From e039cb9d97d4a5939b6567c4b683cd8a8aa98777 Mon Sep 17 00:00:00 2001 From: pacien Date: Tue, 8 Nov 2022 17:50:47 +0100 Subject: [PATCH 001/155] nixos/qemu-vm: add option "restrictNetwork" This adds an option to the qemu virtualisation module to isolate the guest's from the host's and outside networks. This is particularly useful for development sandboxes for example. The option is disabled by default to preserve the current behaviour. --- nixos/modules/virtualisation/qemu-vm.nix | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix index edc6dfdc15a..f56cc2cdb8d 100644 --- a/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixos/modules/virtualisation/qemu-vm.nix @@ -528,6 +528,20 @@ in ''; }; + virtualisation.restrictNetwork = + mkOption { + type = types.bool; + default = false; + example = true; + description = + lib.mdDoc '' + If this option is enabled, the guest will be isolated, i.e. it will + not be able to contact the host and no guest IP packets will be + routed over the host to the outside. This option does not affect + any explicitly set forwarding rules. + ''; + }; + virtualisation.vlans = mkOption { type = types.listOf types.ints.unsigned; @@ -934,10 +948,11 @@ in else "'guestfwd=${proto}:${guest.address}:${toString guest.port}-" + "cmd:${pkgs.netcat}/bin/nc ${host.address} ${toString host.port}'," ); + restrictNetworkOption = lib.optionalString cfg.restrictNetwork "restrict=on,"; in [ "-net nic,netdev=user.0,model=virtio" - "-netdev user,id=user.0,${forwardingOptions}\"$QEMU_NET_OPTS\"" + "-netdev user,id=user.0,${forwardingOptions}${restrictNetworkOption}\"$QEMU_NET_OPTS\"" ]; # FIXME: Consolidate this one day. From 9301018d90943b049e3bc592a20709a2ae544ca5 Mon Sep 17 00:00:00 2001 From: Ryan Trinkle Date: Tue, 15 Nov 2022 09:13:24 -0400 Subject: [PATCH 002/155] octavePackages.image: 2.12.0 -> 2.14.0 --- pkgs/development/octave-modules/image/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/octave-modules/image/default.nix b/pkgs/development/octave-modules/image/default.nix index 8bff55fadc6..78fcedfbd36 100644 --- a/pkgs/development/octave-modules/image/default.nix +++ b/pkgs/development/octave-modules/image/default.nix @@ -5,11 +5,11 @@ buildOctavePackage rec { pname = "image"; - version = "2.12.0"; + version = "2.14.0"; src = fetchurl { url = "mirror://sourceforge/octave/${pname}-${version}.tar.gz"; - sha256 = "1d3kqhbkq9acc29k42fcilfmykk9a0r321mvk46l5iibc7nqrmg7"; + sha256 = "sha256-dRXqIRqMuO9dnTurhaNunfVHXosFqRmgeODVJ0YHcTM="; }; meta = with lib; { From bea06ddf3546721446744b732265c4683b8533b9 Mon Sep 17 00:00:00 2001 From: colin Date: Thu, 15 Dec 2022 13:51:48 +0000 Subject: [PATCH 003/155] kiwix: 2.2.1 -> 2.3.1 changelog: - 2.3.1 - Fix the AppImage packaging. Now published AppImages work correctly on recent distrubution (mgautierfr 905) - Improve zim file picker (kelson42 886) - Do not show ServiceWorker zim file from the remote catalog (kelson42 887) - 2.3.0 - Fix downloading of file bigger than 4G (Juzz0 855) - Hide top widget and topbar in fullscreen (Juzz0 859) - Add shortcuts for navigating tabs (Ctrl-tab, Ctrl-shift-tab) (Juzz0 867) - Do not use deprecated method QWebEngineDownloadItem::setPath (Juzz0 853) - Fix compilation with last version of libkiwix (mgautierfr 858) - Fix README.md (psypherium 860) - Update translations. - 2.2.2 - Remove usage of deprecated libkiwix function (Juzz0 mgautiefr 831) - Adapt kiwix-desktop to last libkiwix api (mgautierfr 842, veloman-yunkan 844) - Do not search (and crash) on a zim file without fulltext index (mgautierfr 830) - Update translations. - [Flathub] Update link to screenshot libkiwix changelog: libkiwix now requires libzim to be compiled with xapian support. kiwix-desktop fails to link of xapian isn't also found there, so i made this part of `propagatedBuildInputs`. `xz` also needed to be propagated, otherwise libkiwix would fail with ``` > meson.build:38:0: ERROR: Could not generate cargs for libzim: > Package liblzma was not found in the pkg-config search path. ``` additionally, upstream renamed the repo to `libkiwix`. the old `kiwix-lib` repo redirects to `libkiwix`, so i updated pname to reflect this. --- pkgs/applications/misc/kiwix/default.nix | 4 ++-- pkgs/applications/misc/kiwix/lib.nix | 10 +++++----- pkgs/development/libraries/libzim/default.nix | 14 ++++++++++++-- 3 files changed, 19 insertions(+), 9 deletions(-) diff --git a/pkgs/applications/misc/kiwix/default.nix b/pkgs/applications/misc/kiwix/default.nix index 7f13494f65f..3263f0f992d 100644 --- a/pkgs/applications/misc/kiwix/default.nix +++ b/pkgs/applications/misc/kiwix/default.nix @@ -11,13 +11,13 @@ mkDerivation rec { pname = "kiwix"; - version = "2.2.1"; + version = "2.3.1"; src = fetchFromGitHub { owner = pname; repo = "${pname}-desktop"; rev = version; - sha256 = "sha256-ks2d/guMp5pb2tiwGxNp3htQVm65MsYvZ/6tNjGXNr8="; + sha256 = "sha256-ghx4pW6IkWPzZXk0TtMGeQZIzm9HEN3mR4XQFJ1xHDo="; }; nativeBuildInputs = [ diff --git a/pkgs/applications/misc/kiwix/lib.nix b/pkgs/applications/misc/kiwix/lib.nix index 37f8203e047..4e3ff063aa5 100644 --- a/pkgs/applications/misc/kiwix/lib.nix +++ b/pkgs/applications/misc/kiwix/lib.nix @@ -3,8 +3,8 @@ , python3 , curl , icu +, libzim , pugixml -, zimlib , zlib , libmicrohttpd , mustache-hpp @@ -12,14 +12,14 @@ }: stdenv.mkDerivation rec { - pname = "kiwix-lib"; - version = "10.1.1"; + pname = "libkiwix"; + version = "12.0.0"; src = fetchFromGitHub { owner = "kiwix"; repo = pname; rev = version; - sha256 = "sha256-ECvdraN1J5XJQLeZDngxO5I7frwZ8+W8tFpbB7o8UeM="; + sha256 = "sha256-4FxLxJxVhqbeNqX4vorHkROUuRURvE6AXlteIZCEBtc="; }; nativeBuildInputs = [ @@ -38,8 +38,8 @@ stdenv.mkDerivation rec { propagatedBuildInputs = [ curl libmicrohttpd + libzim pugixml - zimlib ]; checkInputs = [ diff --git a/pkgs/development/libraries/libzim/default.nix b/pkgs/development/libraries/libzim/default.nix index 23c3e902608..1787af0a401 100644 --- a/pkgs/development/libraries/libzim/default.nix +++ b/pkgs/development/libraries/libzim/default.nix @@ -5,6 +5,8 @@ , meson , ninja , pkg-config +, python3 +, xapian , xz , zstd }: @@ -24,19 +26,27 @@ stdenv.mkDerivation rec { ninja meson pkg-config + python3 ]; buildInputs = [ icu - xz zstd ]; + propagatedBuildInputs = [ + xapian + xz + ]; + + postPatch = '' + patchShebangs scripts + ''; + mesonFlags = [ # Tests are located at https://github.com/openzim/zim-testing-suite # "...some tests need up to 16GB of memory..." "-Dtest_data_dir=none" - "-Dwith_xapian=false" ]; meta = with lib; { From 2936241324cedfd599cee314f83e8e8849f4e17f Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Sat, 17 Dec 2022 19:47:30 +0000 Subject: [PATCH 004/155] mssql_jdbc: 7.2.2 -> 11.2.2 --- pkgs/servers/sql/mssql/jdbc/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/sql/mssql/jdbc/default.nix b/pkgs/servers/sql/mssql/jdbc/default.nix index dc668737958..758794ba876 100644 --- a/pkgs/servers/sql/mssql/jdbc/default.nix +++ b/pkgs/servers/sql/mssql/jdbc/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "mssql-jdbc"; - version = "7.2.2"; + version = "11.2.2"; src = fetchurl { url = "https://github.com/Microsoft/mssql-jdbc/releases/download/v${version}/mssql-jdbc-${version}.jre8.jar"; - sha256 = "09psxjy1v3khq8lcq6h9mbgyijsgawf0z2qryk1l91ypnwl8s3pg"; + sha256 = "sha256-MLB2R5ATVBewGaCle8NYPR1mZt2U3CCvEwf2dkBfNTI="; }; dontUnpack = true; From 1e8999d1ff29ca2c1bcbf25fd975df936b60491a Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Sun, 25 Dec 2022 15:16:37 +0000 Subject: [PATCH 005/155] zam-plugins: 3.14 -> 4.1 --- pkgs/applications/audio/zam-plugins/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/audio/zam-plugins/default.nix b/pkgs/applications/audio/zam-plugins/default.nix index a07bfa60b05..a9d041cfa42 100644 --- a/pkgs/applications/audio/zam-plugins/default.nix +++ b/pkgs/applications/audio/zam-plugins/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "zam-plugins"; - version = "3.14"; + version = "4.1"; src = fetchFromGitHub { owner = "zamaudio"; repo = pname; rev = version; - sha256 = "sha256-zlANfFuEXQdXlSu4CuXNyChiuV7wkumaOJqgthl6Y9Q="; + sha256 = "sha256-NKa6lOP3fpAFMYwzZAMFgW0tBSM/F89oB/nDbEUeflw="; fetchSubmodules = true; }; From 689aaa51d4151ab75b632cdf7633a0e10771a161 Mon Sep 17 00:00:00 2001 From: "dylhack.dev" Date: Fri, 30 Dec 2022 17:24:40 -0600 Subject: [PATCH 006/155] Add wrapGAppsHook to build inputs --- pkgs/tools/misc/qflipper/default.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkgs/tools/misc/qflipper/default.nix b/pkgs/tools/misc/qflipper/default.nix index 558e40788e0..3cd37747c9b 100644 --- a/pkgs/tools/misc/qflipper/default.nix +++ b/pkgs/tools/misc/qflipper/default.nix @@ -6,6 +6,7 @@ , libusb1 , libGL , qmake +, wrapGAppsHook , wrapQtAppsHook , mkDerivation @@ -44,6 +45,7 @@ mkDerivation { pkg-config qmake qttools + wrapGAppsHook wrapQtAppsHook ]; @@ -69,6 +71,8 @@ mkDerivation { "CONFIG+=qtquickcompiler" ]; + dontWrapGApps = true; + postPatch = '' substituteInPlace qflipper_common.pri \ --replace 'GIT_VERSION = unknown' 'GIT_VERSION = "${version}"' \ @@ -98,5 +102,4 @@ mkDerivation { maintainers = with maintainers; [ cab404 ]; platforms = [ "x86_64-linux" "x86_64-darwin" "aarch64-linux" ]; # qtbase doesn't build yet on aarch64-darwin }; - } From 049e3877c6e290b06660148e8cfc91dc0ef2f6fa Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Sat, 31 Dec 2022 07:41:07 +0000 Subject: [PATCH 007/155] wolf-shaper: 0.1.8 -> 1.0.0 --- pkgs/applications/audio/wolf-shaper/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/audio/wolf-shaper/default.nix b/pkgs/applications/audio/wolf-shaper/default.nix index b61ea3fc4d4..ae96ea63cb0 100644 --- a/pkgs/applications/audio/wolf-shaper/default.nix +++ b/pkgs/applications/audio/wolf-shaper/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "wolf-shaper"; - version = "0.1.8"; + version = "1.0.0"; src = fetchFromGitHub { owner = "pdesaulniers"; repo = "wolf-shaper"; rev = "v${version}"; - sha256 = "1j9xmh1nkf45ay1c5dz2g165qvrwlanzcq6mvb3nfxar265drd9q"; + sha256 = "sha256-BREv0nQVysWdx/sVd0cdFji49xtLmHEL8b2jLtgjDfI="; fetchSubmodules = true; }; From 5afd4f691d29e3ab918cca9a5d7fe69f51937a87 Mon Sep 17 00:00:00 2001 From: Aaron Jheng Date: Tue, 3 Jan 2023 03:25:46 +0000 Subject: [PATCH 008/155] go-bindata-assetfs: 20160814-e1a2a7e -> unstable-2022-04-12 --- .../tools/go-bindata-assetfs/default.nix | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/pkgs/development/tools/go-bindata-assetfs/default.nix b/pkgs/development/tools/go-bindata-assetfs/default.nix index 5131436e024..ea6ba727d73 100644 --- a/pkgs/development/tools/go-bindata-assetfs/default.nix +++ b/pkgs/development/tools/go-bindata-assetfs/default.nix @@ -1,18 +1,20 @@ -{ lib, buildGoPackage, fetchFromGitHub }: +{ lib, buildGoModule, fetchFromGitHub }: -buildGoPackage rec { +buildGoModule rec { pname = "go-bindata-assetfs"; - version = "20160814-${rev}"; - rev = "e1a2a7e"; - goPackagePath = "github.com/elazarl/go-bindata-assetfs"; + version = "unstable-2022-04-12"; src = fetchFromGitHub { - inherit rev; owner = "elazarl"; repo = "go-bindata-assetfs"; - sha256 = "0b6q8h9fwpgpkvml1j87wq9174g7px1dmskhm884drpvswda2djk"; + rev = "de3be3ce9537d87338bf26ac211d02d4fa568bb8"; + hash = "sha256-yQgIaTl06nmIu8BfmQzrvEnlPQ2GQ/2nnvTmYXCL1oI="; }; + vendorHash = "sha256-pQpattmS9VmO3ZIQUFn66az8GSmB4IvYhTTCFn6SUmo="; + + ldflags = [ "-s" "-w" ]; + meta = with lib; { description = "Serve embedded files from jteeuwen/go-bindata"; license = licenses.bsd2; From 4434e57cf7c64b25bba9e03b32c818d704d1b389 Mon Sep 17 00:00:00 2001 From: Aaron Jheng Date: Tue, 3 Jan 2023 03:31:34 +0000 Subject: [PATCH 009/155] go-bindata: Use buildGoModule --- pkgs/development/tools/go-bindata/default.nix | 20 ++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/pkgs/development/tools/go-bindata/default.nix b/pkgs/development/tools/go-bindata/default.nix index 2f40aed044b..11f42d81a3e 100644 --- a/pkgs/development/tools/go-bindata/default.nix +++ b/pkgs/development/tools/go-bindata/default.nix @@ -1,20 +1,30 @@ -{ lib, buildGoPackage, fetchFromGitHub }: +{ lib, buildGoModule, fetchFromGitHub, fetchpatch }: -buildGoPackage rec { +buildGoModule rec { pname = "go-bindata"; version = "3.24.0"; - goPackagePath = "github.com/kevinburke/go-bindata"; - src = fetchFromGitHub { owner = "kevinburke"; repo = pname; rev = "v${version}"; - sha256 = "sha256-dEfD5oV2nXLVg+a7PlB6LqhEBosG7eTptqKKDWcQAss="; + hash = "sha256-dEfD5oV2nXLVg+a7PlB6LqhEBosG7eTptqKKDWcQAss="; }; + vendorHash = "sha256-pQpattmS9VmO3ZIQUFn66az8GSmB4IvYhTTCFn6SUmo="; + + patches = [ + # Add go modules support + (fetchpatch { + url = "https://github.com/kevinburke/go-bindata/commit/b5c6f880d411b9c24a8ae1c8b608ab80cb9aacb4.patch"; + hash = "sha256-dzzp5p+jdg09oo6jeSlms+MMMDWUXpsescj132MT6D8="; + }) + ]; + subPackages = [ "go-bindata" ]; + ldflags = [ "-s" "-w" ]; + meta = with lib; { homepage = "https://github.com/kevinburke/go-bindata"; changelog = "https://github.com/kevinburke/go-bindata/blob/v${version}/CHANGELOG.md"; From 006a1d0a45d45273588bf85ef127e1140d506ac5 Mon Sep 17 00:00:00 2001 From: Boey Maun Suang Date: Fri, 30 Dec 2022 00:57:41 +1100 Subject: [PATCH 010/155] gnatboot: Add x86_64-darwin packages --- .../compilers/gnatboot/default.nix | 104 +++++++++++++++--- 1 file changed, 91 insertions(+), 13 deletions(-) diff --git a/pkgs/development/compilers/gnatboot/default.nix b/pkgs/development/compilers/gnatboot/default.nix index 65f6269e2f0..7ef2ce03df9 100644 --- a/pkgs/development/compilers/gnatboot/default.nix +++ b/pkgs/development/compilers/gnatboot/default.nix @@ -4,34 +4,53 @@ }: let - versionMap = { + throwUnsupportedSystem = throw "Unsupported system: ${stdenv.hostPlatform.system}"; + + versionMap = rec { "11" = { - version = "11.2.0-4"; - hash = "sha256-8fMBJp6igH+Md5jE4LMubDmC4GLt4A+bZG/Xcz2LAJQ="; - }; + gccVersion = "11.2.0"; + alireRevision = "4"; + } // { + x86_64-darwin = { + hash = "sha256-FmBgD20PPQlX/ddhJliCTb/PRmKxe9z7TFPa2/SK4GY="; + upstreamTriplet = "x86_64-apple-darwin19.6.0"; + }; + x86_64-linux = { + hash = "sha256-8fMBJp6igH+Md5jE4LMubDmC4GLt4A+bZG/Xcz2LAJQ="; + upstreamTriplet = "x86_64-pc-linux-gnu"; + }; + }.${stdenv.hostPlatform.system} or throwUnsupportedSystem; "12" = { - version = "12.1.0-2"; - hash = "sha256-EPDPOOjWJnJsUM7GGxj20/PXumjfLoMIEFX1EDtvWVY="; - }; + gccVersion = "12.1.0"; + alireRevision = "2"; + } // { + x86_64-darwin = { + hash = "sha256-zrcVFvFZMlGUtkG0p1wST6kGInRI64Icdsvkcf25yVs="; + upstreamTriplet = "x86_64-apple-darwin19.6.0"; + }; + x86_64-linux = { + hash = "sha256-EPDPOOjWJnJsUM7GGxj20/PXumjfLoMIEFX1EDtvWVY="; + upstreamTriplet = "x86_64-pc-linux-gnu"; + }; + }.${stdenv.hostPlatform.system} or throwUnsupportedSystem; }; in with versionMap.${majorVersion}; stdenv.mkDerivation rec { pname = "gnatboot"; - inherit version; + inherit gccVersion alireRevision; + + version = "${gccVersion}-${alireRevision}"; src = fetchzip { - url = "https://github.com/alire-project/GNAT-FSF-builds/releases/download/gnat-${version}/gnat-x86_64-linux-${version}.tar.gz"; + url = "https://github.com/alire-project/GNAT-FSF-builds/releases/download/gnat-${version}/gnat-${stdenv.hostPlatform.system}-${version}.tar.gz"; inherit hash; }; nativeBuildInputs = [ - autoPatchelfHook dejagnu - elfutils expat - glibc gmp guile libipt @@ -42,11 +61,69 @@ stdenv.mkDerivation rec { sourceHighlight xz zlib + ] ++ lib.optional stdenv.buildPlatform.isLinux [ + autoPatchelfHook + elfutils + glibc ]; + postPatch = lib.optionalString (stdenv.hostPlatform.isDarwin) '' + substituteInPlace lib/gcc/${upstreamTriplet}/${gccVersion}/install-tools/mkheaders.conf \ + --replace "SYSTEM_HEADER_DIR=\"/usr/include\"" "SYSTEM_HEADER_DIR=\"/include\"" + '' + # The included fixincl binary that is called during header fixup has a + # hardcoded execvp("/usr/bin/sed", ...) call, but /usr/bin/sed isn't + # available in the Nix Darwin stdenv. Fortunately, execvp() will search the + # PATH environment variable for the executable if its first argument does not + # contain a slash, so we can just change the string to "sed" and zero the + # other bytes. + + '' + sed -i "s,/usr/bin/sed,sed\x00\x00\x00\x00\x00\x00\x00\x00\x00," libexec/gcc/${upstreamTriplet}/${gccVersion}/install-tools/fixincl + ''; + installPhase = '' mkdir -p $out cp -ar * $out/ + '' + + # So far with the Darwin gnatboot binary packages, there have been two + # types of dylib path references to other dylibs that need fixups: + # + # 1. Dylibs in $out/lib with paths starting with + # /Users/runner/.../gcc/install that refer to other dylibs in $out/lib + # 2. Dylibs in $out/lib/gcc/*/*/adalib with paths starting with + # @rpath that refer to other dylibs in $out/lib/gcc/*/*/adalib + # + # Additionally, per Section 14.4 Fixed Headers in the GCC 12.2.0 manual [2], + # we have to update the fixed header files in current Alire GCC package, since it + # was built against macOS 10.15 (Darwin 19.6.0), but Nix currently + # builds against macOS 10.12, and the two header file structures differ. + # For example, the current Alire GCC package has a fixed + # from macOS 10.15 that contains a #include <_stdio.h>, but neither the Alire + # GCC package nor macOS 10.12 have such a header ( and + # in 10.12 are not equivalent; indeed, 10.15 <_stdio.h> + # says it contains code shared by and ). + # + # [2]: https://gcc.gnu.org/onlinedocs/gcc-12.2.0/gcc/Fixed-Headers.html + + + lib.optionalString (stdenv.hostPlatform.isDarwin) '' + upstreamBuildPrefix="/Users/runner/work/GNAT-FSF-builds/GNAT-FSF-builds/sbx/x86_64-darwin/gcc/install" + for i in "$out"/lib/*.dylib "$out"/lib/gcc/*/*/adalib/*.dylib; do + if [[ -f "$i" && ! -h "$i" ]]; then + install_name_tool -id "$i" "$i" || true + for old_path in $(otool -L "$i" | grep "$upstreamBuildPrefix" | awk '{print $1}'); do + new_path=`echo "$old_path" | sed "s,$upstreamBuildPrefix,$out,"` + install_name_tool -change "$old_path" "$new_path" "$i" || true + done + for old_path in $(otool -L "$i" | grep "@rpath" | awk '{print $1}'); do + new_path=$(echo "$old_path" | sed "s,@rpath,$(dirname "$i"),") + install_name_tool -change "$old_path" "$new_path" "$i" || true + done + fi + done + + "$out"/libexec/gcc/${upstreamTriplet}/${gccVersion}/install-tools/mkheaders -v -v \ + "$out" "${stdenv.cc.libc}" ''; passthru = { @@ -54,6 +131,7 @@ stdenv.mkDerivation rec { langCC = false; langFortran = false; langAda = true; + isGNU = true; }; meta = with lib; { @@ -61,6 +139,6 @@ stdenv.mkDerivation rec { homepage = "https://www.gnu.org/software/gnat"; license = licenses.gpl3; maintainers = with maintainers; [ ethindp ]; - platforms = [ "x86_64-linux" ]; + platforms = [ "x86_64-linux" "x86_64-darwin" ]; }; } From 82b88d2db629a06443a6d7befb8518dbb785d183 Mon Sep 17 00:00:00 2001 From: Boey Maun Suang Date: Mon, 26 Dec 2022 23:16:17 +1100 Subject: [PATCH 011/155] bintoolsDualAs: Add package For reasons explained in the commit contents, in order to build the native gnat package for x86_64-darwin, the native gnatboot package for x86_64-darwin must have access to both the Clang integrated assembler and the cctools GNU assembler for that platform. This commit creates a package with both of those assemblers that x86_64-darwin gnatboot can then be wrapped with. --- .../bintools-wrapper/default.nix | 13 ++++++++ pkgs/os-specific/darwin/binutils/default.nix | 30 +++++++++++++++++-- pkgs/top-level/all-packages.nix | 5 ++++ pkgs/top-level/darwin-packages.nix | 14 +++++++++ 4 files changed, 59 insertions(+), 3 deletions(-) diff --git a/pkgs/build-support/bintools-wrapper/default.nix b/pkgs/build-support/bintools-wrapper/default.nix index 121b50fe0f5..bc7c8fbd46a 100644 --- a/pkgs/build-support/bintools-wrapper/default.nix +++ b/pkgs/build-support/bintools-wrapper/default.nix @@ -28,6 +28,7 @@ , buildPackages ? {} , targetPackages ? {} , useMacosReexportHack ? false +, wrapGas ? false # Darwin code signing support utilities , postLinkSignHook ? null, signingUtils ? null @@ -165,6 +166,18 @@ stdenv.mkDerivation { wrap ld-solaris ${./ld-solaris-wrapper.sh} '') + # If we are asked to wrap `gas` and this bintools has it, + # then symlink it (`as` will be symlinked next). + # This is mainly for the wrapped gnatboot on x86-64 Darwin, + # as it must have both the GNU assembler from cctools (installed as `gas`) + # and the Clang integrated assembler (installed as `as`). + # See pkgs/os-specific/darwin/binutils/default.nix for details. + + lib.optionalString wrapGas '' + if [ -e $ldPath/${targetPrefix}gas ]; then + ln -s $ldPath/${targetPrefix}gas $out/bin/${targetPrefix}gas + fi + '' + # Create symlinks for rest of the binaries. + '' for binary in objdump objcopy size strings as ar nm gprof dwp c++filt addr2line \ diff --git a/pkgs/os-specific/darwin/binutils/default.nix b/pkgs/os-specific/darwin/binutils/default.nix index c5bc50cafd7..3b1a2636873 100644 --- a/pkgs/os-specific/darwin/binutils/default.nix +++ b/pkgs/os-specific/darwin/binutils/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, makeWrapper, binutils-unwrapped, cctools, llvm, clang-unwrapped }: +{ lib, stdenv, makeWrapper, binutils-unwrapped, cctools, llvm, clang-unwrapped, dualAs ? false }: # Make sure both underlying packages claim to have prepended their binaries # with the same targetPrefix. @@ -15,7 +15,7 @@ in # TODO: loop over targetPrefixed binaries too stdenv.mkDerivation { - pname = "${targetPrefix}cctools-binutils-darwin"; + pname = "${targetPrefix}cctools-binutils-darwin" + lib.optionalString dualAs "-dualas"; inherit (cctools) version; outputs = [ "out" "man" ]; buildCommand = '' @@ -59,9 +59,33 @@ stdenv.mkDerivation { rm $out/bin/${targetPrefix}as makeWrapper "${clang-unwrapped}/bin/clang" "$out/bin/${targetPrefix}as" \ --add-flags "-x assembler -integrated-as -c" + '' + # x86-64 Darwin gnatboot emits assembly + # with MOVQ as the mnemonic for quadword interunit moves + # such as `movq %rbp, %xmm0`. + # The clang integrated assembler recognises this as valid, + # but unfortunately the cctools-port GNU assembler does not; + # it instead uses MOVD as the mnemonic. + # The assembly that a GCC build emits is determined at build time + # and cannot be changed afterwards. + # + # To build GNAT on x86-64 Darwin, therefore, + # we need both the clang _and_ the cctools-port assemblers to be available: + # the former to build at least the stage1 compiler, + # and the latter at least to be detectable + # as the target for the final compiler. + # + # We choose to match the Aarch64 case above, + # wrapping the clang integrated assembler as `as`. + # It then seems sensible to wrap the cctools GNU assembler as `gas`. + # + + lib.optionalString (stdenv.isx86_64 && dualAs) '' + mv $out/bin/${targetPrefix}as $out/bin/${targetPrefix}gas + makeWrapper "${clang-unwrapped}/bin/clang" "$out/bin/${targetPrefix}as" \ + --add-flags "-x assembler -integrated-as -c" ''; - nativeBuildInputs = lib.optionals stdenv.isAarch64 [ makeWrapper ]; + nativeBuildInputs = lib.optionals (stdenv.isAarch64 || dualAs) [ makeWrapper ]; passthru = { inherit targetPrefix; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 44e4475033d..0a3066f5a4d 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -16919,6 +16919,11 @@ with pkgs; bintools = bintools-unwrapped; }; + bintoolsDualAs = wrapBintoolsWith { + bintools = darwin.binutilsDualAs-unwrapped; + wrapGas = true; + }; + bison = callPackage ../development/tools/parsing/bison { }; bisoncpp = callPackage ../development/tools/parsing/bisonc++ { }; diff --git a/pkgs/top-level/darwin-packages.nix b/pkgs/top-level/darwin-packages.nix index c270dd2220d..1026733e5d3 100644 --- a/pkgs/top-level/darwin-packages.nix +++ b/pkgs/top-level/darwin-packages.nix @@ -89,6 +89,20 @@ impure-cmds // appleSourcePackages // chooseLibs // { bintools = self.binutils-unwrapped; }; + binutilsDualAs-unwrapped = callPackage ../os-specific/darwin/binutils { + inherit (pkgs) binutils-unwrapped; + inherit (pkgs.llvmPackages) llvm clang-unwrapped; + dualAs = true; + }; + + binutilsDualAs = pkgs.wrapBintoolsWith { + libc = + if stdenv.targetPlatform != stdenv.hostPlatform + then pkgs.libcCross + else pkgs.stdenv.cc.libc; + bintools = self.binutilsDualAs-unwrapped; + }; + binutilsNoLibc = pkgs.wrapBintoolsWith { libc = preLibcCrossHeaders; bintools = self.binutils-unwrapped; From f061f3ead59edc78259f537669afb15ac268e055 Mon Sep 17 00:00:00 2001 From: Boey Maun Suang Date: Sun, 1 Jan 2023 10:23:57 +1100 Subject: [PATCH 012/155] gnatboot12: Use bintoolsDualAs on x86_64-darwin As documented in pkgs/os-specific/darwin/binutils/default.nix, the Clang integrated assembler is needed in addition to the cctools-port assembler usually used on x86_64-darwin in order to build gnat12 with the x86_64-darwin gnatboot12 bootstrap compiler. This commit alters the gnatboot12 wrapper on x86_64-darwin so that both of those assemblers are available as required. --- pkgs/top-level/all-packages.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 0a3066f5a4d..32bf99f1c44 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -14495,7 +14495,11 @@ with pkgs; gnatboot = gnatboot12; gnatboot11 = wrapCC (callPackage ../development/compilers/gnatboot { majorVersion = "11"; }); - gnatboot12 = wrapCC (callPackage ../development/compilers/gnatboot { majorVersion = "12"; }); + gnatboot12 = wrapCCWith ({ + cc = callPackage ../development/compilers/gnatboot { majorVersion = "12"; }; + } // lib.optionalAttrs (stdenv.hostPlatform.isDarwin) { + bintools = bintoolsDualAs; + }); gnu-smalltalk = callPackage ../development/compilers/gnu-smalltalk { }; From c1308ac58cb1bccf29e6729b6b0da0254710bf70 Mon Sep 17 00:00:00 2001 From: Boey Maun Suang Date: Fri, 6 Jan 2023 13:29:46 +1100 Subject: [PATCH 013/155] cc-wrapper: Fix gnatmake wrapper Switches that gnatmake needs to pass to gcc must be given as "-cargs " after at least the files to compile (see the gnatmake docs for all the subtleties). This commit makes that happen, in a way that triggers rebuilds only for things that actually depend on GNAT, and not the other compilers contained in GCC. --- .../cc-wrapper/add-gnat-extra-flags.sh | 23 +++++++++++++++++++ pkgs/build-support/cc-wrapper/default.nix | 4 ++++ pkgs/build-support/cc-wrapper/gnat-wrapper.sh | 5 +++- 3 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 pkgs/build-support/cc-wrapper/add-gnat-extra-flags.sh diff --git a/pkgs/build-support/cc-wrapper/add-gnat-extra-flags.sh b/pkgs/build-support/cc-wrapper/add-gnat-extra-flags.sh new file mode 100644 index 00000000000..ceff1e4a4c4 --- /dev/null +++ b/pkgs/build-support/cc-wrapper/add-gnat-extra-flags.sh @@ -0,0 +1,23 @@ +# See add-flags.sh in cc-wrapper for comments. +var_templates_list=( + NIX_GNATMAKE_CARGS +) + +accumulateRoles + +for var in "${var_templates_list[@]}"; do + mangleVarList "$var" ${role_suffixes[@]+"${role_suffixes[@]}"} +done + +# `-B@out@/bin' forces cc to use wrapped as instead of the system one. +NIX_GNATMAKE_CARGS_@suffixSalt@="$NIX_GNATMAKE_CARGS_@suffixSalt@ -B@out@/bin/" + +# Only add darwin min version flag if a default darwin min version is set, +# which is a signal that we're targetting darwin. +if [ "@darwinMinVersion@" ]; then + mangleVarSingle @darwinMinVersionVariable@ ${role_suffixes[@]+"${role_suffixes[@]}"} + + NIX_GNATMAKE_CARGS_@suffixSalt@="-m@darwinPlatformForCC@-version-min=${@darwinMinVersionVariable@_@suffixSalt@:-@darwinMinVersion@} $NIX_GNATMAKE_CARGS_@suffixSalt@" +fi + +export NIX_GNAT_WRAPPER_EXTRA_FLAGS_SET_@suffixSalt@=1 diff --git a/pkgs/build-support/cc-wrapper/default.nix b/pkgs/build-support/cc-wrapper/default.nix index a59505d0825..7473b866d64 100644 --- a/pkgs/build-support/cc-wrapper/default.nix +++ b/pkgs/build-support/cc-wrapper/default.nix @@ -519,6 +519,10 @@ stdenv.mkDerivation { substituteAll ${../wrapper-common/utils.bash} $out/nix-support/utils.bash '' + + optionalString cc.langAda or false '' + substituteAll ${./add-gnat-extra-flags.sh} $out/nix-support/add-gnat-extra-flags.sh + '' + ## ## General Clang support ## Needs to go after ^ because the for loop eats \n and makes this file an invalid script diff --git a/pkgs/build-support/cc-wrapper/gnat-wrapper.sh b/pkgs/build-support/cc-wrapper/gnat-wrapper.sh index 5714b228c59..1d0a97c7604 100644 --- a/pkgs/build-support/cc-wrapper/gnat-wrapper.sh +++ b/pkgs/build-support/cc-wrapper/gnat-wrapper.sh @@ -29,6 +29,9 @@ if [ -z "${NIX_CC_WRAPPER_FLAGS_SET_@suffixSalt@:-}" ]; then source @out@/nix-support/add-flags.sh fi +if [ -z "${NIX_GNAT_WRAPPER_EXTRA_FLAGS_SET_@suffixSalt@:-}" ]; then + source @out@/nix-support/add-gnat-extra-flags.sh +fi # Parse command line options and set several variables. # For instance, figure out if linker flags should be passed. @@ -126,7 +129,7 @@ fi if [ "$(basename $0)x" = "gnatmakex" ]; then extraBefore=("--GNATBIND=@out@/bin/gnatbind" "--GNATLINK=@out@/bin/gnatlink") - extraAfter=($NIX_GNATFLAGS_COMPILE_@suffixSalt@) + extraAfter=($NIX_GNATFLAGS_COMPILE_@suffixSalt@ -cargs $NIX_GNATMAKE_CARGS_@suffixSalt@) fi if [ "$(basename $0)x" = "gnatbindx" ]; then From 3d64e7edbb8c541d03f1f8c86bc7e19f6298aa23 Mon Sep 17 00:00:00 2001 From: Boey Maun Suang Date: Fri, 6 Jan 2023 16:24:50 +1100 Subject: [PATCH 014/155] gnat12: Add support for x86_64-darwin --- pkgs/development/compilers/gcc/10/default.nix | 2 +- pkgs/development/compilers/gcc/11/default.nix | 2 +- pkgs/development/compilers/gcc/12/default.nix | 5 ++- .../development/compilers/gcc/4.8/default.nix | 2 +- .../development/compilers/gcc/4.9/default.nix | 2 +- pkgs/development/compilers/gcc/6/default.nix | 2 +- pkgs/development/compilers/gcc/7/default.nix | 2 +- pkgs/development/compilers/gcc/8/default.nix | 2 +- pkgs/development/compilers/gcc/9/default.nix | 2 +- .../ada-cctools-as-detection-configure.patch | 33 +++++++++++++++++++ .../compilers/gcc/common/pre-configure.nix | 27 ++++++++++++++- pkgs/top-level/all-packages.nix | 7 ++++ 12 files changed, 78 insertions(+), 10 deletions(-) create mode 100644 pkgs/development/compilers/gcc/ada-cctools-as-detection-configure.patch diff --git a/pkgs/development/compilers/gcc/10/default.nix b/pkgs/development/compilers/gcc/10/default.nix index e4cebab266e..b2c2ac9875a 100644 --- a/pkgs/development/compilers/gcc/10/default.nix +++ b/pkgs/development/compilers/gcc/10/default.nix @@ -185,7 +185,7 @@ stdenv.mkDerivation ({ preConfigure = (import ../common/pre-configure.nix { inherit lib; - inherit version targetPlatform hostPlatform gnatboot langAda langGo langJit crossStageStatic enableMultilib; + inherit version targetPlatform hostPlatform buildPlatform gnatboot langAda langGo langJit crossStageStatic enableMultilib; }) + '' ln -sf ${libxcrypt}/include/crypt.h libsanitizer/sanitizer_common/crypt.h ''; diff --git a/pkgs/development/compilers/gcc/11/default.nix b/pkgs/development/compilers/gcc/11/default.nix index de764b9ccc7..0724eedc29c 100644 --- a/pkgs/development/compilers/gcc/11/default.nix +++ b/pkgs/development/compilers/gcc/11/default.nix @@ -189,7 +189,7 @@ stdenv.mkDerivation ({ preConfigure = (import ../common/pre-configure.nix { inherit lib; - inherit version targetPlatform hostPlatform gnatboot langAda langGo langJit crossStageStatic enableMultilib; + inherit version targetPlatform hostPlatform buildPlatform gnatboot langAda langGo langJit crossStageStatic enableMultilib; }) + '' ln -sf ${libxcrypt}/include/crypt.h libsanitizer/sanitizer_common/crypt.h ''; diff --git a/pkgs/development/compilers/gcc/12/default.nix b/pkgs/development/compilers/gcc/12/default.nix index 3c9362fee1a..1a4af0ab286 100644 --- a/pkgs/development/compilers/gcc/12/default.nix +++ b/pkgs/development/compilers/gcc/12/default.nix @@ -109,6 +109,9 @@ let majorVersion = "12"; }) ] + # Fix detection of bootstrap compiler Ada support (cctools as) on Nix Darwin + ++ optional (stdenv.isDarwin && langAda) ../ada-cctools-as-detection-configure.patch + # Obtain latest patch with ../update-mcfgthread-patches.sh ++ optional (!crossStageStatic && targetPlatform.isMinGW && threadsCross.model == "mcf") ./Added-mcf-thread-model-support-from-mcfgthread.patch; @@ -227,7 +230,7 @@ stdenv.mkDerivation ({ preConfigure = (import ../common/pre-configure.nix { inherit lib; - inherit version targetPlatform hostPlatform gnatboot langAda langGo langJit crossStageStatic enableMultilib; + inherit version targetPlatform hostPlatform buildPlatform gnatboot langAda langGo langJit crossStageStatic enableMultilib; }) + '' ln -sf ${libxcrypt}/include/crypt.h libsanitizer/sanitizer_common/crypt.h ''; diff --git a/pkgs/development/compilers/gcc/4.8/default.nix b/pkgs/development/compilers/gcc/4.8/default.nix index ba084af53ee..e0c30f35a13 100644 --- a/pkgs/development/compilers/gcc/4.8/default.nix +++ b/pkgs/development/compilers/gcc/4.8/default.nix @@ -192,7 +192,7 @@ stdenv.mkDerivation ({ preConfigure = import ../common/pre-configure.nix { inherit lib; - inherit version targetPlatform hostPlatform langJava langGo crossStageStatic enableMultilib; + inherit version targetPlatform hostPlatform buildPlatform langJava langGo crossStageStatic enableMultilib; }; dontDisableStatic = true; diff --git a/pkgs/development/compilers/gcc/4.9/default.nix b/pkgs/development/compilers/gcc/4.9/default.nix index c28ef88ce93..d886cc84eca 100644 --- a/pkgs/development/compilers/gcc/4.9/default.nix +++ b/pkgs/development/compilers/gcc/4.9/default.nix @@ -212,7 +212,7 @@ stdenv.mkDerivation ({ preConfigure = import ../common/pre-configure.nix { inherit lib; - inherit version targetPlatform hostPlatform langJava langGo crossStageStatic enableMultilib; + inherit version targetPlatform hostPlatform buildPlatform langJava langGo crossStageStatic enableMultilib; }; dontDisableStatic = true; diff --git a/pkgs/development/compilers/gcc/6/default.nix b/pkgs/development/compilers/gcc/6/default.nix index 8bd9d41f1ea..f82070153b7 100644 --- a/pkgs/development/compilers/gcc/6/default.nix +++ b/pkgs/development/compilers/gcc/6/default.nix @@ -223,7 +223,7 @@ stdenv.mkDerivation ({ preConfigure = import ../common/pre-configure.nix { inherit lib; - inherit version targetPlatform hostPlatform gnatboot langJava langAda langGo crossStageStatic enableMultilib; + inherit version targetPlatform hostPlatform buildPlatform gnatboot langJava langAda langGo crossStageStatic enableMultilib; }; dontDisableStatic = true; diff --git a/pkgs/development/compilers/gcc/7/default.nix b/pkgs/development/compilers/gcc/7/default.nix index 637be9fd971..076eec21a14 100644 --- a/pkgs/development/compilers/gcc/7/default.nix +++ b/pkgs/development/compilers/gcc/7/default.nix @@ -191,7 +191,7 @@ stdenv.mkDerivation ({ preConfigure = import ../common/pre-configure.nix { inherit lib; - inherit version targetPlatform hostPlatform langGo crossStageStatic enableMultilib; + inherit version targetPlatform hostPlatform buildPlatform langGo crossStageStatic enableMultilib; }; dontDisableStatic = true; diff --git a/pkgs/development/compilers/gcc/8/default.nix b/pkgs/development/compilers/gcc/8/default.nix index 4eb47d00c5c..18054c8c19b 100644 --- a/pkgs/development/compilers/gcc/8/default.nix +++ b/pkgs/development/compilers/gcc/8/default.nix @@ -173,7 +173,7 @@ stdenv.mkDerivation ({ preConfigure = import ../common/pre-configure.nix { inherit lib; - inherit version targetPlatform hostPlatform langGo crossStageStatic enableMultilib; + inherit version targetPlatform hostPlatform buildPlatform langGo crossStageStatic enableMultilib; }; dontDisableStatic = true; diff --git a/pkgs/development/compilers/gcc/9/default.nix b/pkgs/development/compilers/gcc/9/default.nix index 4c49cdaa3e2..7cdde48667f 100644 --- a/pkgs/development/compilers/gcc/9/default.nix +++ b/pkgs/development/compilers/gcc/9/default.nix @@ -186,7 +186,7 @@ stdenv.mkDerivation ({ preConfigure = import ../common/pre-configure.nix { inherit lib; - inherit version targetPlatform hostPlatform gnatboot langAda langGo langJit crossStageStatic enableMultilib; + inherit version targetPlatform hostPlatform buildPlatform gnatboot langAda langGo langJit crossStageStatic enableMultilib; }; dontDisableStatic = true; diff --git a/pkgs/development/compilers/gcc/ada-cctools-as-detection-configure.patch b/pkgs/development/compilers/gcc/ada-cctools-as-detection-configure.patch new file mode 100644 index 00000000000..e6b5b365332 --- /dev/null +++ b/pkgs/development/compilers/gcc/ada-cctools-as-detection-configure.patch @@ -0,0 +1,33 @@ +As originally implemented, the error message check +described in the configure script +breaks detection of Ada compiler support on x86_64-darwin, +because the assembler in the version of cctools currently used +unconditionally emits a deprecation message to stdout, +with no way to disable it. + +Furthermore, GCC 3.4 was the minimum version needed to build GNAT +as far back as GCC 4.4 (see the GCC git repo, tags/releases/gcc-4.4.0, +gcc/doc/install.texi, lines 2052-2053 [1]); +GCC 3.4 is newer than any of the broken GCC versions +that the configure script works around +(see the part of the comment in the configure script +before the context in the patch below), +and GCC 4.4 is older than any GCC that Nix currently packages (GCC 4.8). + +We therefore choose to not check for error messages, +and just check for an error code. +There's no harm in still checking for an object file being created, though. + +[1]: https://gcc.gnu.org/git/?p=gcc.git;a=blob;f=gcc/doc/install.texi;h=6bdfbece981f7fb6c26da672d45e5d3ba7879c69;hb=b7fc996728085c0591ea7c5d0e1c84a8f6a29bd8#l2052 +--- a/configure 2022-08-19 18:09:52.000000000 +1000 ++++ b/configure 2022-12-26 17:30:49.000000000 +1100 +@@ -5622,8 +5622,7 @@ + # Other compilers, like HP Tru64 UNIX cc, exit successfully when + # given a .adb file, but produce no object file. So we must check + # if an object file was really produced to guard against this. +-errors=`(${CC} -c conftest.adb) 2>&1 || echo failure` +-if test x"$errors" = x && test -f conftest.$ac_objext; then ++if ${CC} -c conftest.adb && test -f conftest.$ac_objext; then + acx_cv_cc_gcc_supports_ada=yes + fi + rm -f conftest.* diff --git a/pkgs/development/compilers/gcc/common/pre-configure.nix b/pkgs/development/compilers/gcc/common/pre-configure.nix index ae5ffe6ab0d..e3b38eb74e9 100644 --- a/pkgs/development/compilers/gcc/common/pre-configure.nix +++ b/pkgs/development/compilers/gcc/common/pre-configure.nix @@ -1,4 +1,4 @@ -{ lib, version, hostPlatform, targetPlatform +{ lib, version, buildPlatform, hostPlatform, targetPlatform , gnatboot ? null , langAda ? false , langJava ? false @@ -24,6 +24,31 @@ in lib.optionalString (hostPlatform.isSunOS && hostPlatform.is64bit) '' export PATH=${gnatboot}/bin:$PATH '' +# On x86_64-darwin, the gnatboot bootstrap compiler that we need to build a +# native GCC with Ada support emits assembly that is accepted by the Clang +# integrated assembler, but not by the GNU assembler in cctools-port that Nix +# usually in the x86_64-darwin stdenv. In particular, x86_64-darwin gnatboot +# emits MOVQ as the mnemonic for quadword interunit moves, such as between XMM +# and general registers (e.g "movq %xmm0, %rbp"); the cctools-port assembler, +# however, only recognises MOVD for such moves. +# +# Therefore, for native x86_64-darwin builds that support Ada, we have to use +# the Clang integrated assembler to build (at least stage 1 of) GCC, but have to +# target GCC at the cctools-port GNU assembler. In the wrapped x86_64-darwin +# gnatboot, the former is provided as `as`, while the latter is provided as +# `gas`. +# ++ lib.optionalString ( + langAda + && buildPlatform == hostPlatform + && hostPlatform == targetPlatform + && targetPlatform.isx86_64 + && targetPlatform.isDarwin + ) '' + export AS_FOR_BUILD=${gnatboot}/bin/as + export AS_FOR_TARGET=${gnatboot}/bin/gas +'' + # NOTE 2020/3/18: This environment variable prevents configure scripts from # detecting the presence of aligned_alloc on Darwin. There are many facts that # collectively make this fix necessary: diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 32bf99f1c44..d148286bdc5 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -14491,6 +14491,13 @@ with pkgs; && stdenv.buildPlatform == stdenv.hostPlatform then buildPackages.gnatboot12 else buildPackages.gnat12; + stdenv = + if stdenv.hostPlatform == stdenv.targetPlatform + && stdenv.buildPlatform == stdenv.hostPlatform + && stdenv.buildPlatform.isDarwin + && stdenv.buildPlatform.isx86_64 + then overrideCC stdenv gnatboot12 + else stdenv; }); gnatboot = gnatboot12; From a584587beac2116ef8da470d1e2a04827f86007c Mon Sep 17 00:00:00 2001 From: Boey Maun Suang Date: Fri, 6 Jan 2023 20:32:49 +1100 Subject: [PATCH 015/155] cc-wrapper: Wrap/link all other GNAT commands --- pkgs/build-support/cc-wrapper/default.nix | 11 +++-- pkgs/build-support/cc-wrapper/gnat-wrapper.sh | 40 ++++++++++++------- 2 files changed, 34 insertions(+), 17 deletions(-) diff --git a/pkgs/build-support/cc-wrapper/default.nix b/pkgs/build-support/cc-wrapper/default.nix index 7473b866d64..e5087931b41 100644 --- a/pkgs/build-support/cc-wrapper/default.nix +++ b/pkgs/build-support/cc-wrapper/default.nix @@ -236,10 +236,15 @@ stdenv.mkDerivation { fi '' + # No need to wrap gnat, gnatkr, gnatname or gnatprep; we can just symlink them in + optionalString cc.langAda or false '' - wrap ${targetPrefix}gnatmake ${./gnat-wrapper.sh} $ccPath/${targetPrefix}gnatmake - wrap ${targetPrefix}gnatbind ${./gnat-wrapper.sh} $ccPath/${targetPrefix}gnatbind - wrap ${targetPrefix}gnatlink ${./gnat-wrapper.sh} $ccPath/${targetPrefix}gnatlink + for cmd in gnatbind gnatchop gnatclean gnatlink gnatls gnatmake; do + wrap ${targetPrefix}$cmd ${./gnat-wrapper.sh} $ccPath/${targetPrefix}$cmd + done + + for cmd in gnat gnatkr gnatname gnatprep; do + ln -s $ccPath/${targetPrefix}$cmd $out/bin/${targetPrefix}$cmd + done # this symlink points to the unwrapped gnat's output "out". It is used by # our custom gprconfig compiler description to find GNAT's ada runtime. See diff --git a/pkgs/build-support/cc-wrapper/gnat-wrapper.sh b/pkgs/build-support/cc-wrapper/gnat-wrapper.sh index 1d0a97c7604..e75eb3eb1eb 100644 --- a/pkgs/build-support/cc-wrapper/gnat-wrapper.sh +++ b/pkgs/build-support/cc-wrapper/gnat-wrapper.sh @@ -127,20 +127,32 @@ if [ "$NIX_ENFORCE_NO_NATIVE_@suffixSalt@" = 1 ]; then params=(${rest+"${rest[@]}"}) fi -if [ "$(basename $0)x" = "gnatmakex" ]; then - extraBefore=("--GNATBIND=@out@/bin/gnatbind" "--GNATLINK=@out@/bin/gnatlink") - extraAfter=($NIX_GNATFLAGS_COMPILE_@suffixSalt@ -cargs $NIX_GNATMAKE_CARGS_@suffixSalt@) -fi - -if [ "$(basename $0)x" = "gnatbindx" ]; then - extraBefore=() - extraAfter=($NIX_GNATFLAGS_COMPILE_@suffixSalt@) -fi - -if [ "$(basename $0)x" = "gnatlinkx" ]; then - extraBefore=() - extraAfter=("--GCC=@out@/bin/gcc") -fi +case "$(basename $0)x" in + "gnatbindx") + extraBefore=() + extraAfter=($NIX_GNATFLAGS_COMPILE_@suffixSalt@) + ;; + "gnatchopx") + extraBefore=("--GCC=@out@/bin/gcc") + extraAfter=() + ;; + "gnatcleanx") + extraBefore=($NIX_GNATFLAGS_COMPILE_@suffixSalt@) + extraAfter=() + ;; + "gnatlinkx") + extraBefore=() + extraAfter=("--GCC=@out@/bin/gcc") + ;; + "gnatlsx") + extraBefore=() + extraAfter=($NIX_GNATFLAGS_COMPILE_@suffixSalt@) + ;; + "gnatmakex") + extraBefore=("--GNATBIND=@out@/bin/gnatbind" "--GNATLINK=@out@/bin/gnatlink") + extraAfter=($NIX_GNATFLAGS_COMPILE_@suffixSalt@ -cargs $NIX_GNATMAKE_CARGS_@suffixSalt@) + ;; +esac # As a very special hack, if the arguments are just `-v', then don't # add anything. This is to prevent `gcc -v' (which normally prints From 3e15a7a463a3e051302c66fb12a40ef65ccd8e5e Mon Sep 17 00:00:00 2001 From: Weijia Wang <9713184+wegank@users.noreply.github.com> Date: Mon, 9 Jan 2023 20:35:45 +0100 Subject: [PATCH 016/155] teyjus: 2.1 -> unstable-2019-07-26 --- pkgs/development/compilers/teyjus/default.nix | 23 ++++++++++++++----- pkgs/top-level/all-packages.nix | 6 +---- 2 files changed, 18 insertions(+), 11 deletions(-) diff --git a/pkgs/development/compilers/teyjus/default.nix b/pkgs/development/compilers/teyjus/default.nix index ac1a2f8abd5..d165b347c60 100644 --- a/pkgs/development/compilers/teyjus/default.nix +++ b/pkgs/development/compilers/teyjus/default.nix @@ -2,21 +2,32 @@ stdenv.mkDerivation rec { pname = "teyjus"; - version = "2.1"; + version = "unstable-2019-07-26"; src = fetchFromGitHub { owner = "teyjus"; repo = "teyjus"; - rev = "v${version}"; - sha256 = "sha256-nz7jZ+GdF6mZQPzBrVD9K/RtoeuVRuhfs7vej4zDkhg="; + rev = "e63f40aa9f1d0ea5e7bac41aae5e479c3616545c"; + sha256 = "sha256-gaAWKd5/DZrIPaaQzx9l0KtCMW9LPw17vvNPsnopZA0="; }; - patches = [ ./fix-lex-to-flex.patch ]; + patches = [ + ./fix-lex-to-flex.patch + ]; - buildInputs = [ omake ocaml flex bison ]; + postPatch = '' + sed -i "/TST/d" source/OMakefile + rm -rf source/front/caml + ''; + + strictDeps = true; + + nativeBuildInputs = [ omake ocaml flex bison ]; hardeningDisable = [ "format" ]; + NIX_CFLAGS_COMPILE = "-I${ocaml}/include"; + buildPhase = "omake all"; checkPhase = "omake check"; @@ -28,6 +39,6 @@ stdenv.mkDerivation rec { homepage = "https://github.com/teyjus/teyjus"; license = lib.licenses.gpl3; maintainers = [ maintainers.bcdarwin ]; - platforms = platforms.linux; + platforms = platforms.unix; }; } diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 7424cf7bff1..24267668e43 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -15687,11 +15687,7 @@ with pkgs; inherit (darwin.apple_sdk.frameworks) Cocoa Foundation; }; - teyjus = callPackage ../development/compilers/teyjus ( - with ocaml-ng.ocamlPackages_4_02; { - inherit ocaml; - omake = omake_rc1; - }); + teyjus = callPackage ../development/compilers/teyjus { }; thrust = callPackage ../development/tools/thrust { gconf = gnome2.GConf; From d8010161a6dd070a78686baf7f36dcff7165d21c Mon Sep 17 00:00:00 2001 From: Weijia Wang <9713184+wegank@users.noreply.github.com> Date: Mon, 9 Jan 2023 21:53:04 +0100 Subject: [PATCH 017/155] python3Packages.scooby: init at 0.7.0 --- .../python-modules/scooby/default.nix | 28 +++++++++++++++++++ pkgs/top-level/python-packages.nix | 2 ++ 2 files changed, 30 insertions(+) create mode 100644 pkgs/development/python-modules/scooby/default.nix diff --git a/pkgs/development/python-modules/scooby/default.nix b/pkgs/development/python-modules/scooby/default.nix new file mode 100644 index 00000000000..3fb2ee90116 --- /dev/null +++ b/pkgs/development/python-modules/scooby/default.nix @@ -0,0 +1,28 @@ +{ lib +, buildPythonPackage +, fetchPypi +, setuptools-scm +}: + +buildPythonPackage rec { + pname = "scooby"; + version = "0.7.0"; + + src = fetchPypi { + inherit pname version; + sha256 = "sha256-scD/uuAtepatt8Yn7b6PJMfSj9AT7iOy0HuVHyVvEhk="; + }; + + nativeBuildInputs = [ + setuptools-scm + ]; + + pythonImportsCheck = [ "scooby" ]; + + meta = with lib; { + homepage = "https://github.com/banesullivan/scooby"; + description = "Report hardware information and Python package versions"; + license = licenses.mit; + maintainers = with maintainers; [ wegank ]; + }; +} diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index e35d915c962..7769da8f5e7 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -10163,6 +10163,8 @@ self: super: with self; { scour = callPackage ../development/python-modules/scour { }; + scooby = callPackage ../development/python-modules/scooby { }; + scp = callPackage ../development/python-modules/scp { }; scramp = callPackage ../development/python-modules/scramp { }; From 8e00e58c117b08f3b31915e3aee0b9b71bb42ec7 Mon Sep 17 00:00:00 2001 From: Weijia Wang <9713184+wegank@users.noreply.github.com> Date: Mon, 9 Jan 2023 13:20:56 +0100 Subject: [PATCH 018/155] python3Packages.pyvista: init at 0.37.0 --- .../python-modules/pyvista/default.nix | 41 +++++++++++++++++++ pkgs/top-level/python-packages.nix | 2 + 2 files changed, 43 insertions(+) create mode 100644 pkgs/development/python-modules/pyvista/default.nix diff --git a/pkgs/development/python-modules/pyvista/default.nix b/pkgs/development/python-modules/pyvista/default.nix new file mode 100644 index 00000000000..e2ceb1d776f --- /dev/null +++ b/pkgs/development/python-modules/pyvista/default.nix @@ -0,0 +1,41 @@ +{ lib +, buildPythonPackage +, fetchPypi +, imageio +, numpy +, pillow +, pooch +, scooby +, vtk +, unittestCheckHook +}: + +buildPythonPackage rec { + pname = "pyvista"; + version = "0.37.0"; + + src = fetchPypi { + inherit pname version; + sha256 = "sha256-02osbV9T9HOrapJBZpaTrO56UXk5Tcl1ldoUzB3iMUE="; + }; + + propagatedBuildInputs = [ + imageio + numpy + pillow + pooch + scooby + vtk + ]; + + checkInputs = [ + unittestCheckHook + ]; + + meta = with lib; { + homepage = "https://pyvista.org"; + description = "Easier Pythonic interface to VTK"; + license = licenses.mit; + maintainers = with maintainers; [ wegank ]; + }; +} diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 7769da8f5e7..31bf4a5f227 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -9470,6 +9470,8 @@ self: super: with self; { pyvisa-py = callPackage ../development/python-modules/pyvisa-py { }; + pyvista = callPackage ../development/python-modules/pyvista { }; + pyviz-comms = callPackage ../development/python-modules/pyviz-comms { }; pyvizio = callPackage ../development/python-modules/pyvizio { }; From b754b1a6aac49de8656d35b1150176c6204b72af Mon Sep 17 00:00:00 2001 From: Weijia Wang <9713184+wegank@users.noreply.github.com> Date: Mon, 9 Jan 2023 21:54:32 +0100 Subject: [PATCH 019/155] python3Packages.sfepy: 2022.1 -> 2022.3 --- .../python-modules/scooby/default.nix | 2 +- .../python-modules/sfepy/default.nix | 32 +++++++++++-------- 2 files changed, 20 insertions(+), 14 deletions(-) diff --git a/pkgs/development/python-modules/scooby/default.nix b/pkgs/development/python-modules/scooby/default.nix index 3fb2ee90116..bdcc62963a7 100644 --- a/pkgs/development/python-modules/scooby/default.nix +++ b/pkgs/development/python-modules/scooby/default.nix @@ -21,7 +21,7 @@ buildPythonPackage rec { meta = with lib; { homepage = "https://github.com/banesullivan/scooby"; - description = "Report hardware information and Python package versions"; + description = "A lightweight tool for reporting Python package versions and hardware resources"; license = licenses.mit; maintainers = with maintainers; [ wegank ]; }; diff --git a/pkgs/development/python-modules/sfepy/default.nix b/pkgs/development/python-modules/sfepy/default.nix index 03f3b64ee50..8e1089c3798 100644 --- a/pkgs/development/python-modules/sfepy/default.nix +++ b/pkgs/development/python-modules/sfepy/default.nix @@ -14,19 +14,21 @@ , mpi4py , psutil , openssh +, pyvista +, pytest , pythonOlder }: buildPythonPackage rec { pname = "sfepy"; - version = "2022.1"; + version = "2022.3"; disabled = pythonOlder "3.8"; src = fetchFromGitHub { owner = "sfepy"; repo = "sfepy"; rev = "release_${version}"; - sha256 = "sha256-OayULh/dGI5sEynYMc+JLwUd67zEGdIGEKo6CTOdZS8="; + sha256 = "sha256-6AhyO6LRG6N62ZAoPCZpRKu4ZBzj9IHkurhKFIPFAJI="; }; propagatedBuildInputs = [ @@ -41,34 +43,38 @@ buildPythonPackage rec { mpi4py psutil openssh + pyvista ]; postPatch = '' # broken tests - rm tests/test_meshio.py + rm sfepy/tests/test_meshio.py # slow tests - rm tests/test_input_*.py - rm tests/test_elasticity_small_strain.py - rm tests/test_term_call_modes.py - rm tests/test_refine_hanging.py - rm tests/test_hyperelastic_tlul.py - rm tests/test_poly_spaces.py - rm tests/test_linear_solvers.py - rm tests/test_quadratures.py + rm sfepy/tests/test_io.py + rm sfepy/tests/test_elasticity_small_strain.py + rm sfepy/tests/test_term_call_modes.py + rm sfepy/tests/test_refine_hanging.py + rm sfepy/tests/test_hyperelastic_tlul.py + rm sfepy/tests/test_poly_spaces.py + rm sfepy/tests/test_linear_solvers.py + rm sfepy/tests/test_quadratures.py ''; + checkInputs = [ + pytest + ]; + checkPhase = '' export OMPI_MCA_plm_rsh_agent=${openssh}/bin/ssh export HOME=$TMPDIR mv sfepy sfepy.hidden mkdir -p $HOME/.matplotlib echo "backend: ps" > $HOME/.matplotlib/matplotlibrc - ${python.interpreter} run_tests.py -o $TMPDIR/test_outputs --raise + ${python.interpreter} -c "import sfepy; sfepy.test()" ''; meta = with lib; { - broken = stdenv.isLinux && stdenv.isAarch64; homepage = "https://sfepy.org/"; description = "Simple Finite Elements in Python"; license = licenses.bsd3; From 798b7fdc5cf07786c74a79e5c63b6ebcafed42eb Mon Sep 17 00:00:00 2001 From: pennae Date: Tue, 3 Jan 2023 02:14:10 +0100 Subject: [PATCH 020/155] doc/filters: fix myst-reader role detection matching on only `{...}` does not trigger if the role tag is preceded by something usually considered a semantic separator that isn't a separator as markdown knows it, e.g. punctuation characters. --- doc/build-aux/pandoc-filters/myst-reader/roles.lua | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/doc/build-aux/pandoc-filters/myst-reader/roles.lua b/doc/build-aux/pandoc-filters/myst-reader/roles.lua index c33a688eeba..f4ef6d390b4 100644 --- a/doc/build-aux/pandoc-filters/myst-reader/roles.lua +++ b/doc/build-aux/pandoc-filters/myst-reader/roles.lua @@ -17,9 +17,16 @@ function Inlines(inlines) if correct_tags then -- docutils supports alphanumeric strings separated by [-._:] -- We are slightly more liberal for simplicity. - local role = first.text:match('^{([-._+:%w]+)}$') - if role ~= nil then - inlines:remove(i) + -- Allow preceding punctuation (eg '('), otherwise '({file}`...`)' + -- does not match. Also allow anything followed by a non-breaking space + -- since pandoc emits those after certain abbreviations (e.g. e.g.). + local prefix, role = first.text:match('^(.*){([-._+:%w]+)}$') + if role ~= nil and (prefix == '' or prefix:match("^.*[%p ]$") ~= nil) then + if prefix == '' then + inlines:remove(i) + else + first.text = prefix + end second.attributes['role'] = role second.classes:insert('interpreted-text') end From 80a78f2e1e8228a99786039d987bda3855db930c Mon Sep 17 00:00:00 2001 From: pennae Date: Mon, 2 Jan 2023 22:57:19 +0100 Subject: [PATCH 021/155] nixos/manual: remove links from program listings markdown cannot represent those links. remove them all now instead of in each chapter conversion to keep the diff for each chapter small and more understandable. --- nixos/modules/i18n/input-method/default.xml | 16 +-- nixos/modules/programs/digitalbitbox/doc.xml | 10 +- nixos/modules/programs/plotinus.xml | 2 +- nixos/modules/security/acme/doc.xml | 113 ++++++++-------- .../modules/services/databases/postgresql.xml | 16 +-- nixos/modules/services/desktops/flatpak.xml | 4 +- nixos/modules/services/editors/emacs.xml | 8 +- nixos/modules/services/hardware/trezord.xml | 2 +- nixos/modules/services/mail/mailman.xml | 16 +-- nixos/modules/services/matrix/mjolnir.xml | 14 +- nixos/modules/services/matrix/synapse.xml | 74 +++++----- nixos/modules/services/misc/gitlab.xml | 52 +++---- .../services/misc/sourcehut/sourcehut.xml | 54 ++++---- .../modules/services/misc/taskserver/doc.xml | 8 +- nixos/modules/services/misc/weechat.xml | 4 +- nixos/modules/services/networking/prosody.xml | 38 +++--- nixos/modules/services/web-apps/discourse.xml | 128 +++++++++--------- nixos/modules/services/web-apps/grocy.xml | 12 +- .../modules/services/web-apps/jitsi-meet.xml | 28 ++-- nixos/modules/services/web-apps/keycloak.xml | 14 +- nixos/modules/services/web-apps/nextcloud.xml | 42 +++--- nixos/modules/services/web-apps/plausible.xml | 12 +- .../services/x11/desktop-managers/gnome.xml | 24 ++-- .../x11/desktop-managers/pantheon.xml | 8 +- 24 files changed, 349 insertions(+), 350 deletions(-) diff --git a/nixos/modules/i18n/input-method/default.xml b/nixos/modules/i18n/input-method/default.xml index dd66316c730..ba621baf441 100644 --- a/nixos/modules/i18n/input-method/default.xml +++ b/nixos/modules/i18n/input-method/default.xml @@ -60,8 +60,8 @@ i18n.inputMethod = { - enabled = "ibus"; - ibus.engines = with pkgs.ibus-engines; [ anthy hangul mozc ]; + enabled = "ibus"; + ibus.engines = with pkgs.ibus-engines; [ anthy hangul mozc ]; }; @@ -151,8 +151,8 @@ ibus.engines = with pkgs.ibus-engines; [ table table-others ]; i18n.inputMethod = { - enabled = "fcitx"; - fcitx.engines = with pkgs.fcitx-engines; [ mozc hangul m17n ]; + enabled = "fcitx"; + fcitx.engines = with pkgs.fcitx-engines; [ mozc hangul m17n ]; }; @@ -224,7 +224,7 @@ i18n.inputMethod = { i18n.inputMethod = { - enabled = "nabi"; + enabled = "nabi"; }; @@ -242,7 +242,7 @@ i18n.inputMethod = { i18n.inputMethod = { - enabled = "uim"; + enabled = "uim"; }; @@ -267,7 +267,7 @@ i18n.inputMethod = { i18n.inputMethod = { - enabled = "hime"; + enabled = "hime"; }; @@ -284,7 +284,7 @@ i18n.inputMethod = { i18n.inputMethod = { - enabled = "kime"; + enabled = "kime"; }; diff --git a/nixos/modules/programs/digitalbitbox/doc.xml b/nixos/modules/programs/digitalbitbox/doc.xml index c63201628db..e4ac6195dae 100644 --- a/nixos/modules/programs/digitalbitbox/doc.xml +++ b/nixos/modules/programs/digitalbitbox/doc.xml @@ -12,7 +12,7 @@ setting programs.digitalbitbox to true in a manner similar to - = true; +programs.digitalbitbox.enable = true; and bundles the digitalbitbox package (see digitalbitbox package which could be installed as follows: - = [ +environment.systemPackages = [ pkgs.digitalbitbox ]; @@ -53,7 +53,7 @@ The digitalbitbox hardware package enables the udev rules for Digital Bitbox devices and may be installed as follows: - = true; +hardware.digitalbitbox.enable = true; @@ -63,8 +63,8 @@ by means of overriding as follows: programs.digitalbitbox = { - enable = true; - package = pkgs.digitalbitbox.override { + enable = true; + package = pkgs.digitalbitbox.override { udevRule51 = "something else"; }; }; diff --git a/nixos/modules/programs/plotinus.xml b/nixos/modules/programs/plotinus.xml index 8fc8c22c6d7..656c072b97a 100644 --- a/nixos/modules/programs/plotinus.xml +++ b/nixos/modules/programs/plotinus.xml @@ -24,7 +24,7 @@ To enable Plotinus, add the following to your configuration.nix: - = true; +programs.plotinus.enable = true; diff --git a/nixos/modules/security/acme/doc.xml b/nixos/modules/security/acme/doc.xml index 1439594a5ac..4c02eae45f9 100644 --- a/nixos/modules/security/acme/doc.xml +++ b/nixos/modules/security/acme/doc.xml @@ -57,37 +57,36 @@ NixOS supports fetching ACME certificates for you by setting - enableACME - = true; in a virtualHost config. We first create self-signed + enableACME = true; in a virtualHost config. We first create self-signed placeholder certificates in place of the real ACME certs. The placeholder certs are overwritten when the ACME certs arrive. For foo.example.com the config would look like this: - = true; - = "admin+acme@example.com"; +security.acme.acceptTerms = true; +security.acme.defaults.email = "admin+acme@example.com"; services.nginx = { - enable = true; - virtualHosts = { + enable = true; + virtualHosts = { "foo.example.com" = { - forceSSL = true; - enableACME = true; - # All serverAliases will be added as extra domain names on the certificate. - serverAliases = [ "bar.example.com" ]; + forceSSL = true; + enableACME = true; + # All serverAliases will be added as extra domain names on the certificate. + serverAliases = [ "bar.example.com" ]; locations."