nixos/doc: Fix spurious indentation
This commit is contained in:
parent
092c25ac08
commit
11cb382a4c
17 changed files with 262 additions and 256 deletions
|
@ -68,7 +68,7 @@ installPhase =
|
|||
can be done in a generic fashion with the <literal>--set</literal> argument
|
||||
of <literal>makeWrapper</literal>:
|
||||
<programlisting>
|
||||
--set JAVA_HOME ${jdk.home}
|
||||
--set JAVA_HOME ${jdk.home}
|
||||
</programlisting>
|
||||
</para>
|
||||
|
||||
|
|
|
@ -33,91 +33,91 @@
|
|||
<link xlink:href="https://github.com/matrix-org/synapse#synapse-installation">
|
||||
installation instructions of Synapse </link>.
|
||||
<programlisting>
|
||||
let
|
||||
fqdn =
|
||||
let
|
||||
fqdn =
|
||||
let
|
||||
join = hostName: domain: hostName + optionalString (domain != null) ".${domain}";
|
||||
in join config.networking.hostName config.networking.domain;
|
||||
in {
|
||||
networking = {
|
||||
hostName = "myhostname";
|
||||
domain = "example.org";
|
||||
};
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
join = hostName: domain: hostName + optionalString (domain != null) ".${domain}";
|
||||
in join config.networking.hostName config.networking.domain;
|
||||
in {
|
||||
networking = {
|
||||
hostName = "myhostname";
|
||||
domain = "example.org";
|
||||
};
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
# only recommendedProxySettings and recommendedGzipSettings are strictly required,
|
||||
# but the rest make sense as well
|
||||
recommendedTlsSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedProxySettings = true;
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
# only recommendedProxySettings and recommendedGzipSettings are strictly required,
|
||||
# but the rest make sense as well
|
||||
recommendedTlsSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedProxySettings = true;
|
||||
|
||||
virtualHosts = {
|
||||
# This host section can be placed on a different host than the rest,
|
||||
# i.e. to delegate from the host being accessible as ${config.networking.domain}
|
||||
# to another host actually running the Matrix homeserver.
|
||||
"${config.networking.domain}" = {
|
||||
locations."= /.well-known/matrix/server".extraConfig =
|
||||
let
|
||||
# use 443 instead of the default 8448 port to unite
|
||||
# the client-server and server-server port for simplicity
|
||||
server = { "m.server" = "${fqdn}:443"; };
|
||||
in ''
|
||||
add_header Content-Type application/json;
|
||||
return 200 '${builtins.toJSON server}';
|
||||
'';
|
||||
locations."= /.well-known/matrix/client".extraConfig =
|
||||
let
|
||||
client = {
|
||||
"m.homeserver" = { "base_url" = "https://${fqdn}"; };
|
||||
"m.identity_server" = { "base_url" = "https://vector.im"; };
|
||||
};
|
||||
# ACAO required to allow riot-web on any URL to request this json file
|
||||
in ''
|
||||
add_header Content-Type application/json;
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
return 200 '${builtins.toJSON client}';
|
||||
'';
|
||||
};
|
||||
|
||||
# Reverse proxy for Matrix client-server and server-server communication
|
||||
${fqdn} = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
|
||||
# Or do a redirect instead of the 404, or whatever is appropriate for you.
|
||||
# But do not put a Matrix Web client here! See the Riot Web section below.
|
||||
locations."/".extraConfig = ''
|
||||
return 404;
|
||||
'';
|
||||
|
||||
# forward all Matrix API calls to the synapse Matrix homeserver
|
||||
locations."/_matrix" = {
|
||||
proxyPass = "http://[::1]:8008";
|
||||
virtualHosts = {
|
||||
# This host section can be placed on a different host than the rest,
|
||||
# i.e. to delegate from the host being accessible as ${config.networking.domain}
|
||||
# to another host actually running the Matrix homeserver.
|
||||
"${config.networking.domain}" = {
|
||||
locations."= /.well-known/matrix/server".extraConfig =
|
||||
let
|
||||
# use 443 instead of the default 8448 port to unite
|
||||
# the client-server and server-server port for simplicity
|
||||
server = { "m.server" = "${fqdn}:443"; };
|
||||
in ''
|
||||
add_header Content-Type application/json;
|
||||
return 200 '${builtins.toJSON server}';
|
||||
'';
|
||||
locations."= /.well-known/matrix/client".extraConfig =
|
||||
let
|
||||
client = {
|
||||
"m.homeserver" = { "base_url" = "https://${fqdn}"; };
|
||||
"m.identity_server" = { "base_url" = "https://vector.im"; };
|
||||
};
|
||||
};
|
||||
# ACAO required to allow riot-web on any URL to request this json file
|
||||
in ''
|
||||
add_header Content-Type application/json;
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
return 200 '${builtins.toJSON client}';
|
||||
'';
|
||||
};
