diff options
| author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2023-11-11 18:00:58 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-11-11 18:00:58 +0000 |
| commit | 9776723357705dedeb933221c8f9b295d44813d7 (patch) | |
| tree | 15d5753e5cb6835221543be566b71f0a05dd9860 /nixos | |
| parent | 940180423aaad6f43db3510e9418ced525613d51 (diff) | |
| parent | a4e452c906b13806fcea511ab58792d7748203b0 (diff) | |
| download | nixpkgs-9776723357705dedeb933221c8f9b295d44813d7.tar nixpkgs-9776723357705dedeb933221c8f9b295d44813d7.tar.gz nixpkgs-9776723357705dedeb933221c8f9b295d44813d7.tar.bz2 nixpkgs-9776723357705dedeb933221c8f9b295d44813d7.tar.lz nixpkgs-9776723357705dedeb933221c8f9b295d44813d7.tar.xz nixpkgs-9776723357705dedeb933221c8f9b295d44813d7.tar.zst nixpkgs-9776723357705dedeb933221c8f9b295d44813d7.zip | |
Merge master into staging-next
Diffstat (limited to 'nixos')
53 files changed, 93 insertions, 76 deletions
diff --git a/nixos/doc/manual/configuration/subversion.chapter.md b/nixos/doc/manual/configuration/subversion.chapter.md index 84f9c270337..ff870f5c40b 100644 --- a/nixos/doc/manual/configuration/subversion.chapter.md +++ b/nixos/doc/manual/configuration/subversion.chapter.md @@ -2,7 +2,7 @@ [Subversion](https://subversion.apache.org/) is a centralized version-control system. It can use a [variety of -protocols](http://svnbook.red-bean.com/en/1.7/svn-book.html#svn.serverconfig.choosing) +protocols](https://svnbook.red-bean.com/en/1.7/svn-book.html#svn.serverconfig.choosing) for communication between client and server. ## Subversion inside Apache HTTP {#module-services-subversion-apache-httpd} @@ -14,7 +14,7 @@ for communication. For more information on the general setup, please refer to the [the appropriate section of the Subversion -book](http://svnbook.red-bean.com/en/1.7/svn-book.html#svn.serverconfig.httpd). +book](https://svnbook.red-bean.com/en/1.7/svn-book.html#svn.serverconfig.httpd). To configure, include in `/etc/nixos/configuration.nix` code to activate Apache HTTP, setting [](#opt-services.httpd.adminAddr) diff --git a/nixos/doc/manual/development/running-nixos-tests-interactively.section.md b/nixos/doc/manual/development/running-nixos-tests-interactively.section.md index a816213f37d..4b8385d7e0d 100644 --- a/nixos/doc/manual/development/running-nixos-tests-interactively.section.md +++ b/nixos/doc/manual/development/running-nixos-tests-interactively.section.md @@ -62,7 +62,7 @@ where socat is running. If your test has only a single VM, you may use e.g. ```ShellSession -$ QEMU_NET_OPTS="hostfwd=tcp:127.0.0.1:2222-127.0.0.1:22" ./result/bin/nixos-test-driver +$ QEMU_NET_OPTS="hostfwd=tcp:127.0.0.1:2222-:22" ./result/bin/nixos-test-driver ``` to port-forward a port in the VM (here `22`) to the host machine (here port `2222`). @@ -73,6 +73,11 @@ since a single port on the host cannot forward to multiple VMs. If the test defines multiple machines, you may opt to _temporarily_ set `virtualisation.forwardPorts` in the test definition for debugging. +Such port forwardings connect via the VM's virtual network interface. +Thus they cannot connect to ports that are only bound to the VM's +loopback interface (`127.0.0.1`), and the VM's NixOS firewall +must be configured to allow these connections. + ## Reuse VM state {#sec-nixos-test-reuse-vm-state} You can re-use the VM states coming from a previous run by setting the diff --git a/nixos/doc/manual/development/writing-documentation.chapter.md b/nixos/doc/manual/development/writing-documentation.chapter.md index c07a2618c07..3d9bd318cf3 100644 --- a/nixos/doc/manual/development/writing-documentation.chapter.md +++ b/nixos/doc/manual/development/writing-documentation.chapter.md @@ -33,13 +33,13 @@ symlink at `./result/share/doc/nixos/index.html`. ## Editing DocBook XML {#sec-writing-docs-editing-docbook-xml} For general information on how to write in DocBook, see [DocBook 5: The -Definitive Guide](http://www.docbook.org/tdg5/en/html/docbook.html). +Definitive Guide](https://tdg.docbook.org/tdg/5.1/). Emacs nXML Mode is very helpful for editing DocBook XML because it validates the document as you write, and precisely locates errors. To use it, see [](#sec-emacs-docbook-xml). -[Pandoc](http://pandoc.org) can generate DocBook XML from a multitude of +[Pandoc](https://pandoc.org/) can generate DocBook XML from a multitude of formats, which makes a good starting point. Here is an example of Pandoc invocation to convert GitHub-Flavoured MarkDown to DocBook 5 XML: @@ -62,9 +62,9 @@ topic from scratch. Keep the following guidelines in mind when you create and add a topic: -- The NixOS [`book`](http://www.docbook.org/tdg5/en/html/book.html) +- The NixOS [`book`](https://tdg.docbook.org/tdg/5.0/book.html) element is in `nixos/doc/manual/manual.xml`. It includes several - [`parts`](http://www.docbook.org/tdg5/en/html/book.html) which are in + [`parts`](https://tdg.docbook.org/tdg/5.0/book.html) which are in subdirectories. - Store the topic file in the same directory as the `part` to which it