nixos/*: convert straggler options to MD
This commit is contained in:
parent
e04a09082e
commit
1d41cff3dc
@ -12,19 +12,19 @@ let
|
||||
backups. It consists of a series of retention periodes to interval
|
||||
associations:
|
||||
|
||||
<literal>
|
||||
```
|
||||
retA=>intA,retB=>intB,...
|
||||
</literal>
|
||||
```
|
||||
|
||||
Both intervals and retention periods are expressed in standard units
|
||||
of time or multiples of them. You can use both the full name or a
|
||||
shortcut according to the following listing:
|
||||
|
||||
<literal>
|
||||
```
|
||||
second|sec|s, minute|min, hour|h, day|d, week|w, month|mon|m, year|y
|
||||
</literal>
|
||||
```
|
||||
|
||||
See <citerefentry><refentrytitle>znapzendzetup</refentrytitle><manvolnum>1</manvolnum></citerefentry> for more info.
|
||||
See {manpage}`znapzendzetup(1)` for more info.
|
||||
'';
|
||||
planExample = "1h=>10min,1d=>1h,1w=>1d,1m=>1w,1y=>1m";
|
||||
|
||||
@ -57,7 +57,7 @@ let
|
||||
|
||||
plan = mkOption {
|
||||
type = str;
|
||||
description = planDescription;
|
||||
description = lib.mdDoc planDescription;
|
||||
example = planExample;
|
||||
};
|
||||
|
||||
@ -209,7 +209,7 @@ let
|
||||
|
||||
plan = mkOption {
|
||||
type = str;
|
||||
description = planDescription;
|
||||
description = lib.mdDoc planDescription;
|
||||
example = planExample;
|
||||
};
|
||||
|
||||
|
@ -137,9 +137,9 @@ in
|
||||
{
|
||||
}
|
||||
'';
|
||||
description = ''
|
||||
The <filename>database.yml</filename> configuration file as key value set.
|
||||
See <link xlink:href="TODO"/>
|
||||
description = lib.mdDoc ''
|
||||
The {file}`database.yml` configuration file as key value set.
|
||||
See \<TODO\>
|
||||
for list of configuration parameters.
|
||||
'';
|
||||
};
|
||||
|
@ -80,8 +80,8 @@ in
|
||||
extraOptions = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
description = ''
|
||||
Extra configuration lines for the <filename>teeworlds.cfg</filename>. See <link xlink:href="https://www.teeworlds.com/?page=docs&wiki=server_settings">Teeworlds Documentation</link>.
|
||||
description = lib.mdDoc ''
|
||||
Extra configuration lines for the {file}`teeworlds.cfg`. See [Teeworlds Documentation](https://www.teeworlds.com/?page=docs&wiki=server_settings).
|
||||
'';
|
||||
example = [ "sv_map dm1" "sv_gametype dm" ];
|
||||
};
|
||||
|
@ -22,10 +22,10 @@ with lib;
|
||||
};
|
||||
|
||||
secretsFile = mkOption {
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
The secret data used to encode the SRS address.
|
||||
to generate, use a command like:
|
||||
<literal>for n in $(seq 5); do dd if=/dev/urandom count=1 bs=1024 status=none | sha256sum | sed 's/ -$//' | sed 's/^/ /'; done</literal>
|
||||
`for n in $(seq 5); do dd if=/dev/urandom count=1 bs=1024 status=none | sha256sum | sed 's/ -$//' | sed 's/^/ /'; done`
|
||||
'';
|
||||
type = types.path;
|
||||
default = "/var/lib/pfix-srsd/secrets";
|
||||
|
@ -22,23 +22,26 @@ in
|
||||
|
||||
config = mkOption {
|
||||
type = types.lines;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
The SpamAssassin local.cf config
|
||||
|
||||
If you are using this configuration:
|
||||
add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_
|
||||
|
||||
add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_
|
||||
|
||||
Then you can Use this sieve filter:
|
||||
require ["fileinto", "reject", "envelope"];
|
||||
|
||||
if header :contains "X-Spam-Flag" "YES" {
|
||||
fileinto "spam";
|
||||
}
|
||||
require ["fileinto", "reject", "envelope"];
|
||||
|
||||
if header :contains "X-Spam-Flag" "YES" {
|
||||
fileinto "spam";
|
||||
}
|
||||
|
||||
Or this procmail filter:
|
||||
:0:
|
||||
* ^X-Spam-Flag: YES
|
||||
/var/vpopmail/domains/lastlog.de/js/.maildir/.spam/new
|
||||
|
||||
:0:
|
||||
* ^X-Spam-Flag: YES
|
||||
/var/vpopmail/domains/lastlog.de/js/.maildir/.spam/new
|
||||
|
||||
To filter your messages based on the additional mail headers added by spamassassin.