|
||||
|
||||
# Reverse proxy for Matrix client-server and server-server communication
|
||||
${fqdn} = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
|
||||
# Or do a redirect instead of the 404, or whatever is appropriate for you.
|
||||
# But do not put a Matrix Web client here! See the Riot Web section below.
|
||||
locations."/".extraConfig = ''
|
||||
return 404;
|
||||
'';
|
||||
|
||||
# forward all Matrix API calls to the synapse Matrix homeserver
|
||||
locations."/_matrix" = {
|
||||
proxyPass = "http://[::1]:8008";
|
||||
};
|
||||
};
|
||||
services.matrix-synapse = {
|
||||
enable = true;
|
||||
server_name = config.networking.domain;
|
||||
listeners = [
|
||||
{
|
||||
port = 8008;
|
||||
bind_address = "::1";
|
||||
type = "http";
|
||||
tls = false;
|
||||
x_forwarded = true;
|
||||
resources = [
|
||||
{ names = [ "client" "federation" ]; compress = false; }
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
</programlisting>
|
||||
};
|
||||
services.matrix-synapse = {
|
||||
enable = true;
|
||||
server_name = config.networking.domain;
|
||||
listeners = [
|
||||
{
|
||||
port = 8008;
|
||||
bind_address = "::1";
|
||||
type = "http";
|
||||
tls = false;
|
||||
x_forwarded = true;
|
||||
resources = [
|
||||
{ names = [ "client" "federation" ]; compress = false; }
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
</programlisting>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
|
@ -142,14 +142,14 @@
|
|||
create a new user or admin, run the following after you have set the secret
|
||||
and have rebuilt NixOS:
|
||||
<programlisting>
|
||||
$ nix run nixpkgs.matrix-synapse
|
||||
$ register_new_matrix_user -k <your-registration-shared-secret> http://localhost:8008
|
||||
New user localpart: <your-username>
|
||||
Password:
|
||||
Confirm password:
|
||||
Make admin [no]:
|
||||
Success!
|
||||
</programlisting>
|
||||
$ nix run nixpkgs.matrix-synapse
|
||||
$ register_new_matrix_user -k <your-registration-shared-secret> http://localhost:8008
|
||||
New user localpart: <your-username>
|
||||
Password:
|
||||
Confirm password:
|
||||
Make admin [no]:
|
||||
Success!
|
||||
</programlisting>
|
||||
In the example, this would create a user with the Matrix Identifier
|
||||
<literal>@your-username:example.org</literal>. Note that the registration
|
||||
secret ends up in the nix store and therefore is world-readable by any user
|
||||
|
@ -177,16 +177,16 @@
|
|||
Matrix Now!</link> for a list of existing clients and their supported
|
||||
featureset.
|
||||
<programlisting>
|
||||
services.nginx.virtualHosts."riot.${fqdn}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
serverAliases = [
|
||||
"riot.${config.networking.domain}"
|
||||
];
|
||||
services.nginx.virtualHosts."riot.${fqdn}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
serverAliases = [
|
||||
"riot.${config.networking.domain}"
|
||||
];
|
||||
|
||||
root = pkgs.riot-web;
|
||||
};
|
||||
</programlisting>
|
||||
root = pkgs.riot-web;
|
||||
};
|
||||
</programlisting>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
|
|
|
@ -129,17 +129,17 @@ nix-repl> map (x: x.hostName) config.<xref linkend="opt-services.httpd.virtualHo
|
|||
While abstracting your configuration, you may find it useful to generate
|
||||
modules using code, instead of writing files. The example below would have
|
||||
the same effect as importing a file which sets those options.
|
||||
<screen>
|
||||
{ config, pkgs, ... }:
|
||||
<programlisting>
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
let netConfig = { hostName }: {
|
||||
networking.hostName = hostName;
|
||||
networking.useDHCP = false;
|
||||
};
|
||||
let netConfig = { hostName }: {
|
||||
networking.hostName = hostName;
|
||||
networking.useDHCP = false;
|
||||
};
|
||||
|
||||
in
|
||||
in
|
||||
|
||||
{ imports = [ (netConfig "nixos.localdomain") ]; }
|
||||
</screen>
|
||||
{ imports = [ (netConfig "nixos.localdomain") ]; }
|
||||
</programlisting>
|
||||
</para>
|
||||
</section>
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
imports = [
|
||||
<nixpkgs/nixos/modules/profiles/profile-name.nix>
|
||||
];
|
||||
</programlisting>
|
||||
</programlisting>
|
||||
<para>
|
||||
Even if some of these profiles seem only useful in the context of install
|
||||
media, many are actually intended to be used in real installs.
|
||||
|
|
|
@ -44,7 +44,7 @@
|
|||
A user ID (uid) is assigned automatically. You can also specify a uid
|
||||
manually by adding
|
||||
<programlisting>
|
||||
uid = 1000;
|
||||
uid = 1000;
|
||||
</programlisting>
|
||||
to the user specification.