diff --git a/nixos/doc/manual/installation/changing-config.chapter.md b/nixos/doc/manual/installation/changing-config.chapter.md index f2ffea9088a..12abf90b718 100644 --- a/nixos/doc/manual/installation/changing-config.chapter.md +++ b/nixos/doc/manual/installation/changing-config.chapter.md @@ -89,7 +89,7 @@ guest. For instance, the following will forward host port 2222 to guest port 22 (SSH): ```ShellSession -$ QEMU_NET_OPTS="hostfwd=tcp:127.0.0.1:2222-127.0.0.1:22" ./result/bin/run-*-vm +$ QEMU_NET_OPTS="hostfwd=tcp:127.0.0.1:2222-:22" ./result/bin/run-*-vm ``` allowing you to log in via SSH (assuming you have set the appropriate @@ -98,3 +98,8 @@ passwords or SSH authorized keys): ```ShellSession $ ssh -p 2222 localhost ``` + +Such port forwardings connect via the VM's virtual network interface. +Thus they cannot connect to ports that are only bound to the VM's +loopback interface (`127.0.0.1`), and the VM's NixOS firewall +must be configured to allow these connections. diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index b4251214876..39aac9fb821 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -153,7 +153,7 @@ let {file}`pam_mount.conf.xml`. Useful attributes might include `path`, `options`, `fstype`, and `server`. - See <http://pam-mount.sourceforge.net/pam_mount.conf.5.html> + See <https://pam-mount.sourceforge.net/pam_mount.conf.5.html> for more information. ''; }; diff --git a/nixos/modules/installer/tools/nixos-generate-config.pl b/nixos/modules/installer/tools/nixos-generate-config.pl index 164c868a9f0..2f9edba4f0c 100644 --- a/nixos/modules/installer/tools/nixos-generate-config.pl +++ b/nixos/modules/installer/tools/nixos-generate-config.pl @@ -130,7 +130,7 @@ sub pciCheck { debug "\n"; if (defined $module) { - # See the bottom of http://pciids.sourceforge.net/pci.ids for + # See the bottom of https://pciids.sourceforge.net/pci.ids for # device classes. if (# Mass-storage controller. Definitely important. $class =~ /^0x01/ || diff --git a/nixos/modules/programs/npm.nix b/nixos/modules/programs/npm.nix index 48dc48e668f..c41fea32614 100644 --- a/nixos/modules/programs/npm.nix +++ b/nixos/modules/programs/npm.nix @@ -34,7 +34,7 @@ in prefix = ''${HOME}/.npm https-proxy=proxy.example.com init-license=MIT - init-author-url=http://npmjs.org + init-author-url=https://www.npmjs.com/ color=true ''; }; diff --git a/nixos/modules/programs/zsh/oh-my-zsh.md b/nixos/modules/programs/zsh/oh-my-zsh.md index 73d425244ce..6a310006edb 100644 --- a/nixos/modules/programs/zsh/oh-my-zsh.md +++ b/nixos/modules/programs/zsh/oh-my-zsh.md @@ -78,7 +78,7 @@ If third-party customizations (e.g. new themes) are supposed to be added to - Completion scripts are supposed to be stored at `$out/share/zsh/site-functions`. This directory is part of the - [`fpath`](http://zsh.sourceforge.net/Doc/Release/Functions.html) + [`fpath`](https://zsh.sourceforge.io/Doc/Release/Functions.html) and the package should be compatible with pure `ZSH` setups. The module will automatically link the contents of `site-functions` to completions directory in the proper diff --git a/nixos/modules/security/google_oslogin.nix b/nixos/modules/security/google_oslogin.nix index f75b4df1851..95975943ff8 100644 --- a/nixos/modules/security/google_oslogin.nix +++ b/nixos/modules/security/google_oslogin.nix @@ -42,6 +42,10 @@ in security.sudo.extraConfig = '' #includedir /run/google-sudoers.d ''; + security.sudo-rs.extraConfig = '' + #includedir /run/google-sudoers.d + ''; + systemd.tmpfiles.rules = [ "d /run/google-sudoers.d 750 root root -" "d /var/google-users.d 750 root root -" diff --git a/nixos/modules/security/pam_mount.nix b/nixos/modules/security/pam_mount.nix index ad78f38b086..26f906f2a76 100644 --- a/nixos/modules/security/pam_mount.nix +++ b/nixos/modules/security/pam_mount.nix @@ -33,7 +33,7 @@ in default = []; description = lib.mdDoc '' List of volume definitions for pam_mount. - For more information, visit <http://pam-mount.sourceforge.net/pam_mount.conf.5.html>. + For more information, visit <https://pam-mount.sourceforge.net/pam_mount.conf.5.html>. ''; }; @@ -78,7 +78,7 @@ in description = lib.mdDoc '' Sets the Debug-Level. 0 disables debugging, 1 enables pam_mount tracing, and 2 additionally enables tracing in mount.crypt. The default is 0. - For more information, visit <http://pam-mount.sourceforge.net/pam_mount.conf.5.html>. + For more information, visit <https://pam-mount.sourceforge.net/pam_mount.conf.5.html>. ''; }; @@ -88,7 +88,7 @@ in description = lib.mdDoc '' Amount of microseconds to wait until killing remaining processes after final logout. - For more information, visit <http://pam-mount.sourceforge.net/pam_mount.conf.5.html>. + For more information, visit <https://pam-mount.sourceforge.net/pam_mount.conf.5.html>. ''; }; diff --git a/nixos/modules/security/polkit.nix b/nixos/modules/security/polkit.nix index de427ccb295..327f49c0b63 100644 --- a/nixos/modules/security/polkit.nix +++ b/nixos/modules/security/polkit.nix @@ -35,7 +35,7 @@ in description = lib.mdDoc '' Any polkit rules to be added to config (in JavaScript ;-). See: - http://www.freedesktop.org/software/polkit/docs/latest/polkit.8.html#polkit-rules + <https://www.freedesktop.org/software/polkit/docs/latest/polkit.8.html#polkit-rules> ''; }; @@ -117,4 +117,3 @@ in }; } - diff --git a/nixos/modules/services/audio/jack.nix b/nixos/modules/services/audio/jack.nix index 105e99cb2f5..b51f2a78c98 100644 --- a/nixos/modules/services/audio/jack.nix +++ b/nixos/modules/services/audio/jack.nix @@ -225,7 +225,7 @@ in { description = "JACK Audio system service user"; isSystemUser = true; }; - # http://jackaudio.org/faq/linux_rt_config.html + # https://jackaudio.org/faq/linux_rt_config.html security.pam.loginLimits = [ { domain = "@jackaudio"; type = "-"; item = "rtprio"; value = "99"; } { domain = "@jackaudio"; type = "-"; item = "memlock"; value = "unlimited"; } diff --git a/nixos/modules/services/computing/boinc/client.nix b/nixos/modules/services/computing/boinc/client.nix index 51475171bf3..ff16795c820 100644 --- a/nixos/modules/services/computing/boinc/client.nix +++ b/nixos/modules/services/computing/boinc/client.nix @@ -54,7 +54,7 @@ in only the hosts listed in {var}`dataDir`/remote_hosts.cfg will be allowed to connect. - See also: <http://boinc.berkeley.edu/wiki/Controlling_BOINC_remotely#Remote_access> + See also: <https://boinc.berkeley.edu/wiki/Controlling_BOINC_remotely#Remote_access> ''; }; diff --git a/nixos/modules/services/computing/slurm/slurm.nix b/nixos/modules/services/computing/slurm/slurm.nix index 344c43a429b..1cbe7b893f8 100644 --- a/nixos/modules/services/computing/slurm/slurm.nix +++ b/nixos/modules/services/computing/slurm/slurm.nix @@ -6,7 +6,7 @@ let cfg = config.services.slurm; opt = options.services.slurm; - # configuration file can be generated by http://slurm.schedmd.com/configurator.html + # configuration file can be generated by https://slurm.schedmd.com/configurator.html defaultUser = "slurm"; diff --git a/nixos/modules/services/databases/couchdb.nix b/nixos/modules/services/databases/couchdb.nix index 0a81a8dceee..bfecfbb3664 100644 --- a/nixos/modules/services/databases/couchdb.nix +++ b/nixos/modules/services/databases/couchdb.nix @@ -79,7 +79,7 @@ in { ''; }; - # couchdb options: http://docs.couchdb.org/en/latest/config/index.html + # couchdb options: https://docs.couchdb.org/en/latest/config/index.html databaseDir = mkOption { type = types.path; diff --git a/nixos/modules/services/databases/firebird.nix b/nixos/modules/services/databases/firebird.nix index 26ed46f0e60..3927c81d953 100644 --- a/nixos/modules/services/databases/firebird.nix +++ b/nixos/modules/services/databases/firebird.nix @@ -17,7 +17,7 @@ # There are at least two ways to run firebird. superserver has been chosen # however there are no strong reasons to prefer this or the other one AFAIK # Eg superserver is said to be most efficiently using resources according to -# http://www.firebirdsql.org/manual/qsg25-classic-or-super.html +# https://www.firebirdsql.org/manual/qsg25-classic-or-super.html with lib; diff --git a/nixos/modules/services/databases/pgmanage.nix b/nixos/modules/services/databases/pgmanage.nix index 12c8253ab49..a0933a5ffc4 100644 --- a/nixos/modules/services/databases/pgmanage.nix +++ b/nixos/modules/services/databases/pgmanage.nix @@ -66,7 +66,7 @@ in { pgmanage requires at least one PostgreSQL server be defined. Detailed information about PostgreSQL connection strings is available at: - <http://www.postgresql.org/docs/current/static/libpq-connect.html> + <https://www.postgresql.org/docs/current/libpq-connect.html> Note that you should not specify your user name or password. That information will be entered on the login screen. If you specify a diff --git a/nixos/modules/services/databases/postgresql.md b/nixos/modules/services/databases/postgresql.md index e4b679a3eee..d65d9616e2f 100644 --- a/nixos/modules/services/databases/postgresql.md +++ b/nixos/modules/services/databases/postgresql.md @@ -5,7 +5,7 @@ *Source:* {file}`modules/services/databases/postgresql.nix` -*Upstream documentation:* <http://www.postgresql.org/docs/> +*Upstream documentation:* <https://www.postgresql.org/docs/> <!-- FIXME: more stuff, like maintainer? --> diff --git a/nixos/modules/services/databases/postgresql.nix b/nixos/modules/services/databases/postgresql.nix index 21e6a60e32a..af4db5c9611 100644 --- a/nixos/modules/services/databases/postgresql.nix +++ b/nixos/modules/services/databases/postgresql.nix @@ -588,7 +588,7 @@ in else "simple"; # Shut down Postgres using SIGINT ("Fast Shutdown mode"). See - # http://www.postgresql.org/docs/current/static/server-shutdown.html + # https://www.postgresql.org/docs/current/server-shutdown.html KillSignal = "SIGINT"; KillMode = "mixed"; diff --git a/nixos/modules/services/databases/redis.nix b/nixos/modules/services/databases/redis.nix index 86b295dadf4..315a0282cd7 100644 --- a/nixos/modules/services/databases/redis.nix +++ b/nixos/modules/services/databases/redis.nix @@ -63,7 +63,7 @@ in { vmOverCommit = mkEnableOption (lib.mdDoc '' setting of vm.overcommit_memory to 1 - (Suggested for Background Saving: http://redis.io/topics/faq) + (Suggested for Background Saving: <https://redis.io/docs/get-started/faq/>) ''); servers = mkOption { diff --git a/nixos/modules/services/hardware/udev.nix b/nixos/modules/services/hardware/udev.nix index 24987374ab0..08ca7a0d247 100644 --- a/nixos/modules/services/hardware/udev.nix +++ b/nixos/modules/services/hardware/udev.nix @@ -279,7 +279,7 @@ in default = true; type = types.bool; description = lib.mdDoc '' - Whether to assign [predictable names to network interfaces](http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames). + Whether to assign [predictable names to network interfaces](https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/). If enabled, interfaces are assigned names that contain topology information (e.g. `wlp3s0`) and thus should be stable diff --git a/nixos/modules/services/logging/logstash.nix b/nixos/modules/services/logging/logstash.nix index e9e3ae1f14c..42d52a61639 100644 --- a/nixos/modules/services/logging/logstash.nix +++ b/nixos/modules/services/logging/logstash.nix @@ -123,7 +123,7 @@ in example = '' if [type] == "syslog" { # Keep only relevant systemd fields - # http://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html + # https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html prune { whitelist_names => [ "type", "@timestamp", "@version", diff --git a/nixos/modules/services/misc/mediatomb.nix b/nixos/modules/services/misc/mediatomb.nix index 632b7caaac4..335b1b684b1 100644 --- a/nixos/modules/services/misc/mediatomb.nix +++ b/nixos/modules/services/misc/mediatomb.nix @@ -186,7 +186,7 @@ let defaultFirewallRules = { # udp 1900 port needs to be opened for SSDP (not configurable within # mediatomb/gerbera) cf. - # http://docs.gerbera.io/en/latest/run.html?highlight=udp%20port#network-setup + # https://docs.gerbera.io/en/latest/run.html?highlight=udp%20port#network-setup allowedUDPPorts = [ 1900 cfg.port ]; allowedTCPPorts = [ cfg.port ]; }; diff --git a/nixos/modules/services/monitoring/bosun.nix b/nixos/modules/services/monitoring/bosun.nix index dc75fda6ed8..1dc19743461 100644 --- a/nixos/modules/services/monitoring/bosun.nix +++ b/nixos/modules/services/monitoring/bosun.nix @@ -108,7 +108,7 @@ in { option. A detailed description of the supported syntax can be found at-spi2-atk - http://bosun.org/configuration.html + https://bosun.org/configuration.html ''; }; diff --git a/nixos/modules/services/monitoring/grafana.nix b/nixos/modules/services/monitoring/grafana.nix index e90a0e9d16d..5e21407042b 100644 --- a/nixos/modules/services/monitoring/grafana.nix +++ b/nixos/modules/services/monitoring/grafana.nix @@ -88,7 +88,7 @@ let # Get a submodule without any embedded metadata: _filter = x: filterAttrs (k: v: k != "_module") x; - # http://docs.grafana.org/administration/provisioning/#datasources + # https://grafana.com/docs/grafana/latest/administration/provisioning/#datasources grafanaTypes.datasourceConfig = types.submodule { freeformType = provisioningSettingsFormat.type; @@ -140,7 +140,7 @@ let }; }; - # http://docs.grafana.org/administration/provisioning/#dashboards + # https://grafana.com/docs/grafana/latest/administration/provisioning/#dashboards grafanaTypes.dashboardConfig = types.submodule { freeformType = provisioningSettingsFormat.type; diff --git a/nixos/modules/services/monitoring/graphite.nix b/nixos/modules/services/monitoring/graphite.nix index 65c91b8f79b..cc3d7097620 100644 --- a/nixos/modules/services/monitoring/graphite.nix +++ b/nixos/modules/services/monitoring/graphite.nix @@ -102,7 +102,7 @@ in { default = ""; description = lib.mdDoc '' Graphite webapp settings. See: - <http://graphite.readthedocs.io/en/latest/config-local-settings.html> + <https://graphite.readthedocs.io/en/latest/config-local-settings.html> ''; }; }; diff --git a/nixos/modules/services/monitoring/munin.nix b/nixos/modules/services/monitoring/munin.nix index 90a51181ac3..5ed7cac48ae 100644 --- a/nixos/modules/services/monitoring/munin.nix +++ b/nixos/modules/services/monitoring/munin.nix @@ -4,7 +4,7 @@ # TODO: LWP/Pg perl libs aren't recognized # TODO: support fastcgi -# http://guide.munin-monitoring.org/en/latest/example/webserver/apache-cgi.html +# https://guide.munin-monitoring.org/en/latest/example/webserver/apache-cgi.html # spawn-fcgi -s /run/munin/fastcgi-graph.sock -U www-data -u munin -g munin /usr/lib/munin/cgi/munin-cgi-graph # spawn-fcgi -s /run/munin/fastcgi-html.sock -U www-data -u munin -g munin /usr/lib/munin/cgi/munin-cgi-html # https://paste.sh/vofcctHP#-KbDSXVeWoifYncZmLfZzgum @@ -147,7 +147,7 @@ in Enable Munin Node agent. Munin node listens on 0.0.0.0 and by default accepts connections only from 127.0.0.1 for security reasons. - See <http://guide.munin-monitoring.org/en/latest/architecture/index.html>. + See <https://guide.munin-monitoring.org/en/latest/architecture/index.html>. ''; }; @@ -156,7 +156,7 @@ in type = types.lines; description = lib.mdDoc '' {file}`munin-node.conf` extra configuration. See - <http://guide.munin-monitoring.org/en/latest/reference/munin-node.conf.html> + <https://guide.munin-monitoring.org/en/latest/reference/munin-node.conf.html> ''; }; @@ -165,7 +165,7 @@ in type = types.lines; description = lib.mdDoc '' {file}`plugin-conf.d` extra plugin configuration. See - <http://guide.munin-monitoring.org/en/latest/plugin/use.html> + <https://guide.munin-monitoring.org/en/latest/plugin/use.html> ''; example = '' [fail2ban_*] @@ -273,9 +273,9 @@ in type = types.lines; description = lib.mdDoc '' {file}`munin.conf` extra global configuration. - See <http://guide.munin-monitoring.org/en/latest/reference/munin.conf.html>. + See <https://guide.munin-monitoring.org/en/latest/reference/munin.conf.html>. Useful to setup notifications, see - <http://guide.munin-monitoring.org/en/latest/tutorial/alert.html> + <https://guide.munin-monitoring.org/en/latest/tutorial/alert.html> ''; example = '' contact.email.command mail -s "Munin notification for ''${var:host}" someone@example.com @@ -288,7 +288,7 @@ in description = lib.mdDoc '' Definitions of hosts of nodes to collect data from. Needs at least one host for cron to succeed. See - <http://guide.munin-monitoring.org/en/latest/reference/munin.conf.html> + <https://guide.munin-monitoring.org/en/latest/reference/munin.conf.html> ''; example = literalExpression '' ''' diff --git a/nixos/modules/services/monitoring/nagios.nix b/nixos/modules/services/monitoring/nagios.nix index 8feff22c118..dc5fa1be292 100644 --- a/nixos/modules/services/monitoring/nagios.nix +++ b/nixos/modules/services/monitoring/nagios.nix @@ -88,7 +88,7 @@ in options = { services.nagios = { - enable = mkEnableOption (lib.mdDoc ''[Nagios](http://www.nagios.org/) to monitor your system or network.''); + enable = mkEnableOption (lib.mdDoc ''[Nagios](https://www.nagios.org/) to monitor your system or network.''); objectDefs = mkOption { description = lib.mdDoc '' diff --git a/nixos/modules/services/network-filesystems/xtreemfs.nix b/nixos/modules/services/network-filesystems/xtreemfs.nix index 926c3c3bd52..866661cf4e6 100644 --- a/nixos/modules/services/network-filesystems/xtreemfs.nix +++ b/nixos/modules/services/network-filesystems/xtreemfs.nix @@ -176,7 +176,7 @@ in description = lib.mdDoc '' Configuration of XtreemFS DIR service. WARNING: configuration is saved as plaintext inside nix store. - For more options: http://www.xtreemfs.org/xtfs-guide-1.5.1/index.html + For more options: https://www.xtreemfs.org/xtfs-guide-1.5.1/index.html ''; }; replication = { @@ -218,7 +218,7 @@ in description = lib.mdDoc '' Configuration of XtreemFS DIR replication plugin. WARNING: configuration is saved as plaintext inside nix store. - For more options: http://www.xtreemfs.org/xtfs-guide-1.5.1/index.html + For more options: https://www.xtreemfs.org/xtfs-guide-1.5.1/index.html ''; }; }; @@ -319,7 +319,7 @@ in description = lib.mdDoc '' Configuration of XtreemFS MRC service. WARNING: configuration is saved as plaintext inside nix store. - For more options: http://www.xtreemfs.org/xtfs-guide-1.5.1/index.html + For more options: https://www.xtreemfs.org/xtfs-guide-1.5.1/index.html ''; }; replication = { @@ -361,7 +361,7 @@ in description = lib.mdDoc '' Configuration of XtreemFS MRC replication plugin. WARNING: configuration is saved as plaintext inside nix store. - For more options: http://www.xtreemfs.org/xtfs-guide-1.5.1/index.html + For more options: https://www.xtreemfs.org/xtfs-guide-1.5.1/index.html ''; }; }; @@ -438,7 +438,7 @@ in description = lib.mdDoc '' Configuration of XtreemFS OSD service. WARNING: configuration is saved as plaintext inside nix store. - For more options: http://www.xtreemfs.org/xtfs-guide-1.5.1/index.html + For more options: https://www.xtreemfs.org/xtfs-guide-1.5.1/index.html ''; }; }; diff --git a/nixos/modules/services/networking/asterisk.nix b/nixos/modules/services/networking/asterisk.nix index 5a1d03f0721..279927781ed 100644 --- a/nixos/modules/services/networking/asterisk.nix +++ b/nixos/modules/services/networking/asterisk.nix @@ -139,7 +139,7 @@ in path. See - <http://www.asterisk.org/community/documentation> + <https://www.asterisk.org/community/documentation/> for more examples of what is possible here. ''; }; diff --git a/nixos/modules/services/networking/i2pd.nix b/nixos/modules/services/networking/i2pd.nix index f872daf05b8..808e7b66d36 100644 --- a/nixos/modules/services/networking/i2pd.nix +++ b/nixos/modules/services/networking/i2pd.nix @@ -239,7 +239,7 @@ in enable = mkEnableOption (lib.mdDoc "I2Pd daemon") // { description = lib.mdDoc '' Enables I2Pd as a running service upon activation. - Please read http://i2pd.readthedocs.io/en/latest/ for further + Please read <https://i2pd.readthedocs.io/en/latest/> for further configuration help. ''; }; diff --git a/nixos/modules/services/networking/ntp/ntpd.nix b/nixos/modules/services/networking/ntp/ntpd.nix index 036a8df635d..2bc690cacf0 100644 --- a/nixos/modules/services/networking/ntp/ntpd.nix +++ b/nixos/modules/services/networking/ntp/ntpd.nix @@ -56,7 +56,7 @@ in The default flags prevent external hosts from using ntpd as a DDoS reflector, setting system time, and querying OS/ntpd version. As recommended in section 6.5.1.1.3, answer "No" of - http://support.ntp.org/bin/view/Support/AccessRestrictions + https://support.ntp.org/Support/AccessRestrictions ''; default = [ "limited" "kod" "nomodify" "notrap" "noquery" "nopeer" ]; }; diff --git a/nixos/modules/services/networking/tox-bootstrapd.nix b/nixos/modules/services/networking/tox-bootstrapd.nix index 5c7e7a4c220..0f310a28d26 100644 --- a/nixos/modules/services/networking/tox-bootstrapd.nix +++ b/nixos/modules/services/networking/tox-bootstrapd.nix @@ -47,7 +47,7 @@ in lib.mdDoc '' Configuration for bootstrap daemon. See <https://github.com/irungentoo/toxcore/blob/master/other/bootstrap_daemon/tox-bootstrapd.conf> - and <http://wiki.tox.im/Nodes>. + and <https://wiki.tox.chat/users/nodes>. ''; }; }; diff --git a/nixos/modules/services/torrent/transmission.nix b/nixos/modules/services/torrent/transmission.nix index b98cb5283a1..5efb9334ea0 100644 --- a/nixos/modules/services/torrent/transmission.nix +++ b/nixos/modules/services/torrent/transmission.nix @@ -148,7 +148,7 @@ in type = types.bool; default = true; description = lib.mdDoc '' - Whether to enable [Micro Transport Protocol (µTP)](http://en.wikipedia.org/wiki/Micro_Transport_Protocol). + Whether to enable [Micro Transport Protocol (µTP)](https://en.wikipedia.org/wiki/Micro_Transport_Protocol). ''; }; options.watch-dir = mkOption { diff --git a/nixos/modules/services/video/unifi-video.nix b/nixos/modules/services/video/unifi-video.nix index cb438a08150..5c93f60cbd7 100644 --- a/nixos/modules/services/video/unifi-video.nix +++ b/nixos/modules/services/video/unifi-video.nix @@ -32,7 +32,7 @@ let name = "mongo.conf"; executable = false; text = '' - # for documentation of all options, see http://docs.mongodb.org/manual/reference/configuration-options/ + # for documentation of all options, see https://www.mongodb.com/docs/manual/reference/configuration-options/ storage: dbPath: ${cfg.dataDir}/db @@ -63,7 +63,7 @@ let executable = false; text = '' # for documentation of all options, see: - # http://docs.mongodb.org/manual/reference/configuration-options/ + # https://www.mongodb.com/docs/manual/reference/configuration-options/ storage: dbPath: ${cfg.dataDir}/db-wt diff --git a/nixos/modules/services/web-apps/akkoma.nix b/nixos/modules/services/web-apps/akkoma.nix index 5f9bbbd6637..8a8ed49115f 100644 --- a/nixos/modules/services/web-apps/akkoma.nix +++ b/nixos/modules/services/web-apps/akkoma.nix @@ -909,7 +909,7 @@ in { }; config = mkIf cfg.enable { - warnings = optionals (!config.security.sudo.enable) ['' + warnings = optionals (with config.security; (!sudo.enable) && (!sudo-rs.enable)) ['' The pleroma_ctl wrapper enabled by the installWrapper option relies on sudo, which appears to have been disabled through security.sudo.enable. '']; diff --git a/nixos/modules/services/web-apps/discourse.nix b/nixos/modules/services/web-apps/discourse.nix index f80eb6b4c7f..da1dba7d940 100644 --- a/nixos/modules/services/web-apps/discourse.nix +++ b/nixos/modules/services/web-apps/discourse.nix @@ -407,7 +407,7 @@ in type = with lib.types; nullOr (enum ["plain" "login" "cram_md5"]); default = null; description = lib.mdDoc '' - Authentication type to use, see http://api.rubyonrails.org/classes/ActionMailer/Base.html + Authentication type to use, see https://api.rubyonrails.org/classes/ActionMailer/Base.html ''; }; @@ -423,7 +423,7 @@ in type = lib.types.str; default = "peer"; description = lib.mdDoc '' - How OpenSSL checks the certificate, see http://api.rubyonrails.org/classes/ActionMailer/Base.html + How OpenSSL checks the certificate, see https://api.rubyonrails.org/classes/ActionMailer/Base.html ''; }; diff --git a/nixos/modules/services/web-apps/nextcloud.md b/nixos/modules/services/web-apps/nextcloud.md index a25bed30e47..ecc7f380592 100644 --- a/nixos/modules/services/web-apps/nextcloud.md +++ b/nixos/modules/services/web-apps/nextcloud.md @@ -49,7 +49,7 @@ used by the imperative installer and all values are written to an additional fil to ensure that changes can be applied by changing the module's options. In case the application serves multiple domains (those are checked with -[`$_SERVER['HTTP_HOST']`](http://php.net/manual/en/reserved.variables.server.php)) +[`$_SERVER['HTTP_HOST']`](https://www.php.net/manual/en/reserved.variables.server.php)) it's needed to add them to [`services.nextcloud.config.extraTrustedDomains`](#opt-services.nextcloud.config.extraTrustedDomains). diff --git a/nixos/modules/services/web-apps/tt-rss.nix b/nixos/modules/services/web-apps/tt-rss.nix index 592ab253f7d..7b2e3be4295 100644 --- a/nixos/modules/services/web-apps/tt-rss.nix +++ b/nixos/modules/services/web-apps/tt-rss.nix @@ -430,7 +430,7 @@ let background processes while not running tt-rss, this method is generally viable to keep your feeds up to