/" = { - root = "/var/www"; + root = "/var/www"; }; }; # We can also add a different vhost and reuse the same certificate # but we have to append extraDomainNames manually beforehand: - # security.acme.certs."foo.example.com".extraDomainNames = [ "baz.example.com" ]; + # security.acme.certs."foo.example.com".extraDomainNames = [ "baz.example.com" ]; "baz.example.com" = { - forceSSL = true; - useACMEHost = "foo.example.com"; + forceSSL = true; + useACMEHost = "foo.example.com"; locations."/" = { - root = "/var/www"; + root = "/var/www"; }; }; }; @@ -114,41 +113,41 @@ services.nginx = { - = true; - = "admin+acme@example.com"; +security.acme.acceptTerms = true; +security.acme.defaults.email = "admin+acme@example.com"; # /var/lib/acme/.challenges must be writable by the ACME user # and readable by the Nginx user. The easiest way to achieve # this is to add the Nginx user to the ACME group. -users.users.nginx.extraGroups = [ "acme" ]; +users.users.nginx.extraGroups = [ "acme" ]; services.nginx = { - enable = true; - virtualHosts = { + enable = true; + virtualHosts = { "acmechallenge.example.com" = { # Catchall vhost, will redirect users to HTTPS for all vhosts - serverAliases = [ "*.example.com" ]; + serverAliases = [ "*.example.com" ]; locations."/.well-known/acme-challenge" = { - root = "/var/lib/acme/.challenges"; + root = "/var/lib/acme/.challenges"; }; locations."/" = { - return = "301 https://$host$request_uri"; + return = "301 https://$host$request_uri"; }; }; }; } # Alternative config for Apache -users.users.wwwrun.extraGroups = [ "acme" ]; +users.users.wwwrun.extraGroups = [ "acme" ]; services.httpd = { - enable = true; - virtualHosts = { + enable = true; + virtualHosts = { "acmechallenge.example.com" = { # Catchall vhost, will redirect users to HTTPS for all vhosts - serverAliases = [ "*.example.com" ]; + serverAliases = [ "*.example.com" ]; # /var/lib/acme/.challenges must be writable by the ACME user and readable by the Apache user. # By default, this is the case. - documentRoot = "/var/lib/acme/.challenges"; - extraConfig = '' + documentRoot = "/var/lib/acme/.challenges"; + extraConfig = '' RewriteEngine On RewriteCond %{HTTPS} off RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge [NC] @@ -164,16 +163,16 @@ services.httpd = { -."foo.example.com" = { - webroot = "/var/lib/acme/.challenges"; - email = "foo@example.com"; +security.acme.certs."foo.example.com" = { + webroot = "/var/lib/acme/.challenges"; + email = "foo@example.com"; # Ensure that the web server you use can read the generated certs - # Take a look at the group option for the web server you choose. - group = "nginx"; + # Take a look at the group option for the web server you choose. + group = "nginx"; # Since we have a wildcard vhost to handle port 80, # we can generate certs for anything! # Just make sure your DNS resolves them. - extraDomainNames = [ "mail.example.com" ]; + extraDomainNames = [ "mail.example.com" ]; }; @@ -203,11 +202,11 @@ services.httpd = { services.bind = { - enable = true; - extraConfig = '' + enable = true; + extraConfig = '' include "/var/lib/secrets/dnskeys.conf"; ''; - zones = [ + zones = [ rec { name = "example.com"; file = "/var/db/bind/${name}"; @@ -218,14 +217,14 @@ services.bind = { } # Now we can configure ACME - = true; - = "admin+acme@example.com"; -."example.com" = { - domain = "*.example.com"; - dnsProvider = "rfc2136"; - credentialsFile = "/var/lib/secrets/certs.secret"; +security.acme.acceptTerms = true; +security.acme.defaults.email = "admin+acme@example.com"; +security.acme.certs."example.com" = { + domain = "*.example.com"; + dnsProvider = "rfc2136"; + credentialsFile = "/var/lib/secrets/certs.secret"; # We don't need to wait for propagation since this is a local DNS server - dnsPropagationCheck = false; + dnsPropagationCheck = false; }; @@ -296,23 +295,23 @@ systemd.services.dns-rfc2136-conf = { # Configure ACME appropriately - = true; - = "admin+acme@example.com"; - = { - dnsProvider = "rfc2136"; - credentialsFile = "/var/lib/secrets/certs.secret"; +security.acme.acceptTerms = true; +security.acme.defaults.email = "admin+acme@example.com"; +security.acme.defaults = { + dnsProvider = "rfc2136"; + credentialsFile = "/var/lib/secrets/certs.secret"; # We don't need to wait for propagation since this is a local DNS server - dnsPropagationCheck = false; + dnsPropagationCheck = false; }; # For each virtual host you would like to use DNS-01 validation with, # set acmeRoot = null services.nginx = { - enable = true; - virtualHosts = { + enable = true; + virtualHosts = { "foo.example.com" = { - enableACME = true; - acmeRoot = null; + enableACME = true; + acmeRoot = null; }; }; } @@ -349,8 +348,8 @@ security.acme.certs."mail.example.com".postRun = '' # Now you must augment OpenSMTPD's systemd service to load # the certificate files. -systemd.services.opensmtpd.requires = ["acme-finished-mail.example.com.target"]; -systemd.services.opensmtpd.serviceConfig.LoadCredential = let +systemd.services.opensmtpd.requires = ["acme-finished-mail.example.com.target"]; +systemd.services.opensmtpd.serviceConfig.LoadCredential = let certDir = config.security.acme.certs."mail.example.com".directory; in [ "cert.pem:${certDir}/cert.pem" diff --git a/nixos/modules/services/databases/postgresql.xml b/nixos/modules/services/databases/postgresql.xml index e48c578e6ce..fc91e0dc4c0 100644 --- a/nixos/modules/services/databases/postgresql.xml +++ b/nixos/modules/services/databases/postgresql.xml @@ -23,8 +23,8 @@ To enable PostgreSQL, add the following to your configuration.nix: - = true; - = pkgs.postgresql_11; +services.postgresql.enable = true; +services.postgresql.package = pkgs.postgresql_11; Note that you are required to specify the desired version of PostgreSQL (e.g. pkgs.postgresql_11). Since upgrading your PostgreSQL version requires a database dump and reload (see below), NixOS cannot provide a default value for such as the most recent release of PostgreSQL. @@ -45,7 +45,7 @@ Type "help" for help. By default, PostgreSQL stores its databases in /var/lib/postgresql/$psqlSchema. You can override this using , e.g. - = "/data/postgresql"; +services.postgresql.dataDir = "/data/postgresql"; @@ -71,7 +71,7 @@ Type "help" for help. { config, pkgs, ... }: { - = [ + environment.systemPackages = [ (let # XXX specify the postgresql package you'd like to upgrade to. # Do not forget to list the extensions you need. @@ -87,8 +87,8 @@ Type "help" for help. export NEWBIN="${newPostgres}/bin" - export OLDDATA="${config.}" - export OLDBIN="${config.}/bin" + export OLDDATA="${config.services.postgresql.dataDir}" + export OLDBIN="${config.services.postgresql.package}/bin" install -d -m 0700 -o postgres -g postgres "$NEWDATA" cd "$NEWDATA" @@ -189,8 +189,8 @@ postgresql_11.pkgs.pg_partman postgresql_11.pkgs.pgroonga To add plugins via NixOS configuration, set services.postgresql.extraPlugins: - = pkgs.postgresql_11; - = with pkgs.postgresql_11.pkgs; [ +services.postgresql.package = pkgs.postgresql_11; +services.postgresql.extraPlugins = with pkgs.postgresql_11.pkgs; [ pg_repack postgis ]; diff --git a/nixos/modules/services/desktops/flatpak.xml b/nixos/modules/services/desktops/flatpak.xml index 8f080b25022..a6d27e40b0a 100644 --- a/nixos/modules/services/desktops/flatpak.xml +++ b/nixos/modules/services/desktops/flatpak.xml @@ -20,7 +20,7 @@ To enable Flatpak, add the following to your configuration.nix: - = true; + services.flatpak.enable = true; @@ -29,7 +29,7 @@ in other cases, you will need to add something like the following to your configuration.nix: - = [ pkgs.xdg-desktop-portal-gtk ]; + xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; diff --git a/nixos/modules/services/editors/emacs.xml b/nixos/modules/services/editors/emacs.xml index fd99ee9442c..dfadf27d41d 100644 --- a/nixos/modules/services/editors/emacs.xml +++ b/nixos/modules/services/editors/emacs.xml @@ -375,8 +375,8 @@ in [...] To install and enable the systemd user service for Emacs daemon, add the following to your configuration.nix: - = true; - = import /home/cassou/.emacs.d { pkgs = pkgs; }; +services.emacs.enable = true; +services.emacs.package = import /home/cassou/.emacs.d { pkgs = pkgs; }; @@ -459,8 +459,8 @@ emacsclient --create-frame --tty # opens a new frame on the current terminal Emacs daemon is not wanted for all users, it is possible to install the service but not globally enable it: - = false; - = true; +services.emacs.enable = false; +services.emacs.install = true; diff --git a/nixos/modules/services/hardware/trezord.xml b/nixos/modules/services/hardware/trezord.xml index 972d409d9d0..e1f42bc0829 100644 --- a/nixos/modules/services/hardware/trezord.xml +++ b/nixos/modules/services/hardware/trezord.xml @@ -19,7 +19,7 @@ To enable Trezor support, add the following to your configuration.nix: - = true; +services.trezord.enable = true; This will add all necessary udev rules and start Trezor Bridge. diff --git a/nixos/modules/services/mail/mailman.xml b/nixos/modules/services/mail/mailman.xml index 27247fb064f..9510cbe82c5 100644 --- a/nixos/modules/services/mail/mailman.xml +++ b/nixos/modules/services/mail/mailman.xml @@ -28,14 +28,14 @@ }; }; services.mailman = { - enable = true; - serve.enable = true; - hyperkitty.enable = true; - webHosts = ["lists.example.org"]; - siteOwner = "mailman@example.org"; + enable = true; + serve.enable = true; + hyperkitty.enable = true; + webHosts = ["lists.example.org"]; + siteOwner = "mailman@example.org"; }; - services.nginx.virtualHosts."lists.example.org".enableACME = true; - networking.firewall.allowedTCPPorts = [ 25 80 443 ]; + services.nginx.virtualHosts."lists.example.org".enableACME = true; + networking.firewall.allowedTCPPorts = [ 25 80 443 ]; } @@ -65,7 +65,7 @@ mailman = { enable = true; siteOwner = "mailman@example.org"; - enablePostfix = false; + enablePostfix = false; settings.mta = { incoming = "mailman.mta.exim4.LMTP"; outgoing = "mailman.mta.deliver.deliver"; diff --git a/nixos/modules/services/matrix/mjolnir.xml b/nixos/modules/services/matrix/mjolnir.xml index b07abe33979..4e0f14a3c0b 100644 --- a/nixos/modules/services/matrix/mjolnir.xml +++ b/nixos/modules/services/matrix/mjolnir.xml @@ -67,16 +67,16 @@ { services.mjolnir = { enable = true; - homeserverUrl = "https://matrix.domain.tld"; - pantalaimon = { - enable = true; - username = "mjolnir"; - passwordFile = "/run/secrets/mjolnir-password"; + homeserverUrl = "https://matrix.domain.tld"; + pantalaimon = { + enable = true; + username = "mjolnir"; + passwordFile = "/run/secrets/mjolnir-password"; }; - protectedRooms = [ + protectedRooms = [ "https://matrix.to/#/!xxx:domain.tld" ]; - managementRoom = "!yyy:domain.tld"; + managementRoom = "!yyy:domain.tld"; }; } diff --git a/nixos/modules/services/matrix/synapse.xml b/nixos/modules/services/matrix/synapse.xml index 40ad72173a5..f834e54f3c8 100644 --- a/nixos/modules/services/matrix/synapse.xml +++ b/nixos/modules/services/matrix/synapse.xml @@ -47,12 +47,12 @@ let return 200 '${builtins.toJSON data}'; ''; in { - = "myhostname"; - = "example.org"; - = [ 80 443 ]; + networking.hostName = "myhostname"; + networking.domain = "example.org"; + networking.firewall.allowedTCPPorts = [ 80 443 ]; - = true; - = pkgs.writeText "synapse-init.sql" '' + services.postgresql.enable = true; + services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" '' CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" TEMPLATE template0 @@ -61,42 +61,42 @@ in { ''; services.nginx = { - enable = true; - recommendedTlsSettings = true; - recommendedOptimisation = true; - recommendedGzipSettings = true; - recommendedProxySettings = true; - virtualHosts = { + enable = true; + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + recommendedProxySettings = true; + virtualHosts = { "${config.networking.domain}" = { - enableACME = true; - forceSSL = true; - locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; - locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; + enableACME = true; + forceSSL = true; + locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; + locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; }; "${fqdn}" = { - enableACME = true; - forceSSL = true; - locations."/".extraConfig = '' + enableACME = true; + forceSSL = true; + locations."/".extraConfig = '' return 404; ''; - locations."/_matrix".proxyPass = "http://[::1]:8008"; - locations."/_synapse/client".proxyPass = "http://[::1]:8008"; + locations."/_matrix".proxyPass = "http://[::1]:8008"; + locations."/_synapse/client".proxyPass = "http://[::1]:8008"; }; }; }; services.matrix-synapse = { - enable = true; - settings.server_name = config.networking.domain; - settings.listeners = [ - { port = 8008; - bind_addresses = [ "::1" ]; - type = "http"; - tls = false; - x_forwarded = true; - resources = [ { - names = [ "client" "federation" ]; - compress = true; + enable = true; + settings.server_name = config.networking.domain; + settings.listeners = [ + { port = 8008; + bind_addresses = [ "::1" ]; + type = "http"; + tls = false; + x_forwarded = true; + resources = [ { + names = [ "client" "federation" ]; + compress = true; } ]; } ]; @@ -159,7 +159,7 @@ in { Registering Matrix users If you want to run a server with public registration by anybody, you can - then enable services.matrix-synapse.settings.enable_registration = + then enable services.matrix-synapse.settings.enable_registration = true;. Otherwise, or you can generate a registration secret with pwgen -s 64 1 and set it with . @@ -202,7 +202,7 @@ Success! Include the file like this in your configuration: { - = [ + services.matrix-synapse.extraConfigFiles = [ "/run/secrets/matrix-shared-secret" ]; } @@ -244,13 +244,13 @@ Success! { services.nginx.virtualHosts."element.${fqdn}" = { - enableACME = true; - forceSSL = true; - serverAliases = [ + enableACME = true; + forceSSL = true; + serverAliases = [ "element.${config.networking.domain}" ]; - root = pkgs.element-web.override { + root = pkgs.element-web.override { conf = { default_server_config = clientConfig; # see `clientConfig` from the snippet above. }; diff --git a/nixos/modules/services/misc/gitlab.xml b/nixos/modules/services/misc/gitlab.xml index 9816fdac7dd..a9f8d5fd721 100644 --- a/nixos/modules/services/misc/gitlab.xml +++ b/nixos/modules/services/misc/gitlab.xml @@ -20,16 +20,16 @@ For instance, the following configuration could be used to use nginx as frontend proxy: -services.nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - virtualHosts."git.example.com" = { - enableACME = true; - forceSSL = true; - locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket"; +services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + virtualHosts."git.example.com" = { + enableACME = true; + forceSSL = true; + locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket"; }; }; @@ -53,26 +53,26 @@ A basic configuration with some custom settings could look like this: services.gitlab = { - enable = true; - databasePasswordFile = "/var/keys/gitlab/db_password"; - initialRootPasswordFile = "/var/keys/gitlab/root_password"; - https = true; - host = "git.example.com"; - port = 443; - user = "git"; - group = "git"; + enable = true; + databasePasswordFile = "/var/keys/gitlab/db_password"; + initialRootPasswordFile = "/var/keys/gitlab/root_password"; + https = true; + host = "git.example.com"; + port = 443; + user = "git"; + group = "git"; smtp = { - enable = true; - address = "localhost"; - port = 25; + enable = true; + address = "localhost"; + port = 25; }; secrets = { - dbFile = "/var/keys/gitlab/db"; - secretFile = "/var/keys/gitlab/secret"; - otpFile = "/var/keys/gitlab/otp"; - jwsFile = "/var/keys/gitlab/jws"; + dbFile = "/var/keys/gitlab/db"; + secretFile = "/var/keys/gitlab/secret"; + otpFile = "/var/keys/gitlab/otp"; + jwsFile = "/var/keys/gitlab/jws"; }; - extraConfig = { + extraConfig = { gitlab = { email_from = "gitlab-no-reply@example.com"; email_display_name = "Example GitLab"; diff --git a/nixos/modules/services/misc/sourcehut/sourcehut.xml b/nixos/modules/services/misc/sourcehut/sourcehut.xml index 41094f65a94..a769ded524c 100644 --- a/nixos/modules/services/misc/sourcehut/sourcehut.xml +++ b/nixos/modules/services/misc/sourcehut/sourcehut.xml @@ -15,11 +15,11 @@ Sourcehut is a Python and Go based set of applications. This NixOS module also provides basic configuration integrating Sourcehut into locally running - services.nginx, - services.redis.servers.sourcehut, - services.postfix + services.nginx, + services.redis.servers.sourcehut, + services.postfix and - services.postgresql services. + services.postgresql services. @@ -34,21 +34,21 @@ let in { networking = { - hostName = "srht"; - domain = "tld"; - firewall.allowedTCPPorts = [ 22 80 443 ]; + hostName = "srht"; + domain = "tld"; + firewall.allowedTCPPorts = [ 22 80 443 ]; }; services.sourcehut = { - enable = true; - git.enable = true; - man.enable = true; - meta.enable = true; - nginx.enable = true; - postfix.enable = true; - postgresql.enable = true; - redis.enable = true; - settings = { + enable = true; + git.enable = true; + man.enable = true; + meta.enable = true; + nginx.enable = true; + postfix.enable = true; + postgresql.enable = true; + redis.enable = true; + settings = { "sr.ht" = { environment = "production"; global-domain = fqdn; @@ -61,26 +61,26 @@ in { }; }; - security.acme.certs."${fqdn}".extraDomainNames = [ + security.acme.certs."${fqdn}".extraDomainNames = [ "meta.${fqdn}" "man.${fqdn}" "git.${fqdn}" ]; services.nginx = { - enable = true; + enable = true; # only recommendedProxySettings are strictly required, but the rest make sense as well. - recommendedTlsSettings = true; - recommendedOptimisation = true; - recommendedGzipSettings = true; - recommendedProxySettings = true; + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + recommendedProxySettings = true; # Settings to setup what certificates are used for which endpoint. - virtualHosts = { - "${fqdn}".enableACME = true; - "meta.${fqdn}".useACMEHost = fqdn: - "man.${fqdn}".useACMEHost = fqdn: - "git.${fqdn}".useACMEHost = fqdn: + virtualHosts = { + "${fqdn}".enableACME = true; + "meta.${fqdn}".useACMEHost = fqdn: + "man.${fqdn}".useACMEHost = fqdn: + "git.${fqdn}".useACMEHost = fqdn: }; }; } diff --git a/nixos/modules/services/misc/taskserver/doc.xml b/nixos/modules/services/misc/taskserver/doc.xml index f6ead7c3785..e3f778f3159 100644 --- a/nixos/modules/services/misc/taskserver/doc.xml +++ b/nixos/modules/services/misc/taskserver/doc.xml @@ -91,10 +91,10 @@ For example, let's say you have the following configuration: { - = true; - = "server"; - = "::"; - services.taskserver.organisations.my-company.users = [ "alice" ]; + services.taskserver.enable = true; + services.taskserver.fqdn = "server"; + services.taskserver.listenHost = "::"; + services.taskserver.organisations.my-company.users = [ "alice" ]; } This creates an organisation called my-company with the diff --git a/nixos/modules/services/misc/weechat.xml b/nixos/modules/services/misc/weechat.xml index 7255edfb9da..b17f9a871ff 100644 --- a/nixos/modules/services/misc/weechat.xml +++ b/nixos/modules/services/misc/weechat.xml @@ -25,7 +25,7 @@ { ... }: { - services.weechat.enable = true; + services.weechat.enable = true; } @@ -46,7 +46,7 @@ support: { - programs.screen.screenrc = '' + programs.screen.screenrc = '' multiuser on acladd normal_user ''; diff --git a/nixos/modules/services/networking/prosody.xml b/nixos/modules/services/networking/prosody.xml index 6358d744ff7..e8f27d10e8c 100644 --- a/nixos/modules/services/networking/prosody.xml +++ b/nixos/modules/services/networking/prosody.xml @@ -38,21 +38,21 @@ endpoint will look like this: services.prosody = { - enable = true; - admins = [ "root@example.org" ]; - ssl.cert = "/var/lib/acme/example.org/fullchain.pem"; - ssl.key = "/var/lib/acme/example.org/key.pem"; - virtualHosts."example.org" = { - enabled = true; - domain = "example.org"; - ssl.cert = "/var/lib/acme/example.org/fullchain.pem"; - ssl.key = "/var/lib/acme/example.org/key.pem"; + enable = true; + admins = [ "root@example.org" ]; + ssl.cert = "/var/lib/acme/example.org/fullchain.pem"; + ssl.key = "/var/lib/acme/example.org/key.pem"; + virtualHosts."example.org" = { + enabled = true; + domain = "example.org"; + ssl.cert = "/var/lib/acme/example.org/fullchain.pem"; + ssl.key = "/var/lib/acme/example.org/key.pem"; }; - muc = [ { - domain = "conference.example.org"; + muc = [ { + domain = "conference.example.org"; } ]; - uploadHttp = { - domain = "upload.example.org"; + uploadHttp = { + domain = "upload.example.org"; }; }; @@ -72,13 +72,13 @@ services.prosody = { a TLS certificate for the three endponits: security.acme = { - email = "root@example.org"; - acceptTerms = true; - certs = { + email = "root@example.org"; + acceptTerms = true; + certs = { "example.org" = { - webroot = "/var/www/example.org"; - email = "root@example.org"; - extraDomainNames = [ "conference.example.org" "upload.example.org" ]; + webroot = "/var/www/example.org"; + email = "root@example.org"; + extraDomainNames = [ "conference.example.org" "upload.example.org" ]; }; }; }; diff --git a/nixos/modules/services/web-apps/discourse.xml b/nixos/modules/services/web-apps/discourse.xml index ad9b65abf51..d9dc28fa5e4 100644 --- a/nixos/modules/services/web-apps/discourse.xml +++ b/nixos/modules/services/web-apps/discourse.xml @@ -15,18 +15,18 @@ A minimal configuration using Let's Encrypt for TLS certificates looks like this: services.discourse = { - enable = true; - hostname = "discourse.example.com"; + enable = true; + hostname = "discourse.example.com"; admin = { - email = "admin@example.com"; - username = "admin"; - fullName = "Administrator"; - passwordFile = "/path/to/password_file"; + email = "admin@example.com"; + username = "admin"; + fullName = "Administrator"; + passwordFile = "/path/to/password_file"; }; - secretKeyBaseFile = "/path/to/secret_key_base_file"; + secretKeyBaseFile = "/path/to/secret_key_base_file"; }; -security.acme.email = "me@example.com"; -security.acme.acceptTerms = true; +security.acme.email = "me@example.com"; +security.acme.acceptTerms = true; @@ -48,17 +48,17 @@ services.discourse = { services.discourse = { - enable = true; - hostname = "discourse.example.com"; - sslCertificate = "/path/to/ssl_certificate"; - sslCertificateKey = "/path/to/ssl_certificate_key"; + enable = true; + hostname = "discourse.example.com"; + sslCertificate = "/path/to/ssl_certificate"; + sslCertificateKey = "/path/to/ssl_certificate_key"; admin = { - email = "admin@example.com"; - username = "admin"; - fullName = "Administrator"; - passwordFile = "/path/to/password_file"; + email = "admin@example.com"; + username = "admin"; + fullName = "Administrator"; + passwordFile = "/path/to/password_file"; }; - secretKeyBaseFile = "/path/to/secret_key_base_file"; + secretKeyBaseFile = "/path/to/secret_key_base_file"; }; @@ -108,24 +108,24 @@ services.discourse = { services.discourse = { - enable = true; - hostname = "discourse.example.com"; - sslCertificate = "/path/to/ssl_certificate"; - sslCertificateKey = "/path/to/ssl_certificate_key"; + enable = true; + hostname = "discourse.example.com"; + sslCertificate = "/path/to/ssl_certificate"; + sslCertificateKey = "/path/to/ssl_certificate_key"; admin = { - email = "admin@example.com"; - username = "admin"; - fullName = "Administrator"; - passwordFile = "/path/to/password_file"; + email = "admin@example.com"; + username = "admin"; + fullName = "Administrator"; + passwordFile = "/path/to/password_file"; }; mail.outgoing = { - serverAddress = "smtp.emailprovider.com"; - port = 587; - username = "user@emailprovider.com"; - passwordFile = "/path/to/smtp_password_file"; + serverAddress = "smtp.emailprovider.com"; + port = 587; + username = "user@emailprovider.com"; + passwordFile = "/path/to/smtp_password_file"; }; - mail.incoming.enable = true; - secretKeyBaseFile = "/path/to/secret_key_base_file"; + mail.incoming.enable = true; + secretKeyBaseFile = "/path/to/secret_key_base_file"; }; @@ -210,24 +210,24 @@ services.discourse = { and changes a few request limits in the backend settings: services.discourse = { - enable = true; - hostname = "discourse.example.com"; - sslCertificate = "/path/to/ssl_certificate"; - sslCertificateKey = "/path/to/ssl_certificate_key"; + enable = true; + hostname = "discourse.example.com"; + sslCertificate = "/path/to/ssl_certificate"; + sslCertificateKey = "/path/to/ssl_certificate_key"; admin = { - email = "admin@example.com"; - username = "admin"; - fullName = "Administrator"; - passwordFile = "/path/to/password_file"; + email = "admin@example.com"; + username = "admin"; + fullName = "Administrator"; + passwordFile = "/path/to/password_file"; }; mail.outgoing = { - serverAddress = "smtp.emailprovider.com"; - port = 587; - username = "user@emailprovider.com"; - passwordFile = "/path/to/smtp_password_file"; + serverAddress = "smtp.emailprovider.com"; + port = 587; + username = "user@emailprovider.com"; + passwordFile = "/path/to/smtp_password_file"; }; - mail.incoming.enable = true; - siteSettings = { + mail.incoming.enable = true; + siteSettings = { required = { title = "My Cats"; site_description = "Discuss My Cats (and be nice plz)"; @@ -238,13 +238,13 @@ services.discourse = { github_client_secret._secret = /run/keys/discourse_github_client_secret; }; }; - backendSettings = { + backendSettings = { max_reqs_per_ip_per_minute = 300; max_reqs_per_ip_per_10_seconds = 60; max_asset_reqs_per_ip_per_10_seconds = 250; max_reqs_per_ip_mode = "warn+block"; }; - secretKeyBaseFile = "/path/to/secret_key_base_file"; + secretKeyBaseFile = "/path/to/secret_key_base_file"; }; @@ -320,33 +320,33 @@ services.discourse = { services.discourse = { - enable = true; - hostname = "discourse.example.com"; - sslCertificate = "/path/to/ssl_certificate"; - sslCertificateKey = "/path/to/ssl_certificate_key"; + enable = true; + hostname = "discourse.example.com"; + sslCertificate = "/path/to/ssl_certificate"; + sslCertificateKey = "/path/to/ssl_certificate_key"; admin = { - email = "admin@example.com"; - username = "admin"; - fullName = "Administrator"; - passwordFile = "/path/to/password_file"; + email = "admin@example.com"; + username = "admin"; + fullName = "Administrator"; + passwordFile = "/path/to/password_file"; }; mail.outgoing = { - serverAddress = "smtp.emailprovider.com"; - port = 587; - username = "user@emailprovider.com"; - passwordFile = "/path/to/smtp_password_file"; + serverAddress = "smtp.emailprovider.com"; + port = 587; + username = "user@emailprovider.com"; + passwordFile = "/path/to/smtp_password_file"; }; - mail.incoming.enable = true; - plugins = with config.services.discourse.package.plugins; [ + mail.incoming.enable = true; + plugins = with config.services.discourse.package.plugins; [ discourse-spoiler-alert discourse-solved ]; - siteSettings = { + siteSettings = { plugins = { spoiler_enabled = false; }; }; - secretKeyBaseFile = "/path/to/secret_key_base_file"; + secretKeyBaseFile = "/path/to/secret_key_base_file"; }; diff --git a/nixos/modules/services/web-apps/grocy.xml b/nixos/modules/services/web-apps/grocy.xml index fdf6d00f4b1..46a49fe601e 100644 --- a/nixos/modules/services/web-apps/grocy.xml +++ b/nixos/modules/services/web-apps/grocy.xml @@ -17,8 +17,8 @@ { pkgs, ... }: { services.grocy = { - enable = true; - hostName = "grocy.tld"; + enable = true; + hostName = "grocy.tld"; }; } This configures a simple vhost using nginx @@ -45,19 +45,19 @@ # The default currency in the system for invoices etc. # Please note that exchange rates aren't taken into account, this # is just the setting for what's shown in the frontend. - currency = "EUR"; + currency = "EUR"; # The display language (and locale configuration) for grocy. - culture = "de"; + culture = "de"; calendar = { # Whether or not to show the week-numbers # in the calendar. - showWeekNumber = true; + showWeekNumber = true; # Index of the first day to be shown in the calendar (0=Sunday, 1=Monday, # 2=Tuesday and so on). - firstDayOfWeek = 2; + firstDayOfWeek = 2; }; }; } diff --git a/nixos/modules/services/web-apps/jitsi-meet.xml b/nixos/modules/services/web-apps/jitsi-meet.xml index ff44c724adf..8909ac5b0d3 100644 --- a/nixos/modules/services/web-apps/jitsi-meet.xml +++ b/nixos/modules/services/web-apps/jitsi-meet.xml @@ -15,13 +15,13 @@ A minimal configuration using Let's Encrypt for TLS certificates looks like this: { services.jitsi-meet = { - enable = true; - hostName = "jitsi.example.com"; + enable = true; + hostName = "jitsi.example.com"; }; - services.jitsi-videobridge.openFirewall = true; - networking.firewall.allowedTCPPorts = [ 80 443 ]; - security.acme.email = "me@example.com"; - security.acme.acceptTerms = true; + services.jitsi-videobridge.openFirewall = true; + networking.firewall.allowedTCPPorts = [ 80 443 ]; + security.acme.email = "me@example.com"; + security.acme.acceptTerms = true; } @@ -32,22 +32,22 @@ Here is the minimal configuration with additional configurations: { services.jitsi-meet = { - enable = true; - hostName = "jitsi.example.com"; - config = { + enable = true; + hostName = "jitsi.example.com"; + config = { enableWelcomePage = false; prejoinPageEnabled = true; defaultLang = "fi"; }; - interfaceConfig = { + interfaceConfig = { SHOW_JITSI_WATERMARK = false; SHOW_WATERMARK_FOR_GUESTS = false; }; }; - services.jitsi-videobridge.openFirewall = true; - networking.firewall.allowedTCPPorts = [ 80 443 ]; - security.acme.email = "me@example.com"; - security.acme.acceptTerms = true; + services.jitsi-videobridge.openFirewall = true; + networking.firewall.allowedTCPPorts = [ 80 443 ]; + security.acme.email = "me@example.com"; + security.acme.acceptTerms = true; } diff --git a/nixos/modules/services/web-apps/keycloak.xml b/nixos/modules/services/web-apps/keycloak.xml index 861756e33ac..cf9de043cf7 100644 --- a/nixos/modules/services/web-apps/keycloak.xml +++ b/nixos/modules/services/web-apps/keycloak.xml @@ -185,15 +185,15 @@ A basic configuration with some custom settings could look like this: services.keycloak = { - enable = true; + enable = true; settings = { - hostname = "keycloak.example.com"; - hostname-strict-backchannel = true; + hostname = "keycloak.example.com"; + hostname-strict-backchannel = true; }; - initialAdminPassword = "e6Wcm0RrtegMEHl"; # change on first login - sslCertificate = "/run/keys/ssl_cert"; - sslCertificateKey = "/run/keys/ssl_key"; - database.passwordFile = "/run/keys/db_password"; + initialAdminPassword = "e6Wcm0RrtegMEHl"; # change on first login + sslCertificate = "/run/keys/ssl_cert"; + sslCertificateKey = "/run/keys/ssl_key"; + database.passwordFile = "/run/keys/db_password"; }; diff --git a/nixos/modules/services/web-apps/nextcloud.xml b/nixos/modules/services/web-apps/nextcloud.xml index 4207c4008d5..533f34f7fcc 100644 --- a/nixos/modules/services/web-apps/nextcloud.xml +++ b/nixos/modules/services/web-apps/nextcloud.xml @@ -31,22 +31,22 @@ { pkgs, ... }: { services.nextcloud = { - enable = true; - hostName = "nextcloud.tld"; + enable = true; + hostName = "nextcloud.tld"; config = { - dbtype = "pgsql"; - dbuser = "nextcloud"; - dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself - dbname = "nextcloud"; - adminpassFile = "/path/to/admin-pass-file"; - adminuser = "root"; + dbtype = "pgsql"; + dbuser = "nextcloud"; + dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself + dbname = "nextcloud"; + adminpassFile = "/path/to/admin-pass-file"; + adminuser = "root"; }; }; services.postgresql = { - enable = true; - ensureDatabases = [ "nextcloud" ]; - ensureUsers = [ + enable = true; + ensureDatabases = [ "nextcloud" ]; + ensureUsers = [ { name = "nextcloud"; ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES"; } @@ -59,7 +59,7 @@ after = ["postgresql.service"]; }; - networking.firewall.allowedTCPPorts = [ 80 443 ]; + networking.firewall.allowedTCPPorts = [ 80 443 ]; } @@ -199,24 +199,24 @@ An exemplary configuration may look like this: { config, lib, pkgs, ... }: { - services.nginx.enable = false; + services.nginx.enable = false; services.nextcloud = { - enable = true; - hostName = "localhost"; + enable = true; + hostName = "localhost"; /* further, required options */ }; - services.phpfpm.pools.nextcloud.settings = { + services.phpfpm.pools.nextcloud.settings = { "listen.owner" = config.services.httpd.user; "listen.group" = config.services.httpd.group; }; services.httpd = { - enable = true; - adminAddr = "webmaster@localhost"; - extraModules = [ "proxy_fcgi" ]; + enable = true; + adminAddr = "webmaster@localhost"; + extraModules = [ "proxy_fcgi" ]; virtualHosts."localhost" = { - documentRoot = config.services.nextcloud.package; - extraConfig = '' + documentRoot = config.services.nextcloud.package; + extraConfig = '' <Directory "${config.services.nextcloud.package}"> <FilesMatch "\.php$"> <If "-f %{REQUEST_FILENAME}"> diff --git a/nixos/modules/services/web-apps/plausible.xml b/nixos/modules/services/web-apps/plausible.xml index 92a571b9fbd..7824768f549 100644 --- a/nixos/modules/services/web-apps/plausible.xml +++ b/nixos/modules/services/web-apps/plausible.xml @@ -18,15 +18,15 @@ After that, plausible can be deployed like this: { services.plausible = { - enable = true; + enable = true; adminUser = { - activate = true; - email = "admin@localhost"; - passwordFile = "/run/secrets/plausible-admin-pwd"; + activate = true; + email = "admin@localhost"; + passwordFile = "/run/secrets/plausible-admin-pwd"; }; server = { - baseUrl = "http://analytics.example.org"; - secretKeybaseFile = "/run/secrets/plausible-secret-key-base"; + baseUrl = "http://analytics.example.org"; + secretKeybaseFile = "/run/secrets/plausible-secret-key-base"; }; }; } diff --git a/nixos/modules/services/x11/desktop-managers/gnome.xml b/nixos/modules/services/x11/desktop-managers/gnome.xml index 807c9d64e20..1b3a270c17e 100644 --- a/nixos/modules/services/x11/desktop-managers/gnome.xml +++ b/nixos/modules/services/x11/desktop-managers/gnome.xml @@ -18,8 +18,8 @@ - = true; - = true; +services.xserver.desktopManager.gnome.enable = true; +services.xserver.displayManager.gdm.enable = true; @@ -40,7 +40,7 @@ - = false; +services.gnome.core-utilities.enable = false; @@ -61,8 +61,8 @@ - = false; - = false; +services.gnome.tracker-miners.enable = false; +services.gnome.tracker.enable = false; @@ -78,7 +78,7 @@ - = true; +services.gnome.games.enable = true; @@ -90,7 +90,7 @@ - = true; +services.gnome.core-developer-tools.enable = true; @@ -103,7 +103,7 @@ - = true; +services.xserver.desktopManager.gnome.flashback.enableMetacity = true; @@ -115,7 +115,7 @@ - = [ +services.xserver.desktopManager.gnome.flashback.customSessions = [ { wmName = "xmonad"; wmLabel = "XMonad"; @@ -162,7 +162,7 @@ - = [ +environment.systemPackages = [ gnomeExtensions.dash-to-dock gnomeExtensions.gsconnect gnomeExtensions.mpris-indicator-button @@ -211,7 +211,7 @@ services.xserver.desktopManager.gnome = { - extraGSettingsOverrides = '' + extraGSettingsOverrides = '' # Change default background [org.gnome.desktop.background] picture-uri='file://${pkgs.nixos-artwork.wallpapers.mosaic-blue.gnomeFilePath}' @@ -221,7 +221,7 @@ services.xserver.desktopManager.gnome = { favorite-apps=['org.gnome.Photos.desktop', 'org.gnome.Nautilus.desktop'] ''; - extraGSettingsOverridePackages = [ + extraGSettingsOverridePackages = [ pkgs.gsettings-desktop-schemas # for org.gnome.desktop pkgs.gnome.gnome-shell # for org.gnome.shell ]; diff --git a/nixos/modules/services/x11/desktop-managers/pantheon.xml b/nixos/modules/services/x11/desktop-managers/pantheon.xml index 6226f8f6a27..a0784c2f2e1 100644 --- a/nixos/modules/services/x11/desktop-managers/pantheon.xml +++ b/nixos/modules/services/x11/desktop-managers/pantheon.xml @@ -11,16 +11,16 @@ All of Pantheon is working in NixOS and the applications should be available, aside from a few exceptions. To enable Pantheon, set - = true; +services.xserver.desktopManager.pantheon.enable = true; This automatically enables LightDM and Pantheon's LightDM greeter. If you'd like to disable this, set - = false; - = false; +services.xserver.displayManager.lightdm.greeters.pantheon.enable = false; +services.xserver.displayManager.lightdm.enable = false; but please be aware using Pantheon without LightDM as a display manager will break screenlocking from the UI. The NixOS module for Pantheon installs all of Pantheon's default applications. If you'd like to not install Pantheon's apps, set - = false; +services.pantheon.apps.enable = false; You can also use to remove any other app (like elementary-mail). From 6930425922a51d353b1a52ea1140ecc03528bca3 Mon Sep 17 00:00:00 2001 From: pennae Date: Mon, 2 Jan 2023 23:10:12 +0100 Subject: [PATCH 022/155] nixos/manual: normalize -> MD can only do the latter, so change them all over now to keeps diffs reviewable. this also includes -> where options are referenced since the reference will implicitly add an inner literal tag. --- nixos/modules/programs/zsh/oh-my-zsh.xml | 4 ++-- nixos/modules/security/acme/doc.xml | 12 ++++++------ nixos/modules/services/misc/weechat.xml | 4 ++-- nixos/modules/services/web-apps/matomo-doc.xml | 2 +- nixos/modules/services/web-apps/nextcloud.xml | 14 +++++++------- 5 files changed, 18 insertions(+), 18 deletions(-) diff --git a/nixos/modules/programs/zsh/oh-my-zsh.xml b/nixos/modules/programs/zsh/oh-my-zsh.xml index 14a7228ad9b..9917dd022b9 100644 --- a/nixos/modules/programs/zsh/oh-my-zsh.xml +++ b/nixos/modules/programs/zsh/oh-my-zsh.xml @@ -5,7 +5,7 @@ xml:id="module-programs-zsh-ohmyzsh"> Oh my ZSH - oh-my-zsh is a + oh-my-zsh is a framework to manage your ZSH configuration including completion scripts for several CLI tools or custom prompt themes. @@ -113,7 +113,7 @@ Completion scripts are supposed to be stored at $out/share/zsh/site-functions. This directory is part of the - fpath + fpath and the package should be compatible with pure ZSH setups. The module will automatically link the contents of site-functions to completions directory in the proper diff --git a/nixos/modules/security/acme/doc.xml b/nixos/modules/security/acme/doc.xml index 4c02eae45f9..0905fefd623 100644 --- a/nixos/modules/security/acme/doc.xml +++ b/nixos/modules/security/acme/doc.xml @@ -22,7 +22,7 @@ To use the ACME module, you must accept the provider's terms of service - by setting + by setting to true. The Let's Encrypt ToS can be found here. @@ -30,18 +30,18 @@ You must also set an email address to be used when creating accounts with Let's Encrypt. You can set this for all certs with - + and/or on a per-cert basis with - . + . This address is only used for registration and renewal reminders, and cannot be used to administer the certificates in any way. Alternatively, you can use a different ACME server by changing the - option + option to a provider of your choosing, or just change the server for one cert with - . + . @@ -280,7 +280,7 @@ systemd.services.dns-rfc2136-conf = { It is possible to use DNS-01 validation with all certificates, including those automatically configured via the Nginx/Apache - enableACME + enableACME option. This configuration pattern is fully supported and part of the module's test suite for Nginx + Apache. diff --git a/nixos/modules/services/misc/weechat.xml b/nixos/modules/services/misc/weechat.xml index b17f9a871ff..ceabd67060c 100644 --- a/nixos/modules/services/misc/weechat.xml +++ b/nixos/modules/services/misc/weechat.xml @@ -13,9 +13,9 @@ By default, the module creates a - systemd + systemd unit which runs the chat client in a detached - screen + screen session. diff --git a/nixos/modules/services/web-apps/matomo-doc.xml b/nixos/modules/services/web-apps/matomo-doc.xml index 69d1170e452..78cd6dd4d43 100644 --- a/nixos/modules/services/web-apps/matomo-doc.xml +++ b/nixos/modules/services/web-apps/matomo-doc.xml @@ -99,7 +99,7 @@ GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost'; You can use other web servers by forwarding calls for index.php and piwik.php to the - services.phpfpm.pools.<name>.socket fastcgi unix socket. You can use + services.phpfpm.pools.<name>.socket fastcgi unix socket. You can use the nginx configuration in the module code as a reference to what else should be configured. diff --git a/nixos/modules/services/web-apps/nextcloud.xml b/nixos/modules/services/web-apps/nextcloud.xml index 533f34f7fcc..02d7595ff17 100644 --- a/nixos/modules/services/web-apps/nextcloud.xml +++ b/nixos/modules/services/web-apps/nextcloud.xml @@ -19,11 +19,11 @@ Nextcloud is a PHP-based application which requires an HTTP server - (services.nextcloud + (services.nextcloud optionally supports - services.nginx) + services.nginx) and a database (it's recommended to use - services.postgresql). + services.postgresql). @@ -65,7 +65,7 @@ The hostName option is used internally to configure an HTTP - server using PHP-FPM + server using PHP-FPM and nginx. The config attribute set is used by the imperative installer and all values are written to an additional file to ensure that changes can be applied by changing the module's options. @@ -73,14 +73,14 @@ In case the application serves multiple domains (those are checked with - $_SERVER['HTTP_HOST']) + $_SERVER['HTTP_HOST']) it's needed to add them to - services.nextcloud.config.extraTrustedDomains. + services.nextcloud.config.extraTrustedDomains. Auto updates for Nextcloud apps can be enabled using - services.nextcloud.autoUpdateApps. + services.nextcloud.autoUpdateApps. From 0715ecf936a642ec6e019333114c8ff2d92360d0 Mon Sep 17 00:00:00 2001 From: pennae Date: Wed, 4 Jan 2023 00:45:35 +0100 Subject: [PATCH 023/155] nixos/manual: normalize makes sure that program listing tags are separated from their contents by exactly a newline character. this makes the markdown translation easier to verify (since no new newlines need to be inserted), and there's no rendering difference anyway. --- nixos/modules/services/backup/borgbackup.xml | 22 +++++++++++++------ .../services/development/blackfire.xml | 6 +++-- nixos/modules/services/editors/emacs.xml | 8 +++++-- nixos/modules/services/mail/mailman.xml | 12 ++++++---- nixos/modules/services/matrix/synapse.xml | 4 +++- nixos/modules/services/networking/prosody.xml | 6 +++-- nixos/modules/services/web-apps/grocy.xml | 18 ++++++++++----- .../modules/services/web-apps/jitsi-meet.xml | 12 ++++++---- nixos/modules/services/web-apps/nextcloud.xml | 18 ++++++++++----- nixos/modules/services/web-apps/plausible.xml | 6 +++-- .../services/web-servers/garage-doc.xml | 6 +++-- 11 files changed, 80 insertions(+), 38 deletions(-) diff --git a/nixos/modules/services/backup/borgbackup.xml b/nixos/modules/services/backup/borgbackup.xml index f38064f8677..5d7ff21587f 100644 --- a/nixos/modules/services/backup/borgbackup.xml +++ b/nixos/modules/services/backup/borgbackup.xml @@ -53,7 +53,8 @@ }; } }; -} +} + @@ -86,7 +87,8 @@ ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID78zmOyA+5uPG4Ot0hfAy+sLDPU1L4AiIoRYEIVbbQ/ path = "/var/lib/my_borg_repo" ; }; }; -} +} + @@ -115,7 +117,8 @@ ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID78zmOyA+5uPG4Ot0hfAy+sLDPU1L4AiIoRYEIVbbQ/ startAt = "hourly"; }; }; -}; +}; + The following few commands (run as root) let you test your backup. @@ -127,7 +130,8 @@ ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID78zmOyA+5uPG4Ot0hfAy+sLDPU1L4AiIoRYEIVbbQ/ > export BORG_PASSPHRASE=topSecrect > borg list --rsh='ssh -i /run/keys/id_ed25519_my_borg_repo' borg@nixos:. nixos-backupToLocalServer-2020-03-30T21:46:17 Mon, 2020-03-30 21:46:19 [84feb97710954931ca384182f5f3cb90665f35cef214760abd7350fb064786ac] -nixos-backupToLocalServer-2020-03-30T21:46:30 Mon, 2020-03-30 21:46:32 [e77321694ecd160ca2228611747c6ad1be177d6e0d894538898de7a2621b6e68] +nixos-backupToLocalServer-2020-03-30T21:46:30 Mon, 2020-03-30 21:46:32 [e77321694ecd160ca2228611747c6ad1be177d6e0d894538898de7a2621b6e68] + @@ -148,7 +152,9 @@ nixos-backupToLocalServer-2020-03-30T21:46:30 Mon, 2020-03-30 21:46:32 [e7732169 Generate a SSH key without a password, to access the remote server. E.g. - sudo ssh-keygen -N '' -t ed25519 -f /run/keys/id_ed25519_borgbase + +sudo ssh-keygen -N '' -t ed25519 -f /run/keys/id_ed25519_borgbase + @@ -163,7 +169,8 @@ nixos-backupToLocalServer-2020-03-30T21:46:30 Mon, 2020-03-30 21:46:32 [e7732169 sudo borg init --encryption=repokey-blake2 \ -rsh "ssh -i /run/keys/id_ed25519_borgbase" \ - zzz2aaaaa@zzz2aaaaa.repo.borgbase.com:repo + zzz2aaaaa@zzz2aaaaa.repo.borgbase.com:repo + @@ -184,7 +191,8 @@ sudo borg init --encryption=repokey-blake2 \ startAt = "daily"; }; }; -}} +}} + diff --git a/nixos/modules/services/development/blackfire.xml b/nixos/modules/services/development/blackfire.xml index cecd249dda4..1df6441f66f 100644 --- a/nixos/modules/services/development/blackfire.xml +++ b/nixos/modules/services/development/blackfire.xml @@ -13,7 +13,8 @@ To use it, you will need to enable the agent and the probe on your server. The exact method will depend on the way you use PHP but here is an example of NixOS configuration for PHP-FPM: -let + +let php = pkgs.php.withExtensions ({ enabled, all }: enabled ++ (with all; [ blackfire ])); @@ -38,7 +39,8 @@ in { # (WantedBy= from the upstream unit not respected: https://github.com/NixOS/nixpkgs/issues/81138) # Alternately, you can start it manually with `systemctl start blackfire-agent`. systemd.services.blackfire-agent.wantedBy = [ "phpfpm-foo.service" ]; -} +} + On your developer machine, you will also want to install the client (see blackfire package) or the browser extension to actually trigger the profiling. diff --git a/nixos/modules/services/editors/emacs.xml b/nixos/modules/services/editors/emacs.xml index dfadf27d41d..176766fdf41 100644 --- a/nixos/modules/services/editors/emacs.xml +++ b/nixos/modules/services/editors/emacs.xml @@ -446,7 +446,9 @@ emacsclient --create-frame --tty # opens a new frame on the current terminal If you have formed certain bad habits when editing files, these can be corrected with a shell alias to the wrapper script: -alias vi=$EDITOR + +alias vi=$EDITOR + @@ -467,7 +469,9 @@ services.emacs.install = true; To enable the systemd user service for just the currently logged in user, run: -systemctl --user enable emacs + +systemctl --user enable emacs + This will add the symlink ~/.config/systemd/user/emacs.service. diff --git a/nixos/modules/services/mail/mailman.xml b/nixos/modules/services/mail/mailman.xml index 9510cbe82c5..c1ad5d1a285 100644 --- a/nixos/modules/services/mail/mailman.xml +++ b/nixos/modules/services/mail/mailman.xml @@ -16,7 +16,8 @@ Basic usage with Postfix For a basic configuration with Postfix as the MTA, the following settings are suggested: - { config, ... }: { + +{ config, ... }: { services.postfix = { enable = true; relayDomains = ["hash:/var/lib/mailman/data/postfix_domains"]; @@ -36,7 +37,8 @@ }; services.nginx.virtualHosts."lists.example.org".enableACME = true; networking.firewall.allowedTCPPorts = [ 25 80 443 ]; -} +} + DNS records will also be required: @@ -60,7 +62,8 @@ Using with other MTAs Mailman also supports other MTA, though with a little bit more configuration. For example, to use Mailman with Exim, you can use the following settings: - { config, ... }: { + +{ config, ... }: { services = { mailman = { enable = true; @@ -82,7 +85,8 @@ config = builtins.readFile ./exim.conf; }; }; -} +} + The exim config needs some special additions to work with Mailman. Currently diff --git a/nixos/modules/services/matrix/synapse.xml b/nixos/modules/services/matrix/synapse.xml index f834e54f3c8..43ec42b3e74 100644 --- a/nixos/modules/services/matrix/synapse.xml +++ b/nixos/modules/services/matrix/synapse.xml @@ -185,7 +185,9 @@ Success! Create a file with the following contents: -registration_shared_secret: your-very-secret-secret + +registration_shared_secret: your-very-secret-secret + diff --git a/nixos/modules/services/networking/prosody.xml b/nixos/modules/services/networking/prosody.xml index e8f27d10e8c..89b0377d97d 100644 --- a/nixos/modules/services/networking/prosody.xml +++ b/nixos/modules/services/networking/prosody.xml @@ -54,7 +54,8 @@ services.prosody = { uploadHttp = { domain = "upload.example.org"; }; -}; +}; +
@@ -81,7 +82,8 @@ security.acme = { extraDomainNames = [ "conference.example.org" "upload.example.org" ]; }; }; -}; +}; +
diff --git a/nixos/modules/services/web-apps/grocy.xml b/nixos/modules/services/web-apps/grocy.xml index 46a49fe601e..dc56f63f5de 100644 --- a/nixos/modules/services/web-apps/grocy.xml +++ b/nixos/modules/services/web-apps/grocy.xml @@ -14,13 +14,15 @@ Basic usage A very basic configuration may look like this: -{ pkgs, ... }: + +{ pkgs, ... }: { services.grocy = { enable = true; hostName = "grocy.tld"; }; -} +} + This configures a simple vhost using nginx which listens to grocy.tld with fully configured ACME/LE (this can be disabled by setting services.grocy.nginx.enableSSL @@ -39,7 +41,8 @@ The configuration for grocy is located at /etc/grocy/config.php. By default, the following settings can be defined in the NixOS-configuration: -{ pkgs, ... }: + +{ pkgs, ... }: { services.grocy.settings = { # The default currency in the system for invoices etc. @@ -60,17 +63,20 @@ firstDayOfWeek = 2; }; }; -} +} + If you want to alter the configuration file on your own, you can do this manually with an expression like this: -{ lib, ... }: + +{ lib, ... }: { environment.etc."grocy/config.php".text = lib.mkAfter '' // Arbitrary PHP code in grocy's configuration file ''; -} +} + diff --git a/nixos/modules/services/web-apps/jitsi-meet.xml b/nixos/modules/services/web-apps/jitsi-meet.xml index 8909ac5b0d3..796105732c2 100644 --- a/nixos/modules/services/web-apps/jitsi-meet.xml +++ b/nixos/modules/services/web-apps/jitsi-meet.xml @@ -13,7 +13,8 @@ Basic usage A minimal configuration using Let's Encrypt for TLS certificates looks like this: -{ + +{ services.jitsi-meet = { enable = true; hostName = "jitsi.example.com"; @@ -22,7 +23,8 @@ networking.firewall.allowedTCPPorts = [ 80 443 ]; security.acme.email = "me@example.com"; security.acme.acceptTerms = true; -} +} + @@ -30,7 +32,8 @@ Configuration Here is the minimal configuration with additional configurations: -{ + +{ services.jitsi-meet = { enable = true; hostName = "jitsi.example.com"; @@ -48,7 +51,8 @@ networking.firewall.allowedTCPPorts = [ 80 443 ]; security.acme.email = "me@example.com"; security.acme.acceptTerms = true; -} +} + diff --git a/nixos/modules/services/web-apps/nextcloud.xml b/nixos/modules/services/web-apps/nextcloud.xml index 02d7595ff17..8f75d2f7c5a 100644 --- a/nixos/modules/services/web-apps/nextcloud.xml +++ b/nixos/modules/services/web-apps/nextcloud.xml @@ -28,7 +28,8 @@ A very basic configuration may look like this: -{ pkgs, ... }: + +{ pkgs, ... }: { services.nextcloud = { enable = true; @@ -60,7 +61,8 @@ }; networking.firewall.allowedTCPPorts = [ 80 443 ]; -} +} + @@ -198,7 +200,8 @@ An exemplary configuration may look like this: -{ config, lib, pkgs, ... }: { + +{ config, lib, pkgs, ... }: { services.nginx.enable = false; services.nextcloud = { enable = true; @@ -238,7 +241,8 @@ ''; }; }; -} +} + @@ -286,14 +290,16 @@ in NixOS for a safe upgrade-path before removing those. In that case we should keep those packages, but mark them as insecure in an expression like this (in <nixpkgs/pkgs/servers/nextcloud/default.nix>): -/* ... */ + +/* ... */ { nextcloud17 = generic { version = "17.0.x"; sha256 = "0000000000000000000000000000000000000000000000000000"; eol = true; }; -} +} + diff --git a/nixos/modules/services/web-apps/plausible.xml b/nixos/modules/services/web-apps/plausible.xml index 7824768f549..4d162c3c956 100644 --- a/nixos/modules/services/web-apps/plausible.xml +++ b/nixos/modules/services/web-apps/plausible.xml @@ -16,7 +16,8 @@ After that, plausible can be deployed like this: -{ + +{ services.plausible = { enable = true; adminUser = { @@ -29,7 +30,8 @@ secretKeybaseFile = "/run/secrets/plausible-secret-key-base"; }; }; -} +} + diff --git a/nixos/modules/services/web-servers/garage-doc.xml b/nixos/modules/services/web-servers/garage-doc.xml index 16f6fde94b5..452b431a2cc 100644 --- a/nixos/modules/services/web-servers/garage-doc.xml +++ b/nixos/modules/services/web-servers/garage-doc.xml @@ -119,14 +119,16 @@ in NixOS for a safe upgrade-path before removing those. In that case we shold keep those packages, but mark them as insecure in an expression like this (in <nixpkgs/pkgs/tools/filesystem/garage/default.nix>): -/* ... */ + +/* ... */ { garage_0_7_3 = generic { version = "0.7.3"; sha256 = "0000000000000000000000000000000000000000000000000000"; eol = true; }; -} +} + From d60f02b75353fd3a3c0537d04b9e0cd50a5ffb4c Mon Sep 17 00:00:00 2001 From: pennae Date: Wed, 4 Jan 2023 00:51:47 +0100 Subject: [PATCH 024/155] nixos/manual: normalize -> markdown can only translate to , so normalize to that or to other more appropriate tags. --- nixos/modules/services/backup/borgbackup.xml | 2 +- nixos/modules/services/matrix/synapse.xml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/nixos/modules/services/backup/borgbackup.xml b/nixos/modules/services/backup/borgbackup.xml index 5d7ff21587f..770a06b3783 100644 --- a/nixos/modules/services/backup/borgbackup.xml +++ b/nixos/modules/services/backup/borgbackup.xml @@ -97,7 +97,7 @@ ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID78zmOyA+5uPG4Ot0hfAy+sLDPU1L4AiIoRYEIVbbQ/ The following NixOS snippet creates an hourly backup to the service (on the host nixos) as created in the section above. We assume that you have stored a secret passphrasse in the file - /run/keys/borgbackup_passphrase, which should be only + /run/keys/borgbackup_passphrase, which should be only accessible by root diff --git a/nixos/modules/services/matrix/synapse.xml b/nixos/modules/services/matrix/synapse.xml index 43ec42b3e74..f25ef3b0ea1 100644 --- a/nixos/modules/services/matrix/synapse.xml +++ b/nixos/modules/services/matrix/synapse.xml @@ -233,8 +233,8 @@ registration_shared_secret: your-very-secret-secret Element introductory blog post for more information. The following snippet can be optionally added to the code before to complete the synapse installation with a web client served at - https://element.myhostname.example.org and - https://element.example.org. Alternatively, you can use the hosted + https://element.myhostname.example.org and + https://element.example.org. Alternatively, you can use the hosted copy at https://app.element.io/, or use other web clients or native client applications. Due to the /.well-known urls set up done above, many clients should From 22144ba269f0dc9e7babe3d3720bfb5cc5330755 Mon Sep 17 00:00:00 2001 From: pennae Date: Wed, 4 Jan 2023 00:52:22 +0100 Subject: [PATCH 025/155] nixos/manual: normalize -> markdown can only do , so normalize to that. without auto-linking to a package index the distinction is not very useful anyway. --- nixos/modules/services/backup/borgbackup.xml | 2 +- nixos/modules/services/databases/postgresql.xml | 2 +- nixos/modules/services/development/blackfire.xml | 2 +- nixos/modules/services/matrix/mjolnir.xml | 2 +- nixos/modules/services/matrix/synapse.xml | 4 ++-- nixos/modules/services/misc/sourcehut/sourcehut.xml | 8 ++++---- nixos/modules/services/web-apps/grocy.xml | 2 +- nixos/modules/services/web-apps/nextcloud.xml | 8 ++++---- nixos/modules/services/web-apps/plausible.xml | 2 +- nixos/modules/services/web-servers/garage-doc.xml | 2 +- nixos/modules/services/x11/desktop-managers/pantheon.xml | 2 +- 11 files changed, 18 insertions(+), 18 deletions(-) diff --git a/nixos/modules/services/backup/borgbackup.xml b/nixos/modules/services/backup/borgbackup.xml index 770a06b3783..370e80de217 100644 --- a/nixos/modules/services/backup/borgbackup.xml +++ b/nixos/modules/services/backup/borgbackup.xml @@ -205,7 +205,7 @@ sudo borg init --encryption=repokey-blake2 \ disk failure, ransomware and theft. - It can be installed in NixOS e.g. by adding pkgs.vorta + It can be installed in NixOS e.g. by adding pkgs.vorta to . diff --git a/nixos/modules/services/databases/postgresql.xml b/nixos/modules/services/databases/postgresql.xml index fc91e0dc4c0..6199684f1a3 100644 --- a/nixos/modules/services/databases/postgresql.xml +++ b/nixos/modules/services/databases/postgresql.xml @@ -54,7 +54,7 @@ services.postgresql.dataDir = "/data/postgresql"; - The steps below demonstrate how to upgrade from an older version to pkgs.postgresql_13. + The steps below demonstrate how to upgrade from an older version to pkgs.postgresql_13. These instructions are also applicable to other versions. diff --git a/nixos/modules/services/development/blackfire.xml b/nixos/modules/services/development/blackfire.xml index 1df6441f66f..3e8253d29ec 100644 --- a/nixos/modules/services/development/blackfire.xml +++ b/nixos/modules/services/development/blackfire.xml @@ -43,6 +43,6 @@ in { - On your developer machine, you will also want to install the client (see blackfire package) or the browser extension to actually trigger the profiling. + On your developer machine, you will also want to install the client (see blackfire package) or the browser extension to actually trigger the profiling. diff --git a/nixos/modules/services/matrix/mjolnir.xml b/nixos/modules/services/matrix/mjolnir.xml index 4e0f14a3c0b..34b5d4df1d2 100644 --- a/nixos/modules/services/matrix/mjolnir.xml +++ b/nixos/modules/services/matrix/mjolnir.xml @@ -97,7 +97,7 @@ uses across an entire homeserver. - To use the Antispam Module, add matrix-synapse-plugins.matrix-synapse-mjolnir-antispam + To use the Antispam Module, add matrix-synapse-plugins.matrix-synapse-mjolnir-antispam to the Synapse plugin list and enable the mjolnir.Module module. diff --git a/nixos/modules/services/matrix/synapse.xml b/nixos/modules/services/matrix/synapse.xml index f25ef3b0ea1..35ec03250b7 100644 --- a/nixos/modules/services/matrix/synapse.xml +++ b/nixos/modules/services/matrix/synapse.xml @@ -122,7 +122,7 @@ in { This section is not needed if the server_name - of matrix-synapse is equal to the domain (i.e. + of matrix-synapse is equal to the domain (i.e. example.org from @foo:example.org) and the federation port is 8448. Further reference can be found in the docs @@ -196,7 +196,7 @@ registration_shared_secret: your-very-secret-secret from nixops1 or sops-nix to e.g. /run/secrets/matrix-shared-secret and ensure that it's readable - by matrix-synapse. + by matrix-synapse. diff --git a/nixos/modules/services/misc/sourcehut/sourcehut.xml b/nixos/modules/services/misc/sourcehut/sourcehut.xml index a769ded524c..5f9cc75bc9f 100644 --- a/nixos/modules/services/misc/sourcehut/sourcehut.xml +++ b/nixos/modules/services/misc/sourcehut/sourcehut.xml @@ -53,7 +53,7 @@ in { environment = "production"; global-domain = fqdn; origin = "https://${fqdn}"; - # Produce keys with srht-keygen from sourcehut.coresrht. + # Produce keys with srht-keygen from sourcehut.coresrht. network-key = "/run/keys/path/to/network-key"; service-key = "/run/keys/path/to/service-key"; }; @@ -109,9 +109,9 @@ in {
Using an alternative webserver as reverse-proxy (e.g. <literal>httpd</literal>) - By default, nginx is used as reverse-proxy for sourcehut. - However, it's possible to use e.g. httpd by explicitly disabling - nginx using and fixing the + By default, nginx is used as reverse-proxy for sourcehut. + However, it's possible to use e.g. httpd by explicitly disabling + nginx using and fixing the settings.