|
||||
</para>
|
||||
|
|
|
@ -11,7 +11,7 @@
|
|||
<link linkend="opt-services.xserver.desktopManager.xfce.enable">xfce.enable</link> = true;
|
||||
<link linkend="opt-services.xserver.desktopManager.default">default</link> = "xfce";
|
||||
};
|
||||
</programlisting>
|
||||
</programlisting>
|
||||
</para>
|
||||
<para>
|
||||
Optionally, <emphasis>compton</emphasis> can be enabled for nice graphical
|
||||
|
@ -24,7 +24,7 @@
|
|||
<link linkend="opt-services.compton.shadow">shadow</link> = true;
|
||||
<link linkend="opt-services.compton.fadeDelta">fadeDelta</link> = 4;
|
||||
};
|
||||
</programlisting>
|
||||
</programlisting>
|
||||
</para>
|
||||
<para>
|
||||
Some Xfce programs are not installed automatically. To install them manually
|
||||
|
@ -37,7 +37,7 @@
|
|||
To enable <emphasis>Thunar</emphasis> volume support, put
|
||||
<programlisting>
|
||||
<xref linkend="opt-services.xserver.desktopManager.xfce.enable"/> = true;
|
||||
</programlisting>
|
||||
</programlisting>
|
||||
into your <emphasis>configuration.nix</emphasis>.
|
||||
</para>
|
||||
</simplesect>
|
||||
|
@ -58,14 +58,14 @@
|
|||
on start (look at <command>journalctl --user -b</command>).
|
||||
<programlisting>
|
||||
Thunar:2410): GVFS-RemoteVolumeMonitor-WARNING **: remote volume monitor with dbus name org.gtk.Private.UDisks2VolumeMonitor is not supported
|
||||
</programlisting>
|
||||
</programlisting>
|
||||
This is caused by some needed GNOME services not running. This is all fixed
|
||||
by enabling "Launch GNOME services on startup" in the Advanced tab of the
|
||||
Session and Startup settings panel. Alternatively, you can run this command
|
||||
to do the same thing.
|
||||
<programlisting>
|
||||
$ xfconf-query -c xfce4-session -p /compat/LaunchGNOME -s true
|
||||
</programlisting>
|
||||
</programlisting>
|
||||
A log-out and re-log will be needed for this to take effect.
|
||||
</para>
|
||||
</simplesect>
|
||||
|
|
|
@ -397,9 +397,9 @@ startAll;
|
|||
</para>
|
||||
<para>
|
||||
<programlisting>
|
||||
$machine->systemctl("list-jobs --no-pager"); // runs `systemctl list-jobs --no-pager`
|
||||
$machine->systemctl("list-jobs --no-pager", "any-user"); // spawns a shell for `any-user` and runs `systemctl --user list-jobs --no-pager`
|
||||
</programlisting>
|
||||
$machine->systemctl("list-jobs --no-pager"); // runs `systemctl list-jobs --no-pager`
|
||||
$machine->systemctl("list-jobs --no-pager", "any-user"); // spawns a shell for `any-user` and runs `systemctl --user list-jobs --no-pager`
|
||||
</programlisting>
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
@ -410,10 +410,10 @@ startAll;
|
|||
To test user units declared by <literal>systemd.user.services</literal> the
|
||||
optional <literal>$user</literal> argument can be used:
|
||||
<programlisting>
|
||||
$machine->start;
|
||||
$machine->waitForX;
|
||||
$machine->waitForUnit("xautolock.service", "x-session-user");
|
||||
</programlisting>
|
||||
$machine->start;
|
||||
$machine->waitForX;
|
||||
$machine->waitForUnit("xautolock.service", "x-session-user");
|
||||
</programlisting>
|
||||
This applies to <literal>systemctl</literal>, <literal>getUnitInfo</literal>,
|
||||
<literal>waitForUnit</literal>, <literal>startJob</literal> and
|
||||
<literal>stopJob</literal>.
|
||||
|
|
|
@ -9,7 +9,8 @@
|
|||
<link linkend="ch-configuration">changed something</link> in that file, you
|
||||
should do
|
||||
<screen>
|
||||
# nixos-rebuild switch</screen>
|
||||
<prompt># </prompt>nixos-rebuild switch
|
||||
</screen>
|
||||
to build the new configuration, make it the default configuration for
|
||||
booting, and try to realise the configuration in the running system (e.g., by
|
||||
restarting system services).
|
||||
|
@ -23,7 +24,8 @@
|
|||
<para>
|
||||
You can also do
|
||||
<screen>
|
||||
# nixos-rebuild test</screen>
|
||||
<prompt># </prompt>nixos-rebuild test
|
||||
</screen>
|
||||
to build the configuration and switch the running system to it, but without
|
||||
making it the boot default. So if (say) the configuration locks up your
|
||||
machine, you can just reboot to get back to a working configuration.
