nixos/*: replace <code> in option docs with <literal>

markdown can't represent the difference without another extension and both the html manual and the manpage render them the same, so keeping the distinction is not very useful on its own. with the distinction removed we can automatically convert many options that use <code> tags to markdown. the manpage remains unchanged, html manual does not render differently (but class names on code tags do change from "code" to "literal").
2024-11-23 15:33:13 +00:00 · 2022-08-02 02:47:05 +02:00 · 2022-08-02 02:47:05 +02:00 · 16102dce2f
commit 16102dce2f
parent 694d5b19d3
34 changed files with 120 additions and 120 deletions
--- a/nixos/modules/config/resolvconf.nix
+++ b/nixos/modules/config/resolvconf.nix
@ -84,8 +84,8 @@ in
        type = types.bool;
        default = true;
        description = ''
-          Enable the <code>edns0</code> option in <filename>resolv.conf</filename>. With
+          Enable the <literal>edns0</literal> option in <filename>resolv.conf</filename>. With
-          that option set, <code>glibc</code> supports use of the extension mechanisms for
+          that option set, <literal>glibc</literal> supports use of the extension mechanisms for
          DNS (EDNS) specified in RFC 2671. The most popular user of that feature is DNSSEC,
          which does not work without it.
        '';
--- a/nixos/modules/config/shells-environment.nix
+++ b/nixos/modules/config/shells-environment.nix
@ -113,7 +113,7 @@ in
        An attribute set that maps aliases (the top level attribute names in
        this option) to command strings or directly to build outputs. The
        aliases are added to all users' shells.
-        Aliases mapped to <code>null</code> are ignored.
+        Aliases mapped to <literal>null</literal> are ignored.
      '';
      type = with types; attrsOf (nullOr (either str path));
    };
--- a/nixos/modules/config/system-environment.nix
+++ b/nixos/modules/config/system-environment.nix
@ -30,7 +30,7 @@ in
        Also, these variables are merged into
        <xref linkend="opt-environment.variables"/> and it is
        therefore not possible to use PAM style variables such as
-        <code>@{HOME}</code>.
+        <literal>@{HOME}</literal>.
      '';
      type = with types; attrsOf (either str (listOf str));
      apply = mapAttrs (n: v: if isList v then concatStringsSep ":" v else v);
@ -58,7 +58,7 @@ in
        Also, these variables are merged into
        <xref linkend="opt-environment.profileRelativeEnvVars"/> and it is
        therefore not possible to use PAM style variables such as
-        <code>@{HOME}</code>.
+        <literal>@{HOME}</literal>.
      '';
    };
--- a/nixos/modules/config/users-groups.nix
+++ b/nixos/modules/config/users-groups.nix
@ -154,8 +154,8 @@ let
        description = ''
          Attributes for user's entry in
          <filename>pam_mount.conf.xml</filename>.
-          Useful attributes might include <code>path</code>,
+          Useful attributes might include <literal>path</literal>,
-          <code>options</code>, <code>fstype</code>, and <code>server</code>.
+          <literal>options</literal>, <literal>fstype</literal>, and <literal>server</literal>.
          See <link
          xlink:href="http://pam-mount.sourceforge.net/pam_mount.conf.5.html" />
          for more information.
@ -172,7 +172,7 @@ let
          like <literal>pkgs.bashInteractive</literal>. Don’t
          forget to enable your shell in
          <literal>programs</literal> if necessary,
-          like <code>programs.zsh.enable = true;</code>.
+          like <literal>programs.zsh.enable = true;</literal>.
        '';
      };
--- a/nixos/modules/misc/nixpkgs.nix
+++ b/nixos/modules/misc/nixpkgs.nix
@ -119,11 +119,11 @@ in
      example = literalExpression "import <nixpkgs> {}";
      description = ''
        If set, the pkgs argument to all NixOS modules is the value of
-        this option, extended with <code>nixpkgs.overlays</code>, if
+        this option, extended with <literal>nixpkgs.overlays</literal>, if
-        that is also set. Either <code>nixpkgs.crossSystem</code> or
+        that is also set. Either <literal>nixpkgs.crossSystem</literal> or
-        <code>nixpkgs.localSystem</code> will be used in an assertion
+        <literal>nixpkgs.localSystem</literal> will be used in an assertion
        to check that the NixOS and Nixpkgs architectures match. Any
-        other options in <code>nixpkgs.*</code>, notably <code>config</code>,
+        other options in <literal>nixpkgs.*</literal>, notably <literal>config</literal>,
        will be ignored.
        If unset, the pkgs argument to all NixOS modules is determined
@ -132,18 +132,18 @@ in
        The default value imports the Nixpkgs source files
        relative to the location of this NixOS module, because
        NixOS and Nixpkgs are distributed together for consistency,
-        so the <code>nixos</code> in the default value is in fact a
+        so the <literal>nixos</literal> in the default value is in fact a
-        relative path. The <code>config</code>, <code>overlays</code>,
+        relative path. The <literal>config</literal>, <literal>overlays</literal>,
-        <code>localSystem</code>, and <code>crossSystem</code> come
+        <literal>localSystem</literal>, and <literal>crossSystem</literal> come
        from this option's siblings.
