tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
fork atom

nixos/*: convert options with admonitions to MD

rendering changes only slightly, most changes are in spacing.

pennae 722b99bc bd563688

+568 -568
unified split
+12 -13
nixos/modules/programs/java.nix
··· 15 15 16 16 programs.java = { 17 17 18 - enable = mkEnableOption "java" // { 19 - description = '' 18 + enable = mkEnableOption (lib.mdDoc "java") // { 19 + description = lib.mdDoc '' 20 20 Install and setup the Java development kit. 21 - <note> 22 - <para>This adds JAVA_HOME to the global environment, by sourcing the 23 - jdk's setup-hook on shell init. It is equivalent to starting a shell 24 - through 'nix-shell -p jdk', or roughly the following system-wide 25 - configuration: 26 - </para> 27 - <programlisting> 28 - environment.variables.JAVA_HOME = ''${pkgs.jdk.home}/lib/openjdk; 29 - environment.systemPackages = [ pkgs.jdk ]; 30 - </programlisting> 31 - </note> 21 + 22 + ::: {.note} 23 + This adds JAVA_HOME to the global environment, by sourcing the 24 + jdk's setup-hook on shell init. It is equivalent to starting a shell 25 + through 'nix-shell -p jdk', or roughly the following system-wide 26 + configuration: 27 + 28 + environment.variables.JAVA_HOME = ''${pkgs.jdk.home}/lib/openjdk; 29 + environment.systemPackages = [ pkgs.jdk ]; 30 + ::: 32 31 ''; 33 32 }; 34 33
+22 -14
nixos/modules/security/dhparams.nix
··· 56 56 in attrsOf (coercedTo int coerce (submodule paramsSubmodule)); 57 57 default = {}; 58 58 example = lib.literalExpression "{ nginx.bits = 3072; }"; 59 - description = '' 59 + description = lib.mdDoc '' 60 60 Diffie-Hellman parameters to generate. 61 61 62 62 The value is the size (in bits) of the DH params to generate. The 63 63 generated DH params path can be found in 64 - <literal>config.security.dhparams.params.«name».path</literal>. 64 + `config.security.dhparams.params.«name».path`. 65 65 66 - <note><para>The name of the DH params is taken as being the name of 66 + ::: {.note} 67 + The name of the DH params is taken as being the name of 67 68 the service it serves and the params will be generated before the 68 - said service is started.</para></note> 69 + said service is started. 70 + ::: 69 71 70 - <warning><para>If you are removing all dhparams from this list, you 71 - have to leave <option>security.dhparams.enable</option> for at 72 + ::: {.warning} 73 + If you are removing all dhparams from this list, you 74 + have to leave {option}`security.dhparams.enable` for at 72 75 least one activation in order to have them be cleaned up. This also 73 76 means if you rollback to a version without any dhparams the 74 77 existing ones won't be cleaned up. Of course this only applies if 75 - <option>security.dhparams.stateful</option> is 76 - <literal>true</literal>.</para></warning> 78 + {option}`security.dhparams.stateful` is 79 + `true`. 80 + ::: 77 81 78 - <note><title>For module implementers:</title><para>It's recommended 82 + ::: {.note} 83 + **For module implementers:** It's recommended 79 84 to not set a specific bit size here, so that users can easily 80 85 override this by setting 81 - <option>security.dhparams.defaultBitSize</option>.</para></note> 86 + {option}`security.dhparams.defaultBitSize`. 87 + ::: 82 88 ''; 83 89 }; 84 90 85 91 stateful = mkOption { 86 92 type = types.bool; 87 93 default = true; 88 - description = '' 94 + description = lib.mdDoc '' 89 95 Whether generation of Diffie-Hellman parameters should be stateful or 90 96 not. If this is enabled, PEM-encoded files for Diffie-Hellman 91 97 parameters are placed in the directory specified by 92 - <option>security.dhparams.path</option>. Otherwise the files are 98 + {option}`security.dhparams.path`. Otherwise the files are 93 99 created within the Nix store. 94 100 95 - <note><para>If this is <literal>false</literal> the resulting store 101 + ::: {.note} 102 + If this is `false` the resulting store 96 103 path will be non-deterministic and will be rebuilt every time the 97 - <literal>openssl</literal> package changes.</para></note> 104 + `openssl` package changes. 105 + ::: 98 106 ''; 99 107 }; 100 108
+18 -16
nixos/modules/security/systemd-confinement.nix
··· 38 38 type = types.listOf (types.either types.str types.package); 39 39 default = []; 40 40 description = let 41 - mkScOption = optName: "<option>serviceConfig.${optName}</option>"; 42 - in '' 41 + mkScOption = optName: "{option}`serviceConfig.${optName}`"; 42 + in lib.mdDoc '' 43 43 Additional packages or strings with context to add to the closure of 44 44 the chroot. By default, this includes all the packages from the 45 45 ${lib.concatMapStringsSep ", " mkScOption [ ··· 47 47 "ExecStopPost" 48 48 ]} and ${mkScOption "ExecStart"} options. If you want to have all the 49 49 dependencies of this systemd unit, you can use 50 - <option>confinement.fullUnit</option>. 50 + {option}`confinement.fullUnit`. 51 51 52 - <note><para>The store paths listed in <option>path</option> are 53 - <emphasis role="strong">not</emphasis> included in the closure as 52 + ::: {.note} 53 + The store paths listed in {option}`path` are 54 + **not** included in the closure as 54 55 well as paths from other options except those listed 55 - above.</para></note> 56 + above. 57 + ::: 56 58 ''; 57 59 }; 58 60 ··· 74 76 options.confinement.mode = lib.mkOption { 75 77 type = types.enum [ "full-apivfs" "chroot-only" ]; 76 78 default = "full-apivfs"; 77 - description = '' 78 - The value <literal>full-apivfs</literal> (the default) sets up 79 - private <filename class="directory">/dev</filename>, <filename 80 - class="directory">/proc</filename>, <filename 81 - class="directory">/sys</filename> and <filename 82 - class="directory">/tmp</filename> file systems in a separate user 79 + description = lib.mdDoc '' 80 + The value `full-apivfs` (the default) sets up 81 + private {file}`/dev`, {file}`/proc`, 82 + {file}`/sys` and {file}`/tmp` file systems in a separate user 83 83 name space. 84 84 85 - If this is set to <literal>chroot-only</literal>, only the file 85 + If this is set to `chroot-only`, only the file 86 86 system name space is set up along with the call to 87 - <citerefentry><refentrytitle>chroot</refentrytitle><manvolnum>2</manvolnum></citerefentry>. 87 + {manpage}`chroot(2)`. 88 88 89 - <note><para>This doesn't cover network namespaces and is solely for 90 - file system level isolation.</para></note> 89 + ::: {.note} 90 + This doesn't cover network namespaces and is solely for 91 + file system level isolation. 92 + ::: 91 93 ''; 92 94 }; 93 95
+10 -10
nixos/modules/security/wrappers/default.nix
··· 51 51 options.capabilities = lib.mkOption 52 52 { type = lib.types.commas; 53 53 default = ""; 54 - description = '' 54 + description = lib.mdDoc '' 55 55 A comma-separated list of capabilities to be given to the wrapper 56 56 program. For capabilities supported by the system check the 57 - <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry> 57 + {manpage}`capabilities(7)` 58 58 manual page. 59 59 60 - <note><para> 61 - <literal>cap_setpcap</literal>, which is required for the wrapper 62 - program to be able to raise caps into the Ambient set is NOT raised 63 - to the Ambient set so that the real program cannot modify its own 64 - capabilities!! This may be too restrictive for cases in which the 65 - real program needs cap_setpcap but it at least leans on the side 66 - security paranoid vs. too relaxed. 67 - </para></note> 60 + ::: {.note} 61 + `cap_setpcap`, which is required for the wrapper 62 + program to be able to raise caps into the Ambient set is NOT raised 63 + to the Ambient set so that the real program cannot modify its own 64 + capabilities!! This may be too restrictive for cases in which the 65 + real program needs cap_setpcap but it at least leans on the side 66 + security paranoid vs. too relaxed. 67 + ::: 68 68 ''; 69 69 }; 70 70 options.setuid = lib.mkOption
+6 -6
nixos/modules/services/backup/duplicati.nix
··· 21 21 dataDir = mkOption { 22 22 type = types.str; 23 23 default = "/var/lib/duplicati"; 24 - description = '' 24 + description = lib.mdDoc '' 25 25 The directory where Duplicati stores its data files. 26 26 27 - <note><para> 28 - If left as the default value this directory will automatically be created 29 - before the Duplicati server starts, otherwise you are responsible for ensuring 30 - the directory exists with appropriate ownership and permissions. 31 - </para></note> 27 + ::: {.note} 28 + If left as the default value this directory will automatically be created 29 + before the Duplicati server starts, otherwise you are responsible for ensuring 30 + the directory exists with appropriate ownership and permissions. 31 + ::: 32 32 ''; 33 33 }; 34 34
+19 -21
nixos/modules/services/databases/mysql.nix
