disable UDP client listener"; + description = "Disable UDP client listener"; }; no-tcp = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Disable TCP client listener"; + description = "Disable TCP client listener"; }; no-tls = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Disable TLS client listener"; + description = "Disable TLS client listener"; }; no-dtls = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Disable DTLS client listener"; + description = "Disable DTLS client listener"; }; no-udp-relay = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Disable UDP relay endpoints"; + description = "Disable UDP relay endpoints"; }; no-tcp-relay = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Disable TCP relay endpoints"; + description = "Disable TCP relay endpoints"; }; extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Additional configuration options"; + description = "Additional configuration options"; }; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/create_ap.nix b/nixpkgs/nixos/modules/services/networking/create_ap.nix index 994aa6d36d2a..9bdbcee018ed 100644 --- a/nixpkgs/nixos/modules/services/networking/create_ap.nix +++ b/nixpkgs/nixos/modules/services/networking/create_ap.nix @@ -8,11 +8,11 @@ let in { options = { services.create_ap = { - enable = mkEnableOption (lib.mdDoc "setting up wifi hotspots using create_ap"); + enable = mkEnableOption "setting up wifi hotspots using create_ap"; settings = mkOption { type = with types; attrsOf (oneOf [ int bool str ]); default = {}; - description = lib.mdDoc '' + description = '' Configuration for `create_ap`. See [upstream example configuration](https://raw.githubusercontent.com/lakinduakash/linux-wifi-hotspot/master/src/scripts/create_ap.conf) for supported values. diff --git a/nixpkgs/nixos/modules/services/networking/croc.nix b/nixpkgs/nixos/modules/services/networking/croc.nix index 45bfd447da45..799bf390d526 100644 --- a/nixpkgs/nixos/modules/services/networking/croc.nix +++ b/nixpkgs/nixos/modules/services/networking/croc.nix @@ -6,19 +6,19 @@ let in { options.services.croc = { - enable = lib.mkEnableOption (lib.mdDoc "croc relay"); + enable = lib.mkEnableOption "croc relay"; ports = lib.mkOption { type = with types; listOf port; default = [9009 9010 9011 9012 9013]; - description = lib.mdDoc "Ports of the relay."; + description = "Ports of the relay."; }; pass = lib.mkOption { type = with types; either path str; default = "pass123"; - description = lib.mdDoc "Password or passwordfile for the relay."; + description = "Password or passwordfile for the relay."; }; - openFirewall = lib.mkEnableOption (lib.mdDoc "opening of the peer port(s) in the firewall"); - debug = lib.mkEnableOption (lib.mdDoc "debug logs"); + openFirewall = lib.mkEnableOption "opening of the peer port(s) in the firewall"; + debug = lib.mkEnableOption "debug logs"; }; config = lib.mkIf cfg.enable { diff --git a/nixpkgs/nixos/modules/services/networking/dae.nix b/nixpkgs/nixos/modules/services/networking/dae.nix index 404ce59741f8..34ebb47c18e7 100644 --- a/nixpkgs/nixos/modules/services/networking/dae.nix +++ b/nixpkgs/nixos/modules/services/networking/dae.nix @@ -13,8 +13,7 @@ in options = { services.dae = with lib;{ - enable = mkEnableOption - (mdDoc "dae, a Linux high-performance transparent proxy solution based on eBPF"); + enable = mkEnableOption "dae, a Linux high-performance transparent proxy solution based on eBPF"; package = mkPackageOption pkgs "dae" { }; @@ -23,7 +22,7 @@ in type = with types;(listOf path); default = with pkgs; [ v2ray-geoip v2ray-domain-list-community ]; defaultText = literalExpression "with pkgs; [ v2ray-geoip v2ray-domain-list-community ]"; - description = mdDoc '' + description = '' Assets required to run dae. ''; }; @@ -37,7 +36,7 @@ in paths = assets; })/share/v2ray ''; - description = mdDoc '' + description = '' The path which contains geolocation database. This option will override `assets`. ''; @@ -46,7 +45,7 @@ in openFirewall = mkOption { type = with types; submodule { options = { - enable = mkEnableOption (mdDoc "opening {option}`port` in the firewall"); + enable = mkEnableOption "opening {option}`port` in the firewall"; port = mkOption { type = types.port; description = '' @@ -65,7 +64,7 @@ in port = 12345; } ''; - description = mdDoc '' + description = '' Open the firewall port. ''; }; @@ -74,7 +73,7 @@ in type = with types; (nullOr path); default = null; example = "/path/to/your/config.dae"; - description = mdDoc '' + description = '' The path of dae config file, end with `.dae`. ''; }; @@ -82,7 +81,7 @@ in config = mkOption { type = with types; (nullOr str); default = null; - description = mdDoc '' + description = '' WARNING: This option will expose store your config unencrypted world-readable in the nix store. Config text for dae. @@ -91,7 +90,7 @@ in }; disableTxChecksumIpGeneric = - mkEnableOption "" // { description = mdDoc "See <https://github.com/daeuniverse/dae/issues/43>"; }; + mkEnableOption "" // { description = "See <https://github.com/daeuniverse/dae/issues/43>"; }; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/dante.nix b/nixpkgs/nixos/modules/services/networking/dante.nix index f0d1d6305c54..d5e76b83986b 100644 --- a/nixpkgs/nixos/modules/services/networking/dante.nix +++ b/nixpkgs/nixos/modules/services/networking/dante.nix @@ -19,11 +19,11 @@ in options = { services.dante = { - enable = mkEnableOption (lib.mdDoc "Dante SOCKS proxy"); + enable = mkEnableOption "Dante SOCKS proxy"; config = mkOption { type = types.lines; - description = lib.mdDoc '' + description = '' Contents of Dante's configuration file. NOTE: user.privileged, user.unprivileged and logoutput are set by the service. ''; diff --git a/nixpkgs/nixos/modules/services/networking/ddclient.nix b/nixpkgs/nixos/modules/services/networking/ddclient.nix index 18f205b8d99e..b912550e1155 100644 --- a/nixpkgs/nixos/modules/services/networking/ddclient.nix +++ b/nixpkgs/nixos/modules/services/networking/ddclient.nix @@ -63,7 +63,7 @@ with lib; enable = mkOption { default = false; type = bool; - description = lib.mdDoc '' + description = '' Whether to synchronise your machine's IP address with a dynamic DNS provider (e.g. dyndns.org). ''; }; @@ -72,7 +72,7 @@ with lib; type = package; default = pkgs.ddclient; defaultText = lib.literalExpression "pkgs.ddclient"; - description = lib.mdDoc '' + description = '' The ddclient executable package run by the service. ''; }; @@ -80,7 +80,7 @@ with lib; domains = mkOption { default = [ "" ]; type = listOf str; - description = lib.mdDoc '' + description = '' Domain name(s) to synchronize. ''; }; @@ -90,7 +90,7 @@ with lib; default = lib.optionalString (config.services.ddclient.protocol == "nsupdate") "${pkgs.bind.dnsutils}/bin/nsupdate"; defaultText = ""; type = str; - description = lib.mdDoc '' + description = '' User name. ''; }; @@ -98,7 +98,7 @@ with lib; passwordFile = mkOption { default = null; type = nullOr str; - description = lib.mdDoc '' + description = '' A file containing the password or a TSIG key in named format when using the nsupdate protocol. ''; }; @@ -106,7 +106,7 @@ with lib; interval = mkOption { default = "10min"; type = str; - description = lib.mdDoc '' + description = '' The interval at which to run the check and update. See {command}`man 7 systemd.time` for the format. ''; @@ -115,7 +115,7 @@ with lib; configFile = mkOption { default = null; type = nullOr path; - description = lib.mdDoc '' + description = '' Path to configuration file. When set this overrides the generated configuration from module options. ''; @@ -125,7 +125,7 @@ with lib; protocol = mkOption { default = "dyndns2"; type = str; - description = lib.mdDoc '' + description = '' Protocol to use with dynamic DNS provider (see https://ddclient.net/protocols.html ). ''; }; @@ -133,7 +133,7 @@ with lib; server = mkOption { default = ""; type = str; - description = lib.mdDoc '' + description = '' Server address. ''; }; @@ -141,7 +141,7 @@ with lib; ssl = mkOption { default = true; type = bool; - description = lib.mdDoc '' + description = '' Whether to use SSL/TLS to connect to dynamic DNS provider. ''; }; @@ -149,7 +149,7 @@ with lib; quiet = mkOption { default = false; type = bool; - description = lib.mdDoc '' + description = '' Print no messages for unnecessary updates. ''; }; @@ -157,7 +157,7 @@ with lib; script = mkOption { default = ""; type = str; - description = lib.mdDoc '' + description = '' script as required by some providers. ''; }; @@ -165,7 +165,7 @@ with lib; use = mkOption { default = "web, web=checkip.dyndns.com/, web-skip='Current IP Address: '"; type = str; - description = lib.mdDoc '' + description = '' Method to determine the IP address to send to the dynamic DNS provider. ''; }; @@ -173,7 +173,7 @@ with lib; verbose = mkOption { default = false; type = bool; - description = lib.mdDoc '' + description = '' Print verbose information. ''; }; @@ -181,7 +181,7 @@ with lib; zone = mkOption { default = ""; type = str; - description = lib.mdDoc '' + description = '' zone as required by some providers. ''; }; @@ -189,7 +189,7 @@ with lib; extraConfig = mkOption { default = ""; type = lines; - description = lib.mdDoc '' + description = '' Extra configuration. Contents will be added verbatim to the configuration file. ::: {.note} diff --git a/nixpkgs/nixos/modules/services/networking/deconz.nix b/nixpkgs/nixos/modules/services/networking/deconz.nix index 05b724708777..88b0ee612d87 100644 --- a/nixpkgs/nixos/modules/services/networking/deconz.nix +++ b/nixpkgs/nixos/modules/services/networking/deconz.nix @@ -93,6 +93,13 @@ in # be garbage collected. Ensure the file gets "refreshed" on every start. rm -f ${stateDir}/.local/share/dresden-elektronik/deCONZ/zcldb.txt ''; + postStart = '' + # Delay signalling service readiness until it's actually up. + while ! "${lib.getExe pkgs.curl}" -sSfL -o /dev/null "http://${cfg.listenAddress}:${toString cfg.httpPort}"; do + echo "Waiting for TCP port ${toString cfg.httpPort} to be open..." + sleep 1 + done + ''; environment = { HOME = stateDir; XDG_RUNTIME_DIR = "/run/${name}"; diff --git a/nixpkgs/nixos/modules/services/networking/dhcpcd.nix b/nixpkgs/nixos/modules/services/networking/dhcpcd.nix index 8d5ac02ba88b..a88ce0f1b5a5 100644 --- a/nixpkgs/nixos/modules/services/networking/dhcpcd.nix +++ b/nixpkgs/nixos/modules/services/networking/dhcpcd.nix @@ -119,7 +119,7 @@ in networking.dhcpcd.enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable dhcpcd for device configuration. This is mainly to explicitly disable dhcpcd (for example when using networkd). ''; @@ -128,7 +128,7 @@ in networking.dhcpcd.persistent = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whenever to leave interfaces configured on dhcpcd daemon shutdown. Set to true if you have your root or store mounted over the network or this machine accepts SSH connections @@ -140,7 +140,7 @@ in networking.dhcpcd.denyInterfaces = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' Disable the DHCP client for any interface whose name matches any of the shell glob patterns in this list. The purpose of this option is to blacklist virtual interfaces such as those @@ -151,7 +151,7 @@ in networking.dhcpcd.allowInterfaces = mkOption { type = types.nullOr (types.listOf types.str); default = null; - description = lib.mdDoc '' + description = '' Enable the DHCP client for any interface whose name matches any of the shell glob patterns in this list. Any interface not explicitly matched by this pattern will be denied. This pattern only @@ -162,7 +162,7 @@ in networking.dhcpcd.extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Literal string to append to the config file generated for dhcpcd. ''; }; @@ -170,7 +170,7 @@ in networking.dhcpcd.IPv6rs = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Force enable or disable solicitation and receipt of IPv6 Router Advertisements. This is required, for example, when using a static unique local IPv6 address (ULA) and global IPv6 address auto-configuration with SLAAC. @@ -181,7 +181,7 @@ in type = types.lines; default = ""; example = "if [[ $reason =~ BOUND ]]; then echo $interface: Routers are $new_routers - were $old_routers; fi"; - description = lib.mdDoc '' + description = '' Shell code that will be run after all other hooks. See `man dhcpcd-run-hooks` for details on what is possible. ''; @@ -190,7 +190,7 @@ in networking.dhcpcd.wait = mkOption { type = types.enum [ "background" "any" "ipv4" "ipv6" "both" "if-carrier-up" ]; default = "any"; - description = lib.mdDoc '' + description = '' This option specifies when the dhcpcd service will fork to background. If set to "background", dhcpcd will fork to background immediately. If set to "ipv4" or "ipv6", dhcpcd will wait for the corresponding IP diff --git a/nixpkgs/nixos/modules/services/networking/dnscache.nix b/nixpkgs/nixos/modules/services/networking/dnscache.nix index 4f5b77a5b685..160c7611c6b8 100644 --- a/nixpkgs/nixos/modules/services/networking/dnscache.nix +++ b/nixpkgs/nixos/modules/services/networking/dnscache.nix @@ -38,26 +38,26 @@ in { enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc "Whether to run the dnscache caching dns server."; + description = "Whether to run the dnscache caching dns server."; }; ip = mkOption { default = "0.0.0.0"; type = types.str; - description = lib.mdDoc "IP address on which to listen for connections."; + description = "IP address on which to listen for connections."; }; clientIps = mkOption { default = [ "127.0.0.1" ]; type = types.listOf types.str; - description = lib.mdDoc "Client IP addresses (or prefixes) from which to accept connections."; + description = "Client IP addresses (or prefixes) from which to accept connections."; example = ["192.168" "172.23.75.82"]; }; domainServers = mkOption { default = { }; type = types.attrsOf (types.listOf types.str); - description = lib.mdDoc '' + description = '' Table of {hostname: server} pairs to use as authoritative servers for hosts (and subhosts). If entry for @ is not specified predefined list of root servers is used. ''; @@ -72,7 +72,7 @@ in { forwardOnly = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to treat root servers (for @) as caching servers, requesting addresses the same way a client does. This is needed if you want to use e.g. Google DNS as your upstream DNS. diff --git a/nixpkgs/nixos/modules/services/networking/dnscrypt-proxy2.nix b/nixpkgs/nixos/modules/services/networking/dnscrypt-proxy2.nix index 4592a0c2f6b3..980eda117b1e 100644 --- a/nixpkgs/nixos/modules/services/networking/dnscrypt-proxy2.nix +++ b/nixpkgs/nixos/modules/services/networking/dnscrypt-proxy2.nix @@ -6,10 +6,10 @@ in { options.services.dnscrypt-proxy2 = { - enable = mkEnableOption (lib.mdDoc "dnscrypt-proxy2"); + enable = mkEnableOption "dnscrypt-proxy2"; settings = mkOption { - description = lib.mdDoc '' + description = '' Attrset that is converted and passed as TOML config file. For available params, see: <https://github.com/DNSCrypt/dnscrypt-proxy/blob/${pkgs.dnscrypt-proxy.version}/dnscrypt-proxy/example-dnscrypt-proxy.toml> ''; @@ -28,7 +28,7 @@ in }; upstreamDefaults = mkOption { - description = lib.mdDoc '' + description = '' Whether to base the config declared in {option}`services.dnscrypt-proxy2.settings` on the upstream example config (<https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/dnscrypt-proxy/example-dnscrypt-proxy.toml>) Disable this if you want to declare your dnscrypt config from scratch. @@ -38,7 +38,7 @@ in }; configFile = mkOption { - description = lib.mdDoc '' + description = '' Path to TOML config file. See: <https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/dnscrypt-proxy/example-dnscrypt-proxy.toml> If this option is set, it will override any configuration done in options.services.dnscrypt-proxy2.settings. ''; @@ -49,12 +49,12 @@ in passAsFile = [ "json" ]; } '' ${if cfg.upstreamDefaults then '' - ${pkgs.remarshal}/bin/toml2json ${pkgs.dnscrypt-proxy.src}/dnscrypt-proxy/example-dnscrypt-proxy.toml > example.json - ${pkgs.jq}/bin/jq --slurp add example.json $jsonPath > config.json # merges the two + ${pkgs.buildPackages.remarshal}/bin/toml2json ${pkgs.dnscrypt-proxy.src}/dnscrypt-proxy/example-dnscrypt-proxy.toml > example.json + ${pkgs.buildPackages.jq}/bin/jq --slurp add example.json $jsonPath > config.json # merges the two '' else '' cp $jsonPath config.json ''} - ${pkgs.remarshal}/bin/json2toml < config.json > $out + ${pkgs.buildPackages.remarshal}/bin/json2toml < config.json > $out ''; defaultText = literalMD "TOML file generated from {option}`services.dnscrypt-proxy2.settings`"; }; diff --git a/nixpkgs/nixos/modules/services/networking/dnscrypt-wrapper.nix b/nixpkgs/nixos/modules/services/networking/dnscrypt-wrapper.nix index 741f054cd88b..fb07d893b88e 100644 --- a/nixpkgs/nixos/modules/services/networking/dnscrypt-wrapper.nix +++ b/nixpkgs/nixos/modules/services/networking/dnscrypt-wrapper.nix @@ -124,12 +124,12 @@ in { ###### interface options.services.dnscrypt-wrapper = { - enable = mkEnableOption (lib.mdDoc "DNSCrypt wrapper"); + enable = mkEnableOption "DNSCrypt wrapper"; address = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc '' + description = '' The DNSCrypt wrapper will bind to this IP address. ''; }; @@ -137,7 +137,7 @@ in { port = mkOption { type = types.port; default = 5353; - description = lib.mdDoc '' + description = '' The DNSCrypt wrapper will listen for DNS queries on this port. ''; }; @@ -147,7 +147,7 @@ in { default = "2.dnscrypt-cert.${config.networking.hostName}"; defaultText = literalExpression ''"2.dnscrypt-cert.''${config.networking.hostName}"''; example = "2.dnscrypt-cert.myresolver"; - description = lib.mdDoc '' + description = '' The name that will be given to this DNSCrypt resolver. Note: the resolver name must start with `2.dnscrypt-cert.`. ''; @@ -157,7 +157,7 @@ in { type = types.nullOr types.path; default = null; example = "/etc/secrets/public.key"; - description = lib.mdDoc '' + description = '' The filepath to the provider public key. If not given a new provider key pair will be generated on the first run. ''; @@ -167,7 +167,7 @@ in { type = types.nullOr types.path; default = null; example = "/etc/secrets/secret.key"; - description = lib.mdDoc '' + description = '' The filepath to the provider secret key. If not given a new provider key pair will be generated on the first run. ''; @@ -176,7 +176,7 @@ in { upstream.address = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc '' + description = '' The IP address of the upstream DNS server DNSCrypt will "wrap". ''; }; @@ -184,7 +184,7 @@ in { upstream.port = mkOption { type = types.port; default = 53; - description = lib.mdDoc '' + description = '' The port of the upstream DNS server DNSCrypt will "wrap". ''; }; @@ -192,7 +192,7 @@ in { keys.expiration = mkOption { type = types.int; default = 30; - description = lib.mdDoc '' + description = '' The duration (in days) of the time-limited secret key. This will be automatically rotated before expiration. ''; @@ -201,7 +201,7 @@ in { keys.checkInterval = mkOption { type = types.int; default = 1440; - description = lib.mdDoc '' + description = '' The time interval (in minutes) between key expiration checks. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/dnsdist.nix b/nixpkgs/nixos/modules/services/networking/dnsdist.nix index 792185c9fbea..cf17a87f649f 100644 --- a/nixpkgs/nixos/modules/services/networking/dnsdist.nix +++ b/nixpkgs/nixos/modules/services/networking/dnsdist.nix @@ -80,31 +80,31 @@ let in { options = { services.dnsdist = { - enable = mkEnableOption (lib.mdDoc "dnsdist domain name server"); + enable = mkEnableOption "dnsdist domain name server"; listenAddress = mkOption { type = types.str; - description = lib.mdDoc "Listen IP address"; + description = "Listen IP address"; default = "0.0.0.0"; }; listenPort = mkOption { type = types.port; - description = lib.mdDoc "Listen port"; + description = "Listen port"; default = 53; }; dnscrypt = { - enable = mkEnableOption (lib.mdDoc "a DNSCrypt endpoint to dnsdist"); + enable = mkEnableOption "a DNSCrypt endpoint to dnsdist"; listenAddress = mkOption { type = types.str; - description = lib.mdDoc "Listen IP address of the endpoint"; + description = "Listen IP address of the endpoint"; default = "0.0.0.0"; }; listenPort = mkOption { type = types.port; - description = lib.mdDoc "Listen port of the endpoint"; + description = "Listen port of the endpoint"; default = 443; }; @@ -113,7 +113,7 @@ in { default = "2.dnscrypt-cert.${config.networking.hostName}"; defaultText = literalExpression "2.dnscrypt-cert.\${config.networking.hostName}"; example = "2.dnscrypt-cert.myresolver"; - description = lib.mdDoc '' + description = '' The name that will be given to this DNSCrypt resolver. ::: {.note} @@ -125,7 +125,7 @@ in { providerKey = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' The filepath to the provider secret key. If not given a new provider key pair will be generated in /var/lib/dnsdist on the first run. @@ -139,7 +139,7 @@ in { certLifetime = mkOption { type = types.ints.positive; default = 15; - description = lib.mdDoc '' + description = '' The lifetime (in minutes) of the resolver certificate. This will be automatically rotated before expiration. ''; @@ -150,7 +150,7 @@ in { extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra lines to be added verbatim to dnsdist.conf. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/dnsmasq.nix b/nixpkgs/nixos/modules/services/networking/dnsmasq.nix index d01a1b6707a5..e9052cdd3fae 100644 --- a/nixpkgs/nixos/modules/services/networking/dnsmasq.nix +++ b/nixpkgs/nixos/modules/services/networking/dnsmasq.nix @@ -48,7 +48,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to run dnsmasq. ''; }; @@ -58,7 +58,7 @@ in resolveLocalQueries = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether dnsmasq should resolve local queries (i.e. add 127.0.0.1 to /etc/resolv.conf). ''; @@ -67,7 +67,7 @@ in alwaysKeepRunning = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' If enabled, systemd will always respawn dnsmasq even if shut down manually. The default, disabled, will only restart it on error. ''; }; @@ -81,14 +81,14 @@ in type = types.listOf types.str; default = [ ]; example = [ "8.8.8.8" "8.8.4.4" ]; - description = lib.mdDoc '' + description = '' The DNS servers which dnsmasq should query. ''; }; }; default = { }; - description = lib.mdDoc '' + description = '' Configuration of dnsmasq. Lists get added one value per line (empty lists and false values don't get added, though false values get turned to comments). Gets merged with @@ -110,7 +110,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra configuration directives that should be added to `dnsmasq.conf`. diff --git a/nixpkgs/nixos/modules/services/networking/dnsproxy.nix b/nixpkgs/nixos/modules/services/networking/dnsproxy.nix index f0be74d7591f..80b66743ce9d 100644 --- a/nixpkgs/nixos/modules/services/networking/dnsproxy.nix +++ b/nixpkgs/nixos/modules/services/networking/dnsproxy.nix @@ -7,7 +7,6 @@ let lists literalExpression maintainers - mdDoc mkEnableOption mkIf mkOption @@ -25,7 +24,7 @@ in options.services.dnsproxy = { - enable = mkEnableOption (lib.mdDoc "dnsproxy"); + enable = mkEnableOption "dnsproxy"; package = mkPackageOption pkgs "dnsproxy" { }; @@ -48,7 +47,7 @@ in ]; } ''; - description = mdDoc '' + description = '' Contents of the `config.yaml` config file. The `--config-path` argument will only be passed if this set is not empty. @@ -60,7 +59,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "--upstream=1.1.1.1:53" ]; - description = lib.mdDoc '' + description = '' A list of extra command-line flags to pass to dnsproxy. For details on the available options, see <https://github.com/AdguardTeam/dnsproxy#usage>. Keep in mind that options passed through command-line flags override diff --git a/nixpkgs/nixos/modules/services/networking/doh-proxy-rust.nix b/nixpkgs/nixos/modules/services/networking/doh-proxy-rust.nix index 7f8bbb8a7699..1f3850a77bf1 100644 --- a/nixpkgs/nixos/modules/services/networking/doh-proxy-rust.nix +++ b/nixpkgs/nixos/modules/services/networking/doh-proxy-rust.nix @@ -10,13 +10,13 @@ in { options.services.doh-proxy-rust = { - enable = mkEnableOption (lib.mdDoc "doh-proxy-rust"); + enable = mkEnableOption "doh-proxy-rust"; flags = mkOption { type = types.listOf types.str; default = []; example = [ "--server-address=9.9.9.9:53" ]; - description = lib.mdDoc '' + description = '' A list of command-line flags to pass to doh-proxy. For details on the available options, see <https://github.com/jedisct1/doh-server#usage>. ''; diff --git a/nixpkgs/nixos/modules/services/networking/ejabberd.nix b/nixpkgs/nixos/modules/services/networking/ejabberd.nix index 78af256f9c81..3e92a2d3f7eb 100644 --- a/nixpkgs/nixos/modules/services/networking/ejabberd.nix +++ b/nixpkgs/nixos/modules/services/networking/ejabberd.nix @@ -26,7 +26,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable ejabberd server"; + description = "Whether to enable ejabberd server"; }; package = mkPackageOption pkgs "ejabberd" { }; @@ -34,50 +34,50 @@ in { user = mkOption { type = types.str; default = "ejabberd"; - description = lib.mdDoc "User under which ejabberd is ran"; + description = "User under which ejabberd is ran"; }; group = mkOption { type = types.str; default = "ejabberd"; - description = lib.mdDoc "Group under which ejabberd is ran"; + description = "Group under which ejabberd is ran"; }; spoolDir = mkOption { type = types.path; default = "/var/lib/ejabberd"; - description = lib.mdDoc "Location of the spooldir of ejabberd"; + description = "Location of the spooldir of ejabberd"; }; logsDir = mkOption { type = types.path; default = "/var/log/ejabberd"; - description = lib.mdDoc "Location of the logfile directory of ejabberd"; + description = "Location of the logfile directory of ejabberd"; }; configFile = mkOption { type = types.nullOr types.path; - description = lib.mdDoc "Configuration file for ejabberd in YAML format"; + description = "Configuration file for ejabberd in YAML format"; default = null; }; ctlConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Configuration of ejabberdctl"; + description = "Configuration of ejabberdctl"; }; loadDumps = mkOption { type = types.listOf types.path; default = []; - description = lib.mdDoc "Configuration dumps that should be loaded on the first startup"; + description = "Configuration dumps that should be loaded on the first startup"; example = literalExpression "[ ./myejabberd.dump ]"; }; imagemagick = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Add ImageMagick to server's path; allows for image thumbnailing"; + description = "Add ImageMagick to server's path; allows for image thumbnailing"; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/envoy.nix b/nixpkgs/nixos/modules/services/networking/envoy.nix index 779c77ff6c81..b36c184fe8d5 100644 --- a/nixpkgs/nixos/modules/services/networking/envoy.nix +++ b/nixpkgs/nixos/modules/services/networking/envoy.nix @@ -15,14 +15,14 @@ in { options.services.envoy = { - enable = mkEnableOption (lib.mdDoc "Envoy reverse proxy"); + enable = mkEnableOption "Envoy reverse proxy"; package = mkPackageOption pkgs "envoy" { }; requireValidConfig = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether a failure during config validation at build time is fatal. When the config can't be checked during build time, for example when it includes other files, disable this option. @@ -50,7 +50,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' Specify the configuration for Envoy in Nix. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/epmd.nix b/nixpkgs/nixos/modules/services/networking/epmd.nix index 318e325944b5..b450aa1b62c7 100644 --- a/nixpkgs/nixos/modules/services/networking/epmd.nix +++ b/nixpkgs/nixos/modules/services/networking/epmd.nix @@ -11,7 +11,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable socket activation for Erlang Port Mapper Daemon (epmd), which acts as a name server on all hosts involved in distributed Erlang computations. @@ -22,7 +22,7 @@ in { type = types.str; default = "[::]:4369"; - description = lib.mdDoc '' + description = '' the listenStream used by the systemd socket. see https://www.freedesktop.org/software/systemd/man/systemd.socket.html#ListenStream= for more information. use this to change the port epmd will run on. diff --git a/nixpkgs/nixos/modules/services/networking/ergo.nix b/nixpkgs/nixos/modules/services/networking/ergo.nix index 1bee0f43f988..7e06b7d76b20 100644 --- a/nixpkgs/nixos/modules/services/networking/ergo.nix +++ b/nixpkgs/nixos/modules/services/networking/ergo.nix @@ -33,25 +33,25 @@ in { options = { services.ergo = { - enable = mkEnableOption (lib.mdDoc "Ergo service"); + enable = mkEnableOption "Ergo service"; dataDir = mkOption { type = types.path; default = "/var/lib/ergo"; - description = lib.mdDoc "The data directory for the Ergo node."; + description = "The data directory for the Ergo node."; }; listen = { ip = mkOption { type = types.str; default = "0.0.0.0"; - description = lib.mdDoc "IP address on which the Ergo node should listen."; + description = "IP address on which the Ergo node should listen."; }; port = mkOption { type = types.port; default = 9006; - description = lib.mdDoc "Listen port for the Ergo node."; + description = "Listen port for the Ergo node."; }; }; @@ -60,20 +60,20 @@ in { type = types.nullOr types.str; default = null; example = "324dcf027dd4a30a932c441f365a25e86b173defa4b8e58948253471b81b72cf"; - description = lib.mdDoc "Hex-encoded Blake2b256 hash of an API key as a 64-chars long Base16 string."; + description = "Hex-encoded Blake2b256 hash of an API key as a 64-chars long Base16 string."; }; listen = { ip = mkOption { type = types.str; default = "0.0.0.0"; - description = lib.mdDoc "IP address that the Ergo node API should listen on if {option}`api.keyHash` is defined."; + description = "IP address that the Ergo node API should listen on if {option}`api.keyHash` is defined."; }; port = mkOption { type = types.port; default = 9052; - description = lib.mdDoc "Listen port for the API endpoint if {option}`api.keyHash` is defined."; + description = "Listen port for the API endpoint if {option}`api.keyHash` is defined."; }; }; }; @@ -81,26 +81,26 @@ in { testnet = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Connect to testnet network instead of the default mainnet."; + description = "Connect to testnet network instead of the default mainnet."; }; user = mkOption { type = types.str; default = "ergo"; - description = lib.mdDoc "The user as which to run the Ergo node."; + description = "The user as which to run the Ergo node."; }; group = mkOption { type = types.str; default = cfg.user; defaultText = literalExpression "config.${opt.user}"; - description = lib.mdDoc "The group as which to run the Ergo node."; + description = "The group as which to run the Ergo node."; }; openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Open ports in the firewall for the Ergo node as well as the API."; + description = "Open ports in the firewall for the Ergo node as well as the API."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/ergochat.nix b/nixpkgs/nixos/modules/services/networking/ergochat.nix index a003512677eb..b4b4e488fc11 100644 --- a/nixpkgs/nixos/modules/services/networking/ergochat.nix +++ b/nixpkgs/nixos/modules/services/networking/ergochat.nix @@ -4,12 +4,12 @@ in { options = { services.ergochat = { - enable = lib.mkEnableOption (lib.mdDoc "Ergo IRC daemon"); + enable = lib.mkEnableOption "Ergo IRC daemon"; openFilesLimit = lib.mkOption { type = lib.types.int; default = 1024; - description = lib.mdDoc '' + description = '' Maximum number of open files. Limits the clients and server connections. ''; }; @@ -18,7 +18,7 @@ in { type = lib.types.path; default = (pkgs.formats.yaml {}).generate "ergo.conf" cfg.settings; defaultText = lib.literalMD "generated config file from `settings`"; - description = lib.mdDoc '' + description = '' Path to configuration file. Setting this will skip any configuration done via `settings` ''; @@ -26,7 +26,7 @@ in { settings = lib.mkOption { type = (pkgs.formats.yaml {}).type; - description = lib.mdDoc '' + description = '' Ergo IRC daemon configuration file. https://raw.githubusercontent.com/ergochat/ergo/master/default.yaml ''; diff --git a/nixpkgs/nixos/modules/services/networking/eternal-terminal.nix b/nixpkgs/nixos/modules/services/networking/eternal-terminal.nix index c6b6b04dcf72..f4456f4d99c8 100644 --- a/nixpkgs/nixos/modules/services/networking/eternal-terminal.nix +++ b/nixpkgs/nixos/modules/services/networking/eternal-terminal.nix @@ -16,12 +16,12 @@ in services.eternal-terminal = { - enable = mkEnableOption (lib.mdDoc "Eternal Terminal server"); + enable = mkEnableOption "Eternal Terminal server"; port = mkOption { default = 2022; type = types.port; - description = lib.mdDoc '' + description = '' The port the server should listen on. Will use the server's default (2022) if not specified. Make sure to open this port in the firewall if necessary. @@ -31,7 +31,7 @@ in verbosity = mkOption { default = 0; type = types.enum (lib.range 0 9); - description = lib.mdDoc '' + description = '' The verbosity level (0-9). ''; }; @@ -39,7 +39,7 @@ in silent = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' If enabled, disables all logging. ''; }; @@ -47,7 +47,7 @@ in logSize = mkOption { default = 20971520; type = types.int; - description = lib.mdDoc '' + description = '' The maximum log size. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/expressvpn.nix b/nixpkgs/nixos/modules/services/networking/expressvpn.nix index 05c24d8bccff..c1d287f57bc2 100644 --- a/nixpkgs/nixos/modules/services/networking/expressvpn.nix +++ b/nixpkgs/nixos/modules/services/networking/expressvpn.nix @@ -5,7 +5,7 @@ with lib; options.services.expressvpn.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable the ExpressVPN daemon. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/fakeroute.nix b/nixpkgs/nixos/modules/services/networking/fakeroute.nix index faf5879a6ed3..c832a33ffedd 100644 --- a/nixpkgs/nixos/modules/services/networking/fakeroute.nix +++ b/nixpkgs/nixos/modules/services/networking/fakeroute.nix @@ -14,7 +14,7 @@ in services.fakeroute = { - enable = lib.mkEnableOption (lib.mdDoc "the fakeroute service"); + enable = lib.mkEnableOption "the fakeroute service"; route = lib.mkOption { type = with lib.types; listOf str; @@ -25,7 +25,7 @@ in "198.116.142.34" "63.199.8.242" ]; - description = lib.mdDoc '' + description = '' Fake route that will appear after the real one to any host running a traceroute. ''; diff --git a/nixpkgs/nixos/modules/services/networking/ferm.nix b/nixpkgs/nixos/modules/services/networking/ferm.nix index 5ebf7aacb4db..91412f53009c 100644 --- a/nixpkgs/nixos/modules/services/networking/ferm.nix +++ b/nixpkgs/nixos/modules/services/networking/ferm.nix @@ -20,7 +20,7 @@ in { enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to enable Ferm Firewall. *Warning*: Enabling this service WILL disable the existing NixOS firewall! Default firewall rules provided by packages are not @@ -28,7 +28,7 @@ in { ''; }; config = mkOption { - description = lib.mdDoc "Verbatim ferm.conf configuration."; + description = "Verbatim ferm.conf configuration."; default = ""; defaultText = literalMD "empty firewall, allows any traffic"; type = types.lines; diff --git a/nixpkgs/nixos/modules/services/networking/firefox-syncserver.nix b/nixpkgs/nixos/modules/services/networking/firefox-syncserver.nix index 71eb2f537acc..a9fcd883beb0 100644 --- a/nixpkgs/nixos/modules/services/networking/firefox-syncserver.nix +++ b/nixpkgs/nixos/modules/services/networking/firefox-syncserver.nix @@ -77,7 +77,7 @@ in { options = { services.firefox-syncserver = { - enable = lib.mkEnableOption (lib.mdDoc '' + enable = lib.mkEnableOption '' the Firefox Sync storage service. Out of the box this will not be very useful unless you also configure at least @@ -92,13 +92,13 @@ in ``` {option}`${opt.singleNode.enable}` does this automatically when enabled - ''); + ''; package = lib.mkOption { type = lib.types.package; default = pkgs.syncstorage-rs; defaultText = lib.literalExpression "pkgs.syncstorage-rs"; - description = lib.mdDoc '' + description = '' Package to use. ''; }; @@ -109,7 +109,7 @@ in # behavior ever change. type = lib.types.strMatching "[a-z_][a-z0-9_]*"; default = defaultDatabase; - description = lib.mdDoc '' + description = '' Database to use for storage. Will be created automatically if it does not exist and `config.${opt.database.createLocally}` is set. ''; @@ -118,7 +118,7 @@ in database.user = lib.mkOption { type = lib.types.str; default = defaultUser; - description = lib.mdDoc '' + description = '' Username for database connections. ''; }; @@ -126,7 +126,7 @@ in database.host = lib.mkOption { type = lib.types.str; default = "localhost"; - description = lib.mdDoc '' + description = '' Database host name. `localhost` is treated specially and inserts systemd dependencies, other hostnames or IP addresses of the local machine do not. ''; @@ -135,7 +135,7 @@ in database.createLocally = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to create database and user on the local machine if they do not exist. This includes enabling unix domain socket authentication for the configured user. ''; @@ -144,7 +144,7 @@ in logLevel = lib.mkOption { type = lib.types.str; default = "error"; - description = lib.mdDoc '' + description = '' Log level to run with. This can be a simple log level like `error` or `trace`, or a more complicated logging expression. ''; @@ -152,7 +152,7 @@ in secrets = lib.mkOption { type = lib.types.path; - description = lib.mdDoc '' + description = '' A file containing the various secrets. Should be in the format expected by systemd's `EnvironmentFile` directory. Two secrets are currently available: `SYNC_MASTER_SECRET` and @@ -161,15 +161,15 @@ in }; singleNode = { - enable = lib.mkEnableOption (lib.mdDoc "auto-configuration for a simple single-node setup"); + enable = lib.mkEnableOption "auto-configuration for a simple single-node setup"; - enableTLS = lib.mkEnableOption (lib.mdDoc "automatic TLS setup"); + enableTLS = lib.mkEnableOption "automatic TLS setup"; - enableNginx = lib.mkEnableOption (lib.mdDoc "nginx virtualhost definitions"); + enableNginx = lib.mkEnableOption "nginx virtualhost definitions"; hostname = lib.mkOption { type = lib.types.str; - description = lib.mdDoc '' + description = '' Host name to use for this service. ''; }; @@ -177,7 +177,7 @@ in capacity = lib.mkOption { type = lib.types.ints.unsigned; default = 10; - description = lib.mdDoc '' + description = '' How many sync accounts are allowed on this server. Setting this value equal to or less than the number of currently active accounts will effectively deny service to accounts not yet registered here. @@ -190,7 +190,7 @@ in defaultText = lib.literalExpression '' ''${if cfg.singleNode.enableTLS then "https" else "http"}://''${config.${opt.singleNode.hostname}} ''; - description = lib.mdDoc '' + description = '' URL of the host. If you are not using the automatic webserver proxy setup you will have to change this setting or your sync server may not be functional. ''; @@ -205,7 +205,7 @@ in port = lib.mkOption { type = lib.types.port; default = 5000; - description = lib.mdDoc '' + description = '' Port to bind to. ''; }; @@ -213,14 +213,14 @@ in tokenserver.enabled = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable the token service as well. ''; }; }; }; default = { }; - description = lib.mdDoc '' + description = '' Settings for the sync server. These take priority over values computed from NixOS options. diff --git a/nixpkgs/nixos/modules/services/networking/fireqos.nix b/nixpkgs/nixos/modules/services/networking/fireqos.nix index b7f51a89c0e1..0b34f0b6b8b4 100644 --- a/nixpkgs/nixos/modules/services/networking/fireqos.nix +++ b/nixpkgs/nixos/modules/services/networking/fireqos.nix @@ -10,7 +10,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' If enabled, FireQOS will be launched with the specified configuration given in `config`. ''; @@ -28,7 +28,7 @@ in { class web commit 50kbit match tcp ports 80,443 ''; - description = lib.mdDoc '' + description = '' The FireQOS configuration goes here. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/firewall-iptables.nix b/nixpkgs/nixos/modules/services/networking/firewall-iptables.nix index 2d1151770008..91756f826fe8 100644 --- a/nixpkgs/nixos/modules/services/networking/firewall-iptables.nix +++ b/nixpkgs/nixos/modules/services/networking/firewall-iptables.nix @@ -260,7 +260,7 @@ in type = types.lines; default = ""; example = "iptables -A INPUT -p icmp -j ACCEPT"; - description = lib.mdDoc '' + description = '' Additional shell commands executed as part of the firewall initialisation script. These are executed just before the final "reject" firewall rule is added, so they can be used @@ -274,7 +274,7 @@ in type = types.lines; default = ""; example = "iptables -P INPUT ACCEPT"; - description = lib.mdDoc '' + description = '' Additional shell commands executed as part of the firewall shutdown script. These are executed just after the removal of the NixOS input rule, or if the service enters a failed diff --git a/nixpkgs/nixos/modules/services/networking/firewall-nftables.nix b/nixpkgs/nixos/modules/services/networking/firewall-nftables.nix index 7c7136cc96f1..a5ee7efc3c32 100644 --- a/nixpkgs/nixos/modules/services/networking/firewall-nftables.nix +++ b/nixpkgs/nixos/modules/services/networking/firewall-nftables.nix @@ -26,7 +26,7 @@ in type = types.lines; default = ""; example = "ip6 saddr { fc00::/7, fe80::/10 } tcp dport 24800 accept"; - description = lib.mdDoc '' + description = '' Additional nftables rules to be appended to the input-allow chain. @@ -38,13 +38,25 @@ in type = types.lines; default = ""; example = "iifname wg0 accept"; - description = lib.mdDoc '' + description = '' Additional nftables rules to be appended to the forward-allow chain. This option only works with the nftables based firewall. ''; }; + + extraReversePathFilterRules = mkOption { + type = types.lines; + default = ""; + example = "fib daddr . mark . iif type local accept"; + description = '' + Additional nftables rules to be appended to the rpfilter-allow + chain. + + This option only works with the nftables based firewall. + ''; + }; }; }; @@ -79,6 +91,8 @@ in meta nfproto ipv4 udp sport . udp dport { 67 . 68, 68 . 67 } accept comment "DHCPv4 client/server" fib saddr . mark ${optionalString (cfg.checkReversePath != "loose") ". iif"} oif exists accept + jump rpfilter-allow + ${optionalString cfg.logReversePathDrops '' log level info prefix "rpfilter drop: " ''} @@ -86,6 +100,10 @@ in } ''} + chain rpfilter-allow { + ${cfg.extraReversePathFilterRules} + } + chain input { type filter hook input priority filter; policy drop; diff --git a/nixpkgs/nixos/modules/services/networking/firewall.nix b/nixpkgs/nixos/modules/services/networking/firewall.nix index ac02a93836b8..a35cc51a3870 100644 --- a/nixpkgs/nixos/modules/services/networking/firewall.nix +++ b/nixpkgs/nixos/modules/services/networking/firewall.nix @@ -15,7 +15,7 @@ let default = [ ]; apply = canonicalizePortList; example = [ 22 80 ]; - description = lib.mdDoc '' + description = '' List of TCP ports on which incoming connections are accepted. ''; @@ -25,7 +25,7 @@ let type = types.listOf (types.attrsOf types.port); default = [ ]; example = [{ from = 8999; to = 9003; }]; - description = lib.mdDoc '' + description = '' A range of TCP ports on which incoming connections are accepted. ''; @@ -36,7 +36,7 @@ let default = [ ]; apply = canonicalizePortList; example = [ 53 ]; - description = lib.mdDoc '' + description = '' List of open UDP ports. ''; }; @@ -45,7 +45,7 @@ let type = types.listOf (types.attrsOf types.port); default = [ ]; example = [{ from = 60000; to = 61000; }]; - description = lib.mdDoc '' + description = '' Range of open UDP ports. ''; }; @@ -61,7 +61,7 @@ in enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable the firewall. This is a simple stateful firewall that blocks connection attempts to unauthorised TCP or UDP ports on this machine. @@ -73,7 +73,7 @@ in default = if config.networking.nftables.enable then pkgs.nftables else pkgs.iptables; defaultText = literalExpression ''if config.networking.nftables.enable then "pkgs.nftables" else "pkgs.iptables"''; example = literalExpression "pkgs.iptables-legacy"; - description = lib.mdDoc '' + description = '' The package to use for running the firewall service. ''; }; @@ -81,7 +81,7 @@ in logRefusedConnections = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to log rejected or dropped incoming connections. Note: The logs are found in the kernel logs, i.e. dmesg or journalctl -k. @@ -91,7 +91,7 @@ in logRefusedPackets = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to log all rejected or dropped incoming packets. This tends to give a lot of log messages, so it's mostly useful for debugging. @@ -103,7 +103,7 @@ in logRefusedUnicastsOnly = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' If {option}`networking.firewall.logRefusedPackets` and this option are enabled, then only log packets specifically directed at this machine, i.e., not broadcasts @@ -114,7 +114,7 @@ in rejectPackets = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' If set, refused packets are rejected rather than dropped (ignored). This means that an ICMP "port unreachable" error message is sent back to the client (or a TCP RST packet in @@ -127,7 +127,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "enp0s2" ]; - description = lib.mdDoc '' + description = '' Traffic coming in from these interfaces will be accepted unconditionally. Traffic from the loopback (lo) interface will always be accepted. @@ -137,7 +137,7 @@ in allowPing = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to respond to incoming ICMPv4 echo requests ("pings"). ICMPv6 pings are always allowed because the larger address space of IPv6 makes network scanning much @@ -149,7 +149,7 @@ in type = types.nullOr (types.separatedString " "); default = null; example = "--limit 1/minute --limit-burst 5"; - description = lib.mdDoc '' + description = '' If pings are allowed, this allows setting rate limits on them. For the iptables based firewall, it should be set like @@ -165,7 +165,7 @@ in default = true; defaultText = literalMD "`true` except if the iptables based firewall is in use and the kernel lacks rpfilter support"; example = "loose"; - description = lib.mdDoc '' + description = '' Performs a reverse path filter test on a packet. If a reply to the packet would not be sent via the same interface that the packet arrived on, it is refused. @@ -183,7 +183,7 @@ in logReversePathDrops = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Logs dropped packets failing the reverse path filter test if the option networking.firewall.checkReversePath is enabled. ''; @@ -192,7 +192,7 @@ in filterForward = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable filtering in IP forwarding. This option only works with the nftables based firewall. @@ -203,7 +203,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "ftp" "irc" "sane" "sip" "tftp" "amanda" "h323" "netbios_sn" "pptp" "snmp" ]; - description = lib.mdDoc '' + description = '' List of connection-tracking helpers that are auto-loaded. The complete list of possible values is given in the example. @@ -222,7 +222,7 @@ in autoLoadConntrackHelpers = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to auto-load connection-tracking helpers. See the description at networking.firewall.connectionTrackingModules @@ -234,7 +234,7 @@ in type = types.listOf types.package; default = [ ]; example = literalExpression "[ pkgs.ipset ]"; - description = lib.mdDoc '' + description = '' Additional packages to be included in the environment of the system as well as the path of networking.firewall.extraCommands. ''; @@ -243,7 +243,7 @@ in interfaces = mkOption { default = { }; type = with types; attrsOf (submodule [{ options = commonOptions; }]); - description = lib.mdDoc '' + description = '' Interface-specific open ports. ''; }; @@ -253,7 +253,7 @@ in visible = false; default = { default = mapAttrs (name: value: cfg.${name}) commonOptions; } // cfg.interfaces; type = with types; attrsOf (submodule [{ options = commonOptions; }]); - description = lib.mdDoc '' + description = '' All open ports. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/flannel.nix b/nixpkgs/nixos/modules/services/networking/flannel.nix index 2c2b6dc58cce..c55557b668b8 100644 --- a/nixpkgs/nixos/modules/services/networking/flannel.nix +++ b/nixpkgs/nixos/modules/services/networking/flannel.nix @@ -14,12 +14,12 @@ let }; in { options.services.flannel = { - enable = mkEnableOption (lib.mdDoc "flannel"); + enable = mkEnableOption "flannel"; package = mkPackageOption pkgs "flannel" { }; publicIp = mkOption { - description = lib.mdDoc '' + description = '' IP accessible by other nodes for inter-host communication. Defaults to the IP of the interface being used for communication. ''; @@ -28,7 +28,7 @@ in { }; iface = mkOption { - description = lib.mdDoc '' + description = '' Interface to use (IP or name) for inter-host communication. Defaults to the interface for the default route on the machine. ''; @@ -38,38 +38,38 @@ in { etcd = { endpoints = mkOption { - description = lib.mdDoc "Etcd endpoints"; + description = "Etcd endpoints"; type = types.listOf types.str; default = ["http://127.0.0.1:2379"]; }; prefix = mkOption { - description = lib.mdDoc "Etcd key prefix"; + description = "Etcd key prefix"; type = types.str; default = "/coreos.com/network"; }; caFile = mkOption { - description = lib.mdDoc "Etcd certificate authority file"; + description = "Etcd certificate authority file"; type = types.nullOr types.path; default = null; }; certFile = mkOption { - description = lib.mdDoc "Etcd cert file"; + description = "Etcd cert file"; type = types.nullOr types.path; default = null; }; keyFile = mkOption { - description = lib.mdDoc "Etcd key file"; + description = "Etcd key file"; type = types.nullOr types.path; default = null; }; }; kubeconfig = mkOption { - description = lib.mdDoc '' + description = '' Path to kubeconfig to use for storing flannel config using the Kubernetes API ''; @@ -78,12 +78,12 @@ in { }; network = mkOption { - description = lib.mdDoc " IPv4 network in CIDR format to use for the entire flannel network."; + description = " IPv4 network in CIDR format to use for the entire flannel network."; type = types.str; }; nodeName = mkOption { - description = lib.mdDoc '' + description = '' Needed when running with Kubernetes as backend as this cannot be auto-detected"; ''; type = types.nullOr types.str; @@ -93,13 +93,13 @@ in { }; storageBackend = mkOption { - description = lib.mdDoc "Determines where flannel stores its configuration at runtime"; + description = "Determines where flannel stores its configuration at runtime"; type = types.enum ["etcd" "kubernetes"]; default = "etcd"; }; subnetLen = mkOption { - description = lib.mdDoc '' + description = '' The size of the subnet allocated to each host. Defaults to 24 (i.e. /24) unless the Network was configured to be smaller than a /24 in which case it is one less than the network. @@ -109,7 +109,7 @@ in { }; subnetMin = mkOption { - description = lib.mdDoc '' + description = '' The beginning of IP range which the subnet allocation should start with. Defaults to the first subnet of Network. ''; @@ -118,7 +118,7 @@ in { }; subnetMax = mkOption { - description = lib.mdDoc '' + description = '' The end of IP range which the subnet allocation should start with. Defaults to the last subnet of Network. ''; @@ -127,7 +127,7 @@ in { }; backend = mkOption { - description = lib.mdDoc "Type of backend to use and specific configurations for that backend."; + description = "Type of backend to use and specific configurations for that backend."; type = types.attrs; default = { Type = "vxlan"; diff --git a/nixpkgs/nixos/modules/services/networking/freenet.nix b/nixpkgs/nixos/modules/services/networking/freenet.nix index e1737e820a51..3da3ab0c7df4 100644 --- a/nixpkgs/nixos/modules/services/networking/freenet.nix +++ b/nixpkgs/nixos/modules/services/networking/freenet.nix @@ -22,13 +22,13 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable the Freenet daemon"; + description = "Enable the Freenet daemon"; }; nice = mkOption { type = types.int; default = 10; - description = lib.mdDoc "Set the nice level for the Freenet daemon"; + description = "Set the nice level for the Freenet daemon"; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/freeradius.nix b/nixpkgs/nixos/modules/services/networking/freeradius.nix index 419a683cb774..7fa3a8fa17fa 100644 --- a/nixpkgs/nixos/modules/services/networking/freeradius.nix +++ b/nixpkgs/nixos/modules/services/networking/freeradius.nix @@ -33,12 +33,12 @@ let }; freeradiusConfig = { - enable = mkEnableOption (lib.mdDoc "the freeradius server"); + enable = mkEnableOption "the freeradius server"; configDir = mkOption { type = types.path; default = "/etc/raddb"; - description = lib.mdDoc '' + description = '' The path of the freeradius server configuration directory. ''; }; @@ -46,7 +46,7 @@ let debug = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable debug logging for freeradius (-xx option). This should not be left on, since it includes sensitive data such as passwords in the logs. diff --git a/nixpkgs/nixos/modules/services/networking/frp.nix b/nixpkgs/nixos/modules/services/networking/frp.nix index eb022308bc29..fc15efe5642d 100644 --- a/nixpkgs/nixos/modules/services/networking/frp.nix +++ b/nixpkgs/nixos/modules/services/networking/frp.nix @@ -12,13 +12,13 @@ in { options = { services.frp = { - enable = mkEnableOption (mdDoc "frp"); + enable = mkEnableOption "frp"; package = mkPackageOption pkgs "frp" { }; role = mkOption { type = types.enum [ "server" "client" ]; - description = mdDoc '' + description = '' The frp consists of `client` and `server`. The server is usually deployed on the machine with a public IP address, and the client is usually deployed on the machine @@ -29,7 +29,7 @@ in settings = mkOption { type = settingsFormat.type; default = { }; - description = mdDoc '' + description = '' Frp configuration, for configuration options see the example of [client](https://github.com/fatedier/frp/blob/dev/conf/frpc_full_example.toml) or [server](https://github.com/fatedier/frp/blob/dev/conf/frps_full_example.toml) on github. diff --git a/nixpkgs/nixos/modules/services/networking/frr.nix b/nixpkgs/nixos/modules/services/networking/frr.nix index 8488a4e4ef48..7f611ce7b1c7 100644 --- a/nixpkgs/nixos/modules/services/networking/frr.nix +++ b/nixpkgs/nixos/modules/services/networking/frr.nix @@ -52,13 +52,13 @@ let serviceOptions = service: { - enable = mkEnableOption (lib.mdDoc "the FRR ${toUpper service} routing protocol"); + enable = mkEnableOption "the FRR ${toUpper service} routing protocol"; configFile = mkOption { type = types.nullOr types.path; default = null; example = "/etc/frr/${daemonName service}.conf"; - description = lib.mdDoc '' + description = '' Configuration file to use for FRR ${daemonName service}. By default the NixOS generated files are used. ''; @@ -87,7 +87,7 @@ let }; in examples.${service} or ""; - description = lib.mdDoc '' + description = '' ${daemonName service} configuration statements. ''; }; @@ -95,7 +95,7 @@ let vtyListenAddress = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc '' + description = '' Address to bind to for the VTY interface. ''; }; @@ -103,7 +103,7 @@ let vtyListenPort = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' TCP Port to bind to for the VTY interface. ''; }; @@ -111,7 +111,7 @@ let extraOptions = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' Extra options for the daemon. ''; }; @@ -129,7 +129,7 @@ in enable = mkOption { type = types.bool; default = any isEnabled services; - description = lib.mdDoc '' + description = '' Whether to enable the Zebra routing manager. The Zebra routing manager is automatically enabled diff --git a/nixpkgs/nixos/modules/services/networking/gateone.nix b/nixpkgs/nixos/modules/services/networking/gateone.nix index ac3f3c9bbf2c..e68f8a47d5c0 100644 --- a/nixpkgs/nixos/modules/services/networking/gateone.nix +++ b/nixpkgs/nixos/modules/services/networking/gateone.nix @@ -6,16 +6,16 @@ in { options = { services.gateone = { - enable = mkEnableOption (lib.mdDoc "GateOne server"); + enable = mkEnableOption "GateOne server"; pidDir = mkOption { default = "/run/gateone"; type = types.path; - description = lib.mdDoc "Path of pid files for GateOne."; + description = "Path of pid files for GateOne."; }; settingsDir = mkOption { default = "/var/lib/gateone"; type = types.path; - description = lib.mdDoc "Path of configuration files for GateOne."; + description = "Path of configuration files for GateOne."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/gdomap.nix b/nixpkgs/nixos/modules/services/networking/gdomap.nix index 53ea8b6875d8..3d829cb69135 100644 --- a/nixpkgs/nixos/modules/services/networking/gdomap.nix +++ b/nixpkgs/nixos/modules/services/networking/gdomap.nix @@ -8,7 +8,7 @@ with lib; # options = { services.gdomap = { - enable = mkEnableOption (lib.mdDoc "GNUstep Distributed Objects name server"); + enable = mkEnableOption "GNUstep Distributed Objects name server"; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/ghostunnel.nix b/nixpkgs/nixos/modules/services/networking/ghostunnel.nix index d5e2ff19ce50..b8d3cc362979 100644 --- a/nixpkgs/nixos/modules/services/networking/ghostunnel.nix +++ b/nixpkgs/nixos/modules/services/networking/ghostunnel.nix @@ -24,21 +24,21 @@ let options = { listen = mkOption { - description = lib.mdDoc '' + description = '' Address and port to listen on (can be HOST:PORT, unix:PATH). ''; type = types.str; }; target = mkOption { - description = lib.mdDoc '' + description = '' Address to forward connections to (can be HOST:PORT or unix:PATH). ''; type = types.str; }; keystore = mkOption { - description = lib.mdDoc '' + description = '' Path to keystore (combined PEM with cert/key, or PKCS12 keystore). NB: storepass is not supported because it would expose credentials via `/proc/*/cmdline`. @@ -50,7 +50,7 @@ let }; cert = mkOption { - description = lib.mdDoc '' + description = '' Path to certificate (PEM with certificate chain). Not required if `keystore` is set. @@ -60,7 +60,7 @@ let }; key = mkOption { - description = lib.mdDoc '' + description = '' Path to certificate private key (PEM with private key). Not required if `keystore` is set. @@ -70,14 +70,14 @@ let }; cacert = mkOption { - description = lib.mdDoc '' + description = '' Path to CA bundle file (PEM/X509). Uses system trust store if `null`. ''; type = types.nullOr types.str; }; disableAuthentication = mkOption { - description = lib.mdDoc '' + description = '' Disable client authentication, no client certificate will be required. ''; type = types.bool; @@ -85,7 +85,7 @@ let }; allowAll = mkOption { - description = lib.mdDoc '' + description = '' If true, allow all clients, do not check client cert subject. ''; type = types.bool; @@ -93,7 +93,7 @@ let }; allowCN = mkOption { - description = lib.mdDoc '' + description = '' Allow client if common name appears in the list. ''; type = types.listOf types.str; @@ -101,7 +101,7 @@ let }; allowOU = mkOption { - description = lib.mdDoc '' + description = '' Allow client if organizational unit name appears in the list. ''; type = types.listOf types.str; @@ -109,7 +109,7 @@ let }; allowDNS = mkOption { - description = lib.mdDoc '' + description = '' Allow client if DNS subject alternative name appears in the list. ''; type = types.listOf types.str; @@ -117,7 +117,7 @@ let }; allowURI = mkOption { - description = lib.mdDoc '' + description = '' Allow client if URI subject alternative name appears in the list. ''; type = types.listOf types.str; @@ -125,13 +125,13 @@ let }; extraArguments = mkOption { - description = lib.mdDoc "Extra arguments to pass to `ghostunnel server`"; + description = "Extra arguments to pass to `ghostunnel server`"; type = types.separatedString " "; default = ""; }; unsafeTarget = mkOption { - description = lib.mdDoc '' + description = '' If set, does not limit target to localhost, 127.0.0.1, [::1], or UNIX sockets. This is meant to protect against accidental unencrypted traffic on @@ -214,12 +214,12 @@ in { options = { - services.ghostunnel.enable = mkEnableOption (lib.mdDoc "ghostunnel"); + services.ghostunnel.enable = mkEnableOption "ghostunnel"; services.ghostunnel.package = mkPackageOption pkgs "ghostunnel" { }; services.ghostunnel.servers = mkOption { - description = lib.mdDoc '' + description = '' Server mode ghostunnels (TLS listener -> plain TCP/UNIX target) ''; type = types.attrsOf (types.submodule module); diff --git a/nixpkgs/nixos/modules/services/networking/git-daemon.nix b/nixpkgs/nixos/modules/services/networking/git-daemon.nix index 80b15eedbbd4..6be72505c216 100644 --- a/nixpkgs/nixos/modules/services/networking/git-daemon.nix +++ b/nixpkgs/nixos/modules/services/networking/git-daemon.nix @@ -15,7 +15,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable Git daemon, which allows public hosting of git repositories without any access controls. This is mostly intended for read-only access. @@ -31,7 +31,7 @@ in type = types.str; default = ""; example = "/srv/git/"; - description = lib.mdDoc '' + description = '' Remap all the path requests as relative to the given path. For example, if you set base-path to /srv/git, then if you later try to pull git://example.com/hello.git, Git daemon will interpret the path as /srv/git/hello.git. @@ -41,7 +41,7 @@ in exportAll = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Publish all directories that look like Git repositories (have the objects and refs subdirectories), even if they do not have the git-daemon-export-ok file. @@ -57,7 +57,7 @@ in type = types.listOf types.str; default = []; example = [ "/srv/git" "/home/user/git/repo2" ]; - description = lib.mdDoc '' + description = '' A whitelist of paths of git repositories, or directories containing repositories all of which would be published. Paths must not end in "/". @@ -70,31 +70,31 @@ in type = types.str; default = ""; example = "example.com"; - description = lib.mdDoc "Listen on a specific IP address or hostname."; + description = "Listen on a specific IP address or hostname."; }; port = mkOption { type = types.port; default = 9418; - description = lib.mdDoc "Port to listen on."; + description = "Port to listen on."; }; options = mkOption { type = types.str; default = ""; - description = lib.mdDoc "Extra configuration options to be passed to Git daemon."; + description = "Extra configuration options to be passed to Git daemon."; }; user = mkOption { type = types.str; default = "git"; - description = lib.mdDoc "User under which Git daemon would be running."; + description = "User under which Git daemon would be running."; }; group = mkOption { type = types.str; default = "git"; - description = lib.mdDoc "Group under which Git daemon would be running."; + description = "Group under which Git daemon would be running."; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/globalprotect-vpn.nix b/nixpkgs/nixos/modules/services/networking/globalprotect-vpn.nix index 36aa93780402..4292bba78f76 100644 --- a/nixpkgs/nixos/modules/services/networking/globalprotect-vpn.nix +++ b/nixpkgs/nixos/modules/services/networking/globalprotect-vpn.nix @@ -14,10 +14,10 @@ in { options.services.globalprotect = { - enable = mkEnableOption (lib.mdDoc "globalprotect"); + enable = mkEnableOption "globalprotect"; settings = mkOption { - description = lib.mdDoc '' + description = '' GlobalProtect-openconnect configuration. For more information, visit <https://github.com/yuezk/GlobalProtect-openconnect/wiki/Configuration>. ''; @@ -31,7 +31,7 @@ in }; csdWrapper = mkOption { - description = lib.mdDoc '' + description = '' A script that will produce a Host Integrity Protection (HIP) report, as described at <https://www.infradead.org/openconnect/hip.html> ''; diff --git a/nixpkgs/nixos/modules/services/networking/gns3-server.nix b/nixpkgs/nixos/modules/services/networking/gns3-server.nix index 25583765de67..ba0d6be30f49 100644 --- a/nixpkgs/nixos/modules/services/networking/gns3-server.nix +++ b/nixpkgs/nixos/modules/services/networking/gns3-server.nix @@ -14,25 +14,25 @@ in { options = { services.gns3-server = { - enable = lib.mkEnableOption (lib.mdDoc "GNS3 Server daemon"); + enable = lib.mkEnableOption "GNS3 Server daemon"; package = lib.mkPackageOptionMD pkgs "gns3-server" { }; auth = { - enable = lib.mkEnableOption (lib.mdDoc "password based HTTP authentication to access the GNS3 Server"); + enable = lib.mkEnableOption "password based HTTP authentication to access the GNS3 Server"; user = lib.mkOption { type = lib.types.nullOr lib.types.str; default = null; example = "gns3"; - description = lib.mdDoc ''Username used to access the GNS3 Server.''; + description = ''Username used to access the GNS3 Server.''; }; passwordFile = lib.mkOption { type = lib.types.nullOr lib.types.path; default = null; example = "/run/secrets/gns3-server-password"; - description = lib.mdDoc '' + description = '' A file containing the password to access the GNS3 Server. ::: {.warning} @@ -47,7 +47,7 @@ in { type = lib.types.submodule { freeformType = settingsFormat.type; }; default = {}; example = { host = "127.0.0.1"; port = 3080; }; - description = lib.mdDoc '' + description = '' The global options in `config` file in ini format. Refer to <https://docs.gns3.com/docs/using-gns3/administration/gns3-server-configuration-file/> @@ -59,20 +59,20 @@ in { file = lib.mkOption { type = lib.types.nullOr lib.types.path; default = "/var/log/gns3/server.log"; - description = lib.mdDoc ''Path of the file GNS3 Server should log to.''; + description = ''Path of the file GNS3 Server should log to.''; }; - debug = lib.mkEnableOption (lib.mdDoc "debug logging"); + debug = lib.mkEnableOption "debug logging"; }; ssl = { - enable = lib.mkEnableOption (lib.mdDoc "SSL encryption"); + enable = lib.mkEnableOption "SSL encryption"; certFile = lib.mkOption { type = lib.types.nullOr lib.types.path; default = null; example = "/var/lib/gns3/ssl/server.pem"; - description = lib.mdDoc '' + description = '' Path to the SSL certificate file. This certificate will be offered to, and may be verified by, clients. ''; @@ -82,22 +82,22 @@ in { type = lib.types.nullOr lib.types.path; default = null; example = "/var/lib/gns3/ssl/server.key"; - description = lib.mdDoc "Private key file for the certificate."; + description = "Private key file for the certificate."; }; }; dynamips = { - enable = lib.mkEnableOption (lib.mdDoc ''Whether to enable Dynamips support.''); + enable = lib.mkEnableOption ''Whether to enable Dynamips support.''; package = lib.mkPackageOptionMD pkgs "dynamips" { }; }; ubridge = { - enable = lib.mkEnableOption (lib.mdDoc ''Whether to enable uBridge support.''); + enable = lib.mkEnableOption ''Whether to enable uBridge support.''; package = lib.mkPackageOptionMD pkgs "ubridge" { }; }; vpcs = { - enable = lib.mkEnableOption (lib.mdDoc ''Whether to enable VPCS support.''); + enable = lib.mkEnableOption ''Whether to enable VPCS support.''; package = lib.mkPackageOptionMD pkgs "vpcs" { }; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/gnunet.nix b/nixpkgs/nixos/modules/services/networking/gnunet.nix index a235f1605e54..cfe1e1709142 100644 --- a/nixpkgs/nixos/modules/services/networking/gnunet.nix +++ b/nixpkgs/nixos/modules/services/networking/gnunet.nix @@ -47,7 +47,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to run the GNUnet daemon. GNUnet is GNU's anonymous peer-to-peer communication and file sharing framework. ''; @@ -57,7 +57,7 @@ in quota = mkOption { type = types.int; default = 1024; - description = lib.mdDoc '' + description = '' Maximum file system usage (in MiB) for file sharing. ''; }; @@ -67,7 +67,7 @@ in port = mkOption { type = types.port; default = 2086; # assigned by IANA - description = lib.mdDoc '' + description = '' The UDP port for use by GNUnet. ''; }; @@ -77,7 +77,7 @@ in port = mkOption { type = types.port; default = 2086; # assigned by IANA - description = lib.mdDoc '' + description = '' The TCP port for use by GNUnet. ''; }; @@ -87,7 +87,7 @@ in maxNetDownBandwidth = mkOption { type = types.int; default = 50000; - description = lib.mdDoc '' + description = '' Maximum bandwidth usage (in bits per second) for GNUnet when downloading data. ''; @@ -96,7 +96,7 @@ in maxNetUpBandwidth = mkOption { type = types.int; default = 50000; - description = lib.mdDoc '' + description = '' Maximum bandwidth usage (in bits per second) for GNUnet when downloading data. ''; @@ -105,7 +105,7 @@ in hardNetUpBandwidth = mkOption { type = types.int; default = 0; - description = lib.mdDoc '' + description = '' Hard bandwidth limit (in bits per second) when uploading data. ''; @@ -119,7 +119,7 @@ in extraOptions = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Additional options that will be copied verbatim in `gnunet.conf`. See {manpage}`gnunet.conf(5)` for details. ''; diff --git a/nixpkgs/nixos/modules/services/networking/go-autoconfig.nix b/nixpkgs/nixos/modules/services/networking/go-autoconfig.nix index 07c628ae2cad..2fc7c53218ca 100644 --- a/nixpkgs/nixos/modules/services/networking/go-autoconfig.nix +++ b/nixpkgs/nixos/modules/services/networking/go-autoconfig.nix @@ -12,11 +12,11 @@ in { options = { services.go-autoconfig = { - enable = mkEnableOption (mdDoc "IMAP/SMTP autodiscover feature for mail clients"); + enable = mkEnableOption "IMAP/SMTP autodiscover feature for mail clients"; settings = mkOption { default = { }; - description = mdDoc '' + description = '' Configuration for go-autoconfig. See <https://github.com/L11R/go-autoconfig/blob/master/config.yml> for more information. diff --git a/nixpkgs/nixos/modules/services/networking/go-neb.nix b/nixpkgs/nixos/modules/services/networking/go-neb.nix index 78d24ecf17d9..ae414509162b 100644 --- a/nixpkgs/nixos/modules/services/networking/go-neb.nix +++ b/nixpkgs/nixos/modules/services/networking/go-neb.nix @@ -9,11 +9,11 @@ let configFile = settingsFormat.generate "config.yaml" cfg.config; in { options.services.go-neb = { - enable = mkEnableOption (lib.mdDoc "an extensible matrix bot written in Go"); + enable = mkEnableOption "an extensible matrix bot written in Go"; bindAddress = mkOption { type = types.str; - description = lib.mdDoc "Port (and optionally address) to listen on."; + description = "Port (and optionally address) to listen on."; default = ":4050"; }; @@ -21,7 +21,7 @@ in { type = types.nullOr types.path; default = null; example = "/run/keys/go-neb.env"; - description = lib.mdDoc '' + description = '' Environment variables from this file will be interpolated into the final config file using envsubst with this syntax: `$ENVIRONMENT` or `''${VARIABLE}`. @@ -32,12 +32,12 @@ in { baseUrl = mkOption { type = types.str; - description = lib.mdDoc "Public-facing endpoint that can receive webhooks."; + description = "Public-facing endpoint that can receive webhooks."; }; config = mkOption { inherit (settingsFormat) type; - description = lib.mdDoc '' + description = '' Your {file}`config.yaml` as a Nix attribute set. See [config.sample.yaml](https://github.com/matrix-org/go-neb/blob/master/config.sample.yaml) for possible options. diff --git a/nixpkgs/nixos/modules/services/networking/go-shadowsocks2.nix b/nixpkgs/nixos/modules/services/networking/go-shadowsocks2.nix index d9c4a2421d72..afbd7ea27c65 100644 --- a/nixpkgs/nixos/modules/services/networking/go-shadowsocks2.nix +++ b/nixpkgs/nixos/modules/services/networking/go-shadowsocks2.nix @@ -5,11 +5,11 @@ let cfg = config.services.go-shadowsocks2.server; in { options.services.go-shadowsocks2.server = { - enable = mkEnableOption (lib.mdDoc "go-shadowsocks2 server"); + enable = mkEnableOption "go-shadowsocks2 server"; listenAddress = mkOption { type = types.str; - description = lib.mdDoc "Server listen address or URL"; + description = "Server listen address or URL"; example = "ss://AEAD_CHACHA20_POLY1305:your-password@:8488"; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/gobgpd.nix b/nixpkgs/nixos/modules/services/networking/gobgpd.nix index b22242edaade..e5d8c190b911 100644 --- a/nixpkgs/nixos/modules/services/networking/gobgpd.nix +++ b/nixpkgs/nixos/modules/services/networking/gobgpd.nix @@ -8,12 +8,12 @@ let confFile = format.generate "gobgpd.conf" cfg.settings; in { options.services.gobgpd = { - enable = mkEnableOption (lib.mdDoc "GoBGP Routing Daemon"); + enable = mkEnableOption "GoBGP Routing Daemon"; settings = mkOption { type = format.type; default = { }; - description = lib.mdDoc '' + description = '' GoBGP configuration. Refer to <https://github.com/osrg/gobgp#documentation> for details on supported values. diff --git a/nixpkgs/nixos/modules/services/networking/gvpe.nix b/nixpkgs/nixos/modules/services/networking/gvpe.nix index 558f499022c8..275146ada2d0 100644 --- a/nixpkgs/nixos/modules/services/networking/gvpe.nix +++ b/nixpkgs/nixos/modules/services/networking/gvpe.nix @@ -42,12 +42,12 @@ in { options = { services.gvpe = { - enable = lib.mkEnableOption (lib.mdDoc "gvpe"); + enable = lib.mkEnableOption "gvpe"; nodename = mkOption { default = null; type = types.nullOr types.str; - description =lib.mdDoc '' + description = '' GVPE node name ''; }; @@ -68,7 +68,7 @@ in on alpha if-up = if-up-0 on alpha pid-file = /var/gvpe/gvpe.pid ''; - description = lib.mdDoc '' + description = '' GVPE config contents ''; }; @@ -76,14 +76,14 @@ in default = null; type = types.nullOr types.path; example = "/root/my-gvpe-conf"; - description = lib.mdDoc '' + description = '' GVPE config file, if already present ''; }; ipAddress = mkOption { default = null; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' IP address to assign to GVPE interface ''; }; @@ -91,14 +91,14 @@ in default = null; type = types.nullOr types.str; example = "10.0.0.0/8"; - description = lib.mdDoc '' + description = '' IP subnet assigned to GVPE network ''; }; customIFSetup = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Additional commands to apply in ifup script ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/hans.nix b/nixpkgs/nixos/modules/services/networking/hans.nix index 3ea95b3bdae9..00d276bcdf60 100644 --- a/nixpkgs/nixos/modules/services/networking/hans.nix +++ b/nixpkgs/nixos/modules/services/networking/hans.nix @@ -19,7 +19,7 @@ in services.hans = { clients = mkOption { default = {}; - description = lib.mdDoc '' + description = '' Each attribute of this option defines a systemd service that runs hans. Many or none may be defined. The name of each service is @@ -41,21 +41,21 @@ in server = mkOption { type = types.str; default = ""; - description = lib.mdDoc "IP address of server running hans"; + description = "IP address of server running hans"; example = "192.0.2.1"; }; extraConfig = mkOption { type = types.str; default = ""; - description = lib.mdDoc "Additional command line parameters"; + description = "Additional command line parameters"; example = "-v"; }; passwordFile = mkOption { type = types.str; default = ""; - description = lib.mdDoc "File that contains password"; + description = "File that contains password"; }; }; @@ -66,33 +66,33 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "enable hans server"; + description = "enable hans server"; }; ip = mkOption { type = types.str; default = ""; - description = lib.mdDoc "The assigned ip range"; + description = "The assigned ip range"; example = "198.51.100.0"; }; respondToSystemPings = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Force hans respond to ordinary pings"; + description = "Force hans respond to ordinary pings"; }; extraConfig = mkOption { type = types.str; default = ""; - description = lib.mdDoc "Additional command line parameters"; + description = "Additional command line parameters"; example = "-v"; }; passwordFile = mkOption { type = types.str; default = ""; - description = lib.mdDoc "File that contains password"; + description = "File that contains password"; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/haproxy.nix b/nixpkgs/nixos/modules/services/networking/haproxy.nix index a2f3be6c49ce..c764b447b0cb 100644 --- a/nixpkgs/nixos/modules/services/networking/haproxy.nix +++ b/nixpkgs/nixos/modules/services/networking/haproxy.nix @@ -17,26 +17,26 @@ with lib; options = { services.haproxy = { - enable = mkEnableOption (lib.mdDoc "HAProxy, the reliable, high performance TCP/HTTP load balancer."); + enable = mkEnableOption "HAProxy, the reliable, high performance TCP/HTTP load balancer."; package = mkPackageOption pkgs "haproxy" { }; user = mkOption { type = types.str; default = "haproxy"; - description = lib.mdDoc "User account under which haproxy runs."; + description = "User account under which haproxy runs."; }; group = mkOption { type = types.str; default = "haproxy"; - description = lib.mdDoc "Group account under which haproxy runs."; + description = "Group account under which haproxy runs."; }; config = mkOption { type = types.nullOr types.lines; default = null; - description = lib.mdDoc '' + description = '' Contents of the HAProxy configuration file, {file}`haproxy.conf`. ''; diff --git a/nixpkgs/nixos/modules/services/networking/harmonia.nix b/nixpkgs/nixos/modules/services/networking/harmonia.nix index b384ac926137..629ee436e63d 100644 --- a/nixpkgs/nixos/modules/services/networking/harmonia.nix +++ b/nixpkgs/nixos/modules/services/networking/harmonia.nix @@ -6,12 +6,12 @@ in { options = { services.harmonia = { - enable = lib.mkEnableOption (lib.mdDoc "Harmonia: Nix binary cache written in Rust"); + enable = lib.mkEnableOption "Harmonia: Nix binary cache written in Rust"; signKeyPath = lib.mkOption { type = lib.types.nullOr lib.types.path; default = null; - description = lib.mdDoc "Path to the signing key that will be used for signing the cache"; + description = "Path to the signing key that will be used for signing the cache"; }; package = lib.mkPackageOption pkgs "harmonia" { }; @@ -19,7 +19,7 @@ in settings = lib.mkOption { inherit (format) type; default = { }; - description = lib.mdDoc '' + description = '' Settings to merge with the default configuration. For the list of the default configuration, see <https://github.com/nix-community/harmonia/tree/master#configuration>. ''; diff --git a/nixpkgs/nixos/modules/services/networking/headscale.nix b/nixpkgs/nixos/modules/services/networking/headscale.nix index 0159da37de87..ea66faeabbf2 100644 --- a/nixpkgs/nixos/modules/services/networking/headscale.nix +++ b/nixpkgs/nixos/modules/services/networking/headscale.nix @@ -15,14 +15,14 @@ with lib; let in { options = { services.headscale = { - enable = mkEnableOption (lib.mdDoc "headscale, Open Source coordination server for Tailscale"); + enable = mkEnableOption "headscale, Open Source coordination server for Tailscale"; package = mkPackageOption pkgs "headscale" { }; user = mkOption { default = "headscale"; type = types.str; - description = lib.mdDoc '' + description = '' User account under which headscale runs. ::: {.note} @@ -36,7 +36,7 @@ in { group = mkOption { default = "headscale"; type = types.str; - description = lib.mdDoc '' + description = '' Group under which headscale runs. ::: {.note} @@ -50,7 +50,7 @@ in { address = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc '' + description = '' Listening address of headscale. ''; example = "0.0.0.0"; @@ -59,14 +59,14 @@ in { port = mkOption { type = types.port; default = 8080; - description = lib.mdDoc '' + description = '' Listening port of headscale. ''; example = 443; }; settings = mkOption { - description = lib.mdDoc '' + description = '' Overrides to {file}`config.yaml` as a Nix attribute set. Check the [example config](https://github.com/juanfont/headscale/blob/main/config-example.yaml) for possible options. @@ -78,7 +78,7 @@ in { server_url = mkOption { type = types.str; default = "http://127.0.0.1:8080"; - description = lib.mdDoc '' + description = '' The url clients will connect to. ''; example = "https://myheadscale.example.com:443"; @@ -87,7 +87,7 @@ in { private_key_path = mkOption { type = types.path; default = "${dataDir}/private.key"; - description = lib.mdDoc '' + description = '' Path to private key file, generated automatically if it does not exist. ''; }; @@ -95,7 +95,7 @@ in { noise.private_key_path = mkOption { type = types.path; default = "${dataDir}/noise_private.key"; - description = lib.mdDoc '' + description = '' Path to noise private key file, generated automatically if it does not exist. ''; }; @@ -104,7 +104,7 @@ in { urls = mkOption { type = types.listOf types.str; default = ["https://controlplane.tailscale.com/derpmap/default"]; - description = lib.mdDoc '' + description = '' List of urls containing DERP maps. See [How Tailscale works](https://tailscale.com/blog/how-tailscale-works/) for more information on DERP maps. ''; @@ -113,7 +113,7 @@ in { paths = mkOption { type = types.listOf types.path; default = []; - description = lib.mdDoc '' + description = '' List of file paths containing DERP maps. See [How Tailscale works](https://tailscale.com/blog/how-tailscale-works/) for more information on DERP maps. ''; @@ -122,7 +122,7 @@ in { auto_update_enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to automatically update DERP maps on a set frequency. ''; example = false; @@ -131,7 +131,7 @@ in { update_frequency = mkOption { type = types.str; default = "24h"; - description = lib.mdDoc '' + description = '' Frequency to update DERP maps. ''; example = "5m"; @@ -141,7 +141,7 @@ in { ephemeral_node_inactivity_timeout = mkOption { type = types.str; default = "30m"; - description = lib.mdDoc '' + description = '' Time before an inactive ephemeral node is deleted. ''; example = "5m"; @@ -151,42 +151,42 @@ in { type = types.enum ["sqlite3" "postgres"]; example = "postgres"; default = "sqlite3"; - description = lib.mdDoc "Database engine to use."; + description = "Database engine to use."; }; db_host = mkOption { type = types.nullOr types.str; default = null; example = "127.0.0.1"; - description = lib.mdDoc "Database host address."; + description = "Database host address."; }; db_port = mkOption { type = types.nullOr types.port; default = null; example = 3306; - description = lib.mdDoc "Database host port."; + description = "Database host port."; }; db_name = mkOption { type = types.nullOr types.str; default = null; example = "headscale"; - description = lib.mdDoc "Database name."; + description = "Database name."; }; db_user = mkOption { type = types.nullOr types.str; default = null; example = "headscale"; - description = lib.mdDoc "Database user."; + description = "Database user."; }; db_password_file = mkOption { type = types.nullOr types.path; default = null; example = "/run/keys/headscale-dbpassword"; - description = lib.mdDoc '' + description = '' A file containing the password corresponding to {option}`database.user`. ''; @@ -195,13 +195,13 @@ in { db_path = mkOption { type = types.nullOr types.str; default = "${dataDir}/db.sqlite"; - description = lib.mdDoc "Path to the sqlite3 database file."; + description = "Path to the sqlite3 database file."; }; log.level = mkOption { type = types.str; default = "info"; - description = lib.mdDoc '' + description = '' headscale log level. ''; example = "debug"; @@ -210,7 +210,7 @@ in { log.format = mkOption { type = types.str; default = "text"; - description = lib.mdDoc '' + description = '' headscale log format. ''; example = "json"; @@ -220,7 +220,7 @@ in { nameservers = mkOption { type = types.listOf types.str; default = ["1.1.1.1"]; - description = lib.mdDoc '' + description = '' List of nameservers to pass to Tailscale clients. ''; }; @@ -228,7 +228,7 @@ in { override_local_dns = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to use [Override local DNS](https://tailscale.com/kb/1054/dns/). ''; example = true; @@ -237,7 +237,7 @@ in { domains = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' Search domains to inject to Tailscale clients. ''; example = ["mydomain.internal"]; @@ -246,7 +246,7 @@ in { magic_dns = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to use [MagicDNS](https://tailscale.com/kb/1081/magicdns/). Only works if there is at least a nameserver defined. ''; @@ -256,7 +256,7 @@ in { base_domain = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Defines the base domain to create the hostnames for MagicDNS. {option}`baseDomain` must be a FQDNs, without the trailing dot. The FQDN of the hosts will be @@ -270,7 +270,7 @@ in { issuer = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' URL to OpenID issuer. ''; example = "https://openid.example.com"; @@ -279,7 +279,7 @@ in { client_id = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' OpenID Connect client ID. ''; }; @@ -287,7 +287,7 @@ in { client_secret_path = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Path to OpenID Connect client secret file. Expands environment variables in format ''${VAR}. ''; }; @@ -295,7 +295,7 @@ in { scope = mkOption { type = types.listOf types.str; default = ["openid" "profile" "email"]; - description = lib.mdDoc '' + description = '' Scopes used in the OIDC flow. ''; }; @@ -303,7 +303,7 @@ in { extra_params = mkOption { type = types.attrsOf types.str; default = { }; - description = lib.mdDoc '' + description = '' Custom query parameters to send with the Authorize Endpoint request. ''; example = { @@ -314,7 +314,7 @@ in { allowed_domains = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc '' + description = '' Allowed principal domains. if an authenticated user's domain is not in this list authentication request will be rejected. ''; @@ -324,7 +324,7 @@ in { allowed_users = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc '' + description = '' Users allowed to authenticate even if not in allowedDomains. ''; example = [ "alice@example.com" ]; @@ -333,7 +333,7 @@ in { strip_email_domain = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether the domain part of the email address should be removed when generating namespaces. ''; }; @@ -342,7 +342,7 @@ in { tls_letsencrypt_hostname = mkOption { type = types.nullOr types.str; default = ""; - description = lib.mdDoc '' + description = '' Domain name to request a TLS certificate for. ''; }; @@ -350,7 +350,7 @@ in { tls_letsencrypt_challenge_type = mkOption { type = types.enum ["TLS-ALPN-01" "HTTP-01"]; default = "HTTP-01"; - description = lib.mdDoc '' + description = '' Type of ACME challenge to use, currently supported types: `HTTP-01` or `TLS-ALPN-01`. ''; @@ -359,7 +359,7 @@ in { tls_letsencrypt_listen = mkOption { type = types.nullOr types.str; default = ":http"; - description = lib.mdDoc '' + description = '' When HTTP-01 challenge is chosen, letsencrypt must set up a verification endpoint, and it will be listening on: `:http = port 80`. @@ -369,7 +369,7 @@ in { tls_cert_path = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Path to already created certificate. ''; }; @@ -377,7 +377,7 @@ in { tls_key_path = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Path to key for already created certificate. ''; }; @@ -385,7 +385,7 @@ in { acl_policy_path = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Path to a file containing ACL policies. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/hostapd.nix b/nixpkgs/nixos/modules/services/networking/hostapd.nix index 40542155ed63..1bef5a1f0a9e 100644 --- a/nixpkgs/nixos/modules/services/networking/hostapd.nix +++ b/nixpkgs/nixos/modules/services/networking/hostapd.nix @@ -28,7 +28,6 @@ let literalExpression maintainers mapAttrsToList - mdDoc mkDefault mkEnableOption mkIf @@ -115,12 +114,12 @@ in { options = { services.hostapd = { - enable = mkEnableOption (mdDoc '' + enable = mkEnableOption '' hostapd, a user space daemon for access point and authentication servers. It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators, RADIUS client, EAP server, and RADIUS authentication server - ''); + ''; package = mkPackageOption pkgs "hostapd" {}; @@ -165,7 +164,7 @@ in { }; } ''; - description = mdDoc '' + description = '' This option allows you to define APs for one or multiple physical radios. At least one radio must be specified. @@ -186,7 +185,7 @@ in { default = "nl80211"; example = "none"; type = types.str; - description = mdDoc '' + description = '' The driver {command}`hostapd` will use. {var}`nl80211` is used with all Linux mac80211 drivers. {var}`none` is used if building a standalone RADIUS server that does @@ -198,7 +197,7 @@ in { noScan = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Disables scan for overlapping BSSs in HT40+/- mode. Caution: turning this on will likely violate regulatory requirements! ''; @@ -208,7 +207,7 @@ in { default = null; example = "US"; type = types.nullOr types.str; - description = mdDoc '' + description = '' Country code (ISO/IEC 3166-1). Used to set regulatory domain. Set as needed to indicate country in which device is operating. This can limit available channels and transmit power. @@ -229,7 +228,7 @@ in { band = mkOption { default = "2g"; type = types.enum ["2g" "5g" "6g" "60g"]; - description = mdDoc '' + description = '' Specifies the frequency band to use, possible values are 2g for 2.4 GHz, 5g for 5 GHz, 6g for 6 GHz and 60g for 60 GHz. ''; @@ -239,7 +238,7 @@ in { default = 7; example = 11; type = types.int; - description = mdDoc '' + description = '' The channel to operate on. Use 0 to enable ACS (Automatic Channel Selection). Beware that not every device supports ACS in which case {command}`hostapd` will fail to start. @@ -252,7 +251,7 @@ in { type = types.submodule { freeformType = extraSettingsFormat.type; }; - description = mdDoc '' + description = '' Extra configuration options to put at the end of global initialization, before defining BSSs. To find out which options are global and which are per-bss you have to read hostapd's source code, which is non-trivial and not documented otherwise. @@ -277,7 +276,7 @@ in { '''; } ''; - description = mdDoc '' + description = '' All of these scripts will be executed in lexicographical order before hostapd is started, right after the global segment was generated and may dynamically append global options the generated configuration file. @@ -292,7 +291,7 @@ in { enable = mkOption { default = true; type = types.bool; - description = mdDoc '' + description = '' Enables support for IEEE 802.11n (WiFi 4, HT). This is enabled by default, since the vase majority of devices are expected to support this. @@ -303,7 +302,7 @@ in { type = types.listOf types.str; default = ["HT40" "HT40-" "SHORT-GI-20" "SHORT-GI-40"]; example = ["LDPC" "HT40+" "HT40-" "GF" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1"]; - description = mdDoc '' + description = '' HT (High Throughput) capabilities given as a list of flags. Please refer to the hostapd documentation for allowed values and only set values supported by your physical adapter. @@ -315,7 +314,7 @@ in { require = mkOption { default = false; type = types.bool; - description = mdDoc "Require stations (clients) to support WiFi 4 (HT) and disassociate them if they don't."; + description = "Require stations (clients) to support WiFi 4 (HT) and disassociate them if they don't."; }; }; @@ -325,14 +324,14 @@ in { enable = mkOption { default = true; type = types.bool; - description = mdDoc "Enables support for IEEE 802.11ac (WiFi 5, VHT)"; + description = "Enables support for IEEE 802.11ac (WiFi 5, VHT)"; }; capabilities = mkOption { type = types.listOf types.str; default = []; example = ["SHORT-GI-80" "TX-STBC-2BY1" "RX-STBC-1" "RX-ANTENNA-PATTERN" "TX-ANTENNA-PATTERN"]; - description = mdDoc '' + description = '' VHT (Very High Throughput) capabilities given as a list of flags. Please refer to the hostapd documentation for allowed values and only set values supported by your physical adapter. @@ -342,7 +341,7 @@ in { require = mkOption { default = false; type = types.bool; - description = mdDoc "Require stations (clients) to support WiFi 5 (VHT) and disassociate them if they don't."; + description = "Require stations (clients) to support WiFi 5 (VHT) and disassociate them if they don't."; }; operatingChannelWidth = mkOption { @@ -355,7 +354,7 @@ in { "160" = 2; "80+80" = 3; }; - description = mdDoc '' + description = '' Determines the operating channel width for VHT. - {var}`"20or40"`: 20 or 40 MHz operating channel width @@ -372,31 +371,31 @@ in { enable = mkOption { default = false; type = types.bool; - description = mdDoc "Enables support for IEEE 802.11ax (WiFi 6, HE)"; + description = "Enables support for IEEE 802.11ax (WiFi 6, HE)"; }; require = mkOption { default = false; type = types.bool; - description = mdDoc "Require stations (clients) to support WiFi 6 (HE) and disassociate them if they don't."; + description = "Require stations (clients) to support WiFi 6 (HE) and disassociate them if they don't."; }; singleUserBeamformer = mkOption { default = false; type = types.bool; - description = mdDoc "HE single user beamformer support"; + description = "HE single user beamformer support"; }; singleUserBeamformee = mkOption { default = false; type = types.bool; - description = mdDoc "HE single user beamformee support"; + description = "HE single user beamformee support"; }; multiUserBeamformer = mkOption { default = false; type = types.bool; - description = mdDoc "HE multi user beamformee support"; + description = "HE multi user beamformee support"; }; operatingChannelWidth = mkOption { @@ -409,7 +408,7 @@ in { "160" = 2; "80+80" = 3; }; - description = mdDoc '' + description = '' Determines the operating channel width for HE. - {var}`"20or40"`: 20 or 40 MHz operating channel width @@ -426,7 +425,7 @@ in { enable = mkOption { default = false; type = types.bool; - description = mdDoc '' + description = '' Enables support for IEEE 802.11be (WiFi 7, EHT). This is currently experimental and requires you to manually enable CONFIG_IEEE80211BE when building hostapd. ''; @@ -435,19 +434,19 @@ in { singleUserBeamformer = mkOption { default = false; type = types.bool; - description = mdDoc "EHT single user beamformer support"; + description = "EHT single user beamformer support"; }; singleUserBeamformee = mkOption { default = false; type = types.bool; - description = mdDoc "EHT single user beamformee support"; + description = "EHT single user beamformee support"; }; multiUserBeamformer = mkOption { default = false; type = types.bool; - description = mdDoc "EHT multi user beamformee support"; + description = "EHT multi user beamformee support"; }; operatingChannelWidth = mkOption { @@ -460,7 +459,7 @@ in { "160" = 2; "80+80" = 3; }; - description = mdDoc '' + description = '' Determines the operating channel width for EHT. - {var}`"20or40"`: 20 or 40 MHz operating channel width @@ -487,7 +486,7 @@ in { }; } ''; - description = mdDoc '' + description = '' This defines a BSS, colloquially known as a WiFi network. You have to specify at least one. ''; @@ -496,7 +495,7 @@ in { logLevel = mkOption { default = 2; type = types.int; - description = mdDoc '' + description = '' Levels (minimum value for logged events): 0 = verbose debugging 1 = debugging @@ -510,7 +509,7 @@ in { default = "wheel"; example = "network"; type = types.str; - description = mdDoc '' + description = '' Members of this group can access the control socket for this interface. ''; }; @@ -518,20 +517,20 @@ in { utf8Ssid = mkOption { default = true; type = types.bool; - description = mdDoc "Whether the SSID is to be interpreted using UTF-8 encoding."; + description = "Whether the SSID is to be interpreted using UTF-8 encoding."; }; ssid = mkOption { example = "❄️ cool ❄️"; type = types.str; - description = mdDoc "SSID to be used in IEEE 802.11 management frames."; + description = "SSID to be used in IEEE 802.11 management frames."; }; bssid = mkOption { type = types.nullOr types.str; default = null; example = "11:22:33:44:55:66"; - description = mdDoc '' + description = '' Specifies the BSSID for this BSS. Usually determined automatically, but for now you have to manually specify them when using multiple BSS. Try assigning related addresses from the locally administered MAC address ranges, @@ -550,7 +549,7 @@ in { "allow" = 1; "radius" = 2; }; - description = mdDoc '' + description = '' Station MAC address -based authentication. The following modes are available: - {var}`"deny"`: Allow unless listed in {option}`macDeny` (default) @@ -567,7 +566,7 @@ in { type = types.listOf types.str; default = []; example = ["11:22:33:44:55:66"]; - description = mdDoc '' + description = '' Specifies the MAC addresses to allow if {option}`macAcl` is set to {var}`"allow"` or {var}`"radius"`. These values will be world-readable in the Nix store. Values will automatically be merged with {option}`macAllowFile` if necessary. @@ -577,7 +576,7 @@ in { macAllowFile = mkOption { type = types.nullOr types.path; default = null; - description = mdDoc '' + description = '' Specifies a file containing the MAC addresses to allow if {option}`macAcl` is set to {var}`"allow"` or {var}`"radius"`. The file should contain exactly one MAC address per line. Comments and empty lines are ignored, only lines starting with a valid MAC address will be considered (e.g. `11:22:33:44:55:66`) and @@ -589,7 +588,7 @@ in { type = types.listOf types.str; default = []; example = ["11:22:33:44:55:66"]; - description = mdDoc '' + description = '' Specifies the MAC addresses to deny if {option}`macAcl` is set to {var}`"deny"` or {var}`"radius"`. These values will be world-readable in the Nix store. Values will automatically be merged with {option}`macDenyFile` if necessary. @@ -599,7 +598,7 @@ in { macDenyFile = mkOption { type = types.nullOr types.path; default = null; - description = mdDoc '' + description = '' Specifies a file containing the MAC addresses to deny if {option}`macAcl` is set to {var}`"deny"` or {var}`"radius"`. The file should contain exactly one MAC address per line. Comments and empty lines are ignored, only lines starting with a valid MAC address will be considered (e.g. `11:22:33:44:55:66`) and @@ -616,7 +615,7 @@ in { "empty" = 1; "clear" = 2; }; - description = mdDoc '' + description = '' Send empty SSID in beacons and ignore probe request frames that do not specify full SSID, i.e., require stations to know SSID. Note that this does not increase security, since your clients will then broadcast the SSID instead, @@ -633,7 +632,7 @@ in { apIsolate = mkOption { default = false; type = types.bool; - description = mdDoc '' + description = '' Isolate traffic between stations (clients) and prevent them from communicating with each other. ''; @@ -645,7 +644,7 @@ in { type = types.submodule { freeformType = extraSettingsFormat.type; }; - description = mdDoc '' + description = '' Extra configuration options to put at the end of this BSS's defintion in the hostapd.conf for the associated interface. To find out which options are global and which are per-bss you have to read hostapd's source code, which is non-trivial @@ -673,7 +672,7 @@ in { '''; } ''; - description = mdDoc '' + description = '' All of these scripts will be executed in lexicographical order before hostapd is started, right after the bss segment was generated and may dynamically append bss options to the generated configuration file. @@ -689,7 +688,7 @@ in { mode = mkOption { default = "wpa3-sae"; type = types.enum ["none" "wpa2-sha256" "wpa3-sae-transition" "wpa3-sae"]; - description = mdDoc '' + description = '' Selects the authentication mode for this AP. - {var}`"none"`: Don't configure any authentication. This will disable wpa alltogether @@ -711,7 +710,7 @@ in { default = ["CCMP"]; example = ["CCMP-256" "GCMP-256"]; type = types.listOf types.str; - description = mdDoc '' + description = '' Set of accepted cipher suites (encryption algorithms) for pairwise keys (unicast packets). By default this allows just CCMP, which is the only commonly supported secure option. Use {option}`enableRecommendedPairwiseCiphers` to also enable newer recommended ciphers. @@ -726,7 +725,7 @@ in { default = false; example = true; type = types.bool; - description = mdDoc '' + description = '' Additionally enable the recommended set of pairwise ciphers. This enables newer secure ciphers, additionally to those defined in {option}`pairwiseCiphers`. You will have to test whether your hardware supports these by trial-and-error, because @@ -742,7 +741,7 @@ in { default = null; example = "a flakey password"; type = types.nullOr types.str; - description = mdDoc '' + description = '' Sets the password for WPA-PSK that will be converted to the pre-shared key. The password length must be in the range [8, 63] characters. While some devices may allow arbitrary characters (such as UTF-8) to be used, but the standard specifies @@ -759,7 +758,7 @@ in { wpaPasswordFile = mkOption { default = null; type = types.nullOr types.path; - description = mdDoc '' + description = '' Sets the password for WPA-PSK. Follows the same rules as {option}`wpaPassword`, but reads the password from the given file to prevent the password from being put into the Nix store. @@ -771,7 +770,7 @@ in { wpaPskFile = mkOption { default = null; type = types.nullOr types.path; - description = mdDoc '' + description = '' Sets the password(s) for WPA-PSK. Similar to {option}`wpaPasswordFile`, but additionally allows specifying multiple passwords, and some other options. @@ -803,7 +802,7 @@ in { { password = "sekret pazzword"; mac = "11:22:33:44:55:66"; } ] ''; - description = mdDoc '' + description = '' Sets allowed passwords for WPA3-SAE. The last matching (based on peer MAC address and identifier) entry is used to @@ -820,7 +819,7 @@ in { password = mkOption { example = "a flakey password"; type = types.str; - description = mdDoc '' + description = '' The password for this entry. SAE technically imposes no restrictions on password length or character set. But due to limitations of {command}`hostapd`'s config file format, a true newline character cannot be parsed. @@ -834,7 +833,7 @@ in { default = null; example = "11:22:33:44:55:66"; type = types.nullOr types.str; - description = mdDoc '' + description = '' If this attribute is not included, or if is set to the wildcard address (`ff:ff:ff:ff:ff:ff`), the entry is available for any station (client) to use. If a specific peer MAC address is included, only a station with that MAC address is allowed to use the entry. @@ -845,14 +844,14 @@ in { default = null; example = 1; type = types.nullOr types.int; - description = mdDoc "If this attribute is given, all clients using this entry will get tagged with the given VLAN ID."; + description = "If this attribute is given, all clients using this entry will get tagged with the given VLAN ID."; }; pk = mkOption { default = null; example = ""; type = types.nullOr types.str; - description = mdDoc '' + description = '' If this attribute is given, SAE-PK will be enabled for this connection. This prevents evil-twin attacks, but a public key is required additionally to connect. (Essentially adds pubkey authentication such that the client can verify identity of the AP) @@ -863,7 +862,7 @@ in { default = null; example = ""; type = types.nullOr types.str; - description = mdDoc '' + description = '' If this attribute is given with non-zero length, it will set the password identifier for this entry. It can then only be used with that identifier. ''; @@ -875,7 +874,7 @@ in { saePasswordsFile = mkOption { default = null; type = types.nullOr types.path; - description = mdDoc '' + description = '' Sets the password for WPA3-SAE. Follows the same rules as {option}`saePasswords`, but reads the entries from the given file to prevent them from being put into the Nix store. @@ -892,7 +891,7 @@ in { saeAddToMacAllow = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' If set, all sae password entries that have a non-wildcard MAC associated to them will additionally be used to populate the MAC allow list. This is additional to any entries set via {option}`macAllow` or {option}`macAllowFile`. diff --git a/nixpkgs/nixos/modules/services/networking/htpdate.nix b/nixpkgs/nixos/modules/services/networking/htpdate.nix index 8b9bb2888dac..6954e5b060c4 100644 --- a/nixpkgs/nixos/modules/services/networking/htpdate.nix +++ b/nixpkgs/nixos/modules/services/networking/htpdate.nix @@ -19,7 +19,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable htpdate daemon. ''; }; @@ -27,7 +27,7 @@ in extraOptions = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Additional command line arguments to pass to htpdate. ''; }; @@ -35,7 +35,7 @@ in servers = mkOption { type = types.listOf types.str; default = [ "www.google.com" ]; - description = lib.mdDoc '' + description = '' HTTP servers to use for time synchronization. ''; }; @@ -44,7 +44,7 @@ in type = types.str; default = ""; example = "127.0.0.1:8118"; - description = lib.mdDoc '' + description = '' HTTP proxy used for requests. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/https-dns-proxy.nix b/nixpkgs/nixos/modules/services/networking/https-dns-proxy.nix index 87eb23ea4585..63c38d20ac8f 100644 --- a/nixpkgs/nixos/modules/services/networking/https-dns-proxy.nix +++ b/nixpkgs/nixos/modules/services/networking/https-dns-proxy.nix @@ -46,23 +46,23 @@ in ###### interface options.services.https-dns-proxy = { - enable = mkEnableOption (lib.mdDoc "https-dns-proxy daemon"); + enable = mkEnableOption "https-dns-proxy daemon"; address = mkOption { - description = lib.mdDoc "The address on which to listen"; + description = "The address on which to listen"; type = types.str; default = "127.0.0.1"; }; port = mkOption { - description = lib.mdDoc "The port on which to listen"; + description = "The port on which to listen"; type = types.port; default = 5053; }; provider = { kind = mkOption { - description = lib.mdDoc '' + description = '' The upstream provider to use or custom in case you do not trust any of the predefined providers or just want to use your own. @@ -80,18 +80,18 @@ in }; ips = mkOption { - description = lib.mdDoc "The custom provider IPs"; + description = "The custom provider IPs"; type = types.listOf types.str; }; url = mkOption { - description = lib.mdDoc "The custom provider URL"; + description = "The custom provider URL"; type = types.str; }; }; preferIPv4 = mkOption { - description = lib.mdDoc '' + description = '' https_dns_proxy will by default use IPv6 and fail if it is not available. To play it safe, we choose IPv4. ''; @@ -100,7 +100,7 @@ in }; extraArgs = mkOption { - description = lib.mdDoc "Additional arguments to pass to the process."; + description = "Additional arguments to pass to the process."; type = types.listOf types.str; default = [ "-v" ]; }; diff --git a/nixpkgs/nixos/modules/services/networking/hylafax/options.nix b/nixpkgs/nixos/modules/services/networking/hylafax/options.nix index 49b2bef90a5f..1880aebe7a6b 100644 --- a/nixpkgs/nixos/modules/services/networking/hylafax/options.nix +++ b/nixpkgs/nixos/modules/services/networking/hylafax/options.nix @@ -37,7 +37,7 @@ let name = mkOption { type = nonEmptyStr; example = "ttyS1"; - description = lib.mdDoc '' + description = '' Name of modem device, will be searched for in {file}`/dev`. ''; @@ -45,7 +45,7 @@ let type = mkOption { type = nonEmptyStr; example = "cirrus"; - description = lib.mdDoc '' + description = '' Name of modem configuration file, will be searched for in {file}`config` in the spooling area directory. @@ -59,7 +59,7 @@ let FAXNumber = "123456"; LocalIdentifier = "LostInBerlin"; }; - description = lib.mdDoc '' + description = '' Attribute set of values for the given modem. ${commonDescr} Options defined here override options in @@ -118,13 +118,13 @@ in options.services.hylafax = { - enable = mkEnableOption (lib.mdDoc "HylaFAX server"); + enable = mkEnableOption "HylaFAX server"; autostart = mkOption { type = bool; default = true; example = false; - description = lib.mdDoc '' + description = '' Autostart the HylaFAX queue manager at system start. If this is `false`, the queue manager will still be started if there are pending @@ -136,34 +136,34 @@ in type = nullOr nonEmptyStr; default = null; example = "49"; - description = lib.mdDoc "Country code for server and all modems."; + description = "Country code for server and all modems."; }; areaCode = mkOption { type = nullOr nonEmptyStr; default = null; example = "30"; - description = lib.mdDoc "Area code for server and all modems."; + description = "Area code for server and all modems."; }; longDistancePrefix = mkOption { type = nullOr str; default = null; example = "0"; - description = lib.mdDoc "Long distance prefix for server and all modems."; + description = "Long distance prefix for server and all modems."; }; internationalPrefix = mkOption { type = nullOr str; default = null; example = "00"; - description = lib.mdDoc "International prefix for server and all modems."; + description = "International prefix for server and all modems."; }; spoolAreaPath = mkOption { type = path; default = "/var/spool/fax"; - description = lib.mdDoc '' + description = '' The spooling area will be created/maintained at the location given here. ''; @@ -172,7 +172,7 @@ in userAccessFile = mkOption { type = path; default = "/etc/hosts.hfaxd"; - description = lib.mdDoc '' + description = '' The {file}`hosts.hfaxd` file entry in the spooling area will be symlinked to the location given here. @@ -197,7 +197,7 @@ in type = path; example = literalExpression ''"''${pkgs.postfix}/bin/sendmail"''; # '' ; # fix vim - description = lib.mdDoc '' + description = '' Path to {file}`sendmail` program. The default uses the local sendmail wrapper (see {option}`config.services.mail.sendmailSetuidWrapper`), @@ -209,7 +209,7 @@ in hfaxdConfig = mkOption { type = configAttrType; example.RecvqProtection = "0400"; - description = lib.mdDoc '' + description = '' Attribute set of lines for the global hfaxd config file {file}`etc/hfaxd.conf`. ${commonDescr} @@ -222,7 +222,7 @@ in InternationalPrefix = "00"; LongDistancePrefix = "0"; }; - description = lib.mdDoc '' + description = '' Attribute set of lines for the global faxq config file {file}`etc/config`. ${commonDescr} @@ -235,7 +235,7 @@ in InternationalPrefix = "00"; LongDistancePrefix = "0"; }; - description = lib.mdDoc '' + description = '' Attribute set of default values for modem config files {file}`etc/config.*`. ${commonDescr} @@ -254,7 +254,7 @@ in LocalIdentifier = "Smith"; }; }; - description = lib.mdDoc '' + description = '' Description of installed modems. At least on modem must be defined to enable the HylaFAX server. @@ -265,22 +265,22 @@ in type = lines; default = ""; example = "chmod 0755 . # everyone may read my faxes"; - description = lib.mdDoc '' + description = '' Additional shell code that is executed within the spooling area directory right after its setup. ''; }; - faxcron.enable.spoolInit = mkEnableOption (lib.mdDoc '' + faxcron.enable.spoolInit = mkEnableOption '' purging old files from the spooling area with {file}`faxcron` each time the spooling area is initialized - ''); + ''; faxcron.enable.frequency = mkOption { type = nullOr nonEmptyStr; default = null; example = "daily"; - description = lib.mdDoc '' + description = '' purging old files from the spooling area with {file}`faxcron` with the given frequency (see systemd.time(7)) @@ -289,7 +289,7 @@ in faxcron.infoDays = mkOption { type = ints.positive; default = 30; - description = lib.mdDoc '' + description = '' Set the expiration time for data in the remote machine information directory in days. ''; @@ -297,7 +297,7 @@ in faxcron.logDays = mkOption { type = ints.positive; default = 30; - description = lib.mdDoc '' + description = '' Set the expiration time for session trace log files in days. ''; @@ -305,22 +305,22 @@ in faxcron.rcvDays = mkOption { type = ints.positive; default = 7; - description = lib.mdDoc '' + description = '' Set the expiration time for files in the received facsimile queue in days. ''; }; - faxqclean.enable.spoolInit = mkEnableOption (lib.mdDoc '' + faxqclean.enable.spoolInit = mkEnableOption '' Purge old files from the spooling area with {file}`faxqclean` each time the spooling area is initialized. - ''); + ''; faxqclean.enable.frequency = mkOption { type = nullOr nonEmptyStr; default = null; example = "daily"; - description = lib.mdDoc '' + description = '' Purge old files from the spooling area with {file}`faxcron` with the given frequency (see systemd.time(7)). @@ -330,7 +330,7 @@ in type = enum [ "never" "as-flagged" "always" ]; default = "as-flagged"; example = "always"; - description = lib.mdDoc '' + description = '' Enable or suppress job archiving: `never` disables job archiving, `as-flagged` archives jobs that @@ -343,7 +343,7 @@ in type = ints.positive; default = 15; example = literalExpression "24*60"; - description = lib.mdDoc '' + description = '' Set the job age threshold (in minutes) that controls how long jobs may reside in the doneq directory. @@ -353,7 +353,7 @@ in type = ints.positive; default = 60; example = literalExpression "24*60"; - description = lib.mdDoc '' + description = '' Set the document age threshold (in minutes) that controls how long unreferenced files may reside in the docq directory. diff --git a/nixpkgs/nixos/modules/services/networking/i2p.nix b/nixpkgs/nixos/modules/services/networking/i2p.nix index c5c7a955cbd4..2b38697b1f47 100644 --- a/nixpkgs/nixos/modules/services/networking/i2p.nix +++ b/nixpkgs/nixos/modules/services/networking/i2p.nix @@ -5,9 +5,10 @@ with lib; let cfg = config.services.i2p; homeDir = "/var/lib/i2p"; -in { +in +{ ###### interface - options.services.i2p.enable = mkEnableOption (lib.mdDoc "I2P router"); + options.services.i2p.enable = mkEnableOption "I2P router"; ###### implementation config = mkIf cfg.enable { @@ -27,7 +28,7 @@ in { User = "i2p"; WorkingDirectory = homeDir; Restart = "on-abort"; - ExecStart = "${pkgs.i2p}/bin/i2prouter-plain"; + ExecStart = "${pkgs.i2p}/bin/i2prouter"; }; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/i2pd.nix b/nixpkgs/nixos/modules/services/networking/i2pd.nix index 8d9eff61488c..aa059b1b7c90 100644 --- a/nixpkgs/nixos/modules/services/networking/i2pd.nix +++ b/nixpkgs/nixos/modules/services/networking/i2pd.nix @@ -17,36 +17,36 @@ let optionalNullInt = o: i: optional (i != null) (intOpt o i); optionalEmptyList = o: l: optional ([] != l) (lstOpt o l); - mkEnableTrueOption = name: mkEnableOption (lib.mdDoc name) // { default = true; }; + mkEnableTrueOption = name: mkEnableOption name // { default = true; }; mkEndpointOpt = name: addr: port: { - enable = mkEnableOption (lib.mdDoc name); + enable = mkEnableOption name; name = mkOption { type = types.str; default = name; - description = lib.mdDoc "The endpoint name."; + description = "The endpoint name."; }; address = mkOption { type = types.str; default = addr; - description = lib.mdDoc "Bind address for ${name} endpoint."; + description = "Bind address for ${name} endpoint."; }; port = mkOption { type = types.port; default = port; - description = lib.mdDoc "Bind port for ${name} endpoint."; + description = "Bind port for ${name} endpoint."; }; }; i2cpOpts = name: { length = mkOption { type = types.int; - description = lib.mdDoc "Guaranteed minimum hops for ${name} tunnels."; + description = "Guaranteed minimum hops for ${name} tunnels."; default = 3; }; quantity = mkOption { type = types.int; - description = lib.mdDoc "Number of simultaneous ${name} tunnels."; + description = "Number of simultaneous ${name} tunnels."; default = 5; }; }; @@ -56,7 +56,7 @@ let keys = mkOption { type = with types; nullOr str; default = keyloc; - description = lib.mdDoc '' + description = '' File to persist ${lib.toUpper name} keys. ''; }; @@ -64,12 +64,12 @@ let outbound = i2cpOpts name; latency.min = mkOption { type = with types; nullOr int; - description = lib.mdDoc "Min latency for tunnels."; + description = "Min latency for tunnels."; default = null; }; latency.max = mkOption { type = with types; nullOr int; - description = lib.mdDoc "Max latency for tunnels."; + description = "Max latency for tunnels."; default = null; }; }; @@ -79,17 +79,17 @@ let inbound = i2cpOpts name; crypto.tagsToSend = mkOption { type = types.int; - description = lib.mdDoc "Number of ElGamal/AES tags to send."; + description = "Number of ElGamal/AES tags to send."; default = 40; }; destination = mkOption { type = types.str; - description = lib.mdDoc "Remote endpoint, I2P hostname or b32.i2p address."; + description = "Remote endpoint, I2P hostname or b32.i2p address."; }; keys = mkOption { type = types.str; default = name + "-keys.dat"; - description = lib.mdDoc "Keyset used for tunnel identity."; + description = "Keyset used for tunnel identity."; }; } // mkEndpointOpt name "127.0.0.1" 0; @@ -236,8 +236,8 @@ in services.i2pd = { - enable = mkEnableOption (lib.mdDoc "I2Pd daemon") // { - description = lib.mdDoc '' + enable = mkEnableOption "I2Pd daemon" // { + description = '' Enables I2Pd as a running service upon activation. Please read <https://i2pd.readthedocs.io/en/latest/> for further configuration help. @@ -249,7 +249,7 @@ in logLevel = mkOption { type = types.enum ["debug" "info" "warn" "error"]; default = "error"; - description = lib.mdDoc '' + description = '' The log level. {command}`i2pd` defaults to "info" but that generates copious amounts of log messages. @@ -258,12 +258,12 @@ in ''; }; - logCLFTime = mkEnableOption (lib.mdDoc "full CLF-formatted date and time to log"); + logCLFTime = mkEnableOption "full CLF-formatted date and time to log"; address = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Your external IP or hostname. ''; }; @@ -271,7 +271,7 @@ in family = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Specify a family the router belongs to. ''; }; @@ -279,7 +279,7 @@ in dataDir = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Alternative path to storage of i2pd data (RI, keys, peer profiles, ...) ''; }; @@ -287,7 +287,7 @@ in share = mkOption { type = types.int; default = 100; - description = lib.mdDoc '' + description = '' Limit of transit traffic from max bandwidth in percents. ''; }; @@ -295,7 +295,7 @@ in ifname = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Network interface to bind to. ''; }; @@ -303,7 +303,7 @@ in ifname4 = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' IPv4 interface to bind to. ''; }; @@ -311,7 +311,7 @@ in ifname6 = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' IPv6 interface to bind to. ''; }; @@ -319,7 +319,7 @@ in ntcpProxy = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Proxy URL for NTCP transport. ''; }; @@ -327,14 +327,14 @@ in ntcp = mkEnableTrueOption "ntcp"; ssu = mkEnableTrueOption "ssu"; - notransit = mkEnableOption (lib.mdDoc "notransit") // { - description = lib.mdDoc '' + notransit = mkEnableOption "notransit" // { + description = '' Tells the router to not accept transit tunnels during startup. ''; }; - floodfill = mkEnableOption (lib.mdDoc "floodfill") // { - description = lib.mdDoc '' + floodfill = mkEnableOption "floodfill" // { + description = '' If the router is declared to be unreachable and needs introduction nodes. ''; }; @@ -342,7 +342,7 @@ in netid = mkOption { type = types.int; default = 2; - description = lib.mdDoc '' + description = '' I2P overlay netid. ''; }; @@ -350,7 +350,7 @@ in bandwidth = mkOption { type = with types; nullOr int; default = null; - description = lib.mdDoc '' + description = '' Set a router bandwidth limit integer in KBps. If not set, {command}`i2pd` defaults to 32KBps. ''; @@ -359,26 +359,26 @@ in port = mkOption { type = with types; nullOr int; default = null; - description = lib.mdDoc '' + description = '' I2P listen port. If no one is given the router will pick between 9111 and 30777. ''; }; enableIPv4 = mkEnableTrueOption "IPv4 connectivity"; - enableIPv6 = mkEnableOption (lib.mdDoc "IPv6 connectivity"); + enableIPv6 = mkEnableOption "IPv6 connectivity"; nat = mkEnableTrueOption "NAT bypass"; - upnp.enable = mkEnableOption (lib.mdDoc "UPnP service discovery"); + upnp.enable = mkEnableOption "UPnP service discovery"; upnp.name = mkOption { type = types.str; default = "I2Pd"; - description = lib.mdDoc '' + description = '' Name i2pd appears in UPnP forwardings list. ''; }; precomputation.elgamal = mkEnableTrueOption "Precomputed ElGamal tables" // { - description = lib.mdDoc '' + description = '' Whenever to use precomputated tables for ElGamal. {command}`i2pd` defaults to `false` to save 64M of memory (and looses some performance). @@ -388,12 +388,12 @@ in ''; }; - reseed.verify = mkEnableOption (lib.mdDoc "SU3 signature verification"); + reseed.verify = mkEnableOption "SU3 signature verification"; reseed.file = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Full path to SU3 file to reseed from. ''; }; @@ -401,7 +401,7 @@ in reseed.urls = mkOption { type = with types; listOf str; default = []; - description = lib.mdDoc '' + description = '' Reseed URLs. ''; }; @@ -409,7 +409,7 @@ in reseed.floodfill = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Path to router info of floodfill to reseed from. ''; }; @@ -417,7 +417,7 @@ in reseed.zipfile = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Path to local .zip file to reseed from. ''; }; @@ -425,7 +425,7 @@ in reseed.proxy = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' URL for reseed proxy, supports http/socks. ''; }; @@ -433,7 +433,7 @@ in addressbook.defaulturl = mkOption { type = types.str; default = "http://joajgazyztfssty4w2on5oaqksz6tqoxbduy553y34mf4byv6gpq.b32.i2p/export/alive-hosts.txt"; - description = lib.mdDoc '' + description = '' AddressBook subscription URL for initial setup ''; }; @@ -444,17 +444,17 @@ in "http://i2p-projekt.i2p/hosts.txt" "http://stats.i2p/cgi-bin/newhosts.txt" ]; - description = lib.mdDoc '' + description = '' AddressBook subscription URLs ''; }; - trust.enable = mkEnableOption (lib.mdDoc "explicit trust options"); + trust.enable = mkEnableOption "explicit trust options"; trust.family = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Router Family to trust for first hops. ''; }; @@ -462,12 +462,12 @@ in trust.routers = mkOption { type = with types; listOf str; default = []; - description = lib.mdDoc '' + description = '' Only connect to the listed routers. ''; }; - trust.hidden = mkEnableOption (lib.mdDoc "router concealment"); + trust.hidden = mkEnableOption "router concealment"; websocket = mkEndpointOpt "websockets" "127.0.0.1" 7666; @@ -475,11 +475,11 @@ in exploratory.outbound = i2cpOpts "exploratory"; ntcp2.enable = mkEnableTrueOption "NTCP2"; - ntcp2.published = mkEnableOption (lib.mdDoc "NTCP2 publication"); + ntcp2.published = mkEnableOption "NTCP2 publication"; ntcp2.port = mkOption { type = types.port; default = 0; - description = lib.mdDoc '' + description = '' Port to listen for incoming NTCP2 connections (0=auto). ''; }; @@ -487,7 +487,7 @@ in limits.transittunnels = mkOption { type = types.int; default = 2500; - description = lib.mdDoc '' + description = '' Maximum number of active transit sessions. ''; }; @@ -495,7 +495,7 @@ in limits.coreSize = mkOption { type = types.int; default = 0; - description = lib.mdDoc '' + description = '' Maximum size of corefile in Kb (0 - use system limit). ''; }; @@ -503,7 +503,7 @@ in limits.openFiles = mkOption { type = types.int; default = 0; - description = lib.mdDoc '' + description = '' Maximum number of open files (0 - use system default). ''; }; @@ -511,7 +511,7 @@ in limits.ntcpHard = mkOption { type = types.int; default = 0; - description = lib.mdDoc '' + description = '' Maximum number of active transit sessions. ''; }; @@ -519,7 +519,7 @@ in limits.ntcpSoft = mkOption { type = types.int; default = 0; - description = lib.mdDoc '' + description = '' Threshold to start probabalistic backoff with ntcp sessions (default: use system limit). ''; }; @@ -527,17 +527,17 @@ in limits.ntcpThreads = mkOption { type = types.int; default = 1; - description = lib.mdDoc '' + description = '' Maximum number of threads used by NTCP DH worker. ''; }; - yggdrasil.enable = mkEnableOption (lib.mdDoc "Yggdrasil"); + yggdrasil.enable = mkEnableOption "Yggdrasil"; yggdrasil.address = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Your local yggdrasil address. Specify it if you want to bind your router to a particular address. ''; @@ -545,12 +545,12 @@ in proto.http = (mkEndpointOpt "http" "127.0.0.1" 7070) // { - auth = mkEnableOption (lib.mdDoc "webconsole authentication"); + auth = mkEnableOption "webconsole authentication"; user = mkOption { type = types.str; default = "i2pd"; - description = lib.mdDoc '' + description = '' Username for webconsole access ''; }; @@ -558,7 +558,7 @@ in pass = mkOption { type = types.str; default = "i2pd"; - description = lib.mdDoc '' + description = '' Password for webconsole access. ''; }; @@ -566,7 +566,7 @@ in strictHeaders = mkOption { type = with types; nullOr bool; default = null; - description = lib.mdDoc '' + description = '' Enable strict host checking on WebUI. ''; }; @@ -574,7 +574,7 @@ in hostname = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Expected hostname for WebUI. ''; }; @@ -585,21 +585,21 @@ in outproxy = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc "Upstream outproxy bind address."; + description = "Upstream outproxy bind address."; }; }; proto.socksProxy = (mkKeyedEndpointOpt "socksproxy" "127.0.0.1" 4447 "socksproxy-keys.dat") // { - outproxyEnable = mkEnableOption (lib.mdDoc "SOCKS outproxy"); + outproxyEnable = mkEnableOption "SOCKS outproxy"; outproxy = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc "Upstream outproxy bind address."; + description = "Upstream outproxy bind address."; }; outproxyPort = mkOption { type = types.int; default = 4444; - description = lib.mdDoc "Upstream outproxy bind port."; + description = "Upstream outproxy bind port."; }; }; @@ -616,7 +616,7 @@ in destinationPort = mkOption { type = with types; nullOr int; default = null; - description = lib.mdDoc "Connect to particular port at destination."; + description = "Connect to particular port at destination."; }; } // commonTunOpts name; config = { @@ -624,7 +624,7 @@ in }; } )); - description = lib.mdDoc '' + description = '' Connect to someone as a client and establish a local accept endpoint ''; }; @@ -637,12 +637,12 @@ in inPort = mkOption { type = types.int; default = 0; - description = lib.mdDoc "Service port. Default to the tunnel's listen port."; + description = "Service port. Default to the tunnel's listen port."; }; accessList = mkOption { type = with types; listOf str; default = []; - description = lib.mdDoc "I2P nodes that are allowed to connect to this service."; + description = "I2P nodes that are allowed to connect to this service."; }; } // commonTunOpts name; config = { @@ -650,7 +650,7 @@ in }; } )); - description = lib.mdDoc '' + description = '' Serve something on I2P network at port and delegate requests to address inPort. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/icecream/daemon.nix b/nixpkgs/nixos/modules/services/networking/icecream/daemon.nix index 48363cc22c36..0626766eddd0 100644 --- a/nixpkgs/nixos/modules/services/networking/icecream/daemon.nix +++ b/nixpkgs/nixos/modules/services/networking/icecream/daemon.nix @@ -12,18 +12,18 @@ in { services.icecream.daemon = { - enable = mkEnableOption (lib.mdDoc "Icecream Daemon"); + enable = mkEnableOption "Icecream Daemon"; openFirewall = mkOption { type = types.bool; - description = lib.mdDoc '' + description = '' Whether to automatically open receive port in the firewall. ''; }; openBroadcast = mkOption { type = types.bool; - description = lib.mdDoc '' + description = '' Whether to automatically open the firewall for scheduler discovery. ''; }; @@ -31,7 +31,7 @@ in { cacheLimit = mkOption { type = types.ints.u16; default = 256; - description = lib.mdDoc '' + description = '' Maximum size in Megabytes of cache used to store compile environments of compile clients. ''; }; @@ -39,7 +39,7 @@ in { netName = mkOption { type = types.str; default = "ICECREAM"; - description = lib.mdDoc '' + description = '' Network name to connect to. A scheduler with the same name needs to be running. ''; }; @@ -47,7 +47,7 @@ in { noRemote = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Prevent jobs from other nodes being scheduled on this daemon. ''; }; @@ -55,7 +55,7 @@ in { schedulerHost = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Explicit scheduler hostname, useful in firewalled environments. Uses scheduler autodiscovery via broadcast if set to null. @@ -65,7 +65,7 @@ in { maxProcesses = mkOption { type = types.nullOr types.ints.u16; default = null; - description = lib.mdDoc '' + description = '' Maximum number of compile jobs started in parallel for this daemon. Uses the number of CPUs if set to null. @@ -75,7 +75,7 @@ in { nice = mkOption { type = types.int; default = 5; - description = lib.mdDoc '' + description = '' The level of niceness to use. ''; }; @@ -83,7 +83,7 @@ in { hostname = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Hostname of the daemon in the icecream infrastructure. Uses the hostname retrieved via uname if set to null. @@ -93,7 +93,7 @@ in { user = mkOption { type = types.str; default = "icecc"; - description = lib.mdDoc '' + description = '' User to run the icecream daemon as. Set to root to enable receive of remote compile environments. ''; @@ -104,7 +104,7 @@ in { extraArgs = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc "Additional command line parameters."; + description = "Additional command line parameters."; example = [ "-v" ]; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/icecream/scheduler.nix b/nixpkgs/nixos/modules/services/networking/icecream/scheduler.nix index 2d53282ba88f..597a554d0b87 100644 --- a/nixpkgs/nixos/modules/services/networking/icecream/scheduler.nix +++ b/nixpkgs/nixos/modules/services/networking/icecream/scheduler.nix @@ -11,12 +11,12 @@ in { options = { services.icecream.scheduler = { - enable = mkEnableOption (lib.mdDoc "Icecream Scheduler"); + enable = mkEnableOption "Icecream Scheduler"; netName = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Network name for the icecream scheduler. Uses the default ICECREAM if null. @@ -26,14 +26,14 @@ in { port = mkOption { type = types.port; default = 8765; - description = lib.mdDoc '' + description = '' Server port to listen for icecream daemon requests. ''; }; openFirewall = mkOption { type = types.bool; - description = lib.mdDoc '' + description = '' Whether to automatically open the daemon port in the firewall. ''; }; @@ -41,7 +41,7 @@ in { openTelnet = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to open the telnet TCP port on 8766. ''; }; @@ -49,7 +49,7 @@ in { persistentClientConnection = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to prevent clients from connecting to a better scheduler. ''; }; @@ -59,7 +59,7 @@ in { extraArgs = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc "Additional command line parameters"; + description = "Additional command line parameters"; example = [ "-v" ]; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/imaginary.nix b/nixpkgs/nixos/modules/services/networking/imaginary.nix index a655903d1031..cb2fb62f34b3 100644 --- a/nixpkgs/nixos/modules/services/networking/imaginary.nix +++ b/nixpkgs/nixos/modules/services/networking/imaginary.nix @@ -1,17 +1,17 @@ { lib, config, pkgs, utils, ... }: let - inherit (lib) mdDoc mkEnableOption mkIf mkOption types; + inherit (lib) mkEnableOption mkIf mkOption types; cfg = config.services.imaginary; in { options.services.imaginary = { - enable = mkEnableOption (mdDoc "imaginary image processing microservice"); + enable = mkEnableOption "imaginary image processing microservice"; address = mkOption { type = types.str; default = "localhost"; - description = mdDoc '' + description = '' Bind address. Corresponds to the `-a` flag. Set to `""` to bind to all addresses. ''; @@ -21,11 +21,11 @@ in { port = mkOption { type = types.port; default = 8088; - description = mdDoc "Bind port. Corresponds to the `-p` flag."; + description = "Bind port. Corresponds to the `-p` flag."; }; settings = mkOption { - description = mdDoc '' + description = '' Command line arguments passed to the imaginary executable, stripped of the prefix `-`. See upstream's [README](https://github.com/h2non/imaginary#command-line-usage) for all @@ -43,7 +43,7 @@ in { return-size = mkOption { type = types.bool; default = false; - description = mdDoc "Return the image size in the HTTP headers."; + description = "Return the image size in the HTTP headers."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/inadyn.nix b/nixpkgs/nixos/modules/services/networking/inadyn.nix new file mode 100644 index 000000000000..baa4302096c2 --- /dev/null +++ b/nixpkgs/nixos/modules/services/networking/inadyn.nix @@ -0,0 +1,250 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.inadyn; + + # check if a value of an attrset is not null or an empty collection + nonEmptyValue = _: v: v != null && v != [ ] && v != { }; + + renderOption = k: v: + if builtins.elem k [ "provider" "custom" ] then + lib.concatStringsSep "\n" + (mapAttrsToList + (name: config: '' + ${k} ${name} { + ${lib.concatStringsSep "\n " (mapAttrsToList renderOption (filterAttrs nonEmptyValue config))} + }'') + v) + else if k == "include" then + "${k}(\"${v}\")" + else if k == "hostname" && builtins.isList v then + "${k} = { ${builtins.concatStringsSep ", " (map (s: "\"${s}\"") v)} }" + else if builtins.isBool v then + "${k} = ${boolToString v}" + else if builtins.isString v then + "${k} = \"${v}\"" + else + "${k} = ${toString v}"; + + configFile' = pkgs.writeText "inadyn.conf" + '' + # This file was generated by nix + # do not edit + + ${(lib.concatStringsSep "\n" (mapAttrsToList renderOption (filterAttrs nonEmptyValue cfg.settings)))} + ''; + + configFile = if (cfg.configFile != null) then cfg.configFile else configFile'; +in +{ + options.services.inadyn = with types; + let + providerOptions = + { + include = mkOption { + default = null; + description = "File to include additional settings for this provider from."; + type = nullOr path; + }; + ssl = mkOption { + default = true; + description = "Whether to use HTTPS for this DDNS provider."; + type = bool; + }; + username = mkOption { + default = null; + description = "Username for this DDNS provider."; + type = nullOr str; + }; + password = mkOption { + default = null; + description = '' + Password for this DDNS provider. + + WARNING: This will be world-readable in the nix store. + To store credentials securely, use the `include` or `configFile` options. + ''; + type = nullOr str; + }; + hostname = mkOption { + default = "*"; + example = "your.cool-domain.com"; + description = "Hostname alias(es)."; + type = either str (listOf str); + }; + }; + in + { + enable = mkEnableOption ('' + synchronise your machine's IP address with a dynamic DNS provider using inadyn + ''); + user = mkOption { + default = "inadyn"; + type = types.str; + description = '' + User account under which inadyn runs. + + ::: {.note} + If left as the default value this user will automatically be created + on system activation, otherwise you are responsible for + ensuring the user exists before the inadyn service starts. + ::: + ''; + }; + group = mkOption { + default = "inadyn"; + type = types.str; + description = '' + Group account under which inadyn runs. + + ::: {.note} + If left as the default value this user will automatically be created + on system activation, otherwise you are responsible for + ensuring the user exists before the inadyn service starts. + ::: + ''; + }; + interval = mkOption { + default = "*-*-* *:*:00"; + description = '' + How often to check the current IP. + Uses the format described in {manpage}`systemd.time(7)`"; + ''; + type = str; + }; + logLevel = lib.mkOption { + type = lib.types.enum [ "none" "err" "warning" "info" "notice" "debug" ]; + default = "notice"; + description = "Set inadyn's log level."; + }; + settings = mkOption { + default = { }; + description = "See `inadyn.conf (5)`"; + type = submodule { + freeformType = attrs; + options = { + allow-ipv6 = mkOption { + default = config.networking.enableIPv6; + defaultText = "`config.networking.enableIPv6`"; + description = "Whether to get IPv6 addresses from interfaces."; + type = bool; + }; + forced-update = mkOption { + default = 2592000; + description = "Duration (in seconds) after which an update is forced."; + type = ints.positive; + }; + provider = mkOption { + default = { }; + description = '' + Settings for DDNS providers built-in to inadyn. + + For a list of built-in providers, see `inadyn.conf (5)`. + ''; + type = attrsOf (submodule { + freeformType = attrs; + options = providerOptions; + }); + }; + custom = mkOption { + default = { }; + description = '' + Settings for custom DNS providers. + ''; + type = attrsOf (submodule { + freeformType = attrs; + options = providerOptions // { + ddns-server = mkOption { + description = "DDNS server name."; + type = str; + }; + ddns-path = mkOption { + description = '' + DDNS server path. + + See `inadnyn.conf (5)` for a list for format specifiers that can be used. + ''; + example = "/update?user=%u&password=%p&domain=%h&myip=%i"; + type = str; + }; + }; + }); + }; + }; + }; + }; + configFile = mkOption { + default = null; + description = '' + Configuration file for inadyn. + + Setting this will override all other configuration options. + + Passed to the inadyn service using LoadCredential. + ''; + type = nullOr path; + }; + }; + + config = lib.mkIf cfg.enable { + systemd = { + services.inadyn = { + description = "Update nameservers using inadyn"; + documentation = [ + "man:inadyn" + "man:inadyn.conf" + "file:${pkgs.inadyn}/share/doc/inadyn/README.md" + ]; + requires = [ "network-online.target" ]; + wantedBy = [ "multi-user.target" ]; + startAt = cfg.interval; + serviceConfig = { + Type = "oneshot"; + ExecStart = ''${lib.getExe pkgs.inadyn} -f ${configFile} --cache-dir ''${CACHE_DIRECTORY}/inadyn -1 --foreground -l ${cfg.logLevel}''; + LoadCredential = "config:${configFile}"; + CacheDirectory = "inadyn"; + + User = cfg.user; + Group = cfg.group; + UMask = "0177"; + LockPersonality = true; + MemoryDenyWriteExecute = true; + RestrictAddressFamilies = "AF_INET AF_INET6 AF_NETLINK"; + NoNewPrivileges = true; + PrivateDevices = true; + PrivateTmp = true; + PrivateUsers = true; + ProtectSystem = "strict"; + ProtectProc = "invisible"; + ProtectHome = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + SystemCallArchitectures = "native"; + SystemCallErrorNumber = "EPERM"; + SystemCallFilter = "@system-service"; + CapabilityBoundingSet = ""; + }; + }; + + timers.inadyn.timerConfig.Persistent = true; + }; + + users.users.inadyn = mkIf (cfg.user == "inadyn") { + group = cfg.group; + isSystemUser = true; + }; + + users.groups = mkIf (cfg.group == "inadyn") { + inadyn = { }; + }; + }; +} diff --git a/nixpkgs/nixos/modules/services/networking/inspircd.nix b/nixpkgs/nixos/modules/services/networking/inspircd.nix index da193df105b7..5838b76d1da5 100644 --- a/nixpkgs/nixos/modules/services/networking/inspircd.nix +++ b/nixpkgs/nixos/modules/services/networking/inspircd.nix @@ -12,14 +12,14 @@ in { options = { services.inspircd = { - enable = lib.mkEnableOption (lib.mdDoc "InspIRCd"); + enable = lib.mkEnableOption "InspIRCd"; package = lib.mkOption { type = lib.types.package; default = pkgs.inspircd; defaultText = lib.literalExpression "pkgs.inspircd"; example = lib.literalExpression "pkgs.inspircdMinimal"; - description = lib.mdDoc '' + description = '' The InspIRCd package to use. This is mainly useful to specify an overridden version of the `pkgs.inspircd` dervivation, for @@ -32,7 +32,7 @@ in { config = lib.mkOption { type = lib.types.lines; - description = lib.mdDoc '' + description = '' Verbatim `inspircd.conf` file. For a list of options, consult the [InspIRCd documentation](https://docs.inspircd.org/3/configuration/), the diff --git a/nixpkgs/nixos/modules/services/networking/iodine.nix b/nixpkgs/nixos/modules/services/networking/iodine.nix index ea2fa3ac4be4..c474f5f278bf 100644 --- a/nixpkgs/nixos/modules/services/networking/iodine.nix +++ b/nixpkgs/nixos/modules/services/networking/iodine.nix @@ -28,7 +28,7 @@ in services.iodine = { clients = mkOption { default = {}; - description = lib.mdDoc '' + description = '' Each attribute of this option defines a systemd service that runs iodine. Many or none may be defined. The name of each service is @@ -52,28 +52,28 @@ in server = mkOption { type = types.str; default = ""; - description = lib.mdDoc "Hostname of server running iodined"; + description = "Hostname of server running iodined"; example = "tunnel.mydomain.com"; }; relay = mkOption { type = types.str; default = ""; - description = lib.mdDoc "DNS server to use as an intermediate relay to the iodined server"; + description = "DNS server to use as an intermediate relay to the iodined server"; example = "8.8.8.8"; }; extraConfig = mkOption { type = types.str; default = ""; - description = lib.mdDoc "Additional command line parameters"; + description = "Additional command line parameters"; example = "-l 192.168.1.10 -p 23"; }; passwordFile = mkOption { type = types.str; default = ""; - description = lib.mdDoc "Path to a file containing the password."; + description = "Path to a file containing the password."; }; }; } @@ -85,34 +85,34 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "enable iodined server"; + description = "enable iodined server"; }; ip = mkOption { type = types.str; default = ""; - description = lib.mdDoc "The assigned ip address or ip range"; + description = "The assigned ip address or ip range"; example = "172.16.10.1/24"; }; domain = mkOption { type = types.str; default = ""; - description = lib.mdDoc "Domain or subdomain of which nameservers point to us"; + description = "Domain or subdomain of which nameservers point to us"; example = "tunnel.mydomain.com"; }; extraConfig = mkOption { type = types.str; default = ""; - description = lib.mdDoc "Additional command line parameters"; + description = "Additional command line parameters"; example = "-l 192.168.1.10 -p 23"; }; passwordFile = mkOption { type = types.str; default = ""; - description = lib.mdDoc "File that contains password"; + description = "File that contains password"; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/iperf3.nix b/nixpkgs/nixos/modules/services/networking/iperf3.nix index 0a204524e00f..55a8fe4db595 100644 --- a/nixpkgs/nixos/modules/services/networking/iperf3.nix +++ b/nixpkgs/nixos/modules/services/networking/iperf3.nix @@ -3,56 +3,56 @@ let cfg = config.services.iperf3; api = { - enable = mkEnableOption (lib.mdDoc "iperf3 network throughput testing server"); + enable = mkEnableOption "iperf3 network throughput testing server"; port = mkOption { type = types.ints.u16; default = 5201; - description = lib.mdDoc "Server port to listen on for iperf3 client requests."; + description = "Server port to listen on for iperf3 client requests."; }; affinity = mkOption { type = types.nullOr types.ints.unsigned; default = null; - description = lib.mdDoc "CPU affinity for the process."; + description = "CPU affinity for the process."; }; bind = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "Bind to the specific interface associated with the given address."; + description = "Bind to the specific interface associated with the given address."; }; openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Open ports in the firewall for iperf3."; + description = "Open ports in the firewall for iperf3."; }; verbose = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Give more detailed output."; + description = "Give more detailed output."; }; forceFlush = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Force flushing output at every interval."; + description = "Force flushing output at every interval."; }; debug = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Emit debugging output."; + description = "Emit debugging output."; }; rsaPrivateKey = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc "Path to the RSA private key (not password-protected) used to decrypt authentication credentials from the client."; + description = "Path to the RSA private key (not password-protected) used to decrypt authentication credentials from the client."; }; authorizedUsersFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc "Path to the configuration file containing authorized users credentials to run iperf tests."; + description = "Path to the configuration file containing authorized users credentials to run iperf tests."; }; extraFlags = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc "Extra flags to pass to iperf3(1)."; + description = "Extra flags to pass to iperf3(1)."; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix b/nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix index 64a34cc52d25..6422e31a7bdd 100644 --- a/nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix +++ b/nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix @@ -36,12 +36,12 @@ in services.ircdHybrid = { - enable = mkEnableOption (lib.mdDoc "IRCD"); + enable = mkEnableOption "IRCD"; serverName = mkOption { default = "hades.arpa"; type = types.str; - description = lib.mdDoc '' + description = '' IRCD server name. ''; }; @@ -49,7 +49,7 @@ in sid = mkOption { default = "0NL"; type = types.str; - description = lib.mdDoc '' + description = '' IRCD server unique ID in a net of servers. ''; }; @@ -57,7 +57,7 @@ in description = mkOption { default = "Hybrid-7 IRC server."; type = types.str; - description = lib.mdDoc '' + description = '' IRCD server description. ''; }; @@ -66,7 +66,7 @@ in default = null; example = literalExpression "/root/certificates/irc.key"; type = types.nullOr types.path; - description = lib.mdDoc '' + description = '' IRCD server RSA key. ''; }; @@ -75,7 +75,7 @@ in default = null; example = literalExpression "/root/certificates/irc.pem"; type = types.nullOr types.path; - description = lib.mdDoc '' + description = '' IRCD server SSL certificate. There are some limitations - read manual. ''; }; @@ -84,7 +84,7 @@ in default = "<bit-bucket@example.com>"; type = types.str; example = "<name@domain.tld>"; - description = lib.mdDoc '' + description = '' IRCD server administrator e-mail. ''; }; @@ -93,7 +93,7 @@ in default = []; example = ["127.0.0.1"]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' Extra IP's to bind. ''; }; @@ -101,7 +101,7 @@ in extraPort = mkOption { default = "7117"; type = types.str; - description = lib.mdDoc '' + description = '' Extra port to avoid filtering. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/iscsi/initiator.nix b/nixpkgs/nixos/modules/services/networking/iscsi/initiator.nix index 2d802d8cfc70..a89d58403c6b 100644 --- a/nixpkgs/nixos/modules/services/networking/iscsi/initiator.nix +++ b/nixpkgs/nixos/modules/services/networking/iscsi/initiator.nix @@ -4,19 +4,19 @@ let in { options.services.openiscsi = with types; { - enable = mkEnableOption (lib.mdDoc "the openiscsi iscsi daemon"); - enableAutoLoginOut = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption "the openiscsi iscsi daemon"; + enableAutoLoginOut = mkEnableOption '' automatic login and logout of all automatic targets. You probably do not want this - ''); + ''; discoverPortal = mkOption { type = nullOr str; default = null; - description = lib.mdDoc "Portal to discover targets on"; + description = "Portal to discover targets on"; }; name = mkOption { type = str; - description = lib.mdDoc "Name of this iscsi initiator"; + description = "Name of this iscsi initiator"; example = "iqn.2020-08.org.linux-iscsi.initiatorhost:example"; }; package = mkPackageOption pkgs "openiscsi" { }; @@ -24,11 +24,11 @@ in extraConfig = mkOption { type = str; default = ""; - description = lib.mdDoc "Lines to append to default iscsid.conf"; + description = "Lines to append to default iscsid.conf"; }; extraConfigFile = mkOption { - description = lib.mdDoc '' + description = '' Append an additional file's contents to /etc/iscsid.conf. Use a non-store path and store passwords in this file. ''; diff --git a/nixpkgs/nixos/modules/services/networking/iscsi/root-initiator.nix b/nixpkgs/nixos/modules/services/networking/iscsi/root-initiator.nix index 895467cc674a..3d80d1c57552 100644 --- a/nixpkgs/nixos/modules/services/networking/iscsi/root-initiator.nix +++ b/nixpkgs/nixos/modules/services/networking/iscsi/root-initiator.nix @@ -19,7 +19,7 @@ in # machines to be up. options.boot.iscsi-initiator = with types; { name = mkOption { - description = lib.mdDoc '' + description = '' Name of the iSCSI initiator to boot from. Note, booting from iscsi requires networkd based networking. ''; @@ -29,7 +29,7 @@ in }; discoverPortal = mkOption { - description = lib.mdDoc '' + description = '' iSCSI portal to boot from. ''; default = null; @@ -38,7 +38,7 @@ in }; target = mkOption { - description = lib.mdDoc '' + description = '' Name of the iSCSI target to boot from. ''; default = null; @@ -47,7 +47,7 @@ in }; logLevel = mkOption { - description = lib.mdDoc '' + description = '' Higher numbers elicits more logs. ''; default = 1; @@ -56,7 +56,7 @@ in }; loginAll = mkOption { - description = lib.mdDoc '' + description = '' Do not log into a specific target on the portal, but to all that we discover. This overrides setting target. ''; @@ -65,19 +65,19 @@ in }; extraIscsiCommands = mkOption { - description = lib.mdDoc "Extra iscsi commands to run in the initrd."; + description = "Extra iscsi commands to run in the initrd."; default = ""; type = lines; }; extraConfig = mkOption { - description = lib.mdDoc "Extra lines to append to /etc/iscsid.conf"; + description = "Extra lines to append to /etc/iscsid.conf"; default = null; type = nullOr lines; }; extraConfigFile = mkOption { - description = lib.mdDoc '' + description = '' Append an additional file's contents to `/etc/iscsid.conf`. Use a non-store path and store passwords in this file. Note: the file specified here must be available in the initrd, see: `boot.initrd.secrets`. diff --git a/nixpkgs/nixos/modules/services/networking/iscsi/target.nix b/nixpkgs/nixos/modules/services/networking/iscsi/target.nix index 88eaf4590030..8a10e7d346ae 100644 --- a/nixpkgs/nixos/modules/services/networking/iscsi/target.nix +++ b/nixpkgs/nixos/modules/services/networking/iscsi/target.nix @@ -9,12 +9,12 @@ in ###### interface options = { services.target = with types; { - enable = mkEnableOption (lib.mdDoc "the kernel's LIO iscsi target"); + enable = mkEnableOption "the kernel's LIO iscsi target"; config = mkOption { type = attrs; default = {}; - description = lib.mdDoc '' + description = '' Content of /etc/target/saveconfig.json This file is normally read and written by targetcli ''; diff --git a/nixpkgs/nixos/modules/services/networking/ivpn.nix b/nixpkgs/nixos/modules/services/networking/ivpn.nix index 6c9ae599e670..535510f4e813 100644 --- a/nixpkgs/nixos/modules/services/networking/ivpn.nix +++ b/nixpkgs/nixos/modules/services/networking/ivpn.nix @@ -8,7 +8,7 @@ with lib; enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' This option enables iVPN daemon. This sets {option}`networking.firewall.checkReversePath` to "loose", which might be undesirable for security. ''; diff --git a/nixpkgs/nixos/modules/services/networking/iwd.nix b/nixpkgs/nixos/modules/services/networking/iwd.nix index d46c1a69a619..bf1795f87e73 100644 --- a/nixpkgs/nixos/modules/services/networking/iwd.nix +++ b/nixpkgs/nixos/modules/services/networking/iwd.nix @@ -17,7 +17,7 @@ let in { options.networking.wireless.iwd = { - enable = mkEnableOption (lib.mdDoc "iwd"); + enable = mkEnableOption "iwd"; package = mkPackageOption pkgs "iwd" { }; @@ -34,7 +34,7 @@ in }; }; - description = lib.mdDoc '' + description = '' Options passed to iwd. See [here](https://iwd.wiki.kernel.org/networkconfigurationsettings) for supported options. ''; diff --git a/nixpkgs/nixos/modules/services/networking/jibri/default.nix b/nixpkgs/nixos/modules/services/networking/jibri/default.nix index dfba38896a91..b8cddafb74f9 100644 --- a/nixpkgs/nixos/modules/services/networking/jibri/default.nix +++ b/nixpkgs/nixos/modules/services/networking/jibri/default.nix @@ -84,11 +84,11 @@ let in { options.services.jibri = with types; { - enable = mkEnableOption (lib.mdDoc "Jitsi BRoadcasting Infrastructure. Currently Jibri must be run on a host that is also running {option}`services.jitsi-meet.enable`, so for most use cases it will be simpler to run {option}`services.jitsi-meet.jibri.enable`"); + enable = mkEnableOption "Jitsi BRoadcasting Infrastructure. Currently Jibri must be run on a host that is also running {option}`services.jitsi-meet.enable`, so for most use cases it will be simpler to run {option}`services.jitsi-meet.jibri.enable`"; config = mkOption { type = format.type; default = { }; - description = lib.mdDoc '' + description = '' Jibri configuration. See <https://github.com/jitsi/jibri/blob/master/src/main/resources/reference.conf> for default configuration with comments. @@ -131,7 +131,7 @@ in exit 0 ''''''; ''; - description = lib.mdDoc '' + description = '' This script runs when jibri finishes recording a video of a conference. ''; }; @@ -140,14 +140,14 @@ in type = bool; default = false; example = true; - description = lib.mdDoc '' + description = '' Whether to enable the flag "--ignore-certificate-errors" for the Chromium browser opened by Jibri. Intended for use in automated tests or anywhere else where using a verified cert for Jitsi-Meet is not possible. ''; }; xmppEnvironments = mkOption { - description = lib.mdDoc '' + description = '' XMPP servers to connect to. ''; example = literalExpression '' @@ -184,54 +184,54 @@ in xmppServerHosts = mkOption { type = listOf str; example = [ "xmpp.example.org" ]; - description = lib.mdDoc '' + description = '' Hostnames of the XMPP servers to connect to. ''; }; xmppDomain = mkOption { type = str; example = "xmpp.example.org"; - description = lib.mdDoc '' + description = '' The base XMPP domain. ''; }; control.muc.domain = mkOption { type = str; - description = lib.mdDoc '' + description = '' The domain part of the MUC to connect to for control. ''; }; control.muc.roomName = mkOption { type = str; default = "JibriBrewery"; - description = lib.mdDoc '' + description = '' The room name of the MUC to connect to for control. ''; }; control.muc.nickname = mkOption { type = str; default = "jibri"; - description = lib.mdDoc '' + description = '' The nickname for this Jibri instance in the MUC. ''; }; control.login.domain = mkOption { type = str; - description = lib.mdDoc '' + description = '' The domain part of the JID for this Jibri instance. ''; }; control.login.username = mkOption { type = str; default = "jvb"; - description = lib.mdDoc '' + description = '' User part of the JID. ''; }; control.login.passwordFile = mkOption { type = str; example = "/run/keys/jibri-xmpp1"; - description = lib.mdDoc '' + description = '' File containing the password for the user. ''; }; @@ -239,28 +239,28 @@ in call.login.domain = mkOption { type = str; example = "recorder.xmpp.example.org"; - description = lib.mdDoc '' + description = '' The domain part of the JID for the recorder. ''; }; call.login.username = mkOption { type = str; default = "recorder"; - description = lib.mdDoc '' + description = '' User part of the JID for the recorder. ''; }; call.login.passwordFile = mkOption { type = str; example = "/run/keys/jibri-recorder-xmpp1"; - description = lib.mdDoc '' + description = '' File containing the password for the user. ''; }; disableCertificateVerification = mkOption { type = bool; default = false; - description = lib.mdDoc '' + description = '' Whether to skip validation of the server's certificate. ''; }; @@ -269,7 +269,7 @@ in type = str; default = "0"; example = "conference."; - description = lib.mdDoc '' + description = '' The prefix to strip from the room's JID domain to derive the call URL. ''; }; @@ -277,7 +277,7 @@ in type = str; default = "0"; example = "1 hour"; - description = lib.mdDoc '' + description = '' The duration that the Jibri session can be. A value of zero means indefinitely. ''; diff --git a/nixpkgs/nixos/modules/services/networking/jicofo.nix b/nixpkgs/nixos/modules/services/networking/jicofo.nix index 380344c8eaa1..d4199c10fa2e 100644 --- a/nixpkgs/nixos/modules/services/networking/jicofo.nix +++ b/nixpkgs/nixos/modules/services/networking/jicofo.nix @@ -11,12 +11,12 @@ let in { options.services.jicofo = with types; { - enable = mkEnableOption (lib.mdDoc "Jitsi Conference Focus - component of Jitsi Meet"); + enable = mkEnableOption "Jitsi Conference Focus - component of Jitsi Meet"; xmppHost = mkOption { type = str; example = "localhost"; - description = lib.mdDoc '' + description = '' Hostname of the XMPP server to connect to. ''; }; @@ -24,7 +24,7 @@ in xmppDomain = mkOption { type = nullOr str; example = "meet.example.org"; - description = lib.mdDoc '' + description = '' Domain name of the XMMP server to which to connect as a component. If null, {option}`xmppHost` is used. @@ -34,7 +34,7 @@ in componentPasswordFile = mkOption { type = str; example = "/run/keys/jicofo-component"; - description = lib.mdDoc '' + description = '' Path to file containing component secret. ''; }; @@ -42,7 +42,7 @@ in userName = mkOption { type = str; default = "focus"; - description = lib.mdDoc '' + description = '' User part of the JID for XMPP user connection. ''; }; @@ -50,7 +50,7 @@ in userDomain = mkOption { type = str; example = "auth.meet.example.org"; - description = lib.mdDoc '' + description = '' Domain part of the JID for XMPP user connection. ''; }; @@ -58,7 +58,7 @@ in userPasswordFile = mkOption { type = str; example = "/run/keys/jicofo-user"; - description = lib.mdDoc '' + description = '' Path to file containing password for XMPP user connection. ''; }; @@ -66,7 +66,7 @@ in bridgeMuc = mkOption { type = str; example = "jvbbrewery@internal.meet.example.org"; - description = lib.mdDoc '' + description = '' JID of the internal MUC used to communicate with Videobridges. ''; }; @@ -79,7 +79,7 @@ in jicofo.bridge.max-bridge-participants = 42; } ''; - description = lib.mdDoc '' + description = '' Contents of the {file}`jicofo.conf` configuration file. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/jitsi-videobridge.nix b/nixpkgs/nixos/modules/services/networking/jitsi-videobridge.nix index 00ea5b9da546..d73a9f256dfb 100644 --- a/nixpkgs/nixos/modules/services/networking/jitsi-videobridge.nix +++ b/nixpkgs/nixos/modules/services/networking/jitsi-videobridge.nix @@ -48,7 +48,7 @@ in ) ]; options.services.jitsi-videobridge = with types; { - enable = mkEnableOption (lib.mdDoc "Jitsi Videobridge, a WebRTC compatible video router"); + enable = mkEnableOption "Jitsi Videobridge, a WebRTC compatible video router"; config = mkOption { type = attrs; @@ -64,7 +64,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' Videobridge configuration. See <https://github.com/jitsi/jitsi-videobridge/blob/master/jvb/src/main/resources/reference.conf> @@ -73,7 +73,7 @@ in }; xmppConfigs = mkOption { - description = lib.mdDoc '' + description = '' XMPP servers to connect to. See <https://github.com/jitsi/jitsi-videobridge/blob/master/doc/muc.md> for more information. @@ -95,7 +95,7 @@ in hostName = mkOption { type = str; example = "xmpp.example.org"; - description = lib.mdDoc '' + description = '' Hostname of the XMPP server to connect to. Name of the attribute set is used by default. ''; }; @@ -103,35 +103,35 @@ in type = nullOr str; default = null; example = "auth.xmpp.example.org"; - description = lib.mdDoc '' + description = '' Domain part of JID of the XMPP user, if it is different from hostName. ''; }; userName = mkOption { type = str; default = "jvb"; - description = lib.mdDoc '' + description = '' User part of the JID. ''; }; passwordFile = mkOption { type = str; example = "/run/keys/jitsi-videobridge-xmpp1"; - description = lib.mdDoc '' + description = '' File containing the password for the user. ''; }; mucJids = mkOption { type = str; example = "jvbbrewery@internal.xmpp.example.org"; - description = lib.mdDoc '' + description = '' JID of the MUC to join. JiCoFo needs to be configured to join the same MUC. ''; }; mucNickname = mkOption { # Upstream DEBs use UUID, let's use hostname instead. type = str; - description = lib.mdDoc '' + description = '' Videobridges use the same XMPP account and need to be distinguished by the nickname (aka resource part of the JID). By default, system hostname is used. ''; @@ -139,7 +139,7 @@ in disableCertificateVerification = mkOption { type = bool; default = false; - description = lib.mdDoc '' + description = '' Whether to skip validation of the server's certificate. ''; }; @@ -158,7 +158,7 @@ in type = nullOr str; default = null; example = "192.168.1.42"; - description = lib.mdDoc '' + description = '' Local address when running behind NAT. ''; }; @@ -167,7 +167,7 @@ in type = nullOr str; default = null; example = "1.2.3.4"; - description = lib.mdDoc '' + description = '' Public address when running behind NAT. ''; }; @@ -176,7 +176,7 @@ in extraProperties = mkOption { type = attrsOf str; default = { }; - description = lib.mdDoc '' + description = '' Additional Java properties passed to jitsi-videobridge. ''; }; @@ -184,14 +184,14 @@ in openFirewall = mkOption { type = bool; default = false; - description = lib.mdDoc '' + description = '' Whether to open ports in the firewall for the videobridge. ''; }; colibriRestApi = mkOption { type = bool; - description = lib.mdDoc '' + description = '' Whether to enable the private rest API for the COLIBRI control interface. Needed for monitoring jitsi, enabling scraping of the /colibri/stats endpoint. ''; diff --git a/nixpkgs/nixos/modules/services/networking/jool.nix b/nixpkgs/nixos/modules/services/networking/jool.nix index d2d2b0956e8a..8db947db6a45 100644 --- a/nixpkgs/nixos/modules/services/networking/jool.nix +++ b/nixpkgs/nixos/modules/services/networking/jool.nix @@ -47,7 +47,7 @@ let options.framework = lib.mkOption { type = lib.types.enum [ "netfilter" "iptables" ]; default = "netfilter"; - description = lib.mdDoc '' + description = '' The framework to use for attaching Jool's translation to the exist kernel packet processing rules. See the [documentation](https://nicmx.github.io/Jool/en/intro-jool.html#design) @@ -58,7 +58,7 @@ let type = lib.types.strMatching "[[:xdigit:]:]+/[[:digit:]]+" // { description = "Network prefix in CIDR notation"; }; default = "64:ff9b::/96"; - description = lib.mdDoc '' + description = '' The prefix used for embedding IPv4 into IPv6 addresses. Defaults to the well-known NAT64 prefix, defined by [RFC 6052](https://datatracker.ietf.org/doc/html/rfc6052). @@ -126,7 +126,7 @@ in type = lib.types.bool; default = false; relatedPackages = [ "linuxPackages.jool" "jool-cli" ]; - description = lib.mdDoc '' + description = '' Whether to enable Jool, an Open Source implementation of IPv4/IPv6 translation on Linux. @@ -181,7 +181,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' Definitions of NAT64 instances of Jool. See the [documentation](https://nicmx.github.io/Jool/en/config-atomic.html) for @@ -226,7 +226,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' Definitions of SIIT instances of Jool. See the [documentation](https://nicmx.github.io/Jool/en/config-atomic.html) for diff --git a/nixpkgs/nixos/modules/services/networking/jotta-cli.md b/nixpkgs/nixos/modules/services/networking/jotta-cli.md new file mode 100644 index 000000000000..fee002a4e604 --- /dev/null +++ b/nixpkgs/nixos/modules/services/networking/jotta-cli.md @@ -0,0 +1,27 @@ +# Jottacloud Command-line Tool {#module-services-jotta-cli} + +The [Jottacloud Command-line Tool](https://docs.jottacloud.com/en/articles/1436834-jottacloud-command-line-tool) is a headless [Jottacloud](https://jottacloud.com) client. + +## Quick Start {#module-services-jotta-cli-quick-start} + +```nix +{ + user.services.jotta-cli.enable = true; +} +``` + +This adds `jotta-cli` to `environment.systemPackages` and starts a user service that runs `jottad` with the default options. + +## Example Configuration {#module-services-jotta-cli-example-configuration} + +```nix +user.services.jotta-cli = { + enable = true; + options = [ "slow" ]; + package = pkgs.jotta-cli; +}; +``` + +This uses `jotta-cli` and `jottad` from the `pkgs.jotta-cli` package and starts `jottad` in low memory mode. + +`jottad` is also added to `environment.systemPackages`, so `jottad --help` can be used to explore options. diff --git a/nixpkgs/nixos/modules/services/networking/jotta-cli.nix b/nixpkgs/nixos/modules/services/networking/jotta-cli.nix new file mode 100644 index 000000000000..c7e6dad5453c --- /dev/null +++ b/nixpkgs/nixos/modules/services/networking/jotta-cli.nix @@ -0,0 +1,43 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let cfg = config.user.services.jotta-cli; +in { + options = { + user.services.jotta-cli = { + + enable = mkEnableOption "Jottacloud Command-line Tool"; + + options = mkOption { + default = [ "stdoutlog" "datadir" "%h/.jottad/" ]; + example = [ ]; + type = with types; listOf str; + description = "Command-line options passed to jottad."; + }; + + package = lib.mkPackageOption pkgs "jotta-cli" { }; + }; + }; + config = mkIf cfg.enable { + systemd.user.services.jottad = { + + description = "Jottacloud Command-line Tool daemon"; + + serviceConfig = { + Type = "notify"; + EnvironmentFile = "-%h/.config/jotta-cli/jotta-cli.env"; + ExecStart = "${lib.getExe' cfg.package "jottad"} ${concatStringsSep " " cfg.options}"; + Restart = "on-failure"; + }; + + wantedBy = [ "default.target" ]; + wants = [ "network-online.target" ]; + after = [ "network-online.target" ]; + }; + environment.systemPackages = [ pkgs.jotta-cli ]; + }; + + meta.maintainers = with lib.maintainers; [ evenbrenden ]; + meta.doc = ./jotta-cli.md; +} diff --git a/nixpkgs/nixos/modules/services/networking/kea.nix b/nixpkgs/nixos/modules/services/networking/kea.nix index 656ddd41fd12..66173c145d16 100644 --- a/nixpkgs/nixos/modules/services/networking/kea.nix +++ b/nixpkgs/nixos/modules/services/networking/kea.nix @@ -9,7 +9,6 @@ with lib; let cfg = config.services.kea; - xor = x: y: (!x && y) || (x && !y); format = pkgs.formats.json {}; chooseNotNull = x: y: if x != null then x else y; @@ -35,18 +34,18 @@ in { options.services.kea = with types; { ctrl-agent = mkOption { - description = lib.mdDoc '' + description = '' Kea Control Agent configuration ''; default = {}; type = submodule { options = { - enable = mkEnableOption (lib.mdDoc "Kea Control Agent"); + enable = mkEnableOption "Kea Control Agent"; extraArgs = mkOption { type = listOf str; default = []; - description = lib.mdDoc '' + description = '' List of additional arguments to pass to the daemon. ''; }; @@ -54,7 +53,7 @@ in configFile = mkOption { type = nullOr path; default = null; - description = lib.mdDoc '' + description = '' Kea Control Agent configuration as a path, see <https://kea.readthedocs.io/en/kea-${package.version}/arm/agent.html>. Takes preference over [settings](#opt-services.kea.ctrl-agent.settings). @@ -65,7 +64,7 @@ in settings = mkOption { type = format.type; default = null; - description = lib.mdDoc '' + description = '' Kea Control Agent configuration as an attribute set, see <https://kea.readthedocs.io/en/kea-${package.version}/arm/agent.html>. ''; }; @@ -74,18 +73,18 @@ in }; dhcp4 = mkOption { - description = lib.mdDoc '' + description = '' DHCP4 Server configuration ''; default = {}; type = submodule { options = { - enable = mkEnableOption (lib.mdDoc "Kea DHCP4 server"); + enable = mkEnableOption "Kea DHCP4 server"; extraArgs = mkOption { type = listOf str; default = []; - description = lib.mdDoc '' + description = '' List of additional arguments to pass to the daemon. ''; }; @@ -93,7 +92,7 @@ in configFile = mkOption { type = nullOr path; default = null; - description = lib.mdDoc '' + description = '' Kea DHCP4 configuration as a path, see <https://kea.readthedocs.io/en/kea-${package.version}/arm/dhcp4-srv.html>. Takes preference over [settings](#opt-services.kea.dhcp4.settings). @@ -125,7 +124,7 @@ in } ]; } ]; }; - description = lib.mdDoc '' + description = '' Kea DHCP4 configuration as an attribute set, see <https://kea.readthedocs.io/en/kea-${package.version}/arm/dhcp4-srv.html>. ''; }; @@ -134,18 +133,18 @@ in }; dhcp6 = mkOption { - description = lib.mdDoc '' + description = '' DHCP6 Server configuration ''; default = {}; type = submodule { options = { - enable = mkEnableOption (lib.mdDoc "Kea DHCP6 server"); + enable = mkEnableOption "Kea DHCP6 server"; extraArgs = mkOption { type = listOf str; default = []; - description = lib.mdDoc '' + description = '' List of additional arguments to pass to the daemon. ''; }; @@ -153,7 +152,7 @@ in configFile = mkOption { type = nullOr path; default = null; - description = lib.mdDoc '' + description = '' Kea DHCP6 configuration as a path, see <https://kea.readthedocs.io/en/kea-${package.version}/arm/dhcp6-srv.html>. Takes preference over [settings](#opt-services.kea.dhcp6.settings). @@ -186,7 +185,7 @@ in } ]; } ]; }; - description = lib.mdDoc '' + description = '' Kea DHCP6 configuration as an attribute set, see <https://kea.readthedocs.io/en/kea-${package.version}/arm/dhcp6-srv.html>. ''; }; @@ -195,18 +194,18 @@ in }; dhcp-ddns = mkOption { - description = lib.mdDoc '' + description = '' Kea DHCP-DDNS configuration ''; default = {}; type = submodule { options = { - enable = mkEnableOption (lib.mdDoc "Kea DDNS server"); + enable = mkEnableOption "Kea DDNS server"; extraArgs = mkOption { type = listOf str; default = []; - description = lib.mdDoc '' + description = '' List of additional arguments to pass to the daemon. ''; }; @@ -214,7 +213,7 @@ in configFile = mkOption { type = nullOr path; default = null; - description = lib.mdDoc '' + description = '' Kea DHCP-DDNS configuration as a path, see <https://kea.readthedocs.io/en/kea-${package.version}/arm/ddns.html>. Takes preference over [settings](#opt-services.kea.dhcp-ddns.settings). @@ -239,7 +238,7 @@ in ddns-domains = [ ]; }; }; - description = lib.mdDoc '' + description = '' Kea DHCP-DDNS configuration as an attribute set, see <https://kea.readthedocs.io/en/kea-${package.version}/arm/ddns.html>. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/keepalived/default.nix b/nixpkgs/nixos/modules/services/networking/keepalived/default.nix index 599dfd52e271..1eaf0fd8b4aa 100644 --- a/nixpkgs/nixos/modules/services/networking/keepalived/default.nix +++ b/nixpkgs/nixos/modules/services/networking/keepalived/default.nix @@ -148,7 +148,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable Keepalived. ''; }; @@ -156,7 +156,7 @@ in openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to automatically allow VRRP and AH packets in the firewall. ''; }; @@ -164,7 +164,7 @@ in enableScriptSecurity = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Don't run scripts configured to be run as root if any part of the path is writable by a non-root user. ''; }; @@ -174,7 +174,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the builtin AgentX subagent. ''; }; @@ -182,7 +182,7 @@ in socket = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Socket to use for connecting to SNMP master agent. If this value is set to null, keepalived's default will be used, which is unix:/var/agentx/master, unless using a network namespace, when the @@ -193,7 +193,7 @@ in enableKeepalived = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable SNMP handling of vrrp element of KEEPALIVED MIB. ''; }; @@ -201,7 +201,7 @@ in enableChecker = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable SNMP handling of checker element of KEEPALIVED MIB. ''; }; @@ -209,7 +209,7 @@ in enableRfc = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable SNMP handling of RFC2787 and RFC6527 VRRP MIBs. ''; }; @@ -217,7 +217,7 @@ in enableRfcV2 = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable SNMP handling of RFC2787 VRRP MIB. ''; }; @@ -225,7 +225,7 @@ in enableRfcV3 = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable SNMP handling of RFC6527 VRRP MIB. ''; }; @@ -233,7 +233,7 @@ in enableTraps = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable SNMP traps. ''; }; @@ -245,7 +245,7 @@ in inherit lib; })); default = {}; - description = lib.mdDoc "Declarative vrrp script config"; + description = "Declarative vrrp script config"; }; vrrpInstances = mkOption { @@ -253,13 +253,13 @@ in inherit lib; })); default = {}; - description = lib.mdDoc "Declarative vhost config"; + description = "Declarative vhost config"; }; extraGlobalDefs = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra lines to be added verbatim to the 'global_defs' block of the configuration file ''; @@ -268,7 +268,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra lines to be added verbatim to the configuration file. ''; }; @@ -277,7 +277,7 @@ in type = types.nullOr types.path; default = null; example = "/run/keys/keepalived.env"; - description = lib.mdDoc '' + description = '' Environment variables from this file will be interpolated into the final config file using envsubst with this syntax: `$ENVIRONMENT` or `''${VARIABLE}`. diff --git a/nixpkgs/nixos/modules/services/networking/keepalived/virtual-ip-options.nix b/nixpkgs/nixos/modules/services/networking/keepalived/virtual-ip-options.nix index 1fa6a0ee3bf4..1b8889b1b472 100644 --- a/nixpkgs/nixos/modules/services/networking/keepalived/virtual-ip-options.nix +++ b/nixpkgs/nixos/modules/services/networking/keepalived/virtual-ip-options.nix @@ -6,7 +6,7 @@ with lib; addr = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' IP address, optionally with a netmask: IPADDR[/MASK] ''; }; @@ -14,7 +14,7 @@ with lib; brd = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The broadcast address on the interface. ''; }; @@ -22,7 +22,7 @@ with lib; dev = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The name of the device to add the address to. ''; }; @@ -30,7 +30,7 @@ with lib; scope = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The scope of the area where this address is valid. ''; }; @@ -38,7 +38,7 @@ with lib; label = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Each address may be tagged with a label string. In order to preserve compatibility with Linux-2.0 net aliases, this string must coincide with the name of the device or must be prefixed with the device name followed diff --git a/nixpkgs/nixos/modules/services/networking/keepalived/vrrp-instance-options.nix b/nixpkgs/nixos/modules/services/networking/keepalived/vrrp-instance-options.nix index 35401d439a91..da681e74ff3c 100644 --- a/nixpkgs/nixos/modules/services/networking/keepalived/vrrp-instance-options.nix +++ b/nixpkgs/nixos/modules/services/networking/keepalived/vrrp-instance-options.nix @@ -6,7 +6,7 @@ with lib; interface = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Interface for inside_network, bound by vrrp. ''; }; @@ -14,7 +14,7 @@ with lib; state = mkOption { type = types.enum [ "MASTER" "BACKUP" ]; default = "BACKUP"; - description = lib.mdDoc '' + description = '' Initial state. As soon as the other machine(s) come up, an election will be held and the machine with the highest "priority" will become MASTER. So the entry here doesn't matter a whole lot. @@ -23,7 +23,7 @@ with lib; virtualRouterId = mkOption { type = types.ints.between 1 255; - description = lib.mdDoc '' + description = '' Arbitrary unique number 1..255. Used to differentiate multiple instances of vrrpd running on the same NIC (and hence same socket). ''; @@ -32,7 +32,7 @@ with lib; priority = mkOption { type = types.int; default = 100; - description = lib.mdDoc '' + description = '' For electing MASTER, highest priority wins. To be MASTER, make 50 more than other machines. ''; @@ -41,7 +41,7 @@ with lib; noPreempt = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' VRRP will normally preempt a lower priority machine when a higher priority machine comes online. "nopreempt" allows the lower priority machine to maintain the master role, even when a higher priority machine @@ -53,7 +53,7 @@ with lib; useVmac = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Use VRRP Virtual MAC. ''; }; @@ -61,7 +61,7 @@ with lib; vmacInterface = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Name of the vmac interface to use. keepalived will come up with a name if you don't specify one. ''; @@ -70,7 +70,7 @@ with lib; vmacXmitBase = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Send/Recv VRRP messages from base interface instead of VMAC interface. ''; }; @@ -78,7 +78,7 @@ with lib; unicastSrcIp = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Default IP for binding vrrpd is the primary IP on interface. If you want to hide location of vrrpd, use this IP as src_addr for unicast vrrp packets. @@ -88,7 +88,7 @@ with lib; unicastPeers = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' Do not send VRRP adverts over VRRP multicast group. Instead it sends adverts to the following list of ip addresses using unicast design fashion. It can be cool to use VRRP FSM and features in a networking @@ -103,27 +103,27 @@ with lib; })); default = []; # TODO: example - description = lib.mdDoc "Declarative vhost config"; + description = "Declarative vhost config"; }; trackScripts = mkOption { type = types.listOf types.str; default = []; example = [ "chk_cmd1" "chk_cmd2" ]; - description = lib.mdDoc "List of script names to invoke for health tracking."; + description = "List of script names to invoke for health tracking."; }; trackInterfaces = mkOption { type = types.listOf types.str; default = []; example = [ "eth0" "eth1" ]; - description = lib.mdDoc "List of network interfaces to monitor for health tracking."; + description = "List of network interfaces to monitor for health tracking."; }; extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra lines to be added verbatim to the vrrp_instance section. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/keepalived/vrrp-script-options.nix b/nixpkgs/nixos/modules/services/networking/keepalived/vrrp-script-options.nix index 852d6b0ec26f..df7a89cff8cd 100644 --- a/nixpkgs/nixos/modules/services/networking/keepalived/vrrp-script-options.nix +++ b/nixpkgs/nixos/modules/services/networking/keepalived/vrrp-script-options.nix @@ -8,55 +8,55 @@ with lib.types; script = mkOption { type = str; example = literalExpression ''"''${pkgs.curl} -f http://localhost:80"''; - description = lib.mdDoc "(Path of) Script command to execute followed by args, i.e. cmd [args]..."; + description = "(Path of) Script command to execute followed by args, i.e. cmd [args]..."; }; interval = mkOption { type = int; default = 1; - description = lib.mdDoc "Seconds between script invocations."; + description = "Seconds between script invocations."; }; timeout = mkOption { type = int; default = 5; - description = lib.mdDoc "Seconds after which script is considered to have failed."; + description = "Seconds after which script is considered to have failed."; }; weight = mkOption { type = int; default = 0; - description = lib.mdDoc "Following a failure, adjust the priority by this weight."; + description = "Following a failure, adjust the priority by this weight."; }; rise = mkOption { type = int; default = 5; - description = lib.mdDoc "Required number of successes for OK transition."; + description = "Required number of successes for OK transition."; }; fall = mkOption { type = int; default = 3; - description = lib.mdDoc "Required number of failures for KO transition."; + description = "Required number of failures for KO transition."; }; user = mkOption { type = str; default = "keepalived_script"; - description = lib.mdDoc "Name of user to run the script under."; + description = "Name of user to run the script under."; }; group = mkOption { type = nullOr str; default = null; - description = lib.mdDoc "Name of group to run the script under. Defaults to user group."; + description = "Name of group to run the script under. Defaults to user group."; }; extraConfig = mkOption { type = lines; default = ""; - description = lib.mdDoc "Extra lines to be added verbatim to the vrrp_script section."; + description = "Extra lines to be added verbatim to the vrrp_script section."; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/keybase.nix b/nixpkgs/nixos/modules/services/networking/keybase.nix index ae10aebb86e2..495102cb7eee 100644 --- a/nixpkgs/nixos/modules/services/networking/keybase.nix +++ b/nixpkgs/nixos/modules/services/networking/keybase.nix @@ -14,7 +14,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to start the Keybase service."; + description = "Whether to start the Keybase service."; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/knot.nix b/nixpkgs/nixos/modules/services/networking/knot.nix index 6488a159b3b7..145b4ad1dd3f 100644 --- a/nixpkgs/nixos/modules/services/networking/knot.nix +++ b/nixpkgs/nixos/modules/services/networking/knot.nix @@ -226,7 +226,7 @@ in { }; settings = mkOption { - type = types.attrs; + type = (pkgs.formats.yaml {}).type; default = {}; description = '' Extra configuration as nix values. diff --git a/nixpkgs/nixos/modules/services/networking/kresd.nix b/nixpkgs/nixos/modules/services/networking/kresd.nix index 307414abf170..d295e40f3922 100644 --- a/nixpkgs/nixos/modules/services/networking/kresd.nix +++ b/nixpkgs/nixos/modules/services/networking/kresd.nix @@ -50,7 +50,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable knot-resolver domain name server. DNSSEC validation is turned on by default. You can run `sudo nc -U /run/knot-resolver/control/1` @@ -63,7 +63,7 @@ in { extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra lines to be added verbatim to the generated configuration file. ''; }; @@ -71,7 +71,7 @@ in { type = with types; listOf str; default = [ "[::1]:53" "127.0.0.1:53" ]; example = [ "53" ]; - description = lib.mdDoc '' + description = '' What addresses and ports the server should listen on. For detailed syntax see ListenStream in {manpage}`systemd.socket(5)`. ''; @@ -80,7 +80,7 @@ in { type = with types; listOf str; default = []; example = [ "198.51.100.1:853" "[2001:db8::1]:853" "853" ]; - description = lib.mdDoc '' + description = '' Addresses and ports on which kresd should provide DNS over TLS (see RFC 7858). For detailed syntax see ListenStream in {manpage}`systemd.socket(5)`. ''; @@ -89,7 +89,7 @@ in { type = with types; listOf str; default = []; example = [ "198.51.100.1:443" "[2001:db8::1]:443" "443" ]; - description = lib.mdDoc '' + description = '' Addresses and ports on which kresd should provide DNS over HTTPS/2 (see RFC 8484). For detailed syntax see ListenStream in {manpage}`systemd.socket(5)`. ''; @@ -97,7 +97,7 @@ in { instances = mkOption { type = types.ints.unsigned; default = 1; - description = lib.mdDoc '' + description = '' The number of instances to start. They will be called kresd@{1,2,...}.service. Knot Resolver uses no threads, so this is the way to scale. You can dynamically start/stop them at will, so this is just system default. diff --git a/nixpkgs/nixos/modules/services/networking/lambdabot.nix b/nixpkgs/nixos/modules/services/networking/lambdabot.nix index 01914097ad72..a141962f512f 100644 --- a/nixpkgs/nixos/modules/services/networking/lambdabot.nix +++ b/nixpkgs/nixos/modules/services/networking/lambdabot.nix @@ -21,7 +21,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable the Lambdabot IRC bot"; + description = "Enable the Lambdabot IRC bot"; }; package = mkPackageOption pkgs "lambdabot" { }; @@ -29,7 +29,7 @@ in script = mkOption { type = types.str; default = ""; - description = lib.mdDoc "Lambdabot script"; + description = "Lambdabot script"; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/legit.nix b/nixpkgs/nixos/modules/services/networking/legit.nix index ff8e0dd4f93c..412f8275800b 100644 --- a/nixpkgs/nixos/modules/services/networking/legit.nix +++ b/nixpkgs/nixos/modules/services/networking/legit.nix @@ -4,7 +4,6 @@ let inherit (lib) literalExpression mkEnableOption - mdDoc mkIf mkOption mkPackageOption @@ -23,25 +22,25 @@ let in { options.services.legit = { - enable = mkEnableOption (mdDoc "legit git web frontend"); + enable = mkEnableOption "legit git web frontend"; package = mkPackageOption pkgs "legit-web" { }; user = mkOption { type = types.str; default = "legit"; - description = mdDoc "User account under which legit runs."; + description = "User account under which legit runs."; }; group = mkOption { type = types.str; default = "legit"; - description = mdDoc "Group account under which legit runs."; + description = "Group account under which legit runs."; }; settings = mkOption { default = { }; - description = mdDoc '' + description = '' The primary legit configuration. See the [sample configuration](https://github.com/icyphox/legit/blob/master/config.yaml) for possible values. @@ -51,22 +50,22 @@ in scanPath = mkOption { type = types.path; default = defaultStateDir; - description = mdDoc "Directory where legit will scan for repositories."; + description = "Directory where legit will scan for repositories."; }; readme = mkOption { type = types.listOf types.str; default = [ ]; - description = mdDoc "Readme files to look for."; + description = "Readme files to look for."; }; mainBranch = mkOption { type = types.listOf types.str; default = [ "main" "master" ]; - description = mdDoc "Main branch to look for."; + description = "Main branch to look for."; }; ignore = mkOption { type = types.listOf types.str; default = [ ]; - description = mdDoc "Repositories to ignore."; + description = "Repositories to ignore."; }; }; options.dirs = { @@ -74,42 +73,42 @@ in type = types.path; default = "${pkgs.legit-web}/lib/legit/templates"; defaultText = literalExpression ''"''${pkgs.legit-web}/lib/legit/templates"''; - description = mdDoc "Directories where template files are located."; + description = "Directories where template files are located."; }; static = mkOption { type = types.path; default = "${pkgs.legit-web}/lib/legit/static"; defaultText = literalExpression ''"''${pkgs.legit-web}/lib/legit/static"''; - description = mdDoc "Directories where static files are located."; + description = "Directories where static files are located."; }; }; options.meta = { title = mkOption { type = types.str; default = "legit"; - description = mdDoc "Website title."; + description = "Website title."; }; description = mkOption { type = types.str; default = "git frontend"; - description = mdDoc "Website description."; + description = "Website description."; }; }; options.server = { name = mkOption { type = types.str; default = "localhost"; - description = mdDoc "Server name."; + description = "Server name."; }; host = mkOption { type = types.str; default = "127.0.0.1"; - description = mdDoc "Host address."; + description = "Host address."; }; port = mkOption { type = types.port; default = 5555; - description = mdDoc "Legit port."; + description = "Legit port."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/libreswan.nix b/nixpkgs/nixos/modules/services/networking/libreswan.nix index a44cac93d5f6..ae71acf089f4 100644 --- a/nixpkgs/nixos/modules/services/networking/libreswan.nix +++ b/nixpkgs/nixos/modules/services/networking/libreswan.nix @@ -47,7 +47,7 @@ in services.libreswan = { - enable = mkEnableOption (lib.mdDoc "Libreswan IPsec service"); + enable = mkEnableOption "Libreswan IPsec service"; configSetup = mkOption { type = types.lines; @@ -60,7 +60,7 @@ in protostack=netkey virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10 ''; - description = lib.mdDoc "Options to go in the 'config setup' section of the Libreswan IPsec configuration"; + description = "Options to go in the 'config setup' section of the Libreswan IPsec configuration"; }; connections = mkOption { @@ -79,7 +79,7 @@ in '''; } ''; - description = lib.mdDoc "A set of connections to define for the Libreswan IPsec service"; + description = "A set of connections to define for the Libreswan IPsec service"; }; policies = mkOption { @@ -93,7 +93,7 @@ in '''; } ''; - description = lib.mdDoc '' + description = '' A set of policies to apply to the IPsec connections. ::: {.note} @@ -105,7 +105,7 @@ in disableRedirects = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to disable send and accept redirects for all network interfaces. See the Libreswan [ FAQ](https://libreswan.org/wiki/FAQ#Why_is_it_recommended_to_disable_send_redirects_in_.2Fproc.2Fsys.2Fnet_.3F) page for why this is recommended. diff --git a/nixpkgs/nixos/modules/services/networking/lldpd.nix b/nixpkgs/nixos/modules/services/networking/lldpd.nix index b7ac99d75d75..d5de9c45d84b 100644 --- a/nixpkgs/nixos/modules/services/networking/lldpd.nix +++ b/nixpkgs/nixos/modules/services/networking/lldpd.nix @@ -9,13 +9,13 @@ in { options.services.lldpd = { - enable = mkEnableOption (lib.mdDoc "Link Layer Discovery Protocol Daemon"); + enable = mkEnableOption "Link Layer Discovery Protocol Daemon"; extraArgs = mkOption { type = types.listOf types.str; default = []; example = [ "-c" "-k" "-I eth0" ]; - description = lib.mdDoc "List of command line parameters for lldpd"; + description = "List of command line parameters for lldpd"; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/logmein-hamachi.nix b/nixpkgs/nixos/modules/services/networking/logmein-hamachi.nix index 7c00b82e3b34..b7d960264d21 100644 --- a/nixpkgs/nixos/modules/services/networking/logmein-hamachi.nix +++ b/nixpkgs/nixos/modules/services/networking/logmein-hamachi.nix @@ -17,8 +17,7 @@ in services.logmein-hamachi.enable = mkOption { type = types.bool; default = false; - description = - lib.mdDoc '' + description = '' Whether to enable LogMeIn Hamachi, a proprietary (closed source) commercial VPN software. ''; diff --git a/nixpkgs/nixos/modules/services/networking/lokinet.nix b/nixpkgs/nixos/modules/services/networking/lokinet.nix index 8f64d3f0119f..76203c61b504 100644 --- a/nixpkgs/nixos/modules/services/networking/lokinet.nix +++ b/nixpkgs/nixos/modules/services/networking/lokinet.nix @@ -7,7 +7,7 @@ let configFile = settingsFormat.generate "lokinet.ini" (lib.filterAttrsRecursive (n: v: v != null) cfg.settings); in with lib; { options.services.lokinet = { - enable = mkEnableOption (lib.mdDoc "Lokinet daemon"); + enable = mkEnableOption "Lokinet daemon"; package = mkPackageOption pkgs "lokinet" { }; @@ -15,7 +15,7 @@ in with lib; { type = types.bool; default = false; example = true; - description = lib.mdDoc "Whether to use Lokinet locally."; + description = "Whether to use Lokinet locally."; }; settings = mkOption { @@ -28,14 +28,14 @@ in with lib; { bind = mkOption { type = str; default = "127.3.2.1"; - description = lib.mdDoc "Address to bind to for handling DNS requests."; + description = "Address to bind to for handling DNS requests."; }; upstream = mkOption { type = listOf str; default = [ "9.9.9.10" ]; example = [ "1.1.1.1" "8.8.8.8" ]; - description = lib.mdDoc '' + description = '' Upstream resolver(s) to use as fallback for non-loki addresses. Multiple values accepted. ''; @@ -46,7 +46,7 @@ in with lib; { exit = mkOption { type = bool; default = false; - description = lib.mdDoc '' + description = '' Whether to act as an exit node. Beware that this increases demand on the server and may pose liability concerns. Enable at your own risk. @@ -60,7 +60,7 @@ in with lib; { exit-node = [ "example.loki" ]; # maps all exit traffic to example.loki exit-node = [ "example.loki:100.0.0.0/24" ]; # maps 100.0.0.0/24 to example.loki ''; - description = lib.mdDoc '' + description = '' Specify a `.loki` address and an optional ip range to use as an exit broker. See <http://probably.loki/wiki/index.php?title=Exit_Nodes> for a list of exit nodes. @@ -71,7 +71,7 @@ in with lib; { type = nullOr str; default = null; example = "snappkey.private"; - description = lib.mdDoc '' + description = '' The private key to persist address with. If not specified the address will be ephemeral. This keyfile is generated automatically if the specified file doesn't exist. ''; @@ -90,7 +90,7 @@ in with lib; { network.exit-node = [ "example.loki" "example2.loki" ]; } ''; - description = lib.mdDoc '' + description = '' Configuration for Lokinet. Currently, the best way to view the available settings is by generating a config file using `lokinet -g`. diff --git a/nixpkgs/nixos/modules/services/networking/lxd-image-server.nix b/nixpkgs/nixos/modules/services/networking/lxd-image-server.nix index d8e32eb997e8..93374a385a90 100644 --- a/nixpkgs/nixos/modules/services/networking/lxd-image-server.nix +++ b/nixpkgs/nixos/modules/services/networking/lxd-image-server.nix @@ -11,18 +11,18 @@ in { options = { services.lxd-image-server = { - enable = mkEnableOption (lib.mdDoc "lxd-image-server"); + enable = mkEnableOption "lxd-image-server"; group = mkOption { type = types.str; - description = lib.mdDoc "Group assigned to the user and the webroot directory."; + description = "Group assigned to the user and the webroot directory."; default = "nginx"; example = "www-data"; }; settings = mkOption { type = format.type; - description = lib.mdDoc '' + description = '' Configuration for lxd-image-server. Example see <https://github.com/Avature/lxd-image-server/blob/master/config.toml>. @@ -31,10 +31,10 @@ in }; nginx = { - enable = mkEnableOption (lib.mdDoc "nginx"); + enable = mkEnableOption "nginx"; domain = mkOption { type = types.str; - description = lib.mdDoc "Domain to use for nginx virtual host."; + description = "Domain to use for nginx virtual host."; example = "images.example.org"; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/magic-wormhole-mailbox-server.nix b/nixpkgs/nixos/modules/services/networking/magic-wormhole-mailbox-server.nix index 9dd1f62350af..03210bca371c 100644 --- a/nixpkgs/nixos/modules/services/networking/magic-wormhole-mailbox-server.nix +++ b/nixpkgs/nixos/modules/services/networking/magic-wormhole-mailbox-server.nix @@ -9,7 +9,7 @@ let in { options.services.magic-wormhole-mailbox-server = { - enable = mkEnableOption (lib.mdDoc "Magic Wormhole Mailbox Server"); + enable = mkEnableOption "Magic Wormhole Mailbox Server"; }; config = mkIf cfg.enable { diff --git a/nixpkgs/nixos/modules/services/networking/matterbridge.nix b/nixpkgs/nixos/modules/services/networking/matterbridge.nix index 2921074fcd2b..cdcb69070dfb 100644 --- a/nixpkgs/nixos/modules/services/networking/matterbridge.nix +++ b/nixpkgs/nixos/modules/services/networking/matterbridge.nix @@ -17,13 +17,13 @@ in { options = { services.matterbridge = { - enable = mkEnableOption (lib.mdDoc "Matterbridge chat platform bridge"); + enable = mkEnableOption "Matterbridge chat platform bridge"; configPath = mkOption { type = with types; nullOr str; default = null; example = "/etc/nixos/matterbridge.toml"; - description = lib.mdDoc '' + description = '' The path to the matterbridge configuration file. ''; }; @@ -62,7 +62,7 @@ in account="mattermost.work" channel="off-topic" ''; - description = lib.mdDoc '' + description = '' WARNING: THIS IS INSECURE, as your password will end up in {file}`/nix/store`, thus publicly readable. Use `services.matterbridge.configPath` instead. @@ -73,7 +73,7 @@ in user = mkOption { type = types.str; default = "matterbridge"; - description = lib.mdDoc '' + description = '' User which runs the matterbridge service. ''; }; @@ -81,7 +81,7 @@ in group = mkOption { type = types.str; default = "matterbridge"; - description = lib.mdDoc '' + description = '' Group which runs the matterbridge service. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/microsocks.nix b/nixpkgs/nixos/modules/services/networking/microsocks.nix index be79a8495636..09afaf6edf03 100644 --- a/nixpkgs/nixos/modules/services/networking/microsocks.nix +++ b/nixpkgs/nixos/modules/services/networking/microsocks.nix @@ -19,22 +19,22 @@ let ++ lib.optionals (cfg.authUsername != null) [ "-u" cfg.authUsername ]; in { options.services.microsocks = { - enable = lib.mkEnableOption (lib.mdDoc "Tiny, portable SOCKS5 server with very moderate resource usage"); + enable = lib.mkEnableOption "Tiny, portable SOCKS5 server with very moderate resource usage"; user = lib.mkOption { default = "microsocks"; - description = lib.mdDoc "User microsocks runs as."; + description = "User microsocks runs as."; type = lib.types.str; }; group = lib.mkOption { default = "microsocks"; - description = lib.mdDoc "Group microsocks runs as."; + description = "Group microsocks runs as."; type = lib.types.str; }; package = lib.mkPackageOption pkgs "microsocks" {}; ip = lib.mkOption { type = lib.types.str; default = "127.0.0.1"; - description = lib.mdDoc '' + description = '' IP on which microsocks should listen. Defaults to 127.0.0.1 for security reasons. ''; @@ -42,17 +42,17 @@ in { port = lib.mkOption { type = lib.types.port; default = 1080; - description = lib.mdDoc "Port on which microsocks should listen."; + description = "Port on which microsocks should listen."; }; disableLogging = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc "If true, microsocks will not log any messages to stdout/stderr."; + description = "If true, microsocks will not log any messages to stdout/stderr."; }; authOnce = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' If true, once a specific ip address authed successfully with user/pass, it is added to a whitelist and may use the proxy without auth. ''; @@ -60,19 +60,19 @@ in { outgoingBindIp = lib.mkOption { type = lib.types.nullOr lib.types.str; default = null; - description = lib.mdDoc "Specifies which ip outgoing connections are bound to"; + description = "Specifies which ip outgoing connections are bound to"; }; authUsername = lib.mkOption { type = lib.types.nullOr lib.types.str; default = null; example = "alice"; - description = lib.mdDoc "Optional username to use for authentication."; + description = "Optional username to use for authentication."; }; authPasswordFile = lib.mkOption { type = lib.types.nullOr lib.types.path; default = null; example = "/run/secrets/microsocks-password"; - description = lib.mdDoc "Path to a file containing the password for authentication."; + description = "Path to a file containing the password for authentication."; }; execWrapper = lib.mkOption { type = lib.types.nullOr lib.types.str; @@ -80,7 +80,7 @@ in { example = '' ''${pkgs.mullvad-vpn}/bin/mullvad-exclude ''; - description = lib.mdDoc '' + description = '' An optional command to prepend to the microsocks command (such as proxychains, or a VPN exclude command). ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/mihomo.nix b/nixpkgs/nixos/modules/services/networking/mihomo.nix index ae700603b529..312530caeaad 100644 --- a/nixpkgs/nixos/modules/services/networking/mihomo.nix +++ b/nixpkgs/nixos/modules/services/networking/mihomo.nix @@ -12,7 +12,7 @@ let in { options.services.mihomo = { - enable = lib.mkEnableOption "Mihomo, A rule-based proxy in Go."; + enable = lib.mkEnableOption "Mihomo, A rule-based proxy in Go"; package = lib.mkPackageOption pkgs "mihomo" { }; @@ -28,14 +28,14 @@ in description = '' Local web interface to use. - You can also use the following website, just in case: + You can also use the following website: - metacubexd: - https://d.metacubex.one - https://metacubex.github.io/metacubexd - https://metacubexd.pages.dev - yacd: - https://yacd.haishan.me - - clash-dashboard (buggy): + - clash-dashboard: - https://clash.razord.top ''; }; @@ -49,7 +49,7 @@ in tunMode = lib.mkEnableOption '' necessary permission for Mihomo's systemd service for TUN mode to function properly. - Keep in mind, that you still need to enable TUN mode manually in Mihomo's configuration. + Keep in mind, that you still need to enable TUN mode manually in Mihomo's configuration ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/minidlna.nix b/nixpkgs/nixos/modules/services/networking/minidlna.nix index d0de6cd4fdc6..7f3e63dd055a 100644 --- a/nixpkgs/nixos/modules/services/networking/minidlna.nix +++ b/nixpkgs/nixos/modules/services/networking/minidlna.nix @@ -13,7 +13,7 @@ in options.services.minidlna.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable MiniDLNA, a simple DLNA server. It serves media files such as video and music to DLNA client devices such as televisions and media players. If you use the firewall, consider @@ -24,14 +24,14 @@ in options.services.minidlna.openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to open both HTTP (TCP) and SSDP (UDP) ports in the firewall. ''; }; options.services.minidlna.settings = mkOption { default = {}; - description = lib.mdDoc '' + description = '' The contents of MiniDLNA's configuration file. When the service is activated, a basic template is generated from the current options opened here. ''; @@ -42,7 +42,7 @@ in type = types.listOf types.str; default = []; example = [ "/data/media" "V,/home/alice/video" ]; - description = lib.mdDoc '' + description = '' Directories to be scanned for media files. The `A,` `V,` `P,` prefixes restrict a directory to audio, video or image files. The directories must be accessible to the `minidlna` user account. @@ -51,7 +51,7 @@ in options.notify_interval = mkOption { type = types.int; default = 90000; - description = lib.mdDoc '' + description = '' The interval between announces (in seconds). Instead of waiting for announces, you should set `openFirewall` option to use SSDP discovery. Lower values (e.g. 30 seconds) should be used if your network blocks the discovery unicast. @@ -62,47 +62,47 @@ in options.port = mkOption { type = types.port; default = 8200; - description = lib.mdDoc "Port number for HTTP traffic (descriptions, SOAP, media transfer)."; + description = "Port number for HTTP traffic (descriptions, SOAP, media transfer)."; }; options.db_dir = mkOption { type = types.path; default = "/var/cache/minidlna"; example = "/tmp/minidlna"; - description = lib.mdDoc "Specify the directory where you want MiniDLNA to store its database and album art cache."; + description = "Specify the directory where you want MiniDLNA to store its database and album art cache."; }; options.friendly_name = mkOption { type = types.str; default = config.networking.hostName; defaultText = literalExpression "config.networking.hostName"; example = "rpi3"; - description = lib.mdDoc "Name that the DLNA server presents to clients."; + description = "Name that the DLNA server presents to clients."; }; options.root_container = mkOption { type = types.str; default = "B"; example = "."; - description = lib.mdDoc "Use a different container as the root of the directory tree presented to clients."; + description = "Use a different container as the root of the directory tree presented to clients."; }; options.log_level = mkOption { type = types.str; default = "warn"; example = "general,artwork,database,inotify,scanner,metadata,http,ssdp,tivo=warn"; - description = lib.mdDoc "Defines the type of messages that should be logged and down to which level of importance."; + description = "Defines the type of messages that should be logged and down to which level of importance."; }; options.inotify = mkOption { type = types.enum [ "yes" "no" ]; default = "no"; - description = lib.mdDoc "Whether to enable inotify monitoring to automatically discover new files."; + description = "Whether to enable inotify monitoring to automatically discover new files."; }; options.enable_tivo = mkOption { type = types.enum [ "yes" "no" ]; default = "no"; - description = lib.mdDoc "Support for streaming .jpg and .mp3 files to a TiVo supporting HMO."; + description = "Support for streaming .jpg and .mp3 files to a TiVo supporting HMO."; }; options.wide_links = mkOption { type = types.enum [ "yes" "no" ]; default = "no"; - description = lib.mdDoc "Set this to yes to allow symlinks that point outside user-defined `media_dir`."; + description = "Set this to yes to allow symlinks that point outside user-defined `media_dir`."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/miniupnpd.nix b/nixpkgs/nixos/modules/services/networking/miniupnpd.nix index 116298dc6b1d..9494d6f68e09 100644 --- a/nixpkgs/nixos/modules/services/networking/miniupnpd.nix +++ b/nixpkgs/nixos/modules/services/networking/miniupnpd.nix @@ -28,11 +28,11 @@ in { options = { services.miniupnpd = { - enable = mkEnableOption (lib.mdDoc "MiniUPnP daemon"); + enable = mkEnableOption "MiniUPnP daemon"; externalInterface = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Name of the external interface. ''; }; @@ -40,17 +40,17 @@ in internalIPs = mkOption { type = types.listOf types.str; example = [ "192.168.1.1/24" "enp1s0" ]; - description = lib.mdDoc '' + description = '' The IP address ranges to listen on. ''; }; - natpmp = mkEnableOption (lib.mdDoc "NAT-PMP support"); + natpmp = mkEnableOption "NAT-PMP support"; upnp = mkOption { default = true; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to enable UPNP support. ''; }; @@ -58,7 +58,7 @@ in appendConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Configuration lines appended to the MiniUPnP config. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/miredo.nix b/nixpkgs/nixos/modules/services/networking/miredo.nix index 0c43839c15ab..12be41b7e7b6 100644 --- a/nixpkgs/nixos/modules/services/networking/miredo.nix +++ b/nixpkgs/nixos/modules/services/networking/miredo.nix @@ -20,14 +20,14 @@ in services.miredo = { - enable = mkEnableOption (lib.mdDoc "the Miredo IPv6 tunneling service"); + enable = mkEnableOption "the Miredo IPv6 tunneling service"; package = mkPackageOption pkgs "miredo" { }; serverAddress = mkOption { default = "teredo.remlab.net"; type = types.str; - description = lib.mdDoc '' + description = '' The hostname or primary IPv4 address of the Teredo server. This setting is required if Miredo runs as a Teredo client. "teredo.remlab.net" is an experimental service for testing only. @@ -38,7 +38,7 @@ in interfaceName = mkOption { default = "teredo"; type = types.str; - description = lib.mdDoc '' + description = '' Name of the network tunneling interface. ''; }; @@ -46,7 +46,7 @@ in bindAddress = mkOption { default = null; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' Depending on the local firewall/NAT rules, you might need to force Miredo to use a fixed UDP port and or IPv4 address. ''; @@ -55,7 +55,7 @@ in bindPort = mkOption { default = null; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' Depending on the local firewall/NAT rules, you might need to force Miredo to use a fixed UDP port and or IPv4 address. ''; diff --git a/nixpkgs/nixos/modules/services/networking/mjpg-streamer.nix b/nixpkgs/nixos/modules/services/networking/mjpg-streamer.nix index 8f8d5f5c4d35..7867a5af1e51 100644 --- a/nixpkgs/nixos/modules/services/networking/mjpg-streamer.nix +++ b/nixpkgs/nixos/modules/services/networking/mjpg-streamer.nix @@ -12,12 +12,12 @@ in { services.mjpg-streamer = { - enable = mkEnableOption (lib.mdDoc "mjpg-streamer webcam streamer"); + enable = mkEnableOption "mjpg-streamer webcam streamer"; inputPlugin = mkOption { type = types.str; default = "input_uvc.so"; - description = lib.mdDoc '' + description = '' Input plugin. See plugins documentation for more information. ''; }; @@ -25,7 +25,7 @@ in { outputPlugin = mkOption { type = types.str; default = "output_http.so -w @www@ -n -p 5050"; - description = lib.mdDoc '' + description = '' Output plugin. `@www@` is substituted for default mjpg-streamer www directory. See plugins documentation for more information. ''; @@ -34,13 +34,13 @@ in { user = mkOption { type = types.str; default = "mjpg-streamer"; - description = lib.mdDoc "mjpg-streamer user name."; + description = "mjpg-streamer user name."; }; group = mkOption { type = types.str; default = "video"; - description = lib.mdDoc "mjpg-streamer group name."; + description = "mjpg-streamer group name."; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/mmsd.nix b/nixpkgs/nixos/modules/services/networking/mmsd.nix index 7e262a9326c1..e801150a3fc9 100644 --- a/nixpkgs/nixos/modules/services/networking/mmsd.nix +++ b/nixpkgs/nixos/modules/services/networking/mmsd.nix @@ -14,10 +14,10 @@ let in { options.services.mmsd = { - enable = mkEnableOption (mdDoc "Multimedia Messaging Service Daemon"); + enable = mkEnableOption "Multimedia Messaging Service Daemon"; extraArgs = mkOption { type = with types; listOf str; - description = mdDoc "Extra arguments passed to `mmsd-tng`"; + description = "Extra arguments passed to `mmsd-tng`"; default = []; example = ["--debug"]; }; diff --git a/nixpkgs/nixos/modules/services/networking/monero.nix b/nixpkgs/nixos/modules/services/networking/monero.nix index 0de02882acab..37a687f524b9 100644 --- a/nixpkgs/nixos/modules/services/networking/monero.nix +++ b/nixpkgs/nixos/modules/services/networking/monero.nix @@ -50,12 +50,12 @@ in services.monero = { - enable = mkEnableOption (lib.mdDoc "Monero node daemon"); + enable = mkEnableOption "Monero node daemon"; dataDir = mkOption { type = types.str; default = "/var/lib/monero"; - description = lib.mdDoc '' + description = '' The directory where Monero stores its data files. ''; }; @@ -63,7 +63,7 @@ in mining.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to mine monero. ''; }; @@ -71,7 +71,7 @@ in mining.address = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Monero address where to send mining rewards. ''; }; @@ -79,7 +79,7 @@ in mining.threads = mkOption { type = types.addCheck types.int (x: x>=0); default = 0; - description = lib.mdDoc '' + description = '' Number of threads used for mining. Set to `0` to use all available. ''; @@ -88,7 +88,7 @@ in rpc.user = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' User name for RPC connections. ''; }; @@ -96,7 +96,7 @@ in rpc.password = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Password for RPC connections. ''; }; @@ -104,7 +104,7 @@ in rpc.address = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc '' + description = '' IP address the RPC server will bind to. ''; }; @@ -112,7 +112,7 @@ in rpc.port = mkOption { type = types.port; default = 18081; - description = lib.mdDoc '' + description = '' Port the RPC server will bind to. ''; }; @@ -120,7 +120,7 @@ in rpc.restricted = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to restrict RPC to view only commands. ''; }; @@ -128,7 +128,7 @@ in limits.upload = mkOption { type = types.addCheck types.int (x: x>=-1); default = -1; - description = lib.mdDoc '' + description = '' Limit of the upload rate in kB/s. Set to `-1` to leave unlimited. ''; @@ -137,7 +137,7 @@ in limits.download = mkOption { type = types.addCheck types.int (x: x>=-1); default = -1; - description = lib.mdDoc '' + description = '' Limit of the download rate in kB/s. Set to `-1` to leave unlimited. ''; @@ -146,7 +146,7 @@ in limits.threads = mkOption { type = types.addCheck types.int (x: x>=0); default = 0; - description = lib.mdDoc '' + description = '' Maximum number of threads used for a parallel job. Set to `0` to leave unlimited. ''; @@ -155,7 +155,7 @@ in limits.syncSize = mkOption { type = types.addCheck types.int (x: x>=0); default = 0; - description = lib.mdDoc '' + description = '' Maximum number of blocks to sync at once. Set to `0` for adaptive. ''; @@ -164,7 +164,7 @@ in extraNodes = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc '' + description = '' List of additional peer IP addresses to add to the local list. ''; }; @@ -172,7 +172,7 @@ in priorityNodes = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc '' + description = '' List of peer IP addresses to connect to and attempt to keep the connection open. ''; @@ -181,7 +181,7 @@ in exclusiveNodes = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc '' + description = '' List of peer IP addresses to connect to *only*. If given the other peer options will be ignored. ''; @@ -190,7 +190,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra lines to be added verbatim to monerod configuration. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/morty.nix b/nixpkgs/nixos/modules/services/networking/morty.nix index 6954596addfd..c3ed718fe8d8 100644 --- a/nixpkgs/nixos/modules/services/networking/morty.nix +++ b/nixpkgs/nixos/modules/services/networking/morty.nix @@ -16,19 +16,18 @@ in services.morty = { - enable = mkEnableOption - (lib.mdDoc "Morty proxy server. See https://github.com/asciimoo/morty"); + enable = mkEnableOption "Morty proxy server. See https://github.com/asciimoo/morty"; ipv6 = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Allow IPv6 HTTP requests?"; + description = "Allow IPv6 HTTP requests?"; }; key = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' HMAC url validation key (hexadecimal encoded). Leave blank to disable. Without validation key, anyone can submit proxy requests. Leave blank to disable. @@ -39,7 +38,7 @@ in timeout = mkOption { type = types.int; default = 2; - description = lib.mdDoc "Request timeout in seconds."; + description = "Request timeout in seconds."; }; package = mkPackageOption pkgs "morty" { }; @@ -47,13 +46,13 @@ in port = mkOption { type = types.port; default = 3000; - description = lib.mdDoc "Listing port"; + description = "Listing port"; }; listenAddress = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc "The address on which the service listens"; + description = "The address on which the service listens"; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/mosquitto.nix b/nixpkgs/nixos/modules/services/networking/mosquitto.nix index 4a08f5ed2370..9825af47777e 100644 --- a/nixpkgs/nixos/modules/services/networking/mosquitto.nix +++ b/nixpkgs/nixos/modules/services/networking/mosquitto.nix @@ -36,7 +36,7 @@ let password = mkOption { type = uniq (nullOr str); default = null; - description = lib.mdDoc '' + description = '' Specifies the (clear text) password for the MQTT User. ''; }; @@ -45,7 +45,7 @@ let type = uniq (nullOr path); example = "/path/to/file"; default = null; - description = lib.mdDoc '' + description = '' Specifies the path to a file containing the clear text password for the MQTT user. The file is securely passed to mosquitto by @@ -57,7 +57,7 @@ let hashedPassword = mkOption { type = uniq (nullOr str); default = null; - description = mdDoc '' + description = '' Specifies the hashed password for the MQTT User. To generate hashed password install the `mosquitto` package and use `mosquitto_passwd`, then extract @@ -70,7 +70,7 @@ let type = uniq (nullOr path); example = "/path/to/file"; default = null; - description = mdDoc '' + description = '' Specifies the path to a file containing the hashed password for the MQTT user. To generate hashed password install the `mosquitto` @@ -86,7 +86,7 @@ let type = listOf str; example = [ "read A/B" "readwrite A/#" ]; default = []; - description = lib.mdDoc '' + description = '' Control client access to topics on the broker. ''; }; @@ -181,14 +181,14 @@ let options = { plugin = mkOption { type = path; - description = mdDoc '' + description = '' Plugin path to load, should be a `.so` file. ''; }; denySpecialChars = mkOption { type = bool; - description = mdDoc '' + description = '' Automatically disallow all clients using `#` or `+` in their name/id. ''; @@ -197,7 +197,7 @@ let options = mkOption { type = attrsOf optionType; - description = mdDoc '' + description = '' Options for the auth plugin. Each key turns into a `auth_opt_*` line in the config. ''; @@ -257,7 +257,7 @@ let options = { port = mkOption { type = port; - description = lib.mdDoc '' + description = '' Port to listen on. Must be set to 0 to listen on a unix domain socket. ''; default = 1883; @@ -265,7 +265,7 @@ let address = mkOption { type = nullOr str; - description = mdDoc '' + description = '' Address to listen on. Listen on `0.0.0.0`/`::` when unset. ''; @@ -274,7 +274,7 @@ let authPlugins = mkOption { type = listOf authPluginOptions; - description = mdDoc '' + description = '' Authentication plugin to attach to this listener. Refer to the [mosquitto.conf documentation](https://mosquitto.org/man/mosquitto-conf-5.html) for details on authentication plugins. @@ -285,7 +285,7 @@ let users = mkOption { type = attrsOf userOptions; example = { john = { password = "123456"; acl = [ "readwrite john/#" ]; }; }; - description = lib.mdDoc '' + description = '' A set of users and their passwords and ACLs. ''; default = {}; @@ -293,7 +293,7 @@ let omitPasswordAuth = mkOption { type = bool; - description = lib.mdDoc '' + description = '' Omits password checking, allowing anyone to log in with any user name unless other mandatory authentication methods (eg TLS client certificates) are configured. ''; @@ -302,7 +302,7 @@ let acl = mkOption { type = listOf str; - description = lib.mdDoc '' + description = '' Additional ACL items to prepend to the generated ACL file. ''; example = [ "pattern read #" "topic readwrite anon/report/#" ]; @@ -313,7 +313,7 @@ let type = submodule { freeformType = attrsOf optionType; }; - description = lib.mdDoc '' + description = '' Additional settings for this listener. ''; default = {}; @@ -380,14 +380,14 @@ let options = { address = mkOption { type = str; - description = lib.mdDoc '' + description = '' Address of the remote MQTT broker. ''; }; port = mkOption { type = port; - description = lib.mdDoc '' + description = '' Port of the remote MQTT broker. ''; default = 1883; @@ -395,14 +395,14 @@ let }; }); default = []; - description = lib.mdDoc '' + description = '' Remote endpoints for the bridge. ''; }; topics = mkOption { type = listOf str; - description = lib.mdDoc '' + description = '' Topic patterns to be shared between the two brokers. Refer to the [ mosquitto.conf documentation](https://mosquitto.org/man/mosquitto-conf-5.html) for details on the format. @@ -415,7 +415,7 @@ let type = submodule { freeformType = attrsOf optionType; }; - description = lib.mdDoc '' + description = '' Additional settings for this bridge. ''; default = {}; @@ -469,14 +469,14 @@ let }; globalOptions = with types; { - enable = mkEnableOption (lib.mdDoc "the MQTT Mosquitto broker"); + enable = mkEnableOption "the MQTT Mosquitto broker"; package = mkPackageOption pkgs "mosquitto" { }; bridges = mkOption { type = attrsOf bridgeOptions; default = {}; - description = lib.mdDoc '' + description = '' Bridges to build to other MQTT brokers. ''; }; @@ -484,14 +484,14 @@ let listeners = mkOption { type = listOf listenerOptions; default = {}; - description = lib.mdDoc '' + description = '' Listeners to configure on this broker. ''; }; includeDirs = mkOption { type = listOf path; - description = mdDoc '' + description = '' Directories to be scanned for further config files to include. Directories will processed in the order given, `*.conf` files in the directory will be @@ -502,7 +502,7 @@ let logDest = mkOption { type = listOf (either path (enum [ "stdout" "stderr" "syslog" "topic" "dlt" ])); - description = lib.mdDoc '' + description = '' Destinations to send log messages to. ''; default = [ "stderr" ]; @@ -511,7 +511,7 @@ let logType = mkOption { type = listOf (enum [ "debug" "error" "warning" "notice" "information" "subscribe" "unsubscribe" "websockets" "none" "all" ]); - description = lib.mdDoc '' + description = '' Types of messages to log. ''; default = []; @@ -519,7 +519,7 @@ let persistence = mkOption { type = bool; - description = lib.mdDoc '' + description = '' Enable persistent storage of subscriptions and messages. ''; default = true; @@ -528,7 +528,7 @@ let dataDir = mkOption { default = "/var/lib/mosquitto"; type = types.path; - description = lib.mdDoc '' + description = '' The data directory. ''; }; @@ -537,7 +537,7 @@ let type = submodule { freeformType = attrsOf optionType; }; - description = lib.mdDoc '' + description = '' Global configuration options for the mosquitto broker. ''; default = {}; diff --git a/nixpkgs/nixos/modules/services/networking/mozillavpn.nix b/nixpkgs/nixos/modules/services/networking/mozillavpn.nix index cf962879b421..c10272b4d7ff 100644 --- a/nixpkgs/nixos/modules/services/networking/mozillavpn.nix +++ b/nixpkgs/nixos/modules/services/networking/mozillavpn.nix @@ -2,7 +2,7 @@ { options.services.mozillavpn.enable = - lib.mkEnableOption (lib.mdDoc "Mozilla VPN daemon"); + lib.mkEnableOption "Mozilla VPN daemon"; config = lib.mkIf config.services.mozillavpn.enable { environment.systemPackages = [ pkgs.mozillavpn ]; diff --git a/nixpkgs/nixos/modules/services/networking/mstpd.nix b/nixpkgs/nixos/modules/services/networking/mstpd.nix index ba82c5ac8232..bd71010ce549 100644 --- a/nixpkgs/nixos/modules/services/networking/mstpd.nix +++ b/nixpkgs/nixos/modules/services/networking/mstpd.nix @@ -9,7 +9,7 @@ with lib; enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to enable the multiple spanning tree protocol daemon. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/mtprotoproxy.nix b/nixpkgs/nixos/modules/services/networking/mtprotoproxy.nix index 3dd197697b23..679e84458b20 100644 --- a/nixpkgs/nixos/modules/services/networking/mtprotoproxy.nix +++ b/nixpkgs/nixos/modules/services/networking/mtprotoproxy.nix @@ -37,12 +37,12 @@ in services.mtprotoproxy = { - enable = mkEnableOption (lib.mdDoc "mtprotoproxy"); + enable = mkEnableOption "mtprotoproxy"; port = mkOption { type = types.port; default = 3256; - description = lib.mdDoc '' + description = '' TCP port to accept mtproto connections on. ''; }; @@ -53,7 +53,7 @@ in tg = "00000000000000000000000000000000"; tg2 = "0123456789abcdef0123456789abcdef"; }; - description = lib.mdDoc '' + description = '' Allowed users and their secrets. A secret is a 32 characters long hex string. ''; }; @@ -61,7 +61,7 @@ in secureOnly = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Don't allow users to connect in non-secure mode (without random padding). ''; }; @@ -71,7 +71,7 @@ in default = null; # Taken from mtproxyproto's repo. example = "3c09c680b76ee91a4c25ad51f742267d"; - description = lib.mdDoc '' + description = '' Tag for advertising that can be obtained from @MTProxybot. ''; }; @@ -82,7 +82,7 @@ in example = { STATS_PRINT_PERIOD = 600; }; - description = lib.mdDoc '' + description = '' Extra configuration options for mtprotoproxy. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/mtr-exporter.nix b/nixpkgs/nixos/modules/services/networking/mtr-exporter.nix index 38bc0401a7e6..2b96cb2491ac 100644 --- a/nixpkgs/nixos/modules/services/networking/mtr-exporter.nix +++ b/nixpkgs/nixos/modules/services/networking/mtr-exporter.nix @@ -4,7 +4,7 @@ let inherit (lib) maintainers types literalExpression escapeShellArg escapeShellArgs - mkEnableOption mkOption mkRemovedOptionModule mkIf mdDoc + mkEnableOption mkOption mkRemovedOptionModule mkIf mkPackageOption optionalString concatMapStrings concatStringsSep; cfg = config.services.mtr-exporter; @@ -21,25 +21,25 @@ in { options = { services = { mtr-exporter = { - enable = mkEnableOption (mdDoc "a Prometheus exporter for MTR"); + enable = mkEnableOption "a Prometheus exporter for MTR"; address = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc "Listen address for MTR exporter."; + description = "Listen address for MTR exporter."; }; port = mkOption { type = types.port; default = 8080; - description = mdDoc "Listen port for MTR exporter."; + description = "Listen port for MTR exporter."; }; extraFlags = mkOption { type = types.listOf types.str; default = []; example = ["-flag.deprecatedMetrics"]; - description = mdDoc '' + description = '' Extra command line options to pass to MTR exporter. ''; }; @@ -49,32 +49,32 @@ in { mtrPackage = mkPackageOption pkgs "mtr" { }; jobs = mkOption { - description = mdDoc "List of MTR jobs. Will be added to /etc/mtr-exporter.conf"; + description = "List of MTR jobs. Will be added to /etc/mtr-exporter.conf"; type = types.nonEmptyListOf (types.submodule { options = { name = mkOption { type = types.str; - description = mdDoc "Name of ICMP pinging job."; + description = "Name of ICMP pinging job."; }; address = mkOption { type = types.str; example = "host.example.org:1234"; - description = mdDoc "Target address for MTR client."; + description = "Target address for MTR client."; }; schedule = mkOption { type = types.str; default = "@every 60s"; example = "@hourly"; - description = mdDoc "Schedule of MTR checks. Also accepts Cron format."; + description = "Schedule of MTR checks. Also accepts Cron format."; }; flags = mkOption { type = with types; listOf str; default = []; example = ["-G1"]; - description = mdDoc "Additional flags to pass to MTR."; + description = "Additional flags to pass to MTR."; }; }; }); diff --git a/nixpkgs/nixos/modules/services/networking/mullvad-vpn.nix b/nixpkgs/nixos/modules/services/networking/mullvad-vpn.nix index 5da4ca1d1d80..0a339cefd3f0 100644 --- a/nixpkgs/nixos/modules/services/networking/mullvad-vpn.nix +++ b/nixpkgs/nixos/modules/services/networking/mullvad-vpn.nix @@ -8,7 +8,7 @@ with lib; enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' This option enables Mullvad VPN daemon. This sets {option}`networking.firewall.checkReversePath` to "loose", which might be undesirable for security. ''; @@ -17,7 +17,7 @@ with lib; enableExcludeWrapper = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' This option activates the wrapper that allows the use of mullvad-exclude. Might have minor security impact, so consider disabling if you do not use the feature. ''; diff --git a/nixpkgs/nixos/modules/services/networking/multipath.nix b/nixpkgs/nixos/modules/services/networking/multipath.nix index 42ffc3c88426..85cc11a31683 100644 --- a/nixpkgs/nixos/modules/services/networking/multipath.nix +++ b/nixpkgs/nixos/modules/services/networking/multipath.nix @@ -22,7 +22,7 @@ in { options.services.multipath = with types; { - enable = mkEnableOption (lib.mdDoc "the device mapper multipath (DM-MP) daemon"); + enable = mkEnableOption "the device mapper multipath (DM-MP) daemon"; package = mkPackageOption pkgs "multipath-tools" { }; @@ -39,7 +39,7 @@ in { }, ... ] ''; - description = lib.mdDoc '' + description = '' This option allows you to define arrays for use in multipath groups. ''; @@ -49,62 +49,62 @@ in { vendor = mkOption { type = str; example = "COMPELNT"; - description = lib.mdDoc "Regular expression to match the vendor name"; + description = "Regular expression to match the vendor name"; }; product = mkOption { type = str; example = "Compellent Vol"; - description = lib.mdDoc "Regular expression to match the product name"; + description = "Regular expression to match the product name"; }; revision = mkOption { type = nullOr str; default = null; - description = lib.mdDoc "Regular expression to match the product revision"; + description = "Regular expression to match the product revision"; }; product_blacklist = mkOption { type = nullOr str; default = null; - description = lib.mdDoc "Products with the given vendor matching this string are blacklisted"; + description = "Products with the given vendor matching this string are blacklisted"; }; alias_prefix = mkOption { type = nullOr str; default = null; - description = lib.mdDoc "The user_friendly_names prefix to use for this device type, instead of the default mpath"; + description = "The user_friendly_names prefix to use for this device type, instead of the default mpath"; }; vpd_vendor = mkOption { type = nullOr str; default = null; - description = lib.mdDoc "The vendor specific vpd page information, using the vpd page abbreviation"; + description = "The vendor specific vpd page information, using the vpd page abbreviation"; }; hardware_handler = mkOption { type = nullOr (enum [ "emc" "rdac" "hp_sw" "alua" "ana" ]); default = null; - description = lib.mdDoc "The hardware handler to use for this device type"; + description = "The hardware handler to use for this device type"; }; # Optional arguments path_grouping_policy = mkOption { type = nullOr (enum [ "failover" "multibus" "group_by_serial" "group_by_prio" "group_by_node_name" ]); default = null; # real default: "failover" - description = lib.mdDoc "The default path grouping policy to apply to unspecified multipaths"; + description = "The default path grouping policy to apply to unspecified multipaths"; }; uid_attribute = mkOption { type = nullOr str; default = null; - description = lib.mdDoc "The udev attribute providing a unique path identifier (WWID)"; + description = "The udev attribute providing a unique path identifier (WWID)"; }; getuid_callout = mkOption { type = nullOr str; default = null; - description = lib.mdDoc '' + description = '' (Superseded by uid_attribute) The default program and args to callout to obtain a unique path identifier. Should be specified with an absolute path. ''; @@ -118,13 +118,13 @@ in { ''"historical-service-time 0"'' ]); default = null; # real default: "service-time 0" - description = lib.mdDoc "The default path selector algorithm to use; they are offered by the kernel multipath target"; + description = "The default path selector algorithm to use; they are offered by the kernel multipath target"; }; path_checker = mkOption { type = enum [ "readsector0" "tur" "emc_clariion" "hp_sw" "rdac" "directio" "cciss_tur" "none" ]; default = "tur"; - description = lib.mdDoc "The default method used to determine the paths state"; + description = "The default method used to determine the paths state"; }; prio = mkOption { @@ -133,31 +133,31 @@ in { "random" "weightedpath" "path_latency" "ana" "datacore" "iet" ]); default = null; # real default: "const" - description = lib.mdDoc "The name of the path priority routine"; + description = "The name of the path priority routine"; }; prio_args = mkOption { type = nullOr str; default = null; - description = lib.mdDoc "Arguments to pass to to the prio function"; + description = "Arguments to pass to to the prio function"; }; features = mkOption { type = nullOr str; default = null; - description = lib.mdDoc "Specify any device-mapper features to be used"; + description = "Specify any device-mapper features to be used"; }; failback = mkOption { type = nullOr str; default = null; # real default: "manual" - description = lib.mdDoc "Tell multipathd how to manage path group failback. Quote integers as strings"; + description = "Tell multipathd how to manage path group failback. Quote integers as strings"; }; rr_weight = mkOption { type = nullOr (enum [ "priorities" "uniform" ]); default = null; # real default: "uniform" - description = lib.mdDoc '' + description = '' If set to priorities the multipath configurator will assign path weights as "path prio * rr_min_io". ''; @@ -166,13 +166,13 @@ in { no_path_retry = mkOption { type = nullOr str; default = null; # real default: "fail" - description = lib.mdDoc "Specify what to do when all paths are down. Quote integers as strings"; + description = "Specify what to do when all paths are down. Quote integers as strings"; }; rr_min_io = mkOption { type = nullOr int; default = null; # real default: 1000 - description = lib.mdDoc '' + description = '' Number of I/O requests to route to a path before switching to the next in the same path group. This is only for Block I/O (BIO) based multipath and only apply to round-robin path_selector. @@ -182,7 +182,7 @@ in { rr_min_io_rq = mkOption { type = nullOr int; default = null; # real default: 1 - description = lib.mdDoc '' + description = '' Number of I/O requests to route to a path before switching to the next in the same path group. This is only for Request based multipath and only apply to round-robin path_selector. @@ -192,7 +192,7 @@ in { fast_io_fail_tmo = mkOption { type = nullOr str; default = null; # real default: 5 - description = lib.mdDoc '' + description = '' Specify the number of seconds the SCSI layer will wait after a problem has been detected on a FC remote port before failing I/O to devices on that remote port. This should be smaller than dev_loss_tmo. Setting this to "off" will disable @@ -203,7 +203,7 @@ in { dev_loss_tmo = mkOption { type = nullOr str; default = null; # real default: 600 - description = lib.mdDoc '' + description = '' Specify the number of seconds the SCSI layer will wait after a problem has been detected on a FC remote port before removing it from the system. This can be set to "infinity" which sets it to the max value of 2147483647 @@ -219,7 +219,7 @@ in { flush_on_last_del = mkOption { type = nullOr (enum [ "yes" "no" ]); default = null; # real default: "no" - description = lib.mdDoc '' + description = '' If set to "yes" multipathd will disable queueing when the last path to a device has been deleted. ''; @@ -228,7 +228,7 @@ in { user_friendly_names = mkOption { type = nullOr (enum [ "yes" "no" ]); default = null; # real default: "no" - description = lib.mdDoc '' + description = '' If set to "yes", using the bindings file /etc/multipath/bindings to assign a persistent and unique alias to the multipath, in the form of mpath. If set to "no" use the WWID as the alias. In either @@ -240,7 +240,7 @@ in { detect_prio = mkOption { type = nullOr (enum [ "yes" "no" ]); default = null; # real default: "yes" - description = lib.mdDoc '' + description = '' If set to "yes", multipath will try to detect if the device supports SCSI-3 ALUA. If so, the device will automatically use the sysfs prioritizer if the required sysf attributes access_state and @@ -252,7 +252,7 @@ in { detect_checker = mkOption { type = nullOr (enum [ "yes" "no" ]); default = null; # real default: "yes" - description = lib.mdDoc '' + description = '' If set to "yes", multipath will try to detect if the device supports SCSI-3 ALUA. If so, the device will automatically use the tur checker. If set to "no", the checker will be selected as usual. @@ -262,7 +262,7 @@ in { deferred_remove = mkOption { type = nullOr (enum [ "yes" "no" ]); default = null; # real default: "no" - description = lib.mdDoc '' + description = '' If set to "yes", multipathd will do a deferred remove instead of a regular remove when the last path device has been deleted. This means that if the multipath device is still in use, it will be freed when @@ -274,7 +274,7 @@ in { san_path_err_threshold = mkOption { type = nullOr str; default = null; - description = lib.mdDoc '' + description = '' If set to a value greater than 0, multipathd will watch paths and check how many times a path has been failed due to errors.If the number of failures on a particular path is greater then the san_path_err_threshold, @@ -287,7 +287,7 @@ in { san_path_err_forget_rate = mkOption { type = nullOr str; default = null; - description = lib.mdDoc '' + description = '' If set to a value greater than 0, multipathd will check whether the path failures has exceeded the san_path_err_threshold within this many checks i.e san_path_err_forget_rate. If so we will not reinstante the path till @@ -298,7 +298,7 @@ in { san_path_err_recovery_time = mkOption { type = nullOr str; default = null; - description = lib.mdDoc '' + description = '' If set to a value greater than 0, multipathd will make sure that when path failures has exceeded the san_path_err_threshold within san_path_err_forget_rate then the path will be placed in failed state @@ -311,61 +311,61 @@ in { marginal_path_err_sample_time = mkOption { type = nullOr int; default = null; - description = lib.mdDoc "One of the four parameters of supporting path check based on accounting IO error such as intermittent error"; + description = "One of the four parameters of supporting path check based on accounting IO error such as intermittent error"; }; marginal_path_err_rate_threshold = mkOption { type = nullOr int; default = null; - description = lib.mdDoc "The error rate threshold as a permillage (1/1000)"; + description = "The error rate threshold as a permillage (1/1000)"; }; marginal_path_err_recheck_gap_time = mkOption { type = nullOr str; default = null; - description = lib.mdDoc "One of the four parameters of supporting path check based on accounting IO error such as intermittent error"; + description = "One of the four parameters of supporting path check based on accounting IO error such as intermittent error"; }; marginal_path_double_failed_time = mkOption { type = nullOr str; default = null; - description = lib.mdDoc "One of the four parameters of supporting path check based on accounting IO error such as intermittent error"; + description = "One of the four parameters of supporting path check based on accounting IO error such as intermittent error"; }; delay_watch_checks = mkOption { type = nullOr str; default = null; - description = lib.mdDoc "This option is deprecated, and mapped to san_path_err_forget_rate"; + description = "This option is deprecated, and mapped to san_path_err_forget_rate"; }; delay_wait_checks = mkOption { type = nullOr str; default = null; - description = lib.mdDoc "This option is deprecated, and mapped to san_path_err_recovery_time"; + description = "This option is deprecated, and mapped to san_path_err_recovery_time"; }; skip_kpartx = mkOption { type = nullOr (enum [ "yes" "no" ]); default = null; # real default: "no" - description = lib.mdDoc "If set to yes, kpartx will not automatically create partitions on the device"; + description = "If set to yes, kpartx will not automatically create partitions on the device"; }; max_sectors_kb = mkOption { type = nullOr int; default = null; - description = lib.mdDoc "Sets the max_sectors_kb device parameter on all path devices and the multipath device to the specified value"; + description = "Sets the max_sectors_kb device parameter on all path devices and the multipath device to the specified value"; }; ghost_delay = mkOption { type = nullOr int; default = null; - description = lib.mdDoc "Sets the number of seconds that multipath will wait after creating a device with only ghost paths before marking it ready for use in systemd"; + description = "Sets the number of seconds that multipath will wait after creating a device with only ghost paths before marking it ready for use in systemd"; }; all_tg_pt = mkOption { type = nullOr str; default = null; - description = lib.mdDoc "Set the 'all targets ports' flag when registering keys with mpathpersist"; + description = "Set the 'all targets ports' flag when registering keys with mpathpersist"; }; }; @@ -375,7 +375,7 @@ in { defaults = mkOption { type = nullOr str; default = null; - description = lib.mdDoc '' + description = '' This section defines default values for attributes which are used whenever no values are given in the appropriate device or multipath sections. @@ -385,7 +385,7 @@ in { blacklist = mkOption { type = nullOr str; default = null; - description = lib.mdDoc '' + description = '' This section defines which devices should be excluded from the multipath topology discovery. ''; @@ -394,7 +394,7 @@ in { blacklist_exceptions = mkOption { type = nullOr str; default = null; - description = lib.mdDoc '' + description = '' This section defines which devices should be included in the multipath topology discovery, despite being listed in the blacklist section. @@ -404,7 +404,7 @@ in { overrides = mkOption { type = nullOr str; default = null; - description = lib.mdDoc '' + description = '' This section defines values for attributes that should override the device-specific settings for all devices. ''; @@ -413,13 +413,13 @@ in { extraConfig = mkOption { type = nullOr str; default = null; - description = lib.mdDoc "Lines to append to default multipath.conf"; + description = "Lines to append to default multipath.conf"; }; extraConfigFile = mkOption { type = nullOr str; default = null; - description = lib.mdDoc "Append an additional file's contents to /etc/multipath.conf"; + description = "Append an additional file's contents to /etc/multipath.conf"; }; pathGroups = mkOption { @@ -434,7 +434,7 @@ in { }, ... ] ''; - description = lib.mdDoc '' + description = '' This option allows you to define multipath groups as described in http://christophe.varoqui.free.fr/usage.html. ''; @@ -444,34 +444,34 @@ in { alias = mkOption { type = int; example = 1001234; - description = lib.mdDoc "The name of the multipath device"; + description = "The name of the multipath device"; }; wwid = mkOption { type = hexStr; example = "360080e500043b35c0123456789abcdef"; - description = lib.mdDoc "The identifier for the multipath device"; + description = "The identifier for the multipath device"; }; array = mkOption { type = str; default = null; example = "bigarray.example.com"; - description = lib.mdDoc "The DNS name of the storage array"; + description = "The DNS name of the storage array"; }; fsType = mkOption { type = nullOr str; default = null; example = "zfs"; - description = lib.mdDoc "Type of the filesystem"; + description = "Type of the filesystem"; }; options = mkOption { type = nullOr str; default = null; example = "ro"; - description = lib.mdDoc "Options used to mount the file system"; + description = "Options used to mount the file system"; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/murmur.nix b/nixpkgs/nixos/modules/services/networking/murmur.nix index 1fb5063e5ad8..41d8ab4058bc 100644 --- a/nixpkgs/nixos/modules/services/networking/murmur.nix +++ b/nixpkgs/nixos/modules/services/networking/murmur.nix @@ -58,13 +58,13 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "If enabled, start the Murmur Mumble server."; + description = "If enabled, start the Murmur Mumble server."; }; openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Open ports in the firewall for the Murmur Mumble server. ''; }; @@ -72,7 +72,7 @@ in autobanAttempts = mkOption { type = types.int; default = 10; - description = lib.mdDoc '' + description = '' Number of attempts a client is allowed to make in `autobanTimeframe` seconds, before being banned for `autobanTime`. @@ -82,7 +82,7 @@ in autobanTimeframe = mkOption { type = types.int; default = 120; - description = lib.mdDoc '' + description = '' Timeframe in which a client can connect without being banned for repeated attempts (in seconds). ''; @@ -91,32 +91,32 @@ in autobanTime = mkOption { type = types.int; default = 300; - description = lib.mdDoc "The amount of time an IP ban lasts (in seconds)."; + description = "The amount of time an IP ban lasts (in seconds)."; }; logFile = mkOption { type = types.nullOr types.path; default = null; example = "/var/log/murmur/murmurd.log"; - description = lib.mdDoc "Path to the log file for Murmur daemon. Empty means log to journald."; + description = "Path to the log file for Murmur daemon. Empty means log to journald."; }; welcometext = mkOption { type = types.str; default = ""; - description = lib.mdDoc "Welcome message for connected clients."; + description = "Welcome message for connected clients."; }; port = mkOption { type = types.port; default = 64738; - description = lib.mdDoc "Ports to bind to (UDP and TCP)."; + description = "Ports to bind to (UDP and TCP)."; }; hostName = mkOption { type = types.str; default = ""; - description = lib.mdDoc "Host to bind to. Defaults binding on all addresses."; + description = "Host to bind to. Defaults binding on all addresses."; }; package = mkPackageOption pkgs "murmur" { }; @@ -124,13 +124,13 @@ in password = mkOption { type = types.str; default = ""; - description = lib.mdDoc "Required password to join server, if specified."; + description = "Required password to join server, if specified."; }; bandwidth = mkOption { type = types.int; default = 72000; - description = lib.mdDoc '' + description = '' Maximum bandwidth (in bits per second) that clients may send speech at. ''; @@ -139,25 +139,25 @@ in users = mkOption { type = types.int; default = 100; - description = lib.mdDoc "Maximum number of concurrent clients allowed."; + description = "Maximum number of concurrent clients allowed."; }; textMsgLength = mkOption { type = types.int; default = 5000; - description = lib.mdDoc "Max length of text messages. Set 0 for no limit."; + description = "Max length of text messages. Set 0 for no limit."; }; imgMsgLength = mkOption { type = types.int; default = 131072; - description = lib.mdDoc "Max length of image messages. Set 0 for no limit."; + description = "Max length of image messages. Set 0 for no limit."; }; allowHtml = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Allow HTML in client messages, comments, and channel descriptions. ''; @@ -166,7 +166,7 @@ in logDays = mkOption { type = types.int; default = 31; - description = lib.mdDoc '' + description = '' How long to store RPC logs for in the database. Set 0 to keep logs forever, or -1 to disable DB logging. ''; @@ -175,7 +175,7 @@ in bonjour = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable Bonjour auto-discovery, which allows clients over your LAN to automatically discover Murmur servers. ''; @@ -184,13 +184,13 @@ in sendVersion = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Send Murmur version in UDP response."; + description = "Send Murmur version in UDP response."; }; registerName = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Public server registration name, and also the name of the Root channel. Even if you don't publicly register your server, you probably still want to set this. @@ -200,7 +200,7 @@ in registerPassword = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Public server registry password, used authenticate your server to the registry to prevent impersonation; required for subsequent registry updates. @@ -210,13 +210,13 @@ in registerUrl = mkOption { type = types.str; default = ""; - description = lib.mdDoc "URL website for your server."; + description = "URL website for your server."; }; registerHostname = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' DNS hostname where your server can be reached. This is only needed if you want your server to be accessed by its hostname and not IP - but the name *must* resolve on the @@ -227,38 +227,38 @@ in clientCertRequired = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Require clients to authenticate via certificates."; + description = "Require clients to authenticate via certificates."; }; sslCert = mkOption { type = types.str; default = ""; - description = lib.mdDoc "Path to your SSL certificate."; + description = "Path to your SSL certificate."; }; sslKey = mkOption { type = types.str; default = ""; - description = lib.mdDoc "Path to your SSL key."; + description = "Path to your SSL key."; }; sslCa = mkOption { type = types.str; default = ""; - description = lib.mdDoc "Path to your SSL CA certificate."; + description = "Path to your SSL CA certificate."; }; extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Extra configuration to put into murmur.ini."; + description = "Extra configuration to put into murmur.ini."; }; environmentFile = mkOption { type = types.nullOr types.path; default = null; example = "/var/lib/murmur/murmurd.env"; - description = lib.mdDoc '' + description = '' Environment file as defined in {manpage}`systemd.exec(5)`. Secrets may be passed to the service without adding them to the world-readable @@ -283,7 +283,7 @@ in dbus = mkOption { type = types.enum [ null "session" "system" ]; default = null; - description = lib.mdDoc "Enable D-Bus remote control. Set to the bus you want Murmur to connect to."; + description = "Enable D-Bus remote control. Set to the bus you want Murmur to connect to."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/mxisd.nix b/nixpkgs/nixos/modules/services/networking/mxisd.nix index 47d2b16a1501..e53fb71788cd 100644 --- a/nixpkgs/nixos/modules/services/networking/mxisd.nix +++ b/nixpkgs/nixos/modules/services/networking/mxisd.nix @@ -37,14 +37,14 @@ let in { options = { services.mxisd = { - enable = mkEnableOption (lib.mdDoc "matrix federated identity server"); + enable = mkEnableOption "matrix federated identity server"; package = mkPackageOption pkgs "ma1sd" { }; environmentFile = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Path to an environment-file which may contain secrets to be substituted via `envsubst`. ''; @@ -53,20 +53,20 @@ in { dataDir = mkOption { type = types.str; default = "/var/lib/mxisd"; - description = lib.mdDoc "Where data mxisd/ma1sd uses resides"; + description = "Where data mxisd/ma1sd uses resides"; }; extraConfig = mkOption { type = types.attrs; default = {}; - description = lib.mdDoc "Extra options merged into the mxisd/ma1sd configuration"; + description = "Extra options merged into the mxisd/ma1sd configuration"; }; matrix = { domain = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' the domain of the matrix homeserver ''; }; @@ -78,7 +78,7 @@ in { name = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Public hostname of mxisd/ma1sd, if different from the Matrix domain. ''; }; @@ -86,7 +86,7 @@ in { port = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' HTTP port to listen on (unencrypted) ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/mycelium.nix b/nixpkgs/nixos/modules/services/networking/mycelium.nix index 9c4bca7c6861..9487a5daafee 100644 --- a/nixpkgs/nixos/modules/services/networking/mycelium.nix +++ b/nixpkgs/nixos/modules/services/networking/mycelium.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: +{ config, pkgs, lib, utils, ... }: let cfg = config.services.mycelium; @@ -46,6 +46,15 @@ in Adds the hosted peers from https://github.com/threefoldtech/mycelium#hosted-public-nodes. ''; }; + extraArgs = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ ]; + description = '' + Extra command-line arguments to pass to mycelium. + + See `mycelium --help` for all available options. + ''; + }; }; config = lib.mkIf cfg.enable { networking.firewall.allowedTCPPorts = lib.optionals cfg.openFirewall [ 9651 ]; @@ -87,6 +96,7 @@ in ) "--tun-name" "mycelium" + "${utils.escapeSystemdExecArgs cfg.extraArgs}" ] ++ (lib.optional (cfg.addHostedPublicNodes || cfg.peers != [ ]) "--peers") ++ cfg.peers ++ (lib.optionals cfg.addHostedPublicNodes [ @@ -130,4 +140,3 @@ in maintainers = with lib.maintainers; [ flokli lassulus ]; }; } - diff --git a/nixpkgs/nixos/modules/services/networking/namecoind.nix b/nixpkgs/nixos/modules/services/networking/namecoind.nix index 085d6c5fe282..8f7a5123f7e1 100644 --- a/nixpkgs/nixos/modules/services/networking/namecoind.nix +++ b/nixpkgs/nixos/modules/services/networking/namecoind.nix @@ -44,12 +44,12 @@ in services.namecoind = { - enable = mkEnableOption (lib.mdDoc "namecoind, Namecoin client"); + enable = mkEnableOption "namecoind, Namecoin client"; wallet = mkOption { type = types.path; default = "${dataDir}/wallet.dat"; - description = lib.mdDoc '' + description = '' Wallet file. The ownership of the file has to be namecoin:namecoin, and the permissions must be 0640. ''; @@ -58,7 +58,7 @@ in generate = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to generate (mine) Namecoins. ''; }; @@ -66,7 +66,7 @@ in extraNodes = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc '' + description = '' List of additional peer IP addresses to connect to. ''; }; @@ -74,7 +74,7 @@ in trustedNodes = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc '' + description = '' List of the only peer IP addresses to connect to. If specified no other connection will be made. ''; @@ -83,7 +83,7 @@ in rpc.user = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' User name for RPC connections. ''; }; @@ -91,7 +91,7 @@ in rpc.password = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Password for RPC connections. ''; }; @@ -99,7 +99,7 @@ in rpc.address = mkOption { type = types.str; default = "0.0.0.0"; - description = lib.mdDoc '' + description = '' IP address the RPC server will bind to. ''; }; @@ -107,7 +107,7 @@ in rpc.port = mkOption { type = types.port; default = 8332; - description = lib.mdDoc '' + description = '' Port the RPC server will bind to. ''; }; @@ -116,7 +116,7 @@ in type = types.nullOr types.path; default = null; example = "/var/lib/namecoind/server.cert"; - description = lib.mdDoc '' + description = '' Certificate file for securing RPC connections. ''; }; @@ -125,7 +125,7 @@ in type = types.nullOr types.path; default = null; example = "/var/lib/namecoind/server.pem"; - description = lib.mdDoc '' + description = '' Key file for securing RPC connections. ''; }; @@ -134,7 +134,7 @@ in rpc.allowFrom = mkOption { type = types.listOf types.str; default = [ "127.0.0.1" ]; - description = lib.mdDoc '' + description = '' List of IP address ranges allowed to use the RPC API. Wiledcards (*) can be user to specify a range. ''; diff --git a/nixpkgs/nixos/modules/services/networking/nar-serve.nix b/nixpkgs/nixos/modules/services/networking/nar-serve.nix index 02b8979bd8bc..b2082032ad90 100644 --- a/nixpkgs/nixos/modules/services/networking/nar-serve.nix +++ b/nixpkgs/nixos/modules/services/networking/nar-serve.nix @@ -10,12 +10,12 @@ in }; options = { services.nar-serve = { - enable = mkEnableOption (lib.mdDoc "serving NAR file contents via HTTP"); + enable = mkEnableOption "serving NAR file contents via HTTP"; port = mkOption { type = types.port; default = 8383; - description = lib.mdDoc '' + description = '' Port number where nar-serve will listen on. ''; }; @@ -23,7 +23,7 @@ in cacheURL = mkOption { type = types.str; default = "https://cache.nixos.org/"; - description = lib.mdDoc '' + description = '' Binary cache URL to connect to. The URL format is compatible with the nix remote url style, such as: diff --git a/nixpkgs/nixos/modules/services/networking/nat-iptables.nix b/nixpkgs/nixos/modules/services/networking/nat-iptables.nix index d1bed401feeb..351ba9ec3554 100644 --- a/nixpkgs/nixos/modules/services/networking/nat-iptables.nix +++ b/nixpkgs/nixos/modules/services/networking/nat-iptables.nix @@ -135,7 +135,7 @@ in type = types.lines; default = ""; example = "iptables -A INPUT -p icmp -j ACCEPT"; - description = lib.mdDoc '' + description = '' Additional shell commands executed as part of the nat initialisation script. @@ -147,7 +147,7 @@ in type = types.lines; default = ""; example = "iptables -D INPUT -p icmp -j ACCEPT || true"; - description = lib.mdDoc '' + description = '' Additional shell commands executed as part of the nat teardown script. diff --git a/nixpkgs/nixos/modules/services/networking/nat.nix b/nixpkgs/nixos/modules/services/networking/nat.nix index 3afe6fe0a971..c2e0cfee9b85 100644 --- a/nixpkgs/nixos/modules/services/networking/nat.nix +++ b/nixpkgs/nixos/modules/services/networking/nat.nix @@ -19,7 +19,7 @@ in networking.nat.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable Network Address Translation (NAT). ''; }; @@ -27,7 +27,7 @@ in networking.nat.enableIPv6 = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable IPv6 NAT. ''; }; @@ -36,7 +36,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "eth0" ]; - description = lib.mdDoc '' + description = '' The interfaces for which to perform NAT. Packets coming from these interface and destined for the external interface will be rewritten. @@ -47,7 +47,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "192.168.1.0/24" ]; - description = lib.mdDoc '' + description = '' The IP address ranges for which to perform NAT. Packets coming from these addresses (on any interface) and destined for the external interface will be rewritten. @@ -58,7 +58,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "fc00::/64" ]; - description = lib.mdDoc '' + description = '' The IPv6 address ranges for which to perform NAT. Packets coming from these addresses (on any interface) and destined for the external interface will be rewritten. @@ -69,7 +69,7 @@ in type = types.nullOr types.str; default = null; example = "eth1"; - description = lib.mdDoc '' + description = '' The name of the external network interface. ''; }; @@ -78,7 +78,7 @@ in type = types.nullOr types.str; default = null; example = "203.0.113.123"; - description = lib.mdDoc '' + description = '' The public IP address to which packets from the local network are to be rewritten. If this is left empty, the IP address associated with the external interface will be @@ -90,7 +90,7 @@ in type = types.nullOr types.str; default = null; example = "2001:dc0:2001:11::175"; - description = lib.mdDoc '' + description = '' The public IPv6 address to which packets from the local network are to be rewritten. If this is left empty, the IP address associated with the external interface will be @@ -104,27 +104,27 @@ in sourcePort = mkOption { type = types.either types.int (types.strMatching "[[:digit:]]+:[[:digit:]]+"); example = 8080; - description = lib.mdDoc "Source port of the external interface; to specify a port range, use a string with a colon (e.g. \"60000:61000\")"; + description = "Source port of the external interface; to specify a port range, use a string with a colon (e.g. \"60000:61000\")"; }; destination = mkOption { type = types.str; example = "10.0.0.1:80"; - description = lib.mdDoc "Forward connection to destination ip:port (or [ipv6]:port); to specify a port range, use ip:start-end"; + description = "Forward connection to destination ip:port (or [ipv6]:port); to specify a port range, use ip:start-end"; }; proto = mkOption { type = types.str; default = "tcp"; example = "udp"; - description = lib.mdDoc "Protocol of forwarded connection"; + description = "Protocol of forwarded connection"; }; loopbackIPs = mkOption { type = types.listOf types.str; default = [ ]; example = literalExpression ''[ "55.1.2.3" ]''; - description = lib.mdDoc "Public IPs for NAT reflection; for connections to `loopbackip:sourcePort` from the host itself and from other hosts behind NAT"; + description = "Public IPs for NAT reflection; for connections to `loopbackip:sourcePort` from the host itself and from other hosts behind NAT"; }; }; }); @@ -133,7 +133,7 @@ in { sourcePort = 8080; destination = "10.0.0.1:80"; proto = "tcp"; } { sourcePort = 8080; destination = "[fc00::2]:80"; proto = "tcp"; } ]; - description = lib.mdDoc '' + description = '' List of forwarded ports from the external interface to internal destinations by using DNAT. Destination can be IPv6 if IPv6 NAT is enabled. @@ -144,7 +144,7 @@ in type = types.nullOr types.str; default = null; example = "10.0.0.1"; - description = lib.mdDoc '' + description = '' The local IP address to which all traffic that does not match any forwarding rule is forwarded. ''; diff --git a/nixpkgs/nixos/modules/services/networking/nats.nix b/nixpkgs/nixos/modules/services/networking/nats.nix index 6c21e21b5cb8..f159ef068b56 100644 --- a/nixpkgs/nixos/modules/services/networking/nats.nix +++ b/nixpkgs/nixos/modules/services/networking/nats.nix @@ -16,35 +16,35 @@ in { options = { services.nats = { - enable = mkEnableOption (lib.mdDoc "NATS messaging system"); + enable = mkEnableOption "NATS messaging system"; user = mkOption { type = types.str; default = "nats"; - description = lib.mdDoc "User account under which NATS runs."; + description = "User account under which NATS runs."; }; group = mkOption { type = types.str; default = "nats"; - description = lib.mdDoc "Group under which NATS runs."; + description = "Group under which NATS runs."; }; serverName = mkOption { default = "nats"; example = "n1-c3"; type = types.str; - description = lib.mdDoc '' + description = '' Name of the NATS server, must be unique if clustered. ''; }; - jetstream = mkEnableOption (lib.mdDoc "JetStream"); + jetstream = mkEnableOption "JetStream"; port = mkOption { default = 4222; type = types.port; - description = lib.mdDoc '' + description = '' Port on which to listen. ''; }; @@ -52,7 +52,7 @@ in { dataDir = mkOption { default = "/var/lib/nats"; type = types.path; - description = lib.mdDoc '' + description = '' The NATS data directory. Only used if JetStream is enabled, for storing stream metadata and messages. @@ -74,7 +74,7 @@ in { }; }; ''; - description = lib.mdDoc '' + description = '' Declarative NATS configuration. See the [ NATS documentation](https://docs.nats.io/nats-server/configuration) for a list of options. diff --git a/nixpkgs/nixos/modules/services/networking/nbd.nix b/nixpkgs/nixos/modules/services/networking/nbd.nix index b4bf7ede8463..e4a7bb1604f9 100644 --- a/nixpkgs/nixos/modules/services/networking/nbd.nix +++ b/nixpkgs/nixos/modules/services/networking/nbd.nix @@ -43,12 +43,12 @@ in options = { services.nbd = { server = { - enable = mkEnableOption (lib.mdDoc "the Network Block Device (nbd) server"); + enable = mkEnableOption "the Network Block Device (nbd) server"; listenPort = mkOption { type = types.port; default = 10809; - description = lib.mdDoc "Port to listen on. The port is NOT automatically opened in the firewall."; + description = "Port to listen on. The port is NOT automatically opened in the firewall."; }; extraOptions = mkOption { @@ -56,21 +56,21 @@ in default = { allowlist = false; }; - description = lib.mdDoc '' + description = '' Extra options for the server. See {manpage}`nbd-server(5)`. ''; }; exports = mkOption { - description = lib.mdDoc "Files or block devices to make available over the network."; + description = "Files or block devices to make available over the network."; default = { }; type = with types; attrsOf (submodule { options = { path = mkOption { type = str; - description = lib.mdDoc "File or block device to export."; + description = "File or block device to export."; example = "/dev/sdb1"; }; @@ -78,7 +78,7 @@ in type = nullOr (listOf str); default = null; example = [ "10.10.0.0/24" "127.0.0.1" ]; - description = lib.mdDoc "IPs and subnets that are authorized to connect for this device. If not specified, the server will allow all connections."; + description = "IPs and subnets that are authorized to connect for this device. If not specified, the server will allow all connections."; }; extraOptions = mkOption { @@ -87,7 +87,7 @@ in flush = true; fua = true; }; - description = lib.mdDoc '' + description = '' Extra options for this export. See {manpage}`nbd-server(5)`. ''; @@ -98,7 +98,7 @@ in listenAddress = mkOption { type = with types; nullOr str; - description = lib.mdDoc "Address to listen on. If not specified, the server will listen on all interfaces."; + description = "Address to listen on. If not specified, the server will listen on all interfaces."; default = null; example = "10.10.0.1"; }; diff --git a/nixpkgs/nixos/modules/services/networking/ncdns.nix b/nixpkgs/nixos/modules/services/networking/ncdns.nix index cc97beb14e01..d9aeb29e285f 100644 --- a/nixpkgs/nixos/modules/services/networking/ncdns.nix +++ b/nixpkgs/nixos/modules/services/networking/ncdns.nix @@ -50,16 +50,16 @@ in services.ncdns = { - enable = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption '' ncdns, a Go daemon to bridge Namecoin to DNS. To resolve .bit domains set `services.namecoind.enable = true;` and an RPC username/password - ''); + ''; address = mkOption { type = types.str; default = "[::1]"; - description = lib.mdDoc '' + description = '' The IP address the ncdns resolver will bind to. Leave this unchanged if you do not wish to directly expose the resolver. ''; @@ -68,7 +68,7 @@ in port = mkOption { type = types.port; default = 5333; - description = lib.mdDoc '' + description = '' The port the ncdns resolver will bind to. ''; }; @@ -78,7 +78,7 @@ in default = config.networking.hostName; defaultText = literalExpression "config.networking.hostName"; example = "example.com"; - description = lib.mdDoc '' + description = '' The hostname of this ncdns instance, which defaults to the machine hostname. If specified, ncdns lists the hostname as an NS record at the zone apex: @@ -96,7 +96,7 @@ in type = types.str; default = ""; example = "root@example.com"; - description = lib.mdDoc '' + description = '' An email address for the SOA record at the bit zone. If you are only using ncdns locally you can ignore this. ''; @@ -105,25 +105,25 @@ in identity.address = mkOption { type = types.str; default = "127.127.127.127"; - description = lib.mdDoc '' + description = '' The IP address the hostname specified in {option}`services.ncdns.identity.hostname` should resolve to. If you are only using ncdns locally you can ignore this. ''; }; - dnssec.enable = mkEnableOption (lib.mdDoc '' + dnssec.enable = mkEnableOption '' DNSSEC support in ncdns. This will generate KSK and ZSK keypairs (unless provided via the options {option}`services.ncdns.dnssec.publicKey`, {option}`services.ncdns.dnssec.privateKey` etc.) and add a trust anchor to recursive resolvers - ''); + ''; dnssec.keys.public = mkOption { type = types.path; default = defaultFiles.public; - description = lib.mdDoc '' + description = '' Path to the file containing the KSK public key. The key can be generated using the `dnssec-keygen` command, provided by the package `bind` as follows: @@ -136,7 +136,7 @@ in dnssec.keys.private = mkOption { type = types.path; default = defaultFiles.private; - description = lib.mdDoc '' + description = '' Path to the file containing the KSK private key. ''; }; @@ -144,7 +144,7 @@ in dnssec.keys.zonePublic = mkOption { type = types.path; default = defaultFiles.zonePublic; - description = lib.mdDoc '' + description = '' Path to the file containing the ZSK public key. The key can be generated using the `dnssec-keygen` command, provided by the package `bind` as follows: @@ -157,7 +157,7 @@ in dnssec.keys.zonePrivate = mkOption { type = types.path; default = defaultFiles.zonePrivate; - description = lib.mdDoc '' + description = '' Path to the file containing the ZSK private key. ''; }; @@ -176,7 +176,7 @@ in certstore.nssdbdir = "../../home/alice/.pki/nssdb"; } ''; - description = lib.mdDoc '' + description = '' ncdns settings. Use this option to configure ncds settings not exposed in a NixOS option or to bypass one. See the example ncdns.conf file at <https://github.com/namecoin/ncdns/blob/master/_doc/ncdns.conf.example> @@ -189,7 +189,7 @@ in services.pdns-recursor.resolveNamecoin = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Resolve `.bit` top-level domains using ncdns and namecoin. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/ndppd.nix b/nixpkgs/nixos/modules/services/networking/ndppd.nix index d221c95ae620..102bf1160cd0 100644 --- a/nixpkgs/nixos/modules/services/networking/ndppd.nix +++ b/nixpkgs/nixos/modules/services/networking/ndppd.nix @@ -26,7 +26,7 @@ let options = { interface = mkOption { type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' Listen for any Neighbor Solicitation messages on this interface, and respond to them according to a set of rules. Defaults to the name of the attrset. @@ -35,14 +35,14 @@ let }; router = mkOption { type = types.bool; - description = lib.mdDoc '' + description = '' Turns on or off the router flag for Neighbor Advertisement Messages. ''; default = true; }; timeout = mkOption { type = types.int; - description = lib.mdDoc '' + description = '' Controls how long to wait for a Neighbor Advertisement Message before invalidating the entry, in milliseconds. ''; @@ -50,7 +50,7 @@ let }; ttl = mkOption { type = types.int; - description = lib.mdDoc '' + description = '' Controls how long a valid or invalid entry remains in the cache, in milliseconds. ''; @@ -58,7 +58,7 @@ let }; rules = mkOption { type = types.attrsOf rule; - description = lib.mdDoc '' + description = '' This is a rule that the target address is to match against. If no netmask is provided, /128 is assumed. You may have several rule sections, and the addresses may or may not overlap. @@ -72,7 +72,7 @@ let options = { network = mkOption { type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' This is the target address is to match against. If no netmask is provided, /128 is assumed. The addresses of several rules may or may not overlap. @@ -82,7 +82,7 @@ let }; method = mkOption { type = types.enum [ "static" "iface" "auto" ]; - description = lib.mdDoc '' + description = '' static: Immediately answer any Neighbor Solicitation Messages (if they match the IP rule). iface: Forward the Neighbor Solicitation Message through the specified @@ -95,7 +95,7 @@ let }; interface = mkOption { type = types.nullOr types.str; - description = lib.mdDoc "Interface to use when method is iface."; + description = "Interface to use when method is iface."; default = null; }; }; @@ -103,10 +103,10 @@ let in { options.services.ndppd = { - enable = mkEnableOption (lib.mdDoc "daemon that proxies NDP (Neighbor Discovery Protocol) messages between interfaces"); + enable = mkEnableOption "daemon that proxies NDP (Neighbor Discovery Protocol) messages between interfaces"; interface = mkOption { type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' Interface which is on link-level with router. (Legacy option, use services.ndppd.proxies.