diff --git a/nixos/modules/services/web-apps/grocy.xml b/nixos/modules/services/web-apps/grocy.xml index dc56f63f5de..025c08721c6 100644 --- a/nixos/modules/services/web-apps/grocy.xml +++ b/nixos/modules/services/web-apps/grocy.xml @@ -31,7 +31,7 @@ The application's state is persisted at /var/lib/grocy/grocy.db in a - sqlite3 database. The migration is applied when requesting the /-route + sqlite3 database. The migration is applied when requesting the /-route of the application. diff --git a/nixos/modules/services/web-apps/nextcloud.xml b/nixos/modules/services/web-apps/nextcloud.xml index 8f75d2f7c5a..434df8f0d34 100644 --- a/nixos/modules/services/web-apps/nextcloud.xml +++ b/nixos/modules/services/web-apps/nextcloud.xml @@ -11,7 +11,7 @@ desktop client is packaged at pkgs.nextcloud-client. - The current default by NixOS is nextcloud25 which is also the latest + The current default by NixOS is nextcloud25 which is also the latest major version available.
@@ -192,9 +192,9 @@
Using an alternative webserver as reverse-proxy (e.g. <literal>httpd</literal>) - By default, nginx is used as reverse-proxy for nextcloud. - However, it's possible to use e.g. httpd by explicitly disabling - nginx using and fixing the + By default, nginx is used as reverse-proxy for nextcloud. + However, it's possible to use e.g. httpd by explicitly disabling + nginx using and fixing the settings listen.owner & listen.group in the corresponding phpfpm pool. diff --git a/nixos/modules/services/web-apps/plausible.xml b/nixos/modules/services/web-apps/plausible.xml index 4d162c3c956..929d4db2291 100644 --- a/nixos/modules/services/web-apps/plausible.xml +++ b/nixos/modules/services/web-apps/plausible.xml @@ -15,7 +15,7 @@ $ openssl rand -base64 64 - After that, plausible can be deployed like this: + After that, plausible can be deployed like this: { services.plausible = { diff --git a/nixos/modules/services/web-servers/garage-doc.xml b/nixos/modules/services/web-servers/garage-doc.xml index 452b431a2cc..5d013034690 100644 --- a/nixos/modules/services/web-servers/garage-doc.xml +++ b/nixos/modules/services/web-servers/garage-doc.xml @@ -13,7 +13,7 @@ the global environment as garage-manage. - The current default by NixOS is garage_0_8 which is also the latest + The current default by NixOS is garage_0_8 which is also the latest major version available.
diff --git a/nixos/modules/services/x11/desktop-managers/pantheon.xml b/nixos/modules/services/x11/desktop-managers/pantheon.xml index a0784c2f2e1..1ad5bfad578 100644 --- a/nixos/modules/services/x11/desktop-managers/pantheon.xml +++ b/nixos/modules/services/x11/desktop-managers/pantheon.xml @@ -22,7 +22,7 @@ services.xserver.displayManager.lightdm.enable = false; services.pantheon.apps.enable = false; - You can also use to remove any other app (like elementary-mail). + You can also use to remove any other app (like elementary-mail).
From 90c61bc706d2ac06cdb2309df8388f0698264624 Mon Sep 17 00:00:00 2001 From: pennae Date: Wed, 4 Jan 2023 01:01:59 +0100 Subject: [PATCH 026/155] nixos/manual: normalize as with program listings, the leading/trailing newlines do not affect rendering but make markdown translation easier. --- nixos/modules/services/backup/borgbackup.xml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/nixos/modules/services/backup/borgbackup.xml b/nixos/modules/services/backup/borgbackup.xml index 370e80de217..5051289882b 100644 --- a/nixos/modules/services/backup/borgbackup.xml +++ b/nixos/modules/services/backup/borgbackup.xml @@ -73,7 +73,8 @@ # sudo ssh-keygen -N '' -t ed25519 -f /run/keys/id_ed25519_my_borg_repo # cat /run/keys/id_ed25519_my_borg_repo -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID78zmOyA+5uPG4Ot0hfAy+sLDPU1L4AiIoRYEIVbbQ/ root@nixos +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID78zmOyA+5uPG4Ot0hfAy+sLDPU1L4AiIoRYEIVbbQ/ root@nixos + Add the following snippet to your NixOS configuration: From 6aa4c2f9fc622487fe3078c841555811e8db2e37 Mon Sep 17 00:00:00 2001 From: pennae Date: Wed, 4 Jan 2023 01:25:57 +0100 Subject: [PATCH 027/155] nixos/manual: normalize -> they're emphasized, so we can't just throw them out. --- nixos/modules/services/development/blackfire.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/services/development/blackfire.xml b/nixos/modules/services/development/blackfire.xml index 3e8253d29ec..182ff6dafde 100644 --- a/nixos/modules/services/development/blackfire.xml +++ b/nixos/modules/services/development/blackfire.xml @@ -9,7 +9,7 @@ - Blackfire is a proprietary tool for profiling applications. There are several languages supported by the product but currently only PHP support is packaged in Nixpkgs. The back-end consists of a module that is loaded into the language runtime (called probe) and a service (agent) that the probe connects to and that sends the profiles to the server. + Blackfire is a proprietary tool for profiling applications. There are several languages supported by the product but currently only PHP support is packaged in Nixpkgs. The back-end consists of a module that is loaded into the language runtime (called probe) and a service (agent) that the probe connects to and that sends the profiles to the server. To use it, you will need to enable the agent and the probe on your server. The exact method will depend on the way you use PHP but here is an example of NixOS configuration for PHP-FPM: From 21c0c631bc78aac892634f539d07db95897119f7 Mon Sep 17 00:00:00 2001 From: pennae Date: Wed, 4 Jan 2023 01:36:16 +0100 Subject: [PATCH 028/155] nixos/manual: normalize -> use instead since markdown will have them as inline code blocks. --- nixos/modules/services/editors/emacs.xml | 8 ++++---- nixos/modules/services/web-apps/discourse.xml | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/nixos/modules/services/editors/emacs.xml b/nixos/modules/services/editors/emacs.xml index 176766fdf41..e60dfe3b72f 100644 --- a/nixos/modules/services/editors/emacs.xml +++ b/nixos/modules/services/editors/emacs.xml @@ -124,8 +124,8 @@ Under NixOS, you can continue to use - package-list-packages and - package-install to install packages. You can also + package-list-packages and + package-install to install packages. You can also declare the set of Emacs packages you need using the derivations from Nixpkgs. The rest of this section discusses declarative installation of Emacs packages through nixpkgs. @@ -383,7 +383,7 @@ services.emacs.package = import /home/cassou/.emacs.d { pkgs = pkgs; }; The services.emacs.package option allows a custom derivation to be used, for example, one created by - emacsWithPackages. + emacsWithPackages. @@ -523,7 +523,7 @@ systemctl --user enable emacs Accessing man pages - You can use woman to get completion of all available + You can use woman to get completion of all available man pages. For example, type M-x woman <RET> nixos-rebuild <RET>. diff --git a/nixos/modules/services/web-apps/discourse.xml b/nixos/modules/services/web-apps/discourse.xml index d9dc28fa5e4..d9c0d369699 100644 --- a/nixos/modules/services/web-apps/discourse.xml +++ b/nixos/modules/services/web-apps/discourse.xml @@ -293,7 +293,7 @@ services.discourse = { Much of the packaging can be done automatically by the nixpkgs/pkgs/servers/web-apps/discourse/update.py script - just add the plugin to the plugins - list in the update_plugins function and run + list in the update_plugins function and run the script: ./update.py update-plugins From d6fb4b0738d24558b9ee81239cda39d753591a5d Mon Sep 17 00:00:00 2001 From: pennae Date: Wed, 4 Jan 2023 04:01:06 +0100 Subject: [PATCH 029/155] nixos/manual: replace with quotes pandoc will turn them back into elements once we turn smart quotes on (which we will not do at the start to keep diffs small). --- nixos/modules/services/misc/taskserver/doc.xml | 2 +- nixos/modules/services/web-apps/discourse.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/modules/services/misc/taskserver/doc.xml b/nixos/modules/services/misc/taskserver/doc.xml index e3f778f3159..84046748a53 100644 --- a/nixos/modules/services/misc/taskserver/doc.xml +++ b/nixos/modules/services/misc/taskserver/doc.xml @@ -19,7 +19,7 @@ Taskserver does all of its authentication via TLS using client certificates, so you either need to roll your own CA or purchase a certificate from a known CA, which allows creation of client certificates. These certificates - are usually advertised as server certificates. + are usually advertised as "server certificates". diff --git a/nixos/modules/services/web-apps/discourse.xml b/nixos/modules/services/web-apps/discourse.xml index d9c0d369699..0fe550b89c1 100644 --- a/nixos/modules/services/web-apps/discourse.xml +++ b/nixos/modules/services/web-apps/discourse.xml @@ -167,7 +167,7 @@ services.discourse = {
Site settings - Site settings are the settings that can be + "Site settings" are the settings that can be changed through the Discourse UI. Their default values can be set using . From 25ec23b9aa34a7f387a7bc0ff7c9a87e9742f606 Mon Sep 17 00:00:00 2001 From: pennae Date: Tue, 3 Jan 2023 01:56:20 +0100 Subject: [PATCH 030/155] nixos/manual: strip un-MD-able tags productname, application, acronym, guilabel, and guibutton were so far not rendered specially and can go away completely. replaceable does render differently, but since it was only used twice and in places where the intent should be clear without the extra markup it can go as well. --- nixos/modules/services/editors/emacs.xml | 18 +++++++++--------- nixos/modules/services/matrix/synapse.xml | 4 ++-- nixos/modules/services/web-apps/discourse.xml | 18 +++++++++--------- nixos/modules/services/web-apps/keycloak.xml | 14 +++++++------- .../services/x11/desktop-managers/pantheon.xml | 2 +- 5 files changed, 28 insertions(+), 28 deletions(-) diff --git a/nixos/modules/services/editors/emacs.xml b/nixos/modules/services/editors/emacs.xml index e60dfe3b72f..7f2ad3eb447 100644 --- a/nixos/modules/services/editors/emacs.xml +++ b/nixos/modules/services/editors/emacs.xml @@ -20,20 +20,20 @@ Emacs runs within a graphical desktop environment using the X Window System, but works equally well on a text terminal. Under - macOS, a "Mac port" edition is available, which + macOS, a "Mac port" edition is available, which uses Apple's native GUI frameworks. - Nixpkgs provides a superior environment for - running Emacs. It's simple to create custom builds + Nixpkgs provides a superior environment for + running Emacs. It's simple to create custom builds by overriding the default packages. Chaotic collections of Emacs Lisp code and extensions can be brought under control using declarative package - management. NixOS even provides a + management. NixOS even provides a systemd user service for automatically starting the Emacs daemon.
- Installing <application>Emacs</application> + Installing Emacs Emacs can be installed in the normal way for Nix (see @@ -45,7 +45,7 @@ The Different Releases of Emacs - Nixpkgs defines several basic Emacs packages. + Nixpkgs defines several basic Emacs packages. The following are attributes belonging to the pkgs set: @@ -115,8 +115,8 @@ (package.el) from Emacs Lisp Package Archive - (ELPA), - MELPA, + (ELPA), + MELPA, MELPA Stable, and Org ELPA. Nixpkgs is regularly updated to mirror all these archives. @@ -357,7 +357,7 @@ in [...] Running Emacs as a Service - NixOS provides an optional + NixOS provides an optional systemd service which launches Emacs daemon with the user's login session. diff --git a/nixos/modules/services/matrix/synapse.xml b/nixos/modules/services/matrix/synapse.xml index 35ec03250b7..4d0db9c5a5b 100644 --- a/nixos/modules/services/matrix/synapse.xml +++ b/nixos/modules/services/matrix/synapse.xml @@ -167,8 +167,8 @@ in { and have rebuilt NixOS: $ nix-shell -p matrix-synapse -$ register_new_matrix_user -k your-registration-shared-secret http://localhost:8008 -New user localpart: your-username +$ register_new_matrix_user -k your-registration-shared-secret http://localhost:8008 +New user localpart: your-username Password: Confirm password: Make admin [no]: diff --git a/nixos/modules/services/web-apps/discourse.xml b/nixos/modules/services/web-apps/discourse.xml index 0fe550b89c1..628881a9a1c 100644 --- a/nixos/modules/services/web-apps/discourse.xml +++ b/nixos/modules/services/web-apps/discourse.xml @@ -68,8 +68,8 @@ services.discourse = {
Database access - Discourse uses - PostgreSQL to store most of its + Discourse uses + PostgreSQL to store most of its data. A database will automatically be enabled and a database and role created unless is changed from @@ -94,9 +94,9 @@ services.discourse = { Email In addition to the basic setup, you'll want to configure an SMTP - server Discourse can use to send user + server Discourse can use to send user registration and password reset emails, among others. You can - also optionally let Discourse receive + also optionally let Discourse receive email, which enables people to reply to threads and conversations via email. @@ -159,7 +159,7 @@ services.discourse = { Additional settings Additional site settings and backend settings, for which no - explicit NixOS options are provided, + explicit NixOS options are provided, can be set in and respectively. @@ -168,7 +168,7 @@ services.discourse = { Site settings "Site settings" are the settings that can be - changed through the Discourse + changed through the Discourse UI. Their default values can be set using . @@ -205,8 +205,8 @@ services.discourse = { Example The following example sets the title and description of the - Discourse instance and enables - GitHub login in the site settings, + Discourse instance and enables + GitHub login in the site settings, and changes a few request limits in the backend settings: services.discourse = { @@ -260,7 +260,7 @@ services.discourse = {
Plugins - You can install Discourse plugins + You can install Discourse plugins using the option. Pre-packaged plugins are provided in <your_discourse_package_here>.plugins. If diff --git a/nixos/modules/services/web-apps/keycloak.xml b/nixos/modules/services/web-apps/keycloak.xml index cf9de043cf7..0d95ee3575a 100644 --- a/nixos/modules/services/web-apps/keycloak.xml +++ b/nixos/modules/services/web-apps/keycloak.xml @@ -29,7 +29,7 @@ Refer to the Keycloak Server Administration Guide for information on - how to administer your Keycloak + how to administer your Keycloak instance.
@@ -37,10 +37,10 @@
Database access - Keycloak can be used with either - PostgreSQL, - MariaDB or - MySQL. Which one is used can be + Keycloak can be used with either + PostgreSQL, + MariaDB or + MySQL. Which one is used can be configured in . The selected database will automatically be enabled and a database and role @@ -103,7 +103,7 @@ determines whether Keycloak should force all requests to go through the frontend URL. By default, - Keycloak allows backend requests to + Keycloak allows backend requests to instead use its local hostname or IP address and may also advertise it to clients through its OpenID Connect Discovery endpoint. @@ -120,7 +120,7 @@
Setting up TLS/SSL - By default, Keycloak won't accept + By default, Keycloak won't accept unsecured HTTP connections originating from outside its local network. diff --git a/nixos/modules/services/x11/desktop-managers/pantheon.xml b/nixos/modules/services/x11/desktop-managers/pantheon.xml index 1ad5bfad578..72ce0edbef5 100644 --- a/nixos/modules/services/x11/desktop-managers/pantheon.xml +++ b/nixos/modules/services/x11/desktop-managers/pantheon.xml @@ -85,7 +85,7 @@ switchboard-with-plugs.override { - Open Switchboard and go to: AdministrationAboutRestore Default SettingsRestore Settings. This will reset any dconf settings to their Pantheon defaults. Note this could reset certain GNOME specific preferences if that desktop was used prior. + Open Switchboard and go to: Administration → About → Restore Default Settings → Restore Settings. This will reset any dconf settings to their Pantheon defaults. Note this could reset certain GNOME specific preferences if that desktop was used prior. From 90b4cb8ed2240b62d56e866816bf439e943a1e3e Mon Sep 17 00:00:00 2001 From: pennae Date: Tue, 3 Jan 2023 02:39:29 +0100 Subject: [PATCH 031/155] nixos/manual: replace most examples with anchors markdown doesn't really have examples as a first-class construct. we'll keep all examples that are referenced around for now, but all unreferenced examples turn into invisible anchors. (turning them into fourth-level headings in their files, as would be necessary for emacs, removes them from the TOC anyway.) --- nixos/modules/services/editors/emacs.xml | 24 ++++++------------------ 1 file changed, 6 insertions(+), 18 deletions(-) diff --git a/nixos/modules/services/editors/emacs.xml b/nixos/modules/services/editors/emacs.xml index 7f2ad3eb447..d0e781e6786 100644 --- a/nixos/modules/services/editors/emacs.xml +++ b/nixos/modules/services/editors/emacs.xml @@ -251,15 +251,13 @@ in The list of available packages in the various ELPA repositories can be seen with the following commands: - - Querying Emacs packages + " -qaP -A emacs.pkgs.elpaPackages nix-env -f "" -qaP -A emacs.pkgs.melpaPackages nix-env -f "" -qaP -A emacs.pkgs.melpaStablePackages nix-env -f "" -qaP -A emacs.pkgs.orgPackages ]]> - @@ -267,8 +265,7 @@ nix-env -f "" -qaP -A emacs.pkgs.orgPackages adding it to the list of system packages (see ). Simply modify your file configuration.nix to make it contain: - - Custom Emacs in <filename>configuration.nix</filename> + " -qaP -A emacs.pkgs.orgPackages ]; } ]]> - @@ -296,8 +292,7 @@ https://nixos.org/nixpkgs/manual/#sec-modify-via-packageOverrides ~/.config/nixpkgs/config.nix (see Nixpkgs manual): - - Custom Emacs in <filename>~/.config/nixpkgs/config.nix</filename> + - @@ -327,8 +321,7 @@ https://nixos.org/nixpkgs/manual/#sec-modify-via-packageOverrides emacs.nix in this way: - - Custom Emacs build + {} }: let @@ -345,7 +338,6 @@ let }); in [...] ]]> - After building this file as shown in , you @@ -483,8 +475,7 @@ systemctl --user enable emacs The Emacs init file should be changed to load the extension packages at startup: - - Package initialization in <filename>.emacs</filename> + - @@ -556,8 +546,7 @@ systemctl --user enable emacs Then customize the variable rng-schema-locating-files to include ~/.emacs.d/schemas.xml and put the following text into that file: - - nXML Schema Configuration (<filename>~/.emacs.d/schemas.xml</filename>) + ]]> -
From 14cc405a6902bfb929c370e2039f62ba74f4400a Mon Sep 17 00:00:00 2001 From: pennae Date: Wed, 4 Jan 2023 02:29:10 +0100 Subject: [PATCH 032/155] nixos/manual: inline callout lists we only have three uses at the moment, all of them in code blocks where they could just as well (or maybe better) be comments. markdown can't do callouts without another pandoc filter, so we'll turn them into comments instead. synapse would've benefited from inline links, but referencing an external numbered list as plain text (instead of clickable links, like callout lists had) seems even worse than putting urls into comments as plain text. --- nixos/modules/services/editors/emacs.xml | 82 ++++++------------ nixos/modules/services/matrix/synapse.xml | 83 ++++++------------- nixos/modules/services/web-apps/plausible.xml | 26 ++---- 3 files changed, 62 insertions(+), 129 deletions(-) diff --git a/nixos/modules/services/editors/emacs.xml b/nixos/modules/services/editors/emacs.xml index d0e781e6786..7b847f1f798 100644 --- a/nixos/modules/services/editors/emacs.xml +++ b/nixos/modules/services/editors/emacs.xml @@ -152,74 +152,46 @@ To run the newly compiled executable: $ ./result/bin/emacs */ -{ pkgs ? import <nixpkgs> {} }: + +# The first non-comment line in this file indicates that +# the whole file represents a function. +{ pkgs ? import <nixpkgs> {} }: let - myEmacs = pkgs.emacs; - emacsWithPackages = (pkgs.emacsPackagesFor myEmacs).emacsWithPackages; + # The let expression below defines a myEmacs binding pointing to the + # current stable version of Emacs. This binding is here to separate + # the choice of the Emacs binary from the specification of the + # required packages. + myEmacs = pkgs.emacs; + # This generates an emacsWithPackages function. It takes a single + # argument: a function from a package set to a list of packages + # (the packages that will be available in Emacs). + emacsWithPackages = (pkgs.emacsPackagesFor myEmacs).emacsWithPackages; in - emacsWithPackages (epkgs: (with epkgs.melpaStablePackages; [ + # The rest of the file specifies the list of packages to install. In the + # example, two packages (magit and zerodark-theme) are taken from + # MELPA stable. + emacsWithPackages (epkgs: (with epkgs.melpaStablePackages; [ magit # ; Integrate git <C-x g> zerodark-theme # ; Nicolas' theme - ]) ++ (with epkgs.melpaPackages; [ + ]) + # Two packages (undo-tree and zoom-frm) are taken from MELPA. + ++ (with epkgs.melpaPackages; [ undo-tree # ; <C-x u> to show the undo tree zoom-frm # ; increase/decrease font size for all buffers %lt;C-x C-+> - ]) ++ (with epkgs.elpaPackages; [ + ]) + # Three packages are taken from GNU ELPA. + ++ (with epkgs.elpaPackages; [ auctex # ; LaTeX mode beacon # ; highlight my cursor when scrolling nameless # ; hide current package name everywhere in elisp code - ]) ++ [ - pkgs.notmuch # From main packages set + ]) + # notmuch is taken from a nixpkgs derivation which contains an Emacs mode. + ++ [ + pkgs.notmuch # From main packages set ]) - - - - The first non-comment line in this file ({ pkgs ? ... - }) indicates that the whole file represents a function. - - - - - The let expression below defines a - myEmacs binding pointing to the current stable - version of Emacs. This binding is here to separate the choice of the - Emacs binary from the specification of the required packages. - - - - - This generates an emacsWithPackages function. It - takes a single argument: a function from a package set to a list of - packages (the packages that will be available in Emacs). - - - - - The rest of the file specifies the list of packages to install. In the - example, two packages (magit and - zerodark-theme) are taken from MELPA stable. - - - - - Two packages (undo-tree and - zoom-frm) are taken from MELPA. - - - - - Three packages are taken from GNU ELPA. - - - - - notmuch is taken from a nixpkgs derivation which - contains an Emacs mode. - - - diff --git a/nixos/modules/services/matrix/synapse.xml b/nixos/modules/services/matrix/synapse.xml index 4d0db9c5a5b..b4abe2901fe 100644 --- a/nixos/modules/services/matrix/synapse.xml +++ b/nixos/modules/services/matrix/synapse.xml @@ -67,20 +67,41 @@ in { recommendedGzipSettings = true; recommendedProxySettings = true; virtualHosts = { - "${config.networking.domain}" = { + # If the A and AAAA DNS records on example.org do not point on the same host as the + # records for myhostname.example.org, you can easily move the /.well-known + # virtualHost section of the code to the host that is serving example.org, while + # the rest stays on myhostname.example.org with no other changes required. + # This pattern also allows to seamlessly move the homeserver from + # myhostname.example.org to myotherhost.example.org by only changing the + # /.well-known redirection target. + "${config.networking.domain}" = { enableACME = true; forceSSL = true; - locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; - locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; + # This section is not needed if the server_name of matrix-synapse is equal to + # the domain (i.e. example.org from @foo:example.org) and the federation port + # is 8448. + # Further reference can be found in the docs about delegation under + # https://matrix-org.github.io/synapse/latest/delegate.html + locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; + # This is usually needed for homeserver discovery (from e.g. other Matrix clients). + # Further reference can be found in the upstream docs at + # https://spec.matrix.org/latest/client-server-api/#getwell-knownmatrixclient + locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; }; "${fqdn}" = { enableACME = true; forceSSL = true; - locations."/".extraConfig = '' + # It's also possible to do a redirect here or something else, this vhost is not + # needed for Matrix. It's recommended though to *not put* element + # here, see also the section about Element. + locations."/".extraConfig = '' return 404; ''; - locations."/_matrix".proxyPass = "http://[::1]:8008"; - locations."/_synapse/client".proxyPass = "http://[::1]:8008"; + # Forward all Matrix API calls to the synapse Matrix homeserver. A trailing slash + # *must not* be used here. + locations."/_matrix".proxyPass = "http://[::1]:8008"; + # Forward requests for e.g. SSO and password-resets. + locations."/_synapse/client".proxyPass = "http://[::1]:8008"; }; }; }; @@ -104,56 +125,6 @@ in { } - - - - If the A and AAAA DNS records on - example.org do not point on the same host as the records - for myhostname.example.org, you can easily move the - /.well-known virtualHost section of the code to the host that - is serving example.org, while the rest stays on - myhostname.example.org with no other changes required. - This pattern also allows to seamlessly move the homeserver from - myhostname.example.org to - myotherhost.example.org by only changing the - /.well-known redirection target. - - - - - This section is not needed if the server_name - of matrix-synapse is equal to the domain (i.e. - example.org from @foo:example.org) - and the federation port is 8448. - Further reference can be found in the docs - about delegation. - - - - - This is usually needed for homeserver discovery (from e.g. other Matrix clients). - Further reference can be found in the upstream docs - - - - - It's also possible to do a redirect here or something else, this vhost is not - needed for Matrix. It's recommended though to not put element - here, see also the section about Element. - - - - - Forward all Matrix API calls to the synapse Matrix homeserver. A trailing slash - must not be used here. - - - - - Forward requests for e.g. SSO and password-resets. - - -
Registering Matrix users diff --git a/nixos/modules/services/web-apps/plausible.xml b/nixos/modules/services/web-apps/plausible.xml index 929d4db2291..9546ae4e558 100644 --- a/nixos/modules/services/web-apps/plausible.xml +++ b/nixos/modules/services/web-apps/plausible.xml @@ -21,33 +21,23 @@ services.plausible = { enable = true; adminUser = { - activate = true; + # activate is used to skip the email verification of the admin-user that's + # automatically created by plausible. This is only supported if + # postgresql is configured by the module. This is done by default, but + # can be turned off with services.plausible.database.postgres.setup. + activate = true; email = "admin@localhost"; passwordFile = "/run/secrets/plausible-admin-pwd"; }; server = { baseUrl = "http://analytics.example.org"; - secretKeybaseFile = "/run/secrets/plausible-secret-key-base"; + # secretKeybaseFile is a path to the file which contains the secret generated + # with openssl as described above. + secretKeybaseFile = "/run/secrets/plausible-secret-key-base"; }; }; } - - - - activate is used to skip the email verification of the admin-user that's - automatically created by plausible. This is only supported if - postgresql is configured by the module. This is done by default, but - can be turned off with . - - - - - secretKeybaseFile is a path to the file which contains the secret generated - with openssl as described above. - - -
From 3395f41bd133a0b21a9b2e29cb62d865871cc86c Mon Sep 17 00:00:00 2001 From: pennae Date: Mon, 2 Jan 2023 21:28:53 +0100 Subject: [PATCH 033/155] nixos/input-method: convert manual chapter to MD --- nixos/modules/i18n/input-method/default.md | 158 +++++++ nixos/modules/i18n/input-method/default.nix | 2 + nixos/modules/i18n/input-method/default.xml | 488 ++++++++++---------- 3 files changed, 395 insertions(+), 253 deletions(-) create mode 100644 nixos/modules/i18n/input-method/default.md diff --git a/nixos/modules/i18n/input-method/default.md b/nixos/modules/i18n/input-method/default.md new file mode 100644 index 00000000000..05ae12065c3 --- /dev/null +++ b/nixos/modules/i18n/input-method/default.md @@ -0,0 +1,158 @@ +# Input Methods {#module-services-input-methods} + +Input methods are an operating system component that allows any data, such as +keyboard strokes or mouse movements, to be received as input. In this way +users can enter characters and symbols not found on their input devices. +Using an input method is obligatory for any language that has more graphemes +than there are keys on the keyboard. + +The following input methods are available in NixOS: + + - IBus: The intelligent input bus. + - Fcitx: A customizable lightweight input method. + - Nabi: A Korean input method based on XIM. + - Uim: The universal input method, is a library with a XIM bridge. + - Hime: An extremely easy-to-use input method framework. + - Kime: Korean IME + +## IBus {#module-services-input-methods-ibus} + +IBus is an Intelligent Input Bus. It provides full featured and user +friendly input method user interface. + +The following snippet can be used to configure IBus: + +``` +i18n.inputMethod = { + enabled = "ibus"; + ibus.engines = with pkgs.ibus-engines; [ anthy hangul mozc ]; +}; +``` + +`i18n.inputMethod.ibus.engines` is optional and can be used +to add extra IBus engines. + +Available extra IBus engines are: + + - Anthy (`ibus-engines.anthy`): Anthy is a system for + Japanese input method. It converts Hiragana text to Kana Kanji mixed text. + - Hangul (`ibus-engines.hangul`): Korean input method. + - m17n (`ibus-engines.m17n`): m17n is an input method that + uses input methods and corresponding icons in the m17n database. + - mozc (`ibus-engines.mozc`): A Japanese input method from + Google. + - Table (`ibus-engines.table`): An input method that load + tables of input methods. + - table-others (`ibus-engines.table-others`): Various + table-based input methods. To use this, and any other table-based input + methods, it must appear in the list of engines along with + `table`. For example: + + ``` + ibus.engines = with pkgs.ibus-engines; [ table table-others ]; + ``` + +To use any input method, the package must be added in the configuration, as +shown above, and also (after running `nixos-rebuild`) the +input method must be added from IBus' preference dialog. + +### Troubleshooting {#module-services-input-methods-troubleshooting} + +If IBus works in some applications but not others, a likely cause of this +is that IBus is depending on a different version of `glib` +to what the applications are depending on. This can be checked by running +`nix-store -q --requisites | grep glib`, +where `` is the path of either IBus or an +application in the Nix store. The `glib` packages must +match exactly. If they do not, uninstalling and reinstalling the +application is a likely fix. + +## Fcitx {#module-services-input-methods-fcitx} + +Fcitx is an input method framework with extension support. It has three +built-in Input Method Engine, Pinyin, QuWei and Table-based input methods. + +The following snippet can be used to configure Fcitx: + +``` +i18n.inputMethod = { + enabled = "fcitx"; + fcitx.engines = with pkgs.fcitx-engines; [ mozc hangul m17n ]; +}; +``` + +`i18n.inputMethod.fcitx.engines` is optional and can be +used to add extra Fcitx engines. + +Available extra Fcitx engines are: + + - Anthy (`fcitx-engines.anthy`): Anthy is a system for + Japanese input method. It converts Hiragana text to Kana Kanji mixed text. + - Chewing (`fcitx-engines.chewing`): Chewing is an + intelligent Zhuyin input method. It is one of the most popular input + methods among Traditional Chinese Unix users. + - Hangul (`fcitx-engines.hangul`): Korean input method. + - Unikey (`fcitx-engines.unikey`): Vietnamese input method. + - m17n (`fcitx-engines.m17n`): m17n is an input method that + uses input methods and corresponding icons in the m17n database. + - mozc (`fcitx-engines.mozc`): A Japanese input method from + Google. + - table-others (`fcitx-engines.table-others`): Various + table-based input methods. + +## Nabi {#module-services-input-methods-nabi} + +Nabi is an easy to use Korean X input method. It allows you to enter +phonetic Korean characters (hangul) and pictographic Korean characters +(hanja). + +The following snippet can be used to configure Nabi: + +``` +i18n.inputMethod = { + enabled = "nabi"; +}; +``` + +## Uim {#module-services-input-methods-uim} + +Uim (short for "universal input method") is a multilingual input method +framework. Applications can use it through so-called bridges. + +The following snippet can be used to configure uim: + +``` +i18n.inputMethod = { + enabled = "uim"; +}; +``` + +Note: The [](#opt-i18n.inputMethod.uim.toolbar) option can be +used to choose uim toolbar. + +## Hime {#module-services-input-methods-hime} + +Hime is an extremely easy-to-use input method framework. It is lightweight, +stable, powerful and supports many commonly used input methods, including +Cangjie, Zhuyin, Dayi, Rank, Shrimp, Greek, Korean Pinyin, Latin Alphabet, +etc... + +The following snippet can be used to configure Hime: + +``` +i18n.inputMethod = { + enabled = "hime"; +}; +``` + +## Kime {#module-services-input-methods-kime} + +Kime is Korean IME. it's built with Rust language and let you get simple, safe, fast Korean typing + +The following snippet can be used to configure Kime: + +``` +i18n.inputMethod = { + enabled = "kime"; +}; +``` diff --git a/nixos/modules/i18n/input-method/default.nix b/nixos/modules/i18n/input-method/default.nix index 07fb86bcc25..987e5be2833 100644 --- a/nixos/modules/i18n/input-method/default.nix +++ b/nixos/modules/i18n/input-method/default.nix @@ -66,6 +66,8 @@ in meta = { maintainers = with lib.maintainers; [ ericsagnes ]; + # Don't edit the docbook xml directly, edit the md and generate it: + # `pandoc default.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > default.xml` doc = ./default.xml; }; diff --git a/nixos/modules/i18n/input-method/default.xml b/nixos/modules/i18n/input-method/default.xml index ba621baf441..c6fda9a7c57 100644 --- a/nixos/modules/i18n/input-method/default.xml +++ b/nixos/modules/i18n/input-method/default.xml @@ -1,291 +1,273 @@ - - Input Methods - - Input methods are an operating system component that allows any data, such as - keyboard strokes or mouse movements, to be received as input. In this way - users can enter characters and symbols not found on their input devices. - Using an input method is obligatory for any language that has more graphemes - than there are keys on the keyboard. - - - The following input methods are available in NixOS: - - - - - IBus: The intelligent input bus. - - - - - Fcitx: A customizable lightweight input method. - - - - - Nabi: A Korean input method based on XIM. - - - - - Uim: The universal input method, is a library with a XIM bridge. - - - - - Hime: An extremely easy-to-use input method framework. - - - + + Input Methods + + Input methods are an operating system component that allows any + data, such as keyboard strokes or mouse movements, to be received as + input. In this way users can enter characters and symbols not found + on their input devices. Using an input method is obligatory for any + language that has more graphemes than there are keys on the + keyboard. + + + The following input methods are available in NixOS: + + + + + IBus: The intelligent input bus. + + + + + Fcitx: A customizable lightweight input method. + + + + + Nabi: A Korean input method based on XIM. + + + + + Uim: The universal input method, is a library with a XIM bridge. + + + + + Hime: An extremely easy-to-use input method framework. + + + + + Kime: Korean IME + + + +
+ IBus - Kime: Korean IME + IBus is an Intelligent Input Bus. It provides full featured and + user friendly input method user interface. - - -
- IBus - - - IBus is an Intelligent Input Bus. It provides full featured and user - friendly input method user interface. - - - - The following snippet can be used to configure IBus: - - - + + The following snippet can be used to configure IBus: + + i18n.inputMethod = { - enabled = "ibus"; + enabled = "ibus"; ibus.engines = with pkgs.ibus-engines; [ anthy hangul mozc ]; }; - - - i18n.inputMethod.ibus.engines is optional and can be used - to add extra IBus engines. - - - - Available extra IBus engines are: - - - - - Anthy (ibus-engines.anthy): Anthy is a system for - Japanese input method. It converts Hiragana text to Kana Kanji mixed text. + i18n.inputMethod.ibus.engines is optional and + can be used to add extra IBus engines. - - - Hangul (ibus-engines.hangul): Korean input method. + Available extra IBus engines are: - - - - m17n (ibus-engines.m17n): m17n is an input method that - uses input methods and corresponding icons in the m17n database. - - - - - mozc (ibus-engines.mozc): A Japanese input method from - Google. - - - - - Table (ibus-engines.table): An input method that load - tables of input methods. - - - - - table-others (ibus-engines.table-others): Various - table-based input methods. To use this, and any other table-based input - methods, it must appear in the list of engines along with - table. For example: - + + + + Anthy (ibus-engines.anthy): Anthy is a + system for Japanese input method. It converts Hiragana text to + Kana Kanji mixed text. + + + + + Hangul (ibus-engines.hangul): Korean input + method. + + + + + m17n (ibus-engines.m17n): m17n is an input + method that uses input methods and corresponding icons in the + m17n database. + + + + + mozc (ibus-engines.mozc): A Japanese input + method from Google. + + + + + Table (ibus-engines.table): An input method + that load tables of input methods. + + + + + table-others (ibus-engines.table-others): + Various table-based input methods. To use this, and any other + table-based input methods, it must appear in the list of + engines along with table. For example: + + ibus.engines = with pkgs.ibus-engines; [ table table-others ]; + + + + To use any input method, the package must be added in the + configuration, as shown above, and also (after running + nixos-rebuild) the input method must be added + from IBus' preference dialog. - - - - - To use any input method, the package must be added in the configuration, as - shown above, and also (after running nixos-rebuild) the - input method must be added from IBus' preference dialog. - - - - Troubleshooting - - If IBus works in some applications but not others, a likely cause of this - is that IBus is depending on a different version of glib - to what the applications are depending on. This can be checked by running - nix-store -q --requisites <path> | grep glib, - where <path> is the path of either IBus or an - application in the Nix store. The glib packages must - match exactly. If they do not, uninstalling and reinstalling the - application is a likely fix. - - -
-
- Fcitx - - - Fcitx is an input method framework with extension support. It has three - built-in Input Method Engine, Pinyin, QuWei and Table-based input methods. - - - - The following snippet can be used to configure Fcitx: - - - +
+ Troubleshooting + + If IBus works in some applications but not others, a likely + cause of this is that IBus is depending on a different version + of glib to what the applications are + depending on. This can be checked by running + nix-store -q --requisites <path> | grep glib, + where <path> is the path of either IBus + or an application in the Nix store. The glib + packages must match exactly. If they do not, uninstalling and + reinstalling the application is a likely fix. + +
+
+
+ Fcitx + + Fcitx is an input method framework with extension support. It has + three built-in Input Method Engine, Pinyin, QuWei and Table-based + input methods. + + + The following snippet can be used to configure Fcitx: + + i18n.inputMethod = { - enabled = "fcitx"; + enabled = "fcitx"; fcitx.engines = with pkgs.fcitx-engines; [ mozc hangul m17n ]; }; - - - i18n.inputMethod.fcitx.engines is optional and can be - used to add extra Fcitx engines. - - - - Available extra Fcitx engines are: - - - - - Anthy (fcitx-engines.anthy): Anthy is a system for - Japanese input method. It converts Hiragana text to Kana Kanji mixed text. + i18n.inputMethod.fcitx.engines is optional and + can be used to add extra Fcitx engines. - - - Chewing (fcitx-engines.chewing): Chewing is an - intelligent Zhuyin input method. It is one of the most popular input - methods among Traditional Chinese Unix users. + Available extra Fcitx engines are: - - + + + + Anthy (fcitx-engines.anthy): Anthy is a + system for Japanese input method. It converts Hiragana text to + Kana Kanji mixed text. + + + + + Chewing (fcitx-engines.chewing): Chewing is + an intelligent Zhuyin input method. It is one of the most + popular input methods among Traditional Chinese Unix users. + + + + + Hangul (fcitx-engines.hangul): Korean input + method. + + + + + Unikey (fcitx-engines.unikey): Vietnamese + input method. + + + + + m17n (fcitx-engines.m17n): m17n is an input + method that uses input methods and corresponding icons in the + m17n database. + + + + + mozc (fcitx-engines.mozc): A Japanese input + method from Google. + + + + + table-others (fcitx-engines.table-others): + Various table-based input methods. + + + +
+
+ Nabi - Hangul (fcitx-engines.hangul): Korean input method. + Nabi is an easy to use Korean X input method. It allows you to + enter phonetic Korean characters (hangul) and pictographic Korean + characters (hanja). - - - Unikey (fcitx-engines.unikey): Vietnamese input method. + The following snippet can be used to configure Nabi: - - - - m17n (fcitx-engines.m17n): m17n is an input method that - uses input methods and corresponding icons in the m17n database. - - - - - mozc (fcitx-engines.mozc): A Japanese input method from - Google. - - - - - table-others (fcitx-engines.table-others): Various - table-based input methods. - - - -
-
- Nabi - - - Nabi is an easy to use Korean X input method. It allows you to enter - phonetic Korean characters (hangul) and pictographic Korean characters - (hanja). - - - - The following snippet can be used to configure Nabi: - - - + i18n.inputMethod = { - enabled = "nabi"; + enabled = "nabi"; }; -
-
- Uim - - - Uim (short for "universal input method") is a multilingual input method - framework. Applications can use it through so-called bridges. - - - - The following snippet can be used to configure uim: - - - +
+
+ Uim + + Uim (short for "universal input method") is a + multilingual input method framework. Applications can use it + through so-called bridges. + + + The following snippet can be used to configure uim: + + i18n.inputMethod = { - enabled = "uim"; + enabled = "uim"; }; - - - Note: The option can be - used to choose uim toolbar. - -
-
- Hime - - - Hime is an extremely easy-to-use input method framework. It is lightweight, - stable, powerful and supports many commonly used input methods, including - Cangjie, Zhuyin, Dayi, Rank, Shrimp, Greek, Korean Pinyin, Latin Alphabet, - etc... - - - - The following snippet can be used to configure Hime: - - - + + Note: The + option can be used to choose uim toolbar. + +
+
+ Hime + + Hime is an extremely easy-to-use input method framework. It is + lightweight, stable, powerful and supports many commonly used + input methods, including Cangjie, Zhuyin, Dayi, Rank, Shrimp, + Greek, Korean Pinyin, Latin Alphabet, etc... + + + The following snippet can be used to configure Hime: + + i18n.inputMethod = { - enabled = "hime"; + enabled = "hime"; }; -
-
- Kime - - - Kime is Korean IME. it's built with Rust language and let you get simple, safe, fast Korean typing - - - - The following snippet can be used to configure Kime: - - - +
+
+ Kime + + Kime is Korean IME. it's built with Rust language and let you get + simple, safe, fast Korean typing + + + The following snippet can be used to configure Kime: + + i18n.inputMethod = { - enabled = "kime"; + enabled = "kime"; }; -
+
From 0a70ea5e69f4027fba3016ca42e184f4062eace8 Mon Sep 17 00:00:00 2001 From: pennae Date: Mon, 2 Jan 2023 21:43:06 +0100 Subject: [PATCH 034/155] nixos/digitalbitbox: convert manual chapter to MD --- .../programs/digitalbitbox/default.nix | 2 + nixos/modules/programs/digitalbitbox/doc.md | 47 ++++++++ nixos/modules/programs/digitalbitbox/doc.xml | 110 +++++++++--------- 3 files changed, 101 insertions(+), 58 deletions(-) create mode 100644 nixos/modules/programs/digitalbitbox/doc.md diff --git a/nixos/modules/programs/digitalbitbox/default.nix b/nixos/modules/programs/digitalbitbox/default.nix index 101ee8ddbaf..38420df3d9e 100644 --- a/nixos/modules/programs/digitalbitbox/default.nix +++ b/nixos/modules/programs/digitalbitbox/default.nix @@ -33,6 +33,8 @@ in }; meta = { + # Don't edit the docbook xml directly, edit the md and generate it: + # `pandoc doc.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart > doc.xml` doc = ./doc.xml; maintainers = with lib.maintainers; [ vidbina ]; }; diff --git a/nixos/modules/programs/digitalbitbox/doc.md b/nixos/modules/programs/digitalbitbox/doc.md new file mode 100644 index 00000000000..9bca14e97ff --- /dev/null +++ b/nixos/modules/programs/digitalbitbox/doc.md @@ -0,0 +1,47 @@ +# Digital Bitbox {#module-programs-digitalbitbox} + +Digital Bitbox is a hardware wallet and second-factor authenticator. + +The `digitalbitbox` programs module may be installed by setting +`programs.digitalbitbox` to `true` in a manner similar to +``` +programs.digitalbitbox.enable = true; +``` +and bundles the `digitalbitbox` package (see [](#sec-digitalbitbox-package)), +which contains the `dbb-app` and `dbb-cli` binaries, along with the hardware +module (see [](#sec-digitalbitbox-hardware-module)) which sets up the necessary +udev rules to access the device. + +Enabling the digitalbitbox module is pretty much the easiest way to get a +Digital Bitbox device working on your system. + +For more information, see . + +## Package {#sec-digitalbitbox-package} + +The binaries, `dbb-app` (a GUI tool) and `dbb-cli` (a CLI tool), are available +through the `digitalbitbox` package which could be installed as follows: +``` +environment.systemPackages = [ + pkgs.digitalbitbox +]; +``` + +## Hardware {#sec-digitalbitbox-hardware-module} + +The digitalbitbox hardware package enables the udev rules for Digital Bitbox +devices and may be installed as follows: +``` +hardware.digitalbitbox.enable = true; +``` + +In order to alter the udev rules, one may provide different values for the +`udevRule51` and `udevRule52` attributes by means of overriding as follows: +``` +programs.digitalbitbox = { + enable = true; + package = pkgs.digitalbitbox.override { + udevRule51 = "something else"; + }; +}; +``` diff --git a/nixos/modules/programs/digitalbitbox/doc.xml b/nixos/modules/programs/digitalbitbox/doc.xml index e4ac6195dae..30150640504 100644 --- a/nixos/modules/programs/digitalbitbox/doc.xml +++ b/nixos/modules/programs/digitalbitbox/doc.xml @@ -1,74 +1,68 @@ - - Digital Bitbox - - Digital Bitbox is a hardware wallet and second-factor authenticator. - - - The digitalbitbox programs module may be installed by - setting programs.digitalbitbox to true - in a manner similar to - + + Digital Bitbox + + Digital Bitbox is a hardware wallet and second-factor authenticator. + + + The digitalbitbox programs module may be + installed by setting programs.digitalbitbox to + true in a manner similar to + + programs.digitalbitbox.enable = true; - and bundles the digitalbitbox package (see - ), which contains the - dbb-app and dbb-cli binaries, along - with the hardware module (see - ) which sets up the - necessary udev rules to access the device. - - - Enabling the digitalbitbox module is pretty much the easiest way to get a - Digital Bitbox device working on your system. - - - For more information, see - . - -
- Package - - The binaries, dbb-app (a GUI tool) and - dbb-cli (a CLI tool), are available through the - digitalbitbox package which could be installed as - follows: - + and bundles the digitalbitbox package (see + ), which contains + the dbb-app and dbb-cli + binaries, along with the hardware module (see + ) which + sets up the necessary udev rules to access the device. + + + Enabling the digitalbitbox module is pretty much the easiest way to + get a Digital Bitbox device working on your system. + + + For more information, see + https://digitalbitbox.com/start_linux. + +
+ Package + + The binaries, dbb-app (a GUI tool) and + dbb-cli (a CLI tool), are available through the + digitalbitbox package which could be installed + as follows: + + environment.systemPackages = [ pkgs.digitalbitbox ]; - -
-
- Hardware - - - The digitalbitbox hardware package enables the udev rules for Digital Bitbox - devices and may be installed as follows: - +
+
+ Hardware + + The digitalbitbox hardware package enables the udev rules for + Digital Bitbox devices and may be installed as follows: + + hardware.digitalbitbox.enable = true; - - - - In order to alter the udev rules, one may provide different values for the - udevRule51 and udevRule52 attributes - by means of overriding as follows: - + + In order to alter the udev rules, one may provide different values + for the udevRule51 and + udevRule52 attributes by means of overriding as + follows: + + programs.digitalbitbox = { enable = true; package = pkgs.digitalbitbox.override { - udevRule51 = "something else"; + udevRule51 = "something else"; }; }; - -
+
From eb2e1b04a672c51b9d735bf52d3e418f596093a3 Mon Sep 17 00:00:00 2001 From: pennae Date: Mon, 2 Jan 2023 21:51:47 +0100 Subject: [PATCH 035/155] nixos/plotinus: convert manual chapter to MD --- nixos/modules/programs/plotinus.md | 17 ++++++++++ nixos/modules/programs/plotinus.nix | 2 ++ nixos/modules/programs/plotinus.xml | 52 ++++++++++++++--------------- 3 files changed, 44 insertions(+), 27 deletions(-) create mode 100644 nixos/modules/programs/plotinus.md diff --git a/nixos/modules/programs/plotinus.md b/nixos/modules/programs/plotinus.md new file mode 100644 index 00000000000..fac3bbad1e0 --- /dev/null +++ b/nixos/modules/programs/plotinus.md @@ -0,0 +1,17 @@ +# Plotinus {#module-program-plotinus} + +*Source:* {file}`modules/programs/plotinus.nix` + +*Upstream documentation:* + +Plotinus is a searchable command palette in every modern GTK application. + +When in a GTK 3 application and Plotinus is enabled, you can press +`Ctrl+Shift+P` to open the command palette. The command +palette provides a searchable list of of all menu items in the application. + +To enable Plotinus, add the following to your +{file}`configuration.nix`: +``` +programs.plotinus.enable = true; +``` diff --git a/nixos/modules/programs/plotinus.nix b/nixos/modules/programs/plotinus.nix index a011bb862ae..161dda576c3 100644 --- a/nixos/modules/programs/plotinus.nix +++ b/nixos/modules/programs/plotinus.nix @@ -8,6 +8,8 @@ in { meta = { maintainers = pkgs.plotinus.meta.maintainers; + # Don't edit the docbook xml directly, edit the md and generate it: + # `pandoc plotinus.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > plotinus.xml` doc = ./plotinus.xml; }; diff --git a/nixos/modules/programs/plotinus.xml b/nixos/modules/programs/plotinus.xml index 656c072b97a..6d5147eaa7e 100644 --- a/nixos/modules/programs/plotinus.xml +++ b/nixos/modules/programs/plotinus.xml @@ -1,30 +1,28 @@ - - Plotinus - - Source: - modules/programs/plotinus.nix - - - Upstream documentation: - - - - Plotinus is a searchable command palette in every modern GTK application. - - - When in a GTK 3 application and Plotinus is enabled, you can press - Ctrl+Shift+P to open the command palette. The command - palette provides a searchable list of of all menu items in the application. - - - To enable Plotinus, add the following to your - configuration.nix: - + + Plotinus + + Source: + modules/programs/plotinus.nix + + + Upstream documentation: + https://github.com/p-e-w/plotinus + + + Plotinus is a searchable command palette in every modern GTK + application. + + + When in a GTK 3 application and Plotinus is enabled, you can press + Ctrl+Shift+P to open the command palette. The + command palette provides a searchable list of of all menu items in + the application. + + + To enable Plotinus, add the following to your + configuration.nix: + + programs.plotinus.enable = true; - From f60e9eac857bbc020c6f4c263f558c6ded8965f8 Mon Sep 17 00:00:00 2001 From: pennae Date: Mon, 2 Jan 2023 22:19:14 +0100 Subject: [PATCH 036/155] nixos/oh-my-zsh: convert manual chapter to MD --- nixos/modules/programs/zsh/oh-my-zsh.md | 109 +++++++++++ nixos/modules/programs/zsh/oh-my-zsh.nix | 2 + nixos/modules/programs/zsh/oh-my-zsh.xml | 227 +++++++++++------------ 3 files changed, 223 insertions(+), 115 deletions(-) create mode 100644 nixos/modules/programs/zsh/oh-my-zsh.md diff --git a/nixos/modules/programs/zsh/oh-my-zsh.md b/nixos/modules/programs/zsh/oh-my-zsh.md new file mode 100644 index 00000000000..73d425244ce --- /dev/null +++ b/nixos/modules/programs/zsh/oh-my-zsh.md @@ -0,0 +1,109 @@ +# Oh my ZSH {#module-programs-zsh-ohmyzsh} + +[`oh-my-zsh`](https://ohmyz.sh/) is a framework to manage your [ZSH](https://www.zsh.org/) +configuration including completion scripts for several CLI tools or custom +prompt themes. + +## Basic usage {#module-programs-oh-my-zsh-usage} + +The module uses the `oh-my-zsh` package with all available +features. The initial setup using Nix expressions is fairly similar to the +configuration format of `oh-my-zsh`. +``` +{ + programs.zsh.ohMyZsh = { + enable = true; + plugins = [ "git" "python" "man" ]; + theme = "agnoster"; + }; +} +``` +For a detailed explanation of these arguments please refer to the +[`oh-my-zsh` docs](https://github.com/robbyrussell/oh-my-zsh/wiki). + +The expression generates the needed configuration and writes it into your +`/etc/zshrc`. + +## Custom additions {#module-programs-oh-my-zsh-additions} + +Sometimes third-party or custom scripts such as a modified theme may be +needed. `oh-my-zsh` provides the +[`ZSH_CUSTOM`](https://github.com/robbyrussell/oh-my-zsh/wiki/Customization#overriding-internals) +environment variable for this which points to a directory with additional +scripts. + +The module can do this as well: +``` +{ + programs.zsh.ohMyZsh.custom = "~/path/to/custom/scripts"; +} +``` + +## Custom environments {#module-programs-oh-my-zsh-environments} + +There are several extensions for `oh-my-zsh` packaged in +`nixpkgs`. One of them is +[nix-zsh-completions](https://github.com/spwhitt/nix-zsh-completions) +which bundles completion scripts and a plugin for `oh-my-zsh`. + +Rather than using a single mutable path for `ZSH_CUSTOM`, +it's also possible to generate this path from a list of Nix packages: +``` +{ pkgs, ... }: +{ + programs.zsh.ohMyZsh.customPkgs = [ + pkgs.nix-zsh-completions + # and even more... + ]; +} +``` +Internally a single store path will be created using +`buildEnv`. Please refer to the docs of +[`buildEnv`](https://nixos.org/nixpkgs/manual/#sec-building-environment) +for further reference. + +*Please keep in mind that this is not compatible with +`programs.zsh.ohMyZsh.custom` as it requires an immutable +store path while `custom` shall remain mutable! An +evaluation failure will be thrown if both `custom` and +`customPkgs` are set.* + +## Package your own customizations {#module-programs-oh-my-zsh-packaging-customizations} + +If third-party customizations (e.g. new themes) are supposed to be added to +`oh-my-zsh` there are several pitfalls to keep in mind: + + - To comply with the default structure of `ZSH` the entire + output needs to be written to `$out/share/zsh.` + + - Completion scripts are supposed to be stored at + `$out/share/zsh/site-functions`. This directory is part of the + [`fpath`](http://zsh.sourceforge.net/Doc/Release/Functions.html) + and the package should be compatible with pure `ZSH` + setups. The module will automatically link the contents of + `site-functions` to completions directory in the proper + store path. + + - The `plugins` directory needs the structure + `pluginname/pluginname.plugin.zsh` as structured in the + [upstream repo.](https://github.com/robbyrussell/oh-my-zsh/tree/91b771914bc7c43dd7c7a43b586c5de2c225ceb7/plugins) + +A derivation for `oh-my-zsh` may look like this: +``` +{ stdenv, fetchFromGitHub }: + +stdenv.mkDerivation rec { + name = "exemplary-zsh-customization-${version}"; + version = "1.0.0"; + src = fetchFromGitHub { + # path to the upstream repository + }; + + dontBuild = true; + installPhase = '' + mkdir -p $out/share/zsh/site-functions + cp {themes,plugins} $out/share/zsh + cp completions $out/share/zsh/site-functions + ''; +} +``` diff --git a/nixos/modules/programs/zsh/oh-my-zsh.nix b/nixos/modules/programs/zsh/oh-my-zsh.nix index 41ea31b0f12..88b293bdfc6 100644 --- a/nixos/modules/programs/zsh/oh-my-zsh.nix +++ b/nixos/modules/programs/zsh/oh-my-zsh.nix @@ -142,5 +142,7 @@ in }; + # Don't edit the docbook xml directly, edit the md and generate it: + # `pandoc oh-my-zsh.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > oh-my-zsh.xml` meta.doc = ./oh-my-zsh.xml; } diff --git a/nixos/modules/programs/zsh/oh-my-zsh.xml b/nixos/modules/programs/zsh/oh-my-zsh.xml index 9917dd022b9..c20659e83cc 100644 --- a/nixos/modules/programs/zsh/oh-my-zsh.xml +++ b/nixos/modules/programs/zsh/oh-my-zsh.xml @@ -1,76 +1,72 @@ - - Oh my ZSH - - oh-my-zsh is a - framework to manage your ZSH - configuration including completion scripts for several CLI tools or custom - prompt themes. - -