date. Still, there are more robust (and recommended) updating methods - available, you can read about them here: http://tt-rss.org/wiki/UpdatingFeeds + available, you can read about them here: <https://tt-rss.org/wiki/UpdatingFeeds> ''; }; diff --git a/nixos/modules/services/web-servers/lighttpd/default.nix b/nixos/modules/services/web-servers/lighttpd/default.nix index 729a633a36c..eaa113c0d52 100644 --- a/nixos/modules/services/web-servers/lighttpd/default.nix +++ b/nixos/modules/services/web-servers/lighttpd/default.nix @@ -10,7 +10,7 @@ let # List of known lighttpd modules, ordered by how the lighttpd documentation # recommends them being imported: - # http://redmine.lighttpd.net/projects/1/wiki/Server_modulesDetails + # https://redmine.lighttpd.net/projects/1/wiki/Server_modulesDetails # # Some modules are always imported and should not appear in the config: # disallowedModules = [ "mod_indexfile" "mod_dirlisting" "mod_staticfile" ]; @@ -84,8 +84,8 @@ let # server.modules += () entries in each sub-service extraConfig snippet, # read this: # - # http://redmine.lighttpd.net/projects/1/wiki/Server_modulesDetails - # http://redmine.lighttpd.net/issues/2337 + # https://redmine.lighttpd.net/projects/1/wiki/Server_modulesDetails + # https://redmine.lighttpd.net/issues/2337 # # Basically, lighttpd doesn't want to load (or even silently ignore) a # module for a second time, and there is no way to check if a module has diff --git a/nixos/modules/services/web-servers/mighttpd2.nix b/nixos/modules/services/web-servers/mighttpd2.nix index 2d887af87c7..bdd6d8b62aa 100644 --- a/nixos/modules/services/web-servers/mighttpd2.nix +++ b/nixos/modules/services/web-servers/mighttpd2.nix @@ -44,7 +44,7 @@ in { type = types.lines; description = lib.mdDoc '' Verbatim config file to use - (see http://www.mew.org/~kazu/proj/mighttpd/en/config.html) + (see https://kazu-yamamoto.github.io/mighttpd2/config.html) ''; }; @@ -78,7 +78,7 @@ in { type = types.lines; description = lib.mdDoc '' Verbatim routing file to use - (see http://www.mew.org/~kazu/proj/mighttpd/en/config.html) + (see https://kazu-yamamoto.github.io/mighttpd2/config.html) ''; }; diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index f2e8585a936..cf70dc32594 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -955,7 +955,7 @@ in default = {}; description = lib.mdDoc '' Configure a proxy cache path entry. - See <http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_path> for documentation. + See <https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_path> for documentation. ''; }; diff --git a/nixos/modules/services/x11/desktop-managers/enlightenment.nix b/nixos/modules/services/x11/desktop-managers/enlightenment.nix index d4b2a50cb8a..28dd408c923 100644 --- a/nixos/modules/services/x11/desktop-managers/enlightenment.nix +++ b/nixos/modules/services/x11/desktop-managers/enlightenment.nix @@ -63,7 +63,7 @@ in # make available for D-BUS user services #export XDG_DATA_DIRS=$XDG_DATA_DIRS''${XDG_DATA_DIRS:+:}:${config.system.path}/share:${e.efl}/share - # Update user dirs as described in http://freedesktop.org/wiki/Software/xdg-user-dirs/ + # Update user dirs as described in https://freedesktop.org/wiki/Software/xdg-user-dirs/ ${pkgs.xdg-user-dirs}/bin/xdg-user-dirs-update fi ''; diff --git a/nixos/modules/services/x11/desktop-managers/gnome.nix b/nixos/modules/services/x11/desktop-managers/gnome.nix index 8b5daf83de1..12bdd933337 100644 --- a/nixos/modules/services/x11/desktop-managers/gnome.nix +++ b/nixos/modules/services/x11/desktop-managers/gnome.nix @@ -455,7 +455,7 @@ in pkgs.glib # for gsettings program pkgs.gnome-menus pkgs.gtk3.out # for gtk-launch program - pkgs.xdg-user-dirs # Update user dirs as described in http://freedesktop.org/wiki/Software/xdg-user-dirs/ + pkgs.xdg-user-dirs # Update user dirs as described in https://freedesktop.org/wiki/Software/xdg-user-dirs/ ]; in mandatoryPackages diff --git a/nixos/modules/services/x11/desktop-managers/pantheon.nix b/nixos/modules/services/x11/desktop-managers/pantheon.nix index eef7aa14057..d82d19b26cd 100644 --- a/nixos/modules/services/x11/desktop-managers/pantheon.nix +++ b/nixos/modules/services/x11/desktop-managers/pantheon.nix @@ -201,7 +201,7 @@ in onboard orca # elementary/greeter#668 sound-theme-freedesktop - xdg-user-dirs # Update user dirs as described in http://freedesktop.org/wiki/Software/xdg-user-dirs/ + xdg-user-dirs # Update user dirs as described in https://freedesktop.org/wiki/Software/xdg-user-dirs/ ]) ++ (with pkgs.pantheon; [ # Artwork elementary-gtk-theme diff --git a/nixos/modules/services/x11/display-managers/default.nix b/nixos/modules/services/x11/display-managers/default.nix index 1f08ded7c96..16a7ff1a4bd 100644 --- a/nixos/modules/services/x11/display-managers/default.nix +++ b/nixos/modules/services/x11/display-managers/default.nix @@ -96,7 +96,7 @@ let )} # Speed up application start by 50-150ms according to - # http://kdemonkey.blogspot.nl/2008/04/magic-trick.html + # https://kdemonkey.blogspot.com/2008/04/magic-trick.html