tjh.dev
nixos: fix typos
+1
-1
nixos/doc/manual/configuration/profiles/hardened.section.md
+1
-1
nixos/doc/manual/configuration/profiles/hardened.section.md
···
7
available to processes through the `/sys` and
8
`/proc` filesystems. It also disables the User Namespaces
9
feature of the kernel, which stops Nix from being able to build anything
10
-
(this particular setting can be overriden via
11
[](#opt-security.allowUserNamespaces)). See the
12
[profile source](https://github.com/nixos/nixpkgs/tree/master/nixos/modules/profiles/hardened.nix)
13
for further detail on which settings are altered.
···
7
available to processes through the `/sys` and
8
`/proc` filesystems. It also disables the User Namespaces
9
feature of the kernel, which stops Nix from being able to build anything
10
+
(this particular setting can be overridden via
11
[](#opt-security.allowUserNamespaces)). See the
12
[profile source](https://github.com/nixos/nixpkgs/tree/master/nixos/modules/profiles/hardened.nix)
13
for further detail on which settings are altered.
+2
-2
nixos/doc/manual/development/activation-script.section.md
+2
-2
nixos/doc/manual/development/activation-script.section.md
···
34
35
An activation script can write to special files instructing
36
`switch-to-configuration` to restart/reload units. The script will take these
37
-
requests into account and will incorperate the unit configuration as described
38
above. This means that the activation script will "fake" a modified unit file
39
and `switch-to-configuration` will act accordingly. By doing so, configuration
40
like [systemd.services.\<name\>.restartIfChanged](#opt-systemd.services) is
···
49
`/run/nixos/dry-activation-reload-list`. Those files can contain
50
newline-separated lists of unit names where duplicates are being ignored. These
51
files are not create automatically and activation scripts must take the
52
-
possiblility into account that they have to create them first.
53
54
## NixOS snippets {#sec-activation-script-nixos-snippets}
55
···
34
35
An activation script can write to special files instructing
36
`switch-to-configuration` to restart/reload units. The script will take these
37
+
requests into account and will incorporate the unit configuration as described
38
above. This means that the activation script will "fake" a modified unit file
39
and `switch-to-configuration` will act accordingly. By doing so, configuration
40
like [systemd.services.\<name\>.restartIfChanged](#opt-systemd.services) is
···
49
`/run/nixos/dry-activation-reload-list`. Those files can contain
50
newline-separated lists of unit names where duplicates are being ignored. These
51
files are not create automatically and activation scripts must take the
52
+
possibility into account that they have to create them first.
53
54
## NixOS snippets {#sec-activation-script-nixos-snippets}
55
+1
-1
nixos/doc/manual/development/option-types.section.md
+1
-1
nixos/doc/manual/development/option-types.section.md
···
345
It takes a parameter *`o`*, that should be a set, or a function returning
346
a set with an `options` key defining the sub-options. Submodule option
347
definitions are type-checked accordingly to the `options` declarations.
348
-
Of course, you can nest submodule option definitons for even higher
349
modularity.
350
351
The option set can be defined directly
···
345
It takes a parameter *`o`*, that should be a set, or a function returning
346
a set with an `options` key defining the sub-options. Submodule option
347
definitions are type-checked accordingly to the `options` declarations.
348
+
Of course, you can nest submodule option definitions for even higher
349
modularity.
350
351
The option set can be defined directly
+2
-2
nixos/doc/manual/development/writing-nixos-tests.section.md
+2
-2
nixos/doc/manual/development/writing-nixos-tests.section.md
···
298
299
: Wait until the supplied regular expressions match a line of the
300
serial console output. This method is useful when OCR is not
301
-
possibile or accurate enough.
302
303
`wait_for_window`
304
···
351
`start_job` and `stop_job`.
352
353
For faster dev cycles it\'s also possible to disable the code-linters
354
-
(this shouldn\'t be commited though):
355
356
```nix
357
{
···
298
299
: Wait until the supplied regular expressions match a line of the
300
serial console output. This method is useful when OCR is not
301
+
possible or accurate enough.
302
303
`wait_for_window`
304
···
351
`start_job` and `stop_job`.
352
353
For faster dev cycles it\'s also possible to disable the code-linters
354
+
(this shouldn\'t be committed though):
355
356
```nix
357
{
+1
-1
nixos/doc/manual/from_md/configuration/profiles/hardened.section.xml
+1
-1
nixos/doc/manual/from_md/configuration/profiles/hardened.section.xml
···
9
available to processes through the <literal>/sys</literal> and
10
<literal>/proc</literal> filesystems. It also disables the User
11
Namespaces feature of the kernel, which stops Nix from being able to
12
-
build anything (this particular setting can be overriden via
13
<xref linkend="opt-security.allowUserNamespaces" />). See the
14
<link xlink:href="https://github.com/nixos/nixpkgs/tree/master/nixos/modules/profiles/hardened.nix">profile
15
source</link> for further detail on which settings are altered.
···
9
available to processes through the <literal>/sys</literal> and
10
<literal>/proc</literal> filesystems. It also disables the User
11
Namespaces feature of the kernel, which stops Nix from being able to
12
+
build anything (this particular setting can be overridden via
13
<xref linkend="opt-security.allowUserNamespaces" />). See the
14
<link xlink:href="https://github.com/nixos/nixpkgs/tree/master/nixos/modules/profiles/hardened.nix">profile
15
source</link> for further detail on which settings are altered.
+2
-2
nixos/doc/manual/from_md/development/activation-script.section.xml
+2
-2
nixos/doc/manual/from_md/development/activation-script.section.xml
···
45
An activation script can write to special files instructing
46
<literal>switch-to-configuration</literal> to restart/reload units.
47
The script will take these requests into account and will
48
-
incorperate the unit configuration as described above. This means
49
that the activation script will <quote>fake</quote> a modified unit
50
file and <literal>switch-to-configuration</literal> will act
51
accordingly. By doing so, configuration like
···
66
<literal>/run/nixos/dry-activation-reload-list</literal>. Those
67
files can contain newline-separated lists of unit names where
68
duplicates are being ignored. These files are not create
69
-
automatically and activation scripts must take the possiblility into
70
account that they have to create them first.
71
</para>
72
<section xml:id="sec-activation-script-nixos-snippets">
···
45
An activation script can write to special files instructing
46
<literal>switch-to-configuration</literal> to restart/reload units.
47
The script will take these requests into account and will
48
+
incorporate the unit configuration as described above. This means
49
that the activation script will <quote>fake</quote> a modified unit
50
file and <literal>switch-to-configuration</literal> will act
51
accordingly. By doing so, configuration like
···
66
<literal>/run/nixos/dry-activation-reload-list</literal>. Those
67
files can contain newline-separated lists of unit names where
68
duplicates are being ignored. These files are not create
69
+
automatically and activation scripts must take the possibility into
70
account that they have to create them first.
71
</para>
72
<section xml:id="sec-activation-script-nixos-snippets">
+1
-1
nixos/doc/manual/from_md/development/option-types.section.xml
+1
-1
nixos/doc/manual/from_md/development/option-types.section.xml
···
712
<literal>options</literal> key defining the sub-options. Submodule
713
option definitions are type-checked accordingly to the
714
<literal>options</literal> declarations. Of course, you can nest
715
-
submodule option definitons for even higher modularity.
716
</para>
717
<para>
718
The option set can be defined directly
···
712
<literal>options</literal> key defining the sub-options. Submodule
713
option definitions are type-checked accordingly to the
714
<literal>options</literal> declarations. Of course, you can nest
715
+
submodule option definitions for even higher modularity.
716
</para>
717
<para>
718
The option set can be defined directly
+2
-2
nixos/doc/manual/from_md/development/writing-nixos-tests.section.xml
+2
-2
nixos/doc/manual/from_md/development/writing-nixos-tests.section.xml
···
536
<para>
537
Wait until the supplied regular expressions match a line of
538
the serial console output. This method is useful when OCR is
539
-
not possibile or accurate enough.
540
</para>
541
</listitem>
542
</varlistentry>
···
631
</para>
632
<para>
633
For faster dev cycles it's also possible to disable the
634
-
code-linters (this shouldn't be commited though):
635
</para>
636
<programlisting language="bash">
637
{
···
536
<para>
537
Wait until the supplied regular expressions match a line of
538
the serial console output. This method is useful when OCR is
539
+
not possible or accurate enough.
540
</para>
541
</listitem>
542
</varlistentry>
···
631
</para>
632
<para>
633
For faster dev cycles it's also possible to disable the
634
+
code-linters (this shouldn't be committed though):
635
</para>
636
<programlisting language="bash">
637
{
+2
-2
nixos/doc/manual/from_md/installation/building-nixos.chapter.xml
+2
-2
nixos/doc/manual/from_md/installation/building-nixos.chapter.xml
···
24
</itemizedlist>
25
<para>
26
System images, such as the live installer ones, know how to enforce
27
-
configuration settings on wich they immediately depend in order to
28
work correctly.
29
</para>
30
<para>
···
102
it needs at a minimum for correct functioning, while the installer
103
base image overrides the entire file system layout because there
104
can’t be any other guarantees on a live medium than those given by
105
-
the live medium itself. The latter is especially true befor
106
formatting the target block device(s). On the other hand, the
107
netboot iso only overrides its minimum dependencies since netboot
108
images are always made-to-target.
···
24
</itemizedlist>
25
<para>
26
System images, such as the live installer ones, know how to enforce
27
+
configuration settings on which they immediately depend in order to
28
work correctly.
29
</para>
30
<para>
···
102
it needs at a minimum for correct functioning, while the installer
103
base image overrides the entire file system layout because there
104
can’t be any other guarantees on a live medium than those given by
105
+
the live medium itself. The latter is especially true before
106
formatting the target block device(s). On the other hand, the
107
netboot iso only overrides its minimum dependencies since netboot
108
images are always made-to-target.
+1
-1
nixos/doc/manual/from_md/installation/installing-from-other-distro.section.xml
+1
-1
nixos/doc/manual/from_md/installation/installing-from-other-distro.section.xml
···
223
<para>
224
You'll likely want to set a root password for your first boot
225
using the configuration files because you won't have a chance to
226
-
enter a password until after you reboot. You can initalize the
227
root password to an empty one with this line: (and of course
228
don't forget to set one once you've rebooted or to lock the
229
account with <literal>sudo passwd -l root</literal> if you use
···
223
<para>
224
You'll likely want to set a root password for your first boot
225
using the configuration files because you won't have a chance to
226
+
enter a password until after you reboot. You can initialize the
227
root password to an empty one with this line: (and of course
228
don't forget to set one once you've rebooted or to lock the
229
account with <literal>sudo passwd -l root</literal> if you use
+1
-1
nixos/doc/manual/from_md/installation/installing-virtualbox-guest.section.xml
+1
-1
nixos/doc/manual/from_md/installation/installing-virtualbox-guest.section.xml
+1
-1
nixos/doc/manual/from_md/installation/installing.chapter.xml
+1
-1
nixos/doc/manual/from_md/installation/installing.chapter.xml
···
256
</para>
257
<para>
258
On the minimal installer, NetworkManager is not available, so
259
-
configuration must be perfomed manually. To configure the wifi,
260
first start wpa_supplicant with
261
<literal>sudo systemctl start wpa_supplicant</literal>, then run
262
<literal>wpa_cli</literal>. For most home networks, you need to
···
256
</para>
257
<para>
258
On the minimal installer, NetworkManager is not available, so
259
+
configuration must be performed manually. To configure the wifi,
260
first start wpa_supplicant with
261
<literal>sudo systemctl start wpa_supplicant</literal>, then run
262
<literal>wpa_cli</literal>. For most home networks, you need to
+1
-1
nixos/doc/manual/from_md/release-notes/rl-1603.section.xml
+1
-1
nixos/doc/manual/from_md/release-notes/rl-1603.section.xml
···
545
<literal>services.udev.extraRules</literal> option now writes
546
rules to <literal>99-local.rules</literal> instead of
547
<literal>10-local.rules</literal>. This makes all the user rules
548
-
apply after others, so their results wouldn't be overriden by
549
anything else.
550
</para>
551
</listitem>
···
545
<literal>services.udev.extraRules</literal> option now writes
546
rules to <literal>99-local.rules</literal> instead of
547
<literal>10-local.rules</literal>. This makes all the user rules
548
+
apply after others, so their results wouldn't be overridden by
549
anything else.
550
</para>
551
</listitem>
+1
-1
nixos/doc/manual/from_md/release-notes/rl-1709.section.xml
+1
-1
nixos/doc/manual/from_md/release-notes/rl-1709.section.xml
···
666
<listitem>
667
<para>
668
<literal>services.firefox.syncserver</literal> now runs by
669
-
default as a non-root user. To accomodate this change, the
670
default sqlite database location has also been changed.
671
Migration should work automatically. Refer to the description
672
of the options for more details.
···
666
<listitem>
667
<para>
668
<literal>services.firefox.syncserver</literal> now runs by
669
+
default as a non-root user. To accommodate this change, the
670
default sqlite database location has also been changed.
671
Migration should work automatically. Refer to the description
672
of the options for more details.
+1
-1
nixos/doc/manual/from_md/release-notes/rl-1903.section.xml
+1
-1
nixos/doc/manual/from_md/release-notes/rl-1903.section.xml
+2
-2
nixos/doc/manual/from_md/release-notes/rl-1909.section.xml
+2
-2
nixos/doc/manual/from_md/release-notes/rl-1909.section.xml
···
498
<listitem>
499
<para>
500
The <literal>prometheus-nginx-exporter</literal> package now
501
-
uses the offical exporter provided by NGINX Inc. Its metrics
502
are differently structured and are incompatible to the old
503
ones. For information about the metrics, have a look at the
504
<link xlink:href="https://github.com/nginxinc/nginx-prometheus-exporter">official
···
524
<para>
525
By default, prometheus exporters are now run with
526
<literal>DynamicUser</literal> enabled. Exporters that need a
527
-
real user, now run under a seperate user and group which
528
follow the pattern
529
<literal><exporter-name>-exporter</literal>, instead of
530
the previous default <literal>nobody</literal> and
···
498
<listitem>
499
<para>
500
The <literal>prometheus-nginx-exporter</literal> package now
501
+
uses the official exporter provided by NGINX Inc. Its metrics
502
are differently structured and are incompatible to the old
503
ones. For information about the metrics, have a look at the
504
<link xlink:href="https://github.com/nginxinc/nginx-prometheus-exporter">official
···
524
<para>
525
By default, prometheus exporters are now run with
526
<literal>DynamicUser</literal> enabled. Exporters that need a
527
+
real user, now run under a separate user and group which
528
follow the pattern
529
<literal><exporter-name>-exporter</literal>, instead of
530
the previous default <literal>nobody</literal> and
+1
-1
nixos/doc/manual/from_md/release-notes/rl-2105.section.xml
+1
-1
nixos/doc/manual/from_md/release-notes/rl-2105.section.xml
···
1304
<listitem>
1305
<para>
1306
In the ACME module, the data used to build the hash for the
1307
-
account directory has changed to accomodate new features to
1308
reduce account rate limit issues. This will trigger new
1309
account creation on the first rebuild following this update.
1310
No issues are expected to arise from this, thanks to the new
···
1304
<listitem>
1305
<para>
1306
In the ACME module, the data used to build the hash for the
1307
+
account directory has changed to accommodate new features to
1308
reduce account rate limit issues. This will trigger new
1309
account creation on the first rebuild following this update.
1310
No issues are expected to arise from this, thanks to the new
+2
-2
nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
+2
-2
nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
···
328
<listitem>
329
<para>
330
<link xlink:href="https://maddy.email/">Maddy</link>, a free
331
-
an open source mail server. Availabe as
332
<link linkend="opt-services.maddy.enable">services.maddy</link>.
