nixos/*: md-convert options with unordered lists
mostly no rendering changes. some lists (like simplelist) don't have an exact translation to markdown, so we use a comma-separated list of literals instead.
This commit is contained in:
parent
1013069f52
commit
c915b915b5
19 changed files with 197 additions and 370 deletions
|
@ -77,24 +77,21 @@ in
|
|||
environment.memoryAllocator.provider = mkOption {
|
||||
type = types.enum ([ "libc" ] ++ attrNames providers);
|
||||
default = "libc";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
The system-wide memory allocator.
|
||||
|
||||
Briefly, the system-wide memory allocator providers are:
|
||||
<itemizedlist>
|
||||
<listitem><para><literal>libc</literal>: the standard allocator provided by libc</para></listitem>
|
||||
${toString (mapAttrsToList
|
||||
(name: value: "<listitem><para><literal>${name}</literal>: ${value.description}</para></listitem>")
|
||||
providers)}
|
||||
</itemizedlist>
|
||||
|
||||
<warning>
|
||||
<para>
|
||||
- `libc`: the standard allocator provided by libc
|
||||
${concatStringsSep "\n" (mapAttrsToList
|
||||
(name: value: "- `${name}`: ${replaceStrings [ "\n" ] [ " " ] value.description}")
|
||||
providers)}
|
||||
|
||||
::: {.warning}
|
||||
Selecting an alternative allocator (i.e., anything other than
|
||||
<literal>libc</literal>) may result in instability, data loss,
|
||||
`libc`) may result in instability, data loss,
|
||||
and/or service failure.
|
||||
</para>
|
||||
</warning>
|
||||
:::
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
|
|
@ -61,30 +61,20 @@ in
|
|||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = "status";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
The name of the column or an SQL expression that indicates the status of
|
||||
the user. The status is expressed by the combination of two bitfields
|
||||
shown below:
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>bit 0 (0x01)</literal>:
|
||||
if flagged, <literal>pam_mysql</literal> deems the account to be expired and
|
||||
returns <literal>PAM_ACCT_EXPIRED</literal>. That is, the account is supposed
|
||||
to no longer be available. Note this doesn't mean that <literal>pam_mysql</literal>
|
||||
rejects further authentication operations.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>bit 1 (0x02)</literal>:
|
||||
if flagged, <literal>pam_mysql</literal> deems the authentication token
|
||||
(password) to be expired and returns <literal>PAM_NEW_AUTHTOK_REQD</literal>.
|
||||
This ends up requiring that the user enter a new password.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
- `bit 0 (0x01)`:
|
||||
if flagged, `pam_mysql` deems the account to be expired and
|
||||
returns `PAM_ACCT_EXPIRED`. That is, the account is supposed
|
||||
to no longer be available. Note this doesn't mean that `pam_mysql`
|
||||
rejects further authentication operations.
|
||||
- `bit 1 (0x02)`:
|
||||
if flagged, `pam_mysql` deems the authentication token
|
||||
(password) to be expired and returns `PAM_NEW_AUTHTOK_REQD`.
|
||||
This ends up requiring that the user enter a new password.
|
||||
'';
|
||||
};
|
||||
passwordCrypt = mkOption {
|
||||
|
@ -101,74 +91,32 @@ in
|
|||
"8" "sha512"
|
||||
"9" "sha256"
|
||||
];
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
The method to encrypt the user's password:
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>0</literal> (or <literal>"plain"</literal>):
|
||||
No encryption. Passwords are stored in plaintext. HIGHLY DISCOURAGED.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>1</literal> (or <literal>"Y"</literal>):
|
||||
Use crypt(3) function.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>2</literal> (or <literal>"mysql"</literal>):
|
||||
Use the MySQL PASSWORD() function. It is possible that the encryption function used
|
||||
by <literal>pam_mysql</literal> is different from that of the MySQL server, as
|
||||
<literal>pam_mysql</literal> uses the function defined in MySQL's C-client API
|
||||
instead of using PASSWORD() SQL function in the query.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>3</literal> (or <literal>"md5"</literal>):
|
||||
Use plain hex MD5.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>4</literal> (or <literal>"sha1"</literal>):
|
||||
Use plain hex SHA1.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>5</literal> (or <literal>"drupal7"</literal>):
|
||||
Use Drupal7 salted passwords.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>6</literal> (or <literal>"joomla15"</literal>):
|
||||
Use Joomla15 salted passwords.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>7</literal> (or <literal>"ssha"</literal>):
|
||||
Use ssha hashed passwords.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>8</literal> (or <literal>"sha512"</literal>):
|
||||
Use sha512 hashed passwords.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>9</literal> (or <literal>"sha256"</literal>):
|
||||
Use sha256 hashed passwords.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
- `0` (or `"plain"`):
|
||||
No encryption. Passwords are stored in plaintext. HIGHLY DISCOURAGED.
