diff options
Diffstat (limited to 'nixos/modules')
24 files changed, 349 insertions, 350 deletions
diff --git a/nixos/modules/i18n/input-method/default.xml b/nixos/modules/i18n/input-method/default.xml index dd66316c730..ba621baf441 100644 --- a/nixos/modules/i18n/input-method/default.xml +++ b/nixos/modules/i18n/input-method/default.xml @@ -60,8 +60,8 @@ <programlisting> i18n.inputMethod = { - <link linkend="opt-i18n.inputMethod.enabled">enabled</link> = "ibus"; - <link linkend="opt-i18n.inputMethod.ibus.engines">ibus.engines</link> = with pkgs.ibus-engines; [ anthy hangul mozc ]; + enabled = "ibus"; + ibus.engines = with pkgs.ibus-engines; [ anthy hangul mozc ]; }; </programlisting> @@ -151,8 +151,8 @@ ibus.engines = with pkgs.ibus-engines; [ table table-others ]; <programlisting> i18n.inputMethod = { - <link linkend="opt-i18n.inputMethod.enabled">enabled</link> = "fcitx"; - <link linkend="opt-i18n.inputMethod.fcitx.engines">fcitx.engines</link> = with pkgs.fcitx-engines; [ mozc hangul m17n ]; + enabled = "fcitx"; + fcitx.engines = with pkgs.fcitx-engines; [ mozc hangul m17n ]; }; </programlisting> @@ -224,7 +224,7 @@ i18n.inputMethod = { <programlisting> i18n.inputMethod = { - <link linkend="opt-i18n.inputMethod.enabled">enabled</link> = "nabi"; + enabled = "nabi"; }; </programlisting> </section> @@ -242,7 +242,7 @@ i18n.inputMethod = { <programlisting> i18n.inputMethod = { - <link linkend="opt-i18n.inputMethod.enabled">enabled</link> = "uim"; + enabled = "uim"; }; </programlisting> @@ -267,7 +267,7 @@ i18n.inputMethod = { <programlisting> i18n.inputMethod = { - <link linkend="opt-i18n.inputMethod.enabled">enabled</link> = "hime"; + enabled = "hime"; }; </programlisting> </section> @@ -284,7 +284,7 @@ i18n.inputMethod = { <programlisting> i18n.inputMethod = { - <link linkend="opt-i18n.inputMethod.enabled">enabled</link> = "kime"; + enabled = "kime"; }; </programlisting> </section> diff --git a/nixos/modules/programs/digitalbitbox/doc.xml b/nixos/modules/programs/digitalbitbox/doc.xml index c63201628db..e4ac6195dae 100644 --- a/nixos/modules/programs/digitalbitbox/doc.xml +++ b/nixos/modules/programs/digitalbitbox/doc.xml @@ -12,7 +12,7 @@ setting <literal>programs.digitalbitbox</literal> to <literal>true</literal> in a manner similar to <programlisting> -<xref linkend="opt-programs.digitalbitbox.enable"/> = true; +programs.digitalbitbox.enable = true; </programlisting> and bundles the <literal>digitalbitbox</literal> package (see <xref @@ -40,7 +40,7 @@ <literal>digitalbitbox</literal> package which could be installed as follows: <programlisting> -<xref linkend="opt-environment.systemPackages"/> = [ +environment.systemPackages = [ pkgs.digitalbitbox ]; </programlisting> @@ -53,7 +53,7 @@ The digitalbitbox hardware package enables the udev rules for Digital Bitbox devices and may be installed as follows: <programlisting> -<xref linkend="opt-hardware.digitalbitbox.enable"/> = true; +hardware.digitalbitbox.enable = true; </programlisting> </para> @@ -63,8 +63,8 @@ by means of overriding as follows: <programlisting> programs.digitalbitbox = { - <link linkend="opt-programs.digitalbitbox.enable">enable</link> = true; - <link linkend="opt-programs.digitalbitbox.package">package</link> = pkgs.digitalbitbox.override { + enable = true; + package = pkgs.digitalbitbox.override { udevRule51 = "something else"; }; }; diff --git a/nixos/modules/programs/plotinus.xml b/nixos/modules/programs/plotinus.xml index 8fc8c22c6d7..656c072b97a 100644 --- a/nixos/modules/programs/plotinus.xml +++ b/nixos/modules/programs/plotinus.xml @@ -24,7 +24,7 @@ To enable Plotinus, add the following to your <filename>configuration.nix</filename>: <programlisting> -<xref linkend="opt-programs.plotinus.enable"/> = true; +programs.plotinus.enable = true; </programlisting> </para> </chapter> diff --git a/nixos/modules/security/acme/doc.xml b/nixos/modules/security/acme/doc.xml index 1439594a5ac..4c02eae45f9 100644 --- a/nixos/modules/security/acme/doc.xml +++ b/nixos/modules/security/acme/doc.xml @@ -57,37 +57,36 @@ <para> NixOS supports fetching ACME certificates for you by setting - <literal><link linkend="opt-services.nginx.virtualHosts._name_.enableACME">enableACME</link> - = true;</literal> in a virtualHost config. We first create self-signed + <literal>enableACME = true;</literal> in a virtualHost config. We first create self-signed placeholder certificates in place of the real ACME certs. The placeholder certs are overwritten when the ACME certs arrive. For <literal>foo.example.com</literal> the config would look like this: </para> <programlisting> -<xref linkend="opt-security.acme.acceptTerms" /> = true; -<xref linkend="opt-security.acme.defaults.email" /> = "admin+acme@example.com"; +security.acme.acceptTerms = true; +security.acme.defaults.email = "admin+acme@example.com"; services.nginx = { - <link linkend="opt-services.nginx.enable">enable</link> = true; - <link linkend="opt-services.nginx.virtualHosts">virtualHosts</link> = { + enable = true; + virtualHosts = { "foo.example.com" = { - <link linkend="opt-services.nginx.virtualHosts._name_.forceSSL">forceSSL</link> = true; - <link linkend="opt-services.nginx.virtualHosts._name_.enableACME">enableACME</link> = true; - # All serverAliases will be added as <link linkend="opt-security.acme.certs._name_.extraDomainNames">extra domain names</link> on the certificate. - <link linkend="opt-services.nginx.virtualHosts._name_.serverAliases">serverAliases</link> = [ "bar.example.com" ]; + forceSSL = true; + enableACME = true; + # All serverAliases will be added as extra domain names on the certificate. + serverAliases = [ "bar.example.com" ]; locations."/" = { - <link linkend="opt-services.nginx.virtualHosts._name_.locations._name_.root">root</link> = "/var/www"; + root = "/var/www"; }; }; # We can also add a different vhost and reuse the same certificate # but we have to append extraDomainNames manually beforehand: - # <link linkend="opt-security.acme.certs._name_.extraDomainNames">security.acme.certs."foo.example.com".extraDomainNames</link> = [ "baz.example.com" ]; + # security.acme.certs."foo.example.com".extraDomainNames = [ "baz.example.com" ]; "baz.example.com" = { - <link linkend="opt-services.nginx.virtualHosts._name_.forceSSL">forceSSL</link> = true; - <link linkend="opt-services.nginx.virtualHosts._name_.useACMEHost">useACMEHost</link> = "foo.example.com"; + forceSSL = true; + useACMEHost = "foo.example.com"; locations."/" = { - <link linkend="opt-services.nginx.virtualHosts._name_.locations._name_.root">root</link> = "/var/www"; + root = "/var/www"; }; }; }; @@ -114,41 +113,41 @@ services.nginx = { </para> <programlisting> -<xref linkend="opt-security.acme.acceptTerms" /> = true; -<xref linkend="opt-security.acme.defaults.email" /> = "admin+acme@example.com"; +security.acme.acceptTerms = true; +security.acme.defaults.email = "admin+acme@example.com"; # /var/lib/acme/.challenges must be writable by the ACME user # and readable by the Nginx user. The easiest way to achieve # this is to add the Nginx user to the ACME group. -<link linkend="opt-users.users._name_.extraGroups">users.users.nginx.extraGroups</link> = [ "acme" ]; +users.users.nginx.extraGroups = [ "acme" ]; services.nginx = { - <link linkend="opt-services.nginx.enable">enable</link> = true; - <link linkend="opt-services.nginx.virtualHosts">virtualHosts</link> = { + enable = true; + virtualHosts = { "acmechallenge.example.com" = { # Catchall vhost, will redirect users to HTTPS for all vhosts - <link linkend="opt-services.nginx.virtualHosts._name_.serverAliases">serverAliases</link> = [ "*.example.com" ]; + serverAliases = [ "*.example.com" ]; locations."/.well-known/acme-challenge" = { - <link linkend="opt-services.nginx.virtualHosts._name_.locations._name_.root">root</link> = "/var/lib/acme/.challenges"; + root = "/var/lib/acme/.challenges"; }; locations."