333
</para>
334
</listitem>
···
1422
derivation if <literal>name</literal> is
1423
<literal>"vim"</literal> (the default). This
1424
makes the <literal>wrapManual</literal> argument obsolete,
1425
-
but this behavior can be overriden by setting the
1426
<literal>standalone</literal> argument.
1427
</para>
1428
</listitem>
···
328
<listitem>
329
<para>
330
<link xlink:href="https://maddy.email/">Maddy</link>, a free
331
+
an open source mail server. Available as
332
<link linkend="opt-services.maddy.enable">services.maddy</link>.
333
</para>
334
</listitem>
···
1422
derivation if <literal>name</literal> is
1423
<literal>"vim"</literal> (the default). This
1424
makes the <literal>wrapManual</literal> argument obsolete,
1425
+
but this behavior can be overridden by setting the
1426
<literal>standalone</literal> argument.
1427
</para>
1428
</listitem>
+3
-3
nixos/doc/manual/from_md/release-notes/rl-2211.section.xml
+3
-3
nixos/doc/manual/from_md/release-notes/rl-2211.section.xml
+6
-6
nixos/doc/manual/from_md/release-notes/rl-2305.section.xml
+6
-6
nixos/doc/manual/from_md/release-notes/rl-2305.section.xml
···
114
<link linkend="opt-services.snapserver.openFirewall">services.snapserver.openFirewall</link>
115
module option default value has been changed from
116
<literal>true</literal> to <literal>false</literal>. You will
117
-
need to explicitely set this option to
118
-
<literal>true</literal>, or configure your firewall.
119
</para>
120
</listitem>
121
<listitem>
···
124
<link linkend="opt-services.tmate-ssh-server.openFirewall">services.tmate-ssh-server.openFirewall</link>
125
module option default value has been changed from
126
<literal>true</literal> to <literal>false</literal>. You will
127
-
need to explicitely set this option to
128
-
<literal>true</literal>, or configure your firewall.
129
</para>
130
</listitem>
131
<listitem>
···
134
<link linkend="opt-services.unifi-video.openFirewall">services.unifi-video.openFirewall</link>
135
module option default value has been changed from
136
<literal>true</literal> to <literal>false</literal>. You will
137
-
need to explicitely set this option to
138
-
<literal>true</literal>, or configure your firewall.
139
</para>
140
</listitem>
141
<listitem>
···
114
<link linkend="opt-services.snapserver.openFirewall">services.snapserver.openFirewall</link>
115
module option default value has been changed from
116
<literal>true</literal> to <literal>false</literal>. You will
117
+
need to explicitly set this option to <literal>true</literal>,
118
+
or configure your firewall.
119
</para>
120
</listitem>
121
<listitem>
···
124
<link linkend="opt-services.tmate-ssh-server.openFirewall">services.tmate-ssh-server.openFirewall</link>
125
module option default value has been changed from
126
<literal>true</literal> to <literal>false</literal>. You will
127
+
need to explicitly set this option to <literal>true</literal>,
128
+
or configure your firewall.
129
</para>
130
</listitem>
131
<listitem>
···
134
<link linkend="opt-services.unifi-video.openFirewall">services.unifi-video.openFirewall</link>
135
module option default value has been changed from
136
<literal>true</literal> to <literal>false</literal>. You will
137
+
need to explicitly set this option to <literal>true</literal>,
138
+
or configure your firewall.
139
</para>
140
</listitem>
141
<listitem>
+2
-2
nixos/doc/manual/installation/building-nixos.chapter.md
+2
-2
nixos/doc/manual/installation/building-nixos.chapter.md
···
9
- Combine them with (any of) your host config(s)
10
11
System images, such as the live installer ones, know how to enforce configuration settings
12
-
on wich they immediately depend in order to work correctly.
13
14
However, if you are confident, you can opt to override those
15
enforced values with `mkForce`.
···
75
For example, the iso base image overrides those file systems which it needs at a minimum
76
for correct functioning, while the installer base image overrides the entire file system
77
layout because there can't be any other guarantees on a live medium than those given
78
-
by the live medium itself. The latter is especially true befor formatting the target
79
block device(s). On the other hand, the netboot iso only overrides its minimum dependencies
80
since netboot images are always made-to-target.
···
9
- Combine them with (any of) your host config(s)
10
11
System images, such as the live installer ones, know how to enforce configuration settings
12
+
on which they immediately depend in order to work correctly.
13
14
However, if you are confident, you can opt to override those
15
enforced values with `mkForce`.
···
75
For example, the iso base image overrides those file systems which it needs at a minimum
76
for correct functioning, while the installer base image overrides the entire file system
77
layout because there can't be any other guarantees on a live medium than those given
78
+
by the live medium itself. The latter is especially true before formatting the target
79
block device(s). On the other hand, the netboot iso only overrides its minimum dependencies
80
since netboot images are always made-to-target.
+1
-1
nixos/doc/manual/installation/installing-from-other-distro.section.md
+1
-1
nixos/doc/manual/installation/installing-from-other-distro.section.md
···
158
159
You\'ll likely want to set a root password for your first boot using
160
the configuration files because you won\'t have a chance to enter a
161
-
password until after you reboot. You can initalize the root password
162
to an empty one with this line: (and of course don\'t forget to set
163
one once you\'ve rebooted or to lock the account with
164
`sudo passwd -l root` if you use `sudo`)
···
158
159
You\'ll likely want to set a root password for your first boot using
160
the configuration files because you won\'t have a chance to enter a
161
+
password until after you reboot. You can initialize the root password
162
to an empty one with this line: (and of course don\'t forget to set
163
one once you\'ve rebooted or to lock the account with
164
`sudo passwd -l root` if you use `sudo`)
+1
-1
nixos/doc/manual/installation/installing-virtualbox-guest.section.md
+1
-1
nixos/doc/manual/installation/installing-virtualbox-guest.section.md
+1
-1
nixos/doc/manual/installation/installing.chapter.md
+1
-1
nixos/doc/manual/installation/installing.chapter.md
···
162
`systemctl stop NetworkManager`.
163
164
On the minimal installer, NetworkManager is not available, so
165
-
configuration must be perfomed manually. To configure the wifi, first
166
start wpa_supplicant with `sudo systemctl start wpa_supplicant`, then
167
run `wpa_cli`. For most home networks, you need to type in the following
168
commands:
···
162
`systemctl stop NetworkManager`.
163
164
On the minimal installer, NetworkManager is not available, so
165
+
configuration must be performed manually. To configure the wifi, first
166
start wpa_supplicant with `sudo systemctl start wpa_supplicant`, then
167
run `wpa_cli`. For most home networks, you need to type in the following
168
commands:
+1
-1
nixos/doc/manual/release-notes/rl-1603.section.md
+1
-1
nixos/doc/manual/release-notes/rl-1603.section.md
···
202
}
203
```
204
205
-
- `services.udev.extraRules` option now writes rules to `99-local.rules` instead of `10-local.rules`. This makes all the user rules apply after others, so their results wouldn\'t be overriden by anything else.
206
207
- Large parts of the `services.gitlab` module has been been rewritten. There are new configuration options available. The `stateDir` option was renamned to `statePath` and the `satellitesDir` option was removed. Please review the currently available options.
208
···
202
}
203
```
204
205
+
- `services.udev.extraRules` option now writes rules to `99-local.rules` instead of `10-local.rules`. This makes all the user rules apply after others, so their results wouldn\'t be overridden by anything else.
206
207
- Large parts of the `services.gitlab` module has been been rewritten. There are new configuration options available. The `stateDir` option was renamned to `statePath` and the `satellitesDir` option was removed. Please review the currently available options.
208
+1
-1
nixos/doc/manual/release-notes/rl-1709.section.md
+1
-1
nixos/doc/manual/release-notes/rl-1709.section.md
···
238
239
- `cc-wrapper`\'s setup-hook now exports a number of environment variables corresponding to binutils binaries, (e.g. `LD`, `STRIP`, `RANLIB`, etc). This is done to prevent packages\' build systems guessing, which is harder to predict, especially when cross-compiling. However, some packages have broken due to this---their build systems either not supporting, or claiming to support without adequate testing, taking such environment variables as parameters.
240
241
-
- `services.firefox.syncserver` now runs by default as a non-root user. To accomodate this change, the default sqlite database location has also been changed. Migration should work automatically. Refer to the description of the options for more details.
242
243
- The `compiz` window manager and package was removed. The system support had been broken for several years.
244
···
238
239
- `cc-wrapper`\'s setup-hook now exports a number of environment variables corresponding to binutils binaries, (e.g. `LD`, `STRIP`, `RANLIB`, etc). This is done to prevent packages\' build systems guessing, which is harder to predict, especially when cross-compiling. However, some packages have broken due to this---their build systems either not supporting, or claiming to support without adequate testing, taking such environment variables as parameters.
240
241
+
- `services.firefox.syncserver` now runs by default as a non-root user. To accommodate this change, the default sqlite database location has also been changed. Migration should work automatically. Refer to the description of the options for more details.
242
243
- The `compiz` window manager and package was removed. The system support had been broken for several years.
244
+1
-1
nixos/doc/manual/release-notes/rl-1903.section.md
+1
-1
nixos/doc/manual/release-notes/rl-1903.section.md
···
73
74
- OpenSMTPD has been upgraded to version 6.4.0p1. This release makes backwards-incompatible changes to the configuration file format. See `man smtpd.conf` for more information on the new file format.
75
76
-
- The versioned `postgresql` have been renamed to use underscore number seperators. For example, `postgresql96` has been renamed to `postgresql_9_6`.
77
78
- Package `consul-ui` and passthrough `consul.ui` have been removed. The package `consul` now uses upstream releases that vendor the UI into the binary. See [\#48714](https://github.com/NixOS/nixpkgs/pull/48714#issuecomment-433454834) for details.
79
···
73
74
- OpenSMTPD has been upgraded to version 6.4.0p1. This release makes backwards-incompatible changes to the configuration file format. See `man smtpd.conf` for more information on the new file format.
75
76
+
- The versioned `postgresql` have been renamed to use underscore number separators. For example, `postgresql96` has been renamed to `postgresql_9_6`.
77
78
- Package `consul-ui` and passthrough `consul.ui` have been removed. The package `consul` now uses upstream releases that vendor the UI into the binary. See [\#48714](https://github.com/NixOS/nixpkgs/pull/48714#issuecomment-433454834) for details.
79
+2
-2
nixos/doc/manual/release-notes/rl-1909.section.md
+2
-2
nixos/doc/manual/release-notes/rl-1909.section.md
···
154
155
- The setopt declarations will be evaluated at the end of `/etc/zshrc`, so any code in [programs.zsh.interactiveShellInit](options.html#opt-programs.zsh.interactiveShellInit), [programs.zsh.loginShellInit](options.html#opt-programs.zsh.loginShellInit) and [programs.zsh.promptInit](options.html#opt-programs.zsh.promptInit) may break if it relies on those options being set.
156
157
-
- The `prometheus-nginx-exporter` package now uses the offical exporter provided by NGINX Inc. Its metrics are differently structured and are incompatible to the old ones. For information about the metrics, have a look at the [official repo](https://github.com/nginxinc/nginx-prometheus-exporter).
158
159
- The `shibboleth-sp` package has been updated to version 3. It is largely backward compatible, for further information refer to the [release notes](https://wiki.shibboleth.net/confluence/display/SP3/ReleaseNotes) and [upgrade guide](https://wiki.shibboleth.net/confluence/display/SP3/UpgradingFromV2).
160
161
Nodejs 8 is scheduled EOL under the lifetime of 19.09 and has been dropped.
162
163
-
- By default, prometheus exporters are now run with `DynamicUser` enabled. Exporters that need a real user, now run under a seperate user and group which follow the pattern `<exporter-name>-exporter`, instead of the previous default `nobody` and `nogroup`. Only some exporters are affected by the latter, namely the exporters `dovecot`, `node`, `postfix` and `varnish`.
164
165
- The `ibus-qt` package is not installed by default anymore when [i18n.inputMethod.enabled](options.html#opt-i18n.inputMethod.enabled) is set to `ibus`. If IBus support in Qt 4.x applications is required, add the `ibus-qt` package to your [environment.systemPackages](options.html#opt-environment.systemPackages) manually.
166
···
154
155
- The setopt declarations will be evaluated at the end of `/etc/zshrc`, so any code in [programs.zsh.interactiveShellInit](options.html#opt-programs.zsh.interactiveShellInit), [programs.zsh.loginShellInit](options.html#opt-programs.zsh.loginShellInit) and [programs.zsh.promptInit](options.html#opt-programs.zsh.promptInit) may break if it relies on those options being set.
156
157
+
- The `prometheus-nginx-exporter` package now uses the official exporter provided by NGINX Inc. Its metrics are differently structured and are incompatible to the old ones. For information about the metrics, have a look at the [official repo](https://github.com/nginxinc/nginx-prometheus-exporter).
158
159
- The `shibboleth-sp` package has been updated to version 3. It is largely backward compatible, for further information refer to the [release notes](https://wiki.shibboleth.net/confluence/display/SP3/ReleaseNotes) and [upgrade guide](https://wiki.shibboleth.net/confluence/display/SP3/UpgradingFromV2).
160
161
Nodejs 8 is scheduled EOL under the lifetime of 19.09 and has been dropped.
162
163
+
- By default, prometheus exporters are now run with `DynamicUser` enabled. Exporters that need a real user, now run under a separate user and group which follow the pattern `<exporter-name>-exporter`, instead of the previous default `nobody` and `nogroup`. Only some exporters are affected by the latter, namely the exporters `dovecot`, `node`, `postfix` and `varnish`.
164
165
- The `ibus-qt` package is not installed by default anymore when [i18n.inputMethod.enabled](options.html#opt-i18n.inputMethod.enabled) is set to `ibus`. If IBus support in Qt 4.x applications is required, add the `ibus-qt` package to your [environment.systemPackages](options.html#opt-environment.systemPackages) manually.
166
+1
-1
nixos/doc/manual/release-notes/rl-2105.section.md
+1
-1
nixos/doc/manual/release-notes/rl-2105.section.md
···
369
370
- The zookeeper package does not provide `zooInspector.sh` anymore, as that \"contrib\" has been dropped from upstream releases.
371
372
-
- In the ACME module, the data used to build the hash for the account directory has changed to accomodate new features to reduce account rate limit issues. This will trigger new account creation on the first rebuild following this update. No issues are expected to arise from this, thanks to the new account creation handling.
373
374
- [users.users._name_.createHome](options.html#opt-users.users._name_.createHome) now always ensures home directory permissions to be `0700`. Permissions had previously been ignored for already existing home directories, possibly leaving them readable by others. The option\'s description was incorrect regarding ownership management and has been simplified greatly.
375
···
369
370
- The zookeeper package does not provide `zooInspector.sh` anymore, as that \"contrib\" has been dropped from upstream releases.
371
372
+
- In the ACME module, the data used to build the hash for the account directory has changed to accommodate new features to reduce account rate limit issues. This will trigger new account creation on the first rebuild following this update. No issues are expected to arise from this, thanks to the new account creation handling.
373
374
- [users.users._name_.createHome](options.html#opt-users.users._name_.createHome) now always ensures home directory permissions to be `0700`. Permissions had previously been ignored for already existing home directories, possibly leaving them readable by others. The option\'s description was incorrect regarding ownership management and has been simplified greatly.
375
+2
-2
nixos/doc/manual/release-notes/rl-2205.section.md
+2
-2
nixos/doc/manual/release-notes/rl-2205.section.md
···
107
108
- [kanidm](https://kanidm.github.io/kanidm/stable/), an identity management server written in Rust. Available as [services.kanidm](#opt-services.kanidm.enableServer)
109
110
-
- [Maddy](https://maddy.email/), a free an open source mail server. Availabe as [services.maddy](#opt-services.maddy.enable).