|
||||
- `1` (or `"Y"`):
|
||||
Use crypt(3) function.
|
||||
- `2` (or `"mysql"`):
|
||||
Use the MySQL PASSWORD() function. It is possible that the encryption function used
|
||||
by `pam_mysql` is different from that of the MySQL server, as
|
||||
`pam_mysql` uses the function defined in MySQL's C-client API
|
||||
instead of using PASSWORD() SQL function in the query.
|
||||
- `3` (or `"md5"`):
|
||||
Use plain hex MD5.
|
||||
- `4` (or `"sha1"`):
|
||||
Use plain hex SHA1.
|
||||
- `5` (or `"drupal7"`):
|
||||
Use Drupal7 salted passwords.
|
||||
- `6` (or `"joomla15"`):
|
||||
Use Joomla15 salted passwords.
|
||||
- `7` (or `"ssha"`):
|
||||
Use ssha hashed passwords.
|
||||
- `8` (or `"sha512"`):
|
||||
Use sha512 hashed passwords.
|
||||
- `9` (or `"sha256"`):
|
||||
Use sha256 hashed passwords.
|
||||
'';
|
||||
};
|
||||
cryptDefault = mkOption {
|
||||
|
|
|
@ -32,22 +32,20 @@ in
|
|||
type = types.nullOr (types.enum [ "ibus" "fcitx" "fcitx5" "nabi" "uim" "hime" "kime" ]);
|
||||
default = null;
|
||||
example = "fcitx";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Select the enabled input method. Input methods is a software to input symbols that are not available on standard input devices.
|
||||
|
||||
Input methods are specially used to input Chinese, Japanese and Korean characters.
|
||||
|
||||
Currently the following input methods are available in NixOS:
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>ibus: The intelligent input bus, extra input engines can be added using <literal>i18n.inputMethod.ibus.engines</literal>.</para></listitem>
|
||||
<listitem><para>fcitx: A customizable lightweight input method, extra input engines can be added using <literal>i18n.inputMethod.fcitx.engines</literal>.</para></listitem>
|
||||
<listitem><para>fcitx5: The next generation of fcitx, addons (including engines, dictionaries, skins) can be added using <literal>i18n.inputMethod.fcitx5.addons</literal>.</para></listitem>
|
||||
<listitem><para>nabi: A Korean input method based on XIM. Nabi doesn't support Qt 5.</para></listitem>
|
||||
<listitem><para>uim: The universal input method, is a library with a XIM bridge. uim mainly support Chinese, Japanese and Korean.</para></listitem>
|
||||
<listitem><para>hime: An extremely easy-to-use input method framework.</para></listitem>
|
||||
<listitem><para>kime: Koream IME.</para></listitem>
|
||||
</itemizedlist>
|
||||
- ibus: The intelligent input bus, extra input engines can be added using `i18n.inputMethod.ibus.engines`.
|
||||
- fcitx: A customizable lightweight input method, extra input engines can be added using `i18n.inputMethod.fcitx.engines`.
|
||||
- fcitx5: The next generation of fcitx, addons (including engines, dictionaries, skins) can be added using `i18n.inputMethod.fcitx5.addons`.
|
||||
- nabi: A Korean input method based on XIM. Nabi doesn't support Qt 5.
|
||||
- uim: The universal input method, is a library with a XIM bridge. uim mainly support Chinese, Japanese and Korean.
|
||||
- hime: An extremely easy-to-use input method framework.
|
||||
- kime: Koream IME.
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
|
@ -226,15 +226,14 @@ in
|
|||
nixos.enable = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Whether to install NixOS's own documentation.
|
||||
<itemizedlist>
|
||||
<listitem><para>This includes man pages like
|
||||
<citerefentry><refentrytitle>configuration.nix</refentrytitle><manvolnum>5</manvolnum></citerefentry> if <option>documentation.man.enable</option> is
|
||||
set.</para></listitem>
|
||||
<listitem><para>This includes the HTML manual and the <command>nixos-help</command> command if
|
||||
<option>documentation.doc.enable</option> is set.</para></listitem>
|
||||
</itemizedlist>
|
||||
|
||||
- This includes man pages like
|
||||
{manpage}`configuration.nix(5)` if {option}`documentation.man.enable` is
|
||||
set.
|
||||
- This includes the HTML manual and the {command}`nixos-help` command if
|
||||
{option}`documentation.doc.enable` is set.