|
||||
'';
|
||||
|
@ -149,15 +149,15 @@ let
|
||||
};
|
||||
};
|
||||
});
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Output scale configuration.
|
||||
|
||||
Either configure by pixels or a scaling factor. When using pixel method the
|
||||
<citerefentry><refentrytitle>xrandr</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
||||
{manpage}`xrandr(1)`
|
||||
option
|
||||
<parameter class="command">--scale-from</parameter>
|
||||
`--scale-from`
|
||||
will be used; when using factor method the option
|
||||
<parameter class="command">--scale</parameter>
|
||||
`--scale`
|
||||
will be used.
|
||||
|
||||
This option is a shortcut version of the transform option and they are mutually
|
||||
|
@ -322,14 +322,14 @@ in
|
||||
};
|
||||
|
||||
service = {
|
||||
DISABLE_REGISTRATION = mkEnableOption "the registration lock" // {
|
||||
description = ''
|
||||
By default any user can create an account on this <literal>gitea</literal> instance.
|
||||
DISABLE_REGISTRATION = mkEnableOption (lib.mdDoc "the registration lock") // {
|
||||
description = lib.mdDoc ''
|
||||
By default any user can create an account on this `gitea` instance.
|
||||
This can be disabled by using this option.
|
||||
|
||||
<emphasis>Note:</emphasis> please keep in mind that this should be added after the initial
|
||||
deploy unless <link linkend="opt-services.gitea.useWizard">services.gitea.useWizard</link>
|
||||
is <literal>true</literal> as the first registered user will be the administrator if
|
||||
*Note:* please keep in mind that this should be added after the initial
|
||||
deploy unless [](#opt-services.gitea.useWizard)
|
||||
is `true` as the first registered user will be the administrator if
|
||||
no install wizard is used.
|
||||
'';
|
||||
};
|
||||
|
@ -211,7 +211,7 @@ let
|
||||
templatesDir = mkOption {
|
||||
type = types.path;
|
||||
default = gititShared + "/data/templates";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Specifies the path of the directory containing page templates. If it
|
||||
does not exist, gitit will create it with default templates. Users
|
||||
may wish to edit the templates to customize the appearance of their
|
||||
@ -490,10 +490,10 @@ let
|
||||
absoluteUrls = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Make wikilinks absolute with respect to the base-url. So, for
|
||||
example, in a wiki served at the base URL '/wiki', on a page
|
||||
Sub/Page, the wikilink '[Cactus]()' will produce a link to
|
||||
Sub/Page, the wikilink `[Cactus]()` will produce a link to
|
||||
'/wiki/Cactus' if absoluteUrls is true, and a relative link to
|
||||
'Cactus' (referring to '/wiki/Sub/Cactus') if absolute-urls is 'no'.
|
||||
'';
|
||||
|
@ -628,17 +628,17 @@ in
|
||||
sandbox-paths = { "/bin/sh" = "''${pkgs.busybox-sandbox-shell.out}/bin/busybox"; };
|
||||
}
|
||||
'';
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Configuration for Nix, see
|
||||
<link xlink:href="https://nixos.org/manual/nix/stable/#sec-conf-file"/> or
|
||||
<citerefentry><refentrytitle>nix.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry> for avalaible options.
|
||||
<https://nixos.org/manual/nix/stable/#sec-conf-file> or
|
||||
{manpage}`nix.conf(5)` for avalaible options.
|
||||
The value declared here will be translated directly to the key-value pairs Nix expects.
