nixos/*: replace <code> in option docs with <literal>
markdown can't represent the difference without another extension and both the html manual and the manpage render them the same, so keeping the distinction is not very useful on its own. with the distinction removed we can automatically convert many options that use <code> tags to markdown. the manpage remains unchanged, html manual does not render differently (but class names on code tags do change from "code" to "literal").
This commit is contained in:
parent
694d5b19d3
commit
16102dce2f
34 changed files with 120 additions and 120 deletions
|
@ -84,8 +84,8 @@ in
|
|||
type = types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
Enable the <code>edns0</code> option in <filename>resolv.conf</filename>. With
|
||||
that option set, <code>glibc</code> supports use of the extension mechanisms for
|
||||
Enable the <literal>edns0</literal> option in <filename>resolv.conf</filename>. With
|
||||
that option set, <literal>glibc</literal> supports use of the extension mechanisms for
|
||||
DNS (EDNS) specified in RFC 2671. The most popular user of that feature is DNSSEC,
|
||||
which does not work without it.
|
||||
'';
|
||||
|
|
|
@ -113,7 +113,7 @@ in
|
|||
An attribute set that maps aliases (the top level attribute names in
|
||||
this option) to command strings or directly to build outputs. The
|
||||
aliases are added to all users' shells.
|
||||
Aliases mapped to <code>null</code> are ignored.
|
||||
Aliases mapped to <literal>null</literal> are ignored.
|
||||
'';
|
||||
type = with types; attrsOf (nullOr (either str path));
|
||||
};
|
||||
|
|
|
@ -30,7 +30,7 @@ in
|
|||
Also, these variables are merged into
|
||||
<xref linkend="opt-environment.variables"/> and it is
|
||||
therefore not possible to use PAM style variables such as
|
||||
<code>@{HOME}</code>.
|
||||
<literal>@{HOME}</literal>.
|
||||
'';
|
||||
type = with types; attrsOf (either str (listOf str));
|
||||
apply = mapAttrs (n: v: if isList v then concatStringsSep ":" v else v);
|
||||
|
@ -58,7 +58,7 @@ in
|
|||
Also, these variables are merged into
|
||||
<xref linkend="opt-environment.profileRelativeEnvVars"/> and it is
|
||||
therefore not possible to use PAM style variables such as
|
||||
<code>@{HOME}</code>.
|
||||
<literal>@{HOME}</literal>.
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
|
@ -154,8 +154,8 @@ let
|
|||
description = ''
|
||||
Attributes for user's entry in
|
||||
<filename>pam_mount.conf.xml</filename>.
|
||||
Useful attributes might include <code>path</code>,
|
||||
<code>options</code>, <code>fstype</code>, and <code>server</code>.
|
||||
Useful attributes might include <literal>path</literal>,
|
||||
<literal>options</literal>, <literal>fstype</literal>, and <literal>server</literal>.
|
||||
See <link
|
||||
xlink:href="http://pam-mount.sourceforge.net/pam_mount.conf.5.html" />
|
||||
for more information.
|
||||
|
@ -172,7 +172,7 @@ let
|
|||
like <literal>pkgs.bashInteractive</literal>. Don’t
|
||||
forget to enable your shell in
|
||||
<literal>programs</literal> if necessary,
|
||||
like <code>programs.zsh.enable = true;</code>.
|
||||
like <literal>programs.zsh.enable = true;</literal>.
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
|
@ -119,11 +119,11 @@ in
|
|||
example = literalExpression "import <nixpkgs> {}";
|
||||
description = ''
|
||||
If set, the pkgs argument to all NixOS modules is the value of
|
||||
this option, extended with <code>nixpkgs.overlays</code>, if
|
||||
that is also set. Either <code>nixpkgs.crossSystem</code> or
|
||||
<code>nixpkgs.localSystem</code> will be used in an assertion
|
||||
this option, extended with <literal>nixpkgs.overlays</literal>, if
|
||||
that is also set. Either <literal>nixpkgs.crossSystem</literal> or
|
||||
<literal>nixpkgs.localSystem</literal> will be used in an assertion
|
||||
to check that the NixOS and Nixpkgs architectures match. Any
|
||||
other options in <code>nixpkgs.*</code>, notably <code>config</code>,
|
||||
other options in <literal>nixpkgs.*</literal>, notably <literal>config</literal>,
|
||||
will be ignored.
|
||||
|
||||
If unset, the pkgs argument to all NixOS modules is determined
|
||||
|
@ -132,18 +132,18 @@ in
|
|||
The default value imports the Nixpkgs source files
|
||||
relative to the location of this NixOS module, because
|
||||
NixOS and Nixpkgs are distributed together for consistency,
|
||||
so the <code>nixos</code> in the default value is in fact a
|
||||
relative path. The <code>config</code>, <code>overlays</code>,
|
||||
<code>localSystem</code>, and <code>crossSystem</code> come
|
||||
so the <literal>nixos</literal> in the default value is in fact a
|
||||
relative path. The <literal>config</literal>, <literal>overlays</literal>,
|
||||
<literal>localSystem</literal>, and <literal>crossSystem</literal> come
|
||||
from this option's siblings.
|
||||
|
||||
This option can be used by applications like NixOps to increase
|
||||
the performance of evaluation, or to create packages that depend
|
||||
on a container that should be built with the exact same evaluation
|
||||
of Nixpkgs, for example. Applications like this should set
|
||||
their default value using <code>lib.mkDefault</code>, so
|
||||
their default value using <literal>lib.mkDefault</literal>, so
|
||||
user-provided configuration can override it without using
|
||||
<code>lib</code>.
