nixos/doc: Fix spurious indentation

This commit is contained in:
Jan Tojnar 2019-06-17 12:01:51 +02:00
parent 092c25ac08
commit 11cb382a4c
No known key found for this signature in database
GPG key ID: 7FAB2A15F7A607A4
17 changed files with 262 additions and 256 deletions

View file

@ -68,7 +68,7 @@ installPhase =
can be done in a generic fashion with the <literal>--set</literal> argument
of <literal>makeWrapper</literal>:
<programlisting>
--set JAVA_HOME ${jdk.home}
--set JAVA_HOME ${jdk.home}
</programlisting>
</para>

View file

@ -33,91 +33,91 @@
<link xlink:href="https://github.com/matrix-org/synapse#synapse-installation">
installation instructions of Synapse </link>.
<programlisting>
let
fqdn =
let
fqdn =
let
join = hostName: domain: hostName + optionalString (domain != null) ".${domain}";
in join config.networking.hostName config.networking.domain;
in {
networking = {
hostName = "myhostname";
domain = "example.org";
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
join = hostName: domain: hostName + optionalString (domain != null) ".${domain}";
in join config.networking.hostName config.networking.domain;
in {
networking = {
hostName = "myhostname";
domain = "example.org";
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx = {
enable = true;
# only recommendedProxySettings and recommendedGzipSettings are strictly required,
# but the rest make sense as well
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
services.nginx = {
enable = true;
# only recommendedProxySettings and recommendedGzipSettings are strictly required,
# but the rest make sense as well
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
virtualHosts = {
# This host section can be placed on a different host than the rest,
# i.e. to delegate from the host being accessible as ${config.networking.domain}
# to another host actually running the Matrix homeserver.
"${config.networking.domain}" = {
locations."= /.well-known/matrix/server".extraConfig =
let
# use 443 instead of the default 8448 port to unite
# the client-server and server-server port for simplicity
server = { "m.server" = "${fqdn}:443"; };
in ''
add_header Content-Type application/json;
return 200 '${builtins.toJSON server}';
'';
locations."= /.well-known/matrix/client".extraConfig =
let
client = {
"m.homeserver" = { "base_url" = "https://${fqdn}"; };
"m.identity_server" = { "base_url" = "https://vector.im"; };
};
# ACAO required to allow riot-web on any URL to request this json file
in ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON client}';
'';
};
# Reverse proxy for Matrix client-server and server-server communication
${fqdn} = {
enableACME = true;
forceSSL = true;
# Or do a redirect instead of the 404, or whatever is appropriate for you.
# But do not put a Matrix Web client here! See the Riot Web section below.
locations."/".extraConfig = ''
return 404;
'';
# forward all Matrix API calls to the synapse Matrix homeserver
locations."/_matrix" = {
proxyPass = "http://[::1]:8008";
virtualHosts = {
# This host section can be placed on a different host than the rest,
# i.e. to delegate from the host being accessible as ${config.networking.domain}
# to another host actually running the Matrix homeserver.
"${config.networking.domain}" = {
locations."= /.well-known/matrix/server".extraConfig =
let
# use 443 instead of the default 8448 port to unite
# the client-server and server-server port for simplicity
server = { "m.server" = "${fqdn}:443"; };
in ''
add_header Content-Type application/json;
return 200 '${builtins.toJSON server}';
'';
locations."= /.well-known/matrix/client".extraConfig =
let
client = {
"m.homeserver" = { "base_url" = "https://${fqdn}"; };
"m.identity_server" = { "base_url" = "https://vector.im"; };
};
};
# ACAO required to allow riot-web on any URL to request this json file
in ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON client}';
'';
};
# Reverse proxy for Matrix client-server and server-server communication
${fqdn} = {
enableACME = true;
forceSSL = true;
# Or do a redirect instead of the 404, or whatever is appropriate for you.
# But do not put a Matrix Web client here! See the Riot Web section below.
locations."/".extraConfig = ''
return 404;
'';
# forward all Matrix API calls to the synapse Matrix homeserver
locations."/_matrix" = {
proxyPass = "http://[::1]:8008";
};
};
services.matrix-synapse = {
enable = true;
server_name = config.networking.domain;
listeners = [
{
port = 8008;
bind_address = "::1";
type = "http";
tls = false;
x_forwarded = true;
resources = [
{ names = [ "client" "federation" ]; compress = false; }
];
}
];
};
};
</programlisting>
};
services.matrix-synapse = {
enable = true;
server_name = config.networking.domain;
listeners = [
{
port = 8008;
bind_address = "::1";
type = "http";
tls = false;
x_forwarded = true;
resources = [
{ names = [ "client" "federation" ]; compress = false; }
];
}
];
};
};
</programlisting>
</para>
<para>
@ -142,14 +142,14 @@
create a new user or admin, run the following after you have set the secret
and have rebuilt NixOS:
<programlisting>
$ nix run nixpkgs.matrix-synapse
$ register_new_matrix_user -k &lt;your-registration-shared-secret&gt; http://localhost:8008
New user localpart: &lt;your-username&gt;
Password:
Confirm password:
Make admin [no]:
Success!
</programlisting>
$ nix run nixpkgs.matrix-synapse
$ register_new_matrix_user -k &lt;your-registration-shared-secret&gt; http://localhost:8008
New user localpart: &lt;your-username&gt;
Password:
Confirm password:
Make admin [no]:
Success!
</programlisting>
In the example, this would create a user with the Matrix Identifier
<literal>@your-username:example.org</literal>. Note that the registration
secret ends up in the nix store and therefore is world-readable by any user
@ -177,16 +177,16 @@
Matrix Now!</link> for a list of existing clients and their supported
featureset.
<programlisting>
services.nginx.virtualHosts."riot.${fqdn}" = {
enableACME = true;
forceSSL = true;
serverAliases = [
"riot.${config.networking.domain}"
];
services.nginx.virtualHosts."riot.${fqdn}" = {
enableACME = true;
forceSSL = true;
serverAliases = [
"riot.${config.networking.domain}"
];
root = pkgs.riot-web;
};
</programlisting>
root = pkgs.riot-web;
};
</programlisting>
</para>
<para>