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
|
@ -576,13 +576,12 @@ let
|
|||
ocspMustStaple = mkOption {
|
||||
type = types.bool;
|
||||
inherit (defaultAndText "ocspMustStaple" false) default defaultText;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Turns on the OCSP Must-Staple TLS extension.
|
||||
Make sure you know what you're doing! See:
|
||||
<itemizedlist>
|
||||
<listitem><para><link xlink:href="https://blog.apnic.net/2019/01/15/is-the-web-ready-for-ocsp-must-staple/"/></para></listitem>
|
||||
<listitem><para><link xlink:href="https://blog.hboeck.de/archives/886-The-Problem-with-OCSP-Stapling-and-Must-Staple-and-why-Certificate-Revocation-is-still-broken.html"/></para></listitem>
|
||||
</itemizedlist>
|
||||
|
||||
- <https://blog.apnic.net/2019/01/15/is-the-web-ready-for-ocsp-must-staple/>
|
||||
- <https://blog.hboeck.de/archives/886-The-Problem-with-OCSP-Stapling-and-Must-Staple-and-why-Certificate-Revocation-is-still-broken.html>
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
|
@ -76,21 +76,11 @@ in {
|
|||
|
||||
tctiEnvironment = {
|
||||
enable = lib.mkOption {
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Set common TCTI environment variables to the specified value.
|
||||
The variables are
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>TPM2TOOLS_TCTI</literal>
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>TPM2_PKCS11_TCTI</literal>
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
- `TPM2TOOLS_TCTI`
|
||||
- `TPM2_PKCS11_TCTI`
|
||||
'';
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
|
|
|
@ -13,15 +13,13 @@ in with lib; {
|
|||
defaultText = literalExpression "pkgs.meshcentral";
|
||||
};
|
||||
settings = mkOption {
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Settings for MeshCentral. Refer to upstream documentation for details:
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para><link xlink:href="https://github.com/Ylianst/MeshCentral/blob/master/meshcentral-config-schema.json">JSON Schema definition</link></para></listitem>
|
||||
<listitem><para><link xlink:href="https://github.com/Ylianst/MeshCentral/blob/master/sample-config.json">simple sample configuration</link></para></listitem>
|
||||
<listitem><para><link xlink:href="https://github.com/Ylianst/MeshCentral/blob/master/sample-config-advanced.json">complex sample configuration</link></para></listitem>
|
||||
<listitem><para><link xlink:href="https://www.meshcommander.com/meshcentral2">Old homepage) with documentation link</link></para></listitem>
|
||||
</itemizedlist>
|
||||
- [JSON Schema definition](https://github.com/Ylianst/MeshCentral/blob/master/meshcentral-config-schema.json)
|
||||
- [simple sample configuration](https://github.com/Ylianst/MeshCentral/blob/master/sample-config.json)
|
||||
- [complex sample configuration](https://github.com/Ylianst/MeshCentral/blob/master/sample-config-advanced.json)
|
||||
- [Old homepage with documentation link](https://www.meshcommander.com/meshcentral2)
|
||||
'';
|
||||
type = types.submodule {
|
||||
freeformType = configFormat.type;
|
||||
|
|
|
@ -39,7 +39,7 @@ in
|
|||
enableWattsUpPro = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Enable the Watts Up Pro device.
|
||||
|
||||
The Watts Up Pro contains a generic FTDI USB device without a specific
|
||||
|
@ -49,10 +49,8 @@ in
|
|||
|
||||
The generic FTDI device is known to also be used on:
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>Sparkfun FT232 breakout board</para></listitem>
|
||||
<listitem><para>Parallax Propeller</para></listitem>
|
||||
</itemizedlist>
|
||||
- Sparkfun FT232 breakout board
|
||||
- Parallax Propeller
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
|
@ -62,18 +62,16 @@ in {
|
|||
mode = mkOption {
|
||||
default = "default";
|
||||
type = types.enum [ "default" "reusable" "clustered" ];
|
||||
description = ''
|
||||
Rendering mode of <literal>grafana-image-renderer</literal>:
|
||||
<itemizedlist>
|
||||
<listitem><para><literal>default:</literal> Creates on browser-instance
|
||||
per rendering request.</para></listitem>
|
||||
<listitem><para><literal>reusable:</literal> One browser instance
|
||||
will be started and reused for each rendering request.</para></listitem>
|
||||
<listitem><para><literal>clustered:</literal> allows to precisely
|
||||
description = lib.mdDoc ''
|
||||
Rendering mode of `grafana-image-renderer`:
|
||||
|
||||
- `default:` Creates on browser-instance
|
||||
per rendering request.
|
||||
- `reusable:` One browser instance
|
||||
will be started and reused for each rendering request.
|
||||
- `clustered:` allows to precisely
|
||||
configure how many browser-instances are supposed to be used. The values
|
||||
for that mode can be declared in <literal>rendering.clustering</literal>.
|
||||
</para></listitem>
|
||||
</itemizedlist>
|
||||
for that mode can be declared in `rendering.clustering`.
|
||||
'';
|
||||
};
|
||||
args = mkOption {
|
||||
|
|
|
@ -55,35 +55,17 @@ in {
|
|||
"udppm"
|
||||
];
|
||||
example = "proxy";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Service type. The following values are valid:
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>
|
||||
<literal>"proxy"</literal>: HTTP/HTTPS proxy (default port 3128).