- Basic usage - + + Oh my ZSH - The module uses the oh-my-zsh package with all available - features. The initial setup using Nix expressions is fairly similar to the - configuration format of oh-my-zsh. - + oh-my-zsh + is a framework to manage your + ZSH configuration + including completion scripts for several CLI tools or custom prompt + themes. + +
+ Basic usage + + The module uses the oh-my-zsh package with all + available features. The initial setup using Nix expressions is + fairly similar to the configuration format of + oh-my-zsh. + + { programs.zsh.ohMyZsh = { enable = true; - plugins = [ "git" "python" "man" ]; - theme = "agnoster"; + plugins = [ "git" "python" "man" ]; + theme = "agnoster"; }; } - For a detailed explanation of these arguments please refer to the - oh-my-zsh - docs. - - - - The expression generates the needed configuration and writes it into your - /etc/zshrc. - -
-
- Custom additions - - - Sometimes third-party or custom scripts such as a modified theme may be - needed. oh-my-zsh provides the - ZSH_CUSTOM - environment variable for this which points to a directory with additional - scripts. - - - - The module can do this as well: - + + For a detailed explanation of these arguments please refer to the + oh-my-zsh + docs. + + + The expression generates the needed configuration and writes it + into your /etc/zshrc. + +
+
+ Custom additions + + Sometimes third-party or custom scripts such as a modified theme + may be needed. oh-my-zsh provides the + ZSH_CUSTOM + environment variable for this which points to a directory with + additional scripts. + + + The module can do this as well: + + { - programs.zsh.ohMyZsh.custom = "~/path/to/custom/scripts"; + programs.zsh.ohMyZsh.custom = "~/path/to/custom/scripts"; } - -
-
- Custom environments - - - There are several extensions for oh-my-zsh packaged in - nixpkgs. One of them is - nix-zsh-completions - which bundles completion scripts and a plugin for - oh-my-zsh. - - - - Rather than using a single mutable path for ZSH_CUSTOM, - it's also possible to generate this path from a list of Nix packages: - +
+
+ Custom environments + + There are several extensions for oh-my-zsh + packaged in nixpkgs. One of them is + nix-zsh-completions + which bundles completion scripts and a plugin for + oh-my-zsh. + + + Rather than using a single mutable path for + ZSH_CUSTOM, it's also possible to generate this + path from a list of Nix packages: + + { pkgs, ... }: { programs.zsh.ohMyZsh.customPkgs = [ @@ -79,65 +75,67 @@ ]; } - Internally a single store path will be created using - buildEnv. Please refer to the docs of - buildEnv - for further reference. - - - - Please keep in mind that this is not compatible with - programs.zsh.ohMyZsh.custom as it requires an immutable - store path while custom shall remain mutable! An - evaluation failure will be thrown if both custom and - customPkgs are set. - -
-
- Package your own customizations - - - If third-party customizations (e.g. new themes) are supposed to be added to - oh-my-zsh there are several pitfalls to keep in mind: - - - - - To comply with the default structure of ZSH the entire - output needs to be written to $out/share/zsh. + Internally a single store path will be created using + buildEnv. Please refer to the docs of + buildEnv + for further reference. - - - Completion scripts are supposed to be stored at - $out/share/zsh/site-functions. This directory is part - of the - fpath - and the package should be compatible with pure ZSH - setups. The module will automatically link the contents of - site-functions to completions directory in the proper - store path. + Please keep in mind that this is not compatible with + programs.zsh.ohMyZsh.custom as it requires an + immutable store path while custom shall remain + mutable! An evaluation failure will be thrown if both + custom and customPkgs are + set. - - +
+
+ Package your own customizations - The plugins directory needs the structure - pluginname/pluginname.plugin.zsh as structured in the - upstream - repo. + If third-party customizations (e.g. new themes) are supposed to be + added to oh-my-zsh there are several pitfalls + to keep in mind: - - - - - A derivation for oh-my-zsh may look like this: - + + + + To comply with the default structure of ZSH + the entire output needs to be written to + $out/share/zsh. + + + + + Completion scripts are supposed to be stored at + $out/share/zsh/site-functions. This + directory is part of the + fpath + and the package should be compatible with pure + ZSH setups. The module will automatically + link the contents of site-functions to + completions directory in the proper store path. + + + + + The plugins directory needs the structure + pluginname/pluginname.plugin.zsh as + structured in the + upstream + repo. + + + + + A derivation for oh-my-zsh may look like this: + + { stdenv, fetchFromGitHub }: stdenv.mkDerivation rec { - name = "exemplary-zsh-customization-${version}"; - version = "1.0.0"; + name = "exemplary-zsh-customization-${version}"; + version = "1.0.0"; src = fetchFromGitHub { # path to the upstream repository }; @@ -150,6 +148,5 @@ stdenv.mkDerivation rec { ''; } - -
+
From 53935b445fa62f6eefee11b5a8eaf42ce329ec6b Mon Sep 17 00:00:00 2001 From: pennae Date: Mon, 2 Jan 2023 22:50:30 +0100 Subject: [PATCH 037/155] nixos/acme: convert manual chapter to MD --- nixos/modules/security/acme/default.nix | 2 + nixos/modules/security/acme/doc.md | 354 +++++++++++++++++ nixos/modules/security/acme/doc.xml | 489 ++++++++++++------------ 3 files changed, 591 insertions(+), 254 deletions(-) create mode 100644 nixos/modules/security/acme/doc.md diff --git a/nixos/modules/security/acme/default.nix b/nixos/modules/security/acme/default.nix index a380bb5484a..3be78084b95 100644 --- a/nixos/modules/security/acme/default.nix +++ b/nixos/modules/security/acme/default.nix @@ -916,6 +916,8 @@ in { meta = { maintainers = lib.teams.acme.members; + # Don't edit the docbook xml directly, edit the md and generate it: + # `pandoc doc.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > doc.xml` doc = ./doc.xml; }; } diff --git a/nixos/modules/security/acme/doc.md b/nixos/modules/security/acme/doc.md new file mode 100644 index 00000000000..8ff97b55f68 --- /dev/null +++ b/nixos/modules/security/acme/doc.md @@ -0,0 +1,354 @@ +# SSL/TLS Certificates with ACME {#module-security-acme} + +NixOS supports automatic domain validation & certificate retrieval and +renewal using the ACME protocol. Any provider can be used, but by default +NixOS uses Let's Encrypt. The alternative ACME client +[lego](https://go-acme.github.io/lego/) is used under +the hood. + +Automatic cert validation and configuration for Apache and Nginx virtual +hosts is included in NixOS, however if you would like to generate a wildcard +cert or you are not using a web server you will have to configure DNS +based validation. + +## Prerequisites {#module-security-acme-prerequisites} + +To use the ACME module, you must accept the provider's terms of service +by setting [](#opt-security.acme.acceptTerms) +to `true`. The Let's Encrypt ToS can be found +[here](https://letsencrypt.org/repository/). + +You must also set an email address to be used when creating accounts with +Let's Encrypt. You can set this for all certs with +[](#opt-security.acme.defaults.email) +and/or on a per-cert basis with +[](#opt-security.acme.certs._name_.email). +This address is only used for registration and renewal reminders, +and cannot be used to administer the certificates in any way. + +Alternatively, you can use a different ACME server by changing the +[](#opt-security.acme.defaults.server) option +to a provider of your choosing, or just change the server for one cert with +[](#opt-security.acme.certs._name_.server). + +You will need an HTTP server or DNS server for verification. For HTTP, +the server must have a webroot defined that can serve +{file}`.well-known/acme-challenge`. This directory must be +writeable by the user that will run the ACME client. For DNS, you must +set up credentials with your provider/server for use with lego. + +## Using ACME certificates in Nginx {#module-security-acme-nginx} + +NixOS supports fetching ACME certificates for you by setting +`enableACME = true;` in a virtualHost config. We first create self-signed +placeholder certificates in place of the real ACME certs. The placeholder +certs are overwritten when the ACME certs arrive. For +`foo.example.com` the config would look like this: + +``` +security.acme.acceptTerms = true; +security.acme.defaults.email = "admin+acme@example.com"; +services.nginx = { + enable = true; + virtualHosts = { + "foo.example.com" = { + forceSSL = true; + enableACME = true; + # All serverAliases will be added as extra domain names on the certificate. + serverAliases = [ "bar.example.com" ]; + locations."/" = { + root = "/var/www"; + }; + }; + + # We can also add a different vhost and reuse the same certificate + # but we have to append extraDomainNames manually beforehand: + # security.acme.certs."foo.example.com".extraDomainNames = [ "baz.example.com" ]; + "baz.example.com" = { + forceSSL = true; + useACMEHost = "foo.example.com"; + locations."/" = { + root = "/var/www"; + }; + }; + }; +} +``` + +## Using ACME certificates in Apache/httpd {#module-security-acme-httpd} + +Using ACME certificates with Apache virtual hosts is identical +to using them with Nginx. The attribute names are all the same, just replace +"nginx" with "httpd" where appropriate. + +## Manual configuration of HTTP-01 validation {#module-security-acme-configuring} + +First off you will need to set up a virtual host to serve the challenges. +This example uses a vhost called `certs.example.com`, with +the intent that you will generate certs for all your vhosts and redirect +everyone to HTTPS. + +``` +security.acme.acceptTerms = true; +security.acme.defaults.email = "admin+acme@example.com"; + +# /var/lib/acme/.challenges must be writable by the ACME user +# and readable by the Nginx user. The easiest way to achieve +# this is to add the Nginx user to the ACME group. +users.users.nginx.extraGroups = [ "acme" ]; + +services.nginx = { + enable = true; + virtualHosts = { + "acmechallenge.example.com" = { + # Catchall vhost, will redirect users to HTTPS for all vhosts + serverAliases = [ "*.example.com" ]; + locations."/.well-known/acme-challenge" = { + root = "/var/lib/acme/.challenges"; + }; + locations."/" = { + return = "301 https://$host$request_uri"; + }; + }; + }; +} +# Alternative config for Apache +users.users.wwwrun.extraGroups = [ "acme" ]; +services.httpd = { + enable = true; + virtualHosts = { + "acmechallenge.example.com" = { + # Catchall vhost, will redirect users to HTTPS for all vhosts + serverAliases = [ "*.example.com" ]; + # /var/lib/acme/.challenges must be writable by the ACME user and readable by the Apache user. + # By default, this is the case. + documentRoot = "/var/lib/acme/.challenges"; + extraConfig = '' + RewriteEngine On + RewriteCond %{HTTPS} off + RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge [NC] + RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301] + ''; + }; + }; +} +``` + +Now you need to configure ACME to generate a certificate. + +``` +security.acme.certs."foo.example.com" = { + webroot = "/var/lib/acme/.challenges"; + email = "foo@example.com"; + # Ensure that the web server you use can read the generated certs + # Take a look at the group option for the web server you choose. + group = "nginx"; + # Since we have a wildcard vhost to handle port 80, + # we can generate certs for anything! + # Just make sure your DNS resolves them. + extraDomainNames = [ "mail.example.com" ]; +}; +``` + +The private key {file}`key.pem` and certificate +{file}`fullchain.pem` will be put into +{file}`/var/lib/acme/foo.example.com`. + +Refer to [](#ch-options) for all available configuration +options for the [security.acme](#opt-security.acme.certs) +module. + +## Configuring ACME for DNS validation {#module-security-acme-config-dns} + +This is useful if you want to generate a wildcard certificate, since +ACME servers will only hand out wildcard certs over DNS validation. +There are a number of supported DNS providers and servers you can utilise, +see the [lego docs](https://go-acme.github.io/lego/dns/) +for provider/server specific configuration values. For the sake of these +docs, we will provide a fully self-hosted example using bind. + +``` +services.bind = { + enable = true; + extraConfig = '' + include "/var/lib/secrets/dnskeys.conf"; + ''; + zones = [ + rec { + name = "example.com"; + file = "/var/db/bind/${name}"; + master = true; + extraConfig = "allow-update { key rfc2136key.example.com.; };"; + } + ]; +} + +# Now we can configure ACME +security.acme.acceptTerms = true; +security.acme.defaults.email = "admin+acme@example.com"; +security.acme.certs."example.com" = { + domain = "*.example.com"; + dnsProvider = "rfc2136"; + credentialsFile = "/var/lib/secrets/certs.secret"; + # We don't need to wait for propagation since this is a local DNS server + dnsPropagationCheck = false; +}; +``` + +The {file}`dnskeys.conf` and {file}`certs.secret` +must be kept secure and thus you should not keep their contents in your +Nix config. Instead, generate them one time with a systemd service: + +``` +systemd.services.dns-rfc2136-conf = { + requiredBy = ["acme-example.com.service" "bind.service"]; + before = ["acme-example.com.service" "bind.service"]; + unitConfig = { + ConditionPathExists = "!/var/lib/secrets/dnskeys.conf"; + }; + serviceConfig = { + Type = "oneshot"; + UMask = 0077; + }; + path = [ pkgs.bind ]; + script = '' + mkdir -p /var/lib/secrets + chmod 755 /var/lib/secrets + tsig-keygen rfc2136key.example.com > /var/lib/secrets/dnskeys.conf + chown named:root /var/lib/secrets/dnskeys.conf + chmod 400 /var/lib/secrets/dnskeys.conf + + # extract secret value from the dnskeys.conf + while read x y; do if [ "$x" = "secret" ]; then secret="''${y:1:''${#y}-3}"; fi; done < /var/lib/secrets/dnskeys.conf + + cat > /var/lib/secrets/certs.secret << EOF + RFC2136_NAMESERVER='127.0.0.1:53' + RFC2136_TSIG_ALGORITHM='hmac-sha256.' + RFC2136_TSIG_KEY='rfc2136key.example.com' + RFC2136_TSIG_SECRET='$secret' + EOF + chmod 400 /var/lib/secrets/certs.secret + ''; +}; +``` + +Now you're all set to generate certs! You should monitor the first invocation +by running `systemctl start acme-example.com.service & +journalctl -fu acme-example.com.service` and watching its log output. + +## Using DNS validation with web server virtual hosts {#module-security-acme-config-dns-with-vhosts} + +It is possible to use DNS-01 validation with all certificates, +including those automatically configured via the Nginx/Apache +[`enableACME`](#opt-services.nginx.virtualHosts._name_.enableACME) +option. This configuration pattern is fully +supported and part of the module's test suite for Nginx + Apache. + +You must follow the guide above on configuring DNS-01 validation +first, however instead of setting the options for one certificate +(e.g. [](#opt-security.acme.certs._name_.dnsProvider)) +you will set them as defaults +(e.g. [](#opt-security.acme.defaults.dnsProvider)). + +``` +# Configure ACME appropriately +security.acme.acceptTerms = true; +security.acme.defaults.email = "admin+acme@example.com"; +security.acme.defaults = { + dnsProvider = "rfc2136"; + credentialsFile = "/var/lib/secrets/certs.secret"; + # We don't need to wait for propagation since this is a local DNS server + dnsPropagationCheck = false; +}; + +# For each virtual host you would like to use DNS-01 validation with, +# set acmeRoot = null +services.nginx = { + enable = true; + virtualHosts = { + "foo.example.com" = { + enableACME = true; + acmeRoot = null; + }; + }; +} +``` + +And that's it! Next time your configuration is rebuilt, or when +you add a new virtualHost, it will be DNS-01 validated. + +## Using ACME with services demanding root owned certificates {#module-security-acme-root-owned} + +Some services refuse to start if the configured certificate files +are not owned by root. PostgreSQL and OpenSMTPD are examples of these. +There is no way to change the user the ACME module uses (it will always be +`acme`), however you can use systemd's +`LoadCredential` feature to resolve this elegantly. +Below is an example configuration for OpenSMTPD, but this pattern +can be applied to any service. + +``` +# Configure ACME however you like (DNS or HTTP validation), adding +# the following configuration for the relevant certificate. +# Note: You cannot use `systemctl reload` here as that would mean +# the LoadCredential configuration below would be skipped and +# the service would continue to use old certificates. +security.acme.certs."mail.example.com".postRun = '' + systemctl restart opensmtpd +''; + +# Now you must augment OpenSMTPD's systemd service to load +# the certificate files. +systemd.services.opensmtpd.requires = ["acme-finished-mail.example.com.target"]; +systemd.services.opensmtpd.serviceConfig.LoadCredential = let + certDir = config.security.acme.certs."mail.example.com".directory; +in [ + "cert.pem:${certDir}/cert.pem" + "key.pem:${certDir}/key.pem" +]; + +# Finally, configure OpenSMTPD to use these certs. +services.opensmtpd = let + credsDir = "/run/credentials/opensmtpd.service"; +in { + enable = true; + setSendmail = false; + serverConfiguration = '' + pki mail.example.com cert "${credsDir}/cert.pem" + pki mail.example.com key "${credsDir}/key.pem" + listen on localhost tls pki mail.example.com + action act1 relay host smtp://127.0.0.1:10027 + match for local action act1 + ''; +}; +``` + +## Regenerating certificates {#module-security-acme-regenerate} + +Should you need to regenerate a particular certificate in a hurry, such +as when a vulnerability is found in Let's Encrypt, there is now a convenient +mechanism for doing so. Running +`systemctl clean --what=state acme-example.com.service` +will remove all certificate files and the account data for the given domain, +allowing you to then `systemctl start acme-example.com.service` +to generate fresh ones. + +## Fixing JWS Verification error {#module-security-acme-fix-jws} + +It is possible that your account credentials file may become corrupt and need +to be regenerated. In this scenario lego will produce the error `JWS verification error`. +The solution is to simply delete the associated accounts file and +re-run the affected service(s). + +``` +# Find the accounts folder for the certificate +systemctl cat acme-example.com.service | grep -Po 'accounts/[^:]*' +export accountdir="$(!!)" +# Move this folder to some place else +mv /var/lib/acme/.lego/$accountdir{,.bak} +# Recreate the folder using systemd-tmpfiles +systemd-tmpfiles --create +# Get a new account and reissue certificates +# Note: Do this for all certs that share the same account email address +systemctl start acme-example.com.service +``` diff --git a/nixos/modules/security/acme/doc.xml b/nixos/modules/security/acme/doc.xml index 0905fefd623..c21f802caf4 100644 --- a/nixos/modules/security/acme/doc.xml +++ b/nixos/modules/security/acme/doc.xml @@ -1,152 +1,146 @@ - - SSL/TLS Certificates with ACME - - NixOS supports automatic domain validation & certificate retrieval and - renewal using the ACME protocol. Any provider can be used, but by default - NixOS uses Let's Encrypt. The alternative ACME client - lego is used under - the hood. - - - Automatic cert validation and configuration for Apache and Nginx virtual - hosts is included in NixOS, however if you would like to generate a wildcard - cert or you are not using a web server you will have to configure DNS - based validation. - -
- Prerequisites - + + SSL/TLS Certificates with ACME - To use the ACME module, you must accept the provider's terms of service - by setting - to true. The Let's Encrypt ToS can be found - here. + NixOS supports automatic domain validation & certificate + retrieval and renewal using the ACME protocol. Any provider can be + used, but by default NixOS uses Let's Encrypt. The alternative ACME + client + lego is + used under the hood. - - You must also set an email address to be used when creating accounts with - Let's Encrypt. You can set this for all certs with - - and/or on a per-cert basis with - . - This address is only used for registration and renewal reminders, - and cannot be used to administer the certificates in any way. + Automatic cert validation and configuration for Apache and Nginx + virtual hosts is included in NixOS, however if you would like to + generate a wildcard cert or you are not using a web server you will + have to configure DNS based validation. - - - Alternatively, you can use a different ACME server by changing the - option - to a provider of your choosing, or just change the server for one cert with - . - - - - You will need an HTTP server or DNS server for verification. For HTTP, - the server must have a webroot defined that can serve - .well-known/acme-challenge. This directory must be - writeable by the user that will run the ACME client. For DNS, you must - set up credentials with your provider/server for use with lego. - -
-
- Using ACME certificates in Nginx - - - NixOS supports fetching ACME certificates for you by setting - enableACME = true; in a virtualHost config. We first create self-signed - placeholder certificates in place of the real ACME certs. The placeholder - certs are overwritten when the ACME certs arrive. For - foo.example.com the config would look like this: - - - +
+ Prerequisites + + To use the ACME module, you must accept the provider's terms of + service by setting + to + true. The Let's Encrypt ToS can be found + here. + + + You must also set an email address to be used when creating + accounts with Let's Encrypt. You can set this for all certs with + and/or on + a per-cert basis with + . This + address is only used for registration and renewal reminders, and + cannot be used to administer the certificates in any way. + + + Alternatively, you can use a different ACME server by changing the + option + to a provider of your choosing, or just change the server for one + cert with + . + + + You will need an HTTP server or DNS server for verification. For + HTTP, the server must have a webroot defined that can serve + .well-known/acme-challenge. This directory + must be writeable by the user that will run the ACME client. For + DNS, you must set up credentials with your provider/server for use + with lego. + +
+
+ Using ACME certificates in Nginx + + NixOS supports fetching ACME certificates for you by setting + enableACME = true; in a virtualHost config. We + first create self-signed placeholder certificates in place of the + real ACME certs. The placeholder certs are overwritten when the + ACME certs arrive. For foo.example.com the + config would look like this: + + security.acme.acceptTerms = true; -security.acme.defaults.email = "admin+acme@example.com"; +security.acme.defaults.email = "admin+acme@example.com"; services.nginx = { enable = true; virtualHosts = { - "foo.example.com" = { + "foo.example.com" = { forceSSL = true; enableACME = true; # All serverAliases will be added as extra domain names on the certificate. - serverAliases = [ "bar.example.com" ]; - locations."/" = { - root = "/var/www"; + serverAliases = [ "bar.example.com" ]; + locations."/" = { + root = "/var/www"; }; }; # We can also add a different vhost and reuse the same certificate # but we have to append extraDomainNames manually beforehand: - # security.acme.certs."foo.example.com".extraDomainNames = [ "baz.example.com" ]; - "baz.example.com" = { + # security.acme.certs."foo.example.com".extraDomainNames = [ "baz.example.com" ]; + "baz.example.com" = { forceSSL = true; - useACMEHost = "foo.example.com"; - locations."/" = { - root = "/var/www"; + useACMEHost = "foo.example.com"; + locations."/" = { + root = "/var/www"; }; }; }; } -
-
- Using ACME certificates in Apache/httpd - - - Using ACME certificates with Apache virtual hosts is identical - to using them with Nginx. The attribute names are all the same, just replace - "nginx" with "httpd" where appropriate. - -
-
- Manual configuration of HTTP-01 validation - - - First off you will need to set up a virtual host to serve the challenges. - This example uses a vhost called certs.example.com, with - the intent that you will generate certs for all your vhosts and redirect - everyone to HTTPS. - - - +
+
+ Using ACME certificates in Apache/httpd + + Using ACME certificates with Apache virtual hosts is identical to + using them with Nginx. The attribute names are all the same, just + replace "nginx" with "httpd" where + appropriate. + +
+
+ Manual configuration of HTTP-01 validation + + First off you will need to set up a virtual host to serve the + challenges. This example uses a vhost called + certs.example.com, with the intent that you + will generate certs for all your vhosts and redirect everyone to + HTTPS. + + security.acme.acceptTerms = true; -security.acme.defaults.email = "admin+acme@example.com"; +security.acme.defaults.email = "admin+acme@example.com"; # /var/lib/acme/.challenges must be writable by the ACME user # and readable by the Nginx user. The easiest way to achieve # this is to add the Nginx user to the ACME group. -users.users.nginx.extraGroups = [ "acme" ]; +users.users.nginx.extraGroups = [ "acme" ]; services.nginx = { enable = true; virtualHosts = { - "acmechallenge.example.com" = { + "acmechallenge.example.com" = { # Catchall vhost, will redirect users to HTTPS for all vhosts - serverAliases = [ "*.example.com" ]; - locations."/.well-known/acme-challenge" = { - root = "/var/lib/acme/.challenges"; + serverAliases = [ "*.example.com" ]; + locations."/.well-known/acme-challenge" = { + root = "/var/lib/acme/.challenges"; }; - locations."/" = { - return = "301 https://$host$request_uri"; + locations."/" = { + return = "301 https://$host$request_uri"; }; }; }; } # Alternative config for Apache -users.users.wwwrun.extraGroups = [ "acme" ]; +users.users.wwwrun.extraGroups = [ "acme" ]; services.httpd = { enable = true; virtualHosts = { - "acmechallenge.example.com" = { + "acmechallenge.example.com" = { # Catchall vhost, will redirect users to HTTPS for all vhosts - serverAliases = [ "*.example.com" ]; + serverAliases = [ "*.example.com" ]; # /var/lib/acme/.challenges must be writable by the ACME user and readable by the Apache user. # By default, this is the case. - documentRoot = "/var/lib/acme/.challenges"; + documentRoot = "/var/lib/acme/.challenges"; extraConfig = '' RewriteEngine On RewriteCond %{HTTPS} off @@ -157,92 +151,88 @@ services.httpd = { }; } - - - Now you need to configure ACME to generate a certificate. - - - -security.acme.certs."foo.example.com" = { - webroot = "/var/lib/acme/.challenges"; - email = "foo@example.com"; + + Now you need to configure ACME to generate a certificate. + + +security.acme.certs."foo.example.com" = { + webroot = "/var/lib/acme/.challenges"; + email = "foo@example.com"; # Ensure that the web server you use can read the generated certs # Take a look at the group option for the web server you choose. - group = "nginx"; + group = "nginx"; # Since we have a wildcard vhost to handle port 80, # we can generate certs for anything! # Just make sure your DNS resolves them. - extraDomainNames = [ "mail.example.com" ]; + extraDomainNames = [ "mail.example.com" ]; }; - - - The private key key.pem and certificate - fullchain.pem will be put into - /var/lib/acme/foo.example.com. - - - - Refer to for all available configuration - options for the security.acme - module. - -
-
- Configuring ACME for DNS validation - - - This is useful if you want to generate a wildcard certificate, since - ACME servers will only hand out wildcard certs over DNS validation. - There are a number of supported DNS providers and servers you can utilise, - see the lego docs - for provider/server specific configuration values. For the sake of these - docs, we will provide a fully self-hosted example using bind. - - - + + The private key key.pem and certificate + fullchain.pem will be put into + /var/lib/acme/foo.example.com. + + + Refer to for all available + configuration options for the + security.acme + module. + +
+
+ Configuring ACME for DNS validation + + This is useful if you want to generate a wildcard certificate, + since ACME servers will only hand out wildcard certs over DNS + validation. There are a number of supported DNS providers and + servers you can utilise, see the + lego + docs for provider/server specific configuration values. For + the sake of these docs, we will provide a fully self-hosted + example using bind. + + services.bind = { enable = true; extraConfig = '' - include "/var/lib/secrets/dnskeys.conf"; + include "/var/lib/secrets/dnskeys.conf"; ''; zones = [ rec { - name = "example.com"; - file = "/var/db/bind/${name}"; + name = "example.com"; + file = "/var/db/bind/${name}"; master = true; - extraConfig = "allow-update { key rfc2136key.example.com.; };"; + extraConfig = "allow-update { key rfc2136key.example.com.; };"; } ]; } # Now we can configure ACME security.acme.acceptTerms = true; -security.acme.defaults.email = "admin+acme@example.com"; -security.acme.certs."example.com" = { - domain = "*.example.com"; - dnsProvider = "rfc2136"; - credentialsFile = "/var/lib/secrets/certs.secret"; +security.acme.defaults.email = "admin+acme@example.com"; +security.acme.certs."example.com" = { + domain = "*.example.com"; + dnsProvider = "rfc2136"; + credentialsFile = "/var/lib/secrets/certs.secret"; # We don't need to wait for propagation since this is a local DNS server dnsPropagationCheck = false; }; - - - The dnskeys.conf and certs.secret - must be kept secure and thus you should not keep their contents in your - Nix config. Instead, generate them one time with a systemd service: - - - + + The dnskeys.conf and + certs.secret must be kept secure and thus you + should not keep their contents in your Nix config. Instead, + generate them one time with a systemd service: + + systemd.services.dns-rfc2136-conf = { - requiredBy = ["acme-example.com.service" "bind.service"]; - before = ["acme-example.com.service" "bind.service"]; + requiredBy = ["acme-example.com.service" "bind.service"]; + before = ["acme-example.com.service" "bind.service"]; unitConfig = { - ConditionPathExists = "!/var/lib/secrets/dnskeys.conf"; + ConditionPathExists = "!/var/lib/secrets/dnskeys.conf"; }; serviceConfig = { - Type = "oneshot"; + Type = "oneshot"; UMask = 0077; }; path = [ pkgs.bind ]; @@ -254,7 +244,7 @@ systemd.services.dns-rfc2136-conf = { chmod 400 /var/lib/secrets/dnskeys.conf # extract secret value from the dnskeys.conf - while read x y; do if [ "$x" = "secret" ]; then secret="''${y:1:''${#y}-3}"; fi; done < /var/lib/secrets/dnskeys.conf + while read x y; do if [ "$x" = "secret" ]; then secret="''${y:1:''${#y}-3}"; fi; done < /var/lib/secrets/dnskeys.conf cat > /var/lib/secrets/certs.secret << EOF RFC2136_NAMESERVER='127.0.0.1:53' @@ -266,40 +256,37 @@ systemd.services.dns-rfc2136-conf = { ''; }; - - - Now you're all set to generate certs! You should monitor the first invocation - by running systemctl start acme-example.com.service & - journalctl -fu acme-example.com.service and watching its log output. - -
- -
- Using DNS validation with web server virtual hosts - - - It is possible to use DNS-01 validation with all certificates, - including those automatically configured via the Nginx/Apache - enableACME - option. This configuration pattern is fully - supported and part of the module's test suite for Nginx + Apache. - - - - You must follow the guide above on configuring DNS-01 validation - first, however instead of setting the options for one certificate - (e.g. ) - you will set them as defaults - (e.g. ). - - - + + Now you're all set to generate certs! You should monitor the first + invocation by running + systemctl start acme-example.com.service & journalctl -fu acme-example.com.service + and watching its log output. + +
+
+ Using DNS validation with web server virtual hosts + + It is possible to use DNS-01 validation with all certificates, + including those automatically configured via the Nginx/Apache + enableACME + option. This configuration pattern is fully supported and part of + the module's test suite for Nginx + Apache. + + + You must follow the guide above on configuring DNS-01 validation + first, however instead of setting the options for one certificate + (e.g. + ) + you will set them as defaults (e.g. + ). + + # Configure ACME appropriately security.acme.acceptTerms = true; -security.acme.defaults.email = "admin+acme@example.com"; +security.acme.defaults.email = "admin+acme@example.com"; security.acme.defaults = { - dnsProvider = "rfc2136"; - credentialsFile = "/var/lib/secrets/certs.secret"; + dnsProvider = "rfc2136"; + credentialsFile = "/var/lib/secrets/certs.secret"; # We don't need to wait for propagation since this is a local DNS server dnsPropagationCheck = false; }; @@ -309,97 +296,92 @@ security.acme.defaults = { services.nginx = { enable = true; virtualHosts = { - "foo.example.com" = { + "foo.example.com" = { enableACME = true; acmeRoot = null; }; }; } - - - And that's it! Next time your configuration is rebuilt, or when - you add a new virtualHost, it will be DNS-01 validated. - -
- -
- Using ACME with services demanding root owned certificates - - - Some services refuse to start if the configured certificate files - are not owned by root. PostgreSQL and OpenSMTPD are examples of these. - There is no way to change the user the ACME module uses (it will always be - acme), however you can use systemd's - LoadCredential feature to resolve this elegantly. - Below is an example configuration for OpenSMTPD, but this pattern - can be applied to any service. - - - + + And that's it! Next time your configuration is rebuilt, or when + you add a new virtualHost, it will be DNS-01 validated. + +
+
+ Using ACME with services demanding root owned + certificates + + Some services refuse to start if the configured certificate files + are not owned by root. PostgreSQL and OpenSMTPD are examples of + these. There is no way to change the user the ACME module uses (it + will always be acme), however you can use + systemd's LoadCredential feature to resolve + this elegantly. Below is an example configuration for OpenSMTPD, + but this pattern can be applied to any service. + + # Configure ACME however you like (DNS or HTTP validation), adding # the following configuration for the relevant certificate. # Note: You cannot use `systemctl reload` here as that would mean # the LoadCredential configuration below would be skipped and # the service would continue to use old certificates. -security.acme.certs."mail.example.com".postRun = '' +security.acme.certs."mail.example.com".postRun = '' systemctl restart opensmtpd ''; # Now you must augment OpenSMTPD's systemd service to load # the certificate files. -systemd.services.opensmtpd.requires = ["acme-finished-mail.example.com.target"]; +systemd.services.opensmtpd.requires = ["acme-finished-mail.example.com.target"]; systemd.services.opensmtpd.serviceConfig.LoadCredential = let - certDir = config.security.acme.certs."mail.example.com".directory; + certDir = config.security.acme.certs."mail.example.com".directory; in [ - "cert.pem:${certDir}/cert.pem" - "key.pem:${certDir}/key.pem" + "cert.pem:${certDir}/cert.pem" + "key.pem:${certDir}/key.pem" ]; # Finally, configure OpenSMTPD to use these certs. services.opensmtpd = let - credsDir = "/run/credentials/opensmtpd.service"; + credsDir = "/run/credentials/opensmtpd.service"; in { enable = true; setSendmail = false; serverConfiguration = '' - pki mail.example.com cert "${credsDir}/cert.pem" - pki mail.example.com key "${credsDir}/key.pem" + pki mail.example.com cert "${credsDir}/cert.pem" + pki mail.example.com key "${credsDir}/key.pem" listen on localhost tls pki mail.example.com action act1 relay host smtp://127.0.0.1:10027 match for local action act1 ''; }; -
- -
- Regenerating certificates - - - Should you need to regenerate a particular certificate in a hurry, such - as when a vulnerability is found in Let's Encrypt, there is now a convenient - mechanism for doing so. Running - systemctl clean --what=state acme-example.com.service - will remove all certificate files and the account data for the given domain, - allowing you to then systemctl start acme-example.com.service - to generate fresh ones. - -
-
- Fixing JWS Verification error - - - It is possible that your account credentials file may become corrupt and need - to be regenerated. In this scenario lego will produce the error JWS verification error. - The solution is to simply delete the associated accounts file and - re-run the affected service(s). - - - +
+
+ Regenerating certificates + + Should you need to regenerate a particular certificate in a hurry, + such as when a vulnerability is found in Let's Encrypt, there is + now a convenient mechanism for doing so. Running + systemctl clean --what=state acme-example.com.service + will remove all certificate files and the account data for the + given domain, allowing you to then + systemctl start acme-example.com.service to + generate fresh ones. + +
+
+ Fixing JWS Verification error + + It is possible that your account credentials file may become + corrupt and need to be regenerated. In this scenario lego will + produce the error JWS verification error. The + solution is to simply delete the associated accounts file and + re-run the affected service(s). + + # Find the accounts folder for the certificate systemctl cat acme-example.com.service | grep -Po 'accounts/[^:]*' -export accountdir="$(!!)" +export accountdir="$(!!)" # Move this folder to some place else mv /var/lib/acme/.lego/$accountdir{,.bak} # Recreate the folder using systemd-tmpfiles @@ -408,6 +390,5 @@ systemd-tmpfiles --create # Note: Do this for all certs that share the same account email address systemctl start acme-example.com.service - -
+
From 1ce4fde27b62b878d60cd3e9baad5ae5b0042a45 Mon Sep 17 00:00:00 2001 From: pennae Date: Mon, 2 Jan 2023 23:56:45 +0100 Subject: [PATCH 038/155] nixos/borgbackup: convert manual chapter to MD --- nixos/modules/services/backup/borgbackup.md | 163 ++++++++++ nixos/modules/services/backup/borgbackup.nix | 2 + nixos/modules/services/backup/borgbackup.xml | 303 +++++++++---------- 3 files changed, 314 insertions(+), 154 deletions(-) create mode 100644 nixos/modules/services/backup/borgbackup.md diff --git a/nixos/modules/services/backup/borgbackup.md b/nixos/modules/services/backup/borgbackup.md new file mode 100644 index 00000000000..e86ae593bbd --- /dev/null +++ b/nixos/modules/services/backup/borgbackup.md @@ -0,0 +1,163 @@ +# BorgBackup {#module-borgbase} + +*Source:* {file}`modules/services/backup/borgbackup.nix` + +*Upstream documentation:* + +[BorgBackup](https://www.borgbackup.org/) (short: Borg) +is a deduplicating backup program. Optionally, it supports compression and +authenticated encryption. + +The main goal of Borg is to provide an efficient and secure way to backup +data. The data deduplication technique used makes Borg suitable for daily +backups since only changes are stored. The authenticated encryption technique +makes it suitable for backups to not fully trusted targets. + +## Configuring {#module-services-backup-borgbackup-configuring} + +A complete list of options for the Borgbase module may be found +[here](#opt-services.borgbackup.jobs). + +## Basic usage for a local backup {#opt-services-backup-borgbackup-local-directory} + +A very basic configuration for backing up to a locally accessible directory is: +``` +{ + opt.services.borgbackup.jobs = { + { rootBackup = { + paths = "/"; + exclude = [ "/nix" "/path/to/local/repo" ]; + repo = "/path/to/local/repo"; + doInit = true; + encryption = { + mode = "repokey"; + passphrase = "secret"; + }; + compression = "auto,lzma"; + startAt = "weekly"; + }; + } + }; +} +``` + +::: {.warning} +If you do not want the passphrase to be stored in the world-readable +Nix store, use passCommand. You find an example below. +::: + +## Create a borg backup server {#opt-services-backup-create-server} + +You should use a different SSH key for each repository you write to, +because the specified keys are restricted to running borg serve and can only +access this single repository. You need the output of the generate pub file. + +```ShellSession +# sudo ssh-keygen -N '' -t ed25519 -f /run/keys/id_ed25519_my_borg_repo +# cat /run/keys/id_ed25519_my_borg_repo +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID78zmOyA+5uPG4Ot0hfAy+sLDPU1L4AiIoRYEIVbbQ/ root@nixos +``` + +Add the following snippet to your NixOS configuration: +``` +{ + services.borgbackup.repos = { + my_borg_repo = { + authorizedKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID78zmOyA+5uPG4Ot0hfAy+sLDPU1L4AiIoRYEIVbbQ/ root@nixos" + ] ; + path = "/var/lib/my_borg_repo" ; + }; + }; +} +``` + +## Backup to the borg repository server {#opt-services-backup-borgbackup-remote-server} + +The following NixOS snippet creates an hourly backup to the service +(on the host nixos) as created in the section above. We assume +that you have stored a secret passphrasse in the file +{file}`/run/keys/borgbackup_passphrase`, which should be only +accessible by root + +``` +{ + services.borgbackup.jobs = { + backupToLocalServer = { + paths = [ "/etc/nixos" ]; + doInit = true; + repo = "borg@nixos:." ; + encryption = { + mode = "repokey-blake2"; + passCommand = "cat /run/keys/borgbackup_passphrase"; + }; + environment = { BORG_RSH = "ssh -i /run/keys/id_ed25519_my_borg_repo"; }; + compression = "auto,lzma"; + startAt = "hourly"; + }; + }; +}; +``` + +The following few commands (run as root) let you test your backup. +``` +> nixos-rebuild switch +...restarting the following units: polkit.service +> systemctl restart borgbackup-job-backupToLocalServer +> sleep 10 +> systemctl restart borgbackup-job-backupToLocalServer +> export BORG_PASSPHRASE=topSecrect +> borg list --rsh='ssh -i /run/keys/id_ed25519_my_borg_repo' borg@nixos:. +nixos-backupToLocalServer-2020-03-30T21:46:17 Mon, 2020-03-30 21:46:19 [84feb97710954931ca384182f5f3cb90665f35cef214760abd7350fb064786ac] +nixos-backupToLocalServer-2020-03-30T21:46:30 Mon, 2020-03-30 21:46:32 [e77321694ecd160ca2228611747c6ad1be177d6e0d894538898de7a2621b6e68] +``` + +## Backup to a hosting service {#opt-services-backup-borgbackup-borgbase} + +Several companies offer [(paid) hosting services](https://www.borgbackup.org/support/commercial.html) +for Borg repositories. + +To backup your home directory to borgbase you have to: + + - Generate a SSH key without a password, to access the remote server. E.g. + + sudo ssh-keygen -N '' -t ed25519 -f /run/keys/id_ed25519_borgbase + + - Create the repository on the server by following the instructions for your + hosting server. + - Initialize the repository on the server. Eg. + + sudo borg init --encryption=repokey-blake2 \ + -rsh "ssh -i /run/keys/id_ed25519_borgbase" \ + zzz2aaaaa@zzz2aaaaa.repo.borgbase.com:repo + + - Add it to your NixOS configuration, e.g. + + { + services.borgbackup.jobs = { + my_Remote_Backup = { + paths = [ "/" ]; + exclude = [ "/nix" "'**/.cache'" ]; + repo = "zzz2aaaaa@zzz2aaaaa.repo.borgbase.com:repo"; + encryption = { + mode = "repokey-blake2"; + passCommand = "cat /run/keys/borgbackup_passphrase"; + }; + environment = { BORG_RSH = "ssh -i /run/keys/id_ed25519_borgbase"; }; + compression = "auto,lzma"; + startAt = "daily"; + }; + }; + }} + +## Vorta backup client for the desktop {#opt-services-backup-borgbackup-vorta} + +Vorta is a backup client for macOS and Linux desktops. It integrates the +mighty BorgBackup with your desktop environment to protect your data from +disk failure, ransomware and theft. + +It can be installed in NixOS e.g. by adding `pkgs.vorta` +to [](#opt-environment.systemPackages). + +Details about using Vorta can be found under +[https://vorta.borgbase.com](https://vorta.borgbase.com/usage) . diff --git a/nixos/modules/services/backup/borgbackup.nix b/nixos/modules/services/backup/borgbackup.nix index c5fc09dcea0..6c79cc601c6 100644 --- a/nixos/modules/services/backup/borgbackup.nix +++ b/nixos/modules/services/backup/borgbackup.nix @@ -226,6 +226,8 @@ let in { meta.maintainers = with maintainers; [ dotlambda ]; + # Don't edit the docbook xml directly, edit the md and generate it: + # `pandoc borgbackup.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > borgbackup.xml` meta.doc = ./borgbackup.xml; ###### interface diff --git a/nixos/modules/services/backup/borgbackup.xml b/nixos/modules/services/backup/borgbackup.xml index 5051289882b..26ba6b1e63c 100644 --- a/nixos/modules/services/backup/borgbackup.xml +++ b/nixos/modules/services/backup/borgbackup.xml @@ -1,218 +1,213 @@ - - BorgBackup + + BorgBackup - Source: - modules/services/backup/borgbackup.nix - - - Upstream documentation: - - - - BorgBackup (short: Borg) - is a deduplicating backup program. Optionally, it supports compression and - authenticated encryption. + Source: + modules/services/backup/borgbackup.nix - The main goal of Borg is to provide an efficient and secure way to backup - data. The data deduplication technique used makes Borg suitable for daily - backups since only changes are stored. The authenticated encryption technique - makes it suitable for backups to not fully trusted targets. - + Upstream documentation: + https://borgbackup.readthedocs.io/ + + + BorgBackup + (short: Borg) is a deduplicating backup program. Optionally, it + supports compression and authenticated encryption. + + + The main goal of Borg is to provide an efficient and secure way to + backup data. The data deduplication technique used makes Borg + suitable for daily backups since only changes are stored. The + authenticated encryption technique makes it suitable for backups to + not fully trusted targets. +
- Configuring - - A complete list of options for the Borgbase module may be found - here. - -
-
- Basic usage for a local backup - - - A very basic configuration for backing up to a locally accessible directory - is: - + Configuring + + A complete list of options for the Borgbase module may be found + here. + +
+
+ Basic usage for a local backup + + A very basic configuration for backing up to a locally accessible + directory is: + + { opt.services.borgbackup.jobs = { { rootBackup = { - paths = "/"; - exclude = [ "/nix" "/path/to/local/repo" ]; - repo = "/path/to/local/repo"; + paths = "/"; + exclude = [ "/nix" "/path/to/local/repo" ]; + repo = "/path/to/local/repo"; doInit = true; encryption = { - mode = "repokey"; - passphrase = "secret"; + mode = "repokey"; + passphrase = "secret"; }; - compression = "auto,lzma"; - startAt = "weekly"; + compression = "auto,lzma"; + startAt = "weekly"; }; } }; } - - + + + If you do not want the passphrase to be stored in the + world-readable Nix store, use passCommand. You find an example + below. + + +
+
+ Create a borg backup server - If you do not want the passphrase to be stored in the world-readable - Nix store, use passCommand. You find an example below. + You should use a different SSH key for each repository you write + to, because the specified keys are restricted to running borg + serve and can only access this single repository. You need the + output of the generate pub file. - -
-
- Create a borg backup server - You should use a different SSH key for each repository you write to, - because the specified keys are restricted to running borg serve and can only - access this single repository. You need the output of the generate pub file. - - - -# sudo ssh-keygen -N '' -t ed25519 -f /run/keys/id_ed25519_my_borg_repo -# cat /run/keys/id_ed25519_my_borg_repo + +# sudo ssh-keygen -N '' -t ed25519 -f /run/keys/id_ed25519_my_borg_repo +# cat /run/keys/id_ed25519_my_borg_repo ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID78zmOyA+5uPG4Ot0hfAy+sLDPU1L4AiIoRYEIVbbQ/ root@nixos - - + Add the following snippet to your NixOS configuration: - + + { services.borgbackup.repos = { my_borg_repo = { authorizedKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID78zmOyA+5uPG4Ot0hfAy+sLDPU1L4AiIoRYEIVbbQ/ root@nixos" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID78zmOyA+5uPG4Ot0hfAy+sLDPU1L4AiIoRYEIVbbQ/ root@nixos" ] ; - path = "/var/lib/my_borg_repo" ; + path = "/var/lib/my_borg_repo" ; }; }; } +
+
+ Backup to the borg repository server + + The following NixOS snippet creates an hourly backup to the + service (on the host nixos) as created in the section above. We + assume that you have stored a secret passphrasse in the file + /run/keys/borgbackup_passphrase, which should + be only accessible by root -
- -
- Backup to the borg repository server - The following NixOS snippet creates an hourly backup to the service - (on the host nixos) as created in the section above. We assume - that you have stored a secret passphrasse in the file - /run/keys/borgbackup_passphrase, which should be only - accessible by root - - - + { services.borgbackup.jobs = { backupToLocalServer = { - paths = [ "/etc/nixos" ]; + paths = [ "/etc/nixos" ]; doInit = true; - repo = "borg@nixos:." ; + repo = "borg@nixos:." ; encryption = { - mode = "repokey-blake2"; - passCommand = "cat /run/keys/borgbackup_passphrase"; + mode = "repokey-blake2"; + passCommand = "cat /run/keys/borgbackup_passphrase"; }; - environment = { BORG_RSH = "ssh -i /run/keys/id_ed25519_my_borg_repo"; }; - compression = "auto,lzma"; - startAt = "hourly"; + environment = { BORG_RSH = "ssh -i /run/keys/id_ed25519_my_borg_repo"; }; + compression = "auto,lzma"; + startAt = "hourly"; }; }; }; - - The following few commands (run as root) let you test your backup. - -> nixos-rebuild switch + + The following few commands (run as root) let you test your backup. + + +> nixos-rebuild switch ...restarting the following units: polkit.service -> systemctl restart borgbackup-job-backupToLocalServer -> sleep 10 -> systemctl restart borgbackup-job-backupToLocalServer -> export BORG_PASSPHRASE=topSecrect -> borg list --rsh='ssh -i /run/keys/id_ed25519_my_borg_repo' borg@nixos:. +> systemctl restart borgbackup-job-backupToLocalServer +> sleep 10 +> systemctl restart borgbackup-job-backupToLocalServer +> export BORG_PASSPHRASE=topSecrect +> borg list --rsh='ssh -i /run/keys/id_ed25519_my_borg_repo' borg@nixos:. nixos-backupToLocalServer-2020-03-30T21:46:17 Mon, 2020-03-30 21:46:19 [84feb97710954931ca384182f5f3cb90665f35cef214760abd7350fb064786ac] nixos-backupToLocalServer-2020-03-30T21:46:30 Mon, 2020-03-30 21:46:32 [e77321694ecd160ca2228611747c6ad1be177d6e0d894538898de7a2621b6e68] - -
- -
- Backup to a hosting service - - - Several companies offer (paid) +
+
+ Backup to a hosting service + + Several companies offer + (paid) hosting services for Borg repositories. - - - To backup your home directory to borgbase you have to: - - - - - Generate a SSH key without a password, to access the remote server. E.g. + To backup your home directory to borgbase you have to: + + + + + Generate a SSH key without a password, to access the remote + server. E.g. + sudo ssh-keygen -N '' -t ed25519 -f /run/keys/id_ed25519_borgbase - - - - - Create the repository on the server by following the instructions for your - hosting server. - - - - - Initialize the repository on the server. Eg. - + + + + Create the repository on the server by following the + instructions for your hosting server. + + + + + Initialize the repository on the server. Eg. + + sudo borg init --encryption=repokey-blake2 \ - -rsh "ssh -i /run/keys/id_ed25519_borgbase" \ + -rsh "ssh -i /run/keys/id_ed25519_borgbase" \ zzz2aaaaa@zzz2aaaaa.repo.borgbase.com:repo - - - -Add it to your NixOS configuration, e.g. - + + + + Add it to your NixOS configuration, e.g. + + { services.borgbackup.jobs = { my_Remote_Backup = { - paths = [ "/" ]; - exclude = [ "/nix" "'**/.cache'" ]; - repo = "zzz2aaaaa@zzz2aaaaa.repo.borgbase.com:repo"; + paths = [ "/" ]; + exclude = [ "/nix" "'**/.cache'" ]; + repo = "zzz2aaaaa@zzz2aaaaa.repo.borgbase.com:repo"; encryption = { - mode = "repokey-blake2"; - passCommand = "cat /run/keys/borgbackup_passphrase"; + mode = "repokey-blake2"; + passCommand = "cat /run/keys/borgbackup_passphrase"; }; - environment = { BORG_RSH = "ssh -i /run/keys/id_ed25519_borgbase"; }; - compression = "auto,lzma"; - startAt = "daily"; + environment = { BORG_RSH = "ssh -i /run/keys/id_ed25519_borgbase"; }; + compression = "auto,lzma"; + startAt = "daily"; }; }; }} - - - -
