diff --git a/.editorconfig b/.editorconfig index 7b40ff1ff568..f272739f240a 100644 --- a/.editorconfig +++ b/.editorconfig @@ -13,8 +13,8 @@ charset = utf-8 # see https://nixos.org/nixpkgs/manual/#chap-conventions -# Match nix/ruby files, set indent to spaces with width of two -[*.{nix,rb}] +# Match nix/ruby/docbook files, set indent to spaces with width of two +[*.{nix,rb,xml}] indent_style = space indent_size = 2 diff --git a/nixos/doc/manual/administration/cleaning-store.xml b/nixos/doc/manual/administration/cleaning-store.xml index 4cf62947f528..52512b8f1270 100644 --- a/nixos/doc/manual/administration/cleaning-store.xml +++ b/nixos/doc/manual/administration/cleaning-store.xml @@ -29,8 +29,8 @@ this unit automatically at certain points in time, for instance, every night at 03:15: -nix.gc.automatic = true; -nix.gc.dates = "03:15"; + = true; + = "03:15"; diff --git a/nixos/doc/manual/administration/container-networking.xml b/nixos/doc/manual/administration/container-networking.xml index d89d262eff4e..2fc353059dfc 100644 --- a/nixos/doc/manual/administration/container-networking.xml +++ b/nixos/doc/manual/administration/container-networking.xml @@ -39,9 +39,9 @@ IP address. This can be accomplished using the following configuration on the host: -networking.nat.enable = true; -networking.nat.internalInterfaces = ["ve-+"]; -networking.nat.externalInterface = "eth0"; + = true; + = ["ve-+"]; + = "eth0"; where eth0 should be replaced with the desired external interface. Note that ve-+ is a wildcard diff --git a/nixos/doc/manual/administration/control-groups.xml b/nixos/doc/manual/administration/control-groups.xml index 0d7b8ae910a7..03db40a3bc52 100644 --- a/nixos/doc/manual/administration/control-groups.xml +++ b/nixos/doc/manual/administration/control-groups.xml @@ -47,7 +47,7 @@ would get 1/1001 of the cgroup’s CPU time.) You can limit a service’s CPU share in configuration.nix: -systemd.services.httpd.serviceConfig.CPUShares = 512; +systemd.services.httpd.serviceConfig.CPUShares = 512; By default, every cgroup has 1024 CPU shares, so this will halve the @@ -61,7 +61,7 @@ available memory. Per-cgroup memory limits can be specified in httpd.service to 512 MiB of RAM (excluding swap): -systemd.services.httpd.serviceConfig.MemoryLimit = "512M"; +systemd.services.httpd.serviceConfig.MemoryLimit = "512M"; diff --git a/nixos/doc/manual/administration/declarative-containers.xml b/nixos/doc/manual/administration/declarative-containers.xml index 94f03a2ee116..79b230e5fc7f 100644 --- a/nixos/doc/manual/administration/declarative-containers.xml +++ b/nixos/doc/manual/administration/declarative-containers.xml @@ -15,8 +15,8 @@ following specifies that there shall be a container named containers.database = { config = { config, pkgs, ... }: - { services.postgresql.enable = true; - services.postgresql.package = pkgs.postgresql96; + { = true; + = pkgs.postgresql96; }; }; @@ -33,11 +33,11 @@ ports. However, they cannot change the network configuration. You can give a container its own network as follows: -containers.database = - { privateNetwork = true; - hostAddress = "192.168.100.10"; - localAddress = "192.168.100.11"; - }; +containers.database = { + privateNetwork = true; + hostAddress = "192.168.100.10"; + localAddress = "192.168.100.11"; +}; This gives the container a private virtual Ethernet interface with IP diff --git a/nixos/doc/manual/administration/imperative-containers.xml b/nixos/doc/manual/administration/imperative-containers.xml index d5d8140e0764..d39ac7f8bef4 100644 --- a/nixos/doc/manual/administration/imperative-containers.xml +++ b/nixos/doc/manual/administration/imperative-containers.xml @@ -30,8 +30,8 @@ line. For instance, to create a container that has # nixos-container create foo --config ' - services.openssh.enable = true; - users.extraUsers.root.openssh.authorizedKeys.keys = ["ssh-dss AAAAB3N…"]; + = true; + users.extraUsers.root.openssh.authorizedKeys.keys = ["ssh-dss AAAAB3N…"]; ' @@ -100,9 +100,9 @@ specify a new configuration on the command line: # nixos-container update foo --config ' - services.httpd.enable = true; - services.httpd.adminAddr = "foo@example.org"; - networking.firewall.allowedTCPPorts = [ 80 ]; + = true; + = "foo@example.org"; + = [ 80 ]; ' # curl http://$(nixos-container show-ip foo)/ diff --git a/nixos/doc/manual/configuration/abstractions.xml b/nixos/doc/manual/configuration/abstractions.xml index cbd54bca62f9..f794085295cf 100644 --- a/nixos/doc/manual/configuration/abstractions.xml +++ b/nixos/doc/manual/configuration/abstractions.xml @@ -11,7 +11,7 @@ to abstract. Take, for instance, this Apache HTTP Server configuration: { - services.httpd.virtualHosts = + = [ { hostName = "example.org"; documentRoot = "/webroot"; adminAddr = "alice@example.org"; @@ -43,7 +43,7 @@ let }; in { - services.httpd.virtualHosts = + = [ exampleOrgCommon (exampleOrgCommon // { enableSSL = true; @@ -66,7 +66,7 @@ allowed. Thus, you also could have written: { - services.httpd.virtualHosts = + = let exampleOrgCommon = ...; in [ exampleOrgCommon (exampleOrgCommon // { ... }) @@ -86,7 +86,7 @@ the host name. This can be done as follows: { - services.httpd.virtualHosts = + = let makeVirtualHost = name: { hostName = name; @@ -113,7 +113,7 @@ element in a list: { - services.httpd.virtualHosts = + = let makeVirtualHost = ...; in map makeVirtualHost @@ -132,7 +132,7 @@ function that takes a set as its argument, like this: { - services.httpd.virtualHosts = + = let makeVirtualHost = { name, root }: { hostName = name; diff --git a/nixos/doc/manual/configuration/ad-hoc-network-config.xml b/nixos/doc/manual/configuration/ad-hoc-network-config.xml index 26a572ba1fb5..c53b9598109c 100644 --- a/nixos/doc/manual/configuration/ad-hoc-network-config.xml +++ b/nixos/doc/manual/configuration/ad-hoc-network-config.xml @@ -6,14 +6,14 @@ Ad-Hoc Configuration -You can use to specify +You can use to specify shell commands to be run at the end of network-setup.service. This is useful for doing network configuration not covered by the existing NixOS modules. For instance, to statically configure an IPv6 address: -networking.localCommands = + = '' ip -6 addr add 2001:610:685:1::1/64 dev eth0 ''; diff --git a/nixos/doc/manual/configuration/adding-custom-packages.xml b/nixos/doc/manual/configuration/adding-custom-packages.xml index ab3665bae504..ae58f61d73ed 100644 --- a/nixos/doc/manual/configuration/adding-custom-packages.xml +++ b/nixos/doc/manual/configuration/adding-custom-packages.xml @@ -24,7 +24,7 @@ manual. Finally, you add it to environment.systemPackages, e.g. -environment.systemPackages = [ pkgs.my-package ]; + = [ pkgs.my-package ]; and you run nixos-rebuild, specifying your own @@ -41,7 +41,7 @@ Nixpkgs tree. For instance, here is how you specify a build of the package directly in configuration.nix: -environment.systemPackages = + = let my-hello = with