111
112
- [matrix-conduit](https://conduit.rs/), a simple, fast and reliable chat server powered by matrix. Available as [services.matrix-conduit](option.html#opt-services.matrix-conduit.enable).
113
···
562
- `pkgs._7zz` is now correctly licensed as LGPL3+ and BSD3 with optional unfree unRAR licensed code
563
564
- The `vim.customize` function produced by `vimUtils.makeCustomizable` now has a slightly different interface:
565
-
* The wrapper now includes everything in the given Vim derivation if `name` is `"vim"` (the default). This makes the `wrapManual` argument obsolete, but this behavior can be overriden by setting the `standalone` argument.
566
* All the executables present in the given derivation (or, in `standalone` mode, only the `*vim` ones) are wrapped. This makes the `wrapGui` argument obsolete.
567
* The `vimExecutableName` and `gvimExecutableName` arguments were replaced by a single `executableName` argument in which the shell variable `$exe` can be used to refer to the wrapped executable's name.
568
···
107
108
- [kanidm](https://kanidm.github.io/kanidm/stable/), an identity management server written in Rust. Available as [services.kanidm](#opt-services.kanidm.enableServer)
109
110
+
- [Maddy](https://maddy.email/), a free an open source mail server. Available as [services.maddy](#opt-services.maddy.enable).
111
112
- [matrix-conduit](https://conduit.rs/), a simple, fast and reliable chat server powered by matrix. Available as [services.matrix-conduit](option.html#opt-services.matrix-conduit.enable).
113
···
562
- `pkgs._7zz` is now correctly licensed as LGPL3+ and BSD3 with optional unfree unRAR licensed code
563
564
- The `vim.customize` function produced by `vimUtils.makeCustomizable` now has a slightly different interface:
565
+
* The wrapper now includes everything in the given Vim derivation if `name` is `"vim"` (the default). This makes the `wrapManual` argument obsolete, but this behavior can be overridden by setting the `standalone` argument.
566
* All the executables present in the given derivation (or, in `standalone` mode, only the `*vim` ones) are wrapped. This makes the `wrapGui` argument obsolete.
567
* The `vimExecutableName` and `gvimExecutableName` arguments were replaced by a single `executableName` argument in which the shell variable `$exe` can be used to refer to the wrapped executable's name.
568
+1
-1
nixos/doc/manual/release-notes/rl-2211.section.md
+1
-1
nixos/doc/manual/release-notes/rl-2211.section.md
···
385
386
- memtest86+ was updated from 5.00-coreboot-002 to 6.00-beta2. It is now the upstream version from https://www.memtest.org/, as coreboot's fork is no longer available.
387
388
-
- Option descriptions, examples, and defaults writting in DocBook are now deprecated. Using CommonMark is preferred and will become the default in a future release.
389
390
- The `documentation.nixos.options.allowDocBook` option was added to ease the transition to CommonMark option documentation. Setting this option to `false` causes an error for every option included in the manual that uses DocBook documentation; it defaults to `true` to preserve the previous behavior and will be removed once the transition to CommonMark is complete.
391
···
385
386
- memtest86+ was updated from 5.00-coreboot-002 to 6.00-beta2. It is now the upstream version from https://www.memtest.org/, as coreboot's fork is no longer available.
387
388
+
- Option descriptions, examples, and defaults writing in DocBook are now deprecated. Using CommonMark is preferred and will become the default in a future release.
389
390
- The `documentation.nixos.options.allowDocBook` option was added to ease the transition to CommonMark option documentation. Setting this option to `false` causes an error for every option included in the manual that uses DocBook documentation; it defaults to `true` to preserve the previous behavior and will be removed once the transition to CommonMark is complete.
391
+3
-3
nixos/doc/manual/release-notes/rl-2305.section.md
+3
-3
nixos/doc/manual/release-notes/rl-2305.section.md
···
37
38
- `services.sourcehut.dispatch` and the corresponding package (`sourcehut.dispatchsrht`) have been removed due to [upstream deprecation](https://sourcehut.org/blog/2022-08-01-dispatch-deprecation-plans/).
39
40
-
- The [services.snapserver.openFirewall](#opt-services.snapserver.openFirewall) module option default value has been changed from `true` to `false`. You will need to explicitely set this option to `true`, or configure your firewall.
41
42
-
- The [services.tmate-ssh-server.openFirewall](#opt-services.tmate-ssh-server.openFirewall) module option default value has been changed from `true` to `false`. You will need to explicitely set this option to `true`, or configure your firewall.
43
44
-
- The [services.unifi-video.openFirewall](#opt-services.unifi-video.openFirewall) module option default value has been changed from `true` to `false`. You will need to explicitely set this option to `true`, or configure your firewall.
45
46
- The EC2 image module previously detected and automatically mounted ext3-formatted instance store devices and partitions in stage-1 (initramfs), storing `/tmp` on the first discovered device. This behaviour, which only catered to very specific use cases and could not be disabled, has been removed. Users relying on this should provide their own implementation, and probably use ext4 and perform the mount in stage-2.
47
···
37
38
- `services.sourcehut.dispatch` and the corresponding package (`sourcehut.dispatchsrht`) have been removed due to [upstream deprecation](https://sourcehut.org/blog/2022-08-01-dispatch-deprecation-plans/).
39
40
+
- The [services.snapserver.openFirewall](#opt-services.snapserver.openFirewall) module option default value has been changed from `true` to `false`. You will need to explicitly set this option to `true`, or configure your firewall.
41
42
+
- The [services.tmate-ssh-server.openFirewall](#opt-services.tmate-ssh-server.openFirewall) module option default value has been changed from `true` to `false`. You will need to explicitly set this option to `true`, or configure your firewall.
43
44
+
- The [services.unifi-video.openFirewall](#opt-services.unifi-video.openFirewall) module option default value has been changed from `true` to `false`. You will need to explicitly set this option to `true`, or configure your firewall.
45
46
- The EC2 image module previously detected and automatically mounted ext3-formatted instance store devices and partitions in stage-1 (initramfs), storing `/tmp` on the first discovered device. This behaviour, which only catered to very specific use cases and could not be disabled, has been removed. Users relying on this should provide their own implementation, and probably use ext4 and perform the mount in stage-2.
47
+1
-1
nixos/lib/make-options-doc/default.nix
+1
-1
nixos/lib/make-options-doc/default.nix
+1
-1
nixos/modules/hardware/gpgsmartcards.nix
+1
-1
nixos/modules/hardware/gpgsmartcards.nix
···
8
# https://salsa.debian.org/debian/gnupg2/-/blob/debian/main/debian/scdaemon.udev
9
10
# the latest rev of the entire debian gnupg2 repo as of 2021-04-28
11
-
# the scdaemon.udev file was last commited on 2021-01-05 (7817a03):
12
scdaemonUdevRev = "01898735a015541e3ffb43c7245ac1e612f40836";
13
14
scdaemonRules = pkgs.fetchurl {
···
8
# https://salsa.debian.org/debian/gnupg2/-/blob/debian/main/debian/scdaemon.udev
9
10
# the latest rev of the entire debian gnupg2 repo as of 2021-04-28
11
+
# the scdaemon.udev file was last committed on 2021-01-05 (7817a03):
12
scdaemonUdevRev = "01898735a015541e3ffb43c7245ac1e612f40836";
13
14
scdaemonRules = pkgs.fetchurl {
+1
-1
nixos/modules/hardware/openrazer.nix
+1
-1
nixos/modules/hardware/openrazer.nix
+1
-1
nixos/modules/hardware/printers.nix
+1
-1
nixos/modules/hardware/printers.nix
+1
-1
nixos/modules/installer/cd-dvd/iso-image.nix
+1
-1
nixos/modules/installer/cd-dvd/iso-image.nix
···
81
82
# The configuration file for syslinux.
83
84
-
# Notes on syslinux configuration and UNetbootin compatiblity:
85
# * Do not use '/syslinux/syslinux.cfg' as the path for this
86
# configuration. UNetbootin will not parse the file and use it as-is.
87
# This results in a broken configuration if the partition label does
···
81
82
# The configuration file for syslinux.
83
84
+
# Notes on syslinux configuration and UNetbootin compatibility:
85
# * Do not use '/syslinux/syslinux.cfg' as the path for this
86
# configuration. UNetbootin will not parse the file and use it as-is.
87
# This results in a broken configuration if the partition label does
+1
-1
nixos/modules/misc/label.nix
+1
-1
nixos/modules/misc/label.nix
+2
-2
nixos/modules/security/acme/default.nix
+2
-2
nixos/modules/security/acme/default.nix
···
714
default = false;
715
description = lib.mdDoc ''
716
Whether to use the root user when generating certs. This is not recommended
717
-
for security + compatiblity reasons. If a service requires root owned certificates
718
consider following the guide on "Using ACME with services demanding root
719
owned certificates" in the NixOS manual, and only using this as a fallback
720
or for testing.
···
765
To use the let's encrypt staging server, use security.acme.server =
766
"https://acme-staging-v02.api.letsencrypt.org/directory".
767
'')
768
-
(mkRemovedOptionModule [ "security" "acme" "directory" ] "ACME Directory is now hardcoded to /var/lib/acme and its permisisons are managed by systemd. See https://github.com/NixOS/nixpkgs/issues/53852 for more info.")
769
(mkRemovedOptionModule [ "security" "acme" "preDelay" ] "This option has been removed. If you want to make sure that something executes before certificates are provisioned, add a RequiredBy=acme-\${cert}.service to the service you want to execute before the cert renewal")
770
(mkRemovedOptionModule [ "security" "acme" "activationDelay" ] "This option has been removed. If you want to make sure that something executes before certificates are provisioned, add a RequiredBy=acme-\${cert}.service to the service you want to execute before the cert renewal")
771
(mkChangedOptionModule [ "security" "acme" "validMin" ] [ "security" "acme" "defaults" "validMinDays" ] (config: config.security.acme.validMin / (24 * 3600)))
···
714
default = false;
715
description = lib.mdDoc ''
716
Whether to use the root user when generating certs. This is not recommended
717
+
for security + compatibility reasons. If a service requires root owned certificates
718
consider following the guide on "Using ACME with services demanding root
719
owned certificates" in the NixOS manual, and only using this as a fallback
720
or for testing.
···
765
To use the let's encrypt staging server, use security.acme.server =
766
"https://acme-staging-v02.api.letsencrypt.org/directory".
767
'')
768
+
(mkRemovedOptionModule [ "security" "acme" "directory" ] "ACME Directory is now hardcoded to /var/lib/acme and its permissions are managed by systemd. See https://github.com/NixOS/nixpkgs/issues/53852 for more info.")
769
(mkRemovedOptionModule [ "security" "acme" "preDelay" ] "This option has been removed. If you want to make sure that something executes before certificates are provisioned, add a RequiredBy=acme-\${cert}.service to the service you want to execute before the cert renewal")
770
(mkRemovedOptionModule [ "security" "acme" "activationDelay" ] "This option has been removed. If you want to make sure that something executes before certificates are provisioned, add a RequiredBy=acme-\${cert}.service to the service you want to execute before the cert renewal")
771
(mkChangedOptionModule [ "security" "acme" "validMin" ] [ "security" "acme" "defaults" "validMinDays" ] (config: config.security.acme.validMin / (24 * 3600)))
+1
-1
nixos/modules/security/apparmor.nix
+1
-1
nixos/modules/security/apparmor.nix
···
202
# (indirectly read from /etc/apparmor.d/*, without recursing into sub-directory).
203
# Note that this does not remove profiles dynamically generated by libvirt.
204
[ "${pkgs.apparmor-utils}/bin/aa-remove-unknown" ] ++
205
-
# Optionaly kill the processes which are unconfined but now have a profile loaded
206
# (because AppArmor can only start to confine new processes).
207
optional cfg.killUnconfinedConfinables killUnconfinedConfinables;
208
ExecStop = "${pkgs.apparmor-utils}/bin/aa-teardown";
···
202
# (indirectly read from /etc/apparmor.d/*, without recursing into sub-directory).
203
# Note that this does not remove profiles dynamically generated by libvirt.
204
[ "${pkgs.apparmor-utils}/bin/aa-remove-unknown" ] ++
205
+
# Optionally kill the processes which are unconfined but now have a profile loaded
206
# (because AppArmor can only start to confine new processes).
207
optional cfg.killUnconfinedConfinables killUnconfinedConfinables;
208
ExecStop = "${pkgs.apparmor-utils}/bin/aa-teardown";
+2
-2
nixos/modules/security/pam.nix
+2
-2
nixos/modules/security/pam.nix
···
282
defaultText = literalExpression "config.security.pam.mount.enable";
283
type = types.bool;
284
description = lib.mdDoc ''
285
-
Enable PAM mount (pam_mount) system to mount fileystems on user login.
286
'';
287
};
288
···
305
default = false;
306
type = types.bool;
307
description = lib.mdDoc ''
308
-
Wheather the delay after typing a wrong password should be disabled.
309
'';
310
};
311
···
282
defaultText = literalExpression "config.security.pam.mount.enable";
283
type = types.bool;
284
description = lib.mdDoc ''
285
+
Enable PAM mount (pam_mount) system to mount filesystems on user login.
286
'';
287
};
288
···
305
default = false;
306
type = types.bool;
307
description = lib.mdDoc ''
308
+
Whether the delay after typing a wrong password should be disabled.
309
'';
310
};
311
+1
-1
nixos/modules/security/pam_mount.nix
+1
-1
nixos/modules/security/pam_mount.nix
+1
-1
nixos/modules/security/wrappers/default.nix
+1
-1
nixos/modules/security/wrappers/default.nix
+1
-1
nixos/modules/services/audio/icecast.nix
+1
-1
nixos/modules/services/audio/icecast.nix
···
48
49
hostname = mkOption {
50
type = types.nullOr types.str;
51
-
description = lib.mdDoc "DNS name or IP address that will be used for the stream directory lookups or possibily the playlist generation if a Host header is not provided.";
52
default = config.networking.domain;
53
defaultText = literalExpression "config.networking.domain";
54
};
···
48
49
hostname = mkOption {
50
type = types.nullOr types.str;
51
+
description = lib.mdDoc "DNS name or IP address that will be used for the stream directory lookups or possibly the playlist generation if a Host header is not provided.";
52
default = config.networking.domain;
53
defaultText = literalExpression "config.networking.domain";
54
};
+2
-2
nixos/modules/services/backup/zfs-replication.nix
+2
-2
nixos/modules/services/backup/zfs-replication.nix
···
12
enable = mkEnableOption (lib.mdDoc "ZFS snapshot replication.");
13
14
followDelete = mkOption {
15
-
description = lib.mdDoc "Remove remote snapshots that don't have a local correspondant.";
16
default = true;
17
type = types.bool;
18
};
···
30
};
31
32
localFilesystem = mkOption {
33
-
description = lib.mdDoc "Local ZFS fileystem from which snapshots should be sent. Defaults to the attribute name.";
34
example = "pool/file/path";
35
type = types.str;
36
};
···
12
enable = mkEnableOption (lib.mdDoc "ZFS snapshot replication.");
13
14
followDelete = mkOption {
15
+
description = lib.mdDoc "Remove remote snapshots that don't have a local correspondent.";
16
default = true;
17
type = types.bool;
18
};
···
30
};
31
32
localFilesystem = mkOption {
33
+
description = lib.mdDoc "Local ZFS filesystem from which snapshots should be sent. Defaults to the attribute name.";
34
example = "pool/file/path";
35
type = types.str;
36
};
+3
-3
nixos/modules/services/backup/znapzend.nix
+3
-3
nixos/modules/services/backup/znapzend.nix
···
9
The znapzend backup plan to use for the source.