|
||||
<literal>lib</literal>.
|
||||
|
||||
Note that using a distinct version of Nixpkgs with NixOS may
|
||||
be an unexpected source of problems. Use this option with care.
|
||||
|
@ -162,7 +162,7 @@ in
|
|||
details, see the Nixpkgs documentation.) It allows you to set
|
||||
package configuration options.
|
||||
|
||||
Ignored when <code>nixpkgs.pkgs</code> is set.
|
||||
Ignored when <literal>nixpkgs.pkgs</literal> is set.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -188,9 +188,9 @@ in
|
|||
The first argument should be used for finding dependencies, and
|
||||
the second should be used for overriding recipes.
|
||||
|
||||
If <code>nixpkgs.pkgs</code> is set, overlays specified here
|
||||
If <literal>nixpkgs.pkgs</literal> is set, overlays specified here
|
||||
will be applied after the overlays that were already present
|
||||
in <code>nixpkgs.pkgs</code>.
|
||||
in <literal>nixpkgs.pkgs</literal>.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -205,9 +205,9 @@ in
|
|||
description = ''
|
||||
Specifies the platform where the NixOS configuration will run.
|
||||
|
||||
To cross-compile, set also <code>nixpkgs.buildPlatform</code>.
|
||||
To cross-compile, set also <literal>nixpkgs.buildPlatform</literal>.
|
||||
|
||||
Ignored when <code>nixpkgs.pkgs</code> is set.
|
||||
Ignored when <literal>nixpkgs.pkgs</literal> is set.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -230,7 +230,7 @@ in
|
|||
or if you're building machines, you can set this to match your
|
||||
development system and/or build farm.
|
||||
|
||||
Ignored when <code>nixpkgs.pkgs</code> is set.
|
||||
Ignored when <literal>nixpkgs.pkgs</literal> is set.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -253,7 +253,7 @@ in
|
|||
use the old options.
|
||||
|
||||
Specifies the platform on which NixOS should be built. When
|
||||
<code>nixpkgs.crossSystem</code> is unset, it also specifies
|
||||
<literal>nixpkgs.crossSystem</literal> is unset, it also specifies
|
||||
the platform <emphasis>for</emphasis> which NixOS should be
|
||||
built. If this option is unset, it defaults to the platform
|
||||
type of the machine where evaluation happens. Specifying this
|
||||
|
@ -261,7 +261,7 @@ in
|
|||
deployment, or when building virtual machines. See its
|
||||
description in the Nixpkgs manual for more details.
|
||||
|
||||
Ignored when <code>nixpkgs.pkgs</code> or <code>hostPlatform</code> is set.
|
||||
Ignored when <literal>nixpkgs.pkgs</literal> or <literal>hostPlatform</literal> is set.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -279,13 +279,13 @@ in
|
|||
|
||||
Specifies the platform for which NixOS should be
|
||||
built. Specify this only if it is different from
|
||||
<code>nixpkgs.localSystem</code>, the platform
|
||||
<literal>nixpkgs.localSystem</literal>, the platform
|
||||
<emphasis>on</emphasis> which NixOS should be built. In other
|
||||
words, specify this to cross-compile NixOS. Otherwise it
|
||||
should be set as null, the default. See its description in the
|
||||
Nixpkgs manual for more details.
|
||||
|
||||
Ignored when <code>nixpkgs.pkgs</code> or <code>hostPlatform</code> is set.
|
||||
Ignored when <literal>nixpkgs.pkgs</literal> or <literal>hostPlatform</literal> is set.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -316,7 +316,7 @@ in
|
|||
with a recently generated <literal>hardware-configuration.nix</literal>.
|
||||
|
||||
Specifies the Nix platform type on which NixOS should be built.
|
||||
It is better to specify <code>nixpkgs.localSystem</code> instead.
|
||||
It is better to specify <literal>nixpkgs.localSystem</literal> instead.
|
||||
<programlisting>
|
||||
{
|
||||
nixpkgs.system = ..;
|
||||
|
@ -328,9 +328,9 @@ in
|
|||
nixpkgs.localSystem.system = ..;
|
||||
}
|
||||
</programlisting>
|
||||
See <code>nixpkgs.localSystem</code> for more information.
|
||||
See <literal>nixpkgs.localSystem</literal> for more information.
|
||||
|
||||
Ignored when <code>nixpkgs.pkgs</code>, <code>nixpkgs.localSystem</code> or <code>nixpkgs.hostPlatform</code> is set.
|
||||
Ignored when <literal>nixpkgs.pkgs</literal>, <literal>nixpkgs.localSystem</literal> or <literal>nixpkgs.hostPlatform</literal> is set.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
|
|
@ -14,7 +14,7 @@ with lib;
|
|||
description = ''
|
||||
Whether to configure system to use Android Debug Bridge (adb).
|
||||
To grant access to a user, it must be part of adbusers group:
|
||||
<code>users.users.alice.extraGroups = ["adbusers"];</code>
|
||||
<literal>users.users.alice.extraGroups = ["adbusers"];</literal>
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
|
|
@ -74,7 +74,7 @@ in {
|
|||
|
||||
You will get file collisions if you put the actual application binary in
|
||||
the global environment (such as by adding the application package to
|
||||
<code>environment.systemPackages</code>), and applications started via
|
||||
<literal>environment.systemPackages</literal>), and applications started via
|
||||
.desktop files are not wrapped if they specify the absolute path to the
|
||||
binary.