··· 44 44 user = mkOption { 45 45 type = types.str; 46 46 default = "mysql"; 47 - description = '' 47 + description = lib.mdDoc '' 48 48 User account under which MySQL runs. 49 49 50 - <note><para> 50 + ::: {.note} 51 51 If left as the default value this user will automatically be created 52 52 on system activation, otherwise you are responsible for 53 53 ensuring the user exists before the MySQL service starts. 54 - </para></note> 54 + ::: 55 55 ''; 56 56 }; 57 57 58 58 group = mkOption { 59 59 type = types.str; 60 60 default = "mysql"; 61 - description = '' 61 + description = lib.mdDoc '' 62 62 Group account under which MySQL runs. 63 63 64 - <note><para> 64 + ::: {.note} 65 65 If left as the default value this group will automatically be created 66 66 on system activation, otherwise you are responsible for 67 67 ensuring the user exists before the MySQL service starts. 68 - </para></note> 68 + ::: 69 69 ''; 70 70 }; 71 71 72 72 dataDir = mkOption { 73 73 type = types.path; 74 74 example = "/var/lib/mysql"; 75 - description = '' 75 + description = lib.mdDoc '' 76 76 The data directory for MySQL. 77 77 78 - <note><para> 79 - If left as the default value of <literal>/var/lib/mysql</literal> this directory will automatically be created before the MySQL 78 + ::: {.note} 79 + If left as the default value of `/var/lib/mysql` this directory will automatically be created before the MySQL 80 80 server starts, otherwise you are responsible for ensuring the directory exists with appropriate ownership and permissions. 81 - </para></note> 81 + ::: 82 82 ''; 83 83 }; 84 84 ··· 107 107 settings = mkOption { 108 108 type = format.type; 109 109 default = {}; 110 - description = '' 110 + description = lib.mdDoc '' 111 111 MySQL configuration. Refer to 112 - <link xlink:href="https://dev.mysql.com/doc/refman/5.7/en/server-system-variables.html"/>, 113 - <link xlink:href="https://dev.mysql.com/doc/refman/8.0/en/server-system-variables.html"/>, 114 - and <link xlink:href="https://mariadb.com/kb/en/server-system-variables/"/> 112 + <https://dev.mysql.com/doc/refman/5.7/en/server-system-variables.html>, 113 + <https://dev.mysql.com/doc/refman/8.0/en/server-system-variables.html>, 114 + and <https://mariadb.com/kb/en/server-system-variables/> 115 115 for details on supported values. 116 116 117 - <note> 118 - <para> 119 - MySQL configuration options such as <literal>--quick</literal> should be treated as 120 - boolean options and provided values such as <literal>true</literal>, <literal>false</literal>, 121 - <literal>1</literal>, or <literal>0</literal>. See the provided example below. 122 - </para> 123 - </note> 117 + ::: {.note} 118 + MySQL configuration options such as `--quick` should be treated as 119 + boolean options and provided values such as `true`, `false`, 120 + `1`, or `0`. See the provided example below. 121 + ::: 124 122 ''; 125 123 example = literalExpression '' 126 124 {
+7 -7
nixos/modules/services/databases/postgresql.nix
··· 230 230 settings = mkOption { 231 231 type = with types; attrsOf (oneOf [ bool float int str ]); 232 232 default = {}; 233 - description = '' 233 + description = lib.mdDoc '' 234 234 PostgreSQL configuration. Refer to 235 - <link xlink:href="https://www.postgresql.org/docs/11/config-setting.html#CONFIG-SETTING-CONFIGURATION-FILE"/> 236 - for an overview of <literal>postgresql.conf</literal>. 235 + <https://www.postgresql.org/docs/11/config-setting.html#CONFIG-SETTING-CONFIGURATION-FILE> 236 + for an overview of `postgresql.conf`. 237 237 238 - <note><para> 239 - String values will automatically be enclosed in single quotes. Single quotes will be 240 - escaped with two single quotes as described by the upstream documentation linked above. 241 - </para></note> 238 + ::: {.note} 239 + String values will automatically be enclosed in single quotes. Single quotes will be 240 + escaped with two single quotes as described by the upstream documentation linked above. 241 + ::: 242 242 ''; 243 243 example = literalExpression '' 244 244 {
+4 -4
nixos/modules/services/hardware/acpid.nix
··· 72 72 }; 73 73 }); 74 74 75 - description = '' 75 + description = lib.mdDoc '' 76 76 Event handlers. 77 77 78 - <note><para> 79 - Handler can be a single command. 80 - </para></note> 78 + ::: {.note} 79 + Handler can be a single command. 80 + ::: 81 81 ''; 82 82 default = {}; 83 83 example = {
+5 -5
nixos/modules/services/hardware/bluetooth.nix
··· 51 51 default = pkgs.bluez; 52 52 defaultText = literalExpression "pkgs.bluez"; 53 53 example = literalExpression "pkgs.bluezFull"; 54 - description = '' 54 + description = lib.mdDoc '' 55 55 Which BlueZ package to use. 56 56 57 - <note><para> 58 - Use the <literal>pkgs.bluezFull</literal> package to enable all 59 - bluez plugins. 60 - </para></note> 57 + ::: {.note} 58 + Use the `pkgs.bluezFull` package to enable all 59 + bluez plugins. 60 + ::: 61 61 ''; 62 62 }; 63 63
+8 -8
nixos/modules/services/hardware/sane.nix
··· 48 48 hardware.sane.enable = mkOption { 49 49 type = types.bool; 50 50 default = false; 51 - description = '' 51 + description = lib.mdDoc '' 52 52 Enable support for SANE scanners. 53 53 54 - <note><para> 55 - Users in the "scanner" group will gain access to the scanner, or the "lp" group if it's also a printer. 56 - </para></note> 54 + ::: {.note} 55 + Users in the "scanner" group will gain access to the scanner, or the "lp" group if it's also a printer. 56 + ::: 57 57 ''; 58 58 }; 59 59 ··· 66 66 hardware.sane.extraBackends = mkOption { 67 67 type = types.listOf types.path; 68 68 default = []; 69 - description = '' 69 + description = lib.mdDoc '' 70 70 Packages providing extra SANE backends to enable. 71 71 72 - <note><para> 73 - The example contains the package for HP scanners. 74 - </para></note> 72 + ::: {.note} 73 + The example contains the package for HP scanners. 74 + ::: 75 75 ''; 76 76 example = literalExpression "[ pkgs.hplipWithPlugin ]"; 77 77 };
+11 -10
nixos/modules/services/mail/maddy.nix
··· 144 144 user = mkOption { 145 145 default = "maddy"; 146 146 type = with types; uniq string; 147 - description = '' 147 + description = lib.mdDoc '' 148 148 User account under which maddy runs. 149 149 150 - <note><para> 150 + ::: {.note} 151 151 If left as the default value this user will automatically be created 152 152 on system activation, otherwise the sysadmin is responsible for 153 153 ensuring the user exists before the maddy service starts. 154 - </para></note> 154 + ::: 155 155 ''; 156 156 }; 157 157 158 158 group = mkOption { 159 159 default = "maddy"; 160 160 type = with types; uniq string; 161 - description = '' 161 + description = lib.mdDoc '' 162 162 Group account under which maddy runs. 163 163 164 - <note><para> 164 + ::: {.note} 165 165 If left as the default value this group will automatically be created 166 166 on system activation, otherwise the sysadmin is responsible for 167 167 ensuring the group exists before the maddy service starts. 168 - </para></note> 168 + ::: 169 169 ''; 170 170 }; 171 171 ··· 203 203 config = mkOption { 204 204 type = with types; nullOr lines; 205 205 default = defaultConfig; 206 - description = '' 206 + description = lib.mdDoc '' 207 207 Server configuration, see 208 - <link xlink:href="https://maddy.email">https://maddy.email</link> for 208 + [https://maddy.email](https://maddy.email) for 209 209 more information. The default configuration of this module will setup 210 210 minimal maddy instance for mail transfer without TLS encryption. 211 - <note><para> 211 + 212 + ::: {.note} 212 213 This should not be used in a production environment. 213 - </para></note> 214 + ::: 214 215 ''; 215 216 }; 216 217
+16 -22
nixos/modules/services/misc/gitlab.nix
··· 748 748 type = types.int; 749 749 default = 2; 750 750 apply = x: builtins.toString x; 751 - description = '' 751 + description = lib.mdDoc '' 752 752 The number of worker processes Puma should spawn. This 753 753 controls the amount of parallel Ruby code can be 754 - executed. GitLab recommends <literal>Number of CPU cores - 1</literal>, but at least two. 754 + executed. GitLab recommends `Number of CPU cores - 1`, but at least two. 755 755 756 - <note> 757 - <para> 758 - Each worker consumes quite a bit of memory, so 759 - be careful when increasing this. 760 - </para> 761 - </note> 756 + ::: {.note} 757 + Each worker consumes quite a bit of memory, so 758 + be careful when increasing this. 759 + ::: 762 760 ''; 763 761 }; 764 762 ··· 766 764 type = types.int; 767 765 default = 0; 768 766 apply = x: builtins.toString x; 769 - description = '' 767 + description = lib.mdDoc '' 770 768 The minimum number of threads Puma should use per 771 769 worker. 772 770 773 - <note> 774 - <para> 775 - Each thread consumes memory and contributes to Global VM 776 - Lock contention, so be careful when increasing this. 777 - </para> 778 - </note> 771 + ::: {.note} 772 + Each thread consumes memory and contributes to Global VM 773 + Lock contention, so be careful when increasing this. 774 + ::: 779 775 ''; 780 776 }; 781 777 ··· 783 779 type = types.int; 784 780 default = 4; 785 781 apply = x: builtins.toString x; 786 - description = '' 782 + description = lib.mdDoc '' 787 783 The maximum number of threads Puma should use per 788 784 worker. This limits how many threads Puma will automatically 789 785 spawn in response to requests. In contrast to workers, 790 786 threads will never be able to run Ruby code in parallel, but 791 787 give higher IO parallelism. 792 788 793 - <note> 794 - <para> 795 - Each thread consumes memory and contributes to Global VM 796 - Lock contention, so be careful when increasing this. 797 - </para> 798 - </note> 789 + ::: {.note} 790 + Each thread consumes memory and contributes to Global VM 791 + Lock contention, so be careful when increasing this. 792 + ::: 799 793 ''; 800 794 }; 801 795