        This option can be used by applications like NixOps to increase
        the performance of evaluation, or to create packages that depend
        on a container that should be built with the exact same evaluation
        of Nixpkgs, for example. Applications like this should set
-        their default value using <code>lib.mkDefault</code>, so
+        their default value using <literal>lib.mkDefault</literal>, so
        user-provided configuration can override it without using
-        <code>lib</code>.
+        <literal>lib</literal>.
        Note that using a distinct version of Nixpkgs with NixOS may
        be an unexpected source of problems. Use this option with care.
@ -162,7 +162,7 @@ in
        details, see the Nixpkgs documentation.)  It allows you to set
        package configuration options.
-        Ignored when <code>nixpkgs.pkgs</code> is set.
+        Ignored when <literal>nixpkgs.pkgs</literal> is set.
      '';
    };
@ -188,9 +188,9 @@ in
        The first argument should be used for finding dependencies, and
        the second should be used for overriding recipes.
-        If <code>nixpkgs.pkgs</code> is set, overlays specified here
+        If <literal>nixpkgs.pkgs</literal> is set, overlays specified here
        will be applied after the overlays that were already present
-        in <code>nixpkgs.pkgs</code>.
+        in <literal>nixpkgs.pkgs</literal>.
      '';
    };
@ -205,9 +205,9 @@ in
      description = ''
        Specifies the platform where the NixOS configuration will run.
-        To cross-compile, set also <code>nixpkgs.buildPlatform</code>.
+        To cross-compile, set also <literal>nixpkgs.buildPlatform</literal>.
-        Ignored when <code>nixpkgs.pkgs</code> is set.
+        Ignored when <literal>nixpkgs.pkgs</literal> is set.
      '';
    };
@ -230,7 +230,7 @@ in
        or if you're building machines, you can set this to match your
        development system and/or build farm.
-        Ignored when <code>nixpkgs.pkgs</code> is set.
+        Ignored when <literal>nixpkgs.pkgs</literal> is set.
      '';
    };
@ -253,7 +253,7 @@ in
        use the old options.
        Specifies the platform on which NixOS should be built. When
-        <code>nixpkgs.crossSystem</code> is unset, it also specifies
+        <literal>nixpkgs.crossSystem</literal> is unset, it also specifies
        the platform <emphasis>for</emphasis> which NixOS should be
        built.  If this option is unset, it defaults to the platform
        type of the machine where evaluation happens. Specifying this
@ -261,7 +261,7 @@ in
        deployment, or when building virtual machines. See its
        description in the Nixpkgs manual for more details.
-        Ignored when <code>nixpkgs.pkgs</code> or <code>hostPlatform</code> is set.
+        Ignored when <literal>nixpkgs.pkgs</literal> or <literal>hostPlatform</literal> is set.
      '';
    };
@ -279,13 +279,13 @@ in
        Specifies the platform for which NixOS should be
        built. Specify this only if it is different from
-        <code>nixpkgs.localSystem</code>, the platform
+        <literal>nixpkgs.localSystem</literal>, the platform
        <emphasis>on</emphasis> which NixOS should be built. In other
        words, specify this to cross-compile NixOS. Otherwise it
        should be set as null, the default. See its description in the
        Nixpkgs manual for more details.
-        Ignored when <code>nixpkgs.pkgs</code> or <code>hostPlatform</code> is set.
+        Ignored when <literal>nixpkgs.pkgs</literal> or <literal>hostPlatform</literal> is set.
      '';
    };
@ -316,7 +316,7 @@ in
        with a recently generated <literal>hardware-configuration.nix</literal>.
        Specifies the Nix platform type on which NixOS should be built.
-        It is better to specify <code>nixpkgs.localSystem</code> instead.
+        It is better to specify <literal>nixpkgs.localSystem</literal> instead.
        <programlisting>
        {
          nixpkgs.system = ..;
@ -328,9 +328,9 @@ in
          nixpkgs.localSystem.system = ..;
        }
        </programlisting>
-        See <code>nixpkgs.localSystem</code> for more information.
+        See <literal>nixpkgs.localSystem</literal> for more information.
-        Ignored when <code>nixpkgs.pkgs</code>, <code>nixpkgs.localSystem</code> or <code>nixpkgs.hostPlatform</code> is set.
+        Ignored when <literal>nixpkgs.pkgs</literal>, <literal>nixpkgs.localSystem</literal> or <literal>nixpkgs.hostPlatform</literal> is set.
      '';
    };
  };
--- a/nixos/modules/programs/adb.nix
+++ b/nixos/modules/programs/adb.nix
@ -14,7 +14,7 @@ with lib;
        description = ''
          Whether to configure system to use Android Debug Bridge (adb).