+ + +
- Vorta backup client for the desktop - - Vorta is a backup client for macOS and Linux desktops. It integrates the - mighty BorgBackup with your desktop environment to protect your data from - disk failure, ransomware and theft. - - - It can be installed in NixOS e.g. by adding pkgs.vorta - to . - - - Details about using Vorta can be found under https://vorta.borgbase.com - . - -
+ Vorta backup client for the desktop + + Vorta is a backup client for macOS and Linux desktops. It + integrates the mighty BorgBackup with your desktop environment to + protect your data from disk failure, ransomware and theft. + + + It can be installed in NixOS e.g. by adding + pkgs.vorta to + . + + + Details about using Vorta can be found under + https://vorta.borgbase.com + . + +
From 5b012f2c5563494f8bd0277feb9be8c3dc6cb1ce Mon Sep 17 00:00:00 2001 From: pennae Date: Tue, 3 Jan 2023 00:24:36 +0100 Subject: [PATCH 039/155] nixos/foundationdb: convert manual chapter to MD --- .../services/databases/foundationdb.md | 309 ++++++++ .../services/databases/foundationdb.nix | 2 + .../services/databases/foundationdb.xml | 734 +++++++++--------- 3 files changed, 668 insertions(+), 377 deletions(-) create mode 100644 nixos/modules/services/databases/foundationdb.md diff --git a/nixos/modules/services/databases/foundationdb.md b/nixos/modules/services/databases/foundationdb.md new file mode 100644 index 00000000000..f852c6888d8 --- /dev/null +++ b/nixos/modules/services/databases/foundationdb.md @@ -0,0 +1,309 @@ +# FoundationDB {#module-services-foundationdb} + +*Source:* {file}`modules/services/databases/foundationdb.nix` + +*Upstream documentation:* + +*Maintainer:* Austin Seipp + +*Available version(s):* 5.1.x, 5.2.x, 6.0.x + +FoundationDB (or "FDB") is an open source, distributed, transactional +key-value store. + +## Configuring and basic setup {#module-services-foundationdb-configuring} + +To enable FoundationDB, add the following to your +{file}`configuration.nix`: +``` +services.foundationdb.enable = true; +services.foundationdb.package = pkgs.foundationdb52; # FoundationDB 5.2.x +``` + +The {option}`services.foundationdb.package` option is required, and +must always be specified. Due to the fact FoundationDB network protocols and +on-disk storage formats may change between (major) versions, and upgrades +must be explicitly handled by the user, you must always manually specify +this yourself so that the NixOS module will use the proper version. Note +that minor, bugfix releases are always compatible. + +After running {command}`nixos-rebuild`, you can verify whether +FoundationDB is running by executing {command}`fdbcli` (which is +added to {option}`environment.systemPackages`): +```ShellSession +$ sudo -u foundationdb fdbcli +Using cluster file `/etc/foundationdb/fdb.cluster'. + +The database is available. + +Welcome to the fdbcli. For help, type `help'. +fdb> status + +Using cluster file `/etc/foundationdb/fdb.cluster'. + +Configuration: + Redundancy mode - single + Storage engine - memory + Coordinators - 1 + +Cluster: + FoundationDB processes - 1 + Machines - 1 + Memory availability - 5.4 GB per process on machine with least available + Fault Tolerance - 0 machines + Server time - 04/20/18 15:21:14 + +... + +fdb> +``` + +You can also write programs using the available client libraries. For +example, the following Python program can be run in order to grab the +cluster status, as a quick example. (This example uses +{command}`nix-shell` shebang support to automatically supply the +necessary Python modules). +```ShellSession +a@link> cat fdb-status.py +#! /usr/bin/env nix-shell +#! nix-shell -i python -p python pythonPackages.foundationdb52 + +import fdb +import json + +def main(): + fdb.api_version(520) + db = fdb.open() + + @fdb.transactional + def get_status(tr): + return str(tr['\xff\xff/status/json']) + + obj = json.loads(get_status(db)) + print('FoundationDB available: %s' % obj['client']['database_status']['available']) + +if __name__ == "__main__": + main() +a@link> chmod +x fdb-status.py +a@link> ./fdb-status.py +FoundationDB available: True +a@link> +``` + +FoundationDB is run under the {command}`foundationdb` user and group +by default, but this may be changed in the NixOS configuration. The systemd +unit {command}`foundationdb.service` controls the +{command}`fdbmonitor` process. + +By default, the NixOS module for FoundationDB creates a single SSD-storage +based database for development and basic usage. This storage engine is +designed for SSDs and will perform poorly on HDDs; however it can handle far +more data than the alternative "memory" engine and is a better default +choice for most deployments. (Note that you can change the storage backend +on-the-fly for a given FoundationDB cluster using +{command}`fdbcli`.) + +Furthermore, only 1 server process and 1 backup agent are started in the +default configuration. See below for more on scaling to increase this. + +FoundationDB stores all data for all server processes under +{file}`/var/lib/foundationdb`. You can override this using +{option}`services.foundationdb.dataDir`, e.g. +``` +services.foundationdb.dataDir = "/data/fdb"; +``` + +Similarly, logs are stored under {file}`/var/log/foundationdb` +by default, and there is a corresponding +{option}`services.foundationdb.logDir` as well. + +## Scaling processes and backup agents {#module-services-foundationdb-scaling} + +Scaling the number of server processes is quite easy; simply specify +{option}`services.foundationdb.serverProcesses` to be the number of +FoundationDB worker processes that should be started on the machine. + +FoundationDB worker processes typically require 4GB of RAM per-process at +minimum for good performance, so this option is set to 1 by default since +the maximum amount of RAM is unknown. You're advised to abide by this +restriction, so pick a number of processes so that each has 4GB or more. + +A similar option exists in order to scale backup agent processes, +{option}`services.foundationdb.backupProcesses`. Backup agents are +not as performance/RAM sensitive, so feel free to experiment with the number +of available backup processes. + +## Clustering {#module-services-foundationdb-clustering} + +FoundationDB on NixOS works similarly to other Linux systems, so this +section will be brief. Please refer to the full FoundationDB documentation +for more on clustering. + +FoundationDB organizes clusters using a set of +*coordinators*, which are just specially-designated +worker processes. By default, every installation of FoundationDB on NixOS +will start as its own individual cluster, with a single coordinator: the +first worker process on {command}`localhost`. + +Coordinators are specified globally using the +{command}`/etc/foundationdb/fdb.cluster` file, which all servers and +client applications will use to find and join coordinators. Note that this +file *can not* be managed by NixOS so easily: +FoundationDB is designed so that it will rewrite the file at runtime for all +clients and nodes when cluster coordinators change, with clients +transparently handling this without intervention. It is fundamentally a +mutable file, and you should not try to manage it in any way in NixOS. + +When dealing with a cluster, there are two main things you want to do: + + - Add a node to the cluster for storage/compute. + - Promote an ordinary worker to a coordinator. + +A node must already be a member of the cluster in order to properly be +promoted to a coordinator, so you must always add it first if you wish to +promote it. + +To add a machine to a FoundationDB cluster: + + - Choose one of the servers to start as the initial coordinator. + - Copy the {command}`/etc/foundationdb/fdb.cluster` file from this + server to all the other servers. Restart FoundationDB on all of these + other servers, so they join the cluster. + - All of these servers are now connected and working together in the + cluster, under the chosen coordinator. + +At this point, you can add as many nodes as you want by just repeating the +above steps. By default there will still be a single coordinator: you can +use {command}`fdbcli` to change this and add new coordinators. + +As a convenience, FoundationDB can automatically assign coordinators based +on the redundancy mode you wish to achieve for the cluster. Once all the +nodes have been joined, simply set the replication policy, and then issue +the {command}`coordinators auto` command + +For example, assuming we have 3 nodes available, we can enable double +redundancy mode, then auto-select coordinators. For double redundancy, 3 +coordinators is ideal: therefore FoundationDB will make +*every* node a coordinator automatically: + +```ShellSession +fdbcli> configure double ssd +fdbcli> coordinators auto +``` + +This will transparently update all the servers within seconds, and +appropriately rewrite the {command}`fdb.cluster` file, as well as +informing all client processes to do the same. + +## Client connectivity {#module-services-foundationdb-connectivity} + +By default, all clients must use the current {command}`fdb.cluster` +file to access a given FoundationDB cluster. This file is located by default +in {command}`/etc/foundationdb/fdb.cluster` on all machines with the +FoundationDB service enabled, so you may copy the active one from your +cluster to a new node in order to connect, if it is not part of the cluster. + +## Client authorization and TLS {#module-services-foundationdb-authorization} + +By default, any user who can connect to a FoundationDB process with the +correct cluster configuration can access anything. FoundationDB uses a +pluggable design to transport security, and out of the box it supports a +LibreSSL-based plugin for TLS support. This plugin not only does in-flight +encryption, but also performs client authorization based on the given +endpoint's certificate chain. For example, a FoundationDB server may be +configured to only accept client connections over TLS, where the client TLS +certificate is from organization *Acme Co* in the +*Research and Development* unit. + +Configuring TLS with FoundationDB is done using the +{option}`services.foundationdb.tls` options in order to control the +peer verification string, as well as the certificate and its private key. + +Note that the certificate and its private key must be accessible to the +FoundationDB user account that the server runs under. These files are also +NOT managed by NixOS, as putting them into the store may reveal private +information. + +After you have a key and certificate file in place, it is not enough to +simply set the NixOS module options -- you must also configure the +{command}`fdb.cluster` file to specify that a given set of +coordinators use TLS. This is as simple as adding the suffix +{command}`:tls` to your cluster coordinator configuration, after the +port number. For example, assuming you have a coordinator on localhost with +the default configuration, simply specifying: + +``` +XXXXXX:XXXXXX@127.0.0.1:4500:tls +``` + +will configure all clients and server processes to use TLS from now on. + +## Backups and Disaster Recovery {#module-services-foundationdb-disaster-recovery} + +The usual rules for doing FoundationDB backups apply on NixOS as written in +the FoundationDB manual. However, one important difference is the security +profile for NixOS: by default, the {command}`foundationdb` systemd +unit uses *Linux namespaces* to restrict write access to +the system, except for the log directory, data directory, and the +{command}`/etc/foundationdb/` directory. This is enforced by default +and cannot be disabled. + +However, a side effect of this is that the {command}`fdbbackup` +command doesn't work properly for local filesystem backups: FoundationDB +uses a server process alongside the database processes to perform backups +and copy the backups to the filesystem. As a result, this process is put +under the restricted namespaces above: the backup process can only write to +a limited number of paths. + +In order to allow flexible backup locations on local disks, the FoundationDB +NixOS module supports a +{option}`services.foundationdb.extraReadWritePaths` option. This +option takes a list of paths, and adds them to the systemd unit, allowing +the processes inside the service to write (and read) the specified +directories. + +For example, to create backups in {command}`/opt/fdb-backups`, first +set up the paths in the module options: + +``` +services.foundationdb.extraReadWritePaths = [ "/opt/fdb-backups" ]; +``` + +Restart the FoundationDB service, and it will now be able to write to this +directory (even if it does not yet exist.) Note: this path +*must* exist before restarting the unit. Otherwise, +systemd will not include it in the private FoundationDB namespace (and it +will not add it dynamically at runtime). + +You can now perform a backup: + +```ShellSession +$ sudo -u foundationdb fdbbackup start -t default -d file:///opt/fdb-backups +$ sudo -u foundationdb fdbbackup status -t default +``` + +## Known limitations {#module-services-foundationdb-limitations} + +The FoundationDB setup for NixOS should currently be considered beta. +FoundationDB is not new software, but the NixOS compilation and integration +has only undergone fairly basic testing of all the available functionality. + + - There is no way to specify individual parameters for individual + {command}`fdbserver` processes. Currently, all server processes + inherit all the global {command}`fdbmonitor` settings. + - Ruby bindings are not currently installed. + - Go bindings are not currently installed. + +## Options {#module-services-foundationdb-options} + +NixOS's FoundationDB module allows you to configure all of the most relevant +configuration options for {command}`fdbmonitor`, matching it quite +closely. A complete list of options for the FoundationDB module may be found +[here](#opt-services.foundationdb.enable). You should +also read the FoundationDB documentation as well. + +## Full documentation {#module-services-foundationdb-full-docs} + +FoundationDB is a complex piece of software, and requires careful +administration to properly use. Full documentation for administration can be +found here: . diff --git a/nixos/modules/services/databases/foundationdb.nix b/nixos/modules/services/databases/foundationdb.nix index 16d539b661e..fdfe5a28f31 100644 --- a/nixos/modules/services/databases/foundationdb.nix +++ b/nixos/modules/services/databases/foundationdb.nix @@ -424,6 +424,8 @@ in }; }; + # Don't edit the docbook xml directly, edit the md and generate it: + # `pandoc foundationdb.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > foundationdb.xml` meta.doc = ./foundationdb.xml; meta.maintainers = with lib.maintainers; [ thoughtpolice ]; } diff --git a/nixos/modules/services/databases/foundationdb.xml b/nixos/modules/services/databases/foundationdb.xml index b0b1ebeab45..ae7a6dae955 100644 --- a/nixos/modules/services/databases/foundationdb.xml +++ b/nixos/modules/services/databases/foundationdb.xml @@ -1,60 +1,56 @@ - - FoundationDB - - Source: - modules/services/databases/foundationdb.nix - - - Upstream documentation: - - - - Maintainer: Austin Seipp - - - Available version(s): 5.1.x, 5.2.x, 6.0.x - - - FoundationDB (or "FDB") is an open source, distributed, transactional - key-value store. - -
- Configuring and basic setup - + + FoundationDB - To enable FoundationDB, add the following to your - configuration.nix: - + Source: + modules/services/databases/foundationdb.nix + + + Upstream documentation: + https://apple.github.io/foundationdb/ + + + Maintainer: Austin Seipp + + + Available version(s): 5.1.x, 5.2.x, 6.0.x + + + FoundationDB (or "FDB") is an open source, distributed, + transactional key-value store. + +
+ Configuring and basic setup + + To enable FoundationDB, add the following to your + configuration.nix: + + services.foundationdb.enable = true; services.foundationdb.package = pkgs.foundationdb52; # FoundationDB 5.2.x - - - - The option is required, and - must always be specified. Due to the fact FoundationDB network protocols and - on-disk storage formats may change between (major) versions, and upgrades - must be explicitly handled by the user, you must always manually specify - this yourself so that the NixOS module will use the proper version. Note - that minor, bugfix releases are always compatible. - - - - After running nixos-rebuild, you can verify whether - FoundationDB is running by executing fdbcli (which is - added to ): - -$ sudo -u foundationdb fdbcli + + The option is + required, and must always be specified. Due to the fact + FoundationDB network protocols and on-disk storage formats may + change between (major) versions, and upgrades must be explicitly + handled by the user, you must always manually specify this + yourself so that the NixOS module will use the proper version. + Note that minor, bugfix releases are always compatible. + + + After running nixos-rebuild, you can verify + whether FoundationDB is running by executing + fdbcli (which is added to + ): + + +$ sudo -u foundationdb fdbcli Using cluster file `/etc/foundationdb/fdb.cluster'. The database is available. Welcome to the fdbcli. For help, type `help'. -fdb> status +fdb> status Using cluster file `/etc/foundationdb/fdb.cluster'. @@ -72,18 +68,17 @@ Cluster: ... -fdb> - - - - - You can also write programs using the available client libraries. For - example, the following Python program can be run in order to grab the - cluster status, as a quick example. (This example uses - nix-shell shebang support to automatically supply the - necessary Python modules). - -a@link> cat fdb-status.py +fdb> + + + You can also write programs using the available client libraries. + For example, the following Python program can be run in order to + grab the cluster status, as a quick example. (This example uses + nix-shell shebang support to automatically + supply the necessary Python modules). + + +a@link> cat fdb-status.py #! /usr/bin/env nix-shell #! nix-shell -i python -p python pythonPackages.foundationdb52 @@ -101,343 +96,328 @@ def main(): obj = json.loads(get_status(db)) print('FoundationDB available: %s' % obj['client']['database_status']['available']) -if __name__ == "__main__": +if __name__ == "__main__": main() -a@link> chmod +x fdb-status.py -a@link> ./fdb-status.py +a@link> chmod +x fdb-status.py +a@link> ./fdb-status.py FoundationDB available: True -a@link> - - - - - FoundationDB is run under the foundationdb user and group - by default, but this may be changed in the NixOS configuration. The systemd - unit foundationdb.service controls the - fdbmonitor process. - - - - By default, the NixOS module for FoundationDB creates a single SSD-storage - based database for development and basic usage. This storage engine is - designed for SSDs and will perform poorly on HDDs; however it can handle far - more data than the alternative "memory" engine and is a better default - choice for most deployments. (Note that you can change the storage backend - on-the-fly for a given FoundationDB cluster using - fdbcli.) - - - - Furthermore, only 1 server process and 1 backup agent are started in the - default configuration. See below for more on scaling to increase this. - - - - FoundationDB stores all data for all server processes under - /var/lib/foundationdb. You can override this using - , e.g. - -services.foundationdb.dataDir = "/data/fdb"; +a@link> - - - - Similarly, logs are stored under /var/log/foundationdb - by default, and there is a corresponding - as well. - -
-
- Scaling processes and backup agents - - - Scaling the number of server processes is quite easy; simply specify - to be the number of - FoundationDB worker processes that should be started on the machine. - - - - FoundationDB worker processes typically require 4GB of RAM per-process at - minimum for good performance, so this option is set to 1 by default since - the maximum amount of RAM is unknown. You're advised to abide by this - restriction, so pick a number of processes so that each has 4GB or more. - - - - A similar option exists in order to scale backup agent processes, - . Backup agents are - not as performance/RAM sensitive, so feel free to experiment with the number - of available backup processes. - -
-
- Clustering - - - FoundationDB on NixOS works similarly to other Linux systems, so this - section will be brief. Please refer to the full FoundationDB documentation - for more on clustering. - - - - FoundationDB organizes clusters using a set of - coordinators, which are just specially-designated - worker processes. By default, every installation of FoundationDB on NixOS - will start as its own individual cluster, with a single coordinator: the - first worker process on localhost. - - - - Coordinators are specified globally using the - /etc/foundationdb/fdb.cluster file, which all servers and - client applications will use to find and join coordinators. Note that this - file can not be managed by NixOS so easily: - FoundationDB is designed so that it will rewrite the file at runtime for all - clients and nodes when cluster coordinators change, with clients - transparently handling this without intervention. It is fundamentally a - mutable file, and you should not try to manage it in any way in NixOS. - - - - When dealing with a cluster, there are two main things you want to do: - - - - - Add a node to the cluster for storage/compute. + FoundationDB is run under the foundationdb user + and group by default, but this may be changed in the NixOS + configuration. The systemd unit + foundationdb.service controls the + fdbmonitor process. - - - Promote an ordinary worker to a coordinator. + By default, the NixOS module for FoundationDB creates a single + SSD-storage based database for development and basic usage. This + storage engine is designed for SSDs and will perform poorly on + HDDs; however it can handle far more data than the alternative + "memory" engine and is a better default choice for most + deployments. (Note that you can change the storage backend + on-the-fly for a given FoundationDB cluster using + fdbcli.) - - - - - A node must already be a member of the cluster in order to properly be - promoted to a coordinator, so you must always add it first if you wish to - promote it. - - - - To add a machine to a FoundationDB cluster: - - - - - Choose one of the servers to start as the initial coordinator. + Furthermore, only 1 server process and 1 backup agent are started + in the default configuration. See below for more on scaling to + increase this. - - - Copy the /etc/foundationdb/fdb.cluster file from this - server to all the other servers. Restart FoundationDB on all of these - other servers, so they join the cluster. + FoundationDB stores all data for all server processes under + /var/lib/foundationdb. You can override this + using , e.g. - - + +services.foundationdb.dataDir = "/data/fdb"; + - All of these servers are now connected and working together in the - cluster, under the chosen coordinator. + Similarly, logs are stored under + /var/log/foundationdb by default, and there + is a corresponding + as well. - - - - - At this point, you can add as many nodes as you want by just repeating the - above steps. By default there will still be a single coordinator: you can - use fdbcli to change this and add new coordinators. - - - - As a convenience, FoundationDB can automatically assign coordinators based - on the redundancy mode you wish to achieve for the cluster. Once all the - nodes have been joined, simply set the replication policy, and then issue - the coordinators auto command - - - - For example, assuming we have 3 nodes available, we can enable double - redundancy mode, then auto-select coordinators. For double redundancy, 3 - coordinators is ideal: therefore FoundationDB will make - every node a coordinator automatically: - - - -fdbcli> configure double ssd -fdbcli> coordinators auto - - - - This will transparently update all the servers within seconds, and - appropriately rewrite the fdb.cluster file, as well as - informing all client processes to do the same. - -
-
- Client connectivity - - - By default, all clients must use the current fdb.cluster - file to access a given FoundationDB cluster. This file is located by default - in /etc/foundationdb/fdb.cluster on all machines with the - FoundationDB service enabled, so you may copy the active one from your - cluster to a new node in order to connect, if it is not part of the cluster. - -
-
- Client authorization and TLS - - - By default, any user who can connect to a FoundationDB process with the - correct cluster configuration can access anything. FoundationDB uses a - pluggable design to transport security, and out of the box it supports a - LibreSSL-based plugin for TLS support. This plugin not only does in-flight - encryption, but also performs client authorization based on the given - endpoint's certificate chain. For example, a FoundationDB server may be - configured to only accept client connections over TLS, where the client TLS - certificate is from organization Acme Co in the - Research and Development unit. - - - - Configuring TLS with FoundationDB is done using the - options in order to control the - peer verification string, as well as the certificate and its private key. - - - - Note that the certificate and its private key must be accessible to the - FoundationDB user account that the server runs under. These files are also - NOT managed by NixOS, as putting them into the store may reveal private - information. - - - - After you have a key and certificate file in place, it is not enough to - simply set the NixOS module options -- you must also configure the - fdb.cluster file to specify that a given set of - coordinators use TLS. This is as simple as adding the suffix - :tls to your cluster coordinator configuration, after the - port number. For example, assuming you have a coordinator on localhost with - the default configuration, simply specifying: - - - +
+
+ Scaling processes and backup agents + + Scaling the number of server processes is quite easy; simply + specify to + be the number of FoundationDB worker processes that should be + started on the machine. + + + FoundationDB worker processes typically require 4GB of RAM + per-process at minimum for good performance, so this option is set + to 1 by default since the maximum amount of RAM is unknown. You're + advised to abide by this restriction, so pick a number of + processes so that each has 4GB or more. + + + A similar option exists in order to scale backup agent processes, + . Backup + agents are not as performance/RAM sensitive, so feel free to + experiment with the number of available backup processes. + +
+
+ Clustering + + FoundationDB on NixOS works similarly to other Linux systems, so + this section will be brief. Please refer to the full FoundationDB + documentation for more on clustering. + + + FoundationDB organizes clusters using a set of + coordinators, which are just + specially-designated worker processes. By default, every + installation of FoundationDB on NixOS will start as its own + individual cluster, with a single coordinator: the first worker + process on localhost. + + + Coordinators are specified globally using the + /etc/foundationdb/fdb.cluster file, which all + servers and client applications will use to find and join + coordinators. Note that this file can not be + managed by NixOS so easily: FoundationDB is designed so that it + will rewrite the file at runtime for all clients and nodes when + cluster coordinators change, with clients transparently handling + this without intervention. It is fundamentally a mutable file, and + you should not try to manage it in any way in NixOS. + + + When dealing with a cluster, there are two main things you want to + do: + + + + + Add a node to the cluster for storage/compute. + + + + + Promote an ordinary worker to a coordinator. + + + + + A node must already be a member of the cluster in order to + properly be promoted to a coordinator, so you must always add it + first if you wish to promote it. + + + To add a machine to a FoundationDB cluster: + + + + + Choose one of the servers to start as the initial coordinator. + + + + + Copy the /etc/foundationdb/fdb.cluster file + from this server to all the other servers. Restart + FoundationDB on all of these other servers, so they join the + cluster. + + + + + All of these servers are now connected and working together in + the cluster, under the chosen coordinator. + + + + + At this point, you can add as many nodes as you want by just + repeating the above steps. By default there will still be a single + coordinator: you can use fdbcli to change this + and add new coordinators. + + + As a convenience, FoundationDB can automatically assign + coordinators based on the redundancy mode you wish to achieve for + the cluster. Once all the nodes have been joined, simply set the + replication policy, and then issue the + coordinators auto command + + + For example, assuming we have 3 nodes available, we can enable + double redundancy mode, then auto-select coordinators. For double + redundancy, 3 coordinators is ideal: therefore FoundationDB will + make every node a coordinator automatically: + + +fdbcli> configure double ssd +fdbcli> coordinators auto + + + This will transparently update all the servers within seconds, and + appropriately rewrite the fdb.cluster file, as + well as informing all client processes to do the same. + +
+
+ Client connectivity + + By default, all clients must use the current + fdb.cluster file to access a given FoundationDB + cluster. This file is located by default in + /etc/foundationdb/fdb.cluster on all machines + with the FoundationDB service enabled, so you may copy the active + one from your cluster to a new node in order to connect, if it is + not part of the cluster. + +
+
+ Client authorization and TLS + + By default, any user who can connect to a FoundationDB process + with the correct cluster configuration can access anything. + FoundationDB uses a pluggable design to transport security, and + out of the box it supports a LibreSSL-based plugin for TLS + support. This plugin not only does in-flight encryption, but also + performs client authorization based on the given endpoint's + certificate chain. For example, a FoundationDB server may be + configured to only accept client connections over TLS, where the + client TLS certificate is from organization Acme + Co in the Research and Development + unit. + + + Configuring TLS with FoundationDB is done using the + options in order to + control the peer verification string, as well as the certificate + and its private key. + + + Note that the certificate and its private key must be accessible + to the FoundationDB user account that the server runs under. These + files are also NOT managed by NixOS, as putting them into the + store may reveal private information. + + + After you have a key and certificate file in place, it is not + enough to simply set the NixOS module options -- you must also + configure the fdb.cluster file to specify that + a given set of coordinators use TLS. This is as simple as adding + the suffix :tls to your cluster coordinator + configuration, after the port number. For example, assuming you + have a coordinator on localhost with the default configuration, + simply specifying: + + XXXXXX:XXXXXX@127.0.0.1:4500:tls - - - will configure all clients and server processes to use TLS from now on. - -
-
- Backups and Disaster Recovery - - - The usual rules for doing FoundationDB backups apply on NixOS as written in - the FoundationDB manual. However, one important difference is the security - profile for NixOS: by default, the foundationdb systemd - unit uses Linux namespaces to restrict write access to - the system, except for the log directory, data directory, and the - /etc/foundationdb/ directory. This is enforced by default - and cannot be disabled. - - - - However, a side effect of this is that the fdbbackup - command doesn't work properly for local filesystem backups: FoundationDB - uses a server process alongside the database processes to perform backups - and copy the backups to the filesystem. As a result, this process is put - under the restricted namespaces above: the backup process can only write to - a limited number of paths. - - - - In order to allow flexible backup locations on local disks, the FoundationDB - NixOS module supports a - option. This - option takes a list of paths, and adds them to the systemd unit, allowing - the processes inside the service to write (and read) the specified - directories. - - - - For example, to create backups in /opt/fdb-backups, first - set up the paths in the module options: - - - -services.foundationdb.extraReadWritePaths = [ "/opt/fdb-backups" ]; + + will configure all clients and server processes to use TLS from + now on. + +
+
+ Backups and Disaster Recovery + + The usual rules for doing FoundationDB backups apply on NixOS as + written in the FoundationDB manual. However, one important + difference is the security profile for NixOS: by default, the + foundationdb systemd unit uses Linux + namespaces to restrict write access to the system, + except for the log directory, data directory, and the + /etc/foundationdb/ directory. This is enforced + by default and cannot be disabled. + + + However, a side effect of this is that the + fdbbackup command doesn't work properly for + local filesystem backups: FoundationDB uses a server process + alongside the database processes to perform backups and copy the + backups to the filesystem. As a result, this process is put under + the restricted namespaces above: the backup process can only write + to a limited number of paths. + + + In order to allow flexible backup locations on local disks, the + FoundationDB NixOS module supports a + option. + This option takes a list of paths, and adds them to the systemd + unit, allowing the processes inside the service to write (and + read) the specified directories. + + + For example, to create backups in + /opt/fdb-backups, first set up the paths in the + module options: + + +services.foundationdb.extraReadWritePaths = [ "/opt/fdb-backups" ]; - - - Restart the FoundationDB service, and it will now be able to write to this - directory (even if it does not yet exist.) Note: this path - must exist before restarting the unit. Otherwise, - systemd will not include it in the private FoundationDB namespace (and it - will not add it dynamically at runtime). - - - - You can now perform a backup: - - - -$ sudo -u foundationdb fdbbackup start -t default -d file:///opt/fdb-backups -$ sudo -u foundationdb fdbbackup status -t default - -
-
- Known limitations - - - The FoundationDB setup for NixOS should currently be considered beta. - FoundationDB is not new software, but the NixOS compilation and integration - has only undergone fairly basic testing of all the available functionality. - - - - - There is no way to specify individual parameters for individual - fdbserver processes. Currently, all server processes - inherit all the global fdbmonitor settings. + Restart the FoundationDB service, and it will now be able to write + to this directory (even if it does not yet exist.) Note: this path + must exist before restarting the unit. + Otherwise, systemd will not include it in the private FoundationDB + namespace (and it will not add it dynamically at runtime). - - - Ruby bindings are not currently installed. + You can now perform a backup: - - + +$ sudo -u foundationdb fdbbackup start -t default -d file:///opt/fdb-backups +$ sudo -u foundationdb fdbbackup status -t default + +
+
+ Known limitations - Go bindings are not currently installed. + The FoundationDB setup for NixOS should currently be considered + beta. FoundationDB is not new software, but the NixOS compilation + and integration has only undergone fairly basic testing of all the + available functionality. - - -
-
- Options - - - NixOS's FoundationDB module allows you to configure all of the most relevant - configuration options for fdbmonitor, matching it quite - closely. A complete list of options for the FoundationDB module may be found - here. You should - also read the FoundationDB documentation as well. - -
-
- Full documentation - - - FoundationDB is a complex piece of software, and requires careful - administration to properly use. Full documentation for administration can be - found here: . - -
+ + + + There is no way to specify individual parameters for + individual fdbserver processes. Currently, + all server processes inherit all the global + fdbmonitor settings. + + + + + Ruby bindings are not currently installed. + + + + + Go bindings are not currently installed. + + + +
+
+ Options + + NixOS's FoundationDB module allows you to configure all of the + most relevant configuration options for + fdbmonitor, matching it quite closely. A + complete list of options for the FoundationDB module may be found + here. You + should also read the FoundationDB documentation as well. + +
+
+ Full documentation + + FoundationDB is a complex piece of software, and requires careful + administration to properly use. Full documentation for + administration can be found here: + https://apple.github.io/foundationdb/. + +
From 453b2bed053dfdeb9d21d8c10e7eebe9ff446217 Mon Sep 17 00:00:00 2001 From: pennae Date: Tue, 3 Jan 2023 00:58:36 +0100 Subject: [PATCH 040/155] nixos/postgresql: convert manual chapter to MD --- .../modules/services/databases/postgresql.md | 173 +++++++++ .../modules/services/databases/postgresql.nix | 2 + .../modules/services/databases/postgresql.xml | 341 +++++++++--------- 3 files changed, 355 insertions(+), 161 deletions(-) create mode 100644 nixos/modules/services/databases/postgresql.md diff --git a/nixos/modules/services/databases/postgresql.md b/nixos/modules/services/databases/postgresql.md new file mode 100644 index 00000000000..1805bafe3be --- /dev/null +++ b/nixos/modules/services/databases/postgresql.md @@ -0,0 +1,173 @@ +# PostgreSQL {#module-postgresql} + + + + +*Source:* {file}`modules/services/databases/postgresql.nix` + +*Upstream documentation:* + + + +PostgreSQL is an advanced, free relational database. + + +## Configuring {#module-services-postgres-configuring} + +To enable PostgreSQL, add the following to your {file}`configuration.nix`: +``` +services.postgresql.enable = true; +services.postgresql.package = pkgs.postgresql_11; +``` +Note that you are required to specify the desired version of PostgreSQL (e.g. `pkgs.postgresql_11`). Since upgrading your PostgreSQL version requires a database dump and reload (see below), NixOS cannot provide a default value for [](#opt-services.postgresql.package) such as the most recent release of PostgreSQL. + + + +By default, PostgreSQL stores its databases in {file}`/var/lib/postgresql/$psqlSchema`. You can override this using [](#opt-services.postgresql.dataDir), e.g. +``` +services.postgresql.dataDir = "/data/postgresql"; +``` + +## Upgrading {#module-services-postgres-upgrading} + +::: {.note} +The steps below demonstrate how to upgrade from an older version to `pkgs.postgresql_13`. +These instructions are also applicable to other versions. +::: + +Major PostgreSQL upgrades require a downtime and a few imperative steps to be called. This is the case because +each major version has some internal changes in the databases' state during major releases. Because of that, +NixOS places the state into {file}`/var/lib/postgresql/<version>` where each `version` +can be obtained like this: +``` +$ nix-instantiate --eval -A postgresql_13.psqlSchema +"13" +``` +For an upgrade, a script like this can be used to simplify the process: +``` +{ config, pkgs, ... }: +{ + environment.systemPackages = [ + (let + # XXX specify the postgresql package you'd like to upgrade to. + # Do not forget to list the extensions you need. + newPostgres = pkgs.postgresql_13.withPackages (pp: [ + # pp.plv8 + ]); + in pkgs.writeScriptBin "upgrade-pg-cluster" '' + set -eux + # XXX it's perhaps advisable to stop all services that depend on postgresql + systemctl stop postgresql + + export NEWDATA="/var/lib/postgresql/${newPostgres.psqlSchema}" + + export NEWBIN="${newPostgres}/bin" + + export OLDDATA="${config.services.postgresql.dataDir}" + export OLDBIN="${config.services.postgresql.package}/bin" + + install -d -m 0700 -o postgres -g postgres "$NEWDATA" + cd "$NEWDATA" + sudo -u postgres $NEWBIN/initdb -D "$NEWDATA" + + sudo -u postgres $NEWBIN/pg_upgrade \ + --old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \ + --old-bindir $OLDBIN --new-bindir $NEWBIN \ + "$@" + '') + ]; +} +``` + +The upgrade process is: + + 1. Rebuild nixos configuration with the configuration above added to your {file}`configuration.nix`. Alternatively, add that into separate file and reference it in `imports` list. + 2. Login as root (`sudo su -`) + 3. Run `upgrade-pg-cluster`. It will stop old postgresql, initialize a new one and migrate the old one to the new one. You may supply arguments like `--jobs 4` and `--link` to speedup migration process. See for details. + 4. Change postgresql package in NixOS configuration to the one you were upgrading to via [](#opt-services.postgresql.package). Rebuild NixOS. This should start new postgres using upgraded data directory and all services you stopped during the upgrade. + 5. After the upgrade it's advisable to analyze the new cluster. + + - For PostgreSQL ≥ 14, use the `vacuumdb` command printed by the upgrades script. + - For PostgreSQL < 14, run (as `su -l postgres` in the [](#opt-services.postgresql.dataDir), in this example {file}`/var/lib/postgresql/13`): + + ``` + $ ./analyze_new_cluster.sh + ``` + + ::: {.warning} + The next step removes the old state-directory! + ::: + + ``` + $ ./delete_old_cluster.sh + ``` + +## Options {#module-services-postgres-options} + +A complete list of options for the PostgreSQL module may be found [here](#opt-services.postgresql.enable). + +## Plugins {#module-services-postgres-plugins} + +Plugins collection for each PostgreSQL version can be accessed with `.pkgs`. For example, for `pkgs.postgresql_11` package, its plugin collection is accessed by `pkgs.postgresql_11.pkgs`: +```ShellSession +$ nix repl '' + +Loading ''... +Added 10574 variables. + +nix-repl> postgresql_11.pkgs. +postgresql_11.pkgs.cstore_fdw postgresql_11.pkgs.pg_repack +postgresql_11.pkgs.pg_auto_failover postgresql_11.pkgs.pg_safeupdate +postgresql_11.pkgs.pg_bigm postgresql_11.pkgs.pg_similarity +postgresql_11.pkgs.pg_cron postgresql_11.pkgs.pg_topn +postgresql_11.pkgs.pg_hll postgresql_11.pkgs.pgjwt +postgresql_11.pkgs.pg_partman postgresql_11.pkgs.pgroonga +... +``` + +To add plugins via NixOS configuration, set `services.postgresql.extraPlugins`: +``` +services.postgresql.package = pkgs.postgresql_11; +services.postgresql.extraPlugins = with pkgs.postgresql_11.pkgs; [ + pg_repack + postgis +]; +``` + +You can build custom PostgreSQL-with-plugins (to be used outside of NixOS) using function `.withPackages`. For example, creating a custom PostgreSQL package in an overlay can look like: +``` +self: super: { + postgresql_custom = self.postgresql_11.withPackages (ps: [ + ps.pg_repack + ps.postgis + ]); +} +``` + +Here's a recipe on how to override a particular plugin through an overlay: +``` +self: super: { + postgresql_11 = super.postgresql_11.override { this = self.postgresql_11; } // { + pkgs = super.postgresql_11.pkgs // { + pg_repack = super.postgresql_11.pkgs.pg_repack.overrideAttrs (_: { + name = "pg_repack-v20181024"; + src = self.fetchzip { + url = "https://github.com/reorg/pg_repack/archive/923fa2f3c709a506e111cc963034bf2fd127aa00.tar.gz"; + sha256 = "17k6hq9xaax87yz79j773qyigm4fwk8z4zh5cyp6z0sxnwfqxxw5"; + }; + }); + }; + }; +} +``` diff --git a/nixos/modules/services/databases/postgresql.nix b/nixos/modules/services/databases/postgresql.nix index 6665e7a088f..b390199a851 100644 --- a/nixos/modules/services/databases/postgresql.nix +++ b/nixos/modules/services/databases/postgresql.nix @@ -585,6 +585,8 @@ in }; + # Don't edit the docbook xml directly, edit the md and generate it: + # `pandoc postgresql.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > postgresql.xml` meta.doc = ./postgresql.xml; meta.maintainers = with lib.maintainers; [ thoughtpolice danbst ]; } diff --git a/nixos/modules/services/databases/postgresql.xml b/nixos/modules/services/databases/postgresql.xml index 6199684f1a3..4cb0dc929c6 100644 --- a/nixos/modules/services/databases/postgresql.xml +++ b/nixos/modules/services/databases/postgresql.xml @@ -1,74 +1,70 @@ - - PostgreSQL - - - - Source: modules/services/databases/postgresql.nix - - - Upstream documentation: - - - - PostgreSQL is an advanced, free relational database. - - -
- Configuring - + + PostgreSQL - To enable PostgreSQL, add the following to your configuration.nix: - + Source: + modules/services/databases/postgresql.nix + + + Upstream documentation: + http://www.postgresql.org/docs/ + + + PostgreSQL is an advanced, free relational database. + +
+ Configuring + + To enable PostgreSQL, add the following to your + configuration.nix: + + services.postgresql.enable = true; services.postgresql.package = pkgs.postgresql_11; - Note that you are required to specify the desired version of PostgreSQL (e.g. pkgs.postgresql_11). Since upgrading your PostgreSQL version requires a database dump and reload (see below), NixOS cannot provide a default value for such as the most recent release of PostgreSQL. - - - - - - By default, PostgreSQL stores its databases in /var/lib/postgresql/$psqlSchema. You can override this using , e.g. - -services.postgresql.dataDir = "/data/postgresql"; + + Note that you are required to specify the desired version of + PostgreSQL (e.g. pkgs.postgresql_11). Since + upgrading your PostgreSQL version requires a database dump and + reload (see below), NixOS cannot provide a default value for + such as + the most recent release of PostgreSQL. + + + By default, PostgreSQL stores its databases in + /var/lib/postgresql/$psqlSchema. You can + override this using + , e.g. + + +services.postgresql.dataDir = "/data/postgresql"; - -
-
- Upgrading - - - - The steps below demonstrate how to upgrade from an older version to pkgs.postgresql_13. - These instructions are also applicable to other versions. - - - - Major PostgreSQL upgrades require a downtime and a few imperative steps to be called. This is the case because - each major version has some internal changes in the databases' state during major releases. Because of that, - NixOS places the state into /var/lib/postgresql/<version> where each version - can be obtained like this: - -$ nix-instantiate --eval -A postgresql_13.psqlSchema -"13" +
+
+ Upgrading + + + The steps below demonstrate how to upgrade from an older version + to pkgs.postgresql_13. These instructions are + also applicable to other versions. + + + + Major PostgreSQL upgrades require a downtime and a few imperative + steps to be called. This is the case because each major version + has some internal changes in the databases' state during major + releases. Because of that, NixOS places the state into + /var/lib/postgresql/<version> where + each version can be obtained like this: + + +$ nix-instantiate --eval -A postgresql_13.psqlSchema +"13" - For an upgrade, a script like this can be used to simplify the process: - + + For an upgrade, a script like this can be used to simplify the + process: + + { config, pkgs, ... }: { environment.systemPackages = [ @@ -78,104 +74,126 @@ services.postgresql.dataDir = "/data/postgresql"; newPostgres = pkgs.postgresql_13.withPackages (pp: [ # pp.plv8 ]); - in pkgs.writeScriptBin "upgrade-pg-cluster" '' + in pkgs.writeScriptBin "upgrade-pg-cluster" '' set -eux # XXX it's perhaps advisable to stop all services that depend on postgresql systemctl stop postgresql - export NEWDATA="/var/lib/postgresql/${newPostgres.psqlSchema}" + export NEWDATA="/var/lib/postgresql/${newPostgres.psqlSchema}" - export NEWBIN="${newPostgres}/bin" + export NEWBIN="${newPostgres}/bin" - export OLDDATA="${config.services.postgresql.dataDir}" - export OLDBIN="${config.services.postgresql.package}/bin" + export OLDDATA="${config.services.postgresql.dataDir}" + export OLDBIN="${config.services.postgresql.package}/bin" - install -d -m 0700 -o postgres -g postgres "$NEWDATA" - cd "$NEWDATA" - sudo -u postgres $NEWBIN/initdb -D "$NEWDATA" + install -d -m 0700 -o postgres -g postgres "$NEWDATA" + cd "$NEWDATA" + sudo -u postgres $NEWBIN/initdb -D "$NEWDATA" sudo -u postgres $NEWBIN/pg_upgrade \ - --old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \ + --old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \ --old-bindir $OLDBIN --new-bindir $NEWBIN \ - "$@" + "$@" '') ]; } - - - - The upgrade process is: - - - - - Rebuild nixos configuration with the configuration above added to your configuration.nix. Alternatively, add that into separate file and reference it in imports list. + The upgrade process is: - - - - Login as root (sudo su -) - - - - - Run upgrade-pg-cluster. It will stop old postgresql, initialize a new one and migrate the old one to the new one. You may supply arguments like --jobs 4 and --link to speedup migration process. See for details. - - - - - Change postgresql package in NixOS configuration to the one you were upgrading to via . Rebuild NixOS. This should start new postgres using upgraded data directory and all services you stopped during the upgrade. - - - - - After the upgrade it's advisable to analyze the new cluster. - - - - - For PostgreSQL ≥ 14, use the vacuumdb command printed by the upgrades script. - - - - - For PostgreSQL < 14, run (as su -l postgres in the , in this example /var/lib/postgresql/13): - -$ ./analyze_new_cluster.sh + + + + Rebuild nixos configuration with the configuration above added + to your configuration.nix. Alternatively, + add that into separate file and reference it in + imports list. + + + + + Login as root (sudo su -) + + + + + Run upgrade-pg-cluster. It will stop old + postgresql, initialize a new one and migrate the old one to + the new one. You may supply arguments like + --jobs 4 and --link to + speedup migration process. See + https://www.postgresql.org/docs/current/pgupgrade.html + for details. + + + + + Change postgresql package in NixOS configuration to the one + you were upgrading to via + . + Rebuild NixOS. This should start new postgres using upgraded + data directory and all services you stopped during the + upgrade. + + + + + After the upgrade it's advisable to analyze the new cluster. + + + + + For PostgreSQL ≥ 14, use the vacuumdb + command printed by the upgrades script. + + + + + For PostgreSQL < 14, run (as + su -l postgres in the + , + in this example + /var/lib/postgresql/13): + + +$ ./analyze_new_cluster.sh - - - - - The next step removes the old state-directory! - -$ ./delete_old_cluster.sh + + + + + The next step removes the old state-directory! + + + +$ ./delete_old_cluster.sh + + +
+
+ Options + + A complete list of options for the PostgreSQL module may be found + here. - - -
-
- Options - - - A complete list of options for the PostgreSQL module may be found here. - -
-
- Plugins - - - Plugins collection for each PostgreSQL version can be accessed with .pkgs. For example, for pkgs.postgresql_11 package, its plugin collection is accessed by pkgs.postgresql_11.pkgs: - -$ nix repl '<nixpkgs>' +
+
+ Plugins + + Plugins collection for each PostgreSQL version can be accessed + with .pkgs. For example, for + pkgs.postgresql_11 package, its plugin + collection is accessed by + pkgs.postgresql_11.pkgs: + + +$ nix repl '<nixpkgs>' Loading '<nixpkgs>'... Added 10574 variables. -nix-repl> postgresql_11.pkgs.<TAB><TAB> +nix-repl> postgresql_11.pkgs.<TAB><TAB> postgresql_11.pkgs.cstore_fdw postgresql_11.pkgs.pg_repack postgresql_11.pkgs.pg_auto_failover postgresql_11.pkgs.pg_safeupdate postgresql_11.pkgs.pg_bigm postgresql_11.pkgs.pg_similarity @@ -183,23 +201,25 @@ postgresql_11.pkgs.pg_cron postgresql_11.pkgs.pg_topn postgresql_11.pkgs.pg_hll postgresql_11.pkgs.pgjwt postgresql_11.pkgs.pg_partman postgresql_11.pkgs.pgroonga ... - - - - - To add plugins via NixOS configuration, set services.postgresql.extraPlugins: - + + + To add plugins via NixOS configuration, set + services.postgresql.extraPlugins: + + services.postgresql.package = pkgs.postgresql_11; services.postgresql.extraPlugins = with pkgs.postgresql_11.pkgs; [ pg_repack postgis ]; - - - - You can build custom PostgreSQL-with-plugins (to be used outside of NixOS) using function .withPackages. For example, creating a custom PostgreSQL package in an overlay can look like: - + + You can build custom PostgreSQL-with-plugins (to be used outside + of NixOS) using function .withPackages. For + example, creating a custom PostgreSQL package in an overlay can + look like: + + self: super: { postgresql_custom = self.postgresql_11.withPackages (ps: [ ps.pg_repack @@ -207,25 +227,24 @@ self: super: { ]); } - - - - Here's a recipe on how to override a particular plugin through an overlay: - + + Here's a recipe on how to override a particular plugin through an + overlay: + + self: super: { postgresql_11 = super.postgresql_11.override { this = self.postgresql_11; } // { pkgs = super.postgresql_11.pkgs // { pg_repack = super.postgresql_11.pkgs.pg_repack.overrideAttrs (_: { - name = "pg_repack-v20181024"; + name = "pg_repack-v20181024"; src = self.fetchzip { - url = "https://github.com/reorg/pg_repack/archive/923fa2f3c709a506e111cc963034bf2fd127aa00.tar.gz"; - sha256 = "17k6hq9xaax87yz79j773qyigm4fwk8z4zh5cyp6z0sxnwfqxxw5"; + url = "https://github.com/reorg/pg_repack/archive/923fa2f3c709a506e111cc963034bf2fd127aa00.tar.gz"; + sha256 = "17k6hq9xaax87yz79j773qyigm4fwk8z4zh5cyp6z0sxnwfqxxw5"; }; }); }; }; } - -
+