\<interface\>.rules.\<network\> instead) ''; @@ -115,7 +115,7 @@ in { }; network = mkOption { type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' Network that we proxy. (Legacy option, use services.ndppd.proxies.\<interface\>.rules.\<network\> instead) ''; @@ -124,12 +124,12 @@ in { }; configFile = mkOption { type = types.nullOr types.path; - description = lib.mdDoc "Path to configuration file."; + description = "Path to configuration file."; default = null; }; routeTTL = mkOption { type = types.int; - description = lib.mdDoc '' + description = '' This tells 'ndppd' how often to reload the route file /proc/net/ipv6_route, in milliseconds. ''; @@ -137,7 +137,7 @@ in { }; proxies = mkOption { type = types.attrsOf proxy; - description = lib.mdDoc '' + description = '' This sets up a listener, that will listen for any Neighbor Solicitation messages, and respond to them according to a set of rules. ''; diff --git a/nixpkgs/nixos/modules/services/networking/nebula.nix b/nixpkgs/nixos/modules/services/networking/nebula.nix index 2f9e41ae9c80..56eed04c3e8d 100644 --- a/nixpkgs/nixos/modules/services/networking/nebula.nix +++ b/nixpkgs/nixos/modules/services/networking/nebula.nix @@ -26,40 +26,40 @@ in options = { services.nebula = { networks = mkOption { - description = lib.mdDoc "Nebula network definitions."; + description = "Nebula network definitions."; default = {}; type = types.attrsOf (types.submodule { options = { enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Enable or disable this network."; + description = "Enable or disable this network."; }; package = mkPackageOption pkgs "nebula" { }; ca = mkOption { type = types.path; - description = lib.mdDoc "Path to the certificate authority certificate."; + description = "Path to the certificate authority certificate."; example = "/etc/nebula/ca.crt"; }; cert = mkOption { type = types.path; - description = lib.mdDoc "Path to the host certificate."; + description = "Path to the host certificate."; example = "/etc/nebula/host.crt"; }; key = mkOption { type = types.path; - description = lib.mdDoc "Path to the host key."; + description = "Path to the host key."; example = "/etc/nebula/host.key"; }; staticHostMap = mkOption { type = types.attrsOf (types.listOf (types.str)); default = {}; - description = lib.mdDoc '' + description = '' The static host map defines a set of hosts with fixed IP addresses on the internet (or any network). A host can have multiple fixed IP addresses defined here, and nebula will try each when establishing a tunnel. ''; @@ -69,19 +69,19 @@ in isLighthouse = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether this node is a lighthouse."; + description = "Whether this node is a lighthouse."; }; isRelay = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether this node is a relay."; + description = "Whether this node is a relay."; }; lighthouses = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' List of IPs of lighthouse hosts this node should report to and query from. This should be empty on lighthouse nodes. The IPs should be the lighthouse's Nebula IPs, not their external IPs. ''; @@ -91,7 +91,7 @@ in relays = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' List of IPs of relays that this node should allow traffic from. ''; example = [ "192.168.100.1" ]; @@ -100,7 +100,7 @@ in listen.host = mkOption { type = types.str; default = "0.0.0.0"; - description = lib.mdDoc "IP address to listen on."; + description = "IP address to listen on."; }; listen.port = mkOption { @@ -113,13 +113,13 @@ in else 0; ''; - description = lib.mdDoc "Port number to listen on."; + description = "Port number to listen on."; }; tun.disable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' When tun is disabled, a lighthouse can be started without a local tun interface (and therefore without root). ''; }; @@ -127,27 +127,27 @@ in tun.device = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "Name of the tun device. Defaults to nebula.\${networkName}."; + description = "Name of the tun device. Defaults to nebula.\${networkName}."; }; firewall.outbound = mkOption { type = types.listOf types.attrs; default = []; - description = lib.mdDoc "Firewall rules for outbound traffic."; + description = "Firewall rules for outbound traffic."; example = [ { port = "any"; proto = "any"; host = "any"; } ]; }; firewall.inbound = mkOption { type = types.listOf types.attrs; default = []; - description = lib.mdDoc "Firewall rules for inbound traffic."; + description = "Firewall rules for inbound traffic."; example = [ { port = "any"; proto = "any"; host = "any"; } ]; }; settings = mkOption { type = format.type; default = {}; - description = lib.mdDoc '' + description = '' Nebula configuration. Refer to <https://github.com/slackhq/nebula/blob/master/examples/config.yml> for details on supported values. diff --git a/nixpkgs/nixos/modules/services/networking/netbird.nix b/nixpkgs/nixos/modules/services/networking/netbird.nix index 6a1511d4d084..7add377896ca 100644 --- a/nixpkgs/nixos/modules/services/networking/netbird.nix +++ b/nixpkgs/nixos/modules/services/networking/netbird.nix @@ -42,7 +42,7 @@ in meta.doc = ./netbird.md; options.services.netbird = { - enable = mkEnableOption (lib.mdDoc "Netbird daemon"); + enable = mkEnableOption "Netbird daemon"; package = mkPackageOption pkgs "netbird" { }; tunnels = mkOption { diff --git a/nixpkgs/nixos/modules/services/networking/netbird/coturn.nix b/nixpkgs/nixos/modules/services/networking/netbird/coturn.nix new file mode 100644 index 000000000000..746d70a07250 --- /dev/null +++ b/nixpkgs/nixos/modules/services/networking/netbird/coturn.nix @@ -0,0 +1,160 @@ +{ + config, + lib, + pkgs, + ... +}: + +let + inherit (lib) + getExe + literalExpression + mkAfter + mkEnableOption + mkIf + mkMerge + mkOption + optionalAttrs + optionalString + ; + + inherit (lib.types) + bool + listOf + nullOr + path + port + str + ; + + cfg = config.services.netbird.server.coturn; +in + +{ + options.services.netbird.server.coturn = { + enable = mkEnableOption "a Coturn server for Netbird, will also open the firewall on the configured range"; + + useAcmeCertificates = mkOption { + type = bool; + default = false; + description = '' + Whether to use ACME certificates corresponding to the given domain for the server. + ''; + }; + + domain = mkOption { + type = str; + description = "The domain under which the coturn server runs."; + }; + + user = mkOption { + type = str; + default = "netbird"; + description = '' + The username used by netbird to connect to the coturn server. + ''; + }; + + password = mkOption { + type = nullOr str; + default = null; + description = '' + The password of the user used by netbird to connect to the coturn server. + ''; + }; + + passwordFile = mkOption { + type = nullOr path; + default = null; + description = '' + The path to a file containing the password of the user used by netbird to connect to the coturn server. + ''; + }; + + openPorts = mkOption { + type = listOf port; + default = with config.services.coturn; [ + listening-port + alt-listening-port + tls-listening-port + alt-tls-listening-port + ]; + defaultText = literalExpression '' + with config.services.coturn; [ + listening-port + alt-listening-port + tls-listening-port + alt-tls-listening-port + ]; + ''; + + description = '' + The list of ports used by coturn for listening to open in the firewall. + ''; + }; + }; + + config = mkIf cfg.enable (mkMerge [ + { + assertions = [ + { + assertion = (cfg.password == null) != (cfg.passwordFile == null); + message = "Exactly one of `password` or `passwordFile` must be given for the coturn setup."; + } + ]; + + services.coturn = + { + enable = true; + + realm = cfg.domain; + lt-cred-mech = true; + no-cli = true; + + extraConfig = '' + fingerprint + user=${cfg.user}:${if cfg.password != null then cfg.password else "@password@"} + no-software-attribute + ''; + } + // (optionalAttrs cfg.useAcmeCertificates { + cert = "@cert@"; + pkey = "@pkey@"; + }); + + systemd.services.coturn = + let + dir = config.security.acme.certs.${cfg.domain}.directory; + preStart' = + (optionalString (cfg.passwordFile != null) '' + ${getExe pkgs.replace-secret} @password@ ${cfg.passwordFile} /run/coturn/turnserver.cfg + '') + + (optionalString cfg.useAcmeCertificates '' + ${getExe pkgs.replace-secret} @cert@ "$CREDENTIALS_DIRECTORY/cert.pem" /run/coturn/turnserver.cfg + ${getExe pkgs.replace-secret} @pkey@ "$CREDENTIALS_DIRECTORY/pkey.pem" /run/coturn/turnserver.cfg + ''); + in + (optionalAttrs (preStart' != "") { preStart = mkAfter preStart'; }) + // (optionalAttrs cfg.useAcmeCertificates { + serviceConfig.LoadCredential = [ + "cert.pem:${dir}/fullchain.pem" + "pkey.pem:${dir}/key.pem" + ]; + }); + + security.acme.certs.${cfg.domain}.postRun = optionalString cfg.useAcmeCertificates "systemctl restart coturn.service"; + + networking.firewall = { + allowedUDPPorts = cfg.openPorts; + allowedTCPPorts = cfg.openPorts; + + allowedUDPPortRanges = with config.services.coturn; [ + { + from = min-port; + to = max-port; + } + ]; + }; + } + ]); +} diff --git a/nixpkgs/nixos/modules/services/networking/netbird/dashboard.nix b/nixpkgs/nixos/modules/services/networking/netbird/dashboard.nix new file mode 100644 index 000000000000..6fc308615590 --- /dev/null +++ b/nixpkgs/nixos/modules/services/networking/netbird/dashboard.nix @@ -0,0 +1,186 @@ +{ + config, + lib, + pkgs, + ... +}: + +let + inherit (lib) + boolToString + concatStringsSep + hasAttr + isBool + mapAttrs + mkDefault + mkEnableOption + mkIf + mkOption + mkPackageOption + ; + + inherit (lib.types) + attrsOf + bool + either + package + str + submodule + ; + + toStringEnv = value: if isBool value then boolToString value else toString value; + + cfg = config.services.netbird.server.dashboard; +in + +{ + options.services.netbird.server.dashboard = { + enable = mkEnableOption "the static netbird dashboard frontend"; + + package = mkPackageOption pkgs "netbird-dashboard" { }; + + enableNginx = mkEnableOption "Nginx reverse-proxy to serve the dashboard."; + + domain = mkOption { + type = str; + default = "localhost"; + description = "The domain under which the dashboard runs."; + }; + + managementServer = mkOption { + type = str; + description = "The address of the management server, used for the API endpoints."; + }; + + settings = mkOption { + type = submodule { freeformType = attrsOf (either str bool); }; + + defaultText = '' + { + AUTH_AUDIENCE = "netbird"; + AUTH_CLIENT_ID = "netbird"; + AUTH_SUPPORTED_SCOPES = "openid profile email"; + NETBIRD_TOKEN_SOURCE = "idToken"; + USE_AUTH0 = false; + } + ''; + + description = '' + An attribute set that will be used to substitute variables when building the dashboard. + Any values set here will be templated into the frontend and be public for anyone that can reach your website. + The exact values sadly aren't documented anywhere. + A starting point when searching for valid values is this [script](https://github.com/netbirdio/dashboard/blob/main/docker/init_react_envs.sh) + The only mandatory value is 'AUTH_AUTHORITY' as we cannot set a default value here. + ''; + }; + + finalDrv = mkOption { + readOnly = true; + type = package; + description = '' + The derivation containing the final templated dashboard. + ''; + }; + }; + + config = mkIf cfg.enable { + assertions = [ + { + assertion = hasAttr "AUTH_AUTHORITY" cfg.settings; + message = "The setting AUTH_AUTHORITY is required for the dasboard to function."; + } + ]; + + services.netbird.server.dashboard = { + settings = + { + # Due to how the backend and frontend work this secret will be templated into the backend + # and then served statically from your website + # This enables you to login without the normally needed indirection through the backend + # but this also means anyone that can reach your website can + # fetch this secret, which is why there is no real need to put it into + # special options as its public anyway + # As far as I know leaking this secret is just + # an information leak as one can fetch some basic app + # informations from the IDP + # To actually do something one still needs to have login + # data and this secret so this being public will not + # suffice for anything just decreasing security + AUTH_CLIENT_SECRET = ""; + + NETBIRD_MGMT_API_ENDPOINT = cfg.managementServer; + NETBIRD_MGMT_GRPC_API_ENDPOINT = cfg.managementServer; + } + // (mapAttrs (_: mkDefault) { + # Those values have to be easily overridable + AUTH_AUDIENCE = "netbird"; # must be set for your devices to be able to log in + AUTH_CLIENT_ID = "netbird"; + AUTH_SUPPORTED_SCOPES = "openid profile email"; + NETBIRD_TOKEN_SOURCE = "idToken"; + USE_AUTH0 = false; + }); + + # The derivation containing the templated dashboard + finalDrv = + pkgs.runCommand "netbird-dashboard" + { + nativeBuildInputs = [ pkgs.gettext ]; + env = { + ENV_STR = concatStringsSep " " [ + "$AUTH_AUDIENCE" + "$AUTH_AUTHORITY" + "$AUTH_CLIENT_ID" + "$AUTH_CLIENT_SECRET" + "$AUTH_REDIRECT_URI" + "$AUTH_SILENT_REDIRECT_URI" + "$AUTH_SUPPORTED_SCOPES" + "$NETBIRD_DRAG_QUERY_PARAMS" + "$NETBIRD_GOOGLE_ANALYTICS_ID" + "$NETBIRD_HOTJAR_TRACK_ID" + "$NETBIRD_MGMT_API_ENDPOINT" + "$NETBIRD_MGMT_GRPC_API_ENDPOINT" + "$NETBIRD_TOKEN_SOURCE" + "$USE_AUTH0" + ]; + } // (mapAttrs (_: toStringEnv) cfg.settings); + } + '' + cp -R ${cfg.package} build + + find build -type d -exec chmod 755 {} \; + OIDC_TRUSTED_DOMAINS="build/OidcTrustedDomains.js" + + envsubst "$ENV_STR" < "$OIDC_TRUSTED_DOMAINS.tmpl" > "$OIDC_TRUSTED_DOMAINS" + + for f in $(grep -R -l AUTH_SUPPORTED_SCOPES build/); do + mv "$f" "$f.copy" + envsubst "$ENV_STR" < "$f.copy" > "$f" + rm "$f.copy" + done + + cp -R build $out + ''; + }; + + services.nginx = mkIf cfg.enableNginx { + enable = true; + + virtualHosts.${cfg.domain} = { + locations = { + "/" = { + root = cfg.finalDrv; + tryFiles = "$uri $uri.html $uri/ =404"; + }; + + "/404.html".extraConfig = '' + internal; + ''; + }; + + extraConfig = '' + error_page 404 /404.html; + ''; + }; + }; + }; +} diff --git a/nixpkgs/nixos/modules/services/networking/netbird/management.nix b/nixpkgs/nixos/modules/services/networking/netbird/management.nix new file mode 100644 index 000000000000..52f033959143 --- /dev/null +++ b/nixpkgs/nixos/modules/services/networking/netbird/management.nix @@ -0,0 +1,460 @@ +{ + config, + lib, + pkgs, + utils, + ... +}: + +let + inherit (lib) + any + concatMap + getExe' + literalExpression + mkEnableOption + mkIf + mkOption + mkPackageOption + optional + recursiveUpdate + ; + + inherit (lib.types) + bool + enum + listOf + port + str + ; + + inherit (utils) escapeSystemdExecArgs genJqSecretsReplacementSnippet; + + stateDir = "/var/lib/netbird-mgmt"; + + settingsFormat = pkgs.formats.json { }; + + defaultSettings = { + Stuns = [ + { + Proto = "udp"; + URI = "stun:${cfg.turnDomain}:3478"; + Username = ""; + Password = null; + } + ]; + + TURNConfig = { + Turns = [ + { + Proto = "udp"; + URI = "turn:${cfg.turnDomain}:${builtins.toString cfg.turnPort}"; + Username = "netbird"; + Password = "netbird"; + } + ]; + + CredentialsTTL = "12h"; + Secret = "not-secure-secret"; + TimeBasedCredentials = false; + }; + + Signal = { + Proto = "https"; + URI = "${cfg.domain}:443"; + Username = ""; + Password = null; + }; + + ReverseProxy = { + TrustedHTTPProxies = [ ]; + TrustedHTTPProxiesCount = 0; + TrustedPeers = [ "0.0.0.0/0" ]; + }; + + Datadir = "${stateDir}/data"; + DataStoreEncryptionKey = "very-insecure-key"; + StoreConfig = { + Engine = "sqlite"; + }; + + HttpConfig = { + Address = "127.0.0.1:${builtins.toString cfg.port}"; + IdpSignKeyRefreshEnabled = true; + OIDCConfigEndpoint = cfg.oidcConfigEndpoint; + }; + + IdpManagerConfig = { + ManagerType = "none"; + ClientConfig = { + Issuer = ""; + TokenEndpoint = ""; + ClientID = "netbird"; + ClientSecret = ""; + GrantType = "client_credentials"; + }; + + ExtraConfig = { }; + Auth0ClientCredentials = null; + AzureClientCredentials = null; + KeycloakClientCredentials = null; + ZitadelClientCredentials = null; + }; + + DeviceAuthorizationFlow = { + Provider = "none"; + ProviderConfig = { + Audience = "netbird"; + Domain = null; + ClientID = "netbird"; + TokenEndpoint = null; + DeviceAuthEndpoint = ""; + Scope = "openid profile email"; + UseIDToken = false; + }; + }; + + PKCEAuthorizationFlow = { + ProviderConfig = { + Audience = "netbird"; + ClientID = "netbird"; + ClientSecret = ""; + AuthorizationEndpoint = ""; + TokenEndpoint = ""; + Scope = "openid profile email"; + RedirectURLs = [ "http://localhost:53000" ]; + UseIDToken = false; + }; + }; + }; + + managementConfig = recursiveUpdate defaultSettings cfg.settings; + + managementFile = settingsFormat.generate "config.json" managementConfig; + + cfg = config.services.netbird.server.management; +in + +{ + options.services.netbird.server.management = { + enable = mkEnableOption "Netbird Management Service."; + + package = mkPackageOption pkgs "netbird" { }; + + domain = mkOption { + type = str; + description = "The domain under which the management API runs."; + }; + + turnDomain = mkOption { + type = str; + description = "The domain of the TURN server to use."; + }; + + turnPort = mkOption { + type = port; + default = 3478; + description = '' + The port of the TURN server to use. + ''; + }; + + dnsDomain = mkOption { + type = str; + default = "netbird.selfhosted"; + description = "Domain used for peer resolution."; + }; + + singleAccountModeDomain = mkOption { + type = str; + default = "netbird.selfhosted"; + description = '' + Enables single account mode. + This means that all the users will be under the same account grouped by the specified domain. + If the installation has more than one account, the property is ineffective. + ''; + }; + + disableAnonymousMetrics = mkOption { + type = bool; + default = true; + description = "Disables push of anonymous usage metrics to NetBird."; + }; + + disableSingleAccountMode = mkOption { + type = bool; + default = false; + description = '' + If set to true, disables single account mode. + The `singleAccountModeDomain` property will be ignored and every new user will have a separate NetBird account. + ''; + }; + + port = mkOption { + type = port; + default = 8011; + description = "Internal port of the management server."; + }; + + extraOptions = mkOption { + type = listOf str; + default = [ ]; + description = '' + Additional options given to netbird-mgmt as commandline arguments. + ''; + }; + + oidcConfigEndpoint = mkOption { + type = str; + description = "The oidc discovery endpoint."; + example = "https://example.eu.auth0.com/.well-known/openid-configuration"; + }; + + settings = mkOption { + inherit (settingsFormat) type; + + defaultText = literalExpression '' + defaultSettings = { + Stuns = [ + { + Proto = "udp"; + URI = "stun:''${cfg.turnDomain}:3478"; + Username = ""; + Password = null; + } + ]; + + TURNConfig = { + Turns = [ + { + Proto = "udp"; + URI = "turn:''${cfg.turnDomain}:3478"; + Username = "netbird"; + Password = "netbird"; + } + ]; + + CredentialsTTL = "12h"; + Secret = "not-secure-secret"; + TimeBasedCredentials = false; + }; + + Signal = { + Proto = "https"; + URI = "''${cfg.domain}:443"; + Username = ""; + Password = null; + }; + + ReverseProxy = { + TrustedHTTPProxies = [ ]; + TrustedHTTPProxiesCount = 0; + TrustedPeers = [ "0.0.0.0/0" ]; + }; + + Datadir = "''${stateDir}/data"; + DataStoreEncryptionKey = "genEVP6j/Yp2EeVujm0zgqXrRos29dQkpvX0hHdEUlQ="; + StoreConfig = { Engine = "sqlite"; }; + + HttpConfig = { + Address = "127.0.0.1:''${builtins.toString cfg.port}"; + IdpSignKeyRefreshEnabled = true; + OIDCConfigEndpoint = cfg.oidcConfigEndpoint; + }; + + IdpManagerConfig = { + ManagerType = "none"; + ClientConfig = { + Issuer = ""; + TokenEndpoint = ""; + ClientID = "netbird"; + ClientSecret = ""; + GrantType = "client_credentials"; + }; + + ExtraConfig = { }; + Auth0ClientCredentials = null; + AzureClientCredentials = null; + KeycloakClientCredentials = null; + ZitadelClientCredentials = null; + }; + + DeviceAuthorizationFlow = { + Provider = "none"; + ProviderConfig = { + Audience = "netbird"; + Domain = null; + ClientID = "netbird"; + TokenEndpoint = null; + DeviceAuthEndpoint = ""; + Scope = "openid profile email offline_access api"; + UseIDToken = false; + }; + }; + + PKCEAuthorizationFlow = { + ProviderConfig = { + Audience = "netbird"; + ClientID = "netbird"; + ClientSecret = ""; + AuthorizationEndpoint = ""; + TokenEndpoint = ""; + Scope = "openid profile email offline_access api"; + RedirectURLs = "http://localhost:53000"; + UseIDToken = false; + }; + }; + }; + ''; + + default = { }; + + description = '' + Configuration of the netbird management server. + Options containing secret data should be set to an attribute set containing the attribute _secret + - a string pointing to a file containing the value the option should be set to. + See the example to get a better picture of this: in the resulting management.json file, + the `DataStoreEncryptionKey` key will be set to the contents of the /run/agenix/netbird_mgmt-data_store_encryption_key file. + ''; + + example = { + DataStoreEncryptionKey = { + _secret = "/run/agenix/netbird_mgmt-data_store_encryption_key"; + }; + }; + }; + + logLevel = mkOption { + type = enum [ + "ERROR" + "WARN" + "INFO" + "DEBUG" + ]; + default = "INFO"; + description = "Log level of the netbird services."; + }; + + enableNginx = mkEnableOption "Nginx reverse-proxy for the netbird management service."; + }; + + config = mkIf cfg.enable { + warnings = + concatMap + ( + { check, name }: + optional check "${name} is world-readable in the Nix Store, you should provide it as a _secret." + ) + [ + { + check = builtins.isString managementConfig.TURNConfig.Secret; + name = "The TURNConfig.secret"; + } + { + check = builtins.isString managementConfig.DataStoreEncryptionKey; + name = "The DataStoreEncryptionKey"; + } + { + check = any (T: (T ? Password) && builtins.isString T.Password) managementConfig.TURNConfig.Turns; + name = "A Turn configuration's password"; + } + ]; + + systemd.services.netbird-management = { + description = "The management server for Netbird, a wireguard VPN"; + documentation = [ "https://netbird.io/docs/" ]; + + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + restartTriggers = [ managementFile ]; + + preStart = genJqSecretsReplacementSnippet managementConfig "${stateDir}/management.json"; + + serviceConfig = { + ExecStart = escapeSystemdExecArgs ( + [ + (getExe' cfg.package "netbird-mgmt") + "management" + # Config file + "--config" + "${stateDir}/management.json" + # Data directory + "--datadir" + "${stateDir}/data" + # DNS domain + "--dns-domain" + cfg.dnsDomain + # Port to listen on + "--port" + cfg.port + # Log to stdout + "--log-file" + "console" + # Log level + "--log-level" + cfg.logLevel + # + "--idp-sign-key-refresh-enabled" + # Domain for internal resolution + "--single-account-mode-domain" + cfg.singleAccountModeDomain + ] + ++ (optional cfg.disableAnonymousMetrics "--disable-anonymous-metrics") + ++ (optional cfg.disableSingleAccountMode "--disable-single-account-mode") + ++ cfg.extraOptions + ); + Restart = "always"; + RuntimeDirectory = "netbird-mgmt"; + StateDirectory = [ + "netbird-mgmt" + "netbird-mgmt/data" + ]; + WorkingDirectory = stateDir; + + # hardening + LockPersonality = true; + MemoryDenyWriteExecute = true; + NoNewPrivileges = true; + PrivateMounts = true; + PrivateTmp = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectSystem = true; + RemoveIPC = true; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + }; + + stopIfChanged = false; + }; + + services.nginx = mkIf cfg.enableNginx { + enable = true; + + virtualHosts.${cfg.domain} = { + locations = { + "/api".proxyPass = "http://localhost:${builtins.toString cfg.port}"; + + "/management.ManagementService/".extraConfig = '' + # This is necessary so that grpc connections do not get closed early + # see https://stackoverflow.com/a/67805465 + client_body_timeout 1d; + + grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + grpc_pass grpc://localhost:${builtins.toString cfg.port}; + grpc_read_timeout 1d; + grpc_send_timeout 1d; + grpc_socket_keepalive on; + ''; + }; + }; + }; + }; +} diff --git a/nixpkgs/nixos/modules/services/networking/netbird/server.md b/nixpkgs/nixos/modules/services/networking/netbird/server.md new file mode 100644 index 000000000000..3649e97b379e --- /dev/null +++ b/nixpkgs/nixos/modules/services/networking/netbird/server.md @@ -0,0 +1,42 @@ +# Netbird server {#module-services-netbird-server} + +NetBird is a VPN built on top of WireGuard® making it easy to create secure private networks for your organization or home. + +## Quickstart {#module-services-netbird-server-quickstart} + +To fully setup Netbird as a self-hosted server, we need both a Coturn server and an identity provider, the list of supported SSOs and their setup are available [on Netbird's documentation](https://docs.netbird.io/selfhosted/selfhosted-guide#step-3-configure-identity-provider-idp). + +There are quite a few settings that need to be passed to Netbird for it to function, and a minimal config looks like : + +```nix +services.netbird.server = { + enable = true; + + domain = "netbird.example.selfhosted"; + + enableNginx = true; + + coturn = { + enable = true; + + passwordFile = "/path/to/a/secret/password"; + }; + + management = { + oidcConfigEndpoint = "https://sso.example.selfhosted/oauth2/openid/netbird/.well-known/openid-configuration"; + + settings = { + TURNConfig = { + Turns = [ + { + Proto = "udp"; + URI = "turn:netbird.example.selfhosted:3478"; + Username = "netbird"; + Password._secret = "/path/to/a/secret/password"; + } + ]; + }; + }; + }; +}; +``` diff --git a/nixpkgs/nixos/modules/services/networking/netbird/server.nix b/nixpkgs/nixos/modules/services/networking/netbird/server.nix new file mode 100644 index 000000000000..a4de0fda6a13 --- /dev/null +++ b/nixpkgs/nixos/modules/services/networking/netbird/server.nix @@ -0,0 +1,67 @@ +{ config, lib, ... }: + +let + inherit (lib) + mkEnableOption + mkIf + mkOption + optionalAttrs + ; + + inherit (lib.types) str; + + cfg = config.services.netbird.server; +in + +{ + meta = { + maintainers = with lib.maintainers; [ thubrecht ]; + doc = ./server.md; + }; + + # Import the separate components + imports = [ + ./coturn.nix + ./dashboard.nix + ./management.nix + ./signal.nix + ]; + + options.services.netbird.server = { + enable = mkEnableOption "Netbird Server stack, comprising the dashboard, management API and signal service"; + + enableNginx = mkEnableOption "Nginx reverse-proxy for the netbird server services."; + + domain = mkOption { + type = str; + description = "The domain under which the netbird server runs."; + }; + }; + + config = mkIf cfg.enable { + services.netbird.server = { + dashboard = { + inherit (cfg) enable domain enableNginx; + + managementServer = "https://${cfg.domain}"; + }; + + management = + { + inherit (cfg) enable domain enableNginx; + } + // (optionalAttrs cfg.coturn.enable { + turnDomain = cfg.domain; + turnPort = config.services.coturn.tls-listening-port; + }); + + signal = { + inherit (cfg) enable domain enableNginx; + }; + + coturn = { + inherit (cfg) domain; + }; + }; + }; +} diff --git a/nixpkgs/nixos/modules/services/networking/netbird/signal.nix b/nixpkgs/nixos/modules/services/networking/netbird/signal.nix new file mode 100644 index 000000000000..8408d20e874b --- /dev/null +++ b/nixpkgs/nixos/modules/services/networking/netbird/signal.nix @@ -0,0 +1,123 @@ +{ + config, + lib, + pkgs, + utils, + ... +}: + +let + inherit (lib) + getExe' + mkEnableOption + mkIf + mkPackageOption + mkOption + ; + + inherit (lib.types) enum port str; + + inherit (utils) escapeSystemdExecArgs; + + cfg = config.services.netbird.server.signal; +in + +{ + options.services.netbird.server.signal = { + enable = mkEnableOption "Netbird's Signal Service"; + + package = mkPackageOption pkgs "netbird" { }; + + enableNginx = mkEnableOption "Nginx reverse-proxy for the netbird signal service."; + + domain = mkOption { + type = str; + description = "The domain name for the signal service."; + }; + + port = mkOption { + type = port; + default = 8012; + description = "Internal port of the signal server."; + }; + + logLevel = mkOption { + type = enum [ + "ERROR" + "WARN" + "INFO" + "DEBUG" + ]; + default = "INFO"; + description = "Log level of the netbird signal service."; + }; + }; + + config = mkIf cfg.enable { + systemd.services.netbird-signal = { + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + ExecStart = escapeSystemdExecArgs [ + (getExe' cfg.package "netbird-signal") + "run" + # Port to listen on + "--port" + cfg.port + # Log to stdout + "--log-file" + "console" + # Log level + "--log-level" + cfg.logLevel + ]; + + Restart = "always"; + RuntimeDirectory = "netbird-mgmt"; + StateDirectory = "netbird-mgmt"; + WorkingDirectory = "/var/lib/netbird-mgmt"; + + # hardening + LockPersonality = true; + MemoryDenyWriteExecute = true; + NoNewPrivileges = true; + PrivateMounts = true; + PrivateTmp = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectSystem = true; + RemoveIPC = true; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + }; + + stopIfChanged = false; + }; + + services.nginx = mkIf cfg.enableNginx { + enable = true; + + virtualHosts.${cfg.domain} = { + locations."/signalexchange.SignalExchange/".extraConfig = '' + # This is necessary so that grpc connections do not get closed early + # see https://stackoverflow.com/a/67805465 + client_body_timeout 1d; + + grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + grpc_pass grpc://localhost:${builtins.toString cfg.port}; + grpc_read_timeout 1d; + grpc_send_timeout 1d; + grpc_socket_keepalive on; + ''; + }; + }; + }; +} diff --git a/nixpkgs/nixos/modules/services/networking/netclient.nix b/nixpkgs/nixos/modules/services/networking/netclient.nix index 43b8f07cca04..b4819f84bab2 100644 --- a/nixpkgs/nixos/modules/services/networking/netclient.nix +++ b/nixpkgs/nixos/modules/services/networking/netclient.nix @@ -6,7 +6,7 @@ in meta.maintainers = with lib.maintainers; [ wexder ]; options.services.netclient = { - enable = lib.mkEnableOption (lib.mdDoc "Netclient Daemon"); + enable = lib.mkEnableOption "Netclient Daemon"; package = lib.mkPackageOption pkgs "netclient" { }; }; diff --git a/nixpkgs/nixos/modules/services/networking/networkd-dispatcher.nix b/nixpkgs/nixos/modules/services/networking/networkd-dispatcher.nix index c5319ca7b88a..039888e3c064 100644 --- a/nixpkgs/nixos/modules/services/networking/networkd-dispatcher.nix +++ b/nixpkgs/nixos/modules/services/networking/networkd-dispatcher.nix @@ -11,11 +11,11 @@ in { options = { services.networkd-dispatcher = { - enable = mkEnableOption (mdDoc '' + enable = mkEnableOption '' Networkd-dispatcher service for systemd-networkd connection status change. See [https://gitlab.com/craftyguy/networkd-dispatcher](upstream instructions) for usage. - ''); + ''; rules = mkOption { default = {}; @@ -33,7 +33,7 @@ in { }; }; ''; - description = lib.mdDoc '' + description = '' Declarative configuration of networkd-dispatcher rules. See [https://gitlab.com/craftyguy/networkd-dispatcher](upstream instructions) for an introduction and example scripts. @@ -46,7 +46,7 @@ in { "configuring" "configured" ]); default = null; - description = lib.mdDoc '' + description = '' List of names of the systemd-networkd operational states which should trigger the script. See <https://www.freedesktop.org/software/systemd/man/networkctl.html> for a description of the specific state type. @@ -54,7 +54,7 @@ in { }; script = mkOption { type = types.lines; - description = lib.mdDoc '' + description = '' Shell commands executed on specified operational states. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/networkmanager.nix b/nixpkgs/nixos/modules/services/networking/networkmanager.nix index 573a02cbda9e..e33bbb2af178 100644 --- a/nixpkgs/nixos/modules/services/networking/networkmanager.nix +++ b/nixpkgs/nixos/modules/services/networking/networkmanager.nix @@ -10,49 +10,31 @@ let enableIwd = cfg.wifi.backend == "iwd"; - mkValue = v: - if v == true then "yes" - else if v == false then "no" - else if lib.isInt v then toString v - else v; - - mkSection = name: attrs: '' - [${name}] - ${ - lib.concatStringsSep "\n" - (lib.mapAttrsToList - (k: v: "${k}=${mkValue v}") - (lib.filterAttrs - (k: v: v != null) - attrs)) - } - ''; - - configFile = pkgs.writeText "NetworkManager.conf" (lib.concatStringsSep "\n" [ - (mkSection "main" { + configAttrs = lib.recursiveUpdate { + main = { plugins = "keyfile"; inherit (cfg) dhcp dns; # If resolvconf is disabled that means that resolv.conf is managed by some other module. rc-manager = if config.networking.resolvconf.enable then "resolvconf" else "unmanaged"; - }) - (mkSection "keyfile" { + }; + keyfile = { unmanaged-devices = - if cfg.unmanaged == [ ] then null - else lib.concatStringsSep ";" cfg.unmanaged; - }) - (mkSection "logging" { + if cfg.unmanaged == [ ] then null + else lib.concatStringsSep ";" cfg.unmanaged; + }; + logging = { audit = config.security.audit.enable; level = cfg.logLevel; - }) - (mkSection "connection" cfg.connectionConfig) - (mkSection "device" { - "wifi.scan-rand-mac-address" = cfg.wifi.scanRandMacAddress; - "wifi.backend" = cfg.wifi.backend; - }) - cfg.extraConfig - ]); + }; + connection = cfg.connectionConfig; + device = { + "wifi.scan-rand-mac-address" = cfg.wifi.scanRandMacAddress; + "wifi.backend" = cfg.wifi.backend; + }; + } cfg.settings; + configFile = ini.generate "NetworkManager.conf" configAttrs; /* [network-manager] @@ -105,7 +87,7 @@ let type = types.either types.str (types.enum [ "permanent" "preserve" "random" "stable" "stable-ssid" ]); default = "preserve"; example = "00:11:22:33:44:55"; - description = lib.mdDoc '' + description = '' Set the MAC address of the interface. - `"XX:XX:XX:XX:XX:XX"`: MAC address of the interface @@ -121,7 +103,7 @@ let type = types.either types.str (types.enum [ "permanent" "preserve" "random" "stable" ]); default = "preserve"; example = "00:11:22:33:44:55"; - description = lib.mdDoc '' + description = '' Set the MAC address of the interface. - `"XX:XX:XX:XX:XX:XX"`: MAC address of the interface @@ -145,7 +127,7 @@ in { meta = { - maintainers = teams.freedesktop.members; + maintainers = teams.freedesktop.members ++ [ lib.maintainers.janik ]; }; ###### interface @@ -157,7 +139,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to use NetworkManager to obtain an IP address and other configuration for all network interfaces that are not manually configured. If enabled, a group `networkmanager` @@ -173,7 +155,7 @@ in str ])); default = { }; - description = lib.mdDoc '' + description = '' Configuration for the [connection] section of NetworkManager.conf. Refer to [ @@ -185,11 +167,11 @@ in ''; }; - extraConfig = mkOption { - type = types.lines; - default = ""; - description = lib.mdDoc '' - Configuration appended to the generated NetworkManager.conf. + settings = mkOption { + type = ini.type; + default = {}; + description = '' + Configuration added to the generated NetworkManager.conf, note that you can overwrite settings with this. Refer to [ https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html @@ -203,7 +185,7 @@ in unmanaged = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc '' + description = '' List of interfaces that will not be managed by NetworkManager. Interface name can be specified here, but if you need more fidelity, refer to @@ -234,7 +216,7 @@ in in types.listOf networkManagerPluginPackage; default = [ ]; - description = lib.mdDoc '' + description = '' List of NetworkManager plug-ins to enable. Some plug-ins are enabled by the NetworkManager module by default. ''; @@ -243,7 +225,7 @@ in dhcp = mkOption { type = types.enum [ "dhcpcd" "internal" ]; default = "internal"; - description = lib.mdDoc '' + description = '' Which program (or internal library) should be used for DHCP. ''; }; @@ -251,7 +233,7 @@ in logLevel = mkOption { type = types.enum [ "OFF" "ERR" "WARN" "INFO" "DEBUG" "TRACE" ]; default = "WARN"; - description = lib.mdDoc '' + description = '' Set the default logging verbosity level. ''; }; @@ -259,7 +241,7 @@ in appendNameservers = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc '' + description = '' A list of name servers that should be appended to the ones configured in NetworkManager or received by DHCP. ''; @@ -268,7 +250,7 @@ in insertNameservers = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc '' + description = '' A list of name servers that should be inserted before the ones configured in NetworkManager or received by DHCP. ''; @@ -282,7 +264,7 @@ in backend = mkOption { type = types.enum [ "wpa_supplicant" "iwd" ]; default = "wpa_supplicant"; - description = lib.mdDoc '' + description = '' Specify the Wi-Fi backend used for the device. Currently supported are {option}`wpa_supplicant` or {option}`iwd` (experimental). ''; @@ -291,7 +273,7 @@ in powersave = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to enable Wi-Fi power saving. ''; }; @@ -299,7 +281,7 @@ in scanRandMacAddress = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable MAC address randomization of a Wi-Fi device during scanning. ''; @@ -309,7 +291,7 @@ in dns = mkOption { type = types.enum [ "default" "dnsmasq" "systemd-resolved" "none" ]; default = "default"; - description = lib.mdDoc '' + description = '' Set the DNS (`resolv.conf`) processing mode. A description of these modes can be found in the main section of @@ -326,7 +308,7 @@ in options = { source = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' Path to the hook script. ''; }; @@ -334,7 +316,7 @@ in type = mkOption { type = types.enum (attrNames dispatcherTypesSubdirMap); default = "basic"; - description = lib.mdDoc '' + description = '' Dispatcher hook type. Look up the hooks described at [https://developer.gnome.org/NetworkManager/stable/NetworkManager.html](https://developer.gnome.org/NetworkManager/stable/NetworkManager.html) and choose the type depending on the output folder. @@ -358,7 +340,7 @@ in type = "basic"; } ] ''; - description = lib.mdDoc '' + description = '' A list of scripts which will be executed in response to network events. ''; }; @@ -366,7 +348,7 @@ in enableStrongSwan = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable the StrongSwan plugin. If you enable this option the @@ -381,17 +363,17 @@ in options = { id = mkOption { type = types.str; - description = lib.mdDoc "vid:pid of either the PCI or USB vendor and product ID"; + description = "vid:pid of either the PCI or USB vendor and product ID"; }; path = mkOption { type = types.path; - description = lib.mdDoc "Path to the unlock script"; + description = "Path to the unlock script"; }; }; }); default = [ ]; - example = literalExpression ''[{ name = "03f0:4e1d"; script = "''${pkgs.modemmanager}/share/ModemManager/fcc-unlock.available.d/03f0:4e1d"; }]''; - description = lib.mdDoc '' + example = literalExpression ''[{ id = "03f0:4e1d"; path = "''${pkgs.modemmanager}/share/ModemManager/fcc-unlock.available.d/03f0:4e1d"; }]''; + description = '' List of FCC unlock scripts to enable on the system, behaving as described in https://modemmanager.org/docs/modemmanager/fcc-unlock/#integration-with-third-party-fcc-unlock-tools. ''; @@ -445,7 +427,7 @@ in }; }; }; - description = lib.mdDoc '' + description = '' Declaratively define NetworkManager profiles. You can find information about the generated file format [here](https://networkmanager.dev/docs/api/latest/nm-settings-keyfile.html) and [here](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_networking/assembly_networkmanager-connection-profiles-in-keyfile-format_configuring-and-managing-networking). You current profiles which are most likely stored in `/etc/NetworkManager/system-connections` and there is [a tool](https://github.com/janik-haag/nm2nix) to convert them to the needed nix code. If you add a new ad-hoc connection via a GUI or nmtui or anything similar it should just work together with the declarative ones. @@ -459,7 +441,7 @@ in default = []; type = types.listOf types.path; example = [ "/run/secrets/network-manager.env" ]; - description = lib.mdDoc '' + description = '' Files to load as environment file. Environment variables from this file will be substituted into the static configuration file using [envsubst](https://github.com/a8m/envsubst). ''; @@ -471,8 +453,28 @@ in imports = [ (mkRenamedOptionModule [ "networking" "networkmanager" "packages" ] - [ "networking" "networkmanager" "plugins" ]) - (mkRenamedOptionModule [ "networking" "networkmanager" "useDnsmasq" ] [ "networking" "networkmanager" "dns" ]) + [ "networking" "networkmanager" "plugins" ] + ) + (mkRenamedOptionModule + [ "networking" "networkmanager" "useDnsmasq" ] + [ "networking" "networkmanager" "dns" ] + ) + (mkRemovedOptionModule [ "networking" "networkmanager" "extraConfig" ] '' + This option was removed in favour of `networking.networkmanager.settings`, + which accepts structured nix-code equivalent to the ini + and allows for overriding settings. + Example patch: + ```patch + networking.networkmanager = { + - extraConfig = ''' + - [main] + - no-auto-default=* + - ''' + + extraConfig.main.no-auto-default = "*"; + }; + ``` + '' + ) (mkRemovedOptionModule [ "networking" "networkmanager" "enableFccUnlock" ] '' This option was removed, because using bundled FCC unlock scripts is risky, might conflict with vendor-provided unlock scripts, and should diff --git a/nixpkgs/nixos/modules/services/networking/nextdns.nix b/nixpkgs/nixos/modules/services/networking/nextdns.nix index 697fa605049e..b070eeec894f 100644 --- a/nixpkgs/nixos/modules/services/networking/nextdns.nix +++ b/nixpkgs/nixos/modules/services/networking/nextdns.nix @@ -10,13 +10,13 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the NextDNS DNS/53 to DoH Proxy service."; + description = "Whether to enable the NextDNS DNS/53 to DoH Proxy service."; }; arguments = mkOption { type = types.listOf types.str; default = []; example = [ "-config" "10.0.3.0/24=abcdef" ]; - description = lib.mdDoc "Additional arguments to be passed to nextdns run."; + description = "Additional arguments to be passed to nextdns run."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/nftables.nix b/nixpkgs/nixos/modules/services/networking/nftables.nix index 2351ebf4b707..ada9b83716a5 100644 --- a/nixpkgs/nixos/modules/services/networking/nftables.nix +++ b/nixpkgs/nixos/modules/services/networking/nftables.nix @@ -8,21 +8,21 @@ let enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Enable this table."; + description = "Enable this table."; }; name = mkOption { type = types.str; - description = lib.mdDoc "Table name."; + description = "Table name."; }; content = mkOption { type = types.lines; - description = lib.mdDoc "The table content."; + description = "The table content."; }; family = mkOption { - description = lib.mdDoc "Table family."; + description = "Table family."; type = types.enum [ "ip" "ip6" "inet" "arp" "bridge" "netdev" ]; }; }; @@ -39,8 +39,7 @@ in networking.nftables.enable = mkOption { type = types.bool; default = false; - description = - lib.mdDoc '' + description = '' Whether to enable nftables and use nftables based firewall if enabled. nftables is a Linux-based packet filtering framework intended to replace frameworks like iptables. @@ -61,7 +60,7 @@ in networking.nftables.checkRuleset = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Run `nft check` on the ruleset to spot syntax errors during build. Because this is executed in a sandbox, the check might fail if it requires access to any environmental factors or paths outside the Nix store. @@ -84,7 +83,7 @@ in "/etc/services" = config.environment.etc.services.source; } ''; - description = mdDoc '' + description = '' Set of paths that should be intercepted and rewritten while checking the ruleset using `pkgs.buildPackages.libredirect`. ''; @@ -96,14 +95,14 @@ in example = lib.literalExpression '' sed 's/skgid meadow/skgid nogroup/g' -i ruleset.conf ''; - description = lib.mdDoc '' + description = '' This script gets run before the ruleset is checked. It can be used to create additional files needed for the ruleset check to work, or modify the ruleset for cases the build environment cannot cover. ''; }; - networking.nftables.flushRuleset = mkEnableOption (lib.mdDoc "flushing the entire ruleset on each reload"); + networking.nftables.flushRuleset = mkEnableOption "flushing the entire ruleset on each reload"; networking.nftables.extraDeletions = mkOption { type = types.lines; @@ -114,8 +113,7 @@ in delete table inet some-table; ''; - description = - lib.mdDoc '' + description = '' Extra deletion commands to be run on every firewall start, reload and after stopping the firewall. ''; @@ -166,8 +164,7 @@ in } } ''; - description = - lib.mdDoc '' + description = '' The ruleset to be used with nftables. Should be in a format that can be loaded using "/bin/nft -f". The ruleset is updated atomically. Note that if the tables should be cleaned first, either: @@ -179,8 +176,7 @@ in networking.nftables.rulesetFile = mkOption { type = types.nullOr types.path; default = null; - description = - lib.mdDoc '' + description = '' The ruleset file to be used with nftables. Should be in a format that can be loaded using "nft -f". The ruleset is updated atomically. ''; @@ -189,7 +185,7 @@ in networking.nftables.flattenRulesetFile = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Use `builtins.readFile` rather than `include` to handle {option}`networking.nftables.rulesetFile`. It is useful when you want to apply {option}`networking.nftables.preCheckRuleset` to {option}`networking.nftables.rulesetFile`. ::: {.note} @@ -203,7 +199,7 @@ in default = {}; - description = lib.mdDoc '' + description = '' Tables to be added to ruleset. Tables will be added together with delete statements to clean up the table before every update. ''; diff --git a/nixpkgs/nixos/modules/services/networking/nghttpx/backend-params-submodule.nix b/nixpkgs/nixos/modules/services/networking/nghttpx/backend-params-submodule.nix index 510dc02b5c9f..6523f4b8b9e0 100644 --- a/nixpkgs/nixos/modules/services/networking/nghttpx/backend-params-submodule.nix +++ b/nixpkgs/nixos/modules/services/networking/nghttpx/backend-params-submodule.nix @@ -3,7 +3,7 @@ proto = lib.mkOption { type = lib.types.enum [ "h2" "http/1.1" ]; default = "http/1.1"; - description = lib.mdDoc '' + description = '' This option configures the protocol the backend server expects to use. @@ -15,7 +15,7 @@ tls = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' This option determines whether nghttpx will negotiate its connection with a backend server using TLS or not. The burden is on the backend server to provide the TLS certificate! @@ -28,7 +28,7 @@ sni = lib.mkOption { type = lib.types.nullOr lib.types.str; default = null; - description = lib.mdDoc '' + description = '' Override the TLS SNI field value. This value (in nghttpx) defaults to the host value of the backend configuration. @@ -40,7 +40,7 @@ fall = lib.mkOption { type = lib.types.int; default = 0; - description = lib.mdDoc '' + description = '' If nghttpx cannot connect to the backend N times in a row, the backend is assumed to be offline and is excluded from load balancing. If N is 0 the backend is never excluded from load @@ -54,7 +54,7 @@ rise = lib.mkOption { type = lib.types.int; default = 0; - description = lib.mdDoc '' + description = '' If the backend is excluded from load balancing, nghttpx will periodically attempt to make a connection to the backend. If the connection is successful N times in a row the backend is @@ -69,7 +69,7 @@ affinity = lib.mkOption { type = lib.types.enum [ "ip" "none" ]; default = "none"; - description = lib.mdDoc '' + description = '' If "ip" is given, client IP based session affinity is enabled. If "none" is given, session affinity is disabled. @@ -91,7 +91,7 @@ dns = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Name resolution of a backends host name is done at start up, or configuration reload. If "dns" is true, name resolution takes place dynamically. @@ -108,7 +108,7 @@ redirect-if-not-tls = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' If true, a backend match requires the frontend connection be TLS encrypted. If it is not, nghttpx responds to the request with a 308 status code and https URI the client should use diff --git a/nixpkgs/nixos/modules/services/networking/nghttpx/backend-submodule.nix b/nixpkgs/nixos/modules/services/networking/nghttpx/backend-submodule.nix index af99b21c9ab3..eb559e926e76 100644 --- a/nixpkgs/nixos/modules/services/networking/nghttpx/backend-submodule.nix +++ b/nixpkgs/nixos/modules/services/networking/nghttpx/backend-submodule.nix @@ -13,7 +13,7 @@ host = "127.0.0.1"; port = 80; }; - description = lib.mdDoc '' + description = '' Backend server location specified as either a host:port pair or a unix domain docket. ''; @@ -27,7 +27,7 @@ "/somepath" ]; default = []; - description = lib.mdDoc '' + description = '' List of nghttpx backend patterns. Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b @@ -42,7 +42,7 @@ tls = true; }; default = null; - description = lib.mdDoc '' + description = '' Parameters to configure a backend. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/nghttpx/frontend-params-submodule.nix b/nixpkgs/nixos/modules/services/networking/nghttpx/frontend-params-submodule.nix index 66c6d7efa6a0..33c8572bd14f 100644 --- a/nixpkgs/nixos/modules/services/networking/nghttpx/frontend-params-submodule.nix +++ b/nixpkgs/nixos/modules/services/networking/nghttpx/frontend-params-submodule.nix @@ -3,7 +3,7 @@ tls = lib.mkOption { type = lib.types.enum [ "tls" "no-tls" ]; default = "tls"; - description = lib.mdDoc '' + description = '' Enable or disable TLS. If true (enabled) the key and certificate must be configured for nghttpx. @@ -15,7 +15,7 @@ sni-fwd = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' When performing a match to select a backend server, SNI host name received from the client is used instead of the request host. See --backend option about the pattern match. @@ -28,7 +28,7 @@ api = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable API access for this frontend. This enables you to dynamically modify nghttpx at run-time therefore this feature is disabled by default and should be turned on with care. @@ -41,7 +41,7 @@ healthmon = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Make this frontend a health monitor endpoint. Any request received on this frontend is responded to with a 200 OK. @@ -53,7 +53,7 @@ proxyproto = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Accept PROXY protocol version 1 on frontend connection. Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-f diff --git a/nixpkgs/nixos/modules/services/networking/nghttpx/frontend-submodule.nix b/nixpkgs/nixos/modules/services/networking/nghttpx/frontend-submodule.nix index 3175df20eec5..887ef4502131 100644 --- a/nixpkgs/nixos/modules/services/networking/nghttpx/frontend-submodule.nix +++ b/nixpkgs/nixos/modules/services/networking/nghttpx/frontend-submodule.nix @@ -13,7 +13,7 @@ host = "127.0.0.1"; port = 80; }; - description = lib.mdDoc '' + description = '' Frontend server interface binding specification as either a host:port pair or a unix domain docket. @@ -28,7 +28,7 @@ tls = "tls"; }; default = null; - description = lib.mdDoc '' + description = '' Parameters to configure a backend. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix b/nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix index 82ab8c4223e6..cb77c0c6d1cd 100644 --- a/nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix +++ b/nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix @@ -1,10 +1,10 @@ { lib, ... }: { options.services.nghttpx = { - enable = lib.mkEnableOption (lib.mdDoc "nghttpx"); + enable = lib.mkEnableOption "nghttpx"; frontends = lib.mkOption { type = lib.types.listOf (lib.types.submodule (import ./frontend-submodule.nix)); - description = lib.mdDoc '' + description = '' A list of frontend listener specifications. ''; example = [ @@ -22,7 +22,7 @@ backends = lib.mkOption { type = lib.types.listOf (lib.types.submodule (import ./backend-submodule.nix)); - description = lib.mdDoc '' + description = '' A list of backend specifications. ''; example = [ @@ -42,7 +42,7 @@ tls = lib.mkOption { type = lib.types.nullOr (lib.types.submodule (import ./tls-submodule.nix)); default = null; - description = lib.mdDoc '' + description = '' TLS certificate and key paths. Note that this does not enable TLS for a frontend listener, to do so, a frontend specification must set `params.tls` to true. @@ -56,7 +56,7 @@ extraConfig = lib.mkOption { type = lib.types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra configuration options to be appended to the generated configuration file. ''; @@ -65,7 +65,7 @@ single-process = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Run this program in a single process mode for debugging purpose. Without this option, nghttpx creates at least 2 processes: master and worker processes. If this option is @@ -81,7 +81,7 @@ backlog = lib.mkOption { type = lib.types.int; default = 65536; - description = lib.mdDoc '' + description = '' Listen backlog size. Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx--backlog @@ -95,7 +95,7 @@ "IPv6" ]; default = "auto"; - description = lib.mdDoc '' + description = '' Specify address family of backend connections. If "auto" is given, both IPv4 and IPv6 are considered. If "IPv4" is given, only IPv4 address is considered. If "IPv6" is given, only IPv6 @@ -108,7 +108,7 @@ workers = lib.mkOption { type = lib.types.int; default = 1; - description = lib.mdDoc '' + description = '' Set the number of worker threads. Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-n @@ -118,7 +118,7 @@ single-thread = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Run everything in one thread inside the worker process. This feature is provided for better debugging experience, or for the platforms which lack thread support. If threading is @@ -131,7 +131,7 @@ rlimit-nofile = lib.mkOption { type = lib.types.int; default = 0; - description = lib.mdDoc '' + description = '' Set maximum number of open files (RLIMIT_NOFILE) to \<N\>. If 0 is given, nghttpx does not set the limit. diff --git a/nixpkgs/nixos/modules/services/networking/nghttpx/server-options.nix b/nixpkgs/nixos/modules/services/networking/nghttpx/server-options.nix index 48e2a3045596..ef23bfd793c5 100644 --- a/nixpkgs/nixos/modules/services/networking/nghttpx/server-options.nix +++ b/nixpkgs/nixos/modules/services/networking/nghttpx/server-options.nix @@ -3,14 +3,14 @@ host = lib.mkOption { type = lib.types.str; example = "127.0.0.1"; - description = lib.mdDoc '' + description = '' Server host address. ''; }; port = lib.mkOption { type = lib.types.int; example = 5088; - description = lib.mdDoc '' + description = '' Server host port. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/nghttpx/tls-submodule.nix b/nixpkgs/nixos/modules/services/networking/nghttpx/tls-submodule.nix index bb6cdae07e58..8f3cdaae2c81 100644 --- a/nixpkgs/nixos/modules/services/networking/nghttpx/tls-submodule.nix +++ b/nixpkgs/nixos/modules/services/networking/nghttpx/tls-submodule.nix @@ -4,7 +4,7 @@ type = lib.types.str; example = "/etc/ssl/keys/mykeyfile.key"; default = "/etc/ssl/keys/server.key"; - description = lib.mdDoc '' + description = '' Path to the TLS key file. ''; }; @@ -13,7 +13,7 @@ type = lib.types.str; example = "/etc/ssl/certs/mycert.crt"; default = "/etc/ssl/certs/server.crt"; - description = lib.mdDoc '' + description = '' Path to the TLS certificate file. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/ngircd.nix b/nixpkgs/nixos/modules/services/networking/ngircd.nix index a2fff78fdff8..76e4642c8619 100644 --- a/nixpkgs/nixos/modules/services/networking/ngircd.nix +++ b/nixpkgs/nixos/modules/services/networking/ngircd.nix @@ -20,10 +20,10 @@ let in { options = { services.ngircd = { - enable = mkEnableOption (lib.mdDoc "the ngircd IRC server"); + enable = mkEnableOption "the ngircd IRC server"; config = mkOption { - description = lib.mdDoc "The ngircd configuration (see ngircd.conf(5))."; + description = "The ngircd configuration (see ngircd.conf(5))."; type = types.lines; }; diff --git a/nixpkgs/nixos/modules/services/networking/nix-serve.nix b/nixpkgs/nixos/modules/services/networking/nix-serve.nix index a0c0be2ff254..9f1c54adcfb4 100644 --- a/nixpkgs/nixos/modules/services/networking/nix-serve.nix +++ b/nixpkgs/nixos/modules/services/networking/nix-serve.nix @@ -8,12 +8,12 @@ in { options = { services.nix-serve = { - enable = mkEnableOption (lib.mdDoc "nix-serve, the standalone Nix binary cache server"); + enable = mkEnableOption "nix-serve, the standalone Nix binary cache server"; port = mkOption { type = types.port; default = 5000; - description = lib.mdDoc '' + description = '' Port number where nix-serve will listen on. ''; }; @@ -21,7 +21,7 @@ in bindAddress = mkOption { type = types.str; default = "0.0.0.0"; - description = lib.mdDoc '' + description = '' IP address where nix-serve will bind its listening socket. ''; }; @@ -31,13 +31,13 @@ in openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Open ports in the firewall for nix-serve."; + description = "Open ports in the firewall for nix-serve."; }; secretKeyFile = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The path to the file used for signing derivation data. Generate with: @@ -52,7 +52,7 @@ in extraParams = mkOption { type = types.separatedString " "; default = ""; - description = lib.mdDoc '' + description = '' Extra command line parameters for nix-serve. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/nix-store-gcs-proxy.nix b/nixpkgs/nixos/modules/services/networking/nix-store-gcs-proxy.nix index 531b2bde7633..0012302db2e3 100644 --- a/nixpkgs/nixos/modules/services/networking/nix-store-gcs-proxy.nix +++ b/nixpkgs/nixos/modules/services/networking/nix-store-gcs-proxy.nix @@ -9,18 +9,18 @@ let default = true; type = types.bool; example = true; - description = lib.mdDoc "Whether to enable proxy for this bucket"; + description = "Whether to enable proxy for this bucket"; }; bucketName = mkOption { type = types.str; default = name; example = "my-bucket-name"; - description = lib.mdDoc "Name of Google storage bucket"; + description = "Name of Google storage bucket"; }; address = mkOption { type = types.str; example = "localhost:3000"; - description = lib.mdDoc "The address of the proxy."; + description = "The address of the proxy."; }; }; }; @@ -31,7 +31,7 @@ in options.services.nix-store-gcs-proxy = mkOption { type = types.attrsOf (types.submodule opts); default = {}; - description = lib.mdDoc '' + description = '' An attribute set describing an HTTP to GCS proxy that allows us to use GCS bucket via HTTP protocol. ''; diff --git a/nixpkgs/nixos/modules/services/networking/nixops-dns.nix b/nixpkgs/nixos/modules/services/networking/nixops-dns.nix index 378c2ee6d05f..5e33d872ea45 100644 --- a/nixpkgs/nixos/modules/services/networking/nixops-dns.nix +++ b/nixpkgs/nixos/modules/services/networking/nixops-dns.nix @@ -12,7 +12,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the nixops-dns resolution of NixOps virtual machines via dnsmasq and fake domain name. ''; @@ -20,7 +20,7 @@ in user = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The user the nixops-dns daemon should run as. This should be the user, which is also used for nixops and have the .nixops directory in its home. @@ -29,7 +29,7 @@ in domain = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Fake domain name to resolve to NixOps virtual machines. For example "ops" will resolve "vm.ops". @@ -40,7 +40,7 @@ in dnsmasq = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Enable dnsmasq forwarding to nixops-dns. This allows to use nixops-dns for `services.nixops-dns.domain` resolution while forwarding the rest of the queries to original resolvers. diff --git a/nixpkgs/nixos/modules/services/networking/nncp.nix b/nixpkgs/nixos/modules/services/networking/nncp.nix index 3cfe41995e76..f4ed7ecc7d4a 100644 --- a/nixpkgs/nixos/modules/services/networking/nncp.nix +++ b/nixpkgs/nixos/modules/services/networking/nncp.nix @@ -39,7 +39,7 @@ in { ''; listenStreams = mkOption { type = with types; listOf str; - description = lib.mdDoc '' + description = '' TCP sockets to bind to. See [](#opt-systemd.sockets._name_.listenStreams). ''; diff --git a/nixpkgs/nixos/modules/services/networking/nntp-proxy.nix b/nixpkgs/nixos/modules/services/networking/nntp-proxy.nix index b887c0e16ef4..0a174ec34664 100644 --- a/nixpkgs/nixos/modules/services/networking/nntp-proxy.nix +++ b/nixpkgs/nixos/modules/services/networking/nntp-proxy.nix @@ -59,13 +59,13 @@ in options = { services.nntp-proxy = { - enable = mkEnableOption (lib.mdDoc "NNTP-Proxy"); + enable = mkEnableOption "NNTP-Proxy"; upstreamServer = mkOption { type = types.str; default = ""; example = "ssl-eu.astraweb.com"; - description = lib.mdDoc '' + description = '' Upstream server address ''; }; @@ -73,7 +73,7 @@ in upstreamPort = mkOption { type = types.port; default = 563; - description = lib.mdDoc '' + description = '' Upstream server port ''; }; @@ -81,7 +81,7 @@ in upstreamMaxConnections = mkOption { type = types.int; default = 20; - description = lib.mdDoc '' + description = '' Upstream server maximum allowed concurrent connections ''; }; @@ -89,7 +89,7 @@ in upstreamUser = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Upstream server username ''; }; @@ -97,7 +97,7 @@ in upstreamPassword = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Upstream server password ''; }; @@ -106,7 +106,7 @@ in type = types.str; default = "127.0.0.1"; example = "[::]"; - description = lib.mdDoc '' + description = '' Proxy listen address (IPv6 literal addresses need to be enclosed in "[" and "]" characters) ''; }; @@ -114,7 +114,7 @@ in port = mkOption { type = types.port; default = 5555; - description = lib.mdDoc '' + description = '' Proxy listen port ''; }; @@ -123,7 +123,7 @@ in type = types.str; default = "key.pem"; example = "/path/to/your/key.file"; - description = lib.mdDoc '' + description = '' Proxy ssl key path ''; }; @@ -132,7 +132,7 @@ in type = types.str; default = "cert.pem"; example = "/path/to/your/cert.file"; - description = lib.mdDoc '' + description = '' Proxy ssl certificate path ''; }; @@ -140,7 +140,7 @@ in prohibitPosting = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to prohibit posting to the upstream server ''; }; @@ -149,7 +149,7 @@ in type = types.enum [ "error" "warning" "notice" "info" "debug" ]; default = "info"; example = "error"; - description = lib.mdDoc '' + description = '' Verbosity level ''; }; @@ -159,7 +159,7 @@ in options = { username = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Username ''; }; @@ -167,7 +167,7 @@ in passwordHash = mkOption { type = types.str; example = "$6$GtzE7FrpE$wwuVgFYU.TZH4Rz.Snjxk9XGua89IeVwPQ/fEUD8eujr40q5Y021yhn0aNcsQ2Ifw.BLclyzvzgegopgKcneL0"; - description = lib.mdDoc '' + description = '' SHA-512 password hash (can be generated by `mkpasswd -m sha-512 <password>`) ''; @@ -176,13 +176,13 @@ in maxConnections = mkOption { type = types.int; default = 1; - description = lib.mdDoc '' + description = '' Maximum number of concurrent connections to the proxy for this user ''; }; }; }); - description = lib.mdDoc '' + description = '' NNTP-Proxy user configuration ''; diff --git a/nixpkgs/nixos/modules/services/networking/nomad.nix b/nixpkgs/nixos/modules/services/networking/nomad.nix index 8cb0264648de..a30622ac8548 100644 --- a/nixpkgs/nixos/modules/services/networking/nomad.nix +++ b/nixpkgs/nixos/modules/services/networking/nomad.nix @@ -8,14 +8,14 @@ in ##### interface options = { services.nomad = { - enable = mkEnableOption (lib.mdDoc "Nomad, a distributed, highly available, datacenter-aware scheduler"); + enable = mkEnableOption "Nomad, a distributed, highly available, datacenter-aware scheduler"; package = mkPackageOption pkgs "nomad" { }; extraPackages = mkOption { type = types.listOf types.package; default = [ ]; - description = lib.mdDoc '' + description = '' Extra packages to add to {env}`PATH` for the Nomad agent process. ''; example = literalExpression '' @@ -26,7 +26,7 @@ in dropPrivileges = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether the nomad agent should be run as a non-root nomad user. ''; }; @@ -34,7 +34,7 @@ in enableDocker = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Enable Docker support. Needed for Nomad's docker driver. Note that the docker group membership is effectively equivalent @@ -45,7 +45,7 @@ in extraSettingsPaths = mkOption { type = types.listOf types.path; default = [ ]; - description = lib.mdDoc '' + description = '' Additional settings paths used to configure nomad. These can be files or directories. ''; example = literalExpression '' @@ -56,7 +56,7 @@ in extraSettingsPlugins = mkOption { type = types.listOf (types.either types.package types.path); default = [ ]; - description = lib.mdDoc '' + description = '' Additional plugins dir used to configure nomad. ''; example = literalExpression '' @@ -65,7 +65,7 @@ in }; credentials = mkOption { - description = lib.mdDoc '' + description = '' Credentials envs used to configure nomad secrets. ''; type = types.attrsOf types.str; @@ -79,7 +79,7 @@ in settings = mkOption { type = format.type; default = { }; - description = lib.mdDoc '' + description = '' Configuration for Nomad. See the [documentation](https://www.nomadproject.io/docs/configuration) for supported values. diff --git a/nixpkgs/nixos/modules/services/networking/nsd.nix b/nixpkgs/nixos/modules/services/networking/nsd.nix index 6db728e7aa5a..b17416c1e3d3 100644 --- a/nixpkgs/nixos/modules/services/networking/nsd.nix +++ b/nixpkgs/nixos/modules/services/networking/nsd.nix @@ -81,7 +81,6 @@ let zonesdir: "${stateDir}" # the list of dynamically added zones. - database: "${stateDir}/var/nsd.db" pidfile: "${pidFile}" xfrdfile: "${stateDir}/var/xfrd.state" xfrdir: "${stateDir}/tmp" @@ -112,6 +111,7 @@ let ${maybeString "version: " cfg.version} xfrd-reload-timeout: ${toString cfg.xfrdReloadTimeout} zonefiles-check: ${yesOrNo cfg.zonefilesCheck} + zonefiles-write: ${toString cfg.zonefilesWrite} ${maybeString "rrl-ipv4-prefix-length: " cfg.ratelimit.ipv4PrefixLength} ${maybeString "rrl-ipv6-prefix-length: " cfg.ratelimit.ipv6PrefixLength} @@ -152,9 +152,7 @@ let copyKeys = concatStrings (mapAttrsToList (keyName: keyOptions: '' secret=$(cat "${keyOptions.keyFile}") dest="${stateDir}/private/${keyName}" - echo " secret: \"$secret\"" > "$dest" - chown ${username}:${username} "$dest" - chmod 0400 "$dest" + install -m 0400 -o "${username}" -g "${username}" <(echo " secret: \"$secret\"") "$dest" '') cfg.keys); @@ -173,6 +171,7 @@ let ${maybeToString "min-retry-time: " zone.minRetrySecs} allow-axfr-fallback: ${yesOrNo zone.allowAXFRFallback} + multi-master-check: ${yesOrNo zone.multiMasterCheck} ${forEach " allow-notify: " zone.allowNotify} ${forEach " request-xfr: " zone.requestXFR} @@ -201,7 +200,7 @@ let allowAXFRFallback = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' If NSD as secondary server should be allowed to AXFR if the primary server does not allow IXFR. ''; @@ -213,7 +212,7 @@ let example = [ "192.0.2.0/24 NOKEY" "10.0.0.1-10.0.0.5 my_tsig_key_name" "10.0.3.4&255.255.0.0 BLOCKED" ]; - description = lib.mdDoc '' + description = '' Listed primary servers are allowed to notify this secondary server. Format: `<ip> <key-name | NOKEY | BLOCKED>` @@ -243,7 +242,7 @@ let # to default values, breaking the parent inheriting function. type = types.attrsOf types.anything; default = {}; - description = lib.mdDoc '' + description = '' Children zones inherit all options of their parents. Attributes defined in a child will overwrite the ones of its parent. Only leaf zones will be actually served. This way it's possible to @@ -256,29 +255,29 @@ let data = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' The actual zone data. This is the content of your zone file. Use imports or pkgs.lib.readFile if you don't want this data in your config file. ''; }; - dnssec = mkEnableOption (lib.mdDoc "DNSSEC"); + dnssec = mkEnableOption "DNSSEC"; dnssecPolicy = { algorithm = mkOption { type = types.str; default = "RSASHA256"; - description = lib.mdDoc "Which algorithm to use for DNSSEC"; + description = "Which algorithm to use for DNSSEC"; }; keyttl = mkOption { type = types.str; default = "1h"; - description = lib.mdDoc "TTL for dnssec records"; + description = "TTL for dnssec records"; }; coverage = mkOption { type = types.str; default = "1y"; - description = lib.mdDoc '' + description = '' The length of time to ensure that keys will be correct; no action will be taken to create new keys to be activated after this time. ''; }; @@ -289,7 +288,7 @@ let postPublish = "1w"; rollPeriod = "1mo"; }; - description = lib.mdDoc "Key policy for zone signing keys"; + description = "Key policy for zone signing keys"; }; ksk = mkOption { type = keyPolicy; @@ -298,14 +297,14 @@ let postPublish = "1mo"; rollPeriod = "0"; }; - description = lib.mdDoc "Key policy for key signing keys"; + description = "Key policy for key signing keys"; }; }; maxRefreshSecs = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' Limit refresh time for secondary zones. This is the timer which checks to see if the zone has to be refetched when it expires. Normally the value from the SOA record is used, but this option @@ -316,7 +315,7 @@ let minRefreshSecs = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' Limit refresh time for secondary zones. ''; }; @@ -324,7 +323,7 @@ let maxRetrySecs = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' Limit retry time for secondary zones. This is the timeout after a failed fetch attempt for the zone. Normally the value from the SOA record is used, but this option restricts that value. @@ -334,17 +333,26 @@ let minRetrySecs = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' Limit retry time for secondary zones. ''; }; + multiMasterCheck = mkOption { + type = types.bool; + default = false; + description = '' + If enabled, checks all masters for the last zone version. + It uses the higher version from all configured masters. + Useful if you have multiple masters that have different version numbers served. + ''; + }; notify = mkOption { type = types.listOf types.str; default = []; example = [ "10.0.0.1@3721 my_key" "::5 NOKEY" ]; - description = lib.mdDoc '' + description = '' This primary server will notify all given secondary servers about zone changes. @@ -361,7 +369,7 @@ let notifyRetry = mkOption { type = types.int; default = 5; - description = lib.mdDoc '' + description = '' Specifies the number of retries for failed notifies. Set this along with notify. ''; }; @@ -370,7 +378,7 @@ let type = types.nullOr types.str; default = null; example = "2000::1@1234"; - description = lib.mdDoc '' + description = '' This address will be used for zone-transfer requests if configured as a secondary server or notifications in case of a primary server. Supply either a plain IPv4 or IPv6 address with an optional port @@ -382,7 +390,7 @@ let type = types.listOf types.str; default = []; example = [ "192.0.2.0/24 NOKEY" "192.0.2.0/24 my_tsig_key_name" ]; - description = lib.mdDoc '' + description = '' Allow these IPs and TSIG to transfer zones, addr TSIG|NOKEY|BLOCKED address range 192.0.2.0/24, 1.2.3.4&255.255.0.0, 3.0.2.20-3.0.2.40 ''; @@ -391,7 +399,7 @@ let requestXFR = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' Format: `[AXFR|UDP] <ip-address> <key-name | NOKEY>` ''; }; @@ -399,7 +407,7 @@ let rrlWhitelist = mkOption { type = with types; listOf (enum [ "nxdomain" "error" "referral" "any" "rrsig" "wildcard" "nodata" "dnskey" "positive" "all" ]); default = []; - description = lib.mdDoc '' + description = '' Whitelists the given rrl-types. ''; }; @@ -408,7 +416,7 @@ let type = types.nullOr types.str; default = null; example = "%s"; - description = lib.mdDoc '' + description = '' When set to something distinct to null NSD is able to collect statistics per zone. All statistics of this zone(s) will be added to the group specified by this given name. Use "%s" to use the zones @@ -423,19 +431,19 @@ let options = { keySize = mkOption { type = types.int; - description = lib.mdDoc "Key size in bits"; + description = "Key size in bits"; }; prePublish = mkOption { type = types.str; - description = lib.mdDoc "How long in advance to publish new keys"; + description = "How long in advance to publish new keys"; }; postPublish = mkOption { type = types.str; - description = lib.mdDoc "How long after deactivation to keep a key in the zone"; + description = "How long after deactivation to keep a key in the zone"; }; rollPeriod = mkOption { type = types.str; - description = lib.mdDoc "How frequently to change keys"; + description = "How frequently to change keys"; }; }; }; @@ -447,9 +455,7 @@ let dnssecTools = pkgs.bind.override { enablePython = true; }; signZones = optionalString dnssec '' - mkdir -p ${stateDir}/dnssec - chown ${username}:${username} ${stateDir}/dnssec - chmod 0600 ${stateDir}/dnssec + install -m 0600 -o "${username}" -g "${username}" -d "${stateDir}/dnssec" ${concatStrings (mapAttrsToList signZone dnssecZones)} ''; @@ -478,14 +484,14 @@ in # options are ordered alphanumerically options.services.nsd = { - enable = mkEnableOption (lib.mdDoc "NSD authoritative DNS server"); + enable = mkEnableOption "NSD authoritative DNS server"; - bind8Stats = mkEnableOption (lib.mdDoc "BIND8 like statistics"); + bind8Stats = mkEnableOption "BIND8 like statistics"; dnssecInterval = mkOption { type = types.str; default = "1h"; - description = lib.mdDoc '' + description = '' How often to check whether dnssec key rollover is required ''; }; @@ -493,7 +499,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra nsd config. ''; }; @@ -501,7 +507,7 @@ in hideVersion = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether NSD should answer VERSION.BIND and VERSION.SERVER CHAOS class queries. ''; }; @@ -509,7 +515,7 @@ in identity = mkOption { type = types.str; default = "unidentified server"; - description = lib.mdDoc '' + description = '' Identify the server (CH TXT ID.SERVER entry). ''; }; @@ -517,7 +523,7 @@ in interfaces = mkOption { type = types.listOf types.str; default = [ "127.0.0.0" "::1" ]; - description = lib.mdDoc '' + description = '' What addresses the server should listen to. ''; }; @@ -525,7 +531,7 @@ in ipFreebind = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to bind to nonlocal addresses and interfaces that are down. Similar to ip-transparent. ''; @@ -534,7 +540,7 @@ in ipTransparent = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Allow binding to non local addresses. ''; }; @@ -542,7 +548,7 @@ in ipv4 = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to listen on IPv4 connections. ''; }; @@ -550,7 +556,7 @@ in ipv4EDNSSize = mkOption { type = types.int; default = 4096; - description = lib.mdDoc '' + description = '' Preferred EDNS buffer size for IPv4. ''; }; @@ -558,7 +564,7 @@ in ipv6 = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to listen on IPv6 connections. ''; }; @@ -566,7 +572,7 @@ in ipv6EDNSSize = mkOption { type = types.int; default = 4096; - description = lib.mdDoc '' + description = '' Preferred EDNS buffer size for IPv6. ''; }; @@ -574,7 +580,7 @@ in logTimeAscii = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Log time in ascii, if false then in unix epoch seconds. ''; }; @@ -582,7 +588,7 @@ in nsid = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' NSID identity (hex string, or "ascii_somestring"). ''; }; @@ -590,7 +596,7 @@ in port = mkOption { type = types.port; default = 53; - description = lib.mdDoc '' + description = '' Port the service should bind do. ''; }; @@ -599,7 +605,7 @@ in type = types.bool; default = pkgs.stdenv.isLinux; defaultText = literalExpression "pkgs.stdenv.isLinux"; - description = lib.mdDoc '' + description = '' Whether to enable SO_REUSEPORT on all used sockets. This lets multiple processes bind to the same port. This speeds up operation especially if the server count is greater than one and makes fast restarts less @@ -610,18 +616,18 @@ in rootServer = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether this server will be a root server (a DNS root server, you usually don't want that). ''; }; - roundRobin = mkEnableOption (lib.mdDoc "round robin rotation of records"); + roundRobin = mkEnableOption "round robin rotation of records"; serverCount = mkOption { type = types.int; default = 1; - description = lib.mdDoc '' + description = '' Number of NSD servers to fork. Put the number of CPUs to use here. ''; }; @@ -629,7 +635,7 @@ in statistics = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' Statistics are produced every number of seconds. Prints to log. If null no statistics are logged. ''; @@ -638,7 +644,7 @@ in tcpCount = mkOption { type = types.int; default = 100; - description = lib.mdDoc '' + description = '' Maximum number of concurrent TCP connections per server. ''; }; @@ -646,7 +652,7 @@ in tcpQueryCount = mkOption { type = types.int; default = 0; - description = lib.mdDoc '' + description = '' Maximum number of queries served on a single TCP connection. 0 means no maximum. ''; @@ -655,7 +661,7 @@ in tcpTimeout = mkOption { type = types.int; default = 120; - description = lib.mdDoc '' + description = '' TCP timeout in seconds. ''; }; @@ -663,7 +669,7 @@ in verbosity = mkOption { type = types.int; default = 0; - description = lib.mdDoc '' + description = '' Verbosity level. ''; }; @@ -671,7 +677,7 @@ in version = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The version string replied for CH TXT version.server and version.bind queries. Will use the compiled package version on null. See hideVersion for enabling/disabling this responses. @@ -681,7 +687,7 @@ in xfrdReloadTimeout = mkOption { type = types.int; default = 1; - description = lib.mdDoc '' + description = '' Number of seconds between reloads triggered by xfrd. ''; }; @@ -689,11 +695,22 @@ in zonefilesCheck = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to check mtime of all zone files on start and sighup. ''; }; + zonefilesWrite = mkOption { + type = types.int; + default = 0; + description = '' + Write changed secondary zones to their zonefile every N seconds. + If the zone (pattern) configuration has "" zonefile, it is not written. + Zones that have received zone transfer updates are written to their zonefile. + 0 disables writing to zone files. + ''; + }; + keys = mkOption { type = types.attrsOf (types.submodule { @@ -702,14 +719,14 @@ in algorithm = mkOption { type = types.str; default = "hmac-sha256"; - description = lib.mdDoc '' + description = '' Authentication algorithm for this key. ''; }; keyFile = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' Path to the file which contains the actual base64 encoded key. The key will be copied into "${stateDir}/private" before NSD starts. The copied file is only accessibly by the NSD @@ -727,7 +744,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' Define your TSIG keys here. ''; }; @@ -735,12 +752,12 @@ in ratelimit = { - enable = mkEnableOption (lib.mdDoc "ratelimit capabilities"); + enable = mkEnableOption "ratelimit capabilities"; ipv4PrefixLength = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' IPv4 prefix length. Addresses are grouped by netblock. ''; }; @@ -748,7 +765,7 @@ in ipv6PrefixLength = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' IPv6 prefix length. Addresses are grouped by netblock. ''; }; @@ -756,7 +773,7 @@ in ratelimit = mkOption { type = types.int; default = 200; - description = lib.mdDoc '' + description = '' Max qps allowed from any query source. 0 means unlimited. With an verbosity of 2 blocked and unblocked subnets will be logged. @@ -766,7 +783,7 @@ in slip = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' Number of packets that get discarded before replying a SLIP response. 0 disables SLIP responses. 1 will make every response a SLIP response. ''; @@ -775,7 +792,7 @@ in size = mkOption { type = types.int; default = 1000000; - description = lib.mdDoc '' + description = '' Size of the hashtable. More buckets use more memory but lower the chance of hash hash collisions. ''; @@ -784,7 +801,7 @@ in whitelistRatelimit = mkOption { type = types.int; default = 2000; - description = lib.mdDoc '' + description = '' Max qps allowed from whitelisted sources. 0 means unlimited. Set the rrl-whitelist option for specific queries to apply this limit instead of the default to them. @@ -796,12 +813,12 @@ in remoteControl = { - enable = mkEnableOption (lib.mdDoc "remote control via nsd-control"); + enable = mkEnableOption "remote control via nsd-control"; controlCertFile = mkOption { type = types.path; default = "/etc/nsd/nsd_control.pem"; - description = lib.mdDoc '' + description = '' Path to the client certificate signed with the server certificate. This file is used by nsd-control and generated by nsd-control-setup. ''; @@ -810,7 +827,7 @@ in controlKeyFile = mkOption { type = types.path; default = "/etc/nsd/nsd_control.key"; - description = lib.mdDoc '' + description = '' Path to the client private key, which is used by nsd-control but not by the server. This file is generated by nsd-control-setup. ''; @@ -819,7 +836,7 @@ in interfaces = mkOption { type = types.listOf types.str; default = [ "127.0.0.1" "::1" ]; - description = lib.mdDoc '' + description = '' Which interfaces NSD should bind to for remote control. ''; }; @@ -827,7 +844,7 @@ in port = mkOption { type = types.port; default = 8952; - description = lib.mdDoc '' + description = '' Port number for remote control operations (uses TLS over TCP). ''; }; @@ -835,7 +852,7 @@ in serverCertFile = mkOption { type = types.path; default = "/etc/nsd/nsd_server.pem"; - description = lib.mdDoc '' + description = '' Path to the server self signed certificate, which is used by the server but and by nsd-control. This file is generated by nsd-control-setup. ''; @@ -844,7 +861,7 @@ in serverKeyFile = mkOption { type = types.path; default = "/etc/nsd/nsd_server.key"; - description = lib.mdDoc '' + description = '' Path to the server private key, which is used by the server but not by nsd-control. This file is generated by nsd-control-setup. ''; @@ -886,7 +903,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' Define your zones here. Zones can cascade other zones and therefore inherit settings from parent zones. Look at the definition of children to learn about inheritance and child zones. @@ -940,9 +957,9 @@ in rm -Rf "${stateDir}/private/" rm -Rf "${stateDir}/tmp/" - mkdir -m 0700 -p "${stateDir}/private" - mkdir -m 0700 -p "${stateDir}/tmp" - mkdir -m 0700 -p "${stateDir}/var" + install -dm 0700 -o "${username}" -g "${username}" "${stateDir}/private" + install -dm 0700 -o "${username}" -g "${username}" "${stateDir}/tmp" + install -dm 0700 -o "${username}" -g "${username}" "${stateDir}/var" cat > "${stateDir}/don't touch anything in here" << EOF Everything in this directory except NSD's state in var and dnssec @@ -950,10 +967,6 @@ in the nsd.service pre-start script. EOF - chown ${username}:${username} -R "${stateDir}/private" - chown ${username}:${username} -R "${stateDir}/tmp" - chown ${username}:${username} -R "${stateDir}/var" - rm -rf "${stateDir}/zones" cp -rL "${nsdEnv}/zones" "${stateDir}/zones" diff --git a/nixpkgs/nixos/modules/services/networking/ntopng.nix b/nixpkgs/nixos/modules/services/networking/ntopng.nix index a47ee0773d17..ebe9e3072e98 100644 --- a/nixpkgs/nixos/modules/services/networking/ntopng.nix +++ b/nixpkgs/nixos/modules/services/networking/ntopng.nix @@ -43,7 +43,7 @@ in enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Enable ntopng, a high-speed web-based traffic analysis and flow collection tool. @@ -63,7 +63,7 @@ in default = [ "any" ]; example = [ "eth0" "wlan0" ]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' List of interfaces to monitor. Use "any" to monitor all interfaces. ''; }; @@ -71,7 +71,7 @@ in httpPort = mkOption { default = 3000; type = types.int; - description = lib.mdDoc '' + description = '' Sets the HTTP port of the embedded web server. ''; }; @@ -79,7 +79,7 @@ in redis.address = mkOption { type = types.str; example = literalExpression "config.services.redis.ntopng.unixSocket"; - description = lib.mdDoc '' + description = '' Redis address - may be a Unix socket or a network host and port. ''; }; @@ -87,7 +87,7 @@ in redis.createInstance = mkOption { type = types.nullOr types.str; default = optionalString (versionAtLeast config.system.stateVersion "22.05") "ntopng"; - description = lib.mdDoc '' + description = '' Local Redis instance name. Set to `null` to disable local Redis instance. Defaults to `""` for `system.stateVersion` older than 22.05. @@ -102,7 +102,7 @@ in --disable-login ''; type = types.lines; - description = lib.mdDoc '' + description = '' Overridable configuration file contents to use for ntopng. By default, use the contents automatically generated by NixOS. ''; @@ -111,7 +111,7 @@ in extraConfig = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Configuration lines that will be appended to the generated ntopng configuration file. Note that this mechanism does not work when the manual {option}`configText` option is used. diff --git a/nixpkgs/nixos/modules/services/networking/ntp/chrony.nix b/nixpkgs/nixos/modules/services/networking/ntp/chrony.nix index b56bea4e134f..978b156414a7 100644 --- a/nixpkgs/nixos/modules/services/networking/ntp/chrony.nix +++ b/nixpkgs/nixos/modules/services/networking/ntp/chrony.nix @@ -41,7 +41,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to synchronise your machine's time using chrony. Make sure you disable NTP if you enable this service. ''; @@ -53,7 +53,7 @@ in default = config.networking.timeServers; defaultText = literalExpression "config.networking.timeServers"; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' The set of NTP servers from which to synchronise. ''; }; @@ -61,7 +61,7 @@ in serverOption = mkOption { default = "iburst"; type = types.enum [ "iburst" "offline" ]; - description = lib.mdDoc '' + description = '' Set option for server directives. Use "iburst" to rapidly poll on startup. Recommended if your machine @@ -76,7 +76,7 @@ in type = types.bool; default = config.environment.memoryAllocator.provider != "graphene-hardened"; defaultText = ''config.environment.memoryAllocator.provider != "graphene-hardened"''; - description = lib.mdDoc '' + description = '' Whether to add the `-m` flag to lock memory. ''; }; @@ -84,7 +84,7 @@ in enableRTCTrimming = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Enable tracking of the RTC offset to the system clock and automatic trimming. See also [](#opt-services.chrony.autotrimThreshold) @@ -111,7 +111,7 @@ in enableNTS = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable Network Time Security authentication. Make sure it is supported by your selected NTP server(s). ''; @@ -121,7 +121,7 @@ in enabled = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Allow chronyd to make a rapid measurement of the system clock error at boot time, and to correct the system clock by stepping before normal operation begins. @@ -131,7 +131,7 @@ in threshold = mkOption { type = types.either types.float types.int; default = 1000; # by default, same threshold as 'ntpd -g' (1000s) - description = lib.mdDoc '' + description = '' The threshold of system clock error (in seconds) above which the clock will be stepped. If the correction required is less than the threshold, a slew is used instead. @@ -142,13 +142,13 @@ in directory = mkOption { type = types.str; default = "/var/lib/chrony"; - description = lib.mdDoc "Directory where chrony state is stored."; + description = "Directory where chrony state is stored."; }; extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra configuration directives that should be added to `chrony.conf` ''; @@ -158,7 +158,7 @@ in default = [ ]; example = [ "-s" ]; type = types.listOf types.str; - description = lib.mdDoc "Extra flags passed to the chronyd command."; + description = "Extra flags passed to the chronyd command."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/ntp/ntpd-rs.nix b/nixpkgs/nixos/modules/services/networking/ntp/ntpd-rs.nix index 4643ac146ddb..296c89c4c6f5 100644 --- a/nixpkgs/nixos/modules/services/networking/ntp/ntpd-rs.nix +++ b/nixpkgs/nixos/modules/services/networking/ntp/ntpd-rs.nix @@ -15,7 +15,7 @@ in useNetworkingTimeServers = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc '' + description = '' Use source time servers from {var}`networking.timeServers` in config. ''; }; @@ -25,7 +25,7 @@ in freeformType = format.type; }; default = { }; - description = lib.mdDoc '' + description = '' Settings to write to {file}`ntp.toml` See <https://docs.ntpd-rs.pendulum-project.org/man/ntp.toml.5> diff --git a/nixpkgs/nixos/modules/services/networking/ntp/ntpd.nix b/nixpkgs/nixos/modules/services/networking/ntp/ntpd.nix index 2bc690cacf09..e7ea8866d79b 100644 --- a/nixpkgs/nixos/modules/services/networking/ntp/ntpd.nix +++ b/nixpkgs/nixos/modules/services/networking/ntp/ntpd.nix @@ -40,7 +40,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to synchronise your machine's time using ntpd, as a peer in the NTP network. @@ -50,7 +50,7 @@ in restrictDefault = mkOption { type = types.listOf types.str; - description = lib.mdDoc '' + description = '' The restriction flags to be set by default. The default flags prevent external hosts from using ntpd as a DDoS @@ -63,7 +63,7 @@ in restrictSource = mkOption { type = types.listOf types.str; - description = lib.mdDoc '' + description = '' The restriction flags to be set on source. The default flags allow peers to be added by ntpd from configured @@ -76,7 +76,7 @@ in default = config.networking.timeServers; defaultText = literalExpression "config.networking.timeServers"; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' The set of NTP servers from which to synchronise. ''; }; @@ -87,14 +87,14 @@ in example = '' fudge 127.127.1.0 stratum 10 ''; - description = lib.mdDoc '' + description = '' Additional text appended to {file}`ntp.conf`. ''; }; extraFlags = mkOption { type = types.listOf types.str; - description = lib.mdDoc "Extra flags passed to the ntpd command."; + description = "Extra flags passed to the ntpd command."; example = literalExpression ''[ "--interface=eth0" ]''; default = []; }; diff --git a/nixpkgs/nixos/modules/services/networking/ntp/openntpd.nix b/nixpkgs/nixos/modules/services/networking/ntp/openntpd.nix index 05df1f6e6266..9414be1f8502 100644 --- a/nixpkgs/nixos/modules/services/networking/ntp/openntpd.nix +++ b/nixpkgs/nixos/modules/services/networking/ntp/openntpd.nix @@ -19,7 +19,7 @@ in ###### interface options.services.openntpd = { - enable = mkEnableOption (lib.mdDoc "OpenNTP time synchronization server"); + enable = mkEnableOption "OpenNTP time synchronization server"; servers = mkOption { default = config.services.ntp.servers; @@ -35,7 +35,7 @@ in listen on 127.0.0.1 listen on ::1 ''; - description = lib.mdDoc '' + description = '' Additional text appended to {file}`openntpd.conf`. ''; }; @@ -44,7 +44,7 @@ in type = with types; separatedString " "; default = ""; example = "-s"; - description = lib.mdDoc '' + description = '' Extra options used when launching openntpd. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/nullidentdmod.nix b/nixpkgs/nixos/modules/services/networking/nullidentdmod.nix index e74e1dd6b795..b0d338a27941 100644 --- a/nixpkgs/nixos/modules/services/networking/nullidentdmod.nix +++ b/nixpkgs/nixos/modules/services/networking/nullidentdmod.nix @@ -3,11 +3,11 @@ in { options.services.nullidentdmod = with types; { - enable = mkEnableOption (lib.mdDoc "the nullidentdmod identd daemon"); + enable = mkEnableOption "the nullidentdmod identd daemon"; userid = mkOption { type = nullOr str; - description = lib.mdDoc "User ID to return. Set to null to return a random string each time."; + description = "User ID to return. Set to null to return a random string each time."; default = null; example = "alice"; }; diff --git a/nixpkgs/nixos/modules/services/networking/nylon.nix b/nixpkgs/nixos/modules/services/networking/nylon.nix index 401dbe97c52d..f1b9abf61d60 100644 --- a/nixpkgs/nixos/modules/services/networking/nylon.nix +++ b/nixpkgs/nixos/modules/services/networking/nylon.nix @@ -29,7 +29,7 @@ let enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enables nylon as a running service upon activation. ''; }; @@ -37,13 +37,13 @@ let name = mkOption { type = types.str; default = ""; - description = lib.mdDoc "The name of this nylon instance."; + description = "The name of this nylon instance."; }; nrConnections = mkOption { type = types.int; default = 10; - description = lib.mdDoc '' + description = '' The number of allowed simultaneous connections to the daemon, default 10. ''; }; @@ -51,7 +51,7 @@ let logging = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable logging, default is no logging. ''; }; @@ -59,7 +59,7 @@ let verbosity = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable verbose output, default is to not be verbose. ''; }; @@ -67,7 +67,7 @@ let acceptInterface = mkOption { type = types.str; default = "lo"; - description = lib.mdDoc '' + description = '' Tell nylon which interface to listen for client requests on, default is "lo". ''; }; @@ -75,7 +75,7 @@ let bindInterface = mkOption { type = types.str; default = "enp3s0f0"; - description = lib.mdDoc '' + description = '' Tell nylon which interface to use as an uplink, default is "enp3s0f0". ''; }; @@ -83,7 +83,7 @@ let port = mkOption { type = types.port; default = 1080; - description = lib.mdDoc '' + description = '' What port to listen for client requests, default is 1080. ''; }; @@ -91,7 +91,7 @@ let allowedIPRanges = mkOption { type = with types; listOf str; default = [ "192.168.0.0/16" "127.0.0.1/8" "172.16.0.1/12" "10.0.0.0/8" ]; - description = lib.mdDoc '' + description = '' Allowed client IP ranges are evaluated first, defaults to ARIN IPv4 private ranges: [ "192.168.0.0/16" "127.0.0.0/8" "172.16.0.0/12" "10.0.0.0/8" ] ''; @@ -100,7 +100,7 @@ let deniedIPRanges = mkOption { type = with types; listOf str; default = [ "0.0.0.0/0" ]; - description = lib.mdDoc '' + description = '' Denied client IP ranges, these gets evaluated after the allowed IP ranges, defaults to all IPv4 addresses: [ "0.0.0.0/0" ] To block all other access than the allowed. @@ -139,7 +139,7 @@ in services.nylon = mkOption { default = {}; - description = lib.mdDoc "Collection of named nylon instances"; + description = "Collection of named nylon instances"; type = with types; attrsOf (submodule nylonOpts); internal = true; }; diff --git a/nixpkgs/nixos/modules/services/networking/ocserv.nix b/nixpkgs/nixos/modules/services/networking/ocserv.nix index 3c61d56b893e..afdd8254ffd2 100644 --- a/nixpkgs/nixos/modules/services/networking/ocserv.nix +++ b/nixpkgs/nixos/modules/services/networking/ocserv.nix @@ -10,12 +10,12 @@ in { options.services.ocserv = { - enable = mkEnableOption (lib.mdDoc "ocserv"); + enable = mkEnableOption "ocserv"; config = mkOption { type = types.lines; - description = lib.mdDoc '' + description = '' Configuration content to start an OCServ server. For a full configuration reference,please refer to the online documentation diff --git a/nixpkgs/nixos/modules/services/networking/ofono.nix b/nixpkgs/nixos/modules/services/networking/ofono.nix index 960fc35a70ac..460b06443c41 100644 --- a/nixpkgs/nixos/modules/services/networking/ofono.nix +++ b/nixpkgs/nixos/modules/services/networking/ofono.nix @@ -19,13 +19,13 @@ in ###### interface options = { services.ofono = { - enable = mkEnableOption (lib.mdDoc "Ofono"); + enable = mkEnableOption "Ofono"; plugins = mkOption { type = types.listOf types.package; default = []; example = literalExpression "[ pkgs.modem-manager-gui ]"; - description = lib.mdDoc '' + description = '' The list of plugins to install. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/oidentd.nix b/nixpkgs/nixos/modules/services/networking/oidentd.nix index 7c7883c94611..feb84806ba99 100644 --- a/nixpkgs/nixos/modules/services/networking/oidentd.nix +++ b/nixpkgs/nixos/modules/services/networking/oidentd.nix @@ -11,7 +11,7 @@ with lib; services.oidentd.enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to enable ‘oidentd’, an implementation of the Ident protocol (RFC 1413). It allows remote systems to identify the name of the user associated with a TCP connection. diff --git a/nixpkgs/nixos/modules/services/networking/onedrive.nix b/nixpkgs/nixos/modules/services/networking/onedrive.nix index d782ec05352b..0c4e27507c1c 100644 --- a/nixpkgs/nixos/modules/services/networking/onedrive.nix +++ b/nixpkgs/nixos/modules/services/networking/onedrive.nix @@ -26,13 +26,13 @@ in { ### Interface options.services.onedrive = { - enable = lib.mkEnableOption (lib.mdDoc "OneDrive service"); + enable = lib.mkEnableOption "OneDrive service"; package = lib.mkOption { type = lib.types.package; default = pkgs.onedrive; defaultText = lib.literalExpression "pkgs.onedrive"; - description = lib.mdDoc '' + description = '' OneDrive package to use. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/openconnect.nix b/nixpkgs/nixos/modules/services/networking/openconnect.nix index d2730faf9381..e2c06943e1d7 100644 --- a/nixpkgs/nixos/modules/services/networking/openconnect.nix +++ b/nixpkgs/nixos/modules/services/networking/openconnect.nix @@ -11,25 +11,25 @@ let options = { autoStart = mkOption { default = true; - description = lib.mdDoc "Whether this VPN connection should be started automatically."; + description = "Whether this VPN connection should be started automatically."; type = types.bool; }; gateway = mkOption { - description = lib.mdDoc "Gateway server to connect to."; + description = "Gateway server to connect to."; example = "gateway.example.com"; type = types.str; }; protocol = mkOption { - description = lib.mdDoc "Protocol to use."; + description = "Protocol to use."; example = "anyconnect"; type = types.enum [ "anyconnect" "array" "nc" "pulse" "gp" "f5" "fortinet" ]; }; user = mkOption { - description = lib.mdDoc "Username to authenticate with."; + description = "Username to authenticate with."; example = "example-user"; type = types.nullOr types.str; default = null; @@ -39,7 +39,7 @@ let # set an authentication cookie, because they have to be requested # for every new connection and would only work once. passwordFile = mkOption { - description = lib.mdDoc '' + description = '' File containing the password to authenticate with. This is passed to `openconnect` via the `--passwd-on-stdin` option. @@ -50,21 +50,21 @@ let }; certificate = mkOption { - description = lib.mdDoc "Certificate to authenticate with."; + description = "Certificate to authenticate with."; default = null; example = "/var/lib/secrets/openconnect_certificate.pem"; type = with types; nullOr (either path pkcs11); }; privateKey = mkOption { - description = lib.mdDoc "Private key to authenticate with."; + description = "Private key to authenticate with."; example = "/var/lib/secrets/openconnect_private_key.pem"; default = null; type = with types; nullOr (either path pkcs11); }; extraOptions = mkOption { - description = lib.mdDoc '' + description = '' Extra config to be appended to the interface config. It should contain long-format options as would be accepted on the command line by `openconnect` @@ -120,7 +120,7 @@ in { package = mkPackageOption pkgs "openconnect" { }; interfaces = mkOption { - description = lib.mdDoc "OpenConnect interfaces."; + description = "OpenConnect interfaces."; default = { }; example = { openconnect0 = { diff --git a/nixpkgs/nixos/modules/services/networking/openvpn.nix b/nixpkgs/nixos/modules/services/networking/openvpn.nix index 9a5866f2afd4..4a00cdc64975 100644 --- a/nixpkgs/nixos/modules/services/networking/openvpn.nix +++ b/nixpkgs/nixos/modules/services/networking/openvpn.nix @@ -124,7 +124,7 @@ in } ''; - description = lib.mdDoc '' + description = '' Each attribute of this option defines a systemd service that runs an OpenVPN instance. These can be OpenVPN servers or clients. The name of each systemd service is @@ -139,7 +139,7 @@ in config = mkOption { type = types.lines; - description = lib.mdDoc '' + description = '' Configuration of this OpenVPN instance. See {manpage}`openvpn(8)` for details. @@ -152,7 +152,7 @@ in up = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Shell commands executed when the instance is starting. ''; }; @@ -160,7 +160,7 @@ in down = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Shell commands executed when the instance is shutting down. ''; }; @@ -168,13 +168,13 @@ in autoStart = mkOption { default = true; type = types.bool; - description = lib.mdDoc "Whether this OpenVPN instance should be started automatically."; + description = "Whether this OpenVPN instance should be started automatically."; }; updateResolvConf = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Use the script from the update-resolv-conf package to automatically update resolv.conf with the DNS information provided by openvpn. The script will be run after the "up" commands and before the "down" commands. @@ -183,7 +183,7 @@ in authUserPass = mkOption { default = null; - description = lib.mdDoc '' + description = '' This option can be used to store the username / password credentials with the "auth-user-pass" authentication method. @@ -193,12 +193,12 @@ in options = { username = mkOption { - description = lib.mdDoc "The username to store inside the credentials file."; + description = "The username to store inside the credentials file."; type = types.str; }; password = mkOption { - description = lib.mdDoc "The password to store inside the credentials file."; + description = "The password to store inside the credentials file."; type = types.str; }; }; @@ -213,7 +213,7 @@ in services.openvpn.restartAfterSleep = mkOption { default = true; type = types.bool; - description = lib.mdDoc "Whether OpenVPN client should be restarted after sleep."; + description = "Whether OpenVPN client should be restarted after sleep."; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/ostinato.nix b/nixpkgs/nixos/modules/services/networking/ostinato.nix index dc07313ea901..635c4e9bc0fa 100644 --- a/nixpkgs/nixos/modules/services/networking/ostinato.nix +++ b/nixpkgs/nixos/modules/services/networking/ostinato.nix @@ -26,12 +26,12 @@ in services.ostinato = { - enable = mkEnableOption (lib.mdDoc "Ostinato agent-controller (Drone)"); + enable = mkEnableOption "Ostinato agent-controller (Drone)"; port = mkOption { type = types.port; default = 7878; - description = lib.mdDoc '' + description = '' Port to listen on. ''; }; @@ -39,7 +39,7 @@ in rateAccuracy = mkOption { type = types.enum [ "High" "Low" ]; default = "High"; - description = lib.mdDoc '' + description = '' To ensure that the actual transmit rate is as close as possible to the configured transmit rate, Drone runs a busy-wait loop. While this provides the maximum accuracy possible, the CPU @@ -52,7 +52,7 @@ in address = mkOption { type = types.str; default = "0.0.0.0"; - description = lib.mdDoc '' + description = '' By default, the Drone RPC server will listen on all interfaces and local IPv4 addresses for incoming connections from clients. Specify a single IPv4 or IPv6 address if you want to restrict that. @@ -66,7 +66,7 @@ in type = types.listOf types.str; default = []; example = [ "eth*" "lo*" ]; - description = lib.mdDoc '' + description = '' For a port to pass the filter and appear on the port list managed by drone, it be allowed by this include list. ''; @@ -75,7 +75,7 @@ in type = types.listOf types.str; default = []; example = [ "usbmon*" "eth0" ]; - description = lib.mdDoc '' + description = '' A list of ports does not appear on the port list managed by drone. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/owamp.nix b/nixpkgs/nixos/modules/services/networking/owamp.nix index 32b2dab9e3c7..45907f7d6e9a 100644 --- a/nixpkgs/nixos/modules/services/networking/owamp.nix +++ b/nixpkgs/nixos/modules/services/networking/owamp.nix @@ -10,7 +10,7 @@ in ###### interface options = { - services.owamp.enable = mkEnableOption (lib.mdDoc "OWAMP server"); + services.owamp.enable = mkEnableOption "OWAMP server"; }; diff --git a/nixpkgs/nixos/modules/services/networking/pdns-recursor.nix b/nixpkgs/nixos/modules/services/networking/pdns-recursor.nix index f929532ba09f..a03a20e6bc6d 100644 --- a/nixpkgs/nixos/modules/services/networking/pdns-recursor.nix +++ b/nixpkgs/nixos/modules/services/networking/pdns-recursor.nix @@ -27,12 +27,12 @@ let in { options.services.pdns-recursor = { - enable = mkEnableOption (lib.mdDoc "PowerDNS Recursor, a recursive DNS server"); + enable = mkEnableOption "PowerDNS Recursor, a recursive DNS server"; dns.address = mkOption { type = oneOrMore types.str; default = [ "::" "0.0.0.0" ]; - description = lib.mdDoc '' + description = '' IP addresses Recursor DNS server will bind to. ''; }; @@ -40,7 +40,7 @@ in { dns.port = mkOption { type = types.port; default = 53; - description = lib.mdDoc '' + description = '' Port number Recursor DNS server will bind to. ''; }; @@ -53,7 +53,7 @@ in { "::1/128" "fc00::/7" "fe80::/10" ]; example = [ "0.0.0.0/0" "::/0" ]; - description = lib.mdDoc '' + description = '' IP address ranges of clients allowed to make DNS queries. ''; }; @@ -61,7 +61,7 @@ in { api.address = mkOption { type = types.str; default = "0.0.0.0"; - description = lib.mdDoc '' + description = '' IP address Recursor REST API server will bind to. ''; }; @@ -69,7 +69,7 @@ in { api.port = mkOption { type = types.port; default = 8082; - description = lib.mdDoc '' + description = '' Port number Recursor REST API server will bind to. ''; }; @@ -78,7 +78,7 @@ in { type = types.listOf types.str; default = [ "127.0.0.1" "::1" ]; example = [ "0.0.0.0/0" "::/0" ]; - description = lib.mdDoc '' + description = '' IP address ranges of clients allowed to make API requests. ''; }; @@ -86,7 +86,7 @@ in { exportHosts = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to export names and IP addresses defined in /etc/hosts. ''; }; @@ -94,7 +94,7 @@ in { forwardZones = mkOption { type = types.attrs; default = {}; - description = lib.mdDoc '' + description = '' DNS zones to be forwarded to other authoritative servers. ''; }; @@ -103,7 +103,7 @@ in { type = types.attrs; example = { eth = "[::1]:5353"; }; default = {}; - description = lib.mdDoc '' + description = '' DNS zones to be forwarded to other recursive servers. ''; }; @@ -111,7 +111,7 @@ in { dnssecValidation = mkOption { type = types.enum ["off" "process-no-validate" "process" "log-fail" "validate"]; default = "validate"; - description = lib.mdDoc '' + description = '' Controls the level of DNSSEC processing done by the PowerDNS Recursor. See https://doc.powerdns.com/md/recursor/dnssec/ for a detailed explanation. ''; @@ -120,7 +120,7 @@ in { serveRFC1918 = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to directly resolve the RFC1918 reverse-mapping domains: `10.in-addr.arpa`, `168.192.in-addr.arpa`, @@ -138,7 +138,7 @@ in { log-common-errors = true; } ''; - description = lib.mdDoc '' + description = '' PowerDNS Recursor settings. Use this option to configure Recursor settings not exposed in a NixOS option or to bypass one. See the full documentation at @@ -150,7 +150,7 @@ in { luaConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' The content Lua configuration file for PowerDNS Recursor. See <https://doc.powerdns.com/recursor/lua-config/index.html>. ''; diff --git a/nixpkgs/nixos/modules/services/networking/pdnsd.nix b/nixpkgs/nixos/modules/services/networking/pdnsd.nix index 8fe27a44eee6..50b9b9d20289 100644 --- a/nixpkgs/nixos/modules/services/networking/pdnsd.nix +++ b/nixpkgs/nixos/modules/services/networking/pdnsd.nix @@ -24,18 +24,18 @@ in { options = { services.pdnsd = - { enable = mkEnableOption (lib.mdDoc "pdnsd"); + { enable = mkEnableOption "pdnsd"; cacheDir = mkOption { type = types.str; default = "/var/cache/pdnsd"; - description = lib.mdDoc "Directory holding the pdnsd cache"; + description = "Directory holding the pdnsd cache"; }; globalConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Global configuration that should be added to the global directory of `pdnsd.conf`. ''; @@ -44,7 +44,7 @@ in serverConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Server configuration that should be added to the server directory of `pdnsd.conf`. ''; @@ -53,7 +53,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra configuration directives that should be added to `pdnsd.conf`. ''; diff --git a/nixpkgs/nixos/modules/services/networking/peroxide.nix b/nixpkgs/nixos/modules/services/networking/peroxide.nix index 34c82e2c8b03..582e25fbacc9 100644 --- a/nixpkgs/nixos/modules/services/networking/peroxide.nix +++ b/nixpkgs/nixos/modules/services/networking/peroxide.nix @@ -9,7 +9,7 @@ let in { options.services.peroxide = { - enable = mkEnableOption (lib.mdDoc "peroxide"); + enable = mkEnableOption "peroxide"; package = mkPackageOption pkgs "peroxide" { default = [ "peroxide" ]; @@ -20,7 +20,7 @@ in type = types.enum [ "Panic" "Fatal" "Error" "Warning" "Info" "Debug" "Trace" ]; default = "Warning"; example = "Info"; - description = lib.mdDoc "Only log messages of this priority or higher."; + description = "Only log messages of this priority or higher."; }; settings = mkOption { @@ -31,25 +31,25 @@ in UserPortImap = mkOption { type = types.port; default = 1143; - description = lib.mdDoc "The port on which to listen for IMAP connections."; + description = "The port on which to listen for IMAP connections."; }; UserPortSmtp = mkOption { type = types.port; default = 1025; - description = lib.mdDoc "The port on which to listen for SMTP connections."; + description = "The port on which to listen for SMTP connections."; }; ServerAddress = mkOption { type = types.str; default = "[::0]"; example = "localhost"; - description = lib.mdDoc "The address on which to listen for connections."; + description = "The address on which to listen for connections."; }; }; }; default = { }; - description = lib.mdDoc '' + description = '' Configuration for peroxide. See [config.example.yaml](https://github.com/ljanyst/peroxide/blob/master/config.example.yaml) for an example configuration. diff --git a/nixpkgs/nixos/modules/services/networking/picosnitch.nix b/nixpkgs/nixos/modules/services/networking/picosnitch.nix index c9b38c1929ca..bdbb1e691227 100644 --- a/nixpkgs/nixos/modules/services/networking/picosnitch.nix +++ b/nixpkgs/nixos/modules/services/networking/picosnitch.nix @@ -7,7 +7,7 @@ let in { options.services.picosnitch = { - enable = mkEnableOption (lib.mdDoc "picosnitch daemon"); + enable = mkEnableOption "picosnitch daemon"; }; config = mkIf cfg.enable { environment.systemPackages = [ pkgs.picosnitch ]; diff --git a/nixpkgs/nixos/modules/services/networking/pixiecore.nix b/nixpkgs/nixos/modules/services/networking/pixiecore.nix index 1f47a1d0b631..cfdb8014136e 100644 --- a/nixpkgs/nixos/modules/services/networking/pixiecore.nix +++ b/nixpkgs/nixos/modules/services/networking/pixiecore.nix @@ -6,22 +6,22 @@ let cfg = config.services.pixiecore; in { - meta.maintainers = with maintainers; [ bbigras danderson ]; + meta.maintainers = with maintainers; [ bbigras ]; options = { services.pixiecore = { - enable = mkEnableOption (lib.mdDoc "Pixiecore"); + enable = mkEnableOption "Pixiecore"; openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Open ports (67, 69, 4011 UDP and 'port', 'statusPort' TCP) in the firewall for Pixiecore. ''; }; mode = mkOption { - description = lib.mdDoc "Which mode to use"; + description = "Which mode to use"; default = "boot"; type = types.enum [ "api" "boot" "quick" ]; }; @@ -29,17 +29,17 @@ in debug = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Log more things that aren't directly related to booting a recognized client"; + description = "Log more things that aren't directly related to booting a recognized client"; }; dhcpNoBind = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Handle DHCP traffic without binding to the DHCP server port"; + description = "Handle DHCP traffic without binding to the DHCP server port"; }; quick = mkOption { - description = lib.mdDoc "Which quick option to use"; + description = "Which quick option to use"; default = "xyz"; type = types.enum [ "arch" "centos" "coreos" "debian" "fedora" "ubuntu" "xyz" ]; }; @@ -47,49 +47,49 @@ in kernel = mkOption { type = types.str or types.path; default = ""; - description = lib.mdDoc "Kernel path. Ignored unless mode is set to 'boot'"; + description = "Kernel path. Ignored unless mode is set to 'boot'"; }; initrd = mkOption { type = types.str or types.path; default = ""; - description = lib.mdDoc "Initrd path. Ignored unless mode is set to 'boot'"; + description = "Initrd path. Ignored unless mode is set to 'boot'"; }; cmdLine = mkOption { type = types.str; default = ""; - description = lib.mdDoc "Kernel commandline arguments. Ignored unless mode is set to 'boot'"; + description = "Kernel commandline arguments. Ignored unless mode is set to 'boot'"; }; listen = mkOption { type = types.str; default = "0.0.0.0"; - description = lib.mdDoc "IPv4 address to listen on"; + description = "IPv4 address to listen on"; }; port = mkOption { type = types.port; default = 80; - description = lib.mdDoc "Port to listen on for HTTP"; + description = "Port to listen on for HTTP"; }; statusPort = mkOption { type = types.port; default = 80; - description = lib.mdDoc "HTTP port for status information (can be the same as --port)"; + description = "HTTP port for status information (can be the same as --port)"; }; apiServer = mkOption { type = types.str; example = "localhost:8080"; - description = lib.mdDoc "host:port to connect to the API. Ignored unless mode is set to 'api'"; + description = "host:port to connect to the API. Ignored unless mode is set to 'api'"; }; extraArguments = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc "Additional command line arguments to pass to Pixiecore"; + description = "Additional command line arguments to pass to Pixiecore"; }; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/pleroma.nix b/nixpkgs/nixos/modules/services/networking/pleroma.nix index 8470f5e9cbc0..a152b72143da 100644 --- a/nixpkgs/nixos/modules/services/networking/pleroma.nix +++ b/nixpkgs/nixos/modules/services/networking/pleroma.nix @@ -4,32 +4,32 @@ let in { options = { services.pleroma = with lib; { - enable = mkEnableOption (lib.mdDoc "pleroma"); + enable = mkEnableOption "pleroma"; package = mkPackageOption pkgs "pleroma" { }; user = mkOption { type = types.str; default = "pleroma"; - description = lib.mdDoc "User account under which pleroma runs."; + description = "User account under which pleroma runs."; }; group = mkOption { type = types.str; default = "pleroma"; - description = lib.mdDoc "Group account under which pleroma runs."; + description = "Group account under which pleroma runs."; }; stateDir = mkOption { type = types.str; default = "/var/lib/pleroma"; readOnly = true; - description = lib.mdDoc "Directory where the pleroma service will save the uploads and static files."; + description = "Directory where the pleroma service will save the uploads and static files."; }; configs = mkOption { type = with types; listOf str; - description = lib.mdDoc '' + description = '' Pleroma public configuration. This list gets appended from left to @@ -54,7 +54,7 @@ in { secretConfigFile = mkOption { type = types.str; default = "/var/lib/pleroma/secrets.exs"; - description = lib.mdDoc '' + description = '' Path to the file containing your secret pleroma configuration. *DO NOT POINT THIS OPTION TO THE NIX diff --git a/nixpkgs/nixos/modules/services/networking/polipo.nix b/nixpkgs/nixos/modules/services/networking/polipo.nix index 8581553829bf..e9cac7181b5c 100644 --- a/nixpkgs/nixos/modules/services/networking/polipo.nix +++ b/nixpkgs/nixos/modules/services/networking/polipo.nix @@ -23,25 +23,25 @@ in services.polipo = { - enable = mkEnableOption (lib.mdDoc "polipo caching web proxy"); + enable = mkEnableOption "polipo caching web proxy"; proxyAddress = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc "IP address on which Polipo will listen."; + description = "IP address on which Polipo will listen."; }; proxyPort = mkOption { type = types.port; default = 8123; - description = lib.mdDoc "TCP port on which Polipo will listen."; + description = "TCP port on which Polipo will listen."; }; allowedClients = mkOption { type = types.listOf types.str; default = [ "127.0.0.1" "::1" ]; example = [ "127.0.0.1" "::1" "134.157.168.0/24" "2001:660:116::/48" ]; - description = lib.mdDoc '' + description = '' List of IP addresses or network addresses that may connect to Polipo. ''; }; @@ -50,7 +50,7 @@ in type = types.str; default = ""; example = "localhost:8124"; - description = lib.mdDoc '' + description = '' Hostname and port number of an HTTP parent proxy; it should have the form ‘host:port’. ''; @@ -60,7 +60,7 @@ in type = types.str; default = ""; example = "localhost:9050"; - description = lib.mdDoc '' + description = '' Hostname and port number of an SOCKS parent proxy; it should have the form ‘host:port’. ''; @@ -69,7 +69,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Polio configuration. Contents will be added verbatim to the configuration file. ''; diff --git a/nixpkgs/nixos/modules/services/networking/powerdns.nix b/nixpkgs/nixos/modules/services/networking/powerdns.nix index 03bf93301d85..bd8d08bc878c 100644 --- a/nixpkgs/nixos/modules/services/networking/powerdns.nix +++ b/nixpkgs/nixos/modules/services/networking/powerdns.nix @@ -9,12 +9,12 @@ let in { options = { services.powerdns = { - enable = mkEnableOption (lib.mdDoc "PowerDNS domain name server"); + enable = mkEnableOption "PowerDNS domain name server"; extraConfig = mkOption { type = types.lines; default = "launch=bind"; - description = lib.mdDoc '' + description = '' PowerDNS configuration. Refer to <https://doc.powerdns.com/authoritative/settings.html> for details on supported values. @@ -25,7 +25,7 @@ in { type = types.nullOr types.path; default = null; example = "/run/keys/powerdns.env"; - description = lib.mdDoc '' + description = '' Environment variables from this file will be interpolated into the final config file using envsubst with this syntax: `$ENVIRONMENT` or `''${VARIABLE}`. diff --git a/nixpkgs/nixos/modules/services/networking/pppd.nix b/nixpkgs/nixos/modules/services/networking/pppd.nix index 855b5358f47f..8310b119b5f6 100644 --- a/nixpkgs/nixos/modules/services/networking/pppd.nix +++ b/nixpkgs/nixos/modules/services/networking/pppd.nix @@ -7,18 +7,18 @@ let in { meta = { - maintainers = with maintainers; [ danderson ]; + maintainers = with maintainers; [ ]; }; options = { services.pppd = { - enable = mkEnableOption (lib.mdDoc "pppd"); + enable = mkEnableOption "pppd"; package = mkPackageOption pkgs "ppp" { }; peers = mkOption { default = {}; - description = lib.mdDoc "pppd peers."; + description = "pppd peers."; type = types.attrsOf (types.submodule ( { name, ... }: { @@ -27,27 +27,27 @@ in type = types.str; default = name; example = "dialup"; - description = lib.mdDoc "Name of the PPP peer."; + description = "Name of the PPP peer."; }; enable = mkOption { type = types.bool; default = true; example = false; - description = lib.mdDoc "Whether to enable this PPP peer."; + description = "Whether to enable this PPP peer."; }; autostart = mkOption { type = types.bool; default = true; example = false; - description = lib.mdDoc "Whether the PPP session is automatically started at boot time."; + description = "Whether the PPP session is automatically started at boot time."; }; config = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "pppd configuration for this peer, see the pppd(8) man page."; + description = "pppd configuration for this peer, see the pppd(8) man page."; }; }; })); diff --git a/nixpkgs/nixos/modules/services/networking/pptpd.nix b/nixpkgs/nixos/modules/services/networking/pptpd.nix index 703dda99803e..b28015800f3c 100644 --- a/nixpkgs/nixos/modules/services/networking/pptpd.nix +++ b/nixpkgs/nixos/modules/services/networking/pptpd.nix @@ -5,35 +5,35 @@ with lib; { options = { services.pptpd = { - enable = mkEnableOption (lib.mdDoc "pptpd, the Point-to-Point Tunneling Protocol daemon"); + enable = mkEnableOption "pptpd, the Point-to-Point Tunneling Protocol daemon"; serverIp = mkOption { type = types.str; - description = lib.mdDoc "The server-side IP address."; + description = "The server-side IP address."; default = "10.124.124.1"; }; clientIpRange = mkOption { type = types.str; - description = lib.mdDoc "The range from which client IPs are drawn."; + description = "The range from which client IPs are drawn."; default = "10.124.124.2-11"; }; maxClients = mkOption { type = types.int; - description = lib.mdDoc "The maximum number of simultaneous connections."; + description = "The maximum number of simultaneous connections."; default = 10; }; extraPptpdOptions = mkOption { type = types.lines; - description = lib.mdDoc "Adds extra lines to the pptpd configuration file."; + description = "Adds extra lines to the pptpd configuration file."; default = ""; }; extraPppdOptions = mkOption { type = types.lines; - description = lib.mdDoc "Adds extra lines to the pppd options file."; + description = "Adds extra lines to the pppd options file."; default = ""; example = '' ms-dns 8.8.8.8 diff --git a/nixpkgs/nixos/modules/services/networking/privoxy.nix b/nixpkgs/nixos/modules/services/networking/privoxy.nix index 619490a4c020..d40dd603085a 100644 --- a/nixpkgs/nixos/modules/services/networking/privoxy.nix +++ b/nixpkgs/nixos/modules/services/networking/privoxy.nix @@ -53,12 +53,12 @@ in options.services.privoxy = { - enable = mkEnableOption (lib.mdDoc "Privoxy, non-caching filtering proxy"); + enable = mkEnableOption "Privoxy, non-caching filtering proxy"; enableTor = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to configure Privoxy to use Tor's faster SOCKS port, suitable for HTTP. ''; @@ -67,7 +67,7 @@ in inspectHttps = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to configure Privoxy to inspect HTTPS requests, meaning all encrypted traffic will be filtered as well. This works by decrypting and re-encrypting the requests using a per-domain generated certificate. @@ -89,7 +89,7 @@ in type = ageType; default = "10d"; example = "12h"; - description = lib.mdDoc '' + description = '' If `inspectHttps` is enabled, the time generated HTTPS certificates will be stored in a temporary directory for reuse. Once the lifetime has expired the directory will cleared and the certificate @@ -108,7 +108,7 @@ in userActions = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Actions to be included in a `user.action` file. This will have a higher priority and can be used to override all other actions. @@ -118,7 +118,7 @@ in userFilters = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Filters to be included in a `user.filter` file. This will have a higher priority and can be used to override all other filters definitions. @@ -132,13 +132,13 @@ in options.listen-address = mkOption { type = types.str; default = "127.0.0.1:8118"; - description = lib.mdDoc "Pair of address:port the proxy server is listening to."; + description = "Pair of address:port the proxy server is listening to."; }; options.enable-edit-actions = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether the web-based actions file editor may be used."; + description = "Whether the web-based actions file editor may be used."; }; options.actionsfile = mkOption { @@ -148,7 +148,7 @@ in apply = x: x ++ optional (cfg.userActions != "") (toString (pkgs.writeText "user.actions" cfg.userActions)); default = [ "match-all.action" "default.action" ]; - description = lib.mdDoc '' + description = '' List of paths to Privoxy action files. These paths may either be absolute or relative to the privoxy configuration directory. ''; @@ -159,7 +159,7 @@ in default = [ "default.filter" ]; apply = x: x ++ optional (cfg.userFilters != "") (toString (pkgs.writeText "user.filter" cfg.userFilters)); - description = lib.mdDoc '' + description = '' List of paths to Privoxy filter files. These paths may either be absolute or relative to the privoxy configuration directory. ''; @@ -181,7 +181,7 @@ in # debug 64 } ''; - description = lib.mdDoc '' + description = '' This option is mapped to the main Privoxy configuration file. Check out the Privoxy user manual at <https://www.privoxy.org/user-manual/config.html> diff --git a/nixpkgs/nixos/modules/services/networking/prosody.nix b/nixpkgs/nixos/modules/services/networking/prosody.nix index 2952df2a1099..0de07a9b870c 100644 --- a/nixpkgs/nixos/modules/services/networking/prosody.nix +++ b/nixpkgs/nixos/modules/services/networking/prosody.nix @@ -10,19 +10,19 @@ let key = mkOption { type = types.path; - description = lib.mdDoc "Path to the key file."; + description = "Path to the key file."; }; # TODO: rename to certificate to match the prosody config cert = mkOption { type = types.path; - description = lib.mdDoc "Path to the certificate file."; + description = "Path to the certificate file."; }; extraOptions = mkOption { type = types.attrs; default = {}; - description = lib.mdDoc "Extra SSL configuration options."; + description = "Extra SSL configuration options."; }; }; @@ -32,11 +32,11 @@ let options = { url = mkOption { type = types.str; - description = lib.mdDoc "URL of the endpoint you want to make discoverable"; + description = "URL of the endpoint you want to make discoverable"; }; description = mkOption { type = types.str; - description = lib.mdDoc "A short description of the endpoint you want to advertise"; + description = "A short description of the endpoint you want to advertise"; }; }; }; @@ -46,216 +46,216 @@ let roster = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Allow users to have a roster"; + description = "Allow users to have a roster"; }; saslauth = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Authentication for clients and servers. Recommended if you want to log in."; + description = "Authentication for clients and servers. Recommended if you want to log in."; }; tls = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Add support for secure TLS on c2s/s2s connections"; + description = "Add support for secure TLS on c2s/s2s connections"; }; dialback = mkOption { type = types.bool; default = true; - description = lib.mdDoc "s2s dialback support"; + description = "s2s dialback support"; }; disco = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Service discovery"; + description = "Service discovery"; }; # Not essential, but recommended carbons = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Keep multiple clients in sync"; + description = "Keep multiple clients in sync"; }; csi = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Implements the CSI protocol that allows clients to report their active/inactive state to the server"; + description = "Implements the CSI protocol that allows clients to report their active/inactive state to the server"; }; cloud_notify = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Push notifications to inform users of new messages or other pertinent information even when they have no XMPP clients online"; + description = "Push notifications to inform users of new messages or other pertinent information even when they have no XMPP clients online"; }; pep = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Enables users to publish their mood, activity, playing music and more"; + description = "Enables users to publish their mood, activity, playing music and more"; }; private = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Private XML storage (for room bookmarks, etc.)"; + description = "Private XML storage (for room bookmarks, etc.)"; }; blocklist = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Allow users to block communications with other users"; + description = "Allow users to block communications with other users"; }; vcard = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Allow users to set vCards"; + description = "Allow users to set vCards"; }; vcard_legacy = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Converts users profiles and Avatars between old and new formats"; + description = "Converts users profiles and Avatars between old and new formats"; }; bookmarks = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Allows interop between older clients that use XEP-0048: Bookmarks in its 1.0 version and recent clients which use it in PEP"; + description = "Allows interop between older clients that use XEP-0048: Bookmarks in its 1.0 version and recent clients which use it in PEP"; }; # Nice to have version = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Replies to server version requests"; + description = "Replies to server version requests"; }; uptime = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Report how long server has been running"; + description = "Report how long server has been running"; }; time = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Let others know the time here on this server"; + description = "Let others know the time here on this server"; }; ping = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Replies to XMPP pings with pongs"; + description = "Replies to XMPP pings with pongs"; }; register = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Allow users to register on this server using a client and change passwords"; + description = "Allow users to register on this server using a client and change passwords"; }; mam = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Store messages in an archive and allow users to access it"; + description = "Store messages in an archive and allow users to access it"; }; smacks = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Allow a client to resume a disconnected session, and prevent message loss"; + description = "Allow a client to resume a disconnected session, and prevent message loss"; }; # Admin interfaces admin_adhoc = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Allows administration via an XMPP client that supports ad-hoc commands"; + description = "Allows administration via an XMPP client that supports ad-hoc commands"; }; http_files = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Serve static files from a directory over HTTP"; + description = "Serve static files from a directory over HTTP"; }; proxy65 = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Enables a file transfer proxy service which clients behind NAT can use"; + description = "Enables a file transfer proxy service which clients behind NAT can use"; }; admin_telnet = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Opens telnet console interface on localhost port 5582"; + description = "Opens telnet console interface on localhost port 5582"; }; # HTTP modules bosh = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable BOSH clients, aka 'Jabber over HTTP'"; + description = "Enable BOSH clients, aka 'Jabber over HTTP'"; }; websocket = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable WebSocket support"; + description = "Enable WebSocket support"; }; # Other specific functionality limits = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable bandwidth limiting for XMPP connections"; + description = "Enable bandwidth limiting for XMPP connections"; }; groups = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Shared roster support"; + description = "Shared roster support"; }; server_contact_info = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Publish contact information for this service"; + description = "Publish contact information for this service"; }; announce = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Send announcement to all online users"; + description = "Send announcement to all online users"; }; welcome = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Welcome users who register accounts"; + description = "Welcome users who register accounts"; }; watchregistrations = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Alert admins of registrations"; + description = "Alert admins of registrations"; }; motd = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Send a message to users when they log in"; + description = "Send a message to users when they log in"; }; legacyauth = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Legacy authentication. Only used by some old clients and bots"; + description = "Legacy authentication. Only used by some old clients and bots"; }; }; @@ -279,27 +279,27 @@ let options = { domain = mkOption { type = types.str; - description = lib.mdDoc "Domain name of the MUC"; + description = "Domain name of the MUC"; }; name = mkOption { type = types.str; - description = lib.mdDoc "The name to return in service discovery responses for the MUC service itself"; + description = "The name to return in service discovery responses for the MUC service itself"; default = "Prosody Chatrooms"; }; restrictRoomCreation = mkOption { type = types.enum [ true false "admin" "local" ]; default = false; - description = lib.mdDoc "Restrict room creation to server admins"; + description = "Restrict room creation to server admins"; }; maxHistoryMessages = mkOption { type = types.int; default = 20; - description = lib.mdDoc "Specifies a limit on what each room can be configured to keep"; + description = "Specifies a limit on what each room can be configured to keep"; }; roomLocking = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Enables room locking, which means that a room must be configured before it can be used. Locked rooms are invisible and cannot be entered by anyone but the creator @@ -308,7 +308,7 @@ let roomLockTimeout = mkOption { type = types.int; default = 300; - description = lib.mdDoc '' + description = '' Timeout after which the room is destroyed or unlocked if not configured, in seconds ''; @@ -316,7 +316,7 @@ let tombstones = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' When a room is destroyed, it leaves behind a tombstone which prevents the room being entered or recreated. It also allows anyone who was not in the room at the time it was destroyed @@ -329,7 +329,7 @@ let tombstoneExpiry = mkOption { type = types.int; default = 2678400; - description = lib.mdDoc '' + description = '' This settings controls how long a tombstone is considered valid. It defaults to 31 days. After this time, the room in question can be created again. @@ -339,7 +339,7 @@ let vcard_muc = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Adds the ability to set vCard for Multi User Chat rooms"; + description = "Adds the ability to set vCard for Multi User Chat rooms"; }; # Extra parameters. Defaulting to prosody default values. @@ -350,42 +350,42 @@ let roomDefaultPublic = mkOption { type = types.bool; default = true; - description = lib.mdDoc "If set, the MUC rooms will be public by default."; + description = "If set, the MUC rooms will be public by default."; }; roomDefaultMembersOnly = mkOption { type = types.bool; default = false; - description = lib.mdDoc "If set, the MUC rooms will only be accessible to the members by default."; + description = "If set, the MUC rooms will only be accessible to the members by default."; }; roomDefaultModerated = mkOption { type = types.bool; default = false; - description = lib.mdDoc "If set, the MUC rooms will be moderated by default."; + description = "If set, the MUC rooms will be moderated by default."; }; roomDefaultPublicJids = mkOption { type = types.bool; default = false; - description = lib.mdDoc "If set, the MUC rooms will display the public JIDs by default."; + description = "If set, the MUC rooms will display the public JIDs by default."; }; roomDefaultChangeSubject = mkOption { type = types.bool; default = false; - description = lib.mdDoc "If set, the rooms will display the public JIDs by default."; + description = "If set, the rooms will display the public JIDs by default."; }; roomDefaultHistoryLength = mkOption { type = types.int; default = 20; - description = lib.mdDoc "Number of history message sent to participants by default."; + description = "Number of history message sent to participants by default."; }; roomDefaultLanguage = mkOption { type = types.str; default = "en"; - description = lib.mdDoc "Default room language."; + description = "Default room language."; }; extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Additional MUC specific configuration"; + description = "Additional MUC specific configuration"; }; }; }; @@ -394,30 +394,30 @@ let options = { domain = mkOption { type = types.nullOr types.str; - description = lib.mdDoc "Domain name for the http-upload service"; + description = "Domain name for the http-upload service"; }; uploadFileSizeLimit = mkOption { type = types.str; default = "50 * 1024 * 1024"; - description = lib.mdDoc "Maximum file size, in bytes. Defaults to 50MB."; + description = "Maximum file size, in bytes. Defaults to 50MB."; }; uploadExpireAfter = mkOption { type = types.str; default = "60 * 60 * 24 * 7"; - description = lib.mdDoc "Max age of a file before it gets deleted, in seconds."; + description = "Max age of a file before it gets deleted, in seconds."; }; userQuota = mkOption { type = types.nullOr types.int; default = null; example = 1234; - description = lib.mdDoc '' + description = '' Maximum size of all uploaded files per user, in bytes. There will be no quota if this option is set to null. ''; }; httpUploadPath = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Directory where the uploaded files will be stored. By default, uploaded files are put in a sub-directory of the default Prosody storage path (usually /var/lib/prosody). @@ -434,25 +434,25 @@ let # TODO: require attribute domain = mkOption { type = types.str; - description = lib.mdDoc "Domain name"; + description = "Domain name"; }; enabled = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the virtual host"; + description = "Whether to enable the virtual host"; }; ssl = mkOption { type = types.nullOr (types.submodule sslOpts); default = null; - description = lib.mdDoc "Paths to SSL files"; + description = "Paths to SSL files"; }; extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Additional virtual host specific configuration"; + description = "Additional virtual host specific configuration"; }; }; @@ -472,13 +472,13 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the prosody server"; + description = "Whether to enable the prosody server"; }; xmppComplianceSuite = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' The XEP-0423 defines a set of recommended XEPs to implement for a server. It's generally a good idea to implement this set of extensions if you want to provide your users with a @@ -508,7 +508,7 @@ in dataDir = mkOption { type = types.path; default = "/var/lib/prosody"; - description = lib.mdDoc '' + description = '' The prosody home directory used to store all data. If left as the default value this directory will automatically be created before the prosody server starts, otherwise you are responsible for ensuring the directory exists with appropriate ownership @@ -519,13 +519,13 @@ in disco_items = mkOption { type = types.listOf (types.submodule discoOpts); default = []; - description = lib.mdDoc "List of discoverable items you want to advertise."; + description = "List of discoverable items you want to advertise."; }; user = mkOption { type = types.str; default = "prosody"; - description = lib.mdDoc '' + description = '' User account under which prosody runs. ::: {.note} @@ -539,7 +539,7 @@ in group = mkOption { type = types.str; default = "prosody"; - description = lib.mdDoc '' + description = '' Group account under which prosody runs. ::: {.note} @@ -553,38 +553,38 @@ in allowRegistration = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Allow account creation"; + description = "Allow account creation"; }; # HTTP server-related options httpPorts = mkOption { type = types.listOf types.int; - description = lib.mdDoc "Listening HTTP ports list for this service."; + description = "Listening HTTP ports list for this service."; default = [ 5280 ]; }; httpInterfaces = mkOption { type = types.listOf types.str; default = [ "*" "::" ]; - description = lib.mdDoc "Interfaces on which the HTTP server will listen on."; + description = "Interfaces on which the HTTP server will listen on."; }; httpsPorts = mkOption { type = types.listOf types.int; - description = lib.mdDoc "Listening HTTPS ports list for this service."; + description = "Listening HTTPS ports list for this service."; default = [ 5281 ]; }; httpsInterfaces = mkOption { type = types.listOf types.str; default = [ "*" "::" ]; - description = lib.mdDoc "Interfaces on which the HTTPS server will listen on."; + description = "Interfaces on which the HTTPS server will listen on."; }; c2sRequireEncryption = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Force clients to use encrypted connections? This option will prevent clients from authenticating unless they are using encryption. ''; @@ -593,7 +593,7 @@ in s2sRequireEncryption = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Force servers to use encrypted connections? This option will prevent servers from authenticating unless they are using encryption. Note that this is different from authentication. @@ -603,7 +603,7 @@ in s2sSecureAuth = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Force certificate authentication for server-to-server connections? This provides ideal security, but requires servers you communicate with to support encryption AND present valid, trusted certificates. @@ -615,7 +615,7 @@ in type = types.listOf types.str; default = []; example = [ "insecure.example.com" ]; - description = lib.mdDoc '' + description = '' Some servers have invalid or self-signed certificates. You can list remote domains here that will not be required to authenticate using certificates. They will be authenticated using DNS instead, even @@ -627,7 +627,7 @@ in type = types.listOf types.str; default = []; example = [ "jabber.org" ]; - description = lib.mdDoc '' + description = '' Even if you leave s2s_secure_auth disabled, you can still require valid certificates for some domains by specifying a list here. ''; @@ -639,17 +639,17 @@ in extraModules = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc "Enable custom modules"; + description = "Enable custom modules"; }; extraPluginPaths = mkOption { type = types.listOf types.path; default = []; - description = lib.mdDoc "Additional path in which to look find plugins/modules"; + description = "Additional path in which to look find plugins/modules"; }; uploadHttp = mkOption { - description = lib.mdDoc '' + description = '' Configures the Prosody builtin HTTP server to handle user uploads. ''; type = types.nullOr (types.submodule uploadHttpOpts); @@ -665,12 +665,12 @@ in example = [ { domain = "conference.my-xmpp-example-host.org"; } ]; - description = lib.mdDoc "Multi User Chat (MUC) configuration"; + description = "Multi User Chat (MUC) configuration"; }; virtualHosts = mkOption { - description = lib.mdDoc "Define the virtual hosts"; + description = "Define the virtual hosts"; type = with types; attrsOf (submodule vHostOpts); @@ -693,27 +693,27 @@ in ssl = mkOption { type = types.nullOr (types.submodule sslOpts); default = null; - description = lib.mdDoc "Paths to SSL files"; + description = "Paths to SSL files"; }; admins = mkOption { type = types.listOf types.str; default = []; example = [ "admin1@example.com" "admin2@example.com" ]; - description = lib.mdDoc "List of administrators of the current host"; + description = "List of administrators of the current host"; }; authentication = mkOption { type = types.enum [ "internal_plain" "internal_hashed" "cyrus" "anonymous" ]; default = "internal_hashed"; example = "internal_plain"; - description = lib.mdDoc "Authentication mechanism used for logins."; + description = "Authentication mechanism used for logins."; }; extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Additional prosody configuration"; + description = "Additional prosody configuration"; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/quassel.nix b/nixpkgs/nixos/modules/services/networking/quassel.nix index 4294d67fffd3..30b61dd9e599 100644 --- a/nixpkgs/nixos/modules/services/networking/quassel.nix +++ b/nixpkgs/nixos/modules/services/networking/quassel.nix @@ -17,12 +17,12 @@ in services.quassel = { - enable = mkEnableOption (lib.mdDoc "the Quassel IRC client daemon"); + enable = mkEnableOption "the Quassel IRC client daemon"; certificateFile = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Path to the certificate used for SSL connections with clients. ''; }; @@ -30,7 +30,7 @@ in requireSSL = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Require SSL for connections from clients. ''; }; @@ -40,7 +40,7 @@ in interfaces = mkOption { type = types.listOf types.str; default = [ "127.0.0.1" ]; - description = lib.mdDoc '' + description = '' The interfaces the Quassel daemon will be listening to. If `[ 127.0.0.1 ]`, only clients on the local host can connect to it; if `[ 0.0.0.0 ]`, clients can access it from any network interface. @@ -50,7 +50,7 @@ in portNumber = mkOption { type = types.port; default = 4242; - description = lib.mdDoc '' + description = '' The port number the Quassel daemon will be listening to. ''; }; @@ -61,7 +61,7 @@ in "/home/''${config.${opt.user}}/.config/quassel-irc.org" ''; type = types.str; - description = lib.mdDoc '' + description = '' The directory holding configuration files, the SQlite database and the SSL Cert. ''; }; @@ -69,7 +69,7 @@ in user = mkOption { default = null; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' The existing user the Quassel daemon should run as. If left empty, a default "quassel" user will be created. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/quicktun.nix b/nixpkgs/nixos/modules/services/networking/quicktun.nix index 2d44659f2080..b9fc5c8ebdb7 100644 --- a/nixpkgs/nixos/modules/services/networking/quicktun.nix +++ b/nixpkgs/nixos/modules/services/networking/quicktun.nix @@ -1,7 +1,7 @@ { options, config, pkgs, lib, ... }: let - inherit (lib) mkOption mdDoc types mkIf; + inherit (lib) mkOption types mkIf; opt = options.services.quicktun; cfg = config.services.quicktun; @@ -10,7 +10,7 @@ in options = { services.quicktun = mkOption { default = { }; - description = mdDoc '' + description = '' QuickTun tunnels. See <http://wiki.ucis.nl/QuickTun> for more information about available options. @@ -23,14 +23,14 @@ in type = with types; coercedTo bool (b: if b then 1 else 0) (ints.between 0 1); default = false; example = true; - description = mdDoc "Whether to operate in tun (IP) or tap (Ethernet) mode."; + description = "Whether to operate in tun (IP) or tap (Ethernet) mode."; }; remoteAddress = mkOption { type = types.str; default = "0.0.0.0"; example = "tunnel.example.com"; - description = mdDoc '' + description = '' IP address or hostname of the remote end (use `0.0.0.0` for a floating/dynamic remote endpoint). ''; }; @@ -39,27 +39,27 @@ in type = with types; nullOr str; default = null; example = "0.0.0.0"; - description = mdDoc "IP address or hostname of the local end."; + description = "IP address or hostname of the local end."; }; localPort = mkOption { type = types.port; default = 2998; - description = mdDoc "Local UDP port."; + description = "Local UDP port."; }; remotePort = mkOption { type = types.port; default = qtcfg.localPort; defaultText = lib.literalExpression "config.services.quicktun.<name>.localPort"; - description = mdDoc " remote UDP port"; + description = " remote UDP port"; }; remoteFloat = mkOption { type = with types; coercedTo bool (b: if b then 1 else 0) (ints.between 0 1); default = false; example = true; - description = mdDoc '' + description = '' Whether to allow the remote address and port to change when properly encrypted packets are received. ''; }; @@ -67,13 +67,13 @@ in protocol = mkOption { type = types.enum [ "raw" "nacl0" "nacltai" "salty" ]; default = "nacltai"; - description = mdDoc "Which protocol to use."; + description = "Which protocol to use."; }; privateKey = mkOption { type = with types; nullOr str; default = null; - description = mdDoc '' + description = '' Local secret key in hexadecimal form. ::: {.warning} @@ -91,7 +91,7 @@ in # This is a hack to deprecate `privateKey` without using `mkChangedModuleOption` default = if qtcfg.privateKey == null then null else pkgs.writeText "quickttun-key-${name}" qtcfg.privateKey; defaultText = "null"; - description = mdDoc '' + description = '' Path to file containing local secret key in binary or hexadecimal form. ::: {.note} @@ -103,7 +103,7 @@ in publicKey = mkOption { type = with types; nullOr str; default = null; - description = mdDoc '' + description = '' Remote public key in hexadecimal form. ::: {.note} @@ -115,7 +115,7 @@ in timeWindow = mkOption { type = types.ints.unsigned; default = 5; - description = mdDoc '' + description = '' Allowed time window for first received packet in seconds (positive number allows packets from history) ''; }; @@ -123,7 +123,7 @@ in upScript = mkOption { type = with types; nullOr lines; default = null; - description = mdDoc '' + description = '' Run specified command or script after the tunnel device has been opened. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/quorum.nix b/nixpkgs/nixos/modules/services/networking/quorum.nix index 4b90b12f86fc..bddcd18c7fbe 100644 --- a/nixpkgs/nixos/modules/services/networking/quorum.nix +++ b/nixpkgs/nixos/modules/services/networking/quorum.nix @@ -13,87 +13,87 @@ in { options = { services.quorum = { - enable = mkEnableOption (lib.mdDoc "Quorum blockchain daemon"); + enable = mkEnableOption "Quorum blockchain daemon"; user = mkOption { type = types.str; default = "quorum"; - description = lib.mdDoc "The user as which to run quorum."; + description = "The user as which to run quorum."; }; group = mkOption { type = types.str; default = cfg.user; defaultText = literalExpression "config.${opt.user}"; - description = lib.mdDoc "The group as which to run quorum."; + description = "The group as which to run quorum."; }; port = mkOption { type = types.port; default = 21000; - description = lib.mdDoc "Override the default port on which to listen for connections."; + description = "Override the default port on which to listen for connections."; }; nodekeyFile = mkOption { type = types.path; default = "${dataDir}/nodekey"; - description = lib.mdDoc "Path to the nodekey."; + description = "Path to the nodekey."; }; staticNodes = mkOption { type = types.listOf types.str; default = []; example = [ "enode://dd333ec28f0a8910c92eb4d336461eea1c20803eed9cf2c056557f986e720f8e693605bba2f4e8f289b1162e5ac7c80c914c7178130711e393ca76abc1d92f57@0.0.0.0:30303?discport=0" ]; - description = lib.mdDoc "List of validator nodes."; + description = "List of validator nodes."; }; privateconfig = mkOption { type = types.str; default = "ignore"; - description = lib.mdDoc "Configuration of privacy transaction manager."; + description = "Configuration of privacy transaction manager."; }; syncmode = mkOption { type = types.enum [ "fast" "full" "light" ]; default = "full"; - description = lib.mdDoc "Blockchain sync mode."; + description = "Blockchain sync mode."; }; blockperiod = mkOption { type = types.int; default = 5; - description = lib.mdDoc "Default minimum difference between two consecutive block's timestamps in seconds."; + description = "Default minimum difference between two consecutive block's timestamps in seconds."; }; permissioned = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Allow only a defined list of nodes to connect."; + description = "Allow only a defined list of nodes to connect."; }; rpc = { enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Enable RPC interface."; + description = "Enable RPC interface."; }; address = mkOption { type = types.str; default = "0.0.0.0"; - description = lib.mdDoc "Listening address for RPC connections."; + description = "Listening address for RPC connections."; }; port = mkOption { type = types.port; default = 22004; - description = lib.mdDoc "Override the default port on which to listen for RPC connections."; + description = "Override the default port on which to listen for RPC connections."; }; api = mkOption { type = types.str; default = "admin,db,eth,debug,miner,net,shh,txpool,personal,web3,quorum,istanbul"; - description = lib.mdDoc "API's offered over the HTTP-RPC interface."; + description = "API's offered over the HTTP-RPC interface."; }; }; @@ -101,31 +101,31 @@ in { enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Enable WS-RPC interface."; + description = "Enable WS-RPC interface."; }; address = mkOption { type = types.str; default = "0.0.0.0"; - description = lib.mdDoc "Listening address for WS-RPC connections."; + description = "Listening address for WS-RPC connections."; }; port = mkOption { type = types.port; default = 8546; - description = lib.mdDoc "Override the default port on which to listen for WS-RPC connections."; + description = "Override the default port on which to listen for WS-RPC connections."; }; api = mkOption { type = types.str; default = "admin,db,eth,debug,miner,net,shh,txpool,personal,web3,quorum,istanbul"; - description = lib.mdDoc "API's offered over the WS-RPC interface."; + description = "API's offered over the WS-RPC interface."; }; origins = mkOption { type = types.str; default = "*"; - description = lib.mdDoc "Origins from which to accept websockets requests"; + description = "Origins from which to accept websockets requests"; }; }; @@ -160,7 +160,7 @@ in { parentHash = "0x0000000000000000000000000000000000000000000000000000000000000000"; timestamp = "0x00"; }''; - description = lib.mdDoc "Blockchain genesis settings."; + description = "Blockchain genesis settings."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/r53-ddns.nix b/nixpkgs/nixos/modules/services/networking/r53-ddns.nix index 277b65dcecd4..a8839762d530 100644 --- a/nixpkgs/nixos/modules/services/networking/r53-ddns.nix +++ b/nixpkgs/nixos/modules/services/networking/r53-ddns.nix @@ -10,27 +10,27 @@ in options = { services.r53-ddns = { - enable = mkEnableOption (lib.mdDoc "r53-ddyns"); + enable = mkEnableOption "r53-ddyns"; interval = mkOption { type = types.str; default = "15min"; - description = lib.mdDoc "How often to update the entry"; + description = "How often to update the entry"; }; zoneID = mkOption { type = types.str; - description = lib.mdDoc "The ID of your zone in Route53"; + description = "The ID of your zone in Route53"; }; domain = mkOption { type = types.str; - description = lib.mdDoc "The name of your domain in Route53"; + description = "The name of your domain in Route53"; }; hostname = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Manually specify the hostname. Otherwise the tool will try to use the name returned by the OS (Call to gethostname) ''; @@ -38,7 +38,7 @@ in environmentFile = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' File containing the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY in the format of an EnvironmentFile as described by systemd.exec(5) ''; diff --git a/nixpkgs/nixos/modules/services/networking/radicale.nix b/nixpkgs/nixos/modules/services/networking/radicale.nix index 00dbd6bbe386..62a242e88c9b 100644 --- a/nixpkgs/nixos/modules/services/networking/radicale.nix +++ b/nixpkgs/nixos/modules/services/networking/radicale.nix @@ -25,10 +25,10 @@ let in { options.services.radicale = { - enable = mkEnableOption (lib.mdDoc "Radicale CalDAV and CardDAV server"); + enable = mkEnableOption "Radicale CalDAV and CardDAV server"; package = mkOption { - description = lib.mdDoc "Radicale package to use."; + description = "Radicale package to use."; # Default cannot be pkgs.radicale because non-null values suppress # warnings about incompatible configuration and storage formats. type = with types; nullOr package // { inherit (package) description; }; @@ -39,7 +39,7 @@ in { config = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Radicale configuration, this will set the service configuration file. This option is mutually exclusive with {option}`settings`. @@ -50,7 +50,7 @@ in { settings = mkOption { type = format.type; default = { }; - description = lib.mdDoc '' + description = '' Configuration for Radicale. See <https://radicale.org/3.0.html#documentation/configuration>. This option is mutually exclusive with {option}`config`. @@ -72,7 +72,7 @@ in { rights = mkOption { type = format.type; - description = lib.mdDoc '' + description = '' Configuration for Radicale's rights file. See <https://radicale.org/3.0.html#documentation/authentication-and-rights>. This option only works in conjunction with {option}`settings`. @@ -102,7 +102,7 @@ in { extraArgs = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc "Extra arguments passed to the Radicale daemon."; + description = "Extra arguments passed to the Radicale daemon."; }; }; @@ -200,5 +200,5 @@ in { }; }; - meta.maintainers = with lib.maintainers; [ infinisil dotlambda ]; + meta.maintainers = with lib.maintainers; [ dotlambda ]; } diff --git a/nixpkgs/nixos/modules/services/networking/radvd.nix b/nixpkgs/nixos/modules/services/networking/radvd.nix index 57aa21287050..4e3e501d2f59 100644 --- a/nixpkgs/nixos/modules/services/networking/radvd.nix +++ b/nixpkgs/nixos/modules/services/networking/radvd.nix @@ -21,8 +21,7 @@ in enable = mkOption { type = types.bool; default = false; - description = - lib.mdDoc '' + description = '' Whether to enable the Router Advertisement Daemon ({command}`radvd`), which provides link-local advertisements of IPv6 router addresses and prefixes using @@ -43,8 +42,7 @@ in prefix 2001:db8:1234:5678::/64 { }; }; ''; - description = - lib.mdDoc '' + description = '' The contents of the radvd configuration file. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/rdnssd.nix b/nixpkgs/nixos/modules/services/networking/rdnssd.nix index c63356e73468..726ba409a81a 100644 --- a/nixpkgs/nixos/modules/services/networking/rdnssd.nix +++ b/nixpkgs/nixos/modules/services/networking/rdnssd.nix @@ -20,8 +20,7 @@ in type = types.bool; default = false; #default = config.networking.enableIPv6; - description = - lib.mdDoc '' + description = '' Whether to enable the RDNSS daemon ({command}`rdnssd`), which configures DNS servers in {file}`/etc/resolv.conf` from RDNSS diff --git a/nixpkgs/nixos/modules/services/networking/redsocks.nix b/nixpkgs/nixos/modules/services/networking/redsocks.nix index 30d6a0a6336d..279e416c9c98 100644 --- a/nixpkgs/nixos/modules/services/networking/redsocks.nix +++ b/nixpkgs/nixos/modules/services/networking/redsocks.nix @@ -11,26 +11,25 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable redsocks."; + description = "Whether to enable redsocks."; }; log_debug = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Log connection progress."; + description = "Log connection progress."; }; log_info = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Log start and end of client sessions."; + description = "Log start and end of client sessions."; }; log = mkOption { type = types.str; default = "stderr"; - description = - lib.mdDoc '' + description = '' Where to send logs. Possible values are: @@ -44,16 +43,14 @@ in chroot = mkOption { type = with types; nullOr str; default = null; - description = - lib.mdDoc '' + description = '' Chroot under which to run redsocks. Log file is opened before chroot, but if logging to syslog /etc/localtime may be required. ''; }; redsocks = mkOption { - description = - lib.mdDoc '' + description = '' Local port to proxy associations to be performed. The example shows how to configure a proxy to handle port 80 as HTTP @@ -73,8 +70,7 @@ in ip = mkOption { type = types.str; default = "127.0.0.1"; - description = - lib.mdDoc '' + description = '' IP on which redsocks should listen. Defaults to 127.0.0.1 for security reasons. ''; @@ -83,13 +79,12 @@ in port = mkOption { type = types.port; default = 12345; - description = lib.mdDoc "Port on which redsocks should listen."; + description = "Port on which redsocks should listen."; }; proxy = mkOption { type = types.str; - description = - lib.mdDoc '' + description = '' Proxy through which redsocks should forward incoming traffic. Example: "example.org:8080" ''; @@ -97,20 +92,19 @@ in type = mkOption { type = types.enum [ "socks4" "socks5" "http-connect" "http-relay" ]; - description = lib.mdDoc "Type of proxy."; + description = "Type of proxy."; }; login = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc "Login to send to proxy."; + description = "Login to send to proxy."; }; password = mkOption { type = with types; nullOr str; default = null; - description = - lib.mdDoc '' + description = '' Password to send to proxy. WARNING, this will end up world-readable in the store! Awaiting https://github.com/NixOS/nix/issues/8 to be able to fix. @@ -121,8 +115,7 @@ in type = types.enum [ "false" "X-Forwarded-For" "Forwarded_ip" "Forwarded_ipport" ]; default = "false"; - description = - lib.mdDoc '' + description = '' Way to disclose client IP to the proxy. - "false": do not disclose @@ -136,14 +129,13 @@ in redirectInternetOnly = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Exclude all non-globally-routable IPs from redsocks"; + description = "Exclude all non-globally-routable IPs from redsocks"; }; doNotRedirect = mkOption { type = with types; listOf str; default = []; - description = - lib.mdDoc '' + description = '' Iptables filters that if matched will get the packet off of redsocks. ''; @@ -153,8 +145,7 @@ in redirectCondition = mkOption { type = with types; either bool str; default = false; - description = - lib.mdDoc '' + description = '' Conditions to make outbound packets go through this redsocks instance. diff --git a/nixpkgs/nixos/modules/services/networking/resilio.nix b/nixpkgs/nixos/modules/services/networking/resilio.nix index 7f6358d00d0b..395796d39db8 100644 --- a/nixpkgs/nixos/modules/services/networking/resilio.nix +++ b/nixpkgs/nixos/modules/services/networking/resilio.nix @@ -76,7 +76,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' If enabled, start the Resilio Sync daemon. Once enabled, you can interact with the service through the Web UI, or configure it in your NixOS configuration. @@ -88,7 +88,7 @@ in example = "Voltron"; default = config.networking.hostName; defaultText = literalExpression "config.networking.hostName"; - description = lib.mdDoc '' + description = '' Name of the Resilio Sync device. ''; }; @@ -97,7 +97,7 @@ in type = types.int; default = 0; example = 44444; - description = lib.mdDoc '' + description = '' Listening port. Defaults to 0 which randomizes the port. ''; }; @@ -105,7 +105,7 @@ in checkForUpdates = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Determines whether to check for updates and alert the user about them in the UI. ''; @@ -114,7 +114,7 @@ in useUpnp = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Use Universal Plug-n-Play (UPnP) ''; }; @@ -123,7 +123,7 @@ in type = types.int; default = 0; example = 1024; - description = lib.mdDoc '' + description = '' Download speed limit. 0 is unlimited (default). ''; }; @@ -132,7 +132,7 @@ in type = types.int; default = 0; example = 1024; - description = lib.mdDoc '' + description = '' Upload speed limit. 0 is unlimited (default). ''; }; @@ -141,7 +141,7 @@ in type = types.str; default = "[::1]"; example = "0.0.0.0"; - description = lib.mdDoc '' + description = '' HTTP address to bind to. ''; }; @@ -149,7 +149,7 @@ in httpListenPort = mkOption { type = types.int; default = 9000; - description = lib.mdDoc '' + description = '' HTTP port to bind on. ''; }; @@ -158,7 +158,7 @@ in type = types.str; example = "allyourbase"; default = ""; - description = lib.mdDoc '' + description = '' HTTP web login username. ''; }; @@ -167,7 +167,7 @@ in type = types.str; example = "arebelongtous"; default = ""; - description = lib.mdDoc '' + description = '' HTTP web login password. ''; }; @@ -175,13 +175,13 @@ in encryptLAN = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Encrypt LAN data."; + description = "Encrypt LAN data."; }; enableWebUI = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable Web UI for administration. Bound to the specified `httpListenAddress` and `httpListenPort`. @@ -191,7 +191,7 @@ in storagePath = mkOption { type = types.path; default = "/var/lib/resilio-sync/"; - description = lib.mdDoc '' + description = '' Where BitTorrent Sync will store it's database files (containing things like username info and licenses). Generally, you should not need to ever change this. @@ -201,14 +201,14 @@ in apiKey = mkOption { type = types.str; default = ""; - description = lib.mdDoc "API key, which enables the developer API."; + description = "API key, which enables the developer API."; }; directoryRoot = mkOption { type = types.str; default = ""; example = "/media"; - description = lib.mdDoc "Default directory to add folders in the web UI."; + description = "Default directory to add folders in the web UI."; }; sharedFolders = mkOption { @@ -228,7 +228,7 @@ in ]; } ]; - description = lib.mdDoc '' + description = '' Shared folder list. If enabled, web UI must be disabled. Secrets can be generated using `rslsync --generate-secret`. diff --git a/nixpkgs/nixos/modules/services/networking/robustirc-bridge.nix b/nixpkgs/nixos/modules/services/networking/robustirc-bridge.nix index 9b93828c396c..8bd7b12a9d71 100644 --- a/nixpkgs/nixos/modules/services/networking/robustirc-bridge.nix +++ b/nixpkgs/nixos/modules/services/networking/robustirc-bridge.nix @@ -8,12 +8,12 @@ in { options = { services.robustirc-bridge = { - enable = mkEnableOption (lib.mdDoc "RobustIRC bridge"); + enable = mkEnableOption "RobustIRC bridge"; extraFlags = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc ''Extra flags passed to the {command}`robustirc-bridge` command. See [RobustIRC Documentation](https://robustirc.net/docs/adminguide.html#_bridge) or robustirc-bridge(1) for details.''; + description = ''Extra flags passed to the {command}`robustirc-bridge` command. See [RobustIRC Documentation](https://robustirc.net/docs/adminguide.html#_bridge) or robustirc-bridge(1) for details.''; example = [ "-network robustirc.net" ]; diff --git a/nixpkgs/nixos/modules/services/networking/rosenpass.nix b/nixpkgs/nixos/modules/services/networking/rosenpass.nix index 487cb6f60142..373a6c769079 100644 --- a/nixpkgs/nixos/modules/services/networking/rosenpass.nix +++ b/nixpkgs/nixos/modules/services/networking/rosenpass.nix @@ -13,7 +13,6 @@ let filterAttrsRecursive flatten getExe - mdDoc mkIf optional ; @@ -27,7 +26,6 @@ in let inherit (lib) literalExpression - mdDoc mkOption ; inherit (lib.types) @@ -40,13 +38,13 @@ in ; in { - enable = lib.mkEnableOption (mdDoc "Rosenpass"); + enable = lib.mkEnableOption "Rosenpass"; package = lib.mkPackageOption pkgs "rosenpass" { }; defaultDevice = mkOption { type = nullOr str; - description = mdDoc "Name of the network interface to use for all peers by default."; + description = "Name of the network interface to use for all peers by default."; example = "wg0"; }; @@ -57,17 +55,17 @@ in options = { public_key = mkOption { type = path; - description = mdDoc "Path to a file containing the public key of the local Rosenpass peer. Generate this by running {command}`rosenpass gen-keys`."; + description = "Path to a file containing the public key of the local Rosenpass peer. Generate this by running {command}`rosenpass gen-keys`."; }; secret_key = mkOption { type = path; - description = mdDoc "Path to a file containing the secret key of the local Rosenpass peer. Generate this by running {command}`rosenpass gen-keys`."; + description = "Path to a file containing the secret key of the local Rosenpass peer. Generate this by running {command}`rosenpass gen-keys`."; }; listen = mkOption { type = listOf str; - description = mdDoc "List of local endpoints to listen for connections."; + description = "List of local endpoints to listen for connections."; default = [ ]; example = literalExpression "[ \"0.0.0.0:10000\" ]"; }; @@ -75,7 +73,7 @@ in verbosity = mkOption { type = enum [ "Verbose" "Quiet" ]; default = "Quiet"; - description = mdDoc "Verbosity of output produced by the service."; + description = "Verbosity of output produced by the service."; }; peers = @@ -86,38 +84,38 @@ in options = { public_key = mkOption { type = path; - description = mdDoc "Path to a file containing the public key of the remote Rosenpass peer."; + description = "Path to a file containing the public key of the remote Rosenpass peer."; }; endpoint = mkOption { type = nullOr str; default = null; - description = mdDoc "Endpoint of the remote Rosenpass peer."; + description = "Endpoint of the remote Rosenpass peer."; }; device = mkOption { type = str; default = cfg.defaultDevice; defaultText = literalExpression "config.${opt.defaultDevice}"; - description = mdDoc "Name of the local WireGuard interface to use for this peer."; + description = "Name of the local WireGuard interface to use for this peer."; }; peer = mkOption { type = str; - description = mdDoc "WireGuard public key corresponding to the remote Rosenpass peer."; + description = "WireGuard public key corresponding to the remote Rosenpass peer."; }; }; }; in mkOption { type = listOf peer; - description = mdDoc "List of peers to exchange keys with."; + description = "List of peers to exchange keys with."; default = [ ]; }; }; }; default = { }; - description = mdDoc "Configuration for Rosenpass, see <https://rosenpass.eu/> for further information."; + description = "Configuration for Rosenpass, see <https://rosenpass.eu/> for further information."; }; }; @@ -133,21 +131,21 @@ in root = config.systemd.network.netdevs; peer = (x: x.wireguardPeers); key = (x: if x.wireguardPeerConfig ? PublicKey then x.wireguardPeerConfig.PublicKey else null); - description = mdDoc "${options.systemd.network.netdevs}.\"<name>\".wireguardPeers.*.wireguardPeerConfig.PublicKey"; + description = "${options.systemd.network.netdevs}.\"<name>\".wireguardPeers.*.wireguardPeerConfig.PublicKey"; } { relevant = config.networking.wireguard.enable; root = config.networking.wireguard.interfaces; peer = (x: x.peers); key = (x: x.publicKey); - description = mdDoc "${options.networking.wireguard.interfaces}.\"<name>\".peers.*.publicKey"; + description = "${options.networking.wireguard.interfaces}.\"<name>\".peers.*.publicKey"; } rec { relevant = root != { }; root = config.networking.wg-quick.interfaces; peer = (x: x.peers); key = (x: x.publicKey); - description = mdDoc "${options.networking.wg-quick.interfaces}.\"<name>\".peers.*.publicKey"; + description = "${options.networking.wg-quick.interfaces}.\"<name>\".peers.*.publicKey"; } ]; relevantExtractions = filter (x: x.relevant) extractions; diff --git a/nixpkgs/nixos/modules/services/networking/routedns.nix b/nixpkgs/nixos/modules/services/networking/routedns.nix index 126539702438..e3047a29280a 100644 --- a/nixpkgs/nixos/modules/services/networking/routedns.nix +++ b/nixpkgs/nixos/modules/services/networking/routedns.nix @@ -12,7 +12,7 @@ let in { options.services.routedns = { - enable = mkEnableOption (lib.mdDoc "RouteDNS - DNS stub resolver, proxy and router"); + enable = mkEnableOption "RouteDNS - DNS stub resolver, proxy and router"; settings = mkOption { type = settingsFormat.type; @@ -38,7 +38,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' Configuration for RouteDNS, see <https://github.com/folbricht/routedns/blob/master/doc/configuration.md> for more information. ''; @@ -49,7 +49,7 @@ in defaultText = "A RouteDNS configuration file automatically generated by values from services.routedns.*"; type = types.path; example = literalExpression ''"''${pkgs.routedns}/cmd/routedns/example-config/use-case-1.toml"''; - description = lib.mdDoc "Path to RouteDNS TOML configuration file."; + description = "Path to RouteDNS TOML configuration file."; }; package = mkPackageOption pkgs "routedns" { }; diff --git a/nixpkgs/nixos/modules/services/networking/rpcbind.nix b/nixpkgs/nixos/modules/services/networking/rpcbind.nix index 63c4859fbd07..e7814e7cdee5 100644 --- a/nixpkgs/nixos/modules/services/networking/rpcbind.nix +++ b/nixpkgs/nixos/modules/services/networking/rpcbind.nix @@ -13,7 +13,7 @@ with lib; enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable `rpcbind`, an ONC RPC directory service notably used by NFS and NIS, and which can be queried using the rpcinfo(1) command. `rpcbind` is a replacement for diff --git a/nixpkgs/nixos/modules/services/networking/rxe.nix b/nixpkgs/nixos/modules/services/networking/rxe.nix index 07437ed71195..2f283c3767fa 100644 --- a/nixpkgs/nixos/modules/services/networking/rxe.nix +++ b/nixpkgs/nixos/modules/services/networking/rxe.nix @@ -10,12 +10,12 @@ in { options = { networking.rxe = { - enable = mkEnableOption (lib.mdDoc "RDMA over converged ethernet"); + enable = mkEnableOption "RDMA over converged ethernet"; interfaces = mkOption { type = types.listOf types.str; default = [ ]; example = [ "eth0" ]; - description = lib.mdDoc '' + description = '' Enable RDMA on the listed interfaces. The corresponding virtual RDMA interfaces will be named rxe_\<interface\>. UDP port 4791 must be open on the respective ethernet interfaces. diff --git a/nixpkgs/nixos/modules/services/networking/sabnzbd.nix b/nixpkgs/nixos/modules/services/networking/sabnzbd.nix index 2f0d17ad3d17..10b3a8cd5976 100644 --- a/nixpkgs/nixos/modules/services/networking/sabnzbd.nix +++ b/nixpkgs/nixos/modules/services/networking/sabnzbd.nix @@ -15,32 +15,32 @@ in options = { services.sabnzbd = { - enable = mkEnableOption (lib.mdDoc "the sabnzbd server"); + enable = mkEnableOption "the sabnzbd server"; package = mkPackageOption pkgs "sabnzbd" { }; configFile = mkOption { type = types.path; default = "/var/lib/sabnzbd/sabnzbd.ini"; - description = lib.mdDoc "Path to config file."; + description = "Path to config file."; }; user = mkOption { default = "sabnzbd"; type = types.str; - description = lib.mdDoc "User to run the service as"; + description = "User to run the service as"; }; group = mkOption { type = types.str; default = "sabnzbd"; - description = lib.mdDoc "Group to run the service as"; + description = "Group to run the service as"; }; openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Open ports in the firewall for the sabnzbd web interface ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/scion/scion-control.nix b/nixpkgs/nixos/modules/services/networking/scion/scion-control.nix index fdf3a9ba3cc1..c3a22039aa52 100644 --- a/nixpkgs/nixos/modules/services/networking/scion/scion-control.nix +++ b/nixpkgs/nixos/modules/services/networking/scion/scion-control.nix @@ -28,7 +28,7 @@ let in { options.services.scion.scion-control = { - enable = mkEnableOption (lib.mdDoc "the scion-control service"); + enable = mkEnableOption "the scion-control service"; settings = mkOption { default = { }; type = toml.type; @@ -42,7 +42,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' scion-control configuration. Refer to <https://docs.scion.org/en/latest/manuals/common.html> for details on supported values. diff --git a/nixpkgs/nixos/modules/services/networking/scion/scion-daemon.nix b/nixpkgs/nixos/modules/services/networking/scion/scion-daemon.nix index 0bcc18771fc3..53b56841c392 100644 --- a/nixpkgs/nixos/modules/services/networking/scion/scion-daemon.nix +++ b/nixpkgs/nixos/modules/services/networking/scion/scion-daemon.nix @@ -25,7 +25,7 @@ let in { options.services.scion.scion-daemon = { - enable = mkEnableOption (lib.mdDoc "the scion-daemon service"); + enable = mkEnableOption "the scion-daemon service"; settings = mkOption { default = { }; type = toml.type; @@ -39,7 +39,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' scion-daemon configuration. Refer to <https://docs.scion.org/en/latest/manuals/common.html> for details on supported values. diff --git a/nixpkgs/nixos/modules/services/networking/scion/scion-dispatcher.nix b/nixpkgs/nixos/modules/services/networking/scion/scion-dispatcher.nix index bab1ec0a989b..05d1fd0782af 100644 --- a/nixpkgs/nixos/modules/services/networking/scion/scion-dispatcher.nix +++ b/nixpkgs/nixos/modules/services/networking/scion/scion-dispatcher.nix @@ -19,7 +19,7 @@ let in { options.services.scion.scion-dispatcher = { - enable = mkEnableOption (lib.mdDoc "the scion-dispatcher service"); + enable = mkEnableOption "the scion-dispatcher service"; settings = mkOption { default = { }; type = toml.type; @@ -35,7 +35,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' scion-dispatcher configuration. Refer to <https://docs.scion.org/en/latest/manuals/common.html> for details on supported values. diff --git a/nixpkgs/nixos/modules/services/networking/scion/scion-router.nix b/nixpkgs/nixos/modules/services/networking/scion/scion-router.nix index cbe83c6dbf8d..488dfd12b3a5 100644 --- a/nixpkgs/nixos/modules/services/networking/scion/scion-router.nix +++ b/nixpkgs/nixos/modules/services/networking/scion/scion-router.nix @@ -15,7 +15,7 @@ let in { options.services.scion.scion-router = { - enable = mkEnableOption (lib.mdDoc "the scion-router service"); + enable = mkEnableOption "the scion-router service"; settings = mkOption { default = { }; type = toml.type; @@ -24,7 +24,7 @@ in general.id = "br"; } ''; - description = lib.mdDoc '' + description = '' scion-router configuration. Refer to <https://docs.scion.org/en/latest/manuals/common.html> for details on supported values. diff --git a/nixpkgs/nixos/modules/services/networking/scion/scion.nix b/nixpkgs/nixos/modules/services/networking/scion/scion.nix index 704f942b5d9e..5e3445edbb89 100644 --- a/nixpkgs/nixos/modules/services/networking/scion/scion.nix +++ b/nixpkgs/nixos/modules/services/networking/scion/scion.nix @@ -7,11 +7,11 @@ let in { options.services.scion = { - enable = mkEnableOption (lib.mdDoc "all of the scion components and services"); + enable = mkEnableOption "all of the scion components and services"; bypassBootstrapWarning = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' bypass Nix warning about SCION PKI bootstrapping ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/seafile.nix b/nixpkgs/nixos/modules/services/networking/seafile.nix index b2d12234900a..486bc145cd5d 100644 --- a/nixpkgs/nixos/modules/services/networking/seafile.nix +++ b/nixpkgs/nixos/modules/services/networking/seafile.nix @@ -38,7 +38,7 @@ in ###### Interface options.services.seafile = { - enable = mkEnableOption (lib.mdDoc "Seafile server"); + enable = mkEnableOption "Seafile server"; ccnetSettings = mkOption { type = types.submodule { @@ -49,7 +49,7 @@ in SERVICE_URL = mkOption { type = types.str; example = "https://www.example.com"; - description = lib.mdDoc '' + description = '' Seahub public URL. ''; }; @@ -57,7 +57,7 @@ in }; }; default = { }; - description = lib.mdDoc '' + description = '' Configuration for ccnet, see <https://manual.seafile.com/config/ccnet-conf/> for supported values. @@ -73,7 +73,7 @@ in port = mkOption { type = types.port; default = 8082; - description = lib.mdDoc '' + description = '' The tcp port used by seafile fileserver. ''; }; @@ -81,7 +81,7 @@ in type = types.str; default = "127.0.0.1"; example = "0.0.0.0"; - description = lib.mdDoc '' + description = '' The binding address used by seafile fileserver. ''; }; @@ -89,7 +89,7 @@ in }; }; default = { }; - description = lib.mdDoc '' + description = '' Configuration for seafile-server, see <https://manual.seafile.com/config/seafile-conf/> for supported values. @@ -100,7 +100,7 @@ in type = types.int; default = 4; example = 10; - description = lib.mdDoc '' + description = '' The number of gunicorn worker processes for handling requests. ''; }; @@ -108,7 +108,7 @@ in adminEmail = mkOption { example = "john@example.com"; type = types.str; - description = lib.mdDoc '' + description = '' Seafile Seahub Admin Account Email. ''; }; @@ -116,7 +116,7 @@ in initialAdminPassword = mkOption { example = "someStrongPass"; type = types.str; - description = lib.mdDoc '' + description = '' Seafile Seahub Admin Account initial password. Should be change via Seahub web front-end. ''; @@ -127,7 +127,7 @@ in seahubExtraConf = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Extra config to append to `seahub_settings.py` file. Refer to <https://manual.seafile.com/config/seahub_settings_py/> for all available options. diff --git a/nixpkgs/nixos/modules/services/networking/searx.nix b/nixpkgs/nixos/modules/services/networking/searx.nix index 5bbf875f0d57..15bb097d23fd 100644 --- a/nixpkgs/nixos/modules/services/networking/searx.nix +++ b/nixpkgs/nixos/modules/services/networking/searx.nix @@ -49,13 +49,13 @@ in type = types.bool; default = false; relatedPackages = [ "searx" ]; - description = lib.mdDoc "Whether to enable Searx, the meta search engine."; + description = "Whether to enable Searx, the meta search engine."; }; environmentFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Environment file (see `systemd.exec(5)` "EnvironmentFile=" section for the syntax) to define variables for Searx. This option can be used to safely include secret keys into the @@ -66,7 +66,7 @@ in redisCreateLocally = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Configure a local Redis server for SearXNG. This is required if you want to enable the rate limiter and bot protection of SearXNG. ''; @@ -88,7 +88,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' Searx settings. These will be merged with (taking precedence over) the default configuration. It's also possible to refer to environment variables @@ -105,7 +105,7 @@ in settingsFile = mkOption { type = types.path; default = "${runDir}/settings.yml"; - description = lib.mdDoc '' + description = '' The path of the Searx server settings.yml file. If no file is specified, a default file is used (default config file has debug mode enabled). Note: setting this options overrides @@ -133,7 +133,7 @@ in ]; } ''; - description = lib.mdDoc '' + description = '' Limiter settings for SearXNG. ::: {.note} @@ -148,7 +148,7 @@ in runInUwsgi = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to run searx in uWSGI as a "vassal", instead of using its built-in HTTP server. This is the recommended mode for public or large instances, but is unnecessary for LAN or local-only use. @@ -170,7 +170,7 @@ in chmod-socket = "660"; # allow the searx group to read/write to the socket } ''; - description = lib.mdDoc '' + description = '' Additional configuration of the uWSGI vassal running searx. It should notably specify on which interfaces and ports the vassal should listen. diff --git a/nixpkgs/nixos/modules/services/networking/shadowsocks.nix b/nixpkgs/nixos/modules/services/networking/shadowsocks.nix index 2034dca6f26b..2f6f40f2b0f6 100644 --- a/nixpkgs/nixos/modules/services/networking/shadowsocks.nix +++ b/nixpkgs/nixos/modules/services/networking/shadowsocks.nix @@ -34,7 +34,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to run shadowsocks-libev shadowsocks server. ''; }; @@ -42,7 +42,7 @@ in localAddress = mkOption { type = types.coercedTo types.str singleton (types.listOf types.str); default = [ "[::0]" "0.0.0.0" ]; - description = lib.mdDoc '' + description = '' Local addresses to which the server binds. ''; }; @@ -50,7 +50,7 @@ in port = mkOption { type = types.port; default = 8388; - description = lib.mdDoc '' + description = '' Port which the server uses. ''; }; @@ -58,7 +58,7 @@ in password = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Password for connecting clients. ''; }; @@ -66,7 +66,7 @@ in passwordFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Password file with a password for connecting clients. ''; }; @@ -74,7 +74,7 @@ in mode = mkOption { type = types.enum [ "tcp_only" "tcp_and_udp" "udp_only" ]; default = "tcp_and_udp"; - description = lib.mdDoc '' + description = '' Relay protocols. ''; }; @@ -82,7 +82,7 @@ in fastOpen = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' use TCP fast-open ''; }; @@ -90,7 +90,7 @@ in encryptionMethod = mkOption { type = types.str; default = "chacha20-ietf-poly1305"; - description = lib.mdDoc '' + description = '' Encryption method. See <https://github.com/shadowsocks/shadowsocks-org/wiki/AEAD-Ciphers>. ''; }; @@ -99,7 +99,7 @@ in type = types.nullOr types.str; default = null; example = literalExpression ''"''${pkgs.shadowsocks-v2ray-plugin}/bin/v2ray-plugin"''; - description = lib.mdDoc '' + description = '' SIP003 plugin for shadowsocks ''; }; @@ -108,7 +108,7 @@ in type = types.str; default = ""; example = "server;host=example.com"; - description = lib.mdDoc '' + description = '' Options to pass to the plugin if one was specified ''; }; @@ -119,7 +119,7 @@ in example = { nameserver = "8.8.8.8"; }; - description = lib.mdDoc '' + description = '' Additional configuration for shadowsocks that is not covered by the provided options. The provided attrset will be serialized to JSON and has to contain valid shadowsocks options. Unfortunately most @@ -136,10 +136,16 @@ in ###### implementation config = mkIf cfg.enable { - assertions = singleton - { assertion = cfg.password == null || cfg.passwordFile == null; - message = "Cannot use both password and passwordFile for shadowsocks-libev"; - }; + assertions = [ + { + # xor, make sure either password or passwordFile be set. + # shadowsocks-libev not support plain/none encryption method + # which indicated that password must set. + assertion = let noPasswd = cfg.password == null; noPasswdFile = cfg.passwordFile == null; + in (noPasswd && !noPasswdFile) || (!noPasswd && noPasswdFile); + message = "Option `password` or `passwordFile` must be set and cannot be set simultaneously"; + } + ]; systemd.services.shadowsocks-libev = { description = "shadowsocks-libev Daemon"; diff --git a/nixpkgs/nixos/modules/services/networking/shairport-sync.nix b/nixpkgs/nixos/modules/services/networking/shairport-sync.nix index 75684eea3ad1..eb61663e4d92 100644 --- a/nixpkgs/nixos/modules/services/networking/shairport-sync.nix +++ b/nixpkgs/nixos/modules/services/networking/shairport-sync.nix @@ -19,7 +19,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable the shairport-sync daemon. Running with a local system-wide or remote pulseaudio server @@ -30,7 +30,7 @@ in arguments = mkOption { type = types.str; default = "-v -o pa"; - description = lib.mdDoc '' + description = '' Arguments to pass to the daemon. Defaults to a local pulseaudio server. ''; @@ -39,7 +39,7 @@ in openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to automatically open ports in the firewall. ''; }; @@ -47,7 +47,7 @@ in user = mkOption { type = types.str; default = "shairport"; - description = lib.mdDoc '' + description = '' User account name under which to run shairport-sync. The account will be created. ''; @@ -56,7 +56,7 @@ in group = mkOption { type = types.str; default = "shairport"; - description = lib.mdDoc '' + description = '' Group account name under which to run shairport-sync. The account will be created. ''; diff --git a/nixpkgs/nixos/modules/services/networking/shellhub-agent.nix b/nixpkgs/nixos/modules/services/networking/shellhub-agent.nix index ad33c50f9d63..57825945d9f7 100644 --- a/nixpkgs/nixos/modules/services/networking/shellhub-agent.nix +++ b/nixpkgs/nixos/modules/services/networking/shellhub-agent.nix @@ -12,14 +12,14 @@ in services.shellhub-agent = { - enable = mkEnableOption (lib.mdDoc "ShellHub Agent daemon"); + enable = mkEnableOption "ShellHub Agent daemon"; package = mkPackageOption pkgs "shellhub-agent" { }; preferredHostname = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Set the device preferred hostname. This provides a hint to the server to use this as hostname if it is available. ''; @@ -28,7 +28,7 @@ in keepAliveInterval = mkOption { type = types.int; default = 30; - description = lib.mdDoc '' + description = '' Determine the interval to send the keep alive message to the server. This has a direct impact of the bandwidth used by the device. @@ -38,7 +38,7 @@ in tenantId = mkOption { type = types.str; example = "ba0a880c-2ada-11eb-a35e-17266ef329d6"; - description = lib.mdDoc '' + description = '' The tenant ID to use when connecting to the ShellHub Gateway. ''; @@ -47,7 +47,7 @@ in server = mkOption { type = types.str; default = "https://cloud.shellhub.io"; - description = lib.mdDoc '' + description = '' Server address of ShellHub Gateway to connect. ''; }; @@ -55,7 +55,7 @@ in privateKey = mkOption { type = types.path; default = "/var/lib/shellhub-agent/private.key"; - description = lib.mdDoc '' + description = '' Location where to store the ShellHub Agent private key. ''; diff --git a/nixpkgs/nixos/modules/services/networking/shorewall.nix b/nixpkgs/nixos/modules/services/networking/shorewall.nix index ba59d71120da..05087aaa8b3b 100644 --- a/nixpkgs/nixos/modules/services/networking/shorewall.nix +++ b/nixpkgs/nixos/modules/services/networking/shorewall.nix @@ -8,7 +8,7 @@ in { enable = lib.mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable Shorewall IPv4 Firewall. ::: {.warning} @@ -22,12 +22,12 @@ in { type = types.package; default = pkgs.shorewall; defaultText = lib.literalExpression "pkgs.shorewall"; - description = lib.mdDoc "The shorewall package to use."; + description = "The shorewall package to use."; }; configs = lib.mkOption { type = types.attrsOf types.lines; default = {}; - description = lib.mdDoc '' + description = '' This option defines the Shorewall configs. The attribute name defines the name of the config, and the attribute value defines the content of the config. diff --git a/nixpkgs/nixos/modules/services/networking/shorewall6.nix b/nixpkgs/nixos/modules/services/networking/shorewall6.nix index e54be290bfb3..1eab3284d15f 100644 --- a/nixpkgs/nixos/modules/services/networking/shorewall6.nix +++ b/nixpkgs/nixos/modules/services/networking/shorewall6.nix @@ -8,7 +8,7 @@ in { enable = lib.mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable Shorewall IPv6 Firewall. ::: {.warning} @@ -22,12 +22,12 @@ in { type = types.package; default = pkgs.shorewall; defaultText = lib.literalExpression "pkgs.shorewall"; - description = lib.mdDoc "The shorewall package to use."; + description = "The shorewall package to use."; }; configs = lib.mkOption { type = types.attrsOf types.lines; default = {}; - description = lib.mdDoc '' + description = '' This option defines the Shorewall configs. The attribute name defines the name of the config, and the attribute value defines the content of the config. diff --git a/nixpkgs/nixos/modules/services/networking/shout.nix b/nixpkgs/nixos/modules/services/networking/shout.nix index 0b1687d44d9e..017b8590197a 100644 --- a/nixpkgs/nixos/modules/services/networking/shout.nix +++ b/nixpkgs/nixos/modules/services/networking/shout.nix @@ -23,12 +23,12 @@ let in { options.services.shout = { - enable = mkEnableOption (lib.mdDoc "Shout web IRC client"); + enable = mkEnableOption "Shout web IRC client"; private = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Make your shout instance private. You will need to configure user accounts by adding entries in {file}`${shoutHome}/users`. ''; @@ -37,19 +37,19 @@ in { listenAddress = mkOption { type = types.str; default = "0.0.0.0"; - description = lib.mdDoc "IP interface to listen on for http connections."; + description = "IP interface to listen on for http connections."; }; port = mkOption { type = types.port; default = 9000; - description = lib.mdDoc "TCP port to listen on for http connections."; + description = "TCP port to listen on for http connections."; }; configFile = mkOption { type = types.nullOr types.lines; default = null; - description = lib.mdDoc '' + description = '' Contents of Shout's {file}`config.js` file. Used for backward compatibility, recommended way is now to use @@ -70,7 +70,7 @@ in { port = 6697; }; }; - description = lib.mdDoc '' + description = '' Shout {file}`config.js` contents as attribute set (will be converted to JSON to generate the configuration file). diff --git a/nixpkgs/nixos/modules/services/networking/sing-box.nix b/nixpkgs/nixos/modules/services/networking/sing-box.nix index ea7363713601..9f09e528e74d 100644 --- a/nixpkgs/nixos/modules/services/networking/sing-box.nix +++ b/nixpkgs/nixos/modules/services/networking/sing-box.nix @@ -11,7 +11,7 @@ in options = { services.sing-box = { - enable = lib.mkEnableOption (lib.mdDoc "sing-box universal proxy platform"); + enable = lib.mkEnableOption "sing-box universal proxy platform"; package = lib.mkPackageOption pkgs "sing-box" { }; @@ -24,7 +24,7 @@ in type = lib.types.path; default = "${pkgs.sing-geoip}/share/sing-box/geoip.db"; defaultText = lib.literalExpression "\${pkgs.sing-geoip}/share/sing-box/geoip.db"; - description = lib.mdDoc '' + description = '' The path to the sing-geoip database. ''; }; @@ -32,7 +32,7 @@ in type = lib.types.path; default = "${pkgs.sing-geosite}/share/sing-box/geosite.db"; defaultText = lib.literalExpression "\${pkgs.sing-geosite}/share/sing-box/geosite.db"; - description = lib.mdDoc '' + description = '' The path to the sing-geosite database. ''; }; @@ -40,7 +40,7 @@ in }; }; default = { }; - description = lib.mdDoc '' + description = '' The sing-box configuration, see https://sing-box.sagernet.org/configuration/ for documentation. Options containing secret data should be set to an attribute set diff --git a/nixpkgs/nixos/modules/services/networking/sitespeed-io.nix b/nixpkgs/nixos/modules/services/networking/sitespeed-io.nix index f7eab0bb19d7..2af12ac0be52 100644 --- a/nixpkgs/nixos/modules/services/networking/sitespeed-io.nix +++ b/nixpkgs/nixos/modules/services/networking/sitespeed-io.nix @@ -5,38 +5,38 @@ let in { options.services.sitespeed-io = { - enable = lib.mkEnableOption (lib.mdDoc "Sitespeed.io"); + enable = lib.mkEnableOption "Sitespeed.io"; user = lib.mkOption { type = lib.types.str; default = "sitespeed-io"; - description = lib.mdDoc "User account under which sitespeed-io runs."; + description = "User account under which sitespeed-io runs."; }; package = lib.mkOption { type = lib.types.package; default = pkgs.sitespeed-io; defaultText = "pkgs.sitespeed-io"; - description = lib.mdDoc "Sitespeed.io package to use."; + description = "Sitespeed.io package to use."; }; dataDir = lib.mkOption { default = "/var/lib/sitespeed-io"; type = lib.types.str; - description = lib.mdDoc "The base sitespeed-io data directory."; + description = "The base sitespeed-io data directory."; }; period = lib.mkOption { type = lib.types.str; default = "hourly"; - description = lib.mdDoc '' + description = '' Systemd calendar expression when to run. See {manpage}`systemd.time(7)`. ''; }; runs = lib.mkOption { default = [ ]; - description = lib.mdDoc '' + description = '' A list of run configurations. The service will call sitespeed-io once for every run listed here. This lets you examine different websites with different sitespeed-io settings. @@ -46,7 +46,7 @@ in urls = lib.mkOption { type = with lib.types; listOf str; default = []; - description = lib.mdDoc '' + description = '' URLs the service should monitor. ''; }; @@ -57,7 +57,7 @@ in options = { }; }; default = { }; - description = lib.mdDoc '' + description = '' Configuration for sitespeed-io, see <https://www.sitespeed.io/documentation/sitespeed.io/configuration/> for available options. The value here will be directly transformed to @@ -68,7 +68,7 @@ in extraArgs = lib.mkOption { type = with lib.types; listOf str; default = []; - description = lib.mdDoc '' + description = '' Extra command line arguments to pass to the program. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/skydns.nix b/nixpkgs/nixos/modules/services/networking/skydns.nix index 0514bff2767e..8c38a5fa6420 100644 --- a/nixpkgs/nixos/modules/services/networking/skydns.nix +++ b/nixpkgs/nixos/modules/services/networking/skydns.nix @@ -7,51 +7,51 @@ let in { options.services.skydns = { - enable = mkEnableOption (lib.mdDoc "skydns service"); + enable = mkEnableOption "skydns service"; etcd = { machines = mkOption { default = [ "http://127.0.0.1:2379" ]; type = types.listOf types.str; - description = lib.mdDoc "Skydns list of etcd endpoints to connect to."; + description = "Skydns list of etcd endpoints to connect to."; }; tlsKey = mkOption { default = null; type = types.nullOr types.path; - description = lib.mdDoc "Skydns path of TLS client certificate - private key."; + description = "Skydns path of TLS client certificate - private key."; }; tlsPem = mkOption { default = null; type = types.nullOr types.path; - description = lib.mdDoc "Skydns path of TLS client certificate - public key."; + description = "Skydns path of TLS client certificate - public key."; }; caCert = mkOption { default = null; type = types.nullOr types.path; - description = lib.mdDoc "Skydns path of TLS certificate authority public key."; + description = "Skydns path of TLS certificate authority public key."; }; }; address = mkOption { default = "0.0.0.0:53"; type = types.str; - description = lib.mdDoc "Skydns address to bind to."; + description = "Skydns address to bind to."; }; domain = mkOption { default = "skydns.local."; type = types.str; - description = lib.mdDoc "Skydns default domain if not specified by etcd config."; + description = "Skydns default domain if not specified by etcd config."; }; nameservers = mkOption { default = map (n: n + ":53") config.networking.nameservers; defaultText = literalExpression ''map (n: n + ":53") config.networking.nameservers''; type = types.listOf types.str; - description = lib.mdDoc "Skydns list of nameservers to forward DNS requests to when not authoritative for a domain."; + description = "Skydns list of nameservers to forward DNS requests to when not authoritative for a domain."; example = ["8.8.8.8:53" "8.8.4.4:53"]; }; @@ -60,7 +60,7 @@ in { extraConfig = mkOption { default = {}; type = types.attrsOf types.str; - description = lib.mdDoc "Skydns attribute set of extra config options passed as environment variables."; + description = "Skydns attribute set of extra config options passed as environment variables."; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/smartdns.nix b/nixpkgs/nixos/modules/services/networking/smartdns.nix index af8ee8b00c0a..dcae26333a2a 100644 --- a/nixpkgs/nixos/modules/services/networking/smartdns.nix +++ b/nixpkgs/nixos/modules/services/networking/smartdns.nix @@ -20,12 +20,12 @@ let } cfg.settings); in { options.services.smartdns = { - enable = mkEnableOption (lib.mdDoc "SmartDNS DNS server"); + enable = mkEnableOption "SmartDNS DNS server"; bindPort = mkOption { type = types.port; default = 53; - description = lib.mdDoc "DNS listening port number."; + description = "DNS listening port number."; }; settings = mkOption { @@ -42,7 +42,7 @@ in { speed-check-mode = "ping,tcp:80"; }; ''; - description = lib.mdDoc '' + description = '' A set that will be generated into configuration file, see the [SmartDNS README](https://github.com/pymumu/smartdns/blob/master/ReadMe_en.md#configuration-parameter) for details of configuration parameters. You could override the options here like {option}`services.smartdns.bindPort` by writing `settings.bind = ":5353 -no-rule -group example";`. ''; diff --git a/nixpkgs/nixos/modules/services/networking/smokeping.nix b/nixpkgs/nixos/modules/services/networking/smokeping.nix index 4ecf411c7496..38d6e4452c97 100644 --- a/nixpkgs/nixos/modules/services/networking/smokeping.nix +++ b/nixpkgs/nixos/modules/services/networking/smokeping.nix @@ -49,7 +49,7 @@ in { options = { services.smokeping = { - enable = mkEnableOption (lib.mdDoc "smokeping service"); + enable = mkEnableOption "smokeping service"; alertConfig = mkOption { type = types.lines; @@ -67,19 +67,19 @@ in pattern = >0%,*12*,>0%,*12*,>0% comment = loss 3 times in a row; ''; - description = lib.mdDoc "Configuration for alerts."; + description = "Configuration for alerts."; }; cgiUrl = mkOption { type = types.str; default = "http://${cfg.hostName}:${toString cfg.port}/smokeping.cgi"; defaultText = literalExpression ''"http://''${hostName}:''${toString port}/smokeping.cgi"''; example = "https://somewhere.example.com/smokeping.cgi"; - description = lib.mdDoc "URL to the smokeping cgi."; + description = "URL to the smokeping cgi."; }; config = mkOption { type = types.nullOr types.lines; default = null; - description = lib.mdDoc '' + description = '' Full smokeping config supplied by the user. Overrides and replaces any other configuration supplied. ''; @@ -112,28 +112,28 @@ in MAX 0.5 144 7200 MIN 0.5 144 7200 ''; - description = lib.mdDoc ''Configure the ping frequency and retention of the rrd files. + description = ''Configure the ping frequency and retention of the rrd files. Once set, changing the interval will require deletion or migration of all the collected data.''; }; extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Any additional customization not already included."; + description = "Any additional customization not already included."; }; hostName = mkOption { type = types.str; default = config.networking.fqdn; defaultText = literalExpression "config.networking.fqdn"; example = "somewhere.example.com"; - description = lib.mdDoc "DNS name for the urls generated in the cgi."; + description = "DNS name for the urls generated in the cgi."; }; imgUrl = mkOption { type = types.str; default = "cache"; defaultText = literalExpression ''"cache"''; example = "https://somewhere.example.com/cache"; - description = lib.mdDoc '' + description = '' Base url for images generated in the cgi. The default is a relative URL to ensure it works also when e.g. forwarding @@ -144,33 +144,33 @@ in type = types.enum [ "original" "absolute" "relative" ]; default = "relative"; example = "absolute"; - description = lib.mdDoc "DNS name for the urls generated in the cgi."; + description = "DNS name for the urls generated in the cgi."; }; mailHost = mkOption { type = types.str; default = ""; example = "localhost"; - description = lib.mdDoc "Use this SMTP server to send alerts"; + description = "Use this SMTP server to send alerts"; }; owner = mkOption { type = types.str; default = "nobody"; example = "Bob Foobawr"; - description = lib.mdDoc "Real name of the owner of the instance"; + description = "Real name of the owner of the instance"; }; ownerEmail = mkOption { type = types.str; default = "no-reply@${cfg.hostName}"; defaultText = literalExpression ''"no-reply@''${hostName}"''; example = "no-reply@yourdomain.com"; - description = lib.mdDoc "Email contact for owner"; + description = "Email contact for owner"; }; package = mkPackageOption pkgs "smokeping" { }; host = mkOption { type = types.nullOr types.str; default = "localhost"; example = "192.0.2.1"; # rfc5737 example IP for documentation - description = lib.mdDoc '' + description = '' Host/IP to bind to for the web server. Setting it to `null` skips passing the -h option to thttpd, @@ -180,7 +180,7 @@ in port = mkOption { type = types.port; default = 8081; - description = lib.mdDoc "TCP port to use for the web server."; + description = "TCP port to use for the web server."; }; presentationConfig = mkOption { type = types.lines; @@ -221,13 +221,13 @@ in "Last 10 Days" 10d "Last 360 Days" 360d ''; - description = lib.mdDoc "presentation graph style"; + description = "presentation graph style"; }; presentationTemplate = mkOption { type = types.str; default = "${pkgs.smokeping}/etc/basepage.html.dist"; defaultText = literalExpression ''"''${pkgs.smokeping}/etc/basepage.html.dist"''; - description = lib.mdDoc "Default page layout for the web UI."; + description = "Default page layout for the web UI."; }; probeConfig = mkOption { type = types.lines; @@ -241,19 +241,19 @@ in binary = ''${config.security.wrapperDir}/fping ''' ''; - description = lib.mdDoc "Probe configuration"; + description = "Probe configuration"; }; sendmail = mkOption { type = types.nullOr types.path; default = null; example = "/run/wrappers/bin/sendmail"; - description = lib.mdDoc "Use this sendmail compatible script to deliver alerts"; + description = "Use this sendmail compatible script to deliver alerts"; }; smokeMailTemplate = mkOption { type = types.str; default = "${cfg.package}/etc/smokemail.dist"; defaultText = literalExpression ''"''${package}/etc/smokemail.dist"''; - description = lib.mdDoc "Specify the smokemail template for alerts."; + description = "Specify the smokemail template for alerts."; }; targetConfig = mkOption { type = types.lines; @@ -271,17 +271,17 @@ in title = This host host = localhost ''; - description = lib.mdDoc "Target configuration"; + description = "Target configuration"; }; user = mkOption { type = types.str; default = "smokeping"; - description = lib.mdDoc "User that runs smokeping and (optionally) thttpd. A group of the same name will be created as well."; + description = "User that runs smokeping and (optionally) thttpd. A group of the same name will be created as well."; }; webService = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Enable a smokeping web interface"; + description = "Enable a smokeping web interface"; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/sniproxy.nix b/nixpkgs/nixos/modules/services/networking/sniproxy.nix index b805b7b44d72..adca5398e4ab 100644 --- a/nixpkgs/nixos/modules/services/networking/sniproxy.nix +++ b/nixpkgs/nixos/modules/services/networking/sniproxy.nix @@ -18,24 +18,24 @@ in options = { services.sniproxy = { - enable = mkEnableOption (lib.mdDoc "sniproxy server"); + enable = mkEnableOption "sniproxy server"; user = mkOption { type = types.str; default = "sniproxy"; - description = lib.mdDoc "User account under which sniproxy runs."; + description = "User account under which sniproxy runs."; }; group = mkOption { type = types.str; default = "sniproxy"; - description = lib.mdDoc "Group under which sniproxy runs."; + description = "Group under which sniproxy runs."; }; config = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "sniproxy.conf configuration excluding the daemon username and pid file."; + description = "sniproxy.conf configuration excluding the daemon username and pid file."; example = '' error_log { filename /var/log/sniproxy/error.log diff --git a/nixpkgs/nixos/modules/services/networking/snowflake-proxy.nix b/nixpkgs/nixos/modules/services/networking/snowflake-proxy.nix index 19b68f1e20ba..078fb382bae6 100644 --- a/nixpkgs/nixos/modules/services/networking/snowflake-proxy.nix +++ b/nixpkgs/nixos/modules/services/networking/snowflake-proxy.nix @@ -8,28 +8,28 @@ in { options = { services.snowflake-proxy = { - enable = mkEnableOption (lib.mdDoc "snowflake-proxy, a system to defeat internet censorship"); + enable = mkEnableOption "snowflake-proxy, a system to defeat internet censorship"; broker = mkOption { - description = lib.mdDoc "Broker URL (default \"https://snowflake-broker.torproject.net/\")"; + description = "Broker URL (default \"https://snowflake-broker.torproject.net/\")"; type = with types; nullOr str; default = null; }; capacity = mkOption { - description = lib.mdDoc "Limits the amount of maximum concurrent clients allowed."; + description = "Limits the amount of maximum concurrent clients allowed."; type = with types; nullOr int; default = null; }; relay = mkOption { - description = lib.mdDoc "websocket relay URL (default \"wss://snowflake.bamsoftware.com/\")"; + description = "websocket relay URL (default \"wss://snowflake.bamsoftware.com/\")"; type = with types; nullOr str; default = null; }; stun = mkOption { - description = lib.mdDoc "STUN broker URL (default \"stun:stun.stunprotocol.org:3478\")"; + description = "STUN broker URL (default \"stun:stun.stunprotocol.org:3478\")"; type = with types; nullOr str; default = null; }; diff --git a/nixpkgs/nixos/modules/services/networking/softether.nix b/nixpkgs/nixos/modules/services/networking/softether.nix index 234832ea0c0f..1844b0a88b0a 100644 --- a/nixpkgs/nixos/modules/services/networking/softether.nix +++ b/nixpkgs/nixos/modules/services/networking/softether.nix @@ -16,27 +16,27 @@ in services.softether = { - enable = mkEnableOption (lib.mdDoc "SoftEther VPN services"); + enable = mkEnableOption "SoftEther VPN services"; package = mkPackageOption pkgs "softether" { }; - vpnserver.enable = mkEnableOption (lib.mdDoc "SoftEther VPN Server"); + vpnserver.enable = mkEnableOption "SoftEther VPN Server"; - vpnbridge.enable = mkEnableOption (lib.mdDoc "SoftEther VPN Bridge"); + vpnbridge.enable = mkEnableOption "SoftEther VPN Bridge"; vpnclient = { - enable = mkEnableOption (lib.mdDoc "SoftEther VPN Client"); + enable = mkEnableOption "SoftEther VPN Client"; up = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Shell commands executed when the Virtual Network Adapter(s) is/are starting. ''; }; down = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Shell commands executed when the Virtual Network Adapter(s) is/are shutting down. ''; }; @@ -45,7 +45,7 @@ in dataDir = mkOption { type = types.path; default = "/var/lib/softether"; - description = lib.mdDoc '' + description = '' Data directory for SoftEther VPN. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/soju.nix b/nixpkgs/nixos/modules/services/networking/soju.nix index d69ec08ca13a..0f4969b930e4 100644 --- a/nixpkgs/nixos/modules/services/networking/soju.nix +++ b/nixpkgs/nixos/modules/services/networking/soju.nix @@ -5,7 +5,10 @@ with lib; let cfg = config.services.soju; stateDir = "/var/lib/soju"; - listenCfg = concatMapStringsSep "\n" (l: "listen ${l}") cfg.listen; + runtimeDir = "/run/soju"; + listen = cfg.listen + ++ optional cfg.adminSocket.enable "unix+admin://${runtimeDir}/admin"; + listenCfg = concatMapStringsSep "\n" (l: "listen ${l}") listen; tlsCfg = optionalString (cfg.tlsCertificate != null) "tls ${cfg.tlsCertificate} ${cfg.tlsCertificateKey}"; logCfg = optionalString cfg.enableMessageLogging @@ -22,17 +25,23 @@ let ${cfg.extraConfig} ''; + + sojuctl = pkgs.writeShellScriptBin "sojuctl" '' + exec ${cfg.package}/bin/sojuctl --config ${configFile} "$@" + ''; in { ###### interface options.services.soju = { - enable = mkEnableOption (lib.mdDoc "soju"); + enable = mkEnableOption "soju"; + + package = mkPackageOption pkgs "soju" { }; listen = mkOption { type = types.listOf types.str; default = [ ":6697" ]; - description = lib.mdDoc '' + description = '' Where soju should listen for incoming connections. See the `listen` directive in {manpage}`soju(1)`. @@ -43,33 +52,41 @@ in type = types.str; default = config.networking.hostName; defaultText = literalExpression "config.networking.hostName"; - description = lib.mdDoc "Server hostname."; + description = "Server hostname."; }; tlsCertificate = mkOption { type = types.nullOr types.path; default = null; example = "/var/host.cert"; - description = lib.mdDoc "Path to server TLS certificate."; + description = "Path to server TLS certificate."; }; tlsCertificateKey = mkOption { type = types.nullOr types.path; default = null; example = "/var/host.key"; - description = lib.mdDoc "Path to server TLS certificate key."; + description = "Path to server TLS certificate key."; }; enableMessageLogging = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to enable message logging."; + description = "Whether to enable message logging."; + }; + + adminSocket.enable = mkOption { + type = types.bool; + default = true; + description = '' + Listen for admin connections from sojuctl at /run/soju/admin. + ''; }; httpOrigins = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' List of allowed HTTP origins for WebSocket listeners. The parameters are interpreted as shell patterns, see {manpage}`glob(7)`. @@ -79,7 +96,7 @@ in acceptProxyIP = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' Allow the specified IPs to act as a proxy. Proxys have the ability to overwrite the remote and local connection addresses (via the X-Forwarded-\* HTTP header fields). The special name "localhost" accepts the loopback @@ -90,7 +107,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Lines added verbatim to the configuration file."; + description = "Lines added verbatim to the configuration file."; }; }; @@ -107,6 +124,8 @@ in } ]; + environment.systemPackages = [ sojuctl ]; + systemd.services.soju = { description = "soju IRC bouncer"; wantedBy = [ "multi-user.target" ]; @@ -115,8 +134,9 @@ in serviceConfig = { DynamicUser = true; Restart = "always"; - ExecStart = "${pkgs.soju}/bin/soju -config ${configFile}"; + ExecStart = "${cfg.package}/bin/soju -config ${configFile}"; StateDirectory = "soju"; + RuntimeDirectory = "soju"; }; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/solanum.nix b/nixpkgs/nixos/modules/services/networking/solanum.nix index 07a37279fecc..f9d3c30b3bbb 100644 --- a/nixpkgs/nixos/modules/services/networking/solanum.nix +++ b/nixpkgs/nixos/modules/services/networking/solanum.nix @@ -16,7 +16,7 @@ in services.solanum = { - enable = mkEnableOption (lib.mdDoc "Solanum IRC daemon"); + enable = mkEnableOption "Solanum IRC daemon"; config = mkOption { type = types.str; @@ -44,7 +44,7 @@ in default_split_user_count = 0; }; ''; - description = lib.mdDoc '' + description = '' Solanum IRC daemon configuration file. check <https://github.com/solanum-ircd/solanum/blob/main/doc/reference.conf> for all options. ''; @@ -53,7 +53,7 @@ in openFilesLimit = mkOption { type = types.int; default = 1024; - description = lib.mdDoc '' + description = '' Maximum number of open files. Limits the clients and server connections. ''; }; @@ -61,7 +61,7 @@ in motd = mkOption { type = types.nullOr types.lines; default = null; - description = lib.mdDoc '' + description = '' Solanum MOTD text. Solanum will read its MOTD from `/etc/solanum/ircd.motd`. diff --git a/nixpkgs/nixos/modules/services/networking/spacecookie.nix b/nixpkgs/nixos/modules/services/networking/spacecookie.nix index 745c942ba60b..0e37b6d0305e 100644 --- a/nixpkgs/nixos/modules/services/networking/spacecookie.nix +++ b/nixpkgs/nixos/modules/services/networking/spacecookie.nix @@ -25,7 +25,7 @@ in { services.spacecookie = { - enable = mkEnableOption (lib.mdDoc "spacecookie"); + enable = mkEnableOption "spacecookie"; package = mkPackageOption pkgs "spacecookie" { example = "haskellPackages.spacecookie"; @@ -34,7 +34,7 @@ in { openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to open the necessary port in the firewall for spacecookie. ''; }; @@ -42,7 +42,7 @@ in { port = mkOption { type = types.port; default = 70; - description = lib.mdDoc '' + description = '' Port the gopher service should be exposed on. ''; }; @@ -50,7 +50,7 @@ in { address = mkOption { type = types.str; default = "[::]"; - description = lib.mdDoc '' + description = '' Address to listen on. Must be in the `ListenStream=` syntax of [systemd.socket(5)](https://www.freedesktop.org/software/systemd/man/systemd.socket.html). @@ -64,7 +64,7 @@ in { options.hostname = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc '' + description = '' The hostname the service is reachable via. Clients will use this hostname for further requests after loading the initial gopher menu. @@ -74,7 +74,7 @@ in { options.root = mkOption { type = types.path; default = "/srv/gopher"; - description = lib.mdDoc '' + description = '' The directory spacecookie should serve via gopher. Files in there need to be world-readable since the spacecookie service file sets @@ -83,13 +83,13 @@ in { }; options.log = { - enable = mkEnableOption (lib.mdDoc "logging for spacecookie") + enable = mkEnableOption "logging for spacecookie" // { default = true; example = false; }; hide-ips = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' If enabled, spacecookie will hide personal information of users like IP addresses from log output. @@ -103,7 +103,7 @@ in { # journald will add timestamps, so no need # to double up. default = true; - description = lib.mdDoc '' + description = '' If enabled, spacecookie will not print timestamps at the beginning of every log line. ''; @@ -116,14 +116,14 @@ in { "error" ]; default = "info"; - description = lib.mdDoc '' + description = '' Log level for the spacecookie service. ''; }; }; }; - description = lib.mdDoc '' + description = '' Settings for spacecookie. The settings set here are directly translated to the spacecookie JSON config file. See diff --git a/nixpkgs/nixos/modules/services/networking/spiped.nix b/nixpkgs/nixos/modules/services/networking/spiped.nix index 547317dbcbe2..ada36ee9be0b 100644 --- a/nixpkgs/nixos/modules/services/networking/spiped.nix +++ b/nixpkgs/nixos/modules/services/networking/spiped.nix @@ -11,7 +11,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable the spiped service module."; + description = "Enable the spiped service module."; }; config = mkOption { @@ -21,7 +21,7 @@ in encrypt = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Take unencrypted connections from the `source` socket and send encrypted connections to the `target` socket. @@ -31,7 +31,7 @@ in decrypt = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Take encrypted connections from the `source` socket and send unencrypted connections to the `target` socket. @@ -40,7 +40,7 @@ in source = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Address on which spiped should listen for incoming connections. Must be in one of the following formats: `/absolute/path/to/unix/socket`, @@ -56,12 +56,12 @@ in target = mkOption { type = types.str; - description = lib.mdDoc "Address to which spiped should connect."; + description = "Address to which spiped should connect."; }; keyfile = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' Name of a file containing the spiped key. As the daemon runs as the `spiped` user, the key file must be somewhere owned by that user. By @@ -73,7 +73,7 @@ in timeout = mkOption { type = types.int; default = 5; - description = lib.mdDoc '' + description = '' Timeout, in seconds, after which an attempt to connect to the target or a protocol handshake will be aborted (and the connection dropped) if not completed @@ -83,7 +83,7 @@ in maxConns = mkOption { type = types.int; default = 100; - description = lib.mdDoc '' + description = '' Limit on the number of simultaneous connections allowed. ''; }; @@ -91,7 +91,7 @@ in waitForDNS = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Wait for DNS. Normally when `spiped` is launched it resolves addresses and binds to its source socket before the parent process returns; with this option @@ -106,13 +106,13 @@ in disableKeepalives = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Disable transport layer keep-alives."; + description = "Disable transport layer keep-alives."; }; weakHandshake = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Use fast/weak handshaking: This reduces the CPU time spent in the initial connection setup, at the expense of losing perfect forward secrecy. @@ -122,7 +122,7 @@ in resolveRefresh = mkOption { type = types.int; default = 60; - description = lib.mdDoc '' + description = '' Resolution refresh time for the target socket, in seconds. ''; }; @@ -130,7 +130,7 @@ in disableReresolution = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Disable target address re-resolution."; + description = "Disable target address re-resolution."; }; }; } @@ -155,7 +155,7 @@ in } ''; - description = lib.mdDoc '' + description = '' Configuration for a secure pipe daemon. The daemon can be started, stopped, or examined using `systemctl`, under the name diff --git a/nixpkgs/nixos/modules/services/networking/squid.nix b/nixpkgs/nixos/modules/services/networking/squid.nix index 68f4dc3d6dc1..4865718b24f7 100644 --- a/nixpkgs/nixos/modules/services/networking/squid.nix +++ b/nixpkgs/nixos/modules/services/networking/squid.nix @@ -108,7 +108,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to run squid web proxy."; + description = "Whether to run squid web proxy."; }; package = mkPackageOption pkgs "squid" { }; @@ -116,19 +116,19 @@ in proxyAddress = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "IP address on which squid will listen."; + description = "IP address on which squid will listen."; }; proxyPort = mkOption { type = types.int; default = 3128; - description = lib.mdDoc "TCP port on which squid will listen."; + description = "TCP port on which squid will listen."; }; extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Squid configuration. Contents will be added verbatim to the configuration file. ''; @@ -137,7 +137,7 @@ in configText = mkOption { type = types.nullOr types.lines; default = null; - description = lib.mdDoc '' + description = '' Verbatim contents of squid.conf. If null (default), use the autogenerated file from NixOS instead. ''; diff --git a/nixpkgs/nixos/modules/services/networking/ssh/lshd.nix b/nixpkgs/nixos/modules/services/networking/ssh/lshd.nix index 129e42055514..a833d738f885 100644 --- a/nixpkgs/nixos/modules/services/networking/ssh/lshd.nix +++ b/nixpkgs/nixos/modules/services/networking/ssh/lshd.nix @@ -21,7 +21,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the GNU lshd SSH2 daemon, which allows secure remote login. ''; @@ -30,7 +30,7 @@ in portNumber = mkOption { default = 22; type = types.port; - description = lib.mdDoc '' + description = '' The port on which to listen for connections. ''; }; @@ -38,7 +38,7 @@ in interfaces = mkOption { default = []; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' List of network interfaces where listening for connections. When providing the empty list, `[]`, lshd listens on all network interfaces. @@ -49,7 +49,7 @@ in hostKey = mkOption { default = "/etc/lsh/host-key"; type = types.str; - description = lib.mdDoc '' + description = '' Path to the server's private key. Note that this key must have been created, e.g., using "lsh-keygen --server | lsh-writekey --server", so that you can run lshd. @@ -59,31 +59,31 @@ in syslog = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to enable syslog output."; + description = "Whether to enable syslog output."; }; passwordAuthentication = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to enable password authentication."; + description = "Whether to enable password authentication."; }; publicKeyAuthentication = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to enable public key authentication."; + description = "Whether to enable public key authentication."; }; rootLogin = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable remote root login."; + description = "Whether to enable remote root login."; }; loginShell = mkOption { default = null; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' If non-null, override the default login shell with the specified value. ''; @@ -93,7 +93,7 @@ in srpKeyExchange = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to enable SRP key exchange and user authentication. ''; }; @@ -101,18 +101,18 @@ in tcpForwarding = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to enable TCP/IP forwarding."; + description = "Whether to enable TCP/IP forwarding."; }; x11Forwarding = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to enable X11 forwarding."; + description = "Whether to enable X11 forwarding."; }; subsystems = mkOption { type = types.listOf types.path; - description = lib.mdDoc '' + description = '' List of subsystem-path pairs, where the head of the pair denotes the subsystem name, and the tail denotes the path to an executable implementing it. diff --git a/nixpkgs/nixos/modules/services/networking/ssh/sshd.nix b/nixpkgs/nixos/modules/services/networking/ssh/sshd.nix index e19b53f5f3ff..bc95679d5d3c 100644 --- a/nixpkgs/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixpkgs/nixos/modules/services/networking/ssh/sshd.nix @@ -68,7 +68,7 @@ let keys = mkOption { type = types.listOf types.singleLineStr; default = []; - description = lib.mdDoc '' + description = '' A list of verbatim OpenSSH public keys that should be added to the user's authorized keys. The keys are added to a file that the SSH daemon reads in addition to the the user's authorized_keys file. @@ -86,7 +86,7 @@ let keyFiles = mkOption { type = types.listOf types.path; default = []; - description = lib.mdDoc '' + description = '' A list of files each containing one OpenSSH public key that should be added to the user's authorized keys. The contents of the files are read at build time and added to a file that the SSH daemon reads in @@ -99,7 +99,7 @@ let options.openssh.authorizedPrincipals = mkOption { type = with types; listOf types.singleLineStr; default = []; - description = mdDoc '' + description = '' A list of verbatim principal names that should be added to the user's authorized principals. ''; @@ -163,7 +163,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the OpenSSH secure shell daemon, which allows secure remote logins. ''; @@ -172,7 +172,7 @@ in startWhenNeeded = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' If set, {command}`sshd` is socket-activated; that is, instead of having it permanently running as a daemon, systemd will start an instance for each incoming connection. @@ -182,7 +182,7 @@ in allowSFTP = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable the SFTP subsystem in the SSH daemon. This enables the use of commands such as {command}`sftp` and {command}`sshfs`. @@ -192,7 +192,7 @@ in sftpServerExecutable = mkOption { type = types.str; example = "internal-sftp"; - description = lib.mdDoc '' + description = '' The sftp server executable. Can be a path or "internal-sftp" to use the sftp server built into the sshd binary. ''; @@ -202,7 +202,7 @@ in type = with types; listOf str; default = []; example = [ "-f AUTHPRIV" "-l INFO" ]; - description = lib.mdDoc '' + description = '' Commandline flags to add to sftp-server. ''; }; @@ -210,7 +210,7 @@ in ports = mkOption { type = types.listOf types.port; default = [22]; - description = lib.mdDoc '' + description = '' Specifies on which ports the SSH daemon listens. ''; }; @@ -218,7 +218,7 @@ in openFirewall = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to automatically open the specified ports in the firewall. ''; }; @@ -229,14 +229,14 @@ in addr = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Host, IPv4 or IPv6 address to listen to. ''; }; port = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' Port to listen to. ''; }; @@ -244,7 +244,7 @@ in }); default = []; example = [ { addr = "192.168.3.1"; port = 22; } { addr = "0.0.0.0"; port = 64022; } ]; - description = lib.mdDoc '' + description = '' List of addresses and ports to listen on (ListenAddress directive in config). If port is not specified for address sshd will listen on all ports specified by `ports` option. @@ -264,7 +264,7 @@ in [ { type = "rsa"; bits = 4096; path = "/etc/ssh/ssh_host_rsa_key"; rounds = 100; openSSHFormat = true; } { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; rounds = 100; comment = "key comment"; } ]; - description = lib.mdDoc '' + description = '' NixOS can automatically generate SSH host keys. This option specifies the path, type and size of each key. See {manpage}`ssh-keygen(1)` for supported types @@ -275,7 +275,7 @@ in banner = mkOption { type = types.nullOr types.lines; default = null; - description = lib.mdDoc '' + description = '' Message to display to the remote user before authentication is allowed. ''; }; @@ -283,7 +283,7 @@ in authorizedKeysFiles = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' Specify the rules for which files to read on the host. This is an advanced option. If you're looking to configure user @@ -299,7 +299,7 @@ in authorizedKeysCommand = mkOption { type = types.str; default = "none"; - description = lib.mdDoc '' + description = '' Specifies a program to be used to look up the user's public keys. The program must be owned by root, not writable by group or others and specified by an absolute path. @@ -309,7 +309,7 @@ in authorizedKeysCommandUser = mkOption { type = types.str; default = "nobody"; - description = lib.mdDoc '' + description = '' Specifies the user under whose account the AuthorizedKeysCommand is run. It is recommended to use a dedicated user that has no other role on the host than running authorized keys commands. @@ -319,7 +319,7 @@ in settings = mkOption { - description = lib.mdDoc "Configuration for `sshd_config(5)`."; + description = "Configuration for `sshd_config(5)`."; default = { }; example = literalExpression '' { @@ -333,7 +333,7 @@ in AuthorizedPrincipalsFile = mkOption { type = types.str; default = "none"; # upstream default - description = lib.mdDoc '' + description = '' Specifies a file that lists principal names that are accepted for certificate authentication. The default is `"none"`, i.e. not to use a principals file. ''; @@ -341,16 +341,17 @@ in LogLevel = mkOption { type = types.enum [ "QUIET" "FATAL" "ERROR" "INFO" "VERBOSE" "DEBUG" "DEBUG1" "DEBUG2" "DEBUG3" ]; default = "INFO"; # upstream default - description = lib.mdDoc '' + description = '' Gives the verbosity level that is used when logging messages from sshd(8). Logging with a DEBUG level violates the privacy of users and is not recommended. ''; }; + UsePAM = mkEnableOption "PAM authentication" // { default = true; }; UseDns = mkOption { type = types.bool; # apply if cfg.useDns then "yes" else "no" default = false; - description = lib.mdDoc '' + description = '' Specifies whether sshd(8) should look up the remote host name, and to check that the resolved host name for the remote IP address maps back to the very same IP address. If this option is set to no (the default) then only addresses and not host names may be used in @@ -360,35 +361,35 @@ in X11Forwarding = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to allow X11 connections to be forwarded. ''; }; PasswordAuthentication = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Specifies whether password authentication is allowed. ''; }; PermitRootLogin = mkOption { default = "prohibit-password"; type = types.enum ["yes" "without-password" "prohibit-password" "forced-commands-only" "no"]; - description = lib.mdDoc '' + description = '' Whether the root user can login using ssh. ''; }; KbdInteractiveAuthentication = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Specifies whether keyboard-interactive authentication is allowed. ''; }; GatewayPorts = mkOption { type = types.str; default = "no"; - description = lib.mdDoc '' + description = '' Specifies whether remote hosts are allowed to connect to ports forwarded for the client. See {manpage}`sshd_config(5)`. @@ -402,7 +403,7 @@ in "curve25519-sha256@libssh.org" "diffie-hellman-group-exchange-sha256" ]; - description = lib.mdDoc '' + description = '' Allowed key exchange algorithms Uses the lower bound recommended in both @@ -418,7 +419,7 @@ in "hmac-sha2-256-etm@openssh.com" "umac-128-etm@openssh.com" ]; - description = lib.mdDoc '' + description = '' Allowed MACs Defaults to recommended settings from both @@ -430,7 +431,7 @@ in StrictModes = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether sshd should check file modes and ownership of directories ''; }; @@ -444,7 +445,7 @@ in "aes192-ctr" "aes128-ctr" ]; - description = lib.mdDoc '' + description = '' Allowed ciphers Defaults to recommended settings from both @@ -456,7 +457,7 @@ in AllowUsers = mkOption { type = with types; nullOr (listOf str); default = null; - description = lib.mdDoc '' + description = '' If specified, login is allowed only for the listed users. See {manpage}`sshd_config(5)` for details. ''; @@ -464,7 +465,7 @@ in DenyUsers = mkOption { type = with types; nullOr (listOf str); default = null; - description = lib.mdDoc '' + description = '' If specified, login is denied for all listed users. Takes precedence over [](#opt-services.openssh.settings.AllowUsers). See {manpage}`sshd_config(5)` for details. @@ -473,7 +474,7 @@ in AllowGroups = mkOption { type = with types; nullOr (listOf str); default = null; - description = lib.mdDoc '' + description = '' If specified, login is allowed only for users part of the listed groups. See {manpage}`sshd_config(5)` for details. @@ -482,13 +483,15 @@ in DenyGroups = mkOption { type = with types; nullOr (listOf str); default = null; - description = lib.mdDoc '' + description = '' If specified, login is denied for all users part of the listed groups. Takes precedence over [](#opt-services.openssh.settings.AllowGroups). See {manpage}`sshd_config(5)` for details. ''; }; + # Disabled by default, since pam_motd handles this. + PrintMotd = mkEnableOption "printing /etc/motd when a user logs in interactively"; }; }); }; @@ -496,13 +499,13 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Verbatim contents of {file}`sshd_config`."; + description = "Verbatim contents of {file}`sshd_config`."; }; moduliFile = mkOption { example = "/etc/my-local-ssh-moduli;"; type = types.path; - description = lib.mdDoc '' + description = '' Path to `moduli` file to install in `/etc/ssh/moduli`. If this option is unset, then the `moduli` file shipped with OpenSSH will be used. @@ -624,7 +627,7 @@ in networking.firewall.allowedTCPPorts = optionals cfg.openFirewall cfg.ports; - security.pam.services.sshd = + security.pam.services.sshd = lib.mkIf cfg.settings.UsePAM { startSession = true; showMotd = true; unixAuth = cfg.settings.PasswordAuthentication; @@ -640,8 +643,6 @@ in services.openssh.extraConfig = mkOrder 0 '' - UsePAM yes - Banner ${if cfg.banner == null then "none" else pkgs.writeText "ssh_banner" cfg.banner} AddressFamily ${if config.networking.enableIPv6 then "any" else "inet"} @@ -659,7 +660,6 @@ in ${optionalString cfg.allowSFTP '' Subsystem sftp ${cfg.sftpServerExecutable} ${concatStringsSep " " cfg.sftpFlags} ''} - PrintMotd no # handled by pam_motd AuthorizedKeysFile ${toString cfg.authorizedKeysFiles} ${optionalString (cfg.authorizedKeysCommand != "none") '' AuthorizedKeysCommand ${cfg.authorizedKeysCommand} diff --git a/nixpkgs/nixos/modules/services/networking/sslh.nix b/nixpkgs/nixos/modules/services/networking/sslh.nix index dd29db510020..aad9e284d92c 100644 --- a/nixpkgs/nixos/modules/services/networking/sslh.nix +++ b/nixpkgs/nixos/modules/services/networking/sslh.nix @@ -23,12 +23,12 @@ in meta.buildDocsInSandbox = false; options.services.sslh = { - enable = mkEnableOption (lib.mdDoc "sslh, protocol demultiplexer"); + enable = mkEnableOption "sslh, protocol demultiplexer"; method = mkOption { type = types.enum [ "fork" "select" "ev" ]; default = "fork"; - description = lib.mdDoc '' + description = '' The method to use for handling connections: - `fork` forks a new process for each incoming connection. It is @@ -47,13 +47,13 @@ in listenAddresses = mkOption { type = with types; coercedTo str singleton (listOf str); default = [ "0.0.0.0" "[::]" ]; - description = lib.mdDoc "Listening addresses or hostnames."; + description = "Listening addresses or hostnames."; }; port = mkOption { type = types.port; default = 443; - description = lib.mdDoc "Listening port."; + description = "Listening port."; }; settings = mkOption { @@ -63,13 +63,13 @@ in options.timeout = mkOption { type = types.ints.unsigned; default = 2; - description = lib.mdDoc "Timeout in seconds."; + description = "Timeout in seconds."; }; options.transparent = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether the services behind sslh (Apache, sshd and so on) will see the external IP and ports as if the external world connected directly to them. @@ -79,7 +79,7 @@ in options.verbose-connections = mkOption { type = types.ints.between 0 4; default = 0; - description = lib.mdDoc '' + description = '' Where to log connections information. Possible values are: 0. don't log anything @@ -93,7 +93,7 @@ in options.numeric = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to disable reverse DNS lookups, thus keeping IP address literals in the log. ''; @@ -109,7 +109,7 @@ in { name = "tls"; host = "localhost"; port = "443"; } { name = "anyprot"; host = "localhost"; port = "443"; } ]; - description = lib.mdDoc '' + description = '' List of protocols sslh will probe for and redirect. Each protocol entry consists of: @@ -129,7 +129,7 @@ in ''; }; }; - description = lib.mdDoc "sslh configuration. See {manpage}`sslh(8)` for available settings."; + description = "sslh configuration. See {manpage}`sslh(8)` for available settings."; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix b/nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix index c1f0aeb64e96..e6b5f6ffdeaf 100644 --- a/nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix +++ b/nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix @@ -11,14 +11,14 @@ let swanctlParams = import ./swanctl-params.nix lib; in { options.services.strongswan-swanctl = { - enable = mkEnableOption (lib.mdDoc "strongswan-swanctl service"); + enable = mkEnableOption "strongswan-swanctl service"; package = mkPackageOption pkgs "strongswan" { }; strongswan.extraConfig = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Contents of the `strongswan.conf` file. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/strongswan-swanctl/param-constructors.nix b/nixpkgs/nixos/modules/services/networking/strongswan-swanctl/param-constructors.nix index dc6d8f48e626..8746cfc58f72 100644 --- a/nixpkgs/nixos/modules/services/networking/strongswan-swanctl/param-constructors.nix +++ b/nixpkgs/nixos/modules/services/networking/strongswan-swanctl/param-constructors.nix @@ -57,8 +57,8 @@ rec { documentDefault = description : strongswanDefault : if strongswanDefault == null - then mdDoc description - else mdDoc (description + '' + then description + else (description + '' StrongSwan default: ````${builtins.toJSON strongswanDefault}```` @@ -121,7 +121,7 @@ rec { option = mkOption { type = types.attrsOf option; default = {}; - description = mdDoc description; + description = description; }; render = single (attrs: (paramsToRenderedStrings attrs @@ -139,7 +139,7 @@ rec { option = mkOption { type = types.attrsOf option; default = {}; - description = mdDoc description; + description = description; }; render = prefix: attrs: let prefixedAttrs = mapAttrs' (name: nameValuePair "${prefix}-${name}") attrs; @@ -152,7 +152,7 @@ rec { option = mkOption { type = types.attrsOf (types.submodule {options = paramsToOptions params;}); default = {}; - description = lib.mdDoc description; + description = description; }; render = postfix: attrs: let postfixedAttrs = mapAttrs' (name: nameValuePair "${name}-${postfix}") attrs; diff --git a/nixpkgs/nixos/modules/services/networking/strongswan.nix b/nixpkgs/nixos/modules/services/networking/strongswan.nix index dcf04d2a1917..0c04a9c85396 100644 --- a/nixpkgs/nixos/modules/services/networking/strongswan.nix +++ b/nixpkgs/nixos/modules/services/networking/strongswan.nix @@ -51,13 +51,13 @@ let in { options.services.strongswan = { - enable = mkEnableOption (lib.mdDoc "strongSwan"); + enable = mkEnableOption "strongSwan"; secrets = mkOption { type = types.listOf types.str; default = []; example = [ "/run/keys/ipsec-foo.secret" ]; - description = lib.mdDoc '' + description = '' A list of paths to IPSec secret files. These files will be included into the main ipsec.secrets file with the `include` directive. It is safer if these @@ -69,7 +69,7 @@ in type = types.attrsOf types.str; default = {}; example = { cachecrls = "yes"; strictcrlpolicy = "yes"; }; - description = lib.mdDoc '' + description = '' A set of options for the ‘config setup’ section of the {file}`ipsec.conf` file. Defines general configuration parameters. @@ -94,7 +94,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' A set of connections and their options for the ‘conn xxx’ sections of the {file}`ipsec.conf` file. ''; @@ -110,7 +110,7 @@ in crluri = "http://crl2.strongswan.org/strongswan.crl"; }; }; - description = lib.mdDoc '' + description = '' A set of CAs (certification authorities) and their options for the ‘ca xxx’ sections of the {file}`ipsec.conf` file. @@ -120,7 +120,7 @@ in managePlugins = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' If set to true, this option will disable automatic plugin loading and then tell strongSwan to enable the plugins specified in the {option}`enabledPlugins` option. @@ -130,7 +130,7 @@ in enabledPlugins = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' A list of additional plugins to enable if {option}`managePlugins` is true. ''; diff --git a/nixpkgs/nixos/modules/services/networking/stubby.nix b/nixpkgs/nixos/modules/services/networking/stubby.nix index 183002ff72b9..0898daab0dae 100644 --- a/nixpkgs/nixos/modules/services/networking/stubby.nix +++ b/nixpkgs/nixos/modules/services/networking/stubby.nix @@ -25,7 +25,7 @@ in { options = { services.stubby = { - enable = mkEnableOption (lib.mdDoc "Stubby DNS resolver"); + enable = mkEnableOption "Stubby DNS resolver"; settings = mkOption { type = types.attrsOf settingsFormat.type; @@ -41,7 +41,7 @@ in { }]; }; ''; - description = lib.mdDoc '' + description = '' Content of the Stubby configuration file. All Stubby settings may be set or queried here. The default settings are available at `pkgs.stubby.passthru.settingsExample`. See @@ -66,7 +66,7 @@ in { default = null; type = types.nullOr (types.enum (attrNames logLevels ++ attrValues logLevels)); apply = v: if isString v then logLevels.${v} else v; - description = lib.mdDoc "Log verbosity (syslog keyword or level)."; + description = "Log verbosity (syslog keyword or level)."; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/stunnel.nix b/nixpkgs/nixos/modules/services/networking/stunnel.nix index 996e9b225392..9f9068c8e077 100644 --- a/nixpkgs/nixos/modules/services/networking/stunnel.nix +++ b/nixpkgs/nixos/modules/services/networking/stunnel.nix @@ -42,42 +42,42 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the stunnel TLS tunneling service."; + description = "Whether to enable the stunnel TLS tunneling service."; }; user = mkOption { type = with types; nullOr str; default = "nobody"; - description = lib.mdDoc "The user under which stunnel runs."; + description = "The user under which stunnel runs."; }; group = mkOption { type = with types; nullOr str; default = "nogroup"; - description = lib.mdDoc "The group under which stunnel runs."; + description = "The group under which stunnel runs."; }; logLevel = mkOption { type = types.enum [ "emerg" "alert" "crit" "err" "warning" "notice" "info" "debug" ]; default = "info"; - description = lib.mdDoc "Verbosity of stunnel output."; + description = "Verbosity of stunnel output."; }; fipsMode = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable FIPS 140-2 mode required for compliance."; + description = "Enable FIPS 140-2 mode required for compliance."; }; enableInsecureSSLv3 = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable support for the insecure SSLv3 protocol."; + description = "Enable support for the insecure SSLv3 protocol."; }; servers = mkOption { - description = lib.mdDoc '' + description = '' Define the server configurations. See "SERVICE-LEVEL OPTIONS" in {manpage}`stunnel(8)`. @@ -94,7 +94,7 @@ in }; clients = mkOption { - description = lib.mdDoc '' + description = '' Define the client configurations. By default, verifyChain and OCSPaia are enabled and a CAFile is provided from pkgs.cacert. diff --git a/nixpkgs/nixos/modules/services/networking/sunshine.nix b/nixpkgs/nixos/modules/services/networking/sunshine.nix new file mode 100644 index 000000000000..0749eaee95d8 --- /dev/null +++ b/nixpkgs/nixos/modules/services/networking/sunshine.nix @@ -0,0 +1,163 @@ +{ config, lib, pkgs, utils, ... }: +let + inherit (lib) mkEnableOption mkPackageOption mkOption mkIf mkDefault types optionals getExe; + inherit (utils) escapeSystemdExecArgs; + cfg = config.services.sunshine; + + # ports used are offset from a single base port, see https://docs.lizardbyte.dev/projects/sunshine/en/latest/about/advanced_usage.html#port + generatePorts = port: offsets: map (offset: port + offset) offsets; + defaultPort = 47989; + + appsFormat = pkgs.formats.json { }; + settingsFormat = pkgs.formats.keyValue { }; + + appsFile = appsFormat.generate "apps.json" cfg.applications; + configFile = settingsFormat.generate "sunshine.conf" cfg.settings; +in +{ + options.services.sunshine = with types; { + enable = mkEnableOption "Sunshine, a self-hosted game stream host for Moonlight"; + package = mkPackageOption pkgs "sunshine" { }; + openFirewall = mkOption { + type = bool; + default = false; + description = '' + Whether to automatically open ports in the firewall. + ''; + }; + capSysAdmin = mkOption { + type = bool; + default = false; + description = '' + Whether to give the Sunshine binary CAP_SYS_ADMIN, required for DRM/KMS screen capture. + ''; + }; + autoStart = mkOption { + type = bool; + default = true; + description = '' + Whether sunshine should be started automatically. + ''; + }; + settings = mkOption { + default = { }; + description = '' + Settings to be rendered into the configuration file. If this is set, no configuration is possible from the web UI. + + See https://docs.lizardbyte.dev/projects/sunshine/en/latest/about/advanced_usage.html#configuration for syntax. + ''; + example = '' + { + sunshine_name = "nixos"; + } + ''; + type = submodule (settings: { + freeformType = settingsFormat.type; + options.port = mkOption { + type = port; + default = defaultPort; + description = '' + Base port -- others used are offset from this one, see https://docs.lizardbyte.dev/projects/sunshine/en/latest/about/advanced_usage.html#port for details. + ''; + }; + }); + }; + applications = mkOption { + default = { }; + description = '' + Configuration for applications to be exposed to Moonlight. If this is set, no configuration is possible from the web UI, and must be by the `settings` option. + ''; + example = '' + { + env = { + PATH = "$(PATH):$(HOME)/.local/bin"; + }; + apps = [ + { + name = "1440p Desktop"; + prep-cmd = [ + { + do = "''${pkgs.kdePackages.libkscreen}/bin/kscreen-doctor output.DP-4.mode.2560x1440@144"; + undo = "''${pkgs.kdePackages.libkscreen}/bin/kscreen-doctor output.DP-4.mode.3440x1440@144"; + } + ]; + exclude-global-prep-cmd = "false"; + auto-detach = "true"; + } + ]; + } + ''; + type = submodule { + options = { + env = mkOption { + default = { }; + description = '' + Environment variables to be set for the applications. + ''; + type = attrsOf str; + }; + apps = mkOption { + default = [ ]; + description = '' + Applications to be exposed to Moonlight. + ''; + type = listOf attrs; + }; + }; + }; + }; + }; + + config = mkIf cfg.enable { + services.sunshine.settings.file_apps = mkIf (cfg.applications.apps != [ ]) "${appsFile}"; + + environment.systemPackages = [ + cfg.package + ]; + + networking.firewall = mkIf cfg.openFirewall { + allowedTCPPorts = generatePorts cfg.settings.port [ (-5) 0 1 21 ]; + allowedUDPPorts = generatePorts cfg.settings.port [ 9 10 11 13 21 ]; + }; + + boot.kernelModules = [ "uinput" ]; + + services.udev.packages = [ cfg.package ]; + + services.avahi = { + enable = mkDefault true; + publish = { + enable = mkDefault true; + userServices = mkDefault true; + }; + }; + + security.wrappers.sunshine = mkIf cfg.capSysAdmin { + owner = "root"; + group = "root"; + capabilities = "cap_sys_admin+p"; + source = getExe cfg.package; + }; + + systemd.user.services.sunshine = { + description = "Self-hosted game stream host for Moonlight"; + + wantedBy = mkIf cfg.autoStart [ "graphical-session.target" ]; + partOf = [ "graphical-session.target" ]; + wants = [ "graphical-session.target" ]; + after = [ "graphical-session.target" ]; + + startLimitIntervalSec = 500; + startLimitBurst = 5; + + serviceConfig = { + # only add configFile if an application or a setting other than the default port is set to allow configuration from web UI + ExecStart = escapeSystemdExecArgs ([ + (if cfg.capSysAdmin then "${config.security.wrapperDir}/sunshine" else "${getExe cfg.package}") + ] ++ optionals (cfg.applications.apps != [ ] || (builtins.length (builtins.attrNames cfg.settings) > 1 || cfg.settings.port != defaultPort)) [ "${configFile}" ]); + Restart = "on-failure"; + RestartSec = "5s"; + }; + }; + }; +} diff --git a/nixpkgs/nixos/modules/services/networking/supplicant.nix b/nixpkgs/nixos/modules/services/networking/supplicant.nix index 13d84736e2c2..52645500d4f6 100644 --- a/nixpkgs/nixos/modules/services/networking/supplicant.nix +++ b/nixpkgs/nixos/modules/services/networking/supplicant.nix @@ -74,7 +74,7 @@ in type = types.nullOr types.path; default = null; example = literalExpression "/etc/wpa_supplicant.conf"; - description = lib.mdDoc '' + description = '' External `wpa_supplicant.conf` configuration file. The configuration options defined declaratively within `networking.supplicant` have precedence over options defined in `configFile`. @@ -84,7 +84,7 @@ in writable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether the configuration file at `configFile.path` should be written to by `wpa_supplicant`. ''; @@ -109,7 +109,7 @@ in model_name=NixOS_Unstable model_number=2015 ''; - description = lib.mdDoc '' + description = '' Configuration options for `wpa_supplicant.conf`. Options defined here have precedence over options in `configFile`. NOTE: Do not write sensitive data into `extraConf` as it will @@ -122,20 +122,19 @@ in type = types.str; default = ""; example = "-e/run/wpa_supplicant/entropy.bin"; - description = - lib.mdDoc "Command line arguments to add when executing `wpa_supplicant`."; + description = "Command line arguments to add when executing `wpa_supplicant`."; }; driver = mkOption { type = types.nullOr types.str; default = "nl80211,wext"; - description = lib.mdDoc "Force a specific wpa_supplicant driver."; + description = "Force a specific wpa_supplicant driver."; }; bridge = mkOption { type = types.str; default = ""; - description = lib.mdDoc "Name of the bridge interface that wpa_supplicant should listen at."; + description = "Name of the bridge interface that wpa_supplicant should listen at."; }; userControlled = { @@ -143,7 +142,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Allow normal users to control wpa_supplicant through wpa_gui or wpa_cli. This is useful for laptop users that switch networks a lot and don't want to depend on a large package such as NetworkManager just to pick nearby @@ -154,14 +153,14 @@ in socketDir = mkOption { type = types.str; default = "/run/wpa_supplicant"; - description = lib.mdDoc "Directory of sockets for controlling wpa_supplicant."; + description = "Directory of sockets for controlling wpa_supplicant."; }; group = mkOption { type = types.str; default = "wheel"; example = "network"; - description = lib.mdDoc "Members of this group can control wpa_supplicant."; + description = "Members of this group can control wpa_supplicant."; }; }; @@ -184,7 +183,7 @@ in } ''; - description = lib.mdDoc '' + description = '' Interfaces for which to start {command}`wpa_supplicant`. The supplicant is used to scan for and associate with wireless networks, or to authenticate with 802.1x capable network switches. diff --git a/nixpkgs/nixos/modules/services/networking/supybot.nix b/nixpkgs/nixos/modules/services/networking/supybot.nix index 22ba015cc55d..f72e2351a6b0 100644 --- a/nixpkgs/nixos/modules/services/networking/supybot.nix +++ b/nixpkgs/nixos/modules/services/networking/supybot.nix @@ -16,7 +16,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable Supybot, an IRC bot (also known as Limnoria)."; + description = "Enable Supybot, an IRC bot (also known as Limnoria)."; }; stateDir = mkOption { @@ -25,12 +25,12 @@ in then "/var/lib/supybot" else "/home/supybot"; defaultText = literalExpression "/var/lib/supybot"; - description = lib.mdDoc "The root directory, logs and plugins are stored here"; + description = "The root directory, logs and plugins are stored here"; }; configFile = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' Path to initial supybot config file. This can be generated by running supybot-wizard. @@ -42,7 +42,7 @@ in plugins = mkOption { type = types.attrsOf types.path; default = {}; - description = lib.mdDoc '' + description = '' Attribute set of additional plugins that will be symlinked to the {file}`plugin` subdirectory. @@ -67,7 +67,7 @@ in type = types.functionTo (types.listOf types.package); default = p: []; defaultText = literalExpression "p: []"; - description = lib.mdDoc '' + description = '' Extra Python packages available to supybot plugins. The value must be a function which receives the attrset defined in {var}`python3Packages` as the sole argument. diff --git a/nixpkgs/nixos/modules/services/networking/syncplay.nix b/nixpkgs/nixos/modules/services/networking/syncplay.nix index 151259b6d4ad..b56754ea3f2e 100644 --- a/nixpkgs/nixos/modules/services/networking/syncplay.nix +++ b/nixpkgs/nixos/modules/services/networking/syncplay.nix @@ -18,13 +18,13 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "If enabled, start the Syncplay server."; + description = "If enabled, start the Syncplay server."; }; port = mkOption { type = types.port; default = 8999; - description = lib.mdDoc '' + description = '' TCP port to bind to. ''; }; @@ -32,7 +32,7 @@ in salt = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Salt to allow room operator passwords generated by this server instance to still work when the server is restarted. The salt will be readable in the nix store and the processlist. If this is not @@ -44,7 +44,7 @@ in saltFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Path to the file that contains the server salt. This allows room operator passwords generated by this server instance to still work when the server is restarted. `null`, the server doesn't load the @@ -56,7 +56,7 @@ in certDir = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' TLS certificates directory to use for encryption. See <https://github.com/Syncplay/syncplay/wiki/TLS-support>. ''; @@ -65,7 +65,7 @@ in extraArgs = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc '' + description = '' Additional arguments to be passed to the service. ''; }; @@ -73,7 +73,7 @@ in user = mkOption { type = types.str; default = "nobody"; - description = lib.mdDoc '' + description = '' User to use when running Syncplay. ''; }; @@ -81,7 +81,7 @@ in group = mkOption { type = types.str; default = "nogroup"; - description = lib.mdDoc '' + description = '' Group to use when running Syncplay. ''; }; @@ -89,7 +89,7 @@ in passwordFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Path to the file that contains the server password. If `null`, the server doesn't require a password. ''; diff --git a/nixpkgs/nixos/modules/services/networking/syncthing-relay.nix b/nixpkgs/nixos/modules/services/networking/syncthing-relay.nix index 64c4e731b982..b6bf3944e94c 100644 --- a/nixpkgs/nixos/modules/services/networking/syncthing-relay.nix +++ b/nixpkgs/nixos/modules/services/networking/syncthing-relay.nix @@ -22,13 +22,13 @@ in { ###### interface options.services.syncthing.relay = { - enable = mkEnableOption (lib.mdDoc "Syncthing relay service"); + enable = mkEnableOption "Syncthing relay service"; listenAddress = mkOption { type = types.str; default = ""; example = "1.2.3.4"; - description = lib.mdDoc '' + description = '' Address to listen on for relay traffic. ''; }; @@ -36,7 +36,7 @@ in { port = mkOption { type = types.port; default = 22067; - description = lib.mdDoc '' + description = '' Port to listen on for relay traffic. This port should be added to `networking.firewall.allowedTCPPorts`. ''; @@ -46,7 +46,7 @@ in { type = types.str; default = ""; example = "1.2.3.4"; - description = lib.mdDoc '' + description = '' Address to listen on for serving the relay status API. ''; }; @@ -54,7 +54,7 @@ in { statusPort = mkOption { type = types.port; default = 22070; - description = lib.mdDoc '' + description = '' Port to listen on for serving the relay status API. This port should be added to `networking.firewall.allowedTCPPorts`. ''; @@ -63,7 +63,7 @@ in { pools = mkOption { type = types.nullOr (types.listOf types.str); default = null; - description = lib.mdDoc '' + description = '' Relay pools to join. If null, uses the default global pool. ''; }; @@ -71,7 +71,7 @@ in { providedBy = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Human-readable description of the provider of the relay (you). ''; }; @@ -79,7 +79,7 @@ in { globalRateBps = mkOption { type = types.nullOr types.ints.positive; default = null; - description = lib.mdDoc '' + description = '' Global bandwidth rate limit in bytes per second. ''; }; @@ -87,7 +87,7 @@ in { perSessionRateBps = mkOption { type = types.nullOr types.ints.positive; default = null; - description = lib.mdDoc '' + description = '' Per session bandwidth rate limit in bytes per second. ''; }; @@ -95,7 +95,7 @@ in { extraOptions = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' Extra command line arguments to pass to strelaysrv. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/syncthing.nix b/nixpkgs/nixos/modules/services/networking/syncthing.nix index e0425792431e..45503ef89aaa 100644 --- a/nixpkgs/nixos/modules/services/networking/syncthing.nix +++ b/nixpkgs/nixos/modules/services/networking/syncthing.nix @@ -147,13 +147,12 @@ in { options = { services.syncthing = { - enable = mkEnableOption - (lib.mdDoc "Syncthing, a self-hosted open-source alternative to Dropbox and Bittorrent Sync"); + enable = mkEnableOption "Syncthing, a self-hosted open-source alternative to Dropbox and Bittorrent Sync"; cert = mkOption { type = types.nullOr types.str; default = null; - description = mdDoc '' + description = '' Path to the `cert.pem` file, which will be copied into Syncthing's [configDir](#opt-services.syncthing.configDir). ''; @@ -162,7 +161,7 @@ in { key = mkOption { type = types.nullOr types.str; default = null; - description = mdDoc '' + description = '' Path to the `key.pem` file, which will be copied into Syncthing's [configDir](#opt-services.syncthing.configDir). ''; @@ -171,7 +170,7 @@ in { overrideDevices = mkOption { type = types.bool; default = true; - description = mdDoc '' + description = '' Whether to delete the devices which are not configured via the [devices](#opt-services.syncthing.settings.devices) option. If set to `false`, devices added via the web @@ -182,7 +181,7 @@ in { overrideFolders = mkOption { type = types.bool; default = true; - description = mdDoc '' + description = '' Whether to delete the folders which are not configured via the [folders](#opt-services.syncthing.settings.folders) option. If set to `false`, folders added via the web @@ -197,7 +196,7 @@ in { # global options options = mkOption { default = {}; - description = mdDoc '' + description = '' The options element contains all other global configuration options ''; type = types.submodule ({ name, ... }: { @@ -206,7 +205,7 @@ in { localAnnounceEnabled = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to send announcements to the local LAN, also use such announcements to find other devices. ''; }; @@ -214,7 +213,7 @@ in { localAnnouncePort = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' The port on which to listen and send IPv4 broadcast announcements to. ''; }; @@ -222,7 +221,7 @@ in { relaysEnabled = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' When true, relays will be connected to and potentially used for device to device connections. ''; }; @@ -230,7 +229,7 @@ in { urAccepted = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' Whether the user has accepted to submit anonymous usage data. The default, 0, mean the user has not made a choice, and Syncthing will ask at some point in the future. "-1" means no, a number above zero means that that version of usage reporting has been accepted. @@ -240,7 +239,7 @@ in { limitBandwidthInLan = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to apply bandwidth limits to devices in the same broadcast domain as the local device. ''; }; @@ -248,7 +247,7 @@ in { maxFolderConcurrency = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' This option controls how many folders may concurrently be in I/O-intensive operations such as syncing or scanning. The mechanism is described in detail in a [separate chapter](https://docs.syncthing.net/advanced/option-max-concurrency.html). ''; @@ -260,7 +259,7 @@ in { # device settings devices = mkOption { default = {}; - description = mdDoc '' + description = '' Peers/devices which Syncthing should communicate with. Note that you can still add devices manually, but those changes @@ -280,14 +279,14 @@ in { name = mkOption { type = types.str; default = name; - description = lib.mdDoc '' + description = '' The name of the device. ''; }; id = mkOption { type = types.str; - description = mdDoc '' + description = '' The device ID. See <https://docs.syncthing.net/dev/device-ids.html>. ''; }; @@ -295,7 +294,7 @@ in { autoAcceptFolders = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Automatically create or share folders that this device advertises at the default path. See <https://docs.syncthing.net/users/config.html?highlight=autoaccept#config-file-format>. ''; @@ -308,7 +307,7 @@ in { # folder settings folders = mkOption { default = {}; - description = mdDoc '' + description = '' Folders which should be shared by Syncthing. Note that you can still add folders manually, but those changes @@ -330,7 +329,7 @@ in { enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to share this folder. This option is useful when you want to define all folders in one place, but not every machine should share all folders. @@ -345,7 +344,7 @@ in { description = types.str.description + " starting with / or ~/"; }; default = name; - description = lib.mdDoc '' + description = '' The path to the folder which should be shared. Only absolute paths (starting with `/`) and paths relative to the [user](#opt-services.syncthing.user)'s home directory @@ -356,7 +355,7 @@ in { id = mkOption { type = types.str; default = name; - description = lib.mdDoc '' + description = '' The ID of the folder. Must be the same on all devices. ''; }; @@ -364,7 +363,7 @@ in { label = mkOption { type = types.str; default = name; - description = lib.mdDoc '' + description = '' The label of the folder. ''; }; @@ -372,7 +371,7 @@ in { devices = mkOption { type = types.listOf types.str; default = []; - description = mdDoc '' + description = '' The devices this folder should be shared with. Each device must be defined in the [devices](#opt-services.syncthing.settings.devices) option. ''; @@ -380,7 +379,7 @@ in { versioning = mkOption { default = null; - description = mdDoc '' + description = '' How to keep changed/deleted files with Syncthing. There are 4 different types of versioning with different parameters. See <https://docs.syncthing.net/users/versioning.html>. @@ -426,7 +425,7 @@ in { options = { type = mkOption { type = enum [ "external" "simple" "staggered" "trashcan" ]; - description = mdDoc '' + description = '' The type of versioning. See <https://docs.syncthing.net/users/versioning.html>. ''; @@ -438,7 +437,7 @@ in { copyOwnershipFromParent = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' On Unix systems, tries to copy file/folder ownership from the parent directory (the directory it’s located in). Requires running Syncthing as a privileged user, or granting it additional capabilities (e.g. CAP_CHOWN on Linux). ''; @@ -450,7 +449,7 @@ in { }; }; default = {}; - description = mdDoc '' + description = '' Extra configuration options for Syncthing. See <https://docs.syncthing.net/users/config.html>. Note that this attribute set does not exactly match the documented @@ -486,7 +485,7 @@ in { guiAddress = mkOption { type = types.str; default = "127.0.0.1:8384"; - description = lib.mdDoc '' + description = '' The address to serve the web interface at. ''; }; @@ -494,7 +493,7 @@ in { systemService = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to auto-launch Syncthing as a system service. ''; }; @@ -503,7 +502,7 @@ in { type = types.str; default = defaultUser; example = "yourUser"; - description = mdDoc '' + description = '' The user to run Syncthing as. By default, a user named `${defaultUser}` will be created whose home directory is [dataDir](#opt-services.syncthing.dataDir). @@ -514,7 +513,7 @@ in { type = types.str; default = defaultGroup; example = "yourGroup"; - description = mdDoc '' + description = '' The group to run Syncthing under. By default, a group named `${defaultGroup}` will be created. ''; @@ -524,7 +523,7 @@ in { type = with types; nullOr str; default = null; example = "socks5://address.com:1234"; - description = mdDoc '' + description = '' Overwrites the all_proxy environment variable for the Syncthing process to the given value. This is normally used to let Syncthing connect through a SOCKS5 proxy server. @@ -536,7 +535,7 @@ in { type = types.path; default = "/var/lib/syncthing"; example = "/home/yourUser"; - description = lib.mdDoc '' + description = '' The path where synchronised directories will exist. ''; }; @@ -545,7 +544,7 @@ in { cond = versionAtLeast config.system.stateVersion "19.03"; in mkOption { type = types.path; - description = lib.mdDoc '' + description = '' The path where the settings and keys will exist. ''; default = cfg.dataDir + optionalString cond "/.config/syncthing"; @@ -561,7 +560,7 @@ in { databaseDir = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' The directory containing the database and logs. ''; default = cfg.configDir; @@ -572,7 +571,7 @@ in { type = types.listOf types.str; default = []; example = [ "--reset-deltas" ]; - description = lib.mdDoc '' + description = '' Extra flags passed to the syncthing command in the service definition. ''; }; @@ -581,7 +580,7 @@ in { type = types.bool; default = false; example = true; - description = lib.mdDoc '' + description = '' Whether to open the default ports in the firewall: TCP/UDP 22000 for transfers and UDP 21027 for discovery. diff --git a/nixpkgs/nixos/modules/services/networking/tailscale-auth.nix b/nixpkgs/nixos/modules/services/networking/tailscale-auth.nix new file mode 100644 index 000000000000..c3a515212e78 --- /dev/null +++ b/nixpkgs/nixos/modules/services/networking/tailscale-auth.nix @@ -0,0 +1,104 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) + getExe + maintainers + mkEnableOption + mkPackageOption + mkIf + mkOption + types + ; + cfg = config.services.tailscaleAuth; +in +{ + options.services.tailscaleAuth = { + enable = mkEnableOption "Enable tailscale.nginx-auth, to authenticate users via tailscale."; + + package = mkPackageOption pkgs "tailscale-nginx-auth" {}; + + user = mkOption { + type = types.str; + default = "tailscale-nginx-auth"; + description = "User which runs tailscale-nginx-auth"; + }; + + group = mkOption { + type = types.str; + default = "tailscale-nginx-auth"; + description = "Group which runs tailscale-nginx-auth"; + }; + + socketPath = mkOption { + default = "/run/tailscale-nginx-auth/tailscale-nginx-auth.sock"; + type = types.path; + description = '' + Path of the socket listening to authorization requests. + ''; + }; + }; + + config = mkIf cfg.enable { + services.tailscale.enable = true; + + users.users.