|
||||
|
@ -31,7 +33,8 @@
|
|||
<para>
|
||||
There is also
|
||||
<screen>
|
||||
# nixos-rebuild boot</screen>
|
||||
<prompt># </prompt>nixos-rebuild boot
|
||||
</screen>
|
||||
to build the configuration and make it the boot default, but not switch to it
|
||||
now (so it will only take effect after the next reboot).
|
||||
</para>
|
||||
|
@ -39,7 +42,8 @@
|
|||
You can make your configuration show up in a different submenu of the GRUB 2
|
||||
boot screen by giving it a different <emphasis>profile name</emphasis>, e.g.
|
||||
<screen>
|
||||
# nixos-rebuild switch -p test </screen>
|
||||
<prompt># </prompt>nixos-rebuild switch -p test
|
||||
</screen>
|
||||
which causes the new configuration (and previous ones created using
|
||||
<literal>-p test</literal>) to show up in the GRUB submenu “NixOS - Profile
|
||||
'test'”. This can be useful to separate test configurations from
|
||||
|
@ -48,7 +52,8 @@
|
|||
<para>
|
||||
Finally, you can do
|
||||
<screen>
|
||||
$ nixos-rebuild build</screen>
|
||||
<prompt>$ </prompt>nixos-rebuild build
|
||||
</screen>
|
||||
to build the configuration but nothing more. This is useful to see whether
|
||||
everything compiles cleanly.
|
||||
</para>
|
||||
|
@ -58,8 +63,8 @@ $ nixos-rebuild build</screen>
|
|||
<emphasis>virtual machine</emphasis> that contains the desired configuration.
|
||||
Just do
|
||||
<screen>
|
||||
$ nixos-rebuild build-vm
|
||||
$ ./result/bin/run-*-vm
|
||||
<prompt>$ </prompt>nixos-rebuild build-vm
|
||||
<prompt>$ </prompt>./result/bin/run-*-vm
|
||||
</screen>
|
||||
The VM does not have any data from your host system, so your existing user
|
||||
accounts and home directories will not be available unless you have set
|
||||
|
@ -74,12 +79,12 @@ $ ./result/bin/run-*-vm
|
|||
guest. For instance, the following will forward host port 2222 to guest port
|
||||
22 (SSH):
|
||||
<screen>
|
||||
$ QEMU_NET_OPTS="hostfwd=tcp::2222-:22" ./result/bin/run-*-vm
|
||||
<prompt>$ </prompt>QEMU_NET_OPTS="hostfwd=tcp::2222-:22" ./result/bin/run-*-vm
|
||||
</screen>
|
||||
allowing you to log in via SSH (assuming you have set the appropriate
|
||||
passwords or SSH authorized keys):
|
||||
<screen>
|
||||
$ ssh -p 2222 localhost
|
||||
<prompt>$ </prompt>ssh -p 2222 localhost
|
||||
</screen>
|
||||
</para>
|
||||
</chapter>
|
||||
|
|
|
@ -47,8 +47,8 @@
|
|||
Short version:
|
||||
</para>
|
||||
<screen>
|
||||
$ curl https://nixos.org/nix/install | sh
|
||||
$ . $HOME/.nix-profile/etc/profile.d/nix.sh # …or open a fresh shell</screen>
|
||||
<prompt>$ </prompt>curl https://nixos.org/nix/install | sh
|
||||
<prompt>$ </prompt>. $HOME/.nix-profile/etc/profile.d/nix.sh # …or open a fresh shell</screen>
|
||||
<para>
|
||||
More details in the
|
||||
<link
|
||||
|
@ -65,14 +65,14 @@ $ . $HOME/.nix-profile/etc/profile.d/nix.sh # …or open a fresh shell</screen>
|
|||
the <literal>nixpkgs</literal> channel by default.
|
||||
</para>
|
||||
<screen>
|
||||
$ nix-channel --list
|
||||
<prompt>$ </prompt>nix-channel --list
|
||||
nixpkgs https://nixos.org/channels/nixpkgs-unstable</screen>
|
||||
<para>
|
||||
As that channel gets released without running the NixOS tests, it will be
|
||||
safer to use the <literal>nixos-*</literal> channels instead:
|
||||
</para>
|
||||
<screen>
|
||||
$ nix-channel --add https://nixos.org/channels/nixos-<replaceable>version</replaceable> nixpkgs</screen>
|
||||
<prompt>$ </prompt>nix-channel --add https://nixos.org/channels/nixos-<replaceable>version</replaceable> nixpkgs</screen>
|
||||
<para>
|
||||
You may want to throw in a <literal>nix-channel --update</literal> for good
|
||||
measure.
|
||||
|
@ -89,7 +89,7 @@ $ nix-channel --add https://nixos.org/channels/nixos-<replaceable>version</repla
|
|||
NixOS partition. They are installed by default on NixOS, but you don't have
|
||||
NixOS yet..