+5 -5
nixos/modules/services/misc/sdrplay.nix
··· 5 5 enable = mkOption { 6 6 default = false; 7 7 example = true; 8 - description = '' 8 + description = lib.mdDoc '' 9 9 Whether to enable the SDRplay API service and udev rules. 10 10 11 - <note><para> 12 - To enable integration with SoapySDR and GUI applications like gqrx create an overlay containing 13 - <literal>soapysdr-with-plugins = super.soapysdr.override { extraPackages = [ super.soapysdrplay ]; };</literal> 14 - </para></note> 11 + ::: {.note} 12 + To enable integration with SoapySDR and GUI applications like gqrx create an overlay containing 13 + `soapysdr-with-plugins = super.soapysdr.override { extraPackages = [ super.soapysdrplay ]; };` 14 + ::: 15 15 ''; 16 16 type = lib.types.bool; 17 17 };
+5 -5
nixos/modules/services/misc/sourcehut/default.nix
··· 668 668 }; 669 669 670 670 builds = { 671 - enableWorker = mkEnableOption '' 671 + enableWorker = mkEnableOption (lib.mdDoc '' 672 672 worker for builds.sr.ht 673 673 674 - <warning><para> 674 + ::: {.warning} 675 675 For smaller deployments, job runners can be installed alongside the master server 676 676 but even if you only build your own software, integration with other services 677 677 may cause you to run untrusted builds 678 678 (e.g. automatic testing of patches via listssrht). 679 - See <link xlink:href="https://man.sr.ht/builds.sr.ht/configuration.md#security-model"/>. 680 - </para></warning> 681 - ''; 679 + See <https://man.sr.ht/builds.sr.ht/configuration.md#security-model>. 680 + ::: 681 + ''); 682 682 683 683 images = mkOption { 684 684 type = with types; attrsOf (attrsOf (attrsOf package));
+14 -12
nixos/modules/services/misc/taskserver/default.nix
··· 10 10 mkManualPkiOption = desc: mkOption { 11 11 type = types.nullOr types.path; 12 12 default = null; 13 - description = desc + '' 14 - <note><para> 13 + description = lib.mdDoc '' 14 + ${desc} 15 + 16 + ::: {.note} 15 17 Setting this option will prevent automatic CA creation and handling. 16 - </para></note> 18 + ::: 17 19 ''; 18 20 }; 19 21 ··· 35 37 ''; 36 38 }; 37 39 38 - mkAutoDesc = preamble: '' 40 + mkAutoDesc = preamble: lib.mdDoc '' 39 41 ${preamble} 40 42 41 - <note><para> 43 + ::: {.note} 42 44 This option is for the automatically handled CA and will be ignored if any 43 - of the <option>services.taskserver.pki.manual.*</option> options are set. 44 - </para></note> 45 + of the {option}`services.taskserver.pki.manual.*` options are set. 46 + ::: 45 47 ''; 46 48 47 49 mkExpireOption = desc: mkOption { ··· 50 52 example = 365; 51 53 apply = val: if val == null then -1 else val; 52 54 description = mkAutoDesc '' 53 - The expiration time of ${desc} in days or <literal>null</literal> for no 55 + The expiration time of ${desc} in days or `null` for no 54 56 expiration time. 55 57 ''; 56 58 }; ··· 140 142 default = false; 141 143 description = let 142 144 url = "https://nixos.org/manual/nixos/stable/index.html#module-services-taskserver"; 143 - in '' 145 + in lib.mdDoc '' 144 146 Whether to enable the Taskwarrior server. 145 147 146 148 More instructions about NixOS in conjuction with Taskserver can be 147 - found <link xlink:href="${url}">in the NixOS manual</link>. 149 + found [in the NixOS manual](${url}). 148 150 ''; 149 151 }; 150 152 ··· 172 174 example = "NORMAL:-VERS-SSL3.0"; 173 175 description = let 174 176 url = "https://gnutls.org/manual/html_node/Priority-Strings.html"; 175 - in '' 177 + in lib.mdDoc '' 176 178 List of GnuTLS ciphers to use. See the GnuTLS documentation about 177 - priority strings at <link xlink:href="${url}"/> for full details. 179 + priority strings at <${url}> for full details. 178 180 ''; 179 181 }; 180 182
+7 -7
nixos/modules/services/network-filesystems/samba-wsdd.nix
··· 8 8 in { 9 9 options = { 10 10 services.samba-wsdd = { 11 - enable = mkEnableOption '' 11 + enable = mkEnableOption (lib.mdDoc '' 12 12 Enable Web Services Dynamic Discovery host daemon. This enables (Samba) hosts, like your local NAS device, 13 13 to be found by Web Service Discovery Clients like Windows. 14 - <note> 15 - <para>If you use the firewall consider adding the following:</para> 16 - <programlisting> 14 + 15 + ::: {.note} 16 + If you use the firewall consider adding the following: 17 + 17 18 networking.firewall.allowedTCPPorts = [ 5357 ]; 18 19 networking.firewall.allowedUDPPorts = [ 3702 ]; 19 - </programlisting> 20 - </note> 21 - ''; 20 + ::: 21 + ''); 22 22 interface = mkOption { 23 23 type = types.nullOr types.str; 24 24 default = null;
+6 -7
nixos/modules/services/network-filesystems/samba.nix
··· 80 80 enable = mkOption { 81 81 type = types.bool; 82 82 default = false; 83 - description = '' 83 + description = lib.mdDoc '' 84 84 Whether to enable Samba, which provides file and print 85 85 services to Windows clients through the SMB/CIFS protocol. 86 86 87 - <note> 88 - <para>If you use the firewall consider adding the following:</para> 89 - <programlisting> 90 - services.samba.openFirewall = true; 91 - </programlisting> 92 - </note> 87 + ::: {.note} 88 + If you use the firewall consider adding the following: 89 + 90 + services.samba.openFirewall = true; 91 + ::: 93 92 ''; 94 93 }; 95 94
+7 -7
nixos/modules/services/networking/adguardhome.nix
··· 64 64 settings = mkOption { 65 65 type = (pkgs.formats.yaml { }).type; 66 66 default = { }; 67 - description = '' 67 + description = lib.mdDoc '' 68 68 AdGuard Home configuration. Refer to 69 - <link xlink:href="https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration#configuration-file"/> 69 + <https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration#configuration-file> 70 70 for details on supported values. 71 71 72 - <note><para> 73 - On start and if <option>mutableSettings</option> is <literal>true</literal>, 74 - these options are merged into the configuration file on start, taking 75 - precedence over configuration changes made on the web interface. 76 - </para></note> 72 + ::: {.note} 73 + On start and if {option}`mutableSettings` is `true`, 74 + these options are merged into the configuration file on start, taking 75 + precedence over configuration changes made on the web interface. 76 + ::: 77 77 ''; 78 78 }; 79 79
+8 -6
nixos/modules/services/networking/headscale.nix
··· 26 26 user = mkOption { 27 27 default = "headscale"; 28 28 type = types.str; 29 - description = '' 29 + description = lib.mdDoc '' 30 30 User account under which headscale runs. 31 - <note><para> 31 + 32 + ::: {.note} 32 33 If left as the default value this user will automatically be created 33 34 on system activation, otherwise you are responsible for 34 35 ensuring the user exists before the headscale service starts. 35 - </para></note> 36 + ::: 36 37 ''; 37 38 }; 38 39 39 40 group = mkOption { 40 41 default = "headscale"; 41 42 type = types.str; 42 - description = '' 43 + description = lib.mdDoc '' 43 44 Group under which headscale runs. 44 - <note><para> 45 + 46 + ::: {.note} 45 47 If left as the default value this group will automatically be created 46 48 on system activation, otherwise you are responsible for 47 49 ensuring the user exists before the headscale service starts. 48 - </para></note> 50 + ::: 49 51 ''; 50 52 }; 51 53
+4 -4
nixos/modules/services/networking/libreswan.nix
··· 93 93 '''; 94 94 } 95 95 ''; 96 - description = '' 96 + description = lib.mdDoc '' 97 97 A set of policies to apply to the IPsec connections. 98 98 99 - <note><para> 100 - The policy name must match the one of connection it needs to apply to. 101 - </para></note> 99 + ::: {.note} 100 + The policy name must match the one of connection it needs to apply to. 101 + ::: 102 102 ''; 103 103 }; 104 104
+20 -18
nixos/modules/services/networking/privoxy.nix
··· 67 67 inspectHttps = mkOption { 68 68 type = types.bool; 69 69 default = false; 70 - description = '' 70 + description = lib.mdDoc '' 71 71 Whether to configure Privoxy to inspect HTTPS requests, meaning all 72 72 encrypted traffic will be filtered as well. This works by decrypting 73 73 and re-encrypting the requests using a per-domain generated certificate. 74 74 75 75 To issue per-domain certificates, Privoxy must be provided with a CA 76 - certificate, using the <literal>ca-cert-file</literal>, 77 - <literal>ca-key-file</literal> settings. 76 + certificate, using the `ca-cert-file`, 77 + `ca-key-file` settings. 78 78 79 - <warning><para> 80 - The CA certificate must also be added to the system trust roots, 81 - otherwise browsers will reject all Privoxy certificates as invalid. 82 - You can do so by using the option 83 - <option>security.pki.certificateFiles</option>. 84 - </para></warning> 79 + ::: {.warning} 80 + The CA certificate must also be added to the system trust roots, 81 + otherwise browsers will reject all Privoxy certificates as invalid. 82 + You can do so by using the option 83 + {option}`security.pki.certificateFiles`. 84 + ::: 85 85 ''; 86 86 }; 87 87 ··· 89 89 type = ageType; 90 90 default = "10d"; 91 91 example = "12h"; 92 - description = '' 93 - If <literal>inspectHttps</literal> is enabled, the time generated HTTPS 92 + description = lib.mdDoc '' 93 + If `inspectHttps` is enabled, the time generated HTTPS 94 94 certificates will be stored in a temporary directory for reuse. Once 95 95 the lifetime has expired the directory will cleared and the certificate 96 96 will have to be generated again, on-demand. ··· 98 98 Depending on the traffic, you may want to reduce the lifetime to limit 99 99 the disk usage, since Privoxy itself never deletes the certificates. 100 100 101 - <note><para>The format is that of the <literal>tmpfiles.d(5)</literal> 102 - Age parameter.</para></note> 101 + ::: {.note} 102 + The format is that of the `tmpfiles.d(5)` 103 + Age parameter. 104 + ::: 103 105 ''; 104 106 }; 105 107 ··· 179 181 # debug 64 180 182 } 181 183 ''; 182 - description = '' 184 + description = lib.mdDoc '' 183 185 This option is mapped to the main Privoxy configuration file. 184 186 Check out the Privoxy user manual at 185 - <link xlink:href="https://www.privoxy.org/user-manual/config.html"/> 187 + <https://www.privoxy.org/user-manual/config.html> 186 188 for available settings and documentation. 187 189 188 - <note><para> 189 - Repeated settings can be represented by using a list. 190 - </para></note> 190 + ::: {.note} 191 + Repeated settings can be represented by using a list. 192 + ::: 191 193 ''; 192 194 }; 193 195