|
||||
'';
|
||||
|
|
|
@ -15,7 +15,7 @@ with lib;
|
|||
Whether to configure system to use gphoto2.
|
||||
To grant digital camera access to a user, the user must
|
||||
be part of the camera group:
|
||||
<code>users.users.alice.extraGroups = ["camera"];</code>
|
||||
<literal>users.users.alice.extraGroups = ["camera"];</literal>
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
|
|
@ -8,7 +8,7 @@ with lib;
|
|||
Note that it will open the TCP and UDP port from
|
||||
1714 to 1764 as they are needed for it to function properly.
|
||||
You can use the <option>package</option> to use
|
||||
<code>gnomeExtensions.gsconnect</code> as an alternative
|
||||
<literal>gnomeExtensions.gsconnect</literal> as an alternative
|
||||
implementation if you use Gnome.
|
||||
'';
|
||||
package = mkOption {
|
||||
|
|
|
@ -95,7 +95,7 @@ in
|
|||
default = "";
|
||||
description = ''
|
||||
Extra configuration text prepended to <filename>ssh_config</filename>. Other generated
|
||||
options will be added after a <code>Host *</code> pattern.
|
||||
options will be added after a <literal>Host *</literal> pattern.
|
||||
See <citerefentry><refentrytitle>ssh_config</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
for help.
|
||||
'';
|
||||
|
|
|
@ -22,7 +22,7 @@ in
|
|||
This will enable <option>hardware.opengl.enable</option> so that OpenGL
|
||||
programs can find Mesa's llvmpipe drivers.
|
||||
|
||||
Setting this option to <code>false</code> does not mean that software
|
||||
Setting this option to <literal>false</literal> does not mean that software
|
||||
OpenGL won't work; it may still work depending on your system
|
||||
configuration.
|
||||
|
||||
|
|
|
@ -505,7 +505,7 @@ let
|
|||
type = types.listOf types.str;
|
||||
inherit (defaultAndText "reloadServices" []) default defaultText;
|
||||
description = ''
|
||||
The list of systemd services to call <code>systemctl try-reload-or-restart</code>
|
||||
The list of systemd services to call <literal>systemctl try-reload-or-restart</literal>
|
||||
on.
|
||||
'';
|
||||
};
|
||||
|
|
|
@ -63,7 +63,7 @@ in
|
|||
type = with types; bool;
|
||||
default = true;
|
||||
description = ''
|
||||
Whether users of the <code>wheel</code> group must provide a password to
|
||||
Whether users of the <literal>wheel</literal> group must provide a password to
|
||||
run commands as super user via <command>doas</command>.
|
||||
'';
|
||||
};
|
||||
|
@ -74,7 +74,7 @@ in
|
|||
Define specific rules to be set in the
|
||||
<filename>/etc/doas.conf</filename> file. More specific rules should
|
||||
come after more general ones in order to yield the expected behavior.
|
||||
You can use <code>mkBefore</code> and/or <code>mkAfter</code> to ensure
|
||||
You can use <literal>mkBefore</literal> and/or <literal>mkAfter</literal> to ensure
|
||||
this is the case when configuration options are merged.
|
||||
'';
|
||||
example = literalExpression ''
|
||||
|
@ -114,7 +114,7 @@ in
|
|||
type = with types; bool;
|
||||
default = false;
|
||||
description = ''
|
||||
If <code>true</code>, the user is not required to enter a
|
||||
If <literal>true</literal>, the user is not required to enter a
|
||||
password.
|
||||
'';
|
||||
};
|
||||
|
@ -123,7 +123,7 @@ in
|
|||
type = with types; bool;
|
||||
default = false;
|
||||
description = ''
|
||||
If <code>true</code>, successful executions will not be logged
|
||||
If <literal>true</literal>, successful executions will not be logged
|
||||
to
|
||||
<citerefentry><refentrytitle>syslogd</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
|
||||
'';
|
||||
|
@ -133,7 +133,7 @@ in
|
|||
type = with types; bool;
|
||||
default = false;
|
||||
description = ''
|
||||
If <code>true</code>, do not ask for a password again for some
|
||||
If <literal>true</literal>, do not ask for a password again for some
|
||||
time after the user successfully authenticates.
|
||||
'';
|
||||
};
|
||||
|
@ -142,7 +142,7 @@ in
|
|||
type = with types; bool;
|
||||
default = false;
|
||||
description = ''
|
||||
If <code>true</code>, environment variables other than those
|
||||
If <literal>true</literal>, environment variables other than those
|
||||
listed in
|
||||
<citerefentry><refentrytitle>doas</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
||||
are kept when creating the environment for the new process.
|
||||
|
@ -155,15 +155,15 @@ in
|
|||
description = ''
|
||||
Keep or set the specified variables. Variables may also be
|
||||
removed with a leading '-' or set using
|
||||
<code>variable=value</code>. If the first character of
|
||||
<code>value</code> is a '$', the value to be set is taken from
|
||||
<literal>variable=value</literal>. If the first character of
|
||||
<literal>value</literal> is a '$', the value to be set is taken from
|
||||
the existing environment variable of the indicated name. This
|
||||
option is processed after the default environment has been
|
||||
created.