|
||||
|
||||
You can use <command>nix-instantiate --eval --strict '<nixpkgs/nixos>' -A config.nix.settings</command>
|
||||
You can use {command}`nix-instantiate --eval --strict '<nixpkgs/nixos>' -A config.nix.settings`
|
||||
to view the current value. By default it is empty.
|
||||
|
||||
Nix configurations defined under <option>nix.*</option> will be translated and applied to this
|
||||
option. In addition, configuration specified in <option>nix.extraOptions</option> which will be appended
|
||||
Nix configurations defined under {option}`nix.*` will be translated and applied to this
|
||||
option. In addition, configuration specified in {option}`nix.extraOptions` which will be appended
|
||||
verbatim to the resulting config file.
|
||||
'';
|
||||
};
|
||||
|
@ -16,16 +16,16 @@ in
|
||||
devices = lib.mkOption {
|
||||
default = {};
|
||||
type = with lib.types; attrsOf str;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
A set of virtual proxy device labels with backing physical device ids.
|
||||
|
||||
Physical devices should already exist in <filename class="devicefile">/dev/input/by-id/</filename>.
|
||||
Proxy devices will be automatically given a <literal>uinput-</literal> prefix.
|
||||
Physical devices should already exist in {file}`/dev/input/by-id/`.
|
||||
Proxy devices will be automatically given a `uinput-` prefix.
|
||||
|
||||
See the <link xlink:href="https://github.com/aiberia/persistent-evdev#example-usage-with-libvirt">project page</link>
|
||||
See the [project page](https://github.com/aiberia/persistent-evdev#example-usage-with-libvirt)
|
||||
for example configuration of virtual devices with libvirt
|
||||
and remember to add <literal>uinput-*</literal> devices to the qemu
|
||||
<literal>cgroup_device_acl</literal> list (see <xref linkend="opt-virtualisation.libvirtd.qemu.verbatimConfig"/>).
|
||||
and remember to add `uinput-*` devices to the qemu
|
||||
`cgroup_device_acl` list (see [](#opt-virtualisation.libvirtd.qemu.verbatimConfig)).
|
||||
'';
|
||||
example = lib.literalExpression ''
|
||||
{
|
||||
|
@ -115,10 +115,10 @@ let
|
||||
example = literalExpression ''
|
||||
"-i eth0 -p tcp -m tcp --dport ${toString port}"
|
||||
'';
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Specify a filter for iptables to use when
|
||||
<option>services.prometheus.exporters.${name}.openFirewall</option>
|
||||
is true. It is used as `ip46tables -I nixos-fw <option>firewallFilter</option> -j nixos-fw-accept`.
|
||||
{option}`services.prometheus.exporters.${name}.openFirewall`
|
||||
is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
|
||||
'';
|
||||
};
|
||||
user = mkOption {
|
||||
|
@ -135,9 +135,9 @@ in
|
||||
default = "root";
|
||||
example = "example@domain.tld";
|
||||
type = types.str;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Sender of the notification messages.
|
||||
Acts as the value of <literal>email</literal> in the emails' <literal>From: ... </literal> field.
|
||||
Acts as the value of `email` in the emails' `From: ...` field.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -155,10 +155,10 @@ in {
|
||||
type = types.listOf types.str;
|
||||
default = [ ];
|
||||
example = [ "127.0.0.1" "192.168.1.0/24" ];
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
List of target IP ranges, use empty list for any.
|
||||
May also contain host names instead of addresses.
|
||||
It's possible to use wildmask in the begginning and in the the end of hostname, e.g. *badsite.com or *badcontent*.
|
||||
It's possible to use wildmask in the begginning and in the the end of hostname, e.g. `*badsite.com` or `*badcontent*`.
|
||||
Hostname is only checked if hostname presents in request.
|
||||
'';
|
||||
};
|
||||
|
@ -327,9 +327,9 @@ in {
|
||||
type = mkOption {
|
||||
type = types.enum (attrNames dispatcherTypesSubdirMap);
|
||||
default = "basic";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Dispatcher hook type. Look up the hooks described at
|
||||
<link xlink:href="https://developer.gnome.org/NetworkManager/stable/NetworkManager.html">https://developer.gnome.org/NetworkManager/stable/NetworkManager.html</link>
|
||||
[https://developer.gnome.org/NetworkManager/stable/NetworkManager.html](https://developer.gnome.org/NetworkManager/stable/NetworkManager.html)
|
||||
and choose the type depending on the output folder.