pkgs; stdenv.mkDerivation rec { name = "hello-2.8"; @@ -57,7 +57,7 @@ environment.systemPackages = Of course, you can also move the definition of my-hello into a separate Nix expression, e.g. -environment.systemPackages = [ (import ./my-hello.nix) ]; + = [ (import ./my-hello.nix) ]; where my-hello.nix contains: diff --git a/nixos/doc/manual/configuration/config-file.xml b/nixos/doc/manual/configuration/config-file.xml index 3d1cdaf4c4ab..d4ca15bb3e72 100644 --- a/nixos/doc/manual/configuration/config-file.xml +++ b/nixos/doc/manual/configuration/config-file.xml @@ -28,9 +28,9 @@ form name = { config, pkgs, ... }: -{ services.httpd.enable = true; - services.httpd.adminAddr = "alice@example.org"; - services.httpd.documentRoot = "/webroot"; +{ = true; + = "alice@example.org"; + = "/webroot"; } @@ -40,7 +40,7 @@ the document root. Sets can be nested, and in fact dots in option names are shorthand for defining a set containing another set. For instance, - defines a set named + defines a set named services that contains a set named httpd, which in turn contains an option definition named enable with value true. @@ -89,7 +89,7 @@ The option value `services.httpd.enable' in `/etc/nixos/configuration.nix' is no Strings are enclosed in double quotes, e.g. -networking.hostName = "dexter"; + = "dexter"; Special characters can be escaped by prefixing them with a @@ -99,7 +99,7 @@ networking.hostName = "dexter"; single quotes, e.g. -networking.extraHosts = + = '' 127.0.0.2 other-localhost 10.0.0.1 server @@ -125,8 +125,8 @@ networking.extraHosts = false, e.g. -networking.firewall.enable = true; -networking.firewall.allowPing = false; + = true; + = false; @@ -138,7 +138,7 @@ networking.firewall.allowPing = false; For example, -boot.kernel.sysctl."net.ipv4.tcp_keepalive_time" = 60; +."net.ipv4.tcp_keepalive_time" = 60; (Note that here the attribute name @@ -158,7 +158,7 @@ boot.kernel.sysctl."net.ipv4.tcp_keepalive_time" = 60; enclosed in braces, as in the option definition -fileSystems."/boot" = +."/boot" = { device = "/dev/sda1"; fsType = "ext4"; options = [ "rw" "data=ordered" "relatime" ]; @@ -175,7 +175,7 @@ fileSystems."/boot" = elements are separated by whitespace, like this: -boot.kernelModules = [ "fuse" "kvm-intel" "coretemp" ]; + = [ "fuse" "kvm-intel" "coretemp" ]; List elements can be any other type, e.g. sets: @@ -195,12 +195,12 @@ swapDevices = [ { device = "/dev/disk/by-label/swap"; } ]; the function argument pkgs. Typical uses: -environment.systemPackages = + = [ pkgs.thunderbird pkgs.emacs ]; -postgresql.package = pkgs.postgresql90; + = pkgs.postgresql90; The latter option definition changes the default PostgreSQL diff --git a/nixos/doc/manual/configuration/customizing-packages.xml b/nixos/doc/manual/configuration/customizing-packages.xml index 8aa01fb57a09..8b7654e9b42e 100644 --- a/nixos/doc/manual/configuration/customizing-packages.xml +++ b/nixos/doc/manual/configuration/customizing-packages.xml @@ -28,7 +28,7 @@ has a dependency on GTK+ 2. If you want to build it against GTK+ 3, you can specify that as follows: -environment.systemPackages = [ (pkgs.emacs.override { gtk = pkgs.gtk3; }) ]; + = [ (pkgs.emacs.override { gtk = pkgs.gtk3; }) ]; The function override performs the call to the Nix @@ -38,7 +38,7 @@ the set of arguments specified by you. So here the function argument causing Emacs to depend on GTK+ 3. (The parentheses are necessary because in Nix, function application binds more weakly than list construction, so without them, -environment.systemPackages would be a list with two + would be a list with two elements.) Even greater customisation is possible using the function @@ -51,7 +51,7 @@ For instance, if you want to override the source code of Emacs, you can say: -environment.systemPackages = [ + = [ (pkgs.emacs.overrideAttrs (oldAttrs: { name = "emacs-25.0-pre"; src = /path/to/my/emacs/tree; diff --git a/nixos/doc/manual/configuration/declarative-packages.xml b/nixos/doc/manual/configuration/declarative-packages.xml index dc2fa715097c..4c875e6f037f 100644 --- a/nixos/doc/manual/configuration/declarative-packages.xml +++ b/nixos/doc/manual/configuration/declarative-packages.xml @@ -8,12 +8,12 @@ With declarative package management, you specify which packages you want on your system by setting the option -. For instance, adding the +. For instance, adding the following line to configuration.nix enables the Mozilla Thunderbird email application: -environment.systemPackages = [ pkgs.thunderbird ]; + = [ pkgs.thunderbird ]; The effect of this specification is that the Thunderbird package from @@ -34,7 +34,7 @@ name, such as different channels that you might have.) To “uninstall” a package, simply remove it from - and run + and run nixos-rebuild switch. diff --git a/nixos/doc/manual/configuration/file-systems.xml b/nixos/doc/manual/configuration/file-systems.xml index ae3d124cd6bb..0ff37c38d8b0 100644 --- a/nixos/doc/manual/configuration/file-systems.xml +++ b/nixos/doc/manual/configuration/file-systems.xml @@ -13,21 +13,21 @@ device /dev/disk/by-label/data onto the mount point /data: -fileSystems."/data" = +."/data" = { device = "/dev/disk/by-label/data"; fsType = "ext4"; }; Mount points are created automatically if they don’t already exist. -For , it’s best to use the topology-independent +For , it’s best to use the topology-independent device aliases in /dev/disk/by-label and /dev/disk/by-uuid, as these don’t change if the topology changes (e.g. if a disk is moved to another IDE controller). You can usually omit the file system type -(), since mount can usually +(), since mount can usually detect the type and load the necessary kernel module automatically. However, if the file system is needed at early boot (in the initial ramdisk) and is not ext2, ext3 @@ -38,7 +38,7 @@ available. System startup will fail if any of the filesystems fails to mount, dropping you to the emergency shell. You can make a mount asynchronous and non-critical by adding -options = [ "nofail" ];. +options = [ "nofail" ];. diff --git a/nixos/doc/manual/configuration/firewall.xml b/nixos/doc/manual/configuration/firewall.xml index 75cccef95b38..ecc21a3bdf51 100644 --- a/nixos/doc/manual/configuration/firewall.xml +++ b/nixos/doc/manual/configuration/firewall.xml @@ -12,37 +12,37 @@ both IPv4 and IPv6 traffic. It is enabled by default. It can be disabled as follows: -networking.firewall.enable = false; + = false; If the firewall is enabled, you can open specific TCP ports to the outside world: -networking.firewall.allowedTCPPorts = [ 80 443 ]; + = [ 80 443 ]; Note that TCP port 22 (ssh) is opened automatically if the SSH daemon -is enabled (). UDP +is enabled (). UDP ports can be opened through -. +. To open ranges of TCP ports: -networking.firewall.allowedTCPPortRanges = [ + = [ { from = 4000; to = 4007; } { from = 8000; to = 8010; } ]; Similarly, UDP port ranges can be opened