          To grant access to a user, it must be part of adbusers group:
-          <code>users.users.alice.extraGroups = ["adbusers"];</code>
+          <literal>users.users.alice.extraGroups = ["adbusers"];</literal>
        '';
      };
    };
--- a/nixos/modules/programs/firejail.nix
+++ b/nixos/modules/programs/firejail.nix
@ -74,7 +74,7 @@ in {
        You will get file collisions if you put the actual application binary in
        the global environment (such as by adding the application package to
-        <code>environment.systemPackages</code>), and applications started via
+        <literal>environment.systemPackages</literal>), and applications started via
        .desktop files are not wrapped if they specify the absolute path to the
        binary.
      '';
--- a/nixos/modules/programs/gphoto2.nix
+++ b/nixos/modules/programs/gphoto2.nix
@ -15,7 +15,7 @@ with lib;
          Whether to configure system to use gphoto2.
          To grant digital camera access to a user, the user must
          be part of the camera group:
-          <code>users.users.alice.extraGroups = ["camera"];</code>
+          <literal>users.users.alice.extraGroups = ["camera"];</literal>
        '';
      };
    };
--- a/nixos/modules/programs/kdeconnect.nix
+++ b/nixos/modules/programs/kdeconnect.nix
@ -8,7 +8,7 @@ with lib;
      Note that it will open the TCP and UDP port from
      1714 to 1764 as they are needed for it to function properly.
      You can use the <option>package</option> to use
-      <code>gnomeExtensions.gsconnect</code> as an alternative
+      <literal>gnomeExtensions.gsconnect</literal> as an alternative
      implementation if you use Gnome.
    '';
    package = mkOption {
--- a/nixos/modules/programs/ssh.nix
+++ b/nixos/modules/programs/ssh.nix
@ -95,7 +95,7 @@ in
        default = "";
        description = ''
          Extra configuration text prepended to <filename>ssh_config</filename>. Other generated
-          options will be added after a <code>Host *</code> pattern.
+          options will be added after a <literal>Host *</literal> pattern.
          See <citerefentry><refentrytitle>ssh_config</refentrytitle><manvolnum>5</manvolnum></citerefentry>
          for help.
        '';
--- a/nixos/modules/programs/turbovnc.nix
+++ b/nixos/modules/programs/turbovnc.nix
@ -22,7 +22,7 @@ in
          This will enable <option>hardware.opengl.enable</option> so that OpenGL
          programs can find Mesa's llvmpipe drivers.
-          Setting this option to <code>false</code> does not mean that software
+          Setting this option to <literal>false</literal> does not mean that software
          OpenGL won't work; it may still work depending on your system
          configuration.
--- a/nixos/modules/security/acme/default.nix
+++ b/nixos/modules/security/acme/default.nix
@ -505,7 +505,7 @@ let
        type = types.listOf types.str;
        inherit (defaultAndText "reloadServices" []) default defaultText;
        description = ''
-          The list of systemd services to call <code>systemctl try-reload-or-restart</code>
+          The list of systemd services to call <literal>systemctl try-reload-or-restart</literal>
          on.
        '';
      };
--- a/nixos/modules/security/doas.nix
+++ b/nixos/modules/security/doas.nix
@ -63,7 +63,7 @@ in
      type = with types; bool;
      default = true;
      description = ''
-        Whether users of the <code>wheel</code> group must provide a password to
+        Whether users of the <literal>wheel</literal> group must provide a password to
        run commands as super user via <command>doas</command>.
      '';
    };
@ -74,7 +74,7 @@ in
        Define specific rules to be set in the
        <filename>/etc/doas.conf</filename> file. More specific rules should
        come after more general ones in order to yield the expected behavior.
-        You can use <code>mkBefore</code> and/or <code>mkAfter</code> to ensure
+        You can use <literal>mkBefore</literal> and/or <literal>mkAfter</literal> to ensure
        this is the case when configuration options are merged.
      '';
      example = literalExpression ''
@ -114,7 +114,7 @@ in
              type = with types; bool;
              default = false;
              description = ''
-                If <code>true</code>, the user is not required to enter a
+                If <literal>true</literal>, the user is not required to enter a
                password.
              '';
            };
@ -123,7 +123,7 @@ in
              type = with types; bool;
              default = false;
              description = ''
-                If <code>true</code>, successful executions will not be logged
+                If <literal>true</literal>, successful executions will not be logged
                to
                <citerefentry><refentrytitle>syslogd</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
              '';
@ -133,7 +133,7 @@ in
              type = with types; bool;
              default = false;
              description = ''
-                If <code>true</code>, do not ask for a password again for some
+                If <literal>true</literal>, do not ask for a password again for some
                time after the user successfully authenticates.
              '';
            };
@ -142,7 +142,7 @@ in
              type = with types; bool;
              default = false;
              description = ''
-                If <code>true</code>, environment variables other than those
+                If <literal>true</literal>, environment variables other than those
                listed in
                <citerefentry><refentrytitle>doas</refentrytitle><manvolnum>1</manvolnum></citerefentry>
                are kept when creating the environment for the new process.
@ -155,15 +155,15 @@ in
              description = ''
                Keep or set the specified variables. Variables may also be
                removed with a leading '-' or set using
-                <code>variable=value</code>. If the first character of
+                <literal>variable=value</literal>. If the first character of
-                <code>value</code> is a '$', the value to be set is taken from
+                <literal>value</literal> is a '$', the value to be set is taken from
                the existing environment variable of the indicated name. This
                option is processed after the default environment has been
                created.