From 8422592cf883014eba46cc24b60b043dd5590dba Mon Sep 17 00:00:00 2001 From: pennae Date: Tue, 3 Jan 2023 01:06:30 +0100 Subject: [PATCH 041/155] nixos/flatpak: convert manual chapter to MD --- nixos/modules/services/desktops/flatpak.md | 39 ++++++++ nixos/modules/services/desktops/flatpak.nix | 2 + nixos/modules/services/desktops/flatpak.xml | 103 ++++++++++---------- 3 files changed, 93 insertions(+), 51 deletions(-) create mode 100644 nixos/modules/services/desktops/flatpak.md diff --git a/nixos/modules/services/desktops/flatpak.md b/nixos/modules/services/desktops/flatpak.md new file mode 100644 index 00000000000..65b1554d79b --- /dev/null +++ b/nixos/modules/services/desktops/flatpak.md @@ -0,0 +1,39 @@ +# Flatpak {#module-services-flatpak} + +*Source:* {file}`modules/services/desktop/flatpak.nix` + +*Upstream documentation:* + +Flatpak is a system for building, distributing, and running sandboxed desktop +applications on Linux. + +To enable Flatpak, add the following to your {file}`configuration.nix`: +``` + services.flatpak.enable = true; +``` + +For the sandboxed apps to work correctly, desktop integration portals need to +be installed. If you run GNOME, this will be handled automatically for you; +in other cases, you will need to add something like the following to your +{file}`configuration.nix`: +``` + xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; +``` + +Then, you will need to add a repository, for example, +[Flathub](https://github.com/flatpak/flatpak/wiki), +either using the following commands: +```ShellSession +$ flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo +$ flatpak update +``` +or by opening the +[repository file](https://flathub.org/repo/flathub.flatpakrepo) in GNOME Software. + +Finally, you can search and install programs: +```ShellSession +$ flatpak search bustle +$ flatpak install flathub org.freedesktop.Bustle +$ flatpak run org.freedesktop.Bustle +``` +Again, GNOME Software offers graphical interface for these tasks. diff --git a/nixos/modules/services/desktops/flatpak.nix b/nixos/modules/services/desktops/flatpak.nix index 3b14ad75ab3..367d367d0bc 100644 --- a/nixos/modules/services/desktops/flatpak.nix +++ b/nixos/modules/services/desktops/flatpak.nix @@ -7,6 +7,8 @@ let cfg = config.services.flatpak; in { meta = { + # Don't edit the docbook xml directly, edit the md and generate it: + # `pandoc flatpak.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > flatpak.xml` doc = ./flatpak.xml; maintainers = pkgs.flatpak.meta.maintainers; }; diff --git a/nixos/modules/services/desktops/flatpak.xml b/nixos/modules/services/desktops/flatpak.xml index a6d27e40b0a..3a4cfc5ea40 100644 --- a/nixos/modules/services/desktops/flatpak.xml +++ b/nixos/modules/services/desktops/flatpak.xml @@ -1,56 +1,57 @@ - - Flatpak - - Source: - modules/services/desktop/flatpak.nix - - - Upstream documentation: - - - - Flatpak is a system for building, distributing, and running sandboxed desktop - applications on Linux. - - - To enable Flatpak, add the following to your - configuration.nix: - + + Flatpak + + Source: + modules/services/desktop/flatpak.nix + + + Upstream documentation: + https://github.com/flatpak/flatpak/wiki + + + Flatpak is a system for building, distributing, and running + sandboxed desktop applications on Linux. + + + To enable Flatpak, add the following to your + configuration.nix: + + services.flatpak.enable = true; - - - For the sandboxed apps to work correctly, desktop integration portals need to - be installed. If you run GNOME, this will be handled automatically for you; - in other cases, you will need to add something like the following to your - configuration.nix: - + + For the sandboxed apps to work correctly, desktop integration + portals need to be installed. If you run GNOME, this will be handled + automatically for you; in other cases, you will need to add + something like the following to your + configuration.nix: + + xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; - - - Then, you will need to add a repository, for example, - Flathub, - either using the following commands: - -$ flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo -$ flatpak update - - or by opening the - repository - file in GNOME Software. - - - Finally, you can search and install programs: - -$ flatpak search bustle -$ flatpak install flathub org.freedesktop.Bustle -$ flatpak run org.freedesktop.Bustle - - Again, GNOME Software offers graphical interface for these tasks. - + + Then, you will need to add a repository, for example, + Flathub, + either using the following commands: + + +$ flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo +$ flatpak update + + + or by opening the + repository + file in GNOME Software. + + + Finally, you can search and install programs: + + +$ flatpak search bustle +$ flatpak install flathub org.freedesktop.Bustle +$ flatpak run org.freedesktop.Bustle + + + Again, GNOME Software offers graphical interface for these tasks. + From 296ffb4f1f2fe920e8cc37ed727283937cee8443 Mon Sep 17 00:00:00 2001 From: pennae Date: Tue, 3 Jan 2023 01:18:33 +0100 Subject: [PATCH 042/155] nixos/blackfire: convert manual chapter to MD --- .../modules/services/development/blackfire.md | 39 +++++++++++++ .../services/development/blackfire.nix | 2 + .../services/development/blackfire.xml | 57 +++++++++++-------- 3 files changed, 75 insertions(+), 23 deletions(-) create mode 100644 nixos/modules/services/development/blackfire.md diff --git a/nixos/modules/services/development/blackfire.md b/nixos/modules/services/development/blackfire.md new file mode 100644 index 00000000000..e2e7e4780c7 --- /dev/null +++ b/nixos/modules/services/development/blackfire.md @@ -0,0 +1,39 @@ +# Blackfire profiler {#module-services-blackfire} + +*Source:* {file}`modules/services/development/blackfire.nix` + +*Upstream documentation:* + +[Blackfire](https://blackfire.io) is a proprietary tool for profiling applications. There are several languages supported by the product but currently only PHP support is packaged in Nixpkgs. The back-end consists of a module that is loaded into the language runtime (called *probe*) and a service (*agent*) that the probe connects to and that sends the profiles to the server. + +To use it, you will need to enable the agent and the probe on your server. The exact method will depend on the way you use PHP but here is an example of NixOS configuration for PHP-FPM: +``` +let + php = pkgs.php.withExtensions ({ enabled, all }: enabled ++ (with all; [ + blackfire + ])); +in { + # Enable the probe extension for PHP-FPM. + services.phpfpm = { + phpPackage = php; + }; + + # Enable and configure the agent. + services.blackfire-agent = { + enable = true; + settings = { + # You will need to get credentials at https://blackfire.io/my/settings/credentials + # You can also use other options described in https://blackfire.io/docs/up-and-running/configuration/agent + server-id = "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"; + server-token = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"; + }; + }; + + # Make the agent run on start-up. + # (WantedBy= from the upstream unit not respected: https://github.com/NixOS/nixpkgs/issues/81138) + # Alternately, you can start it manually with `systemctl start blackfire-agent`. + systemd.services.blackfire-agent.wantedBy = [ "phpfpm-foo.service" ]; +} +``` + +On your developer machine, you will also want to install [the client](https://blackfire.io/docs/up-and-running/installation#install-a-profiling-client) (see `blackfire` package) or the browser extension to actually trigger the profiling. diff --git a/nixos/modules/services/development/blackfire.nix b/nixos/modules/services/development/blackfire.nix index 054cef9ae80..7d3365efa84 100644 --- a/nixos/modules/services/development/blackfire.nix +++ b/nixos/modules/services/development/blackfire.nix @@ -11,6 +11,8 @@ let in { meta = { maintainers = pkgs.blackfire.meta.maintainers; + # Don't edit the docbook xml directly, edit the md and generate it: + # `pandoc blackfire.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > blackfire.xml` doc = ./blackfire.xml; }; diff --git a/nixos/modules/services/development/blackfire.xml b/nixos/modules/services/development/blackfire.xml index 182ff6dafde..f5e62218632 100644 --- a/nixos/modules/services/development/blackfire.xml +++ b/nixos/modules/services/development/blackfire.xml @@ -1,19 +1,28 @@ - - Blackfire profiler - - Source: - modules/services/development/blackfire.nix - - - Upstream documentation: - - - - Blackfire is a proprietary tool for profiling applications. There are several languages supported by the product but currently only PHP support is packaged in Nixpkgs. The back-end consists of a module that is loaded into the language runtime (called probe) and a service (agent) that the probe connects to and that sends the profiles to the server. - - - To use it, you will need to enable the agent and the probe on your server. The exact method will depend on the way you use PHP but here is an example of NixOS configuration for PHP-FPM: - + + Blackfire profiler + + Source: + modules/services/development/blackfire.nix + + + Upstream documentation: + https://blackfire.io/docs/introduction + + + Blackfire is a + proprietary tool for profiling applications. There are several + languages supported by the product but currently only PHP support is + packaged in Nixpkgs. The back-end consists of a module that is + loaded into the language runtime (called probe) + and a service (agent) that the probe connects + to and that sends the profiles to the server. + + + To use it, you will need to enable the agent and the probe on your + server. The exact method will depend on the way you use PHP but here + is an example of NixOS configuration for PHP-FPM: + + let php = pkgs.php.withExtensions ({ enabled, all }: enabled ++ (with all; [ blackfire @@ -30,19 +39,21 @@ in { settings = { # You will need to get credentials at https://blackfire.io/my/settings/credentials # You can also use other options described in https://blackfire.io/docs/up-and-running/configuration/agent - server-id = "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"; - server-token = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"; + server-id = "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"; + server-token = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"; }; }; # Make the agent run on start-up. # (WantedBy= from the upstream unit not respected: https://github.com/NixOS/nixpkgs/issues/81138) # Alternately, you can start it manually with `systemctl start blackfire-agent`. - systemd.services.blackfire-agent.wantedBy = [ "phpfpm-foo.service" ]; + systemd.services.blackfire-agent.wantedBy = [ "phpfpm-foo.service" ]; } - - - On your developer machine, you will also want to install the client (see blackfire package) or the browser extension to actually trigger the profiling. - + + On your developer machine, you will also want to install + the + client (see blackfire package) or the + browser extension to actually trigger the profiling. + From 77ee5a1436ebec93ab7dca411155ac9b2876350a Mon Sep 17 00:00:00 2001 From: pennae Date: Tue, 3 Jan 2023 01:53:00 +0100 Subject: [PATCH 043/155] nixos/emacs: convert manual chapter to MD --- nixos/modules/services/editors/emacs.md | 399 +++++++++++ nixos/modules/services/editors/emacs.nix | 2 + nixos/modules/services/editors/emacs.xml | 824 +++++++++++------------ 3 files changed, 785 insertions(+), 440 deletions(-) create mode 100644 nixos/modules/services/editors/emacs.md diff --git a/nixos/modules/services/editors/emacs.md b/nixos/modules/services/editors/emacs.md new file mode 100644 index 00000000000..c072b3664ad --- /dev/null +++ b/nixos/modules/services/editors/emacs.md @@ -0,0 +1,399 @@ +# Emacs {#module-services-emacs} + + + +[Emacs](https://www.gnu.org/software/emacs/) is an +extensible, customizable, self-documenting real-time display editor — and +more. At its core is an interpreter for Emacs Lisp, a dialect of the Lisp +programming language with extensions to support text editing. + +Emacs runs within a graphical desktop environment using the X Window System, +but works equally well on a text terminal. Under +macOS, a "Mac port" edition is available, which +uses Apple's native GUI frameworks. + +Nixpkgs provides a superior environment for +running Emacs. It's simple to create custom builds +by overriding the default packages. Chaotic collections of Emacs Lisp code +and extensions can be brought under control using declarative package +management. NixOS even provides a +{command}`systemd` user service for automatically starting the Emacs +daemon. + +## Installing Emacs {#module-services-emacs-installing} + +Emacs can be installed in the normal way for Nix (see +[](#sec-package-management)). In addition, a NixOS +*service* can be enabled. + +### The Different Releases of Emacs {#module-services-emacs-releases} + +Nixpkgs defines several basic Emacs packages. +The following are attributes belonging to the {var}`pkgs` set: + + {var}`emacs` + : The latest stable version of Emacs using the [GTK 2](http://www.gtk.org) + widget toolkit. + + {var}`emacs-nox` + : Emacs built without any dependency on X11 libraries. + + {var}`emacsMacport` + : Emacs with the "Mac port" patches, providing a more native look and + feel under macOS. + +If those aren't suitable, then the following imitation Emacs editors are +also available in Nixpkgs: +[Zile](https://www.gnu.org/software/zile/), +[mg](http://homepage.boetes.org/software/mg/), +[Yi](http://yi-editor.github.io/), +[jmacs](https://joe-editor.sourceforge.io/). + +### Adding Packages to Emacs {#module-services-emacs-adding-packages} + +Emacs includes an entire ecosystem of functionality beyond text editing, +including a project planner, mail and news reader, debugger interface, +calendar, and more. + +Most extensions are gotten with the Emacs packaging system +({file}`package.el`) from +[Emacs Lisp Package Archive (ELPA)](https://elpa.gnu.org/), +[MELPA](https://melpa.org/), +[MELPA Stable](https://stable.melpa.org/), and +[Org ELPA](http://orgmode.org/elpa.html). Nixpkgs is +regularly updated to mirror all these archives. + +Under NixOS, you can continue to use +`package-list-packages` and +`package-install` to install packages. You can also +declare the set of Emacs packages you need using the derivations from +Nixpkgs. The rest of this section discusses declarative installation of +Emacs packages through nixpkgs. + +The first step to declare the list of packages you want in your Emacs +installation is to create a dedicated derivation. This can be done in a +dedicated {file}`emacs.nix` file such as: + +[]{#ex-emacsNix} + +```nix +/* +This is a nix expression to build Emacs and some Emacs packages I like +from source on any distribution where Nix is installed. This will install +all the dependencies from the nixpkgs repository and build the binary files +without interfering with the host distribution. + +To build the project, type the following from the current directory: + +$ nix-build emacs.nix + +To run the newly compiled executable: + +$ ./result/bin/emacs +*/ + +# The first non-comment line in this file indicates that +# the whole file represents a function. +{ pkgs ? import {} }: + +let + # The let expression below defines a myEmacs binding pointing to the + # current stable version of Emacs. This binding is here to separate + # the choice of the Emacs binary from the specification of the + # required packages. + myEmacs = pkgs.emacs; + # This generates an emacsWithPackages function. It takes a single + # argument: a function from a package set to a list of packages + # (the packages that will be available in Emacs). + emacsWithPackages = (pkgs.emacsPackagesFor myEmacs).emacsWithPackages; +in + # The rest of the file specifies the list of packages to install. In the + # example, two packages (magit and zerodark-theme) are taken from + # MELPA stable. + emacsWithPackages (epkgs: (with epkgs.melpaStablePackages; [ + magit # ; Integrate git + zerodark-theme # ; Nicolas' theme + ]) + # Two packages (undo-tree and zoom-frm) are taken from MELPA. + ++ (with epkgs.melpaPackages; [ + undo-tree # ; to show the undo tree + zoom-frm # ; increase/decrease font size for all buffers %lt;C-x C-+> + ]) + # Three packages are taken from GNU ELPA. + ++ (with epkgs.elpaPackages; [ + auctex # ; LaTeX mode + beacon # ; highlight my cursor when scrolling + nameless # ; hide current package name everywhere in elisp code + ]) + # notmuch is taken from a nixpkgs derivation which contains an Emacs mode. + ++ [ + pkgs.notmuch # From main packages set + ]) +``` + +The result of this configuration will be an {command}`emacs` +command which launches Emacs with all of your chosen packages in the +{var}`load-path`. + +You can check that it works by executing this in a terminal: +```ShellSession +$ nix-build emacs.nix +$ ./result/bin/emacs -q +``` +and then typing `M-x package-initialize`. Check that you +can use all the packages you want in this Emacs instance. For example, try +switching to the zerodark theme through `M-x load-theme zerodark y`. + +::: {.tip} +A few popular extensions worth checking out are: auctex, company, +edit-server, flycheck, helm, iedit, magit, multiple-cursors, projectile, +and yasnippet. +::: + +The list of available packages in the various ELPA repositories can be seen +with the following commands: +[]{#module-services-emacs-querying-packages} +``` +nix-env -f "" -qaP -A emacs.pkgs.elpaPackages +nix-env -f "" -qaP -A emacs.pkgs.melpaPackages +nix-env -f "" -qaP -A emacs.pkgs.melpaStablePackages +nix-env -f "" -qaP -A emacs.pkgs.orgPackages +``` + +If you are on NixOS, you can install this particular Emacs for all users by +adding it to the list of system packages (see +[](#sec-declarative-package-mgmt)). Simply modify your file +{file}`configuration.nix` to make it contain: +[]{#module-services-emacs-configuration-nix} +``` +{ + environment.systemPackages = [ + # [...] + (import /path/to/emacs.nix { inherit pkgs; }) + ]; +} +``` + +In this case, the next {command}`nixos-rebuild switch` will take +care of adding your {command}`emacs` to the {var}`PATH` +environment variable (see [](#sec-changing-config)). + + + +If you are not on NixOS or want to install this particular Emacs only for +yourself, you can do so by adding it to your +{file}`~/.config/nixpkgs/config.nix` (see +[Nixpkgs manual](https://nixos.org/nixpkgs/manual/#sec-modify-via-packageOverrides)): +[]{#module-services-emacs-config-nix} +``` +{ + packageOverrides = super: let self = super.pkgs; in { + myemacs = import /path/to/emacs.nix { pkgs = self; }; + }; +} +``` + +In this case, the next `nix-env -f '' -iA +myemacs` will take care of adding your emacs to the +{var}`PATH` environment variable. + +### Advanced Emacs Configuration {#module-services-emacs-advanced} + +If you want, you can tweak the Emacs package itself from your +{file}`emacs.nix`. For example, if you want to have a +GTK 3-based Emacs instead of the default GTK 2-based binary and remove the +automatically generated {file}`emacs.desktop` (useful if you +only use {command}`emacsclient`), you can change your file +{file}`emacs.nix` in this way: + +[]{#ex-emacsGtk3Nix} +``` +{ pkgs ? import {} }: +let + myEmacs = (pkgs.emacs.override { + # Use gtk3 instead of the default gtk2 + withGTK3 = true; + withGTK2 = false; + }).overrideAttrs (attrs: { + # I don't want emacs.desktop file because I only use + # emacsclient. + postInstall = (attrs.postInstall or "") + '' + rm $out/share/applications/emacs.desktop + ''; + }); +in [...] +``` + +After building this file as shown in [the example above](#ex-emacsNix), you +will get an GTK 3-based Emacs binary pre-loaded with your favorite packages. + +## Running Emacs as a Service {#module-services-emacs-running} + +NixOS provides an optional +{command}`systemd` service which launches +[Emacs daemon](https://www.gnu.org/software/emacs/manual/html_node/emacs/Emacs-Server.html) +with the user's login session. + +*Source:* {file}`modules/services/editors/emacs.nix` + +### Enabling the Service {#module-services-emacs-enabling} + +To install and enable the {command}`systemd` user service for Emacs +daemon, add the following to your {file}`configuration.nix`: +``` +services.emacs.enable = true; +services.emacs.package = import /home/cassou/.emacs.d { pkgs = pkgs; }; +``` + +The {var}`services.emacs.package` option allows a custom +derivation to be used, for example, one created by +`emacsWithPackages`. + +Ensure that the Emacs server is enabled for your user's Emacs +configuration, either by customizing the {var}`server-mode` +variable, or by adding `(server-start)` to +{file}`~/.emacs.d/init.el`. + +To start the daemon, execute the following: +```ShellSession +$ nixos-rebuild switch # to activate the new configuration.nix +$ systemctl --user daemon-reload # to force systemd reload +$ systemctl --user start emacs.service # to start the Emacs daemon +``` +The server should now be ready to serve Emacs clients. + +### Starting the client {#module-services-emacs-starting-client} + +Ensure that the emacs server is enabled, either by customizing the +{var}`server-mode` variable, or by adding +`(server-start)` to {file}`~/.emacs`. + +To connect to the emacs daemon, run one of the following: +``` +emacsclient FILENAME +emacsclient --create-frame # opens a new frame (window) +emacsclient --create-frame --tty # opens a new frame on the current terminal +``` + +### Configuring the {var}`EDITOR` variable {#module-services-emacs-editor-variable} + + + +If [](#opt-services.emacs.defaultEditor) is +`true`, the {var}`EDITOR` variable will be set +to a wrapper script which launches {command}`emacsclient`. + +Any setting of {var}`EDITOR` in the shell config files will +override {var}`services.emacs.defaultEditor`. To make sure +{var}`EDITOR` refers to the Emacs wrapper script, remove any +existing {var}`EDITOR` assignment from +{file}`.profile`, {file}`.bashrc`, +{file}`.zshenv` or any other shell config file. + +If you have formed certain bad habits when editing files, these can be +corrected with a shell alias to the wrapper script: +``` +alias vi=$EDITOR +``` + +### Per-User Enabling of the Service {#module-services-emacs-per-user} + +In general, {command}`systemd` user services are globally enabled +by symlinks in {file}`/etc/systemd/user`. In the case where +Emacs daemon is not wanted for all users, it is possible to install the +service but not globally enable it: +``` +services.emacs.enable = false; +services.emacs.install = true; +``` + +To enable the {command}`systemd` user service for just the +currently logged in user, run: +``` +systemctl --user enable emacs +``` +This will add the symlink +{file}`~/.config/systemd/user/emacs.service`. + +## Configuring Emacs {#module-services-emacs-configuring} + +The Emacs init file should be changed to load the extension packages at +startup: +[]{#module-services-emacs-package-initialisation} +``` +(require 'package) + +;; optional. makes unpure packages archives unavailable +(setq package-archives nil) + +(setq package-enable-at-startup nil) +(package-initialize) +``` + +After the declarative emacs package configuration has been tested, +previously downloaded packages can be cleaned up by removing +{file}`~/.emacs.d/elpa` (do make a backup first, in case you +forgot a package). + + + +### A Major Mode for Nix Expressions {#module-services-emacs-major-mode} + +Of interest may be {var}`melpaPackages.nix-mode`, which +provides syntax highlighting for the Nix language. This is particularly +convenient if you regularly edit Nix files. + +### Accessing man pages {#module-services-emacs-man-pages} + +You can use `woman` to get completion of all available +man pages. For example, type `M-x woman nixos-rebuild .` + +### Editing DocBook 5 XML Documents {#sec-emacs-docbook-xml} + +Emacs includes +[nXML](https://www.gnu.org/software/emacs/manual/html_node/nxml-mode/Introduction.html), +a major-mode for validating and editing XML documents. When editing DocBook +5.0 documents, such as [this one](#book-nixos-manual), +nXML needs to be configured with the relevant schema, which is not +included. + +To install the DocBook 5.0 schemas, either add +{var}`pkgs.docbook5` to [](#opt-environment.systemPackages) +([NixOS](#sec-declarative-package-mgmt)), or run +`nix-env -f '' -iA docbook5` +([Nix](#sec-ad-hoc-packages)). + +Then customize the variable {var}`rng-schema-locating-files` to +include {file}`~/.emacs.d/schemas.xml` and put the following +text into that file: +[]{#ex-emacs-docbook-xml} +```xml + + + + + + + +``` diff --git a/nixos/modules/services/editors/emacs.nix b/nixos/modules/services/editors/emacs.nix index 5ae28cd9bbb..b4f447757e7 100644 --- a/nixos/modules/services/editors/emacs.nix +++ b/nixos/modules/services/editors/emacs.nix @@ -99,5 +99,7 @@ in environment.variables.EDITOR = mkIf cfg.defaultEditor (mkOverride 900 "${editorScript}/bin/emacseditor"); }; + # Don't edit the docbook xml directly, edit the md and generate it: + # `pandoc emacs.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > emacs.xml` meta.doc = ./emacs.xml; } diff --git a/nixos/modules/services/editors/emacs.xml b/nixos/modules/services/editors/emacs.xml index 7b847f1f798..5e4f3e67427 100644 --- a/nixos/modules/services/editors/emacs.xml +++ b/nixos/modules/services/editors/emacs.xml @@ -1,143 +1,119 @@ - - Emacs - - - Emacs is an - extensible, customizable, self-documenting real-time display editor — and - more. At its core is an interpreter for Emacs Lisp, a dialect of the Lisp - programming language with extensions to support text editing. - - - Emacs runs within a graphical desktop environment using the X Window System, - but works equally well on a text terminal. Under - macOS, a "Mac port" edition is available, which - uses Apple's native GUI frameworks. - - - Nixpkgs provides a superior environment for - running Emacs. It's simple to create custom builds - by overriding the default packages. Chaotic collections of Emacs Lisp code - and extensions can be brought under control using declarative package - management. NixOS even provides a - systemd user service for automatically starting the Emacs - daemon. - -
- Installing Emacs - + + Emacs - Emacs can be installed in the normal way for Nix (see - ). In addition, a NixOS - service can be enabled. + Emacs + is an extensible, customizable, self-documenting real-time display + editor — and more. At its core is an interpreter for Emacs Lisp, a + dialect of the Lisp programming language with extensions to support + text editing. - -
- The Different Releases of Emacs - - - Nixpkgs defines several basic Emacs packages. - The following are attributes belonging to the pkgs set: - - - - emacs - - - emacs - - - - The latest stable version of Emacs using the - GTK 2 - widget toolkit. - - - - - - emacs-nox - - - - Emacs built without any dependency on X11 libraries. - - - - - - emacsMacport - - - emacsMacport - - - - Emacs with the "Mac port" patches, providing a more native look and - feel under macOS. - - - - - - - - If those aren't suitable, then the following imitation Emacs editors are - also available in Nixpkgs: - Zile, - mg, - Yi, - jmacs. - -
- -
- Adding Packages to Emacs - - - Emacs includes an entire ecosystem of functionality beyond text editing, - including a project planner, mail and news reader, debugger interface, - calendar, and more. - - - - Most extensions are gotten with the Emacs packaging system - (package.el) from - Emacs Lisp Package Archive - (ELPA), - MELPA, - MELPA Stable, and - Org ELPA. Nixpkgs is - regularly updated to mirror all these archives. - - - - Under NixOS, you can continue to use - package-list-packages and - package-install to install packages. You can also - declare the set of Emacs packages you need using the derivations from - Nixpkgs. The rest of this section discusses declarative installation of - Emacs packages through nixpkgs. - - - - The first step to declare the list of packages you want in your Emacs - installation is to create a dedicated derivation. This can be done in a - dedicated emacs.nix file such as: - - Nix expression to build Emacs with packages (<filename>emacs.nix</filename>) - + + Emacs runs within a graphical desktop environment using the X Window + System, but works equally well on a text terminal. Under macOS, a + "Mac port" edition is available, which uses Apple's native + GUI frameworks. + + + Nixpkgs provides a superior environment for running Emacs. It's + simple to create custom builds by overriding the default packages. + Chaotic collections of Emacs Lisp code and extensions can be brought + under control using declarative package management. NixOS even + provides a systemd user service for automatically + starting the Emacs daemon. + +
+ Installing Emacs + + Emacs can be installed in the normal way for Nix (see + ). In addition, a + NixOS service can be enabled. + +
+ The Different Releases of Emacs + + Nixpkgs defines several basic Emacs packages. The following are + attributes belonging to the pkgs set: + + + + + emacs + + + + The latest stable version of Emacs using the + GTK 2 widget + toolkit. + + + + + + emacs-nox + + + + Emacs built without any dependency on X11 libraries. + + + + + + emacsMacport + + + + Emacs with the "Mac port" patches, providing a + more native look and feel under macOS. + + + + + + If those aren't suitable, then the following imitation Emacs + editors are also available in Nixpkgs: + Zile, + mg, + Yi, + jmacs. + +
+
+ Adding Packages to Emacs + + Emacs includes an entire ecosystem of functionality beyond text + editing, including a project planner, mail and news reader, + debugger interface, calendar, and more. + + + Most extensions are gotten with the Emacs packaging system + (package.el) from + Emacs Lisp Package + Archive (ELPA), + MELPA, + MELPA + Stable, and + Org ELPA. + Nixpkgs is regularly updated to mirror all these archives. + + + Under NixOS, you can continue to use + package-list-packages and + package-install to install packages. You can + also declare the set of Emacs packages you need using the + derivations from Nixpkgs. The rest of this section discusses + declarative installation of Emacs packages through nixpkgs. + + + The first step to declare the list of packages you want in your + Emacs installation is to create a dedicated derivation. This can + be done in a dedicated emacs.nix file such + as: + + + + + /* This is a nix expression to build Emacs and some Emacs packages I like from source on any distribution where Nix is installed. This will install @@ -191,111 +167,103 @@ in pkgs.notmuch # From main packages set ]) - - - - - The result of this configuration will be an emacs - command which launches Emacs with all of your chosen packages in the - load-path. - - - - You can check that it works by executing this in a terminal: - -$ nix-build emacs.nix -$ ./result/bin/emacs -q - - and then typing M-x package-initialize. Check that you - can use all the packages you want in this Emacs instance. For example, try - switching to the zerodark theme through M-x load-theme <RET> - zerodark <RET> y. - - - - - A few popular extensions worth checking out are: auctex, company, - edit-server, flycheck, helm, iedit, magit, multiple-cursors, projectile, - and yasnippet. - - - - - The list of available packages in the various ELPA repositories can be seen - with the following commands: - -" -qaP -A emacs.pkgs.elpaPackages -nix-env -f "" -qaP -A emacs.pkgs.melpaPackages -nix-env -f "" -qaP -A emacs.pkgs.melpaStablePackages -nix-env -f "" -qaP -A emacs.pkgs.orgPackages -]]> - - - - If you are on NixOS, you can install this particular Emacs for all users by - adding it to the list of system packages (see - ). Simply modify your file - configuration.nix to make it contain: - - + The result of this configuration will be an + emacs command which launches Emacs with all + of your chosen packages in the load-path. + + + You can check that it works by executing this in a terminal: + + +$ nix-build emacs.nix +$ ./result/bin/emacs -q + + + and then typing M-x package-initialize. Check + that you can use all the packages you want in this Emacs + instance. For example, try switching to the zerodark theme + through + M-x load-theme <RET> zerodark <RET> y. + + + + A few popular extensions worth checking out are: auctex, + company, edit-server, flycheck, helm, iedit, magit, + multiple-cursors, projectile, and yasnippet. + + + + The list of available packages in the various ELPA repositories + can be seen with the following commands: + + + +nix-env -f "<nixpkgs>" -qaP -A emacs.pkgs.elpaPackages +nix-env -f "<nixpkgs>" -qaP -A emacs.pkgs.melpaPackages +nix-env -f "<nixpkgs>" -qaP -A emacs.pkgs.melpaStablePackages +nix-env -f "<nixpkgs>" -qaP -A emacs.pkgs.orgPackages + + + If you are on NixOS, you can install this particular Emacs for + all users by adding it to the list of system packages (see + ). Simply + modify your file configuration.nix to make + it contain: + + + { environment.systemPackages = [ # [...] (import /path/to/emacs.nix { inherit pkgs; }) ]; } -]]> - - - - In this case, the next nixos-rebuild switch will take - care of adding your emacs to the PATH - environment variable (see ). - - - - - - If you are not on NixOS or want to install this particular Emacs only for - yourself, you can do so by adding it to your - ~/.config/nixpkgs/config.nix (see - Nixpkgs - manual): - - + + In this case, the next nixos-rebuild switch + will take care of adding your emacs to the + PATH environment variable (see + ). + + + If you are not on NixOS or want to install this particular Emacs + only for yourself, you can do so by adding it to your + ~/.config/nixpkgs/config.nix (see + Nixpkgs + manual): + + + { packageOverrides = super: let self = super.pkgs; in { myemacs = import /path/to/emacs.nix { pkgs = self; }; }; } -]]> - - - - In this case, the next nix-env -f '<nixpkgs>' -iA - myemacs will take care of adding your emacs to the - PATH environment variable. - -
- -
- Advanced Emacs Configuration - - - If you want, you can tweak the Emacs package itself from your - emacs.nix. For example, if you want to have a - GTK 3-based Emacs instead of the default GTK 2-based binary and remove the - automatically generated emacs.desktop (useful if you - only use emacsclient), you can change your file - emacs.nix in this way: - - - - {} }: + + + In this case, the next + nix-env -f '<nixpkgs>' -iA myemacs will + take care of adding your emacs to the PATH + environment variable. + +
+
+ Advanced Emacs Configuration + + If you want, you can tweak the Emacs package itself from your + emacs.nix. For example, if you want to have + a GTK 3-based Emacs instead of the default GTK 2-based binary + and remove the automatically generated + emacs.desktop (useful if you only use + emacsclient), you can change your file + emacs.nix in this way: + + + + + +{ pkgs ? import <nixpkgs> {} }: let myEmacs = (pkgs.emacs.override { # Use gtk3 instead of the default gtk2 @@ -304,151 +272,143 @@ let }).overrideAttrs (attrs: { # I don't want emacs.desktop file because I only use # emacsclient. - postInstall = (attrs.postInstall or "") + '' + postInstall = (attrs.postInstall or "") + '' rm $out/share/applications/emacs.desktop ''; }); in [...] -]]> - - - After building this file as shown in , you - will get an GTK 3-based Emacs binary pre-loaded with your favorite packages. - + + + After building this file as shown in + the example above, you will + get an GTK 3-based Emacs binary pre-loaded with your favorite + packages. + +
-
-
- Running Emacs as a Service - - - NixOS provides an optional - systemd service which launches - - Emacs daemon with the user's login session. - - - - Source: - modules/services/editors/emacs.nix - - -
- Enabling the Service - - - To install and enable the systemd user service for Emacs - daemon, add the following to your configuration.nix: - +
+ Running Emacs as a Service + + NixOS provides an optional systemd service + which launches + Emacs + daemon with the user's login session. + + + Source: + modules/services/editors/emacs.nix + +
+ Enabling the Service + + To install and enable the systemd user + service for Emacs daemon, add the following to your + configuration.nix: + + services.emacs.enable = true; services.emacs.package = import /home/cassou/.emacs.d { pkgs = pkgs; }; - - - - The services.emacs.package option allows a custom - derivation to be used, for example, one created by - emacsWithPackages. - - - - Ensure that the Emacs server is enabled for your user's Emacs - configuration, either by customizing the server-mode - variable, or by adding (server-start) to - ~/.emacs.d/init.el. - - - - To start the daemon, execute the following: - -$ nixos-rebuild switch # to activate the new configuration.nix -$ systemctl --user daemon-reload # to force systemd reload -$ systemctl --user start emacs.service # to start the Emacs daemon - - The server should now be ready to serve Emacs clients. - -
- -
- Starting the client - - - Ensure that the emacs server is enabled, either by customizing the - server-mode variable, or by adding - (server-start) to ~/.emacs. - - - - To connect to the emacs daemon, run one of the following: - + The services.emacs.package option allows a + custom derivation to be used, for example, one created by + emacsWithPackages. + + + Ensure that the Emacs server is enabled for your user's Emacs + configuration, either by customizing the + server-mode variable, or by adding + (server-start) to + ~/.emacs.d/init.el. + + + To start the daemon, execute the following: + + +$ nixos-rebuild switch # to activate the new configuration.nix +$ systemctl --user daemon-reload # to force systemd reload +$ systemctl --user start emacs.service # to start the Emacs daemon + + + The server should now be ready to serve Emacs clients. + +
+
+ Starting the client + + Ensure that the emacs server is enabled, either by customizing + the server-mode variable, or by adding + (server-start) to + ~/.emacs. + + + To connect to the emacs daemon, run one of the following: + + emacsclient FILENAME emacsclient --create-frame # opens a new frame (window) emacsclient --create-frame --tty # opens a new frame on the current terminal -]]> - -
- -
- Configuring the <varname>EDITOR</varname> variable - - - - - If is - true, the EDITOR variable will be set - to a wrapper script which launches emacsclient. - - - - Any setting of EDITOR in the shell config files will - override services.emacs.defaultEditor. To make sure - EDITOR refers to the Emacs wrapper script, remove any - existing EDITOR assignment from - .profile, .bashrc, - .zshenv or any other shell config file. - - - - If you have formed certain bad habits when editing files, these can be - corrected with a shell alias to the wrapper script: - + +
+
+ Configuring the <varname>EDITOR</varname> variable + + If is + true, the EDITOR variable + will be set to a wrapper script which launches + emacsclient. + + + Any setting of EDITOR in the shell config + files will override + services.emacs.defaultEditor. To make sure + EDITOR refers to the Emacs wrapper script, + remove any existing EDITOR assignment from + .profile, .bashrc, + .zshenv or any other shell config file. + + + If you have formed certain bad habits when editing files, these + can be corrected with a shell alias to the wrapper script: + + alias vi=$EDITOR - -
- -
- Per-User Enabling of the Service - - - In general, systemd user services are globally enabled - by symlinks in /etc/systemd/user. In the case where - Emacs daemon is not wanted for all users, it is possible to install the - service but not globally enable it: - +
+
+ Per-User Enabling of the Service + + In general, systemd user services are + globally enabled by symlinks in + /etc/systemd/user. In the case where Emacs + daemon is not wanted for all users, it is possible to install + the service but not globally enable it: + + services.emacs.enable = false; services.emacs.install = true; - - - - To enable the systemd user service for just the - currently logged in user, run: - + + To enable the systemd user service for just + the currently logged in user, run: + + systemctl --user enable emacs - This will add the symlink - ~/.config/systemd/user/emacs.service. - + + This will add the symlink + ~/.config/systemd/user/emacs.service. + +
-
-
- Configuring Emacs - - - The Emacs init file should be changed to load the extension packages at - startup: - - + Configuring Emacs + + The Emacs init file should be changed to load the extension + packages at startup: + + + (require 'package) ;; optional. makes unpure packages archives unavailable @@ -456,89 +416,73 @@ systemctl --user enable emacs (setq package-enable-at-startup nil) (package-initialize) -]]> - - - - After the declarative emacs package configuration has been tested, - previously downloaded packages can be cleaned up by removing - ~/.emacs.d/elpa (do make a backup first, in case you - forgot a package). - - - - -
- A Major Mode for Nix Expressions - - - Of interest may be melpaPackages.nix-mode, which - provides syntax highlighting for the Nix language. This is particularly - convenient if you regularly edit Nix files. - -
- -
- Accessing man pages - - - You can use woman to get completion of all available - man pages. For example, type M-x woman <RET> nixos-rebuild - <RET>. - -
- -
- Editing DocBook 5 XML Documents - - - Emacs includes - nXML, - a major-mode for validating and editing XML documents. When editing DocBook - 5.0 documents, such as this one, - nXML needs to be configured with the relevant schema, which is not - included. - - - - To install the DocBook 5.0 schemas, either add - pkgs.docbook5 to - - (NixOS), or run - nix-env -f '<nixpkgs>' -iA docbook5 - (Nix). - - - - Then customize the variable rng-schema-locating-files to - include ~/.emacs.d/schemas.xml and put the following - text into that file: - - - - - - - - -]]> - + --> + <namespace ns="http://docbook.org/ns/docbook" + uri="/run/current-system/sw/share/xml/docbook-5.0/rng/docbookxi.rnc"/> + <!-- + Use this variation if installing schema with "nix-env -iA pkgs.docbook5". + <namespace ns="http://docbook.org/ns/docbook" + uri="../.nix-profile/share/xml/docbook-5.0/rng/docbookxi.rnc"/> + --> +</locatingRules> + +
-
From a553f57cb66741cf92442a12eccedf3add05a6f2 Mon Sep 17 00:00:00 2001 From: pennae Date: Tue, 3 Jan 2023 03:01:45 +0100 Subject: [PATCH 044/155] nixos/trezord: convert manual chapter to MD --- nixos/modules/services/hardware/trezord.md | 17 ++++++++ nixos/modules/services/hardware/trezord.nix | 2 + nixos/modules/services/hardware/trezord.xml | 47 +++++++++++---------- 3 files changed, 43 insertions(+), 23 deletions(-) create mode 100644 nixos/modules/services/hardware/trezord.md diff --git a/nixos/modules/services/hardware/trezord.md b/nixos/modules/services/hardware/trezord.md new file mode 100644 index 00000000000..58c244a44bc --- /dev/null +++ b/nixos/modules/services/hardware/trezord.md @@ -0,0 +1,17 @@ +# Trezor {#trezor} + +Trezor is an open-source cryptocurrency hardware wallet and security token +allowing secure storage of private keys. + +It offers advanced features such U2F two-factor authorization, SSH login +through +[Trezor SSH agent](https://wiki.trezor.io/Apps:SSH_agent), +[GPG](https://wiki.trezor.io/GPG) and a +[password manager](https://wiki.trezor.io/Trezor_Password_Manager). +For more information, guides and documentation, see . + +To enable Trezor support, add the following to your {file}`configuration.nix`: + + services.trezord.enable = true; + +This will add all necessary udev rules and start Trezor Bridge. diff --git a/nixos/modules/services/hardware/trezord.nix b/nixos/modules/services/hardware/trezord.nix index 70c1fd09860..014ba9164d4 100644 --- a/nixos/modules/services/hardware/trezord.nix +++ b/nixos/modules/services/hardware/trezord.nix @@ -8,6 +8,8 @@ in { ### docs meta = { + # Don't edit the docbook xml directly, edit the md and generate it: + # `pandoc trezord.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > trezord.xml` doc = ./trezord.xml; }; diff --git a/nixos/modules/services/hardware/trezord.xml b/nixos/modules/services/hardware/trezord.xml index e1f42bc0829..bf9409c7d63 100644 --- a/nixos/modules/services/hardware/trezord.xml +++ b/nixos/modules/services/hardware/trezord.xml @@ -1,26 +1,27 @@ - - Trezor - - Trezor is an open-source cryptocurrency hardware wallet and security token - allowing secure storage of private keys. - - - It offers advanced features such U2F two-factor authorization, SSH login - through - Trezor SSH agent, - GPG and a - password manager. - For more information, guides and documentation, see . - - - To enable Trezor support, add the following to your configuration.nix: - + + Trezor + + Trezor is an open-source cryptocurrency hardware wallet and security + token allowing secure storage of private keys. + + + It offers advanced features such U2F two-factor authorization, SSH + login through + Trezor SSH + agent, + GPG and a + password + manager. For more information, guides and documentation, see + https://wiki.trezor.io. + + + To enable Trezor support, add the following to your + configuration.nix: + + services.trezord.enable = true; - This will add all necessary udev rules and start Trezor Bridge. - + + This will add all necessary udev rules and start Trezor Bridge. + From 5320b4cff8a7f454ac0c086804fd4316696be0ae Mon Sep 17 00:00:00 2001 From: pennae Date: Tue, 3 Jan 2023 03:11:49 +0100 Subject: [PATCH 045/155] nixos/mailman: convert manual chapter to MD --- nixos/modules/services/mail/mailman.md | 82 +++++++++++++++++++ nixos/modules/services/mail/mailman.nix | 2 + nixos/modules/services/mail/mailman.xml | 102 +++++++++++++----------- 3 files changed, 141 insertions(+), 45 deletions(-) create mode 100644 nixos/modules/services/mail/mailman.md diff --git a/nixos/modules/services/mail/mailman.md b/nixos/modules/services/mail/mailman.md new file mode 100644 index 00000000000..55b61f8a258 --- /dev/null +++ b/nixos/modules/services/mail/mailman.md @@ -0,0 +1,82 @@ +# Mailman {#module-services-mailman} + +[Mailman](https://www.list.org) is free +software for managing electronic mail discussion and e-newsletter +lists. Mailman and its web interface can be configured using the +corresponding NixOS module. Note that this service is best used with +an existing, securely configured Postfix setup, as it does not automatically configure this. + +## Basic usage with Postfix {#module-services-mailman-basic-usage} + +For a basic configuration with Postfix as the MTA, the following settings are suggested: +``` +{ config, ... }: { + services.postfix = { + enable = true; + relayDomains = ["hash:/var/lib/mailman/data/postfix_domains"]; + sslCert = config.security.acme.certs."lists.example.org".directory + "/full.pem"; + sslKey = config.security.acme.certs."lists.example.org".directory + "/key.pem"; + config = { + transport_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"]; + local_recipient_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"]; + }; + }; + services.mailman = { + enable = true; + serve.enable = true; + hyperkitty.enable = true; + webHosts = ["lists.example.org"]; + siteOwner = "mailman@example.org"; + }; + services.nginx.virtualHosts."lists.example.org".enableACME = true; + networking.firewall.allowedTCPPorts = [ 25 80 443 ]; +} +``` + +DNS records will also be required: + + - `AAAA` and `A` records pointing to the host in question, in order for browsers to be able to discover the address of the web server; + - An `MX` record pointing to a domain name at which the host is reachable, in order for other mail servers to be able to deliver emails to the mailing lists it hosts. + +After this has been done and appropriate DNS records have been +set up, the Postorius mailing list manager and the Hyperkitty +archive browser will be available at +https://lists.example.org/. Note that this setup is not +sufficient to deliver emails to most email providers nor to +avoid spam -- a number of additional measures for authenticating +incoming and outgoing mails, such as SPF, DMARC and DKIM are +necessary, but outside the scope of the Mailman module. + +## Using with other MTAs {#module-services-mailman-other-mtas} + +Mailman also supports other MTA, though with a little bit more configuration. For example, to use Mailman with Exim, you can use the following settings: +``` +{ config, ... }: { + services = { + mailman = { + enable = true; + siteOwner = "mailman@example.org"; + enablePostfix = false; + settings.mta = { + incoming = "mailman.mta.exim4.LMTP"; + outgoing = "mailman.mta.deliver.deliver"; + lmtp_host = "localhost"; + lmtp_port = "8024"; + smtp_host = "localhost"; + smtp_port = "25"; + configuration = "python:mailman.config.exim4"; + }; + }; + exim = { + enable = true; + # You can configure Exim in a separate file to reduce configuration.nix clutter + config = builtins.readFile ./exim.conf; + }; + }; +} +``` + +The exim config needs some special additions to work with Mailman. Currently +NixOS can't manage Exim config with such granularity. Please refer to +[Mailman documentation](https://mailman.readthedocs.io/en/latest/src/mailman/docs/mta.html) +for more info on configuring Mailman for working with Exim. diff --git a/nixos/modules/services/mail/mailman.nix b/nixos/modules/services/mail/mailman.nix index 2adc7427abf..cc072505c3c 100644 --- a/nixos/modules/services/mail/mailman.nix +++ b/nixos/modules/services/mail/mailman.nix @@ -642,6 +642,8 @@ in { meta = { maintainers = with lib.maintainers; [ lheckemann qyliss ma27 ]; + # Don't edit the docbook xml directly, edit the md and generate it: + # `pandoc mailman.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > mailman.xml` doc = ./mailman.xml; }; diff --git a/nixos/modules/services/mail/mailman.xml b/nixos/modules/services/mail/mailman.xml index c1ad5d1a285..115f3225333 100644 --- a/nixos/modules/services/mail/mailman.xml +++ b/nixos/modules/services/mail/mailman.xml @@ -1,82 +1,93 @@ - + Mailman Mailman is free software for managing electronic mail discussion and e-newsletter lists. Mailman and its web interface can be configured using the corresponding NixOS module. Note that this service is best used with - an existing, securely configured Postfix setup, as it does not automatically configure this. + an existing, securely configured Postfix setup, as it does not + automatically configure this. -
Basic usage with Postfix - For a basic configuration with Postfix as the MTA, the following settings are suggested: - + For a basic configuration with Postfix as the MTA, the following + settings are suggested: + + { config, ... }: { services.postfix = { enable = true; - relayDomains = ["hash:/var/lib/mailman/data/postfix_domains"]; - sslCert = config.security.acme.certs."lists.example.org".directory + "/full.pem"; - sslKey = config.security.acme.certs."lists.example.org".directory + "/key.pem"; + relayDomains = ["hash:/var/lib/mailman/data/postfix_domains"]; + sslCert = config.security.acme.certs."lists.example.org".directory + "/full.pem"; + sslKey = config.security.acme.certs."lists.example.org".directory + "/key.pem"; config = { - transport_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"]; - local_recipient_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"]; + transport_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"]; + local_recipient_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"]; }; }; services.mailman = { enable = true; serve.enable = true; hyperkitty.enable = true; - webHosts = ["lists.example.org"]; - siteOwner = "mailman@example.org"; + webHosts = ["lists.example.org"]; + siteOwner = "mailman@example.org"; }; - services.nginx.virtualHosts."lists.example.org".enableACME = true; + services.nginx.virtualHosts."lists.example.org".enableACME = true; networking.firewall.allowedTCPPorts = [ 25 80 443 ]; } - DNS records will also be required: - - AAAA and A records pointing to the host in question, in order for browsers to be able to discover the address of the web server; - An MX record pointing to a domain name at which the host is reachable, in order for other mail servers to be able to deliver emails to the mailing lists it hosts. - + + + + AAAA and A records + pointing to the host in question, in order for browsers to be + able to discover the address of the web server; + + + + + An MX record pointing to a domain name at + which the host is reachable, in order for other mail servers + to be able to deliver emails to the mailing lists it hosts. + + + - After this has been done and appropriate DNS records have been - set up, the Postorius mailing list manager and the Hyperkitty - archive browser will be available at - https://lists.example.org/. Note that this setup is not - sufficient to deliver emails to most email providers nor to - avoid spam -- a number of additional measures for authenticating - incoming and outgoing mails, such as SPF, DMARC and DKIM are - necessary, but outside the scope of the Mailman module. + After this has been done and appropriate DNS records have been set + up, the Postorius mailing list manager and the Hyperkitty archive + browser will be available at https://lists.example.org/. Note that + this setup is not sufficient to deliver emails to most email + providers nor to avoid spam -- a number of additional measures for + authenticating incoming and outgoing mails, such as SPF, DMARC and + DKIM are necessary, but outside the scope of the Mailman module.
Using with other MTAs - Mailman also supports other MTA, though with a little bit more configuration. For example, to use Mailman with Exim, you can use the following settings: - + Mailman also supports other MTA, though with a little bit more + configuration. For example, to use Mailman with Exim, you can use + the following settings: + + { config, ... }: { services = { mailman = { enable = true; - siteOwner = "mailman@example.org"; + siteOwner = "mailman@example.org"; enablePostfix = false; settings.mta = { - incoming = "mailman.mta.exim4.LMTP"; - outgoing = "mailman.mta.deliver.deliver"; - lmtp_host = "localhost"; - lmtp_port = "8024"; - smtp_host = "localhost"; - smtp_port = "25"; - configuration = "python:mailman.config.exim4"; + incoming = "mailman.mta.exim4.LMTP"; + outgoing = "mailman.mta.deliver.deliver"; + lmtp_host = "localhost"; + lmtp_port = "8024"; + smtp_host = "localhost"; + smtp_port = "25"; + configuration = "python:mailman.config.exim4"; }; }; exim = { @@ -87,12 +98,13 @@ }; } - - The exim config needs some special additions to work with Mailman. Currently - NixOS can't manage Exim config with such granularity. Please refer to - Mailman documentation - for more info on configuring Mailman for working with Exim. + The exim config needs some special additions to work with Mailman. + Currently NixOS can't manage Exim config with such granularity. + Please refer to + Mailman + documentation for more info on configuring Mailman for + working with Exim.