|
||||
You should then filter the event type (e.g., "up"/"down") from within your script.
|
||||
'';
|
||||
|
@ -194,19 +194,20 @@ let
|
||||
default = null;
|
||||
example = "demo.wireguard.io:12913";
|
||||
type = with types; nullOr str;
|
||||
description = ''Endpoint IP or hostname of the peer, followed by a colon,
|
||||
and then a port number of the peer.
|
||||
description = lib.mdDoc ''
|
||||
Endpoint IP or hostname of the peer, followed by a colon,
|
||||
and then a port number of the peer.
|
||||
|
||||
Warning for endpoints with changing IPs:
|
||||
The WireGuard kernel side cannot perform DNS resolution.
|
||||
Thus DNS resolution is done once by the <literal>wg</literal> userspace
|
||||
utility, when setting up WireGuard. Consequently, if the IP address
|
||||
behind the name changes, WireGuard will not notice.
|
||||
This is especially common for dynamic-DNS setups, but also applies to
|
||||
any other DNS-based setup.
|
||||
If you do not use IP endpoints, you likely want to set
|
||||
<option>networking.wireguard.dynamicEndpointRefreshSeconds</option>
|
||||
to refresh the IPs periodically.
|
||||
Warning for endpoints with changing IPs:
|
||||
The WireGuard kernel side cannot perform DNS resolution.
|
||||
Thus DNS resolution is done once by the `wg` userspace
|
||||
utility, when setting up WireGuard. Consequently, if the IP address
|
||||
behind the name changes, WireGuard will not notice.
|
||||
This is especially common for dynamic-DNS setups, but also applies to
|
||||
any other DNS-based setup.
|
||||
If you do not use IP endpoints, you likely want to set
|
||||
{option}`networking.wireguard.dynamicEndpointRefreshSeconds`
|
||||
to refresh the IPs periodically.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -149,27 +149,27 @@ in
|
||||
};
|
||||
}
|
||||
'';
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Configuration for ZNC, see
|
||||
<link xlink:href="https://wiki.znc.in/Configuration"/> for details. The
|
||||
<https://wiki.znc.in/Configuration> for details. The
|
||||
Nix value declared here will be translated directly to the xml-like
|
||||
format ZNC expects. This is much more flexible than the legacy options
|
||||
under <option>services.znc.confOptions.*</option>, but also can't do
|
||||
under {option}`services.znc.confOptions.*`, but also can't do
|
||||
any type checking.
|
||||
|
||||
You can use <command>nix-instantiate --eval --strict '<nixpkgs/nixos>' -A config.services.znc.config</command>
|
||||
You can use {command}`nix-instantiate --eval --strict '<nixpkgs/nixos>' -A config.services.znc.config`
|
||||
to view the current value. By default it contains a listener for port
|
||||
5000 with SSL enabled.
|
||||
|
||||
Nix attributes called <literal>extraConfig</literal> will be inserted
|
||||
Nix attributes called `extraConfig` will be inserted
|
||||
verbatim into the resulting config file.
|
||||
|
||||
If <option>services.znc.useLegacyConfig</option> is turned on, the
|
||||
option values in <option>services.znc.confOptions.*</option> will be
|
||||
If {option}`services.znc.useLegacyConfig` is turned on, the
|
||||
option values in {option}`services.znc.confOptions.*` will be
|
||||
gracefully be applied to this option.
|
||||
|
||||
If you intend to update the configuration through this option, be sure
|
||||
to enable <option>services.znc.mutable</option>, otherwise none of the
|
||||
to enable {option}`services.znc.mutable`, otherwise none of the
|
||||
changes here will be applied after the initial deploy.