10
11
The plan specifies how often to backup and for how long to keep the
12
-
backups. It consists of a series of retention periodes to interval
13
associations:
14
15
```
···
268
269
mkSrcAttrs = srcCfg: with srcCfg; {
270
enabled = onOff enable;
271
-
# mbuffer is not referenced by its full path to accomodate non-NixOS systems or differing mbuffer versions between source and target
272
mbuffer = with mbuffer; if enable then "mbuffer"
273
+ optionalString (port != null) ":${toString port}" else "off";
274
mbuffer_size = mbuffer.size;
···
372
compressed feature which adds the options `-Lce` to
373
the {command}`zfs send` command. When this is enabled, make
374
sure that both the sending and receiving pool have the same relevant
375
-
features enabled. Using `-c` will skip unneccessary
376
decompress-compress stages, `-L` is for large block
377
support and -e is for embedded data support. see
378
{manpage}`znapzend(1)`
···
9
The znapzend backup plan to use for the source.
10
11
The plan specifies how often to backup and for how long to keep the
12
+
backups. It consists of a series of retention periods to interval
13
associations:
14
15
```
···
268
269
mkSrcAttrs = srcCfg: with srcCfg; {
270
enabled = onOff enable;
271
+
# mbuffer is not referenced by its full path to accommodate non-NixOS systems or differing mbuffer versions between source and target
272
mbuffer = with mbuffer; if enable then "mbuffer"
273
+ optionalString (port != null) ":${toString port}" else "off";
274
mbuffer_size = mbuffer.size;
···
372
compressed feature which adds the options `-Lce` to
373
the {command}`zfs send` command. When this is enabled, make
374
sure that both the sending and receiving pool have the same relevant
375
+
features enabled. Using `-c` will skip unnecessary
376
decompress-compress stages, `-L` is for large block
377
support and -e is for embedded data support. see
378
{manpage}`znapzend(1)`
+1
-1
nixos/modules/services/blockchain/ethereum/lighthouse.nix
+1
-1
nixos/modules/services/blockchain/ethereum/lighthouse.nix
+1
-1
nixos/modules/services/cluster/kubernetes/addon-manager.nix
+1
-1
nixos/modules/services/cluster/kubernetes/addon-manager.nix
+1
-1
nixos/modules/services/cluster/kubernetes/pki.nix
+1
-1
nixos/modules/services/cluster/kubernetes/pki.nix
+1
-1
nixos/modules/services/continuous-integration/buildbot/master.nix
+1
-1
nixos/modules/services/continuous-integration/buildbot/master.nix
+1
-1
nixos/modules/services/continuous-integration/github-runner/options.nix
+1
-1
nixos/modules/services/continuous-integration/github-runner/options.nix
···
49
registration token on startup as needed. Make sure the PAT has a scope of
50
`admin:org` for organization-wide registrations or a scope of
51
`repo` for a single repository. Fine-grained PATs need read and write permission
52
-
to the "Adminstration" resources.
53
54
Changing this option or the file's content triggers a new runner registration.
55
'';
···
49
registration token on startup as needed. Make sure the PAT has a scope of
50
`admin:org` for organization-wide registrations or a scope of
51
`repo` for a single repository. Fine-grained PATs need read and write permission
52
+
to the "Administration" resources.
53
54
Changing this option or the file's content triggers a new runner registration.
55
'';
+1
-1
nixos/modules/services/continuous-integration/gitlab-runner.nix
+1
-1
nixos/modules/services/continuous-integration/gitlab-runner.nix
+2
-2
nixos/modules/services/continuous-integration/hail.nix
+2
-2
nixos/modules/services/continuous-integration/hail.nix
···
15
default = false;
16
description = lib.mdDoc ''
17
Enables the Hail Auto Update Service. Hail can automatically deploy artifacts
18
-
built by a Hydra Continous Integration server. A common use case is to provide
19
-
continous deployment for single services or a full NixOS configuration.'';
20
};
21
profile = mkOption {
22
type = types.str;
···
15
default = false;
16
description = lib.mdDoc ''
17
Enables the Hail Auto Update Service. Hail can automatically deploy artifacts
18
+
built by a Hydra Continuous Integration server. A common use case is to provide
19
+
continuous deployment for single services or a full NixOS configuration.'';
20
};
21
profile = mkOption {
22
type = types.str;
+1
-1
nixos/modules/services/databases/firebird.nix
+1
-1
nixos/modules/services/databases/firebird.nix
···
14
#
15
# Be careful, virtuoso-opensource also provides a different isql command !
16
17
-
# There are at least two ways to run firebird. superserver has been choosen
18
# however there are no strong reasons to prefer this or the other one AFAIK
19
# Eg superserver is said to be most efficiently using resources according to
20
# http://www.firebirdsql.org/manual/qsg25-classic-or-super.html
···
14
#
15
# Be careful, virtuoso-opensource also provides a different isql command !
16
17
+
# There are at least two ways to run firebird. superserver has been chosen
18
# however there are no strong reasons to prefer this or the other one AFAIK
19
# Eg superserver is said to be most efficiently using resources according to
20
# http://www.firebirdsql.org/manual/qsg25-classic-or-super.html
+1
-1
nixos/modules/services/display-managers/greetd.nix
+1
-1
nixos/modules/services/display-managers/greetd.nix
···
45
default = !(cfg.settings ? initial_session);
46
defaultText = literalExpression "!(config.services.greetd.settings ? initial_session)";
47
description = lib.mdDoc ''
48
-
Wether to restart greetd when it terminates (e.g. on failure).
49
This is usually desirable so a user can always log in, but should be disabled when using 'settings.initial_session' (autologin),
50
because every greetd restart will trigger the autologin again.
51
'';
···
45
default = !(cfg.settings ? initial_session);
46
defaultText = literalExpression "!(config.services.greetd.settings ? initial_session)";
47
description = lib.mdDoc ''
48
+
Whether to restart greetd when it terminates (e.g. on failure).
49
This is usually desirable so a user can always log in, but should be disabled when using 'settings.initial_session' (autologin),
50
because every greetd restart will trigger the autologin again.
51
'';
+3
-3
nixos/modules/services/games/asf.nix
+3
-3
nixos/modules/services/games/asf.nix
···
35
description = lib.mdDoc ''
36
If enabled, starts the ArchisSteamFarm service.
37
For configuring the SteamGuard token you will need to use the web-ui, which is enabled by default over on 127.0.0.1:1242.
38
-
You cannot configure ASF in any way outside of nix, since all the config files get wiped on restart and replaced with the programatically set ones by nix.
39
'';
40
default = false;
41
};
···
98
ipcPasswordFile = mkOption {
99
type = types.nullOr types.path;
100
default = null;
101
-
description = lib.mdDoc "Path to a file containig the password. The file must be readable by the `asf` user/group.";
102
};
103
104
ipcSettings = mkOption {
···
129
};
130
passwordFile = mkOption {
131
type = types.path;
132
-
description = lib.mdDoc "Path to a file containig the password. The file must be readable by the `asf` user/group.";
133
};
134
enabled = mkOption {
135
type = types.bool;
···
35
description = lib.mdDoc ''
36
If enabled, starts the ArchisSteamFarm service.
37
For configuring the SteamGuard token you will need to use the web-ui, which is enabled by default over on 127.0.0.1:1242.
38
+
You cannot configure ASF in any way outside of nix, since all the config files get wiped on restart and replaced with the programnatically set ones by nix.
39
'';
40
default = false;
41
};
···
98
ipcPasswordFile = mkOption {
99
type = types.nullOr types.path;
100
default = null;
101
+
description = lib.mdDoc "Path to a file containing the password. The file must be readable by the `asf` user/group.";
102
};
103
104
ipcSettings = mkOption {
···
129
};
130
passwordFile = mkOption {
131
type = types.path;
132
+
description = lib.mdDoc "Path to a file containing the password. The file must be readable by the `asf` user/group.";
133
};
134
enabled = mkOption {
135
type = types.bool;
+1
-1
nixos/modules/services/games/minetest-server.nix
+1
-1
nixos/modules/services/games/minetest-server.nix
+1
-1
nixos/modules/services/hardware/lirc.nix
+1
-1
nixos/modules/services/hardware/lirc.nix
+1
-1
nixos/modules/services/hardware/sane.nix
+1
-1
nixos/modules/services/hardware/sane.nix
+1
-1
nixos/modules/services/logging/logrotate.nix
+1
-1
nixos/modules/services/logging/logrotate.nix
+1
-1
nixos/modules/services/mail/mailman.nix
+1
-1
nixos/modules/services/mail/mailman.nix
+3
-3
nixos/modules/services/mail/postfix.nix
+3
-3
nixos/modules/services/mail/postfix.nix
···
234
235
headerChecks = concatStringsSep "\n" (map (x: "${x.pattern} ${x.action}") cfg.headerChecks) + cfg.extraHeaderChecks;
236
237
-
aliases = let seperator = if cfg.aliasMapType == "hash" then ":" else ""; in
238
optionalString (cfg.postmasterAlias != "") ''
239
-
postmaster${seperator} ${cfg.postmasterAlias}
240
''
241
+ optionalString (cfg.rootAlias != "") ''
242
-
root${seperator} ${cfg.rootAlias}
243
''
244
+ cfg.extraAliases
245
;
···
234
235
headerChecks = concatStringsSep "\n" (map (x: "${x.pattern} ${x.action}") cfg.headerChecks) + cfg.extraHeaderChecks;
236
237
+
aliases = let separator = if cfg.aliasMapType == "hash" then ":" else ""; in
238
optionalString (cfg.postmasterAlias != "") ''
239
+
postmaster${separator} ${cfg.postmasterAlias}
240
''
241
+ optionalString (cfg.rootAlias != "") ''
242
+
root${separator} ${cfg.rootAlias}
243
''
244
+ cfg.extraAliases
245
;
+2
-2
nixos/modules/services/mail/roundcube.nix
+2
-2
nixos/modules/services/mail/roundcube.nix
···
39
'';
40
41
description = lib.mdDoc ''
42
-
The package which contains roundcube's sources. Can be overriden to create
43
an environment which contains roundcube and third-party plugins.
44
'';
45
};
···
92
default = [];
93
example = literalExpression "with pkgs.aspellDicts; [ en fr de ]";
94
description = lib.mdDoc ''
95
-
List of aspell dictionnaries for spell checking. If empty, spell checking is disabled.
96
'';
97
};
98
···
39
'';
40
41
description = lib.mdDoc ''
42
+
The package which contains roundcube's sources. Can be overridden to create
43
an environment which contains roundcube and third-party plugins.
44
'';
45
};
···
92
default = [];
93
example = literalExpression "with pkgs.aspellDicts; [ en fr de ]";
94
description = lib.mdDoc ''
95
+
List of aspell dictionaries for spell checking. If empty, spell checking is disabled.
96
'';
97
};
98
+2
-2
nixos/modules/services/matrix/mautrix-telegram.nix
+2
-2
nixos/modules/services/matrix/mautrix-telegram.nix
···
105
`MAUTRIX_TELEGRAM_TELEGRAM_BOT_TOKEN`.
106
107
These environment variables can also be used to set other options by
108
-
replacing hierachy levels by `.`, converting the name to uppercase
109
and prepending `MAUTRIX_TELEGRAM_`.
110
For example, the first value above maps to
111
{option}`settings.appservice.as_token`.
···
140
path = [ pkgs.lottieconverter ];
141
142
# mautrix-telegram tries to generate a dotfile in the home directory of
143
-
# the running user if using a postgresql databse:
144
#
145
# File "python3.10/site-packages/asyncpg/connect_utils.py", line 257, in _dot_postgre>
146
# return (pathlib.Path.home() / '.postgresql' / filename).resolve()
···
105
`MAUTRIX_TELEGRAM_TELEGRAM_BOT_TOKEN`.
106
107
These environment variables can also be used to set other options by
108
+
replacing hierarchy levels by `.`, converting the name to uppercase
109
and prepending `MAUTRIX_TELEGRAM_`.
110
For example, the first value above maps to
111
{option}`settings.appservice.as_token`.
···
140
path = [ pkgs.lottieconverter ];
141
142
# mautrix-telegram tries to generate a dotfile in the home directory of
143
+
# the running user if using a postgresql database:
144
#
145
# File "python3.10/site-packages/asyncpg/connect_utils.py", line 257, in _dot_postgre>
146
# return (pathlib.Path.home() / '.postgresql' / filename).resolve()
+1
-1
nixos/modules/services/matrix/synapse.nix
+1
-1
nixos/modules/services/matrix/synapse.nix
···
80
(mkRemovedOptionModule [ "services" "matrix-synapse" "user_creation_max_duration" ] "It is no longer supported by synapse." )
81
(mkRemovedOptionModule [ "services" "matrix-synapse" "verbose" ] "Use a log config instead." )
82
83
-
# options that were moved into rfc42 style settigns
84
(mkRemovedOptionModule [ "services" "matrix-synapse" "app_service_config_files" ] "Use settings.app_service_config_files instead" )
85
(mkRemovedOptionModule [ "services" "matrix-synapse" "database_args" ] "Use settings.database.args instead" )
86
(mkRemovedOptionModule [ "services" "matrix-synapse" "database_name" ] "Use settings.database.args.database instead" )
···
80
(mkRemovedOptionModule [ "services" "matrix-synapse" "user_creation_max_duration" ] "It is no longer supported by synapse." )
81
(mkRemovedOptionModule [ "services" "matrix-synapse" "verbose" ] "Use a log config instead." )
82
83
+
# options that were moved into rfc42 style settings
84
(mkRemovedOptionModule [ "services" "matrix-synapse" "app_service_config_files" ] "Use settings.app_service_config_files instead" )
85
(mkRemovedOptionModule [ "services" "matrix-synapse" "database_args" ] "Use settings.database.args instead" )
86
(mkRemovedOptionModule [ "services" "matrix-synapse" "database_name" ] "Use settings.database.args.database instead" )
+1
-1
nixos/modules/services/misc/dysnomia.nix
+1
-1
nixos/modules/services/misc/dysnomia.nix
···
114
};
115
116
components = mkOption {
117
-
description = lib.mdDoc "An atttribute set in which each key represents a container and each value an attribute set in which each key represents a component and each value a derivation constructing its initial state";
118
default = {};
119
type = types.attrsOf types.attrs;
120
};
···
114
};
115
116
components = mkOption {
117
+
description = lib.mdDoc "An attribute set in which each key represents a container and each value an attribute set in which each key represents a component and each value a derivation constructing its initial state";
118
default = {};
119
type = types.attrsOf types.attrs;
120
};
+1
-1
nixos/modules/services/misc/gammu-smsd.nix
+1
-1
nixos/modules/services/misc/gammu-smsd.nix
+2
-2
nixos/modules/services/misc/gitea.nix
+2
-2
nixos/modules/services/misc/gitea.nix
···
183
file = mkOption {
184
type = types.nullOr types.str;
185
default = null;
186
-
description = lib.mdDoc "Filename to be used for the dump. If `null` a default name is choosen by gitea.";
187
example = "gitea-dump";
188
};
189
};
···
487
488
# In older versions the secret naming for JWT was kind of confusing.
489
# The file jwt_secret hold the value for LFS_JWT_SECRET and JWT_SECRET
490
-
# wasn't persistant at all.
491
# To fix that, there is now the file oauth2_jwt_secret containing the
492
# values for JWT_SECRET and the file jwt_secret gets renamed to
493
# lfs_jwt_secret.
···
183
file = mkOption {
184
type = types.nullOr types.str;
185
default = null;
186
+
description = lib.mdDoc "Filename to be used for the dump. If `null` a default name is chosen by gitea.";
187
example = "gitea-dump";
188
};
189
};
···
487
488
# In older versions the secret naming for JWT was kind of confusing.
489
# The file jwt_secret hold the value for LFS_JWT_SECRET and JWT_SECRET
490
+
# wasn't persistent at all.
491
# To fix that, there is now the file oauth2_jwt_secret containing the
492
# values for JWT_SECRET and the file jwt_secret gets renamed to
493
# lfs_jwt_secret.
+1
-1
nixos/modules/services/misc/gitlab.xml
+1
-1
nixos/modules/services/misc/gitlab.xml
+1
-1
nixos/modules/services/misc/jellyfin.nix
+1
-1
nixos/modules/services/misc/jellyfin.nix
+2
-2
nixos/modules/services/misc/nix-daemon.nix
+2
-2
nixos/modules/services/misc/nix-daemon.nix
···
609
610
By default, pseudo-features `nixos-test`, `benchmark`,
611
and `big-parallel` used in Nixpkgs are set, `kvm`
612
-
is also included in it is avaliable.