${cfg.user} = { + isSystemUser = true; + inherit (cfg) group; + }; + users.groups.${cfg.group} = { }; + + systemd.sockets.tailscale-nginx-auth = { + description = "Tailscale NGINX Authentication socket"; + partOf = [ "tailscale-nginx-auth.service" ]; + wantedBy = [ "sockets.target" ]; + listenStreams = [ cfg.socketPath ]; + socketConfig = { + SocketMode = "0660"; + SocketUser = cfg.user; + SocketGroup = cfg.group; + }; + }; + + systemd.services.tailscale-nginx-auth = { + description = "Tailscale NGINX Authentication service"; + requires = [ "tailscale-nginx-auth.socket" ]; + + serviceConfig = { + ExecStart = getExe cfg.package; + RuntimeDirectory = "tailscale-nginx-auth"; + User = cfg.user; + Group = cfg.group; + + BindPaths = [ "/run/tailscale/tailscaled.sock" ]; + + CapabilityBoundingSet = ""; + DeviceAllow = ""; + LockPersonality = true; + MemoryDenyWriteExecute = true; + PrivateDevices = true; + PrivateUsers = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + RestrictNamespaces = true; + RestrictAddressFamilies = [ "AF_UNIX" ]; + RestrictRealtime = true; + RestrictSUIDSGID = true; + + SystemCallArchitectures = "native"; + SystemCallErrorNumber = "EPERM"; + SystemCallFilter = [ + "@system-service" + "~@cpu-emulation" "~@debug" "~@keyring" "~@memlock" "~@obsolete" "~@privileged" "~@setuid" + ]; + }; + }; + }; + + meta.maintainers = with maintainers; [ dan-theriault phaer ]; +} diff --git a/nixpkgs/nixos/modules/services/networking/tailscale.nix b/nixpkgs/nixos/modules/services/networking/tailscale.nix index 972299a4697a..a79e47d8491b 100644 --- a/nixpkgs/nixos/modules/services/networking/tailscale.nix +++ b/nixpkgs/nixos/modules/services/networking/tailscale.nix @@ -6,27 +6,27 @@ let cfg = config.services.tailscale; isNetworkd = config.networking.useNetworkd; in { - meta.maintainers = with maintainers; [ danderson mbaillie twitchyliquid64 mfrw ]; + meta.maintainers = with maintainers; [ mbaillie mfrw ]; options.services.tailscale = { - enable = mkEnableOption (lib.mdDoc "Tailscale client daemon"); + enable = mkEnableOption "Tailscale client daemon"; port = mkOption { type = types.port; default = 41641; - description = lib.mdDoc "The port to listen on for tunnel traffic (0=autoselect)."; + description = "The port to listen on for tunnel traffic (0=autoselect)."; }; interfaceName = mkOption { type = types.str; default = "tailscale0"; - description = lib.mdDoc ''The interface name for tunnel traffic. Use "userspace-networking" (beta) to not use TUN.''; + description = ''The interface name for tunnel traffic. Use "userspace-networking" (beta) to not use TUN.''; }; permitCertUid = mkOption { type = types.nullOr types.nonEmptyStr; default = null; - description = lib.mdDoc "Username or user ID of the user allowed to to fetch Tailscale TLS certificates for the node."; + description = "Username or user ID of the user allowed to to fetch Tailscale TLS certificates for the node."; }; package = lib.mkPackageOption pkgs "tailscale" {}; @@ -34,14 +34,14 @@ in { openFirewall = mkOption { default = false; type = types.bool; - description = lib.mdDoc "Whether to open the firewall for the specified port."; + description = "Whether to open the firewall for the specified port."; }; useRoutingFeatures = mkOption { type = types.enum [ "none" "client" "server" "both" ]; default = "none"; example = "server"; - description = lib.mdDoc '' + description = '' Enables settings required for Tailscale's routing features like subnet routers and exit nodes. To use these these features, you will still need to call `sudo tailscale up` with the relevant flags like `--advertise-exit-node` and `--exit-node`. @@ -55,20 +55,20 @@ in { type = types.nullOr types.path; default = null; example = "/run/secrets/tailscale_key"; - description = lib.mdDoc '' + description = '' A file containing the auth key. ''; }; extraUpFlags = mkOption { - description = lib.mdDoc "Extra flags to pass to {command}`tailscale up`."; + description = "Extra flags to pass to {command}`tailscale up`."; type = types.listOf types.str; default = []; example = ["--ssh"]; }; extraDaemonFlags = mkOption { - description = lib.mdDoc "Extra flags to pass to {command}`tailscaled`."; + description = "Extra flags to pass to {command}`tailscaled`."; type = types.listOf types.str; default = []; example = ["--no-logs-no-support"]; diff --git a/nixpkgs/nixos/modules/services/networking/tayga.nix b/nixpkgs/nixos/modules/services/networking/tayga.nix index 63423bf02922..1a0df33fe883 100644 --- a/nixpkgs/nixos/modules/services/networking/tayga.nix +++ b/nixpkgs/nixos/modules/services/networking/tayga.nix @@ -24,12 +24,12 @@ let options = { address = mkOption { type = types.str; - description = lib.mdDoc "IPv${toString v} address."; + description = "IPv${toString v} address."; }; prefixLength = mkOption { type = types.addCheck types.int (n: n >= 0 && n <= (if v == 4 then 32 else 128)); - description = lib.mdDoc '' + description = '' Subnet mask of the interface, specified as the number of bits in the prefix ("${if v == 4 then "24" else "64"}"). ''; @@ -42,19 +42,19 @@ let router = { address = mkOption { type = types.str; - description = lib.mdDoc "The IPv${toString v} address of the router."; + description = "The IPv${toString v} address of the router."; }; }; address = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "The source IPv${toString v} address of the TAYGA server."; + description = "The source IPv${toString v} address of the TAYGA server."; }; pool = mkOption { type = with types; nullOr (submodule (addrOpts v)); - description = lib.mdDoc "The pool of IPv${toString v} addresses which are used for translation."; + description = "The pool of IPv${toString v} addresses which are used for translation."; }; }; }; @@ -62,13 +62,13 @@ in { options = { services.tayga = { - enable = mkEnableOption (lib.mdDoc "Tayga"); + enable = mkEnableOption "Tayga"; package = mkPackageOption pkgs "tayga" { }; ipv4 = mkOption { type = types.submodule (versionOpts 4); - description = lib.mdDoc "IPv4-specific configuration."; + description = "IPv4-specific configuration."; example = literalExpression '' { address = "192.0.2.0"; @@ -85,7 +85,7 @@ in ipv6 = mkOption { type = types.submodule (versionOpts 6); - description = lib.mdDoc "IPv6-specific configuration."; + description = "IPv6-specific configuration."; example = literalExpression '' { address = "2001:db8::1"; @@ -103,13 +103,13 @@ in dataDir = mkOption { type = types.path; default = "/var/lib/tayga"; - description = lib.mdDoc "Directory for persistent data"; + description = "Directory for persistent data"; }; tunDevice = mkOption { type = types.str; default = "nat64"; - description = lib.mdDoc "Name of the nat64 tun device"; + description = "Name of the nat64 tun device"; }; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/tcpcrypt.nix b/nixpkgs/nixos/modules/services/networking/tcpcrypt.nix index f2115a6660cb..5a91054e1668 100644 --- a/nixpkgs/nixos/modules/services/networking/tcpcrypt.nix +++ b/nixpkgs/nixos/modules/services/networking/tcpcrypt.nix @@ -17,7 +17,7 @@ in networking.tcpcrypt.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable opportunistic TCP encryption. If the other end speaks Tcpcrypt, then your traffic will be encrypted; otherwise it will be sent in clear text. Thus, Tcpcrypt alone provides no diff --git a/nixpkgs/nixos/modules/services/networking/teamspeak3.nix b/nixpkgs/nixos/modules/services/networking/teamspeak3.nix index ff41539a6d9b..17a0021ae111 100644 --- a/nixpkgs/nixos/modules/services/networking/teamspeak3.nix +++ b/nixpkgs/nixos/modules/services/networking/teamspeak3.nix @@ -19,7 +19,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to run the Teamspeak3 voice communication server daemon. ''; }; @@ -27,7 +27,7 @@ in dataDir = mkOption { type = types.path; default = "/var/lib/teamspeak3-server"; - description = lib.mdDoc '' + description = '' Directory to store TS3 database and other state/data files. ''; }; @@ -35,7 +35,7 @@ in logPath = mkOption { type = types.path; default = "/var/log/teamspeak3-server/"; - description = lib.mdDoc '' + description = '' Directory to store log files in. ''; }; @@ -44,7 +44,7 @@ in type = types.nullOr types.str; default = null; example = "[::]"; - description = lib.mdDoc '' + description = '' IP on which the server instance will listen for incoming voice connections. Defaults to any IP. ''; }; @@ -52,7 +52,7 @@ in defaultVoicePort = mkOption { type = types.port; default = 9987; - description = lib.mdDoc '' + description = '' Default UDP port for clients to connect to virtual servers - used for first virtual server, subsequent ones will open on incrementing port numbers by default. ''; }; @@ -61,7 +61,7 @@ in type = types.nullOr types.str; default = null; example = "[::]"; - description = lib.mdDoc '' + description = '' IP on which the server instance will listen for incoming file transfer connections. Defaults to any IP. ''; }; @@ -69,7 +69,7 @@ in fileTransferPort = mkOption { type = types.port; default = 30033; - description = lib.mdDoc '' + description = '' TCP port opened for file transfers. ''; }; @@ -78,7 +78,7 @@ in type = types.nullOr types.str; default = null; example = "0.0.0.0"; - description = lib.mdDoc '' + description = '' IP on which the server instance will listen for incoming ServerQuery connections. Defaults to any IP. ''; }; @@ -86,7 +86,7 @@ in queryPort = mkOption { type = types.port; default = 10011; - description = lib.mdDoc '' + description = '' TCP port opened for ServerQuery connections using the raw telnet protocol. ''; }; @@ -94,7 +94,7 @@ in querySshPort = mkOption { type = types.port; default = 10022; - description = lib.mdDoc '' + description = '' TCP port opened for ServerQuery connections using the SSH protocol. ''; }; @@ -102,7 +102,7 @@ in queryHttpPort = mkOption { type = types.port; default = 10080; - description = lib.mdDoc '' + description = '' TCP port opened for ServerQuery connections using the HTTP protocol. ''; }; @@ -110,13 +110,13 @@ in openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Open ports in the firewall for the TeamSpeak3 server."; + description = "Open ports in the firewall for the TeamSpeak3 server."; }; openFirewallServerQuery = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Open ports in the firewall for the TeamSpeak3 serverquery (administration) system. Requires openFirewall."; + description = "Open ports in the firewall for the TeamSpeak3 serverquery (administration) system. Requires openFirewall."; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/technitium-dns-server.nix b/nixpkgs/nixos/modules/services/networking/technitium-dns-server.nix new file mode 100644 index 000000000000..0c8499e072d4 --- /dev/null +++ b/nixpkgs/nixos/modules/services/networking/technitium-dns-server.nix @@ -0,0 +1,109 @@ +{ + config, + lib, + pkgs, + ... +}: + +let + cfg = config.services.technitium-dns-server; + stateDir = "/var/lib/technitium-dns-server"; + inherit (lib) + mkEnableOption + mkPackageOption + mkOption + mkIf + types + ; +in +{ + options.services.technitium-dns-server = { + enable = mkEnableOption "Technitium DNS Server"; + + package = mkPackageOption pkgs "technitium-dns-server" { }; + + openFirewall = mkOption { + type = types.bool; + default = false; + description = '' + Whether to open ports in the firewall. + Standard ports are 53 (UDP and TCP, for DNS), 5380 and 53443 (TCP, HTTP and HTTPS for web interface). + Specify different or additional ports in options firewallUDPPorts and firewallTCPPorts if necessary. + ''; + }; + + firewallUDPPorts = mkOption { + type = with types; listOf int; + default = [ 53 ]; + description = '' + List of UDP ports to open in firewall. + ''; + }; + + firewallTCPPorts = mkOption { + type = with types; listOf int; + default = [ + 53 + 5380 # web interface HTTP + 53443 # web interface HTTPS + ]; + description = '' + List of TCP ports to open in firewall. + You might want to open ports 443 and 853 if you intend to use DNS over HTTPS or DNS over TLS. + ''; + }; + }; + + config = mkIf cfg.enable { + systemd.services.technitium-dns-server = { + description = "Technitium DNS Server"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + + serviceConfig = { + ExecStart = "${cfg.package}/bin/technitium-dns-server ${stateDir}"; + + DynamicUser = true; + + StateDirectory = "technitium-dns-server"; + WorkingDirectory = stateDir; + BindPaths = stateDir; + + Restart = "always"; + RestartSec = 10; + TimeoutStopSec = 10; + KillSignal = "SIGINT"; + + # Harden the service + LockPersonality = true; + NoNewPrivileges = true; + PrivateDevices = true; + PrivateMounts = true; + PrivateTmp = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectSystem = "strict"; + RemoveIPC = true; + RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX AF_NETLINK"; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + + AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ]; + CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ]; + }; + }; + + networking.firewall = mkIf cfg.openFirewall { + allowedUDPPorts = cfg.firewallUDPPorts; + allowedTCPPorts = cfg.firewallTCPPorts; + }; + }; + + meta.maintainers = with lib.maintainers; [ fabianrig ]; +} diff --git a/nixpkgs/nixos/modules/services/networking/teleport.nix b/nixpkgs/nixos/modules/services/networking/teleport.nix index add6b47315b1..e656d235e9fb 100644 --- a/nixpkgs/nixos/modules/services/networking/teleport.nix +++ b/nixpkgs/nixos/modules/services/networking/teleport.nix @@ -9,7 +9,7 @@ in { options = { services.teleport = with lib.types; { - enable = mkEnableOption (lib.mdDoc "the Teleport service"); + enable = mkEnableOption "the Teleport service"; package = mkPackageOption pkgs "teleport" { example = "teleport_11"; @@ -37,7 +37,7 @@ in auth_service.enabled = false; } ''; - description = lib.mdDoc '' + description = '' Contents of the `teleport.yaml` config file. The `--config` arguments will only be passed if this set is not empty. @@ -45,7 +45,7 @@ in ''; }; - insecure.enable = mkEnableOption (lib.mdDoc '' + insecure.enable = mkEnableOption '' starting teleport in insecure mode. This is dangerous! @@ -53,25 +53,25 @@ in Proceed with caution! Teleport starts with disabled certificate validation on Proxy Service, validation still occurs on Auth Service - ''); + ''; diag = { - enable = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption '' endpoints for monitoring purposes. See <https://goteleport.com/docs/setup/admin/troubleshooting/#troubleshooting/> - ''); + ''; addr = mkOption { type = str; default = "127.0.0.1"; - description = lib.mdDoc "Metrics and diagnostics address."; + description = "Metrics and diagnostics address."; }; port = mkOption { type = port; default = 3000; - description = lib.mdDoc "Metrics and diagnostics port."; + description = "Metrics and diagnostics port."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/tetrd.nix b/nixpkgs/nixos/modules/services/networking/tetrd.nix index 6284a5b1fb1b..0801ce129246 100644 --- a/nixpkgs/nixos/modules/services/networking/tetrd.nix +++ b/nixpkgs/nixos/modules/services/networking/tetrd.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: { - options.services.tetrd.enable = lib.mkEnableOption (lib.mdDoc "tetrd"); + options.services.tetrd.enable = lib.mkEnableOption "tetrd"; config = lib.mkIf config.services.tetrd.enable { environment = { diff --git a/nixpkgs/nixos/modules/services/networking/tftpd.nix b/nixpkgs/nixos/modules/services/networking/tftpd.nix index a4dc137daa4c..c9c0a2b321d5 100644 --- a/nixpkgs/nixos/modules/services/networking/tftpd.nix +++ b/nixpkgs/nixos/modules/services/networking/tftpd.nix @@ -11,7 +11,7 @@ with lib; services.tftpd.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable tftpd, a Trivial File Transfer Protocol server. The server will be run as an xinetd service. ''; @@ -20,7 +20,7 @@ with lib; services.tftpd.path = mkOption { type = types.path; default = "/srv/tftp"; - description = lib.mdDoc '' + description = '' Where the tftp server files are stored. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/thelounge.nix b/nixpkgs/nixos/modules/services/networking/thelounge.nix index 92da2e6c254b..0e064a1c0e00 100644 --- a/nixpkgs/nixos/modules/services/networking/thelounge.nix +++ b/nixpkgs/nixos/modules/services/networking/thelounge.nix @@ -23,14 +23,14 @@ in imports = [ (mkRemovedOptionModule [ "services" "thelounge" "private" ] "The option was renamed to `services.thelounge.public` to follow upstream changes.") ]; options.services.thelounge = { - enable = mkEnableOption (lib.mdDoc "The Lounge web IRC client"); + enable = mkEnableOption "The Lounge web IRC client"; package = mkPackageOption pkgs "thelounge" { }; public = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Make your The Lounge instance public. Setting this to `false` will require you to configure user accounts by using the ({command}`thelounge`) command or by adding @@ -42,7 +42,7 @@ in port = mkOption { type = types.port; default = 9000; - description = lib.mdDoc "TCP port to listen on for http connections."; + description = "TCP port to listen on for http connections."; }; extraConfig = mkOption { @@ -58,7 +58,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' The Lounge's {file}`config.js` contents as attribute set (will be converted to JSON to generate the configuration file). @@ -73,7 +73,7 @@ in default = [ ]; type = types.listOf types.package; example = literalExpression "[ pkgs.theLoungePlugins.themes.solarized ]"; - description = lib.mdDoc '' + description = '' The Lounge plugins to install. Plugins can be found in `pkgs.theLoungePlugins.plugins` and `pkgs.theLoungePlugins.themes`. ''; diff --git a/nixpkgs/nixos/modules/services/networking/tinc.nix b/nixpkgs/nixos/modules/services/networking/tinc.nix index eb769f53901c..5f625c10840b 100644 --- a/nixpkgs/nixos/modules/services/networking/tinc.nix +++ b/nixpkgs/nixos/modules/services/networking/tinc.nix @@ -24,13 +24,13 @@ let options = { address = mkOption { type = types.str; - description = lib.mdDoc "The external IP address or hostname where the host can be reached."; + description = "The external IP address or hostname where the host can be reached."; }; port = mkOption { type = types.nullOr types.port; default = null; - description = lib.mdDoc '' + description = '' The port where the host can be reached. If no port is specified, the default Port is used. @@ -43,7 +43,7 @@ let options = { address = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The subnet of this host. Subnets can either be single MAC, IPv4 or IPv6 addresses, in which case @@ -60,7 +60,7 @@ let prefixLength = mkOption { type = with types; nullOr (addCheck int (n: n >= 0 && n <= 128)); default = null; - description = lib.mdDoc '' + description = '' The prefix length of the subnet. If null, a subnet consisting of only that single address is assumed. @@ -72,7 +72,7 @@ let weight = mkOption { type = types.ints.unsigned; default = 10; - description = lib.mdDoc '' + description = '' Indicates the priority over identical Subnets owned by different nodes. Lower values indicate higher priority. Packets will be sent to the @@ -89,7 +89,7 @@ let addresses = mkOption { type = types.listOf (types.submodule addressSubmodule); default = [ ]; - description = lib.mdDoc '' + description = '' The external address where the host can be reached. This will set this host's {option}`settings.Address` option. @@ -100,7 +100,7 @@ let subnets = mkOption { type = types.listOf (types.submodule subnetSubmodule); default = [ ]; - description = lib.mdDoc '' + description = '' The subnets which this tinc daemon will serve. This will set this host's {option}`settings.Subnet` option. @@ -114,7 +114,7 @@ let rsaPublicKey = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Legacy RSA public key of the host in PEM format, including start and end markers. @@ -128,7 +128,7 @@ let settings = mkOption { default = { }; type = types.submodule { freeformType = tincConfType; }; - description = lib.mdDoc '' + description = '' Configuration for this host. See <https://tinc-vpn.org/documentation-1.1/Host-configuration-variables.html> @@ -167,7 +167,7 @@ in extraConfig = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Extra lines to add to the tinc service configuration file. Note that using the declarative {option}`service.tinc.networks.<name>.settings` @@ -178,7 +178,7 @@ in name = mkOption { default = null; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' The name of the node which is used as an identifier when communicating with the remote nodes in the mesh. If null then the hostname of the system is used to derive a name (note that tinc may replace non-alphanumeric characters in @@ -189,7 +189,7 @@ in ed25519PrivateKeyFile = mkOption { default = null; type = types.nullOr types.path; - description = lib.mdDoc '' + description = '' Path of the private ed25519 keyfile. ''; }; @@ -197,7 +197,7 @@ in rsaPrivateKeyFile = mkOption { default = null; type = types.nullOr types.path; - description = lib.mdDoc '' + description = '' Path of the private RSA keyfile. ''; }; @@ -205,7 +205,7 @@ in debugLevel = mkOption { default = 0; type = types.addCheck types.int (l: l >= 0 && l <= 5); - description = lib.mdDoc '' + description = '' The amount of debugging information to add to the log. 0 means little logging while 5 is the most logging. {command}`man tincd` for more details. @@ -215,7 +215,7 @@ in hosts = mkOption { default = { }; type = types.attrsOf types.lines; - description = lib.mdDoc '' + description = '' The name of the host in the network as well as the configuration for that host. This name should only contain alphanumerics and underscores. @@ -249,7 +249,7 @@ in } ''; type = types.attrsOf (types.submodule hostSubmodule); - description = lib.mdDoc '' + description = '' The name of the host in the network as well as the configuration for that host. This name should only contain alphanumerics and underscores. ''; @@ -258,7 +258,7 @@ in interfaceType = mkOption { default = "tun"; type = types.enum [ "tun" "tap" ]; - description = lib.mdDoc '' + description = '' The type of virtual interface used for the network connection. ''; }; @@ -266,7 +266,7 @@ in listenAddress = mkOption { default = null; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' The ip address to listen on for incoming connections. ''; }; @@ -274,7 +274,7 @@ in bindToAddress = mkOption { default = null; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' The ip address to bind to (both listen on and send packets from). ''; }; @@ -284,7 +284,7 @@ in chroot = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Change process root directory to the directory where the config file is located (/etc/tinc/netname/), for added security. The chroot is performed after all the initialization is done, after writing pid files and opening network sockets. @@ -302,7 +302,7 @@ in Mode = "switch"; } ''; - description = lib.mdDoc '' + description = '' Configuration of the Tinc daemon for this network. See <https://tinc-vpn.org/documentation-1.1/Main-configuration-variables.html> @@ -330,7 +330,7 @@ in }; })); - description = lib.mdDoc '' + description = '' Defines the tinc networks which will be started. Each network invokes a different daemon. ''; @@ -348,7 +348,7 @@ in (flip mapAttrsToList cfg.networks (network: data: flip mapAttrs' data.hosts (host: text: nameValuePair ("tinc/${network}/hosts/${host}") - ({ mode = "0644"; user = "tinc.${network}"; inherit text; }) + ({ mode = "0644"; user = "tinc-${network}"; inherit text; }) ) // { "tinc/${network}/tinc.conf" = { mode = "0444"; @@ -375,13 +375,13 @@ in Restart = "always"; RestartSec = "3"; ExecReload = mkIf (versionAtLeast version "1.1pre") "${data.package}/bin/tinc -n ${network} reload"; - ExecStart = "${data.package}/bin/tincd -D -U tinc.${network} -n ${network} ${optionalString (data.chroot) "-R"} --pidfile /run/tinc.${network}.pid -d ${toString data.debugLevel}"; + ExecStart = "${data.package}/bin/tincd -D -U tinc-${network} -n ${network} ${optionalString (data.chroot) "-R"} --pidfile /run/tinc.${network}.pid -d ${toString data.debugLevel}"; }; preStart = '' mkdir -p /etc/tinc/${network}/hosts - chown tinc.${network} /etc/tinc/${network}/hosts + chown tinc-${network} /etc/tinc/${network}/hosts mkdir -p /etc/tinc/${network}/invitations - chown tinc.${network} /etc/tinc/${network}/invitations + chown tinc-${network} /etc/tinc/${network}/invitations # Determine how we should generate our keys if type tinc >/dev/null 2>&1; then @@ -420,14 +420,14 @@ in in [ cli-wrappers ]; users.users = flip mapAttrs' cfg.networks (network: _: - nameValuePair ("tinc.${network}") ({ + nameValuePair ("tinc-${network}") ({ description = "Tinc daemon user for ${network}"; isSystemUser = true; - group = "tinc.${network}"; + group = "tinc-${network}"; }) ); users.groups = flip mapAttrs' cfg.networks (network: _: - nameValuePair "tinc.${network}" {} + nameValuePair "tinc-${network}" {} ); }); diff --git a/nixpkgs/nixos/modules/services/networking/tinydns.nix b/nixpkgs/nixos/modules/services/networking/tinydns.nix index ea91af5f1967..2c44ad49296d 100644 --- a/nixpkgs/nixos/modules/services/networking/tinydns.nix +++ b/nixpkgs/nixos/modules/services/networking/tinydns.nix @@ -10,19 +10,19 @@ with lib; enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc "Whether to run the tinydns dns server"; + description = "Whether to run the tinydns dns server"; }; data = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "The DNS data to serve, in the format described by tinydns-data(8)"; + description = "The DNS data to serve, in the format described by tinydns-data(8)"; }; ip = mkOption { default = "0.0.0.0"; type = types.str; - description = lib.mdDoc "IP address on which to listen for connections"; + description = "IP address on which to listen for connections"; }; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/tinyproxy.nix b/nixpkgs/nixos/modules/services/networking/tinyproxy.nix index 2b7509e99ca4..6e07c6a541e9 100644 --- a/nixpkgs/nixos/modules/services/networking/tinyproxy.nix +++ b/nixpkgs/nixos/modules/services/networking/tinyproxy.nix @@ -28,10 +28,10 @@ in options = { services.tinyproxy = { - enable = mkEnableOption (lib.mdDoc "Tinyproxy daemon"); + enable = mkEnableOption "Tinyproxy daemon"; package = mkPackageOption pkgs "tinyproxy" {}; settings = mkOption { - description = lib.mdDoc "Configuration for [tinyproxy](https://tinyproxy.github.io/)."; + description = "Configuration for [tinyproxy](https://tinyproxy.github.io/)."; default = { }; example = literalExpression ''{ Port 8888; @@ -47,28 +47,28 @@ in Listen = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc '' + description = '' Specify which address to listen to. ''; }; Port = mkOption { type = types.int; default = 8888; - description = lib.mdDoc '' + description = '' Specify which port to listen to. ''; }; Anonymous = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' If an `Anonymous` keyword is present, then anonymous proxying is enabled. The headers listed with `Anonymous` are allowed through, while all others are denied. If no Anonymous keyword is present, then all headers are allowed through. You must include quotes around the headers. ''; }; Filter = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Tinyproxy supports filtering of web sites based on URLs or domains. This option specifies the location of the file containing the filter rules, one rule per line. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/tmate-ssh-server.nix b/nixpkgs/nixos/modules/services/networking/tmate-ssh-server.nix index 6bee2721f9a7..349bc3d36939 100644 --- a/nixpkgs/nixos/modules/services/networking/tmate-ssh-server.nix +++ b/nixpkgs/nixos/modules/services/networking/tmate-ssh-server.nix @@ -16,13 +16,13 @@ let in { options.services.tmate-ssh-server = { - enable = mkEnableOption (mdDoc "tmate ssh server"); + enable = mkEnableOption "tmate ssh server"; package = mkPackageOption pkgs "tmate-ssh-server" { }; host = mkOption { type = types.str; - description = mdDoc "External host name"; + description = "External host name"; defaultText = lib.literalExpression "config.networking.domain or config.networking.hostName"; default = if domain == null then @@ -33,24 +33,24 @@ in port = mkOption { type = types.port; - description = mdDoc "Listen port for the ssh server"; + description = "Listen port for the ssh server"; default = 2222; }; openFirewall = mkOption { type = types.bool; default = false; - description = mdDoc "Whether to automatically open the specified ports in the firewall."; + description = "Whether to automatically open the specified ports in the firewall."; }; advertisedPort = mkOption { type = types.port; - description = mdDoc "External port advertised to clients"; + description = "External port advertised to clients"; }; keysDir = mkOption { type = with types; nullOr str; - description = mdDoc "Directory containing ssh keys, defaulting to auto-generation"; + description = "Directory containing ssh keys, defaulting to auto-generation"; default = null; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/tox-bootstrapd.nix b/nixpkgs/nixos/modules/services/networking/tox-bootstrapd.nix index 0f310a28d266..2c505fa3dcb7 100644 --- a/nixpkgs/nixos/modules/services/networking/tox-bootstrapd.nix +++ b/nixpkgs/nixos/modules/services/networking/tox-bootstrapd.nix @@ -22,8 +22,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = - lib.mdDoc '' + description = '' Whether to enable the Tox DHT bootstrap daemon. ''; }; @@ -31,20 +30,19 @@ in port = mkOption { type = types.port; default = 33445; - description = lib.mdDoc "Listening port (UDP)."; + description = "Listening port (UDP)."; }; keysFile = mkOption { type = types.str; default = "${WorkingDirectory}/keys"; - description = lib.mdDoc "Node key file."; + description = "Node key file."; }; extraConfig = mkOption { type = types.lines; default = ""; - description = - lib.mdDoc '' + description = '' Configuration for bootstrap daemon. See <https://github.com/irungentoo/toxcore/blob/master/other/bootstrap_daemon/tox-bootstrapd.conf> and <https://wiki.tox.chat/users/nodes>. diff --git a/nixpkgs/nixos/modules/services/networking/tox-node.nix b/nixpkgs/nixos/modules/services/networking/tox-node.nix index 884fd55dae51..e85b72c4db7c 100644 --- a/nixpkgs/nixos/modules/services/networking/tox-node.nix +++ b/nixpkgs/nixos/modules/services/networking/tox-node.nix @@ -28,47 +28,47 @@ let in { options.services.tox-node = { - enable = mkEnableOption (lib.mdDoc "Tox Node service"); + enable = mkEnableOption "Tox Node service"; logType = mkOption { type = types.enum [ "Stderr" "Stdout" "Syslog" "None" ]; default = "Stderr"; - description = lib.mdDoc "Logging implementation."; + description = "Logging implementation."; }; keysFile = mkOption { type = types.str; default = "${homeDir}/keys"; - description = lib.mdDoc "Path to the file where DHT keys are stored."; + description = "Path to the file where DHT keys are stored."; }; udpAddress = mkOption { type = types.str; default = "0.0.0.0:33445"; - description = lib.mdDoc "UDP address to run DHT node."; + description = "UDP address to run DHT node."; }; tcpAddresses = mkOption { type = types.listOf types.str; default = [ "0.0.0.0:33445" ]; - description = lib.mdDoc "TCP addresses to run TCP relay."; + description = "TCP addresses to run TCP relay."; }; tcpConnectionLimit = mkOption { type = types.int; default = 8192; - description = lib.mdDoc "Maximum number of active TCP connections relay can hold"; + description = "Maximum number of active TCP connections relay can hold"; }; lanDiscovery = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Enable local network discovery."; + description = "Enable local network discovery."; }; threads = mkOption { type = types.int; default = 1; - description = lib.mdDoc "Number of threads for execution"; + description = "Number of threads for execution"; }; motd = mkOption { type = types.str; default = "Hi from tox-rs! I'm up {{uptime}}. TCP: incoming {{tcp_packets_in}}, outgoing {{tcp_packets_out}}, UDP: incoming {{udp_packets_in}}, outgoing {{udp_packets_out}}"; - description = lib.mdDoc "Message of the day"; + description = "Message of the day"; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/toxvpn.nix b/nixpkgs/nixos/modules/services/networking/toxvpn.nix index 3a14b5f73091..e42ff3d8ea9b 100644 --- a/nixpkgs/nixos/modules/services/networking/toxvpn.nix +++ b/nixpkgs/nixos/modules/services/networking/toxvpn.nix @@ -5,25 +5,25 @@ with lib; { options = { services.toxvpn = { - enable = mkEnableOption (lib.mdDoc "toxvpn running on startup"); + enable = mkEnableOption "toxvpn running on startup"; localip = mkOption { type = types.str; default = "10.123.123.1"; - description = lib.mdDoc "your ip on the vpn"; + description = "your ip on the vpn"; }; port = mkOption { type = types.port; default = 33445; - description = lib.mdDoc "udp port for toxcore, port-forward to help with connectivity if you run many nodes behind one NAT"; + description = "udp port for toxcore, port-forward to help with connectivity if you run many nodes behind one NAT"; }; auto_add_peers = mkOption { type = types.listOf types.str; default = []; example = [ "toxid1" "toxid2" ]; - description = lib.mdDoc "peers to automatically connect to on startup"; + description = "peers to automatically connect to on startup"; }; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/trickster.nix b/nixpkgs/nixos/modules/services/networking/trickster.nix index 4b920ec446e0..21649f0303f3 100644 --- a/nixpkgs/nixos/modules/services/networking/trickster.nix +++ b/nixpkgs/nixos/modules/services/networking/trickster.nix @@ -15,7 +15,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable Trickster. ''; }; @@ -25,7 +25,7 @@ in configFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Path to configuration file. ''; }; @@ -33,7 +33,7 @@ in instance-id = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' Instance ID for when running multiple processes (default null). ''; }; @@ -41,7 +41,7 @@ in log-level = mkOption { type = types.str; default = "info"; - description = lib.mdDoc '' + description = '' Level of Logging to use (debug, info, warn, error) (default "info"). ''; }; @@ -49,7 +49,7 @@ in metrics-port = mkOption { type = types.port; default = 8082; - description = lib.mdDoc '' + description = '' Port that the /metrics endpoint will listen on. ''; }; @@ -57,7 +57,7 @@ in origin-type = mkOption { type = types.enum [ "prometheus" "influxdb" ]; default = "prometheus"; - description = lib.mdDoc '' + description = '' Type of origin (prometheus, influxdb) ''; }; @@ -65,7 +65,7 @@ in origin-url = mkOption { type = types.str; default = "http://prometheus:9090"; - description = lib.mdDoc '' + description = '' URL to the Origin. Enter it like you would in grafana, e.g., http://prometheus:9090 (default http://prometheus:9090). ''; }; @@ -73,7 +73,7 @@ in profiler-port = mkOption { type = types.nullOr types.port; default = null; - description = lib.mdDoc '' + description = '' Port that the /debug/pprof endpoint will listen on. ''; }; @@ -81,7 +81,7 @@ in proxy-port = mkOption { type = types.port; default = 9090; - description = lib.mdDoc '' + description = '' Port that the Proxy server will listen on. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/trust-dns.nix b/nixpkgs/nixos/modules/services/networking/trust-dns.nix index 47020341024b..039b7de26350 100644 --- a/nixpkgs/nixos/modules/services/networking/trust-dns.nix +++ b/nixpkgs/nixos/modules/services/networking/trust-dns.nix @@ -11,14 +11,14 @@ let options = with lib; { zone = mkOption { type = types.str; - description = mdDoc '' + description = '' Zone name, like "example.com", "localhost", or "0.0.127.in-addr.arpa". ''; }; zone_type = mkOption { type = types.enum [ "Primary" "Secondary" "Hint" "Forward" ]; default = "Primary"; - description = mdDoc '' + description = '' One of: - "Primary" (the master, authority for the zone). - "Secondary" (the slave, replicated from the primary). @@ -34,7 +34,7 @@ let type = types.either types.path types.str; default = "${config.zone}.zone"; defaultText = literalExpression ''"''${config.zone}.zone"''; - description = mdDoc '' + description = '' Path to the .zone file. If not fully-qualified, this path will be interpreted relative to the `directory` option. If omitted, defaults to the value of the `zone` option suffixed with ".zone". @@ -47,18 +47,18 @@ in meta.maintainers = with lib.maintainers; [ colinsane ]; options = { services.trust-dns = with lib; { - enable = mkEnableOption (lib.mdDoc "trust-dns"); + enable = mkEnableOption "trust-dns"; package = mkPackageOption pkgs "trust-dns" { extraDescription = '' ::: {.note} - The package must provide `meta.mainProgram` which names the server binayr; any other utilities (client, resolver) are not needed. + The package must provide `meta.mainProgram` which names the server binary; any other utilities (client, resolver) are not needed. ::: ''; }; quiet = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Log ERROR level messages only. This option is mutually exclusive with the `debug` option. If neither `quiet` nor `debug` are enabled, logging defaults to the INFO level. @@ -67,14 +67,14 @@ in debug = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Log DEBUG, INFO, WARN and ERROR messages. This option is mutually exclusive with the `debug` option. If neither `quiet` nor `debug` are enabled, logging defaults to the INFO level. ''; }; settings = mkOption { - description = lib.mdDoc '' + description = '' Settings for trust-dns. The options enumerated here are not exhaustive. Refer to upstream documentation for all available options: - [Example settings](https://github.com/bluejekyll/trust-dns/blob/main/tests/test-data/test_configs/example.toml) @@ -85,36 +85,36 @@ in listen_addrs_ipv4 = mkOption { type = types.listOf types.str; default = [ "0.0.0.0" ]; - description = mdDoc '' - List of ipv4 addresses on which to listen for DNS queries. + description = '' + List of ipv4 addresses on which to listen for DNS queries. ''; }; listen_addrs_ipv6 = mkOption { type = types.listOf types.str; default = lib.optional config.networking.enableIPv6 "::0"; defaultText = literalExpression ''lib.optional config.networking.enableIPv6 "::0"''; - description = mdDoc '' + description = '' List of ipv6 addresses on which to listen for DNS queries. ''; }; listen_port = mkOption { type = types.port; default = 53; - description = mdDoc '' + description = '' Port to listen on (applies to all listen addresses). ''; }; directory = mkOption { type = types.str; default = "/var/lib/trust-dns"; - description = mdDoc '' + description = '' The directory in which trust-dns should look for .zone files, whenever zones aren't specified by absolute path. ''; }; zones = mkOption { - description = mdDoc "List of zones to serve."; - default = {}; + description = "List of zones to serve."; + default = []; type = types.listOf (types.coercedTo types.str (zone: { inherit zone; }) zoneType); }; }; diff --git a/nixpkgs/nixos/modules/services/networking/tvheadend.nix b/nixpkgs/nixos/modules/services/networking/tvheadend.nix index 466dbbccad53..19a10a03bd9b 100644 --- a/nixpkgs/nixos/modules/services/networking/tvheadend.nix +++ b/nixpkgs/nixos/modules/services/networking/tvheadend.nix @@ -9,17 +9,17 @@ in { options = { services.tvheadend = { - enable = mkEnableOption (lib.mdDoc "Tvheadend"); + enable = mkEnableOption "Tvheadend"; httpPort = mkOption { type = types.int; default = 9981; - description = lib.mdDoc "Port to bind HTTP to."; + description = "Port to bind HTTP to."; }; htspPort = mkOption { type = types.int; default = 9982; - description = lib.mdDoc "Port to bind HTSP to."; + description = "Port to bind HTSP to."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/twingate.nix b/nixpkgs/nixos/modules/services/networking/twingate.nix index 6874b1c18b57..94339d8c217a 100644 --- a/nixpkgs/nixos/modules/services/networking/twingate.nix +++ b/nixpkgs/nixos/modules/services/networking/twingate.nix @@ -5,7 +5,7 @@ let in { options.services.twingate = { - enable = lib.mkEnableOption (lib.mdDoc "Twingate Client daemon"); + enable = lib.mkEnableOption "Twingate Client daemon"; package = lib.mkPackageOption pkgs "twingate" { }; }; diff --git a/nixpkgs/nixos/modules/services/networking/ucarp.nix b/nixpkgs/nixos/modules/services/networking/ucarp.nix index 56799fe00ade..dca99da263a8 100644 --- a/nixpkgs/nixos/modules/services/networking/ucarp.nix +++ b/nixpkgs/nixos/modules/services/networking/ucarp.nix @@ -28,34 +28,34 @@ let ); in { options.networking.ucarp = { - enable = mkEnableOption (lib.mdDoc "ucarp, userspace implementation of CARP"); + enable = mkEnableOption "ucarp, userspace implementation of CARP"; interface = mkOption { type = types.str; - description = lib.mdDoc "Network interface to bind to."; + description = "Network interface to bind to."; example = "eth0"; }; srcIp = mkOption { type = types.str; - description = lib.mdDoc "Source (real) IP address of this host."; + description = "Source (real) IP address of this host."; }; vhId = mkOption { type = types.ints.between 1 255; - description = lib.mdDoc "Virtual IP identifier shared between CARP hosts."; + description = "Virtual IP identifier shared between CARP hosts."; example = 1; }; passwordFile = mkOption { type = types.str; - description = lib.mdDoc "File containing shared password between CARP hosts."; + description = "File containing shared password between CARP hosts."; example = "/run/keys/ucarp-password"; }; preempt = mkOption { type = types.bool; - description = lib.mdDoc '' + description = '' Enable preemptive failover. Thus, this host becomes the CARP master as soon as possible. ''; @@ -64,30 +64,30 @@ in { neutral = mkOption { type = types.bool; - description = lib.mdDoc "Do not run downscript at start if the host is the backup."; + description = "Do not run downscript at start if the host is the backup."; default = false; }; addr = mkOption { type = types.str; - description = lib.mdDoc "Virtual shared IP address."; + description = "Virtual shared IP address."; }; advBase = mkOption { type = types.ints.unsigned; - description = lib.mdDoc "Advertisement frequency in seconds."; + description = "Advertisement frequency in seconds."; default = 1; }; advSkew = mkOption { type = types.ints.unsigned; - description = lib.mdDoc "Advertisement skew in seconds."; + description = "Advertisement skew in seconds."; default = 0; }; upscript = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' Command to run after become master, the interface name, virtual address and optional extra parameters are passed as arguments. ''; @@ -101,7 +101,7 @@ in { downscript = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' Command to run after become backup, the interface name, virtual address and optional extra parameters are passed as arguments. ''; @@ -115,31 +115,31 @@ in { deadratio = mkOption { type = types.ints.unsigned; - description = lib.mdDoc "Ratio to consider a host as dead."; + description = "Ratio to consider a host as dead."; default = 3; }; shutdown = mkOption { type = types.bool; - description = lib.mdDoc "Call downscript at exit."; + description = "Call downscript at exit."; default = false; }; ignoreIfState = mkOption { type = types.bool; - description = lib.mdDoc "Ignore interface state, e.g., down or no carrier."; + description = "Ignore interface state, e.g., down or no carrier."; default = false; }; noMcast = mkOption { type = types.bool; - description = lib.mdDoc "Use broadcast instead of multicast advertisements."; + description = "Use broadcast instead of multicast advertisements."; default = false; }; extraParam = mkOption { type = types.nullOr types.str; - description = lib.mdDoc "Extra parameter to pass to the up/down scripts."; + description = "Extra parameter to pass to the up/down scripts."; default = null; }; diff --git a/nixpkgs/nixos/modules/services/networking/unbound.nix b/nixpkgs/nixos/modules/services/networking/unbound.nix index 242fcd500bb0..c03912ed21fa 100644 --- a/nixpkgs/nixos/modules/services/networking/unbound.nix +++ b/nixpkgs/nixos/modules/services/networking/unbound.nix @@ -52,33 +52,33 @@ in { options = { services.unbound = { - enable = mkEnableOption (lib.mdDoc "Unbound domain name server"); + enable = mkEnableOption "Unbound domain name server"; package = mkPackageOption pkgs "unbound-with-systemd" { }; user = mkOption { type = types.str; default = "unbound"; - description = lib.mdDoc "User account under which unbound runs."; + description = "User account under which unbound runs."; }; group = mkOption { type = types.str; default = "unbound"; - description = lib.mdDoc "Group under which unbound runs."; + description = "Group under which unbound runs."; }; stateDir = mkOption { type = types.path; default = "/var/lib/unbound"; - description = lib.mdDoc "Directory holding all state for unbound to run."; + description = "Directory holding all state for unbound to run."; }; checkconf = mkOption { type = types.bool; default = !cfg.settings ? include && !cfg.settings ? remote-control; defaultText = "!services.unbound.settings ? include && !services.unbound.settings ? remote-control"; - description = lib.mdDoc '' + description = '' Wether to check the resulting config file with unbound checkconf for syntax errors. If settings.include is used, this options is disabled, as the import can likely not be accessed at build time. @@ -89,7 +89,7 @@ in { resolveLocalQueries = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether unbound should resolve local queries (i.e. add 127.0.0.1 to /etc/resolv.conf). ''; @@ -98,7 +98,7 @@ in { enableRootTrustAnchor = mkOption { default = true; type = types.bool; - description = lib.mdDoc "Use and update root trust anchor for DNSSEC validation."; + description = "Use and update root trust anchor for DNSSEC validation."; }; localControlSocketPath = mkOption { @@ -109,7 +109,7 @@ in { # but I haven't verified yet. type = types.nullOr types.str; example = "/run/unbound/unbound.ctl"; - description = lib.mdDoc '' + description = '' When not set to `null` this option defines the path at which the unbound remote control socket should be created at. The socket will be owned by the unbound user (`unbound`) @@ -169,7 +169,7 @@ in { remote-control.control-enable = true; }; ''; - description = lib.mdDoc '' + description = '' Declarative Unbound configuration See the {manpage}`unbound.conf(5)` manpage for a list of available options. diff --git a/nixpkgs/nixos/modules/services/networking/unifi.nix b/nixpkgs/nixos/modules/services/networking/unifi.nix index 8eb29f2bcdb6..38908e3d6f1d 100644 --- a/nixpkgs/nixos/modules/services/networking/unifi.nix +++ b/nixpkgs/nixos/modules/services/networking/unifi.nix @@ -22,7 +22,7 @@ in services.unifi.enable = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether or not to enable the unifi controller service. ''; }; @@ -31,7 +31,7 @@ in type = lib.types.package; default = if (lib.versionAtLeast (lib.getVersion cfg.unifiPackage) "7.5") then pkgs.jdk17_headless else if (lib.versionAtLeast (lib.getVersion cfg.unifiPackage) "7.3") then pkgs.jdk11 else pkgs.jre8; defaultText = lib.literalExpression ''if (lib.versionAtLeast (lib.getVersion cfg.unifiPackage) "7.5") then pkgs.jdk17_headless else if (lib.versionAtLeast (lib.getVersion cfg.unifiPackage) "7.3" then pkgs.jdk11 else pkgs.jre8''; - description = lib.mdDoc '' + description = '' The JRE package to use. Check the release notes to ensure it is supported. ''; }; @@ -39,10 +39,10 @@ in services.unifi.unifiPackage = lib.mkPackageOption pkgs "unifi5" { }; services.unifi.mongodbPackage = lib.mkPackageOption pkgs "mongodb" { - default = "mongodb-4_4"; + default = "mongodb-5_0"; extraDescription = '' ::: {.note} - unifi7 officially only supports mongodb up until 3.6 but works with 4.4. + unifi7 officially only supports mongodb up until 4.4 but works with 5.0. ::: ''; }; @@ -50,7 +50,7 @@ in services.unifi.openFirewall = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether or not to open the minimum required ports on the firewall. This is necessary to allow firmware upgrades and device discovery to @@ -63,7 +63,7 @@ in type = with lib.types; nullOr int; default = null; example = 1024; - description = lib.mdDoc '' + description = '' Set the initial heap size for the JVM in MB. If this option isn't set, the JVM will decide this value at runtime. ''; @@ -73,7 +73,7 @@ in type = with lib.types; nullOr int; default = null; example = 4096; - description = lib.mdDoc '' + description = '' Set the maximum heap size for the JVM in MB. If this option isn't set, the JVM will decide this value at runtime. ''; @@ -83,7 +83,7 @@ in type = with lib.types; listOf str; default = [ ]; example = lib.literalExpression ''["-Xlog:gc"]''; - description = lib.mdDoc '' + description = '' Set extra options to pass to the JVM. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/uptermd.nix b/nixpkgs/nixos/modules/services/networking/uptermd.nix index f824d617f59e..c0f8dfbba227 100644 --- a/nixpkgs/nixos/modules/services/networking/uptermd.nix +++ b/nixpkgs/nixos/modules/services/networking/uptermd.nix @@ -8,12 +8,12 @@ in { options = { services.uptermd = { - enable = mkEnableOption (lib.mdDoc "uptermd"); + enable = mkEnableOption "uptermd"; openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to open the firewall for the port in {option}`services.uptermd.port`. ''; }; @@ -21,7 +21,7 @@ in port = mkOption { type = types.port; default = 2222; - description = lib.mdDoc '' + description = '' Port the server will listen on. ''; }; @@ -30,7 +30,7 @@ in type = types.str; default = "[::]"; example = "127.0.0.1"; - description = lib.mdDoc '' + description = '' Address the server will listen on. ''; }; @@ -39,7 +39,7 @@ in type = types.nullOr types.path; default = null; example = "/run/keys/upterm_host_ed25519_key"; - description = lib.mdDoc '' + description = '' Path to SSH host key. If not defined, an ed25519 keypair is generated automatically. ''; }; @@ -48,7 +48,7 @@ in type = types.listOf types.str; default = []; example = [ "--debug" ]; - description = lib.mdDoc '' + description = '' Extra flags passed to the uptermd command. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/v2ray.nix b/nixpkgs/nixos/modules/services/networking/v2ray.nix index 3e1895fbe20c..2ee931177b69 100644 --- a/nixpkgs/nixos/modules/services/networking/v2ray.nix +++ b/nixpkgs/nixos/modules/services/networking/v2ray.nix @@ -9,7 +9,7 @@ with lib; enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to run v2ray server. Either `configFile` or `config` must be specified. @@ -22,7 +22,7 @@ with lib; type = types.nullOr types.str; default = null; example = "/etc/v2ray/config.json"; - description = lib.mdDoc '' + description = '' The absolute path to the configuration file. Either `configFile` or `config` must be specified. @@ -44,7 +44,7 @@ with lib; protocol = "freedom"; }]; }; - description = lib.mdDoc '' + description = '' The configuration object. Either `configFile` or `config` must be specified. diff --git a/nixpkgs/nixos/modules/services/networking/v2raya.nix b/nixpkgs/nixos/modules/services/networking/v2raya.nix index 0bea73798daf..aefb47bf048d 100644 --- a/nixpkgs/nixos/modules/services/networking/v2raya.nix +++ b/nixpkgs/nixos/modules/services/networking/v2raya.nix @@ -5,7 +5,7 @@ with lib; { options = { services.v2raya = { - enable = options.mkEnableOption (mdDoc "the v2rayA service"); + enable = options.mkEnableOption "the v2rayA service"; }; }; @@ -42,7 +42,7 @@ with lib; }; wantedBy = [ "multi-user.target" ]; - path = with pkgs; [ iptables bash iproute2 ]; # required by v2rayA TProxy functionality + path = with pkgs; [ iptables bash iproute2 ] ++ lib.optionals nftablesEnabled [ nftables ]; # required by v2rayA TProxy functionality }; }; diff --git a/nixpkgs/nixos/modules/services/networking/vdirsyncer.nix b/nixpkgs/nixos/modules/services/networking/vdirsyncer.nix index 165dc70f0876..10a101befa7b 100644 --- a/nixpkgs/nixos/modules/services/networking/vdirsyncer.nix +++ b/nixpkgs/nixos/modules/services/networking/vdirsyncer.nix @@ -71,15 +71,15 @@ in { options = { services.vdirsyncer = { - enable = mkEnableOption (mdDoc "vdirsyncer"); + enable = mkEnableOption "vdirsyncer"; package = mkPackageOption pkgs "vdirsyncer" {}; jobs = mkOption { - description = mdDoc "vdirsyncer job configurations"; + description = "vdirsyncer job configurations"; type = types.attrsOf (types.submodule { options = { - enable = (mkEnableOption (mdDoc "this vdirsyncer job")) // { + enable = (mkEnableOption "this vdirsyncer job") // { default = true; example = false; }; @@ -87,7 +87,7 @@ in user = mkOption { type = types.nullOr types.str; default = null; - description = mdDoc '' + description = '' User account to run vdirsyncer as, otherwise as a systemd dynamic user ''; @@ -96,19 +96,19 @@ in group = mkOption { type = types.nullOr types.str; default = null; - description = mdDoc "group to run vdirsyncer as"; + description = "group to run vdirsyncer as"; }; additionalGroups = mkOption { type = types.listOf types.str; default = []; - description = mdDoc "additional groups to add the dynamic user to"; + description = "additional groups to add the dynamic user to"; }; forceDiscover = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Run `yes | vdirsyncer discover` prior to `vdirsyncer sync` ''; }; @@ -119,13 +119,13 @@ in OnBootSec = "1h"; OnUnitActiveSec = "6h"; }; - description = mdDoc "systemd timer configuration"; + description = "systemd timer configuration"; }; configFile = mkOption { type = types.nullOr types.path; default = null; - description = mdDoc "existing configuration file"; + description = "existing configuration file"; }; config = { @@ -133,19 +133,19 @@ in type = types.nullOr types.str; default = null; defaultText = literalExpression "/var/lib/vdirsyncer/\${attrName}"; - description = mdDoc "vdirsyncer's status path"; + description = "vdirsyncer's status path"; }; general = mkOption { type = types.attrs; default = {}; - description = mdDoc "general configuration"; + description = "general configuration"; }; pairs = mkOption { type = types.attrsOf types.attrs; default = {}; - description = mdDoc "vdirsyncer pair configurations"; + description = "vdirsyncer pair configurations"; example = literalExpression '' { my_contacts = { @@ -162,7 +162,7 @@ in storages = mkOption { type = types.attrsOf types.attrs; default = {}; - description = mdDoc "vdirsyncer storage configurations"; + description = "vdirsyncer storage configurations"; example = literalExpression '' { my_cloud_contacts = { diff --git a/nixpkgs/nixos/modules/services/networking/vsftpd.nix b/nixpkgs/nixos/modules/services/networking/vsftpd.nix index 318ceb4e5094..25f950600b91 100644 --- a/nixpkgs/nixos/modules/services/networking/vsftpd.nix +++ b/nixpkgs/nixos/modules/services/networking/vsftpd.nix @@ -27,7 +27,7 @@ let type = types.bool; name = nixosName; value = mkOption { - description = lib.mdDoc description; + description = description; inherit default; type = types.bool; }; @@ -150,19 +150,19 @@ in services.vsftpd = { - enable = mkEnableOption (lib.mdDoc "vsftpd"); + enable = mkEnableOption "vsftpd"; userlist = mkOption { default = []; type = types.listOf types.str; - description = lib.mdDoc "See {option}`userlistFile`."; + description = "See {option}`userlistFile`."; }; userlistFile = mkOption { type = types.path; default = pkgs.writeText "userlist" (concatMapStrings (x: "${x}\n") cfg.userlist); defaultText = literalExpression ''pkgs.writeText "userlist" (concatMapStrings (x: "''${x}\n") cfg.userlist)''; - description = lib.mdDoc '' + description = '' Newline separated list of names to be allowed/denied if {option}`userlistEnable` is `true`. Meaning see {option}`userlistDeny`. @@ -175,7 +175,7 @@ in enableVirtualUsers = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the `pam_userdb`-based virtual user system ''; @@ -185,7 +185,7 @@ in type = types.nullOr types.str; example = "/etc/vsftpd/userDb"; default = null; - description = lib.mdDoc '' + description = '' Only applies if {option}`enableVirtualUsers` is true. Path pointing to the `pam_userdb` user database used by vsftpd to authenticate the virtual users. @@ -219,7 +219,7 @@ in type = types.nullOr types.str; default = null; example = "/var/www/$USER"; - description = lib.mdDoc '' + description = '' This option represents a directory which vsftpd will try to change into after a local (i.e. non- anonymous) login. @@ -230,7 +230,7 @@ in anonymousUserHome = mkOption { type = types.path; default = "/home/ftp/"; - description = lib.mdDoc '' + description = '' Directory to consider the HOME of the anonymous user. ''; }; @@ -238,27 +238,27 @@ in rsaCertFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc "RSA certificate file."; + description = "RSA certificate file."; }; rsaKeyFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc "RSA private key file."; + description = "RSA private key file."; }; anonymousUmask = mkOption { type = types.str; default = "077"; example = "002"; - description = lib.mdDoc "Anonymous write umask."; + description = "Anonymous write umask."; }; extraConfig = mkOption { type = types.lines; default = ""; example = "ftpd_banner=Hello"; - description = lib.mdDoc "Extra configuration to add at the bottom of the generated configuration file."; + description = "Extra configuration to add at the bottom of the generated configuration file."; }; } // (listToAttrs (catAttrs "nixosOption" optionDescription)); diff --git a/nixpkgs/nixos/modules/services/networking/wasabibackend.nix b/nixpkgs/nixos/modules/services/networking/wasabibackend.nix index e3a48afd2a2c..89431ae9b419 100644 --- a/nixpkgs/nixos/modules/services/networking/wasabibackend.nix +++ b/nixpkgs/nixos/modules/services/networking/wasabibackend.nix @@ -29,37 +29,37 @@ in { options = { services.wasabibackend = { - enable = mkEnableOption (lib.mdDoc "Wasabi backend service"); + enable = mkEnableOption "Wasabi backend service"; dataDir = mkOption { type = types.path; default = "/var/lib/wasabibackend"; - description = lib.mdDoc "The data directory for the Wasabi backend node."; + description = "The data directory for the Wasabi backend node."; }; customConfigFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc "Defines the path to a custom configuration file that is copied to the user's directory. Overrides any config options."; + description = "Defines the path to a custom configuration file that is copied to the user's directory. Overrides any config options."; }; network = mkOption { type = types.enum [ "mainnet" "testnet" "regtest" ]; default = "mainnet"; - description = lib.mdDoc "The network to use for the Wasabi backend service."; + description = "The network to use for the Wasabi backend service."; }; endpoint = { ip = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc "IP address for P2P connection to bitcoind."; + description = "IP address for P2P connection to bitcoind."; }; port = mkOption { type = types.port; default = 8333; - description = lib.mdDoc "Port for P2P connection to bitcoind."; + description = "Port for P2P connection to bitcoind."; }; }; @@ -67,45 +67,45 @@ in { ip = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc "IP address for RPC connection to bitcoind."; + description = "IP address for RPC connection to bitcoind."; }; port = mkOption { type = types.port; default = 8332; - description = lib.mdDoc "Port for RPC connection to bitcoind."; + description = "Port for RPC connection to bitcoind."; }; user = mkOption { type = types.str; default = "bitcoin"; - description = lib.mdDoc "RPC user for the bitcoin endpoint."; + description = "RPC user for the bitcoin endpoint."; }; password = mkOption { type = types.str; default = "password"; - description = lib.mdDoc "RPC password for the bitcoin endpoint. Warning: this is stored in cleartext in the Nix store! Use `configFile` or `passwordFile` if needed."; + description = "RPC password for the bitcoin endpoint. Warning: this is stored in cleartext in the Nix store! Use `configFile` or `passwordFile` if needed."; }; passwordFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc "File that contains the password of the RPC user."; + description = "File that contains the password of the RPC user."; }; }; user = mkOption { type = types.str; default = "wasabibackend"; - description = lib.mdDoc "The user as which to run the wasabibackend node."; + description = "The user as which to run the wasabibackend node."; }; group = mkOption { type = types.str; default = cfg.user; defaultText = literalExpression "config.${opt.user}"; - description = lib.mdDoc "The group as which to run the wasabibackend node."; + description = "The group as which to run the wasabibackend node."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/webhook.nix b/nixpkgs/nixos/modules/services/networking/webhook.nix index b020db6961c3..3c24bd9849f4 100644 --- a/nixpkgs/nixos/modules/services/networking/webhook.nix +++ b/nixpkgs/nixos/modules/services/networking/webhook.nix @@ -14,13 +14,13 @@ let id = mkOption { type = types.str; default = name; - description = mdDoc '' + description = '' The ID of your hook. This value is used to create the HTTP endpoint (`protocol://yourserver:port/prefix/''${id}`). ''; }; execute-command = mkOption { type = types.str; - description = mdDoc "The command that should be executed when the hook is triggered."; + description = "The command that should be executed when the hook is triggered."; }; }; }); @@ -31,16 +31,16 @@ let in { options = { services.webhook = { - enable = mkEnableOption (mdDoc '' + enable = mkEnableOption '' [Webhook](https://github.com/adnanh/webhook), a server written in Go that allows you to create HTTP endpoints (hooks), which execute configured commands for any person or service that knows the URL - ''); + ''; package = mkPackageOption pkgs "webhook" {}; user = mkOption { type = types.str; default = defaultUser; - description = mdDoc '' + description = '' Webhook will be run under this user. If set, you must create this user yourself! @@ -49,7 +49,7 @@ in { group = mkOption { type = types.str; default = defaultUser; - description = mdDoc '' + description = '' Webhook will be run under this group. If set, you must create this group yourself! @@ -58,7 +58,7 @@ in { ip = mkOption { type = types.str; default = "0.0.0.0"; - description = mdDoc '' + description = '' The IP webhook should serve hooks on. The default means it can be reached on any interface if `openFirewall = true`. @@ -67,12 +67,12 @@ in { port = mkOption { type = types.port; default = 9000; - description = mdDoc "The port webhook should be reachable from."; + description = "The port webhook should be reachable from."; }; openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Open the configured port in the firewall for external ingress traffic. Preferably the Webhook server is instead put behind a reverse proxy. ''; @@ -81,7 +81,7 @@ in { type = types.bool; default = cfg.hooksTemplated != {}; defaultText = literalExpression "hooksTemplated != {}"; - description = mdDoc '' + description = '' Enable the generated hooks file to be parsed as a Go template. See [the documentation](https://github.com/adnanh/webhook/blob/master/docs/Templates.md) for more information. ''; @@ -89,7 +89,7 @@ in { urlPrefix = mkOption { type = types.str; default = "hooks"; - description = mdDoc '' + description = '' The URL path prefix to use for served hooks (`protocol://yourserver:port/''${prefix}/hook-id`). ''; }; @@ -106,7 +106,7 @@ in { command-working-directory = "/var/webhook"; }; }; - description = mdDoc '' + description = '' The actual configuration of which hooks will be served. Read more on the [project homepage] and on the [hook definition] page. @@ -128,7 +128,7 @@ in { } ''; }; - description = mdDoc '' + description = '' Same as {option}`hooks`, but these hooks are specified as literal strings instead of Nix values, and hence can include [template syntax](https://github.com/adnanh/webhook/blob/master/docs/Templates.md) which might not be representable as JSON. @@ -140,13 +140,13 @@ in { verbose = mkOption { type = types.bool; default = true; - description = mdDoc "Whether to show verbose output."; + description = "Whether to show verbose output."; }; extraArgs = mkOption { type = types.listOf types.str; default = []; example = [ "-secure" ]; - description = mdDoc '' + description = '' These are arguments passed to the webhook command in the systemd service. You can find the available arguments and options in the [documentation][parameters]. @@ -156,7 +156,7 @@ in { environment = mkOption { type = types.attrsOf types.str; default = {}; - description = mdDoc "Extra environment variables passed to webhook."; + description = "Extra environment variables passed to webhook."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/websockify.nix b/nixpkgs/nixos/modules/services/networking/websockify.nix index 27ad8953d3fa..41336000b0ad 100644 --- a/nixpkgs/nixos/modules/services/networking/websockify.nix +++ b/nixpkgs/nixos/modules/services/networking/websockify.nix @@ -6,7 +6,7 @@ let cfg = config.services.networking.websockify; in { options = { services.networking.websockify = { enable = mkOption { - description = lib.mdDoc "Whether to enable websockify to forward websocket connections to TCP connections."; + description = "Whether to enable websockify to forward websocket connections to TCP connections."; default = false; @@ -14,19 +14,19 @@ let cfg = config.services.networking.websockify; in { }; sslCert = mkOption { - description = lib.mdDoc "Path to the SSL certificate."; + description = "Path to the SSL certificate."; type = types.path; }; sslKey = mkOption { - description = lib.mdDoc "Path to the SSL key."; + description = "Path to the SSL key."; default = cfg.sslCert; defaultText = literalExpression "config.services.networking.websockify.sslCert"; type = types.path; }; portMap = mkOption { - description = lib.mdDoc "Ports to map by default."; + description = "Ports to map by default."; default = {}; type = types.attrsOf types.int; }; diff --git a/nixpkgs/nixos/modules/services/networking/wg-netmanager.nix b/nixpkgs/nixos/modules/services/networking/wg-netmanager.nix index b260c573726b..493ff7ceba9f 100644 --- a/nixpkgs/nixos/modules/services/networking/wg-netmanager.nix +++ b/nixpkgs/nixos/modules/services/networking/wg-netmanager.nix @@ -9,7 +9,7 @@ in options = { services.wg-netmanager = { - enable = mkEnableOption (lib.mdDoc "Wireguard network manager"); + enable = mkEnableOption "Wireguard network manager"; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/wg-quick.nix b/nixpkgs/nixos/modules/services/networking/wg-quick.nix index 68e0e06d0469..2062f2806d79 100644 --- a/nixpkgs/nixos/modules/services/networking/wg-quick.nix +++ b/nixpkgs/nixos/modules/services/networking/wg-quick.nix @@ -15,7 +15,7 @@ let example = "/secret/wg0.conf"; default = null; type = with types; nullOr str; - description = lib.mdDoc '' + description = '' wg-quick .conf file, describing the interface. Using this option can be a useful means of configuring WireGuard if one has an existing .conf file. @@ -28,11 +28,11 @@ let example = [ "192.168.2.1/24" ]; default = []; type = with types; listOf str; - description = lib.mdDoc "The IP addresses of the interface."; + description = "The IP addresses of the interface."; }; autostart = mkOption { - description = lib.mdDoc "Whether to bring up this interface automatically during boot."; + description = "Whether to bring up this interface automatically during boot."; default = true; example = false; type = types.bool; @@ -42,14 +42,14 @@ let example = [ "192.168.2.2" ]; default = []; type = with types; listOf str; - description = lib.mdDoc "The IP addresses of DNS servers to configure."; + description = "The IP addresses of DNS servers to configure."; }; privateKey = mkOption { example = "yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk="; type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Base64 private key generated by {command}`wg genkey`. Warning: Consider using privateKeyFile instead if you do not @@ -61,7 +61,7 @@ let example = "/private/wireguard_key"; type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Private key file as generated by {command}`wg genkey`. ''; }; @@ -70,7 +70,7 @@ let default = null; type = with types; nullOr int; example = 51820; - description = lib.mdDoc '' + description = '' 16-bit port for listening. Optional; if not specified, automatically generated based on interface name. ''; @@ -80,7 +80,7 @@ let example = literalExpression ''"''${pkgs.iproute2}/bin/ip netns add foo"''; default = ""; type = with types; coercedTo (listOf str) (concatStringsSep "\n") lines; - description = lib.mdDoc '' + description = '' Commands called at the start of the interface setup. ''; }; @@ -89,7 +89,7 @@ let example = literalExpression ''"''${pkgs.iproute2}/bin/ip netns del foo"''; default = ""; type = with types; coercedTo (listOf str) (concatStringsSep "\n") lines; - description = lib.mdDoc '' + description = '' Command called before the interface is taken down. ''; }; @@ -98,7 +98,7 @@ let example = literalExpression ''"''${pkgs.iproute2}/bin/ip netns add foo"''; default = ""; type = with types; coercedTo (listOf str) (concatStringsSep "\n") lines; - description = lib.mdDoc '' + description = '' Commands called after the interface setup. ''; }; @@ -107,7 +107,7 @@ let example = literalExpression ''"''${pkgs.iproute2}/bin/ip netns del foo"''; default = ""; type = with types; coercedTo (listOf str) (concatStringsSep "\n") lines; - description = lib.mdDoc '' + description = '' Command called after the interface is taken down. ''; }; @@ -116,7 +116,7 @@ let example = "main"; default = null; type = with types; nullOr str; - description = lib.mdDoc '' + description = '' The kernel routing table to add this interface's associated routes to. Setting this is useful for e.g. policy routing ("ip rule") or virtual routing and forwarding ("ip vrf"). Both @@ -129,7 +129,7 @@ let example = 1248; default = null; type = with types; nullOr int; - description = lib.mdDoc '' + description = '' If not specified, the MTU is automatically determined from the endpoint addresses or the system default route, which is usually a sane choice. However, to manually specify an MTU to override this @@ -139,7 +139,7 @@ let peers = mkOption { default = []; - description = lib.mdDoc "Peers linked to the interface."; + description = "Peers linked to the interface."; type = with types; listOf (submodule peerOpts); }; }; @@ -152,14 +152,14 @@ let publicKey = mkOption { example = "xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg="; type = types.str; - description = lib.mdDoc "The base64 public key to the peer."; + description = "The base64 public key to the peer."; }; presharedKey = mkOption { default = null; example = "rVXs/Ni9tu3oDBLS4hOyAUAa1qTWVA3loR8eL20os3I="; type = with types; nullOr str; - description = lib.mdDoc '' + description = '' Base64 preshared key generated by {command}`wg genpsk`. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing @@ -174,7 +174,7 @@ let default = null; example = "/private/wireguard_psk"; type = with types; nullOr str; - description = lib.mdDoc '' + description = '' File pointing to preshared key as generated by {command}`wg genpsk`. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing @@ -185,7 +185,7 @@ let allowedIPs = mkOption { example = [ "10.192.122.3/32" "10.192.124.1/24" ]; type = with types; listOf str; - description = lib.mdDoc ''List of IP (v4 or v6) addresses with CIDR masks from + description = ''List of IP (v4 or v6) addresses with CIDR masks from which this peer is allowed to send incoming traffic and to which outgoing traffic for this peer is directed. The catch-all 0.0.0.0/0 may be specified for matching all IPv4 addresses, and ::/0 may be specified @@ -196,7 +196,7 @@ let default = null; example = "demo.wireguard.io:12913"; type = with types; nullOr str; - description = lib.mdDoc ''Endpoint IP or hostname of the peer, followed by a colon, + description = ''Endpoint IP or hostname of the peer, followed by a colon, and then a port number of the peer.''; }; @@ -204,7 +204,7 @@ let default = null; type = with types; nullOr int; example = 25; - description = lib.mdDoc ''This is optional and is by default off, because most + description = ''This is optional and is by default off, because most users will not need it. It represents, in seconds, between 1 and 65535 inclusive, how often to send an authenticated empty packet to the peer, for the purpose of keeping a stateful firewall or NAT mapping valid @@ -310,7 +310,7 @@ in { options = { networking.wg-quick = { interfaces = mkOption { - description = lib.mdDoc "Wireguard interfaces."; + description = "Wireguard interfaces."; default = {}; example = { wg0 = { diff --git a/nixpkgs/nixos/modules/services/networking/wgautomesh.nix b/nixpkgs/nixos/modules/services/networking/wgautomesh.nix index 094281403f73..c66e3e376343 100644 --- a/nixpkgs/nixos/modules/services/networking/wgautomesh.nix +++ b/nixpkgs/nixos/modules/services/networking/wgautomesh.nix @@ -21,20 +21,20 @@ let in { options.services.wgautomesh = { - enable = mkEnableOption (mdDoc "the wgautomesh daemon"); + enable = mkEnableOption "the wgautomesh daemon"; logLevel = mkOption { type = types.enum [ "trace" "debug" "info" "warn" "error" ]; default = "info"; - description = mdDoc "wgautomesh log level."; + description = "wgautomesh log level."; }; enableGossipEncryption = mkOption { type = types.bool; default = true; - description = mdDoc "Enable encryption of gossip traffic."; + description = "Enable encryption of gossip traffic."; }; gossipSecretFile = mkOption { type = types.path; - description = mdDoc '' + description = '' File containing the gossip secret, a shared secret key to use for gossip encryption. Required if `enableGossipEncryption` is set. This file may contain any arbitrary-length utf8 string. To generate a new gossip @@ -44,12 +44,12 @@ in enablePersistence = mkOption { type = types.bool; default = true; - description = mdDoc "Enable persistence of Wireguard peer info between restarts."; + description = "Enable persistence of Wireguard peer info between restarts."; }; openFirewall = mkOption { type = types.bool; default = true; - description = mdDoc "Automatically open gossip port in firewall (recommended)."; + description = "Automatically open gossip port in firewall (recommended)."; }; settings = mkOption { type = types.submodule { @@ -58,7 +58,7 @@ in interface = mkOption { type = types.str; - description = mdDoc '' + description = '' Wireguard interface to manage (it is NOT created by wgautomesh, you should use another NixOS option to create it such as `networking.wireguard.interfaces.wg0 = {...};`). @@ -67,7 +67,7 @@ in }; gossip_port = mkOption { type = types.port; - description = mdDoc '' + description = '' wgautomesh gossip port, this MUST be the same number on all nodes in the wgautomesh network. ''; @@ -76,12 +76,12 @@ in lan_discovery = mkOption { type = types.bool; default = true; - description = mdDoc "Enable discovery of peers on the same LAN using UDP broadcast."; + description = "Enable discovery of peers on the same LAN using UDP broadcast."; }; upnp_forward_external_port = mkOption { type = types.nullOr types.port; default = null; - description = mdDoc '' + description = '' Public port number to try to redirect to this machine's Wireguard daemon using UPnP IGD. ''; @@ -91,11 +91,11 @@ in options = { pubkey = mkOption { type = types.str; - description = mdDoc "Wireguard public key of this peer."; + description = "Wireguard public key of this peer."; }; address = mkOption { type = types.str; - description = mdDoc '' + description = '' Wireguard address of this peer (a single IP address, multiple addresses or address ranges are not supported). ''; @@ -103,7 +103,7 @@ in }; endpoint = mkOption { type = types.nullOr types.str; - description = mdDoc '' + description = '' Bootstrap endpoint for connecting to this Wireguard peer if no other address is known or none are working. ''; @@ -113,13 +113,13 @@ in }; }); default = [ ]; - description = mdDoc "wgautomesh peer list."; + description = "wgautomesh peer list."; }; }; }; default = { }; - description = mdDoc "Configuration for wgautomesh."; + description = "Configuration for wgautomesh."; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/wireguard.nix b/nixpkgs/nixos/modules/services/networking/wireguard.nix index d36be87daf60..3f68af3a86c9 100644 --- a/nixpkgs/nixos/modules/services/networking/wireguard.nix +++ b/nixpkgs/nixos/modules/services/networking/wireguard.nix @@ -19,14 +19,14 @@ let example = [ "192.168.2.1/24" ]; default = []; type = with types; listOf str; - description = lib.mdDoc "The IP addresses of the interface."; + description = "The IP addresses of the interface."; }; privateKey = mkOption { example = "yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk="; type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Base64 private key generated by {command}`wg genkey`. Warning: Consider using privateKeyFile instead if you do not @@ -37,7 +37,7 @@ let generatePrivateKeyFile = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Automatically generate a private key with {command}`wg genkey`, at the privateKeyFile location. ''; @@ -47,7 +47,7 @@ let example = "/private/wireguard_key"; type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Private key file as generated by {command}`wg genkey`. ''; }; @@ -56,7 +56,7 @@ let default = null; type = with types; nullOr int; example = 51820; - description = lib.mdDoc '' + description = '' 16-bit port for listening. Optional; if not specified, automatically generated based on interface name. ''; @@ -66,7 +66,7 @@ let example = literalExpression ''"''${pkgs.iproute2}/bin/ip netns add foo"''; default = ""; type = with types; coercedTo (listOf str) (concatStringsSep "\n") lines; - description = lib.mdDoc '' + description = '' Commands called at the start of the interface setup. ''; }; @@ -77,20 +77,20 @@ let ''; default = ""; type = with types; coercedTo (listOf str) (concatStringsSep "\n") lines; - description = lib.mdDoc "Commands called at the end of the interface setup."; + description = "Commands called at the end of the interface setup."; }; postShutdown = mkOption { example = literalExpression ''"''${pkgs.openresolv}/bin/resolvconf -d wg0"''; default = ""; type = with types; coercedTo (listOf str) (concatStringsSep "\n") lines; - description = lib.mdDoc "Commands called after shutting down the interface."; + description = "Commands called after shutting down the interface."; }; table = mkOption { default = "main"; type = types.str; - description = lib.mdDoc '' + description = '' The kernel routing table to add this interface's associated routes to. Setting this is useful for e.g. policy routing ("ip rule") or virtual routing and forwarding ("ip vrf"). Both @@ -101,7 +101,7 @@ let peers = mkOption { default = []; - description = lib.mdDoc "Peers linked to the interface."; + description = "Peers linked to the interface."; type = with types; listOf (submodule peerOpts); }; @@ -109,7 +109,7 @@ let example = false; default = true; type = types.bool; - description = lib.mdDoc '' + description = '' Determines whether to add allowed IPs as routes or not. ''; }; @@ -118,7 +118,7 @@ let default = null; type = with types; nullOr str; example = "container"; - description = lib.mdDoc ''The pre-existing network namespace in which the + description = ''The pre-existing network namespace in which the WireGuard interface is created, and which retains the socket even if the interface is moved via {option}`interfaceNamespace`. When `null`, the interface is created in the init namespace. @@ -130,7 +130,7 @@ let default = null; type = with types; nullOr str; example = "init"; - description = lib.mdDoc ''The pre-existing network namespace the WireGuard + description = ''The pre-existing network namespace the WireGuard interface is moved to. The special value `init` means the init namespace. When `null`, the interface is not moved. @@ -142,7 +142,7 @@ let default = null; type = with types; nullOr str; example = "0x6e6978"; - description = lib.mdDoc '' + description = '' Mark all wireguard packets originating from this interface with the given firewall mark. The firewall mark can be used in firewalls or policy routing to filter the wireguard packets. @@ -156,7 +156,7 @@ let default = null; type = with types; nullOr int; example = 1280; - description = lib.mdDoc '' + description = '' Set the maximum transmission unit in bytes for the wireguard interface. Beware that the wireguard packets have a header that may add up to 80 bytes to the mtu. By default, the MTU is (1500 - 80) = @@ -169,7 +169,7 @@ let default = null; type = with types; nullOr int; example = 700; - description = lib.mdDoc '' + description = '' Set the metric of routes related to this Wireguard interface. ''; }; @@ -192,20 +192,20 @@ let defaultText = literalExpression "publicKey"; example = "bernd"; type = types.str; - description = lib.mdDoc "Name used to derive peer unit name."; + description = "Name used to derive peer unit name."; }; publicKey = mkOption { example = "xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg="; type = types.singleLineStr; - description = lib.mdDoc "The base64 public key of the peer."; + description = "The base64 public key of the peer."; }; presharedKey = mkOption { default = null; example = "rVXs/Ni9tu3oDBLS4hOyAUAa1qTWVA3loR8eL20os3I="; type = with types; nullOr str; - description = lib.mdDoc '' + description = '' Base64 preshared key generated by {command}`wg genpsk`. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing @@ -220,7 +220,7 @@ let default = null; example = "/private/wireguard_psk"; type = with types; nullOr str; - description = lib.mdDoc '' + description = '' File pointing to preshared key as generated by {command}`wg genpsk`. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing @@ -231,7 +231,7 @@ let allowedIPs = mkOption { example = [ "10.192.122.3/32" "10.192.124.1/24" ]; type = with types; listOf str; - description = lib.mdDoc ''List of IP (v4 or v6) addresses with CIDR masks from + description = ''List of IP (v4 or v6) addresses with CIDR masks from which this peer is allowed to send incoming traffic and to which outgoing traffic for this peer is directed. The catch-all 0.0.0.0/0 may be specified for matching all IPv4 addresses, and ::/0 may be specified @@ -242,7 +242,7 @@ let default = null; example = "demo.wireguard.io:12913"; type = with types; nullOr str; - description = lib.mdDoc '' + description = '' Endpoint IP or hostname of the peer, followed by a colon, and then a port number of the peer. @@ -263,7 +263,7 @@ let default = 0; example = 5; type = with types; int; - description = lib.mdDoc '' + description = '' Periodically re-execute the `wg` utility every this many seconds in order to let WireGuard notice DNS / hostname changes. @@ -276,7 +276,7 @@ let default = null; example = 5; type = with types; nullOr ints.unsigned; - description = lib.mdDoc '' + description = '' When the dynamic endpoint refresh that is configured via dynamicEndpointRefreshSeconds exits (likely due to a failure), restart that service after this many seconds. @@ -291,7 +291,7 @@ let default = null; type = with types; nullOr int; example = 25; - description = lib.mdDoc ''This is optional and is by default off, because most + description = ''This is optional and is by default off, because most users will not need it. It represents, in seconds, between 1 and 65535 inclusive, how often to send an authenticated empty packet to the peer, for the purpose of keeping a stateful firewall or NAT mapping valid @@ -519,7 +519,7 @@ in networking.wireguard = { enable = mkOption { - description = lib.mdDoc '' + description = '' Whether to enable WireGuard. Please note that {option}`systemd.network.netdevs` has more features @@ -534,7 +534,7 @@ in }; interfaces = mkOption { - description = lib.mdDoc '' + description = '' WireGuard interfaces. Please note that {option}`systemd.network.netdevs` has more features diff --git a/nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix b/nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix index 4586550ed75e..435cd530c18d 100644 --- a/nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix +++ b/nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix @@ -124,11 +124,20 @@ let fi ''} + # ensure wpa_supplicant.conf exists, or the daemon will fail to start + ${optionalString cfg.allowAuxiliaryImperativeNetworks '' + touch /etc/wpa_supplicant.conf + ''} + # substitute environment variables if [ -f "${configFile}" ]; then ${pkgs.gawk}/bin/awk '{ - for(varname in ENVIRON) - gsub("@"varname"@", ENVIRON[varname]) + for(varname in ENVIRON) { + find = "@"varname"@" + repl = ENVIRON[varname] + if (i = index($0, find)) + $0 = substr($0, 1, i-1) repl substr($0, i+length(find)) + } print }' "${configFile}" > "${finalConfig}" else @@ -172,13 +181,13 @@ let in { options = { networking.wireless = { - enable = mkEnableOption (lib.mdDoc "wpa_supplicant"); + enable = mkEnableOption "wpa_supplicant"; interfaces = mkOption { type = types.listOf types.str; default = []; example = [ "wlan0" "wlan1" ]; - description = lib.mdDoc '' + description = '' The interfaces {command}`wpa_supplicant` will use. If empty, it will automatically use all wireless interfaces. @@ -191,11 +200,11 @@ in { driver = mkOption { type = types.str; default = "nl80211,wext"; - description = lib.mdDoc "Force a specific wpa_supplicant driver."; + description = "Force a specific wpa_supplicant driver."; }; - allowAuxiliaryImperativeNetworks = mkEnableOption (lib.mdDoc "support for imperative & declarative networks") // { - description = lib.mdDoc '' + allowAuxiliaryImperativeNetworks = mkEnableOption "support for imperative & declarative networks" // { + description = '' Whether to allow configuring networks "imperatively" (e.g. via `wpa_supplicant_gui`) and declaratively via [](#opt-networking.wireless.networks). @@ -207,7 +216,7 @@ in { scanOnLowSignal = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to periodically scan for (better) networks when the signal of the current one is low. This will make roaming between access points faster, but will consume more power. @@ -217,7 +226,7 @@ in { fallbackToWPA2 = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to fall back to WPA2 authentication protocols if WPA3 failed. This allows old wireless cards (that lack recent features required by WPA3) to connect to mixed WPA2/WPA3 access points. @@ -230,7 +239,7 @@ in { type = types.nullOr types.path; default = null; example = "/run/secrets/wireless.env"; - description = lib.mdDoc '' + description = '' File consisting of lines of the form `varname=value` to define variables for the wireless configuration. @@ -268,7 +277,7 @@ in { psk = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The network's pre-shared key in plaintext defaulting to being a network without any authentication. @@ -286,7 +295,7 @@ in { pskRaw = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The network's pre-shared key in hex defaulting to being a network without any authentication. @@ -337,7 +346,7 @@ in { "OWE" "DPP" ]); - description = lib.mdDoc '' + description = '' The list of authentication protocols accepted by this network. This corresponds to the `key_mgmt` option in wpa_supplicant. ''; @@ -351,7 +360,7 @@ in { identity="user@example.com" password="@EXAMPLE_PASSWORD@" ''; - description = lib.mdDoc '' + description = '' Use this option to configure advanced authentication methods like EAP. See {manpage}`wpa_supplicant.conf(5)` @@ -372,7 +381,7 @@ in { hidden = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Set this to `true` if the SSID of the network is hidden. ''; example = literalExpression '' @@ -387,7 +396,7 @@ in { priority = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' By default, all networks will get same priority group (0). If some of the networks are more desirable, this field can be used to change the order in which wpa_supplicant goes through the networks when selecting a BSS. The @@ -404,7 +413,7 @@ in { example = '' bssid_blacklist=02:11:22:33:44:55 02:22:aa:44:55:66 ''; - description = lib.mdDoc '' + description = '' Extra configuration lines appended to the network block. See {manpage}`wpa_supplicant.conf(5)` @@ -414,7 +423,7 @@ in { }; }); - description = lib.mdDoc '' + description = '' The network definitions to automatically connect to when {command}`wpa_supplicant` is running. If this parameter is left empty wpa_supplicant will use @@ -443,7 +452,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Allow normal users to control wpa_supplicant through wpa_gui or wpa_cli. This is useful for laptop users that switch networks a lot and don't want to depend on a large package such as NetworkManager just to pick nearby @@ -458,7 +467,7 @@ in { type = types.str; default = "wheel"; example = "network"; - description = lib.mdDoc "Members of this group can control wpa_supplicant."; + description = "Members of this group can control wpa_supplicant."; }; }; @@ -466,7 +475,7 @@ in { type = types.bool; default = lib.length cfg.interfaces < 2; defaultText = literalExpression "length config.${opt.interfaces} < 2"; - description = lib.mdDoc '' + description = '' Whether to enable the DBus control interface. This is only needed when using NetworkManager or connman. ''; @@ -478,7 +487,7 @@ in { example = '' p2p_disabled=1 ''; - description = lib.mdDoc '' + description = '' Extra lines appended to the configuration file. See {manpage}`wpa_supplicant.conf(5)` diff --git a/nixpkgs/nixos/modules/services/networking/wstunnel.nix b/nixpkgs/nixos/modules/services/networking/wstunnel.nix index 2762c85651f4..efb65aead116 100644 --- a/nixpkgs/nixos/modules/services/networking/wstunnel.nix +++ b/nixpkgs/nixos/modules/services/networking/wstunnel.nix @@ -10,11 +10,11 @@ let hostPortSubmodule = { options = { host = mkOption { - description = mdDoc "The hostname."; + description = "The hostname."; type = types.str; }; port = mkOption { - description = mdDoc "The port."; + description = "The port."; type = types.port; }; }; @@ -22,7 +22,7 @@ let localRemoteSubmodule = { options = { local = mkOption { - description = mdDoc "Local address and port to listen on."; + description = "Local address and port to listen on."; type = types.submodule hostPortSubmodule; example = { host = "127.0.0.1"; @@ -30,7 +30,7 @@ let }; }; remote = mkOption { - description = mdDoc "Address and port on remote to forward traffic to."; + description = "Address and port on remote to forward traffic to."; type = types.submodule hostPortSubmodule; example = { host = "127.0.0.1"; @@ -43,7 +43,7 @@ let localRemoteToString = { local, remote }: utils.escapeSystemdExecArg "${hostPortToString local}:${hostPortToString remote}"; commonOptions = { enable = mkOption { - description = mdDoc "Whether to enable this `wstunnel` instance."; + description = "Whether to enable this `wstunnel` instance."; type = types.bool; default = true; }; @@ -51,13 +51,13 @@ let package = mkPackageOption pkgs "wstunnel" {}; autoStart = mkOption { - description = mdDoc "Whether this tunnel server should be started automatically."; + description = "Whether this tunnel server should be started automatically."; type = types.bool; default = true; }; extraArgs = mkOption { - description = mdDoc "Extra command line arguments to pass to `wstunnel`. Attributes of the form `argName = true;` will be translated to `--argName`, and `argName = \"value\"` to `--argName=value`."; + description = "Extra command line arguments to pass to `wstunnel`. Attributes of the form `argName = true;` will be translated to `--argName`, and `argName = \"value\"` to `--argName=value`."; type = with types; attrsOf (either str bool); default = {}; example = { @@ -67,13 +67,13 @@ let }; verboseLogging = mkOption { - description = mdDoc "Enable verbose logging."; + description = "Enable verbose logging."; type = types.bool; default = false; }; environmentFile = mkOption { - description = mdDoc "Environment file to be passed to the systemd service. Useful for passing secrets to the service to prevent them from being world-readable in the Nix store. Note however that the secrets are passed to `wstunnel` through the command line, which makes them locally readable for all users of the system at runtime."; + description = "Environment file to be passed to the systemd service. Useful for passing secrets to the service to prevent them from being world-readable in the Nix store. Note however that the secrets are passed to `wstunnel` through the command line, which makes them locally readable for all users of the system at runtime."; type = types.nullOr types.path; default = null; example = "/var/lib/secrets/wstunnelSecrets"; @@ -83,7 +83,7 @@ let serverSubmodule = { config, ...}: { options = commonOptions // { listen = mkOption { - description = mdDoc "Address and port to listen on. Setting the port to a value below 1024 will also give the process the required `CAP_NET_BIND_SERVICE` capability."; + description = "Address and port to listen on. Setting the port to a value below 1024 will also give the process the required `CAP_NET_BIND_SERVICE` capability."; type = types.submodule hostPortSubmodule; default = { host = "0.0.0.0"; @@ -98,7 +98,7 @@ let }; restrictTo = mkOption { - description = mdDoc "Accepted traffic will be forwarded only to this service. Set to `null` to allow forwarding to arbitrary addresses."; + description = "Accepted traffic will be forwarded only to this service. Set to `null` to allow forwarding to arbitrary addresses."; type = types.nullOr (types.submodule hostPortSubmodule); example = { host = "127.0.0.1"; @@ -107,27 +107,27 @@ let }; enableHTTPS = mkOption { - description = mdDoc "Use HTTPS for the tunnel server."; + description = "Use HTTPS for the tunnel server."; type = types.bool; default = true; }; tlsCertificate = mkOption { - description = mdDoc "TLS certificate to use instead of the hardcoded one in case of HTTPS connections. Use together with `tlsKey`."; + description = "TLS certificate to use instead of the hardcoded one in case of HTTPS connections. Use together with `tlsKey`."; type = types.nullOr types.path; default = null; example = "/var/lib/secrets/cert.pem"; }; tlsKey = mkOption { - description = mdDoc "TLS key to use instead of the hardcoded on in case of HTTPS connections. Use together with `tlsCertificate`."; + description = "TLS key to use instead of the hardcoded on in case of HTTPS connections. Use together with `tlsCertificate`."; type = types.nullOr types.path; default = null; example = "/var/lib/secrets/key.pem"; }; useACMEHost = mkOption { - description = mdDoc "Use a certificate generated by the NixOS ACME module for the given host. Note that this will not generate a new certificate - you will need to do so with `security.acme.certs`."; + description = "Use a certificate generated by the NixOS ACME module for the given host. Note that this will not generate a new certificate - you will need to do so with `security.acme.certs`."; type = types.nullOr types.str; default = null; example = "example.com"; @@ -137,7 +137,7 @@ let clientSubmodule = { config, ... }: { options = commonOptions // { connectTo = mkOption { - description = mdDoc "Server address and port to connect to."; + description = "Server address and port to connect to."; type = types.submodule hostPortSubmodule; example = { host = "example.com"; @@ -145,13 +145,13 @@ let }; enableHTTPS = mkOption { - description = mdDoc "Enable HTTPS when connecting to the server."; + description = "Enable HTTPS when connecting to the server."; type = types.bool; default = true; }; localToRemote = mkOption { - description = mdDoc "Local hosts and ports to listen on, plus the hosts and ports on remote to forward traffic to. Setting a local port to a value less than 1024 will additionally give the process the required CAP_NET_BIND_SERVICE capability."; + description = "Local hosts and ports to listen on, plus the hosts and ports on remote to forward traffic to. Setting a local port to a value less than 1024 will additionally give the process the required CAP_NET_BIND_SERVICE capability."; type = types.listOf (types.submodule localRemoteSubmodule); default = []; example = [ { @@ -167,7 +167,7 @@ let }; dynamicToRemote = mkOption { - description = mdDoc "Host and port for the SOCKS5 proxy to dynamically forward traffic to. Leave this at `null` to disable the SOCKS5 proxy. Setting the port to a value less than 1024 will additionally give the service the required CAP_NET_BIND_SERVICE capability."; + description = "Host and port for the SOCKS5 proxy to dynamically forward traffic to. Leave this at `null` to disable the SOCKS5 proxy. Setting the port to a value less than 1024 will additionally give the service the required CAP_NET_BIND_SERVICE capability."; type = types.nullOr (types.submodule hostPortSubmodule); default = null; example = { @@ -177,19 +177,19 @@ let }; udp = mkOption { - description = mdDoc "Whether to forward UDP instead of TCP traffic."; + description = "Whether to forward UDP instead of TCP traffic."; type = types.bool; default = false; }; udpTimeout = mkOption { - description = mdDoc "When using UDP forwarding, timeout in seconds after which the tunnel connection is closed. `-1` means no timeout."; + description = "When using UDP forwarding, timeout in seconds after which the tunnel connection is closed. `-1` means no timeout."; type = types.int; default = 30; }; httpProxy = mkOption { - description = mdDoc '' + description = '' Proxy to use to connect to the wstunnel server (`USER:PASS@HOST:PORT`). ::: {.warning} @@ -202,45 +202,45 @@ let }; soMark = mkOption { - description = mdDoc "Mark network packets with the SO_MARK sockoption with the specified value. Setting this option will also enable the required `CAP_NET_ADMIN` capability for the systemd service."; + description = "Mark network packets with the SO_MARK sockoption with the specified value. Setting this option will also enable the required `CAP_NET_ADMIN` capability for the systemd service."; type = types.nullOr types.int; default = null; }; upgradePathPrefix = mkOption { - description = mdDoc "Use a specific HTTP path prefix that will show up in the upgrade request to the `wstunnel` server. Useful when running `wstunnel` behind a reverse proxy."; + description = "Use a specific HTTP path prefix that will show up in the upgrade request to the `wstunnel` server. Useful when running `wstunnel` behind a reverse proxy."; type = types.nullOr types.str; default = null; example = "wstunnel"; }; hostHeader = mkOption { - description = mdDoc "Use this as the HTTP host header instead of the real hostname. Useful for circumventing hostname-based firewalls."; + description = "Use this as the HTTP host header instead of the real hostname. Useful for circumventing hostname-based firewalls."; type = types.nullOr types.str; default = null; }; tlsSNI = mkOption { - description = mdDoc "Use this as the SNI while connecting via TLS. Useful for circumventing hostname-based firewalls."; + description = "Use this as the SNI while connecting via TLS. Useful for circumventing hostname-based firewalls."; type = types.nullOr types.str; default = null; }; tlsVerifyCertificate = mkOption { - description = mdDoc "Whether to verify the TLS certificate of the server. It might be useful to set this to `false` when working with the `tlsSNI` option."; + description = "Whether to verify the TLS certificate of the server. It might be useful to set this to `false` when working with the `tlsSNI` option."; type = types.bool; default = true; }; # The original argument name `websocketPingFrequency` is a misnomer, as the frequency is the inverse of the interval. websocketPingInterval = mkOption { - description = mdDoc "Do a heartbeat ping every N seconds to keep up the websocket connection."; + description = "Do a heartbeat ping every N seconds to keep up the websocket connection."; type = types.nullOr types.ints.unsigned; default = null; }; upgradeCredentials = mkOption { - description = mdDoc '' + description = '' Use these credentials to authenticate during the HTTP upgrade request (Basic authorization type, `USER:[PASS]`). ::: {.warning} @@ -252,7 +252,7 @@ let }; customHeaders = mkOption { - description = mdDoc "Custom HTTP headers to send during the upgrade request."; + description = "Custom HTTP headers to send during the upgrade request."; type = types.attrsOf types.str; default = {}; example = { @@ -355,10 +355,10 @@ let }; in { options.services.wstunnel = { - enable = mkEnableOption (mdDoc "wstunnel"); + enable = mkEnableOption "wstunnel"; servers = mkOption { - description = mdDoc "`wstunnel` servers to set up."; + description = "`wstunnel` servers to set up."; type = types.attrsOf (types.submodule serverSubmodule); default = {}; example = { @@ -376,7 +376,7 @@ in { }; clients = mkOption { - description = mdDoc "`wstunnel` clients to set up."; + description = "`wstunnel` clients to set up."; type = types.attrsOf (types.submodule clientSubmodule); default = {}; example = { diff --git a/nixpkgs/nixos/modules/services/networking/x2goserver.nix b/nixpkgs/nixos/modules/services/networking/x2goserver.nix index f1eba9fafc1c..e46a493924ef 100644 --- a/nixpkgs/nixos/modules/services/networking/x2goserver.nix +++ b/nixpkgs/nixos/modules/services/networking/x2goserver.nix @@ -22,16 +22,16 @@ in { ]; options.services.x2goserver = { - enable = mkEnableOption (lib.mdDoc "x2goserver") // { - description = lib.mdDoc '' + enable = mkEnableOption "x2goserver" // { + description = '' Enables the x2goserver module. NOTE: This will create a good amount of symlinks in `/usr/local/bin` ''; }; superenicer = { - enable = mkEnableOption (lib.mdDoc "superenicer") // { - description = lib.mdDoc '' + enable = mkEnableOption "superenicer" // { + description = '' Enables the SupeReNicer code in x2gocleansessions, this will renice suspended sessions to nice level 19 and renice them to level 0 if the session becomes marked as running again @@ -42,7 +42,7 @@ in { nxagentDefaultOptions = mkOption { type = types.listOf types.str; default = [ "-extension GLX" "-nolisten tcp" ]; - description = lib.mdDoc '' + description = '' List of default nx agent options. ''; }; @@ -50,7 +50,7 @@ in { settings = mkOption { type = types.attrsOf types.attrs; default = {}; - description = lib.mdDoc '' + description = '' x2goserver.conf ini configuration as nix attributes. See `x2goserver.conf(5)` for details ''; diff --git a/nixpkgs/nixos/modules/services/networking/xandikos.nix b/nixpkgs/nixos/modules/services/networking/xandikos.nix index 147f07ac546d..e05fee1656cd 100644 --- a/nixpkgs/nixos/modules/services/networking/xandikos.nix +++ b/nixpkgs/nixos/modules/services/networking/xandikos.nix @@ -9,14 +9,14 @@ in options = { services.xandikos = { - enable = mkEnableOption (lib.mdDoc "Xandikos CalDAV and CardDAV server"); + enable = mkEnableOption "Xandikos CalDAV and CardDAV server"; package = mkPackageOption pkgs "xandikos" { }; address = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc '' + description = '' The IP address on which Xandikos will listen. By default listens on localhost. ''; @@ -25,13 +25,13 @@ in port = mkOption { type = types.port; default = 8080; - description = lib.mdDoc "The port of the Xandikos web application"; + description = "The port of the Xandikos web application"; }; routePrefix = mkOption { type = types.str; default = "/"; - description = lib.mdDoc '' + description = '' Path to Xandikos. Useful when Xandikos is behind a reverse proxy. ''; @@ -47,14 +47,14 @@ in "--dump-dav-xml" ] ''; - description = lib.mdDoc '' + description = '' Extra command line arguments to pass to xandikos. ''; }; nginx = mkOption { default = {}; - description = lib.mdDoc '' + description = '' Configuration for nginx reverse proxy. ''; @@ -63,14 +63,14 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Configure the nginx reverse proxy settings. ''; }; hostName = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The hostname use to setup the virtualhost configuration ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/xinetd.nix b/nixpkgs/nixos/modules/services/networking/xinetd.nix index fb3de7077e31..e42943285d12 100644 --- a/nixpkgs/nixos/modules/services/networking/xinetd.nix +++ b/nixpkgs/nixos/modules/services/networking/xinetd.nix @@ -44,19 +44,19 @@ in options = { - services.xinetd.enable = mkEnableOption (lib.mdDoc "the xinetd super-server daemon"); + services.xinetd.enable = mkEnableOption "the xinetd super-server daemon"; services.xinetd.extraDefaults = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Additional configuration lines added to the default section of xinetd's configuration. ''; }; services.xinetd.services = mkOption { default = []; - description = lib.mdDoc '' + description = '' A list of services provided by xinetd. ''; @@ -67,51 +67,50 @@ in name = mkOption { type = types.str; example = "login"; - description = lib.mdDoc "Name of the service."; + description = "Name of the service."; }; protocol = mkOption { type = types.str; default = "tcp"; - description = - lib.mdDoc "Protocol of the service. Usually `tcp` or `udp`."; + description = "Protocol of the service. Usually `tcp` or `udp`."; }; port = mkOption { type = types.port; default = 0; example = 123; - description = lib.mdDoc "Port number of the service."; + description = "Port number of the service."; }; user = mkOption { type = types.str; default = "nobody"; - description = lib.mdDoc "User account for the service"; + description = "User account for the service"; }; server = mkOption { type = types.str; example = "/foo/bin/ftpd"; - description = lib.mdDoc "Path of the program that implements the service."; + description = "Path of the program that implements the service."; }; serverArgs = mkOption { type = types.separatedString " "; default = ""; - description = lib.mdDoc "Command-line arguments for the server program."; + description = "Command-line arguments for the server program."; }; flags = mkOption { type = types.str; default = ""; - description = lib.mdDoc ""; + description = ""; }; unlisted = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether this server is listed in {file}`/etc/services`. If so, the port number can be omitted. @@ -121,7 +120,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Extra configuration-lines added to the section of the service."; + description = "Extra configuration-lines added to the section of the service."; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/xl2tpd.nix b/nixpkgs/nixos/modules/services/networking/xl2tpd.nix index 7d2595707612..8d192be6c2fa 100644 --- a/nixpkgs/nixos/modules/services/networking/xl2tpd.nix +++ b/nixpkgs/nixos/modules/services/networking/xl2tpd.nix @@ -5,29 +5,29 @@ with lib; { options = { services.xl2tpd = { - enable = mkEnableOption (lib.mdDoc "xl2tpd, the Layer 2 Tunnelling Protocol Daemon"); + enable = mkEnableOption "xl2tpd, the Layer 2 Tunnelling Protocol Daemon"; serverIp = mkOption { type = types.str; - description = lib.mdDoc "The server-side IP address."; + description = "The server-side IP address."; default = "10.125.125.1"; }; clientIpRange = mkOption { type = types.str; - description = lib.mdDoc "The range from which client IPs are drawn."; + description = "The range from which client IPs are drawn."; default = "10.125.125.2-11"; }; extraXl2tpOptions = mkOption { type = types.lines; - description = lib.mdDoc "Adds extra lines to the xl2tpd configuration file."; + description = "Adds extra lines to the xl2tpd configuration file."; default = ""; }; extraPppdOptions = mkOption { type = types.lines; - description = lib.mdDoc "Adds extra lines to the pppd options file."; + description = "Adds extra lines to the pppd options file."; default = ""; example = '' ms-dns 8.8.8.8 diff --git a/nixpkgs/nixos/modules/services/networking/xray.nix b/nixpkgs/nixos/modules/services/networking/xray.nix index 56c7887b3308..40a154d8d030 100644 --- a/nixpkgs/nixos/modules/services/networking/xray.nix +++ b/nixpkgs/nixos/modules/services/networking/xray.nix @@ -9,7 +9,7 @@ with lib; enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to run xray server. Either `settingsFile` or `settings` must be specified. @@ -22,7 +22,7 @@ with lib; type = types.nullOr types.path; default = null; example = "/etc/xray/config.json"; - description = lib.mdDoc '' + description = '' The absolute path to the configuration file. Either `settingsFile` or `settings` must be specified. @@ -44,7 +44,7 @@ with lib; protocol = "freedom"; }]; }; - description = lib.mdDoc '' + description = '' The configuration object. Either `settingsFile` or `settings` must be specified. diff --git a/nixpkgs/nixos/modules/services/networking/xrdp.nix b/nixpkgs/nixos/modules/services/networking/xrdp.nix index 7e6634cd239a..884325d13159 100644 --- a/nixpkgs/nixos/modules/services/networking/xrdp.nix +++ b/nixpkgs/nixos/modules/services/networking/xrdp.nix @@ -49,19 +49,19 @@ in services.xrdp = { - enable = mkEnableOption (lib.mdDoc "xrdp, the Remote Desktop Protocol server"); + enable = mkEnableOption "xrdp, the Remote Desktop Protocol server"; package = mkPackageOptionMD pkgs "xrdp" { }; audio = { - enable = mkEnableOption (lib.mdDoc "audio support for xrdp sessions. So far it only works with PulseAudio sessions on the server side. No PipeWire support yet"); + enable = mkEnableOption "audio support for xrdp sessions. So far it only works with PulseAudio sessions on the server side. No PipeWire support yet"; package = mkPackageOptionMD pkgs "pulseaudio-module-xrdp" {}; }; port = mkOption { type = types.port; default = 3389; - description = lib.mdDoc '' + description = '' Specifies on which port the xrdp daemon listens. ''; }; @@ -69,14 +69,14 @@ in openFirewall = mkOption { default = false; type = types.bool; - description = lib.mdDoc "Whether to open the firewall for the specified RDP port."; + description = "Whether to open the firewall for the specified RDP port."; }; sslKey = mkOption { type = types.str; default = "/etc/xrdp/key.pem"; example = "/path/to/your/key.pem"; - description = lib.mdDoc '' + description = '' ssl private key path A self-signed certificate will be generated if file not exists. ''; @@ -86,7 +86,7 @@ in type = types.str; default = "/etc/xrdp/cert.pem"; example = "/path/to/your/cert.pem"; - description = lib.mdDoc '' + description = '' ssl certificate path A self-signed certificate will be generated if file not exists. ''; @@ -96,7 +96,7 @@ in type = types.str; default = "xterm"; example = "xfce4-session"; - description = lib.mdDoc '' + description = '' The script to run when user log in, usually a window manager, e.g. "icewm", "xfce4-session" This is per-user overridable, if file ~/startwm.sh exists it will be used instead. ''; @@ -106,7 +106,7 @@ in type = types.path; default = confDir; internal = true; - description = lib.mdDoc '' + description = '' Configuration directory of xrdp and sesman. Changes to this must be made through extraConfDirCommands. @@ -117,7 +117,7 @@ in extraConfDirCommands = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Extra commands to run on the default confDir derivation. ''; example = '' diff --git a/nixpkgs/nixos/modules/services/networking/yggdrasil.nix b/nixpkgs/nixos/modules/services/networking/yggdrasil.nix index 9173e7eb3457..c1c952adac39 100644 --- a/nixpkgs/nixos/modules/services/networking/yggdrasil.nix +++ b/nixpkgs/nixos/modules/services/networking/yggdrasil.nix @@ -18,7 +18,7 @@ in options = with types; { services.yggdrasil = { - enable = mkEnableOption (lib.mdDoc "the yggdrasil system service"); + enable = mkEnableOption "the yggdrasil system service"; settings = mkOption { type = format.type; @@ -32,7 +32,7 @@ in "tcp://0.0.0.0:xxxxx" ]; }; - description = lib.mdDoc '' + description = '' Configuration for yggdrasil, as a Nix attribute set. Warning: this is stored in the WORLD-READABLE Nix store! @@ -61,7 +61,7 @@ in type = nullOr path; default = null; example = "/run/keys/yggdrasil.conf"; - description = lib.mdDoc '' + description = '' A file which contains JSON or HJSON configuration for yggdrasil. See the {option}`settings` option for more information. @@ -76,13 +76,13 @@ in type = types.nullOr types.str; default = null; example = "wheel"; - description = lib.mdDoc "Group to grant access to the Yggdrasil control socket. If `null`, only root can access the socket."; + description = "Group to grant access to the Yggdrasil control socket. If `null`, only root can access the socket."; }; openMulticastPort = mkOption { type = bool; default = false; - description = lib.mdDoc '' + description = '' Whether to open the UDP port used for multicast peer discovery. The NixOS firewall blocks link-local communication, so in order to make incoming local peering work you will also need to configure @@ -98,7 +98,7 @@ in type = listOf str; default = [ ]; example = [ "tap*" ]; - description = lib.mdDoc '' + description = '' Disable the DHCP client for any interface whose name matches any of the shell glob patterns in this list. Use this option to prevent the DHCP client from broadcasting requests @@ -110,17 +110,17 @@ in package = mkPackageOption pkgs "yggdrasil" { }; - persistentKeys = mkEnableOption (lib.mdDoc '' + persistentKeys = mkEnableOption '' persistent keys. If enabled then keys will be generated once and Yggdrasil will retain the same IPv6 address when the service is restarted. Keys are stored at ${keysPath} - ''); + ''; extraArgs = mkOption { type = listOf str; default = [ ]; example = [ "-loglevel" "info" ]; - description = lib.mdDoc "Extra command line arguments."; + description = "Extra command line arguments."; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/zerobin.nix b/nixpkgs/nixos/modules/services/networking/zerobin.nix index 735d4fa25fb1..62b606ec3b00 100644 --- a/nixpkgs/nixos/modules/services/networking/zerobin.nix +++ b/nixpkgs/nixos/modules/services/networking/zerobin.nix @@ -12,12 +12,12 @@ in { options = { services.zerobin = { - enable = mkEnableOption (lib.mdDoc "0bin"); + enable = mkEnableOption "0bin"; dataDir = mkOption { type = types.str; default = "/var/lib/zerobin"; - description = lib.mdDoc '' + description = '' Path to the 0bin data directory ''; }; @@ -25,7 +25,7 @@ in user = mkOption { type = types.str; default = "zerobin"; - description = lib.mdDoc '' + description = '' The user 0bin should run as ''; }; @@ -33,7 +33,7 @@ in group = mkOption { type = types.str; default = "zerobin"; - description = lib.mdDoc '' + description = '' The group 0bin should run as ''; }; @@ -42,7 +42,7 @@ in type = types.int; default = 8000; example = 1357; - description = lib.mdDoc '' + description = '' The port zerobin should listen on ''; }; @@ -51,7 +51,7 @@ in type = types.str; default = "localhost"; example = "127.0.0.1"; - description = lib.mdDoc '' + description = '' The address zerobin should listen to ''; }; @@ -65,7 +65,7 @@ in ) COMPRESSED_STATIC_FILE = True ''; - description = lib.mdDoc '' + description = '' Extra configuration to be appended to the 0bin config file (see https://0bin.readthedocs.org/en/latest/en/options.html) ''; diff --git a/nixpkgs/nixos/modules/services/networking/zeronet.nix b/nixpkgs/nixos/modules/services/networking/zeronet.nix index 7e88a8b346d9..8d734a5291d2 100644 --- a/nixpkgs/nixos/modules/services/networking/zeronet.nix +++ b/nixpkgs/nixos/modules/services/networking/zeronet.nix @@ -18,7 +18,7 @@ let }; in with lib; { options.services.zeronet = { - enable = mkEnableOption (lib.mdDoc "zeronet"); + enable = mkEnableOption "zeronet"; package = mkPackageOption pkgs "zeronet" { }; @@ -27,7 +27,7 @@ in with lib; { default = {}; example = literalExpression "{ global.tor = enable; }"; - description = lib.mdDoc '' + description = '' {file}`zeronet.conf` configuration. Refer to <https://zeronet.readthedocs.io/en/latest/faq/#is-it-possible-to-use-a-configuration-file> for details on supported values; @@ -37,7 +37,7 @@ in with lib; { port = mkOption { type = types.port; default = 43110; - description = lib.mdDoc "Optional zeronet web UI port."; + description = "Optional zeronet web UI port."; }; fileserverPort = mkOption { @@ -45,19 +45,19 @@ in with lib; { # read-only config file and crashes type = types.port; default = 12261; - description = lib.mdDoc "Zeronet fileserver port."; + description = "Zeronet fileserver port."; }; tor = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Use TOR for zeronet traffic where possible."; + description = "Use TOR for zeronet traffic where possible."; }; torAlways = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Use TOR for all zeronet traffic."; + description = "Use TOR for all zeronet traffic."; }; }; diff --git a/nixpkgs/nixos/modules/services/networking/zerotierone.nix b/nixpkgs/nixos/modules/services/networking/zerotierone.nix index 60615d553041..86c1efc629a9 100644 --- a/nixpkgs/nixos/modules/services/networking/zerotierone.nix +++ b/nixpkgs/nixos/modules/services/networking/zerotierone.nix @@ -8,13 +8,13 @@ let localConfFilePath = "/var/lib/zerotier-one/local.conf"; in { - options.services.zerotierone.enable = mkEnableOption (lib.mdDoc "ZeroTierOne"); + options.services.zerotierone.enable = mkEnableOption "ZeroTierOne"; options.services.zerotierone.joinNetworks = mkOption { default = []; example = [ "a8a2c3c10c1a68de" ]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' List of ZeroTier Network IDs to join on startup. Note that networks are only ever joined, but not automatically left after removing them from the list. To remove networks, use the ZeroTier CLI: `zerotier-cli leave <network-id>` @@ -24,7 +24,7 @@ in options.services.zerotierone.port = mkOption { default = 9993; type = types.port; - description = lib.mdDoc '' + description = '' Network port used by ZeroTier. ''; }; @@ -33,7 +33,7 @@ in options.services.zerotierone.localConf = mkOption { default = null; - description = mdDoc '' + description = '' Optional configuration to be written to the Zerotier JSON-based local.conf. If set, the configuration will be symlinked to `/var/lib/zerotier-one/local.conf` at build time. To understand the configuration format, refer to https://docs.zerotier.com/config/#local-configuration-options. diff --git a/nixpkgs/nixos/modules/services/networking/znc/default.nix b/nixpkgs/nixos/modules/services/networking/znc/default.nix index e15233293cf2..1a5793ee0ff5 100644 --- a/nixpkgs/nixos/modules/services/networking/znc/default.nix +++ b/nixpkgs/nixos/modules/services/networking/znc/default.nix @@ -81,13 +81,13 @@ in options = { services.znc = { - enable = mkEnableOption (lib.mdDoc "ZNC"); + enable = mkEnableOption "ZNC"; user = mkOption { default = "znc"; example = "john"; type = types.str; - description = lib.mdDoc '' + description = '' The name of an existing user account to use to own the ZNC server process. If not specified, a default user will be created. ''; @@ -97,7 +97,7 @@ in default = defaultUser; example = "users"; type = types.str; - description = lib.mdDoc '' + description = '' Group to own the ZNC process. ''; }; @@ -106,7 +106,7 @@ in default = "/var/lib/znc"; example = "/home/john/.znc"; type = types.path; - description = lib.mdDoc '' + description = '' The state directory for ZNC. The config and the modules will be linked to from this directory as well. ''; @@ -115,7 +115,7 @@ in openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to open ports in the firewall for ZNC. Does work with ports for listeners specified in {option}`services.znc.config.Listener`. @@ -149,7 +149,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' Configuration for ZNC, see <https://wiki.znc.in/Configuration> for details. The Nix value declared here will be translated directly to the xml-like @@ -177,7 +177,7 @@ in configFile = mkOption { type = types.path; example = literalExpression "~/.znc/configs/znc.conf"; - description = lib.mdDoc '' + description = '' Configuration file for ZNC. It is recommended to use the {option}`config` option instead. @@ -191,7 +191,7 @@ in type = types.listOf types.package; default = [ ]; example = literalExpression "[ pkgs.zncModules.fish pkgs.zncModules.push ]"; - description = lib.mdDoc '' + description = '' A list of global znc module packages to add to znc. ''; }; @@ -199,7 +199,7 @@ in mutable = mkOption { default = true; # TODO: Default to true when config is set, make sure to not delete the old config if present type = types.bool; - description = lib.mdDoc '' + description = '' Indicates whether to allow the contents of the `dataDir` directory to be changed by the user at run-time. @@ -217,7 +217,7 @@ in default = [ ]; example = [ "--debug" ]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' Extra arguments to use for executing znc. ''; }; diff --git a/nixpkgs/nixos/modules/services/networking/znc/options.nix b/nixpkgs/nixos/modules/services/networking/znc/options.nix index bd67ec86d513..32e5fd9d5025 100644 --- a/nixpkgs/nixos/modules/services/networking/znc/options.nix +++ b/nixpkgs/nixos/modules/services/networking/znc/options.nix @@ -12,7 +12,7 @@ let server = mkOption { type = types.str; example = "irc.libera.chat"; - description = lib.mdDoc '' + description = '' IRC server address. ''; }; @@ -20,7 +20,7 @@ let port = mkOption { type = types.port; default = 6697; - description = lib.mdDoc '' + description = '' IRC server port. ''; }; @@ -28,7 +28,7 @@ let password = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' IRC server password, such as for a Slack gateway. ''; }; @@ -36,7 +36,7 @@ let useSSL = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to use SSL to connect to the IRC server. ''; }; @@ -45,7 +45,7 @@ let type = types.listOf types.str; default = [ "simple_away" ]; example = literalExpression ''[ "simple_away" "sasl" ]''; - description = lib.mdDoc '' + description = '' ZNC network modules to load. ''; }; @@ -54,7 +54,7 @@ let type = types.listOf types.str; default = []; example = [ "nixos" ]; - description = lib.mdDoc '' + description = '' IRC channels to join. ''; }; @@ -62,7 +62,7 @@ let hasBitlbeeControlChannel = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to add the special Bitlbee operations channel. ''; }; @@ -79,7 +79,7 @@ let JoinDelay = 0 Nick = johntron ''; - description = lib.mdDoc '' + description = '' Extra config for the network. Consider using {option}`services.znc.config` instead. ''; @@ -97,7 +97,7 @@ in useLegacyConfig = mkOption { default = true; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to propagate the legacy options under {option}`services.znc.confOptions.*` to the znc config. If this is turned on, the znc config will contain a user with the default name @@ -118,7 +118,7 @@ in type = types.listOf types.str; default = [ "webadmin" "adminlog" ]; example = [ "partyline" "webadmin" "adminlog" "log" ]; - description = lib.mdDoc '' + description = '' A list of modules to include in the `znc.conf` file. ''; }; @@ -127,7 +127,7 @@ in type = types.listOf types.str; default = [ "chansaver" "controlpanel" ]; example = [ "chansaver" "controlpanel" "fish" "push" ]; - description = lib.mdDoc '' + description = '' A list of user modules to include in the `znc.conf` file. ''; }; @@ -136,7 +136,7 @@ in default = "znc"; example = "johntron"; type = types.str; - description = lib.mdDoc '' + description = '' The user name used to log in to the ZNC web admin interface. ''; }; @@ -144,7 +144,7 @@ in networks = mkOption { default = { }; type = with types; attrsOf (submodule networkOpts); - description = lib.mdDoc '' + description = '' IRC networks to connect the user to. ''; example = literalExpression '' @@ -163,7 +163,7 @@ in default = "znc-user"; example = "john"; type = types.str; - description = lib.mdDoc '' + description = '' The IRC nick. ''; }; @@ -177,7 +177,7 @@ in </Pass> ''; type = types.str; - description = lib.mdDoc '' + description = '' Generate with {command}`nix-shell -p znc --command "znc --makepass"`. This is the password used to log in to the ZNC web admin interface. You can also set this through @@ -189,7 +189,7 @@ in port = mkOption { default = 5000; type = types.port; - description = lib.mdDoc '' + description = '' Specifies the port on which to listen. ''; }; @@ -197,7 +197,7 @@ in useSSL = mkOption { default = true; type = types.bool; - description = lib.mdDoc '' + description = '' Indicates whether the ZNC server should use SSL when listening on the specified port. A self-signed certificate will be generated. ''; @@ -207,7 +207,7 @@ in type = types.nullOr types.str; default = null; example = "/znc/"; - description = lib.mdDoc '' + description = '' An optional URI prefix for the ZNC web interface. Can be used to make ZNC available behind a reverse proxy. ''; @@ -216,7 +216,7 @@ in extraZncConf = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Extra config to `znc.conf` file. ''; }; diff --git a/nixpkgs/nixos/modules/services/printing/cups-pdf.nix b/nixpkgs/nixos/modules/services/printing/cups-pdf.nix index 07f24367132f..12c2eb082e62 100644 --- a/nixpkgs/nixos/modules/services/printing/cups-pdf.nix +++ b/nixpkgs/nixos/modules/services/printing/cups-pdf.nix @@ -41,7 +41,7 @@ let default = "/var/spool/cups-pdf-${name}/users/\${USER}"; defaultText = "/var/spool/cups-pdf-{instance-name}/users/\${USER}"; example = "\${HOME}/cups-pdf"; - description = lib.mdDoc '' + description = '' output directory; `''${HOME}` will be expanded to the user's home directory, `''${USER}` will be expanded to the user name. @@ -52,19 +52,19 @@ let default = "/var/spool/cups-pdf-${name}/anonymous"; defaultText = "/var/spool/cups-pdf-{instance-name}/anonymous"; example = "/var/lib/cups-pdf"; - description = lib.mdDoc "path for anonymously created PDF files"; + description = "path for anonymously created PDF files"; }; options.Spool = lib.mkOption { type = with lib.types; nullOr singleLineStr; default = "/var/spool/cups-pdf-${name}/spool"; defaultText = "/var/spool/cups-pdf-{instance-name}/spool"; example = "/var/lib/cups-pdf"; - description = lib.mdDoc "spool directory"; + description = "spool directory"; }; options.Anonuser = lib.mkOption { type = lib.types.singleLineStr; default = "root"; - description = lib.mdDoc '' + description = '' User for anonymous PDF creation. An empty string disables this feature. ''; @@ -74,21 +74,21 @@ let default = lib.getExe pkgs.ghostscript; defaultText = lib.literalExpression "lib.getExe pkgs.ghostscript"; example = lib.literalExpression ''''${pkgs.ghostscript}/bin/ps2pdf''; - description = lib.mdDoc "location of GhostScript binary"; + description = "location of GhostScript binary"; }; }; instanceConfig = { name, config, ... }: { options = { - enable = (lib.mkEnableOption (lib.mdDoc "this cups-pdf instance")) // { default = true; }; - installPrinter = (lib.mkEnableOption (lib.mdDoc '' + enable = (lib.mkEnableOption "this cups-pdf instance") // { default = true; }; + installPrinter = (lib.mkEnableOption '' a CUPS printer queue for this instance. The queue will be named after the instance and will use the {file}`CUPS-PDF_opt.ppd` ppd file. If this is disabled, you need to add the queue yourself to use the instance - '')) // { default = true; }; + '') // { default = true; }; confFileText = lib.mkOption { type = lib.types.lines; - description = lib.mdDoc '' + description = '' This will contain the contents of {file}`cups-pdf.conf` for this instance, derived from {option}`settings`. You can use this option to append text to the file. ''; @@ -100,7 +100,7 @@ let Out = "\${HOME}/cups-pdf"; UserUMask = "0033"; }; - description = lib.mdDoc '' + description = '' Settings for a cups-pdf instance, see the descriptions in the template config file in the cups-pdf package. The key value pairs declared here will be translated into proper key value pairs for {file}`cups-pdf.conf`. Setting a value to `null` disables the option and removes it from the file. @@ -142,11 +142,11 @@ in { options.services.printing.cups-pdf = { - enable = lib.mkEnableOption (lib.mdDoc '' + enable = lib.mkEnableOption '' the cups-pdf virtual pdf printer backend. By default, this will install a single printer `pdf`. but this can be changed/extended with {option}`services.printing.cups-pdf.instances` - ''); + ''; instances = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule instanceConfig); default.pdf = {}; @@ -154,7 +154,7 @@ in Out = "\${HOME}/cups-pdf"; UserUMask = "0033"; }; - description = lib.mdDoc '' + description = '' Permits to raise one or more cups-pdf instances. Each instance is named by an attribute name, and the attribute's values control the instance' configuration. ''; diff --git a/nixpkgs/nixos/modules/services/printing/cupsd.nix b/nixpkgs/nixos/modules/services/printing/cupsd.nix index 1f044384a5b8..668bccab2e2d 100644 --- a/nixpkgs/nixos/modules/services/printing/cupsd.nix +++ b/nixpkgs/nixos/modules/services/printing/cupsd.nix @@ -136,7 +136,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable printing support through the CUPS daemon. ''; }; @@ -146,7 +146,7 @@ in stateless = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' If set, all state directories relating to CUPS will be removed on startup of the service. ''; @@ -155,7 +155,7 @@ in startWhenNeeded = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' If set, CUPS is socket-activated; that is, instead of having it permanently running as a daemon, systemd will start it on the first incoming connection. @@ -166,7 +166,7 @@ in type = types.listOf types.str; default = [ "localhost:631" ]; example = [ "*:631" ]; - description = lib.mdDoc '' + description = '' A list of addresses and ports on which to listen. ''; }; @@ -176,7 +176,7 @@ in default = [ "localhost" ]; example = [ "all" ]; apply = concatMapStringsSep "\n" (x: "Allow ${x}"); - description = lib.mdDoc '' + description = '' From which hosts to allow unconditional access. ''; }; @@ -194,7 +194,7 @@ in type = types.lines; internal = true; default = ""; - description = lib.mdDoc '' + description = '' Additional commands executed while creating the directory containing the CUPS server binaries. ''; @@ -203,7 +203,7 @@ in defaultShared = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Specifies whether local printers are shared by default. ''; }; @@ -211,7 +211,7 @@ in browsing = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Specifies whether shared printers are advertised. ''; }; @@ -219,7 +219,7 @@ in webInterface = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Specifies whether the web interface is enabled. ''; }; @@ -228,7 +228,7 @@ in type = types.str; default = "info"; example = "debug"; - description = lib.mdDoc '' + description = '' Specifies the cupsd logging verbosity. ''; }; @@ -236,7 +236,7 @@ in extraFilesConf = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra contents of the configuration file of the CUPS daemon ({file}`cups-files.conf`). ''; @@ -250,7 +250,7 @@ in BrowsePoll cups.example.com MaxCopies 42 ''; - description = lib.mdDoc '' + description = '' Extra contents of the configuration file of the CUPS daemon ({file}`cupsd.conf`). ''; @@ -264,7 +264,7 @@ in ServerName server.example.com Encryption Never ''; - description = lib.mdDoc '' + description = '' The contents of the client configuration. ({file}`client.conf`) ''; @@ -277,7 +277,7 @@ in '' BrowsePoll cups.example.com ''; - description = lib.mdDoc '' + description = '' The contents of the configuration. file of the CUPS Browsed daemon ({file}`cups-browsed.conf`) ''; @@ -288,7 +288,7 @@ in default = '' Address @LOCAL ''; - description = lib.mdDoc '' + description = '' The contents of {file}`/etc/cups/snmp.conf`. See "man cups-snmp.conf" for a complete description. ''; @@ -298,7 +298,7 @@ in type = types.listOf types.path; default = []; example = literalExpression "with pkgs; [ gutenprint hplip splix ]"; - description = lib.mdDoc '' + description = '' CUPS drivers to use. Drivers provided by CUPS, cups-filters, Ghostscript and Samba are added unconditionally. If this list contains Gutenprint (i.e. a derivation with @@ -312,7 +312,7 @@ in type = types.path; default = "/tmp"; example = "/tmp/cups"; - description = lib.mdDoc '' + description = '' CUPSd temporary directory. ''; }; diff --git a/nixpkgs/nixos/modules/services/printing/ipp-usb.nix b/nixpkgs/nixos/modules/services/printing/ipp-usb.nix index 8ed2ff826871..96ebc022b512 100644 --- a/nixpkgs/nixos/modules/services/printing/ipp-usb.nix +++ b/nixpkgs/nixos/modules/services/printing/ipp-usb.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: { options = { services.ipp-usb = { - enable = lib.mkEnableOption (lib.mdDoc "ipp-usb, a daemon to turn an USB printer/scanner supporting IPP everywhere (aka AirPrint, WSD, AirScan) into a locally accessible network printer/scanner"); + enable = lib.mkEnableOption "ipp-usb, a daemon to turn an USB printer/scanner supporting IPP everywhere (aka AirPrint, WSD, AirScan) into a locally accessible network printer/scanner"; }; }; config = lib.mkIf config.services.ipp-usb.enable { diff --git a/nixpkgs/nixos/modules/services/scheduling/atd.nix b/nixpkgs/nixos/modules/services/scheduling/atd.nix index 235d4f348e5e..541d8f799c8e 100644 --- a/nixpkgs/nixos/modules/services/scheduling/atd.nix +++ b/nixpkgs/nixos/modules/services/scheduling/atd.nix @@ -19,7 +19,7 @@ in services.atd.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the {command}`at` daemon, a command scheduler. ''; }; @@ -27,7 +27,7 @@ in services.atd.allowEveryone = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to make {file}`/var/spool/at{jobs,spool}` writeable by everyone (and sticky). This is normally not needed since the {command}`at` commands are diff --git a/nixpkgs/nixos/modules/services/scheduling/cron.nix b/nixpkgs/nixos/modules/services/scheduling/cron.nix index 6e8fe5d9d031..89834b9f01c4 100644 --- a/nixpkgs/nixos/modules/services/scheduling/cron.nix +++ b/nixpkgs/nixos/modules/services/scheduling/cron.nix @@ -40,13 +40,13 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the Vixie cron daemon."; + description = "Whether to enable the Vixie cron daemon."; }; mailto = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "Email address to which job output will be mailed."; + description = "Email address to which job output will be mailed."; }; systemCronJobs = mkOption { @@ -57,7 +57,7 @@ in "* * * * * eelco echo Hello World > /home/eelco/cronout" ] ''; - description = lib.mdDoc '' + description = '' A list of Cron jobs to be appended to the system-wide crontab. See the manual page for crontab for the expected format. If you want to get the results mailed you must setuid @@ -76,7 +76,7 @@ in cronFiles = mkOption { type = types.listOf types.path; default = []; - description = lib.mdDoc '' + description = '' A list of extra crontab files that will be read and appended to the main crontab file when the cron service starts. ''; diff --git a/nixpkgs/nixos/modules/services/scheduling/fcron.nix b/nixpkgs/nixos/modules/services/scheduling/fcron.nix index 47bd358f979d..db627841526e 100644 --- a/nixpkgs/nixos/modules/services/scheduling/fcron.nix +++ b/nixpkgs/nixos/modules/services/scheduling/fcron.nix @@ -40,13 +40,13 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the {command}`fcron` daemon."; + description = "Whether to enable the {command}`fcron` daemon."; }; allow = mkOption { type = types.listOf types.str; default = [ "all" ]; - description = lib.mdDoc '' + description = '' Users allowed to use fcrontab and fcrondyn (one name per line, `all` for everyone). ''; @@ -55,25 +55,25 @@ in deny = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc "Users forbidden from using fcron."; + description = "Users forbidden from using fcron."; }; maxSerialJobs = mkOption { type = types.int; default = 1; - description = lib.mdDoc "Maximum number of serial jobs which can run simultaneously."; + description = "Maximum number of serial jobs which can run simultaneously."; }; queuelen = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc "Number of jobs the serial queue and the lavg queue can contain."; + description = "Number of jobs the serial queue and the lavg queue can contain."; }; systab = mkOption { type = types.lines; default = ""; - description = lib.mdDoc ''The "system" crontab contents.''; + description = ''The "system" crontab contents.''; }; }; diff --git a/nixpkgs/nixos/modules/services/search/elasticsearch-curator.nix b/nixpkgs/nixos/modules/services/search/elasticsearch-curator.nix index 0a21d705ef87..1c365124a0ef 100644 --- a/nixpkgs/nixos/modules/services/search/elasticsearch-curator.nix +++ b/nixpkgs/nixos/modules/services/search/elasticsearch-curator.nix @@ -37,24 +37,24 @@ in { options.services.elasticsearch-curator = { - enable = mkEnableOption (lib.mdDoc "elasticsearch curator"); + enable = mkEnableOption "elasticsearch curator"; interval = mkOption { - description = lib.mdDoc "The frequency to run curator, a systemd.time such as 'hourly'"; + description = "The frequency to run curator, a systemd.time such as 'hourly'"; default = "hourly"; type = types.str; }; hosts = mkOption { - description = lib.mdDoc "a list of elasticsearch hosts to connect to"; + description = "a list of elasticsearch hosts to connect to"; type = types.listOf types.str; default = ["localhost"]; }; port = mkOption { - description = lib.mdDoc "the port that elasticsearch is listening on"; + description = "the port that elasticsearch is listening on"; type = types.port; default = 9200; }; actionYAML = mkOption { - description = lib.mdDoc "curator action.yaml file contents, alternatively use curator-cli which takes a simple action command"; + description = "curator action.yaml file contents, alternatively use curator-cli which takes a simple action command"; type = types.lines; example = '' --- diff --git a/nixpkgs/nixos/modules/services/search/elasticsearch.nix b/nixpkgs/nixos/modules/services/search/elasticsearch.nix index 6eebeb8b0a9a..db19e47493a6 100644 --- a/nixpkgs/nixos/modules/services/search/elasticsearch.nix +++ b/nixpkgs/nixos/modules/services/search/elasticsearch.nix @@ -45,7 +45,7 @@ in options.services.elasticsearch = { enable = mkOption { - description = lib.mdDoc "Whether to enable elasticsearch."; + description = "Whether to enable elasticsearch."; default = false; type = types.bool; }; @@ -53,37 +53,37 @@ in package = mkPackageOption pkgs "elasticsearch" { }; listenAddress = mkOption { - description = lib.mdDoc "Elasticsearch listen address."; + description = "Elasticsearch listen address."; default = "127.0.0.1"; type = types.str; }; port = mkOption { - description = lib.mdDoc "Elasticsearch port to listen for HTTP traffic."; + description = "Elasticsearch port to listen for HTTP traffic."; default = 9200; type = types.port; }; tcp_port = mkOption { - description = lib.mdDoc "Elasticsearch port for the node to node communication."; + description = "Elasticsearch port for the node to node communication."; default = 9300; type = types.int; }; cluster_name = mkOption { - description = lib.mdDoc "Elasticsearch name that identifies your cluster for auto-discovery."; + description = "Elasticsearch name that identifies your cluster for auto-discovery."; default = "elasticsearch"; type = types.str; }; single_node = mkOption { - description = lib.mdDoc "Start a single-node cluster"; + description = "Start a single-node cluster"; default = true; type = types.bool; }; extraConf = mkOption { - description = lib.mdDoc "Extra configuration for elasticsearch."; + description = "Extra configuration for elasticsearch."; default = ""; type = types.str; example = '' @@ -94,7 +94,7 @@ in }; logging = mkOption { - description = lib.mdDoc "Elasticsearch logging configuration."; + description = "Elasticsearch logging configuration."; default = '' logger.action.name = org.elasticsearch.action logger.action.level = info @@ -113,26 +113,26 @@ in dataDir = mkOption { type = types.path; default = "/var/lib/elasticsearch"; - description = lib.mdDoc '' + description = '' Data directory for elasticsearch. ''; }; extraCmdLineOptions = mkOption { - description = lib.mdDoc "Extra command line options for the elasticsearch launcher."; + description = "Extra command line options for the elasticsearch launcher."; default = [ ]; type = types.listOf types.str; }; extraJavaOptions = mkOption { - description = lib.mdDoc "Extra command line options for Java."; + description = "Extra command line options for Java."; default = [ ]; type = types.listOf types.str; example = [ "-Djava.net.preferIPv4Stack=true" ]; }; plugins = mkOption { - description = lib.mdDoc "Extra elasticsearch plugins"; + description = "Extra elasticsearch plugins"; default = [ ]; type = types.listOf types.package; example = lib.literalExpression "[ pkgs.elasticsearchPlugins.discovery-ec2 ]"; @@ -140,7 +140,7 @@ in restartIfChanged = mkOption { type = types.bool; - description = lib.mdDoc '' + description = '' Automatically restart the service on config change. This can be set to false to defer restarts on a server or cluster. Please consider the security implications of inadvertently running an older version, diff --git a/nixpkgs/nixos/modules/services/search/hound.nix b/nixpkgs/nixos/modules/services/search/hound.nix index d238b26a226b..e3f9c8da3752 100644 --- a/nixpkgs/nixos/modules/services/search/hound.nix +++ b/nixpkgs/nixos/modules/services/search/hound.nix @@ -14,7 +14,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the hound code search daemon. ''; }; @@ -24,7 +24,7 @@ in { user = mkOption { default = "hound"; type = types.str; - description = lib.mdDoc '' + description = '' User the hound daemon should execute under. ''; }; @@ -32,7 +32,7 @@ in { group = mkOption { default = "hound"; type = types.str; - description = lib.mdDoc '' + description = '' Group the hound daemon should execute under. ''; }; @@ -40,7 +40,7 @@ in { home = mkOption { default = "/var/lib/hound"; type = types.path; - description = lib.mdDoc '' + description = '' The path to use as hound's $HOME. If the default user "hound" is configured then this is the home of the "hound" user. ''; @@ -48,7 +48,7 @@ in { config = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The full configuration of the Hound daemon. Note the dbpath should be an absolute path to a writable location on disk. ''; @@ -68,7 +68,7 @@ in { type = types.str; default = "0.0.0.0:6080"; example = ":6080"; - description = lib.mdDoc '' + description = '' Listen on this [IP]:port ''; }; diff --git a/nixpkgs/nixos/modules/services/search/manticore.nix b/nixpkgs/nixos/modules/services/search/manticore.nix new file mode 100644 index 000000000000..a8fcd9d0b382 --- /dev/null +++ b/nixpkgs/nixos/modules/services/search/manticore.nix @@ -0,0 +1,131 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.services.manticore; + format = pkgs.formats.json { }; + + toSphinx = { + mkKeyValue ? mkKeyValueDefault {} "=", + listsAsDuplicateKeys ? true + }: attrsOfAttrs: + let + # map function to string for each key val + mapAttrsToStringsSep = sep: mapFn: attrs: + concatStringsSep sep + (mapAttrsToList mapFn attrs); + mkSection = sectName: sectValues: '' + ${sectName} { + '' + lib.generators.toKeyValue { inherit mkKeyValue listsAsDuplicateKeys; } sectValues + ''}''; + in + # map input to ini sections + mapAttrsToStringsSep "\n" mkSection attrsOfAttrs; + + configFile = pkgs.writeText "manticore.conf" ( + toSphinx { + mkKeyValue = k: v: " ${k} = ${v}"; + } cfg.settings + ); + +in { + + options = { + services.manticore = { + + enable = mkEnableOption "Manticoresearch"; + + settings = mkOption { + default = { + searchd = { + listen = [ + "127.0.0.1:9312" + "127.0.0.1:9306:mysql" + "127.0.0.1:9308:http" + ]; + log = "/var/log/manticore/searchd.log"; + query_log = "/var/log/manticore/query.log"; + pid_file = "/run/manticore/searchd.pid"; + data_dir = "/var/lib/manticore"; + }; + }; + description = '' + Configuration for Manticoresearch. See + <https://manual.manticoresearch.com/Server%20settings> + for more information. + ''; + type = types.submodule { + freeformType = format.type; + }; + example = literalExpression '' + { + searchd = { + listen = [ + "127.0.0.1:9312" + "127.0.0.1:9306:mysql" + "127.0.0.1:9308:http" + ]; + log = "/var/log/manticore/searchd.log"; + query_log = "/var/log/manticore/query.log"; + pid_file = "/run/manticore/searchd.pid"; + data_dir = "/var/lib/manticore"; + }; + } + ''; + }; + + }; + }; + + config = mkIf cfg.enable { + + systemd = { + packages = [ pkgs.manticoresearch ]; + services.manticore = { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + serviceConfig = { + ExecStart = [ + "" + "${pkgs.manticoresearch}/bin/searchd --config ${configFile}" + ]; + ExecStop = [ + "" + "${pkgs.manticoresearch}/bin/searchd --config ${configFile} --stopwait" + ]; + ExecStartPre = [ "" ]; + DynamicUser = true; + LogsDirectory = "manticore"; + RuntimeDirectory = "manticore"; + StateDirectory = "manticore"; + ReadWritePaths = ""; + CapabilityBoundingSet = ""; + RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ]; + RestrictNamespaces = true; + PrivateDevices = true; + PrivateUsers = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + SystemCallArchitectures = "native"; + SystemCallFilter = [ "@system-service" "~@privileged" ]; + RestrictRealtime = true; + LockPersonality = true; + MemoryDenyWriteExecute = true; + UMask = "0066"; + ProtectHostname = true; + } // lib.optionalAttrs (cfg.settings.searchd.pid_file != null) { + PIDFile = cfg.settings.searchd.pid_file; + }; + }; + }; + + }; + + meta.maintainers = with lib.maintainers; [ onny ]; + +} diff --git a/nixpkgs/nixos/modules/services/search/meilisearch.nix b/nixpkgs/nixos/modules/services/search/meilisearch.nix index 4183847d1be3..39197c5e69e1 100644 --- a/nixpkgs/nixos/modules/services/search/meilisearch.nix +++ b/nixpkgs/nixos/modules/services/search/meilisearch.nix @@ -14,7 +14,7 @@ in ###### interface options.services.meilisearch = { - enable = mkEnableOption (lib.mdDoc "MeiliSearch - a RESTful search API"); + enable = mkEnableOption "MeiliSearch - a RESTful search API"; package = mkPackageOption pkgs "meilisearch" { extraDescription = '' @@ -23,26 +23,26 @@ in }; listenAddress = mkOption { - description = lib.mdDoc "MeiliSearch listen address."; + description = "MeiliSearch listen address."; default = "127.0.0.1"; type = types.str; }; listenPort = mkOption { - description = lib.mdDoc "MeiliSearch port to listen on."; + description = "MeiliSearch port to listen on."; default = 7700; type = types.port; }; environment = mkOption { - description = lib.mdDoc "Defines the running environment of MeiliSearch."; + description = "Defines the running environment of MeiliSearch."; default = "development"; type = types.enum [ "development" "production" ]; }; # TODO change this to LoadCredentials once possible masterKeyEnvironmentFile = mkOption { - description = lib.mdDoc '' + description = '' Path to file which contains the master key. By doing so, all routes will be protected and will require a key to be accessed. If no master key is provided, all routes can be accessed without requiring any key. @@ -54,7 +54,7 @@ in }; noAnalytics = mkOption { - description = lib.mdDoc '' + description = '' Deactivates analytics. Analytics allow MeiliSearch to know how many users are using MeiliSearch, which versions and which platforms are used. @@ -65,7 +65,7 @@ in }; logLevel = mkOption { - description = lib.mdDoc '' + description = '' Defines how much detail should be present in MeiliSearch's logs. MeiliSearch currently supports four log levels, listed in order of increasing verbosity: - 'ERROR': only log unexpected events indicating MeiliSearch is not functioning as expected @@ -79,7 +79,7 @@ in }; maxIndexSize = mkOption { - description = lib.mdDoc '' + description = '' Sets the maximum size of the index. Value must be given in bytes or explicitly stating a base unit. For example, the default value can be written as 107374182400, '107.7Gb', or '107374 Mb'. @@ -90,7 +90,7 @@ in }; payloadSizeLimit = mkOption { - description = lib.mdDoc '' + description = '' Sets the maximum size of accepted JSON payloads. Value must be given in bytes or explicitly stating a base unit. For example, the default value can be written as 107374182400, '107.7Gb', or '107374 Mb'. diff --git a/nixpkgs/nixos/modules/services/search/opensearch.nix b/nixpkgs/nixos/modules/services/search/opensearch.nix index 3c054b6d7caa..f98ca90068df 100644 --- a/nixpkgs/nixos/modules/services/search/opensearch.nix +++ b/nixpkgs/nixos/modules/services/search/opensearch.nix @@ -23,7 +23,7 @@ in { options.services.opensearch = { - enable = mkEnableOption (lib.mdDoc "OpenSearch"); + enable = mkEnableOption "OpenSearch"; package = lib.mkPackageOption pkgs "OpenSearch" { default = [ "opensearch" ]; @@ -36,7 +36,7 @@ in options."network.host" = lib.mkOption { type = lib.types.str; default = "127.0.0.1"; - description = lib.mdDoc '' + description = '' Which port this service should listen on. ''; }; @@ -44,7 +44,7 @@ in options."cluster.name" = lib.mkOption { type = lib.types.str; default = "opensearch"; - description = lib.mdDoc '' + description = '' The name of the cluster. ''; }; @@ -52,7 +52,7 @@ in options."discovery.type" = lib.mkOption { type = lib.types.str; default = "single-node"; - description = lib.mdDoc '' + description = '' The type of discovery to use. ''; }; @@ -60,7 +60,7 @@ in options."http.port" = lib.mkOption { type = lib.types.port; default = 9200; - description = lib.mdDoc '' + description = '' The port to listen on for HTTP traffic. ''; }; @@ -68,7 +68,7 @@ in options."transport.port" = lib.mkOption { type = lib.types.port; default = 9300; - description = lib.mdDoc '' + description = '' The port to listen on for transport traffic. ''; }; @@ -76,7 +76,7 @@ in options."plugins.security.disabled" = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable the security plugin, `plugins.security.ssl.transport.keystore_filepath` or `plugins.security.ssl.transport.server.pemcert_filepath` and @@ -88,13 +88,13 @@ in default = {}; - description = lib.mdDoc '' + description = '' OpenSearch configuration. ''; }; logging = lib.mkOption { - description = lib.mdDoc "opensearch logging configuration."; + description = "opensearch logging configuration."; default = '' logger.action.name = org.opensearch.action @@ -115,7 +115,7 @@ in type = lib.types.path; default = "/var/lib/opensearch"; apply = converge (removeSuffix "/"); - description = lib.mdDoc '' + description = '' Data directory for OpenSearch. If you change this, you need to manually create the directory. You also need to create the `opensearch` user and group, or change @@ -128,7 +128,7 @@ in user = lib.mkOption { type = lib.types.str; default = "opensearch"; - description = lib.mdDoc '' + description = '' The user OpenSearch runs as. Should be left at default unless you have very specific needs. ''; @@ -137,20 +137,20 @@ in group = lib.mkOption { type = lib.types.str; default = "opensearch"; - description = lib.mdDoc '' + description = '' The group OpenSearch runs as. Should be left at default unless you have very specific needs. ''; }; extraCmdLineOptions = lib.mkOption { - description = lib.mdDoc "Extra command line options for the OpenSearch launcher."; + description = "Extra command line options for the OpenSearch launcher."; default = [ ]; type = lib.types.listOf lib.types.str; }; extraJavaOptions = lib.mkOption { - description = lib.mdDoc "Extra command line options for Java."; + description = "Extra command line options for Java."; default = [ ]; type = lib.types.listOf lib.types.str; example = [ "-Djava.net.preferIPv4Stack=true" ]; @@ -158,7 +158,7 @@ in restartIfChanged = lib.mkOption { type = lib.types.bool; - description = lib.mdDoc '' + description = '' Automatically restart the service on config change. This can be set to false to defer restarts on a server or cluster. Please consider the security implications of inadvertently running an older version, diff --git a/nixpkgs/nixos/modules/services/search/qdrant.nix b/nixpkgs/nixos/modules/services/search/qdrant.nix index e1f7365d951a..f28178a5f175 100644 --- a/nixpkgs/nixos/modules/services/search/qdrant.nix +++ b/nixpkgs/nixos/modules/services/search/qdrant.nix @@ -11,10 +11,10 @@ in { options = { services.qdrant = { - enable = mkEnableOption (lib.mdDoc "Vector Search Engine for the next generation of AI applications"); + enable = mkEnableOption "Vector Search Engine for the next generation of AI applications"; settings = mkOption { - description = lib.mdDoc '' + description = '' Configuration for Qdrant Refer to <https://github.com/qdrant/qdrant/blob/master/config/config.yaml> for details on supported values. ''; diff --git a/nixpkgs/nixos/modules/services/search/sonic-server.nix b/nixpkgs/nixos/modules/services/search/sonic-server.nix index 59d96ae6b05a..7a8fa225fa4a 100644 --- a/nixpkgs/nixos/modules/services/search/sonic-server.nix +++ b/nixpkgs/nixos/modules/services/search/sonic-server.nix @@ -11,7 +11,7 @@ in { options = { services.sonic-server = { - enable = lib.mkEnableOption (lib.mdDoc "Sonic Search Index"); + enable = lib.mkEnableOption "Sonic Search Index"; package = lib.mkPackageOption pkgs "sonic-server" { }; @@ -25,7 +25,7 @@ in { server.log_level = "debug"; channel.inet = "[::1]:1491"; }; - description = lib.mdDoc '' + description = '' Sonic Server configuration options. Refer to diff --git a/nixpkgs/nixos/modules/services/search/typesense.nix b/nixpkgs/nixos/modules/services/search/typesense.nix index c158d04fea23..a44d932593e5 100644 --- a/nixpkgs/nixos/modules/services/search/typesense.nix +++ b/nixpkgs/nixos/modules/services/search/typesense.nix @@ -3,7 +3,6 @@ (lib) concatMapStringsSep generators - mdDoc mkEnableOption mkIf mkOption @@ -39,7 +38,7 @@ in { }; settings = mkOption { - description = mdDoc "Typesense configuration. Refer to [the documentation](https://typesense.org/docs/0.24.1/api/server-configuration.html) for supported values."; + description = "Typesense configuration. Refer to [the documentation](https://typesense.org/docs/0.24.1/api/server-configuration.html) for supported values."; default = {}; type = types.submodule { freeformType = settingsFormatIni.type; @@ -47,18 +46,18 @@ in { data-dir = mkOption { type = types.str; default = "/var/lib/typesense"; - description = mdDoc "Path to the directory where data will be stored on disk."; + description = "Path to the directory where data will be stored on disk."; }; api-address = mkOption { type = types.str; - description = mdDoc "Address to which Typesense API service binds."; + description = "Address to which Typesense API service binds."; }; api-port = mkOption { type = types.port; default = 8108; - description = mdDoc "Port on which the Typesense API service listens."; + description = "Port on which the Typesense API service listens."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/security/aesmd.nix b/nixpkgs/nixos/modules/services/security/aesmd.nix index 8b3f010d7c4d..864d408c0220 100644 --- a/nixpkgs/nixos/modules/services/security/aesmd.nix +++ b/nixpkgs/nixos/modules/services/security/aesmd.nix @@ -19,16 +19,16 @@ let in { options.services.aesmd = { - enable = mkEnableOption (lib.mdDoc "Intel's Architectural Enclave Service Manager (AESM) for Intel SGX"); + enable = mkEnableOption "Intel's Architectural Enclave Service Manager (AESM) for Intel SGX"; debug = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to build the PSW package in debug mode."; + description = "Whether to build the PSW package in debug mode."; }; environment = mkOption { type = with types; attrsOf str; default = { }; - description = mdDoc "Additional environment variables to pass to the AESM service."; + description = "Additional environment variables to pass to the AESM service."; # Example environment variable for `sgx-azure-dcap-client` provider library example = { AZDCAP_COLLATERAL_VERSION = "v2"; @@ -39,23 +39,23 @@ in type = with types; nullOr path; default = null; example = literalExpression "pkgs.sgx-azure-dcap-client"; - description = lib.mdDoc "Custom quote provider library to use."; + description = "Custom quote provider library to use."; }; settings = mkOption { - description = lib.mdDoc "AESM configuration"; + description = "AESM configuration"; default = { }; type = types.submodule { options.whitelistUrl = mkOption { type = with types; nullOr str; default = null; example = "http://whitelist.trustedservices.intel.com/SGX/LCWL/Linux/sgx_white_list_cert.bin"; - description = lib.mdDoc "URL to retrieve authorized Intel SGX enclave signers."; + description = "URL to retrieve authorized Intel SGX enclave signers."; }; options.proxy = mkOption { type = with types; nullOr str; default = null; example = "http://proxy_url:1234"; - description = lib.mdDoc "HTTP network proxy."; + description = "HTTP network proxy."; }; options.proxyType = mkOption { type = with types; nullOr (enum [ "default" "direct" "manual" ]); @@ -64,7 +64,7 @@ in if (config.${opt.settings}.proxy != null) then "manual" else null ''; example = "default"; - description = lib.mdDoc '' + description = '' Type of proxy to use. The `default` uses the system's default proxy. If `direct` is given, uses no proxy. A value of `manual` uses the proxy from @@ -75,7 +75,7 @@ in type = with types; nullOr (enum [ "ecdsa_256" "epid_linkable" "epid_unlinkable" ]); default = null; example = "ecdsa_256"; - description = lib.mdDoc "Attestation quote type."; + description = "Attestation quote type."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/security/authelia.nix b/nixpkgs/nixos/modules/services/security/authelia.nix index 614b3b1e22b2..cf1c57e34c4e 100644 --- a/nixpkgs/nixos/modules/services/security/authelia.nix +++ b/nixpkgs/nixos/modules/services/security/authelia.nix @@ -12,12 +12,12 @@ let autheliaOpts = with lib; { name, ... }: { options = { - enable = mkEnableOption (mdDoc "Authelia instance"); + enable = mkEnableOption "Authelia instance"; name = mkOption { type = types.str; default = name; - description = mdDoc '' + description = '' Name is used as a suffix for the service name, user, and group. By default it takes the value you use for `<instance>` in: {option}`services.authelia.<instance>` @@ -29,17 +29,17 @@ let user = mkOption { default = "authelia-${name}"; type = types.str; - description = mdDoc "The name of the user for this authelia instance."; + description = "The name of the user for this authelia instance."; }; group = mkOption { default = "authelia-${name}"; type = types.str; - description = mdDoc "The name of the group for this authelia instance."; + description = "The name of the group for this authelia instance."; }; secrets = mkOption { - description = mdDoc '' + description = '' It is recommended you keep your secrets separate from the configuration. It's especially important to keep the raw secrets out of your nix configuration, as the values will be preserved in your nix store. @@ -53,7 +53,7 @@ let manual = mkOption { default = false; example = true; - description = mdDoc '' + description = '' Configuring authelia's secret files via the secrets attribute set is intended to be convenient and help catch cases where values are required to run at all. @@ -66,7 +66,7 @@ let jwtSecretFile = mkOption { type = types.nullOr types.path; default = null; - description = mdDoc '' + description = '' Path to your JWT secret used during identity verificaton. ''; }; @@ -74,7 +74,7 @@ let oidcIssuerPrivateKeyFile = mkOption { type = types.nullOr types.path; default = null; - description = mdDoc '' + description = '' Path to your private key file used to encrypt OIDC JWTs. ''; }; @@ -82,7 +82,7 @@ let oidcHmacSecretFile = mkOption { type = types.nullOr types.path; default = null; - description = mdDoc '' + description = '' Path to your HMAC secret used to sign OIDC JWTs. ''; }; @@ -90,7 +90,7 @@ let sessionSecretFile = mkOption { type = types.nullOr types.path; default = null; - description = mdDoc '' + description = '' Path to your session secret. Only used when redis is used as session storage. ''; }; @@ -99,7 +99,7 @@ let storageEncryptionKeyFile = mkOption { type = types.nullOr types.path; default = null; - description = mdDoc '' + description = '' Path to your storage encryption key. ''; }; @@ -109,7 +109,7 @@ let environmentVariables = mkOption { type = types.attrsOf types.str; - description = mdDoc '' + description = '' Additional environment variables to provide to authelia. If you are providing secrets please consider the options under {option}`services.authelia.<instance>.secrets` or make sure you use the `_FILE` suffix. @@ -120,7 +120,7 @@ let }; settings = mkOption { - description = mdDoc '' + description = '' Your Authelia config.yml as a Nix attribute set. There are several values that are defined and documented in nix such as `default_2fa_method`, but additional items can also be included. @@ -143,14 +143,14 @@ let type = types.enum [ "light" "dark" "grey" "auto" ]; default = "light"; example = "dark"; - description = mdDoc "The theme to display."; + description = "The theme to display."; }; default_2fa_method = mkOption { type = types.enum [ "" "totp" "webauthn" "mobile_push" ]; default = ""; example = "webauthn"; - description = mdDoc '' + description = '' Default 2FA method for new users and fallback for preferred but disabled methods. ''; }; @@ -160,13 +160,13 @@ let type = types.str; default = "localhost"; example = "0.0.0.0"; - description = mdDoc "The address to listen on."; + description = "The address to listen on."; }; port = mkOption { type = types.port; default = 9091; - description = mdDoc "The port to listen on."; + description = "The port to listen on."; }; }; @@ -175,28 +175,28 @@ let type = types.enum [ "info" "debug" "trace" ]; default = "debug"; example = "info"; - description = mdDoc "Level of verbosity for logs: info, debug, trace."; + description = "Level of verbosity for logs: info, debug, trace."; }; format = mkOption { type = types.enum [ "json" "text" ]; default = "json"; example = "text"; - description = mdDoc "Format the logs are written as."; + description = "Format the logs are written as."; }; file_path = mkOption { type = types.nullOr types.path; default = null; example = "/var/log/authelia/authelia.log"; - description = mdDoc "File path where the logs will be written. If not set logs are written to stdout."; + description = "File path where the logs will be written. If not set logs are written to stdout."; }; keep_stdout = mkOption { type = types.bool; default = false; example = true; - description = mdDoc "Whether to also log to stdout when a `file_path` is defined."; + description = "Whether to also log to stdout when a `file_path` is defined."; }; }; @@ -206,14 +206,14 @@ let type = types.bool; default = false; example = true; - description = mdDoc "Enable Metrics."; + description = "Enable Metrics."; }; address = mkOption { type = types.str; default = "tcp://127.0.0.1:9959"; example = "tcp://0.0.0.0:8888"; - description = mdDoc "The address to listen on for metrics. This should be on a different port to the main `server.port` value."; + description = "The address to listen on for metrics. This should be on a different port to the main `server.port` value."; }; }; }; @@ -225,7 +225,7 @@ let type = types.listOf types.path; default = [ ]; example = [ "/etc/authelia/config.yml" "/etc/authelia/access-control.yml" "/etc/authelia/config/" ]; - description = mdDoc '' + description = '' Here you can provide authelia with configuration files or directories. It is possible to give authelia multiple files and use the nix generated configuration file set via {option}`services.authelia.<instance>.settings`. @@ -238,7 +238,7 @@ in options.services.authelia.instances = with lib; mkOption { default = { }; type = types.attrsOf (types.submodule autheliaOpts); - description = mdDoc '' + description = '' Multi-domain protection currently requires multiple instances of Authelia. If you don't require multiple instances of Authelia you can define just the one. diff --git a/nixpkgs/nixos/modules/services/security/bitwarden-directory-connector-cli.nix b/nixpkgs/nixos/modules/services/security/bitwarden-directory-connector-cli.nix index a55758322a75..d21322caf4c3 100644 --- a/nixpkgs/nixos/modules/services/security/bitwarden-directory-connector-cli.nix +++ b/nixpkgs/nixos/modules/services/security/bitwarden-directory-connector-cli.nix @@ -14,24 +14,24 @@ in { domain = mkOption { type = types.str; - description = lib.mdDoc "The domain the Bitwarden/Vaultwarden is accessible on."; + description = "The domain the Bitwarden/Vaultwarden is accessible on."; example = "https://vaultwarden.example.com"; }; user = mkOption { type = types.str; - description = lib.mdDoc "User to run the program."; + description = "User to run the program."; default = "bwdc"; }; interval = mkOption { type = types.str; default = "*:0,15,30,45"; - description = lib.mdDoc "The interval when to run the connector. This uses systemd's OnCalendar syntax."; + description = "The interval when to run the connector. This uses systemd's OnCalendar syntax."; }; ldap = mkOption { - description = lib.mdDoc '' + description = '' Options to configure the LDAP connection. If you used the desktop application to test the configuration you can find the settings by searching for `ldap` in `~/.config/Bitwarden\ Directory\ Connector/data.json`. ''; @@ -56,47 +56,47 @@ in { ssl = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to use TLS."; + description = "Whether to use TLS."; }; startTls = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to use STARTTLS."; + description = "Whether to use STARTTLS."; }; hostname = mkOption { type = types.str; - description = lib.mdDoc "The host the LDAP is accessible on."; + description = "The host the LDAP is accessible on."; example = "ldap.example.com"; }; port = mkOption { type = types.port; default = 389; - description = lib.mdDoc "Port LDAP is accessible on."; + description = "Port LDAP is accessible on."; }; ad = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether the LDAP Server is an Active Directory."; + description = "Whether the LDAP Server is an Active Directory."; }; pagedSearch = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether the LDAP server paginates search results."; + description = "Whether the LDAP server paginates search results."; }; rootPath = mkOption { type = types.str; - description = lib.mdDoc "Root path for LDAP."; + description = "Root path for LDAP."; example = "dc=example,dc=com"; }; username = mkOption { type = types.str; - description = lib.mdDoc "The user to authenticate as."; + description = "The user to authenticate as."; example = "cn=admin,dc=example,dc=com"; }; }; @@ -104,7 +104,7 @@ in { }; sync = mkOption { - description = lib.mdDoc '' + description = '' Options to configure what gets synced. If you used the desktop application to test the configuration you can find the settings by searching for `sync` in `~/.config/Bitwarden\ Directory\ Connector/data.json`. ''; @@ -129,73 +129,72 @@ in { removeDisabled = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Remove users from bitwarden groups if no longer in the ldap group."; + description = "Remove users from bitwarden groups if no longer in the ldap group."; }; overwriteExisting = mkOption { type = types.bool; default = false; - description = - lib.mdDoc "Remove and re-add users/groups, See https://bitwarden.com/help/user-group-filters/#overwriting-syncs for more details."; + description = "Remove and re-add users/groups, See https://bitwarden.com/help/user-group-filters/#overwriting-syncs for more details."; }; largeImport = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable if you are syncing more than 2000 users/groups."; + description = "Enable if you are syncing more than 2000 users/groups."; }; memberAttribute = mkOption { type = types.str; - description = lib.mdDoc "Attribute that lists members in a LDAP group."; + description = "Attribute that lists members in a LDAP group."; example = "uniqueMember"; }; creationDateAttribute = mkOption { type = types.str; - description = lib.mdDoc "Attribute that lists a user's creation date."; + description = "Attribute that lists a user's creation date."; example = "whenCreated"; }; useEmailPrefixSuffix = mkOption { type = types.bool; default = false; - description = lib.mdDoc "If a user has no email address, combine a username prefix with a suffix value to form an email."; + description = "If a user has no email address, combine a username prefix with a suffix value to form an email."; }; emailPrefixAttribute = mkOption { type = types.str; - description = lib.mdDoc "The attribute that contains the users username."; + description = "The attribute that contains the users username."; example = "accountName"; }; emailSuffix = mkOption { type = types.str; - description = lib.mdDoc "Suffix for the email, normally @example.com."; + description = "Suffix for the email, normally @example.com."; example = "@example.com"; }; users = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Sync users."; + description = "Sync users."; }; userPath = mkOption { type = types.str; - description = lib.mdDoc "User directory, relative to root."; + description = "User directory, relative to root."; default = "ou=users"; }; userObjectClass = mkOption { type = types.str; - description = lib.mdDoc "Class that users must have."; + description = "Class that users must have."; default = "inetOrgPerson"; }; userEmailAttribute = mkOption { type = types.str; - description = lib.mdDoc "Attribute for a users email."; + description = "Attribute for a users email."; default = "mail"; }; userFilter = mkOption { type = types.str; - description = lib.mdDoc "LDAP filter for users."; + description = "LDAP filter for users."; example = "(memberOf=cn=sales,ou=groups,dc=example,dc=com)"; default = ""; }; @@ -203,26 +202,26 @@ in { groups = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to sync ldap groups into BitWarden."; + description = "Whether to sync ldap groups into BitWarden."; }; groupPath = mkOption { type = types.str; - description = lib.mdDoc "Group directory, relative to root."; + description = "Group directory, relative to root."; default = "ou=groups"; }; groupObjectClass = mkOption { type = types.str; - description = lib.mdDoc "A class that groups will have."; + description = "A class that groups will have."; default = "groupOfNames"; }; groupNameAttribute = mkOption { type = types.str; - description = lib.mdDoc "Attribute for a name of group."; + description = "Attribute for a name of group."; default = "cn"; }; groupFilter = mkOption { type = types.str; - description = lib.mdDoc "LDAP filter for groups."; + description = "LDAP filter for groups."; example = "(cn=sales)"; default = ""; }; diff --git a/nixpkgs/nixos/modules/services/security/certmgr.nix b/nixpkgs/nixos/modules/services/security/certmgr.nix index 02cb7afe87ba..c6d6e83576c5 100644 --- a/nixpkgs/nixos/modules/services/security/certmgr.nix +++ b/nixpkgs/nixos/modules/services/security/certmgr.nix @@ -35,38 +35,38 @@ let in { options.services.certmgr = { - enable = mkEnableOption (lib.mdDoc "certmgr"); + enable = mkEnableOption "certmgr"; package = mkPackageOption pkgs "certmgr" { }; defaultRemote = mkOption { type = types.str; default = "127.0.0.1:8888"; - description = lib.mdDoc "The default CA host:port to use."; + description = "The default CA host:port to use."; }; validMin = mkOption { default = "72h"; type = types.str; - description = lib.mdDoc "The interval before a certificate expires to start attempting to renew it."; + description = "The interval before a certificate expires to start attempting to renew it."; }; renewInterval = mkOption { default = "30m"; type = types.str; - description = lib.mdDoc "How often to check certificate expirations and how often to update the cert_next_expires metric."; + description = "How often to check certificate expirations and how often to update the cert_next_expires metric."; }; metricsAddress = mkOption { default = "127.0.0.1"; type = types.str; - description = lib.mdDoc "The address for the Prometheus HTTP endpoint."; + description = "The address for the Prometheus HTTP endpoint."; }; metricsPort = mkOption { default = 9488; type = types.ints.u16; - description = lib.mdDoc "The port for the Prometheus HTTP endpoint."; + description = "The port for the Prometheus HTTP endpoint."; }; specs = mkOption { @@ -113,38 +113,38 @@ in service = mkOption { type = nullOr str; default = null; - description = lib.mdDoc "The service on which to perform \<action\> after fetching."; + description = "The service on which to perform \<action\> after fetching."; }; action = mkOption { type = addCheck str (x: cfg.svcManager == "command" || elem x ["restart" "reload" "nop"]); default = "nop"; - description = lib.mdDoc "The action to take after fetching."; + description = "The action to take after fetching."; }; # These ought all to be specified according to certmgr spec def. authority = mkOption { type = attrs; - description = lib.mdDoc "certmgr spec authority object."; + description = "certmgr spec authority object."; }; certificate = mkOption { type = nullOr attrs; - description = lib.mdDoc "certmgr spec certificate object."; + description = "certmgr spec certificate object."; }; private_key = mkOption { type = nullOr attrs; - description = lib.mdDoc "certmgr spec private_key object."; + description = "certmgr spec private_key object."; }; request = mkOption { type = nullOr attrs; - description = lib.mdDoc "certmgr spec request object."; + description = "certmgr spec request object."; }; }; })); - description = lib.mdDoc '' + description = '' Certificate specs as described by: <https://github.com/cloudflare/certmgr#certificate-specs> These will be added to the Nix store, so they will be world readable. @@ -154,7 +154,7 @@ in svcManager = mkOption { default = "systemd"; type = types.enum [ "circus" "command" "dummy" "openrc" "systemd" "sysv" ]; - description = lib.mdDoc '' + description = '' This specifies the service manager to use for restarting or reloading services. See: <https://github.com/cloudflare/certmgr#certmgryaml>. For how to use the "command" service manager in particular, diff --git a/nixpkgs/nixos/modules/services/security/cfssl.nix b/nixpkgs/nixos/modules/services/security/cfssl.nix index 202db98e222c..a6012e78c5b6 100644 --- a/nixpkgs/nixos/modules/services/security/cfssl.nix +++ b/nixpkgs/nixos/modules/services/security/cfssl.nix @@ -6,12 +6,12 @@ let cfg = config.services.cfssl; in { options.services.cfssl = { - enable = mkEnableOption (lib.mdDoc "the CFSSL CA api-server"); + enable = mkEnableOption "the CFSSL CA api-server"; dataDir = mkOption { default = "/var/lib/cfssl"; type = types.path; - description = lib.mdDoc '' + description = '' The work directory for CFSSL. ::: {.note} @@ -26,49 +26,49 @@ in { address = mkOption { default = "127.0.0.1"; type = types.str; - description = lib.mdDoc "Address to bind."; + description = "Address to bind."; }; port = mkOption { default = 8888; type = types.port; - description = lib.mdDoc "Port to bind."; + description = "Port to bind."; }; ca = mkOption { defaultText = literalExpression ''"''${cfg.dataDir}/ca.pem"''; type = types.str; - description = lib.mdDoc "CA used to sign the new certificate -- accepts '[file:]fname' or 'env:varname'."; + description = "CA used to sign the new certificate -- accepts '[file:]fname' or 'env:varname'."; }; caKey = mkOption { defaultText = literalExpression ''"file:''${cfg.dataDir}/ca-key.pem"''; type = types.str; - description = lib.mdDoc "CA private key -- accepts '[file:]fname' or 'env:varname'."; + description = "CA private key -- accepts '[file:]fname' or 'env:varname'."; }; caBundle = mkOption { default = null; type = types.nullOr types.path; - description = lib.mdDoc "Path to root certificate store."; + description = "Path to root certificate store."; }; intBundle = mkOption { default = null; type = types.nullOr types.path; - description = lib.mdDoc "Path to intermediate certificate store."; + description = "Path to intermediate certificate store."; }; intDir = mkOption { default = null; type = types.nullOr types.path; - description = lib.mdDoc "Intermediates directory."; + description = "Intermediates directory."; }; metadata = mkOption { default = null; type = types.nullOr types.path; - description = lib.mdDoc '' + description = '' Metadata file for root certificate presence. The content of the file is a json dictionary (k,v): each key k is a SHA-1 digest of a root certificate while value v is a list of key @@ -79,79 +79,79 @@ in { remote = mkOption { default = null; type = types.nullOr types.str; - description = lib.mdDoc "Remote CFSSL server."; + description = "Remote CFSSL server."; }; configFile = mkOption { default = null; type = types.nullOr types.str; - description = lib.mdDoc "Path to configuration file. Do not put this in nix-store as it might contain secrets."; + description = "Path to configuration file. Do not put this in nix-store as it might contain secrets."; }; responder = mkOption { default = null; type = types.nullOr types.path; - description = lib.mdDoc "Certificate for OCSP responder."; + description = "Certificate for OCSP responder."; }; responderKey = mkOption { default = null; type = types.nullOr types.str; - description = lib.mdDoc "Private key for OCSP responder certificate. Do not put this in nix-store."; + description = "Private key for OCSP responder certificate. Do not put this in nix-store."; }; tlsKey = mkOption { default = null; type = types.nullOr types.str; - description = lib.mdDoc "Other endpoint's CA private key. Do not put this in nix-store."; + description = "Other endpoint's CA private key. Do not put this in nix-store."; }; tlsCert = mkOption { default = null; type = types.nullOr types.path; - description = lib.mdDoc "Other endpoint's CA to set up TLS protocol."; + description = "Other endpoint's CA to set up TLS protocol."; }; mutualTlsCa = mkOption { default = null; type = types.nullOr types.path; - description = lib.mdDoc "Mutual TLS - require clients be signed by this CA."; + description = "Mutual TLS - require clients be signed by this CA."; }; mutualTlsCn = mkOption { default = null; type = types.nullOr types.str; - description = lib.mdDoc "Mutual TLS - regex for whitelist of allowed client CNs."; + description = "Mutual TLS - regex for whitelist of allowed client CNs."; }; tlsRemoteCa = mkOption { default = null; type = types.nullOr types.path; - description = lib.mdDoc "CAs to trust for remote TLS requests."; + description = "CAs to trust for remote TLS requests."; }; mutualTlsClientCert = mkOption { default = null; type = types.nullOr types.path; - description = lib.mdDoc "Mutual TLS - client certificate to call remote instance requiring client certs."; + description = "Mutual TLS - client certificate to call remote instance requiring client certs."; }; mutualTlsClientKey = mkOption { default = null; type = types.nullOr types.path; - description = lib.mdDoc "Mutual TLS - client key to call remote instance requiring client certs. Do not put this in nix-store."; + description = "Mutual TLS - client key to call remote instance requiring client certs. Do not put this in nix-store."; }; dbConfig = mkOption { default = null; type = types.nullOr types.path; - description = lib.mdDoc "Certificate db configuration file. Path must be writeable."; + description = "Certificate db configuration file. Path must be writeable."; }; logLevel = mkOption { default = 1; type = types.enum [ 0 1 2 3 4 5 ]; - description = lib.mdDoc "Log level (0 = DEBUG, 5 = FATAL)."; + description = "Log level (0 = DEBUG, 5 = FATAL)."; }; }; diff --git a/nixpkgs/nixos/modules/services/security/clamav.nix b/nixpkgs/nixos/modules/services/security/clamav.nix index 4480c0cae60c..b3598606d8be 100644 --- a/nixpkgs/nixos/modules/services/security/clamav.nix +++ b/nixpkgs/nixos/modules/services/security/clamav.nix @@ -28,24 +28,24 @@ in options = { services.clamav = { daemon = { - enable = mkEnableOption (lib.mdDoc "ClamAV clamd daemon"); + enable = mkEnableOption "ClamAV clamd daemon"; settings = mkOption { type = with types; attrsOf (oneOf [ bool int str (listOf str) ]); default = { }; - description = lib.mdDoc '' + description = '' ClamAV configuration. Refer to <https://linux.die.net/man/5/clamd.conf>, for details on supported values. ''; }; }; updater = { - enable = mkEnableOption (lib.mdDoc "ClamAV freshclam updater"); + enable = mkEnableOption "ClamAV freshclam updater"; frequency = mkOption { type = types.int; default = 12; - description = lib.mdDoc '' + description = '' Number of database checks per day. ''; }; @@ -53,7 +53,7 @@ in interval = mkOption { type = types.str; default = "hourly"; - description = lib.mdDoc '' + description = '' How often freshclam is invoked. See systemd.time(7) for more information about the format. ''; @@ -62,19 +62,19 @@ in settings = mkOption { type = with types; attrsOf (oneOf [ bool int str (listOf str) ]); default = { }; - description = lib.mdDoc '' + description = '' freshclam configuration. Refer to <https://linux.die.net/man/5/freshclam.conf>, for details on supported values. ''; }; }; fangfrisch = { - enable = mkEnableOption (lib.mdDoc "ClamAV fangfrisch updater"); + enable = mkEnableOption "ClamAV fangfrisch updater"; interval = mkOption { type = types.str; default = "hourly"; - description = lib.mdDoc '' + description = '' How often freshclam is invoked. See systemd.time(7) for more information about the format. ''; @@ -91,7 +91,7 @@ in customer_id = "your customer_id"; }; }; - description = lib.mdDoc '' + description = '' fangfrisch configuration. Refer to <https://rseichter.github.io/fangfrisch/#_configuration>, for details on supported values. Note that by default urlhaus and sanesecurity are enabled. @@ -100,12 +100,12 @@ in }; scanner = { - enable = mkEnableOption (lib.mdDoc "ClamAV scanner"); + enable = mkEnableOption "ClamAV scanner"; interval = mkOption { type = types.str; default = "*-*-* 04:00:00"; - description = lib.mdDoc '' + description = '' How often clamdscan is invoked. See systemd.time(7) for more information about the format. By default this runs using 10 cores at most, be sure to run it at a time of low traffic. @@ -115,7 +115,7 @@ in scanDirectories = mkOption { type = with types; listOf str; default = [ "/home" "/var/lib" "/tmp" "/etc" "/var/tmp" ]; - description = lib.mdDoc '' + description = '' List of directories to scan. The default includes everything I could think of that is valid for nixos. Feel free to contribute a PR to add to the default if you see something missing. ''; diff --git a/nixpkgs/nixos/modules/services/security/endlessh-go.nix b/nixpkgs/nixos/modules/services/security/endlessh-go.nix index 6557ec953cd8..480bfc8cb9ef 100644 --- a/nixpkgs/nixos/modules/services/security/endlessh-go.nix +++ b/nixpkgs/nixos/modules/services/security/endlessh-go.nix @@ -7,13 +7,13 @@ let in { options.services.endlessh-go = { - enable = mkEnableOption (mdDoc "endlessh-go service"); + enable = mkEnableOption "endlessh-go service"; listenAddress = mkOption { type = types.str; default = "0.0.0.0"; example = "[::]"; - description = mdDoc '' + description = '' Interface address to bind the endlessh-go daemon to SSH connections. ''; }; @@ -22,7 +22,7 @@ in type = types.port; default = 2222; example = 22; - description = mdDoc '' + description = '' Specifies on which port the endlessh-go daemon listens for SSH connections. @@ -31,13 +31,13 @@ in }; prometheus = { - enable = mkEnableOption (mdDoc "Prometheus integration"); + enable = mkEnableOption "Prometheus integration"; listenAddress = mkOption { type = types.str; default = "0.0.0.0"; example = "[::]"; - description = mdDoc '' + description = '' Interface address to bind the endlessh-go daemon to answer Prometheus queries. ''; @@ -47,7 +47,7 @@ in type = types.port; default = 2112; example = 9119; - description = mdDoc '' + description = '' Specifies on which port the endlessh-go daemon listens for Prometheus queries. ''; @@ -58,7 +58,7 @@ in type = with types; listOf str; default = [ ]; example = [ "-conn_type=tcp4" "-max_clients=8192" ]; - description = mdDoc '' + description = '' Additional command line options to pass to the endlessh-go daemon. ''; }; @@ -66,7 +66,7 @@ in openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to open a firewall port for the SSH listener. ''; }; diff --git a/nixpkgs/nixos/modules/services/security/endlessh.nix b/nixpkgs/nixos/modules/services/security/endlessh.nix index e99b4dadcd58..cb7480dbeaba 100644 --- a/nixpkgs/nixos/modules/services/security/endlessh.nix +++ b/nixpkgs/nixos/modules/services/security/endlessh.nix @@ -7,13 +7,13 @@ let in { options.services.endlessh = { - enable = mkEnableOption (mdDoc "endlessh service"); + enable = mkEnableOption "endlessh service"; port = mkOption { type = types.port; default = 2222; example = 22; - description = mdDoc '' + description = '' Specifies on which port the endlessh daemon listens for SSH connections. @@ -25,7 +25,7 @@ in type = with types; listOf str; default = [ ]; example = [ "-6" "-d 9000" "-v" ]; - description = mdDoc '' + description = '' Additional command line options to pass to the endlessh daemon. ''; }; @@ -33,7 +33,7 @@ in openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to open a firewall port for the SSH listener. ''; }; diff --git a/nixpkgs/nixos/modules/services/security/esdm.nix b/nixpkgs/nixos/modules/services/security/esdm.nix index c34fba1b3c75..835c3b6a090e 100644 --- a/nixpkgs/nixos/modules/services/security/esdm.nix +++ b/nixpkgs/nixos/modules/services/security/esdm.nix @@ -24,12 +24,12 @@ in ]; options.services.esdm = { - enable = lib.mkEnableOption (lib.mdDoc "ESDM service configuration"); + enable = lib.mkEnableOption "ESDM service configuration"; package = lib.mkPackageOption pkgs "esdm" { }; enableLinuxCompatServices = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc '' + description = '' Enable /dev/random, /dev/urandom and /proc/sys/kernel/random/* userspace wrapper. ''; }; diff --git a/nixpkgs/nixos/modules/services/security/fail2ban.nix b/nixpkgs/nixos/modules/services/security/fail2ban.nix index 59b9ea70209d..c4031b64ba6a 100644 --- a/nixpkgs/nixos/modules/services/security/fail2ban.nix +++ b/nixpkgs/nixos/modules/services/security/fail2ban.nix @@ -69,7 +69,7 @@ in enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to enable the fail2ban service. See the documentation of {option}`services.fail2ban.jails` @@ -85,14 +85,14 @@ in default = config.networking.firewall.package; defaultText = literalExpression "config.networking.firewall.package"; type = types.package; - description = lib.mdDoc "The firewall package used by fail2ban service. Defaults to the package for your firewall (iptables or nftables)."; + description = "The firewall package used by fail2ban service. Defaults to the package for your firewall (iptables or nftables)."; }; extraPackages = mkOption { default = [ ]; type = types.listOf types.package; example = lib.literalExpression "[ pkgs.ipset ]"; - description = lib.mdDoc '' + description = '' Extra packages to be made available to the fail2ban service. The example contains the packages needed by the `iptables-ipset-proto6` action. ''; @@ -102,20 +102,20 @@ in default = "10m"; type = types.str; example = "1h"; - description = lib.mdDoc "Number of seconds that a host is banned."; + description = "Number of seconds that a host is banned."; }; maxretry = mkOption { default = 3; type = types.ints.unsigned; - description = lib.mdDoc "Number of failures before a host gets banned."; + description = "Number of failures before a host gets banned."; }; banaction = mkOption { default = if config.networking.nftables.enable then "nftables-multiport" else "iptables-multiport"; defaultText = literalExpression ''if config.networking.nftables.enable then "nftables-multiport" else "iptables-multiport"''; type = types.str; - description = lib.mdDoc '' + description = '' Default banning action (e.g. iptables, iptables-new, iptables-multiport, iptables-ipset-proto6-allports, shorewall, etc). It is used to define action_* variables. Can be overridden globally or per @@ -127,7 +127,7 @@ in default = if config.networking.nftables.enable then "nftables-allports" else "iptables-allports"; defaultText = literalExpression ''if config.networking.nftables.enable then "nftables-allports" else "iptables-allports"''; type = types.str; - description = lib.mdDoc '' + description = '' Default banning action (e.g. iptables, iptables-new, iptables-multiport, shorewall, etc) for "allports" jails. It is used to define action_* variables. Can be overridden globally or per section within jail.local file @@ -137,7 +137,7 @@ in bantime-increment.enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' "bantime.increment" allows to use database for searching of previously banned ip's to increase a default ban time using special formula, default it is banTime * 1, 2, 4, 8, 16, 32 ... ''; @@ -147,7 +147,7 @@ in default = null; type = types.nullOr types.str; example = "8m"; - description = lib.mdDoc '' + description = '' "bantime.rndtime" is the max number of seconds using for mixing with random time to prevent "clever" botnets calculate exact time IP can be unbanned again ''; @@ -157,7 +157,7 @@ in default = null; type = types.nullOr types.str; example = "48h"; - description = lib.mdDoc '' + description = '' "bantime.maxtime" is the max number of seconds using the ban time can reach (don't grows further) ''; }; @@ -166,7 +166,7 @@ in default = null; type = types.nullOr types.str; example = "4"; - description = lib.mdDoc '' + description = '' "bantime.factor" is a coefficient to calculate exponent growing of the formula or common multiplier, default value of factor is 1 and with default value of formula, the ban time grows by 1, 2, 4, 8, 16 ... ''; @@ -176,7 +176,7 @@ in default = null; type = types.nullOr types.str; example = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)"; - description = lib.mdDoc '' + description = '' "bantime.formula" used by default to calculate next value of ban time, default value bellow, the same ban time growing will be reached by multipliers 1, 2, 4, 8, 16, 32 ... ''; @@ -186,7 +186,7 @@ in default = null; type = types.nullOr types.str; example = "1 2 4 8 16 32 64"; - description = lib.mdDoc '' + description = '' "bantime.multipliers" used to calculate next value of ban time instead of formula, corresponding previously ban count and given "bantime.factor" (for multipliers default is 1); following example grows ban time by 1, 2, 4, 8, 16 ... and if last ban count greater as multipliers count, @@ -198,7 +198,7 @@ in default = null; type = types.nullOr types.bool; example = true; - description = lib.mdDoc '' + description = '' "bantime.overalljails" (if true) specifies the search of IP in the database will be executed cross over all jails, if false (default), only current jail of the ban IP will be searched. ''; @@ -208,7 +208,7 @@ in default = [ ]; type = types.listOf types.str; example = [ "192.168.0.0/16" "2001:DB8::42" ]; - description = lib.mdDoc '' + description = '' "ignoreIP" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban will not ban a host which matches an address in this list. Several addresses can be defined using space (and/or comma) separator. ''; @@ -227,7 +227,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' The contents of Fail2ban's main configuration file. It's generally not necessary to change it. ''; @@ -272,18 +272,18 @@ in type = nullOr (either str configFormat.type); default = null; - description = lib.mdDoc "Content of the filter used for this jail."; + description = "Content of the filter used for this jail."; }; settings = mkOption { inherit (settingsFormat) type; default = { }; - description = lib.mdDoc "Additional settings for this jail."; + description = "Additional settings for this jail."; }; }; }))); - description = lib.mdDoc '' + description = '' The configuration of each Fail2ban “jail”. A jail consists of an action (such as blocking a port using {command}`iptables`) that is triggered when a diff --git a/nixpkgs/nixos/modules/services/security/fprintd.nix b/nixpkgs/nixos/modules/services/security/fprintd.nix index 28f9b5908b53..87c3f1f6f9e4 100644 --- a/nixpkgs/nixos/modules/services/security/fprintd.nix +++ b/nixpkgs/nixos/modules/services/security/fprintd.nix @@ -18,25 +18,25 @@ in services.fprintd = { - enable = mkEnableOption (lib.mdDoc "fprintd daemon and PAM module for fingerprint readers handling"); + enable = mkEnableOption "fprintd daemon and PAM module for fingerprint readers handling"; package = mkOption { type = types.package; default = fprintdPkg; defaultText = literalExpression "if config.services.fprintd.tod.enable then pkgs.fprintd-tod else pkgs.fprintd"; - description = lib.mdDoc '' + description = '' fprintd package to use. ''; }; tod = { - enable = mkEnableOption (lib.mdDoc "Touch OEM Drivers library support"); + enable = mkEnableOption "Touch OEM Drivers library support"; driver = mkOption { type = types.package; example = literalExpression "pkgs.libfprint-2-tod1-goodix"; - description = lib.mdDoc '' + description = '' Touch OEM Drivers (TOD) package to use. ''; }; diff --git a/nixpkgs/nixos/modules/services/security/haka.nix b/nixpkgs/nixos/modules/services/security/haka.nix index dda039857401..66666a57fd8e 100644 --- a/nixpkgs/nixos/modules/services/security/haka.nix +++ b/nixpkgs/nixos/modules/services/security/haka.nix @@ -55,7 +55,7 @@ in services.haka = { - enable = mkEnableOption (lib.mdDoc "Haka"); + enable = mkEnableOption "Haka"; package = mkPackageOption pkgs "haka" { }; @@ -63,7 +63,7 @@ in default = "empty.lua"; example = "/srv/haka/myfilter.lua"; type = types.str; - description = lib.mdDoc '' + description = '' Specify which configuration file Haka uses. It can be absolute path or a path relative to the sample directory of the haka git repo. @@ -74,7 +74,7 @@ in default = [ "eth0" ]; example = [ "any" ]; type = with types; listOf str; - description = lib.mdDoc '' + description = '' Specify which interface(s) Haka listens to. Use 'any' to listen to all interfaces. ''; @@ -84,7 +84,7 @@ in default = 0; example = 4; type = types.int; - description = lib.mdDoc '' + description = '' The number of threads that will be used. All system threads are used by default. ''; @@ -93,24 +93,24 @@ in pcap = mkOption { default = true; type = types.bool; - description = lib.mdDoc "Whether to enable pcap"; + description = "Whether to enable pcap"; }; - nfqueue = mkEnableOption (lib.mdDoc "nfqueue"); + nfqueue = mkEnableOption "nfqueue"; - dump.enable = mkEnableOption (lib.mdDoc "dump"); + dump.enable = mkEnableOption "dump"; dump.input = mkOption { default = "/tmp/input.pcap"; example = "/path/to/file.pcap"; type = types.path; - description = lib.mdDoc "Path to file where incoming packets are dumped"; + description = "Path to file where incoming packets are dumped"; }; dump.output = mkOption { default = "/tmp/output.pcap"; example = "/path/to/file.pcap"; type = types.path; - description = lib.mdDoc "Path to file where outgoing packets are dumped"; + description = "Path to file where outgoing packets are dumped"; }; }; }; diff --git a/nixpkgs/nixos/modules/services/security/haveged.nix b/nixpkgs/nixos/modules/services/security/haveged.nix index db12a28a7d0b..57cef7e44d50 100644 --- a/nixpkgs/nixos/modules/services/security/haveged.nix +++ b/nixpkgs/nixos/modules/services/security/haveged.nix @@ -15,16 +15,16 @@ in services.haveged = { - enable = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption '' haveged entropy daemon, which refills /dev/random when low. NOTE: does nothing on kernels newer than 5.6. - ''); + ''; # source for the note https://github.com/jirka-h/haveged/issues/57 refill_threshold = mkOption { type = types.int; default = 1024; - description = lib.mdDoc '' + description = '' The number of bits of available entropy beneath which haveged should refill the entropy pool. ''; diff --git a/nixpkgs/nixos/modules/services/security/hockeypuck.nix b/nixpkgs/nixos/modules/services/security/hockeypuck.nix index 56c13d791920..2e7d6ef5b0e3 100644 --- a/nixpkgs/nixos/modules/services/security/hockeypuck.nix +++ b/nixpkgs/nixos/modules/services/security/hockeypuck.nix @@ -7,12 +7,12 @@ in { meta.maintainers = with lib.maintainers; [ etu ]; options.services.hockeypuck = { - enable = lib.mkEnableOption (lib.mdDoc "Hockeypuck OpenPGP Key Server"); + enable = lib.mkEnableOption "Hockeypuck OpenPGP Key Server"; port = lib.mkOption { default = 11371; type = lib.types.port; - description = lib.mdDoc "HKP port to listen on."; + description = "HKP port to listen on."; }; settings = lib.mkOption { @@ -37,7 +37,7 @@ in { }; } ''; - description = lib.mdDoc '' + description = '' Configuration file for hockeypuck, here you can override certain settings (`loglevel` and `openpgp.db.dsn`) by just setting those values. diff --git a/nixpkgs/nixos/modules/services/security/hologram-agent.nix b/nixpkgs/nixos/modules/services/security/hologram-agent.nix index 666d95b9b94a..e29267e50003 100644 --- a/nixpkgs/nixos/modules/services/security/hologram-agent.nix +++ b/nixpkgs/nixos/modules/services/security/hologram-agent.nix @@ -14,19 +14,19 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the Hologram agent for AWS instance credentials"; + description = "Whether to enable the Hologram agent for AWS instance credentials"; }; dialAddress = mkOption { type = types.str; default = "localhost:3100"; - description = lib.mdDoc "Hologram server and port."; + description = "Hologram server and port."; }; httpPort = mkOption { type = types.str; default = "80"; - description = lib.mdDoc "Port for metadata service to listen on."; + description = "Port for metadata service to listen on."; }; }; diff --git a/nixpkgs/nixos/modules/services/security/hologram-server.nix b/nixpkgs/nixos/modules/services/security/hologram-server.nix index e995bc79b112..4acf6ae0e218 100644 --- a/nixpkgs/nixos/modules/services/security/hologram-server.nix +++ b/nixpkgs/nixos/modules/services/security/hologram-server.nix @@ -33,85 +33,85 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the Hologram server for AWS instance credentials"; + description = "Whether to enable the Hologram server for AWS instance credentials"; }; listenAddress = mkOption { type = types.str; default = "0.0.0.0:3100"; - description = lib.mdDoc "Address and port to listen on"; + description = "Address and port to listen on"; }; ldapHost = mkOption { type = types.str; - description = lib.mdDoc "Address of the LDAP server to use"; + description = "Address of the LDAP server to use"; }; ldapInsecure = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to connect to LDAP over SSL or not"; + description = "Whether to connect to LDAP over SSL or not"; }; ldapUserAttr = mkOption { type = types.str; default = "cn"; - description = lib.mdDoc "The LDAP attribute for usernames"; + description = "The LDAP attribute for usernames"; }; ldapBaseDN = mkOption { type = types.str; - description = lib.mdDoc "The base DN for your Hologram users"; + description = "The base DN for your Hologram users"; }; ldapBindDN = mkOption { type = types.str; - description = lib.mdDoc "DN of account to use to query the LDAP server"; + description = "DN of account to use to query the LDAP server"; }; ldapBindPassword = mkOption { type = types.str; - description = lib.mdDoc "Password of account to use to query the LDAP server"; + description = "Password of account to use to query the LDAP server"; }; enableLdapRoles = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to assign user roles based on the user's LDAP group memberships"; + description = "Whether to assign user roles based on the user's LDAP group memberships"; }; groupClassAttr = mkOption { type = types.str; default = "groupOfNames"; - description = lib.mdDoc "The objectclass attribute to search for groups when enableLdapRoles is true"; + description = "The objectclass attribute to search for groups when enableLdapRoles is true"; }; roleAttr = mkOption { type = types.str; default = "businessCategory"; - description = lib.mdDoc "Which LDAP group attribute to search for authorized role ARNs"; + description = "Which LDAP group attribute to search for authorized role ARNs"; }; awsAccount = mkOption { type = types.str; - description = lib.mdDoc "AWS account number"; + description = "AWS account number"; }; awsDefaultRole = mkOption { type = types.str; - description = lib.mdDoc "AWS default role"; + description = "AWS default role"; }; statsAddress = mkOption { type = types.str; default = ""; - description = lib.mdDoc "Address of statsd server"; + description = "Address of statsd server"; }; cacheTimeoutSeconds = mkOption { type = types.int; default = 3600; - description = lib.mdDoc "How often (in seconds) to refresh the LDAP cache"; + description = "How often (in seconds) to refresh the LDAP cache"; }; }; }; diff --git a/nixpkgs/nixos/modules/services/security/infnoise.nix b/nixpkgs/nixos/modules/services/security/infnoise.nix index 739a0a84d90b..4fb8adaf33f8 100644 --- a/nixpkgs/nixos/modules/services/security/infnoise.nix +++ b/nixpkgs/nixos/modules/services/security/infnoise.nix @@ -7,10 +7,10 @@ let in { options = { services.infnoise = { - enable = mkEnableOption (lib.mdDoc "the Infinite Noise TRNG driver"); + enable = mkEnableOption "the Infinite Noise TRNG driver"; fillDevRandom = mkOption { - description = lib.mdDoc '' + description = '' Whether to run the infnoise driver as a daemon to refill /dev/random. If disabled, you can use the `infnoise` command-line tool to diff --git a/nixpkgs/nixos/modules/services/security/intune.nix b/nixpkgs/nixos/modules/services/security/intune.nix index 93cecaca5f43..c0f1ca77031d 100644 --- a/nixpkgs/nixos/modules/services/security/intune.nix +++ b/nixpkgs/nixos/modules/services/security/intune.nix @@ -8,7 +8,7 @@ let in { options.services.intune = { - enable = lib.mkEnableOption (lib.mdDoc "Microsoft Intune"); + enable = lib.mkEnableOption "Microsoft Intune"; }; diff --git a/nixpkgs/nixos/modules/services/security/jitterentropy-rngd.nix b/nixpkgs/nixos/modules/services/security/jitterentropy-rngd.nix index 289d2f7a9839..104aeccebc9c 100644 --- a/nixpkgs/nixos/modules/services/security/jitterentropy-rngd.nix +++ b/nixpkgs/nixos/modules/services/security/jitterentropy-rngd.nix @@ -5,7 +5,7 @@ in { options.services.jitterentropy-rngd = { enable = - lib.mkEnableOption (lib.mdDoc "jitterentropy-rngd service configuration"); + lib.mkEnableOption "jitterentropy-rngd service configuration"; package = lib.mkPackageOption pkgs "jitterentropy-rngd" { }; }; diff --git a/nixpkgs/nixos/modules/services/security/kanidm.nix b/nixpkgs/nixos/modules/services/security/kanidm.nix index 9d074c3027d0..1ab9dac48d47 100644 --- a/nixpkgs/nixos/modules/services/security/kanidm.nix +++ b/nixpkgs/nixos/modules/services/security/kanidm.nix @@ -65,9 +65,9 @@ let in { options.services.kanidm = { - enableClient = lib.mkEnableOption (lib.mdDoc "the Kanidm client"); - enableServer = lib.mkEnableOption (lib.mdDoc "the Kanidm server"); - enablePam = lib.mkEnableOption (lib.mdDoc "the Kanidm PAM and NSS integration"); + enableClient = lib.mkEnableOption "the Kanidm client"; + enableServer = lib.mkEnableOption "the Kanidm server"; + enablePam = lib.mkEnableOption "the Kanidm PAM and NSS integration"; package = lib.mkPackageOption pkgs "kanidm" {}; @@ -77,13 +77,13 @@ in options = { bindaddress = lib.mkOption { - description = lib.mdDoc "Address/port combination the webserver binds to."; + description = "Address/port combination the webserver binds to."; example = "[::1]:8443"; type = lib.types.str; }; # Should be optional but toml does not accept null ldapbindaddress = lib.mkOption { - description = lib.mdDoc '' + description = '' Address and port the LDAP server is bound to. Setting this to `null` disables the LDAP interface. ''; example = "[::1]:636"; @@ -91,12 +91,12 @@ in type = lib.types.nullOr lib.types.str; }; origin = lib.mkOption { - description = lib.mdDoc "The origin of your Kanidm instance. Must have https as protocol."; + description = "The origin of your Kanidm instance. Must have https as protocol."; example = "https://idm.example.org"; type = lib.types.strMatching "^https://.*"; }; domain = lib.mkOption { - description = lib.mdDoc '' + description = '' The `domain` that Kanidm manages. Must be below or equal to the domain specified in `serverSettings.origin`. This can be left at `null`, only if your instance has the role `ReadOnlyReplica`. @@ -109,42 +109,42 @@ in type = lib.types.nullOr lib.types.str; }; db_path = lib.mkOption { - description = lib.mdDoc "Path to Kanidm database."; + description = "Path to Kanidm database."; default = "/var/lib/kanidm/kanidm.db"; readOnly = true; type = lib.types.path; }; tls_chain = lib.mkOption { - description = lib.mdDoc "TLS chain in pem format."; + description = "TLS chain in pem format."; type = lib.types.path; }; tls_key = lib.mkOption { - description = lib.mdDoc "TLS key in pem format."; + description = "TLS key in pem format."; type = lib.types.path; }; log_level = lib.mkOption { - description = lib.mdDoc "Log level of the server."; + description = "Log level of the server."; default = "info"; type = lib.types.enum [ "info" "debug" "trace" ]; }; role = lib.mkOption { - description = lib.mdDoc "The role of this server. This affects the replication relationship and thereby available features."; + description = "The role of this server. This affects the replication relationship and thereby available features."; default = "WriteReplica"; type = lib.types.enum [ "WriteReplica" "WriteReplicaNoUI" "ReadOnlyReplica" ]; }; online_backup = { path = lib.mkOption { - description = lib.mdDoc "Path to the output directory for backups."; + description = "Path to the output directory for backups."; type = lib.types.path; default = "/var/lib/kanidm/backups"; }; schedule = lib.mkOption { - description = lib.mdDoc "The schedule for backups in cron format."; + description = "The schedule for backups in cron format."; type = lib.types.str; default = "00 22 * * *"; }; versions = lib.mkOption { - description = lib.mdDoc '' + description = '' Number of backups to keep. The default is set to `0`, in order to disable backups by default. @@ -157,7 +157,7 @@ in }; }; default = { }; - description = lib.mdDoc '' + description = '' Settings for Kanidm, see [the documentation](https://kanidm.github.io/kanidm/stable/server_configuration.html) and [example configuration](https://github.com/kanidm/kanidm/blob/master/examples/server.toml) @@ -170,12 +170,12 @@ in freeformType = settingsFormat.type; options.uri = lib.mkOption { - description = lib.mdDoc "Address of the Kanidm server."; + description = "Address of the Kanidm server."; example = "http://127.0.0.1:8080"; type = lib.types.str; }; }; - description = lib.mdDoc '' + description = '' Configure Kanidm clients, needed for the PAM daemon. See [the documentation](https://kanidm.github.io/kanidm/stable/client_tools.html#kanidm-configuration) and [example configuration](https://github.com/kanidm/kanidm/blob/master/examples/config) @@ -189,18 +189,18 @@ in options = { pam_allowed_login_groups = lib.mkOption { - description = lib.mdDoc "Kanidm groups that are allowed to login using PAM."; + description = "Kanidm groups that are allowed to login using PAM."; example = "my_pam_group"; type = lib.types.listOf lib.types.str; }; hsm_pin_path = lib.mkOption { - description = lib.mdDoc "Path to a HSM pin."; + description = "Path to a HSM pin."; default = "/var/cache/kanidm-unixd/hsm-pin"; type = lib.types.path; }; }; }; - description = lib.mdDoc '' + description = '' Configure Kanidm unix daemon. See [the documentation](https://kanidm.github.io/kanidm/stable/integrations/pam_and_nsswitch.html#the-unix-daemon) and [example configuration](https://github.com/kanidm/kanidm/blob/master/examples/unixd) diff --git a/nixpkgs/nixos/modules/services/security/munge.nix b/nixpkgs/nixos/modules/services/security/munge.nix index 9d306c205f94..e124f098bfbd 100644 --- a/nixpkgs/nixos/modules/services/security/munge.nix +++ b/nixpkgs/nixos/modules/services/security/munge.nix @@ -15,12 +15,12 @@ in options = { services.munge = { - enable = mkEnableOption (lib.mdDoc "munge service"); + enable = mkEnableOption "munge service"; password = mkOption { default = "/etc/munge/munge.key"; type = types.path; - description = lib.mdDoc '' + description = '' The path to a daemon's secret key. ''; }; diff --git a/nixpkgs/nixos/modules/services/security/nginx-sso.nix b/nixpkgs/nixos/modules/services/security/nginx-sso.nix index dd32b8356cbb..11c5c5dd8e78 100644 --- a/nixpkgs/nixos/modules/services/security/nginx-sso.nix +++ b/nixpkgs/nixos/modules/services/security/nginx-sso.nix @@ -8,7 +8,7 @@ let configYml = pkgs.writeText "nginx-sso.yml" (builtins.toJSON cfg.configuration); in { options.services.nginx.sso = { - enable = mkEnableOption (lib.mdDoc "nginx-sso service"); + enable = mkEnableOption "nginx-sso service"; package = mkPackageOption pkgs "nginx-sso" { }; @@ -33,7 +33,7 @@ in { }; } ''; - description = lib.mdDoc '' + description = '' nginx-sso configuration ([documentation](https://github.com/Luzifer/nginx-sso/wiki/Main-Configuration)) as a Nix attribute set. diff --git a/nixpkgs/nixos/modules/services/security/oauth2-proxy-nginx.nix b/nixpkgs/nixos/modules/services/security/oauth2-proxy-nginx.nix new file mode 100644 index 000000000000..c05bd304752d --- /dev/null +++ b/nixpkgs/nixos/modules/services/security/oauth2-proxy-nginx.nix @@ -0,0 +1,130 @@ +{ config, lib, ... }: +let + cfg = config.services.oauth2-proxy.nginx; +in +{ + options.services.oauth2-proxy.nginx = { + proxy = lib.mkOption { + type = lib.types.str; + default = config.services.oauth2-proxy.httpAddress; + defaultText = lib.literalExpression "config.services.oauth2-proxy.httpAddress"; + description = '' + The address of the reverse proxy endpoint for oauth2-proxy + ''; + }; + + domain = lib.mkOption { + type = lib.types.str; + description = '' + The domain under which the oauth2-proxy will be accesible and the path of cookies are set to. + This setting must be set to ensure back-redirects are working properly + if oauth2-proxy is configured with {option}`services.oauth2-proxy.cookie.domain` + or multiple {option}`services.oauth2-proxy.nginx.virtualHosts` that are not on the same domain. + ''; + }; + + virtualHosts = lib.mkOption { + type = let + vhostSubmodule = lib.types.submodule { + options = { + allowed_groups = lib.mkOption { + type = lib.types.nullOr (lib.types.listOf lib.types.str); + description = "List of groups to allow access to this vhost, or null to allow all."; + default = null; + }; + allowed_emails = lib.mkOption { + type = lib.types.nullOr (lib.types.listOf lib.types.str); + description = "List of emails to allow access to this vhost, or null to allow all."; + default = null; + }; + allowed_email_domains = lib.mkOption { + type = lib.types.nullOr (lib.types.listOf lib.types.str); + description = "List of email domains to allow access to this vhost, or null to allow all."; + default = null; + }; + }; + }; + oldType = lib.types.listOf lib.types.str; + convertFunc = x: + lib.warn "services.oauth2-proxy.nginx.virtualHosts should be an attrset, found ${lib.generators.toPretty {} x}" + lib.genAttrs x (_: {}); + newType = lib.types.attrsOf vhostSubmodule; + in lib.types.coercedTo oldType convertFunc newType; + default = {}; + example = { + "protected.foo.com" = { + allowed_groups = ["admins"]; + allowed_emails = ["boss@foo.com"]; + }; + }; + description = '' + Nginx virtual hosts to put behind the oauth2 proxy. + You can exclude specific locations by setting `auth_request off;` in the locations extraConfig setting. + ''; + }; + }; + + config.services.oauth2-proxy = lib.mkIf (cfg.virtualHosts != [] && (lib.hasPrefix "127.0.0.1:" cfg.proxy)) { + enable = true; + }; + + config.services.nginx = lib.mkIf (cfg.virtualHosts != [] && config.services.oauth2-proxy.enable) (lib.mkMerge ([ + { + virtualHosts.${cfg.domain}.locations."/oauth2/" = { + proxyPass = cfg.proxy; + extraConfig = '' + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Auth-Request-Redirect $scheme://$host$request_uri; + ''; + }; + } + ] ++ lib.optional (cfg.virtualHosts != []) { + recommendedProxySettings = true; # needed because duplicate headers + } ++ (lib.mapAttrsToList (vhost: conf: { + virtualHosts.${vhost} = { + locations = { + "/oauth2/auth" = let + maybeQueryArg = name: value: + if value == null then null + else "${name}=${lib.concatStringsSep "," (builtins.map lib.escapeURL value)}"; + allArgs = lib.mapAttrsToList maybeQueryArg conf; + cleanArgs = builtins.filter (x: x != null) allArgs; + cleanArgsStr = lib.concatStringsSep "&" cleanArgs; + in { + # nginx doesn't support passing query string arguments to auth_request, + # so pass them here instead + proxyPass = "${cfg.proxy}/oauth2/auth?${cleanArgsStr}"; + extraConfig = '' + auth_request off; + proxy_set_header X-Scheme $scheme; + # nginx auth_request includes headers but not body + proxy_set_header Content-Length ""; + proxy_pass_request_body off; + ''; + }; + "@redirectToAuth2ProxyLogin" = { + return = "307 https://${cfg.domain}/oauth2/start?rd=$scheme://$host$request_uri"; + extraConfig = '' + auth_request off; + ''; + }; + }; + + extraConfig = '' + auth_request /oauth2/auth; + error_page 401 = @redirectToAuth2ProxyLogin; + + # pass information via X-User and X-Email headers to backend, + # requires running with --set-xauthrequest flag + auth_request_set $user $upstream_http_x_auth_request_user; + auth_request_set $email $upstream_http_x_auth_request_email; + proxy_set_header X-User $user; + proxy_set_header X-Email $email; + + # if you enabled --cookie-refresh, this is needed for it to work with auth_request + auth_request_set $auth_cookie $upstream_http_set_cookie; + add_header Set-Cookie $auth_cookie; + ''; + }; + }) cfg.virtualHosts))); +} diff --git a/nixpkgs/nixos/modules/services/security/oauth2_proxy.nix b/nixpkgs/nixos/modules/services/security/oauth2-proxy.nix index d1dc37d549d2..075e64b743b1 100644 --- a/nixpkgs/nixos/modules/services/security/oauth2_proxy.nix +++ b/nixpkgs/nixos/modules/services/security/oauth2-proxy.nix @@ -1,15 +1,12 @@ -# NixOS module for oauth2_proxy. - { config, lib, pkgs, ... }: -with lib; let - cfg = config.services.oauth2_proxy; + cfg = config.services.oauth2-proxy; - # oauth2_proxy provides many options that are only relevant if you are using + # oauth2-proxy provides many options that are only relevant if you are using # a certain provider. This set maps from provider name to a function that # takes the configuration and returns a string that can be inserted into the - # command-line to launch oauth2_proxy. + # command-line to launch oauth2-proxy. providerSpecificOptions = { azure = cfg: { azure-tenant = cfg.azure.tenant; @@ -47,6 +44,7 @@ let reverse-proxy = reverseProxy; proxy-prefix = proxyPrefix; profile-url = profileURL; + oidc-issuer-url = oidcIssuerUrl; redeem-url = redeemURL; redirect-url = redirectURL; request-logging = requestLogging; @@ -72,28 +70,28 @@ let } // (getProviderOptions cfg cfg.provider) // cfg.extraConfig; mapConfig = key: attr: - optionalString (attr != null && attr != []) ( - if isDerivation attr then mapConfig key (toString attr) else - if (builtins.typeOf attr) == "set" then concatStringsSep " " - (mapAttrsToList (name: value: mapConfig (key + "-" + name) value) attr) else - if (builtins.typeOf attr) == "list" then concatMapStringsSep " " (mapConfig key) attr else - if (builtins.typeOf attr) == "bool" then "--${key}=${boolToString attr}" else + lib.optionalString (attr != null && attr != []) ( + if lib.isDerivation attr then mapConfig key (toString attr) else + if (builtins.typeOf attr) == "set" then lib.concatStringsSep " " + (lib.mapAttrsToList (name: value: mapConfig (key + "-" + name) value) attr) else + if (builtins.typeOf attr) == "list" then lib.concatMapStringsSep " " (mapConfig key) attr else + if (builtins.typeOf attr) == "bool" then "--${key}=${lib.boolToString attr}" else if (builtins.typeOf attr) == "string" then "--${key}='${attr}'" else "--${key}=${toString attr}"); - configString = concatStringsSep " " (mapAttrsToList mapConfig allConfig); + configString = lib.concatStringsSep " " (lib.mapAttrsToList mapConfig allConfig); in { - options.services.oauth2_proxy = { - enable = mkEnableOption (lib.mdDoc "oauth2_proxy"); + options.services.oauth2-proxy = { + enable = lib.mkEnableOption "oauth2-proxy"; - package = mkPackageOption pkgs "oauth2-proxy" { }; + package = lib.mkPackageOption pkgs "oauth2-proxy" { }; ############################################## # PROVIDER configuration # Taken from: https://github.com/oauth2-proxy/oauth2-proxy/blob/master/providers/providers.go - provider = mkOption { - type = types.enum [ + provider = lib.mkOption { + type = lib.types.enum [ "adfs" "azure" "bitbucket" @@ -110,38 +108,47 @@ in "oidc" ]; default = "google"; - description = lib.mdDoc '' + description = '' OAuth provider. ''; }; - approvalPrompt = mkOption { - type = types.enum ["force" "auto"]; + approvalPrompt = lib.mkOption { + type = lib.types.enum ["force" "auto"]; default = "force"; - description = lib.mdDoc '' + description = '' OAuth approval_prompt. ''; }; - clientID = mkOption { - type = types.nullOr types.str; - description = lib.mdDoc '' + clientID = lib.mkOption { + type = lib.types.nullOr lib.types.str; + description = '' The OAuth Client ID. ''; example = "123456.apps.googleusercontent.com"; }; - clientSecret = mkOption { - type = types.nullOr types.str; - description = lib.mdDoc '' + oidcIssuerUrl = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = '' + The OAuth issuer URL. + ''; + example = "https://login.microsoftonline.com/{TENANT_ID}/v2.0"; + }; + + clientSecret = lib.mkOption { + type = lib.types.nullOr lib.types.str; + description = '' The OAuth Client Secret. ''; }; - skipAuthRegexes = mkOption { - type = types.listOf types.str; + skipAuthRegexes = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; - description = lib.mdDoc '' + description = '' Skip authentication for requests matching any of these regular expressions. ''; @@ -149,28 +156,28 @@ in # XXX: Not clear whether these two options are mutually exclusive or not. email = { - domains = mkOption { - type = types.listOf types.str; + domains = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; - description = lib.mdDoc '' + description = '' Authenticate emails with the specified domains. Use `*` to authenticate any email. ''; }; - addresses = mkOption { - type = types.nullOr types.lines; + addresses = lib.mkOption { + type = lib.types.nullOr lib.types.lines; default = null; - description = lib.mdDoc '' + description = '' Line-separated email addresses that are allowed to authenticate. ''; }; }; - loginURL = mkOption { - type = types.nullOr types.str; + loginURL = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; - description = lib.mdDoc '' + description = '' Authentication endpoint. You only need to set this if you are using a self-hosted provider (e.g. @@ -180,10 +187,10 @@ in example = "https://provider.example.com/oauth/authorize"; }; - redeemURL = mkOption { - type = types.nullOr types.str; + redeemURL = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; - description = lib.mdDoc '' + description = '' Token redemption endpoint. You only need to set this if you are using a self-hosted provider (e.g. @@ -193,10 +200,10 @@ in example = "https://provider.example.com/oauth/token"; }; - validateURL = mkOption { - type = types.nullOr types.str; + validateURL = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; - description = lib.mdDoc '' + description = '' Access token validation endpoint. You only need to set this if you are using a self-hosted provider (e.g. @@ -206,38 +213,38 @@ in example = "https://provider.example.com/user/emails"; }; - redirectURL = mkOption { + redirectURL = lib.mkOption { # XXX: jml suspects this is always necessary, but the command-line # doesn't require it so making it optional. - type = types.nullOr types.str; + type = lib.types.nullOr lib.types.str; default = null; - description = lib.mdDoc '' + description = '' The OAuth2 redirect URL. ''; example = "https://internalapp.yourcompany.com/oauth2/callback"; }; azure = { - tenant = mkOption { - type = types.str; + tenant = lib.mkOption { + type = lib.types.str; default = "common"; - description = lib.mdDoc '' + description = '' Go to a tenant-specific or common (tenant-independent) endpoint. ''; }; - resource = mkOption { - type = types.str; - description = lib.mdDoc '' + resource = lib.mkOption { + type = lib.types.str; + description = '' The resource that is protected. ''; }; }; google = { - adminEmail = mkOption { - type = types.str; - description = lib.mdDoc '' + adminEmail = lib.mkOption { + type = lib.types.str; + description = '' The Google Admin to impersonate for API calls. Only users with access to the Admin APIs can access the Admin SDK @@ -248,35 +255,35 @@ in ''; }; - groups = mkOption { - type = types.listOf types.str; + groups = lib.mkOption { + type = lib.types.listOf lib.types.str; default = []; - description = lib.mdDoc '' + description = '' Restrict logins to members of these Google groups. ''; }; - serviceAccountJSON = mkOption { - type = types.path; - description = lib.mdDoc '' + serviceAccountJSON = lib.mkOption { + type = lib.types.path; + description = '' The path to the service account JSON credentials. ''; }; }; github = { - org = mkOption { - type = types.nullOr types.str; + org = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; - description = lib.mdDoc '' + description = '' Restrict logins to members of this organisation. ''; }; - team = mkOption { - type = types.nullOr types.str; + team = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; - description = lib.mdDoc '' + description = '' Restrict logins to members of this team. ''; }; @@ -285,61 +292,61 @@ in #################################################### # UPSTREAM Configuration - upstream = mkOption { - type = with types; coercedTo str (x: [x]) (listOf str); + upstream = lib.mkOption { + type = with lib.types; coercedTo str (x: [x]) (listOf str); default = []; - description = lib.mdDoc '' + description = '' The http url(s) of the upstream endpoint or `file://` paths for static files. Routing is based on the path. ''; }; - passAccessToken = mkOption { - type = types.bool; + passAccessToken = lib.mkOption { + type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Pass OAuth access_token to upstream via X-Forwarded-Access-Token header. ''; }; - passBasicAuth = mkOption { - type = types.bool; + passBasicAuth = lib.mkOption { + type = lib.types.bool; default = true; - description = lib.mdDoc '' + description = '' Pass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream. ''; }; - basicAuthPassword = mkOption { - type = types.nullOr types.str; + basicAuthPassword = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; - description = lib.mdDoc '' + description = '' The password to set when passing the HTTP Basic Auth header. ''; }; - passHostHeader = mkOption { - type = types.bool; + passHostHeader = lib.mkOption { + type = lib.types.bool; default = true; - description = lib.mdDoc '' + description = '' Pass the request Host Header to upstream. ''; }; - signatureKey = mkOption { - type = types.nullOr types.str; + signatureKey = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; - description = lib.mdDoc '' + description = '' GAP-Signature request signature key. ''; example = "sha1:secret0"; }; cookie = { - domain = mkOption { - type = types.nullOr types.str; + domain = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; - description = lib.mdDoc '' + description = '' Optional cookie domains to force cookies to (ie: `.yourcompany.com`). The longest domain matching the request's host will be used (or the shortest cookie domain if there is no match). @@ -347,51 +354,51 @@ in example = ".yourcompany.com"; }; - expire = mkOption { - type = types.str; + expire = lib.mkOption { + type = lib.types.str; default = "168h0m0s"; - description = lib.mdDoc '' + description = '' Expire timeframe for cookie. ''; }; - httpOnly = mkOption { - type = types.bool; + httpOnly = lib.mkOption { + type = lib.types.bool; default = true; - description = lib.mdDoc '' + description = '' Set HttpOnly cookie flag. ''; }; - name = mkOption { - type = types.str; + name = lib.mkOption { + type = lib.types.str; default = "_oauth2_proxy"; - description = lib.mdDoc '' + description = '' The name of the cookie that the oauth_proxy creates. ''; }; - refresh = mkOption { + refresh = lib.mkOption { # XXX: Unclear what the behavior is when this is not specified. - type = types.nullOr types.str; + type = lib.types.nullOr lib.types.str; default = null; - description = lib.mdDoc '' + description = '' Refresh the cookie after this duration; 0 to disable. ''; example = "168h0m0s"; }; - secret = mkOption { - type = types.nullOr types.str; - description = lib.mdDoc '' + secret = lib.mkOption { + type = lib.types.nullOr lib.types.str; + description = '' The seed string for secure cookies. ''; }; - secure = mkOption { - type = types.bool; + secure = lib.mkOption { + type = lib.types.bool; default = true; - description = lib.mdDoc '' + description = '' Set secure (HTTPS) cookie flag. ''; }; @@ -400,10 +407,10 @@ in #################################################### # OAUTH2 PROXY configuration - httpAddress = mkOption { - type = types.str; + httpAddress = lib.mkOption { + type = lib.types.str; default = "http://127.0.0.1:4180"; - description = lib.mdDoc '' + description = '' HTTPS listening address. This module does not expose the port by default. If you want this URL to be accessible to other machines, please add the port to `networking.firewall.allowedTCPPorts`. @@ -411,36 +418,36 @@ in }; htpasswd = { - file = mkOption { - type = types.nullOr types.path; + file = lib.mkOption { + type = lib.types.nullOr lib.types.path; default = null; - description = lib.mdDoc '' + description = '' Additionally authenticate against a htpasswd file. Entries must be created with `htpasswd -s` for SHA encryption. ''; }; - displayForm = mkOption { - type = types.bool; + displayForm = lib.mkOption { + type = lib.types.bool; default = true; - description = lib.mdDoc '' + description = '' Display username / password login form if an htpasswd file is provided. ''; }; }; - customTemplatesDir = mkOption { - type = types.nullOr types.path; + customTemplatesDir = lib.mkOption { + type = lib.types.nullOr lib.types.path; default = null; - description = lib.mdDoc '' + description = '' Path to custom HTML templates. ''; }; - reverseProxy = mkOption { - type = types.bool; + reverseProxy = lib.mkOption { + type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' In case when running behind a reverse proxy, controls whether headers like `X-Real-Ip` are accepted. Usage behind a reverse proxy will require this flag to be set to avoid logging the reverse @@ -448,41 +455,41 @@ in ''; }; - proxyPrefix = mkOption { - type = types.str; + proxyPrefix = lib.mkOption { + type = lib.types.str; default = "/oauth2"; - description = lib.mdDoc '' + description = '' The url root path that this proxy should be nested under. ''; }; tls = { - enable = mkOption { - type = types.bool; + enable = lib.mkOption { + type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to serve over TLS. ''; }; - certificate = mkOption { - type = types.path; - description = lib.mdDoc '' + certificate = lib.mkOption { + type = lib.types.path; + description = '' Path to certificate file. ''; }; - key = mkOption { - type = types.path; - description = lib.mdDoc '' + key = lib.mkOption { + type = lib.types.path; + description = '' Path to private key file. ''; }; - httpsAddress = mkOption { - type = types.str; + httpsAddress = lib.mkOption { + type = lib.types.str; default = ":443"; - description = lib.mdDoc '' + description = '' `addr:port` to listen on for HTTPS clients. Remember to add `port` to @@ -492,10 +499,10 @@ in }; }; - requestLogging = mkOption { - type = types.bool; + requestLogging = lib.mkOption { + type = lib.types.bool; default = true; - description = lib.mdDoc '' + description = '' Log requests to stdout. ''; }; @@ -504,71 +511,73 @@ in # UNKNOWN # XXX: Is this mandatory? Is it part of another group? Is it part of the provider specification? - scope = mkOption { + scope = lib.mkOption { # XXX: jml suspects this is always necessary, but the command-line # doesn't require it so making it optional. - type = types.nullOr types.str; + type = lib.types.nullOr lib.types.str; default = null; - description = lib.mdDoc '' + description = '' OAuth scope specification. ''; }; - profileURL = mkOption { - type = types.nullOr types.str; + profileURL = lib.mkOption { + type = lib.types.nullOr lib.types.str; default = null; - description = lib.mdDoc '' + description = '' Profile access endpoint. ''; }; - setXauthrequest = mkOption { - type = types.nullOr types.bool; + setXauthrequest = lib.mkOption { + type = lib.types.nullOr lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Set X-Auth-Request-User and X-Auth-Request-Email response headers (useful in Nginx auth_request mode). Setting this to 'null' means using the upstream default (false). ''; }; - extraConfig = mkOption { + extraConfig = lib.mkOption { default = {}; - type = types.attrsOf types.anything; - description = lib.mdDoc '' + type = lib.types.attrsOf lib.types.anything; + description = '' Extra config to pass to oauth2-proxy. ''; }; - keyFile = mkOption { - type = types.nullOr types.path; + keyFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; default = null; - description = lib.mdDoc '' + description = '' oauth2-proxy allows passing sensitive configuration via environment variables. Make a file that contains lines like OAUTH2_PROXY_CLIENT_SECRET=asdfasdfasdf.apps.googleuserscontent.com and specify the path here. ''; - example = "/run/keys/oauth2_proxy"; + example = "/run/keys/oauth2-proxy"; }; - }; - config = mkIf cfg.enable { + imports = [ + (lib.mkRenamedOptionModule [ "services" "oauth2_proxy" ] [ "services" "oauth2-proxy" ]) + ]; - services.oauth2_proxy = mkIf (cfg.keyFile != null) { - clientID = mkDefault null; - clientSecret = mkDefault null; - cookie.secret = mkDefault null; + config = lib.mkIf cfg.enable { + services.oauth2-proxy = lib.mkIf (cfg.keyFile != null) { + clientID = lib.mkDefault null; + clientSecret = lib.mkDefault null; + cookie.secret = lib.mkDefault null; }; - users.users.oauth2_proxy = { + users.users.oauth2-proxy = { description = "OAuth2 Proxy"; isSystemUser = true; - group = "oauth2_proxy"; + group = "oauth2-proxy"; }; - users.groups.oauth2_proxy = {}; + users.groups.oauth2-proxy = {}; - systemd.services.oauth2_proxy = { + systemd.services.oauth2-proxy = { description = "OAuth2 Proxy"; path = [ cfg.package ]; wantedBy = [ "multi-user.target" ]; @@ -576,10 +585,10 @@ in after = [ "network-online.target" ]; serviceConfig = { - User = "oauth2_proxy"; + User = "oauth2-proxy"; Restart = "always"; ExecStart = "${cfg.package}/bin/oauth2-proxy ${configString}"; - EnvironmentFile = mkIf (cfg.keyFile != null) cfg.keyFile; + EnvironmentFile = lib.mkIf (cfg.keyFile != null) cfg.keyFile; }; }; diff --git a/nixpkgs/nixos/modules/services/security/oauth2_proxy_nginx.nix b/nixpkgs/nixos/modules/services/security/oauth2_proxy_nginx.nix deleted file mode 100644 index dd3ded6259c4..000000000000 --- a/nixpkgs/nixos/modules/services/security/oauth2_proxy_nginx.nix +++ /dev/null @@ -1,81 +0,0 @@ -{ config, lib, ... }: -with lib; -let - cfg = config.services.oauth2_proxy.nginx; -in -{ - options.services.oauth2_proxy.nginx = { - proxy = mkOption { - type = types.str; - default = config.services.oauth2_proxy.httpAddress; - defaultText = literalExpression "config.services.oauth2_proxy.httpAddress"; - description = lib.mdDoc '' - The address of the reverse proxy endpoint for oauth2_proxy - ''; - }; - - domain = mkOption { - type = types.str; - description = lib.mdDoc '' - The domain under which the oauth2_proxy will be accesible and the path of cookies are set to. - This setting must be set to ensure back-redirects are working properly - if oauth2-proxy is configured with {option}`services.oauth2_proxy.cookie.domain` - or multiple {option}`services.oauth2_proxy.nginx.virtualHosts` that are not on the same domain. - ''; - }; - - virtualHosts = mkOption { - type = types.listOf types.str; - default = []; - description = lib.mdDoc '' - A list of nginx virtual hosts to put behind the oauth2 proxy - ''; - }; - }; - - config.services.oauth2_proxy = mkIf (cfg.virtualHosts != [] && (hasPrefix "127.0.0.1:" cfg.proxy)) { - enable = true; - }; - - config.services.nginx = mkIf (cfg.virtualHosts != [] && config.services.oauth2_proxy.enable) (mkMerge ([ - { - virtualHosts.${cfg.domain}.locations."/oauth2/" = { - proxyPass = cfg.proxy; - extraConfig = '' - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Auth-Request-Redirect $scheme://$host$request_uri; - ''; - }; - } - ] ++ optional (cfg.virtualHosts != []) { - recommendedProxySettings = true; # needed because duplicate headers - } ++ (map (vhost: { - virtualHosts.${vhost}.locations = { - "/oauth2/auth" = { - proxyPass = cfg.proxy; - extraConfig = '' - proxy_set_header X-Scheme $scheme; - # nginx auth_request includes headers but not body - proxy_set_header Content-Length ""; - proxy_pass_request_body off; - ''; - }; - "@redirectToAuth2ProxyLogin".return = "307 https://${cfg.domain}/oauth2/start?rd=$scheme://$host$request_uri"; - "/".extraConfig = '' - auth_request /oauth2/auth; - error_page 401 = @redirectToAuth2ProxyLogin; - - # pass information via X-User and X-Email headers to backend, - # requires running with --set-xauthrequest flag - auth_request_set $user $upstream_http_x_auth_request_user; - auth_request_set $email $upstream_http_x_auth_request_email; - proxy_set_header X-User $user; - proxy_set_header X-Email $email; - - # if you enabled --cookie-refresh, this is needed for it to work with auth_request - auth_request_set $auth_cookie $upstream_http_set_cookie; - add_header Set-Cookie $auth_cookie; - ''; - }; - }) cfg.virtualHosts))); -} diff --git a/nixpkgs/nixos/modules/services/security/opensnitch.nix b/nixpkgs/nixos/modules/services/security/opensnitch.nix index 42cf8159f3ea..6e2f6ca73b77 100644 --- a/nixpkgs/nixos/modules/services/security/opensnitch.nix +++ b/nixpkgs/nixos/modules/services/security/opensnitch.nix @@ -13,7 +13,7 @@ let in { options = { services.opensnitch = { - enable = mkEnableOption (mdDoc "Opensnitch application firewall"); + enable = mkEnableOption "Opensnitch application firewall"; rules = mkOption { default = {}; @@ -34,7 +34,7 @@ in { }; ''; - description = mdDoc '' + description = '' Declarative configuration of firewall rules. All rules will be stored in `/var/lib/opensnitch/rules` by default. Rules path can be configured with `settings.Rules.Path`. @@ -56,7 +56,7 @@ in { Address = mkOption { type = types.str; - description = mdDoc '' + description = '' Unix socket path (unix:///tmp/osui.sock, the "unix:///" part is mandatory) or TCP socket (192.168.1.100:50051). ''; @@ -64,7 +64,7 @@ in { LogFile = mkOption { type = types.path; - description = mdDoc '' + description = '' File to write logs to (use /dev/stdout to write logs to standard output). ''; @@ -74,7 +74,7 @@ in { DefaultAction = mkOption { type = types.enum [ "allow" "deny" ]; - description = mdDoc '' + description = '' Default action whether to block or allow application internet access. ''; @@ -82,21 +82,21 @@ in { InterceptUnknown = mkOption { type = types.bool; - description = mdDoc '' + description = '' Whether to intercept spare connections. ''; }; ProcMonitorMethod = mkOption { type = types.enum [ "ebpf" "proc" "ftrace" "audit" ]; - description = mdDoc '' + description = '' Which process monitoring method to use. ''; }; LogLevel = mkOption { type = types.enum [ 0 1 2 3 4 ]; - description = mdDoc '' + description = '' Default log level from 0 to 4 (debug, info, important, warning, error). ''; @@ -104,7 +104,7 @@ in { Firewall = mkOption { type = types.enum [ "iptables" "nftables" ]; - description = mdDoc '' + description = '' Which firewall backend to use. ''; }; @@ -113,14 +113,14 @@ in { MaxEvents = mkOption { type = types.int; - description = mdDoc '' + description = '' Max events to send to the GUI. ''; }; MaxStats = mkOption { type = types.int; - description = mdDoc '' + description = '' Max stats per item to keep in backlog. ''; }; @@ -135,7 +135,7 @@ in { "\\$\\{config.boot.kernelPackages.opensnitch-ebpf\\}/etc/opensnitchd" else null; ''; - description = mdDoc '' + description = '' Configure eBPF modules path. Used when `settings.ProcMonitorMethod` is set to `ebpf`. ''; @@ -144,7 +144,7 @@ in { Rules.Path = mkOption { type = types.path; default = "/var/lib/opensnitch/rules"; - description = mdDoc '' + description = '' Path to the directory where firewall rules can be found and will get stored by the NixOS module. ''; @@ -152,7 +152,7 @@ in { }; }; - description = mdDoc '' + description = '' opensnitchd configuration. Refer to [upstream documentation](https://github.com/evilsocket/opensnitch/wiki/Configurations) for details on supported values. ''; diff --git a/nixpkgs/nixos/modules/services/security/pass-secret-service.nix b/nixpkgs/nixos/modules/services/security/pass-secret-service.nix index f864f8a26595..9530a9f8cf69 100644 --- a/nixpkgs/nixos/modules/services/security/pass-secret-service.nix +++ b/nixpkgs/nixos/modules/services/security/pass-secret-service.nix @@ -7,7 +7,7 @@ let in { options.services.passSecretService = { - enable = mkEnableOption (lib.mdDoc "pass secret service"); + enable = mkEnableOption "pass secret service"; package = mkPackageOption pkgs "pass-secret-service" { example = "pass-secret-service.override { python3 = pkgs.python310 }"; diff --git a/nixpkgs/nixos/modules/services/security/physlock.nix b/nixpkgs/nixos/modules/services/security/physlock.nix index cd7747659152..7285de94ad6c 100644 --- a/nixpkgs/nixos/modules/services/security/physlock.nix +++ b/nixpkgs/nixos/modules/services/security/physlock.nix @@ -17,7 +17,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the {command}`physlock` screen locking mechanism. Enable this and then run {command}`systemctl start physlock` @@ -33,7 +33,7 @@ in allowAnyUser = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to allow any user to lock the screen. This will install a setuid wrapper to allow any user to start physlock as root, which is a minor security risk. Call the physlock binary to use this instead @@ -44,7 +44,7 @@ in disableSysRq = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to disable SysRq when locked with physlock. ''; }; @@ -52,7 +52,7 @@ in lockMessage = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Message to show on physlock login terminal. ''; }; @@ -60,7 +60,7 @@ in muteKernelMessages = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Disable kernel messages on console while physlock is running. ''; }; @@ -70,7 +70,7 @@ in suspend = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to lock screen with physlock just before suspend. ''; }; @@ -78,7 +78,7 @@ in hibernate = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to lock screen with physlock just before hibernate. ''; }; @@ -87,7 +87,7 @@ in type = types.listOf types.str; default = []; example = [ "display-manager.service" ]; - description = lib.mdDoc '' + description = '' Other targets to lock the screen just before. Useful if you want to e.g. both autologin to X11 so that diff --git a/nixpkgs/nixos/modules/services/security/shibboleth-sp.nix b/nixpkgs/nixos/modules/services/security/shibboleth-sp.nix index 975de1efa2f2..c6d260b90267 100644 --- a/nixpkgs/nixos/modules/services/security/shibboleth-sp.nix +++ b/nixpkgs/nixos/modules/services/security/shibboleth-sp.nix @@ -8,31 +8,31 @@ in { enable = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc "Whether to enable the shibboleth service"; + description = "Whether to enable the shibboleth service"; }; configFile = lib.mkOption { type = lib.types.path; example = lib.literalExpression ''"''${pkgs.shibboleth-sp}/etc/shibboleth/shibboleth2.xml"''; - description = lib.mdDoc "Path to shibboleth config file"; + description = "Path to shibboleth config file"; }; fastcgi.enable = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc "Whether to include the shibauthorizer and shibresponder FastCGI processes"; + description = "Whether to include the shibauthorizer and shibresponder FastCGI processes"; }; fastcgi.shibAuthorizerPort = lib.mkOption { type = lib.types.int; default = 9100; - description = lib.mdDoc "Port for shibauthorizer FastCGI process to bind to"; + description = "Port for shibauthorizer FastCGI process to bind to"; }; fastcgi.shibResponderPort = lib.mkOption { type = lib.types.int; default = 9101; - description = lib.mdDoc "Port for shibauthorizer FastCGI process to bind to"; + description = "Port for shibauthorizer FastCGI process to bind to"; }; }; }; diff --git a/nixpkgs/nixos/modules/services/security/sks.nix b/nixpkgs/nixos/modules/services/security/sks.nix index 7ac5ecec0d82..520da45c94e2 100644 --- a/nixpkgs/nixos/modules/services/security/sks.nix +++ b/nixpkgs/nixos/modules/services/security/sks.nix @@ -16,10 +16,10 @@ in { services.sks = { - enable = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption '' SKS (synchronizing key server for OpenPGP) and start the database server. You need to create "''${dataDir}/dump/*.gpg" for the initial - import''); + import''; package = mkPackageOption pkgs "sks" { }; @@ -30,7 +30,7 @@ in { # TODO: The default might change to "/var/lib/sks" as this is more # common. There's also https://github.com/NixOS/nixpkgs/issues/26256 # and "/var/db" is not FHS compliant (seems to come from BSD). - description = lib.mdDoc '' + description = '' Data directory (-basedir) for SKS, where the database and all configuration files are located (e.g. KDB, PTree, membership and sksconf). @@ -40,7 +40,7 @@ in { extraDbConfig = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Set contents of the files "KDB/DB_CONFIG" and "PTree/DB_CONFIG" within the ''${dataDir} directory. This is used to configure options for the database for the sks key server. @@ -54,7 +54,7 @@ in { hkpAddress = mkOption { default = [ "127.0.0.1" "::1" ]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' Domain names, IPv4 and/or IPv6 addresses to listen on for HKP requests. ''; @@ -63,14 +63,14 @@ in { hkpPort = mkOption { default = 11371; type = types.ints.u16; - description = lib.mdDoc "HKP port to listen on."; + description = "HKP port to listen on."; }; webroot = mkOption { type = types.nullOr types.path; default = "${sksPkg.webSamples}/OpenPKG"; defaultText = literalExpression ''"''${package.webSamples}/OpenPKG"''; - description = lib.mdDoc '' + description = '' Source directory (will be symlinked, if not null) for the files the built-in webserver should serve. SKS (''${pkgs.sks.webSamples}) provides the following examples: "HTML5", "OpenPKG", and "XHTML+ES". diff --git a/nixpkgs/nixos/modules/services/security/sshguard.nix b/nixpkgs/nixos/modules/services/security/sshguard.nix index 4e9d9571de5e..3be0a8c700b9 100644 --- a/nixpkgs/nixos/modules/services/security/sshguard.nix +++ b/nixpkgs/nixos/modules/services/security/sshguard.nix @@ -30,13 +30,13 @@ in { enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc "Whether to enable the sshguard service."; + description = "Whether to enable the sshguard service."; }; attack_threshold = mkOption { default = 30; type = types.int; - description = lib.mdDoc '' + description = '' Block attackers when their cumulative attack score exceeds threshold. Most attacks have a score of 10. ''; }; @@ -45,7 +45,7 @@ in { default = null; example = 120; type = types.nullOr types.int; - description = lib.mdDoc '' + description = '' Blacklist an attacker when its score exceeds threshold. Blacklisted addresses are loaded from and added to blacklist-file. ''; }; @@ -53,7 +53,7 @@ in { blacklist_file = mkOption { default = "/var/lib/sshguard/blacklist.db"; type = types.path; - description = lib.mdDoc '' + description = '' Blacklist an attacker when its score exceeds threshold. Blacklisted addresses are loaded from and added to blacklist-file. ''; }; @@ -61,7 +61,7 @@ in { blocktime = mkOption { default = 120; type = types.int; - description = lib.mdDoc '' + description = '' Block attackers for initially blocktime seconds after exceeding threshold. Subsequent blocks increase by a factor of 1.5. sshguard unblocks attacks at random intervals, so actual block times will be longer. @@ -71,7 +71,7 @@ in { detection_time = mkOption { default = 1800; type = types.int; - description = lib.mdDoc '' + description = '' Remember potential attackers for up to detection_time seconds before resetting their score. ''; }; @@ -80,7 +80,7 @@ in { default = [ ]; example = [ "198.51.100.56" "198.51.100.2" ]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' Whitelist a list of addresses, hostnames, or address blocks. ''; }; @@ -89,7 +89,7 @@ in { default = [ "sshd" ]; example = [ "sshd" "exim" ]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' Systemd services sshguard should receive logs of. ''; }; diff --git a/nixpkgs/nixos/modules/services/security/sslmate-agent.nix b/nixpkgs/nixos/modules/services/security/sslmate-agent.nix index 2d72406f0db8..c850eb22a031 100644 --- a/nixpkgs/nixos/modules/services/security/sslmate-agent.nix +++ b/nixpkgs/nixos/modules/services/security/sslmate-agent.nix @@ -10,7 +10,7 @@ in { options = { services.sslmate-agent = { - enable = mkEnableOption (lib.mdDoc "sslmate-agent, a daemon for managing SSL/TLS certificates on a server"); + enable = mkEnableOption "sslmate-agent, a daemon for managing SSL/TLS certificates on a server"; }; }; diff --git a/nixpkgs/nixos/modules/services/security/step-ca.nix b/nixpkgs/nixos/modules/services/security/step-ca.nix index 433f162ecb86..c708cb2b8910 100644 --- a/nixpkgs/nixos/modules/services/security/step-ca.nix +++ b/nixpkgs/nixos/modules/services/security/step-ca.nix @@ -8,18 +8,18 @@ in options = { services.step-ca = { - enable = lib.mkEnableOption (lib.mdDoc "the smallstep certificate authority server"); - openFirewall = lib.mkEnableOption (lib.mdDoc "opening the certificate authority server port"); + enable = lib.mkEnableOption "the smallstep certificate authority server"; + openFirewall = lib.mkEnableOption "opening the certificate authority server port"; package = lib.mkOption { type = lib.types.package; default = pkgs.step-ca; defaultText = lib.literalExpression "pkgs.step-ca"; - description = lib.mdDoc "Which step-ca package to use."; + description = "Which step-ca package to use."; }; address = lib.mkOption { type = lib.types.str; example = "127.0.0.1"; - description = lib.mdDoc '' + description = '' The address (without port) the certificate authority should listen at. This combined with {option}`services.step-ca.port` overrides {option}`services.step-ca.settings.address`. ''; @@ -27,14 +27,14 @@ in port = lib.mkOption { type = lib.types.port; example = 8443; - description = lib.mdDoc '' + description = '' The port the certificate authority should listen on. This combined with {option}`services.step-ca.address` overrides {option}`services.step-ca.settings.address`. ''; }; settings = lib.mkOption { type = with lib.types; attrsOf anything; - description = lib.mdDoc '' + description = '' Settings that go into {file}`ca.json`. See [the step-ca manual](https://smallstep.com/docs/step-ca/configuration) for more information. The easiest way to @@ -57,7 +57,7 @@ in intermediatePasswordFile = lib.mkOption { type = lib.types.path; example = "/run/keys/smallstep-password"; - description = lib.mdDoc '' + description = '' Path to the file containing the password for the intermediate certificate private key. diff --git a/nixpkgs/nixos/modules/services/security/tang.nix b/nixpkgs/nixos/modules/services/security/tang.nix index 9cb0a22fca42..be36d9895bf3 100644 --- a/nixpkgs/nixos/modules/services/security/tang.nix +++ b/nixpkgs/nixos/modules/services/security/tang.nix @@ -11,14 +11,14 @@ in type = types.package; default = pkgs.tang; defaultText = literalExpression "pkgs.tang"; - description = mdDoc "The tang package to use."; + description = "The tang package to use."; }; listenStream = mkOption { type = with types; listOf str; default = [ "7654" ]; example = [ "198.168.100.1:7654" "[2001:db8::1]:7654" "7654" ]; - description = mdDoc '' + description = '' Addresses and/or ports on which tang should listen. For detailed syntax see ListenStream in {manpage}`systemd.socket(5)`. ''; diff --git a/nixpkgs/nixos/modules/services/security/tor.nix b/nixpkgs/nixos/modules/services/security/tor.nix index dea20dec1ab4..6cceb1bad82d 100644 --- a/nixpkgs/nixos/modules/services/security/tor.nix +++ b/nixpkgs/nixos/modules/services/security/tor.nix @@ -30,35 +30,35 @@ let optionBool = optionName: mkOption { type = with types; nullOr bool; default = null; - description = lib.mdDoc (descriptionGeneric optionName); + description = (descriptionGeneric optionName); }; optionInt = optionName: mkOption { type = with types; nullOr int; default = null; - description = lib.mdDoc (descriptionGeneric optionName); + description = (descriptionGeneric optionName); }; optionString = optionName: mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc (descriptionGeneric optionName); + description = (descriptionGeneric optionName); }; optionStrings = optionName: mkOption { type = with types; listOf str; default = []; - description = lib.mdDoc (descriptionGeneric optionName); + description = (descriptionGeneric optionName); }; optionAddress = mkOption { type = with types; nullOr str; default = null; example = "0.0.0.0"; - description = lib.mdDoc '' + description = '' IPv4 or IPv6 (if between brackets) address. ''; }; optionUnix = mkOption { type = with types; nullOr path; default = null; - description = lib.mdDoc '' + description = '' Unix domain socket path to use. ''; }; @@ -69,7 +69,7 @@ let optionPorts = optionName: mkOption { type = with types; listOf port; default = []; - description = lib.mdDoc (descriptionGeneric optionName); + description = (descriptionGeneric optionName); }; optionIsolablePort = with types; oneOf [ port (enum ["auto"]) @@ -89,7 +89,7 @@ let optionIsolablePorts = optionName: mkOption { default = []; type = with types; either optionIsolablePort (listOf optionIsolablePort); - description = lib.mdDoc (descriptionGeneric optionName); + description = (descriptionGeneric optionName); }; isolateFlags = [ "IsolateClientAddr" @@ -144,17 +144,17 @@ let }; })) ]))]; - description = lib.mdDoc (descriptionGeneric optionName); + description = (descriptionGeneric optionName); }; optionBandwidth = optionName: mkOption { type = with types; nullOr (either int str); default = null; - description = lib.mdDoc (descriptionGeneric optionName); + description = (descriptionGeneric optionName); }; optionPath = optionName: mkOption { type = with types; nullOr path; default = null; - description = lib.mdDoc (descriptionGeneric optionName); + description = (descriptionGeneric optionName); }; mkValueString = k: v: @@ -224,40 +224,40 @@ in options = { services.tor = { - enable = mkEnableOption (lib.mdDoc ''Tor daemon. + enable = mkEnableOption ''Tor daemon. By default, the daemon is run without - relay, exit, bridge or client connectivity''); + relay, exit, bridge or client connectivity''; - openFirewall = mkEnableOption (lib.mdDoc "opening of the relay port(s) in the firewall"); + openFirewall = mkEnableOption "opening of the relay port(s) in the firewall"; package = mkPackageOption pkgs "tor" { }; - enableGeoIP = mkEnableOption (lib.mdDoc ''use of GeoIP databases. + enableGeoIP = mkEnableOption ''use of GeoIP databases. Disabling this will disable by-country statistics for bridges and relays - and some client and third-party software functionality'') // { default = true; }; + and some client and third-party software functionality'' // { default = true; }; - controlSocket.enable = mkEnableOption (lib.mdDoc ''control socket, - created in `${runDir}/control`''); + controlSocket.enable = mkEnableOption ''control socket, + created in `${runDir}/control`''; client = { - enable = mkEnableOption (lib.mdDoc ''the routing of application connections. - You might want to disable this if you plan running a dedicated Tor relay''); + enable = mkEnableOption ''the routing of application connections. + You might want to disable this if you plan running a dedicated Tor relay''; - transparentProxy.enable = mkEnableOption (lib.mdDoc "transparent proxy"); - dns.enable = mkEnableOption (lib.mdDoc "DNS resolver"); + transparentProxy.enable = mkEnableOption "transparent proxy"; + dns.enable = mkEnableOption "DNS resolver"; socksListenAddress = mkOption { type = optionSOCKSPort false; default = {addr = "127.0.0.1"; port = 9050; IsolateDestAddr = true;}; example = {addr = "192.168.0.1"; port = 9090; IsolateDestAddr = true;}; - description = lib.mdDoc '' + description = '' Bind to this address to listen for connections from Socks-speaking applications. ''; }; onionServices = mkOption { - description = lib.mdDoc (descriptionGeneric "HiddenServiceDir"); + description = (descriptionGeneric "HiddenServiceDir"); default = {}; example = { "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" = { @@ -266,7 +266,7 @@ in }; type = types.attrsOf (types.submodule ({name, config, ...}: { options.clientAuthorizations = mkOption { - description = lib.mdDoc '' + description = '' Clients' authorizations for a v3 onion service, as a list of files containing each one private key, in the format: ``` @@ -283,8 +283,8 @@ in }; relay = { - enable = mkEnableOption (lib.mdDoc "tor relaying") // { - description = lib.mdDoc '' + enable = mkEnableOption "tor relaying" // { + description = '' Whether to enable relaying of Tor traffic for others. See <https://www.torproject.org/docs/tor-doc-relay> @@ -300,7 +300,7 @@ in role = mkOption { type = types.enum [ "exit" "relay" "bridge" "private-bridge" ]; - description = lib.mdDoc '' + description = '' Your role in Tor network. There're several options: - `exit`: @@ -385,7 +385,7 @@ in }; onionServices = mkOption { - description = lib.mdDoc (descriptionGeneric "HiddenServiceDir"); + description = (descriptionGeneric "HiddenServiceDir"); default = {}; example = { "example.org/www" = { @@ -398,7 +398,7 @@ in type = types.attrsOf (types.submodule ({name, config, ...}: { options.path = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' Path where to store the data files of the hidden service. If the {option}`secretKey` is null this defaults to `${stateDir}/onion/$onion`, @@ -409,7 +409,7 @@ in type = with types; nullOr path; default = null; example = "/run/keys/tor/onion/expyuzz4wqqyqhjn/hs_ed25519_secret_key"; - description = lib.mdDoc '' + description = '' Secret key of the onion service. If null, Tor reuses any preexisting secret key (in {option}`path`) or generates a new one. @@ -418,13 +418,13 @@ in ''; }; options.authorizeClient = mkOption { - description = lib.mdDoc (descriptionGeneric "HiddenServiceAuthorizeClient"); + description = (descriptionGeneric "HiddenServiceAuthorizeClient"); default = null; type = types.nullOr (types.submodule ({...}: { options = { authType = mkOption { type = types.enum [ "basic" "stealth" ]; - description = lib.mdDoc '' + description = '' Either `"basic"` for a general-purpose authorization protocol or `"stealth"` for a less scalable protocol that also hides service activity from unauthorized clients. @@ -432,7 +432,7 @@ in }; clientNames = mkOption { type = with types; nonEmptyListOf (strMatching "[A-Za-z0-9+-_]+"); - description = lib.mdDoc '' + description = '' Only clients that are listed here are authorized to access the hidden service. Generated authorization data can be found in {file}`${stateDir}/onion/$name/hostname`. Clients need to put this authorization data in their configuration file using @@ -443,7 +443,7 @@ in })); }; options.authorizedClients = mkOption { - description = lib.mdDoc '' + description = '' Authorized clients for a v3 onion service, as a list of public key, in the format: ``` @@ -456,7 +456,7 @@ in example = ["descriptor:x25519:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"]; }; options.map = mkOption { - description = lib.mdDoc (descriptionGeneric "HiddenServicePort"); + description = (descriptionGeneric "HiddenServicePort"); type = with types; listOf (oneOf [ port (submodule ({...}: { options = { @@ -477,12 +477,12 @@ in apply = map (v: if isInt v then {port=v; target=null;} else v); }; options.version = mkOption { - description = lib.mdDoc (descriptionGeneric "HiddenServiceVersion"); + description = (descriptionGeneric "HiddenServiceVersion"); type = with types; nullOr (enum [2 3]); default = null; }; options.settings = mkOption { - description = lib.mdDoc '' + description = '' Settings of the onion service. ${descriptionGeneric "_hidden_service_options"} ''; @@ -495,18 +495,18 @@ in options.HiddenServiceAllowUnknownPorts = optionBool "HiddenServiceAllowUnknownPorts"; options.HiddenServiceDirGroupReadable = optionBool "HiddenServiceDirGroupReadable"; options.HiddenServiceExportCircuitID = mkOption { - description = lib.mdDoc (descriptionGeneric "HiddenServiceExportCircuitID"); + description = (descriptionGeneric "HiddenServiceExportCircuitID"); type = with types; nullOr (enum ["haproxy"]); default = null; }; options.HiddenServiceMaxStreams = mkOption { - description = lib.mdDoc (descriptionGeneric "HiddenServiceMaxStreams"); + description = (descriptionGeneric "HiddenServiceMaxStreams"); type = with types; nullOr (ints.between 0 65535); default = null; }; options.HiddenServiceMaxStreamsCloseCircuit = optionBool "HiddenServiceMaxStreamsCloseCircuit"; options.HiddenServiceNumIntroductionPoints = mkOption { - description = lib.mdDoc (descriptionGeneric "HiddenServiceNumIntroductionPoints"); + description = (descriptionGeneric "HiddenServiceNumIntroductionPoints"); type = with types; nullOr (ints.between 0 20); default = null; }; @@ -529,7 +529,7 @@ in }; settings = mkOption { - description = lib.mdDoc '' + description = '' See [torrc manual](https://2019.www.torproject.org/docs/tor-manual.html.en) for documentation. ''; @@ -565,7 +565,7 @@ in options.ClientAutoIPv6ORPort = optionBool "ClientAutoIPv6ORPort"; options.ClientDNSRejectInternalAddresses = optionBool "ClientDNSRejectInternalAddresses"; options.ClientOnionAuthDir = mkOption { - description = lib.mdDoc (descriptionGeneric "ClientOnionAuthDir"); + description = (descriptionGeneric "ClientOnionAuthDir"); default = null; type = with types; nullOr path; }; @@ -578,7 +578,7 @@ in options.ConstrainedSockets = optionBool "ConstrainedSockets"; options.ContactInfo = optionString "ContactInfo"; options.ControlPort = mkOption rec { - description = lib.mdDoc (descriptionGeneric "ControlPort"); + description = (descriptionGeneric "ControlPort"); default = []; example = [{port = 9051;}]; type = with types; oneOf [port (enum ["auto"]) (listOf (oneOf [ @@ -613,7 +613,7 @@ in options.DormantTimeoutDisabledByIdleStreams = optionBool "DormantTimeoutDisabledByIdleStreams"; options.DirCache = optionBool "DirCache"; options.DirPolicy = mkOption { - description = lib.mdDoc (descriptionGeneric "DirPolicy"); + description = (descriptionGeneric "DirPolicy"); type = with types; listOf str; default = []; example = ["accept *:*"]; @@ -640,7 +640,7 @@ in options.ExitPortStatistics = optionBool "ExitPortStatistics"; options.ExitRelay = optionBool "ExitRelay"; # default is null and like "auto" options.ExtORPort = mkOption { - description = lib.mdDoc (descriptionGeneric "ExtORPort"); + description = (descriptionGeneric "ExtORPort"); default = null; type = with types; nullOr (oneOf [ port (enum ["auto"]) (submodule ({...}: { @@ -669,19 +669,19 @@ in options.GeoIPv6File = optionPath "GeoIPv6File"; options.GuardfractionFile = optionPath "GuardfractionFile"; options.HidServAuth = mkOption { - description = lib.mdDoc (descriptionGeneric "HidServAuth"); + description = (descriptionGeneric "HidServAuth"); default = []; type = with types; listOf (oneOf [ (submodule { options = { onion = mkOption { type = strMatching "[a-z2-7]{16}\\.onion"; - description = lib.mdDoc "Onion address."; + description = "Onion address."; example = "xxxxxxxxxxxxxxxx.onion"; }; auth = mkOption { type = strMatching "[A-Za-z0-9+/]{22}"; - description = lib.mdDoc "Authentication cookie."; + description = "Authentication cookie."; }; }; }) @@ -720,7 +720,7 @@ in options.ProtocolWarnings = optionBool "ProtocolWarnings"; options.PublishHidServDescriptors = optionBool "PublishHidServDescriptors"; options.PublishServerDescriptor = mkOption { - description = lib.mdDoc (descriptionGeneric "PublishServerDescriptor"); + description = (descriptionGeneric "PublishServerDescriptor"); type = with types; nullOr (enum [false true 0 1 "0" "1" "v3" "bridge"]); default = null; }; @@ -738,18 +738,18 @@ in options.ServerDNSResolvConfFile = optionPath "ServerDNSResolvConfFile"; options.ServerDNSSearchDomains = optionBool "ServerDNSSearchDomains"; options.ServerTransportPlugin = mkOption { - description = lib.mdDoc (descriptionGeneric "ServerTransportPlugin"); + description = (descriptionGeneric "ServerTransportPlugin"); default = null; type = with types; nullOr (submodule ({...}: { options = { transports = mkOption { - description = lib.mdDoc "List of pluggable transports."; + description = "List of pluggable transports."; type = listOf str; example = ["obfs2" "obfs3" "obfs4" "scramblesuit"]; }; exec = mkOption { type = types.str; - description = lib.mdDoc "Command of pluggable transport."; + description = "Command of pluggable transport."; }; }; })); @@ -757,13 +757,13 @@ in options.ShutdownWaitLength = mkOption { type = types.int; default = 30; - description = lib.mdDoc (descriptionGeneric "ShutdownWaitLength"); + description = (descriptionGeneric "ShutdownWaitLength"); }; options.SocksPolicy = optionStrings "SocksPolicy" // { example = ["accept *:*"]; }; options.SOCKSPort = mkOption { - description = lib.mdDoc (descriptionGeneric "SOCKSPort"); + description = (descriptionGeneric "SOCKSPort"); default = lib.optionals cfg.settings.HiddenServiceNonAnonymousMode [{port = 0;}]; defaultText = literalExpression '' if config.