through -. +. Also of interest is -networking.firewall.allowPing = true; + = true; to allow the machine to respond to ping requests. (ICMPv6 pings are diff --git a/nixos/doc/manual/configuration/ipv4-config.xml b/nixos/doc/manual/configuration/ipv4-config.xml index 68238b547d60..fbc9695c6014 100644 --- a/nixos/doc/manual/configuration/ipv4-config.xml +++ b/nixos/doc/manual/configuration/ipv4-config.xml @@ -12,15 +12,18 @@ interfaces. However, you can configure an interface manually as follows: -networking.interfaces.eth0.ipv4.addresses = [ { address = "192.168.1.2"; prefixLength = 24; } ]; +networking.interfaces.eth0.ipv4.addresses = [ { + address = "192.168.1.2"; + prefixLength = 24; +} ]; Typically you’ll also want to set a default gateway and set of name servers: -networking.defaultGateway = "192.168.1.1"; -networking.nameservers = [ "8.8.8.8" ]; + = "192.168.1.1"; + = [ "8.8.8.8" ]; @@ -31,10 +34,10 @@ service The default gateway and name server configuration is performed by network-setup.service. -The host name is set using : +The host name is set using : -networking.hostName = "cartman"; + = "cartman"; The default host name is nixos. Set it to the diff --git a/nixos/doc/manual/configuration/ipv6-config.xml b/nixos/doc/manual/configuration/ipv6-config.xml index 74a21e18ec3f..e8960dc8930c 100644 --- a/nixos/doc/manual/configuration/ipv6-config.xml +++ b/nixos/doc/manual/configuration/ipv6-config.xml @@ -11,14 +11,14 @@ is used to automatically assign IPv6 addresses to all interfaces. You can disable IPv6 support globally by setting: -networking.enableIPv6 = false; + = false; You can disable IPv6 on a single interface using a normal sysctl (in this example, we use interface eth0): -boot.kernel.sysctl."net.ipv6.conf.eth0.disable_ipv6" = true; +."net.ipv6.conf.eth0.disable_ipv6" = true; @@ -26,14 +26,17 @@ boot.kernel.sysctl."net.ipv6.conf.eth0.disable_ipv6" = true; DHCPv6. You can configure an interface manually: -networking.interfaces.eth0.ipv6.addresses = [ { address = "fe00:aa:bb:cc::2"; prefixLength = 64; } ]; +networking.interfaces.eth0.ipv6.addresses = [ { + address = "fe00:aa:bb:cc::2"; + prefixLength = 64; +} ]; For configuring a gateway, optionally with explicitly specified interface: -networking.defaultGateway6 = { + = { address = "fe00::1"; interface = "enp0s3"; } diff --git a/nixos/doc/manual/configuration/linux-kernel.xml b/nixos/doc/manual/configuration/linux-kernel.xml index 52be26d6024a..b9325629256a 100644 --- a/nixos/doc/manual/configuration/linux-kernel.xml +++ b/nixos/doc/manual/configuration/linux-kernel.xml @@ -10,7 +10,7 @@ the option . For instance, this selects the Linux 3.10 kernel: -boot.kernelPackages = pkgs.linuxPackages_3_10; + = pkgs.linuxPackages_3_10; Note that this not only replaces the kernel, but also packages that are specific to the kernel version, such as the NVIDIA video drivers. @@ -45,23 +45,23 @@ is typically y, n or Kernel modules for hardware devices are generally loaded automatically by udev. You can force a module to -be loaded via , e.g. +be loaded via , e.g. -boot.kernelModules = [ "fuse" "kvm-intel" "coretemp" ]; + = [ "fuse" "kvm-intel" "coretemp" ]; If the module is required early during the boot (e.g. to mount the root file system), you can use -: +: -boot.initrd.extraKernelModules = [ "cifs" ]; + = [ "cifs" ]; This causes the specified modules and their dependencies to be added to the initial ramdisk. Kernel runtime parameters can be set through -, e.g. +, e.g. -boot.kernel.sysctl."net.ipv4.tcp_keepalive_time" = 120; +."net.ipv4.tcp_keepalive_time" = 120; sets the kernel’s TCP keepalive time to 120 seconds. To see the available parameters, run sysctl -a. diff --git a/nixos/doc/manual/configuration/luks-file-systems.xml b/nixos/doc/manual/configuration/luks-file-systems.xml index 00c795cd0898..6c2b4cc60b5b 100644 --- a/nixos/doc/manual/configuration/luks-file-systems.xml +++ b/nixos/doc/manual/configuration/luks-file-systems.xml @@ -33,13 +33,13 @@ as /, add the following to configuration.nix: -boot.initrd.luks.devices.crypted.device = "/dev/disk/by-uuid/3f6b0024-3a44-4fde-a43a-767b872abe5d"; -fileSystems."/".device = "/dev/mapper/crypted"; +boot.initrd.luks.devices.crypted.device = "/dev/disk/by-uuid/3f6b0024-3a44-4fde-a43a-767b872abe5d"; +."/".device = "/dev/mapper/crypted"; Should grub be used as bootloader, and /boot is located on an encrypted partition, it is necessary to add the following grub option: -boot.loader.grub.enableCryptodisk = true; + = true; diff --git a/nixos/doc/manual/configuration/modularity.xml b/nixos/doc/manual/configuration/modularity.xml index 5420c7f88385..2f76459a24e9 100644 --- a/nixos/doc/manual/configuration/modularity.xml +++ b/nixos/doc/manual/configuration/modularity.xml @@ -22,8 +22,8 @@ use other modules by including them from { config, pkgs, ... }: { imports = [ ./vpn.nix ./kde.nix ]; - services.httpd.enable = true; - environment.systemPackages = [ pkgs.emacs ]; + = true; + = [ pkgs.emacs ]; ... } @@ -35,25 +35,25 @@ latter might look like this: { config, pkgs, ... }: -{ services.xserver.enable = true; - services.xserver.displayManager.sddm.enable = true; - services.xserver.desktopManager.plasma5.enable = true; +{ = true; + = true; + = true; } Note that both configuration.nix and kde.nix define the option -. When multiple modules +. When multiple modules define an option, NixOS will try to merge the definitions. In the case of -, that’s easy: the lists of +, that’s easy: the lists of packages can simply be concatenated. The value in configuration.nix is merged last, so for list-type options, it will appear at the end of the merged list. If you want it to appear first, you can use mkBefore: -boot.kernelModules = mkBefore [ "kvm-intel" ]; + = mkBefore [ "kvm-intel" ]; This causes the kvm-intel kernel module to be @@ -61,7 +61,7 @@ loaded before any other kernel modules. For other types of options, a merge may not be possible. For instance, if two modules define -, +, nixos-rebuild will give an error: @@ -72,7 +72,7 @@ When that happens, it’s possible to force one definition take precedence over the others: -services.httpd.adminAddr = pkgs.lib.mkForce "bob@example.org"; + = pkgs.lib.mkForce "bob@example.org"; @@ -89,15 +89,15 @@ wondering how it’s possible that the (indirect) is a “lazy” language — it only computes values when they are needed. This works as long as no individual configuration value depends on itself.. For example, here is a module that adds -some packages to only if - is set to +some packages to only if + is set to true somewhere else: { config, pkgs, ... }: -{ environment.systemPackages = - if config.services.xserver.enable then +{ = + if config. then [ pkgs.firefox pkgs.thunderbird ] @@ -113,10 +113,10 @@ value of a configuration option is. The command allows you to find out: -$ nixos-option services.xserver.enable +$ nixos-option true -$ nixos-option