613
'';
614
};
615
···
642
description = lib.mdDoc ''
643
Configuration for Nix, see
644
<https://nixos.org/manual/nix/stable/#sec-conf-file> or
645
-
{manpage}`nix.conf(5)` for avalaible options.
646
The value declared here will be translated directly to the key-value pairs Nix expects.
647
648
You can use {command}`nix-instantiate --eval --strict '<nixpkgs/nixos>' -A config.nix.settings`
···
609
610
By default, pseudo-features `nixos-test`, `benchmark`,
611
and `big-parallel` used in Nixpkgs are set, `kvm`
612
+
is also included in it is available.
613
'';
614
};
615
···
642
description = lib.mdDoc ''
643
Configuration for Nix, see
644
<https://nixos.org/manual/nix/stable/#sec-conf-file> or
645
+
{manpage}`nix.conf(5)` for available options.
646
The value declared here will be translated directly to the key-value pairs Nix expects.
647
648
You can use {command}`nix-instantiate --eval --strict '<nixpkgs/nixos>' -A config.nix.settings`
+1
-1
nixos/modules/services/misc/podgrab.nix
+1
-1
nixos/modules/services/misc/podgrab.nix
+1
-1
nixos/modules/services/misc/portunus.nix
+1
-1
nixos/modules/services/misc/portunus.nix
···
135
type = types.bool;
136
default = false;
137
description = lib.mdDoc ''
138
-
Wether to enable LDAPS protocol.
139
This also adds two entries to the `/etc/hosts` file to point [](#opt-services.portunus.domain) to localhost,
140
so that CLIs and programs can use ldaps protocol and verify the certificate without opening the firewall port for the protocol.
141
···
135
type = types.bool;
136
default = false;
137
description = lib.mdDoc ''
138
+
Whether to enable LDAPS protocol.
139
This also adds two entries to the `/etc/hosts` file to point [](#opt-services.portunus.domain) to localhost,
140
so that CLIs and programs can use ldaps protocol and verify the certificate without opening the firewall port for the protocol.
141
+1
-1
nixos/modules/services/misc/serviio.nix
+1
-1
nixos/modules/services/misc/serviio.nix
+1
-1
nixos/modules/services/misc/sourcehut/service.nix
+1
-1
nixos/modules/services/misc/sourcehut/service.nix
···
71
# Note that each systemd service gets its own ${runDir}/config.ini file.
72
ExecStartPre = mkBefore [("+"+pkgs.writeShellScript "${serviceName}-credentials" ''
73
set -x
74
-
# Replace values begining with a '<' by the content of the file whose name is after.
75
gawk '{ if (match($0,/^([^=]+=)<(.+)/,m)) { getline f < m[2]; print m[1] f } else print $0 }' ${configIni} |
76
${optionalString (!allowStripe) "gawk '!/^stripe-secret-key=/' |"}
77
install -o ${srvCfg.user} -g root -m 400 /dev/stdin ${runDir}/config.ini
···
71
# Note that each systemd service gets its own ${runDir}/config.ini file.
72
ExecStartPre = mkBefore [("+"+pkgs.writeShellScript "${serviceName}-credentials" ''
73
set -x
74
+
# Replace values beginning with a '<' by the content of the file whose name is after.
75
gawk '{ if (match($0,/^([^=]+=)<(.+)/,m)) { getline f < m[2]; print m[1] f } else print $0 }' ${configIni} |
76
${optionalString (!allowStripe) "gawk '!/^stripe-secret-key=/' |"}
77
install -o ${srvCfg.user} -g root -m 400 /dev/stdin ${runDir}/config.ini
+2
-2
nixos/modules/services/misc/taskserver/default.nix
+2
-2
nixos/modules/services/misc/taskserver/default.nix
···
145
in lib.mdDoc ''
146
Whether to enable the Taskwarrior server.
147
148
-
More instructions about NixOS in conjuction with Taskserver can be
149
found [in the NixOS manual](${url}).
150
'';
151
};
···
251
client id (such as `task 2.3.0`).
252
253
The values `all` or `none` have
254
-
special meaning. Overidden by any entry in the option
255
{option}`services.taskserver.disallowedClientIDs`.
256
'';
257
};
···
145
in lib.mdDoc ''
146
Whether to enable the Taskwarrior server.
147
148
+
More instructions about NixOS in conjunction with Taskserver can be
149
found [in the NixOS manual](${url}).
150
'';
151
};
···
251
client id (such as `task 2.3.0`).
252
253
The values `all` or `none` have
254
+
special meaning. Overridden by any entry in the option
255
{option}`services.taskserver.disallowedClientIDs`.
256
'';
257
};
+2
-2
nixos/modules/services/monitoring/graphite.nix
+2
-2
nixos/modules/services/monitoring/graphite.nix
···
154
};
155
156
blacklist = mkOption {
157
-
description = lib.mdDoc "Any metrics received which match one of the experssions will be dropped.";
158
default = null;
159
type = types.nullOr types.str;
160
example = "^some\\.noisy\\.metric\\.prefix\\..*";
161
};
162
163
whitelist = mkOption {
164
-
description = lib.mdDoc "Only metrics received which match one of the experssions will be persisted.";
165
default = null;
166
type = types.nullOr types.str;
167
example = ".*";
···
154
};
155
156
blacklist = mkOption {
157
+
description = lib.mdDoc "Any metrics received which match one of the expressions will be dropped.";
158
default = null;
159
type = types.nullOr types.str;
160
example = "^some\\.noisy\\.metric\\.prefix\\..*";
161
};
162
163
whitelist = mkOption {
164
+
description = lib.mdDoc "Only metrics received which match one of the expressions will be persisted.";
165
default = null;
166
type = types.nullOr types.str;
167
example = ".*";
+2
-2
nixos/modules/services/monitoring/prometheus/exporters.xml
+2
-2
nixos/modules/services/monitoring/prometheus/exporters.xml
···
37
by default</link>, via http under <literal>/metrics</literal>. In this
38
example the firewall should just allow incoming connections to the
39
exporter's port on the bridge interface <literal>br0</literal> (this would
40
-
have to be configured seperately of course). For more information about
41
configuration see <literal>man configuration.nix</literal> or search through
42
the
43
<link xlink:href="https://nixos.org/nixos/options.html#prometheus.exporters">available
···
179
# for the exporter's systemd service. One of
180
# `serviceOpts.script` and `serviceOpts.serviceConfig.ExecStart`
181
# has to be specified here. This will be merged with the default
182
-
# service confiuration.
183
# Note that by default 'DynamicUser' is 'true'.
184
serviceOpts = {
185
serviceConfig = {
···
37
by default</link>, via http under <literal>/metrics</literal>. In this
38
example the firewall should just allow incoming connections to the
39
exporter's port on the bridge interface <literal>br0</literal> (this would
40
+
have to be configured separately of course). For more information about
41
configuration see <literal>man configuration.nix</literal> or search through
42
the
43
<link xlink:href="https://nixos.org/nixos/options.html#prometheus.exporters">available
···
179
# for the exporter's systemd service. One of
180
# `serviceOpts.script` and `serviceOpts.serviceConfig.ExecStart`
181
# has to be specified here. This will be merged with the default
182
+
# service configuration.
183
# Note that by default 'DynamicUser' is 'true'.
184
serviceOpts = {
185
serviceConfig = {
+1
-1
nixos/modules/services/monitoring/prometheus/exporters/nginxlog.nix
+1
-1
nixos/modules/services/monitoring/prometheus/exporters/nginxlog.nix
+1
-1
nixos/modules/services/monitoring/thanos.nix
+1
-1
nixos/modules/services/monitoring/thanos.nix
···
300
max-time = mkParamDef types.str "9999-12-31T23:59:59Z" ''
301
End of time range limit to serve.
302
303
-
Thanos Store serves only blocks, which happened eariler than this
304
value. Option can be a constant time in RFC3339 format or time duration
305
relative to current time, such as -1d or 2h45m. Valid duration units are
306
ms, s, m, h, d, w, y.
···
300
max-time = mkParamDef types.str "9999-12-31T23:59:59Z" ''
301
End of time range limit to serve.
302
303
+
Thanos Store serves only blocks, which happened earlier than this
304
value. Option can be a constant time in RFC3339 format or time duration
305
relative to current time, such as -1d or 2h45m. Valid duration units are
306
ms, s, m, h, d, w, y.
+2
-2
nixos/modules/services/monitoring/ups.nix
+2
-2
nixos/modules/services/monitoring/ups.nix
···
12
upsOptions = {name, config, ...}:
13
{
14
options = {
15
-
# This can be infered from the UPS model by looking at
16
# /nix/store/nut/share/driver.list
17
driver = mkOption {
18
type = types.str;
···
228
"}
229
'';
230
"nut/upssched.conf".source = cfg.schedulerRules;
231
-
# These file are containing private informations and thus should not
232
# be stored inside the Nix store.
233
/*
234
"nut/upsd.conf".source = "";
···
12
upsOptions = {name, config, ...}:
13
{
14
options = {
15
+
# This can be inferred from the UPS model by looking at
16
# /nix/store/nut/share/driver.list
17
driver = mkOption {
18
type = types.str;
···
228
"}
229
'';
230
"nut/upssched.conf".source = cfg.schedulerRules;
231
+
# These file are containing private information and thus should not
232
# be stored inside the Nix store.
233
/*
234
"nut/upsd.conf".source = "";
+1
-1
nixos/modules/services/network-filesystems/kubo.nix
+1
-1
nixos/modules/services/network-filesystems/kubo.nix
+2
-2
nixos/modules/services/network-filesystems/moosefs.nix
+2
-2
nixos/modules/services/network-filesystems/moosefs.nix
···
52
chunkserverCfg = settingsFormat.generate
53
"mfschunkserver.cfg" cfg.chunkserver.settings;
54
55
-
# generic template for all deamons
56
systemdService = name: extraConfig: configFile: {
57
wantedBy = [ "multi-user.target" ];
58
wants = [ "network-online.target" ];
···
94
Enable Moosefs master daemon.
95
96
You need to run `mfsmaster-init` on a freshly installed master server to
97
-
initialize the `DATA_PATH` direcory.
98
'';
99
default = false;
100
};
···
52
chunkserverCfg = settingsFormat.generate
53
"mfschunkserver.cfg" cfg.chunkserver.settings;
54
55
+
# generic template for all daemons
56
systemdService = name: extraConfig: configFile: {
57
wantedBy = [ "multi-user.target" ];
58
wants = [ "network-online.target" ];
···
94
Enable Moosefs master daemon.
95
96
You need to run `mfsmaster-init` on a freshly installed master server to
97
+
initialize the `DATA_PATH` directory.
98
'';
99
default = false;
100
};
+1
-1
nixos/modules/services/network-filesystems/orangefs/client.nix
+1
-1
nixos/modules/services/network-filesystems/orangefs/client.nix
+1
-1
nixos/modules/services/network-filesystems/orangefs/server.nix
+1
-1
nixos/modules/services/network-filesystems/orangefs/server.nix
+1
-1
nixos/modules/services/networking/3proxy.nix
+1
-1
nixos/modules/services/networking/3proxy.nix
···
158
description = lib.mdDoc ''
159
List of target IP ranges, use empty list for any.
160
May also contain host names instead of addresses.
161
-
It's possible to use wildmask in the begginning and in the the end of hostname, e.g. `*badsite.com` or `*badcontent*`.
162
Hostname is only checked if hostname presents in request.
163
'';
164
};
···
158
description = lib.mdDoc ''
159
List of target IP ranges, use empty list for any.
160
May also contain host names instead of addresses.
161
+
It's possible to use wildmask in the beginning and in the the end of hostname, e.g. `*badsite.com` or `*badcontent*`.
162
Hostname is only checked if hostname presents in request.
163
'';
164
};
+2
-2
nixos/modules/services/networking/biboumi.nix
+2
-2
nixos/modules/services/networking/biboumi.nix
···
45
default = "/etc/ssl/certs/ca-certificates.crt";
46
description = lib.mdDoc ''
47
Specifies which file should be used as the list of trusted CA
48
-
when negociating a TLS session.
49
'';
50
};
51
options.db_name = mkOption {
···
111
description = lib.mdDoc ''
112
A directory that should contain the policy files,
113
used to customize Botan’s behaviour
114
-
when negociating the TLS connections with the IRC servers.
115
'';
116
};
117
options.port = mkOption {
···
45
default = "/etc/ssl/certs/ca-certificates.crt";
46
description = lib.mdDoc ''
47
Specifies which file should be used as the list of trusted CA
48
+
when negotiating a TLS session.
49
'';
50
};
51
options.db_name = mkOption {
···
111
description = lib.mdDoc ''
112
A directory that should contain the policy files,
113
used to customize Botan’s behaviour
114
+
when negotiating the TLS connections with the IRC servers.
115
'';
116
};
117
options.port = mkOption {
+1
-1
nixos/modules/services/networking/bitcoind.nix
+1
-1
nixos/modules/services/networking/bitcoind.nix
+1
-1
nixos/modules/services/networking/bitlbee.nix
+1
-1
nixos/modules/services/networking/bitlbee.nix
+1
-1
nixos/modules/services/networking/consul.nix
+1
-1
nixos/modules/services/networking/consul.nix
+1
-1
nixos/modules/services/networking/epmd.nix
+1
-1
nixos/modules/services/networking/epmd.nix
···
32
default = "[::]:4369";
33
description = lib.mdDoc ''
34
the listenStream used by the systemd socket.
35
-
see https://www.freedesktop.org/software/systemd/man/systemd.socket.html#ListenStream= for more informations.
36
use this to change the port epmd will run on.
37
if not defined, epmd will use "[::]:4369"
38
'';
···
32
default = "[::]:4369";
33
description = lib.mdDoc ''
34
the listenStream used by the systemd socket.
35
+
see https://www.freedesktop.org/software/systemd/man/systemd.socket.html#ListenStream= for more information.
36
use this to change the port epmd will run on.
37
if not defined, epmd will use "[::]:4369"
38
'';
+2
-2
nixos/modules/services/networking/hans.nix
+2
-2
nixos/modules/services/networking/hans.nix
+2
-2
nixos/modules/services/networking/headscale.nix
+2
-2
nixos/modules/services/networking/headscale.nix
···
268
type = types.attrsOf types.str;
269
default = { };
270
description = lib.mdDoc ''
271
-
Domain map is used to map incomming users (by their email) to
272
a namespace. The key can be a string, or regex.
273
'';
274
example = {
···
326
type = types.nullOr types.path;
327
default = null;
328
description = lib.mdDoc ''
329
-
Path to a file containg ACL policies.
330
'';
331
};
332
···
268
type = types.attrsOf types.str;
269
default = { };
270
description = lib.mdDoc ''
271
+
Domain map is used to map incoming users (by their email) to
272
a namespace. The key can be a string, or regex.
273
'';
274
example = {
···
326
type = types.nullOr types.path;
327
default = null;
328
description = lib.mdDoc ''
329
+
Path to a file containing ACL policies.