|
||||
'';
|
||||
};
|
||||
|
@ -97,18 +97,18 @@ in
|
||||
useLegacyConfig = mkOption {
|
||||
default = true;
|
||||
type = types.bool;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Whether to propagate the legacy options under
|
||||
<option>services.znc.confOptions.*</option> to the znc config. If this
|
||||
{option}`services.znc.confOptions.*` to the znc config. If this
|
||||
is turned on, the znc config will contain a user with the default name
|
||||
"znc", global modules "webadmin" and "adminlog" will be enabled by
|
||||
default, and more, all controlled through the
|
||||
<option>services.znc.confOptions.*</option> options.
|
||||
You can use <command>nix-instantiate --eval --strict '<nixpkgs/nixos>' -A config.services.znc.config</command>
|
||||
{option}`services.znc.confOptions.*` options.
|
||||
You can use {command}`nix-instantiate --eval --strict '<nixpkgs/nixos>' -A config.services.znc.config`
|
||||
to view the current value of the config.
|
||||
|
||||
In any case, if you need more flexibility,
|
||||
<option>services.znc.config</option> can be used to override/add to
|
||||
{option}`services.znc.config` can be used to override/add to
|
||||
all of the legacy options.
|
||||
'';
|
||||
};
|
||||
@ -177,11 +177,11 @@ in
|
||||
</Pass>
|
||||
'';
|
||||
type = types.str;
|
||||
description = ''
|
||||
Generate with <command>nix-shell -p znc --command "znc --makepass"</command>.
|
||||
description = lib.mdDoc ''
|
||||
Generate with {command}`nix-shell -p znc --command "znc --makepass"`.
|
||||
This is the password used to log in to the ZNC web admin interface.
|
||||
You can also set this through
|
||||
<option>services.znc.config.User.<username>.Pass.Method</option>
|
||||
{option}`services.znc.config.User.<username>.Pass.Method`
|
||||
and co.
|
||||
'';
|
||||
};
|
||||
|
@ -288,17 +288,17 @@ in
|
||||
};
|
||||
|
||||
relay = {
|
||||
enable = mkEnableOption "tor relaying" // {
|
||||
description = ''
|
||||
enable = mkEnableOption (lib.mdDoc "tor relaying") // {
|
||||
description = lib.mdDoc ''
|
||||
Whether to enable relaying of Tor traffic for others.
|
||||
|
||||
See <link xlink:href="https://www.torproject.org/docs/tor-doc-relay"/>
|
||||
See <https://www.torproject.org/docs/tor-doc-relay>
|
||||
for details.
|
||||
|
||||
Setting this to true requires setting
|
||||
<option>services.tor.relay.role</option>
|
||||
{option}`services.tor.relay.role`
|
||||
and
|
||||
<option>services.tor.settings.ORPort</option>
|
||||
{option}`services.tor.settings.ORPort`
|
||||
options.
|
||||
'';
|
||||
};
|
||||
|
@ -97,26 +97,26 @@ in {
|
||||
SMTP_FROM_NAME = "example.com Bitwarden server";
|
||||
}
|
||||
'';
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
The configuration of vaultwarden is done through environment variables,
|
||||
therefore it is recommended to use upper snake case (e.g. <envar>DISABLE_2FA_REMEMBER</envar>).
|
||||
therefore it is recommended to use upper snake case (e.g. {env}`DISABLE_2FA_REMEMBER`).
|
||||
|
||||
However, camel case (e.g. <literal>disable2FARemember</literal>) is also supported:
|
||||
However, camel case (e.g. `disable2FARemember`) is also supported:
|
||||
The NixOS module will convert it automatically to
|
||||
upper case snake case (e.g. <envar>DISABLE_2FA_REMEMBER</envar>).
|
||||
upper case snake case (e.g. {env}`DISABLE_2FA_REMEMBER`).
|
||||
In this conversion digits (0-9) are handled just like upper case characters,
|
||||
so <literal>foo2</literal> would be converted to <envar>FOO_2</envar>.
|
||||
Names already in this format remain unchanged, so <literal>FOO2</literal> remains <literal>FOO2</literal> if passed as such,
|
||||
even though <literal>foo2</literal> would have been converted to <envar>FOO_2</envar>.
|
||||
so `foo2` would be converted to {env}`FOO_2`.