-                NOTE: All rules have <code>setenv { SSH_AUTH_SOCK }</code> by
+                NOTE: All rules have <literal>setenv { SSH_AUTH_SOCK }</literal> by
-                default. To prevent <code>SSH_AUTH_SOCK</code> from being
+                default. To prevent <literal>SSH_AUTH_SOCK</literal> from being
-                inherited, add <code>"-SSH_AUTH_SOCK"</code> anywhere in this
+                inherited, add <literal>"-SSH_AUTH_SOCK"</literal> anywhere in this
                list.
              '';
            };
@ -185,12 +185,12 @@ in
              default = null;
              description = ''
                Which user or group the specified command is allowed to run as.
-                When set to <code>null</code> (the default), all users are
+                When set to <literal>null</literal> (the default), all users are
                allowed.
                A user can be specified using just the username:
-                <code>"foo"</code>. It is also possible to only allow running as
+                <literal>"foo"</literal>. It is also possible to only allow running as
-                a specific group with <code>":bar"</code>.
+                a specific group with <literal>":bar"</literal>.
              '';
            };
@ -199,7 +199,7 @@ in
              default = null;
              description = ''
                The command the user is allowed to run. When set to
-                <code>null</code> (the default), all commands are allowed.
+                <literal>null</literal> (the default), all commands are allowed.
                NOTE: It is best practice to specify absolute paths. If a
                relative path is specified, only a restricted PATH will be
@ -212,7 +212,7 @@ in
              default = null;
              description = ''
                Arguments that must be provided to the command. When set to
-                <code>[]</code>, the command must be run without any arguments.
+                <literal>[]</literal>, the command must be run without any arguments.
              '';
            };
          };
--- a/nixos/modules/security/sudo.nix
+++ b/nixos/modules/security/sudo.nix
@ -56,7 +56,7 @@ in
      default = true;
      description =
        ''
-          Whether users of the <code>wheel</code> group must
+          Whether users of the <literal>wheel</literal> group must
          provide a password to run commands as super user via <command>sudo</command>.
        '';
      };
@ -65,9 +65,9 @@ in
      type = types.bool;
      default = false;
      description = ''
-        Only allow members of the <code>wheel</code> group to execute sudo by
+        Only allow members of the <literal>wheel</literal> group to execute sudo by
        setting the executable's permissions accordingly.
-        This prevents users that are not members of <code>wheel</code> from
+        This prevents users that are not members of <literal>wheel</literal> from
        exploiting vulnerabilities in sudo such as CVE-2021-3156.
      '';
    };
@ -142,9 +142,9 @@ in
            description = ''
              Under which user/group the specified command is allowed to run.
-              A user can be specified using just the username: <code>"foo"</code>.
+              A user can be specified using just the username: <literal>"foo"</literal>.
-              It is also possible to specify a user/group combination using <code>"foo:bar"</code>
+              It is also possible to specify a user/group combination using <literal>"foo:bar"</literal>
-              or to only allow running as a specific group with <code>":bar"</code>.
+              or to only allow running as a specific group with <literal>":bar"</literal>.
            '';
          };
@ -159,7 +159,7 @@ in
                  type = with types; str;
                  description = ''
                    A command being either just a path to a binary to allow any arguments,
-                    the full command with arguments pre-set or with <code>""</code> used as the argument,
+                    the full command with arguments pre-set or with <literal>""</literal> used as the argument,
                    not allowing arguments to the command at all.
                  '';
                };
--- a/nixos/modules/services/databases/firebird.nix
+++ b/nixos/modules/services/databases/firebird.nix
@ -48,8 +48,8 @@ in
        type = types.package;
        example = literalExpression "pkgs.firebird_3";
        description = ''
-          Which Firebird package to be installed: <code>pkgs.firebird_3</code>
+          Which Firebird package to be installed: <literal>pkgs.firebird_3</literal>
-          For SuperServer use override: <code>pkgs.firebird_3.override { superServer = true; };</code>
+          For SuperServer use override: <literal>pkgs.firebird_3.override { superServer = true; };</literal>
        '';
      };
--- a/nixos/modules/services/databases/mysql.nix
+++ b/nixos/modules/services/databases/mysql.nix
@ -211,7 +211,7 @@ in
                For more information on how to specify the target
                and on which privileges exist, see the
                <link xlink:href="https://mariadb.com/kb/en/library/grant/">GRANT syntax</link>.
-                The attributes are used as <code>GRANT ''${attrName} ON ''${attrValue}</code>.
+                The attributes are used as <literal>GRANT ''${attrName} ON ''${attrValue}</literal>.
              '';
              example = literalExpression ''
                {
--- a/nixos/modules/services/databases/postgresql.nix
+++ b/nixos/modules/services/databases/postgresql.nix
@ -159,7 +159,7 @@ in
                For more information on how to specify the target
                and on which privileges exist, see the
                <link xlink:href="https://www.postgresql.org/docs/current/sql-grant.html">GRANT syntax</link>.