+6 -6
nixos/modules/services/networking/prosody.nix
··· 529 529 user = mkOption { 530 530 type = types.str; 531 531 default = "prosody"; 532 - description = '' 532 + description = lib.mdDoc '' 533 533 User account under which prosody runs. 534 534 535 - <note><para> 535 + ::: {.note} 536 536 If left as the default value this user will automatically be created 537 537 on system activation, otherwise you are responsible for 538 538 ensuring the user exists before the prosody service starts. 539 - </para></note> 539 + ::: 540 540 ''; 541 541 }; 542 542 543 543 group = mkOption { 544 544 type = types.str; 545 545 default = "prosody"; 546 - description = '' 546 + description = lib.mdDoc '' 547 547 Group account under which prosody runs. 548 548 549 - <note><para> 549 + ::: {.note} 550 550 If left as the default value this group will automatically be created 551 551 on system activation, otherwise you are responsible for 552 552 ensuring the group exists before the prosody service starts. 553 - </para></note> 553 + ::: 554 554 ''; 555 555 }; 556 556
+20 -23
nixos/modules/services/networking/searx.nix
··· 81 81 }; 82 82 } 83 83 ''; 84 - description = '' 84 + description = lib.mdDoc '' 85 85 Searx settings. These will be merged with (taking precedence over) 86 86 the default configuration. It's also possible to refer to 87 87 environment variables 88 - (defined in <xref linkend="opt-services.searx.environmentFile"/>) 89 - using the syntax <literal>@VARIABLE_NAME@</literal>. 90 - <note> 91 - <para> 92 - For available settings, see the Searx 93 - <link xlink:href="https://searx.github.io/searx/admin/settings.html">docs</link>. 94 - </para> 95 - </note> 88 + (defined in [](#opt-services.searx.environmentFile)) 89 + using the syntax `@VARIABLE_NAME@`. 90 + 91 + ::: {.note} 92 + For available settings, see the Searx 93 + [docs](https://searx.github.io/searx/admin/settings.html). 94 + ::: 96 95 ''; 97 96 }; 98 97 99 98 settingsFile = mkOption { 100 99 type = types.path; 101 100 default = "${runDir}/settings.yml"; 102 - description = '' 101 + description = lib.mdDoc '' 103 102 The path of the Searx server settings.yml file. If no file is 104 103 specified, a default file is used (default config file has debug mode 105 104 enabled). Note: setting this options overrides 106 - <xref linkend="opt-services.searx.settings"/>. 107 - <warning> 108 - <para> 109 - This file, along with any secret key it contains, will be copied 110 - into the world-readable Nix store. 111 - </para> 112 - </warning> 105 + [](#opt-services.searx.settings). 106 + 107 + ::: {.warning} 108 + This file, along with any secret key it contains, will be copied 109 + into the world-readable Nix store. 110 + ::: 113 111 ''; 114 112 }; 115 113 ··· 123 121 runInUwsgi = mkOption { 124 122 type = types.bool; 125 123 default = false; 126 - description = '' 124 + description = lib.mdDoc '' 127 125 Whether to run searx in uWSGI as a "vassal", instead of using its 128 126 built-in HTTP server. This is the recommended mode for public or 129 127 large instances, but is unecessary for LAN or local-only use. 130 - <warning> 131 - <para> 132 - The built-in HTTP server logs all queries by default. 133 - </para> 134 - </warning> 128 + 129 + ::: {.warning} 130 + The built-in HTTP server logs all queries by default. 131 + ::: 135 132 ''; 136 133 }; 137 134
+7 -8
nixos/modules/services/networking/shorewall.nix
··· 8 8 enable = lib.mkOption { 9 9 type = types.bool; 10 10 default = false; 11 - description = '' 11 + description = lib.mdDoc '' 12 12 Whether to enable Shorewall IPv4 Firewall. 13 - <warning> 14 - <para> 15 - Enabling this service WILL disable the existing NixOS 16 - firewall! Default firewall rules provided by packages are not 17 - considered at the moment. 18 - </para> 19 - </warning> 13 + 14 + ::: {.warning} 15 + Enabling this service WILL disable the existing NixOS 16 + firewall! Default firewall rules provided by packages are not 17 + considered at the moment. 18 + ::: 20 19 ''; 21 20 }; 22 21 package = lib.mkOption {
+7 -8
nixos/modules/services/networking/shorewall6.nix
··· 8 8 enable = lib.mkOption { 9 9 type = types.bool; 10 10 default = false; 11 - description = '' 11 + description = lib.mdDoc '' 12 12 Whether to enable Shorewall IPv6 Firewall. 13 - <warning> 14 - <para> 15 - Enabling this service WILL disable the existing NixOS 16 - firewall! Default firewall rules provided by packages are not 17 - considered at the moment. 18 - </para> 19 - </warning> 13 + 14 + ::: {.warning} 15 + Enabling this service WILL disable the existing NixOS 16 + firewall! Default firewall rules provided by packages are not 17 + considered at the moment. 18 + ::: 20 19 ''; 21 20 }; 22 21 package = lib.mkOption {
+41 -41
nixos/modules/services/networking/wpa_supplicant.nix
··· 170 170 type = types.listOf types.str; 171 171 default = []; 172 172 example = [ "wlan0" "wlan1" ]; 173 - description = '' 174 - The interfaces <command>wpa_supplicant</command> will use. If empty, it will 173 + description = lib.mdDoc '' 174 + The interfaces {command}`wpa_supplicant` will use. If empty, it will 175 175 automatically use all wireless interfaces. 176 176 177 - <note><para> 178 - A separate wpa_supplicant instance will be started for each interface. 179 - </para></note> 177 + ::: {.note} 178 + A separate wpa_supplicant instance will be started for each interface. 179 + ::: 180 180 ''; 181 181 }; 182 182 ··· 186 186 description = lib.mdDoc "Force a specific wpa_supplicant driver."; 187 187 }; 188 188 189 - allowAuxiliaryImperativeNetworks = mkEnableOption "support for imperative & declarative networks" // { 189 + allowAuxiliaryImperativeNetworks = mkEnableOption (lib.mdDoc "support for imperative & declarative networks") // { 190 190 description = '' 191 191 Whether to allow configuring networks "imperatively" (e.g. via 192 192 <literal>wpa_supplicant_gui</literal>) and declaratively via ··· 222 222 type = types.nullOr types.path; 223 223 default = null; 224 224 example = "/run/secrets/wireless.env"; 225 - description = '' 226 - File consisting of lines of the form <literal>varname=value</literal> 225 + description = lib.mdDoc '' 226 + File consisting of lines of the form `varname=value` 227 227 to define variables for the wireless configuration. 228 228 229 - See section "EnvironmentFile=" in <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> for a syntax reference. 229 + See section "EnvironmentFile=" in {manpage}`systemd.exec(5)` for a syntax reference. 230 230 231 231 Secrets (PSKs, passwords, etc.) can be provided without adding them to 232 232 the world-readable Nix store by defining them in the environment file and 233 - referring to them in option <option>networking.wireless.networks</option> 234 - with the syntax <literal>@varname@</literal>. Example: 233 + referring to them in option {option}`networking.wireless.networks` 234 + with the syntax `@varname@`. Example: 235 235 236 - <programlisting> 236 + ``` 237 237 # content of /run/secrets/wireless.env 238 238 PSK_HOME=mypassword 239 239 PASS_WORK=myworkpassword 240 - </programlisting> 240 + ``` 241 241 242 - <programlisting> 242 + ``` 243 243 # wireless-related configuration 244 244 networking.wireless.environmentFile = "/run/secrets/wireless.env"; 245 245 networking.wireless.networks = { ··· 250 250 password="@PASS_WORK@" 251 251 '''; 252 252 }; 253 - </programlisting> 253 + ``` 254 254 ''; 255 255 }; 256 256 ··· 260 260 psk = mkOption { 261 261 type = types.nullOr types.str; 262 262 default = null; 263 - description = '' 263 + description = lib.mdDoc '' 264 264 The network's pre-shared key in plaintext defaulting 265 265 to being a network without any authentication. 266 266 267 - <warning><para> 268 - Be aware that this will be written to the nix store 269 - in plaintext! Use an environment variable instead. 270 - </para></warning> 267 + ::: {.warning} 268 + Be aware that this will be written to the nix store 269 + in plaintext! Use an environment variable instead. 