${opt.settings}.HiddenServiceNonAnonymousMode == true @@ -776,7 +776,7 @@ in options.TestingTorNetwork = optionBool "TestingTorNetwork"; options.TransPort = optionIsolablePorts "TransPort"; options.TransProxyType = mkOption { - description = lib.mdDoc (descriptionGeneric "TransProxyType"); + description = (descriptionGeneric "TransProxyType"); type = with types; nullOr (enum ["default" "TPROXY" "ipfw" "pf-divert"]); default = null; }; diff --git a/nixpkgs/nixos/modules/services/security/torify.nix b/nixpkgs/nixos/modules/services/security/torify.nix index 4d311adebcae..5f147ac4a30f 100644 --- a/nixpkgs/nixos/modules/services/security/torify.nix +++ b/nixpkgs/nixos/modules/services/security/torify.nix @@ -27,7 +27,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to build tsocks wrapper script to relay application traffic via Tor. ::: {.important} @@ -44,7 +44,7 @@ in type = types.str; default = "localhost:9050"; example = "192.168.0.20"; - description = lib.mdDoc '' + description = '' IP address of TOR client to use. ''; }; @@ -52,7 +52,7 @@ in config = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra configuration. Contents will be added verbatim to TSocks configuration file. ''; diff --git a/nixpkgs/nixos/modules/services/security/torsocks.nix b/nixpkgs/nixos/modules/services/security/torsocks.nix index 0647d7eb49bc..32047f613d9f 100644 --- a/nixpkgs/nixos/modules/services/security/torsocks.nix +++ b/nixpkgs/nixos/modules/services/security/torsocks.nix @@ -38,7 +38,7 @@ in type = types.bool; default = config.services.tor.enable && config.services.tor.client.enable; defaultText = literalExpression "config.services.tor.enable && config.services.tor.client.enable"; - description = lib.mdDoc '' + description = '' Whether to build `/etc/tor/torsocks.conf` containing the specified global torsocks configuration. ''; @@ -48,7 +48,7 @@ in type = types.str; default = "127.0.0.1:9050"; example = "192.168.0.20:1234"; - description = lib.mdDoc '' + description = '' IP/Port of the Tor SOCKS server. Currently, hostnames are NOT supported by torsocks. ''; @@ -58,7 +58,7 @@ in type = types.str; default = "127.0.0.1:9063"; example = "192.168.0.20:1234"; - description = lib.mdDoc '' + description = '' IP/Port of the Tor SOCKS server for torsocks-faster wrapper suitable for HTTP. Currently, hostnames are NOT supported by torsocks. ''; @@ -67,7 +67,7 @@ in onionAddrRange = mkOption { type = types.str; default = "127.42.42.0/24"; - description = lib.mdDoc '' + description = '' Tor hidden sites do not have real IP addresses. This specifies what range of IP addresses will be handed to the application as "cookies" for .onion names. Of course, you @@ -81,7 +81,7 @@ in type = types.nullOr types.str; default = null; example = "bob"; - description = lib.mdDoc '' + description = '' SOCKS5 username. The `TORSOCKS_USERNAME` environment variable overrides this option if it is set. ''; @@ -91,7 +91,7 @@ in type = types.nullOr types.str; default = null; example = "sekret"; - description = lib.mdDoc '' + description = '' SOCKS5 password. The `TORSOCKS_PASSWORD` environment variable overrides this option if it is set. ''; @@ -100,7 +100,7 @@ in allowInbound = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Set Torsocks to accept inbound connections. If set to `true`, listen() and accept() will be allowed to be used with non localhost address. diff --git a/nixpkgs/nixos/modules/services/security/usbguard.nix b/nixpkgs/nixos/modules/services/security/usbguard.nix index ff54176e13d3..17bffa57ef3a 100644 --- a/nixpkgs/nixos/modules/services/security/usbguard.nix +++ b/nixpkgs/nixos/modules/services/security/usbguard.nix @@ -37,7 +37,7 @@ in options = { services.usbguard = { - enable = mkEnableOption (lib.mdDoc "USBGuard daemon"); + enable = mkEnableOption "USBGuard daemon"; package = mkPackageOption pkgs "usbguard" { extraDescription = '' @@ -49,7 +49,7 @@ in type = types.nullOr types.path; default = "/var/lib/usbguard/rules.conf"; example = "/run/secrets/usbguard-rules"; - description = lib.mdDoc '' + description = '' This tells the USBGuard daemon which file to load as policy rule set. The file can be changed manually or via the IPC interface assuming it has the right file permissions. @@ -64,7 +64,7 @@ in example = '' allow with-interface equals { 08:*:* } ''; - description = lib.mdDoc '' + description = '' The USBGuard daemon will load this as the policy rule set. As these rules are NixOS managed they are immutable and can't be changed by the IPC interface. @@ -82,7 +82,7 @@ in implicitPolicyTarget = mkOption { type = types.enum [ "allow" "block" "reject" ]; default = "block"; - description = lib.mdDoc '' + description = '' How to treat USB devices that don't match any rule in the policy. Target should be one of allow, block or reject (logically remove the device node from the system). @@ -92,7 +92,7 @@ in presentDevicePolicy = mkOption { type = policy; default = "apply-policy"; - description = lib.mdDoc '' + description = '' How to treat USB devices that are already connected when the daemon starts. Policy should be one of allow, block, reject, keep (keep whatever state the device is currently in) or apply-policy (evaluate @@ -103,7 +103,7 @@ in presentControllerPolicy = mkOption { type = policy; default = "keep"; - description = lib.mdDoc '' + description = '' How to treat USB controller devices that are already connected when the daemon starts. One of allow, block, reject, keep or apply-policy. ''; @@ -112,7 +112,7 @@ in insertedDevicePolicy = mkOption { type = types.enum [ "block" "reject" "apply-policy" ]; default = "apply-policy"; - description = lib.mdDoc '' + description = '' How to treat USB devices that are already connected after the daemon starts. One of block, reject, apply-policy. ''; @@ -121,7 +121,7 @@ in restoreControllerDeviceState = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' The USBGuard daemon modifies some attributes of controller devices like the default authorization state of new child device instances. Using this setting, you can control whether the daemon @@ -134,7 +134,7 @@ in type = types.listOf types.str; default = [ "root" ]; example = [ "root" "yourusername" ]; - description = lib.mdDoc '' + description = '' A list of usernames that the daemon will accept IPC connections from. ''; }; @@ -143,7 +143,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "wheel" ]; - description = lib.mdDoc '' + description = '' A list of groupnames that the daemon will accept IPC connections from. ''; @@ -152,12 +152,12 @@ in deviceRulesWithPort = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Generate device specific rules including the "via-port" attribute. ''; }; - dbus.enable = mkEnableOption (lib.mdDoc "USBGuard dbus daemon"); + dbus.enable = mkEnableOption "USBGuard dbus daemon"; }; }; diff --git a/nixpkgs/nixos/modules/services/security/vault-agent.nix b/nixpkgs/nixos/modules/services/security/vault-agent.nix index f8c281442f5f..fd3e39fb6598 100644 --- a/nixpkgs/nixos/modules/services/security/vault-agent.nix +++ b/nixpkgs/nixos/modules/services/security/vault-agent.nix @@ -6,20 +6,20 @@ let format = pkgs.formats.json { }; commonOptions = { pkgName, flavour ? pkgName }: mkOption { default = { }; - description = mdDoc '' + description = '' Attribute set of ${flavour} instances. Creates independent `${flavour}-''${name}.service` systemd units for each instance defined here. ''; type = with types; attrsOf (submodule ({ name, ... }: { options = { - enable = mkEnableOption (mdDoc "this ${flavour} instance") // { default = true; }; + enable = mkEnableOption "this ${flavour} instance" // { default = true; }; package = mkPackageOption pkgs pkgName { }; user = mkOption { type = types.str; default = "root"; - description = mdDoc '' + description = '' User under which this instance runs. ''; }; @@ -27,7 +27,7 @@ let group = mkOption { type = types.str; default = "root"; - description = mdDoc '' + description = '' Group under which this instance runs. ''; }; @@ -40,7 +40,7 @@ let pid_file = mkOption { default = "/run/${flavour}/${name}.pid"; type = types.str; - description = mdDoc '' + description = '' Path to use for the pid file. ''; }; @@ -53,8 +53,7 @@ let if flavour == "vault-agent" then "https://developer.hashicorp.com/vault/docs/agent/template" else "https://github.com/hashicorp/consul-template/blob/main/docs/configuration.md#templates"; - in - mdDoc '' + in '' Template section of ${flavour}. Refer to <${upstreamDocs}> for supported values. ''; @@ -69,8 +68,7 @@ let if flavour == "vault-agent" then "https://developer.hashicorp.com/vault/docs/agent#configuration-file-options" else "https://github.com/hashicorp/consul-template/blob/main/docs/configuration.md#configuration-file"; - in - mdDoc '' + in '' Free-form settings written directly to the `config.json` file. Refer to <${upstreamDocs}> for supported values. diff --git a/nixpkgs/nixos/modules/services/security/vault.nix b/nixpkgs/nixos/modules/services/security/vault.nix index 31782073968f..650f9bda99c3 100644 --- a/nixpkgs/nixos/modules/services/security/vault.nix +++ b/nixpkgs/nixos/modules/services/security/vault.nix @@ -43,22 +43,22 @@ in { options = { services.vault = { - enable = mkEnableOption (lib.mdDoc "Vault daemon"); + enable = mkEnableOption "Vault daemon"; package = mkPackageOption pkgs "vault" { }; dev = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' In this mode, Vault runs in-memory and starts unsealed. This option is not meant production but for development and testing i.e. for nixos tests. ''; }; devRootTokenID = mkOption { - type = types.str; - default = false; - description = lib.mdDoc '' + type = types.nullOr types.str; + default = null; + description = '' Initial root token. This only applies when {option}`services.vault.dev` is true ''; }; @@ -66,21 +66,21 @@ in address = mkOption { type = types.str; default = "127.0.0.1:8200"; - description = lib.mdDoc "The name of the ip interface to listen to"; + description = "The name of the ip interface to listen to"; }; tlsCertFile = mkOption { type = types.nullOr types.str; default = null; example = "/path/to/your/cert.pem"; - description = lib.mdDoc "TLS certificate file. TLS will be disabled unless this option is set"; + description = "TLS certificate file. TLS will be disabled unless this option is set"; }; tlsKeyFile = mkOption { type = types.nullOr types.str; default = null; example = "/path/to/your/key.pem"; - description = lib.mdDoc "TLS private key file. TLS will be disabled unless this option is set"; + description = "TLS private key file. TLS will be disabled unless this option is set"; }; listenerExtraConfig = mkOption { @@ -88,13 +88,13 @@ in default = '' tls_min_version = "tls12" ''; - description = lib.mdDoc "Extra text appended to the listener section."; + description = "Extra text appended to the listener section."; }; storageBackend = mkOption { type = types.enum [ "inmem" "file" "consul" "zookeeper" "s3" "azure" "dynamodb" "etcd" "mssql" "mysql" "postgresql" "swift" "gcs" "raft" ]; default = "inmem"; - description = lib.mdDoc "The name of the type of storage backend"; + description = "The name of the type of storage backend"; }; storagePath = mkOption { @@ -105,13 +105,13 @@ in then "/var/lib/vault" else null ''; - description = lib.mdDoc "Data directory for file backend"; + description = "Data directory for file backend"; }; storageConfig = mkOption { type = types.nullOr types.lines; default = null; - description = lib.mdDoc '' + description = '' HCL configuration to insert in the storageBackend section. Confidential values should not be specified here because this option's @@ -124,19 +124,19 @@ in telemetryConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Telemetry configuration"; + description = "Telemetry configuration"; }; extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Extra text appended to {file}`vault.hcl`."; + description = "Extra text appended to {file}`vault.hcl`."; }; extraSettingsPaths = mkOption { type = types.listOf types.path; default = []; - description = lib.mdDoc '' + description = '' Configuration files to load besides the immutable one defined by the NixOS module. This can be used to avoid putting credentials in the Nix store, which can be read by any user. diff --git a/nixpkgs/nixos/modules/services/security/vaultwarden/default.nix b/nixpkgs/nixos/modules/services/security/vaultwarden/default.nix index 60d8015d0cee..33957be437b3 100644 --- a/nixpkgs/nixos/modules/services/security/vaultwarden/default.nix +++ b/nixpkgs/nixos/modules/services/security/vaultwarden/default.nix @@ -1,7 +1,5 @@ { config, lib, pkgs, ... }: -with lib; - let cfg = config.services.vaultwarden; user = config.users.users.vaultwarden.name; @@ -11,60 +9,60 @@ let nameToEnvVar = name: let parts = builtins.split "([A-Z0-9]+)" name; - partsToEnvVar = parts: foldl' (key: x: let last = stringLength key - 1; in - if isList x then key + optionalString (key != "" && substring last 1 key != "_") "_" + head x - else if key != "" && elem (substring 0 1 x) lowerChars then # to handle e.g. [ "disable" [ "2FAR" ] "emember" ] - substring 0 last key + optionalString (substring (last - 1) 1 key != "_") "_" + substring last 1 key + toUpper x - else key + toUpper x) "" parts; + partsToEnvVar = parts: lib.foldl' (key: x: let last = lib.stringLength key - 1; in + if lib.isList x then key + lib.optionalString (key != "" && lib.substring last 1 key != "_") "_" + lib.head x + else if key != "" && lib.elem (lib.substring 0 1 x) lib.lowerChars then # to handle e.g. [ "disable" [ "2FAR" ] "emember" ] + lib.substring 0 last key + lib.optionalString (lib.substring (last - 1) 1 key != "_") "_" + lib.substring last 1 key + lib.toUpper x + else key + lib.toUpper x) "" parts; in if builtins.match "[A-Z0-9_]+" name != null then name else partsToEnvVar parts; # Due to the different naming schemes allowed for config keys, # we can only check for values consistently after converting them to their corresponding environment variable name. configEnv = let - configEnv = concatMapAttrs (name: value: optionalAttrs (value != null) { - ${nameToEnvVar name} = if isBool value then boolToString value else toString value; + configEnv = lib.concatMapAttrs (name: value: lib.optionalAttrs (value != null) { + ${nameToEnvVar name} = if lib.isBool value then lib.boolToString value else toString value; }) cfg.config; - in { DATA_FOLDER = "/var/lib/bitwarden_rs"; } // optionalAttrs (!(configEnv ? WEB_VAULT_ENABLED) || configEnv.WEB_VAULT_ENABLED == "true") { + in { DATA_FOLDER = "/var/lib/bitwarden_rs"; } // lib.optionalAttrs (!(configEnv ? WEB_VAULT_ENABLED) || configEnv.WEB_VAULT_ENABLED == "true") { WEB_VAULT_FOLDER = "${cfg.webVaultPackage}/share/vaultwarden/vault"; } // configEnv; - configFile = pkgs.writeText "vaultwarden.env" (concatStrings (mapAttrsToList (name: value: "${name}=${value}\n") configEnv)); + configFile = pkgs.writeText "vaultwarden.env" (lib.concatStrings (lib.mapAttrsToList (name: value: "${name}=${value}\n") configEnv)); vaultwarden = cfg.package.override { inherit (cfg) dbBackend; }; in { imports = [ - (mkRenamedOptionModule [ "services" "bitwarden_rs" ] [ "services" "vaultwarden" ]) + (lib.mkRenamedOptionModule [ "services" "bitwarden_rs" ] [ "services" "vaultwarden" ]) ]; - options.services.vaultwarden = with types; { - enable = mkEnableOption (lib.mdDoc "vaultwarden"); + options.services.vaultwarden = { + enable = lib.mkEnableOption "vaultwarden"; - dbBackend = mkOption { - type = enum [ "sqlite" "mysql" "postgresql" ]; + dbBackend = lib.mkOption { + type = lib.types.enum [ "sqlite" "mysql" "postgresql" ]; default = "sqlite"; - description = lib.mdDoc '' + description = '' Which database backend vaultwarden will be using. ''; }; - backupDir = mkOption { - type = nullOr str; + backupDir = lib.mkOption { + type = with lib.types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' The directory under which vaultwarden will backup its persistent data. ''; example = "/var/backup/vaultwarden"; }; - config = mkOption { - type = attrsOf (nullOr (oneOf [ bool int str ])); + config = lib.mkOption { + type = with lib.types; attrsOf (nullOr (oneOf [ bool int str ])); default = { ROCKET_ADDRESS = "::1"; # default to localhost ROCKET_PORT = 8222; }; - example = literalExpression '' + example = lib.literalExpression '' { DOMAIN = "https://bitwarden.example.com"; SIGNUPS_ALLOWED = false; @@ -101,7 +99,7 @@ in { SMTP_FROM_NAME = "example.com Bitwarden server"; } ''; - description = lib.mdDoc '' + description = '' The configuration of vaultwarden is done through environment variables, therefore it is recommended to use upper snake case (e.g. {env}`DISABLE_2FA_REMEMBER`). @@ -125,29 +123,21 @@ in { ''; }; - environmentFile = mkOption { - type = with types; nullOr path; + environmentFile = lib.mkOption { + type = with lib.types; nullOr path; default = null; example = "/var/lib/vaultwarden.env"; - description = lib.mdDoc '' + description = '' Additional environment file as defined in {manpage}`systemd.exec(5)`. Secrets like {env}`ADMIN_TOKEN` and {env}`SMTP_PASSWORD` - may be passed to the service without adding them to the world-readable Nix store. + should be passed to the service without adding them to the world-readable Nix store. - Note that this file needs to be available on the host on which - `vaultwarden` is running. + Note that this file needs to be available on the host on which `vaultwarden` is running. - As a concrete example, to make the Admin UI available - (from which new users can be invited initially), + As a concrete example, to make the Admin UI available (from which new users can be invited initially), the secret {env}`ADMIN_TOKEN` needs to be defined as described - [here](https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page). - Setting `environmentFile` to `/var/lib/vaultwarden.env` - and ensuring permissions with e.g. - `chown vaultwarden:vaultwarden /var/lib/vaultwarden.env` - (the `vaultwarden` user will only exist after activating with - `enable = true;` before this), we can set the contents of the file to have - contents such as: + [here](https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page): ``` # Admin secret token, see @@ -157,17 +147,17 @@ in { ''; }; - package = mkPackageOption pkgs "vaultwarden" { }; + package = lib.mkPackageOption pkgs "vaultwarden" { }; - webVaultPackage = mkOption { - type = package; + webVaultPackage = lib.mkOption { + type = lib.types.package; default = pkgs.vaultwarden.webvault; - defaultText = literalExpression "pkgs.vaultwarden.webvault"; - description = lib.mdDoc "Web vault package to use."; + defaultText = lib.literalExpression "pkgs.vaultwarden.webvault"; + description = "Web vault package to use."; }; }; - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { assertions = [ { assertion = cfg.backupDir != null -> cfg.dbBackend == "sqlite"; message = "Backups for database backends other than sqlite will need customization"; @@ -185,7 +175,7 @@ in { serviceConfig = { User = user; Group = group; - EnvironmentFile = [ configFile ] ++ optional (cfg.environmentFile != null) cfg.environmentFile; + EnvironmentFile = [ configFile ] ++ lib.optional (cfg.environmentFile != null) cfg.environmentFile; ExecStart = "${vaultwarden}/bin/vaultwarden"; LimitNOFILE = "1048576"; PrivateTmp = "true"; @@ -200,7 +190,7 @@ in { wantedBy = [ "multi-user.target" ]; }; - systemd.services.backup-vaultwarden = mkIf (cfg.backupDir != null) { + systemd.services.backup-vaultwarden = lib.mkIf (cfg.backupDir != null) { description = "Backup vaultwarden"; environment = { DATA_FOLDER = "/var/lib/bitwarden_rs"; @@ -212,24 +202,24 @@ in { serviceConfig = { SyslogIdentifier = "backup-vaultwarden"; Type = "oneshot"; - User = mkDefault user; - Group = mkDefault group; + User = lib.mkDefault user; + Group = lib.mkDefault group; ExecStart = "${pkgs.bash}/bin/bash ${./backup.sh}"; }; wantedBy = [ "multi-user.target" ]; }; - systemd.timers.backup-vaultwarden = mkIf (cfg.backupDir != null) { + systemd.timers.backup-vaultwarden = lib.mkIf (cfg.backupDir != null) { description = "Backup vaultwarden on time"; timerConfig = { - OnCalendar = mkDefault "23:00"; + OnCalendar = lib.mkDefault "23:00"; Persistent = "true"; Unit = "backup-vaultwarden.service"; }; wantedBy = [ "multi-user.target" ]; }; - systemd.tmpfiles.settings = mkIf (cfg.backupDir != null) { + systemd.tmpfiles.settings = lib.mkIf (cfg.backupDir != null) { "10-vaultwarden".${cfg.backupDir}.d = { inherit user group; mode = "0770"; diff --git a/nixpkgs/nixos/modules/services/security/yubikey-agent.nix b/nixpkgs/nixos/modules/services/security/yubikey-agent.nix index 3d5f84af2cf4..991f6a559545 100644 --- a/nixpkgs/nixos/modules/services/security/yubikey-agent.nix +++ b/nixpkgs/nixos/modules/services/security/yubikey-agent.nix @@ -18,12 +18,12 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to start yubikey-agent when you log in. Also sets SSH_AUTH_SOCK to point at yubikey-agent. Note that yubikey-agent will use whatever pinentry is - specified in programs.gnupg.agent.pinentryFlavor. + specified in programs.gnupg.agent.pinentryPackage. ''; }; diff --git a/nixpkgs/nixos/modules/services/system/automatic-timezoned.nix b/nixpkgs/nixos/modules/services/system/automatic-timezoned.nix index 7d3cd004a7ba..6150aa22cfbd 100644 --- a/nixpkgs/nixos/modules/services/system/automatic-timezoned.nix +++ b/nixpkgs/nixos/modules/services/system/automatic-timezoned.nix @@ -11,7 +11,7 @@ in enable = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Enable `automatic-timezoned`, simple daemon for keeping the system timezone up-to-date based on the current location. It uses geoclue2 to determine the current location and systemd-timedated to actually set diff --git a/nixpkgs/nixos/modules/services/system/bpftune.nix b/nixpkgs/nixos/modules/services/system/bpftune.nix index 7106d5e4f78e..295aba28c05f 100644 --- a/nixpkgs/nixos/modules/services/system/bpftune.nix +++ b/nixpkgs/nixos/modules/services/system/bpftune.nix @@ -9,7 +9,7 @@ in options = { services.bpftune = { - enable = lib.mkEnableOption (lib.mdDoc "bpftune BPF driven auto-tuning"); + enable = lib.mkEnableOption "bpftune BPF driven auto-tuning"; package = lib.mkPackageOption pkgs "bpftune" { }; }; diff --git a/nixpkgs/nixos/modules/services/system/cachix-agent/default.nix b/nixpkgs/nixos/modules/services/system/cachix-agent/default.nix index f8020fe970f1..a6fe9f0cfed4 100644 --- a/nixpkgs/nixos/modules/services/system/cachix-agent/default.nix +++ b/nixpkgs/nixos/modules/services/system/cachix-agent/default.nix @@ -8,31 +8,31 @@ in { meta.maintainers = [ lib.maintainers.domenkozar ]; options.services.cachix-agent = { - enable = mkEnableOption (lib.mdDoc "Cachix Deploy Agent: https://docs.cachix.org/deploy/"); + enable = mkEnableOption "Cachix Deploy Agent: https://docs.cachix.org/deploy/"; name = mkOption { type = types.str; - description = lib.mdDoc "Agent name, usually same as the hostname"; + description = "Agent name, usually same as the hostname"; default = config.networking.hostName; defaultText = "config.networking.hostName"; }; verbose = mkOption { type = types.bool; - description = lib.mdDoc "Enable verbose output"; + description = "Enable verbose output"; default = false; }; profile = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "Profile name, defaults to 'system' (NixOS)."; + description = "Profile name, defaults to 'system' (NixOS)."; }; host = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "Cachix uri to use."; + description = "Cachix uri to use."; }; package = mkPackageOption pkgs "cachix" { }; @@ -40,7 +40,7 @@ in { credentialsFile = mkOption { type = types.path; default = "/etc/cachix-agent.token"; - description = lib.mdDoc '' + description = '' Required file that needs to contain CACHIX_AGENT_TOKEN=... ''; }; diff --git a/nixpkgs/nixos/modules/services/system/cachix-watch-store.nix b/nixpkgs/nixos/modules/services/system/cachix-watch-store.nix index d48af29465aa..ead3503d7e03 100644 --- a/nixpkgs/nixos/modules/services/system/cachix-watch-store.nix +++ b/nixpkgs/nixos/modules/services/system/cachix-watch-store.nix @@ -9,23 +9,23 @@ in meta.maintainers = [ lib.maintainers.jfroche lib.maintainers.domenkozar ]; options.services.cachix-watch-store = { - enable = mkEnableOption (lib.mdDoc "Cachix Watch Store: https://docs.cachix.org"); + enable = mkEnableOption "Cachix Watch Store: https://docs.cachix.org"; cacheName = mkOption { type = types.str; - description = lib.mdDoc "Cachix binary cache name"; + description = "Cachix binary cache name"; }; cachixTokenFile = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' Required file that needs to contain the cachix auth token. ''; }; signingKeyFile = mkOption { type = types.nullOr types.path; - description = lib.mdDoc '' + description = '' Optional file containing a self-managed signing key to sign uploaded store paths. ''; default = null; @@ -33,25 +33,25 @@ in compressionLevel = mkOption { type = types.nullOr types.int; - description = lib.mdDoc "The compression level for ZSTD compression (between 0 and 16)"; + description = "The compression level for ZSTD compression (between 0 and 16)"; default = null; }; jobs = mkOption { type = types.nullOr types.int; - description = lib.mdDoc "Number of threads used for pushing store paths"; + description = "Number of threads used for pushing store paths"; default = null; }; host = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "Cachix host to connect to"; + description = "Cachix host to connect to"; }; verbose = mkOption { type = types.bool; - description = lib.mdDoc "Enable verbose output"; + description = "Enable verbose output"; default = false; }; diff --git a/nixpkgs/nixos/modules/services/system/cloud-init.nix b/nixpkgs/nixos/modules/services/system/cloud-init.nix index 00ae77be4271..5d7258cac778 100644 --- a/nixpkgs/nixos/modules/services/system/cloud-init.nix +++ b/nixpkgs/nixos/modules/services/system/cloud-init.nix @@ -17,6 +17,7 @@ let ++ optional cfg.ext4.enable e2fsprogs ++ optional cfg.xfs.enable xfsprogs ; + hasFs = fsName: lib.any (fs: fs.fsType == fsName) (lib.attrValues config.fileSystems); settingsFormat = pkgs.formats.yaml { }; cfgfile = settingsFormat.generate "cloud.cfg" cfg.settings; in @@ -26,7 +27,7 @@ in enable = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Enable the cloud-init service. This services reads configuration metadata in a cloud environment and configures the machine according to this metadata. @@ -44,24 +45,27 @@ in btrfs.enable = mkOption { type = types.bool; - default = false; - description = mdDoc '' + default = hasFs "btrfs"; + defaultText = literalExpression ''hasFs "btrfs"''; + description = '' Allow the cloud-init service to operate `btrfs` filesystem. ''; }; ext4.enable = mkOption { type = types.bool; - default = true; - description = mdDoc '' + default = hasFs "ext4"; + defaultText = literalExpression ''hasFs "ext4"''; + description = '' Allow the cloud-init service to operate `ext4` filesystem. ''; }; xfs.enable = mkOption { type = types.bool; - default = false; - description = mdDoc '' + default = hasFs "xfs"; + defaultText = literalExpression ''hasFs "xfs"''; + description = '' Allow the cloud-init service to operate `xfs` filesystem. ''; }; @@ -69,14 +73,14 @@ in network.enable = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Allow the cloud-init service to configure network interfaces through systemd-networkd. ''; }; settings = mkOption { - description = mdDoc '' + description = '' Structured cloud-init configuration. ''; type = types.submodule { @@ -88,7 +92,7 @@ in config = mkOption { type = types.str; default = ""; - description = mdDoc '' + description = '' raw cloud-init configuration. Takes precedence over the `settings` option if set. @@ -204,7 +208,7 @@ in description = "Apply the settings specified in cloud-config"; wantedBy = [ "multi-user.target" ]; wants = [ "network-online.target" ]; - after = [ "network-online.target" "syslog.target" "cloud-config.target" ]; + after = [ "network-online.target" "cloud-config.target" ]; path = path; serviceConfig = { @@ -220,7 +224,7 @@ in description = "Execute cloud user/final scripts"; wantedBy = [ "multi-user.target" ]; wants = [ "network-online.target" ]; - after = [ "network-online.target" "syslog.target" "cloud-config.service" "rc-local.service" ]; + after = [ "network-online.target" "cloud-config.service" "rc-local.service" ]; requires = [ "cloud-config.target" ]; path = path; serviceConfig = { diff --git a/nixpkgs/nixos/modules/services/system/dbus.nix b/nixpkgs/nixos/modules/services/system/dbus.nix index e8f8b48d0337..8dba0aca6433 100644 --- a/nixpkgs/nixos/modules/services/system/dbus.nix +++ b/nixpkgs/nixos/modules/services/system/dbus.nix @@ -22,7 +22,7 @@ in options = { boot.initrd.systemd.dbus = { - enable = mkEnableOption (lib.mdDoc "dbus in stage 1"); + enable = mkEnableOption "dbus in stage 1"; }; services.dbus = { @@ -31,7 +31,7 @@ in type = types.bool; default = false; internal = true; - description = lib.mdDoc '' + description = '' Whether to start the D-Bus message bus daemon, which is required by many other system services and applications. ''; @@ -40,7 +40,7 @@ in implementation = mkOption { type = types.enum [ "dbus" "broker" ]; default = "dbus"; - description = lib.mdDoc '' + description = '' The implementation to use for the message bus defined by the D-Bus specification. Can be either the classic dbus daemon or dbus-broker, which aims to provide high performance and reliability, while keeping compatibility to the D-Bus @@ -52,7 +52,7 @@ in packages = mkOption { type = types.listOf types.path; default = [ ]; - description = lib.mdDoc '' + description = '' Packages whose D-Bus configuration files should be included in the configuration of the D-Bus system-wide or session-wide message bus. Specifically, files in the following directories @@ -68,7 +68,7 @@ in apparmor = mkOption { type = types.enum [ "enabled" "disabled" "required" ]; - description = lib.mdDoc '' + description = '' AppArmor mode for dbus. `enabled` enables mediation when it's @@ -101,6 +101,11 @@ in users.groups.messagebus.gid = config.ids.gids.messagebus; + # Install dbus for dbus tools even when using dbus-broker + environment.systemPackages = [ + pkgs.dbus + ]; + # You still need the dbus reference implementation installed to use dbus-broker systemd.packages = [ pkgs.dbus @@ -132,10 +137,6 @@ in }) (mkIf (cfg.implementation == "dbus") { - environment.systemPackages = [ - pkgs.dbus - ]; - security.wrappers.dbus-daemon-launch-helper = { source = "${pkgs.dbus}/libexec/dbus-daemon-launch-helper"; owner = "root"; diff --git a/nixpkgs/nixos/modules/services/system/earlyoom.nix b/nixpkgs/nixos/modules/services/system/earlyoom.nix index 38805eba2ca1..7e012dee02cb 100644 --- a/nixpkgs/nixos/modules/services/system/earlyoom.nix +++ b/nixpkgs/nixos/modules/services/system/earlyoom.nix @@ -4,19 +4,33 @@ let cfg = config.services.earlyoom; inherit (lib) - mkDefault mkEnableOption mkIf mkOption types - mkRemovedOptionModule literalExpression - escapeShellArg concatStringsSep optional optionalString; - + concatStringsSep + escapeShellArg + literalExpression + mkDefault + mkEnableOption + mkIf + mkOption + mkPackageOption + mkRemovedOptionModule + optionalString + optionals + types; in { + meta = { + maintainers = with lib.maintainers; [ AndersonTorres ]; + }; + options.services.earlyoom = { - enable = mkEnableOption (lib.mdDoc "early out of memory killing"); + enable = mkEnableOption "early out of memory killing"; + + package = mkPackageOption pkgs "earlyoom" { }; freeMemThreshold = mkOption { type = types.ints.between 1 100; default = 10; - description = lib.mdDoc '' + description = '' Minimum available memory (in percent). If the available memory falls below this threshold (and the analog is true for @@ -32,7 +46,7 @@ in freeMemKillThreshold = mkOption { type = types.nullOr (types.ints.between 1 100); default = null; - description = lib.mdDoc '' + description = '' Minimum available memory (in percent) before sending SIGKILL. If unset, this defaults to half of {option}`freeMemThreshold`. @@ -43,7 +57,7 @@ in freeSwapThreshold = mkOption { type = types.ints.between 1 100; default = 10; - description = lib.mdDoc '' + description = '' Minimum free swap space (in percent) before sending SIGTERM. See the description of [](#opt-services.earlyoom.freeMemThreshold). @@ -53,7 +67,7 @@ in freeSwapKillThreshold = mkOption { type = types.nullOr (types.ints.between 1 100); default = null; - description = lib.mdDoc '' + description = '' Minimum free swap space (in percent) before sending SIGKILL. If unset, this defaults to half of {option}`freeSwapThreshold`. @@ -64,7 +78,7 @@ in enableDebugInfo = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable debugging messages. ''; }; @@ -72,7 +86,7 @@ in enableNotifications = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Send notifications about killed processes via the system d-bus. WARNING: enabling this option (while convenient) should *not* be done on a @@ -95,7 +109,7 @@ in echo "Process $EARLYOOM_NAME ($EARLYOOM_PID) was killed" >> /path/to/log ''' ''; - description = lib.mdDoc '' + description = '' An absolute path to an executable to be run for each process killed. Some environment variables are available, see [README](https://github.com/rfjakob/earlyoom#notifications) and @@ -108,14 +122,14 @@ in type = types.int; default = 3600; example = 0; - description = lib.mdDoc "Interval (in seconds) at which a memory report is printed (set to 0 to disable)."; + description = "Interval (in seconds) at which a memory report is printed (set to 0 to disable)."; }; extraArgs = mkOption { type = types.listOf types.str; default = []; example = [ "-g" "--prefer '(^|/)(java|chromium)$'" ]; - description = lib.mdDoc "Extra command-line arguments to be passed to earlyoom."; + description = "Extra command-line arguments to be passed to earlyoom."; }; }; @@ -138,22 +152,21 @@ in systemd.services.earlyoom = { description = "Early OOM Daemon for Linux"; wantedBy = [ "multi-user.target" ]; - path = optional cfg.enableNotifications pkgs.dbus; + path = optionals cfg.enableNotifications [ pkgs.dbus ]; serviceConfig = { StandardError = "journal"; ExecStart = concatStringsSep " " ([ - "${pkgs.earlyoom}/bin/earlyoom" + "${lib.getExe cfg.package}" ("-m ${toString cfg.freeMemThreshold}" - + optionalString (cfg.freeMemKillThreshold != null) ",${toString cfg.freeMemKillThreshold}") + + optionalString (cfg.freeMemKillThreshold != null) ",${toString cfg.freeMemKillThreshold}") ("-s ${toString cfg.freeSwapThreshold}" - + optionalString (cfg.freeSwapKillThreshold != null) ",${toString cfg.freeSwapKillThreshold}") + + optionalString (cfg.freeSwapKillThreshold != null) ",${toString cfg.freeSwapKillThreshold}") "-r ${toString cfg.reportInterval}" ] - ++ optional cfg.enableDebugInfo "-d" - ++ optional cfg.enableNotifications "-n" - ++ optional (cfg.killHook != null) "-N ${escapeShellArg cfg.killHook}" - ++ cfg.extraArgs - ); + ++ optionals cfg.enableDebugInfo [ "-d" ] + ++ optionals cfg.enableNotifications [ "-n" ] + ++ optionals (cfg.killHook != null) [ "-N ${escapeShellArg cfg.killHook}" ] + ++ cfg.extraArgs); }; }; }; diff --git a/nixpkgs/nixos/modules/services/system/kerberos/default.nix b/nixpkgs/nixos/modules/services/system/kerberos/default.nix index 486d4b49c195..7fe970c9609a 100644 --- a/nixpkgs/nixos/modules/services/system/kerberos/default.nix +++ b/nixpkgs/nixos/modules/services/system/kerberos/default.nix @@ -9,19 +9,19 @@ let options = { principal = mkOption { type = types.str; - description = lib.mdDoc "Which principal the rule applies to"; + description = "Which principal the rule applies to"; }; access = mkOption { type = types.either (types.listOf (types.enum ["add" "cpw" "delete" "get" "list" "modify"])) (types.enum ["all"]); default = "all"; - description = lib.mdDoc "The changes the principal is allowed to make."; + description = "The changes the principal is allowed to make."; }; target = mkOption { type = types.str; default = "*"; - description = lib.mdDoc "The principals that 'access' applies to."; + description = "The principals that 'access' applies to."; }; }; }; @@ -34,7 +34,7 @@ let { principal = "*/admin"; access = "all"; } { principal = "admin"; access = "all"; } ]; - description = lib.mdDoc '' + description = '' The privileges granted to a user. ''; }; @@ -51,11 +51,11 @@ in ###### interface options = { services.kerberos_server = { - enable = lib.mkEnableOption (lib.mdDoc "the kerberos authentication server"); + enable = lib.mkEnableOption "the kerberos authentication server"; realms = mkOption { type = types.attrsOf (types.submodule realm); - description = lib.mdDoc '' + description = '' The realm(s) to serve keys for. ''; }; diff --git a/nixpkgs/nixos/modules/services/system/localtimed.nix b/nixpkgs/nixos/modules/services/system/localtimed.nix index 345bdbd8dda0..8af22892a117 100644 --- a/nixpkgs/nixos/modules/services/system/localtimed.nix +++ b/nixpkgs/nixos/modules/services/system/localtimed.nix @@ -12,7 +12,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable `localtimed`, a simple daemon for keeping the system timezone up-to-date based on the current location. It uses geoclue2 to determine the current location. diff --git a/nixpkgs/nixos/modules/services/system/nix-daemon.nix b/nixpkgs/nixos/modules/services/system/nix-daemon.nix index ce255cd8d0a4..0a5b0e2fcb80 100644 --- a/nixpkgs/nixos/modules/services/system/nix-daemon.nix +++ b/nixpkgs/nixos/modules/services/system/nix-daemon.nix @@ -54,7 +54,7 @@ in enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable Nix. Disabling Nix makes the system hard to modify and the Nix programs and configuration will not be made available by NixOS itself. ''; @@ -64,7 +64,7 @@ in type = types.package; default = pkgs.nix; defaultText = literalExpression "pkgs.nix"; - description = lib.mdDoc '' + description = '' This option specifies the Nix package instance to use throughout the system. ''; }; @@ -73,7 +73,7 @@ in type = types.enum [ "other" "batch" "idle" ]; default = "other"; example = "batch"; - description = lib.mdDoc '' + description = '' Nix daemon process CPU scheduling policy. This policy propagates to build processes. `other` is the default scheduling policy for regular tasks. The `batch` policy is @@ -103,7 +103,7 @@ in type = types.enum [ "best-effort" "idle" ]; default = "best-effort"; example = "idle"; - description = lib.mdDoc '' + description = '' Nix daemon process I/O scheduling class. This class propagates to build processes. `best-effort` is the default class for regular tasks. The `idle` class is for @@ -126,7 +126,7 @@ in type = types.int; default = 4; example = 1; - description = lib.mdDoc '' + description = '' Nix daemon process I/O scheduling priority. This priority propagates to build processes. The supported priorities depend on the scheduling policy: With idle, priorities are not used in scheduling @@ -140,12 +140,12 @@ in type = types.attrs; internal = true; default = { }; - description = lib.mdDoc "Environment variables used by Nix."; + description = "Environment variables used by Nix."; }; nrBuildUsers = mkOption { type = types.int; - description = lib.mdDoc '' + description = '' Number of `nixbld` user accounts created to perform secure concurrent builds. If you receive an error message saying that “all build users are currently in use”, @@ -247,7 +247,7 @@ in users.users = nixbldUsers; - services.xserver.displayManager.hiddenUsers = attrNames nixbldUsers; + services.displayManager.hiddenUsers = attrNames nixbldUsers; # Legacy configuration conversion. nix.settings = mkMerge [ diff --git a/nixpkgs/nixos/modules/services/system/nscd.nix b/nixpkgs/nixos/modules/services/system/nscd.nix index 971dffbadc13..1bf3583336e2 100644 --- a/nixpkgs/nixos/modules/services/system/nscd.nix +++ b/nixpkgs/nixos/modules/services/system/nscd.nix @@ -20,7 +20,7 @@ in enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable the Name Service Cache Daemon. Disabling this is strongly discouraged, as this effectively disables NSS Lookups from all non-glibc NSS modules, including the ones provided by systemd. @@ -30,7 +30,7 @@ in enableNsncd = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to use nsncd instead of nscd from glibc. This is a nscd-compatible daemon, that proxies lookups, without any caching. Using nscd from glibc is discouraged. @@ -40,7 +40,7 @@ in user = mkOption { type = types.str; default = "nscd"; - description = lib.mdDoc '' + description = '' User account under which nscd runs. ''; }; @@ -48,7 +48,7 @@ in group = mkOption { type = types.str; default = "nscd"; - description = lib.mdDoc '' + description = '' User group under which nscd runs. ''; }; @@ -56,7 +56,7 @@ in config = mkOption { type = types.lines; default = builtins.readFile ./nscd.conf; - description = lib.mdDoc '' + description = '' Configuration to use for Name Service Cache Daemon. Only used in case glibc-nscd is used. ''; @@ -73,7 +73,7 @@ in then pkgs.stdenv.cc.libc.bin else pkgs.glibc.bin; ''; - description = lib.mdDoc '' + description = '' package containing the nscd binary to be used by the service. Ignored when enableNsncd is set to true. ''; diff --git a/nixpkgs/nixos/modules/services/system/saslauthd.nix b/nixpkgs/nixos/modules/services/system/saslauthd.nix index 9424b6c51fc1..0c198792b1e7 100644 --- a/nixpkgs/nixos/modules/services/system/saslauthd.nix +++ b/nixpkgs/nixos/modules/services/system/saslauthd.nix @@ -16,20 +16,20 @@ in services.saslauthd = { - enable = mkEnableOption (lib.mdDoc "saslauthd, the Cyrus SASL authentication daemon"); + enable = mkEnableOption "saslauthd, the Cyrus SASL authentication daemon"; package = mkPackageOption pkgs [ "cyrus_sasl" "bin" ] { }; mechanism = mkOption { type = types.str; default = "pam"; - description = lib.mdDoc "Auth mechanism to use"; + description = "Auth mechanism to use"; }; config = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Configuration to use for Cyrus SASL authentication daemon."; + description = "Configuration to use for Cyrus SASL authentication daemon."; }; }; diff --git a/nixpkgs/nixos/modules/services/system/self-deploy.nix b/nixpkgs/nixos/modules/services/system/self-deploy.nix index b5d8ea3f56e7..06d1644fec64 100644 --- a/nixpkgs/nixos/modules/services/system/self-deploy.nix +++ b/nixpkgs/nixos/modules/services/system/self-deploy.nix @@ -23,14 +23,14 @@ let in { options.services.self-deploy = { - enable = lib.mkEnableOption (lib.mdDoc "self-deploy"); + enable = lib.mkEnableOption "self-deploy"; nixFile = lib.mkOption { type = lib.types.path; default = "/default.nix"; - description = lib.mdDoc '' + description = '' Path to nix file in repository. Leading '/' refers to root of git repository. ''; @@ -41,7 +41,7 @@ in default = null; - description = lib.mdDoc '' + description = '' Attribute of `nixFile` that builds the current system. ''; }; @@ -51,7 +51,7 @@ in default = { }; - description = lib.mdDoc '' + description = '' Arguments to `nix-build` passed as `--argstr` or `--arg` depending on the type. ''; @@ -62,7 +62,7 @@ in default = "switch"; - description = lib.mdDoc '' + description = '' The `switch-to-configuration` subcommand used. ''; }; @@ -70,7 +70,7 @@ in repository = lib.mkOption { type = with lib.types; oneOf [ path str ]; - description = lib.mdDoc '' + description = '' The repository to fetch from. Must be properly formatted for git. If this value is set to a path (must begin with `/`) then it's @@ -88,7 +88,7 @@ in default = null; - description = lib.mdDoc '' + description = '' Path to SSH private key used to fetch private repositories over SSH. ''; @@ -99,7 +99,7 @@ in default = "master"; - description = lib.mdDoc '' + description = '' Branch to track Technically speaking any ref can be specified here, as this is @@ -113,7 +113,7 @@ in default = "hourly"; - description = lib.mdDoc '' + description = '' The schedule on which to run the `self-deploy` service. Format specified by `systemd.time 7`. diff --git a/nixpkgs/nixos/modules/services/system/systembus-notify.nix b/nixpkgs/nixos/modules/services/system/systembus-notify.nix index f79879fa1360..073885732b4b 100644 --- a/nixpkgs/nixos/modules/services/system/systembus-notify.nix +++ b/nixpkgs/nixos/modules/services/system/systembus-notify.nix @@ -8,13 +8,13 @@ let in { options.services.systembus-notify = { - enable = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption '' System bus notification support WARNING: enabling this option (while convenient) should *not* be done on a machine where you do not trust the other users as it allows any other local user to DoS your session by spamming notifications - ''); + ''; }; config = mkIf cfg.enable { diff --git a/nixpkgs/nixos/modules/services/system/systemd-lock-handler.nix b/nixpkgs/nixos/modules/services/system/systemd-lock-handler.nix index 1ecb13b75bb3..0d3e33236adb 100644 --- a/nixpkgs/nixos/modules/services/system/systemd-lock-handler.nix +++ b/nixpkgs/nixos/modules/services/system/systemd-lock-handler.nix @@ -9,7 +9,7 @@ let in { options.services.systemd-lock-handler = { - enable = mkEnableOption (lib.mdDoc "systemd-lock-handler"); + enable = mkEnableOption "systemd-lock-handler"; package = mkPackageOption pkgs "systemd-lock-handler" { }; }; diff --git a/nixpkgs/nixos/modules/services/system/uptimed.nix b/nixpkgs/nixos/modules/services/system/uptimed.nix index df08c0f26e98..d844e5d83e36 100644 --- a/nixpkgs/nixos/modules/services/system/uptimed.nix +++ b/nixpkgs/nixos/modules/services/system/uptimed.nix @@ -12,7 +12,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable `uptimed`, allowing you to track your highest uptimes. ''; diff --git a/nixpkgs/nixos/modules/services/system/zram-generator.nix b/nixpkgs/nixos/modules/services/system/zram-generator.nix index 429531e5743d..987f1775cccc 100644 --- a/nixpkgs/nixos/modules/services/system/zram-generator.nix +++ b/nixpkgs/nixos/modules/services/system/zram-generator.nix @@ -9,7 +9,7 @@ in }; options.services.zram-generator = { - enable = lib.mkEnableOption (lib.mdDoc "Systemd unit generator for zram devices"); + enable = lib.mkEnableOption "Systemd unit generator for zram devices"; package = lib.mkPackageOption pkgs "zram-generator" { }; @@ -18,7 +18,7 @@ in freeformType = settingsFormat.type; }; default = { }; - description = lib.mdDoc '' + description = '' Configuration for zram-generator, see https://github.com/systemd/zram-generator for documentation. ''; diff --git a/nixpkgs/nixos/modules/services/torrent/deluge.nix b/nixpkgs/nixos/modules/services/torrent/deluge.nix index 632d8aa98aa2..90573fea57b3 100644 --- a/nixpkgs/nixos/modules/services/torrent/deluge.nix +++ b/nixpkgs/nixos/modules/services/torrent/deluge.nix @@ -37,12 +37,12 @@ in { options = { services = { deluge = { - enable = mkEnableOption (lib.mdDoc "Deluge daemon"); + enable = mkEnableOption "Deluge daemon"; openFilesLimit = mkOption { default = openFilesLimit; type = types.either types.int types.str; - description = lib.mdDoc '' + description = '' Number of files to allow deluged to open. ''; }; @@ -60,7 +60,7 @@ in { listen_ports = [ ${toString listenPortsDefault} ]; } ''; - description = lib.mdDoc '' + description = '' Deluge core configuration for the core.conf file. Only has an effect when {option}`services.deluge.declarative` is set to `true`. String values must be quoted, integer and @@ -73,7 +73,7 @@ in { declarative = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to use a declarative deluge configuration. Only if set to `true`, the options {option}`services.deluge.config`, @@ -86,7 +86,7 @@ in { openFirewall = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to open the firewall for the ports in {option}`services.deluge.config.listen_ports`. It only takes effet if {option}`services.deluge.declarative` is set to @@ -102,7 +102,7 @@ in { dataDir = mkOption { type = types.path; default = "/var/lib/deluge"; - description = lib.mdDoc '' + description = '' The directory where deluge will create files. ''; }; @@ -110,7 +110,7 @@ in { authFile = mkOption { type = types.path; example = "/run/keys/deluge-auth"; - description = lib.mdDoc '' + description = '' The file managing the authentication for deluge, the format of this file is straightforward, each line contains a username:password:level tuple in plaintext. It only has an effect @@ -124,7 +124,7 @@ in { user = mkOption { type = types.str; default = "deluge"; - description = lib.mdDoc '' + description = '' User account under which deluge runs. ''; }; @@ -132,7 +132,7 @@ in { group = mkOption { type = types.str; default = "deluge"; - description = lib.mdDoc '' + description = '' Group under which deluge runs. ''; }; @@ -140,7 +140,7 @@ in { extraPackages = mkOption { type = types.listOf types.package; default = []; - description = lib.mdDoc '' + description = '' Extra packages available at runtime to enable Deluge's plugins. For example, extraction utilities are required for the built-in "Extractor" plugin. This always contains unzip, gnutar, xz and bzip2. @@ -151,12 +151,12 @@ in { }; deluge.web = { - enable = mkEnableOption (lib.mdDoc "Deluge Web daemon"); + enable = mkEnableOption "Deluge Web daemon"; port = mkOption { type = types.port; default = 8112; - description = lib.mdDoc '' + description = '' Deluge web UI port. ''; }; @@ -164,7 +164,7 @@ in { openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Open ports in the firewall for deluge web daemon ''; }; diff --git a/nixpkgs/nixos/modules/services/torrent/flexget.nix b/nixpkgs/nixos/modules/services/torrent/flexget.nix index bc06b34a1f9e..138e9781045c 100644 --- a/nixpkgs/nixos/modules/services/torrent/flexget.nix +++ b/nixpkgs/nixos/modules/services/torrent/flexget.nix @@ -14,7 +14,7 @@ let in { options = { services.flexget = { - enable = mkEnableOption (lib.mdDoc "FlexGet daemon"); + enable = mkEnableOption "FlexGet daemon"; package = mkPackageOption pkgs "flexget" {}; @@ -22,34 +22,34 @@ in { default = "deluge"; example = "some_user"; type = types.str; - description = lib.mdDoc "The user under which to run flexget."; + description = "The user under which to run flexget."; }; homeDir = mkOption { default = "/var/lib/deluge"; example = "/home/flexget"; type = types.path; - description = lib.mdDoc "Where files live."; + description = "Where files live."; }; interval = mkOption { default = "10m"; example = "1h"; type = types.str; - description = lib.mdDoc "When to perform a {command}`flexget` run. See {command}`man 7 systemd.time` for the format."; + description = "When to perform a {command}`flexget` run. See {command}`man 7 systemd.time` for the format."; }; systemScheduler = mkOption { default = true; example = false; type = types.bool; - description = lib.mdDoc "When true, execute the runs via the flexget-runner.timer. If false, you have to specify the settings yourself in the YML file."; + description = "When true, execute the runs via the flexget-runner.timer. If false, you have to specify the settings yourself in the YML file."; }; config = mkOption { default = ""; type = types.lines; - description = lib.mdDoc "The YAML configuration for FlexGet."; + description = "The YAML configuration for FlexGet."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/torrent/magnetico.nix b/nixpkgs/nixos/modules/services/torrent/magnetico.nix index dc6b4e9aa734..8a5e9f309649 100644 --- a/nixpkgs/nixos/modules/services/torrent/magnetico.nix +++ b/nixpkgs/nixos/modules/services/torrent/magnetico.nix @@ -43,13 +43,13 @@ in { ###### interface options.services.magnetico = { - enable = mkEnableOption (lib.mdDoc "Magnetico, Bittorrent DHT crawler"); + enable = mkEnableOption "Magnetico, Bittorrent DHT crawler"; crawler.address = mkOption { type = types.str; default = "0.0.0.0"; example = "1.2.3.4"; - description = lib.mdDoc '' + description = '' Address to be used for indexing DHT nodes. ''; }; @@ -57,7 +57,7 @@ in { crawler.port = mkOption { type = types.port; default = 0; - description = lib.mdDoc '' + description = '' Port to be used for indexing DHT nodes. This port should be added to {option}`networking.firewall.allowedTCPPorts`. @@ -67,7 +67,7 @@ in { crawler.maxNeighbors = mkOption { type = types.ints.positive; default = 1000; - description = lib.mdDoc '' + description = '' Maximum number of simultaneous neighbors of an indexer. Be careful changing this number: high values can very easily cause your network to be congested or even crash @@ -78,7 +78,7 @@ in { crawler.maxLeeches = mkOption { type = types.ints.positive; default = 200; - description = lib.mdDoc '' + description = '' Maximum number of simultaneous leeches. ''; }; @@ -86,7 +86,7 @@ in { crawler.extraOptions = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' Extra command line arguments to pass to magneticod. ''; }; @@ -95,7 +95,7 @@ in { type = types.str; default = "localhost"; example = "1.2.3.4"; - description = lib.mdDoc '' + description = '' Address the web interface will listen to. ''; }; @@ -103,7 +103,7 @@ in { web.port = mkOption { type = types.port; default = 8080; - description = lib.mdDoc '' + description = '' Port the web interface will listen to. ''; }; @@ -116,7 +116,7 @@ in { myuser = "$2y$12$YE01LZ8jrbQbx6c0s2hdZO71dSjn2p/O9XsYJpz.5968yCysUgiaG"; } ''; - description = lib.mdDoc '' + description = '' The credentials to access the web interface, in case authentication is enabled, in the format `username:hash`. If unset no authentication will be required. @@ -139,7 +139,7 @@ in { web.credentialsFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' The path to the file holding the credentials to access the web interface. If unset no authentication will be required. @@ -157,7 +157,7 @@ in { web.extraOptions = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' Extra command line arguments to pass to magneticow. ''; }; diff --git a/nixpkgs/nixos/modules/services/torrent/opentracker.nix b/nixpkgs/nixos/modules/services/torrent/opentracker.nix index 71852f24e55b..b30ea7e2377b 100644 --- a/nixpkgs/nixos/modules/services/torrent/opentracker.nix +++ b/nixpkgs/nixos/modules/services/torrent/opentracker.nix @@ -5,13 +5,13 @@ let cfg = config.services.opentracker; in { options.services.opentracker = { - enable = mkEnableOption (lib.mdDoc "opentracker"); + enable = mkEnableOption "opentracker"; package = mkPackageOption pkgs "opentracker" { }; extraOptions = mkOption { type = types.separatedString " "; - description = lib.mdDoc '' + description = '' Configuration Arguments for opentracker See https://erdgeist.org/arts/software/opentracker/ for all params ''; diff --git a/nixpkgs/nixos/modules/services/torrent/peerflix.nix b/nixpkgs/nixos/modules/services/torrent/peerflix.nix index ea74d0f8b9c4..821c829f6b4a 100644 --- a/nixpkgs/nixos/modules/services/torrent/peerflix.nix +++ b/nixpkgs/nixos/modules/services/torrent/peerflix.nix @@ -19,19 +19,19 @@ in { options.services.peerflix = { enable = mkOption { - description = lib.mdDoc "Whether to enable peerflix service."; + description = "Whether to enable peerflix service."; default = false; type = types.bool; }; stateDir = mkOption { - description = lib.mdDoc "Peerflix state directory."; + description = "Peerflix state directory."; default = "/var/lib/peerflix"; type = types.path; }; downloadDir = mkOption { - description = lib.mdDoc "Peerflix temporary download directory."; + description = "Peerflix temporary download directory."; default = "${cfg.stateDir}/torrents"; defaultText = literalExpression ''"''${config.${opt.stateDir}}/torrents"''; type = types.path; diff --git a/nixpkgs/nixos/modules/services/torrent/rtorrent.nix b/nixpkgs/nixos/modules/services/torrent/rtorrent.nix index 699f3be82a9d..009c2ffe0a5b 100644 --- a/nixpkgs/nixos/modules/services/torrent/rtorrent.nix +++ b/nixpkgs/nixos/modules/services/torrent/rtorrent.nix @@ -9,12 +9,12 @@ let in { options.services.rtorrent = { - enable = mkEnableOption (lib.mdDoc "rtorrent"); + enable = mkEnableOption "rtorrent"; dataDir = mkOption { type = types.str; default = "/var/lib/rtorrent"; - description = lib.mdDoc '' + description = '' The directory where rtorrent stores its data files. ''; }; @@ -23,7 +23,7 @@ in { type = types.str; default = "0750"; example = "0755"; - description = lib.mdDoc '' + description = '' Unix Permissions in octal on the rtorrent directory. ''; }; @@ -32,7 +32,7 @@ in { type = types.str; default = "${cfg.dataDir}/download"; defaultText = literalExpression ''"''${config.${opt.dataDir}}/download"''; - description = lib.mdDoc '' + description = '' Where to put downloaded files. ''; }; @@ -40,7 +40,7 @@ in { user = mkOption { type = types.str; default = "rtorrent"; - description = lib.mdDoc '' + description = '' User account under which rtorrent runs. ''; }; @@ -48,7 +48,7 @@ in { group = mkOption { type = types.str; default = "rtorrent"; - description = lib.mdDoc '' + description = '' Group under which rtorrent runs. ''; }; @@ -58,7 +58,7 @@ in { port = mkOption { type = types.port; default = 50000; - description = lib.mdDoc '' + description = '' The rtorrent port. ''; }; @@ -66,7 +66,7 @@ in { openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to open the firewall for the port in {option}`services.rtorrent.port`. ''; }; @@ -75,7 +75,7 @@ in { type = types.str; readOnly = true; default = "/run/rtorrent/rpc.sock"; - description = lib.mdDoc '' + description = '' RPC socket path. ''; }; @@ -83,7 +83,7 @@ in { configText = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' The content of {file}`rtorrent.rc`. The [modernized configuration template](https://rtorrent-docs.readthedocs.io/en/latest/cookbook.html#modernized-configuration-template) with the values specified in this module will be prepended using mkBefore. You can use mkForce to overwrite the config completely. ''; }; diff --git a/nixpkgs/nixos/modules/services/torrent/torrentstream.nix b/nixpkgs/nixos/modules/services/torrent/torrentstream.nix index 27aad06130e3..9c0e6f85dc57 100644 --- a/nixpkgs/nixos/modules/services/torrent/torrentstream.nix +++ b/nixpkgs/nixos/modules/services/torrent/torrentstream.nix @@ -6,26 +6,26 @@ let in { options.services.torrentstream = { - enable = lib.mkEnableOption (lib.mdDoc "TorrentStream daemon"); + enable = lib.mkEnableOption "TorrentStream daemon"; package = lib.mkPackageOption pkgs "torrentstream" { }; port = lib.mkOption { type = lib.types.port; default = 5082; - description = lib.mdDoc '' + description = '' TorrentStream port. ''; }; openFirewall = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Open ports in the firewall for TorrentStream daemon. ''; }; address = lib.mkOption { type = lib.types.str; default = "0.0.0.0"; - description = lib.mdDoc '' + description = '' Address to listen on. ''; }; diff --git a/nixpkgs/nixos/modules/services/torrent/transmission.nix b/nixpkgs/nixos/modules/services/torrent/transmission.nix index a9fb123b981e..52b472631dcf 100644 --- a/nixpkgs/nixos/modules/services/torrent/transmission.nix +++ b/nixpkgs/nixos/modules/services/torrent/transmission.nix @@ -24,8 +24,8 @@ in ]; options = { services.transmission = { - enable = mkEnableOption (lib.mdDoc "transmission") // { - description = lib.mdDoc '' + enable = mkEnableOption "transmission" // { + description = '' Whether to enable the headless Transmission BitTorrent daemon. Transmission daemon can be controlled via the RPC interface using @@ -38,7 +38,7 @@ in }; settings = mkOption { - description = lib.mdDoc '' + description = '' Settings whose options overwrite fields in `.config/transmission-daemon/settings.json` (each time the service starts). @@ -53,13 +53,13 @@ in type = types.path; default = "${cfg.home}/${downloadsDir}"; defaultText = literalExpression ''"''${config.${opt.home}}/${downloadsDir}"''; - description = lib.mdDoc "Directory where to download torrents."; + description = "Directory where to download torrents."; }; options.incomplete-dir = mkOption { type = types.path; default = "${cfg.home}/${incompleteDir}"; defaultText = literalExpression ''"''${config.${opt.home}}/${incompleteDir}"''; - description = lib.mdDoc '' + description = '' When enabled with services.transmission.home [](#opt-services.transmission.settings.incomplete-dir-enabled), @@ -71,22 +71,22 @@ in options.incomplete-dir-enabled = mkOption { type = types.bool; default = true; - description = lib.mdDoc ""; + description = ""; }; options.message-level = mkOption { type = types.ints.between 0 6; default = 2; - description = lib.mdDoc "Set verbosity of transmission messages."; + description = "Set verbosity of transmission messages."; }; options.peer-port = mkOption { type = types.port; default = 51413; - description = lib.mdDoc "The peer port to listen for incoming connections."; + description = "The peer port to listen for incoming connections."; }; options.peer-port-random-high = mkOption { type = types.port; default = 65535; - description = lib.mdDoc '' + description = '' The maximum peer port to listen to for incoming connections when [](#opt-services.transmission.settings.peer-port-random-on-start) is enabled. ''; @@ -94,7 +94,7 @@ in options.peer-port-random-low = mkOption { type = types.port; default = 65535; - description = lib.mdDoc '' + description = '' The minimal peer port to listen to for incoming connections when [](#opt-services.transmission.settings.peer-port-random-on-start) is enabled. ''; @@ -102,13 +102,13 @@ in options.peer-port-random-on-start = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Randomize the peer port."; + description = "Randomize the peer port."; }; options.rpc-bind-address = mkOption { type = types.str; default = "127.0.0.1"; example = "0.0.0.0"; - description = lib.mdDoc '' + description = '' Where to listen for RPC connections. Use `0.0.0.0` to listen on all interfaces. ''; @@ -116,12 +116,12 @@ in options.rpc-port = mkOption { type = types.port; default = 9091; - description = lib.mdDoc "The RPC port to listen to."; + description = "The RPC port to listen to."; }; options.script-torrent-done-enabled = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to run [](#opt-services.transmission.settings.script-torrent-done-filename) at torrent completion. @@ -130,12 +130,12 @@ in options.script-torrent-done-filename = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc "Executable to be run at torrent completion."; + description = "Executable to be run at torrent completion."; }; options.umask = mkOption { type = types.int; default = 2; - description = lib.mdDoc '' + description = '' Sets transmission's file mode creation mask. See the umask(2) manpage for more information. Users who want their saved torrents to be world-writable @@ -147,7 +147,7 @@ in options.utp-enabled = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable [Micro Transport Protocol (µTP)](https://en.wikipedia.org/wiki/Micro_Transport_Protocol). ''; }; @@ -155,19 +155,19 @@ in type = types.path; default = "${cfg.home}/${watchDir}"; defaultText = literalExpression ''"''${config.${opt.home}}/${watchDir}"''; - description = lib.mdDoc "Watch a directory for torrent files and add them to transmission."; + description = "Watch a directory for torrent files and add them to transmission."; }; options.watch-dir-enabled = mkOption { type = types.bool; default = false; - description = lib.mdDoc ''Whether to enable the + description = ''Whether to enable the [](#opt-services.transmission.settings.watch-dir). ''; }; options.trash-original-torrent-files = mkOption { type = types.bool; default = false; - description = lib.mdDoc ''Whether to delete torrents added from the + description = ''Whether to delete torrents added from the [](#opt-services.transmission.settings.watch-dir). ''; }; @@ -180,7 +180,7 @@ in type = with types; nullOr str; default = null; example = "770"; - description = lib.mdDoc '' + description = '' If not `null`, is used as the permissions set by `system.activationScripts.transmission-daemon` on the directories [](#opt-services.transmission.settings.download-dir), @@ -194,7 +194,7 @@ in home = mkOption { type = types.path; default = "/var/lib/transmission"; - description = lib.mdDoc '' + description = '' The directory where Transmission will create `${settingsDir}`. as well as `${downloadsDir}/` unless [](#opt-services.transmission.settings.download-dir) is changed, @@ -206,18 +206,18 @@ in user = mkOption { type = types.str; default = "transmission"; - description = lib.mdDoc "User account under which Transmission runs."; + description = "User account under which Transmission runs."; }; group = mkOption { type = types.str; default = "transmission"; - description = lib.mdDoc "Group account under which Transmission runs."; + description = "Group account under which Transmission runs."; }; credentialsFile = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' Path to a JSON file to be merged with the settings. Useful to merge a file which is better kept out of the Nix store to set secret config parameters like `rpc-password`. @@ -230,17 +230,17 @@ in type = types.listOf types.str; default = []; example = [ "--log-debug" ]; - description = lib.mdDoc '' + description = '' Extra flags passed to the transmission command in the service definition. ''; }; - openPeerPorts = mkEnableOption (lib.mdDoc "opening of the peer port(s) in the firewall"); + openPeerPorts = mkEnableOption "opening of the peer port(s) in the firewall"; - openRPCPort = mkEnableOption (lib.mdDoc "opening of the RPC port in the firewall"); + openRPCPort = mkEnableOption "opening of the RPC port in the firewall"; - performanceNetParameters = mkEnableOption (lib.mdDoc "performance tweaks") // { - description = lib.mdDoc '' + performanceNetParameters = mkEnableOption "performance tweaks" // { + description = '' Whether to enable tweaking of kernel parameters to open many more connections at the same time. @@ -256,7 +256,7 @@ in type = types.nullOr types.path; default = null; example = "pkgs.flood-for-transmission"; - description = lib.mdDoc '' + description = '' If not `null`, sets the value of the `TRANSMISSION_WEB_HOME` environment variable used by the service. Useful for overriding the web interface files, without overriding the transmission diff --git a/nixpkgs/nixos/modules/services/tracing/tempo.nix b/nixpkgs/nixos/modules/services/tracing/tempo.nix index 0b9ca2398b16..e962af76ad88 100644 --- a/nixpkgs/nixos/modules/services/tracing/tempo.nix +++ b/nixpkgs/nixos/modules/services/tracing/tempo.nix @@ -8,12 +8,12 @@ let settingsFormat = pkgs.formats.yaml {}; in { options.services.tempo = { - enable = mkEnableOption (lib.mdDoc "Grafana Tempo"); + enable = mkEnableOption "Grafana Tempo"; settings = mkOption { type = settingsFormat.type; default = {}; - description = lib.mdDoc '' + description = '' Specify the configuration for Tempo in Nix. See https://grafana.com/docs/tempo/latest/configuration/ for available options. @@ -23,7 +23,7 @@ in { configFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Specify a path to a configuration file that Tempo should use. ''; }; @@ -35,7 +35,7 @@ in { '' [ "-config.expand-env=true" ] ''; - description = lib.mdDoc '' + description = '' Additional flags to pass to the `ExecStart=` in `tempo.service`. ''; }; diff --git a/nixpkgs/nixos/modules/services/ttys/getty.nix b/nixpkgs/nixos/modules/services/ttys/getty.nix index 22ae9c27e5bc..011016dd5fd1 100644 --- a/nixpkgs/nixos/modules/services/ttys/getty.nix +++ b/nixpkgs/nixos/modules/services/ttys/getty.nix @@ -34,7 +34,7 @@ in autologinUser = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Username of the account that will be automatically logged in at the console. If unspecified, a login prompt is shown as usual. ''; @@ -44,7 +44,7 @@ in type = types.path; default = "${pkgs.shadow}/bin/login"; defaultText = literalExpression ''"''${pkgs.shadow}/bin/login"''; - description = lib.mdDoc '' + description = '' Path to the login binary executed by agetty. ''; }; @@ -52,7 +52,7 @@ in loginOptions = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Template for arguments to be passed to {manpage}`login(1)`. @@ -67,7 +67,7 @@ in extraArgs = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc '' + description = '' Additional arguments passed to agetty. ''; example = [ "--nohostname" ]; @@ -75,7 +75,7 @@ in greetingLine = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Welcome line printed by agetty. The default shows current NixOS version label, machine type and tty. ''; @@ -84,7 +84,7 @@ in helpLine = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Help line printed by agetty below the welcome line. Used by the installation CD to give some hints on how to proceed. diff --git a/nixpkgs/nixos/modules/services/ttys/gpm.nix b/nixpkgs/nixos/modules/services/ttys/gpm.nix index 378f6b17732f..308a6d3643a6 100644 --- a/nixpkgs/nixos/modules/services/ttys/gpm.nix +++ b/nixpkgs/nixos/modules/services/ttys/gpm.nix @@ -19,7 +19,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable GPM, the General Purpose Mouse daemon, which enables mouse support in virtual consoles. ''; @@ -28,7 +28,7 @@ in protocol = mkOption { type = types.str; default = "ps/2"; - description = lib.mdDoc "Mouse protocol to use."; + description = "Mouse protocol to use."; }; }; diff --git a/nixpkgs/nixos/modules/services/ttys/kmscon.nix b/nixpkgs/nixos/modules/services/ttys/kmscon.nix index 0a12ef48d084..74314e1e76e4 100644 --- a/nixpkgs/nixos/modules/services/ttys/kmscon.nix +++ b/nixpkgs/nixos/modules/services/ttys/kmscon.nix @@ -11,7 +11,7 @@ in { options = { services.kmscon = { enable = mkOption { - description = lib.mdDoc '' + description = '' Use kmscon as the virtual console instead of gettys. kmscon is a kms/dri-based userspace virtual terminal implementation. It supports a richer feature set than the standard linux console VT, @@ -23,33 +23,33 @@ in { }; hwRender = mkOption { - description = lib.mdDoc "Whether to use 3D hardware acceleration to render the console."; + description = "Whether to use 3D hardware acceleration to render the console."; type = types.bool; default = false; }; fonts = mkOption { - description = lib.mdDoc "Fonts used by kmscon, in order of priority."; + description = "Fonts used by kmscon, in order of priority."; default = null; example = lib.literalExpression ''[ { name = "Source Code Pro"; package = pkgs.source-code-pro; } ]''; type = with types; let fontType = submodule { options = { - name = mkOption { type = str; description = lib.mdDoc "Font name, as used by fontconfig."; }; - package = mkOption { type = package; description = lib.mdDoc "Package providing the font."; }; + name = mkOption { type = str; description = "Font name, as used by fontconfig."; }; + package = mkOption { type = package; description = "Package providing the font."; }; }; }; in nullOr (nonEmptyListOf fontType); }; extraConfig = mkOption { - description = lib.mdDoc "Extra contents of the kmscon.conf file."; + description = "Extra contents of the kmscon.conf file."; type = types.lines; default = ""; example = "font-size=14"; }; extraOptions = mkOption { - description = lib.mdDoc "Extra flags to pass to kmscon."; + description = "Extra flags to pass to kmscon."; type = types.separatedString " "; default = ""; example = "--term xterm-256color"; @@ -58,7 +58,7 @@ in { autologinUser = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Username of the account that will be automatically logged in at the console. If unspecified, a login prompt is shown as usual. ''; diff --git a/nixpkgs/nixos/modules/services/video/epgstation/default.nix b/nixpkgs/nixos/modules/services/video/epgstation/default.nix index 1b3258c3df8e..3bf7e5849251 100644 --- a/nixpkgs/nixos/modules/services/video/epgstation/default.nix +++ b/nixpkgs/nixos/modules/services/video/epgstation/default.nix @@ -78,7 +78,7 @@ in ]; options.services.epgstation = { - enable = lib.mkEnableOption (lib.mdDoc description); + enable = lib.mkEnableOption description; package = lib.mkPackageOption pkgs "epgstation" { }; @@ -90,7 +90,7 @@ in usePreconfiguredStreaming = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc '' + description = '' Use preconfigured default streaming options. Upstream defaults: @@ -101,7 +101,7 @@ in openFirewall = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Open ports in the firewall for the EPGStation web interface. ::: {.warning} @@ -116,7 +116,7 @@ in name = lib.mkOption { type = lib.types.str; default = "epgstation"; - description = lib.mdDoc '' + description = '' Name of the MySQL database that holds EPGStation's data. ''; }; @@ -124,7 +124,7 @@ in passwordFile = lib.mkOption { type = lib.types.path; example = "/run/keys/epgstation-db-password"; - description = lib.mdDoc '' + description = '' A file containing the password for the database named {option}`database.name`. ''; @@ -142,7 +142,7 @@ in # configure them according to their needs. In these cases, the value in the # upstream template configuration should serve as a "good enough" default. settings = lib.mkOption { - description = lib.mdDoc '' + description = '' Options to add to config.yml. Documentation: @@ -161,7 +161,7 @@ in options.port = lib.mkOption { type = lib.types.port; default = 20772; - description = lib.mdDoc '' + description = '' HTTP port for EPGStation to listen on. ''; }; @@ -170,7 +170,7 @@ in type = lib.types.port; default = cfg.settings.port + 1; defaultText = lib.literalExpression "config.${opt.settings}.port + 1"; - description = lib.mdDoc '' + description = '' Socket.io port for EPGStation to listen on. It is valid to share ports with {option}`${opt.settings}.port`. ''; @@ -180,7 +180,7 @@ in type = lib.types.port; default = cfg.settings.socketioPort; defaultText = lib.literalExpression "config.${opt.settings}.socketioPort"; - description = lib.mdDoc '' + description = '' Socket.io port that the web client is going to connect to. This may be different from {option}`${opt.settings}.socketioPort` if EPGStation is hidden behind a reverse proxy. @@ -194,13 +194,13 @@ in "http+unix://''${lib.replaceStrings ["/"] ["%2F"] config.${option}}" ''; example = "http://localhost:40772"; - description = lib.mdDoc "URL to connect to Mirakurun."; + description = "URL to connect to Mirakurun."; }; options.encodeProcessNum = lib.mkOption { type = lib.types.ints.positive; default = 4; - description = lib.mdDoc '' + description = '' The maximum number of processes that EPGStation would allow to run at the same time for encoding or streaming videos. ''; @@ -209,7 +209,7 @@ in options.concurrentEncodeNum = lib.mkOption { type = lib.types.ints.positive; default = 1; - description = lib.mdDoc '' + description = '' The maximum number of encoding jobs that EPGStation would run at the same time. ''; @@ -217,7 +217,7 @@ in options.encode = lib.mkOption { type = with lib.types; listOf attrs; - description = lib.mdDoc "Encoding presets for recorded videos."; + description = "Encoding presets for recorded videos."; default = [ { name = "H.264"; diff --git a/nixpkgs/nixos/modules/services/video/frigate.nix b/nixpkgs/nixos/modules/services/video/frigate.nix index 0c923a20c40c..0e6bde447c03 100644 --- a/nixpkgs/nixos/modules/services/video/frigate.nix +++ b/nixpkgs/nixos/modules/services/video/frigate.nix @@ -8,7 +8,6 @@ let inherit (lib) literalExpression mkDefault - mdDoc mkEnableOption mkPackageOption mkIf @@ -26,7 +25,7 @@ let options = { ffmpeg = { inputs = mkOption { - description = mdDoc '' + description = '' List of inputs for this camera. ''; type = listOf (submodule { @@ -35,7 +34,7 @@ let path = mkOption { type = str; example = "rtsp://192.0.2.1:554/rtsp"; - description = mdDoc '' + description = '' Stream URL ''; }; @@ -44,7 +43,7 @@ let example = literalExpression '' [ "detect" "rtmp" ] ''; - description = mdDoc '' + description = '' List of roles for this stream ''; }; @@ -61,14 +60,14 @@ in meta.buildDocsInSandbox = false; options.services.frigate = with types; { - enable = mkEnableOption (mdDoc "Frigate NVR"); + enable = mkEnableOption "Frigate NVR"; package = mkPackageOption pkgs "frigate" { }; hostname = mkOption { type = str; example = "frigate.exampe.com"; - description = mdDoc '' + description = '' Hostname of the nginx vhost to configure. Only nginx is supported by upstream for direct reverse proxying. @@ -81,7 +80,7 @@ in options = { cameras = mkOption { type = attrsOf cameraFormat; - description = mdDoc '' + description = '' Attribute set of cameras configurations. https://docs.frigate.video/configuration/cameras @@ -92,20 +91,20 @@ in path = mkOption { type = path; default = "/var/lib/frigate/frigate.db"; - description = mdDoc '' + description = '' Path to the SQLite database used ''; }; }; mqtt = { - enabled = mkEnableOption (mdDoc "MQTT support"); + enabled = mkEnableOption "MQTT support"; host = mkOption { type = nullOr str; default = null; example = "mqtt.example.com"; - description = mdDoc '' + description = '' MQTT server hostname ''; }; @@ -113,7 +112,7 @@ in }; }; default = { }; - description = mdDoc '' + description = '' Frigate configuration as a nix attribute set. See the project documentation for how to configure frigate. diff --git a/nixpkgs/nixos/modules/services/video/go2rtc/default.nix b/nixpkgs/nixos/modules/services/video/go2rtc/default.nix index 9dddbb60baa8..399f4d582171 100644 --- a/nixpkgs/nixos/modules/services/video/go2rtc/default.nix +++ b/nixpkgs/nixos/modules/services/video/go2rtc/default.nix @@ -8,7 +8,6 @@ let inherit (lib) literalExpression - mdDoc mkEnableOption mkOption mkPackageOption @@ -26,13 +25,13 @@ in meta.buildDocsInSandbox = false; options.services.go2rtc = with types; { - enable = mkEnableOption (mdDoc "go2rtc streaming server"); + enable = mkEnableOption "go2rtc streaming server"; package = mkPackageOption pkgs "go2rtc" { }; settings = mkOption { default = {}; - description = mdDoc '' + description = '' go2rtc configuration as a Nix attribute set. See the [wiki](https://github.com/AlexxIT/go2rtc/wiki/Configuration) for possible configuration options. @@ -46,7 +45,7 @@ in type = str; default = ":1984"; example = "127.0.0.1:1984"; - description = mdDoc '' + description = '' API listen address, conforming to a Go address string. ''; }; @@ -58,7 +57,7 @@ in type = path; default = "${lib.getBin pkgs.ffmpeg_6-headless}/bin/ffmpeg"; defaultText = literalExpression "\${lib.getBin pkgs.ffmpeg_6-headless}/bin/ffmpeg"; - description = mdDoc '' + description = '' The ffmpeg package to use for transcoding. ''; }; @@ -77,7 +76,7 @@ in cam2 = "tcp://192.168.1.123:12345"; } ''; - description = mdDoc '' + description = '' Stream source configuration. Multiple source types are supported. Check the [configuration reference](https://github.com/AlexxIT/go2rtc/blob/v${cfg.package.version}/README.md#module-streams) for possible options. diff --git a/nixpkgs/nixos/modules/services/video/mediamtx.nix b/nixpkgs/nixos/modules/services/video/mediamtx.nix index f741dea59e3e..5d8d76be69a3 100644 --- a/nixpkgs/nixos/modules/services/video/mediamtx.nix +++ b/nixpkgs/nixos/modules/services/video/mediamtx.nix @@ -9,12 +9,12 @@ in options = { services.mediamtx = { - enable = lib.mkEnableOption (lib.mdDoc "MediaMTX"); + enable = lib.mkEnableOption "MediaMTX"; package = lib.mkPackageOption pkgs "mediamtx" { }; settings = lib.mkOption { - description = lib.mdDoc '' + description = '' Settings for MediaMTX. Refer to the defaults at <https://github.com/bluenviron/mediamtx/blob/main/mediamtx.yml>. ''; @@ -32,16 +32,16 @@ in env = lib.mkOption { type = with lib.types; attrsOf anything; - description = lib.mdDoc "Extra environment variables for MediaMTX"; + description = "Extra environment variables for MediaMTX"; default = {}; example = { MTX_CONFKEY = "mykey"; }; }; - allowVideoAccess = lib.mkEnableOption (lib.mdDoc '' + allowVideoAccess = lib.mkEnableOption '' access to video devices like cameras on the system - ''); + ''; }; }; diff --git a/nixpkgs/nixos/modules/services/video/mirakurun.nix b/nixpkgs/nixos/modules/services/video/mirakurun.nix index 208b34ab353a..bdd30805dbe8 100644 --- a/nixpkgs/nixos/modules/services/video/mirakurun.nix +++ b/nixpkgs/nixos/modules/services/video/mirakurun.nix @@ -24,12 +24,12 @@ in { options = { services.mirakurun = { - enable = mkEnableOption (lib.mdDoc "the Mirakurun DVR Tuner Server"); + enable = mkEnableOption "the Mirakurun DVR Tuner Server"; port = mkOption { type = with types; nullOr port; default = 40772; - description = lib.mdDoc '' + description = '' Port to listen on. If `null`, it won't listen on any port. ''; @@ -38,7 +38,7 @@ in openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Open ports in the firewall for Mirakurun. ::: {.warning} @@ -52,7 +52,7 @@ in unixSocket = mkOption { type = with types; nullOr path; default = "/var/run/mirakurun/mirakurun.sock"; - description = lib.mdDoc '' + description = '' Path to unix socket to listen on. If `null`, it won't listen on any unix sockets. ''; @@ -61,7 +61,7 @@ in allowSmartCardAccess = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Install polkit rules to allow Mirakurun to access smart card readers which is commonly used along with tuner devices. ''; @@ -76,7 +76,7 @@ in overflowTimeLimit = 30000; }; ''; - description = lib.mdDoc '' + description = '' Options for server.yml. Documentation: @@ -96,7 +96,7 @@ in } ]; ''; - description = lib.mdDoc '' + description = '' Options which are added to tuners.yml. If none is specified, it will automatically be generated at runtime. @@ -117,7 +117,7 @@ in } ]; ''; - description = lib.mdDoc '' + description = '' Options which are added to channels.yml. If none is specified, it will automatically be generated at runtime. diff --git a/nixpkgs/nixos/modules/services/video/photonvision.nix b/nixpkgs/nixos/modules/services/video/photonvision.nix index fdbe9da3999d..d4568258db7d 100644 --- a/nixpkgs/nixos/modules/services/video/photonvision.nix +++ b/nixpkgs/nixos/modules/services/video/photonvision.nix @@ -6,12 +6,12 @@ in { options = { services.photonvision = { - enable = lib.mkEnableOption (lib.mdDoc "Enable PhotonVision"); + enable = lib.mkEnableOption "Enable PhotonVision"; package = lib.mkPackageOption pkgs "photonvision" {}; openFirewall = lib.mkOption { - description = lib.mdDoc '' + description = '' Whether to open the required ports in the firewall. ''; default = false; diff --git a/nixpkgs/nixos/modules/services/video/replay-sorcery.nix b/nixpkgs/nixos/modules/services/video/replay-sorcery.nix index 1be02f4d6da5..abe7202a4a86 100644 --- a/nixpkgs/nixos/modules/services/video/replay-sorcery.nix +++ b/nixpkgs/nixos/modules/services/video/replay-sorcery.nix @@ -9,23 +9,23 @@ in { options = with types; { services.replay-sorcery = { - enable = mkEnableOption (lib.mdDoc "the ReplaySorcery service for instant-replays"); + enable = mkEnableOption "the ReplaySorcery service for instant-replays"; - enableSysAdminCapability = mkEnableOption (lib.mdDoc '' + enableSysAdminCapability = mkEnableOption '' the system admin capability to support hardware accelerated video capture. This is equivalent to running ReplaySorcery as - root, so use with caution''); + root, so use with caution''; autoStart = mkOption { type = bool; default = false; - description = lib.mdDoc "Automatically start ReplaySorcery when graphical-session.target starts."; + description = "Automatically start ReplaySorcery when graphical-session.target starts."; }; settings = mkOption { type = attrsOf (oneOf [ str int ]); default = {}; - description = lib.mdDoc "System-wide configuration for ReplaySorcery (/etc/replay-sorcery.conf)."; + description = "System-wide configuration for ReplaySorcery (/etc/replay-sorcery.conf)."; example = literalExpression '' { videoInput = "hwaccel"; # requires `services.replay-sorcery.enableSysAdminCapability = true` diff --git a/nixpkgs/nixos/modules/services/video/unifi-video.nix b/nixpkgs/nixos/modules/services/video/unifi-video.nix index 518977e49bae..99c04bafd141 100644 --- a/nixpkgs/nixos/modules/services/video/unifi-video.nix +++ b/nixpkgs/nixos/modules/services/video/unifi-video.nix @@ -98,7 +98,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether or not to enable the unifi-video service. ''; }; @@ -108,13 +108,13 @@ in unifiVideoPackage = mkPackageOption pkgs "unifi-video" { }; mongodbPackage = mkPackageOption pkgs "mongodb" { - default = "mongodb-4_4"; + default = "mongodb-5_0"; }; logDir = mkOption { type = types.str; default = "${stateDir}/logs"; - description = lib.mdDoc '' + description = '' Where to store the logs. ''; }; @@ -122,7 +122,7 @@ in dataDir = mkOption { type = types.str; default = "${stateDir}/data"; - description = lib.mdDoc '' + description = '' Where to store the database and other data. ''; }; @@ -130,7 +130,7 @@ in openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether or not to open the required ports on the firewall. ''; }; @@ -139,7 +139,7 @@ in type = types.nullOr types.int; default = 1024; example = 4096; - description = lib.mdDoc '' + description = '' Set the maximum heap size for the JVM in MB. ''; }; @@ -148,7 +148,7 @@ in type = types.path; default = "${cfg.dataDir}/unifi-video.pid"; defaultText = literalExpression ''"''${config.${opt.dataDir}}/unifi-video.pid"''; - description = lib.mdDoc "Location of unifi-video pid file."; + description = "Location of unifi-video pid file."; }; }; diff --git a/nixpkgs/nixos/modules/services/video/v4l2-relayd.nix b/nixpkgs/nixos/modules/services/video/v4l2-relayd.nix index 2a9dbe00158f..7d1d712fa4a3 100644 --- a/nixpkgs/nixos/modules/services/video/v4l2-relayd.nix +++ b/nixpkgs/nixos/modules/services/video/v4l2-relayd.nix @@ -18,19 +18,19 @@ let instanceOpts = { name, ... }: { options = { - enable = mkEnableOption (lib.mdDoc "this v4l2-relayd instance"); + enable = mkEnableOption "this v4l2-relayd instance"; name = mkOption { type = types.str; default = name; - description = lib.mdDoc '' + description = '' The name of the instance. ''; }; cardLabel = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The name the camera will show up as. ''; }; @@ -38,7 +38,7 @@ let extraPackages = mkOption { type = with types; listOf package; default = [ ]; - description = lib.mdDoc '' + description = '' Extra packages to add to {env}`GST_PLUGIN_PATH` for the instance. ''; }; @@ -46,7 +46,7 @@ let input = { pipeline = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The gstreamer-pipeline to use for the input-stream. ''; }; @@ -54,7 +54,7 @@ let format = mkOption { type = types.str; default = "YUY2"; - description = lib.mdDoc '' + description = '' The video-format to read from input-stream. ''; }; @@ -62,7 +62,7 @@ let width = mkOption { type = types.ints.positive; default = 1280; - description = lib.mdDoc '' + description = '' The width to read from input-stream. ''; }; @@ -70,7 +70,7 @@ let height = mkOption { type = types.ints.positive; default = 720; - description = lib.mdDoc '' + description = '' The height to read from input-stream. ''; }; @@ -78,7 +78,7 @@ let framerate = mkOption { type = types.ints.positive; default = 30; - description = lib.mdDoc '' + description = '' The framerate to read from input-stream. ''; }; @@ -88,7 +88,7 @@ let format = mkOption { type = types.str; default = "YUY2"; - description = lib.mdDoc '' + description = '' The video-format to write to output-stream. ''; }; @@ -113,7 +113,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' v4l2-relayd instances to be created. ''; }; diff --git a/nixpkgs/nixos/modules/services/wayland/cage.nix b/nixpkgs/nixos/modules/services/wayland/cage.nix index cf4c0798cd48..91949f197cfe 100644 --- a/nixpkgs/nixos/modules/services/wayland/cage.nix +++ b/nixpkgs/nixos/modules/services/wayland/cage.nix @@ -5,12 +5,12 @@ with lib; let cfg = config.services.cage; in { - options.services.cage.enable = mkEnableOption (lib.mdDoc "cage kiosk service"); + options.services.cage.enable = mkEnableOption "cage kiosk service"; options.services.cage.user = mkOption { type = types.str; default = "demo"; - description = lib.mdDoc '' + description = '' User to log-in as. ''; }; @@ -19,7 +19,7 @@ in { type = types.listOf types.str; default = []; defaultText = literalExpression "[]"; - description = lib.mdDoc "Additional command line arguments to pass to Cage."; + description = "Additional command line arguments to pass to Cage."; example = ["-d"]; }; @@ -29,14 +29,14 @@ in { example = { WLR_LIBINPUT_NO_DEVICES = "1"; }; - description = lib.mdDoc "Additional environment variables to pass to Cage."; + description = "Additional environment variables to pass to Cage."; }; options.services.cage.program = mkOption { type = types.path; default = "${pkgs.xterm}/bin/xterm"; defaultText = literalExpression ''"''${pkgs.xterm}/bin/xterm"''; - description = lib.mdDoc '' + description = '' Program to run in cage. ''; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/akkoma.nix b/nixpkgs/nixos/modules/services/web-apps/akkoma.nix index 4cd9e2664378..7c9bf6c46516 100644 --- a/nixpkgs/nixos/modules/services/web-apps/akkoma.nix +++ b/nixpkgs/nixos/modules/services/web-apps/akkoma.nix @@ -50,19 +50,19 @@ let options = { package = mkOption { type = types.package; - description = mdDoc "Akkoma frontend package."; + description = "Akkoma frontend package."; example = literalExpression "pkgs.akkoma-frontends.akkoma-fe"; }; name = mkOption { type = types.nonEmptyStr; - description = mdDoc "Akkoma frontend name."; + description = "Akkoma frontend name."; example = "akkoma-fe"; }; ref = mkOption { type = types.nonEmptyStr; - description = mdDoc "Akkoma frontend reference."; + description = "Akkoma frontend reference."; example = "stable"; }; }; @@ -350,27 +350,27 @@ let in { options = { services.akkoma = { - enable = mkEnableOption (mdDoc "Akkoma"); + enable = mkEnableOption "Akkoma"; package = mkPackageOption pkgs "akkoma" { }; user = mkOption { type = types.nonEmptyStr; default = "akkoma"; - description = mdDoc "User account under which Akkoma runs."; + description = "User account under which Akkoma runs."; }; group = mkOption { type = types.nonEmptyStr; default = "akkoma"; - description = mdDoc "Group account under which Akkoma runs."; + description = "Group account under which Akkoma runs."; }; initDb = { enable = mkOption { type = types.bool; default = true; - description = mdDoc '' + description = '' Whether to automatically initialise the database on startup. This will create a database role and database if they do not already exist, and (re)set the role password and the ownership of the database. @@ -403,7 +403,7 @@ in { type = types.nonEmptyStr; default = config.services.postgresql.superUser; defaultText = literalExpression "config.services.postgresql.superUser"; - description = mdDoc '' + description = '' Name of the database user to initialise the database with. This user is required to have the `CREATEROLE` and `CREATEDB` capabilities. @@ -413,7 +413,7 @@ in { password = mkOption { type = types.nullOr secret; default = null; - description = mdDoc '' + description = '' Password of the database user to initialise the database with. If set to `null`, no password will be used. @@ -426,7 +426,7 @@ in { initSecrets = mkOption { type = types.bool; default = true; - description = mdDoc '' + description = '' Whether to initialise non‐existent secrets with random values. If enabled, appropriate secrets for the following options will be created automatically @@ -444,7 +444,7 @@ in { installWrapper = mkOption { type = types.bool; default = true; - description = mdDoc '' + description = '' Whether to install a wrapper around `pleroma_ctl` to simplify administration of the Akkoma instance. ''; @@ -455,7 +455,7 @@ in { default = with pkgs; [ exiftool ffmpeg_5-headless graphicsmagick-imagemagick-compat ]; defaultText = literalExpression "with pkgs; [ exiftool graphicsmagick-imagemagick-compat ffmpeg_5-headless ]"; example = literalExpression "with pkgs; [ exiftool imagemagick ffmpeg_5-full ]"; - description = mdDoc '' + description = '' List of extra packages to include in the executable search path of the service unit. These are needed by various configurable components such as: @@ -467,7 +467,7 @@ in { }; frontends = mkOption { - description = mdDoc "Akkoma frontends."; + description = "Akkoma frontends."; type = with types; attrsOf (submodule frontend); default = { primary = { @@ -499,7 +499,7 @@ in { extraStatic = mkOption { type = with types; nullOr (attrsOf package); - description = mdDoc '' + description = '' Attribute set of extra packages to add to the static files directory. Do not add frontends here. These should be configured through @@ -537,7 +537,7 @@ in { address = mkOption { type = ipAddress; default = "127.0.0.1"; - description = mdDoc '' + description = '' Listen address for Erlang distribution protocol and Port Mapper Daemon (epmd). ''; }; @@ -545,33 +545,33 @@ in { epmdPort = mkOption { type = types.port; default = 4369; - description = mdDoc "TCP port to bind Erlang Port Mapper Daemon to."; + description = "TCP port to bind Erlang Port Mapper Daemon to."; }; extraFlags = mkOption { type = with types; listOf str; default = [ ]; - description = mdDoc "Extra flags to pass to Erlang"; + description = "Extra flags to pass to Erlang"; example = [ "+sbwt" "none" "+sbwtdcpu" "none" "+sbwtdio" "none" ]; }; portMin = mkOption { type = types.port; default = 49152; - description = mdDoc "Lower bound for Erlang distribution protocol TCP port."; + description = "Lower bound for Erlang distribution protocol TCP port."; }; portMax = mkOption { type = types.port; default = 65535; - description = mdDoc "Upper bound for Erlang distribution protocol TCP port."; + description = "Upper bound for Erlang distribution protocol TCP port."; }; cookie = mkOption { type = types.nullOr secret; default = null; example = { _secret = "/var/lib/secrets/akkoma/releaseCookie"; }; - description = mdDoc '' + description = '' Erlang release cookie. If set to `null`, a temporary random cookie will be generated. @@ -580,7 +580,7 @@ in { }; config = mkOption { - description = mdDoc '' + description = '' Configuration for Akkoma. The attributes are serialised to Elixir DSL. Refer to <https://docs.akkoma.dev/stable/configuration/cheatsheet/> for @@ -597,17 +597,17 @@ in { ":instance" = { name = mkOption { type = types.nonEmptyStr; - description = mdDoc "Instance name."; + description = "Instance name."; }; email = mkOption { type = types.nonEmptyStr; - description = mdDoc "Instance administrator email."; + description = "Instance administrator email."; }; description = mkOption { type = types.nonEmptyStr; - description = mdDoc "Instance description."; + description = "Instance description."; }; static_dir = mkOption { @@ -619,7 +619,7 @@ in { - [{option}`services.akkoma.frontends`](#opt-services.akkoma.frontends) - [{option}`services.akkoma.extraStatic`](#opt-services.akkoma.extraStatic) ''; - description = mdDoc '' + description = '' Directory of static files. This directory can be built using a derivation, or it can be managed as mutable @@ -630,7 +630,7 @@ in { upload_dir = mkOption { type = absolutePath; default = "/var/lib/akkoma/uploads"; - description = mdDoc '' + description = '' Directory where Akkoma will put uploaded files. ''; }; @@ -652,7 +652,7 @@ in { database = "akkoma"; } ''; - description = mdDoc '' + description = '' Database configuration. Refer to @@ -667,19 +667,19 @@ in { type = types.nonEmptyStr; default = config.networking.fqdn; defaultText = literalExpression "config.networking.fqdn"; - description = mdDoc "Domain name of the instance."; + description = "Domain name of the instance."; }; scheme = mkOption { type = types.nonEmptyStr; default = "https"; - description = mdDoc "URL scheme."; + description = "URL scheme."; }; port = mkOption { type = types.port; default = 443; - description = mdDoc "External port number."; + description = "External port number."; }; }; @@ -688,7 +688,7 @@ in { type = types.either absolutePath ipAddress; default = "/run/akkoma/socket"; example = "::1"; - description = mdDoc '' + description = '' Listener IP address or Unix socket path. The value is automatically converted to Elixir’s internal address @@ -704,7 +704,7 @@ in { then 0 else 4000; ''; - description = mdDoc '' + description = '' Listener port number. Must be 0 if using a Unix socket. @@ -715,7 +715,7 @@ in { secret_key_base = mkOption { type = secret; default = { _secret = "/var/lib/secrets/akkoma/key-base"; }; - description = mdDoc '' + description = '' Secret key used as a base to generate further secrets for encrypting and signing data. @@ -733,7 +733,7 @@ in { signing_salt = mkOption { type = secret; default = { _secret = "/var/lib/secrets/akkoma/liveview-salt"; }; - description = mdDoc '' + description = '' LiveView signing salt. The attribute `_secret` should point to a file containing the secret. @@ -750,7 +750,7 @@ in { signing_salt = mkOption { type = secret; default = { _secret = "/var/lib/secrets/akkoma/signing-salt"; }; - description = mdDoc '' + description = '' Signing salt. The attribute `_secret` should point to a file containing the secret. @@ -764,6 +764,26 @@ in { }; }; + "Pleroma.Upload" = let + httpConf = cfg.config.":pleroma"."Pleroma.Web.Endpoint".url; + in { + base_url = mkOption { + type = types.nonEmptyStr; + default = if lib.versionOlder config.system.stateVersion "24.05" + then "${httpConf.scheme}://${httpConf.host}:${builtins.toString httpConf.port}/media/" + else null; + defaultText = literalExpression '' + if lib.versionOlder config.system.stateVersion "24.05" + then "$\{httpConf.scheme}://$\{httpConf.host}:$\{builtins.toString httpConf.port}/media/" + else null; + ''; + description = '' + Base path which uploads will be stored at. + Whilst this can just be set to a subdirectory of the main domain, it is now recommended to use a different subdomain. + ''; + }; + }; + ":frontends" = mkOption { type = elixirValue; default = mapAttrs @@ -774,18 +794,48 @@ in { (pkgs.formats.elixirConf { }).lib.mkMap { name = val.name; ref = val.ref; }) config.services.akkoma.frontends; ''; - description = mdDoc '' + description = '' Frontend configuration. Users should rely on the default value and prefer to configure frontends through [{option}`config.services.akkoma.frontends`](#opt-services.akkoma.frontends). ''; }; + + + ":media_proxy" = let + httpConf = cfg.config.":pleroma"."Pleroma.Web.Endpoint".url; + in { + enabled = mkOption { + type = types.bool; + default = false; + defaultText = literalExpression "false"; + description = '' + Whether to enable proxying of remote media through the instance's proxy. + ''; + }; + base_url = mkOption { + type = types.nullOr types.nonEmptyStr; + default = if lib.versionOlder config.system.stateVersion "24.05" + then "${httpConf.scheme}://${httpConf.host}:${builtins.toString httpConf.port}" + else null; + defaultText = literalExpression '' + if lib.versionOlder config.system.stateVersion "24.05" + then "$\{httpConf.scheme}://$\{httpConf.host}:$\{builtins.toString httpConf.port}" + else null; + ''; + description = '' + Base path for the media proxy. + Whilst this can just be set to a subdirectory of the main domain, it is now recommended to use a different subdomain. + ''; + }; + }; + }; ":web_push_encryption" = mkOption { default = { }; - description = mdDoc '' + description = '' Web Push Notifications configuration. The necessary key pair can be generated as follows: @@ -804,19 +854,19 @@ in { defaultText = literalExpression '' "mailto:''${config.services.akkoma.config.":pleroma".":instance".email}" ''; - description = mdDoc "mailto URI for administrative contact."; + description = "mailto URI for administrative contact."; }; public_key = mkOption { type = with types; either nonEmptyStr secret; default = { _secret = "/var/lib/secrets/akkoma/vapid-public"; }; - description = mdDoc "base64-encoded public ECDH key."; + description = "base64-encoded public ECDH key."; }; private_key = mkOption { type = secret; default = { _secret = "/var/lib/secrets/akkoma/vapid-private"; }; - description = mdDoc '' + description = '' base64-encoded private ECDH key. The attribute `_secret` should point to a file containing the secret. @@ -831,7 +881,7 @@ in { ":default_signer" = mkOption { type = secret; default = { _secret = "/var/lib/secrets/akkoma/jwt-signer"; }; - description = mdDoc '' + description = '' JWT signing secret. The attribute `_secret` should point to a file containing the secret. @@ -866,7 +916,7 @@ in { apply = format.lib.mkAtom; default = ":info"; example = ":warning"; - description = mdDoc '' + description = '' Log level. Refer to @@ -894,7 +944,7 @@ in { type = with types; nullOr (submodule (import ../web-servers/nginx/vhost-options.nix { inherit config lib; })); default = null; - description = mdDoc '' + description = '' Extra configuration for the nginx virtual host of Akkoma. If set to `null`, no virtual host will be added to the nginx configuration. @@ -904,7 +954,10 @@ in { }; config = mkIf cfg.enable { - warnings = optionals (with config.security; (!sudo.enable) && (!sudo-rs.enable)) ['' + assertions = optionals (cfg.config.":pleroma".":media_proxy".enabled && cfg.config.":pleroma".":media_proxy".base_url == null) ['' + `services.akkoma.config.":pleroma".":media_proxy".base_url` must be set when the media proxy is enabled. + '']; + warnings = optionals (with config.security; cfg.installWrapper && (!sudo.enable) && (!sudo-rs.enable)) ['' The pleroma_ctl wrapper enabled by the installWrapper option relies on sudo, which appears to have been disabled through security.sudo.enable. '']; @@ -1083,6 +1136,6 @@ in { }; }; - meta.maintainers = with maintainers; [ mvs ]; + meta.maintainers = with maintainers; [ mvs tcmal ]; meta.doc = ./akkoma.md; } diff --git a/nixpkgs/nixos/modules/services/web-apps/alps.nix b/nixpkgs/nixos/modules/services/web-apps/alps.nix index 81c6b8ad30b5..e72b85eb3569 100644 --- a/nixpkgs/nixos/modules/services/web-apps/alps.nix +++ b/nixpkgs/nixos/modules/services/web-apps/alps.nix @@ -6,12 +6,12 @@ let cfg = config.services.alps; in { options.services.alps = { - enable = mkEnableOption (lib.mdDoc "alps"); + enable = mkEnableOption "alps"; port = mkOption { type = types.port; default = 1323; - description = lib.mdDoc '' + description = '' TCP port the service should listen on. ''; }; @@ -19,7 +19,7 @@ in { bindIP = mkOption { default = "[::]"; type = types.str; - description = lib.mdDoc '' + description = '' The IP the service should listen on. ''; }; @@ -27,7 +27,7 @@ in { theme = mkOption { type = types.enum [ "alps" "sourcehut" ]; default = "sourcehut"; - description = lib.mdDoc '' + description = '' The frontend's theme to use. ''; }; @@ -36,7 +36,7 @@ in { port = mkOption { type = types.port; default = 993; - description = lib.mdDoc '' + description = '' The IMAPS server port. ''; }; @@ -45,7 +45,7 @@ in { type = types.str; default = "[::1]"; example = "mail.example.org"; - description = lib.mdDoc '' + description = '' The IMAPS server address. ''; }; @@ -55,7 +55,7 @@ in { port = mkOption { type = types.port; default = 465; - description = lib.mdDoc '' + description = '' The SMTPS server port. ''; }; @@ -65,7 +65,7 @@ in { default = cfg.imaps.host; defaultText = "services.alps.imaps.host"; example = "mail.example.org"; - description = lib.mdDoc '' + description = '' The SMTPS server address. ''; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix b/nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix index 3b326390fa43..75f3d66b2f99 100644 --- a/nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix +++ b/nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix @@ -56,7 +56,7 @@ let in { options.services.anuko-time-tracker = { - enable = lib.mkEnableOption (lib.mdDoc "Anuko Time Tracker"); + enable = lib.mkEnableOption "Anuko Time Tracker"; package = lib.mkPackageOption pkgs "anuko-time-tracker" {}; @@ -64,30 +64,30 @@ in createLocally = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc "Create the database and database user locally."; + description = "Create the database and database user locally."; }; host = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "Database host."; + description = "Database host."; default = "localhost"; }; name = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "Database name."; + description = "Database name."; default = "anuko_time_tracker"; }; user = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "Database username."; + description = "Database username."; default = "anuko_time_tracker"; }; passwordFile = lib.mkOption { type = lib.types.nullOr lib.types.str; - description = lib.mdDoc "Database user password file."; + description = "Database user password file."; default = null; }; }; @@ -102,7 +102,7 @@ in "pm.max_spare_servers" = 4; "pm.max_requests" = 500; }; - description = lib.mdDoc '' + description = '' Options for Anuko Time Tracker's PHP-FPM pool. ''; }; @@ -115,7 +115,7 @@ in else config.networking.hostName; defaultText = lib.literalExpression "config.networking.fqdn"; example = "anuko.example.com"; - description = lib.mdDoc '' + description = '' The hostname to serve Anuko Time Tracker on. ''; }; @@ -137,7 +137,7 @@ in enableACME = true; } ''; - description = lib.mdDoc '' + description = '' With this option, you can customize the Nginx virtualHost settings. ''; }; @@ -145,21 +145,21 @@ in dataDir = lib.mkOption { type = lib.types.str; default = "/var/lib/anuko-time-tracker"; - description = lib.mdDoc "Default data folder for Anuko Time Tracker."; + description = "Default data folder for Anuko Time Tracker."; example = "/mnt/anuko-time-tracker"; }; user = lib.mkOption { type = lib.types.str; default = "anuko_time_tracker"; - description = lib.mdDoc "User under which Anuko Time Tracker runs."; + description = "User under which Anuko Time Tracker runs."; }; settings = { multiorgMode = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc '' + description = '' Defines whether users see the Register option in the menu of Time Tracker that allows them to self-register and create new organizations (top groups). ''; @@ -168,13 +168,13 @@ in emailRequired = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc "Defines whether an email is required for new registrations."; + description = "Defines whether an email is required for new registrations."; }; weekendStartDay = lib.mkOption { type = lib.types.int; default = 6; - description = lib.mdDoc '' + description = '' This option defines which days are highlighted with weekend color. 6 means Saturday. For Saudi Arabia, etc. set it to 4 for Thursday and Friday to be weekend days. @@ -183,58 +183,58 @@ in forumLink = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "Forum link from the main menu."; + description = "Forum link from the main menu."; default = "https://www.anuko.com/forum/viewforum.php?f=4"; }; helpLink = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "Help link from the main menu."; + description = "Help link from the main menu."; default = "https://www.anuko.com/time-tracker/user-guide/index.htm"; }; email = { sender = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "Default sender for mail."; + description = "Default sender for mail."; default = "Anuko Time Tracker <bounces@example.com>"; }; mode = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "Mail sending mode. Can be 'mail' or 'smtp'."; + description = "Mail sending mode. Can be 'mail' or 'smtp'."; default = "smtp"; }; smtpHost = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "MTA hostname."; + description = "MTA hostname."; default = "localhost"; }; smtpPort = lib.mkOption { type = lib.types.int; - description = lib.mdDoc "MTA port."; + description = "MTA port."; default = 25; }; smtpUser = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "MTA authentication username."; + description = "MTA authentication username."; default = ""; }; smtpAuth = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc "MTA requires authentication."; + description = "MTA requires authentication."; }; smtpPasswordFile = lib.mkOption { type = lib.types.nullOr lib.types.path; default = null; example = "/var/lib/anuko-time-tracker/secrets/smtp-password"; - description = lib.mdDoc '' + description = '' Path to file containing the MTA authentication password. ''; }; @@ -242,13 +242,13 @@ in smtpDebug = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc "Debug mail sending."; + description = "Debug mail sending."; }; }; defaultLanguage = lib.mkOption { type = lib.types.str; - description = lib.mdDoc '' + description = '' Defines Anuko Time Tracker default language. It is used on Time Tracker login page. After login, a language set for user group is used. Empty string means the language is defined by user browser. @@ -259,7 +259,7 @@ in defaultCurrency = lib.mkOption { type = lib.types.str; - description = lib.mdDoc '' + description = '' Defines a default currency symbol for new groups. Use €, £, a more specific dollar like US$, CAD, etc. ''; @@ -270,7 +270,7 @@ in exportDecimalDuration = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc '' + description = '' Defines whether time duration values are decimal in CSV and XML data exports (1.25 vs 1:15). ''; @@ -279,7 +279,7 @@ in reportFooter = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc "Defines whether to use a footer on reports."; + description = "Defines whether to use a footer on reports."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix b/nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix index aa13659fcc30..683a1c7603ef 100644 --- a/nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix +++ b/nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix @@ -29,101 +29,101 @@ in { options = { services.confluence = { - enable = mkEnableOption (lib.mdDoc "Atlassian Confluence service"); + enable = mkEnableOption "Atlassian Confluence service"; user = mkOption { type = types.str; default = "confluence"; - description = lib.mdDoc "User which runs confluence."; + description = "User which runs confluence."; }; group = mkOption { type = types.str; default = "confluence"; - description = lib.mdDoc "Group which runs confluence."; + description = "Group which runs confluence."; }; home = mkOption { type = types.str; default = "/var/lib/confluence"; - description = lib.mdDoc "Home directory of the confluence instance."; + description = "Home directory of the confluence instance."; }; listenAddress = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc "Address to listen on."; + description = "Address to listen on."; }; listenPort = mkOption { type = types.port; default = 8090; - description = lib.mdDoc "Port to listen on."; + description = "Port to listen on."; }; catalinaOptions = mkOption { type = types.listOf types.str; default = []; example = [ "-Xms1024m" "-Xmx2048m" "-Dconfluence.disable.peopledirectory.all=true" ]; - description = lib.mdDoc "Java options to pass to catalina/tomcat."; + description = "Java options to pass to catalina/tomcat."; }; proxy = { - enable = mkEnableOption (lib.mdDoc "proxy support"); + enable = mkEnableOption "proxy support"; name = mkOption { type = types.str; example = "confluence.example.com"; - description = lib.mdDoc "Virtual hostname at the proxy"; + description = "Virtual hostname at the proxy"; }; port = mkOption { type = types.port; default = 443; example = 80; - description = lib.mdDoc "Port used at the proxy"; + description = "Port used at the proxy"; }; scheme = mkOption { type = types.str; default = "https"; example = "http"; - description = lib.mdDoc "Protocol used at the proxy."; + description = "Protocol used at the proxy."; }; }; sso = { - enable = mkEnableOption (lib.mdDoc "SSO with Atlassian Crowd"); + enable = mkEnableOption "SSO with Atlassian Crowd"; crowd = mkOption { type = types.str; example = "http://localhost:8095/crowd"; - description = lib.mdDoc "Crowd Base URL without trailing slash"; + description = "Crowd Base URL without trailing slash"; }; applicationName = mkOption { type = types.str; example = "jira"; - description = lib.mdDoc "Exact name of this Confluence instance in Crowd"; + description = "Exact name of this Confluence instance in Crowd"; }; applicationPassword = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "Application password of this Confluence instance in Crowd"; + description = "Application password of this Confluence instance in Crowd"; }; applicationPasswordFile = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "Path to the application password for Crowd of Confluence."; + description = "Path to the application password for Crowd of Confluence."; }; validationInterval = mkOption { type = types.int; default = 2; example = 0; - description = lib.mdDoc '' + description = '' Set to 0, if you want authentication checks to occur on each request. Otherwise set to the number of minutes between request to validate if the user is logged in or out of the Crowd SSO diff --git a/nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix b/nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix index eed1a127fe4f..527fa1743df2 100644 --- a/nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix +++ b/nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix @@ -34,84 +34,84 @@ in { options = { services.crowd = { - enable = mkEnableOption (lib.mdDoc "Atlassian Crowd service"); + enable = mkEnableOption "Atlassian Crowd service"; user = mkOption { type = types.str; default = "crowd"; - description = lib.mdDoc "User which runs Crowd."; + description = "User which runs Crowd."; }; group = mkOption { type = types.str; default = "crowd"; - description = lib.mdDoc "Group which runs Crowd."; + description = "Group which runs Crowd."; }; home = mkOption { type = types.str; default = "/var/lib/crowd"; - description = lib.mdDoc "Home directory of the Crowd instance."; + description = "Home directory of the Crowd instance."; }; listenAddress = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc "Address to listen on."; + description = "Address to listen on."; }; listenPort = mkOption { type = types.port; default = 8092; - description = lib.mdDoc "Port to listen on."; + description = "Port to listen on."; }; openidPassword = mkOption { type = types.str; default = "WILL_NEVER_BE_SET"; - description = lib.mdDoc "Application password for OpenID server."; + description = "Application password for OpenID server."; }; openidPasswordFile = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "Path to the file containing the application password for OpenID server."; + description = "Path to the file containing the application password for OpenID server."; }; catalinaOptions = mkOption { type = types.listOf types.str; default = []; example = [ "-Xms1024m" "-Xmx2048m" ]; - description = lib.mdDoc "Java options to pass to catalina/tomcat."; + description = "Java options to pass to catalina/tomcat."; }; proxy = { - enable = mkEnableOption (lib.mdDoc "reverse proxy support"); + enable = mkEnableOption "reverse proxy support"; name = mkOption { type = types.str; example = "crowd.example.com"; - description = lib.mdDoc "Virtual hostname at the proxy"; + description = "Virtual hostname at the proxy"; }; port = mkOption { type = types.port; default = 443; example = 80; - description = lib.mdDoc "Port used at the proxy"; + description = "Port used at the proxy"; }; scheme = mkOption { type = types.str; default = "https"; example = "http"; - description = lib.mdDoc "Protocol used at the proxy."; + description = "Protocol used at the proxy."; }; secure = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether the connections to the proxy should be considered secure."; + description = "Whether the connections to the proxy should be considered secure."; }; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix b/nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix index a9f337810a0f..40c5d95cae3a 100644 --- a/nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix +++ b/nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix @@ -29,100 +29,100 @@ in { options = { services.jira = { - enable = mkEnableOption (lib.mdDoc "Atlassian JIRA service"); + enable = mkEnableOption "Atlassian JIRA service"; user = mkOption { type = types.str; default = "jira"; - description = lib.mdDoc "User which runs JIRA."; + description = "User which runs JIRA."; }; group = mkOption { type = types.str; default = "jira"; - description = lib.mdDoc "Group which runs JIRA."; + description = "Group which runs JIRA."; }; home = mkOption { type = types.str; default = "/var/lib/jira"; - description = lib.mdDoc "Home directory of the JIRA instance."; + description = "Home directory of the JIRA instance."; }; listenAddress = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc "Address to listen on."; + description = "Address to listen on."; }; listenPort = mkOption { type = types.port; default = 8091; - description = lib.mdDoc "Port to listen on."; + description = "Port to listen on."; }; catalinaOptions = mkOption { type = types.listOf types.str; default = []; example = [ "-Xms1024m" "-Xmx2048m" ]; - description = lib.mdDoc "Java options to pass to catalina/tomcat."; + description = "Java options to pass to catalina/tomcat."; }; proxy = { - enable = mkEnableOption (lib.mdDoc "reverse proxy support"); + enable = mkEnableOption "reverse proxy support"; name = mkOption { type = types.str; example = "jira.example.com"; - description = lib.mdDoc "Virtual hostname at the proxy"; + description = "Virtual hostname at the proxy"; }; port = mkOption { type = types.port; default = 443; example = 80; - description = lib.mdDoc "Port used at the proxy"; + description = "Port used at the proxy"; }; scheme = mkOption { type = types.str; default = "https"; example = "http"; - description = lib.mdDoc "Protocol used at the proxy."; + description = "Protocol used at the proxy."; }; secure = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether the connections to the proxy should be considered secure."; + description = "Whether the connections to the proxy should be considered secure."; }; }; sso = { - enable = mkEnableOption (lib.mdDoc "SSO with Atlassian Crowd"); + enable = mkEnableOption "SSO with Atlassian Crowd"; crowd = mkOption { type = types.str; example = "http://localhost:8095/crowd"; - description = lib.mdDoc "Crowd Base URL without trailing slash"; + description = "Crowd Base URL without trailing slash"; }; applicationName = mkOption { type = types.str; example = "jira"; - description = lib.mdDoc "Exact name of this JIRA instance in Crowd"; + description = "Exact name of this JIRA instance in Crowd"; }; applicationPasswordFile = mkOption { type = types.str; - description = lib.mdDoc "Path to the file containing the application password of this JIRA instance in Crowd"; + description = "Path to the file containing the application password of this JIRA instance in Crowd"; }; validationInterval = mkOption { type = types.int; default = 2; example = 0; - description = lib.mdDoc '' + description = '' Set to 0, if you want authentication checks to occur on each request. Otherwise set to the number of minutes between request to validate if the user is logged in or out of the Crowd SSO diff --git a/nixpkgs/nixos/modules/services/web-apps/bookstack.nix b/nixpkgs/nixos/modules/services/web-apps/bookstack.nix index 4999eceb2b60..21948fd310d6 100644 --- a/nixpkgs/nixos/modules/services/web-apps/bookstack.nix +++ b/nixpkgs/nixos/modules/services/web-apps/bookstack.nix @@ -34,22 +34,22 @@ in { options.services.bookstack = { - enable = mkEnableOption (lib.mdDoc "BookStack"); + enable = mkEnableOption "BookStack"; user = mkOption { default = "bookstack"; - description = lib.mdDoc "User bookstack runs as."; + description = "User bookstack runs as."; type = types.str; }; group = mkOption { default = "bookstack"; - description = lib.mdDoc "Group bookstack runs as."; + description = "Group bookstack runs as."; type = types.str; }; appKeyFile = mkOption { - description = lib.mdDoc '' + description = '' A file containing the Laravel APP_KEY - a 32 character long, base64 encoded key used for encryption where needed. Can be generated with `head -c 32 /dev/urandom | base64`. @@ -63,13 +63,13 @@ in { default = config.networking.fqdnOrHostName; defaultText = lib.literalExpression "config.networking.fqdnOrHostName"; example = "bookstack.example.com"; - description = lib.mdDoc '' + description = '' The hostname to serve BookStack on. ''; }; appURL = mkOption { - description = lib.mdDoc '' + description = '' The root URL that you want to host BookStack on. All URLs in BookStack will be generated using this value. If you change this in the future you may need to run a command to update stored URLs in the database. Command example: `php artisan bookstack:update-url https://old.example.com https://new.example.com` ''; @@ -80,7 +80,7 @@ in { }; dataDir = mkOption { - description = lib.mdDoc "BookStack data directory"; + description = "BookStack data directory"; default = "/var/lib/bookstack"; type = types.path; }; @@ -89,29 +89,29 @@ in { host = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc "Database host address."; + description = "Database host address."; }; port = mkOption { type = types.port; default = 3306; - description = lib.mdDoc "Database host port."; + description = "Database host port."; }; name = mkOption { type = types.str; default = "bookstack"; - description = lib.mdDoc "Database name."; + description = "Database name."; }; user = mkOption { type = types.str; default = user; defaultText = literalExpression "user"; - description = lib.mdDoc "Database username."; + description = "Database username."; }; passwordFile = mkOption { type = with types; nullOr path; default = null; example = "/run/keys/bookstack-dbpassword"; - description = lib.mdDoc '' + description = '' A file containing the password corresponding to {option}`database.user`. ''; @@ -119,7 +119,7 @@ in { createLocally = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Create the database and database user locally."; + description = "Create the database and database user locally."; }; }; @@ -127,39 +127,39 @@ in { driver = mkOption { type = types.enum [ "smtp" "sendmail" ]; default = "smtp"; - description = lib.mdDoc "Mail driver to use."; + description = "Mail driver to use."; }; host = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc "Mail host address."; + description = "Mail host address."; }; port = mkOption { type = types.port; default = 1025; - description = lib.mdDoc "Mail host port."; + description = "Mail host port."; }; fromName = mkOption { type = types.str; default = "BookStack"; - description = lib.mdDoc "Mail \"from\" name."; + description = "Mail \"from\" name."; }; from = mkOption { type = types.str; default = "mail@bookstackapp.com"; - description = lib.mdDoc "Mail \"from\" email."; + description = "Mail \"from\" email."; }; user = mkOption { type = with types; nullOr str; default = null; example = "bookstack"; - description = lib.mdDoc "Mail username."; + description = "Mail username."; }; passwordFile = mkOption { type = with types; nullOr path; default = null; example = "/run/keys/bookstack-mailpassword"; - description = lib.mdDoc '' + description = '' A file containing the password corresponding to {option}`mail.user`. ''; @@ -167,7 +167,7 @@ in { encryption = mkOption { type = with types; nullOr (enum [ "tls" ]); default = null; - description = lib.mdDoc "SMTP encryption mechanism to use."; + description = "SMTP encryption mechanism to use."; }; }; @@ -175,7 +175,7 @@ in { type = types.str; default = "18M"; example = "1G"; - description = lib.mdDoc "The maximum size for uploads (e.g. images)."; + description = "The maximum size for uploads (e.g. images)."; }; poolConfig = mkOption { @@ -188,7 +188,7 @@ in { "pm.max_spare_servers" = 4; "pm.max_requests" = 500; }; - description = lib.mdDoc '' + description = '' Options for the bookstack PHP pool. See the documentation on `php-fpm.conf` for details on configuration directives. ''; @@ -210,7 +210,7 @@ in { enableACME = true; } ''; - description = lib.mdDoc '' + description = '' With this option, you can customize the nginx virtualHost settings. ''; }; @@ -231,7 +231,7 @@ in { options = { _secret = mkOption { type = nullOr str; - description = lib.mdDoc '' + description = '' The path to a file containing the value the option should be set to in the final configuration file. @@ -253,7 +253,7 @@ in { OIDC_ISSUER_DISCOVER = true; } ''; - description = lib.mdDoc '' + description = '' BookStack configuration options to set in the {file}`.env` file. diff --git a/nixpkgs/nixos/modules/services/web-apps/calibre-web.nix b/nixpkgs/nixos/modules/services/web-apps/calibre-web.nix index 80567db10c97..0ca9ed2fbcf3 100644 --- a/nixpkgs/nixos/modules/services/web-apps/calibre-web.nix +++ b/nixpkgs/nixos/modules/services/web-apps/calibre-web.nix @@ -8,7 +8,7 @@ in { options = { services.calibre-web = { - enable = mkEnableOption (lib.mdDoc "Calibre-Web"); + enable = mkEnableOption "Calibre-Web"; package = lib.mkPackageOption pkgs "calibre-web" { }; @@ -16,7 +16,7 @@ in ip = mkOption { type = types.str; default = "::1"; - description = lib.mdDoc '' + description = '' IP address that Calibre-Web should listen on. ''; }; @@ -24,7 +24,7 @@ in port = mkOption { type = types.port; default = 8083; - description = lib.mdDoc '' + description = '' Listen port for Calibre-Web. ''; }; @@ -33,7 +33,7 @@ in dataDir = mkOption { type = types.str; default = "calibre-web"; - description = lib.mdDoc '' + description = '' The directory below {file}`/var/lib` where Calibre-Web stores its data. ''; }; @@ -41,19 +41,19 @@ in user = mkOption { type = types.str; default = "calibre-web"; - description = lib.mdDoc "User account under which Calibre-Web runs."; + description = "User account under which Calibre-Web runs."; }; group = mkOption { type = types.str; default = "calibre-web"; - description = lib.mdDoc "Group account under which Calibre-Web runs."; + description = "Group account under which Calibre-Web runs."; }; openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Open ports in the firewall for the server. ''; }; @@ -62,7 +62,7 @@ in calibreLibrary = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Path to Calibre library. ''; }; @@ -70,17 +70,17 @@ in enableBookConversion = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Configure path to the Calibre's ebook-convert in the DB. ''; }; - enableKepubify = mkEnableOption (lib.mdDoc "kebup conversion support"); + enableKepubify = mkEnableOption "kebup conversion support"; enableBookUploading = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Allow books to be uploaded via Calibre-Web UI. ''; }; @@ -89,7 +89,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable authorization using auth proxy. ''; }; @@ -97,7 +97,7 @@ in header = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Auth proxy header name. ''; }; diff --git a/nixpkgs/nixos/modules/services/audio/castopod.md b/nixpkgs/nixos/modules/services/web-apps/castopod.md index 40838cc77aa6..5ecd807686fd 100644 --- a/nixpkgs/nixos/modules/services/audio/castopod.md +++ b/nixpkgs/nixos/modules/services/web-apps/castopod.md @@ -4,6 +4,7 @@ Castopod is an open-source hosting platform made for podcasters who want to enga ## Quickstart {#module-services-castopod-quickstart} +Configure ACME (https://nixos.org/manual/nixos/unstable/#module-security-acme). Use the following configuration to start a public instance of Castopod on `castopod.example.com` domain: ```nix diff --git a/nixpkgs/nixos/modules/services/audio/castopod.nix b/nixpkgs/nixos/modules/services/web-apps/castopod.nix index b782b5489147..d3750c3dd393 100644 --- a/nixpkgs/nixos/modules/services/audio/castopod.nix +++ b/nixpkgs/nixos/modules/services/web-apps/castopod.nix @@ -4,7 +4,6 @@ let fpm = config.services.phpfpm.pools.castopod; user = "castopod"; - stateDirectory = "/var/lib/castopod"; # https://docs.castopod.org/getting-started/install.html#requirements phpPackage = pkgs.php.withExtensions ({ enabled, all }: with all; [ @@ -18,47 +17,58 @@ let in { meta.doc = ./castopod.md; - meta.maintainers = with lib.maintainers; [ alexoundos misuzu ]; + meta.maintainers = with lib.maintainers; [ alexoundos ]; options.services = { castopod = { - enable = lib.mkEnableOption (lib.mdDoc "Castopod"); + enable = lib.mkEnableOption "Castopod, a hosting platform for podcasters"; package = lib.mkOption { type = lib.types.package; default = pkgs.castopod; defaultText = lib.literalMD "pkgs.castopod"; - description = lib.mdDoc "Which Castopod package to use."; + description = "Which Castopod package to use."; + }; + dataDir = lib.mkOption { + type = lib.types.path; + default = "/var/lib/castopod"; + description = '' + The path where castopod stores all data. This path must be in sync + with the castopod package (where it is hardcoded during the build in + accordance with its own `dataDir` argument). + ''; }; database = { createLocally = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc '' + description = '' Create the database and database user locally. ''; }; hostname = lib.mkOption { type = lib.types.str; default = "localhost"; - description = lib.mdDoc "Database hostname."; + description = "Database hostname."; }; name = lib.mkOption { type = lib.types.str; default = "castopod"; - description = lib.mdDoc "Database name."; + description = "Database name."; }; user = lib.mkOption { type = lib.types.str; default = user; - description = lib.mdDoc "Database user."; + description = "Database user."; }; passwordFile = lib.mkOption { type = lib.types.nullOr lib.types.path; default = null; example = "/run/keys/castopod-dbpassword"; - description = lib.mdDoc '' + description = '' A file containing the password corresponding to [](#opt-services.castopod.database.user). + + This file is loaded using systemd LoadCredentials. ''; }; }; @@ -71,7 +81,7 @@ in "email.SMTPUser" = "myuser"; "email.fromEmail" = "castopod@example.com"; }; - description = lib.mdDoc '' + description = '' Environment variables used for Castopod. See [](https://code.castopod.org/adaures/castopod/-/blob/main/.env.example) for available environment variables. @@ -81,21 +91,23 @@ in type = lib.types.nullOr lib.types.path; default = null; example = "/run/keys/castopod-env"; - description = lib.mdDoc '' + description = '' Environment file to inject e.g. secrets into the configuration. See [](https://code.castopod.org/adaures/castopod/-/blob/main/.env.example) for available environment variables. + + This file is loaded using systemd LoadCredentials. ''; }; configureNginx = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc "Configure nginx as a reverse proxy for CastoPod."; + description = "Configure nginx as a reverse proxy for CastoPod."; }; localDomain = lib.mkOption { type = lib.types.str; example = "castopod.example.org"; - description = lib.mdDoc "The domain serving your CastoPod instance."; + description = "The domain serving your CastoPod instance."; }; poolSettings = lib.mkOption { type = with lib.types; attrsOf (oneOf [ str int bool ]); @@ -107,10 +119,23 @@ in "pm.max_spare_servers" = "4"; "pm.max_requests" = "500"; }; - description = lib.mdDoc '' + description = '' Options for Castopod's PHP pool. See the documentation on `php-fpm.conf` for details on configuration directives. ''; }; + maxUploadSize = lib.mkOption { + type = lib.types.str; + default = "512M"; + description = '' + Maximum supported size for a file upload in. Maximum HTTP body + size is set to this value for nginx and PHP (because castopod doesn't + support chunked uploads yet: + https://code.castopod.org/adaures/castopod/-/issues/330). + + Note, that practical upload size limit is smaller. For example, with + 512 MiB setting - around 500 MiB is possible. + ''; + }; }; }; @@ -120,13 +145,13 @@ in sslEnabled = with config.services.nginx.virtualHosts.${cfg.localDomain}; addSSL || forceSSL || onlySSL || enableACME || useACMEHost != null; baseURL = "http${lib.optionalString sslEnabled "s"}://${cfg.localDomain}"; in - lib.mapAttrs (name: lib.mkDefault) { + lib.mapAttrs (_: lib.mkDefault) { "app.forceGlobalSecureRequests" = sslEnabled; "app.baseURL" = baseURL; - "media.baseURL" = "/"; + "media.baseURL" = baseURL; "media.root" = "media"; - "media.storage" = stateDirectory; + "media.storage" = cfg.dataDir; "admin.gateway" = "admin"; "auth.gateway" = "auth"; @@ -142,13 +167,13 @@ in services.phpfpm.pools.castopod = { inherit user; group = config.services.nginx.group; - phpPackage = phpPackage; + inherit phpPackage; phpOptions = '' - # https://code.castopod.org/adaures/castopod/-/blob/main/docker/production/app/uploads.ini + # https://code.castopod.org/adaures/castopod/-/blob/develop/docker/production/common/uploads.template.ini file_uploads = On memory_limit = 512M - upload_max_filesize = 500M - post_max_size = 512M + upload_max_filesize = ${cfg.maxUploadSize} + post_max_size = ${cfg.maxUploadSize} max_execution_time = 300 max_input_time = 300 ''; @@ -165,45 +190,50 @@ in path = [ pkgs.openssl phpPackage ]; script = let - envFile = "${stateDirectory}/.env"; + envFile = "${cfg.dataDir}/.env"; media = "${cfg.settings."media.storage"}/${cfg.settings."media.root"}"; in '' - mkdir -p ${stateDirectory}/writable/{cache,logs,session,temp,uploads} + mkdir -p ${cfg.dataDir}/writable/{cache,logs,session,temp,uploads} if [ ! -d ${lib.escapeShellArg media} ]; then cp --no-preserve=mode,ownership -r ${cfg.package}/share/castopod/public/media ${lib.escapeShellArg media} fi - if [ ! -f ${stateDirectory}/salt ]; then - openssl rand -base64 33 > ${stateDirectory}/salt + if [ ! -f ${cfg.dataDir}/salt ]; then + openssl rand -base64 33 > ${cfg.dataDir}/salt fi cat <<'EOF' > ${envFile} ${lib.generators.toKeyValue { } cfg.settings} EOF - echo "analytics.salt=$(cat ${stateDirectory}/salt)" >> ${envFile} + echo "analytics.salt=$(cat ${cfg.dataDir}/salt)" >> ${envFile} ${if (cfg.database.passwordFile != null) then '' - echo "database.default.password=$(cat ${lib.escapeShellArg cfg.database.passwordFile})" >> ${envFile} + echo "database.default.password=$(cat "$CREDENTIALS_DIRECTORY/dbpasswordfile)" >> ${envFile} '' else '' echo "database.default.password=" >> ${envFile} ''} ${lib.optionalString (cfg.environmentFile != null) '' - cat ${lib.escapeShellArg cfg.environmentFile}) >> ${envFile} + cat "$CREDENTIALS_DIRECTORY/envfile" >> ${envFile} ''} - php spark castopod:database-update + php ${cfg.package}/share/castopod/spark castopod:database-update ''; serviceConfig = { StateDirectory = "castopod"; + LoadCredential = lib.optional (cfg.environmentFile != null) + "envfile:${cfg.environmentFile}" + ++ (lib.optional (cfg.database.passwordFile != null) + "dbpasswordfile:${cfg.database.passwordFile}"); WorkingDirectory = "${cfg.package}/share/castopod"; Type = "oneshot"; RemainAfterExit = true; User = user; Group = config.services.nginx.group; + ReadWritePaths = cfg.dataDir; }; }; @@ -212,9 +242,7 @@ in wantedBy = [ "multi-user.target" ]; path = [ phpPackage ]; script = '' - php public/index.php scheduled-activities - php public/index.php scheduled-websub-publish - php public/index.php scheduled-video-clips + php ${cfg.package}/share/castopod/spark tasks:run ''; serviceConfig = { StateDirectory = "castopod"; @@ -222,6 +250,8 @@ in Type = "oneshot"; User = user; Group = config.services.nginx.group; + ReadWritePaths = cfg.dataDir; + LogLevelMax = "notice"; # otherwise periodic tasks flood the journal }; }; @@ -251,6 +281,7 @@ in extraConfig = '' try_files $uri $uri/ /index.php?$args; index index.php index.html; + client_max_body_size ${cfg.maxUploadSize}; ''; locations."^~ /${cfg.settings."media.root"}/" = { @@ -278,7 +309,7 @@ in }; }; - users.users.${user} = lib.mapAttrs (name: lib.mkDefault) { + users.users.${user} = lib.mapAttrs (_: lib.mkDefault) { description = "Castopod user"; isSystemUser = true; group = config.services.nginx.group; diff --git a/nixpkgs/nixos/modules/services/web-apps/changedetection-io.nix b/nixpkgs/nixos/modules/services/web-apps/changedetection-io.nix index bbf4c2aed186..f0d72b1e4d69 100644 --- a/nixpkgs/nixos/modules/services/web-apps/changedetection-io.nix +++ b/nixpkgs/nixos/modules/services/web-apps/changedetection-io.nix @@ -7,12 +7,12 @@ let in { options.services.changedetection-io = { - enable = mkEnableOption (lib.mdDoc "changedetection-io"); + enable = mkEnableOption "changedetection-io"; user = mkOption { default = "changedetection-io"; type = types.str; - description = lib.mdDoc '' + description = '' User account under which changedetection-io runs. ''; }; @@ -20,7 +20,7 @@ in group = mkOption { default = "changedetection-io"; type = types.str; - description = lib.mdDoc '' + description = '' Group account under which changedetection-io runs. ''; }; @@ -28,19 +28,19 @@ in listenAddress = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc "Address the server will listen on."; + description = "Address the server will listen on."; }; port = mkOption { type = types.port; default = 5000; - description = lib.mdDoc "Port the server will listen on."; + description = "Port the server will listen on."; }; datastorePath = mkOption { type = types.str; default = "/var/lib/changedetection-io"; - description = lib.mdDoc '' + description = '' The directory used to store all data for changedetection-io. ''; }; @@ -49,7 +49,7 @@ in type = types.nullOr types.str; default = null; example = "https://changedetection-io.example"; - description = lib.mdDoc '' + description = '' The base url used in notifications and `{base_url}` token. ''; }; @@ -57,7 +57,7 @@ in behindProxy = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable this option when changedetection-io runs behind a reverse proxy, so that it trusts X-* headers. It is recommend to run changedetection-io behind a TLS reverse proxy. ''; @@ -67,7 +67,7 @@ in type = types.nullOr types.path; default = null; example = "/run/secrets/changedetection-io.env"; - description = lib.mdDoc '' + description = '' Securely pass environment variabels to changedetection-io. This can be used to set for example a frontend password reproducible via `SALTED_PASS` @@ -81,7 +81,7 @@ in webDriverSupport = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable support for fetching web pages using WebDriver and Chromium. This starts a headless chromium controlled by puppeteer in an oci container. @@ -95,7 +95,7 @@ in playwrightSupport = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable support for fetching web pages using playwright and Chromium. This starts a headless Chromium controlled by puppeteer in an oci container. @@ -109,7 +109,7 @@ in chromePort = mkOption { type = types.port; default = 4444; - description = lib.mdDoc '' + description = '' A free port on which webDriverSupport or playwrightSupport listen on localhost. ''; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/chatgpt-retrieval-plugin.nix b/nixpkgs/nixos/modules/services/web-apps/chatgpt-retrieval-plugin.nix index f29d095bc10b..c1ab7ec40949 100644 --- a/nixpkgs/nixos/modules/services/web-apps/chatgpt-retrieval-plugin.nix +++ b/nixpkgs/nixos/modules/services/web-apps/chatgpt-retrieval-plugin.nix @@ -7,24 +7,24 @@ let in { options.services.chatgpt-retrieval-plugin = { - enable = mkEnableOption (lib.mdDoc "chatgpt-retrieval-plugin service"); + enable = mkEnableOption "chatgpt-retrieval-plugin service"; port = mkOption { type = types.port; default = 8080; - description = lib.mdDoc "Port the chatgpt-retrieval-plugin service listens on."; + description = "Port the chatgpt-retrieval-plugin service listens on."; }; host = mkOption { type = types.str; default = "127.0.0.1"; example = "0.0.0.0"; - description = lib.mdDoc "The hostname or IP address for chatgpt-retrieval-plugin to bind to."; + description = "The hostname or IP address for chatgpt-retrieval-plugin to bind to."; }; bearerTokenPath = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' Path to the secret bearer token used for the http api authentication. ''; default = ""; @@ -33,7 +33,7 @@ in openaiApiKeyPath = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' Path to the secret openai api key used for embeddings. ''; default = ""; @@ -43,12 +43,12 @@ in datastore = mkOption { type = types.enum [ "pinecone" "weaviate" "zilliz" "milvus" "qdrant" "redis" ]; default = "qdrant"; - description = lib.mdDoc "This specifies the vector database provider you want to use to store and query embeddings."; + description = "This specifies the vector database provider you want to use to store and query embeddings."; }; qdrantCollection = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' name of the qdrant collection used to store documents. ''; default = "document_chunks"; diff --git a/nixpkgs/nixos/modules/services/web-apps/cloudlog.nix b/nixpkgs/nixos/modules/services/web-apps/cloudlog.nix index 5519d6967a12..6550d112d537 100644 --- a/nixpkgs/nixos/modules/services/web-apps/cloudlog.nix +++ b/nixpkgs/nixos/modules/services/web-apps/cloudlog.nix @@ -69,46 +69,46 @@ let in { options.services.cloudlog = with types; { - enable = mkEnableOption (mdDoc "Cloudlog"); + enable = mkEnableOption "Cloudlog"; dataDir = mkOption { type = str; default = "/var/lib/cloudlog"; - description = mdDoc "Cloudlog data directory."; + description = "Cloudlog data directory."; }; baseUrl = mkOption { type = str; default = "http://localhost"; - description = mdDoc "Cloudlog base URL"; + description = "Cloudlog base URL"; }; user = mkOption { type = str; default = "cloudlog"; - description = mdDoc "User account under which Cloudlog runs."; + description = "User account under which Cloudlog runs."; }; database = { createLocally = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Create the database and database user locally."; + description = "Create the database and database user locally."; }; host = mkOption { type = str; - description = mdDoc "MySQL database host"; + description = "MySQL database host"; default = "localhost"; }; name = mkOption { type = str; - description = mdDoc "MySQL database name."; + description = "MySQL database name."; default = "cloudlog"; }; user = mkOption { type = str; - description = mdDoc "MySQL user name."; + description = "MySQL user name."; default = "cloudlog"; }; passwordFile = mkOption { type = nullOr str; - description = mdDoc "MySQL user password file."; + description = "MySQL user password file."; default = null; }; }; @@ -122,20 +122,20 @@ in "pm.max_spare_servers" = 4; "pm.max_requests" = 500; }; - description = mdDoc '' + description = '' Options for Cloudlog's PHP-FPM pool. ''; }; virtualHost = mkOption { type = nullOr str; default = "localhost"; - description = mdDoc '' + description = '' Name of the nginx virtualhost to use and setup. If null, do not setup any virtualhost. ''; }; extraConfig = mkOption { - description = mdDoc '' + description = '' Any additional text to be appended to the config.php configuration file. This is a PHP script. For configuration settings, see <https://github.com/magicbug/Cloudlog/wiki/Cloudlog.php-Configuration-File>. @@ -150,7 +150,7 @@ in enable = mkOption { type = bool; default = true; - description = mdDoc '' + description = '' Whether to periodically upload logs to LoTW. If enabled, a systemd timer will run the log upload task as specified by the interval option. @@ -159,7 +159,7 @@ in interval = mkOption { type = str; default = "daily"; - description = mdDoc '' + description = '' Specification (in the format described by systemd.time(7)) of the time at which the LoTW upload will occur. ''; @@ -169,7 +169,7 @@ in enable = mkOption { type = bool; default = true; - description = mdDoc '' + description = '' Whether to periodically upload logs to Clublog. If enabled, a systemd timer will run the log upload task as specified by the interval option. ''; @@ -177,7 +177,7 @@ in interval = mkOption { type = str; default = "daily"; - description = mdDoc '' + description = '' Specification (in the format described by systemd.time(7)) of the time at which the Clublog upload will occur. ''; @@ -187,7 +187,7 @@ in enable = mkOption { type = bool; default = true; - description = mdDoc '' + description = '' Whether to periodically update the list of LoTW users. If enabled, a systemd timer will run the update task as specified by the interval option. @@ -196,7 +196,7 @@ in interval = mkOption { type = str; default = "weekly"; - description = mdDoc '' + description = '' Specification (in the format described by systemd.time(7)) of the time at which the LoTW user update will occur. ''; @@ -206,7 +206,7 @@ in enable = mkOption { type = bool; default = true; - description = mdDoc '' + description = '' Whether to periodically update the DOK resource file. If enabled, a systemd timer will run the update task as specified by the interval option. ''; @@ -214,7 +214,7 @@ in interval = mkOption { type = str; default = "monthly"; - description = mdDoc '' + description = '' Specification (in the format described by systemd.time(7)) of the time at which the DOK update will occur. ''; @@ -224,7 +224,7 @@ in enable = mkOption { type = bool; default = true; - description = mdDoc '' + description = '' Whether to periodically update the Clublog SCP database. If enabled, a systemd timer will run the update task as specified by the interval option. @@ -233,7 +233,7 @@ in interval = mkOption { type = str; default = "monthly"; - description = mdDoc '' + description = '' Specification (in the format described by systemd.time(7)) of the time at which the Clublog SCP update will occur. ''; @@ -243,7 +243,7 @@ in enable = mkOption { type = bool; default = true; - description = mdDoc '' + description = '' Whether to periodically update the WWFF database. If enabled, a systemd timer will run the update task as specified by the interval option. @@ -252,7 +252,7 @@ in interval = mkOption { type = str; default = "monthly"; - description = mdDoc '' + description = '' Specification (in the format described by systemd.time(7)) of the time at which the WWFF update will occur. ''; @@ -262,7 +262,7 @@ in enable = mkOption { type = bool; default = true; - description = mdDoc '' + description = '' Whether to periodically upload logs to QRZ. If enabled, a systemd timer will run the update task as specified by the interval option. ''; @@ -270,7 +270,7 @@ in interval = mkOption { type = str; default = "daily"; - description = mdDoc '' + description = '' Specification (in the format described by systemd.time(7)) of the time at which the QRZ upload will occur. ''; @@ -280,7 +280,7 @@ in enable = mkOption { type = bool; default = true; - description = mdDoc '' + description = '' Whether to periodically update the SOTA database. If enabled, a systemd timer will run the update task as specified by the interval option. ''; @@ -288,7 +288,7 @@ in interval = mkOption { type = str; default = "monthly"; - description = mdDoc '' + description = '' Specification (in the format described by systemd.time(7)) of the time at which the SOTA update will occur. ''; diff --git a/nixpkgs/nixos/modules/services/web-apps/code-server.nix b/nixpkgs/nixos/modules/services/web-apps/code-server.nix index d087deb7848d..abb5be50d353 100644 --- a/nixpkgs/nixos/modules/services/web-apps/code-server.nix +++ b/nixpkgs/nixos/modules/services/web-apps/code-server.nix @@ -7,7 +7,7 @@ let in { options = { services.code-server = { - enable = lib.mkEnableOption (lib.mdDoc "code-server"); + enable = lib.mkEnableOption "code-server"; package = lib.mkPackageOptionMD pkgs "code-server" { example = '' @@ -23,7 +23,7 @@ in { extraPackages = lib.mkOption { default = [ ]; - description = lib.mdDoc '' + description = '' Additional packages to add to the code-server {env}`PATH`. ''; example = lib.literalExpression "[ pkgs.go ]"; @@ -32,7 +32,7 @@ in { extraEnvironment = lib.mkOption { type = lib.types.attrsOf lib.types.str; - description = lib.mdDoc '' + description = '' Additional environment variables to pass to code-server. ''; default = { }; @@ -41,7 +41,7 @@ in { extraArguments = lib.mkOption { default = [ ]; - description = lib.mdDoc '' + description = '' Additional arguments to pass to code-server. ''; example = lib.literalExpression ''[ "--log=info" ]''; @@ -50,7 +50,7 @@ in { host = lib.mkOption { default = "localhost"; - description = lib.mdDoc '' + description = '' The host name or IP address the server should listen to. ''; type = lib.types.str; @@ -58,7 +58,7 @@ in { port = lib.mkOption { default = 4444; - description = lib.mdDoc '' + description = '' The port the server should listen to. ''; type = lib.types.port; @@ -66,7 +66,7 @@ in { auth = lib.mkOption { default = "password"; - description = lib.mdDoc '' + description = '' The type of authentication to use. ''; type = lib.types.enum [ "none" "password" ]; @@ -74,7 +74,7 @@ in { hashedPassword = lib.mkOption { default = ""; - description = lib.mdDoc '' + description = '' Create the password with: `echo -n 'thisismypassword' | npx argon2-cli -e`. ''; type = lib.types.str; @@ -83,7 +83,7 @@ in { user = lib.mkOption { default = defaultUser; example = "yourUser"; - description = lib.mdDoc '' + description = '' The user to run code-server as. By default, a user named `${defaultUser}` will be created. ''; @@ -93,7 +93,7 @@ in { group = lib.mkOption { default = defaultGroup; example = "yourGroup"; - description = lib.mdDoc '' + description = '' The group to run code-server under. By default, a group named `${defaultGroup}` will be created. ''; @@ -102,7 +102,7 @@ in { extraGroups = lib.mkOption { default = [ ]; - description = lib.mdDoc '' + description = '' An array of additional groups for the `${defaultUser}` user. ''; example = [ "docker" ]; @@ -112,7 +112,7 @@ in { socket = lib.mkOption { default = null; example = "/run/code-server/socket"; - description = lib.mdDoc '' + description = '' Path to a socket (bind-addr will be ignored). ''; type = lib.types.nullOr lib.types.str; @@ -120,7 +120,7 @@ in { socketMode = lib.mkOption { default = null; - description = lib.mdDoc '' + description = '' File mode of the socket. ''; type = lib.types.nullOr lib.types.str; @@ -128,7 +128,7 @@ in { userDataDir = lib.mkOption { default = null; - description = lib.mdDoc '' + description = '' Path to the user data directory. ''; type = lib.types.nullOr lib.types.str; @@ -136,7 +136,7 @@ in { extensionsDir = lib.mkOption { default = null; - description = lib.mdDoc '' + description = '' Path to the extensions directory. ''; type = lib.types.nullOr lib.types.str; @@ -145,7 +145,7 @@ in { proxyDomain = lib.mkOption { default = null; example = "code-server.lan"; - description = lib.mdDoc '' + description = '' Domain used for proxying ports. ''; type = lib.types.nullOr lib.types.str; @@ -154,7 +154,7 @@ in { disableTelemetry = lib.mkOption { default = false; example = true; - description = lib.mdDoc '' + description = '' Disable telemetry. ''; type = lib.types.bool; @@ -163,7 +163,7 @@ in { disableUpdateCheck = lib.mkOption { default = false; example = true; - description = lib.mdDoc '' + description = '' Disable update check. Without this flag, code-server checks every 6 hours against the latest github release and then notifies you once every week that a new release is available. @@ -174,7 +174,7 @@ in { disableFileDownloads = lib.mkOption { default = false; example = true; - description = lib.mdDoc '' + description = '' Disable file downloads from Code. ''; type = lib.types.bool; @@ -183,7 +183,7 @@ in { disableWorkspaceTrust = lib.mkOption { default = false; example = true; - description = lib.mdDoc '' + description = '' Disable Workspace Trust feature. ''; type = lib.types.bool; @@ -192,7 +192,7 @@ in { disableGettingStartedOverride = lib.mkOption { default = false; example = true; - description = lib.mdDoc '' + description = '' Disable the coder/coder override in the Help: Getting Started page. ''; type = lib.types.bool; diff --git a/nixpkgs/nixos/modules/services/web-apps/coder.nix b/nixpkgs/nixos/modules/services/web-apps/coder.nix index 0f5cb2c3c689..5450adbe118d 100644 --- a/nixpkgs/nixos/modules/services/web-apps/coder.nix +++ b/nixpkgs/nixos/modules/services/web-apps/coder.nix @@ -8,12 +8,12 @@ let in { options = { services.coder = { - enable = mkEnableOption (lib.mdDoc "Coder service"); + enable = mkEnableOption "Coder service"; user = mkOption { type = types.str; default = "coder"; - description = lib.mdDoc '' + description = '' User under which the coder service runs. ::: {.note} @@ -26,7 +26,7 @@ in { group = mkOption { type = types.str; default = "coder"; - description = lib.mdDoc '' + description = '' Group under which the coder service runs. ::: {.note} @@ -40,7 +40,7 @@ in { homeDir = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Home directory for coder user. ''; default = "/var/lib/coder"; @@ -48,7 +48,7 @@ in { listenAddress = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Listen address. ''; default = "127.0.0.1:3000"; @@ -56,7 +56,7 @@ in { accessUrl = mkOption { type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' Access URL should be a external IP address or domain with DNS records pointing to Coder. ''; default = null; @@ -65,18 +65,35 @@ in { wildcardAccessUrl = mkOption { type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' If you are providing TLS certificates directly to the Coder server, you must use a single certificate for the root and wildcard domains. ''; default = null; example = "*.coder.example.com"; }; + environment = { + extra = mkOption { + type = types.attrs; + description = "Extra environment variables to pass run Coder's server with. See Coder documentation."; + default = {}; + example = { + CODER_OAUTH2_GITHUB_ALLOW_SIGNUPS = true; + CODER_OAUTH2_GITHUB_ALLOWED_ORGS = "your-org"; + }; + }; + file = mkOption { + type = types.nullOr types.path; + description = "Systemd environment file to add to Coder."; + default = null; + }; + }; + database = { createLocally = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Create the database and database user locally. ''; }; @@ -84,7 +101,7 @@ in { host = mkOption { type = types.str; default = "/run/postgresql"; - description = lib.mdDoc '' + description = '' Hostname hosting the database. ''; }; @@ -92,7 +109,7 @@ in { database = mkOption { type = types.str; default = "coder"; - description = lib.mdDoc '' + description = '' Name of database. ''; }; @@ -100,7 +117,7 @@ in { username = mkOption { type = types.str; default = "coder"; - description = lib.mdDoc '' + description = '' Username for accessing the database. ''; }; @@ -108,7 +125,7 @@ in { password = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Password for accessing the database. ''; }; @@ -116,7 +133,7 @@ in { sslmode = mkOption { type = types.nullOr types.str; default = "disable"; - description = lib.mdDoc '' + description = '' Password for accessing the database. ''; }; @@ -124,7 +141,7 @@ in { tlsCert = mkOption { type = types.nullOr types.path; - description = lib.mdDoc '' + description = '' The path to the TLS certificate. ''; default = null; @@ -132,7 +149,7 @@ in { tlsKey = mkOption { type = types.nullOr types.path; - description = lib.mdDoc '' + description = '' The path to the TLS key. ''; default = null; @@ -152,7 +169,7 @@ in { after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - environment = { + environment = cfg.environment.extra // { CODER_ACCESS_URL = cfg.accessUrl; CODER_WILDCARD_ACCESS_URL = cfg.wildcardAccessUrl; CODER_PG_CONNECTION_URL = "user=${cfg.database.username} ${optionalString (cfg.database.password != null) "password=${cfg.database.password}"} database=${cfg.database.database} host=${cfg.database.host} ${optionalString (cfg.database.sslmode != null) "sslmode=${cfg.database.sslmode}"}"; @@ -177,6 +194,7 @@ in { ExecStart = "${cfg.package}/bin/coder server"; User = cfg.user; Group = cfg.group; + EnvironmentFile = lib.mkIf (cfg.environment.file != null) cfg.environment.file; }; }; @@ -205,4 +223,5 @@ in { }; }; }; + meta.maintainers = pkgs.coder.meta.maintainers; } diff --git a/nixpkgs/nixos/modules/services/web-apps/convos.nix b/nixpkgs/nixos/modules/services/web-apps/convos.nix index cd9f9d885d69..da5f7cbf724f 100644 --- a/nixpkgs/nixos/modules/services/web-apps/convos.nix +++ b/nixpkgs/nixos/modules/services/web-apps/convos.nix @@ -7,23 +7,23 @@ let in { options.services.convos = { - enable = mkEnableOption (lib.mdDoc "Convos"); + enable = mkEnableOption "Convos"; listenPort = mkOption { type = types.port; default = 3000; example = 8080; - description = lib.mdDoc "Port the web interface should listen on"; + description = "Port the web interface should listen on"; }; listenAddress = mkOption { type = types.str; default = "*"; example = "127.0.0.1"; - description = lib.mdDoc "Address or host the web interface should listen on"; + description = "Address or host the web interface should listen on"; }; reverseProxy = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enables reverse proxy support. This will allow Convos to automatically pick up the `X-Forwarded-For` and `X-Request-Base` HTTP headers set in your reverse proxy diff --git a/nixpkgs/nixos/modules/services/web-apps/crabfit.nix b/nixpkgs/nixos/modules/services/web-apps/crabfit.nix new file mode 100644 index 000000000000..d58027a6965d --- /dev/null +++ b/nixpkgs/nixos/modules/services/web-apps/crabfit.nix @@ -0,0 +1,171 @@ +{ + config, + lib, + pkgs, + ... +}: + +let + inherit (lib) + literalExpression + mkEnableOption + mkIf + mkOption + mkPackageOption + ; + + inherit (lib.types) + attrsOf + package + port + str + ; + + cfg = config.services.crabfit; +in + +{ + options.services.crabfit = { + enable = mkEnableOption "Crab Fit, a meeting scheduler based on peoples' availability"; + + frontend = { + package = mkPackageOption pkgs "crabfit-frontend" { }; + + finalDrv = mkOption { + readOnly = true; + type = package; + default = cfg.frontend.package.override { + api_url = "https://${cfg.api.host}"; + frontend_url = cfg.frontend.host; + }; + + defaultText = literalExpression '' + cfg.package.override { + api_url = "https://''${cfg.api.host}"; + frontend_url = cfg.frontend.host; + }; + ''; + + description = '' + The patched frontend, using the correct urls for the API and frontend. + ''; + }; + + environment = mkOption { + type = attrsOf str; + default = { }; + description = '' + Environment variables for the crabfit frontend. + ''; + }; + + host = mkOption { + type = str; + description = '' + The hostname of the frontend. + ''; + }; + + port = mkOption { + type = port; + default = 3001; + description = '' + The internal listening port of the frontend. + ''; + }; + }; + + api = { + package = mkPackageOption pkgs "crabfit-api" { }; + + environment = mkOption { + type = attrsOf str; + default = { }; + description = '' + Environment variables for the crabfit API. + ''; + }; + + host = mkOption { + type = str; + description = '' + The hostname of the API. + ''; + }; + + port = mkOption { + type = port; + default = 3000; + description = '' + The internal listening port of the API. + ''; + }; + }; + }; + + config = mkIf cfg.enable { + systemd.services = { + crabfit-api = { + description = "The API for Crab Fit."; + + wantedBy = [ "multi-user.target" ]; + after = [ "postgresql.service" ]; + + serviceConfig = { + # TODO: harden + ExecStart = lib.getExe cfg.api.package; + User = "crabfit"; + }; + + environment = { + API_LISTEN = "127.0.0.1:${builtins.toString cfg.api.port}"; + DATABASE_URL = "postgres:///crabfit?host=/run/postgresql"; + FRONTEND_URL = "https://${cfg.frontend.host}"; + } // cfg.api.environment; + }; + + crabfit-frontend = { + description = "The frontend for Crab Fit."; + + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + # TODO: harden + CacheDirectory = "crabfit"; + DynamicUser = true; + ExecStart = "${lib.getExe pkgs.nodejs} standalone/server.js"; + WorkingDirectory = cfg.frontend.finalDrv; + }; + + environment = { + NEXT_PUBLIC_API_URL = "https://${cfg.api.host}"; + PORT = builtins.toString cfg.frontend.port; + } // cfg.frontend.environment; + }; + }; + + users = { + groups.crabfit = { }; + + users.crabfit = { + group = "crabfit"; + isSystemUser = true; + }; + }; + + services = { + postgresql = { + enable = true; + + ensureDatabases = [ "crabfit" ]; + + ensureUsers = [ + { + name = "crabfit"; + ensureDBOwnership = true; + } + ]; + }; + }; + }; +} diff --git a/nixpkgs/nixos/modules/services/web-apps/davis.md b/nixpkgs/nixos/modules/services/web-apps/davis.md new file mode 100644 index 000000000000..9775d8221b5b --- /dev/null +++ b/nixpkgs/nixos/modules/services/web-apps/davis.md @@ -0,0 +1,32 @@ +# Davis {#module-services-davis} + +[Davis](https://github.com/tchapi/davis/) is a caldav and carrddav server. It +has a simple, fully translatable admin interface for sabre/dav based on Symfony +5 and Bootstrap 5, initially inspired by Baïkal. + +## Basic Usage {#module-services-davis-basic-usage} + +At first, an application secret is needed, this can be generated with: +```ShellSession +$ cat /dev/urandom | tr -dc a-zA-Z0-9 | fold -w 48 | head -n 1 +``` + +After that, `davis` can be deployed like this: +``` +{ + services.davis = { + enable = true; + hostname = "davis.example.com"; + mail = { + dsn = "smtp://username@example.com:25"; + inviteFromAddress = "davis@example.com"; + }; + adminLogin = "admin"; + adminPasswordFile = "/run/secrets/davis-admin-password"; + appSecretFile = "/run/secrets/davis-app-secret"; + nginx = {}; + }; +} +``` + +This deploys Davis using a sqlite database running out of `/var/lib/davis`. diff --git a/nixpkgs/nixos/modules/services/web-apps/davis.nix b/nixpkgs/nixos/modules/services/web-apps/davis.nix new file mode 100644 index 000000000000..d9b28020dc2d --- /dev/null +++ b/nixpkgs/nixos/modules/services/web-apps/davis.nix @@ -0,0 +1,554 @@ +{ + config, + lib, + pkgs, + ... +}: + +let + cfg = config.services.davis; + db = cfg.database; + mail = cfg.mail; + + mysqlLocal = db.createLocally && db.driver == "mysql"; + pgsqlLocal = db.createLocally && db.driver == "postgresql"; + + user = cfg.user; + group = cfg.group; + + isSecret = v: lib.isAttrs v && v ? _secret && (lib.isString v._secret || builtins.isPath v._secret); + davisEnvVars = lib.generators.toKeyValue { + mkKeyValue = lib.flip lib.generators.mkKeyValueDefault "=" { + mkValueString = + v: + if builtins.isInt v then + toString v + else if lib.isString v then + "\"${v}\"" + else if true == v then + "true" + else if false == v then + "false" + else if null == v then + "" + else if isSecret v then + if (lib.isString v._secret) then + builtins.hashString "sha256" v._secret + else + builtins.hashString "sha256" (builtins.readFile v._secret) + else + throw "unsupported type ${builtins.typeOf v}: ${(lib.generators.toPretty { }) v}"; + }; + }; + secretPaths = lib.mapAttrsToList (_: v: v._secret) (lib.filterAttrs (_: isSecret) cfg.config); + mkSecretReplacement = file: '' + replace-secret ${ + lib.escapeShellArgs [ + ( + if (lib.isString file) then + builtins.hashString "sha256" file + else + builtins.hashString "sha256" (builtins.readFile file) + ) + file + "${cfg.dataDir}/.env.local" + ] + } + ''; + secretReplacements = lib.concatMapStrings mkSecretReplacement secretPaths; + filteredConfig = lib.converge (lib.filterAttrsRecursive ( + _: v: + !lib.elem v [ + { } + null + ] + )) cfg.config; + davisEnv = pkgs.writeText "davis.env" (davisEnvVars filteredConfig); +in +{ + options.services.davis = { + enable = lib.mkEnableOption "Davis is a caldav and carddav server"; + + user = lib.mkOption { + default = "davis"; + description = "User davis runs as."; + type = lib.types.str; + }; + + group = lib.mkOption { + default = "davis"; + description = "Group davis runs as."; + type = lib.types.str; + }; + + package = lib.mkPackageOption pkgs "davis" { }; + + dataDir = lib.mkOption { + type = lib.types.path; + default = "/var/lib/davis"; + description = '' + Davis data directory. + ''; + }; + + hostname = lib.mkOption { + type = lib.types.str; + example = "davis.yourdomain.org"; + description = '' + Domain of the host to serve davis under. You may want to change it if you + run Davis on a different URL than davis.yourdomain. + ''; + }; + + config = lib.mkOption { + type = lib.types.attrsOf ( + lib.types.nullOr ( + lib.types.either + (lib.types.oneOf [ + lib.types.bool + lib.types.int + lib.types.port + lib.types.path + lib.types.str + ]) + ( + lib.types.submodule { + options = { + _secret = lib.mkOption { + type = lib.types.nullOr ( + lib.types.oneOf [ + lib.types.str + lib.types.path + ] + ); + description = '' + The path to a file containing the value the + option should be set to in the final + configuration file. + ''; + }; + }; + } + ) + ) + ); + default = { }; + + example = ''''; + description = ''''; + }; + + adminLogin = lib.mkOption { + type = lib.types.str; + default = "root"; + description = '' + Username for the admin account. + ''; + }; + adminPasswordFile = lib.mkOption { + type = lib.types.path; + description = '' + The full path to a file that contains the admin's password. Must be + readable by the user. + ''; + example = "/run/secrets/davis-admin-pass"; + }; + + appSecretFile = lib.mkOption { + type = lib.types.path; + description = '' + A file containing the Symfony APP_SECRET - Its value should be a series + of characters, numbers and symbols chosen randomly and the recommended + length is around 32 characters. Can be generated with <code>cat + /dev/urandom | tr -dc a-zA-Z0-9 | fold -w 48 | head -n 1</code>. + ''; + example = "/run/secrets/davis-appsecret"; + }; + + database = { + driver = lib.mkOption { + type = lib.types.enum [ + "sqlite" + "postgresql" + "mysql" + ]; + default = "sqlite"; + description = "Database type, required in all circumstances."; + }; + urlFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; + default = null; + example = "/run/secrets/davis-db-url"; + description = '' + A file containing the database connection url. If set then it + overrides all other database settings (except driver). This is + mandatory if you want to use an external database, that is when + `services.davis.database.createLocally` is `false`. + ''; + }; + name = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = "davis"; + description = "Database name, only used when the databse is created locally."; + }; + createLocally = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Create the database and database user locally."; + }; + }; + + mail = { + dsn = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Mail DSN for sending emails. Mutually exclusive with `services.davis.mail.dsnFile`."; + example = "smtp://username:password@example.com:25"; + }; + dsnFile = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + example = "/run/secrets/davis-mail-dsn"; + description = "A file containing the mail DSN for sending emails. Mutually exclusive with `servies.davis.mail.dsn`."; + }; + inviteFromAddress = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Email address to send invitations from."; + example = "no-reply@dav.example.com"; + }; + }; + + nginx = lib.mkOption { + type = lib.types.submodule ( + lib.recursiveUpdate (import ../web-servers/nginx/vhost-options.nix { inherit config lib; }) { } + ); + default = null; + example = '' + { + serverAliases = [ + "dav.''${config.networking.domain}" + ]; + # To enable encryption and let let's encrypt take care of certificate + forceSSL = true; + enableACME = true; + } + ''; + description = '' + With this option, you can customize the nginx virtualHost settings. + ''; + }; + + poolConfig = lib.mkOption { + type = lib.types.attrsOf ( + lib.types.oneOf [ + lib.types.str + lib.types.int + lib.types.bool + ] + ); + default = { + "pm" = "dynamic"; + "pm.max_children" = 32; + "pm.start_servers" = 2; + "pm.min_spare_servers" = 2; + "pm.max_spare_servers" = 4; + "pm.max_requests" = 500; + }; + description = '' + Options for the davis PHP pool. See the documentation on <literal>php-fpm.conf</literal> + for details on configuration directives. + ''; + }; + }; + + config = + let + defaultServiceConfig = { + ReadWritePaths = "${cfg.dataDir}"; + User = user; + UMask = 77; + DeviceAllow = ""; + LockPersonality = true; + NoNewPrivileges = true; + PrivateDevices = true; + PrivateTmp = true; + PrivateUsers = true; + ProcSubset = "pid"; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectProc = "invisible"; + ProtectSystem = "strict"; + RemoveIPC = true; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + SystemCallArchitectures = "native"; + SystemCallFilter = [ + "@system-service" + "~@resources" + "~@privileged" + ]; + WorkingDirectory = "${cfg.package}/"; + }; + in + lib.mkIf cfg.enable { + assertions = [ + { + assertion = db.createLocally -> db.urlFile == null; + message = "services.davis.database.urlFile must be unset if services.davis.database.createLocally is set true."; + } + { + assertion = db.createLocally || db.urlFile != null; + message = "One of services.davis.database.urlFile or services.davis.database.createLocally must be set."; + } + { + assertion = (mail.dsn != null) != (mail.dsnFile != null); + message = "One of (and only one of) services.davis.mail.dsn or services.davis.mail.dsnFile must be set."; + } + ]; + services.davis.config = + { + APP_ENV = "prod"; + APP_CACHE_DIR = "${cfg.dataDir}/var/cache"; + # note: we do not need the log dir (we log to stdout/journald), by davis/symfony will try to create it, and the default value is one in the nix-store + # so we set it to a path under dataDir to avoid something like: Unable to create the "logs" directory (/nix/store/5cfskz0ybbx37s1161gjn5klwb5si1zg-davis-4.4.1/var/log). + APP_LOG_DIR = "${cfg.dataDir}/var/log"; + LOG_FILE_PATH = "/dev/stdout"; + DATABASE_DRIVER = db.driver; + INVITE_FROM_ADDRESS = mail.inviteFromAddress; + APP_SECRET._secret = cfg.appSecretFile; + ADMIN_LOGIN = cfg.adminLogin; + ADMIN_PASSWORD._secret = cfg.adminPasswordFile; + APP_TIMEZONE = config.time.timeZone; + WEBDAV_ENABLED = false; + CALDAV_ENABLED = true; + CARDDAV_ENABLED = true; + } + // (if mail.dsn != null then { MAILER_DSN = mail.dsn; } else { MAILER_DSN._secret = mail.dsnFile; }) + // ( + if db.createLocally then + { + DATABASE_URL = + if db.driver == "sqlite" then + "sqlite:///${cfg.dataDir}/davis.db" # note: sqlite needs 4 slashes for an absolute path + else if + pgsqlLocal + # note: davis expects a non-standard postgres uri (due to the underlying doctrine library) + # specifically the dummy hostname which is overriden by the host query parameter + then + "postgres://${user}@localhost/${db.name}?host=/run/postgresql" + else if mysqlLocal then + "mysql://${user}@localhost/${db.name}?socket=/run/mysqld/mysqld.sock" + else + null; + } + else + { DATABASE_URL._secret = db.urlFile; } + ); + + users = { + users = lib.mkIf (user == "davis") { + davis = { + description = "Davis service user"; + group = cfg.group; + isSystemUser = true; + home = cfg.dataDir; + }; + }; + groups = lib.mkIf (group == "davis") { davis = { }; }; + }; + + systemd.tmpfiles.rules = [ + "d ${cfg.dataDir} 0710 ${user} ${group} - -" + "d ${cfg.dataDir}/var 0700 ${user} ${group} - -" + "d ${cfg.dataDir}/var/log 0700 ${user} ${group} - -" + "d ${cfg.dataDir}/var/cache 0700 ${user} ${group} - -" + ]; + + services.phpfpm.pools.davis = { + inherit user group; + phpOptions = '' + log_errors = on + ''; + phpEnv = { + ENV_DIR = "${cfg.dataDir}"; + APP_CACHE_DIR = "${cfg.dataDir}/var/cache"; + APP_LOG_DIR = "${cfg.dataDir}/var/log"; + }; + settings = + { + "listen.mode" = "0660"; + "pm" = "dynamic"; + "pm.max_children" = 256; + "pm.start_servers" = 10; + "pm.min_spare_servers" = 5; + "pm.max_spare_servers" = 20; + } + // ( + if cfg.nginx != null then + { + "listen.owner" = config.services.nginx.user; + "listen.group" = config.services.nginx.group; + } + else + { } + ) + // cfg.poolConfig; + }; + + # Reading the user-provided secret files requires root access + systemd.services.davis-env-setup = { + description = "Setup davis environment"; + before = [ + "phpfpm-davis.service" + "davis-db-migrate.service" + ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + path = [ pkgs.replace-secret ]; + restartTriggers = [ + cfg.package + davisEnv + ]; + script = '' + # error handling + set -euo pipefail + # create .env file with the upstream values + install -T -m 0600 -o ${user} ${cfg.package}/env-upstream "${cfg.dataDir}/.env" + # create .env.local file with the user-provided values + install -T -m 0600 -o ${user} ${davisEnv} "${cfg.dataDir}/.env.local" + ${secretReplacements} + ''; + }; + + systemd.services.davis-db-migrate = { + description = "Migrate davis database"; + before = [ "phpfpm-davis.service" ]; + after = + lib.optional mysqlLocal "mysql.service" + ++ lib.optional pgsqlLocal "postgresql.service" + ++ [ "davis-env-setup.service" ]; + requires = + lib.optional mysqlLocal "mysql.service" + ++ lib.optional pgsqlLocal "postgresql.service" + ++ [ "davis-env-setup.service" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = defaultServiceConfig // { + Type = "oneshot"; + RemainAfterExit = true; + Environment = [ + "ENV_DIR=${cfg.dataDir}" + "APP_CACHE_DIR=${cfg.dataDir}/var/cache" + "APP_LOG_DIR=${cfg.dataDir}/var/log" + ]; + EnvironmentFile = "${cfg.dataDir}/.env.local"; + }; + restartTriggers = [ + cfg.package + davisEnv + ]; + script = '' + set -euo pipefail + ${cfg.package}/bin/console cache:clear --no-debug + ${cfg.package}/bin/console cache:warmup --no-debug + ${cfg.package}/bin/console doctrine:migrations:migrate + ''; + }; + + systemd.services.phpfpm-davis.after = [ + "davis-env-setup.service" + "davis-db-migrate.service" + ]; + systemd.services.phpfpm-davis.requires = [ + "davis-env-setup.service" + "davis-db-migrate.service" + ] ++ lib.optional mysqlLocal "mysql.service" ++ lib.optional pgsqlLocal "postgresql.service"; + systemd.services.phpfpm-davis.serviceConfig.ReadWritePaths = [ cfg.dataDir ]; + + services.nginx = lib.mkIf (cfg.nginx != null) { + enable = lib.mkDefault true; + virtualHosts = { + "${cfg.hostname}" = lib.mkMerge [ + cfg.nginx + { + root = lib.mkForce "${cfg.package}/public"; + extraConfig = '' + charset utf-8; + index index.php; + ''; + locations = { + "/" = { + extraConfig = '' + try_files $uri $uri/ /index.php$is_args$args; + ''; + }; + "~* ^/.well-known/(caldav|carddav)$" = { + extraConfig = '' + return 302 $http_x_forwarded_proto://$host/dav/; + ''; + }; + "~ ^(.+\.php)(.*)$" = { + extraConfig = '' + try_files $fastcgi_script_name =404; + include ${config.services.nginx.package}/conf/fastcgi_params; + include ${config.services.nginx.package}/conf/fastcgi.conf; + fastcgi_pass unix:${config.services.phpfpm.pools.davis.socket}; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_split_path_info ^(.+\.php)(.*)$; + fastcgi_param X-Forwarded-Proto $http_x_forwarded_proto; + fastcgi_param X-Forwarded-Port $http_x_forwarded_port; + ''; + }; + "~ /(\\.ht)" = { + extraConfig = '' + deny all; + return 404; + ''; + }; + }; + } + ]; + }; + }; + + services.mysql = lib.mkIf mysqlLocal { + enable = true; + package = lib.mkDefault pkgs.mariadb; + ensureDatabases = [ db.name ]; + ensureUsers = [ + { + name = user; + ensurePermissions = { + "${db.name}.*" = "ALL PRIVILEGES"; + }; + } + ]; + }; + + services.postgresql = lib.mkIf pgsqlLocal { + enable = true; + ensureDatabases = [ db.name ]; + ensureUsers = [ + { + name = user; + ensureDBOwnership = true; + } + ]; + }; + }; + + meta = { + doc = ./davis.md; + maintainers = pkgs.davis.meta.maintainers; + }; +} diff --git a/nixpkgs/nixos/modules/services/web-apps/dex.nix b/nixpkgs/nixos/modules/services/web-apps/dex.nix index 0c4a71c6dfe4..7fbbd8a0c284 100644 --- a/nixpkgs/nixos/modules/services/web-apps/dex.nix +++ b/nixpkgs/nixos/modules/services/web-apps/dex.nix @@ -19,12 +19,12 @@ let in { options.services.dex = { - enable = mkEnableOption (lib.mdDoc "the OpenID Connect and OAuth2 identity provider"); + enable = mkEnableOption "the OpenID Connect and OAuth2 identity provider"; environmentFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Environment file (see `systemd.exec(5)` "EnvironmentFile=" section for the syntax) to define variables for dex. This option can be used to safely include secret keys into the dex configuration. @@ -56,7 +56,7 @@ in ]; } ''; - description = lib.mdDoc '' + description = '' The available options can be found in [the example configuration](https://github.com/dexidp/dex/blob/v${pkgs.dex-oidc.version}/config.yaml.dist). diff --git a/nixpkgs/nixos/modules/services/web-apps/discourse.nix b/nixpkgs/nixos/modules/services/web-apps/discourse.nix index da1dba7d940b..849a03be8bc8 100644 --- a/nixpkgs/nixos/modules/services/web-apps/discourse.nix +++ b/nixpkgs/nixos/modules/services/web-apps/discourse.nix @@ -26,7 +26,7 @@ in { options = { services.discourse = { - enable = lib.mkEnableOption (lib.mdDoc "Discourse, an open source discussion platform"); + enable = lib.mkEnableOption "Discourse, an open source discussion platform"; package = lib.mkOption { type = lib.types.package; @@ -35,7 +35,7 @@ in plugins = lib.unique (p.enabledPlugins ++ cfg.plugins); }; defaultText = lib.literalExpression "pkgs.discourse"; - description = lib.mdDoc '' + description = '' The discourse package to use. ''; }; @@ -45,7 +45,7 @@ in default = config.networking.fqdnOrHostName; defaultText = lib.literalExpression "config.networking.fqdnOrHostName"; example = "discourse.example.com"; - description = lib.mdDoc '' + description = '' The hostname to serve Discourse on. ''; }; @@ -54,7 +54,7 @@ in type = with lib.types; nullOr path; default = null; example = "/run/keys/secret_key_base"; - description = lib.mdDoc '' + description = '' The path to a file containing the `secret_key_base` secret. @@ -78,7 +78,7 @@ in type = with lib.types; nullOr path; default = null; example = "/run/keys/ssl.cert"; - description = lib.mdDoc '' + description = '' The path to the server SSL certificate. Set this to enable SSL. ''; @@ -88,7 +88,7 @@ in type = with lib.types; nullOr path; default = null; example = "/run/keys/ssl.key"; - description = lib.mdDoc '' + description = '' The path to the server SSL certificate key. Set this to enable SSL. ''; @@ -101,7 +101,7 @@ in `true`, unless {option}`services.discourse.sslCertificate` and {option}`services.discourse.sslCertificateKey` are set. ''; - description = lib.mdDoc '' + description = '' Whether an ACME certificate should be used to secure connections to the server. ''; @@ -118,7 +118,7 @@ in max_reqs_per_ip_mode = "warn+block"; }; ''; - description = lib.mdDoc '' + description = '' Additional settings to put in the {file}`discourse.conf` file. @@ -147,7 +147,7 @@ in }; }; ''; - description = lib.mdDoc '' + description = '' Discourse site settings. These are the settings that can be changed from the UI. This only defines their default values: they can still be overridden from the UI. @@ -175,7 +175,7 @@ in skipCreate = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Do not create the admin account, instead rely on other existing admin accounts. ''; @@ -184,7 +184,7 @@ in email = lib.mkOption { type = lib.types.str; example = "admin@example.com"; - description = lib.mdDoc '' + description = '' The admin user email address. ''; }; @@ -192,21 +192,21 @@ in username = lib.mkOption { type = lib.types.str; example = "admin"; - description = lib.mdDoc '' + description = '' The admin user username. ''; }; fullName = lib.mkOption { type = lib.types.str; - description = lib.mdDoc '' + description = '' The admin user's full name. ''; }; passwordFile = lib.mkOption { type = lib.types.path; - description = lib.mdDoc '' + description = '' A path to a file containing the admin user's password. This should be a string, not a nix path, since nix paths are @@ -218,7 +218,7 @@ in nginx.enable = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether an `nginx` virtual host should be set up to serve Discourse. Only disable if you're planning to use a different web server, which is not recommended. @@ -229,7 +229,7 @@ in pool = lib.mkOption { type = lib.types.int; default = 8; - description = lib.mdDoc '' + description = '' Database connection pool size. ''; }; @@ -237,7 +237,7 @@ in host = lib.mkOption { type = with lib.types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Discourse database hostname. `null` means “prefer local unix socket connection”. ''; @@ -246,7 +246,7 @@ in passwordFile = lib.mkOption { type = with lib.types; nullOr path; default = null; - description = lib.mdDoc '' + description = '' File containing the Discourse database user password. This should be a string, not a nix path, since nix paths are @@ -257,7 +257,7 @@ in createLocally = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether a database should be automatically created on the local host. Set this to `false` if you plan on provisioning a local database yourself. This has no effect @@ -268,7 +268,7 @@ in name = lib.mkOption { type = lib.types.str; default = "discourse"; - description = lib.mdDoc '' + description = '' Discourse database name. ''; }; @@ -276,7 +276,7 @@ in username = lib.mkOption { type = lib.types.str; default = "discourse"; - description = lib.mdDoc '' + description = '' Discourse database user. ''; }; @@ -284,7 +284,7 @@ in ignorePostgresqlVersion = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to allow other versions of PostgreSQL than the recommended one. Only effective when {option}`services.discourse.database.createLocally` @@ -297,7 +297,7 @@ in host = lib.mkOption { type = lib.types.str; default = "localhost"; - description = lib.mdDoc '' + description = '' Redis server hostname. ''; }; @@ -305,7 +305,7 @@ in passwordFile = lib.mkOption { type = with lib.types; nullOr path; default = null; - description = lib.mdDoc '' + description = '' File containing the Redis password. This should be a string, not a nix path, since nix paths are @@ -316,7 +316,7 @@ in dbNumber = lib.mkOption { type = lib.types.int; default = 0; - description = lib.mdDoc '' + description = '' Redis database number. ''; }; @@ -325,7 +325,7 @@ in type = lib.types.bool; default = cfg.redis.host != "localhost"; defaultText = lib.literalExpression ''config.${opt.redis.host} != "localhost"''; - description = lib.mdDoc '' + description = '' Connect to Redis with SSL. ''; }; @@ -338,7 +338,7 @@ in defaultText = lib.literalExpression '' "''${if config.services.discourse.mail.incoming.enable then "notifications" else "noreply"}@''${config.services.discourse.hostname}" ''; - description = lib.mdDoc '' + description = '' The `from:` email address used when sending all essential system emails. The domain specified here must have SPF, DKIM and reverse PTR records set @@ -349,7 +349,7 @@ in contactEmailAddress = lib.mkOption { type = lib.types.str; default = ""; - description = lib.mdDoc '' + description = '' Email address of key contact responsible for this site. Used for critical notifications, as well as on the `/about` contact form for urgent matters. @@ -360,7 +360,7 @@ in serverAddress = lib.mkOption { type = lib.types.str; default = "localhost"; - description = lib.mdDoc '' + description = '' The address of the SMTP server Discourse should use to send email. ''; @@ -369,7 +369,7 @@ in port = lib.mkOption { type = lib.types.port; default = 25; - description = lib.mdDoc '' + description = '' The port of the SMTP server Discourse should use to send email. ''; @@ -378,7 +378,7 @@ in username = lib.mkOption { type = with lib.types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' The username of the SMTP server. ''; }; @@ -386,7 +386,7 @@ in passwordFile = lib.mkOption { type = lib.types.nullOr lib.types.path; default = null; - description = lib.mdDoc '' + description = '' A file containing the password of the SMTP server account. This should be a string, not a nix path, since nix paths @@ -398,7 +398,7 @@ in type = lib.types.str; default = cfg.hostname; defaultText = lib.literalExpression "config.${opt.hostname}"; - description = lib.mdDoc '' + description = '' HELO domain to use for outgoing mail. ''; }; @@ -406,7 +406,7 @@ in authentication = lib.mkOption { type = with lib.types; nullOr (enum ["plain" "login" "cram_md5"]); default = null; - description = lib.mdDoc '' + description = '' Authentication type to use, see https://api.rubyonrails.org/classes/ActionMailer/Base.html ''; }; @@ -414,7 +414,7 @@ in enableStartTLSAuto = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to try to use StartTLS. ''; }; @@ -422,7 +422,7 @@ in opensslVerifyMode = lib.mkOption { type = lib.types.str; default = "peer"; - description = lib.mdDoc '' + description = '' How OpenSSL checks the certificate, see https://api.rubyonrails.org/classes/ActionMailer/Base.html ''; }; @@ -430,7 +430,7 @@ in forceTLS = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Force implicit TLS as per RFC 8314 3.3. ''; }; @@ -440,7 +440,7 @@ in enable = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to set up Postfix to receive incoming mail. ''; }; @@ -449,7 +449,7 @@ in type = lib.types.str; default = "%{reply_key}@${cfg.hostname}"; defaultText = lib.literalExpression ''"%{reply_key}@''${config.services.discourse.hostname}"''; - description = lib.mdDoc '' + description = '' Template for reply by email incoming email address, for example: %{reply_key}@reply.example.com or replies+%{reply_key}@example.com @@ -460,7 +460,7 @@ in type = lib.types.package; default = pkgs.discourse-mail-receiver; defaultText = lib.literalExpression "pkgs.discourse-mail-receiver"; - description = lib.mdDoc '' + description = '' The discourse-mail-receiver package to use. ''; }; @@ -468,7 +468,7 @@ in apiKeyFile = lib.mkOption { type = lib.types.nullOr lib.types.path; default = null; - description = lib.mdDoc '' + description = '' A file containing the Discourse API key used to add posts and messages from mail. If left at its default value `null`, one will be automatically @@ -490,7 +490,7 @@ in discourse-github ]; ''; - description = lib.mdDoc '' + description = '' Plugins to install as part of Discourse, expressed as a list of derivations. ''; }; @@ -498,7 +498,7 @@ in sidekiqProcesses = lib.mkOption { type = lib.types.int; default = 1; - description = lib.mdDoc '' + description = '' How many Sidekiq processes should be spawned. ''; }; @@ -506,7 +506,7 @@ in unicornTimeout = lib.mkOption { type = lib.types.int; default = 30; - description = lib.mdDoc '' + description = '' Time in seconds before a request to Unicorn times out. This can be raised if the system Discourse is running on is diff --git a/nixpkgs/nixos/modules/services/web-apps/documize.nix b/nixpkgs/nixos/modules/services/web-apps/documize.nix index 6f88b3f3c6d2..ab6d08f05992 100644 --- a/nixpkgs/nixos/modules/services/web-apps/documize.nix +++ b/nixpkgs/nixos/modules/services/web-apps/documize.nix @@ -12,12 +12,12 @@ let in { options.services.documize = { - enable = mkEnableOption (lib.mdDoc "Documize Wiki"); + enable = mkEnableOption "Documize Wiki"; stateDirectoryName = mkOption { type = types.str; default = "documize"; - description = lib.mdDoc '' + description = '' The name of the directory below {file}`/var/lib/private` where documize runs in and stores, for example, backups. ''; @@ -29,7 +29,7 @@ in { type = types.nullOr types.str; default = null; example = "3edIYV6c8B28b19fh"; - description = lib.mdDoc '' + description = '' The salt string used to encode JWT tokens, if not set a random value will be generated. ''; }; @@ -37,7 +37,7 @@ in { cert = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The {file}`cert.pem` file used for https. ''; }; @@ -45,7 +45,7 @@ in { key = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The {file}`key.pem` file used for https. ''; }; @@ -53,7 +53,7 @@ in { port = mkOption { type = types.port; default = 5001; - description = lib.mdDoc '' + description = '' The http/https port number. ''; }; @@ -61,7 +61,7 @@ in { forcesslport = mkOption { type = types.nullOr types.port; default = null; - description = lib.mdDoc '' + description = '' Redirect given http port number to TLS. ''; }; @@ -69,7 +69,7 @@ in { offline = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Set `true` for offline mode. ''; apply = v: if true == v then 1 else 0; @@ -78,14 +78,14 @@ in { dbtype = mkOption { type = types.enum [ "mysql" "percona" "mariadb" "postgresql" "sqlserver" ]; default = "postgresql"; - description = lib.mdDoc '' + description = '' Specify the database provider: `mysql`, `percona`, `mariadb`, `postgresql`, `sqlserver` ''; }; db = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Database specific connection string for example: - MySQL/Percona/MariaDB: `user:password@tcp(host:3306)/documize` @@ -102,7 +102,7 @@ in { location = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' reserved ''; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix b/nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix index 256ab3229ea6..c5ea809c8d59 100644 --- a/nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix +++ b/nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix @@ -91,13 +91,13 @@ let page = mkOption { type = types.str; - description = lib.mdDoc "Page or namespace to restrict"; + description = "Page or namespace to restrict"; example = "start"; }; actor = mkOption { type = types.str; - description = lib.mdDoc "User or group to restrict"; + description = "User or group to restrict"; example = "@external"; }; @@ -113,7 +113,7 @@ let in mkOption { type = types.enum ((attrValues available) ++ (attrNames available)); apply = x: if isInt x then x else available.${x}; - description = lib.mdDoc '' + description = '' Permission level to restrict the actor(s) to. See <https://www.dokuwiki.org/acl#background_info> for explanation ''; @@ -126,14 +126,14 @@ let { options = { - enable = mkEnableOption (lib.mdDoc "DokuWiki web application"); + enable = mkEnableOption "DokuWiki web application"; package = mkPackageOption pkgs "dokuwiki" { }; stateDir = mkOption { type = types.path; default = "/var/lib/dokuwiki/${name}/data"; - description = lib.mdDoc "Location of the DokuWiki state directory."; + description = "Location of the DokuWiki state directory."; }; acl = mkOption { @@ -153,7 +153,7 @@ let } ] ''; - description = lib.mdDoc '' + description = '' Access Control Lists: see <https://www.dokuwiki.org/acl> Mutually exclusive with services.dokuwiki.aclFile Set this to a value other than null to take precedence over aclFile option. @@ -166,7 +166,7 @@ let aclFile = mkOption { type = with types; nullOr str; default = if (config.mergedConfig.useacl && config.acl == null) then "/var/lib/dokuwiki/${name}/acl.auth.php" else null; - description = lib.mdDoc '' + description = '' Location of the dokuwiki acl rules. Mutually exclusive with services.dokuwiki.acl Mutually exclusive with services.dokuwiki.acl which is preferred. Consult documentation <https://www.dokuwiki.org/acl> for further instructions. @@ -183,7 +183,7 @@ let authmysql = false; authpgsql = false; }; - description = lib.mdDoc '' + description = '' List of the dokuwiki (un)loaded plugins. ''; }; @@ -191,7 +191,7 @@ let usersFile = mkOption { type = with types; nullOr str; default = if config.mergedConfig.useacl then "/var/lib/dokuwiki/${name}/users.auth.php" else null; - description = lib.mdDoc '' + description = '' Location of the dokuwiki users file. List of users. Format: login:passwordhash:Real Name:email:groups,comma,separated @@ -208,7 +208,7 @@ let plugins = mkOption { type = types.listOf types.path; default = []; - description = lib.mdDoc '' + description = '' List of path(s) to respective plugin(s) which are copied from the 'plugin' directory. ::: {.note} @@ -235,7 +235,7 @@ let templates = mkOption { type = types.listOf types.path; default = []; - description = lib.mdDoc '' + description = '' List of path(s) to respective template(s) which are copied from the 'tpl' directory. ::: {.note} @@ -270,7 +270,7 @@ let "pm.max_spare_servers" = 4; "pm.max_requests" = 500; }; - description = lib.mdDoc '' + description = '' Options for the DokuWiki PHP pool. See the documentation on `php-fpm.conf` for details on configuration directives. ''; @@ -284,7 +284,7 @@ let phpOptions = mkOption { type = types.attrsOf types.str; default = {}; - description = lib.mdDoc '' + description = '' Options for PHP's php.ini file for this dokuwiki site. ''; example = literalExpression '' @@ -304,7 +304,7 @@ let useacl = true; superuser = "admin"; }; - description = lib.mdDoc '' + description = '' Structural DokuWiki configuration. Refer to <https://www.dokuwiki.org/config> for details and supported values. @@ -333,7 +333,7 @@ let useacl = true; } ''; - description = lib.mdDoc '' + description = '' Read only representation of the final configuration. ''; }; @@ -348,13 +348,13 @@ in sites = mkOption { type = types.attrsOf (types.submodule siteOpts); default = {}; - description = lib.mdDoc "Specification of one or more DokuWiki sites to serve"; + description = "Specification of one or more DokuWiki sites to serve"; }; webserver = mkOption { type = types.enum [ "nginx" "caddy" ]; default = "nginx"; - description = lib.mdDoc '' + description = '' Whether to use nginx or caddy for virtual host management. Further nginx configuration can be done by adapting `services.nginx.virtualHosts.<name>`. diff --git a/nixpkgs/nixos/modules/services/web-apps/dolibarr.nix b/nixpkgs/nixos/modules/services/web-apps/dolibarr.nix index 193be47ab9b2..3f9f853e3b25 100644 --- a/nixpkgs/nixos/modules/services/web-apps/dolibarr.nix +++ b/nixpkgs/nixos/modules/services/web-apps/dolibarr.nix @@ -48,14 +48,14 @@ in { # interface options.services.dolibarr = { - enable = mkEnableOption (lib.mdDoc "dolibarr"); + enable = mkEnableOption "dolibarr"; package = mkPackageOption pkgs "dolibarr" { }; domain = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc '' + description = '' Domain name of your server. ''; }; @@ -63,7 +63,7 @@ in user = mkOption { type = types.str; default = "dolibarr"; - description = lib.mdDoc '' + description = '' User account under which dolibarr runs. ::: {.note} @@ -77,7 +77,7 @@ in group = mkOption { type = types.str; default = "dolibarr"; - description = lib.mdDoc '' + description = '' Group account under which dolibarr runs. ::: {.note} @@ -91,7 +91,7 @@ in stateDir = mkOption { type = types.str; default = "/var/lib/dolibarr"; - description = lib.mdDoc '' + description = '' State and configuration directory dolibarr will use. ''; }; @@ -100,40 +100,40 @@ in host = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc "Database host address."; + description = "Database host address."; }; port = mkOption { type = types.port; default = 3306; - description = lib.mdDoc "Database host port."; + description = "Database host port."; }; name = mkOption { type = types.str; default = "dolibarr"; - description = lib.mdDoc "Database name."; + description = "Database name."; }; user = mkOption { type = types.str; default = "dolibarr"; - description = lib.mdDoc "Database username."; + description = "Database username."; }; passwordFile = mkOption { type = with types; nullOr path; default = null; example = "/run/keys/dolibarr-dbpassword"; - description = lib.mdDoc "Database password file."; + description = "Database password file."; }; createLocally = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Create the database and database user locally."; + description = "Create the database and database user locally."; }; }; settings = mkOption { type = with types; (attrsOf (oneOf [ bool int str ])); default = { }; - description = lib.mdDoc "Dolibarr settings, see <https://github.com/Dolibarr/dolibarr/blob/develop/htdocs/conf/conf.php.example> for details."; + description = "Dolibarr settings, see <https://github.com/Dolibarr/dolibarr/blob/develop/htdocs/conf/conf.php.example> for details."; }; nginx = mkOption { @@ -157,7 +157,7 @@ in enableACME = false; } ''; - description = lib.mdDoc '' + description = '' With this option, you can customize an nginx virtual host which already has sensible defaults for Dolibarr. Set to {} if you do not need any customization to the virtual host. If enabled, then by default, the {option}`serverName` is @@ -177,7 +177,7 @@ in "pm.max_spare_servers" = 4; "pm.max_requests" = 500; }; - description = lib.mdDoc '' + description = '' Options for the Dolibarr PHP pool. See the documentation on [`php-fpm.conf`](https://www.php.net/manual/en/install.fpm.configuration.php) for details on configuration directives. ''; diff --git a/nixpkgs/nixos/modules/services/web-apps/engelsystem.nix b/nixpkgs/nixos/modules/services/web-apps/engelsystem.nix index ae7b2b9e7d0c..fe815f0a9742 100644 --- a/nixpkgs/nixos/modules/services/web-apps/engelsystem.nix +++ b/nixpkgs/nixos/modules/services/web-apps/engelsystem.nix @@ -9,7 +9,7 @@ in { enable = mkOption { default = false; example = true; - description = lib.mdDoc '' + description = '' Whether to enable engelsystem, an online tool for coordinating volunteers and shifts on large events. ''; @@ -19,7 +19,7 @@ in { domain = mkOption { type = types.str; example = "engelsystem.example.com"; - description = lib.mdDoc "Domain to serve on."; + description = "Domain to serve on."; }; package = mkPackageOption pkgs "engelsystem" { }; @@ -27,7 +27,7 @@ in { createDatabase = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to create a local database automatically. This will override every database setting in {option}`services.engelsystem.config`. ''; @@ -65,7 +65,7 @@ in { min_password_length = 6; default_locale = "de_DE"; }; - description = lib.mdDoc '' + description = '' Options to be added to config.php, as a nix attribute set. Options containing secret data should be set to an attribute set containing the attribute _secret - a string pointing to a file containing the value the option should be set to. See the example to get a better diff --git a/nixpkgs/nixos/modules/services/web-apps/ethercalc.nix b/nixpkgs/nixos/modules/services/web-apps/ethercalc.nix index a38e89ec0de9..fd6c6e05a872 100644 --- a/nixpkgs/nixos/modules/services/web-apps/ethercalc.nix +++ b/nixpkgs/nixos/modules/services/web-apps/ethercalc.nix @@ -10,7 +10,7 @@ in { enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' ethercalc, an online collaborative spreadsheet server. Persistent state will be maintained under @@ -29,13 +29,13 @@ in { host = mkOption { type = types.str; default = "0.0.0.0"; - description = lib.mdDoc "Address to listen on (use 0.0.0.0 to allow access from any address)."; + description = "Address to listen on (use 0.0.0.0 to allow access from any address)."; }; port = mkOption { type = types.port; default = 8000; - description = lib.mdDoc "Port to bind to."; + description = "Port to bind to."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/firefly-iii.nix b/nixpkgs/nixos/modules/services/web-apps/firefly-iii.nix new file mode 100644 index 000000000000..b0024ce09c38 --- /dev/null +++ b/nixpkgs/nixos/modules/services/web-apps/firefly-iii.nix @@ -0,0 +1,367 @@ +{ pkgs, config, lib, ... }: + +let + inherit (lib) optionalString mkDefault mkIf mkOption mkEnableOption literalExpression; + inherit (lib.types) nullOr attrsOf oneOf str int bool path package enum submodule; + inherit (lib.strings) concatMapStringsSep removePrefix toShellVars removeSuffix hasSuffix; + inherit (lib.attrsets) attrValues genAttrs filterAttrs mapAttrs' nameValuePair; + inherit (builtins) isInt isString toString typeOf; + + cfg = config.services.firefly-iii; + + user = cfg.user; + group = cfg.group; + + defaultUser = "firefly-iii"; + defaultGroup = "firefly-iii"; + + artisan = "${cfg.package}/artisan"; + + env-file-values = mapAttrs' (n: v: nameValuePair (removeSuffix "_FILE" n) v) + (filterAttrs (n: v: hasSuffix "_FILE" n) cfg.settings); + env-nonfile-values = filterAttrs (n: v: ! hasSuffix "_FILE" n) cfg.settings; + + envfile = pkgs.writeText "firefly-iii-env" '' + ${toShellVars env-file-values} + ${toShellVars env-nonfile-values} + ''; + + fileenv-func = '' + cp --no-preserve=mode ${envfile} /tmp/firefly-iii-env + ${concatMapStringsSep "\n" + (n: "${pkgs.replace-secret}/bin/replace-secret ${n} ${n} /tmp/firefly-iii-env") + (attrValues env-file-values)} + set -a + . /tmp/firefly-iii-env + set +a + ''; + + firefly-iii-maintenance = pkgs.writeShellScript "firefly-iii-maintenance.sh" '' + ${fileenv-func} + + ${optionalString (cfg.settings.DB_CONNECTION == "sqlite") + "touch ${cfg.dataDir}/storage/database/database.sqlite"} + ${artisan} migrate --seed --no-interaction --force + ${artisan} firefly-iii:decrypt-all + ${artisan} firefly-iii:upgrade-database + ${artisan} firefly-iii:correct-database + ${artisan} firefly-iii:report-integrity + ${artisan} firefly-iii:laravel-passport-keys + ${artisan} cache:clear + + mv /tmp/firefly-iii-env /run/phpfpm/firefly-iii-env + ''; + + commonServiceConfig = { + Type = "oneshot"; + User = user; + Group = group; + StateDirectory = "${removePrefix "/var/lib/" cfg.dataDir}"; + WorkingDirectory = cfg.package; + PrivateTmp = true; + PrivateDevices = true; + CapabilityBoundingSet = ""; + AmbientCapabilities = ""; + ProtectSystem = "strict"; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectControlGroups = true; + ProtectClock = true; + ProtectHostname = true; + ProtectHome = "tmpfs"; + ProtectKernelLogs = true; + ProtectProc = "invisible"; + ProcSubset = "pid"; + PrivateNetwork = false; + RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX"; + SystemCallArchitectures = "native"; + SystemCallFilter = [ + "@system-service @resources" + "~@obsolete @privileged" + ]; + RestrictSUIDSGID = true; + RemoveIPC = true; + NoNewPrivileges = true; + RestrictRealtime = true; + RestrictNamespaces = true; + LockPersonality = true; + PrivateUsers = true; + }; + +in { + + options.services.firefly-iii = { + + enable = mkEnableOption "Firefly III: A free and open source personal finance manager"; + + user = mkOption { + type = str; + default = defaultUser; + description = "User account under which firefly-iii runs."; + }; + + group = mkOption { + type = str; + default = if cfg.enableNginx then "nginx" else defaultGroup; + defaultText = "If `services.firefly-iii.enableNginx` is true then `nginx` else ${defaultGroup}"; + description = '' + Group under which firefly-iii runs. It is best to set this to the group + of whatever webserver is being used as the frontend. + ''; + }; + + dataDir = mkOption { + type = path; + default = "/var/lib/firefly-iii"; + description = '' + The place where firefly-iii stores its state. + ''; + }; + + package = mkOption { + type = package; + default = pkgs.firefly-iii; + defaultText = literalExpression "pkgs.firefly-iii"; + description = '' + The firefly-iii package served by php-fpm and the webserver of choice. + This option can be used to point the webserver to the correct root. It + may also be used to set the package to a different version, say a + development version. + ''; + apply = firefly-iii : firefly-iii.override (prev: { + dataDir = cfg.dataDir; + }); + }; + + enableNginx = mkOption { + type = bool; + default = false; + description = '' + Whether to enable nginx or not. If enabled, an nginx virtual host will + be created for access to firefly-iii. If not enabled, then you may use + `''${config.services.firefly-iii.package}` as your document root in + whichever webserver you wish to setup. + ''; + }; + + virtualHost = mkOption { + type = str; + description = '' + The hostname at which you wish firefly-iii to be served. If you have + enabled nginx using `services.firefly-iii.enableNginx` then this will + be used. + ''; + }; + + poolConfig = mkOption { + type = attrsOf (oneOf [ str int bool ]); + default = { + "pm" = "dynamic"; + "pm.max_children" = 32; + "pm.start_servers" = 2; + "pm.min_spare_servers" = 2; + "pm.max_spare_servers" = 4; + "pm.max_requests" = 500; + }; + description = '' + Options for the Firefly III PHP pool. See the documentation on <literal>php-fpm.conf</literal> + for details on configuration directives. + ''; + }; + + settings = mkOption { + description = '' + Options for firefly-iii configuration. Refer to + <https://github.com/firefly-iii/firefly-iii/blob/main/.env.example> for + details on supported values. All <option>_FILE values supported by + upstream are supported here. + + APP_URL will be set by `services.firefly-iii.virtualHost`, do not + redefine it here. + ''; + example = literalExpression '' + { + APP_ENV = "production"; + APP_KEY_FILE = "/var/secrets/firefly-iii-app-key.txt"; + SITE_OWNER = "mail@example.com"; + DB_CONNECTION = "mysql"; + DB_HOST = "db"; + DB_PORT = 3306; + DB_DATABASE = "firefly"; + DB_USERNAME = "firefly"; + DB_PASSWORD_FILE = "/var/secrets/firefly-iii-mysql-password.txt; + } + ''; + default = {}; + type = submodule { + freeformType = attrsOf (oneOf [str int bool]); + options = { + DB_CONNECTION = mkOption { + type = enum [ "sqlite" "pgsql" "mysql" ]; + default = "sqlite"; + example = "pgsql"; + description = '' + The type of database you wish to use. Can be one of "sqlite", + "mysql" or "pgsql". + ''; + }; + APP_ENV = mkOption { + type = enum [ "local" "production" "testing" ]; + default = "local"; + example = "production"; + description = '' + The app environment. It is recommended to keep this at "local". + Possible values are "local", "production" and "testing" + ''; + }; + DB_PORT = mkOption { + type = nullOr int; + default = if cfg.settings.DB_CONNECTION == "sqlite" then null + else if cfg.settings.DB_CONNECTION == "mysql" then 3306 + else 5432; + defaultText = '' + `null` if DB_CONNECTION is "sqlite", `3306` if "mysql", `5432` if "pgsql" + ''; + description = '' + The port your database is listening at. sqlite does not require + this value to be filled. + ''; + }; + APP_KEY_FILE = mkOption { + type = path; + description = '' + The path to your appkey. The file should contain a 32 character + random app key. This may be set using `echo "base64:$(head -c 32 + /dev/urandom | base64)" > /path/to/key-file`. + ''; + }; + }; + }; + }; + }; + + config = mkIf cfg.enable { + + services.firefly-iii = { + settings = { + APP_URL = cfg.virtualHost; + }; + }; + + services.phpfpm.pools.firefly-iii = { + inherit user group; + phpPackage = cfg.package.phpPackage; + phpOptions = '' + log_errors = on + ''; + settings = { + "listen.mode" = "0660"; + "listen.owner" = user; + "listen.group" = group; + "clear_env" = "no"; + } // cfg.poolConfig; + }; + + systemd.services.phpfpm-firefly-iii.serviceConfig = { + EnvironmentFile = "/run/phpfpm/firefly-iii-env"; + ExecStartPost = "${pkgs.coreutils}/bin/rm /run/phpfpm/firefly-iii-env"; + }; + + systemd.services.firefly-iii-setup = { + requiredBy = [ "phpfpm-firefly-iii.service" ]; + before = [ "phpfpm-firefly-iii.service" ]; + serviceConfig = { + ExecStart = firefly-iii-maintenance; + RuntimeDirectory = "phpfpm"; + RuntimeDirectoryPreserve = true; + } // commonServiceConfig; + unitConfig.JoinsNamespaceOf = "phpfpm-firefly-iii.service"; + }; + + systemd.services.firefly-iii-cron = { + description = "Daily Firefly III cron job"; + script = '' + ${fileenv-func} + ${artisan} firefly-iii:cron + ''; + serviceConfig = commonServiceConfig; + }; + + systemd.timers.firefly-iii-cron = { + description = "Trigger Firefly Cron"; + timerConfig = { + OnCalendar = "Daily"; + RandomizedDelaySec = "1800s"; + Persistent = true; + }; + wantedBy = [ "timers.target" ]; + }; + + services.nginx = mkIf cfg.enableNginx { + enable = true; + recommendedTlsSettings = mkDefault true; + recommendedOptimisation = mkDefault true; + recommendedGzipSettings = mkDefault true; + virtualHosts.${cfg.virtualHost} = { + root = "${cfg.package}/public"; + locations = { + "/" = { + tryFiles = "$uri $uri/ /index.php?$query_string"; + index = "index.php"; + extraConfig = '' + sendfile off; + ''; + }; + "~ \.php$" = { + extraConfig = '' + include ${config.services.nginx.package}/conf/fastcgi_params ; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice + fastcgi_pass unix:${config.services.phpfpm.pools.firefly-iii.socket}; + ''; + }; + }; + }; + }; + + systemd.tmpfiles.settings."10-firefly-iii" = genAttrs [ + "${cfg.dataDir}/storage" + "${cfg.dataDir}/storage/app" + "${cfg.dataDir}/storage/database" + "${cfg.dataDir}/storage/export" + "${cfg.dataDir}/storage/framework" + "${cfg.dataDir}/storage/framework/cache" + "${cfg.dataDir}/storage/framework/sessions" + "${cfg.dataDir}/storage/framework/views" + "${cfg.dataDir}/storage/logs" + "${cfg.dataDir}/storage/upload" + "${cfg.dataDir}/cache" + ] (n: { + d = { + group = group; + mode = "0700"; + user = user; + }; + }) // { + "${cfg.dataDir}".d = { + group = group; + mode = "0710"; + user = user; + }; + }; + + users = { + users = mkIf (user == defaultUser) { + ${defaultUser} = { + description = "Firefly-iii service user"; + inherit group; + isSystemUser = true; + home = cfg.dataDir; + }; + }; + groups = mkIf (group == defaultGroup) { + ${defaultGroup} = {}; + }; + }; + }; +} diff --git a/nixpkgs/nixos/modules/services/web-apps/fluidd.nix b/nixpkgs/nixos/modules/services/web-apps/fluidd.nix index 1d9b56f5ccf2..f30127dd17ad 100644 --- a/nixpkgs/nixos/modules/services/web-apps/fluidd.nix +++ b/nixpkgs/nixos/modules/services/web-apps/fluidd.nix @@ -6,14 +6,14 @@ let in { options.services.fluidd = { - enable = mkEnableOption (lib.mdDoc "Fluidd, a Klipper web interface for managing your 3d printer"); + enable = mkEnableOption "Fluidd, a Klipper web interface for managing your 3d printer"; package = mkPackageOption pkgs "fluidd" { }; hostName = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc "Hostname to serve fluidd on"; + description = "Hostname to serve fluidd on"; }; nginx = mkOption { @@ -25,7 +25,7 @@ in serverAliases = [ "fluidd.''${config.networking.domain}" ]; } ''; - description = lib.mdDoc "Extra configuration for the nginx virtual host of fluidd."; + description = "Extra configuration for the nginx virtual host of fluidd."; }; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/freshrss.nix b/nixpkgs/nixos/modules/services/web-apps/freshrss.nix index edec9d547a30..77c5ecb24617 100644 --- a/nixpkgs/nixos/modules/services/web-apps/freshrss.nix +++ b/nixpkgs/nixos/modules/services/web-apps/freshrss.nix @@ -10,34 +10,34 @@ in meta.maintainers = with maintainers; [ etu stunkymonkey mattchrist ]; options.services.freshrss = { - enable = mkEnableOption (mdDoc "FreshRSS feed reader"); + enable = mkEnableOption "FreshRSS feed reader"; package = mkPackageOption pkgs "freshrss" { }; defaultUser = mkOption { type = types.str; default = "admin"; - description = mdDoc "Default username for FreshRSS."; + description = "Default username for FreshRSS."; example = "eva"; }; passwordFile = mkOption { type = types.nullOr types.path; default = null; - description = mdDoc "Password for the defaultUser for FreshRSS."; + description = "Password for the defaultUser for FreshRSS."; example = "/run/secrets/freshrss"; }; baseUrl = mkOption { type = types.str; - description = mdDoc "Default URL for FreshRSS."; + description = "Default URL for FreshRSS."; example = "https://freshrss.example.com"; }; language = mkOption { type = types.str; default = "en"; - description = mdDoc "Default language for FreshRSS."; + description = "Default language for FreshRSS."; example = "de"; }; @@ -45,46 +45,46 @@ in type = mkOption { type = types.enum [ "sqlite" "pgsql" "mysql" ]; default = "sqlite"; - description = mdDoc "Database type."; + description = "Database type."; example = "pgsql"; }; host = mkOption { type = types.nullOr types.str; default = "localhost"; - description = mdDoc "Database host for FreshRSS."; + description = "Database host for FreshRSS."; }; port = mkOption { type = types.nullOr types.port; default = null; - description = mdDoc "Database port for FreshRSS."; + description = "Database port for FreshRSS."; example = 3306; }; user = mkOption { type = types.nullOr types.str; default = "freshrss"; - description = mdDoc "Database user for FreshRSS."; + description = "Database user for FreshRSS."; }; passFile = mkOption { type = types.nullOr types.path; default = null; - description = mdDoc "Database password file for FreshRSS."; + description = "Database password file for FreshRSS."; example = "/run/secrets/freshrss"; }; name = mkOption { type = types.nullOr types.str; default = "freshrss"; - description = mdDoc "Database name for FreshRSS."; + description = "Database name for FreshRSS."; }; tableprefix = mkOption { type = types.nullOr types.str; default = null; - description = mdDoc "Database table prefix for FreshRSS."; + description = "Database table prefix for FreshRSS."; example = "freshrss"; }; }; @@ -92,14 +92,14 @@ in dataDir = mkOption { type = types.str; default = "/var/lib/freshrss"; - description = mdDoc "Default data folder for FreshRSS."; + description = "Default data folder for FreshRSS."; example = "/mnt/freshrss"; }; virtualHost = mkOption { type = types.nullOr types.str; default = "freshrss"; - description = mdDoc '' + description = '' Name of the nginx virtualhost to use and setup. If null, do not setup any virtualhost. ''; }; @@ -107,7 +107,7 @@ in pool = mkOption { type = types.str; default = poolName; - description = mdDoc '' + description = '' Name of the phpfpm pool to use and setup. If not specified, a pool will be created with default values. ''; @@ -116,13 +116,13 @@ in user = mkOption { type = types.str; default = "freshrss"; - description = lib.mdDoc "User under which FreshRSS runs."; + description = "User under which FreshRSS runs."; }; authType = mkOption { type = types.enum [ "form" "http_auth" "none" ]; default = "form"; - description = mdDoc "Authentication type for FreshRSS."; + description = "Authentication type for FreshRSS."; }; }; @@ -268,11 +268,11 @@ in script = let - userScriptArgs = ''--user ${cfg.defaultUser} --password "$(cat ${cfg.passwordFile})"''; - updateUserScript = optionalString (cfg.authType == "form") '' + userScriptArgs = ''--user ${cfg.defaultUser} ${optionalString (cfg.authType == "form") ''--password "$(cat ${cfg.passwordFile})"''}''; + updateUserScript = optionalString (cfg.authType == "form" || cfg.authType == "none") '' ./cli/update-user.php ${userScriptArgs} ''; - createUserScript = optionalString (cfg.authType == "form") '' + createUserScript = optionalString (cfg.authType == "form" || cfg.authType == "none") '' ./cli/create-user.php ${userScriptArgs} ''; in diff --git a/nixpkgs/nixos/modules/services/web-apps/galene.nix b/nixpkgs/nixos/modules/services/web-apps/galene.nix index 28d4069ec385..32854e757ac3 100644 --- a/nixpkgs/nixos/modules/services/web-apps/galene.nix +++ b/nixpkgs/nixos/modules/services/web-apps/galene.nix @@ -12,12 +12,12 @@ in { options = { services.galene = { - enable = mkEnableOption (lib.mdDoc "Galene Service"); + enable = mkEnableOption "Galene Service"; stateDir = mkOption { default = defaultstateDir; type = types.str; - description = lib.mdDoc '' + description = '' The directory where Galene stores its internal state. If left as the default value this directory will automatically be created before the Galene server starts, otherwise the sysadmin is responsible for ensuring the directory @@ -28,19 +28,19 @@ in user = mkOption { type = types.str; default = "galene"; - description = lib.mdDoc "User account under which galene runs."; + description = "User account under which galene runs."; }; group = mkOption { type = types.str; default = "galene"; - description = lib.mdDoc "Group under which galene runs."; + description = "Group under which galene runs."; }; insecure = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether Galene should listen in http or in https. If left as the default value (false), Galene needs to be fed a private key and a certificate. ''; @@ -50,7 +50,7 @@ in type = types.nullOr types.str; default = null; example = "/path/to/your/cert.pem"; - description = lib.mdDoc '' + description = '' Path to the server's certificate. The file is copied at runtime to Galene's data directory where it needs to reside. ''; @@ -60,7 +60,7 @@ in type = types.nullOr types.str; default = null; example = "/path/to/your/key.pem"; - description = lib.mdDoc '' + description = '' Path to the server's private key. The file is copied at runtime to Galene's data directory where it needs to reside. ''; @@ -69,13 +69,13 @@ in httpAddress = mkOption { type = types.str; default = ""; - description = lib.mdDoc "HTTP listen address for galene."; + description = "HTTP listen address for galene."; }; httpPort = mkOption { type = types.port; default = 8443; - description = lib.mdDoc "HTTP listen port."; + description = "HTTP listen port."; }; staticDir = mkOption { @@ -83,7 +83,7 @@ in default = "${cfg.package.static}/static"; defaultText = literalExpression ''"''${package.static}/static"''; example = "/var/lib/galene/static"; - description = lib.mdDoc "Web server directory."; + description = "Web server directory."; }; recordingsDir = mkOption { @@ -91,7 +91,7 @@ in default = defaultrecordingsDir; defaultText = literalExpression ''"''${config.${opt.stateDir}}/recordings"''; example = "/var/lib/galene/recordings"; - description = lib.mdDoc "Recordings directory."; + description = "Recordings directory."; }; dataDir = mkOption { @@ -99,7 +99,7 @@ in default = defaultdataDir; defaultText = literalExpression ''"''${config.${opt.stateDir}}/data"''; example = "/var/lib/galene/data"; - description = lib.mdDoc "Data directory."; + description = "Data directory."; }; groupsDir = mkOption { @@ -107,7 +107,7 @@ in default = defaultgroupsDir; defaultText = literalExpression ''"''${config.${opt.stateDir}}/groups"''; example = "/var/lib/galene/groups"; - description = lib.mdDoc "Web server directory."; + description = "Web server directory."; }; package = mkPackageOption pkgs "galene" { }; diff --git a/nixpkgs/nixos/modules/services/web-apps/gerrit.nix b/nixpkgs/nixos/modules/services/web-apps/gerrit.nix index 5c62a7ebbd93..573c9d0d7dbb 100644 --- a/nixpkgs/nixos/modules/services/web-apps/gerrit.nix +++ b/nixpkgs/nixos/modules/services/web-apps/gerrit.nix @@ -59,7 +59,7 @@ in { options = { services.gerrit = { - enable = mkEnableOption (lib.mdDoc "Gerrit service"); + enable = mkEnableOption "Gerrit service"; package = mkPackageOption pkgs "gerrit" { }; @@ -71,13 +71,13 @@ in "-Dflogger.backend_factory=com.google.common.flogger.backend.log4j.Log4jBackendFactory#getInstance" "-Dflogger.logging_context=com.google.gerrit.server.logging.LoggingContext#getInstance" ]; - description = lib.mdDoc "A list of JVM options to start gerrit with."; + description = "A list of JVM options to start gerrit with."; }; jvmHeapLimit = mkOption { type = types.str; default = "1024m"; - description = lib.mdDoc '' + description = '' How much memory to allocate to the JVM heap ''; }; @@ -85,7 +85,7 @@ in listenAddress = mkOption { type = types.str; default = "[::]:8080"; - description = lib.mdDoc '' + description = '' `hostname:port` to listen for HTTP traffic. This is bound using the systemd socket activation. @@ -95,7 +95,7 @@ in settings = mkOption { type = gitIniType; default = {}; - description = lib.mdDoc '' + description = '' Gerrit configuration. This will be generated to the `etc/gerrit.config` file. ''; @@ -104,7 +104,7 @@ in replicationSettings = mkOption { type = gitIniType; default = {}; - description = lib.mdDoc '' + description = '' Replication configuration. This will be generated to the `etc/replication.config` file. ''; @@ -113,7 +113,7 @@ in plugins = mkOption { type = types.listOf types.package; default = []; - description = lib.mdDoc '' + description = '' List of plugins to add to Gerrit. Each derivation is a jar file itself where the name of the derivation is the name of plugin. ''; @@ -122,7 +122,7 @@ in builtinPlugins = mkOption { type = types.listOf (types.enum cfg.package.passthru.plugins); default = []; - description = lib.mdDoc '' + description = '' List of builtins plugins to install. Those are shipped in the `gerrit.war` file. ''; @@ -130,7 +130,7 @@ in serverId = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Set a UUID that uniquely identifies the server. This can be generated with diff --git a/nixpkgs/nixos/modules/services/web-apps/gotify-server.nix b/nixpkgs/nixos/modules/services/web-apps/gotify-server.nix index 8db3a8ef3e81..b700fd14ee52 100644 --- a/nixpkgs/nixos/modules/services/web-apps/gotify-server.nix +++ b/nixpkgs/nixos/modules/services/web-apps/gotify-server.nix @@ -7,11 +7,11 @@ let in { options = { services.gotify = { - enable = mkEnableOption (lib.mdDoc "Gotify webserver"); + enable = mkEnableOption "Gotify webserver"; port = mkOption { type = types.port; - description = lib.mdDoc '' + description = '' Port the server listens to. ''; }; @@ -19,7 +19,7 @@ in { stateDirectoryName = mkOption { type = types.str; default = "gotify-server"; - description = lib.mdDoc '' + description = '' The name of the directory below {file}`/var/lib` where gotify stores its runtime data. ''; diff --git a/nixpkgs/nixos/modules/services/web-apps/gotosocial.nix b/nixpkgs/nixos/modules/services/web-apps/gotosocial.nix index 657509c11005..aee1edf66a6a 100644 --- a/nixpkgs/nixos/modules/services/web-apps/gotosocial.nix +++ b/nixpkgs/nixos/modules/services/web-apps/gotosocial.nix @@ -27,17 +27,17 @@ let in { meta.doc = ./gotosocial.md; - meta.maintainers = with lib.maintainers; [ misuzu blakesmith ]; + meta.maintainers = with lib.maintainers; [ blakesmith ]; options.services.gotosocial = { - enable = lib.mkEnableOption (lib.mdDoc "ActivityPub social network server"); + enable = lib.mkEnableOption "ActivityPub social network server"; package = lib.mkPackageOption pkgs "gotosocial" { }; openFirewall = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Open the configured port in the firewall. Using a reverse proxy instead is highly recommended. ''; @@ -46,7 +46,7 @@ in setupPostgresqlDB = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to setup a local postgres database and populate the `db-type` fields in `services.gotosocial.settings`. ''; @@ -59,7 +59,7 @@ in application-name = "My GoToSocial"; host = "gotosocial.example.com"; }; - description = lib.mdDoc '' + description = '' Contents of the GoToSocial YAML config. Please refer to the @@ -73,7 +73,7 @@ in environmentFile = lib.mkOption { type = lib.types.nullOr lib.types.path; - description = lib.mdDoc '' + description = '' File path containing environment variables for configuring the GoToSocial service in the format of an EnvironmentFile as described by systemd.exec(5). diff --git a/nixpkgs/nixos/modules/services/web-apps/grocy.nix b/nixpkgs/nixos/modules/services/web-apps/grocy.nix index 858fd74279d0..eb4feb191aa5 100644 --- a/nixpkgs/nixos/modules/services/web-apps/grocy.nix +++ b/nixpkgs/nixos/modules/services/web-apps/grocy.nix @@ -6,13 +6,13 @@ let cfg = config.services.grocy; in { options.services.grocy = { - enable = mkEnableOption (lib.mdDoc "grocy"); + enable = mkEnableOption "grocy"; package = mkPackageOption pkgs "grocy" { }; hostName = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' FQDN for the grocy instance. ''; }; @@ -20,7 +20,7 @@ in { nginx.enableSSL = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether or not to enable SSL (with ACME and let's encrypt) for the grocy vhost. ''; @@ -41,7 +41,7 @@ in { "pm.max_requests" = "500"; }; - description = lib.mdDoc '' + description = '' Options for grocy's PHPFPM pool. ''; }; @@ -49,7 +49,7 @@ in { dataDir = mkOption { type = types.str; default = "/var/lib/grocy"; - description = lib.mdDoc '' + description = '' Home directory of the `grocy` user which contains the application's state. ''; @@ -60,7 +60,7 @@ in { type = types.str; default = "USD"; example = "EUR"; - description = lib.mdDoc '' + description = '' ISO 4217 code for the currency to display. ''; }; @@ -68,7 +68,7 @@ in { culture = mkOption { type = types.enum [ "de" "en" "da" "en_GB" "es" "fr" "hu" "it" "nl" "no" "pl" "pt_BR" "ru" "sk_SK" "sv_SE" "tr" ]; default = "en"; - description = lib.mdDoc '' + description = '' Display language of the frontend. ''; }; @@ -77,14 +77,14 @@ in { showWeekNumber = mkOption { default = true; type = types.bool; - description = lib.mdDoc '' + description = '' Show the number of the weeks in the calendar views. ''; }; firstDayOfWeek = mkOption { default = null; type = types.nullOr (types.enum (range 0 6)); - description = lib.mdDoc '' + description = '' Which day of the week (0=Sunday, 1=Monday etc.) should be the first day. ''; diff --git a/nixpkgs/nixos/modules/services/web-apps/guacamole-client.nix b/nixpkgs/nixos/modules/services/web-apps/guacamole-client.nix index 04d867c0a943..98a6cac34f3d 100644 --- a/nixpkgs/nixos/modules/services/web-apps/guacamole-client.nix +++ b/nixpkgs/nixos/modules/services/web-apps/guacamole-client.nix @@ -10,7 +10,7 @@ in { options = { services.guacamole-client = { - enable = lib.mkEnableOption (lib.mdDoc "Apache Guacamole Client (Tomcat)"); + enable = lib.mkEnableOption "Apache Guacamole Client (Tomcat)"; package = lib.mkPackageOption pkgs "guacamole-client" { }; settings = lib.mkOption { @@ -21,7 +21,7 @@ in guacd-hostname = "localhost"; guacd-port = 4822; }; - description = lib.mdDoc '' + description = '' Configuration written to `guacamole.properties`. ::: {.note} @@ -36,7 +36,7 @@ in enableWebserver = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc '' + description = '' Enable the Guacamole web application in a Tomcat webserver. ''; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/guacamole-server.nix b/nixpkgs/nixos/modules/services/web-apps/guacamole-server.nix index 71e80d8aad32..6f6d12e9939f 100644 --- a/nixpkgs/nixos/modules/services/web-apps/guacamole-server.nix +++ b/nixpkgs/nixos/modules/services/web-apps/guacamole-server.nix @@ -9,7 +9,7 @@ in { options = { services.guacamole-server = { - enable = lib.mkEnableOption (lib.mdDoc "Apache Guacamole Server (guacd)"); + enable = lib.mkEnableOption "Apache Guacamole Server (guacd)"; package = lib.mkPackageOption pkgs "guacamole-server" { }; extraEnvironment = lib.mkOption { @@ -20,12 +20,12 @@ in ENVIRONMENT = "production"; } ''; - description = lib.mdDoc "Environment variables to pass to guacd."; + description = "Environment variables to pass to guacd."; }; host = lib.mkOption { default = "127.0.0.1"; - description = lib.mdDoc '' + description = '' The host name or IP address the server should listen to. ''; type = lib.types.str; @@ -33,7 +33,7 @@ in port = lib.mkOption { default = 4822; - description = lib.mdDoc '' + description = '' The port the guacd server should listen to. ''; type = lib.types.port; @@ -43,7 +43,7 @@ in type = lib.types.nullOr lib.types.path; default = null; example = "/path/to/logback.xml"; - description = lib.mdDoc '' + description = '' Configuration file that correspond to `logback.xml`. ''; }; @@ -52,7 +52,7 @@ in type = lib.types.nullOr lib.types.path; default = null; example = "/path/to/user-mapping.xml"; - description = lib.mdDoc '' + description = '' Configuration file that correspond to `user-mapping.xml`. ''; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/healthchecks.nix b/nixpkgs/nixos/modules/services/web-apps/healthchecks.nix index 1d439f162313..5562b37e502c 100644 --- a/nixpkgs/nixos/modules/services/web-apps/healthchecks.nix +++ b/nixpkgs/nixos/modules/services/web-apps/healthchecks.nix @@ -26,8 +26,8 @@ let in { options.services.healthchecks = { - enable = mkEnableOption (lib.mdDoc "healthchecks") // { - description = lib.mdDoc '' + enable = mkEnableOption "healthchecks" // { + description = '' Enable healthchecks. It is expected to be run behind a HTTP reverse proxy. ''; @@ -38,7 +38,7 @@ in user = mkOption { default = defaultUser; type = types.str; - description = lib.mdDoc '' + description = '' User account under which healthchecks runs. ::: {.note} @@ -52,7 +52,7 @@ in group = mkOption { default = defaultUser; type = types.str; - description = lib.mdDoc '' + description = '' Group account under which healthchecks runs. ::: {.note} @@ -66,19 +66,19 @@ in listenAddress = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc "Address the server will listen on."; + description = "Address the server will listen on."; }; port = mkOption { type = types.port; default = 8000; - description = lib.mdDoc "Port the server will listen on."; + description = "Port the server will listen on."; }; dataDir = mkOption { type = types.str; default = "/var/lib/healthchecks"; - description = lib.mdDoc '' + description = '' The directory used to store all data for healthchecks. ::: {.note} @@ -90,7 +90,7 @@ in }; settings = lib.mkOption { - description = lib.mdDoc '' + description = '' Environment variables which are read by healthchecks `(local)_settings.py`. Settings which are explicitly covered in options below, are type-checked and/or transformed @@ -116,26 +116,26 @@ in ALLOWED_HOSTS = lib.mkOption { type = types.listOf types.str; default = [ "*" ]; - description = lib.mdDoc "The host/domain names that this site can serve."; + description = "The host/domain names that this site can serve."; apply = lib.concatStringsSep ","; }; SECRET_KEY_FILE = mkOption { type = types.path; - description = lib.mdDoc "Path to a file containing the secret key."; + description = "Path to a file containing the secret key."; }; DEBUG = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable debug mode."; + description = "Enable debug mode."; apply = boolToPython; }; REGISTRATION_OPEN = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' A boolean that controls whether site visitors can create new accounts. Set it to false if you are setting up a private Healthchecks instance, but it needs to be publicly accessible (so, for example, your cloud @@ -149,7 +149,7 @@ in DB = mkOption { type = types.enum [ "sqlite" "postgres" "mysql" ]; default = "sqlite"; - description = lib.mdDoc "Database engine to use."; + description = "Database engine to use."; }; DB_NAME = mkOption { @@ -163,7 +163,7 @@ in then "''${config.${opt.dataDir}}/healthchecks.sqlite" else "hc" ''; - description = lib.mdDoc "Database name."; + description = "Database name."; }; }; }); @@ -213,8 +213,7 @@ in preStart = '' ${pkg}/opt/healthchecks/manage.py collectstatic --no-input ${pkg}/opt/healthchecks/manage.py remove_stale_contenttypes --no-input - ${pkg}/opt/healthchecks/manage.py compress - ''; + '' + lib.optionalString (cfg.settings.DEBUG != "True") "${pkg}/opt/healthchecks/manage.py compress"; serviceConfig = commonConfig // { Restart = "always"; diff --git a/nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix b/nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix index 8b17c6cbc3be..919d870b3a2c 100644 --- a/nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix +++ b/nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: let - inherit (lib) mkOption types mdDoc literalExpression; + inherit (lib) mkOption types literalExpression; cfg = config.services.hedgedoc; @@ -34,7 +34,7 @@ in options.services.hedgedoc = { package = lib.mkPackageOption pkgs "hedgedoc" { }; - enable = lib.mkEnableOption (mdDoc "the HedgeDoc Markdown Editor"); + enable = lib.mkEnableOption "the HedgeDoc Markdown Editor"; settings = mkOption { type = types.submodule { @@ -44,7 +44,7 @@ in type = with types; nullOr str; default = null; example = "hedgedoc.org"; - description = mdDoc '' + description = '' Domain to use for website. This is useful if you are trying to run hedgedoc behind @@ -55,7 +55,7 @@ in type = with types; nullOr str; default = null; example = "hedgedoc"; - description = mdDoc '' + description = '' URL path for the website. This is useful if you are hosting hedgedoc on a path like @@ -65,7 +65,7 @@ in host = mkOption { type = with types; nullOr str; default = "localhost"; - description = mdDoc '' + description = '' Address to listen on. ''; }; @@ -73,7 +73,7 @@ in type = types.port; default = 3000; example = 80; - description = mdDoc '' + description = '' Port to listen on. ''; }; @@ -81,7 +81,7 @@ in type = with types; nullOr path; default = null; example = "/run/hedgedoc/hedgedoc.sock"; - description = mdDoc '' + description = '' Path to UNIX domain socket to listen on ::: {.note} @@ -93,7 +93,7 @@ in type = types.bool; default = false; example = true; - description = mdDoc '' + description = '' Use `https://` for all links. This is useful if you are trying to run hedgedoc behind @@ -111,7 +111,7 @@ in with config.services.hedgedoc.settings; [ host ] ++ lib.optionals (domain != null) [ domain ] ''; example = [ "localhost" "hedgedoc.org" ]; - description = mdDoc '' + description = '' List of domains to whitelist. ''; }; @@ -137,7 +137,7 @@ in dialect = "postgresql"; }; ''; - description = mdDoc '' + description = '' Specify the configuration for sequelize. HedgeDoc supports `mysql`, `postgres`, `sqlite` and `mssql`. See <https://sequelize.readthedocs.io/en/v3/> @@ -151,7 +151,7 @@ in useSSL = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Enable to use SSL server. ::: {.note} @@ -170,7 +170,7 @@ in type = types.path; default = "/var/lib/${name}/uploads"; defaultText = "/var/lib/hedgedoc/uploads"; - description = mdDoc '' + description = '' Directory for storing uploaded images. ''; }; @@ -180,7 +180,7 @@ in type = types.bool; default = false; example = true; - description = mdDoc '' + description = '' Whether to enable [Libravatar](https://wiki.libravatar.org/) as profile picture source on your instance. @@ -191,7 +191,7 @@ in }; }; - description = mdDoc '' + description = '' HedgeDoc configuration, see <https://docs.hedgedoc.org/configuration/> for documentation. @@ -202,7 +202,7 @@ in type = with types; nullOr path; default = null; example = "/var/lib/hedgedoc/hedgedoc.env"; - description = mdDoc '' + description = '' Environment file as defined in {manpage}`systemd.exec(5)`. Secrets may be passed to the service without adding them to the world-readable diff --git a/nixpkgs/nixos/modules/services/web-apps/hledger-web.nix b/nixpkgs/nixos/modules/services/web-apps/hledger-web.nix index be8ecc645e59..32d9df4e8458 100644 --- a/nixpkgs/nixos/modules/services/web-apps/hledger-web.nix +++ b/nixpkgs/nixos/modules/services/web-apps/hledger-web.nix @@ -5,14 +5,14 @@ let in { options.services.hledger-web = { - enable = mkEnableOption (lib.mdDoc "hledger-web service"); + enable = mkEnableOption "hledger-web service"; - serveApi = mkEnableOption (lib.mdDoc "serving only the JSON web API, without the web UI"); + serveApi = mkEnableOption "serving only the JSON web API, without the web UI"; host = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc '' + description = '' Address to listen on. ''; }; @@ -21,39 +21,28 @@ in { type = types.port; default = 5000; example = 80; - description = lib.mdDoc '' + description = '' Port to listen on. ''; }; - capabilities = { - view = mkOption { - type = types.bool; - default = true; - description = lib.mdDoc '' - Enable the view capability. - ''; - }; - add = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc '' - Enable the add capability. - ''; - }; - manage = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc '' - Enable the manage capability. - ''; - }; + allow = mkOption { + type = types.enum [ "view" "add" "edit" "sandstorm" ]; + default = "view"; + description = '' + User's access level for changing data. + + * view: view only permission. + * add: view and add permissions. + * edit: view, add, and edit permissions. + * sandstorm: permissions from the `X-Sandstorm-Permissions` request header. + ''; }; stateDir = mkOption { type = types.path; default = "/var/lib/hledger-web"; - description = lib.mdDoc '' + description = '' Path the service has access to. If left as the default value this directory will automatically be created before the hledger-web server starts, otherwise the sysadmin is responsible for ensuring the @@ -64,7 +53,7 @@ in { journalFiles = mkOption { type = types.listOf types.str; default = [ ".hledger.journal" ]; - description = lib.mdDoc '' + description = '' Paths to journal files relative to {option}`services.hledger-web.stateDir`. ''; }; @@ -73,7 +62,7 @@ in { type = with types; nullOr str; default = null; example = "https://example.org"; - description = lib.mdDoc '' + description = '' Base URL, when sharing over a network. ''; }; @@ -82,13 +71,18 @@ in { type = types.listOf types.str; default = []; example = [ "--forecast" ]; - description = lib.mdDoc '' + description = '' Extra command line arguments to pass to hledger-web. ''; }; }; + imports = [ + (mkRemovedOptionModule [ "services" "hledger-web" "capabilities" ] + "This option has been replaced by new option `services.hledger-web.allow`.") + ]; + config = mkIf cfg.enable { users.users.hledger = { @@ -102,16 +96,11 @@ in { users.groups.hledger = {}; systemd.services.hledger-web = let - capabilityString = with cfg.capabilities; concatStringsSep "," ( - (optional view "view") - ++ (optional add "add") - ++ (optional manage "manage") - ); serverArgs = with cfg; escapeShellArgs ([ "--serve" "--host=${host}" "--port=${toString port}" - "--capabilities=${capabilityString}" + "--allow=${allow}" (optionalString (cfg.baseUrl != null) "--base-url=${cfg.baseUrl}") (optionalString (cfg.serveApi) "--serve-api") ] ++ (map (f: "--file=${stateDir}/${f}") cfg.journalFiles) diff --git a/nixpkgs/nixos/modules/services/web-apps/honk.nix b/nixpkgs/nixos/modules/services/web-apps/honk.nix index eb270a661ecb..e6a446192122 100644 --- a/nixpkgs/nixos/modules/services/web-apps/honk.nix +++ b/nixpkgs/nixos/modules/services/web-apps/honk.nix @@ -21,12 +21,12 @@ in { options = { services.honk = { - enable = lib.mkEnableOption (lib.mdDoc "the Honk server"); + enable = lib.mkEnableOption "the Honk server"; package = lib.mkPackageOption pkgs "honk" { }; host = lib.mkOption { default = "127.0.0.1"; - description = lib.mdDoc '' + description = '' The host name or IP address the server should listen to. ''; type = lib.types.str; @@ -34,21 +34,21 @@ in port = lib.mkOption { default = 8080; - description = lib.mdDoc '' + description = '' The port the server should listen to. ''; type = lib.types.port; }; username = lib.mkOption { - description = lib.mdDoc '' + description = '' The admin account username. ''; type = lib.types.str; }; passwordFile = lib.mkOption { - description = lib.mdDoc '' + description = '' Password for admin account. NOTE: Should be string not a store path, to prevent the password from being world readable ''; @@ -56,7 +56,7 @@ in }; servername = lib.mkOption { - description = lib.mdDoc '' + description = '' The server name. ''; type = lib.types.str; @@ -64,7 +64,7 @@ in extraJS = lib.mkOption { default = null; - description = lib.mdDoc '' + description = '' An extra JavaScript file to be loaded by the client. ''; type = lib.types.nullOr lib.types.path; @@ -72,7 +72,7 @@ in extraCSS = lib.mkOption { default = null; - description = lib.mdDoc '' + description = '' An extra CSS file to be loaded by the client. ''; type = lib.types.nullOr lib.types.path; diff --git a/nixpkgs/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix b/nixpkgs/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix index 67d235ab4475..b9761061aaae 100644 --- a/nixpkgs/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix +++ b/nixpkgs/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix @@ -12,12 +12,12 @@ in { meta.maintainers = with maintainers; [ das_j ]; options.services.icingaweb2 = with types; { - enable = mkEnableOption (lib.mdDoc "the icingaweb2 web interface"); + enable = mkEnableOption "the icingaweb2 web interface"; pool = mkOption { type = str; default = poolName; - description = lib.mdDoc '' + description = '' Name of existing PHP-FPM pool that is used to run Icingaweb2. If not specified, a pool will automatically created with default values. ''; @@ -26,7 +26,7 @@ in { libraryPaths = mkOption { type = attrsOf package; default = { }; - description = lib.mdDoc '' + description = '' Libraries to add to the Icingaweb2 library path. The name of the attribute is the name of the library, the value is the package to add. @@ -36,7 +36,7 @@ in { virtualHost = mkOption { type = nullOr str; default = "icingaweb2"; - description = lib.mdDoc '' + description = '' Name of the nginx virtualhost to use and setup. If null, no virtualhost is set up. ''; }; @@ -45,15 +45,15 @@ in { type = str; default = "UTC"; example = "Europe/Berlin"; - description = lib.mdDoc "PHP-compliant timezone specification"; + description = "PHP-compliant timezone specification"; }; modules = { - doc.enable = mkEnableOption (lib.mdDoc "the icingaweb2 doc module"); - migrate.enable = mkEnableOption (lib.mdDoc "the icingaweb2 migrate module"); - setup.enable = mkEnableOption (lib.mdDoc "the icingaweb2 setup module"); - test.enable = mkEnableOption (lib.mdDoc "the icingaweb2 test module"); - translation.enable = mkEnableOption (lib.mdDoc "the icingaweb2 translation module"); + doc.enable = mkEnableOption "the icingaweb2 doc module"; + migrate.enable = mkEnableOption "the icingaweb2 migrate module"; + setup.enable = mkEnableOption "the icingaweb2 setup module"; + test.enable = mkEnableOption "the icingaweb2 test module"; + translation.enable = mkEnableOption "the icingaweb2 translation module"; }; modulePackages = mkOption { @@ -64,7 +64,7 @@ in { "snow" = icingaweb2Modules.theme-snow; } ''; - description = lib.mdDoc '' + description = '' Name-package attrset of Icingaweb 2 modules packages to enable. If you enable modules manually (e.g. via the web ui), they will not be touched. @@ -84,7 +84,7 @@ in { level = "CRITICAL"; }; }; - description = lib.mdDoc '' + description = '' config.ini contents. Will automatically be converted to a .ini file. If you don't set global.module_path, the module will take care of it. @@ -108,7 +108,7 @@ in { dbname = "icingaweb2"; }; }; - description = lib.mdDoc '' + description = '' resources.ini contents. Will automatically be converted to a .ini file. @@ -127,7 +127,7 @@ in { resource = "icingaweb_db"; }; }; - description = lib.mdDoc '' + description = '' authentication.ini contents. Will automatically be converted to a .ini file. @@ -145,7 +145,7 @@ in { resource = "icingaweb_db"; }; }; - description = lib.mdDoc '' + description = '' groups.ini contents. Will automatically be converted to a .ini file. @@ -163,7 +163,7 @@ in { permissions = "*"; }; }; - description = lib.mdDoc '' + description = '' roles.ini contents. Will automatically be converted to a .ini file. diff --git a/nixpkgs/nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix b/nixpkgs/nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix index 9a848870e9da..e9c1d4ffe5ea 100644 --- a/nixpkgs/nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix +++ b/nixpkgs/nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix @@ -34,50 +34,50 @@ in { enable = mkOption { type = bool; default = true; - description = lib.mdDoc "Whether to enable the icingaweb2 monitoring module."; + description = "Whether to enable the icingaweb2 monitoring module."; }; generalConfig = { mutable = mkOption { type = bool; default = false; - description = lib.mdDoc "Make config.ini of the monitoring module mutable (e.g. via the web interface)."; + description = "Make config.ini of the monitoring module mutable (e.g. via the web interface)."; }; protectedVars = mkOption { type = listOf str; default = [ "*pw*" "*pass*" "community" ]; - description = lib.mdDoc "List of string patterns for custom variables which should be excluded from user’s view."; + description = "List of string patterns for custom variables which should be excluded from user’s view."; }; }; mutableBackends = mkOption { type = bool; default = false; - description = lib.mdDoc "Make backends.ini of the monitoring module mutable (e.g. via the web interface)."; + description = "Make backends.ini of the monitoring module mutable (e.g. via the web interface)."; }; backends = mkOption { default = { icinga = { resource = "icinga_ido"; }; }; - description = lib.mdDoc "Monitoring backends to define"; + description = "Monitoring backends to define"; type = attrsOf (submodule ({ name, ... }: { options = { name = mkOption { visible = false; default = name; type = str; - description = lib.mdDoc "Name of this backend"; + description = "Name of this backend"; }; resource = mkOption { type = str; - description = lib.mdDoc "Name of the IDO resource"; + description = "Name of the IDO resource"; }; disabled = mkOption { type = bool; default = false; - description = lib.mdDoc "Disable this backend"; + description = "Disable this backend"; }; }; })); @@ -86,62 +86,62 @@ in { mutableTransports = mkOption { type = bool; default = true; - description = lib.mdDoc "Make commandtransports.ini of the monitoring module mutable (e.g. via the web interface)."; + description = "Make commandtransports.ini of the monitoring module mutable (e.g. via the web interface)."; }; transports = mkOption { default = {}; - description = lib.mdDoc "Command transports to define"; + description = "Command transports to define"; type = attrsOf (submodule ({ name, ... }: { options = { name = mkOption { visible = false; default = name; type = str; - description = lib.mdDoc "Name of this transport"; + description = "Name of this transport"; }; type = mkOption { type = enum [ "api" "local" "remote" ]; default = "api"; - description = lib.mdDoc "Type of this transport"; + description = "Type of this transport"; }; instance = mkOption { type = nullOr str; default = null; - description = lib.mdDoc "Assign a icinga instance to this transport"; + description = "Assign a icinga instance to this transport"; }; path = mkOption { type = str; - description = lib.mdDoc "Path to the socket for local or remote transports"; + description = "Path to the socket for local or remote transports"; }; host = mkOption { type = str; - description = lib.mdDoc "Host for the api or remote transport"; + description = "Host for the api or remote transport"; }; port = mkOption { type = nullOr str; default = null; - description = lib.mdDoc "Port to connect to for the api or remote transport"; + description = "Port to connect to for the api or remote transport"; }; username = mkOption { type = str; - description = lib.mdDoc "Username for the api or remote transport"; + description = "Username for the api or remote transport"; }; password = mkOption { type = str; - description = lib.mdDoc "Password for the api transport"; + description = "Password for the api transport"; }; resource = mkOption { type = str; - description = lib.mdDoc "SSH identity resource for the remote transport"; + description = "SSH identity resource for the remote transport"; }; }; })); diff --git a/nixpkgs/nixos/modules/services/web-apps/invidious.nix b/nixpkgs/nixos/modules/services/web-apps/invidious.nix index 359aaabfe673..f0e860383a62 100644 --- a/nixpkgs/nixos/modules/services/web-apps/invidious.nix +++ b/nixpkgs/nixos/modules/services/web-apps/invidious.nix @@ -237,14 +237,14 @@ let in { options.services.invidious = { - enable = lib.mkEnableOption (lib.mdDoc "Invidious"); + enable = lib.mkEnableOption "Invidious"; package = lib.mkPackageOption pkgs "invidious" { }; settings = lib.mkOption { type = settingsFormat.type; default = { }; - description = lib.mdDoc '' + description = '' The settings Invidious should use. See [config.example.yml](https://github.com/iv-org/invidious/blob/master/config/config.example.yml) for a list of all possible options. @@ -254,7 +254,7 @@ in hmacKeyFile = lib.mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' A path to a file containing the `hmac_key`. If `null`, a key will be generated automatically on first start. @@ -266,7 +266,7 @@ in extraSettingsFile = lib.mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' A file including Invidious settings. It gets merged with the settings specified in {option}`services.invidious.settings` @@ -277,7 +277,7 @@ in serviceScale = lib.mkOption { type = types.int; default = 1; - description = lib.mdDoc '' + description = '' How many invidious instances to run. See https://docs.invidious.io/improve-public-instance/#2-multiple-invidious-processes for more details @@ -294,7 +294,7 @@ in domain = lib.mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The FQDN Invidious is reachable on. This is used to configure nginx and for building absolute URLs. @@ -306,7 +306,7 @@ in # default from https://github.com/iv-org/invidious/blob/master/config/config.example.yml default = if cfg.nginx.enable then "127.0.0.1" else "0.0.0.0"; defaultText = lib.literalExpression ''if config.services.invidious.nginx.enable then "127.0.0.1" else "0.0.0.0"''; - description = lib.mdDoc '' + description = '' The IP address Invidious should bind to. ''; }; @@ -315,7 +315,7 @@ in type = types.port; # Default from https://docs.invidious.io/Configuration.md default = 3000; - description = lib.mdDoc '' + description = '' The port Invidious should listen on. To allow access from outside, @@ -328,7 +328,7 @@ in createLocally = lib.mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to create a local database with PostgreSQL. ''; }; @@ -336,7 +336,7 @@ in host = lib.mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The database host Invidious should use. If `null`, the local unix socket is used. Otherwise @@ -346,9 +346,9 @@ in port = lib.mkOption { type = types.port; - default = options.services.postgresql.port.default; - defaultText = lib.literalExpression "options.services.postgresql.port.default"; - description = lib.mdDoc '' + default = config.services.postgresql.settings.port; + defaultText = lib.literalExpression "config.services.postgresql.settings.port"; + description = '' The port of the database Invidious should use. Defaults to the the default postgresql port. @@ -359,7 +359,7 @@ in type = types.nullOr types.str; apply = lib.mapNullable toString; default = null; - description = lib.mdDoc '' + description = '' Path to file containing the database password. ''; }; @@ -368,7 +368,7 @@ in nginx.enable = lib.mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to configure nginx as a reverse proxy for Invidious. It serves it under the domain specified in {option}`services.invidious.settings.domain` with enabled TLS and ACME. @@ -381,7 +381,7 @@ in enable = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable http3-ytproxy for faster loading of images and video playback. If {option}`services.invidious.nginx.enable` is used, nginx will be configured automatically. If not, you diff --git a/nixpkgs/nixos/modules/services/web-apps/invoiceplane.nix b/nixpkgs/nixos/modules/services/web-apps/invoiceplane.nix index 618bd848ebcb..4d0e25958e35 100644 --- a/nixpkgs/nixos/modules/services/web-apps/invoiceplane.nix +++ b/nixpkgs/nixos/modules/services/web-apps/invoiceplane.nix @@ -80,12 +80,12 @@ let { options = { - enable = mkEnableOption (lib.mdDoc "InvoicePlane web application"); + enable = mkEnableOption "InvoicePlane web application"; stateDir = mkOption { type = types.path; default = "/var/lib/invoiceplane/${name}"; - description = lib.mdDoc '' + description = '' This directory is used for uploads of attachments and cache. The directory passed here is automatically created and permissions adjusted as required. @@ -96,32 +96,32 @@ let host = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc "Database host address."; + description = "Database host address."; }; port = mkOption { type = types.port; default = 3306; - description = lib.mdDoc "Database host port."; + description = "Database host port."; }; name = mkOption { type = types.str; default = "invoiceplane"; - description = lib.mdDoc "Database name."; + description = "Database name."; }; user = mkOption { type = types.str; default = "invoiceplane"; - description = lib.mdDoc "Database user."; + description = "Database user."; }; passwordFile = mkOption { type = types.nullOr types.path; default = null; example = "/run/keys/invoiceplane-dbpassword"; - description = lib.mdDoc '' + description = '' A file containing the password corresponding to {option}`database.user`. ''; @@ -130,14 +130,14 @@ let createLocally = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Create the database and database user locally."; + description = "Create the database and database user locally."; }; }; invoiceTemplates = mkOption { type = types.listOf types.path; default = []; - description = lib.mdDoc '' + description = '' List of path(s) to respective template(s) which are copied from the 'invoice_templates/pdf' directory. ::: {.note} @@ -176,7 +176,7 @@ let "pm.max_spare_servers" = 4; "pm.max_requests" = 500; }; - description = lib.mdDoc '' + description = '' Options for the InvoicePlane PHP pool. See the documentation on `php-fpm.conf` for details on configuration directives. ''; @@ -190,7 +190,7 @@ let DISABLE_SETUP=true IP_URL=https://invoice.example.com ''; - description = lib.mdDoc '' + description = '' InvoicePlane configuration. Refer to <https://github.com/InvoicePlane/InvoicePlane/blob/master/ipconfig.php.example> for details on supported values. @@ -204,7 +204,7 @@ let settings = mkOption { type = types.attrsOf types.anything; default = {}; - description = lib.mdDoc '' + description = '' Structural InvoicePlane configuration. Refer to <https://github.com/InvoicePlane/InvoicePlane/blob/master/ipconfig.php.example> for details and supported values. @@ -222,7 +222,7 @@ let enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable cron service which periodically runs Invoiceplane tasks. Requires key taken from the administration page. Refer to <https://wiki.invoiceplane.com/en/1.0/modules/recurring-invoices> @@ -231,7 +231,7 @@ let }; key = mkOption { type = types.str; - description = lib.mdDoc "Cron key taken from the administration page."; + description = "Cron key taken from the administration page."; }; }; @@ -248,20 +248,20 @@ in options.sites = mkOption { type = types.attrsOf (types.submodule siteOpts); default = {}; - description = lib.mdDoc "Specification of one or more WordPress sites to serve"; + description = "Specification of one or more WordPress sites to serve"; }; options.webserver = mkOption { type = types.enum [ "caddy" "nginx" ]; default = "caddy"; example = "nginx"; - description = lib.mdDoc '' + description = '' Which webserver to use for virtual host management. ''; }; }; default = {}; - description = lib.mdDoc "InvoicePlane configuration."; + description = "InvoicePlane configuration."; }; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/isso.nix b/nixpkgs/nixos/modules/services/web-apps/isso.nix index 6cb2d9ec785e..4e7785d1eb3e 100644 --- a/nixpkgs/nixos/modules/services/web-apps/isso.nix +++ b/nixpkgs/nixos/modules/services/web-apps/isso.nix @@ -11,16 +11,16 @@ in { options = { services.isso = { - enable = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption '' isso, a commenting server similar to Disqus. Note: The application's author suppose to run isso behind a reverse proxy. The embedded solution offered by NixOS is also only suitable for small installations below 20 requests per second - ''); + ''; settings = mkOption { - description = lib.mdDoc '' + description = '' Configuration for `isso`. See [Isso Server Configuration](https://posativ.org/isso/docs/configuration/server/) diff --git a/nixpkgs/nixos/modules/services/web-apps/jirafeau.nix b/nixpkgs/nixos/modules/services/web-apps/jirafeau.nix index 5f754d824a28..12a228f41d3d 100644 --- a/nixpkgs/nixos/modules/services/web-apps/jirafeau.nix +++ b/nixpkgs/nixos/modules/services/web-apps/jirafeau.nix @@ -25,7 +25,7 @@ in adminPasswordSha256 = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' SHA-256 of the desired administration password. Leave blank/unset for no password. ''; }; @@ -33,10 +33,10 @@ in dataDir = mkOption { type = types.path; default = "/var/lib/jirafeau/data/"; - description = lib.mdDoc "Location of Jirafeau storage directory."; + description = "Location of Jirafeau storage directory."; }; - enable = mkEnableOption (lib.mdDoc "Jirafeau file upload application"); + enable = mkEnableOption "Jirafeau file upload application"; extraConfig = mkOption { type = types.lines; @@ -48,8 +48,7 @@ in description = let documentationLink = "https://gitlab.com/mojo42/Jirafeau/-/blob/${cfg.package.version}/lib/config.original.php"; - in - lib.mdDoc '' + in '' Jirefeau configuration. Refer to <${documentationLink}> for supported values. ''; @@ -58,13 +57,13 @@ in hostName = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc "URL of instance. Must have trailing slash."; + description = "URL of instance. Must have trailing slash."; }; maxUploadSizeMegabytes = mkOption { type = types.int; default = 0; - description = lib.mdDoc "Maximum upload size of accepted files."; + description = "Maximum upload size of accepted files."; }; maxUploadTimeout = mkOption { @@ -72,8 +71,7 @@ in default = "30m"; description = let nginxCoreDocumentation = "http://nginx.org/en/docs/http/ngx_http_core_module.html"; - in - lib.mdDoc '' + in '' Timeout for reading client request bodies and headers. Refer to <${nginxCoreDocumentation}#client_body_timeout> and <${nginxCoreDocumentation}#client_header_timeout> for accepted values. @@ -89,7 +87,7 @@ in serverAliases = [ "wiki.''${config.networking.domain}" ]; } ''; - description = lib.mdDoc "Extra configuration for the nginx virtual host of Jirafeau."; + description = "Extra configuration for the nginx virtual host of Jirafeau."; }; package = mkPackageOption pkgs "jirafeau" { }; @@ -104,7 +102,7 @@ in "pm.max_spare_servers" = 4; "pm.max_requests" = 500; }; - description = lib.mdDoc '' + description = '' Options for Jirafeau PHP pool. See documentation on `php-fpm.conf` for details on configuration directives. ''; diff --git a/nixpkgs/nixos/modules/services/web-apps/jitsi-meet.nix b/nixpkgs/nixos/modules/services/web-apps/jitsi-meet.nix index c4505534d635..76753b89ec9e 100644 --- a/nixpkgs/nixos/modules/services/web-apps/jitsi-meet.nix +++ b/nixpkgs/nixos/modules/services/web-apps/jitsi-meet.nix @@ -47,12 +47,12 @@ let in { options.services.jitsi-meet = with types; { - enable = mkEnableOption (lib.mdDoc "Jitsi Meet - Secure, Simple and Scalable Video Conferences"); + enable = mkEnableOption "Jitsi Meet - Secure, Simple and Scalable Video Conferences"; hostName = mkOption { type = str; example = "meet.example.org"; - description = lib.mdDoc '' + description = '' FQDN of the Jitsi Meet instance. ''; }; @@ -66,7 +66,7 @@ in defaultLang = "fi"; } ''; - description = lib.mdDoc '' + description = '' Client-side web application settings that override the defaults in {file}`config.js`. See <https://github.com/jitsi/jitsi-meet/blob/master/config.js> for default @@ -77,7 +77,7 @@ in extraConfig = mkOption { type = lines; default = ""; - description = lib.mdDoc '' + description = '' Text to append to {file}`config.js` web application config file. Can be used to insert JavaScript logic to determine user's region in cascading bridges setup. @@ -93,7 +93,7 @@ in SHOW_WATERMARK_FOR_GUESTS = false; } ''; - description = lib.mdDoc '' + description = '' Client-side web-app interface settings that override the defaults in {file}`interface_config.js`. See <https://github.com/jitsi/jitsi-meet/blob/master/interface_config.js> for @@ -105,7 +105,7 @@ in enable = mkOption { type = bool; default = true; - description = lib.mdDoc '' + description = '' Jitsi Videobridge instance and configure it to connect to Prosody. Additional configuration is possible with {option}`services.jitsi-videobridge` @@ -116,7 +116,7 @@ in type = nullOr str; default = null; example = "/run/keys/videobridge"; - description = lib.mdDoc '' + description = '' File containing password to the Prosody account for videobridge. If `null`, a file with password will be generated automatically. Setting @@ -128,7 +128,7 @@ in jicofo.enable = mkOption { type = bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable JiCoFo instance and configure it to connect to Prosody. Additional configuration is possible with {option}`services.jicofo`. @@ -138,7 +138,7 @@ in jibri.enable = mkOption { type = bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable a Jibri instance and configure it to connect to Prosody. Additional configuration is possible with {option}`services.jibri`, and @@ -159,7 +159,7 @@ in nginx.enable = mkOption { type = bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable nginx virtual host that will serve the javascript application and act as a proxy for the XMPP server. Further nginx configuration can be done by adapting {option}`services.nginx.virtualHosts.<hostName>`. @@ -170,25 +170,32 @@ in ''; }; - caddy.enable = mkEnableOption (lib.mdDoc "Whether to enable caddy reverse proxy to expose jitsi-meet"); + caddy.enable = mkEnableOption "Whether to enable caddy reverse proxy to expose jitsi-meet"; prosody.enable = mkOption { type = bool; default = true; - description = lib.mdDoc '' + description = '' Whether to configure Prosody to relay XMPP messages between Jitsi Meet components. Turn this off if you want to configure it manually. ''; }; - excalidraw.enable = mkEnableOption (lib.mdDoc "Excalidraw collaboration backend for Jitsi"); + excalidraw.enable = mkEnableOption "Excalidraw collaboration backend for Jitsi"; excalidraw.port = mkOption { type = types.port; default = 3002; - description = lib.mdDoc ''The port which the Excalidraw backend for Jitsi should listen to.''; + description = ''The port which the Excalidraw backend for Jitsi should listen to.''; }; - secureDomain.enable = mkEnableOption (lib.mdDoc "Authenticated room creation"); + secureDomain = { + enable = mkEnableOption "Authenticated room creation"; + authentication = mkOption { + type = types.str; + default = "internal_hashed"; + description = ''The authentication type to be used by jitsi''; + }; + }; }; config = mkIf cfg.enable { @@ -309,7 +316,7 @@ in enabled = true; domain = cfg.hostName; extraConfig = '' - authentication = ${if cfg.secureDomain.enable then "\"internal_hashed\"" else "\"jitsi-anonymous\""} + authentication = ${if cfg.secureDomain.enable then "\"${cfg.secureDomain.authentication}\"" else "\"jitsi-anonymous\""} c2s_require_encryption = false admins = { "focus@auth.${cfg.hostName}" } smacks_max_unacked_stanzas = 5 diff --git a/nixpkgs/nixos/modules/services/web-apps/kasmweb/default.nix b/nixpkgs/nixos/modules/services/web-apps/kasmweb/default.nix index 0d78025ecf0f..9f1da78f3c76 100644 --- a/nixpkgs/nixos/modules/services/web-apps/kasmweb/default.nix +++ b/nixpkgs/nixos/modules/services/web-apps/kasmweb/default.nix @@ -5,12 +5,12 @@ let in { options.services.kasmweb = { - enable = lib.mkEnableOption (lib.mdDoc "kasmweb"); + enable = lib.mkEnableOption "kasmweb"; networkSubnet = lib.mkOption { default = "172.20.0.0/16"; type = lib.types.str; - description = lib.mdDoc '' + description = '' The network subnet to use for the containers. ''; }; @@ -19,14 +19,14 @@ in user = lib.mkOption { default = "kasmweb"; type = lib.types.str; - description = lib.mdDoc '' + description = '' Username to use for the postgres database. ''; }; password = lib.mkOption { default = "kasmweb"; type = lib.types.str; - description = lib.mdDoc '' + description = '' password to use for the postgres database. ''; }; @@ -35,7 +35,7 @@ in redisPassword = lib.mkOption { default = "kasmweb"; type = lib.types.str; - description = lib.mdDoc '' + description = '' password to use for the redis cache. ''; }; @@ -43,7 +43,7 @@ in defaultAdminPassword = lib.mkOption { default = "kasmweb"; type = lib.types.str; - description = lib.mdDoc '' + description = '' default admin password to use. ''; }; @@ -51,7 +51,7 @@ in defaultUserPassword = lib.mkOption { default = "kasmweb"; type = lib.types.str; - description = lib.mdDoc '' + description = '' default user password to use. ''; }; @@ -59,7 +59,7 @@ in defaultManagerToken = lib.mkOption { default = "kasmweb"; type = lib.types.str; - description = lib.mdDoc '' + description = '' default manager token to use. ''; }; @@ -67,7 +67,7 @@ in defaultGuacToken = lib.mkOption { default = "kasmweb"; type = lib.types.str; - description = lib.mdDoc '' + description = '' default guac token to use. ''; }; @@ -75,7 +75,7 @@ in defaultRegistrationToken = lib.mkOption { default = "kasmweb"; type = lib.types.str; - description = lib.mdDoc '' + description = '' default registration token to use. ''; }; @@ -83,7 +83,7 @@ in datastorePath = lib.mkOption { type = lib.types.str; default = "/var/lib/kasmweb"; - description = lib.mdDoc '' + description = '' The directory used to store all data for kasmweb. ''; }; @@ -91,7 +91,7 @@ in listenAddress = lib.mkOption { type = lib.types.str; default = "0.0.0.0"; - description = lib.mdDoc '' + description = '' The address on which kasmweb should listen. ''; }; @@ -99,7 +99,7 @@ in listenPort = lib.mkOption { type = lib.types.int; default = 443; - description = lib.mdDoc '' + description = '' The port on which kasmweb should listen. ''; }; @@ -107,7 +107,7 @@ in sslCertificate = lib.mkOption { type = lib.types.nullOr lib.types.path; default = null; - description = lib.mdDoc '' + description = '' The SSL certificate to be used for kasmweb. ''; }; @@ -115,7 +115,7 @@ in sslCertificateKey = lib.mkOption { type = lib.types.nullOr lib.types.path; default = null; - description = lib.mdDoc '' + description = '' The SSL certificate's key to be used for kasmweb. Make sure to specify this as a string and not a literal path, so that it is not accidentally included in your nixstore. diff --git a/nixpkgs/nixos/modules/services/web-apps/kavita.nix b/nixpkgs/nixos/modules/services/web-apps/kavita.nix index c90697bcfa8b..fe22d28af5d0 100644 --- a/nixpkgs/nixos/modules/services/web-apps/kavita.nix +++ b/nixpkgs/nixos/modules/services/web-apps/kavita.nix @@ -15,12 +15,12 @@ in ]; options.services.kavita = { - enable = lib.mkEnableOption (lib.mdDoc "Kavita reading server"); + enable = lib.mkEnableOption "Kavita reading server"; user = lib.mkOption { type = lib.types.str; default = "kavita"; - description = lib.mdDoc "User account under which Kavita runs."; + description = "User account under which Kavita runs."; }; package = lib.mkPackageOption pkgs "kavita" { }; @@ -28,20 +28,20 @@ in dataDir = lib.mkOption { default = "/var/lib/kavita"; type = lib.types.str; - description = lib.mdDoc "The directory where Kavita stores its state."; + description = "The directory where Kavita stores its state."; }; tokenKeyFile = lib.mkOption { type = lib.types.path; - description = lib.mdDoc '' - A file containing the TokenKey, a secret with at 128+ bits. - It can be generated with `head -c 32 /dev/urandom | base64`. + description = '' + A file containing the TokenKey, a secret with at 512+ bits. + It can be generated with `head -c 64 /dev/urandom | base64 --wrap=0`. ''; }; settings = lib.mkOption { default = { }; - description = lib.mdDoc '' + description = '' Kavita configuration options, as configured in {file}`appsettings.json`. ''; type = lib.types.submodule { @@ -51,13 +51,13 @@ in Port = lib.mkOption { default = 5000; type = lib.types.port; - description = lib.mdDoc "Port to bind to."; + description = "Port to bind to."; }; IpAddresses = lib.mkOption { default = "0.0.0.0,::"; type = lib.types.commas; - description = lib.mdDoc '' + description = '' IP Addresses to bind to. The default is to bind to all IPv4 and IPv6 addresses. ''; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/keycloak.nix b/nixpkgs/nixos/modules/services/web-apps/keycloak.nix index 6d2948913b19..cf1282b3d4cf 100644 --- a/nixpkgs/nixos/modules/services/web-apps/keycloak.nix +++ b/nixpkgs/nixos/modules/services/web-apps/keycloak.nix @@ -99,7 +99,7 @@ in type = bool; default = false; example = true; - description = lib.mdDoc '' + description = '' Whether to enable the Keycloak identity and access management server. ''; @@ -110,7 +110,7 @@ in default = null; example = "/run/keys/ssl_cert"; apply = assertStringPath "sslCertificate"; - description = lib.mdDoc '' + description = '' The path to a PEM formatted certificate to use for TLS/SSL connections. ''; @@ -121,7 +121,7 @@ in default = null; example = "/run/keys/ssl_key"; apply = assertStringPath "sslCertificateKey"; - description = lib.mdDoc '' + description = '' The path to a PEM formatted private key to use for TLS/SSL connections. ''; @@ -130,7 +130,7 @@ in plugins = lib.mkOption { type = lib.types.listOf lib.types.path; default = [ ]; - description = lib.mdDoc '' + description = '' Keycloak plugin jar, ear files or derivations containing them. Packaged plugins are available through `pkgs.keycloak.plugins`. @@ -142,7 +142,7 @@ in type = enum [ "mysql" "mariadb" "postgresql" ]; default = "postgresql"; example = "mariadb"; - description = lib.mdDoc '' + description = '' The type of database Keycloak should connect to. ''; }; @@ -150,7 +150,7 @@ in host = mkOption { type = str; default = "localhost"; - description = lib.mdDoc '' + description = '' Hostname of the database to connect to. ''; }; @@ -167,7 +167,7 @@ in type = port; default = dbPorts.${cfg.database.type}; defaultText = literalMD "default port of selected database"; - description = lib.mdDoc '' + description = '' Port of the database to connect to. ''; }; @@ -176,7 +176,7 @@ in type = bool; default = cfg.database.host != "localhost"; defaultText = literalExpression ''config.${opt.database.host} != "localhost"''; - description = lib.mdDoc '' + description = '' Whether the database connection should be secured by SSL / TLS. ''; @@ -185,7 +185,7 @@ in caCert = mkOption { type = nullOr path; default = null; - description = lib.mdDoc '' + description = '' The SSL / TLS CA certificate that verifies the identity of the database server. @@ -200,7 +200,7 @@ in createLocally = mkOption { type = bool; default = true; - description = lib.mdDoc '' + description = '' Whether a database should be automatically created on the local host. Set this to false if you plan on provisioning a local database yourself. This has no effect if @@ -211,7 +211,7 @@ in name = mkOption { type = str; default = "keycloak"; - description = lib.mdDoc '' + description = '' Database name to use when connecting to an external or manually provisioned database; has no effect when a local database is automatically provisioned. @@ -225,7 +225,7 @@ in username = mkOption { type = str; default = "keycloak"; - description = lib.mdDoc '' + description = '' Username to use when connecting to an external or manually provisioned database; has no effect when a local database is automatically provisioned. @@ -240,7 +240,7 @@ in type = path; example = "/run/keys/db_password"; apply = assertStringPath "passwordFile"; - description = lib.mdDoc '' + description = '' The path to a file containing the database password. ''; }; @@ -251,7 +251,7 @@ in initialAdminPassword = mkOption { type = str; default = "changeme"; - description = lib.mdDoc '' + description = '' Initial password set for the `admin` user. The password is not stored safely and should be changed immediately in the admin panel. @@ -261,7 +261,7 @@ in themes = mkOption { type = attrsOf package; default = { }; - description = lib.mdDoc '' + description = '' Additional theme packages for Keycloak. Each theme is linked into subdirectory with a corresponding attribute name. @@ -281,7 +281,7 @@ in type = str; default = "0.0.0.0"; example = "127.0.0.1"; - description = lib.mdDoc '' + description = '' On which address Keycloak should accept new connections. ''; }; @@ -290,7 +290,7 @@ in type = port; default = 80; example = 8080; - description = lib.mdDoc '' + description = '' On which port Keycloak should listen for new HTTP connections. ''; }; @@ -299,7 +299,7 @@ in type = port; default = 443; example = 8443; - description = lib.mdDoc '' + description = '' On which port Keycloak should listen for new HTTPS connections. ''; }; @@ -309,7 +309,7 @@ in default = "/"; example = "/auth"; apply = x: if !