View file

@ -129,17 +129,17 @@ nix-repl> map (x: x.hostName) config.<xref linkend="opt-services.httpd.virtualHo
While abstracting your configuration, you may find it useful to generate
modules using code, instead of writing files. The example below would have
the same effect as importing a file which sets those options.
<screen>
{ config, pkgs, ... }:
<programlisting>
{ config, pkgs, ... }:
let netConfig = { hostName }: {
networking.hostName = hostName;
networking.useDHCP = false;
};
let netConfig = { hostName }: {
networking.hostName = hostName;
networking.useDHCP = false;
};
in
in
{ imports = [ (netConfig "nixos.localdomain") ]; }
</screen>
{ imports = [ (netConfig "nixos.localdomain") ]; }
</programlisting>
</para>
</section>

View file

@ -16,7 +16,7 @@
imports = [
&lt;nixpkgs/nixos/modules/profiles/profile-name.nix&gt;
];
</programlisting>
</programlisting>
<para>
Even if some of these profiles seem only useful in the context of install
media, many are actually intended to be used in real installs.

View file

@ -44,7 +44,7 @@
A user ID (uid) is assigned automatically. You can also specify a uid
manually by adding
<programlisting>
uid = 1000;
uid = 1000;
</programlisting>
to the user specification.
</para>

View file

@ -11,7 +11,7 @@
<link linkend="opt-services.xserver.desktopManager.xfce.enable">xfce.enable</link> = true;
<link linkend="opt-services.xserver.desktopManager.default">default</link> = "xfce";
};
</programlisting>
</programlisting>
</para>
<para>
Optionally, <emphasis>compton</emphasis> can be enabled for nice graphical
@ -24,7 +24,7 @@
<link linkend="opt-services.compton.shadow">shadow</link> = true;
<link linkend="opt-services.compton.fadeDelta">fadeDelta</link> = 4;
};
</programlisting>
</programlisting>
</para>
<para>
Some Xfce programs are not installed automatically. To install them manually
@ -37,7 +37,7 @@
To enable <emphasis>Thunar</emphasis> volume support, put
<programlisting>
<xref linkend="opt-services.xserver.desktopManager.xfce.enable"/> = true;
</programlisting>
</programlisting>
into your <emphasis>configuration.nix</emphasis>.
</para>
</simplesect>
@ -58,14 +58,14 @@
on start (look at <command>journalctl --user -b</command>).
<programlisting>
Thunar:2410): GVFS-RemoteVolumeMonitor-WARNING **: remote volume monitor with dbus name org.gtk.Private.UDisks2VolumeMonitor is not supported
</programlisting>
</programlisting>
This is caused by some needed GNOME services not running. This is all fixed
by enabling "Launch GNOME services on startup" in the Advanced tab of the
Session and Startup settings panel. Alternatively, you can run this command
to do the same thing.
<programlisting>
$ xfconf-query -c xfce4-session -p /compat/LaunchGNOME -s true
</programlisting>
</programlisting>
A log-out and re-log will be needed for this to take effect.
</para>
</simplesect>