270 + ::: 271 271 272 - <note><para> 273 - Mutually exclusive with <varname>pskRaw</varname>. 274 - </para></note> 272 + ::: {.note} 273 + Mutually exclusive with {var}`pskRaw`. 274 + ::: 275 275 ''; 276 276 }; 277 277 278 278 pskRaw = mkOption { 279 279 type = types.nullOr types.str; 280 280 default = null; 281 - description = '' 281 + description = lib.mdDoc '' 282 282 The network's pre-shared key in hex defaulting 283 283 to being a network without any authentication. 284 284 285 - <warning><para> 286 - Be aware that this will be written to the nix store 287 - in plaintext! Use an environment variable instead. 288 - </para></warning> 285 + ::: {.warning} 286 + Be aware that this will be written to the nix store 287 + in plaintext! Use an environment variable instead. 288 + ::: 289 289 290 - <note><para> 291 - Mutually exclusive with <varname>psk</varname>. 292 - </para></note> 290 + ::: {.note} 291 + Mutually exclusive with {var}`psk`. 292 + ::: 293 293 ''; 294 294 }; 295 295 ··· 343 343 identity="user@example.com" 344 344 password="@EXAMPLE_PASSWORD@" 345 345 ''; 346 - description = '' 346 + description = lib.mdDoc '' 347 347 Use this option to configure advanced authentication methods like EAP. 348 348 See 349 - <citerefentry><refentrytitle>wpa_supplicant.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry> 349 + {manpage}`wpa_supplicant.conf(5)` 350 350 for example configurations. 351 351 352 - <warning><para> 353 - Be aware that this will be written to the nix store 354 - in plaintext! Use an environment variable for secrets. 355 - </para></warning> 352 + ::: {.warning} 353 + Be aware that this will be written to the nix store 354 + in plaintext! Use an environment variable for secrets. 355 + ::: 356 356 357 - <note><para> 358 - Mutually exclusive with <varname>psk</varname> and 359 - <varname>pskRaw</varname>. 360 - </para></note> 357 + ::: {.note} 358 + Mutually exclusive with {var}`psk` and 359 + {var}`pskRaw`. 360 + ::: 361 361 ''; 362 362 }; 363 363
+7 -7
nixos/modules/services/security/cfssl.nix
··· 11 11 dataDir = mkOption { 12 12 default = "/var/lib/cfssl"; 13 13 type = types.path; 14 - description = '' 14 + description = lib.mdDoc '' 15 15 The work directory for CFSSL. 16 16 17 - <note><para> 18 - If left as the default value this directory will automatically be 19 - created before the CFSSL server starts, otherwise you are 20 - responsible for ensuring the directory exists with appropriate 21 - ownership and permissions. 22 - </para></note> 17 + ::: {.note} 18 + If left as the default value this directory will automatically be 19 + created before the CFSSL server starts, otherwise you are 20 + responsible for ensuring the directory exists with appropriate 21 + ownership and permissions. 22 + ::: 23 23 ''; 24 24 }; 25 25
+20 -24
nixos/modules/services/security/step-ca.nix
··· 34 34 }; 35 35 settings = lib.mkOption { 36 36 type = with lib.types; attrsOf anything; 37 - description = '' 38 - Settings that go into <filename>ca.json</filename>. See 39 - <link xlink:href="https://smallstep.com/docs/step-ca/configuration">the step-ca manual</link> 37 + description = lib.mdDoc '' 38 + Settings that go into {file}`ca.json`. See 39 + [the step-ca manual](https://smallstep.com/docs/step-ca/configuration) 40 40 for more information. The easiest way to 41 - configure this module would be to run <literal>step ca init</literal> 42 - to generate <filename>ca.json</filename> and then import it using 43 - <literal>builtins.fromJSON</literal>. 44 - <link xlink:href="https://smallstep.com/docs/step-cli/basic-crypto-operations#run-an-offline-x509-certificate-authority">This article</link> 41 + configure this module would be to run `step ca init` 42 + to generate {file}`ca.json` and then import it using 43 + `builtins.fromJSON`. 44 + [This article](https://smallstep.com/docs/step-cli/basic-crypto-operations#run-an-offline-x509-certificate-authority) 45 45 may also be useful if you want to customize certain aspects of 46 46 certificate generation for your CA. 47 - You need to change the database storage path to <filename>/var/lib/step-ca/db</filename>. 47 + You need to change the database storage path to {file}`/var/lib/step-ca/db`. 48 48 49 - <warning> 50 - <para> 51 - The <option>services.step-ca.settings.address</option> option 52 - will be ignored and overwritten by 53 - <option>services.step-ca.address</option> and 54 - <option>services.step-ca.port</option>. 55 - </para> 56 - </warning> 49 + ::: {.warning} 50 + The {option}`services.step-ca.settings.address` option 51 + will be ignored and overwritten by 52 + {option}`services.step-ca.address` and 53 + {option}`services.step-ca.port`. 54 + ::: 57 55 ''; 58 56 }; 59 57 intermediatePasswordFile = lib.mkOption { 60 58 type = lib.types.path; 61 59 example = "/run/keys/smallstep-password"; 62 - description = '' 60 + description = lib.mdDoc '' 63 61 Path to the file containing the password for the intermediate 64 62 certificate private key. 65 63 66 - <warning> 67 - <para> 68 - Make sure to use a quoted absolute path instead of a path literal 69 - to prevent it from being copied to the globally readable Nix 70 - store. 71 - </para> 72 - </warning> 64 + ::: {.warning} 65 + Make sure to use a quoted absolute path instead of a path literal 66 + to prevent it from being copied to the globally readable Nix 67 + store. 68 + ::: 73 69 ''; 74 70 }; 75 71 };
+8 -8
nixos/modules/services/security/torify.nix
··· 27 27 enable = mkOption { 28 28 type = types.bool; 29 29 default = false; 30 - description = '' 30 + description = lib.mdDoc '' 31 31 Whether to build tsocks wrapper script to relay application traffic via Tor. 32 32 33 - <important> 34 - <para>You shouldn't use this unless you know what you're 35 - doing because your installation of Tor already comes with 36 - its own superior (doesn't leak DNS queries) 37 - <literal>torsocks</literal> wrapper which does pretty much 38 - exactly the same thing as this.</para> 39 - </important> 33 + ::: {.important} 34 + You shouldn't use this unless you know what you're 35 + doing because your installation of Tor already comes with 36 + its own superior (doesn't leak DNS queries) 37 + `torsocks` wrapper which does pretty much 38 + exactly the same thing as this. 39 + ::: 40 40 ''; 41 41 }; 42 42
+13 -15
nixos/modules/services/torrent/magnetico.nix
··· 116 116 myuser = "$2y$12$YE01LZ8jrbQbx6c0s2hdZO71dSjn2p/O9XsYJpz.5968yCysUgiaG"; 117 117 } 118 118 ''; 119 - description = '' 119 + description = lib.mdDoc '' 120 120 The credentials to access the web interface, in case authentication is 121 - enabled, in the format <literal>username:hash</literal>. If unset no 121 + enabled, in the format `username:hash`. If unset no 122 122 authentication will be required. 123 123 124 124 Usernames must start with a lowercase ([a-z]) ASCII character, might 125 125 contain non-consecutive underscores except at the end, and consists of 126 126 small-case a-z characters and digits 0-9. The 127 - <command>htpasswd</command> tool from the <literal>apacheHttpd</literal> 127 + {command}`htpasswd` tool from the `apacheHttpd` 128 128 package may be used to generate the hash: 129 - <command>htpasswd -bnBC 12 username password</command> 129 + {command}`htpasswd -bnBC 12 username password` 130 130 131 - <warning> 132 - <para> 133 - The hashes will be stored world-readable in the nix store. 134 - Consider using the <literal>credentialsFile</literal> option if you 135 - don't want this. 136 - </para> 137 - </warning> 131 + ::: {.warning} 132 + The hashes will be stored world-readable in the nix store. 133 + Consider using the `credentialsFile` option if you 134 + don't want this. 135 + ::: 138 136 ''; 139 137 }; 140 138 141 139 web.credentialsFile = mkOption { 142 140 type = types.nullOr types.path; 143 141 default = null; 144 - description = '' 142 + description = lib.mdDoc '' 145 143 The path to the file holding the credentials to access the web 146 144 interface. If unset no authentication will be required. 147 145 148 146 The file must constain user names and password hashes in the format 149 - <literal>username:hash </literal>, one for each line. Usernames must 147 + `username:hash `, one for each line. Usernames must 150 148 start with a lowecase ([a-z]) ASCII character, might contain 151 149 non-consecutive underscores except at the end, and consists of 152 150 small-case a-z characters and digits 0-9. 153 - The <command>htpasswd</command> tool from the <literal>apacheHttpd</literal> 151 + The {command}`htpasswd` tool from the `apacheHttpd` 154 152 package may be used to generate the hash: 155 - <command>htpasswd -bnBC 12 username password</command> 153 + {command}`htpasswd -bnBC 12 username password` 156 154 ''; 157 155 }; 158 156
+6 -8
nixos/modules/services/video/epgstation/default.nix
··· 101 101 openFirewall = lib.mkOption { 102 102 type = lib.types.bool; 103 103 default = false; 104 - description = '' 104 + description = lib.mdDoc '' 105 105 Open ports in the firewall for the EPGStation web interface. 106 106 107 - <warning> 108 - <para> 109 - Exposing EPGStation to the open internet is generally advised 110 - against. Only use it inside a trusted local network, or consider 111 - putting it behind a VPN if you want remote access. 112 - </para> 113 - </warning> 107 + ::: {.warning} 108 + Exposing EPGStation to the open internet is generally advised 109 + against. Only use it inside a trusted local network, or consider 110 + putting it behind a VPN if you want remote access. 111 + ::: 114 112 ''; 115 113 }; 116 114