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
<literal>"socks"</literal>: SOCKS 4/4.5/5 proxy (default port 1080).
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
<literal>"pop3p"</literal>: POP3 proxy (default port 110).
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
<literal>"ftppr"</literal>: FTP proxy (default port 21).
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
<literal>"admin"</literal>: Web interface (default port 80).
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
<literal>"dnspr"</literal>: Caching DNS proxy (default port 53).
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
<literal>"tcppm"</literal>: TCP portmapper.
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
<literal>"udppm"</literal>: UDP portmapper.
|
||||
</para></listitem>
|
||||
</itemizedlist>
|
||||
- `"proxy"`: HTTP/HTTPS proxy (default port 3128).
|
||||
- `"socks"`: SOCKS 4/4.5/5 proxy (default port 1080).
|
||||
- `"pop3p"`: POP3 proxy (default port 110).
|
||||
- `"ftppr"`: FTP proxy (default port 21).
|
||||
- `"admin"`: Web interface (default port 80).
|
||||
- `"dnspr"`: Caching DNS proxy (default port 53).
|
||||
- `"tcppm"`: TCP portmapper.
|
||||
- `"udppm"`: UDP portmapper.
|
||||
'';
|
||||
};
|
||||
bindAddress = mkOption {
|
||||
|
@ -113,24 +95,16 @@ in {
|
|||
auth = mkOption {
|
||||
type = types.listOf (types.enum [ "none" "iponly" "strong" ]);
|
||||
example = [ "iponly" "strong" ];
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Authentication type. The following values are valid:
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>
|
||||
<literal>"none"</literal>: disables both authentication and authorization. You can not use ACLs.
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
<literal>"iponly"</literal>: specifies no authentication. ACLs authorization is used.
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
<literal>"strong"</literal>: authentication by username/password. If user is not registered their access is denied regardless of ACLs.
|
||||
</para></listitem>
|
||||
</itemizedlist>
|
||||
- `"none"`: disables both authentication and authorization. You can not use ACLs.
|
||||
- `"iponly"`: specifies no authentication. ACLs authorization is used.
|
||||
- `"strong"`: authentication by username/password. If user is not registered their access is denied regardless of ACLs.
|
||||
|
||||
Double authentication is possible, e.g.
|
||||
|
||||
<programlisting>
|
||||
```
|
||||
{
|
||||
auth = [ "iponly" "strong" ];
|
||||
acl = [
|
||||
|
@ -144,7 +118,7 @@ in {
|
|||
}
|
||||
];
|
||||
}
|
||||
</programlisting>
|
||||
```
|
||||
In this example strong username authentication is not required to access 192.168.0.0/16.
|
||||
'';
|
||||
};
|
||||
|
@ -154,17 +128,11 @@ in {
|
|||
rule = mkOption {
|
||||
type = types.enum [ "allow" "deny" ];
|
||||
example = "allow";
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
ACL rule. The following values are valid:
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>
|
||||
<literal>"allow"</literal>: connections allowed.
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
<literal>"deny"</literal>: connections not allowed.
|
||||
</para></listitem>
|
||||
</itemizedlist>
|
||||
- `"allow"`: connections allowed.
|
||||
- `"deny"`: connections not allowed.
|
||||
'';
|
||||
};
|
||||
users = mkOption {
|
||||
|
|
|
@ -213,30 +213,24 @@ let
|
|||
example = [ "192.0.2.0/24 NOKEY" "10.0.0.1-10.0.0.5 my_tsig_key_name"
|
||||
"10.0.3.4&255.255.0.0 BLOCKED"
|
||||
];
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Listed primary servers are allowed to notify this secondary server.
|
||||
|
||||
Format: <literal><ip> <key-name | NOKEY | BLOCKED></literal>
|
||||
Format: `<ip> <key-name | NOKEY | BLOCKED>`
|
||||
|
||||
<literal><ip></literal> either a plain IPv4/IPv6 address or range.
|
||||
`<ip>` either a plain IPv4/IPv6 address or range.