/" = { - <link linkend="opt-services.nginx.virtualHosts._name_.locations._name_.return">return</link> = "301 https://$host$request_uri"; + return = "301 https://$host$request_uri"; }; }; }; } # Alternative config for Apache -<link linkend="opt-users.users._name_.extraGroups">users.users.wwwrun.extraGroups</link> = [ "acme" ]; +users.users.wwwrun.extraGroups = [ "acme" ]; services.httpd = { - <link linkend="opt-services.httpd.enable">enable = true;</link> - <link linkend="opt-services.httpd.virtualHosts">virtualHosts</link> = { + enable = true; + virtualHosts = { "acmechallenge.example.com" = { # Catchall vhost, will redirect users to HTTPS for all vhosts - <link linkend="opt-services.httpd.virtualHosts._name_.serverAliases">serverAliases</link> = [ "*.example.com" ]; + serverAliases = [ "*.example.com" ]; # /var/lib/acme/.challenges must be writable by the ACME user and readable by the Apache user. # By default, this is the case. - <link linkend="opt-services.httpd.virtualHosts._name_.documentRoot">documentRoot</link> = "/var/lib/acme/.challenges"; - <link linkend="opt-services.httpd.virtualHosts._name_.extraConfig">extraConfig</link> = '' + documentRoot = "/var/lib/acme/.challenges"; + extraConfig = '' RewriteEngine On RewriteCond %{HTTPS} off RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge [NC] @@ -164,16 +163,16 @@ services.httpd = { </para> <programlisting> -<xref linkend="opt-security.acme.certs"/>."foo.example.com" = { - <link linkend="opt-security.acme.certs._name_.webroot">webroot</link> = "/var/lib/acme/.challenges"; - <link linkend="opt-security.acme.certs._name_.email">email</link> = "foo@example.com"; +security.acme.certs."foo.example.com" = { + webroot = "/var/lib/acme/.challenges"; + email = "foo@example.com"; # Ensure that the web server you use can read the generated certs - # Take a look at the <link linkend="opt-services.nginx.group">group</link> option for the web server you choose. - <link linkend="opt-security.acme.certs._name_.group">group</link> = "nginx"; + # Take a look at the group option for the web server you choose. + group = "nginx"; # Since we have a wildcard vhost to handle port 80, # we can generate certs for anything! # Just make sure your DNS resolves them. - <link linkend="opt-security.acme.certs._name_.extraDomainNames">extraDomainNames</link> = [ "mail.example.com" ]; + extraDomainNames = [ "mail.example.com" ]; }; </programlisting> @@ -203,11 +202,11 @@ services.httpd = { <programlisting> services.bind = { - <link linkend="opt-services.bind.enable">enable</link> = true; - <link linkend="opt-services.bind.extraConfig">extraConfig</link> = '' + enable = true; + extraConfig = '' include "/var/lib/secrets/dnskeys.conf"; ''; - <link linkend="opt-services.bind.zones">zones</link> = [ + zones = [ rec { name = "example.com"; file = "/var/db/bind/${name}"; @@ -218,14 +217,14 @@ services.bind = { } # Now we can configure ACME -<xref linkend="opt-security.acme.acceptTerms" /> = true; -<xref linkend="opt-security.acme.defaults.email" /> = "admin+acme@example.com"; -<xref linkend="opt-security.acme.certs" />."example.com" = { - <link linkend="opt-security.acme.certs._name_.domain">domain</link> = "*.example.com"; - <link linkend="opt-security.acme.certs._name_.dnsProvider">dnsProvider</link> = "rfc2136"; - <link linkend="opt-security.acme.certs._name_.credentialsFile">credentialsFile</link> = "/var/lib/secrets/certs.secret"; +security.acme.acceptTerms = true; +security.acme.defaults.email = "admin+acme@example.com"; +security.acme.certs."example.com" = { + domain = "*.example.com"; + dnsProvider = "rfc2136"; + credentialsFile = "/var/lib/secrets/certs.secret"; # We don't need to wait for propagation since this is a local DNS server - <link linkend="opt-security.acme.certs._name_.dnsPropagationCheck">dnsPropagationCheck</link> = false; + dnsPropagationCheck = false; }; </programlisting> @@ -296,23 +295,23 @@ systemd.services.dns-rfc2136-conf = { <programlisting> # Configure ACME appropriately -<xref linkend="opt-security.acme.acceptTerms" /> = true; -<xref linkend="opt-security.acme.defaults.email" /> = "admin+acme@example.com"; -<xref linkend="opt-security.acme.defaults" /> = { - <link linkend="opt-security.acme.defaults.dnsProvider">dnsProvider</link> = "rfc2136"; - <link linkend="opt-security.acme.defaults.credentialsFile">credentialsFile</link> = "/var/lib/secrets/certs.secret"; +security.acme.acceptTerms = true; +security.acme.defaults.email = "admin+acme@example.com"; +security.acme.defaults = { + dnsProvider = "rfc2136"; + credentialsFile = "/var/lib/secrets/certs.secret"; # We don't need to wait for propagation since this is a local DNS server - <link linkend="opt-security.acme.defaults.dnsPropagationCheck">dnsPropagationCheck</link> = false; + dnsPropagationCheck = false; }; # For each virtual host you would like to use DNS-01 validation with, # set acmeRoot = null services.nginx = { - <link linkend="opt-services.nginx.enable">enable</link> = true; - <link linkend="opt-services.nginx.virtualHosts">virtualHosts</link> = { + enable = true; + virtualHosts = { "foo.example.com" = { - <link linkend="opt-services.nginx.virtualHosts._name_.enableACME">enableACME</link> = true; - <link linkend="opt-services.nginx.virtualHosts._name_.acmeRoot">acmeRoot</link> = null; + enableACME = true; + acmeRoot = null; }; }; } @@ -349,8 +348,8 @@ security.acme.certs."mail.example.com".postRun = '' # Now you must augment OpenSMTPD's systemd service to load # the certificate files. -<link linkend="opt-systemd.services._name_.requires">systemd.services.opensmtpd.requires</link> = ["acme-finished-mail.example.com.target"]; -<link linkend="opt-systemd.services._name_.serviceConfig">systemd.services.opensmtpd.serviceConfig.LoadCredential</link> = let +systemd.services.opensmtpd.requires = ["acme-finished-mail.example.com.target"]; +systemd.services.opensmtpd.serviceConfig.LoadCredential = let certDir = config.security.acme.certs."mail.example.com".directory; in [ "cert.pem:${certDir}/cert.pem" diff --git a/nixos/modules/services/databases/postgresql.xml b/nixos/modules/services/databases/postgresql.xml index e48c578e6ce..fc91e0dc4c0 100644 --- a/nixos/modules/services/databases/postgresql.xml +++ b/nixos/modules/services/databases/postgresql.xml @@ -23,8 +23,8 @@ <para> To enable PostgreSQL, add the following to your <filename>configuration.nix</filename>: <programlisting> -<xref linkend="opt-services.postgresql.enable"/> = true; -<xref linkend="opt-services.postgresql.package"/> = pkgs.postgresql_11; +services.postgresql.enable = true; +services.postgresql.package = pkgs.postgresql_11; </programlisting> Note that you are required to specify the desired version of PostgreSQL (e.g. <literal>pkgs.postgresql_11</literal>). Since upgrading your PostgreSQL version requires a database dump and reload (see below), NixOS cannot provide a default value for <xref linkend="opt-services.postgresql.package"/> such as the most recent release of PostgreSQL. </para> @@ -45,7 +45,7 @@ Type "help" for help. <para> By default, PostgreSQL stores its databases in <filename>/var/lib/postgresql/$psqlSchema</filename>. You can override this using <xref linkend="opt-services.postgresql.dataDir"/>, e.g. <programlisting> -<xref linkend="opt-services.postgresql.dataDir"/> = "/data/postgresql"; +services.postgresql.dataDir = "/data/postgresql"; </programlisting> </para> </section> @@ -71,7 +71,7 @@ Type "help" for help. <programlisting> { config, pkgs, ... }: { - <xref linkend="opt-environment.systemPackages" /> = [ + environment.systemPackages = [ (let # XXX specify the postgresql package you'd like to upgrade to. # Do not forget to list the extensions you need. @@ -87,8 +87,8 @@ Type "help" for help. export NEWBIN="${newPostgres}/bin" - export OLDDATA="${config.<xref linkend="opt-services.postgresql.dataDir"/>}" - export OLDBIN="${config.