330
'';
331
};
332
+1
-1
nixos/modules/services/networking/hylafax/systemd.nix
+1
-1
nixos/modules/services/networking/hylafax/systemd.nix
···
96
hardenService =
97
# Add some common systemd service hardening settings,
98
# but allow each service (here) to override
99
-
# settings by explicitely setting those to `null`.
100
# More hardening would be nice but makes
101
# customizing hylafax setups very difficult.
102
# If at all, it should only be added along
···
96
hardenService =
97
# Add some common systemd service hardening settings,
98
# but allow each service (here) to override
99
+
# settings by explicitly setting those to `null`.
100
# More hardening would be nice but makes
101
# customizing hylafax setups very difficult.
102
# If at all, it should only be added along
+1
-1
nixos/modules/services/networking/i2pd.nix
+1
-1
nixos/modules/services/networking/i2pd.nix
+1
-1
nixos/modules/services/networking/iperf3.nix
+1
-1
nixos/modules/services/networking/iperf3.nix
+4
-4
nixos/modules/services/networking/kea.nix
+4
-4
nixos/modules/services/networking/kea.nix
···
47
type = listOf str;
48
default = [];
49
description = lib.mdDoc ''
50
-
List of additonal arguments to pass to the daemon.
51
'';
52
};
53
···
86
type = listOf str;
87
default = [];
88
description = lib.mdDoc ''
89
-
List of additonal arguments to pass to the daemon.
90
'';
91
};
92
···
146
type = listOf str;
147
default = [];
148
description = lib.mdDoc ''
149
-
List of additonal arguments to pass to the daemon.
150
'';
151
};
152
···
207
type = listOf str;
208
default = [];
209
description = lib.mdDoc ''
210
-
List of additonal arguments to pass to the daemon.
211
'';
212
};
213
···
47
type = listOf str;
48
default = [];
49
description = lib.mdDoc ''
50
+
List of additional arguments to pass to the daemon.
51
'';
52
};
53
···
86
type = listOf str;
87
default = [];
88
description = lib.mdDoc ''
89
+
List of additional arguments to pass to the daemon.
90
'';
91
};
92
···
146
type = listOf str;
147
default = [];
148
description = lib.mdDoc ''
149
+
List of additional arguments to pass to the daemon.
150
'';
151
};
152
···
207
type = listOf str;
208
default = [];
209
description = lib.mdDoc ''
210
+
List of additional arguments to pass to the daemon.
211
'';
212
};
213
+1
-1
nixos/modules/services/networking/knot.nix
+1
-1
nixos/modules/services/networking/knot.nix
+1
-1
nixos/modules/services/networking/libreswan.nix
+1
-1
nixos/modules/services/networking/libreswan.nix
···
106
type = types.bool;
107
default = true;
108
description = lib.mdDoc ''
109
-
Whether to disable send and accept redirects for all nework interfaces.
110
See the Libreswan [
111
FAQ](https://libreswan.org/wiki/FAQ#Why_is_it_recommended_to_disable_send_redirects_in_.2Fproc.2Fsys.2Fnet_.3F) page for why this is recommended.
112
'';
···
106
type = types.bool;
107
default = true;
108
description = lib.mdDoc ''
109
+
Whether to disable send and accept redirects for all network interfaces.
110
See the Libreswan [
111
FAQ](https://libreswan.org/wiki/FAQ#Why_is_it_recommended_to_disable_send_redirects_in_.2Fproc.2Fsys.2Fnet_.3F) page for why this is recommended.
112
'';
+1
-1
nixos/modules/services/networking/lxd-image-server.nix
+1
-1
nixos/modules/services/networking/lxd-image-server.nix
+1
-1
nixos/modules/services/networking/mosquitto.nix
+1
-1
nixos/modules/services/networking/mosquitto.nix
+1
-1
nixos/modules/services/networking/ncdns.nix
+1
-1
nixos/modules/services/networking/ncdns.nix
+2
-2
nixos/modules/services/networking/ndppd.nix
+2
-2
nixos/modules/services/networking/ndppd.nix
···
43
timeout = mkOption {
44
type = types.int;
45
description = lib.mdDoc ''
46
-
Controls how long to wait for a Neighbor Advertisment Message before
47
invalidating the entry, in milliseconds.
48
'';
49
default = 500;
···
74
type = types.nullOr types.str;
75
description = lib.mdDoc ''
76
This is the target address is to match against. If no netmask
77
-
is provided, /128 is assumed. The addresses of serveral rules
78
may or may not overlap.
79
Defaults to the name of the attrset.
80
'';
···
43
timeout = mkOption {
44
type = types.int;
45
description = lib.mdDoc ''
46
+
Controls how long to wait for a Neighbor Advertisement Message before
47
invalidating the entry, in milliseconds.
48
'';
49
default = 500;
···
74
type = types.nullOr types.str;
75
description = lib.mdDoc ''
76
This is the target address is to match against. If no netmask
77
+
is provided, /128 is assumed. The addresses of several rules
78
may or may not overlap.
79
Defaults to the name of the attrset.
80
'';
+1
-1
nixos/modules/services/networking/nftables.nix
+1
-1
nixos/modules/services/networking/nftables.nix
+1
-1
nixos/modules/services/networking/nsd.nix
+1
-1
nixos/modules/services/networking/nsd.nix
···
371
default = null;
372
example = "2000::1@1234";
373
description = lib.mdDoc ''
374
-
This address will be used for zone-transfere requests if configured
375
as a secondary server or notifications in case of a primary server.
376
Supply either a plain IPv4 or IPv6 address with an optional port
377
number (ip@port).
···
371
default = null;
372
example = "2000::1@1234";
373
description = lib.mdDoc ''
374
+
This address will be used for zone-transfer requests if configured
375
as a secondary server or notifications in case of a primary server.
376
Supply either a plain IPv4 or IPv6 address with an optional port
377
number (ip@port).
+1
-1
nixos/modules/services/networking/ostinato.nix
+1
-1
nixos/modules/services/networking/ostinato.nix
···
54
default = "0.0.0.0";
55
description = lib.mdDoc ''
56
By default, the Drone RPC server will listen on all interfaces and
57
-
local IPv4 adresses for incoming connections from clients. Specify
58
a single IPv4 or IPv6 address if you want to restrict that.
59
To listen on any IPv6 address, use ::
60
'';
···
54
default = "0.0.0.0";
55
description = lib.mdDoc ''
56
By default, the Drone RPC server will listen on all interfaces and
57
+
local IPv4 addresses for incoming connections from clients. Specify
58
a single IPv4 or IPv6 address if you want to restrict that.
59
To listen on any IPv6 address, use ::
60
'';
+1
-1
nixos/modules/services/networking/pleroma.nix
+1
-1
nixos/modules/services/networking/pleroma.nix
+4
-4
nixos/modules/services/networking/prosody.nix
+4
-4
nixos/modules/services/networking/prosody.nix
···
309
type = types.int;
310
default = 300;
311
description = lib.mdDoc ''
312
-
Timout after which the room is destroyed or unlocked if not
313
configured, in seconds
314
'';
315
};
···
489
490
Setting this option to true will prevent you from building a
491
NixOS configuration which won't comply with this standard.
492
-
You can explicitely decide to ignore this standard if you
493
know what you are doing by setting this option to false.
494
495
[1] https://xmpp.org/extensions/xep-0423.html
···
649
extraPluginPaths = mkOption {
650
type = types.listOf types.path;
651
default = [];
652
-
description = lib.mdDoc "Addtional path in which to look find plugins/modules";
653
};
654
655
uploadHttp = mkOption {
···
733
734
Having a server not XEP-0423-compliant might make your XMPP
735
experience terrible. See the NixOS manual for further
736
-
informations.
737
738
If you know what you're doing, you can disable this warning by
739
setting config.services.prosody.xmppComplianceSuite to false.
···
309
type = types.int;
310
default = 300;
311
description = lib.mdDoc ''
312
+
Timeout after which the room is destroyed or unlocked if not
313
configured, in seconds
314
'';
315
};
···
489
490
Setting this option to true will prevent you from building a
491
NixOS configuration which won't comply with this standard.
492
+
You can explicitly decide to ignore this standard if you
493
know what you are doing by setting this option to false.
494
495
[1] https://xmpp.org/extensions/xep-0423.html
···
649
extraPluginPaths = mkOption {
650
type = types.listOf types.path;
651
default = [];
652
+
description = lib.mdDoc "Additional path in which to look find plugins/modules";
653
};
654
655
uploadHttp = mkOption {
···
733
734
Having a server not XEP-0423-compliant might make your XMPP
735
experience terrible. See the NixOS manual for further
736
+
information.
737
738
If you know what you're doing, you can disable this warning by
739
setting config.services.prosody.xmppComplianceSuite to false.
+1
-1
nixos/modules/services/networking/radicale.nix
+1
-1
nixos/modules/services/networking/radicale.nix
···
77
<https://radicale.org/3.0.html#documentation/authentication-and-rights>.
78
This option only works in conjunction with {option}`settings`.
79
Setting this will also set {option}`settings.rights.type` and
80
-
{option}`settings.rights.file` to approriate values.
81
'';
82
default = { };
83
example = literalExpression ''
···
77
<https://radicale.org/3.0.html#documentation/authentication-and-rights>.
78
This option only works in conjunction with {option}`settings`.
79
Setting this will also set {option}`settings.rights.type` and
80
+
{option}`settings.rights.file` to appropriate values.
81
'';
82
default = { };
83
example = literalExpression ''
+2
-2
nixos/modules/services/networking/searx.nix
+2
-2
nixos/modules/services/networking/searx.nix
···
124
description = lib.mdDoc ''
125
Whether to run searx in uWSGI as a "vassal", instead of using its
126
built-in HTTP server. This is the recommended mode for public or
127
-
large instances, but is unecessary for LAN or local-only use.
128
129
::: {.warning}
130
The built-in HTTP server logs all queries by default.
···
223
module = "searx.webapp";
224
env = [
225
"SEARX_SETTINGS_PATH=${cfg.settingsFile}"
226
-
# searxng compatiblity https://github.com/searxng/searxng/issues/1519
227
"SEARXNG_SETTINGS_PATH=${cfg.settingsFile}"
228
];
229
buffer-size = 32768;
···
124
description = lib.mdDoc ''
125
Whether to run searx in uWSGI as a "vassal", instead of using its
126
built-in HTTP server. This is the recommended mode for public or
127
+
large instances, but is unnecessary for LAN or local-only use.
128
129
::: {.warning}
130
The built-in HTTP server logs all queries by default.
···
223
module = "searx.webapp";
224
env = [
225
"SEARX_SETTINGS_PATH=${cfg.settingsFile}"
226
+
# searxng compatibility https://github.com/searxng/searxng/issues/1519
227
"SEARXNG_SETTINGS_PATH=${cfg.settingsFile}"
228
];
229
buffer-size = 32768;
+1
-1
nixos/modules/services/networking/stunnel.nix
+1
-1
nixos/modules/services/networking/stunnel.nix
+1
-1
nixos/modules/services/networking/unbound.nix
+1
-1
nixos/modules/services/networking/unbound.nix
+1
-1
nixos/modules/services/networking/unifi.nix
+1
-1
nixos/modules/services/networking/unifi.nix
+1
-1
nixos/modules/services/networking/vsftpd.nix
+1
-1
nixos/modules/services/networking/vsftpd.nix
+1
-1
nixos/modules/services/networking/wireguard.nix
+1
-1
nixos/modules/services/networking/wireguard.nix
+2
-2
nixos/modules/services/networking/yggdrasil.xml
+2
-2
nixos/modules/services/networking/yggdrasil.xml
···
30
settings = {
31
Peers = [
32
# Yggdrasil will automatically connect and "peer" with other nodes it
33
-
# discovers via link-local multicast annoucements. Unless this is the
34
# case (it probably isn't) a node needs peers within the existing
35
# network that it can tunnel to.
36
"tcp://1.2.3.4:1024"
···
78
}];
79
80
services.radvd = {
81
-
# Annouce the 300::/8 prefix to eth0.
82
enable = true;
83
config = ''
84
interface eth0
···
30
settings = {
31
Peers = [
32
# Yggdrasil will automatically connect and "peer" with other nodes it
33
+
# discovers via link-local multicast announcements. Unless this is the
34
# case (it probably isn't) a node needs peers within the existing
35
# network that it can tunnel to.
36
"tcp://1.2.3.4:1024"
···
78
}];
79
80
services.radvd = {
81
+
# Announce the 300::/8 prefix to eth0.
82
enable = true;
83
config = ''
84
interface eth0
+1
-1
nixos/modules/services/printing/ipp-usb.nix
+1
-1
nixos/modules/services/printing/ipp-usb.nix
···
7
config = lib.mkIf config.services.ipp-usb.enable {
8
systemd.services.ipp-usb = {
9
description = "Daemon for IPP over USB printer support";
10
-
after = [ "cups.service" "avahi-deamon.service" ];
11
wants = [ "avahi-daemon.service" ];
12
serviceConfig = {
13
ExecStart = [ "${pkgs.ipp-usb}/bin/ipp-usb" ];
···
7
config = lib.mkIf config.services.ipp-usb.enable {
8
systemd.services.ipp-usb = {
9
description = "Daemon for IPP over USB printer support";
10
+
after = [ "cups.service" "avahi-daemon.service" ];
11
wants = [ "avahi-daemon.service" ];
12
serviceConfig = {
13
ExecStart = [ "${pkgs.ipp-usb}/bin/ipp-usb" ];
+2
-2
nixos/modules/services/security/fail2ban.nix
+2
-2
nixos/modules/services/security/fail2ban.nix
···
161
type = types.str;
162
example = "2 4 16 128";
163
description = lib.mdDoc ''
164
-
"bantime-increment.multipliers" used to calculate next value of ban time instead of formula, coresponding
165
previously ban count and given "bantime.factor" (for multipliers default is 1);
166
following example grows ban time by 1, 2, 4, 8, 16 ... and if last ban count greater as multipliers count,
167
always used last multiplier (64 in example), for factor '1' and original ban time 600 - 10.6 hours
···
174
example = true;
175
description = lib.mdDoc ''
176
"bantime-increment.overalljails" (if true) specifies the search of IP in the database will be executed
177
-
cross over all jails, if false (dafault), only current jail of the ban IP will be searched
178
'';
179
};
180
···
161
type = types.str;
162
example = "2 4 16 128";
163
description = lib.mdDoc ''
164
+
"bantime-increment.multipliers" used to calculate next value of ban time instead of formula, corresponding
165
previously ban count and given "bantime.factor" (for multipliers default is 1);
166
following example grows ban time by 1, 2, 4, 8, 16 ... and if last ban count greater as multipliers count,
167
always used last multiplier (64 in example), for factor '1' and original ban time 600 - 10.6 hours
···
174
example = true;
175
description = lib.mdDoc ''
176
"bantime-increment.overalljails" (if true) specifies the search of IP in the database will be executed
177
+
cross over all jails, if false (default), only current jail of the ban IP will be searched
178
'';
179
};
180
+2
-2
nixos/modules/services/security/shibboleth-sp.nix
+2
-2
nixos/modules/services/security/shibboleth-sp.nix
···
27
fastcgi.shibAuthorizerPort = mkOption {
28
type = types.int;
29
default = 9100;
30
-
description = lib.mdDoc "Port for shibauthorizer FastCGI proccess to bind to";
31
};
32
33
fastcgi.shibResponderPort = mkOption {
34
type = types.int;
35
default = 9101;
36
-
description = lib.mdDoc "Port for shibauthorizer FastCGI proccess to bind to";
37
};
38
};
39
};
···
27
fastcgi.shibAuthorizerPort = mkOption {
28
type = types.int;
29
default = 9100;
30
+
description = lib.mdDoc "Port for shibauthorizer FastCGI process to bind to";
31
};
32
33
fastcgi.shibResponderPort = mkOption {
34
type = types.int;
35
default = 9101;
36
+
description = lib.mdDoc "Port for shibauthorizer FastCGI process to bind to";
37
};
38
};
39
};
+10
-10
nixos/modules/services/security/tor.nix
+10
-10
nixos/modules/services/security/tor.nix
···
146
]))];
147
description = lib.mdDoc (descriptionGeneric optionName);
148
};
149
-
optionBandwith = optionName: mkOption {
150
type = with types; nullOr (either int str);
151
default = null;
152
description = lib.mdDoc (descriptionGeneric optionName);
···
205
(mkRemovedOptionModule [ "services" "tor" "client" "transparentProxy" "isolationOptions" ] "Use services.tor.settings.TransPort instead.")