-                The attributes are used as <code>GRANT ''${attrValue} ON ''${attrName}</code>.
+                The attributes are used as <literal>GRANT ''${attrValue} ON ''${attrName}</literal>.
              '';
              example = literalExpression ''
                {
--- a/nixos/modules/services/mail/nullmailer.nix
+++ b/nixos/modules/services/mail/nullmailer.nix
@ -39,10 +39,10 @@ with lib;
        type = types.nullOr types.str;
        default = null;
        description = ''
-          Path to the <code>remotes</code> control file. This file contains a
+          Path to the <literal>remotes</literal> control file. This file contains a
          list of remote servers to which to send each message.
-          See <code>man 8 nullmailer-send</code> for syntax and available
+          See <literal>man 8 nullmailer-send</literal> for syntax and available
          options.
        '';
      };
@ -158,12 +158,12 @@ with lib;
            contains a remote host name or address followed by an optional
            protocol string, separated by white space.
-            See <code>man 8 nullmailer-send</code> for syntax and available
+            See <literal>man 8 nullmailer-send</literal> for syntax and available
            options.
            WARNING: This is stored world-readable in the nix store. If you need
            to specify any secret credentials here, consider using the
-            <code>remotesFile</code> option instead.
+            <literal>remotesFile</literal> option instead.
          '';
        };
--- a/nixos/modules/services/mail/public-inbox.nix
+++ b/nixos/modules/services/mail/public-inbox.nix
@ -26,7 +26,7 @@ let
      description = ''
        Listening port.
        Beware that public-inbox uses well-known ports number to decide whether to enable TLS or not.
-        Set to null and use <code>systemd.sockets.public-inbox-${proto}d.listenStreams</code>
+        Set to null and use <literal>systemd.sockets.public-inbox-${proto}d.listenStreams</literal>
        if you need a more advanced listening.
      '';
    };
@ -242,8 +242,8 @@ in
        description = ''
          Listening port or systemd's ListenStream= entry
          to be used as a reverse proxy, eg. in nginx:
-          <code>locations."/inbox".proxyPass = "http://unix:''${config.services.public-inbox.http.port}:/inbox";</code>
+          <literal>locations."/inbox".proxyPass = "http://unix:''${config.services.public-inbox.http.port}:/inbox";</literal>
-          Set to null and use <code>systemd.sockets.public-inbox-httpd.listenStreams</code>
+          Set to null and use <literal>systemd.sockets.public-inbox-httpd.listenStreams</literal>
          if you need a more advanced listening.
        '';
      };
--- a/nixos/modules/services/misc/autorandr.nix
+++ b/nixos/modules/services/misc/autorandr.nix
@ -29,7 +29,7 @@ let
        type = types.attrsOf types.str;
        description = ''
          Output name to EDID mapping.
-          Use <code>autorandr --fingerprint</code> to get current setup values.
+          Use <literal>autorandr --fingerprint</literal> to get current setup values.
        '';
        default = { };
      };
--- a/nixos/modules/services/misc/sourcehut/default.nix
+++ b/nixos/modules/services/misc/sourcehut/default.nix
@ -180,7 +180,7 @@ in
          network-key = mkOption {
            description = ''
              An absolute file path (which should be outside the Nix-store)
-              to a secret key to encrypt internal messages with. Use <code>srht-keygen network</code> to
+              to a secret key to encrypt internal messages with. Use <literal>srht-keygen network</literal> to
              generate this key. It must be consistent between all services and nodes.
            '';
            type = types.path;
@ -209,7 +209,7 @@ in
          service-key = mkOption {
            description = ''
              An absolute file path (which should be outside the Nix-store)
-              to a key used for encrypting session cookies. Use <code>srht-keygen service</code> to
+              to a key used for encrypting session cookies. Use <literal>srht-keygen service</literal> to
              generate the service key. This must be shared between each node of the same
              service (e.g. git1.sr.ht and git2.sr.ht), but different services may use
              different keys. If you configure all of your services with the same
@ -252,8 +252,8 @@ in
              Your PGP key information (DO NOT mix up pub and priv here)
              You must remove the password from your secret key, if present.
-              You can do this with <code>gpg --edit-key [key-id]</code>,
+              You can do this with <literal>gpg --edit-key [key-id]</literal>,
-              then use the <code>passwd</code> command and do not enter a new password.
+              then use the <literal>passwd</literal> command and do not enter a new password.
            '';
          };
          pgp-pubkey = mkOption {
@ -294,7 +294,7 @@ in
              This should be consistent for all *.sr.ht sites,
              as this key will be used to verify signatures
              from other sites in your network.
-              Use the <code>srht-keygen webhook</code> command to generate a key.
+              Use the <literal>srht-keygen webhook</literal> command to generate a key.
            '';
            type = types.path;
            apply = s: "<" + toString s;
--- a/nixos/modules/services/networking/bird.nix
+++ b/nixos/modules/services/networking/bird.nix
@ -24,7 +24,7 @@ in
        description = ''
          Whether the config should be checked at build time.