|
||||
Names already in this format remain unchanged, so `FOO2` remains `FOO2` if passed as such,
|
||||
even though `foo2` would have been converted to {env}`FOO_2`.
|
||||
This allows working around any potential future conflicting naming conventions.
|
||||
|
||||
Based on the attributes passed to this config option an environment file will be generated
|
||||
that is passed to vaultwarden's systemd service.
|
||||
|
||||
The available configuration options can be found in
|
||||
<link xlink:href="https://github.com/dani-garcia/vaultwarden/blob/${vaultwarden.version}/.env.template">the environment template file</link>.
|
||||
[the environment template file](https://github.com/dani-garcia/vaultwarden/blob/${vaultwarden.version}/.env.template).
|
||||
|
||||
See <xref linkend="opt-services.vaultwarden.environmentFile"/> for how
|
||||
See ()[#opt-services.vaultwarden.environmentFile) for how
|
||||
to set up access to the Admin UI to invite initial users.
|
||||
'';
|
||||
};
|
||||
|
@ -24,15 +24,15 @@ in
|
||||
];
|
||||
options = {
|
||||
services.transmission = {
|
||||
enable = mkEnableOption "transmission" // {
|
||||
description = ''
|
||||
enable = mkEnableOption (lib.mdDoc "transmission") // {
|
||||
description = lib.mdDoc ''
|
||||
Whether to enable the headless Transmission BitTorrent daemon.
|
||||
|
||||
Transmission daemon can be controlled via the RPC interface using
|
||||
transmission-remote, the WebUI (http://127.0.0.1:9091/ by default),
|
||||
or other clients like stig or tremc.
|
||||
|
||||
Torrents are downloaded to <xref linkend="opt-services.transmission.home"/>/${downloadsDir} by default and are
|
||||
Torrents are downloaded to [](#opt-services.transmission.home)/${downloadsDir} by default and are
|
||||
accessible to users in the "transmission" group.
|
||||
'';
|
||||
};
|
||||
@ -237,13 +237,13 @@ in
|
||||
|
||||
openRPCPort = mkEnableOption (lib.mdDoc "opening of the RPC port in the firewall");
|
||||
|
||||
performanceNetParameters = mkEnableOption "performance tweaks" // {
|
||||
description = ''
|
||||
performanceNetParameters = mkEnableOption (lib.mdDoc "performance tweaks") // {
|
||||
description = lib.mdDoc ''
|
||||
Whether to enable tweaking of kernel parameters
|
||||
to open many more connections at the same time.
|
||||
|
||||
Note that you may also want to increase
|
||||
<literal>peer-limit-global"</literal>.
|
||||
`peer-limit-global`.
|
||||
And be aware that these settings are quite aggressive
|
||||
and might not suite your regular desktop use.
|
||||
For instance, SSH sessions may time out more easily.
|
||||
|
@ -137,11 +137,16 @@ let
|
||||
usersFile = mkOption {
|
||||
type = with types; nullOr str;
|
||||
default = if config.aclUse then "/var/lib/dokuwiki/${name}/users.auth.php" else null;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Location of the dokuwiki users file. List of users. Format:
|
||||
login:passwordhash:Real Name:email:groups,comma,separated
|
||||
Create passwordHash easily by using:$ mkpasswd -5 password `pwgen 8 1`
|
||||
Example: <link xlink:href="https://github.com/splitbrain/dokuwiki/blob/master/conf/users.auth.php.dist"/>
|
||||
|
||||
login:passwordhash:Real Name:email:groups,comma,separated
|
||||
|
||||
Create passwordHash easily by using:
|
||||
|
||||
mkpasswd -5 password `pwgen 8 1`
|
||||
|
||||
Example: <https://github.com/splitbrain/dokuwiki/blob/master/conf/users.auth.php.dist>
|
||||
'';
|
||||
example = "/var/lib/dokuwiki/${name}/users.auth.php";
|
||||
};
|
||||
|
@ -45,12 +45,12 @@ in
|
||||
$cfg['style'] = 'courgette';
|
||||
$cfg['organisation'] = 'ACME';
|
||||
'';
|
||||
description = let
|
||||
description = let
|
||||
documentationLink =
|
||||
"https://gitlab.com/mojo42/Jirafeau/-/blob/${cfg.package.version}/lib/config.original.php";
|
||||
in
|
||||
''
|
||||
Jirefeau configuration. Refer to <link xlink:href="${documentationLink}"/> for supported
|
||||
lib.mdDoc ''
|
||||
Jirefeau configuration. Refer to <${documentationLink}> for supported
|
||||
values.