compose_cache="''${XCOMPOSECACHE:-$HOME/.compose-cache}" mkdir -p "$compose_cache" # To avoid accidentally deleting a wrongly set up XCOMPOSECACHE directory, diff --git a/nixos/modules/services/x11/display-managers/xpra.nix b/nixos/modules/services/x11/display-managers/xpra.nix index cb78f52d9b6..0861530f21e 100644 --- a/nixos/modules/services/x11/display-managers/xpra.nix +++ b/nixos/modules/services/x11/display-managers/xpra.nix @@ -60,11 +60,11 @@ in VertRefresh 1.0 - 200.0 #To add your own modes here, use a modeline calculator, like: # cvt: - # http://www.x.org/archive/X11R7.5/doc/man/man1/cvt.1.html + # https://www.x.org/archive/X11R7.5/doc/man/man1/cvt.1.html # xtiming: - # http://xtiming.sourceforge.net/cgi-bin/xtiming.pl + # https://xtiming.sourceforge.net/cgi-bin/xtiming.pl # gtf: - # http://gtf.sourceforge.net/ + # https://gtf.sourceforge.net/ #This can be used to get a specific DPI, but only for the default resolution: #DisplaySize 508 317 #NOTE: the highest modes will not work without increasing the VideoRam diff --git a/nixos/modules/services/x11/imwheel.nix b/nixos/modules/services/x11/imwheel.nix index 133e64c65cd..bd2bcb7bcd0 100644 --- a/nixos/modules/services/x11/imwheel.nix +++ b/nixos/modules/services/x11/imwheel.nix @@ -37,7 +37,7 @@ in Window class translation rules. /etc/X11/imwheelrc is generated based on this config which means this config is global for all users. - See [official man pages](http://imwheel.sourceforge.net/imwheel.1.html) + See [official man pages](https://imwheel.sourceforge.net/imwheel.1.html) for more information. ''; }; diff --git a/nixos/modules/system/boot/loader/generic-extlinux-compatible/default.nix b/nixos/modules/system/boot/loader/generic-extlinux-compatible/default.nix index 5ef3c5cd52a..13df6090711 100644 --- a/nixos/modules/system/boot/loader/generic-extlinux-compatible/default.nix +++ b/nixos/modules/system/boot/loader/generic-extlinux-compatible/default.nix @@ -25,7 +25,7 @@ in under `/boot/extlinux.conf`. For instance, U-Boot's generic distro boot support uses this file format. - See [U-boot's documentation](http://git.denx.de/?p=u-boot.git;a=blob;f=doc/README.distro;hb=refs/heads/master) + See [U-boot's documentation](https://u-boot.readthedocs.io/en/latest/develop/distro.html) for more information. ''; }; diff --git a/nixos/modules/system/boot/loader/grub/grub.nix b/nixos/modules/system/boot/loader/grub/grub.nix index 468f701ae5b..7097e1d83dc 100644 --- a/nixos/modules/system/boot/loader/grub/grub.nix +++ b/nixos/modules/system/boot/loader/grub/grub.nix @@ -339,7 +339,7 @@ in See the [ GRUB source code - ](http://git.savannah.gnu.org/cgit/grub.git/tree/grub-core/commands/nativedisk.c?h=grub-2.04#n326) + ](https://git.savannah.gnu.org/cgit/grub.git/tree/grub-core/commands/nativedisk.c?h=grub-2.04#n326) for which disk modules are available. The list elements are passed directly as `argv` diff --git a/nixos/modules/system/boot/luksroot.nix b/nixos/modules/system/boot/luksroot.nix index 06c329e006b..ca560d63f3b 100644 --- a/nixos/modules/system/boot/luksroot.nix +++ b/nixos/modules/system/boot/luksroot.nix @@ -537,7 +537,7 @@ in description = lib.mdDoc '' Unless enabled, encryption keys can be easily recovered by an attacker with physical access to any machine with PCMCIA, ExpressCard, ThunderBolt or FireWire port. - More information is available at <http://en.wikipedia.org/wiki/DMA_attack>. + More information is available at <https://en.wikipedia.org/wiki/DMA_attack>. This option blacklists FireWire drivers, but doesn't remove them. You can manually load the drivers if you need to use a FireWire device, but don't forget to unload them! diff --git a/nixos/modules/system/boot/stage-1.nix b/nixos/modules/system/boot/stage-1.nix index 322a234e0c4..13c71e1495e 100644 --- a/nixos/modules/system/boot/stage-1.nix +++ b/nixos/modules/system/boot/stage-1.nix @@ -284,7 +284,7 @@ let # in the NixOS installation CD, so use ID_CDROM_MEDIA in the # corresponding udev rules for now. This was the behaviour in # udev <= 154. See also - # http://www.spinics.net/lists/hotplug/msg03935.html + # https://www.spinics.net/lists/hotplug/msg03935.html substituteInPlace $out/60-persistent-storage.rules \ --replace ID_CDROM_MEDIA_TRACK_COUNT_DATA ID_CDROM_MEDIA ''; # */ diff --git a/nixos/modules/virtualisation/google-compute-config.nix b/nixos/modules/virtualisation/google-compute-config.nix index 3c503f027d7..887af26949f 100644 --- a/nixos/modules/virtualisation/google-compute-config.nix +++ b/nixos/modules/virtualisation/google-compute-config.nix @@ -84,6 +84,10 @@ in { groups = [ "google-sudoers" ]; commands = [ { command = "ALL"; options = [ "NOPASSWD" ]; } ]; } ]; + security.sudo-rs.extraRules = mkIf config.users.mutableUsers [ + { groups = [ "google-sudoers" ]; commands = [ { command = "ALL"; options = [ "NOPASSWD" ]; } ]; } + ]; + users.groups.google-sudoers = mkIf config.users.mutableUsers { }; boot.extraModprobeConfig = readFile "${pkgs.google-guest-configs}/etc/modprobe.d/gce-blacklist.conf"; |