boot.kernelModules +$ nixos-option [ "tun" "ipv6" "loop" ... ] @@ -130,10 +130,10 @@ typical use: $ nix-repl '<nixpkgs/nixos>' -nix-repl> config.networking.hostName +nix-repl> config. "mandark" -nix-repl> map (x: x.hostName) config.services.httpd.virtualHosts +nix-repl> map (x: x.hostName) config. [ "example.org" "example.gov" ] diff --git a/nixos/doc/manual/configuration/network-manager.xml b/nixos/doc/manual/configuration/network-manager.xml index b4808e74ff9d..bbbee3a52ed5 100644 --- a/nixos/doc/manual/configuration/network-manager.xml +++ b/nixos/doc/manual/configuration/network-manager.xml @@ -10,7 +10,7 @@ use NetworkManager. You can enable NetworkManager by setting: -networking.networkmanager.enable = true; + = true; some desktop managers (e.g., GNOME) enable NetworkManager @@ -20,7 +20,7 @@ automatically for you. belong to the networkmanager group: -users.extraUsers.youruser.extraGroups = [ "networkmanager" ]; +users.extraUsers.youruser.extraGroups = [ "networkmanager" ]; diff --git a/nixos/doc/manual/configuration/ssh.xml b/nixos/doc/manual/configuration/ssh.xml index 7c928baaf896..7dbe598cffe2 100644 --- a/nixos/doc/manual/configuration/ssh.xml +++ b/nixos/doc/manual/configuration/ssh.xml @@ -10,12 +10,12 @@ setting: -services.openssh.enable = true; + = true; By default, root logins using a password are disallowed. They can be disabled entirely by setting -services.openssh.permitRootLogin to + to "no". You can declaratively specify authorised RSA/DSA public keys for @@ -23,7 +23,7 @@ a user as follows: -users.extraUsers.alice.openssh.authorizedKeys.keys = +users.extraUsers.alice.openssh.authorizedKeys.keys = [ "ssh-dss AAAAB3NzaC1kc3MAAACBAPIkGWVEt4..." ]; diff --git a/nixos/doc/manual/configuration/user-mgmt.xml b/nixos/doc/manual/configuration/user-mgmt.xml index c6656edff6c8..1456a5894119 100644 --- a/nixos/doc/manual/configuration/user-mgmt.xml +++ b/nixos/doc/manual/configuration/user-mgmt.xml @@ -12,13 +12,13 @@ management. In the declarative style, users are specified in states that a user account named alice shall exist: -users.users.alice = - { isNormalUser = true; - home = "/home/alice"; - description = "Alice Foobar"; - extraGroups = [ "wheel" "networkmanager" ]; - openssh.authorizedKeys.keys = [ "ssh-dss AAAAB3Nza... alice@foobar" ]; - }; +.alice = { + isNormalUser = true; + home = "/home/alice"; + description = "Alice Foobar"; + extraGroups = [ "wheel" "networkmanager" ]; + openssh.authorizedKeys.keys = [ "ssh-dss AAAAB3Nza... alice@foobar" ]; +}; Note that alice is a member of the @@ -32,13 +32,13 @@ a password. However, you can use the passwd program to set a password, which is retained across invocations of nixos-rebuild. -If you set users.mutableUsers to false, then the contents of /etc/passwd -and /etc/group will be congruent to your NixOS configuration. For instance, -if you remove a user from users.users and run nixos-rebuild, the user -account will cease to exist. Also, imperative commands for managing users +If you set to false, then the contents of +/etc/passwd and /etc/group will be congruent to +your NixOS configuration. For instance, if you remove a user from +and run nixos-rebuild, the user account will cease to exist. Also, imperative commands for managing users and groups, such as useradd, are no longer available. Passwords may still be -assigned by setting the user's hashedPassword option. A -hashed password can be generated using mkpasswd -m sha-512 +assigned by setting the user's hashedPassword +option. A hashed password can be generated using mkpasswd -m sha-512 after installing the mkpasswd package. A user ID (uid) is assigned automatically. You can also specify @@ -54,7 +54,7 @@ to the user specification. group named students shall exist: -users.groups.students.gid = 1000; +.students.gid = 1000; As with users, the group ID (gid) is optional and will be assigned diff --git a/nixos/doc/manual/configuration/wireless.xml b/nixos/doc/manual/configuration/wireless.xml index 1868380dcbfa..6ce43a437009 100644 --- a/nixos/doc/manual/configuration/wireless.xml +++ b/nixos/doc/manual/configuration/wireless.xml @@ -15,12 +15,12 @@ section on wireless networks. NixOS will start wpa_supplicant for you if you enable this setting: -networking.wireless.enable = true; + = true; NixOS lets you specify networks for wpa_supplicant declaratively: -networking.wireless.networks = { + = { echelon = { psk = "abcdefgh"; }; diff --git a/nixos/doc/manual/configuration/x-windows.xml b/nixos/doc/manual/configuration/x-windows.xml index 9c2c59006f15..fd0daf6c6e57 100644 --- a/nixos/doc/manual/configuration/x-windows.xml +++ b/nixos/doc/manual/configuration/x-windows.xml @@ -9,14 +9,14 @@ The X Window System (X11) provides the basis of NixOS’ graphical user interface. It can be enabled as follows: -services.xserver.enable = true; + = true; The X server will automatically detect and use the appropriate video driver from a set of X.org drivers (such as vesa and intel). You can also specify a driver manually, e.g. -services.xserver.videoDrivers = [ "r128" ]; + = [ "r128" ]; to enable X.org’s xf86-video-r128 driver. @@ -25,13 +25,13 @@ Otherwise, you can only log into a plain undecorated xterm window. Thus you should pick one or more of the following lines: -services.xserver.desktopManager.plasma5.enable = true; -services.xserver.desktopManager.xfce.enable = true; -services.xserver.desktopManager.gnome3.enable = true; -services.xserver.windowManager.xmonad.enable = true; -services.xserver.windowManager.twm.enable = true; -services.xserver.windowManager.icewm.enable = true; -services.xserver.windowManager.i3.enable = true; + = true; + = true; + = true; + = true; + = true; + = true; + = true; @@ -40,22 +40,22 @@ program that provides a graphical login prompt and manages the X server) is SLiM. You can select an alternative one by picking one of the following lines: -services.xserver.displayManager.sddm.enable = true; -services.xserver.displayManager.lightdm.enable = true; + = true; + = true; You can set the keyboard layout (and optionally the layout variant): -services.xserver.layout = "de"; -services.xserver.xkbVariant = "neo"; + = "de"; + = "neo"; The X server is started automatically at boot time. If you don’t want this to happen, you can set: -services.xserver.autorun = false; + = false; The X server can then be started manually: @@ -70,13 +70,13 @@ The X server can then be started manually: has better 3D performance than the X.org drivers. It is not enabled by default because it’s not free software. You can enable it as follows: -services.xserver.videoDrivers = [ "nvidia" ]; + = [ "nvidia" ]; Or if you have an older card, you may have to use one of the legacy drivers: -services.xserver.videoDrivers = [ "nvidiaLegacy340" ]; -services.xserver.videoDrivers = [ "nvidiaLegacy304" ]; -services.xserver.videoDrivers = [ "nvidiaLegacy173" ]; + = [ "nvidiaLegacy340" ]; + = [ "nvidiaLegacy304" ]; + = [ "nvidiaLegacy173" ]; You may need to reboot after enabling this driver to prevent a clash with other kernel modules. @@ -84,7 +84,7 @@ with other kernel modules. On 64-bit systems, if you want full acceleration for 32-bit programs such as Wine, you should also set the following: -hardware.opengl.driSupport32Bit = true; + = true; @@ -96,7 +96,7 @@ hardware.opengl.driSupport32Bit = true; has better 3D performance than the X.org drivers. It is not enabled by default because it’s not free software. You can enable it as follows: -services.xserver.videoDrivers = [ "ati_unfree" ]; + = [ "ati_unfree" ]; You will need to reboot after enabling this driver to prevent a clash with other kernel modules. @@ -104,7 +104,7 @@ with other kernel modules. On 64-bit systems, if you want full acceleration for 32-bit programs such as Wine, you should also set the following: -hardware.opengl.driSupport32Bit = true; + = true; @@ -115,12 +115,12 @@ hardware.opengl.driSupport32Bit = true; Support for Synaptics touchpads (found in many laptops such as the Dell Latitude series) can be enabled as follows: -services.xserver.libinput.enable = true; + = true; The driver has many options (see ). For instance, the following disables tap-to-click behavior: -services.xserver.libinput.tapping = false; + = false; Note: the use of services.xserver.synaptics is deprecated since NixOS 17.09. diff --git a/nixos/doc/manual/configuration/xfce.xml b/nixos/doc/manual/configuration/xfce.xml index 18804d2c08be..8cb592faed53 100644 --- a/nixos/doc/manual/configuration/xfce.xml +++ b/nixos/doc/manual/configuration/xfce.xml @@ -9,9 +9,9 @@ To enable the Xfce Desktop Environment, set -services.xserver.desktopManager = { - xfce.enable = true; - default = "xfce"; +services.xserver.desktopManager = { + xfce.enable = true; + default = "xfce"; }; @@ -20,12 +20,12 @@ services.xserver.desktopManager = { Optionally, compton can be enabled for nice graphical effects, some example settings: -services.compton = { - enable = true; - fade = true; - inactiveOpacity = "0.9"; - shadow = true; - fadeDelta = 4; +services.compton = { + enable = true; + fade = true; + inactiveOpacity = "0.9"; + shadow = true; + fadeDelta = 4; }; @@ -33,9 +33,9 @@ services.compton = { Some Xfce programs are not installed automatically. To install them manually (system wide), put them into your - environment.systemPackages. + . - + Thunar Volume Support @@ -44,7 +44,7 @@ services.compton = { Thunar volume support, put -services.xserver.desktopManager.xfce.enable = true; + = true; into your configuration.nix. diff --git a/nixos/doc/manual/installation/changing-config.xml b/nixos/doc/manual/installation/changing-config.xml index 4db9020b9606..52d8a292f8be 100644 --- a/nixos/doc/manual/installation/changing-config.xml +++ b/nixos/doc/manual/installation/changing-config.xml @@ -75,7 +75,7 @@ have set mutableUsers = false. Another way is to temporarily add the following to your configuration: -users.extraUsers.your-user.initialPassword = "test" +users.extraUsers.your-user.initialHashedPassword = "test"; Important: delete the $hostname.qcow2 file if you diff --git a/nixos/doc/manual/installation/installing-from-other-distro.xml b/nixos/doc/manual/installation/installing-from-other-distro.xml index ecd020a067a9..7e6ddb05cd66 100644 --- a/nixos/doc/manual/installation/installing-from-other-distro.xml +++ b/nixos/doc/manual/installation/installing-from-other-distro.xml @@ -111,7 +111,7 @@ $ nix-channel --add https://nixos.org/channels/nixos-versionconfiguration.nix: -boot.loader.grub.extraEntries = '' + = '' menuentry "Ubuntu" { search --set=ubuntu --fs-uuid 3cc3e652-0c1f-4800-8451-033754f68e6e configfile "($ubuntu)/boot/grub/grub.cfg" @@ -183,7 +183,9 @@ $ sudo groupdel nixbld account with sudo passwd -l root if you use sudo) - users.extraUsers.root.initialHashedPassword = ""; + +users.extraUsers.root.initialHashedPassword = ""; + @@ -243,13 +245,15 @@ $ sudo groupdel nixbld $ sudo touch /etc/NIXOS -$ sudo touch /etc/NIXOS_LUSTRATE +$ sudo touch /etc/NIXOS_LUSTRATE + Let's also make sure the NixOS configuration files are kept once we reboot on NixOS: -$ echo etc/nixos | sudo tee -a /etc/NIXOS_LUSTRATE +$ echo etc/nixos | sudo tee -a /etc/NIXOS_LUSTRATE + diff --git a/nixos/doc/manual/installation/installing-virtualbox-guest.xml b/nixos/doc/manual/installation/installing-virtualbox-guest.xml index 7fcd22a112cf..2b31b7ed3152 100644 --- a/nixos/doc/manual/installation/installing-virtualbox-guest.xml +++ b/nixos/doc/manual/installation/installing-virtualbox-guest.xml @@ -42,7 +42,7 @@ -boot.loader.grub.device = "/dev/sda"; + = "/dev/sda"; @@ -51,7 +51,7 @@ boot.loader.grub.device = "/dev/sda"; -boot.initrd.checkJournalingFS = false; + = false; diff --git a/nixos/doc/manual/installation/installing.xml b/nixos/doc/manual/installation/installing.xml index 1f09704bce53..6b08bdb318bc 100644 --- a/nixos/doc/manual/installation/installing.xml +++ b/nixos/doc/manual/installation/installing.xml @@ -203,26 +203,29 @@ for a UEFI installation is by and large the same as a BIOS installation. The dif BIOS systems - You must set the option - to specify on which disk - the GRUB boot loader is to be installed. Without it, NixOS cannot - boot. + You must set the option + to specify on which disk + the GRUB boot loader is to be installed. Without it, NixOS cannot + boot. UEFI systems - You must set the option - to true. - nixos-generate-config should do this automatically for new - configurations when booted in - UEFI mode. - You may want to look at the options starting with - and - as well. + You must set the option + to true. + nixos-generate-config should do this automatically for new + configurations when booted in + UEFI mode. + You may want to look at the options starting with + and + as well. + + + If there are other operating systems running on the machine before installing NixOS, the - option can be set to + option can be set to true to automatically add them to the grub menu. Another critical option is , @@ -264,15 +267,15 @@ for a UEFI installation is by and large the same as a BIOS installation. The dif As the last step, nixos-install will ask you to set the password for the root user, e.g. - + setting root password... Enter new UNIX password: *** Retype new UNIX password: *** - + - To prevent the password prompt, set users.mutableUsers = false; in + To prevent the password prompt, set = false; in configuration.nix, which allows unattended installation necessary in automation. @@ -285,20 +288,20 @@ Retype new UNIX password: *** If everything went well: - -# reboot + + # reboot You should now be able to boot into the installed NixOS. The - GRUB boot menu shows a list of available - configurations (initially just one). Every time you - change the NixOS configuration (see Changing Configuration ), a - new item