          When the config can't be checked during build time, for example when it includes
-          other files, either disable this option or use <code>preCheckConfig</code> to create
+          other files, either disable this option or use <literal>preCheckConfig</literal> to create
          the included files before checking.
        '';
      };
@ -36,7 +36,7 @@ in
        '';
        description = ''
          Commands to execute before the config file check. The file to be checked will be
-          available as <code>bird2.conf</code> in the current directory.
+          available as <literal>bird2.conf</literal> in the current directory.
          Files created with this option will not be available at service runtime, only during
          build time checking.
--- a/nixos/modules/services/networking/ghostunnel.nix
+++ b/nixos/modules/services/networking/ghostunnel.nix
@ -40,9 +40,9 @@ let
          description = ''
            Path to keystore (combined PEM with cert/key, or PKCS12 keystore).
-            NB: storepass is not supported because it would expose credentials via <code>/proc/*/cmdline</code>.
+            NB: storepass is not supported because it would expose credentials via <literal>/proc/*/cmdline</literal>.
-            Specify this or <code>cert</code> and <code>key</code>.
+            Specify this or <literal>cert</literal> and <literal>key</literal>.
          '';
          type = types.nullOr types.str;
          default = null;
@ -52,7 +52,7 @@ let
          description = ''
            Path to certificate (PEM with certificate chain).
-            Not required if <code>keystore</code> is set.
+            Not required if <literal>keystore</literal> is set.
          '';
          type = types.nullOr types.str;
          default = null;
@ -62,7 +62,7 @@ let
          description = ''
            Path to certificate private key (PEM with private key).
-            Not required if <code>keystore</code> is set.
+            Not required if <literal>keystore</literal> is set.
          '';
          type = types.nullOr types.str;
          default = null;
@ -70,7 +70,7 @@ let
        cacert = mkOption {
          description = ''
-            Path to CA bundle file (PEM/X509). Uses system trust store if <code>null</code>.
+            Path to CA bundle file (PEM/X509). Uses system trust store if <literal>null</literal>.
          '';
          type = types.nullOr types.str;
        };
@ -124,7 +124,7 @@ let
        };
        extraArguments = mkOption {
-          description = "Extra arguments to pass to <code>ghostunnel server</code>";
+          description = "Extra arguments to pass to <literal>ghostunnel server</literal>";
          type = types.separatedString " ";
          default = "";
        };
--- a/nixos/modules/services/networking/nntp-proxy.nix
+++ b/nixos/modules/services/networking/nntp-proxy.nix
@ -169,7 +169,7 @@ in
              example = "$6$GtzE7FrpE$wwuVgFYU.TZH4Rz.Snjxk9XGua89IeVwPQ/fEUD8eujr40q5Y021yhn0aNcsQ2Ifw.BLclyzvzgegopgKcneL0";
              description = ''
                SHA-512 password hash (can be generated by
-                <code>mkpasswd -m sha-512 &lt;password&gt;</code>)
+                <literal>mkpasswd -m sha-512 &lt;password&gt;</literal>)
              '';
            };
--- a/nixos/modules/services/networking/nsd.nix
+++ b/nixos/modules/services/networking/nsd.nix
@ -393,7 +393,7 @@ let
        type = types.listOf types.str;
        default = [];
        description = ''
-          Format: <code>[AXFR|UDP] &lt;ip-address&gt; &lt;key-name | NOKEY&gt;</code>
+          Format: <literal>[AXFR|UDP] &lt;ip-address&gt; &lt;key-name | NOKEY&gt;</literal>
        '';
      };
--- a/nixos/modules/services/networking/openconnect.nix
+++ b/nixos/modules/services/networking/openconnect.nix
@ -40,8 +40,8 @@ let
      passwordFile = mkOption {
        description = ''
          File containing the password to authenticate with. This
-          is passed to <code>openconnect</code> via the
+          is passed to <literal>openconnect</literal> via the
-          <code>--passwd-on-stdin</code> option.
+          <literal>--passwd-on-stdin</literal> option.
        '';
        default = null;
        example = "/var/lib/secrets/openconnect-passwd";
@ -66,10 +66,10 @@ let
        description = ''
          Extra config to be appended to the interface config. It should
          contain long-format options as would be accepted on the command
-          line by <code>openconnect</code>
+          line by <literal>openconnect</literal>
          (see https://www.infradead.org/openconnect/manual.html).
-          Non-key-value options like <code>deflate</code> can be used by
+          Non-key-value options like <literal>deflate</literal> can be used by
-          declaring them as booleans, i. e. <code>deflate = true;</code>.
+          declaring them as booleans, i. e. <literal>deflate = true;</literal>.
        '';
        default = { };
        example = {
--- a/nixos/modules/services/networking/yggdrasil.nix
+++ b/nixos/modules/services/networking/yggdrasil.nix
@ -44,8 +44,8 @@ in {
          are supplied, they will be combined, with values from
          <option>configFile</option> taking precedence.
-          You can use the command <code>nix-shell -p yggdrasil --run
+          You can use the command <literal>nix-shell -p yggdrasil --run
-          "yggdrasil -genconf"</code> to generate default
+          "yggdrasil -genconf"</literal> to generate default
          configuration values with documentation.