View file

@ -397,9 +397,9 @@ startAll;
</para>
<para>
<programlisting>
$machine->systemctl("list-jobs --no-pager"); // runs `systemctl list-jobs --no-pager`
$machine->systemctl("list-jobs --no-pager", "any-user"); // spawns a shell for `any-user` and runs `systemctl --user list-jobs --no-pager`
</programlisting>
$machine->systemctl("list-jobs --no-pager"); // runs `systemctl list-jobs --no-pager`
$machine->systemctl("list-jobs --no-pager", "any-user"); // spawns a shell for `any-user` and runs `systemctl --user list-jobs --no-pager`
</programlisting>
</para>
</listitem>
</varlistentry>
@ -410,10 +410,10 @@ startAll;
To test user units declared by <literal>systemd.user.services</literal> the
optional <literal>$user</literal> argument can be used:
<programlisting>
$machine->start;
$machine->waitForX;
$machine->waitForUnit("xautolock.service", "x-session-user");
</programlisting>
$machine->start;
$machine->waitForX;
$machine->waitForUnit("xautolock.service", "x-session-user");
</programlisting>
This applies to <literal>systemctl</literal>, <literal>getUnitInfo</literal>,
<literal>waitForUnit</literal>, <literal>startJob</literal> and
<literal>stopJob</literal>.

View file

@ -9,7 +9,8 @@
<link linkend="ch-configuration">changed something</link> in that file, you
should do
<screen>
# nixos-rebuild switch</screen>
<prompt># </prompt>nixos-rebuild switch
</screen>
to build the new configuration, make it the default configuration for
booting, and try to realise the configuration in the running system (e.g., by
restarting system services).
@ -23,7 +24,8 @@
<para>
You can also do
<screen>
# nixos-rebuild test</screen>
<prompt># </prompt>nixos-rebuild test
</screen>
to build the configuration and switch the running system to it, but without
making it the boot default. So if (say) the configuration locks up your
machine, you can just reboot to get back to a working configuration.
@ -31,7 +33,8 @@
<para>
There is also
<screen>
# nixos-rebuild boot</screen>
<prompt># </prompt>nixos-rebuild boot
</screen>
to build the configuration and make it the boot default, but not switch to it
now (so it will only take effect after the next reboot).
</para>
@ -39,7 +42,8 @@
You can make your configuration show up in a different submenu of the GRUB 2
boot screen by giving it a different <emphasis>profile name</emphasis>, e.g.
<screen>
# nixos-rebuild switch -p test </screen>
<prompt># </prompt>nixos-rebuild switch -p test
</screen>
which causes the new configuration (and previous ones created using
<literal>-p test</literal>) to show up in the GRUB submenu “NixOS - Profile
'test'”. This can be useful to separate test configurations from
@ -48,7 +52,8 @@
<para>
Finally, you can do
<screen>
$ nixos-rebuild build</screen>
<prompt>$ </prompt>nixos-rebuild build
</screen>
to build the configuration but nothing more. This is useful to see whether
everything compiles cleanly.
</para>
@ -58,8 +63,8 @@ $ nixos-rebuild build</screen>
<emphasis>virtual machine</emphasis> that contains the desired configuration.
Just do
<screen>
$ nixos-rebuild build-vm
$ ./result/bin/run-*-vm
<prompt>$ </prompt>nixos-rebuild build-vm
<prompt>$ </prompt>./result/bin/run-*-vm
</screen>
The VM does not have any data from your host system, so your existing user
accounts and home directories will not be available unless you have set
@ -74,12 +79,12 @@ $ ./result/bin/run-*-vm
guest. For instance, the following will forward host port 2222 to guest port
22 (SSH):
<screen>
$ QEMU_NET_OPTS="hostfwd=tcp::2222-:22" ./result/bin/run-*-vm
<prompt>$ </prompt>QEMU_NET_OPTS="hostfwd=tcp::2222-:22" ./result/bin/run-*-vm
</screen>
allowing you to log in via SSH (assuming you have set the appropriate
passwords or SSH authorized keys):
<screen>
$ ssh -p 2222 localhost
<prompt>$ </prompt>ssh -p 2222 localhost
</screen>
</para>
</chapter>