|
||||
Valid patters for ranges:
|
||||
<itemizedlist>
|
||||
<listitem><para><literal>10.0.0.0/24</literal>: via subnet size</para></listitem>
|
||||
<listitem><para><literal>10.0.0.0&255.255.255.0</literal>: via subnet mask</para></listitem>
|
||||
<listitem><para><literal>10.0.0.1-10.0.0.254</literal>: via range</para></listitem>
|
||||
</itemizedlist>
|
||||
* `10.0.0.0/24`: via subnet size
|
||||
* `10.0.0.0&255.255.255.0`: via subnet mask
|
||||
* `10.0.0.1-10.0.0.254`: via range
|
||||
|
||||
A optional port number could be added with a '@':
|
||||
<itemizedlist>
|
||||
<listitem><para><literal>2001:1234::1@1234</literal></para></listitem>
|
||||
</itemizedlist>
|
||||
* `2001:1234::1@1234`
|
||||
|
||||
<literal><key-name | NOKEY | BLOCKED></literal>
|
||||
<itemizedlist>
|
||||
<listitem><para><literal><key-name></literal> will use the specified TSIG key</para></listitem>
|
||||
<listitem><para><literal>NOKEY</literal> no TSIG signature is required</para></listitem>
|
||||
<listitem><para><literal>BLOCKED</literal>notifies from non-listed or blocked IPs will be ignored</para></listitem>
|
||||
</itemizedlist>
|
||||
`<key-name | NOKEY | BLOCKED>`
|
||||
* `<key-name>` will use the specified TSIG key
|
||||
* `NOKEY` no TSIG signature is required
|
||||
* `BLOCKED`notifies from non-listed or blocked IPs will be ignored
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -350,19 +344,17 @@ let
|
|||
type = types.listOf types.str;
|
||||
default = [];
|
||||
example = [ "10.0.0.1@3721 my_key" "::5 NOKEY" ];
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
This primary server will notify all given secondary servers about
|
||||
zone changes.
|
||||
|
||||
Format: <literal><ip> <key-name | NOKEY></literal>
|
||||
Format: `<ip> <key-name | NOKEY>`
|
||||
|
||||
<literal><ip></literal> a plain IPv4/IPv6 address with on optional port number (ip@port)
|
||||
`<ip>` a plain IPv4/IPv6 address with on optional port number (ip@port)
|
||||
|
||||
<literal><key-name | NOKEY></literal>
|
||||
<itemizedlist>
|
||||
<listitem><para><literal><key-name></literal> sign notifies with the specified key</para></listitem>
|
||||
<listitem><para><literal>NOKEY</literal> don't sign notifies</para></listitem>
|
||||
</itemizedlist>
|
||||
`<key-name | NOKEY>`
|
||||
- `<key-name>` sign notifies with the specified key
|
||||
- `NOKEY` don't sign notifies
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
|
@ -85,37 +85,24 @@ in {
|
|||
dbtype = mkOption {
|
||||
type = types.enum [ "mysql" "percona" "mariadb" "postgresql" "sqlserver" ];
|
||||
default = "postgresql";
|
||||
description = ''
|
||||
Specify the database provider:
|
||||
<simplelist type='inline'>
|
||||
<member><literal>mysql</literal></member>
|
||||
<member><literal>percona</literal></member>
|
||||
<member><literal>mariadb</literal></member>
|
||||
<member><literal>postgresql</literal></member>
|
||||
<member><literal>sqlserver</literal></member>
|
||||
</simplelist>
|
||||
description = lib.mdDoc ''
|
||||
Specify the database provider: `mysql`, `percona`, `mariadb`, `postgresql`, `sqlserver`
|
||||
'';
|
||||
};
|
||||
|
||||
db = mkOption {
|
||||
type = types.str;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Database specific connection string for example:
|
||||
<itemizedlist>
|
||||
<listitem><para>MySQL/Percona/MariaDB:
|
||||
<literal>user:password@tcp(host:3306)/documize</literal>
|
||||
</para></listitem>
|
||||
<listitem><para>MySQLv8+:
|
||||
<literal>user:password@tcp(host:3306)/documize?allowNativePasswords=true</literal>
|
||||
</para></listitem>
|
||||
<listitem><para>PostgreSQL:
|
||||
<literal>host=localhost port=5432 dbname=documize user=admin password=secret sslmode=disable</literal>
|
||||
</para></listitem>
|
||||
<listitem><para>MSSQL:
|
||||
<literal>sqlserver://username:password@localhost:1433?database=Documize</literal> or
|
||||
<literal>sqlserver://sa@localhost/SQLExpress?database=Documize</literal>
|
||||
</para></listitem>
|
||||
</itemizedlist>
|
||||
- MySQL/Percona/MariaDB:
|
||||
`user:password@tcp(host:3306)/documize`
|
||||
- MySQLv8+:
|
||||
`user:password@tcp(host:3306)/documize?allowNativePasswords=true`
|
||||
- PostgreSQL:
|
||||
`host=localhost port=5432 dbname=documize user=admin password=secret sslmode=disable`
|
||||
- MSSQL:
|
||||
`sqlserver://username:password@localhost:1433?database=Documize` or
|
||||
`sqlserver://sa@localhost/SQLExpress?database=Documize`
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
|
@ -533,25 +533,23 @@ in {
|
|||
The nextcloud-occ program preconfigured to target this Nextcloud instance.