<xref linkend="opt-services.postgresql.package"/>}/bin" + export OLDDATA="${config.services.postgresql.dataDir}" + export OLDBIN="${config.services.postgresql.package}/bin" install -d -m 0700 -o postgres -g postgres "$NEWDATA" cd "$NEWDATA" @@ -189,8 +189,8 @@ postgresql_11.pkgs.pg_partman postgresql_11.pkgs.pgroonga <para> To add plugins via NixOS configuration, set <literal>services.postgresql.extraPlugins</literal>: <programlisting> -<xref linkend="opt-services.postgresql.package"/> = pkgs.postgresql_11; -<xref linkend="opt-services.postgresql.extraPlugins"/> = with pkgs.postgresql_11.pkgs; [ +services.postgresql.package = pkgs.postgresql_11; +services.postgresql.extraPlugins = with pkgs.postgresql_11.pkgs; [ pg_repack postgis ]; diff --git a/nixos/modules/services/desktops/flatpak.xml b/nixos/modules/services/desktops/flatpak.xml index 8f080b25022..a6d27e40b0a 100644 --- a/nixos/modules/services/desktops/flatpak.xml +++ b/nixos/modules/services/desktops/flatpak.xml @@ -20,7 +20,7 @@ To enable Flatpak, add the following to your <filename>configuration.nix</filename>: <programlisting> - <xref linkend="opt-services.flatpak.enable"/> = true; + services.flatpak.enable = true; </programlisting> </para> <para> @@ -29,7 +29,7 @@ in other cases, you will need to add something like the following to your <filename>configuration.nix</filename>: <programlisting> - <xref linkend="opt-xdg.portal.extraPortals"/> = [ pkgs.xdg-desktop-portal-gtk ]; + xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; </programlisting> </para> <para> diff --git a/nixos/modules/services/editors/emacs.xml b/nixos/modules/services/editors/emacs.xml index fd99ee9442c..dfadf27d41d 100644 --- a/nixos/modules/services/editors/emacs.xml +++ b/nixos/modules/services/editors/emacs.xml @@ -375,8 +375,8 @@ in [...] To install and enable the <command>systemd</command> user service for Emacs daemon, add the following to your <filename>configuration.nix</filename>: <programlisting> -<xref linkend="opt-services.emacs.enable"/> = true; -<xref linkend="opt-services.emacs.package"/> = import /home/cassou/.emacs.d { pkgs = pkgs; }; +services.emacs.enable = true; +services.emacs.package = import /home/cassou/.emacs.d { pkgs = pkgs; }; </programlisting> </para> @@ -459,8 +459,8 @@ emacsclient --create-frame --tty # opens a new frame on the current terminal Emacs daemon is not wanted for all users, it is possible to install the service but not globally enable it: <programlisting> -<xref linkend="opt-services.emacs.enable"/> = false; -<xref linkend="opt-services.emacs.install"/> = true; +services.emacs.enable = false; +services.emacs.install = true; </programlisting> </para> diff --git a/nixos/modules/services/hardware/trezord.xml b/nixos/modules/services/hardware/trezord.xml index 972d409d9d0..e1f42bc0829 100644 --- a/nixos/modules/services/hardware/trezord.xml +++ b/nixos/modules/services/hardware/trezord.xml @@ -19,7 +19,7 @@ <para> To enable Trezor support, add the following to your <filename>configuration.nix</filename>: <programlisting> -<xref linkend="opt-services.trezord.enable"/> = true; +services.trezord.enable = true; </programlisting> This will add all necessary udev rules and start Trezor Bridge. </para> diff --git a/nixos/modules/services/mail/mailman.xml b/nixos/modules/services/mail/mailman.xml index 27247fb064f..9510cbe82c5 100644 --- a/nixos/modules/services/mail/mailman.xml +++ b/nixos/modules/services/mail/mailman.xml @@ -28,14 +28,14 @@ }; }; services.mailman = { - <link linkend="opt-services.mailman.enable">enable</link> = true; - <link linkend="opt-services.mailman.serve.enable">serve.enable</link> = true; - <link linkend="opt-services.mailman.hyperkitty.enable">hyperkitty.enable</link> = true; - <link linkend="opt-services.mailman.webHosts">webHosts</link> = ["lists.example.org"]; - <link linkend="opt-services.mailman.siteOwner">siteOwner</link> = "mailman@example.org"; + enable = true; + serve.enable = true; + hyperkitty.enable = true; + webHosts = ["lists.example.org"]; + siteOwner = "mailman@example.org"; }; - <link linkend="opt-services.nginx.virtualHosts._name_.enableACME">services.nginx.virtualHosts."lists.example.org".enableACME</link> = true; - <link linkend="opt-networking.firewall.allowedTCPPorts">networking.firewall.allowedTCPPorts</link> = [ 25 80 443 ]; + services.nginx.virtualHosts."lists.example.org".enableACME = true; + networking.firewall.allowedTCPPorts = [ 25 80 443 ]; }</programlisting> </para> <para> @@ -65,7 +65,7 @@ mailman = { enable = true; siteOwner = "mailman@example.org"; - <link linkend="opt-services.mailman.enablePostfix">enablePostfix</link> = false; + enablePostfix = false; settings.mta = { incoming = "mailman.mta.exim4.LMTP"; outgoing = "mailman.mta.deliver.deliver"; diff --git a/nixos/modules/services/matrix/mjolnir.xml b/nixos/modules/services/matrix/mjolnir.xml index b07abe33979..4e0f14a3c0b 100644 --- a/nixos/modules/services/matrix/mjolnir.xml +++ b/nixos/modules/services/matrix/mjolnir.xml @@ -67,16 +67,16 @@ { services.mjolnir = { enable = true; - <link linkend="opt-services.mjolnir.homeserverUrl">homeserverUrl</link> = "https://matrix.domain.tld"; - <link linkend="opt-services.mjolnir.pantalaimon">pantalaimon</link> = { - <link linkend="opt-services.mjolnir.pantalaimon.enable">enable</link> = true; - <link linkend="opt-services.mjolnir.pantalaimon.username">username</link> = "mjolnir"; - <link linkend="opt-services.mjolnir.pantalaimon.passwordFile">passwordFile</link> = "/run/secrets/mjolnir-password"; + homeserverUrl = "https://matrix.domain.tld"; + pantalaimon = { + enable = true; + username = "mjolnir"; + passwordFile = "/run/secrets/mjolnir-password"; }; - <link linkend="opt-services.mjolnir.protectedRooms">protectedRooms</link> = [ + protectedRooms = [ "https://matrix.to/#/!xxx:domain.tld" ]; - <link linkend="opt-services.mjolnir.managementRoom">managementRoom</link> = "!yyy:domain.tld"; + managementRoom = "!yyy:domain.tld"; }; } </programlisting> diff --git a/nixos/modules/services/matrix/synapse.xml b/nixos/modules/services/matrix/synapse.xml index 40ad72173a5..f834e54f3c8 100644 --- a/nixos/modules/services/matrix/synapse.xml +++ b/nixos/modules/services/matrix/synapse.xml @@ -47,12 +47,12 @@ let return 200 '${builtins.toJSON data}'; ''; in { - <xref linkend="opt-networking.hostName" /> = "myhostname"; - <xref linkend="opt-networking.domain" /> = "example.org"; - <xref linkend="opt-networking.firewall.allowedTCPPorts" /> = [ 80 443 ]; + networking.hostName = "myhostname"; + networking.domain = "example.org"; + networking.firewall.allowedTCPPorts = [ 80 443 ]; - <xref linkend="opt-services.postgresql.enable" /> = true; - <xref linkend="opt-services.postgresql.initialScript" /> = pkgs.writeText "synapse-init.sql" '' + services.postgresql.enable = true; + services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" '' CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" TEMPLATE template0 @@ -61,42 +61,42 @@ in { ''; services.nginx = { - <link linkend="opt-services.nginx.enable">enable</link> = true; - <link linkend="opt-services.nginx.recommendedTlsSettings">recommendedTlsSettings</link> = true; - <link linkend="opt-services.nginx.recommendedOptimisation">recommendedOptimisation</link> = true; - <link linkend="opt-services.nginx.recommendedGzipSettings">recommendedGzipSettings</link> = true; - <link linkend="opt-services.nginx.recommendedProxySettings">recommendedProxySettings</link> = true; - <link linkend="opt-services.nginx.virtualHosts">virtualHosts</link> = { + enable = true; + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + recommendedProxySettings = true; + virtualHosts = { "${config.networking.domain}" = { <co xml:id='ex-matrix-synapse-dns' /> - <link linkend="opt-services.nginx.virtualHosts._name_.enableACME">enableACME</link> = true; - <link linkend="opt-services.nginx.virtualHosts._name_.forceSSL">forceSSL</link> = true; - <link linkend="opt-services.nginx.virtualHosts._name_.locations._name_.extraConfig">locations."= /.well-known/matrix/server".extraConfig</link> = mkWellKnown serverConfig; <co xml:id='ex-matrix-synapse-well-known-server' /> - <link linkend="opt-services.nginx.virtualHosts._name_.locations._name_.extraConfig">locations."= /.well-known/matrix/client".extraConfig</link> = mkWellKnown clientConfig; <co xml:id='ex-matrix-synapse-well-known-client' /> + enableACME = true; + forceSSL = true; + locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; <co xml:id='ex-matrix-synapse-well-known-server' /> + locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; <co xml:id='ex-matrix-synapse-well-known-client' /> }; "${fqdn}" = { - <link linkend="opt-services.nginx.virtualHosts._name_.enableACME">enableACME</link> = true; - <link linkend="opt-services.nginx.virtualHosts._name_.forceSSL">forceSSL</link> = true; - <link linkend="opt-services.nginx.virtualHosts._name_.locations._name_.extraConfig">locations."