View file

@ -47,8 +47,8 @@
Short version:
</para>
<screen>
$ curl https://nixos.org/nix/install | sh
$ . $HOME/.nix-profile/etc/profile.d/nix.sh # …or open a fresh shell</screen>
<prompt>$ </prompt>curl https://nixos.org/nix/install | sh
<prompt>$ </prompt>. $HOME/.nix-profile/etc/profile.d/nix.sh # …or open a fresh shell</screen>
<para>
More details in the
<link
@ -65,14 +65,14 @@ $ . $HOME/.nix-profile/etc/profile.d/nix.sh # …or open a fresh shell</screen>
the <literal>nixpkgs</literal> channel by default.
</para>
<screen>
$ nix-channel --list
<prompt>$ </prompt>nix-channel --list
nixpkgs https://nixos.org/channels/nixpkgs-unstable</screen>
<para>
As that channel gets released without running the NixOS tests, it will be
safer to use the <literal>nixos-*</literal> channels instead:
</para>
<screen>
$ nix-channel --add https://nixos.org/channels/nixos-<replaceable>version</replaceable> nixpkgs</screen>
<prompt>$ </prompt>nix-channel --add https://nixos.org/channels/nixos-<replaceable>version</replaceable> nixpkgs</screen>
<para>
You may want to throw in a <literal>nix-channel --update</literal> for good
measure.
@ -89,7 +89,7 @@ $ nix-channel --add https://nixos.org/channels/nixos-<replaceable>version</repla
NixOS partition. They are installed by default on NixOS, but you don't have
NixOS yet..
</para>
<screen>$ nix-env -iE "_: with import &lt;nixpkgs/nixos&gt; { configuration = {}; }; with config.system.build; [ nixos-generate-config nixos-install nixos-enter manual.manpages ]"</screen>
<screen><prompt>$ </prompt>nix-env -iE "_: with import &lt;nixpkgs/nixos&gt; { configuration = {}; }; with config.system.build; [ nixos-generate-config nixos-install nixos-enter manual.manpages ]"</screen>
</listitem>
<listitem>
<note>
@ -116,7 +116,7 @@ $ nix-channel --add https://nixos.org/channels/nixos-<replaceable>version</repla
<para>
Generate your NixOS configuration:
</para>
<screen>$ sudo `which nixos-generate-config` --root /mnt</screen>
<screen><prompt>$ </prompt>sudo `which nixos-generate-config` --root /mnt</screen>
<para>
You'll probably want to edit the configuration files. Refer to the
<literal>nixos-generate-config</literal> step in
@ -148,8 +148,8 @@ $ nix-channel --add https://nixos.org/channels/nixos-<replaceable>version</repla
distribution:
</para>
<screen>
$ sudo groupadd -g 30000 nixbld
$ sudo useradd -u 30000 -g nixbld -G nixbld nixbld</screen>
<prompt>$ </prompt>sudo groupadd -g 30000 nixbld
<prompt>$ </prompt>sudo useradd -u 30000 -g nixbld -G nixbld nixbld</screen>
</listitem>
<listitem>
<para>
@ -161,7 +161,7 @@ $ sudo useradd -u 30000 -g nixbld -G nixbld nixbld</screen>
existing systems without the help of a rescue USB drive or similar.
</para>
</warning>
<screen>$ sudo PATH="$PATH" NIX_PATH="$NIX_PATH" `which nixos-install` --root /mnt</screen>
<screen><prompt>$ </prompt>sudo PATH="$PATH" NIX_PATH="$NIX_PATH" `which nixos-install` --root /mnt</screen>
<para>
Again, please refer to the <literal>nixos-install</literal> step in
<xref linkend="sec-installation" /> for more information.
@ -175,8 +175,8 @@ $ sudo useradd -u 30000 -g nixbld -G nixbld nixbld</screen>
Optionally, you may want to clean up your non-NixOS distribution:
</para>
<screen>
$ sudo userdel nixbld
$ sudo groupdel nixbld</screen>
<prompt>$ </prompt>sudo userdel nixbld
<prompt>$ </prompt>sudo groupdel nixbld</screen>
<para>
If you do not wish to keep the Nix package manager installed either, run
something like <literal>sudo rm -rv ~/.nix-* /nix</literal> and remove the
@ -193,7 +193,7 @@ $ sudo groupdel nixbld</screen>
<para>
Generate your NixOS configuration:
</para>
<screen>$ sudo `which nixos-generate-config` --root /</screen>
<screen><prompt>$ </prompt>sudo `which nixos-generate-config` --root /</screen>
<para>
Note that this will place the generated configuration files in
<literal>/etc/nixos</literal>. You'll probably want to edit the
@ -212,21 +212,21 @@ $ sudo groupdel nixbld</screen>
</para>
<programlisting>
<link linkend="opt-users.users._name__.initialHashedPassword">users.users.root.initialHashedPassword</link> = "";
</programlisting>
</programlisting>
</listitem>
<listitem>
<para>
Build the NixOS closure and install it in the <literal>system</literal>
profile:
</para>
<screen>$ nix-env -p /nix/var/nix/profiles/system -f '&lt;nixpkgs/nixos&gt;' -I nixos-config=/etc/nixos/configuration.nix -iA system</screen>
<screen><prompt>$ </prompt>nix-env -p /nix/var/nix/profiles/system -f '&lt;nixpkgs/nixos&gt;' -I nixos-config=/etc/nixos/configuration.nix -iA system</screen>
</listitem>
<listitem>
<para>
Change ownership of the <literal>/nix</literal> tree to root (since your
Nix install was probably single user):
</para>
<screen>$ sudo chown -R 0.0 /nix</screen>
<screen><prompt>$ </prompt>sudo chown -R 0.0 /nix</screen>
</listitem>
<listitem>
<para>
@ -284,16 +284,16 @@ $ sudo groupdel nixbld</screen>
Let's create the files:
</para>
<screen>
$ sudo touch /etc/NIXOS
$ sudo touch /etc/NIXOS_LUSTRATE
</screen>
<prompt>$ </prompt>sudo touch /etc/NIXOS
<prompt>$ </prompt>sudo touch /etc/NIXOS_LUSTRATE
</screen>
<para>
Let's also make sure the NixOS configuration files are kept once we reboot
on NixOS:
</para>
<screen>
$ echo etc/nixos | sudo tee -a /etc/NIXOS_LUSTRATE
</screen>
<prompt>$ </prompt>echo etc/nixos | sudo tee -a /etc/NIXOS_LUSTRATE
</screen>
</listitem>
<listitem>
<para>
@ -312,8 +312,9 @@ $ echo etc/nixos | sudo tee -a /etc/NIXOS_LUSTRATE
</para>
</warning>
<screen>
$ sudo mv -v /boot /boot.bak &amp;&amp;
sudo /nix/var/nix/profiles/system/bin/switch-to-configuration boot</screen>
<prompt>$ </prompt>sudo mv -v /boot /boot.bak &amp;&amp;
sudo /nix/var/nix/profiles/system/bin/switch-to-configuration boot
</screen>
<para>
Cross your fingers, reboot, hopefully you should get a NixOS prompt!
</para>