From 078707524efb010b01f491bfdd672a3a53567bee Mon Sep 17 00:00:00 2001 From: pennae Date: Tue, 3 Jan 2023 03:27:03 +0100 Subject: [PATCH 046/155] nixos/mjolnir: convert manual chapter to MD --- nixos/modules/services/matrix/mjolnir.md | 110 +++++++++++++ nixos/modules/services/matrix/mjolnir.nix | 2 + nixos/modules/services/matrix/mjolnir.xml | 180 ++++++++++++---------- 3 files changed, 208 insertions(+), 84 deletions(-) create mode 100644 nixos/modules/services/matrix/mjolnir.md diff --git a/nixos/modules/services/matrix/mjolnir.md b/nixos/modules/services/matrix/mjolnir.md new file mode 100644 index 00000000000..f6994eeb8fa --- /dev/null +++ b/nixos/modules/services/matrix/mjolnir.md @@ -0,0 +1,110 @@ +# Mjolnir (Matrix Moderation Tool) {#module-services-mjolnir} + +This chapter will show you how to set up your own, self-hosted +[Mjolnir](https://github.com/matrix-org/mjolnir) instance. + +As an all-in-one moderation tool, it can protect your server from +malicious invites, spam messages, and whatever else you don't want. +In addition to server-level protection, Mjolnir is great for communities +wanting to protect their rooms without having to use their personal +accounts for moderation. + +The bot by default includes support for bans, redactions, anti-spam, +server ACLs, room directory changes, room alias transfers, account +deactivation, room shutdown, and more. + +See the [README](https://github.com/matrix-org/mjolnir#readme) +page and the [Moderator's guide](https://github.com/matrix-org/mjolnir/blob/main/docs/moderators.md) +for additional instructions on how to setup and use Mjolnir. + +For [additional settings](#opt-services.mjolnir.settings) +see [the default configuration](https://github.com/matrix-org/mjolnir/blob/main/config/default.yaml). + +## Mjolnir Setup {#module-services-mjolnir-setup} + +First create a new Room which will be used as a management room for Mjolnir. In +this room, Mjolnir will log possible errors and debugging information. You'll +need to set this Room-ID in [services.mjolnir.managementRoom](#opt-services.mjolnir.managementRoom). + +Next, create a new user for Mjolnir on your homeserver, if not present already. + +The Mjolnir Matrix user expects to be free of any rate limiting. +See [Synapse #6286](https://github.com/matrix-org/synapse/issues/6286) +for an example on how to achieve this. + +If you want Mjolnir to be able to deactivate users, move room aliases, shutdown rooms, etc. +you'll need to make the Mjolnir user a Matrix server admin. + +Now invite the Mjolnir user to the management room. + +It is recommended to use [Pantalaimon](https://github.com/matrix-org/pantalaimon), +so your management room can be encrypted. This also applies if you are looking to moderate an encrypted room. + +To enable the Pantalaimon E2E Proxy for mjolnir, enable +[services.mjolnir.pantalaimon](#opt-services.mjolnir.pantalaimon.enable). This will +autoconfigure a new Pantalaimon instance, which will connect to the homeserver +set in [services.mjolnir.homeserverUrl](#opt-services.mjolnir.homeserverUrl) and Mjolnir itself +will be configured to connect to the new Pantalaimon instance. + +``` +{ + services.mjolnir = { + enable = true; + homeserverUrl = "https://matrix.domain.tld"; + pantalaimon = { + enable = true; + username = "mjolnir"; + passwordFile = "/run/secrets/mjolnir-password"; + }; + protectedRooms = [ + "https://matrix.to/#/!xxx:domain.tld" + ]; + managementRoom = "!yyy:domain.tld"; + }; +} +``` + +### Element Matrix Services (EMS) {#module-services-mjolnir-setup-ems} + +If you are using a managed ["Element Matrix Services (EMS)"](https://ems.element.io/) +server, you will need to consent to the terms and conditions. Upon startup, an error +log entry with a URL to the consent page will be generated. + +## Synapse Antispam Module {#module-services-mjolnir-matrix-synapse-antispam} + +A Synapse module is also available to apply the same rulesets the bot +uses across an entire homeserver. + +To use the Antispam Module, add `matrix-synapse-plugins.matrix-synapse-mjolnir-antispam` +to the Synapse plugin list and enable the `mjolnir.Module` module. + +``` +{ + services.matrix-synapse = { + plugins = with pkgs; [ + matrix-synapse-plugins.matrix-synapse-mjolnir-antispam + ]; + extraConfig = '' + modules: + - module: mjolnir.Module + config: + # Prevent servers/users in the ban lists from inviting users on this + # server to rooms. Default true. + block_invites: true + # Flag messages sent by servers/users in the ban lists as spam. Currently + # this means that spammy messages will appear as empty to users. Default + # false. + block_messages: false + # Remove users from the user directory search by filtering matrix IDs and + # display names by the entries in the user ban list. Default false. + block_usernames: false + # The room IDs of the ban lists to honour. Unlike other parts of Mjolnir, + # this list cannot be room aliases or permalinks. This server is expected + # to already be joined to the room - Mjolnir will not automatically join + # these rooms. + ban_lists: + - "!roomid:example.org" + ''; + }; +} +``` diff --git a/nixos/modules/services/matrix/mjolnir.nix b/nixos/modules/services/matrix/mjolnir.nix index cbf7b93329d..26d5914151c 100644 --- a/nixos/modules/services/matrix/mjolnir.nix +++ b/nixos/modules/services/matrix/mjolnir.nix @@ -236,6 +236,8 @@ in }; meta = { + # Don't edit the docbook xml directly, edit the md and generate it: + # `pandoc mjolnir.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > mjolnir.xml` doc = ./mjolnir.xml; maintainers = with maintainers; [ jojosch ]; }; diff --git a/nixos/modules/services/matrix/mjolnir.xml b/nixos/modules/services/matrix/mjolnir.xml index 34b5d4df1d2..34a6767c476 100644 --- a/nixos/modules/services/matrix/mjolnir.xml +++ b/nixos/modules/services/matrix/mjolnir.xml @@ -1,106 +1,118 @@ - - Mjolnir (Matrix Moderation Tool) - - This chapter will show you how to set up your own, self-hosted - Mjolnir - instance. - - - As an all-in-one moderation tool, it can protect your server from - malicious invites, spam messages, and whatever else you don't want. - In addition to server-level protection, Mjolnir is great for communities - wanting to protect their rooms without having to use their personal - accounts for moderation. - - - The bot by default includes support for bans, redactions, anti-spam, - server ACLs, room directory changes, room alias transfers, account - deactivation, room shutdown, and more. - - - See the README - page and the Moderator's guide - for additional instructions on how to setup and use Mjolnir. - - - For additional settings - see the default configuration. - -
- Mjolnir Setup + + Mjolnir (Matrix Moderation Tool) - First create a new Room which will be used as a management room for Mjolnir. In - this room, Mjolnir will log possible errors and debugging information. You'll - need to set this Room-ID in services.mjolnir.managementRoom. + This chapter will show you how to set up your own, self-hosted + Mjolnir + instance. - Next, create a new user for Mjolnir on your homeserver, if not present already. + As an all-in-one moderation tool, it can protect your server from + malicious invites, spam messages, and whatever else you don't want. + In addition to server-level protection, Mjolnir is great for + communities wanting to protect their rooms without having to use + their personal accounts for moderation. - The Mjolnir Matrix user expects to be free of any rate limiting. - See Synapse #6286 - for an example on how to achieve this. + The bot by default includes support for bans, redactions, anti-spam, + server ACLs, room directory changes, room alias transfers, account + deactivation, room shutdown, and more. - If you want Mjolnir to be able to deactivate users, move room aliases, shutdown rooms, etc. - you'll need to make the Mjolnir user a Matrix server admin. + See the + README + page and the + Moderator's + guide for additional instructions on how to setup and use + Mjolnir. - Now invite the Mjolnir user to the management room. + For additional + settings see + the + default configuration. - - It is recommended to use Pantalaimon, - so your management room can be encrypted. This also applies if you are looking to moderate an encrypted room. - - - To enable the Pantalaimon E2E Proxy for mjolnir, enable - services.mjolnir.pantalaimon. This will - autoconfigure a new Pantalaimon instance, which will connect to the homeserver - set in services.mjolnir.homeserverUrl and Mjolnir itself - will be configured to connect to the new Pantalaimon instance. - - +
+ Mjolnir Setup + + First create a new Room which will be used as a management room + for Mjolnir. In this room, Mjolnir will log possible errors and + debugging information. You'll need to set this Room-ID in + services.mjolnir.managementRoom. + + + Next, create a new user for Mjolnir on your homeserver, if not + present already. + + + The Mjolnir Matrix user expects to be free of any rate limiting. + See + Synapse + #6286 for an example on how to achieve this. + + + If you want Mjolnir to be able to deactivate users, move room + aliases, shutdown rooms, etc. you'll need to make the Mjolnir user + a Matrix server admin. + + + Now invite the Mjolnir user to the management room. + + + It is recommended to use + Pantalaimon, + so your management room can be encrypted. This also applies if you + are looking to moderate an encrypted room. + + + To enable the Pantalaimon E2E Proxy for mjolnir, enable + services.mjolnir.pantalaimon. + This will autoconfigure a new Pantalaimon instance, which will + connect to the homeserver set in + services.mjolnir.homeserverUrl + and Mjolnir itself will be configured to connect to the new + Pantalaimon instance. + + { services.mjolnir = { enable = true; - homeserverUrl = "https://matrix.domain.tld"; + homeserverUrl = "https://matrix.domain.tld"; pantalaimon = { enable = true; - username = "mjolnir"; - passwordFile = "/run/secrets/mjolnir-password"; + username = "mjolnir"; + passwordFile = "/run/secrets/mjolnir-password"; }; protectedRooms = [ - "https://matrix.to/#/!xxx:domain.tld" + "https://matrix.to/#/!xxx:domain.tld" ]; - managementRoom = "!yyy:domain.tld"; + managementRoom = "!yyy:domain.tld"; }; } -
- Element Matrix Services (EMS) - - If you are using a managed "Element Matrix Services (EMS)" - server, you will need to consent to the terms and conditions. Upon startup, an error - log entry with a URL to the consent page will be generated. - -
-
- -
- Synapse Antispam Module - - A Synapse module is also available to apply the same rulesets the bot - uses across an entire homeserver. - - - To use the Antispam Module, add matrix-synapse-plugins.matrix-synapse-mjolnir-antispam - to the Synapse plugin list and enable the mjolnir.Module module. - - +
+ Element Matrix Services (EMS) + + If you are using a managed + "Element Matrix + Services (EMS)" server, you will need to consent to + the terms and conditions. Upon startup, an error log entry with + a URL to the consent page will be generated. + +
+
+
+ Synapse Antispam Module + + A Synapse module is also available to apply the same rulesets the + bot uses across an entire homeserver. + + + To use the Antispam Module, add + matrix-synapse-plugins.matrix-synapse-mjolnir-antispam + to the Synapse plugin list and enable the + mjolnir.Module module. + + { services.matrix-synapse = { plugins = with pkgs; [ @@ -125,10 +137,10 @@ # to already be joined to the room - Mjolnir will not automatically join # these rooms. ban_lists: - - "!roomid:example.org" + - "!roomid:example.org" ''; }; } -
+
From ad540ad4a58df0d62bd76cf7c6207e5e0dd7cf01 Mon Sep 17 00:00:00 2001 From: pennae Date: Tue, 3 Jan 2023 04:29:32 +0100 Subject: [PATCH 047/155] nixos/synapse: convert manual chapter to MD --- nixos/modules/services/matrix/synapse.md | 216 +++++++++++++++ nixos/modules/services/matrix/synapse.nix | 2 + nixos/modules/services/matrix/synapse.xml | 320 +++++++++++----------- 3 files changed, 384 insertions(+), 154 deletions(-) create mode 100644 nixos/modules/services/matrix/synapse.md diff --git a/nixos/modules/services/matrix/synapse.md b/nixos/modules/services/matrix/synapse.md new file mode 100644 index 00000000000..22f3bce64a4 --- /dev/null +++ b/nixos/modules/services/matrix/synapse.md @@ -0,0 +1,216 @@ +# Matrix {#module-services-matrix} + +[Matrix](https://matrix.org/) is an open standard for +interoperable, decentralised, real-time communication over IP. It can be used +to power Instant Messaging, VoIP/WebRTC signalling, Internet of Things +communication - or anywhere you need a standard HTTP API for publishing and +subscribing to data whilst tracking the conversation history. + +This chapter will show you how to set up your own, self-hosted Matrix +homeserver using the Synapse reference homeserver, and how to serve your own +copy of the Element web client. See the +[Try Matrix Now!](https://matrix.org/docs/projects/try-matrix-now.html) +overview page for links to Element Apps for Android and iOS, +desktop clients, as well as bridges to other networks and other projects +around Matrix. + +## Synapse Homeserver {#module-services-matrix-synapse} + +[Synapse](https://github.com/matrix-org/synapse) is +the reference homeserver implementation of Matrix from the core development +team at matrix.org. The following configuration example will set up a +synapse server for the `example.org` domain, served from +the host `myhostname.example.org`. For more information, +please refer to the +[installation instructions of Synapse](https://matrix-org.github.io/synapse/latest/setup/installation.html) . +``` +{ pkgs, lib, config, ... }: +let + fqdn = "${config.networking.hostName}.${config.networking.domain}"; + clientConfig = { + "m.homeserver".base_url = "https://${fqdn}"; + "m.identity_server" = {}; + }; + serverConfig."m.server" = "${config.services.matrix-synapse.settings.server_name}:443"; + mkWellKnown = data: '' + add_header Content-Type application/json; + add_header Access-Control-Allow-Origin *; + return 200 '${builtins.toJSON data}'; + ''; +in { + networking.hostName = "myhostname"; + networking.domain = "example.org"; + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + services.postgresql.enable = true; + services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" '' + CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; + CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + ''; + + services.nginx = { + enable = true; + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + recommendedProxySettings = true; + virtualHosts = { + # If the A and AAAA DNS records on example.org do not point on the same host as the + # records for myhostname.example.org, you can easily move the /.well-known + # virtualHost section of the code to the host that is serving example.org, while + # the rest stays on myhostname.example.org with no other changes required. + # This pattern also allows to seamlessly move the homeserver from + # myhostname.example.org to myotherhost.example.org by only changing the + # /.well-known redirection target. + "${config.networking.domain}" = { + enableACME = true; + forceSSL = true; + # This section is not needed if the server_name of matrix-synapse is equal to + # the domain (i.e. example.org from @foo:example.org) and the federation port + # is 8448. + # Further reference can be found in the docs about delegation under + # https://matrix-org.github.io/synapse/latest/delegate.html + locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; + # This is usually needed for homeserver discovery (from e.g. other Matrix clients). + # Further reference can be found in the upstream docs at + # https://spec.matrix.org/latest/client-server-api/#getwell-knownmatrixclient + locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; + }; + "${fqdn}" = { + enableACME = true; + forceSSL = true; + # It's also possible to do a redirect here or something else, this vhost is not + # needed for Matrix. It's recommended though to *not put* element + # here, see also the section about Element. + locations."/".extraConfig = '' + return 404; + ''; + # Forward all Matrix API calls to the synapse Matrix homeserver. A trailing slash + # *must not* be used here. + locations."/_matrix".proxyPass = "http://[::1]:8008"; + # Forward requests for e.g. SSO and password-resets. + locations."/_synapse/client".proxyPass = "http://[::1]:8008"; + }; + }; + }; + + services.matrix-synapse = { + enable = true; + settings.server_name = config.networking.domain; + settings.listeners = [ + { port = 8008; + bind_addresses = [ "::1" ]; + type = "http"; + tls = false; + x_forwarded = true; + resources = [ { + names = [ "client" "federation" ]; + compress = true; + } ]; + } + ]; + }; +} +``` + +## Registering Matrix users {#module-services-matrix-register-users} + +If you want to run a server with public registration by anybody, you can +then enable `services.matrix-synapse.settings.enable_registration = true;`. +Otherwise, or you can generate a registration secret with +{command}`pwgen -s 64 1` and set it with +[](#opt-services.matrix-synapse.settings.registration_shared_secret). +To create a new user or admin, run the following after you have set the secret +and have rebuilt NixOS: +```ShellSession +$ nix-shell -p matrix-synapse +$ register_new_matrix_user -k your-registration-shared-secret http://localhost:8008 +New user localpart: your-username +Password: +Confirm password: +Make admin [no]: +Success! +``` +In the example, this would create a user with the Matrix Identifier +`@your-username:example.org`. + +::: {.warning} +When using [](#opt-services.matrix-synapse.settings.registration_shared_secret), the secret +will end up in the world-readable store. Instead it's recommended to deploy the secret +in an additional file like this: + + - Create a file with the following contents: + + ``` + registration_shared_secret: your-very-secret-secret + ``` + - Deploy the file with a secret-manager such as + [{option}`deployment.keys`](https://nixops.readthedocs.io/en/latest/overview.html#managing-keys) + from {manpage}`nixops(1)` or [sops-nix](https://github.com/Mic92/sops-nix/) to + e.g. {file}`/run/secrets/matrix-shared-secret` and ensure that it's readable + by `matrix-synapse`. + - Include the file like this in your configuration: + + ``` + { + services.matrix-synapse.extraConfigFiles = [ + "/run/secrets/matrix-shared-secret" + ]; + } + ``` +::: + +::: {.note} +It's also possible to user alternative authentication mechanism such as +[LDAP (via `matrix-synapse-ldap3`)](https://github.com/matrix-org/matrix-synapse-ldap3) +or [OpenID](https://matrix-org.github.io/synapse/latest/openid.html). +::: + +## Element (formerly known as Riot) Web Client {#module-services-matrix-element-web} + +[Element Web](https://github.com/vector-im/riot-web/) is +the reference web client for Matrix and developed by the core team at +matrix.org. Element was formerly known as Riot.im, see the +[Element introductory blog post](https://element.io/blog/welcome-to-element/) +for more information. The following snippet can be optionally added to the code before +to complete the synapse installation with a web client served at +`https://element.myhostname.example.org` and +`https://element.example.org`. Alternatively, you can use the hosted +copy at , +or use other web clients or native client applications. Due to the +`/.well-known` urls set up done above, many clients should +fill in the required connection details automatically when you enter your +Matrix Identifier. See +[Try Matrix Now!](https://matrix.org/docs/projects/try-matrix-now.html) +for a list of existing clients and their supported featureset. +``` +{ + services.nginx.virtualHosts."element.${fqdn}" = { + enableACME = true; + forceSSL = true; + serverAliases = [ + "element.${config.networking.domain}" + ]; + + root = pkgs.element-web.override { + conf = { + default_server_config = clientConfig; # see `clientConfig` from the snippet above. + }; + }; + }; +} +``` + +::: {.note} +The Element developers do not recommend running Element and your Matrix +homeserver on the same fully-qualified domain name for security reasons. In +the example, this means that you should not reuse the +`myhostname.example.org` virtualHost to also serve Element, +but instead serve it on a different subdomain, like +`element.example.org` in the example. See the +[Element Important Security Notes](https://github.com/vector-im/element-web/tree/v1.10.0#important-security-notes) +for more information on this subject. +::: diff --git a/nixos/modules/services/matrix/synapse.nix b/nixos/modules/services/matrix/synapse.nix index 3087d879b9d..154b4aca786 100644 --- a/nixos/modules/services/matrix/synapse.nix +++ b/nixos/modules/services/matrix/synapse.nix @@ -801,6 +801,8 @@ in { meta = { buildDocsInSandbox = false; + # Don't edit the docbook xml directly, edit the md and generate it: + # `pandoc synapse.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > synapse.xml` doc = ./synapse.xml; maintainers = teams.matrix.members; }; diff --git a/nixos/modules/services/matrix/synapse.xml b/nixos/modules/services/matrix/synapse.xml index b4abe2901fe..2d5eabfd11d 100644 --- a/nixos/modules/services/matrix/synapse.xml +++ b/nixos/modules/services/matrix/synapse.xml @@ -1,63 +1,61 @@ - - Matrix - - Matrix is an open standard for - interoperable, decentralised, real-time communication over IP. It can be used - to power Instant Messaging, VoIP/WebRTC signalling, Internet of Things - communication - or anywhere you need a standard HTTP API for publishing and - subscribing to data whilst tracking the conversation history. - - - This chapter will show you how to set up your own, self-hosted Matrix - homeserver using the Synapse reference homeserver, and how to serve your own - copy of the Element web client. See the - Try - Matrix Now! overview page for links to Element Apps for Android and iOS, - desktop clients, as well as bridges to other networks and other projects - around Matrix. - -
- Synapse Homeserver - + + Matrix - Synapse is - the reference homeserver implementation of Matrix from the core development - team at matrix.org. The following configuration example will set up a - synapse server for the example.org domain, served from - the host myhostname.example.org. For more information, - please refer to the - - installation instructions of Synapse . - + Matrix is an open + standard for interoperable, decentralised, real-time communication + over IP. It can be used to power Instant Messaging, VoIP/WebRTC + signalling, Internet of Things communication - or anywhere you need + a standard HTTP API for publishing and subscribing to data whilst + tracking the conversation history. + + + This chapter will show you how to set up your own, self-hosted + Matrix homeserver using the Synapse reference homeserver, and how to + serve your own copy of the Element web client. See the + Try + Matrix Now! overview page for links to Element Apps for + Android and iOS, desktop clients, as well as bridges to other + networks and other projects around Matrix. + +
+ Synapse Homeserver + + Synapse + is the reference homeserver implementation of Matrix from the core + development team at matrix.org. The following configuration + example will set up a synapse server for the + example.org domain, served from the host + myhostname.example.org. For more information, + please refer to the + installation + instructions of Synapse . + + { pkgs, lib, config, ... }: let - fqdn = "${config.networking.hostName}.${config.networking.domain}"; + fqdn = "${config.networking.hostName}.${config.networking.domain}"; clientConfig = { - "m.homeserver".base_url = "https://${fqdn}"; - "m.identity_server" = {}; + "m.homeserver".base_url = "https://${fqdn}"; + "m.identity_server" = {}; }; - serverConfig."m.server" = "${config.services.matrix-synapse.settings.server_name}:443"; + serverConfig."m.server" = "${config.services.matrix-synapse.settings.server_name}:443"; mkWellKnown = data: '' add_header Content-Type application/json; add_header Access-Control-Allow-Origin *; return 200 '${builtins.toJSON data}'; ''; in { - networking.hostName = "myhostname"; - networking.domain = "example.org"; + networking.hostName = "myhostname"; + networking.domain = "example.org"; networking.firewall.allowedTCPPorts = [ 80 443 ]; services.postgresql.enable = true; - services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" '' - CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; - CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" + services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" '' + CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; + CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; + LC_COLLATE = "C" + LC_CTYPE = "C"; ''; services.nginx = { @@ -74,7 +72,7 @@ in { # This pattern also allows to seamlessly move the homeserver from # myhostname.example.org to myotherhost.example.org by only changing the # /.well-known redirection target. - "${config.networking.domain}" = { + "${config.networking.domain}" = { enableACME = true; forceSSL = true; # This section is not needed if the server_name of matrix-synapse is equal to @@ -82,26 +80,26 @@ in { # is 8448. # Further reference can be found in the docs about delegation under # https://matrix-org.github.io/synapse/latest/delegate.html - locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; + locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; # This is usually needed for homeserver discovery (from e.g. other Matrix clients). # Further reference can be found in the upstream docs at # https://spec.matrix.org/latest/client-server-api/#getwell-knownmatrixclient - locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; + locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; }; - "${fqdn}" = { + "${fqdn}" = { enableACME = true; forceSSL = true; # It's also possible to do a redirect here or something else, this vhost is not # needed for Matrix. It's recommended though to *not put* element # here, see also the section about Element. - locations."/".extraConfig = '' + locations."/".extraConfig = '' return 404; ''; # Forward all Matrix API calls to the synapse Matrix homeserver. A trailing slash # *must not* be used here. - locations."/_matrix".proxyPass = "http://[::1]:8008"; + locations."/_matrix".proxyPass = "http://[::1]:8008"; # Forward requests for e.g. SSO and password-resets. - locations."/_synapse/client".proxyPass = "http://[::1]:8008"; + locations."/_synapse/client".proxyPass = "http://[::1]:8008"; }; }; }; @@ -111,12 +109,12 @@ in { settings.server_name = config.networking.domain; settings.listeners = [ { port = 8008; - bind_addresses = [ "::1" ]; - type = "http"; + bind_addresses = [ "::1" ]; + type = "http"; tls = false; x_forwarded = true; resources = [ { - names = [ "client" "federation" ]; + names = [ "client" "federation" ]; compress = true; } ]; } @@ -124,103 +122,117 @@ in { }; } - -
-
- Registering Matrix users - - If you want to run a server with public registration by anybody, you can - then enable services.matrix-synapse.settings.enable_registration = - true;. Otherwise, or you can generate a registration secret with - pwgen -s 64 1 and set it with - . - To create a new user or admin, run the following after you have set the secret - and have rebuilt NixOS: - -$ nix-shell -p matrix-synapse -$ register_new_matrix_user -k your-registration-shared-secret http://localhost:8008 -New user localpart: your-username -Password: -Confirm password: -Make admin [no]: -Success! - - In the example, this would create a user with the Matrix Identifier - @your-username:example.org. - +
+
+ Registering Matrix users - When using , the secret - will end up in the world-readable store. Instead it's recommended to deploy the secret - in an additional file like this: - - - - Create a file with the following contents: - + If you want to run a server with public registration by anybody, + you can then enable + services.matrix-synapse.settings.enable_registration = true;. + Otherwise, or you can generate a registration secret with + pwgen -s 64 1 and set it with + . + To create a new user or admin, run the following after you have + set the secret and have rebuilt NixOS: + + +$ nix-shell -p matrix-synapse +$ register_new_matrix_user -k your-registration-shared-secret http://localhost:8008 +New user localpart: your-username +Password: +Confirm password: +Make admin [no]: +Success! + + + In the example, this would create a user with the Matrix + Identifier @your-username:example.org. + + + + When using + , + the secret will end up in the world-readable store. Instead it's + recommended to deploy the secret in an additional file like + this: + + + + + Create a file with the following contents: + + registration_shared_secret: your-very-secret-secret - - - - - Deploy the file with a secret-manager such as - from nixops1 - or sops-nix to - e.g. /run/secrets/matrix-shared-secret and ensure that it's readable - by matrix-synapse. - - - - - Include the file like this in your configuration: - + + + + Deploy the file with a secret-manager such as + + from + nixops1 + or + sops-nix + to e.g. + /run/secrets/matrix-shared-secret and + ensure that it's readable by + matrix-synapse. + + + + + Include the file like this in your configuration: + + { services.matrix-synapse.extraConfigFiles = [ - "/run/secrets/matrix-shared-secret" + "/run/secrets/matrix-shared-secret" ]; } - - - + + + + + + It's also possible to user alternative authentication mechanism + such as + LDAP + (via matrix-synapse-ldap3) or + OpenID. + + +
+
+ Element (formerly known as Riot) Web Client + + Element + Web is the reference web client for Matrix and developed by + the core team at matrix.org. Element was formerly known as + Riot.im, see the + Element + introductory blog post for more information. The following + snippet can be optionally added to the code before to complete the + synapse installation with a web client served at + https://element.myhostname.example.org and + https://element.example.org. Alternatively, you + can use the hosted copy at + https://app.element.io/, + or use other web clients or native client applications. Due to the + /.well-known urls set up done above, many + clients should fill in the required connection details + automatically when you enter your Matrix Identifier. See + Try + Matrix Now! for a list of existing clients and their + supported featureset. - - - - - It's also possible to user alternative authentication mechanism such as - LDAP (via matrix-synapse-ldap3) - or OpenID. - - -
-
- Element (formerly known as Riot) Web Client - - - Element Web is - the reference web client for Matrix and developed by the core team at - matrix.org. Element was formerly known as Riot.im, see the - Element introductory blog post - for more information. The following snippet can be optionally added to the code before - to complete the synapse installation with a web client served at - https://element.myhostname.example.org and - https://element.example.org. Alternatively, you can use the hosted - copy at https://app.element.io/, - or use other web clients or native client applications. Due to the - /.well-known urls set up done above, many clients should - fill in the required connection details automatically when you enter your - Matrix Identifier. See - Try - Matrix Now! for a list of existing clients and their supported - featureset. - + { - services.nginx.virtualHosts."element.${fqdn}" = { + services.nginx.virtualHosts."element.${fqdn}" = { enableACME = true; forceSSL = true; serverAliases = [ - "element.${config.networking.domain}" + "element.${config.networking.domain}" ]; root = pkgs.element-web.override { @@ -231,19 +243,19 @@ registration_shared_secret: your-very-secret-secret }; } - - - - - The Element developers do not recommend running Element and your Matrix - homeserver on the same fully-qualified domain name for security reasons. In - the example, this means that you should not reuse the - myhostname.example.org virtualHost to also serve Element, - but instead serve it on a different subdomain, like - element.example.org in the example. See the - Element - Important Security Notes for more information on this subject. - - -
+ + + The Element developers do not recommend running Element and your + Matrix homeserver on the same fully-qualified domain name for + security reasons. In the example, this means that you should not + reuse the myhostname.example.org virtualHost + to also serve Element, but instead serve it on a different + subdomain, like element.example.org in the + example. See the + Element + Important Security Notes for more information on this + subject. + + +
From 73d8b04f3056aaff635885f9dacb253c75239656 Mon Sep 17 00:00:00 2001 From: pennae Date: Tue, 3 Jan 2023 04:54:39 +0100 Subject: [PATCH 048/155] nixos/gitlab: convert manual chapter to MD --- nixos/modules/services/misc/gitlab.md | 112 ++++++++++++ nixos/modules/services/misc/gitlab.nix | 2 + nixos/modules/services/misc/gitlab.xml | 226 ++++++++++++------------- 3 files changed, 222 insertions(+), 118 deletions(-) create mode 100644 nixos/modules/services/misc/gitlab.md diff --git a/nixos/modules/services/misc/gitlab.md b/nixos/modules/services/misc/gitlab.md new file mode 100644 index 00000000000..916b23584ed --- /dev/null +++ b/nixos/modules/services/misc/gitlab.md @@ -0,0 +1,112 @@ +# GitLab {#module-services-gitlab} + +GitLab is a feature-rich git hosting service. + +## Prerequisites {#module-services-gitlab-prerequisites} + +The `gitlab` service exposes only an Unix socket at +`/run/gitlab/gitlab-workhorse.socket`. You need to +configure a webserver to proxy HTTP requests to the socket. + +For instance, the following configuration could be used to use nginx as +frontend proxy: +``` +services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + virtualHosts."git.example.com" = { + enableACME = true; + forceSSL = true; + locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket"; + }; +}; +``` + +## Configuring {#module-services-gitlab-configuring} + +GitLab depends on both PostgreSQL and Redis and will automatically enable +both services. In the case of PostgreSQL, a database and a role will be +created. + +The default state dir is `/var/gitlab/state`. This is where +all data like the repositories and uploads will be stored. + +A basic configuration with some custom settings could look like this: +``` +services.gitlab = { + enable = true; + databasePasswordFile = "/var/keys/gitlab/db_password"; + initialRootPasswordFile = "/var/keys/gitlab/root_password"; + https = true; + host = "git.example.com"; + port = 443; + user = "git"; + group = "git"; + smtp = { + enable = true; + address = "localhost"; + port = 25; + }; + secrets = { + dbFile = "/var/keys/gitlab/db"; + secretFile = "/var/keys/gitlab/secret"; + otpFile = "/var/keys/gitlab/otp"; + jwsFile = "/var/keys/gitlab/jws"; + }; + extraConfig = { + gitlab = { + email_from = "gitlab-no-reply@example.com"; + email_display_name = "Example GitLab"; + email_reply_to = "gitlab-no-reply@example.com"; + default_projects_features = { builds = false; }; + }; + }; +}; +``` + +If you're setting up a new GitLab instance, generate new +secrets. You for instance use +`tr -dc A-Za-z0-9 < /dev/urandom | head -c 128 > /var/keys/gitlab/db` to +generate a new db secret. Make sure the files can be read by, and +only by, the user specified by +[services.gitlab.user](#opt-services.gitlab.user). GitLab +encrypts sensitive data stored in the database. If you're restoring +an existing GitLab instance, you must specify the secrets secret +from `config/secrets.yml` located in your GitLab +state folder. + +When `incoming_mail.enabled` is set to `true` +in [extraConfig](#opt-services.gitlab.extraConfig) an additional +service called `gitlab-mailroom` is enabled for fetching incoming mail. + +Refer to [](#ch-options) for all available configuration +options for the [services.gitlab](#opt-services.gitlab.enable) module. + +## Maintenance {#module-services-gitlab-maintenance} + +### Backups {#module-services-gitlab-maintenance-backups} + +Backups can be configured with the options in +[services.gitlab.backup](#opt-services.gitlab.backup.keepTime). Use +the [services.gitlab.backup.startAt](#opt-services.gitlab.backup.startAt) +option to configure regular backups. + +To run a manual backup, start the `gitlab-backup` service: +```ShellSession +$ systemctl start gitlab-backup.service +``` + +### Rake tasks {#module-services-gitlab-maintenance-rake} + +You can run GitLab's rake tasks with `gitlab-rake` +which will be available on the system when GitLab is enabled. You +will have to run the command as the user that you configured to run +GitLab with. + +A list of all available rake tasks can be obtained by running: +```ShellSession +$ sudo -u git -H gitlab-rake -T +``` diff --git a/nixos/modules/services/misc/gitlab.nix b/nixos/modules/services/misc/gitlab.nix index e7c707228f1..d5dfc22dc22 100644 --- a/nixos/modules/services/misc/gitlab.nix +++ b/nixos/modules/services/misc/gitlab.nix @@ -1502,6 +1502,8 @@ in { }; + # Don't edit the docbook xml directly, edit the md and generate it: + # `pandoc gitlab.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > gitlab.xml` meta.doc = ./gitlab.xml; } diff --git a/nixos/modules/services/misc/gitlab.xml b/nixos/modules/services/misc/gitlab.xml index a9f8d5fd721..42e26afa824 100644 --- a/nixos/modules/services/misc/gitlab.xml +++ b/nixos/modules/services/misc/gitlab.xml @@ -1,151 +1,141 @@ - - GitLab - - GitLab is a feature-rich git hosting service. - -
- Prerequisites - + + GitLab - The gitlab service exposes only an Unix socket at - /run/gitlab/gitlab-workhorse.socket. You need to - configure a webserver to proxy HTTP requests to the socket. + GitLab is a feature-rich git hosting service. - - - For instance, the following configuration could be used to use nginx as - frontend proxy: - +
+ Prerequisites + + The gitlab service exposes only an Unix socket + at /run/gitlab/gitlab-workhorse.socket. You + need to configure a webserver to proxy HTTP requests to the + socket. + + + For instance, the following configuration could be used to use + nginx as frontend proxy: + + services.nginx = { enable = true; recommendedGzipSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; - virtualHosts."git.example.com" = { + virtualHosts."git.example.com" = { enableACME = true; forceSSL = true; - locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket"; + locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket"; }; }; - -
-
- Configuring - - - GitLab depends on both PostgreSQL and Redis and will automatically enable - both services. In the case of PostgreSQL, a database and a role will be - created. - - - - The default state dir is /var/gitlab/state. This is where - all data like the repositories and uploads will be stored. - - - - A basic configuration with some custom settings could look like this: - +
+
+ Configuring + + GitLab depends on both PostgreSQL and Redis and will automatically + enable both services. In the case of PostgreSQL, a database and a + role will be created. + + + The default state dir is /var/gitlab/state. + This is where all data like the repositories and uploads will be + stored. + + + A basic configuration with some custom settings could look like + this: + + services.gitlab = { enable = true; - databasePasswordFile = "/var/keys/gitlab/db_password"; - initialRootPasswordFile = "/var/keys/gitlab/root_password"; + databasePasswordFile = "/var/keys/gitlab/db_password"; + initialRootPasswordFile = "/var/keys/gitlab/root_password"; https = true; - host = "git.example.com"; + host = "git.example.com"; port = 443; - user = "git"; - group = "git"; + user = "git"; + group = "git"; smtp = { enable = true; - address = "localhost"; + address = "localhost"; port = 25; }; secrets = { - dbFile = "/var/keys/gitlab/db"; - secretFile = "/var/keys/gitlab/secret"; - otpFile = "/var/keys/gitlab/otp"; - jwsFile = "/var/keys/gitlab/jws"; + dbFile = "/var/keys/gitlab/db"; + secretFile = "/var/keys/gitlab/secret"; + otpFile = "/var/keys/gitlab/otp"; + jwsFile = "/var/keys/gitlab/jws"; }; extraConfig = { gitlab = { - email_from = "gitlab-no-reply@example.com"; - email_display_name = "Example GitLab"; - email_reply_to = "gitlab-no-reply@example.com"; + email_from = "gitlab-no-reply@example.com"; + email_display_name = "Example GitLab"; + email_reply_to = "gitlab-no-reply@example.com"; default_projects_features = { builds = false; }; }; }; }; - - - - If you're setting up a new GitLab instance, generate new - secrets. You for instance use tr -dc A-Za-z0-9 < - /dev/urandom | head -c 128 > /var/keys/gitlab/db to - generate a new db secret. Make sure the files can be read by, and - only by, the user specified by services.gitlab.user. GitLab - encrypts sensitive data stored in the database. If you're restoring - an existing GitLab instance, you must specify the secrets secret - from config/secrets.yml located in your GitLab - state folder. - - - - When incoming_mail.enabled is set to true - in extraConfig an additional - service called gitlab-mailroom is enabled for fetching incoming mail. - - - - Refer to for all available configuration - options for the - services.gitlab module. - -
-
- Maintenance - -
- Backups - - Backups can be configured with the options in services.gitlab.backup. Use - the services.gitlab.backup.startAt - option to configure regular backups. - - - - To run a manual backup, start the gitlab-backup service: - -$ systemctl start gitlab-backup.service - - + + If you're setting up a new GitLab instance, generate new secrets. + You for instance use + tr -dc A-Za-z0-9 < /dev/urandom | head -c 128 > /var/keys/gitlab/db + to generate a new db secret. Make sure the files can be read by, + and only by, the user specified by + services.gitlab.user. + GitLab encrypts sensitive data stored in the database. If you're + restoring an existing GitLab instance, you must specify the + secrets secret from config/secrets.yml located + in your GitLab state folder. + + + When incoming_mail.enabled is set to + true in + extraConfig + an additional service called gitlab-mailroom is + enabled for fetching incoming mail. + + + Refer to for all available + configuration options for the + services.gitlab + module. +
- -
- Rake tasks - - - You can run GitLab's rake tasks with gitlab-rake - which will be available on the system when GitLab is enabled. You - will have to run the command as the user that you configured to run - GitLab with. - - - - A list of all available rake tasks can be obtained by running: - -$ sudo -u git -H gitlab-rake -T - - +
+ Maintenance +
+ Backups + + Backups can be configured with the options in + services.gitlab.backup. + Use the + services.gitlab.backup.startAt + option to configure regular backups. + + + To run a manual backup, start the + gitlab-backup service: + + +$ systemctl start gitlab-backup.service + +
+
+ Rake tasks + + You can run GitLab's rake tasks with + gitlab-rake which will be available on the + system when GitLab is enabled. You will have to run the command + as the user that you configured to run GitLab with. + + + A list of all available rake tasks can be obtained by running: + + +$ sudo -u git -H gitlab-rake -T + +
-
From 0cc9d6cf5d264b4a561105c667c9d1065d05528f Mon Sep 17 00:00:00 2001 From: pennae Date: Tue, 3 Jan 2023 05:10:27 +0100 Subject: [PATCH 049/155] nixos/sourcehut: convert manual chapter to MD --- .../services/misc/sourcehut/default.nix | 2 + .../services/misc/sourcehut/sourcehut.md | 93 ++++++++++++ .../services/misc/sourcehut/sourcehut.xml | 138 +++++++++--------- 3 files changed, 160 insertions(+), 73 deletions(-) create mode 100644 nixos/modules/services/misc/sourcehut/sourcehut.md diff --git a/nixos/modules/services/misc/sourcehut/default.nix b/nixos/modules/services/misc/sourcehut/default.nix index 7dd254e3492..da3bf069813 100644 --- a/nixos/modules/services/misc/sourcehut/default.nix +++ b/nixos/modules/services/misc/sourcehut/default.nix @@ -1390,6 +1390,8 @@ in '') ]; + # Don't edit the docbook xml directly, edit the md and generate it: + # `pandoc sourcehut.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > sourcehut.xml` meta.doc = ./sourcehut.xml; meta.maintainers = with maintainers; [ tomberek ]; } diff --git a/nixos/modules/services/misc/sourcehut/sourcehut.md b/nixos/modules/services/misc/sourcehut/sourcehut.md new file mode 100644 index 00000000000..44d58aa0bef --- /dev/null +++ b/nixos/modules/services/misc/sourcehut/sourcehut.md @@ -0,0 +1,93 @@ +# Sourcehut {#module-services-sourcehut} + +[Sourcehut](https://sr.ht.com/) is an open-source, +self-hostable software development platform. The server setup can be automated using +[services.sourcehut](#opt-services.sourcehut.enable). + +## Basic usage {#module-services-sourcehut-basic-usage} + +Sourcehut is a Python and Go based set of applications. +This NixOS module also provides basic configuration integrating Sourcehut into locally running +`services.nginx`, `services.redis.servers.sourcehut`, `services.postfix` +and `services.postgresql` services. + +A very basic configuration may look like this: +``` +{ pkgs, ... }: +let + fqdn = + let + join = hostName: domain: hostName + optionalString (domain != null) ".${domain}"; + in join config.networking.hostName config.networking.domain; +in { + + networking = { + hostName = "srht"; + domain = "tld"; + firewall.allowedTCPPorts = [ 22 80 443 ]; + }; + + services.sourcehut = { + enable = true; + git.enable = true; + man.enable = true; + meta.enable = true; + nginx.enable = true; + postfix.enable = true; + postgresql.enable = true; + redis.enable = true; + settings = { + "sr.ht" = { + environment = "production"; + global-domain = fqdn; + origin = "https://${fqdn}"; + # Produce keys with srht-keygen from sourcehut.coresrht. + network-key = "/run/keys/path/to/network-key"; + service-key = "/run/keys/path/to/service-key"; + }; + webhooks.private-key= "/run/keys/path/to/webhook-key"; + }; + }; + + security.acme.certs."${fqdn}".extraDomainNames = [ + "meta.${fqdn}" + "man.${fqdn}" + "git.${fqdn}" + ]; + + services.nginx = { + enable = true; + # only recommendedProxySettings are strictly required, but the rest make sense as well. + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + recommendedProxySettings = true; + + # Settings to setup what certificates are used for which endpoint. + virtualHosts = { + "${fqdn}".enableACME = true; + "meta.${fqdn}".useACMEHost = fqdn: + "man.${fqdn}".useACMEHost = fqdn: + "git.${fqdn}".useACMEHost = fqdn: + }; + }; +} +``` + + The `hostName` option is used internally to configure the nginx +reverse-proxy. The `settings` attribute set is +used by the configuration generator and the result is placed in `/etc/sr.ht/config.ini`. + +## Configuration {#module-services-sourcehut-configuration} + +All configuration parameters are also stored in +`/etc/sr.ht/config.ini` which is generated by +the module and linked from the store to ensure that all values from `config.ini` +can be modified by the module. + +## Using an alternative webserver as reverse-proxy (e.g. `httpd`) {#module-services-sourcehut-httpd} + +By default, `nginx` is used as reverse-proxy for `sourcehut`. +However, it's possible to use e.g. `httpd` by explicitly disabling +`nginx` using [](#opt-services.nginx.enable) and fixing the +`settings`. diff --git a/nixos/modules/services/misc/sourcehut/sourcehut.xml b/nixos/modules/services/misc/sourcehut/sourcehut.xml index 5f9cc75bc9f..883b6f01ef8 100644 --- a/nixos/modules/services/misc/sourcehut/sourcehut.xml +++ b/nixos/modules/services/misc/sourcehut/sourcehut.xml @@ -1,41 +1,36 @@ - - Sourcehut - - Sourcehut is an open-source, - self-hostable software development platform. The server setup can be automated using - services.sourcehut. - - -
- Basic usage + + Sourcehut - Sourcehut is a Python and Go based set of applications. - This NixOS module also provides basic configuration integrating Sourcehut into locally running - services.nginx, - services.redis.servers.sourcehut, - services.postfix - and - services.postgresql services. + Sourcehut is an + open-source, self-hostable software development platform. The server + setup can be automated using + services.sourcehut. - - - A very basic configuration may look like this: - +
+ Basic usage + + Sourcehut is a Python and Go based set of applications. This NixOS + module also provides basic configuration integrating Sourcehut + into locally running services.nginx, + services.redis.servers.sourcehut, + services.postfix and + services.postgresql services. + + + A very basic configuration may look like this: + + { pkgs, ... }: let fqdn = let - join = hostName: domain: hostName + optionalString (domain != null) ".${domain}"; + join = hostName: domain: hostName + optionalString (domain != null) ".${domain}"; in join config.networking.hostName config.networking.domain; in { networking = { - hostName = "srht"; - domain = "tld"; + hostName = "srht"; + domain = "tld"; firewall.allowedTCPPorts = [ 22 80 443 ]; }; @@ -49,22 +44,22 @@ in { postgresql.enable = true; redis.enable = true; settings = { - "sr.ht" = { - environment = "production"; + "sr.ht" = { + environment = "production"; global-domain = fqdn; - origin = "https://${fqdn}"; + origin = "https://${fqdn}"; # Produce keys with srht-keygen from sourcehut.coresrht. - network-key = "/run/keys/path/to/network-key"; - service-key = "/run/keys/path/to/service-key"; + network-key = "/run/keys/path/to/network-key"; + service-key = "/run/keys/path/to/service-key"; }; - webhooks.private-key= "/run/keys/path/to/webhook-key"; + webhooks.private-key= "/run/keys/path/to/webhook-key"; }; }; - security.acme.certs."${fqdn}".extraDomainNames = [ - "meta.${fqdn}" - "man.${fqdn}" - "git.${fqdn}" + security.acme.certs."${fqdn}".extraDomainNames = [ + "meta.${fqdn}" + "man.${fqdn}" + "git.${fqdn}" ]; services.nginx = { @@ -77,43 +72,40 @@ in { # Settings to setup what certificates are used for which endpoint. virtualHosts = { - "${fqdn}".enableACME = true; - "meta.${fqdn}".useACMEHost = fqdn: - "man.${fqdn}".useACMEHost = fqdn: - "git.${fqdn}".useACMEHost = fqdn: + "${fqdn}".enableACME = true; + "meta.${fqdn}".useACMEHost = fqdn: + "man.${fqdn}".useACMEHost = fqdn: + "git.${fqdn}".useACMEHost = fqdn: }; }; } - - - - The hostName option is used internally to configure the nginx - reverse-proxy. The settings attribute set is - used by the configuration generator and the result is placed in /etc/sr.ht/config.ini. - -
- -
- Configuration - - - All configuration parameters are also stored in - /etc/sr.ht/config.ini which is generated by - the module and linked from the store to ensure that all values from config.ini - can be modified by the module. - - -
- -
- Using an alternative webserver as reverse-proxy (e.g. <literal>httpd</literal>) - - By default, nginx is used as reverse-proxy for sourcehut. - However, it's possible to use e.g. httpd by explicitly disabling - nginx using and fixing the - settings. - -
- + + The hostName option is used internally to + configure the nginx reverse-proxy. The settings + attribute set is used by the configuration generator and the + result is placed in /etc/sr.ht/config.ini. + +
+
+ Configuration + + All configuration parameters are also stored in + /etc/sr.ht/config.ini which is generated by the + module and linked from the store to ensure that all values from + config.ini can be modified by the module. + +
+
+ Using an alternative webserver as reverse-proxy (e.g. + <literal>httpd</literal>) + + By default, nginx is used as reverse-proxy for + sourcehut. However, it's possible to use e.g. + httpd by explicitly disabling + nginx using + and fixing the + settings. + +
From 2928e0c4876bcedbeb82675b217f9314c4fe2593 Mon Sep 17 00:00:00 2001 From: pennae Date: Tue, 3 Jan 2023 05:21:22 +0100 Subject: [PATCH 050/155] nixos/taskserver: convert manual chapter to MD --- .../services/misc/taskserver/default.nix | 2 + nixos/modules/services/misc/taskserver/doc.md | 93 +++++++ .../modules/services/misc/taskserver/doc.xml | 247 +++++++++--------- 3 files changed, 215 insertions(+), 127 deletions(-) create mode 100644 nixos/modules/services/misc/taskserver/doc.md diff --git a/nixos/modules/services/misc/taskserver/default.nix b/nixos/modules/services/misc/taskserver/default.nix index ee4bf42183f..c39cde81061 100644 --- a/nixos/modules/services/misc/taskserver/default.nix +++ b/nixos/modules/services/misc/taskserver/default.nix @@ -566,5 +566,7 @@ in { }) ]; + # Don't edit the docbook xml directly, edit the md and generate it: + # `pandoc doc.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > doc.xml` meta.doc = ./doc.xml; } diff --git a/nixos/modules/services/misc/taskserver/doc.md b/nixos/modules/services/misc/taskserver/doc.md new file mode 100644 index 00000000000..ee3b3908e2a --- /dev/null +++ b/nixos/modules/services/misc/taskserver/doc.md @@ -0,0 +1,93 @@ +# Taskserver {#module-services-taskserver} + +Taskserver is the server component of +[Taskwarrior](https://taskwarrior.org/), a free and +open source todo list application. + +*Upstream documentation:* + +## Configuration {#module-services-taskserver-configuration} + +Taskserver does all of its authentication via TLS using client certificates, +so you either need to roll your own CA or purchase a certificate from a +known CA, which allows creation of client certificates. These certificates +are usually advertised as "server certificates". + +So in order to make it easier to handle your own CA, there is a helper tool +called {command}`nixos-taskserver` which manages the custom CA along +with Taskserver organisations, users and groups. + +While the client certificates in Taskserver only authenticate whether a user +is allowed to connect, every user has its own UUID which identifies it as an +entity. + +With {command}`nixos-taskserver` the client certificate is created +along with the UUID of the user, so it handles all of the credentials needed +in order to setup the Taskwarrior client to work with a Taskserver. + +## The nixos-taskserver tool {#module-services-taskserver-nixos-taskserver-tool} + +Because Taskserver by default only provides scripts to setup users +imperatively, the {command}`nixos-taskserver` tool is used for +addition and deletion of organisations along with users and groups defined +by [](#opt-services.taskserver.organisations) and as well for +imperative set up. + +The tool is designed to not interfere if the command is used to manually set +up some organisations, users or groups. + +For example if you add a new organisation using {command}`nixos-taskserver +org add foo`, the organisation is not modified and deleted no +matter what you define in +{option}`services.taskserver.organisations`, even if you're adding +the same organisation in that option. + +The tool is modelled to imitate the official {command}`taskd` +command, documentation for each subcommand can be shown by using the +{option}`--help` switch. + +## Declarative/automatic CA management {#module-services-taskserver-declarative-ca-management} + +Everything is done according to what you specify in the module options, +however in order to set up a Taskwarrior client for synchronisation with a +Taskserver instance, you have to transfer the keys and certificates to the +client machine. + +This is done using {command}`nixos-taskserver user export $orgname +$username` which is printing a shell script fragment to stdout +which can either be used verbatim or adjusted to import the user on the +client machine. + +For example, let's say you have the following configuration: +```ShellSession +{ + services.taskserver.enable = true; + services.taskserver.fqdn = "server"; + services.taskserver.listenHost = "::"; + services.taskserver.organisations.my-company.users = [ "alice" ]; +} +``` +This creates an organisation called `my-company` with the +user `alice`. + +Now in order to import the `alice` user to another machine +`alicebox`, all we need to do is something like this: +```ShellSession +$ ssh server nixos-taskserver user export my-company alice | sh +``` +Of course, if no SSH daemon is available on the server you can also copy +& paste it directly into a shell. + +After this step the user should be set up and you can start synchronising +your tasks for the first time with {command}`task sync init` on +`alicebox`. + +Subsequent synchronisation requests merely require the command {command}`task +sync` after that stage. + +## Manual CA management {#module-services-taskserver-manual-ca-management} + +If you set any options within +[service.taskserver.pki.manual](#opt-services.taskserver.pki.manual.ca.cert).*, +{command}`nixos-taskserver` won't issue certificates, but you can +still use it for adding or removing user accounts. diff --git a/nixos/modules/services/misc/taskserver/doc.xml b/nixos/modules/services/misc/taskserver/doc.xml index 84046748a53..fb7c7be99fe 100644 --- a/nixos/modules/services/misc/taskserver/doc.xml +++ b/nixos/modules/services/misc/taskserver/doc.xml @@ -1,135 +1,128 @@ - - Taskserver - - Taskserver is the server component of - Taskwarrior, a free and - open source todo list application. - - - Upstream documentation: - - -
- Configuration - + + Taskserver - Taskserver does all of its authentication via TLS using client certificates, - so you either need to roll your own CA or purchase a certificate from a - known CA, which allows creation of client certificates. These certificates - are usually advertised as "server certificates". + Taskserver is the server component of + Taskwarrior, a + free and open source todo list application. - - So in order to make it easier to handle your own CA, there is a helper tool - called nixos-taskserver which manages the custom CA along - with Taskserver organisations, users and groups. + Upstream documentation: + https://taskwarrior.org/docs/#taskd - - - While the client certificates in Taskserver only authenticate whether a user - is allowed to connect, every user has its own UUID which identifies it as an - entity. - - - - With nixos-taskserver the client certificate is created - along with the UUID of the user, so it handles all of the credentials needed - in order to setup the Taskwarrior client to work with a Taskserver. - -
-
- The nixos-taskserver tool - - - Because Taskserver by default only provides scripts to setup users - imperatively, the nixos-taskserver tool is used for - addition and deletion of organisations along with users and groups defined - by and as well for - imperative set up. - - - - The tool is designed to not interfere if the command is used to manually set - up some organisations, users or groups. - - - - For example if you add a new organisation using nixos-taskserver - org add foo, the organisation is not modified and deleted no - matter what you define in - , even if you're adding - the same organisation in that option. - - - - The tool is modelled to imitate the official taskd - command, documentation for each subcommand can be shown by using the - switch. - -
-
- Declarative/automatic CA management - - - Everything is done according to what you specify in the module options, - however in order to set up a Taskwarrior client for synchronisation with a - Taskserver instance, you have to transfer the keys and certificates to the - client machine. - - - - This is done using nixos-taskserver user export $orgname - $username which is printing a shell script fragment to stdout - which can either be used verbatim or adjusted to import the user on the - client machine. - - - - For example, let's say you have the following configuration: - +
+ Configuration + + Taskserver does all of its authentication via TLS using client + certificates, so you either need to roll your own CA or purchase a + certificate from a known CA, which allows creation of client + certificates. These certificates are usually advertised as + "server certificates". + + + So in order to make it easier to handle your own CA, there is a + helper tool called nixos-taskserver which + manages the custom CA along with Taskserver organisations, users + and groups. + + + While the client certificates in Taskserver only authenticate + whether a user is allowed to connect, every user has its own UUID + which identifies it as an entity. + + + With nixos-taskserver the client certificate is + created along with the UUID of the user, so it handles all of the + credentials needed in order to setup the Taskwarrior client to + work with a Taskserver. + +
+
+ The nixos-taskserver tool + + Because Taskserver by default only provides scripts to setup users + imperatively, the nixos-taskserver tool is used + for addition and deletion of organisations along with users and + groups defined by + and + as well for imperative set up. + + + The tool is designed to not interfere if the command is used to + manually set up some organisations, users or groups. + + + For example if you add a new organisation using + nixos-taskserver org add foo, the organisation + is not modified and deleted no matter what you define in + , even if you're + adding the same organisation in that option. + + + The tool is modelled to imitate the official + taskd command, documentation for each + subcommand can be shown by using the + switch. + +
+
+ Declarative/automatic CA management + + Everything is done according to what you specify in the module + options, however in order to set up a Taskwarrior client for + synchronisation with a Taskserver instance, you have to transfer + the keys and certificates to the client machine. + + + This is done using + nixos-taskserver user export $orgname $username + which is printing a shell script fragment to stdout which can + either be used verbatim or adjusted to import the user on the + client machine. + + + For example, let's say you have the following configuration: + + { services.taskserver.enable = true; - services.taskserver.fqdn = "server"; - services.taskserver.listenHost = "::"; - services.taskserver.organisations.my-company.users = [ "alice" ]; + services.taskserver.fqdn = "server"; + services.taskserver.listenHost = "::"; + services.taskserver.organisations.my-company.users = [ "alice" ]; } - - This creates an organisation called my-company with the - user alice. - - - - Now in order to import the alice user to another machine - alicebox, all we need to do is something like this: - -$ ssh server nixos-taskserver user export my-company alice | sh - - Of course, if no SSH daemon is available on the server you can also copy - & paste it directly into a shell. - - - - After this step the user should be set up and you can start synchronising - your tasks for the first time with task sync init on - alicebox. - - - - Subsequent synchronisation requests merely require the command task - sync after that stage. - -
-
- Manual CA management - - - If you set any options within - service.taskserver.pki.manual.*, - nixos-taskserver won't issue certificates, but you can - still use it for adding or removing user accounts. - -
+ + + This creates an organisation called my-company + with the user alice. + + + Now in order to import the alice user to + another machine alicebox, all we need to do is + something like this: + + +$ ssh server nixos-taskserver user export my-company alice | sh + + + Of course, if no SSH daemon is available on the server you can + also copy & paste it directly into a shell. + + + After this step the user should be set up and you can start + synchronising your tasks for the first time with + task sync init on alicebox. + + + Subsequent synchronisation requests merely require the command + task sync after that stage. + +
+
+ Manual CA management + + If you set any options within + service.taskserver.pki.manual.*, + nixos-taskserver won't issue certificates, but + you can still use it for adding or removing user accounts. + +
From 8c17c417a1687df44fa9a672e47fc43ef627db59 Mon Sep 17 00:00:00 2001 From: pennae Date: Tue, 3 Jan 2023 05:37:19 +0100 Subject: [PATCH 051/155] nixos/weechat: convert manual chapter to MD --- nixos/modules/services/misc/weechat.md | 46 +++++++++++++ nixos/modules/services/misc/weechat.nix | 2 + nixos/modules/services/misc/weechat.xml | 91 ++++++++++++------------- 3 files changed, 91 insertions(+), 48 deletions(-) create mode 100644 nixos/modules/services/misc/weechat.md diff --git a/nixos/modules/services/misc/weechat.md b/nixos/modules/services/misc/weechat.md new file mode 100644 index 00000000000..21f41be5b4a --- /dev/null +++ b/nixos/modules/services/misc/weechat.md @@ -0,0 +1,46 @@ +# WeeChat {#module-services-weechat} + +[WeeChat](https://weechat.org/) is a fast and +extensible IRC client. + +## Basic Usage {#module-services-weechat-basic-usage} + +By default, the module creates a +[`systemd`](https://www.freedesktop.org/wiki/Software/systemd/) +unit which runs the chat client in a detached +[`screen`](https://www.gnu.org/software/screen/) +session. + +This can be done by enabling the `weechat` service: +``` +{ ... }: + +{ + services.weechat.enable = true; +} +``` + +The service is managed by a dedicated user named `weechat` +in the state directory `/var/lib/weechat`. + +## Re-attaching to WeeChat {#module-services-weechat-reattach} + +WeeChat runs in a screen session owned by a dedicated user. To explicitly +allow your another user to attach to this session, the +`screenrc` needs to be tweaked by adding +[multiuser](https://www.gnu.org/software/screen/manual/html_node/Multiuser.html#Multiuser) +support: +``` +{ + programs.screen.screenrc = '' + multiuser on + acladd normal_user + ''; +} +``` +Now, the session can be re-attached like this: +``` +screen -x weechat/weechat-screen +``` + +*The session name can be changed using [services.weechat.sessionName.](options.html#opt-services.weechat.sessionName)* diff --git a/nixos/modules/services/misc/weechat.nix b/nixos/modules/services/misc/weechat.nix index 663a767a0c1..3fa408d9c88 100644 --- a/nixos/modules/services/misc/weechat.nix +++ b/nixos/modules/services/misc/weechat.nix @@ -59,5 +59,7 @@ in }; }; + # Don't edit the docbook xml directly, edit the md and generate it: + # `pandoc weechat.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > weechat.xml` meta.doc = ./weechat.xml; } diff --git a/nixos/modules/services/misc/weechat.xml b/nixos/modules/services/misc/weechat.xml index ceabd67060c..596acbb927b 100644 --- a/nixos/modules/services/misc/weechat.xml +++ b/nixos/modules/services/misc/weechat.xml @@ -1,50 +1,45 @@ - - WeeChat - - WeeChat is a fast and - extensible IRC client. - -
- Basic Usage - + + WeeChat - By default, the module creates a - systemd - unit which runs the chat client in a detached - screen - session. + WeeChat is a fast and + extensible IRC client. - - - This can be done by enabling the weechat service: - +
+ Basic Usage + + By default, the module creates a + systemd + unit which runs the chat client in a detached + screen + session. + + + This can be done by enabling the weechat + service: + + { ... }: { services.weechat.enable = true; } - - - - The service is managed by a dedicated user named weechat - in the state directory /var/lib/weechat. - -
-
- Re-attaching to WeeChat - - - WeeChat runs in a screen session owned by a dedicated user. To explicitly - allow your another user to attach to this session, the - screenrc needs to be tweaked by adding - multiuser - support: - + + The service is managed by a dedicated user named + weechat in the state directory + /var/lib/weechat. + +
+
+ Re-attaching to WeeChat + + WeeChat runs in a screen session owned by a dedicated user. To + explicitly allow your another user to attach to this session, the + screenrc needs to be tweaked by adding + multiuser + support: + + { programs.screen.screenrc = '' multiuser on @@ -52,15 +47,15 @@ ''; } - Now, the session can be re-attached like this: - + + Now, the session can be re-attached like this: + + screen -x weechat/weechat-screen - - - - The session name can be changed using - services.weechat.sessionName. - -
+ + The session name can be changed using + services.weechat.sessionName. + +
From ce319f60ad515fd0991e33f91af68aec530228c8 Mon Sep 17 00:00:00 2001 From: pennae Date: Tue, 3 Jan 2023 05:51:49 +0100 Subject: [PATCH 052/155] nixos/prometheus/exporters: convert manual chapter to MD --- .../monitoring/prometheus/exporters.md | 180 ++++++++++++ .../monitoring/prometheus/exporters.nix | 2 + .../monitoring/prometheus/exporters.xml | 259 +++++++++--------- 3 files changed, 309 insertions(+), 132 deletions(-) create mode 100644 nixos/modules/services/monitoring/prometheus/exporters.md diff --git a/nixos/modules/services/monitoring/prometheus/exporters.md b/nixos/modules/services/monitoring/prometheus/exporters.md new file mode 100644 index 00000000000..c085e46d20d --- /dev/null +++ b/nixos/modules/services/monitoring/prometheus/exporters.md @@ -0,0 +1,180 @@ +# Prometheus exporters {#module-services-prometheus-exporters} + +Prometheus exporters provide metrics for the +[prometheus monitoring system](https://prometheus.io). + +## Configuration {#module-services-prometheus-exporters-configuration} + +One of the most common exporters is the +[node exporter](https://github.com/prometheus/node_exporter), +it provides hardware and OS metrics from the host it's +running on. The exporter could be configured as follows: +``` + services.prometheus.exporters.node = { + enable = true; + port = 9100; + enabledCollectors = [ + "logind" + "systemd" + ]; + disabledCollectors = [ + "textfile" + ]; + openFirewall = true; + firewallFilter = "-i br0 -p tcp -m tcp --dport 9100"; + }; +``` +It should now serve all metrics from the collectors that are explicitly +enabled and the ones that are +[enabled by default](https://github.com/prometheus/node_exporter#enabled-by-default), +via http under `/metrics`. In this +example the firewall should just allow incoming connections to the +exporter's port on the bridge interface `br0` (this would +have to be configured separately of course). For more information about +configuration see `man configuration.nix` or search through +the [available options](https://nixos.org/nixos/options.html#prometheus.exporters). + +Prometheus can now be configured to consume the metrics produced by the exporter: +``` + services.prometheus = { + # ... + + scrapeConfigs = [ + { + job_name = "node"; + static_configs = [{ + targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; + }]; + } + ]; + + # ... + } +``` + +## Adding a new exporter {#module-services-prometheus-exporters-new-exporter} + +To add a new exporter, it has to be packaged first (see +`nixpkgs/pkgs/servers/monitoring/prometheus/` for +examples), then a module can be added. The postfix exporter is used in this +example: + + - Some default options for all exporters are provided by + `nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix`: + + - `enable` + - `port` + - `listenAddress` + - `extraFlags` + - `openFirewall` + - `firewallFilter` + - `user` + - `group` + - As there is already a package available, the module can now be added. This + is accomplished by adding a new file to the + `nixos/modules/services/monitoring/prometheus/exporters/` + directory, which will be called postfix.nix and contains all exporter + specific options and configuration: + ``` + # nixpgs/nixos/modules/services/prometheus/exporters/postfix.nix + { config, lib, pkgs, options }: + + with lib; + + let + # for convenience we define cfg here + cfg = config.services.prometheus.exporters.postfix; + in + { + port = 9154; # The postfix exporter listens on this port by default + + # `extraOpts` is an attribute set which contains additional options + # (and optional overrides for default options). + # Note that this attribute is optional. + extraOpts = { + telemetryPath = mkOption { + type = types.str; + default = "/metrics"; + description = '' + Path under which to expose metrics. + ''; + }; + logfilePath = mkOption { + type = types.path; + default = /var/log/postfix_exporter_input.log; + example = /var/log/mail.log; + description = '' + Path where Postfix writes log entries. + This file will be truncated by this exporter! + ''; + }; + showqPath = mkOption { + type = types.path; + default = /var/spool/postfix/public/showq; + example = /var/lib/postfix/queue/public/showq; + description = '' + Path at which Postfix places its showq socket. + ''; + }; + }; + + # `serviceOpts` is an attribute set which contains configuration + # for the exporter's systemd service. One of + # `serviceOpts.script` and `serviceOpts.serviceConfig.ExecStart` + # has to be specified here. This will be merged with the default + # service configuration. + # Note that by default 'DynamicUser' is 'true'. + serviceOpts = { + serviceConfig = { + DynamicUser = false; + ExecStart = '' + ${pkgs.prometheus-postfix-exporter}/bin/postfix_exporter \ + --web.listen-address ${cfg.listenAddress}:${toString cfg.port} \ + --web.telemetry-path ${cfg.telemetryPath} \ + ${concatStringsSep " \\\n " cfg.extraFlags} + ''; + }; + }; + } + ``` + - This should already be enough for the postfix exporter. Additionally one + could now add assertions and conditional default values. This can be done + in the 'meta-module' that combines all exporter definitions and generates + the submodules: + `nixpkgs/nixos/modules/services/prometheus/exporters.nix` + +## Updating an exporter module {#module-services-prometheus-exporters-update-exporter-module} + +Should an exporter option change at some point, it is possible to add +information about the change to the exporter definition similar to +`nixpkgs/nixos/modules/rename.nix`: +``` +{ config, lib, pkgs, options }: + +with lib; + +let + cfg = config.services.prometheus.exporters.nginx; +in +{ + port = 9113; + extraOpts = { + # additional module options + # ... + }; + serviceOpts = { + # service configuration + # ... + }; + imports = [ + # 'services.prometheus.exporters.nginx.telemetryEndpoint' -> 'services.prometheus.exporters.nginx.telemetryPath' + (mkRenamedOptionModule [ "telemetryEndpoint" ] [ "telemetryPath" ]) + + # removed option 'services.prometheus.exporters.nginx.insecure' + (mkRemovedOptionModule [ "insecure" ] '' + This option was replaced by 'prometheus.exporters.nginx.sslVerify' which defaults to true. + '') + ({ options.warnings = options.warnings; }) + ]; +} +``` diff --git a/nixos/modules/services/monitoring/prometheus/exporters.nix b/nixos/modules/services/monitoring/prometheus/exporters.nix index f3fbfb149ad..e14eb51e704 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters.nix @@ -323,6 +323,8 @@ in ); meta = { + # Don't edit the docbook xml directly, edit the md and generate it: + # `pandoc exporters.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > exporters.xml` doc = ./exporters.xml; maintainers = [ maintainers.willibutz ]; }; diff --git a/nixos/modules/services/monitoring/prometheus/exporters.xml b/nixos/modules/services/monitoring/prometheus/exporters.xml index e922e1ace8d..066903a81b3 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters.xml +++ b/nixos/modules/services/monitoring/prometheus/exporters.xml @@ -1,138 +1,133 @@ - - Prometheus exporters - - Prometheus exporters provide metrics for the - prometheus monitoring system. - -