+6 -8
nixos/modules/services/video/mirakurun.nix
··· 38 38 openFirewall = mkOption { 39 39 type = types.bool; 40 40 default = false; 41 - description = '' 41 + description = lib.mdDoc '' 42 42 Open ports in the firewall for Mirakurun. 43 43 44 - <warning> 45 - <para> 46 - Exposing Mirakurun to the open internet is generally advised 47 - against. Only use it inside a trusted local network, or 48 - consider putting it behind a VPN if you want remote access. 49 - </para> 50 - </warning> 44 + ::: {.warning} 45 + Exposing Mirakurun to the open internet is generally advised 46 + against. Only use it inside a trusted local network, or 47 + consider putting it behind a VPN if you want remote access. 48 + ::: 51 49 ''; 52 50 }; 53 51
+10 -4
nixos/modules/services/web-apps/dokuwiki.nix
··· 160 160 plugins = mkOption { 161 161 type = types.listOf types.path; 162 162 default = []; 163 - description = '' 163 + description = lib.mdDoc '' 164 164 List of path(s) to respective plugin(s) which are copied from the 'plugin' directory. 165 - <note><para>These plugins need to be packaged before use, see example.</para></note> 165 + 166 + ::: {.note} 167 + These plugins need to be packaged before use, see example. 168 + ::: 166 169 ''; 167 170 example = literalExpression '' 168 171 let ··· 188 191 templates = mkOption { 189 192 type = types.listOf types.path; 190 193 default = []; 191 - description = '' 194 + description = lib.mdDoc '' 192 195 List of path(s) to respective template(s) which are copied from the 'tpl' directory. 193 - <note><para>These templates need to be packaged before use, see example.</para></note> 196 + 197 + ::: {.note} 198 + These templates need to be packaged before use, see example. 199 + ::: 194 200 ''; 195 201 example = literalExpression '' 196 202 let
+13 -13
nixos/modules/services/web-apps/healthchecks.nix
··· 43 43 user = mkOption { 44 44 default = defaultUser; 45 45 type = types.str; 46 - description = '' 46 + description = lib.mdDoc '' 47 47 User account under which healthchecks runs. 48 48 49 - <note><para> 49 + ::: {.note} 50 50 If left as the default value this user will automatically be created 51 51 on system activation, otherwise you are responsible for 52 52 ensuring the user exists before the healthchecks service starts. 53 - </para></note> 53 + ::: 54 54 ''; 55 55 }; 56 56 57 57 group = mkOption { 58 58 default = defaultUser; 59 59 type = types.str; 60 - description = '' 60 + description = lib.mdDoc '' 61 61 Group account under which healthchecks runs. 62 62 63 - <note><para> 63 + ::: {.note} 64 64 If left as the default value this group will automatically be created 65 65 on system activation, otherwise you are responsible for 66 66 ensuring the group exists before the healthchecks service starts. 67 - </para></note> 67 + ::: 68 68 ''; 69 69 }; 70 70 ··· 83 83 dataDir = mkOption { 84 84 type = types.str; 85 85 default = "/var/lib/healthchecks"; 86 - description = '' 86 + description = lib.mdDoc '' 87 87 The directory used to store all data for healthchecks. 88 88 89 - <note><para> 89 + ::: {.note} 90 90 If left as the default value this directory will automatically be created before 91 91 the healthchecks server starts, otherwise you are responsible for ensuring the 92 92 directory exists with appropriate ownership and permissions. 93 - </para></note> 93 + ::: 94 94 ''; 95 95 }; 96 96 97 97 settings = lib.mkOption { 98 - description = '' 99 - Environment variables which are read by healthchecks <literal>(local)_settings.py</literal>. 98 + description = lib.mdDoc '' 99 + Environment variables which are read by healthchecks `(local)_settings.py`. 100 100 101 101 Settings which are explictly covered in options bewlow, are type-checked and/or transformed 102 102 before added to the environment, everything else is passed as a string. 103 103 104 - See <link xlink:href="">https://healthchecks.io/docs/self_hosted_configuration/</link> 104 + See <https://healthchecks.io/docs/self_hosted_configuration/> 105 105 for a full documentation of settings. 106 106 107 - We add two variables to this list inside the packages <literal>local_settings.py.</literal> 107 + We add two variables to this list inside the packages `local_settings.py.` 108 108 - STATIC_ROOT to set a state directory for dynamically generated static files. 109 109 - SECRET_KEY_FILE to read SECRET_KEY from a file at runtime and keep it out of /nix/store. 110 110 '';
+5 -2
nixos/modules/services/web-apps/invoiceplane.nix
··· 124 124 invoiceTemplates = mkOption { 125 125 type = types.listOf types.path; 126 126 default = []; 127 - description = '' 127 + description = lib.mdDoc '' 128 128 List of path(s) to respective template(s) which are copied from the 'invoice_templates/pdf' directory. 129 - <note><para>These templates need to be packaged before use, see example.</para></note> 129 + 130 + ::: {.note} 131 + These templates need to be packaged before use, see example. 132 + ::: 130 133 ''; 131 134 example = literalExpression '' 132 135 let
+12 -14
nixos/modules/services/web-apps/keycloak.nix
··· 314 314 type = str; 315 315 default = ""; 316 316 example = "/auth"; 317 - description = '' 318 - The path relative to <literal>/</literal> for serving 317 + description = lib.mdDoc '' 318 + The path relative to `/` for serving 319 319 resources. 320 320 321 - <note> 322 - <para> 323 - In versions of Keycloak using Wildfly (&lt;17), 324 - this defaulted to <literal>/auth</literal>. If 325 - upgrading from the Wildfly version of Keycloak, 326 - i.e. a NixOS version before 22.05, you'll likely 327 - want to set this to <literal>/auth</literal> to 328 - keep compatibility with your clients. 321 + ::: {.note} 322 + In versions of Keycloak using Wildfly (&lt;17), 323 + this defaulted to `/auth`. If 324 + upgrading from the Wildfly version of Keycloak, 325 + i.e. a NixOS version before 22.05, you'll likely 326 + want to set this to `/auth` to 327 + keep compatibility with your clients. 329 328 330 - See <link xlink:href="https://www.keycloak.org/migration/migrating-to-quarkus"/> 331 - for more information on migrating from Wildfly to Quarkus. 332 - </para> 333 - </note> 329 + See <https://www.keycloak.org/migration/migrating-to-quarkus> 330 + for more information on migrating from Wildfly to Quarkus. 331 + ::: 334 332 ''; 335 333 }; 336 334
+9 -9
nixos/modules/services/web-apps/nextcloud.nix
··· 371 371 default = null; 372 372 type = types.nullOr types.str; 373 373 example = "DE"; 374 - description = '' 375 - <warning> 376 - <para>This option exists since Nextcloud 21! If older versions are used, 377 - this will throw an eval-error!</para> 378 - </warning> 374 + description = lib.mdDoc '' 375 + ::: {.warning} 376 + This option exists since Nextcloud 21! If older versions are used, 377 + this will throw an eval-error! 378 + ::: 379 379 380 - <link xlink:href="https://www.iso.org/iso-3166-country-codes.html">ISO 3611-1</link> 380 + [ISO 3611-1](https://www.iso.org/iso-3166-country-codes.html) 381 381 country codes for automatic phone-number detection without a country code. 382 382 383 - With e.g. <literal>DE</literal> set, the <literal>+49</literal> can be omitted for 383 + With e.g. `DE` set, the `+49` can be omitted for 384 384 phone-numbers. 385 385 ''; 386 386 }; ··· 519 519 type = with types; either str (listOf str); 520 520 default = "05:00:00"; 521 521 example = "Sun 14:00:00"; 522 - description = '' 523 - When to run the update. See `systemd.services.&lt;name&gt;.startAt`. 522 + description = lib.mdDoc '' 523 + When to run the update. See `systemd.services.<name>.startAt`. 524 524 ''; 525 525 }; 526 526 };
+10 -4
nixos/modules/services/web-apps/wordpress.nix
··· 97 97 plugins = mkOption { 98 98 type = types.listOf types.path; 99 99 default = []; 100 - description = '' 100 + description = lib.mdDoc '' 101 101 List of path(s) to respective plugin(s) which are copied from the 'plugins' directory. 102 - <note><para>These plugins need to be packaged before use, see example.</para></note> 102 + 103 + ::: {.note} 104 + These plugins need to be packaged before use, see example. 105 + ::: 103 106 ''; 104 107 example = literalExpression '' 105 108 let ··· 124 127 themes = mkOption { 125 128 type = types.listOf types.path; 126 129 default = []; 127 - description = '' 130 + description = lib.mdDoc '' 128 131 List of path(s) to respective theme(s) which are copied from the 'theme' directory. 129 - <note><para>These themes need to be packaged before use, see example.</para></note> 132 + 133 + ::: {.note} 134 + These themes need to be packaged before use, see example. 135 + ::: 130 136 ''; 131 137 example = literalExpression '' 132 138 let
+4 -4
nixos/modules/services/web-servers/apache-httpd/default.nix
··· 484 484 user = mkOption { 485 485 type = types.str; 486 486 default = "wwwrun"; 487 - description = '' 487 + description = lib.mdDoc '' 488 488 User account under which httpd children processes run. 489 489 490 490 If you require the main httpd process to run as 491 - <literal>root</literal> add the following configuration: 492 - <programlisting> 491 + `root` add the following configuration: 492 + ``` 493 493 systemd.services.httpd.serviceConfig.User = lib.mkForce "root"; 494 - </programlisting> 494 + ``` 495 495 ''; 496 496 }; 497 497