|
||||
'';
|
||||
};
|
||||
globalProfiles = mkEnableOption "global profiles" // {
|
||||
description = ''
|
||||
Makes user-profiles globally available under <literal>nextcloud.tld/u/user.name</literal>.
|
||||
globalProfiles = mkEnableOption (lib.mdDoc "global profiles") // {
|
||||
description = lib.mdDoc ''
|
||||
Makes user-profiles globally available under `nextcloud.tld/u/user.name`.
|
||||
Even though it's enabled by default in Nextcloud, it must be explicitly enabled
|
||||
here because it has the side-effect that personal information is even accessible to
|
||||
unauthenticated users by default.
|
||||
|
||||
By default, the following properties are set to “Show to everyone”
|
||||
if this flag is enabled:
|
||||
<itemizedlist>
|
||||
<listitem><para>About</para></listitem>
|
||||
<listitem><para>Full name</para></listitem>
|
||||
<listitem><para>Headline</para></listitem>
|
||||
<listitem><para>Organisation</para></listitem>
|
||||
<listitem><para>Profile picture</para></listitem>
|
||||
<listitem><para>Role</para></listitem>
|
||||
<listitem><para>Twitter</para></listitem>
|
||||
<listitem><para>Website</para></listitem>
|
||||
</itemizedlist>
|
||||
- About
|
||||
- Full name
|
||||
- Headline
|
||||
- Organisation
|
||||
- Profile picture
|
||||
- Role
|
||||
- Twitter
|
||||
- Website
|
||||
|
||||
Only has an effect in Nextcloud 23 and later.
|
||||
'';
|
||||
|
|
|
@ -93,17 +93,15 @@ in {
|
|||
};
|
||||
};
|
||||
};
|
||||
description = ''
|
||||
Settings to configure <literal>wiki-js</literal>. This directly
|
||||
corresponds to <link xlink:href="https://docs.requarks.io/install/config">the upstream configuration options</link>.
|
||||
description = lib.mdDoc ''
|
||||
Settings to configure `wiki-js`. This directly
|
||||
corresponds to [the upstream configuration options](https://docs.requarks.io/install/config).
|
||||
|
||||
Secrets can be injected via the environment by
|
||||
<itemizedlist>
|
||||
<listitem><para>specifying <xref linkend="opt-services.wiki-js.environmentFile"/>
|
||||
to contain secrets</para></listitem>
|
||||
<listitem><para>and setting sensitive values to <literal>$(ENVIRONMENT_VAR)</literal>
|
||||
with this value defined in the environment-file.</para></listitem>
|
||||
</itemizedlist>
|
||||
- specifying [](#opt-services.wiki-js.environmentFile)
|
||||
to contain secrets
|
||||
- and setting sensitive values to `$(ENVIRONMENT_VAR)`
|
||||
with this value defined in the environment-file.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
|
|
@ -499,21 +499,16 @@ in
|
|||
config = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = ''
|
||||
Verbatim <filename>nginx.conf</filename> configuration.
|
||||
description = lib.mdDoc ''
|
||||
Verbatim {file}`nginx.conf` configuration.
|
||||
This is mutually exclusive to any other config option for
|
||||
<filename>nginx.conf</filename> except for
|
||||
<itemizedlist>
|
||||
<listitem><para><xref linkend="opt-services.nginx.appendConfig"/>
|
||||
</para></listitem>
|
||||
<listitem><para><xref linkend="opt-services.nginx.httpConfig"/>
|
||||
</para></listitem>
|
||||
<listitem><para><xref linkend="opt-services.nginx.logError"/>
|
||||
</para></listitem>
|
||||
</itemizedlist>
|
||||
{file}`nginx.conf` except for
|
||||
- [](#opt-services.nginx.appendConfig)
|
||||
- [](#opt-services.nginx.httpConfig)
|
||||
- [](#opt-services.nginx.logError)
|
||||
|
||||
If additional verbatim config in addition to other options is needed,
|
||||
<xref linkend="opt-services.nginx.appendConfig"/> should be used instead.
|
||||
[](#opt-services.nginx.appendConfig) should be used instead.