(hasPrefix "/") x then "/" + x else x; - description = lib.mdDoc '' + description = '' The path relative to `/` for serving resources. @@ -331,7 +331,7 @@ in type = nullOr str; default = null; example = "keycloak.example.com"; - description = lib.mdDoc '' + description = '' The hostname part of the public URL used as base for all frontend requests. @@ -344,7 +344,7 @@ in type = bool; default = false; example = true; - description = lib.mdDoc '' + description = '' Whether Keycloak should force all requests to go through the frontend URL. By default, Keycloak allows backend requests to instead use its local hostname or @@ -360,7 +360,7 @@ in type = enum [ "edge" "reencrypt" "passthrough" "none" ]; default = "none"; example = "edge"; - description = lib.mdDoc '' + description = '' The proxy address forwarding mode if the server is behind a reverse proxy. @@ -389,7 +389,7 @@ in } ''; - description = lib.mdDoc '' + description = '' Configuration options corresponding to parameters set in {file}`conf/keycloak.conf`. diff --git a/nixpkgs/nixos/modules/services/web-apps/lanraragi.nix b/nixpkgs/nixos/modules/services/web-apps/lanraragi.nix index 6703da005ab0..7b7fb01918bb 100644 --- a/nixpkgs/nixos/modules/services/web-apps/lanraragi.nix +++ b/nixpkgs/nixos/modules/services/web-apps/lanraragi.nix @@ -8,20 +8,20 @@ in options.services = { lanraragi = { - enable = lib.mkEnableOption (lib.mdDoc "LANraragi"); + enable = lib.mkEnableOption "LANraragi"; package = lib.mkPackageOption pkgs "lanraragi" { }; port = lib.mkOption { type = lib.types.port; default = 3000; - description = lib.mdDoc "Port for LANraragi's web interface."; + description = "Port for LANraragi's web interface."; }; passwordFile = lib.mkOption { type = lib.types.nullOr lib.types.path; default = null; example = "/run/keys/lanraragi-password"; - description = lib.mdDoc '' + description = '' A file containing the password for LANraragi's admin interface. ''; }; @@ -30,13 +30,13 @@ in port = lib.mkOption { type = lib.types.port; default = 6379; - description = lib.mdDoc "Port for LANraragi's Redis server."; + description = "Port for LANraragi's Redis server."; }; passwordFile = lib.mkOption { type = lib.types.nullOr lib.types.path; default = null; example = "/run/keys/redis-lanraragi-password"; - description = lib.mdDoc '' + description = '' A file containing the password for LANraragi's Redis server. ''; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/lemmy.nix b/nixpkgs/nixos/modules/services/web-apps/lemmy.nix index 968dcac93fab..3185f9a4263c 100644 --- a/nixpkgs/nixos/modules/services/web-apps/lemmy.nix +++ b/nixpkgs/nixos/modules/services/web-apps/lemmy.nix @@ -14,7 +14,7 @@ in options.services.lemmy = { - enable = mkEnableOption (lib.mdDoc "lemmy a federated alternative to reddit in rust"); + enable = mkEnableOption "lemmy a federated alternative to reddit in rust"; server = { package = mkPackageOption pkgs "lemmy-server" {}; @@ -26,50 +26,50 @@ in port = mkOption { type = types.port; default = 1234; - description = lib.mdDoc "Port where lemmy-ui should listen for incoming requests."; + description = "Port where lemmy-ui should listen for incoming requests."; }; }; - caddy.enable = mkEnableOption (lib.mdDoc "exposing lemmy with the caddy reverse proxy"); - nginx.enable = mkEnableOption (lib.mdDoc "exposing lemmy with the nginx reverse proxy"); + caddy.enable = mkEnableOption "exposing lemmy with the caddy reverse proxy"; + nginx.enable = mkEnableOption "exposing lemmy with the nginx reverse proxy"; database = { - createLocally = mkEnableOption (lib.mdDoc "creation of database on the instance"); + createLocally = mkEnableOption "creation of database on the instance"; uri = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc "The connection URI to use. Takes priority over the configuration file if set."; + description = "The connection URI to use. Takes priority over the configuration file if set."; }; uriFile = mkOption { type = with types; nullOr path; default = null; - description = lib.mdDoc "File which contains the database uri."; + description = "File which contains the database uri."; }; }; pictrsApiKeyFile = mkOption { type = with types; nullOr path; default = null; - description = lib.mdDoc "File which contains the value of `pictrs.api_key`."; + description = "File which contains the value of `pictrs.api_key`."; }; smtpPasswordFile = mkOption { type = with types; nullOr path; default = null; - description = lib.mdDoc "File which contains the value of `email.smtp_password`."; + description = "File which contains the value of `email.smtp_password`."; }; adminPasswordFile = mkOption { type = with types; nullOr path; default = null; - description = lib.mdDoc "File which contains the value of `setup.admin_password`."; + description = "File which contains the value of `setup.admin_password`."; }; settings = mkOption { default = { }; - description = lib.mdDoc "Lemmy configuration"; + description = "Lemmy configuration"; type = types.submodule { freeformType = settingsFormat.type; @@ -77,25 +77,25 @@ in options.hostname = mkOption { type = types.str; default = null; - description = lib.mdDoc "The domain name of your instance (eg 'lemmy.ml')."; + description = "The domain name of your instance (eg 'lemmy.ml')."; }; options.port = mkOption { type = types.port; default = 8536; - description = lib.mdDoc "Port where lemmy should listen for incoming requests."; + description = "Port where lemmy should listen for incoming requests."; }; options.captcha = { enabled = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Enable Captcha."; + description = "Enable Captcha."; }; difficulty = mkOption { type = types.enum [ "easy" "medium" "hard" ]; default = "medium"; - description = lib.mdDoc "The difficultly of the captcha to solve."; + description = "The difficultly of the captcha to solve."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/limesurvey.nix b/nixpkgs/nixos/modules/services/web-apps/limesurvey.nix index 920e6928ef5c..cdd60f572b99 100644 --- a/nixpkgs/nixos/modules/services/web-apps/limesurvey.nix +++ b/nixpkgs/nixos/modules/services/web-apps/limesurvey.nix @@ -2,7 +2,7 @@ let - inherit (lib) mkDefault mkEnableOption mkForce mkIf mkMerge mkOption; + inherit (lib) mkDefault mkEnableOption mkForce mkIf mkMerge mkOption mkPackageOption; inherit (lib) literalExpression mapAttrs optional optionalString types; cfg = config.services.limesurvey; @@ -12,8 +12,6 @@ let group = config.services.httpd.group; stateDir = "/var/lib/limesurvey"; - pkg = pkgs.limesurvey; - configType = with types; oneOf [ (attrsOf configType) str int bool ] // { description = "limesurvey config type (str, int, bool or attribute set thereof)"; }; @@ -32,12 +30,14 @@ in # interface options.services.limesurvey = { - enable = mkEnableOption (lib.mdDoc "Limesurvey web application"); + enable = mkEnableOption "Limesurvey web application"; + + package = mkPackageOption pkgs "limesurvey" { }; encryptionKey = mkOption { type = types.str; default = "E17687FC77CEE247F0E22BB3ECF27FDE8BEC310A892347EC13013ABA11AA7EB5"; - description = lib.mdDoc '' + description = '' This is a 32-byte key used to encrypt variables in the database. You _must_ change this from the default value. ''; @@ -46,7 +46,7 @@ in encryptionNonce = mkOption { type = types.str; default = "1ACC8555619929DB91310BE848025A427B0F364A884FFA77"; - description = lib.mdDoc '' + description = '' This is a 24-byte nonce used to encrypt variables in the database. You _must_ change this from the default value. ''; @@ -57,45 +57,45 @@ in type = types.enum [ "mysql" "pgsql" "odbc" "mssql" ]; example = "pgsql"; default = "mysql"; - description = lib.mdDoc "Database engine to use."; + description = "Database engine to use."; }; dbEngine = mkOption { type = types.enum [ "MyISAM" "InnoDB" ]; default = "InnoDB"; - description = lib.mdDoc "Database storage engine to use."; + description = "Database storage engine to use."; }; host = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc "Database host address."; + description = "Database host address."; }; port = mkOption { type = types.port; default = if cfg.database.type == "pgsql" then 5442 else 3306; defaultText = literalExpression "3306"; - description = lib.mdDoc "Database host port."; + description = "Database host port."; }; name = mkOption { type = types.str; default = "limesurvey"; - description = lib.mdDoc "Database name."; + description = "Database name."; }; user = mkOption { type = types.str; default = "limesurvey"; - description = lib.mdDoc "Database user."; + description = "Database user."; }; passwordFile = mkOption { type = types.nullOr types.path; default = null; example = "/run/keys/limesurvey-dbpassword"; - description = lib.mdDoc '' + description = '' A file containing the password corresponding to {option}`database.user`. ''; @@ -109,14 +109,14 @@ in else null ; defaultText = literalExpression "/run/mysqld/mysqld.sock"; - description = lib.mdDoc "Path to the unix socket file to use for authentication."; + description = "Path to the unix socket file to use for authentication."; }; createLocally = mkOption { type = types.bool; default = cfg.database.type == "mysql"; defaultText = literalExpression "true"; - description = lib.mdDoc '' + description = '' Create the database and database user locally. This currently only applies if database type "mysql" is selected. ''; @@ -133,7 +133,7 @@ in enableACME = true; } ''; - description = lib.mdDoc '' + description = '' Apache configuration can be done by adapting `services.httpd.virtualHosts.<name>`. See [](#opt-services.httpd.virtualHosts) for further information. ''; @@ -149,7 +149,7 @@ in "pm.max_spare_servers" = 4; "pm.max_requests" = 500; }; - description = lib.mdDoc '' + description = '' Options for the LimeSurvey PHP pool. See the documentation on `php-fpm.conf` for details on configuration directives. ''; @@ -158,7 +158,7 @@ in config = mkOption { type = configType; default = {}; - description = lib.mdDoc '' + description = '' LimeSurvey configuration. Refer to <https://manual.limesurvey.org/Optional_settings> for details on supported values. @@ -240,7 +240,7 @@ in adminAddr = mkDefault cfg.virtualHost.adminAddr; extraModules = [ "proxy_fcgi" ]; virtualHosts.${cfg.virtualHost.hostName} = mkMerge [ cfg.virtualHost { - documentRoot = mkForce "${pkg}/share/limesurvey"; + documentRoot = mkForce "${cfg.package}/share/limesurvey"; extraConfig = '' Alias "/tmp" "${stateDir}/tmp" <Directory "${stateDir}"> @@ -256,7 +256,7 @@ in Options -Indexes </Directory> - <Directory "${pkg}/share/limesurvey"> + <Directory "${cfg.package}/share/limesurvey"> <FilesMatch "\.php$"> <If "-f %{REQUEST_FILENAME}"> SetHandler "proxy:unix:${fpm.socket}|fcgi://localhost/" @@ -277,7 +277,7 @@ in "d ${stateDir}/tmp/assets 0750 ${user} ${group} - -" "d ${stateDir}/tmp/runtime 0750 ${user} ${group} - -" "d ${stateDir}/tmp/upload 0750 ${user} ${group} - -" - "C ${stateDir}/upload 0750 ${user} ${group} - ${pkg}/share/limesurvey/upload" + "C ${stateDir}/upload 0750 ${user} ${group} - ${cfg.package}/share/limesurvey/upload" ]; systemd.services.limesurvey-init = { @@ -288,8 +288,8 @@ in environment.LIMESURVEY_CONFIG = limesurveyConfig; script = '' # update or install the database as required - ${pkgs.php81}/bin/php ${pkg}/share/limesurvey/application/commands/console.php updatedb || \ - ${pkgs.php81}/bin/php ${pkg}/share/limesurvey/application/commands/console.php install admin password admin admin@example.com verbose + ${pkgs.php81}/bin/php ${cfg.package}/share/limesurvey/application/commands/console.php updatedb || \ + ${pkgs.php81}/bin/php ${cfg.package}/share/limesurvey/application/commands/console.php install admin password admin admin@example.com verbose ''; serviceConfig = { User = user; diff --git a/nixpkgs/nixos/modules/services/web-apps/mainsail.nix b/nixpkgs/nixos/modules/services/web-apps/mainsail.nix index 95de2c5640b4..cfe4c5250b55 100644 --- a/nixpkgs/nixos/modules/services/web-apps/mainsail.nix +++ b/nixpkgs/nixos/modules/services/web-apps/mainsail.nix @@ -6,14 +6,14 @@ let in { options.services.mainsail = { - enable = mkEnableOption (lib.mdDoc "a modern and responsive user interface for Klipper"); + enable = mkEnableOption "a modern and responsive user interface for Klipper"; package = mkPackageOption pkgs "mainsail" { }; hostName = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc "Hostname to serve mainsail on"; + description = "Hostname to serve mainsail on"; }; nginx = mkOption { @@ -25,7 +25,7 @@ in serverAliases = [ "mainsail.''${config.networking.domain}" ]; } ''; - description = lib.mdDoc "Extra configuration for the nginx virtual host of mainsail."; + description = "Extra configuration for the nginx virtual host of mainsail."; }; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/mastodon.nix b/nixpkgs/nixos/modules/services/web-apps/mastodon.nix index 7fc710c6fcec..570f2770fb29 100644 --- a/nixpkgs/nixos/modules/services/web-apps/mastodon.nix +++ b/nixpkgs/nixos/modules/services/web-apps/mastodon.nix @@ -187,10 +187,10 @@ in { options = { services.mastodon = { - enable = lib.mkEnableOption (lib.mdDoc "Mastodon, a federated social network server"); + enable = lib.mkEnableOption "Mastodon, a federated social network server"; configureNginx = lib.mkOption { - description = lib.mdDoc '' + description = '' Configure nginx as a reverse proxy for mastodon. Note that this makes some assumptions on your setup, and sets settings that will affect other virtualHosts running on your nginx instance, if any. @@ -213,7 +213,7 @@ in { }; user = lib.mkOption { - description = lib.mdDoc '' + description = '' User under which mastodon runs. If it is set to "mastodon", that user will be created, otherwise it should be set to the name of a user created elsewhere. @@ -226,7 +226,7 @@ in { }; group = lib.mkOption { - description = lib.mdDoc '' + description = '' Group under which mastodon runs. ''; type = lib.types.str; @@ -234,7 +234,7 @@ in { }; streamingProcesses = lib.mkOption { - description = lib.mdDoc '' + description = '' Number of processes used by the mastodon-streaming service. Please define this explicitly, recommended is the amount of your CPU cores minus one. ''; @@ -243,44 +243,44 @@ in { }; webPort = lib.mkOption { - description = lib.mdDoc "TCP port used by the mastodon-web service."; + description = "TCP port used by the mastodon-web service."; type = lib.types.port; default = 55001; }; webProcesses = lib.mkOption { - description = lib.mdDoc "Processes used by the mastodon-web service."; + description = "Processes used by the mastodon-web service."; type = lib.types.int; default = 2; }; webThreads = lib.mkOption { - description = lib.mdDoc "Threads per process used by the mastodon-web service."; + description = "Threads per process used by the mastodon-web service."; type = lib.types.int; default = 5; }; sidekiqPort = lib.mkOption { - description = lib.mdDoc "TCP port used by the mastodon-sidekiq service."; + description = "TCP port used by the mastodon-sidekiq service."; type = lib.types.port; default = 55002; }; sidekiqThreads = lib.mkOption { - description = lib.mdDoc "Worker threads used by the mastodon-sidekiq-all service. If `sidekiqProcesses` is configured and any processes specify null `threads`, this value is used."; + description = "Worker threads used by the mastodon-sidekiq-all service. If `sidekiqProcesses` is configured and any processes specify null `threads`, this value is used."; type = lib.types.int; default = 25; }; sidekiqProcesses = lib.mkOption { - description = lib.mdDoc "How many Sidekiq processes should be used to handle background jobs, and which job classes they handle. *Read the [upstream documentation](https://docs.joinmastodon.org/admin/scaling/#sidekiq) before configuring this!*"; + description = "How many Sidekiq processes should be used to handle background jobs, and which job classes they handle. *Read the [upstream documentation](https://docs.joinmastodon.org/admin/scaling/#sidekiq) before configuring this!*"; type = with lib.types; attrsOf (submodule { options = { jobClasses = lib.mkOption { type = listOf (enum [ "default" "push" "pull" "mailers" "scheduler" "ingress" ]); - description = lib.mdDoc "If not empty, which job classes should be executed by this process. *Only one process should handle the 'scheduler' class. If left empty, this process will handle the 'scheduler' class.*"; + description = "If not empty, which job classes should be executed by this process. *Only one process should handle the 'scheduler' class. If left empty, this process will handle the 'scheduler' class.*"; }; threads = lib.mkOption { type = nullOr int; - description = lib.mdDoc "Number of threads this process should use for executing jobs. If null, the configured `sidekiqThreads` are used."; + description = "Number of threads this process should use for executing jobs. If null, the configured `sidekiqThreads` are used."; }; }; }); @@ -311,7 +311,7 @@ in { }; vapidPublicKeyFile = lib.mkOption { - description = lib.mdDoc '' + description = '' Path to file containing the public key used for Web Push Voluntary Application Server Identification. A new keypair can be generated by running: @@ -326,13 +326,13 @@ in { }; localDomain = lib.mkOption { - description = lib.mdDoc "The domain serving your Mastodon instance."; + description = "The domain serving your Mastodon instance."; example = "social.example.org"; type = lib.types.str; }; secretKeyBaseFile = lib.mkOption { - description = lib.mdDoc '' + description = '' Path to file containing the secret key base. A new secret key base can be generated by running: @@ -345,7 +345,7 @@ in { }; otpSecretFile = lib.mkOption { - description = lib.mdDoc '' + description = '' Path to file containing the OTP secret. A new OTP secret can be generated by running: @@ -358,7 +358,7 @@ in { }; vapidPrivateKeyFile = lib.mkOption { - description = lib.mdDoc '' + description = '' Path to file containing the private key used for Web Push Voluntary Application Server Identification. A new keypair can be generated by running: @@ -373,7 +373,7 @@ in { }; trustedProxy = lib.mkOption { - description = lib.mdDoc '' + description = '' You need to set it to the IP from which your reverse proxy sends requests to Mastodon's web process, otherwise Mastodon will record the reverse proxy's own IP as the IP of all requests, which would be bad because IP addresses are used for important rate limits and security functions. @@ -383,7 +383,7 @@ in { }; enableUnixSocket = lib.mkOption { - description = lib.mdDoc '' + description = '' Instead of binding to an IP address like 127.0.0.1, you may bind to a Unix socket. This variable is process-specific, e.g. you need different values for every process, and it works for both web (Puma) processes and streaming API (Node.js) processes. @@ -394,32 +394,32 @@ in { redis = { createLocally = lib.mkOption { - description = lib.mdDoc "Configure local Redis server for Mastodon."; + description = "Configure local Redis server for Mastodon."; type = lib.types.bool; default = true; }; host = lib.mkOption { - description = lib.mdDoc "Redis host."; + description = "Redis host."; type = lib.types.str; default = "127.0.0.1"; }; port = lib.mkOption { - description = lib.mdDoc "Redis port."; + description = "Redis port."; type = lib.types.port; default = 31637; }; passwordFile = lib.mkOption { - description = lib.mdDoc "A file containing the password for Redis database."; + description = "A file containing the password for Redis database."; type = lib.types.nullOr lib.types.path; default = null; example = "/run/keys/mastodon-redis-password"; }; enableUnixSocket = lib.mkOption { - description = lib.mdDoc "Use Unix socket"; + description = "Use Unix socket"; type = lib.types.bool; default = true; }; @@ -427,7 +427,7 @@ in { database = { createLocally = lib.mkOption { - description = lib.mdDoc "Configure local PostgreSQL database server for Mastodon."; + description = "Configure local PostgreSQL database server for Mastodon."; type = lib.types.bool; default = true; }; @@ -436,7 +436,7 @@ in { type = lib.types.str; default = "/run/postgresql"; example = "192.168.23.42"; - description = lib.mdDoc "Database host address or unix socket."; + description = "Database host address or unix socket."; }; port = lib.mkOption { @@ -447,26 +447,26 @@ in { then null else 5432 ''; - description = lib.mdDoc "Database host port."; + description = "Database host port."; }; name = lib.mkOption { type = lib.types.str; default = "mastodon"; - description = lib.mdDoc "Database name."; + description = "Database name."; }; user = lib.mkOption { type = lib.types.str; default = "mastodon"; - description = lib.mdDoc "Database user."; + description = "Database user."; }; passwordFile = lib.mkOption { type = lib.types.nullOr lib.types.path; default = null; example = "/var/lib/mastodon/secrets/db-password"; - description = lib.mdDoc '' + description = '' A file containing the password corresponding to {option}`database.user`. ''; @@ -475,31 +475,31 @@ in { smtp = { createLocally = lib.mkOption { - description = lib.mdDoc "Configure local Postfix SMTP server for Mastodon."; + description = "Configure local Postfix SMTP server for Mastodon."; type = lib.types.bool; default = true; }; authenticate = lib.mkOption { - description = lib.mdDoc "Authenticate with the SMTP server using username and password."; + description = "Authenticate with the SMTP server using username and password."; type = lib.types.bool; default = false; }; host = lib.mkOption { - description = lib.mdDoc "SMTP host used when sending emails to users."; + description = "SMTP host used when sending emails to users."; type = lib.types.str; default = "127.0.0.1"; }; port = lib.mkOption { - description = lib.mdDoc "SMTP port used when sending emails to users."; + description = "SMTP port used when sending emails to users."; type = lib.types.port; default = 25; }; fromAddress = lib.mkOption { - description = lib.mdDoc ''"From" address used when sending Emails to users.''; + description = ''"From" address used when sending Emails to users.''; type = lib.types.str; }; @@ -507,14 +507,14 @@ in { type = lib.types.nullOr lib.types.str; default = null; example = "mastodon@example.com"; - description = lib.mdDoc "SMTP login name."; + description = "SMTP login name."; }; passwordFile = lib.mkOption { type = lib.types.nullOr lib.types.path; default = null; example = "/var/lib/mastodon/secrets/smtp-password"; - description = lib.mdDoc '' + description = '' Path to file containing the SMTP password. ''; }; @@ -522,7 +522,7 @@ in { elasticsearch = { host = lib.mkOption { - description = lib.mdDoc '' + description = '' Elasticsearch host. If it is not null, Elasticsearch full text search will be enabled. ''; @@ -531,13 +531,13 @@ in { }; port = lib.mkOption { - description = lib.mdDoc "Elasticsearch port."; + description = "Elasticsearch port."; type = lib.types.port; default = 9200; }; preset = lib.mkOption { - description = lib.mdDoc '' + description = '' It controls the ElasticSearch indices configuration (number of shards and replica). ''; type = lib.types.enum [ "single_node_cluster" "small_cluster" "large_cluster" ]; @@ -546,14 +546,14 @@ in { }; user = lib.mkOption { - description = lib.mdDoc "Used for optionally authenticating with Elasticsearch."; + description = "Used for optionally authenticating with Elasticsearch."; type = lib.types.nullOr lib.types.str; default = null; example = "elasticsearch-mastodon"; }; passwordFile = lib.mkOption { - description = lib.mdDoc '' + description = '' Path to file containing password for optionally authenticating with Elasticsearch. ''; type = lib.types.nullOr lib.types.path; @@ -566,13 +566,13 @@ in { type = lib.types.package; default = pkgs.mastodon; defaultText = lib.literalExpression "pkgs.mastodon"; - description = lib.mdDoc "Mastodon package to use."; + description = "Mastodon package to use."; }; extraConfig = lib.mkOption { type = lib.types.attrs; default = {}; - description = lib.mdDoc '' + description = '' Extra environment variables to pass to all mastodon services. ''; }; @@ -580,7 +580,7 @@ in { extraEnvFiles = lib.mkOption { type = with lib.types; listOf path; default = []; - description = lib.mdDoc '' + description = '' Extra environment files to pass to all mastodon services. Useful for passing down environmental secrets. ''; example = [ "/etc/mastodon/s3config.env" ]; @@ -589,7 +589,7 @@ in { automaticMigrations = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc '' + description = '' Do automatic database migrations. ''; }; @@ -599,7 +599,7 @@ in { type = lib.types.bool; default = true; example = false; - description = lib.mdDoc '' + description = '' Automatically remove remote media attachments and preview cards older than the configured amount of days. Recommended in https://docs.joinmastodon.org/admin/setup/. @@ -610,7 +610,7 @@ in { type = lib.types.str; default = "daily"; example = "hourly"; - description = lib.mdDoc '' + description = '' How often to remove remote media. The format is described in {manpage}`systemd.time(7)`. @@ -621,7 +621,7 @@ in { type = lib.types.int; default = 30; example = 14; - description = lib.mdDoc '' + description = '' How old remote media needs to be in order to be removed. ''; }; @@ -742,11 +742,16 @@ in { umask 077 export PGPASSWORD="$(cat '${cfg.database.passwordFile}')" '' + '' - if [ `psql -c \ - "select count(*) from pg_class c \ - join pg_namespace s on s.oid = c.relnamespace \ - where s.nspname not in ('pg_catalog', 'pg_toast', 'information_schema') \ - and s.nspname not like 'pg_temp%';" | sed -n 3p` -eq 0 ]; then + result="$(psql -t --csv -c \ + "select count(*) from pg_class c \ + join pg_namespace s on s.oid = c.relnamespace \ + where s.nspname not in ('pg_catalog', 'pg_toast', 'information_schema') \ + and s.nspname not like 'pg_temp%';")" || error_code=$? + if [ "''${error_code:-0}" -ne 0 ]; then + echo "Failure checking if database is seeded. psql gave exit code $error_code" + exit "$error_code" + fi + if [ "$result" -eq 0 ]; then echo "Seeding database" SAFETY_ASSURED=1 rails db:schema:load rails db:seed diff --git a/nixpkgs/nixos/modules/services/web-apps/matomo.nix b/nixpkgs/nixos/modules/services/web-apps/matomo.nix index fef5dc82de04..722745dbdb5d 100644 --- a/nixpkgs/nixos/modules/services/web-apps/matomo.nix +++ b/nixpkgs/nixos/modules/services/web-apps/matomo.nix @@ -30,7 +30,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable Matomo web analytics with php-fpm backend. Either the nginx option or the webServerUser option is mandatory. ''; @@ -42,7 +42,7 @@ in { type = types.nullOr types.str; default = null; example = "lighttpd"; - description = lib.mdDoc '' + description = '' Name of the web server user that forwards requests to {option}`services.phpfpm.pools.<name>.socket` the fastcgi socket for Matomo if the nginx option is not used. Either this option or the nginx option is mandatory. If you want to use another webserver than nginx, you need to set this to that server's user @@ -53,7 +53,7 @@ in { periodicArchiveProcessing = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Enable periodic archive processing, which generates aggregated reports from the visits. This means that you can safely disable browser triggers for Matomo archiving, @@ -71,7 +71,7 @@ in { "${user}.''${config.${options.networking.fqdnOrHostName}}" ''; example = "matomo.yourdomain.org"; - description = lib.mdDoc '' + description = '' URL of the host, without https prefix. You may want to change it if you run Matomo on a different URL than matomo.yourdomain. ''; @@ -99,7 +99,7 @@ in { enableACME = false; } ''; - description = lib.mdDoc '' + description = '' With this option, you can customize an nginx virtualHost which already has sensible defaults for Matomo. Either this option or the webServerUser option is mandatory. Set this to {} to just enable the virtualHost if you don't need any customization. diff --git a/nixpkgs/nixos/modules/services/web-apps/mattermost.nix b/nixpkgs/nixos/modules/services/web-apps/mattermost.nix index 3d03c96d1c19..fee0ec2d641d 100644 --- a/nixpkgs/nixos/modules/services/web-apps/mattermost.nix +++ b/nixpkgs/nixos/modules/services/web-apps/mattermost.nix @@ -100,20 +100,20 @@ in { options = { services.mattermost = { - enable = mkEnableOption (lib.mdDoc "Mattermost chat server"); + enable = mkEnableOption "Mattermost chat server"; package = mkPackageOption pkgs "mattermost" { }; statePath = mkOption { type = types.str; default = "/var/lib/mattermost"; - description = lib.mdDoc "Mattermost working directory"; + description = "Mattermost working directory"; }; siteUrl = mkOption { type = types.str; example = "https://chat.example.com"; - description = lib.mdDoc '' + description = '' URL this Mattermost instance is reachable under, without trailing slash. ''; }; @@ -121,14 +121,14 @@ in siteName = mkOption { type = types.str; default = "Mattermost"; - description = lib.mdDoc "Name of this Mattermost site."; + description = "Name of this Mattermost site."; }; listenAddress = mkOption { type = types.str; default = ":8065"; example = "[::1]:8065"; - description = lib.mdDoc '' + description = '' Address and port this Mattermost instance listens to. ''; }; @@ -136,7 +136,7 @@ in mutableConfig = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether the Mattermost config.json is writeable by Mattermost. Most of the settings can be edited in the system console of @@ -153,7 +153,7 @@ in preferNixConfig = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' If both mutableConfig and this option are set, the Nix configuration will take precedence over any settings configured in the server console. @@ -163,7 +163,7 @@ in extraConfig = mkOption { type = types.attrs; default = { }; - description = lib.mdDoc '' + description = '' Additional configuration options as Nix attribute set in config.json schema. ''; }; @@ -172,7 +172,7 @@ in type = types.listOf (types.oneOf [types.path types.package]); default = []; example = "[ ./com.github.moussetc.mattermost.plugin.giphy-2.0.0.tar.gz ]"; - description = lib.mdDoc '' + description = '' Plugins to add to the configuration. Overrides any installed if non-null. This is a list of paths to .tar.gz files or derivations evaluating to .tar.gz files. @@ -181,7 +181,7 @@ in environmentFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Environment file (see {manpage}`systemd.exec(5)` "EnvironmentFile=" section for the syntax) which sets config options for mattermost (see [the mattermost documentation](https://docs.mattermost.com/configure/configuration-settings.html#environment-variables)). @@ -198,7 +198,7 @@ in localDatabaseCreate = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Create a local PostgreSQL database for Mattermost automatically. ''; }; @@ -206,7 +206,7 @@ in localDatabaseName = mkOption { type = types.str; default = "mattermost"; - description = lib.mdDoc '' + description = '' Local Mattermost database name. ''; }; @@ -214,7 +214,7 @@ in localDatabaseUser = mkOption { type = types.str; default = "mattermost"; - description = lib.mdDoc '' + description = '' Local Mattermost database username. ''; }; @@ -222,7 +222,7 @@ in localDatabasePassword = mkOption { type = types.str; default = "mmpgsecret"; - description = lib.mdDoc '' + description = '' Password for local Mattermost database user. ''; }; @@ -230,7 +230,7 @@ in user = mkOption { type = types.str; default = "mattermost"; - description = lib.mdDoc '' + description = '' User which runs the Mattermost service. ''; }; @@ -238,19 +238,19 @@ in group = mkOption { type = types.str; default = "mattermost"; - description = lib.mdDoc '' + description = '' Group which runs the Mattermost service. ''; }; matterircd = { - enable = mkEnableOption (lib.mdDoc "Mattermost IRC bridge"); + enable = mkEnableOption "Mattermost IRC bridge"; package = mkPackageOption pkgs "matterircd" { }; parameters = mkOption { type = types.listOf types.str; default = [ ]; example = [ "-mmserver chat.example.com" "-bind [::]:6667" ]; - description = lib.mdDoc '' + description = '' Set commandline parameters to pass to matterircd. See https://github.com/42wim/matterircd#usage for more information. ''; diff --git a/nixpkgs/nixos/modules/services/web-apps/mealie.nix b/nixpkgs/nixos/modules/services/web-apps/mealie.nix index 8bb7542c6b56..8f68828e7a0b 100644 --- a/nixpkgs/nixos/modules/services/web-apps/mealie.nix +++ b/nixpkgs/nixos/modules/services/web-apps/mealie.nix @@ -24,7 +24,7 @@ in settings = lib.mkOption { type = with lib.types; attrsOf anything; default = {}; - description = lib.mdDoc '' + description = '' Configuration of the Mealie service. See [the mealie documentation](https://nightly.mealie.io/documentation/getting-started/installation/backend-config/) for available options and default values. diff --git a/nixpkgs/nixos/modules/services/web-apps/mediawiki.nix b/nixpkgs/nixos/modules/services/web-apps/mediawiki.nix index 5549b6ae1eaa..b11626ec2dc3 100644 --- a/nixpkgs/nixos/modules/services/web-apps/mediawiki.nix +++ b/nixpkgs/nixos/modules/services/web-apps/mediawiki.nix @@ -18,6 +18,9 @@ let cacheDir = "/var/cache/mediawiki"; stateDir = "/var/lib/mediawiki"; + # https://www.mediawiki.org/wiki/Compatibility + php = pkgs.php81; + pkg = pkgs.stdenv.mkDerivation rec { pname = "mediawiki-full"; inherit (src) version; @@ -46,7 +49,7 @@ let } '' mkdir -p $out/bin for i in changePassword.php createAndPromote.php userOptions.php edit.php nukePage.php update.php; do - makeWrapper ${pkgs.php}/bin/php $out/bin/mediawiki-$(basename $i .php) \ + makeWrapper ${php}/bin/php $out/bin/mediawiki-$(basename $i .php) \ --set MEDIAWIKI_CONFIG ${mediawikiConfig} \ --add-flags ${pkg}/share/mediawiki/maintenance/$i done @@ -192,7 +195,7 @@ in options = { services.mediawiki = { - enable = mkEnableOption (lib.mdDoc "MediaWiki"); + enable = mkEnableOption "MediaWiki"; package = mkPackageOption pkgs "mediawiki" { }; @@ -201,7 +204,7 @@ in readOnly = true; default = pkg; defaultText = literalExpression "pkg"; - description = lib.mdDoc '' + description = '' The final package used by the module. This is the package that will have extensions and skins installed. ''; }; @@ -210,7 +213,7 @@ in type = types.str; default = "MediaWiki"; example = "Foobar Wiki"; - description = lib.mdDoc "Name of the wiki."; + description = "Name of the wiki."; }; url = mkOption { @@ -229,13 +232,13 @@ in if "mediawiki uses ssl" then "{"https" else "http"}://''${cfg.hostName}" else "http://localhost"; ''; example = "https://wiki.example.org"; - description = lib.mdDoc "URL of the wiki."; + description = "URL of the wiki."; }; uploadsDir = mkOption { type = types.nullOr types.path; default = "${stateDir}/uploads"; - description = lib.mdDoc '' + description = '' This directory is used for uploads of pictures. The directory passed here is automatically created and permissions adjusted as required. ''; @@ -243,7 +246,9 @@ in passwordFile = mkOption { type = types.path; - description = lib.mdDoc "A file containing the initial password for the admin user."; + description = '' + A file containing the initial password for the administrator account "admin". + ''; example = "/run/keys/mediawiki-password"; }; @@ -262,13 +267,13 @@ in else config.services.httpd.adminAddr else "root@localhost" ''; - description = lib.mdDoc "Contact address for password reset."; + description = "Contact address for password reset."; }; skins = mkOption { default = {}; type = types.attrsOf types.path; - description = lib.mdDoc '' + description = '' Attribute set of paths whose content is copied to the {file}`skins` subdirectory of the MediaWiki installation in addition to the default skins. ''; @@ -277,7 +282,7 @@ in extensions = mkOption { default = {}; type = types.attrsOf (types.nullOr types.path); - description = lib.mdDoc '' + description = '' Attribute set of paths whose content is copied to the {file}`extensions` subdirectory of the MediaWiki installation and enabled in configuration. @@ -297,46 +302,46 @@ in webserver = mkOption { type = types.enum [ "apache" "none" "nginx" ]; default = "apache"; - description = lib.mdDoc "Webserver to use."; + description = "Webserver to use."; }; database = { type = mkOption { type = types.enum [ "mysql" "postgres" "mssql" "oracle" ]; default = "mysql"; - description = lib.mdDoc "Database engine to use. MySQL/MariaDB is the database of choice by MediaWiki developers."; + description = "Database engine to use. MySQL/MariaDB is the database of choice by MediaWiki developers."; }; host = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc "Database host address."; + description = "Database host address."; }; port = mkOption { type = types.port; default = if cfg.database.type == "mysql" then 3306 else 5432; defaultText = literalExpression "3306"; - description = lib.mdDoc "Database host port."; + description = "Database host port."; }; name = mkOption { type = types.str; default = "mediawiki"; - description = lib.mdDoc "Database name."; + description = "Database name."; }; user = mkOption { type = types.str; default = "mediawiki"; - description = lib.mdDoc "Database user."; + description = "Database user."; }; passwordFile = mkOption { type = types.nullOr types.path; default = null; example = "/run/keys/mediawiki-dbpassword"; - description = lib.mdDoc '' + description = '' A file containing the password corresponding to {option}`database.user`. ''; @@ -345,7 +350,7 @@ in tablePrefix = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' If you only have access to a single database and wish to install more than one version of MediaWiki, or have other applications that also use the database, you can give the table names a unique prefix to stop any naming @@ -363,14 +368,14 @@ in else null; defaultText = literalExpression "/run/mysqld/mysqld.sock"; - description = lib.mdDoc "Path to the unix socket file to use for authentication."; + description = "Path to the unix socket file to use for authentication."; }; createLocally = mkOption { type = types.bool; default = cfg.database.type == "mysql" || cfg.database.type == "postgres"; defaultText = literalExpression "true"; - description = lib.mdDoc '' + description = '' Create the database and database user locally. This currently only applies if database type "mysql" is selected. ''; @@ -381,7 +386,7 @@ in type = types.str; example = literalExpression ''wiki.example.com''; default = "localhost"; - description = lib.mdDoc '' + description = '' The hostname to use for the nginx virtual host. This is used to generate the nginx configuration. ''; @@ -397,7 +402,7 @@ in enableACME = true; } ''; - description = lib.mdDoc '' + description = '' Apache configuration can be done by adapting {option}`services.httpd.virtualHosts`. See [](#opt-services.httpd.virtualHosts) for further information. ''; @@ -413,7 +418,7 @@ in "pm.max_spare_servers" = 4; "pm.max_requests" = 500; }; - description = lib.mdDoc '' + description = '' Options for the MediaWiki PHP pool. See the documentation on `php-fpm.conf` for details on configuration directives. ''; @@ -421,7 +426,7 @@ in extraConfig = mkOption { type = types.lines; - description = lib.mdDoc '' + description = '' Any additional text to be appended to MediaWiki's LocalSettings.php configuration file. For configuration settings, see <https://www.mediawiki.org/wiki/Manual:Configuration_settings>. @@ -485,8 +490,7 @@ in services.phpfpm.pools.mediawiki = { inherit user group; phpEnv.MEDIAWIKI_CONFIG = "${mediawikiConfig}"; - # https://www.mediawiki.org/wiki/Compatibility - phpPackage = pkgs.php81; + phpPackage = php; settings = (if (cfg.webserver == "apache") then { "listen.owner" = config.services.httpd.user; "listen.group" = config.services.httpd.group; @@ -598,8 +602,8 @@ in fi echo "exit( wfGetDB( DB_MASTER )->tableExists( 'user' ) ? 1 : 0 );" | \ - ${pkgs.php}/bin/php ${pkg}/share/mediawiki/maintenance/eval.php --conf ${mediawikiConfig} && \ - ${pkgs.php}/bin/php ${pkg}/share/mediawiki/maintenance/install.php \ + ${php}/bin/php ${pkg}/share/mediawiki/maintenance/eval.php --conf ${mediawikiConfig} && \ + ${php}/bin/php ${pkg}/share/mediawiki/maintenance/install.php \ --confpath /tmp \ --scriptpath / \ --dbserver ${lib.escapeShellArg dbAddr} \ @@ -613,7 +617,7 @@ in ${lib.escapeShellArg cfg.name} \ admin - ${pkgs.php}/bin/php ${pkg}/share/mediawiki/maintenance/update.php --conf ${mediawikiConfig} --quick + ${php}/bin/php ${pkg}/share/mediawiki/maintenance/update.php --conf ${mediawikiConfig} --quick ''; serviceConfig = { diff --git a/nixpkgs/nixos/modules/services/web-apps/meme-bingo-web.nix b/nixpkgs/nixos/modules/services/web-apps/meme-bingo-web.nix index fe68bbecca57..ab123ba8ef9c 100644 --- a/nixpkgs/nixos/modules/services/web-apps/meme-bingo-web.nix +++ b/nixpkgs/nixos/modules/services/web-apps/meme-bingo-web.nix @@ -1,22 +1,22 @@ { config, lib, pkgs, ... }: let - inherit (lib) mkEnableOption mkPackageOption mkIf mkOption mdDoc types literalExpression; + inherit (lib) mkEnableOption mkPackageOption mkIf mkOption types literalExpression; cfg = config.services.meme-bingo-web; in { options = { services.meme-bingo-web = { - enable = mkEnableOption (mdDoc '' + enable = mkEnableOption '' a web app for the meme bingo, rendered entirely on the web server and made interactive with forms. Note: The application's author suppose to run meme-bingo-web behind a reverse proxy for SSL and HTTP/3 - ''); + ''; package = mkPackageOption pkgs "meme-bingo-web" { }; baseUrl = mkOption { - description = mdDoc '' + description = '' URL to be used for the HTML <base> element on all HTML routes. ''; type = types.str; @@ -24,7 +24,7 @@ in { example = "https://bingo.example.com/"; }; port = mkOption { - description = mdDoc '' + description = '' Port to be used for the web server. ''; type = types.port; diff --git a/nixpkgs/nixos/modules/services/web-apps/microbin.nix b/nixpkgs/nixos/modules/services/web-apps/microbin.nix index 233bfac6e699..0ebe644a2595 100644 --- a/nixpkgs/nixos/modules/services/web-apps/microbin.nix +++ b/nixpkgs/nixos/modules/services/web-apps/microbin.nix @@ -5,7 +5,7 @@ let in { options.services.microbin = { - enable = lib.mkEnableOption (lib.mdDoc "MicroBin is a super tiny, feature rich, configurable paste bin web application"); + enable = lib.mkEnableOption "MicroBin is a super tiny, feature rich, configurable paste bin web application"; package = lib.mkPackageOption pkgs "microbin" { }; @@ -16,7 +16,7 @@ in MICROBIN_PORT = 8080; MICROBIN_HIDE_LOGO = false; }; - description = lib.mdDoc '' + description = '' Additional configuration for MicroBin, see <https://microbin.eu/docs/installation-and-configuration/configuration/> for supported values. @@ -28,14 +28,14 @@ in dataDir = lib.mkOption { type = lib.types.str; default = "/var/lib/microbin"; - description = lib.mdDoc "Default data folder for MicroBin."; + description = "Default data folder for MicroBin."; }; passwordFile = lib.mkOption { type = lib.types.nullOr lib.types.path; default = null; example = "/run/secrets/microbin.env"; - description = lib.mdDoc '' + description = '' Path to file containing environment variables. Useful for passing down secrets. Variables that can be considered secrets are: diff --git a/nixpkgs/nixos/modules/services/web-apps/miniflux.nix b/nixpkgs/nixos/modules/services/web-apps/miniflux.nix index 16b6fb0d655d..d65d6db3cdaa 100644 --- a/nixpkgs/nixos/modules/services/web-apps/miniflux.nix +++ b/nixpkgs/nixos/modules/services/web-apps/miniflux.nix @@ -16,7 +16,7 @@ in { options = { services.miniflux = { - enable = mkEnableOption (lib.mdDoc "miniflux"); + enable = mkEnableOption "miniflux"; package = mkPackageOption pkgs "miniflux" { }; @@ -38,7 +38,7 @@ in LISTEN_ADDR = "localhost:8080"; } ''; - description = lib.mdDoc '' + description = '' Configuration for Miniflux, refer to <https://miniflux.app/docs/configuration.html> for documentation on the supported values. @@ -50,7 +50,7 @@ in adminCredentialsFile = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' File containing the ADMIN_USERNAME and ADMIN_PASSWORD (length >= 6) in the format of an EnvironmentFile=, as described by systemd.exec(5). diff --git a/nixpkgs/nixos/modules/services/web-apps/mobilizon.nix b/nixpkgs/nixos/modules/services/web-apps/mobilizon.nix index bdb08f613149..b7fad7f3066e 100644 --- a/nixpkgs/nixos/modules/services/web-apps/mobilizon.nix +++ b/nixpkgs/nixos/modules/services/web-apps/mobilizon.nix @@ -59,13 +59,12 @@ in { options = { services.mobilizon = { - enable = mkEnableOption - (lib.mdDoc "Mobilizon federated organization and mobilization platform"); + enable = mkEnableOption "Mobilizon federated organization and mobilization platform"; nginx.enable = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether an Nginx virtual host should be set up to serve Mobilizon. ''; @@ -90,7 +89,7 @@ in defaultText = lib.literalMD '' ''${settings.":mobilizon".":instance".hostname} ''; - description = lib.mdDoc '' + description = '' Your instance's hostname for generating URLs throughout the app ''; }; @@ -99,14 +98,14 @@ in port = mkOption { type = elixirTypes.port; default = 4000; - description = lib.mdDoc '' + description = '' The port to run the server ''; }; ip = mkOption { type = elixirTypes.tuple; default = settingsFormat.lib.mkTuple [ 0 0 0 0 0 0 0 1 ]; - description = lib.mdDoc '' + description = '' The IP address to listen on. Defaults to [::1] notated as a byte tuple. ''; }; @@ -115,7 +114,7 @@ in has_reverse_proxy = mkOption { type = elixirTypes.bool; default = true; - description = lib.mdDoc '' + description = '' Whether you use a reverse proxy ''; }; @@ -124,14 +123,14 @@ in ":instance" = { name = mkOption { type = elixirTypes.str; - description = lib.mdDoc '' + description = '' The fallback instance name if not configured into the admin UI ''; }; hostname = mkOption { type = elixirTypes.str; - description = lib.mdDoc '' + description = '' Your instance's hostname ''; }; @@ -141,7 +140,7 @@ in defaultText = literalExpression '' noreply@''${settings.":mobilizon".":instance".hostname} ''; - description = lib.mdDoc '' + description = '' The email for the From: header in emails ''; }; @@ -151,7 +150,7 @@ in defaultText = literalExpression '' ''${email_from} ''; - description = lib.mdDoc '' + description = '' The email for the Reply-To: header in emails ''; }; @@ -161,7 +160,7 @@ in socket_dir = mkOption { type = types.nullOr elixirTypes.str; default = postgresqlSocketDir; - description = lib.mdDoc '' + description = '' Path to the postgres socket directory. Set this to null if you want to connect to a remote database. @@ -178,7 +177,7 @@ in username = mkOption { type = types.nullOr elixirTypes.str; default = user; - description = lib.mdDoc '' + description = '' User used to connect to the database ''; }; @@ -186,7 +185,7 @@ in database = mkOption { type = types.nullOr elixirTypes.str; default = "mobilizon_prod"; - description = lib.mdDoc '' + description = '' Name of the database ''; }; @@ -196,7 +195,7 @@ in }; default = { }; - description = lib.mdDoc '' + description = '' Mobilizon Elixir documentation, see <https://docs.joinmobilizon.org/administration/configure/reference/> for supported values. diff --git a/nixpkgs/nixos/modules/services/web-apps/monica.nix b/nixpkgs/nixos/modules/services/web-apps/monica.nix index 2bff42f7ffa4..6774e2c9bb46 100644 --- a/nixpkgs/nixos/modules/services/web-apps/monica.nix +++ b/nixpkgs/nixos/modules/services/web-apps/monica.nix @@ -32,22 +32,22 @@ with lib; let tlsEnabled = cfg.nginx.addSSL || cfg.nginx.forceSSL || cfg.nginx.onlySSL || cfg.nginx.enableACME; in { options.services.monica = { - enable = mkEnableOption (lib.mdDoc "monica"); + enable = mkEnableOption "monica"; user = mkOption { default = "monica"; - description = lib.mdDoc "User monica runs as."; + description = "User monica runs as."; type = types.str; }; group = mkOption { default = "monica"; - description = lib.mdDoc "Group monica runs as."; + description = "Group monica runs as."; type = types.str; }; appKeyFile = mkOption { - description = lib.mdDoc '' + description = '' A file containing the Laravel APP_KEY - a 32 character long, base64 encoded key used for encryption where needed. Can be generated with <code>head -c 32 /dev/urandom | base64</code>. @@ -64,13 +64,13 @@ in { else config.networking.hostName; defaultText = lib.literalExpression "config.networking.fqdn"; example = "monica.example.com"; - description = lib.mdDoc '' + description = '' The hostname to serve monica on. ''; }; appURL = mkOption { - description = lib.mdDoc '' + description = '' The root URL that you want to host monica on. All URLs in monica will be generated using this value. If you change this in the future you may need to run a command to update stored URLs in the database. Command example: <code>php artisan monica:update-url https://old.example.com https://new.example.com</code> @@ -82,7 +82,7 @@ in { }; dataDir = mkOption { - description = lib.mdDoc "monica data directory"; + description = "monica data directory"; default = "/var/lib/monica"; type = types.path; }; @@ -91,29 +91,29 @@ in { host = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc "Database host address."; + description = "Database host address."; }; port = mkOption { type = types.port; default = 3306; - description = lib.mdDoc "Database host port."; + description = "Database host port."; }; name = mkOption { type = types.str; default = "monica"; - description = lib.mdDoc "Database name."; + description = "Database name."; }; user = mkOption { type = types.str; default = user; defaultText = lib.literalExpression "user"; - description = lib.mdDoc "Database username."; + description = "Database username."; }; passwordFile = mkOption { type = with types; nullOr path; default = null; example = "/run/keys/monica-dbpassword"; - description = lib.mdDoc '' + description = '' A file containing the password corresponding to <option>database.user</option>. ''; @@ -121,7 +121,7 @@ in { createLocally = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Create the database and database user locally."; + description = "Create the database and database user locally."; }; }; @@ -129,39 +129,39 @@ in { driver = mkOption { type = types.enum ["smtp" "sendmail"]; default = "smtp"; - description = lib.mdDoc "Mail driver to use."; + description = "Mail driver to use."; }; host = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc "Mail host address."; + description = "Mail host address."; }; port = mkOption { type = types.port; default = 1025; - description = lib.mdDoc "Mail host port."; + description = "Mail host port."; }; fromName = mkOption { type = types.str; default = "monica"; - description = lib.mdDoc "Mail \"from\" name."; + description = "Mail \"from\" name."; }; from = mkOption { type = types.str; default = "mail@monica.com"; - description = lib.mdDoc "Mail \"from\" email."; + description = "Mail \"from\" email."; }; user = mkOption { type = with types; nullOr str; default = null; example = "monica"; - description = lib.mdDoc "Mail username."; + description = "Mail username."; }; passwordFile = mkOption { type = with types; nullOr path; default = null; example = "/run/keys/monica-mailpassword"; - description = lib.mdDoc '' + description = '' A file containing the password corresponding to <option>mail.user</option>. ''; @@ -169,7 +169,7 @@ in { encryption = mkOption { type = with types; nullOr (enum ["tls"]); default = null; - description = lib.mdDoc "SMTP encryption mechanism to use."; + description = "SMTP encryption mechanism to use."; }; }; @@ -177,7 +177,7 @@ in { type = types.str; default = "18M"; example = "1G"; - description = lib.mdDoc "The maximum size for uploads (e.g. images)."; + description = "The maximum size for uploads (e.g. images)."; }; poolConfig = mkOption { @@ -190,7 +190,7 @@ in { "pm.max_spare_servers" = 4; "pm.max_requests" = 500; }; - description = lib.mdDoc '' + description = '' Options for the monica PHP pool. See the documentation on <literal>php-fpm.conf</literal> for details on configuration directives. ''; @@ -212,7 +212,7 @@ in { enableACME = true; } ''; - description = lib.mdDoc '' + description = '' With this option, you can customize the nginx virtualHost settings. ''; }; @@ -233,7 +233,7 @@ in { options = { _secret = mkOption { type = nullOr str; - description = lib.mdDoc '' + description = '' The path to a file containing the value the option should be set to in the final configuration file. @@ -255,7 +255,7 @@ in { OIDC_ISSUER_DISCOVER = true; } ''; - description = lib.mdDoc '' + description = '' monica configuration options to set in the <filename>.env</filename> file. diff --git a/nixpkgs/nixos/modules/services/web-apps/moodle.nix b/nixpkgs/nixos/modules/services/web-apps/moodle.nix index 496a0e32436f..7e2d59d3c3e7 100644 --- a/nixpkgs/nixos/modules/services/web-apps/moodle.nix +++ b/nixpkgs/nixos/modules/services/web-apps/moodle.nix @@ -64,14 +64,14 @@ in { # interface options.services.moodle = { - enable = mkEnableOption (lib.mdDoc "Moodle web application"); + enable = mkEnableOption "Moodle web application"; package = mkPackageOption pkgs "moodle" { }; initialPassword = mkOption { type = types.str; example = "correcthorsebatterystaple"; - description = lib.mdDoc '' + description = '' Specifies the initial password for the admin, i.e. the password assigned if the user does not already exist. The password specified here is world-readable in the Nix store, so it should be changed promptly. ''; @@ -81,18 +81,18 @@ in type = mkOption { type = types.enum [ "mysql" "pgsql" ]; default = "mysql"; - description = lib.mdDoc "Database engine to use."; + description = "Database engine to use."; }; host = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc "Database host address."; + description = "Database host address."; }; port = mkOption { type = types.port; - description = lib.mdDoc "Database host port."; + description = "Database host port."; default = { mysql = 3306; pgsql = 5432; @@ -103,20 +103,20 @@ in name = mkOption { type = types.str; default = "moodle"; - description = lib.mdDoc "Database name."; + description = "Database name."; }; user = mkOption { type = types.str; default = "moodle"; - description = lib.mdDoc "Database user."; + description = "Database user."; }; passwordFile = mkOption { type = types.nullOr types.path; default = null; example = "/run/keys/moodle-dbpassword"; - description = lib.mdDoc '' + description = '' A file containing the password corresponding to {option}`database.user`. ''; @@ -129,13 +129,13 @@ in else if pgsqlLocal then "/run/postgresql" else null; defaultText = literalExpression "/run/mysqld/mysqld.sock"; - description = lib.mdDoc "Path to the unix socket file to use for authentication."; + description = "Path to the unix socket file to use for authentication."; }; createLocally = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Create the database and database user locally."; + description = "Create the database and database user locally."; }; }; @@ -149,7 +149,7 @@ in enableACME = true; } ''; - description = lib.mdDoc '' + description = '' Apache configuration can be done by adapting {option}`services.httpd.virtualHosts`. See [](#opt-services.httpd.virtualHosts) for further information. ''; @@ -165,7 +165,7 @@ in "pm.max_spare_servers" = 4; "pm.max_requests" = 500; }; - description = lib.mdDoc '' + description = '' Options for the Moodle PHP pool. See the documentation on `php-fpm.conf` for details on configuration directives. ''; @@ -174,7 +174,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Any additional text to be appended to the config.php configuration file. This is a PHP script. For configuration details, see <https://docs.moodle.org/37/en/Configuration_file>. diff --git a/nixpkgs/nixos/modules/services/web-apps/movim.nix b/nixpkgs/nixos/modules/services/web-apps/movim.nix new file mode 100644 index 000000000000..29bed0e067fa --- /dev/null +++ b/nixpkgs/nixos/modules/services/web-apps/movim.nix @@ -0,0 +1,709 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) + filterAttrsRecursive + generators + literalExpression + mkDefault + mkIf + mkOption + mkEnableOption + mkPackageOption + mkMerge + pipe + types + ; + + cfg = config.services.movim; + + defaultPHPCfg = { + "output_buffering" = 0; + "error_reporting" = "E_ALL & ~E_DEPRECATED & ~E_STRICT"; + "opcache.enable_cli" = 1; + "opcache.interned_strings_buffer" = 8; + "opcache.max_accelerated_files" = 6144; + "opcache.memory_consumption" = 128; + "opcache.revalidate_freq" = 2; + "opcache.fast_shutdown" = 1; + }; + + phpCfg = generators.toKeyValue + { mkKeyValue = generators.mkKeyValueDefault { } " = "; } + (defaultPHPCfg // cfg.phpCfg); + + podConfigFlags = + let + bevalue = a: lib.escapeShellArg (generators.mkValueStringDefault { } a); + in + lib.concatStringsSep " " + (lib.attrsets.foldlAttrs + (acc: k: v: acc ++ lib.optional (v != null) "--${k}=${bevalue v}") + [ ] + cfg.podConfig); + + package = + let + p = cfg.package.override + ({ + inherit phpCfg; + withPgsql = cfg.database.type == "pgsql"; + withMysql = cfg.database.type == "mysql"; + inherit (cfg) minifyStaticFiles; + } // lib.optionalAttrs (lib.isAttrs cfg.minifyStaticFiles) (with cfg.minifyStaticFiles; { + esbuild = esbuild.package; + lightningcss = lightningcss.package; + scour = scour.package; + })); + in + p.overrideAttrs (finalAttrs: prevAttrs: + let + appDir = "$out/share/php/${finalAttrs.pname}"; + + stateDirectories = '' + # Symlinking in our state directories + rm -rf $out/.env $out/cache ${appDir}/public/cache + ln -s ${cfg.dataDir}/.env ${appDir}/.env + ln -s ${cfg.dataDir}/public/cache ${appDir}/public/cache + ln -s ${cfg.logDir} ${appDir}/log + ln -s ${cfg.runtimeDir}/cache ${appDir}/cache + ''; + + exposeComposer = '' + # Expose PHP Composer for scripts + mkdir -p $out/bin + echo "#!${lib.getExe pkgs.dash}" > $out/bin/movim-composer + echo "${finalAttrs.php.packages.composer}/bin/composer --working-dir="${appDir}" \"\$@\"" >> $out/bin/movim-composer + chmod +x $out/bin/movim-composer + ''; + + podConfigInputDisableReplace = lib.optionalString (podConfigFlags != "") + (lib.concatStringsSep "\n" + (lib.attrsets.foldlAttrs + (acc: k: v: + acc ++ lib.optional (v != null) + # Disable all Admin panel options that were set in the + # `cfg.podConfig` to prevent confusing situtions where the + # values are rewritten on server reboot + '' + substituteInPlace ${appDir}/app/widgets/AdminMain/adminmain.tpl \ + --replace-warn 'name="${k}"' 'name="${k}" disabled' + '') + [ ] + cfg.podConfig)); + + precompressStaticFilesJobs = + let + inherit (cfg.precompressStaticFiles) brotli gzip; + + findTextFileNames = lib.concatStringsSep " -o " + (builtins.map (n: ''-iname "*.${n}"'') + [ "css" "ini" "js" "json" "manifest" "mjs" "svg" "webmanifest" ]); + in + lib.concatStringsSep "\n" [ + (lib.optionalString brotli.enable '' + echo -n "Precompressing static files with Brotli …" + find ${appDir}/public -type f ${findTextFileNames} -print0 \ + | xargs -0 -n 1 -P $NIX_BUILD_CORES ${pkgs.writeShellScript "movim_precompress_broti" '' + file="$1" + ${lib.getExe brotli.package} --keep --quality=${builtins.toString brotli.compressionLevel} --output=$file.br $file + ''} + echo " done." + '') + (lib.optionalString gzip.enable '' + echo -n "Precompressing static files with Gzip …" + find ${appDir}/public -type f ${findTextFileNames} -print0 \ + | xargs -0 -n 1 -P $NIX_BUILD_CORES ${pkgs.writeShellScript "movim_precompress_broti" '' + file="$1" + ${lib.getExe gzip.package} -c -${builtins.toString gzip.compressionLevel} $file > $file.gz + ''} + echo " done." + '') + ]; + in + { + postInstall = lib.concatStringsSep "\n\n" [ + prevAttrs.postInstall + stateDirectories + exposeComposer + podConfigInputDisableReplace + precompressStaticFilesJobs + ]; + }); + + configFile = pipe cfg.settings [ + (filterAttrsRecursive (_: v: v != null)) + (generators.toKeyValue { }) + (pkgs.writeText "movim-env") + ]; + + pool = "movim"; + fpm = config.services.phpfpm.pools.${pool}; + phpExecutionUnit = "phpfpm-${pool}"; + + dbService = { + "postgresql" = "postgresql.service"; + "mysql" = "mysql.service"; + }.${cfg.database.type}; +in +{ + options.services = { + movim = { + enable = mkEnableOption "a Movim instance"; + package = mkPackageOption pkgs "movim" { }; + phpPackage = mkPackageOption pkgs "php" { }; + + phpCfg = mkOption { + type = with types; attrsOf (oneOf [ int str bool ]); + defaultText = literalExpression (generators.toPretty { } defaultPHPCfg); + default = { }; + description = "Extra PHP INI options such as `memory_limit`, `max_execution_time`, etc."; + }; + + user = mkOption { + type = types.nonEmptyStr; + default = "movim"; + description = "User running Movim service"; + }; + + group = mkOption { + type = types.nonEmptyStr; + default = "movim"; + description = "Group running Movim service"; + }; + + dataDir = mkOption { + type = types.nonEmptyStr; + default = "/var/lib/movim"; + description = "State directory of the `movim` user which holds the application’s state & data."; + }; + + logDir = mkOption { + type = types.nonEmptyStr; + default = "/var/log/movim"; + description = "Log directory of the `movim` user which holds the application’s logs."; + }; + + runtimeDir = mkOption { + type = types.nonEmptyStr; + default = "/run/movim"; + description = "Runtime directory of the `movim` user which holds the application’s caches & temporary files."; + }; + + domain = mkOption { + type = types.nonEmptyStr; + description = "Fully-qualified domain name (FQDN) for the Movim instance."; + }; + + port = mkOption { + type = types.port; + default = 8080; + description = "Movim daemon port."; + }; + + debug = mkOption { + type = types.bool; + default = false; + description = "Debugging logs."; + }; + + verbose = mkOption { + type = types.bool; + default = false; + description = "Verbose logs."; + }; + + minifyStaticFiles = mkOption { + type = with types; either bool (submodule { + options = { + script = mkOption { + type = types.submodule { + options = { + enable = mkEnableOption "Script minification"; + package = mkPackageOption pkgs "esbuild" { }; + target = mkOption { + type = with types; nullOr nonEmptyStr; + default = null; + }; + }; + }; + }; + style = mkOption { + type = types.submodule { + options = { + enable = mkEnableOption "Script minification"; + package = mkPackageOption pkgs "lightningcss" { }; + target = mkOption { + type = with types; nullOr nonEmptyStr; + default = null; + }; + }; + }; + }; + svg = mkOption { + type = types.submodule { + options = { + enable = mkEnableOption "SVG minification"; + package = mkPackageOption pkgs "scour" { }; + }; + }; + }; + }; + }); + default = true; + description = "Do minification on public static files"; + }; + + precompressStaticFiles = mkOption { + type = with types; submodule { + options = { + brotli = { + enable = mkEnableOption "Brotli precompression"; + package = mkPackageOption pkgs "brotli" { }; + compressionLevel = mkOption { + type = types.ints.between 0 11; + default = 11; + description = "Brotli compression level"; + }; + }; + gzip = { + enable = mkEnableOption "Gzip precompression"; + package = mkPackageOption pkgs "gzip" { }; + compressionLevel = mkOption { + type = types.ints.between 1 9; + default = 9; + description = "Gzip compression level"; + }; + }; + }; + }; + default = { + brotli.enable = true; + gzip.enable = false; + }; + description = "Aggressively precompress static files"; + }; + + podConfig = mkOption { + type = types.submodule { + options = { + info = mkOption { + type = with types; nullOr str; + default = null; + description = "Content of the info box on the login page"; + }; + + description = mkOption { + type = with types; nullOr str; + default = null; + description = "General description of the instance"; + }; + + timezone = mkOption { + type = with types; nullOr str; + default = null; + description = "The server timezone"; + }; + + restrictsuggestions = mkOption { + type = with types; nullOr bool; + default = null; + description = "Only suggest chatrooms, Communities and other contents that are available on the user XMPP server and related services"; + }; + + chatonly = mkOption { + type = with types; nullOr bool; + default = null; + description = "Disable all the social feature (Communities, Blog…) and keep only the chat ones"; + }; + + disableregistration = mkOption { + type = with types; nullOr bool; + default = null; + description = "Remove the XMPP registration flow and buttons from the interface"; + }; + + loglevel = mkOption { + type = with types; nullOr (ints.between 0 3); + default = null; + description = "The server loglevel"; + }; + + locale = mkOption { + type = with types; nullOr str; + default = null; + description = "The server main locale"; + }; + + xmppdomain = mkOption { + type = with types; nullOr str; + default = null; + description = "The default XMPP server domain"; + }; + + xmppdescription = mkOption { + type = with types; nullOr str; + default = null; + description = "The default XMPP server description"; + }; + + xmppwhitelist = mkOption { + type = with types; nullOr str; + default = null; + description = "The allowlisted XMPP servers"; + }; + }; + }; + default = { }; + description = '' + Pod configuration (values from `php daemon.php config --help`). + Note that these values will now be disabled in the admin panel. + ''; + }; + + settings = mkOption { + type = with types; attrsOf (nullOr (oneOf [ int str bool ])); + default = { }; + description = ".env settings for Movim. Secrets should use `secretFile` option instead. `null`s will be culled."; + }; + + secretFile = mkOption { + type = with types; nullOr path; + default = null; + description = "The secret file to be sourced for the .env settings."; + }; + + database = { + type = mkOption { + type = types.enum [ "mysql" "postgresql" ]; + example = "mysql"; + default = "postgresql"; + description = "Database engine to use."; + }; + + name = mkOption { + type = types.str; + default = "movim"; + description = "Database name."; + }; + + user = mkOption { + type = types.str; + default = "movim"; + description = "Database username."; + }; + + createLocally = mkOption { + type = types.bool; + default = true; + description = "local database using UNIX socket authentication"; + }; + }; + + nginx = mkOption { + type = with types; nullOr (submodule + (import ../web-servers/nginx/vhost-options.nix { + inherit config lib; + })); + default = null; + example = lib.literalExpression /* nginx */ '' + { + serverAliases = [ + "pics.''${config.networking.domain}" + ]; + enableACME = true; + forceHttps = true; + } + ''; + description = '' + With this option, you can customize an nginx virtual host which already has sensible defaults for Movim. + Set to `{ }` if you do not need any customization to the virtual host. + If enabled, then by default, the {option}`serverName` is `''${domain}`, + If this is set to null (the default), no nginx virtualHost will be configured. + ''; + }; + + poolConfig = mkOption { + type = with types; attrsOf (oneOf [ int str bool ]); + default = { }; + description = "Options for Movim’s PHP-FPM pool."; + }; + }; + }; + + config = mkIf cfg.enable { + environment.systemPackages = [ cfg.package ]; + + users = { + users = { + movim = mkIf (cfg.user == "movim") { + isSystemUser = true; + group = cfg.group; + }; + "${config.services.nginx.user}".extraGroups = [ cfg.group ]; + }; + groups = { + ${cfg.group} = { }; + }; + }; + + services = { + movim = { + settings = mkMerge [ + { + DAEMON_URL = "//${cfg.domain}"; + DAEMON_PORT = cfg.port; + DAEMON_INTERFACE = "127.0.0.1"; + DAEMON_DEBUG = cfg.debug; + DAEMON_VERBOSE = cfg.verbose; + } + (mkIf cfg.database.createLocally { + DB_DRIVER = { + "postgresql" = "pgsql"; + "mysql" = "mysql"; + }.${cfg.database.type}; + DB_HOST = "localhost"; + DB_PORT = config.services.${cfg.database.type}.settings.port; + DB_DATABASE = cfg.database.name; + DB_USERNAME = cfg.database.user; + DB_PASSWORD = ""; + }) + ]; + + poolConfig = lib.mapAttrs' (n: v: lib.nameValuePair n (lib.mkDefault v)) { + "pm" = "dynamic"; + "php_admin_value[error_log]" = "stderr"; + "php_admin_flag[log_errors]" = true; + "catch_workers_output" = true; + "pm.max_children" = 32; + "pm.start_servers" = 2; + "pm.min_spare_servers" = 2; + "pm.max_spare_servers" = 8; + "pm.max_requests" = 500; + }; + }; + + nginx = mkIf (cfg.nginx != null) { + enable = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + recommendedBrotliSettings = true; + recommendedProxySettings = true; + # TODO: recommended cache options already in Nginx⁇ + appendHttpConfig = /* nginx */ '' + fastcgi_cache_path /tmp/nginx_cache levels=1:2 keys_zone=nginx_cache:100m inactive=60m; + fastcgi_cache_key "$scheme$request_method$host$request_uri"; + ''; + virtualHosts."${cfg.domain}" = mkMerge [ + cfg.nginx + { + root = lib.mkForce "${package}/share/php/movim/public"; + locations = { + "/favicon.ico" = { + priority = 100; + extraConfig = /* nginx */ '' + access_log off; + log_not_found off; + ''; + }; + "/robots.txt" = { + priority = 100; + extraConfig = /* nginx */ '' + access_log off; + log_not_found off; + ''; + }; + "~ /\\.(?!well-known).*" = { + priority = 210; + extraConfig = /* nginx */ '' + deny all; + ''; + }; + # Ask nginx to cache every URL starting with "/picture" + "/picture" = { + priority = 400; + tryFiles = "$uri $uri/ /index.php$is_args$args"; + extraConfig = /* nginx */ '' + set $no_cache 0; # Enable cache only there + ''; + }; + "/" = { + priority = 490; + tryFiles = "$uri $uri/ /index.php$is_args$args"; + extraConfig = /* nginx */ '' + # https://github.com/movim/movim/issues/314 + add_header Content-Security-Policy "default-src 'self'; img-src 'self' aesgcm: https:; media-src 'self' aesgcm: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline';"; + set $no_cache 1; + ''; + }; + "~ \\.php$" = { + priority = 500; + tryFiles = "$uri =404"; + extraConfig = /* nginx */ '' + include ${config.services.nginx.package}/conf/fastcgi.conf; + add_header X-Cache $upstream_cache_status; + fastcgi_ignore_headers "Cache-Control" "Expires" "Set-Cookie"; + fastcgi_cache nginx_cache; + fastcgi_cache_valid any 7d; + fastcgi_cache_bypass $no_cache; + fastcgi_no_cache $no_cache; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + fastcgi_pass unix:${fpm.socket}; + ''; + }; + "/ws/" = { + priority = 900; + proxyPass = "http://${cfg.settings.DAEMON_INTERFACE}:${builtins.toString cfg.port}/"; + proxyWebsockets = true; + recommendedProxySettings = true; + extraConfig = /* nginx */ '' + proxy_set_header X-Forwarded-Proto $scheme; + proxy_redirect off; + ''; + }; + }; + extraConfig = /* ngnix */ '' + index index.php; + ''; + } + ]; + }; + + mysql = mkIf (cfg.database.createLocally && cfg.database.type == "mysql") { + enable = mkDefault true; + package = mkDefault pkgs.mariadb; + ensureDatabases = [ cfg.database.name ]; + ensureUsers = [{ + name = cfg.user; + ensureDBOwnership = true; + }]; + }; + + postgresql = mkIf (cfg.database.createLocally && cfg.database.type == "postgresql") { + enable = mkDefault true; + ensureDatabases = [ cfg.database.name ]; + ensureUsers = [{ + name = cfg.user; + ensureDBOwnership = true; + }]; + authentication = '' + host ${cfg.database.name} ${cfg.database.user} localhost trust + ''; + }; + + phpfpm.pools.${pool} = + let + socketOwner = + if (cfg.nginx != null) + then config.services.nginx.user + else cfg.user; + in + { + phpPackage = package.php; + user = cfg.user; + group = cfg.group; + + phpOptions = '' + error_log = 'stderr' + log_errors = on + ''; + + settings = { + "listen.owner" = socketOwner; + "listen.group" = cfg.group; + "listen.mode" = "0660"; + "catch_workers_output" = true; + } // cfg.poolConfig; + }; + }; + + systemd = { + services.movim-data-setup = { + description = "Movim setup: .env file, databases init, cache reload"; + wantedBy = [ "multi-user.target" ]; + requiredBy = [ "${phpExecutionUnit}.service" ]; + before = [ "${phpExecutionUnit}.service" ]; + after = lib.optional cfg.database.createLocally dbService; + requires = lib.optional cfg.database.createLocally dbService; + + serviceConfig = { + Type = "oneshot"; + User = cfg.user; + Group = cfg.group; + UMask = "077"; + } // lib.optionalAttrs (cfg.secretFile != null) { + LoadCredential = "env-secrets:${cfg.secretFile}"; + }; + + script = '' + # Env vars + rm -f ${cfg.dataDir}/.env + cp --no-preserve=all ${configFile} ${cfg.dataDir}/.env + echo -e '\n' >> ${cfg.dataDir}/.env + if [[ -f "$CREDENTIALS_DIRECTORY/env-secrets" ]]; then + cat "$CREDENTIALS_DIRECTORY/env-secrets" >> ${cfg.dataDir}/.env + echo -e '\n' >> ${cfg.dataDir}/.env + fi + + # Caches, logs + mkdir -p ${cfg.dataDir}/public/cache ${cfg.logDir} ${cfg.runtimeDir}/cache + chmod -R ug+rw ${cfg.dataDir}/public/cache + chmod -R ug+rw ${cfg.logDir} + chmod -R ug+rwx ${cfg.runtimeDir}/cache + + # Migrations + MOVIM_VERSION="${package.version}" + if [[ ! -f "${cfg.dataDir}/.migration-version" ]] || [[ "$MOVIM_VERSION" != "$(<${cfg.dataDir}/.migration-version)" ]]; then + ${package}/bin/movim-composer movim:migrate && echo $MOVIM_VERSION > ${cfg.dataDir}/.migration-version + fi + '' + + lib.optionalString (podConfigFlags != "") ( + let + flags = lib.concatStringsSep " " + ([ "--no-interaction" ] + ++ lib.optional cfg.debug "-vvv" + ++ lib.optional (!cfg.debug && cfg.verbose) "-v"); + in + '' + ${lib.getExe package} config ${podConfigFlags} + '' + ); + }; + + services.movim = { + description = "Movim daemon"; + wantedBy = [ "multi-user.target" ]; + after = [ "movim-data-setup.service" ]; + requires = [ "movim-data-setup.service" ] + ++ lib.optional cfg.database.createLocally dbService; + environment = { + PUBLIC_URL = "//${cfg.domain}"; + WS_PORT = builtins.toString cfg.port; + }; + + serviceConfig = { + User = cfg.user; + Group = cfg.group; + WorkingDirectory = "${package}/share/php/movim"; + ExecStart = "${lib.getExe package} start"; + }; + }; + + services.${phpExecutionUnit} = { + after = [ "movim-data-setup.service" ]; + requires = [ "movim-data-setup.service" ] + ++ lib.optional cfg.database.createLocally dbService; + }; + + tmpfiles.settings."10-movim" = with cfg; { + "${dataDir}".d = { inherit user group; mode = "0710"; }; + "${dataDir}/public".d = { inherit user group; mode = "0750"; }; + "${dataDir}/public/cache".d = { inherit user group; mode = "0750"; }; + "${runtimeDir}".d = { inherit user group; mode = "0700"; }; + "${runtimeDir}/cache".d = { inherit user group; mode = "0700"; }; + "${logDir}".d = { inherit user group; mode = "0700"; }; + }; + }; + }; +} diff --git a/nixpkgs/nixos/modules/services/web-apps/netbox.nix b/nixpkgs/nixos/modules/services/web-apps/netbox.nix index d034f3234a2b..7bcbde2a018e 100644 --- a/nixpkgs/nixos/modules/services/web-apps/netbox.nix +++ b/nixpkgs/nixos/modules/services/web-apps/netbox.nix @@ -32,7 +32,7 @@ in { enable = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable Netbox. This module requires a reverse proxy that serves `/static` separately. @@ -41,7 +41,7 @@ in { }; settings = lib.mkOption { - description = lib.mdDoc '' + description = '' Configuration options to set in `configuration.py`. See the [documentation](https://docs.netbox.dev/en/stable/configuration/) for more possible options. ''; @@ -55,7 +55,7 @@ in { ALLOWED_HOSTS = lib.mkOption { type = with lib.types; listOf str; default = ["*"]; - description = lib.mdDoc '' + description = '' A list of valid fully-qualified domain names (FQDNs) and/or IP addresses that can be used to reach the NetBox service. ''; @@ -67,7 +67,7 @@ in { listenAddress = lib.mkOption { type = lib.types.str; default = "[::1]"; - description = lib.mdDoc '' + description = '' Address the server will listen on. ''; }; @@ -91,7 +91,7 @@ in { then pkgs.netbox_3_5 else pkgs.netbox_3_3; ''; - description = lib.mdDoc '' + description = '' NetBox package to use. ''; }; @@ -99,7 +99,7 @@ in { port = lib.mkOption { type = lib.types.port; default = 8001; - description = lib.mdDoc '' + description = '' Port the server will listen on. ''; }; @@ -110,7 +110,7 @@ in { defaultText = lib.literalExpression '' python3Packages: with python3Packages; []; ''; - description = lib.mdDoc '' + description = '' List of plugin packages to install. ''; }; @@ -118,14 +118,14 @@ in { dataDir = lib.mkOption { type = lib.types.str; default = "/var/lib/netbox"; - description = lib.mdDoc '' + description = '' Storage path of netbox. ''; }; secretKeyFile = lib.mkOption { type = lib.types.path; - description = lib.mdDoc '' + description = '' Path to a file containing the secret key. ''; }; @@ -133,7 +133,7 @@ in { extraConfig = lib.mkOption { type = lib.types.lines; default = ""; - description = lib.mdDoc '' + description = '' Additional lines of configuration appended to the `configuration.py`. See the [documentation](https://docs.netbox.dev/en/stable/configuration/) for more possible options. ''; @@ -142,7 +142,7 @@ in { enableLdap = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable LDAP-Authentication for Netbox. This requires a configuration file being pass through `ldapConfigPath`. @@ -152,7 +152,7 @@ in { ldapConfigPath = lib.mkOption { type = lib.types.path; default = ""; - description = lib.mdDoc '' + description = '' Path to the Configuration-File for LDAP-Authentication, will be loaded as `ldap_config.py`. See the [documentation](https://netbox.readthedocs.io/en/stable/installation/6-ldap/#configuration) for possible options. ''; @@ -185,7 +185,7 @@ in { keycloakClientSecret = lib.mkOption { type = with lib.types; nullOr path; default = null; - description = lib.mdDoc '' + description = '' File that contains the keycloak client secret. ''; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/nextcloud-notify_push.nix b/nixpkgs/nixos/modules/services/web-apps/nextcloud-notify_push.nix index 7b90e0bbaa9b..d6d17158a559 100644 --- a/nixpkgs/nixos/modules/services/web-apps/nextcloud-notify_push.nix +++ b/nixpkgs/nixos/modules/services/web-apps/nextcloud-notify_push.nix @@ -6,31 +6,31 @@ let in { options.services.nextcloud.notify_push = { - enable = lib.mkEnableOption (lib.mdDoc "Notify push"); + enable = lib.mkEnableOption "Notify push"; package = lib.mkOption { type = lib.types.package; default = pkgs.nextcloud-notify_push; defaultText = lib.literalMD "pkgs.nextcloud-notify_push"; - description = lib.mdDoc "Which package to use for notify_push"; + description = "Which package to use for notify_push"; }; socketPath = lib.mkOption { type = lib.types.str; default = "/run/nextcloud-notify_push/sock"; - description = lib.mdDoc "Socket path to use for notify_push"; + description = "Socket path to use for notify_push"; }; logLevel = lib.mkOption { type = lib.types.enum [ "error" "warn" "info" "debug" "trace" ]; default = "error"; - description = lib.mdDoc "Log level"; + description = "Log level"; }; bendDomainToLocalhost = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to add an entry to `/etc/hosts` for the configured nextcloud domain to point to `localhost` and add `localhost `to nextcloud's `trusted_proxies` config option. This is useful when nextcloud's domain is not a static IP address and when the reverse proxy cannot be bypassed because the backend connection is done via unix socket. diff --git a/nixpkgs/nixos/modules/services/web-apps/nextcloud.md b/nixpkgs/nixos/modules/services/web-apps/nextcloud.md index 06a8712b0b8a..ec860d307b38 100644 --- a/nixpkgs/nixos/modules/services/web-apps/nextcloud.md +++ b/nixpkgs/nixos/modules/services/web-apps/nextcloud.md @@ -5,7 +5,7 @@ self-hostable cloud platform. The server setup can be automated using [services.nextcloud](#opt-services.nextcloud.enable). A desktop client is packaged at `pkgs.nextcloud-client`. -The current default by NixOS is `nextcloud28` which is also the latest +The current default by NixOS is `nextcloud29` which is also the latest major version available. ## Basic usage {#module-services-nextcloud-basic-usage} @@ -184,6 +184,32 @@ Alternatively, extra apps can also be declared with the [](#opt-services.nextclo When using this setting, apps can no longer be managed statefully because this can lead to Nextcloud updating apps that are managed by Nix. If you want automatic updates it is recommended that you use web interface to install apps. +## Known warnings {#module-services-nextcloud-known-warnings} + +### Failed to get an iterator for log entries: Logreader application only supports "file" log_type {#module-services-nextcloud-warning-logreader} + +This is because + +* our module writes logs into the journal (`journalctl -t Nextcloud`) +* the Logreader application that allows reading logs in the admin panel is enabled + by default and requires logs written to a file. + +The logreader application doesn't work, as it was the case before. The only change is that +it complains loudly now. So nothing actionable here by default. Alternatively you can + +* disable the logreader application to shut up the "error". + + We can't really do that by default since whether apps are enabled/disabled is part + of the application's state and tracked inside the database. + +* set [](#opt-services.nextcloud.settings.log_type) to "file" to be able to view logs + from the admin panel. + +### Your web server is not properly set up to resolve `.well-known` URLs, failed on: `/.well-known/caldav` {#module-services-nextcloud-warning-wellknown-caldav} + +This warning appearing seems to be an upstream issue and is being sorted out +in [nextcloud/server#45033](https://github.com/nextcloud/server/issues/45033). + ## Maintainer information {#module-services-nextcloud-maintainer-info} As stated in the previous paragraph, we must provide a clean upgrade-path for Nextcloud diff --git a/nixpkgs/nixos/modules/services/web-apps/nextcloud.nix b/nixpkgs/nixos/modules/services/web-apps/nextcloud.nix index 7f998207c434..21f76938f20c 100644 --- a/nixpkgs/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixpkgs/nixos/modules/services/web-apps/nextcloud.nix @@ -223,22 +223,22 @@ in { ]; options.services.nextcloud = { - enable = mkEnableOption (lib.mdDoc "nextcloud"); + enable = mkEnableOption "nextcloud"; hostName = mkOption { type = types.str; - description = lib.mdDoc "FQDN for the nextcloud instance."; + description = "FQDN for the nextcloud instance."; }; home = mkOption { type = types.str; default = "/var/lib/nextcloud"; - description = lib.mdDoc "Storage path of nextcloud."; + description = "Storage path of nextcloud."; }; datadir = mkOption { type = types.str; default = config.services.nextcloud.home; defaultText = literalExpression "config.services.nextcloud.home"; - description = lib.mdDoc '' + description = '' Nextcloud's data storage path. Will be [](#opt-services.nextcloud.home) by default. This folder will be populated with a config.php file and a data folder which contains the state of the instance (excluding the database)."; ''; @@ -247,7 +247,7 @@ in { extraApps = mkOption { type = types.attrsOf types.package; default = { }; - description = lib.mdDoc '' + description = '' Extra apps to install. Should be an attrSet of appid to packages generated by fetchNextcloudApp. The appid must be identical to the "id" value in the apps appinfo/info.xml. Using this will disable the appstore to prevent Nextcloud from updating these apps (see [](#opt-services.nextcloud.appstoreEnable)). @@ -267,7 +267,7 @@ in { extraAppsEnable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Automatically enable the apps in [](#opt-services.nextcloud.extraApps) every time Nextcloud starts. If set to false, apps need to be enabled in the Nextcloud web user interface or with `nextcloud-occ app:enable`. ''; @@ -276,7 +276,7 @@ in { type = types.nullOr types.bool; default = null; example = true; - description = lib.mdDoc '' + description = '' Allow the installation and updating of apps from the Nextcloud appstore. Enabled by default unless there are packages in [](#opt-services.nextcloud.extraApps). Set this to true to force enable the store even if [](#opt-services.nextcloud.extraApps) is used. @@ -286,11 +286,11 @@ in { https = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Use HTTPS for generated links."; + description = "Use HTTPS for generated links."; }; package = mkOption { type = types.package; - description = lib.mdDoc "Which package to use for the Nextcloud instance."; + description = "Which package to use for the Nextcloud instance."; relatedPackages = [ "nextcloud26" "nextcloud27" "nextcloud28" ]; }; phpPackage = mkPackageOption pkgs "php" { @@ -300,7 +300,7 @@ in { maxUploadSize = mkOption { default = "512M"; type = types.str; - description = lib.mdDoc '' + description = '' The upload limit for files. This changes the relevant options in php.ini and nginx if enabled. ''; @@ -309,7 +309,7 @@ in { webfinger = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable this option if you plan on using the webfinger plugin. The appropriate nginx rewrite rules will be added to your configuration. ''; @@ -319,7 +319,7 @@ in { type = with types; functionTo (listOf package); default = all: []; defaultText = literalExpression "all: []"; - description = lib.mdDoc '' + description = '' Additional PHP extensions to use for Nextcloud. By default, only extensions necessary for a vanilla Nextcloud installation are enabled, but you may choose from the list of available extensions and add further ones. @@ -333,7 +333,7 @@ in { phpOptions = mkOption { type = with types; attrsOf (oneOf [ str int ]); defaultText = literalExpression (generators.toPretty { } defaultPHPSettings); - description = lib.mdDoc '' + description = '' Options for PHP's php.ini file for nextcloud. Please note that this option is _additive_ on purpose while the @@ -372,7 +372,7 @@ in { "pm.max_spare_servers" = "4"; "pm.max_requests" = "500"; }; - description = lib.mdDoc '' + description = '' Options for nextcloud's PHP pool. See the documentation on `php-fpm.conf` for details on configuration directives. ''; }; @@ -380,7 +380,7 @@ in { poolConfig = mkOption { type = types.nullOr types.lines; default = null; - description = lib.mdDoc '' + description = '' Options for Nextcloud's PHP pool. See the documentation on `php-fpm.conf` for details on configuration directives. ''; }; @@ -388,7 +388,7 @@ in { fastcgiTimeout = mkOption { type = types.int; default = 120; - description = lib.mdDoc '' + description = '' FastCGI timeout for database connection in seconds. ''; }; @@ -398,7 +398,7 @@ in { createLocally = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to create the database and database user locally. ''; }; @@ -409,22 +409,22 @@ in { dbtype = mkOption { type = types.enum [ "sqlite" "pgsql" "mysql" ]; default = "sqlite"; - description = lib.mdDoc "Database type."; + description = "Database type."; }; dbname = mkOption { type = types.nullOr types.str; default = "nextcloud"; - description = lib.mdDoc "Database name."; + description = "Database name."; }; dbuser = mkOption { type = types.nullOr types.str; default = "nextcloud"; - description = lib.mdDoc "Database user."; + description = "Database user."; }; dbpassFile = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The full path to a file that contains the database password. ''; }; @@ -436,7 +436,7 @@ in { else "localhost"; defaultText = "localhost"; example = "localhost:5000"; - description = lib.mdDoc '' + description = '' Database host (+port) or socket path. If [](#opt-services.nextcloud.database.createLocally) is true and [](#opt-services.nextcloud.config.dbtype) is either `pgsql` or `mysql`, @@ -446,12 +446,12 @@ in { dbtableprefix = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "Table prefix in Nextcloud's database."; + description = "Table prefix in Nextcloud's database."; }; adminuser = mkOption { type = types.str; default = "root"; - description = lib.mdDoc '' + description = '' Username for the admin account. The username is only set during the initial setup of Nextcloud! Since the username also acts as unique ID internally, it cannot be changed later! @@ -459,7 +459,7 @@ in { }; adminpassFile = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The full path to a file that contains the admin's password. Must be readable by user `nextcloud`. The password is set only in the initial setup of Nextcloud by the systemd service `nextcloud-setup.service`. @@ -467,7 +467,7 @@ in { }; objectstore = { s3 = { - enable = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption '' S3 object storage as primary storage. This mounts a bucket on an Amazon S3 object storage or compatible @@ -475,31 +475,31 @@ in { Further details about this feature can be found in the [upstream documentation](https://docs.nextcloud.com/server/22/admin_manual/configuration_files/primary_storage.html). - ''); + ''; bucket = mkOption { type = types.str; example = "nextcloud"; - description = lib.mdDoc '' + description = '' The name of the S3 bucket. ''; }; autocreate = mkOption { type = types.bool; - description = lib.mdDoc '' + description = '' Create the objectstore if it does not exist. ''; }; key = mkOption { type = types.str; example = "EJ39ITYZEUH5BGWDRUFY"; - description = lib.mdDoc '' + description = '' The access key for the S3 bucket. ''; }; secretFile = mkOption { type = types.str; example = "/var/nextcloud-objectstore-s3-secret"; - description = lib.mdDoc '' + description = '' The full path to a file that contains the access secret. Must be readable by user `nextcloud`. ''; @@ -508,21 +508,21 @@ in { type = types.nullOr types.str; default = null; example = "example.com"; - description = lib.mdDoc '' + description = '' Required for some non-Amazon implementations. ''; }; port = mkOption { type = types.nullOr types.port; default = null; - description = lib.mdDoc '' + description = '' Required for some non-Amazon implementations. ''; }; useSsl = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Use SSL for objectstore access. ''; }; @@ -530,14 +530,14 @@ in { type = types.nullOr types.str; default = null; example = "REGION"; - description = lib.mdDoc '' + description = '' Required for some non-Amazon implementations. ''; }; usePathStyle = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Required for some non-Amazon S3 implementations. Ordinarily, requests will be made with @@ -550,7 +550,7 @@ in { type = types.nullOr types.path; default = null; example = "/var/nextcloud-objectstore-s3-sse-c-key"; - description = lib.mdDoc '' + description = '' If provided this is the full path to a file that contains the key to enable [server-side encryption with customer-provided keys][1] (SSE-C). @@ -571,13 +571,13 @@ in { }; }; - enableImagemagick = mkEnableOption (lib.mdDoc '' + enableImagemagick = mkEnableOption '' the ImageMagick module for PHP. This is used by the theming app and for generating previews of certain images (e.g. SVG and HEIF). You may want to disable it for increased security. In that case, previews will still be available for some images (e.g. JPEG and PNG). See <https://github.com/nextcloud/server/issues/13099>. - '') // { + '' // { default = true; }; @@ -585,7 +585,7 @@ in { type = lib.types.bool; default = config.services.nextcloud.notify_push.enable; defaultText = literalExpression "config.services.nextcloud.notify_push.enable"; - description = lib.mdDoc '' + description = '' Whether to configure Nextcloud to use the recommended Redis settings for small instances. ::: {.note} @@ -598,14 +598,14 @@ in { apcu = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to load the APCu module into PHP. ''; }; redis = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to load the Redis module into PHP. You still need to enable Redis in your config.php. See https://docs.nextcloud.com/server/14/admin_manual/configuration_server/caching_configuration.html @@ -614,7 +614,7 @@ in { memcached = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to load the Memcached module into PHP. You still need to enable Memcached in your config.php. See https://docs.nextcloud.com/server/14/admin_manual/configuration_server/caching_configuration.html @@ -625,7 +625,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Run a regular auto-update of all apps installed from the Nextcloud app store. ''; }; @@ -633,7 +633,7 @@ in { type = with types; either str (listOf str); default = "05:00:00"; example = "Sun 14:00:00"; - description = lib.mdDoc '' + description = '' When to run the update. See `systemd.services.<name>.startAt`. ''; }; @@ -643,7 +643,7 @@ in { default = occ; defaultText = literalMD "generated script"; internal = true; - description = lib.mdDoc '' + description = '' The nextcloud-occ program preconfigured to target this Nextcloud instance. ''; }; @@ -656,7 +656,7 @@ in { loglevel = mkOption { type = types.ints.between 0 4; default = 2; - description = lib.mdDoc '' + description = '' Log level value between 0 (DEBUG) and 4 (FATAL). - 0 (debug): Log all activity. @@ -673,7 +673,7 @@ in { log_type = mkOption { type = types.enum [ "errorlog" "file" "syslog" "systemd" ]; default = "syslog"; - description = lib.mdDoc '' + description = '' Logging backend to use. systemd requires the php-systemd package to be added to services.nextcloud.phpExtraExtensions. See the [nextcloud documentation](https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/logging_configuration.html) for details. @@ -682,7 +682,7 @@ in { skeletondirectory = mkOption { default = ""; type = types.str; - description = lib.mdDoc '' + description = '' The directory where the skeleton files are located. These files will be copied to the data directory of new users. Leave empty to not copy any skeleton files. @@ -691,7 +691,7 @@ in { trusted_domains = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' Trusted domains, from which the nextcloud installation will be accessible. You don't need to add `services.nextcloud.hostname` here. @@ -700,7 +700,7 @@ in { trusted_proxies = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' Trusted proxies, to provide if the nextcloud installation is being proxied to secure against e.g. spoofing. ''; @@ -709,7 +709,7 @@ in { type = types.enum [ "" "http" "https" ]; default = ""; example = "https"; - description = lib.mdDoc '' + description = '' Force Nextcloud to always use HTTP or HTTPS i.e. for link generation. Nextcloud uses the currently used protocol by default, but when behind a reverse-proxy, it may use `http` for everything although @@ -720,7 +720,7 @@ in { default = ""; type = types.str; example = "DE"; - description = lib.mdDoc '' + description = '' An [ISO 3166-1](https://www.iso.org/iso-3166-country-codes.html) country code which replaces automatic phone-number detection without a country code. @@ -729,8 +729,8 @@ in { the `+49` prefix can be omitted for phone numbers. ''; }; - "profile.enabled" = mkEnableOption (lib.mdDoc "global profiles") // { - description = lib.mdDoc '' + "profile.enabled" = mkEnableOption "global profiles" // { + description = '' Makes user-profiles globally available under `nextcloud.tld/u/user.name`. Even though it's enabled by default in Nextcloud, it must be explicitly enabled here because it has the side-effect that personal information is even accessible to @@ -751,7 +751,7 @@ in { }; }; default = {}; - description = lib.mdDoc '' + description = '' Extra options which should be appended to Nextcloud's config.php file. ''; example = literalExpression '' { @@ -768,7 +768,7 @@ in { secretFile = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Secret options which will be appended to Nextcloud's config.php file (written as JSON, in the same form as the [](#opt-services.nextcloud.settings) option), for example `{"redis":{"password":"secret"}}`. @@ -779,12 +779,12 @@ in { recommendedHttpHeaders = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Enable additional recommended HTTP response headers"; + description = "Enable additional recommended HTTP response headers"; }; hstsMaxAge = mkOption { type = types.ints.positive; default = 15552000; - description = lib.mdDoc '' + description = '' Value for the `max-age` directive of the HTTP `Strict-Transport-Security` header. @@ -819,7 +819,8 @@ in { ++ (optional (versionOlder cfg.package.version "25") (upgradeWarning 24 "22.11")) ++ (optional (versionOlder cfg.package.version "26") (upgradeWarning 25 "23.05")) ++ (optional (versionOlder cfg.package.version "27") (upgradeWarning 26 "23.11")) - ++ (optional (versionOlder cfg.package.version "28") (upgradeWarning 27 "24.05")); + ++ (optional (versionOlder cfg.package.version "28") (upgradeWarning 27 "24.05")) + ++ (optional (versionOlder cfg.package.version "29") (upgradeWarning 28 "24.11")); services.nextcloud.package = with pkgs; mkDefault ( @@ -832,10 +833,12 @@ in { else if versionOlder stateVersion "23.05" then nextcloud25 else if versionOlder stateVersion "23.11" then nextcloud26 else if versionOlder stateVersion "24.05" then nextcloud27 - else nextcloud28 + else nextcloud29 ); - services.nextcloud.phpPackage = pkgs.php82; + services.nextcloud.phpPackage = + if versionOlder cfg.package.version "29" then pkgs.php82 + else pkgs.php83; services.nextcloud.phpOptions = mkMerge [ (mapAttrs (const mkOptionDefault) defaultPHPSettings) diff --git a/nixpkgs/nixos/modules/services/web-apps/nexus.nix b/nixpkgs/nixos/modules/services/web-apps/nexus.nix index c67562d38992..fdf42ace6b0e 100644 --- a/nixpkgs/nixos/modules/services/web-apps/nexus.nix +++ b/nixpkgs/nixos/modules/services/web-apps/nexus.nix @@ -10,7 +10,7 @@ in { options = { services.nexus = { - enable = mkEnableOption (lib.mdDoc "Sonatype Nexus3 OSS service"); + enable = mkEnableOption "Sonatype Nexus3 OSS service"; package = lib.mkPackageOption pkgs "nexus" { }; @@ -19,31 +19,31 @@ in user = mkOption { type = types.str; default = "nexus"; - description = lib.mdDoc "User which runs Nexus3."; + description = "User which runs Nexus3."; }; group = mkOption { type = types.str; default = "nexus"; - description = lib.mdDoc "Group which runs Nexus3."; + description = "Group which runs Nexus3."; }; home = mkOption { type = types.str; default = "/var/lib/sonatype-work"; - description = lib.mdDoc "Home directory of the Nexus3 instance."; + description = "Home directory of the Nexus3 instance."; }; listenAddress = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc "Address to listen on."; + description = "Address to listen on."; }; listenPort = mkOption { type = types.int; default = 8081; - description = lib.mdDoc "Port to listen on."; + description = "Port to listen on."; }; jvmOpts = mkOption { @@ -89,7 +89,7 @@ in ''' ''; - description = lib.mdDoc '' + description = '' Options for the JVM written to `nexus.jvmopts`. Please refer to the docs (https://help.sonatype.com/repomanager3/installation/configuring-the-runtime-environment) for further information. diff --git a/nixpkgs/nixos/modules/services/web-apps/nifi.nix b/nixpkgs/nixos/modules/services/web-apps/nifi.nix index c0fc443f0df7..48de6b1495ab 100644 --- a/nixpkgs/nixos/modules/services/web-apps/nifi.nix +++ b/nixpkgs/nixos/modules/services/web-apps/nifi.nix @@ -25,31 +25,31 @@ let in { options = { services.nifi = { - enable = lib.mkEnableOption (lib.mdDoc "Apache NiFi"); + enable = lib.mkEnableOption "Apache NiFi"; package = lib.mkOption { type = lib.types.package; default = pkgs.nifi; defaultText = lib.literalExpression "pkgs.nifi"; - description = lib.mdDoc "Apache NiFi package to use."; + description = "Apache NiFi package to use."; }; user = lib.mkOption { type = lib.types.str; default = "nifi"; - description = lib.mdDoc "User account where Apache NiFi runs."; + description = "User account where Apache NiFi runs."; }; group = lib.mkOption { type = lib.types.str; default = "nifi"; - description = lib.mdDoc "Group account where Apache NiFi runs."; + description = "Group account where Apache NiFi runs."; }; enableHTTPS = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc "Enable HTTPS protocol. Don`t use in production."; + description = "Enable HTTPS protocol. Don`t use in production."; }; listenHost = lib.mkOption { @@ -60,7 +60,7 @@ in { then "0.0.0.0" else "127.0.0.1" ''; - description = lib.mdDoc "Bind to an ip for Apache NiFi web-ui."; + description = "Bind to an ip for Apache NiFi web-ui."; }; listenPort = lib.mkOption { @@ -71,7 +71,7 @@ in { then "8443" else "8000" ''; - description = lib.mdDoc "Bind to a port for Apache NiFi web-ui."; + description = "Bind to a port for Apache NiFi web-ui."; }; proxyHost = lib.mkOption { @@ -82,7 +82,7 @@ in { then "0.0.0.0" else null ''; - description = lib.mdDoc "Allow requests from a specific host."; + description = "Allow requests from a specific host."; }; proxyPort = lib.mkOption { @@ -93,34 +93,34 @@ in { then "8443" else null ''; - description = lib.mdDoc "Allow requests from a specific port."; + description = "Allow requests from a specific port."; }; initUser = lib.mkOption { type = lib.types.nullOr lib.types.str; default = null; - description = lib.mdDoc "Initial user account for Apache NiFi. Username must be at least 4 characters."; + description = "Initial user account for Apache NiFi. Username must be at least 4 characters."; }; initPasswordFile = lib.mkOption { type = lib.types.nullOr lib.types.path; default = null; example = "/run/keys/nifi/password-nifi"; - description = lib.mdDoc "nitial password for Apache NiFi. Password must be at least 12 characters."; + description = "nitial password for Apache NiFi. Password must be at least 12 characters."; }; initJavaHeapSize = lib.mkOption { type = lib.types.nullOr lib.types.int; default = null; example = 1024; - description = lib.mdDoc "Set the initial heap size for the JVM in MB."; + description = "Set the initial heap size for the JVM in MB."; }; maxJavaHeapSize = lib.mkOption { type = lib.types.nullOr lib.types.int; default = null; example = 2048; - description = lib.mdDoc "Set the initial heap size for the JVM in MB."; + description = "Set the initial heap size for the JVM in MB."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/node-red.nix b/nixpkgs/nixos/modules/services/web-apps/node-red.nix index 82f89783d778..7c8a2a6687b9 100644 --- a/nixpkgs/nixos/modules/services/web-apps/node-red.nix +++ b/nixpkgs/nixos/modules/services/web-apps/node-red.nix @@ -17,14 +17,14 @@ let in { options.services.node-red = { - enable = mkEnableOption (lib.mdDoc "the Node-RED service"); + enable = mkEnableOption "the Node-RED service"; package = mkPackageOption pkgs [ "nodePackages" "node-red" ] { }; openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Open ports in the firewall for the server. ''; }; @@ -32,7 +32,7 @@ in withNpmAndGcc = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Give Node-RED access to NPM and GCC at runtime, so 'Nodes' can be downloaded and managed imperatively via the 'Palette Manager'. ''; @@ -42,7 +42,7 @@ in type = types.path; default = "${cfg.package}/lib/node_modules/node-red/settings.js"; defaultText = literalExpression ''"''${package}/lib/node_modules/node-red/settings.js"''; - description = lib.mdDoc '' + description = '' Path to the JavaScript configuration file. See <https://github.com/node-red/node-red/blob/master/packages/node_modules/node-red/settings.js> for a configuration example. @@ -52,13 +52,13 @@ in port = mkOption { type = types.port; default = 1880; - description = lib.mdDoc "Listening port."; + description = "Listening port."; }; user = mkOption { type = types.str; default = defaultUser; - description = lib.mdDoc '' + description = '' User under which Node-RED runs.If left as the default value this user will automatically be created on system activation, otherwise the sysadmin is responsible for ensuring the user exists. @@ -68,7 +68,7 @@ in group = mkOption { type = types.str; default = defaultUser; - description = lib.mdDoc '' + description = '' Group under which Node-RED runs.If left as the default value this group will automatically be created on system activation, otherwise the sysadmin is responsible for ensuring the group exists. @@ -78,7 +78,7 @@ in userDir = mkOption { type = types.path; default = "/var/lib/node-red"; - description = lib.mdDoc '' + description = '' The directory to store all user data, such as flow and credential files and all library data. If left as the default value this directory will automatically be created before the node-red service starts, otherwise the sysadmin is responsible for ensuring the directory exists with appropriate ownership @@ -89,13 +89,13 @@ in safe = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to launch Node-RED in --safe mode."; + description = "Whether to launch Node-RED in --safe mode."; }; define = mkOption { type = types.attrs; default = {}; - description = lib.mdDoc "List of settings.js overrides to pass via -D to Node-RED."; + description = "List of settings.js overrides to pass via -D to Node-RED."; example = literalExpression '' { "logging.console.level" = "trace"; diff --git a/nixpkgs/nixos/modules/services/web-apps/ocis.md b/nixpkgs/nixos/modules/services/web-apps/ocis.md new file mode 100644 index 000000000000..9156e927ed2d --- /dev/null +++ b/nixpkgs/nixos/modules/services/web-apps/ocis.md @@ -0,0 +1,113 @@ +# ownCloud Infinite Scale {#module-services-ocis} + +[ownCloud Infinite Scale](https://owncloud.dev/ocis/) (oCIS) is an open-source, +modern file-sync and sharing platform. It is a ground-up rewrite of the well-known PHP based ownCloud server. + +The server setup can be automated using +[services.ocis](#opt-services.ocis.enable). The desktop client is packaged at +`pkgs.owncloud-client`. + +## Basic usage {#module-services-ocis-basic-usage} + +oCIS is a golang application and does not require an HTTP server (such as nginx) +in front of it, though you may optionally use one if you will. + +oCIS is configured using a combination of yaml and environment variables. It is +recommended to familiarize yourself with upstream's available configuration +options and deployment instructions: + +* [Getting Started](https://owncloud.dev/ocis/getting-started/) +* [Configuration](https://owncloud.dev/ocis/config/) +* [Basic Setup](https://owncloud.dev/ocis/deployment/basic-remote-setup/) + +A very basic configuration may look like this: +``` +{ pkgs, ... }: +{ + services.ocis = { + enable = true; + configDir = "/etc/ocis/config"; + }; +} +``` + +This will start the oCIS server and make it available at `https://localhost:9200` + +However to make this configuration work you will need generate a configuration. +You can do this with: + +```console +$ nix-shell -p ocis-bin +$ mkdir scratch/ +$ cd scratch/ +$ ocis init --config-path . --admin-password "changeme" +``` + +You may need to pass `--insecure true` or provide the `OCIS_INSECURE = true;` to +[`services.ocis.environment`][mod-envFile], if TLS certificates are generated +and managed externally (e.g. if you are using oCIS behind reverse proxy). + +If you want to manage the config file in your nix configuration, then it is +encouraged to use a secrets manager like sops-nix or agenix. + +Be careful not to write files containing secrets to the globally readable nix +store. + +Please note that current NixOS module for oCIS is configured to run in `fullstack` +mode, which starts all the services for owncloud on single instance. This will +start multiple ocis services and listen on multiple other ports. + +Current known services and their ports are as below: + +| Service | Group | Port | +|--------------------|---------|-------| +| gateway | api | 9142 | +| sharing | api | 9150 | +| app-registry | api | 9242 | +| ocdav | web | 45023 | +| auth-machine | api | 9166 | +| storage-system | api | 9215 | +| webdav | web | 9115 | +| webfinger | web | 46871 | +| storage-system | web | 9216 | +| web | web | 9100 | +| eventhistory | api | 33177 | +| ocs | web | 9110 | +| storage-publiclink | api | 9178 | +| settings | web | 9190 | +| ocm | api | 9282 | +| settings | api | 9191 | +| ocm | web | 9280 | +| app-provider | api | 9164 | +| storage-users | api | 9157 | +| auth-service | api | 9199 | +| thumbnails | web | 9186 | +| thumbnails | api | 9185 | +| storage-shares | api | 9154 | +| sse | sse | 46833 | +| userlog | userlog | 45363 | +| search | api | 9220 | +| proxy | web | 9200 | +| idp | web | 9130 | +| frontend | web | 9140 | +| groups | api | 9160 | +| graph | graph | 9120 | +| users | api | 9144 | +| auth-basic | api | 9146 | + +## Configuration via environment variables + +You can also eschew the config file entirely and pass everything to oCIS via +environment variables. For this make use of +[`services.ocis.environment`][mod-env] for non-sensitive +values, and +[`services.ocis.environmentFile`][mod-envFile] for +sensitive values. + +Configuration in (`services.ocis.environment`)[mod-env] overrides those from +[`services.ocis.environmentFile`][mod-envFile] and will have highest +precedence + + +[mod-env]: #opt-services.ocis.environment +[mod-envFile]: #opt-services.ocis.environmentFile diff --git a/nixpkgs/nixos/modules/services/web-apps/ocis.nix b/nixpkgs/nixos/modules/services/web-apps/ocis.nix new file mode 100644 index 000000000000..0266eb6ad29c --- /dev/null +++ b/nixpkgs/nixos/modules/services/web-apps/ocis.nix @@ -0,0 +1,201 @@ +{ + config, + lib, + pkgs, + ... +}: + +let + inherit (lib) types; + cfg = config.services.ocis; + defaultUser = "ocis"; + defaultGroup = defaultUser; +in +{ + options = { + services.ocis = { + enable = lib.mkEnableOption "ownCloud Infinite Scale"; + + package = lib.mkPackageOption pkgs "ocis-bin" { }; + + configDir = lib.mkOption { + type = types.nullOr types.path; + default = null; + example = "/var/lib/ocis/config"; + description = '' + Path to directory containing oCIS config file. + + Example config can be generated by `ocis init --config-path fileName --admin-password "adminPass"`. + Add `--insecure true` if SSL certificates are generated and managed externally (e.g. using oCIS behind reverse proxy). + + Note: This directory must contain at least a `ocis.yaml`. Ensure + [user](#opt-services.ocis.user) has read/write access to it. In some + circumstances you may need to add additional oCIS configuration files (e.g., + `proxy.yaml`) to this directory. + ''; + }; + + environmentFile = lib.mkOption { + type = types.nullOr types.path; + default = null; + example = "/run/keys/ocis.env"; + description = '' + An environment file as defined in {manpage}`systemd.exec(5)`. + + Configuration provided in this file will override those from [configDir](#opt-services.ocis.configDir)/ocis.yaml. + ''; + }; + + user = lib.mkOption { + type = types.str; + default = defaultUser; + example = "yourUser"; + description = '' + The user to run oCIS as. + By default, a user named `${defaultUser}` will be created whose home + directory is [stateDir](#opt-services.ocis.stateDir). + ''; + }; + + group = lib.mkOption { + type = types.str; + default = defaultGroup; + example = "yourGroup"; + description = '' + The group to run oCIS under. + By default, a group named `${defaultGroup}` will be created. + ''; + }; + + address = lib.mkOption { + type = types.str; + default = "127.0.0.1"; + description = "Web interface address."; + }; + + port = lib.mkOption { + type = types.port; + default = 9200; + description = "Web interface port."; + }; + + url = lib.mkOption { + type = types.str; + default = "https://localhost:9200"; + example = "https://some-hostname-or-ip:9200"; + description = "Web interface address."; + }; + + stateDir = lib.mkOption { + default = "/var/lib/ocis"; + type = types.str; + description = "ownCloud data directory."; + }; + + environment = lib.mkOption { + type = types.attrsOf types.str; + default = { }; + description = '' + Extra config options. + + See [the documentation](https://doc.owncloud.com/ocis/next/deployment/services/services.html) for available options. + See [notes for environment variables](https://doc.owncloud.com/ocis/next/deployment/services/env-var-note.html) for more information. + + Note that all the attributes here will be copied to /nix/store/ and will be world readable. Options like *_PASSWORD or *_SECRET should be part of [environmentFile](#opt-services.ocis.environmentFile) instead, and are only provided here for illustrative purpose. + + Configuration here will override those from [environmentFile](#opt-services.ocis.environmentFile) and will have highest precedence, at the cost of security. Do NOT put security sensitive stuff here. + ''; + example = { + OCIS_INSECURE = "false"; + OCIS_LOG_LEVEL = "error"; + OCIS_JWT_SECRET = "super_secret"; + OCIS_TRANSFER_SECRET = "foo"; + OCIS_MACHINE_AUTH_API_KEY = "foo"; + OCIS_SYSTEM_USER_ID = "123"; + OCIS_MOUNT_ID = "123"; + OCIS_STORAGE_USERS_MOUNT_ID = "123"; + GATEWAY_STORAGE_USERS_MOUNT_ID = "123"; + CS3_ALLOW_INSECURE = "true"; + OCIS_INSECURE_BACKENDS = "true"; + TLS_INSECURE = "true"; + TLS_SKIP_VERIFY_CLIENT_CERT = "true"; + WEBDAV_ALLOW_INSECURE = "true"; + IDP_TLS = "false"; + GRAPH_APPLICATION_ID = "1234"; + IDM_IDPSVC_PASSWORD = "password"; + IDM_REVASVC_PASSWORD = "password"; + IDM_SVC_PASSWORD = "password"; + IDP_ISS = "https://localhost:9200"; + OCIS_LDAP_BIND_PASSWORD = "password"; + OCIS_SERVICE_ACCOUNT_ID = "foo"; + OCIS_SERVICE_ACCOUNT_SECRET = "foo"; + OCIS_SYSTEM_USER_API_KEY = "foo"; + STORAGE_USERS_MOUNT_ID = "123"; + }; + }; + }; + }; + + config = lib.mkIf cfg.enable { + users.users.${defaultUser} = lib.mkIf (cfg.user == defaultUser) { + group = cfg.group; + home = cfg.stateDir; + isSystemUser = true; + createHome = true; + description = "ownCloud Infinite Scale daemon user"; + }; + + users.groups = lib.mkIf (cfg.group == defaultGroup) { ${defaultGroup} = { }; }; + + systemd = { + services.ocis = { + description = "ownCloud Infinite Scale Stack"; + wantedBy = [ "multi-user.target" ]; + environment = { + PROXY_HTTP_ADDR = "${cfg.address}:${toString cfg.port}"; + OCIS_URL = cfg.url; + OCIS_CONFIG_DIR = if (cfg.configDir == null) then "${cfg.stateDir}/config" else cfg.configDir; + OCIS_BASE_DATA_PATH = cfg.stateDir; + } // cfg.environment; + serviceConfig = { + Type = "simple"; + ExecStart = "${lib.getExe cfg.package} server"; + WorkingDirectory = cfg.stateDir; + User = cfg.user; + Group = cfg.group; + Restart = "always"; + EnvironmentFile = lib.optional (cfg.environmentFile != null) cfg.environmentFile; + ReadWritePaths = [ cfg.stateDir ]; + ReadOnlyPaths = [ cfg.configDir ]; + MemoryDenyWriteExecute = true; + NoNewPrivileges = true; + PrivateTmp = true; + PrivateDevices = true; + ProtectSystem = "strict"; + ProtectHome = true; + ProtectControlGroups = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectKernelLogs = true; + RestrictAddressFamilies = [ + "AF_UNIX" + "AF_INET" + "AF_INET6" + "AF_NETLINK" + ]; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + LockPersonality = true; + SystemCallArchitectures = "native"; + }; + }; + }; + }; + + meta.maintainers = with lib.maintainers; [ + bhankas + danth + ramblurr + ]; +} diff --git a/nixpkgs/nixos/modules/services/web-apps/onlyoffice.nix b/nixpkgs/nixos/modules/services/web-apps/onlyoffice.nix index 343ca80c9fc2..545ca68ccaac 100644 --- a/nixpkgs/nixos/modules/services/web-apps/onlyoffice.nix +++ b/nixpkgs/nixos/modules/services/web-apps/onlyoffice.nix @@ -7,20 +7,20 @@ let in { options.services.onlyoffice = { - enable = mkEnableOption (lib.mdDoc "OnlyOffice DocumentServer"); + enable = mkEnableOption "OnlyOffice DocumentServer"; - enableExampleServer = mkEnableOption (lib.mdDoc "OnlyOffice example server"); + enableExampleServer = mkEnableOption "OnlyOffice example server"; hostname = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc "FQDN for the onlyoffice instance."; + description = "FQDN for the onlyoffice instance."; }; jwtSecretFile = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Path to a file that contains the secret to sign web requests using JSON Web Tokens. If left at the default value null signing is disabled. ''; @@ -31,31 +31,31 @@ in port = mkOption { type = types.port; default = 8000; - description = lib.mdDoc "Port the OnlyOffice DocumentServer should listens on."; + description = "Port the OnlyOffice DocumentServer should listens on."; }; examplePort = mkOption { type = types.port; default = null; - description = lib.mdDoc "Port the OnlyOffice Example server should listens on."; + description = "Port the OnlyOffice Example server should listens on."; }; postgresHost = mkOption { type = types.str; default = "/run/postgresql"; - description = lib.mdDoc "The Postgresql hostname or socket path OnlyOffice should connect to."; + description = "The Postgresql hostname or socket path OnlyOffice should connect to."; }; postgresName = mkOption { type = types.str; default = "onlyoffice"; - description = lib.mdDoc "The name of database OnlyOffice should user."; + description = "The name of database OnlyOffice should user."; }; postgresPasswordFile = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Path to a file that contains the password OnlyOffice should use to connect to Postgresql. Unused when using socket authentication. ''; @@ -64,7 +64,7 @@ in postgresUser = mkOption { type = types.str; default = "onlyoffice"; - description = lib.mdDoc '' + description = '' The username OnlyOffice should use to connect to Postgresql. Unused when using socket authentication. ''; @@ -73,7 +73,7 @@ in rabbitmqUrl = mkOption { type = types.str; default = "amqp://guest:guest@localhost:5672"; - description = lib.mdDoc "The Rabbitmq in amqp URI style OnlyOffice should connect to."; + description = "The Rabbitmq in amqp URI style OnlyOffice should connect to."; }; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/openvscode-server.nix b/nixpkgs/nixos/modules/services/web-apps/openvscode-server.nix index 81b9d1f3b4c8..b3c22cd43b78 100644 --- a/nixpkgs/nixos/modules/services/web-apps/openvscode-server.nix +++ b/nixpkgs/nixos/modules/services/web-apps/openvscode-server.nix @@ -8,13 +8,13 @@ in { options = { services.openvscode-server = { - enable = lib.mkEnableOption (lib.mdDoc "openvscode-server"); + enable = lib.mkEnableOption "openvscode-server"; package = lib.mkPackageOption pkgs "openvscode-server" { }; extraPackages = lib.mkOption { default = [ ]; - description = lib.mdDoc '' + description = '' Additional packages to add to the openvscode-server {env}`PATH`. ''; example = lib.literalExpression "[ pkgs.go ]"; @@ -23,7 +23,7 @@ in extraEnvironment = lib.mkOption { type = lib.types.attrsOf lib.types.str; - description = lib.mdDoc '' + description = '' Additional environment variables to pass to openvscode-server. ''; default = { }; @@ -32,7 +32,7 @@ in extraArguments = lib.mkOption { default = [ ]; - description = lib.mdDoc '' + description = '' Additional arguments to pass to openvscode-server. ''; example = lib.literalExpression ''[ "--log=info" ]''; @@ -41,7 +41,7 @@ in host = lib.mkOption { default = "localhost"; - description = lib.mdDoc '' + description = '' The host name or IP address the server should listen to. ''; type = lib.types.str; @@ -49,7 +49,7 @@ in port = lib.mkOption { default = 3000; - description = lib.mdDoc '' + description = '' The port the server should listen to. If 0 is passed a random free port is picked. If a range in the format num-num is passed, a free port from the range (end inclusive) is selected. ''; type = lib.types.port; @@ -58,7 +58,7 @@ in user = lib.mkOption { default = defaultUser; example = "yourUser"; - description = lib.mdDoc '' + description = '' The user to run openvscode-server as. By default, a user named `${defaultUser}` will be created. ''; @@ -68,7 +68,7 @@ in group = lib.mkOption { default = defaultGroup; example = "yourGroup"; - description = lib.mdDoc '' + description = '' The group to run openvscode-server under. By default, a group named `${defaultGroup}` will be created. ''; @@ -77,7 +77,7 @@ in extraGroups = lib.mkOption { default = [ ]; - description = lib.mdDoc '' + description = '' An array of additional groups for the `${defaultUser}` user. ''; example = [ "docker" ]; @@ -86,7 +86,7 @@ in withoutConnectionToken = lib.mkOption { default = false; - description = lib.mdDoc '' + description = '' Run without a connection token. Only use this if the connection is secured by other means. ''; example = true; @@ -96,7 +96,7 @@ in socketPath = lib.mkOption { default = null; example = "/run/openvscode/socket"; - description = lib.mdDoc '' + description = '' The path to a socket file for the server to listen to. ''; type = lib.types.nullOr lib.types.str; @@ -104,7 +104,7 @@ in userDataDir = lib.mkOption { default = null; - description = lib.mdDoc '' + description = '' Specifies the directory that user data is kept in. Can be used to open multiple distinct instances of Code. ''; type = lib.types.nullOr lib.types.str; @@ -112,7 +112,7 @@ in serverDataDir = lib.mkOption { default = null; - description = lib.mdDoc '' + description = '' Specifies the directory that server data is kept in. ''; type = lib.types.nullOr lib.types.str; @@ -120,7 +120,7 @@ in extensionsDir = lib.mkOption { default = null; - description = lib.mdDoc '' + description = '' Set the root path for extensions. ''; type = lib.types.nullOr lib.types.str; @@ -129,7 +129,7 @@ in telemetryLevel = lib.mkOption { default = null; example = "crash"; - description = lib.mdDoc '' + description = '' Sets the initial telemetry level. Valid levels are: 'off', 'crash', 'error' and 'all'. ''; type = lib.types.nullOr (lib.types.enum [ "off" "crash" "error" "all" ]); @@ -138,7 +138,7 @@ in connectionToken = lib.mkOption { default = null; example = "secret-token"; - description = lib.mdDoc '' + description = '' A secret that must be included with all requests. ''; type = lib.types.nullOr lib.types.str; @@ -146,7 +146,7 @@ in connectionTokenFile = lib.mkOption { default = null; - description = lib.mdDoc '' + description = '' Path to a file that contains the connection token. ''; type = lib.types.nullOr lib.types.str; diff --git a/nixpkgs/nixos/modules/services/web-apps/openwebrx.nix b/nixpkgs/nixos/modules/services/web-apps/openwebrx.nix index ddc2d66e723c..614eb963b4a3 100644 --- a/nixpkgs/nixos/modules/services/web-apps/openwebrx.nix +++ b/nixpkgs/nixos/modules/services/web-apps/openwebrx.nix @@ -4,7 +4,7 @@ let in { options.services.openwebrx = with lib; { - enable = mkEnableOption (lib.mdDoc "OpenWebRX Web interface for Software-Defined Radios on http://localhost:8073"); + enable = mkEnableOption "OpenWebRX Web interface for Software-Defined Radios on http://localhost:8073"; package = mkPackageOption pkgs "openwebrx" { }; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/outline.nix b/nixpkgs/nixos/modules/services/web-apps/outline.nix index 702755dfa2ab..4c1de579ecc5 100644 --- a/nixpkgs/nixos/modules/services/web-apps/outline.nix +++ b/nixpkgs/nixos/modules/services/web-apps/outline.nix @@ -16,7 +16,7 @@ in # https://github.com/outline/outline/blob/v0.67.0/shared/types.ts # The order is kept the same here to make updating easier. options.services.outline = { - enable = lib.mkEnableOption (lib.mdDoc "outline"); + enable = lib.mkEnableOption "outline"; package = lib.mkOption { default = pkgs.outline; @@ -33,13 +33,13 @@ in ${"''"}; }) ''; - description = lib.mdDoc "Outline package to use."; + description = "Outline package to use."; }; user = lib.mkOption { type = lib.types.str; default = defaultUser; - description = lib.mdDoc '' + description = '' User under which the service should run. If this is the default value, the user will be created, with the specified group as the primary group. @@ -49,7 +49,7 @@ in group = lib.mkOption { type = lib.types.str; default = defaultUser; - description = lib.mdDoc '' + description = '' Group under which the service should run. If this is the default value, the group will be created. ''; @@ -62,7 +62,7 @@ in secretKeyFile = lib.mkOption { type = lib.types.str; default = "/var/lib/outline/secret_key"; - description = lib.mdDoc '' + description = '' File path that contains the application secret key. It must be 32 bytes long and hex-encoded. If the file does not exist, a new key will be generated and saved here. @@ -72,7 +72,7 @@ in utilsSecretFile = lib.mkOption { type = lib.types.str; default = "/var/lib/outline/utils_secret"; - description = lib.mdDoc '' + description = '' File path that contains the utility secret key. If the file does not exist, a new key will be generated and saved here. ''; @@ -81,7 +81,7 @@ in databaseUrl = lib.mkOption { type = lib.types.str; default = "local"; - description = lib.mdDoc '' + description = '' URI to use for the main PostgreSQL database. If this needs to include credentials that shouldn't be world-readable in the Nix store, set an environment file on the systemd service and override the @@ -93,7 +93,7 @@ in redisUrl = lib.mkOption { type = lib.types.str; default = "local"; - description = lib.mdDoc '' + description = '' Connection to a redis server. If this needs to include credentials that shouldn't be world-readable in the Nix store, set an environment file on the systemd service and override the @@ -105,17 +105,17 @@ in publicUrl = lib.mkOption { type = lib.types.str; default = "http://localhost:3000"; - description = lib.mdDoc "The fully qualified, publicly accessible URL"; + description = "The fully qualified, publicly accessible URL"; }; port = lib.mkOption { type = lib.types.port; default = 3000; - description = lib.mdDoc "Listening port."; + description = "Listening port."; }; storage = lib.mkOption { - description = lib.mdDoc '' + description = '' To support uploading of images for avatars and document attachments an s3-compatible storage can be provided. AWS S3 is recommended for redundancy however if you want to keep all file storage local an @@ -139,12 +139,12 @@ in options = { storageType = lib.mkOption { type = lib.types.enum [ "local" "s3" ]; - description = lib.mdDoc "File storage type, it can be local or s3."; + description = "File storage type, it can be local or s3."; default = "s3"; }; localRootDir = lib.mkOption { type = lib.types.str; - description = lib.mdDoc '' + description = '' If `storageType` is `local`, this sets the parent directory under which all attachments/images go. ''; @@ -152,42 +152,42 @@ in }; accessKey = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "S3 access key."; + description = "S3 access key."; }; secretKeyFile = lib.mkOption { type = lib.types.path; - description = lib.mdDoc "File path that contains the S3 secret key."; + description = "File path that contains the S3 secret key."; }; region = lib.mkOption { type = lib.types.str; default = "xx-xxxx-x"; - description = lib.mdDoc "AWS S3 region name."; + description = "AWS S3 region name."; }; uploadBucketUrl = lib.mkOption { type = lib.types.str; - description = lib.mdDoc '' + description = '' URL endpoint of an S3-compatible API where uploads should be stored. ''; }; uploadBucketName = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "Name of the bucket where uploads should be stored."; + description = "Name of the bucket where uploads should be stored."; }; uploadMaxSize = lib.mkOption { type = lib.types.int; default = 26214400; - description = lib.mdDoc "Maxmium file size for uploads."; + description = "Maxmium file size for uploads."; }; forcePathStyle = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc "Force S3 path style."; + description = "Force S3 path style."; }; acl = lib.mkOption { type = lib.types.str; default = "private"; - description = lib.mdDoc "ACL setting."; + description = "ACL setting."; }; }; }; @@ -198,7 +198,7 @@ in # slackAuthentication = lib.mkOption { - description = lib.mdDoc '' + description = '' To configure Slack auth, you'll need to create an Application at https://api.slack.com/apps @@ -210,18 +210,18 @@ in options = { clientId = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "Authentication key."; + description = "Authentication key."; }; secretFile = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "File path containing the authentication secret."; + description = "File path containing the authentication secret."; }; }; }); }; googleAuthentication = lib.mkOption { - description = lib.mdDoc '' + description = '' To configure Google auth, you'll need to create an OAuth Client ID at https://console.cloud.google.com/apis/credentials @@ -233,18 +233,18 @@ in options = { clientId = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "Authentication client identifier."; + description = "Authentication client identifier."; }; clientSecretFile = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "File path containing the authentication secret."; + description = "File path containing the authentication secret."; }; }; }); }; azureAuthentication = lib.mkOption { - description = lib.mdDoc '' + description = '' To configure Microsoft/Azure auth, you'll need to create an OAuth Client. See [the guide](https://wiki.generaloutline.com/share/dfa77e56-d4d2-4b51-8ff8-84ea6608faa4) @@ -255,22 +255,22 @@ in options = { clientId = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "Authentication client identifier."; + description = "Authentication client identifier."; }; clientSecretFile = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "File path containing the authentication secret."; + description = "File path containing the authentication secret."; }; resourceAppId = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "Authentication application resource ID."; + description = "Authentication application resource ID."; }; }; }); }; oidcAuthentication = lib.mkOption { - description = lib.mdDoc '' + description = '' To configure generic OIDC auth, you'll need some kind of identity provider. See the documentation for whichever IdP you use to fill out all the fields. The redirect URL is @@ -281,27 +281,27 @@ in options = { clientId = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "Authentication client identifier."; + description = "Authentication client identifier."; }; clientSecretFile = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "File path containing the authentication secret."; + description = "File path containing the authentication secret."; }; authUrl = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "OIDC authentication URL endpoint."; + description = "OIDC authentication URL endpoint."; }; tokenUrl = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "OIDC token URL endpoint."; + description = "OIDC token URL endpoint."; }; userinfoUrl = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "OIDC userinfo URL endpoint."; + description = "OIDC userinfo URL endpoint."; }; usernameClaim = lib.mkOption { type = lib.types.str; - description = lib.mdDoc '' + description = '' Specify which claims to derive user information from. Supports any valid JSON path with the JWT payload ''; @@ -309,12 +309,12 @@ in }; displayName = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "Display name for OIDC authentication."; + description = "Display name for OIDC authentication."; default = "OpenID"; }; scopes = lib.mkOption { type = lib.types.listOf lib.types.str; - description = lib.mdDoc "OpenID authentication scopes."; + description = "OpenID authentication scopes."; default = [ "openid" "profile" "email" ]; }; }; @@ -328,7 +328,7 @@ in sslKeyFile = lib.mkOption { type = lib.types.nullOr lib.types.str; default = null; - description = lib.mdDoc '' + description = '' File path that contains the Base64-encoded private key for HTTPS termination. This is only required if you do not use an external reverse proxy. See @@ -338,7 +338,7 @@ in sslCertFile = lib.mkOption { type = lib.types.nullOr lib.types.str; default = null; - description = lib.mdDoc '' + description = '' File path that contains the Base64-encoded certificate for HTTPS termination. This is only required if you do not use an external reverse proxy. See @@ -349,7 +349,7 @@ in cdnUrl = lib.mkOption { type = lib.types.str; default = ""; - description = lib.mdDoc '' + description = '' If using a Cloudfront/Cloudflare distribution or similar it can be set using this option. This will cause paths to JavaScript files, stylesheets and images to be updated to the hostname defined here. In @@ -360,7 +360,7 @@ in forceHttps = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc '' + description = '' Auto-redirect to HTTPS in production. The default is `true` but you may set this to `false` if you can be sure that SSL is terminated at an external loadbalancer. @@ -370,7 +370,7 @@ in enableUpdateCheck = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Have the installation check for updates by sending anonymized statistics to the maintainers. ''; @@ -379,7 +379,7 @@ in concurrency = lib.mkOption { type = lib.types.int; default = 1; - description = lib.mdDoc '' + description = '' How many processes should be spawned. For a rough estimate, divide your server's available memory by 512. ''; @@ -388,7 +388,7 @@ in maximumImportSize = lib.mkOption { type = lib.types.int; default = 5120000; - description = lib.mdDoc '' + description = '' The maximum size of document imports. Overriding this could be required if you have especially large Word documents with embedded imagery. ''; @@ -397,11 +397,11 @@ in debugOutput = lib.mkOption { type = lib.types.nullOr (lib.types.enum [ "http" ]); default = null; - description = lib.mdDoc "Set this to `http` log HTTP requests."; + description = "Set this to `http` log HTTP requests."; }; slackIntegration = lib.mkOption { - description = lib.mdDoc '' + description = '' For a complete Slack integration with search and posting to channels this configuration is also needed. See here for details: https://wiki.generaloutline.com/share/be25efd1-b3ef-4450-b8e5-c4a4fc11e02a @@ -411,16 +411,16 @@ in options = { verificationTokenFile = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "File path containing the verification token."; + description = "File path containing the verification token."; }; appId = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "Application ID."; + description = "Application ID."; }; messageActions = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc "Whether to enable message actions."; + description = "Whether to enable message actions."; }; }; }); @@ -429,7 +429,7 @@ in googleAnalyticsId = lib.mkOption { type = lib.types.nullOr lib.types.str; default = null; - description = lib.mdDoc '' + description = '' Optionally enable Google Analytics to track page views in the knowledge base. ''; @@ -438,7 +438,7 @@ in sentryDsn = lib.mkOption { type = lib.types.nullOr lib.types.str; default = null; - description = lib.mdDoc '' + description = '' Optionally enable [Sentry](https://sentry.io/) to track errors and performance. ''; @@ -447,7 +447,7 @@ in sentryTunnel = lib.mkOption { type = lib.types.nullOr lib.types.str; default = null; - description = lib.mdDoc '' + description = '' Optionally add a [Sentry proxy tunnel](https://docs.sentry.io/platforms/javascript/troubleshooting/#using-the-tunnel-option) for bypassing ad blockers in the UI. @@ -457,14 +457,14 @@ in logo = lib.mkOption { type = lib.types.nullOr lib.types.str; default = null; - description = lib.mdDoc '' + description = '' Custom logo displayed on the authentication screen. This will be scaled to a height of 60px. ''; }; smtp = lib.mkOption { - description = lib.mdDoc '' + description = '' To support sending outgoing transactional emails such as "document updated" or "you've been invited" you'll need to provide authentication for an SMTP server. @@ -474,39 +474,39 @@ in options = { host = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "Host name or IP address of the SMTP server."; + description = "Host name or IP address of the SMTP server."; }; port = lib.mkOption { type = lib.types.port; - description = lib.mdDoc "TCP port of the SMTP server."; + description = "TCP port of the SMTP server."; }; username = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "Username to authenticate with."; + description = "Username to authenticate with."; }; passwordFile = lib.mkOption { type = lib.types.str; - description = lib.mdDoc '' + description = '' File path containing the password to authenticate with. ''; }; fromEmail = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "Sender email in outgoing mail."; + description = "Sender email in outgoing mail."; }; replyEmail = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "Reply address in outgoing mail."; + description = "Reply address in outgoing mail."; }; tlsCiphers = lib.mkOption { type = lib.types.str; default = ""; - description = lib.mdDoc "Override SMTP cipher configuration."; + description = "Override SMTP cipher configuration."; }; secure = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc "Use a secure SMTP connection."; + description = "Use a secure SMTP connection."; }; }; }); @@ -535,7 +535,7 @@ in "zh_TW" ]; default = "en_US"; - description = lib.mdDoc '' + description = '' The default interface language. See [translate.getoutline.com](https://translate.getoutline.com/) for a list of available language codes and their rough percentage @@ -543,16 +543,16 @@ in ''; }; - rateLimiter.enable = lib.mkEnableOption (lib.mdDoc "rate limiter for the application web server"); + rateLimiter.enable = lib.mkEnableOption "rate limiter for the application web server"; rateLimiter.requests = lib.mkOption { type = lib.types.int; default = 5000; - description = lib.mdDoc "Maximum number of requests in a throttling window."; + description = "Maximum number of requests in a throttling window."; }; rateLimiter.durationWindow = lib.mkOption { type = lib.types.int; default = 60; - description = lib.mdDoc "Length of a throttling window."; + description = "Length of a throttling window."; }; }; @@ -783,6 +783,8 @@ in # This working directory is required to find stuff like the set of # onboarding files: WorkingDirectory = "${cfg.package}/share/outline"; + # In case this directory is not in /var/lib/outline, it needs to be made writable explicitly + ReadWritePaths = lib.mkIf (cfg.storage.storageType == "local") [ cfg.storage.localRootDir ]; }; }; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/peering-manager.nix b/nixpkgs/nixos/modules/services/web-apps/peering-manager.nix index 0382ce717473..c85cb76e5ea1 100644 --- a/nixpkgs/nixos/modules/services/web-apps/peering-manager.nix +++ b/nixpkgs/nixos/modules/services/web-apps/peering-manager.nix @@ -31,7 +31,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Enable Peering Manager. This module requires a reverse proxy that serves `/static` separately. @@ -50,7 +50,7 @@ in { listenAddress = mkOption { type = types.str; default = "[::1]"; - description = mdDoc '' + description = '' Address the server will listen on. ''; }; @@ -58,7 +58,7 @@ in { port = mkOption { type = types.port; default = 8001; - description = mdDoc '' + description = '' Port the server will listen on. ''; }; @@ -69,14 +69,14 @@ in { defaultText = literalExpression '' python3Packages: with python3Packages; []; ''; - description = mdDoc '' + description = '' List of plugin packages to install. ''; }; secretKeyFile = mkOption { type = types.path; - description = mdDoc '' + description = '' Path to a file containing the secret key. ''; }; @@ -84,13 +84,13 @@ in { peeringdbApiKeyFile = mkOption { type = with types; nullOr path; default = null; - description = mdDoc '' + description = '' Path to a file containing the PeeringDB API key. ''; }; settings = lib.mkOption { - description = lib.mdDoc '' + description = '' Configuration options to set in `configuration.py`. See the [documentation](https://peering-manager.readthedocs.io/en/stable/configuration/optional-settings/) for more possible options. ''; @@ -104,7 +104,7 @@ in { ALLOWED_HOSTS = lib.mkOption { type = with lib.types; listOf str; default = ["*"]; - description = lib.mdDoc '' + description = '' A list of valid fully-qualified domain names (FQDNs) and/or IP addresses that can be used to reach the peering manager service. ''; @@ -116,7 +116,7 @@ in { extraConfig = mkOption { type = types.lines; default = ""; - description = mdDoc '' + description = '' Additional lines of configuration appended to the `configuration.py`. See the [documentation](https://peering-manager.readthedocs.io/en/stable/configuration/optional-settings/) for more possible options. ''; @@ -125,7 +125,7 @@ in { enableLdap = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Enable LDAP-Authentication for Peering Manager. This requires a configuration file being pass through `ldapConfigPath`. @@ -134,7 +134,7 @@ in { ldapConfigPath = mkOption { type = types.path; - description = mdDoc '' + description = '' Path to the Configuration-File for LDAP-Authentication, will be loaded as `ldap_config.py`. See the [documentation](https://peering-manager.readthedocs.io/en/stable/setup/6-ldap/#configuration) for possible options. ''; diff --git a/nixpkgs/nixos/modules/services/web-apps/peertube.nix b/nixpkgs/nixos/modules/services/web-apps/peertube.nix index 76f869913592..e3f15f4f438c 100644 --- a/nixpkgs/nixos/modules/services/web-apps/peertube.nix +++ b/nixpkgs/nixos/modules/services/web-apps/peertube.nix @@ -75,56 +75,56 @@ let in { options.services.peertube = { - enable = lib.mkEnableOption (lib.mdDoc "Peertube"); + enable = lib.mkEnableOption "Peertube"; user = lib.mkOption { type = lib.types.str; default = "peertube"; - description = lib.mdDoc "User account under which Peertube runs."; + description = "User account under which Peertube runs."; }; group = lib.mkOption { type = lib.types.str; default = "peertube"; - description = lib.mdDoc "Group under which Peertube runs."; + description = "Group under which Peertube runs."; }; localDomain = lib.mkOption { type = lib.types.str; example = "peertube.example.com"; - description = lib.mdDoc "The domain serving your PeerTube instance."; + description = "The domain serving your PeerTube instance."; }; listenHttp = lib.mkOption { type = lib.types.port; default = 9000; - description = lib.mdDoc "The port that the local PeerTube web server will listen on."; + description = "The port that the local PeerTube web server will listen on."; }; listenWeb = lib.mkOption { type = lib.types.port; default = 9000; - description = lib.mdDoc "The public-facing port that PeerTube will be accessible at (likely 80 or 443 if running behind a reverse proxy). Clients will try to access PeerTube at this port."; + description = "The public-facing port that PeerTube will be accessible at (likely 80 or 443 if running behind a reverse proxy). Clients will try to access PeerTube at this port."; }; enableWebHttps = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc "Whether clients will access your PeerTube instance with HTTPS. Does NOT configure the PeerTube webserver itself to listen for incoming HTTPS connections."; + description = "Whether clients will access your PeerTube instance with HTTPS. Does NOT configure the PeerTube webserver itself to listen for incoming HTTPS connections."; }; dataDirs = lib.mkOption { type = lib.types.listOf lib.types.path; default = [ ]; example = [ "/opt/peertube/storage" "/var/cache/peertube" ]; - description = lib.mdDoc "Allow access to custom data locations."; + description = "Allow access to custom data locations."; }; serviceEnvironmentFile = lib.mkOption { type = lib.types.nullOr lib.types.path; default = null; example = "/run/keys/peertube/password-init-root"; - description = lib.mdDoc '' + description = '' Set environment variables for the service. Mainly useful for setting the initial root password. For example write to file: PT_INITIAL_ROOT_PASSWORD=changeme @@ -148,13 +148,13 @@ in { }; } ''; - description = lib.mdDoc "Configuration for peertube."; + description = "Configuration for peertube."; }; configureNginx = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc "Configure nginx as a reverse proxy for peertube."; + description = "Configure nginx as a reverse proxy for peertube."; }; secrets = { @@ -162,7 +162,7 @@ in { type = lib.types.nullOr lib.types.path; default = null; example = "/run/secrets/peertube"; - description = lib.mdDoc '' + description = '' Secrets to run PeerTube. Generate one using `openssl rand -hex 32` ''; @@ -173,7 +173,7 @@ in { createLocally = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc "Configure local PostgreSQL database server for PeerTube."; + description = "Configure local PostgreSQL database server for PeerTube."; }; host = lib.mkOption { @@ -185,32 +185,32 @@ in { else null ''; example = "192.168.15.47"; - description = lib.mdDoc "Database host address or unix socket."; + description = "Database host address or unix socket."; }; port = lib.mkOption { type = lib.types.port; default = 5432; - description = lib.mdDoc "Database host port."; + description = "Database host port."; }; name = lib.mkOption { type = lib.types.str; default = "peertube"; - description = lib.mdDoc "Database name."; + description = "Database name."; }; user = lib.mkOption { type = lib.types.str; default = "peertube"; - description = lib.mdDoc "Database user."; + description = "Database user."; }; passwordFile = lib.mkOption { type = lib.types.nullOr lib.types.path; default = null; example = "/run/keys/peertube/password-postgresql"; - description = lib.mdDoc "Password for PostgreSQL database."; + description = "Password for PostgreSQL database."; }; }; @@ -218,7 +218,7 @@ in { createLocally = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc "Configure local Redis server for PeerTube."; + description = "Configure local Redis server for PeerTube."; }; host = lib.mkOption { @@ -229,7 +229,7 @@ in { then "127.0.0.1" else null ''; - description = lib.mdDoc "Redis host."; + description = "Redis host."; }; port = lib.mkOption { @@ -240,21 +240,21 @@ in { then null else 6379 ''; - description = lib.mdDoc "Redis port."; + description = "Redis port."; }; passwordFile = lib.mkOption { type = lib.types.nullOr lib.types.path; default = null; example = "/run/keys/peertube/password-redis-db"; - description = lib.mdDoc "Password for redis database."; + description = "Password for redis database."; }; enableUnixSocket = lib.mkOption { type = lib.types.bool; default = cfg.redis.createLocally; defaultText = lib.literalExpression "config.${opt.redis.createLocally}"; - description = lib.mdDoc "Use Unix socket."; + description = "Use Unix socket."; }; }; @@ -262,14 +262,14 @@ in { createLocally = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc "Configure local Postfix SMTP server for PeerTube."; + description = "Configure local Postfix SMTP server for PeerTube."; }; passwordFile = lib.mkOption { type = lib.types.nullOr lib.types.path; default = null; example = "/run/keys/peertube/password-smtp"; - description = lib.mdDoc "Password for smtp server."; + description = "Password for smtp server."; }; }; @@ -277,7 +277,7 @@ in { type = lib.types.package; default = pkgs.peertube; defaultText = lib.literalExpression "pkgs.peertube"; - description = lib.mdDoc "PeerTube package to use."; + description = "PeerTube package to use."; }; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/pgpkeyserver-lite.nix b/nixpkgs/nixos/modules/services/web-apps/pgpkeyserver-lite.nix index 7a5ab579c408..f1e5f022c379 100644 --- a/nixpkgs/nixos/modules/services/web-apps/pgpkeyserver-lite.nix +++ b/nixpkgs/nixos/modules/services/web-apps/pgpkeyserver-lite.nix @@ -18,13 +18,13 @@ in services.pgpkeyserver-lite = { - enable = mkEnableOption (lib.mdDoc "pgpkeyserver-lite on a nginx vHost proxying to a gpg keyserver"); + enable = mkEnableOption "pgpkeyserver-lite on a nginx vHost proxying to a gpg keyserver"; package = mkPackageOption pkgs "pgpkeyserver-lite" { }; hostname = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Which hostname to set the vHost to that is proxying to sks. ''; }; @@ -33,7 +33,7 @@ in default = builtins.head sksCfg.hkpAddress; defaultText = literalExpression "head config.${sksOpt.hkpAddress}"; type = types.str; - description = lib.mdDoc '' + description = '' Which IP address the sks-keyserver is listening on. ''; }; @@ -42,7 +42,7 @@ in default = sksCfg.hkpPort; defaultText = literalExpression "config.${sksOpt.hkpPort}"; type = types.int; - description = lib.mdDoc '' + description = '' Which port the sks-keyserver is listening on. ''; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/photoprism.nix b/nixpkgs/nixos/modules/services/web-apps/photoprism.nix index 39eb7c65c635..ec4126b420cd 100644 --- a/nixpkgs/nixos/modules/services/web-apps/photoprism.nix +++ b/nixpkgs/nixos/modules/services/web-apps/photoprism.nix @@ -26,12 +26,12 @@ in options.services.photoprism = { - enable = lib.mkEnableOption (lib.mdDoc "Photoprism web server"); + enable = lib.mkEnableOption "Photoprism web server"; passwordFile = lib.mkOption { type = lib.types.nullOr lib.types.path; default = null; - description = lib.mdDoc '' + description = '' Admin password file. ''; }; @@ -39,7 +39,7 @@ in address = lib.mkOption { type = lib.types.str; default = "localhost"; - description = lib.mdDoc '' + description = '' Web interface address. ''; }; @@ -47,7 +47,7 @@ in port = lib.mkOption { type = lib.types.port; default = 2342; - description = lib.mdDoc '' + description = '' Web interface port. ''; }; @@ -56,7 +56,7 @@ in type = lib.types.path; default = null; example = "/data/photos"; - description = lib.mdDoc '' + description = '' Storage path of your original media files (photos and videos). ''; }; @@ -64,7 +64,7 @@ in importPath = lib.mkOption { type = lib.types.str; default = "import"; - description = lib.mdDoc '' + description = '' Relative or absolute to the `originalsPath` from where the files should be imported. ''; }; @@ -72,7 +72,7 @@ in storagePath = lib.mkOption { type = lib.types.path; default = "/var/lib/photoprism"; - description = lib.mdDoc '' + description = '' Location for sidecar, cache, and database files. ''; }; @@ -82,7 +82,7 @@ in settings = lib.mkOption { type = lib.types.attrsOf lib.types.str; default = { }; - description = lib.mdDoc '' + description = '' See [the getting-started guide](https://docs.photoprism.app/getting-started/config-options/) for available options. ''; example = { diff --git a/nixpkgs/nixos/modules/services/web-apps/phylactery.nix b/nixpkgs/nixos/modules/services/web-apps/phylactery.nix index 488373d0e426..02a3a1765d90 100644 --- a/nixpkgs/nixos/modules/services/web-apps/phylactery.nix +++ b/nixpkgs/nixos/modules/services/web-apps/phylactery.nix @@ -4,22 +4,22 @@ with lib; let cfg = config.services.phylactery; in { options.services.phylactery = { - enable = mkEnableOption (lib.mdDoc "Phylactery server"); + enable = mkEnableOption "Phylactery server"; host = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc "Listen host for Phylactery"; + description = "Listen host for Phylactery"; }; port = mkOption { type = types.port; - description = lib.mdDoc "Listen port for Phylactery"; + description = "Listen port for Phylactery"; }; library = mkOption { type = types.path; - description = lib.mdDoc "Path to CBZ library"; + description = "Path to CBZ library"; }; package = mkPackageOption pkgs "phylactery" { }; diff --git a/nixpkgs/nixos/modules/services/web-apps/pict-rs.nix b/nixpkgs/nixos/modules/services/web-apps/pict-rs.nix index 983342c37732..07f84578a59b 100644 --- a/nixpkgs/nixos/modules/services/web-apps/pict-rs.nix +++ b/nixpkgs/nixos/modules/services/web-apps/pict-rs.nix @@ -12,14 +12,14 @@ in meta.doc = ./pict-rs.md; options.services.pict-rs = { - enable = lib.mkEnableOption (lib.mdDoc "pict-rs server"); + enable = lib.mkEnableOption "pict-rs server"; package = lib.mkPackageOption pkgs "pict-rs" { }; dataDir = mkOption { type = types.path; default = "/var/lib/pict-rs"; - description = lib.mdDoc '' + description = '' The directory where to store the uploaded images & database. ''; }; @@ -27,7 +27,7 @@ in repoPath = mkOption { type = types.nullOr (types.path); default = null; - description = lib.mdDoc '' + description = '' The directory where to store the database. This option takes precedence over dataDir. ''; @@ -36,7 +36,7 @@ in storePath = mkOption { type = types.nullOr (types.path); default = null; - description = lib.mdDoc '' + description = '' The directory where to store the uploaded images. This option takes precedence over dataDir. ''; @@ -45,7 +45,7 @@ in address = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc '' + description = '' The IPv4 address to deploy the service to. ''; }; @@ -53,7 +53,7 @@ in port = mkOption { type = types.port; default = 8080; - description = lib.mdDoc '' + description = '' The port which to bind the service to. ''; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/pixelfed.nix b/nixpkgs/nixos/modules/services/web-apps/pixelfed.nix index 2add98264447..cd0e8f62b65c 100644 --- a/nixpkgs/nixos/modules/services/web-apps/pixelfed.nix +++ b/nixpkgs/nixos/modules/services/web-apps/pixelfed.nix @@ -38,14 +38,14 @@ let in { options.services = { pixelfed = { - enable = mkEnableOption (lib.mdDoc "a Pixelfed instance"); + enable = mkEnableOption "a Pixelfed instance"; package = mkPackageOption pkgs "pixelfed" { }; phpPackage = mkPackageOption pkgs "php81" { }; user = mkOption { type = types.str; default = "pixelfed"; - description = lib.mdDoc '' + description = '' User account under which pixelfed runs. ::: {.note} @@ -59,7 +59,7 @@ in { group = mkOption { type = types.str; default = "pixelfed"; - description = lib.mdDoc '' + description = '' Group account under which pixelfed runs. ::: {.note} @@ -72,14 +72,14 @@ in { domain = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' FQDN for the Pixelfed instance. ''; }; secretFile = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' A secret file to be sourced for the .env settings. Place `APP_KEY` and other settings that should not end up in the Nix store here. ''; @@ -87,7 +87,7 @@ in { settings = mkOption { type = with types; (attrsOf (oneOf [ bool int str ])); - description = lib.mdDoc '' + description = '' .env settings for Pixelfed. Secrets should use `secretFile` option instead. ''; @@ -108,7 +108,7 @@ in { forceHttps = true; } ''; - description = lib.mdDoc '' + description = '' With this option, you can customize an nginx virtual host which already has sensible defaults for Dolibarr. Set to {} if you do not need any customization to the virtual host. If enabled, then by default, the {option}`serverName` is @@ -117,19 +117,16 @@ in { ''; }; - redis.createLocally = mkEnableOption - (lib.mdDoc "a local Redis database using UNIX socket authentication") + redis.createLocally = mkEnableOption "a local Redis database using UNIX socket authentication" // { default = true; }; database = { - createLocally = mkEnableOption - (lib.mdDoc "a local database using UNIX socket authentication") // { + createLocally = mkEnableOption "a local database using UNIX socket authentication" // { default = true; }; - automaticMigrations = mkEnableOption - (lib.mdDoc "automatic migrations for database schema and data") // { + automaticMigrations = mkEnableOption "automatic migrations for database schema and data" // { default = true; }; @@ -137,7 +134,7 @@ in { type = types.enum [ "mysql" "pgsql" ]; example = "pgsql"; default = "mysql"; - description = lib.mdDoc '' + description = '' Database engine to use. Note that PGSQL is not well supported: https://github.com/pixelfed/pixelfed/issues/2727 ''; @@ -146,14 +143,14 @@ in { name = mkOption { type = types.str; default = "pixelfed"; - description = lib.mdDoc "Database name."; + description = "Database name."; }; }; maxUploadSize = mkOption { type = types.str; default = "8M"; - description = lib.mdDoc '' + description = '' Max upload size with units. ''; }; @@ -162,7 +159,7 @@ in { type = with types; attrsOf (oneOf [ int str bool ]); default = { }; - description = lib.mdDoc '' + description = '' Options for Pixelfed's PHP-FPM pool. ''; }; @@ -170,7 +167,7 @@ in { dataDir = mkOption { type = types.str; default = "/var/lib/pixelfed"; - description = lib.mdDoc '' + description = '' State directory of the `pixelfed` user which holds the application's state and data. ''; @@ -179,7 +176,7 @@ in { runtimeDir = mkOption { type = types.str; default = "/run/pixelfed"; - description = lib.mdDoc '' + description = '' Ruutime directory of the `pixelfed` user which holds the application's caches and temporary files. ''; @@ -188,7 +185,7 @@ in { schedulerInterval = mkOption { type = types.str; default = "1d"; - description = lib.mdDoc "How often the Pixelfed cron task should run"; + description = "How often the Pixelfed cron task should run"; }; }; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/plantuml-server.nix b/nixpkgs/nixos/modules/services/web-apps/plantuml-server.nix index b7bdf997d955..91a5be124d08 100644 --- a/nixpkgs/nixos/modules/services/web-apps/plantuml-server.nix +++ b/nixpkgs/nixos/modules/services/web-apps/plantuml-server.nix @@ -3,7 +3,6 @@ let inherit (lib) literalExpression - mdDoc mkEnableOption mkIf mkOption @@ -23,7 +22,7 @@ in options = { services.plantuml-server = { - enable = mkEnableOption (mdDoc "PlantUML server"); + enable = mkEnableOption "PlantUML server"; package = mkPackageOption pkgs "plantuml-server" { }; @@ -45,37 +44,37 @@ in user = mkOption { type = types.str; default = "plantuml"; - description = mdDoc "User which runs PlantUML server."; + description = "User which runs PlantUML server."; }; group = mkOption { type = types.str; default = "plantuml"; - description = mdDoc "Group which runs PlantUML server."; + description = "Group which runs PlantUML server."; }; home = mkOption { type = types.path; default = "/var/lib/plantuml"; - description = mdDoc "Home directory of the PlantUML server instance."; + description = "Home directory of the PlantUML server instance."; }; listenHost = mkOption { type = types.str; default = "127.0.0.1"; - description = mdDoc "Host to listen on."; + description = "Host to listen on."; }; listenPort = mkOption { type = types.int; default = 8080; - description = mdDoc "Port to listen on."; + description = "Port to listen on."; }; plantumlLimitSize = mkOption { type = types.int; default = 4096; - description = mdDoc "Limits image width and height."; + description = "Limits image width and height."; }; graphvizPackage = mkPackageOption pkgs "graphviz" { }; @@ -83,13 +82,13 @@ in plantumlStats = mkOption { type = types.bool; default = false; - description = mdDoc "Set it to on to enable statistics report (https://plantuml.com/statistics-report)."; + description = "Set it to on to enable statistics report (https://plantuml.com/statistics-report)."; }; httpAuthorization = mkOption { type = types.nullOr types.str; default = null; - description = mdDoc "When calling the proxy endpoint, the value of HTTP_AUTHORIZATION will be used to set the HTTP Authorization header."; + description = "When calling the proxy endpoint, the value of HTTP_AUTHORIZATION will be used to set the HTTP Authorization header."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/plausible.nix b/nixpkgs/nixos/modules/services/web-apps/plausible.nix index a6bb81e0b73f..8e49e591f75c 100644 --- a/nixpkgs/nixos/modules/services/web-apps/plausible.nix +++ b/nixpkgs/nixos/modules/services/web-apps/plausible.nix @@ -7,7 +7,7 @@ let in { options.services.plausible = { - enable = mkEnableOption (lib.mdDoc "plausible"); + enable = mkEnableOption "plausible"; package = mkPackageOption pkgs "plausible" { }; @@ -15,7 +15,7 @@ in { name = mkOption { default = "admin"; type = types.str; - description = lib.mdDoc '' + description = '' Name of the admin user that plausible will created on initial startup. ''; }; @@ -23,45 +23,45 @@ in { email = mkOption { type = types.str; example = "admin@localhost"; - description = lib.mdDoc '' + description = '' Email-address of the admin-user. ''; }; passwordFile = mkOption { type = types.either types.str types.path; - description = lib.mdDoc '' + description = '' Path to the file which contains the password of the admin user. ''; }; - activate = mkEnableOption (lib.mdDoc "activating the freshly created admin-user"); + activate = mkEnableOption "activating the freshly created admin-user"; }; database = { clickhouse = { - setup = mkEnableOption (lib.mdDoc "creating a clickhouse instance") // { default = true; }; + setup = mkEnableOption "creating a clickhouse instance" // { default = true; }; url = mkOption { default = "http://localhost:8123/default"; type = types.str; - description = lib.mdDoc '' + description = '' The URL to be used to connect to `clickhouse`. ''; }; }; postgres = { - setup = mkEnableOption (lib.mdDoc "creating a postgresql instance") // { default = true; }; + setup = mkEnableOption "creating a postgresql instance" // { default = true; }; dbname = mkOption { default = "plausible"; type = types.str; - description = lib.mdDoc '' + description = '' Name of the database to use. ''; }; socket = mkOption { default = "/run/postgresql"; type = types.str; - description = lib.mdDoc '' + description = '' Path to the UNIX domain-socket to communicate with `postgres`. ''; }; @@ -72,13 +72,13 @@ in { disableRegistration = mkOption { default = true; type = types.enum [true false "invite_only"]; - description = lib.mdDoc '' + description = '' Whether to prohibit creating an account in plausible's UI or allow on `invite_only`. ''; }; secretKeybaseFile = mkOption { type = types.either types.path types.str; - description = lib.mdDoc '' + description = '' Path to the secret used by the `phoenix`-framework. Instructions how to generate one are documented in the [ @@ -88,20 +88,20 @@ in { listenAddress = mkOption { default = "127.0.0.1"; type = types.str; - description = lib.mdDoc '' + description = '' The IP address on which the server is listening. ''; }; port = mkOption { default = 8000; type = types.port; - description = lib.mdDoc '' + description = '' Port where the service should be available. ''; }; baseUrl = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Public URL where plausible is available. Note that `/path` components are currently ignored: @@ -116,7 +116,7 @@ in { email = mkOption { default = "hello@plausible.local"; type = types.str; - description = lib.mdDoc '' + description = '' The email id to use for as *from* address of all communications from Plausible. ''; @@ -125,36 +125,36 @@ in { hostAddr = mkOption { default = "localhost"; type = types.str; - description = lib.mdDoc '' + description = '' The host address of your smtp server. ''; }; hostPort = mkOption { default = 25; type = types.port; - description = lib.mdDoc '' + description = '' The port of your smtp server. ''; }; user = mkOption { default = null; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' The username/email in case SMTP auth is enabled. ''; }; passwordFile = mkOption { default = null; type = with types; nullOr (either str path); - description = lib.mdDoc '' + description = '' The path to the file with the password in case SMTP auth is enabled. ''; }; - enableSSL = mkEnableOption (lib.mdDoc "SSL when connecting to the SMTP server"); + enableSSL = mkEnableOption "SSL when connecting to the SMTP server"; retries = mkOption { type = types.ints.unsigned; default = 2; - description = lib.mdDoc '' + description = '' Number of retries to make until mailer gives up. ''; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/powerdns-admin.nix b/nixpkgs/nixos/modules/services/web-apps/powerdns-admin.nix index 7b6fb06e3565..d64c468a9cb5 100644 --- a/nixpkgs/nixos/modules/services/web-apps/powerdns-admin.nix +++ b/nixpkgs/nixos/modules/services/web-apps/powerdns-admin.nix @@ -19,7 +19,7 @@ let in { options.services.powerdns-admin = { - enable = mkEnableOption (lib.mdDoc "the PowerDNS web interface"); + enable = mkEnableOption "the PowerDNS web interface"; extraArgs = mkOption { type = types.listOf types.str; @@ -27,7 +27,7 @@ in example = literalExpression '' [ "-b" "127.0.0.1:8000" ] ''; - description = lib.mdDoc '' + description = '' Extra arguments passed to powerdns-admin. ''; }; @@ -40,7 +40,7 @@ in PORT = 8000 SQLALCHEMY_DATABASE_URI = 'postgresql://powerdnsadmin@/powerdnsadmin?host=/run/postgresql' ''; - description = lib.mdDoc '' + description = '' Configuration python file. See [the example configuration](https://github.com/ngoduykhanh/PowerDNS-Admin/blob/v${pkgs.powerdns-admin.version}/configs/development.py) for options. @@ -50,7 +50,7 @@ in secretKeyFile = mkOption { type = types.nullOr types.path; example = "/etc/powerdns-admin/secret"; - description = lib.mdDoc '' + description = '' The secret used to create cookies. This needs to be set, otherwise the default is used and everyone can forge valid login cookies. Set this to null to ignore this setting and configure it through another way. @@ -60,7 +60,7 @@ in saltFile = mkOption { type = types.nullOr types.path; example = "/etc/powerdns-admin/salt"; - description = lib.mdDoc '' + description = '' The salt used for serialization. This should be set, otherwise the default is used. Set this to null to ignore this setting and configure it through another way. diff --git a/nixpkgs/nixos/modules/services/web-apps/pretalx.nix b/nixpkgs/nixos/modules/services/web-apps/pretalx.nix index ff6218112d2f..b062a8b7eeea 100644 --- a/nixpkgs/nixos/modules/services/web-apps/pretalx.nix +++ b/nixpkgs/nixos/modules/services/web-apps/pretalx.nix @@ -28,7 +28,7 @@ in }; options.services.pretalx = { - enable = lib.mkEnableOption (lib.mdDoc "pretalx"); + enable = lib.mkEnableOption "pretalx"; package = lib.mkPackageOptionMD pkgs "pretalx" {}; @@ -56,7 +56,7 @@ in "--max-requests-jitter=50" "--log-level=info" ]; - description = lib.mdDoc '' + description = '' Extra arguments to pass to gunicorn. See <https://docs.pretalx.org/administrator/installation.html#step-6-starting-pretalx-as-a-service> for details. ''; @@ -68,7 +68,7 @@ in type = lib.types.bool; default = true; example = false; - description = lib.mdDoc '' + description = '' Whether to set up celery as an asynchronous task runner. ''; }; @@ -76,7 +76,7 @@ in extraArgs = lib.mkOption { type = with lib.types; listOf str; default = [ ]; - description = lib.mdDoc '' + description = '' Extra arguments to pass to celery. See <https://docs.celeryq.dev/en/stable/reference/cli.html#celery-worker> for more info. @@ -90,7 +90,7 @@ in type = lib.types.bool; default = true; example = false; - description = lib.mdDoc '' + description = '' Whether to set up an nginx virtual host. ''; }; @@ -98,7 +98,7 @@ in domain = lib.mkOption { type = lib.types.str; example = "talks.example.com"; - description = lib.mdDoc '' + description = '' The domain name under which to set up the virtual host. ''; }; @@ -108,7 +108,7 @@ in type = lib.types.bool; default = true; example = false; - description = lib.mdDoc '' + description = '' Whether to automatically set up the database on the local DBMS instance. Currently only supported for PostgreSQL. Not required for sqlite. @@ -125,7 +125,7 @@ in "postgresql" ]; default = "postgresql"; - description = lib.mdDoc '' + description = '' Database backend to use. Currently only PostgreSQL gets tested, and as such we don't support any other DBMS. @@ -143,7 +143,7 @@ in else if config.services.pretalx.settings.database.backend == "mysql" then "/run/mysqld/mysqld.sock" else null ''; - description = lib.mdDoc '' + description = '' Database host or socket path. ''; }; @@ -151,7 +151,7 @@ in name = lib.mkOption { type = lib.types.str; default = "pretalx"; - description = lib.mdDoc '' + description = '' Database name. ''; }; @@ -159,7 +159,7 @@ in user = lib.mkOption { type = lib.types.str; default = "pretalx"; - description = lib.mdDoc '' + description = '' Database username. ''; }; @@ -169,14 +169,14 @@ in data = lib.mkOption { type = lib.types.path; default = "/var/lib/pretalx"; - description = lib.mdDoc '' + description = '' Base path for all other storage paths. ''; }; logs = lib.mkOption { type = lib.types.path; default = "/var/log/pretalx"; - description = lib.mdDoc '' + description = '' Path to the log directory, that pretalx logs message to. ''; }; @@ -185,7 +185,7 @@ in default = "${cfg.package.static}/"; defaultText = lib.literalExpression "\${config.services.pretalx.package}.static}/"; readOnly = true; - description = lib.mdDoc '' + description = '' Path to the directory that contains static files. ''; }; @@ -198,7 +198,7 @@ in defaultText = lib.literalExpression '' optionalString config.services.pretalx.celery.enable "redis+socket://''${config.services.redis.servers.pretalx.unixSocket}?virtual_host=1" ''; - description = lib.mdDoc '' + description = '' URI to the celery backend used for the asynchronous job queue. ''; }; @@ -209,7 +209,7 @@ in defaultText = lib.literalExpression '' optionalString config.services.pretalx.celery.enable "redis+socket://''${config.services.redis.servers.pretalx.unixSocket}?virtual_host=2" ''; - description = lib.mdDoc '' + description = '' URI to the celery broker used for the asynchronous job queue. ''; }; @@ -222,7 +222,7 @@ in defaultText = lib.literalExpression '' "unix://''${config.services.redis.servers.pretalx.unixSocket}?db=0" ''; - description = lib.mdDoc '' + description = '' URI to the redis server, used to speed up locking, caching and session storage. ''; }; @@ -231,7 +231,7 @@ in type = lib.types.bool; default = true; example = false; - description = lib.mdDoc '' + description = '' Whether to use redis as the session storage. ''; }; @@ -243,7 +243,7 @@ in default = "https://${cfg.nginx.domain}"; defaultText = lib.literalExpression "https://\${config.services.pretalx.nginx.domain}"; example = "https://talks.example.com"; - description = lib.mdDoc '' + description = '' The base URI below which your pretalx instance will be reachable. ''; }; @@ -251,7 +251,7 @@ in }; }; default = { }; - description = lib.mdDoc '' + description = '' pretalx configuration as a Nix attribute set. All settings can also be passed from the environment. @@ -286,16 +286,16 @@ in virtualHosts.${cfg.nginx.domain} = { # https://docs.pretalx.org/administrator/installation.html#step-7-ssl extraConfig = '' - more_set_headers Referrer-Policy same-origin; - more_set_headers X-Content-Type-Options nosniff; + more_set_headers "Referrer-Policy: same-origin"; + more_set_headers "X-Content-Type-Options: nosniff"; ''; locations = { "/".proxyPass = "http://pretalx"; "/media/" = { - alias = "${cfg.settings.filesystem.data}/data/media/"; + alias = "${cfg.settings.filesystem.data}/media/"; extraConfig = '' access_log off; - more_set_headers Content-Disposition 'attachment; filename="$1"'; + more_set_headers 'Content-Disposition: attachment; filename="$1"'; expires 7d; ''; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/prosody-filer.nix b/nixpkgs/nixos/modules/services/web-apps/prosody-filer.nix index 84953546d8e0..91880cab2976 100644 --- a/nixpkgs/nixos/modules/services/web-apps/prosody-filer.nix +++ b/nixpkgs/nixos/modules/services/web-apps/prosody-filer.nix @@ -11,10 +11,10 @@ in { options = { services.prosody-filer = { - enable = mkEnableOption (lib.mdDoc "Prosody Filer XMPP upload file server"); + enable = mkEnableOption "Prosody Filer XMPP upload file server"; settings = mkOption { - description = lib.mdDoc '' + description = '' Configuration for Prosody Filer. Refer to <https://github.com/ThomasLeister/prosody-filer#configure-prosody-filer> for details on supported values. ''; diff --git a/nixpkgs/nixos/modules/services/web-apps/rss-bridge.nix b/nixpkgs/nixos/modules/services/web-apps/rss-bridge.nix index 1a710f4a6a67..b03c7f7e8069 100644 --- a/nixpkgs/nixos/modules/services/web-apps/rss-bridge.nix +++ b/nixpkgs/nixos/modules/services/web-apps/rss-bridge.nix @@ -5,18 +5,31 @@ let poolName = "rss-bridge"; - whitelist = pkgs.writeText "rss-bridge_whitelist.txt" - (concatStringsSep "\n" cfg.whitelist); + configAttr = lib.recursiveUpdate { FileCache.path = "${cfg.dataDir}/cache/"; } cfg.config; + cfgHalf = lib.mapAttrsRecursive (path: value: let + envName = lib.toUpper ("RSSBRIDGE_" + lib.concatStringsSep "_" path); + envValue = if lib.isList value then + lib.concatStringsSep "," value + else if lib.isBool value then + lib.boolToString value + else + toString value; + in "fastcgi_param \"${envName}\" \"${envValue}\";") configAttr; + cfgEnv = lib.concatStringsSep "\n" (lib.collect lib.isString cfgHalf); in { + imports = [ + (mkRenamedOptionModule [ "services" "rss-bridge" "whitelist" ] [ "services" "rss-bridge" "config" "system" "enabled_bridges" ]) + ]; + options = { services.rss-bridge = { - enable = mkEnableOption (lib.mdDoc "rss-bridge"); + enable = mkEnableOption "rss-bridge"; user = mkOption { type = types.str; default = "nginx"; - description = lib.mdDoc '' + description = '' User account under which both the service and the web-application run. ''; }; @@ -24,7 +37,7 @@ in group = mkOption { type = types.str; default = "nginx"; - description = lib.mdDoc '' + description = '' Group under which the web-application run. ''; }; @@ -32,7 +45,7 @@ in pool = mkOption { type = types.str; default = poolName; - description = lib.mdDoc '' + description = '' Name of existing phpfpm pool that is used to run web-application. If not specified a pool will be created automatically with default values. @@ -42,7 +55,7 @@ in dataDir = mkOption { type = types.str; default = "/var/lib/rss-bridge"; - description = lib.mdDoc '' + description = '' Location in which cache directory will be created. You can put `config.ini.php` in here. ''; @@ -51,25 +64,31 @@ in virtualHost = mkOption { type = types.nullOr types.str; default = "rss-bridge"; - description = lib.mdDoc '' + description = '' Name of the nginx virtualhost to use and setup. If null, do not setup any virtualhost. ''; }; - whitelist = mkOption { - type = types.listOf types.str; - default = []; + config = mkOption { + type = with types; attrsOf (attrsOf (oneOf [ bool int str (listOf str) ])); + default = {}; + defaultText = options.literalExpression "FileCache.path = \"\${config.services.rss-bridge.dataDir}/cache/\""; example = options.literalExpression '' - [ - "Facebook" - "Instagram" - "Twitter" - ] + { + system.enabled_bridges = [ "*" ]; + error = { + output = "http"; + report_limit = 5; + }; + FileCache = { + enable_purge = true; + }; + } ''; - description = lib.mdDoc '' - List of bridges to be whitelisted. - If the list is empty, rss-bridge will use whitelist.default.txt. - Use `[ "*" ]` to whitelist all. + description = '' + Attribute set of arbitrary config options. + Please consult the documentation at the [wiki](https://rss-bridge.github.io/rss-bridge/For_Hosts/Custom_Configuration.html) + and [sample config](https://github.com/RSS-Bridge/rss-bridge/blob/master/config.default.ini.php) to see a list of available options. ''; }; }; @@ -93,11 +112,16 @@ in }; }; }; - systemd.tmpfiles.rules = [ - "d '${cfg.dataDir}/cache' 0750 ${cfg.user} ${cfg.group} - -" - (mkIf (cfg.whitelist != []) "L+ ${cfg.dataDir}/whitelist.txt - - - - ${whitelist}") - "z '${cfg.dataDir}/config.ini.php' 0750 ${cfg.user} ${cfg.group} - -" - ]; + systemd.tmpfiles.settings.rss-bridge = let + perm = { + mode = "0750"; + user = cfg.user; + group = cfg.group; + }; + in { + "${configAttr.FileCache.path}".d = perm; + "${cfg.dataDir}/config.ini.php".z = perm; + }; services.nginx = mkIf (cfg.virtualHost != null) { enable = true; @@ -116,6 +140,7 @@ in fastcgi_pass unix:${config.services.phpfpm.pools.${cfg.pool}.socket}; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param RSSBRIDGE_DATA ${cfg.dataDir}; + ${cfgEnv} ''; }; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/selfoss.nix b/nixpkgs/nixos/modules/services/web-apps/selfoss.nix index 8debd4904e88..899976ac696c 100644 --- a/nixpkgs/nixos/modules/services/web-apps/selfoss.nix +++ b/nixpkgs/nixos/modules/services/web-apps/selfoss.nix @@ -30,12 +30,12 @@ in { options = { services.selfoss = { - enable = mkEnableOption (lib.mdDoc "selfoss"); + enable = mkEnableOption "selfoss"; user = mkOption { type = types.str; default = "nginx"; - description = lib.mdDoc '' + description = '' User account under which both the service and the web-application run. ''; }; @@ -43,7 +43,7 @@ in pool = mkOption { type = types.str; default = "${poolName}"; - description = lib.mdDoc '' + description = '' Name of existing phpfpm pool that is used to run web-application. If not specified a pool will be created automatically with default values. @@ -54,7 +54,7 @@ in type = mkOption { type = types.enum ["pgsql" "mysql" "sqlite"]; default = "sqlite"; - description = lib.mdDoc '' + description = '' Database to store feeds. Supported are sqlite, pgsql and mysql. ''; }; @@ -62,7 +62,7 @@ in host = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc '' + description = '' Host of the database (has no effect if type is "sqlite"). ''; }; @@ -70,7 +70,7 @@ in name = mkOption { type = types.str; default = "tt_rss"; - description = lib.mdDoc '' + description = '' Name of the existing database (has no effect if type is "sqlite"). ''; }; @@ -78,7 +78,7 @@ in user = mkOption { type = types.str; default = "tt_rss"; - description = lib.mdDoc '' + description = '' The database user. The user must exist and has access to the specified database (has no effect if type is "sqlite"). ''; @@ -87,7 +87,7 @@ in password = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The database user's password (has no effect if type is "sqlite"). ''; }; @@ -95,7 +95,7 @@ in port = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' The database's port. If not set, the default ports will be provided (5432 and 3306 for pgsql and mysql respectively) (has no effect if type is "sqlite"). @@ -105,7 +105,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra configuration added to config.ini ''; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/sftpgo.nix b/nixpkgs/nixos/modules/services/web-apps/sftpgo.nix index 1b5111e5a81c..3ad6d0436afc 100644 --- a/nixpkgs/nixos/modules/services/web-apps/sftpgo.nix +++ b/nixpkgs/nixos/modules/services/web-apps/sftpgo.nix @@ -20,7 +20,7 @@ in enable = mkOption { type = types.bool; default = false; - description = mdDoc "sftpgo"; + description = "sftpgo"; }; package = mkPackageOption pkgs "sftpgo" { }; @@ -28,7 +28,7 @@ in extraArgs = mkOption { type = with types; listOf str; default = []; - description = mdDoc '' + description = '' Additional command line arguments to pass to the sftpgo daemon. ''; example = [ "--log-level" "info" ]; @@ -37,7 +37,7 @@ in dataDir = mkOption { type = types.str; default = "/var/lib/sftpgo"; - description = mdDoc '' + description = '' The directory where SFTPGo stores its data files. ''; }; @@ -45,7 +45,7 @@ in user = mkOption { type = types.str; default = defaultUser; - description = mdDoc '' + description = '' User account name under which SFTPGo runs. ''; }; @@ -53,7 +53,7 @@ in group = mkOption { type = types.str; default = defaultUser; - description = mdDoc '' + description = '' Group name under which SFTPGo runs. ''; }; @@ -61,7 +61,7 @@ in loadDataFile = mkOption { default = null; type = with types; nullOr path; - description = mdDoc '' + description = '' Path to a json file containing users and folders to load (or update) on startup. Check the [documentation](https://github.com/drakkan/sftpgo/blob/main/docs/full-configuration.md) for the `--loaddata-from` command line argument for more info. @@ -70,7 +70,7 @@ in settings = mkOption { default = {}; - description = mdDoc '' + description = '' The primary sftpgo configuration. See the [configuration reference](https://github.com/drakkan/sftpgo/blob/main/docs/full-configuration.md) for possible values. @@ -80,7 +80,7 @@ in options = { httpd.bindings = mkOption { default = []; - description = mdDoc '' + description = '' Configure listen addresses and ports for httpd. ''; type = types.listOf (types.submodule { @@ -89,7 +89,7 @@ in address = mkOption { type = types.str; default = "127.0.0.1"; - description = mdDoc '' + description = '' Network listen address. Leave blank to listen on all available network interfaces. On *NIX you can specify an absolute path to listen on a Unix-domain socket. ''; @@ -98,7 +98,7 @@ in port = mkOption { type = types.port; default = 8080; - description = mdDoc '' + description = '' The port for serving HTTP(S) requests. Setting the port to `0` disables listening on this interface binding. @@ -108,7 +108,7 @@ in enable_web_admin = mkOption { type = types.bool; default = true; - description = mdDoc '' + description = '' Enable the built-in web admin for this interface binding. ''; }; @@ -116,7 +116,7 @@ in enable_web_client = mkOption { type = types.bool; default = true; - description = mdDoc '' + description = '' Enable the built-in web client for this interface binding. ''; }; @@ -126,7 +126,7 @@ in ftpd.bindings = mkOption { default = []; - description = mdDoc '' + description = '' Configure listen addresses and ports for ftpd. ''; type = types.listOf (types.submodule { @@ -135,7 +135,7 @@ in address = mkOption { type = types.str; default = "127.0.0.1"; - description = mdDoc '' + description = '' Network listen address. Leave blank to listen on all available network interfaces. On *NIX you can specify an absolute path to listen on a Unix-domain socket. ''; @@ -144,7 +144,7 @@ in port = mkOption { type = types.port; default = 0; - description = mdDoc '' + description = '' The port for serving FTP requests. Setting the port to `0` disables listening on this interface binding. @@ -156,7 +156,7 @@ in sftpd.bindings = mkOption { default = []; - description = mdDoc '' + description = '' Configure listen addresses and ports for sftpd. ''; type = types.listOf (types.submodule { @@ -165,7 +165,7 @@ in address = mkOption { type = types.str; default = "127.0.0.1"; - description = mdDoc '' + description = '' Network listen address. Leave blank to listen on all available network interfaces. On *NIX you can specify an absolute path to listen on a Unix-domain socket. ''; @@ -174,7 +174,7 @@ in port = mkOption { type = types.port; default = 0; - description = mdDoc '' + description = '' The port for serving SFTP requests. Setting the port to `0` disables listening on this interface binding. @@ -186,7 +186,7 @@ in webdavd.bindings = mkOption { default = []; - description = mdDoc '' + description = '' Configure listen addresses and ports for webdavd. ''; type = types.listOf (types.submodule { @@ -195,7 +195,7 @@ in address = mkOption { type = types.str; default = "127.0.0.1"; - description = mdDoc '' + description = '' Network listen address. Leave blank to listen on all available network interfaces. On *NIX you can specify an absolute path to listen on a Unix-domain socket. ''; @@ -204,7 +204,7 @@ in port = mkOption { type = types.port; default = 0; - description = mdDoc '' + description = '' The port for serving WebDAV requests. Setting the port to `0` disables listening on this interface binding. @@ -216,7 +216,7 @@ in smtp = mkOption { default = {}; - description = mdDoc '' + description = '' SMTP configuration section. ''; type = types.submodule { @@ -225,7 +225,7 @@ in host = mkOption { type = types.str; default = ""; - description = mdDoc '' + description = '' Location of SMTP email server. Leave empty to disable email sending capabilities. ''; }; @@ -233,13 +233,13 @@ in port = mkOption { type = types.port; default = 465; - description = mdDoc "Port of the SMTP Server."; + description = "Port of the SMTP Server."; }; encryption = mkOption { type = types.enum [ 0 1 2 ]; default = 1; - description = mdDoc '' + description = '' Encryption scheme: - `0`: No encryption - `1`: TLS @@ -250,7 +250,7 @@ in auth_type = mkOption { type = types.enum [ 0 1 2 ]; default = 0; - description = mdDoc '' + description = '' - `0`: Plain - `1`: Login - `2`: CRAM-MD5 @@ -260,13 +260,13 @@ in user = mkOption { type = types.str; default = "sftpgo"; - description = mdDoc "SMTP username."; + description = "SMTP username."; }; from = mkOption { type = types.str; default = "SFTPGo <sftpgo@example.com>"; - description = mdDoc '' + description = '' From address. ''; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/shiori.nix b/nixpkgs/nixos/modules/services/web-apps/shiori.nix index f9026e04d155..022bb5e43881 100644 --- a/nixpkgs/nixos/modules/services/web-apps/shiori.nix +++ b/nixpkgs/nixos/modules/services/web-apps/shiori.nix @@ -6,14 +6,14 @@ let in { options = { services.shiori = { - enable = mkEnableOption (lib.mdDoc "Shiori simple bookmarks manager"); + enable = mkEnableOption "Shiori simple bookmarks manager"; package = mkPackageOption pkgs "shiori" { }; address = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' The IP address on which Shiori will listen. If empty, listens on all interfaces. ''; @@ -22,14 +22,14 @@ in { port = mkOption { type = types.port; default = 8080; - description = lib.mdDoc "The port of the Shiori web application"; + description = "The port of the Shiori web application"; }; webRoot = mkOption { type = types.str; default = "/"; example = "/shiori"; - description = lib.mdDoc "The root of the Shiori web application"; + description = "The root of the Shiori web application"; }; }; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/silverbullet.nix b/nixpkgs/nixos/modules/services/web-apps/silverbullet.nix new file mode 100644 index 000000000000..c316d074cbaa --- /dev/null +++ b/nixpkgs/nixos/modules/services/web-apps/silverbullet.nix @@ -0,0 +1,123 @@ +{ config +, pkgs +, lib +, ... +}: +let + cfg = config.services.silverbullet; + defaultUser = "silverbullet"; + defaultGroup = defaultUser; + defaultSpaceDir = "/var/lib/silverbullet"; +in +{ + options = { + services.silverbullet = { + enable = lib.mkEnableOption "Silverbullet, an open-source, self-hosted, offline-capable Personal Knowledge Management (PKM) web application."; + + package = lib.mkPackageOptionMD pkgs "silverbullet" { }; + + openFirewall = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Open port in the firewall."; + }; + + listenPort = lib.mkOption { + type = lib.types.int; + default = 3000; + description = "Port to listen on."; + }; + + listenAddress = lib.mkOption { + type = lib.types.str; + default = "127.0.0.1"; + description = "Address or hostname to listen on. Defaults to 127.0.0.1."; + }; + + spaceDir = lib.mkOption { + type = lib.types.path; + default = defaultSpaceDir; + example = "/home/yourUser/silverbullet"; + description = '' + Folder to store Silverbullet's space/workspace. + By default it is located at `${defaultSpaceDir}`. + ''; + }; + + user = lib.mkOption { + type = lib.types.str; + default = defaultUser; + example = "yourUser"; + description = '' + The user to run Silverbullet as. + By default, a user named `${defaultUser}` will be created whose space + directory is [spaceDir](#opt-services.silverbullet.spaceDir). + ''; + }; + + group = lib.mkOption { + type = lib.types.str; + default = defaultGroup; + example = "yourGroup"; + description = '' + The group to run Silverbullet under. + By default, a group named `${defaultGroup}` will be created. + ''; + }; + + envFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; + default = null; + example = "/etc/silverbullet.env"; + description = '' + File containing extra environment variables. For example: + + ``` + SB_USER=user:password + SB_AUTH_TOKEN=abcdefg12345 + ``` + ''; + }; + + extraArgs = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ ]; + example = [ "--db /path/to/silverbullet.db" ]; + description = "Extra arguments passed to silverbullet."; + }; + }; + }; + + config = lib.mkIf cfg.enable { + systemd.services.silverbullet = { + description = "Silverbullet service"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + preStart = lib.mkIf (!lib.hasPrefix "/var/lib/" cfg.spaceDir) "mkdir -p '${cfg.spaceDir}'"; + serviceConfig = { + Type = "simple"; + User = "${cfg.user}"; + Group = "${cfg.group}"; + EnvironmentFile = lib.mkIf (cfg.envFile != null) "${cfg.envFile}"; + StateDirectory = lib.mkIf (lib.hasPrefix "/var/lib/" cfg.spaceDir) (lib.last (lib.splitString "/" cfg.spaceDir)); + ExecStart = "${lib.getExe cfg.package} --port ${toString cfg.listenPort} --hostname '${cfg.listenAddress}' '${cfg.spaceDir}' " + lib.concatStringsSep " " cfg.extraArgs; + Restart = "on-failure"; + }; + }; + + networking.firewall = lib.mkIf cfg.openFirewall { + allowedTCPPorts = [ cfg.listenPort ]; + }; + + users.users.${defaultUser} = lib.mkIf (cfg.user == defaultUser) { + isSystemUser = true; + group = cfg.group; + description = "Silverbullet daemon user"; + }; + + users.groups.${defaultGroup} = lib.mkIf (cfg.group == defaultGroup) { }; + }; + + meta.maintainers = with lib.maintainers; [ aorith ]; +} diff --git a/nixpkgs/nixos/modules/services/web-apps/snipe-it.nix b/nixpkgs/nixos/modules/services/web-apps/snipe-it.nix index 4fbf2bad750b..272dd23d7271 100644 --- a/nixpkgs/nixos/modules/services/web-apps/snipe-it.nix +++ b/nixpkgs/nixos/modules/services/web-apps/snipe-it.nix @@ -34,22 +34,22 @@ let in { options.services.snipe-it = { - enable = mkEnableOption (lib.mdDoc "snipe-it, a free open source IT asset/license management system"); + enable = mkEnableOption "snipe-it, a free open source IT asset/license management system"; user = mkOption { default = "snipeit"; - description = lib.mdDoc "User snipe-it runs as."; + description = "User snipe-it runs as."; type = types.str; }; group = mkOption { default = "snipeit"; - description = lib.mdDoc "Group snipe-it runs as."; + description = "Group snipe-it runs as."; type = types.str; }; appKeyFile = mkOption { - description = lib.mdDoc '' + description = '' A file containing the Laravel APP_KEY - a 32 character long, base64 encoded key used for encryption where needed. Can be generated with `head -c 32 /dev/urandom | base64`. @@ -63,13 +63,13 @@ in { default = config.networking.fqdnOrHostName; defaultText = lib.literalExpression "config.networking.fqdnOrHostName"; example = "snipe-it.example.com"; - description = lib.mdDoc '' + description = '' The hostname to serve Snipe-IT on. ''; }; appURL = mkOption { - description = lib.mdDoc '' + description = '' The root URL that you want to host Snipe-IT on. All URLs in Snipe-IT will be generated using this value. If you change this in the future you may need to run a command to update stored URLs in the database. Command example: `snipe-it snipe-it:update-url https://old.example.com https://new.example.com` @@ -83,7 +83,7 @@ in { }; dataDir = mkOption { - description = lib.mdDoc "snipe-it data directory"; + description = "snipe-it data directory"; default = "/var/lib/snipe-it"; type = types.path; }; @@ -92,29 +92,29 @@ in { host = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc "Database host address."; + description = "Database host address."; }; port = mkOption { type = types.port; default = 3306; - description = lib.mdDoc "Database host port."; + description = "Database host port."; }; name = mkOption { type = types.str; default = "snipeit"; - description = lib.mdDoc "Database name."; + description = "Database name."; }; user = mkOption { type = types.str; default = user; defaultText = literalExpression "user"; - description = lib.mdDoc "Database username."; + description = "Database username."; }; passwordFile = mkOption { type = with types; nullOr path; default = null; example = "/run/keys/snipe-it/dbpassword"; - description = lib.mdDoc '' + description = '' A file containing the password corresponding to {option}`database.user`. ''; @@ -122,7 +122,7 @@ in { createLocally = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Create the database and database user locally."; + description = "Create the database and database user locally."; }; }; @@ -130,34 +130,34 @@ in { driver = mkOption { type = types.enum [ "smtp" "sendmail" ]; default = "smtp"; - description = lib.mdDoc "Mail driver to use."; + description = "Mail driver to use."; }; host = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc "Mail host address."; + description = "Mail host address."; }; port = mkOption { type = types.port; default = 1025; - description = lib.mdDoc "Mail host port."; + description = "Mail host port."; }; encryption = mkOption { type = with types; nullOr (enum [ "tls" "ssl" ]); default = null; - description = lib.mdDoc "SMTP encryption mechanism to use."; + description = "SMTP encryption mechanism to use."; }; user = mkOption { type = with types; nullOr str; default = null; example = "snipeit"; - description = lib.mdDoc "Mail username."; + description = "Mail username."; }; passwordFile = mkOption { type = with types; nullOr path; default = null; example = "/run/keys/snipe-it/mailpassword"; - description = lib.mdDoc '' + description = '' A file containing the password corresponding to {option}`mail.user`. ''; @@ -165,30 +165,30 @@ in { backupNotificationAddress = mkOption { type = types.str; default = "backup@example.com"; - description = lib.mdDoc "Email Address to send Backup Notifications to."; + description = "Email Address to send Backup Notifications to."; }; from = { name = mkOption { type = types.str; default = "Snipe-IT Asset Management"; - description = lib.mdDoc "Mail \"from\" name."; + description = "Mail \"from\" name."; }; address = mkOption { type = types.str; default = "mail@example.com"; - description = lib.mdDoc "Mail \"from\" address."; + description = "Mail \"from\" address."; }; }; replyTo = { name = mkOption { type = types.str; default = "Snipe-IT Asset Management"; - description = lib.mdDoc "Mail \"reply-to\" name."; + description = "Mail \"reply-to\" name."; }; address = mkOption { type = types.str; default = "mail@example.com"; - description = lib.mdDoc "Mail \"reply-to\" address."; + description = "Mail \"reply-to\" address."; }; }; }; @@ -197,7 +197,7 @@ in { type = types.str; default = "18M"; example = "1G"; - description = lib.mdDoc "The maximum size for uploads (e.g. images)."; + description = "The maximum size for uploads (e.g. images)."; }; poolConfig = mkOption { @@ -210,7 +210,7 @@ in { "pm.max_spare_servers" = 4; "pm.max_requests" = 500; }; - description = lib.mdDoc '' + description = '' Options for the snipe-it PHP pool. See the documentation on `php-fpm.conf` for details on configuration directives. ''; @@ -232,7 +232,7 @@ in { enableACME = true; } ''; - description = lib.mdDoc '' + description = '' With this option, you can customize the nginx virtualHost settings. ''; }; @@ -253,7 +253,7 @@ in { options = { _secret = mkOption { type = nullOr (oneOf [ str path ]); - description = lib.mdDoc '' + description = '' The path to a file containing the value the option should be set to in the final configuration file. @@ -275,7 +275,7 @@ in { OIDC_ISSUER_DISCOVER = true; } ''; - description = lib.mdDoc '' + description = '' Snipe-IT configuration options to set in the {file}`.env` file. Refer to <https://snipe-it.readme.io/docs/configuration> diff --git a/nixpkgs/nixos/modules/services/web-apps/sogo.nix b/nixpkgs/nixos/modules/services/web-apps/sogo.nix index 9427eff35d14..78b577f18f28 100644 --- a/nixpkgs/nixos/modules/services/web-apps/sogo.nix +++ b/nixpkgs/nixos/modules/services/web-apps/sogo.nix @@ -18,34 +18,34 @@ in { options.services.sogo = with types; { - enable = mkEnableOption (lib.mdDoc "SOGo groupware"); + enable = mkEnableOption "SOGo groupware"; vhostName = mkOption { - description = lib.mdDoc "Name of the nginx vhost"; + description = "Name of the nginx vhost"; type = str; default = "sogo"; }; timezone = mkOption { - description = lib.mdDoc "Timezone of your SOGo instance"; + description = "Timezone of your SOGo instance"; type = str; example = "America/Montreal"; }; language = mkOption { - description = lib.mdDoc "Language of SOGo"; + description = "Language of SOGo"; type = str; default = "English"; }; ealarmsCredFile = mkOption { - description = lib.mdDoc "Optional path to a credentials file for email alarms"; + description = "Optional path to a credentials file for email alarms"; type = nullOr str; default = null; }; configReplaces = mkOption { - description = lib.mdDoc '' + description = '' Replacement-filepath mapping for sogo.conf. Every key is replaced with the contents of the file specified as value. @@ -60,7 +60,7 @@ in { }; extraConfig = mkOption { - description = lib.mdDoc "Extra sogo.conf configuration lines"; + description = "Extra sogo.conf configuration lines"; type = lines; default = ""; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/suwayomi-server.nix b/nixpkgs/nixos/modules/services/web-apps/suwayomi-server.nix index 99c6ea2a36e6..5b61852a534d 100644 --- a/nixpkgs/nixos/modules/services/web-apps/suwayomi-server.nix +++ b/nixpkgs/nixos/modules/services/web-apps/suwayomi-server.nix @@ -2,14 +2,14 @@ let cfg = config.services.suwayomi-server; - inherit (lib) mkOption mdDoc mkEnableOption mkIf types; + inherit (lib) mkOption mkEnableOption mkIf types; format = pkgs.formats.hocon { }; in { options = { services.suwayomi-server = { - enable = mkEnableOption (mdDoc "Suwayomi, a free and open source manga reader server that runs extensions built for Tachiyomi."); + enable = mkEnableOption "Suwayomi, a free and open source manga reader server that runs extensions built for Tachiyomi."; package = lib.mkPackageOptionMD pkgs "suwayomi-server" { }; @@ -17,7 +17,7 @@ in type = types.path; default = "/var/lib/suwayomi-server"; example = "/var/data/mangas"; - description = mdDoc '' + description = '' The path to the data directory in which Suwayomi-Server will download scans. ''; }; @@ -26,7 +26,7 @@ in type = types.str; default = "suwayomi"; example = "root"; - description = mdDoc '' + description = '' User account under which Suwayomi-Server runs. ''; }; @@ -35,7 +35,7 @@ in type = types.str; default = "suwayomi"; example = "medias"; - description = mdDoc '' + description = '' Group under which Suwayomi-Server runs. ''; }; @@ -43,7 +43,7 @@ in openFirewall = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Whether to open the firewall for the port in {option}`services.suwayomi-server.settings.server.port`. ''; }; @@ -57,7 +57,7 @@ in type = types.str; default = "0.0.0.0"; example = "127.0.0.1"; - description = mdDoc '' + description = '' The ip that Suwayomi will bind to. ''; }; @@ -66,20 +66,20 @@ in type = types.port; default = 8080; example = 4567; - description = mdDoc '' + description = '' The port that Suwayomi will listen to. ''; }; - basicAuthEnabled = mkEnableOption (mdDoc '' + basicAuthEnabled = mkEnableOption '' Add basic access authentication to Suwayomi-Server. Enabling this option is useful when hosting on a public network/the Internet - ''); + ''; basicAuthUsername = mkOption { type = types.nullOr types.str; default = null; - description = mdDoc '' + description = '' The username value that you have to provide when authenticating. ''; }; @@ -89,7 +89,7 @@ in type = types.nullOr types.path; default = null; example = "/var/secrets/suwayomi-server-password"; - description = mdDoc '' + description = '' The password file containing the value that you have to provide when authenticating. ''; }; @@ -97,7 +97,7 @@ in downloadAsCbz = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Download chapters as `.cbz` files. ''; }; @@ -108,7 +108,7 @@ in example = [ "https://raw.githubusercontent.com/MY_ACCOUNT/MY_REPO/repo/index.min.json" ]; - description = mdDoc '' + description = '' URL of repositories from which the extensions can be installed. ''; }; @@ -118,7 +118,7 @@ in default = cfg.dataDir; defaultText = lib.literalExpression "suwayomi-server.dataDir"; example = "/var/data/local_mangas"; - description = mdDoc '' + description = '' Path to the local source folder. ''; }; @@ -126,14 +126,14 @@ in systemTrayEnabled = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Whether to enable a system tray icon, if possible. ''; }; }; }; }; - description = mdDoc '' + description = '' Configuration to write to {file}`server.conf`. See <https://github.com/Suwayomi/Suwayomi-Server/wiki/Configuring-Suwayomi-Server> for more information. ''; diff --git a/nixpkgs/nixos/modules/services/web-apps/trilium.nix b/nixpkgs/nixos/modules/services/web-apps/trilium.nix index a91d64f620b6..42b0a16827c3 100644 --- a/nixpkgs/nixos/modules/services/web-apps/trilium.nix +++ b/nixpkgs/nixos/modules/services/web-apps/trilium.nix @@ -24,12 +24,12 @@ in { options.services.trilium-server = with lib; { - enable = mkEnableOption (lib.mdDoc "trilium-server"); + enable = mkEnableOption "trilium-server"; dataDir = mkOption { type = types.str; default = "/var/lib/trilium"; - description = lib.mdDoc '' + description = '' The directory storing the notes database and the configuration. ''; }; @@ -37,7 +37,7 @@ in instanceName = mkOption { type = types.str; default = "Trilium"; - description = lib.mdDoc '' + description = '' Instance name used to distinguish between different instances ''; }; @@ -45,7 +45,7 @@ in noBackup = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Disable periodic database backups. ''; }; @@ -53,7 +53,7 @@ in noAuthentication = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' If set to true, no password is required to access the web frontend. ''; }; @@ -61,7 +61,7 @@ in host = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc '' + description = '' The host address to bind to (defaults to localhost). ''; }; @@ -69,14 +69,14 @@ in port = mkOption { type = types.port; default = 8080; - description = lib.mdDoc '' + description = '' The port number to bind to. ''; }; nginx = mkOption { default = {}; - description = lib.mdDoc '' + description = '' Configuration for nginx reverse proxy. ''; @@ -85,14 +85,14 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Configure the nginx reverse proxy settings. ''; }; hostName = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The hostname use to setup the virtualhost configuration ''; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/tt-rss.nix b/nixpkgs/nixos/modules/services/web-apps/tt-rss.nix index 84342165c9c0..9826febb3c66 100644 --- a/nixpkgs/nixos/modules/services/web-apps/tt-rss.nix +++ b/nixpkgs/nixos/modules/services/web-apps/tt-rss.nix @@ -123,12 +123,12 @@ let services.tt-rss = { - enable = mkEnableOption (lib.mdDoc "tt-rss"); + enable = mkEnableOption "tt-rss"; root = mkOption { type = types.path; default = "/var/lib/tt-rss"; - description = lib.mdDoc '' + description = '' Root of the application. ''; }; @@ -136,7 +136,7 @@ let user = mkOption { type = types.str; default = "tt_rss"; - description = lib.mdDoc '' + description = '' User account under which both the update daemon and the web-application run. ''; }; @@ -144,7 +144,7 @@ let pool = mkOption { type = types.str; default = "${poolName}"; - description = lib.mdDoc '' + description = '' Name of existing phpfpm pool that is used to run web-application. If not specified a pool will be created automatically with default values. @@ -154,7 +154,7 @@ let virtualHost = mkOption { type = types.nullOr types.str; default = "tt-rss"; - description = lib.mdDoc '' + description = '' Name of the nginx virtualhost to use and setup. If null, do not setup any virtualhost. ''; }; @@ -163,7 +163,7 @@ let type = mkOption { type = types.enum ["pgsql" "mysql"]; default = "pgsql"; - description = lib.mdDoc '' + description = '' Database to store feeds. Supported are pgsql and mysql. ''; }; @@ -171,7 +171,7 @@ let host = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Host of the database. Leave null to use Unix domain socket. ''; }; @@ -179,7 +179,7 @@ let name = mkOption { type = types.str; default = "tt_rss"; - description = lib.mdDoc '' + description = '' Name of the existing database. ''; }; @@ -187,7 +187,7 @@ let user = mkOption { type = types.str; default = "tt_rss"; - description = lib.mdDoc '' + description = '' The database user. The user must exist and has access to the specified database. ''; @@ -196,7 +196,7 @@ let password = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The database user's password. ''; }; @@ -204,7 +204,7 @@ let passwordFile = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The database user's password. ''; }; @@ -212,7 +212,7 @@ let port = mkOption { type = types.nullOr types.port; default = null; - description = lib.mdDoc '' + description = '' The database's port. If not set, the default ports will be provided (5432 and 3306 for pgsql and mysql respectively). ''; @@ -221,7 +221,7 @@ let createLocally = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Create the database and database user locally."; + description = "Create the database and database user locally."; }; }; @@ -229,7 +229,7 @@ let autoCreate = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Allow authentication modules to auto-create users in tt-rss internal database when authenticated successfully. ''; @@ -238,7 +238,7 @@ let autoLogin = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Automatically login user on remote or other kind of externally supplied authentication, otherwise redirect to login form as normal. If set to true, users won't be able to set application language @@ -251,7 +251,7 @@ let hub = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' URL to a PubSubHubbub-compatible hub server. If defined, "Published articles" generated feed would automatically become PUSH-enabled. ''; @@ -260,7 +260,7 @@ let enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable client PubSubHubbub support in tt-rss. When disabled, tt-rss won't try to subscribe to PUSH feed updates. ''; @@ -271,7 +271,7 @@ let server = mkOption { type = types.str; default = "localhost:9312"; - description = lib.mdDoc '' + description = '' Hostname:port combination for the Sphinx server. ''; }; @@ -279,7 +279,7 @@ let index = mkOption { type = types.listOf types.str; default = ["ttrss" "delta"]; - description = lib.mdDoc '' + description = '' Index names in Sphinx configuration. Example configuration files are available on tt-rss wiki. ''; @@ -290,7 +290,7 @@ let enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Allow users to register themselves. Please be aware that allowing random people to access your tt-rss installation is a security risk and potentially might lead to data loss or server exploit. Disabled @@ -301,7 +301,7 @@ let notifyAddress = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Email address to send new user notifications to. ''; }; @@ -309,7 +309,7 @@ let maxUsers = mkOption { type = types.int; default = 0; - description = lib.mdDoc '' + description = '' Maximum amount of users which will be allowed to register on this system. 0 - no limit. ''; @@ -321,7 +321,7 @@ let type = types.str; default = ""; example = "localhost:25"; - description = lib.mdDoc '' + description = '' Hostname:port combination to send outgoing mail. Blank - use system MTA. ''; @@ -330,7 +330,7 @@ let login = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' SMTP authentication login used when sending outgoing mail. ''; }; @@ -338,7 +338,7 @@ let password = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' SMTP authentication password used when sending outgoing mail. ''; }; @@ -346,7 +346,7 @@ let security = mkOption { type = types.enum ["" "ssl" "tls"]; default = ""; - description = lib.mdDoc '' + description = '' Used to select a secure SMTP connection. Allowed values: ssl, tls, or empty. ''; @@ -355,7 +355,7 @@ let fromName = mkOption { type = types.str; default = "Tiny Tiny RSS"; - description = lib.mdDoc '' + description = '' Name for sending outgoing mail. This applies to password reset notifications, digest emails and any other mail. ''; @@ -364,7 +364,7 @@ let fromAddress = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Address for sending outgoing mail. This applies to password reset notifications, digest emails and any other mail. ''; @@ -373,7 +373,7 @@ let digestSubject = mkOption { type = types.str; default = "[tt-rss] New headlines for last 24 hours"; - description = lib.mdDoc '' + description = '' Subject line for email digests. ''; }; @@ -382,7 +382,7 @@ let sessionCookieLifetime = mkOption { type = types.int; default = 86400; - description = lib.mdDoc '' + description = '' Default lifetime of a session (e.g. login) cookie. In seconds, 0 means cookie will be deleted when browser closes. ''; @@ -390,7 +390,7 @@ let selfUrlPath = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Full URL of your tt-rss installation. This should be set to the location of tt-rss directory, e.g. http://example.org/tt-rss/ You need to set this option correctly otherwise several features @@ -402,7 +402,7 @@ let feedCryptKey = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Key used for encryption of passwords for password-protected feeds in the database. A string of 24 random characters. If left blank, encryption is not used. Requires mcrypt functions. @@ -415,7 +415,7 @@ let type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Operate in single user mode, disables all functionality related to multiple users and authentication. Enabling this assumes you have your tt-rss directory protected by other means (e.g. http auth). @@ -425,7 +425,7 @@ let simpleUpdateMode = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enables fallback update mode where tt-rss tries to update feeds in background while tt-rss is open in your browser. If you don't have a lot of feeds and don't want to or can't run @@ -439,7 +439,7 @@ let forceArticlePurge = mkOption { type = types.int; default = 0; - description = lib.mdDoc '' + description = '' When this option is not 0, users ability to control feed purging intervals is disabled and all articles (which are not starred) older than this amount of days are purged. @@ -449,7 +449,7 @@ let enableGZipOutput = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Selectively gzip output to improve wire performance. This requires PHP Zlib extension on the server. Enabling this can break tt-rss in several httpd/php configurations, @@ -462,7 +462,7 @@ let type = lib.types.package; default = pkgs.php; defaultText = "pkgs.php"; - description = lib.mdDoc '' + description = '' php package to use for php fpm and update daemon. ''; }; @@ -470,7 +470,7 @@ let plugins = mkOption { type = types.listOf types.str; default = ["auth_internal" "note"]; - description = lib.mdDoc '' + description = '' List of plugins to load automatically for all users. System plugins have to be specified here. Please enable at least one authentication plugin here (auth_*). @@ -484,7 +484,7 @@ let pluginPackages = mkOption { type = types.listOf types.package; default = []; - description = lib.mdDoc '' + description = '' List of plugins to install. The list elements are expected to be derivations. All elements in this derivation are automatically copied to the `plugins.local` directory. @@ -494,7 +494,7 @@ let themePackages = mkOption { type = types.listOf types.package; default = []; - description = lib.mdDoc '' + description = '' List of themes to install. The list elements are expected to be derivations. All elements in this derivation are automatically copied to the `themes.local` directory. @@ -504,7 +504,7 @@ let logDestination = mkOption { type = types.enum ["" "sql" "syslog"]; default = "sql"; - description = lib.mdDoc '' + description = '' Log destination to use. Possible values: sql (uses internal logging you can read in Preferences -> System), syslog - logs to system log. Setting this to blank uses PHP logging (usually to http server @@ -515,7 +515,7 @@ let extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Additional lines to append to `config.php`. ''; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/vikunja.nix b/nixpkgs/nixos/modules/services/web-apps/vikunja.nix index efa9c676d9a5..9727eaccc1d0 100644 --- a/nixpkgs/nixos/modules/services/web-apps/vikunja.nix +++ b/nixpkgs/nixos/modules/services/web-apps/vikunja.nix @@ -14,36 +14,36 @@ in { ]; options.services.vikunja = with lib; { - enable = mkEnableOption (lib.mdDoc "vikunja service"); + enable = mkEnableOption "vikunja service"; package = mkPackageOption pkgs "vikunja" { }; environmentFiles = mkOption { type = types.listOf types.path; default = [ ]; - description = lib.mdDoc '' + description = '' List of environment files set in the vikunja systemd service. For example passwords should be set in one of these files. ''; }; frontendScheme = mkOption { type = types.enum [ "http" "https" ]; - description = lib.mdDoc '' + description = '' Whether the site is available via http or https. ''; }; frontendHostname = mkOption { type = types.str; - description = lib.mdDoc "The Hostname under which the frontend is running."; + description = "The Hostname under which the frontend is running."; }; port = mkOption { type = types.port; default = 3456; - description = lib.mdDoc "The TCP port exposed by the API."; + description = "The TCP port exposed by the API."; }; settings = mkOption { type = format.type; default = {}; - description = lib.mdDoc '' + description = '' Vikunja configuration. Refer to <https://vikunja.io/docs/config-options/> for details on supported values. @@ -54,27 +54,27 @@ in { type = types.enum [ "sqlite" "mysql" "postgres" ]; example = "postgres"; default = "sqlite"; - description = lib.mdDoc "Database engine to use."; + description = "Database engine to use."; }; host = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc "Database host address. Can also be a socket."; + description = "Database host address. Can also be a socket."; }; user = mkOption { type = types.str; default = "vikunja"; - description = lib.mdDoc "Database user."; + description = "Database user."; }; database = mkOption { type = types.str; default = "vikunja"; - description = lib.mdDoc "Database name."; + description = "Database name."; }; path = mkOption { type = types.str; default = "/var/lib/vikunja/vikunja.db"; - description = lib.mdDoc "Path to the sqlite3 database file."; + description = "Path to the sqlite3 database file."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/whitebophir.nix b/nixpkgs/nixos/modules/services/web-apps/whitebophir.nix index dabcf38b2dbd..332a8d9d4ec6 100644 --- a/nixpkgs/nixos/modules/services/web-apps/whitebophir.nix +++ b/nixpkgs/nixos/modules/services/web-apps/whitebophir.nix @@ -7,20 +7,20 @@ let in { options = { services.whitebophir = { - enable = mkEnableOption (lib.mdDoc "whitebophir, an online collaborative whiteboard server (persistent state will be maintained under {file}`/var/lib/whitebophir`)"); + enable = mkEnableOption "whitebophir, an online collaborative whiteboard server (persistent state will be maintained under {file}`/var/lib/whitebophir`)"; package = mkPackageOption pkgs "whitebophir" { }; listenAddress = mkOption { type = types.str; default = "0.0.0.0"; - description = lib.mdDoc "Address to listen on (use 0.0.0.0 to allow access from any address)."; + description = "Address to listen on (use 0.0.0.0 to allow access from any address)."; }; port = mkOption { type = types.port; default = 5001; - description = lib.mdDoc "Port to bind to."; + description = "Port to bind to."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/wiki-js.nix b/nixpkgs/nixos/modules/services/web-apps/wiki-js.nix index 631740f51ce3..dedc4c584628 100644 --- a/nixpkgs/nixos/modules/services/web-apps/wiki-js.nix +++ b/nixpkgs/nixos/modules/services/web-apps/wiki-js.nix @@ -10,13 +10,13 @@ let configFile = format.generate "wiki-js.yml" cfg.settings; in { options.services.wiki-js = { - enable = mkEnableOption (lib.mdDoc "wiki-js"); + enable = mkEnableOption "wiki-js"; environmentFile = mkOption { type = types.nullOr types.path; default = null; example = "/root/wiki-js.env"; - description = lib.mdDoc '' + description = '' Environment file to inject e.g. secrets into the configuration. ''; }; @@ -24,7 +24,7 @@ in { stateDirectoryName = mkOption { default = "wiki-js"; type = types.str; - description = lib.mdDoc '' + description = '' Name of the directory in {file}`/var/lib`. ''; }; @@ -37,7 +37,7 @@ in { port = mkOption { type = types.port; default = 3000; - description = lib.mdDoc '' + description = '' TCP port the process should listen to. ''; }; @@ -45,7 +45,7 @@ in { bindIP = mkOption { default = "0.0.0.0"; type = types.str; - description = lib.mdDoc '' + description = '' IPs the service should listen to. ''; }; @@ -54,7 +54,7 @@ in { type = mkOption { default = "postgres"; type = types.enum [ "postgres" "mysql" "mariadb" "mssql" ]; - description = lib.mdDoc '' + description = '' Database driver to use for persistence. Please note that `sqlite` is currently not supported as the build process for it is currently not implemented in `pkgs.wiki-js` and it's not recommended by upstream for @@ -64,14 +64,14 @@ in { host = mkOption { type = types.str; example = "/run/postgresql"; - description = lib.mdDoc '' + description = '' Hostname or socket-path to connect to. ''; }; db = mkOption { default = "wiki"; type = types.str; - description = lib.mdDoc '' + description = '' Name of the database to use. ''; }; @@ -80,20 +80,20 @@ in { logLevel = mkOption { default = "info"; type = types.enum [ "error" "warn" "info" "verbose" "debug" "silly" ]; - description = lib.mdDoc '' + description = '' Define how much detail is supposed to be logged at runtime. ''; }; - offline = mkEnableOption (lib.mdDoc "offline mode") // { - description = lib.mdDoc '' + offline = mkEnableOption "offline mode" // { + description = '' Disable latest file updates and enable [sideloading](https://docs.requarks.io/install/sideload). ''; }; }; }; - description = lib.mdDoc '' + description = '' Settings to configure `wiki-js`. This directly corresponds to [the upstream configuration options](https://docs.requarks.io/install/config). diff --git a/nixpkgs/nixos/modules/services/web-apps/windmill.nix b/nixpkgs/nixos/modules/services/web-apps/windmill.nix index 8e940dabdc1f..f5ec7f70e877 100644 --- a/nixpkgs/nixos/modules/services/web-apps/windmill.nix +++ b/nixpkgs/nixos/modules/services/web-apps/windmill.nix @@ -5,18 +5,18 @@ let in { options.services.windmill = { - enable = lib.mkEnableOption (lib.mdDoc "windmill service"); + enable = lib.mkEnableOption "windmill service"; serverPort = lib.mkOption { type = lib.types.port; default = 8001; - description = lib.mdDoc "Port the windmill server listens on."; + description = "Port the windmill server listens on."; }; lspPort = lib.mkOption { type = lib.types.port; default = 3001; - description = lib.mdDoc "Port the windmill lsp listens on."; + description = "Port the windmill lsp listens on."; }; database = { @@ -24,19 +24,19 @@ in type = lib.types.str; # the simplest database setup is to have the database named like the user. default = "windmill"; - description = lib.mdDoc "Database name."; + description = "Database name."; }; user = lib.mkOption { type = lib.types.str; # the simplest database setup is to have the database user like the name. default = "windmill"; - description = lib.mdDoc "Database user."; + description = "Database user."; }; urlPath = lib.mkOption { type = lib.types.path; - description = lib.mdDoc '' + description = '' Path to the file containing the database url windmill should connect to. This is not deducted from database user and name as it might contain a secret ''; example = "config.age.secrets.DATABASE_URL_FILE.path"; @@ -44,13 +44,13 @@ in createLocally = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc "Whether to create a local database automatically."; + description = "Whether to create a local database automatically."; }; }; baseUrl = lib.mkOption { type = lib.types.str; - description = lib.mdDoc '' + description = '' The base url that windmill will be served on. ''; example = "https://windmill.example.com"; @@ -59,7 +59,7 @@ in logLevel = lib.mkOption { type = lib.types.enum [ "error" "warn" "info" "debug" "trace" ]; default = "info"; - description = lib.mdDoc "Log level"; + description = "Log level"; }; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/wordpress.nix b/nixpkgs/nixos/modules/services/web-apps/wordpress.nix index 2f7306309d69..0d49f2d92998 100644 --- a/nixpkgs/nixos/modules/services/web-apps/wordpress.nix +++ b/nixpkgs/nixos/modules/services/web-apps/wordpress.nix @@ -109,7 +109,7 @@ let uploadsDir = mkOption { type = types.path; default = "/var/lib/wordpress/${name}/uploads"; - description = lib.mdDoc '' + description = '' This directory is used for uploads of pictures. The directory passed here is automatically created and permissions adjusted as required. ''; @@ -118,7 +118,7 @@ let fontsDir = mkOption { type = types.path; default = "/var/lib/wordpress/${name}/fonts"; - description = lib.mdDoc '' + description = '' This directory is used to download fonts from a remote location, e.g. to host google fonts locally. ''; @@ -131,7 +131,7 @@ let listToAttrs (map (p: nameValuePair (p.name or (throw "${p} does not have a name")) p) l)) (attrsOf path); default = {}; - description = lib.mdDoc '' + description = '' Path(s) to respective plugin(s) which are copied from the 'plugins' directory. ::: {.note} @@ -153,7 +153,7 @@ let (attrsOf path); default = { inherit (pkgs.wordpressPackages.themes) twentytwentythree; }; defaultText = literalExpression "{ inherit (pkgs.wordpressPackages.themes) twentytwentythree; }"; - description = lib.mdDoc '' + description = '' Path(s) to respective theme(s) which are copied from the 'theme' directory. ::: {.note} @@ -170,7 +170,7 @@ let languages = mkOption { type = types.listOf types.path; default = []; - description = lib.mdDoc '' + description = '' List of path(s) to respective language(s) which are copied from the 'languages' directory. ''; example = literalExpression '' @@ -197,32 +197,32 @@ let host = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc "Database host address."; + description = "Database host address."; }; port = mkOption { type = types.port; default = 3306; - description = lib.mdDoc "Database host port."; + description = "Database host port."; }; name = mkOption { type = types.str; default = "wordpress"; - description = lib.mdDoc "Database name."; + description = "Database name."; }; user = mkOption { type = types.str; default = "wordpress"; - description = lib.mdDoc "Database user."; + description = "Database user."; }; passwordFile = mkOption { type = types.nullOr types.path; default = null; example = "/run/keys/wordpress-dbpassword"; - description = lib.mdDoc '' + description = '' A file containing the password corresponding to {option}`database.user`. ''; @@ -231,7 +231,7 @@ let tablePrefix = mkOption { type = types.str; default = "wp_"; - description = lib.mdDoc '' + description = '' The $table_prefix is the value placed in the front of your database tables. Change the value if you want to use something other than wp_ for your database prefix. Typically this is changed if you are installing multiple WordPress blogs @@ -245,13 +245,13 @@ let type = types.nullOr types.path; default = null; defaultText = literalExpression "/run/mysqld/mysqld.sock"; - description = lib.mdDoc "Path to the unix socket file to use for authentication."; + description = "Path to the unix socket file to use for authentication."; }; createLocally = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Create the database and database user locally."; + description = "Create the database and database user locally."; }; }; @@ -264,7 +264,7 @@ let enableACME = true; } ''; - description = lib.mdDoc '' + description = '' Apache configuration can be done by adapting {option}`services.httpd.virtualHosts`. ''; }; @@ -279,7 +279,7 @@ let "pm.max_spare_servers" = 4; "pm.max_requests" = 500; }; - description = lib.mdDoc '' + description = '' Options for the WordPress PHP pool. See the documentation on `php-fpm.conf` for details on configuration directives. ''; @@ -288,7 +288,7 @@ let settings = mkOption { type = types.attrsOf types.anything; default = {}; - description = lib.mdDoc '' + description = '' Structural Wordpress configuration. Refer to <https://developer.wordpress.org/apis/wp-config-php> for details and supported values. @@ -316,7 +316,7 @@ let AUTOMATIC_UPDATER_DISABLED = true; } ''; - description = lib.mdDoc '' + description = '' Read only representation of the final configuration. ''; }; @@ -324,7 +324,7 @@ let extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Any additional text to be appended to the wp-config.php configuration file. This is a PHP script. For configuration settings, see <https://codex.wordpress.org/Editing_wp-config.php>. @@ -351,13 +351,13 @@ in sites = mkOption { type = types.attrsOf (types.submodule siteOpts); default = {}; - description = lib.mdDoc "Specification of one or more WordPress sites to serve"; + description = "Specification of one or more WordPress sites to serve"; }; webserver = mkOption { type = types.enum [ "httpd" "nginx" "caddy" ]; default = "httpd"; - description = lib.mdDoc '' + description = '' Whether to use apache2 or nginx for virtual host management. Further nginx configuration can be done by adapting `services.nginx.virtualHosts.<name>`. diff --git a/nixpkgs/nixos/modules/services/web-apps/writefreely.nix b/nixpkgs/nixos/modules/services/web-apps/writefreely.nix index 2e9a34897909..4bb5d8a579fd 100644 --- a/nixpkgs/nixos/modules/services/web-apps/writefreely.nix +++ b/nixpkgs/nixos/modules/services/web-apps/writefreely.nix @@ -132,43 +132,43 @@ let in { options.services.writefreely = { enable = - lib.mkEnableOption (lib.mdDoc "Writefreely, build a digital writing community"); + lib.mkEnableOption "Writefreely, build a digital writing community"; package = lib.mkOption { type = lib.types.package; default = pkgs.writefreely; defaultText = lib.literalExpression "pkgs.writefreely"; - description = lib.mdDoc "Writefreely package to use."; + description = "Writefreely package to use."; }; stateDir = mkOption { type = types.path; default = "/var/lib/writefreely"; - description = lib.mdDoc "The state directory where keys and data are stored."; + description = "The state directory where keys and data are stored."; }; user = mkOption { type = types.str; default = "writefreely"; - description = lib.mdDoc "User under which Writefreely is ran."; + description = "User under which Writefreely is ran."; }; group = mkOption { type = types.str; default = "writefreely"; - description = lib.mdDoc "Group under which Writefreely is ran."; + description = "Group under which Writefreely is ran."; }; host = mkOption { type = types.str; default = ""; - description = lib.mdDoc "The public host name to serve."; + description = "The public host name to serve."; example = "example.com"; }; settings = mkOption { default = { }; - description = lib.mdDoc '' + description = '' Writefreely configuration ({file}`config.ini`). Refer to <https://writefreely.org/docs/latest/admin/config> for details. @@ -182,7 +182,7 @@ in { theme = mkOption { type = types.str; default = "write"; - description = lib.mdDoc "The theme to apply."; + description = "The theme to apply."; }; }; @@ -191,7 +191,7 @@ in { type = types.port; default = if cfg.nginx.enable then 18080 else 80; defaultText = "80"; - description = lib.mdDoc "The port WriteFreely should listen on."; + description = "The port WriteFreely should listen on."; }; }; }; @@ -202,58 +202,56 @@ in { type = mkOption { type = types.enum [ "sqlite3" "mysql" ]; default = "sqlite3"; - description = lib.mdDoc "The database provider to use."; + description = "The database provider to use."; }; name = mkOption { type = types.str; default = "writefreely"; - description = lib.mdDoc "The name of the database to store data in."; + description = "The name of the database to store data in."; }; user = mkOption { type = types.nullOr types.str; default = if cfg.database.type == "mysql" then "writefreely" else null; defaultText = "writefreely"; - description = lib.mdDoc "The database user to connect as."; + description = "The database user to connect as."; }; passwordFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc "The file to load the database password from."; + description = "The file to load the database password from."; }; host = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc "The database host to connect to."; + description = "The database host to connect to."; }; port = mkOption { type = types.port; default = 3306; - description = lib.mdDoc "The port used when connecting to the database host."; + description = "The port used when connecting to the database host."; }; tls = mkOption { type = types.bool; default = false; - description = - lib.mdDoc "Whether or not TLS should be used for the database connection."; + description = "Whether or not TLS should be used for the database connection."; }; migrate = mkOption { type = types.bool; default = true; - description = - lib.mdDoc "Whether or not to automatically run migrations on startup."; + description = "Whether or not to automatically run migrations on startup."; }; createLocally = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' When {option}`services.writefreely.database.type` is set to `"mysql"`, this option will enable the MySQL service locally. ''; @@ -263,13 +261,13 @@ in { admin = { name = mkOption { type = types.nullOr types.str; - description = lib.mdDoc "The name of the first admin user."; + description = "The name of the first admin user."; default = null; }; initialPasswordFile = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' Path to a file containing the initial password for the admin user. If not provided, the default password will be set to `nixos`. ''; @@ -282,14 +280,13 @@ in { enable = mkOption { type = types.bool; default = false; - description = - lib.mdDoc "Whether or not to enable and configure nginx as a proxy for WriteFreely."; + description = "Whether or not to enable and configure nginx as a proxy for WriteFreely."; }; forceSSL = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether or not to force the use of SSL."; + description = "Whether or not to force the use of SSL."; }; }; @@ -297,8 +294,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = - lib.mdDoc "Whether or not to automatically fetch and configure SSL certs."; + description = "Whether or not to automatically fetch and configure SSL certs."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/web-apps/youtrack.nix b/nixpkgs/nixos/modules/services/web-apps/youtrack.nix index 08e180b520f0..ff48a978b734 100644 --- a/nixpkgs/nixos/modules/services/web-apps/youtrack.nix +++ b/nixpkgs/nixos/modules/services/web-apps/youtrack.nix @@ -12,10 +12,10 @@ in ]; options.services.youtrack = { - enable = lib.mkEnableOption (lib.mdDoc "YouTrack service"); + enable = lib.mkEnableOption "YouTrack service"; address = lib.mkOption { - description = lib.mdDoc '' + description = '' The interface youtrack will listen on. ''; default = "127.0.0.1"; @@ -24,7 +24,7 @@ in extraParams = lib.mkOption { default = {}; - description = lib.mdDoc '' + description = '' Extra parameters to pass to youtrack. Use to configure YouTrack 2022.x, deprecated with YouTrack 2023.x. Use `services.youtrack.generalParameters`. https://www.jetbrains.com/help/youtrack/standalone/YouTrack-Java-Start-Parameters.html @@ -40,7 +40,7 @@ in }; package = lib.mkOption { - description = lib.mdDoc '' + description = '' Package to use. ''; type = lib.types.package; @@ -50,7 +50,7 @@ in statePath = lib.mkOption { - description = lib.mdDoc '' + description = '' Path were the YouTrack state is stored. To this path the base version (e.g. 2023_1) of the used package will be appended. ''; @@ -59,7 +59,7 @@ in }; virtualHost = lib.mkOption { - description = lib.mdDoc '' + description = '' Name of the nginx virtual host to use and setup. If null, do not setup anything. ''; @@ -68,7 +68,7 @@ in }; jvmOpts = lib.mkOption { - description = lib.mdDoc '' + description = '' Extra options to pass to the JVM. Only has a use with YouTrack 2022.x, deprecated with YouTrack 2023.x. Use `serivces.youtrack.generalParameters`. See https://www.jetbrains.com/help/youtrack/standalone/Configure-JVM-Options.html @@ -83,12 +83,12 @@ in autoUpgrade = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc "Whether YouTrack should auto upgrade it without showing the upgrade dialog."; + description = "Whether YouTrack should auto upgrade it without showing the upgrade dialog."; }; generalParameters = lib.mkOption { type = with lib.types; listOf str; - description = lib.mdDoc '' + description = '' General configuration parameters and other JVM options. Only has an effect for YouTrack 2023.x. See https://www.jetbrains.com/help/youtrack/server/2023.3/youtrack-java-start-parameters.html#general-parameters @@ -110,16 +110,16 @@ in listen-address = lib.mkOption { type = lib.types.str; default = "0.0.0.0"; - description = lib.mdDoc "The interface YouTrack will listen on."; + description = "The interface YouTrack will listen on."; }; listen-port = lib.mkOption { type = lib.types.port; default = 8080; - description = lib.mdDoc "The port YouTrack will listen on."; + description = "The port YouTrack will listen on."; }; }; }; - description = lib.mdDoc '' + description = '' Environmental configuration parameters, set imperatively. The values doesn't get removed, when removed in Nix. Only has an effect for YouTrack 2023.x. See https://www.jetbrains.com/help/youtrack/server/2023.3/youtrack-java-start-parameters.html#environmental-parameters diff --git a/nixpkgs/nixos/modules/services/web-apps/zabbix.nix b/nixpkgs/nixos/modules/services/web-apps/zabbix.nix index 4f6d7e4e6c1c..2455e676e583 100644 --- a/nixpkgs/nixos/modules/services/web-apps/zabbix.nix +++ b/nixpkgs/nixos/modules/services/web-apps/zabbix.nix @@ -40,20 +40,20 @@ in options.services = { zabbixWeb = { - enable = mkEnableOption (lib.mdDoc "the Zabbix web interface"); + enable = mkEnableOption "the Zabbix web interface"; package = mkPackageOption pkgs [ "zabbix" "web" ] { }; server = { port = mkOption { type = types.port; - description = lib.mdDoc "The port of the Zabbix server to connect to."; + description = "The port of the Zabbix server to connect to."; default = 10051; }; address = mkOption { type = types.str; - description = lib.mdDoc "The IP address or hostname of the Zabbix server to connect to."; + description = "The IP address or hostname of the Zabbix server to connect to."; default = "localhost"; }; }; @@ -63,46 +63,46 @@ in type = types.enum [ "mysql" "pgsql" "oracle" ]; example = "mysql"; default = "pgsql"; - description = lib.mdDoc "Database engine to use."; + description = "Database engine to use."; }; host = mkOption { type = types.str; default = ""; - description = lib.mdDoc "Database host address."; + description = "Database host address."; }; port = mkOption { type = types.port; default = if cfg.database.type == "mysql" then config.services.mysql.port - else if cfg.database.type == "pgsql" then config.services.postgresql.port + else if cfg.database.type == "pgsql" then config.services.postgresql.settings.port else 1521; defaultText = literalExpression '' if config.${opt.database.type} == "mysql" then config.${options.services.mysql.port} - else if config.${opt.database.type} == "pgsql" then config.${options.services.postgresql.port} + else if config.${opt.database.type} == "pgsql" then config.services.postgresql.settings.port else 1521 ''; - description = lib.mdDoc "Database host port."; + description = "Database host port."; }; name = mkOption { type = types.str; default = "zabbix"; - description = lib.mdDoc "Database name."; + description = "Database name."; }; user = mkOption { type = types.str; default = "zabbix"; - description = lib.mdDoc "Database user."; + description = "Database user."; }; passwordFile = mkOption { type = types.nullOr types.path; default = null; example = "/run/keys/zabbix-dbpassword"; - description = lib.mdDoc '' + description = '' A file containing the password corresponding to {option}`database.user`. ''; @@ -112,7 +112,7 @@ in type = types.nullOr types.path; default = null; example = "/run/postgresql"; - description = lib.mdDoc "Path to the unix socket file to use for authentication."; + description = "Path to the unix socket file to use for authentication."; }; }; @@ -126,7 +126,7 @@ in enableACME = true; } ''; - description = lib.mdDoc '' + description = '' Apache configuration can be done by adapting `services.httpd.virtualHosts.<name>`. See [](#opt-services.httpd.virtualHosts) for further information. ''; @@ -142,7 +142,7 @@ in "pm.max_spare_servers" = 4; "pm.max_requests" = 500; }; - description = lib.mdDoc '' + description = '' Options for the Zabbix PHP pool. See the documentation on `php-fpm.conf` for details on configuration directives. ''; }; @@ -150,7 +150,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Additional configuration to be copied verbatim into {file}`zabbix.conf.php`. ''; }; diff --git a/nixpkgs/nixos/modules/services/web-servers/agate.nix b/nixpkgs/nixos/modules/services/web-servers/agate.nix index e03174c87945..76c1a94f3bf2 100644 --- a/nixpkgs/nixos/modules/services/web-servers/agate.nix +++ b/nixpkgs/nixos/modules/services/web-servers/agate.nix @@ -8,14 +8,14 @@ in { options = { services.agate = { - enable = mkEnableOption (lib.mdDoc "Agate Server"); + enable = mkEnableOption "Agate Server"; package = mkPackageOption pkgs "agate" { }; addresses = mkOption { type = types.listOf types.str; default = [ "0.0.0.0:1965" ]; - description = lib.mdDoc '' + description = '' Addresses to listen on, IP:PORT, if you haven't disabled forwarding only set IPv4. ''; @@ -24,19 +24,19 @@ in contentDir = mkOption { default = "/var/lib/agate/content"; type = types.path; - description = lib.mdDoc "Root of the content directory."; + description = "Root of the content directory."; }; certificatesDir = mkOption { default = "/var/lib/agate/certificates"; type = types.path; - description = lib.mdDoc "Root of the certificate directory."; + description = "Root of the certificate directory."; }; hostnames = mkOption { default = [ ]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' Domain name of this Gemini server, enables checking hostname and port in requests. (multiple occurrences means basic vhosts) ''; @@ -45,20 +45,20 @@ in language = mkOption { default = null; type = types.nullOr types.str; - description = lib.mdDoc "RFC 4646 Language code for text/gemini documents."; + description = "RFC 4646 Language code for text/gemini documents."; }; onlyTls_1_3 = mkOption { default = false; type = types.bool; - description = lib.mdDoc "Only use TLSv1.3 (default also allows TLSv1.2)."; + description = "Only use TLSv1.3 (default also allows TLSv1.2)."; }; extraArgs = mkOption { type = types.listOf types.str; default = [ "" ]; example = [ "--log-ip" ]; - description = lib.mdDoc "Extra arguments to use running agate."; + description = "Extra arguments to use running agate."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix b/nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix index 016e4885a095..4d49b29efff6 100644 --- a/nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix +++ b/nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix @@ -404,7 +404,7 @@ in services.httpd = { - enable = mkEnableOption (lib.mdDoc "the Apache HTTP Server"); + enable = mkEnableOption "the Apache HTTP Server"; package = mkPackageOption pkgs "apacheHttpd" { }; @@ -413,7 +413,7 @@ in default = confFile; defaultText = literalExpression "confFile"; example = literalExpression ''pkgs.writeText "httpd.conf" "# my custom config file ..."''; - description = lib.mdDoc '' + description = '' Override the configuration file used by Apache. By default, NixOS generates one automatically. ''; @@ -422,7 +422,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Configuration lines appended to the generated Apache configuration file. Note that this mechanism will not work when {option}`configFile` is overridden. @@ -438,7 +438,7 @@ in { name = "jk"; path = "''${pkgs.tomcat_connectors}/modules/mod_jk.so"; } ] ''; - description = lib.mdDoc '' + description = '' Additional Apache modules to be used. These can be specified as a string in the case of modules distributed with Apache, or as an attribute set specifying the @@ -451,14 +451,14 @@ in type = types.nullOr types.str; example = "admin@example.org"; default = null; - description = lib.mdDoc "E-mail address of the server administrator."; + description = "E-mail address of the server administrator."; }; logFormat = mkOption { type = types.str; default = "common"; example = "combined"; - description = lib.mdDoc '' + description = '' Log format for log files. Possible values are: combined, common, referer, agent, none. See <https://httpd.apache.org/docs/2.4/logs.html> for more details. ''; @@ -467,7 +467,7 @@ in logPerVirtualHost = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' If enabled, each virtual host gets its own {file}`access.log` and {file}`error.log`, namely suffixed by the @@ -478,7 +478,7 @@ in user = mkOption { type = types.str; default = "wwwrun"; - description = lib.mdDoc '' + description = '' User account under which httpd children processes run. If you require the main httpd process to run as @@ -492,7 +492,7 @@ in group = mkOption { type = types.str; default = "wwwrun"; - description = lib.mdDoc '' + description = '' Group under which httpd children processes run. ''; }; @@ -500,7 +500,7 @@ in logDir = mkOption { type = types.path; default = "/var/log/httpd"; - description = lib.mdDoc '' + description = '' Directory for Apache's log files. It is created automatically. ''; }; @@ -531,7 +531,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' Specification of the virtual hosts served by Apache. Each element should be an attribute set specifying the configuration of the virtual host. @@ -541,13 +541,13 @@ in enableMellon = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the mod_auth_mellon module."; + description = "Whether to enable the mod_auth_mellon module."; }; enablePHP = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the PHP module."; + description = "Whether to enable the PHP module."; }; phpPackage = mkPackageOption pkgs "php" { }; @@ -555,7 +555,7 @@ in enablePerl = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the Perl module (mod_perl)."; + description = "Whether to enable the Perl module (mod_perl)."; }; phpOptions = mkOption { @@ -565,7 +565,7 @@ in '' date.timezone = "CET" ''; - description = lib.mdDoc '' + description = '' Options appended to the PHP configuration file {file}`php.ini`. ''; }; @@ -574,8 +574,7 @@ in type = types.enum [ "event" "prefork" "worker" ]; default = "event"; example = "worker"; - description = - lib.mdDoc '' + description = '' Multi-processing module to be used by Apache. Available modules are `prefork` (handles each request in a separate child process), `worker` @@ -590,14 +589,14 @@ in type = types.int; default = 150; example = 8; - description = lib.mdDoc "Maximum number of httpd processes (prefork)"; + description = "Maximum number of httpd processes (prefork)"; }; maxRequestsPerChild = mkOption { type = types.int; default = 0; example = 500; - description = lib.mdDoc '' + description = '' Maximum number of httpd requests answered per httpd child (prefork), 0 means unlimited. ''; }; @@ -605,14 +604,14 @@ in sslCiphers = mkOption { type = types.str; default = "HIGH:!aNULL:!MD5:!EXP"; - description = lib.mdDoc "Cipher Suite available for negotiation in SSL proxy handshake."; + description = "Cipher Suite available for negotiation in SSL proxy handshake."; }; sslProtocols = mkOption { type = types.str; default = "All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1"; example = "All -SSLv2 -SSLv3"; - description = lib.mdDoc "Allowed SSL/TLS protocol versions."; + description = "Allowed SSL/TLS protocol versions."; }; }; diff --git a/nixpkgs/nixos/modules/services/web-servers/apache-httpd/location-options.nix b/nixpkgs/nixos/modules/services/web-servers/apache-httpd/location-options.nix index f2d4f8357047..80dc1674c5a2 100644 --- a/nixpkgs/nixos/modules/services/web-servers/apache-httpd/location-options.nix +++ b/nixpkgs/nixos/modules/services/web-servers/apache-httpd/location-options.nix @@ -9,7 +9,7 @@ in type = with types; nullOr str; default = null; example = "http://www.example.org/"; - description = lib.mdDoc '' + description = '' Sets up a simple reverse proxy as described by <https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple>. ''; }; @@ -18,7 +18,7 @@ in type = with types; nullOr str; default = null; example = "index.php index.html"; - description = lib.mdDoc '' + description = '' Adds DirectoryIndex directive. See <https://httpd.apache.org/docs/2.4/mod/mod_dir.html#directoryindex>. ''; }; @@ -27,7 +27,7 @@ in type = with types; nullOr path; default = null; example = "/your/alias/directory"; - description = lib.mdDoc '' + description = '' Alias directory for requests. See <https://httpd.apache.org/docs/2.4/mod/mod_alias.html#alias>. ''; }; @@ -35,7 +35,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' These lines go to the end of the location verbatim. ''; }; @@ -43,7 +43,7 @@ in priority = mkOption { type = types.int; default = 1000; - description = lib.mdDoc '' + description = '' Order of this location block in relation to the others in the vhost. The semantics are the same as with `lib.mkOrder`. Smaller values have a greater priority. diff --git a/nixpkgs/nixos/modules/services/web-servers/apache-httpd/vhost-options.nix b/nixpkgs/nixos/modules/services/web-servers/apache-httpd/vhost-options.nix index 7b87f9ef4bde..f3d57ac16ea2 100644 --- a/nixpkgs/nixos/modules/services/web-servers/apache-httpd/vhost-options.nix +++ b/nixpkgs/nixos/modules/services/web-servers/apache-httpd/vhost-options.nix @@ -8,14 +8,14 @@ in hostName = mkOption { type = types.str; default = name; - description = lib.mdDoc "Canonical hostname for the server."; + description = "Canonical hostname for the server."; }; serverAliases = mkOption { type = types.listOf types.str; default = []; example = ["www.example.org" "www.example.org:8080" "example.org"]; - description = lib.mdDoc '' + description = '' Additional names of virtual hosts served by this virtual host configuration. ''; }; @@ -25,17 +25,17 @@ in options = { port = mkOption { type = types.port; - description = lib.mdDoc "Port to listen on"; + description = "Port to listen on"; }; ip = mkOption { type = types.str; default = "*"; - description = lib.mdDoc "IP to listen on. 0.0.0.0 for IPv4 only, * for all."; + description = "IP to listen on. 0.0.0.0 for IPv4 only, * for all."; }; ssl = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable SSL (https) support."; + description = "Whether to enable SSL (https) support."; }; }; })); @@ -45,7 +45,7 @@ in { ip = "192.154.1.1"; port = 80; } { ip = "*"; port = 8080; } ]; - description = lib.mdDoc '' + description = '' Listen addresses and ports for this virtual host. ::: {.note} @@ -59,7 +59,7 @@ in listenAddresses = mkOption { type = with types; nonEmptyListOf str; - description = lib.mdDoc '' + description = '' Listen addresses for this virtual host. Compared to `listen` this only sets the addresses and the ports are chosen automatically. @@ -77,7 +77,7 @@ in addSSL = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable HTTPS in addition to plain HTTP. This will set defaults for `listen` to listen on all interfaces on the respective default ports (80, 443). @@ -87,7 +87,7 @@ in onlySSL = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable HTTPS and reject plain HTTP connections. This will set defaults for `listen` to listen on all interfaces on port 443. ''; @@ -96,7 +96,7 @@ in forceSSL = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to add a separate nginx server block that permanently redirects (301) all plain HTTP traffic to HTTPS. This will set defaults for `listen` to listen on all interfaces on the respective default @@ -107,7 +107,7 @@ in enableACME = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to ask Let's Encrypt to sign a certificate for this vhost. Alternately, you can use an existing certificate through {option}`useACMEHost`. ''; @@ -116,7 +116,7 @@ in useACMEHost = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' A host of an existing Let's Encrypt certificate to use. This is useful if you have many subdomains and want to avoid hitting the [rate limit](https://letsencrypt.org/docs/rate-limits). @@ -128,7 +128,7 @@ in acmeRoot = mkOption { type = types.nullOr types.str; default = "/var/lib/acme/acme-challenge"; - description = lib.mdDoc '' + description = '' Directory for the acme challenge which is PUBLIC, don't put certs or keys in here. Set to null to inherit from config.security.acme. ''; @@ -137,26 +137,26 @@ in sslServerCert = mkOption { type = types.path; example = "/var/host.cert"; - description = lib.mdDoc "Path to server SSL certificate."; + description = "Path to server SSL certificate."; }; sslServerKey = mkOption { type = types.path; example = "/var/host.key"; - description = lib.mdDoc "Path to server SSL certificate key."; + description = "Path to server SSL certificate key."; }; sslServerChain = mkOption { type = types.nullOr types.path; default = null; example = "/var/ca.pem"; - description = lib.mdDoc "Path to server SSL chain file."; + description = "Path to server SSL chain file."; }; http2 = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable HTTP 2. HTTP/2 is supported in all multi-processing modules that come with httpd. *However, if you use the prefork mpm, there will be severe restrictions.* Refer to <https://httpd.apache.org/docs/2.4/howto/http2.html#mpm-config> for details. ''; @@ -166,14 +166,14 @@ in type = types.nullOr types.str; default = null; example = "admin@example.org"; - description = lib.mdDoc "E-mail address of the server administrator."; + description = "E-mail address of the server administrator."; }; documentRoot = mkOption { type = types.nullOr types.path; default = null; example = "/data/webserver/docs"; - description = lib.mdDoc '' + description = '' The path of Apache's document root directory. If left undefined, an empty directory in the Nix store will be used as root. ''; @@ -187,7 +187,7 @@ in dir = "/home/eelco/Dev/nix-homepage"; } ]; - description = lib.mdDoc '' + description = '' This option provides a simple way to serve static directories. ''; }; @@ -200,7 +200,7 @@ in file = "/home/eelco/some-file.png"; } ]; - description = lib.mdDoc '' + description = '' This option provides a simple way to serve individual, static files. ::: {.note} @@ -220,7 +220,7 @@ in AllowOverride All </Directory> ''; - description = lib.mdDoc '' + description = '' These lines go to httpd.conf verbatim. They will go after directories and directory aliases defined by default. ''; @@ -229,7 +229,7 @@ in enableUserDir = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable serving {file}`~/public_html` as `/~«username»`. ''; @@ -239,7 +239,7 @@ in type = types.nullOr types.str; default = null; example = "http://newserver.example.org/"; - description = lib.mdDoc '' + description = '' If set, all requests for this host are redirected permanently to the given URL. ''; @@ -249,7 +249,7 @@ in type = types.str; default = "common"; example = "combined"; - description = lib.mdDoc '' + description = '' Log format for Apache's log files. Possible values are: combined, common, referer, agent. ''; }; @@ -258,7 +258,7 @@ in type = types.lines; default = ""; example = "Disallow: /foo/"; - description = lib.mdDoc '' + description = '' Specification of pages to be ignored by web crawlers. See <http://www.robotstxt.org/> for details. ''; }; @@ -276,7 +276,7 @@ in }; }; ''; - description = lib.mdDoc '' + description = '' Declarative location config. See <https://httpd.apache.org/docs/2.4/mod/core.html#location> for details. ''; }; diff --git a/nixpkgs/nixos/modules/services/web-servers/caddy/default.nix b/nixpkgs/nixos/modules/services/web-servers/caddy/default.nix index 95dc219d108c..08ce50bff62c 100644 --- a/nixpkgs/nixos/modules/services/web-servers/caddy/default.nix +++ b/nixpkgs/nixos/modules/services/web-servers/caddy/default.nix @@ -64,12 +64,12 @@ in # interface options.services.caddy = { - enable = mkEnableOption (lib.mdDoc "Caddy web server"); + enable = mkEnableOption "Caddy web server"; user = mkOption { default = "caddy"; type = types.str; - description = lib.mdDoc '' + description = '' User account under which caddy runs. ::: {.note} @@ -83,7 +83,7 @@ in group = mkOption { default = "caddy"; type = types.str; - description = lib.mdDoc '' + description = '' Group account under which caddy runs. ::: {.note} @@ -99,7 +99,7 @@ in dataDir = mkOption { type = types.path; default = "/var/lib/caddy"; - description = lib.mdDoc '' + description = '' The data directory for caddy. ::: {.note} @@ -116,7 +116,7 @@ in logDir = mkOption { type = types.path; default = "/var/log/caddy"; - description = lib.mdDoc '' + description = '' Directory for storing Caddy access logs. ::: {.note} @@ -135,7 +135,7 @@ in example = literalExpression '' mkForce "level INFO"; ''; - description = lib.mdDoc '' + description = '' Configuration for the default logger. See <https://caddyserver.com/docs/caddyfile/options#log> for details. @@ -155,7 +155,7 @@ in file_server '''; ''; - description = lib.mdDoc '' + description = '' Override the configuration file used by Caddy. By default, NixOS generates one automatically. @@ -170,7 +170,7 @@ in ''; example = literalExpression "nginx"; type = with types; nullOr str; - description = lib.mdDoc '' + description = '' Name of the config adapter to use. See <https://caddyserver.com/docs/config-adapters> for the full list. @@ -192,7 +192,7 @@ in resume = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Use saved config, if any (and prefer over any specified configuration passed with `--config`). ''; }; @@ -208,7 +208,7 @@ in } } ''; - description = lib.mdDoc '' + description = '' Additional lines of configuration appended to the global config section of the `Caddyfile`. @@ -227,7 +227,7 @@ in root /srv/http } ''; - description = lib.mdDoc '' + description = '' Additional lines of configuration appended to the automatically generated `Caddyfile`. ''; @@ -247,7 +247,7 @@ in }; }; ''; - description = lib.mdDoc '' + description = '' Declarative specification of virtual hosts served by Caddy. ''; }; @@ -256,7 +256,7 @@ in default = null; example = "https://acme-v02.api.letsencrypt.org/directory"; type = with types; nullOr str; - description = lib.mdDoc '' + description = '' ::: {.note} Sets the [`acme_ca` option](https://caddyserver.com/docs/caddyfile/options#acme-ca) in the global options block of the resulting Caddyfile. @@ -276,7 +276,7 @@ in email = mkOption { default = null; type = with types; nullOr str; - description = lib.mdDoc '' + description = '' Your email address. Mainly used when creating an ACME account with your CA, and is highly recommended in case there are problems with your certificates. @@ -286,7 +286,7 @@ in enableReload = mkOption { default = true; type = types.bool; - description = lib.mdDoc '' + description = '' Reload Caddy instead of restarting it when configuration file changes. Note that enabling this option requires the [admin API](https://caddyserver.com/docs/caddyfile/options#admin) @@ -302,7 +302,7 @@ in settings = mkOption { type = settingsFormat.type; default = {}; - description = lib.mdDoc '' + description = '' Structured configuration for Caddy to generate a Caddy JSON configuration file. See <https://caddyserver.com/docs/json/> for available options. diff --git a/nixpkgs/nixos/modules/services/web-servers/caddy/vhost-options.nix b/nixpkgs/nixos/modules/services/web-servers/caddy/vhost-options.nix index 229b53efb49f..c092f2d79637 100644 --- a/nixpkgs/nixos/modules/services/web-servers/caddy/vhost-options.nix +++ b/nixpkgs/nixos/modules/services/web-servers/caddy/vhost-options.nix @@ -9,21 +9,21 @@ in hostName = mkOption { type = types.str; default = name; - description = lib.mdDoc "Canonical hostname for the server."; + description = "Canonical hostname for the server."; }; serverAliases = mkOption { type = with types; listOf str; default = [ ]; example = [ "www.example.org" "example.org" ]; - description = lib.mdDoc '' + description = '' Additional names of virtual hosts served by this virtual host configuration. ''; }; listenAddresses = mkOption { type = with types; listOf str; - description = lib.mdDoc '' + description = '' A list of host interfaces to bind to for this virtual host. ''; default = [ ]; @@ -33,7 +33,7 @@ in useACMEHost = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' A host of an existing Let's Encrypt certificate to use. This is mostly useful if you use DNS challenges but Caddy does not currently support your provider. @@ -57,7 +57,7 @@ in output discard '''; ''; - description = lib.mdDoc '' + description = '' Configuration for HTTP request logging (also known as access logs). See <https://caddyserver.com/docs/caddyfile/directives/log#log> for details. @@ -67,7 +67,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Additional lines of configuration appended to this virtual host in the automatically generated `Caddyfile`. ''; diff --git a/nixpkgs/nixos/modules/services/web-servers/darkhttpd.nix b/nixpkgs/nixos/modules/services/web-servers/darkhttpd.nix index 1e3a7166bc41..f6b693139a1e 100644 --- a/nixpkgs/nixos/modules/services/web-servers/darkhttpd.nix +++ b/nixpkgs/nixos/modules/services/web-servers/darkhttpd.nix @@ -15,12 +15,12 @@ let in { options.services.darkhttpd = with types; { - enable = mkEnableOption (lib.mdDoc "DarkHTTPd web server"); + enable = mkEnableOption "DarkHTTPd web server"; port = mkOption { default = 80; type = types.port; - description = lib.mdDoc '' + description = '' Port to listen on. Pass 0 to let the system choose any free port for you. ''; @@ -29,7 +29,7 @@ in { address = mkOption { default = "127.0.0.1"; type = str; - description = lib.mdDoc '' + description = '' Address to listen on. Pass `all` to listen on all interfaces. ''; @@ -37,7 +37,7 @@ in { rootDir = mkOption { type = path; - description = lib.mdDoc '' + description = '' Path from which to serve files. ''; }; @@ -45,7 +45,7 @@ in { hideServerId = mkOption { type = bool; default = true; - description = lib.mdDoc '' + description = '' Don't identify the server type in headers or directory listings. ''; }; @@ -53,7 +53,7 @@ in { extraArgs = mkOption { type = listOf str; default = []; - description = lib.mdDoc '' + description = '' Additional configuration passed to the executable. ''; }; diff --git a/nixpkgs/nixos/modules/services/web-servers/fcgiwrap.nix b/nixpkgs/nixos/modules/services/web-servers/fcgiwrap.nix index 649b058bd22f..3d60c1aa84cd 100644 --- a/nixpkgs/nixos/modules/services/web-servers/fcgiwrap.nix +++ b/nixpkgs/nixos/modules/services/web-servers/fcgiwrap.nix @@ -11,38 +11,38 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable fcgiwrap, a server for running CGI applications over FastCGI."; + description = "Whether to enable fcgiwrap, a server for running CGI applications over FastCGI."; }; preforkProcesses = mkOption { type = types.int; default = 1; - description = lib.mdDoc "Number of processes to prefork."; + description = "Number of processes to prefork."; }; socketType = mkOption { type = types.enum [ "unix" "tcp" "tcp6" ]; default = "unix"; - description = lib.mdDoc "Socket type: 'unix', 'tcp' or 'tcp6'."; + description = "Socket type: 'unix', 'tcp' or 'tcp6'."; }; socketAddress = mkOption { type = types.str; default = "/run/fcgiwrap.sock"; example = "1.2.3.4:5678"; - description = lib.mdDoc "Socket address. In case of a UNIX socket, this should be its filesystem path."; + description = "Socket address. In case of a UNIX socket, this should be its filesystem path."; }; user = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "User permissions for the socket."; + description = "User permissions for the socket."; }; group = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "Group permissions for the socket."; + description = "Group permissions for the socket."; }; }; }; diff --git a/nixpkgs/nixos/modules/services/web-servers/garage.nix b/nixpkgs/nixos/modules/services/web-servers/garage.nix index 616be978b6e5..39ea8f21b126 100644 --- a/nixpkgs/nixos/modules/services/web-servers/garage.nix +++ b/nixpkgs/nixos/modules/services/web-servers/garage.nix @@ -14,18 +14,18 @@ in }; options.services.garage = { - enable = mkEnableOption (lib.mdDoc "Garage Object Storage (S3 compatible)"); + enable = mkEnableOption "Garage Object Storage (S3 compatible)"; extraEnvironment = mkOption { type = types.attrsOf types.str; - description = lib.mdDoc "Extra environment variables to pass to the Garage server."; + description = "Extra environment variables to pass to the Garage server."; default = { }; example = { RUST_BACKTRACE = "yes"; }; }; environmentFile = mkOption { type = types.nullOr types.path; - description = lib.mdDoc "File containing environment variables to be passed to the Garage server."; + description = "File containing environment variables to be passed to the Garage server."; default = null; }; @@ -33,7 +33,7 @@ in type = types.enum ([ "error" "warn" "info" "debug" "trace" ]); default = "info"; example = "debug"; - description = lib.mdDoc "Garage log level, see <https://garagehq.deuxfleurs.fr/documentation/quick-start/#launching-the-garage-server> for examples."; + description = "Garage log level, see <https://garagehq.deuxfleurs.fr/documentation/quick-start/#launching-the-garage-server> for examples."; }; settings = mkOption { @@ -44,29 +44,29 @@ in metadata_dir = mkOption { default = "/var/lib/garage/meta"; type = types.path; - description = lib.mdDoc "The metadata directory, put this on a fast disk (e.g. SSD) if possible."; + description = "The metadata directory, put this on a fast disk (e.g. SSD) if possible."; }; data_dir = mkOption { default = "/var/lib/garage/data"; type = types.path; - description = lib.mdDoc "The main data storage, put this on your large storage (e.g. high capacity HDD)"; + description = "The main data storage, put this on your large storage (e.g. high capacity HDD)"; }; replication_mode = mkOption { default = "none"; type = types.enum ([ "none" "1" "2" "3" "2-dangerous" "3-dangerous" "3-degraded" 1 2 3 ]); apply = v: toString v; - description = lib.mdDoc "Garage replication mode, defaults to none, see: <https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/#replication-mode> for reference."; + description = "Garage replication mode, defaults to none, see: <https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/#replication-mode> for reference."; }; }; }; - description = lib.mdDoc "Garage configuration, see <https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/> for reference."; + description = "Garage configuration, see <https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/> for reference."; }; package = mkOption { type = types.package; - description = lib.mdDoc "Garage package to use, needs to be set explicitly. If you are upgrading from a major version, please read NixOS and Garage release notes for upgrade instructions."; + description = "Garage package to use, needs to be set explicitly. If you are upgrading from a major version, please read NixOS and Garage release notes for upgrade instructions."; }; }; diff --git a/nixpkgs/nixos/modules/services/web-servers/hitch/default.nix b/nixpkgs/nixos/modules/services/web-servers/hitch/default.nix index 6c8b3cda5f72..b1c72c0dd7b7 100644 --- a/nixpkgs/nixos/modules/services/web-servers/hitch/default.nix +++ b/nixpkgs/nixos/modules/services/web-servers/hitch/default.nix @@ -17,11 +17,11 @@ with lib; { options = { services.hitch = { - enable = mkEnableOption (lib.mdDoc "Hitch Server"); + enable = mkEnableOption "Hitch Server"; backend = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The host and port Hitch connects to when receiving a connection in the form [HOST]:PORT ''; @@ -30,13 +30,13 @@ with lib; ciphers = mkOption { type = types.str; default = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; - description = lib.mdDoc "The list of ciphers to use"; + description = "The list of ciphers to use"; }; frontend = mkOption { type = types.either types.str (types.listOf types.str); default = "[127.0.0.1]:443"; - description = lib.mdDoc '' + description = '' The port and interface of the listen endpoint in the form [HOST]:PORT[+CERT]. ''; @@ -46,33 +46,33 @@ with lib; pem-files = mkOption { type = types.listOf types.path; default = []; - description = lib.mdDoc "PEM files to use"; + description = "PEM files to use"; }; ocsp-stapling = { enabled = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to enable OCSP Stapling"; + description = "Whether to enable OCSP Stapling"; }; }; user = mkOption { type = types.str; default = "hitch"; - description = lib.mdDoc "The user to run as"; + description = "The user to run as"; }; group = mkOption { type = types.str; default = "hitch"; - description = lib.mdDoc "The group to run as"; + description = "The group to run as"; }; extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Additional configuration lines"; + description = "Additional configuration lines"; }; }; diff --git a/nixpkgs/nixos/modules/services/web-servers/hydron.nix b/nixpkgs/nixos/modules/services/web-servers/hydron.nix index 9d30fdc0caab..68c0859fc332 100644 --- a/nixpkgs/nixos/modules/services/web-servers/hydron.nix +++ b/nixpkgs/nixos/modules/services/web-servers/hydron.nix @@ -4,20 +4,20 @@ let cfg = config.services.hydron; in with lib; { options.services.hydron = { - enable = mkEnableOption (lib.mdDoc "hydron"); + enable = mkEnableOption "hydron"; dataDir = mkOption { type = types.path; default = "/var/lib/hydron"; example = "/home/okina/hydron"; - description = lib.mdDoc "Location where hydron runs and stores data."; + description = "Location where hydron runs and stores data."; }; interval = mkOption { type = types.str; default = "weekly"; example = "06:00"; - description = lib.mdDoc '' + description = '' How often we run hydron import and possibly fetch tags. Runs by default every week. The format is described in @@ -29,19 +29,19 @@ in with lib; { type = types.str; default = "hydron"; example = "dumbpass"; - description = lib.mdDoc "Password for the hydron database."; + description = "Password for the hydron database."; }; passwordFile = mkOption { type = types.path; default = "/run/keys/hydron-password-file"; example = "/home/okina/hydron/keys/pass"; - description = lib.mdDoc "Password file for the hydron database."; + description = "Password file for the hydron database."; }; postgresArgs = mkOption { type = types.str; - description = lib.mdDoc "Postgresql connection arguments."; + description = "Postgresql connection arguments."; example = '' { "driver": "postgres", @@ -54,27 +54,27 @@ in with lib; { type = types.path; default = "/run/keys/hydron-postgres-args"; example = "/home/okina/hydron/keys/postgres"; - description = lib.mdDoc "Postgresql connection arguments file."; + description = "Postgresql connection arguments file."; }; listenAddress = mkOption { type = types.nullOr types.str; default = null; example = "127.0.0.1:8010"; - description = lib.mdDoc "Listen on a specific IP address and port."; + description = "Listen on a specific IP address and port."; }; importPaths = mkOption { type = types.listOf types.path; default = []; example = [ "/home/okina/Pictures" ]; - description = lib.mdDoc "Paths that hydron will recursively import."; + description = "Paths that hydron will recursively import."; }; fetchTags = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Fetch tags for imported images and webm from gelbooru."; + description = "Fetch tags for imported images and webm from gelbooru."; }; }; diff --git a/nixpkgs/nixos/modules/services/web-servers/jboss/default.nix b/nixpkgs/nixos/modules/services/web-servers/jboss/default.nix index 05b354d567fe..d243e0f3f1b7 100644 --- a/nixpkgs/nixos/modules/services/web-servers/jboss/default.nix +++ b/nixpkgs/nixos/modules/services/web-servers/jboss/default.nix @@ -26,49 +26,49 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable JBoss. WARNING : this package is outdated and is known to have vulnerabilities."; + description = "Whether to enable JBoss. WARNING : this package is outdated and is known to have vulnerabilities."; }; tempDir = mkOption { default = "/tmp"; type = types.str; - description = lib.mdDoc "Location where JBoss stores its temp files"; + description = "Location where JBoss stores its temp files"; }; logDir = mkOption { default = "/var/log/jboss"; type = types.str; - description = lib.mdDoc "Location of the logfile directory of JBoss"; + description = "Location of the logfile directory of JBoss"; }; serverDir = mkOption { - description = lib.mdDoc "Location of the server instance files"; + description = "Location of the server instance files"; default = "/var/jboss/server"; type = types.str; }; deployDir = mkOption { - description = lib.mdDoc "Location of the deployment files"; + description = "Location of the deployment files"; default = "/nix/var/nix/profiles/default/server/default/deploy/"; type = types.str; }; libUrl = mkOption { default = "file:///nix/var/nix/profiles/default/server/default/lib"; - description = lib.mdDoc "Location where the shared library JARs are stored"; + description = "Location where the shared library JARs are stored"; type = types.str; }; user = mkOption { default = "nobody"; - description = lib.mdDoc "User account under which jboss runs."; + description = "User account under which jboss runs."; type = types.str; }; useJK = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to use to connector to the Apache HTTP server"; + description = "Whether to use to connector to the Apache HTTP server"; }; }; diff --git a/nixpkgs/nixos/modules/services/web-servers/keter/default.nix b/nixpkgs/nixos/modules/services/web-servers/keter/default.nix index 0cd9c30cea14..8685953d6e9d 100644 --- a/nixpkgs/nixos/modules/services/web-servers/keter/default.nix +++ b/nixpkgs/nixos/modules/services/web-servers/keter/default.nix @@ -14,22 +14,22 @@ in ]; options.services.keter = { - enable = lib.mkEnableOption (lib.mdDoc ''keter, a web app deployment manager. + enable = lib.mkEnableOption ''keter, a web app deployment manager. Note that this module only support loading of webapps: Keep an old app running and swap the ports when the new one is booted -''); +''; root = lib.mkOption { type = lib.types.str; default = "/var/lib/keter"; - description = lib.mdDoc "Mutable state folder for keter"; + description = "Mutable state folder for keter"; }; package = lib.mkOption { type = lib.types.package; default = pkgs.haskellPackages.keter; defaultText = lib.literalExpression "pkgs.haskellPackages.keter"; - description = lib.mdDoc "The keter package to be used"; + description = "The keter package to be used"; }; @@ -40,7 +40,7 @@ Keep an old app running and swap the ports when the new one is booted ip-from-header = lib.mkOption { default = true; type = lib.types.bool; - description = lib.mdDoc "You want that ip-from-header in the nginx setup case. It allows nginx setting the original ip address rather then it being localhost (due to reverse proxying)"; + description = "You want that ip-from-header in the nginx setup case. It allows nginx setting the original ip address rather then it being localhost (due to reverse proxying)"; }; listeners = lib.mkOption { default = [{ host = "*"; port = 6981; }]; @@ -48,15 +48,15 @@ Keep an old app running and swap the ports when the new one is booted options = { host = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "host"; + description = "host"; }; port = lib.mkOption { type = lib.types.port; - description = lib.mdDoc "port"; + description = "port"; }; }; }); - description = lib.mdDoc '' + description = '' You want that ip-from-header in the nginx setup case. It allows nginx setting the original ip address rather @@ -67,7 +67,7 @@ Keep an old app running and swap the ports when the new one is booted rotate-logs = lib.mkOption { default = false; type = lib.types.bool; - description = lib.mdDoc '' + description = '' emits keter logs and it's applications to stderr. which allows journald to capture them. Set to true to let keter put the logs in files @@ -76,31 +76,31 @@ Keep an old app running and swap the ports when the new one is booted }; }; }; - description = lib.mdDoc "Global config for keter, see <https://github.com/snoyberg/keter/blob/master/etc/keter-config.yaml> for reference"; + description = "Global config for keter, see <https://github.com/snoyberg/keter/blob/master/etc/keter-config.yaml> for reference"; }; bundle = { appName = lib.mkOption { type = lib.types.str; default = "myapp"; - description = lib.mdDoc "The name keter assigns to this bundle"; + description = "The name keter assigns to this bundle"; }; executable = lib.mkOption { type = lib.types.path; - description = lib.mdDoc "The executable to be run"; + description = "The executable to be run"; }; domain = lib.mkOption { type = lib.types.str; default = "example.com"; - description = lib.mdDoc "The domain keter will bind to"; + description = "The domain keter will bind to"; }; publicScript = lib.mkOption { type = lib.types.str; default = ""; - description = lib.mdDoc '' + description = '' Allows loading of public environment variables, these are emitted to the log so it shouldn't contain secrets. ''; @@ -110,7 +110,7 @@ Keep an old app running and swap the ports when the new one is booted secretScript = lib.mkOption { type = lib.types.str; default = ""; - description = lib.mdDoc "Allows loading of private environment variables"; + description = "Allows loading of private environment variables"; example = "MY_AWS_KEY=$(cat /run/keys/AWS_ACCESS_KEY_ID)"; }; }; diff --git a/nixpkgs/nixos/modules/services/web-servers/lighttpd/cgit.nix b/nixpkgs/nixos/modules/services/web-servers/lighttpd/cgit.nix index e9f42c41183b..b825d4757b8c 100644 --- a/nixpkgs/nixos/modules/services/web-servers/lighttpd/cgit.nix +++ b/nixpkgs/nixos/modules/services/web-servers/lighttpd/cgit.nix @@ -23,7 +23,7 @@ in enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' If true, enable cgit (fast web interface for git repositories) as a sub-service in lighttpd. ''; @@ -33,7 +33,7 @@ in default = "cgit"; example = ""; type = types.str; - description = lib.mdDoc '' + description = '' The subdirectory in which to serve cgit. The web application will be accessible at http://yourserver/''${subdir} ''; @@ -50,7 +50,7 @@ in ''' ''; type = types.lines; - description = lib.mdDoc '' + description = '' Verbatim contents of the cgit runtime configuration file. Documentation (with cgitrc example file) is available in "man cgitrc". Or online: http://git.zx2c4.com/cgit/tree/cgitrc.5.txt diff --git a/nixpkgs/nixos/modules/services/web-servers/lighttpd/collectd.nix b/nixpkgs/nixos/modules/services/web-servers/lighttpd/collectd.nix index 9a4285e3e2d2..5e5c0adda1c2 100644 --- a/nixpkgs/nixos/modules/services/web-servers/lighttpd/collectd.nix +++ b/nixpkgs/nixos/modules/services/web-servers/lighttpd/collectd.nix @@ -25,7 +25,7 @@ in options.services.lighttpd.collectd = { - enable = mkEnableOption (lib.mdDoc "collectd subservice accessible at http://yourserver/collectd"); + enable = mkEnableOption "collectd subservice accessible at http://yourserver/collectd"; collectionCgi = mkOption { type = types.path; @@ -33,7 +33,7 @@ in defaultText = literalMD '' `config.