/".extraConfig</link> = '' <co xml:id='ex-matrix-synapse-rev-default' /> + enableACME = true; + forceSSL = true; + locations."/".extraConfig = '' <co xml:id='ex-matrix-synapse-rev-default' /> return 404; ''; - <link linkend="opt-services.nginx.virtualHosts._name_.locations._name_.proxyPass">locations."/_matrix".proxyPass</link> = "http://[::1]:8008"; <co xml:id='ex-matrix-synapse-rev-proxy-pass' /> - <link linkend="opt-services.nginx.virtualHosts._name_.locations._name_.proxyPass">locations."/_synapse/client".proxyPass</link> = "http://[::1]:8008"; <co xml:id='ex-matrix-synapse-rev-client' /> + locations."/_matrix".proxyPass = "http://[::1]:8008"; <co xml:id='ex-matrix-synapse-rev-proxy-pass' /> + locations."/_synapse/client".proxyPass = "http://[::1]:8008"; <co xml:id='ex-matrix-synapse-rev-client' /> }; }; }; services.matrix-synapse = { - <link linkend="opt-services.matrix-synapse.enable">enable</link> = true; - <link linkend="opt-services.matrix-synapse.settings.server_name">settings.server_name</link> = config.networking.domain; - <link linkend="opt-services.matrix-synapse.settings.listeners">settings.listeners</link> = [ - { <link linkend="opt-services.matrix-synapse.settings.listeners._.port">port</link> = 8008; - <link linkend="opt-services.matrix-synapse.settings.listeners._.bind_addresses">bind_addresses</link> = [ "::1" ]; - <link linkend="opt-services.matrix-synapse.settings.listeners._.type">type</link> = "http"; - <link linkend="opt-services.matrix-synapse.settings.listeners._.tls">tls</link> = false; - <link linkend="opt-services.matrix-synapse.settings.listeners._.x_forwarded">x_forwarded</link> = true; - <link linkend="opt-services.matrix-synapse.settings.listeners._.resources">resources</link> = [ { - <link linkend="opt-services.matrix-synapse.settings.listeners._.resources._.names">names</link> = [ "client" "federation" ]; - <link linkend="opt-services.matrix-synapse.settings.listeners._.resources._.compress">compress</link> = true; + enable = true; + settings.server_name = config.networking.domain; + settings.listeners = [ + { port = 8008; + bind_addresses = [ "::1" ]; + type = "http"; + tls = false; + x_forwarded = true; + resources = [ { + names = [ "client" "federation" ]; + compress = true; } ]; } ]; @@ -159,7 +159,7 @@ in { <title>Registering Matrix users</title> <para> If you want to run a server with public registration by anybody, you can - then enable <literal><link linkend="opt-services.matrix-synapse.settings.enable_registration">services.matrix-synapse.settings.enable_registration</link> = + then enable <literal>services.matrix-synapse.settings.enable_registration = true;</literal>. Otherwise, or you can generate a registration secret with <command>pwgen -s 64 1</command> and set it with <option><link linkend="opt-services.matrix-synapse.settings.registration_shared_secret">services.matrix-synapse.settings.registration_shared_secret</link></option>. @@ -202,7 +202,7 @@ Success! Include the file like this in your configuration: <programlisting> { - <xref linkend="opt-services.matrix-synapse.extraConfigFiles" /> = [ + services.matrix-synapse.extraConfigFiles = [ "/run/secrets/matrix-shared-secret" ]; } @@ -244,13 +244,13 @@ Success! <programlisting> { services.nginx.virtualHosts."element.${fqdn}" = { - <link linkend="opt-services.nginx.virtualHosts._name_.enableACME">enableACME</link> = true; - <link linkend="opt-services.nginx.virtualHosts._name_.forceSSL">forceSSL</link> = true; - <link linkend="opt-services.nginx.virtualHosts._name_.serverAliases">serverAliases</link> = [ + enableACME = true; + forceSSL = true; + serverAliases = [ "element.${config.networking.domain}" ]; - <link linkend="opt-services.nginx.virtualHosts._name_.root">root</link> = pkgs.element-web.override { + root = pkgs.element-web.override { conf = { default_server_config = clientConfig; # see `clientConfig` from the snippet above. }; diff --git a/nixos/modules/services/misc/gitlab.xml b/nixos/modules/services/misc/gitlab.xml index 9816fdac7dd..a9f8d5fd721 100644 --- a/nixos/modules/services/misc/gitlab.xml +++ b/nixos/modules/services/misc/gitlab.xml @@ -20,16 +20,16 @@ For instance, the following configuration could be used to use nginx as frontend proxy: <programlisting> -<link linkend="opt-services.nginx.enable">services.nginx</link> = { - <link linkend="opt-services.nginx.enable">enable</link> = true; - <link linkend="opt-services.nginx.recommendedGzipSettings">recommendedGzipSettings</link> = true; - <link linkend="opt-services.nginx.recommendedOptimisation">recommendedOptimisation</link> = true; - <link linkend="opt-services.nginx.recommendedProxySettings">recommendedProxySettings</link> = true; - <link linkend="opt-services.nginx.recommendedTlsSettings">recommendedTlsSettings</link> = true; - <link linkend="opt-services.nginx.virtualHosts">virtualHosts</link>."git.example.com" = { - <link linkend="opt-services.nginx.virtualHosts._name_.enableACME">enableACME</link> = true; - <link linkend="opt-services.nginx.virtualHosts._name_.forceSSL">forceSSL</link> = true; - <link linkend="opt-services.nginx.virtualHosts._name_.locations._name_.proxyPass">locations."/".proxyPass</link> = "http://unix:/run/gitlab/gitlab-workhorse.socket"; +services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + virtualHosts."git.example.com" = { + enableACME = true; + forceSSL = true; + locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket"; }; }; </programlisting> @@ -53,26 +53,26 @@ A basic configuration with some custom settings could look like this: <programlisting> services.gitlab = { - <link linkend="opt-services.gitlab.enable">enable</link> = true; - <link linkend="opt-services.gitlab.databasePasswordFile">databasePasswordFile</link> = "/var/keys/gitlab/db_password"; - <link linkend="opt-services.gitlab.initialRootPasswordFile">initialRootPasswordFile</link> = "/var/keys/gitlab/root_password"; - <link linkend="opt-services.gitlab.https">https</link> = true; - <link linkend="opt-services.gitlab.host">host</link> = "git.example.com"; - <link linkend="opt-services.gitlab.port">port</link> = 443; - <link linkend="opt-services.gitlab.user">user</link> = "git"; - <link linkend="opt-services.gitlab.group">group</link> = "git"; + enable = true; + databasePasswordFile = "/var/keys/gitlab/db_password"; + initialRootPasswordFile = "/var/keys/gitlab/root_password"; + https = true; + host = "git.example.com"; + port = 443; + user = "git"; + group = "git"; smtp = { - <link linkend="opt-services.gitlab.smtp.enable">enable</link> = true; - <link linkend="opt-services.gitlab.smtp.address">address</link> = "localhost"; - <link linkend="opt-services.gitlab.smtp.port">port</link> = 25; + enable = true; + address = "localhost"; + port = 25; }; secrets = { - <link linkend="opt-services.gitlab.secrets.dbFile">dbFile</link> = "/var/keys/gitlab/db"; - <link linkend="opt-services.gitlab.secrets.secretFile">secretFile</link> = "/var/keys/gitlab/secret"; - <link linkend="opt-services.gitlab.secrets.otpFile">otpFile</link> = "/var/keys/gitlab/otp"; - <link linkend="opt-services.gitlab.secrets.jwsFile">jwsFile</link> = "/var/keys/gitlab/jws"; + dbFile = "/var/keys/gitlab/db"; + secretFile = "/var/keys/gitlab/secret"; + otpFile = "/var/keys/gitlab/otp"; + jwsFile = "/var/keys/gitlab/jws"; }; - <link linkend="opt-services.gitlab.extraConfig">extraConfig</link> = { + extraConfig = { gitlab = { email_from = "gitlab-no-reply@example.com"; email_display_name = "Example GitLab"; diff --git a/nixos/modules/services/misc/sourcehut/sourcehut.xml b/nixos/modules/services/misc/sourcehut/sourcehut.xml index 41094f65a94..a769ded524c 100644 --- a/nixos/modules/services/misc/sourcehut/sourcehut.xml +++ b/nixos/modules/services/misc/sourcehut/sourcehut.xml @@ -15,11 +15,11 @@ <para> Sourcehut is a Python and Go based set of applications. This NixOS module also provides basic configuration integrating Sourcehut into locally running - <literal><link linkend="opt-services.nginx.enable">services.nginx</link></literal>, - <literal><link linkend="opt-services.redis.servers">services.redis.servers.sourcehut</link></literal>, - <literal><link linkend="opt-services.postfix.enable">services.postfix</link></literal> + <literal>services.nginx</literal>, + <literal>services.redis.servers.sourcehut</literal>, + <literal>services.postfix</literal> and - <literal><link linkend="opt-services.postgresql.enable">services.postgresql</link></literal> services. + <literal>services.postgresql</literal> services. </para> <para> @@ -34,21 +34,21 @@ let in { networking = { - <link linkend="opt-networking.hostName">hostName</link> = "srht"; - <link linkend="opt-networking.domain">domain</link> = "tld"; - <link linkend="opt-networking.firewall.allowedTCPPorts">firewall.allowedTCPPorts</link> = [ 22 80 443 ]; + hostName = "srht"; + domain = "tld"; + firewall.allowedTCPPorts = [ 22 80 443 ]; }; services.sourcehut = { - <link linkend="opt-services.sourcehut.enable">enable</link> = true; - <link linkend="opt-services.sourcehut.git.enable">git.enable</link> = true; - <link linkend="opt-services.sourcehut.man.enable">man.enable</link> = true; - <link linkend="opt-services.sourcehut.meta.enable">meta.enable</link> = true; - <link linkend="opt-services.sourcehut.nginx.enable">nginx.enable</link> = true; - <link linkend="opt-services.sourcehut.postfix.enable">postfix.enable</link> = true; - <link linkend="opt-services.sourcehut.postgresql.enable">postgresql.enable</link> = true; - <link linkend="opt-services.sourcehut.redis.enable">redis.enable</link> = true; - <link linkend="opt-services.sourcehut.settings">settings</link> = { + enable = true; + git.enable = true; + man.enable = true; + meta.enable = true; + nginx.enable = true; + postfix.enable = true; + postgresql.enable = true; + redis.enable = true; + settings = { "sr.ht" = { environment = "production"; global-domain = fqdn; @@ -61,26 +61,26 @@ in { }; }; - <link linkend="opt-security.acme.certs._name_.extraDomainNames">security.acme.certs."${fqdn}".extraDomainNames</link> = [ + security.acme.certs."${fqdn}".extraDomainNames = [ "meta.${fqdn}" "man.${fqdn}" "git.${fqdn}" ]; services.nginx = { - <link linkend="opt-services.nginx.enable">enable</link> = true; + enable = true; # only recommendedProxySettings are strictly required, but the rest make sense as well. - <link linkend="opt-services.nginx.recommendedTlsSettings">recommendedTlsSettings</link> = true; - <link linkend="opt-services.nginx.recommendedOptimisation">recommendedOptimisation</link> = true; - <link linkend="opt-services.nginx.recommendedGzipSettings">recommendedGzipSettings</link> = true; - <link linkend="opt-services.nginx.recommendedProxySettings">recommendedProxySettings</link> = true; + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + recommendedProxySettings = true; # Settings to setup what certificates are used for which endpoint. - <link linkend="opt-services.nginx.virtualHosts">virtualHosts</link> = { - <link linkend="opt-services.nginx.virtualHosts._name_.enableACME">"${fqdn}".enableACME</link> = true; - <link linkend="opt-services.nginx.virtualHosts._name_.useACMEHost">"meta.${fqdn}".useACMEHost</link> = fqdn: - <link linkend="opt-services.nginx.virtualHosts._name_.useACMEHost">"man.${fqdn}".useACMEHost</link> = fqdn: - <link linkend="opt-services.nginx.virtualHosts._name_.useACMEHost">"git.${fqdn}".useACMEHost</link> = fqdn: + virtualHosts = { + "${fqdn}".enableACME = true; + "meta.${fqdn}".useACMEHost = fqdn: + "man.${fqdn}".useACMEHost = fqdn: + "git.${fqdn}".useACMEHost = fqdn: }; }; } diff --git a/nixos/modules/services/misc/taskserver/doc.xml b/nixos/modules/services/misc/taskserver/doc.xml index f6ead7c3785..e3f778f3159 100644 --- a/nixos/modules/services/misc/taskserver/doc.xml +++ b/nixos/modules/services/misc/taskserver/doc.xml @@ -91,10 +91,10 @@ For example, let's say you have the following configuration: <screen> { - <xref linkend="opt-services.taskserver.enable"/> = true; - <xref linkend="opt-services.taskserver.fqdn"/> = "server"; - <xref linkend="opt-services.taskserver.listenHost"/> = "::"; - <link linkend="opt-services.taskserver.organisations._name_.users">services.taskserver.organisations.my-company.users</link> = [ "alice" ]; + services.taskserver.enable = true; + services.taskserver.fqdn = "server"; + services.taskserver.listenHost = "::"; + services.taskserver.organisations.my-company.users = [ "alice" ]; } </screen> This creates an organisation called <literal>my-company</literal> with the diff --git a/nixos/modules/services/misc/weechat.xml b/nixos/modules/services/misc/weechat.xml index 7255edfb9da..b17f9a871ff 100644 --- a/nixos/modules/services/misc/weechat.xml +++ b/nixos/modules/services/misc/weechat.xml @@ -25,7 +25,7 @@ { ... }: { - <link linkend="opt-services.weechat.enable">services.weechat.enable</link> = true; + services.weechat.enable = true; } </programlisting> </para> @@ -46,7 +46,7 @@ support: <programlisting> { - <link linkend="opt-programs.screen.screenrc">programs.screen.screenrc</link> = '' + programs.screen.screenrc = '' multiuser on acladd normal_user ''; diff --git a/nixos/modules/services/networking/prosody.xml b/nixos/modules/services/networking/prosody.xml index 6358d744ff7..e8f27d10e8c 100644 --- a/nixos/modules/services/networking/prosody.xml +++ b/nixos/modules/services/networking/prosody.xml @@ -38,21 +38,21 @@ endpoint will look like this: <programlisting> services.prosody = { - <link linkend="opt-services.prosody.enable">enable</link> = true; - <link linkend="opt-services.prosody.admins">admins</link> = [ "root@example.org" ]; - <link linkend="opt-services.prosody.ssl.cert">ssl.cert</link> = "/var/lib/acme/example.org/fullchain.pem"; - <link linkend="opt-services.prosody.ssl.key">ssl.key</link> = "/var/lib/acme/example.org/key.pem"; - <link linkend="opt-services.prosody.virtualHosts">virtualHosts</link>."example.org" = { - <link linkend="opt-services.prosody.virtualHosts._name_.enabled">enabled</link> = true; - <link linkend="opt-services.prosody.virtualHosts._name_.domain">domain</link> = "example.org"; - <link linkend="opt-services.prosody.virtualHosts._name_.ssl.cert">ssl.cert</link> = "/var/lib/acme/example.org/fullchain.pem"; - <link linkend="opt-services.prosody.virtualHosts._name_.ssl.key">ssl.key</link> = "/var/lib/acme/example.org/key.pem"; + enable = true; + admins = [ "root@example.org" ]; + ssl.cert = "/var/lib/acme/example.org/fullchain.pem"; + ssl.key = "/var/lib/acme/example.org/key.pem"; + virtualHosts."example.org" = { + enabled = true; + domain = "example.org"; + ssl.cert = "/var/lib/acme/example.org/fullchain.pem"; + ssl.key = "/var/lib/acme/example.org/key.pem"; }; - <link linkend="opt-services.prosody.muc">muc</link> = [ { - <link linkend="opt-services.prosody.muc">domain</link> = "conference.example.org"; + muc = [ { + domain = "conference.example.org"; } ]; - <link linkend="opt-services.prosody.uploadHttp">uploadHttp</link> = { - <link linkend="opt-services.prosody.uploadHttp.domain">domain</link> = "upload.example.org"; + uploadHttp = { + domain = "upload.example.org"; }; };</programlisting> </para> @@ -72,13 +72,13 @@ services.prosody = { a TLS certificate for the three endponits: <programlisting> security.acme = { - <link linkend="opt-security.acme.defaults.email">email</link> = "root@example.org"; - <link linkend="opt-security.acme.acceptTerms">acceptTerms</link> = true; - <link linkend="opt-security.acme.certs">certs</link> = { + email = "root@example.org"; + acceptTerms = true; + certs = { "example.org" = { - <link linkend="opt-security.acme.certs._name_.webroot">webroot</link> = "/var/www/example.org"; - <link linkend="opt-security.acme.certs._name_.email">email</link> = "root@example.org"; - <link linkend="opt-security.acme.certs._name_.extraDomainNames">extraDomainNames</link> = [ "conference.example.org" "upload.example.org" ]; + webroot = "/var/www/example.org"; + email = "root@example.org"; + extraDomainNames = [ "conference.example.org" "upload.example.org" ]; }; }; };</programlisting> diff --git a/nixos/modules/services/web-apps/discourse.xml b/nixos/modules/services/web-apps/discourse.xml index ad9b65abf51..d9dc28fa5e4 100644 --- a/nixos/modules/services/web-apps/discourse.xml +++ b/nixos/modules/services/web-apps/discourse.xml @@ -15,18 +15,18 @@ A minimal configuration using Let's Encrypt for TLS certificates looks like this: <programlisting> services.discourse = { - <link linkend="opt-services.discourse.enable">enable</link> = true; - <link