View file

@ -525,7 +525,7 @@ $ nix-env -i w3m</screen>
<example xml:id='ex-config'>
<title>NixOS Configuration</title>
<screen>
<programlisting>
{ config, pkgs, ... }: {
imports = [
# Include the results of the hardware scan.
@ -543,7 +543,7 @@ $ nix-env -i w3m</screen>
# Enable the OpenSSH server.
services.sshd.enable = true;
}
</screen>
</programlisting>
</example>
</section>
<section xml:id="sec-installation-additional-notes">

View file

@ -626,17 +626,17 @@
xlink:href="https://nixos.org/nixpkgs/manual/#sec-overlays-install">
overlays</link>. For example, the following code:
<programlisting>
let
pkgs = import &lt;nixpkgs&gt; {};
in
pkgs.overridePackages (self: super: ...)
let
pkgs = import &lt;nixpkgs&gt; {};
in
pkgs.overridePackages (self: super: ...)
</programlisting>
should be replaced by:
<programlisting>
let
pkgs = import &lt;nixpkgs&gt; {};
in
import pkgs.path { overlays = [(self: super: ...)]; }
let
pkgs = import &lt;nixpkgs&gt; {};
in
import pkgs.path { overlays = [(self: super: ...)]; }
</programlisting>
</para>
</listitem>