206
(mkRemovedOptionModule [ "services" "tor" "client" "transparentProxy" "listenAddress" ] "Use services.tor.settings.TransPort instead.")
207
(mkRenamedOptionModule [ "services" "tor" "controlPort" ] [ "services" "tor" "settings" "ControlPort" ])
208
-
(mkRemovedOptionModule [ "services" "tor" "extraConfig" ] "Plese use services.tor.settings instead.")
209
(mkRenamedOptionModule [ "services" "tor" "hiddenServices" ] [ "services" "tor" "relay" "onionServices" ])
210
(mkRenamedOptionModule [ "services" "tor" "relay" "accountingMax" ] [ "services" "tor" "settings" "AccountingMax" ])
211
(mkRenamedOptionModule [ "services" "tor" "relay" "accountingStart" ] [ "services" "tor" "settings" "AccountingStart" ])
···
546
};
547
options.Address = optionString "Address";
548
options.AssumeReachable = optionBool "AssumeReachable";
549
-
options.AccountingMax = optionBandwith "AccountingMax";
550
options.AccountingStart = optionString "AccountingStart";
551
options.AuthDirHasIPv6Connectivity = optionBool "AuthDirHasIPv6Connectivity";
552
options.AuthDirListBadExits = optionBool "AuthDirListBadExits";
···
559
default = [".onion" ".exit"];
560
example = [".onion"];
561
};
562
-
options.BandwidthBurst = optionBandwith "BandwidthBurst";
563
-
options.BandwidthRate = optionBandwith "BandwidthRate";
564
options.BridgeAuthoritativeDir = optionBool "BridgeAuthoritativeDir";
565
options.BridgeRecordUsageByCountry = optionBool "BridgeRecordUsageByCountry";
566
options.BridgeRelay = optionBool "BridgeRelay" // { default = false; };
···
709
options.LogMessageDomains = optionBool "LogMessageDomains";
710
options.LongLivedPorts = optionPorts "LongLivedPorts";
711
options.MainloopStats = optionBool "MainloopStats";
712
-
options.MaxAdvertisedBandwidth = optionBandwith "MaxAdvertisedBandwidth";
713
options.MaxCircuitDirtiness = optionInt "MaxCircuitDirtiness";
714
options.MaxClientCircuitsPending = optionInt "MaxClientCircuitsPending";
715
options.NATDPort = optionIsolablePorts "NATDPort";
···
719
options.OfflineMasterKey = optionBool "OfflineMasterKey";
720
options.OptimisticData = optionBool "OptimisticData"; # default is null and like "auto"
721
options.PaddingStatistics = optionBool "PaddingStatistics";
722
-
options.PerConnBWBurst = optionBandwith "PerConnBWBurst";
723
-
options.PerConnBWRate = optionBandwith "PerConnBWRate";
724
options.PidFile = optionPath "PidFile";
725
options.ProtocolWarnings = optionBool "ProtocolWarnings";
726
options.PublishHidServDescriptors = optionBool "PublishHidServDescriptors";
···
732
options.ReducedExitPolicy = optionBool "ReducedExitPolicy";
733
options.RefuseUnknownExits = optionBool "RefuseUnknownExits"; # default is null and like "auto"
734
options.RejectPlaintextPorts = optionPorts "RejectPlaintextPorts";
735
-
options.RelayBandwidthBurst = optionBandwith "RelayBandwidthBurst";
736
-
options.RelayBandwidthRate = optionBandwith "RelayBandwidthRate";
737
#options.RunAsDaemon
738
options.Sandbox = optionBool "Sandbox";
739
options.ServerDNSAllowBrokenConfig = optionBool "ServerDNSAllowBrokenConfig";
···
146
]))];
147
description = lib.mdDoc (descriptionGeneric optionName);
148
};
149
+
optionBandwidth = optionName: mkOption {
150
type = with types; nullOr (either int str);
151
default = null;
152
description = lib.mdDoc (descriptionGeneric optionName);
···
205
(mkRemovedOptionModule [ "services" "tor" "client" "transparentProxy" "isolationOptions" ] "Use services.tor.settings.TransPort instead.")
206
(mkRemovedOptionModule [ "services" "tor" "client" "transparentProxy" "listenAddress" ] "Use services.tor.settings.TransPort instead.")
207
(mkRenamedOptionModule [ "services" "tor" "controlPort" ] [ "services" "tor" "settings" "ControlPort" ])
208
+
(mkRemovedOptionModule [ "services" "tor" "extraConfig" ] "Please use services.tor.settings instead.")
209
(mkRenamedOptionModule [ "services" "tor" "hiddenServices" ] [ "services" "tor" "relay" "onionServices" ])
210
(mkRenamedOptionModule [ "services" "tor" "relay" "accountingMax" ] [ "services" "tor" "settings" "AccountingMax" ])
211
(mkRenamedOptionModule [ "services" "tor" "relay" "accountingStart" ] [ "services" "tor" "settings" "AccountingStart" ])
···
546
};
547
options.Address = optionString "Address";
548
options.AssumeReachable = optionBool "AssumeReachable";
549
+
options.AccountingMax = optionBandwidth "AccountingMax";
550
options.AccountingStart = optionString "AccountingStart";
551
options.AuthDirHasIPv6Connectivity = optionBool "AuthDirHasIPv6Connectivity";
552
options.AuthDirListBadExits = optionBool "AuthDirListBadExits";
···
559
default = [".onion" ".exit"];
560
example = [".onion"];
561
};
562
+
options.BandwidthBurst = optionBandwidth "BandwidthBurst";
563
+
options.BandwidthRate = optionBandwidth "BandwidthRate";
564
options.BridgeAuthoritativeDir = optionBool "BridgeAuthoritativeDir";
565
options.BridgeRecordUsageByCountry = optionBool "BridgeRecordUsageByCountry";
566
options.BridgeRelay = optionBool "BridgeRelay" // { default = false; };
···
709
options.LogMessageDomains = optionBool "LogMessageDomains";
710
options.LongLivedPorts = optionPorts "LongLivedPorts";
711
options.MainloopStats = optionBool "MainloopStats";
712
+
options.MaxAdvertisedBandwidth = optionBandwidth "MaxAdvertisedBandwidth";
713
options.MaxCircuitDirtiness = optionInt "MaxCircuitDirtiness";
714
options.MaxClientCircuitsPending = optionInt "MaxClientCircuitsPending";
715
options.NATDPort = optionIsolablePorts "NATDPort";
···
719
options.OfflineMasterKey = optionBool "OfflineMasterKey";
720
options.OptimisticData = optionBool "OptimisticData"; # default is null and like "auto"
721
options.PaddingStatistics = optionBool "PaddingStatistics";
722
+
options.PerConnBWBurst = optionBandwidth "PerConnBWBurst";
723
+
options.PerConnBWRate = optionBandwidth "PerConnBWRate";
724
options.PidFile = optionPath "PidFile";
725
options.ProtocolWarnings = optionBool "ProtocolWarnings";
726
options.PublishHidServDescriptors = optionBool "PublishHidServDescriptors";
···
732
options.ReducedExitPolicy = optionBool "ReducedExitPolicy";
733
options.RefuseUnknownExits = optionBool "RefuseUnknownExits"; # default is null and like "auto"
734
options.RejectPlaintextPorts = optionPorts "RejectPlaintextPorts";
735
+
options.RelayBandwidthBurst = optionBandwidth "RelayBandwidthBurst";
736
+
options.RelayBandwidthRate = optionBandwidth "RelayBandwidthRate";
737
#options.RunAsDaemon
738
options.Sandbox = optionBool "Sandbox";
739
options.ServerDNSAllowBrokenConfig = optionBool "ServerDNSAllowBrokenConfig";
+2
-2
nixos/modules/services/security/usbguard.nix
+2
-2
nixos/modules/services/security/usbguard.nix
···
118
description = lib.mdDoc ''
119
The USBGuard daemon modifies some attributes of controller
120
devices like the default authorization state of new child device
121
-
instances. Using this setting, you can controll whether the daemon
122
will try to restore the attribute values to the state before
123
-
modificaton on shutdown.
124
'';
125
};
126
···
118
description = lib.mdDoc ''
119
The USBGuard daemon modifies some attributes of controller
120
devices like the default authorization state of new child device
121
+
instances. Using this setting, you can control whether the daemon
122
will try to restore the attribute values to the state before
123
+
modification on shutdown.
124
'';
125
};
126
+1
-1
nixos/modules/services/system/cloud-init.nix
+1
-1
nixos/modules/services/system/cloud-init.nix
···
27
28
This configuration is not completely compatible with the
29
NixOS way of doing configuration, as configuration done by
30
-
cloud-init might be overriden by a subsequent nixos-rebuild
31
call. However, some parts of cloud-init fall outside of
32
NixOS's responsibility, like filesystem resizing and ssh
33
public key provisioning, and cloud-init is useful for that
···
27
28
This configuration is not completely compatible with the
29
NixOS way of doing configuration, as configuration done by
30
+
cloud-init might be overridden by a subsequent nixos-rebuild
31
call. However, some parts of cloud-init fall outside of
32
NixOS's responsibility, like filesystem resizing and ssh
33
public key provisioning, and cloud-init is useful for that
+1
-1
nixos/modules/services/system/kerberos/default.nix
+1
-1
nixos/modules/services/system/kerberos/default.nix
+2
-2
nixos/modules/services/torrent/deluge.nix
+2
-2
nixos/modules/services/torrent/deluge.nix
···
66
`true`. String values must be quoted, integer and
67
boolean values must not. See
68
<https://git.deluge-torrent.org/deluge/tree/deluge/core/preferencesmanager.py#n41>
69
-
for the availaible options.
70
'';
71
};
72
···
117
when {option}`services.deluge.declarative` is set to
118
`true`.
119
See <https://dev.deluge-torrent.org/wiki/UserGuide/Authentication> for
120
-
more informations.
121
'';
122
};
123
···
66
`true`. String values must be quoted, integer and
67
boolean values must not. See
68
<https://git.deluge-torrent.org/deluge/tree/deluge/core/preferencesmanager.py#n41>
69
+
for the available options.
70
'';
71
};
72
···
117
when {option}`services.deluge.declarative` is set to
118
`true`.
119
See <https://dev.deluge-torrent.org/wiki/UserGuide/Authentication> for
120
+
more information.
121
'';
122
};
123
+1
-1
nixos/modules/services/torrent/magnetico.nix
+1
-1
nixos/modules/services/torrent/magnetico.nix
···
143
The path to the file holding the credentials to access the web
144
interface. If unset no authentication will be required.
145
146
-
The file must constain user names and password hashes in the format
147
`username:hash `, one for each line. Usernames must
148
start with a lowecase ([a-z]) ASCII character, might contain
149
non-consecutive underscores except at the end, and consists of
···
143
The path to the file holding the credentials to access the web
144
interface. If unset no authentication will be required.
145
146
+
The file must contain user names and password hashes in the format
147
`username:hash `, one for each line. Usernames must
148
start with a lowecase ([a-z]) ASCII character, might contain
149
non-consecutive underscores except at the end, and consists of
+1
-1
nixos/modules/services/torrent/rtorrent.nix
+1
-1
nixos/modules/services/torrent/rtorrent.nix
···
82
type = types.lines;
83
default = "";
84
description = lib.mdDoc ''
85
-
The content of {file}`rtorrent.rc`. The [modernized configuration template](https://rtorrent-docs.readthedocs.io/en/latest/cookbook.html#modernized-configuration-template) with the values specified in this module will be prepended using mkBefore. You can use mkForce to overwrite the config completly.
86
'';
87
};
88
};
···
82
type = types.lines;
83
default = "";
84
description = lib.mdDoc ''
85
+
The content of {file}`rtorrent.rc`. The [modernized configuration template](https://rtorrent-docs.readthedocs.io/en/latest/cookbook.html#modernized-configuration-template) with the values specified in this module will be prepended using mkBefore. You can use mkForce to overwrite the config completely.
86
'';
87
};
88
};
+2
-2
nixos/modules/services/torrent/transmission.nix
+2
-2
nixos/modules/services/torrent/transmission.nix
···
44
(each time the service starts).
45
46
See [Transmission's Wiki](https://github.com/transmission/transmission/wiki/Editing-Configuration-Files)
47
-
for documentation of settings not explicitely covered by this module.
48
'';
49
default = {};
50
type = types.submodule {
···
355
PrivateUsers = true;
356
ProtectClock = true;
357
ProtectControlGroups = true;
358
-
# ProtectHome=true would not allow BindPaths= to work accross /home,
359
# and ProtectHome=tmpfs would break statfs(),
360
# preventing transmission-daemon to report the available free space.
361
# However, RootDirectory= is used, so this is not a security concern
···
44
(each time the service starts).
45
46
See [Transmission's Wiki](https://github.com/transmission/transmission/wiki/Editing-Configuration-Files)
47
+
for documentation of settings not explicitly covered by this module.
48
'';
49
default = {};
50
type = types.submodule {
···
355
PrivateUsers = true;
356
ProtectClock = true;
357
ProtectControlGroups = true;
358
+
# ProtectHome=true would not allow BindPaths= to work across /home,
359
# and ProtectHome=tmpfs would break statfs(),
360
# preventing transmission-daemon to report the available free space.
361
# However, RootDirectory= is used, so this is not a security concern
+1
-1
nixos/modules/services/video/unifi-video.nix
+1
-1
nixos/modules/services/video/unifi-video.nix
+1
-1
nixos/modules/services/web-apps/bookstack.nix
+1
-1
nixos/modules/services/web-apps/bookstack.nix
+1
-1
nixos/modules/services/web-apps/healthchecks.nix
+1
-1
nixos/modules/services/web-apps/healthchecks.nix
···
98
description = lib.mdDoc ''
99
Environment variables which are read by healthchecks `(local)_settings.py`.
100
101
-
Settings which are explictly covered in options bewlow, are type-checked and/or transformed
102
before added to the environment, everything else is passed as a string.
103
104
See <https://healthchecks.io/docs/self_hosted_configuration/>
···
98
description = lib.mdDoc ''
99
Environment variables which are read by healthchecks `(local)_settings.py`.
100
101
+
Settings which are explicitly covered in options bewlow, are type-checked and/or transformed
102
before added to the environment, everything else is passed as a string.
103
104
See <https://healthchecks.io/docs/self_hosted_configuration/>
+1
-1
nixos/modules/services/web-apps/ihatemoney/default.nix
+1
-1
nixos/modules/services/web-apps/ihatemoney/default.nix
+1
-1
nixos/modules/services/web-apps/invidious.nix
+1
-1
nixos/modules/services/web-apps/invidious.nix
+1
-1
nixos/modules/services/web-apps/invoiceplane.nix
+1
-1
nixos/modules/services/web-apps/invoiceplane.nix
+1
-1
nixos/modules/services/web-apps/jitsi-meet.nix
+1
-1
nixos/modules/services/web-apps/jitsi-meet.nix
+1
-1
nixos/modules/services/web-apps/matomo.nix
+1
-1
nixos/modules/services/web-apps/matomo.nix
+1
-1
nixos/modules/services/web-apps/mattermost.nix
+1
-1
nixos/modules/services/web-apps/mattermost.nix
+1
-1
nixos/modules/services/web-apps/mediawiki.nix
+1
-1
nixos/modules/services/web-apps/mediawiki.nix
···
129
130
## Set $wgCacheDirectory to a writable directory on the web server
131
## to make your wiki go slightly faster. The directory should not
132
-
## be publically accessible from the web.
133
$wgCacheDirectory = "${cacheDir}";
134
135
# Site language code, should be one of the list in ./languages/data/Names.php
···
129
130
## Set $wgCacheDirectory to a writable directory on the web server
131
## to make your wiki go slightly faster. The directory should not
132
+
## be publicly accessible from the web.
133
$wgCacheDirectory = "${cacheDir}";
134
135
# Site language code, should be one of the list in ./languages/data/Names.php
+1
-1
nixos/modules/services/web-apps/netbox.nix
+1
-1
nixos/modules/services/web-apps/netbox.nix
···
135
type = types.path;
136
default = "";
137
description = lib.mdDoc ''
138
-
Path to the Configuration-File for LDAP-Authentification, will be loaded as `ldap_config.py`.