|
||||
|
||||
NOTE: All rules have <code>setenv { SSH_AUTH_SOCK }</code> by
|
||||
default. To prevent <code>SSH_AUTH_SOCK</code> from being
|
||||
inherited, add <code>"-SSH_AUTH_SOCK"</code> anywhere in this
|
||||
NOTE: All rules have <literal>setenv { SSH_AUTH_SOCK }</literal> by
|
||||
default. To prevent <literal>SSH_AUTH_SOCK</literal> from being
|
||||
inherited, add <literal>"-SSH_AUTH_SOCK"</literal> anywhere in this
|
||||
list.
|
||||
'';
|
||||
};
|
||||
|
@ -185,12 +185,12 @@ in
|
|||
default = null;
|
||||
description = ''
|
||||
Which user or group the specified command is allowed to run as.
|
||||
When set to <code>null</code> (the default), all users are
|
||||
When set to <literal>null</literal> (the default), all users are
|
||||
allowed.
|
||||
|
||||
A user can be specified using just the username:
|
||||
<code>"foo"</code>. It is also possible to only allow running as
|
||||
a specific group with <code>":bar"</code>.
|
||||
<literal>"foo"</literal>. It is also possible to only allow running as
|
||||
a specific group with <literal>":bar"</literal>.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -199,7 +199,7 @@ in
|
|||
default = null;
|
||||
description = ''
|
||||
The command the user is allowed to run. When set to
|
||||
<code>null</code> (the default), all commands are allowed.
|
||||
<literal>null</literal> (the default), all commands are allowed.
|
||||
|
||||
NOTE: It is best practice to specify absolute paths. If a
|
||||
relative path is specified, only a restricted PATH will be
|
||||
|
@ -212,7 +212,7 @@ in
|
|||
default = null;
|
||||
description = ''
|
||||
Arguments that must be provided to the command. When set to
|
||||
<code>[]</code>, the command must be run without any arguments.
|
||||
<literal>[]</literal>, the command must be run without any arguments.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
|
|
@ -56,7 +56,7 @@ in
|
|||
default = true;
|
||||
description =
|
||||
''
|
||||
Whether users of the <code>wheel</code> group must
|
||||
Whether users of the <literal>wheel</literal> group must
|
||||
provide a password to run commands as super user via <command>sudo</command>.
|
||||
'';
|
||||
};
|
||||
|
@ -65,9 +65,9 @@ in
|
|||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Only allow members of the <code>wheel</code> group to execute sudo by
|
||||
Only allow members of the <literal>wheel</literal> group to execute sudo by
|
||||
setting the executable's permissions accordingly.
|
||||
This prevents users that are not members of <code>wheel</code> from
|
||||
This prevents users that are not members of <literal>wheel</literal> from
|
||||
exploiting vulnerabilities in sudo such as CVE-2021-3156.
|
||||
'';
|
||||
};
|
||||
|
@ -142,9 +142,9 @@ in
|
|||
description = ''
|
||||
Under which user/group the specified command is allowed to run.
|
||||
|
||||
A user can be specified using just the username: <code>"foo"</code>.
|
||||
It is also possible to specify a user/group combination using <code>"foo:bar"</code>
|
||||
or to only allow running as a specific group with <code>":bar"</code>.
|
||||
A user can be specified using just the username: <literal>"foo"</literal>.
|
||||
It is also possible to specify a user/group combination using <literal>"foo:bar"</literal>
|
||||
or to only allow running as a specific group with <literal>":bar"</literal>.
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -159,7 +159,7 @@ in
|
|||
type = with types; str;
|
||||
description = ''
|
||||
A command being either just a path to a binary to allow any arguments,
|
||||
the full command with arguments pre-set or with <code>""</code> used as the argument,
|
||||
the full command with arguments pre-set or with <literal>""</literal> used as the argument,
|
||||
not allowing arguments to the command at all.
|
||||
'';
|
||||
};
|
||||
|
|
|
@ -48,8 +48,8 @@ in
|
|||
type = types.package;
|
||||
example = literalExpression "pkgs.firebird_3";
|
||||
description = ''
|
||||
Which Firebird package to be installed: <code>pkgs.firebird_3</code>
|
||||
For SuperServer use override: <code>pkgs.firebird_3.override { superServer = true; };</code>
|
||||
Which Firebird package to be installed: <literal>pkgs.firebird_3</literal>
|
||||
For SuperServer use override: <literal>pkgs.firebird_3.override { superServer = true; };</literal>
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
|
@ -211,7 +211,7 @@ in
|
|||
For more information on how to specify the target
|
||||
and on which privileges exist, see the
|
||||
<link xlink:href="https://mariadb.com/kb/en/library/grant/">GRANT syntax</link>.
|
||||
The attributes are used as <code>GRANT ''${attrName} ON ''${attrValue}</code>.
|
||||
The attributes are used as <literal>GRANT ''${attrName} ON ''${attrValue}</literal>.
|
||||
'';
|
||||
example = literalExpression ''
|
||||
{
|
||||
|
|
|
@ -159,7 +159,7 @@ in
|
|||
For more information on how to specify the target
|
||||
and on which privileges exist, see the
|
||||
<link xlink:href="https://www.postgresql.org/docs/current/sql-grant.html">GRANT syntax</link>.
|
||||
The attributes are used as <code>GRANT ''${attrValue} ON ''${attrName}</code>.