${options.services.collectd.package}` configured for lighttpd ''; - description = lib.mdDoc '' + description = '' Path to collection.cgi script from (collectd sources)/contrib/collection.cgi This option allows to use a customized version ''; diff --git a/nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix b/nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix index 3a33137b27d2..ea5ad835f3ab 100644 --- a/nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix +++ b/nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix @@ -130,7 +130,7 @@ in enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Enable the lighttpd web server. ''; }; @@ -140,7 +140,7 @@ in port = mkOption { default = 80; type = types.port; - description = lib.mdDoc '' + description = '' TCP port number for lighttpd to bind to. ''; }; @@ -148,7 +148,7 @@ in document-root = mkOption { default = "/srv/www"; type = types.path; - description = lib.mdDoc '' + description = '' Document-root of the web server. Must be readable by the "lighttpd" user. ''; }; @@ -156,7 +156,7 @@ in mod_userdir = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' If true, requests in the form /~user/page.html are rewritten to take the file public_html/page.html from the home directory of the user. ''; @@ -166,7 +166,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "mod_cgi" "mod_status" ]; - description = lib.mdDoc '' + description = '' List of lighttpd modules to enable. Sub-services take care of enabling modules as needed, so this option is mainly for when you want to add custom stuff to @@ -178,7 +178,7 @@ in enableUpstreamMimeTypes = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to include the list of mime types bundled with lighttpd (upstream). If you disable this, no mime types will be added by NixOS and you will have to add your own mime types in @@ -189,7 +189,7 @@ in mod_status = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Show server status overview at /server-status, statistics at /server-statistics and list of loaded modules at /server-config. ''; @@ -199,7 +199,7 @@ in default = ""; type = types.lines; example = "...verbatim config file contents..."; - description = lib.mdDoc '' + description = '' Overridable config file contents to use for lighttpd. By default, use the contents automatically generated by NixOS. ''; @@ -208,7 +208,7 @@ in extraConfig = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' These configuration lines will be appended to the generated lighttpd config file. Note that this mechanism does not work when the manual {option}`configText` option is used. diff --git a/nixpkgs/nixos/modules/services/web-servers/lighttpd/gitweb.nix b/nixpkgs/nixos/modules/services/web-servers/lighttpd/gitweb.nix index e129e8bc1666..c494d6966a7f 100644 --- a/nixpkgs/nixos/modules/services/web-servers/lighttpd/gitweb.nix +++ b/nixpkgs/nixos/modules/services/web-servers/lighttpd/gitweb.nix @@ -16,7 +16,7 @@ in enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' If true, enable gitweb in lighttpd. Access it at http://yourserver/gitweb ''; }; diff --git a/nixpkgs/nixos/modules/services/web-servers/merecat.nix b/nixpkgs/nixos/modules/services/web-servers/merecat.nix index aad93605b717..ff65480a0f2d 100644 --- a/nixpkgs/nixos/modules/services/web-servers/merecat.nix +++ b/nixpkgs/nixos/modules/services/web-servers/merecat.nix @@ -19,12 +19,12 @@ in { options.services.merecat = { - enable = mkEnableOption (lib.mdDoc "Merecat HTTP server"); + enable = mkEnableOption "Merecat HTTP server"; settings = mkOption { inherit (format) type; default = { }; - description = lib.mdDoc '' + description = '' Merecat configuration. Refer to merecat(8) for details on supported values. ''; example = { diff --git a/nixpkgs/nixos/modules/services/web-servers/mighttpd2.nix b/nixpkgs/nixos/modules/services/web-servers/mighttpd2.nix index bb75dc4f2ff4..116269675144 100644 --- a/nixpkgs/nixos/modules/services/web-servers/mighttpd2.nix +++ b/nixpkgs/nixos/modules/services/web-servers/mighttpd2.nix @@ -8,7 +8,7 @@ let routingFile = pkgs.writeText "mighty-routing" cfg.routing; in { options.services.mighttpd2 = { - enable = mkEnableOption (lib.mdDoc "Mighttpd2 web server"); + enable = mkEnableOption "Mighttpd2 web server"; config = mkOption { default = ""; @@ -42,7 +42,7 @@ in { Service: 0 # 0 is HTTP only, 1 is HTTPS only, 2 is both ''; type = types.lines; - description = lib.mdDoc '' + description = '' Verbatim config file to use (see https://kazu-yamamoto.github.io/mighttpd2/config.html) ''; @@ -76,7 +76,7 @@ in { / -> /export/www/ ''; type = types.lines; - description = lib.mdDoc '' + description = '' Verbatim routing file to use (see https://kazu-yamamoto.github.io/mighttpd2/config.html) ''; @@ -85,7 +85,7 @@ in { cores = mkOption { default = null; type = types.nullOr types.int; - description = lib.mdDoc '' + description = '' How many cores to use. If null it will be determined automatically ''; diff --git a/nixpkgs/nixos/modules/services/web-servers/minio.nix b/nixpkgs/nixos/modules/services/web-servers/minio.nix index be6946657e23..4ddd90bfa3ed 100644 --- a/nixpkgs/nixos/modules/services/web-servers/minio.nix +++ b/nixpkgs/nixos/modules/services/web-servers/minio.nix @@ -14,36 +14,36 @@ in meta.maintainers = [ maintainers.bachp ]; options.services.minio = { - enable = mkEnableOption (lib.mdDoc "Minio Object Storage"); + enable = mkEnableOption "Minio Object Storage"; listenAddress = mkOption { default = ":9000"; type = types.str; - description = lib.mdDoc "IP address and port of the server."; + description = "IP address and port of the server."; }; consoleAddress = mkOption { default = ":9001"; type = types.str; - description = lib.mdDoc "IP address and port of the web UI (console)."; + description = "IP address and port of the web UI (console)."; }; dataDir = mkOption { default = [ "/var/lib/minio/data" ]; type = types.listOf (types.either types.path types.str); - description = lib.mdDoc "The list of data directories or nodes for storing the objects. Use one path for regular operation and the minimum of 4 endpoints for Erasure Code mode."; + description = "The list of data directories or nodes for storing the objects. Use one path for regular operation and the minimum of 4 endpoints for Erasure Code mode."; }; configDir = mkOption { default = "/var/lib/minio/config"; type = types.path; - description = lib.mdDoc "The config directory, for the access keys and other settings."; + description = "The config directory, for the access keys and other settings."; }; accessKey = mkOption { default = ""; type = types.str; - description = lib.mdDoc '' + description = '' Access key of 5 to 20 characters in length that clients use to access the server. This overrides the access key that is generated by minio on first startup and stored inside the `configDir` directory. @@ -53,7 +53,7 @@ in secretKey = mkOption { default = ""; type = types.str; - description = lib.mdDoc '' + description = '' Specify the Secret key of 8 to 40 characters in length that clients use to access the server. This overrides the secret key that is generated by minio on first startup and stored inside the `configDir` directory. @@ -63,7 +63,7 @@ in rootCredentialsFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' File containing the MINIO_ROOT_USER, default is "minioadmin", and MINIO_ROOT_PASSWORD (length >= 8), default is "minioadmin"; in the format of an EnvironmentFile=, as described by systemd.exec(5). @@ -74,7 +74,7 @@ in region = mkOption { default = "us-east-1"; type = types.str; - description = lib.mdDoc '' + description = '' The physical location of the server. By default it is set to us-east-1, which is same as AWS S3's and Minio's default region. ''; }; @@ -82,7 +82,7 @@ in browser = mkOption { default = true; type = types.bool; - description = lib.mdDoc "Enable or disable access to web UI."; + description = "Enable or disable access to web UI."; }; package = mkPackageOption pkgs "minio" { }; diff --git a/nixpkgs/nixos/modules/services/web-servers/molly-brown.nix b/nixpkgs/nixos/modules/services/web-servers/molly-brown.nix index 6d7ca0c12ef7..f4aa98cde959 100644 --- a/nixpkgs/nixos/modules/services/web-servers/molly-brown.nix +++ b/nixpkgs/nixos/modules/services/web-servers/molly-brown.nix @@ -10,12 +10,12 @@ in { options.services.molly-brown = { - enable = mkEnableOption (lib.mdDoc "Molly-Brown Gemini server"); + enable = mkEnableOption "Molly-Brown Gemini server"; port = mkOption { default = 1965; type = types.port; - description = lib.mdDoc '' + description = '' TCP port for molly-brown to bind to. ''; }; @@ -24,7 +24,7 @@ in { type = types.str; default = config.networking.hostName; defaultText = literalExpression "config.networking.hostName"; - description = lib.mdDoc '' + description = '' The hostname to respond to requests for. Requests for URLs with other hosts will result in a status 53 (PROXY REQUEST REFUSED) response. @@ -34,7 +34,7 @@ in { certPath = mkOption { type = types.path; example = "/var/lib/acme/example.com/cert.pem"; - description = lib.mdDoc '' + description = '' Path to TLS certificate. An ACME certificate and key may be shared with an HTTP server, but only if molly-brown has permissions allowing it to read such keys. @@ -50,19 +50,19 @@ in { keyPath = mkOption { type = types.path; example = "/var/lib/acme/example.com/key.pem"; - description = lib.mdDoc "Path to TLS key. See {option}`CertPath`."; + description = "Path to TLS key. See {option}`CertPath`."; }; docBase = mkOption { type = types.path; example = "/var/lib/molly-brown"; - description = lib.mdDoc "Base directory for Gemini content."; + description = "Base directory for Gemini content."; }; settings = mkOption { inherit (settingsFormat) type; default = { }; - description = lib.mdDoc '' + description = '' molly-brown configuration. Refer to <https://tildegit.org/solderpunk/molly-brown/src/branch/master/example.conf> for details on supported values. diff --git a/nixpkgs/nixos/modules/services/web-servers/nginx/default.nix b/nixpkgs/nixos/modules/services/web-servers/nginx/default.nix index 93b1a3fdfadd..08fab09e1e55 100644 --- a/nixpkgs/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixpkgs/nixos/modules/services/web-servers/nginx/default.nix @@ -164,7 +164,7 @@ let ${commonHttpConfig} ${optionalString (cfg.resolver.addresses != []) '' - resolver ${toString cfg.resolver.addresses} ${optionalString (cfg.resolver.valid != "") "valid=${cfg.resolver.valid}"} ${optionalString (!cfg.resolver.ipv6) "ipv6=off"}; + resolver ${toString cfg.resolver.addresses} ${optionalString (cfg.resolver.valid != "") "valid=${cfg.resolver.valid}"} ${optionalString (!cfg.resolver.ipv4) "ipv4=off"} ${optionalString (!cfg.resolver.ipv6) "ipv6=off"}; ''} ${upstreamConfig} @@ -352,7 +352,8 @@ let # The acme-challenge location doesn't need to be added if we are not using any automated # certificate provisioning and can also be omitted when we use a certificate obtained via a DNS-01 challenge - acmeLocation = optionalString (vhost.enableACME || (vhost.useACMEHost != null && config.security.acme.certs.${vhost.useACMEHost}.dnsProvider == null)) + acmeName = if vhost.useACMEHost != null then vhost.useACMEHost else vhostName; + acmeLocation = optionalString ((vhost.enableACME || vhost.useACMEHost != null) && config.security.acme.certs.${acmeName}.dnsProvider == null) # Rule for legitimate ACME Challenge requests (like /.well-known/acme-challenge/xxxxxxxxx) # We use ^~ here, so that we don't check any regexes (which could # otherwise easily override this intended match accidentally). @@ -477,12 +478,12 @@ in { options = { services.nginx = { - enable = mkEnableOption (lib.mdDoc "Nginx Web Server"); + enable = mkEnableOption "Nginx Web Server"; statusPage = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Enable status page reachable from localhost on http://127.0.0.1/nginx_status. ''; }; @@ -490,7 +491,7 @@ in recommendedTlsSettings = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Enable recommended TLS settings. ''; }; @@ -498,7 +499,7 @@ in recommendedOptimisation = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Enable recommended optimisation settings. ''; }; @@ -506,7 +507,7 @@ in recommendedBrotliSettings = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Enable recommended brotli settings. Learn more about compression in Brotli format [here](https://github.com/google/ngx_brotli/). @@ -517,7 +518,7 @@ in recommendedGzipSettings = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Enable recommended gzip settings. Learn more about compression in Gzip format [here](https://docs.nginx.com/nginx/admin-guide/web-server/compression/). ''; @@ -526,7 +527,7 @@ in recommendedZstdSettings = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Enable recommended zstd settings. Learn more about compression in Zstd format [here](https://github.com/tokers/zstd-nginx-module). @@ -537,7 +538,7 @@ in recommendedProxySettings = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to enable recommended proxy settings if a vhost does not specify the option manually. ''; }; @@ -546,7 +547,7 @@ in type = types.str; default = "60s"; example = "20s"; - description = lib.mdDoc '' + description = '' Change the proxy related timeouts in recommendedProxySettings. ''; }; @@ -556,26 +557,26 @@ in options = { addr = mkOption { type = str; - description = lib.mdDoc "IP address."; + description = "IP address."; }; port = mkOption { type = nullOr port; - description = lib.mdDoc "Port number."; + description = "Port number."; default = null; }; ssl = mkOption { type = nullOr bool; default = null; - description = lib.mdDoc "Enable SSL."; + description = "Enable SSL."; }; proxyProtocol = mkOption { type = bool; - description = lib.mdDoc "Enable PROXY protocol."; + description = "Enable PROXY protocol."; default = false; }; extraParameters = mkOption { type = listOf str; - description = lib.mdDoc "Extra parameters of this listen directive."; + description = "Extra parameters of this listen directive."; default = [ ]; example = [ "backlog=1024" "deferred" ]; }; @@ -589,7 +590,7 @@ in { addr = "[::0]"; } ] ''; - description = lib.mdDoc '' + description = '' If vhosts do not specify listen, use these addresses by default. This option takes precedence over {option}`defaultListenAddresses` and other listen-related defaults options. @@ -601,7 +602,7 @@ in default = [ "0.0.0.0" ] ++ optional enableIPv6 "[::0]"; defaultText = literalExpression ''[ "0.0.0.0" ] ++ lib.optional config.networking.enableIPv6 "[::0]"''; example = literalExpression ''[ "10.0.0.12" "[2002:a00:1::]" ]''; - description = lib.mdDoc '' + description = '' If vhosts do not specify listenAddresses, use these addresses by default. This is akin to writing `defaultListen = [ { addr = "0.0.0.0" } ]`. ''; @@ -611,7 +612,7 @@ in type = types.port; default = 80; example = 8080; - description = lib.mdDoc '' + description = '' If vhosts do not specify listen.port, use these ports for HTTP by default. ''; }; @@ -620,7 +621,7 @@ in type = types.port; default = 443; example = 8443; - description = lib.mdDoc '' + description = '' If vhosts do not specify listen.port, use these ports for SSL by default. ''; }; @@ -630,7 +631,7 @@ in default = "${pkgs.mailcap}/etc/nginx/mime.types"; defaultText = literalExpression "$''{pkgs.mailcap}/etc/nginx/mime.types"; example = literalExpression "$''{pkgs.nginx}/conf/mime.types"; - description = lib.mdDoc '' + description = '' Default MIME types for NGINX, as MIME types definitions from NGINX are very incomplete, we use by default the ones bundled in the mailcap package, used by most of the other Linux distributions. @@ -644,7 +645,7 @@ in apply = p: p.override { modules = lib.unique (p.modules ++ cfg.additionalModules); }; - description = lib.mdDoc '' + description = '' Nginx package to use. This defaults to the stable version. Note that the nginx team recommends to use the mainline version which available in nixpkgs as `nginxMainline`. @@ -657,7 +658,7 @@ in default = []; type = types.listOf (types.attrsOf types.anything); example = literalExpression "[ pkgs.nginxModules.echo ]"; - description = lib.mdDoc '' + description = '' Additional [third-party nginx modules](https://www.nginx.com/resources/wiki/modules/) to install. Packaged modules are available in `pkgs.nginxModules`. ''; @@ -666,7 +667,7 @@ in logError = mkOption { default = "stderr"; type = types.str; - description = lib.mdDoc '' + description = '' Configures logging. The first parameter defines a file that will store the log. The special value stderr selects the standard error file. Logging to @@ -683,7 +684,7 @@ in preStart = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Shell commands executed before the service's nginx is started. ''; }; @@ -691,7 +692,7 @@ in config = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Verbatim {file}`nginx.conf` configuration. This is mutually exclusive to any other config option for {file}`nginx.conf` except for @@ -707,7 +708,7 @@ in appendConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Configuration lines appended to the generated Nginx configuration file. Commonly used by different modules providing http snippets. {option}`appendConfig` @@ -727,7 +728,7 @@ in '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent"'; ''; - description = lib.mdDoc '' + description = '' With nginx you must provide common http context definitions before they are used, e.g. log_format, resolver, etc. inside of server or location contexts. Use this attribute to set these definitions @@ -738,7 +739,7 @@ in httpConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Configuration lines to be set inside the http block. This is mutually exclusive with the structured configuration via virtualHosts and the recommendedXyzSettings configuration @@ -756,7 +757,7 @@ in proxy_pass 192.168.0.1:53535; } ''; - description = lib.mdDoc '' + description = '' Configuration lines to be set inside the stream block. ''; }; @@ -764,7 +765,7 @@ in eventsConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Configuration lines to be set inside the events block. ''; }; @@ -772,7 +773,7 @@ in appendHttpConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Configuration lines to be appended to the generated http block. This is mutually exclusive with using config and httpConfig for specifying the whole http block verbatim. @@ -782,7 +783,7 @@ in enableReload = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Reload nginx when configuration file changes (instead of restart). The configuration file is exposed at {file}`/etc/nginx/nginx.conf`. See also `systemd.services.*.restartIfChanged`. @@ -792,7 +793,7 @@ in enableQuicBPF = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Enables routing of QUIC packets using eBPF. When enabled, this allows to support QUIC connection migration. The directive is only supported on Linux 5.7+. @@ -805,52 +806,52 @@ in user = mkOption { type = types.str; default = "nginx"; - description = lib.mdDoc "User account under which nginx runs."; + description = "User account under which nginx runs."; }; group = mkOption { type = types.str; default = "nginx"; - description = lib.mdDoc "Group account under which nginx runs."; + description = "Group account under which nginx runs."; }; serverTokens = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Show nginx version in headers and error pages."; + description = "Show nginx version in headers and error pages."; }; clientMaxBodySize = mkOption { type = types.str; default = "10m"; - description = lib.mdDoc "Set nginx global client_max_body_size."; + description = "Set nginx global client_max_body_size."; }; sslCiphers = mkOption { type = types.nullOr types.str; # Keep in sync with https://ssl-config.mozilla.org/#server=nginx&config=intermediate - default = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; - description = lib.mdDoc "Ciphers to choose from when negotiating TLS handshakes."; + default = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305"; + description = "Ciphers to choose from when negotiating TLS handshakes."; }; sslProtocols = mkOption { type = types.str; default = "TLSv1.2 TLSv1.3"; example = "TLSv1 TLSv1.1 TLSv1.2 TLSv1.3"; - description = lib.mdDoc "Allowed TLS protocol versions."; + description = "Allowed TLS protocol versions."; }; sslDhparam = mkOption { type = types.nullOr types.path; default = null; example = "/path/to/dhparams.pem"; - description = lib.mdDoc "Path to DH parameters file."; + description = "Path to DH parameters file."; }; proxyResolveWhileRunning = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Resolves domains of proxyPass targets at runtime and not only at start, you have to set services.nginx.resolver, too. @@ -860,7 +861,7 @@ in mapHashBucketSize = mkOption { type = types.nullOr (types.enum [ 32 64 128 ]); default = null; - description = lib.mdDoc '' + description = '' Sets the bucket size for the map variables hash tables. Default value depends on the processor’s cache line size. ''; @@ -869,7 +870,7 @@ in mapHashMaxSize = mkOption { type = types.nullOr types.ints.positive; default = null; - description = lib.mdDoc '' + description = '' Sets the maximum size of the map variables hash tables. ''; }; @@ -877,7 +878,7 @@ in serverNamesHashBucketSize = mkOption { type = types.nullOr types.ints.positive; default = null; - description = lib.mdDoc '' + description = '' Sets the bucket size for the server names hash tables. Default value depends on the processor’s cache line size. ''; @@ -886,7 +887,7 @@ in serverNamesHashMaxSize = mkOption { type = types.nullOr types.ints.positive; default = null; - description = lib.mdDoc '' + description = '' Sets the maximum size of the server names hash tables. ''; }; @@ -894,27 +895,27 @@ in proxyCachePath = mkOption { type = types.attrsOf (types.submodule ({ ... }: { options = { - enable = mkEnableOption (lib.mdDoc "this proxy cache path entry"); + enable = mkEnableOption "this proxy cache path entry"; keysZoneName = mkOption { type = types.str; default = "cache"; example = "my_cache"; - description = lib.mdDoc "Set name to shared memory zone."; + description = "Set name to shared memory zone."; }; keysZoneSize = mkOption { type = types.str; default = "10m"; example = "32m"; - description = lib.mdDoc "Set size to shared memory zone."; + description = "Set size to shared memory zone."; }; levels = mkOption { type = types.str; default = "1:2"; example = "1:2:2"; - description = lib.mdDoc '' + description = '' The levels parameter defines structure of subdirectories in cache: from 1 to 3, each level accepts values 1 or 2. Сan be used any combination of 1 and 2 in these formats: x, x:x and x:x:x. @@ -925,7 +926,7 @@ in type = types.bool; default = false; example = true; - description = lib.mdDoc '' + description = '' Nginx first writes files that are destined for the cache to a temporary storage area, and the use_temp_path=off directive instructs Nginx to write them to the same directories where they will be cached. Recommended @@ -938,7 +939,7 @@ in type = types.str; default = "10m"; example = "1d"; - description = lib.mdDoc '' + description = '' Cached data that has not been accessed for the time specified by the inactive parameter is removed from the cache, regardless of its freshness. @@ -949,12 +950,12 @@ in type = types.str; default = "1g"; example = "2048m"; - description = lib.mdDoc "Set maximum cache size"; + description = "Set maximum cache size"; }; }; })); default = {}; - description = lib.mdDoc '' + description = '' Configure a proxy cache path entry. See <https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_path> for documentation. ''; @@ -967,21 +968,30 @@ in type = types.listOf types.str; default = []; example = literalExpression ''[ "[::1]" "127.0.0.1:5353" ]''; - description = lib.mdDoc "List of resolvers to use"; + description = "List of resolvers to use"; }; valid = mkOption { type = types.str; default = ""; example = "30s"; - description = lib.mdDoc '' + description = '' By default, nginx caches answers using the TTL value of a response. An optional valid parameter allows overriding it ''; }; + ipv4 = mkOption { + type = types.bool; + default = true; + description = '' + By default, nginx will look up both IPv4 and IPv6 addresses while resolving. + If looking up of IPv4 addresses is not desired, the ipv4=off parameter can be + specified. + ''; + }; ipv6 = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' By default, nginx will look up both IPv4 and IPv6 addresses while resolving. If looking up of IPv6 addresses is not desired, the ipv6=off parameter can be specified. @@ -989,7 +999,7 @@ in }; }; }; - description = lib.mdDoc '' + description = '' Configures name servers used to resolve names of upstream servers into addresses ''; default = {}; @@ -1005,14 +1015,14 @@ in backup = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Marks the server as a backup server. It will be passed requests when the primary servers are unavailable. ''; }; }; }); - description = lib.mdDoc '' + description = '' Defines the address and other parameters of the upstream servers. See [the documentation](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#server) for the available parameters. @@ -1023,13 +1033,13 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' These lines go to the end of the upstream verbatim. ''; }; }; }); - description = lib.mdDoc '' + description = '' Defines a group of servers to use as proxy target. ''; default = {}; @@ -1070,7 +1080,7 @@ in }; }; ''; - description = lib.mdDoc "Declarative vhost config"; + description = "Declarative vhost config"; }; }; }; @@ -1179,6 +1189,13 @@ in to answer to ACME requests. ''; } + + { + assertion = cfg.resolver.ipv4 || cfg.resolver.ipv6; + message = '' + At least one of services.nginx.resolver.ipv4 and services.nginx.resolver.ipv6 must be true. + ''; + } ] ++ map (name: mkCertOwnershipAssertion { inherit (cfg) group user; cert = config.security.acme.certs.${name}; diff --git a/nixpkgs/nixos/modules/services/web-servers/nginx/gitweb.nix b/nixpkgs/nixos/modules/services/web-servers/nginx/gitweb.nix index ec2c432ca573..9242c1adbde1 100644 --- a/nixpkgs/nixos/modules/services/web-servers/nginx/gitweb.nix +++ b/nixpkgs/nixos/modules/services/web-servers/nginx/gitweb.nix @@ -17,7 +17,7 @@ in enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' If true, enable gitweb in nginx. ''; }; @@ -25,7 +25,7 @@ in location = mkOption { default = "/gitweb"; type = types.str; - description = lib.mdDoc '' + description = '' Location to serve gitweb on. ''; }; @@ -33,7 +33,7 @@ in user = mkOption { default = "nginx"; type = types.str; - description = lib.mdDoc '' + description = '' Existing user that the CGI process will belong to. (Default almost surely will do.) ''; }; @@ -41,7 +41,7 @@ in group = mkOption { default = "nginx"; type = types.str; - description = lib.mdDoc '' + description = '' Group that the CGI process will belong to. (Set to `config.services.gitolite.group` if you are using gitolite.) ''; }; @@ -49,7 +49,7 @@ in virtualHost = mkOption { default = "_"; type = types.str; - description = lib.mdDoc '' + description = '' VirtualHost to serve gitweb on. Default is catch-all. ''; }; diff --git a/nixpkgs/nixos/modules/services/web-servers/nginx/location-options.nix b/nixpkgs/nixos/modules/services/web-servers/nginx/location-options.nix index 2138e551fd43..8cefd481d3f9 100644 --- a/nixpkgs/nixos/modules/services/web-servers/nginx/location-options.nix +++ b/nixpkgs/nixos/modules/services/web-servers/nginx/location-options.nix @@ -17,7 +17,7 @@ with lib; user = "password"; }; ''; - description = lib.mdDoc '' + description = '' Basic Auth protection for a vhost. WARNING: This is implemented to store the password in plain text in the @@ -28,7 +28,7 @@ with lib; basicAuthFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Basic Auth password file for a vhost. Can be created via: {command}`htpasswd -c <filename> <username>`. @@ -41,7 +41,7 @@ with lib; type = types.nullOr types.str; default = null; example = "http://www.example.org/"; - description = lib.mdDoc '' + description = '' Adds proxy_pass directive and sets recommended proxy headers if recommendedProxySettings is enabled. ''; @@ -51,7 +51,7 @@ with lib; type = types.bool; default = false; example = true; - description = lib.mdDoc '' + description = '' Whether to support proxying websocket connections with HTTP/1.1. ''; }; @@ -60,7 +60,7 @@ with lib; type = types.nullOr types.str; default = null; example = "index.php index.html"; - description = lib.mdDoc '' + description = '' Adds index directive. ''; }; @@ -69,7 +69,7 @@ with lib; type = types.nullOr types.str; default = null; example = "$uri =404"; - description = lib.mdDoc '' + description = '' Adds try_files directive. ''; }; @@ -78,7 +78,7 @@ with lib; type = types.nullOr types.path; default = null; example = "/your/root/directory"; - description = lib.mdDoc '' + description = '' Root directory for requests. ''; }; @@ -87,7 +87,7 @@ with lib; type = types.nullOr types.path; default = null; example = "/your/alias/directory"; - description = lib.mdDoc '' + description = '' Alias directory for requests. ''; }; @@ -96,7 +96,7 @@ with lib; type = with types; nullOr (oneOf [ str int ]); default = null; example = "301 http://example.com$request_uri"; - description = lib.mdDoc '' + description = '' Adds a return directive, for e.g. redirections. ''; }; @@ -104,7 +104,7 @@ with lib; fastcgiParams = mkOption { type = types.attrsOf (types.either types.str types.path); default = {}; - description = lib.mdDoc '' + description = '' FastCGI parameters to override. Unlike in the Nginx configuration file, overriding only some default parameters won't unset the default values for other parameters. @@ -114,7 +114,7 @@ with lib; extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' These lines go to the end of the location verbatim. ''; }; @@ -122,7 +122,7 @@ with lib; priority = mkOption { type = types.int; default = 1000; - description = lib.mdDoc '' + description = '' Order of this location block in relation to the others in the vhost. The semantics are the same as with `lib.mkOrder`. Smaller values have a greater priority. @@ -133,7 +133,7 @@ with lib; type = types.bool; default = config.services.nginx.recommendedProxySettings; defaultText = literalExpression "config.services.nginx.recommendedProxySettings"; - description = lib.mdDoc '' + description = '' Enable recommended proxy settings. ''; }; diff --git a/nixpkgs/nixos/modules/services/web-servers/nginx/tailscale-auth.nix b/nixpkgs/nixos/modules/services/web-servers/nginx/tailscale-auth.nix index a2e4d4a30be5..ca272268f572 100644 --- a/nixpkgs/nixos/modules/services/web-servers/nginx/tailscale-auth.nix +++ b/nixpkgs/nixos/modules/services/web-servers/nginx/tailscale-auth.nix @@ -1,117 +1,57 @@ { config, lib, pkgs, ... }: -with lib; - let + inherit (lib) + genAttrs + maintainers + mkAliasOptionModule + mkEnableOption + mkIf + mkOption + types + ; cfg = config.services.nginx.tailscaleAuth; + cfgAuth = config.services.tailscaleAuth; in { - options.services.nginx.tailscaleAuth = { - enable = mkEnableOption (lib.mdDoc "Enable tailscale.nginx-auth, to authenticate nginx users via tailscale."); - - package = lib.mkPackageOptionMD pkgs "tailscale-nginx-auth" {}; - - user = mkOption { - type = types.str; - default = "tailscale-nginx-auth"; - description = lib.mdDoc "User which runs tailscale-nginx-auth"; - }; + imports = [ + (mkAliasOptionModule [ "services" "nginx" "tailscaleAuth" "package" ] [ "services" "tailscaleAuth" "package" ]) + (mkAliasOptionModule [ "services" "nginx" "tailscaleAuth" "user" ] [ "services" "tailscaleAuth" "user" ]) + (mkAliasOptionModule [ "services" "nginx" "tailscaleAuth" "group" ] [ "services" "tailscaleAuth" "group" ]) + (mkAliasOptionModule [ "services" "nginx" "tailscaleAuth" "socketPath" ] [ "services" "tailscaleAuth" "socketPath" ]) + ]; - group = mkOption { - type = types.str; - default = "tailscale-nginx-auth"; - description = lib.mdDoc "Group which runs tailscale-nginx-auth"; - }; + options.services.nginx.tailscaleAuth = { + enable = mkEnableOption "Enable tailscale.nginx-auth, to authenticate nginx users via tailscale."; expectedTailnet = mkOption { default = ""; type = types.nullOr types.str; example = "tailnet012345.ts.net"; - description = lib.mdDoc '' + description = '' If you want to prevent node sharing from allowing users to access services across tailnets, declare your expected tailnets domain here. ''; }; - socketPath = mkOption { - default = "/run/tailscale-nginx-auth/tailscale-nginx-auth.sock"; - type = types.path; - description = lib.mdDoc '' - Path of the socket listening to nginx authorization requests. - ''; - }; - virtualHosts = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' A list of nginx virtual hosts to put behind tailscale.nginx-auth ''; }; }; config = mkIf cfg.enable { - services.tailscale.enable = true; + services.tailscaleAuth.enable = true; services.nginx.enable = true; - users.users.${cfg.user} = { - isSystemUser = true; - inherit (cfg) group; - }; - users.groups.${cfg.group} = { }; - users.users.${config.services.nginx.user}.extraGroups = [ cfg.group ]; - systemd.sockets.tailscale-nginx-auth = { - description = "Tailscale NGINX Authentication socket"; - partOf = [ "tailscale-nginx-auth.service" ]; - wantedBy = [ "sockets.target" ]; - listenStreams = [ cfg.socketPath ]; - socketConfig = { - SocketMode = "0660"; - SocketUser = cfg.user; - SocketGroup = cfg.group; - }; - }; - + users.users.${config.services.nginx.user}.extraGroups = [ cfgAuth.group ]; systemd.services.tailscale-nginx-auth = { - description = "Tailscale NGINX Authentication service"; after = [ "nginx.service" ]; wants = [ "nginx.service" ]; - requires = [ "tailscale-nginx-auth.socket" ]; - - serviceConfig = { - ExecStart = "${lib.getExe cfg.package}"; - RuntimeDirectory = "tailscale-nginx-auth"; - User = cfg.user; - Group = cfg.group; - - BindPaths = [ "/run/tailscale/tailscaled.sock" ]; - - CapabilityBoundingSet = ""; - DeviceAllow = ""; - LockPersonality = true; - MemoryDenyWriteExecute = true; - PrivateDevices = true; - PrivateUsers = true; - ProtectClock = true; - ProtectControlGroups = true; - ProtectHome = true; - ProtectHostname = true; - ProtectKernelLogs = true; - ProtectKernelModules = true; - ProtectKernelTunables = true; - RestrictNamespaces = true; - RestrictAddressFamilies = [ "AF_UNIX" ]; - RestrictRealtime = true; - RestrictSUIDSGID = true; - - SystemCallArchitectures = "native"; - SystemCallErrorNumber = "EPERM"; - SystemCallFilter = [ - "@system-service" - "~@cpu-emulation" "~@debug" "~@keyring" "~@memlock" "~@obsolete" "~@privileged" "~@setuid" - ]; - }; }; services.nginx.virtualHosts = genAttrs @@ -121,7 +61,7 @@ in extraConfig = '' internal; - proxy_pass http://unix:${cfg.socketPath}; + proxy_pass http://unix:${cfgAuth.socketPath}; proxy_pass_request_body off; # Upstream uses $http_host here, but we are using gixy to check nginx configurations diff --git a/nixpkgs/nixos/modules/services/web-servers/nginx/vhost-options.nix b/nixpkgs/nixos/modules/services/web-servers/nginx/vhost-options.nix index ea98439d3823..24fcb101c910 100644 --- a/nixpkgs/nixos/modules/services/web-servers/nginx/vhost-options.nix +++ b/nixpkgs/nixos/modules/services/web-servers/nginx/vhost-options.nix @@ -11,7 +11,7 @@ with lib; serverName = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Name of this virtual host. Defaults to attribute name in virtualHosts. ''; example = "example.org"; @@ -21,7 +21,7 @@ with lib; type = types.listOf types.str; default = []; example = [ "www.example.org" "example.org" ]; - description = lib.mdDoc '' + description = '' Additional names of virtual hosts served by this virtual host configuration. ''; }; @@ -31,11 +31,11 @@ with lib; options = { addr = mkOption { type = str; - description = lib.mdDoc "Listen address."; + description = "Listen address."; }; port = mkOption { type = types.nullOr port; - description = lib.mdDoc '' + description = '' Port number to listen on. If unset and the listen address is not a socket then nginx defaults to 80. ''; @@ -43,17 +43,17 @@ with lib; }; ssl = mkOption { type = bool; - description = lib.mdDoc "Enable SSL."; + description = "Enable SSL."; default = false; }; proxyProtocol = mkOption { type = bool; - description = lib.mdDoc "Enable PROXY protocol."; + description = "Enable PROXY protocol."; default = false; }; extraParameters = mkOption { type = listOf str; - description = lib.mdDoc "Extra parameters of this listen directive."; + description = "Extra parameters of this listen directive."; default = [ ]; example = [ "backlog=1024" "deferred" ]; }; @@ -65,7 +65,7 @@ with lib; { addr = "192.154.1.1"; port = 80; } { addr = "unix:/var/run/nginx.sock"; } ]; - description = lib.mdDoc '' + description = '' Listen addresses and ports for this virtual host. IPv6 addresses must be enclosed in square brackets. Note: this option overrides `addSSL` @@ -79,7 +79,7 @@ with lib; listenAddresses = mkOption { type = with types; listOf str; - description = lib.mdDoc '' + description = '' Listen addresses for this virtual host. Compared to `listen` this only sets the addresses and the ports are chosen automatically. @@ -93,7 +93,7 @@ with lib; enableACME = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to ask Let's Encrypt to sign a certificate for this vhost. Alternately, you can use an existing certificate through {option}`useACMEHost`. ''; @@ -102,7 +102,7 @@ with lib; useACMEHost = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' A host of an existing Let's Encrypt certificate to use. This is useful if you have many subdomains and want to avoid hitting the [rate limit](https://letsencrypt.org/docs/rate-limits). @@ -114,7 +114,7 @@ with lib; acmeRoot = mkOption { type = types.nullOr types.str; default = "/var/lib/acme/acme-challenge"; - description = lib.mdDoc '' + description = '' Directory for the ACME challenge, which is **public**. Don't put certs or keys in here. Set to null to inherit from config.security.acme. ''; @@ -123,7 +123,7 @@ with lib; acmeFallbackHost = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Host which to proxy requests to if ACME challenge is not found. Useful if you want multiple hosts to be able to verify the same domain name. @@ -136,7 +136,7 @@ with lib; addSSL = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable HTTPS in addition to plain HTTP. This will set defaults for `listen` to listen on all interfaces on the respective default ports (80, 443). @@ -146,7 +146,7 @@ with lib; onlySSL = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable HTTPS and reject plain HTTP connections. This will set defaults for `listen` to listen on all interfaces on port 443. ''; @@ -161,7 +161,7 @@ with lib; forceSSL = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to add a separate nginx server block that redirects (defaults to 301, configurable with `redirectCode`) all plain HTTP traffic to HTTPS. This will set defaults for `listen` to listen on all interfaces @@ -173,7 +173,7 @@ with lib; rejectSSL = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to listen for and reject all HTTPS connections to this vhost. Useful in [default](#opt-services.nginx.virtualHosts._name_.default) server blocks to avoid serving the certificate for another vhost. Uses the @@ -185,7 +185,7 @@ with lib; kTLS = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable kTLS support. Implementing TLS in the kernel (kTLS) improves performance by significantly reducing the need for copying operations between user space and the kernel. @@ -196,26 +196,26 @@ with lib; sslCertificate = mkOption { type = types.path; example = "/var/host.cert"; - description = lib.mdDoc "Path to server SSL certificate."; + description = "Path to server SSL certificate."; }; sslCertificateKey = mkOption { type = types.path; example = "/var/host.key"; - description = lib.mdDoc "Path to server SSL certificate key."; + description = "Path to server SSL certificate key."; }; sslTrustedCertificate = mkOption { type = types.nullOr types.path; default = null; example = literalExpression ''"''${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"''; - description = lib.mdDoc "Path to root SSL certificate for stapling and client certificates."; + description = "Path to root SSL certificate for stapling and client certificates."; }; http2 = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable the HTTP/2 protocol. Note that (as of writing) due to nginx's implementation, to disable HTTP/2 you have to disable it on all vhosts that use a given @@ -229,7 +229,7 @@ with lib; http3 = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable the HTTP/3 protocol. This requires using `pkgs.nginxQuic` package which can be achieved by setting `services.nginx.package = pkgs.nginxQuic;` @@ -244,7 +244,7 @@ with lib; http3_hq = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests. This requires using `pkgs.nginxQuic` package which can be achieved by setting `services.nginx.package = pkgs.nginxQuic;` @@ -258,7 +258,7 @@ with lib; quic = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the QUIC transport protocol. This requires using `pkgs.nginxQuic` package which can be achieved by setting `services.nginx.package = pkgs.nginxQuic;`. @@ -271,7 +271,7 @@ with lib; reuseport = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Create an individual listening socket . It is required to specify only once on one of the hosts. ''; @@ -281,7 +281,7 @@ with lib; type = types.nullOr types.path; default = null; example = "/data/webserver/docs"; - description = lib.mdDoc '' + description = '' The path of the web root directory. ''; }; @@ -289,7 +289,7 @@ with lib; default = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Makes this vhost the default. ''; }; @@ -297,7 +297,7 @@ with lib; extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' These lines go to the end of the vhost verbatim. ''; }; @@ -306,7 +306,7 @@ with lib; type = types.nullOr types.str; default = null; example = "newserver.example.org"; - description = lib.mdDoc '' + description = '' If set, all requests for this host are redirected (defaults to 301, configurable with `redirectCode`) to the given hostname. ''; @@ -316,7 +316,7 @@ with lib; type = types.ints.between 300 399; default = 301; example = 308; - description = lib.mdDoc '' + description = '' HTTP status used by `globalRedirect` and `forceSSL`. Possible usecases include temporary (302, 307) redirects, keeping the request method and body (307, 308), or explicitly resetting the method to GET (303). @@ -332,7 +332,7 @@ with lib; user = "password"; }; ''; - description = lib.mdDoc '' + description = '' Basic Auth protection for a vhost. WARNING: This is implemented to store the password in plain text in the @@ -343,7 +343,7 @@ with lib; basicAuthFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Basic Auth password file for a vhost. Can be created via: {command}`htpasswd -c <filename> <username>`. @@ -364,7 +364,7 @@ with lib; }; }; ''; - description = lib.mdDoc "Declarative location config"; + description = "Declarative location config"; }; }; } diff --git a/nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix b/nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix index 4132a97b9543..ca77a0838f55 100644 --- a/nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix +++ b/nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix @@ -40,7 +40,7 @@ let socket = mkOption { type = types.str; readOnly = true; - description = lib.mdDoc '' + description = '' Path to the unix socket file on which to accept FastCGI requests. ::: {.note} @@ -54,7 +54,7 @@ let type = types.str; default = ""; example = "/path/to/unix/socket"; - description = lib.mdDoc '' + description = '' The address on which to accept FastCGI requests. ''; }; @@ -63,14 +63,14 @@ let type = types.package; default = cfg.phpPackage; defaultText = literalExpression "config.services.phpfpm.phpPackage"; - description = lib.mdDoc '' + description = '' The PHP package to use for running this PHP-FPM pool. ''; }; phpOptions = mkOption { type = types.lines; - description = lib.mdDoc '' + description = '' "Options appended to the PHP configuration file {file}`php.ini` used for this PHP-FPM pool." ''; }; @@ -78,7 +78,7 @@ let phpEnv = lib.mkOption { type = with types; attrsOf str; default = {}; - description = lib.mdDoc '' + description = '' Environment variables used for this PHP-FPM pool. ''; example = literalExpression '' @@ -93,18 +93,18 @@ let user = mkOption { type = types.str; - description = lib.mdDoc "User account under which this pool runs."; + description = "User account under which this pool runs."; }; group = mkOption { type = types.str; - description = lib.mdDoc "Group account under which this pool runs."; + description = "Group account under which this pool runs."; }; settings = mkOption { type = with types; attrsOf (oneOf [ str int bool ]); default = {}; - description = lib.mdDoc '' + description = '' PHP-FPM pool directives. Refer to the "List of pool directives" section of <https://www.php.net/manual/en/install.fpm.configuration.php> for details. Note that settings names must be enclosed in quotes (e.g. @@ -125,7 +125,7 @@ let extraConfig = mkOption { type = with types; nullOr lines; default = null; - description = lib.mdDoc '' + description = '' Extra lines that go into the pool configuration. See the documentation on `php-fpm.conf` for details on configuration directives. @@ -157,7 +157,7 @@ in { settings = mkOption { type = with types; attrsOf (oneOf [ str int bool ]); default = {}; - description = lib.mdDoc '' + description = '' PHP-FPM global directives. Refer to the "List of global php-fpm.conf directives" section of <https://www.php.net/manual/en/install.fpm.configuration.php> for details. Note that settings names must be enclosed in quotes (e.g. @@ -170,7 +170,7 @@ in { extraConfig = mkOption { type = with types; nullOr lines; default = null; - description = lib.mdDoc '' + description = '' Extra configuration that should be put in the global section of the PHP-FPM configuration file. Do not specify the options `error_log` or @@ -188,7 +188,7 @@ in { '' date.timezone = "CET" ''; - description = lib.mdDoc '' + description = '' Options appended to the PHP configuration file {file}`php.ini`. ''; }; @@ -212,7 +212,7 @@ in { }; } }''; - description = lib.mdDoc '' + description = '' PHP-FPM pools. If no pools are defined, the PHP-FPM service is disabled. ''; diff --git a/nixpkgs/nixos/modules/services/web-servers/pomerium.nix b/nixpkgs/nixos/modules/services/web-servers/pomerium.nix index 90748f74d24e..441475f91ce6 100644 --- a/nixpkgs/nixos/modules/services/web-servers/pomerium.nix +++ b/nixpkgs/nixos/modules/services/web-servers/pomerium.nix @@ -7,18 +7,18 @@ let in { options.services.pomerium = { - enable = mkEnableOption (lib.mdDoc "the Pomerium authenticating reverse proxy"); + enable = mkEnableOption "the Pomerium authenticating reverse proxy"; configFile = mkOption { type = with types; nullOr path; default = null; - description = lib.mdDoc "Path to Pomerium config YAML. If set, overrides services.pomerium.settings."; + description = "Path to Pomerium config YAML. If set, overrides services.pomerium.settings."; }; useACMEHost = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' If set, use a NixOS-generated ACME certificate with the specified name. Note that this will require you to use a non-HTTP-based challenge, or @@ -32,7 +32,7 @@ in }; settings = mkOption { - description = lib.mdDoc '' + description = '' The contents of Pomerium's config.yaml, in Nix expressions. Specifying configFile will override this in its entirety. @@ -48,7 +48,7 @@ in secretsFile = mkOption { type = with types; nullOr path; default = null; - description = lib.mdDoc '' + description = '' Path to file containing secrets for Pomerium, in systemd EnvironmentFile format. See the systemd.exec(5) man page. ''; diff --git a/nixpkgs/nixos/modules/services/web-servers/rustus.nix b/nixpkgs/nixos/modules/services/web-servers/rustus.nix index 6d3b2e6a65d9..b356133df085 100644 --- a/nixpkgs/nixos/modules/services/web-servers/rustus.nix +++ b/nixpkgs/nixos/modules/services/web-servers/rustus.nix @@ -8,11 +8,11 @@ in options.services.rustus = { - enable = mkEnableOption (lib.mdDoc "TUS protocol implementation in Rust"); + enable = mkEnableOption "TUS protocol implementation in Rust"; host = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The host that rustus will connect to. ''; default = "127.0.0.1"; @@ -21,7 +21,7 @@ in port = mkOption { type = types.port; - description = lib.mdDoc '' + description = '' The port that rustus will connect to. ''; default = 1081; @@ -30,7 +30,7 @@ in log_level = mkOption { type = types.enum [ "DEBUG" "INFO" "ERROR" ]; - description = lib.mdDoc '' + description = '' Desired log level ''; default = "INFO"; @@ -39,7 +39,7 @@ in max_body_size = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Maximum body size in bytes ''; default = "10000000"; # 10 mb @@ -48,7 +48,7 @@ in url = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' url path for uploads ''; default = "/files"; @@ -56,7 +56,7 @@ in disable_health_access_logs = mkOption { type = types.bool; - description = lib.mdDoc '' + description = '' disable access log for /health endpoint ''; default = false; @@ -64,7 +64,7 @@ in cors = mkOption { type = types.listOf types.str; - description = lib.mdDoc '' + description = '' list of origins allowed to upload ''; default = ["*"]; @@ -81,7 +81,7 @@ in "concatenation" "checksum" ]); - description = lib.mdDoc '' + description = '' Since TUS protocol offers extensibility you can turn off some protocol extensions. ''; default = [ @@ -97,7 +97,7 @@ in remove_parts = mkOption { type = types.bool; - description = lib.mdDoc '' + description = '' remove parts files after successful concatenation ''; default = true; @@ -105,7 +105,7 @@ in }; storage = lib.mkOption { - description = lib.mdDoc '' + description = '' Storages are used to actually store your files. You can configure where you want to store files. ''; default = {}; @@ -122,43 +122,43 @@ in options = { type = lib.mkOption { type = lib.types.enum ["file-storage" "hybrid-s3"]; - description = lib.mdDoc "Type of storage to use"; + description = "Type of storage to use"; }; s3_access_key_file = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "File path that contains the S3 access key."; + description = "File path that contains the S3 access key."; }; s3_secret_key_file = lib.mkOption { type = lib.types.path; - description = lib.mdDoc "File path that contains the S3 secret key."; + description = "File path that contains the S3 secret key."; }; s3_region = lib.mkOption { type = lib.types.str; default = "us-east-1"; - description = lib.mdDoc "S3 region name."; + description = "S3 region name."; }; s3_bucket = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "S3 bucket."; + description = "S3 bucket."; }; s3_url = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "S3 url."; + description = "S3 url."; }; force_sync = lib.mkOption { type = lib.types.bool; - description = lib.mdDoc "calls fsync system call after every write to disk in local storage"; + description = "calls fsync system call after every write to disk in local storage"; default = true; }; data_dir = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "path to the local directory where all files are stored"; + description = "path to the local directory where all files are stored"; default = "/var/lib/rustus"; }; dir_structure = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "pattern of a directory structure locally and on s3"; + description = "pattern of a directory structure locally and on s3"; default = "{year}/{month}/{day}"; }; }; @@ -166,7 +166,7 @@ in }; info_storage = lib.mkOption { - description = lib.mdDoc '' + description = '' Info storages are used to store information about file uploads. These storages must be persistent, because every time chunk is uploaded rustus updates information about upload. And when someone wants to download file, information about it requested from storage to get actual path of an upload. ''; default = {}; @@ -174,12 +174,12 @@ in options = { type = lib.mkOption { type = lib.types.enum ["file-info-storage"]; - description = lib.mdDoc "Type of info storage to use"; + description = "Type of info storage to use"; default = "file-info-storage"; }; dir = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "directory to store info about uploads"; + description = "directory to store info about uploads"; default = "/var/lib/rustus"; }; }; diff --git a/nixpkgs/nixos/modules/services/web-servers/stargazer.nix b/nixpkgs/nixos/modules/services/web-servers/stargazer.nix index 4eca33326040..da39c8172c8b 100644 --- a/nixpkgs/nixos/modules/services/web-servers/stargazer.nix +++ b/nixpkgs/nixos/modules/services/web-servers/stargazer.nix @@ -34,14 +34,14 @@ let in { options.services.stargazer = { - enable = lib.mkEnableOption (lib.mdDoc "Stargazer Gemini server"); + enable = lib.mkEnableOption "Stargazer Gemini server"; listen = lib.mkOption { type = lib.types.listOf lib.types.str; default = [ "0.0.0.0" ] ++ lib.optional config.networking.enableIPv6 "[::0]"; defaultText = lib.literalExpression ''[ "0.0.0.0" ] ++ lib.optional config.networking.enableIPv6 "[::0]"''; example = lib.literalExpression ''[ "10.0.0.12" "[2002:a00:1::]" ]''; - description = lib.mdDoc '' + description = '' Address and port to listen on. ''; }; @@ -49,25 +49,25 @@ in connectionLogging = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc "Whether or not to log connections to stdout."; + description = "Whether or not to log connections to stdout."; }; ipLog = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc "Log client IP addresses in the connection log."; + description = "Log client IP addresses in the connection log."; }; ipLogPartial = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc "Log partial client IP addresses in the connection log."; + description = "Log partial client IP addresses in the connection log."; }; requestTimeout = lib.mkOption { type = lib.types.int; default = 5; - description = lib.mdDoc '' + description = '' Number of seconds to wait for the client to send a complete request. Set to 0 to disable. ''; @@ -76,7 +76,7 @@ in responseTimeout = lib.mkOption { type = lib.types.int; default = 0; - description = lib.mdDoc '' + description = '' Number of seconds to wait for the client to send a complete request and for stargazer to finish sending the response. Set to 0 to disable. @@ -86,7 +86,7 @@ in store = lib.mkOption { type = lib.types.path; default = /var/lib/gemini/certs; - description = lib.mdDoc '' + description = '' Path to the certificate store on disk. This should be a persistent directory writable by Stargazer. ''; @@ -95,7 +95,7 @@ in certOrg = lib.mkOption { type = lib.types.str; default = "stargazer"; - description = lib.mdDoc '' + description = '' The name of the organization responsible for the X.509 certificate's /O name. ''; @@ -104,7 +104,7 @@ in genCerts = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc '' + description = '' Set to false to disable automatic certificate generation. Use if you want to provide your own certs. ''; @@ -113,7 +113,7 @@ in regenCerts = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc '' + description = '' Set to false to turn off automatic regeneration of expired certificates. Use if you want to provide your own certs. ''; @@ -122,7 +122,7 @@ in certLifetime = lib.mkOption { type = lib.types.str; default = ""; - description = lib.mdDoc '' + description = '' How long certs generated by Stargazer should live for. Certs live forever by default. ''; @@ -132,7 +132,7 @@ in debugMode = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc "Run Stargazer in debug mode."; + description = "Run Stargazer in debug mode."; }; routes = lib.mkOption { @@ -149,11 +149,11 @@ in }); options.route = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "Route section name"; + description = "Route section name"; }; }); default = [ ]; - description = lib.mdDoc '' + description = '' Routes that Stargazer should server. Expressed as a list of attribute sets. Each set must have a key `route` @@ -185,13 +185,13 @@ in user = lib.mkOption { type = lib.types.str; default = "stargazer"; - description = lib.mdDoc "User account under which stargazer runs."; + description = "User account under which stargazer runs."; }; group = lib.mkOption { type = lib.types.str; default = "stargazer"; - description = lib.mdDoc "Group account under which stargazer runs."; + description = "Group account under which stargazer runs."; }; }; diff --git a/nixpkgs/nixos/modules/services/web-servers/static-web-server.nix b/nixpkgs/nixos/modules/services/web-servers/static-web-server.nix index 07187f00fecc..9a80f141efcf 100644 --- a/nixpkgs/nixos/modules/services/web-servers/static-web-server.nix +++ b/nixpkgs/nixos/modules/services/web-servers/static-web-server.nix @@ -7,11 +7,11 @@ let in { options = { services.static-web-server = { - enable = lib.mkEnableOption (lib.mdDoc ''Static Web Server''); + enable = lib.mkEnableOption ''Static Web Server''; listen = lib.mkOption { default = "[::]:8787"; type = lib.types.str; - description = lib.mdDoc '' + description = '' The "ListenStream" used in static-web-server.socket. This is equivalent to SWS's "host" and "port" options. See here for specific syntax: <https://www.freedesktop.org/software/systemd/man/systemd.socket.html#ListenStream=> @@ -19,7 +19,7 @@ in { }; root = lib.mkOption { type = lib.types.path; - description = lib.mdDoc '' + description = '' The location of files for SWS to serve. Equivalent to SWS's "root" config value. NOTE: This folder must exist before starting SWS. ''; @@ -30,7 +30,7 @@ in { example = { general = { log-level = "error"; directory-listing = true; }; }; - description = lib.mdDoc '' + description = '' Configuration for Static Web Server. See <https://static-web-server.net/configuration/config-file/>. NOTE: Don't set "host", "port", or "root" here. They will be ignored. diff --git a/nixpkgs/nixos/modules/services/web-servers/tomcat.nix b/nixpkgs/nixos/modules/services/web-servers/tomcat.nix index 54ea7b66151f..e243778cc747 100644 --- a/nixpkgs/nixos/modules/services/web-servers/tomcat.nix +++ b/nixpkgs/nixos/modules/services/web-servers/tomcat.nix @@ -15,7 +15,7 @@ in options = { services.tomcat = { - enable = lib.mkEnableOption (lib.mdDoc "Apache Tomcat"); + enable = lib.mkEnableOption "Apache Tomcat"; package = lib.mkPackageOption pkgs "tomcat9" { example = "tomcat10"; @@ -24,7 +24,7 @@ in purifyOnStart = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' On startup, the `baseDir` directory is populated with various files, subdirectories and symlinks. If this option is enabled, these items (except for the `logs` and `work` subdirectories) are first removed. @@ -36,7 +36,7 @@ in baseDir = lib.mkOption { type = lib.types.path; default = "/var/tomcat"; - description = lib.mdDoc '' + description = '' Location where Tomcat stores configuration files, web applications and logfiles. Note that it is partially cleared on each service startup if `purifyOnStart` is enabled. @@ -46,63 +46,63 @@ in logDirs = lib.mkOption { default = [ ]; type = lib.types.listOf lib.types.path; - description = lib.mdDoc "Directories to create in baseDir/logs/"; + description = "Directories to create in baseDir/logs/"; }; extraConfigFiles = lib.mkOption { default = [ ]; type = lib.types.listOf lib.types.path; - description = lib.mdDoc "Extra configuration files to pull into the tomcat conf directory"; + description = "Extra configuration files to pull into the tomcat conf directory"; }; extraEnvironment = lib.mkOption { type = lib.types.listOf lib.types.str; default = [ ]; example = [ "ENVIRONMENT=production" ]; - description = lib.mdDoc "Environment Variables to pass to the tomcat service"; + description = "Environment Variables to pass to the tomcat service"; }; extraGroups = lib.mkOption { default = [ ]; type = lib.types.listOf lib.types.str; example = [ "users" ]; - description = lib.mdDoc "Defines extra groups to which the tomcat user belongs."; + description = "Defines extra groups to which the tomcat user belongs."; }; user = lib.mkOption { type = lib.types.str; default = "tomcat"; - description = lib.mdDoc "User account under which Apache Tomcat runs."; + description = "User account under which Apache Tomcat runs."; }; group = lib.mkOption { type = lib.types.str; default = "tomcat"; - description = lib.mdDoc "Group account under which Apache Tomcat runs."; + description = "Group account under which Apache Tomcat runs."; }; javaOpts = lib.mkOption { type = lib.types.either (lib.types.listOf lib.types.str) lib.types.str; default = ""; - description = lib.mdDoc "Parameters to pass to the Java Virtual Machine which spawns Apache Tomcat"; + description = "Parameters to pass to the Java Virtual Machine which spawns Apache Tomcat"; }; catalinaOpts = lib.mkOption { type = lib.types.either (lib.types.listOf lib.types.str) lib.types.str; default = ""; - description = lib.mdDoc "Parameters to pass to the Java Virtual Machine which spawns the Catalina servlet container"; + description = "Parameters to pass to the Java Virtual Machine which spawns the Catalina servlet container"; }; sharedLibs = lib.mkOption { type = lib.types.listOf lib.types.str; default = [ ]; - description = lib.mdDoc "List containing JAR files or directories with JAR files which are libraries shared by the web applications"; + description = "List containing JAR files or directories with JAR files which are libraries shared by the web applications"; }; serverXml = lib.mkOption { type = lib.types.lines; default = ""; - description = lib.mdDoc '' + description = '' Verbatim server.xml configuration. This is mutually exclusive with the virtualHosts options. ''; @@ -111,14 +111,14 @@ in commonLibs = lib.mkOption { type = lib.types.listOf lib.types.str; default = [ ]; - description = lib.mdDoc "List containing JAR files or directories with JAR files which are libraries shared by the web applications and the servlet container"; + description = "List containing JAR files or directories with JAR files which are libraries shared by the web applications and the servlet container"; }; webapps = lib.mkOption { type = lib.types.listOf lib.types.path; default = [ tomcat.webapps ]; defaultText = lib.literalExpression "[ config.services.tomcat.package.webapps ]"; - description = lib.mdDoc "List containing WAR files or directories with WAR files which are web applications to be deployed on Tomcat"; + description = "List containing WAR files or directories with WAR files which are web applications to be deployed on Tomcat"; }; virtualHosts = lib.mkOption { @@ -126,16 +126,16 @@ in options = { name = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "name of the virtualhost"; + description = "name of the virtualhost"; }; aliases = lib.mkOption { type = lib.types.listOf lib.types.str; - description = lib.mdDoc "aliases of the virtualhost"; + description = "aliases of the virtualhost"; default = [ ]; }; webapps = lib.mkOption { type = lib.types.listOf lib.types.path; - description = lib.mdDoc '' + description = '' List containing web application WAR files and/or directories containing web applications and configuration files for the virtual host. ''; @@ -144,13 +144,13 @@ in }; }); default = [ ]; - description = lib.mdDoc "List consisting of a virtual host name and a list of web applications to deploy on each virtual host"; + description = "List consisting of a virtual host name and a list of web applications to deploy on each virtual host"; }; logPerVirtualHost = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc "Whether to enable logging per virtual host."; + description = "Whether to enable logging per virtual host."; }; jdk = lib.mkPackageOption pkgs "jdk" { }; @@ -161,7 +161,7 @@ in services = lib.mkOption { default = [ ]; type = lib.types.listOf lib.types.str; - description = lib.mdDoc "List containing AAR files or directories with AAR files which are web services to be deployed on Axis2"; + description = "List containing AAR files or directories with AAR files which are web services to be deployed on Axis2"; }; }; }; diff --git a/nixpkgs/nixos/modules/services/web-servers/traefik.nix b/nixpkgs/nixos/modules/services/web-servers/traefik.nix index fc9eb504ebf8..9c53455bcf3d 100644 --- a/nixpkgs/nixos/modules/services/web-servers/traefik.nix +++ b/nixpkgs/nixos/modules/services/web-servers/traefik.nix @@ -55,20 +55,20 @@ let else "/run/traefik/config.toml"; in { options.services.traefik = { - enable = mkEnableOption (lib.mdDoc "Traefik web server"); + enable = mkEnableOption "Traefik web server"; staticConfigFile = mkOption { default = null; example = literalExpression "/path/to/static_config.toml"; type = types.nullOr types.path; - description = lib.mdDoc '' + description = '' Path to traefik's static configuration to use. (Using that option has precedence over `staticConfigOptions` and `dynamicConfigOptions`) ''; }; staticConfigOptions = mkOption { - description = lib.mdDoc '' + description = '' Static configuration for Traefik. ''; type = jsonValue; @@ -85,14 +85,14 @@ in { default = null; example = literalExpression "/path/to/dynamic_config.toml"; type = types.nullOr types.path; - description = lib.mdDoc '' + description = '' Path to traefik's dynamic configuration to use. (Using that option has precedence over `dynamicConfigOptions`) ''; }; dynamicConfigOptions = mkOption { - description = lib.mdDoc '' + description = '' Dynamic configuration for Traefik. ''; type = jsonValue; @@ -111,7 +111,7 @@ in { dataDir = mkOption { default = "/var/lib/traefik"; type = types.path; - description = lib.mdDoc '' + description = '' Location for any persistent data traefik creates, ie. acme ''; }; @@ -120,7 +120,7 @@ in { default = "traefik"; type = types.str; example = "docker"; - description = lib.mdDoc '' + description = '' Set the group that traefik runs under. For the docker backend this needs to be set to `docker` instead. ''; @@ -132,7 +132,7 @@ in { default = []; type = types.listOf types.path; example = [ "/run/secrets/traefik.env" ]; - description = lib.mdDoc '' + description = '' Files to load as environment file. Environment variables from this file will be substituted into the static configuration file using envsubst. ''; diff --git a/nixpkgs/nixos/modules/services/web-servers/trafficserver/default.nix b/nixpkgs/nixos/modules/services/web-servers/trafficserver/default.nix index 17dece8746a1..1cae7c7e13df 100644 --- a/nixpkgs/nixos/modules/services/web-servers/trafficserver/default.nix +++ b/nixpkgs/nixos/modules/services/web-servers/trafficserver/default.nix @@ -33,13 +33,13 @@ let in { options.services.trafficserver = { - enable = mkEnableOption (lib.mdDoc "Apache Traffic Server"); + enable = mkEnableOption "Apache Traffic Server"; cache = mkOption { type = types.lines; default = ""; example = "dest_domain=example.com suffix=js action=never-cache"; - description = lib.mdDoc '' + description = '' Caching rules that overrule the origin's caching policy. Consult the [upstream @@ -51,7 +51,7 @@ in type = types.lines; default = ""; example = "domain=example.com volume=1"; - description = lib.mdDoc '' + description = '' Partition the cache according to origin server or domain Consult the [ @@ -73,7 +73,7 @@ in }]; } ''; - description = lib.mdDoc '' + description = '' Control client access to Traffic Server and Traffic Server connections to upstream servers. @@ -87,7 +87,7 @@ in default = lib.importJSON ./logging.json; defaultText = literalMD "upstream defaults"; example = { }; - description = lib.mdDoc '' + description = '' Configure logs. Consult the [upstream @@ -101,7 +101,7 @@ in example = '' dest_domain=. method=get parent="p1.example:8080; p2.example:8080" round_robin=true ''; - description = lib.mdDoc '' + description = '' Identify the parent proxies used in an cache hierarchy. Consult the [upstream @@ -112,7 +112,7 @@ in plugins = mkOption { default = [ ]; - description = lib.mdDoc '' + description = '' Controls run-time loadable plugins available to Traffic Server, as well as their configuration. @@ -125,7 +125,7 @@ in options.path = mkOption { type = str; example = "xdebug.so"; - description = lib.mdDoc '' + description = '' Path to plugin. The path can either be absolute, or relative to the plugin directory. ''; @@ -134,7 +134,7 @@ in type = str; default = ""; example = "--header=ATS-My-Debug"; - description = lib.mdDoc "arguments to pass to the plugin"; + description = "arguments to pass to the plugin"; }; }); }; @@ -148,7 +148,7 @@ in valueType; default = { }; example = { proxy.config.proxy_name = "my_server"; }; - description = lib.mdDoc '' + description = '' List of configurable variables used by Traffic Server. Consult the [ @@ -160,7 +160,7 @@ in type = types.lines; default = ""; example = "map http://from.example http://origin.example"; - description = lib.mdDoc '' + description = '' URL remapping rules used by Traffic Server. Consult the [ @@ -175,7 +175,7 @@ in dest_domain=internal.corp.example named="255.255.255.255:212 255.255.255.254" def_domain=corp.example search_list="corp.example corp1.example" dest_domain=!internal.corp.example named=255.255.255.253 ''; - description = lib.mdDoc '' + description = '' Specify the DNS server that Traffic Server should use under specific conditions. @@ -188,7 +188,7 @@ in type = types.lines; default = ""; example = "dest_ip=* ssl_cert_name=default.pem"; - description = lib.mdDoc '' + description = '' Configure SSL server certificates to terminate the SSL sessions. Consult the [ @@ -207,7 +207,7 @@ in }]; } ''; - description = lib.mdDoc '' + description = '' Configure aspects of TLS connection handling for both inbound and outbound connections. @@ -220,7 +220,7 @@ in type = types.lines; default = "/var/cache/trafficserver 256M"; example = "/dev/disk/by-id/XXXXX volume=1"; - description = lib.mdDoc '' + description = '' List all the storage that make up the Traffic Server cache. Consult the [ @@ -231,7 +231,7 @@ in strategies = mkOption { type = types.nullOr yaml.type; default = null; - description = lib.mdDoc '' + description = '' Specify the next hop proxies used in an cache hierarchy and the algorithms used to select the next proxy. @@ -244,7 +244,7 @@ in type = types.nullOr yaml.type; default = ""; example = "volume=1 scheme=http size=20%"; - description = lib.mdDoc '' + description = '' Manage cache space more efficiently and restrict disk usage by creating cache volumes of different sizes. diff --git a/nixpkgs/nixos/modules/services/web-servers/unit/default.nix b/nixpkgs/nixos/modules/services/web-servers/unit/default.nix index a5f1a872ce81..5e7b7be91a15 100644 --- a/nixpkgs/nixos/modules/services/web-servers/unit/default.nix +++ b/nixpkgs/nixos/modules/services/web-servers/unit/default.nix @@ -10,27 +10,27 @@ let in { options = { services.unit = { - enable = mkEnableOption (lib.mdDoc "Unit App Server"); + enable = mkEnableOption "Unit App Server"; package = mkPackageOption pkgs "unit" { }; user = mkOption { type = types.str; default = "unit"; - description = lib.mdDoc "User account under which unit runs."; + description = "User account under which unit runs."; }; group = mkOption { type = types.str; default = "unit"; - description = lib.mdDoc "Group account under which unit runs."; + description = "Group account under which unit runs."; }; stateDir = mkOption { type = types.path; default = "/var/spool/unit"; - description = lib.mdDoc "Unit data directory."; + description = "Unit data directory."; }; logDir = mkOption { type = types.path; default = "/var/log/unit"; - description = lib.mdDoc "Unit log directory."; + description = "Unit log directory."; }; config = mkOption { type = types.str; @@ -70,7 +70,7 @@ in { } } ''; - description = lib.mdDoc "Unit configuration in JSON format. More details here https://unit.nginx.org/configuration"; + description = "Unit configuration in JSON format. More details here https://unit.nginx.org/configuration"; }; }; }; diff --git a/nixpkgs/nixos/modules/services/web-servers/uwsgi.nix b/nixpkgs/nixos/modules/services/web-servers/uwsgi.nix index c076375ed857..517ae5e03a04 100644 --- a/nixpkgs/nixos/modules/services/web-servers/uwsgi.nix +++ b/nixpkgs/nixos/modules/services/web-servers/uwsgi.nix @@ -75,13 +75,13 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable uWSGI"; + description = "Enable uWSGI"; }; runDir = mkOption { type = types.path; default = "/run/uwsgi"; - description = lib.mdDoc "Where uWSGI communication sockets can live"; + description = "Where uWSGI communication sockets can live"; }; package = mkOption { @@ -124,7 +124,7 @@ in { }; } ''; - description = lib.mdDoc '' + description = '' uWSGI configuration. It awaits an attribute `type` inside which can be either `normal` or `emperor`. @@ -142,19 +142,19 @@ in { plugins = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc "Plugins used with uWSGI"; + description = "Plugins used with uWSGI"; }; user = mkOption { type = types.str; default = "uwsgi"; - description = lib.mdDoc "User account under which uWSGI runs."; + description = "User account under which uWSGI runs."; }; group = mkOption { type = types.str; default = "uwsgi"; - description = lib.mdDoc "Group account under which uWSGI runs."; + description = "Group account under which uWSGI runs."; }; capabilities = mkOption { @@ -167,7 +167,7 @@ in { "CAP_NET_RAW" # open raw sockets ] ''; - description = lib.mdDoc '' + description = '' Grant capabilities to the uWSGI instance. See the `capabilities(7)` for available values. diff --git a/nixpkgs/nixos/modules/services/web-servers/varnish/default.nix b/nixpkgs/nixos/modules/services/web-servers/varnish/default.nix index 857dd64c01be..b8e7532b2e0a 100644 --- a/nixpkgs/nixos/modules/services/web-servers/varnish/default.nix +++ b/nixpkgs/nixos/modules/services/web-servers/varnish/default.nix @@ -11,23 +11,23 @@ in { options = { services.varnish = { - enable = mkEnableOption (lib.mdDoc "Varnish Server"); + enable = mkEnableOption "Varnish Server"; - enableConfigCheck = mkEnableOption (lib.mdDoc "checking the config during build time") // { default = true; }; + enableConfigCheck = mkEnableOption "checking the config during build time" // { default = true; }; package = mkPackageOption pkgs "varnish" { }; http_address = mkOption { type = types.str; default = "*:6081"; - description = lib.mdDoc '' + description = '' HTTP listen address and port. ''; }; config = mkOption { type = types.lines; - description = lib.mdDoc '' + description = '' Verbatim default.vcl configuration. ''; }; @@ -36,7 +36,7 @@ in type = types.path; default = "/var/spool/varnish/${config.networking.hostName}"; defaultText = literalExpression ''"/var/spool/varnish/''${config.networking.hostName}"''; - description = lib.mdDoc '' + description = '' Directory holding all state for Varnish to run. ''; }; @@ -45,7 +45,7 @@ in type = types.listOf types.package; default = []; example = literalExpression "[ pkgs.varnishPackages.geoip ]"; - description = lib.mdDoc '' + description = '' Varnish modules (except 'std'). ''; }; @@ -54,7 +54,7 @@ in type = types.str; default = ""; example = "-s malloc,256M"; - description = lib.mdDoc '' + description = '' Command line switches for varnishd (run 'varnishd -?' to get list of options) ''; }; diff --git a/nixpkgs/nixos/modules/services/x11/clight.nix b/nixpkgs/nixos/modules/services/x11/clight.nix index 0f66e191fe28..40a0f3e065d0 100644 --- a/nixpkgs/nixos/modules/services/x11/clight.nix +++ b/nixpkgs/nixos/modules/services/x11/clight.nix @@ -28,13 +28,13 @@ let cfg.settings)); in { options.services.clight = { - enable = mkEnableOption (lib.mdDoc "clight"); + enable = mkEnableOption "clight"; temperature = { day = mkOption { type = types.int; default = 5500; - description = lib.mdDoc '' + description = '' Colour temperature to use during the day, between `1000` and `25000` K. ''; @@ -42,7 +42,7 @@ in { night = mkOption { type = types.int; default = 3700; - description = lib.mdDoc '' + description = '' Colour temperature to use at night, between `1000` and `25000` K. ''; @@ -56,7 +56,7 @@ in { type = with types; attrsOf (nullOr (either collectionTypes (attrsOf collectionTypes))); default = {}; example = { captures = 20; gamma_long_transition = true; ac_capture_timeouts = [ 120 300 60 ]; }; - description = lib.mdDoc '' + description = '' Additional configuration to extend clight.conf. See <https://github.com/FedeDP/Clight/blob/master/Extra/clight.conf> for a sample configuration file. diff --git a/nixpkgs/nixos/modules/services/x11/colord.nix b/nixpkgs/nixos/modules/services/x11/colord.nix index cb7b9096e5db..31ccee6aa33f 100644 --- a/nixpkgs/nixos/modules/services/x11/colord.nix +++ b/nixpkgs/nixos/modules/services/x11/colord.nix @@ -11,7 +11,7 @@ in { options = { services.colord = { - enable = mkEnableOption (lib.mdDoc "colord, the color management daemon"); + enable = mkEnableOption "colord, the color management daemon"; }; }; diff --git a/nixpkgs/nixos/modules/services/x11/desktop-managers/budgie.nix b/nixpkgs/nixos/modules/services/x11/desktop-managers/budgie.nix index 466ef5c565b7..b4e739029335 100644 --- a/nixpkgs/nixos/modules/services/x11/desktop-managers/budgie.nix +++ b/nixpkgs/nixos/modules/services/x11/desktop-managers/budgie.nix @@ -1,7 +1,7 @@ { lib, pkgs, config, utils, ... }: let - inherit (lib) concatMapStrings literalExpression mdDoc mkDefault mkEnableOption mkIf mkOption types; + inherit (lib) concatMapStrings literalExpression mkDefault mkEnableOption mkIf mkOption types; cfg = config.services.xserver.desktopManager.budgie; @@ -43,15 +43,17 @@ let budgie-control-center = pkgs.budgie.budgie-control-center.override { enableSshSocket = config.services.openssh.startWhenNeeded; }; + + notExcluded = pkg: (!(lib.elem pkg config.environment.budgie.excludePackages)); in { meta.maintainers = lib.teams.budgie.members; options = { services.xserver.desktopManager.budgie = { - enable = mkEnableOption (mdDoc "the Budgie desktop"); + enable = mkEnableOption "the Budgie desktop"; sessionPath = mkOption { - description = lib.mdDoc '' + description = '' Additional list of packages to be added to the session search path. Useful for GSettings-conditional autostart. @@ -63,19 +65,19 @@ in { }; extraGSettingsOverrides = mkOption { - description = mdDoc "Additional GSettings overrides."; + description = "Additional GSettings overrides."; type = types.lines; default = ""; }; extraGSettingsOverridePackages = mkOption { - description = mdDoc "List of packages for which GSettings are overridden."; + description = "List of packages for which GSettings are overridden."; type = types.listOf types.path; default = []; }; extraPlugins = mkOption { - description = mdDoc "Extra plugins for the Budgie desktop"; + description = "Extra plugins for the Budgie desktop"; type = types.listOf types.package; default = []; example = literalExpression "[ pkgs.budgiePlugins.budgie-analogue-clock-applet ]"; @@ -83,7 +85,7 @@ in { }; environment.budgie.excludePackages = mkOption { - description = mdDoc "Which packages Budgie should exclude from the default environment."; + description = "Which packages Budgie should exclude from the default environment."; type = types.listOf types.package; default = []; example = literalExpression "[ pkgs.mate-terminal ]"; @@ -91,7 +93,7 @@ in { }; config = mkIf cfg.enable { - services.xserver.displayManager.sessionPackages = with pkgs; [ + services.displayManager.sessionPackages = with pkgs; [ budgie.budgie-desktop ]; @@ -160,7 +162,7 @@ in { ++ cfg.sessionPath; # Both budgie-desktop-view and nemo defaults to this emulator. - programs.gnome-terminal.enable = mkDefault true; + programs.gnome-terminal.enable = mkDefault (notExcluded pkgs.gnome.gnome-terminal); # Fonts. fonts.packages = [ @@ -212,7 +214,7 @@ in { services.geoclue2.enable = mkDefault true; # for BCC's Privacy > Location Services panel. services.upower.enable = config.powerManagement.enable; # for Budgie's Status Indicator and BCC's Power panel. - services.xserver.libinput.enable = mkDefault true; # for BCC's Mouse panel. + services.libinput.enable = mkDefault true; # for BCC's Mouse panel. services.colord.enable = mkDefault true; # for BCC's Color panel. services.gnome.at-spi2-core.enable = mkDefault true; # for BCC's A11y panel. services.accounts-daemon.enable = mkDefault true; # for BCC's Users panel. diff --git a/nixpkgs/nixos/modules/services/x11/desktop-managers/cde.nix b/nixpkgs/nixos/modules/services/x11/desktop-managers/cde.nix index ad4b5d27f9d9..ae9a8ce22392 100644 --- a/nixpkgs/nixos/modules/services/x11/desktop-managers/cde.nix +++ b/nixpkgs/nixos/modules/services/x11/desktop-managers/cde.nix @@ -7,7 +7,7 @@ let cfg = xcfg.desktopManager.cde; in { options.services.xserver.desktopManager.cde = { - enable = mkEnableOption (lib.mdDoc "Common Desktop Environment"); + enable = mkEnableOption "Common Desktop Environment"; extraPackages = mkOption { type = with types; listOf package; @@ -19,7 +19,7 @@ in { xclock bitmap xlsfonts xfd xrefresh xload xwininfo xdpyinfo xwd xwud ] ''; - description = lib.mdDoc '' + description = '' Extra packages to be installed system wide. ''; }; diff --git a/nixpkgs/nixos/modules/services/x11/desktop-managers/cinnamon.nix b/nixpkgs/nixos/modules/services/x11/desktop-managers/cinnamon.nix index f5a6c05865c4..482527d1e8ad 100644 --- a/nixpkgs/nixos/modules/services/x11/desktop-managers/cinnamon.nix +++ b/nixpkgs/nixos/modules/services/x11/desktop-managers/cinnamon.nix @@ -18,17 +18,17 @@ in { options = { services.cinnamon = { - apps.enable = mkEnableOption (lib.mdDoc "Cinnamon default applications"); + apps.enable = mkEnableOption "Cinnamon default applications"; }; services.xserver.desktopManager.cinnamon = { - enable = mkEnableOption (lib.mdDoc "the cinnamon desktop manager"); + enable = mkEnableOption "the cinnamon desktop manager"; sessionPath = mkOption { default = []; type = types.listOf types.package; example = literalExpression "[ pkgs.gnome.gpaste ]"; - description = lib.mdDoc '' + description = '' Additional list of packages to be added to the session search path. Useful for GSettings-conditional autostart. @@ -39,13 +39,13 @@ in extraGSettingsOverrides = mkOption { default = ""; type = types.lines; - description = lib.mdDoc "Additional gsettings overrides."; + description = "Additional gsettings overrides."; }; extraGSettingsOverridePackages = mkOption { default = []; type = types.listOf types.path; - description = lib.mdDoc "List of packages for which gsettings are overridden."; + description = "List of packages for which gsettings are overridden."; }; }; @@ -53,14 +53,14 @@ in default = []; example = literalExpression "[ pkgs.cinnamon.blueberry ]"; type = types.listOf types.package; - description = lib.mdDoc "Which packages cinnamon should exclude from the default environment"; + description = "Which packages cinnamon should exclude from the default environment"; }; }; config = mkMerge [ (mkIf cfg.enable { - services.xserver.displayManager.sessionPackages = [ pkgs.cinnamon.cinnamon-common ]; + services.displayManager.sessionPackages = [ pkgs.cinnamon.cinnamon-common ]; services.xserver.displayManager.lightdm.greeters.slick = { enable = mkDefault true; @@ -95,7 +95,7 @@ in ''; # Default services - services.blueman.enable = mkDefault true; + services.blueman.enable = mkDefault (notExcluded pkgs.blueman); hardware.bluetooth.enable = mkDefault true; hardware.pulseaudio.enable = mkDefault true; security.polkit.enable = true; @@ -116,7 +116,7 @@ in services.touchegg.enable = mkDefault true; services.udisks2.enable = true; services.upower.enable = mkDefault config.powerManagement.enable; - services.xserver.libinput.enable = mkDefault true; + services.libinput.enable = mkDefault true; services.xserver.updateDbusEnvironment = true; networking.networkmanager.enable = mkDefault true; @@ -228,10 +228,10 @@ in }) (mkIf serviceCfg.apps.enable { - programs.geary.enable = mkDefault true; - programs.gnome-disks.enable = mkDefault true; - programs.gnome-terminal.enable = mkDefault true; - programs.file-roller.enable = mkDefault true; + programs.geary.enable = mkDefault (notExcluded pkgs.gnome.geary); + programs.gnome-disks.enable = mkDefault (notExcluded pkgs.gnome.gnome-disk-utility); + programs.gnome-terminal.enable = mkDefault (notExcluded pkgs.gnome.gnome-terminal); + programs.file-roller.enable = mkDefault (notExcluded pkgs.gnome.file-roller); environment.systemPackages = with pkgs // pkgs.gnome // pkgs.cinnamon; utils.removePackagesByName [ # cinnamon team apps diff --git a/nixpkgs/nixos/modules/services/x11/desktop-managers/deepin.nix b/nixpkgs/nixos/modules/services/x11/desktop-managers/deepin.nix index 902e3a9317dd..30bd14adb419 100644 --- a/nixpkgs/nixos/modules/services/x11/desktop-managers/deepin.nix +++ b/nixpkgs/nixos/modules/services/x11/desktop-managers/deepin.nix @@ -15,31 +15,31 @@ in options = { services.xserver.desktopManager.deepin = { - enable = mkEnableOption (lib.mdDoc "Deepin desktop manager"); + enable = mkEnableOption "Deepin desktop manager"; extraGSettingsOverrides = mkOption { default = ""; type = types.lines; - description = lib.mdDoc "Additional gsettings overrides."; + description = "Additional gsettings overrides."; }; extraGSettingsOverridePackages = mkOption { default = [ ]; type = types.listOf types.path; - description = lib.mdDoc "List of packages for which gsettings are overridden."; + description = "List of packages for which gsettings are overridden."; }; }; environment.deepin.excludePackages = mkOption { default = [ ]; type = types.listOf types.package; - description = lib.mdDoc "List of default packages to exclude from the configuration"; + description = "List of default packages to exclude from the configuration"; }; }; config = mkIf cfg.enable { - services.xserver.displayManager.sessionPackages = [ pkgs.deepin.dde-session ]; - services.xserver.displayManager.defaultSession = mkDefault "dde-x11"; + services.displayManager.sessionPackages = [ pkgs.deepin.dde-session ]; + services.displayManager.defaultSession = mkDefault "dde-x11"; # Update the DBus activation environment after launching the desktop manager. services.xserver.displayManager.sessionCommands = '' @@ -61,7 +61,7 @@ in services.gnome.gnome-keyring.enable = mkDefault true; services.bamf.enable = mkDefault true; - services.xserver.libinput.enable = mkDefault true; + services.libinput.enable = mkDefault true; services.udisks2.enable = true; services.upower.enable = mkDefault config.powerManagement.enable; networking.networkmanager.enable = mkDefault true; diff --git a/nixpkgs/nixos/modules/services/x11/desktop-managers/default.nix b/nixpkgs/nixos/modules/services/x11/desktop-managers/default.nix index 33d0a7b52643..42e66e86e1a3 100644 --- a/nixpkgs/nixos/modules/services/x11/desktop-managers/default.nix +++ b/nixpkgs/nixos/modules/services/x11/desktop-managers/default.nix @@ -1,8 +1,7 @@ { config, lib, pkgs, ... }: -with lib; - let + inherit (lib) mkOption types; xcfg = config.services.xserver; cfg = xcfg.desktopManager; @@ -21,7 +20,7 @@ in ./none.nix ./xterm.nix ./phosh.nix ./xfce.nix ./plasma5.nix ../../desktop-managers/plasma6.nix ./lumina.nix ./lxqt.nix ./enlightenment.nix ./gnome.nix ./retroarch.nix ./kodi.nix ./mate.nix ./pantheon.nix ./surf-display.nix ./cde.nix - ./cinnamon.nix ./budgie.nix ./deepin.nix + ./cinnamon.nix ./budgie.nix ./deepin.nix ../../desktop-managers/lomiri.nix ]; options = { @@ -33,7 +32,7 @@ in type = types.enum [ "center" "fill" "max" "scale" "tile" ]; default = "scale"; example = "fill"; - description = lib.mdDoc '' + description = '' The file {file}`~/.background-image` is used as a background image. This option specifies the placement of this image onto your desktop. @@ -49,7 +48,7 @@ in combineScreens = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' When set to `true` the wallpaper will stretch across all screens. When set to `false` the wallpaper is duplicated to all screens. ''; @@ -59,12 +58,12 @@ in session = mkOption { internal = true; default = []; - example = singleton + example = lib.singleton { name = "kde"; bgSupport = true; start = "..."; }; - description = lib.mdDoc '' + description = '' Internal option used to add some common line to desktop manager scripts before forwarding the value to the `displayManager`. @@ -73,26 +72,15 @@ in manage = "desktop"; start = d.start # literal newline to ensure d.start's last line is not appended to - + optionalString (needBGCond d) '' + + lib.optionalString (needBGCond d) '' if [ -e $HOME/.background-image ]; then - ${pkgs.feh}/bin/feh --bg-${cfg.wallpaper.mode} ${optionalString cfg.wallpaper.combineScreens "--no-xinerama"} $HOME/.background-image + ${pkgs.feh}/bin/feh --bg-${cfg.wallpaper.mode} ${lib.optionalString cfg.wallpaper.combineScreens "--no-xinerama"} $HOME/.background-image fi ''; }); }; - default = mkOption { - type = types.nullOr types.str; - default = null; - example = "none"; - description = lib.mdDoc '' - **Deprecated**, please use [](#opt-services.xserver.displayManager.defaultSession) instead. - - Default desktop manager loaded if none have been chosen. - ''; - }; - }; }; diff --git a/nixpkgs/nixos/modules/services/x11/desktop-managers/enlightenment.nix b/nixpkgs/nixos/modules/services/x11/desktop-managers/enlightenment.nix index 28dd408c923c..0a341ba133d3 100644 --- a/nixpkgs/nixos/modules/services/x11/desktop-managers/enlightenment.nix +++ b/nixpkgs/nixos/modules/services/x11/desktop-managers/enlightenment.nix @@ -29,7 +29,7 @@ in services.xserver.desktopManager.enlightenment.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable the Enlightenment desktop environment."; + description = "Enable the Enlightenment desktop environment."; }; }; @@ -54,7 +54,7 @@ in "/share/locale" ]; - services.xserver.displayManager.sessionPackages = [ pkgs.enlightenment.enlightenment ]; + services.displayManager.sessionPackages = [ pkgs.enlightenment.enlightenment ]; services.xserver.displayManager.sessionCommands = '' if test "$XDG_CURRENT_DESKTOP" = "Enlightenment"; then @@ -96,7 +96,7 @@ in services.udisks2.enable = true; services.upower.enable = config.powerManagement.enable; - services.xserver.libinput.enable = mkDefault true; + services.libinput.enable = mkDefault true; services.dbus.packages = [ e.efl ]; diff --git a/nixpkgs/nixos/modules/services/x11/desktop-managers/gnome.nix b/nixpkgs/nixos/modules/services/x11/desktop-managers/gnome.nix index 2cf9bc2eac37..ce300431d47c 100644 --- a/nixpkgs/nixos/modules/services/x11/desktop-managers/gnome.nix +++ b/nixpkgs/nixos/modules/services/x11/desktop-managers/gnome.nix @@ -1,8 +1,7 @@ { config, lib, pkgs, utils, ... }: -with lib; - let + inherit (lib) mkOption types mkDefault mkEnableOption literalExpression; cfg = config.services.xserver.desktopManager.gnome; serviceCfg = config.services.gnome; @@ -51,8 +50,8 @@ let destination = "/share/gnome-background-properties/nixos.xml"; }; - flashbackEnabled = cfg.flashback.enableMetacity || length cfg.flashback.customSessions > 0; - flashbackWms = optional cfg.flashback.enableMetacity { + flashbackEnabled = cfg.flashback.enableMetacity || lib.length cfg.flashback.customSessions > 0; + flashbackWms = lib.optional cfg.flashback.enableMetacity { wmName = "metacity"; wmLabel = "Metacity"; wmCommand = "${pkgs.gnome.metacity}/bin/metacity"; @@ -67,95 +66,31 @@ in meta = { doc = ./gnome.md; - maintainers = teams.gnome.members; + maintainers = lib.teams.gnome.members; }; - imports = [ - # Added 2021-05-07 - (mkRenamedOptionModule - [ "services" "gnome3" "core-os-services" "enable" ] - [ "services" "gnome" "core-os-services" "enable" ] - ) - (mkRenamedOptionModule - [ "services" "gnome3" "core-shell" "enable" ] - [ "services" "gnome" "core-shell" "enable" ] - ) - (mkRenamedOptionModule - [ "services" "gnome3" "core-utilities" "enable" ] - [ "services" "gnome" "core-utilities" "enable" ] - ) - (mkRenamedOptionModule - [ "services" "gnome3" "core-developer-tools" "enable" ] - [ "services" "gnome" "core-developer-tools" "enable" ] - ) - (mkRenamedOptionModule - [ "services" "gnome3" "games" "enable" ] - [ "services" "gnome" "games" "enable" ] - ) - (mkRenamedOptionModule - [ "services" "gnome3" "experimental-features" "realtime-scheduling" ] - [ "services" "gnome" "experimental-features" "realtime-scheduling" ] - ) - (mkRenamedOptionModule - [ "services" "xserver" "desktopManager" "gnome3" "enable" ] - [ "services" "xserver" "desktopManager" "gnome" "enable" ] - ) - (mkRenamedOptionModule - [ "services" "xserver" "desktopManager" "gnome3" "sessionPath" ] - [ "services" "xserver" "desktopManager" "gnome" "sessionPath" ] - ) - (mkRenamedOptionModule - [ "services" "xserver" "desktopManager" "gnome3" "favoriteAppsOverride" ] - [ "services" "xserver" "desktopManager" "gnome" "favoriteAppsOverride" ] - ) - (mkRenamedOptionModule - [ "services" "xserver" "desktopManager" "gnome3" "extraGSettingsOverrides" ] - [ "services" "xserver" "desktopManager" "gnome" "extraGSettingsOverrides" ] - ) - (mkRenamedOptionModule - [ "services" "xserver" "desktopManager" "gnome3" "extraGSettingsOverridePackages" ] - [ "services" "xserver" "desktopManager" "gnome" "extraGSettingsOverridePackages" ] - ) - (mkRenamedOptionModule - [ "services" "xserver" "desktopManager" "gnome3" "debug" ] - [ "services" "xserver" "desktopManager" "gnome" "debug" ] - ) - (mkRenamedOptionModule - [ "services" "xserver" "desktopManager" "gnome3" "flashback" ] - [ "services" "xserver" "desktopManager" "gnome" "flashback" ] - ) - (mkRenamedOptionModule - [ "environment" "gnome3" "excludePackages" ] - [ "environment" "gnome" "excludePackages" ] - ) - (mkRemovedOptionModule - [ "services" "gnome" "experimental-features" "realtime-scheduling" ] - "Set `security.rtkit.enable = true;` to make realtime scheduling possible. (Still needs to be enabled using GSettings.)" - ) - ]; - options = { services.gnome = { - core-os-services.enable = mkEnableOption (lib.mdDoc "essential services for GNOME3"); - core-shell.enable = mkEnableOption (lib.mdDoc "GNOME Shell services"); - core-utilities.enable = mkEnableOption (lib.mdDoc "GNOME core utilities"); - core-developer-tools.enable = mkEnableOption (lib.mdDoc "GNOME core developer tools"); - games.enable = mkEnableOption (lib.mdDoc "GNOME games"); + core-os-services.enable = mkEnableOption "essential services for GNOME3"; + core-shell.enable = mkEnableOption "GNOME Shell services"; + core-utilities.enable = mkEnableOption "GNOME core utilities"; + core-developer-tools.enable = mkEnableOption "GNOME core developer tools"; + games.enable = mkEnableOption "GNOME games"; }; services.xserver.desktopManager.gnome = { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable GNOME desktop manager."; + description = "Enable GNOME desktop manager."; }; sessionPath = mkOption { default = []; type = types.listOf types.package; example = literalExpression "[ pkgs.gnome.gpaste ]"; - description = lib.mdDoc '' + description = '' Additional list of packages to be added to the session search path. Useful for GNOME Shell extensions or GSettings-conditional autostart. @@ -173,44 +108,44 @@ in favorite-apps=[ 'firefox.desktop', 'org.gnome.Calendar.desktop' ] ''' ''; - description = lib.mdDoc "List of desktop files to put as favorite apps into gnome-shell. These need to be installed somehow globally."; + description = "List of desktop files to put as favorite apps into gnome-shell. These need to be installed somehow globally."; }; extraGSettingsOverrides = mkOption { default = ""; type = types.lines; - description = lib.mdDoc "Additional gsettings overrides."; + description = "Additional gsettings overrides."; }; extraGSettingsOverridePackages = mkOption { default = []; type = types.listOf types.path; - description = lib.mdDoc "List of packages for which gsettings are overridden."; + description = "List of packages for which gsettings are overridden."; }; - debug = mkEnableOption (lib.mdDoc "gnome-session debug messages"); + debug = mkEnableOption "gnome-session debug messages"; flashback = { - enableMetacity = mkEnableOption (lib.mdDoc "the standard GNOME Flashback session with Metacity"); + enableMetacity = mkEnableOption "the standard GNOME Flashback session with Metacity"; customSessions = mkOption { type = types.listOf (types.submodule { options = { wmName = mkOption { type = types.strMatching "[a-zA-Z0-9_-]+"; - description = lib.mdDoc "A unique identifier for the window manager."; + description = "A unique identifier for the window manager."; example = "xmonad"; }; wmLabel = mkOption { type = types.str; - description = lib.mdDoc "The name of the window manager to show in the session chooser."; + description = "The name of the window manager to show in the session chooser."; example = "XMonad"; }; wmCommand = mkOption { type = types.str; - description = lib.mdDoc "The executable of the window manager to use."; + description = "The executable of the window manager to use."; example = literalExpression ''"''${pkgs.haskellPackages.xmonad}/bin/xmonad"''; }; @@ -218,19 +153,19 @@ in type = types.bool; default = true; example = false; - description = lib.mdDoc "Whether to enable the GNOME panel in this session."; + description = "Whether to enable the GNOME panel in this session."; }; }; }); default = []; - description = lib.mdDoc "Other GNOME Flashback sessions to enable."; + description = "Other GNOME Flashback sessions to enable."; }; panelModulePackages = mkOption { default = [ pkgs.gnome.gnome-applets ]; defaultText = literalExpression "[ pkgs.gnome.gnome-applets ]"; type = types.listOf types.package; - description = lib.mdDoc '' + description = '' Packages containing modules that should be made available to `gnome-panel` (usually for applets). If you're packaging something to use here, please install the modules in `$out/lib/gnome-panel/modules`. @@ -243,13 +178,13 @@ in default = []; example = literalExpression "[ pkgs.gnome.totem ]"; type = types.listOf types.package; - description = lib.mdDoc "Which packages gnome should exclude from the default environment"; + description = "Which packages gnome should exclude from the default environment"; }; }; - config = mkMerge [ - (mkIf (cfg.enable || flashbackEnabled) { + config = lib.mkMerge [ + (lib.mkIf (cfg.enable || flashbackEnabled) { # Seed our configuration into nixos-generate-config system.nixos-generate-config.desktopConfiguration = ['' # Enable the GNOME Desktop Environment. @@ -261,10 +196,10 @@ in services.gnome.core-shell.enable = true; services.gnome.core-utilities.enable = mkDefault true; - services.xserver.displayManager.sessionPackages = [ pkgs.gnome.gnome-session.sessions ]; + services.displayManager.sessionPackages = [ pkgs.gnome.gnome-session.sessions ]; environment.extraInit = '' - ${concatMapStrings (p: '' + ${lib.concatMapStrings (p: '' if [ -d "${p}/share/gsettings-schemas/${p.name}" ]; then export XDG_DATA_DIRS=$XDG_DATA_DIRS''${XDG_DATA_DIRS:+:}${p}/share/gsettings-schemas/${p.name} fi @@ -278,19 +213,19 @@ in environment.systemPackages = cfg.sessionPath; - environment.sessionVariables.GNOME_SESSION_DEBUG = mkIf cfg.debug "1"; + environment.sessionVariables.GNOME_SESSION_DEBUG = lib.mkIf cfg.debug "1"; # Override GSettings schemas environment.sessionVariables.NIX_GSETTINGS_OVERRIDES_DIR = "${nixos-gsettings-desktop-schemas}/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas"; }) - (mkIf flashbackEnabled { - services.xserver.displayManager.sessionPackages = + (lib.mkIf flashbackEnabled { + services.displayManager.sessionPackages = let wmNames = map (wm: wm.wmName) flashbackWms; namesAreUnique = lib.unique wmNames == wmNames; in - assert (assertMsg namesAreUnique "Flashback WM names must be unique."); + assert (lib.assertMsg namesAreUnique "Flashback WM names must be unique."); map (wm: pkgs.gnome.gnome-flashback.mkSessionForWm { @@ -318,7 +253,7 @@ in ++ (map (wm: gnome-flashback.mkGnomeSession { inherit (wm) wmName wmLabel enableGnomePanel; }) flashbackWms); }) - (mkIf serviceCfg.core-os-services.enable { + (lib.mkIf serviceCfg.core-os-services.enable { hardware.bluetooth.enable = mkDefault true; hardware.pulseaudio.enable = mkDefault true; programs.dconf.enable = true; @@ -339,7 +274,7 @@ in # services.packagekit.enable = mkDefault true; services.udisks2.enable = true; services.upower.enable = config.powerManagement.enable; - services.xserver.libinput.enable = mkDefault true; # for controlling touchpad settings via gnome control center + services.libinput.enable = mkDefault true; # for controlling touchpad settings via gnome control center # Explicitly enabled since GNOME will be severely broken without these. xdg.mime.enable = true; @@ -371,7 +306,7 @@ in ]; }) - (mkIf serviceCfg.core-shell.enable { + (lib.mkIf serviceCfg.core-shell.enable { services.xserver.desktopManager.gnome.sessionPath = let mandatoryPackages = [ @@ -393,7 +328,7 @@ in services.gnome.gnome-user-share.enable = mkDefault true; services.gnome.rygel.enable = mkDefault true; services.gvfs.enable = true; - services.system-config-printer.enable = (mkIf config.services.printing.enable (mkDefault true)); + services.system-config-printer.enable = (lib.mkIf config.services.printing.enable (mkDefault true)); systemd.packages = with pkgs.gnome; [ gnome-session @@ -463,7 +398,7 @@ in }) # Adapt from https://gitlab.gnome.org/GNOME/gnome-build-meta/-/blob/gnome-45/elements/core/meta-gnome-core-utilities.bst - (mkIf serviceCfg.core-utilities.enable { + (lib.mkIf serviceCfg.core-utilities.enable { environment.systemPackages = with pkgs.gnome; utils.removePackagesByName @@ -524,7 +459,7 @@ in ]; }) - (mkIf serviceCfg.games.enable { + (lib.mkIf serviceCfg.games.enable { environment.systemPackages = with pkgs.gnome; utils.removePackagesByName [ aisleriot atomix @@ -550,7 +485,7 @@ in }) # Adapt from https://gitlab.gnome.org/GNOME/gnome-build-meta/-/blob/3.38.0/elements/core/meta-gnome-core-developer-tools.bst - (mkIf serviceCfg.core-developer-tools.enable { + (lib.mkIf serviceCfg.core-developer-tools.enable { environment.systemPackages = with pkgs.gnome; utils.removePackagesByName [ dconf-editor devhelp diff --git a/nixpkgs/nixos/modules/services/x11/desktop-managers/kodi.nix b/nixpkgs/nixos/modules/services/x11/desktop-managers/kodi.nix index 452f571d49e6..b7c0af210b14 100644 --- a/nixpkgs/nixos/modules/services/x11/desktop-managers/kodi.nix +++ b/nixpkgs/nixos/modules/services/x11/desktop-managers/kodi.nix @@ -12,7 +12,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable the kodi multimedia center."; + description = "Enable the kodi multimedia center."; }; package = mkPackageOption pkgs "kodi" { diff --git a/nixpkgs/nixos/modules/services/x11/desktop-managers/lumina.nix b/nixpkgs/nixos/modules/services/x11/desktop-managers/lumina.nix index 7b694106bf7e..72411e8fcb5e 100644 --- a/nixpkgs/nixos/modules/services/x11/desktop-managers/lumina.nix +++ b/nixpkgs/nixos/modules/services/x11/desktop-managers/lumina.nix @@ -19,7 +19,7 @@ in services.xserver.desktopManager.lumina.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable the Lumina desktop manager"; + description = "Enable the Lumina desktop manager"; }; }; @@ -27,7 +27,7 @@ in config = mkIf cfg.enable { - services.xserver.displayManager.sessionPackages = [ + services.displayManager.sessionPackages = [ pkgs.lumina.lumina ]; diff --git a/nixpkgs/nixos/modules/services/x11/desktop-managers/lxqt.nix b/nixpkgs/nixos/modules/services/x11/desktop-managers/lxqt.nix index 3d02deba6fc7..ac86c385bcc8 100644 --- a/nixpkgs/nixos/modules/services/x11/desktop-managers/lxqt.nix +++ b/nixpkgs/nixos/modules/services/x11/desktop-managers/lxqt.nix @@ -18,14 +18,14 @@ in services.xserver.desktopManager.lxqt.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable the LXQt desktop manager"; + description = "Enable the LXQt desktop manager"; }; environment.lxqt.excludePackages = mkOption { default = []; example = literalExpression "[ pkgs.lxqt.qterminal ]"; type = types.listOf types.package; - description = lib.mdDoc "Which LXQt packages to exclude from the default environment"; + description = "Which LXQt packages to exclude from the default environment"; }; }; @@ -69,9 +69,9 @@ in services.upower.enable = config.powerManagement.enable; - services.xserver.libinput.enable = mkDefault true; + services.libinput.enable = mkDefault true; - xdg.portal.lxqt.enable = true; + xdg.portal.lxqt.enable = mkDefault true; # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050804 xdg.portal.config.lxqt.default = mkDefault [ "lxqt" "gtk" ]; diff --git a/nixpkgs/nixos/modules/services/x11/desktop-managers/mate.nix b/nixpkgs/nixos/modules/services/x11/desktop-managers/mate.nix index 957eac7848e7..beae07b70dbf 100644 --- a/nixpkgs/nixos/modules/services/x11/desktop-managers/mate.nix +++ b/nixpkgs/nixos/modules/services/x11/desktop-managers/mate.nix @@ -16,40 +16,40 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable the MATE desktop environment"; + description = "Enable the MATE desktop environment"; }; - debug = mkEnableOption (lib.mdDoc "mate-session debug messages"); + debug = mkEnableOption "mate-session debug messages"; extraPanelApplets = mkOption { default = [ ]; example = literalExpression "with pkgs.mate; [ mate-applets ]"; type = types.listOf types.package; - description = lib.mdDoc "Extra applets to add to mate-panel."; + description = "Extra applets to add to mate-panel."; }; extraCajaExtensions = mkOption { default = [ ]; example = lib.literalExpression "with pkgs.mate; [ caja-extensions ]"; type = types.listOf types.package; - description = lib.mdDoc "Extra extensions to add to caja."; + description = "Extra extensions to add to caja."; }; - enableWaylandSession = mkEnableOption (lib.mdDoc "MATE Wayland session"); + enableWaylandSession = mkEnableOption "MATE Wayland session"; }; environment.mate.excludePackages = mkOption { default = []; example = literalExpression "[ pkgs.mate.mate-terminal pkgs.mate.pluma ]"; type = types.listOf types.package; - description = lib.mdDoc "Which MATE packages to exclude from the default environment"; + description = "Which MATE packages to exclude from the default environment"; }; }; config = mkMerge [ (mkIf (cfg.enable || cfg.enableWaylandSession) { - services.xserver.displayManager.sessionPackages = [ + services.displayManager.sessionPackages = [ pkgs.mate.mate-session-manager ]; @@ -88,7 +88,7 @@ in services.udev.packages = [ pkgs.mate.mate-settings-daemon ]; services.gvfs.enable = true; services.upower.enable = config.powerManagement.enable; - services.xserver.libinput.enable = mkDefault true; + services.libinput.enable = mkDefault true; security.pam.services.mate-screensaver.unixAuth = true; @@ -103,7 +103,7 @@ in environment.sessionVariables.NIX_GSETTINGS_OVERRIDES_DIR = "${pkgs.mate.mate-gsettings-overrides}/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas"; environment.systemPackages = [ pkgs.mate.mate-wayland-session ]; - services.xserver.displayManager.sessionPackages = [ pkgs.mate.mate-wayland-session ]; + services.displayManager.sessionPackages = [ pkgs.mate.mate-wayland-session ]; }) ]; } diff --git a/nixpkgs/nixos/modules/services/x11/desktop-managers/none.nix b/nixpkgs/nixos/modules/services/x11/desktop-managers/none.nix index 074b729cc3f3..f5b5e3104101 100644 --- a/nixpkgs/nixos/modules/services/x11/desktop-managers/none.nix +++ b/nixpkgs/nixos/modules/services/x11/desktop-managers/none.nix @@ -8,7 +8,7 @@ in services.xserver.desktopManager.runXdgAutostartIfNone = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to run XDG autostart files for sessions without a desktop manager (with only a window manager), these sessions usually don't handle XDG autostart files by default. diff --git a/nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix b/nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix index 59bc142eeb7f..008bc65eb6a4 100644 --- a/nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix +++ b/nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix @@ -12,6 +12,7 @@ let extraGSettingsOverrides = cfg.extraGSettingsOverrides; }; + notExcluded = pkg: (!(lib.elem pkg config.environment.pantheon.excludePackages)); in { @@ -26,10 +27,10 @@ in services.pantheon = { contractor = { - enable = mkEnableOption (lib.mdDoc "contractor, a desktop-wide extension service used by Pantheon"); + enable = mkEnableOption "contractor, a desktop-wide extension service used by Pantheon"; }; - apps.enable = mkEnableOption (lib.mdDoc "Pantheon default applications"); + apps.enable = mkEnableOption "Pantheon default applications"; }; @@ -37,14 +38,14 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable the pantheon desktop manager"; + description = "Enable the pantheon desktop manager"; }; sessionPath = mkOption { default = []; type = types.listOf types.package; example = literalExpression "[ pkgs.gnome.gpaste ]"; - description = lib.mdDoc '' + description = '' Additional list of packages to be added to the session search path. Useful for GSettings-conditional autostart. @@ -55,28 +56,28 @@ in extraWingpanelIndicators = mkOption { default = null; type = with types; nullOr (listOf package); - description = lib.mdDoc "Indicators to add to Wingpanel."; + description = "Indicators to add to Wingpanel."; }; extraSwitchboardPlugs = mkOption { default = null; type = with types; nullOr (listOf package); - description = lib.mdDoc "Plugs to add to Switchboard."; + description = "Plugs to add to Switchboard."; }; extraGSettingsOverrides = mkOption { default = ""; type = types.lines; - description = lib.mdDoc "Additional gsettings overrides."; + description = "Additional gsettings overrides."; }; extraGSettingsOverridePackages = mkOption { default = []; type = types.listOf types.path; - description = lib.mdDoc "List of packages for which gsettings are overridden."; + description = "List of packages for which gsettings are overridden."; }; - debug = mkEnableOption (lib.mdDoc "gnome-session debug messages"); + debug = mkEnableOption "gnome-session debug messages"; }; @@ -84,7 +85,7 @@ in default = []; example = literalExpression "[ pkgs.pantheon.elementary-camera ]"; type = types.listOf types.package; - description = lib.mdDoc "Which packages pantheon should exclude from the default environment"; + description = "Which packages pantheon should exclude from the default environment"; }; }; @@ -96,7 +97,7 @@ in pkgs.pantheon.pantheon-agent-geoclue2 ] config.environment.pantheon.excludePackages; - services.xserver.displayManager.sessionPackages = [ pkgs.pantheon.elementary-session-settings ]; + services.displayManager.sessionPackages = [ pkgs.pantheon.elementary-session-settings ]; # Ensure lightdm is used when Pantheon is enabled # Without it screen locking will be nonfunctional because of the use of lightlocker @@ -109,7 +110,7 @@ in # Without this, elementary LightDM greeter will pre-select non-existent `default` session # https://github.com/elementary/greeter/issues/368 - services.xserver.displayManager.defaultSession = mkDefault "pantheon"; + services.displayManager.defaultSession = mkDefault "pantheon"; services.xserver.displayManager.sessionCommands = '' if test "$XDG_CURRENT_DESKTOP" = "Pantheon"; then @@ -158,7 +159,7 @@ in services.gsignond.plugins = with pkgs.gsignondPlugins; [ lastfm mail oauth ]; services.udisks2.enable = true; services.upower.enable = config.powerManagement.enable; - services.xserver.libinput.enable = mkDefault true; + services.libinput.enable = mkDefault true; services.xserver.updateDbusEnvironment = true; services.zeitgeist.enable = mkDefault true; services.geoclue2.enable = mkDefault true; @@ -174,12 +175,22 @@ in # https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/1443 pkgs.pantheon.mutter ]; - systemd.packages = [ - pkgs.pantheon.gnome-settings-daemon + systemd.packages = with pkgs; [ + gnome.gnome-session + pantheon.gala + pantheon.gnome-settings-daemon + pantheon.elementary-session-settings ]; programs.dconf.enable = true; networking.networkmanager.enable = mkDefault true; + systemd.user.targets."gnome-session-x11-services".wants = [ + "org.gnome.SettingsDaemon.XSettings.service" + ]; + systemd.user.targets."gnome-session-x11-services-ready".wants = [ + "org.gnome.SettingsDaemon.XSettings.service" + ]; + # Global environment environment.systemPackages = (with pkgs.pantheon; [ elementary-session-settings @@ -278,8 +289,8 @@ in }) (mkIf serviceCfg.apps.enable { - programs.evince.enable = mkDefault true; - programs.file-roller.enable = mkDefault true; + programs.evince.enable = mkDefault (notExcluded pkgs.gnome.evince); + programs.file-roller.enable = mkDefault (notExcluded pkgs.gnome.file-roller); environment.systemPackages = utils.removePackagesByName ([ pkgs.gnome.gnome-font-viewer diff --git a/nixpkgs/nixos/modules/services/x11/desktop-managers/phosh.nix b/nixpkgs/nixos/modules/services/x11/desktop-managers/phosh.nix index 75e02130addc..e8494b2c017c 100644 --- a/nixpkgs/nixos/modules/services/x11/desktop-managers/phosh.nix +++ b/nixpkgs/nixos/modules/services/x11/desktop-managers/phosh.nix @@ -24,7 +24,7 @@ let phocConfigType = types.submodule { options = { xwayland = mkOption { - description = lib.mdDoc '' + description = '' Whether to enable XWayland support. To start XWayland immediately, use `immediate`. @@ -33,14 +33,14 @@ let default = "false"; }; cursorTheme = mkOption { - description = lib.mdDoc '' + description = '' Cursor theme to use in Phosh. ''; type = types.str; default = "default"; }; outputs = mkOption { - description = lib.mdDoc '' + description = '' Output configurations. ''; type = types.attrsOf phocOutputType; @@ -56,7 +56,7 @@ let phocOutputType = types.submodule { options = { modeline = mkOption { - description = lib.mdDoc '' + description = '' One or more modelines. ''; type = types.either types.str (types.listOf types.str); @@ -67,7 +67,7 @@ let ]; }; mode = mkOption { - description = lib.mdDoc '' + description = '' Default video mode. ''; type = types.nullOr types.str; @@ -75,7 +75,7 @@ let example = "768x1024"; }; scale = mkOption { - description = lib.mdDoc '' + description = '' Display scaling factor. ''; type = types.nullOr ( @@ -89,7 +89,7 @@ let example = 2; }; rotate = mkOption { - description = lib.mdDoc '' + description = '' Screen transformation. ''; type = types.enum [ @@ -132,25 +132,25 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable the Phone Shell."; + description = "Enable the Phone Shell."; }; package = mkPackageOption pkgs "phosh" { }; user = mkOption { - description = lib.mdDoc "The user to run the Phosh service."; + description = "The user to run the Phosh service."; type = types.str; example = "alice"; }; group = mkOption { - description = lib.mdDoc "The group to run the Phosh service."; + description = "The group to run the Phosh service."; type = types.str; example = "users"; }; phocConfig = mkOption { - description = lib.mdDoc '' + description = '' Configurations for the Phoc compositor. ''; type = types.oneOf [ types.lines types.path phocConfigType ]; @@ -220,7 +220,7 @@ in services.gnome.core-shell.enable = true; services.gnome.core-os-services.enable = true; - services.xserver.displayManager.sessionPackages = [ cfg.package ]; + services.displayManager.sessionPackages = [ cfg.package ]; environment.etc."phosh/phoc.ini".source = if builtins.isPath cfg.phocConfig then cfg.phocConfig diff --git a/nixpkgs/nixos/modules/services/x11/desktop-managers/plasma5.nix b/nixpkgs/nixos/modules/services/x11/desktop-managers/plasma5.nix index f516a29fb5db..7d80b9b2641c 100644 --- a/nixpkgs/nixos/modules/services/x11/desktop-managers/plasma5.nix +++ b/nixpkgs/nixos/modules/services/x11/desktop-managers/plasma5.nix @@ -84,24 +84,24 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable the Plasma 5 (KDE 5) desktop environment."; + description = "Enable the Plasma 5 (KDE 5) desktop environment."; }; phononBackend = mkOption { type = types.enum [ "gstreamer" "vlc" ]; default = "vlc"; example = "gstreamer"; - description = lib.mdDoc "Phonon audio backend to install."; + description = "Phonon audio backend to install."; }; useQtScaling = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable HiDPI scaling in Qt."; + description = "Enable HiDPI scaling in Qt."; }; runUsingSystemd = mkOption { - description = lib.mdDoc "Use systemd to manage the Plasma session"; + description = "Use systemd to manage the Plasma session"; type = types.bool; default = true; }; @@ -128,7 +128,7 @@ in mobile.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable support for running the Plasma Mobile shell. ''; }; @@ -136,7 +136,7 @@ in mobile.installRecommendedSoftware = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Installs software recommended for use with Plasma Mobile, but which is not strictly required for Plasma Mobile to run. ''; @@ -145,13 +145,13 @@ in bigscreen.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable support for running the Plasma Bigscreen session. ''; }; }; environment.plasma5.excludePackages = mkOption { - description = lib.mdDoc "List of default packages to exclude from the configuration"; + description = "List of default packages to exclude from the configuration"; type = types.listOf types.package; default = []; example = literalExpression "[ pkgs.plasma5Packages.oxygen ]"; @@ -348,7 +348,7 @@ in services.system-config-printer.enable = mkIf config.services.printing.enable (mkDefault true); services.udisks2.enable = true; services.upower.enable = config.powerManagement.enable; - services.xserver.libinput.enable = mkDefault true; + services.libinput.enable = mkDefault true; # Extra UDEV rules used by Solid services.udev.packages = [ @@ -357,7 +357,7 @@ in pkgs.media-player-info ]; - services.xserver.displayManager.sddm = { + services.displayManager.sddm = { theme = mkDefault "breeze"; }; @@ -403,16 +403,16 @@ in system.nixos-generate-config.desktopConfiguration = [ '' # Enable the Plasma 5 Desktop Environment. - services.xserver.displayManager.sddm.enable = true; + services.displayManager.sddm.enable = true; services.xserver.desktopManager.plasma5.enable = true; '' ]; - services.xserver.displayManager.sessionPackages = [ pkgs.plasma5Packages.plasma-workspace ]; + services.displayManager.sessionPackages = [ pkgs.plasma5Packages.plasma-workspace ]; # Default to be `plasma` (X11) instead of `plasmawayland`, since plasma wayland currently has # many tiny bugs. # See: https://github.com/NixOS/nixpkgs/issues/143272 - services.xserver.displayManager.defaultSession = mkDefault "plasma"; + services.displayManager.defaultSession = mkDefault "plasma"; environment.systemPackages = with pkgs.plasma5Packages; @@ -538,7 +538,7 @@ in }; }; - services.xserver.displayManager.sessionPackages = [ pkgs.plasma5Packages.plasma-mobile ]; + services.displayManager.sessionPackages = [ pkgs.plasma5Packages.plasma-mobile ]; }) # Plasma Bigscreen @@ -559,7 +559,7 @@ in kdeconnect-kde ]; - services.xserver.displayManager.sessionPackages = [ pkgs.plasma5Packages.plasma-bigscreen ]; + services.displayManager.sessionPackages = [ pkgs.plasma5Packages.plasma-bigscreen ]; # required for plasma-remotecontrollers to work correctly hardware.uinput.enable = true; diff --git a/nixpkgs/nixos/modules/services/x11/desktop-managers/retroarch.nix b/nixpkgs/nixos/modules/services/x11/desktop-managers/retroarch.nix index 9db637191b54..3ee7b7795f6c 100644 --- a/nixpkgs/nixos/modules/services/x11/desktop-managers/retroarch.nix +++ b/nixpkgs/nixos/modules/services/x11/desktop-managers/retroarch.nix @@ -6,7 +6,7 @@ let cfg = config.services.xserver.desktopManager.retroarch; in { options.services.xserver.desktopManager.retroarch = { - enable = mkEnableOption (lib.mdDoc "RetroArch"); + enable = mkEnableOption "RetroArch"; package = mkPackageOption pkgs "retroarch" { example = "retroarch-full"; @@ -16,7 +16,7 @@ in { type = types.listOf types.str; default = [ ]; example = [ "--verbose" "--host" ]; - description = lib.mdDoc "Extra arguments to pass to RetroArch."; + description = "Extra arguments to pass to RetroArch."; }; }; diff --git a/nixpkgs/nixos/modules/services/x11/desktop-managers/surf-display.nix b/nixpkgs/nixos/modules/services/x11/desktop-managers/surf-display.nix index 38ebb9d02b4a..10c4a1d21b0a 100644 --- a/nixpkgs/nixos/modules/services/x11/desktop-managers/surf-display.nix +++ b/nixpkgs/nixos/modules/services/x11/desktop-managers/surf-display.nix @@ -45,21 +45,21 @@ let in { options = { services.xserver.desktopManager.surf-display = { - enable = mkEnableOption (lib.mdDoc "surf-display as a kiosk browser session"); + enable = mkEnableOption "surf-display as a kiosk browser session"; defaultWwwUri = mkOption { type = types.str; default = "${pkgs.surf-display}/share/surf-display/empty-page.html"; defaultText = literalExpression ''"''${pkgs.surf-display}/share/surf-display/empty-page.html"''; example = "https://www.example.com/"; - description = lib.mdDoc "Default URI to display."; + description = "Default URI to display."; }; inactivityInterval = mkOption { type = types.int; default = 300; example = 0; - description = lib.mdDoc '' + description = '' Setting for internal inactivity timer to restart surf-display if the user goes inactive/idle to get a fresh session for the next user of the kiosk. @@ -72,7 +72,7 @@ in { screensaverSettings = mkOption { type = types.separatedString " "; default = ""; - description = lib.mdDoc '' + description = '' Screensaver settings, see `man 1 xset` for possible options. ''; }; @@ -80,7 +80,7 @@ in { pointerButtonMap = mkOption { type = types.str; default = "1 0 0 4 5 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0"; - description = lib.mdDoc '' + description = '' Disable right and middle pointer device click in browser sessions while keeping scrolling wheels' functionality intact. See pointer subcommand on `man xmodmap` for details. @@ -91,7 +91,7 @@ in { type = types.str; default = "yes"; example = "no"; - description = lib.mdDoc "Hide idle mouse pointer."; + description = "Hide idle mouse pointer."; }; extraConfig = mkOption { @@ -111,7 +111,7 @@ in { DISPLAYS['display-host-3']="www_uri=https://www.displayserver.comany.net/display-4/index.html"|res=1280x1024" DISPLAYS['display-host-local-file']="www_uri=file:///usr/share/doc/surf-display/empty-page.html" ''; - description = lib.mdDoc '' + description = '' Extra configuration options to append to `/etc/default/surf-display`. ''; }; @@ -119,7 +119,7 @@ in { }; config = mkIf cfg.enable { - services.xserver.displayManager.sessionPackages = [ + services.displayManager.sessionPackages = [ pkgs.surf-display ]; diff --git a/nixpkgs/nixos/modules/services/x11/desktop-managers/xfce.nix b/nixpkgs/nixos/modules/services/x11/desktop-managers/xfce.nix index 3ba27b201507..85d0d199de3f 100644 --- a/nixpkgs/nixos/modules/services/x11/desktop-managers/xfce.nix +++ b/nixpkgs/nixos/modules/services/x11/desktop-managers/xfce.nix @@ -49,25 +49,25 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable the Xfce desktop environment."; + description = "Enable the Xfce desktop environment."; }; noDesktop = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Don't install XFCE desktop components (xfdesktop and panel)."; + description = "Don't install XFCE desktop components (xfdesktop and panel)."; }; enableXfwm = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Enable the XFWM (default) window manager."; + description = "Enable the XFWM (default) window manager."; }; enableScreensaver = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Enable the XFCE screensaver."; + description = "Enable the XFCE screensaver."; }; }; @@ -75,7 +75,7 @@ in default = []; example = literalExpression "[ pkgs.xfce.xfce4-volumed-pulse ]"; type = types.listOf types.package; - description = lib.mdDoc "Which packages XFCE should exclude from the default environment"; + description = "Which packages XFCE should exclude from the default environment"; }; }; @@ -145,7 +145,7 @@ in services.xserver.desktopManager.session = [{ name = "xfce"; desktopNames = [ "XFCE" ]; - bgSupport = true; + bgSupport = !cfg.noDesktop; start = '' ${pkgs.runtimeShell} ${pkgs.xfce.xfce4-session.xinitrc} & waitPID=$! @@ -164,7 +164,7 @@ in services.gvfs.enable = true; services.tumbler.enable = true; services.system-config-printer.enable = (mkIf config.services.printing.enable (mkDefault true)); - services.xserver.libinput.enable = mkDefault true; # used in xfce4-settings-manager + services.libinput.enable = mkDefault true; # used in xfce4-settings-manager # Enable default programs programs.dconf.enable = true; diff --git a/nixpkgs/nixos/modules/services/x11/desktop-managers/xterm.nix b/nixpkgs/nixos/modules/services/x11/desktop-managers/xterm.nix index 2b439effabe5..3424ee1b0e11 100644 --- a/nixpkgs/nixos/modules/services/x11/desktop-managers/xterm.nix +++ b/nixpkgs/nixos/modules/services/x11/desktop-managers/xterm.nix @@ -16,7 +16,7 @@ in type = types.bool; default = versionOlder config.system.stateVersion "19.09" && xSessionEnabled; defaultText = literalExpression ''versionOlder config.system.stateVersion "19.09" && config.services.xserver.enable;''; - description = lib.mdDoc "Enable a xterm terminal as a desktop manager."; + description = "Enable a xterm terminal as a desktop manager."; }; }; diff --git a/nixpkgs/nixos/modules/services/x11/display-managers/default.nix b/nixpkgs/nixos/modules/services/x11/display-managers/default.nix index 3e2d5780a5cb..87331a6658d3 100644 --- a/nixpkgs/nixos/modules/services/x11/display-managers/default.nix +++ b/nixpkgs/nixos/modules/services/x11/display-managers/default.nix @@ -9,12 +9,10 @@ { config, lib, options, pkgs, ... }: -with lib; - let + inherit (lib) mkOption types literalExpression optionalString; cfg = config.services.xserver; - opt = options.services.xserver; xorg = pkgs.xorg; fontconfig = config.fonts.fontconfig; @@ -40,7 +38,7 @@ let IFS=: for i in $XDG_CURRENT_DESKTOP; do case $i in - KDE|GNOME|X-NIXOS-SYSTEMD-AWARE) echo "1"; exit; ;; + KDE|GNOME|Pantheon|X-NIXOS-SYSTEMD-AWARE) echo "1"; exit; ;; *) ;; esac done @@ -70,14 +68,14 @@ let source ~/.xprofile fi - ${optionalString cfg.displayManager.job.logToJournal '' + ${optionalString config.services.displayManager.logToJournal '' if [ -z "$_DID_SYSTEMD_CAT" ]; then export _DID_SYSTEMD_CAT=1 exec ${config.systemd.package}/bin/systemd-cat -t xsession "$0" "$@" fi ''} - ${optionalString cfg.displayManager.job.logToFile '' + ${optionalString config.services.displayManager.logToFile '' exec &> >(tee ~/.xsession-errors) ''} @@ -92,7 +90,7 @@ let # Import environment variables into the systemd user environment. ${optionalString (cfg.displayManager.importedVariables != []) ( "/run/current-system/systemd/bin/systemctl --user import-environment " - + toString (unique cfg.displayManager.importedVariables) + + toString (lib.unique cfg.displayManager.importedVariables) )} # Speed up application start by 50-150ms according to @@ -130,41 +128,6 @@ let exit 1 fi ''; - - installedSessions = pkgs.runCommand "desktops" - { # trivial derivation - preferLocalBuild = true; - allowSubstitutes = false; - } - '' - mkdir -p "$out/share/"{xsessions,wayland-sessions} - - ${concatMapStrings (pkg: '' - for n in ${concatStringsSep " " pkg.providedSessions}; do - if ! test -f ${pkg}/share/wayland-sessions/$n.desktop -o \ - -f ${pkg}/share/xsessions/$n.desktop; then - echo "Couldn't find provided session name, $n.desktop, in session package ${pkg.name}:" - echo " ${pkg}" - return 1 - fi - done - - if test -d ${pkg}/share/xsessions; then - ${pkgs.buildPackages.xorg.lndir}/bin/lndir ${pkg}/share/xsessions $out/share/xsessions - fi - if test -d ${pkg}/share/wayland-sessions; then - ${pkgs.buildPackages.xorg.lndir}/bin/lndir ${pkg}/share/wayland-sessions $out/share/wayland-sessions - fi - '') cfg.displayManager.sessionPackages} - ''; - - dmDefault = cfg.desktopManager.default; - # fallback default for cases when only default wm is set - dmFallbackDefault = if dmDefault != null then dmDefault else "none"; - wmDefault = cfg.windowManager.default; - - defaultSessionFromLegacyOptions = dmFallbackDefault + optionalString (wmDefault != null && wmDefault != "none") "+${wmDefault}"; - in { @@ -176,25 +139,25 @@ in internal = true; default = "${xorg.xauth}/bin/xauth"; defaultText = literalExpression ''"''${pkgs.xorg.xauth}/bin/xauth"''; - description = lib.mdDoc "Path to the {command}`xauth` program used by display managers."; + description = "Path to the {command}`xauth` program used by display managers."; }; xserverBin = mkOption { type = types.path; - description = lib.mdDoc "Path to the X server used by display managers."; + description = "Path to the X server used by display managers."; }; xserverArgs = mkOption { type = types.listOf types.str; default = []; example = [ "-ac" "-logverbose" "-verbose" "-nolisten tcp" ]; - description = lib.mdDoc "List of arguments for the X server."; + description = "List of arguments for the X server."; }; setupCommands = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Shell commands executed just after the X server has started. This option is only effective for display managers for which this feature @@ -209,41 +172,12 @@ in '' xmessage "Hello World!" & ''; - description = lib.mdDoc '' + description = '' Shell commands executed just before the window or desktop manager is started. These commands are not currently sourced for Wayland sessions. ''; }; - hiddenUsers = mkOption { - type = types.listOf types.str; - default = [ "nobody" ]; - description = lib.mdDoc '' - A list of users which will not be shown in the display manager. - ''; - }; - - sessionPackages = mkOption { - type = with types; listOf (package // { - description = "package with provided sessions"; - check = p: assertMsg - (package.check p && p ? providedSessions - && p.providedSessions != [] && all isString p.providedSessions) - '' - Package, '${p.name}', did not specify any session names, as strings, in - 'passthru.providedSessions'. This is required when used as a session package. - - The session names can be looked up in: - ${p}/share/xsessions - ${p}/share/wayland-sessions - ''; - }); - default = []; - description = lib.mdDoc '' - A list of packages containing x11 or wayland session files to be passed to the display manager. - ''; - }; - session = mkOption { default = []; type = types.listOf types.attrs; @@ -258,7 +192,7 @@ in } ] ''; - description = lib.mdDoc '' + description = '' List of sessions supported with the command used to start each session. Each session script can set the {var}`waitPID` shell variable to make this script @@ -274,159 +208,20 @@ in ''; }; - sessionData = mkOption { - description = lib.mdDoc "Data exported for display managers’ convenience"; - internal = true; - default = {}; - apply = val: { - wrapper = xsessionWrapper; - desktops = installedSessions; - sessionNames = concatMap (p: p.providedSessions) cfg.displayManager.sessionPackages; - # We do not want to force users to set defaultSession when they have only single DE. - autologinSession = - if cfg.displayManager.defaultSession != null then - cfg.displayManager.defaultSession - else if cfg.displayManager.sessionData.sessionNames != [] then - head cfg.displayManager.sessionData.sessionNames - else - null; - }; - }; - - defaultSession = mkOption { - type = with types; nullOr str // { - description = "session name"; - check = d: - assertMsg (d != null -> (str.check d && elem d cfg.displayManager.sessionData.sessionNames)) '' - Default graphical session, '${d}', not found. - Valid names for 'services.xserver.displayManager.defaultSession' are: - ${concatStringsSep "\n " cfg.displayManager.sessionData.sessionNames} - ''; - }; - default = - if dmDefault != null || wmDefault != null then - defaultSessionFromLegacyOptions - else - null; - defaultText = literalMD '' - Taken from display manager settings or window manager settings, if either is set. - ''; - example = "gnome"; - description = lib.mdDoc '' - Graphical session to pre-select in the session chooser (only effective for GDM, LightDM and SDDM). - - On GDM, LightDM and SDDM, it will also be used as a session for auto-login. - ''; - }; - importedVariables = mkOption { type = types.listOf (types.strMatching "[a-zA-Z_][a-zA-Z0-9_]*"); visible = false; - description = lib.mdDoc '' + description = '' Environment variables to import into the systemd user environment. ''; }; - job = { - - preStart = mkOption { - type = types.lines; - default = ""; - example = "rm -f /var/log/my-display-manager.log"; - description = lib.mdDoc "Script executed before the display manager is started."; - }; - - execCmd = mkOption { - type = types.str; - example = literalExpression ''"''${pkgs.lightdm}/bin/lightdm"''; - description = lib.mdDoc "Command to start the display manager."; - }; - - environment = mkOption { - type = types.attrsOf types.unspecified; - default = {}; - description = lib.mdDoc "Additional environment variables needed by the display manager."; - }; - - logToFile = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc '' - Whether the display manager redirects the output of the - session script to {file}`~/.xsession-errors`. - ''; - }; - - logToJournal = mkOption { - type = types.bool; - default = true; - description = lib.mdDoc '' - Whether the display manager redirects the output of the - session script to the systemd journal. - ''; - }; - - }; - - # Configuration for automatic login. Common for all DM. - autoLogin = mkOption { - type = types.submodule ({ config, options, ... }: { - options = { - enable = mkOption { - type = types.bool; - default = config.user != null; - defaultText = literalExpression "config.${options.user} != null"; - description = lib.mdDoc '' - Automatically log in as {option}`autoLogin.user`. - ''; - }; - - user = mkOption { - type = types.nullOr types.str; - default = null; - description = lib.mdDoc '' - User to be used for the automatic login. - ''; - }; - }; - }); - - default = {}; - description = lib.mdDoc '' - Auto login configuration attrset. - ''; - }; - }; }; config = { - assertions = [ - { assertion = cfg.displayManager.autoLogin.enable -> cfg.displayManager.autoLogin.user != null; - message = '' - services.xserver.displayManager.autoLogin.enable requires services.xserver.displayManager.autoLogin.user to be set - ''; - } - { - assertion = cfg.desktopManager.default != null || cfg.windowManager.default != null -> cfg.displayManager.defaultSession == defaultSessionFromLegacyOptions; - message = "You cannot use both services.xserver.displayManager.defaultSession option and legacy options (services.xserver.desktopManager.default and services.xserver.windowManager.default)."; - } - ]; - - warnings = - mkIf (dmDefault != null || wmDefault != null) [ - '' - The following options are deprecated: - ${concatStringsSep "\n " (map ({c, t}: t) (filter ({c, t}: c != null) [ - { c = dmDefault; t = "- services.xserver.desktopManager.default"; } - { c = wmDefault; t = "- services.xserver.windowManager.default"; } - ]))} - Please use - services.xserver.displayManager.defaultSession = "${defaultSessionFromLegacyOptions}"; - instead. - '' - ]; + services.displayManager.sessionData.wrapper = xsessionWrapper; services.xserver.displayManager.xserverBin = "${xorg.xorgserver.out}/bin/X"; @@ -449,10 +244,10 @@ in # Create desktop files and scripts for starting sessions for WMs/DMs # that do not have upstream session files (those defined using services.{display,desktop,window}Manager.session options). - services.xserver.displayManager.sessionPackages = + services.displayManager.sessionPackages = let - dms = filter (s: s.manage == "desktop") cfg.displayManager.session; - wms = filter (s: s.manage == "window") cfg.displayManager.session; + dms = lib.filter (s: s.manage == "desktop") cfg.displayManager.session; + wms = lib.filter (s: s.manage == "window") cfg.displayManager.session; # Script responsible for starting the window manager and the desktop manager. xsession = dm: wm: pkgs.writeScript "xsession" '' @@ -480,16 +275,16 @@ in ''; in # We will generate every possible pair of WM and DM. - concatLists ( - builtins.map + lib.concatLists ( + lib.mapCartesianProduct ({dm, wm}: let sessionName = "${dm.name}${optionalString (wm.name != "none") ("+" + wm.name)}"; script = xsession dm wm; desktopNames = if dm ? desktopNames - then concatStringsSep ";" dm.desktopNames + then lib.concatStringsSep ";" dm.desktopNames else sessionName; in - optional (dm.name != "none" || wm.name != "none") + lib.optional (dm.name != "none" || wm.name != "none") (pkgs.writeTextFile { name = "${sessionName}-xsession"; destination = "/share/xsessions/${sessionName}.desktop"; @@ -509,22 +304,16 @@ in providedSessions = [ sessionName ]; }) ) - (cartesianProductOfSets { dm = dms; wm = wms; }) + { dm = dms; wm = wms; } ); - - # Make xsessions and wayland sessions available in XDG_DATA_DIRS - # as some programs have behavior that depends on them being present - environment.sessionVariables.XDG_DATA_DIRS = lib.mkIf (cfg.displayManager.sessionPackages != [ ]) [ - "${cfg.displayManager.sessionData.desktops}/share" - ]; }; imports = [ - (mkRemovedOptionModule [ "services" "xserver" "displayManager" "desktopManagerHandlesLidAndPower" ] + (lib.mkRemovedOptionModule [ "services" "xserver" "displayManager" "desktopManagerHandlesLidAndPower" ] "The option is no longer necessary because all display managers have already delegated lid management to systemd.") - (mkRenamedOptionModule [ "services" "xserver" "displayManager" "job" "logsXsession" ] [ "services" "xserver" "displayManager" "job" "logToFile" ]) - (mkRenamedOptionModule [ "services" "xserver" "displayManager" "logToJournal" ] [ "services" "xserver" "displayManager" "job" "logToJournal" ]) - (mkRenamedOptionModule [ "services" "xserver" "displayManager" "extraSessionFilesPackages" ] [ "services" "xserver" "displayManager" "sessionPackages" ]) + (lib.mkRenamedOptionModule [ "services" "xserver" "displayManager" "job" "logsXsession" ] [ "services" "displayManager" "logToFile" ]) + (lib.mkRenamedOptionModule [ "services" "xserver" "displayManager" "logToJournal" ] [ "services" "displayManager" "logToJournal" ]) + (lib.mkRenamedOptionModule [ "services" "xserver" "displayManager" "extraSessionFilesPackages" ] [ "services" "displayManager" "sessionPackages" ]) ]; } diff --git a/nixpkgs/nixos/modules/services/x11/display-managers/gdm.nix b/nixpkgs/nixos/modules/services/x11/display-managers/gdm.nix index 400e5601dc59..107a2f164792 100644 --- a/nixpkgs/nixos/modules/services/x11/display-managers/gdm.nix +++ b/nixpkgs/nixos/modules/services/x11/display-managers/gdm.nix @@ -32,7 +32,7 @@ let load-module module-position-event-sounds ''; - defaultSessionName = config.services.xserver.displayManager.defaultSession; + defaultSessionName = config.services.displayManager.defaultSession; setSessionScript = pkgs.callPackage ./account-service-util.nix { }; in @@ -41,14 +41,12 @@ in imports = [ (mkRenamedOptionModule [ "services" "xserver" "displayManager" "gdm" "autoLogin" "enable" ] [ "services" - "xserver" "displayManager" "autoLogin" "enable" ]) (mkRenamedOptionModule [ "services" "xserver" "displayManager" "gdm" "autoLogin" "user" ] [ "services" - "xserver" "displayManager" "autoLogin" "user" @@ -67,15 +65,15 @@ in services.xserver.displayManager.gdm = { - enable = mkEnableOption (lib.mdDoc "GDM, the GNOME Display Manager"); + enable = mkEnableOption "GDM, the GNOME Display Manager"; - debug = mkEnableOption (lib.mdDoc "debugging messages in GDM"); + debug = mkEnableOption "debugging messages in GDM"; # Auto login options specific to GDM autoLogin.delay = mkOption { type = types.int; default = 0; - description = lib.mdDoc '' + description = '' Seconds of inactivity after which the autologin will be performed. ''; }; @@ -83,14 +81,14 @@ in wayland = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Allow GDM to run on Wayland instead of Xserver. ''; }; autoSuspend = mkOption { default = true; - description = lib.mdDoc '' + description = '' On the GNOME Display Manager login screen, suspend the machine after inactivity. (Does not affect automatic suspend while logged in, or at lock screen.) ''; @@ -105,7 +103,7 @@ in bar baz ''; - description = lib.mdDoc '' + description = '' Optional message to display on the login screen. ''; }; @@ -116,7 +114,7 @@ in example = { debug.enable = true; }; - description = lib.mdDoc '' + description = '' Options passed to the gdm daemon. See [here](https://help.gnome.org/admin/gdm/stable/configuration.html.en#daemonconfig) for supported options. ''; @@ -148,14 +146,14 @@ in services.xserver.display = null; services.xserver.verbose = null; - services.xserver.displayManager.job = + services.displayManager = { environment = { GDM_X_SERVER_EXTRA_ARGS = toString (filter (arg: arg != "-terminate") cfg.xserverArgs); XDG_DATA_DIRS = lib.makeSearchPath "share" [ gdm # for gnome-login.session - cfg.sessionData.desktops + config.services.displayManager.sessionData.desktops pkgs.gnome.gnome-control-center # for accessibility icon pkgs.gnome.adwaita-icon-theme pkgs.hicolor-icon-theme # empty icon theme as a base @@ -169,7 +167,7 @@ in execCmd = "exec ${gdm}/bin/gdm"; preStart = optionalString (defaultSessionName != null) '' # Set default session in session chooser to a specified values – basically ignore session history. - ${setSessionScript}/bin/set-session ${cfg.sessionData.autologinSession} + ${setSessionScript}/bin/set-session ${config.services.displayManager.sessionData.autologinSession} ''; }; @@ -265,14 +263,14 @@ in daemon = mkMerge [ { WaylandEnable = cfg.gdm.wayland; } # nested if else didn't work - (mkIf (cfg.autoLogin.enable && cfg.gdm.autoLogin.delay != 0 ) { + (mkIf (config.services.displayManager.autoLogin.enable && cfg.gdm.autoLogin.delay != 0 ) { TimedLoginEnable = true; - TimedLogin = cfg.autoLogin.user; + TimedLogin = config.services.displayManager.autoLogin.user; TimedLoginDelay = cfg.gdm.autoLogin.delay; }) - (mkIf (cfg.autoLogin.enable && cfg.gdm.autoLogin.delay == 0 ) { + (mkIf (config.services.displayManager.autoLogin.enable && cfg.gdm.autoLogin.delay == 0 ) { AutomaticLoginEnable = true; - AutomaticLogin = cfg.autoLogin.user; + AutomaticLogin = config.services.displayManager.autoLogin.user; }) ]; debug = mkIf cfg.gdm.debug { @@ -282,7 +280,7 @@ in environment.etc."gdm/custom.conf".source = configFile; - environment.etc."gdm/Xsession".source = config.services.xserver.displayManager.sessionData.wrapper; + environment.etc."gdm/Xsession".source = config.services.displayManager.sessionData.wrapper; # GDM LFS PAM modules, adapted somehow to NixOS security.pam.services = { diff --git a/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/enso-os.nix b/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/enso-os.nix index 412bcc4091b3..930ee96b384d 100644 --- a/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/enso-os.nix +++ b/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/enso-os.nix @@ -26,7 +26,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable enso-os-greeter as the lightdm greeter ''; }; @@ -36,7 +36,7 @@ in { type = types.package; default = pkgs.gnome.gnome-themes-extra; defaultText = literalExpression "pkgs.gnome.gnome-themes-extra"; - description = lib.mdDoc '' + description = '' The package path that contains the theme given in the name option. ''; }; @@ -44,7 +44,7 @@ in { name = mkOption { type = types.str; default = "Adwaita"; - description = lib.mdDoc '' + description = '' Name of the theme to use for the lightdm-enso-os-greeter ''; }; @@ -55,7 +55,7 @@ in { type = types.package; default = pkgs.papirus-icon-theme; defaultText = literalExpression "pkgs.papirus-icon-theme"; - description = lib.mdDoc '' + description = '' The package path that contains the icon theme given in the name option. ''; }; @@ -63,7 +63,7 @@ in { name = mkOption { type = types.str; default = "ePapirus"; - description = lib.mdDoc '' + description = '' Name of the icon theme to use for the lightdm-enso-os-greeter ''; }; @@ -74,7 +74,7 @@ in { type = types.package; default = pkgs.capitaine-cursors; defaultText = literalExpression "pkgs.capitaine-cursors"; - description = lib.mdDoc '' + description = '' The package path that contains the cursor theme given in the name option. ''; }; @@ -82,7 +82,7 @@ in { name = mkOption { type = types.str; default = "capitane-cursors"; - description = lib.mdDoc '' + description = '' Name of the cursor theme to use for the lightdm-enso-os-greeter ''; }; @@ -91,7 +91,7 @@ in { blur = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether or not to enable blur ''; }; @@ -99,7 +99,7 @@ in { brightness = mkOption { type = types.int; default = 7; - description = lib.mdDoc '' + description = '' Brightness ''; }; @@ -107,7 +107,7 @@ in { extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra configuration that should be put in the greeter.conf configuration file ''; diff --git a/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix b/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix index c050367e74df..30940da103a9 100644 --- a/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix +++ b/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix @@ -38,7 +38,7 @@ in enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable lightdm-gtk-greeter as the lightdm greeter. ''; }; @@ -49,7 +49,7 @@ in type = types.package; default = pkgs.gnome.gnome-themes-extra; defaultText = literalExpression "pkgs.gnome.gnome-themes-extra"; - description = lib.mdDoc '' + description = '' The package path that contains the theme given in the name option. ''; }; @@ -57,7 +57,7 @@ in name = mkOption { type = types.str; default = "Adwaita"; - description = lib.mdDoc '' + description = '' Name of the theme to use for the lightdm-gtk-greeter. ''; }; @@ -70,7 +70,7 @@ in type = types.package; default = pkgs.gnome.adwaita-icon-theme; defaultText = literalExpression "pkgs.gnome.adwaita-icon-theme"; - description = lib.mdDoc '' + description = '' The package path that contains the icon theme given in the name option. ''; }; @@ -78,7 +78,7 @@ in name = mkOption { type = types.str; default = "Adwaita"; - description = lib.mdDoc '' + description = '' Name of the icon theme to use for the lightdm-gtk-greeter. ''; }; @@ -91,7 +91,7 @@ in type = types.package; default = pkgs.gnome.adwaita-icon-theme; defaultText = literalExpression "pkgs.gnome.adwaita-icon-theme"; - description = lib.mdDoc '' + description = '' The package path that contains the cursor theme given in the name option. ''; }; @@ -99,7 +99,7 @@ in name = mkOption { type = types.str; default = "Adwaita"; - description = lib.mdDoc '' + description = '' Name of the cursor theme to use for the lightdm-gtk-greeter. ''; }; @@ -107,7 +107,7 @@ in size = mkOption { type = types.int; default = 16; - description = lib.mdDoc '' + description = '' Size of the cursor theme to use for the lightdm-gtk-greeter. ''; }; @@ -117,7 +117,7 @@ in type = types.nullOr types.str; default = null; example = "%F"; - description = lib.mdDoc '' + description = '' Clock format string (as expected by strftime, e.g. "%H:%M") to use with the lightdm gtk greeter panel. @@ -129,7 +129,7 @@ in type = types.nullOr (types.listOf types.str); default = null; example = [ "~host" "~spacer" "~clock" "~spacer" "~session" "~language" "~a11y" "~power" ]; - description = lib.mdDoc '' + description = '' List of allowed indicator modules to use for the lightdm gtk greeter panel. @@ -145,7 +145,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra configuration that should be put in the lightdm-gtk-greeter.conf configuration file. ''; diff --git a/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/lomiri.nix b/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/lomiri.nix new file mode 100644 index 000000000000..0cc79178358b --- /dev/null +++ b/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/lomiri.nix @@ -0,0 +1,34 @@ +{ config, lib, pkgs, ... }: + +let + + dmcfg = config.services.displayManager; + ldmcfg = config.services.xserver.displayManager.lightdm; + cfg = ldmcfg.greeters.lomiri; + +in +{ + meta.maintainers = lib.teams.lomiri.members; + + options = { + services.xserver.displayManager.lightdm.greeters.lomiri = { + enable = lib.mkEnableOption "lomiri's greeter as the lightdm greeter"; + }; + }; + + config = lib.mkIf (ldmcfg.enable && cfg.enable) { + services.xserver.displayManager.lightdm.greeters.gtk.enable = false; + + services.xserver.displayManager.lightdm.greeter = lib.mkDefault { + package = pkgs.lomiri.lomiri.greeter; + name = "lomiri-greeter"; + }; + + # Greeter needs to be run through its wrapper + # Greeter doesn't work with our set-session.py script, need to set default user-session + services.xserver.displayManager.lightdm.extraSeatDefaults = '' + greeter-wrapper = ${lib.getExe' pkgs.lomiri.lomiri "lomiri-greeter-wrapper"} + user-session = ${dmcfg.defaultSession} + ''; + }; +} diff --git a/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/mini.nix b/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/mini.nix index f4195c4c2dc3..05e21c7211fa 100644 --- a/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/mini.nix +++ b/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/mini.nix @@ -55,19 +55,19 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable lightdm-mini-greeter as the lightdm greeter. Note that this greeter starts only the default X session. You can configure the default X session using - [](#opt-services.xserver.displayManager.defaultSession). + [](#opt-services.displayManager.defaultSession). ''; }; user = mkOption { type = types.str; default = "root"; - description = lib.mdDoc '' + description = '' The user to login as. ''; }; @@ -75,7 +75,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra configuration that should be put in the lightdm-mini-greeter.conf configuration file. ''; diff --git a/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/mobile.nix b/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/mobile.nix index 31cc9b3deaa1..e67d8e1dcb89 100644 --- a/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/mobile.nix +++ b/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/mobile.nix @@ -9,9 +9,8 @@ in { options = { services.xserver.displayManager.lightdm.greeters.mobile = { - enable = mkEnableOption (lib.mdDoc - "lightdm-mobile-greeter as the lightdm greeter" - ); + enable = mkEnableOption + "lightdm-mobile-greeter as the lightdm greeter"; }; }; diff --git a/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/pantheon.nix b/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/pantheon.nix index 10707e001e82..f18e4a914e57 100644 --- a/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/pantheon.nix +++ b/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/pantheon.nix @@ -21,7 +21,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable elementary-greeter as the lightdm greeter. ''; }; diff --git a/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/slick.nix b/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/slick.nix index ee9b4016c8ef..299d3bae5f06 100644 --- a/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/slick.nix +++ b/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/slick.nix @@ -28,14 +28,14 @@ in { options = { services.xserver.displayManager.lightdm.greeters.slick = { - enable = mkEnableOption (lib.mdDoc "lightdm-slick-greeter as the lightdm greeter"); + enable = mkEnableOption "lightdm-slick-greeter as the lightdm greeter"; theme = { package = mkOption { type = types.package; default = pkgs.gnome.gnome-themes-extra; defaultText = literalExpression "pkgs.gnome.gnome-themes-extra"; - description = lib.mdDoc '' + description = '' The package path that contains the theme given in the name option. ''; }; @@ -43,7 +43,7 @@ in name = mkOption { type = types.str; default = "Adwaita"; - description = lib.mdDoc '' + description = '' Name of the theme to use for the lightdm-slick-greeter. ''; }; @@ -54,7 +54,7 @@ in type = types.package; default = pkgs.gnome.adwaita-icon-theme; defaultText = literalExpression "pkgs.gnome.adwaita-icon-theme"; - description = lib.mdDoc '' + description = '' The package path that contains the icon theme given in the name option. ''; }; @@ -62,7 +62,7 @@ in name = mkOption { type = types.str; default = "Adwaita"; - description = lib.mdDoc '' + description = '' Name of the icon theme to use for the lightdm-slick-greeter. ''; }; @@ -73,7 +73,7 @@ in type = types.package; default = pkgs.ubuntu_font_family; defaultText = literalExpression "pkgs.ubuntu_font_family"; - description = lib.mdDoc '' + description = '' The package path that contains the font given in the name option. ''; }; @@ -81,7 +81,7 @@ in name = mkOption { type = types.str; default = "Ubuntu 11"; - description = lib.mdDoc '' + description = '' Name of the font to use. ''; }; @@ -92,7 +92,7 @@ in type = types.package; default = pkgs.gnome.adwaita-icon-theme; defaultText = literalExpression "pkgs.gnome.adwaita-icon-theme"; - description = lib.mdDoc '' + description = '' The package path that contains the cursor theme given in the name option. ''; }; @@ -100,7 +100,7 @@ in name = mkOption { type = types.str; default = "Adwaita"; - description = lib.mdDoc '' + description = '' Name of the cursor theme to use for the lightdm-slick-greeter. ''; }; @@ -108,18 +108,18 @@ in size = mkOption { type = types.int; default = 24; - description = lib.mdDoc '' + description = '' Size of the cursor theme to use for the lightdm-slick-greeter. ''; }; }; - draw-user-backgrounds = mkEnableOption (lib.mdDoc "draw user backgrounds"); + draw-user-backgrounds = mkEnableOption "draw user backgrounds"; extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra configuration that should be put in the lightdm-slick-greeter.conf configuration file. ''; diff --git a/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/tiny.nix b/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/tiny.nix index dede7680ecb3..835cf049e4ee 100644 --- a/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/tiny.nix +++ b/nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/tiny.nix @@ -17,12 +17,12 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable lightdm-tiny-greeter as the lightdm greeter. Note that this greeter starts only the default X session. You can configure the default X session using - [](#opt-services.xserver.displayManager.defaultSession). + [](#opt-services.displayManager.defaultSession). ''; }; @@ -30,7 +30,7 @@ in user = mkOption { type = types.str; default = "Username"; - description = lib.mdDoc '' + description = '' The string to represent the user_text label. ''; }; @@ -38,7 +38,7 @@ in pass = mkOption { type = types.str; default = "Password"; - description = lib.mdDoc '' + description = '' The string to represent the pass_text label. ''; }; @@ -48,7 +48,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Section to describe style and ui. ''; }; @@ -81,7 +81,7 @@ in { assertion = dmcfg.defaultSession != null; message = '' - Please set: services.xserver.displayManager.defaultSession + Please set: services.displayManager.defaultSession ''; } ]; diff --git a/nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix b/nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix index 548d3c5bc46a..25e6c597adcb 100644 --- a/nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix +++ b/nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix @@ -5,9 +5,9 @@ with lib; let xcfg = config.services.xserver; - dmcfg = xcfg.displayManager; + dmcfg = config.services.displayManager; xEnv = config.systemd.services.display-manager.environment; - cfg = dmcfg.lightdm; + cfg = xcfg.displayManager.lightdm; sessionData = dmcfg.sessionData; setSessionScript = pkgs.callPackage ./account-service-util.nix { }; @@ -26,7 +26,7 @@ let else additionalArgs="-logfile /var/log/X.$display.log" fi - exec ${dmcfg.xserverBin} ${toString dmcfg.xserverArgs} $additionalArgs "$@" + exec ${xcfg.displayManager.xserverBin} ${toString xcfg.displayManager.xserverArgs} $additionalArgs "$@" ''; usersConf = writeText "users.conf" @@ -58,10 +58,10 @@ let autologin-user-timeout = ${toString cfg.autoLogin.timeout} autologin-session = ${sessionData.autologinSession} ''} - ${optionalString (dmcfg.setupCommands != "") '' + ${optionalString (xcfg.displayManager.setupCommands != "") '' display-setup-script=${pkgs.writeScript "lightdm-display-setup" '' #!${pkgs.bash}/bin/bash - ${dmcfg.setupCommands} + ${xcfg.displayManager.setupCommands} ''} ''} ${cfg.extraSeatDefaults} @@ -81,19 +81,18 @@ in ./lightdm-greeters/mini.nix ./lightdm-greeters/enso-os.nix ./lightdm-greeters/pantheon.nix + ./lightdm-greeters/lomiri.nix ./lightdm-greeters/tiny.nix ./lightdm-greeters/slick.nix ./lightdm-greeters/mobile.nix (mkRenamedOptionModule [ "services" "xserver" "displayManager" "lightdm" "autoLogin" "enable" ] [ "services" - "xserver" "displayManager" "autoLogin" "enable" ]) (mkRenamedOptionModule [ "services" "xserver" "displayManager" "lightdm" "autoLogin" "user" ] [ "services" - "xserver" "displayManager" "autoLogin" "user" @@ -107,7 +106,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable lightdm as the display manager. ''; }; @@ -116,14 +115,14 @@ in enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' If set to false, run lightdm in greeterless mode. This only works if autologin is enabled and autoLogin.timeout is zero. ''; }; package = mkOption { type = types.package; - description = lib.mdDoc '' + description = '' The LightDM greeter to login via. The package should be a directory containing a .desktop file matching the name in the 'name' option. ''; @@ -131,7 +130,7 @@ in }; name = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The name of a .desktop file in the directory specified in the 'package' option. ''; @@ -144,14 +143,14 @@ in example = '' user-authority-in-system-dir = true ''; - description = lib.mdDoc "Extra lines to append to LightDM section."; + description = "Extra lines to append to LightDM section."; }; background = mkOption { type = types.either types.path (types.strMatching "^#[0-9]\{6\}$"); # Manual cannot depend on packages, we are actually setting the default in config below. defaultText = literalExpression "pkgs.nixos-artwork.wallpapers.simple-dark-gray-bottom.gnomeFilePath"; - description = lib.mdDoc '' + description = '' The background image or color to use. ''; }; @@ -162,14 +161,14 @@ in example = '' greeter-show-manual-login=true ''; - description = lib.mdDoc "Extra lines to append to SeatDefaults section."; + description = "Extra lines to append to SeatDefaults section."; }; # Configuration for automatic login specific to LightDM autoLogin.timeout = mkOption { type = types.int; default = 0; - description = lib.mdDoc '' + description = '' Show the greeter for this many seconds before automatic login occurs. ''; }; @@ -187,7 +186,7 @@ in } { assertion = dmcfg.autoLogin.enable -> sessionData.autologinSession != null; message = '' - LightDM auto-login requires that services.xserver.displayManager.defaultSession is set. + LightDM auto-login requires that services.displayManager.defaultSession is set. ''; } { assertion = !cfg.greeter.enable -> (dmcfg.autoLogin.enable && cfg.autoLogin.timeout == 0); @@ -203,12 +202,12 @@ in # Set default session in session chooser to a specified values – basically ignore session history. # Auto-login is already covered by a config value. - services.xserver.displayManager.job.preStart = optionalString (!dmcfg.autoLogin.enable && dmcfg.defaultSession != null) '' + services.displayManager.preStart = optionalString (!dmcfg.autoLogin.enable && dmcfg.defaultSession != null) '' ${setSessionScript}/bin/set-session ${dmcfg.defaultSession} ''; # setSessionScript needs session-files in XDG_DATA_DIRS - services.xserver.displayManager.job.environment.XDG_DATA_DIRS = "${dmcfg.sessionData.desktops}/share/"; + services.displayManager.environment.XDG_DATA_DIRS = "${dmcfg.sessionData.desktops}/share/"; # setSessionScript wants AccountsService systemd.services.display-manager.wants = [ @@ -216,7 +215,7 @@ in ]; # lightdm relaunches itself via just `lightdm`, so needs to be on the PATH - services.xserver.displayManager.job.execCmd = '' + services.displayManager.execCmd = '' export PATH=${lightdm}/sbin:$PATH exec ${lightdm}/sbin/lightdm ''; diff --git a/nixpkgs/nixos/modules/services/x11/display-managers/startx.nix b/nixpkgs/nixos/modules/services/x11/display-managers/startx.nix index f4bb7a89d03b..a48566ae0684 100644 --- a/nixpkgs/nixos/modules/services/x11/display-managers/startx.nix +++ b/nixpkgs/nixos/modules/services/x11/display-managers/startx.nix @@ -17,7 +17,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the dummy "startx" pseudo-display manager, which allows users to start X manually via the "startx" command from a vt shell. The X server runs under the user's id, not as root. diff --git a/nixpkgs/nixos/modules/services/x11/display-managers/sx.nix b/nixpkgs/nixos/modules/services/x11/display-managers/sx.nix index 6a7fc1a040e7..e30977364300 100644 --- a/nixpkgs/nixos/modules/services/x11/display-managers/sx.nix +++ b/nixpkgs/nixos/modules/services/x11/display-managers/sx.nix @@ -7,8 +7,8 @@ let cfg = config.services.xserver.displayManager.sx; in { options = { services.xserver.displayManager.sx = { - enable = mkEnableOption (lib.mdDoc "sx pseudo-display manager") // { - description = lib.mdDoc '' + enable = mkEnableOption "sx pseudo-display manager" // { + description = '' Whether to enable the "sx" pseudo-display manager, which allows users to start manually via the "sx" command from a vt shell. The X server runs under the user's id, not as root. The user must provide a diff --git a/nixpkgs/nixos/modules/services/x11/display-managers/xpra.nix b/nixpkgs/nixos/modules/services/x11/display-managers/xpra.nix index 3e7c6b01b3e9..b2ed100fc5ab 100644 --- a/nixpkgs/nixos/modules/services/x11/display-managers/xpra.nix +++ b/nixpkgs/nixos/modules/services/x11/display-managers/xpra.nix @@ -16,34 +16,34 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable xpra as display manager."; + description = "Whether to enable xpra as display manager."; }; bindTcp = mkOption { default = "127.0.0.1:10000"; example = "0.0.0.0:10000"; type = types.nullOr types.str; - description = lib.mdDoc "Bind xpra to TCP"; + description = "Bind xpra to TCP"; }; desktop = mkOption { type = types.nullOr types.str; default = null; example = "gnome-shell"; - description = lib.mdDoc "Start a desktop environment instead of seamless mode"; + description = "Start a desktop environment instead of seamless mode"; }; auth = mkOption { type = types.str; default = "pam"; example = "password:value=mysecret"; - description = lib.mdDoc "Authentication to use when connecting to xpra"; + description = "Authentication to use when connecting to xpra"; }; - pulseaudio = mkEnableOption (lib.mdDoc "pulseaudio audio streaming"); + pulseaudio = mkEnableOption "pulseaudio audio streaming"; extraOptions = mkOption { - description = lib.mdDoc "Extra xpra options"; + description = "Extra xpra options"; default = []; type = types.listOf types.str; }; @@ -226,7 +226,7 @@ in VideoRam 192000 ''; - services.xserver.displayManager.job.execCmd = '' + services.displayManager.execCmd = '' ${optionalString (cfg.pulseaudio) "export PULSE_COOKIE=/run/pulse/.config/pulse/cookie"} exec ${pkgs.xpra}/bin/xpra ${if cfg.desktop == null then "start" else "start-desktop --start=${cfg.desktop}"} \ diff --git a/nixpkgs/nixos/modules/services/x11/extra-layouts.nix b/nixpkgs/nixos/modules/services/x11/extra-layouts.nix index ab7e39739eeb..758abc5750cb 100644 --- a/nixpkgs/nixos/modules/services/x11/extra-layouts.nix +++ b/nixpkgs/nixos/modules/services/x11/extra-layouts.nix @@ -9,13 +9,12 @@ let options = { description = mkOption { type = types.str; - description = lib.mdDoc "A short description of the layout."; + description = "A short description of the layout."; }; languages = mkOption { type = types.listOf types.str; - description = - lib.mdDoc '' + description = '' A list of languages provided by the layout. (Use ISO 639-2 codes, for example: "eng" for english) ''; @@ -24,7 +23,7 @@ let compatFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' The path to the xkb compat file. This file sets the compatibility state, used to preserve compatibility with xkb-unaware programs. @@ -35,7 +34,7 @@ let geometryFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' The path to the xkb geometry file. This (completely optional) file describes the physical layout of keyboard, which maybe be used by programs to depict it. @@ -46,7 +45,7 @@ let keycodesFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' The path to the xkb keycodes file. This file specifies the range and the interpretation of the raw keycodes sent by the keyboard. @@ -57,7 +56,7 @@ let symbolsFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' The path to the xkb symbols file. This is the most important file: it defines which symbol or action maps to each key and must contain a @@ -68,7 +67,7 @@ let typesFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' The path to the xkb types file. This file specifies the key types that can be associated with the various keyboard keys. @@ -111,7 +110,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' Extra custom layouts that will be included in the xkb configuration. Information on how to create a new layout can be found here: <https://www.x.org/releases/current/doc/xorg-docs/input/XKB-Enhancing.html#Defining_New_Layouts>. diff --git a/nixpkgs/nixos/modules/services/x11/fractalart.nix b/nixpkgs/nixos/modules/services/x11/fractalart.nix index f7fc1ec96228..448248a58794 100644 --- a/nixpkgs/nixos/modules/services/x11/fractalart.nix +++ b/nixpkgs/nixos/modules/services/x11/fractalart.nix @@ -8,21 +8,21 @@ in { type = types.bool; default = false; example = true; - description = lib.mdDoc "Enable FractalArt for generating colorful wallpapers on login"; + description = "Enable FractalArt for generating colorful wallpapers on login"; }; width = mkOption { type = types.nullOr types.int; default = null; example = 1920; - description = lib.mdDoc "Screen width"; + description = "Screen width"; }; height = mkOption { type = types.nullOr types.int; default = null; example = 1080; - description = lib.mdDoc "Screen height"; + description = "Screen height"; }; }; diff --git a/nixpkgs/nixos/modules/services/x11/gdk-pixbuf.nix b/nixpkgs/nixos/modules/services/x11/gdk-pixbuf.nix index 9c088e4cc423..9e89d9f96c4a 100644 --- a/nixpkgs/nixos/modules/services/x11/gdk-pixbuf.nix +++ b/nixpkgs/nixos/modules/services/x11/gdk-pixbuf.nix @@ -13,7 +13,7 @@ in services.xserver.gdk-pixbuf.modulePackages = lib.mkOption { type = lib.types.listOf lib.types.package; default = [ ]; - description = lib.mdDoc "Packages providing GDK-Pixbuf modules, for cache generation."; + description = "Packages providing GDK-Pixbuf modules, for cache generation."; }; }; diff --git a/nixpkgs/nixos/modules/services/x11/hardware/cmt.nix b/nixpkgs/nixos/modules/services/x11/hardware/cmt.nix index a44221141c3c..53906c5c716f 100644 --- a/nixpkgs/nixos/modules/services/x11/hardware/cmt.nix +++ b/nixpkgs/nixos/modules/services/x11/hardware/cmt.nix @@ -15,12 +15,12 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable chrome multitouch input (cmt). Touchpad drivers that are configured for chromebooks."; + description = "Enable chrome multitouch input (cmt). Touchpad drivers that are configured for chromebooks."; }; models = mkOption { type = types.enum [ "atlas" "banjo" "candy" "caroline" "cave" "celes" "clapper" "cyan" "daisy" "elan" "elm" "enguarde" "eve" "expresso" "falco" "gandof" "glimmer" "gnawty" "heli" "kevin" "kip" "leon" "lulu" "orco" "pbody" "peppy" "pi" "pit" "puppy" "quawks" "rambi" "samus" "snappy" "spring" "squawks" "swanky" "winky" "wolf" "auron_paine" "auron_yuna" "daisy_skate" "nyan_big" "nyan_blaze" "veyron_jaq" "veyron_jerry" "veyron_mighty" "veyron_minnie" "veyron_speedy" ]; example = "banjo"; - description = lib.mdDoc '' + description = '' Which models to enable cmt for. Enter the Code Name for your Chromebook. Code Name can be found at <https://www.chromium.org/chromium-os/developer-information-for-chrome-os-devices>. ''; @@ -46,10 +46,10 @@ in { assertions = [ { - assertion = !config.services.xserver.libinput.enable; + assertion = !config.services.libinput.enable; message = '' cmt and libinput are incompatible, meaning you cannot enable them both. - To use cmt you need to disable libinput with `services.xserver.libinput.enable = false` + To use cmt you need to disable libinput with `services.libinput.enable = false` If you haven't enabled it in configuration.nix, it's enabled by default on a different xserver module. ''; diff --git a/nixpkgs/nixos/modules/services/x11/hardware/digimend.nix b/nixpkgs/nixos/modules/services/x11/hardware/digimend.nix index f82aac41a320..b1b1682f00b2 100644 --- a/nixpkgs/nixos/modules/services/x11/hardware/digimend.nix +++ b/nixpkgs/nixos/modules/services/x11/hardware/digimend.nix @@ -16,7 +16,7 @@ in services.xserver.digimend = { - enable = mkEnableOption (lib.mdDoc "the digimend drivers for Huion/XP-Pen/etc. tablets"); + enable = mkEnableOption "the digimend drivers for Huion/XP-Pen/etc. tablets"; }; diff --git a/nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix b/nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix index 7b45222ac64c..c43fdac6b1ec 100644 --- a/nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix +++ b/nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix @@ -30,15 +30,14 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable touchpad support. Deprecated: Consider services.xserver.libinput.enable."; + description = "Whether to enable touchpad support. Deprecated: Consider services.libinput.enable."; }; dev = mkOption { type = types.nullOr types.str; default = null; example = "/dev/input/event0"; - description = - lib.mdDoc '' + description = '' Path for touchpad device. Set to null to apply to any auto-detected touchpad. ''; @@ -47,73 +46,73 @@ in { accelFactor = mkOption { type = types.nullOr types.str; default = "0.001"; - description = lib.mdDoc "Cursor acceleration (how fast speed increases from minSpeed to maxSpeed)."; + description = "Cursor acceleration (how fast speed increases from minSpeed to maxSpeed)."; }; minSpeed = mkOption { type = types.nullOr types.str; default = "0.6"; - description = lib.mdDoc "Cursor speed factor for precision finger motion."; + description = "Cursor speed factor for precision finger motion."; }; maxSpeed = mkOption { type = types.nullOr types.str; default = "1.0"; - description = lib.mdDoc "Cursor speed factor for highest-speed finger motion."; + description = "Cursor speed factor for highest-speed finger motion."; }; scrollDelta = mkOption { type = types.nullOr types.int; default = null; example = 75; - description = lib.mdDoc "Move distance of the finger for a scroll event."; + description = "Move distance of the finger for a scroll event."; }; twoFingerScroll = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable two-finger drag-scrolling. Overridden by horizTwoFingerScroll and vertTwoFingerScroll."; + description = "Whether to enable two-finger drag-scrolling. Overridden by horizTwoFingerScroll and vertTwoFingerScroll."; }; horizTwoFingerScroll = mkOption { type = types.bool; default = cfg.twoFingerScroll; defaultText = literalExpression "config.${opt.twoFingerScroll}"; - description = lib.mdDoc "Whether to enable horizontal two-finger drag-scrolling."; + description = "Whether to enable horizontal two-finger drag-scrolling."; }; vertTwoFingerScroll = mkOption { type = types.bool; default = cfg.twoFingerScroll; defaultText = literalExpression "config.${opt.twoFingerScroll}"; - description = lib.mdDoc "Whether to enable vertical two-finger drag-scrolling."; + description = "Whether to enable vertical two-finger drag-scrolling."; }; horizEdgeScroll = mkOption { type = types.bool; default = ! cfg.horizTwoFingerScroll; defaultText = literalExpression "! config.${opt.horizTwoFingerScroll}"; - description = lib.mdDoc "Whether to enable horizontal edge drag-scrolling."; + description = "Whether to enable horizontal edge drag-scrolling."; }; vertEdgeScroll = mkOption { type = types.bool; default = ! cfg.vertTwoFingerScroll; defaultText = literalExpression "! config.${opt.vertTwoFingerScroll}"; - description = lib.mdDoc "Whether to enable vertical edge drag-scrolling."; + description = "Whether to enable vertical edge drag-scrolling."; }; tapButtons = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to enable tap buttons."; + description = "Whether to enable tap buttons."; }; buttonsMap = mkOption { type = types.listOf types.int; default = [1 2 3]; example = [1 3 2]; - description = lib.mdDoc "Remap touchpad buttons."; + description = "Remap touchpad buttons."; apply = map toString; }; @@ -121,34 +120,34 @@ in { type = types.listOf types.int; default = [1 2 3]; example = [1 3 2]; - description = lib.mdDoc "Remap several-fingers taps."; + description = "Remap several-fingers taps."; apply = map toString; }; palmDetect = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable palm detection (hardware support required)"; + description = "Whether to enable palm detection (hardware support required)"; }; palmMinWidth = mkOption { type = types.nullOr types.int; default = null; example = 5; - description = lib.mdDoc "Minimum finger width at which touch is considered a palm"; + description = "Minimum finger width at which touch is considered a palm"; }; palmMinZ = mkOption { type = types.nullOr types.int; default = null; example = 20; - description = lib.mdDoc "Minimum finger pressure at which touch is considered a palm"; + description = "Minimum finger pressure at which touch is considered a palm"; }; horizontalScroll = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to enable horizontal scrolling (on touchpad)"; + description = "Whether to enable horizontal scrolling (on touchpad)"; }; additionalOptions = mkOption { @@ -158,7 +157,7 @@ in { Option "RTCornerButton" "2" Option "RBCornerButton" "3" ''; - description = lib.mdDoc '' + description = '' Additional options for synaptics touchpad driver. ''; }; @@ -208,8 +207,8 @@ in { assertions = [ { - assertion = !config.services.xserver.libinput.enable; - message = "Synaptics and libinput are incompatible, you cannot enable both (in services.xserver)."; + assertion = !config.services.libinput.enable; + message = "Synaptics and libinput are incompatible, you cannot enable both."; } ]; diff --git a/nixpkgs/nixos/modules/services/x11/hardware/wacom.nix b/nixpkgs/nixos/modules/services/x11/hardware/wacom.nix index 4994e5c1a2cc..4517788f56d5 100644 --- a/nixpkgs/nixos/modules/services/x11/hardware/wacom.nix +++ b/nixpkgs/nixos/modules/services/x11/hardware/wacom.nix @@ -17,7 +17,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the Wacom touchscreen/digitizer/tablet. If you ever have any issues such as, try switching to terminal (ctrl-alt-F1) and back which will make Xorg reconfigure the device ? diff --git a/nixpkgs/nixos/modules/services/x11/imwheel.nix b/nixpkgs/nixos/modules/services/x11/imwheel.nix index bd2bcb7bcd06..311cbc6f7333 100644 --- a/nixpkgs/nixos/modules/services/x11/imwheel.nix +++ b/nixpkgs/nixos/modules/services/x11/imwheel.nix @@ -6,13 +6,13 @@ in { options = { services.xserver.imwheel = { - enable = mkEnableOption (lib.mdDoc "IMWheel service"); + enable = mkEnableOption "IMWheel service"; extraOptions = mkOption { type = types.listOf types.str; default = [ "--buttons=45" ]; example = [ "--debug" ]; - description = lib.mdDoc '' + description = '' Additional command-line arguments to pass to {command}`imwheel`. ''; @@ -33,7 +33,7 @@ in '''; } ''; - description = lib.mdDoc '' + description = '' Window class translation rules. /etc/X11/imwheelrc is generated based on this config which means this config is global for all users. diff --git a/nixpkgs/nixos/modules/services/x11/picom.nix b/nixpkgs/nixos/modules/services/x11/picom.nix index de0a8f4d5bcd..fe07ab515ef2 100644 --- a/nixpkgs/nixos/modules/services/x11/picom.nix +++ b/nixpkgs/nixos/modules/services/x11/picom.nix @@ -56,7 +56,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether or not to enable Picom as the X.org composite manager. ''; }; @@ -66,7 +66,7 @@ in { fade = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Fade windows in and out. ''; }; @@ -75,7 +75,7 @@ in { type = types.ints.positive; default = 10; example = 5; - description = lib.mdDoc '' + description = '' Time between fade animation step (in ms). ''; }; @@ -84,7 +84,7 @@ in { type = pairOf (types.numbers.between 0.01 1); default = [ 0.028 0.03 ]; example = [ 0.04 0.04 ]; - description = lib.mdDoc '' + description = '' Opacity change between fade steps (in and out). ''; }; @@ -97,7 +97,7 @@ in { "name ~= 'Firefox$'" "focused = 1" ]; - description = lib.mdDoc '' + description = '' List of conditions of windows that should not be faded. See `picom(1)` man page for more examples. ''; @@ -106,7 +106,7 @@ in { shadow = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Draw window shadows. ''; }; @@ -115,7 +115,7 @@ in { type = pairOf types.int; default = [ (-15) (-15) ]; example = [ (-10) (-15) ]; - description = lib.mdDoc '' + description = '' Left and right offset for shadows (in pixels). ''; }; @@ -124,7 +124,7 @@ in { type = types.numbers.between 0 1; default = 0.75; example = 0.8; - description = lib.mdDoc '' + description = '' Window shadows opacity. ''; }; @@ -137,7 +137,7 @@ in { "name ~= 'Firefox$'" "focused = 1" ]; - description = lib.mdDoc '' + description = '' List of conditions of windows that should have no shadow. See `picom(1)` man page for more examples. ''; @@ -147,7 +147,7 @@ in { type = types.numbers.between 0 1; default = 1.0; example = 0.8; - description = lib.mdDoc '' + description = '' Opacity of active windows. ''; }; @@ -156,7 +156,7 @@ in { type = types.numbers.between 0.1 1; default = 1.0; example = 0.8; - description = lib.mdDoc '' + description = '' Opacity of inactive windows. ''; }; @@ -165,7 +165,7 @@ in { type = types.numbers.between 0 1; default = 1.0; example = 0.8; - description = lib.mdDoc '' + description = '' Opacity of dropdown and popup menu. ''; }; @@ -183,7 +183,7 @@ in { } ''; example = {}; - description = lib.mdDoc '' + description = '' Rules for specific window types. ''; }; @@ -195,7 +195,7 @@ in { "95:class_g = 'URxvt' && !_NET_WM_STATE@:32a" "0:_NET_WM_STATE@:32a *= '_NET_WM_STATE_HIDDEN'" ]; - description = lib.mdDoc '' + description = '' Rules that control the opacity of windows, in format PERCENT:PATTERN. ''; }; @@ -203,7 +203,7 @@ in { backend = mkOption { type = types.enum [ "egl" "glx" "xrender" "xr_glx_hybrid" ]; default = "xrender"; - description = lib.mdDoc '' + description = '' Backend to use: `egl`, `glx`, `xrender` or `xr_glx_hybrid`. ''; }; @@ -221,7 +221,7 @@ in { if isBool x then x else warn msg res; - description = lib.mdDoc '' + description = '' Enable vertical synchronization. Chooses the best method (drm, opengl, opengl-oml, opengl-swc, opengl-mswc) automatically. The bool value should be used, the others are just for backwards compatibility. @@ -255,7 +255,7 @@ in { deviation = 5.0; }; ''; - description = lib.mdDoc '' + description = '' Picom settings. Use this option to configure Picom settings not exposed in a NixOS option or to bypass one. For the available options see the CONFIGURATION FILES section at `picom(1)`. diff --git a/nixpkgs/nixos/modules/services/x11/redshift.nix b/nixpkgs/nixos/modules/services/x11/redshift.nix index 80605eb11407..b0b22e678278 100644 --- a/nixpkgs/nixos/modules/services/x11/redshift.nix +++ b/nixpkgs/nixos/modules/services/x11/redshift.nix @@ -29,7 +29,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable Redshift to change your screen's colour temperature depending on the time of day. ''; @@ -39,7 +39,7 @@ in { day = mkOption { type = types.int; default = 5500; - description = lib.mdDoc '' + description = '' Colour temperature to use during the day, between `1000` and `25000` K. ''; @@ -47,7 +47,7 @@ in { night = mkOption { type = types.int; default = 3700; - description = lib.mdDoc '' + description = '' Colour temperature to use at night, between `1000` and `25000` K. ''; @@ -58,7 +58,7 @@ in { day = mkOption { type = types.str; default = "1"; - description = lib.mdDoc '' + description = '' Screen brightness to apply during the day, between `0.1` and `1.0`. ''; @@ -66,7 +66,7 @@ in { night = mkOption { type = types.str; default = "1"; - description = lib.mdDoc '' + description = '' Screen brightness to apply during the night, between `0.1` and `1.0`. ''; @@ -79,7 +79,7 @@ in { type = types.str; default = "/bin/redshift"; example = "/bin/redshift-gtk"; - description = lib.mdDoc '' + description = '' Redshift executable to use within the package. ''; }; @@ -88,7 +88,7 @@ in { type = types.listOf types.str; default = []; example = [ "-v" "-m randr" ]; - description = lib.mdDoc '' + description = '' Additional command-line arguments to pass to {command}`redshift`. ''; diff --git a/nixpkgs/nixos/modules/services/x11/touchegg.nix b/nixpkgs/nixos/modules/services/x11/touchegg.nix index 54918245f156..660ec0b8f706 100644 --- a/nixpkgs/nixos/modules/services/x11/touchegg.nix +++ b/nixpkgs/nixos/modules/services/x11/touchegg.nix @@ -11,7 +11,7 @@ in { ###### interface options.services.touchegg = { - enable = mkEnableOption (lib.mdDoc "touchegg, a multi-touch gesture recognizer"); + enable = mkEnableOption "touchegg, a multi-touch gesture recognizer"; package = mkPackageOption pkgs "touchegg" { }; }; diff --git a/nixpkgs/nixos/modules/services/x11/unclutter-xfixes.nix b/nixpkgs/nixos/modules/services/x11/unclutter-xfixes.nix index 9255c8124788..a302eee1bad9 100644 --- a/nixpkgs/nixos/modules/services/x11/unclutter-xfixes.nix +++ b/nixpkgs/nixos/modules/services/x11/unclutter-xfixes.nix @@ -8,7 +8,7 @@ in { options.services.unclutter-xfixes = { enable = mkOption { - description = lib.mdDoc "Enable unclutter-xfixes to hide your mouse cursor when inactive."; + description = "Enable unclutter-xfixes to hide your mouse cursor when inactive."; type = types.bool; default = false; }; @@ -16,19 +16,19 @@ in { package = mkPackageOption pkgs "unclutter-xfixes" { }; timeout = mkOption { - description = lib.mdDoc "Number of seconds before the cursor is marked inactive."; + description = "Number of seconds before the cursor is marked inactive."; type = types.int; default = 1; }; threshold = mkOption { - description = lib.mdDoc "Minimum number of pixels considered cursor movement."; + description = "Minimum number of pixels considered cursor movement."; type = types.int; default = 1; }; extraOptions = mkOption { - description = lib.mdDoc "More arguments to pass to the unclutter-xfixes command."; + description = "More arguments to pass to the unclutter-xfixes command."; type = types.listOf types.str; default = []; example = [ "exclude-root" "ignore-scrolling" "fork" ]; diff --git a/nixpkgs/nixos/modules/services/x11/unclutter.nix b/nixpkgs/nixos/modules/services/x11/unclutter.nix index ecf7e2668cec..7f07bb8582bc 100644 --- a/nixpkgs/nixos/modules/services/x11/unclutter.nix +++ b/nixpkgs/nixos/modules/services/x11/unclutter.nix @@ -8,7 +8,7 @@ in { options.services.unclutter = { enable = mkOption { - description = lib.mdDoc "Enable unclutter to hide your mouse cursor when inactive"; + description = "Enable unclutter to hide your mouse cursor when inactive"; type = types.bool; default = false; }; @@ -16,32 +16,32 @@ in { package = mkPackageOption pkgs "unclutter" { }; keystroke = mkOption { - description = lib.mdDoc "Wait for a keystroke before hiding the cursor"; + description = "Wait for a keystroke before hiding the cursor"; type = types.bool; default = false; }; timeout = mkOption { - description = lib.mdDoc "Number of seconds before the cursor is marked inactive"; + description = "Number of seconds before the cursor is marked inactive"; type = types.int; default = 1; }; threshold = mkOption { - description = lib.mdDoc "Minimum number of pixels considered cursor movement"; + description = "Minimum number of pixels considered cursor movement"; type = types.int; default = 1; }; excluded = mkOption { - description = lib.mdDoc "Names of windows where unclutter should not apply"; + description = "Names of windows where unclutter should not apply"; type = types.listOf types.str; default = []; example = [ "" ]; }; extraOptions = mkOption { - description = lib.mdDoc "More arguments to pass to the unclutter command"; + description = "More arguments to pass to the unclutter command"; type = types.listOf types.str; default = []; example = [ "noevent" "grab" ]; diff --git a/nixpkgs/nixos/modules/services/x11/urserver.nix b/nixpkgs/nixos/modules/services/x11/urserver.nix index d0b6e0775e5d..30f8a9805cfb 100644 --- a/nixpkgs/nixos/modules/services/x11/urserver.nix +++ b/nixpkgs/nixos/modules/services/x11/urserver.nix @@ -5,7 +5,7 @@ let cfg = config.services.urserver; in { - options.services.urserver.enable = lib.mkEnableOption (lib.mdDoc "urserver"); + options.services.urserver.enable = lib.mkEnableOption "urserver"; config = lib.mkIf cfg.enable { @@ -14,7 +14,7 @@ in { allowedUDPPorts = [ 9511 9512 ]; }; - systemd.user.services.urserver = { + systemd.user.services.urserver = { description = '' Server for Unified Remote: The one-and-only remote for your computer. ''; diff --git a/nixpkgs/nixos/modules/services/x11/urxvtd.nix b/nixpkgs/nixos/modules/services/x11/urxvtd.nix index bab9f43b0952..618db85d477b 100644 --- a/nixpkgs/nixos/modules/services/x11/urxvtd.nix +++ b/nixpkgs/nixos/modules/services/x11/urxvtd.nix @@ -11,7 +11,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable urxvtd, the urxvt terminal daemon. To use urxvtd, run "urxvtc". ''; diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/2bwm.nix b/nixpkgs/nixos/modules/services/x11/window-managers/2bwm.nix index 8483a74b9f6c..fdbdf35b0f5a 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/2bwm.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/2bwm.nix @@ -13,7 +13,7 @@ in ###### interface options = { - services.xserver.windowManager."2bwm".enable = mkEnableOption (lib.mdDoc "2bwm"); + services.xserver.windowManager."2bwm".enable = mkEnableOption "2bwm"; }; diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/afterstep.nix b/nixpkgs/nixos/modules/services/x11/window-managers/afterstep.nix index a06063597971..ba88a64c702a 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/afterstep.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/afterstep.nix @@ -8,7 +8,7 @@ in { ###### interface options = { - services.xserver.windowManager.afterstep.enable = mkEnableOption (lib.mdDoc "afterstep"); + services.xserver.windowManager.afterstep.enable = mkEnableOption "afterstep"; }; ###### implementation diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/awesome.nix b/nixpkgs/nixos/modules/services/x11/window-managers/awesome.nix index 0478f326825f..20a33fa87d4d 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/awesome.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/awesome.nix @@ -21,12 +21,12 @@ in services.xserver.windowManager.awesome = { - enable = mkEnableOption (lib.mdDoc "Awesome window manager"); + enable = mkEnableOption "Awesome window manager"; luaModules = mkOption { default = []; type = types.listOf types.package; - description = lib.mdDoc "List of lua packages available for being used in the Awesome configuration."; + description = "List of lua packages available for being used in the Awesome configuration."; example = literalExpression "[ pkgs.luaPackages.vicious ]"; }; @@ -35,7 +35,7 @@ in noArgb = mkOption { default = false; type = types.bool; - description = lib.mdDoc "Disable client transparency support, which can be greatly detrimental to performance in some setups"; + description = "Disable client transparency support, which can be greatly detrimental to performance in some setups"; }; }; diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/berry.nix b/nixpkgs/nixos/modules/services/x11/window-managers/berry.nix index eb5528602677..0d2285e7a60e 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/berry.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/berry.nix @@ -8,7 +8,7 @@ in { ###### interface options = { - services.xserver.windowManager.berry.enable = mkEnableOption (lib.mdDoc "berry"); + services.xserver.windowManager.berry.enable = mkEnableOption "berry"; }; ###### implementation diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/bspwm.nix b/nixpkgs/nixos/modules/services/x11/window-managers/bspwm.nix index cd8852cdfdee..b7feeab52a56 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/bspwm.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/bspwm.nix @@ -9,7 +9,7 @@ in { options = { services.xserver.windowManager.bspwm = { - enable = mkEnableOption (lib.mdDoc "bspwm"); + enable = mkEnableOption "bspwm"; package = mkPackageOption pkgs "bspwm" { example = "bspwm-unstable"; @@ -18,7 +18,7 @@ in type = with types; nullOr path; example = literalExpression ''"''${pkgs.bspwm}/share/doc/bspwm/examples/bspwmrc"''; default = null; - description = lib.mdDoc '' + description = '' Path to the bspwm configuration file. If null, $HOME/.config/bspwm/bspwmrc will be used. ''; @@ -32,7 +32,7 @@ in type = with types; nullOr path; example = literalExpression ''"''${pkgs.bspwm}/share/doc/bspwm/examples/sxhkdrc"''; default = null; - description = lib.mdDoc '' + description = '' Path to the sxhkd configuration file. If null, $HOME/.config/sxhkd/sxhkdrc will be used. ''; diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/clfswm.nix b/nixpkgs/nixos/modules/services/x11/window-managers/clfswm.nix index 4d47c50c87ef..5500c77a038b 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/clfswm.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/clfswm.nix @@ -9,7 +9,7 @@ in { options = { services.xserver.windowManager.clfswm = { - enable = mkEnableOption (lib.mdDoc "clfswm"); + enable = mkEnableOption "clfswm"; package = mkPackageOption pkgs [ "lispPackages" "clfswm" ] { }; }; }; diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/cwm.nix b/nixpkgs/nixos/modules/services/x11/window-managers/cwm.nix index 9a143e7bccc3..03375a226bb6 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/cwm.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/cwm.nix @@ -7,7 +7,7 @@ let in { options = { - services.xserver.windowManager.cwm.enable = mkEnableOption (lib.mdDoc "cwm"); + services.xserver.windowManager.cwm.enable = mkEnableOption "cwm"; }; config = mkIf cfg.enable { services.xserver.windowManager.session = singleton diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/default.nix b/nixpkgs/nixos/modules/services/x11/window-managers/default.nix index e180f2693e0c..85eb4c6614d9 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/default.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/default.nix @@ -1,8 +1,7 @@ { config, lib, ... }: -with lib; - let + inherit (lib) mkOption types; cfg = config.services.xserver.windowManager; in @@ -62,7 +61,7 @@ in name = "wmii"; start = "..."; }]; - description = lib.mdDoc '' + description = '' Internal option used to add some common line to window manager scripts before forwarding the value to the `displayManager`. @@ -72,17 +71,6 @@ in }); }; - default = mkOption { - type = types.nullOr types.str; - default = null; - example = "wmii"; - description = lib.mdDoc '' - **Deprecated**, please use [](#opt-services.xserver.displayManager.defaultSession) instead. - - Default window manager loaded if none have been chosen. - ''; - }; - }; }; diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/dk.nix b/nixpkgs/nixos/modules/services/x11/window-managers/dk.nix index 441fc18af4b1..afd35ae477a6 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/dk.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/dk.nix @@ -7,7 +7,7 @@ in { options = { services.xserver.windowManager.dk = { - enable = lib.mkEnableOption (lib.mdDoc "dk"); + enable = lib.mkEnableOption "dk"; package = lib.mkPackageOption pkgs "dk" { }; }; diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/dwm.nix b/nixpkgs/nixos/modules/services/x11/window-managers/dwm.nix index b5c7d37653ed..c81a834a0679 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/dwm.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/dwm.nix @@ -14,7 +14,7 @@ in options = { services.xserver.windowManager.dwm = { - enable = mkEnableOption (lib.mdDoc "dwm"); + enable = mkEnableOption "dwm"; package = mkPackageOption pkgs "dwm" { example = '' pkgs.dwm.overrideAttrs (oldAttrs: rec { diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/e16.nix b/nixpkgs/nixos/modules/services/x11/window-managers/e16.nix index 000feea12c2c..3e1a22c4dabd 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/e16.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/e16.nix @@ -8,7 +8,7 @@ in { ###### interface options = { - services.xserver.windowManager.e16.enable = mkEnableOption (lib.mdDoc "e16"); + services.xserver.windowManager.e16.enable = mkEnableOption "e16"; }; ###### implementation diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/evilwm.nix b/nixpkgs/nixos/modules/services/x11/window-managers/evilwm.nix index 842f84c2cfbe..6f1db2110f87 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/evilwm.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/evilwm.nix @@ -8,7 +8,7 @@ in { ###### interface options = { - services.xserver.windowManager.evilwm.enable = mkEnableOption (lib.mdDoc "evilwm"); + services.xserver.windowManager.evilwm.enable = mkEnableOption "evilwm"; }; ###### implementation diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/exwm.nix b/nixpkgs/nixos/modules/services/x11/window-managers/exwm.nix index a97ed74ae881..406b6be5b92c 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/exwm.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/exwm.nix @@ -18,7 +18,7 @@ in { options = { services.xserver.windowManager.exwm = { - enable = mkEnableOption (lib.mdDoc "exwm"); + enable = mkEnableOption "exwm"; loadScript = mkOption { default = "(require 'exwm)"; type = types.lines; @@ -26,7 +26,7 @@ in (require 'exwm) (exwm-enable) ''; - description = lib.mdDoc '' + description = '' Emacs lisp code to be run after loading the user's init file. If enableDefaultConfig is true, this will be run before loading the default config. @@ -35,7 +35,7 @@ in enableDefaultConfig = mkOption { default = true; type = lib.types.bool; - description = lib.mdDoc "Enable an uncustomised exwm configuration."; + description = "Enable an uncustomised exwm configuration."; }; extraPackages = mkOption { type = types.functionTo (types.listOf types.package); @@ -48,7 +48,7 @@ in epkgs.proofgeneral ] ''; - description = lib.mdDoc '' + description = '' Extra packages available to Emacs. The value must be a function which receives the attrset defined in {var}`emacs.pkgs` as the sole argument. diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/fluxbox.nix b/nixpkgs/nixos/modules/services/x11/window-managers/fluxbox.nix index 24165fb6fb07..b409335702af 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/fluxbox.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/fluxbox.nix @@ -8,7 +8,7 @@ in { ###### interface options = { - services.xserver.windowManager.fluxbox.enable = mkEnableOption (lib.mdDoc "fluxbox"); + services.xserver.windowManager.fluxbox.enable = mkEnableOption "fluxbox"; }; ###### implementation diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/fvwm2.nix b/nixpkgs/nixos/modules/services/x11/window-managers/fvwm2.nix index aaf3c5c46906..909b3a475a9c 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/fvwm2.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/fvwm2.nix @@ -19,12 +19,12 @@ in options = { services.xserver.windowManager.fvwm2 = { - enable = mkEnableOption (lib.mdDoc "Fvwm2 window manager"); + enable = mkEnableOption "Fvwm2 window manager"; gestures = mkOption { default = false; type = types.bool; - description = lib.mdDoc "Whether or not to enable libstroke for gesture support"; + description = "Whether or not to enable libstroke for gesture support"; }; }; }; diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/fvwm3.nix b/nixpkgs/nixos/modules/services/x11/window-managers/fvwm3.nix index 50c76b67eea3..43111f917d49 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/fvwm3.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/fvwm3.nix @@ -13,7 +13,7 @@ in options = { services.xserver.windowManager.fvwm3 = { - enable = mkEnableOption (lib.mdDoc "Fvwm3 window manager"); + enable = mkEnableOption "Fvwm3 window manager"; }; }; diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/hackedbox.nix b/nixpkgs/nixos/modules/services/x11/window-managers/hackedbox.nix index 61e911961f51..641cf1bdcbe2 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/hackedbox.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/hackedbox.nix @@ -8,7 +8,7 @@ in { ###### interface options = { - services.xserver.windowManager.hackedbox.enable = mkEnableOption (lib.mdDoc "hackedbox"); + services.xserver.windowManager.hackedbox.enable = mkEnableOption "hackedbox"; }; ###### implementation diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/herbstluftwm.nix b/nixpkgs/nixos/modules/services/x11/window-managers/herbstluftwm.nix index 16ebc2bfe1d3..7edaf4e980ec 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/herbstluftwm.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/herbstluftwm.nix @@ -9,14 +9,14 @@ in { options = { services.xserver.windowManager.herbstluftwm = { - enable = mkEnableOption (lib.mdDoc "herbstluftwm"); + enable = mkEnableOption "herbstluftwm"; package = mkPackageOption pkgs "herbstluftwm" { }; configFile = mkOption { default = null; type = with types; nullOr path; - description = lib.mdDoc '' + description = '' Path to the herbstluftwm configuration file. If left at the default value, $XDG_CONFIG_HOME/herbstluftwm/autostart will be used. diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/hypr.nix b/nixpkgs/nixos/modules/services/x11/window-managers/hypr.nix index 4c1fea71f93e..18111f8741a2 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/hypr.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/hypr.nix @@ -8,7 +8,7 @@ in { ###### interface options = { - services.xserver.windowManager.hypr.enable = mkEnableOption (lib.mdDoc "hypr"); + services.xserver.windowManager.hypr.enable = mkEnableOption "hypr"; }; ###### implementation diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/i3.nix b/nixpkgs/nixos/modules/services/x11/window-managers/i3.nix index e824d91812a7..4b2fb40585a7 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/i3.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/i3.nix @@ -12,12 +12,12 @@ in { options.services.xserver.windowManager.i3 = { - enable = mkEnableOption (lib.mdDoc "i3 window manager"); + enable = mkEnableOption "i3 window manager"; configFile = mkOption { default = null; type = with types; nullOr path; - description = lib.mdDoc '' + description = '' Path to the i3 configuration file. If left at the default value, $HOME/.i3/config will be used. ''; @@ -26,7 +26,7 @@ in updateSessionEnvironment = mkOption { default = true; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to run dbus-update-activation-environment and systemctl import-environment before session start. Required for xdg portals to function properly. ''; @@ -35,7 +35,7 @@ in extraSessionCommands = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Shell commands executed just before i3 is started. ''; }; @@ -52,7 +52,7 @@ in i3lock ] ''; - description = lib.mdDoc '' + description = '' Extra packages to be installed system wide. ''; }; diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/icewm.nix b/nixpkgs/nixos/modules/services/x11/window-managers/icewm.nix index e3cb5cc3be2b..cb2f92d8a42c 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/icewm.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/icewm.nix @@ -8,7 +8,7 @@ in { ###### interface options = { - services.xserver.windowManager.icewm.enable = mkEnableOption (lib.mdDoc "icewm"); + services.xserver.windowManager.icewm.enable = mkEnableOption "icewm"; }; ###### implementation diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/jwm.nix b/nixpkgs/nixos/modules/services/x11/window-managers/jwm.nix index 40758029bc65..0e8dab2e9224 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/jwm.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/jwm.nix @@ -8,7 +8,7 @@ in { ###### interface options = { - services.xserver.windowManager.jwm.enable = mkEnableOption (lib.mdDoc "jwm"); + services.xserver.windowManager.jwm.enable = mkEnableOption "jwm"; }; ###### implementation diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/katriawm.nix b/nixpkgs/nixos/modules/services/x11/window-managers/katriawm.nix index 106631792ff4..db04f6b43e52 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/katriawm.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/katriawm.nix @@ -1,14 +1,14 @@ { config, lib, pkgs, ... }: let - inherit (lib) mdDoc mkEnableOption mkIf mkPackageOption singleton; + inherit (lib) mkEnableOption mkIf mkPackageOption singleton; cfg = config.services.xserver.windowManager.katriawm; in { ###### interface options = { services.xserver.windowManager.katriawm = { - enable = mkEnableOption (mdDoc "katriawm"); + enable = mkEnableOption "katriawm"; package = mkPackageOption pkgs "katriawm" {}; }; }; diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/leftwm.nix b/nixpkgs/nixos/modules/services/x11/window-managers/leftwm.nix index 2571735ba8bf..3ef40df95df2 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/leftwm.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/leftwm.nix @@ -8,7 +8,7 @@ in { ###### interface options = { - services.xserver.windowManager.leftwm.enable = mkEnableOption (lib.mdDoc "leftwm"); + services.xserver.windowManager.leftwm.enable = mkEnableOption "leftwm"; }; ###### implementation diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/lwm.nix b/nixpkgs/nixos/modules/services/x11/window-managers/lwm.nix index 517abb23d4af..e2aa062fd13b 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/lwm.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/lwm.nix @@ -8,7 +8,7 @@ in { ###### interface options = { - services.xserver.windowManager.lwm.enable = mkEnableOption (lib.mdDoc "lwm"); + services.xserver.windowManager.lwm.enable = mkEnableOption "lwm"; }; ###### implementation diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/metacity.nix b/nixpkgs/nixos/modules/services/x11/window-managers/metacity.nix index 1f69147af5bc..600afe759b2c 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/metacity.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/metacity.nix @@ -10,7 +10,7 @@ in { options = { - services.xserver.windowManager.metacity.enable = mkEnableOption (lib.mdDoc "metacity"); + services.xserver.windowManager.metacity.enable = mkEnableOption "metacity"; }; config = mkIf cfg.enable { diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/mlvwm.nix b/nixpkgs/nixos/modules/services/x11/window-managers/mlvwm.nix index fe0433c24b60..08dd04020296 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/mlvwm.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/mlvwm.nix @@ -8,12 +8,12 @@ in { options.services.xserver.windowManager.mlvwm = { - enable = mkEnableOption (lib.mdDoc "Macintosh-like Virtual Window Manager"); + enable = mkEnableOption "Macintosh-like Virtual Window Manager"; configFile = mkOption { default = null; type = with types; nullOr path; - description = lib.mdDoc '' + description = '' Path to the mlvwm configuration file. If left at the default value, $HOME/.mlvwmrc will be used. ''; diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/mwm.nix b/nixpkgs/nixos/modules/services/x11/window-managers/mwm.nix index 9f8dc0939e5e..31f7b725f747 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/mwm.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/mwm.nix @@ -8,7 +8,7 @@ in { ###### interface options = { - services.xserver.windowManager.mwm.enable = mkEnableOption (lib.mdDoc "mwm"); + services.xserver.windowManager.mwm.enable = mkEnableOption "mwm"; }; ###### implementation diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/nimdow.nix b/nixpkgs/nixos/modules/services/x11/window-managers/nimdow.nix index 9cee4bb271a5..2ac9ace63ce4 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/nimdow.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/nimdow.nix @@ -7,12 +7,12 @@ let in { options = { - services.xserver.windowManager.nimdow.enable = mkEnableOption (lib.mdDoc "nimdow"); + services.xserver.windowManager.nimdow.enable = mkEnableOption "nimdow"; services.xserver.windowManager.nimdow.package = mkOption { type = types.package; default = pkgs.nimdow; defaultText = "pkgs.nimdow"; - description = lib.mdDoc "nimdow package to use"; + description = "nimdow package to use"; }; }; diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/notion.nix b/nixpkgs/nixos/modules/services/x11/window-managers/notion.nix index 0015e90a41c5..4ece0d241c90 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/notion.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/notion.nix @@ -8,7 +8,7 @@ in { options = { - services.xserver.windowManager.notion.enable = mkEnableOption (lib.mdDoc "notion"); + services.xserver.windowManager.notion.enable = mkEnableOption "notion"; }; config = mkIf cfg.enable { diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/openbox.nix b/nixpkgs/nixos/modules/services/x11/window-managers/openbox.nix index bf5a500f431a..165772d1aa09 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/openbox.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/openbox.nix @@ -7,7 +7,7 @@ in { options = { - services.xserver.windowManager.openbox.enable = mkEnableOption (lib.mdDoc "openbox"); + services.xserver.windowManager.openbox.enable = mkEnableOption "openbox"; }; config = mkIf cfg.enable { diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/pekwm.nix b/nixpkgs/nixos/modules/services/x11/window-managers/pekwm.nix index 8818f568647a..850335ce7ddf 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/pekwm.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/pekwm.nix @@ -8,7 +8,7 @@ in { ###### interface options = { - services.xserver.windowManager.pekwm.enable = mkEnableOption (lib.mdDoc "pekwm"); + services.xserver.windowManager.pekwm.enable = mkEnableOption "pekwm"; }; ###### implementation diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/qtile.nix b/nixpkgs/nixos/modules/services/x11/window-managers/qtile.nix index 1da61f5fa5e7..78152283a0a5 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/qtile.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/qtile.nix @@ -9,7 +9,7 @@ in { options.services.xserver.windowManager.qtile = { - enable = mkEnableOption (lib.mdDoc "qtile"); + enable = mkEnableOption "qtile"; package = mkPackageOption pkgs "qtile-unwrapped" { }; @@ -17,7 +17,7 @@ in type = with types; nullOr path; default = null; example = literalExpression "./your_config.py"; - description = lib.mdDoc '' + description = '' Path to the qtile configuration file. If null, $XDG_CONFIG_HOME/qtile/config.py will be used. ''; @@ -26,7 +26,7 @@ in backend = mkOption { type = types.enum [ "x11" "wayland" ]; default = "x11"; - description = lib.mdDoc '' + description = '' Backend to use in qtile: `x11` or `wayland`. ''; }; @@ -37,7 +37,7 @@ in defaultText = literalExpression '' python3Packages: with python3Packages; []; ''; - description = lib.mdDoc '' + description = '' Extra Python packages available to Qtile. An example would be to include `python3Packages.qtile-extras` for additional unofficial widgets. diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/ragnarwm.nix b/nixpkgs/nixos/modules/services/x11/window-managers/ragnarwm.nix index 7242c8b1324c..3f550fb72325 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/ragnarwm.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/ragnarwm.nix @@ -10,7 +10,7 @@ in options = { services.xserver.windowManager.ragnarwm = { - enable = mkEnableOption (lib.mdDoc "ragnarwm"); + enable = mkEnableOption "ragnarwm"; package = mkPackageOption pkgs "ragnarwm" { }; }; }; @@ -18,7 +18,7 @@ in ###### implementation config = mkIf cfg.enable { - services.xserver.displayManager.sessionPackages = [ cfg.package ]; + services.displayManager.sessionPackages = [ cfg.package ]; environment.systemPackages = [ cfg.package ]; }; diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/ratpoison.nix b/nixpkgs/nixos/modules/services/x11/window-managers/ratpoison.nix index 1de0fad3e54d..0d58481d4579 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/ratpoison.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/ratpoison.nix @@ -8,7 +8,7 @@ in { ###### interface options = { - services.xserver.windowManager.ratpoison.enable = mkEnableOption (lib.mdDoc "ratpoison"); + services.xserver.windowManager.ratpoison.enable = mkEnableOption "ratpoison"; }; ###### implementation diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/sawfish.nix b/nixpkgs/nixos/modules/services/x11/window-managers/sawfish.nix index 1945a1af6763..b988b5e1829e 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/sawfish.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/sawfish.nix @@ -8,7 +8,7 @@ in { ###### interface options = { - services.xserver.windowManager.sawfish.enable = mkEnableOption (lib.mdDoc "sawfish"); + services.xserver.windowManager.sawfish.enable = mkEnableOption "sawfish"; }; ###### implementation diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/smallwm.nix b/nixpkgs/nixos/modules/services/x11/window-managers/smallwm.nix index e92b18690d8a..091ba4f92b94 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/smallwm.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/smallwm.nix @@ -8,7 +8,7 @@ in { ###### interface options = { - services.xserver.windowManager.smallwm.enable = mkEnableOption (lib.mdDoc "smallwm"); + services.xserver.windowManager.smallwm.enable = mkEnableOption "smallwm"; }; ###### implementation diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/spectrwm.nix b/nixpkgs/nixos/modules/services/x11/window-managers/spectrwm.nix index c464803a0b6a..a1dc298d2426 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/spectrwm.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/spectrwm.nix @@ -9,7 +9,7 @@ in { options = { - services.xserver.windowManager.spectrwm.enable = mkEnableOption (lib.mdDoc "spectrwm"); + services.xserver.windowManager.spectrwm.enable = mkEnableOption "spectrwm"; }; config = mkIf cfg.enable { diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/stumpwm.nix b/nixpkgs/nixos/modules/services/x11/window-managers/stumpwm.nix index c6fc49f5821b..fa6844e672f5 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/stumpwm.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/stumpwm.nix @@ -8,7 +8,7 @@ in { options = { - services.xserver.windowManager.stumpwm.enable = mkEnableOption (lib.mdDoc "stumpwm"); + services.xserver.windowManager.stumpwm.enable = mkEnableOption "stumpwm"; }; config = mkIf cfg.enable { diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/tinywm.nix b/nixpkgs/nixos/modules/services/x11/window-managers/tinywm.nix index 7418a6ddc760..8e5d9b9170ca 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/tinywm.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/tinywm.nix @@ -8,7 +8,7 @@ in { ###### interface options = { - services.xserver.windowManager.tinywm.enable = mkEnableOption (lib.mdDoc "tinywm"); + services.xserver.windowManager.tinywm.enable = mkEnableOption "tinywm"; }; ###### implementation diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/twm.nix b/nixpkgs/nixos/modules/services/x11/window-managers/twm.nix index 231817a26e66..fc09901aae3b 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/twm.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/twm.nix @@ -13,7 +13,7 @@ in ###### interface options = { - services.xserver.windowManager.twm.enable = mkEnableOption (lib.mdDoc "twm"); + services.xserver.windowManager.twm.enable = mkEnableOption "twm"; }; diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/windowlab.nix b/nixpkgs/nixos/modules/services/x11/window-managers/windowlab.nix index 9a0646b6ee7d..fb891a39fa41 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/windowlab.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/windowlab.nix @@ -7,7 +7,7 @@ in { options = { services.xserver.windowManager.windowlab.enable = - lib.mkEnableOption (lib.mdDoc "windowlab"); + lib.mkEnableOption "windowlab"; }; config = lib.mkIf cfg.enable { diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/windowmaker.nix b/nixpkgs/nixos/modules/services/x11/window-managers/windowmaker.nix index a679e2b5bc80..b62723758056 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/windowmaker.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/windowmaker.nix @@ -8,7 +8,7 @@ in { ###### interface options = { - services.xserver.windowManager.windowmaker.enable = mkEnableOption (lib.mdDoc "windowmaker"); + services.xserver.windowManager.windowmaker.enable = mkEnableOption "windowmaker"; }; ###### implementation diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/wmderland.nix b/nixpkgs/nixos/modules/services/x11/window-managers/wmderland.nix index ed515741f62e..56b692209651 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/wmderland.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/wmderland.nix @@ -8,12 +8,12 @@ in { options.services.xserver.windowManager.wmderland = { - enable = mkEnableOption (lib.mdDoc "wmderland"); + enable = mkEnableOption "wmderland"; extraSessionCommands = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Shell commands executed just before wmderland is started. ''; }; @@ -38,7 +38,7 @@ in rxvt-unicode ] ''; - description = lib.mdDoc '' + description = '' Extra packages to be installed system wide. ''; }; diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/wmii.nix b/nixpkgs/nixos/modules/services/x11/window-managers/wmii.nix index 090aa31610ab..9b50a99bf23f 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/wmii.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/wmii.nix @@ -7,7 +7,7 @@ let in { options = { - services.xserver.windowManager.wmii.enable = mkEnableOption (lib.mdDoc "wmii"); + services.xserver.windowManager.wmii.enable = mkEnableOption "wmii"; }; config = mkIf cfg.enable { diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/xmonad.nix b/nixpkgs/nixos/modules/services/x11/window-managers/xmonad.nix index 2962f2851fa9..7feb3a0b520f 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/xmonad.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/xmonad.nix @@ -41,14 +41,14 @@ in { options = { services.xserver.windowManager.xmonad = { - enable = mkEnableOption (lib.mdDoc "xmonad"); + enable = mkEnableOption "xmonad"; haskellPackages = mkOption { default = pkgs.haskellPackages; defaultText = literalExpression "pkgs.haskellPackages"; example = literalExpression "pkgs.haskell.packages.ghc810"; type = types.attrs; - description = lib.mdDoc '' + description = '' haskellPackages used to build Xmonad and other packages. This can be used to change the GHC version used to build Xmonad and the packages listed in @@ -66,7 +66,7 @@ in { haskellPackages.monad-logger ] ''; - description = lib.mdDoc '' + description = '' Extra packages available to ghc when rebuilding Xmonad. The value must be a function which receives the attrset defined in {var}`haskellPackages` as the sole argument. @@ -76,13 +76,13 @@ in { enableContribAndExtras = mkOption { default = false; type = lib.types.bool; - description = lib.mdDoc "Enable xmonad-{contrib,extras} in Xmonad."; + description = "Enable xmonad-{contrib,extras} in Xmonad."; }; config = mkOption { default = null; type = with lib.types; nullOr (either path str); - description = lib.mdDoc '' + description = '' Configuration from which XMonad gets compiled. If no value is specified, a vanilla xmonad binary is put in PATH, which will attempt to recompile and exec your xmonad config from $HOME/.xmonad. @@ -162,7 +162,7 @@ in { enableConfiguredRecompile = mkOption { default = false; type = lib.types.bool; - description = lib.mdDoc '' + description = '' Enable recompilation even if {option}`config` is set to a non-null value. This adds the necessary Haskell dependencies (GHC with packages) to the xmonad binary's environment. @@ -172,7 +172,7 @@ in { xmonadCliArgs = mkOption { default = []; type = with lib.types; listOf str; - description = lib.mdDoc '' + description = '' Command line arguments passed to the xmonad binary. ''; }; @@ -180,7 +180,7 @@ in { ghcArgs = mkOption { default = []; type = with lib.types; listOf str; - description = lib.mdDoc '' + description = '' Command line arguments passed to the compiler (ghc) invocation when xmonad.config is set. ''; diff --git a/nixpkgs/nixos/modules/services/x11/window-managers/yeahwm.nix b/nixpkgs/nixos/modules/services/x11/window-managers/yeahwm.nix index 9b40cecace26..351bd7dfe48b 100644 --- a/nixpkgs/nixos/modules/services/x11/window-managers/yeahwm.nix +++ b/nixpkgs/nixos/modules/services/x11/window-managers/yeahwm.nix @@ -8,7 +8,7 @@ in { ###### interface options = { - services.xserver.windowManager.yeahwm.enable = mkEnableOption (lib.mdDoc "yeahwm"); + services.xserver.windowManager.yeahwm.enable = mkEnableOption "yeahwm"; }; ###### implementation diff --git a/nixpkgs/nixos/modules/services/x11/xautolock.nix b/nixpkgs/nixos/modules/services/x11/xautolock.nix index 5b8b748a086b..04f3821e7508 100644 --- a/nixpkgs/nixos/modules/services/x11/xautolock.nix +++ b/nixpkgs/nixos/modules/services/x11/xautolock.nix @@ -8,9 +8,9 @@ in { options = { services.xserver.xautolock = { - enable = mkEnableOption (lib.mdDoc "xautolock"); - enableNotifier = mkEnableOption (lib.mdDoc "xautolock.notify") // { - description = lib.mdDoc '' + enable = mkEnableOption "xautolock"; + enableNotifier = mkEnableOption "xautolock.notify" // { + description = '' Whether to enable the notifier feature of xautolock. This publishes a notification before the autolock. ''; @@ -20,7 +20,7 @@ in default = 15; type = types.int; - description = lib.mdDoc '' + description = '' Idle time (in minutes) to wait until xautolock locks the computer. ''; }; @@ -31,7 +31,7 @@ in example = literalExpression ''"''${pkgs.i3lock}/bin/i3lock -i /path/to/img"''; type = types.str; - description = lib.mdDoc '' + description = '' The script to use when automatically locking the computer. ''; }; @@ -41,7 +41,7 @@ in example = literalExpression ''"''${pkgs.i3lock}/bin/i3lock -i /path/to/img"''; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' The script to use when manually locking the computer with {command}`xautolock -locknow`. ''; }; @@ -50,7 +50,7 @@ in default = 10; type = types.int; - description = lib.mdDoc '' + description = '' Time (in seconds) before the actual lock when the notification about the pending lock should be published. ''; }; @@ -60,7 +60,7 @@ in example = literalExpression ''"''${pkgs.libnotify}/bin/notify-send 'Locking in 10 seconds'"''; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' Notification script to be used to warn about the pending autolock. ''; }; @@ -70,7 +70,7 @@ in example = "/run/current-system/systemd/bin/systemctl suspend"; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' The script to use when nothing has happened for as long as {option}`killtime` ''; }; @@ -79,7 +79,7 @@ in default = 20; # default according to `man xautolock` type = types.int; - description = lib.mdDoc '' + description = '' Minutes xautolock waits until it executes the script specified in {option}`killer` (Has to be at least 10 minutes) ''; @@ -89,7 +89,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "-detectsleep" ]; - description = lib.mdDoc '' + description = '' Additional command-line arguments to pass to {command}`xautolock`. ''; diff --git a/nixpkgs/nixos/modules/services/x11/xbanish.nix b/nixpkgs/nixos/modules/services/x11/xbanish.nix index de893fae75a1..b95fac68f165 100644 --- a/nixpkgs/nixos/modules/services/x11/xbanish.nix +++ b/nixpkgs/nixos/modules/services/x11/xbanish.nix @@ -7,10 +7,10 @@ let cfg = config.services.xbanish; in { options.services.xbanish = { - enable = mkEnableOption (lib.mdDoc "xbanish"); + enable = mkEnableOption "xbanish"; arguments = mkOption { - description = lib.mdDoc "Arguments to pass to xbanish command"; + description = "Arguments to pass to xbanish command"; default = ""; example = "-d -i shift"; type = types.str; diff --git a/nixpkgs/nixos/modules/services/x11/xfs.nix b/nixpkgs/nixos/modules/services/x11/xfs.nix index 591bf461496e..ea7cfa1aa43c 100644 --- a/nixpkgs/nixos/modules/services/x11/xfs.nix +++ b/nixpkgs/nixos/modules/services/x11/xfs.nix @@ -19,7 +19,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the X Font Server."; + description = "Whether to enable the X Font Server."; }; }; diff --git a/nixpkgs/nixos/modules/services/x11/xserver.nix b/nixpkgs/nixos/modules/services/x11/xserver.nix index 453f414e2a86..e13c27374670 100644 --- a/nixpkgs/nixos/modules/services/x11/xserver.nix +++ b/nixpkgs/nixos/modules/services/x11/xserver.nix @@ -37,7 +37,7 @@ let output = mkOption { type = types.str; example = "DVI-0"; - description = lib.mdDoc '' + description = '' The output name of the monitor, as shown by {manpage}`xrandr(1)` invoked without arguments. ''; @@ -46,7 +46,7 @@ let primary = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether this head is treated as the primary monitor, ''; }; @@ -58,7 +58,7 @@ let DisplaySize 408 306 Option "DPMS" "false" ''; - description = lib.mdDoc '' + description = '' Extra lines to append to the `Monitor` section verbatim. Available options are documented in the MONITOR section in {manpage}`xorg.conf(5)`. @@ -111,7 +111,7 @@ let } '' echo 'Section "Files"' >> $out - echo $fontpath >> $out + echo "$fontpath" >> $out for i in ${toString fontsForXServer}; do if test "''${i:0:''${#NIX_STORE}}" == "$NIX_STORE"; then @@ -121,11 +121,9 @@ let fi done - for i in $(find ${toString cfg.modules} -type d | sort); do - if test $(echo $i/*.so* | wc -w) -ne 0; then - echo " ModulePath \"$i\"" >> $out - fi - done + ${concatMapStrings (m: '' + echo " ModulePath \"${m}/lib/xorg/modules\"" >> "$out" + '') cfg.modules} echo '${cfg.filesSection}' >> $out echo 'EndSection' >> $out @@ -212,7 +210,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the X server. ''; }; @@ -220,7 +218,7 @@ in autorun = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to start the X server automatically. ''; }; @@ -229,13 +227,13 @@ in default = []; example = literalExpression "[ pkgs.xterm ]"; type = types.listOf types.package; - description = lib.mdDoc "Which X11 packages to exclude from the default environment"; + description = "Which X11 packages to exclude from the default environment"; }; exportConfiguration = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to symlink the X server configuration under {file}`/etc/X11/xorg.conf`. ''; @@ -244,7 +242,7 @@ in enableTCP = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to allow the X server to accept TCP connections. ''; }; @@ -252,7 +250,7 @@ in autoRepeatDelay = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' Sets the autorepeat delay (length of time in milliseconds that a key must be depressed before autorepeat starts). ''; }; @@ -260,7 +258,7 @@ in autoRepeatInterval = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' Sets the autorepeat interval (length of time in milliseconds that should elapse between autorepeat-generated keystrokes). ''; }; @@ -278,21 +276,21 @@ in ''' ] ''; - description = lib.mdDoc "Content of additional InputClass sections of the X server configuration file."; + description = "Content of additional InputClass sections of the X server configuration file."; }; modules = mkOption { type = types.listOf types.path; default = []; example = literalExpression "[ pkgs.xf86_input_wacom ]"; - description = lib.mdDoc "Packages to be added to the module search path of the X server."; + description = "Packages to be added to the module search path of the X server."; }; resolutions = mkOption { type = types.listOf types.attrs; default = []; example = [ { x = 1600; y = 1200; } { x = 1024; y = 786; } ]; - description = lib.mdDoc '' + description = '' The screen resolutions for the X server. The first element is the default resolution. If this list is empty, the X server will automatically configure the resolution. @@ -313,7 +311,7 @@ in path = [ "xorg" n ]; title = removePrefix "xf86video" n; }) pkgs.xorg); - description = lib.mdDoc '' + description = '' The names of the video drivers the configuration supports. They will be tried in order until one that supports your card is found. @@ -329,7 +327,7 @@ in type = types.nullOr types.str; default = null; example = "i810"; - description = lib.mdDoc '' + description = '' The name of the video driver for your graphics card. This option is obsolete; please set the {option}`services.xserver.videoDrivers` instead. @@ -339,7 +337,7 @@ in drivers = mkOption { type = types.listOf types.attrs; internal = true; - description = lib.mdDoc '' + description = '' A list of attribute sets specifying drivers to be loaded by the X11 server. ''; @@ -348,7 +346,7 @@ in dpi = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' Force global DPI resolution to use for X server. It's recommended to use this only when DPI is detected incorrectly; also consider using `Monitor` section in configuration file instead. @@ -358,7 +356,7 @@ in updateDbusEnvironment = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to update the DBus activation environment after launching the desktop manager. ''; @@ -368,7 +366,7 @@ in layout = mkOption { type = types.str; default = "us"; - description = lib.mdDoc '' + description = '' X keyboard layout, or multiple keyboard layouts separated by commas. ''; }; @@ -377,7 +375,7 @@ in type = types.str; default = "pc104"; example = "presario"; - description = lib.mdDoc '' + description = '' X keyboard model. ''; }; @@ -386,7 +384,7 @@ in type = types.commas; default = "terminate:ctrl_alt_bksp"; example = "grp:caps_toggle,grp_led:scroll"; - description = lib.mdDoc '' + description = '' X keyboard options; layout switching goes here. ''; }; @@ -395,7 +393,7 @@ in type = types.str; default = ""; example = "colemak"; - description = lib.mdDoc '' + description = '' X keyboard variant. ''; }; @@ -404,7 +402,7 @@ in type = types.path; default = "${pkgs.xkeyboard_config}/etc/X11/xkb"; defaultText = literalExpression ''"''${pkgs.xkeyboard_config}/etc/X11/xkb"''; - description = lib.mdDoc '' + description = '' Path used for -xkbdir xserver parameter. ''; }; @@ -412,7 +410,7 @@ in config = mkOption { type = types.lines; - description = lib.mdDoc '' + description = '' The contents of the configuration file of the X server ({file}`xorg.conf`). @@ -429,14 +427,14 @@ in type = types.lines; default = ""; example = ''FontPath "/path/to/my/fonts"''; - description = lib.mdDoc "Contents of the first `Files` section of the X server configuration file."; + description = "Contents of the first `Files` section of the X server configuration file."; }; deviceSection = mkOption { type = types.lines; default = ""; example = "VideoRAM 131072"; - description = lib.mdDoc "Contents of the first Device section of the X server configuration file."; + description = "Contents of the first Device section of the X server configuration file."; }; screenSection = mkOption { @@ -445,20 +443,20 @@ in example = '' Option "RandRRotation" "on" ''; - description = lib.mdDoc "Contents of the first Screen section of the X server configuration file."; + description = "Contents of the first Screen section of the X server configuration file."; }; monitorSection = mkOption { type = types.lines; default = ""; example = "HorizSync 28-49"; - description = lib.mdDoc "Contents of the first Monitor section of the X server configuration file."; + description = "Contents of the first Monitor section of the X server configuration file."; }; extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Additional contents (sections) included in the X server configuration file"; + description = "Additional contents (sections) included in the X server configuration file"; }; xrandrHeads = mkOption { @@ -478,7 +476,7 @@ in firstPrimary = head heads // { primary = true; }; newHeads = singleton firstPrimary ++ tail heads; in if heads != [] && !hasPrimary then newHeads else heads; - description = lib.mdDoc '' + description = '' Multiple monitor configuration, just specify a list of XRandR outputs. The individual elements should be either simple strings or an attribute set of output options. @@ -514,7 +512,7 @@ in Option "SuspendTime" "0" Option "OffTime" "0" ''; - description = lib.mdDoc "Contents of the ServerFlags section of the X server configuration file."; + description = "Contents of the ServerFlags section of the X server configuration file."; }; moduleSection = mkOption { @@ -525,7 +523,7 @@ in SubSection "extmod" EndSubsection ''; - description = lib.mdDoc "Contents of the Module section of the X server configuration file."; + description = "Contents of the Module section of the X server configuration file."; }; serverLayoutSection = mkOption { @@ -535,28 +533,28 @@ in '' Option "AIGLX" "true" ''; - description = lib.mdDoc "Contents of the ServerLayout section of the X server configuration file."; + description = "Contents of the ServerLayout section of the X server configuration file."; }; extraDisplaySettings = mkOption { type = types.lines; default = ""; example = "Virtual 2048 2048"; - description = lib.mdDoc "Lines to be added to every Display subsection of the Screen section."; + description = "Lines to be added to every Display subsection of the Screen section."; }; defaultDepth = mkOption { type = types.int; default = 0; example = 8; - description = lib.mdDoc "Default colour depth."; + description = "Default colour depth."; }; fontPath = mkOption { type = types.nullOr types.str; default = null; example = "unix/:7100"; - description = lib.mdDoc '' + description = '' Set the X server FontPath. Defaults to null, which means the compiled in defaults will be used. See man xorg.conf for details. @@ -566,20 +564,20 @@ in tty = mkOption { type = types.nullOr types.int; default = 7; - description = lib.mdDoc "Virtual console for the X server."; + description = "Virtual console for the X server."; }; display = mkOption { type = types.nullOr types.int; default = 0; - description = lib.mdDoc "Display number for the X server."; + description = "Display number for the X server."; }; virtualScreen = mkOption { type = types.nullOr types.attrs; default = null; example = { x = 2048; y = 2048; }; - description = lib.mdDoc '' + description = '' Virtual screen size for Xrandr. ''; }; @@ -588,7 +586,7 @@ in type = types.nullOr types.str; default = "/dev/null"; example = "/var/log/Xorg.0.log"; - description = lib.mdDoc '' + description = '' Controls the file Xorg logs to. The default of `/dev/null` is set so that systemd services (like `displayManagers`) only log to the journal and don't create their own log files. @@ -601,7 +599,7 @@ in type = types.nullOr types.int; default = 3; example = 7; - description = lib.mdDoc '' + description = '' Controls verbosity of X logging. ''; }; @@ -609,7 +607,7 @@ in enableCtrlAltBackspace = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the DontZap option, which binds Ctrl+Alt+Backspace to forcefully kill X. This can lead to data loss and is disabled by default. @@ -619,7 +617,7 @@ in terminateOnReset = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to terminate X upon server reset. ''; }; @@ -627,7 +625,7 @@ in upscaleDefaultCursor = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Upscale the default X cursor to be more visible on high-density displays. Requires `config.services.xserver.dpi` to be set. ''; @@ -641,28 +639,18 @@ in ###### implementation config = mkIf cfg.enable { + services.displayManager.enable = true; services.xserver.displayManager.lightdm.enable = let dmConf = cfg.displayManager; default = !(dmConf.gdm.enable - || dmConf.sddm.enable + || config.services.displayManager.sddm.enable || dmConf.xpra.enable || dmConf.sx.enable || dmConf.startx.enable || config.services.greetd.enable); in mkIf (default) (mkDefault true); - # so that the service won't be enabled when only startx is used - systemd.services.display-manager.enable = - let dmConf = cfg.displayManager; - noDmUsed = !(dmConf.gdm.enable - || dmConf.sddm.enable - || dmConf.xpra.enable - || dmConf.lightdm.enable); - in mkIf (noDmUsed) (mkDefault false); - - hardware.opengl.enable = mkDefault true; - services.xserver.videoDrivers = mkIf (cfg.videoDriver != null) [ cfg.videoDriver ]; # FIXME: somehow check for unknown driver names. @@ -696,19 +684,6 @@ in # -xkbdir command line option does not seems to be passed to xkbcomp. "X11/xkb".source = "${cfg.xkb.dir}"; }) - # localectl looks into 00-keyboard.conf - //{ - "X11/xorg.conf.d/00-keyboard.conf".text = '' - Section "InputClass" - Identifier "Keyboard catchall" - MatchIsKeyboard "on" - Option "XkbModel" "${cfg.xkb.model}" - Option "XkbLayout" "${cfg.xkb.layout}" - Option "XkbOptions" "${cfg.xkb.options}" - Option "XkbVariant" "${cfg.xkb.variant}" - EndSection - ''; - } # Needed since 1.18; see https://bugs.freedesktop.org/show_bug.cgi?id=89023#c5 // (let cfgPath = "X11/xorg.conf.d/10-evdev.conf"; in { @@ -728,31 +703,12 @@ in xorg.xprop xorg.xauth pkgs.xterm - pkgs.xdg-utils xorg.xf86inputevdev.out # get evdev.4 man page - pkgs.nixos-icons # needed for gnome and pantheon about dialog, nixos-manual and maybe more ] config.services.xserver.excludePackages ++ optional (elem "virtualbox" cfg.videoDrivers) xorg.xrefresh; environment.pathsToLink = [ "/share/X11" ]; - xdg = { - autostart.enable = true; - menus.enable = true; - mime.enable = true; - icons.enable = true; - }; - - # The default max inotify watches is 8192. - # Nowadays most apps require a good number of inotify watches, - # the value below is used by default on several other distros. - boot.kernel.sysctl."fs.inotify.max_user_instances" = mkDefault 524288; - boot.kernel.sysctl."fs.inotify.max_user_watches" = mkDefault 524288; - - programs.gnupg.agent.pinentryPackage = lib.mkOverride 1100 pkgs.pinentry-gnome3; - - systemd.defaultUnit = mkIf cfg.autorun "graphical.target"; - systemd.services.display-manager = { description = "Display Manager"; @@ -763,17 +719,17 @@ in environment = optionalAttrs config.hardware.opengl.setLdLibraryPath { LD_LIBRARY_PATH = lib.makeLibraryPath [ pkgs.addOpenGLRunpath.driverLink ]; } - // cfg.displayManager.job.environment; + // config.services.displayManager.environment; preStart = '' - ${cfg.displayManager.job.preStart} + ${config.services.displayManager.preStart} rm -f /tmp/.X0-lock ''; # TODO: move declaring the systemd service to its own mkIf - script = mkIf (config.systemd.services.display-manager.enable == true) "${cfg.displayManager.job.execCmd}"; + script = mkIf (config.systemd.services.display-manager.enable == true) "${config.services.displayManager.execCmd}"; # Stop restarting if the display manager stops (crashes) 2 times # in one minute. Starting X typically takes 3-4s. @@ -912,7 +868,6 @@ in ${cfg.extraConfig} ''; - fonts.enableDefaultPackages = mkDefault true; fonts.packages = [ (if cfg.upscaleDefaultCursor then fontcursormisc_hidpi else pkgs.xorg.fontcursormisc) pkgs.xorg.fontmiscmisc diff --git a/nixpkgs/nixos/modules/system/activation/activatable-system.nix b/nixpkgs/nixos/modules/system/activation/activatable-system.nix index 3d941596747b..e442fce7541b 100644 --- a/nixpkgs/nixos/modules/system/activation/activatable-system.nix +++ b/nixpkgs/nixos/modules/system/activation/activatable-system.nix @@ -25,7 +25,7 @@ in ''; }; system.activatableSystemBuilderCommands = options.system.systemBuilderCommands // { - description = lib.mdDoc '' + description = '' Like `system.systemBuilderCommands`, but only for the commands that are needed *both* when the system is activatable and when it isn't. diff --git a/nixpkgs/nixos/modules/system/activation/activation-script.nix b/nixpkgs/nixos/modules/system/activation/activation-script.nix index bc0b7266ce95..fc29aa3cb2f7 100644 --- a/nixpkgs/nixos/modules/system/activation/activation-script.nix +++ b/nixpkgs/nixos/modules/system/activation/activation-script.nix @@ -74,17 +74,17 @@ let { deps = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc "List of dependencies. The script will run after these."; + description = "List of dependencies. The script will run after these."; }; text = mkOption { type = types.lines; - description = lib.mdDoc "The content of the script."; + description = "The content of the script."; }; } // optionalAttrs withDry { supportsDryActivation = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether this activation script supports being dry-activated. These activation scripts will also be executed on dry-activate activations with the environment variable @@ -119,7 +119,7 @@ in } ''; - description = lib.mdDoc '' + description = '' A set of shell script fragments that are executed when a NixOS system configuration is activated. Examples are updating /etc, creating accounts, and so on. Since these are executed @@ -135,7 +135,7 @@ in }; system.dryActivationScript = mkOption { - description = lib.mdDoc "The shell script that is to be run when dry-activating a system."; + description = "The shell script that is to be run when dry-activating a system."; readOnly = true; internal = true; default = systemActivationScript (removeAttrs config.system.activationScripts [ "script" ]) true; @@ -155,7 +155,7 @@ in } ''; - description = lib.mdDoc '' + description = '' A set of shell script fragments that are executed by a systemd user service when a NixOS system configuration is activated. Examples are rebuilding the .desktop file cache for showing applications in the menu. @@ -195,7 +195,7 @@ in example = literalExpression ''"''${pkgs.busybox}/bin/env"''; type = types.nullOr types.path; visible = false; - description = lib.mdDoc '' + description = '' The env(1) executable that is linked system-wide to `/usr/bin/env`. ''; @@ -207,7 +207,7 @@ in # go to `true` instead of `echo`, hiding the useless path # from the log. default = "echo 'Warning: do not know how to make this configuration bootable; please enable a boot loader.' 1>&2; true"; - description = lib.mdDoc '' + description = '' A program that writes a bootloader installation script to the path passed in the first command line argument. See `nixos/modules/system/activation/switch-to-configuration.pl`. diff --git a/nixpkgs/nixos/modules/system/activation/bootspec.nix b/nixpkgs/nixos/modules/system/activation/bootspec.nix index 2ed6964b2a6a..3c2b91cce701 100644 --- a/nixpkgs/nixos/modules/system/activation/bootspec.nix +++ b/nixpkgs/nixos/modules/system/activation/bootspec.nix @@ -77,19 +77,18 @@ let in { options.boot.bootspec = { - enable = lib.mkEnableOption (lib.mdDoc "the generation of RFC-0125 bootspec in $system/boot.json, e.g. /run/current-system/boot.json") + enable = lib.mkEnableOption "the generation of RFC-0125 bootspec in $system/boot.json, e.g. /run/current-system/boot.json" // { default = true; internal = true; }; - enableValidation = lib.mkEnableOption (lib.mdDoc ''the validation of bootspec documents for each build. + enableValidation = lib.mkEnableOption ''the validation of bootspec documents for each build. This will introduce Go in the build-time closure as we are relying on [Cuelang](https://cuelang.org/) for schema validation. Enable this option if you want to ascertain that your documents are correct - '' - ); + ''; extensions = lib.mkOption { # NOTE(RaitoBezarius): this is not enough to validate: extensions."osRelease" = drv; those are picked up by cue validation. type = lib.types.attrsOf lib.types.anything; # <namespace>: { ...namespace-specific fields } default = { }; - description = lib.mdDoc '' + description = '' User-defined data that extends the bootspec document. To reduce incompatibility and prevent names from clashing diff --git a/nixpkgs/nixos/modules/system/activation/specialisation.nix b/nixpkgs/nixos/modules/system/activation/specialisation.nix index 86603c847641..fdab287802fa 100644 --- a/nixpkgs/nixos/modules/system/activation/specialisation.nix +++ b/nixpkgs/nixos/modules/system/activation/specialisation.nix @@ -27,7 +27,7 @@ in specialisation = mkOption { default = { }; example = lib.literalExpression "{ fewJobsManyCores.configuration = { nix.settings = { core = 0; max-jobs = 1; }; }; }"; - description = lib.mdDoc '' + description = '' Additional configurations to build. If `inheritParentConfig` is true, the system will be based on the overall system configuration. @@ -51,12 +51,12 @@ in options.inheritParentConfig = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Include the entire system's configuration. Set to false to make a completely differently configured system."; + description = "Include the entire system's configuration. Set to false to make a completely differently configured system."; }; options.configuration = mkOption { default = { }; - description = lib.mdDoc '' + description = '' Arbitrary NixOS configuration. Anything you can add to a normal NixOS configuration, you can add diff --git a/nixpkgs/nixos/modules/system/activation/switchable-system.nix b/nixpkgs/nixos/modules/system/activation/switchable-system.nix index 00bc18e48d1f..d5bd8cc1dc11 100644 --- a/nixpkgs/nixos/modules/system/activation/switchable-system.nix +++ b/nixpkgs/nixos/modules/system/activation/switchable-system.nix @@ -12,7 +12,7 @@ in system.switch.enable = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to include the capability to switch configurations. Disabling this makes the system unable to be reconfigured via `nixos-rebuild`. diff --git a/nixpkgs/nixos/modules/system/activation/top-level.nix b/nixpkgs/nixos/modules/system/activation/top-level.nix index 1f9ad570db7d..4cf3012646fa 100644 --- a/nixpkgs/nixos/modules/system/activation/top-level.nix +++ b/nixpkgs/nixos/modules/system/activation/top-level.nix @@ -93,7 +93,7 @@ in system.boot.loader.id = mkOption { internal = true; default = ""; - description = lib.mdDoc '' + description = '' Id string of the used bootloader. ''; }; @@ -103,7 +103,7 @@ in default = pkgs.stdenv.hostPlatform.linux-kernel.target; defaultText = literalExpression "pkgs.stdenv.hostPlatform.linux-kernel.target"; type = types.str; - description = lib.mdDoc '' + description = '' Name of the kernel file to be passed to the bootloader. ''; }; @@ -112,7 +112,7 @@ in internal = true; default = "initrd"; type = types.str; - description = lib.mdDoc '' + description = '' Name of the initrd file to be passed to the bootloader. ''; }; @@ -121,7 +121,7 @@ in toplevel = mkOption { type = types.package; readOnly = true; - description = lib.mdDoc '' + description = '' This option contains the store path that typically represents a NixOS system. You can read this path in a custom deployment tool for example. @@ -133,7 +133,7 @@ in system.copySystemConfiguration = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' If enabled, copies the NixOS configuration file (usually {file}`/etc/nixos/configuration.nix`) and links it from the resulting system @@ -155,7 +155,7 @@ in type = types.attrsOf types.unspecified; internal = true; default = {}; - description = lib.mdDoc '' + description = '' `lib.mkDerivation` attributes that will be passed to the top level system builder. ''; }; @@ -164,7 +164,7 @@ in default = ""; example = "-dev$"; type = types.str; - description = lib.mdDoc '' + description = '' A POSIX Extended Regular Expression that matches store paths that should not appear in the system closure, with the exception of {option}`system.extraDependencies`, which is not checked. ''; @@ -174,7 +174,7 @@ in type = types.lines; internal = true; default = ""; - description = lib.mdDoc '' + description = '' This code will be added to the builder creating the system store path. ''; }; @@ -182,7 +182,7 @@ in system.extraDependencies = mkOption { type = types.listOf types.pathInStore; default = []; - description = lib.mdDoc '' + description = '' A list of paths that should be included in the system closure but generally not visible to users. @@ -195,7 +195,7 @@ in system.checks = mkOption { type = types.listOf types.package; default = []; - description = lib.mdDoc '' + description = '' Packages that are added as dependencies of the system's build, usually for the purpose of validating some part of the configuration. @@ -211,12 +211,12 @@ in { ... }: { options.original = mkOption { type = types.package; - description = lib.mdDoc "The original package to override."; + description = "The original package to override."; }; options.replacement = mkOption { type = types.package; - description = lib.mdDoc "The replacement package."; + description = "The replacement package."; }; }) ); @@ -224,7 +224,7 @@ in oldDependency = original; newDependency = replacement; }); - description = lib.mdDoc '' + description = '' List of packages to override without doing a full rebuild. The original derivation and replacement derivation must have the same name length, and ideally should have close-to-identical directory layout. @@ -242,7 +242,7 @@ in then "unnamed" else config.networking.hostName; ''; - description = lib.mdDoc '' + description = '' The name of the system used in the {option}`system.build.toplevel` derivation. That derivation has the following name: @@ -253,7 +253,7 @@ in system.includeBuildDependencies = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to include the build closure of the whole system in its runtime closure. This can be useful for making changes fully offline, as it includes all sources, patches, and diff --git a/nixpkgs/nixos/modules/system/boot/binfmt.nix b/nixpkgs/nixos/modules/system/boot/binfmt.nix index 2242c9da62d0..3605ce56910e 100644 --- a/nixpkgs/nixos/modules/system/boot/binfmt.nix +++ b/nixpkgs/nixos/modules/system/boot/binfmt.nix @@ -155,7 +155,7 @@ in { registrations = mkOption { default = {}; - description = lib.mdDoc '' + description = '' Extra binary formats to register with the kernel. See https://www.kernel.org/doc/html/latest/admin-guide/binfmt-misc.html for more details. ''; @@ -164,30 +164,29 @@ in { options = { recognitionType = mkOption { default = "magic"; - description = lib.mdDoc "Whether to recognize executables by magic number or extension."; + description = "Whether to recognize executables by magic number or extension."; type = types.enum [ "magic" "extension" ]; }; offset = mkOption { default = null; - description = lib.mdDoc "The byte offset of the magic number used for recognition."; + description = "The byte offset of the magic number used for recognition."; type = types.nullOr types.int; }; magicOrExtension = mkOption { - description = lib.mdDoc "The magic number or extension to match on."; + description = "The magic number or extension to match on."; type = types.str; }; mask = mkOption { default = null; - description = - lib.mdDoc "A mask to be ANDed with the byte sequence of the file before matching"; + description = "A mask to be ANDed with the byte sequence of the file before matching"; type = types.nullOr types.str; }; interpreter = mkOption { - description = lib.mdDoc '' + description = '' The interpreter to invoke to run the program. Note that the actual registration will point to @@ -199,7 +198,7 @@ in { preserveArgvZero = mkOption { default = false; - description = lib.mdDoc '' + description = '' Whether to pass the original argv[0] to the interpreter. See the description of the 'P' flag in the kernel docs @@ -210,7 +209,7 @@ in { openBinary = mkOption { default = config.matchCredentials; - description = lib.mdDoc '' + description = '' Whether to pass the binary to the interpreter as an open file descriptor, instead of a path. ''; @@ -219,7 +218,7 @@ in { matchCredentials = mkOption { default = false; - description = lib.mdDoc '' + description = '' Whether to launch with the credentials and security token of the binary, not the interpreter (e.g. setuid bit). @@ -234,7 +233,7 @@ in { fixBinary = mkOption { default = false; - description = lib.mdDoc '' + description = '' Whether to open the interpreter file as soon as the registration is loaded, rather than waiting for a relevant file to be invoked. @@ -247,7 +246,7 @@ in { wrapInterpreterInShell = mkOption { default = true; - description = lib.mdDoc '' + description = '' Whether to wrap the interpreter in a shell script. This allows a shell command to be set as the interpreter. @@ -258,7 +257,7 @@ in { interpreterSandboxPath = mkOption { internal = true; default = null; - description = lib.mdDoc '' + description = '' Path of the interpreter to expose in the build sandbox. ''; type = types.nullOr types.path; @@ -270,7 +269,7 @@ in { emulatedSystems = mkOption { default = []; example = [ "wasm32-wasi" "x86_64-windows" "aarch64-linux" ]; - description = lib.mdDoc '' + description = '' List of systems to emulate. Will also configure Nix to support your new systems. Warning: the builder can execute all emulated systems within the same build, which introduces impurities in the case of cross compilation. diff --git a/nixpkgs/nixos/modules/system/boot/clevis.nix b/nixpkgs/nixos/modules/system/boot/clevis.nix index 0c72590f9385..d9390f5bc15f 100644 --- a/nixpkgs/nixos/modules/system/boot/clevis.nix +++ b/nixpkgs/nixos/modules/system/boot/clevis.nix @@ -12,14 +12,14 @@ in meta.doc = ./clevis.md; options = { - boot.initrd.clevis.enable = mkEnableOption (lib.mdDoc "Clevis in initrd"); + boot.initrd.clevis.enable = mkEnableOption "Clevis in initrd"; boot.initrd.clevis.package = mkOption { type = types.package; default = pkgs.clevis; defaultText = "pkgs.clevis"; - description = lib.mdDoc "Clevis package"; + description = "Clevis package"; }; boot.initrd.clevis.devices = mkOption { @@ -27,7 +27,7 @@ in default = { }; type = types.attrsOf (types.submodule ({ options.secretFile = mkOption { - description = lib.mdDoc "Clevis JWE file used to decrypt the device at boot, in concert with the chosen pin (one of TPM2, Tang server, or SSS)."; + description = "Clevis JWE file used to decrypt the device at boot, in concert with the chosen pin (one of TPM2, Tang server, or SSS)."; type = types.path; }; })); diff --git a/nixpkgs/nixos/modules/system/boot/emergency-mode.nix b/nixpkgs/nixos/modules/system/boot/emergency-mode.nix index a2163aa5ffb3..717ab08f2534 100644 --- a/nixpkgs/nixos/modules/system/boot/emergency-mode.nix +++ b/nixpkgs/nixos/modules/system/boot/emergency-mode.nix @@ -11,7 +11,7 @@ with lib; systemd.enableEmergencyMode = mkOption { default = true; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to enable emergency mode, which is an {command}`sulogin` shell started on the console if mounting a filesystem fails. Since some machines (like EC2 diff --git a/nixpkgs/nixos/modules/system/boot/grow-partition.nix b/nixpkgs/nixos/modules/system/boot/grow-partition.nix index 8a0fc3a03dac..4f8a2273a7ac 100644 --- a/nixpkgs/nixos/modules/system/boot/grow-partition.nix +++ b/nixpkgs/nixos/modules/system/boot/grow-partition.nix @@ -12,7 +12,7 @@ with lib; ]; options = { - boot.growPartition = mkEnableOption (lib.mdDoc "growing the root partition on boot"); + boot.growPartition = mkEnableOption "growing the root partition on boot"; }; config = mkIf config.boot.growPartition { diff --git a/nixpkgs/nixos/modules/system/boot/initrd-network.nix b/nixpkgs/nixos/modules/system/boot/initrd-network.nix index 88ba43caf003..6f63f1627124 100644 --- a/nixpkgs/nixos/modules/system/boot/initrd-network.nix +++ b/nixpkgs/nixos/modules/system/boot/initrd-network.nix @@ -50,7 +50,7 @@ in boot.initrd.network.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Add network connectivity support to initrd. The network may be configured using the `ip` kernel parameter, as described in [the kernel documentation](https://www.kernel.org/doc/Documentation/filesystems/nfs/nfsroot.txt). @@ -69,7 +69,7 @@ in type = types.bool; default = !config.boot.initrd.systemd.enable; defaultText = "!config.boot.initrd.systemd.enable"; - description = lib.mdDoc '' + description = '' Whether to clear the configuration of the interfaces that were set up in the initrd right before stage 2 takes over. Stage 2 will do the regular network configuration based on the NixOS networking options. @@ -83,7 +83,7 @@ in default = config.networking.useDHCP && !config.boot.initrd.systemd.enable; defaultText = "networking.useDHCP"; type = types.bool; - description = lib.mdDoc '' + description = '' Enables the udhcpc service during stage 1 of the boot process. This defaults to {option}`networking.useDHCP`. Therefore, this useful if useDHCP is off but the initramfs should do dhcp. @@ -93,7 +93,7 @@ in boot.initrd.network.udhcpc.extraArgs = mkOption { default = []; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' Additional command-line arguments passed verbatim to udhcpc if {option}`boot.initrd.network.enable` and {option}`boot.initrd.network.udhcpc.enable` are enabled. @@ -103,7 +103,7 @@ in boot.initrd.network.postCommands = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Shell commands to be executed after stage 1 of the boot has initialised the network. ''; diff --git a/nixpkgs/nixos/modules/system/boot/initrd-openvpn.nix b/nixpkgs/nixos/modules/system/boot/initrd-openvpn.nix index 2530240628e4..602d80fa338a 100644 --- a/nixpkgs/nixos/modules/system/boot/initrd-openvpn.nix +++ b/nixpkgs/nixos/modules/system/boot/initrd-openvpn.nix @@ -15,7 +15,7 @@ in boot.initrd.network.openvpn.