View file

@ -21,7 +21,7 @@
<filename>configuration.nix</filename>:
<programlisting>
<xref linkend="opt-services.flatpak.enable"/> = true;
</programlisting>
</programlisting>
</para>
<para>
For the sandboxed apps to work correctly, desktop integration portals need to
@ -30,27 +30,27 @@
<filename>configuration.nix</filename>:
<programlisting>
<xref linkend="opt-services.flatpak.extraPortals"/> = [ pkgs.xdg-desktop-portal-gtk ];
</programlisting>
</programlisting>
</para>
<para>
Then, you will need to add a repository, for example,
<link xlink:href="https://github.com/flatpak/flatpak/wiki">Flathub</link>,
either using the following commands:
<programlisting>
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
flatpak update
</programlisting>
<screen>
<prompt>$ </prompt>flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
<prompt>$ </prompt>flatpak update
</screen>
or by opening the
<link xlink:href="https://flathub.org/repo/flathub.flatpakrepo">repository
file</link> in GNOME Software.
</para>
<para>
Finally, you can search and install programs:
<programlisting>
flatpak search bustle
flatpak install flathub org.freedesktop.Bustle
flatpak run org.freedesktop.Bustle
</programlisting>
<screen>
<prompt>$ </prompt>flatpak search bustle
<prompt>$ </prompt>flatpak install flathub org.freedesktop.Bustle
<prompt>$ </prompt>flatpak run org.freedesktop.Bustle
</screen>
Again, GNOME Software offers graphical interface for these tasks.
</para>
</chapter>

View file

@ -112,65 +112,65 @@
directory, which will be called postfix.nix and contains all exporter
specific options and configuration:
<programlisting>
# nixpgs/nixos/modules/services/prometheus/exporters/postfix.nix
{ config, lib, pkgs }:
# nixpgs/nixos/modules/services/prometheus/exporters/postfix.nix
{ config, lib, pkgs }:
with lib;
with lib;
let
# for convenience we define cfg here
cfg = config.services.prometheus.exporters.postfix;
in
{
port = 9154; # The postfix exporter listens on this port by default
let
# for convenience we define cfg here
cfg = config.services.prometheus.exporters.postfix;
in
{
port = 9154; # The postfix exporter listens on this port by default
# `extraOpts` is an attribute set which contains additional options
# (and optional overrides for default options).
# Note that this attribute is optional.
extraOpts = {
telemetryPath = mkOption {
type = types.str;
default = "/metrics";
description = ''
Path under which to expose metrics.
'';
};
logfilePath = mkOption {
type = types.path;
default = /var/log/postfix_exporter_input.log;
example = /var/log/mail.log;
description = ''
Path where Postfix writes log entries.
This file will be truncated by this exporter!
'';
};
showqPath = mkOption {
type = types.path;
default = /var/spool/postfix/public/showq;
example = /var/lib/postfix/queue/public/showq;
description = ''
Path at which Postfix places its showq socket.
'';
};
};
# `extraOpts` is an attribute set which contains additional options
# (and optional overrides for default options).
# Note that this attribute is optional.
extraOpts = {
telemetryPath = mkOption {
type = types.str;
default = "/metrics";
description = ''
Path under which to expose metrics.
'';
};
logfilePath = mkOption {
type = types.path;
default = /var/log/postfix_exporter_input.log;
example = /var/log/mail.log;
description = ''
Path where Postfix writes log entries.
This file will be truncated by this exporter!
'';
};
showqPath = mkOption {
type = types.path;
default = /var/spool/postfix/public/showq;
example = /var/lib/postfix/queue/public/showq;
description = ''
Path at which Postfix places its showq socket.
'';
};
};
# `serviceOpts` is an attribute set which contains configuration
# for the exporter's systemd service. One of
# `serviceOpts.script` and `serviceOpts.serviceConfig.ExecStart`
# has to be specified here. This will be merged with the default
# service confiuration.
serviceOpts = {
serviceConfig = {
ExecStart = ''
${pkgs.prometheus-postfix-exporter}/bin/postfix_exporter \
--web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
--web.telemetry-path ${cfg.telemetryPath} \
${concatStringsSep " \\\n " cfg.extraFlags}
'';
};
};
}
</programlisting>
# `serviceOpts` is an attribute set which contains configuration
# for the exporter's systemd service. One of
# `serviceOpts.script` and `serviceOpts.serviceConfig.ExecStart`
# has to be specified here. This will be merged with the default
# service confiuration.
serviceOpts = {
serviceConfig = {
ExecStart = ''
${pkgs.prometheus-postfix-exporter}/bin/postfix_exporter \
--web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
--web.telemetry-path ${cfg.telemetryPath} \
${concatStringsSep " \\\n " cfg.extraFlags}
'';
};
};
}
</programlisting>
</para>
</listitem>
<listitem>