|
||||
The attributes are used as <literal>GRANT ''${attrValue} ON ''${attrName}</literal>.
|
||||
'';
|
||||
example = literalExpression ''
|
||||
{
|
||||
|
|
|
@ -39,10 +39,10 @@ with lib;
|
|||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
Path to the <code>remotes</code> control file. This file contains a
|
||||
Path to the <literal>remotes</literal> control file. This file contains a
|
||||
list of remote servers to which to send each message.
|
||||
|
||||
See <code>man 8 nullmailer-send</code> for syntax and available
|
||||
See <literal>man 8 nullmailer-send</literal> for syntax and available
|
||||
options.
|
||||
'';
|
||||
};
|
||||
|
@ -158,12 +158,12 @@ with lib;
|
|||
contains a remote host name or address followed by an optional
|
||||
protocol string, separated by white space.
|
||||
|
||||
See <code>man 8 nullmailer-send</code> for syntax and available
|
||||
See <literal>man 8 nullmailer-send</literal> for syntax and available
|
||||
options.
|
||||
|
||||
WARNING: This is stored world-readable in the nix store. If you need
|
||||
to specify any secret credentials here, consider using the
|
||||
<code>remotesFile</code> option instead.
|
||||
<literal>remotesFile</literal> option instead.
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
|
@ -26,7 +26,7 @@ let
|
|||
description = ''
|
||||
Listening port.
|
||||
Beware that public-inbox uses well-known ports number to decide whether to enable TLS or not.
|
||||
Set to null and use <code>systemd.sockets.public-inbox-${proto}d.listenStreams</code>
|
||||
Set to null and use <literal>systemd.sockets.public-inbox-${proto}d.listenStreams</literal>
|
||||
if you need a more advanced listening.
|
||||
'';
|
||||
};
|
||||
|
@ -242,8 +242,8 @@ in
|
|||
description = ''
|
||||
Listening port or systemd's ListenStream= entry
|
||||
to be used as a reverse proxy, eg. in nginx:
|
||||
<code>locations."/inbox".proxyPass = "http://unix:''${config.services.public-inbox.http.port}:/inbox";</code>
|
||||
Set to null and use <code>systemd.sockets.public-inbox-httpd.listenStreams</code>
|
||||
<literal>locations."/inbox".proxyPass = "http://unix:''${config.services.public-inbox.http.port}:/inbox";</literal>
|
||||
Set to null and use <literal>systemd.sockets.public-inbox-httpd.listenStreams</literal>
|
||||
if you need a more advanced listening.
|
||||
'';
|
||||
};
|
||||
|
|
|
@ -29,7 +29,7 @@ let
|
|||
type = types.attrsOf types.str;
|
||||
description = ''
|
||||
Output name to EDID mapping.
|
||||
Use <code>autorandr --fingerprint</code> to get current setup values.
|
||||
Use <literal>autorandr --fingerprint</literal> to get current setup values.
|
||||
'';
|
||||
default = { };
|
||||
};
|
||||
|
|
|
@ -180,7 +180,7 @@ in
|
|||
network-key = mkOption {
|
||||
description = ''
|
||||
An absolute file path (which should be outside the Nix-store)
|
||||
to a secret key to encrypt internal messages with. Use <code>srht-keygen network</code> to
|
||||
to a secret key to encrypt internal messages with. Use <literal>srht-keygen network</literal> to
|
||||
generate this key. It must be consistent between all services and nodes.
|
||||
'';
|
||||
type = types.path;
|
||||
|
@ -209,7 +209,7 @@ in
|
|||
service-key = mkOption {
|
||||
description = ''
|
||||
An absolute file path (which should be outside the Nix-store)
|
||||
to a key used for encrypting session cookies. Use <code>srht-keygen service</code> to
|
||||
to a key used for encrypting session cookies. Use <literal>srht-keygen service</literal> to
|
||||
generate the service key. This must be shared between each node of the same
|
||||
service (e.g. git1.sr.ht and git2.sr.ht), but different services may use
|
||||
different keys. If you configure all of your services with the same
|
||||
|
@ -252,8 +252,8 @@ in
|
|||
|
||||
Your PGP key information (DO NOT mix up pub and priv here)
|
||||
You must remove the password from your secret key, if present.
|
||||
You can do this with <code>gpg --edit-key [key-id]</code>,
|
||||
then use the <code>passwd</code> command and do not enter a new password.
|
||||
You can do this with <literal>gpg --edit-key [key-id]</literal>,
|
||||
then use the <literal>passwd</literal> command and do not enter a new password.
|
||||
'';
|
||||
};
|
||||
pgp-pubkey = mkOption {
|
||||
|
@ -294,7 +294,7 @@ in
|
|||
This should be consistent for all *.sr.ht sites,
|
||||
as this key will be used to verify signatures
|
||||
from other sites in your network.
|
||||
Use the <code>srht-keygen webhook</code> command to generate a key.
|
||||
Use the <literal>srht-keygen webhook</literal> command to generate a key.
|
||||
'';
|
||||
type = types.path;
|
||||
apply = s: "<" + toString s;
|
||||
|
|
|
@ -24,7 +24,7 @@ in
|
|||
description = ''
|
||||
Whether the config should be checked at build time.
|
||||
When the config can't be checked during build time, for example when it includes
|
||||
other files, either disable this option or use <code>preCheckConfig</code> to create
|
||||
other files, either disable this option or use <literal>preCheckConfig</literal> to create
|
||||
the included files before checking.