        '';
      };
@ -64,7 +64,7 @@ in {
        type = types.nullOr types.str;
        default = null;
        example = "wheel";
-        description = "Group to grant access to the Yggdrasil control socket. If <code>null</code>, only root can access the socket.";
+        description = "Group to grant access to the Yggdrasil control socket. If <literal>null</literal>, only root can access the socket.";
      };
      openMulticastPort = mkOption {
@ -74,7 +74,7 @@ in {
          Whether to open the UDP port used for multicast peer
          discovery. The NixOS firewall blocks link-local
          communication, so in order to make local peering work you
-          will also need to set <code>LinkLocalTCPPort</code> in your
+          will also need to set <literal>LinkLocalTCPPort</literal> in your
          yggdrasil configuration (<option>config</option> or
          <option>configFile</option>) to a port number other than 0,
          and then add that port to
--- a/nixos/modules/services/torrent/transmission.nix
+++ b/nixos/modules/services/torrent/transmission.nix
@ -175,7 +175,7 @@ in
        default = null;
        example = "770";
        description = ''
-          If not <code>null</code>, is used as the permissions
+          If not <literal>null</literal>, is used as the permissions
          set by <literal>systemd.activationScripts.transmission-daemon</literal>
          on the directories <xref linkend="opt-services.transmission.settings.download-dir"/>,
          <xref linkend="opt-services.transmission.settings.incomplete-dir"/>.
@ -214,7 +214,7 @@ in
        description = ''
          Path to a JSON file to be merged with the settings.
          Useful to merge a file which is better kept out of the Nix store
-          to set secret config parameters like <code>rpc-password</code>.
+          to set secret config parameters like <literal>rpc-password</literal>.
        '';
        default = "/dev/null";
        example = "/var/lib/secrets/transmission/settings.json";
@ -237,7 +237,7 @@ in
        to open many more connections at the same time.
        Note that you may also want to increase
-        <code>peer-limit-global"</code>.
+        <literal>peer-limit-global"</literal>.
        And be aware that these settings are quite aggressive
        and might not suite your regular desktop use.
        For instance, SSH sessions may time out more easily'';
--- a/nixos/modules/services/web-apps/bookstack.nix
+++ b/nixos/modules/services/web-apps/bookstack.nix
@ -52,7 +52,7 @@ in {
      description = ''
        A file containing the Laravel APP_KEY - a 32 character long,
        base64 encoded key used for encryption where needed. Can be
-        generated with <code>head -c 32 /dev/urandom | base64</code>.
+        generated with <literal>head -c 32 /dev/urandom | base64</literal>.
      '';
      example = "/run/keys/bookstack-appkey";
      type = types.path;
@ -74,7 +74,7 @@ in {
    appURL = mkOption {
      description = ''
        The root URL that you want to host BookStack on. All URLs in BookStack will be generated using this value.
-        If you change this in the future you may need to run a command to update stored URLs in the database. Command example: <code>php artisan bookstack:update-url https://old.example.com https://new.example.com</code>
+        If you change this in the future you may need to run a command to update stored URLs in the database. Command example: <literal>php artisan bookstack:update-url https://old.example.com https://new.example.com</literal>
      '';
      default = "http${lib.optionalString tlsEnabled "s"}://${cfg.hostname}";
      defaultText = ''http''${lib.optionalString tlsEnabled "s"}://''${cfg.hostname}'';
--- a/nixos/modules/services/web-apps/mastodon.nix
+++ b/nixos/modules/services/web-apps/mastodon.nix
@ -113,17 +113,17 @@ in {
          affect other virtualHosts running on your nginx instance, if any.
          Alternatively you can configure a reverse-proxy of your choice to serve these paths:
-          <code>/ -> $(nix-instantiate --eval '&lt;nixpkgs&gt;' -A mastodon.outPath)/public</code>
+          <literal>/ -> $(nix-instantiate --eval '&lt;nixpkgs&gt;' -A mastodon.outPath)/public</literal>
-          <code>/ -> 127.0.0.1:{{ webPort }} </code>(If there was no file in the directory above.)
+          <literal>/ -> 127.0.0.1:{{ webPort }} </literal>(If there was no file in the directory above.)
-          <code>/system/ -> /var/lib/mastodon/public-system/</code>
+          <literal>/system/ -> /var/lib/mastodon/public-system/</literal>
-          <code>/api/v1/streaming/ -> 127.0.0.1:{{ streamingPort }}</code>
+          <literal>/api/v1/streaming/ -> 127.0.0.1:{{ streamingPort }}</literal>
          Make sure that websockets are forwarded properly. You might want to set up caching
          of some requests. Take a look at mastodon's provided nginx configuration at
-          <code>https://github.com/mastodon/mastodon/blob/master/dist/nginx.conf</code>.
+          <literal>https://github.com/mastodon/mastodon/blob/master/dist/nginx.conf</literal>.