+13 -15
nixos/modules/services/web-servers/apache-httpd/vhost-options.nix
··· 45 45 { ip = "192.154.1.1"; port = 80; } 46 46 { ip = "*"; port = 8080; } 47 47 ]; 48 - description = '' 48 + description = lib.mdDoc '' 49 49 Listen addresses and ports for this virtual host. 50 - <note> 51 - <para> 52 - This option overrides <literal>addSSL</literal>, <literal>forceSSL</literal> and <literal>onlySSL</literal>. 53 - </para> 54 - <para> 55 - If you only want to set the addresses manually and not the ports, take a look at <literal>listenAddresses</literal>. 56 - </para> 57 - </note> 50 + 51 + ::: {.note} 52 + This option overrides `addSSL`, `forceSSL` and `onlySSL`. 53 + 54 + If you only want to set the addresses manually and not the ports, take a look at `listenAddresses`. 55 + ::: 58 56 ''; 59 57 }; 60 58 ··· 202 200 file = "/home/eelco/some-file.png"; 203 201 } 204 202 ]; 205 - description = '' 203 + description = lib.mdDoc '' 206 204 This option provides a simple way to serve individual, static files. 207 205 208 - <note><para> 209 - This option has been deprecated and will be removed in a future 210 - version of NixOS. You can achieve the same result by making use of 211 - the <literal>locations.&lt;name&gt;.alias</literal> option. 212 - </para></note> 206 + ::: {.note} 207 + This option has been deprecated and will be removed in a future 208 + version of NixOS. You can achieve the same result by making use of 209 + the `locations.<name>.alias` option. 210 + ::: 213 211 ''; 214 212 }; 215 213
+33 -36
nixos/modules/services/web-servers/caddy/default.nix
··· 57 57 user = mkOption { 58 58 default = "caddy"; 59 59 type = types.str; 60 - description = '' 60 + description = lib.mdDoc '' 61 61 User account under which caddy runs. 62 62 63 - <note><para> 64 - If left as the default value this user will automatically be created 65 - on system activation, otherwise you are responsible for 66 - ensuring the user exists before the Caddy service starts. 67 - </para></note> 63 + ::: {.note} 64 + If left as the default value this user will automatically be created 65 + on system activation, otherwise you are responsible for 66 + ensuring the user exists before the Caddy service starts. 67 + ::: 68 68 ''; 69 69 }; 70 70 71 71 group = mkOption { 72 72 default = "caddy"; 73 73 type = types.str; 74 - description = '' 74 + description = lib.mdDoc '' 75 75 Group account under which caddy runs. 76 76 77 - <note><para> 78 - If left as the default value this user will automatically be created 79 - on system activation, otherwise you are responsible for 80 - ensuring the user exists before the Caddy service starts. 81 - </para></note> 77 + ::: {.note} 78 + If left as the default value this user will automatically be created 79 + on system activation, otherwise you are responsible for 80 + ensuring the user exists before the Caddy service starts. 81 + ::: 82 82 ''; 83 83 }; 84 84 ··· 94 94 dataDir = mkOption { 95 95 type = types.path; 96 96 default = "/var/lib/caddy"; 97 - description = '' 97 + description = lib.mdDoc '' 98 98 The data directory for caddy. 99 99 100 - <note> 101 - <para> 102 - If left as the default value this directory will automatically be created 103 - before the Caddy server starts, otherwise you are responsible for ensuring 104 - the directory exists with appropriate ownership and permissions. 105 - </para> 106 - <para> 107 - Caddy v2 replaced <literal>CADDYPATH</literal> with XDG directories. 108 - See <link xlink:href="https://caddyserver.com/docs/conventions#file-locations"/>. 109 - </para> 110 - </note> 100 + ::: {.note} 101 + If left as the default value this directory will automatically be created 102 + before the Caddy server starts, otherwise you are responsible for ensuring 103 + the directory exists with appropriate ownership and permissions. 104 + 105 + Caddy v2 replaced `CADDYPATH` with XDG directories. 106 + See <https://caddyserver.com/docs/conventions#file-locations>. 107 + ::: 111 108 ''; 112 109 }; 113 110 114 111 logDir = mkOption { 115 112 type = types.path; 116 113 default = "/var/log/caddy"; 117 - description = '' 114 + description = lib.mdDoc '' 118 115 Directory for storing Caddy access logs. 119 116 120 - <note><para> 121 - If left as the default value this directory will automatically be created 122 - before the Caddy server starts, otherwise the sysadmin is responsible for 123 - ensuring the directory exists with appropriate ownership and permissions. 124 - </para></note> 117 + ::: {.note} 118 + If left as the default value this directory will automatically be created 119 + before the Caddy server starts, otherwise the sysadmin is responsible for 120 + ensuring the directory exists with appropriate ownership and permissions. 121 + ::: 125 122 ''; 126 123 }; 127 124 ··· 163 160 default = "caddyfile"; 164 161 example = "nginx"; 165 162 type = types.str; 166 - description = '' 163 + description = lib.mdDoc '' 167 164 Name of the config adapter to use. 168 - See <link xlink:href="https://caddyserver.com/docs/config-adapters"/> 165 + See <https://caddyserver.com/docs/config-adapters> 169 166 for the full list. 170 167 171 - <note><para> 172 - Any value other than <literal>caddyfile</literal> is only valid when 173 - providing your own <option>configFile</option>. 174 - </para></note> 168 + ::: {.note} 169 + Any value other than `caddyfile` is only valid when 170 + providing your own {option}`configFile`. 171 + ::: 175 172 ''; 176 173 }; 177 174
+5 -2
nixos/modules/services/web-servers/phpfpm/default.nix
··· 40 40 socket = mkOption { 41 41 type = types.str; 42 42 readOnly = true; 43 - description = '' 43 + description = lib.mdDoc '' 44 44 Path to the unix socket file on which to accept FastCGI requests. 45 - <note><para>This option is read-only and managed by NixOS.</para></note> 45 + 46 + ::: {.note} 47 + This option is read-only and managed by NixOS. 48 + ::: 46 49 ''; 47 50 example = "${runtimeDir}/<name>.sock"; 48 51 };
+13 -15
nixos/modules/services/web-servers/uwsgi.nix
··· 167 167 "CAP_NET_RAW" # open raw sockets 168 168 ] 169 169 ''; 170 - description = '' 170 + description = lib.mdDoc '' 171 171 Grant capabilities to the uWSGI instance. See the 172 - <literal>capabilities(7)</literal> for available values. 173 - <note> 174 - <para> 175 - uWSGI runs as an unprivileged user (even as Emperor) with the minimal 176 - capabilities required. This option can be used to add fine-grained 177 - permissions without running the service as root. 178 - </para> 179 - <para> 180 - When in Emperor mode, any capability to be inherited by a vassal must 181 - be specified again in the vassal configuration using <literal>cap</literal>. 182 - See the uWSGI <link xlink:href="https://uwsgi-docs.readthedocs.io/en/latest/Capabilities.html">docs</link> 183 - for more information. 184 - </para> 185 - </note> 172 + `capabilities(7)` for available values. 173 + 174 + ::: {.note} 175 + uWSGI runs as an unprivileged user (even as Emperor) with the minimal 176 + capabilities required. This option can be used to add fine-grained 177 + permissions without running the service as root. 178 + 179 + When in Emperor mode, any capability to be inherited by a vassal must 180 + be specified again in the vassal configuration using `cap`. 181 + See the uWSGI [docs](https://uwsgi-docs.readthedocs.io/en/latest/Capabilities.html) 182 + for more information. 183 + ::: 186 184 ''; 187 185 }; 188 186 };
+6 -4
nixos/modules/services/x11/xserver.nix
··· 431 431 firstPrimary = head heads // { primary = true; }; 432 432 newHeads = singleton firstPrimary ++ tail heads; 433 433 in if heads != [] && !hasPrimary then newHeads else heads; 434 - description = '' 434 + description = lib.mdDoc '' 435 435 Multiple monitor configuration, just specify a list of XRandR 436 436 outputs. The individual elements should be either simple strings or 437 437 an attribute set of output options. 438 438 439 439 If the element is a string, it is denoting the physical output for a 440 440 monitor, if it's an attribute set, you must at least provide the 441 - <option>output</option> option. 441 + {option}`output` option. 442 442 443 443 The monitors will be mapped from left to right in the order of the 444 444 list. 445 445 446 446 By default, the first monitor will be set as the primary monitor if 447 447 none of the elements contain an option that has set 448 - <option>primary</option> to <literal>true</literal>. 448 + {option}`primary` to `true`. 449 449 450 - <note><para>Only one monitor is allowed to be primary.</para></note> 450 + ::: {.note} 451 + Only one monitor is allowed to be primary. 452 + ::: 451 453 452 454 Be careful using this option with multiple graphic adapters or with 453 455 drivers that have poor support for XRandR, unexpected things might
+5 -7
nixos/modules/system/boot/initrd-openvpn.nix