|
||||
'';
|
||||
};
|
||||
@ -73,10 +73,10 @@ in
|
||||
description = let
|
||||
nginxCoreDocumentation = "http://nginx.org/en/docs/http/ngx_http_core_module.html";
|
||||
in
|
||||
''
|
||||
lib.mdDoc ''
|
||||
Timeout for reading client request bodies and headers. Refer to
|
||||
<link xlink:href="${nginxCoreDocumentation}#client_body_timeout"/> and
|
||||
<link xlink:href="${nginxCoreDocumentation}#client_header_timeout"/> for accepted values.
|
||||
<${nginxCoreDocumentation}#client_body_timeout> and
|
||||
<${nginxCoreDocumentation}#client_header_timeout> for accepted values.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -107,23 +107,23 @@ in {
|
||||
enable = lib.mkEnableOption (lib.mdDoc "Mastodon, a federated social network server");
|
||||
|
||||
configureNginx = lib.mkOption {
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Configure nginx as a reverse proxy for mastodon.
|
||||
Note that this makes some assumptions on your setup, and sets settings that will
|
||||
affect other virtualHosts running on your nginx instance, if any.
|
||||
Alternatively you can configure a reverse-proxy of your choice to serve these paths:
|
||||
|
||||
<literal>/ -> $(nix-instantiate --eval '<nixpkgs>' -A mastodon.outPath)/public</literal>
|
||||
`/ -> $(nix-instantiate --eval '<nixpkgs>' -A mastodon.outPath)/public`
|
||||
|
||||
<literal>/ -> 127.0.0.1:{{ webPort }} </literal>(If there was no file in the directory above.)
|
||||
`/ -> 127.0.0.1:{{ webPort }} `(If there was no file in the directory above.)
|
||||
|
||||
<literal>/system/ -> /var/lib/mastodon/public-system/</literal>
|
||||
`/system/ -> /var/lib/mastodon/public-system/`
|
||||
|
||||
<literal>/api/v1/streaming/ -> 127.0.0.1:{{ streamingPort }}</literal>
|
||||
`/api/v1/streaming/ -> 127.0.0.1:{{ streamingPort }}`
|
||||
|
||||
Make sure that websockets are forwarded properly. You might want to set up caching
|
||||
of some requests. Take a look at mastodon's provided nginx configuration at
|
||||
<literal>https://github.com/mastodon/mastodon/blob/master/dist/nginx.conf</literal>.
|
||||
`https://github.com/mastodon/mastodon/blob/master/dist/nginx.conf`.
|
||||
'';
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
|
@ -53,11 +53,11 @@ in {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = "lighttpd";
|
||||
description = ''
|
||||
Name of the web server user that forwards requests to <option>services.phpfpm.pools.<name>.socket</option> the fastcgi socket for Matomo if the nginx
|
||||
description = lib.mdDoc ''
|
||||
Name of the web server user that forwards requests to {option}`services.phpfpm.pools.<name>.socket` the fastcgi socket for Matomo if the nginx
|
||||
option is not used. Either this option or the nginx option is mandatory.
|
||||
If you want to use another webserver than nginx, you need to set this to that server's user
|
||||
and pass fastcgi requests to <literal>index.php</literal>, <literal>matomo.php</literal> and <literal>piwik.php</literal> (legacy name) to this socket.
|
||||
and pass fastcgi requests to `index.php`, `matomo.php` and `piwik.php` (legacy name) to this socket.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -85,10 +85,10 @@ in {
|
||||
'';
|
||||
};
|
||||
|
||||
offline = mkEnableOption "offline mode" // {
|
||||
description = ''
|
||||
offline = mkEnableOption (lib.mdDoc "offline mode") // {
|
||||
description = lib.mdDoc ''
|
||||
Disable latest file updates and enable
|
||||
<link xlink:href="https://docs.requarks.io/install/sideload">sideloading</link>.
|
||||
[sideloading](https://docs.requarks.io/install/sideload).