        '';
        type = lib.types.bool;
        default = false;
@ -135,13 +135,13 @@ in {
          that user will be created, otherwise it should be set to the
          name of a user created elsewhere.  In both cases,
          <package>mastodon</package> and a package containing only
-          the shell script <code>mastodon-env</code> will be added to
+          the shell script <literal>mastodon-env</literal> will be added to
          the user's package set. To run a command from
-          <package>mastodon</package> such as <code>tootctl</code>
+          <package>mastodon</package> such as <literal>tootctl</literal>
          with the environment configured by this module use
-          <code>mastodon-env</code>, as in:
+          <literal>mastodon-env</literal>, as in:
-          <code>mastodon-env tootctl accounts create newuser --email newuser@example.com</code>
+          <literal>mastodon-env tootctl accounts create newuser --email newuser@example.com</literal>
        '';
        type = lib.types.str;
        default = "mastodon";
@ -202,7 +202,7 @@ in {
          Voluntary Application Server Identification.  A new keypair can
          be generated by running:
-          <code>nix build -f '&lt;nixpkgs&gt;' mastodon; cd result; bin/rake webpush:generate_keys</code>
+          <literal>nix build -f '&lt;nixpkgs&gt;' mastodon; cd result; bin/rake webpush:generate_keys</literal>
          If <option>mastodon.vapidPrivateKeyFile</option>does not
          exist, it and this file will be created with a new keypair.
@ -222,7 +222,7 @@ in {
          Path to file containing the secret key base.
          A new secret key base can be generated by running:
-          <code>nix build -f '&lt;nixpkgs&gt;' mastodon; cd result; bin/rake secret</code>
+          <literal>nix build -f '&lt;nixpkgs&gt;' mastodon; cd result; bin/rake secret</literal>
          If this file does not exist, it will be created with a new secret key base.
        '';
@ -235,7 +235,7 @@ in {
          Path to file containing the OTP secret.
          A new OTP secret can be generated by running:
-          <code>nix build -f '&lt;nixpkgs&gt;' mastodon; cd result; bin/rake secret</code>
+          <literal>nix build -f '&lt;nixpkgs&gt;' mastodon; cd result; bin/rake secret</literal>
          If this file does not exist, it will be created with a new OTP secret.
        '';
@ -249,7 +249,7 @@ in {
          Voluntary Application Server Identification.  A new keypair can
          be generated by running:
-          <code>nix build -f '&lt;nixpkgs&gt;' mastodon; cd result; bin/rake webpush:generate_keys</code>
+          <literal>nix build -f '&lt;nixpkgs&gt;' mastodon; cd result; bin/rake webpush:generate_keys</literal>
          If this file does not exist, it will be created with a new
          private key.
--- a/nixos/modules/services/web-apps/nextcloud.nix
+++ b/nixos/modules/services/web-apps/nextcloud.nix
@ -586,8 +586,8 @@ in {
        type = types.ints.positive;
        default = 15552000;
        description = ''
-          Value for the <code>max-age</code> directive of the HTTP
+          Value for the <literal>max-age</literal> directive of the HTTP
-          <code>Strict-Transport-Security</code> header.
+          <literal>Strict-Transport-Security</literal> header.
          See section 6.1.1 of IETF RFC 6797 for detailed information on this
          directive and header.
--- a/nixos/modules/services/web-apps/snipe-it.nix
+++ b/nixos/modules/services/web-apps/snipe-it.nix
@ -46,7 +46,7 @@ in {
      description = ''
        A file containing the Laravel APP_KEY - a 32 character long,
        base64 encoded key used for encryption where needed. Can be
-        generated with <code>head -c 32 /dev/urandom | base64</code>.
+        generated with <literal>head -c 32 /dev/urandom | base64</literal>.
      '';
      example = "/run/keys/snipe-it/appkey";
      type = types.path;
@ -69,7 +69,7 @@ in {
      description = ''
        The root URL that you want to host Snipe-IT on. All URLs in Snipe-IT will be generated using this value.
        If you change this in the future you may need to run a command to update stored URLs in the database.
-        Command example: <code>snipe-it snipe-it:update-url https://old.example.com https://new.example.com</code>
+        Command example: <literal>snipe-it snipe-it:update-url https://old.example.com https://new.example.com</literal>
      '';
      default = "http${lib.optionalString tlsEnabled "s"}://${cfg.hostName}";
      defaultText = ''
--- a/nixos/modules/virtualisation/podman/default.nix
+++ b/nixos/modules/virtualisation/podman/default.nix
@ -74,7 +74,7 @@ in
        Podman implements the Docker API.
-        Users must be in the <code>podman</code> group in order to connect. As
+        Users must be in the <literal>podman</literal> group in order to connect. As
        with Docker, members of this group can gain root access.
      '';
    };
--- a/nixos/modules/virtualisation/podman/network-socket.nix
+++ b/nixos/modules/virtualisation/podman/network-socket.nix
@ -22,7 +22,7 @@ in
        with TLS client certificate authentication.
        This allows Docker clients to connect with the equivalents of the Docker
-        CLI <code>-H</code> and <code>--tls*</code> family of options.
+        CLI <literal>-H</literal> and <literal>--tls*</literal> family of options.
        For certificate setup, see https://docs.docker.com/engine/security/protect-access/