|
||||
</para>
|
||||
<screen>$ nix-env -iE "_: with import <nixpkgs/nixos> { configuration = {}; }; with config.system.build; [ nixos-generate-config nixos-install nixos-enter manual.manpages ]"</screen>
|
||||
<screen><prompt>$ </prompt>nix-env -iE "_: with import <nixpkgs/nixos> { configuration = {}; }; with config.system.build; [ nixos-generate-config nixos-install nixos-enter manual.manpages ]"</screen>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<note>
|
||||
|
@ -116,7 +116,7 @@ $ nix-channel --add https://nixos.org/channels/nixos-<replaceable>version</repla
|
|||
<para>
|
||||
Generate your NixOS configuration:
|
||||
</para>
|
||||
<screen>$ sudo `which nixos-generate-config` --root /mnt</screen>
|
||||
<screen><prompt>$ </prompt>sudo `which nixos-generate-config` --root /mnt</screen>
|
||||
<para>
|
||||
You'll probably want to edit the configuration files. Refer to the
|
||||
<literal>nixos-generate-config</literal> step in
|
||||
|
@ -148,8 +148,8 @@ $ nix-channel --add https://nixos.org/channels/nixos-<replaceable>version</repla
|
|||
distribution:
|
||||
</para>
|
||||
<screen>
|
||||
$ sudo groupadd -g 30000 nixbld
|
||||
$ sudo useradd -u 30000 -g nixbld -G nixbld nixbld</screen>
|
||||
<prompt>$ </prompt>sudo groupadd -g 30000 nixbld
|
||||
<prompt>$ </prompt>sudo useradd -u 30000 -g nixbld -G nixbld nixbld</screen>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
|
@ -161,7 +161,7 @@ $ sudo useradd -u 30000 -g nixbld -G nixbld nixbld</screen>
|
|||
existing systems without the help of a rescue USB drive or similar.
|
||||
</para>
|
||||
</warning>
|
||||
<screen>$ sudo PATH="$PATH" NIX_PATH="$NIX_PATH" `which nixos-install` --root /mnt</screen>
|
||||
<screen><prompt>$ </prompt>sudo PATH="$PATH" NIX_PATH="$NIX_PATH" `which nixos-install` --root /mnt</screen>
|
||||
<para>
|
||||
Again, please refer to the <literal>nixos-install</literal> step in
|
||||
<xref linkend="sec-installation" /> for more information.
|
||||
|
@ -175,8 +175,8 @@ $ sudo useradd -u 30000 -g nixbld -G nixbld nixbld</screen>
|
|||
Optionally, you may want to clean up your non-NixOS distribution:
|
||||
</para>
|
||||
<screen>
|
||||
$ sudo userdel nixbld
|
||||
$ sudo groupdel nixbld</screen>
|
||||
<prompt>$ </prompt>sudo userdel nixbld
|
||||
<prompt>$ </prompt>sudo groupdel nixbld</screen>
|
||||
<para>
|
||||
If you do not wish to keep the Nix package manager installed either, run
|
||||
something like <literal>sudo rm -rv ~/.nix-* /nix</literal> and remove the
|
||||
|
@ -193,7 +193,7 @@ $ sudo groupdel nixbld</screen>
|
|||
<para>
|
||||
Generate your NixOS configuration:
|
||||
</para>
|
||||
<screen>$ sudo `which nixos-generate-config` --root /</screen>
|
||||
<screen><prompt>$ </prompt>sudo `which nixos-generate-config` --root /</screen>
|
||||
<para>
|
||||
Note that this will place the generated configuration files in
|
||||
<literal>/etc/nixos</literal>. You'll probably want to edit the
|
||||
|
@ -212,21 +212,21 @@ $ sudo groupdel nixbld</screen>
|
|||
</para>
|
||||
<programlisting>
|
||||
<link linkend="opt-users.users._name__.initialHashedPassword">users.users.root.initialHashedPassword</link> = "";
|
||||
</programlisting>
|
||||
</programlisting>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Build the NixOS closure and install it in the <literal>system</literal>
|
||||
profile:
|
||||
</para>
|
||||
<screen>$ nix-env -p /nix/var/nix/profiles/system -f '<nixpkgs/nixos>' -I nixos-config=/etc/nixos/configuration.nix -iA system</screen>
|
||||
<screen><prompt>$ </prompt>nix-env -p /nix/var/nix/profiles/system -f '<nixpkgs/nixos>' -I nixos-config=/etc/nixos/configuration.nix -iA system</screen>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
Change ownership of the <literal>/nix</literal> tree to root (since your
|
||||
Nix install was probably single user):
|
||||
</para>
|
||||
<screen>$ sudo chown -R 0.0 /nix</screen>
|
||||
<screen><prompt>$ </prompt>sudo chown -R 0.0 /nix</screen>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
|
@ -284,16 +284,16 @@ $ sudo groupdel nixbld</screen>
|
|||
Let's create the files:
|
||||
</para>
|
||||
<screen>
|
||||
$ sudo touch /etc/NIXOS
|
||||
$ sudo touch /etc/NIXOS_LUSTRATE
|
||||
</screen>
|
||||
<prompt>$ </prompt>sudo touch /etc/NIXOS
|
||||
<prompt>$ </prompt>sudo touch /etc/NIXOS_LUSTRATE
|
||||
</screen>
|
||||
<para>
|
||||
Let's also make sure the NixOS configuration files are kept once we reboot
|
||||
on NixOS:
|
||||
</para>
|
||||
<screen>
|
||||
$ echo etc/nixos | sudo tee -a /etc/NIXOS_LUSTRATE
|
||||
</screen>
|
||||
<prompt>$ </prompt>echo etc/nixos | sudo tee -a /etc/NIXOS_LUSTRATE
|
||||
</screen>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
|
@ -312,8 +312,9 @@ $ echo etc/nixos | sudo tee -a /etc/NIXOS_LUSTRATE
|
|||
</para>
|
||||
</warning>
|
||||
<screen>
|
||||
$ sudo mv -v /boot /boot.bak &&
|
||||
sudo /nix/var/nix/profiles/system/bin/switch-to-configuration boot</screen>
|
||||
<prompt>$ </prompt>sudo mv -v /boot /boot.bak &&
|
||||
sudo /nix/var/nix/profiles/system/bin/switch-to-configuration boot
|
||||
</screen>
|
||||
<para>
|
||||
Cross your fingers, reboot, hopefully you should get a NixOS prompt!