is added to the menu. This allows you to easily roll back - to a previous configuration if something goes wrong. + GRUB boot menu shows a list of available + configurations (initially just one). Every time you + change the NixOS configuration (see Changing Configuration ), a + new item is added to the menu. This allows you to easily roll back + to a previous configuration if something goes wrong. You should log in and change the root password with passwd. @@ -372,26 +375,25 @@ drive (here /dev/sda). NixOS Configuration - -{ config, pkgs, ... }: + +{ config, pkgs, ... }: { + imports = [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; -{ - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; - - boot.loader.grub.device = "/dev/sda"; # (for BIOS systems only) - boot.loader.systemd-boot.enable = true; # (for UEFI systems only) + = "/dev/sda"; # (for BIOS systems only) + = true; # (for UEFI systems only) # Note: setting fileSystems is generally not # necessary, since nixos-generate-config figures them out # automatically in hardware-configuration.nix. - #fileSystems."/".device = "/dev/disk/by-label/nixos"; + #fileSystems."/".device = "/dev/disk/by-label/nixos"; # Enable the OpenSSH server. services.sshd.enable = true; -} +} + diff --git a/nixos/doc/manual/installation/upgrading.xml b/nixos/doc/manual/installation/upgrading.xml index aee6523345c4..24881c8fec0f 100644 --- a/nixos/doc/manual/installation/upgrading.xml +++ b/nixos/doc/manual/installation/upgrading.xml @@ -119,7 +119,7 @@ able to go back to your original channel. the following to configuration.nix: -system.autoUpgrade.enable = true; + = true; This enables a periodically executed systemd service named @@ -130,7 +130,7 @@ runs, see systemctl list-timers.) You can also specify a channel explicitly, e.g. -system.autoUpgrade.channel = https://nixos.org/channels/nixos-17.03; + = https://nixos.org/channels/nixos-17.03; diff --git a/nixos/modules/i18n/input-method/default.xml b/nixos/modules/i18n/input-method/default.xml index 45d6daf068b3..76ffa8cb7e37 100644 --- a/nixos/modules/i18n/input-method/default.xml +++ b/nixos/modules/i18n/input-method/default.xml @@ -6,56 +6,56 @@ Input Methods -Input methods are an operating system component that allows any data, such - as keyboard strokes or mouse movements, to be received as input. In this way - users can enter characters and symbols not found on their input devices. Using - an input method is obligatory for any language that has more graphemes than +Input methods are an operating system component that allows any data, such + as keyboard strokes or mouse movements, to be received as input. In this way + users can enter characters and symbols not found on their input devices. Using + an input method is obligatory for any language that has more graphemes than there are keys on the keyboard. The following input methods are available in NixOS: IBus: The intelligent input bus. - Fcitx: A customizable lightweight input + Fcitx: A customizable lightweight input method. Nabi: A Korean input method based on XIM. - Uim: The universal input method, is a library with a XIM + Uim: The universal input method, is a library with a XIM bridge.
IBus -IBus is an Intelligent Input Bus. It provides full featured and user +IBus is an Intelligent Input Bus. It provides full featured and user friendly input method user interface. The following snippet can be used to configure IBus: i18n.inputMethod = { - enabled = "ibus"; - ibus.engines = with pkgs.ibus-engines; [ anthy hangul mozc ]; + enabled = "ibus"; + ibus.engines = with pkgs.ibus-engines; [ anthy hangul mozc ]; }; -i18n.inputMethod.ibus.engines is optional and can be +i18n.inputMethod.ibus.engines is optional and can be used to add extra IBus engines. Available extra IBus engines are: - Anthy (ibus-engines.anthy): Anthy is a - system for Japanese input method. It converts Hiragana text to Kana Kanji + Anthy (ibus-engines.anthy): Anthy is a + system for Japanese input method. It converts Hiragana text to Kana Kanji mixed text. - Hangul (ibus-engines.hangul): Korean input + Hangul (ibus-engines.hangul): Korean input method. - m17n (ibus-engines.m17n): m17n is an input - method that uses input methods and corresponding icons in the m17n + m17n (ibus-engines.m17n): m17n is an input + method that uses input methods and corresponding icons in the m17n database. - mozc (ibus-engines.mozc): A Japanese input + mozc (ibus-engines.mozc): A Japanese input method from Google. - Table (ibus-engines.table): An input method + Table (ibus-engines.table): An input method that load tables of input methods. - table-others (ibus-engines.table-others): + table-others (ibus-engines.table-others): Various table-based input methods. To use this, and any other table-based input methods, it must appear in the list of engines along with table. For example: @@ -72,71 +72,71 @@ ibus.engines = with pkgs.ibus-engines; [ table table-others ];
Fcitx -Fcitx is an input method framework with extension support. It has three - built-in Input Method Engine, Pinyin, QuWei and Table-based input +Fcitx is an input method framework with extension support. It has three + built-in Input Method Engine, Pinyin, QuWei and Table-based input methods. The following snippet can be used to configure Fcitx: i18n.inputMethod = { - enabled = "fcitx"; - fcitx.engines = with pkgs.fcitx-engines; [ mozc hangul m17n ]; + enabled = "fcitx"; + fcitx.engines = with pkgs.fcitx-engines; [ mozc hangul m17n ]; }; -i18n.inputMethod.fcitx.engines is optional and can be +i18n.inputMethod.fcitx.engines is optional and can be used to add extra Fcitx engines. Available extra Fcitx engines are: - Anthy (fcitx-engines.anthy): Anthy is a - system for Japanese input method. It converts Hiragana text to Kana Kanji + Anthy (fcitx-engines.anthy): Anthy is a + system for Japanese input method. It converts Hiragana text to Kana Kanji mixed text. - Chewing (fcitx-engines.chewing): Chewing is - an intelligent Zhuyin input method. It is one of the most popular input + Chewing (fcitx-engines.chewing): Chewing is + an intelligent Zhuyin input method. It is one of the most popular input methods among Traditional Chinese Unix users. - Hangul (fcitx-engines.hangul): Korean input + Hangul (fcitx-engines.hangul): Korean input method. - Unikey (fcitx-engines.unikey): Vietnamese input + Unikey (fcitx-engines.unikey): Vietnamese input method. - m17n (fcitx-engines.m17n): m17n is an input - method that uses input methods and corresponding icons in the m17n + m17n (fcitx-engines.m17n): m17n is an input + method that uses input methods and corresponding icons in the m17n database. - mozc (fcitx-engines.mozc): A Japanese input + mozc (fcitx-engines.mozc): A Japanese input method from Google. - table-others (fcitx-engines.table-others): + table-others (fcitx-engines.table-others): Various table-based input methods.