139
See the [documentation](https://netbox.readthedocs.io/en/stable/installation/6-ldap/#configuration) for possible options.
140
'';
141
};
···
135
type = types.path;
136
default = "";
137
description = lib.mdDoc ''
138
+
Path to the Configuration-File for LDAP-Authentication, will be loaded as `ldap_config.py`.
139
See the [documentation](https://netbox.readthedocs.io/en/stable/installation/6-ldap/#configuration) for possible options.
140
'';
141
};
+7
-7
nixos/modules/services/web-apps/nextcloud.nix
+7
-7
nixos/modules/services/web-apps/nextcloud.nix
···
16
# disable default openssl extension
17
(lib.filter (e: e.pname != "php-openssl") enabled)
18
# use OpenSSL 1.1 for RC4 Nextcloud encryption if user
19
-
# has acknowledged the brokeness of the ciphers (RC4).
20
# TODO: remove when https://github.com/nextcloud/server/issues/32003 is fixed.
21
++ (if cfg.enableBrokenCiphersForSSE then [ cfg.phpPackage.extensions.openssl-legacy ] else [ cfg.phpPackage.extensions.openssl ])
22
++ optional cfg.enableImagemagick imagick
···
76
* setting `listen.owner` & `listen.group` in the phpfpm-pool to a different value
77
78
Further details about this can be found in the `Nextcloud`-section of the NixOS-manual
79
-
(which can be openend e.g. by running `nixos-help`).
80
'')
81
(mkRemovedOptionModule [ "services" "nextcloud" "disableImagemagick" ] ''
82
Use services.nextcloud.nginx.enableImagemagick instead.
···
388
default = [];
389
description = lib.mdDoc ''
390
Trusted domains, from which the nextcloud installation will be
391
-
acessible. You don't need to add
392
`services.nextcloud.hostname` here.
393
'';
394
};
···
698
699
services.nextcloud.enableBrokenCiphersForSSE = false;
700
701
-
If you need to use server-side encryption you can ignore this waring.
702
Otherwise you'd have to disable server-side encryption first in order
703
to be able to safely disable this option and get rid of this warning.
704
See <https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html#disabling-encryption> on how to achieve this.
···
758
759
nextcloud-setup = let
760
c = cfg.config;
761
-
writePhpArrary = a: "[${concatMapStringsSep "," (val: ''"${toString val}"'') a}]";
762
requiresReadSecretFunction = c.dbpassFile != null || c.objectstore.s3.enable;
763
objectstoreConfig = let s3 = c.objectstore.s3; in optionalString s3.enable ''
764
'objectstore' => [
···
838
''
839
}
840
'dbtype' => '${c.dbtype}',
841
-
'trusted_domains' => ${writePhpArrary ([ cfg.hostName ] ++ c.extraTrustedDomains)},
842
-
'trusted_proxies' => ${writePhpArrary (c.trustedProxies)},
843
${optionalString (c.defaultPhoneRegion != null) "'default_phone_region' => '${c.defaultPhoneRegion}',"}
844
${optionalString (nextcloudGreaterOrEqualThan "23") "'profile.enabled' => ${boolToString cfg.globalProfiles},"}
845
${objectstoreConfig}
···
16
# disable default openssl extension
17
(lib.filter (e: e.pname != "php-openssl") enabled)
18
# use OpenSSL 1.1 for RC4 Nextcloud encryption if user
19
+
# has acknowledged the brokenness of the ciphers (RC4).
20
# TODO: remove when https://github.com/nextcloud/server/issues/32003 is fixed.
21
++ (if cfg.enableBrokenCiphersForSSE then [ cfg.phpPackage.extensions.openssl-legacy ] else [ cfg.phpPackage.extensions.openssl ])
22
++ optional cfg.enableImagemagick imagick
···
76
* setting `listen.owner` & `listen.group` in the phpfpm-pool to a different value
77
78
Further details about this can be found in the `Nextcloud`-section of the NixOS-manual
79
+
(which can be opened e.g. by running `nixos-help`).
80
'')
81
(mkRemovedOptionModule [ "services" "nextcloud" "disableImagemagick" ] ''
82
Use services.nextcloud.nginx.enableImagemagick instead.
···
388
default = [];
389
description = lib.mdDoc ''
390
Trusted domains, from which the nextcloud installation will be
391
+
accessible. You don't need to add
392
`services.nextcloud.hostname` here.
393
'';
394
};
···
698
699
services.nextcloud.enableBrokenCiphersForSSE = false;
700
701
+
If you need to use server-side encryption you can ignore this warning.
702
Otherwise you'd have to disable server-side encryption first in order
703
to be able to safely disable this option and get rid of this warning.
704
See <https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html#disabling-encryption> on how to achieve this.
···
758
759
nextcloud-setup = let
760
c = cfg.config;
761
+
writePhpArray = a: "[${concatMapStringsSep "," (val: ''"${toString val}"'') a}]";
762
requiresReadSecretFunction = c.dbpassFile != null || c.objectstore.s3.enable;
763
objectstoreConfig = let s3 = c.objectstore.s3; in optionalString s3.enable ''
764
'objectstore' => [
···
838
''
839
}
840
'dbtype' => '${c.dbtype}',
841
+
'trusted_domains' => ${writePhpArray ([ cfg.hostName ] ++ c.extraTrustedDomains)},
842
+
'trusted_proxies' => ${writePhpArray (c.trustedProxies)},
843
${optionalString (c.defaultPhoneRegion != null) "'default_phone_region' => '${c.defaultPhoneRegion}',"}
844
${optionalString (nextcloudGreaterOrEqualThan "23") "'profile.enabled' => ${boolToString cfg.globalProfiles},"}
845
${objectstoreConfig}
+1
-1
nixos/modules/services/web-apps/nextcloud.xml
+1
-1
nixos/modules/services/web-apps/nextcloud.xml
···
283
284
<para>
285
If major-releases will be abandoned by upstream, we should check first if those are needed
286
-
in NixOS for a safe upgrade-path before removing those. In that case we shold keep those
287
packages, but mark them as insecure in an expression like this (in
288
<literal><nixpkgs/pkgs/servers/nextcloud/default.nix></literal>):
289
<programlisting>/* ... */
···
283
284
<para>
285
If major-releases will be abandoned by upstream, we should check first if those are needed
286
+
in NixOS for a safe upgrade-path before removing those. In that case we should keep those
287
packages, but mark them as insecure in an expression like this (in
288
<literal><nixpkgs/pkgs/servers/nextcloud/default.nix></literal>):
289
<programlisting>/* ... */
+1
-1
nixos/modules/services/web-apps/onlyoffice.nix
+1
-1
nixos/modules/services/web-apps/onlyoffice.nix
+1
-1
nixos/modules/services/web-apps/outline.nix
+1
-1
nixos/modules/services/web-apps/outline.nix
+1
-1
nixos/modules/services/web-apps/peering-manager.nix
+1
-1
nixos/modules/services/web-apps/peering-manager.nix
···
130
ldapConfigPath = mkOption {
131
type = types.path;
132
description = lib.mdDoc ''
133
-
Path to the Configuration-File for LDAP-Authentification, will be loaded as `ldap_config.py`.
134
See the [documentation](https://peering-manager.readthedocs.io/en/stable/setup/6-ldap/#configuration) for possible options.
135
'';
136
};
···
130
ldapConfigPath = mkOption {
131
type = types.path;
132
description = lib.mdDoc ''
133
+
Path to the Configuration-File for LDAP-Authentication, will be loaded as `ldap_config.py`.
134
See the [documentation](https://peering-manager.readthedocs.io/en/stable/setup/6-ldap/#configuration) for possible options.
135
'';
136
};
+1
-1
nixos/modules/services/web-apps/pgpkeyserver-lite.nix
+1
-1
nixos/modules/services/web-apps/pgpkeyserver-lite.nix
+1
-1
nixos/modules/services/web-apps/snipe-it.nix
+1
-1
nixos/modules/services/web-apps/snipe-it.nix
+1
-1
nixos/modules/services/web-apps/sogo.nix
+1
-1
nixos/modules/services/web-apps/sogo.nix
+1
-1
nixos/modules/services/web-apps/wiki-js.nix
+1
-1
nixos/modules/services/web-apps/wiki-js.nix
+1
-1
nixos/modules/services/web-servers/agate.nix
+1
-1
nixos/modules/services/web-servers/agate.nix
+1
-1
nixos/modules/services/web-servers/apache-httpd/vhost-options.nix
+1
-1
nixos/modules/services/web-servers/apache-httpd/vhost-options.nix
+1
-1
nixos/modules/services/web-servers/keter/default.nix
+1
-1
nixos/modules/services/web-servers/keter/default.nix
···
140
141
# On deploy this will load our app, by moving it into the incoming dir
142
# If the bundle content changes, this will run again.
143
-
# Because the bundle content contains the nix path to the exectuable,
144
# we inherit nix based cache busting.
145
systemd.services.load-keter-bundle = {
146
description = "load keter bundle into incoming folder";
···
140
141
# On deploy this will load our app, by moving it into the incoming dir
142
# If the bundle content changes, this will run again.
143
+
# Because the bundle content contains the nix path to the executable,
144
# we inherit nix based cache busting.
145
systemd.services.load-keter-bundle = {
146
description = "load keter bundle into incoming folder";
+2
-2
nixos/modules/services/web-servers/nginx/vhost-options.nix
+2
-2
nixos/modules/services/web-servers/nginx/vhost-options.nix
+1
-1
nixos/modules/services/web-servers/ttyd.nix
+1
-1
nixos/modules/services/web-servers/ttyd.nix
···
163
assertions =
164
[ { assertion = cfg.enableSSL
165
-> cfg.certFile != null && cfg.keyFile != null && cfg.caFile != null;
166
-
message = "SSL is enabled for ttyd, but no certFile, keyFile or caFile has been specefied."; }
167
{ assertion = ! (cfg.interface != null && cfg.socket != null);
168
message = "Cannot set both interface and socket for ttyd."; }
169
{ assertion = (cfg.username != null) == (cfg.passwordFile != null);
···
163
assertions =
164
[ { assertion = cfg.enableSSL
165
-> cfg.certFile != null && cfg.keyFile != null && cfg.caFile != null;
166
+
message = "SSL is enabled for ttyd, but no certFile, keyFile or caFile has been specified."; }
167
{ assertion = ! (cfg.interface != null && cfg.socket != null);
168
message = "Cannot set both interface and socket for ttyd."; }
169
{ assertion = (cfg.username != null) == (cfg.passwordFile != null);
+1
-1
nixos/modules/services/web-servers/zope2.nix
+1
-1
nixos/modules/services/web-servers/zope2.nix
+1
-1
nixos/modules/services/x11/display-managers/sddm.nix
+1
-1
nixos/modules/services/x11/display-managers/sddm.nix
+1
-1
nixos/modules/services/x11/hardware/libinput.nix
+1
-1
nixos/modules/services/x11/hardware/libinput.nix
+2
-2
nixos/modules/services/x11/imwheel.nix
+2
-2
nixos/modules/services/x11/imwheel.nix
+1
-1
nixos/modules/services/x11/xautolock.nix
+1
-1
nixos/modules/services/x11/xautolock.nix
+1
-1
nixos/modules/virtualisation/appvm.nix
+1
-1
nixos/modules/virtualisation/appvm.nix
+1
-1
nixos/modules/virtualisation/proxmox-image.nix
+1
-1
nixos/modules/virtualisation/proxmox-image.nix
+1
-1
nixos/modules/virtualisation/vmware-host.nix
+1
-1
nixos/modules/virtualisation/vmware-host.nix
+1
-1
nixos/tests/acme.nix
+1
-1
nixos/tests/acme.nix
+1
-1
nixos/tests/cockroachdb.nix
+1
-1
nixos/tests/cockroachdb.nix
···
8
# Cluster joins that are outside this window will fail, and nodes that skew
9
# outside the window after joining will promptly get kicked out.
10
#
11
-
# To accomodate this, we use QEMU/virtio infrastructure and load the 'ptp_kvm'
12
# driver inside a guest. This driver allows the host machine to pass its clock
13
# through to the guest as a hardware clock that appears as a Precision Time
14
# Protocol (PTP) Clock device, generally /dev/ptp0. PTP devices can be measured
···
8
# Cluster joins that are outside this window will fail, and nodes that skew
9
# outside the window after joining will promptly get kicked out.
10
#
11
+
# To accommodate this, we use QEMU/virtio infrastructure and load the 'ptp_kvm'
12
# driver inside a guest. This driver allows the host machine to pass its clock
13
# through to the guest as a hardware clock that appears as a Precision Time
14
# Protocol (PTP) Clock device, generally /dev/ptp0. PTP devices can be measured
+1
-1
nixos/tests/common/ec2.nix
+1
-1
nixos/tests/common/ec2.nix
···
46
# Note: we use net=169.0.0.0/8 rather than
47
# net=169.254.0.0/16 to prevent dhcpcd from getting horribly
48
# confused. (It would get a DHCP lease in the 169.254.*
49
-
# range, which it would then configure and prompty delete
50
# again when it deletes link-local addresses.) Ideally we'd
51
# turn off the DHCP server, but qemu does not have an option
52
# to do that.
···
46
# Note: we use net=169.0.0.0/8 rather than
47
# net=169.254.0.0/16 to prevent dhcpcd from getting horribly
48
# confused. (It would get a DHCP lease in the 169.254.*
49
+
# range, which it would then configure and promptly delete
50
# again when it deletes link-local addresses.) Ideally we'd
51
# turn off the DHCP server, but qemu does not have an option
52
# to do that.
+1
-1
nixos/tests/graphite.nix
+1
-1
nixos/tests/graphite.nix
+1
-1
nixos/tests/home-assistant.nix
+1
-1
nixos/tests/home-assistant.nix
···
120
start_all()
121
122
# Parse the package path out of the systemd unit, as we cannot
123
-
# access the final package, that is overriden inside the module,
124
# by any other means.
125
pattern = re.compile(r"path=(?P<path>[\/a-z0-9-.]+)\/bin\/hass")
126
response = hass.execute("systemctl show -p ExecStart home-assistant.service")[1]
···
120
start_all()
121
122
# Parse the package path out of the systemd unit, as we cannot
123
+
# access the final package, that is overridden inside the module,
124
# by any other means.
125
pattern = re.compile(r"path=(?P<path>[\/a-z0-9-.]+)\/bin\/hass")
126
response = hass.execute("systemctl show -p ExecStart home-assistant.service")[1]
+1
-1
nixos/tests/networking-proxy.nix
+1
-1
nixos/tests/networking-proxy.nix
+1
-1
nixos/tests/pgadmin4-standalone.nix
+1
-1
nixos/tests/pgadmin4-standalone.nix
+1
-1
nixos/tests/pgadmin4.nix
+1
-1
nixos/tests/pgadmin4.nix
+1
-1
nixos/tests/vaultwarden.nix
+1
-1
nixos/tests/vaultwarden.nix