View file

@ -86,10 +86,10 @@ in
<note>
<para>If you use the firewall consider adding the following:</para>
<programlisting>
networking.firewall.allowedTCPPorts = [ 139 445 ];
networking.firewall.allowedUDPPorts = [ 137 138 ];
</programlisting>
<programlisting>
networking.firewall.allowedTCPPorts = [ 139 445 ];
networking.firewall.allowedUDPPorts = [ 137 138 ];
</programlisting>
</note>
'';
};

View file

@ -18,7 +18,7 @@
To enable the client proxy, set
<programlisting>
<xref linkend="opt-services.dnscrypt-proxy.enable"/> = true;
</programlisting>
</programlisting>
</para>
<para>
@ -36,7 +36,7 @@
the other client to it:
<programlisting>
<xref linkend="opt-services.dnscrypt-proxy.localPort"/> = 43;
</programlisting>
</programlisting>
</para>
<sect2 xml:id="sec-dnscrypt-proxy-forwarder-dsnmasq">
@ -47,7 +47,7 @@
<xref linkend="opt-services.dnsmasq.enable"/> = true;
<xref linkend="opt-services.dnsmasq.servers"/> = [ "127.0.0.1#43" ];
}
</programlisting>
</programlisting>
</para>
</sect2>
@ -59,7 +59,7 @@
<xref linkend="opt-services.unbound.enable"/> = true;
<xref linkend="opt-services.unbound.forwardAddresses"/> = [ "127.0.0.1@43" ];
}
</programlisting>
</programlisting>
</para>
</sect2>
</sect1>

View file

@ -101,17 +101,17 @@ in
'';
example = literalExample ''
# near constant pings.
step = 30
pings = 20
# consfn mrhb steps total
AVERAGE 0.5 1 10080
AVERAGE 0.5 12 43200
MIN 0.5 12 43200
MAX 0.5 12 43200
AVERAGE 0.5 144 7200
MAX 0.5 144 7200
MIN 0.5 144 7200
'';
step = 30
pings = 20
# consfn mrhb steps total
AVERAGE 0.5 1 10080
AVERAGE 0.5 12 43200
MIN 0.5 12 43200
MAX 0.5 12 43200
AVERAGE 0.5 144 7200
MAX 0.5 144 7200
MIN 0.5 144 7200
'';
description = ''Configure the ping frequency and retention of the rrd files.
Once set, changing the interval will require deletion or migration of all
the collected data.'';

View file

@ -21,18 +21,18 @@
passwordless database authentication via the UNIX_SOCKET authentication
plugin with the following SQL commands:
<programlisting>
# For MariaDB
INSTALL PLUGIN unix_socket SONAME 'auth_socket';
CREATE DATABASE matomo;
CREATE USER 'matomo'@'localhost' IDENTIFIED WITH unix_socket;
GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost';
# For MariaDB
INSTALL PLUGIN unix_socket SONAME 'auth_socket';
CREATE DATABASE matomo;
CREATE USER 'matomo'@'localhost' IDENTIFIED WITH unix_socket;
GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost';
# For MySQL
INSTALL PLUGIN auth_socket SONAME 'auth_socket.so';
CREATE DATABASE matomo;
CREATE USER 'matomo'@'localhost' IDENTIFIED WITH auth_socket;
GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost';
</programlisting>
# For MySQL
INSTALL PLUGIN auth_socket SONAME 'auth_socket.so';
CREATE DATABASE matomo;
CREATE USER 'matomo'@'localhost' IDENTIFIED WITH auth_socket;
GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost';
</programlisting>
Then fill in <literal>matomo</literal> as database user and database name,
and leave the password field blank. This authentication works by allowing
only the <literal>matomo</literal> unix user to authenticate as the