Nabi -Nabi is an easy to use Korean X input method. It allows you to enter - phonetic Korean characters (hangul) and pictographic Korean characters +Nabi is an easy to use Korean X input method. It allows you to enter + phonetic Korean characters (hangul) and pictographic Korean characters (hanja). The following snippet can be used to configure Nabi: i18n.inputMethod = { - enabled = "nabi"; + enabled = "nabi"; };
Uim -Uim (short for "universal input method") is a multilingual input method +Uim (short for "universal input method") is a multilingual input method framework. Applications can use it through so-called bridges. The following snippet can be used to configure uim: i18n.inputMethod = { - enabled = "uim"; + enabled = "uim"; }; -Note: The i18n.inputMethod.uim.toolbar option can be +Note: The option can be used to choose uim toolbar.
diff --git a/nixos/modules/programs/digitalbitbox/doc.xml b/nixos/modules/programs/digitalbitbox/doc.xml index 7acbc2fc4dde..a26653dda535 100644 --- a/nixos/modules/programs/digitalbitbox/doc.xml +++ b/nixos/modules/programs/digitalbitbox/doc.xml @@ -15,9 +15,9 @@ installed by setting programs.digitalbitbox to true in a manner similar to - - programs.digitalbitbox.enable = true; - + + = true; + and bundles the digitalbitbox package (see ), which contains the @@ -46,11 +46,11 @@ digitalbitbox package which could be installed as follows: - - environment.systemPackages = [ - pkgs.digitalbitbox - ]; - + + = [ + pkgs.digitalbitbox +]; +
@@ -62,9 +62,9 @@ The digitalbitbox hardware package enables the udev rules for Digital Bitbox devices and may be installed as follows: - - hardware.digitalbitbox.enable = true; - + + = true; + @@ -72,14 +72,14 @@ the udevRule51 and udevRule52 attributes by means of overriding as follows: - - programs.digitalbitbox = { - enable = true; - package = pkgs.digitalbitbox.override { - udevRule51 = "something else"; - }; - }; - + +programs.digitalbitbox = { + enable = true; + package = pkgs.digitalbitbox.override { + udevRule51 = "something else"; + }; +}; + diff --git a/nixos/modules/programs/plotinus.xml b/nixos/modules/programs/plotinus.xml index 85b0e023e6c1..91740ee16ec2 100644 --- a/nixos/modules/programs/plotinus.xml +++ b/nixos/modules/programs/plotinus.xml @@ -17,7 +17,7 @@ To enable Plotinus, add the following to your configuration.nix: -programs.plotinus.enable = true; + = true; diff --git a/nixos/modules/security/acme.xml b/nixos/modules/security/acme.xml index 6130ed82ed38..7cdc554989ea 100644 --- a/nixos/modules/security/acme.xml +++ b/nixos/modules/security/acme.xml @@ -48,9 +48,9 @@ http { configuration.nix: -security.acme.certs."foo.example.com" = { - webroot = "/var/www/challenges"; - email = "foo@example.com"; +."foo.example.com" = { + webroot = "/var/www/challenges"; + email = "foo@example.com"; }; @@ -58,17 +58,17 @@ security.acme.certs."foo.example.com" = { The private key key.pem and certificate fullchain.pem will be put into /var/lib/acme/foo.example.com. The target directory can -be configured with the option security.acme.directory. +be configured with the option . Refer to for all available configuration -options for the security.acme module. +options for the security.acme module.