|
||||
</para>
|
||||
|
|
|
@ -525,7 +525,7 @@ $ nix-env -i w3m</screen>
|
|||
|
||||
<example xml:id='ex-config'>
|
||||
<title>NixOS Configuration</title>
|
||||
<screen>
|
||||
<programlisting>
|
||||
{ config, pkgs, ... }: {
|
||||
imports = [
|
||||
# Include the results of the hardware scan.
|
||||
|
@ -543,7 +543,7 @@ $ nix-env -i w3m</screen>
|
|||
# Enable the OpenSSH server.
|
||||
services.sshd.enable = true;
|
||||
}
|
||||
</screen>
|
||||
</programlisting>
|
||||
</example>
|
||||
</section>
|
||||
<section xml:id="sec-installation-additional-notes">
|
||||
|
|
|
@ -626,17 +626,17 @@
|
|||
xlink:href="https://nixos.org/nixpkgs/manual/#sec-overlays-install">
|
||||
overlays</link>. For example, the following code:
|
||||
<programlisting>
|
||||
let
|
||||
pkgs = import <nixpkgs> {};
|
||||
in
|
||||
pkgs.overridePackages (self: super: ...)
|
||||
let
|
||||
pkgs = import <nixpkgs> {};
|
||||
in
|
||||
pkgs.overridePackages (self: super: ...)
|
||||
</programlisting>
|
||||
should be replaced by:
|
||||
<programlisting>
|
||||
let
|
||||
pkgs = import <nixpkgs> {};
|
||||
in
|
||||
import pkgs.path { overlays = [(self: super: ...)]; }
|
||||
let
|
||||
pkgs = import <nixpkgs> {};
|
||||
in
|
||||
import pkgs.path { overlays = [(self: super: ...)]; }
|
||||
</programlisting>
|
||||
</para>
|
||||
</listitem>
|
||||
|
|
|
@ -21,7 +21,7 @@
|
|||
<filename>configuration.nix</filename>:
|
||||
<programlisting>
|
||||
<xref linkend="opt-services.flatpak.enable"/> = true;
|
||||
</programlisting>
|
||||
</programlisting>
|
||||
</para>
|
||||
<para>
|
||||
For the sandboxed apps to work correctly, desktop integration portals need to
|
||||
|
@ -30,27 +30,27 @@
|
|||
<filename>configuration.nix</filename>:
|
||||
<programlisting>
|
||||
<xref linkend="opt-services.flatpak.extraPortals"/> = [ pkgs.xdg-desktop-portal-gtk ];
|
||||
</programlisting>
|
||||
</programlisting>
|
||||
</para>
|
||||
<para>
|
||||
Then, you will need to add a repository, for example,
|
||||
<link xlink:href="https://github.com/flatpak/flatpak/wiki">Flathub</link>,
|
||||
either using the following commands:
|
||||
<programlisting>
|
||||
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
|
||||
flatpak update
|
||||
</programlisting>
|
||||
<screen>
|
||||
<prompt>$ </prompt>flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
|
||||
<prompt>$ </prompt>flatpak update
|
||||
</screen>
|
||||
or by opening the
|
||||
<link xlink:href="https://flathub.org/repo/flathub.flatpakrepo">repository
|
||||
file</link> in GNOME Software.
|
||||
</para>
|
||||
<para>
|
||||
Finally, you can search and install programs:
|
||||
<programlisting>
|
||||
flatpak search bustle
|
||||
flatpak install flathub org.freedesktop.Bustle
|
||||
flatpak run org.freedesktop.Bustle
|
||||
</programlisting>
|
||||
<screen>
|
||||
<prompt>$ </prompt>flatpak search bustle
|
||||
<prompt>$ </prompt>flatpak install flathub org.freedesktop.Bustle
|
||||
<prompt>$ </prompt>flatpak run org.freedesktop.Bustle
|
||||
</screen>
|
||||
Again, GNOME Software offers graphical interface for these tasks.