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Starts an OpenVPN client during initrd boot. It can be used to e.g. remotely accessing the SSH service controlled by {option}`boot.initrd.network.ssh` or other network services @@ -25,7 +25,7 @@ in boot.initrd.network.openvpn.configuration = mkOption { type = types.path; # Same type as boot.initrd.secrets - description = lib.mdDoc '' + description = '' The configuration file for OpenVPN. ::: {.warning} diff --git a/nixpkgs/nixos/modules/system/boot/initrd-ssh.nix b/nixpkgs/nixos/modules/system/boot/initrd-ssh.nix index 43da2496d16c..9ce5a85b4f07 100644 --- a/nixpkgs/nixos/modules/system/boot/initrd-ssh.nix +++ b/nixpkgs/nixos/modules/system/boot/initrd-ssh.nix @@ -18,7 +18,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Start SSH service during initrd boot. It can be used to debug failing boot on a remote server, enter pasphrase for an encrypted partition etc. Service is killed when stage-1 boot is finished. @@ -31,7 +31,7 @@ in port = mkOption { type = types.port; default = 22; - description = lib.mdDoc '' + description = '' Port on which SSH initrd service should listen. ''; }; @@ -40,7 +40,7 @@ in type = types.nullOr types.str; default = null; defaultText = ''"/bin/ash"''; - description = lib.mdDoc '' + description = '' Login shell of the remote user. Can be used to limit actions user can do. ''; }; @@ -52,7 +52,7 @@ in "/etc/secrets/initrd/ssh_host_rsa_key" "/etc/secrets/initrd/ssh_host_ed25519_key" ]; - description = lib.mdDoc '' + description = '' Specify SSH host keys to import into the initrd. To generate keys, use @@ -81,7 +81,7 @@ in ignoreEmptyHostKeys = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Allow leaving {option}`config.boot.initrd.network.ssh` empty, to deploy ssh host keys out of band. ''; @@ -91,7 +91,7 @@ in type = types.listOf types.str; default = config.users.users.root.openssh.authorizedKeys.keys; defaultText = literalExpression "config.users.users.root.openssh.authorizedKeys.keys"; - description = lib.mdDoc '' + description = '' Authorized keys for the root user on initrd. You can combine the `authorizedKeys` and `authorizedKeyFiles` options. ''; @@ -105,7 +105,7 @@ in type = types.listOf types.path; default = config.users.users.root.openssh.authorizedKeys.keyFiles; defaultText = literalExpression "config.users.users.root.openssh.authorizedKeys.keyFiles"; - description = lib.mdDoc '' + description = '' Authorized keys taken from files for the root user on initrd. You can combine the `authorizedKeyFiles` and `authorizedKeys` options. ''; @@ -114,7 +114,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Verbatim contents of {file}`sshd_config`."; + description = "Verbatim contents of {file}`sshd_config`."; }; }; diff --git a/nixpkgs/nixos/modules/system/boot/kernel.nix b/nixpkgs/nixos/modules/system/boot/kernel.nix index 950cff386d02..4854119b2538 100644 --- a/nixpkgs/nixos/modules/system/boot/kernel.nix +++ b/nixpkgs/nixos/modules/system/boot/kernel.nix @@ -20,7 +20,7 @@ in ###### interface options = { - boot.kernel.enable = mkEnableOption (lib.mdDoc "the Linux kernel. This is useful for systemd-like containers which do not require a kernel") // { + boot.kernel.enable = mkEnableOption "the Linux kernel. This is useful for systemd-like containers which do not require a kernel" // { default = true; }; @@ -28,7 +28,7 @@ in default = {}; example = literalExpression "{ debug = true; }"; internal = true; - description = lib.mdDoc '' + description = '' This option allows to enable or disable certain kernel features. It's not API, because it's about kernel feature sets, that make sense for specific use cases. Mostly along with programs, @@ -51,7 +51,7 @@ in # - some of it might not even evaluate correctly. defaultText = literalExpression "pkgs.linuxPackages"; example = literalExpression "pkgs.linuxKernel.packages.linux_5_10"; - description = lib.mdDoc '' + description = '' This option allows you to override the Linux kernel used by NixOS. Since things like external kernel module packages are tied to the kernel you're using, it also overrides those. @@ -90,7 +90,7 @@ in } ] ''; - description = lib.mdDoc '' + description = '' A list of additional patches to apply to the kernel. Every item should be an attribute set with the following attributes: @@ -127,7 +127,7 @@ in type = types.str; default = ""; example = "my secret seed"; - description = lib.mdDoc '' + description = '' Provides a custom seed for the {var}`RANDSTRUCT` security option of the Linux kernel. Note that {var}`RANDSTRUCT` is only enabled in NixOS hardened kernels. Using a custom seed requires @@ -142,13 +142,13 @@ in description = "string, with spaces inside double quotes"; }); default = [ ]; - description = lib.mdDoc "Parameters added to the kernel command line."; + description = "Parameters added to the kernel command line."; }; boot.consoleLogLevel = mkOption { type = types.int; default = 4; - description = lib.mdDoc '' + description = '' The kernel console `loglevel`. All Kernel Messages with a log level smaller than this setting will be printed to the console. ''; @@ -157,7 +157,7 @@ in boot.vesa = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' (Deprecated) This option, if set, activates the VESA 800x600 video mode on boot and disables kernel modesetting. It is equivalent to specifying `[ "vga=0x317" "nomodeset" ]` in the @@ -171,13 +171,13 @@ in type = types.listOf types.package; default = []; example = literalExpression "[ config.boot.kernelPackages.nvidia_x11 ]"; - description = lib.mdDoc "A list of additional packages supplying kernel modules."; + description = "A list of additional packages supplying kernel modules."; }; boot.kernelModules = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' The set of kernel modules to be loaded in the second stage of the boot process. Note that modules that are needed to mount the root file system should be added to @@ -190,7 +190,7 @@ in type = types.listOf types.str; default = []; example = [ "sata_nv" "ext3" ]; - description = lib.mdDoc '' + description = '' The set of kernel modules in the initial ramdisk used during the boot process. This set must include all modules necessary for mounting the root device. That is, it should include modules @@ -210,13 +210,13 @@ in boot.initrd.kernelModules = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc "List of modules that are always loaded by the initrd."; + description = "List of modules that are always loaded by the initrd."; }; boot.initrd.includeDefaultModules = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' This option, if set, adds a collection of default kernel modules to {option}`boot.initrd.availableKernelModules` and {option}`boot.initrd.kernelModules`. @@ -227,7 +227,7 @@ in type = types.listOf types.path; internal = true; default = []; - description = lib.mdDoc '' + description = '' Tree of kernel modules. This includes the kernel, plus modules built outside of the kernel. Combine these into a single tree of symlinks because modprobe only supports one directory. @@ -249,7 +249,7 @@ in ''; internal = true; type = types.listOf types.attrs; - description = lib.mdDoc '' + description = '' This option allows modules to specify the kernel config options that must be set (or unset) for the module to work. Please use the lib.kernelConfig functions to build list elements. diff --git a/nixpkgs/nixos/modules/system/boot/kernel_config.nix b/nixpkgs/nixos/modules/system/boot/kernel_config.nix index e618070f0dc3..a98ee2deda69 100644 --- a/nixpkgs/nixos/modules/system/boot/kernel_config.nix +++ b/nixpkgs/nixos/modules/system/boot/kernel_config.nix @@ -14,7 +14,7 @@ let default = null; internal = true; visible = true; - description = lib.mdDoc '' + description = '' Use this field for tristate kernel options expecting a "y" or "m" or "n". ''; }; @@ -25,7 +25,7 @@ let }; default = null; example = ''MMC_BLOCK_MINORS.freeform = "32";''; - description = lib.mdDoc '' + description = '' Freeform description of a kernel configuration item value. ''; }; @@ -33,7 +33,7 @@ let optional = mkOption { type = types.bool // { merge = mergeFalseByDefault; }; default = false; - description = lib.mdDoc '' + description = '' Whether option should generate a failure when unused. Upon merging values, mandatory wins over optional. ''; @@ -90,7 +90,7 @@ in USB? y DEBUG n ''; - description = lib.mdDoc '' + description = '' The result of converting the structured kernel configuration in settings to an intermediate string that can be parsed by generate-config.pl to answer the kernel `make defconfig`. @@ -104,7 +104,7 @@ in USB = option yes; MMC_BLOCK_MINORS = freeform "32"; }''; - description = lib.mdDoc '' + description = '' Structured kernel configuration. ''; }; diff --git a/nixpkgs/nixos/modules/system/boot/loader/efi.nix b/nixpkgs/nixos/modules/system/boot/loader/efi.nix index 2661f362249d..6043c904c450 100644 --- a/nixpkgs/nixos/modules/system/boot/loader/efi.nix +++ b/nixpkgs/nixos/modules/system/boot/loader/efi.nix @@ -8,13 +8,13 @@ with lib; canTouchEfiVariables = mkOption { default = false; type = types.bool; - description = lib.mdDoc "Whether the installation process is allowed to modify EFI boot variables."; + description = "Whether the installation process is allowed to modify EFI boot variables."; }; efiSysMountPoint = mkOption { default = "/boot"; type = types.str; - description = lib.mdDoc "Where the EFI System Partition is mounted."; + description = "Where the EFI System Partition is mounted."; }; }; } diff --git a/nixpkgs/nixos/modules/system/boot/loader/external/external.nix b/nixpkgs/nixos/modules/system/boot/loader/external/external.nix index 78982356a9ea..7f976f755f2e 100644 --- a/nixpkgs/nixos/modules/system/boot/loader/external/external.nix +++ b/nixpkgs/nixos/modules/system/boot/loader/external/external.nix @@ -12,11 +12,11 @@ in }; options.boot.loader.external = { - enable = mkEnableOption (lib.mdDoc "using an external tool to install your bootloader"); + enable = mkEnableOption "using an external tool to install your bootloader"; installHook = mkOption { type = with types; path; - description = lib.mdDoc '' + description = '' The full path to a program of your choosing which performs the bootloader installation process. The program will be called with an argument pointing to the output of the system's toplevel. diff --git a/nixpkgs/nixos/modules/system/boot/loader/generations-dir/generations-dir.nix b/nixpkgs/nixos/modules/system/boot/loader/generations-dir/generations-dir.nix index 5ace5dd06fd4..630c6e1870e6 100644 --- a/nixpkgs/nixos/modules/system/boot/loader/generations-dir/generations-dir.nix +++ b/nixpkgs/nixos/modules/system/boot/loader/generations-dir/generations-dir.nix @@ -22,7 +22,7 @@ in enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to create symlinks to the system generations under `/boot`. When enabled, `/boot/default/kernel`, @@ -41,7 +41,7 @@ in copyKernels = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether copy the necessary boot files into /boot, so /nix/store is not needed by the boot loader. ''; diff --git a/nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible/default.nix b/nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible/default.nix index 13df60907116..2b75707ad99e 100644 --- a/nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible/default.nix +++ b/nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible/default.nix @@ -20,7 +20,7 @@ in enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to generate an extlinux-compatible configuration file under `/boot/extlinux.conf`. For instance, U-Boot's generic distro boot support uses this file format. @@ -33,7 +33,7 @@ in useGenerationDeviceTree = mkOption { default = true; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to generate Device Tree-related directives in the extlinux configuration. @@ -49,7 +49,7 @@ in default = 20; example = 10; type = types.int; - description = lib.mdDoc '' + description = '' Maximum number of configurations in the boot menu. ''; }; @@ -57,7 +57,7 @@ in populateCmd = mkOption { type = types.str; readOnly = true; - description = lib.mdDoc '' + description = '' Contains the builder command used to populate an image, honoring all options except the `-c <path-to-default-configuration>` argument. diff --git a/nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.sh b/nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.sh index 1a0da0050291..f2b281d23292 100644 --- a/nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.sh +++ b/nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible/extlinux-conf-builder.sh @@ -141,7 +141,13 @@ if [ "$numGenerations" -gt 0 ]; then | sort -n -r \ | head -n $numGenerations); do link=/nix/var/nix/profiles/system-$generation-link - addEntry $link $generation + addEntry $link "${generation}-default" + for specialisation in $( + ls /nix/var/nix/profiles/system-$generation-link/specialisation \ + | sort -n -r); do + link=/nix/var/nix/profiles/system-$generation-link/specialisation/$specialisation + addEntry $link "${generation}-${specialisation}" + done done >> $tmpFile fi diff --git a/nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix b/nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix index 0556c875241a..9c36651d6874 100644 --- a/nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix +++ b/nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix @@ -6,7 +6,6 @@ let concatMap concatMapStrings concatStrings - concatStringsSep escapeShellArg flip foldr @@ -126,7 +125,7 @@ in default = !config.boot.isContainer; defaultText = literalExpression "!config.boot.isContainer"; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to enable the GNU GRUB boot loader. ''; }; @@ -140,7 +139,7 @@ in default = ""; example = "/dev/disk/by-id/wwn-0x500001234567890a"; type = types.str; - description = lib.mdDoc '' + description = '' The device on which the GRUB boot loader will be installed. The special value `nodev` means that a GRUB boot menu will be generated, but GRUB itself will not @@ -153,7 +152,7 @@ in default = []; example = [ "/dev/disk/by-id/wwn-0x500001234567890a" ]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' The devices on which the boot loader, GRUB, will be installed. Can be used instead of `device` to install GRUB onto multiple devices. @@ -165,7 +164,7 @@ in example = { root = { hashedPasswordFile = "/path/to/file"; }; }; - description = lib.mdDoc '' + description = '' User accounts for GRUB. When specified, the GRUB command line and all boot options except the default are password-protected. All passwords and hashes provided will be stored in /boot/grub/grub.cfg, @@ -180,7 +179,7 @@ in example = "/path/to/file"; default = null; type = with types; uniq (nullOr str); - description = lib.mdDoc '' + description = '' Specifies the path to a file containing the password hash for the account, generated with grub-mkpasswd-pbkdf2. This hash will be stored in /boot/grub/grub.cfg, and will @@ -191,7 +190,7 @@ in example = "grub.pbkdf2.sha512.10000.674DFFDEF76E13EA...2CC972B102CF4355"; default = null; type = with types; uniq (nullOr str); - description = lib.mdDoc '' + description = '' Specifies the password hash for the account, generated with grub-mkpasswd-pbkdf2. This hash will be copied to the Nix store, and will be visible to all local users. @@ -201,7 +200,7 @@ in example = "/path/to/file"; default = null; type = with types; uniq (nullOr str); - description = lib.mdDoc '' + description = '' Specifies the path to a file containing the clear text password for the account. This password will be stored in /boot/grub/grub.cfg, and will @@ -212,7 +211,7 @@ in example = "Pa$$w0rd!"; default = null; type = with types; uniq (nullOr str); - description = lib.mdDoc '' + description = '' Specifies the clear text password for the account. This password will be copied to the Nix store, and will be visible to all local users. ''; @@ -227,7 +226,7 @@ in { path = "/boot1"; devices = [ "/dev/disk/by-id/wwn-0x500001234567890a" ]; } { path = "/boot2"; devices = [ "/dev/disk/by-id/wwn-0x500009876543210a" ]; } ]; - description = lib.mdDoc '' + description = '' Mirror the boot configuration to multiple partitions and install grub to the respective devices corresponding to those partitions. ''; @@ -238,7 +237,7 @@ in path = mkOption { example = "/boot1"; type = types.str; - description = lib.mdDoc '' + description = '' The path to the boot directory where GRUB will be written. Generally this boot path should double as an EFI path. ''; @@ -248,7 +247,7 @@ in default = null; example = "/boot1/efi"; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' The path to the efi system mount point. Usually this is the same partition as the above path and can be left as null. ''; @@ -258,7 +257,7 @@ in default = null; example = "NixOS-fsid"; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' The id of the bootloader to store in efi nvram. The default is to name it NixOS and append the path or efiSysMountPoint. This is only used if `boot.loader.efi.canTouchEfiVariables` is true. @@ -269,7 +268,7 @@ in default = [ ]; example = [ "/dev/disk/by-id/wwn-0x500001234567890a" "/dev/disk/by-id/wwn-0x500009876543210a" ]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' The path to the devices which will have the GRUB MBR written. Note these are typically device paths and not paths to partitions. ''; @@ -283,7 +282,7 @@ in default = ""; example = "Stable 2.6.21"; type = types.str; - description = lib.mdDoc '' + description = '' GRUB entry name instead of default. ''; }; @@ -291,7 +290,7 @@ in storePath = mkOption { default = "/nix/store"; type = types.str; - description = lib.mdDoc '' + description = '' Path to the Nix store when looking for kernels at boot. Only makes sense when copyKernels is false. ''; @@ -300,7 +299,7 @@ in extraPrepareConfig = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Additional bash commands to be run at the script that prepares the GRUB menu entries. ''; @@ -314,7 +313,7 @@ in terminal_output --append serial ''; type = types.lines; - description = lib.mdDoc '' + description = '' Additional GRUB commands inserted in the configuration file just before the menu entries. ''; @@ -324,7 +323,7 @@ in default = [ ]; example = [ "--modules=nativedisk ahci pata part_gpt part_msdos diskfilter mdraid1x lvm ext2" ]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' Additional arguments passed to `grub-install`. A use case for this is to build specific GRUB2 modules @@ -361,7 +360,7 @@ in export GNUPGHOME=$old_gpg_home ''; type = types.lines; - description = lib.mdDoc '' + description = '' Additional shell commands inserted in the bootloader installer script after generating menu entries. ''; @@ -371,7 +370,7 @@ in default = ""; example = "root (hd0)"; type = types.lines; - description = lib.mdDoc '' + description = '' Additional GRUB commands inserted in the configuration file at the start of each NixOS menu entry. ''; @@ -392,7 +391,7 @@ in chainloader /efi/fedora/grubx64.efi } ''; - description = lib.mdDoc '' + description = '' Any additional entries you want added to the GRUB boot menu. ''; }; @@ -400,7 +399,7 @@ in extraEntriesBeforeNixOS = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether extraEntries are included before the default option. ''; }; @@ -411,7 +410,7 @@ in example = literalExpression '' { "memtest.bin" = "''${pkgs.memtest86plus}/memtest.bin"; } ''; - description = lib.mdDoc '' + description = '' A set of files to be copied to {file}`/boot`. Each attribute name denotes the destination file name in {file}`/boot`, while the corresponding @@ -422,7 +421,7 @@ in useOSProber = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' If set to true, append entries for other OSs detected by os-prober. ''; }; @@ -430,7 +429,7 @@ in splashImage = mkOption { type = types.nullOr types.path; example = literalExpression "./my-background.png"; - description = lib.mdDoc '' + description = '' Background image used for GRUB. Set to `null` to run GRUB in text mode. @@ -446,7 +445,7 @@ in type = types.nullOr types.str; example = "#7EBAE4"; default = null; - description = lib.mdDoc '' + description = '' Background color to be used for GRUB to fill the areas the image isn't filling. ''; }; @@ -454,7 +453,7 @@ in timeoutStyle = mkOption { default = "menu"; type = types.enum [ "menu" "countdown" "hidden" ]; - description = lib.mdDoc '' + description = '' - `menu` shows the menu. - `countdown` uses a text-mode countdown. - `hidden` hides GRUB entirely. @@ -476,7 +475,7 @@ in entryOptions = mkOption { default = "--class nixos --unrestricted"; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' Options applied to the primary NixOS menu entry. ''; }; @@ -484,24 +483,24 @@ in subEntryOptions = mkOption { default = "--class nixos"; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' Options applied to the secondary NixOS submenu entry. ''; }; theme = mkOption { type = types.nullOr types.path; - example = literalExpression "pkgs.nixos-grub2-theme"; + example = literalExpression ''"''${pkgs.libsForQt5.breeze-grub}/grub/themes/breeze"''; default = null; - description = lib.mdDoc '' - Grub theme to be used. + description = '' + Path to the grub theme to be used. ''; }; splashMode = mkOption { type = types.enum [ "normal" "stretch" ]; default = "stretch"; - description = lib.mdDoc '' + description = '' Whether to stretch the image or show the image in the top-left corner unstretched. ''; }; @@ -510,7 +509,7 @@ in type = types.nullOr types.path; default = "${realGrub}/share/grub/unicode.pf2"; defaultText = literalExpression ''"''${pkgs.grub2}/share/grub/unicode.pf2"''; - description = lib.mdDoc '' + description = '' Path to a TrueType, OpenType, or pf2 font to be used by Grub. ''; }; @@ -519,7 +518,7 @@ in type = types.nullOr types.int; example = 16; default = null; - description = lib.mdDoc '' + description = '' Font size for the grub menu. Ignored unless `font` is set to a ttf or otf font. ''; @@ -529,7 +528,7 @@ in default = "auto"; example = "1024x768"; type = types.str; - description = lib.mdDoc '' + description = '' The gfxmode to pass to GRUB when loading a graphical boot interface under EFI. ''; }; @@ -538,7 +537,7 @@ in default = "1024x768"; example = "auto"; type = types.str; - description = lib.mdDoc '' + description = '' The gfxmode to pass to GRUB when loading a graphical boot interface under BIOS. ''; }; @@ -547,7 +546,7 @@ in default = "keep"; example = "text"; type = types.str; - description = lib.mdDoc '' + description = '' The gfxpayload to pass to GRUB when loading a graphical boot interface under EFI. ''; }; @@ -556,7 +555,7 @@ in default = "text"; example = "keep"; type = types.str; - description = lib.mdDoc '' + description = '' The gfxpayload to pass to GRUB when loading a graphical boot interface under BIOS. ''; }; @@ -565,7 +564,7 @@ in default = 100; example = 120; type = types.int; - description = lib.mdDoc '' + description = '' Maximum of configurations in boot menu. GRUB has problems when there are too many entries. ''; @@ -574,7 +573,7 @@ in copyKernels = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether the GRUB menu builder should copy kernels and initial ramdisks to /boot. This is done automatically if /boot is on a different partition than /. @@ -585,7 +584,7 @@ in default = "0"; type = types.either types.int types.str; apply = toString; - description = lib.mdDoc '' + description = '' Index of the default menu item to be booted. Can also be set to "saved", which will make GRUB select the menu item that was used at the last boot. @@ -595,7 +594,7 @@ in fsIdentifier = mkOption { default = "uuid"; type = types.enum [ "uuid" "label" "provided" ]; - description = lib.mdDoc '' + description = '' Determines how GRUB will identify devices when generating the configuration file. A value of uuid / label signifies that grub will always resolve the uuid or label of the device before using @@ -609,7 +608,7 @@ in zfsSupport = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether GRUB should be built against libzfs. ''; }; @@ -619,7 +618,7 @@ in internal = true; default = pkgs.zfs; defaultText = literalExpression "pkgs.zfs"; - description = lib.mdDoc '' + description = '' Which ZFS package to use if `config.boot.loader.grub.zfsSupport` is true. ''; }; @@ -627,7 +626,7 @@ in efiSupport = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether GRUB should be built with EFI support. ''; }; @@ -635,7 +634,7 @@ in efiInstallAsRemovable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to invoke `grub-install` with `--removable`. @@ -670,7 +669,7 @@ in enableCryptodisk = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Enable support for encrypted partitions. GRUB should automatically unlock the correct encrypted partition and look for filesystems. ''; @@ -679,7 +678,7 @@ in forceInstall = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to try and forcibly install GRUB even if problems are detected. It is not recommended to enable this unless you know what you are doing. @@ -689,7 +688,7 @@ in forcei686 = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to force the use of a ia32 boot loader on x64 systems. Required to install and run NixOS on 64bit x86 systems with 32bit (U)EFI. ''; diff --git a/nixpkgs/nixos/modules/system/boot/loader/grub/ipxe.nix b/nixpkgs/nixos/modules/system/boot/loader/grub/ipxe.nix index d926b7ceaa6e..8d9ab9966c54 100644 --- a/nixpkgs/nixos/modules/system/boot/loader/grub/ipxe.nix +++ b/nixpkgs/nixos/modules/system/boot/loader/grub/ipxe.nix @@ -27,8 +27,7 @@ in options = { boot.loader.grub.ipxe = mkOption { type = types.attrsOf (types.either types.path types.str); - description = - lib.mdDoc '' + description = '' Set of iPXE scripts available for booting from the GRUB boot menu. ''; diff --git a/nixpkgs/nixos/modules/system/boot/loader/grub/memtest.nix b/nixpkgs/nixos/modules/system/boot/loader/grub/memtest.nix index 8e68431ac571..939d36666d21 100644 --- a/nixpkgs/nixos/modules/system/boot/loader/grub/memtest.nix +++ b/nixpkgs/nixos/modules/system/boot/loader/grub/memtest.nix @@ -16,7 +16,7 @@ in enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Make Memtest86+, a memory testing program, available from the GRUB boot menu. ''; @@ -26,7 +26,7 @@ in default = []; example = [ "console=ttyS0,115200" ]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' Parameters added to the Memtest86+ command line. As of memtest86+ 5.01 the following list of (apparently undocumented) parameters are accepted: diff --git a/nixpkgs/nixos/modules/system/boot/loader/init-script/init-script.nix b/nixpkgs/nixos/modules/system/boot/loader/init-script/init-script.nix index 4d33ed6b665b..0f2a37bdd09f 100644 --- a/nixpkgs/nixos/modules/system/boot/loader/init-script/init-script.nix +++ b/nixpkgs/nixos/modules/system/boot/loader/init-script/init-script.nix @@ -25,7 +25,7 @@ in enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Some systems require a /sbin/init script which is started. Or having it makes starting NixOS easier. This applies to some kind of hosting services and user mode linux. diff --git a/nixpkgs/nixos/modules/system/boot/loader/loader.nix b/nixpkgs/nixos/modules/system/boot/loader/loader.nix index 0e33264271bf..01475f79b9c2 100644 --- a/nixpkgs/nixos/modules/system/boot/loader/loader.nix +++ b/nixpkgs/nixos/modules/system/boot/loader/loader.nix @@ -12,7 +12,7 @@ with lib; boot.loader.timeout = mkOption { default = 5; type = types.nullOr types.int; - description = lib.mdDoc '' + description = '' Timeout (in seconds) until loader boots the default menu item. Use null if the loader menu should be displayed indefinitely. ''; }; diff --git a/nixpkgs/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix b/nixpkgs/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix index 9c9bee93de8a..cf1f37bc62b8 100644 --- a/nixpkgs/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix +++ b/nixpkgs/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix @@ -48,7 +48,7 @@ in enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to create files with the system generations in `/boot`. `/boot/old` will hold files from old generations. @@ -62,14 +62,14 @@ in version = mkOption { default = 2; type = types.enum [ 0 1 2 3 4 ]; - description = lib.mdDoc ""; + description = ""; }; uboot = { enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Enable using uboot as bootmanager for the raspberry pi. ::: {.note} @@ -82,7 +82,7 @@ in default = 20; example = 10; type = types.int; - description = lib.mdDoc '' + description = '' Maximum number of configurations in the boot menu. ::: {.note} @@ -96,7 +96,7 @@ in firmwareConfig = mkOption { default = null; type = types.nullOr types.lines; - description = lib.mdDoc '' + description = '' Extra options that will be appended to `/boot/config.txt` file. For possible values, see: https://www.raspberrypi.com/documentation/computers/config_txt.html diff --git a/nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix b/nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix index ba07506266e2..cee8663f0040 100644 --- a/nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix +++ b/nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix @@ -7,8 +7,22 @@ let efi = config.boot.loader.efi; + # We check the source code in a derivation that does not depend on the + # system configuration so that most users don't have to redo the check and require + # the necessary dependencies. + checkedSource = pkgs.runCommand "systemd-boot" { + preferLocalBuild = true; + } '' + install -m755 -D ${./systemd-boot-builder.py} $out + ${lib.getExe pkgs.buildPackages.mypy} \ + --no-implicit-optional \ + --disallow-untyped-calls \ + --disallow-untyped-defs \ + $out + ''; + systemdBootBuilder = pkgs.substituteAll rec { - src = ./systemd-boot-builder.py; + src = checkedSource; isExecutable = true; @@ -66,19 +80,9 @@ let ''; }; - checkedSystemdBootBuilder = pkgs.runCommand "systemd-boot" { } '' - mkdir -p $out/bin - install -m755 ${systemdBootBuilder} $out/bin/systemd-boot-builder - ${lib.getExe pkgs.buildPackages.mypy} \ - --no-implicit-optional \ - --disallow-untyped-calls \ - --disallow-untyped-defs \ - $out/bin/systemd-boot-builder - ''; - finalSystemdBootBuilder = pkgs.writeScript "install-systemd-boot.sh" '' #!${pkgs.runtimeShell} - ${checkedSystemdBootBuilder}/bin/systemd-boot-builder "$@" + ${systemdBootBuilder} "$@" ${cfg.extraInstallCommands} ''; in { @@ -105,7 +109,7 @@ in { type = types.bool; - description = lib.mdDoc '' + description = '' Whether to enable the systemd-boot (formerly gummiboot) EFI boot manager. For more information about systemd-boot: https://www.freedesktop.org/wiki/Software/systemd/systemd-boot/ @@ -146,7 +150,7 @@ in { type = types.bool; - description = lib.mdDoc '' + description = '' Whether to allow editing the kernel command-line before boot. It is recommended to set this to false, as it allows gaining root access by passing init=/bin/sh as a kernel @@ -158,7 +162,7 @@ in { xbootldrMountPoint = mkOption { default = null; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' Where the XBOOTLDR partition is mounted. If set, this partition will be used as $BOOT to store boot loader entries and extra files @@ -171,7 +175,7 @@ in { default = null; example = 120; type = types.nullOr types.int; - description = lib.mdDoc '' + description = '' Maximum number of latest generations in the boot menu. Useful to prevent boot partition running out of disk space. @@ -188,7 +192,7 @@ in { sed -i "s|@INIT@|$init_value|g" /boot/custom/config_with_placeholder.conf ''; type = types.lines; - description = lib.mdDoc '' + description = '' Additional shell commands inserted in the bootloader installer script after generating menu entries. It can be used to expand on extra boot entries that cannot incorporate certain pieces of @@ -201,7 +205,7 @@ in { type = types.enum [ "0" "1" "2" "auto" "max" "keep" ]; - description = lib.mdDoc '' + description = '' The resolution of the console. The following values are valid: - `"0"`: Standard UEFI 80x25 mode @@ -217,7 +221,7 @@ in { enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Make Memtest86+ available from the systemd-boot menu. Memtest86+ is a program for testing memory. ''; @@ -226,7 +230,7 @@ in { sortKey = mkOption { default = "o_memtest86"; type = types.str; - description = lib.mdDoc '' + description = '' `systemd-boot` orders the menu entries by their sort keys, so if you want something to appear after all the NixOS entries, it should start with {file}`o` or onwards. @@ -240,7 +244,7 @@ in { enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Make `netboot.xyz` available from the `systemd-boot` menu. `netboot.xyz` is a menu system that allows you to boot OS installers and @@ -251,7 +255,7 @@ in { sortKey = mkOption { default = "o_netbootxyz"; type = types.str; - description = lib.mdDoc '' + description = '' `systemd-boot` orders the menu entries by their sort keys, so if you want something to appear after all the NixOS entries, it should start with {file}`o` or onwards. @@ -271,7 +275,7 @@ in { sort-key z_memtest '''; } ''; - description = lib.mdDoc '' + description = '' Any additional entries you want added to the `systemd-boot` menu. These entries will be copied to {file}`$BOOT/loader/entries`. Each attribute name denotes the destination file name, @@ -290,7 +294,7 @@ in { example = literalExpression '' { "efi/memtest86/memtest.efi" = "''${pkgs.memtest86plus}/memtest.efi"; } ''; - description = lib.mdDoc '' + description = '' A set of files to be copied to {file}`$BOOT`. Each attribute name denotes the destination file name in {file}`$BOOT`, while the corresponding @@ -303,7 +307,7 @@ in { type = types.bool; - description = lib.mdDoc '' + description = '' Invoke `bootctl install` with the `--graceful` option, which ignores errors when EFI variables cannot be written or when the EFI System Partition cannot be found. Currently only applies to random seed operations. diff --git a/nixpkgs/nixos/modules/system/boot/luksroot.nix b/nixpkgs/nixos/modules/system/boot/luksroot.nix index 3020734783e7..65190e65d9b9 100644 --- a/nixpkgs/nixos/modules/system/boot/luksroot.nix +++ b/nixpkgs/nixos/modules/system/boot/luksroot.nix @@ -536,7 +536,7 @@ in boot.initrd.luks.mitigateDMAAttacks = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Unless enabled, encryption keys can be easily recovered by an attacker with physical access to any machine with PCMCIA, ExpressCard, ThunderBolt or FireWire port. More information is available at <https://en.wikipedia.org/wiki/DMA_attack>. @@ -553,7 +553,7 @@ in "serpent" "cbc" "xts" "lrw" "sha1" "sha256" "sha512" "af_alg" "algif_skcipher" ]; - description = lib.mdDoc '' + description = '' A list of cryptographic kernel modules needed to decrypt the root device(s). The default includes all common modules. ''; @@ -563,7 +563,7 @@ in type = types.bool; default = false; internal = true; - description = lib.mdDoc '' + description = '' Whether to configure luks support in the initrd, when no luks devices are configured. ''; @@ -572,7 +572,7 @@ in boot.initrd.luks.reusePassphrases = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' When opening a new LUKS device try reusing last successful passphrase. @@ -588,7 +588,7 @@ in boot.initrd.luks.devices = mkOption { default = { }; example = { luksroot.device = "/dev/disk/by-uuid/430e9eff-d852-4f68-aa3b-2fa3599ebe08"; }; - description = lib.mdDoc '' + description = '' The encrypted disk that should be opened before the root filesystem is mounted. Both LVM-over-LUKS and LUKS-over-LVM setups are supported. The unencrypted devices can be accessed as @@ -603,20 +603,20 @@ in default = name; example = "luksroot"; type = types.str; - description = lib.mdDoc "Name of the unencrypted device in {file}`/dev/mapper`."; + description = "Name of the unencrypted device in {file}`/dev/mapper`."; }; device = mkOption { example = "/dev/disk/by-uuid/430e9eff-d852-4f68-aa3b-2fa3599ebe08"; type = types.str; - description = lib.mdDoc "Path of the underlying encrypted block device."; + description = "Path of the underlying encrypted block device."; }; header = mkOption { default = null; example = "/root/header.img"; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' The name of the file or block device that should be used as header for the encrypted device. ''; @@ -626,7 +626,7 @@ in default = null; example = "/dev/sdb1"; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' The name of the file (can be a raw device or a partition) that should be used as the decryption key for the encrypted device. If not specified, you will be prompted for a passphrase instead. @@ -636,7 +636,7 @@ in tryEmptyPassphrase = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' If keyFile fails then try an empty passphrase first before prompting for password. ''; @@ -646,7 +646,7 @@ in default = null; example = 5; type = types.nullOr types.int; - description = lib.mdDoc '' + description = '' The amount of time in seconds for a keyFile to appear before timing out and trying passwords. ''; @@ -656,7 +656,7 @@ in default = null; example = 4096; type = types.nullOr types.int; - description = lib.mdDoc '' + description = '' The size of the key file. Use this if only the beginning of the key file should be used as a key (often the case if a raw device or partition is used as key file). If not specified, the whole @@ -669,7 +669,7 @@ in default = null; example = 4096; type = types.nullOr types.int; - description = lib.mdDoc '' + description = '' The offset of the key file. Use this in combination with `keyFileSize` to use part of a file as key file (often the case if a raw device or partition is used as a key file). @@ -682,13 +682,13 @@ in preLVM = mkOption { default = true; type = types.bool; - description = lib.mdDoc "Whether the luksOpen will be attempted before LVM scan or after it."; + description = "Whether the luksOpen will be attempted before LVM scan or after it."; }; allowDiscards = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to allow TRIM requests to the underlying device. This option has security implications; please read the LUKS documentation before activating it. @@ -700,7 +700,7 @@ in bypassWorkqueues = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to bypass dm-crypt's internal read and write workqueues. Enabling this should improve performance on SSDs; see [here](https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#Disable_workqueue_for_increased_solid_state_drive_(SSD)_performance) @@ -711,7 +711,7 @@ in fallbackToPassword = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to fallback to interactive passphrase prompt if the keyfile cannot be found. This will prevent unattended boot should the keyfile go missing. @@ -720,7 +720,7 @@ in gpgCard = mkOption { default = null; - description = lib.mdDoc '' + description = '' The option to use this LUKS device with a GPG encrypted luks password by the GPG Smartcard. If null (the default), GPG-Smartcard will be disabled for this device. ''; @@ -730,17 +730,17 @@ in gracePeriod = mkOption { default = 10; type = types.int; - description = lib.mdDoc "Time in seconds to wait for the GPG Smartcard."; + description = "Time in seconds to wait for the GPG Smartcard."; }; encryptedPass = mkOption { type = types.path; - description = lib.mdDoc "Path to the GPG encrypted passphrase."; + description = "Path to the GPG encrypted passphrase."; }; publicKey = mkOption { type = types.path; - description = lib.mdDoc "Path to the Public Key."; + description = "Path to the Public Key."; }; }; }); @@ -751,14 +751,14 @@ in default = null; example = "f1d00200d8dc783f7fb1e10ace8da27f8312d72692abfca2f7e4960a73f48e82e1f7571f6ebfcee9fb434f9886ccc8fcc52a6614d8d2"; type = types.nullOr types.str; - description = lib.mdDoc "The FIDO2 credential ID."; + description = "The FIDO2 credential ID."; }; credentials = mkOption { default = []; example = [ "f1d00200d8dc783f7fb1e10ace8da27f8312d72692abfca2f7e4960a73f48e82e1f7571f6ebfcee9fb434f9886ccc8fcc52a6614d8d2" ]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' List of FIDO2 credential IDs. Use this if you have multiple FIDO2 keys you want to use for the same luks device. @@ -768,13 +768,13 @@ in gracePeriod = mkOption { default = 10; type = types.int; - description = lib.mdDoc "Time in seconds to wait for the FIDO2 key."; + description = "Time in seconds to wait for the FIDO2 key."; }; passwordLess = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Defines whatever to use an empty string as a default salt. Enable only when your device is PIN protected, such as [Trezor](https://trezor.io/). @@ -784,7 +784,7 @@ in yubikey = mkOption { default = null; - description = lib.mdDoc '' + description = '' The options to use for this LUKS device in YubiKey-PBA. If null (the default), YubiKey-PBA will be disabled for this device. ''; @@ -794,37 +794,37 @@ in twoFactor = mkOption { default = true; type = types.bool; - description = lib.mdDoc "Whether to use a passphrase and a YubiKey (true), or only a YubiKey (false)."; + description = "Whether to use a passphrase and a YubiKey (true), or only a YubiKey (false)."; }; slot = mkOption { default = 2; type = types.int; - description = lib.mdDoc "Which slot on the YubiKey to challenge."; + description = "Which slot on the YubiKey to challenge."; }; saltLength = mkOption { default = 16; type = types.int; - description = lib.mdDoc "Length of the new salt in byte (64 is the effective maximum)."; + description = "Length of the new salt in byte (64 is the effective maximum)."; }; keyLength = mkOption { default = 64; type = types.int; - description = lib.mdDoc "Length of the LUKS slot key derived with PBKDF2 in byte."; + description = "Length of the LUKS slot key derived with PBKDF2 in byte."; }; iterationStep = mkOption { default = 0; type = types.int; - description = lib.mdDoc "How much the iteration count for PBKDF2 is increased at each successful authentication."; + description = "How much the iteration count for PBKDF2 is increased at each successful authentication."; }; gracePeriod = mkOption { default = 10; type = types.int; - description = lib.mdDoc "Time in seconds to wait for the YubiKey."; + description = "Time in seconds to wait for the YubiKey."; }; /* TODO: Add to the documentation of the current module: @@ -835,7 +835,7 @@ in device = mkOption { default = "/dev/sda1"; type = types.path; - description = lib.mdDoc '' + description = '' An unencrypted device that will temporarily be mounted in stage-1. Must contain the current salt to create the challenge for this LUKS device. ''; @@ -844,13 +844,13 @@ in fsType = mkOption { default = "vfat"; type = types.str; - description = lib.mdDoc "The filesystem of the unencrypted device."; + description = "The filesystem of the unencrypted device."; }; path = mkOption { default = "/crypt-storage/default"; type = types.str; - description = lib.mdDoc '' + description = '' Absolute path of the salt on the unencrypted device with that device's root directory as "/". ''; @@ -867,7 +867,7 @@ in mkdir -p /tmp/persistent mount -t zfs rpool/safe/persistent /tmp/persistent ''; - description = lib.mdDoc '' + description = '' Commands that should be run right before we try to mount our LUKS device. This can be useful, if the keys needed to open the drive is on another partition. ''; @@ -879,7 +879,7 @@ in example = '' umount /tmp/persistent ''; - description = lib.mdDoc '' + description = '' Commands that should be run right after we have mounted our LUKS device. ''; }; @@ -889,7 +889,7 @@ in default = []; example = [ "_netdev" ]; visible = false; - description = lib.mdDoc '' + description = '' Only used with systemd stage 1. Extra options to append to the last column of the generated crypttab file. @@ -915,7 +915,7 @@ in boot.initrd.luks.gpgSupport = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Enables support for authenticating with a GPG encrypted password. ''; }; @@ -923,7 +923,7 @@ in boot.initrd.luks.yubikeySupport = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Enables support for authenticating with a YubiKey on LUKS devices. See the NixOS wiki for information on how to properly setup a LUKS device and a YubiKey to work with this feature. @@ -933,7 +933,7 @@ in boot.initrd.luks.fido2Support = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Enables support for authenticating with FIDO2 devices. ''; }; diff --git a/nixpkgs/nixos/modules/system/boot/modprobe.nix b/nixpkgs/nixos/modules/system/boot/modprobe.nix index d751c4462d3f..f0ced41fec4c 100644 --- a/nixpkgs/nixos/modules/system/boot/modprobe.nix +++ b/nixpkgs/nixos/modules/system/boot/modprobe.nix @@ -7,7 +7,7 @@ with lib; ###### interface options = { - boot.modprobeConfig.enable = mkEnableOption (lib.mdDoc "modprobe config. This is useful for systems like containers which do not require a kernel") // { + boot.modprobeConfig.enable = mkEnableOption "modprobe config. This is useful for systems like containers which do not require a kernel" // { default = true; }; @@ -15,7 +15,7 @@ with lib; type = types.listOf types.str; default = []; example = [ "cirrusfb" "i2c_piix4" ]; - description = lib.mdDoc '' + description = '' List of names of kernel modules that should not be loaded automatically by the hardware probing code. ''; @@ -27,7 +27,7 @@ with lib; '' options parport_pc io=0x378 irq=7 dma=1 ''; - description = lib.mdDoc '' + description = '' Any additional configuration to be appended to the generated {file}`modprobe.conf`. This is typically used to specify module options. See diff --git a/nixpkgs/nixos/modules/system/boot/networkd.nix b/nixpkgs/nixos/modules/system/boot/networkd.nix index 9b0d750d12ce..bb899c8d8999 100644 --- a/nixpkgs/nixos/modules/system/boot/networkd.nix +++ b/nixpkgs/nixos/modules/system/boot/networkd.nix @@ -186,6 +186,37 @@ let (assertNetdevMacAddress "MACAddress") ]; + sectionBridge = checkUnitConfig "Bridge" [ + (assertOnlyFields [ + "HelloTimeSec" + "MaxAgeSec" + "ForwardDelaySec" + "AgeingTimeSec" + "Priority" + "GroupForwardMask" + "DefaultPVID" + "MulticastQuerier" + "MulticastSnooping" + "VLANFiltering" + "VLANProtocol" + "STP" + "MulticastIGMPVersion" + ]) + (assertInt "HelloTimeSec") + (assertInt "MaxAgeSec") + (assertInt "ForwardDelaySec") + (assertInt "AgeingTimeSec") + (assertRange "Priority" 0 65535) + (assertRange "GroupForwardMask" 0 65535) + (assertRangeOrOneOf "DefaultPVID" 0 4094 ["none"]) + (assertValueOneOf "MulticastQuerier" boolValues) + (assertValueOneOf "MulticastSnooping" boolValues) + (assertValueOneOf "VLANFiltering" boolValues) + (assertValueOneOf "VLANProtocol" ["802.1q" "802.ad"]) + (assertValueOneOf "STP" boolValues) + (assertValueOneOf "MulticastIGMPVersion" [2 3]) + ]; + sectionVLAN = checkUnitConfig "VLAN" [ (assertOnlyFields [ "Id" @@ -1508,7 +1539,7 @@ let enable = mkOption { default = true; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to manage network configuration using {command}`systemd-network`. This also enables {option}`systemd.networkd.enable`. @@ -1519,7 +1550,7 @@ let default = {}; example = { Name = "eth0"; }; type = types.attrsOf unitOption; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[Match]` section of the unit. See {manpage}`systemd.link(5)` @@ -1532,7 +1563,7 @@ let extraConfig = mkOption { default = ""; type = types.lines; - description = lib.mdDoc "Extra configuration append to unit"; + description = "Extra configuration append to unit"; }; }; @@ -1541,7 +1572,7 @@ let default = {}; example = { SpeedMeter = true; ManageForeignRoutingPolicyRules = false; }; type = types.addCheck (types.attrsOf unitOption) check.global.sectionNetwork; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[Network]` section of the networkd config. See {manpage}`networkd.conf(5)` for details. @@ -1552,7 +1583,7 @@ let default = {}; example = { DUIDType = "vendor"; }; type = types.addCheck (types.attrsOf unitOption) check.global.sectionDHCPv4; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[DHCPv4]` section of the networkd config. See {manpage}`networkd.conf(5)` for details. @@ -1563,7 +1594,7 @@ let default = {}; example = { DUIDType = "vendor"; }; type = types.addCheck (types.attrsOf unitOption) check.global.sectionDHCPv6; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[DHCPv6]` section of the networkd config. See {manpage}`networkd.conf(5)` for details. @@ -1576,7 +1607,7 @@ let enable = mkOption { default = true; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to enable this .link unit. It's handled by udev no matter if {command}`systemd-networkd` is enabled or not ''; }; @@ -1585,7 +1616,7 @@ let default = {}; example = { MACAddress = "00:ff:ee:aa:cc:dd"; }; type = types.addCheck (types.attrsOf unitOption) check.link.sectionLink; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[Link]` section of the unit. See {manpage}`systemd.link(5)` for details. @@ -1600,7 +1631,7 @@ let l2tpSessionConfig = mkOption { default = {}; type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionL2TPSession; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[L2TPSession]` section of the unit. See {manpage}`systemd.netdev(5)` for details. @@ -1614,7 +1645,7 @@ let wireguardPeerConfig = mkOption { default = {}; type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionWireGuardPeer; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[WireGuardPeer]` section of the unit. See {manpage}`systemd.netdev(5)` for details. @@ -1628,18 +1659,29 @@ let netdevConfig = mkOption { example = { Name = "mybridge"; Kind = "bridge"; }; type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionNetdev; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[Netdev]` section of the unit. See {manpage}`systemd.netdev(5)` for details. ''; }; + bridgeConfig = mkOption { + default = {}; + example = { STP = true; }; + type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionBridge; + description = '' + Each attribute in this set specifies an option in the + `[Bridge]` section of the unit. See + {manpage}`systemd.netdev(5)` for details. + ''; + }; + vlanConfig = mkOption { default = {}; example = { Id = 4; }; type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionVLAN; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[VLAN]` section of the unit. See {manpage}`systemd.netdev(5)` for details. @@ -1650,7 +1692,7 @@ let default = {}; example = { Mode = "L2"; Flags = "private"; }; type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionIPVLAN; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[IPVLAN]` section of the unit. See {manpage}`systemd.netdev(5)` for details. ''; @@ -1660,7 +1702,7 @@ let default = {}; example = { Mode = "L3"; Flags = "vepa"; }; type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionIPVTAP; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[IPVTAP]` section of the unit. See {manpage}`systemd.netdev(5)` for details. ''; @@ -1670,7 +1712,7 @@ let default = {}; example = { Mode = "private"; }; type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionMACVLAN; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[MACVLAN]` section of the unit. See {manpage}`systemd.netdev(5)` for details. @@ -1680,7 +1722,7 @@ let vxlanConfig = mkOption { default = {}; type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionVXLAN; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[VXLAN]` section of the unit. See {manpage}`systemd.netdev(5)` for details. @@ -1691,7 +1733,7 @@ let default = {}; example = { Remote = "192.168.1.1"; }; type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionTunnel; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[Tunnel]` section of the unit. See {manpage}`systemd.netdev(5)` for details. @@ -1702,7 +1744,7 @@ let default = { }; example = { Port = 9001; }; type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionFooOverUDP; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[FooOverUDP]` section of the unit. See {manpage}`systemd.netdev(5)` for details. @@ -1713,7 +1755,7 @@ let default = {}; example = { Name = "veth2"; }; type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionPeer; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[Peer]` section of the unit. See {manpage}`systemd.netdev(5)` for details. @@ -1724,7 +1766,7 @@ let default = {}; example = { User = "openvpn"; }; type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionTun; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[Tun]` section of the unit. See {manpage}`systemd.netdev(5)` for details. @@ -1735,7 +1777,7 @@ let default = {}; example = { User = "openvpn"; }; type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionTap; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[Tap]` section of the unit. See {manpage}`systemd.netdev(5)` for details. @@ -1752,7 +1794,7 @@ let EncapsulationType = "ip"; }; type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionL2TP; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[L2TP]` section of the unit. See {manpage}`systemd.netdev(5)` for details. @@ -1767,7 +1809,7 @@ let Name = "l2tp-sess"; };}]; type = with types; listOf (submodule l2tpSessionOptions); - description = lib.mdDoc '' + description = '' Each item in this array specifies an option in the `[L2TPSession]` section of the unit. See {manpage}`systemd.netdev(5)` for details. @@ -1782,7 +1824,7 @@ let FirewallMark = 42; }; type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionWireGuard; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[WireGuard]` section of the unit. See {manpage}`systemd.netdev(5)` for details. @@ -1802,7 +1844,7 @@ let PersistentKeepalive = 15; };}]; type = with types; listOf (submodule wireguardPeerOptions); - description = lib.mdDoc '' + description = '' Each item in this array specifies an option in the `[WireGuardPeer]` section of the unit. See {manpage}`systemd.netdev(5)` for details. @@ -1816,7 +1858,7 @@ let default = {}; example = { Mode = "802.3ad"; }; type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionBond; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[Bond]` section of the unit. See {manpage}`systemd.netdev(5)` for details. @@ -1827,7 +1869,7 @@ let default = {}; example = { InterfaceId = 1; }; type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionXfrm; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[Xfrm]` section of the unit. See {manpage}`systemd.netdev(5)` for details. @@ -1838,7 +1880,7 @@ let default = {}; example = { Table = 2342; }; type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionVRF; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[VRF]` section of the unit. See {manpage}`systemd.netdev(5)` for details. @@ -1851,7 +1893,7 @@ let default = {}; example = { PhysicalDevice = 0; Type = "station"; }; type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionWLAN; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[WLAN]` section of the unit. See {manpage}`systemd.netdev(5)` for details. ''; @@ -1864,7 +1906,7 @@ let RoutingAlgorithm = "batman-v"; }; type = types.addCheck (types.attrsOf unitOption) check.netdev.sectionBatmanAdvanced; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[BatmanAdvanced]` section of the unit. See {manpage}`systemd.netdev(5)` for details. @@ -1878,7 +1920,7 @@ let addressConfig = mkOption { example = { Address = "192.168.0.100/24"; }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionAddress; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[Address]` section of the unit. See {manpage}`systemd.network(5)` for details. @@ -1893,7 +1935,7 @@ let default = { }; example = { Table = 10; IncomingInterface = "eth1"; Family = "both"; }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionRoutingPolicyRule; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[RoutingPolicyRule]` section of the unit. See {manpage}`systemd.network(5)` for details. @@ -1908,7 +1950,7 @@ let default = {}; example = { Gateway = "192.168.0.1"; }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionRoute; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[Route]` section of the unit. See {manpage}`systemd.network(5)` for details. @@ -1923,7 +1965,7 @@ let default = {}; example = { Prefix = "fd00::/64"; }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPv6Prefix; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[IPv6Prefix]` section of the unit. See {manpage}`systemd.network(5)` for details. @@ -1938,7 +1980,7 @@ let default = {}; example = { Route = "fd00::/64"; }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPv6RoutePrefix; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[IPv6RoutePrefix]` section of the unit. See {manpage}`systemd.network(5)` for details. @@ -1953,7 +1995,7 @@ let default = {}; example = { MACAddress = "65:43:4a:5b:d8:5f"; Address = "192.168.1.42"; }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPServerStaticLease; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[DHCPServerStaticLease]` section of the unit. See {manpage}`systemd.network(5)` for details. @@ -1971,7 +2013,7 @@ let default = {}; example = { MACAddress = "65:43:4a:5b:d8:5f"; Destination = "192.168.1.42"; VNI = 20; }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionBridgeFDB; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[BridgeFDB]` section of the unit. See {manpage}`systemd.network(5)` for details. @@ -1986,7 +2028,7 @@ let default = {}; example = { MulticastGroupAddress = "ff02::1:2:3:4"; VLANId = 10; }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionBridgeMDB; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[BridgeMDB]` section of the unit. See {manpage}`systemd.network(5)` for details. @@ -2001,7 +2043,7 @@ let default = {}; example = { VLAN = 20; }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionBridgeVLAN; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[BridgeVLAN]` section of the unit. See {manpage}`systemd.network(5)` for details. @@ -2016,7 +2058,7 @@ let default = {}; example = { Unmanaged = true; }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionLink; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[Link]` section of the unit. See {manpage}`systemd.network(5)` for details. @@ -2027,7 +2069,7 @@ let default = {}; example = { Description = "My Network"; }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionNetwork; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[Network]` section of the unit. See {manpage}`systemd.network(5)` for details. @@ -2045,7 +2087,7 @@ let default = {}; example = { UseDNS = true; UseRoutes = true; }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPv4; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[DHCPv4]` section of the unit. See {manpage}`systemd.network(5)` for details. @@ -2056,7 +2098,7 @@ let default = {}; example = { UseDNS = true; }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPv6; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[DHCPv6]` section of the unit. See {manpage}`systemd.network(5)` for details. @@ -2072,7 +2114,7 @@ let default = {}; example = { SubnetId = "auto"; Announce = true; }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPPrefixDelegation; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[DHCPPrefixDelegation]` section of the unit. See {manpage}`systemd.network(5)` for details. @@ -2083,7 +2125,7 @@ let default = {}; example = { UseDNS = true; DHCPv6Client = "always"; }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPv6AcceptRA; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[IPv6AcceptRA]` section of the unit. See {manpage}`systemd.network(5)` for details. @@ -2094,7 +2136,7 @@ let default = {}; example = { PoolOffset = 50; EmitDNS = false; }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionDHCPServer; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[DHCPServer]` section of the unit. See {manpage}`systemd.network(5)` for details. @@ -2112,7 +2154,7 @@ let default = {}; example = { EmitDNS = true; Managed = true; OtherInformation = true; }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPv6SendRA; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[IPv6SendRA]` section of the unit. See {manpage}`systemd.network(5)` for details. @@ -2123,7 +2165,7 @@ let default = []; example = [ { dhcpServerStaticLeaseConfig = { MACAddress = "65:43:4a:5b:d8:5f"; Address = "192.168.1.42"; }; } ]; type = with types; listOf (submodule dhcpServerStaticLeaseOptions); - description = lib.mdDoc '' + description = '' A list of DHCPServerStaticLease sections to be added to the unit. See {manpage}`systemd.network(5)` for details. ''; @@ -2133,7 +2175,7 @@ let default = []; example = [ { ipv6PrefixConfig = { AddressAutoconfiguration = true; OnLink = true; }; } ]; type = with types; listOf (submodule ipv6PrefixOptions); - description = lib.mdDoc '' + description = '' A list of ipv6Prefix sections to be added to the unit. See {manpage}`systemd.network(5)` for details. ''; @@ -2143,7 +2185,7 @@ let default = []; example = [ { ipv6RoutePrefixConfig = { Route = "fd00::/64"; LifetimeSec = 3600; }; } ]; type = with types; listOf (submodule ipv6RoutePrefixOptions); - description = lib.mdDoc '' + description = '' A list of ipv6RoutePrefix sections to be added to the unit. See {manpage}`systemd.network(5)` for details. ''; @@ -2153,7 +2195,7 @@ let default = {}; example = { MulticastFlood = false; Cost = 20; }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionBridge; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[Bridge]` section of the unit. See {manpage}`systemd.network(5)` for details. @@ -2164,7 +2206,7 @@ let default = []; example = [ { bridgeFDBConfig = { MACAddress = "90:e2:ba:43:fc:71"; Destination = "192.168.100.4"; VNI = 3600; }; } ]; type = with types; listOf (submodule bridgeFDBOptions); - description = lib.mdDoc '' + description = '' A list of BridgeFDB sections to be added to the unit. See {manpage}`systemd.network(5)` for details. ''; @@ -2174,7 +2216,7 @@ let default = []; example = [ { bridgeMDBConfig = { MulticastGroupAddress = "ff02::1:2:3:4"; VLANId = 10; } ; } ]; type = with types; listOf (submodule bridgeMDBOptions); - description = lib.mdDoc '' + description = '' A list of BridgeMDB sections to be added to the unit. See {manpage}`systemd.network(5)` for details. ''; @@ -2184,7 +2226,7 @@ let default = {}; example = { MUDURL = "https://things.example.org/product_abc123/v5"; }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionLLDP; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[LLDP]` section of the unit. See {manpage}`systemd.network(5)` for details. @@ -2195,7 +2237,7 @@ let default = {}; example = { }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionCAN; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[CAN]` section of the unit. See {manpage}`systemd.network(5)` for details. @@ -2206,7 +2248,7 @@ let default = {}; example = { }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionIPoIB; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[IPoIB]` section of the unit. See {manpage}`systemd.network(5)` for details. @@ -2217,7 +2259,7 @@ let default = {}; example = { Parent = "ingress"; }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionQDisc; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[QDisc]` section of the unit. See {manpage}`systemd.network(5)` for details. @@ -2228,7 +2270,7 @@ let default = {}; example = { Parent = "ingress"; DelaySec = "20msec"; }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionNetworkEmulator; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[NetworkEmulator]` section of the unit. See {manpage}`systemd.network(5)` for details. @@ -2239,7 +2281,7 @@ let default = {}; example = { Parent = "ingress"; Rate = "100k"; }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionTokenBucketFilter; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[TokenBucketFilter]` section of the unit. See {manpage}`systemd.network(5)` for details. @@ -2250,7 +2292,7 @@ let default = {}; example = { Parent = "ingress"; PacketLimit = "3847"; }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionPIE; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[PIE]` section of the unit. See {manpage}`systemd.network(5)` for details. @@ -2261,7 +2303,7 @@ let default = {}; example = { Parent = "ingress"; PacketLimit = "3847"; }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionFlowQueuePIE; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[FlowQueuePIE]` section of the unit. See {manpage}`systemd.network(5)` for details. @@ -2272,7 +2314,7 @@ let default = {}; example = { Parent = "ingress"; PacketLimit = "3847"; }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionStochasticFairBlue; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[StochasticFairBlue]` section of the unit. See {manpage}`systemd.network(5)` for details. @@ -2283,7 +2325,7 @@ let default = {}; example = { Parent = "ingress"; PerturbPeriodSec = "30"; }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionStochasticFairnessQueueing; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[StochasticFairnessQueueing]` section of the unit. See {manpage}`systemd.network(5)` for details. @@ -2294,7 +2336,7 @@ let default = {}; example = { Parent = "ingress"; LimitBytes = "20K"; }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionBFIFO; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[BFIFO]` section of the unit. See {manpage}`systemd.network(5)` for details. @@ -2305,7 +2347,7 @@ let default = {}; example = { Parent = "ingress"; PacketLimit = "300"; }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionPFIFO; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[PFIFO]` section of the unit. See {manpage}`systemd.network(5)` for details. @@ -2316,7 +2358,7 @@ let default = {}; example = { Parent = "ingress"; PacketLimit = "300"; }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionPFIFOHeadDrop; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[PFIFOHeadDrop]` section of the unit. See {manpage}`systemd.network(5)` for details. @@ -2327,7 +2369,7 @@ let default = {}; example = { Parent = "ingress"; }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionPFIFOFast; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[PFIFOFast]` section of the unit. See {manpage}`systemd.network(5)` for details. @@ -2338,7 +2380,7 @@ let default = {}; example = { Bandwidth = "40M"; OverheadBytes = 8; CompensationMode = "ptm"; }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionCAKE; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[CAKE]` section of the unit. See {manpage}`systemd.network(5)` for details. @@ -2349,7 +2391,7 @@ let default = {}; example = { Parent = "ingress"; TargetSec = "20msec"; }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionControlledDelay; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[ControlledDelay]` section of the unit. See {manpage}`systemd.network(5)` for details. @@ -2360,7 +2402,7 @@ let default = {}; example = { Parent = "root"; }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionDeficitRoundRobinScheduler; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[DeficitRoundRobinScheduler]` section of the unit. See {manpage}`systemd.network(5)` for details. @@ -2371,7 +2413,7 @@ let default = {}; example = { Parent = "root"; QuantumBytes = "300k"; }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionDeficitRoundRobinSchedulerClass; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[DeficitRoundRobinSchedulerClass]` section of the unit. See {manpage}`systemd.network(5)` for details. @@ -2382,7 +2424,7 @@ let default = {}; example = { Parent = "root"; QuantumBytes = "300k"; Bands = 3; PriorityMap = "100 200 300"; }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionEnhancedTransmissionSelection; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[EnhancedTransmissionSelection]` section of the unit. See {manpage}`systemd.network(5)` for details. @@ -2393,7 +2435,7 @@ let default = {}; example = { Parent = "root"; VirtualQueues = 5; DefaultVirtualQueue = 3; }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionGenericRandomEarlyDetection; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[GenericRandomEarlyDetection]` section of the unit. See {manpage}`systemd.network(5)` for details. @@ -2404,7 +2446,7 @@ let default = {}; example = { Parent = "root"; Flows = 5; }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionFairQueueingControlledDelay; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[FairQueueingControlledDelay]` section of the unit. See {manpage}`systemd.network(5)` for details. @@ -2415,7 +2457,7 @@ let default = {}; example = { Parent = "root"; FlowLimit = 5; }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionFairQueueing; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[FairQueueing]` section of the unit. See {manpage}`systemd.network(5)` for details. @@ -2426,7 +2468,7 @@ let default = {}; example = { Parent = "root"; Id = 0; }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionTrivialLinkEqualizer; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[TrivialLinkEqualizer]` section of the unit. See {manpage}`systemd.network(5)` for details. @@ -2437,7 +2479,7 @@ let default = {}; example = { Parent = "root"; }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionHierarchyTokenBucket; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[HierarchyTokenBucket]` section of the unit. See {manpage}`systemd.network(5)` for details. @@ -2448,7 +2490,7 @@ let default = {}; example = { Parent = "root"; Rate = "10M"; }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionHierarchyTokenBucketClass; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[HierarchyTokenBucketClass]` section of the unit. See {manpage}`systemd.network(5)` for details. @@ -2459,7 +2501,7 @@ let default = {}; example = { Parent = "root"; PacketLimit = 10000; }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionHeavyHitterFilter; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[HeavyHitterFilter]` section of the unit. See {manpage}`systemd.network(5)` for details. @@ -2470,7 +2512,7 @@ let default = {}; example = { Parent = "root"; }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionQuickFairQueueing; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[QuickFairQueueing]` section of the unit. See {manpage}`systemd.network(5)` for details. @@ -2481,7 +2523,7 @@ let default = {}; example = { Parent = "root"; Weight = 133; }; type = types.addCheck (types.attrsOf unitOption) check.network.sectionQuickFairQueueingClass; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[QuickFairQueueingClass]` section of the unit. See {manpage}`systemd.network(5)` for details. @@ -2492,7 +2534,7 @@ let default = []; example = [ { bridgeVLANConfig = { VLAN = "10-20"; }; } ]; type = with types; listOf (submodule bridgeVLANOptions); - description = lib.mdDoc '' + description = '' A list of BridgeVLAN sections to be added to the unit. See {manpage}`systemd.network(5)` for details. ''; @@ -2501,7 +2543,7 @@ let name = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The name of the network interface to match against. ''; }; @@ -2509,7 +2551,7 @@ let DHCP = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Whether to enable DHCP on the interfaces matched. ''; }; @@ -2517,7 +2559,7 @@ let domains = mkOption { type = types.nullOr (types.listOf types.str); default = null; - description = lib.mdDoc '' + description = '' A list of domains to pass to the network config. ''; }; @@ -2525,7 +2567,7 @@ let address = mkOption { default = [ ]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' A list of addresses to be added to the network section of the unit. See {manpage}`systemd.network(5)` for details. ''; @@ -2534,7 +2576,7 @@ let gateway = mkOption { default = [ ]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' A list of gateways to be added to the network section of the unit. See {manpage}`systemd.network(5)` for details. ''; @@ -2543,7 +2585,7 @@ let dns = mkOption { default = [ ]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' A list of dns servers to be added to the network section of the unit. See {manpage}`systemd.network(5)` for details. ''; @@ -2552,7 +2594,7 @@ let ntp = mkOption { default = [ ]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' A list of ntp servers to be added to the network section of the unit. See {manpage}`systemd.network(5)` for details. ''; @@ -2561,7 +2603,7 @@ let bridge = mkOption { default = [ ]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' A list of bridge interfaces to be added to the network section of the unit. See {manpage}`systemd.network(5)` for details. ''; @@ -2570,7 +2612,7 @@ let bond = mkOption { default = [ ]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' A list of bond interfaces to be added to the network section of the unit. See {manpage}`systemd.network(5)` for details. ''; @@ -2579,7 +2621,7 @@ let vrf = mkOption { default = [ ]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' A list of vrf interfaces to be added to the network section of the unit. See {manpage}`systemd.network(5)` for details. ''; @@ -2588,7 +2630,7 @@ let vlan = mkOption { default = [ ]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' A list of vlan interfaces to be added to the network section of the unit. See {manpage}`systemd.network(5)` for details. ''; @@ -2597,7 +2639,7 @@ let macvlan = mkOption { default = [ ]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' A list of macvlan interfaces to be added to the network section of the unit. See {manpage}`systemd.network(5)` for details. ''; @@ -2606,7 +2648,7 @@ let macvtap = mkOption { default = [ ]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' A list of macvtap interfaces to be added to the network section of the unit. See {manpage}`systemd.network(5)` for details. ''; @@ -2615,7 +2657,7 @@ let vxlan = mkOption { default = [ ]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' A list of vxlan interfaces to be added to the network section of the unit. See {manpage}`systemd.network(5)` for details. ''; @@ -2624,7 +2666,7 @@ let tunnel = mkOption { default = [ ]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' A list of tunnel interfaces to be added to the network section of the unit. See {manpage}`systemd.network(5)` for details. ''; @@ -2633,7 +2675,7 @@ let xfrm = mkOption { default = [ ]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' A list of xfrm interfaces to be added to the network section of the unit. See {manpage}`systemd.network(5)` for details. ''; @@ -2642,7 +2684,7 @@ let addresses = mkOption { default = [ ]; type = with types; listOf (submodule addressOptions); - description = lib.mdDoc '' + description = '' A list of address sections to be added to the unit. See {manpage}`systemd.network(5)` for details. ''; @@ -2651,7 +2693,7 @@ let routingPolicyRules = mkOption { default = [ ]; type = with types; listOf (submodule routingPolicyRulesOptions); - description = lib.mdDoc '' + description = '' A list of routing policy rules sections to be added to the unit. See {manpage}`systemd.network(5)` for details. ''; @@ -2660,7 +2702,7 @@ let routes = mkOption { default = [ ]; type = with types; listOf (submodule routeOptions); - description = lib.mdDoc '' + description = '' A list of route sections to be added to the unit. See {manpage}`systemd.network(5)` for details. ''; @@ -2687,7 +2729,7 @@ let default = {}; example = { foo = 27; }; type = with types; attrsOf int; - description = lib.mdDoc '' + description = '' Defines route table names as an attrset of name to number. See {manpage}`networkd.conf(5)` for details. ''; @@ -2697,7 +2739,7 @@ let default = true; example = false; type = types.bool; - description = lib.mdDoc '' + description = '' If true and routeTables are set, then the specified route tables will also be installed into /etc/iproute2/rt_tables. ''; @@ -2737,7 +2779,7 @@ let enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to enable networkd or not. ''; }; @@ -2746,32 +2788,32 @@ let default = {}; inherit visible; type = with types; attrsOf (submodule [ { options = linkOptions; } ]); - description = lib.mdDoc "Definition of systemd network links."; + description = "Definition of systemd network links."; }; netdevs = mkOption { default = {}; inherit visible; type = with types; attrsOf (submodule [ { options = netdevOptions; } ]); - description = lib.mdDoc "Definition of systemd network devices."; + description = "Definition of systemd network devices."; }; networks = mkOption { default = {}; inherit visible; type = with types; attrsOf (submodule [ { options = networkOptions; } networkConfig ]); - description = lib.mdDoc "Definition of systemd networks."; + description = "Definition of systemd networks."; }; config = mkOption { default = {}; inherit visible; type = with types; submodule [ { options = networkdOptions; } networkdConfig ]; - description = lib.mdDoc "Definition of global systemd network config."; + description = "Definition of global systemd network config."; }; units = mkOption { - description = lib.mdDoc "Definition of networkd units."; + description = "Definition of networkd units."; default = {}; internal = true; type = with types; attrsOf (submodule ( @@ -2788,7 +2830,7 @@ let type = types.bool; default = true; example = false; - description = lib.mdDoc '' + description = '' Whether to enable the systemd-networkd-wait-online service. systemd-networkd-wait-online can timeout and fail if there are no network interfaces @@ -2799,7 +2841,7 @@ let ''; }; anyInterface = mkOption { - description = lib.mdDoc '' + description = '' Whether to consider the network online when any interface is online, as opposed to all of them. This is useful on portable machines with a wired and a wireless interface, for example. @@ -2811,7 +2853,7 @@ let }; ignoredInterfaces = mkOption { - description = lib.mdDoc '' + description = '' Network interfaces to be ignored when deciding if the system is online. ''; type = with types; listOf str; @@ -2820,7 +2862,7 @@ let }; timeout = mkOption { - description = lib.mdDoc '' + description = '' Time to wait for the network to come online, in seconds. Set to 0 to disable. ''; type = types.ints.unsigned; @@ -2829,7 +2871,7 @@ let }; extraArgs = mkOption { - description = lib.mdDoc '' + description = '' Extra command-line arguments to pass to systemd-networkd-wait-online. These also affect per-interface `systemd-network-wait-online@` services. diff --git a/nixpkgs/nixos/modules/system/boot/plymouth.nix b/nixpkgs/nixos/modules/system/boot/plymouth.nix index 85f0fd4622df..4fed6335f742 100644 --- a/nixpkgs/nixos/modules/system/boot/plymouth.nix +++ b/nixpkgs/nixos/modules/system/boot/plymouth.nix @@ -61,13 +61,13 @@ in boot.plymouth = { - enable = mkEnableOption (lib.mdDoc "Plymouth boot splash screen"); + enable = mkEnableOption "Plymouth boot splash screen"; font = mkOption { default = "${pkgs.dejavu_fonts.minimal}/share/fonts/truetype/DejaVuSans.ttf"; defaultText = literalExpression ''"''${pkgs.dejavu_fonts.minimal}/share/fonts/truetype/DejaVuSans.ttf"''; type = types.path; - description = lib.mdDoc '' + description = '' Font file made available for displaying text on the splash screen. ''; }; @@ -80,7 +80,7 @@ in `[ ]`. ''; type = types.listOf types.package; - description = lib.mdDoc '' + description = '' Extra theme packages for plymouth. ''; }; @@ -88,7 +88,7 @@ in theme = mkOption { default = "bgrt"; type = types.str; - description = lib.mdDoc '' + description = '' Splash screen theme. ''; }; @@ -104,7 +104,7 @@ in sha256 = "1ivzgd7iz0i06y36p8m5w48fd8pjqwxhdaavc0pxs7w1g7mcy5si"; } ''; - description = lib.mdDoc '' + description = '' Logo which is displayed on the splash screen. Currently supports PNG file format only. ''; @@ -113,7 +113,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Literal string to append to `configFile` and the config file generated by the plymouth module. ''; diff --git a/nixpkgs/nixos/modules/system/boot/resolved.nix b/nixpkgs/nixos/modules/system/boot/resolved.nix index c42c88163c56..64a15179438f 100644 --- a/nixpkgs/nixos/modules/system/boot/resolved.nix +++ b/nixpkgs/nixos/modules/system/boot/resolved.nix @@ -15,7 +15,7 @@ in services.resolved.enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to enable the systemd DNS resolver daemon, `systemd-resolved`. Search for `services.resolved` to see all options. @@ -26,7 +26,7 @@ in default = null; example = [ "8.8.8.8" "2001:4860:4860::8844" ]; type = types.nullOr (types.listOf types.str); - description = lib.mdDoc '' + description = '' A list of IPv4 and IPv6 addresses to use as the fallback DNS servers. If this option is null, a compiled-in list of DNS servers is used instead. Setting this option to an empty list will override the built-in list to an empty list, disabling fallback. @@ -38,7 +38,7 @@ in defaultText = literalExpression "config.networking.search"; example = [ "example.com" ]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' A list of domains. These domains are used as search suffixes when resolving single-label host names (domain names which contain no dot), in order to qualify them into fully-qualified @@ -55,7 +55,7 @@ in default = "true"; example = "false"; type = types.enum [ "true" "resolve" "false" ]; - description = lib.mdDoc '' + description = '' Controls Link-Local Multicast Name Resolution support (RFC 4795) on the local host. @@ -70,7 +70,7 @@ in default = "false"; example = "true"; type = types.enum [ "true" "allow-downgrade" "false" ]; - description = lib.mdDoc '' + description = '' If set to - `"true"`: all DNS lookups are DNSSEC-validated locally (excluding @@ -99,7 +99,7 @@ in default = "false"; example = "true"; type = types.enum [ "true" "opportunistic" "false" ]; - description = lib.mdDoc '' + description = '' If set to - `"true"`: all DNS lookups will be encrypted. This requires @@ -121,7 +121,7 @@ in services.resolved.extraConfig = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Extra config to append to resolved.conf. ''; }; diff --git a/nixpkgs/nixos/modules/system/boot/stage-1.nix b/nixpkgs/nixos/modules/system/boot/stage-1.nix index 02a3f5113cc0..ae05bc5ae88c 100644 --- a/nixpkgs/nixos/modules/system/boot/stage-1.nix +++ b/nixpkgs/nixos/modules/system/boot/stage-1.nix @@ -444,7 +444,7 @@ in type = types.str; default = ""; example = "/dev/sda3"; - description = lib.mdDoc '' + description = '' Device for manual resume attempt during boot. This should be used primarily if you want to resume from file. If left empty, the swap partitions are used. Specify here the device where the file resides. @@ -457,7 +457,7 @@ in type = types.bool; default = !config.boot.isContainer; defaultText = literalExpression "!config.boot.isContainer"; - description = lib.mdDoc '' + description = '' Whether to enable the NixOS initial RAM disk (initrd). This may be needed to perform some initialisation tasks (like mounting network/encrypted file systems) before continuing the boot process. @@ -471,11 +471,11 @@ in options = { source = mkOption { type = types.package; - description = lib.mdDoc "The object to make available inside the initrd."; + description = "The object to make available inside the initrd."; }; }; }); - description = lib.mdDoc '' + description = '' Extra files to link and copy in to the initrd. ''; }; @@ -483,7 +483,7 @@ in boot.initrd.prepend = mkOption { default = [ ]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' Other initrd files to prepend to the final initrd we are building. ''; }; @@ -491,7 +491,7 @@ in boot.initrd.checkJournalingFS = mkOption { default = true; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to run {command}`fsck` on journaling filesystems such as ext3. ''; }; @@ -499,7 +499,7 @@ in boot.initrd.preLVMCommands = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Shell commands to be executed immediately before LVM discovery. ''; }; @@ -507,7 +507,7 @@ in boot.initrd.preDeviceCommands = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Shell commands to be executed before udev is started to create device nodes. ''; @@ -516,7 +516,7 @@ in boot.initrd.postDeviceCommands = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Shell commands to be executed immediately after stage 1 of the boot has loaded kernel modules and created device nodes in {file}`/dev`. @@ -526,7 +526,7 @@ in boot.initrd.postResumeCommands = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Shell commands to be executed immediately after attempting to resume. ''; }; @@ -534,7 +534,7 @@ in boot.initrd.postMountCommands = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Shell commands to be executed immediately after the stage 1 filesystems have been mounted. ''; @@ -543,7 +543,7 @@ in boot.initrd.preFailCommands = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Shell commands to be executed before the failure prompt is shown. ''; }; @@ -552,7 +552,7 @@ in internal = true; default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Shell commands to be executed in the builder of the extra-utils derivation. This can be used to provide additional utilities in the initial ramdisk. @@ -563,7 +563,7 @@ in internal = true; default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Shell commands to be executed in the builder of the extra-utils derivation after patchelf has done its job. This can be used to test additional utilities @@ -575,7 +575,7 @@ in internal = true; default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Shell commands to be executed in the builder of the udev-rules derivation. This can be used to add additional udev rules in the initial ramdisk. @@ -590,7 +590,7 @@ in ); defaultText = literalMD "`zstd` if the kernel supports it (5.9+), `gzip` if not"; type = types.either types.str (types.functionTo types.str); - description = lib.mdDoc '' + description = '' The compressor to use on the initrd image. May be any of: - The name of one of the predefined compressors, see {file}`pkgs/build-support/kernel/initrd-compressor-meta.nix` for the definitions. @@ -605,14 +605,13 @@ in boot.initrd.compressorArgs = mkOption { default = null; type = types.nullOr (types.listOf types.str); - description = lib.mdDoc "Arguments to pass to the compressor for the initrd image, or null to use the compressor's defaults."; + description = "Arguments to pass to the compressor for the initrd image, or null to use the compressor's defaults."; }; boot.initrd.secrets = mkOption { default = {}; type = types.attrsOf (types.nullOr types.path); - description = - lib.mdDoc '' + description = '' Secrets to append to the initrd. The attribute name is the path the secret should have inside the initrd, the value is the path it should be copied from (or null for the same @@ -639,8 +638,7 @@ in boot.initrd.verbose = mkOption { default = true; type = types.bool; - description = - lib.mdDoc '' + description = '' Verbosity of the initrd. Please note that disabling verbosity removes only the mandatory messages generated by the NixOS scripts. For a completely silent boot, you might also want to set the two following @@ -655,8 +653,7 @@ in { internal = true; default = false; type = types.bool; - description = - lib.mdDoc '' + description = '' Whether the bootloader setup runs append-initrd-secrets. If not, any needed secrets must be copied into the initrd and thus added to the store. @@ -668,7 +665,7 @@ in options.neededForBoot = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' If set, this file system will be mounted in the initial ramdisk. Note that the file system will always be mounted in the initial ramdisk if its mount point is one of the following: diff --git a/nixpkgs/nixos/modules/system/boot/stage-2.nix b/nixpkgs/nixos/modules/system/boot/stage-2.nix index 001380158d5f..71ee9144990c 100644 --- a/nixpkgs/nixos/modules/system/boot/stage-2.nix +++ b/nixpkgs/nixos/modules/system/boot/stage-2.nix @@ -37,7 +37,7 @@ in default = ""; example = "rm -f /var/log/messages"; type = types.lines; - description = lib.mdDoc '' + description = '' Shell commands to be executed just before systemd is started. ''; }; @@ -45,7 +45,7 @@ in readOnlyNixStore = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' If set, NixOS will enforce the immutability of the Nix store by making {file}`/nix/store` a read-only bind mount. Nix will automatically make the store writable when @@ -56,7 +56,7 @@ in systemdExecutable = mkOption { default = "/run/current-system/systemd/lib/systemd/systemd"; type = types.str; - description = lib.mdDoc '' + description = '' The program to execute to start systemd. ''; }; @@ -64,7 +64,7 @@ in extraSystemdUnitPaths = mkOption { default = []; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' Additional paths that get appended to the SYSTEMD_UNIT_PATH environment variable that can contain mutable unit files. ''; diff --git a/nixpkgs/nixos/modules/system/boot/systemd.nix b/nixpkgs/nixos/modules/system/boot/systemd.nix index a8885aee78f2..c82924763d5e 100644 --- a/nixpkgs/nixos/modules/system/boot/systemd.nix +++ b/nixpkgs/nixos/modules/system/boot/systemd.nix @@ -47,6 +47,9 @@ let "rescue.target" "rescue.service" + # systemd-debug-generator + "debug-shell.service" + # Udev. "systemd-tmpfiles-setup-dev-early.service" "systemd-udevd-control.socket" @@ -592,18 +595,17 @@ in }; systemd.units = - mapAttrs' (n: v: nameValuePair "${n}.path" (pathToUnit n v)) cfg.paths - // mapAttrs' (n: v: nameValuePair "${n}.service" (serviceToUnit n v)) cfg.services - // mapAttrs' (n: v: nameValuePair "${n}.slice" (sliceToUnit n v)) cfg.slices - // mapAttrs' (n: v: nameValuePair "${n}.socket" (socketToUnit n v)) cfg.sockets - // mapAttrs' (n: v: nameValuePair "${n}.target" (targetToUnit n v)) cfg.targets - // mapAttrs' (n: v: nameValuePair "${n}.timer" (timerToUnit n v)) cfg.timers - // listToAttrs (map - (v: let n = escapeSystemdPath v.where; - in nameValuePair "${n}.mount" (mountToUnit n v)) cfg.mounts) - // listToAttrs (map - (v: let n = escapeSystemdPath v.where; - in nameValuePair "${n}.automount" (automountToUnit n v)) cfg.automounts); + let + withName = cfgToUnit: cfg: lib.nameValuePair cfg.name (cfgToUnit cfg); + in + mapAttrs' (_: withName pathToUnit) cfg.paths + // mapAttrs' (_: withName serviceToUnit) cfg.services + // mapAttrs' (_: withName sliceToUnit) cfg.slices + // mapAttrs' (_: withName socketToUnit) cfg.sockets + // mapAttrs' (_: withName targetToUnit) cfg.targets + // mapAttrs' (_: withName timerToUnit) cfg.timers + // listToAttrs (map (withName mountToUnit) cfg.mounts) + // listToAttrs (map (withName automountToUnit) cfg.automounts); # Environment of PID 1 systemd.managerEnvironment = { diff --git a/nixpkgs/nixos/modules/system/boot/systemd/coredump.nix b/nixpkgs/nixos/modules/system/boot/systemd/coredump.nix index 271d8f86d0e6..1f29f6686d0d 100644 --- a/nixpkgs/nixos/modules/system/boot/systemd/coredump.nix +++ b/nixpkgs/nixos/modules/system/boot/systemd/coredump.nix @@ -10,7 +10,7 @@ in { systemd.coredump.enable = mkOption { default = true; type = types.bool; - description = lib.mdDoc '' + description = '' Whether core dumps should be processed by {command}`systemd-coredump`. If disabled, core dumps appear in the current directory of the crashing process. @@ -21,7 +21,7 @@ in { default = ""; type = types.lines; example = "Storage=journal"; - description = lib.mdDoc '' + description = '' Extra config options for systemd-coredump. See coredump.conf(5) man page for available options. ''; diff --git a/nixpkgs/nixos/modules/system/boot/systemd/homed.nix b/nixpkgs/nixos/modules/system/boot/systemd/homed.nix index b216820c0c0c..1fd8846616c9 100644 --- a/nixpkgs/nixos/modules/system/boot/systemd/homed.nix +++ b/nixpkgs/nixos/modules/system/boot/systemd/homed.nix @@ -4,9 +4,9 @@ let cfg = config.services.homed; in { - options.services.homed.enable = lib.mkEnableOption (lib.mdDoc '' + options.services.homed.enable = lib.mkEnableOption '' systemd home area/user account manager - ''); + ''; config = lib.mkIf cfg.enable { assertions = [ diff --git a/nixpkgs/nixos/modules/system/boot/systemd/initrd.nix b/nixpkgs/nixos/modules/system/boot/systemd/initrd.nix index 06359f273846..cc32b2a15e7c 100644 --- a/nixpkgs/nixos/modules/system/boot/systemd/initrd.nix +++ b/nixpkgs/nixos/modules/system/boot/systemd/initrd.nix @@ -18,10 +18,10 @@ let cfg = config.boot.initrd.systemd; - # Copied from fedora upstreamUnits = [ "basic.target" "ctrl-alt-del.target" + "debug-shell.service" "emergency.service" "emergency.target" "final.target" @@ -117,8 +117,8 @@ let in { options.boot.initrd.systemd = { - enable = mkEnableOption (lib.mdDoc "systemd in initrd") // { - description = lib.mdDoc '' + enable = mkEnableOption "systemd in initrd" // { + description = '' Whether to enable systemd in initrd. The unit options such as {option}`boot.initrd.systemd.services` are the same as their stage 2 counterparts such as {option}`systemd.services`, @@ -140,7 +140,7 @@ in { default = ""; type = types.lines; example = "DefaultLimitCORE=infinity"; - description = lib.mdDoc '' + description = '' Extra config options for systemd. See systemd-system.conf(5) man page for available options. ''; @@ -150,14 +150,14 @@ in { type = with types; attrsOf (nullOr (oneOf [ str path package ])); default = {}; example = { SYSTEMD_LOG_LEVEL = "debug"; }; - description = lib.mdDoc '' + description = '' Environment variables of PID 1. These variables are *not* passed to started units. ''; }; contents = mkOption { - description = lib.mdDoc "Set of files that have to be linked into the initrd"; + description = "Set of files that have to be linked into the initrd"; example = literalExpression '' { "/etc/hostname".text = "mymachine"; @@ -168,7 +168,7 @@ in { }; storePaths = mkOption { - description = lib.mdDoc '' + description = '' Store paths to copy into the initrd as well. ''; type = with types; listOf (oneOf [ singleLineStr package ]); @@ -176,7 +176,7 @@ in { }; strip = mkOption { - description = lib.mdDoc '' + description = '' Whether to completely strip executables and libraries copied to the initramfs. Setting this to false may save on the order of 30MiB on the @@ -189,7 +189,7 @@ in { }; extraBin = mkOption { - description = lib.mdDoc '' + description = '' Tools to add to /bin ''; example = literalExpression '' @@ -202,7 +202,7 @@ in { }; suppressedStorePaths = mkOption { - description = lib.mdDoc '' + description = '' Store paths specified in the storePaths option that should not be copied. ''; @@ -225,7 +225,7 @@ in { emergencyAccess = mkOption { type = with types; oneOf [ bool (nullOr (passwdEntry str)) ]; - description = lib.mdDoc '' + description = '' Set to true for unauthenticated emergency access, and false for no emergency access. @@ -238,7 +238,7 @@ in { initrdBin = mkOption { type = types.listOf types.package; default = []; - description = lib.mdDoc '' + description = '' Packages to include in /bin for the stage 1 emergency shell. ''; }; @@ -247,7 +247,7 @@ in { default = [ ]; type = types.listOf types.str; example = [ "debug-shell.service" "systemd-quotacheck.service" ]; - description = lib.mdDoc '' + description = '' Additional units shipped with systemd that shall be enabled. ''; }; @@ -256,7 +256,7 @@ in { default = [ ]; type = types.listOf types.str; example = [ "systemd-backlight@.service" ]; - description = lib.mdDoc '' + description = '' A list of units to skip when generating system systemd configuration directory. This has priority over upstream units, {option}`boot.initrd.systemd.units`, and {option}`boot.initrd.systemd.additionalUpstreamUnits`. The main purpose of this is to @@ -266,7 +266,7 @@ in { }; units = mkOption { - description = lib.mdDoc "Definition of systemd units."; + description = "Definition of systemd units."; default = {}; visible = "shallow"; type = systemdUtils.types.units; @@ -276,49 +276,49 @@ in { default = []; type = types.listOf types.package; example = literalExpression "[ pkgs.systemd-cryptsetup-generator ]"; - description = lib.mdDoc "Packages providing systemd units and hooks."; + description = "Packages providing systemd units and hooks."; }; targets = mkOption { default = {}; visible = "shallow"; type = systemdUtils.types.initrdTargets; - description = lib.mdDoc "Definition of systemd target units."; + description = "Definition of systemd target units."; }; services = mkOption { default = {}; type = systemdUtils.types.initrdServices; visible = "shallow"; - description = lib.mdDoc "Definition of systemd service units."; + description = "Definition of systemd service units."; }; sockets = mkOption { default = {}; type = systemdUtils.types.initrdSockets; visible = "shallow"; - description = lib.mdDoc "Definition of systemd socket units."; + description = "Definition of systemd socket units."; }; timers = mkOption { default = {}; type = systemdUtils.types.initrdTimers; visible = "shallow"; - description = lib.mdDoc "Definition of systemd timer units."; + description = "Definition of systemd timer units."; }; paths = mkOption { default = {}; type = systemdUtils.types.initrdPaths; visible = "shallow"; - description = lib.mdDoc "Definition of systemd path units."; + description = "Definition of systemd path units."; }; mounts = mkOption { default = []; type = systemdUtils.types.initrdMounts; visible = "shallow"; - description = lib.mdDoc '' + description = '' Definition of systemd mount units. This is a list instead of an attrSet, because systemd mandates the names to be derived from the 'where' attribute. @@ -329,7 +329,7 @@ in { default = []; type = systemdUtils.types.automounts; visible = "shallow"; - description = lib.mdDoc '' + description = '' Definition of systemd automount units. This is a list instead of an attrSet, because systemd mandates the names to be derived from the 'where' attribute. @@ -340,13 +340,13 @@ in { default = {}; type = systemdUtils.types.slices; visible = "shallow"; - description = lib.mdDoc "Definition of slice configurations."; + description = "Definition of slice configurations."; }; enableTpm2 = mkOption { default = true; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to enable TPM2 support in the initrd. ''; }; @@ -398,7 +398,8 @@ in { ++ lib.optional (config.boot.initrd.systemd.root == "gpt-auto") "rw"; boot.initrd.systemd = { - initrdBin = [pkgs.bash pkgs.coreutils cfg.package.kmod cfg.package]; + # bashInteractive is easier to use and also required by debug-shell.service + initrdBin = [pkgs.bashInteractive pkgs.coreutils cfg.package.kmod cfg.package]; extraBin = { less = "${pkgs.less}/bin/less"; mount = "${cfg.package.util-linux}/bin/mount"; @@ -472,6 +473,9 @@ in { "${cfg.package.util-linux}/bin/umount" "${cfg.package.util-linux}/bin/sulogin" + # required for script services + "${pkgs.runtimeShell}" + # so NSS can look up usernames "${pkgs.glibc}/lib/libnss_files.so.2" ] ++ optionals (cfg.package.withCryptsetup && cfg.enableTpm2) [ @@ -486,18 +490,18 @@ in { targets.initrd.aliases = ["default.target"]; units = - mapAttrs' (n: v: nameValuePair "${n}.path" (pathToUnit n v)) cfg.paths - // mapAttrs' (n: v: nameValuePair "${n}.service" (serviceToUnit n v)) cfg.services - // mapAttrs' (n: v: nameValuePair "${n}.slice" (sliceToUnit n v)) cfg.slices - // mapAttrs' (n: v: nameValuePair "${n}.socket" (socketToUnit n v)) cfg.sockets - // mapAttrs' (n: v: nameValuePair "${n}.target" (targetToUnit n v)) cfg.targets - // mapAttrs' (n: v: nameValuePair "${n}.timer" (timerToUnit n v)) cfg.timers + mapAttrs' (n: v: nameValuePair "${n}.path" (pathToUnit v)) cfg.paths + // mapAttrs' (n: v: nameValuePair "${n}.service" (serviceToUnit v)) cfg.services + // mapAttrs' (n: v: nameValuePair "${n}.slice" (sliceToUnit v)) cfg.slices + // mapAttrs' (n: v: nameValuePair "${n}.socket" (socketToUnit v)) cfg.sockets + // mapAttrs' (n: v: nameValuePair "${n}.target" (targetToUnit v)) cfg.targets + // mapAttrs' (n: v: nameValuePair "${n}.timer" (timerToUnit v)) cfg.timers // listToAttrs (map (v: let n = escapeSystemdPath v.where; - in nameValuePair "${n}.mount" (mountToUnit n v)) cfg.mounts) + in nameValuePair "${n}.mount" (mountToUnit v)) cfg.mounts) // listToAttrs (map (v: let n = escapeSystemdPath v.where; - in nameValuePair "${n}.automount" (automountToUnit n v)) cfg.automounts); + in nameValuePair "${n}.automount" (automountToUnit v)) cfg.automounts); # make sure all the /dev nodes are set up services.systemd-tmpfiles-setup-dev.wantedBy = ["sysinit.target"]; diff --git a/nixpkgs/nixos/modules/system/boot/systemd/journald-gateway.nix b/nixpkgs/nixos/modules/system/boot/systemd/journald-gateway.nix index 854965282344..1bcb3f400c61 100644 --- a/nixpkgs/nixos/modules/system/boot/systemd/journald-gateway.nix +++ b/nixpkgs/nixos/modules/system/boot/systemd/journald-gateway.nix @@ -24,7 +24,7 @@ in cert = lib.mkOption { default = null; type = with lib.types; nullOr str; - description = lib.mdDoc '' + description = '' The path to a file or `AF_UNIX` stream socket to read the server certificate from. @@ -37,7 +37,7 @@ in key = lib.mkOption { default = null; type = with lib.types; nullOr str; - description = lib.mdDoc '' + description = '' Specify the path to a file or `AF_UNIX` stream socket to read the secret server key corresponding to the certificate specified with {option}`services.journald.gateway.cert` from. @@ -52,7 +52,7 @@ in trust = lib.mkOption { default = null; type = with lib.types; nullOr str; - description = lib.mdDoc '' + description = '' Specify the path to a file or `AF_UNIX` stream socket to read a CA certificate from. @@ -65,7 +65,7 @@ in system = lib.mkOption { default = true; type = lib.types.bool; - description = lib.mdDoc '' + description = '' Serve entries from system services and the kernel. This has the same meaning as `--system` for {manpage}`journalctl(1)`. @@ -75,7 +75,7 @@ in user = lib.mkOption { default = true; type = lib.types.bool; - description = lib.mdDoc '' + description = '' Serve entries from services for the current user. This has the same meaning as `--user` for {manpage}`journalctl(1)`. @@ -85,7 +85,7 @@ in merge = lib.mkOption { default = false; type = lib.types.bool; - description = lib.mdDoc '' + description = '' Serve entries interleaved from all available journals, including other machines. diff --git a/nixpkgs/nixos/modules/system/boot/systemd/journald-remote.nix b/nixpkgs/nixos/modules/system/boot/systemd/journald-remote.nix index 57a0a133e1c6..13674694c144 100644 --- a/nixpkgs/nixos/modules/system/boot/systemd/journald-remote.nix +++ b/nixpkgs/nixos/modules/system/boot/systemd/journald-remote.nix @@ -18,7 +18,7 @@ in listen = lib.mkOption { default = "https"; type = lib.types.enum [ "https" "http" ]; - description = lib.mdDoc '' + description = '' Which protocol to listen to. ''; }; @@ -26,7 +26,7 @@ in output = lib.mkOption { default = "/var/log/journal/remote/"; type = lib.types.str; - description = lib.mdDoc '' + description = '' The location of the output journal. In case the output file is not specified, journal files will be created @@ -52,7 +52,7 @@ in settings = lib.mkOption { default = { }; - description = lib.mdDoc '' + description = '' Configuration in the journal-remote configuration file. See {manpage}`journal-remote.conf(5)` for available options. ''; @@ -75,7 +75,7 @@ in default = "host"; example = "none"; type = lib.types.enum [ "host" "none" ]; - description = lib.mdDoc '' + description = '' With "host", a separate output file is used, based on the hostname of the other endpoint of a connection. With "none", only one output journal file is used. @@ -85,7 +85,7 @@ in ServerKeyFile = lib.mkOption { default = "/etc/ssl/private/journal-remote.pem"; type = lib.types.str; - description = lib.mdDoc '' + description = '' A path to a SSL secret key file in PEM format. Note that due to security reasons, `systemd-journal-remote` will @@ -101,7 +101,7 @@ in ServerCertificateFile = lib.mkOption { default = "/etc/ssl/certs/journal-remote.pem"; type = lib.types.str; - description = lib.mdDoc '' + description = '' A path to a SSL certificate file in PEM format. This option can be used with `listen = "https"`. If the path @@ -113,7 +113,7 @@ in TrustedCertificateFile = lib.mkOption { default = "/etc/ssl/ca/trusted.pem"; type = lib.types.str; - description = lib.mdDoc '' + description = '' A path to a SSL CA certificate file in PEM format, or `all`. If `all` is set, then client certificate checking will be diff --git a/nixpkgs/nixos/modules/system/boot/systemd/journald-upload.nix b/nixpkgs/nixos/modules/system/boot/systemd/journald-upload.nix index 6421e5fa486f..053f886ff5c6 100644 --- a/nixpkgs/nixos/modules/system/boot/systemd/journald-upload.nix +++ b/nixpkgs/nixos/modules/system/boot/systemd/journald-upload.nix @@ -12,7 +12,7 @@ in settings = lib.mkOption { default = { }; - description = lib.mdDoc '' + description = '' Configuration for journal-upload. See {manpage}`journal-upload.conf(5)` for available options. ''; diff --git a/nixpkgs/nixos/modules/system/boot/systemd/journald.nix b/nixpkgs/nixos/modules/system/boot/systemd/journald.nix index 62e24a305dde..f9f05d2b08f4 100644 --- a/nixpkgs/nixos/modules/system/boot/systemd/journald.nix +++ b/nixpkgs/nixos/modules/system/boot/systemd/journald.nix @@ -13,13 +13,13 @@ in { services.journald.console = mkOption { default = ""; type = types.str; - description = lib.mdDoc "If non-empty, write log messages to the specified TTY device."; + description = "If non-empty, write log messages to the specified TTY device."; }; services.journald.rateLimitInterval = mkOption { default = "30s"; type = types.str; - description = lib.mdDoc '' + description = '' Configures the rate limiting interval that is applied to all messages generated on the system. This rate limiting is applied per-service, so that two services which log do not interfere with @@ -35,7 +35,7 @@ in { services.journald.storage = mkOption { default = "persistent"; type = types.enum [ "persistent" "volatile" "auto" "none" ]; - description = mdDoc '' + description = '' Controls where to store journal data. See {manpage}`journald.conf(5)` for further information. ''; @@ -44,7 +44,7 @@ in { services.journald.rateLimitBurst = mkOption { default = 10000; type = types.int; - description = lib.mdDoc '' + description = '' Configures the rate limiting burst limit (number of messages per interval) that is applied to all messages generated on the system. This rate limiting is applied per-service, so that two services @@ -71,7 +71,7 @@ in { default = ""; type = types.lines; example = "Storage=volatile"; - description = lib.mdDoc '' + description = '' Extra config options for systemd-journald. See man journald.conf for available options. ''; @@ -81,7 +81,7 @@ in { default = config.services.rsyslogd.enable || config.services.syslog-ng.enable; defaultText = literalExpression "services.rsyslogd.enable || services.syslog-ng.enable"; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to forward log messages to syslog. ''; }; diff --git a/nixpkgs/nixos/modules/system/boot/systemd/logind.nix b/nixpkgs/nixos/modules/system/boot/systemd/logind.nix index cf01c1882857..ed5369c09ccb 100644 --- a/nixpkgs/nixos/modules/system/boot/systemd/logind.nix +++ b/nixpkgs/nixos/modules/system/boot/systemd/logind.nix @@ -16,7 +16,7 @@ in default = ""; type = types.lines; example = "IdleAction=lock"; - description = lib.mdDoc '' + description = '' Extra config options for systemd-logind. See [logind.conf(5)](https://www.freedesktop.org/software/systemd/man/logind.conf.html) for available options. @@ -26,7 +26,7 @@ in killUserProcesses = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Specifies whether the processes of a user should be killed when the user logs out. If true, the scope unit corresponding to the session and all processes inside that scope will be @@ -44,7 +44,7 @@ in example = "ignore"; type = logindHandlerType; - description = lib.mdDoc '' + description = '' Specifies what to do when the power key is pressed. ''; }; @@ -54,7 +54,7 @@ in example = "reboot"; type = logindHandlerType; - description = lib.mdDoc '' + description = '' Specifies what to do when the power key is long-pressed. ''; }; @@ -64,7 +64,7 @@ in example = "ignore"; type = logindHandlerType; - description = lib.mdDoc '' + description = '' Specifies what to do when the reboot key is pressed. ''; }; @@ -74,7 +74,7 @@ in example = "ignore"; type = logindHandlerType; - description = lib.mdDoc '' + description = '' Specifies what to do when the reboot key is long-pressed. ''; }; @@ -84,7 +84,7 @@ in example = "ignore"; type = logindHandlerType; - description = lib.mdDoc '' + description = '' Specifies what to do when the suspend key is pressed. ''; }; @@ -94,7 +94,7 @@ in example = "ignore"; type = logindHandlerType; - description = lib.mdDoc '' + description = '' Specifies what to do when the suspend key is long-pressed. ''; }; @@ -104,7 +104,7 @@ in example = "ignore"; type = logindHandlerType; - description = lib.mdDoc '' + description = '' Specifies what to do when the hibernate key is pressed. ''; }; @@ -114,7 +114,7 @@ in example = "suspend"; type = logindHandlerType; - description = lib.mdDoc '' + description = '' Specifies what to do when the hibernate key is long-pressed. ''; }; @@ -124,7 +124,7 @@ in example = "ignore"; type = logindHandlerType; - description = lib.mdDoc '' + description = '' Specifies what to do when the laptop lid is closed. ''; }; @@ -135,7 +135,7 @@ in example = "ignore"; type = logindHandlerType; - description = lib.mdDoc '' + description = '' Specifies what to do when the laptop lid is closed and the system is on external power. By default use the same action as specified in services.logind.lidSwitch. @@ -147,7 +147,7 @@ in example = "suspend"; type = logindHandlerType; - description = lib.mdDoc '' + description = '' Specifies what to do when the laptop lid is closed and another screen is added. ''; diff --git a/nixpkgs/nixos/modules/system/boot/systemd/nspawn.nix b/nixpkgs/nixos/modules/system/boot/systemd/nspawn.nix index b513aa051f28..11fbb88838e1 100644 --- a/nixpkgs/nixos/modules/system/boot/systemd/nspawn.nix +++ b/nixpkgs/nixos/modules/system/boot/systemd/nspawn.nix @@ -52,7 +52,7 @@ let default = {}; example = { Parameters = "/bin/sh"; }; type = types.addCheck (types.attrsOf unitOption) checkExec; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[Exec]` section of this unit. See {manpage}`systemd.nspawn(5)` for details. @@ -63,7 +63,7 @@ let default = {}; example = { Bind = [ "/home/alice" ]; }; type = types.addCheck (types.attrsOf unitOption) checkFiles; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[Files]` section of this unit. See {manpage}`systemd.nspawn(5)` for details. @@ -74,7 +74,7 @@ let default = {}; example = { Private = false; }; type = types.addCheck (types.attrsOf unitOption) checkNetwork; - description = lib.mdDoc '' + description = '' Each attribute in this set specifies an option in the `[Network]` section of this unit. See {manpage}`systemd.nspawn(5)` for details. @@ -106,7 +106,7 @@ in { systemd.nspawn = mkOption { default = {}; type = with types; attrsOf (submodule instanceOptions); - description = lib.mdDoc "Definition of systemd-nspawn configurations."; + description = "Definition of systemd-nspawn configurations."; }; }; diff --git a/nixpkgs/nixos/modules/system/boot/systemd/oomd.nix b/nixpkgs/nixos/modules/system/boot/systemd/oomd.nix index edc25784367a..a2a90e0ceb87 100644 --- a/nixpkgs/nixos/modules/system/boot/systemd/oomd.nix +++ b/nixpkgs/nixos/modules/system/boot/systemd/oomd.nix @@ -8,19 +8,19 @@ in { ]; options.systemd.oomd = { - enable = lib.mkEnableOption (lib.mdDoc "the `systemd-oomd` OOM killer") // { default = true; }; + enable = lib.mkEnableOption "the `systemd-oomd` OOM killer" // { default = true; }; # Fedora enables the first and third option by default. See the 10-oomd-* files here: # https://src.fedoraproject.org/rpms/systemd/tree/806c95e1c70af18f81d499b24cd7acfa4c36ffd6 - enableRootSlice = lib.mkEnableOption (lib.mdDoc "oomd on the root slice (`-.slice`)"); - enableSystemSlice = lib.mkEnableOption (lib.mdDoc "oomd on the system slice (`system.slice`)"); - enableUserSlices = lib.mkEnableOption (lib.mdDoc "oomd on all user slices (`user@.slice`) and all user owned slices"); + enableRootSlice = lib.mkEnableOption "oomd on the root slice (`-.slice`)"; + enableSystemSlice = lib.mkEnableOption "oomd on the system slice (`system.slice`)"; + enableUserSlices = lib.mkEnableOption "oomd on all user slices (`user@.slice`) and all user owned slices"; extraConfig = lib.mkOption { type = with lib.types; attrsOf (oneOf [ str int bool ]); default = {}; example = lib.literalExpression ''{ DefaultMemoryPressureDurationSec = "20s"; }''; - description = lib.mdDoc '' + description = '' Extra config options for `systemd-oomd`. See {command}`man oomd.conf` for available options. ''; diff --git a/nixpkgs/nixos/modules/system/boot/systemd/repart.nix b/nixpkgs/nixos/modules/system/boot/systemd/repart.nix index 6cc387cb6f43..49db1305bb2b 100644 --- a/nixpkgs/nixos/modules/system/boot/systemd/repart.nix +++ b/nixpkgs/nixos/modules/system/boot/systemd/repart.nix @@ -13,14 +13,14 @@ let partitionAssertions = lib.mapAttrsToList (fileName: definition: let - maxLabelLength = 36; # GPT_LABEL_MAX defined in systemd's gpt.h + inherit (utils.systemdUtils.lib) GPTMaxLabelLength; labelLength = builtins.stringLength definition.Label; in { - assertion = definition ? Label -> maxLabelLength >= labelLength; + assertion = definition ? Label -> GPTMaxLabelLength >= labelLength; message = '' The partition label '${definition.Label}' defined for '${fileName}' is ${toString labelLength} - characters long, but the maximum label length supported by systemd is ${toString maxLabelLength}. + characters long, but the maximum label length supported by systemd is ${toString GPTMaxLabelLength}. ''; } ) cfg.partitions; @@ -28,8 +28,8 @@ in { options = { boot.initrd.systemd.repart = { - enable = lib.mkEnableOption (lib.mdDoc "systemd-repart") // { - description = lib.mdDoc '' + enable = lib.mkEnableOption "systemd-repart" // { + description = '' Grow and add partitions to a partition table at boot time in the initrd. systemd-repart only works with GPT partition tables. @@ -40,7 +40,7 @@ in device = lib.mkOption { type = with lib.types; nullOr str; - description = lib.mdDoc '' + description = '' The device to operate on. If `device == null`, systemd-repart will operate on the device @@ -53,8 +53,8 @@ in }; systemd.repart = { - enable = lib.mkEnableOption (lib.mdDoc "systemd-repart") // { - description = lib.mdDoc '' + enable = lib.mkEnableOption "systemd-repart" // { + description = '' Grow and add partitions to a partition table. systemd-repart only works with GPT partition tables. @@ -76,7 +76,7 @@ in SizeMaxBytes = "2G"; }; }; - description = lib.mdDoc '' + description = '' Specify partitions as a set of the names of the definition files as the key and the partition configuration as its value. The partition configuration can use all upstream options. See <link diff --git a/nixpkgs/nixos/modules/system/boot/systemd/shutdown.nix b/nixpkgs/nixos/modules/system/boot/systemd/shutdown.nix index d7300e940af2..5c2525a57b4b 100644 --- a/nixpkgs/nixos/modules/system/boot/systemd/shutdown.nix +++ b/nixpkgs/nixos/modules/system/boot/systemd/shutdown.nix @@ -9,9 +9,9 @@ in { options.systemd.shutdownRamfs = { - enable = lib.mkEnableOption (lib.mdDoc "pivoting back to an initramfs for shutdown") // { default = true; }; + enable = lib.mkEnableOption "pivoting back to an initramfs for shutdown" // { default = true; }; contents = lib.mkOption { - description = lib.mdDoc "Set of files that have to be linked into the shutdown ramfs"; + description = "Set of files that have to be linked into the shutdown ramfs"; example = lib.literalExpression '' { "/lib/systemd/system-shutdown/zpool-sync-shutdown".source = writeShellScript "zpool" "exec ''${zfs}/bin/zpool sync" @@ -21,7 +21,7 @@ in { }; storePaths = lib.mkOption { - description = lib.mdDoc '' + description = '' Store paths to copy into the shutdown ramfs as well. ''; type = lib.types.listOf lib.types.singleLineStr; diff --git a/nixpkgs/nixos/modules/system/boot/systemd/sysupdate.nix b/nixpkgs/nixos/modules/system/boot/systemd/sysupdate.nix index 1f4088ddf825..67f0b3b1caad 100644 --- a/nixpkgs/nixos/modules/system/boot/systemd/sysupdate.nix +++ b/nixpkgs/nixos/modules/system/boot/systemd/sysupdate.nix @@ -13,8 +13,8 @@ in { options.systemd.sysupdate = { - enable = lib.mkEnableOption (lib.mdDoc "systemd-sysupdate") // { - description = lib.mdDoc '' + enable = lib.mkEnableOption "systemd-sysupdate" // { + description = '' Atomically update the host OS, container images, portable service images or other sources. @@ -29,7 +29,7 @@ in timerConfig = utils.systemdUtils.unitOptions.timerOptions.options.timerConfig // { default = { }; - description = lib.mdDoc '' + description = '' The timer configuration for performing the update. By default, the upstream configuration is used: @@ -38,8 +38,8 @@ in }; reboot = { - enable = lib.mkEnableOption (lib.mdDoc "automatically rebooting after an update") // { - description = lib.mdDoc '' + enable = lib.mkEnableOption "automatically rebooting after an update" // { + description = '' Whether to automatically reboot after an update. If set to `true`, the system will automatically reboot via a @@ -58,7 +58,7 @@ in timerConfig = utils.systemdUtils.unitOptions.timerOptions.options.timerConfig // { default = { }; - description = lib.mdDoc '' + description = '' The timer configuration for rebooting after an update. By default, the upstream configuration is used: @@ -98,7 +98,7 @@ in }; }; }; - description = lib.mdDoc '' + description = '' Specify transfers as a set of the names of the transfer files as the key and the configuration as its value. The configuration can use all upstream options. See diff --git a/nixpkgs/nixos/modules/system/boot/systemd/sysusers.nix b/nixpkgs/nixos/modules/system/boot/systemd/sysusers.nix index c619c2d91eb0..de7000970597 100644 --- a/nixpkgs/nixos/modules/system/boot/systemd/sysusers.nix +++ b/nixpkgs/nixos/modules/system/boot/systemd/sysusers.nix @@ -67,8 +67,8 @@ in # users-groups.nix systemd.sysusers = { - enable = lib.mkEnableOption (lib.mdDoc "systemd-sysusers") // { - description = lib.mdDoc '' + enable = lib.mkEnableOption "systemd-sysusers" // { + description = '' If enabled, users are created with systemd-sysusers instead of with the custom `update-users-groups.pl` script. diff --git a/nixpkgs/nixos/modules/system/boot/systemd/tmpfiles.nix b/nixpkgs/nixos/modules/system/boot/systemd/tmpfiles.nix index ee06648f568c..93a7f7a2bd27 100644 --- a/nixpkgs/nixos/modules/system/boot/systemd/tmpfiles.nix +++ b/nixpkgs/nixos/modules/system/boot/systemd/tmpfiles.nix @@ -12,7 +12,7 @@ in type = types.listOf types.str; default = []; example = [ "d /tmp 1777 root root 10d" ]; - description = lib.mdDoc '' + description = '' Rules for creation, deletion and cleaning of volatile and temporary files automatically. See {manpage}`tmpfiles.d(5)` @@ -21,7 +21,7 @@ in }; systemd.tmpfiles.settings = mkOption { - description = lib.mdDoc '' + description = '' Declare systemd-tmpfiles rules to create, delete, and clean up volatile and temporary files and directories. @@ -43,7 +43,7 @@ in type = types.str; default = name; example = "d"; - description = lib.mdDoc '' + description = '' The type of operation to perform on the file. The type consists of a single letter and optionally one or more @@ -58,7 +58,7 @@ in type = types.str; default = "-"; example = "0755"; - description = lib.mdDoc '' + description = '' The file access mode to use when creating this file or directory. ''; }; @@ -66,7 +66,7 @@ in type = types.str; default = "-"; example = "root"; - description = lib.mdDoc '' + description = '' The user of the file. This may either be a numeric ID or a user/group name. @@ -79,7 +79,7 @@ in type = types.str; default = "-"; example = "root"; - description = lib.mdDoc '' + description = '' The group of the file. This may either be a numeric ID or a user/group name. @@ -92,7 +92,7 @@ in type = types.str; default = "-"; example = "10d"; - description = lib.mdDoc '' + description = '' Delete a file when it reaches a certain age. If a file or directory is older than the current time minus the age @@ -105,7 +105,7 @@ in type = types.str; default = ""; example = ""; - description = lib.mdDoc '' + description = '' An argument whose meaning depends on the type of operation. Please see the upstream documentation for the meaning of this @@ -121,7 +121,7 @@ in default = []; example = literalExpression "[ pkgs.lvm2 ]"; apply = map getLib; - description = lib.mdDoc '' + description = '' List of packages containing {command}`systemd-tmpfiles` rules. All files ending in .conf found in diff --git a/nixpkgs/nixos/modules/system/boot/systemd/user.nix b/nixpkgs/nixos/modules/system/boot/systemd/user.nix index 64dc19633eca..2685cf7e283a 100644 --- a/nixpkgs/nixos/modules/system/boot/systemd/user.nix +++ b/nixpkgs/nixos/modules/system/boot/systemd/user.nix @@ -59,14 +59,14 @@ in { default = ""; type = types.lines; example = "DefaultCPUAccounting=yes"; - description = lib.mdDoc '' + description = '' Extra config options for systemd user instances. See {manpage}`systemd-user.conf(5)` for available options. ''; }; systemd.user.units = mkOption { - description = lib.mdDoc "Definition of systemd per-user units."; + description = "Definition of systemd per-user units."; default = {}; type = systemdUtils.types.units; }; @@ -74,37 +74,37 @@ in { systemd.user.paths = mkOption { default = {}; type = systemdUtils.types.paths; - description = lib.mdDoc "Definition of systemd per-user path units."; + description = "Definition of systemd per-user path units."; }; systemd.user.services = mkOption { default = {}; type = systemdUtils.types.services; - description = lib.mdDoc "Definition of systemd per-user service units."; + description = "Definition of systemd per-user service units."; }; systemd.user.slices = mkOption { default = {}; type = systemdUtils.types.slices; - description = lib.mdDoc "Definition of systemd per-user slice units."; + description = "Definition of systemd per-user slice units."; }; systemd.user.sockets = mkOption { default = {}; type = systemdUtils.types.sockets; - description = lib.mdDoc "Definition of systemd per-user socket units."; + description = "Definition of systemd per-user socket units."; }; systemd.user.targets = mkOption { default = {}; type = systemdUtils.types.targets; - description = lib.mdDoc "Definition of systemd per-user target units."; + description = "Definition of systemd per-user target units."; }; systemd.user.timers = mkOption { default = {}; type = systemdUtils.types.timers; - description = lib.mdDoc "Definition of systemd per-user timer units."; + description = "Definition of systemd per-user timer units."; }; systemd.user.tmpfiles = { @@ -112,7 +112,7 @@ in { type = types.listOf types.str; default = []; example = [ "D %C - - - 7d" ]; - description = lib.mdDoc '' + description = '' Global user rules for creation, deletion and cleaning of volatile and temporary files automatically. See {manpage}`tmpfiles.d(5)` @@ -121,7 +121,7 @@ in { }; users = mkOption { - description = mdDoc '' + description = '' Per-user rules for creation, deletion and cleaning of volatile and temporary files automatically. ''; @@ -132,7 +132,7 @@ in { type = types.listOf types.str; default = []; example = [ "D %C - - - 7d" ]; - description = mdDoc '' + description = '' Per-user rules for creation, deletion and cleaning of volatile and temporary files automatically. See {manpage}`tmpfiles.d(5)` @@ -148,7 +148,7 @@ in { default = []; type = types.listOf types.str; example = []; - description = lib.mdDoc '' + description = '' Additional units shipped with systemd that should be enabled for per-user systemd instances. ''; internal = true; @@ -175,12 +175,12 @@ in { }; systemd.user.units = - mapAttrs' (n: v: nameValuePair "${n}.path" (pathToUnit n v)) cfg.paths - // mapAttrs' (n: v: nameValuePair "${n}.service" (serviceToUnit n v)) cfg.services - // mapAttrs' (n: v: nameValuePair "${n}.slice" (sliceToUnit n v)) cfg.slices - // mapAttrs' (n: v: nameValuePair "${n}.socket" (socketToUnit n v)) cfg.sockets - // mapAttrs' (n: v: nameValuePair "${n}.target" (targetToUnit n v)) cfg.targets - // mapAttrs' (n: v: nameValuePair "${n}.timer" (timerToUnit n v)) cfg.timers; + mapAttrs' (n: v: nameValuePair "${n}.path" (pathToUnit v)) cfg.paths + // mapAttrs' (n: v: nameValuePair "${n}.service" (serviceToUnit v)) cfg.services + // mapAttrs' (n: v: nameValuePair "${n}.slice" (sliceToUnit v)) cfg.slices + // mapAttrs' (n: v: nameValuePair "${n}.socket" (socketToUnit v)) cfg.sockets + // mapAttrs' (n: v: nameValuePair "${n}.target" (targetToUnit v)) cfg.targets + // mapAttrs' (n: v: nameValuePair "${n}.timer" (timerToUnit v)) cfg.timers; # Generate timer units for all services that have a ‘startAt’ value. systemd.user.timers = diff --git a/nixpkgs/nixos/modules/system/boot/systemd/userdbd.nix b/nixpkgs/nixos/modules/system/boot/systemd/userdbd.nix index e7f6d42341c4..0161a7c2c681 100644 --- a/nixpkgs/nixos/modules/system/boot/systemd/userdbd.nix +++ b/nixpkgs/nixos/modules/system/boot/systemd/userdbd.nix @@ -4,9 +4,9 @@ let cfg = config.services.userdbd; in { - options.services.userdbd.enable = lib.mkEnableOption (lib.mdDoc '' + options.services.userdbd.enable = lib.mkEnableOption '' the systemd JSON user/group record lookup service - ''); + ''; config = lib.mkIf cfg.enable { systemd.additionalUpstreamSystemUnits = [ "systemd-userdbd.socket" diff --git a/nixpkgs/nixos/modules/system/boot/timesyncd.nix b/nixpkgs/nixos/modules/system/boot/timesyncd.nix index ef17c1481abb..f93064569bf6 100644 --- a/nixpkgs/nixos/modules/system/boot/timesyncd.nix +++ b/nixpkgs/nixos/modules/system/boot/timesyncd.nix @@ -11,7 +11,7 @@ with lib; default = !config.boot.isContainer; defaultText = literalExpression "!config.boot.isContainer"; type = types.bool; - description = lib.mdDoc '' + description = '' Enables the systemd NTP client daemon. ''; }; @@ -19,7 +19,7 @@ with lib; default = config.networking.timeServers; defaultText = literalExpression "config.networking.timeServers"; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' The set of NTP servers from which to synchronise. Note if this is set to an empty list, the defaults systemd itself is compiled with ({0..4}.nixos.pool.ntp.org) apply, @@ -32,7 +32,7 @@ with lib; example = '' PollIntervalMaxSec=180 ''; - description = lib.mdDoc '' + description = '' Extra config options for systemd-timesyncd. See [ timesyncd.conf(5)](https://www.freedesktop.org/software/systemd/man/timesyncd.conf.html) for available options. diff --git a/nixpkgs/nixos/modules/system/boot/tmp.nix b/nixpkgs/nixos/modules/system/boot/tmp.nix index fd16cd3fba42..150f4adaf3ee 100644 --- a/nixpkgs/nixos/modules/system/boot/tmp.nix +++ b/nixpkgs/nixos/modules/system/boot/tmp.nix @@ -17,7 +17,7 @@ in cleanOnBoot = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to delete all files in {file}`/tmp` during boot. ''; }; @@ -25,7 +25,7 @@ in tmpfsSize = mkOption { type = types.oneOf [ types.str types.types.ints.positive ]; default = "50%"; - description = lib.mdDoc '' + description = '' Size of tmpfs in percentage. Percentage is defined by systemd. ''; @@ -34,7 +34,7 @@ in useTmpfs = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to mount a tmpfs on {file}`/tmp` during boot. ::: {.note} diff --git a/nixpkgs/nixos/modules/system/boot/uki.nix b/nixpkgs/nixos/modules/system/boot/uki.nix index c8d3c2f6605f..c86439e98a3c 100644 --- a/nixpkgs/nixos/modules/system/boot/uki.nix +++ b/nixpkgs/nixos/modules/system/boot/uki.nix @@ -15,20 +15,20 @@ in boot.uki = { name = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "Name of the UKI"; + description = "Name of the UKI"; }; version = lib.mkOption { type = lib.types.nullOr lib.types.str; default = config.system.image.version; defaultText = lib.literalExpression "config.system.image.version"; - description = lib.mdDoc "Version of the image or generation the UKI belongs to"; + description = "Version of the image or generation the UKI belongs to"; }; tries = lib.mkOption { type = lib.types.nullOr lib.types.ints.unsigned; default = null; - description = lib.mdDoc '' + description = '' Number of boot attempts before this UKI is considered bad. If no tries are specified (the default) automatic boot assessment remains inactive. @@ -41,7 +41,7 @@ in settings = lib.mkOption { type = format.type; - description = lib.mdDoc '' + description = '' The configuration settings for ukify. These control what the UKI contains and how it is built. ''; @@ -49,7 +49,7 @@ in configFile = lib.mkOption { type = lib.types.path; - description = lib.mdDoc '' + description = '' The configuration file passed to {manpage}`ukify(1)` to create the UKI. By default this configuration file is created from {option}`boot.uki.settings`. @@ -60,7 +60,7 @@ in system.boot.loader.ukiFile = lib.mkOption { type = lib.types.str; internal = true; - description = lib.mdDoc "Name of the UKI file"; + description = "Name of the UKI file"; }; }; diff --git a/nixpkgs/nixos/modules/system/boot/unl0kr.nix b/nixpkgs/nixos/modules/system/boot/unl0kr.nix index 8d9af37382e0..f5ce693c2de4 100644 --- a/nixpkgs/nixos/modules/system/boot/unl0kr.nix +++ b/nixpkgs/nixos/modules/system/boot/unl0kr.nix @@ -5,8 +5,8 @@ let in { options.boot.initrd.unl0kr = { - enable = lib.mkEnableOption (lib.mdDoc "unl0kr in initrd") // { - description = lib.mdDoc '' + enable = lib.mkEnableOption "unl0kr in initrd" // { + description = '' Whether to enable the unl0kr on-screen keyboard in initrd to unlock LUKS. ''; }; diff --git a/nixpkgs/nixos/modules/system/boot/uvesafb.nix b/nixpkgs/nixos/modules/system/boot/uvesafb.nix index b10dc42887a1..8da86466a5be 100644 --- a/nixpkgs/nixos/modules/system/boot/uvesafb.nix +++ b/nixpkgs/nixos/modules/system/boot/uvesafb.nix @@ -1,21 +1,21 @@ { config, lib, pkgs, ... }: let cfg = config.boot.uvesafb; - inherit (lib) mkIf mkEnableOption mkOption mdDoc types; + inherit (lib) mkIf mkEnableOption mkOption types; in { options = { boot.uvesafb = { - enable = mkEnableOption (mdDoc "uvesafb"); + enable = mkEnableOption "uvesafb"; gfx-mode = mkOption { type = types.str; default = "1024x768-32"; - description = mdDoc "Screen resolution in modedb format. See [uvesafb](https://docs.kernel.org/fb/uvesafb.html) and [modedb](https://docs.kernel.org/fb/modedb.html) documentation for more details. The default value is a sensible default but may be not ideal for all setups."; + description = "Screen resolution in modedb format. See [uvesafb](https://docs.kernel.org/fb/uvesafb.html) and [modedb](https://docs.kernel.org/fb/modedb.html) documentation for more details. The default value is a sensible default but may be not ideal for all setups."; }; v86d.package = mkOption { type = types.package; - description = mdDoc "Which v86d package to use with uvesafb"; + description = "Which v86d package to use with uvesafb"; defaultText = ''config.boot.kernelPackages.v86d.overrideAttrs (old: { hardeningDisable = [ "all" ]; })''; diff --git a/nixpkgs/nixos/modules/system/build.nix b/nixpkgs/nixos/modules/system/build.nix index 41c0258a5a35..58dc3f0d4113 100644 --- a/nixpkgs/nixos/modules/system/build.nix +++ b/nixpkgs/nixos/modules/system/build.nix @@ -7,7 +7,7 @@ in system.build = mkOption { default = {}; - description = lib.mdDoc '' + description = '' Attribute set of derivations used to set up the system. ''; type = types.submoduleWith { diff --git a/nixpkgs/nixos/modules/system/etc/etc.nix b/nixpkgs/nixos/modules/system/etc/etc.nix index 9f735364196c..9fded1e1c974 100644 --- a/nixpkgs/nixos/modules/system/etc/etc.nix +++ b/nixpkgs/nixos/modules/system/etc/etc.nix @@ -86,7 +86,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Mount `/etc` as an overlayfs instead of generating it via a perl script. Note: This is currently experimental. Only enable this option if you're @@ -97,7 +97,7 @@ in mutable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to mount `/etc` mutably (i.e. read-write) or immutably (i.e. read-only). If this is false, only the immutable lowerdir is mounted. If it is @@ -116,7 +116,7 @@ in "default/useradd".text = "GROUP=100 ..."; } ''; - description = lib.mdDoc '' + description = '' Set of files that have to be linked in {file}`/etc`. ''; @@ -127,7 +127,7 @@ in enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether this /etc file should be generated. This option allows specific /etc files to be disabled. ''; @@ -135,7 +135,7 @@ in target = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Name of symlink (relative to {file}`/etc`). Defaults to the attribute name. @@ -145,19 +145,19 @@ in text = mkOption { default = null; type = types.nullOr types.lines; - description = lib.mdDoc "Text of the file."; + description = "Text of the file."; }; source = mkOption { type = types.path; - description = lib.mdDoc "Path of the source file."; + description = "Path of the source file."; }; mode = mkOption { type = types.str; default = "symlink"; example = "0600"; - description = lib.mdDoc '' + description = '' If set to something else than `symlink`, the file is copied instead of symlinked, with the given file mode. @@ -167,7 +167,7 @@ in uid = mkOption { default = 0; type = types.int; - description = lib.mdDoc '' + description = '' UID of created file. Only takes effect when the file is copied (that is, the mode is not 'symlink'). ''; @@ -176,7 +176,7 @@ in gid = mkOption { default = 0; type = types.int; - description = lib.mdDoc '' + description = '' GID of created file. Only takes effect when the file is copied (that is, the mode is not 'symlink'). ''; @@ -185,7 +185,7 @@ in user = mkOption { default = "+${toString config.uid}"; type = types.str; - description = lib.mdDoc '' + description = '' User name of created file. Only takes effect when the file is copied (that is, the mode is not 'symlink'). Changing this option takes precedence over `uid`. @@ -195,7 +195,7 @@ in group = mkOption { default = "+${toString config.gid}"; type = types.str; - description = lib.mdDoc '' + description = '' Group name of created file. Only takes effect when the file is copied (that is, the mode is not 'symlink'). Changing this option takes precedence over `gid`. diff --git a/nixpkgs/nixos/modules/tasks/auto-upgrade.nix b/nixpkgs/nixos/modules/tasks/auto-upgrade.nix index 22311871274b..e0ee31f716aa 100644 --- a/nixpkgs/nixos/modules/tasks/auto-upgrade.nix +++ b/nixpkgs/nixos/modules/tasks/auto-upgrade.nix @@ -13,7 +13,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to periodically upgrade NixOS to the latest version. If enabled, a systemd timer will run `nixos-rebuild switch --upgrade` once a @@ -25,7 +25,7 @@ in { type = types.enum ["switch" "boot"]; default = "switch"; example = "boot"; - description = lib.mdDoc '' + description = '' Whether to run `nixos-rebuild switch --upgrade` or run `nixos-rebuild boot --upgrade` @@ -36,7 +36,7 @@ in { type = types.nullOr types.str; default = null; example = "github:kloenk/nix"; - description = lib.mdDoc '' + description = '' The Flake URI of the NixOS configuration to build. Disables the option {option}`system.autoUpgrade.channel`. ''; @@ -46,7 +46,7 @@ in { type = types.nullOr types.str; default = null; example = "https://nixos.org/channels/nixos-14.12-small"; - description = lib.mdDoc '' + description = '' The URI of the NixOS channel to use for automatic upgrades. By default, this is the channel set using {command}`nix-channel` (run `nix-channel --list` @@ -64,7 +64,7 @@ in { "extra-binary-caches" "http://my-cache.example.org/" ]; - description = lib.mdDoc '' + description = '' Any additional flags passed to {command}`nixos-rebuild`. If you are using flakes and use a local repo you can add @@ -77,7 +77,7 @@ in { type = types.str; default = "04:40"; example = "daily"; - description = lib.mdDoc '' + description = '' How often or when upgrade occurs. For most desktop and server systems a sufficient upgrade frequency is once a day. @@ -89,7 +89,7 @@ in { allowReboot = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Reboot the system into the new generation instead of a switch if the new generation uses a different kernel, kernel modules or initrd than the booted system. @@ -101,7 +101,7 @@ in { default = "0"; type = types.str; example = "45min"; - description = lib.mdDoc '' + description = '' Add a randomized delay before each automatic upgrade. The delay will be chosen between zero and this value. This value must be a time span in the format specified by @@ -113,7 +113,7 @@ in { default = false; type = types.bool; example = true; - description = lib.mdDoc '' + description = '' Make the randomized delay consistent between runs. This reduces the jitter between automatic upgrades. See {option}`randomizedDelaySec` for configuring the randomized delay. @@ -121,7 +121,7 @@ in { }; rebootWindow = mkOption { - description = lib.mdDoc '' + description = '' Define a lower and upper time value (in HH:MM format) which constitute a time window during which reboots are allowed after an upgrade. This option only has an effect when {option}`allowReboot` is enabled. @@ -132,13 +132,13 @@ in { type = with types; nullOr (submodule { options = { lower = mkOption { - description = lib.mdDoc "Lower limit of the reboot window"; + description = "Lower limit of the reboot window"; type = types.strMatching "[[:digit:]]{2}:[[:digit:]]{2}"; example = "01:00"; }; upper = mkOption { - description = lib.mdDoc "Upper limit of the reboot window"; + description = "Upper limit of the reboot window"; type = types.strMatching "[[:digit:]]{2}:[[:digit:]]{2}"; example = "05:00"; }; @@ -150,7 +150,7 @@ in { default = true; type = types.bool; example = false; - description = lib.mdDoc '' + description = '' Takes a boolean argument. If true, the time when the service unit was last triggered is stored on disk. When the timer is activated, the service unit is triggered immediately if it diff --git a/nixpkgs/nixos/modules/tasks/bcache.nix b/nixpkgs/nixos/modules/tasks/bcache.nix index 68531a4d2fed..ba3449874622 100644 --- a/nixpkgs/nixos/modules/tasks/bcache.nix +++ b/nixpkgs/nixos/modules/tasks/bcache.nix @@ -1,12 +1,12 @@ { config, lib, pkgs, ... }: let cfg = config.boot.bcache; in { - options.boot.bcache.enable = lib.mkEnableOption (lib.mdDoc "bcache mount support") // { + options.boot.bcache.enable = lib.mkEnableOption "bcache mount support" // { default = true; example = false; }; - options.boot.initrd.services.bcache.enable = lib.mkEnableOption (lib.mdDoc "bcache support in the initrd") // { - description = lib.mdDoc '' + options.boot.initrd.services.bcache.enable = lib.mkEnableOption "bcache support in the initrd" // { + description = '' *This will only be used when systemd is used in stage 1.* Whether to enable bcache support in the initrd. diff --git a/nixpkgs/nixos/modules/tasks/cpu-freq.nix b/nixpkgs/nixos/modules/tasks/cpu-freq.nix index 6869ef8b7915..f1219c07c501 100644 --- a/nixpkgs/nixos/modules/tasks/cpu-freq.nix +++ b/nixpkgs/nixos/modules/tasks/cpu-freq.nix @@ -18,7 +18,7 @@ in type = types.nullOr types.str; default = null; example = "ondemand"; - description = lib.mdDoc '' + description = '' Configure the governor used to regulate the frequency of the available CPUs. By default, the kernel configures the performance governor, although this may be overwritten in your @@ -34,7 +34,7 @@ in type = types.nullOr types.ints.unsigned; default = null; example = 2200000; - description = lib.mdDoc '' + description = '' The maximum frequency the CPU will use. Defaults to the maximum possible. ''; }; @@ -43,7 +43,7 @@ in type = types.nullOr types.ints.unsigned; default = null; example = 800000; - description = lib.mdDoc '' + description = '' The minimum frequency the CPU will use. ''; }; diff --git a/nixpkgs/nixos/modules/tasks/encrypted-devices.nix b/nixpkgs/nixos/modules/tasks/encrypted-devices.nix index da9c83ba339c..86b1aa7d2ec8 100644 --- a/nixpkgs/nixos/modules/tasks/encrypted-devices.nix +++ b/nixpkgs/nixos/modules/tasks/encrypted-devices.nix @@ -30,28 +30,28 @@ let enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc "The block device is backed by an encrypted one, adds this device as a initrd luks entry."; + description = "The block device is backed by an encrypted one, adds this device as a initrd luks entry."; }; blkDev = mkOption { default = null; example = "/dev/sda1"; type = types.nullOr types.str; - description = lib.mdDoc "Location of the backing encrypted device."; + description = "Location of the backing encrypted device."; }; label = mkOption { default = null; example = "rootfs"; type = types.nullOr types.str; - description = lib.mdDoc "Label of the unlocked encrypted device. Set `fileSystems.<name?>.device` to `/dev/mapper/<label>` to mount the unlocked device."; + description = "Label of the unlocked encrypted device. Set `fileSystems.<name?>.device` to `/dev/mapper/<label>` to mount the unlocked device."; }; keyFile = mkOption { default = null; example = "/mnt-root/root/.swapkey"; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' Path to a keyfile used to unlock the backing encrypted device. When systemd stage 1 is not enabled, at the time this keyfile is accessed, the `neededForBoot` filesystems diff --git a/nixpkgs/nixos/modules/tasks/filesystems.nix b/nixpkgs/nixos/modules/tasks/filesystems.nix index 191b46271194..cd0ba98ef968 100644 --- a/nixpkgs/nixos/modules/tasks/filesystems.nix +++ b/nixpkgs/nixos/modules/tasks/filesystems.nix @@ -33,12 +33,12 @@ let mountPoint = mkOption { example = "/mnt/usb"; type = nonEmptyWithoutTrailingSlash; - description = lib.mdDoc "Location of the mounted file system."; + description = "Location of the mounted file system."; }; stratis.poolUuid = lib.mkOption { type = types.uniq (types.nullOr types.str); - description = lib.mdDoc '' + description = '' UUID of the stratis pool that the fs is located in ''; example = "04c68063-90a5-4235-b9dd-6180098a20d9"; @@ -49,20 +49,20 @@ let default = null; example = "/dev/sda"; type = types.nullOr nonEmptyStr; - description = lib.mdDoc "Location of the device."; + description = "Location of the device."; }; fsType = mkOption { default = "auto"; example = "ext3"; type = nonEmptyStr; - description = lib.mdDoc "Type of the file system."; + description = "Type of the file system."; }; options = mkOption { default = [ "defaults" ]; example = [ "data=journal" ]; - description = lib.mdDoc "Options used to mount the file system."; + description = "Options used to mount the file system."; type = types.nonEmptyListOf nonEmptyStr; }; @@ -70,7 +70,7 @@ let default = [ ]; example = [ "/persist" ]; type = types.listOf nonEmptyWithoutTrailingSlash; - description = lib.mdDoc '' + description = '' List of paths that should be mounted before this one. This filesystem's {option}`device` and {option}`mountPoint` are always checked and do not need to be included explicitly. If a path is added @@ -97,13 +97,13 @@ let default = null; example = "root-partition"; type = types.nullOr nonEmptyStr; - description = lib.mdDoc "Label of the device (if any)."; + description = "Label of the device (if any)."; }; autoFormat = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' If the device does not currently contain a filesystem (as determined by {command}`blkid`), then automatically format it with the filesystem type specified in @@ -120,7 +120,7 @@ let autoResize = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' If set, the filesystem is grown to its maximum size before being mounted. (This is typically the size of the containing partition.) This is currently only supported for ext2/3/4 @@ -131,7 +131,7 @@ let noCheck = mkOption { default = false; type = types.bool; - description = lib.mdDoc "Disable running fsck on this filesystem."; + description = "Disable running fsck on this filesystem."; }; }; @@ -222,7 +222,7 @@ in } ''; type = types.attrsOf (types.submodule [coreFileSystemOpts fileSystemOpts]); - description = lib.mdDoc '' + description = '' The file systems to be mounted. It must include an entry for the root directory (`mountPoint = "/"`). Each entry in the list is an attribute set with the following fields: @@ -242,7 +242,7 @@ in system.fsPackages = mkOption { internal = true; default = [ ]; - description = lib.mdDoc "Packages supplying file system mounters and checkers."; + description = "Packages supplying file system mounters and checkers."; }; boot.supportedFilesystems = mkOption { @@ -257,7 +257,7 @@ in (types.listOf types.str) (enabled: lib.listToAttrs (map (fs: lib.nameValuePair fs true) enabled)) (types.attrsOf types.bool); - description = lib.mdDoc '' + description = '' Names of supported filesystem types, or an attribute set of file system types and their state. The set form may be used together with `lib.mkForce` to explicitly disable support for specific filesystems, e.g. to disable ZFS @@ -269,7 +269,7 @@ in default = {}; type = types.attrsOf (types.submodule coreFileSystemOpts); internal = true; - description = lib.mdDoc '' + description = '' Special filesystems that are mounted very early during boot. ''; }; @@ -278,7 +278,7 @@ in default = "5%"; example = "32m"; type = types.str; - description = lib.mdDoc '' + description = '' Size limit for the /dev tmpfs. Look at mount(8), tmpfs size option, for the accepted syntax. ''; @@ -288,7 +288,7 @@ in default = "50%"; example = "256m"; type = types.str; - description = lib.mdDoc '' + description = '' Size limit for the /dev/shm tmpfs. Look at mount(8), tmpfs size option, for the accepted syntax. ''; @@ -298,7 +298,7 @@ in default = "25%"; example = "256m"; type = types.str; - description = lib.mdDoc '' + description = '' Size limit for the /run tmpfs. Look at mount(8), tmpfs size option, for the accepted syntax. ''; diff --git a/nixpkgs/nixos/modules/tasks/filesystems/bcachefs.nix b/nixpkgs/nixos/modules/tasks/filesystems/bcachefs.nix index ba33edd702f7..d7e83464391c 100644 --- a/nixpkgs/nixos/modules/tasks/filesystems/bcachefs.nix +++ b/nixpkgs/nixos/modules/tasks/filesystems/bcachefs.nix @@ -57,7 +57,9 @@ let # bcachefs does not support mounting devices with colons in the path, ergo we don't (see #49671) firstDevice = fs: lib.head (lib.splitString ":" fs.device); - openCommand = name: fs: if config.boot.initrd.clevis.enable && (lib.hasAttr (firstDevice fs) config.boot.initrd.clevis.devices) then '' + useClevis = fs: config.boot.initrd.clevis.enable && (lib.hasAttr (firstDevice fs) config.boot.initrd.clevis.devices); + + openCommand = name: fs: if useClevis fs then '' if clevis decrypt < /etc/clevis/${firstDevice fs}.jwe | bcachefs unlock ${firstDevice fs} then printf "unlocked ${name} using clevis\n" @@ -92,8 +94,19 @@ let # As is, RemainAfterExit doesn't accomplish anything. RemainAfterExit = true; }; - script = '' - ${config.boot.initrd.systemd.package}/bin/systemd-ask-password --timeout=0 "enter passphrase for ${name}" | exec ${pkgs.bcachefs-tools}/bin/bcachefs unlock "${device}" + script = let + unlock = ''${pkgs.bcachefs-tools}/bin/bcachefs unlock "${device}"''; + unlockInteractively = ''${config.boot.initrd.systemd.package}/bin/systemd-ask-password --timeout=0 "enter passphrase for ${name}" | exec ${unlock}''; + in if useClevis fs then '' + if ${config.boot.initrd.clevis.package}/bin/clevis decrypt < "/etc/clevis/${device}.jwe" | ${unlock} + then + printf "unlocked ${name} using clevis\n" + else + printf "falling back to interactive unlocking...\n" + ${unlockInteractively} + fi + '' else '' + ${unlockInteractively} ''; }; }; diff --git a/nixpkgs/nixos/modules/tasks/filesystems/btrfs.nix b/nixpkgs/nixos/modules/tasks/filesystems/btrfs.nix index 8494a06f97a2..17e3a274c0e9 100644 --- a/nixpkgs/nixos/modules/tasks/filesystems/btrfs.nix +++ b/nixpkgs/nixos/modules/tasks/filesystems/btrfs.nix @@ -19,12 +19,12 @@ in # One could also do regular btrfs balances, but that shouldn't be necessary # during normal usage and as long as the filesystems aren't filled near capacity services.btrfs.autoScrub = { - enable = mkEnableOption (lib.mdDoc "regular btrfs scrub"); + enable = mkEnableOption "regular btrfs scrub"; fileSystems = mkOption { type = types.listOf types.path; example = [ "/" ]; - description = lib.mdDoc '' + description = '' List of paths to btrfs filesystems to regularly call {command}`btrfs scrub` on. Defaults to all mount points with btrfs filesystems. If you mount a filesystem multiple times or additionally mount subvolumes, @@ -36,7 +36,7 @@ in default = "monthly"; type = types.str; example = "weekly"; - description = lib.mdDoc '' + description = '' Systemd calendar expression for when to scrub btrfs filesystems. The recommended period is a month but could be less ({manpage}`btrfs-scrub(8)`). diff --git a/nixpkgs/nixos/modules/tasks/filesystems/envfs.nix b/nixpkgs/nixos/modules/tasks/filesystems/envfs.nix index 6719a03610d1..e67e6eeed9d1 100644 --- a/nixpkgs/nixos/modules/tasks/filesystems/envfs.nix +++ b/nixpkgs/nixos/modules/tasks/filesystems/envfs.nix @@ -28,8 +28,8 @@ let in { options = { services.envfs = { - enable = lib.mkEnableOption (lib.mdDoc "Envfs filesystem") // { - description = lib.mdDoc '' + enable = lib.mkEnableOption "Envfs filesystem" // { + description = '' Fuse filesystem that returns symlinks to executables based on the PATH of the requesting process. This is useful to execute shebangs on NixOS that assume hard coded locations in locations like /bin or /usr/bin @@ -41,14 +41,14 @@ in { type = lib.types.package; default = pkgs.envfs; defaultText = lib.literalExpression "pkgs.envfs"; - description = lib.mdDoc "Which package to use for the envfs."; + description = "Which package to use for the envfs."; }; extraFallbackPathCommands = lib.mkOption { type = lib.types.lines; default = ""; example = "ln -s $''{pkgs.bash}/bin/bash $out/bash"; - description = lib.mdDoc "Extra commands to run in the package that contains fallback executables in case not other executable is found"; + description = "Extra commands to run in the package that contains fallback executables in case not other executable is found"; }; }; }; diff --git a/nixpkgs/nixos/modules/tasks/filesystems/nfs.nix b/nixpkgs/nixos/modules/tasks/filesystems/nfs.nix index 462568b5db3e..765f10d33bfe 100644 --- a/nixpkgs/nixos/modules/tasks/filesystems/nfs.nix +++ b/nixpkgs/nixos/modules/tasks/filesystems/nfs.nix @@ -13,7 +13,46 @@ let format = pkgs.formats.ini {}; idmapdConfFile = format.generate "idmapd.conf" cfg.idmapd.settings; - nfsConfFile = pkgs.writeText "nfs.conf" cfg.extraConfig; + + # merge parameters from services.nfs.server + nfsConfSettings = + optionalAttrs (cfg.server.nproc != null) { + nfsd.threads = cfg.server.nproc; + } // optionalAttrs (cfg.server.hostName != null) { + nfsd.host= cfg.hostName; + } // optionalAttrs (cfg.server.mountdPort != null) { + mountd.port = cfg.server.mountdPort; + } // optionalAttrs (cfg.server.statdPort != null) { + statd.port = cfg.server.statdPort; + } // optionalAttrs (cfg.server.lockdPort != null) { + lockd.port = cfg.server.lockdPort; + lockd.udp-port = cfg.server.lockdPort; + }; + + nfsConfDeprecated = cfg.extraConfig + '' + [nfsd] + threads=${toString cfg.server.nproc} + ${optionalString (cfg.server.hostName != null) "host=${cfg.server.hostName}"} + ${cfg.server.extraNfsdConfig} + + [mountd] + ${optionalString (cfg.server.mountdPort != null) "port=${toString cfg.server.mountdPort}"} + + [statd] + ${optionalString (cfg.server.statdPort != null) "port=${toString cfg.server.statdPort}"} + + [lockd] + ${optionalString (cfg.server.lockdPort != null) '' + port=${toString cfg.server.lockdPort} + udp-port=${toString cfg.server.lockdPort} + ''} + ''; + + nfsConfFile = + if cfg.settings != {} + then format.generate "nfs.conf" (recursiveUpdate nfsConfSettings cfg.settings) + else pkgs.writeText "nfs.conf" nfsConfDeprecated; + requestKeyConfFile = pkgs.writeText "request-key.conf" '' create id_resolver * * ${pkgs.nfs-utils}/bin/nfsidmap -t 600 %k %d ''; @@ -30,7 +69,7 @@ in idmapd.settings = mkOption { type = format.type; default = {}; - description = lib.mdDoc '' + description = '' libnfsidmap configuration. Refer to <https://linux.die.net/man/5/idmapd.conf> for details. @@ -46,10 +85,23 @@ in } ''; }; + settings = mkOption { + type = format.type; + default = {}; + description = '' + General configuration for NFS daemons and tools. + See nfs.conf(5) and related man pages for details. + ''; + example = literalExpression '' + { + mountd.manage-gids = true; + } + ''; + }; extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra nfs-utils configuration. ''; }; @@ -60,6 +112,17 @@ in config = mkIf (config.boot.supportedFilesystems.nfs or config.boot.supportedFilesystems.nfs4 or false) { + warnings = + (optional (cfg.extraConfig != "") '' + `services.nfs.extraConfig` is deprecated. Use `services.nfs.settings` instead. + '') ++ (optional (cfg.server.extraNfsdConfig != "") '' + `services.nfs.server.extraNfsdConfig` is deprecated. Use `services.nfs.settings` instead. + ''); + assertions = [{ + assertion = cfg.settings != {} -> cfg.extraConfig == "" && cfg.server.extraNfsdConfig == ""; + message = "`services.nfs.settings` cannot be used together with `services.nfs.extraConfig` and `services.nfs.server.extraNfsdConfig`."; + }]; + services.rpcbind.enable = true; services.nfs.idmapd.settings = { diff --git a/nixpkgs/nixos/modules/tasks/filesystems/overlayfs.nix b/nixpkgs/nixos/modules/tasks/filesystems/overlayfs.nix index e71ef9ba62e9..2d876c92a1fd 100644 --- a/nixpkgs/nixos/modules/tasks/filesystems/overlayfs.nix +++ b/nixpkgs/nixos/modules/tasks/filesystems/overlayfs.nix @@ -44,7 +44,7 @@ let lowerdir = lib.mkOption { type = with lib.types; nullOr (nonEmptyListOf (either str pathInStore)); default = null; - description = lib.mdDoc '' + description = '' The list of path(s) to the lowerdir(s). To create a writable overlay, you MUST provide an upperdir and a @@ -58,7 +58,7 @@ let upperdir = lib.mkOption { type = lib.types.nullOr lib.types.str; default = null; - description = lib.mdDoc '' + description = '' The path to the upperdir. If this is null, a read-only overlay is created using the lowerdir. @@ -70,7 +70,7 @@ let workdir = lib.mkOption { type = lib.types.nullOr lib.types.str; default = null; - description = lib.mdDoc '' + description = '' The path to the workdir. This MUST be set if you set `upperdir`. diff --git a/nixpkgs/nixos/modules/tasks/filesystems/zfs.nix b/nixpkgs/nixos/modules/tasks/filesystems/zfs.nix index d11424c11c81..2c749d45d7a1 100644 --- a/nixpkgs/nixos/modules/tasks/filesystems/zfs.nix +++ b/nixpkgs/nixos/modules/tasks/filesystems/zfs.nix @@ -222,14 +222,14 @@ in type = types.package; default = pkgs.zfs; defaultText = literalExpression "pkgs.zfs"; - description = lib.mdDoc "Configured ZFS userland tools package, use `pkgs.zfs_unstable` if you want to track the latest staging ZFS branch."; + description = "Configured ZFS userland tools package, use `pkgs.zfs_unstable` if you want to track the latest staging ZFS branch."; }; modulePackage = mkOption { internal = true; # It is supposed to be selected automatically, but can be overridden by expert users. default = selectModulePackage cfgZfs.package; type = types.package; - description = lib.mdDoc "Configured ZFS kernel module package."; + description = "Configured ZFS kernel module package."; }; enabled = mkOption { @@ -237,13 +237,13 @@ in type = types.bool; default = inInitrd || inSystem; defaultText = literalMD "`true` if ZFS filesystem support is enabled"; - description = lib.mdDoc "True if ZFS filesystem support is enabled"; + description = "True if ZFS filesystem support is enabled"; }; allowHibernation = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Allow hibernation support, this may be a unsafe option depending on your setup. Make sure to NOT use Swap on ZFS. ''; @@ -253,7 +253,7 @@ in type = types.listOf types.str; default = []; example = [ "tank" "data" ]; - description = lib.mdDoc '' + description = '' Name or GUID of extra ZFS pools that you wish to import during boot. Usually this is not necessary. Instead, you should set the mountpoint property @@ -271,7 +271,7 @@ in devNodes = mkOption { type = types.path; default = "/dev/disk/by-id"; - description = lib.mdDoc '' + description = '' Name of directory from which to import ZFS devices. This should be a path under /dev containing stable names for all devices needed, as @@ -282,7 +282,7 @@ in forceImportRoot = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Forcibly import the ZFS root pool(s) during early boot. This is enabled by default for backwards compatibility purposes, but it is highly @@ -300,7 +300,7 @@ in forceImportAll = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Forcibly import all ZFS pool(s). If you set this option to `false` and NixOS subsequently fails to @@ -314,7 +314,7 @@ in type = types.either types.bool (types.listOf types.str); default = true; example = [ "tank" "data" ]; - description = lib.mdDoc '' + description = '' If true on import encryption keys or passwords for all encrypted datasets are requested. To only decrypt selected datasets supply a list of dataset names instead. For root pools the encryption key can be supplied via both @@ -325,7 +325,7 @@ in passwordTimeout = mkOption { type = types.int; default = 0; - description = lib.mdDoc '' + description = '' Timeout in seconds to wait for password entry for decrypt at boot. Defaults to 0, which waits forever. @@ -349,7 +349,7 @@ in enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Enable the (OpenSolaris-compatible) ZFS auto-snapshotting service. Note that you must set the `com.sun:auto-snapshot` property to `true` on all datasets which you wish @@ -365,7 +365,7 @@ in default = "-k -p"; example = "-k -p --utc"; type = types.str; - description = lib.mdDoc '' + description = '' Flags to pass to the zfs-auto-snapshot command. Run `zfs-auto-snapshot` (without any arguments) to @@ -383,7 +383,7 @@ in frequent = mkOption { default = 4; type = types.int; - description = lib.mdDoc '' + description = '' Number of frequent (15-minute) auto-snapshots that you wish to keep. ''; }; @@ -391,7 +391,7 @@ in hourly = mkOption { default = 24; type = types.int; - description = lib.mdDoc '' + description = '' Number of hourly auto-snapshots that you wish to keep. ''; }; @@ -399,7 +399,7 @@ in daily = mkOption { default = 7; type = types.int; - description = lib.mdDoc '' + description = '' Number of daily auto-snapshots that you wish to keep. ''; }; @@ -407,7 +407,7 @@ in weekly = mkOption { default = 4; type = types.int; - description = lib.mdDoc '' + description = '' Number of weekly auto-snapshots that you wish to keep. ''; }; @@ -415,7 +415,7 @@ in monthly = mkOption { default = 12; type = types.int; - description = lib.mdDoc '' + description = '' Number of monthly auto-snapshots that you wish to keep. ''; }; @@ -423,7 +423,7 @@ in services.zfs.trim = { enable = mkOption { - description = lib.mdDoc "Whether to enable periodic TRIM on all ZFS pools."; + description = "Whether to enable periodic TRIM on all ZFS pools."; default = true; example = false; type = types.bool; @@ -433,7 +433,7 @@ in default = "weekly"; type = types.str; example = "daily"; - description = lib.mdDoc '' + description = '' How often we run trim. For most desktop and server systems a sufficient trimming frequency is once a week. @@ -444,13 +444,13 @@ in }; services.zfs.autoScrub = { - enable = mkEnableOption (lib.mdDoc "periodic scrubbing of ZFS pools"); + enable = mkEnableOption "periodic scrubbing of ZFS pools"; interval = mkOption { default = "Sun, 02:00"; type = types.str; example = "daily"; - description = lib.mdDoc '' + description = '' Systemd calendar expression when to scrub ZFS pools. See {manpage}`systemd.time(7)`. ''; @@ -460,7 +460,7 @@ in default = []; type = types.listOf types.str; example = [ "tank" ]; - description = lib.mdDoc '' + description = '' List of ZFS pools to periodically scrub. If empty, all pools will be scrubbed. ''; @@ -471,7 +471,7 @@ in type = types.either (types.enum [ "disabled" "all" ]) (types.listOf types.str); default = "disabled"; example = [ "tank" "dozer" ]; - description = lib.mdDoc '' + description = '' After importing, expand each device in the specified pools. Set the value to the plain string "all" to expand all pools on boot: @@ -491,7 +491,7 @@ in defaultText = literalExpression '' config.services.mail.sendmailSetuidWrapper != null ''; - description = mdDoc '' + description = '' Whether to enable ZED's ability to send emails. ''; }; @@ -513,7 +513,7 @@ in ZED_SCRUB_AFTER_RESILVER = false; } ''; - description = lib.mdDoc '' + description = '' ZFS Event Daemon /etc/zfs/zed.d/zed.rc content See @@ -576,6 +576,8 @@ in copy_bin_and_libs ${cfgZfs.package}/sbin/zfs copy_bin_and_libs ${cfgZfs.package}/sbin/zdb copy_bin_and_libs ${cfgZfs.package}/sbin/zpool + copy_bin_and_libs ${cfgZfs.package}/lib/udev/vdev_id + copy_bin_and_libs ${cfgZfs.package}/lib/udev/zvol_id ''; extraUtilsCommandsTest = mkIf (!config.boot.initrd.systemd.enable) '' @@ -632,7 +634,12 @@ in zfs = "${cfgZfs.package}/sbin/zfs"; awk = "${pkgs.gawk}/bin/awk"; }; + storePaths = [ + "${cfgZfs.package}/lib/udev/vdev_id" + "${cfgZfs.package}/lib/udev/zvol_id" + ]; }; + services.udev.packages = [cfgZfs.package]; # to hook zvol naming, in stage 1 }; systemd.shutdownRamfs.contents."/etc/systemd/system-shutdown/zpool".source = pkgs.writeShellScript "zpool-sync-shutdown" '' diff --git a/nixpkgs/nixos/modules/tasks/lvm.nix b/nixpkgs/nixos/modules/tasks/lvm.nix index 325a5aa45b1e..9607218ec069 100644 --- a/nixpkgs/nixos/modules/tasks/lvm.nix +++ b/nixpkgs/nixos/modules/tasks/lvm.nix @@ -5,7 +5,7 @@ let cfg = config.services.lvm; in { options.services.lvm = { - enable = mkEnableOption (lib.mdDoc "lvm2") // { + enable = mkEnableOption "lvm2" // { default = true; }; @@ -14,19 +14,19 @@ in { default = pkgs.lvm2; internal = true; defaultText = literalExpression "pkgs.lvm2"; - description = lib.mdDoc '' + description = '' This option allows you to override the LVM package that's used on the system (udev rules, tmpfiles, systemd services). Defaults to pkgs.lvm2, pkgs.lvm2_dmeventd if dmeventd or pkgs.lvm2_vdo if vdo is enabled. ''; }; - dmeventd.enable = mkEnableOption (lib.mdDoc "the LVM dmevent daemon"); - boot.thin.enable = mkEnableOption (lib.mdDoc "support for booting from ThinLVs"); - boot.vdo.enable = mkEnableOption (lib.mdDoc "support for booting from VDOLVs"); + dmeventd.enable = mkEnableOption "the LVM dmevent daemon"; + boot.thin.enable = mkEnableOption "support for booting from ThinLVs"; + boot.vdo.enable = mkEnableOption "support for booting from VDOLVs"; }; - options.boot.initrd.services.lvm.enable = mkEnableOption (lib.mdDoc "booting from LVM2 in the initrd") // { - description = lib.mdDoc '' + options.boot.initrd.services.lvm.enable = mkEnableOption "booting from LVM2 in the initrd" // { + description = '' *This will only be used when systemd is used in stage 1.* Whether to enable booting from LVM2 in the initrd. diff --git a/nixpkgs/nixos/modules/tasks/network-interfaces.nix b/nixpkgs/nixos/modules/tasks/network-interfaces.nix index ca0b219b3c93..7e3e24c727b2 100644 --- a/nixpkgs/nixos/modules/tasks/network-interfaces.nix +++ b/nixpkgs/nixos/modules/tasks/network-interfaces.nix @@ -59,7 +59,7 @@ let { options = { address = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' IPv${toString v} address of the interface. Leave empty to configure the interface using DHCP. ''; @@ -67,7 +67,7 @@ let prefixLength = mkOption { type = types.addCheck types.int (n: n >= 0 && n <= (if v == 4 then 32 else 128)); - description = lib.mdDoc '' + description = '' Subnet mask of the interface, specified as the number of bits in the prefix (`${if v == 4 then "24" else "64"}`). ''; @@ -79,12 +79,12 @@ let { options = { address = mkOption { type = types.str; - description = lib.mdDoc "IPv${toString v} address of the network."; + description = "IPv${toString v} address of the network."; }; prefixLength = mkOption { type = types.addCheck types.int (n: n >= 0 && n <= (if v == 4 then 32 else 128)); - description = lib.mdDoc '' + description = '' Subnet mask of the network, specified as the number of bits in the prefix (`${if v == 4 then "24" else "64"}`). ''; @@ -95,7 +95,7 @@ let "unicast" "local" "broadcast" "multicast" ]); default = null; - description = lib.mdDoc '' + description = '' Type of the route. See the `Route types` section in the `ip-route(8)` manual page for the details. @@ -109,14 +109,14 @@ let via = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "IPv${toString v} address of the next hop."; + description = "IPv${toString v} address of the next hop."; }; options = mkOption { type = types.attrsOf types.str; default = { }; example = { mtu = "1492"; window = "524288"; }; - description = lib.mdDoc '' + description = '' Other route options. See the symbol `OPTIONS` in the `ip-route(8)` manual page for the details. You may also specify `metric`, @@ -138,21 +138,21 @@ let address = mkOption { type = types.str; - description = lib.mdDoc "The default gateway address."; + description = "The default gateway address."; }; interface = mkOption { type = types.nullOr types.str; default = null; example = "enp0s3"; - description = lib.mdDoc "The default gateway interface."; + description = "The default gateway interface."; }; metric = mkOption { type = types.nullOr types.int; default = null; example = 42; - description = lib.mdDoc "The default gateway metric/preference."; + description = "The default gateway metric/preference."; }; }; @@ -165,14 +165,14 @@ let name = mkOption { example = "eth0"; type = types.str; - description = lib.mdDoc "Name of the interface."; + description = "Name of the interface."; }; tempAddress = mkOption { type = types.enum (lib.attrNames tempaddrValues); default = cfg.tempAddresses; defaultText = literalExpression ''config.networking.tempAddresses''; - description = lib.mdDoc '' + description = '' When IPv6 is enabled with SLAAC, this option controls the use of temporary address (aka privacy extensions) on this interface. This is used to reduce tracking. @@ -189,7 +189,7 @@ let useDHCP = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether this interface should be configured with DHCP. Overrides the default set by {option}`networking.useDHCP`. If `null` (the default), DHCP is enabled if the interface has no IPv4 addresses configured @@ -205,7 +205,7 @@ let { address = "192.168.1.1"; prefixLength = 24; } ]; type = with types; listOf (submodule (addrOpts 4)); - description = lib.mdDoc '' + description = '' List of IPv4 addresses that will be statically assigned to the interface. ''; }; @@ -217,7 +217,7 @@ let { address = "2001:1470:fffd:2098::e006"; prefixLength = 64; } ]; type = with types; listOf (submodule (addrOpts 6)); - description = lib.mdDoc '' + description = '' List of IPv6 addresses that will be statically assigned to the interface. ''; }; @@ -229,7 +229,7 @@ let { address = "192.168.2.0"; prefixLength = 24; via = "192.168.1.1"; } ]; type = with types; listOf (submodule (routeOpts 4)); - description = lib.mdDoc '' + description = '' List of extra IPv4 static routes that will be assigned to the interface. ::: {.warning} @@ -253,7 +253,7 @@ let { address = "2001:1470:fffd:2098::"; prefixLength = 64; via = "fdfd:b3f0::1"; } ]; type = with types; listOf (submodule (routeOpts 6)); - description = lib.mdDoc '' + description = '' List of extra IPv6 static routes that will be assigned to the interface. ''; }; @@ -262,7 +262,7 @@ let default = null; example = "00:11:22:33:44:55"; type = types.nullOr (types.str); - description = lib.mdDoc '' + description = '' MAC address of the interface. Leave empty to use the default. ''; }; @@ -271,7 +271,7 @@ let default = null; example = 9000; type = types.nullOr types.int; - description = lib.mdDoc '' + description = '' MTU size for packets leaving the interface. Leave empty to use the default. ''; }; @@ -279,7 +279,7 @@ let virtual = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether this interface is virtual and should be created by tunctl. This is mainly useful for creating bridges between a host and a virtual network such as VPN or a virtual machine. @@ -289,7 +289,7 @@ let virtualOwner = mkOption { default = "root"; type = types.str; - description = lib.mdDoc '' + description = '' In case of a virtual device, the user who owns it. ''; }; @@ -298,7 +298,7 @@ let default = if hasPrefix "tun" name then "tun" else "tap"; defaultText = literalExpression ''if hasPrefix "tun" name then "tun" else "tap"''; type = with types; enum [ "tun" "tap" ]; - description = lib.mdDoc '' + description = '' The type of interface to create. The default is TUN for an interface name starting with "tun", otherwise TAP. @@ -308,7 +308,7 @@ let proxyARP = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Turn on proxy_arp for this device. This is mainly useful for creating pseudo-bridges between a real interface and a virtual network such as VPN or a virtual machine for @@ -327,14 +327,14 @@ let enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable wol on this interface."; + description = "Whether to enable wol on this interface."; }; policy = mkOption { type = with types; listOf ( enum ["phy" "unicast" "multicast" "broadcast" "arp" "magic" "secureon"] ); default = ["magic"]; - description = lib.mdDoc '' + description = '' The [Wake-on-LAN policy](https://www.freedesktop.org/software/systemd/man/systemd.link.html#WakeOnLan=) to set for the device. @@ -392,20 +392,20 @@ let options = { name = mkOption { - description = lib.mdDoc "Name of the interface"; + description = "Name of the interface"; example = "eth0"; type = types.str; }; vlan = mkOption { - description = lib.mdDoc "Vlan tag to apply to interface"; + description = "Vlan tag to apply to interface"; example = 10; type = types.nullOr types.int; default = null; }; type = mkOption { - description = lib.mdDoc "Openvswitch type to assign to interface"; + description = "Openvswitch type to assign to interface"; example = "internal"; type = types.nullOr types.str; default = null; @@ -462,7 +462,7 @@ in # reasons (as undocumented feature): type = types.strMatching "^$|^[[:alnum:]]([[:alnum:]_-]{0,61}[[:alnum:]])?$"; - description = lib.mdDoc '' + description = '' The name of the machine. Leave it empty if you want to obtain it from a DHCP server (if using DHCP). The hostname must be a valid DNS label (see RFC 1035 section 2.3.1: "Preferred name syntax", RFC 1123 section 2.1: @@ -492,7 +492,7 @@ in both networking.hostName and networking.domain are set properly. ''; defaultText = literalExpression ''"''${networking.hostName}.''${networking.domain}"''; - description = lib.mdDoc '' + description = '' The fully qualified domain name (FQDN) of this host. It is the result of combining `networking.hostName` and `networking.domain.` Using this option will result in an evaluation error if the hostname is empty or @@ -510,7 +510,7 @@ in defaultText = literalExpression '' if cfg.domain == null then cfg.hostName else cfg.fqdn ''; - description = lib.mdDoc '' + description = '' Either the fully qualified domain name (FQDN), or just the host name if it does not exists. @@ -524,7 +524,7 @@ in default = null; example = "4e98920d"; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' The 32-bit host ID of the machine, formatted as 8 hexadecimal characters. You should try to make this ID unique among your machines. You can @@ -544,7 +544,7 @@ in networking.enableIPv6 = mkOption { default = true; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to enable support for IPv6. ''; }; @@ -556,7 +556,7 @@ in interface = "enp3s0"; }; type = types.nullOr (types.coercedTo types.str gatewayCoerce (types.submodule gatewayOpts)); - description = lib.mdDoc '' + description = '' The default gateway. It can be left empty if it is auto-detected through DHCP. It can be specified as a string or an option set along with a network interface. ''; @@ -569,7 +569,7 @@ in interface = "enp3s0"; }; type = types.nullOr (types.coercedTo types.str gatewayCoerce (types.submodule gatewayOpts)); - description = lib.mdDoc '' + description = '' The default ipv6 gateway. It can be left empty if it is auto-detected through DHCP. It can be specified as a string or an option set along with a network interface. ''; @@ -579,7 +579,7 @@ in default = null; example = 524288; type = types.nullOr types.int; - description = lib.mdDoc '' + description = '' The window size of the default gateway. It limits maximal data bursts that TCP peers are allowed to send to us. ''; @@ -589,7 +589,7 @@ in type = types.listOf types.str; default = []; example = ["130.161.158.4" "130.161.33.17"]; - description = lib.mdDoc '' + description = '' The list of nameservers. It can be left empty if it is auto-detected through DHCP. ''; }; @@ -598,7 +598,7 @@ in default = []; example = [ "example.com" "home.arpa" ]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' The list of search paths used when resolving domain names. ''; }; @@ -607,7 +607,7 @@ in default = null; example = "home.arpa"; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' The domain. It can be left empty if it is auto-detected through DHCP. ''; }; @@ -615,7 +615,7 @@ in networking.useHostResolvConf = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' In containers, whether to use the {file}`resolv.conf` supplied by the host. ''; @@ -625,7 +625,7 @@ in type = types.lines; default = ""; example = "text=anything; echo You can put $text here."; - description = lib.mdDoc '' + description = '' Shell commands to be executed at the end of the `network-setup` systemd service. Note that if you are using DHCP to obtain the network configuration, @@ -641,7 +641,7 @@ in prefixLength = 25; } ]; }; - description = lib.mdDoc '' + description = '' The configuration for each network interface. Please note that {option}`systemd.network.netdevs` has more features @@ -657,8 +657,7 @@ in { vs0.interfaces = { eth0 = { }; lo1 = { type="internal"; }; }; vs1.interfaces = [ { name = "eth2"; } { name = "lo2"; type="internal"; } ]; }; - description = - lib.mdDoc '' + description = '' This option allows you to define Open vSwitches that connect physical networks together. The value of this option is an attribute set. Each attribute specifies a vswitch, with the @@ -671,7 +670,7 @@ in options = { interfaces = mkOption { - description = lib.mdDoc "The physical network interfaces connected by the vSwitch."; + description = "The physical network interfaces connected by the vSwitch."; type = with types; attrsOf (submodule vswitchInterfaceOpts); }; @@ -679,7 +678,7 @@ in type = types.listOf types.str; default = []; example = [ "ptcp:6653:[::1]" ]; - description = lib.mdDoc '' + description = '' Specify the controller targets. For the allowed options see `man 8 ovs-vsctl`. ''; }; @@ -690,7 +689,7 @@ in example = '' actions=normal ''; - description = lib.mdDoc '' + description = '' OpenFlow rules to insert into the Open vSwitch. All `openFlowRules` are loaded with `ovs-ofctl` within one atomic operation. ''; @@ -701,7 +700,7 @@ in type = types.listOf types.str; example = [ "OpenFlow10" "OpenFlow13" "OpenFlow14" ]; default = [ "OpenFlow13" ]; - description = lib.mdDoc '' + description = '' Supported versions to enable on this switch. ''; }; @@ -710,7 +709,7 @@ in openFlowVersion = mkOption { type = types.str; default = "OpenFlow13"; - description = lib.mdDoc '' + description = '' Version of OpenFlow protocol to use when communicating with the switch internally (e.g. with `openFlowRules`). ''; }; @@ -722,7 +721,7 @@ in set-fail-mode <switch_name> secure set Bridge <switch_name> stp_enable=true ''; - description = lib.mdDoc '' + description = '' Commands to manipulate the Open vSwitch database. Every line executed with `ovs-vsctl`. All commands are bundled together with the operations for adding the interfaces into one atomic operation. @@ -741,8 +740,7 @@ in { br0.interfaces = [ "eth0" "eth1" ]; br1.interfaces = [ "eth2" "wlan0" ]; }; - description = - lib.mdDoc '' + description = '' This option allows you to define Ethernet bridge devices that connect physical networks together. The value of this option is an attribute set. Each attribute specifies a @@ -757,14 +755,13 @@ in interfaces = mkOption { example = [ "eth0" "eth1" ]; type = types.listOf types.str; - description = - lib.mdDoc "The physical network interfaces connected by the bridge."; + description = "The physical network interfaces connected by the bridge."; }; rstp = mkOption { default = false; type = types.bool; - description = lib.mdDoc "Whether the bridge interface should enable rstp."; + description = "Whether the bridge interface should enable rstp."; }; }; @@ -792,7 +789,7 @@ in anotherBond.interfaces = [ "enp4s0f0" "enp4s0f1" "enp5s0f0" "enp5s0f1" ]; } ''; - description = lib.mdDoc '' + description = '' This option allows you to define bond devices that aggregate multiple, underlying networking interfaces together. The value of this option is an attribute set. Each attribute specifies a bond, with the attribute @@ -806,14 +803,14 @@ in interfaces = mkOption { example = [ "enp4s0f0" "enp4s0f1" "wlan0" ]; type = types.listOf types.str; - description = lib.mdDoc "The interfaces to bond together"; + description = "The interfaces to bond together"; }; driverOptions = mkOption { type = types.attrsOf types.str; default = {}; example = literalExpression driverOptionsExample; - description = lib.mdDoc '' + description = '' Options for the bonding driver. Documentation can be found in <https://www.kernel.org/doc/Documentation/networking/bonding.txt> @@ -825,7 +822,7 @@ in default = null; example = "fast"; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' DEPRECATED, use `driverOptions`. Option specifying the rate in which we'll ask our link partner to transmit LACPDU packets in 802.3ad mode. @@ -836,7 +833,7 @@ in default = null; example = 100; type = types.nullOr types.int; - description = lib.mdDoc '' + description = '' DEPRECATED, use `driverOptions`. Miimon is the number of millisecond in between each round of polling by the device driver for failed links. By default polling is not @@ -849,7 +846,7 @@ in default = null; example = "active-backup"; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' DEPRECATED, use `driverOptions`. The mode which the bond will be running. The default mode for the bonding driver is balance-rr, optimizing for throughput. @@ -862,7 +859,7 @@ in default = null; example = "layer2+3"; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' DEPRECATED, use `driverOptions`. Selects the transmit hash policy to use for slave selection in balance-xor, 802.3ad, and tlb modes. @@ -884,7 +881,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' This option allows you to define macvlan interfaces which should be automatically created. ''; @@ -894,14 +891,14 @@ in interface = mkOption { example = "enp4s0"; type = types.str; - description = lib.mdDoc "The interface the macvlan will transmit packets through."; + description = "The interface the macvlan will transmit packets through."; }; mode = mkOption { default = null; type = types.nullOr types.str; example = "vepa"; - description = lib.mdDoc "The mode of the macvlan device."; + description = "The mode of the macvlan device."; }; }; @@ -916,7 +913,7 @@ in primary = { port = 9001; local = { address = "192.0.2.1"; dev = "eth0"; }; }; backup = { port = 9002; }; }; - description = lib.mdDoc '' + description = '' This option allows you to configure Foo Over UDP and Generic UDP Encapsulation endpoints. See {manpage}`ip-fou(8)` for details. ''; @@ -924,7 +921,7 @@ in options = { port = mkOption { type = port; - description = lib.mdDoc '' + description = '' Local port of the encapsulation UDP socket. ''; }; @@ -932,7 +929,7 @@ in protocol = mkOption { type = nullOr (ints.between 1 255); default = null; - description = lib.mdDoc '' + description = '' Protocol number of the encapsulated packets. Specifying `null` (the default) creates a GUE endpoint, specifying a protocol number will create a FOU endpoint. @@ -944,7 +941,7 @@ in options = { address = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Local address to bind to. The address must be available when the FOU endpoint is created, using the scripted network setup this can be achieved either by setting `dev` or adding dependency information to @@ -957,7 +954,7 @@ in type = nullOr str; default = null; example = "eth0"; - description = lib.mdDoc '' + description = '' Network device to bind to. ''; }; @@ -965,7 +962,7 @@ in }); default = null; example = { address = "203.0.113.22"; }; - description = lib.mdDoc '' + description = '' Local address (and optionally device) to bind to using the given port. ''; }; @@ -989,7 +986,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' This option allows you to define 6-to-4 interfaces which should be automatically created. ''; type = with types; attrsOf (submodule { @@ -999,7 +996,7 @@ in type = types.nullOr types.str; default = null; example = "10.0.0.1"; - description = lib.mdDoc '' + description = '' The address of the remote endpoint to forward traffic over. ''; }; @@ -1008,7 +1005,7 @@ in type = types.nullOr types.str; default = null; example = "10.0.0.22"; - description = lib.mdDoc '' + description = '' The address of the local endpoint which the remote side should send packets to. ''; @@ -1018,7 +1015,7 @@ in type = types.nullOr types.int; default = null; example = 255; - description = lib.mdDoc '' + description = '' The time-to-live of the connection to the remote tunnel endpoint. ''; }; @@ -1027,7 +1024,7 @@ in type = types.nullOr types.str; default = null; example = "enp4s0f0"; - description = lib.mdDoc '' + description = '' The underlying network device on which the tunnel resides. ''; }; @@ -1037,7 +1034,7 @@ in options = { type = mkOption { type = enum [ "fou" "gue" ]; - description = lib.mdDoc '' + description = '' Selects encapsulation type. See {manpage}`ip-link(8)` for details. ''; @@ -1046,7 +1043,7 @@ in port = mkOption { type = port; example = 9001; - description = lib.mdDoc '' + description = '' Destination port for encapsulated packets. ''; }; @@ -1055,7 +1052,7 @@ in type = nullOr types.port; default = null; example = 9002; - description = lib.mdDoc '' + description = '' Source port for encapsulated packets. Will be chosen automatically by the kernel if unset. ''; @@ -1064,7 +1061,7 @@ in }); default = null; example = { type = "fou"; port = 9001; }; - description = lib.mdDoc '' + description = '' Configures encapsulation in UDP packets. ''; }; @@ -1094,7 +1091,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' This option allows you to define Generic Routing Encapsulation (GRE) tunnels. ''; type = with types; attrsOf (submodule { @@ -1104,7 +1101,7 @@ in type = types.nullOr types.str; default = null; example = "10.0.0.1"; - description = lib.mdDoc '' + description = '' The address of the remote endpoint to forward traffic over. ''; }; @@ -1113,7 +1110,7 @@ in type = types.nullOr types.str; default = null; example = "10.0.0.22"; - description = lib.mdDoc '' + description = '' The address of the local endpoint which the remote side should send packets to. ''; @@ -1123,7 +1120,7 @@ in type = types.nullOr types.str; default = null; example = "enp4s0f0"; - description = lib.mdDoc '' + description = '' The underlying network device on which the tunnel resides. ''; }; @@ -1132,7 +1129,7 @@ in type = types.nullOr types.int; default = null; example = 255; - description = lib.mdDoc '' + description = '' The time-to-live/hoplimit of the connection to the remote tunnel endpoint. ''; }; @@ -1147,7 +1144,7 @@ in tun6 = "ip6gre"; tap6 = "ip6gretap"; }.${v}; - description = lib.mdDoc '' + description = '' Whether the tunnel routes layer 2 (tap) or layer 3 (tun) traffic. ''; }; @@ -1169,8 +1166,7 @@ in }; } ''; - description = - lib.mdDoc '' + description = '' This option allows you to define vlan devices that tag packets on top of a physical interface. The value of this option is an attribute set. Each attribute specifies a vlan, with the name @@ -1184,13 +1180,13 @@ in id = mkOption { example = 1; type = types.int; - description = lib.mdDoc "The vlan identifier"; + description = "The vlan identifier"; }; interface = mkOption { example = "enp4s0"; type = types.str; - description = lib.mdDoc "The interface the vlan will transmit packets through."; + description = "The interface the vlan will transmit packets through."; }; }; @@ -1221,8 +1217,7 @@ in }; } ''; - description = - lib.mdDoc '' + description = '' Creating multiple WLAN interfaces on top of one physical WLAN device (NIC). The name of the WLAN interface corresponds to the name of the attribute. @@ -1243,14 +1238,14 @@ in device = mkOption { type = types.str; example = "wlp6s0"; - description = lib.mdDoc "The name of the underlying hardware WLAN device as assigned by `udev`."; + description = "The name of the underlying hardware WLAN device as assigned by `udev`."; }; type = mkOption { type = types.enum [ "managed" "ibss" "monitor" "mesh" "wds" ]; default = "managed"; example = "ibss"; - description = lib.mdDoc '' + description = '' The type of the WLAN interface. The type has to be supported by the underlying hardware of the device. ''; @@ -1259,14 +1254,14 @@ in meshID = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "MeshID of interface with type `mesh`."; + description = "MeshID of interface with type `mesh`."; }; flags = mkOption { type = with types; nullOr (enum [ "none" "fcsfail" "control" "otherbss" "cook" "active" ]); default = null; example = "control"; - description = lib.mdDoc '' + description = '' Flags for interface of type `monitor`. ''; }; @@ -1274,14 +1269,14 @@ in fourAddr = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc "Whether to enable `4-address mode` with type `managed`."; + description = "Whether to enable `4-address mode` with type `managed`."; }; mac = mkOption { type = types.nullOr types.str; default = null; example = "02:00:00:00:00:01"; - description = lib.mdDoc '' + description = '' MAC address to use for the device. If `null`, then the MAC of the underlying hardware WLAN device is used. @@ -1302,7 +1297,7 @@ in networking.useDHCP = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to use DHCP to obtain an IP address and other configuration for all network interfaces that do not have any manually configured IPv4 addresses. @@ -1312,7 +1307,7 @@ in networking.useNetworkd = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether we should use networkd as the network configuration backend or the legacy script based system. Note that this option is experimental, enable at your own risk. @@ -1325,7 +1320,7 @@ in if ''${config.${opt.enableIPv6}} then "default" else "disabled" ''; type = types.enum (lib.attrNames tempaddrValues); - description = lib.mdDoc '' + description = '' Whether to enable IPv6 Privacy Extensions for interfaces not configured explicitly in [](#opt-networking.interfaces._name_.tempAddress). diff --git a/nixpkgs/nixos/modules/tasks/powertop.nix b/nixpkgs/nixos/modules/tasks/powertop.nix index 3839b7a4260e..e8064f9fa80c 100644 --- a/nixpkgs/nixos/modules/tasks/powertop.nix +++ b/nixpkgs/nixos/modules/tasks/powertop.nix @@ -7,7 +7,7 @@ let in { ###### interface - options.powerManagement.powertop.enable = mkEnableOption (lib.mdDoc "powertop auto tuning on startup"); + options.powerManagement.powertop.enable = mkEnableOption "powertop auto tuning on startup"; ###### implementation diff --git a/nixpkgs/nixos/modules/tasks/scsi-link-power-management.nix b/nixpkgs/nixos/modules/tasks/scsi-link-power-management.nix index a5395657e992..549c35fc5b8d 100644 --- a/nixpkgs/nixos/modules/tasks/scsi-link-power-management.nix +++ b/nixpkgs/nixos/modules/tasks/scsi-link-power-management.nix @@ -25,7 +25,7 @@ in powerManagement.scsiLinkPolicy = mkOption { default = null; type = types.nullOr (types.enum allowedValues); - description = lib.mdDoc '' + description = '' SCSI link power management policy. The kernel default is "max_performance". diff --git a/nixpkgs/nixos/modules/tasks/stratis.nix b/nixpkgs/nixos/modules/tasks/stratis.nix index 9a85fe23f248..f4bb09a89e7f 100644 --- a/nixpkgs/nixos/modules/tasks/stratis.nix +++ b/nixpkgs/nixos/modules/tasks/stratis.nix @@ -5,7 +5,7 @@ let in { options.services.stratis = { - enable = lib.mkEnableOption (lib.mdDoc "Stratis Storage - Easy to use local storage management for Linux"); + enable = lib.mkEnableOption "Stratis Storage - Easy to use local storage management for Linux"; }; config = lib.mkIf cfg.enable { diff --git a/nixpkgs/nixos/modules/tasks/swraid.nix b/nixpkgs/nixos/modules/tasks/swraid.nix index 249755bc0548..ad9b1ab0fa1a 100644 --- a/nixpkgs/nixos/modules/tasks/swraid.nix +++ b/nixpkgs/nixos/modules/tasks/swraid.nix @@ -17,8 +17,8 @@ in { options.boot.swraid = { - enable = lib.mkEnableOption (lib.mdDoc "swraid support using mdadm") // { - description = lib.mdDoc '' + enable = lib.mkEnableOption "swraid support using mdadm" // { + description = '' Whether to enable support for Linux MD RAID arrays. When this is enabled, mdadm will be added to the system path, @@ -32,11 +32,11 @@ in { procedure. ''; default = enable_implicitly_for_old_state_versions; - defaultText = lib.mdDoc "`true` if stateVersion is older than 23.11"; + defaultText = "`true` if stateVersion is older than 23.11"; }; mdadmConf = lib.mkOption { - description = lib.mdDoc "Contents of {file}`/etc/mdadm.conf`."; + description = "Contents of {file}`/etc/mdadm.conf`."; type = lib.types.lines; default = ""; }; diff --git a/nixpkgs/nixos/modules/tasks/trackpoint.nix b/nixpkgs/nixos/modules/tasks/trackpoint.nix index b3f6f32eaa47..0859f83fcef5 100644 --- a/nixpkgs/nixos/modules/tasks/trackpoint.nix +++ b/nixpkgs/nixos/modules/tasks/trackpoint.nix @@ -12,7 +12,7 @@ with lib; enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Enable sensitivity and speed configuration for trackpoints. ''; }; @@ -21,7 +21,7 @@ with lib; default = 128; example = 255; type = types.int; - description = lib.mdDoc '' + description = '' Configure the trackpoint sensitivity. By default, the kernel configures 128. ''; @@ -31,7 +31,7 @@ with lib; default = 97; example = 255; type = types.int; - description = lib.mdDoc '' + description = '' Configure the trackpoint speed. By default, the kernel configures 97. ''; @@ -40,7 +40,7 @@ with lib; emulateWheel = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Enable scrolling while holding the middle mouse button. ''; }; @@ -48,7 +48,7 @@ with lib; fakeButtons = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Switch to "bare" PS/2 mouse support in case Trackpoint buttons are not recognized properly. This can happen for example on models like the L430, T450, T450s, on which the Trackpoint buttons are actually a part of the Synaptics touchpad. @@ -58,7 +58,7 @@ with lib; device = mkOption { default = "TPPS/2 IBM TrackPoint"; type = types.str; - description = lib.mdDoc '' + description = '' The device name of the trackpoint. You can check with xinput. Some newer devices (example x1c6) use "TPPS/2 Elan TrackPoint". ''; diff --git a/nixpkgs/nixos/modules/testing/service-runner.nix b/nixpkgs/nixos/modules/testing/service-runner.nix index bdb35f128a73..9060be3cca11 100644 --- a/nixpkgs/nixos/modules/testing/service-runner.nix +++ b/nixpkgs/nixos/modules/testing/service-runner.nix @@ -107,7 +107,7 @@ let opts = { config, name, ... }: { options.runner = mkOption { internal = true; - description = lib.mdDoc '' + description = '' A script that runs the service outside of systemd, useful for testing or for using NixOS services outside of NixOS. diff --git a/nixpkgs/nixos/modules/testing/test-instrumentation.nix b/nixpkgs/nixos/modules/testing/test-instrumentation.nix index 50a54a006415..28abbe66adaf 100644 --- a/nixpkgs/nixos/modules/testing/test-instrumentation.nix +++ b/nixpkgs/nixos/modules/testing/test-instrumentation.nix @@ -56,14 +56,14 @@ in options.testing = { - initrdBackdoor = lib.mkEnableOption (lib.mdDoc '' + initrdBackdoor = lib.mkEnableOption '' enable backdoor.service in initrd. Requires boot.initrd.systemd.enable to be enabled. Boot will pause in stage 1 at initrd.target, and will listen for commands from the Machine python interface, just like stage 2 normally does. This enables commands to be sent to test and debug stage 1. Use machine.switch_root() to leave stage 1 and proceed to stage 2. - ''); + ''; }; @@ -170,7 +170,7 @@ in # thing, but for VM tests it should provide a bit more # determinism (e.g. if the VM runs at lower speed, then # timeouts in the VM should also be delayed). - "clock=acpi_pm" + "clocksource=acpi_pm" ]; # `xwininfo' is used by the test driver to query open windows. @@ -216,7 +216,7 @@ in # uses credentials to set passwords on users. users.users.root.hashedPasswordFile = mkOverride 150 "${pkgs.writeText "hashed-password.root" ""}"; - services.xserver.displayManager.job.logToJournal = true; + services.displayManager.logToJournal = true; # Make sure we use the Guest Agent from the QEMU package for testing # to reduce the closure size required for the tests. diff --git a/nixpkgs/nixos/modules/virtualisation/amazon-init.nix b/nixpkgs/nixos/modules/virtualisation/amazon-init.nix index 8475097df07c..612f6c5bc765 100644 --- a/nixpkgs/nixos/modules/virtualisation/amazon-init.nix +++ b/nixpkgs/nixos/modules/virtualisation/amazon-init.nix @@ -60,7 +60,7 @@ in { enable = mkOption { default = true; type = types.bool; - description = lib.mdDoc '' + description = '' Enable or disable the amazon-init service. ''; }; diff --git a/nixpkgs/nixos/modules/virtualisation/amazon-options.nix b/nixpkgs/nixos/modules/virtualisation/amazon-options.nix index 3ea4a6cf7818..0eabcccfeced 100644 --- a/nixpkgs/nixos/modules/virtualisation/amazon-options.nix +++ b/nixpkgs/nixos/modules/virtualisation/amazon-options.nix @@ -8,13 +8,13 @@ in { enable = lib.mkOption { default = false; internal = true; - description = lib.mdDoc '' + description = '' Whether the EC2 instance uses a ZFS root. ''; }; datasets = lib.mkOption { - description = lib.mdDoc '' + description = '' Datasets to create under the `tank` and `boot` zpools. **NOTE:** This option is used only at image creation time, and @@ -27,13 +27,13 @@ in { type = types.attrsOf (types.submodule { options = { mount = lib.mkOption { - description = lib.mdDoc "Where to mount this dataset."; + description = "Where to mount this dataset."; type = types.nullOr types.str; default = null; }; properties = lib.mkOption { - description = lib.mdDoc "Properties to set on this dataset."; + description = "Properties to set on this dataset."; type = types.attrsOf types.str; default = {}; }; @@ -45,7 +45,7 @@ in { default = pkgs.stdenv.hostPlatform.isAarch64; defaultText = literalExpression "pkgs.stdenv.hostPlatform.isAarch64"; internal = true; - description = lib.mdDoc '' + description = '' Whether the EC2 instance is using EFI. ''; }; diff --git a/nixpkgs/nixos/modules/virtualisation/anbox.nix b/nixpkgs/nixos/modules/virtualisation/anbox.nix index 523d9a9576ef..d9ff01fb5ded 100644 --- a/nixpkgs/nixos/modules/virtualisation/anbox.nix +++ b/nixpkgs/nixos/modules/virtualisation/anbox.nix @@ -10,7 +10,7 @@ let address = mkOption { default = addr; type = types.str; - description = lib.mdDoc '' + description = '' IPv${toString v} ${name} address. ''; }; @@ -18,7 +18,7 @@ let prefixLength = mkOption { default = pref; type = types.addCheck types.int (n: n >= 0 && n <= (if v == 4 then 32 else 128)); - description = lib.mdDoc '' + description = '' Subnet mask of the ${name} address, specified as the number of bits in the prefix (`${if v == 4 then "24" else "64"}`). ''; @@ -53,13 +53,13 @@ in options.virtualisation.anbox = { - enable = mkEnableOption (lib.mdDoc "Anbox"); + enable = mkEnableOption "Anbox"; image = mkOption { default = pkgs.anbox.image; defaultText = literalExpression "pkgs.anbox.image"; type = types.package; - description = lib.mdDoc '' + description = '' Base android image for Anbox. ''; }; @@ -67,7 +67,7 @@ in imageModifications = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Commands to edit the image filesystem. This can be used to e.g. bundle a privileged F-Droid. @@ -79,7 +79,7 @@ in extraInit = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra shell commands to be run inside the container image during init. ''; }; @@ -91,7 +91,7 @@ in dns = mkOption { default = "1.1.1.1"; type = types.str; - description = lib.mdDoc '' + description = '' Container DNS server. ''; }; diff --git a/nixpkgs/nixos/modules/virtualisation/appvm.nix b/nixpkgs/nixos/modules/virtualisation/appvm.nix index 9fe2995d37a0..852244c5d98b 100644 --- a/nixpkgs/nixos/modules/virtualisation/appvm.nix +++ b/nixpkgs/nixos/modules/virtualisation/appvm.nix @@ -13,13 +13,13 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' This enables AppVMs and related virtualisation settings. ''; }; user = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' AppVM user login. Currently only AppVMs are supported for a single user only. ''; }; diff --git a/nixpkgs/nixos/modules/virtualisation/azure-agent.nix b/nixpkgs/nixos/modules/virtualisation/azure-agent.nix index ac4cd752615d..5b3b7080ea68 100644 --- a/nixpkgs/nixos/modules/virtualisation/azure-agent.nix +++ b/nixpkgs/nixos/modules/virtualisation/azure-agent.nix @@ -19,15 +19,15 @@ in options.virtualisation.azure.agent = { enable = mkOption { default = false; - description = lib.mdDoc "Whether to enable the Windows Azure Linux Agent."; + description = "Whether to enable the Windows Azure Linux Agent."; }; verboseLogging = mkOption { default = false; - description = lib.mdDoc "Whether to enable verbose logging."; + description = "Whether to enable verbose logging."; }; mountResourceDisk = mkOption { default = true; - description = lib.mdDoc "Whether the agent should format (ext4) and mount the resource disk to /mnt/resource."; + description = "Whether the agent should format (ext4) and mount the resource disk to /mnt/resource."; }; }; diff --git a/nixpkgs/nixos/modules/virtualisation/azure-image.nix b/nixpkgs/nixos/modules/virtualisation/azure-image.nix index d909680cca1f..98678346a8fd 100644 --- a/nixpkgs/nixos/modules/virtualisation/azure-image.nix +++ b/nixpkgs/nixos/modules/virtualisation/azure-image.nix @@ -12,14 +12,14 @@ in type = with types; either (enum [ "auto" ]) int; default = "auto"; example = 2048; - description = lib.mdDoc '' + description = '' Size of disk image. Unit is MB. ''; }; virtualisation.azureImage.contents = mkOption { type = with types; listOf attrs; default = [ ]; - description = lib.mdDoc '' + description = '' Extra contents to add to the image. ''; }; diff --git a/nixpkgs/nixos/modules/virtualisation/build-vm.nix b/nixpkgs/nixos/modules/virtualisation/build-vm.nix index e94254416316..7e279a27364d 100644 --- a/nixpkgs/nixos/modules/virtualisation/build-vm.nix +++ b/nixpkgs/nixos/modules/virtualisation/build-vm.nix @@ -25,7 +25,7 @@ in options = { virtualisation.vmVariant = mkOption { - description = lib.mdDoc '' + description = '' Machine configuration to be added for the vm script produced by `nixos-rebuild build-vm`. ''; inherit (vmVariant) type; @@ -34,7 +34,7 @@ in }; virtualisation.vmVariantWithBootLoader = mkOption { - description = lib.mdDoc '' + description = '' Machine configuration to be added for the vm script produced by `nixos-rebuild build-vm-with-bootloader`. ''; inherit (vmVariantWithBootLoader) type; diff --git a/nixpkgs/nixos/modules/virtualisation/containerd.nix b/nixpkgs/nixos/modules/virtualisation/containerd.nix index f6e3c8387298..ea89a994b172 100644 --- a/nixpkgs/nixos/modules/virtualisation/containerd.nix +++ b/nixpkgs/nixos/modules/virtualisation/containerd.nix @@ -19,11 +19,11 @@ in { options.virtualisation.containerd = with lib.types; { - enable = lib.mkEnableOption (lib.mdDoc "containerd container runtime"); + enable = lib.mkEnableOption "containerd container runtime"; configFile = lib.mkOption { default = null; - description = lib.mdDoc '' + description = '' Path to containerd config file. Setting this option will override any configuration applied by the settings option. ''; @@ -33,14 +33,14 @@ in settings = lib.mkOption { type = settingsFormat.type; default = {}; - description = lib.mdDoc '' + description = '' Verbatim lines to add to containerd.toml ''; }; args = lib.mkOption { default = {}; - description = lib.mdDoc "extra args to append to the containerd cmdline"; + description = "extra args to append to the containerd cmdline"; type = attrsOf str; }; }; diff --git a/nixpkgs/nixos/modules/virtualisation/containers.nix b/nixpkgs/nixos/modules/virtualisation/containers.nix index b3d81078eb34..65620dd3935b 100644 --- a/nixpkgs/nixos/modules/virtualisation/containers.nix +++ b/nixpkgs/nixos/modules/virtualisation/containers.nix @@ -17,7 +17,7 @@ in mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' This option enables the common /etc/containers configuration module. ''; }; @@ -25,50 +25,13 @@ in ociSeccompBpfHook.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable the OCI seccomp BPF hook"; - }; - - cdi = { - dynamic.nvidia.enable = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc '' - Enable dynamic CDI configuration for NVidia devices by running nvidia-container-toolkit on boot. - ''; - }; - - static = mkOption { - type = types.attrs; - default = { }; - description = lib.mdDoc '' - Declarative CDI specification. Each key of the attribute set - will be mapped to a file in /etc/cdi. It is required for every - key to be provided in JSON format. - ''; - example = { - some-vendor = builtins.fromJSON '' - { - "cdiVersion": "0.5.0", - "kind": "some-vendor.com/foo", - "devices": [], - "containerEdits": [] - } - ''; - - some-other-vendor = { - cdiVersion = "0.5.0"; - kind = "some-other-vendor.com/bar"; - devices = []; - containerEdits = []; - }; - }; - }; + description = "Enable the OCI seccomp BPF hook"; }; containersConf.settings = mkOption { type = toml.type; default = { }; - description = lib.mdDoc "containers.conf configuration"; + description = "containers.conf configuration"; }; containersConf.cniPlugins = mkOption { @@ -83,7 +46,7 @@ in pkgs.cniPlugins.dnsname ] ''; - description = lib.mdDoc '' + description = '' CNI plugins to install on the system. ''; }; @@ -97,14 +60,14 @@ in runroot = "/run/containers/storage"; }; }; - description = lib.mdDoc "storage.conf configuration"; + description = "storage.conf configuration"; }; registries = { search = mkOption { type = types.listOf types.str; default = [ "docker.io" "quay.io" ]; - description = lib.mdDoc '' + description = '' List of repositories to search. ''; }; @@ -112,7 +75,7 @@ in insecure = mkOption { default = [ ]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' List of insecure repositories. ''; }; @@ -120,7 +83,7 @@ in block = mkOption { default = [ ]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' List of blocked repositories. ''; }; @@ -139,7 +102,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' Signature verification policy file. If this option is empty the default policy file from `skopeo` will be used. @@ -150,8 +113,6 @@ in config = lib.mkIf cfg.enable { - hardware.nvidia-container-toolkit-cdi-generator.enable = lib.mkIf cfg.cdi.dynamic.nvidia.enable true; - virtualisation.containers.containersConf.cniPlugins = [ pkgs.cni-plugins ]; virtualisation.containers.containersConf.settings = { @@ -163,13 +124,7 @@ in }; }; - environment.etc = let - cdiStaticConfigurationFiles = (lib.attrsets.mapAttrs' - (name: value: - lib.attrsets.nameValuePair "cdi/${name}.json" - { text = builtins.toJSON value; }) - cfg.cdi.static); - in { + environment.etc = { "containers/containers.conf".source = toml.generate "containers.conf" cfg.containersConf.settings; @@ -183,7 +138,7 @@ in "containers/policy.json".source = if cfg.policy != { } then pkgs.writeText "policy.json" (builtins.toJSON cfg.policy) else "${pkgs.skopeo.policy}/default-policy.json"; - } // cdiStaticConfigurationFiles; + }; }; diff --git a/nixpkgs/nixos/modules/virtualisation/cri-o.nix b/nixpkgs/nixos/modules/virtualisation/cri-o.nix index 417cf516c7f4..78f414ffce6b 100644 --- a/nixpkgs/nixos/modules/virtualisation/cri-o.nix +++ b/nixpkgs/nixos/modules/virtualisation/cri-o.nix @@ -19,38 +19,38 @@ in }; options.virtualisation.cri-o = { - enable = mkEnableOption (lib.mdDoc "Container Runtime Interface for OCI (CRI-O)"); + enable = mkEnableOption "Container Runtime Interface for OCI (CRI-O)"; storageDriver = mkOption { type = types.enum [ "aufs" "btrfs" "devmapper" "overlay" "vfs" "zfs" ]; default = "overlay"; - description = lib.mdDoc "Storage driver to be used"; + description = "Storage driver to be used"; }; logLevel = mkOption { type = types.enum [ "trace" "debug" "info" "warn" "error" "fatal" ]; default = "info"; - description = lib.mdDoc "Log level to be used"; + description = "Log level to be used"; }; pauseImage = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "Override the default pause image for pod sandboxes"; + description = "Override the default pause image for pod sandboxes"; example = "k8s.gcr.io/pause:3.2"; }; pauseCommand = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "Override the default pause command"; + description = "Override the default pause command"; example = "/pause"; }; runtime = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "Override the default runtime"; + description = "Override the default runtime"; example = "crun"; }; @@ -62,7 +62,7 @@ in pkgs.gvisor ] ''; - description = lib.mdDoc '' + description = '' Extra packages to be installed in the CRI-O wrapper. ''; }; @@ -71,7 +71,7 @@ in type = types.package; default = crioPackage; internal = true; - description = lib.mdDoc '' + description = '' The final CRI-O package (including extra packages). ''; }; @@ -79,14 +79,14 @@ in networkDir = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc "Override the network_dir option."; + description = "Override the network_dir option."; internal = true; }; settings = mkOption { type = format.type; default = { }; - description = lib.mdDoc '' + description = '' Configuration for cri-o, see <https://github.com/cri-o/cri-o/blob/master/docs/crio.conf.5.md>. ''; diff --git a/nixpkgs/nixos/modules/virtualisation/digital-ocean-config.nix b/nixpkgs/nixos/modules/virtualisation/digital-ocean-config.nix index e004b7880aad..4ef2b85551c6 100644 --- a/nixpkgs/nixos/modules/virtualisation/digital-ocean-config.nix +++ b/nixpkgs/nixos/modules/virtualisation/digital-ocean-config.nix @@ -10,19 +10,19 @@ with lib; type = bool; default = false; example = true; - description = lib.mdDoc "Whether to set the root password from the Digital Ocean metadata"; + description = "Whether to set the root password from the Digital Ocean metadata"; }; setSshKeys = mkOption { type = bool; default = true; example = true; - description = lib.mdDoc "Whether to fetch ssh keys from Digital Ocean"; + description = "Whether to fetch ssh keys from Digital Ocean"; }; seedEntropy = mkOption { type = bool; default = true; example = true; - description = lib.mdDoc "Whether to run the kernel RNG entropy seeding script from the Digital Ocean vendor data"; + description = "Whether to run the kernel RNG entropy seeding script from the Digital Ocean vendor data"; }; }; config = @@ -31,7 +31,7 @@ with lib; hostName = config.networking.hostName; doMetadataFile = "/run/do-metadata/v1.json"; in mkMerge [{ - fileSystems."/" = { + fileSystems."/" = lib.mkDefault { device = "/dev/disk/by-label/nixos"; autoResize = true; fsType = "ext4"; @@ -41,11 +41,7 @@ with lib; kernelParams = [ "console=ttyS0" "panic=1" "boot.panic_on_fail" ]; initrd.kernelModules = [ "virtio_scsi" ]; kernelModules = [ "virtio_pci" "virtio_net" ]; - loader = { - grub.device = "/dev/vda"; - timeout = 0; - grub.configurationLimit = 0; - }; + loader.grub.devices = ["/dev/vda"]; }; services.openssh = { enable = mkDefault true; diff --git a/nixpkgs/nixos/modules/virtualisation/digital-ocean-image.nix b/nixpkgs/nixos/modules/virtualisation/digital-ocean-image.nix index a57c89245f2e..53791e911406 100644 --- a/nixpkgs/nixos/modules/virtualisation/digital-ocean-image.nix +++ b/nixpkgs/nixos/modules/virtualisation/digital-ocean-image.nix @@ -13,7 +13,7 @@ in type = with types; either (enum [ "auto" ]) int; default = "auto"; example = 4096; - description = lib.mdDoc '' + description = '' Size of disk image. Unit is MB. ''; }; @@ -21,7 +21,7 @@ in virtualisation.digitalOceanImage.configFile = mkOption { type = with types; nullOr path; default = null; - description = lib.mdDoc '' + description = '' A path to a configuration file which will be placed at `/etc/nixos/configuration.nix` and be used when switching to a new configuration. If set to `null`, a default @@ -34,7 +34,7 @@ in type = types.enum [ "gzip" "bzip2" ]; default = "gzip"; example = "bzip2"; - description = lib.mdDoc '' + description = '' Disk image compression method. Choose bzip2 to generate smaller images that take longer to generate but will consume less metered storage space on your Digital Ocean account. diff --git a/nixpkgs/nixos/modules/virtualisation/digital-ocean-init.nix b/nixpkgs/nixos/modules/virtualisation/digital-ocean-init.nix index 1a5d4e898e96..b8ccd218d20a 100644 --- a/nixpkgs/nixos/modules/virtualisation/digital-ocean-init.nix +++ b/nixpkgs/nixos/modules/virtualisation/digital-ocean-init.nix @@ -15,7 +15,7 @@ in { type = types.bool; default = true; example = true; - description = lib.mdDoc "Whether to reconfigure the system from Digital Ocean user data"; + description = "Whether to reconfigure the system from Digital Ocean user data"; }; options.virtualisation.digitalOcean.defaultConfigFile = mkOption { type = types.path; @@ -24,7 +24,7 @@ in { The default configuration imports user-data if applicable and `(modulesPath + "/virtualisation/digital-ocean-config.nix")`. ''; - description = lib.mdDoc '' + description = '' A path to a configuration file which will be placed at `/etc/nixos/configuration.nix` and be used when switching to a new configuration. diff --git a/nixpkgs/nixos/modules/virtualisation/docker-rootless.nix b/nixpkgs/nixos/modules/virtualisation/docker-rootless.nix index 1cdb98b704ce..bad9136afd29 100644 --- a/nixpkgs/nixos/modules/virtualisation/docker-rootless.nix +++ b/nixpkgs/nixos/modules/virtualisation/docker-rootless.nix @@ -18,7 +18,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' This option enables docker in a rootless mode, a daemon that manages linux containers. To interact with the daemon, one needs to set {command}`DOCKER_HOST=unix://$XDG_RUNTIME_DIR/docker.sock`. @@ -28,7 +28,7 @@ in setSocketVariable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Point {command}`DOCKER_HOST` to rootless Docker instance for normal users by default. ''; @@ -41,7 +41,7 @@ in ipv6 = true; "fixed-cidr-v6" = "fd00::/80"; }; - description = lib.mdDoc '' + description = '' Configuration for docker daemon. The attributes are serialized to JSON used as daemon.conf. See https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file ''; diff --git a/nixpkgs/nixos/modules/virtualisation/docker.nix b/nixpkgs/nixos/modules/virtualisation/docker.nix index cceb186e0b36..bcc649dcbec0 100644 --- a/nixpkgs/nixos/modules/virtualisation/docker.nix +++ b/nixpkgs/nixos/modules/virtualisation/docker.nix @@ -20,8 +20,7 @@ in mkOption { type = types.bool; default = false; - description = - lib.mdDoc '' + description = '' This option enables docker, a daemon that manages linux containers. Users in the "docker" group can interact with the daemon (e.g. to start or stop containers) using the @@ -33,8 +32,7 @@ in mkOption { type = types.listOf types.str; default = ["/run/docker.sock"]; - description = - lib.mdDoc '' + description = '' A list of unix and tcp docker should listen to. The format follows ListenStream as described in systemd.socket(5). ''; @@ -44,8 +42,7 @@ in mkOption { type = types.bool; default = true; - description = - lib.mdDoc '' + description = '' When enabled dockerd is started on boot. This is required for containers which are created with the `--restart=always` flag to work. If this option is @@ -61,7 +58,7 @@ in ipv6 = true; "fixed-cidr-v6" = "fd00::/80"; }; - description = lib.mdDoc '' + description = '' Configuration for docker daemon. The attributes are serialized to JSON used as daemon.conf. See https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file ''; @@ -71,7 +68,7 @@ in mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' **Deprecated**, please use virtualisation.containers.cdi.dynamic.nvidia.enable instead. Enable nvidia-docker wrapper, supporting NVIDIA GPUs inside docker containers. @@ -82,8 +79,7 @@ in mkOption { type = types.bool; default = true; - description = - lib.mdDoc '' + description = '' Allow dockerd to be restarted without affecting running container. This option is incompatible with docker swarm. ''; @@ -93,8 +89,7 @@ in mkOption { type = types.nullOr (types.enum ["aufs" "btrfs" "devicemapper" "overlay" "overlay2" "zfs"]); default = null; - description = - lib.mdDoc '' + description = '' This option determines which Docker [storage driver](https://docs.docker.com/storage/storagedriver/select-storage-driver/) to use. @@ -114,8 +109,7 @@ in mkOption { type = types.enum ["none" "json-file" "syslog" "journald" "gelf" "fluentd" "awslogs" "splunk" "etwlogs" "gcplogs" "local"]; default = "journald"; - description = - lib.mdDoc '' + description = '' This option determines which Docker log driver to use. ''; }; @@ -124,8 +118,7 @@ in mkOption { type = types.separatedString " "; default = ""; - description = - lib.mdDoc '' + description = '' The extra command-line options to pass to {command}`docker` daemon. ''; @@ -135,7 +128,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to periodically prune Docker resources. If enabled, a systemd timer will run `docker system prune -f` as specified by the `dates` option. @@ -146,7 +139,7 @@ in type = types.listOf types.str; default = []; example = [ "--all" ]; - description = lib.mdDoc '' + description = '' Any additional flags passed to {command}`docker system prune`. ''; }; @@ -154,7 +147,7 @@ in dates = mkOption { default = "weekly"; type = types.str; - description = lib.mdDoc '' + description = '' Specification (in the format described by {manpage}`systemd.time(7)`) of the time at which the prune will occur. @@ -168,7 +161,7 @@ in type = types.listOf types.package; default = [ ]; example = literalExpression "with pkgs; [ criu ]"; - description = lib.mdDoc '' + description = '' Extra packages to add to PATH for the docker daemon process. ''; }; diff --git a/nixpkgs/nixos/modules/virtualisation/ecs-agent.nix b/nixpkgs/nixos/modules/virtualisation/ecs-agent.nix index 76bdccca9872..ad23cbedcca7 100644 --- a/nixpkgs/nixos/modules/virtualisation/ecs-agent.nix +++ b/nixpkgs/nixos/modules/virtualisation/ecs-agent.nix @@ -6,13 +6,13 @@ let cfg = config.services.ecs-agent; in { options.services.ecs-agent = { - enable = mkEnableOption (lib.mdDoc "Amazon ECS agent"); + enable = mkEnableOption "Amazon ECS agent"; package = mkPackageOption pkgs "ecs-agent" { }; extra-environment = mkOption { type = types.attrsOf types.str; - description = lib.mdDoc "The environment the ECS agent should run with. See the ECS agent documentation for keys that work here."; + description = "The environment the ECS agent should run with. See the ECS agent documentation for keys that work here."; default = {}; }; }; diff --git a/nixpkgs/nixos/modules/virtualisation/google-compute-image.nix b/nixpkgs/nixos/modules/virtualisation/google-compute-image.nix index e4a18fd81d71..8e7b31b439bf 100644 --- a/nixpkgs/nixos/modules/virtualisation/google-compute-image.nix +++ b/nixpkgs/nixos/modules/virtualisation/google-compute-image.nix @@ -21,7 +21,7 @@ in type = with types; either (enum [ "auto" ]) int; default = "auto"; example = 1536; - description = lib.mdDoc '' + description = '' Size of disk image. Unit is MB. ''; }; @@ -29,7 +29,7 @@ in virtualisation.googleComputeImage.configFile = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' A path to a configuration file which will be placed at `/etc/nixos/configuration.nix` and be used when switching to a new configuration. If set to `null`, a default configuration is used, where the only import is @@ -40,7 +40,7 @@ in virtualisation.googleComputeImage.compressionLevel = mkOption { type = types.int; default = 6; - description = lib.mdDoc '' + description = '' GZIP compression level of the resulting disk image (1-9). ''; }; diff --git a/nixpkgs/nixos/modules/virtualisation/hyperv-guest.nix b/nixpkgs/nixos/modules/virtualisation/hyperv-guest.nix index cba4f92abe82..af7ef02bdcff 100644 --- a/nixpkgs/nixos/modules/virtualisation/hyperv-guest.nix +++ b/nixpkgs/nixos/modules/virtualisation/hyperv-guest.nix @@ -8,13 +8,13 @@ let in { options = { virtualisation.hypervGuest = { - enable = mkEnableOption (lib.mdDoc "Hyper-V Guest Support"); + enable = mkEnableOption "Hyper-V Guest Support"; videoMode = mkOption { type = types.str; default = "1152x864"; example = "1024x768"; - description = lib.mdDoc '' + description = '' Resolution at which to initialize the video adapter. Supports screen resolution up to Full HD 1920x1080 with 32 bit color diff --git a/nixpkgs/nixos/modules/virtualisation/hyperv-image.nix b/nixpkgs/nixos/modules/virtualisation/hyperv-image.nix index fddff7bf1c69..eb1bbe9f3a58 100644 --- a/nixpkgs/nixos/modules/virtualisation/hyperv-image.nix +++ b/nixpkgs/nixos/modules/virtualisation/hyperv-image.nix @@ -12,21 +12,21 @@ in { type = with types; either (enum [ "auto" ]) int; default = "auto"; example = 2048; - description = lib.mdDoc '' + description = '' The size of the hyper-v base image in MiB. ''; }; vmDerivationName = mkOption { type = types.str; default = "nixos-hyperv-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}"; - description = lib.mdDoc '' + description = '' The name of the derivation for the hyper-v appliance. ''; }; vmFileName = mkOption { type = types.str; default = "nixos-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.vhdx"; - description = lib.mdDoc '' + description = '' The file name of the hyper-v appliance. ''; }; diff --git a/nixpkgs/nixos/modules/virtualisation/incus.nix b/nixpkgs/nixos/modules/virtualisation/incus.nix index 1ceaa40cca9d..4d04853d20a5 100644 --- a/nixpkgs/nixos/modules/virtualisation/incus.nix +++ b/nixpkgs/nixos/modules/virtualisation/incus.nix @@ -9,7 +9,7 @@ let cfg = config.virtualisation.incus; preseedFormat = pkgs.formats.yaml { }; - serverBinPath = ''${pkgs.qemu_kvm}/libexec:${ + serverBinPath = ''/run/wrappers/bin:${pkgs.qemu_kvm}/libexec:${ lib.makeBinPath ( with pkgs; [ @@ -33,35 +33,65 @@ let gzip iproute2 iptables + iw kmod + libnvidia-container + libxfs lvm2 minio + minio-client nftables - qemu_kvm qemu-utils + qemu_kvm rsync + squashfs-tools-ng squashfsTools + sshfs + swtpm systemd thin-provisioning-tools util-linux virtiofsd + xdelta xz + ] + ++ lib.optionals config.security.apparmor.enable [ + apparmor-bin-utils (writeShellScriptBin "apparmor_parser" '' exec '${apparmor-parser}/bin/apparmor_parser' -I '${apparmor-profiles}/etc/apparmor.d' "$@" '') ] + ++ lib.optionals config.services.ceph.client.enable [ ceph-client ] + ++ lib.optionals config.virtualisation.vswitch.enable [ config.virtualisation.vswitch.package ] ++ lib.optionals config.boot.zfs.enabled [ config.boot.zfs.package "${config.boot.zfs.package}/lib/udev" ] - ++ lib.optionals config.virtualisation.vswitch.enable [ config.virtualisation.vswitch.package ] ) }''; # https://github.com/lxc/incus/blob/cff35a29ee3d7a2af1f937cbb6cf23776941854b/internal/server/instance/drivers/driver_qemu.go#L123 + OVMF2MB = pkgs.OVMF.override { + secureBoot = true; + fdSize2MB = true; + }; ovmf-prefix = if pkgs.stdenv.hostPlatform.isAarch64 then "AAVMF" else "OVMF"; ovmf = pkgs.linkFarm "incus-ovmf" [ + # 2MB must remain the default or existing VMs will fail to boot. New VMs will prefer 4MB + { + name = "OVMF_CODE.fd"; + path = "${OVMF2MB.fd}/FV/${ovmf-prefix}_CODE.fd"; + } + { + name = "OVMF_VARS.fd"; + path = "${OVMF2MB.fd}/FV/${ovmf-prefix}_VARS.fd"; + } + { + name = "OVMF_VARS.ms.fd"; + path = "${OVMF2MB.fd}/FV/${ovmf-prefix}_VARS.fd"; + } + { name = "OVMF_CODE.4MB.fd"; path = "${pkgs.OVMFFull.fd}/FV/${ovmf-prefix}_CODE.fd"; @@ -91,14 +121,21 @@ in {command}`incus` command line tool, among others. ''; - package = lib.mkPackageOption pkgs "incus" { }; + package = lib.mkPackageOption pkgs "incus-lts" { }; - lxcPackage = lib.mkPackageOption pkgs "lxc" { }; + lxcPackage = lib.mkOption { + type = lib.types.package; + default = config.virtualisation.lxc.package; + defaultText = lib.literalExpression "config.virtualisation.lxc.package"; + description = "The lxc package to use."; + }; - clientPackage = lib.mkPackageOption pkgs [ - "incus" - "client" - ] { }; + clientPackage = lib.mkOption { + type = lib.types.package; + default = cfg.package.client; + defaultText = lib.literalExpression "config.virtualisation.incus.package.client"; + description = "The incus client package to use. This package is added to PATH."; + }; preseed = lib.mkOption { type = lib.types.nullOr (lib.types.submodule { freeformType = preseedFormat.type; }); diff --git a/nixpkgs/nixos/modules/virtualisation/kvmgt.nix b/nixpkgs/nixos/modules/virtualisation/kvmgt.nix index 1e02636f81f4..7d795f8ff5d7 100644 --- a/nixpkgs/nixos/modules/virtualisation/kvmgt.nix +++ b/nixpkgs/nixos/modules/virtualisation/kvmgt.nix @@ -10,28 +10,28 @@ let vgpuOptions = { uuid = mkOption { type = with types; listOf str; - description = lib.mdDoc "UUID(s) of VGPU device. You can generate one with `libossp_uuid`."; + description = "UUID(s) of VGPU device. You can generate one with `libossp_uuid`."; }; }; in { options = { virtualisation.kvmgt = { - enable = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption '' KVMGT (iGVT-g) VGPU support. Allows Qemu/KVM guests to share host's Intel integrated graphics card. Currently only one graphical device can be shared. To allow users to access the device without root add them to the kvm group: `users.extraUsers.<yourusername>.extraGroups = [ "kvm" ];` - ''); + ''; # multi GPU support is under the question device = mkOption { type = types.str; default = "0000:00:02.0"; - description = lib.mdDoc "PCI ID of graphics card. You can figure it with {command}`ls /sys/class/mdev_bus`."; + description = "PCI ID of graphics card. You can figure it with {command}`ls /sys/class/mdev_bus`."; }; vgpus = mkOption { default = {}; type = with types; attrsOf (submodule [ { options = vgpuOptions; } ]); - description = lib.mdDoc '' + description = '' Virtual GPUs to be used in Qemu. You can find devices via {command}`ls /sys/bus/pci/devices/*/mdev_supported_types` and find info about device via {command}`cat /sys/bus/pci/devices/*/mdev_supported_types/i915-GVTg_V5_4/description` ''; diff --git a/nixpkgs/nixos/modules/virtualisation/libvirtd.nix b/nixpkgs/nixos/modules/virtualisation/libvirtd.nix index b8f952d3ba0e..226ece817670 100644 --- a/nixpkgs/nixos/modules/virtualisation/libvirtd.nix +++ b/nixpkgs/nixos/modules/virtualisation/libvirtd.nix @@ -29,7 +29,7 @@ let enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Allows libvirtd to take advantage of OVMF when creating new QEMU VMs with UEFI boot. ''; @@ -47,7 +47,7 @@ let default = [ pkgs.OVMF.fd ]; defaultText = literalExpression "[ pkgs.OVMF.fd ]"; example = literalExpression "[ pkgs.OVMFFull.fd pkgs.pkgsCross.aarch64-multiplatform.OVMF.fd ]"; - description = lib.mdDoc '' + description = '' List of OVMF packages to use. Each listed package must contain files names FV/OVMF_CODE.fd and FV/OVMF_VARS.fd or FV/AAVMF_CODE.fd and FV/AAVMF_VARS.fd ''; }; @@ -59,7 +59,7 @@ let enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Allows libvirtd to use swtpm to create an emulated TPM. ''; }; @@ -80,7 +80,7 @@ let runAsRoot = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' If true, libvirtd runs qemu as root. If false, libvirtd runs qemu as unprivileged user qemu-libvirtd. Changing this option to false may cause file permission issues @@ -94,7 +94,7 @@ let default = '' namespaces = [] ''; - description = lib.mdDoc '' + description = '' Contents written to the qemu configuration file, qemu.conf. Make sure to include a proper namespace configuration when supplying custom configuration. @@ -104,7 +104,7 @@ let ovmf = mkOption { type = ovmfModule; default = { }; - description = lib.mdDoc '' + description = '' QEMU's OVMF options. ''; }; @@ -112,7 +112,7 @@ let swtpm = mkOption { type = swtpmModule; default = { }; - description = lib.mdDoc '' + description = '' QEMU's swtpm options. ''; }; @@ -121,7 +121,7 @@ let type = types.listOf types.package; default = [ ]; example = lib.literalExpression "[ pkgs.virtiofsd ]"; - description = lib.mdDoc '' + description = '' Packages containing out-of-tree vhost-user drivers. ''; }; @@ -133,7 +133,7 @@ let daemon = mkOption { type = types.attrsOf types.path; default = { }; - description = lib.mdDoc '' + description = '' Hooks that will be placed under /var/lib/libvirt/hooks/daemon.d/ and called for daemon start/shutdown/SIGHUP events. Please see https://libvirt.org/hooks.html for documentation. @@ -143,7 +143,7 @@ let qemu = mkOption { type = types.attrsOf types.path; default = { }; - description = lib.mdDoc '' + description = '' Hooks that will be placed under /var/lib/libvirt/hooks/qemu.d/ and called for qemu domains begin/end/migrate events. Please see https://libvirt.org/hooks.html for documentation. @@ -153,7 +153,7 @@ let lxc = mkOption { type = types.attrsOf types.path; default = { }; - description = lib.mdDoc '' + description = '' Hooks that will be placed under /var/lib/libvirt/hooks/lxc.d/ and called for lxc domains begin/end events. Please see https://libvirt.org/hooks.html for documentation. @@ -163,7 +163,7 @@ let libxl = mkOption { type = types.attrsOf types.path; default = { }; - description = lib.mdDoc '' + description = '' Hooks that will be placed under /var/lib/libvirt/hooks/libxl.d/ and called for libxl-handled xen domains begin/end events. Please see https://libvirt.org/hooks.html for documentation. @@ -173,7 +173,7 @@ let network = mkOption { type = types.attrsOf types.path; default = { }; - description = lib.mdDoc '' + description = '' Hooks that will be placed under /var/lib/libvirt/hooks/lxc.d/ and called for networks begin/end events. Please see https://libvirt.org/hooks.html for documentation. @@ -187,7 +187,7 @@ let enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' This option enables the older libvirt NSS module. This method uses DHCP server records, therefore is dependent on the hostname provided by the guest. @@ -198,7 +198,7 @@ let enableGuest = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' This option enables the newer libvirt_guest NSS module. This module uses the libvirt guest name instead of the hostname of the guest. Please see https://libvirt.org/nss.html for more information. @@ -239,7 +239,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' This option enables libvirtd, a daemon that manages virtual machines. Users in the "libvirtd" group can interact with the daemon (e.g. to start or stop VMs) using the @@ -252,7 +252,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra contents appended to the libvirtd configuration file, libvirtd.conf. ''; @@ -262,7 +262,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "--verbose" ]; - description = lib.mdDoc '' + description = '' Extra command line arguments passed to libvirtd on startup. ''; }; @@ -270,7 +270,7 @@ in onBoot = mkOption { type = types.enum [ "start" "ignore" ]; default = "start"; - description = lib.mdDoc '' + description = '' Specifies the action to be done to / on the guests when the host boots. The "start" option starts all guests that were running prior to shutdown regardless of their autostart settings. The "ignore" option will not @@ -282,7 +282,7 @@ in onShutdown = mkOption { type = types.enum [ "shutdown" "suspend" ]; default = "suspend"; - description = lib.mdDoc '' + description = '' When shutting down / restarting the host what method should be used to gracefully halt the guests. Setting to "shutdown" will cause an ACPI shutdown of each guest. "suspend" will @@ -293,7 +293,7 @@ in parallelShutdown = mkOption { type = types.ints.unsigned; default = 0; - description = lib.mdDoc '' + description = '' Number of guests that will be shutdown concurrently, taking effect when onShutdown is set to "shutdown". If set to 0, guests will be shutdown one after another. Number of guests on shutdown at any time will not exceed number set in this @@ -304,7 +304,7 @@ in allowedBridges = mkOption { type = types.listOf types.str; default = [ "virbr0" ]; - description = lib.mdDoc '' + description = '' List of bridge devices that can be used by qemu:///session ''; }; @@ -312,7 +312,7 @@ in qemu = mkOption { type = qemuModule; default = { }; - description = lib.mdDoc '' + description = '' QEMU related options. ''; }; @@ -320,7 +320,7 @@ in hooks = mkOption { type = hooksModule; default = { }; - description = lib.mdDoc '' + description = '' Hooks related options. ''; }; @@ -328,7 +328,7 @@ in nss = mkOption { type = nssModule; default = { }; - description = lib.mdDoc '' + description = '' libvirt NSS module options. ''; }; diff --git a/nixpkgs/nixos/modules/virtualisation/lxc.nix b/nixpkgs/nixos/modules/virtualisation/lxc.nix index 3febb4b4f248..1ef322588a68 100644 --- a/nixpkgs/nixos/modules/virtualisation/lxc.nix +++ b/nixpkgs/nixos/modules/virtualisation/lxc.nix @@ -16,8 +16,7 @@ in lib.mkOption { type = lib.types.bool; default = false; - description = - lib.mdDoc '' + description = '' This enables Linux Containers (LXC), which provides tools for creating and managing system or application containers on Linux. @@ -28,19 +27,18 @@ in lib.mkOption { type = lib.types.lines; default = ""; - description = - lib.mdDoc '' + description = '' This is the system-wide LXC config. See {manpage}`lxc.system.conf(5)`. ''; }; + package = lib.mkPackageOption pkgs "lxc" { }; defaultConfig = lib.mkOption { type = lib.types.lines; default = ""; - description = - lib.mdDoc '' + description = '' Default config (default.conf) for new containers, i.e. for network config. See {manpage}`lxc.container.conf(5)`. ''; @@ -50,8 +48,7 @@ in lib.mkOption { type = lib.types.lines; default = ""; - description = - lib.mdDoc '' + description = '' This is the config file for managing unprivileged user network administration access in LXC. See {manpage}`lxc-usernet(5)`. ''; @@ -61,19 +58,19 @@ in ###### implementation config = lib.mkIf cfg.enable { - environment.systemPackages = [ pkgs.lxc ]; + environment.systemPackages = [ cfg.package ]; environment.etc."lxc/lxc.conf".text = cfg.systemConfig; environment.etc."lxc/lxc-usernet".text = cfg.usernetConfig; environment.etc."lxc/default.conf".text = cfg.defaultConfig; systemd.tmpfiles.rules = [ "d /var/lib/lxc/rootfs 0755 root root -" ]; - security.apparmor.packages = [ pkgs.lxc ]; + security.apparmor.packages = [ cfg.package ]; security.apparmor.policies = { "bin.lxc-start".profile = '' - include ${pkgs.lxc}/etc/apparmor.d/usr.bin.lxc-start + include ${cfg.package}/etc/apparmor.d/usr.bin.lxc-start ''; "lxc-containers".profile = '' - include ${pkgs.lxc}/etc/apparmor.d/lxc-containers + include ${cfg.package}/etc/apparmor.d/lxc-containers ''; }; }; diff --git a/nixpkgs/nixos/modules/virtualisation/lxcfs.nix b/nixpkgs/nixos/modules/virtualisation/lxcfs.nix index b2eaec774a65..6cefeb7a8d60 100644 --- a/nixpkgs/nixos/modules/virtualisation/lxcfs.nix +++ b/nixpkgs/nixos/modules/virtualisation/lxcfs.nix @@ -15,7 +15,7 @@ in { lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' This enables LXCFS, a FUSE filesystem for LXC. To use lxcfs in include the following configuration in your container configuration: diff --git a/nixpkgs/nixos/modules/virtualisation/lxd-agent.nix b/nixpkgs/nixos/modules/virtualisation/lxd-agent.nix index 8a2a1530eeb7..8d536e18a34e 100644 --- a/nixpkgs/nixos/modules/virtualisation/lxd-agent.nix +++ b/nixpkgs/nixos/modules/virtualisation/lxd-agent.nix @@ -50,7 +50,7 @@ in { }; options = { - virtualisation.lxd.agent.enable = lib.mkEnableOption (lib.mdDoc "Enable LXD agent"); + virtualisation.lxd.agent.enable = lib.mkEnableOption "Enable LXD agent"; }; config = lib.mkIf cfg.enable { diff --git a/nixpkgs/nixos/modules/virtualisation/lxd-virtual-machine.nix b/nixpkgs/nixos/modules/virtualisation/lxd-virtual-machine.nix index 92434cb9babf..2768e7c25966 100644 --- a/nixpkgs/nixos/modules/virtualisation/lxd-virtual-machine.nix +++ b/nixpkgs/nixos/modules/virtualisation/lxd-virtual-machine.nix @@ -45,6 +45,10 @@ in { boot.kernelParams = ["console=tty1" "console=${serialDevice}"]; + services.udev.extraRules = '' + SUBSYSTEM=="cpu", CONST{arch}=="x86-64", TEST=="online", ATTR{online}=="0", ATTR{online}="1" + ''; + virtualisation.lxd.agent.enable = lib.mkDefault true; }; } diff --git a/nixpkgs/nixos/modules/virtualisation/lxd.nix b/nixpkgs/nixos/modules/virtualisation/lxd.nix index e0d61b175494..4c94b3dfe946 100644 --- a/nixpkgs/nixos/modules/virtualisation/lxd.nix +++ b/nixpkgs/nixos/modules/virtualisation/lxd.nix @@ -19,7 +19,7 @@ in { enable = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' This option enables lxd, a daemon that manages containers. Users in the "lxd" group can interact with the daemon (e.g. to start or stop containers) using the @@ -33,19 +33,20 @@ in { ''; }; - package = lib.mkPackageOption pkgs "lxd" { }; + package = lib.mkPackageOption pkgs "lxd-lts" { }; - lxcPackage = lib.mkPackageOption pkgs "lxc" { - extraDescription = '' - Required for AppArmor profiles. - ''; + lxcPackage = lib.mkOption { + type = lib.types.package; + default = config.virtualisation.lxc.package; + defaultText = lib.literalExpression "config.virtualisation.lxc.package"; + description = "The lxc package to use."; }; zfsSupport = lib.mkOption { type = lib.types.bool; default = config.boot.zfs.enabled; defaultText = lib.literalExpression "config.boot.zfs.enabled"; - description = lib.mdDoc '' + description = '' Enables lxd to use zfs as a storage for containers. This option is enabled by default if a zfs pool is configured @@ -56,7 +57,7 @@ in { recommendedSysctlSettings = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Enables various settings to avoid common pitfalls when running containers requiring many file operations. Fixes errors like "Too many open files" or @@ -73,7 +74,7 @@ in { default = null; - description = lib.mdDoc '' + description = '' Configuration for LXD preseed, see <https://documentation.ubuntu.com/lxd/en/latest/howto/initialize/#initialize-preseed> for supported values. @@ -129,7 +130,7 @@ in { type = lib.types.int; default = 600; apply = toString; - description = lib.mdDoc '' + description = '' Time to wait (in seconds) for LXD to become ready to process requests. If LXD does not reply within the configured time, lxd.service will be considered failed and systemd will attempt to restart it. @@ -137,9 +138,9 @@ in { }; ui = { - enable = lib.mkEnableOption (lib.mdDoc "(experimental) LXD UI"); + enable = lib.mkEnableOption "(experimental) LXD UI"; - package = lib.mkPackageOption pkgs [ "lxd-unwrapped" "ui" ] { }; + package = lib.mkPackageOption pkgs [ "lxd-ui" ] { }; }; }; }; diff --git a/nixpkgs/nixos/modules/virtualisation/multipass.nix b/nixpkgs/nixos/modules/virtualisation/multipass.nix index 5aae48e21386..7918a716a870 100644 --- a/nixpkgs/nixos/modules/virtualisation/multipass.nix +++ b/nixpkgs/nixos/modules/virtualisation/multipass.nix @@ -10,14 +10,14 @@ in { options = { virtualisation.multipass = { - enable = lib.mkEnableOption (lib.mdDoc '' + enable = lib.mkEnableOption '' Multipass, a simple manager for virtualised Ubuntu instances. - ''); + ''; logLevel = lib.mkOption { type = lib.types.enum [ "error" "warning" "info" "debug" "trace" ]; default = "debug"; - description = lib.mdDoc '' + description = '' The logging verbosity of the multipassd binary. ''; }; diff --git a/nixpkgs/nixos/modules/virtualisation/nixos-containers.nix b/nixpkgs/nixos/modules/virtualisation/nixos-containers.nix index 5db3a336f85d..8892f2f15464 100644 --- a/nixpkgs/nixos/modules/virtualisation/nixos-containers.nix +++ b/nixpkgs/nixos/modules/virtualisation/nixos-containers.nix @@ -298,18 +298,18 @@ let mountPoint = mkOption { example = "/mnt/usb"; type = types.str; - description = lib.mdDoc "Mount point on the container file system."; + description = "Mount point on the container file system."; }; hostPath = mkOption { default = null; example = "/home/alice"; type = types.nullOr types.str; - description = lib.mdDoc "Location of the host path to be mounted."; + description = "Location of the host path to be mounted."; }; isReadOnly = mkOption { default = true; type = types.bool; - description = lib.mdDoc "Determine whether the mounted path will be accessed in read-only mode."; + description = "Determine whether the mounted path will be accessed in read-only mode."; }; }; @@ -324,12 +324,12 @@ let node = mkOption { example = "/dev/net/tun"; type = types.str; - description = lib.mdDoc "Path to device node"; + description = "Path to device node"; }; modifier = mkOption { example = "rw"; type = types.str; - description = lib.mdDoc '' + description = '' Device node access modifier. Takes a combination `r` (read), `w` (write), and `m` (mknod). See the @@ -351,7 +351,7 @@ let type = types.nullOr types.str; default = null; example = "br0"; - description = lib.mdDoc '' + description = '' Put the host-side of the veth-pair into the named bridge. Only one of hostAddress* or hostBridge can be given. ''; @@ -363,22 +363,22 @@ let protocol = mkOption { type = types.str; default = "tcp"; - description = lib.mdDoc "The protocol specifier for port forwarding between host and container"; + description = "The protocol specifier for port forwarding between host and container"; }; hostPort = mkOption { type = types.int; - description = lib.mdDoc "Source port of the external interface on host"; + description = "Source port of the external interface on host"; }; containerPort = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc "Target port of container"; + description = "Target port of container"; }; }; }); default = []; example = [ { protocol = "tcp"; hostPort = 8080; containerPort = 80; } ]; - description = lib.mdDoc '' + description = '' List of forwarded ports from host to container. Each forwarded port is specified by protocol, hostPort and containerPort. By default, protocol is tcp and hostPort and containerPort are assumed to be @@ -391,7 +391,7 @@ let type = types.nullOr types.str; default = null; example = "10.231.136.1"; - description = lib.mdDoc '' + description = '' The IPv4 address assigned to the host interface. (Not used when hostBridge is set.) ''; @@ -401,7 +401,7 @@ let type = types.nullOr types.str; default = null; example = "fc00::1"; - description = lib.mdDoc '' + description = '' The IPv6 address assigned to the host interface. (Not used when hostBridge is set.) ''; @@ -411,7 +411,7 @@ let type = types.nullOr types.str; default = null; example = "10.231.136.2"; - description = lib.mdDoc '' + description = '' The IPv4 address assigned to the interface in the container. If a hostBridge is used, this should be given with netmask to access the whole network. Otherwise the default netmask is /32 and routing is @@ -423,7 +423,7 @@ let type = types.nullOr types.str; default = null; example = "fc00::2"; - description = lib.mdDoc '' + description = '' The IPv6 address assigned to the interface in the container. If a hostBridge is used, this should be given with netmask to access the whole network. Otherwise the default netmask is /128 and routing is @@ -455,7 +455,7 @@ in boot.isContainer = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether this NixOS machine is a lightweight container running in another NixOS system. ''; @@ -464,7 +464,7 @@ in boot.enableContainers = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable support for NixOS containers. Defaults to true (at no cost if containers are not actually used). ''; @@ -476,7 +476,7 @@ in { options = { config = mkOption { - description = lib.mdDoc '' + description = '' A specification of the desired configuration of this container, as a NixOS module. ''; @@ -532,7 +532,7 @@ in path = mkOption { type = types.path; example = "/nix/var/nix/profiles/per-container/webserver"; - description = lib.mdDoc '' + description = '' As an alternative to specifying {option}`config`, you can specify the path to the evaluated NixOS system configuration, typically a @@ -544,7 +544,7 @@ in type = types.listOf types.str; default = []; example = [ "CAP_NET_ADMIN" "CAP_MKNOD" ]; - description = lib.mdDoc '' + description = '' Grant additional capabilities to the container. See the capabilities(7) and systemd-nspawn(1) man pages for more information. @@ -555,7 +555,7 @@ in type = types.path; default = pkgs.path; defaultText = literalExpression "pkgs.path"; - description = lib.mdDoc '' + description = '' A path to the nixpkgs that provide the modules, pkgs and lib for evaluating the container. To only change the `pkgs` argument used inside the container modules, @@ -569,7 +569,7 @@ in specialArgs = mkOption { type = types.attrsOf types.unspecified; default = {}; - description = lib.mdDoc '' + description = '' A set of special arguments to be passed to NixOS modules. This will be merged into the `specialArgs` used to evaluate the NixOS configurations. @@ -579,7 +579,7 @@ in ephemeral = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Runs container in ephemeral mode with the empty root filesystem at boot. This way container will be bootstrapped from scratch on each boot and will be cleaned up on shutdown leaving no traces behind. @@ -598,7 +598,7 @@ in enableTun = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Allows the container to create and setup tunnel interfaces by granting the `NET_ADMIN` capability and enabling access to `/dev/net/tun`. @@ -608,7 +608,7 @@ in privateNetwork = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to give the container its own private virtual Ethernet interface. The interface is called `eth0`, and is hooked up to the interface @@ -623,7 +623,7 @@ in type = types.listOf types.str; default = []; example = [ "eth1" "eth2" ]; - description = lib.mdDoc '' + description = '' The list of interfaces to be moved into the container. ''; }; @@ -632,7 +632,7 @@ in type = types.listOf types.str; default = []; example = [ "eth1" "eth2" ]; - description = lib.mdDoc '' + description = '' The list of host interfaces from which macvlans will be created. For each interface specified, a macvlan interface will be created and moved to the container. @@ -642,7 +642,7 @@ in extraVeths = mkOption { type = with types; attrsOf (submodule { options = networkOptions; }); default = {}; - description = lib.mdDoc '' + description = '' Extra veth-pairs to be created for the container. ''; }; @@ -650,7 +650,7 @@ in autoStart = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether the container is automatically started at boot-time. ''; }; @@ -658,7 +658,7 @@ in restartIfChanged = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether the container should be restarted during a NixOS configuration switch if its definition has changed. ''; @@ -667,7 +667,7 @@ in timeoutStartSec = mkOption { type = types.str; default = "1min"; - description = lib.mdDoc '' + description = '' Time for the container to start. In case of a timeout, the container processes get killed. See {manpage}`systemd.time(7)` @@ -684,8 +684,7 @@ in } ''; - description = - lib.mdDoc '' + description = '' An extra list of directories that is bound to the container. ''; }; @@ -694,7 +693,7 @@ in type = with types; listOf (submodule allowedDeviceOpts); default = []; example = [ { node = "/dev/net/tun"; modifier = "rw"; } ]; - description = lib.mdDoc '' + description = '' A list of device nodes to which the containers has access to. ''; }; @@ -703,7 +702,7 @@ in type = types.listOf types.str; default = []; example = [ "/var" ]; - description = lib.mdDoc '' + description = '' Mounts a set of tmpfs file systems into the container. Multiple paths can be specified. Valid items must conform to the --tmpfs argument @@ -715,7 +714,7 @@ in type = types.listOf types.str; default = []; example = [ "--drop-capability=CAP_SYS_CHROOT" ]; - description = lib.mdDoc '' + description = '' Extra flags passed to the systemd-nspawn command. See systemd-nspawn(1) for details. ''; @@ -765,7 +764,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' A set of NixOS system configurations to be run as lightweight containers. Each container appears as a service `container-«name»` @@ -834,7 +833,10 @@ in script = startScript containerConfig; postStart = postStartScript containerConfig; serviceConfig = serviceDirectives containerConfig; - unitConfig.RequiresMountsFor = lib.optional (!containerConfig.ephemeral) "${stateDirectory}/%i"; + unitConfig.RequiresMountsFor = lib.optional (!containerConfig.ephemeral) "${stateDirectory}/%i" + ++ builtins.map + (d: if d.hostPath != null then d.hostPath else d.mountPoint) + (builtins.attrValues cfg.bindMounts); environment.root = if containerConfig.ephemeral then "/run/nixos-containers/%i" else "${stateDirectory}/%i"; } // ( optionalAttrs containerConfig.autoStart diff --git a/nixpkgs/nixos/modules/virtualisation/oci-containers.nix b/nixpkgs/nixos/modules/virtualisation/oci-containers.nix index 5bffb3f04716..4308d410c69c 100644 --- a/nixpkgs/nixos/modules/virtualisation/oci-containers.nix +++ b/nixpkgs/nixos/modules/virtualisation/oci-containers.nix @@ -14,14 +14,14 @@ let image = mkOption { type = with types; str; - description = lib.mdDoc "OCI image to run."; + description = "OCI image to run."; example = "library/hello-world"; }; imageFile = mkOption { type = with types; nullOr package; default = null; - description = lib.mdDoc '' + description = '' Path to an image file to load before running the image. This can be used to bypass pulling the image from the registry. @@ -38,20 +38,20 @@ let username = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc "Username for login."; + description = "Username for login."; }; passwordFile = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc "Path to file containing password."; + description = "Path to file containing password."; example = "/etc/nixos/dockerhub-password.txt"; }; registry = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc "Registry where to login to."; + description = "Registry where to login to."; example = "https://docker.pkg.github.com"; }; @@ -60,7 +60,7 @@ let cmd = mkOption { type = with types; listOf str; default = []; - description = lib.mdDoc "Commandline arguments to pass to the image's entrypoint."; + description = "Commandline arguments to pass to the image's entrypoint."; example = literalExpression '' ["--port=9000"] ''; @@ -69,7 +69,7 @@ let labels = mkOption { type = with types; attrsOf str; default = {}; - description = lib.mdDoc "Labels to attach to the container at runtime."; + description = "Labels to attach to the container at runtime."; example = literalExpression '' { "traefik.https.routers.example.rule" = "Host(`example.container`)"; @@ -79,7 +79,7 @@ let entrypoint = mkOption { type = with types; nullOr str; - description = lib.mdDoc "Override the default entrypoint of the image."; + description = "Override the default entrypoint of the image."; default = null; example = "/bin/my-app"; }; @@ -87,7 +87,7 @@ let environment = mkOption { type = with types; attrsOf str; default = {}; - description = lib.mdDoc "Environment variables to set for this container."; + description = "Environment variables to set for this container."; example = literalExpression '' { DATABASE_HOST = "db.example.com"; @@ -99,7 +99,7 @@ let environmentFiles = mkOption { type = with types; listOf path; default = []; - description = lib.mdDoc "Environment files for this container."; + description = "Environment files for this container."; example = literalExpression '' [ /path/to/.env @@ -111,7 +111,7 @@ let log-driver = mkOption { type = types.str; default = "journald"; - description = lib.mdDoc '' + description = '' Logging driver for the container. The default of `"journald"` means that the container's logs will be handled as part of the systemd unit. @@ -129,7 +129,7 @@ let ports = mkOption { type = with types; listOf str; default = []; - description = lib.mdDoc '' + description = '' Network ports to publish from the container to the outer host. Valid formats: @@ -161,7 +161,7 @@ let user = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Override the username or UID (and optionally groupname or GID) used in the container. ''; @@ -171,7 +171,7 @@ let volumes = mkOption { type = with types; listOf str; default = []; - description = lib.mdDoc '' + description = '' List of volumes to attach to this container. Note that this is a list of `"src:dst"` strings to @@ -192,14 +192,14 @@ let workdir = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc "Override the default working directory for the container."; + description = "Override the default working directory for the container."; example = "/var/lib/hello_world"; }; dependsOn = mkOption { type = with types; listOf str; default = []; - description = lib.mdDoc '' + description = '' Define which other containers this one depends on. They will be added to both After and Requires for the unit. Use the same name as the attribute under `virtualisation.oci-containers.containers`. @@ -217,14 +217,14 @@ let hostname = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc "The hostname of the container."; + description = "The hostname of the container."; example = "hello-world"; }; extraOptions = mkOption { type = with types; listOf str; default = []; - description = lib.mdDoc "Extra options for {command}`${defaultBackend} run`."; + description = "Extra options for {command}`${defaultBackend} run`."; example = literalExpression '' ["--network=host"] ''; @@ -233,7 +233,7 @@ let autoStart = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' When enabled, the container is automatically started on boot. If this option is set to false, the container has to be started on-demand via its service. ''; @@ -365,13 +365,13 @@ in { backend = mkOption { type = types.enum [ "podman" "docker" ]; default = if versionAtLeast config.system.stateVersion "22.05" then "podman" else "docker"; - description = lib.mdDoc "The underlying Docker implementation to use."; + description = "The underlying Docker implementation to use."; }; containers = mkOption { default = {}; type = types.attrsOf (types.submodule containerOptions); - description = lib.mdDoc "OCI (Docker) containers to run as systemd services."; + description = "OCI (Docker) containers to run as systemd services."; }; }; diff --git a/nixpkgs/nixos/modules/virtualisation/openstack-options.nix b/nixpkgs/nixos/modules/virtualisation/openstack-options.nix index 52f45de92ecb..a06a113e252e 100644 --- a/nixpkgs/nixos/modules/virtualisation/openstack-options.nix +++ b/nixpkgs/nixos/modules/virtualisation/openstack-options.nix @@ -9,13 +9,13 @@ in enable = lib.mkOption { default = false; internal = true; - description = lib.mdDoc '' + description = '' Whether the OpenStack instance uses a ZFS root. ''; }; datasets = lib.mkOption { - description = lib.mdDoc '' + description = '' Datasets to create under the `tank` and `boot` zpools. **NOTE:** This option is used only at image creation time, and @@ -28,13 +28,13 @@ in type = types.attrsOf (types.submodule { options = { mount = lib.mkOption { - description = lib.mdDoc "Where to mount this dataset."; + description = "Where to mount this dataset."; type = types.nullOr types.str; default = null; }; properties = lib.mkOption { - description = lib.mdDoc "Properties to set on this dataset."; + description = "Properties to set on this dataset."; type = types.attrsOf types.str; default = { }; }; @@ -47,7 +47,7 @@ in default = pkgs.stdenv.hostPlatform.isAarch64; defaultText = literalExpression "pkgs.stdenv.hostPlatform.isAarch64"; internal = true; - description = lib.mdDoc '' + description = '' Whether the instance is using EFI. ''; }; diff --git a/nixpkgs/nixos/modules/virtualisation/openvswitch.nix b/nixpkgs/nixos/modules/virtualisation/openvswitch.nix index a968c732f8f7..e0cedce09139 100644 --- a/nixpkgs/nixos/modules/virtualisation/openvswitch.nix +++ b/nixpkgs/nixos/modules/virtualisation/openvswitch.nix @@ -13,7 +13,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable Open vSwitch. A configuration daemon (ovs-server) will be started. ''; @@ -22,7 +22,7 @@ in { resetOnStart = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to reset the Open vSwitch configuration database to a default configuration on every start of the systemd `ovsdb.service`. ''; diff --git a/nixpkgs/nixos/modules/virtualisation/parallels-guest.nix b/nixpkgs/nixos/modules/virtualisation/parallels-guest.nix index dba8ce02b724..b92d30dcc0e2 100644 --- a/nixpkgs/nixos/modules/virtualisation/parallels-guest.nix +++ b/nixpkgs/nixos/modules/virtualisation/parallels-guest.nix @@ -14,7 +14,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' This enables Parallels Tools for Linux guests, along with provided video, mouse and other hardware drivers. ''; @@ -23,7 +23,7 @@ in autoMountShares = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Control prlfsmountd service. When this service is running, shares can not be manually mounted through `mount -t prl_fs ...` as this service will remount and trample any set options. Recommended to enable for simple file sharing, but extended share use such as for code should @@ -36,7 +36,7 @@ in default = config.boot.kernelPackages.prl-tools; defaultText = "config.boot.kernelPackages.prl-tools"; example = literalExpression "config.boot.kernelPackages.prl-tools"; - description = lib.mdDoc '' + description = '' Defines which package to use for prl-tools. Override to change the version. ''; }; diff --git a/nixpkgs/nixos/modules/virtualisation/podman/default.nix b/nixpkgs/nixos/modules/virtualisation/podman/default.nix index a97739054216..deb0b4d2c5bd 100644 --- a/nixpkgs/nixos/modules/virtualisation/podman/default.nix +++ b/nixpkgs/nixos/modules/virtualisation/podman/default.nix @@ -48,7 +48,7 @@ in mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' This option enables Podman, a daemonless container engine for developing, managing, and running OCI Containers on your Linux System. @@ -59,7 +59,7 @@ in dockerSocket.