linkend="opt-services.discourse.hostname">hostname</link> = "discourse.example.com"; + enable = true; + hostname = "discourse.example.com"; admin = { - <link linkend="opt-services.discourse.admin.email">email</link> = "admin@example.com"; - <link linkend="opt-services.discourse.admin.username">username</link> = "admin"; - <link linkend="opt-services.discourse.admin.fullName">fullName</link> = "Administrator"; - <link linkend="opt-services.discourse.admin.passwordFile">passwordFile</link> = "/path/to/password_file"; + email = "admin@example.com"; + username = "admin"; + fullName = "Administrator"; + passwordFile = "/path/to/password_file"; }; - <link linkend="opt-services.discourse.secretKeyBaseFile">secretKeyBaseFile</link> = "/path/to/secret_key_base_file"; + secretKeyBaseFile = "/path/to/secret_key_base_file"; }; -<link linkend="opt-security.acme.defaults.email">security.acme.email</link> = "me@example.com"; -<link linkend="opt-security.acme.acceptTerms">security.acme.acceptTerms</link> = true; +security.acme.email = "me@example.com"; +security.acme.acceptTerms = true; </programlisting> </para> @@ -48,17 +48,17 @@ services.discourse = { <programlisting> services.discourse = { - <link linkend="opt-services.discourse.enable">enable</link> = true; - <link linkend="opt-services.discourse.hostname">hostname</link> = "discourse.example.com"; - <link linkend="opt-services.discourse.sslCertificate">sslCertificate</link> = "/path/to/ssl_certificate"; - <link linkend="opt-services.discourse.sslCertificateKey">sslCertificateKey</link> = "/path/to/ssl_certificate_key"; + enable = true; + hostname = "discourse.example.com"; + sslCertificate = "/path/to/ssl_certificate"; + sslCertificateKey = "/path/to/ssl_certificate_key"; admin = { - <link linkend="opt-services.discourse.admin.email">email</link> = "admin@example.com"; - <link linkend="opt-services.discourse.admin.username">username</link> = "admin"; - <link linkend="opt-services.discourse.admin.fullName">fullName</link> = "Administrator"; - <link linkend="opt-services.discourse.admin.passwordFile">passwordFile</link> = "/path/to/password_file"; + email = "admin@example.com"; + username = "admin"; + fullName = "Administrator"; + passwordFile = "/path/to/password_file"; }; - <link linkend="opt-services.discourse.secretKeyBaseFile">secretKeyBaseFile</link> = "/path/to/secret_key_base_file"; + secretKeyBaseFile = "/path/to/secret_key_base_file"; }; </programlisting> @@ -108,24 +108,24 @@ services.discourse = { <programlisting> services.discourse = { - <link linkend="opt-services.discourse.enable">enable</link> = true; - <link linkend="opt-services.discourse.hostname">hostname</link> = "discourse.example.com"; - <link linkend="opt-services.discourse.sslCertificate">sslCertificate</link> = "/path/to/ssl_certificate"; - <link linkend="opt-services.discourse.sslCertificateKey">sslCertificateKey</link> = "/path/to/ssl_certificate_key"; + enable = true; + hostname = "discourse.example.com"; + sslCertificate = "/path/to/ssl_certificate"; + sslCertificateKey = "/path/to/ssl_certificate_key"; admin = { - <link linkend="opt-services.discourse.admin.email">email</link> = "admin@example.com"; - <link linkend="opt-services.discourse.admin.username">username</link> = "admin"; - <link linkend="opt-services.discourse.admin.fullName">fullName</link> = "Administrator"; - <link linkend="opt-services.discourse.admin.passwordFile">passwordFile</link> = "/path/to/password_file"; + email = "admin@example.com"; + username = "admin"; + fullName = "Administrator"; + passwordFile = "/path/to/password_file"; }; mail.outgoing = { - <link linkend="opt-services.discourse.mail.outgoing.serverAddress">serverAddress</link> = "smtp.emailprovider.com"; - <link linkend="opt-services.discourse.mail.outgoing.port">port</link> = 587; - <link linkend="opt-services.discourse.mail.outgoing.username">username</link> = "user@emailprovider.com"; - <link linkend="opt-services.discourse.mail.outgoing.passwordFile">passwordFile</link> = "/path/to/smtp_password_file"; + serverAddress = "smtp.emailprovider.com"; + port = 587; + username = "user@emailprovider.com"; + passwordFile = "/path/to/smtp_password_file"; }; - <link linkend="opt-services.discourse.mail.incoming.enable">mail.incoming.enable</link> = true; - <link linkend="opt-services.discourse.secretKeyBaseFile">secretKeyBaseFile</link> = "/path/to/secret_key_base_file"; + mail.incoming.enable = true; + secretKeyBaseFile = "/path/to/secret_key_base_file"; }; </programlisting> @@ -210,24 +210,24 @@ services.discourse = { and changes a few request limits in the backend settings: <programlisting> services.discourse = { - <link linkend="opt-services.discourse.enable">enable</link> = true; - <link linkend="opt-services.discourse.hostname">hostname</link> = "discourse.example.com"; - <link linkend="opt-services.discourse.sslCertificate">sslCertificate</link> = "/path/to/ssl_certificate"; - <link linkend="opt-services.discourse.sslCertificateKey">sslCertificateKey</link> = "/path/to/ssl_certificate_key"; + enable = true; + hostname = "discourse.example.com"; + sslCertificate = "/path/to/ssl_certificate"; + sslCertificateKey = "/path/to/ssl_certificate_key"; admin = { - <link linkend="opt-services.discourse.admin.email">email</link> = "admin@example.com"; - <link linkend="opt-services.discourse.admin.username">username</link> = "admin"; - <link linkend="opt-services.discourse.admin.fullName">fullName</link> = "Administrator"; - <link linkend="opt-services.discourse.admin.passwordFile">passwordFile</link> = "/path/to/password_file"; + email = "admin@example.com"; + username = "admin"; + fullName = "Administrator"; + passwordFile = "/path/to/password_file"; }; mail.outgoing = { - <link linkend="opt-services.discourse.mail.outgoing.serverAddress">serverAddress</link> = "smtp.emailprovider.com"; - <link linkend="opt-services.discourse.mail.outgoing.port">port</link> = 587; - <link linkend="opt-services.discourse.mail.outgoing.username">username</link> = "user@emailprovider.com"; - <link linkend="opt-services.discourse.mail.outgoing.passwordFile">passwordFile</link> = "/path/to/smtp_password_file"; + serverAddress = "smtp.emailprovider.com"; + port = 587; + username = "user@emailprovider.com"; + passwordFile = "/path/to/smtp_password_file"; }; - <link linkend="opt-services.discourse.mail.incoming.enable">mail.incoming.enable</link> = true; - <link linkend="opt-services.discourse.siteSettings">siteSettings</link> = { + mail.incoming.enable = true; + siteSettings = { required = { title = "My Cats"; site_description = "Discuss My Cats (and be nice plz)"; @@ -238,13 +238,13 @@ services.discourse = { github_client_secret._secret = /run/keys/discourse_github_client_secret; }; }; - <link linkend="opt-services.discourse.backendSettings">backendSettings</link> = { + backendSettings = { max_reqs_per_ip_per_minute = 300; max_reqs_per_ip_per_10_seconds = 60; max_asset_reqs_per_ip_per_10_seconds = 250; max_reqs_per_ip_mode = "warn+block"; }; - <link linkend="opt-services.discourse.secretKeyBaseFile">secretKeyBaseFile</link> = "/path/to/secret_key_base_file"; + secretKeyBaseFile = "/path/to/secret_key_base_file"; }; </programlisting> </para> @@ -320,33 +320,33 @@ services.discourse = { <programlisting> services.discourse = { - <link linkend="opt-services.discourse.enable">enable</link> = true; - <link linkend="opt-services.discourse.hostname">hostname</link> = "discourse.example.com"; - <link linkend="opt-services.discourse.sslCertificate">sslCertificate</link> = "/path/to/ssl_certificate"; - <link linkend="opt-services.discourse.sslCertificateKey">sslCertificateKey</link> = "/path/to/ssl_certificate_key"; + enable = true; + hostname = "discourse.example.com"; + sslCertificate = "/path/to/ssl_certificate"; + sslCertificateKey = "/path/to/ssl_certificate_key"; admin = { - <link linkend="opt-services.discourse.admin.email">email</link> = "admin@example.com"; - <link linkend="opt-services.discourse.admin.username">username</link> = "admin"; - <link linkend="opt-services.discourse.admin.fullName">fullName</link> = "Administrator"; - <link linkend="opt-services.discourse.admin.passwordFile">passwordFile</link> = "/path/to/password_file"; + email = "admin@example.com"; + username = "admin"; + fullName = "Administrator"; + passwordFile = "/path/to/password_file"; }; mail.outgoing = { - <link linkend="opt-services.discourse.mail.outgoing.serverAddress">serverAddress</link> = "smtp.emailprovider.com"; - <link linkend="opt-services.discourse.mail.outgoing.port">port</link> = 587; - <link linkend="opt-services.discourse.mail.outgoing.username">username</link> = "user@emailprovider.com"; - <link linkend="opt-services.discourse.mail.outgoing.passwordFile">passwordFile</link> = "/path/to/smtp_password_file"; + serverAddress = "smtp.emailprovider.com"; + port = 587; + username = "user@emailprovider.com"; + passwordFile = "/path/to/smtp_password_file"; }; - <link linkend="opt-services.discourse.mail.incoming.enable">mail.incoming.enable</link> = true; - <link linkend="opt-services.discourse.mail.incoming.enable">plugins</link> = with config.services.discourse.package.plugins; [ + mail.incoming.enable = true; + plugins = with config.services.discourse.package.plugins; [ discourse-spoiler-alert discourse-solved ]; - <link linkend="opt-services.discourse.siteSettings">siteSettings</link> = { + siteSettings = { plugins = { spoiler_enabled = false; }; }; - <link linkend="opt-services.discourse.secretKeyBaseFile">secretKeyBaseFile</link> = "/path/to/secret_key_base_file"; + secretKeyBaseFile = "/path/to/secret_key_base_file"; }; </programlisting> diff --git a/nixos/modules/services/web-apps/grocy.xml b/nixos/modules/services/web-apps/grocy.xml index fdf6d00f4b1..46a49fe601e 100644 --- a/nixos/modules/services/web-apps/grocy.xml +++ b/nixos/modules/services/web-apps/grocy.xml @@ -17,8 +17,8 @@ <programlisting>{ pkgs, ... }: { services.grocy = { - <link linkend="opt-services.grocy.enable">enable</link> = true; - <link linkend="opt-services.grocy.hostName">hostName</link> = "grocy.tld"; + enable = true; + hostName = "grocy.tld"; }; }</programlisting> This configures a simple vhost using <link linkend="opt-services.nginx.enable">nginx</link> @@ -45,19 +45,19 @@ # The default currency in the system for invoices etc. # Please note that exchange rates aren't taken into account, this # is just the setting for what's shown in the frontend. - <link linkend="opt-services.grocy.settings.currency">currency</link> = "EUR"; + currency = "EUR"; # The display language (and locale configuration) for grocy. - <link linkend="opt-services.grocy.settings.currency">culture</link> = "de"; + culture = "de"; calendar = { # Whether or not to show the week-numbers # in the calendar. - <link linkend="opt-services.grocy.settings.calendar.showWeekNumber">showWeekNumber</link> = true; + showWeekNumber = true; # Index of the first day to be shown in the calendar (0=Sunday, 1=Monday, # 2=Tuesday and so on). - <link linkend="opt-services.grocy.settings.calendar.firstDayOfWeek">firstDayOfWeek</link> = 2; + firstDayOfWeek = 2; }; }; }</programlisting> diff --git a/nixos/modules/services/web-apps/jitsi-meet.xml b/nixos/modules/services/web-apps/jitsi-meet.xml index ff44c724adf..8909ac5b0d3 100644 --- a/nixos/modules/services/web-apps/jitsi-meet.xml +++ b/nixos/modules/services/web-apps/jitsi-meet.xml @@ -15,13 +15,13 @@ A minimal configuration using Let's Encrypt for TLS certificates looks like this: <programlisting>{ services.jitsi-meet = { - <link linkend="opt-services.jitsi-meet.enable">enable</link> = true; - <link linkend="opt-services.jitsi-meet.enable">hostName</link> = "jitsi.example.com"; + enable = true; + hostName = "jitsi.example.com"; }; - <link linkend="opt-services.jitsi-videobridge.openFirewall">services.jitsi-videobridge.openFirewall</link> = true; - <link linkend="opt-networking.firewall.allowedTCPPorts">networking.firewall.allowedTCPPorts</link> = [ 80 443 ]; - <link linkend="opt-security.acme.defaults.email">security.acme.email</link> = "me@example.com"; - <link linkend="opt-security.acme.acceptTerms">security.acme.acceptTerms</link> = true; + services.jitsi-videobridge.openFirewall = true; + networking.firewall.allowedTCPPorts = [ 80 443 ]; + security.acme.email = "me@example.com"; + security.acme.acceptTerms = true; }</programlisting> </para> </section> @@ -32,22 +32,22 @@ Here is the minimal configuration with additional configurations: <programlisting>{ services.jitsi-meet = { - <link linkend="opt-services.jitsi-meet.enable">enable</link> = true; - <link linkend="opt-services.jitsi-meet.enable">hostName</link> = "jitsi.example.com"; - <link linkend="opt-services.jitsi-meet.config">config</link> = { + enable = true; + hostName = "jitsi.example.com"; + config = { enableWelcomePage = false; prejoinPageEnabled = true; defaultLang = "fi"; }; - <link linkend="opt-services.jitsi-meet.interfaceConfig">interfaceConfig</link> = { + interfaceConfig = { SHOW_JITSI_WATERMARK = false; SHOW_WATERMARK_FOR_GUESTS = false; }; }; - <link linkend="opt-services.jitsi-videobridge.openFirewall">services.jitsi-videobridge.openFirewall</link> = true; - <link linkend="opt-networking.firewall.allowedTCPPorts">networking.firewall.allowedTCPPorts</link> = [ 80 443 ]; - <link linkend="opt-security.acme.defaults.email">security.acme.email</link> = "me@example.com"; - <link linkend="opt-security.acme.acceptTerms">security.acme.acceptTerms</link> = true; + services.jitsi-videobridge.openFirewall = true; + networking.firewall.allowedTCPPorts = [ 80 443 ]; + security.acme.email = "me@example.com"; + security.acme.acceptTerms = true; }</programlisting> </para> </section> diff --git a/nixos/modules/services/web-apps/keycloak.xml b/nixos/modules/services/web-apps/keycloak.xml index 861756e33ac..cf9de043cf7 100644 --- a/nixos/modules/services/web-apps/keycloak.xml +++ b/nixos/modules/services/web-apps/keycloak.xml @@ -185,15 +185,15 @@ A basic configuration with some custom settings could look like this: <programlisting> services.keycloak = { - <link linkend="opt-services.keycloak.enable">enable</link> = true; + enable = true; settings = { - <link linkend="opt-services.keycloak.settings.hostname">hostname</link> = "keycloak.example.com"; - <link linkend="opt-services.keycloak.settings.hostname-strict-backchannel">hostname-strict-backchannel</link> = true; + hostname = "keycloak.example.com"; + hostname-strict-backchannel = true; }; - <link linkend="opt-services.keycloak.initialAdminPassword">initialAdminPassword</link> = "e6Wcm0RrtegMEHl"; # change on first login - <link linkend="opt-services.keycloak.sslCertificate">sslCertificate</link> = "/run/keys/ssl_cert"; - <link linkend="opt-services.keycloak.sslCertificateKey">sslCertificateKey</link> = "/run/keys/ssl_key"; - <link linkend="opt-services.keycloak.database.passwordFile">database.passwordFile</link> = "/run/keys/db_password"; + initialAdminPassword = "e6Wcm0RrtegMEHl"; # change on first login + sslCertificate = "/run/keys/ssl_cert"; + sslCertificateKey = "/run/keys/ssl_key"; + database.passwordFile = "/run/keys/db_password"; }; </programlisting> </para> diff --git a/nixos/modules/services/web-apps/nextcloud.xml b/nixos/modules/services/web-apps/nextcloud.xml index 4207c4008d5..533f34f7fcc 100644 --- a/nixos/modules/services/web-apps/nextcloud.xml +++ b/nixos/modules/services/web-apps/nextcloud.xml @@ -31,22 +31,22 @@ <programlisting>{ pkgs, ... }: { services.nextcloud = { - <link linkend="opt-services.nextcloud.enable">enable</link> = true; - <link linkend="opt-services.nextcloud.hostName">hostName</link> = "nextcloud.tld"; + enable = true; + hostName = "nextcloud.tld"; config = { - <link linkend="opt-services.nextcloud.config.dbtype">dbtype</link> = "pgsql"; - <link linkend="opt-services.nextcloud.config.dbuser">dbuser</link> = "nextcloud"; - <link linkend="opt-services.nextcloud.config.dbhost">dbhost</link> = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself - <link linkend="opt-services.nextcloud.config.dbname">dbname</link> = "nextcloud"; - <link linkend="opt-services.nextcloud.config.adminpassFile">adminpassFile</link> = "/path/to/admin-pass-file"; - <link linkend="opt-services.nextcloud.config.adminuser">adminuser</link> = "root"; + dbtype = "pgsql"; + dbuser = "nextcloud"; + dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself + dbname = "nextcloud"; + adminpassFile = "/path/to/admin-pass-file"; + adminuser = "root"; }; }; services.postgresql = { - <link linkend="opt-services.postgresql.enable">enable</link> = true; - <link linkend="opt-services.postgresql.ensureDatabases">ensureDatabases</link> = [ "nextcloud" ]; - <link linkend="opt-services.postgresql.ensureUsers">ensureUsers</link> = [ + enable = true; + ensureDatabases = [ "nextcloud" ]; + ensureUsers = [ { name = "nextcloud"; ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES"; } @@ -59,7 +59,7 @@ after = ["postgresql.service"]; }; - <link linkend="opt-networking.firewall.allowedTCPPorts">networking.firewall.allowedTCPPorts</link> = [ 80 443 ]; + networking.firewall.allowedTCPPorts = [ 80 443 ]; }</programlisting> </para> @@ -199,24 +199,24 @@ <para> An exemplary configuration may look like this: <programlisting>{ config, lib, pkgs, ... }: { - <link linkend="opt-services.nginx.enable">services.nginx.enable</link> = false; + services.nginx.enable = false; services.nextcloud = { - <link linkend="opt-services.nextcloud.enable">enable</link> = true; - <link linkend="opt-services.nextcloud.hostName">hostName</link> = "localhost"; + enable = true; + hostName = "localhost"; /* further, required options */ }; - <link linkend="opt-services.phpfpm.pools._name_.settings">services.phpfpm.pools.nextcloud.settings</link> = { + services.phpfpm.pools.nextcloud.settings = { "listen.owner" = config.services.httpd.user; "listen.group" = config.services.httpd.group; }; services.httpd = { - <link linkend="opt-services.httpd.enable">enable</link> = true; - <link linkend="opt-services.httpd.adminAddr">adminAddr</link> = "webmaster@localhost"; - <link linkend="opt-services.httpd.extraModules">extraModules</link> = [ "proxy_fcgi" ]; + enable = true; + adminAddr = "webmaster@localhost"; + extraModules = [ "proxy_fcgi" ]; virtualHosts."localhost" = { - <link linkend="opt-services.httpd.virtualHosts._name_.documentRoot">documentRoot</link> = config.services.nextcloud.package; - <link linkend="opt-services.httpd.virtualHosts._name_.extraConfig">extraConfig</link> = '' + documentRoot = config.services.nextcloud.package; + extraConfig = '' <Directory "${config.services.nextcloud.package}"> <FilesMatch "\.php$"> <If "-f %{REQUEST_FILENAME}"> diff --git a/nixos/modules/services/web-apps/plausible.xml b/nixos/modules/services/web-apps/plausible.xml index 92a571b9fbd..7824768f549 100644 --- a/nixos/modules/services/web-apps/plausible.xml +++ b/nixos/modules/services/web-apps/plausible.xml @@ -18,15 +18,15 @@ After that, <package>plausible</package> can be deployed like this: <programlisting>{ services.plausible = { - <link linkend="opt-services.plausible.enable">enable</link> = true; + enable = true; adminUser = { - <link linkend="opt-services.plausible.adminUser.activate">activate</link> = true; <co xml:id='ex-plausible-cfg-activate' /> - <link linkend="opt-services.plausible.adminUser.email">email</link> = "admin@localhost"; - <link linkend="opt-services.plausible.adminUser.passwordFile">passwordFile</link> = "/run/secrets/plausible-admin-pwd"; + activate = true; <co xml:id='ex-plausible-cfg-activate' /> + email = "admin@localhost"; + passwordFile = "/run/secrets/plausible-admin-pwd"; }; server = { - <link linkend="opt-services.plausible.server.baseUrl">baseUrl</link> = "http://analytics.example.org"; - <link linkend="opt-services.plausible.server.secretKeybaseFile">secretKeybaseFile</link> = "/run/secrets/plausible-secret-key-base"; <co xml:id='ex-plausible-cfg-secretbase' /> + baseUrl = "http://analytics.example.org"; + secretKeybaseFile = "/run/secrets/plausible-secret-key-base"; <co xml:id='ex-plausible-cfg-secretbase' /> }; }; }</programlisting> diff --git a/nixos/modules/services/x11/desktop-managers/gnome.xml b/nixos/modules/services/x11/desktop-managers/gnome.xml index 807c9d64e20..1b3a270c17e 100644 --- a/nixos/modules/services/x11/desktop-managers/gnome.xml +++ b/nixos/modules/services/x11/desktop-managers/gnome.xml @@ -18,8 +18,8 @@ </para> <programlisting> -<xref linkend="opt-services.xserver.desktopManager.gnome.enable"/> = true; -<xref linkend="opt-services.xserver.displayManager.gdm.enable"/> = true; +services.xserver.desktopManager.gnome.enable = true; +services.xserver.displayManager.gdm.enable = true; </programlisting> <note> @@ -40,7 +40,7 @@ </para> <programlisting> -<xref linkend="opt-services.gnome.core-utilities.enable"/> = false; +services.gnome.core-utilities.enable = false; </programlisting> <para> @@ -61,8 +61,8 @@ </para> <programlisting> -<xref linkend="opt-services.gnome.tracker-miners.enable"/> = false; -<xref linkend="opt-services.gnome.tracker.enable"/> = false; +services.gnome.tracker-miners.enable = false; +services.gnome.tracker.enable = false; </programlisting> <para> @@ -78,7 +78,7 @@ </para> <programlisting> -<xref linkend="opt-services.gnome.games.enable"/> = true; +services.gnome.games.enable = true; </programlisting> </section> @@ -90,7 +90,7 @@ </para> <programlisting> -<xref linkend="opt-services.gnome.core-developer-tools.enable"/> = true; +services.gnome.core-developer-tools.enable = true; </programlisting> </section> </section> @@ -103,7 +103,7 @@ </para> <programlisting> -<xref linkend="opt-services.xserver.desktopManager.gnome.flashback.enableMetacity"/> = true; +services.xserver.desktopManager.gnome.flashback.enableMetacity = true; </programlisting> <para> @@ -115,7 +115,7 @@ </para> <programlisting> -<xref linkend="opt-services.xserver.desktopManager.gnome.flashback.customSessions"/> = [ +services.xserver.desktopManager.gnome.flashback.customSessions = [ { wmName = "xmonad"; wmLabel = "XMonad"; @@ -162,7 +162,7 @@ </para> <programlisting> -<xref linkend="opt-environment.systemPackages"/> = [ +environment.systemPackages = [ gnomeExtensions.dash-to-dock gnomeExtensions.gsconnect gnomeExtensions.mpris-indicator-button @@ -211,7 +211,7 @@ <programlisting> services.xserver.desktopManager.gnome = { - <link xlink:href="#opt-services.xserver.desktopManager.gnome.extraGSettingsOverrides">extraGSettingsOverrides</link> = '' + extraGSettingsOverrides = '' # Change default background [org.gnome.desktop.background] picture-uri='file://${pkgs.nixos-artwork.wallpapers.mosaic-blue.gnomeFilePath}' @@ -221,7 +221,7 @@ services.xserver.desktopManager.gnome = { favorite-apps=['org.gnome.Photos.desktop', 'org.gnome.Nautilus.desktop'] ''; - <link xlink:href="#opt-services.xserver.desktopManager.gnome.extraGSettingsOverridePackages">extraGSettingsOverridePackages</link> = [ + extraGSettingsOverridePackages = [ pkgs.gsettings-desktop-schemas # for org.gnome.desktop pkgs.gnome.gnome-shell # for org.gnome.shell ]; diff --git a/nixos/modules/services/x11/desktop-managers/pantheon.xml b/nixos/modules/services/x11/desktop-managers/pantheon.xml index 6226f8f6a27..a0784c2f2e1 100644 --- a/nixos/modules/services/x11/desktop-managers/pantheon.xml +++ b/nixos/modules/services/x11/desktop-managers/pantheon.xml @@ -11,16 +11,16 @@ <para> All of Pantheon is working in NixOS and the applications should be available, aside from a few <link xlink:href="https://github.com/NixOS/nixpkgs/issues/58161">exceptions</link>. To enable Pantheon, set <programlisting> -<xref linkend="opt-services.xserver.desktopManager.pantheon.enable"/> = true; +services.xserver.desktopManager.pantheon.enable = true; </programlisting> This automatically enables LightDM and Pantheon's LightDM greeter. If you'd like to disable this, set <programlisting> -<xref linkend="opt-services.xserver.displayManager.lightdm.greeters.pantheon.enable"/> = false; -<xref linkend="opt-services.xserver.displayManager.lightdm.enable"/> = false; +services.xserver.displayManager.lightdm.greeters.pantheon.enable = false; +services.xserver.displayManager.lightdm.enable = false; </programlisting> but please be aware using Pantheon without LightDM as a display manager will break screenlocking from the UI. The NixOS module for Pantheon installs all of Pantheon's default applications. If you'd like to not install Pantheon's apps, set <programlisting> -<xref linkend="opt-services.pantheon.apps.enable"/> = false; +services.pantheon.apps.enable = false; </programlisting> You can also use <xref linkend="opt-environment.pantheon.excludePackages"/> to remove any other app (like <package>elementary-mail</package>). </para> |