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
|
@ -622,37 +622,35 @@ in
|
|||
efiInstallAsRemovable = mkOption {
|
||||
default = false;
|
||||
type = types.bool;
|
||||
description = ''
|
||||
Whether to invoke <literal>grub-install</literal> with
|
||||
<literal>--removable</literal>.
|
||||
description = lib.mdDoc ''
|
||||
Whether to invoke `grub-install` with
|
||||
`--removable`.
|
||||
|
||||
Unless you turn this on, GRUB will install itself somewhere in
|
||||
<literal>boot.loader.efi.efiSysMountPoint</literal> (exactly where
|
||||
`boot.loader.efi.efiSysMountPoint` (exactly where
|
||||
depends on other config variables). If you've set
|
||||
<literal>boot.loader.efi.canTouchEfiVariables</literal> *AND* you
|
||||
`boot.loader.efi.canTouchEfiVariables` *AND* you
|
||||
are currently booted in UEFI mode, then GRUB will use
|
||||
<literal>efibootmgr</literal> to modify the boot order in the
|
||||
`efibootmgr` to modify the boot order in the
|
||||
EFI variables of your firmware to include this location. If you are
|
||||
*not* booted in UEFI mode at the time GRUB is being installed, the
|
||||
NVRAM will not be modified, and your system will not find GRUB at
|
||||
boot time. However, GRUB will still return success so you may miss
|
||||
the warning that gets printed ("<literal>efibootmgr: EFI variables
|
||||
are not supported on this system.</literal>").
|
||||
the warning that gets printed ("`efibootmgr: EFI variables
|
||||
are not supported on this system.`").
|
||||
|
||||
If you turn this feature on, GRUB will install itself in a
|
||||
special location within <literal>efiSysMountPoint</literal> (namely
|
||||
<literal>EFI/boot/boot$arch.efi</literal>) which the firmwares
|
||||
special location within `efiSysMountPoint` (namely
|
||||
`EFI/boot/boot$arch.efi`) which the firmwares
|
||||
are hardcoded to try first, regardless of NVRAM EFI variables.
|
||||
|
||||
To summarize, turn this on if:
|
||||
<itemizedlist>
|
||||
<listitem><para>You are installing NixOS and want it to boot in UEFI mode,
|
||||
but you are currently booted in legacy mode</para></listitem>
|
||||
<listitem><para>You want to make a drive that will boot regardless of
|
||||
the NVRAM state of the computer (like a USB "removable" drive)</para></listitem>
|
||||
<listitem><para>You simply dislike the idea of depending on NVRAM
|
||||
state to make your drive bootable</para></listitem>
|
||||
</itemizedlist>
|
||||
- You are installing NixOS and want it to boot in UEFI mode,
|
||||
but you are currently booted in legacy mode
|
||||
- You want to make a drive that will boot regardless of
|
||||
the NVRAM state of the computer (like a USB "removable" drive)
|
||||
- You simply dislike the idea of depending on NVRAM
|
||||
state to make your drive bootable
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
|
@ -31,45 +31,29 @@ in
|
|||
default = [];
|
||||
example = [ "console=ttyS0,115200" ];
|
||||
type = types.listOf types.str;
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
Parameters added to the Memtest86+ command line. As of memtest86+ 5.01
|
||||
the following list of (apparently undocumented) parameters are
|
||||
accepted:
|
||||
|
||||
<itemizedlist>
|
||||
|
||||
<listitem>
|
||||
<para><literal>console=...</literal>, set up a serial console.
|
||||
- `console=...`, set up a serial console.
|
||||
Examples:
|
||||
<literal>console=ttyS0</literal>,
|
||||
<literal>console=ttyS0,9600</literal> or
|
||||
<literal>console=ttyS0,115200n8</literal>.</para>
|
||||
</listitem>
|
||||
`console=ttyS0`,
|
||||
`console=ttyS0,9600` or
|
||||
`console=ttyS0,115200n8`.
|
||||
|
||||
<listitem>
|
||||
<para><literal>btrace</literal>, enable boot trace.</para>
|
||||
</listitem>
|
||||
- `btrace`, enable boot trace.
|
||||
|
||||
<listitem>
|
||||
<para><literal>maxcpus=N</literal>, limit number of CPUs.</para>
|
||||
</listitem>
|
||||
- `maxcpus=N`, limit number of CPUs.
|
||||
|
||||
<listitem>
|
||||
<para><literal>onepass</literal>, run one pass and exit if there
|
||||
are no errors.</para>
|
||||
</listitem>
|
||||
- `onepass`, run one pass and exit if there
|
||||
are no errors.