|
||||
'';
|
||||
};
|
||||
|
@ -36,7 +36,7 @@ in
|
|||
'';
|
||||
description = ''
|
||||
Commands to execute before the config file check. The file to be checked will be
|
||||
available as <code>bird2.conf</code> in the current directory.
|
||||
available as <literal>bird2.conf</literal> in the current directory.
|
||||
|
||||
Files created with this option will not be available at service runtime, only during
|
||||
build time checking.
|
||||
|
|
|
@ -40,9 +40,9 @@ let
|
|||
description = ''
|
||||
Path to keystore (combined PEM with cert/key, or PKCS12 keystore).
|
||||
|
||||
NB: storepass is not supported because it would expose credentials via <code>/proc/*/cmdline</code>.
|
||||
NB: storepass is not supported because it would expose credentials via <literal>/proc/*/cmdline</literal>.
|
||||
|
||||
Specify this or <code>cert</code> and <code>key</code>.
|
||||
Specify this or <literal>cert</literal> and <literal>key</literal>.
|
||||
'';
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
|
@ -52,7 +52,7 @@ let
|
|||
description = ''
|
||||
Path to certificate (PEM with certificate chain).
|
||||
|
||||
Not required if <code>keystore</code> is set.
|
||||
Not required if <literal>keystore</literal> is set.
|
||||
'';
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
|
@ -62,7 +62,7 @@ let
|
|||
description = ''
|
||||
Path to certificate private key (PEM with private key).
|
||||
|
||||
Not required if <code>keystore</code> is set.
|
||||
Not required if <literal>keystore</literal> is set.
|
||||
'';
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
|
@ -70,7 +70,7 @@ let
|
|||
|
||||
cacert = mkOption {
|
||||
description = ''
|
||||
Path to CA bundle file (PEM/X509). Uses system trust store if <code>null</code>.
|
||||
Path to CA bundle file (PEM/X509). Uses system trust store if <literal>null</literal>.
|
||||
'';
|
||||
type = types.nullOr types.str;
|
||||
};
|
||||
|
@ -124,7 +124,7 @@ let
|
|||
};
|
||||
|
||||
extraArguments = mkOption {
|
||||
description = "Extra arguments to pass to <code>ghostunnel server</code>";
|
||||
description = "Extra arguments to pass to <literal>ghostunnel server</literal>";
|
||||
type = types.separatedString " ";
|
||||
default = "";
|
||||
};
|
||||
|
|
|
@ -169,7 +169,7 @@ in
|
|||
example = "$6$GtzE7FrpE$wwuVgFYU.TZH4Rz.Snjxk9XGua89IeVwPQ/fEUD8eujr40q5Y021yhn0aNcsQ2Ifw.BLclyzvzgegopgKcneL0";
|
||||
description = ''
|
||||
SHA-512 password hash (can be generated by
|
||||
<code>mkpasswd -m sha-512 <password></code>)
|
||||
<literal>mkpasswd -m sha-512 <password></literal>)
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
|
@ -393,7 +393,7 @@ let
|
|||
type = types.listOf types.str;
|
||||
default = [];
|
||||
description = ''
|
||||
Format: <code>[AXFR|UDP] <ip-address> <key-name | NOKEY></code>
|
||||
Format: <literal>[AXFR|UDP] <ip-address> <key-name | NOKEY></literal>
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
|
@ -40,8 +40,8 @@ let
|
|||
passwordFile = mkOption {
|
||||
description = ''
|
||||
File containing the password to authenticate with. This
|
||||
is passed to <code>openconnect</code> via the
|
||||
<code>--passwd-on-stdin</code> option.
|
||||
is passed to <literal>openconnect</literal> via the
|
||||
<literal>--passwd-on-stdin</literal> option.
|
||||
'';
|
||||
default = null;
|
||||
example = "/var/lib/secrets/openconnect-passwd";
|
||||
|
@ -66,10 +66,10 @@ let
|
|||
description = ''
|
||||
Extra config to be appended to the interface config. It should
|
||||
contain long-format options as would be accepted on the command
|
||||
line by <code>openconnect</code>
|
||||
line by <literal>openconnect</literal>
|
||||
(see https://www.infradead.org/openconnect/manual.html).
|
||||
Non-key-value options like <code>deflate</code> can be used by
|
||||
declaring them as booleans, i. e. <code>deflate = true;</code>.
|
||||
Non-key-value options like <literal>deflate</literal> can be used by
|
||||
declaring them as booleans, i. e. <literal>deflate = true;</literal>.
|
||||
'';
|
||||
default = { };
|
||||
example = {
|
||||
|
|
|
@ -44,8 +44,8 @@ in {
|
|||
are supplied, they will be combined, with values from
|
||||
<option>configFile</option> taking precedence.
|
||||
|
||||
You can use the command <code>nix-shell -p yggdrasil --run
|
||||
"yggdrasil -genconf"</code> to generate default
|
||||
You can use the command <literal>nix-shell -p yggdrasil --run
|
||||
"yggdrasil -genconf"</literal> to generate default
|
||||
configuration values with documentation.