Using ACME certificates in Nginx NixOS supports fetching ACME certificates for you by setting -enableACME = true; in a virtualHost config. We + enableACME = true; in a virtualHost config. We first create self-signed placeholder certificates in place of the real ACME certs. The placeholder certs are overwritten when the ACME certs arrive. For foo.example.com the config would @@ -77,13 +77,13 @@ look like. services.nginx = { - enable = true; - virtualHosts = { + enable = true; + virtualHosts = { "foo.example.com" = { - forceSSL = true; - enableACME = true; + forceSSL = true; + enableACME = true; locations."/" = { - root = "/var/www"; + root = "/var/www"; }; }; }; diff --git a/nixos/modules/security/hidepid.xml b/nixos/modules/security/hidepid.xml index 5715ee7ac165..d69341eb3cde 100644 --- a/nixos/modules/security/hidepid.xml +++ b/nixos/modules/security/hidepid.xml @@ -8,9 +8,9 @@ Setting - - security.hideProcessInformation = true; - + + = true; + ensures that access to process information is restricted to the owning user. This implies, among other things, that command-line arguments remain private. Unless your deployment relies on unprivileged @@ -25,9 +25,9 @@ To allow a service foo to run without process information hiding, set - - systemd.services.foo.serviceConfig.SupplementaryGroups = [ "proc" ]; - + +systemd.services.foo.serviceConfig.SupplementaryGroups = [ "proc" ]; + diff --git a/nixos/modules/services/databases/postgresql.xml b/nixos/modules/services/databases/postgresql.xml index a98026942959..98a631c0cd32 100644 --- a/nixos/modules/services/databases/postgresql.xml +++ b/nixos/modules/services/databases/postgresql.xml @@ -23,15 +23,15 @@ configuration.nix: -services.postgresql.enable = true; -services.postgresql.package = pkgs.postgresql94; + = true; + = pkgs.postgresql94; Note that you are required to specify the desired version of PostgreSQL (e.g. pkgs.postgresql94). Since upgrading your PostgreSQL version requires a database dump and reload (see below), NixOS cannot provide a default value for - such as the most recent + such as the most recent release of PostgreSQL. - If services.emacs.defaultEditor is + If is true, the EDITOR variable will be set to a wrapper script which launches emacsclient. @@ -497,10 +497,10 @@ emacsclient --create-frame --tty # opens a new frame on the current terminal Emacs daemon is not wanted for all users, it is possible to install the service but not globally enable it: - + + = false; + = true; + @@ -582,7 +582,7 @@ services.emacs.install = true; To install the DocBook 5.0 schemas, either add pkgs.docbook5 to - environment.systemPackages ( (NixOS), or run nix-env -i pkgs.docbook5 (Nix). diff --git a/nixos/modules/services/misc/gitlab.xml b/nixos/modules/services/misc/gitlab.xml index 4b00f50abd63..3306ba8e9b11 100644 --- a/nixos/modules/services/misc/gitlab.xml +++ b/nixos/modules/services/misc/gitlab.xml @@ -18,19 +18,18 @@ webserver to proxy HTTP requests to the socket. frontend proxy: - services.nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - virtualHosts."git.example.com" = { - enableACME = true; - forceSSL = true; - locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket"; - }; - }; -''; +services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + virtualHosts."git.example.com" = { + enableACME = true; + forceSSL = true; + locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket"; + }; +}; @@ -49,24 +48,24 @@ all data like the repositories and uploads will be stored. services.gitlab = { - enable = true; - databasePassword = "eXaMpl3"; - initialRootPassword = "UseNixOS!"; - https = true; - host = "git.example.com"; - port = 443; - user = "git"; - group = "git"; + enable = true; + databasePassword = "eXaMpl3"; + initialRootPassword = "UseNixOS!"; + https = true; + host = "git.example.com"; + port = 443; + user = "git"; + group = "git"; smtp = { - enable = true; - address = "localhost"; - port = 25; + enable = true; + address = "localhost"; + port = 25; }; secrets = { - db = "uPgq1gtwwHiatiuE0YHqbGa5lEIXH7fMsvuTNgdzJi8P0Dg12gibTzBQbq5LT7PNzcc3BP9P1snHVnduqtGF43PgrQtU7XL93ts6gqe9CBNhjtaqUwutQUDkygP5NrV6"; - secret = "devzJ0Tz0POiDBlrpWmcsjjrLaltyiAdS8TtgT9YNBOoUcDsfppiY3IXZjMVtKgXrFImIennFGOpPN8IkP8ATXpRgDD5rxVnKuTTwYQaci2NtaV1XxOQGjdIE50VGsR3"; - otp = "e1GATJVuS2sUh7jxiPzZPre4qtzGGaS22FR50Xs1TerRVdgI3CBVUi5XYtQ38W4xFeS4mDqi5cQjExE838iViSzCdcG19XSL6qNsfokQP9JugwiftmhmCadtsnHErBMI"; - jws = '' + db = "uPgq1gtwwHiatiuE0YHqbGa5lEIXH7fMsvuTNgdzJi8P0Dg12gibTzBQbq5LT7PNzcc3BP9P1snHVnduqtGF43PgrQtU7XL93ts6gqe9CBNhjtaqUwutQUDkygP5NrV6"; + secret = "devzJ0Tz0POiDBlrpWmcsjjrLaltyiAdS8TtgT9YNBOoUcDsfppiY3IXZjMVtKgXrFImIennFGOpPN8IkP8ATXpRgDD5rxVnKuTTwYQaci2NtaV1XxOQGjdIE50VGsR3"; + otp = "e1GATJVuS2sUh7jxiPzZPre4qtzGGaS22FR50Xs1TerRVdgI3CBVUi5XYtQ38W4xFeS4mDqi5cQjExE838iViSzCdcG19XSL6qNsfokQP9JugwiftmhmCadtsnHErBMI"; + jws = '' -----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEArrtx4oHKwXoqUbMNqnHgAklnnuDon3XG5LJB35yPsXKv/8GK ke92wkI+s1Xkvsp8tg9BIY/7c6YK4SR07EWL+dB5qwctsWR2Q8z+/BKmTx9D99pm @@ -96,7 +95,7 @@ services.gitlab = { -----END RSA PRIVATE KEY----- ''; }; - extraConfig = { + extraConfig = { gitlab = { email_from = "gitlab-no-reply@example.com"; email_display_name = "Example GitLab"; @@ -116,7 +115,7 @@ secret from config/secrets.yml located in your Gitlab state folder. Refer to for all available configuration -options for the services.gitlab module. +options for the services.gitlab module.
diff --git a/nixos/modules/services/misc/taskserver/doc.xml b/nixos/modules/services/misc/taskserver/doc.xml index 6d4d2a9b488c..75493ac1394f 100644 --- a/nixos/modules/services/misc/taskserver/doc.xml +++ b/nixos/modules/services/misc/taskserver/doc.xml @@ -55,7 +55,7 @@ Because Taskserver by default only provides scripts to setup users imperatively, the nixos-taskserver tool is used for addition and deletion of organisations along with users and groups defined - by and as well for + by and as well for imperative set up. @@ -99,10 +99,10 @@ For example, let's say you have the following configuration: { - services.taskserver.enable = true; - services.taskserver.fqdn = "server"; - services.taskserver.listenHost = "::"; - services.taskserver.organisations.my-company.users = [ "alice" ]; + = true; + = "server"; + = "::"; + services.taskserver.organisations.my-company.users = [ "alice" ]; } This creates an organisation called my-company with the @@ -136,7 +136,7 @@ $ ssh server nixos-taskserver user export my-company alice | sh If you set any options within - , + service.taskserver.pki.manual.*, nixos-taskserver won't issue certificates, but you can still use it for adding or removing user accounts. diff --git a/nixos/modules/services/networking/dnscrypt-proxy.xml b/nixos/modules/services/networking/dnscrypt-proxy.xml index 555c6df4d551..ff1088698589 100644 --- a/nixos/modules/services/networking/dnscrypt-proxy.xml +++ b/nixos/modules/services/networking/dnscrypt-proxy.xml @@ -19,7 +19,7 @@ To enable the client proxy, set - services.dnscrypt-proxy.enable = true; + = true; @@ -38,17 +38,17 @@ DNS client, change the default proxy listening port to a non-standard value and point the other client to it: - services.dnscrypt-proxy.localPort = 43; + = 43; dnsmasq - { - services.dnsmasq.enable = true; - services.dnsmasq.servers = [ "127.0.0.1#43" ]; - } +{ + = true; + = [ "127.0.0.1#43" ]; +} @@ -56,10 +56,10 @@ unbound - { - services.unbound.enable = true; - services.unbound.forwardAddresses = [ "127.0.0.1@43" ]; - } +{ + = true; + = [ "127.0.0.1@43" ]; +}