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
@ -116,12 +116,12 @@ in
|
||||
useACMEHost = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
A host of an existing Let's Encrypt certificate to use.
|
||||
This is useful if you have many subdomains and want to avoid hitting the
|
||||
<link xlink:href="https://letsencrypt.org/docs/rate-limits/">rate limit</link>.
|
||||
Alternately, you can generate a certificate through <option>enableACME</option>.
|
||||
<emphasis>Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using <xref linkend="opt-security.acme.certs"/>.</emphasis>
|
||||
[rate limit](https://letsencrypt.org/docs/rate-limits).
|
||||
Alternately, you can generate a certificate through {option}`enableACME`.
|
||||
*Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using [](#opt-security.acme.certs).*
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -36,9 +36,9 @@ with lib;
|
||||
frontend = mkOption {
|
||||
type = types.either types.str (types.listOf types.str);
|
||||
default = "[127.0.0.1]:443";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
The port and interface of the listen endpoint in the
|
||||
+ form [HOST]:PORT[+CERT].
|
||||
form [HOST]:PORT[+CERT].
|
||||
'';
|
||||
apply = toList;
|
||||
};
|
||||
|
@ -75,12 +75,12 @@ with lib;
|
||||
useACMEHost = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
A host of an existing Let's Encrypt certificate to use.
|
||||
This is useful if you have many subdomains and want to avoid hitting the
|
||||
<link xlink:href="https://letsencrypt.org/docs/rate-limits/">rate limit</link>.
|
||||
Alternately, you can generate a certificate through <option>enableACME</option>.
|
||||
<emphasis>Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using <xref linkend="opt-security.acme.certs"/>.</emphasis>
|
||||
[rate limit](https://letsencrypt.org/docs/rate-limits).
|
||||
Alternately, you can generate a certificate through {option}`enableACME`.
|
||||
*Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using [](#opt-security.acme.certs).*
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -88,11 +88,11 @@ let
|
||||
supportsDryActivation = mkOption
|
||||
{ type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Whether this activation script supports being dry-activated.
|
||||
These activation scripts will also be executed on dry-activate
|
||||
activations with the environment variable
|
||||
<literal>NIXOS_ACTION</literal> being set to <literal>dry-activate</literal>.
|
||||
`NIXOS_ACTION` being set to `dry-activate`.
|
||||
it's important that these activation scripts don't
|
||||
modify anything about the system when the variable is set.
|
||||
'';
|
||||
|
@ -132,8 +132,8 @@ let
|
||||
|
||||
in {
|
||||
options.boot.initrd.systemd = {
|
||||
enable = mkEnableOption "systemd in initrd" // {
|
||||
description = ''
|
||||
enable = mkEnableOption (lib.mdDoc "systemd in initrd") // {
|
||||
description = lib.mdDoc ''
|
||||
Whether to enable systemd in initrd.
|
||||
|
||||
Note: This is in very early development and is highly
|
||||
|
@ -17,11 +17,11 @@ let
|
||||
in {
|
||||
options = {
|
||||
virtualisation.kvmgt = {
|
||||
enable = mkEnableOption ''
|
||||
enable = mkEnableOption (lib.mdDoc ''
|
||||
KVMGT (iGVT-g) VGPU support. Allows Qemu/KVM guests to share host's Intel integrated graphics card.
|
||||
Currently only one graphical device can be shared. To allow users to access the device without root add them
|
||||
to the kvm group: <literal>users.extraUsers.<yourusername>.extraGroups = [ "kvm" ];</literal>
|
||||
'';
|
||||
to the kvm group: `users.extraUsers.<yourusername>.extraGroups = [ "kvm" ];`
|
||||
'');
|
||||
# multi GPU support is under the question
|
||||
device = mkOption {
|
||||
type = types.str;
|
||||
|
Loading…
Reference in New Issue
Block a user