|
||||
'';
|
||||
};
|
||||
|
@ -64,7 +64,7 @@ in {
|
|||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = "wheel";
|
||||
description = "Group to grant access to the Yggdrasil control socket. If <code>null</code>, only root can access the socket.";
|
||||
description = "Group to grant access to the Yggdrasil control socket. If <literal>null</literal>, only root can access the socket.";
|
||||
};
|
||||
|
||||
openMulticastPort = mkOption {
|
||||
|
@ -74,7 +74,7 @@ in {
|
|||
Whether to open the UDP port used for multicast peer
|
||||
discovery. The NixOS firewall blocks link-local
|
||||
communication, so in order to make local peering work you
|
||||
will also need to set <code>LinkLocalTCPPort</code> in your
|
||||
will also need to set <literal>LinkLocalTCPPort</literal> in your
|
||||
yggdrasil configuration (<option>config</option> or
|
||||
<option>configFile</option>) to a port number other than 0,
|
||||
and then add that port to
|
||||
|
|
|
@ -175,7 +175,7 @@ in
|
|||
default = null;
|
||||
example = "770";
|
||||
description = ''
|
||||
If not <code>null</code>, is used as the permissions
|
||||
If not <literal>null</literal>, is used as the permissions
|
||||
set by <literal>systemd.activationScripts.transmission-daemon</literal>
|
||||
on the directories <xref linkend="opt-services.transmission.settings.download-dir"/>,
|
||||
<xref linkend="opt-services.transmission.settings.incomplete-dir"/>.
|
||||
|
@ -214,7 +214,7 @@ in
|
|||
description = ''
|
||||
Path to a JSON file to be merged with the settings.
|
||||
Useful to merge a file which is better kept out of the Nix store
|
||||
to set secret config parameters like <code>rpc-password</code>.
|
||||
to set secret config parameters like <literal>rpc-password</literal>.
|
||||
'';
|
||||
default = "/dev/null";
|
||||
example = "/var/lib/secrets/transmission/settings.json";
|
||||
|
@ -237,7 +237,7 @@ in
|
|||
to open many more connections at the same time.
|
||||
|
||||
Note that you may also want to increase
|
||||
<code>peer-limit-global"</code>.
|
||||
<literal>peer-limit-global"</literal>.
|
||||
And be aware that these settings are quite aggressive
|
||||
and might not suite your regular desktop use.
|
||||
For instance, SSH sessions may time out more easily'';
|
||||
|
|
|
@ -52,7 +52,7 @@ in {
|
|||
description = ''
|
||||
A file containing the Laravel APP_KEY - a 32 character long,
|
||||
base64 encoded key used for encryption where needed. Can be
|
||||
generated with <code>head -c 32 /dev/urandom | base64</code>.
|
||||
generated with <literal>head -c 32 /dev/urandom | base64</literal>.
|
||||
'';
|
||||
example = "/run/keys/bookstack-appkey";
|
||||
type = types.path;
|
||||
|
@ -74,7 +74,7 @@ in {
|
|||
appURL = mkOption {
|
||||
description = ''
|
||||
The root URL that you want to host BookStack on. All URLs in BookStack will be generated using this value.
|
||||
If you change this in the future you may need to run a command to update stored URLs in the database. Command example: <code>php artisan bookstack:update-url https://old.example.com https://new.example.com</code>
|
||||
If you change this in the future you may need to run a command to update stored URLs in the database. Command example: <literal>php artisan bookstack:update-url https://old.example.com https://new.example.com</literal>
|
||||
'';
|
||||
default = "http${lib.optionalString tlsEnabled "s"}://${cfg.hostname}";
|
||||
defaultText = ''http''${lib.optionalString tlsEnabled "s"}://''${cfg.hostname}'';
|
||||
|
|
|
@ -113,17 +113,17 @@ in {
|
|||
affect other virtualHosts running on your nginx instance, if any.
|
||||
Alternatively you can configure a reverse-proxy of your choice to serve these paths:
|
||||
|
||||
<code>/ -> $(nix-instantiate --eval '<nixpkgs>' -A mastodon.outPath)/public</code>
|
||||
<literal>/ -> $(nix-instantiate --eval '<nixpkgs>' -A mastodon.outPath)/public</literal>
|
||||
|
||||
<code>/ -> 127.0.0.1:{{ webPort }} </code>(If there was no file in the directory above.)
|
||||
<literal>/ -> 127.0.0.1:{{ webPort }} </literal>(If there was no file in the directory above.)
|
||||
|
||||
<code>/system/ -> /var/lib/mastodon/public-system/</code>
|
||||
<literal>/system/ -> /var/lib/mastodon/public-system/</literal>
|
||||
|
||||
<code>/api/v1/streaming/ -> 127.0.0.1:{{ streamingPort }}</code>
|
||||
<literal>/api/v1/streaming/ -> 127.0.0.1:{{ streamingPort }}</literal>
|
||||
|
||||
Make sure that websockets are forwarded properly. You might want to set up caching
|
||||
of some requests. Take a look at mastodon's provided nginx configuration at
|
||||
<code>https://github.com/mastodon/mastodon/blob/master/dist/nginx.conf</code>.
|
||||
<literal>https://github.com/mastodon/mastodon/blob/master/dist/nginx.conf</literal>.