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Make the Podman socket available in place of the Docker socket, so Docker tools can find the Podman socket. @@ -73,7 +73,7 @@ in dockerCompat = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Create an alias mapping {command}`docker` to {command}`podman`. ''; }; @@ -81,7 +81,7 @@ in enableNvidia = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' **Deprecated**, please use virtualisation.containers.cdi.dynamic.nvidia.enable instead. Enable use of NVidia GPUs from within podman containers. @@ -96,7 +96,7 @@ in pkgs.gvisor ] ''; - description = lib.mdDoc '' + description = '' Extra packages to be installed in the Podman wrapper. ''; }; @@ -105,7 +105,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to periodically prune Podman resources. If enabled, a systemd timer will run `podman system prune -f` as specified by the `dates` option. @@ -116,7 +116,7 @@ in type = types.listOf types.str; default = []; example = [ "--all" ]; - description = lib.mdDoc '' + description = '' Any additional flags passed to {command}`podman system prune`. ''; }; @@ -124,7 +124,7 @@ in dates = mkOption { default = "weekly"; type = types.str; - description = lib.mdDoc '' + description = '' Specification (in the format described by {manpage}`systemd.time(7)`) of the time at which the prune will occur. @@ -136,7 +136,7 @@ in type = types.package; default = podmanPackage; internal = true; - description = lib.mdDoc '' + description = '' The final Podman package (including extra packages). ''; }; @@ -145,7 +145,7 @@ in type = json.type; default = { }; example = lib.literalExpression "{ dns_enabled = true; }"; - description = lib.mdDoc '' + description = '' Settings for podman's default network. ''; }; @@ -219,6 +219,11 @@ in systemd.services.podman.environment = config.networking.proxy.envVars; systemd.sockets.podman.wantedBy = [ "sockets.target" ]; systemd.sockets.podman.socketConfig.SocketGroup = "podman"; + # Podman does not support multiple sockets, as of podman 5.0.2, so we use + # a symlink. Unfortunately this does not let us use an alternate group, + # such as `docker`. + systemd.sockets.podman.socketConfig.Symlinks = + lib.mkIf cfg.dockerSocket.enable [ "/run/docker.sock" ]; systemd.user.services.podman.environment = config.networking.proxy.envVars; systemd.user.sockets.podman.wantedBy = [ "sockets.target" ]; @@ -239,11 +244,6 @@ in '') ]; - systemd.tmpfiles.rules = - lib.optionals cfg.dockerSocket.enable [ - "L! /run/docker.sock - - - - /run/podman/podman.sock" - ]; - users.groups.podman = { }; assertions = [ diff --git a/nixpkgs/nixos/modules/virtualisation/podman/network-socket.nix b/nixpkgs/nixos/modules/virtualisation/podman/network-socket.nix index a10597175ab9..4a6f05e9a2f2 100644 --- a/nixpkgs/nixos/modules/virtualisation/podman/network-socket.nix +++ b/nixpkgs/nixos/modules/virtualisation/podman/network-socket.nix @@ -17,7 +17,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Make the Podman and Docker compatibility API available over the network with TLS client certificate authentication. @@ -32,7 +32,7 @@ in server = mkOption { type = types.enum [ ]; - description = lib.mdDoc '' + description = '' Choice of TLS proxy server. ''; example = "ghostunnel"; @@ -41,28 +41,28 @@ in openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to open the port in the firewall. ''; }; tls.cacert = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' Path to CA certificate to use for client authentication. ''; }; tls.cert = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' Path to certificate describing the server. ''; }; tls.key = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' Path to the private key corresponding to the server certificate. Use a string for this setting. Otherwise it will be copied to the Nix @@ -73,14 +73,14 @@ in port = mkOption { type = types.port; default = 2376; - description = lib.mdDoc '' + description = '' TCP port number for receiving TLS connections. ''; }; listenAddress = mkOption { type = types.str; default = "0.0.0.0"; - description = lib.mdDoc '' + description = '' Interface address for receiving TLS connections. ''; }; diff --git a/nixpkgs/nixos/modules/virtualisation/proxmox-image.nix b/nixpkgs/nixos/modules/virtualisation/proxmox-image.nix index 62778f2626f8..6349bcef99e6 100644 --- a/nixpkgs/nixos/modules/virtualisation/proxmox-image.nix +++ b/nixpkgs/nixos/modules/virtualisation/proxmox-image.nix @@ -10,7 +10,7 @@ with lib; type = types.str; default = ""; example = "order=scsi0;net0"; - description = lib.mdDoc '' + description = '' Default boot device. PVE will try all devices in its default order if this value is empty. ''; }; @@ -18,7 +18,7 @@ with lib; type = types.str; default = "virtio-scsi-pci"; example = "lsi"; - description = lib.mdDoc '' + description = '' SCSI controller type. Must be one of the supported values given in <https://pve.proxmox.com/wiki/Qemu/KVM_Virtual_Machines> ''; @@ -27,7 +27,7 @@ with lib; type = types.str; default = "local-lvm:vm-9999-disk-0"; example = "ceph:vm-123-disk-0"; - description = lib.mdDoc '' + description = '' Configuration for the default virtio disk. It can be used as a cue for PVE to autodetect the target storage. This parameter is required by PVE even if it isn't used. ''; @@ -35,21 +35,21 @@ with lib; ostype = mkOption { type = types.str; default = "l26"; - description = lib.mdDoc '' + description = '' Guest OS type ''; }; cores = mkOption { type = types.ints.positive; default = 1; - description = lib.mdDoc '' + description = '' Guest core count ''; }; memory = mkOption { type = types.ints.positive; default = 1024; - description = lib.mdDoc '' + description = '' Guest memory in MB ''; }; @@ -65,7 +65,7 @@ with lib; name = mkOption { type = types.str; default = "nixos-${config.system.nixos.label}"; - description = lib.mdDoc '' + description = '' VM name ''; }; @@ -73,7 +73,7 @@ with lib; type = types.str; default = "512M"; example = "2048M"; - description = lib.mdDoc '' + description = '' additional disk space to be added to the image if diskSize "auto" is used. ''; @@ -82,7 +82,7 @@ with lib; type = types.str; default = "256M"; example = "512M"; - description = lib.mdDoc '' + description = '' Size of the boot partition. Is only used if partitionTableType is either "efi" or "hybrid". ''; @@ -91,7 +91,7 @@ with lib; type = types.str; default = "auto"; example = "20480"; - description = lib.mdDoc '' + description = '' The size of the disk, in megabytes. if "auto" size is calculated based on the contents copied to it and additionalSpace is taken into account. @@ -100,7 +100,7 @@ with lib; net0 = mkOption { type = types.commas; default = "virtio=00:00:00:00:00:00,bridge=vmbr0,firewall=1"; - description = lib.mdDoc '' + description = '' Configuration for the default interface. When restoring from VMA, check the "unique" box to ensure device mac is randomized. ''; @@ -109,7 +109,7 @@ with lib; type = types.str; default = "socket"; example = "/dev/ttyS0"; - description = lib.mdDoc '' + description = '' Create a serial device inside the VM (n is 0 to 3), and pass through a host serial device (i.e. /dev/ttyS0), or create a unix socket on the host side (use qm terminal to open a terminal connection). ''; @@ -118,7 +118,7 @@ with lib; type = types.bool; apply = x: if x then "1" else "0"; default = true; - description = lib.mdDoc '' + description = '' Expect guest to have qemu agent running ''; }; @@ -132,7 +132,7 @@ with lib; onboot = 1; } ''; - description = lib.mdDoc '' + description = '' Additional options appended to qemu-server.conf ''; }; @@ -151,7 +151,7 @@ with lib; type = types.str; default = config.proxmox.qemuConf.name; example = "999-nixos_template"; - description = lib.mdDoc '' + description = '' Filename of the image will be vzdump-qemu-''${filenameSuffix}.vma.zstd. This will also determine the default name of the VM on restoring the VMA. Start this value with a number if you want the VMA to be detected as a backup of diff --git a/nixpkgs/nixos/modules/virtualisation/proxmox-lxc.nix b/nixpkgs/nixos/modules/virtualisation/proxmox-lxc.nix index 3d966d725a9a..9b9f99e5b817 100644 --- a/nixpkgs/nixos/modules/virtualisation/proxmox-lxc.nix +++ b/nixpkgs/nixos/modules/virtualisation/proxmox-lxc.nix @@ -7,14 +7,14 @@ with lib; privileged = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable privileged mounts ''; }; manageNetwork = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to manage network interfaces through nix options When false, systemd-networkd is enabled to accept network configuration from proxmox. @@ -23,7 +23,7 @@ with lib; manageHostName = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to manage hostname through nix options When false, the hostname is picked up from /etc/hostname populated by proxmox. diff --git a/nixpkgs/nixos/modules/virtualisation/qemu-guest-agent.nix b/nixpkgs/nixos/modules/virtualisation/qemu-guest-agent.nix index aeab0ceac3cc..fb65d327e7f2 100644 --- a/nixpkgs/nixos/modules/virtualisation/qemu-guest-agent.nix +++ b/nixpkgs/nixos/modules/virtualisation/qemu-guest-agent.nix @@ -10,7 +10,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the qemu guest agent."; + description = "Whether to enable the qemu guest agent."; }; package = mkPackageOption pkgs [ "qemu_kvm" "ga" ] { }; }; diff --git a/nixpkgs/nixos/modules/virtualisation/qemu-vm.nix b/nixpkgs/nixos/modules/virtualisation/qemu-vm.nix index b5a8b08eee70..c30f4577fdd8 100644 --- a/nixpkgs/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixpkgs/nixos/modules/virtualisation/qemu-vm.nix @@ -28,26 +28,25 @@ let file = mkOption { type = types.str; - description = lib.mdDoc "The file image used for this drive."; + description = "The file image used for this drive."; }; driveExtraOpts = mkOption { type = types.attrsOf types.str; default = {}; - description = lib.mdDoc "Extra options passed to drive flag."; + description = "Extra options passed to drive flag."; }; deviceExtraOpts = mkOption { type = types.attrsOf types.str; default = {}; - description = lib.mdDoc "Extra options passed to device flag."; + description = "Extra options passed to device flag."; }; name = mkOption { type = types.nullOr types.str; default = null; - description = - lib.mdDoc "A name for the drive. Must be unique in the drives list. Not passed to qemu."; + description = "A name for the drive. Must be unique in the drives list. Not passed to qemu."; }; }; @@ -186,7 +185,7 @@ let NIX_EFI_VARS=$(readlink -f "''${NIX_EFI_VARS:-${config.system.name}-efi-vars.fd}") # VM needs writable EFI vars if ! test -e "$NIX_EFI_VARS"; then - ${if cfg.useBootLoader then + ${if cfg.efi.keepVariables then # We still need the EFI var from the make-disk-image derivation # because our "switch-to-configuration" process might # write into it and we want to keep this data. @@ -250,7 +249,7 @@ let ${concatStringsSep " " config.virtualisation.qemu.networkingOptions} \ ${concatStringsSep " \\\n " (mapAttrsToList - (tag: share: "-virtfs local,path=${share.source},security_model=none,mount_tag=${tag}") + (tag: share: "-virtfs local,path=${share.source},security_model=${share.securityModel},mount_tag=${tag}") config.virtualisation.sharedDirectories)} \ ${drivesCmdLine config.virtualisation.qemu.drives} \ ${concatStringsSep " \\\n " config.virtualisation.qemu.options} \ @@ -333,8 +332,7 @@ in mkOption { type = types.ints.positive; default = 1024; - description = - lib.mdDoc '' + description = '' The memory size in megabytes of the virtual machine. ''; }; @@ -343,8 +341,7 @@ in mkOption { type = types.ints.positive; default = 16384; - description = - lib.mdDoc '' + description = '' The msize (maximum packet size) option passed to 9p file systems, in bytes. Increasing this should increase performance significantly, at the cost of higher RAM usage. @@ -355,8 +352,7 @@ in mkOption { type = types.nullOr types.ints.positive; default = 1024; - description = - lib.mdDoc '' + description = '' The disk size in megabytes of the virtual machine. ''; }; @@ -366,8 +362,7 @@ in type = types.nullOr types.str; default = "./${config.system.name}.qcow2"; defaultText = literalExpression ''"./''${config.system.name}.qcow2"''; - description = - lib.mdDoc '' + description = '' Path to the disk image containing the root filesystem. The image will be created on startup if it does not exist. @@ -383,8 +378,7 @@ in default = "/dev/disk/by-id/virtio-${rootDriveSerialAttr}"; defaultText = literalExpression ''/dev/disk/by-id/virtio-${rootDriveSerialAttr}''; example = "/dev/disk/by-id/virtio-boot-loader-device"; - description = - lib.mdDoc '' + description = '' The path (inside th VM) to the device to boot from when legacy booting. ''; }; @@ -395,8 +389,7 @@ in default = if cfg.useEFIBoot then "/dev/disk/by-label/${espFilesystemLabel}" else null; defaultText = literalExpression ''if cfg.useEFIBoot then "/dev/disk/by-label/${espFilesystemLabel}" else null''; example = "/dev/disk/by-label/esp"; - description = - lib.mdDoc '' + description = '' The path (inside the VM) to the device containing the EFI System Partition (ESP). If you are *not* booting from a UEFI firmware, this value is, by @@ -410,8 +403,7 @@ in default = "/dev/disk/by-label/${rootFilesystemLabel}"; defaultText = literalExpression ''/dev/disk/by-label/${rootFilesystemLabel}''; example = "/dev/disk/by-label/nixos"; - description = - lib.mdDoc '' + description = '' The path (inside the VM) to the device containing the root filesystem. ''; }; @@ -420,8 +412,7 @@ in mkOption { type = types.listOf types.ints.positive; default = []; - description = - lib.mdDoc '' + description = '' Additional disk images to provide to the VM. The value is a list of size in megabytes of each disk. These disks are writeable by the VM. @@ -432,8 +423,7 @@ in mkOption { type = types.bool; default = true; - description = - lib.mdDoc '' + description = '' Whether to run QEMU with a graphics window, or in nographic mode. Serial console will be enabled on both settings, but this will change the preferred console. @@ -444,8 +434,7 @@ in mkOption { type = options.services.xserver.resolutions.type.nestedTypes.elemType; default = { x = 1024; y = 768; }; - description = - lib.mdDoc '' + description = '' The resolution of the virtual machine display. ''; }; @@ -454,8 +443,7 @@ in mkOption { type = types.ints.positive; default = 1; - description = - lib.mdDoc '' + description = '' Specify the number of cores the guest is permitted to use. The number can be higher than the available cores on the host system. @@ -468,19 +456,30 @@ in (types.submodule { options.source = mkOption { type = types.str; - description = lib.mdDoc "The path of the directory to share, can be a shell variable"; + description = "The path of the directory to share, can be a shell variable"; }; options.target = mkOption { type = types.path; - description = lib.mdDoc "The mount point of the directory inside the virtual machine"; + description = "The mount point of the directory inside the virtual machine"; + }; + options.securityModel = mkOption { + type = types.enum [ "passthrough" "mapped-xattr" "mapped-file" "none" ]; + default = "mapped-xattr"; + description = '' + The security model to use for this share: + + - `passthrough`: files are stored using the same credentials as they are created on the guest (this requires QEMU to run as root) + - `mapped-xattr`: some of the file attributes like uid, gid, mode bits and link target are stored as file attributes + - `mapped-file`: the attributes are stored in the hidden .virtfs_metadata directory. Directories exported by this security model cannot interact with other unix tools + - `none`: same as "passthrough" except the sever won't report failures if it fails to set file attributes like ownership + ''; }; }); default = { }; example = { my-share = { source = "/path/to/be/shared"; target = "/mnt/shared"; }; }; - description = - lib.mdDoc '' + description = '' An attributes set of directories that will be shared with the virtual machine using VirtFS (9P filesystem over VirtIO). The attribute name will be used as the 9P mount tag. @@ -491,8 +490,7 @@ in mkOption { type = types.listOf types.path; default = []; - description = - lib.mdDoc '' + description = '' A list of paths whose closure should be made available to the VM. @@ -513,8 +511,7 @@ in options.from = mkOption { type = types.enum [ "host" "guest" ]; default = "host"; - description = - lib.mdDoc '' + description = '' Controls the direction in which the ports are mapped: - `"host"` means traffic from the host ports @@ -526,25 +523,25 @@ in options.proto = mkOption { type = types.enum [ "tcp" "udp" ]; default = "tcp"; - description = lib.mdDoc "The protocol to forward."; + description = "The protocol to forward."; }; options.host.address = mkOption { type = types.str; default = ""; - description = lib.mdDoc "The IPv4 address of the host."; + description = "The IPv4 address of the host."; }; options.host.port = mkOption { type = types.port; - description = lib.mdDoc "The host port to be mapped."; + description = "The host port to be mapped."; }; options.guest.address = mkOption { type = types.str; default = ""; - description = lib.mdDoc "The IPv4 address on the guest VLAN."; + description = "The IPv4 address on the guest VLAN."; }; options.guest.port = mkOption { type = types.port; - description = lib.mdDoc "The guest port to be mapped."; + description = "The guest port to be mapped."; }; }); default = []; @@ -560,8 +557,7 @@ in } ] ''; - description = - lib.mdDoc '' + description = '' When using the SLiRP user networking (default), this option allows to forward ports to/from the host/guest. @@ -582,8 +578,7 @@ in type = types.bool; default = false; example = true; - description = - lib.mdDoc '' + description = '' If this option is enabled, the guest will be isolated, i.e. it will not be able to contact the host and no guest IP packets will be routed over the host to the outside. This option does not affect @@ -597,8 +592,7 @@ in default = if config.virtualisation.interfaces == {} then [ 1 ] else [ ]; defaultText = lib.literalExpression ''if config.virtualisation.interfaces == {} then [ 1 ] else [ ]''; example = [ 1 2 ]; - description = - lib.mdDoc '' + description = '' Virtual networks to which the VM is connected. Each number «N» in this list causes the VM to have a virtual Ethernet interface attached to a @@ -615,14 +609,14 @@ in example = { enp1s0.vlan = 1; }; - description = lib.mdDoc '' + description = '' Network interfaces to add to the VM. ''; type = with types; attrsOf (submodule { options = { vlan = mkOption { type = types.ints.unsigned; - description = lib.mdDoc '' + description = '' VLAN to which the network interface is connected. ''; }; @@ -630,7 +624,7 @@ in assignIP = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Automatically assign an IP address to the network interface using the same scheme as virtualisation.vlans. ''; @@ -644,8 +638,7 @@ in type = types.bool; default = cfg.mountHostNixStore; defaultText = literalExpression "cfg.mountHostNixStore"; - description = - lib.mdDoc '' + description = '' If enabled, the Nix store in the VM is made writable by layering an overlay filesystem on top of the host's Nix store. @@ -658,8 +651,7 @@ in mkOption { type = types.bool; default = true; - description = - lib.mdDoc '' + description = '' Use a tmpfs for the writable store instead of writing to the VM's own filesystem. ''; @@ -670,7 +662,7 @@ in type = types.str; default = ""; internal = true; - description = lib.mdDoc "Primary IP address used in /etc/hosts."; + description = "Primary IP address used in /etc/hosts."; }; virtualisation.host.pkgs = mkOption { @@ -680,7 +672,7 @@ in example = literalExpression '' import pkgs.path { system = "x86_64-darwin"; } ''; - description = lib.mdDoc '' + description = '' Package set to use for the host-specific packages of the VM runner. Changing this to e.g. a Darwin package set allows running NixOS VMs on Darwin. ''; @@ -693,7 +685,7 @@ in default = if hostPkgs.stdenv.hostPlatform.qemuArch == pkgs.stdenv.hostPlatform.qemuArch then hostPkgs.qemu_kvm else hostPkgs.qemu; defaultText = literalExpression "if hostPkgs.stdenv.hostPlatform.qemuArch == pkgs.stdenv.hostPlatform.qemuArch then config.virtualisation.host.pkgs.qemu_kvm else config.virtualisation.host.pkgs.qemu"; example = literalExpression "pkgs.qemu_test"; - description = lib.mdDoc "QEMU package to use."; + description = "QEMU package to use."; }; options = @@ -701,7 +693,7 @@ in type = types.listOf types.str; default = []; example = [ "-vga std" ]; - description = lib.mdDoc '' + description = '' Options passed to QEMU. See [QEMU User Documentation](https://www.qemu.org/docs/master/system/qemu-manpage) for a complete list. ''; @@ -713,7 +705,7 @@ in consoles = [ "${qemu-common.qemuSerialDevice},115200n8" "tty0" ]; in if cfg.graphics then consoles else reverseList consoles; example = [ "console=tty1" ]; - description = lib.mdDoc '' + description = '' The output console devices to pass to the kernel command line via the `console` parameter, the primary console is the last item of this list. @@ -732,7 +724,7 @@ in "-net nic,netdev=user.0,model=virtio" "-netdev user,id=user.0,\${QEMU_NET_OPTS:+,$QEMU_NET_OPTS}" ]; - description = lib.mdDoc '' + description = '' Networking-related command-line options that should be passed to qemu. The default is to use userspace networking (SLiRP). See the [QEMU Wiki on Networking](https://wiki.qemu.org/Documentation/Networking) for details. @@ -746,7 +738,7 @@ in drives = mkOption { type = types.listOf (types.submodule driveOpts); - description = lib.mdDoc "Drives passed to qemu."; + description = "Drives passed to qemu."; }; diskInterface = @@ -754,14 +746,14 @@ in type = types.enum [ "virtio" "scsi" "ide" ]; default = "virtio"; example = "scsi"; - description = lib.mdDoc "The interface used for the virtual hard disks."; + description = "The interface used for the virtual hard disks."; }; guestAgent.enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Enable the Qemu guest agent. ''; }; @@ -770,7 +762,7 @@ in mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Enable the virtio-keyboard device. ''; }; @@ -780,7 +772,7 @@ in mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Build and use a disk image for the Nix store, instead of accessing the host's one through 9p. @@ -800,7 +792,7 @@ in type = types.bool; default = !cfg.useNixStoreImage && !cfg.useBootLoader; defaultText = literalExpression "!cfg.useNixStoreImage && !cfg.useBootLoader"; - description = lib.mdDoc '' + description = '' Mount the host Nix store as a 9p mount. ''; }; @@ -811,8 +803,7 @@ in type = types.bool; default = !cfg.useBootLoader; defaultText = "!cfg.useBootLoader"; - description = - lib.mdDoc '' + description = '' If enabled, the virtual machine will boot directly into the kernel instead of through a bootloader. Read more about this feature in the [QEMU documentation on Direct Linux Boot](https://qemu-project.gitlab.io/qemu/system/linuxboot.html) @@ -833,8 +824,7 @@ in type = types.str; default = "${config.system.build.initialRamdisk}/${config.system.boot.loader.initrdFile}"; defaultText = "\${config.system.build.initialRamdisk}/\${config.system.boot.loader.initrdFile}"; - description = - lib.mdDoc '' + description = '' In direct boot situations, you may want to influence the initrd to load to use your own customized payload. @@ -848,8 +838,7 @@ in mkOption { type = types.bool; default = false; - description = - lib.mdDoc '' + description = '' Use a boot loader to boot the system. This allows, among other things, testing the boot loader. @@ -864,8 +853,7 @@ in mkOption { type = types.bool; default = false; - description = - lib.mdDoc '' + description = '' If enabled, the virtual machine will provide a EFI boot manager. useEFIBoot is ignored if useBootLoader == false. @@ -881,16 +869,14 @@ in defaultText = ''(pkgs.OVMF.override { secureBoot = cfg.useSecureBoot; }).fd''; - description = - lib.mdDoc "OVMF firmware package, defaults to OVMF configured with secure boot if needed."; + description = "OVMF firmware package, defaults to OVMF configured with secure boot if needed."; }; firmware = mkOption { type = types.path; default = cfg.efi.OVMF.firmware; defaultText = literalExpression "cfg.efi.OVMF.firmware"; - description = - lib.mdDoc '' + description = '' Firmware binary for EFI implementation, defaults to OVMF. ''; }; @@ -899,12 +885,18 @@ in type = types.path; default = cfg.efi.OVMF.variables; defaultText = literalExpression "cfg.efi.OVMF.variables"; - description = - lib.mdDoc '' + description = '' Platform-specific flash binary for EFI variables, implementation-dependent to the EFI firmware. Defaults to OVMF. ''; }; + + keepVariables = mkOption { + type = types.bool; + default = cfg.useBootLoader; + defaultText = literalExpression "cfg.useBootLoader"; + description = "Whether to keep EFI variable values from the generated system image"; + }; }; virtualisation.tpm = { @@ -929,7 +921,7 @@ in - `tpm-tis-device` for (armv7, aarch64) ''; example = "tpm-tis-device"; - description = lib.mdDoc "QEMU device model for the TPM, uses the appropriate default based on th guest platform system and the package passed."; + description = "QEMU device model for the TPM, uses the appropriate default based on th guest platform system and the package passed."; }; }; @@ -937,8 +929,7 @@ in mkOption { type = types.bool; default = true; - description = - lib.mdDoc '' + description = '' If enabled, the boot disk of the virtual machine will be formatted and mounted with the default filesystems for testing. Swap devices and LUKS will be disabled. @@ -952,8 +943,7 @@ in mkOption { type = types.bool; default = false; - description = - lib.mdDoc '' + description = '' Enable Secure Boot support in the EFI firmware. ''; }; @@ -962,8 +952,7 @@ in mkOption { type = types.nullOr types.package; default = null; - description = - lib.mdDoc '' + description = '' An alternate BIOS (such as `qboot`) with which to start the VM. Should contain a file named `bios.bin`. If `null`, QEMU's builtin SeaBIOS will be used. @@ -974,8 +963,7 @@ in mkOption { type = types.bool; default = false; - description = - lib.mdDoc '' + description = '' If enabled, when `NIX_SSL_CERT_FILE` is set on the host, pass the CA certificates from the host to the VM. ''; @@ -1115,18 +1103,22 @@ in nix-store = mkIf cfg.mountHostNixStore { source = builtins.storeDir; target = "/nix/store"; + securityModel = "none"; }; xchg = { source = ''"$TMPDIR"/xchg''; + securityModel = "none"; target = "/tmp/xchg"; }; shared = { source = ''"''${SHARED_DIR:-$TMPDIR/xchg}"''; target = "/tmp/shared"; + securityModel = "none"; }; certs = mkIf cfg.useHostCerts { source = ''"$TMPDIR"/certs''; target = "/etc/ssl/certs"; + securityModel = "none"; }; }; diff --git a/nixpkgs/nixos/modules/virtualisation/rosetta.nix b/nixpkgs/nixos/modules/virtualisation/rosetta.nix index ee811b571b8f..c4780ae1a81d 100644 --- a/nixpkgs/nixos/modules/virtualisation/rosetta.nix +++ b/nixpkgs/nixos/modules/virtualisation/rosetta.nix @@ -9,7 +9,7 @@ in virtualisation.rosetta.enable = lib.mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable [Rosetta](https://developer.apple.com/documentation/apple-silicon/about-the-rosetta-translation-environment) support. This feature requires the system to be a virtualised guest on an Apple silicon host. @@ -23,7 +23,7 @@ in type = types.str; default = "/run/rosetta"; internal = true; - description = lib.mdDoc '' + description = '' The mount point for the Rosetta runtime inside the guest system. The proprietary runtime is exposed through a VirtioFS directory share and then mounted at this directory. @@ -33,7 +33,7 @@ in virtualisation.rosetta.mountTag = lib.mkOption { type = types.str; default = "rosetta"; - description = lib.mdDoc '' + description = '' The VirtioFS mount tag for the Rosetta runtime, exposed by the host's virtualisation software. If supported, your virtualisation software should provide instructions on how register the Rosetta runtime inside Linux guests. diff --git a/nixpkgs/nixos/modules/virtualisation/spice-usb-redirection.nix b/nixpkgs/nixos/modules/virtualisation/spice-usb-redirection.nix index ab2b058c686f..255327f2622c 100644 --- a/nixpkgs/nixos/modules/virtualisation/spice-usb-redirection.nix +++ b/nixpkgs/nixos/modules/virtualisation/spice-usb-redirection.nix @@ -3,7 +3,7 @@ options.virtualisation.spiceUSBRedirection.enable = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Install the SPICE USB redirection helper with setuid privileges. This allows unprivileged users to pass USB devices connected to this machine to libvirt VMs, both local and diff --git a/nixpkgs/nixos/modules/virtualisation/virtualbox-guest.nix b/nixpkgs/nixos/modules/virtualisation/virtualbox-guest.nix index c2606968d3be..649ff3abb9ae 100644 --- a/nixpkgs/nixos/modules/virtualisation/virtualbox-guest.nix +++ b/nixpkgs/nixos/modules/virtualisation/virtualbox-guest.nix @@ -37,25 +37,25 @@ in enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc "Whether to enable the VirtualBox service and other guest additions."; + description = "Whether to enable the VirtualBox service and other guest additions."; }; clipboard = mkOption { default = true; type = types.bool; - description = lib.mdDoc "Whether to enable clipboard support."; + description = "Whether to enable clipboard support."; }; seamless = mkOption { default = true; type = types.bool; - description = lib.mdDoc "Whether to enable seamless mode. When activated windows from the guest appear next to the windows of the host."; + description = "Whether to enable seamless mode. When activated windows from the guest appear next to the windows of the host."; }; draganddrop = mkOption { default = true; type = types.bool; - description = lib.mdDoc "Whether to enable drag and drop support."; + description = "Whether to enable drag and drop support."; }; }; diff --git a/nixpkgs/nixos/modules/virtualisation/virtualbox-host.nix b/nixpkgs/nixos/modules/virtualisation/virtualbox-host.nix index 0ecf7f490cf6..609799995c52 100644 --- a/nixpkgs/nixos/modules/virtualisation/virtualbox-host.nix +++ b/nixpkgs/nixos/modules/virtualisation/virtualbox-host.nix @@ -18,8 +18,8 @@ in { options.virtualisation.virtualbox.host = { - enable = mkEnableOption (lib.mdDoc "VirtualBox") // { - description = lib.mdDoc '' + enable = mkEnableOption "VirtualBox" // { + description = '' Whether to enable VirtualBox. ::: {.note} @@ -29,8 +29,8 @@ in ''; }; - enableExtensionPack = mkEnableOption (lib.mdDoc "VirtualBox extension pack") // { - description = lib.mdDoc '' + enableExtensionPack = mkEnableOption "VirtualBox extension pack" // { + description = '' Whether to install the Oracle Extension Pack for VirtualBox. ::: {.important} @@ -45,7 +45,7 @@ in addNetworkInterface = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Automatically set up a vboxnet0 host-only network interface. ''; }; @@ -53,7 +53,7 @@ in enableHardening = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Enable hardened VirtualBox, which ensures that only the binaries in the system path get access to the devices exposed by the kernel modules instead of all users in the vboxusers group. @@ -68,7 +68,7 @@ in headless = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Use VirtualBox installation without GUI and Qt dependency. Useful to enable on servers and when virtual machines are controlled only via SSH. ''; @@ -77,7 +77,7 @@ in enableWebService = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Build VirtualBox web service tool (vboxwebsrv) to allow managing VMs via other webpage frontend tools. Useful for headless servers. ''; }; @@ -85,7 +85,7 @@ in enableKvm = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable KVM support for VirtualBox. This increases compatibility with Linux kernel versions, because the VirtualBox kernel modules are not required. diff --git a/nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix b/nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix index 0da217fd1cb0..1c8b9b99c01c 100644 --- a/nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix +++ b/nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix @@ -14,42 +14,42 @@ in { type = with types; either (enum [ "auto" ]) int; default = "auto"; example = 50 * 1024; - description = lib.mdDoc '' + description = '' The size of the VirtualBox base image in MiB. ''; }; baseImageFreeSpace = mkOption { type = with types; int; default = 30 * 1024; - description = lib.mdDoc '' + description = '' Free space in the VirtualBox base image in MiB. ''; }; memorySize = mkOption { type = types.int; default = 1536; - description = lib.mdDoc '' + description = '' The amount of RAM the VirtualBox appliance can use in MiB. ''; }; vmDerivationName = mkOption { type = types.str; default = "nixos-ova-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}"; - description = lib.mdDoc '' + description = '' The name of the derivation for the VirtualBox appliance. ''; }; vmName = mkOption { type = types.str; default = "${config.system.nixos.distroName} ${config.system.nixos.label} (${pkgs.stdenv.hostPlatform.system})"; - description = lib.mdDoc '' + description = '' The name of the VirtualBox appliance. ''; }; vmFileName = mkOption { type = types.str; default = "nixos-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.ova"; - description = lib.mdDoc '' + description = '' The file name of the VirtualBox appliance. ''; }; @@ -60,7 +60,7 @@ in { rtcuseutc = "on"; usb = "off"; }; - description = lib.mdDoc '' + description = '' Parameters passed to the Virtualbox appliance. Run `VBoxManage modifyvm --help` to see more options. @@ -72,14 +72,14 @@ in { "--vsys" "0" "--vendor" "ACME Inc." ]; default = []; - description = lib.mdDoc '' + description = '' Parameters passed to the Virtualbox export command. Run `VBoxManage export --help` to see more options. ''; }; extraDisk = mkOption { - description = lib.mdDoc '' + description = '' Optional extra disk/hdd configuration. The disk will be an 'ext4' partition on a separate file. ''; @@ -93,16 +93,16 @@ in { options = { size = mkOption { type = types.int; - description = lib.mdDoc "Size in MiB"; + description = "Size in MiB"; }; label = mkOption { type = types.str; default = "vm-extra-storage"; - description = lib.mdDoc "Label for the disk partition"; + description = "Label for the disk partition"; }; mountPoint = mkOption { type = types.str; - description = lib.mdDoc "Path where to mount this disk."; + description = "Path where to mount this disk."; }; }; }); @@ -120,7 +120,7 @@ in { --network-descriptions 'Nic description' \ --scsi-subtypes VirtualSCSI ''; - description = lib.mdDoc '' + description = '' Extra commands to run after exporting the OVA to `$fn`. ''; }; @@ -140,7 +140,7 @@ in { bootable = "on"; hostiocache = "on"; }; - description = lib.mdDoc '' + description = '' Parameters passed to the VirtualBox appliance. Must have at least `name`. diff --git a/nixpkgs/nixos/modules/virtualisation/vmware-guest.nix b/nixpkgs/nixos/modules/virtualisation/vmware-guest.nix index 6880a257c2be..9bd8f4109643 100644 --- a/nixpkgs/nixos/modules/virtualisation/vmware-guest.nix +++ b/nixpkgs/nixos/modules/virtualisation/vmware-guest.nix @@ -13,12 +13,12 @@ in ]; options.virtualisation.vmware.guest = { - enable = mkEnableOption (lib.mdDoc "VMWare Guest Support"); + enable = mkEnableOption "VMWare Guest Support"; headless = mkOption { type = types.bool; default = !config.services.xserver.enable; defaultText = "!config.services.xserver.enable"; - description = lib.mdDoc "Whether to disable X11-related features."; + description = "Whether to disable X11-related features."; }; }; diff --git a/nixpkgs/nixos/modules/virtualisation/vmware-host.nix b/nixpkgs/nixos/modules/virtualisation/vmware-host.nix index 094114623a42..5fac2a4a8e8d 100644 --- a/nixpkgs/nixos/modules/virtualisation/vmware-host.nix +++ b/nixpkgs/nixos/modules/virtualisation/vmware-host.nix @@ -20,8 +20,8 @@ in { options = with lib; { virtualisation.vmware.host = { - enable = mkEnableOption (lib.mdDoc "VMware") // { - description = lib.mdDoc '' + enable = mkEnableOption "VMware" // { + description = '' This enables VMware host virtualisation for running VMs. ::: {.important} @@ -41,13 +41,13 @@ in extraPackages = mkOption { type = with types; listOf package; default = with pkgs; [ ]; - description = lib.mdDoc "Extra packages to be used with VMware host."; + description = "Extra packages to be used with VMware host."; example = "with pkgs; [ ntfs3g ]"; }; extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Add extra config to /etc/vmware/config"; + description = "Add extra config to /etc/vmware/config"; example = '' # Allow unsupported device's OpenGL and Vulkan acceleration for guest vGPU mks.gl.allowUnsupportedDrivers = "TRUE" diff --git a/nixpkgs/nixos/modules/virtualisation/vmware-image.nix b/nixpkgs/nixos/modules/virtualisation/vmware-image.nix index 3674b37d0b97..4a9064c9b8a3 100644 --- a/nixpkgs/nixos/modules/virtualisation/vmware-image.nix +++ b/nixpkgs/nixos/modules/virtualisation/vmware-image.nix @@ -21,34 +21,34 @@ in { type = with types; either (enum [ "auto" ]) int; default = "auto"; example = 2048; - description = lib.mdDoc '' + description = '' The size of the VMWare base image in MiB. ''; }; vmDerivationName = mkOption { type = types.str; default = "nixos-vmware-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}"; - description = lib.mdDoc '' + description = '' The name of the derivation for the VMWare appliance. ''; }; vmFileName = mkOption { type = types.str; default = "nixos-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.vmdk"; - description = lib.mdDoc '' + description = '' The file name of the VMWare appliance. ''; }; vmSubformat = mkOption { type = types.enum subformats; default = "monolithicSparse"; - description = lib.mdDoc "Specifies which VMDK subformat to use."; + description = "Specifies which VMDK subformat to use."; }; vmCompat6 = mkOption { type = types.bool; default = false; example = true; - description = lib.mdDoc "Create a VMDK version 6 image (instead of version 4)."; + description = "Create a VMDK version 6 image (instead of version 4)."; }; }; }; diff --git a/nixpkgs/nixos/modules/virtualisation/waydroid.nix b/nixpkgs/nixos/modules/virtualisation/waydroid.nix index 1f466c780cf2..2a2ef86f2ce3 100644 --- a/nixpkgs/nixos/modules/virtualisation/waydroid.nix +++ b/nixpkgs/nixos/modules/virtualisation/waydroid.nix @@ -20,7 +20,7 @@ in { options.virtualisation.waydroid = { - enable = lib.mkEnableOption (lib.mdDoc "Waydroid"); + enable = lib.mkEnableOption "Waydroid"; }; config = lib.mkIf cfg.enable { diff --git a/nixpkgs/nixos/modules/virtualisation/xe-guest-utilities.nix b/nixpkgs/nixos/modules/virtualisation/xe-guest-utilities.nix index 792edc9b397d..25ccbaebc077 100644 --- a/nixpkgs/nixos/modules/virtualisation/xe-guest-utilities.nix +++ b/nixpkgs/nixos/modules/virtualisation/xe-guest-utilities.nix @@ -5,7 +5,7 @@ let in { options = { services.xe-guest-utilities = { - enable = mkEnableOption (lib.mdDoc "the Xen guest utilities daemon"); + enable = mkEnableOption "the Xen guest utilities daemon"; }; }; config = mkIf cfg.enable { diff --git a/nixpkgs/nixos/modules/virtualisation/xen-dom0.nix b/nixpkgs/nixos/modules/virtualisation/xen-dom0.nix index 8f361a7ac020..2fb8c6cd4566 100644 --- a/nixpkgs/nixos/modules/virtualisation/xen-dom0.nix +++ b/nixpkgs/nixos/modules/virtualisation/xen-dom0.nix @@ -22,8 +22,7 @@ in mkOption { default = false; type = types.bool; - description = - mdDoc '' + description = '' Setting this option enables the Xen hypervisor, a virtualisation technology that allows multiple virtual machines, known as *domains*, to run @@ -37,7 +36,7 @@ in type = types.package; defaultText = literalExpression "pkgs.xen"; example = literalExpression "pkgs.xen-light"; - description = lib.mdDoc '' + description = '' The package used for Xen binary. ''; relatedPackages = [ "xen" "xen-light" ]; @@ -47,7 +46,7 @@ in type = types.package; defaultText = literalExpression "pkgs.xen"; example = literalExpression "pkgs.qemu_xen-light"; - description = lib.mdDoc '' + description = '' The package with qemu binaries for dom0 qemu and xendomains. ''; relatedPackages = [ "xen" @@ -59,7 +58,7 @@ in mkOption { default = []; type = types.listOf types.str; - description = lib.mdDoc + description = '' Parameters passed to the Xen hypervisor at boot time. ''; @@ -70,7 +69,7 @@ in default = 0; example = 512; type = types.addCheck types.int (n: n >= 0); - description = lib.mdDoc + description = '' Amount of memory (in MiB) allocated to Domain 0 on boot. If set to 0, all memory is assigned to Domain 0. @@ -81,7 +80,7 @@ in name = mkOption { default = "xenbr0"; type = types.str; - description = lib.mdDoc '' + description = '' Name of bridge the Xen domUs connect to. ''; }; @@ -89,7 +88,7 @@ in address = mkOption { type = types.str; default = "172.16.0.1"; - description = lib.mdDoc '' + description = '' IPv4 address of the bridge. ''; }; @@ -97,7 +96,7 @@ in prefixLength = mkOption { type = types.addCheck types.int (n: n >= 0 && n <= 32); default = 16; - description = lib.mdDoc '' + description = '' Subnet mask of the bridge interface, specified as the number of bits in the prefix (`24`). A DHCP server will provide IP addresses for the whole, remaining @@ -108,7 +107,7 @@ in forwardDns = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' If set to `true`, the DNS queries from the hosts connected to the bridge will be forwarded to the DNS servers specified in /etc/resolv.conf . @@ -120,7 +119,7 @@ in virtualisation.xen.stored = mkOption { type = types.path; - description = lib.mdDoc + description = '' Xen Store daemon to use. Defaults to oxenstored of the xen package. ''; @@ -130,7 +129,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc + description = '' Options defined here will override the defaults for xendomains. The default options can be seen in the file included from @@ -139,7 +138,7 @@ in }; }; - virtualisation.xen.trace = mkEnableOption (lib.mdDoc "Xen tracing"); + virtualisation.xen.trace = mkEnableOption "Xen tracing"; }; diff --git a/nixpkgs/nixos/release-combined.nix b/nixpkgs/nixos/release-combined.nix index 96b24feeb063..d1773da9afa6 100644 --- a/nixpkgs/nixos/release-combined.nix +++ b/nixpkgs/nixos/release-combined.nix @@ -82,7 +82,9 @@ in rec { (onFullSupported "nixos.tests.gitlab") (onFullSupported "nixos.tests.gnome") (onFullSupported "nixos.tests.gnome-xorg") - (onSystems ["x86_64-linux"] "nixos.tests.hibernate") + # FIXME: broken by QEMU 8.2.3 upgrade, reenable when fixed + # Upstream issue: https://gitlab.com/qemu-project/qemu/-/issues/2321 + # (onSystems ["x86_64-linux"] "nixos.tests.hibernate") (onFullSupported "nixos.tests.i3wm") (onSystems ["x86_64-linux"] "nixos.tests.installer.btrfsSimple") (onSystems ["x86_64-linux"] "nixos.tests.installer.btrfsSubvolDefault") @@ -168,7 +170,10 @@ in rec { (onFullSupported "nixpkgs.emacs") (onFullSupported "nixpkgs.jdk") (onSystems ["x86_64-linux"] "nixpkgs.mesa_i686") # i686 sanity check + useful - ["nixpkgs.tarball"] + [ + "nixpkgs.tarball" + "nixpkgs.release-checks" + ] ]; }; } diff --git a/nixpkgs/nixos/release-small.nix b/nixpkgs/nixos/release-small.nix index cac20b63925f..091c2b1f305b 100644 --- a/nixpkgs/nixos/release-small.nix +++ b/nixpkgs/nixos/release-small.nix @@ -81,6 +81,7 @@ in rec { php postgresql python + release-checks rsyslog stdenv subversion @@ -103,6 +104,7 @@ in rec { [ "nixos.channel" "nixpkgs.tarball" + "nixpkgs.release-checks" ] (map (onSystems [ "x86_64-linux" ]) [ "nixos.tests.boot.biosCdrom" diff --git a/nixpkgs/nixos/release.nix b/nixpkgs/nixos/release.nix index ff60b0b79f6d..2f31973569bf 100644 --- a/nixpkgs/nixos/release.nix +++ b/nixpkgs/nixos/release.nix @@ -441,7 +441,7 @@ in rec { kde = makeClosure ({ ... }: { services.xserver.enable = true; - services.xserver.displayManager.sddm.enable = true; + services.displayManager.sddm.enable = true; services.xserver.desktopManager.plasma5.enable = true; }); diff --git a/nixpkgs/nixos/tests/adguardhome.nix b/nixpkgs/nixos/tests/adguardhome.nix index 80613ce82534..005d54e17dfd 100644 --- a/nixpkgs/nixos/tests/adguardhome.nix +++ b/nixpkgs/nixos/tests/adguardhome.nix @@ -2,41 +2,39 @@ name = "adguardhome"; nodes = { - nullConf = { ... }: { services.adguardhome = { enable = true; }; }; + nullConf = { services.adguardhome.enable = true; }; - emptyConf = { lib, ... }: { + emptyConf = { services.adguardhome = { enable = true; + + settings = { }; + }; + }; + + schemaVersionBefore23 = { + services.adguardhome = { + enable = true; + + settings.schema_version = 20; }; }; - declarativeConf = { ... }: { + declarativeConf = { services.adguardhome = { enable = true; mutableSettings = false; - settings = { - schema_version = 0; - dns = { - bind_host = "0.0.0.0"; - bootstrap_dns = "127.0.0.1"; - }; - }; + settings.dns.bootstrap_dns = [ "127.0.0.1" ]; }; }; - mixedConf = { ... }: { + mixedConf = { services.adguardhome = { enable = true; mutableSettings = true; - settings = { - schema_version = 0; - dns = { - bind_host = "0.0.0.0"; - bootstrap_dns = "127.0.0.1"; - }; - }; + settings.dns.bootstrap_dns = [ "127.0.0.1" ]; }; }; @@ -70,11 +68,7 @@ allowDHCP = true; mutableSettings = false; settings = { - schema_version = 0; - dns = { - bind_host = "0.0.0.0"; - bootstrap_dns = "127.0.0.1"; - }; + dns.bootstrap_dns = [ "127.0.0.1" ]; dhcp = { # This implicitly enables CAP_NET_RAW enabled = true; @@ -104,33 +98,38 @@ testScript = '' with subtest("Minimal (settings = null) config test"): - nullConf.wait_for_unit("adguardhome.service") + nullConf.wait_for_unit("adguardhome.service") + nullConf.wait_for_open_port(3000) with subtest("Default config test"): - emptyConf.wait_for_unit("adguardhome.service") - emptyConf.wait_for_open_port(3000) + emptyConf.wait_for_unit("adguardhome.service") + emptyConf.wait_for_open_port(3000) + + with subtest("Default schema_version 23 config test"): + schemaVersionBefore23.wait_for_unit("adguardhome.service") + schemaVersionBefore23.wait_for_open_port(3000) with subtest("Declarative config test, DNS will be reachable"): - declarativeConf.wait_for_unit("adguardhome.service") - declarativeConf.wait_for_open_port(53) - declarativeConf.wait_for_open_port(3000) + declarativeConf.wait_for_unit("adguardhome.service") + declarativeConf.wait_for_open_port(53) + declarativeConf.wait_for_open_port(3000) with subtest("Mixed config test, check whether merging works"): - mixedConf.wait_for_unit("adguardhome.service") - mixedConf.wait_for_open_port(53) - mixedConf.wait_for_open_port(3000) - # Test whether merging works properly, even if nothing is changed - mixedConf.systemctl("restart adguardhome.service") - mixedConf.wait_for_unit("adguardhome.service") - mixedConf.wait_for_open_port(3000) + mixedConf.wait_for_unit("adguardhome.service") + mixedConf.wait_for_open_port(53) + mixedConf.wait_for_open_port(3000) + # Test whether merging works properly, even if nothing is changed + mixedConf.systemctl("restart adguardhome.service") + mixedConf.wait_for_unit("adguardhome.service") + mixedConf.wait_for_open_port(3000) with subtest("Testing successful DHCP start"): - dhcpConf.wait_for_unit("adguardhome.service") - client.systemctl("start network-online.target") - client.wait_for_unit("network-online.target") - # Test IP assignment via DHCP - dhcpConf.wait_until_succeeds("ping -c 5 10.0.10.100") - # Test hostname resolution over DHCP-provided DNS - dhcpConf.wait_until_succeeds("ping -c 5 client.lan") + dhcpConf.wait_for_unit("adguardhome.service") + client.systemctl("start network-online.target") + client.wait_for_unit("network-online.target") + # Test IP assignment via DHCP + dhcpConf.wait_until_succeeds("ping -c 5 10.0.10.100") + # Test hostname resolution over DHCP-provided DNS + dhcpConf.wait_until_succeeds("ping -c 5 client.lan") ''; } diff --git a/nixpkgs/nixos/tests/agda.nix b/nixpkgs/nixos/tests/agda.nix index 6f51300111ac..a8e90725c06b 100644 --- a/nixpkgs/nixos/tests/agda.nix +++ b/nixpkgs/nixos/tests/agda.nix @@ -25,13 +25,6 @@ in }; testScript = '' - assert ( - "${pkgs.agdaPackages.lib.interfaceFile "Everything.agda"}" == "Everything.agdai" - ), "wrong interface file for Everything.agda" - assert ( - "${pkgs.agdaPackages.lib.interfaceFile "tmp/Everything.agda.md"}" == "tmp/Everything.agdai" - ), "wrong interface file for tmp/Everything.agda.md" - # Minimal script that typechecks machine.succeed("touch TestEmpty.agda") machine.succeed("agda TestEmpty.agda") diff --git a/nixpkgs/nixos/tests/akkoma.nix b/nixpkgs/nixos/tests/akkoma.nix index 2907017ee3d5..2a9acd64b7c6 100644 --- a/nixpkgs/nixos/tests/akkoma.nix +++ b/nixpkgs/nixos/tests/akkoma.nix @@ -36,7 +36,8 @@ let ${pkgs.toot}/bin/toot timeline -1 | grep -F -q "hello world Jamy here" # Test file upload - ${pkgs.toot}/bin/toot upload <(dd if=/dev/zero bs=1024 count=1024 status=none) + echo "y" | ${pkgs.toot}/bin/toot upload <(dd if=/dev/zero bs=1024 count=1024 status=none) \ + | grep -F -q "https://akkoma.nixos.test:443/media" ''; checkFe = pkgs.writers.writeBashBin "checkFe" '' @@ -90,6 +91,9 @@ in "Pleroma.Web.Endpoint" = { url.host = "akkoma.nixos.test"; }; + "Pleroma.Upload" = { + base_url = "https://akkoma.nixos.test:443/media/"; + }; }; }; diff --git a/nixpkgs/nixos/tests/all-tests.nix b/nixpkgs/nixos/tests/all-tests.nix index f7ad6c16f587..d4da32c44990 100644 --- a/nixpkgs/nixos/tests/all-tests.nix +++ b/nixpkgs/nixos/tests/all-tests.nix @@ -193,6 +193,7 @@ in { cinnamon = handleTest ./cinnamon.nix {}; cinnamon-wayland = handleTest ./cinnamon-wayland.nix {}; cjdns = handleTest ./cjdns.nix {}; + clatd = handleTest ./clatd.nix {}; clickhouse = handleTest ./clickhouse.nix {}; cloud-init = handleTest ./cloud-init.nix {}; cloud-init-hostname = handleTest ./cloud-init-hostname.nix {}; @@ -219,6 +220,7 @@ in { containers-physical_interfaces = handleTest ./containers-physical_interfaces.nix {}; containers-portforward = handleTest ./containers-portforward.nix {}; containers-reloadable = handleTest ./containers-reloadable.nix {}; + containers-require-bind-mounts = handleTest ./containers-require-bind-mounts.nix {}; containers-restart_networking = handleTest ./containers-restart_networking.nix {}; containers-tmpfs = handleTest ./containers-tmpfs.nix {}; containers-unified-hierarchy = handleTest ./containers-unified-hierarchy.nix {}; @@ -226,6 +228,7 @@ in { corerad = handleTest ./corerad.nix {}; coturn = handleTest ./coturn.nix {}; couchdb = handleTest ./couchdb.nix {}; + crabfit = handleTest ./crabfit.nix {}; cri-o = handleTestOn ["aarch64-linux" "x86_64-linux"] ./cri-o.nix {}; cups-pdf = handleTest ./cups-pdf.nix {}; curl-impersonate = handleTest ./curl-impersonate.nix {}; @@ -233,6 +236,8 @@ in { croc = handleTest ./croc.nix {}; darling = handleTest ./darling.nix {}; dae = handleTest ./dae.nix {}; + davis = handleTest ./davis.nix {}; + db-rest = handleTest ./db-rest.nix {}; dconf = handleTest ./dconf.nix {}; deconz = handleTest ./deconz.nix {}; deepin = handleTest ./deepin.nix {}; @@ -304,6 +309,7 @@ in { ferm = handleTest ./ferm.nix {}; ferretdb = handleTest ./ferretdb.nix {}; filesystems-overlayfs = runTest ./filesystems-overlayfs.nix; + firefly-iii = handleTest ./firefly-iii.nix {}; firefox = handleTest ./firefox.nix { firefoxPackage = pkgs.firefox; }; firefox-beta = handleTest ./firefox.nix { firefoxPackage = pkgs.firefox-beta; }; firefox-devedition = handleTest ./firefox.nix { firefoxPackage = pkgs.firefox-devedition; }; @@ -326,6 +332,7 @@ in { freshrss-sqlite = handleTest ./freshrss-sqlite.nix {}; freshrss-pgsql = handleTest ./freshrss-pgsql.nix {}; freshrss-http-auth = handleTest ./freshrss-http-auth.nix {}; + freshrss-none-auth = handleTest ./freshrss-none-auth.nix {}; frigate = handleTest ./frigate.nix {}; frp = handleTest ./frp.nix {}; frr = handleTest ./frr.nix {}; @@ -393,6 +400,7 @@ in { honk = runTest ./honk.nix; installed-tests = pkgs.recurseIntoAttrs (handleTest ./installed-tests {}); invidious = handleTest ./invidious.nix {}; + isolate = handleTest ./isolate.nix {}; livebook-service = handleTest ./livebook-service.nix {}; pyload = handleTest ./pyload.nix {}; oci-containers = handleTestOn ["aarch64-linux" "x86_64-linux"] ./oci-containers.nix {}; @@ -444,6 +452,7 @@ in { jirafeau = handleTest ./jirafeau.nix {}; jitsi-meet = handleTest ./jitsi-meet.nix {}; jool = import ./jool.nix { inherit pkgs runTest; }; + jotta-cli = handleTest ./jotta-cli.nix {}; k3s = handleTest ./k3s {}; kafka = handleTest ./kafka.nix {}; kanidm = handleTest ./kanidm.nix {}; @@ -457,7 +466,7 @@ in { kerberos = handleTest ./kerberos/default.nix {}; kernel-generic = handleTest ./kernel-generic.nix {}; kernel-latest-ath-user-regd = handleTest ./kernel-latest-ath-user-regd.nix {}; - kernel-rust = handleTestOn ["x86_64-linux"] ./kernel-rust.nix {}; + kernel-rust = handleTest ./kernel-rust.nix {}; keter = handleTest ./keter.nix {}; kexec = handleTest ./kexec.nix {}; keycloak = discoverTests (import ./keycloak.nix); @@ -500,6 +509,7 @@ in { lxd = pkgs.recurseIntoAttrs (handleTest ./lxd { inherit handleTestOn; }); lxd-image-server = handleTest ./lxd-image-server.nix {}; #logstash = handleTest ./logstash.nix {}; + lomiri = handleTest ./lomiri.nix {}; lomiri-system-settings = handleTest ./lomiri-system-settings.nix {}; lorri = handleTest ./lorri/default.nix {}; maddy = discoverTests (import ./maddy { inherit handleTest; }); @@ -521,6 +531,8 @@ in { matrix-conduit = handleTest ./matrix/conduit.nix {}; matrix-synapse = handleTest ./matrix/synapse.nix {}; matrix-synapse-workers = handleTest ./matrix/synapse-workers.nix {}; + mautrix-meta-postgres = handleTest ./matrix/mautrix-meta-postgres.nix {}; + mautrix-meta-sqlite = handleTest ./matrix/mautrix-meta-sqlite.nix {}; mattermost = handleTest ./mattermost.nix {}; mealie = handleTest ./mealie.nix {}; mediamtx = handleTest ./mediamtx.nix {}; @@ -554,6 +566,7 @@ in { morty = handleTest ./morty.nix {}; mosquitto = handleTest ./mosquitto.nix {}; moosefs = handleTest ./moosefs.nix {}; + movim = discoverTests (import ./web-apps/movim { inherit handleTestOn; }); mpd = handleTest ./mpd.nix {}; mpv = handleTest ./mpv.nix {}; mtp = handleTest ./mtp.nix {}; @@ -588,8 +601,9 @@ in { nimdow = handleTest ./nimdow.nix {}; neo4j = handleTest ./neo4j.nix {}; netdata = handleTest ./netdata.nix {}; - networking.networkd = handleTest ./networking.nix { networkd = true; }; - networking.scripted = handleTest ./networking.nix { networkd = false; }; + networking.scripted = handleTest ./networking/networkd-and-scripted.nix { networkd = false; }; + networking.networkd = handleTest ./networking/networkd-and-scripted.nix { networkd = true; }; + networking.networkmanager = handleTest ./networking/networkmanager.nix {}; netbox_3_6 = handleTest ./web-apps/netbox.nix { netbox = pkgs.netbox_3_6; }; netbox_3_7 = handleTest ./web-apps/netbox.nix { netbox = pkgs.netbox_3_7; }; netbox-upgrade = handleTest ./web-apps/netbox-upgrade.nix {}; @@ -647,6 +661,8 @@ in { nvmetcfg = handleTest ./nvmetcfg.nix {}; nzbget = handleTest ./nzbget.nix {}; nzbhydra2 = handleTest ./nzbhydra2.nix {}; + ocis = handleTest ./ocis.nix {}; + oddjobd = handleTestOn [ "x86_64-linux" "aarch64-linux" ] ./oddjobd.nix {}; oh-my-zsh = handleTest ./oh-my-zsh.nix {}; ollama = handleTest ./ollama.nix {}; ombi = handleTest ./ombi.nix {}; @@ -759,6 +775,7 @@ in { qgis = handleTest ./qgis.nix { qgisPackage = pkgs.qgis; }; qgis-ltr = handleTest ./qgis.nix { qgisPackage = pkgs.qgis-ltr; }; qownnotes = handleTest ./qownnotes.nix {}; + qtile = handleTest ./qtile.nix {}; quake3 = handleTest ./quake3.nix {}; quicktun = handleTest ./quicktun.nix {}; quorum = handleTest ./quorum.nix {}; @@ -769,8 +786,10 @@ in { rasdaemon = handleTest ./rasdaemon.nix {}; readarr = handleTest ./readarr.nix {}; redis = handleTest ./redis.nix {}; + redlib = handleTest ./redlib.nix {}; redmine = handleTest ./redmine.nix {}; restartByActivationScript = handleTest ./restart-by-activation-script.nix {}; + restic-rest-server = handleTest ./restic-rest-server.nix {}; restic = handleTest ./restic.nix {}; retroarch = handleTest ./retroarch.nix {}; rkvm = handleTest ./rkvm {}; @@ -807,6 +826,7 @@ in { shattered-pixel-dungeon = handleTest ./shattered-pixel-dungeon.nix {}; shiori = handleTest ./shiori.nix {}; signal-desktop = handleTest ./signal-desktop.nix {}; + silverbullet = handleTest ./silverbullet.nix {}; simple = handleTest ./simple.nix {}; sing-box = handleTest ./sing-box.nix {}; slimserver = handleTest ./slimserver.nix {}; @@ -819,6 +839,7 @@ in { soapui = handleTest ./soapui.nix {}; soft-serve = handleTest ./soft-serve.nix {}; sogo = handleTest ./sogo.nix {}; + soju = handleTest ./soju.nix {}; solanum = handleTest ./solanum.nix {}; sonarr = handleTest ./sonarr.nix {}; sonic-server = handleTest ./sonic-server.nix {}; @@ -842,11 +863,13 @@ in { stunnel = handleTest ./stunnel.nix {}; sudo = handleTest ./sudo.nix {}; sudo-rs = handleTest ./sudo-rs.nix {}; + sunshine = handleTest ./sunshine.nix {}; suwayomi-server = handleTest ./suwayomi-server.nix {}; swap-file-btrfs = handleTest ./swap-file-btrfs.nix {}; swap-partition = handleTest ./swap-partition.nix {}; swap-random-encryption = handleTest ./swap-random-encryption.nix {}; sway = handleTest ./sway.nix {}; + swayfx = handleTest ./swayfx.nix {}; switchTest = handleTest ./switch-test.nix {}; sympa = handleTest ./sympa.nix {}; syncthing = handleTest ./syncthing.nix {}; @@ -888,6 +911,7 @@ in { systemd-lock-handler = runTestOn ["aarch64-linux" "x86_64-linux"] ./systemd-lock-handler.nix; systemd-machinectl = handleTest ./systemd-machinectl.nix {}; systemd-networkd = handleTest ./systemd-networkd.nix {}; + systemd-networkd-bridge = handleTest ./systemd-networkd-bridge.nix {}; systemd-networkd-dhcpserver = handleTest ./systemd-networkd-dhcpserver.nix {}; systemd-networkd-dhcpserver-static-leases = handleTest ./systemd-networkd-dhcpserver-static-leases.nix {}; systemd-networkd-ipv6-prefix-delegation = handleTest ./systemd-networkd-ipv6-prefix-delegation.nix {}; @@ -914,6 +938,7 @@ in { tang = handleTest ./tang.nix {}; taskserver = handleTest ./taskserver.nix {}; tayga = handleTest ./tayga.nix {}; + technitium-dns-server = handleTest ./technitium-dns-server.nix {}; teeworlds = handleTest ./teeworlds.nix {}; telegraf = handleTest ./telegraf.nix {}; teleport = handleTest ./teleport.nix {}; @@ -922,7 +947,6 @@ in { tiddlywiki = handleTest ./tiddlywiki.nix {}; tigervnc = handleTest ./tigervnc.nix {}; timescaledb = handleTest ./timescaledb.nix {}; - promscale = handleTest ./promscale.nix {}; timezone = handleTest ./timezone.nix {}; tinc = handleTest ./tinc {}; tinydns = handleTest ./tinydns.nix {}; @@ -985,6 +1009,7 @@ in { vsftpd = handleTest ./vsftpd.nix {}; warzone2100 = handleTest ./warzone2100.nix {}; wasabibackend = handleTest ./wasabibackend.nix {}; + wastebin = handleTest ./wastebin.nix {}; watchdogd = handleTest ./watchdogd.nix {}; webhook = runTest ./webhook.nix; wiki-js = handleTest ./wiki-js.nix {}; @@ -992,6 +1017,7 @@ in { wireguard = handleTest ./wireguard {}; without-nix = handleTest ./without-nix.nix {}; wmderland = handleTest ./wmderland.nix {}; + workout-tracker = handleTest ./workout-tracker.nix {}; wpa_supplicant = handleTest ./wpa_supplicant.nix {}; wordpress = handleTest ./wordpress.nix {}; wrappers = handleTest ./wrappers.nix {}; diff --git a/nixpkgs/nixos/tests/ayatana-indicators.nix b/nixpkgs/nixos/tests/ayatana-indicators.nix index a7de640f9e37..5709ad2a1af6 100644 --- a/nixpkgs/nixos/tests/ayatana-indicators.nix +++ b/nixpkgs/nixos/tests/ayatana-indicators.nix @@ -21,8 +21,8 @@ in { services.xserver = { enable = true; desktopManager.mate.enable = true; - displayManager.defaultSession = lib.mkForce "mate"; }; + services.displayManager.defaultSession = lib.mkForce "mate"; services.ayatana-indicators = { enable = true; diff --git a/nixpkgs/nixos/tests/budgie.nix b/nixpkgs/nixos/tests/budgie.nix index 5228e869b056..203e718c8c6d 100644 --- a/nixpkgs/nixos/tests/budgie.nix +++ b/nixpkgs/nixos/tests/budgie.nix @@ -18,6 +18,10 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { }; }; + # We don't ship gnome-text-editor in Budgie module, we add this line mainly + # to catch eval issues related to this option. + environment.budgie.excludePackages = [ pkgs.gnome-text-editor ]; + services.xserver.desktopManager.budgie = { enable = true; extraPlugins = [ diff --git a/nixpkgs/nixos/tests/caddy.nix b/nixpkgs/nixos/tests/caddy.nix index 41d8e57de468..0efe8f94e39d 100644 --- a/nixpkgs/nixos/tests/caddy.nix +++ b/nixpkgs/nixos/tests/caddy.nix @@ -1,7 +1,7 @@ import ./make-test-python.nix ({ pkgs, ... }: { name = "caddy"; meta = with pkgs.lib.maintainers; { - maintainers = [ xfix Br1ght0ne ]; + maintainers = [ Br1ght0ne ]; }; nodes = { diff --git a/nixpkgs/nixos/tests/castopod.nix b/nixpkgs/nixos/tests/castopod.nix index 4435ec617d4e..3257cd3d363c 100644 --- a/nixpkgs/nixos/tests/castopod.nix +++ b/nixpkgs/nixos/tests/castopod.nix @@ -2,76 +2,220 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { name = "castopod"; meta = with lib.maintainers; { - maintainers = [ alexoundos misuzu ]; + maintainers = [ alexoundos ]; }; + nodes.castopod = { nodes, ... }: { + # otherwise 500 MiB file upload fails! + virtualisation.diskSize = 512 + 3 * 512; + networking.firewall.allowedTCPPorts = [ 80 ]; - networking.extraHosts = '' - 127.0.0.1 castopod.example.com - ''; + networking.extraHosts = + lib.strings.concatStringsSep "\n" + (lib.attrsets.mapAttrsToList + (name: _: "127.0.0.1 ${name}") + nodes.castopod.services.nginx.virtualHosts); + services.castopod = { enable = true; database.createLocally = true; localDomain = "castopod.example.com"; + maxUploadSize = "512M"; }; - environment.systemPackages = - let - username = "admin"; - email = "admin@castood.example.com"; - password = "v82HmEp5"; - testRunner = pkgs.writers.writePython3Bin "test-runner" - { - libraries = [ pkgs.python3Packages.selenium ]; - flakeIgnore = [ - "E501" - ]; - } '' - from selenium.webdriver.common.by import By - from selenium.webdriver import Firefox - from selenium.webdriver.firefox.options import Options - from selenium.webdriver.support.ui import WebDriverWait - from selenium.webdriver.support import expected_conditions as EC - - options = Options() - options.add_argument('--headless') - driver = Firefox(options=options) - try: - driver.implicitly_wait(20) - driver.get('http://castopod.example.com/cp-install') - - wait = WebDriverWait(driver, 10) - - wait.until(EC.title_contains("installer")) - - driver.find_element(By.CSS_SELECTOR, '#username').send_keys( - '${username}' - ) - driver.find_element(By.CSS_SELECTOR, '#email').send_keys( - '${email}' - ) - driver.find_element(By.CSS_SELECTOR, '#password').send_keys( - '${password}' - ) - driver.find_element(By.XPATH, "//button[contains(., 'Finish install')]").click() - - wait.until(EC.title_contains("Auth")) - - driver.find_element(By.CSS_SELECTOR, '#email').send_keys( - '${email}' - ) - driver.find_element(By.CSS_SELECTOR, '#password').send_keys( - '${password}' - ) - driver.find_element(By.XPATH, "//button[contains(., 'Login')]").click() - - wait.until(EC.title_contains("Admin dashboard")) - finally: - driver.close() - driver.quit() - ''; - in - [ pkgs.firefox-unwrapped pkgs.geckodriver testRunner ]; }; + + nodes.client = { nodes, pkgs, lib, ... }: + let + domain = nodes.castopod.services.castopod.localDomain; + + getIP = node: + (builtins.head node.networking.interfaces.eth1.ipv4.addresses).address; + + targetPodcastSize = 500 * 1024 * 1024; + lameMp3Bitrate = 348300; + lameMp3FileAdjust = -800; + targetPodcastDuration = toString + ((targetPodcastSize + lameMp3FileAdjust) / (lameMp3Bitrate / 8)); + bannerWidth = 3000; + banner = pkgs.runCommand "gen-castopod-cover.jpg" { } '' + ${pkgs.imagemagick}/bin/magick ` + `-background green -bordercolor white -gravity northwest xc:black ` + `-duplicate 99 ` + `-seed 1 -resize "%[fx:rand()*72+24]" ` + `-seed 0 -rotate "%[fx:rand()*360]" -border 6x6 -splice 16x36 ` + `-seed 0 -rotate "%[fx:floor(rand()*4)*90]" -resize "150x50!" ` + `+append -crop 10x1@ +repage -roll "+%[fx:(t%2)*72]+0" -append ` + `-resize ${toString bannerWidth} -quality 1 $out + ''; + + coverWidth = toString 3000; + cover = pkgs.runCommand "gen-castopod-banner.jpg" { } '' + ${pkgs.imagemagick}/bin/magick ` + `-background white -bordercolor white -gravity northwest xc:black ` + `-duplicate 99 ` + `-seed 1 -resize "%[fx:rand()*72+24]" ` + `-seed 0 -rotate "%[fx:rand()*360]" -border 6x6 -splice 36x36 ` + `-seed 0 -rotate "%[fx:floor(rand()*4)*90]" -resize "144x144!" ` + `+append -crop 10x1@ +repage -roll "+%[fx:(t%2)*72]+0" -append ` + `-resize ${coverWidth} -quality 1 $out + ''; + in + { + networking.extraHosts = + lib.strings.concatStringsSep "\n" + (lib.attrsets.mapAttrsToList + (name: _: "${getIP nodes.castopod} ${name}") + nodes.castopod.services.nginx.virtualHosts); + + environment.systemPackages = + let + username = "admin"; + email = "admin@${domain}"; + password = "Abcd1234"; + podcastTitle = "Some Title"; + episodeTitle = "Episode Title"; + browser-test = pkgs.writers.writePython3Bin "browser-test" + { + libraries = [ pkgs.python3Packages.selenium ]; + flakeIgnore = [ "E124" "E501" ]; + } '' + from selenium.webdriver.common.by import By + from selenium.webdriver import Firefox + from selenium.webdriver.firefox.options import Options + from selenium.webdriver.firefox.service import Service + from selenium.webdriver.support.ui import WebDriverWait + from selenium.webdriver.support import expected_conditions as EC + from subprocess import STDOUT + import logging + + selenium_logger = logging.getLogger("selenium") + selenium_logger.setLevel(logging.DEBUG) + selenium_logger.addHandler(logging.StreamHandler()) + + options = Options() + options.add_argument('--headless') + service = Service(log_output=STDOUT) + driver = Firefox(options=options, service=service) + driver = Firefox(options=options) + driver.implicitly_wait(30) + + # install ########################################################## + + driver.get('http://${domain}/cp-install') + + wait = WebDriverWait(driver, 20) + + wait.until(EC.title_contains("installer")) + + driver.find_element(By.CSS_SELECTOR, '#username').send_keys( + '${username}' + ) + driver.find_element(By.CSS_SELECTOR, '#email').send_keys( + '${email}' + ) + driver.find_element(By.CSS_SELECTOR, '#password').send_keys( + '${password}' + ) + driver.find_element(By.XPATH, + "//button[contains(., 'Finish install')]" + ).click() + + wait.until(EC.title_contains("Auth")) + + driver.find_element(By.CSS_SELECTOR, '#email').send_keys( + '${email}' + ) + driver.find_element(By.CSS_SELECTOR, '#password').send_keys( + '${password}' + ) + driver.find_element(By.XPATH, + "//button[contains(., 'Login')]" + ).click() + + wait.until(EC.title_contains("Admin dashboard")) + + # create podcast ################################################### + + driver.get('http://${domain}/admin/podcasts/new') + + wait.until(EC.title_contains("Create podcast")) + + driver.find_element(By.CSS_SELECTOR, '#cover').send_keys( + '${cover}' + ) + driver.find_element(By.CSS_SELECTOR, '#banner').send_keys( + '${banner}' + ) + driver.find_element(By.CSS_SELECTOR, '#title').send_keys( + '${podcastTitle}' + ) + driver.find_element(By.CSS_SELECTOR, '#handle').send_keys( + 'some_handle' + ) + driver.find_element(By.CSS_SELECTOR, '#description').send_keys( + 'Some description' + ) + driver.find_element(By.CSS_SELECTOR, '#owner_name').send_keys( + 'Owner Name' + ) + driver.find_element(By.CSS_SELECTOR, '#owner_email').send_keys( + 'owner@email.xyz' + ) + driver.find_element(By.XPATH, + "//button[contains(., 'Create podcast')]" + ).click() + + wait.until(EC.title_contains("${podcastTitle}")) + + driver.find_element(By.XPATH, + "//span[contains(., 'Add an episode')]" + ).click() + + wait.until(EC.title_contains("Add an episode")) + + # upload podcast ################################################### + + driver.find_element(By.CSS_SELECTOR, '#audio_file').send_keys( + '/tmp/podcast.mp3' + ) + driver.find_element(By.CSS_SELECTOR, '#cover').send_keys( + '${cover}' + ) + driver.find_element(By.CSS_SELECTOR, '#description').send_keys( + 'Episode description' + ) + driver.find_element(By.CSS_SELECTOR, '#title').send_keys( + '${episodeTitle}' + ) + driver.find_element(By.XPATH, + "//button[contains(., 'Create episode')]" + ).click() + + wait.until(EC.title_contains("${episodeTitle}")) + + driver.close() + driver.quit() + ''; + in + [ + pkgs.firefox-unwrapped + pkgs.geckodriver + browser-test + (pkgs.writeShellApplication { + name = "build-mp3"; + runtimeInputs = with pkgs; [ sox lame ]; + text = '' + out=/tmp/podcast.mp3 + sox -n -r 48000 -t wav - synth ${targetPodcastDuration} sine 440 ` + `| lame --noreplaygain -cbr -q 9 -b 320 - $out + FILESIZE="$(stat -c%s $out)" + [ "$FILESIZE" -gt 0 ] + [ "$FILESIZE" -le "${toString targetPodcastSize}" ] + ''; + }) + ]; + }; + testScript = '' start_all() castopod.wait_for_unit("castopod-setup.service") @@ -79,9 +223,11 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: castopod.wait_for_unit("nginx.service") castopod.wait_for_open_port(80) castopod.wait_until_succeeds("curl -sS -f http://castopod.example.com") - castopod.succeed("curl -s http://localhost/cp-install | grep 'Create your Super Admin account' > /dev/null") - with subtest("Create superadmin and log in"): - castopod.succeed("PYTHONUNBUFFERED=1 systemd-cat -t test-runner test-runner") + client.succeed("build-mp3") + + with subtest("Create superadmin, log in, create and upload a podcast"): + client.succeed(\ + "PYTHONUNBUFFERED=1 systemd-cat -t browser-test browser-test") ''; }) diff --git a/nixpkgs/nixos/tests/cinnamon-wayland.nix b/nixpkgs/nixos/tests/cinnamon-wayland.nix index 1629ead16f41..19529d820d9c 100644 --- a/nixpkgs/nixos/tests/cinnamon-wayland.nix +++ b/nixpkgs/nixos/tests/cinnamon-wayland.nix @@ -7,7 +7,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { imports = [ ./common/user-account.nix ]; services.xserver.enable = true; services.xserver.desktopManager.cinnamon.enable = true; - services.xserver.displayManager = { + services.displayManager = { autoLogin.enable = true; autoLogin.user = nodes.machine.users.users.alice.name; defaultSession = "cinnamon-wayland"; diff --git a/nixpkgs/nixos/tests/cinnamon.nix b/nixpkgs/nixos/tests/cinnamon.nix index eab907d0b712..694308152149 100644 --- a/nixpkgs/nixos/tests/cinnamon.nix +++ b/nixpkgs/nixos/tests/cinnamon.nix @@ -8,6 +8,10 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { services.xserver.enable = true; services.xserver.desktopManager.cinnamon.enable = true; + # We don't ship gnome-text-editor in Cinnamon module, we add this line mainly + # to catch eval issues related to this option. + environment.cinnamon.excludePackages = [ pkgs.gnome-text-editor ]; + # For the sessionPath subtest. services.xserver.desktopManager.cinnamon.sessionPath = [ pkgs.gnome.gpaste ]; }; diff --git a/nixpkgs/nixos/tests/clatd.nix b/nixpkgs/nixos/tests/clatd.nix new file mode 100644 index 000000000000..00021d87ba5f --- /dev/null +++ b/nixpkgs/nixos/tests/clatd.nix @@ -0,0 +1,189 @@ +# This test verifies that we can ping an IPv4-only server from an IPv6-only +# client via a NAT64 router using CLAT on the client. The hosts and networks +# are configured as follows: +# +# +------ +# Client | clat Address: 192.0.0.1/32 (configured via clatd) +# | Route: default +# | +# | eth1 Address: 2001:db8::2/64 +# | | Route: default via 2001:db8::1 +# +--|--- +# | VLAN 3 +# +--|--- +# | eth2 Address: 2001:db8::1/64 +# Router | +# | nat64 Address: 64:ff9b::1/128 +# | Route: 64:ff9b::/96 +# | Address: 192.0.2.0/32 +# | Route: 192.0.2.0/24 +# | +# | eth1 Address: 100.64.0.1/24 +# +--|--- +# | VLAN 2 +# +--|--- +# Server | eth1 Address: 100.64.0.2/24 +# | Route: 192.0.2.0/24 via 100.64.0.1 +# +------ + +import ./make-test-python.nix ({ pkgs, lib, ... }: + +{ + name = "clatd"; + meta = with pkgs.lib.maintainers; { + maintainers = [ hax404 ]; + }; + + nodes = { + # The server is configured with static IPv4 addresses. RFC 6052 Section 3.1 + # disallows the mapping of non-global IPv4 addresses like RFC 1918 into the + # Well-Known Prefix 64:ff9b::/96. TAYGA also does not allow the mapping of + # documentation space (RFC 5737). To circumvent this, 100.64.0.2/24 from + # RFC 6589 (Carrier Grade NAT) is used here. + # To reach the IPv4 address pool of the NAT64 gateway, there is a static + # route configured. In normal cases, where the router would also source NAT + # the pool addresses to one IPv4 addresses, this would not be needed. + server = { + virtualisation.vlans = [ + 2 # towards router + ]; + networking = { + useDHCP = false; + interfaces.eth1 = lib.mkForce {}; + }; + systemd.network = { + enable = true; + networks."vlan1" = { + matchConfig.Name = "eth1"; + address = [ + "100.64.0.2/24" + ]; + routes = [ + { routeConfig = { Destination = "192.0.2.0/24"; Gateway = "100.64.0.1"; }; } + ]; + }; + }; + }; + + # The router is configured with static IPv4 addresses towards the server + # and IPv6 addresses towards the client. For NAT64, the Well-Known prefix + # 64:ff9b::/96 is used. NAT64 is done with TAYGA which provides the + # tun-interface nat64 and does the translation over it. The IPv6 packets + # are sent to this interfaces and received as IPv4 packets and vice versa. + # As TAYGA only translates IPv6 addresses to dedicated IPv4 addresses, it + # needs a pool of IPv4 addresses which must be at least as big as the + # expected amount of clients. In this test, the packets from the pool are + # directly routed towards the client. In normal cases, there would be a + # second source NAT44 to map all clients behind one IPv4 address. + router = { + boot.kernel.sysctl = { + "net.ipv4.ip_forward" = 1; + "net.ipv6.conf.all.forwarding" = 1; + }; + + virtualisation.vlans = [ + 2 # towards server + 3 # towards client + ]; + + networking = { + useDHCP = false; + useNetworkd = true; + firewall.enable = false; + interfaces.eth1 = lib.mkForce { + ipv4 = { + addresses = [ { address = "100.64.0.1"; prefixLength = 24; } ]; + }; + }; + interfaces.eth2 = lib.mkForce { + ipv6 = { + addresses = [ { address = "2001:db8::1"; prefixLength = 64; } ]; + }; + }; + }; + + services.tayga = { + enable = true; + ipv4 = { + address = "192.0.2.0"; + router = { + address = "192.0.2.1"; + }; + pool = { + address = "192.0.2.0"; + prefixLength = 24; + }; + }; + ipv6 = { + address = "2001:db8::1"; + router = { + address = "64:ff9b::1"; + }; + pool = { + address = "64:ff9b::"; + prefixLength = 96; + }; + }; + }; + }; + + # The client is configured with static IPv6 addresses. It has also a static + # default route towards the router. To reach the IPv4-only server, the + # client starts the clat daemon which starts and configures the local + # IPv4 -> IPv6 translation via Tayga. + client = { + virtualisation.vlans = [ + 3 # towards router + ]; + + networking = { + useDHCP = false; + interfaces.eth1 = lib.mkForce {}; + }; + + systemd.network = { + enable = true; + networks."vlan1" = { + matchConfig.Name = "eth1"; + address = [ + "2001:db8::2/64" + ]; + routes = [ + { routeConfig = { Destination = "::/0"; Gateway = "2001:db8::1"; }; } + ]; + }; + }; + + services.clatd = { + enable = true; + settings.plat-prefix = "64:ff9b::/96"; + }; + + environment.systemPackages = [ pkgs.mtr ]; + }; + }; + + testScript = '' + start_all() + + # wait for all machines to start up + for machine in client, router, server: + machine.wait_for_unit("network-online.target") + + with subtest("Wait for tayga and clatd"): + router.wait_for_unit("tayga.service") + client.wait_for_unit("clatd.service") + # clatd checks if this system has IPv4 connectivity for 10 seconds + client.wait_until_succeeds( + 'journalctl -u clatd -e | grep -q "Starting up TAYGA, using config file"' + ) + + with subtest("Test ICMP"): + client.wait_until_succeeds("ping -c 3 100.64.0.2 >&2") + + with subtest("Test ICMP and show a traceroute"): + client.wait_until_succeeds("mtr --show-ips --report-wide 100.64.0.2 >&2") + + client.log(client.execute("systemd-analyze security clatd.service")[1]) + ''; +}) diff --git a/nixpkgs/nixos/tests/coder.nix b/nixpkgs/nixos/tests/coder.nix index 12813827284b..fd1fa0cc3031 100644 --- a/nixpkgs/nixos/tests/coder.nix +++ b/nixpkgs/nixos/tests/coder.nix @@ -1,8 +1,6 @@ import ./make-test-python.nix ({ pkgs, ... }: { name = "coder"; - meta = with pkgs.lib.maintainers; { - maintainers = [ shyim ghuntley ]; - }; + meta.maintainers = pkgs.coder.meta.maintainers; nodes.machine = { pkgs, ... }: diff --git a/nixpkgs/nixos/tests/common/acme/server/default.nix b/nixpkgs/nixos/tests/common/acme/server/default.nix index 2a2e3b08a1df..457495cdb2c0 100644 --- a/nixpkgs/nixos/tests/common/acme/server/default.nix +++ b/nixpkgs/nixos/tests/common/acme/server/default.nix @@ -81,7 +81,7 @@ in { type = lib.types.str; readOnly = true; default = domain; - description = lib.mdDoc '' + description = '' A domain name to use with the `nodes` attribute to identify the CA server. ''; @@ -90,7 +90,7 @@ in { type = lib.types.path; readOnly = true; default = testCerts.ca.cert; - description = lib.mdDoc '' + description = '' A certificate file to use with the `nodes` attribute to inject the test CA certificate used in the ACME server into {option}`security.pki.certificateFiles`. diff --git a/nixpkgs/nixos/tests/common/auto.nix b/nixpkgs/nixos/tests/common/auto.nix index ac56bed4a88f..cbd298de8f81 100644 --- a/nixpkgs/nixos/tests/common/auto.nix +++ b/nixpkgs/nixos/tests/common/auto.nix @@ -12,7 +12,7 @@ in test-support.displayManager.auto = { enable = lib.mkOption { default = false; - description = lib.mdDoc '' + description = '' Whether to enable the fake "auto" display manager, which automatically logs in the user specified in the {option}`user` option. This is mostly useful for @@ -22,7 +22,7 @@ in user = lib.mkOption { default = "root"; - description = lib.mdDoc "The user account to login automatically."; + description = "The user account to login automatically."; }; }; }; @@ -30,12 +30,10 @@ in ###### implementation config = lib.mkIf cfg.enable { - services.xserver.displayManager = { - lightdm.enable = true; - autoLogin = { - enable = true; - user = cfg.user; - }; + services.xserver.displayManager.lightdm.enable = true; + services.displayManager.autoLogin = { + enable = true; + user = cfg.user; }; # lightdm by default doesn't allow auto login for root, which is diff --git a/nixpkgs/nixos/tests/common/resolver.nix b/nixpkgs/nixos/tests/common/resolver.nix index 609058a7374a..4c3789d0abfa 100644 --- a/nixpkgs/nixos/tests/common/resolver.nix +++ b/nixpkgs/nixos/tests/common/resolver.nix @@ -10,7 +10,7 @@ type = lib.types.bool; default = true; internal = true; - description = lib.mdDoc '' + description = '' Whether to enable the resolver that automatically discovers zone in the test network. diff --git a/nixpkgs/nixos/tests/common/x11.nix b/nixpkgs/nixos/tests/common/x11.nix index 0d76a0e972ff..b79cedb864de 100644 --- a/nixpkgs/nixos/tests/common/x11.nix +++ b/nixpkgs/nixos/tests/common/x11.nix @@ -12,6 +12,6 @@ # Use IceWM as the window manager. # Don't use a desktop manager. - services.xserver.displayManager.defaultSession = lib.mkDefault "none+icewm"; + services.displayManager.defaultSession = lib.mkDefault "none+icewm"; services.xserver.windowManager.icewm.enable = true; } diff --git a/nixpkgs/nixos/tests/containers-require-bind-mounts.nix b/nixpkgs/nixos/tests/containers-require-bind-mounts.nix new file mode 100644 index 000000000000..5f986fd3e280 --- /dev/null +++ b/nixpkgs/nixos/tests/containers-require-bind-mounts.nix @@ -0,0 +1,35 @@ +import ./make-test-python.nix ({ lib, ... }: { + name = "containers-require-bind-mounts"; + meta.maintainers = with lib.maintainers; [ kira-bruneau ]; + + nodes.machine = { + containers.require-bind-mounts = { + bindMounts = { "/srv/data" = {}; }; + config = {}; + }; + + virtualisation.fileSystems = { + "/srv/data" = { + fsType = "tmpfs"; + options = [ "noauto" ]; + }; + }; + }; + + testScript = '' + machine.wait_for_unit("default.target") + + assert "require-bind-mounts" in machine.succeed("nixos-container list") + assert "down" in machine.succeed("nixos-container status require-bind-mounts") + assert "inactive" in machine.fail("systemctl is-active srv-data.mount") + + with subtest("bind mount host paths must be mounted to run container"): + machine.succeed("nixos-container start require-bind-mounts") + assert "up" in machine.succeed("nixos-container status require-bind-mounts") + assert "active" in machine.succeed("systemctl status srv-data.mount") + + machine.succeed("systemctl stop srv-data.mount") + assert "down" in machine.succeed("nixos-container status require-bind-mounts") + assert "inactive" in machine.fail("systemctl is-active srv-data.mount") + ''; +}) diff --git a/nixpkgs/nixos/tests/crabfit.nix b/nixpkgs/nixos/tests/crabfit.nix new file mode 100644 index 000000000000..0cd0741f6fa4 --- /dev/null +++ b/nixpkgs/nixos/tests/crabfit.nix @@ -0,0 +1,33 @@ +import ./make-test-python.nix ( + { lib, pkgs, ... }: + + { + name = "crabfit"; + + meta.maintainers = with lib.maintainers; [ thubrecht ]; + + nodes = { + machine = + { pkgs, ... }: + { + services.crabfit = { + enable = true; + + frontend.host = "http://127.0.0.1:3001"; + api.host = "127.0.0.1:3000"; + }; + }; + }; + + # TODO: Add a reverse proxy and a dns entry for testing + testScript = '' + machine.wait_for_unit("crabfit-api") + machine.wait_for_unit("crabfit-frontend") + + machine.wait_for_open_port(3000) + machine.wait_for_open_port(3001) + + machine.succeed("curl -f http://localhost:3001/") + ''; + } +) diff --git a/nixpkgs/nixos/tests/davis.nix b/nixpkgs/nixos/tests/davis.nix new file mode 100644 index 000000000000..68958cee7a43 --- /dev/null +++ b/nixpkgs/nixos/tests/davis.nix @@ -0,0 +1,59 @@ +import ./make-test-python.nix ( + { lib, pkgs, ... }: + + { + name = "davis"; + + meta.maintainers = pkgs.davis.meta.maintainers; + + nodes.machine = + { config, ... }: + { + virtualisation = { + memorySize = 512; + }; + + services.davis = { + enable = true; + hostname = "davis.example.com"; + database = { + driver = "postgresql"; + }; + mail = { + dsnFile = "${pkgs.writeText "davisMailDns" "smtp://username:password@example.com:25"}"; + inviteFromAddress = "dav@example.com"; + }; + adminLogin = "admin"; + appSecretFile = "${pkgs.writeText "davisAppSecret" "52882ef142066e09ab99ce816ba72522e789505caba224"}"; + adminPasswordFile = "${pkgs.writeText "davisAdminPass" "nixos"}"; + nginx = { }; + }; + }; + + testScript = '' + start_all() + machine.wait_for_unit("postgresql.service") + machine.wait_for_unit("davis-env-setup.service") + machine.wait_for_unit("davis-db-migrate.service") + machine.wait_for_unit("nginx.service") + machine.wait_for_unit("phpfpm-davis.service") + + with subtest("welcome screen loads"): + machine.succeed( + "curl -sSfL --resolve davis.example.com:80:127.0.0.1 http://davis.example.com/ | grep '<title>Davis</title>'" + ) + + with subtest("login works"): + csrf_token = machine.succeed( + "curl -c /tmp/cookies -sSfL --resolve davis.example.com:80:127.0.0.1 http://davis.example.com/login | grep '_csrf_token' | sed -E 's,.*value=\"(.*)\".*,\\1,g'" + ) + r = machine.succeed( + f"curl -b /tmp/cookies --resolve davis.example.com:80:127.0.0.1 http://davis.example.com/login -X POST -F username=admin -F password=nixos -F _csrf_token={csrf_token.strip()} -D headers" + ) + print(r) + machine.succeed( + "[[ $(grep -i 'location: ' headers | cut -d: -f2- | xargs echo) == /dashboard* ]]" + ) + ''; + } +) diff --git a/nixpkgs/nixos/tests/db-rest.nix b/nixpkgs/nixos/tests/db-rest.nix new file mode 100644 index 000000000000..9249da904acb --- /dev/null +++ b/nixpkgs/nixos/tests/db-rest.nix @@ -0,0 +1,107 @@ +import ./make-test-python.nix ({ pkgs, ... }: +{ + name = "db-rest"; + meta.maintainers = with pkgs.lib.maintainers; [ marie ]; + + nodes = { + database = { + networking = { + interfaces.eth1 = { + ipv4.addresses = [ + { address = "192.168.2.10"; prefixLength = 24; } + ]; + }; + firewall.allowedTCPPorts = [ 31638 ]; + }; + + services.redis.servers.db-rest = { + enable = true; + bind = "0.0.0.0"; + requirePass = "choochoo"; + port = 31638; + }; + }; + + serverWithTcp = { pkgs, ... }: { + environment = { + etc = { + "db-rest/password-redis-db".text = '' + choochoo + ''; + }; + }; + + networking = { + interfaces.eth1 = { + ipv4.addresses = [ + { address = "192.168.2.11"; prefixLength = 24; } + ]; + }; + firewall.allowedTCPPorts = [ 3000 ]; + }; + + services.db-rest = { + enable = true; + host = "0.0.0.0"; + redis = { + enable = true; + createLocally = false; + host = "192.168.2.10"; + port = 31638; + passwordFile = "/etc/db-rest/password-redis-db"; + useSSL = false; + }; + }; + }; + + serverWithUnixSocket = { pkgs, ... }: { + networking = { + interfaces.eth1 = { + ipv4.addresses = [ + { address = "192.168.2.12"; prefixLength = 24; } + ]; + }; + firewall.allowedTCPPorts = [ 3000 ]; + }; + + services.db-rest = { + enable = true; + host = "0.0.0.0"; + redis = { + enable = true; + createLocally = true; + }; + }; + }; + + client = { + environment.systemPackages = [ pkgs.jq ]; + networking = { + interfaces.eth1 = { + ipv4.addresses = [ + { address = "192.168.2.13"; prefixLength = 24; } + ]; + }; + }; + }; + }; + + testScript = '' + start_all() + + with subtest("db-rest redis with TCP socket"): + database.wait_for_unit("redis-db-rest.service") + database.wait_for_open_port(31638) + + serverWithTcp.wait_for_unit("db-rest.service") + serverWithTcp.wait_for_open_port(3000) + + client.succeed("curl --fail --get http://192.168.2.11:3000/stations --data-urlencode 'query=Köln Hbf' | jq -r '.\"8000207\".name' | grep 'Köln Hbf'") + + with subtest("db-rest redis with Unix socket"): + serverWithUnixSocket.wait_for_unit("db-rest.service") + serverWithUnixSocket.wait_for_open_port(3000) + + client.succeed("curl --fail --get http://192.168.2.12:3000/stations --data-urlencode 'query=Köln Hbf' | jq -r '.\"8000207\".name' | grep 'Köln Hbf'") + ''; +}) diff --git a/nixpkgs/nixos/tests/docker-registry.nix b/nixpkgs/nixos/tests/docker-registry.nix index 3969ef3f0226..4f033fc30b19 100644 --- a/nixpkgs/nixos/tests/docker-registry.nix +++ b/nixpkgs/nixos/tests/docker-registry.nix @@ -3,7 +3,7 @@ import ./make-test-python.nix ({ pkgs, ...} : { name = "docker-registry"; meta = with pkgs.lib.maintainers; { - maintainers = [ globin ironpinguin ]; + maintainers = [ globin ironpinguin cafkafk ]; }; nodes = { diff --git a/nixpkgs/nixos/tests/docker-tools.nix b/nixpkgs/nixos/tests/docker-tools.nix index 7d91076600f9..c8a227eb2cf7 100644 --- a/nixpkgs/nixos/tests/docker-tools.nix +++ b/nixpkgs/nixos/tests/docker-tools.nix @@ -178,6 +178,14 @@ in { "docker load --input='${examples.bashUncompressed}'", "docker rmi ${examples.bashUncompressed.imageName}", ) + docker.succeed( + "docker load --input='${examples.bashLayeredUncompressed}'", + "docker rmi ${examples.bashLayeredUncompressed.imageName}", + ) + docker.succeed( + "docker load --input='${examples.bashLayeredZstdCompressed}'", + "docker rmi ${examples.bashLayeredZstdCompressed.imageName}", + ) with subtest( "Check if the nix store is correctly initialized by listing " diff --git a/nixpkgs/nixos/tests/drbd.nix b/nixpkgs/nixos/tests/drbd.nix index bede7206d706..defbad693393 100644 --- a/nixpkgs/nixos/tests/drbd.nix +++ b/nixpkgs/nixos/tests/drbd.nix @@ -31,11 +31,11 @@ import ./make-test-python.nix ( } on drbd1 { - address ${nodes.drbd1.config.networking.primaryIPAddress}:${toString drbdPort}; + address ${nodes.drbd1.networking.primaryIPAddress}:${toString drbdPort}; } on drbd2 { - address ${nodes.drbd2.config.networking.primaryIPAddress}:${toString drbdPort}; + address ${nodes.drbd2.networking.primaryIPAddress}:${toString drbdPort}; } } ''; @@ -45,7 +45,7 @@ import ./make-test-python.nix ( { name = "drbd"; meta = with pkgs.lib.maintainers; { - maintainers = [ ryantm astro ]; + maintainers = [ ryantm astro birkb ]; }; nodes.drbd1 = drbdConfig; diff --git a/nixpkgs/nixos/tests/earlyoom.nix b/nixpkgs/nixos/tests/earlyoom.nix index 75bdf56899b3..b7850ddeaaab 100644 --- a/nixpkgs/nixos/tests/earlyoom.nix +++ b/nixpkgs/nixos/tests/earlyoom.nix @@ -1,7 +1,7 @@ import ./make-test-python.nix ({ lib, ... }: { name = "earlyoom"; meta = { - maintainers = with lib.maintainers; [ ncfavier ]; + maintainers = with lib.maintainers; [ ncfavier AndersonTorres ]; }; machine = { diff --git a/nixpkgs/nixos/tests/firefly-iii.nix b/nixpkgs/nixos/tests/firefly-iii.nix new file mode 100644 index 000000000000..c93d799320a4 --- /dev/null +++ b/nixpkgs/nixos/tests/firefly-iii.nix @@ -0,0 +1,26 @@ +import ./make-test-python.nix ({ lib, pkgs, ... }: { + name = "firefly-iii"; + meta.maintainers = [ lib.maintainers.savyajha ]; + + nodes.machine = { config, ... }: { + environment.etc = { + "firefly-iii-appkey".text = "TestTestTestTestTestTestTestTest"; + }; + services.firefly-iii = { + enable = true; + virtualHost = "http://localhost"; + enableNginx = true; + settings = { + APP_KEY_FILE = "/etc/firefly-iii-appkey"; + LOG_CHANNEL = "stdout"; + SITE_OWNER = "mail@example.com"; + }; + }; + }; + + testScript = '' + machine.wait_for_unit("phpfpm-firefly-iii.service") + machine.wait_for_unit("nginx.service") + machine.succeed("curl -fvvv -Ls http://localhost/ | grep 'Firefly III'") + ''; +}) diff --git a/nixpkgs/nixos/tests/forgejo.nix b/nixpkgs/nixos/tests/forgejo.nix index 6acd6acb50fa..827fae2790c6 100644 --- a/nixpkgs/nixos/tests/forgejo.nix +++ b/nixpkgs/nixos/tests/forgejo.nix @@ -22,8 +22,27 @@ let ''; signingPrivateKeyId = "4D642DE8B678C79D"; + actionsWorkflowYaml = '' + run-name: dummy workflow + on: + push: + jobs: + cat: + runs-on: native + steps: + - uses: http://localhost:3000/test/checkout@main + - run: cat testfile + ''; + # https://github.com/actions/checkout/releases + checkoutActionSource = pkgs.fetchFromGitHub { + owner = "actions"; + repo = "checkout"; + rev = "v4.1.1"; + hash = "sha256-h2/UIp8IjPo3eE4Gzx52Fb7pcgG/Ww7u31w5fdKVMos="; + }; + supportedDbTypes = [ "mysql" "postgres" "sqlite3" ]; - makeGForgejoTest = type: nameValuePair type (makeTest { + makeForgejoTest = type: nameValuePair type (makeTest { name = "forgejo-${type}"; meta.maintainers = with maintainers; [ bendlas emilylange ]; @@ -36,21 +55,28 @@ let settings.service.DISABLE_REGISTRATION = true; settings."repository.signing".SIGNING_KEY = signingPrivateKeyId; settings.actions.ENABLED = true; + settings.repository = { + ENABLE_PUSH_CREATE_USER = true; + DEFAULT_PUSH_CREATE_PRIVATE = false; + }; }; - environment.systemPackages = [ config.services.forgejo.package pkgs.gnupg pkgs.jq pkgs.file ]; + environment.systemPackages = [ config.services.forgejo.package pkgs.gnupg pkgs.jq pkgs.file pkgs.htmlq ]; services.openssh.enable = true; specialisation.runner = { inheritParentConfig = true; - configuration.services.gitea-actions-runner.instances."test" = { - enable = true; - name = "ci"; - url = "http://localhost:3000"; - labels = [ - # don't require docker/podman - "native:host" - ]; - tokenFile = "/var/lib/forgejo/runner_token"; + configuration.services.gitea-actions-runner = { + package = pkgs.forgejo-runner; + instances."test" = { + enable = true; + name = "ci"; + url = "http://localhost:3000"; + labels = [ + # type ":host" does not depend on docker/podman/lxc + "native:host" + ]; + tokenFile = "/var/lib/forgejo/runner_token"; + }; }; }; specialisation.dump = { @@ -62,11 +88,20 @@ let }; }; }; - client1 = { config, pkgs, ... }: { - environment.systemPackages = [ pkgs.git ]; - }; - client2 = { config, pkgs, ... }: { - environment.systemPackages = [ pkgs.git ]; + client = { ... }: { + programs.git = { + enable = true; + config = { + user.email = "test@localhost"; + user.name = "test"; + init.defaultBranch = "main"; + }; + }; + programs.ssh.extraConfig = '' + Host * + StrictHostKeyChecking no + IdentityFile ~/.ssh/privk + ''; }; }; @@ -75,26 +110,23 @@ let inherit (import ./ssh-keys.nix pkgs) snakeOilPrivateKey snakeOilPublicKey; serverSystem = nodes.server.system.build.toplevel; dumpFile = with nodes.server.specialisation.dump.configuration.services.forgejo.dump; "${backupDir}/${file}"; + remoteUri = "forgejo@server:test/repo"; + remoteUriCheckoutAction = "forgejo@server:test/checkout"; in '' import json - GIT_SSH_COMMAND = "ssh -i $HOME/.ssh/privk -o StrictHostKeyChecking=no" - REPO = "forgejo@server:test/repo" - PRIVK = "${snakeOilPrivateKey}" start_all() - client1.succeed("mkdir /tmp/repo") - client1.succeed("mkdir -p $HOME/.ssh") - client1.succeed(f"cat {PRIVK} > $HOME/.ssh/privk") - client1.succeed("chmod 0400 $HOME/.ssh/privk") - client1.succeed("git -C /tmp/repo init") - client1.succeed("echo hello world > /tmp/repo/testfile") - client1.succeed("git -C /tmp/repo add .") - client1.succeed("git config --global user.email test@localhost") - client1.succeed("git config --global user.name test") - client1.succeed("git -C /tmp/repo commit -m 'Initial import'") - client1.succeed(f"git -C /tmp/repo remote add origin {REPO}") + client.succeed("mkdir -p ~/.ssh") + client.succeed("(umask 0077; cat ${snakeOilPrivateKey} > ~/.ssh/privk)") + + client.succeed("mkdir /tmp/repo") + client.succeed("git -C /tmp/repo init") + client.succeed("echo 'hello world' > /tmp/repo/testfile") + client.succeed("git -C /tmp/repo add .") + client.succeed("git -C /tmp/repo commit -m 'Initial import'") + client.succeed("git -C /tmp/repo remote add origin ${remoteUri}") server.wait_for_unit("forgejo.service") server.wait_for_open_port(3000) @@ -108,13 +140,19 @@ let assert "BEGIN PGP PUBLIC KEY BLOCK" in server.succeed("curl http://localhost:3000/api/v1/signing-key.gpg") + api_version = json.loads(server.succeed("curl http://localhost:3000/api/forgejo/v1/version")).get("version") + assert "development" != api_version and "${pkgs.forgejo.version}+gitea-" in api_version, ( + "/api/forgejo/v1/version should not return 'development' " + + f"but should contain a forgejo+gitea compatibility version string. Got '{api_version}' instead." + ) + server.succeed( "curl --fail http://localhost:3000/user/sign_up | grep 'Registration is disabled. " + "Please contact your site administrator.'" ) server.succeed( "su -l forgejo -c 'GITEA_WORK_DIR=/var/lib/forgejo gitea admin user create " - + "--username test --password totallysafe --email test@localhost'" + + "--username test --password totallysafe --email test@localhost --must-change-password=false'" ) api_token = server.succeed( @@ -137,18 +175,14 @@ let + ' -d \'{"key":"${snakeOilPublicKey}","read_only":true,"title":"SSH"}\''' ) - client1.succeed( - f"GIT_SSH_COMMAND='{GIT_SSH_COMMAND}' git -C /tmp/repo push origin master" - ) + client.succeed("git -C /tmp/repo push origin main") - client2.succeed("mkdir -p $HOME/.ssh") - client2.succeed(f"cat {PRIVK} > $HOME/.ssh/privk") - client2.succeed("chmod 0400 $HOME/.ssh/privk") - client2.succeed(f"GIT_SSH_COMMAND='{GIT_SSH_COMMAND}' git clone {REPO}") - client2.succeed('test "$(cat repo/testfile | xargs echo -n)" = "hello world"') + client.succeed("git clone ${remoteUri} /tmp/repo-clone") + print(client.succeed("ls -lash /tmp/repo-clone")) + assert "hello world" == client.succeed("cat /tmp/repo-clone/testfile").strip() with subtest("Testing git protocol version=2 over ssh"): - git_protocol = client2.succeed(f"GIT_SSH_COMMAND='{GIT_SSH_COMMAND}' GIT_TRACE2_EVENT=true git -C repo fetch |& grep negotiated-version") + git_protocol = client.succeed("GIT_TRACE2_EVENT=true git -C /tmp/repo-clone fetch |& grep negotiated-version") version = json.loads(git_protocol).get("value") assert version == "2", f"git did not negotiate protocol version 2, but version {version} instead." @@ -158,7 +192,7 @@ let timeout=10 ) - with subtest("Testing runner registration"): + with subtest("Testing runner registration and action workflow"): server.succeed( "su -l forgejo -c 'GITEA_WORK_DIR=/var/lib/forgejo gitea actions generate-runner-token' | sed 's/^/TOKEN=/' | tee /var/lib/forgejo/runner_token" ) @@ -166,6 +200,52 @@ let server.wait_for_unit("gitea-runner-test.service") server.succeed("journalctl -o cat -u gitea-runner-test.service | grep -q 'Runner registered successfully'") + # enable actions feature for this repository, defaults to disabled + server.succeed( + "curl --fail -X PATCH http://localhost:3000/api/v1/repos/test/repo " + + "-H 'Accept: application/json' -H 'Content-Type: application/json' " + + f"-H 'Authorization: token {api_token}'" + + ' -d \'{"has_actions":true}\''' + ) + + # mirror "actions/checkout" action + client.succeed("cp -R ${checkoutActionSource}/ /tmp/checkout") + client.succeed("git -C /tmp/checkout init") + client.succeed("git -C /tmp/checkout add .") + client.succeed("git -C /tmp/checkout commit -m 'Initial import'") + client.succeed("git -C /tmp/checkout remote add origin ${remoteUriCheckoutAction}") + client.succeed("git -C /tmp/checkout push origin main") + + # push workflow to initial repo + client.succeed("mkdir -p /tmp/repo/.forgejo/workflows") + client.succeed("cp ${pkgs.writeText "dummy-workflow.yml" actionsWorkflowYaml} /tmp/repo/.forgejo/workflows/") + client.succeed("git -C /tmp/repo add .") + client.succeed("git -C /tmp/repo commit -m 'Add dummy workflow'") + client.succeed("git -C /tmp/repo push origin main") + + def poll_workflow_action_status(_) -> bool: + output = server.succeed( + "curl --fail http://localhost:3000/test/repo/actions | " + + 'htmlq ".flex-item-leading span" --attribute "data-tooltip-content"' + ).strip() + + # values taken from https://codeberg.org/forgejo/forgejo/src/commit/af47c583b4fb3190fa4c4c414500f9941cc02389/options/locale/locale_en-US.ini#L3649-L3661 + if output in [ "Failure", "Canceled", "Skipped", "Blocked" ]: + raise Exception(f"Workflow status is '{output}', which we consider failed.") + server.log(f"Command returned '{output}', which we consider failed.") + + elif output in [ "Unknown", "Waiting", "Running", "" ]: + server.log(f"Workflow status is '{output}'. Waiting some more...") + return False + + elif output in [ "Success" ]: + return True + + raise Exception(f"Workflow status is '{output}', which we don't know. Value mappings likely need updating.") + + with server.nested("Waiting for the workflow run to be successful"): + retry(poll_workflow_action_status) + with subtest("Testing backup service"): server.succeed("${serverSystem}/specialisation/dump/bin/switch-to-configuration test") server.systemctl("start forgejo-dump") @@ -175,4 +255,4 @@ let }); in -listToAttrs (map makeGForgejoTest supportedDbTypes) +listToAttrs (map makeForgejoTest supportedDbTypes) diff --git a/nixpkgs/nixos/tests/freshrss-none-auth.nix b/nixpkgs/nixos/tests/freshrss-none-auth.nix new file mode 100644 index 000000000000..fd63470386a0 --- /dev/null +++ b/nixpkgs/nixos/tests/freshrss-none-auth.nix @@ -0,0 +1,19 @@ +import ./make-test-python.nix ({ lib, pkgs, ... }: { + name = "freshrss"; + meta.maintainers = with lib.maintainers; [ mattchrist ]; + + nodes.machine = { pkgs, ... }: { + services.freshrss = { + enable = true; + baseUrl = "http://localhost"; + authType = "none"; + }; + }; + + testScript = '' + machine.wait_for_unit("multi-user.target") + machine.wait_for_open_port(80) + response = machine.succeed("curl -vvv -s http://127.0.0.1:80/i/") + assert '<title>Main stream · FreshRSS</title>' in response, "FreshRSS stream page didn't load successfully" + ''; +}) diff --git a/nixpkgs/nixos/tests/gitlab.nix b/nixpkgs/nixos/tests/gitlab.nix index c4d69a56c93a..52fe588930df 100644 --- a/nixpkgs/nixos/tests/gitlab.nix +++ b/nixpkgs/nixos/tests/gitlab.nix @@ -89,6 +89,10 @@ in { dbFile = pkgs.writeText "dbsecret" "we2quaeZ"; jwsFile = pkgs.runCommand "oidcKeyBase" {} "${pkgs.openssl}/bin/openssl genrsa 2048 > $out"; }; + + # reduce memory usage + sidekiq.concurrency = 1; + puma.workers = 2; }; }; }; diff --git a/nixpkgs/nixos/tests/gnome-extensions.nix b/nixpkgs/nixos/tests/gnome-extensions.nix index a9bb5e3766b7..51ccabd7e6a6 100644 --- a/nixpkgs/nixos/tests/gnome-extensions.nix +++ b/nixpkgs/nixos/tests/gnome-extensions.nix @@ -2,7 +2,7 @@ import ./make-test-python.nix ( { pkgs, lib, ...}: { name = "gnome-extensions"; - meta.maintainers = [ lib.maintainers.piegames ]; + meta.maintainers = [ ]; nodes.machine = { pkgs, ... }: diff --git a/nixpkgs/nixos/tests/gnome-flashback.nix b/nixpkgs/nixos/tests/gnome-flashback.nix index f486dabc5c40..e0a1d256c8c2 100644 --- a/nixpkgs/nixos/tests/gnome-flashback.nix +++ b/nixpkgs/nixos/tests/gnome-flashback.nix @@ -14,16 +14,17 @@ import ./make-test-python.nix ({ pkgs, lib, ...} : { services.xserver.displayManager = { gdm.enable = true; gdm.debug = true; - autoLogin = { - enable = true; - user = user.name; - }; + }; + + services.displayManager.autoLogin = { + enable = true; + user = user.name; }; services.xserver.desktopManager.gnome.enable = true; services.xserver.desktopManager.gnome.debug = true; services.xserver.desktopManager.gnome.flashback.enableMetacity = true; - services.xserver.displayManager.defaultSession = "gnome-flashback-metacity"; + services.displayManager.defaultSession = "gnome-flashback-metacity"; }; testScript = { nodes, ... }: let diff --git a/nixpkgs/nixos/tests/gnome-xorg.nix b/nixpkgs/nixos/tests/gnome-xorg.nix index 6ca700edcac3..c8ffb459edec 100644 --- a/nixpkgs/nixos/tests/gnome-xorg.nix +++ b/nixpkgs/nixos/tests/gnome-xorg.nix @@ -15,15 +15,16 @@ import ./make-test-python.nix ({ pkgs, lib, ...} : { services.xserver.displayManager = { gdm.enable = true; gdm.debug = true; - autoLogin = { - enable = true; - user = user.name; - }; + }; + + services.displayManager.autoLogin = { + enable = true; + user = user.name; }; services.xserver.desktopManager.gnome.enable = true; services.xserver.desktopManager.gnome.debug = true; - services.xserver.displayManager.defaultSession = "gnome-xorg"; + services.displayManager.defaultSession = "gnome-xorg"; systemd.user.services = { "org.gnome.Shell@x11" = { diff --git a/nixpkgs/nixos/tests/gnome.nix b/nixpkgs/nixos/tests/gnome.nix index 91182790cb24..98d61c7ea172 100644 --- a/nixpkgs/nixos/tests/gnome.nix +++ b/nixpkgs/nixos/tests/gnome.nix @@ -12,10 +12,11 @@ import ./make-test-python.nix ({ pkgs, lib, ...} : { services.xserver.displayManager = { gdm.enable = true; gdm.debug = true; - autoLogin = { - enable = true; - user = "alice"; - }; + }; + + services.displayManager.autoLogin = { + enable = true; + user = "alice"; }; services.xserver.desktopManager.gnome.enable = true; diff --git a/nixpkgs/nixos/tests/gonic.nix b/nixpkgs/nixos/tests/gonic.nix index 726d7da0970f..adf0f511a9cf 100644 --- a/nixpkgs/nixos/tests/gonic.nix +++ b/nixpkgs/nixos/tests/gonic.nix @@ -2,11 +2,19 @@ import ./make-test-python.nix ({ pkgs, ... }: { name = "gonic"; nodes.machine = { ... }: { + systemd.tmpfiles.settings = { + "10-gonic" = { + "/tmp/music"."d" = {}; + "/tmp/podcast"."d" = {}; + "/tmp/playlists"."d" = {}; + }; + }; services.gonic = { enable = true; settings = { - music-path = [ "/tmp" ]; - podcast-path = "/tmp"; + music-path = [ "/tmp/music" ]; + podcast-path = "/tmp/podcast"; + playlists-path = "/tmp/playlists"; }; }; }; diff --git a/nixpkgs/nixos/tests/gvisor.nix b/nixpkgs/nixos/tests/gvisor.nix index 7f130b709fc9..5c9447b07118 100644 --- a/nixpkgs/nixos/tests/gvisor.nix +++ b/nixpkgs/nixos/tests/gvisor.nix @@ -3,7 +3,7 @@ import ./make-test-python.nix ({ pkgs, ... }: { name = "gvisor"; meta = with pkgs.lib.maintainers; { - maintainers = [ andrew-d ]; + maintainers = [ ]; }; nodes = { diff --git a/nixpkgs/nixos/tests/herbstluftwm.nix b/nixpkgs/nixos/tests/herbstluftwm.nix index b6965914360e..2a8b391947e7 100644 --- a/nixpkgs/nixos/tests/herbstluftwm.nix +++ b/nixpkgs/nixos/tests/herbstluftwm.nix @@ -8,7 +8,7 @@ import ./make-test-python.nix ({ lib, ...} : { nodes.machine = { pkgs, lib, ... }: { imports = [ ./common/x11.nix ./common/user-account.nix ]; test-support.displayManager.auto.user = "alice"; - services.xserver.displayManager.defaultSession = lib.mkForce "none+herbstluftwm"; + services.displayManager.defaultSession = lib.mkForce "none+herbstluftwm"; services.xserver.windowManager.herbstluftwm.enable = true; environment.systemPackages = [ pkgs.dzen2 ]; # needed for upstream provided panel }; diff --git a/nixpkgs/nixos/tests/hledger-web.nix b/nixpkgs/nixos/tests/hledger-web.nix index f8919f7d4bd0..09941ca5c517 100644 --- a/nixpkgs/nixos/tests/hledger-web.nix +++ b/nixpkgs/nixos/tests/hledger-web.nix @@ -19,7 +19,7 @@ rec { host = "127.0.0.1"; port = 5000; enable = true; - capabilities.manage = true; + allow = "edit"; }; networking.firewall.allowedTCPPorts = [ config.services.hledger-web.port ]; systemd.services.hledger-web.preStart = '' diff --git a/nixpkgs/nixos/tests/hydra/common.nix b/nixpkgs/nixos/tests/hydra/common.nix index 2bce03418e1f..f31518b1e2a2 100644 --- a/nixpkgs/nixos/tests/hydra/common.nix +++ b/nixpkgs/nixos/tests/hydra/common.nix @@ -36,13 +36,6 @@ ''; }; services.postfix.enable = true; - nix = { - distributedBuilds = true; - buildMachines = [{ - hostName = "localhost"; - systems = [ system ]; - }]; - settings.substituters = []; - }; + nix.settings.substituters = []; }; } diff --git a/nixpkgs/nixos/tests/i3wm.nix b/nixpkgs/nixos/tests/i3wm.nix index b216650d8192..c02ce86db8b2 100644 --- a/nixpkgs/nixos/tests/i3wm.nix +++ b/nixpkgs/nixos/tests/i3wm.nix @@ -7,7 +7,7 @@ import ./make-test-python.nix ({ pkgs, ...} : { nodes.machine = { lib, ... }: { imports = [ ./common/x11.nix ./common/user-account.nix ]; test-support.displayManager.auto.user = "alice"; - services.xserver.displayManager.defaultSession = lib.mkForce "none+i3"; + services.displayManager.defaultSession = lib.mkForce "none+i3"; services.xserver.windowManager.i3.enable = true; }; diff --git a/nixpkgs/nixos/tests/incus/virtual-machine.nix b/nixpkgs/nixos/tests/incus/virtual-machine.nix index ab378c7b9490..eebbbd113ed1 100644 --- a/nixpkgs/nixos/tests/incus/virtual-machine.nix +++ b/nixpkgs/nixos/tests/incus/virtual-machine.nix @@ -30,6 +30,9 @@ in memorySize = 1024; diskSize = 4096; + # Provide a TPM to test vTPM support for guests + tpm.enable = true; + incus.enable = true; }; networking.nftables.enable = true; @@ -47,8 +50,14 @@ in with subtest("virtual-machine image can be imported"): machine.succeed("incus image import ${vm-image-metadata}/*/*.tar.xz ${vm-image-disk}/nixos.qcow2 --alias nixos") + with subtest("virtual-machine can be created"): + machine.succeed("incus create nixos ${instance-name} --vm --config limits.memory=512MB --config security.secureboot=false") + + with subtest("virtual tpm can be configured"): + machine.succeed("incus config device add ${instance-name} vtpm tpm path=/dev/tpm0") + with subtest("virtual-machine can be launched and become available"): - machine.succeed("incus launch nixos ${instance-name} --vm --config limits.memory=512MB --config security.secureboot=false") + machine.succeed("incus start ${instance-name}") with machine.nested("Waiting for instance to start and be usable"): retry(instance_is_up) @@ -57,5 +66,14 @@ in with subtest("lxd-agent has a valid path"): machine.succeed("incus exec ${instance-name} -- bash -c 'true'") + + with subtest("guest supports cpu hotplug"): + machine.succeed("incus config set ${instance-name} limits.cpu=1") + count = int(machine.succeed("incus exec ${instance-name} -- nproc").strip()) + assert count == 1, f"Wrong number of CPUs reported, want: 1, got: {count}" + + machine.succeed("incus config set ${instance-name} limits.cpu=2") + count = int(machine.succeed("incus exec ${instance-name} -- nproc").strip()) + assert count == 2, f"Wrong number of CPUs reported, want: 2, got: {count}" ''; }) diff --git a/nixpkgs/nixos/tests/installed-tests/default.nix b/nixpkgs/nixos/tests/installed-tests/default.nix index e87edb2007e9..b1ddfe3dcbd8 100644 --- a/nixpkgs/nixos/tests/installed-tests/default.nix +++ b/nixpkgs/nixos/tests/installed-tests/default.nix @@ -1,5 +1,5 @@ # NixOS tests for gnome-desktop-testing-runner using software -# See https://wiki.gnome.org/Initiatives/GnomeGoals/InstalledTests +# See https://github.com/NixOS/nixpkgs/issues/34987 { system ? builtins.currentSystem, config ? {}, diff --git a/nixpkgs/nixos/tests/installer-systemd-stage-1.nix b/nixpkgs/nixos/tests/installer-systemd-stage-1.nix index d10256d91d7f..1dd55dada042 100644 --- a/nixpkgs/nixos/tests/installer-systemd-stage-1.nix +++ b/nixpkgs/nixos/tests/installer-systemd-stage-1.nix @@ -38,6 +38,8 @@ clevisZfs clevisZfsFallback gptAutoRoot + clevisBcachefs + clevisBcachefsFallback ; } diff --git a/nixpkgs/nixos/tests/installer.nix b/nixpkgs/nixos/tests/installer.nix index 1de886d6a0d1..7e835041eb39 100644 --- a/nixpkgs/nixos/tests/installer.nix +++ b/nixpkgs/nixos/tests/installer.nix @@ -51,7 +51,7 @@ let boot.loader.systemd-boot.enable = true; ''} - boot.initrd.secrets."/etc/secret" = ./secret; + boot.initrd.secrets."/etc/secret" = "/etc/nixos/secret"; ${optionalString clevisTest '' boot.kernelParams = [ "console=tty0" "ip=192.168.1.1:::255.255.255.0::eth1:none" ]; @@ -80,39 +80,24 @@ let # a test script fragment `createPartitions', which must create # partitions and filesystems. testScriptFun = { bootLoader, createPartitions, grubDevice, grubUseEfi, grubIdentifier - , postInstallCommands, preBootCommands, postBootCommands, extraConfig + , postInstallCommands, postBootCommands, extraConfig , testSpecialisationConfig, testFlakeSwitch, clevisTest, clevisFallbackTest , disableFileSystems }: let - qemu-common = import ../lib/qemu-common.nix { inherit (pkgs) lib pkgs; }; - isEfi = bootLoader == "systemd-boot" || (bootLoader == "grub" && grubUseEfi); - qemu = qemu-common.qemuBinary pkgs.qemu_test; - in if !isEfi && !pkgs.stdenv.hostPlatform.isx86 then '' - machine.succeed("true") - '' else '' + startTarget = '' + ${optionalString clevisTest "tpm.start()"} + target.start() + ${postBootCommands} + target.wait_for_unit("multi-user.target") + ''; + in '' + ${optionalString clevisTest '' import os import subprocess tpm_folder = os.environ['NIX_BUILD_TOP'] - startcommand = "${qemu} -m 2048" - - ${optionalString clevisTest '' - startcommand += f" -chardev socket,id=chrtpm,path={tpm_folder}/swtpm-sock -tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm-tis,tpmdev=tpm0" - startcommand += " -device virtio-net-pci,netdev=vlan1,mac=52:54:00:12:11:02 -netdev vde,id=vlan1,sock=\"$QEMU_VDE_SOCKET_1\"" - ''} - ${optionalString isEfi '' - startcommand +=" -drive if=pflash,format=raw,unit=0,readonly=on,file=${pkgs.OVMF.firmware} -drive if=pflash,format=raw,unit=1,readonly=on,file=${pkgs.OVMF.variables}" - ''} - - image_dir = machine.state_dir - disk_image = os.path.join(image_dir, "machine.qcow2") - startcommand += f" -drive file={disk_image},if=virtio,werror=report" - - def create_machine_named(name): - return create_machine(startcommand, name=name) - class Tpm: def __init__(self): self.start() @@ -143,30 +128,31 @@ let os.mkdir(f"{tpm_folder}/swtpm") tpm = Tpm() tpm.check() + ''} - start_all() + installer.start() ${optionalString clevisTest '' + tang.start() tang.wait_for_unit("sockets.target") tang.systemctl("start network-online.target") tang.wait_for_unit("network-online.target") - machine.systemctl("start network-online.target") - machine.wait_for_unit("network-online.target") + installer.systemctl("start network-online.target") + installer.wait_for_unit("network-online.target") ''} - machine.wait_for_unit("multi-user.target") - + installer.wait_for_unit("multi-user.target") with subtest("Assert readiness of login prompt"): - machine.succeed("echo hello") + installer.succeed("echo hello") with subtest("Wait for hard disks to appear in /dev"): - machine.succeed("udevadm settle") + installer.succeed("udevadm settle") ${createPartitions} with subtest("Create the NixOS configuration"): - machine.succeed("nixos-generate-config ${optionalString disableFileSystems "--no-filesystems"} --root /mnt") - machine.succeed("cat /mnt/etc/nixos/hardware-configuration.nix >&2") - machine.copy_from_host( + installer.succeed("nixos-generate-config ${optionalString disableFileSystems "--no-filesystems"} --root /mnt") + installer.succeed("cat /mnt/etc/nixos/hardware-configuration.nix >&2") + installer.copy_from_host( "${ makeConfig { inherit bootLoader grubDevice grubIdentifier grubUseEfi extraConfig clevisTest; @@ -174,13 +160,13 @@ let }", "/mnt/etc/nixos/configuration.nix", ) - machine.copy_from_host("${pkgs.writeText "secret" "secret"}", "/mnt/etc/nixos/secret") + installer.copy_from_host("${pkgs.writeText "secret" "secret"}", "/mnt/etc/nixos/secret") ${optionalString clevisTest '' with subtest("Create the Clevis secret with Tang"): - machine.systemctl("start network-online.target") - machine.wait_for_unit("network-online.target") - machine.succeed('echo -n password | clevis encrypt sss \'{"t": 2, "pins": {"tpm2": {}, "tang": {"url": "http://192.168.1.2"}}}\' -y > /mnt/etc/nixos/clevis-secret.jwe')''} + installer.systemctl("start network-online.target") + installer.wait_for_unit("network-online.target") + installer.succeed('echo -n password | clevis encrypt sss \'{"t": 2, "pins": {"tpm2": {}, "tang": {"url": "http://192.168.1.2"}}}\' -y > /mnt/etc/nixos/clevis-secret.jwe')''} ${optionalString clevisFallbackTest '' with subtest("Shutdown Tang to check fallback to interactive prompt"): @@ -188,13 +174,13 @@ let ''} with subtest("Perform the installation"): - machine.succeed("nixos-install < /dev/null >&2") + installer.succeed("nixos-install < /dev/null >&2") with subtest("Do it again to make sure it's idempotent"): - machine.succeed("nixos-install < /dev/null >&2") + installer.succeed("nixos-install < /dev/null >&2") with subtest("Check that we can build things in nixos-enter"): - machine.succeed( + installer.succeed( """ nixos-enter -- nix-build --option substitute false -E 'derivation { name = "t"; @@ -209,48 +195,48 @@ let ${postInstallCommands} with subtest("Shutdown system after installation"): - machine.succeed("umount -R /mnt") - machine.succeed("sync") - machine.shutdown() + installer.succeed("umount -R /mnt") + installer.succeed("sync") + installer.shutdown() - # Now see if we can boot the installation. - machine = create_machine_named("boot-after-install") + # We're actually the same machine, just booting differently this time. + target.state_dir = installer.state_dir - # For example to enter LUKS passphrase. - ${preBootCommands} + # Now see if we can boot the installation. + ${startTarget} with subtest("Assert that /boot get mounted"): - machine.wait_for_unit("local-fs.target") + target.wait_for_unit("local-fs.target") ${if bootLoader == "grub" - then ''machine.succeed("test -e /boot/grub")'' - else ''machine.succeed("test -e /boot/loader/loader.conf")'' + then ''target.succeed("test -e /boot/grub")'' + else ''target.succeed("test -e /boot/loader/loader.conf")'' } with subtest("Check whether /root has correct permissions"): - assert "700" in machine.succeed("stat -c '%a' /root") + assert "700" in target.succeed("stat -c '%a' /root") with subtest("Assert swap device got activated"): # uncomment once https://bugs.freedesktop.org/show_bug.cgi?id=86930 is resolved - machine.wait_for_unit("swap.target") - machine.succeed("cat /proc/swaps | grep -q /dev") + target.wait_for_unit("swap.target") + target.succeed("cat /proc/swaps | grep -q /dev") with subtest("Check that the store is in good shape"): - machine.succeed("nix-store --verify --check-contents >&2") + target.succeed("nix-store --verify --check-contents >&2") with subtest("Check whether the channel works"): - machine.succeed("nix-env -iA nixos.procps >&2") - assert ".nix-profile" in machine.succeed("type -tP ps | tee /dev/stderr") + target.succeed("nix-env -iA nixos.procps >&2") + assert ".nix-profile" in target.succeed("type -tP ps | tee /dev/stderr") with subtest( "Check that the daemon works, and that non-root users can run builds " "(this will build a new profile generation through the daemon)" ): - machine.succeed("su alice -l -c 'nix-env -iA nixos.procps' >&2") + target.succeed("su alice -l -c 'nix-env -iA nixos.procps' >&2") with subtest("Configure system with writable Nix store on next boot"): # we're not using copy_from_host here because the installer image # doesn't know about the host-guest sharing mechanism. - machine.copy_from_host_via_shell( + target.copy_from_host_via_shell( "${ makeConfig { inherit bootLoader grubDevice grubIdentifier grubUseEfi extraConfig clevisTest; @@ -261,25 +247,23 @@ let ) with subtest("Check whether nixos-rebuild works"): - machine.succeed("nixos-rebuild switch >&2") + target.succeed("nixos-rebuild switch >&2") # FIXME: Nix 2.4 broke nixos-option, someone has to fix it. # with subtest("Test nixos-option"): - # kernel_modules = machine.succeed("nixos-option boot.initrd.kernelModules") + # kernel_modules = target.succeed("nixos-option boot.initrd.kernelModules") # assert "virtio_console" in kernel_modules # assert "List of modules" in kernel_modules # assert "qemu-guest.nix" in kernel_modules - machine.shutdown() + target.shutdown() # Check whether a writable store build works - machine = create_machine_named("rebuild-switch") - ${preBootCommands} - machine.wait_for_unit("multi-user.target") + ${startTarget} # we're not using copy_from_host here because the installer image # doesn't know about the host-guest sharing mechanism. - machine.copy_from_host_via_shell( + target.copy_from_host_via_shell( "${ makeConfig { inherit bootLoader grubDevice grubIdentifier grubUseEfi extraConfig clevisTest; @@ -288,73 +272,62 @@ let }", "/etc/nixos/configuration.nix", ) - machine.succeed("nixos-rebuild boot >&2") - machine.shutdown() + target.succeed("nixos-rebuild boot >&2") + target.shutdown() - # And just to be sure, check that the machine still boots after - # "nixos-rebuild switch". - machine = create_machine_named("boot-after-rebuild-switch") - ${preBootCommands} - machine.wait_for_unit("network.target") + # And just to be sure, check that the target still boots after "nixos-rebuild switch". + ${startTarget} + target.wait_for_unit("network.target") # Sanity check, is it the configuration.nix we generated? - hostname = machine.succeed("hostname").strip() + hostname = target.succeed("hostname").strip() assert hostname == "thatworked" - ${postBootCommands} - machine.shutdown() + target.shutdown() # Tests for validating clone configuration entries in grub menu '' + optionalString testSpecialisationConfig '' - # Reboot Machine - machine = create_machine_named("clone-default-config") - ${preBootCommands} - machine.wait_for_unit("multi-user.target") + # Reboot target + ${startTarget} with subtest("Booted configuration name should be 'Home'"): # This is not the name that shows in the grub menu. # The default configuration is always shown as "Default" - machine.succeed("cat /run/booted-system/configuration-name >&2") - assert "Home" in machine.succeed("cat /run/booted-system/configuration-name") + target.succeed("cat /run/booted-system/configuration-name >&2") + assert "Home" in target.succeed("cat /run/booted-system/configuration-name") with subtest("We should **not** find a file named /etc/gitconfig"): - machine.fail("test -e /etc/gitconfig") + target.fail("test -e /etc/gitconfig") with subtest("Set grub to boot the second configuration"): - machine.succeed("grub-reboot 1") + target.succeed("grub-reboot 1") - ${postBootCommands} - machine.shutdown() + target.shutdown() - # Reboot Machine - machine = create_machine_named("clone-alternate-config") - ${preBootCommands} + # Reboot target + ${startTarget} - machine.wait_for_unit("multi-user.target") with subtest("Booted configuration name should be Work"): - machine.succeed("cat /run/booted-system/configuration-name >&2") - assert "Work" in machine.succeed("cat /run/booted-system/configuration-name") + target.succeed("cat /run/booted-system/configuration-name >&2") + assert "Work" in target.succeed("cat /run/booted-system/configuration-name") with subtest("We should find a file named /etc/gitconfig"): - machine.succeed("test -e /etc/gitconfig") + target.succeed("test -e /etc/gitconfig") - ${postBootCommands} - machine.shutdown() + target.shutdown() '' + optionalString testFlakeSwitch '' - ${preBootCommands} - machine.start() + ${startTarget} with subtest("Configure system with flake"): # TODO: evaluate as user? - machine.succeed(""" + target.succeed(""" mkdir /root/my-config mv /etc/nixos/hardware-configuration.nix /root/my-config/ - mv /etc/nixos/secret /root/my-config/ rm /etc/nixos/configuration.nix """) - machine.copy_from_host_via_shell( + target.copy_from_host_via_shell( "${makeConfig { inherit bootLoader grubDevice grubIdentifier grubUseEfi extraConfig clevisTest; forceGrubReinstallCount = 1; @@ -362,11 +335,11 @@ let }}", "/root/my-config/configuration.nix", ) - machine.copy_from_host_via_shell( + target.copy_from_host_via_shell( "${./installer/flake.nix}", "/root/my-config/flake.nix", ) - machine.succeed(""" + target.succeed(""" # for some reason the image does not have `pkgs.path`, so # we use readlink to find a Nixpkgs source. pkgs=$(readlink -f /nix/var/nix/profiles/per-user/root/channels)/nixos @@ -378,36 +351,32 @@ let """) with subtest("Switch to flake based config"): - machine.succeed("nixos-rebuild switch --flake /root/my-config#xyz") - - ${postBootCommands} - machine.shutdown() + target.succeed("nixos-rebuild switch --flake /root/my-config#xyz") - ${preBootCommands} - machine.start() + target.shutdown() - machine.wait_for_unit("multi-user.target") + ${startTarget} with subtest("nix-channel command is not available anymore"): - machine.succeed("! which nix-channel") + target.succeed("! which nix-channel") # Note that the channel profile is still present on disk, but configured # not to be used. with subtest("builtins.nixPath is now empty"): - machine.succeed(""" + target.succeed(""" [[ "[ ]" == "$(nix-instantiate builtins.nixPath --eval --expr)" ]] """) with subtest("<nixpkgs> does not resolve"): - machine.succeed(""" + target.succeed(""" ! nix-instantiate '<nixpkgs>' --eval --expr """) with subtest("Evaluate flake config in fresh env without nix-channel"): - machine.succeed("nixos-rebuild switch --flake /root/my-config#xyz") + target.succeed("nixos-rebuild switch --flake /root/my-config#xyz") with subtest("Evaluate flake config in fresh env without channel profiles"): - machine.succeed(""" + target.succeed(""" ( exec 1>&2 rm -v /root/.nix-channels @@ -415,16 +384,15 @@ let rm -vrf /nix/var/nix/profiles/per-user/root/channels* ) """) - machine.succeed("nixos-rebuild switch --flake /root/my-config#xyz") + target.succeed("nixos-rebuild switch --flake /root/my-config#xyz") - ${postBootCommands} - machine.shutdown() + target.shutdown() ''; makeInstallerTest = name: { createPartitions - , postInstallCommands ? "", preBootCommands ? "", postBootCommands ? "" + , postInstallCommands ? "", postBootCommands ? "" , extraConfig ? "" , extraInstallerConfig ? {} , bootLoader ? "grub" # either "grub" or "systemd-boot" @@ -436,18 +404,39 @@ let , clevisFallbackTest ? false , disableFileSystems ? false }: - makeTest { + let + isEfi = bootLoader == "systemd-boot" || (bootLoader == "grub" && grubUseEfi); + in makeTest { inherit enableOCR; name = "installer-" + name; meta = { # put global maintainers here, individuals go into makeInstallerTest fkt call maintainers = (meta.maintainers or []); + # non-EFI tests can only run on x86 + platforms = if isEfi then platforms.linux else [ "x86_64-linux" "i686-linux" ]; }; - nodes = { + nodes = let + commonConfig = { + # builds stuff in the VM, needs more juice + virtualisation.diskSize = 8 * 1024; + virtualisation.cores = 8; + virtualisation.memorySize = 2048; + + # both installer and target need to use the same drive + virtualisation.diskImage = "./target.qcow2"; - # The configuration of the machine used to run "nixos-install". - machine = { pkgs, ... }: { + # and the same TPM options + virtualisation.qemu.options = mkIf (clevisTest) [ + "-chardev socket,id=chrtpm,path=$NIX_BUILD_TOP/swtpm-sock" + "-tpmdev emulator,id=tpm0,chardev=chrtpm" + "-device tpm-tis,tpmdev=tpm0" + ]; + }; + in { + # The configuration of the system used to run "nixos-install". + installer = { imports = [ + commonConfig ../modules/profiles/installation-device.nix ../modules/profiles/base.nix extraInstallerConfig @@ -458,11 +447,6 @@ let # root filesystem. virtualisation.fileSystems."/".autoFormat = systemdStage1; - # builds stuff in the VM, needs more juice - virtualisation.diskSize = 8 * 1024; - virtualisation.cores = 8; - virtualisation.memorySize = 2048; - boot.initrd.systemd.enable = systemdStage1; # Use a small /dev/vdb as the root disk for the @@ -470,17 +454,6 @@ let # the same during and after installation. virtualisation.emptyDiskImages = [ 512 ]; virtualisation.rootDevice = "/dev/vdb"; - virtualisation.bootLoaderDevice = "/dev/vda"; - virtualisation.qemu.diskInterface = "virtio"; - virtualisation.qemu.options = mkIf (clevisTest) [ - "-chardev socket,id=chrtpm,path=$NIX_BUILD_TOP/swtpm-sock" - "-tpmdev emulator,id=tpm0,chardev=chrtpm" - "-device tpm-tis,tpmdev=tpm0" - ]; - # We don't want to have any networking in the guest apart from the clevis tests. - virtualisation.vlans = mkIf (!clevisTest) []; - - boot.loader.systemd-boot.enable = mkIf (bootLoader == "systemd-boot") true; hardware.enableAllFirmware = mkForce false; @@ -520,7 +493,13 @@ let in [ (pkgs.grub2.override { inherit zfsSupport; }) (pkgs.grub2_efi.override { inherit zfsSupport; }) - ]) ++ optionals clevisTest [ pkgs.klibc ]; + ]) + ++ optionals (bootLoader == "systemd-boot") [ + pkgs.zstd.bin + pkgs.mypy + pkgs.bootspec + ] + ++ optionals clevisTest [ pkgs.klibc ]; nix.settings = { substituters = mkForce []; @@ -529,6 +508,18 @@ let }; }; + target = { + imports = [ commonConfig ]; + virtualisation.useBootLoader = true; + virtualisation.useEFIBoot = isEfi; + virtualisation.useDefaultFilesystems = false; + virtualisation.efi.keepVariables = false; + + virtualisation.fileSystems."/" = { + device = "/dev/disk/by-label/this-is-not-real-and-will-never-be-used"; + fsType = "ext4"; + }; + }; } // optionalAttrs clevisTest { tang = { services.tang = { @@ -541,7 +532,7 @@ let }; testScript = testScriptFun { - inherit bootLoader createPartitions postInstallCommands preBootCommands postBootCommands + inherit bootLoader createPartitions postInstallCommands postBootCommands grubDevice grubIdentifier grubUseEfi extraConfig testSpecialisationConfig testFlakeSwitch clevisTest clevisFallbackTest disableFileSystems; @@ -550,7 +541,7 @@ let makeLuksRootTest = name: luksFormatOpts: makeInstallerTest name { createPartitions = '' - machine.succeed( + installer.succeed( "flock /dev/vda parted --script /dev/vda -- mklabel msdos" + " mkpart primary ext2 1M 100MB" # /boot + " mkpart primary linux-swap 100M 1024M" @@ -572,10 +563,9 @@ let boot.kernelParams = lib.mkAfter [ "console=tty0" ]; ''; enableOCR = true; - preBootCommands = '' - machine.start() - machine.wait_for_text("[Pp]assphrase for") - machine.send_chars("supersecret\n") + postBootCommands = '' + target.wait_for_text("[Pp]assphrase for") + target.send_chars("supersecret\n") ''; }; @@ -583,7 +573,7 @@ let # one big filesystem partition. simple-test-config = { createPartitions = '' - machine.succeed( + installer.succeed( "flock /dev/vda parted --script /dev/vda -- mklabel msdos" + " mkpart primary linux-swap 1M 1024M" + " mkpart primary ext2 1024M -1s", @@ -602,7 +592,7 @@ let simple-uefi-grub-config = { createPartitions = '' - machine.succeed( + installer.succeed( "flock /dev/vda parted --script /dev/vda -- mklabel gpt" + " mkpart ESP fat32 1M 100MiB" # /boot + " set 1 boot on" @@ -656,7 +646,7 @@ let environment.systemPackages = with pkgs; [ keyutils clevis ]; }; createPartitions = '' - machine.succeed( + installer.succeed( "flock /dev/vda parted --script /dev/vda -- mklabel msdos" + " mkpart primary ext2 1M 100MB" + " mkpart primary linux-swap 100M 1024M" @@ -680,13 +670,9 @@ let # not know the UUID in advance. fileSystems."/" = lib.mkForce { device = "/dev/vda3"; fsType = "bcachefs"; }; ''; - preBootCommands = '' - tpm = Tpm() - tpm.check() - '' + optionalString fallback '' - machine.start() - machine.wait_for_text("enter passphrase for") - machine.send_chars("password\n") + postBootCommands = optionalString fallback '' + target.wait_for_text("enter passphrase for") + target.send_chars("password\n") ''; }; @@ -698,7 +684,7 @@ let environment.systemPackages = with pkgs; [ clevis ]; }; createPartitions = '' - machine.succeed( + installer.succeed( "flock /dev/vda parted --script /dev/vda -- mklabel msdos" + " mkpart primary ext2 1M 100MB" + " mkpart primary linux-swap 100M 1024M" @@ -719,17 +705,13 @@ let extraConfig = '' boot.initrd.clevis.devices."crypt-root".secretFile = "/etc/nixos/clevis-secret.jwe"; ''; - preBootCommands = '' - tpm = Tpm() - tpm.check() - '' + optionalString fallback '' - machine.start() + postBootCommands = optionalString fallback '' ${if systemdStage1 then '' - machine.wait_for_text("Please enter") + target.wait_for_text("Please enter") '' else '' - machine.wait_for_text("Passphrase for") + target.wait_for_text("Passphrase for") ''} - machine.send_chars("password\n") + target.send_chars("password\n") ''; }; @@ -742,7 +724,7 @@ let environment.systemPackages = with pkgs; [ clevis ]; }; createPartitions = '' - machine.succeed( + installer.succeed( "flock /dev/vda parted --script /dev/vda -- mklabel msdos" + " mkpart primary ext2 1M 100MB" + " mkpart primary linux-swap 100M 1024M" @@ -770,17 +752,13 @@ let boot.zfs.devNodes = "/dev/disk/by-uuid/"; networking.hostId = "00000000"; ''; - preBootCommands = '' - tpm = Tpm() - tpm.check() - '' + optionalString fallback '' - machine.start() + postBootCommands = optionalString fallback '' ${if systemdStage1 then '' - machine.wait_for_text("Enter key for rpool/root") + target.wait_for_text("Enter key for rpool/root") '' else '' - machine.wait_for_text("Key load error") + target.wait_for_text("Key load error") ''} - machine.send_chars("password\n") + target.send_chars("password\n") ''; }; @@ -801,7 +779,7 @@ in { # Simple GPT/UEFI configuration using systemd-boot with 3 partitions: ESP, swap & root filesystem simpleUefiSystemdBoot = makeInstallerTest "simpleUefiSystemdBoot" { createPartitions = '' - machine.succeed( + installer.succeed( "flock /dev/vda parted --script /dev/vda -- mklabel gpt" + " mkpart ESP fat32 1M 100MiB" # /boot + " set 1 boot on" @@ -828,7 +806,7 @@ in { # Same as the previous, but now with a separate /boot partition. separateBoot = makeInstallerTest "separateBoot" { createPartitions = '' - machine.succeed( + installer.succeed( "flock /dev/vda parted --script /dev/vda -- mklabel msdos" + " mkpart primary ext2 1M 100MB" # /boot + " mkpart primary linux-swap 100MB 1024M" @@ -848,7 +826,7 @@ in { # Same as the previous, but with fat32 /boot. separateBootFat = makeInstallerTest "separateBootFat" { createPartitions = '' - machine.succeed( + installer.succeed( "flock /dev/vda parted --script /dev/vda -- mklabel msdos" + " mkpart primary ext2 1M 100MB" # /boot + " mkpart primary linux-swap 100MB 1024M" @@ -880,7 +858,7 @@ in { ''; createPartitions = '' - machine.succeed( + installer.succeed( "flock /dev/vda parted --script /dev/vda -- mklabel msdos" + " mkpart primary ext2 1M 256MB" # /boot + " mkpart primary linux-swap 256MB 1280M" @@ -932,8 +910,8 @@ in { # umount & export bpool before shutdown # this is a fix for "cannot import 'bpool': pool was previously in use from another system." postInstallCommands = '' - machine.succeed("umount /mnt/boot") - machine.succeed("zpool export bpool") + installer.succeed("umount /mnt/boot") + installer.succeed("zpool export bpool") ''; }; @@ -954,7 +932,7 @@ in { ''; createPartitions = '' - machine.succeed( + installer.succeed( "flock /dev/vda parted --script /dev/vda -- mklabel msdos" + " mkpart primary 1M 100MB" # /boot + " mkpart primary linux-swap 100M 1024M" @@ -980,7 +958,7 @@ in { # that contains the logical swap and root partitions. lvm = makeInstallerTest "lvm" { createPartitions = '' - machine.succeed( + installer.succeed( "flock /dev/vda parted --script /dev/vda -- mklabel msdos" + " mkpart primary 1M 2048M" # PV1 + " set 1 lvm on" @@ -1013,7 +991,7 @@ in { # keyfile is configured encryptedFSWithKeyfile = makeInstallerTest "encryptedFSWithKeyfile" { createPartitions = '' - machine.succeed( + installer.succeed( "flock /dev/vda parted --script /dev/vda -- mklabel msdos" + " mkpart primary ext2 1M 100MB" # /boot + " mkpart primary linux-swap 100M 1024M" @@ -1052,7 +1030,7 @@ in { # LVM-on-LUKS and a keyfile in initrd.secrets to enter the passphrase once fullDiskEncryption = makeInstallerTest "fullDiskEncryption" { createPartitions = '' - machine.succeed( + installer.succeed( "flock /dev/vda parted --script /dev/vda -- mklabel gpt" + " mkpart ESP fat32 1M 100MiB" # /boot/efi + " set 1 boot on" @@ -1083,23 +1061,22 @@ in { boot.loader.grub.enableCryptodisk = true; boot.loader.efi.efiSysMountPoint = "/boot/efi"; - boot.initrd.secrets."/luks.key" = ./luks.key; + boot.initrd.secrets."/luks.key" = "/etc/nixos/luks.key"; boot.initrd.luks.devices.crypt = { device = "/dev/vda2"; keyFile = "/luks.key"; }; ''; enableOCR = true; - preBootCommands = '' - machine.start() - machine.wait_for_text("Enter passphrase for") - machine.send_chars("supersecret\n") + postBootCommands = '' + target.wait_for_text("Enter passphrase for") + target.send_chars("supersecret\n") ''; }; swraid = makeInstallerTest "swraid" { createPartitions = '' - machine.succeed( + installer.succeed( "flock /dev/vda parted --script /dev/vda --" + " mklabel msdos" + " mkpart primary ext2 1M 100MB" # /boot @@ -1128,15 +1105,14 @@ in { "udevadm settle", ) ''; - preBootCommands = '' - machine.start() - machine.fail("dmesg | grep 'immediate safe mode'") + postBootCommands = '' + target.fail("dmesg | grep 'immediate safe mode'") ''; }; bcache = makeInstallerTest "bcache" { createPartitions = '' - machine.succeed( + installer.succeed( "flock /dev/vda parted --script /dev/vda --" + " mklabel msdos" + " mkpart primary ext2 1M 100MB" # /boot @@ -1165,7 +1141,7 @@ in { }; createPartitions = '' - machine.succeed( + installer.succeed( "flock /dev/vda parted --script /dev/vda -- mklabel msdos" + " mkpart primary ext2 1M 100MB" # /boot + " mkpart primary linux-swap 100M 1024M" # swap @@ -1197,18 +1173,17 @@ in { ''; enableOCR = true; - preBootCommands = '' - machine.start() + postBootCommands = '' # Enter it wrong once - machine.wait_for_text("enter passphrase for ") - machine.send_chars("wrong\n") + target.wait_for_text("enter passphrase for ") + target.send_chars("wrong\n") # Then enter it right. - machine.wait_for_text("enter passphrase for ") - machine.send_chars("password\n") + target.wait_for_text("enter passphrase for ") + target.send_chars("password\n") ''; createPartitions = '' - machine.succeed( + installer.succeed( "flock /dev/vda parted --script /dev/vda -- mklabel msdos" + " mkpart primary ext2 1M 100MB" # /boot + " mkpart primary linux-swap 100M 1024M" # swap @@ -1235,7 +1210,7 @@ in { }; createPartitions = '' - machine.succeed( + installer.succeed( "flock /dev/vda parted --script /dev/vda -- mklabel msdos" + " mkpart primary ext2 1M 100MB" # /boot + " mkpart primary linux-swap 100M 1024M" # swap @@ -1256,7 +1231,7 @@ in { # Test using labels to identify volumes in grub simpleLabels = makeInstallerTest "simpleLabels" { createPartitions = '' - machine.succeed( + installer.succeed( "sgdisk -Z /dev/vda", "sgdisk -n 1:0:+1M -n 2:0:+1G -N 3 -t 1:ef02 -t 2:8200 -t 3:8300 -c 3:root /dev/vda", "mkswap /dev/vda2 -L swap", @@ -1273,7 +1248,7 @@ in { simpleProvided = makeInstallerTest "simpleProvided" { createPartitions = '' uuid = "$(blkid -s UUID -o value /dev/vda2)" - machine.succeed( + installer.succeed( "sgdisk -Z /dev/vda", "sgdisk -n 1:0:+1M -n 2:0:+100M -n 3:0:+1G -N 4 -t 1:ef02 -t 2:8300 " + "-t 3:8200 -t 4:8300 -c 2:boot -c 4:root /dev/vda", @@ -1282,9 +1257,9 @@ in { "mkfs.ext4 -L boot /dev/vda2", "mkfs.ext4 -L root /dev/vda4", ) - machine.execute(f"ln -s ../../vda2 /dev/disk/by-uuid/{uuid}") - machine.execute("ln -s ../../vda4 /dev/disk/by-label/root") - machine.succeed( + installer.execute(f"ln -s ../../vda2 /dev/disk/by-uuid/{uuid}") + installer.execute("ln -s ../../vda4 /dev/disk/by-label/root") + installer.succeed( "mount /dev/disk/by-label/root /mnt", "mkdir /mnt/boot", f"mount /dev/disk/by-uuid/{uuid} /mnt/boot", @@ -1296,7 +1271,7 @@ in { # Simple btrfs grub testing btrfsSimple = makeInstallerTest "btrfsSimple" { createPartitions = '' - machine.succeed( + installer.succeed( "sgdisk -Z /dev/vda", "sgdisk -n 1:0:+1M -n 2:0:+1G -N 3 -t 1:ef02 -t 2:8200 -t 3:8300 -c 3:root /dev/vda", "mkswap /dev/vda2 -L swap", @@ -1310,7 +1285,7 @@ in { # Test to see if we can detect /boot and /nix on subvolumes btrfsSubvols = makeInstallerTest "btrfsSubvols" { createPartitions = '' - machine.succeed( + installer.succeed( "sgdisk -Z /dev/vda", "sgdisk -n 1:0:+1M -n 2:0:+1G -N 3 -t 1:ef02 -t 2:8200 -t 3:8300 -c 3:root /dev/vda", "mkswap /dev/vda2 -L swap", @@ -1332,7 +1307,7 @@ in { # Test to see if we can detect default and aux subvolumes correctly btrfsSubvolDefault = makeInstallerTest "btrfsSubvolDefault" { createPartitions = '' - machine.succeed( + installer.succeed( "sgdisk -Z /dev/vda", "sgdisk -n 1:0:+1M -n 2:0:+1G -N 3 -t 1:ef02 -t 2:8200 -t 3:8300 -c 3:root /dev/vda", "mkswap /dev/vda2 -L swap", @@ -1358,7 +1333,7 @@ in { # Test to see if we can deal with subvols that need to be escaped in fstab btrfsSubvolEscape = makeInstallerTest "btrfsSubvolEscape" { createPartitions = '' - machine.succeed( + installer.succeed( "sgdisk -Z /dev/vda", "sgdisk -n 1:0:+1M -n 2:0:+1G -N 3 -t 1:ef02 -t 2:8200 -t 3:8300 -c 3:root /dev/vda", "mkswap /dev/vda2 -L swap", @@ -1385,7 +1360,7 @@ in { } // optionalAttrs systemdStage1 { stratisRoot = makeInstallerTest "stratisRoot" { createPartitions = '' - machine.succeed( + installer.succeed( "sgdisk --zap-all /dev/vda", "sgdisk --new=1:0:+100M --typecode=0:ef00 /dev/vda", # /boot "sgdisk --new=2:0:+1G --typecode=0:8200 /dev/vda", # swap @@ -1428,7 +1403,7 @@ in { in makeInstallerTest "gptAutoRoot" { disableFileSystems = true; createPartitions = '' - machine.succeed( + installer.succeed( "sgdisk --zap-all /dev/vda", "sgdisk --new=1:0:+100M --typecode=0:ef00 /dev/vda", # /boot "sgdisk --new=2:0:+1G --typecode=0:8200 /dev/vda", # swap diff --git a/nixpkgs/nixos/tests/invidious.nix b/nixpkgs/nixos/tests/invidious.nix index e31cd87f6a00..372b47b56c34 100644 --- a/nixpkgs/nixos/tests/invidious.nix +++ b/nixpkgs/nixos/tests/invidious.nix @@ -18,7 +18,7 @@ import ./make-test-python.nix ({ pkgs, ... }: { host invidious invidious samenet scram-sha-256 ''; }; - networking.firewall.allowedTCPPorts = [ config.services.postgresql.port ]; + networking.firewall.allowedTCPPorts = [ config.services.postgresql.settings.port ]; }; machine = { config, lib, pkgs, ... }: { services.invidious = { diff --git a/nixpkgs/nixos/tests/isolate.nix b/nixpkgs/nixos/tests/isolate.nix new file mode 100644 index 000000000000..327231be1cd4 --- /dev/null +++ b/nixpkgs/nixos/tests/isolate.nix @@ -0,0 +1,38 @@ +import ./make-test-python.nix ({ lib, ... }: +{ + name = "isolate"; + meta.maintainers = with lib.maintainers; [ virchau13 ]; + + nodes.machine = + { ... }: + { + security.isolate = { + enable = true; + }; + }; + + testScript = '' + bash_path = machine.succeed('realpath $(which bash)').strip() + sleep_path = machine.succeed('realpath $(which sleep)').strip() + def sleep_test(walltime, sleeptime): + return f'isolate --no-default-dirs --wall-time {walltime} ' + \ + f'--dir=/box={box_path} --dir=/nix=/nix --run -- ' + \ + f"{bash_path} -c 'exec -a sleep {sleep_path} {sleeptime}'" + + def sleep_test_cg(walltime, sleeptime): + return f'isolate --cg --no-default-dirs --wall-time {walltime} ' + \ + f'--dir=/box={box_path} --dir=/nix=/nix --processes=2 --run -- ' + \ + f"{bash_path} -c '( exec -a sleep {sleep_path} {sleeptime} )'" + + with subtest("without cgroups"): + box_path = machine.succeed('isolate --init').strip() + machine.succeed(sleep_test(1, 0.5)) + machine.fail(sleep_test(0.5, 1)) + machine.succeed('isolate --cleanup') + with subtest("with cgroups"): + box_path = machine.succeed('isolate --cg --init').strip() + machine.succeed(sleep_test_cg(1, 0.5)) + machine.fail(sleep_test_cg(0.5, 1)) + machine.succeed('isolate --cg --cleanup') + ''; +}) diff --git a/nixpkgs/nixos/tests/jotta-cli.nix b/nixpkgs/nixos/tests/jotta-cli.nix new file mode 100644 index 000000000000..5eefe65c1d38 --- /dev/null +++ b/nixpkgs/nixos/tests/jotta-cli.nix @@ -0,0 +1,25 @@ +import ./make-test-python.nix ({ pkgs, ... }: { + + name = "jotta-cli"; + meta.maintainers = with pkgs.lib.maintainers; [ evenbrenden ]; + + nodes.machine = { pkgs, ... }: { + user.services.jotta-cli.enable = true; + imports = [ ./common/user-account.nix ]; + }; + + testScript = { nodes, ... }: + let uid = toString nodes.machine.users.users.alice.uid; + in '' + machine.start() + + machine.succeed("loginctl enable-linger alice") + machine.wait_for_unit("user@${uid}.service") + + machine.wait_for_unit("jottad.service", "alice") + machine.wait_for_open_unix_socket("/run/user/${uid}/jottad/jottad.socket") + + # "jotta-cli version" should fail if jotta-cli cannot connect to jottad + machine.succeed('XDG_RUNTIME_DIR=/run/user/${uid} su alice -c "jotta-cli version"') + ''; +}) diff --git a/nixpkgs/nixos/tests/kanidm.nix b/nixpkgs/nixos/tests/kanidm.nix index fa24d4a8a5e1..8ed9af63f1d4 100644 --- a/nixpkgs/nixos/tests/kanidm.nix +++ b/nixpkgs/nixos/tests/kanidm.nix @@ -76,14 +76,17 @@ import ./make-test-python.nix ({ pkgs, ... }: with subtest("Test LDAP interface"): server.succeed("ldapsearch -H ldaps://${serverDomain}:636 -b '${ldapBaseDN}' -x '(name=test)'") - with subtest("Test CLI login"): - client.succeed("kanidm login -D anonymous") - client.succeed("kanidm self whoami | grep anonymous@${serverDomain}") - client.succeed("kanidm logout") - with subtest("Recover idm_admin account"): idm_admin_password = server.succeed("su - kanidm -c 'kanidmd recover-account -c ${serverConfigFile} idm_admin 2>&1 | rg -o \'[A-Za-z0-9]{48}\' '").strip().removeprefix("'").removesuffix("'") + with subtest("Test CLI login"): + client.wait_until_tty_matches("1", "login: ") + client.send_chars("root\n") + client.send_chars("kanidm login -D idm_admin\n") + client.wait_until_tty_matches("1", "Enter password: ") + client.send_chars(f"{idm_admin_password}\n") + client.wait_until_tty_matches("1", "Login Success for idm_admin") + with subtest("Test unixd connection"): client.wait_for_unit("kanidm-unixd.service") client.wait_for_file("/run/kanidm-unixd/sock") @@ -92,12 +95,6 @@ import ./make-test-python.nix ({ pkgs, ... }: with subtest("Test user creation"): client.wait_for_unit("getty@tty1.service") client.wait_until_succeeds("pgrep -f 'agetty.*tty1'") - client.wait_until_tty_matches("1", "login: ") - client.send_chars("root\n") - client.send_chars("kanidm login -D idm_admin\n") - client.wait_until_tty_matches("1", "Enter password: ") - client.send_chars(f"{idm_admin_password}\n") - client.wait_until_tty_matches("1", "Login Success for idm_admin") client.succeed("kanidm person create testuser TestUser") client.succeed("kanidm person posix set --shell \"$SHELL\" testuser") client.send_chars("kanidm person posix set-password testuser\n") diff --git a/nixpkgs/nixos/tests/kernel-generic.nix b/nixpkgs/nixos/tests/kernel-generic.nix index 9714a94382ee..5f0e7b3e37cd 100644 --- a/nixpkgs/nixos/tests/kernel-generic.nix +++ b/nixpkgs/nixos/tests/kernel-generic.nix @@ -31,7 +31,6 @@ let linux_5_15_hardened linux_6_1_hardened linux_6_6_hardened - linux_6_7_hardened linux_rt_5_4 linux_rt_5_10 linux_rt_5_15 diff --git a/nixpkgs/nixos/tests/kernel-rust.nix b/nixpkgs/nixos/tests/kernel-rust.nix index 1f269173ec2e..f32d43326061 100644 --- a/nixpkgs/nixos/tests/kernel-rust.nix +++ b/nixpkgs/nixos/tests/kernel-rust.nix @@ -4,7 +4,7 @@ }: let - inherit (pkgs.lib) const filterAttrs mapAttrs; + inherit (pkgs.lib) const filterAttrs mapAttrs meta; kernelRustTest = kernelPackages: import ./make-test-python.nix ({ lib, ... }: { name = "kernel-rust"; @@ -38,6 +38,8 @@ let inherit (builtins.tryEval ( x.rust-out-of-tree-module or null != null )) success value; - in success && value)) + available = + meta.availableOn pkgs.stdenv.hostPlatform x.rust-out-of-tree-module; + in success && value && available)) pkgs.linuxKernel.vanillaPackages; in mapAttrs (const kernelRustTest) kernels diff --git a/nixpkgs/nixos/tests/libinput.nix b/nixpkgs/nixos/tests/libinput.nix index 9b6fa159b999..b002492b1665 100644 --- a/nixpkgs/nixos/tests/libinput.nix +++ b/nixpkgs/nixos/tests/libinput.nix @@ -12,7 +12,7 @@ import ./make-test-python.nix ({ ... }: test-support.displayManager.auto.user = "alice"; - services.xserver.libinput = { + services.libinput = { enable = true; mouse = { naturalScrolling = true; diff --git a/nixpkgs/nixos/tests/libreswan.nix b/nixpkgs/nixos/tests/libreswan.nix index aadba941fab1..c798a04645bc 100644 --- a/nixpkgs/nixos/tests/libreswan.nix +++ b/nixpkgs/nixos/tests/libreswan.nix @@ -119,11 +119,11 @@ in with subtest("Libreswan is ready"): alice.wait_for_unit("ipsec") bob.wait_for_unit("ipsec") - alice.succeed("ipsec verify 1>&2") + alice.succeed("ipsec checkconfig") with subtest("Alice and Bob can start the tunnel"): - alice.execute("ipsec auto --start tunnel >&2 &") - bob.succeed("ipsec auto --start tunnel") + alice.execute("ipsec start tunnel >&2 &") + bob.succeed("ipsec start tunnel") # apparently this is needed to "wake" the tunnel bob.execute("ping -c1 alice") diff --git a/nixpkgs/nixos/tests/lightdm.nix b/nixpkgs/nixos/tests/lightdm.nix index 94cebd4a630a..730983a80413 100644 --- a/nixpkgs/nixos/tests/lightdm.nix +++ b/nixpkgs/nixos/tests/lightdm.nix @@ -8,7 +8,7 @@ import ./make-test-python.nix ({ pkgs, ...} : { imports = [ ./common/user-account.nix ]; services.xserver.enable = true; services.xserver.displayManager.lightdm.enable = true; - services.xserver.displayManager.defaultSession = "none+icewm"; + services.displayManager.defaultSession = "none+icewm"; services.xserver.windowManager.icewm.enable = true; }; diff --git a/nixpkgs/nixos/tests/lomiri.nix b/nixpkgs/nixos/tests/lomiri.nix new file mode 100644 index 000000000000..9d6337e9977c --- /dev/null +++ b/nixpkgs/nixos/tests/lomiri.nix @@ -0,0 +1,294 @@ +import ./make-test-python.nix ({ pkgs, lib, ... }: let + # Just to make sure everything is the same, need it for OCR & navigating greeter + user = "alice"; + description = "Alice Foobar"; + password = "foobar"; +in { + name = "lomiri"; + + meta = { + maintainers = lib.teams.lomiri.members; + }; + + nodes.machine = { config, ... }: { + imports = [ + ./common/user-account.nix + ]; + + users.users.${user} = { + inherit description password; + }; + + services.desktopManager.lomiri.enable = lib.mkForce true; + services.displayManager.defaultSession = lib.mkForce "lomiri"; + + fonts.packages = [ pkgs.inconsolata ]; + + environment = { + # Help with OCR + etc."xdg/alacritty/alacritty.yml".text = lib.generators.toYAML { } { + font = rec { + normal.family = "Inconsolata"; + bold.family = normal.family; + italic.family = normal.family; + bold_italic.family = normal.family; + size = 16; + }; + colors = rec { + primary = { + foreground = "0x000000"; + background = "0xffffff"; + }; + normal = { + green = primary.foreground; + }; + }; + }; + + variables = { + # So we can test what content-hub is working behind the scenes + CONTENT_HUB_LOGGING_LEVEL = "2"; + }; + + systemPackages = with pkgs; [ + # For a convenient way of kicking off content-hub peer collection + lomiri.content-hub.examples + + # Forcing alacritty to run as an X11 app when opened from the starter menu + (symlinkJoin { + name = "x11-${alacritty.name}"; + + paths = [ alacritty ]; + + nativeBuildInputs = [ makeWrapper ]; + + postBuild = '' + wrapProgram $out/bin/alacritty \ + --set WINIT_UNIX_BACKEND x11 \ + --set WAYLAND_DISPLAY "" + ''; + + inherit (alacritty) meta; + }) + ]; + }; + + # Help with OCR + systemd.tmpfiles.settings = let + white = "255, 255, 255"; + black = "0, 0, 0"; + colorSection = color: { + Color = color; + Bold = true; + Transparency = false; + }; + terminalColors = pkgs.writeText "customized.colorscheme" (lib.generators.toINI {} { + Background = colorSection white; + Foreground = colorSection black; + Color2 = colorSection black; + Color2Intense = colorSection black; + }); + terminalConfig = pkgs.writeText "terminal.ubports.conf" (lib.generators.toINI {} { + General = { + colorScheme = "customized"; + fontSize = "16"; + fontStyle = "Inconsolata"; + }; + }); + confBase = "${config.users.users.${user}.home}/.config"; + userDirArgs = { + mode = "0700"; + user = user; + group = "users"; + }; + in { + "10-lomiri-test-setup" = { + "${confBase}".d = userDirArgs; + "${confBase}/terminal.ubports".d = userDirArgs; + "${confBase}/terminal.ubports/customized.colorscheme".L.argument = "${terminalColors}"; + "${confBase}/terminal.ubports/terminal.ubports.conf".L.argument = "${terminalConfig}"; + }; + }; + }; + + enableOCR = true; + + testScript = { nodes, ... }: '' + def open_starter(): + """ + Open the starter, and ensure it's opened. + """ + machine.send_key("meta_l-a") + # Look for any of the default apps + machine.wait_for_text(r"(Search|System|Settings|Morph|Browser|Terminal|Alacritty)") + + def toggle_maximise(): + """ + Send the keybind to maximise the current window. + """ + machine.send_key("ctrl-meta_l-up") + + # For some reason, Lomiri in these VM tests very frequently opens the starter menu a few seconds after sending the above. + # Because this isn't 100% reproducible all the time, and there is no command to await when OCR doesn't pick up some text, + # the best we can do is send some Escape input after waiting some arbitrary time and hope that it works out fine. + machine.sleep(5) + machine.send_key("esc") + machine.sleep(5) + + start_all() + machine.wait_for_unit("multi-user.target") + + # Lomiri in greeter mode should work & be able to start a session + with subtest("lomiri greeter works"): + machine.wait_for_unit("display-manager.service") + # Start page shows current tie + machine.wait_for_text(r"(AM|PM)") + machine.screenshot("lomiri_greeter_launched") + + # Advance to login part + machine.send_key("ret") + machine.wait_for_text("${description}") + machine.screenshot("lomiri_greeter_login") + + # Login + machine.send_chars("${password}\n") + # Best way I can think of to differenciate "Lomiri in LightDM greeter mode" from "Lomiri in user shell mode" + machine.wait_until_succeeds("pgrep -u ${user} -f 'lomiri --mode=full-shell'") + + # The session should start, and not be stuck in i.e. a crash loop + with subtest("lomiri starts"): + # Output rendering from Lomiri has started when it starts printing performance diagnostics + machine.wait_for_console_text("Last frame took") + # Look for datetime's clock, one of the last elements to load + machine.wait_for_text(r"(AM|PM)") + machine.screenshot("lomiri_launched") + + # Working terminal keybind is good + with subtest("terminal keybind works"): + machine.send_key("ctrl-alt-t") + machine.wait_for_text(r"(${user}|machine)") + machine.screenshot("terminal_opens") + + # lomiri-terminal-app has a separate VM test to test its basic functionality + + # for the LSS content-hub test to work reliably, we need to kick off peer collecting + machine.send_chars("content-hub-test-importer\n") + machine.wait_for_text(r"(/build/source|hub.cpp|handler.cpp|void|virtual|const)") # awaiting log messages from content-hub + machine.send_key("ctrl-c") + + machine.send_key("alt-f4") + + # We want the ability to launch applications + with subtest("starter menu works"): + open_starter() + machine.screenshot("starter_opens") + + # Just try the terminal again, we know that it should work + machine.send_chars("Terminal\n") + machine.wait_for_text(r"(${user}|machine)") + machine.send_key("alt-f4") + + # We want support for X11 apps + with subtest("xwayland support works"): + open_starter() + machine.send_chars("Alacritty\n") + machine.wait_for_text(r"(${user}|machine)") + machine.screenshot("alacritty_opens") + machine.send_key("alt-f4") + + # LSS provides DE settings + with subtest("system settings open"): + open_starter() + machine.send_chars("System Settings\n") + machine.wait_for_text("Rotation Lock") + machine.screenshot("settings_open") + + # lomiri-system-settings has a separate VM test, only test Lomiri-specific content-hub functionalities here + + # Make fullscreen, can't navigate to Background plugin via keyboard unless window has non-phone-like aspect ratio + toggle_maximise() + + # Load Background plugin + machine.send_key("tab") + machine.send_key("tab") + machine.send_key("tab") + machine.send_key("tab") + machine.send_key("tab") + machine.send_key("tab") + machine.send_key("ret") + machine.wait_for_text("Background image") + + # Try to load custom background + machine.send_key("shift-tab") + machine.send_key("shift-tab") + machine.send_key("shift-tab") + machine.send_key("shift-tab") + machine.send_key("shift-tab") + machine.send_key("shift-tab") + machine.send_key("ret") + + # Peers should be loaded + machine.wait_for_text("Morph") # or Gallery, but Morph is already packaged + machine.screenshot("settings_content-hub_peers") + + # Sadly, it doesn't seem possible to actually select a peer and attempt a content-hub data exchange with just the keyboard + + machine.send_key("alt-f4") + + # Morph is how we go online + with subtest("morph browser works"): + open_starter() + machine.send_chars("Morph\n") + machine.wait_for_text(r"(Bookmarks|address|site|visited any)") + machine.screenshot("morph_open") + + # morph-browser has a separate VM test, there isn't anything new we could test here + + machine.send_key("alt-f4") + + # The ayatana indicators are an important part of the experience, and they hold the only graphical way of exiting the session. + # Reaching them via the intended way requires wayland mouse control, but ydotool lacks a module for its daemon: + # https://github.com/NixOS/nixpkgs/issues/183659 + # Luckily, there's a test app that also displays their contents, but it's abit inconsistent. Hopefully this is *good-enough*. + with subtest("ayatana indicators work"): + open_starter() + machine.send_chars("Indicators\n") + machine.wait_for_text(r"(Indicators|Client|List|network|datetime|session)") + machine.screenshot("indicators_open") + + # Element tab order within the indicator menus is not fully deterministic + # Only check that the indicators are listed & their items load + + with subtest("lomiri indicator network works"): + # Select indicator-network + machine.send_key("tab") + # Don't go further down, first entry + machine.send_key("ret") + machine.wait_for_text(r"(Flight|Wi-Fi)") + machine.screenshot("indicators_network") + + machine.send_key("shift-tab") + machine.send_key("ret") + machine.wait_for_text(r"(Indicators|Client|List|network|datetime|session)") + + with subtest("ayatana indicator datetime works"): + # Select ayatana-indicator-datetime + machine.send_key("tab") + machine.send_key("down") + machine.send_key("ret") + machine.wait_for_text("Time and Date Settings") + machine.screenshot("indicators_timedate") + + machine.send_key("shift-tab") + machine.send_key("ret") + machine.wait_for_text(r"(Indicators|Client|List|network|datetime|session)") + + with subtest("ayatana indicator session works"): + # Select ayatana-indicator-session + machine.send_key("tab") + machine.send_key("down") + machine.send_key("ret") + machine.wait_for_text("Log Out") + machine.screenshot("indicators_session") + ''; +}) diff --git a/nixpkgs/nixos/tests/lvm2/default.nix b/nixpkgs/nixos/tests/lvm2/default.nix index e0358ec2806f..84f24cbc3859 100644 --- a/nixpkgs/nixos/tests/lvm2/default.nix +++ b/nixpkgs/nixos/tests/lvm2/default.nix @@ -36,9 +36,14 @@ lib.listToAttrs ( lib.flip lib.concatMap kernelVersionsToTest (version: let v' = lib.replaceStrings [ "." ] [ "_" ] version; + mkXfsFlags = lib.optionalString (lib.versionOlder version "5.10") " -m bigtime=0 -m inobtcount=0 " + + lib.optionalString (lib.versionOlder version "5.19") " -i nrext64=0 "; in lib.flip lib.mapAttrsToList tests (name: t: - lib.nameValuePair "lvm-${name}-linux-${v'}" (lib.optionalAttrs (builtins.elem version (t.kernelFilter kernelVersionsToTest)) (t.test ({ kernelPackages = pkgs."linuxPackages_${v'}"; } // builtins.removeAttrs t [ "test" "kernelFilter" ]))) + lib.nameValuePair "lvm-${name}-linux-${v'}" (lib.optionalAttrs (builtins.elem version (t.kernelFilter kernelVersionsToTest)) (t.test ({ + kernelPackages = pkgs."linuxPackages_${v'}"; + inherit mkXfsFlags; + } // builtins.removeAttrs t [ "test" "kernelFilter" ]))) ) ) ) diff --git a/nixpkgs/nixos/tests/lvm2/systemd-stage-1.nix b/nixpkgs/nixos/tests/lvm2/systemd-stage-1.nix index 1c95aadfcb3f..7f106e1b0dd6 100644 --- a/nixpkgs/nixos/tests/lvm2/systemd-stage-1.nix +++ b/nixpkgs/nixos/tests/lvm2/systemd-stage-1.nix @@ -1,4 +1,4 @@ -{ kernelPackages ? null, flavour }: let +{ kernelPackages ? null, flavour, mkXfsFlags ? "" }: let preparationCode = { raid = '' machine.succeed("vgcreate test_vg /dev/vdb /dev/vdc") @@ -71,7 +71,7 @@ in import ../make-test-python.nix ({ pkgs, lib, ... }: { boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - environment.systemPackages = with pkgs; [ e2fsprogs ]; # for mkfs.ext4 + environment.systemPackages = with pkgs; [ xfsprogs ]; boot = { initrd.systemd = { enable = true; @@ -88,7 +88,7 @@ in import ../make-test-python.nix ({ pkgs, lib, ... }: { machine.wait_for_unit("multi-user.target") # Create a VG for the root ${preparationCode} - machine.succeed("mkfs.ext4 /dev/test_vg/test_lv") + machine.succeed("mkfs.xfs ${mkXfsFlags} /dev/test_vg/test_lv") machine.succeed("mkdir -p /mnt && mount /dev/test_vg/test_lv /mnt && echo hello > /mnt/test && umount /mnt") # Boot from LVM diff --git a/nixpkgs/nixos/tests/lvm2/thinpool.nix b/nixpkgs/nixos/tests/lvm2/thinpool.nix index f49c8980613c..325bb87460b7 100644 --- a/nixpkgs/nixos/tests/lvm2/thinpool.nix +++ b/nixpkgs/nixos/tests/lvm2/thinpool.nix @@ -1,4 +1,4 @@ -{ kernelPackages ? null }: +{ kernelPackages ? null, mkXfsFlags ? "" }: import ../make-test-python.nix ({ pkgs, lib, ... }: { name = "lvm2-thinpool"; meta.maintainers = lib.teams.helsinki-systems.members; @@ -18,7 +18,8 @@ import ../make-test-python.nix ({ pkgs, lib, ... }: { }; testScript = let - mkXfsFlags = lib.optionalString (lib.versionOlder kernelPackages.kernel.version "5.10") "-m bigtime=0 -m inobtcount=0"; + mkXfsFlags = lib.optionalString (lib.versionOlder kernelPackages.kernel.version "5.10") " -m bigtime=0 -m inobtcount=0 " + + lib.optionalString (lib.versionOlder kernelPackages.kernel.version "5.19") " -i nrext64=0 "; in '' machine.succeed("vgcreate test_vg /dev/vdb") machine.succeed("lvcreate -L 512M -T test_vg/test_thin_pool") diff --git a/nixpkgs/nixos/tests/lvm2/vdo.nix b/nixpkgs/nixos/tests/lvm2/vdo.nix index 75c1fc094e97..18d25b7b366d 100644 --- a/nixpkgs/nixos/tests/lvm2/vdo.nix +++ b/nixpkgs/nixos/tests/lvm2/vdo.nix @@ -1,4 +1,4 @@ -{ kernelPackages ? null }: +{ kernelPackages ? null, mkXfsFlags ? "" }: import ../make-test-python.nix ({ pkgs, lib, ... }: { name = "lvm2-vdo"; meta.maintainers = lib.teams.helsinki-systems.members; @@ -17,7 +17,7 @@ import ../make-test-python.nix ({ pkgs, lib, ... }: { testScript = '' machine.succeed("vgcreate test_vg /dev/vdb") machine.succeed("lvcreate --type vdo -n vdo_lv -L 6G -V 12G test_vg/vdo_pool_lv") - machine.succeed("mkfs.xfs -K /dev/test_vg/vdo_lv") + machine.succeed("mkfs.xfs ${mkXfsFlags} -K /dev/test_vg/vdo_lv") machine.succeed("mkdir /mnt; mount /dev/test_vg/vdo_lv /mnt") assert "/dev/mapper/test_vg-vdo_lv" == machine.succeed("findmnt -no SOURCE /mnt").strip() machine.succeed("umount /mnt") diff --git a/nixpkgs/nixos/tests/maestral.nix b/nixpkgs/nixos/tests/maestral.nix index 67a265926187..52cc32cd0f4b 100644 --- a/nixpkgs/nixos/tests/maestral.nix +++ b/nixpkgs/nixos/tests/maestral.nix @@ -29,11 +29,14 @@ import ./make-test-python.nix ({ pkgs, ... }: { gui = { ... }: common { services.xserver = { enable = true; - displayManager.sddm.enable = true; - displayManager.defaultSession = "plasma"; desktopManager.plasma5.enable = true; desktopManager.plasma5.runUsingSystemd = true; - displayManager.autoLogin = { + }; + + services.displayManager = { + sddm.enable = true; + defaultSession = "plasma"; + autoLogin = { enable = true; user = "alice"; }; diff --git a/nixpkgs/nixos/tests/mate-wayland.nix b/nixpkgs/nixos/tests/mate-wayland.nix index df39ead286e1..e5c96d2af747 100644 --- a/nixpkgs/nixos/tests/mate-wayland.nix +++ b/nixpkgs/nixos/tests/mate-wayland.nix @@ -9,7 +9,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { ]; services.xserver.enable = true; - services.xserver.displayManager = { + services.displayManager = { sddm.enable = true; # https://github.com/canonical/lightdm/issues/63 sddm.wayland.enable = true; defaultSession = "MATE"; diff --git a/nixpkgs/nixos/tests/matrix/mautrix-meta-postgres.nix b/nixpkgs/nixos/tests/matrix/mautrix-meta-postgres.nix new file mode 100644 index 000000000000..c9a45788afaf --- /dev/null +++ b/nixpkgs/nixos/tests/matrix/mautrix-meta-postgres.nix @@ -0,0 +1,221 @@ +import ../make-test-python.nix ({ pkgs, ... }: + let + homeserverDomain = "server"; + homeserverUrl = "http://server:8008"; + userName = "alice"; + botUserName = "instagrambot"; + + asToken = "this-is-my-totally-randomly-generated-as-token"; + hsToken = "this-is-my-totally-randomly-generated-hs-token"; + in + { + name = "mautrix-meta-postgres"; + meta.maintainers = pkgs.mautrix-meta.meta.maintainers; + + nodes = { + server = { config, pkgs, ... }: { + services.postgresql = { + enable = true; + + ensureUsers = [ + { + name = "mautrix-meta-instagram"; + ensureDBOwnership = true; + } + ]; + + ensureDatabases = [ + "mautrix-meta-instagram" + ]; + }; + + systemd.services.mautrix-meta-instagram = { + wants = [ "postgres.service" ]; + after = [ "postgres.service" ]; + }; + + services.matrix-synapse = { + enable = true; + settings = { + database.name = "sqlite3"; + + enable_registration = true; + + # don't use this in production, always use some form of verification + enable_registration_without_verification = true; + + listeners = [ { + # The default but tls=false + bind_addresses = [ + "0.0.0.0" + ]; + port = 8008; + resources = [ { + "compress" = true; + "names" = [ "client" ]; + } { + "compress" = false; + "names" = [ "federation" ]; + } ]; + tls = false; + type = "http"; + } ]; + }; + }; + + services.mautrix-meta.instances.instagram = { + enable = true; + + environmentFile = pkgs.writeText ''my-secrets'' '' + AS_TOKEN=${asToken} + HS_TOKEN=${hsToken} + ''; + + settings = { + homeserver = { + address = homeserverUrl; + domain = homeserverDomain; + }; + + appservice = { + port = 8009; + + as_token = "$AS_TOKEN"; + hs_token = "$HS_TOKEN"; + + database = { + type = "postgres"; + uri = "postgres:///mautrix-meta-instagram?host=/var/run/postgresql"; + }; + + bot.username = botUserName; + }; + + bridge.permissions."@${userName}:server" = "user"; + }; + }; + + networking.firewall.allowedTCPPorts = [ 8008 8009 ]; + }; + + client = { pkgs, ... }: { + environment.systemPackages = [ + (pkgs.writers.writePython3Bin "do_test" + { + libraries = [ pkgs.python3Packages.matrix-nio ]; + flakeIgnore = [ + # We don't live in the dark ages anymore. + # Languages like Python that are whitespace heavy will overrun + # 79 characters.. + "E501" + ]; + } '' + import sys + import functools + import asyncio + + from nio import AsyncClient, RoomMessageNotice, RoomCreateResponse, RoomInviteResponse + + + async def message_callback(matrix: AsyncClient, msg: str, _r, e): + print("Received matrix text message: ", e) + assert msg in e.body + exit(0) # Success! + + + async def run(homeserver: str): + matrix = AsyncClient(homeserver) + response = await matrix.register("${userName}", "foobar") + print("Matrix register response: ", response) + + # Open a DM with the bridge bot + response = await matrix.room_create() + print("Matrix create room response:", response) + assert isinstance(response, RoomCreateResponse) + room_id = response.room_id + + response = await matrix.room_invite(room_id, "@${botUserName}:${homeserverDomain}") + assert isinstance(response, RoomInviteResponse) + + callback = functools.partial( + message_callback, matrix, "Hello, I'm an Instagram bridge bot." + ) + matrix.add_event_callback(callback, RoomMessageNotice) + + print("Waiting for matrix message...") + await matrix.sync_forever(timeout=30000) + + + if __name__ == "__main__": + asyncio.run(run(sys.argv[1])) + '' + ) + ]; + }; + }; + + testScript = '' + def extract_token(data): + stdout = data[1] + stdout = stdout.strip() + line = stdout.split('\n')[-1] + return line.split(':')[-1].strip("\" '\n") + + def get_token_from(token, file): + data = server.execute(f"cat {file} | grep {token}") + return extract_token(data) + + def get_as_token_from(file): + return get_token_from("as_token", file) + + def get_hs_token_from(file): + return get_token_from("hs_token", file) + + config_yaml = "/var/lib/mautrix-meta-instagram/config.yaml" + registration_yaml = "/var/lib/mautrix-meta-instagram/meta-registration.yaml" + + expected_as_token = "${asToken}" + expected_hs_token = "${hsToken}" + + start_all() + + with subtest("start the server"): + # bridge + server.wait_for_unit("mautrix-meta-instagram.service") + + # homeserver + server.wait_for_unit("matrix-synapse.service") + + server.wait_for_open_port(8008) + # Bridge only opens the port after it contacts the homeserver + server.wait_for_open_port(8009) + + with subtest("ensure messages can be exchanged"): + client.succeed("do_test ${homeserverUrl} >&2") + + with subtest("ensure as_token, hs_token match from environment file"): + as_token = get_as_token_from(config_yaml) + hs_token = get_hs_token_from(config_yaml) + as_token_registration = get_as_token_from(registration_yaml) + hs_token_registration = get_hs_token_from(registration_yaml) + + assert as_token == expected_as_token, f"as_token in config should match the one specified (is: {as_token}, expected: {expected_as_token})" + assert hs_token == expected_hs_token, f"hs_token in config should match the one specified (is: {hs_token}, expected: {expected_hs_token})" + assert as_token_registration == expected_as_token, f"as_token in registration should match the one specified (is: {as_token_registration}, expected: {expected_as_token})" + assert hs_token_registration == expected_hs_token, f"hs_token in registration should match the one specified (is: {hs_token_registration}, expected: {expected_hs_token})" + + with subtest("ensure as_token and hs_token stays same after restart"): + server.systemctl("restart mautrix-meta-instagram") + server.wait_for_open_port(8009) + + as_token = get_as_token_from(config_yaml) + hs_token = get_hs_token_from(config_yaml) + as_token_registration = get_as_token_from(registration_yaml) + hs_token_registration = get_hs_token_from(registration_yaml) + + assert as_token == expected_as_token, f"as_token in config should match the one specified (is: {as_token}, expected: {expected_as_token})" + assert hs_token == expected_hs_token, f"hs_token in config should match the one specified (is: {hs_token}, expected: {expected_hs_token})" + assert as_token_registration == expected_as_token, f"as_token in registration should match the one specified (is: {as_token_registration}, expected: {expected_as_token})" + assert hs_token_registration == expected_hs_token, f"hs_token in registration should match the one specified (is: {hs_token_registration}, expected: {expected_hs_token})" + ''; + }) diff --git a/nixpkgs/nixos/tests/matrix/mautrix-meta-sqlite.nix b/nixpkgs/nixos/tests/matrix/mautrix-meta-sqlite.nix new file mode 100644 index 000000000000..b5e580620049 --- /dev/null +++ b/nixpkgs/nixos/tests/matrix/mautrix-meta-sqlite.nix @@ -0,0 +1,247 @@ +import ../make-test-python.nix ({ pkgs, ... }: + let + homeserverDomain = "server"; + homeserverUrl = "http://server:8008"; + username = "alice"; + instagramBotUsername = "instagrambot"; + facebookBotUsername = "facebookbot"; + in + { + name = "mautrix-meta-sqlite"; + meta.maintainers = pkgs.mautrix-meta.meta.maintainers; + + nodes = { + server = { config, pkgs, ... }: { + services.matrix-synapse = { + enable = true; + settings = { + database.name = "sqlite3"; + + enable_registration = true; + + # don't use this in production, always use some form of verification + enable_registration_without_verification = true; + + listeners = [ { + # The default but tls=false + bind_addresses = [ + "0.0.0.0" + ]; + port = 8008; + resources = [ { + "compress" = true; + "names" = [ "client" ]; + } { + "compress" = false; + "names" = [ "federation" ]; + } ]; + tls = false; + type = "http"; + } ]; + }; + }; + + services.mautrix-meta.instances.facebook = { + enable = true; + + settings = { + homeserver = { + address = homeserverUrl; + domain = homeserverDomain; + }; + + appservice = { + port = 8009; + + bot.username = facebookBotUsername; + }; + + bridge.permissions."@${username}:server" = "user"; + }; + }; + + services.mautrix-meta.instances.instagram = { + enable = true; + + settings = { + homeserver = { + address = homeserverUrl; + domain = homeserverDomain; + }; + + appservice = { + port = 8010; + + bot.username = instagramBotUsername; + }; + + bridge.permissions."@${username}:server" = "user"; + }; + }; + + networking.firewall.allowedTCPPorts = [ 8008 ]; + }; + + client = { pkgs, ... }: { + environment.systemPackages = [ + (pkgs.writers.writePython3Bin "register_user" + { + libraries = [ pkgs.python3Packages.matrix-nio ]; + flakeIgnore = [ + # We don't live in the dark ages anymore. + # Languages like Python that are whitespace heavy will overrun + # 79 characters.. + "E501" + ]; + } '' + import sys + import asyncio + + from nio import AsyncClient + + + async def run(username: str, homeserver: str): + matrix = AsyncClient(homeserver) + + response = await matrix.register(username, "foobar") + print("Matrix register response: ", response) + + + if __name__ == "__main__": + asyncio.run(run(sys.argv[1], sys.argv[2])) + '' + ) + (pkgs.writers.writePython3Bin "do_test" + { + libraries = [ pkgs.python3Packages.matrix-nio ]; + flakeIgnore = [ + # We don't live in the dark ages anymore. + # Languages like Python that are whitespace heavy will overrun + # 79 characters.. + "E501" + ]; + } '' + import sys + import functools + import asyncio + + from nio import AsyncClient, RoomMessageNotice, RoomCreateResponse, RoomInviteResponse + + + async def message_callback(matrix: AsyncClient, msg: str, _r, e): + print("Received matrix text message: ", e) + assert msg in e.body + exit(0) # Success! + + + async def run(username: str, bot_username: str, homeserver: str): + matrix = AsyncClient(homeserver, f"@{username}:${homeserverDomain}") + + response = await matrix.login("foobar") + print("Matrix login response: ", response) + + # Open a DM with the bridge bot + response = await matrix.room_create() + print("Matrix create room response:", response) + assert isinstance(response, RoomCreateResponse) + room_id = response.room_id + + response = await matrix.room_invite(room_id, f"@{bot_username}:${homeserverDomain}") + assert isinstance(response, RoomInviteResponse) + + callback = functools.partial( + message_callback, matrix, "Hello, I'm an Instagram bridge bot." + ) + matrix.add_event_callback(callback, RoomMessageNotice) + + print("Waiting for matrix message...") + await matrix.sync_forever(timeout=30000) + + + if __name__ == "__main__": + asyncio.run(run(sys.argv[1], sys.argv[2], sys.argv[3])) + '' + ) + ]; + }; + }; + + testScript = '' + def extract_token(data): + stdout = data[1] + stdout = stdout.strip() + line = stdout.split('\n')[-1] + return line.split(':')[-1].strip("\" '\n") + + def get_token_from(token, file): + data = server.execute(f"cat {file} | grep {token}") + return extract_token(data) + + def get_as_token_from(file): + return get_token_from("as_token", file) + + def get_hs_token_from(file): + return get_token_from("hs_token", file) + + config_yaml = "/var/lib/mautrix-meta-facebook/config.yaml" + registration_yaml = "/var/lib/mautrix-meta-facebook/meta-registration.yaml" + + start_all() + + with subtest("wait for bridges and homeserver"): + # bridge + server.wait_for_unit("mautrix-meta-facebook.service") + server.wait_for_unit("mautrix-meta-instagram.service") + + # homeserver + server.wait_for_unit("matrix-synapse.service") + + server.wait_for_open_port(8008) + # Bridges only open the port after they contact the homeserver + server.wait_for_open_port(8009) + server.wait_for_open_port(8010) + + with subtest("register user"): + client.succeed("register_user ${username} ${homeserverUrl} >&2") + + with subtest("ensure messages can be exchanged"): + client.succeed("do_test ${username} ${facebookBotUsername} ${homeserverUrl} >&2") + client.succeed("do_test ${username} ${instagramBotUsername} ${homeserverUrl} >&2") + + with subtest("ensure as_token and hs_token stays same after restart"): + generated_as_token_facebook = get_as_token_from(config_yaml) + generated_hs_token_facebook = get_hs_token_from(config_yaml) + + generated_as_token_facebook_registration = get_as_token_from(registration_yaml) + generated_hs_token_facebook_registration = get_hs_token_from(registration_yaml) + + # Indirectly checks the as token is not set to something like empty string or "null" + assert len(generated_as_token_facebook) > 20, f"as_token ({generated_as_token_facebook}) is too short, something went wrong" + assert len(generated_hs_token_facebook) > 20, f"hs_token ({generated_hs_token_facebook}) is too short, something went wrong" + + assert generated_as_token_facebook == generated_as_token_facebook_registration, f"as_token should be the same in registration ({generated_as_token_facebook_registration}) and configuration ({generated_as_token_facebook}) files" + assert generated_hs_token_facebook == generated_hs_token_facebook_registration, f"hs_token should be the same in registration ({generated_hs_token_facebook_registration}) and configuration ({generated_hs_token_facebook}) files" + + server.systemctl("restart mautrix-meta-facebook") + server.systemctl("restart mautrix-meta-instagram") + + server.wait_for_open_port(8009) + server.wait_for_open_port(8010) + + new_as_token_facebook = get_as_token_from(config_yaml) + new_hs_token_facebook = get_hs_token_from(config_yaml) + + assert generated_as_token_facebook == new_as_token_facebook, f"as_token should stay the same after restart inside the configuration file (is: {new_as_token_facebook}, was: {generated_as_token_facebook})" + assert generated_hs_token_facebook == new_hs_token_facebook, f"hs_token should stay the same after restart inside the configuration file (is: {new_hs_token_facebook}, was: {generated_hs_token_facebook})" + + new_as_token_facebook = get_as_token_from(registration_yaml) + new_hs_token_facebook = get_hs_token_from(registration_yaml) + + assert generated_as_token_facebook == new_as_token_facebook, f"as_token should stay the same after restart inside the registration file (is: {new_as_token_facebook}, was: {generated_as_token_facebook})" + assert generated_hs_token_facebook == new_hs_token_facebook, f"hs_token should stay the same after restart inside the registration file (is: {new_hs_token_facebook}, was: {generated_hs_token_facebook})" + + with subtest("ensure messages can be exchanged after restart"): + client.succeed("do_test ${username} ${instagramBotUsername} ${homeserverUrl} >&2") + client.succeed("do_test ${username} ${facebookBotUsername} ${homeserverUrl} >&2") + ''; + }) diff --git a/nixpkgs/nixos/tests/miniflux.nix b/nixpkgs/nixos/tests/miniflux.nix index 6d38224448ed..2adf9010051c 100644 --- a/nixpkgs/nixos/tests/miniflux.nix +++ b/nixpkgs/nixos/tests/miniflux.nix @@ -76,7 +76,7 @@ in systemd.services.postgresql.postStart = lib.mkAfter '' $PSQL -tAd miniflux -c 'CREATE EXTENSION hstore;' ''; - networking.firewall.allowedTCPPorts = [ config.services.postgresql.port ]; + networking.firewall.allowedTCPPorts = [ config.services.postgresql.settings.port ]; }; externalDb = { ... }: { security.apparmor.enable = true; diff --git a/nixpkgs/nixos/tests/miriway.nix b/nixpkgs/nixos/tests/miriway.nix index 24e6ec6367cd..94373bb75a91 100644 --- a/nixpkgs/nixos/tests/miriway.nix +++ b/nixpkgs/nixos/tests/miriway.nix @@ -19,10 +19,8 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { user = "alice"; }; - services.xserver = { - enable = true; - displayManager.defaultSession = lib.mkForce "miriway"; - }; + services.xserver.enable = true; + services.displayManager.defaultSession = lib.mkForce "miriway"; programs.miriway = { enable = true; diff --git a/nixpkgs/nixos/tests/mongodb.nix b/nixpkgs/nixos/tests/mongodb.nix index 68be6926865e..97729e38864c 100644 --- a/nixpkgs/nixos/tests/mongodb.nix +++ b/nixpkgs/nixos/tests/mongodb.nix @@ -33,7 +33,6 @@ import ./make-test-python.nix ({ pkgs, ... }: nodes = { node = {...}: { environment.systemPackages = with pkgs; [ - mongodb-4_4 mongodb-5_0 ]; }; @@ -42,7 +41,6 @@ import ./make-test-python.nix ({ pkgs, ... }: testScript = '' node.start() '' - + runMongoDBTest pkgs.mongodb-4_4 + runMongoDBTest pkgs.mongodb-5_0 + '' node.shutdown() diff --git a/nixpkgs/nixos/tests/mycelium/default.nix b/nixpkgs/nixos/tests/mycelium/default.nix index f0d72436843c..9174c49d7086 100644 --- a/nixpkgs/nixos/tests/mycelium/default.nix +++ b/nixpkgs/nixos/tests/mycelium/default.nix @@ -1,6 +1,6 @@ import ../make-test-python.nix ({ lib, ... }: let - peer1-ip = "531:c350:28c1:dfde:ea6d:77d1:a60b:7209"; - peer2-ip = "49f:3942:3a55:d100:4c78:c558:c4f:695b"; + peer1-ip = "538:f40f:1c51:9bd9:9569:d3f6:d0a1:b2df"; + peer2-ip = "5b6:6776:fee0:c1f3:db00:b6a8:d013:d38f"; in { name = "mycelium"; diff --git a/nixpkgs/nixos/tests/networking.nix b/nixpkgs/nixos/tests/networking/networkd-and-scripted.nix index 6bd89902eedb..777c00f74e22 100644 --- a/nixpkgs/nixos/tests/networking.nix +++ b/nixpkgs/nixos/tests/networking/networkd-and-scripted.nix @@ -4,98 +4,19 @@ # bool: whether to use networkd in the tests , networkd }: -with import ../lib/testing-python.nix { inherit system pkgs; }; -with pkgs.lib; +with import ../../lib/testing-python.nix { inherit system pkgs; }; let - qemu-common = import ../lib/qemu-common.nix { inherit (pkgs) lib pkgs; }; - - router = { config, pkgs, lib, ... }: - with pkgs.lib; - let - vlanIfs = range 1 (length config.virtualisation.vlans); - in { - environment.systemPackages = [ pkgs.iptables ]; # to debug firewall rules - virtualisation.vlans = [ 1 2 3 ]; - boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = true; - networking = { - useDHCP = false; - useNetworkd = networkd; - firewall.checkReversePath = true; - firewall.allowedUDPPorts = [ 547 ]; - interfaces = mkOverride 0 (listToAttrs (forEach vlanIfs (n: - nameValuePair "eth${toString n}" { - ipv4.addresses = [ { address = "192.168.${toString n}.1"; prefixLength = 24; } ]; - ipv6.addresses = [ { address = "fd00:1234:5678:${toString n}::1"; prefixLength = 64; } ]; - }))); - }; - services.kea = { - dhcp4 = { - enable = true; - settings = { - interfaces-config = { - interfaces = map (n: "eth${toString n}") vlanIfs; - dhcp-socket-type = "raw"; - service-sockets-require-all = true; - service-sockets-max-retries = 5; - service-sockets-retry-wait-time = 2500; - }; - subnet4 = map (n: { - id = n; - subnet = "192.168.${toString n}.0/24"; - pools = [{ pool = "192.168.${toString n}.3 - 192.168.${toString n}.254"; }]; - option-data = [{ name = "routers"; data = "192.168.${toString n}.1"; }]; - - reservations = [{ - hw-address = qemu-common.qemuNicMac n 1; - hostname = "client${toString n}"; - ip-address = "192.168.${toString n}.2"; - }]; - }) vlanIfs; - }; - }; - dhcp6 = { - enable = true; - settings = { - interfaces-config = { - interfaces = map (n: "eth${toString n}") vlanIfs; - service-sockets-require-all = true; - service-sockets-max-retries = 5; - service-sockets-retry-wait-time = 2500; - }; - - subnet6 = map (n: { - id = n; - subnet = "fd00:1234:5678:${toString n}::/64"; - interface = "eth${toString n}"; - pools = [{ pool = "fd00:1234:5678:${toString n}::2-fd00:1234:5678:${toString n}::2"; }]; - }) vlanIfs; - }; - }; - }; - services.radvd = { - enable = true; - config = flip concatMapStrings vlanIfs (n: '' - interface eth${toString n} { - AdvSendAdvert on; - AdvManagedFlag on; - AdvOtherConfigFlag on; - - prefix fd00:1234:5678:${toString n}::/64 { - AdvAutonomous off; - }; - }; - ''); - }; - }; - + lib = pkgs.lib; + router = import ./router.nix { inherit networkd; }; + clientConfig = extraConfig: lib.recursiveUpdate { + networking.useDHCP = false; + networking.useNetworkd = networkd; + } extraConfig; testCases = { loopback = { name = "Loopback"; - nodes.client = { pkgs, ... }: with pkgs.lib; { - networking.useDHCP = false; - networking.useNetworkd = networkd; - }; + nodes.client = clientConfig {}; testScript = '' start_all() client.wait_for_unit("network.target") @@ -107,12 +28,10 @@ let static = { name = "Static"; nodes.router = router; - nodes.client = { pkgs, ... }: with pkgs.lib; { + nodes.client = clientConfig { virtualisation.interfaces.enp1s0.vlan = 1; virtualisation.interfaces.enp2s0.vlan = 2; networking = { - useNetworkd = networkd; - useDHCP = false; defaultGateway = { address = "192.168.1.1"; interface = "enp1s0"; }; defaultGateway6 = { address = "fd00:1234:5678:1::1"; interface = "enp1s0"; }; interfaces.enp1s0.ipv4.addresses = [ @@ -125,8 +44,7 @@ let ]; }; }; - testScript = { ... }: - '' + testScript = '' start_all() client.wait_for_unit("network.target") @@ -139,35 +57,23 @@ let with subtest("Test vlan 1"): client.wait_until_succeeds("ping -c 1 192.168.1.1") - client.wait_until_succeeds("ping -c 1 192.168.1.2") - client.wait_until_succeeds("ping -c 1 192.168.1.3") - client.wait_until_succeeds("ping -c 1 192.168.1.10") - - router.wait_until_succeeds("ping -c 1 192.168.1.1") router.wait_until_succeeds("ping -c 1 192.168.1.2") router.wait_until_succeeds("ping -c 1 192.168.1.3") router.wait_until_succeeds("ping -c 1 192.168.1.10") with subtest("Test vlan 2"): client.wait_until_succeeds("ping -c 1 192.168.2.1") - client.wait_until_succeeds("ping -c 1 192.168.2.2") - - router.wait_until_succeeds("ping -c 1 192.168.2.1") router.wait_until_succeeds("ping -c 1 192.168.2.2") with subtest("Test default gateway"): - router.wait_until_succeeds("ping -c 1 192.168.3.1") client.wait_until_succeeds("ping -c 1 192.168.3.1") - router.wait_until_succeeds("ping -c 1 fd00:1234:5678:3::1") client.wait_until_succeeds("ping -c 1 fd00:1234:5678:3::1") ''; }; routeType = { name = "RouteType"; - nodes.client = { pkgs, ... }: with pkgs.lib; { + nodes.client = clientConfig { networking = { - useDHCP = false; - useNetworkd = networkd; interfaces.eth1.ipv4.routes = [{ address = "192.168.1.127"; prefixLength = 32; @@ -184,7 +90,7 @@ let dhcpDefault = { name = "useDHCP-by-default"; nodes.router = router; - nodes.client = { lib, ... }: { + nodes.client = { # Disable test driver default config networking.interfaces = lib.mkForce { # Make sure DHCP defaults correctly even when some unrelated config @@ -198,28 +104,22 @@ let start_all() client.wait_for_unit("multi-user.target") client.wait_until_succeeds("ip addr show dev enp1s0 | grep '192.168.1'") - client.shell_interact() - client.succeed("ping -c 1 192.168.1.1") router.succeed("ping -c 1 192.168.1.1") - router.succeed("ping -c 1 192.168.1.2") client.succeed("ping -c 1 192.168.1.2") ''; }; dhcpSimple = { name = "SimpleDHCP"; nodes.router = router; - nodes.client = { pkgs, ... }: with pkgs.lib; { + nodes.client = clientConfig { virtualisation.interfaces.enp1s0.vlan = 1; virtualisation.interfaces.enp2s0.vlan = 2; networking = { - useNetworkd = networkd; - useDHCP = false; interfaces.enp1s0.useDHCP = true; interfaces.enp2s0.useDHCP = true; }; }; - testScript = { ... }: - '' + testScript = '' start_all() client.wait_for_unit("network.target") @@ -234,44 +134,31 @@ let with subtest("Test vlan 1"): client.wait_until_succeeds("ping -c 1 192.168.1.1") - client.wait_until_succeeds("ping -c 1 192.168.1.2") client.wait_until_succeeds("ping -c 1 fd00:1234:5678:1::1") - client.wait_until_succeeds("ping -c 1 fd00:1234:5678:1::2") - - router.wait_until_succeeds("ping -c 1 192.168.1.1") router.wait_until_succeeds("ping -c 1 192.168.1.2") - router.wait_until_succeeds("ping -c 1 fd00:1234:5678:1::1") router.wait_until_succeeds("ping -c 1 fd00:1234:5678:1::2") with subtest("Test vlan 2"): client.wait_until_succeeds("ping -c 1 192.168.2.1") - client.wait_until_succeeds("ping -c 1 192.168.2.2") client.wait_until_succeeds("ping -c 1 fd00:1234:5678:2::1") - client.wait_until_succeeds("ping -c 1 fd00:1234:5678:2::2") - - router.wait_until_succeeds("ping -c 1 192.168.2.1") router.wait_until_succeeds("ping -c 1 192.168.2.2") - router.wait_until_succeeds("ping -c 1 fd00:1234:5678:2::1") router.wait_until_succeeds("ping -c 1 fd00:1234:5678:2::2") ''; }; dhcpOneIf = { name = "OneInterfaceDHCP"; nodes.router = router; - nodes.client = { pkgs, ... }: with pkgs.lib; { + nodes.client = clientConfig { virtualisation.interfaces.enp1s0.vlan = 1; virtualisation.interfaces.enp2s0.vlan = 2; networking = { - useNetworkd = networkd; - useDHCP = false; interfaces.enp1s0 = { mtu = 1343; useDHCP = true; }; }; }; - testScript = { ... }: - '' + testScript = '' start_all() with subtest("Wait for networking to come up"): @@ -286,9 +173,6 @@ let with subtest("Test vlan 1"): client.wait_until_succeeds("ping -c 1 192.168.1.1") - client.wait_until_succeeds("ping -c 1 192.168.1.2") - - router.wait_until_succeeds("ping -c 1 192.168.1.1") router.wait_until_succeeds("ping -c 1 192.168.1.2") with subtest("Test vlan 2"): @@ -300,17 +184,15 @@ let ''; }; bond = let - node = address: { pkgs, ... }: with pkgs.lib; { + node = address: clientConfig { virtualisation.interfaces.enp1s0.vlan = 1; virtualisation.interfaces.enp2s0.vlan = 2; networking = { - useNetworkd = networkd; - useDHCP = false; bonds.bond0 = { interfaces = [ "enp1s0" "enp2s0" ]; driverOptions.mode = "802.3ad"; }; - interfaces.bond0.ipv4.addresses = mkOverride 0 + interfaces.bond0.ipv4.addresses = lib.mkOverride 0 [ { inherit address; prefixLength = 30; } ]; }; }; @@ -318,8 +200,7 @@ let name = "Bond"; nodes.client1 = node "192.168.1.1"; nodes.client2 = node "192.168.1.2"; - testScript = { ... }: - '' + testScript = '' start_all() with subtest("Wait for networking to come up"): @@ -339,7 +220,7 @@ let ''; }; bridge = let - node = { address, vlan }: { pkgs, ... }: with pkgs.lib; { + node = { address, vlan }: { pkgs, ... }: { virtualisation.interfaces.enp1s0.vlan = vlan; networking = { useNetworkd = networkd; @@ -351,21 +232,20 @@ let name = "Bridge"; nodes.client1 = node { address = "192.168.1.2"; vlan = 1; }; nodes.client2 = node { address = "192.168.1.3"; vlan = 2; }; - nodes.router = { pkgs, ... }: with pkgs.lib; { + nodes.router = { virtualisation.interfaces.enp1s0.vlan = 1; virtualisation.interfaces.enp2s0.vlan = 2; networking = { useNetworkd = networkd; useDHCP = false; bridges.bridge.interfaces = [ "enp1s0" "enp2s0" ]; - interfaces.eth1.ipv4.addresses = mkOverride 0 [ ]; - interfaces.eth2.ipv4.addresses = mkOverride 0 [ ]; - interfaces.bridge.ipv4.addresses = mkOverride 0 + interfaces.eth1.ipv4.addresses = lib.mkOverride 0 [ ]; + interfaces.eth2.ipv4.addresses = lib.mkOverride 0 [ ]; + interfaces.bridge.ipv4.addresses = lib.mkOverride 0 [ { address = "192.168.1.1"; prefixLength = 24; } ]; }; }; - testScript = { ... }: - '' + testScript = '' start_all() with subtest("Wait for networking to come up"): @@ -389,7 +269,7 @@ let macvlan = { name = "MACVLAN"; nodes.router = router; - nodes.client = { pkgs, ... }: with pkgs.lib; { + nodes.client = { pkgs, ... }: { environment.systemPackages = [ pkgs.iptables ]; # to debug firewall rules virtualisation.interfaces.enp1s0.vlan = 1; networking = { @@ -404,8 +284,7 @@ let interfaces.macvlan.useDHCP = true; }; }; - testScript = { ... }: - '' + testScript = '' start_all() with subtest("Wait for networking to come up"): @@ -439,34 +318,31 @@ let }; fou = { name = "foo-over-udp"; - nodes.machine = { ... }: { + nodes.machine = clientConfig { virtualisation.interfaces.enp1s0.vlan = 1; networking = { - useNetworkd = networkd; - useDHCP = false; interfaces.enp1s0.ipv4.addresses = [ { address = "192.168.1.1"; prefixLength = 24; } ]; fooOverUDP = { fou1 = { port = 9001; }; fou2 = { port = 9002; protocol = 41; }; - fou3 = mkIf (!networkd) + fou3 = lib.mkIf (!networkd) { port = 9003; local.address = "192.168.1.1"; }; - fou4 = mkIf (!networkd) + fou4 = lib.mkIf (!networkd) { port = 9004; local = { address = "192.168.1.1"; dev = "enp1s0"; }; }; }; }; systemd.services = { - fou3-fou-encap.after = optional (!networkd) "network-addresses-enp1s0.service"; + fou3-fou-encap.after = lib.optional (!networkd) "network-addresses-enp1s0.service"; }; }; - testScript = { ... }: - '' + testScript = '' import json machine.wait_for_unit("network.target") fous = json.loads(machine.succeed("ip -json fou show")) assert {"port": 9001, "gue": None, "family": "inet"} in fous, "fou1 exists" assert {"port": 9002, "ipproto": 41, "family": "inet"} in fous, "fou2 exists" - '' + optionalString (!networkd) '' + '' + lib.optionalString (!networkd) '' assert { "port": 9003, "gue": None, @@ -483,7 +359,7 @@ let ''; }; sit = let - node = { address4, remote, address6 }: { pkgs, ... }: with pkgs.lib; { + node = { address4, remote, address6 }: { pkgs, ... }: { virtualisation.interfaces.enp1s0.vlan = 1; networking = { useNetworkd = networkd; @@ -493,9 +369,9 @@ let local = address4; dev = "enp1s0"; }; - interfaces.enp1s0.ipv4.addresses = mkOverride 0 + interfaces.enp1s0.ipv4.addresses = lib.mkOverride 0 [ { address = address4; prefixLength = 24; } ]; - interfaces.sit.ipv6.addresses = mkOverride 0 + interfaces.sit.ipv6.addresses = lib.mkOverride 0 [ { address = address6; prefixLength = 64; } ]; }; }; @@ -506,7 +382,7 @@ let # client2 does the reverse, sending in proto-41 and accepting only UDP incoming. # that way we'll notice when either SIT itself or FOU breaks. nodes.client1 = args@{ pkgs, ... }: - mkMerge [ + lib.mkMerge [ (node { address4 = "192.168.1.1"; remote = "192.168.1.2"; address6 = "fc00::1"; } args) { networking = { @@ -516,7 +392,7 @@ let } ]; nodes.client2 = args@{ pkgs, ... }: - mkMerge [ + lib.mkMerge [ (node { address4 = "192.168.1.2"; remote = "192.168.1.1"; address6 = "fc00::2"; } args) { networking = { @@ -525,8 +401,7 @@ let }; } ]; - testScript = { ... }: - '' + testScript = '' start_all() with subtest("Wait for networking to be configured"): @@ -546,7 +421,7 @@ let ''; }; gre = let - node = { pkgs, ... }: with pkgs.lib; { + node = { ... }: { networking = { useNetworkd = networkd; useDHCP = false; @@ -556,7 +431,7 @@ let in { name = "GRE"; nodes.client1 = args@{ pkgs, ... }: - mkMerge [ + lib.mkMerge [ (node args) { virtualisation.vlans = [ 1 2 4 ]; @@ -578,21 +453,21 @@ let }; }; bridges.bridge.interfaces = [ "greTunnel" "eth1" ]; - interfaces.eth1.ipv4.addresses = mkOverride 0 []; - interfaces.bridge.ipv4.addresses = mkOverride 0 [ + interfaces.eth1.ipv4.addresses = lib.mkOverride 0 []; + interfaces.bridge.ipv4.addresses = lib.mkOverride 0 [ { address = "192.168.1.1"; prefixLength = 24; } ]; interfaces.eth3.ipv6.addresses = [ { address = "fd00:1234:5678:4::1"; prefixLength = 64; } ]; - interfaces.gre6Tunnel.ipv6.addresses = mkOverride 0 [ + interfaces.gre6Tunnel.ipv6.addresses = lib.mkOverride 0 [ { address = "fc00::1"; prefixLength = 64; } ]; }; } ]; nodes.client2 = args@{ pkgs, ... }: - mkMerge [ + lib.mkMerge [ (node args) { virtualisation.vlans = [ 2 3 4 ]; @@ -614,21 +489,20 @@ let }; }; bridges.bridge.interfaces = [ "greTunnel" "eth2" ]; - interfaces.eth2.ipv4.addresses = mkOverride 0 []; - interfaces.bridge.ipv4.addresses = mkOverride 0 [ + interfaces.eth2.ipv4.addresses = lib.mkOverride 0 []; + interfaces.bridge.ipv4.addresses = lib.mkOverride 0 [ { address = "192.168.1.2"; prefixLength = 24; } ]; interfaces.eth3.ipv6.addresses = [ { address = "fd00:1234:5678:4::2"; prefixLength = 64; } ]; - interfaces.gre6Tunnel.ipv6.addresses = mkOverride 0 [ + interfaces.gre6Tunnel.ipv6.addresses = lib.mkOverride 0 [ { address = "fc00::2"; prefixLength = 64; } ]; }; } ]; - testScript = { ... }: - '' + testScript = '' import json start_all() @@ -658,8 +532,7 @@ let ''; }; vlan = let - node = address: { pkgs, ... }: with pkgs.lib; { - #virtualisation.vlans = [ 1 ]; + node = address: { networking = { useNetworkd = networkd; useDHCP = false; @@ -667,9 +540,9 @@ let id = 1; interface = "eth0"; }; - interfaces.eth0.ipv4.addresses = mkOverride 0 [ ]; - interfaces.eth1.ipv4.addresses = mkOverride 0 [ ]; - interfaces.vlan.ipv4.addresses = mkOverride 0 + interfaces.eth0.ipv4.addresses = lib.mkOverride 0 [ ]; + interfaces.eth1.ipv4.addresses = lib.mkOverride 0 [ ]; + interfaces.vlan.ipv4.addresses = lib.mkOverride 0 [ { inherit address; prefixLength = 24; } ]; }; }; @@ -677,8 +550,7 @@ let name = "vlan"; nodes.client1 = node "192.168.1.1"; nodes.client2 = node "192.168.1.2"; - testScript = { ... }: - '' + testScript = '' start_all() with subtest("Wait for networking to be configured"): @@ -695,14 +567,14 @@ let vlanIP = number: "10.1.1.${number}"; baseInterface = "enp1s0"; vlanInterface = "vlan42"; - node = number: {pkgs, ... }: with pkgs.lib; { + node = number: { virtualisation.interfaces.enp1s0.vlan = 1; networking = { #useNetworkd = networkd; useDHCP = false; vlans.${vlanInterface} = { id = 42; interface = baseInterface; }; - interfaces.${baseInterface}.ipv4.addresses = mkOverride 0 [{ address = baseIP number; prefixLength = 24; }]; - interfaces.${vlanInterface}.ipv4.addresses = mkOverride 0 [{ address = vlanIP number; prefixLength = 24; }]; + interfaces.${baseInterface}.ipv4.addresses = lib.mkOverride 0 [{ address = baseIP number; prefixLength = 24; }]; + interfaces.${vlanInterface}.ipv4.addresses = lib.mkOverride 0 [{ address = vlanIP number; prefixLength = 24; }]; }; }; @@ -713,8 +585,7 @@ let name = "vlan-ping"; nodes.server = node serverNodeNum; nodes.client = node clientNodeNum; - testScript = { ... }: - '' + testScript = '' start_all() with subtest("Wait for networking to be configured"): @@ -778,7 +649,7 @@ let machine.wait_until_succeeds("ip link show dev tun0 | grep 'mtu 1343'") assert "02:de:ad:be:ef:01" in machine.succeed("ip link show dev tap0") '' # network-addresses-* only exist in scripted networking - + optionalString (!networkd) '' + + lib.optionalString (!networkd) '' with subtest("Test interfaces clean up"): machine.succeed("systemctl stop network-addresses-tap0") machine.sleep(10) @@ -792,13 +663,13 @@ let }; privacy = { name = "Privacy"; - nodes.router = { ... }: { + nodes.router = { virtualisation.interfaces.enp1s0.vlan = 1; boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = true; networking = { useNetworkd = networkd; useDHCP = false; - interfaces.enp1s0.ipv6.addresses = singleton { + interfaces.enp1s0.ipv6.addresses = lib.singleton { address = "fd00:1234:5678:1::1"; prefixLength = 64; }; @@ -819,34 +690,33 @@ let ''; }; }; - nodes.client_with_privacy = { pkgs, ... }: with pkgs.lib; { + nodes.client_with_privacy = { virtualisation.interfaces.enp1s0.vlan = 1; networking = { useNetworkd = networkd; useDHCP = false; interfaces.enp1s0 = { tempAddress = "default"; - ipv4.addresses = mkOverride 0 [ ]; - ipv6.addresses = mkOverride 0 [ ]; + ipv4.addresses = lib.mkOverride 0 [ ]; + ipv6.addresses = lib.mkOverride 0 [ ]; useDHCP = true; }; }; }; - nodes.client = { pkgs, ... }: with pkgs.lib; { + nodes.client = { virtualisation.interfaces.enp1s0.vlan = 1; networking = { useNetworkd = networkd; useDHCP = false; interfaces.enp1s0 = { tempAddress = "enabled"; - ipv4.addresses = mkOverride 0 [ ]; - ipv6.addresses = mkOverride 0 [ ]; + ipv4.addresses = lib.mkOverride 0 [ ]; + ipv6.addresses = lib.mkOverride 0 [ ]; useDHCP = true; }; }; }; - testScript = { ... }: - '' + testScript = '' start_all() client.wait_for_unit("network.target") @@ -943,7 +813,7 @@ let ipv6Table, targetIPv6Table ) - '' + optionalString (!networkd) '' + '' + lib.optionalString (!networkd) '' with subtest("test clean-up of the tables"): machine.succeed("systemctl stop network-addresses-eth0") ipv4Residue = machine.succeed("ip -4 route list dev eth0 | head -n-3").strip() @@ -958,7 +828,7 @@ let }; rename = if networkd then { name = "RenameInterface"; - nodes.machine = { pkgs, ... }: { + nodes.machine = { virtualisation.vlans = [ 1 ]; networking = { useNetworkd = networkd; @@ -982,7 +852,7 @@ let # (as it's handled by udev, not networkd) link = { name = "Link"; - nodes.client = { pkgs, ... }: { + nodes.client = { virtualisation.vlans = [ 1 ]; networking = { useNetworkd = networkd; @@ -1007,7 +877,7 @@ let testMac = "06:00:00:00:02:00"; in { name = "WlanInterface"; - nodes.machine = { pkgs, ... }: { + nodes.machine = { boot.kernelModules = [ "mac80211_hwsim" ]; networking.wlanInterfaces = { wlan0 = { device = "wlan0"; }; @@ -1033,10 +903,10 @@ let ]; in { name = "naughtyInterfaceNames"; - nodes.machine = { pkgs, ... }: { + nodes.machine = { networking.useNetworkd = networkd; - networking.bridges = listToAttrs - (flip map ifnames + networking.bridges = lib.listToAttrs + (lib.flip builtins.map ifnames (name: { inherit name; value.interfaces = []; })); }; testScript = '' @@ -1048,7 +918,7 @@ let }; caseSensitiveRenaming = { name = "CaseSensitiveRenaming"; - nodes.machine = { pkgs, ... }: { + nodes.machine = { virtualisation.interfaces.enCustom.vlan = 11; networking = { useNetworkd = networkd; @@ -1063,6 +933,6 @@ let }; }; -in mapAttrs (const (attrs: makeTest (attrs // { +in lib.mapAttrs (lib.const (attrs: makeTest (attrs // { name = "${attrs.name}-Networking-${if networkd then "Networkd" else "Scripted"}"; }))) testCases diff --git a/nixpkgs/nixos/tests/networking/networkmanager.nix b/nixpkgs/nixos/tests/networking/networkmanager.nix new file mode 100644 index 000000000000..e654e37d7efb --- /dev/null +++ b/nixpkgs/nixos/tests/networking/networkmanager.nix @@ -0,0 +1,172 @@ +{ system ? builtins.currentSystem +, config ? {} +, pkgs ? import ../.. { inherit system config; } +}: + +with import ../../lib/testing-python.nix { inherit system pkgs; }; + +let + lib = pkgs.lib; + # this is intended as a client test since you shouldn't use NetworkManager for a router or server + # so using systemd-networkd for the router vm is fine in these tests. + router = import ./router.nix { networkd = true; }; + qemu-common = import ../../lib/qemu-common.nix { inherit (pkgs) lib pkgs; }; + clientConfig = extraConfig: lib.recursiveUpdate { + networking.useDHCP = false; + + # Make sure that only NetworkManager configures the interface + networking.interfaces = lib.mkForce { + eth1 = {}; + }; + networking.networkmanager = { + enable = true; + # this is needed so NM doesn't generate 'Wired Connection' profiles and instead uses the default one + settings.main.no-auto-default = "*"; + ensureProfiles.profiles.default = { + connection = { + id = "default"; + type = "ethernet"; + interface-name = "eth1"; + autoconnect = true; + }; + }; + }; + } extraConfig; + testCases = { + static = { + name = "static"; + nodes = { + inherit router; + client = clientConfig { + networking.networkmanager.ensureProfiles.profiles.default = { + ipv4.method = "manual"; + ipv4.addresses = "192.168.1.42/24"; + ipv4.gateway = "192.168.1.1"; + ipv6.method = "manual"; + ipv6.addresses = "fd00:1234:5678:1::42/64"; + ipv6.gateway = "fd00:1234:5678:1::1"; + }; + }; + }; + testScript = '' + start_all() + router.systemctl("start network-online.target") + router.wait_for_unit("network-online.target") + client.wait_for_unit("NetworkManager.service") + + with subtest("Wait until we have an ip address on each interface"): + client.wait_until_succeeds("ip addr show dev eth1 | grep -q '192.168.1'") + client.wait_until_succeeds("ip addr show dev eth1 | grep -q 'fd00:1234:5678:1:'") + + with subtest("Test if icmp echo works"): + client.wait_until_succeeds("ping -c 1 192.168.3.1") + client.wait_until_succeeds("ping -c 1 fd00:1234:5678:3::1") + router.wait_until_succeeds("ping -c 1 192.168.1.42") + router.wait_until_succeeds("ping -c 1 fd00:1234:5678:1::42") + ''; + }; + auto = { + name = "auto"; + nodes = { + inherit router; + client = clientConfig { + networking.networkmanager.ensureProfiles.profiles.default = { + ipv4.method = "auto"; + ipv6.method = "auto"; + }; + }; + }; + testScript = '' + start_all() + router.systemctl("start network-online.target") + router.wait_for_unit("network-online.target") + client.wait_for_unit("NetworkManager.service") + + with subtest("Wait until we have an ip address on each interface"): + client.wait_until_succeeds("ip addr show dev eth1 | grep -q '192.168.1'") + client.wait_until_succeeds("ip addr show dev eth1 | grep -q 'fd00:1234:5678:1:'") + + with subtest("Test if icmp echo works"): + client.wait_until_succeeds("ping -c 1 192.168.1.1") + client.wait_until_succeeds("ping -c 1 fd00:1234:5678:1::1") + router.wait_until_succeeds("ping -c 1 192.168.1.2") + router.wait_until_succeeds("ping -c 1 fd00:1234:5678:1::2") + ''; + }; + dns = { + name = "dns"; + nodes = { + inherit router; + dynamic = clientConfig { + networking.networkmanager.ensureProfiles.profiles.default = { + ipv4.method = "auto"; + }; + }; + static = clientConfig { + networking.networkmanager.ensureProfiles.profiles.default = { + ipv4 = { + method = "auto"; + ignore-auto-dns = "true"; + dns = "10.10.10.10"; + dns-search = ""; + }; + }; + }; + }; + testScript = '' + start_all() + router.systemctl("start network-online.target") + router.wait_for_unit("network-online.target") + dynamic.wait_for_unit("NetworkManager.service") + static.wait_for_unit("NetworkManager.service") + + dynamic.wait_until_succeeds("cat /etc/resolv.conf | grep -q '192.168.1.1'") + static.wait_until_succeeds("cat /etc/resolv.conf | grep -q '10.10.10.10'") + static.wait_until_fails("cat /etc/resolv.conf | grep -q '192.168.1.1'") + ''; + }; + dispatcherScripts = { + name = "dispatcherScripts"; + nodes.client = clientConfig { + networking.networkmanager.dispatcherScripts = [{ + type = "pre-up"; + source = pkgs.writeText "testHook" '' + touch /tmp/dispatcher-scripts-are-working + ''; + }]; + }; + testScript = '' + start_all() + client.wait_for_unit("NetworkManager.service") + client.wait_until_succeeds("stat /tmp/dispatcher-scripts-are-working") + ''; + }; + envsubst = { + name = "envsubst"; + nodes.client = let + # you should never write secrets in to your nixos configuration, please use tools like sops-nix or agenix + secretFile = pkgs.writeText "my-secret.env" '' + MY_SECRET_IP=fd00:1234:5678:1::23/64 + ''; + in clientConfig { + networking.networkmanager.ensureProfiles.environmentFiles = [ secretFile ]; + networking.networkmanager.ensureProfiles.profiles.default = { + ipv6.method = "manual"; + ipv6.addresses = "$MY_SECRET_IP"; + }; + }; + testScript = '' + start_all() + client.wait_for_unit("NetworkManager.service") + client.wait_until_succeeds("ip addr show dev eth1 | grep -q 'fd00:1234:5678:1:'") + client.wait_until_succeeds("ping -c 1 fd00:1234:5678:1::23") + ''; + }; + }; +in lib.mapAttrs (lib.const (attrs: makeTest (attrs // { + name = "${attrs.name}-Networking-NetworkManager"; + meta = { + maintainers = with lib.maintainers; [ janik ]; + }; + +}))) testCases diff --git a/nixpkgs/nixos/tests/networking/router.nix b/nixpkgs/nixos/tests/networking/router.nix new file mode 100644 index 000000000000..e0ad7fa01591 --- /dev/null +++ b/nixpkgs/nixos/tests/networking/router.nix @@ -0,0 +1,82 @@ +{ networkd }: { config, pkgs, ... }: + let + inherit (pkgs) lib; + qemu-common = import ../../lib/qemu-common.nix { inherit lib pkgs; }; + vlanIfs = lib.range 1 (lib.length config.virtualisation.vlans); + in { + environment.systemPackages = [ pkgs.iptables ]; # to debug firewall rules + virtualisation.vlans = [ 1 2 3 ]; + boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = true; + networking = { + useDHCP = false; + useNetworkd = networkd; + firewall.checkReversePath = true; + firewall.allowedUDPPorts = [ 547 ]; + interfaces = lib.mkOverride 0 (lib.listToAttrs (lib.forEach vlanIfs (n: + lib.nameValuePair "eth${toString n}" { + ipv4.addresses = [ { address = "192.168.${toString n}.1"; prefixLength = 24; } ]; + ipv6.addresses = [ { address = "fd00:1234:5678:${toString n}::1"; prefixLength = 64; } ]; + }))); + }; + services.kea = { + dhcp4 = { + enable = true; + settings = { + interfaces-config = { + interfaces = map (n: "eth${toString n}") vlanIfs; + dhcp-socket-type = "raw"; + service-sockets-require-all = true; + service-sockets-max-retries = 5; + service-sockets-retry-wait-time = 2500; + }; + subnet4 = map (n: { + id = n; + subnet = "192.168.${toString n}.0/24"; + pools = [{ pool = "192.168.${toString n}.3 - 192.168.${toString n}.254"; }]; + option-data = [ + { data = "192.168.${toString n}.1"; name = "routers"; } + { data = "192.168.${toString n}.1"; name = "domain-name-servers"; } + ]; + + reservations = [{ + hw-address = qemu-common.qemuNicMac n 1; + hostname = "client${toString n}"; + ip-address = "192.168.${toString n}.2"; + }]; + }) vlanIfs; + }; + }; + dhcp6 = { + enable = true; + settings = { + interfaces-config = { + interfaces = map (n: "eth${toString n}") vlanIfs; + service-sockets-require-all = true; + service-sockets-max-retries = 5; + service-sockets-retry-wait-time = 2500; + }; + + subnet6 = map (n: { + id = n; + subnet = "fd00:1234:5678:${toString n}::/64"; + interface = "eth${toString n}"; + pools = [{ pool = "fd00:1234:5678:${toString n}::2-fd00:1234:5678:${toString n}::2"; }]; + }) vlanIfs; + }; + }; + }; + services.radvd = { + enable = true; + config = lib.flip lib.concatMapStrings vlanIfs (n: '' + interface eth${toString n} { + AdvSendAdvert on; + AdvManagedFlag on; + AdvOtherConfigFlag on; + + prefix fd00:1234:5678:${toString n}::/64 { + AdvAutonomous off; + }; + }; + ''); + }; + } diff --git a/nixpkgs/nixos/tests/nextcloud/default.nix b/nixpkgs/nixos/tests/nextcloud/default.nix index 84ac37153727..d024adffd9f0 100644 --- a/nixpkgs/nixos/tests/nextcloud/default.nix +++ b/nixpkgs/nixos/tests/nextcloud/default.nix @@ -22,4 +22,4 @@ foldl }; }) { } - [ 26 27 28 ] + [ 27 28 29 ] diff --git a/nixpkgs/nixos/tests/nginx-sso.nix b/nixpkgs/nixos/tests/nginx-sso.nix index 221c5f4ed905..2bb9c7a1c3bb 100644 --- a/nixpkgs/nixos/tests/nginx-sso.nix +++ b/nixpkgs/nixos/tests/nginx-sso.nix @@ -1,7 +1,7 @@ import ./make-test-python.nix ({ pkgs, ... }: { name = "nginx-sso"; meta = { - maintainers = with pkgs.lib.maintainers; [ delroth ]; + maintainers = with pkgs.lib.maintainers; [ ambroisie ]; }; nodes.machine = { diff --git a/nixpkgs/nixos/tests/nimdow.nix b/nixpkgs/nixos/tests/nimdow.nix index cefe46edc5fb..0656ef04be48 100644 --- a/nixpkgs/nixos/tests/nimdow.nix +++ b/nixpkgs/nixos/tests/nimdow.nix @@ -7,7 +7,7 @@ import ./make-test-python.nix ({ pkgs, ...} : { nodes.machine = { lib, ... }: { imports = [ ./common/x11.nix ./common/user-account.nix ]; test-support.displayManager.auto.user = "alice"; - services.xserver.displayManager.defaultSession = lib.mkForce "none+nimdow"; + services.displayManager.defaultSession = lib.mkForce "none+nimdow"; services.xserver.windowManager.nimdow.enable = true; }; diff --git a/nixpkgs/nixos/tests/ocis.nix b/nixpkgs/nixos/tests/ocis.nix new file mode 100644 index 000000000000..35461e246749 --- /dev/null +++ b/nixpkgs/nixos/tests/ocis.nix @@ -0,0 +1,217 @@ +import ./make-test-python.nix ( + { lib, pkgs, ... }: + + let + # this is a demo user created by IDM_CREATE_DEMO_USERS=true + demoUser = "einstein"; + demoPassword = "relativity"; + + adminUser = "admin"; + adminPassword = "hunter2"; + testRunner = + pkgs.writers.writePython3Bin "test-runner" + { + libraries = [ pkgs.python3Packages.selenium ]; + flakeIgnore = [ "E501" ]; + } + '' + import sys + from selenium.webdriver.common.by import By + from selenium.webdriver import Firefox + from selenium.webdriver.firefox.options import Options + from selenium.webdriver.support.ui import WebDriverWait + from selenium.webdriver.support import expected_conditions as EC + + options = Options() + options.add_argument('--headless') + driver = Firefox(options=options) + + user = sys.argv[1] + password = sys.argv[2] + driver.implicitly_wait(20) + driver.get('https://localhost:9200/login') + wait = WebDriverWait(driver, 10) + wait.until(EC.title_contains("Sign in")) + driver.find_element(By.XPATH, '//*[@id="oc-login-username"]').send_keys(user) + driver.find_element(By.XPATH, '//*[@id="oc-login-password"]').send_keys(password) + driver.find_element(By.XPATH, '//*[@id="root"]//button').click() + wait.until(EC.title_contains("Personal")) + ''; + + # This was generated with `ocis init --config-path testconfig/ --admin-password "hunter2" --insecure true`. + testConfig = '' + token_manager: + jwt_secret: kaKYgfso*d9GA-yTM.&BTOUEuMz%Ai0H + machine_auth_api_key: sGWRG1JZ&qe&pe@N1HKK4#qH*B&@xLnO + system_user_api_key: h+m4aHPUtOtUJFKrc5B2=04C=7fDZaT- + transfer_secret: 4-R6AfUjQn0P&+h2+$skf0lJqmre$j=x + system_user_id: db180e0a-b38a-4edf-a4cd-a3d358248537 + admin_user_id: ea623f50-742d-4fd0-95bb-c61767b070d4 + graph: + application: + id: 11971eab-d560-4b95-a2d4-50726676bbd0 + events: + tls_insecure: true + spaces: + insecure: true + identity: + ldap: + bind_password: ^F&Vn7@mYGYGuxr$#qm^gGy@FVq=.w=y + service_account: + service_account_id: df39a290-3f3e-4e39-b67b-8b810ca2abac + service_account_secret: .demKypQ$=pGl+yRar!#YaFjLYCr4YwE + idp: + ldap: + bind_password: bv53IjS28x.nxth*%aRbE70%4TGNXbLU + idm: + service_user_passwords: + admin_password: hunter2 + idm_password: ^F&Vn7@mYGYGuxr$#qm^gGy@FVq=.w=y + reva_password: z-%@fWipLliR8lD#fl.0teC#9QbhJ^eb + idp_password: bv53IjS28x.nxth*%aRbE70%4TGNXbLU + proxy: + oidc: + insecure: true + insecure_backends: true + service_account: + service_account_id: df39a290-3f3e-4e39-b67b-8b810ca2abac + service_account_secret: .demKypQ$=pGl+yRar!#YaFjLYCr4YwE + frontend: + app_handler: + insecure: true + archiver: + insecure: true + service_account: + service_account_id: df39a290-3f3e-4e39-b67b-8b810ca2abac + service_account_secret: .demKypQ$=pGl+yRar!#YaFjLYCr4YwE + auth_basic: + auth_providers: + ldap: + bind_password: z-%@fWipLliR8lD#fl.0teC#9QbhJ^eb + auth_bearer: + auth_providers: + oidc: + insecure: true + users: + drivers: + ldap: + bind_password: z-%@fWipLliR8lD#fl.0teC#9QbhJ^eb + groups: + drivers: + ldap: + bind_password: z-%@fWipLliR8lD#fl.0teC#9QbhJ^eb + ocdav: + insecure: true + ocm: + service_account: + service_account_id: df39a290-3f3e-4e39-b67b-8b810ca2abac + service_account_secret: .demKypQ$=pGl+yRar!#YaFjLYCr4YwE + thumbnails: + thumbnail: + transfer_secret: 2%11!zAu*AYE&=d*8dfoZs8jK&5ZMm*% + webdav_allow_insecure: true + cs3_allow_insecure: true + search: + events: + tls_insecure: true + service_account: + service_account_id: df39a290-3f3e-4e39-b67b-8b810ca2abac + service_account_secret: .demKypQ$=pGl+yRar!#YaFjLYCr4YwE + audit: + events: + tls_insecure: true + settings: + service_account_ids: + - df39a290-3f3e-4e39-b67b-8b810ca2abac + sharing: + events: + tls_insecure: true + storage_users: + events: + tls_insecure: true + mount_id: ef72cb8b-809c-4592-bfd2-1df603295205 + service_account: + service_account_id: df39a290-3f3e-4e39-b67b-8b810ca2abac + service_account_secret: .demKypQ$=pGl+yRar!#YaFjLYCr4YwE + notifications: + notifications: + events: + tls_insecure: true + service_account: + service_account_id: df39a290-3f3e-4e39-b67b-8b810ca2abac + service_account_secret: .demKypQ$=pGl+yRar!#YaFjLYCr4YwE + nats: + nats: + tls_skip_verify_client_cert: true + gateway: + storage_registry: + storage_users_mount_id: ef72cb8b-809c-4592-bfd2-1df603295205 + userlog: + service_account: + service_account_id: df39a290-3f3e-4e39-b67b-8b810ca2abac + service_account_secret: .demKypQ$=pGl+yRar!#YaFjLYCr4YwE + auth_service: + service_account: + service_account_id: df39a290-3f3e-4e39-b67b-8b810ca2abac + service_account_secret: .demKypQ$=pGl+yRar!#YaFjLYCr4YwE + clientlog: + service_account: + service_account_id: df39a290-3f3e-4e39-b67b-8b810ca2abac + service_account_secret: .demKypQ$=pGl+yRar!#YaFjLYCr4YwE''; + in + + { + name = "ocis"; + + meta.maintainers = with lib.maintainers; [ + bhankas + ramblurr + ]; + + nodes.machine = + { config, ... }: + { + virtualisation.memorySize = 2048; + environment.systemPackages = [ + pkgs.firefox-unwrapped + pkgs.geckodriver + testRunner + ]; + + # if you do this in production, dont put secrets in this file because it will be written to the world readable nix store + environment.etc."ocis/ocis.env".text = '' + ADMIN_PASSWORD=${adminPassword} + IDM_CREATE_DEMO_USERS=true + ''; + + # if you do this in production, dont put secrets in this file because it will be written to the world readable nix store + environment.etc."ocis/config/ocis.yaml".text = testConfig; + + services.ocis = { + enable = true; + configDir = "/etc/ocis/config"; + environment = { + OCIS_INSECURE = "true"; + }; + environmentFile = "/etc/ocis/ocis.env"; + }; + }; + + testScript = '' + start_all() + machine.wait_for_unit("ocis.service") + machine.wait_for_open_port(9200) + # wait for ocis to fully come up + machine.sleep(5) + + with subtest("ocis bin works"): + machine.succeed("${lib.getExe pkgs.ocis-bin} version") + + with subtest("use the web interface to log in with a demo user"): + machine.succeed("PYTHONUNBUFFERED=1 systemd-cat -t test-runner test-runner ${demoUser} ${demoPassword}") + + with subtest("use the web interface to log in with the provisioned admin user"): + machine.succeed("PYTHONUNBUFFERED=1 systemd-cat -t test-runner test-runner ${adminUser} ${adminPassword}") + ''; + } +) diff --git a/nixpkgs/nixos/tests/oddjobd.nix b/nixpkgs/nixos/tests/oddjobd.nix new file mode 100644 index 000000000000..cc2d4079eebc --- /dev/null +++ b/nixpkgs/nixos/tests/oddjobd.nix @@ -0,0 +1,23 @@ +import ./make-test-python.nix ({ pkgs, lib, ... }: { + name = "oddjobd"; + meta.maintainers = [ lib.maintainers.anthonyroussel ]; + + nodes.machine = { ... } : { + environment.systemPackages = [ + pkgs.oddjob + ]; + + programs.oddjobd.enable = true; + }; + + testScript = '' + start_all() + + machine.wait_for_unit("oddjobd.service") + machine.wait_for_file("/run/oddjobd.pid") + + with subtest("send oddjob listall request"): + result = machine.succeed("oddjob_request -s com.redhat.oddjob -o /com/redhat/oddjob -i com.redhat.oddjob listall") + assert ('(service="com.redhat.oddjob",object="/com/redhat/oddjob",interface="com.redhat.oddjob",method="listall")' in result) + ''; +}) diff --git a/nixpkgs/nixos/tests/openssh.nix b/nixpkgs/nixos/tests/openssh.nix index 8074fd2ed483..2684b6f45e84 100644 --- a/nixpkgs/nixos/tests/openssh.nix +++ b/nixpkgs/nixos/tests/openssh.nix @@ -1,7 +1,7 @@ import ./make-test-python.nix ({ pkgs, ... }: let inherit (import ./ssh-keys.nix pkgs) - snakeOilPrivateKey snakeOilPublicKey; + snakeOilPrivateKey snakeOilPublicKey snakeOilEd25519PrivateKey snakeOilEd25519PublicKey; in { name = "openssh"; meta = with pkgs.lib.maintainers; { @@ -22,6 +22,19 @@ in { ]; }; + server-allowed-users = + { ... }: + + { + services.openssh = { enable = true; settings.AllowUsers = [ "alice" "bob" ]; }; + users.groups = { alice = { }; bob = { }; carol = { }; }; + users.users = { + alice = { isNormalUser = true; group = "alice"; openssh.authorizedKeys.keys = [ snakeOilPublicKey ]; }; + bob = { isNormalUser = true; group = "bob"; openssh.authorizedKeys.keys = [ snakeOilPublicKey ]; }; + carol = { isNormalUser = true; group = "carol"; openssh.authorizedKeys.keys = [ snakeOilPublicKey ]; }; + }; + }; + server-lazy = { ... }: @@ -95,17 +108,46 @@ in { }; }; - server_allowedusers = + server-no-openssl = { ... }: + { + programs.ssh.package = pkgs.opensshPackages.openssh.override { + linkOpenssl = false; + }; + services.openssh = { + enable = true; + hostKeys = [ + { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; } + ]; + settings = { + # Must not specify the OpenSSL provided algorithms. + Ciphers = [ "chacha20-poly1305@openssh.com" ]; + KexAlgorithms = [ + "curve25519-sha256" + "curve25519-sha256@libssh.org" + ]; + }; + }; + users.users.root.openssh.authorizedKeys.keys = [ + snakeOilEd25519PublicKey + ]; + }; + server-no-pam = + { pkgs, ... }: { - services.openssh = { enable = true; settings.AllowUsers = [ "alice" "bob" ]; }; - users.groups = { alice = { }; bob = { }; carol = { }; }; - users.users = { - alice = { isNormalUser = true; group = "alice"; openssh.authorizedKeys.keys = [ snakeOilPublicKey ]; }; - bob = { isNormalUser = true; group = "bob"; openssh.authorizedKeys.keys = [ snakeOilPublicKey ]; }; - carol = { isNormalUser = true; group = "carol"; openssh.authorizedKeys.keys = [ snakeOilPublicKey ]; }; + programs.ssh.package = pkgs.opensshPackages.openssh.override { + withPAM = false; + }; + services.openssh = { + enable = true; + settings = { + UsePAM = false; + }; }; + users.users.root.openssh.authorizedKeys.keys = [ + snakeOilPublicKey + ]; }; client = @@ -119,8 +161,11 @@ in { start_all() server.wait_for_unit("sshd", timeout=30) + server_allowed_users.wait_for_unit("sshd", timeout=30) server_localhost_only.wait_for_unit("sshd", timeout=30) server_match_rule.wait_for_unit("sshd", timeout=30) + server_no_openssl.wait_for_unit("sshd", timeout=30) + server_no_pam.wait_for_unit("sshd", timeout=30) server_lazy.wait_for_unit("sshd.socket", timeout=30) server_localhost_only_lazy.wait_for_unit("sshd.socket", timeout=30) @@ -166,8 +211,9 @@ in { "cat ${snakeOilPrivateKey} > privkey.snakeoil" ) client.succeed("chmod 600 privkey.snakeoil") + # The final segment in this IP is allocated according to the alphabetical order of machines in this test. client.succeed( - "ssh -p 2222 -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i privkey.snakeoil root@192.168.2.4 true", + "ssh -p 2222 -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i privkey.snakeoil root@192.168.2.5 true", timeout=30 ) @@ -198,15 +244,35 @@ in { ) client.succeed("chmod 600 privkey.snakeoil") client.succeed( - "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i privkey.snakeoil alice@server_allowedusers true", + "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i privkey.snakeoil alice@server-allowed-users true", timeout=30 ) client.succeed( - "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i privkey.snakeoil bob@server_allowedusers true", + "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i privkey.snakeoil bob@server-allowed-users true", timeout=30 ) client.fail( - "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i privkey.snakeoil carol@server_allowedusers true", + "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i privkey.snakeoil carol@server-allowed-users true", + timeout=30 + ) + + with subtest("no-openssl"): + client.succeed( + "cat ${snakeOilEd25519PrivateKey} > privkey.snakeoil" + ) + client.succeed("chmod 600 privkey.snakeoil") + client.succeed( + "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i privkey.snakeoil server-no-openssl true", + timeout=30 + ) + + with subtest("no-pam"): + client.succeed( + "cat ${snakeOilPrivateKey} > privkey.snakeoil" + ) + client.succeed("chmod 600 privkey.snakeoil") + client.succeed( + "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i privkey.snakeoil server-no-pam true", timeout=30 ) ''; diff --git a/nixpkgs/nixos/tests/pantheon.nix b/nixpkgs/nixos/tests/pantheon.nix index 69a28c397bed..d2a4a009af53 100644 --- a/nixpkgs/nixos/tests/pantheon.nix +++ b/nixpkgs/nixos/tests/pantheon.nix @@ -13,6 +13,13 @@ import ./make-test-python.nix ({ pkgs, lib, ...} : services.xserver.enable = true; services.xserver.desktopManager.pantheon.enable = true; + # We ship pantheon.appcenter by default when this is enabled. + services.flatpak.enable = true; + + # We don't ship gnome-text-editor in Pantheon module, we add this line mainly + # to catch eval issues related to this option. + environment.pantheon.excludePackages = [ pkgs.gnome-text-editor ]; + environment.systemPackages = [ pkgs.xdotool ]; }; @@ -50,11 +57,11 @@ import ./make-test-python.nix ({ pkgs, lib, ...} : machine.wait_until_succeeds(f"pgrep -f {i}") for i in ["gala", "io.elementary.wingpanel", "plank"]: machine.wait_for_window(i) - machine.wait_for_unit("bamfdaemon.service", "${user.name}") - machine.wait_for_unit("io.elementary.files.xdg-desktop-portal.service", "${user.name}") + for i in ["bamfdaemon.service", "io.elementary.files.xdg-desktop-portal.service"]: + machine.wait_for_unit(i, "${user.name}") with subtest("Check if various environment variables are set"): - cmd = "xargs --null --max-args=1 echo < /proc/$(pgrep -xf /run/current-system/sw/bin/gala)/environ" + cmd = "xargs --null --max-args=1 echo < /proc/$(pgrep -xf ${pkgs.pantheon.gala}/bin/gala)/environ" machine.succeed(f"{cmd} | grep 'XDG_CURRENT_DESKTOP' | grep 'Pantheon'") # Hopefully from the sessionPath option. machine.succeed(f"{cmd} | grep 'XDG_DATA_DIRS' | grep 'gsettings-schemas/pantheon-agent-geoclue2'") diff --git a/nixpkgs/nixos/tests/paperless.nix b/nixpkgs/nixos/tests/paperless.nix index 3d834b29958d..3ef291ba7e06 100644 --- a/nixpkgs/nixos/tests/paperless.nix +++ b/nixpkgs/nixos/tests/paperless.nix @@ -23,6 +23,7 @@ import ./make-test-python.nix ({ lib, ... }: { }; services.paperless.settings = { PAPERLESS_DBHOST = "/run/postgresql"; + PAPERLESS_OCR_LANGUAGE = "deu"; }; }; }; in self; diff --git a/nixpkgs/nixos/tests/pg_anonymizer.nix b/nixpkgs/nixos/tests/pg_anonymizer.nix index 2960108e37c3..b26e4dca0580 100644 --- a/nixpkgs/nixos/tests/pg_anonymizer.nix +++ b/nixpkgs/nixos/tests/pg_anonymizer.nix @@ -7,7 +7,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: { services.postgresql = { enable = true; extraPlugins = ps: [ ps.anonymizer ]; - settings.shared_preload_libraries = "anon"; + settings.shared_preload_libraries = [ "anon" ]; }; }; diff --git a/nixpkgs/nixos/tests/pgmanage.nix b/nixpkgs/nixos/tests/pgmanage.nix index 6f8f2f965340..6e72b32eca36 100644 --- a/nixpkgs/nixos/tests/pgmanage.nix +++ b/nixpkgs/nixos/tests/pgmanage.nix @@ -21,7 +21,7 @@ in pgmanage = { enable = true; connections = { - ${conn} = "hostaddr=127.0.0.1 port=${toString config.services.postgresql.port} dbname=postgres"; + ${conn} = "hostaddr=127.0.0.1 port=${toString config.services.postgresql.settings.port} dbname=postgres"; }; }; }; diff --git a/nixpkgs/nixos/tests/phosh.nix b/nixpkgs/nixos/tests/phosh.nix index 78d6da31beee..d505f0ffc524 100644 --- a/nixpkgs/nixos/tests/phosh.nix +++ b/nixpkgs/nixos/tests/phosh.nix @@ -25,6 +25,10 @@ in { }; }; + environment.systemPackages = [ + pkgs.phosh-mobile-settings + ]; + systemd.services.phosh = { environment = { # Accelerated graphics fail on phoc 0.20 (wlroots 0.15) @@ -63,8 +67,13 @@ in { phone.screenshot("03launcher") with subtest("Check the on-screen keyboard shows"): - phone.send_chars("setting", delay=0.2) + phone.send_chars("mobile setting", delay=0.2) phone.wait_for_text("123") # A button on the OSK phone.screenshot("04osk") + + with subtest("Check mobile-phosh-settings starts"): + phone.send_chars("\n") + phone.wait_for_text("Tweak advanced mobile settings"); + phone.screenshot("05settings") ''; }) diff --git a/nixpkgs/nixos/tests/plasma-bigscreen.nix b/nixpkgs/nixos/tests/plasma-bigscreen.nix index 2fe90fa9b539..050937f33442 100644 --- a/nixpkgs/nixos/tests/plasma-bigscreen.nix +++ b/nixpkgs/nixos/tests/plasma-bigscreen.nix @@ -11,10 +11,10 @@ import ./make-test-python.nix ({ pkgs, ...} : { imports = [ ./common/user-account.nix ]; services.xserver.enable = true; - services.xserver.displayManager.sddm.enable = true; - services.xserver.displayManager.defaultSession = "plasma-bigscreen-x11"; + services.displayManager.sddm.enable = true; + services.displayManager.defaultSession = "plasma-bigscreen-x11"; services.xserver.desktopManager.plasma5.bigscreen.enable = true; - services.xserver.displayManager.autoLogin = { + services.displayManager.autoLogin = { enable = true; user = "alice"; }; diff --git a/nixpkgs/nixos/tests/plasma5-systemd-start.nix b/nixpkgs/nixos/tests/plasma5-systemd-start.nix index 31a313af308b..891d4df2409f 100644 --- a/nixpkgs/nixos/tests/plasma5-systemd-start.nix +++ b/nixpkgs/nixos/tests/plasma5-systemd-start.nix @@ -12,11 +12,14 @@ import ./make-test-python.nix ({ pkgs, ...} : imports = [ ./common/user-account.nix ]; services.xserver = { enable = true; - displayManager.sddm.enable = true; - displayManager.defaultSession = "plasma"; desktopManager.plasma5.enable = true; desktopManager.plasma5.runUsingSystemd = true; - displayManager.autoLogin = { + }; + + services.displayManager = { + sddm.enable = true; + defaultSession = "plasma"; + autoLogin = { enable = true; user = "alice"; }; diff --git a/nixpkgs/nixos/tests/plasma5.nix b/nixpkgs/nixos/tests/plasma5.nix index fb8a5b73832e..1bff37981da3 100644 --- a/nixpkgs/nixos/tests/plasma5.nix +++ b/nixpkgs/nixos/tests/plasma5.nix @@ -11,11 +11,11 @@ import ./make-test-python.nix ({ pkgs, ...} : { imports = [ ./common/user-account.nix ]; services.xserver.enable = true; - services.xserver.displayManager.sddm.enable = true; - services.xserver.displayManager.defaultSession = "plasma"; + services.displayManager.sddm.enable = true; + services.displayManager.defaultSession = "plasma"; services.xserver.desktopManager.plasma5.enable = true; environment.plasma5.excludePackages = [ pkgs.plasma5Packages.elisa ]; - services.xserver.displayManager.autoLogin = { + services.displayManager.autoLogin = { enable = true; user = "alice"; }; diff --git a/nixpkgs/nixos/tests/plasma6.nix b/nixpkgs/nixos/tests/plasma6.nix index ec5b3f24ef74..7c8fba130e68 100644 --- a/nixpkgs/nixos/tests/plasma6.nix +++ b/nixpkgs/nixos/tests/plasma6.nix @@ -11,12 +11,12 @@ import ./make-test-python.nix ({ pkgs, ...} : { imports = [ ./common/user-account.nix ]; services.xserver.enable = true; - services.xserver.displayManager.sddm.enable = true; + services.displayManager.sddm.enable = true; # FIXME: this should be testing Wayland - services.xserver.displayManager.defaultSession = "plasmax11"; - services.xserver.desktopManager.plasma6.enable = true; + services.displayManager.defaultSession = "plasmax11"; + services.desktopManager.plasma6.enable = true; environment.plasma6.excludePackages = [ pkgs.kdePackages.elisa ]; - services.xserver.displayManager.autoLogin = { + services.displayManager.autoLogin = { enable = true; user = "alice"; }; diff --git a/nixpkgs/nixos/tests/predictable-interface-names.nix b/nixpkgs/nixos/tests/predictable-interface-names.nix index 51d5e8ae59b9..9ac4f8211e6b 100644 --- a/nixpkgs/nixos/tests/predictable-interface-names.nix +++ b/nixpkgs/nixos/tests/predictable-interface-names.nix @@ -5,7 +5,7 @@ let inherit (import ../lib/testing-python.nix { inherit system pkgs; }) makeTest; - testCombinations = pkgs.lib.cartesianProductOfSets { + testCombinations = pkgs.lib.cartesianProduct { predictable = [true false]; withNetworkd = [true false]; systemdStage1 = [true false]; diff --git a/nixpkgs/nixos/tests/prometheus-exporters.nix b/nixpkgs/nixos/tests/prometheus-exporters.nix index 3dc368e320ff..56569c4de2c8 100644 --- a/nixpkgs/nixos/tests/prometheus-exporters.nix +++ b/nixpkgs/nixos/tests/prometheus-exporters.nix @@ -227,6 +227,54 @@ let ''; }; + dnssec = { + exporterConfig = { + enable = true; + configuration = { + records = [ + { + zone = "example.com"; + record = "@"; + type = "SOA"; + } + ]; + }; + resolvers = [ "127.0.0.1:53" ]; + }; + metricProvider = { + services.knot = { + enable = true; + settingsFile = pkgs.writeText "knot.conf" '' + server: + listen: 127.0.0.1@53 + template: + - id: default + storage: ${pkgs.buildEnv { + name = "zones"; + paths = [(pkgs.writeTextDir "example.com.zone" '' + @ SOA ns1.example.com. noc.example.com. 2024032401 86400 7200 3600000 172800 + @ NS ns1 + ns1 A 192.168.0.1 + '')]; + }} + zonefile-load: difference + zonefile-sync: -1 + zone: + - domain: example.com + file: example.com.zone + dnssec-signing: on + ''; + }; + }; + exporterTest = '' + wait_for_unit("knot.service") + wait_for_open_port(53) + wait_for_unit("prometheus-dnssec-exporter.service") + wait_for_open_port(9204) + succeed("curl -sSf http://localhost:9204/metrics | grep 'example.com'") + ''; + }; + # Access to WHOIS server is required to properly test this exporter, so # just perform basic sanity check that the exporter is running and returns # a failure. @@ -859,7 +907,7 @@ let attrs = { objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ]; olcDatabase = "{1}mdb"; - olcDbDirectory = "/var/db/openldap"; + olcDbDirectory = "/var/lib/openldap/db"; olcSuffix = "dc=example"; olcRootDN = { # cn=root,dc=example diff --git a/nixpkgs/nixos/tests/promscale.nix b/nixpkgs/nixos/tests/promscale.nix deleted file mode 100644 index da18628f2482..000000000000 --- a/nixpkgs/nixos/tests/promscale.nix +++ /dev/null @@ -1,60 +0,0 @@ -# mostly copied from ./timescaledb.nix which was copied from ./postgresql.nix -# as it seemed unapproriate to test additional extensions for postgresql there. - -{ system ? builtins.currentSystem -, config ? { } -, pkgs ? import ../.. { inherit system config; } -}: - -with import ../lib/testing-python.nix { inherit system pkgs; }; -with pkgs.lib; - -let - postgresql-versions = import ../../pkgs/servers/sql/postgresql pkgs; - test-sql = pkgs.writeText "postgresql-test" '' - CREATE USER promscale SUPERUSER PASSWORD 'promscale'; - CREATE DATABASE promscale OWNER promscale; - ''; - - make-postgresql-test = postgresql-name: postgresql-package: makeTest { - name = postgresql-name; - meta = with pkgs.lib.maintainers; { - maintainers = [ anpin ]; - }; - - nodes.machine = { config, pkgs, ... }: - { - services.postgresql = { - enable = true; - package = postgresql-package; - extraPlugins = ps: with ps; [ - timescaledb - promscale_extension - ]; - settings = { shared_preload_libraries = "timescaledb, promscale"; }; - }; - environment.systemPackages = with pkgs; [ promscale ]; - }; - - testScript = '' - machine.start() - machine.wait_for_unit("postgresql") - with subtest("Postgresql with extensions timescaledb and promscale is available just after unit start"): - print(machine.succeed("sudo -u postgres psql -f ${test-sql}")) - machine.succeed("sudo -u postgres psql promscale -c 'SHOW shared_preload_libraries;' | grep promscale") - machine.succeed( - "promscale --db.name promscale --db.password promscale --db.user promscale --db.ssl-mode allow --startup.install-extensions --startup.only" - ) - machine.succeed("sudo -u postgres psql promscale -c 'SELECT ps_trace.get_trace_retention_period();' | grep '(1 row)'") - machine.shutdown() - ''; - }; - #version 15 is not supported yet - applicablePostgresqlVersions = filterAttrs (_: value: versionAtLeast value.version "12" && !(versionAtLeast value.version "15")) postgresql-versions; -in -mapAttrs' - (name: package: { - inherit name; - value = make-postgresql-test name package; - }) - applicablePostgresqlVersions diff --git a/nixpkgs/nixos/tests/qtile.nix b/nixpkgs/nixos/tests/qtile.nix new file mode 100644 index 000000000000..b4d8f9d42114 --- /dev/null +++ b/nixpkgs/nixos/tests/qtile.nix @@ -0,0 +1,34 @@ +import ./make-test-python.nix ({ lib, ...} : { + name = "qtile"; + + meta = { + maintainers = with lib.maintainers; [ sigmanificient ]; + }; + + nodes.machine = { pkgs, lib, ... }: { + imports = [ ./common/x11.nix ./common/user-account.nix ]; + test-support.displayManager.auto.user = "alice"; + + services.xserver.windowManager.qtile.enable = true; + services.displayManager.defaultSession = lib.mkForce "none+qtile"; + + environment.systemPackages = [ pkgs.kitty ]; + }; + + testScript = '' + with subtest("ensure x starts"): + machine.wait_for_x() + machine.wait_for_file("/home/alice/.Xauthority") + machine.succeed("xauth merge ~alice/.Xauthority") + + with subtest("ensure client is available"): + machine.succeed("qtile --version") + + with subtest("ensure we can open a new terminal"): + machine.sleep(2) + machine.send_key("meta_l-ret") + machine.wait_for_window(r"alice.*?machine") + machine.sleep(2) + machine.screenshot("terminal") + ''; +}) diff --git a/nixpkgs/nixos/tests/radicale.nix b/nixpkgs/nixos/tests/radicale.nix index 66650dce4a00..868b28085a67 100644 --- a/nixpkgs/nixos/tests/radicale.nix +++ b/nixpkgs/nixos/tests/radicale.nix @@ -6,7 +6,7 @@ let port = "5232"; filesystem_folder = "/data/radicale"; - cli = "${pkgs.calendar-cli}/bin/calendar-cli --caldav-user ${user} --caldav-pass ${password}"; + cli = "${lib.getExe pkgs.calendar-cli} --caldav-user ${user} --caldav-pass ${password}"; in { name = "radicale3"; meta.maintainers = with lib.maintainers; [ dotlambda ]; diff --git a/nixpkgs/nixos/tests/ragnarwm.nix b/nixpkgs/nixos/tests/ragnarwm.nix index f7c588b92008..6dc08a805ab1 100644 --- a/nixpkgs/nixos/tests/ragnarwm.nix +++ b/nixpkgs/nixos/tests/ragnarwm.nix @@ -8,7 +8,7 @@ import ./make-test-python.nix ({ lib, ...} : { nodes.machine = { pkgs, lib, ... }: { imports = [ ./common/x11.nix ./common/user-account.nix ]; test-support.displayManager.auto.user = "alice"; - services.xserver.displayManager.defaultSession = lib.mkForce "ragnar"; + services.displayManager.defaultSession = lib.mkForce "ragnar"; services.xserver.windowManager.ragnarwm.enable = true; # Setup the default terminal of Ragnar diff --git a/nixpkgs/nixos/tests/redis.nix b/nixpkgs/nixos/tests/redis.nix index 94b50d07be6d..6c84701c9c0a 100644 --- a/nixpkgs/nixos/tests/redis.nix +++ b/nixpkgs/nixos/tests/redis.nix @@ -1,44 +1,87 @@ -import ./make-test-python.nix ({ pkgs, lib, ... }: { - name = "redis"; - meta.maintainers = with lib.maintainers; [ flokli ]; - - nodes = { - machine = - { pkgs, lib, ... }: - - { - services.redis.servers."".enable = true; - services.redis.servers."test".enable = true; - - users.users = lib.listToAttrs (map (suffix: lib.nameValuePair "member${suffix}" { - createHome = false; - description = "A member of the redis${suffix} group"; - isNormalUser = true; - extraGroups = [ "redis${suffix}" ]; - }) ["" "-test"]); - }; + system ? builtins.currentSystem, + config ? { }, + pkgs ? import ../../.. { inherit system config; }, + + lib ? pkgs.lib, +}: +let + makeTest = import ./make-test-python.nix; + mkTestName = + pkg: "${pkg.pname}_${builtins.replaceStrings [ "." ] [ "" ] (lib.versions.majorMinor pkg.version)}"; + redisPackages = { + inherit (pkgs) redis keydb; }; + makeRedisTest = + { + package, + name ? mkTestName package, + }: + makeTest { + inherit name; + meta.maintainers = [ + lib.maintainers.flokli + lib.teams.helsinki-systems.members + ]; + + nodes = { + machine = + { lib, ... }: + + { + services = { + redis = { + inherit package; + servers."".enable = true; + servers."test".enable = true; + }; + }; + + users.users = lib.listToAttrs ( + map + ( + suffix: + lib.nameValuePair "member${suffix}" { + createHome = false; + description = "A member of the redis${suffix} group"; + isNormalUser = true; + extraGroups = [ "redis${suffix}" ]; + } + ) + [ + "" + "-test" + ] + ); + }; + }; - testScript = { nodes, ... }: let - inherit (nodes.machine.config.services) redis; - in '' - start_all() - machine.wait_for_unit("redis") - machine.wait_for_unit("redis-test") + testScript = + { nodes, ... }: + let + inherit (nodes.machine.services) redis; + in + '' + start_all() + machine.wait_for_unit("redis") + machine.wait_for_unit("redis-test") - # The unnamed Redis server still opens a port for backward-compatibility - machine.wait_for_open_port(6379) + # The unnamed Redis server still opens a port for backward-compatibility + machine.wait_for_open_port(6379) - machine.wait_for_file("${redis.servers."".unixSocket}") - machine.wait_for_file("${redis.servers."test".unixSocket}") + machine.wait_for_file("${redis.servers."".unixSocket}") + machine.wait_for_file("${redis.servers."test".unixSocket}") - # The unix socket is accessible to the redis group - machine.succeed('su member -c "redis-cli ping | grep PONG"') - machine.succeed('su member-test -c "redis-cli ping | grep PONG"') + # The unix socket is accessible to the redis group + machine.succeed('su member -c "${pkgs.redis}/bin/redis-cli ping | grep PONG"') + machine.succeed('su member-test -c "${pkgs.redis}/bin/redis-cli ping | grep PONG"') - machine.succeed("redis-cli ping | grep PONG") - machine.succeed("redis-cli -s ${redis.servers."".unixSocket} ping | grep PONG") - machine.succeed("redis-cli -s ${redis.servers."test".unixSocket} ping | grep PONG") - ''; -}) + machine.succeed("${pkgs.redis}/bin/redis-cli ping | grep PONG") + machine.succeed("${pkgs.redis}/bin/redis-cli -s ${redis.servers."".unixSocket} ping | grep PONG") + machine.succeed("${pkgs.redis}/bin/redis-cli -s ${ + redis.servers."test".unixSocket + } ping | grep PONG") + ''; + }; +in +lib.mapAttrs (_: package: makeRedisTest { inherit package; }) redisPackages diff --git a/nixpkgs/nixos/tests/redmine.nix b/nixpkgs/nixos/tests/redmine.nix index 621b3e6a36ee..16fb2e2c64a6 100644 --- a/nixpkgs/nixos/tests/redmine.nix +++ b/nixpkgs/nixos/tests/redmine.nix @@ -39,6 +39,7 @@ let meta.maintainers = [ maintainers.aanderse ]; }; in { + sqlite3 = redmineTest { name = "sqlite3"; type = "sqlite3"; }; mysql = redmineTest { name = "mysql"; type = "mysql2"; }; pgsql = redmineTest { name = "pgsql"; type = "postgresql"; }; } diff --git a/nixpkgs/nixos/tests/restic-rest-server.nix b/nixpkgs/nixos/tests/restic-rest-server.nix new file mode 100644 index 000000000000..1d38ddbe513c --- /dev/null +++ b/nixpkgs/nixos/tests/restic-rest-server.nix @@ -0,0 +1,122 @@ +import ./make-test-python.nix ( + { pkgs, ... }: + + let + remoteRepository = "rest:http://restic_rest_server:8001/"; + + backupPrepareCommand = '' + touch /root/backupPrepareCommand + test ! -e /root/backupCleanupCommand + ''; + + backupCleanupCommand = '' + rm /root/backupPrepareCommand + touch /root/backupCleanupCommand + ''; + + testDir = pkgs.stdenvNoCC.mkDerivation { + name = "test-files-to-backup"; + unpackPhase = "true"; + installPhase = '' + mkdir $out + echo some_file > $out/some_file + echo some_other_file > $out/some_other_file + mkdir $out/a_dir + echo a_file > $out/a_dir/a_file + ''; + }; + + passwordFile = "${pkgs.writeText "password" "correcthorsebatterystaple"}"; + paths = [ "/opt" ]; + exclude = [ "/opt/excluded_file_*" ]; + pruneOpts = [ + "--keep-daily 2" + "--keep-weekly 1" + "--keep-monthly 1" + "--keep-yearly 99" + ]; + in + { + name = "restic-rest-server"; + + nodes = { + restic_rest_server = { + services.restic.server = { + enable = true; + extraFlags = [ "--no-auth" ]; + listenAddress = "8001"; + }; + networking.firewall.allowedTCPPorts = [ 8001 ]; + }; + server = { + services.restic.backups = { + remotebackup = { + inherit passwordFile paths exclude pruneOpts backupPrepareCommand backupCleanupCommand; + repository = remoteRepository; + initialize = true; + timerConfig = null; # has no effect here, just checking that it doesn't break the service + }; + remoteprune = { + inherit passwordFile; + repository = remoteRepository; + pruneOpts = [ "--keep-last 1" ]; + }; + }; + }; + }; + + testScript = '' + restic_rest_server.start() + server.start() + restic_rest_server.wait_for_unit("restic-rest-server.socket") + restic_rest_server.wait_for_open_port(8001) + server.wait_for_unit("dbus.socket") + server.fail( + "restic-remotebackup snapshots", + ) + server.succeed( + # set up + "cp -rT ${testDir} /opt", + "touch /opt/excluded_file_1 /opt/excluded_file_2", + + # test that remotebackup runs custom commands and produces a snapshot + "timedatectl set-time '2016-12-13 13:45'", + "systemctl start restic-backups-remotebackup.service", + "rm /root/backupCleanupCommand", + 'restic-remotebackup snapshots --json | ${pkgs.jq}/bin/jq "length | . == 1"', + + # test that restoring that snapshot produces the same directory + "mkdir /tmp/restore-1", + "restic-remotebackup restore latest -t /tmp/restore-1", + "diff -ru ${testDir} /tmp/restore-1/opt", + + # test that we can create four snapshots in remotebackup and rclonebackup + "timedatectl set-time '2017-12-13 13:45'", + "systemctl start restic-backups-remotebackup.service", + "rm /root/backupCleanupCommand", + + "timedatectl set-time '2018-12-13 13:45'", + "systemctl start restic-backups-remotebackup.service", + "rm /root/backupCleanupCommand", + + "timedatectl set-time '2018-12-14 13:45'", + "systemctl start restic-backups-remotebackup.service", + "rm /root/backupCleanupCommand", + + "timedatectl set-time '2018-12-15 13:45'", + "systemctl start restic-backups-remotebackup.service", + "rm /root/backupCleanupCommand", + + "timedatectl set-time '2018-12-16 13:45'", + "systemctl start restic-backups-remotebackup.service", + "rm /root/backupCleanupCommand", + + 'restic-remotebackup snapshots --json | ${pkgs.jq}/bin/jq "length | . == 4"', + + # test that remoteprune brings us back to 1 snapshot in remotebackup + "systemctl start restic-backups-remoteprune.service", + 'restic-remotebackup snapshots --json | ${pkgs.jq}/bin/jq "length | . == 1"', + ) + ''; + } +) diff --git a/nixpkgs/nixos/tests/sddm.nix b/nixpkgs/nixos/tests/sddm.nix index b6c05deac05e..3ca105cf9713 100644 --- a/nixpkgs/nixos/tests/sddm.nix +++ b/nixpkgs/nixos/tests/sddm.nix @@ -15,8 +15,8 @@ let nodes.machine = { ... }: { imports = [ ./common/user-account.nix ]; services.xserver.enable = true; - services.xserver.displayManager.sddm.enable = true; - services.xserver.displayManager.defaultSession = "none+icewm"; + services.displayManager.sddm.enable = true; + services.displayManager.defaultSession = "none+icewm"; services.xserver.windowManager.icewm.enable = true; }; @@ -44,14 +44,14 @@ let nodes.machine = { ... }: { imports = [ ./common/user-account.nix ]; services.xserver.enable = true; - services.xserver.displayManager = { + services.displayManager = { sddm.enable = true; autoLogin = { enable = true; user = "alice"; }; }; - services.xserver.displayManager.defaultSession = "none+icewm"; + services.displayManager.defaultSession = "none+icewm"; services.xserver.windowManager.icewm.enable = true; }; diff --git a/nixpkgs/nixos/tests/silverbullet.nix b/nixpkgs/nixos/tests/silverbullet.nix new file mode 100644 index 000000000000..e7e3cf536558 --- /dev/null +++ b/nixpkgs/nixos/tests/silverbullet.nix @@ -0,0 +1,47 @@ +import ./make-test-python.nix ({ lib, ... }: { + name = "silverbullet"; + meta.maintainers = with lib.maintainers; [ aorith ]; + + nodes.simple = { ... }: { + services.silverbullet.enable = true; + }; + + nodes.configured = { pkgs, ... }: { + users.users.test.isNormalUser = true; + users.groups.test = { }; + + services.silverbullet = { + enable = true; + package = pkgs.silverbullet; + listenPort = 3001; + listenAddress = "localhost"; + spaceDir = "/home/test/silverbullet"; + user = "test"; + group = "test"; + envFile = pkgs.writeText "silverbullet.env" '' + SB_USER=user:password + SB_AUTH_TOKEN=test + ''; + extraArgs = [ "--reindex" "--db /home/test/silverbullet/custom.db" ]; + }; + }; + + testScript = { nodes, ... }: '' + PORT = ${builtins.toString nodes.simple.services.silverbullet.listenPort} + ADDRESS = "${nodes.simple.services.silverbullet.listenAddress}" + SPACEDIR = "${nodes.simple.services.silverbullet.spaceDir}" + simple.wait_for_unit("silverbullet.service") + simple.wait_for_open_port(PORT) + simple.succeed(f"curl --max-time 5 -s -v -o /dev/null --fail http://{ADDRESS}:{PORT}/") + simple.succeed(f"test -d '{SPACEDIR}'") + + PORT = ${builtins.toString nodes.configured.services.silverbullet.listenPort} + ADDRESS = "${nodes.configured.services.silverbullet.listenAddress}" + SPACEDIR = "${nodes.configured.services.silverbullet.spaceDir}" + configured.wait_for_unit("silverbullet.service") + configured.wait_for_open_port(PORT) + assert int(configured.succeed(f"curl --max-time 5 -s -o /dev/null -w '%{{http_code}}' -XPUT -d 'test' --fail http://{ADDRESS}:{PORT}/test.md -H'Authorization: Bearer test'")) == 200 + assert int(configured.fail(f"curl --max-time 5 -s -o /dev/null -w '%{{http_code}}' -XPUT -d 'test' --fail http://{ADDRESS}:{PORT}/test.md -H'Authorization: Bearer wrong'")) == 401 + configured.succeed(f"test -d '{SPACEDIR}'") + ''; +}) diff --git a/nixpkgs/nixos/tests/soju.nix b/nixpkgs/nixos/tests/soju.nix new file mode 100644 index 000000000000..23da36f7b3ab --- /dev/null +++ b/nixpkgs/nixos/tests/soju.nix @@ -0,0 +1,31 @@ +import ./make-test-python.nix ({ pkgs, lib, ... }: +let + certs = import ./common/acme/server/snakeoil-certs.nix; + domain = certs.domain; + + user = "testuser"; + pass = "hunter2"; +in +{ + name = "soju"; + meta.maintainers = with lib.maintainers; [ Benjamin-L ]; + + nodes.machine = { ... }: { + services.soju = { + enable = true; + adminSocket.enable = true; + hostName = domain; + tlsCertificate = certs.${domain}.cert; + tlsCertificateKey = certs.${domain}.key; + }; + }; + + testScript = '' + start_all() + + machine.wait_for_unit("soju") + machine.wait_for_file("/run/soju/admin") + + machine.succeed("sojuctl user create -username ${user} -password ${pass}") + ''; +}) diff --git a/nixpkgs/nixos/tests/ssh-keys.nix b/nixpkgs/nixos/tests/ssh-keys.nix index df9ff38a3b22..675f3a0b4394 100644 --- a/nixpkgs/nixos/tests/ssh-keys.nix +++ b/nixpkgs/nixos/tests/ssh-keys.nix @@ -12,4 +12,16 @@ pkgs: "yNTYAAABBBChdA2BmwcG49OrQN33f/sj+OHL5sJhwVl2Qim0vkUJQCry1zFpKTa" "9ZcDMiWaEhoAR6FGoaGI04ff7CS+1yybQ= snakeoil" ]; + + snakeOilEd25519PrivateKey = pkgs.writeText "privkey.snakeoil" '' + -----BEGIN OPENSSH PRIVATE KEY----- + b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW + QyNTUxOQAAACAYBTIWo1J4PkY4/7AhVyPT8xvAUI67tp+yYFFRdSm7+QAAAJC89yCivPcg + ogAAAAtzc2gtZWQyNTUxOQAAACAYBTIWo1J4PkY4/7AhVyPT8xvAUI67tp+yYFFRdSm7+Q + AAAEDJmKp3lX6Pz0unTc0QZwrHb8Eyr9fJUopE9d2/+q+eCxgFMhajUng+Rjj/sCFXI9Pz + G8BQjru2n7JgUVF1Kbv5AAAACnRvbUBvemRlc2sBAgM= + -----END OPENSSH PRIVATE KEY----- + ''; + + snakeOilEd25519PublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBgFMhajUng+Rjj/sCFXI9PzG8BQjru2n7JgUVF1Kbv5 snakeoil"; } diff --git a/nixpkgs/nixos/tests/sunshine.nix b/nixpkgs/nixos/tests/sunshine.nix new file mode 100644 index 000000000000..7c7e86de203a --- /dev/null +++ b/nixpkgs/nixos/tests/sunshine.nix @@ -0,0 +1,70 @@ +import ./make-test-python.nix ({ pkgs, lib, ... }: { + name = "sunshine"; + meta = { + # test is flaky on aarch64 + broken = pkgs.stdenv.isAarch64; + maintainers = [ lib.maintainers.devusb ]; + }; + + nodes.sunshine = { config, pkgs, ... }: { + imports = [ + ./common/x11.nix + ]; + + services.sunshine = { + enable = true; + openFirewall = true; + settings = { + capture = "x11"; + encoder = "software"; + output_name = 0; + }; + }; + + environment.systemPackages = with pkgs; [ + gxmessage + ]; + + }; + + nodes.moonlight = { config, pkgs, ... }: { + imports = [ + ./common/x11.nix + ]; + + environment.systemPackages = with pkgs; [ + moonlight-qt + ]; + + }; + + enableOCR = true; + + testScript = '' + # start the tests, wait for sunshine to be up + start_all() + sunshine.wait_for_open_port(48010,"localhost") + + # set the admin username/password, restart sunshine + sunshine.execute("sunshine --creds sunshine sunshine") + sunshine.systemctl("restart sunshine","root") + sunshine.wait_for_open_port(48010,"localhost") + + # initiate pairing from moonlight + moonlight.execute("moonlight pair sunshine --pin 1234 >&2 & disown") + moonlight.wait_for_console_text("Executing request") + + # respond to pairing request from sunshine + sunshine.succeed("curl --insecure -u sunshine:sunshine -d '{\"pin\": \"1234\"}' https://localhost:47990/api/pin") + + # close moonlight once pairing complete + moonlight.send_key("kp_enter") + + # put words on the sunshine screen for moonlight to see + sunshine.execute("gxmessage 'hello world' -center -font 'sans 75' >&2 & disown") + + # connect to sunshine from moonlight and look for the words + moonlight.execute("moonlight --video-decoder software stream sunshine 'Desktop' >&2 & disown") + moonlight.wait_for_text("hello world") + ''; +}) diff --git a/nixpkgs/nixos/tests/swayfx.nix b/nixpkgs/nixos/tests/swayfx.nix new file mode 100644 index 000000000000..77844ec80ae1 --- /dev/null +++ b/nixpkgs/nixos/tests/swayfx.nix @@ -0,0 +1,207 @@ +import ./make-test-python.nix ( + { pkgs, lib, ... }: + { + name = "swayfx"; + meta = { + maintainers = with lib.maintainers; [ eclairevoyant ]; + }; + + # testScriptWithTypes:49: error: Cannot call function of unknown type + # (machine.succeed if succeed else machine.execute)( + # ^ + # Found 1 error in 1 file (checked 1 source file) + skipTypeCheck = true; + + nodes.machine = + { config, ... }: + { + # Automatically login on tty1 as a normal user: + imports = [ ./common/user-account.nix ]; + services.getty.autologinUser = "alice"; + + environment = { + # For glinfo and wayland-info: + systemPackages = with pkgs; [ + mesa-demos + wayland-utils + alacritty + ]; + # Use a fixed SWAYSOCK path (for swaymsg): + variables = { + "SWAYSOCK" = "/tmp/sway-ipc.sock"; + # TODO: Investigate if we can get hardware acceleration to work (via + # virtio-gpu and Virgil). We currently have to use the Pixman software + # renderer since the GLES2 renderer doesn't work inside the VM (even + # with WLR_RENDERER_ALLOW_SOFTWARE): + # "WLR_RENDERER_ALLOW_SOFTWARE" = "1"; + "WLR_RENDERER" = "pixman"; + }; + # For convenience: + shellAliases = { + test-x11 = "glinfo | tee /tmp/test-x11.out && touch /tmp/test-x11-exit-ok"; + test-wayland = "wayland-info | tee /tmp/test-wayland.out && touch /tmp/test-wayland-exit-ok"; + }; + + # To help with OCR: + etc."xdg/foot/foot.ini".text = lib.generators.toINI { } { + main = { + font = "inconsolata:size=14"; + }; + colors = rec { + foreground = "000000"; + background = "ffffff"; + regular2 = foreground; + }; + }; + + etc."gpg-agent.conf".text = '' + pinentry-timeout 86400 + ''; + }; + + fonts.packages = [ pkgs.inconsolata ]; + + # Automatically configure and start Sway when logging in on tty1: + programs.bash.loginShellInit = '' + if [ "$(tty)" = "/dev/tty1" ]; then + set -e + + mkdir -p ~/.config/sway + sed s/Mod4/Mod1/ /etc/sway/config > ~/.config/sway/config + + sway --validate + sway && touch /tmp/sway-exit-ok + fi + ''; + + programs.sway = { + enable = true; + package = pkgs.swayfx.override { isNixOS = true; }; + }; + + # To test pinentry via gpg-agent: + programs.gnupg.agent.enable = true; + + # Need to switch to a different GPU driver than the default one (-vga std) so that Sway can launch: + virtualisation.qemu.options = [ "-vga none -device virtio-gpu-pci" ]; + }; + + testScript = + { nodes, ... }: + '' + import shlex + import json + + q = shlex.quote + NODE_GROUPS = ["nodes", "floating_nodes"] + + + def swaymsg(command: str = "", succeed=True, type="command"): + assert command != "" or type != "command", "Must specify command or type" + shell = q(f"swaymsg -t {q(type)} -- {q(command)}") + with machine.nested( + f"sending swaymsg {shell!r}" + " (allowed to fail)" * (not succeed) + ): + ret = (machine.succeed if succeed else machine.execute)( + f"su - alice -c {shell}" + ) + + # execute also returns a status code, but disregard. + if not succeed: + _, ret = ret + + if not succeed and not ret: + return None + + parsed = json.loads(ret) + return parsed + + + def walk(tree): + yield tree + for group in NODE_GROUPS: + for node in tree.get(group, []): + yield from walk(node) + + + def wait_for_window(pattern): + def func(last_chance): + nodes = (node["name"] for node in walk(swaymsg(type="get_tree"))) + + if last_chance: + nodes = list(nodes) + machine.log(f"Last call! Current list of windows: {nodes}") + + return any(pattern in name for name in nodes) + + retry(func) + + start_all() + machine.wait_for_unit("multi-user.target") + + # To check the version: + print(machine.succeed("sway --version")) + + # Wait for Sway to complete startup: + machine.wait_for_file("/run/user/1000/wayland-1") + machine.wait_for_file("/tmp/sway-ipc.sock") + + # Test XWayland (foot does not support X): + swaymsg("exec WINIT_UNIX_BACKEND=x11 WAYLAND_DISPLAY= alacritty") + wait_for_window("alice@machine") + machine.send_chars("test-x11\n") + machine.wait_for_file("/tmp/test-x11-exit-ok") + print(machine.succeed("cat /tmp/test-x11.out")) + machine.copy_from_vm("/tmp/test-x11.out") + machine.screenshot("alacritty_glinfo") + machine.succeed("pkill alacritty") + + # Start a terminal (foot) on workspace 3: + machine.send_key("alt-3") + machine.sleep(3) + machine.send_key("alt-ret") + wait_for_window("alice@machine") + machine.send_chars("test-wayland\n") + machine.wait_for_file("/tmp/test-wayland-exit-ok") + print(machine.succeed("cat /tmp/test-wayland.out")) + machine.copy_from_vm("/tmp/test-wayland.out") + machine.screenshot("foot_wayland_info") + machine.send_key("alt-shift-q") + machine.wait_until_fails("pgrep foot") + + # Test gpg-agent starting pinentry-gnome3 via D-Bus (tests if + # $WAYLAND_DISPLAY is correctly imported into the D-Bus user env): + swaymsg("exec mkdir -p ~/.gnupg") + swaymsg("exec cp /etc/gpg-agent.conf ~/.gnupg") + + swaymsg("exec DISPLAY=INVALID gpg --no-tty --yes --quick-generate-key test", succeed=False) + machine.wait_until_succeeds("pgrep --exact gpg") + wait_for_window("gpg") + machine.succeed("pgrep --exact gpg") + machine.screenshot("gpg_pinentry") + machine.send_key("alt-shift-q") + machine.wait_until_fails("pgrep --exact gpg") + + # Test swaynag: + def get_height(): + return [node['rect']['height'] for node in walk(swaymsg(type="get_tree")) if node['focused']][0] + + before = get_height() + machine.send_key("alt-shift-e") + retry(lambda _: get_height() < before) + machine.screenshot("sway_exit") + + swaymsg("exec swaylock") + machine.wait_until_succeeds("pgrep -x swaylock") + machine.sleep(3) + machine.send_chars("${nodes.machine.config.users.users.alice.password}") + machine.send_key("ret") + machine.wait_until_fails("pgrep -x swaylock") + + # Exit Sway and verify process exit status 0: + swaymsg("exit", succeed=False) + machine.wait_until_fails("pgrep -x sway") + machine.wait_for_file("/tmp/sway-exit-ok") + ''; + } +) diff --git a/nixpkgs/nixos/tests/switch-test.nix b/nixpkgs/nixos/tests/switch-test.nix index 5ffdf180d5e3..4a7bcd5a8226 100644 --- a/nixpkgs/nixos/tests/switch-test.nix +++ b/nixpkgs/nixos/tests/switch-test.nix @@ -610,6 +610,11 @@ in { # Returns a comma separated representation of the given list in sorted # order, that matches the output format of switch-to-configuration.pl sortedUnits = xs: lib.concatStringsSep ", " (builtins.sort builtins.lessThan xs); + + dbusService = { + "dbus" = "dbus.service"; + "broker" = "dbus-broker.service"; + }.${nodes.machine.services.dbus.implementation}; in /* python */ '' def switch_to_specialisation(system, name, action="test", fail=False): if name == "": @@ -691,9 +696,9 @@ in { with subtest("continuing from an aborted switch"): # An aborted switch will write into a file what it tried to start # and a second switch should continue from this - machine.succeed("echo dbus.service > /run/nixos/start-list") + machine.succeed("echo ${dbusService} > /run/nixos/start-list") out = switch_to_specialisation("${machine}", "modifiedSystemConf") - assert_contains(out, "starting the following units: dbus.service\n") + assert_contains(out, "starting the following units: ${dbusService}\n") with subtest("fstab mounts"): switch_to_specialisation("${machine}", "") @@ -732,7 +737,7 @@ in { out = switch_to_specialisation("${machine}", "") assert_contains(out, "stopping the following units: test.mount\n") assert_lacks(out, "NOT restarting the following changed units:") - assert_contains(out, "reloading the following units: dbus.service\n") + assert_contains(out, "reloading the following units: ${dbusService}\n") assert_lacks(out, "\nrestarting the following units:") assert_lacks(out, "\nstarting the following units:") assert_lacks(out, "the following new units were started:") @@ -740,7 +745,7 @@ in { out = switch_to_specialisation("${machine}", "storeMountModified") assert_lacks(out, "stopping the following units:") assert_contains(out, "NOT restarting the following changed units: -.mount") - assert_contains(out, "reloading the following units: dbus.service\n") + assert_contains(out, "reloading the following units: ${dbusService}\n") assert_lacks(out, "\nrestarting the following units:") assert_lacks(out, "\nstarting the following units:") assert_lacks(out, "the following new units were started:") @@ -751,7 +756,7 @@ in { out = switch_to_specialisation("${machine}", "swap") assert_lacks(out, "stopping the following units:") assert_lacks(out, "NOT restarting the following changed units:") - assert_contains(out, "reloading the following units: dbus.service\n") + assert_contains(out, "reloading the following units: ${dbusService}\n") assert_lacks(out, "\nrestarting the following units:") assert_lacks(out, "\nstarting the following units:") assert_contains(out, "the following new units were started: swapfile.swap") @@ -760,7 +765,7 @@ in { assert_contains(out, "stopping swap device: /swapfile") assert_lacks(out, "stopping the following units:") assert_lacks(out, "NOT restarting the following changed units:") - assert_contains(out, "reloading the following units: dbus.service\n") + assert_contains(out, "reloading the following units: ${dbusService}\n") assert_lacks(out, "\nrestarting the following units:") assert_lacks(out, "\nstarting the following units:") assert_lacks(out, "the following new units were started:") @@ -781,7 +786,7 @@ in { assert_lacks(out, "installing dummy bootloader") # test does not install a bootloader assert_lacks(out, "stopping the following units:") assert_lacks(out, "NOT restarting the following changed units:") - assert_contains(out, "reloading the following units: dbus.service\n") # huh + assert_contains(out, "reloading the following units: ${dbusService}\n") # huh assert_lacks(out, "\nrestarting the following units:") assert_lacks(out, "\nstarting the following units:") assert_contains(out, "the following new units were started: test.service\n") @@ -858,7 +863,7 @@ in { assert_lacks(out, "installing dummy bootloader") # test does not install a bootloader assert_lacks(out, "stopping the following units:") assert_lacks(out, "NOT restarting the following changed units:") - assert_contains(out, "reloading the following units: dbus.service\n") # huh + assert_contains(out, "reloading the following units: ${dbusService}\n") # huh assert_lacks(out, "\nrestarting the following units:") assert_lacks(out, "\nstarting the following units:") assert_contains(out, "the following new units were started: test.service\n") diff --git a/nixpkgs/nixos/tests/syncthing-relay.nix b/nixpkgs/nixos/tests/syncthing-relay.nix index 3d70b1eda7b2..cab9bcafe9d5 100644 --- a/nixpkgs/nixos/tests/syncthing-relay.nix +++ b/nixpkgs/nixos/tests/syncthing-relay.nix @@ -1,6 +1,6 @@ import ./make-test-python.nix ({ lib, pkgs, ... }: { name = "syncthing-relay"; - meta.maintainers = with pkgs.lib.maintainers; [ delroth ]; + meta.maintainers = with pkgs.lib.maintainers; [ ]; nodes.machine = { environment.systemPackages = [ pkgs.jq ]; diff --git a/nixpkgs/nixos/tests/systemd-confinement.nix b/nixpkgs/nixos/tests/systemd-confinement.nix index 428888d41a20..bde5b770ea50 100644 --- a/nixpkgs/nixos/tests/systemd-confinement.nix +++ b/nixpkgs/nixos/tests/systemd-confinement.nix @@ -153,7 +153,7 @@ import ./make-test-python.nix { options.__testSteps = lib.mkOption { type = lib.types.lines; - description = lib.mdDoc "All of the test steps combined as a single script."; + description = "All of the test steps combined as a single script."; }; config.environment.systemPackages = lib.singleton testClient; diff --git a/nixpkgs/nixos/tests/systemd-machinectl.nix b/nixpkgs/nixos/tests/systemd-machinectl.nix index 02b4d9c590b5..9d761c6d4d8b 100644 --- a/nixpkgs/nixos/tests/systemd-machinectl.nix +++ b/nixpkgs/nixos/tests/systemd-machinectl.nix @@ -1,149 +1,177 @@ import ./make-test-python.nix ({ pkgs, ... }: - let - - container = { - # We re-use the NixOS container option ... - boot.isContainer = true; - # ... and revert unwanted defaults - networking.useHostResolvConf = false; - - # use networkd to obtain systemd network setup - networking.useNetworkd = true; - networking.useDHCP = false; - - # systemd-nspawn expects /sbin/init - boot.loader.initScript.enable = true; - - imports = [ ../modules/profiles/minimal.nix ]; +let + + container = { config, ... }: { + # We re-use the NixOS container option ... + boot.isContainer = true; + # ... and revert unwanted defaults + networking.useHostResolvConf = false; + + # use networkd to obtain systemd network setup + networking.useNetworkd = true; + networking.useDHCP = false; + + # systemd-nspawn expects /sbin/init + boot.loader.initScript.enable = true; + + imports = [ ../modules/profiles/minimal.nix ]; + + system.stateVersion = config.system.nixos.version; + }; + + containerSystem = (import ../lib/eval-config.nix { + inherit (pkgs) system; + modules = [ container ]; + }).config.system.build.toplevel; + + containerName = "container"; + containerRoot = "/var/lib/machines/${containerName}"; + + containerTarball = pkgs.callPackage ../lib/make-system-tarball.nix { + storeContents = [ + { + object = containerSystem; + symlink = "/nix/var/nix/profiles/system"; + } + ]; + + contents = [ + { + source = containerSystem + "/etc/os-release"; + target = "/etc/os-release"; + } + { + source = containerSystem + "/init"; + target = "/sbin/init"; + } + ]; + }; +in +{ + name = "systemd-machinectl"; + + nodes.machine = { lib, ... }: { + # use networkd to obtain systemd network setup + networking.useNetworkd = true; + networking.useDHCP = false; + + # do not try to access cache.nixos.org + nix.settings.substituters = lib.mkForce [ ]; + + # auto-start container + systemd.targets.machines.wants = [ "systemd-nspawn@${containerName}.service" ]; + + virtualisation.additionalPaths = [ containerSystem containerTarball ]; + + systemd.tmpfiles.rules = [ + "d /var/lib/machines/shared-decl 0755 root root - -" + ]; + systemd.nspawn.shared-decl = { + execConfig = { + Boot = false; + Parameters = "${containerSystem}/init"; + }; + filesConfig = { + BindReadOnly = "/nix/store"; + }; }; - containerSystem = (import ../lib/eval-config.nix { - inherit (pkgs) system; - modules = [ container ]; - }).config.system.build.toplevel; - - containerName = "container"; - containerRoot = "/var/lib/machines/${containerName}"; - - in - { - name = "systemd-machinectl"; - - nodes.machine = { lib, ... }: { - # use networkd to obtain systemd network setup - networking.useNetworkd = true; - networking.useDHCP = false; - - # do not try to access cache.nixos.org - nix.settings.substituters = lib.mkForce [ ]; - - # auto-start container - systemd.targets.machines.wants = [ "systemd-nspawn@${containerName}.service" ]; - - virtualisation.additionalPaths = [ containerSystem ]; - - systemd.tmpfiles.rules = [ - "d /var/lib/machines/shared-decl 0755 root root - -" + systemd.services."systemd-nspawn@${containerName}" = { + serviceConfig.Environment = [ + # Disable tmpfs for /tmp + "SYSTEMD_NSPAWN_TMPFS_TMP=0" ]; - systemd.nspawn.shared-decl = { - execConfig = { - Boot = false; - Parameters = "${containerSystem}/init"; - }; - filesConfig = { - BindReadOnly = "/nix/store"; - }; - }; + overrideStrategy = "asDropin"; + }; - systemd.services."systemd-nspawn@${containerName}" = { - serviceConfig.Environment = [ - # Disable tmpfs for /tmp - "SYSTEMD_NSPAWN_TMPFS_TMP=0" - ]; - overrideStrategy = "asDropin"; - }; + # open DHCP for container + networking.firewall.extraCommands = '' + ${pkgs.iptables}/bin/iptables -A nixos-fw -i ve-+ -p udp -m udp --dport 67 -j nixos-fw-accept + ''; + }; - # open DHCP for container - networking.firewall.extraCommands = '' - ${pkgs.iptables}/bin/iptables -A nixos-fw -i ve-+ -p udp -m udp --dport 67 -j nixos-fw-accept - ''; - }; + testScript = '' + start_all() + machine.wait_for_unit("default.target"); - testScript = '' - start_all() - machine.wait_for_unit("default.target"); + # Test machinectl start stop of shared-decl + machine.succeed("machinectl start shared-decl"); + machine.wait_until_succeeds("systemctl -M shared-decl is-active default.target"); + machine.succeed("machinectl stop shared-decl"); - # Test machinectl start stop of shared-decl - machine.succeed("machinectl start shared-decl"); - machine.wait_until_succeeds("systemctl -M shared-decl is-active default.target"); - machine.succeed("machinectl stop shared-decl"); + # create containers root + machine.succeed("mkdir -p ${containerRoot}"); - # create containers root - machine.succeed("mkdir -p ${containerRoot}"); + # start container with shared nix store by using same arguments as for systemd-nspawn@.service + machine.succeed("systemd-run systemd-nspawn --machine=${containerName} --network-veth -U --bind-ro=/nix/store ${containerSystem}/init") + machine.wait_until_succeeds("systemctl -M ${containerName} is-active default.target"); - # start container with shared nix store by using same arguments as for systemd-nspawn@.service - machine.succeed("systemd-run systemd-nspawn --machine=${containerName} --network-veth -U --bind-ro=/nix/store ${containerSystem}/init") - machine.wait_until_succeeds("systemctl -M ${containerName} is-active default.target"); + # Test machinectl stop + machine.succeed("machinectl stop ${containerName}"); - # Test machinectl stop - machine.succeed("machinectl stop ${containerName}"); + # Install container + # Workaround for nixos-install + machine.succeed("chmod o+rx /var/lib/machines"); + machine.succeed("nixos-install --root ${containerRoot} --system ${containerSystem} --no-channel-copy --no-root-passwd"); - # Install container - # Workaround for nixos-install - machine.succeed("chmod o+rx /var/lib/machines"); - machine.succeed("nixos-install --root ${containerRoot} --system ${containerSystem} --no-channel-copy --no-root-passwd"); + # Allow systemd-nspawn to apply user namespace on immutable files + machine.succeed("chattr -i ${containerRoot}/var/empty"); - # Allow systemd-nspawn to apply user namespace on immutable files - machine.succeed("chattr -i ${containerRoot}/var/empty"); + # Test machinectl start + machine.succeed("machinectl start ${containerName}"); + machine.wait_until_succeeds("systemctl -M ${containerName} is-active default.target"); - # Test machinectl start - machine.succeed("machinectl start ${containerName}"); - machine.wait_until_succeeds("systemctl -M ${containerName} is-active default.target"); + # Test nss_mymachines without nscd + machine.succeed('LD_LIBRARY_PATH="/run/current-system/sw/lib" getent -s hosts:mymachines hosts ${containerName}'); - # Test nss_mymachines without nscd - machine.succeed('LD_LIBRARY_PATH="/run/current-system/sw/lib" getent -s hosts:mymachines hosts ${containerName}'); + # Test nss_mymachines via nscd + machine.succeed("getent hosts ${containerName}"); - # Test nss_mymachines via nscd - machine.succeed("getent hosts ${containerName}"); + # Test systemd-nspawn network configuration to container + machine.succeed("networkctl --json=short status ve-${containerName} | ${pkgs.jq}/bin/jq -e '.OperationalState == \"routable\"'"); - # Test systemd-nspawn network configuration to container - machine.succeed("networkctl --json=short status ve-${containerName} | ${pkgs.jq}/bin/jq -e '.OperationalState == \"routable\"'"); + # Test systemd-nspawn network configuration to host + machine.succeed("machinectl shell ${containerName} /run/current-system/sw/bin/networkctl --json=short status host0 | ${pkgs.jq}/bin/jq -r '.OperationalState == \"routable\"'"); - # Test systemd-nspawn network configuration to host - machine.succeed("machinectl shell ${containerName} /run/current-system/sw/bin/networkctl --json=short status host0 | ${pkgs.jq}/bin/jq -r '.OperationalState == \"routable\"'"); + # Test systemd-nspawn network configuration + machine.succeed("ping -n -c 1 ${containerName}"); - # Test systemd-nspawn network configuration - machine.succeed("ping -n -c 1 ${containerName}"); + # Test systemd-nspawn uses a user namespace + machine.succeed("test $(machinectl status ${containerName} | grep 'UID Shift: ' | wc -l) = 1") - # Test systemd-nspawn uses a user namespace - machine.succeed("test $(machinectl status ${containerName} | grep 'UID Shift: ' | wc -l) = 1") + # Test systemd-nspawn reboot + machine.succeed("machinectl shell ${containerName} /run/current-system/sw/bin/reboot"); + machine.wait_until_succeeds("systemctl -M ${containerName} is-active default.target"); - # Test systemd-nspawn reboot - machine.succeed("machinectl shell ${containerName} /run/current-system/sw/bin/reboot"); - machine.wait_until_succeeds("systemctl -M ${containerName} is-active default.target"); + # Test machinectl reboot + machine.succeed("machinectl reboot ${containerName}"); + machine.wait_until_succeeds("systemctl -M ${containerName} is-active default.target"); - # Test machinectl reboot - machine.succeed("machinectl reboot ${containerName}"); - machine.wait_until_succeeds("systemctl -M ${containerName} is-active default.target"); + # Restart machine + machine.shutdown() + machine.start() + machine.wait_for_unit("default.target"); - # Restart machine - machine.shutdown() - machine.start() - machine.wait_for_unit("default.target"); + # Test auto-start + machine.succeed("machinectl show ${containerName}") - # Test auto-start - machine.succeed("machinectl show ${containerName}") + # Test machinectl stop + machine.succeed("machinectl stop ${containerName}"); + machine.wait_until_succeeds("test $(systemctl is-active systemd-nspawn@${containerName}) = inactive"); - # Test machinectl stop - machine.succeed("machinectl stop ${containerName}"); - machine.wait_until_succeeds("test $(systemctl is-active systemd-nspawn@${containerName}) = inactive"); + # Test tmpfs for /tmp + machine.fail("mountpoint /tmp"); - # Test tmpfs for /tmp - machine.fail("mountpoint /tmp"); + # Show to to delete the container + machine.succeed("chattr -i ${containerRoot}/var/empty"); + machine.succeed("rm -rf ${containerRoot}"); - # Show to to delete the container - machine.succeed("chattr -i ${containerRoot}/var/empty"); - machine.succeed("rm -rf ${containerRoot}"); - ''; - } -) + # Test import tarball, start, stop and remove + machine.succeed("machinectl import-tar ${containerTarball}/tarball/*.tar* ${containerName}"); + machine.succeed("machinectl start ${containerName}"); + machine.wait_until_succeeds("systemctl -M ${containerName} is-active default.target"); + machine.succeed("machinectl stop ${containerName}"); + machine.wait_until_succeeds("test $(systemctl is-active systemd-nspawn@${containerName}) = inactive"); + machine.succeed("machinectl remove ${containerName}"); + ''; +}) diff --git a/nixpkgs/nixos/tests/systemd-networkd-bridge.nix b/nixpkgs/nixos/tests/systemd-networkd-bridge.nix new file mode 100644 index 000000000000..f1f8823e8420 --- /dev/null +++ b/nixpkgs/nixos/tests/systemd-networkd-bridge.nix @@ -0,0 +1,103 @@ +/* This test ensures that we can configure spanning-tree protocol + across bridges using systemd-networkd. + + Test topology: + + 1 2 3 + node1 --- sw1 --- sw2 --- node2 + \ / + 4 \ / 5 + sw3 + | + 6 | + | + node3 + + where switches 1, 2, and 3 bridge their links and use STP, + and each link is labeled with the VLAN we are assigning it in + virtualisation.vlans. +*/ +with builtins; +let + commonConf = { + systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug"; + networking.useNetworkd = true; + networking.useDHCP = false; + networking.firewall.enable = false; + }; + + generateNodeConf = { octet, vlan }: + { lib, pkgs, config, ... }: { + imports = [ common/user-account.nix commonConf ]; + virtualisation.vlans = [ vlan ]; + systemd.network = { + enable = true; + networks = { + "30-eth" = { + matchConfig.Name = "eth1"; + address = [ "10.0.0.${toString octet}/24" ]; + }; + }; + }; + }; + + generateSwitchConf = vlans: + { lib, pkgs, config, ... }: { + imports = [ common/user-account.nix commonConf ]; + virtualisation.vlans = vlans; + systemd.network = { + enable = true; + netdevs = { + "40-br0" = { + netdevConfig = { + Kind = "bridge"; + Name = "br0"; + }; + bridgeConfig.STP = "yes"; + }; + }; + networks = { + "30-eth" = { + matchConfig.Name = "eth*"; + networkConfig.Bridge = "br0"; + }; + "40-br0" = { matchConfig.Name = "br0"; }; + }; + }; + }; +in import ./make-test-python.nix ({ pkgs, ... }: { + name = "networkd"; + meta = with pkgs.lib.maintainers; { maintainers = [ picnoir ]; }; + nodes = { + node1 = generateNodeConf { + octet = 1; + vlan = 1; + }; + node2 = generateNodeConf { + octet = 2; + vlan = 3; + }; + node3 = generateNodeConf { + octet = 3; + vlan = 6; + }; + sw1 = generateSwitchConf [ 1 2 4 ]; + sw2 = generateSwitchConf [ 2 3 5 ]; + sw3 = generateSwitchConf [ 4 5 6 ]; + }; + testScript = '' + network_nodes = [node1, node2, node3] + network_switches = [sw1, sw2, sw3] + start_all() + + for n in network_nodes + network_switches: + n.wait_for_unit("systemd-networkd-wait-online.service") + + node1.succeed("ping 10.0.0.2 -w 10 -c 1") + node1.succeed("ping 10.0.0.3 -w 10 -c 1") + node2.succeed("ping 10.0.0.1 -w 10 -c 1") + node2.succeed("ping 10.0.0.3 -w 10 -c 1") + node3.succeed("ping 10.0.0.1 -w 10 -c 1") + node3.succeed("ping 10.0.0.2 -w 10 -c 1") + ''; +}) diff --git a/nixpkgs/nixos/tests/systemd.nix b/nixpkgs/nixos/tests/systemd.nix index 1a39cc73c886..4b087d403f37 100644 --- a/nixpkgs/nixos/tests/systemd.nix +++ b/nixpkgs/nixos/tests/systemd.nix @@ -1,7 +1,7 @@ import ./make-test-python.nix ({ pkgs, ... }: { name = "systemd"; - nodes.machine = { lib, ... }: { + nodes.machine = { config, lib, ... }: { imports = [ common/user-account.nix common/x11.nix ]; virtualisation.emptyDiskImages = [ 512 512 ]; @@ -38,9 +38,18 @@ import ./make-test-python.nix ({ pkgs, ... }: { script = "true"; }; + systemd.services.testDependency1 = { + description = "Test Dependency 1"; + wantedBy = [ config.systemd.services."testservice1".name ]; + serviceConfig.Type = "oneshot"; + script = '' + true + ''; + }; + systemd.services.testservice1 = { description = "Test Service 1"; - wantedBy = [ "multi-user.target" ]; + wantedBy = [ config.systemd.targets.multi-user.name ]; serviceConfig.Type = "oneshot"; script = '' if [ "$XXX_SYSTEM" = foo ]; then diff --git a/nixpkgs/nixos/tests/technitium-dns-server.nix b/nixpkgs/nixos/tests/technitium-dns-server.nix new file mode 100644 index 000000000000..016c9d4ecead --- /dev/null +++ b/nixpkgs/nixos/tests/technitium-dns-server.nix @@ -0,0 +1,21 @@ +import ./make-test-python.nix ({pkgs, lib, ...}: +{ + name = "technitium-dns-server"; + + nodes = { + machine = {pkgs, ...}: { + services.technitium-dns-server = { + enable = true; + openFirewall = true; + }; + }; + }; + + testScript = '' + start_all() + machine.wait_for_unit("technitium-dns-server.service") + machine.wait_for_open_port(53) + ''; + + meta.maintainers = with lib.maintainers; [ fabianrig ]; +}) diff --git a/nixpkgs/nixos/tests/teleport.nix b/nixpkgs/nixos/tests/teleport.nix index d68917c6c7ac..2fb347155759 100644 --- a/nixpkgs/nixos/tests/teleport.nix +++ b/nixpkgs/nixos/tests/teleport.nix @@ -9,8 +9,8 @@ with import ../lib/testing-python.nix { inherit system pkgs; }; let packages = with pkgs; { "default" = teleport; - "12" = teleport_12; "13" = teleport_13; + "14" = teleport_14; }; minimal = package: { diff --git a/nixpkgs/nixos/tests/unifi.nix b/nixpkgs/nixos/tests/unifi.nix index d371bafd6965..789b11b55985 100644 --- a/nixpkgs/nixos/tests/unifi.nix +++ b/nixpkgs/nixos/tests/unifi.nix @@ -31,8 +31,6 @@ let ''; }; in with pkgs; { - unifiLTS = makeAppTest unifiLTS; - unifi5 = makeAppTest unifi5; - unifi6 = makeAppTest unifi6; unifi7 = makeAppTest unifi7; + unifi8 = makeAppTest unifi8; } diff --git a/nixpkgs/nixos/tests/vaultwarden.nix b/nixpkgs/nixos/tests/vaultwarden.nix index 9d2f0e6ab060..28ff170e3610 100644 --- a/nixpkgs/nixos/tests/vaultwarden.nix +++ b/nixpkgs/nixos/tests/vaultwarden.nix @@ -106,7 +106,7 @@ let wait = WebDriverWait(driver, 10) - wait.until(EC.title_contains("Create account")) + wait.until(EC.title_contains("Vaultwarden Web")) driver.find_element(By.CSS_SELECTOR, 'input#register-form_input_email').send_keys( '${userEmail}' diff --git a/nixpkgs/nixos/tests/wastebin.nix b/nixpkgs/nixos/tests/wastebin.nix new file mode 100644 index 000000000000..1cf0ff80ae99 --- /dev/null +++ b/nixpkgs/nixos/tests/wastebin.nix @@ -0,0 +1,19 @@ +import ./make-test-python.nix ({ pkgs, lib, ... }: { + name = "wastebin"; + + meta = { + maintainers = with lib.maintainers; [ pinpox ]; + }; + + nodes.machine = { pkgs, ... }: { + services.wastebin = { + enable = true; + }; + }; + + testScript = '' + machine.wait_for_unit("wastebin.service") + machine.wait_for_open_port(8088) + machine.succeed("curl --fail http://localhost:8088/") + ''; +}) diff --git a/nixpkgs/nixos/tests/web-apps/gotosocial.nix b/nixpkgs/nixos/tests/web-apps/gotosocial.nix index 8c4e76b14e3b..f9d28c2b8b99 100644 --- a/nixpkgs/nixos/tests/web-apps/gotosocial.nix +++ b/nixpkgs/nixos/tests/web-apps/gotosocial.nix @@ -1,7 +1,7 @@ { lib, ... }: { name = "gotosocial"; - meta.maintainers = with lib.maintainers; [ misuzu blakesmith ]; + meta.maintainers = with lib.maintainers; [ blakesmith ]; nodes.machine = { pkgs, ... }: { environment.systemPackages = [ pkgs.jq ]; diff --git a/nixpkgs/nixos/tests/web-apps/mastodon/remote-databases.nix b/nixpkgs/nixos/tests/web-apps/mastodon/remote-databases.nix index fa6430a99353..55243658ec6a 100644 --- a/nixpkgs/nixos/tests/web-apps/mastodon/remote-databases.nix +++ b/nixpkgs/nixos/tests/web-apps/mastodon/remote-databases.nix @@ -33,7 +33,7 @@ in extraHosts = hosts; firewall.allowedTCPPorts = [ config.services.redis.servers.mastodon.port - config.services.postgresql.port + config.services.postgresql.settings.port ]; }; diff --git a/nixpkgs/nixos/tests/web-apps/movim/default.nix b/nixpkgs/nixos/tests/web-apps/movim/default.nix new file mode 100644 index 000000000000..5d6314e2b41b --- /dev/null +++ b/nixpkgs/nixos/tests/web-apps/movim/default.nix @@ -0,0 +1,8 @@ +{ system ? builtins.currentSystem, handleTestOn }: + +let + supportedSystems = [ "x86_64-linux" "i686-linux" ]; +in +{ + standard = handleTestOn supportedSystems ./standard.nix { inherit system; }; +} diff --git a/nixpkgs/nixos/tests/web-apps/movim/standard.nix b/nixpkgs/nixos/tests/web-apps/movim/standard.nix new file mode 100644 index 000000000000..470d81d8f722 --- /dev/null +++ b/nixpkgs/nixos/tests/web-apps/movim/standard.nix @@ -0,0 +1,102 @@ +import ../../make-test-python.nix ({ lib, pkgs, ... }: + +let + movim = { + domain = "movim.local"; + info = "No ToS in tests"; + description = "NixOS testing server"; + }; + xmpp = { + domain = "xmpp.local"; + admin = rec { + JID = "${username}@${xmpp.domain}"; + username = "romeo"; + password = "juliet"; + }; + }; +in +{ + name = "movim-standard"; + + meta = { + maintainers = with pkgs.lib.maintainers; [ toastal ]; + }; + + nodes = { + server = { pkgs, ... }: { + services.movim = { + inherit (movim) domain; + enable = true; + verbose = true; + podConfig = { + inherit (movim) description info; + xmppdomain = xmpp.domain; + }; + nginx = { }; + }; + + services.prosody = { + enable = true; + xmppComplianceSuite = false; + disco_items = [ + { url = "upload.${xmpp.domain}"; description = "File Uploads"; } + ]; + virtualHosts."${xmpp.domain}" = { + inherit (xmpp) domain; + enabled = true; + extraConfig = '' + Component "pubsub.${xmpp.domain}" "pubsub" + pubsub_max_items = 10000 + expose_publisher = true + + Component "upload.${xmpp.domain}" "http_file_share" + http_external_url = "http://upload.${xmpp.domain}" + http_file_share_expires_after = 300 * 24 * 60 * 60 + http_file_share_size_limit = 1024 * 1024 * 1024 + http_file_share_daily_quota = 4 * 1024 * 1024 * 1024 + ''; + }; + extraConfig = '' + pep_max_items = 10000 + + http_paths = { + file_share = "/"; + } + ''; + }; + + networking.extraHosts = '' + 127.0.0.1 ${movim.domain} + 127.0.0.1 ${xmpp.domain} + ''; + }; + }; + + testScript = /* python */ '' + server.wait_for_unit("phpfpm-movim.service") + server.wait_for_unit("nginx.service") + server.wait_for_open_port(80) + + server.wait_for_unit("prosody.service") + server.succeed('prosodyctl status | grep "Prosody is running"') + server.succeed("prosodyctl register ${xmpp.admin.username} ${xmpp.domain} ${xmpp.admin.password}") + + server.wait_for_unit("movim.service") + + # Test unauthenticated + server.fail("curl -L --fail-with-body --max-redirs 0 http://${movim.domain}/chat") + + # Test basic Websocket + server.succeed("echo \"\" | ${lib.getExe pkgs.websocat} 'ws://${movim.domain}/ws/?path=login&offset=0' --origin 'http://${movim.domain}'") + + # Test login + create cookiejar + login_html = server.succeed("curl --fail-with-body -c /tmp/cookies http://${movim.domain}/login") + assert "${movim.description}" in login_html + assert "${movim.info}" in login_html + + # Test authentication POST + server.succeed("curl --fail-with-body -b /tmp/cookies -X POST --data-urlencode 'username=${xmpp.admin.JID}' --data-urlencode 'password=${xmpp.admin.password}' http://${movim.domain}/login") + + server.succeed("curl -L --fail-with-body --max-redirs 1 -b /tmp/cookies http://${movim.domain}/chat") + ''; +}) diff --git a/nixpkgs/nixos/tests/wmderland.nix b/nixpkgs/nixos/tests/wmderland.nix index ebfd443763e1..c60751c44e2c 100644 --- a/nixpkgs/nixos/tests/wmderland.nix +++ b/nixpkgs/nixos/tests/wmderland.nix @@ -7,7 +7,7 @@ import ./make-test-python.nix ({ pkgs, ...} : { nodes.machine = { lib, ... }: { imports = [ ./common/x11.nix ./common/user-account.nix ]; test-support.displayManager.auto.user = "alice"; - services.xserver.displayManager.defaultSession = lib.mkForce "none+wmderland"; + services.displayManager.defaultSession = lib.mkForce "none+wmderland"; services.xserver.windowManager.wmderland.enable = true; systemd.services.setupWmderlandConfig = { diff --git a/nixpkgs/nixos/tests/workout-tracker.nix b/nixpkgs/nixos/tests/workout-tracker.nix new file mode 100644 index 000000000000..1ad509edf2d4 --- /dev/null +++ b/nixpkgs/nixos/tests/workout-tracker.nix @@ -0,0 +1,29 @@ +import ./make-test-python.nix ( + { lib, pkgs, ... }: + + { + name = "workout-tracker"; + + meta.maintainers = with lib.maintainers; [ bhankas ]; + + nodes.machine = + { config, ... }: + { + virtualisation.memorySize = 2048; + + services.workout-tracker.enable = true; + }; + + testScript = '' + start_all() + machine.wait_for_unit("workout-tracker.service") + # wait for workout-tracker to fully come up + + with subtest("workout-tracker service starts"): + machine.wait_until_succeeds( + "curl -sSfL http://localhost:8080/ > /dev/null", + timeout=30 + ) + ''; + } +) diff --git a/nixpkgs/nixos/tests/wpa_supplicant.nix b/nixpkgs/nixos/tests/wpa_supplicant.nix index 8c701ca7d5f7..5e3b39f27ecf 100644 --- a/nixpkgs/nixos/tests/wpa_supplicant.nix +++ b/nixpkgs/nixos/tests/wpa_supplicant.nix @@ -102,17 +102,34 @@ import ./make-test-python.nix ({ pkgs, lib, ...}: test2.psk = "@PSK_SPECIAL@"; # should be replaced test3.psk = "@PSK_MISSING@"; # should not be replaced test4.psk = "P@ssowrdWithSome@tSymbol"; # should not be replaced + test5.psk = "@PSK_AWK_REGEX@"; # should be replaced }; # secrets environmentFile = pkgs.writeText "wpa-secrets" '' PSK_VALID="S0m3BadP4ssw0rd"; # taken from https://github.com/minimaxir/big-list-of-naughty-strings - PSK_SPECIAL=",./;'[]\-= <>?:\"{}|_+ !@#$%^\&*()`~"; + PSK_SPECIAL=",./;'[]\/\-= <>?:\"{}|_+ !@#$%^&*()`~"; + PSK_AWK_REGEX="PassowrdWith&symbol"; ''; }; }; + imperative = { ... }: { + imports = [ ../modules/profiles/minimal.nix ]; + + # add a virtual wlan interface + boot.kernelModules = [ "mac80211_hwsim" ]; + + # wireless client + networking.wireless = { + enable = lib.mkOverride 0 true; + userControlled.enable = true; + allowAuxiliaryImperativeNetworks = true; + interfaces = [ "wlan1" ]; + }; + }; + # Test connecting to the SAE-only hotspot using SAE machineSae = machineWithHostapd { networking.wireless = { @@ -171,6 +188,7 @@ import ./make-test-python.nix ({ pkgs, lib, ...}: basic.fail(f"grep -q @PSK_SPECIAL@ {config_file}") basic.succeed(f"grep -q @PSK_MISSING@ {config_file}") basic.succeed(f"grep -q P@ssowrdWithSome@tSymbol {config_file}") + basic.succeed(f"grep -q 'PassowrdWith&symbol' {config_file}") with subtest("WPA2 fallbacks have been generated"): assert int(basic.succeed(f"grep -c sae-only {config_file}")) == 1 @@ -185,6 +203,15 @@ import ./make-test-python.nix ({ pkgs, lib, ...}: assert "Failed to connect" not in status, \ "Failed to connect to the daemon" + with subtest("Daemon can be configured imperatively"): + imperative.wait_for_unit("wpa_supplicant-wlan1.service") + imperative.wait_until_succeeds("wpa_cli -i wlan1 status") + imperative.succeed("wpa_cli -i wlan1 add_network") + imperative.succeed("wpa_cli -i wlan1 set_network 0 ssid '\"nixos-test\"'") + imperative.succeed("wpa_cli -i wlan1 set_network 0 psk '\"reproducibility\"'") + imperative.succeed("wpa_cli -i wlan1 save_config") + imperative.succeed("grep -q nixos-test /etc/wpa_supplicant.conf") + machineSae.wait_for_unit("hostapd.service") machineSae.copy_from_vm("/run/hostapd/wlan0.hostapd.conf") with subtest("Daemon can connect to the SAE access point using SAE"): diff --git a/nixpkgs/nixos/tests/xfce.nix b/nixpkgs/nixos/tests/xfce.nix index 9620e9188cbf..d97f07d75271 100644 --- a/nixpkgs/nixos/tests/xfce.nix +++ b/nixpkgs/nixos/tests/xfce.nix @@ -10,13 +10,11 @@ import ./make-test-python.nix ({ pkgs, ...} : { ]; services.xserver.enable = true; + services.xserver.displayManager.lightdm.enable = true; - services.xserver.displayManager = { - lightdm.enable = true; - autoLogin = { - enable = true; - user = "alice"; - }; + services.displayManager.autoLogin = { + enable = true; + user = "alice"; }; services.xserver.desktopManager.xfce.enable = true; diff --git a/nixpkgs/nixos/tests/xmonad-xdg-autostart.nix b/nixpkgs/nixos/tests/xmonad-xdg-autostart.nix index 2577a9ce2ea1..f1780072f974 100644 --- a/nixpkgs/nixos/tests/xmonad-xdg-autostart.nix +++ b/nixpkgs/nixos/tests/xmonad-xdg-autostart.nix @@ -5,7 +5,7 @@ import ./make-test-python.nix ({ lib, ... }: { nodes.machine = { pkgs, config, ... }: { imports = [ ./common/x11.nix ./common/user-account.nix ]; test-support.displayManager.auto.user = "alice"; - services.xserver.displayManager.defaultSession = "none+xmonad"; + services.displayManager.defaultSession = "none+xmonad"; services.xserver.windowManager.xmonad.enable = true; services.xserver.desktopManager.runXdgAutostartIfNone = true; diff --git a/nixpkgs/nixos/tests/xmonad.nix b/nixpkgs/nixos/tests/xmonad.nix index ec48c3e11275..c61e96886e2c 100644 --- a/nixpkgs/nixos/tests/xmonad.nix +++ b/nixpkgs/nixos/tests/xmonad.nix @@ -61,7 +61,7 @@ in { nodes.machine = { pkgs, ... }: { imports = [ ./common/x11.nix ./common/user-account.nix ]; test-support.displayManager.auto.user = "alice"; - services.xserver.displayManager.defaultSession = "none+xmonad"; + services.displayManager.defaultSession = "none+xmonad"; services.xserver.windowManager.xmonad = { enable = true; enableConfiguredRecompile = true; |