|
||||
</para>
|
||||
</chapter>
|
||||
|
|
|
@ -112,65 +112,65 @@
|
|||
directory, which will be called postfix.nix and contains all exporter
|
||||
specific options and configuration:
|
||||
<programlisting>
|
||||
# nixpgs/nixos/modules/services/prometheus/exporters/postfix.nix
|
||||
{ config, lib, pkgs }:
|
||||
# nixpgs/nixos/modules/services/prometheus/exporters/postfix.nix
|
||||
{ config, lib, pkgs }:
|
||||
|
||||
with lib;
|
||||
with lib;
|
||||
|
||||
let
|
||||
# for convenience we define cfg here
|
||||
cfg = config.services.prometheus.exporters.postfix;
|
||||
in
|
||||
{
|
||||
port = 9154; # The postfix exporter listens on this port by default
|
||||
let
|
||||
# for convenience we define cfg here
|
||||
cfg = config.services.prometheus.exporters.postfix;
|
||||
in
|
||||
{
|
||||
port = 9154; # The postfix exporter listens on this port by default
|
||||
|
||||
# `extraOpts` is an attribute set which contains additional options
|
||||
# (and optional overrides for default options).
|
||||
# Note that this attribute is optional.
|
||||
extraOpts = {
|
||||
telemetryPath = mkOption {
|
||||
type = types.str;
|
||||
default = "/metrics";
|
||||
description = ''
|
||||
Path under which to expose metrics.
|
||||
'';
|
||||
};
|
||||
logfilePath = mkOption {
|
||||
type = types.path;
|
||||
default = /var/log/postfix_exporter_input.log;
|
||||
example = /var/log/mail.log;
|
||||
description = ''
|
||||
Path where Postfix writes log entries.
|
||||
This file will be truncated by this exporter!
|
||||
'';
|
||||
};
|
||||
showqPath = mkOption {
|
||||
type = types.path;
|
||||
default = /var/spool/postfix/public/showq;
|
||||
example = /var/lib/postfix/queue/public/showq;
|
||||
description = ''
|
||||
Path at which Postfix places its showq socket.
|
||||
'';
|
||||
};
|
||||
};
|
||||
# `extraOpts` is an attribute set which contains additional options
|
||||
# (and optional overrides for default options).
|
||||
# Note that this attribute is optional.
|
||||
extraOpts = {
|
||||
telemetryPath = mkOption {
|
||||
type = types.str;
|
||||
default = "/metrics";
|
||||
description = ''
|
||||
Path under which to expose metrics.
|
||||
'';
|
||||
};
|
||||
logfilePath = mkOption {
|
||||
type = types.path;
|
||||
default = /var/log/postfix_exporter_input.log;
|
||||
example = /var/log/mail.log;
|
||||
description = ''
|
||||
Path where Postfix writes log entries.
|
||||
This file will be truncated by this exporter!
|
||||
'';
|
||||
};
|
||||
showqPath = mkOption {
|
||||
type = types.path;
|
||||
default = /var/spool/postfix/public/showq;
|
||||
example = /var/lib/postfix/queue/public/showq;
|
||||
description = ''
|
||||
Path at which Postfix places its showq socket.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
# `serviceOpts` is an attribute set which contains configuration
|
||||
# for the exporter's systemd service. One of
|
||||
# `serviceOpts.script` and `serviceOpts.serviceConfig.ExecStart`
|
||||
# has to be specified here. This will be merged with the default
|
||||
# service confiuration.
|
||||
serviceOpts = {
|
||||
serviceConfig = {
|
||||
ExecStart = ''