|
||||
'';
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
|
@ -135,13 +135,13 @@ in {
|
|||
that user will be created, otherwise it should be set to the
|
||||
name of a user created elsewhere. In both cases,
|
||||
<package>mastodon</package> and a package containing only
|
||||
the shell script <code>mastodon-env</code> will be added to
|
||||
the shell script <literal>mastodon-env</literal> will be added to
|
||||
the user's package set. To run a command from
|
||||
<package>mastodon</package> such as <code>tootctl</code>
|
||||
<package>mastodon</package> such as <literal>tootctl</literal>
|
||||
with the environment configured by this module use
|
||||
<code>mastodon-env</code>, as in:
|
||||
<literal>mastodon-env</literal>, as in:
|
||||
|
||||
<code>mastodon-env tootctl accounts create newuser --email newuser@example.com</code>
|
||||
<literal>mastodon-env tootctl accounts create newuser --email newuser@example.com</literal>
|
||||
'';
|
||||
type = lib.types.str;
|
||||
default = "mastodon";
|
||||
|
@ -202,7 +202,7 @@ in {
|
|||
Voluntary Application Server Identification. A new keypair can
|
||||
be generated by running:
|
||||
|
||||
<code>nix build -f '<nixpkgs>' mastodon; cd result; bin/rake webpush:generate_keys</code>
|
||||
<literal>nix build -f '<nixpkgs>' mastodon; cd result; bin/rake webpush:generate_keys</literal>
|
||||
|
||||
If <option>mastodon.vapidPrivateKeyFile</option>does not
|
||||
exist, it and this file will be created with a new keypair.
|
||||
|
@ -222,7 +222,7 @@ in {
|
|||
Path to file containing the secret key base.
|
||||
A new secret key base can be generated by running:
|
||||
|
||||
<code>nix build -f '<nixpkgs>' mastodon; cd result; bin/rake secret</code>
|
||||
<literal>nix build -f '<nixpkgs>' mastodon; cd result; bin/rake secret</literal>
|
||||
|
||||
If this file does not exist, it will be created with a new secret key base.
|
||||
'';
|
||||
|
@ -235,7 +235,7 @@ in {
|
|||
Path to file containing the OTP secret.
|
||||
A new OTP secret can be generated by running:
|
||||
|
||||
<code>nix build -f '<nixpkgs>' mastodon; cd result; bin/rake secret</code>
|
||||
<literal>nix build -f '<nixpkgs>' mastodon; cd result; bin/rake secret</literal>
|
||||
|
||||
If this file does not exist, it will be created with a new OTP secret.
|
||||
'';
|
||||
|
@ -249,7 +249,7 @@ in {
|
|||
Voluntary Application Server Identification. A new keypair can
|
||||
be generated by running:
|
||||
|
||||
<code>nix build -f '<nixpkgs>' mastodon; cd result; bin/rake webpush:generate_keys</code>
|
||||
<literal>nix build -f '<nixpkgs>' mastodon; cd result; bin/rake webpush:generate_keys</literal>
|
||||
|
||||
If this file does not exist, it will be created with a new
|
||||
private key.
|
||||
|
|
|
@ -586,8 +586,8 @@ in {
|
|||
type = types.ints.positive;
|
||||
default = 15552000;
|
||||
description = ''
|
||||
Value for the <code>max-age</code> directive of the HTTP
|
||||
<code>Strict-Transport-Security</code> header.
|
||||
Value for the <literal>max-age</literal> directive of the HTTP
|
||||
<literal>Strict-Transport-Security</literal> header.
|
||||
|
||||
See section 6.1.1 of IETF RFC 6797 for detailed information on this
|
||||
directive and header.
|
||||
|
|
|
@ -46,7 +46,7 @@ in {
|
|||
description = ''
|
||||
A file containing the Laravel APP_KEY - a 32 character long,
|
||||
base64 encoded key used for encryption where needed. Can be
|
||||
generated with <code>head -c 32 /dev/urandom | base64</code>.
|
||||
generated with <literal>head -c 32 /dev/urandom | base64</literal>.
|
||||
'';
|
||||
example = "/run/keys/snipe-it/appkey";
|
||||
type = types.path;
|
||||
|
@ -69,7 +69,7 @@ in {
|
|||
description = ''
|
||||
The root URL that you want to host Snipe-IT on. All URLs in Snipe-IT will be generated using this value.
|
||||
If you change this in the future you may need to run a command to update stored URLs in the database.
|
||||
Command example: <code>snipe-it snipe-it:update-url https://old.example.com https://new.example.com</code>
|
||||
Command example: <literal>snipe-it snipe-it:update-url https://old.example.com https://new.example.com</literal>
|
||||
'';
|
||||
default = "http${lib.optionalString tlsEnabled "s"}://${cfg.hostName}";
|
||||
defaultText = ''
|
||||
|
|
|
@ -74,7 +74,7 @@ in
|
|||
|
||||
Podman implements the Docker API.
|
||||
|
||||
Users must be in the <code>podman</code> group in order to connect. As
|
||||
Users must be in the <literal>podman</literal> group in order to connect. As
|
||||
with Docker, members of this group can gain root access.
|
||||
'';
|
||||
};
|
||||
|
|
|
@ -22,7 +22,7 @@ in
|
|||
with TLS client certificate authentication.
|
||||
|
||||
This allows Docker clients to connect with the equivalents of the Docker
|
||||
CLI <code>-H</code> and <code>--tls*</code> family of options.
|
||||
CLI <literal>-H</literal> and <literal>--tls*</literal> family of options.
|
||||
|
||||
For certificate setup, see https://docs.docker.com/engine/security/protect-access/
|
||||
|
||||
|
|
Loading…
Reference in a new issue