··· 25 25 26 26 boot.initrd.network.openvpn.configuration = mkOption { 27 27 type = types.path; # Same type as boot.initrd.secrets 28 - description = '' 28 + description = lib.mdDoc '' 29 29 The configuration file for OpenVPN. 30 30 31 - <warning> 32 - <para> 33 - Unless your bootloader supports initrd secrets, this configuration 34 - is stored insecurely in the global Nix store. 35 - </para> 36 - </warning> 31 + ::: {.warning} 32 + Unless your bootloader supports initrd secrets, this configuration 33 + is stored insecurely in the global Nix store. 34 + ::: 37 35 ''; 38 36 example = literalExpression "./configuration.ovpn"; 39 37 };
+15 -18
nixos/modules/system/boot/initrd-ssh.nix
··· 47 47 "/etc/secrets/initrd/ssh_host_rsa_key" 48 48 "/etc/secrets/initrd/ssh_host_ed25519_key" 49 49 ]; 50 - description = '' 50 + description = lib.mdDoc '' 51 51 Specify SSH host keys to import into the initrd. 52 52 53 53 To generate keys, use 54 - <citerefentry><refentrytitle>ssh-keygen</refentrytitle><manvolnum>1</manvolnum></citerefentry> 54 + {manpage}`ssh-keygen(1)` 55 55 as root: 56 56 57 - <programlisting> 57 + ``` 58 58 ssh-keygen -t rsa -N "" -f /etc/secrets/initrd/ssh_host_rsa_key 59 59 ssh-keygen -t ed25519 -N "" -f /etc/secrets/initrd/ssh_host_ed25519_key 60 - </programlisting> 60 + ``` 61 + 62 + ::: {.warning} 63 + Unless your bootloader supports initrd secrets, these keys 64 + are stored insecurely in the global Nix store. Do NOT use 65 + your regular SSH host private keys for this purpose or 66 + you'll expose them to regular users! 61 67 62 - <warning> 63 - <para> 64 - Unless your bootloader supports initrd secrets, these keys 65 - are stored insecurely in the global Nix store. Do NOT use 66 - your regular SSH host private keys for this purpose or 67 - you'll expose them to regular users! 68 - </para> 69 - <para> 70 - Additionally, even if your initrd supports secrets, if 71 - you're using initrd SSH to unlock an encrypted disk then 72 - using your regular host keys exposes the private keys on 73 - your unencrypted boot partition. 74 - </para> 75 - </warning> 68 + Additionally, even if your initrd supports secrets, if 69 + you're using initrd SSH to unlock an encrypted disk then 70 + using your regular host keys exposes the private keys on 71 + your unencrypted boot partition. 72 + ::: 76 73 ''; 77 74 }; 78 75
+22 -22
nixos/modules/system/boot/loader/grub/grub.nix
··· 417 417 splashImage = mkOption { 418 418 type = types.nullOr types.path; 419 419 example = literalExpression "./my-background.png"; 420 - description = '' 420 + description = lib.mdDoc '' 421 421 Background image used for GRUB. 422 - Set to <literal>null</literal> to run GRUB in text mode. 422 + Set to `null` to run GRUB in text mode. 423 423 424 - <note><para> 424 + ::: {.note} 425 425 For grub 1: 426 426 It must be a 640x480, 427 427 14-colour image in XPM format, optionally compressed with 428 - <command>gzip</command> or <command>bzip2</command>. 429 - </para></note> 428 + {command}`gzip` or {command}`bzip2`. 429 + ::: 430 430 431 - <note><para> 431 + ::: {.note} 432 432 For grub 2: 433 433 File must be one of .png, .tga, .jpg, or .jpeg. JPEG images must 434 434 not be progressive. 435 435 The image will be scaled if necessary to fit the screen. 436 - </para></note> 436 + ::: 437 437 ''; 438 438 }; 439 439 ··· 441 441 type = types.nullOr types.str; 442 442 example = "#7EBAE4"; 443 443 default = null; 444 - description = '' 444 + description = lib.mdDoc '' 445 445 Background color to be used for GRUB to fill the areas the image isn't filling. 446 446 447 - <note><para> 447 + ::: {.note} 448 448 This options has no effect for GRUB 1. 449 - </para></note> 449 + ::: 450 450 ''; 451 451 }; 452 452 453 453 entryOptions = mkOption { 454 454 default = "--class nixos --unrestricted"; 455 455 type = types.nullOr types.str; 456 - description = '' 456 + description = lib.mdDoc '' 457 457 Options applied to the primary NixOS menu entry. 458 458 459 - <note><para> 459 + ::: {.note} 460 460 This options has no effect for GRUB 1. 461 - </para></note> 461 + ::: 462 462 ''; 463 463 }; 464 464 465 465 subEntryOptions = mkOption { 466 466 default = "--class nixos"; 467 467 type = types.nullOr types.str; 468 - description = '' 468 + description = lib.mdDoc '' 469 469 Options applied to the secondary NixOS submenu entry. 470 470 471 - <note><para> 471 + ::: {.note} 472 472 This options has no effect for GRUB 1. 473 - </para></note> 473 + ::: 474 474 ''; 475 475 }; 476 476 ··· 478 478 type = types.nullOr types.path; 479 479 example = literalExpression "pkgs.nixos-grub2-theme"; 480 480 default = null; 481 - description = '' 481 + description = lib.mdDoc '' 482 482 Grub theme to be used. 483 483 484 - <note><para> 484 + ::: {.note} 485 485 This options has no effect for GRUB 1. 486 - </para></note> 486 + ::: 487 487 ''; 488 488 }; 489 489 490 490 splashMode = mkOption { 491 491 type = types.enum [ "normal" "stretch" ]; 492 492 default = "stretch"; 493 - description = '' 493 + description = lib.mdDoc '' 494 494 Whether to stretch the image or show the image in the top-left corner unstretched. 495 495 496 - <note><para> 496 + ::: {.note} 497 497 This options has no effect for GRUB 1. 498 - </para></note> 498 + ::: 499 499 ''; 500 500 }; 501 501
+9 -7
nixos/modules/virtualisation/qemu-vm.nix
··· 510 510 ] 511 511 ''; 512 512 description = 513 - '' 513 + lib.mdDoc '' 514 514 When using the SLiRP user networking (default), this option allows to 515 515 forward ports to/from the host/guest. 516 516 517 - <warning><para> 518 - If the NixOS firewall on the virtual machine is enabled, you also 519 - have to open the guest ports to enable the traffic between host and 520 - guest. 521 - </para></warning> 517 + ::: {.warning} 518 + If the NixOS firewall on the virtual machine is enabled, you also 519 + have to open the guest ports to enable the traffic between host and 520 + guest. 521 + ::: 522 522 523 - <note><para>Currently QEMU supports only IPv4 forwarding.</para></note> 523 + ::: {.note} 524 + Currently QEMU supports only IPv4 forwarding. 525 + ::: 524 526 ''; 525 527 }; 526 528
+17 -17
nixos/modules/virtualisation/virtualbox-host.nix
··· 18 18 19 19 { 20 20 options.virtualisation.virtualbox.host = { 21 - enable = mkEnableOption "VirtualBox" // { 22 - description = '' 21 + enable = mkEnableOption (lib.mdDoc "VirtualBox") // { 22 + description = lib.mdDoc '' 23 23 Whether to enable VirtualBox. 24 24 25 - <note><para> 26 - In order to pass USB devices from the host to the guests, the user 27 - needs to be in the <literal>vboxusers</literal> group. 28 - </para></note> 25 + ::: {.note} 26 + In order to pass USB devices from the host to the guests, the user 27 + needs to be in the `vboxusers` group. 28 + ::: 29 29 ''; 30 30 }; 31 31 32 - enableExtensionPack = mkEnableOption "VirtualBox extension pack" // { 33 - description = '' 32 + enableExtensionPack = mkEnableOption (lib.mdDoc "VirtualBox extension pack") // { 33 + description = lib.mdDoc '' 34 34 Whether to install the Oracle Extension Pack for VirtualBox. 35 35 36 - <important><para> 37 - You must set <literal>nixpkgs.config.allowUnfree = true</literal> in 38 - order to use this. This requires you accept the VirtualBox PUEL. 39 - </para></important> 36 + ::: {.important} 37 + You must set `nixpkgs.config.allowUnfree = true` in 38 + order to use this. This requires you accept the VirtualBox PUEL. 39 + ::: 40 40 ''; 41 41 }; 42 42 ··· 60 60 enableHardening = mkOption { 61 61 type = types.bool; 62 62 default = true; 63 - description = '' 63 + description = lib.mdDoc '' 64 64 Enable hardened VirtualBox, which ensures that only the binaries in the 65 65 system path get access to the devices exposed by the kernel modules 66 66 instead of all users in the vboxusers group. 67 67 68 - <important><para> 69 - Disabling this can put your system's security at risk, as local users 70 - in the vboxusers group can tamper with the VirtualBox device files. 71 - </para></important> 68 + ::: {.important} 69 + Disabling this can put your system's security at risk, as local users 70 + in the vboxusers group can tamper with the VirtualBox device files. 71 + ::: 72 72 ''; 73 73 }; 74 74
+12 -12
nixos/modules/virtualisation/vmware-host.nix
··· 20 20 { 21 21 options = with lib; { 22 22 virtualisation.vmware.host = { 23 - enable = mkEnableOption "VMware" // { 24 - description = '' 23 + enable = mkEnableOption (lib.mdDoc "VMware") // { 24 + description = lib.mdDoc '' 25 25 This enables VMware host virtualisation for running VMs. 26 26 27 - <important><para> 28 - <literal>vmware-vmx</literal> will cause kcompactd0 due to 29 - <literal>Transparent Hugepages</literal> feature in kernel. 30 - Apply <literal>[ "transparent_hugepage=never" ]</literal> in 31 - option <option>boot.kernelParams</option> to disable them. 32 - </para></important> 27 + ::: {.important} 28 + `vmware-vmx` will cause kcompactd0 due to 29 + `Transparent Hugepages` feature in kernel. 30 + Apply `[ "transparent_hugepage=never" ]` in 31 + option {option}`boot.kernelParams` to disable them. 32 + ::: 33 33 34 - <note><para> 35 - If that didn't work disable <literal>TRANSPARENT_HUGEPAGE</literal>, 36 - <literal>COMPACTION</literal> configs and recompile kernel. 37 - </para></note> 34 + ::: {.note} 35 + If that didn't work disable `TRANSPARENT_HUGEPAGE`, 36 + `COMPACTION` configs and recompile kernel. 37 + ::: 38 38 ''; 39 39 }; 40 40 package = mkOption {