|
||||
${pkgs.prometheus-postfix-exporter}/bin/postfix_exporter \
|
||||
--web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
|
||||
--web.telemetry-path ${cfg.telemetryPath} \
|
||||
${concatStringsSep " \\\n " cfg.extraFlags}
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
||||
</programlisting>
|
||||
# `serviceOpts` is an attribute set which contains configuration
|
||||
# for the exporter's systemd service. One of
|
||||
# `serviceOpts.script` and `serviceOpts.serviceConfig.ExecStart`
|
||||
# has to be specified here. This will be merged with the default
|
||||
# service confiuration.
|
||||
serviceOpts = {
|
||||
serviceConfig = {
|
||||
ExecStart = ''
|
||||
${pkgs.prometheus-postfix-exporter}/bin/postfix_exporter \
|
||||
--web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
|
||||
--web.telemetry-path ${cfg.telemetryPath} \
|
||||
${concatStringsSep " \\\n " cfg.extraFlags}
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
||||
</programlisting>
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
|
|
|
@ -86,10 +86,10 @@ in
|
|||
|
||||
<note>
|
||||
<para>If you use the firewall consider adding the following:</para>
|
||||
<programlisting>
|
||||
networking.firewall.allowedTCPPorts = [ 139 445 ];
|
||||
networking.firewall.allowedUDPPorts = [ 137 138 ];
|
||||
</programlisting>
|
||||
<programlisting>
|
||||
networking.firewall.allowedTCPPorts = [ 139 445 ];
|
||||
networking.firewall.allowedUDPPorts = [ 137 138 ];
|
||||
</programlisting>
|
||||
</note>
|
||||
'';
|
||||
};
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
To enable the client proxy, set
|
||||
<programlisting>
|
||||
<xref linkend="opt-services.dnscrypt-proxy.enable"/> = true;
|
||||
</programlisting>
|
||||
</programlisting>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
|
@ -36,7 +36,7 @@
|
|||
the other client to it:
|
||||
<programlisting>
|
||||
<xref linkend="opt-services.dnscrypt-proxy.localPort"/> = 43;
|
||||
</programlisting>
|
||||
</programlisting>
|
||||
</para>
|
||||
|
||||
<sect2 xml:id="sec-dnscrypt-proxy-forwarder-dsnmasq">
|
||||
|
@ -47,7 +47,7 @@
|
|||
<xref linkend="opt-services.dnsmasq.enable"/> = true;
|
||||
<xref linkend="opt-services.dnsmasq.servers"/> = [ "127.0.0.1#43" ];
|
||||
}
|
||||
</programlisting>
|
||||
</programlisting>
|
||||
</para>
|
||||
</sect2>
|
||||
|
||||
|
@ -59,7 +59,7 @@
|
|||
<xref linkend="opt-services.unbound.enable"/> = true;
|
||||
<xref linkend="opt-services.unbound.forwardAddresses"/> = [ "127.0.0.1@43" ];
|
||||
}
|
||||
</programlisting>
|
||||
</programlisting>
|
||||
</para>
|
||||
</sect2>
|
||||
</sect1>
|
||||
|
|
|
@ -101,17 +101,17 @@ in
|
|||
'';
|
||||
example = literalExample ''
|
||||
# near constant pings.
|
||||
step = 30
|
||||
pings = 20
|
||||
# consfn mrhb steps total
|
||||
AVERAGE 0.5 1 10080
|
||||
AVERAGE 0.5 12 43200
|
||||
MIN 0.5 12 43200
|
||||
MAX 0.5 12 43200
|
||||
AVERAGE 0.5 144 7200
|
||||
MAX 0.5 144 7200
|
||||
MIN 0.5 144 7200
|
||||
'';
|
||||
step = 30
|
||||
pings = 20
|
||||
# consfn mrhb steps total
|
||||
AVERAGE 0.5 1 10080
|
||||
AVERAGE 0.5 12 43200
|
||||
MIN 0.5 12 43200
|
||||
MAX 0.5 12 43200
|
||||
AVERAGE 0.5 144 7200
|
||||
MAX 0.5 144 7200
|
||||
MIN 0.5 144 7200
|
||||
'';
|
||||
description = ''Configure the ping frequency and retention of the rrd files.
|
||||
Once set, changing the interval will require deletion or migration of all
|
||||
the collected data.'';
|
||||
|
|
|
@ -21,18 +21,18 @@
|
|||
passwordless database authentication via the UNIX_SOCKET authentication
|
||||
plugin with the following SQL commands:
|
||||
<programlisting>
|
||||
# For MariaDB
|
||||
INSTALL PLUGIN unix_socket SONAME 'auth_socket';
|
||||
CREATE DATABASE matomo;
|
||||
CREATE USER 'matomo'@'localhost' IDENTIFIED WITH unix_socket;
|
||||
GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost';
|
||||
# For MariaDB
|
||||
INSTALL PLUGIN unix_socket SONAME 'auth_socket';
|
||||
CREATE DATABASE matomo;
|
||||
CREATE USER 'matomo'@'localhost' IDENTIFIED WITH unix_socket;
|
||||
GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost';
|
||||
|
||||
# For MySQL
|
||||
INSTALL PLUGIN auth_socket SONAME 'auth_socket.so';
|
||||
CREATE DATABASE matomo;
|
||||
CREATE USER 'matomo'@'localhost' IDENTIFIED WITH auth_socket;
|
||||
GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost';
|
||||
</programlisting>
|
||||
# For MySQL
|
||||
INSTALL PLUGIN auth_socket SONAME 'auth_socket.so';
|
||||
CREATE DATABASE matomo;
|
||||
CREATE USER 'matomo'@'localhost' IDENTIFIED WITH auth_socket;
|
||||
GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost';
|
||||
</programlisting>
|
||||
Then fill in <literal>matomo</literal> as database user and database name,
|
||||
and leave the password field blank. This authentication works by allowing
|
||||
only the <literal>matomo</literal> unix user to authenticate as the
|
||||
|
|
Loading…
Reference in a new issue