|
||||
|
||||
<listitem>
|
||||
<para><literal>tstlist=...</literal>, list of tests to run.
|
||||
Example: <literal>0,1,2</literal>.</para>
|
||||
</listitem>
|
||||
- `tstlist=...`, list of tests to run.
|
||||
Example: `0,1,2`.
|
||||
|
||||
<listitem>
|
||||
<para><literal>cpumask=...</literal>, set a CPU mask, to select CPUs
|
||||
to use for testing.</para>
|
||||
</listitem>
|
||||
|
||||
</itemizedlist>
|
||||
- `cpumask=...`, set a CPU mask, to select CPUs
|
||||
to use for testing.
|
||||
|
||||
This list of command line options was obtained by reading the
|
||||
Memtest86+ source code.
|
||||
|
|
|
@ -104,29 +104,15 @@ in {
|
|||
|
||||
type = types.enum [ "0" "1" "2" "auto" "max" "keep" ];
|
||||
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
The resolution of the console. The following values are valid:
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>
|
||||
<literal>"0"</literal>: Standard UEFI 80x25 mode
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
<literal>"1"</literal>: 80x50 mode, not supported by all devices
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
<literal>"2"</literal>: The first non-standard mode provided by the device firmware, if any
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
<literal>"auto"</literal>: Pick a suitable mode automatically using heuristics
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
<literal>"max"</literal>: Pick the highest-numbered available mode
|
||||
</para></listitem>
|
||||
<listitem><para>
|
||||
<literal>"keep"</literal>: Keep the mode selected by firmware (the default)
|
||||
</para></listitem>
|
||||
</itemizedlist>
|
||||
- `"0"`: Standard UEFI 80x25 mode
|
||||
- `"1"`: 80x50 mode, not supported by all devices
|
||||
- `"2"`: The first non-standard mode provided by the device firmware, if any
|
||||
- `"auto"`: Pick a suitable mode automatically using heuristics
|
||||
- `"max"`: Pick the highest-numbered available mode
|
||||
- `"keep"`: Keep the mode selected by firmware (the default)
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
|
@ -613,14 +613,12 @@ in
|
|||
);
|
||||
defaultText = literalMD "`zstd` if the kernel supports it (5.9+), `gzip` if not";
|
||||
type = types.either types.str (types.functionTo types.str);
|
||||
description = ''
|
||||
description = lib.mdDoc ''
|
||||
The compressor to use on the initrd image. May be any of:
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para>The name of one of the predefined compressors, see <filename>pkgs/build-support/kernel/initrd-compressor-meta.nix</filename> for the definitions.</para></listitem>
|
||||
<listitem><para>A function which, given the nixpkgs package set, returns the path to a compressor tool, e.g. <literal>pkgs: "''${pkgs.pigz}/bin/pigz"</literal></para></listitem>
|
||||
<listitem><para>(not recommended, because it does not work when cross-compiling) the full path to a compressor tool, e.g. <literal>"''${pkgs.pigz}/bin/pigz"</literal></para></listitem>
|
||||
</itemizedlist>
|
||||
- The name of one of the predefined compressors, see {file}`pkgs/build-support/kernel/initrd-compressor-meta.nix` for the definitions.
|
||||
- A function which, given the nixpkgs package set, returns the path to a compressor tool, e.g. `pkgs: "''${pkgs.pigz}/bin/pigz"`
|
||||
- (not recommended, because it does not work when cross-compiling) the full path to a compressor tool, e.g. `"''${pkgs.pigz}/bin/pigz"`
|
||||
|
||||
The given program should read data from stdin and write it to stdout compressed.
|
||||
'';
|
||||
|
@ -662,16 +660,14 @@ in
|
|||
default = true;
|
||||
type = types.bool;
|
||||
description =
|
||||
''
|
||||
lib.mdDoc ''
|
||||
Verbosity of the initrd. Please note that disabling verbosity removes
|
||||
only the mandatory messages generated by the NixOS scripts. For a
|
||||
completely silent boot, you might also want to set the two following
|
||||
configuration options:
|
||||
|
||||
<itemizedlist>
|
||||
<listitem><para><literal>boot.consoleLogLevel = 0;</literal></para></listitem>
|
||||
<listitem><para><literal>boot.kernelParams = [ "quiet" "udev.log_level=3" ];</literal></para></listitem>
|
||||
</itemizedlist>
|
||||
- `boot.consoleLogLevel = 0;`
|
||||
- `boot.kernelParams = [ "quiet" "udev.log_level=3" ];`
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
Loading…
Reference in a new issue