- Configuration - + + Prometheus exporters - One of the most common exporters is the - node - exporter, it provides hardware and OS metrics from the host it's - running on. The exporter could be configured as follows: - + Prometheus exporters provide metrics for the + prometheus monitoring + system. + +
+ Configuration + + One of the most common exporters is the + node + exporter, it provides hardware and OS metrics from the host + it's running on. The exporter could be configured as follows: + + services.prometheus.exporters.node = { enable = true; port = 9100; enabledCollectors = [ - "logind" - "systemd" + "logind" + "systemd" ]; disabledCollectors = [ - "textfile" + "textfile" ]; openFirewall = true; - firewallFilter = "-i br0 -p tcp -m tcp --dport 9100"; + firewallFilter = "-i br0 -p tcp -m tcp --dport 9100"; }; - It should now serve all metrics from the collectors that are explicitly - enabled and the ones that are - enabled - by default, via http under /metrics. In this - example the firewall should just allow incoming connections to the - exporter's port on the bridge interface br0 (this would - have to be configured separately of course). For more information about - configuration see man configuration.nix or search through - the - available - options. - - - - Prometheus can now be configured to consume the metrics produced by the exporter: + + It should now serve all metrics from the collectors that are + explicitly enabled and the ones that are + enabled + by default, via http under /metrics. In + this example the firewall should just allow incoming connections + to the exporter's port on the bridge interface + br0 (this would have to be configured + separately of course). For more information about configuration + see man configuration.nix or search through the + available + options. + + + Prometheus can now be configured to consume the metrics produced + by the exporter: + services.prometheus = { # ... scrapeConfigs = [ { - job_name = "node"; + job_name = "node"; static_configs = [{ - targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; + targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; }]; } ]; # ... } - - -
-
- Adding a new exporter - - - To add a new exporter, it has to be packaged first (see - nixpkgs/pkgs/servers/monitoring/prometheus/ for - examples), then a module can be added. The postfix exporter is used in this - example: - - - - + +
+
+ Adding a new exporter - Some default options for all exporters are provided by - nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix: + To add a new exporter, it has to be packaged first (see + nixpkgs/pkgs/servers/monitoring/prometheus/ for + examples), then a module can be added. The postfix exporter is + used in this example: - - - - - enable - - - - - port - - - - - listenAddress - - - - - extraFlags - - - - - openFirewall - - - - - firewallFilter - - - - - user - - - - - group - - - - - - - As there is already a package available, the module can now be added. This - is accomplished by adding a new file to the - nixos/modules/services/monitoring/prometheus/exporters/ - directory, which will be called postfix.nix and contains all exporter - specific options and configuration: - + + + Some default options for all exporters are provided by + nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix: + + + + + enable + + + + + port + + + + + listenAddress + + + + + extraFlags + + + + + openFirewall + + + + + firewallFilter + + + + + user + + + + + group + + + + + + + As there is already a package available, the module can now be + added. This is accomplished by adding a new file to the + nixos/modules/services/monitoring/prometheus/exporters/ + directory, which will be called postfix.nix and contains all + exporter specific options and configuration: + + # nixpgs/nixos/modules/services/prometheus/exporters/postfix.nix { config, lib, pkgs, options }: @@ -151,7 +146,7 @@ in extraOpts = { telemetryPath = mkOption { type = types.str; - default = "/metrics"; + default = "/metrics"; description = '' Path under which to expose metrics. ''; @@ -188,32 +183,33 @@ in ${pkgs.prometheus-postfix-exporter}/bin/postfix_exporter \ --web.listen-address ${cfg.listenAddress}:${toString cfg.port} \ --web.telemetry-path ${cfg.telemetryPath} \ - ${concatStringsSep " \\\n " cfg.extraFlags} + ${concatStringsSep " \\\n " cfg.extraFlags} ''; }; }; } - - - + + + + This should already be enough for the postfix exporter. + Additionally one could now add assertions and conditional + default values. This can be done in the 'meta-module' that + combines all exporter definitions and generates the + submodules: + nixpkgs/nixos/modules/services/prometheus/exporters.nix + + + +
+
+ Updating an exporter module - This should already be enough for the postfix exporter. Additionally one - could now add assertions and conditional default values. This can be done - in the 'meta-module' that combines all exporter definitions and generates - the submodules: - nixpkgs/nixos/modules/services/prometheus/exporters.nix + Should an exporter option change at some point, it is possible to + add information about the change to the exporter definition + similar to nixpkgs/nixos/modules/rename.nix: - - -
-
- Updating an exporter module - - Should an exporter option change at some point, it is possible to add - information about the change to the exporter definition similar to - nixpkgs/nixos/modules/rename.nix: - + { config, lib, pkgs, options }: with lib; @@ -232,17 +228,16 @@ in # ... }; imports = [ - # 'services.prometheus.exporters.nginx.telemetryEndpoint' -> 'services.prometheus.exporters.nginx.telemetryPath' - (mkRenamedOptionModule [ "telemetryEndpoint" ] [ "telemetryPath" ]) + # 'services.prometheus.exporters.nginx.telemetryEndpoint' -> 'services.prometheus.exporters.nginx.telemetryPath' + (mkRenamedOptionModule [ "telemetryEndpoint" ] [ "telemetryPath" ]) # removed option 'services.prometheus.exporters.nginx.insecure' - (mkRemovedOptionModule [ "insecure" ] '' + (mkRemovedOptionModule [ "insecure" ] '' This option was replaced by 'prometheus.exporters.nginx.sslVerify' which defaults to true. '') ({ options.warnings = options.warnings; }) ]; } -
From d075d2c276608c5d497970c4d36922e1065b74bc Mon Sep 17 00:00:00 2001 From: pennae Date: Tue, 3 Jan 2023 05:59:31 +0100 Subject: [PATCH 053/155] nixos/litestream: convert manual chapter to MD --- .../litestream/default.nix | 3 ++ .../litestream/litestream.md | 52 ++++++++++++++++++ .../litestream/litestream.xml | 53 +++++++++---------- 3 files changed, 79 insertions(+), 29 deletions(-) create mode 100644 nixos/modules/services/network-filesystems/litestream/litestream.md diff --git a/nixos/modules/services/network-filesystems/litestream/default.nix b/nixos/modules/services/network-filesystems/litestream/default.nix index 884ffa50e7c..24ac3130f36 100644 --- a/nixos/modules/services/network-filesystems/litestream/default.nix +++ b/nixos/modules/services/network-filesystems/litestream/default.nix @@ -94,5 +94,8 @@ in }; users.groups.litestream = {}; }; + + # Don't edit the docbook xml directly, edit the md and generate it: + # `pandoc litestream.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > litestream.xml` meta.doc = ./litestream.xml; } diff --git a/nixos/modules/services/network-filesystems/litestream/litestream.md b/nixos/modules/services/network-filesystems/litestream/litestream.md new file mode 100644 index 00000000000..8d8486507b7 --- /dev/null +++ b/nixos/modules/services/network-filesystems/litestream/litestream.md @@ -0,0 +1,52 @@ +# Litestream {#module-services-litestream} + +[Litestream](https://litestream.io/) is a standalone streaming +replication tool for SQLite. + +## Configuration {#module-services-litestream-configuration} + +Litestream service is managed by a dedicated user named `litestream` +which needs permission to the database file. Here's an example config which gives +required permissions to access [grafana database](#opt-services.grafana.settings.database.path): +``` +{ pkgs, ... }: +{ + users.users.litestream.extraGroups = [ "grafana" ]; + + systemd.services.grafana.serviceConfig.ExecStartPost = "+" + pkgs.writeShellScript "grant-grafana-permissions" '' + timeout=10 + + while [ ! -f /var/lib/grafana/data/grafana.db ]; + do + if [ "$timeout" == 0 ]; then + echo "ERROR: Timeout while waiting for /var/lib/grafana/data/grafana.db." + exit 1 + fi + + sleep 1 + + ((timeout--)) + done + + find /var/lib/grafana -type d -exec chmod -v 775 {} \; + find /var/lib/grafana -type f -exec chmod -v 660 {} \; + ''; + + services.litestream = { + enable = true; + + environmentFile = "/run/secrets/litestream"; + + settings = { + dbs = [ + { + path = "/var/lib/grafana/data/grafana.db"; + replicas = [{ + url = "s3://mybkt.litestream.io/grafana"; + }]; + } + ]; + }; + }; +} +``` diff --git a/nixos/modules/services/network-filesystems/litestream/litestream.xml b/nixos/modules/services/network-filesystems/litestream/litestream.xml index 8f5597bb689..6ea40c8bf47 100644 --- a/nixos/modules/services/network-filesystems/litestream/litestream.xml +++ b/nixos/modules/services/network-filesystems/litestream/litestream.xml @@ -1,34 +1,31 @@ - - Litestream - - Litestream is a standalone streaming - replication tool for SQLite. - - -
- Configuration - + + Litestream - Litestream service is managed by a dedicated user named litestream - which needs permission to the database file. Here's an example config which gives - required permissions to access - grafana database: - + Litestream is a + standalone streaming replication tool for SQLite. + +
+ Configuration + + Litestream service is managed by a dedicated user named + litestream which needs permission to the + database file. Here's an example config which gives required + permissions to access + grafana + database: + + { pkgs, ... }: { - users.users.litestream.extraGroups = [ "grafana" ]; + users.users.litestream.extraGroups = [ "grafana" ]; - systemd.services.grafana.serviceConfig.ExecStartPost = "+" + pkgs.writeShellScript "grant-grafana-permissions" '' + systemd.services.grafana.serviceConfig.ExecStartPost = "+" + pkgs.writeShellScript "grant-grafana-permissions" '' timeout=10 while [ ! -f /var/lib/grafana/data/grafana.db ]; do - if [ "$timeout" == 0 ]; then - echo "ERROR: Timeout while waiting for /var/lib/grafana/data/grafana.db." + if [ "$timeout" == 0 ]; then + echo "ERROR: Timeout while waiting for /var/lib/grafana/data/grafana.db." exit 1 fi @@ -44,14 +41,14 @@ services.litestream = { enable = true; - environmentFile = "/run/secrets/litestream"; + environmentFile = "/run/secrets/litestream"; settings = { dbs = [ { - path = "/var/lib/grafana/data/grafana.db"; + path = "/var/lib/grafana/data/grafana.db"; replicas = [{ - url = "s3://mybkt.litestream.io/grafana"; + url = "s3://mybkt.litestream.io/grafana"; }]; } ]; @@ -59,7 +56,5 @@ }; } - -
- +
From 5917123885c19a1044a8599a0891b40f79e0de18 Mon Sep 17 00:00:00 2001 From: pennae Date: Tue, 3 Jan 2023 06:13:51 +0100 Subject: [PATCH 054/155] nixos/pleroma: convert manual chapter to MD --- nixos/modules/services/networking/pleroma.md | 180 ++++++++++++++ nixos/modules/services/networking/pleroma.nix | 2 + nixos/modules/services/networking/pleroma.xml | 225 +++++++++++------- 3 files changed, 322 insertions(+), 85 deletions(-) create mode 100644 nixos/modules/services/networking/pleroma.md diff --git a/nixos/modules/services/networking/pleroma.md b/nixos/modules/services/networking/pleroma.md new file mode 100644 index 00000000000..7c499e1c616 --- /dev/null +++ b/nixos/modules/services/networking/pleroma.md @@ -0,0 +1,180 @@ +# Pleroma {#module-services-pleroma} + +[Pleroma](https://pleroma.social/) is a lightweight activity pub server. + +## Generating the Pleroma config {#module-services-pleroma-generate-config} + +The `pleroma_ctl` CLI utility will prompt you some questions and it will generate an initial config file. This is an example of usage +```ShellSession +$ mkdir tmp-pleroma +$ cd tmp-pleroma +$ nix-shell -p pleroma-otp +$ pleroma_ctl instance gen --output config.exs --output-psql setup.psql +``` + +The `config.exs` file can be further customized following the instructions on the [upstream documentation](https://docs-develop.pleroma.social/backend/configuration/cheatsheet/). Many refinements can be applied also after the service is running. + +## Initializing the database {#module-services-pleroma-initialize-db} + +First, the Postgresql service must be enabled in the NixOS configuration +``` +services.postgresql = { + enable = true; + package = pkgs.postgresql_13; +}; +``` +and activated with the usual +```ShellSession +$ nixos-rebuild switch +``` + +Then you can create and seed the database, using the `setup.psql` file that you generated in the previous section, by running +```ShellSession +$ sudo -u postgres psql -f setup.psql +``` + +## Enabling the Pleroma service locally {#module-services-pleroma-enable} + +In this section we will enable the Pleroma service only locally, so its configurations can be improved incrementally. + +This is an example of configuration, where [](#opt-services.pleroma.configs) option contains the content of the file `config.exs`, generated [in the first section](#module-services-pleroma-generate-config), but with the secrets (database password, endpoint secret key, salts, etc.) removed. Removing secrets is important, because otherwise they will be stored publicly in the Nix store. +``` +services.pleroma = { + enable = true; + secretConfigFile = "/var/lib/pleroma/secrets.exs"; + configs = [ + '' + import Config + + config :pleroma, Pleroma.Web.Endpoint, + url: [host: "pleroma.example.net", scheme: "https", port: 443], + http: [ip: {127, 0, 0, 1}, port: 4000] + + config :pleroma, :instance, + name: "Test", + email: "admin@example.net", + notify_email: "admin@example.net", + limit: 5000, + registrations_open: true + + config :pleroma, :media_proxy, + enabled: false, + redirect_on_failure: true + + config :pleroma, Pleroma.Repo, + adapter: Ecto.Adapters.Postgres, + username: "pleroma", + database: "pleroma", + hostname: "localhost" + + # Configure web push notifications + config :web_push_encryption, :vapid_details, + subject: "mailto:admin@example.net" + + # ... TO CONTINUE ... + '' + ]; +}; +``` + +Secrets must be moved into a file pointed by [](#opt-services.pleroma.secretConfigFile), in our case `/var/lib/pleroma/secrets.exs`. This file can be created copying the previously generated `config.exs` file and then removing all the settings, except the secrets. This is an example +``` +# Pleroma instance passwords + +import Config + +config :pleroma, Pleroma.Web.Endpoint, + secret_key_base: "", + signing_salt: "" + +config :pleroma, Pleroma.Repo, + password: "" + +# Configure web push notifications +config :web_push_encryption, :vapid_details, + public_key: "", + private_key: "" + +# ... TO CONTINUE ... +``` +Note that the lines of the same configuration group are comma separated (i.e. all the lines end with a comma, except the last one), so when the lines with passwords are added or removed, commas must be adjusted accordingly. + +The service can be enabled with the usual +```ShellSession +$ nixos-rebuild switch +``` + +The service is accessible only from the local `127.0.0.1:4000` port. It can be tested using a port forwarding like this +```ShellSession +$ ssh -L 4000:localhost:4000 myuser@example.net +``` +and then accessing from a web browser. + +## Creating the admin user {#module-services-pleroma-admin-user} + +After Pleroma service is running, all [Pleroma administration utilities](https://docs-develop.pleroma.social/) can be used. In particular an admin user can be created with +```ShellSession +$ pleroma_ctl user new --admin --moderator --password +``` + +## Configuring Nginx {#module-services-pleroma-nginx} + +In this configuration, Pleroma is listening only on the local port 4000. Nginx can be configured as a Reverse Proxy, for forwarding requests from public ports to the Pleroma service. This is an example of configuration, using +[Let's Encrypt](https://letsencrypt.org/) for the TLS certificates +``` +security.acme = { + email = "root@example.net"; + acceptTerms = true; +}; + +services.nginx = { + enable = true; + addSSL = true; + + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + + recommendedProxySettings = false; + # NOTE: if enabled, the NixOS proxy optimizations will override the Pleroma + # specific settings, and they will enter in conflict. + + virtualHosts = { + "pleroma.example.net" = { + http2 = true; + enableACME = true; + forceSSL = true; + + locations."/" = { + proxyPass = "http://127.0.0.1:4000"; + + extraConfig = '' + etag on; + gzip on; + + add_header 'Access-Control-Allow-Origin' '*' always; + add_header 'Access-Control-Allow-Methods' 'POST, PUT, DELETE, GET, PATCH, OPTIONS' always; + add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, Idempotency-Key' always; + add_header 'Access-Control-Expose-Headers' 'Link, X-RateLimit-Reset, X-RateLimit-Limit, X-RateLimit-Remaining, X-Request-Id' always; + if ($request_method = OPTIONS) { + return 204; + } + add_header X-XSS-Protection "1; mode=block"; + add_header X-Permitted-Cross-Domain-Policies none; + add_header X-Frame-Options DENY; + add_header X-Content-Type-Options nosniff; + add_header Referrer-Policy same-origin; + add_header X-Download-Options noopen; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + + client_max_body_size 16m; + # NOTE: increase if users need to upload very big files + ''; + }; + }; + }; +}; +``` diff --git a/nixos/modules/services/networking/pleroma.nix b/nixos/modules/services/networking/pleroma.nix index f317510258b..d4d659a41d1 100644 --- a/nixos/modules/services/networking/pleroma.nix +++ b/nixos/modules/services/networking/pleroma.nix @@ -147,5 +147,7 @@ in { }; meta.maintainers = with lib.maintainers; [ ninjatrappeur ]; + # Don't edit the docbook xml directly, edit the md and generate it: + # `pandoc pleroma.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > pleroma.xml` meta.doc = ./pleroma.xml; } diff --git a/nixos/modules/services/networking/pleroma.xml b/nixos/modules/services/networking/pleroma.xml index ad0a481af28..5014ac644f7 100644 --- a/nixos/modules/services/networking/pleroma.xml +++ b/nixos/modules/services/networking/pleroma.xml @@ -1,63 +1,90 @@ - - Pleroma - - Pleroma is a lightweight activity pub server. -
- Generating the Pleroma config - The pleroma_ctl CLI utility will prompt you some questions and it will generate an initial config file. This is an example of usage - -$ mkdir tmp-pleroma -$ cd tmp-pleroma -$ nix-shell -p pleroma-otp -$ pleroma_ctl instance gen --output config.exs --output-psql setup.psql - + + Pleroma + + Pleroma is a + lightweight activity pub server. - The config.exs file can be further customized following the instructions on the upstream documentation. Many refinements can be applied also after the service is running. -
-
- Initializing the database - First, the Postgresql service must be enabled in the NixOS configuration - +
+ Generating the Pleroma config + + The pleroma_ctl CLI utility will prompt you + some questions and it will generate an initial config file. This + is an example of usage + + +$ mkdir tmp-pleroma +$ cd tmp-pleroma +$ nix-shell -p pleroma-otp +$ pleroma_ctl instance gen --output config.exs --output-psql setup.psql + + + The config.exs file can be further customized + following the instructions on the + upstream + documentation. Many refinements can be applied also after + the service is running. + +
+
+ Initializing the database + + First, the Postgresql service must be enabled in the NixOS + configuration + + services.postgresql = { enable = true; package = pkgs.postgresql_13; }; -and activated with the usual - -$ nixos-rebuild switch + + and activated with the usual + + +$ nixos-rebuild switch - - Then you can create and seed the database, using the setup.psql file that you generated in the previous section, by running - -$ sudo -u postgres psql -f setup.psql + + Then you can create and seed the database, using the + setup.psql file that you generated in the + previous section, by running + + +$ sudo -u postgres psql -f setup.psql - -
-
- Enabling the Pleroma service locally - In this section we will enable the Pleroma service only locally, so its configurations can be improved incrementally. - This is an example of configuration, where services.pleroma.configs option contains the content of the file config.exs, generated in the first section, but with the secrets (database password, endpoint secret key, salts, etc.) removed. Removing secrets is important, because otherwise they will be stored publicly in the Nix store. - +
+
+ Enabling the Pleroma service locally + + In this section we will enable the Pleroma service only locally, + so its configurations can be improved incrementally. + + + This is an example of configuration, where + option + contains the content of the file config.exs, + generated + in the + first section, but with the secrets (database password, + endpoint secret key, salts, etc.) removed. Removing secrets is + important, because otherwise they will be stored publicly in the + Nix store. + + services.pleroma = { enable = true; - secretConfigFile = "/var/lib/pleroma/secrets.exs"; + secretConfigFile = "/var/lib/pleroma/secrets.exs"; configs = [ '' import Config config :pleroma, Pleroma.Web.Endpoint, - url: [host: "pleroma.example.net", scheme: "https", port: 443], + url: [host: "pleroma.example.net", scheme: "https", port: 443], http: [ip: {127, 0, 0, 1}, port: 4000] config :pleroma, :instance, - name: "Test", - email: "admin@example.net", - notify_email: "admin@example.net", + name: "Test", + email: "admin@example.net", + notify_email: "admin@example.net", limit: 5000, registrations_open: true @@ -67,68 +94,97 @@ services.pleroma = { config :pleroma, Pleroma.Repo, adapter: Ecto.Adapters.Postgres, - username: "pleroma", - database: "pleroma", - hostname: "localhost" + username: "pleroma", + database: "pleroma", + hostname: "localhost" # Configure web push notifications config :web_push_encryption, :vapid_details, - subject: "mailto:admin@example.net" + subject: "mailto:admin@example.net" # ... TO CONTINUE ... '' ]; }; - - Secrets must be moved into a file pointed by services.pleroma.secretConfigFile, in our case /var/lib/pleroma/secrets.exs. This file can be created copying the previously generated config.exs file and then removing all the settings, except the secrets. This is an example - + + Secrets must be moved into a file pointed by + , in + our case /var/lib/pleroma/secrets.exs. This + file can be created copying the previously generated + config.exs file and then removing all the + settings, except the secrets. This is an example + + # Pleroma instance passwords import Config config :pleroma, Pleroma.Web.Endpoint, - secret_key_base: "<the secret generated by pleroma_ctl>", - signing_salt: "<the secret generated by pleroma_ctl>" + secret_key_base: "<the secret generated by pleroma_ctl>", + signing_salt: "<the secret generated by pleroma_ctl>" config :pleroma, Pleroma.Repo, - password: "<the secret generated by pleroma_ctl>" + password: "<the secret generated by pleroma_ctl>" # Configure web push notifications config :web_push_encryption, :vapid_details, - public_key: "<the secret generated by pleroma_ctl>", - private_key: "<the secret generated by pleroma_ctl>" + public_key: "<the secret generated by pleroma_ctl>", + private_key: "<the secret generated by pleroma_ctl>" # ... TO CONTINUE ... - Note that the lines of the same configuration group are comma separated (i.e. all the lines end with a comma, except the last one), so when the lines with passwords are added or removed, commas must be adjusted accordingly. - - The service can be enabled with the usual - -$ nixos-rebuild switch + + Note that the lines of the same configuration group are comma + separated (i.e. all the lines end with a comma, except the last + one), so when the lines with passwords are added or removed, + commas must be adjusted accordingly. + + + The service can be enabled with the usual + + +$ nixos-rebuild switch - - The service is accessible only from the local 127.0.0.1:4000 port. It can be tested using a port forwarding like this - -$ ssh -L 4000:localhost:4000 myuser@example.net + + The service is accessible only from the local + 127.0.0.1:4000 port. It can be tested using a + port forwarding like this + + +$ ssh -L 4000:localhost:4000 myuser@example.net -and then accessing http://localhost:4000 from a web browser. -
-
- Creating the admin user - After Pleroma service is running, all Pleroma administration utilities can be used. In particular an admin user can be created with - -$ pleroma_ctl user new <nickname> <email> --admin --moderator --password <password> + + and then accessing + http://localhost:4000 + from a web browser. + +
+
+ Creating the admin user + + After Pleroma service is running, all + Pleroma + administration utilities can be used. In particular an + admin user can be created with + + +$ pleroma_ctl user new <nickname> <email> --admin --moderator --password <password> - -
-
- Configuring Nginx - In this configuration, Pleroma is listening only on the local port 4000. Nginx can be configured as a Reverse Proxy, for forwarding requests from public ports to the Pleroma service. This is an example of configuration, using -Let's Encrypt for the TLS certificates - +
+
+ Configuring Nginx + + In this configuration, Pleroma is listening only on the local port + 4000. Nginx can be configured as a Reverse Proxy, for forwarding + requests from public ports to the Pleroma service. This is an + example of configuration, using + Let's Encrypt + for the TLS certificates + + security.acme = { - email = "root@example.net"; + email = "root@example.net"; acceptTerms = true; }; @@ -145,13 +201,13 @@ services.nginx = { # specific settings, and they will enter in conflict. virtualHosts = { - "pleroma.example.net" = { + "pleroma.example.net" = { http2 = true; enableACME = true; forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:4000"; + locations."/" = { + proxyPass = "http://127.0.0.1:4000"; extraConfig = '' etag on; @@ -164,7 +220,7 @@ services.nginx = { if ($request_method = OPTIONS) { return 204; } - add_header X-XSS-Protection "1; mode=block"; + add_header X-XSS-Protection "1; mode=block"; add_header X-Permitted-Cross-Domain-Policies none; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; @@ -172,7 +228,7 @@ services.nginx = { add_header X-Download-Options noopen; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; + proxy_set_header Connection "upgrade"; proxy_set_header Host $host; client_max_body_size 16m; @@ -183,6 +239,5 @@ services.nginx = { }; }; - -
+
From 963c6f54aa14cb040ee3ef38626cadf445dcd732 Mon Sep 17 00:00:00 2001 From: pennae Date: Tue, 3 Jan 2023 06:23:17 +0100 Subject: [PATCH 055/155] nixos/prosody: convert manual chapter to MD --- nixos/modules/services/networking/prosody.md | 72 ++++++++++ nixos/modules/services/networking/prosody.nix | 3 + nixos/modules/services/networking/prosody.xml | 135 +++++++++--------- 3 files changed, 143 insertions(+), 67 deletions(-) create mode 100644 nixos/modules/services/networking/prosody.md diff --git a/nixos/modules/services/networking/prosody.md b/nixos/modules/services/networking/prosody.md new file mode 100644 index 00000000000..2da2c242a98 --- /dev/null +++ b/nixos/modules/services/networking/prosody.md @@ -0,0 +1,72 @@ +# Prosody {#module-services-prosody} + +[Prosody](https://prosody.im/) is an open-source, modern XMPP server. + +## Basic usage {#module-services-prosody-basic-usage} + +A common struggle for most XMPP newcomers is to find the right set +of XMPP Extensions (XEPs) to setup. Forget to activate a few of +those and your XMPP experience might turn into a nightmare! + +The XMPP community tackles this problem by creating a meta-XEP +listing a decent set of XEPs you should implement. This meta-XEP +is issued every year, the 2020 edition being +[XEP-0423](https://xmpp.org/extensions/xep-0423.html). + +The NixOS Prosody module will implement most of these recommendend XEPs out of +the box. That being said, two components still require some +manual configuration: the +[Multi User Chat (MUC)](https://xmpp.org/extensions/xep-0045.html) +and the [HTTP File Upload](https://xmpp.org/extensions/xep-0363.html) ones. +You'll need to create a DNS subdomain for each of those. The current convention is to name your +MUC endpoint `conference.example.org` and your HTTP upload domain `upload.example.org`. + +A good configuration to start with, including a +[Multi User Chat (MUC)](https://xmpp.org/extensions/xep-0045.html) +endpoint as well as a [HTTP File Upload](https://xmpp.org/extensions/xep-0363.html) +endpoint will look like this: +``` +services.prosody = { + enable = true; + admins = [ "root@example.org" ]; + ssl.cert = "/var/lib/acme/example.org/fullchain.pem"; + ssl.key = "/var/lib/acme/example.org/key.pem"; + virtualHosts."example.org" = { + enabled = true; + domain = "example.org"; + ssl.cert = "/var/lib/acme/example.org/fullchain.pem"; + ssl.key = "/var/lib/acme/example.org/key.pem"; + }; + muc = [ { + domain = "conference.example.org"; + } ]; + uploadHttp = { + domain = "upload.example.org"; + }; +}; +``` + +## Let's Encrypt Configuration {#module-services-prosody-letsencrypt} + +As you can see in the code snippet from the +[previous section](#module-services-prosody-basic-usage), +you'll need a single TLS certificate covering your main endpoint, +the MUC one as well as the HTTP Upload one. We can generate such a +certificate by leveraging the ACME +[extraDomainNames](#opt-security.acme.certs._name_.extraDomainNames) module option. + +Provided the setup detailed in the previous section, you'll need the following acme configuration to generate +a TLS certificate for the three endponits: +``` +security.acme = { + email = "root@example.org"; + acceptTerms = true; + certs = { + "example.org" = { + webroot = "/var/www/example.org"; + email = "root@example.org"; + extraDomainNames = [ "conference.example.org" "upload.example.org" ]; + }; + }; +}; +``` diff --git a/nixos/modules/services/networking/prosody.nix b/nixos/modules/services/networking/prosody.nix index 342638f93ba..07d3afa73b1 100644 --- a/nixos/modules/services/networking/prosody.nix +++ b/nixos/modules/services/networking/prosody.nix @@ -904,5 +904,8 @@ in }; }; + + # Don't edit the docbook xml directly, edit the md and generate it: + # `pandoc prosody.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > prosody.xml` meta.doc = ./prosody.xml; } diff --git a/nixos/modules/services/networking/prosody.xml b/nixos/modules/services/networking/prosody.xml index 89b0377d97d..32b5dc8c129 100644 --- a/nixos/modules/services/networking/prosody.xml +++ b/nixos/modules/services/networking/prosody.xml @@ -1,89 +1,90 @@ - - Prosody - - Prosody is an open-source, modern XMPP server. - -
- Basic usage - + + Prosody - A common struggle for most XMPP newcomers is to find the right set - of XMPP Extensions (XEPs) to setup. Forget to activate a few of - those and your XMPP experience might turn into a nightmare! + Prosody is an + open-source, modern XMPP server. - - - The XMPP community tackles this problem by creating a meta-XEP - listing a decent set of XEPs you should implement. This meta-XEP - is issued every year, the 2020 edition being - XEP-0423. - - - The NixOS Prosody module will implement most of these recommendend XEPs out of - the box. That being said, two components still require some - manual configuration: the - Multi User Chat (MUC) - and the HTTP File Upload ones. - You'll need to create a DNS subdomain for each of those. The current convention is to name your - MUC endpoint conference.example.org and your HTTP upload domain upload.example.org. - - - A good configuration to start with, including a - Multi User Chat (MUC) - endpoint as well as a HTTP File Upload - endpoint will look like this: +
+ Basic usage + + A common struggle for most XMPP newcomers is to find the right set + of XMPP Extensions (XEPs) to setup. Forget to activate a few of + those and your XMPP experience might turn into a nightmare! + + + The XMPP community tackles this problem by creating a meta-XEP + listing a decent set of XEPs you should implement. This meta-XEP + is issued every year, the 2020 edition being + XEP-0423. + + + The NixOS Prosody module will implement most of these recommendend + XEPs out of the box. That being said, two components still require + some manual configuration: the + Multi + User Chat (MUC) and the + HTTP + File Upload ones. You'll need to create a DNS subdomain for + each of those. The current convention is to name your MUC endpoint + conference.example.org and your HTTP upload + domain upload.example.org. + + + A good configuration to start with, including a + Multi + User Chat (MUC) endpoint as well as a + HTTP + File Upload endpoint will look like this: + services.prosody = { enable = true; - admins = [ "root@example.org" ]; - ssl.cert = "/var/lib/acme/example.org/fullchain.pem"; - ssl.key = "/var/lib/acme/example.org/key.pem"; - virtualHosts."example.org" = { + admins = [ "root@example.org" ]; + ssl.cert = "/var/lib/acme/example.org/fullchain.pem"; + ssl.key = "/var/lib/acme/example.org/key.pem"; + virtualHosts."example.org" = { enabled = true; - domain = "example.org"; - ssl.cert = "/var/lib/acme/example.org/fullchain.pem"; - ssl.key = "/var/lib/acme/example.org/key.pem"; + domain = "example.org"; + ssl.cert = "/var/lib/acme/example.org/fullchain.pem"; + ssl.key = "/var/lib/acme/example.org/key.pem"; }; muc = [ { - domain = "conference.example.org"; + domain = "conference.example.org"; } ]; uploadHttp = { - domain = "upload.example.org"; + domain = "upload.example.org"; }; }; - -
-
- Let's Encrypt Configuration - - As you can see in the code snippet from the - previous section, - you'll need a single TLS certificate covering your main endpoint, - the MUC one as well as the HTTP Upload one. We can generate such a - certificate by leveraging the ACME - extraDomainNames module option. - - - Provided the setup detailed in the previous section, you'll need the following acme configuration to generate - a TLS certificate for the three endponits: +
+
+ Let's Encrypt Configuration + + As you can see in the code snippet from the + previous + section, you'll need a single TLS certificate covering your + main endpoint, the MUC one as well as the HTTP Upload one. We can + generate such a certificate by leveraging the ACME + extraDomainNames + module option. + + + Provided the setup detailed in the previous section, you'll need + the following acme configuration to generate a TLS certificate for + the three endponits: + security.acme = { - email = "root@example.org"; + email = "root@example.org"; acceptTerms = true; certs = { - "example.org" = { - webroot = "/var/www/example.org"; - email = "root@example.org"; - extraDomainNames = [ "conference.example.org" "upload.example.org" ]; + "example.org" = { + webroot = "/var/www/example.org"; + email = "root@example.org"; + extraDomainNames = [ "conference.example.org" "upload.example.org" ]; }; }; }; - -
+
From e4897cdf1605e8c30e79402b5bb054085d5f8a06 Mon Sep 17 00:00:00 2001 From: pennae Date: Tue, 3 Jan 2023 06:32:09 +0100 Subject: [PATCH 056/155] nixos/yggdrasil: convert manual chapter to MD --- .../modules/services/networking/yggdrasil.md | 141 ++++++++++++++++++ .../modules/services/networking/yggdrasil.nix | 2 + .../modules/services/networking/yggdrasil.xml | 71 +++++---- 3 files changed, 178 insertions(+), 36 deletions(-) create mode 100644 nixos/modules/services/networking/yggdrasil.md diff --git a/nixos/modules/services/networking/yggdrasil.md b/nixos/modules/services/networking/yggdrasil.md new file mode 100644 index 00000000000..bbaea5bc74a --- /dev/null +++ b/nixos/modules/services/networking/yggdrasil.md @@ -0,0 +1,141 @@ +# Yggdrasil {#module-services-networking-yggdrasil} + +*Source:* {file}`modules/services/networking/yggdrasil/default.nix` + +*Upstream documentation:* + +Yggdrasil is an early-stage implementation of a fully end-to-end encrypted, +self-arranging IPv6 network. + +## Configuration {#module-services-networking-yggdrasil-configuration} + +### Simple ephemeral node {#module-services-networking-yggdrasil-configuration-simple} + +An annotated example of a simple configuration: +``` +{ + services.yggdrasil = { + enable = true; + persistentKeys = false; + # The NixOS module will generate new keys and a new IPv6 address each time + # it is started if persistentKeys is not enabled. + + settings = { + Peers = [ + # Yggdrasil will automatically connect and "peer" with other nodes it + # discovers via link-local multicast announcements. Unless this is the + # case (it probably isn't) a node needs peers within the existing + # network that it can tunnel to. + "tcp://1.2.3.4:1024" + "tcp://1.2.3.5:1024" + # Public peers can be found at + # https://github.com/yggdrasil-network/public-peers + ]; + }; + }; +} +``` + +### Persistent node with prefix {#module-services-networking-yggdrasil-configuration-prefix} + +A node with a fixed address that announces a prefix: +``` +let + address = "210:5217:69c0:9afc:1b95:b9f:8718:c3d2"; + prefix = "310:5217:69c0:9afc"; + # taken from the output of "yggdrasilctl getself". +in { + + services.yggdrasil = { + enable = true; + persistentKeys = true; # Maintain a fixed public key and IPv6 address. + settings = { + Peers = [ "tcp://1.2.3.4:1024" "tcp://1.2.3.5:1024" ]; + NodeInfo = { + # This information is visible to the network. + name = config.networking.hostName; + location = "The North Pole"; + }; + }; + }; + + boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1; + # Forward traffic under the prefix. + + networking.interfaces.${eth0}.ipv6.addresses = [{ + # Set a 300::/8 address on the local physical device. + address = prefix + "::1"; + prefixLength = 64; + }]; + + services.radvd = { + # Announce the 300::/8 prefix to eth0. + enable = true; + config = '' + interface eth0 + { + AdvSendAdvert on; + prefix ${prefix}::/64 { + AdvOnLink on; + AdvAutonomous on; + }; + route 200::/8 {}; + }; + ''; + }; +} +``` + +### Yggdrasil attached Container {#module-services-networking-yggdrasil-configuration-container} + +A NixOS container attached to the Yggdrasil network via a node running on the +host: +``` +let + yggPrefix64 = "310:5217:69c0:9afc"; + # Again, taken from the output of "yggdrasilctl getself". +in +{ + boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1; + # Enable IPv6 forwarding. + + networking = { + bridges.br0.interfaces = [ ]; + # A bridge only to containers… + + interfaces.br0 = { + # … configured with a prefix address. + ipv6.addresses = [{ + address = "${yggPrefix64}::1"; + prefixLength = 64; + }]; + }; + }; + + containers.foo = { + autoStart = true; + privateNetwork = true; + hostBridge = "br0"; + # Attach the container to the bridge only. + config = { config, pkgs, ... }: { + networking.interfaces.eth0.ipv6 = { + addresses = [{ + # Configure a prefix address. + address = "${yggPrefix64}::2"; + prefixLength = 64; + }]; + routes = [{ + # Configure the prefix route. + address = "200::"; + prefixLength = 7; + via = "${yggPrefix64}::1"; + }]; + }; + + services.httpd.enable = true; + networking.firewall.allowedTCPPorts = [ 80 ]; + }; + }; + +} +``` diff --git a/nixos/modules/services/networking/yggdrasil.nix b/nixos/modules/services/networking/yggdrasil.nix index 3d5cbdd2dc3..88ab728fc51 100644 --- a/nixos/modules/services/networking/yggdrasil.nix +++ b/nixos/modules/services/networking/yggdrasil.nix @@ -193,6 +193,8 @@ in { environment.systemPackages = [ cfg.package ]; }); meta = { + # Don't edit the docbook xml directly, edit the md and generate it: + # `pandoc yggdrasil.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > yggdrasil.xml` doc = ./yggdrasil.xml; maintainers = with lib.maintainers; [ gazally ehmry ]; }; diff --git a/nixos/modules/services/networking/yggdrasil.xml b/nixos/modules/services/networking/yggdrasil.xml index a7b8c469529..5b6f63b3ae0 100644 --- a/nixos/modules/services/networking/yggdrasil.xml +++ b/nixos/modules/services/networking/yggdrasil.xml @@ -1,5 +1,4 @@ - - + Yggdrasil Source: @@ -7,19 +6,20 @@ Upstream documentation: - + https://yggdrasil-network.github.io/ -Yggdrasil is an early-stage implementation of a fully end-to-end encrypted, -self-arranging IPv6 network. - + Yggdrasil is an early-stage implementation of a fully end-to-end + encrypted, self-arranging IPv6 network. +
Configuration
Simple ephemeral node -An annotated example of a simple configuration: - + An annotated example of a simple configuration: + + { services.yggdrasil = { enable = true; @@ -29,12 +29,12 @@ An annotated example of a simple configuration: settings = { Peers = [ - # Yggdrasil will automatically connect and "peer" with other nodes it + # Yggdrasil will automatically connect and "peer" with other nodes it # discovers via link-local multicast announcements. Unless this is the # case (it probably isn't) a node needs peers within the existing # network that it can tunnel to. - "tcp://1.2.3.4:1024" - "tcp://1.2.3.5:1024" + "tcp://1.2.3.4:1024" + "tcp://1.2.3.5:1024" # Public peers can be found at # https://github.com/yggdrasil-network/public-peers ]; @@ -42,38 +42,38 @@ An annotated example of a simple configuration: }; } -
Persistent node with prefix -A node with a fixed address that announces a prefix: - + A node with a fixed address that announces a prefix: + + let - address = "210:5217:69c0:9afc:1b95:b9f:8718:c3d2"; - prefix = "310:5217:69c0:9afc"; - # taken from the output of "yggdrasilctl getself". + address = "210:5217:69c0:9afc:1b95:b9f:8718:c3d2"; + prefix = "310:5217:69c0:9afc"; + # taken from the output of "yggdrasilctl getself". in { services.yggdrasil = { enable = true; persistentKeys = true; # Maintain a fixed public key and IPv6 address. settings = { - Peers = [ "tcp://1.2.3.4:1024" "tcp://1.2.3.5:1024" ]; + Peers = [ "tcp://1.2.3.4:1024" "tcp://1.2.3.5:1024" ]; NodeInfo = { # This information is visible to the network. name = config.networking.hostName; - location = "The North Pole"; + location = "The North Pole"; }; }; }; - boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1; + boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1; # Forward traffic under the prefix. networking.interfaces.${eth0}.ipv6.addresses = [{ # Set a 300::/8 address on the local physical device. - address = prefix + "::1"; + address = prefix + "::1"; prefixLength = 64; }]; @@ -94,30 +94,30 @@ in { }; } -
Yggdrasil attached Container -A NixOS container attached to the Yggdrasil network via a node running on the -host: - + A NixOS container attached to the Yggdrasil network via a node + running on the host: + + let - yggPrefix64 = "310:5217:69c0:9afc"; - # Again, taken from the output of "yggdrasilctl getself". + yggPrefix64 = "310:5217:69c0:9afc"; + # Again, taken from the output of "yggdrasilctl getself". in { - boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1; + boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1; # Enable IPv6 forwarding. networking = { bridges.br0.interfaces = [ ]; - # A bridge only to containers… + # A bridge only to containers… interfaces.br0 = { - # … configured with a prefix address. + # … configured with a prefix address. ipv6.addresses = [{ - address = "${yggPrefix64}::1"; + address = "${yggPrefix64}::1"; prefixLength = 64; }]; }; @@ -126,20 +126,20 @@ in containers.foo = { autoStart = true; privateNetwork = true; - hostBridge = "br0"; + hostBridge = "br0"; # Attach the container to the bridge only. config = { config, pkgs, ... }: { networking.interfaces.eth0.ipv6 = { addresses = [{ # Configure a prefix address. - address = "${yggPrefix64}::2"; + address = "${yggPrefix64}::2"; prefixLength = 64; }]; routes = [{ # Configure the prefix route. - address = "200::"; + address = "200::"; prefixLength = 7; - via = "${yggPrefix64}::1"; + via = "${yggPrefix64}::1"; }]; }; @@ -150,7 +150,6 @@ in } -
From 7318430f928fe014902374e9b41970331fd5922f Mon Sep 17 00:00:00 2001 From: pennae Date: Tue, 3 Jan 2023 06:54:04 +0100 Subject: [PATCH 057/155] nixos/discourse: convert manual chapter to MD --- nixos/modules/services/web-apps/discourse.md | 286 ++++++++++ nixos/modules/services/web-apps/discourse.nix | 2 + nixos/modules/services/web-apps/discourse.xml | 507 +++++++++--------- 3 files changed, 530 insertions(+), 265 deletions(-) create mode 100644 nixos/modules/services/web-apps/discourse.md diff --git a/nixos/modules/services/web-apps/discourse.md b/nixos/modules/services/web-apps/discourse.md new file mode 100644 index 00000000000..35180bea87d --- /dev/null +++ b/nixos/modules/services/web-apps/discourse.md @@ -0,0 +1,286 @@ +# Discourse {#module-services-discourse} + +[Discourse](https://www.discourse.org/) is a +modern and open source discussion platform. + +## Basic usage {#module-services-discourse-basic-usage} + +A minimal configuration using Let's Encrypt for TLS certificates looks like this: +``` +services.discourse = { + enable = true; + hostname = "discourse.example.com"; + admin = { + email = "admin@example.com"; + username = "admin"; + fullName = "Administrator"; + passwordFile = "/path/to/password_file"; + }; + secretKeyBaseFile = "/path/to/secret_key_base_file"; +}; +security.acme.email = "me@example.com"; +security.acme.acceptTerms = true; +``` + +Provided a proper DNS setup, you'll be able to connect to the +instance at `discourse.example.com` and log in +using the credentials provided in +`services.discourse.admin`. + +## Using a regular TLS certificate {#module-services-discourse-tls} + +To set up TLS using a regular certificate and key on file, use +the [](#opt-services.discourse.sslCertificate) +and [](#opt-services.discourse.sslCertificateKey) +options: + +``` +services.discourse = { + enable = true; + hostname = "discourse.example.com"; + sslCertificate = "/path/to/ssl_certificate"; + sslCertificateKey = "/path/to/ssl_certificate_key"; + admin = { + email = "admin@example.com"; + username = "admin"; + fullName = "Administrator"; + passwordFile = "/path/to/password_file"; + }; + secretKeyBaseFile = "/path/to/secret_key_base_file"; +}; +``` + +## Database access {#module-services-discourse-database} + +Discourse uses PostgreSQL to store most of its +data. A database will automatically be enabled and a database +and role created unless [](#opt-services.discourse.database.host) is changed from +its default of `null` or [](#opt-services.discourse.database.createLocally) is set +to `false`. + +External database access can also be configured by setting +[](#opt-services.discourse.database.host), +[](#opt-services.discourse.database.username) and +[](#opt-services.discourse.database.passwordFile) as +appropriate. Note that you need to manually create a database +called `discourse` (or the name you chose in +[](#opt-services.discourse.database.name)) and +allow the configured database user full access to it. + +## Email {#module-services-discourse-mail} + +In addition to the basic setup, you'll want to configure an SMTP +server Discourse can use to send user +registration and password reset emails, among others. You can +also optionally let Discourse receive +email, which enables people to reply to threads and conversations +via email. + +A basic setup which assumes you want to use your configured +[hostname](#opt-services.discourse.hostname) as +email domain can be done like this: + +``` +services.discourse = { + enable = true; + hostname = "discourse.example.com"; + sslCertificate = "/path/to/ssl_certificate"; + sslCertificateKey = "/path/to/ssl_certificate_key"; + admin = { + email = "admin@example.com"; + username = "admin"; + fullName = "Administrator"; + passwordFile = "/path/to/password_file"; + }; + mail.outgoing = { + serverAddress = "smtp.emailprovider.com"; + port = 587; + username = "user@emailprovider.com"; + passwordFile = "/path/to/smtp_password_file"; + }; + mail.incoming.enable = true; + secretKeyBaseFile = "/path/to/secret_key_base_file"; +}; +``` + +This assumes you have set up an MX record for the address you've +set in [hostname](#opt-services.discourse.hostname) and +requires proper SPF, DKIM and DMARC configuration to be done for +the domain you're sending from, in order for email to be reliably delivered. + +If you want to use a different domain for your outgoing email +(for example `example.com` instead of +`discourse.example.com`) you should set +[](#opt-services.discourse.mail.notificationEmailAddress) and +[](#opt-services.discourse.mail.contactEmailAddress) manually. + +::: {.note} +Setup of TLS for incoming email is currently only configured +automatically when a regular TLS certificate is used, i.e. when +[](#opt-services.discourse.sslCertificate) and +[](#opt-services.discourse.sslCertificateKey) are +set. +::: + +## Additional settings {#module-services-discourse-settings} + +Additional site settings and backend settings, for which no +explicit NixOS options are provided, +can be set in [](#opt-services.discourse.siteSettings) and +[](#opt-services.discourse.backendSettings) respectively. + +### Site settings {#module-services-discourse-site-settings} + +"Site settings" are the settings that can be +changed through the Discourse +UI. Their *default* values can be set using +[](#opt-services.discourse.siteSettings). + +Settings are expressed as a Nix attribute set which matches the +structure of the configuration in +[config/site_settings.yml](https://github.com/discourse/discourse/blob/master/config/site_settings.yml). +To find a setting's path, you only need to care about the first +two levels; i.e. its category (e.g. `login`) +and name (e.g. `invite_only`). + +Settings containing secret data should be set to an attribute +set containing the attribute `_secret` - a +string pointing to a file containing the value the option +should be set to. See the example. + +### Backend settings {#module-services-discourse-backend-settings} + +Settings are expressed as a Nix attribute set which matches the +structure of the configuration in +[config/discourse.conf](https://github.com/discourse/discourse/blob/stable/config/discourse_defaults.conf). +Empty parameters can be defined by setting them to +`null`. + +### Example {#module-services-discourse-settings-example} + +The following example sets the title and description of the +Discourse instance and enables +GitHub login in the site settings, +and changes a few request limits in the backend settings: +``` +services.discourse = { + enable = true; + hostname = "discourse.example.com"; + sslCertificate = "/path/to/ssl_certificate"; + sslCertificateKey = "/path/to/ssl_certificate_key"; + admin = { + email = "admin@example.com"; + username = "admin"; + fullName = "Administrator"; + passwordFile = "/path/to/password_file"; + }; + mail.outgoing = { + serverAddress = "smtp.emailprovider.com"; + port = 587; + username = "user@emailprovider.com"; + passwordFile = "/path/to/smtp_password_file"; + }; + mail.incoming.enable = true; + siteSettings = { + required = { + title = "My Cats"; + site_description = "Discuss My Cats (and be nice plz)"; + }; + login = { + enable_github_logins = true; + github_client_id = "a2f6dfe838cb3206ce20"; + github_client_secret._secret = /run/keys/discourse_github_client_secret; + }; + }; + backendSettings = { + max_reqs_per_ip_per_minute = 300; + max_reqs_per_ip_per_10_seconds = 60; + max_asset_reqs_per_ip_per_10_seconds = 250; + max_reqs_per_ip_mode = "warn+block"; + }; + secretKeyBaseFile = "/path/to/secret_key_base_file"; +}; +``` + +In the resulting site settings file, the +`login.github_client_secret` key will be set +to the contents of the +{file}`/run/keys/discourse_github_client_secret` +file. + +## Plugins {#module-services-discourse-plugins} + +You can install Discourse plugins +using the [](#opt-services.discourse.plugins) +option. Pre-packaged plugins are provided in +`.plugins`. If +you want the full suite of plugins provided through +`nixpkgs`, you can also set the [](#opt-services.discourse.package) option to +`pkgs.discourseAllPlugins`. + +Plugins can be built with the +`.mkDiscoursePlugin` +function. Normally, it should suffice to provide a +`name` and `src` attribute. If +the plugin has Ruby dependencies, however, they need to be +packaged in accordance with the [Developing with Ruby](https://nixos.org/manual/nixpkgs/stable/#developing-with-ruby) +section of the Nixpkgs manual and the +appropriate gem options set in `bundlerEnvArgs` +(normally `gemdir` is sufficient). A plugin's +Ruby dependencies are listed in its +{file}`plugin.rb` file as function calls to +`gem`. To construct the corresponding +{file}`Gemfile` manually, run {command}`bundle init`, then add the `gem` lines to it +verbatim. + +Much of the packaging can be done automatically by the +{file}`nixpkgs/pkgs/servers/web-apps/discourse/update.py` +script - just add the plugin to the `plugins` +list in the `update_plugins` function and run +the script: +```bash +./update.py update-plugins +``` + +Some plugins provide [site settings](#module-services-discourse-site-settings). +Their defaults can be configured using [](#opt-services.discourse.siteSettings), just like +regular site settings. To find the names of these settings, look +in the `config/settings.yml` file of the plugin +repo. + +For example, to add the [discourse-spoiler-alert](https://github.com/discourse/discourse-spoiler-alert) +and [discourse-solved](https://github.com/discourse/discourse-solved) +plugins, and disable `discourse-spoiler-alert` +by default: + +``` +services.discourse = { + enable = true; + hostname = "discourse.example.com"; + sslCertificate = "/path/to/ssl_certificate"; + sslCertificateKey = "/path/to/ssl_certificate_key"; + admin = { + email = "admin@example.com"; + username = "admin"; + fullName = "Administrator"; + passwordFile = "/path/to/password_file"; + }; + mail.outgoing = { + serverAddress = "smtp.emailprovider.com"; + port = 587; + username = "user@emailprovider.com"; + passwordFile = "/path/to/smtp_password_file"; + }; + mail.incoming.enable = true; + plugins = with config.services.discourse.package.plugins; [ + discourse-spoiler-alert + discourse-solved + ]; + siteSettings = { + plugins = { + spoiler_enabled = false; + }; + }; + secretKeyBaseFile = "/path/to/secret_key_base_file"; +}; +``` diff --git a/nixos/modules/services/web-apps/discourse.nix b/nixos/modules/services/web-apps/discourse.nix index b8104ade467..834e0f12340 100644 --- a/nixos/modules/services/web-apps/discourse.nix +++ b/nixos/modules/services/web-apps/discourse.nix @@ -1080,6 +1080,8 @@ in ]; }; + # Don't edit the docbook xml directly, edit the md and generate it: + # `pandoc discourse.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > discourse.xml` meta.doc = ./discourse.xml; meta.maintainers = [ lib.maintainers.talyz ]; } diff --git a/nixos/modules/services/web-apps/discourse.xml b/nixos/modules/services/web-apps/discourse.xml index 628881a9a1c..c33cf7eaf73 100644 --- a/nixos/modules/services/web-apps/discourse.xml +++ b/nixos/modules/services/web-apps/discourse.xml @@ -1,240 +1,225 @@ - - Discourse - - Discourse is a - modern and open source discussion platform. - - -
- Basic usage - - A minimal configuration using Let's Encrypt for TLS certificates looks like this: - + + Discourse + + Discourse is a + modern and open source discussion platform. + +
+ Basic usage + + A minimal configuration using Let's Encrypt for TLS certificates + looks like this: + + services.discourse = { enable = true; - hostname = "discourse.example.com"; + hostname = "discourse.example.com"; admin = { - email = "admin@example.com"; - username = "admin"; - fullName = "Administrator"; - passwordFile = "/path/to/password_file"; + email = "admin@example.com"; + username = "admin"; + fullName = "Administrator"; + passwordFile = "/path/to/password_file"; }; - secretKeyBaseFile = "/path/to/secret_key_base_file"; + secretKeyBaseFile = "/path/to/secret_key_base_file"; }; -security.acme.email = "me@example.com"; +security.acme.email = "me@example.com"; security.acme.acceptTerms = true; - - - - Provided a proper DNS setup, you'll be able to connect to the - instance at discourse.example.com and log in - using the credentials provided in - services.discourse.admin. - -
- -
- Using a regular TLS certificate - - To set up TLS using a regular certificate and key on file, use - the - and - options: - - + + Provided a proper DNS setup, you'll be able to connect to the + instance at discourse.example.com and log in + using the credentials provided in + services.discourse.admin. + +
+
+ Using a regular TLS certificate + + To set up TLS using a regular certificate and key on file, use the + and + + options: + + services.discourse = { enable = true; - hostname = "discourse.example.com"; - sslCertificate = "/path/to/ssl_certificate"; - sslCertificateKey = "/path/to/ssl_certificate_key"; + hostname = "discourse.example.com"; + sslCertificate = "/path/to/ssl_certificate"; + sslCertificateKey = "/path/to/ssl_certificate_key"; admin = { - email = "admin@example.com"; - username = "admin"; - fullName = "Administrator"; - passwordFile = "/path/to/password_file"; + email = "admin@example.com"; + username = "admin"; + fullName = "Administrator"; + passwordFile = "/path/to/password_file"; }; - secretKeyBaseFile = "/path/to/secret_key_base_file"; + secretKeyBaseFile = "/path/to/secret_key_base_file"; }; - - -
- -
- Database access - - Discourse uses - PostgreSQL to store most of its - data. A database will automatically be enabled and a database - and role created unless is changed from - its default of null or is set - to false. - - - - External database access can also be configured by setting - , and as - appropriate. Note that you need to manually create a database - called discourse (or the name you chose in - ) and - allow the configured database user full access to it. - -
- -
- Email - - In addition to the basic setup, you'll want to configure an SMTP - server Discourse can use to send user - registration and password reset emails, among others. You can - also optionally let Discourse receive - email, which enables people to reply to threads and conversations - via email. - - - - A basic setup which assumes you want to use your configured hostname as - email domain can be done like this: - - +
+
+ Database access + + Discourse uses PostgreSQL to store most of its data. A database + will automatically be enabled and a database and role created + unless + is + changed from its default of null or + + is set to false. + + + External database access can also be configured by setting + , + + and + + as appropriate. Note that you need to manually create a database + called discourse (or the name you chose in + ) and + allow the configured database user full access to it. + +
+
+ Email + + In addition to the basic setup, you'll want to configure an SMTP + server Discourse can use to send user registration and password + reset emails, among others. You can also optionally let Discourse + receive email, which enables people to reply to threads and + conversations via email. + + + A basic setup which assumes you want to use your configured + hostname as + email domain can be done like this: + + services.discourse = { enable = true; - hostname = "discourse.example.com"; - sslCertificate = "/path/to/ssl_certificate"; - sslCertificateKey = "/path/to/ssl_certificate_key"; + hostname = "discourse.example.com"; + sslCertificate = "/path/to/ssl_certificate"; + sslCertificateKey = "/path/to/ssl_certificate_key"; admin = { - email = "admin@example.com"; - username = "admin"; - fullName = "Administrator"; - passwordFile = "/path/to/password_file"; + email = "admin@example.com"; + username = "admin"; + fullName = "Administrator"; + passwordFile = "/path/to/password_file"; }; mail.outgoing = { - serverAddress = "smtp.emailprovider.com"; + serverAddress = "smtp.emailprovider.com"; port = 587; - username = "user@emailprovider.com"; - passwordFile = "/path/to/smtp_password_file"; + username = "user@emailprovider.com"; + passwordFile = "/path/to/smtp_password_file"; }; mail.incoming.enable = true; - secretKeyBaseFile = "/path/to/secret_key_base_file"; + secretKeyBaseFile = "/path/to/secret_key_base_file"; }; - - This assumes you have set up an MX record for the address you've - set in hostname and - requires proper SPF, DKIM and DMARC configuration to be done for - the domain you're sending from, in order for email to be reliably delivered. - - - - If you want to use a different domain for your outgoing email - (for example example.com instead of - discourse.example.com) you should set - and - manually. - - - - - Setup of TLS for incoming email is currently only configured - automatically when a regular TLS certificate is used, i.e. when - and - are - set. - - - -
- -
- Additional settings - - Additional site settings and backend settings, for which no - explicit NixOS options are provided, - can be set in and - respectively. - - -
- Site settings - - "Site settings" are the settings that can be - changed through the Discourse - UI. Their default values can be set using - . - - - - Settings are expressed as a Nix attribute set which matches the - structure of the configuration in - config/site_settings.yml. - To find a setting's path, you only need to care about the first - two levels; i.e. its category (e.g. login) - and name (e.g. invite_only). - - - - Settings containing secret data should be set to an attribute - set containing the attribute _secret - a - string pointing to a file containing the value the option - should be set to. See the example. - -
- -
- Backend settings - - Settings are expressed as a Nix attribute set which matches the - structure of the configuration in - config/discourse.conf. - Empty parameters can be defined by setting them to - null. - -
- -
- Example - - The following example sets the title and description of the - Discourse instance and enables - GitHub login in the site settings, - and changes a few request limits in the backend settings: - + + This assumes you have set up an MX record for the address you've + set in + hostname + and requires proper SPF, DKIM and DMARC configuration to be done + for the domain you're sending from, in order for email to be + reliably delivered. + + + If you want to use a different domain for your outgoing email (for + example example.com instead of + discourse.example.com) you should set + + and + + manually. + + + + Setup of TLS for incoming email is currently only configured + automatically when a regular TLS certificate is used, i.e. when + + and + + are set. + + +
+
+ Additional settings + + Additional site settings and backend settings, for which no + explicit NixOS options are provided, can be set in + and + + respectively. + +
+ Site settings + + "Site settings" are the settings that can be changed + through the Discourse UI. Their default + values can be set using + . + + + Settings are expressed as a Nix attribute set which matches the + structure of the configuration in + config/site_settings.yml. + To find a setting's path, you only need to care about the first + two levels; i.e. its category (e.g. login) + and name (e.g. invite_only). + + + Settings containing secret data should be set to an attribute + set containing the attribute _secret - a + string pointing to a file containing the value the option should + be set to. See the example. + +
+
+ Backend settings + + Settings are expressed as a Nix attribute set which matches the + structure of the configuration in + config/discourse.conf. + Empty parameters can be defined by setting them to + null. + +
+
+ Example + + The following example sets the title and description of the + Discourse instance and enables GitHub login in the site + settings, and changes a few request limits in the backend + settings: + + services.discourse = { enable = true; - hostname = "discourse.example.com"; - sslCertificate = "/path/to/ssl_certificate"; - sslCertificateKey = "/path/to/ssl_certificate_key"; + hostname = "discourse.example.com"; + sslCertificate = "/path/to/ssl_certificate"; + sslCertificateKey = "/path/to/ssl_certificate_key"; admin = { - email = "admin@example.com"; - username = "admin"; - fullName = "Administrator"; - passwordFile = "/path/to/password_file"; + email = "admin@example.com"; + username = "admin"; + fullName = "Administrator"; + passwordFile = "/path/to/password_file"; }; mail.outgoing = { - serverAddress = "smtp.emailprovider.com"; + serverAddress = "smtp.emailprovider.com"; port = 587; - username = "user@emailprovider.com"; - passwordFile = "/path/to/smtp_password_file"; + username = "user@emailprovider.com"; + passwordFile = "/path/to/smtp_password_file"; }; mail.incoming.enable = true; siteSettings = { required = { - title = "My Cats"; - site_description = "Discuss My Cats (and be nice plz)"; + title = "My Cats"; + site_description = "Discuss My Cats (and be nice plz)"; }; login = { enable_github_logins = true; - github_client_id = "a2f6dfe838cb3206ce20"; + github_client_id = "a2f6dfe838cb3206ce20"; github_client_secret._secret = /run/keys/discourse_github_client_secret; }; }; @@ -242,99 +227,93 @@ services.discourse = { max_reqs_per_ip_per_minute = 300; max_reqs_per_ip_per_10_seconds = 60; max_asset_reqs_per_ip_per_10_seconds = 250; - max_reqs_per_ip_mode = "warn+block"; + max_reqs_per_ip_mode = "warn+block"; }; - secretKeyBaseFile = "/path/to/secret_key_base_file"; + secretKeyBaseFile = "/path/to/secret_key_base_file"; }; - - - In the resulting site settings file, the - login.github_client_secret key will be set - to the contents of the - /run/keys/discourse_github_client_secret - file. - -
-
+ + In the resulting site settings file, the + login.github_client_secret key will be set to + the contents of the + /run/keys/discourse_github_client_secret + file. + +
+
Plugins - You can install Discourse plugins - using the - option. Pre-packaged plugins are provided in + You can install Discourse plugins using the + option. + Pre-packaged plugins are provided in <your_discourse_package_here>.plugins. If you want the full suite of plugins provided through - nixpkgs, you can also set the option to + nixpkgs, you can also set the + option to pkgs.discourseAllPlugins. - Plugins can be built with the <your_discourse_package_here>.mkDiscoursePlugin function. Normally, it should suffice to provide a name and src attribute. If the plugin has Ruby dependencies, however, they need to be - packaged in accordance with the Developing - with Ruby section of the Nixpkgs manual and the - appropriate gem options set in bundlerEnvArgs - (normally gemdir is sufficient). A plugin's - Ruby dependencies are listed in its - plugin.rb file as function calls to - gem. To construct the corresponding - Gemfile manually, run bundle - init, then add the gem lines to it - verbatim. + packaged in accordance with the + Developing + with Ruby section of the Nixpkgs manual and the appropriate + gem options set in bundlerEnvArgs (normally + gemdir is sufficient). A plugin's Ruby + dependencies are listed in its plugin.rb file + as function calls to gem. To construct the + corresponding Gemfile manually, run + bundle init, then add the + gem lines to it verbatim. - Much of the packaging can be done automatically by the nixpkgs/pkgs/servers/web-apps/discourse/update.py script - just add the plugin to the plugins - list in the update_plugins function and run - the script: - + list in the update_plugins function and run the + script: + + ./update.py update-plugins - - - Some plugins provide site - settings. Their defaults can be configured using , just like - regular site settings. To find the names of these settings, look - in the config/settings.yml file of the plugin - repo. + Some plugins provide + site + settings. Their defaults can be configured using + , just + like regular site settings. To find the names of these settings, + look in the config/settings.yml file of the + plugin repo. - - For example, to add the discourse-spoiler-alert - and discourse-solved - plugins, and disable discourse-spoiler-alert - by default: - - + For example, to add the + discourse-spoiler-alert + and + discourse-solved + plugins, and disable discourse-spoiler-alert by + default: + + services.discourse = { enable = true; - hostname = "discourse.example.com"; - sslCertificate = "/path/to/ssl_certificate"; - sslCertificateKey = "/path/to/ssl_certificate_key"; + hostname = "discourse.example.com"; + sslCertificate = "/path/to/ssl_certificate"; + sslCertificateKey = "/path/to/ssl_certificate_key"; admin = { - email = "admin@example.com"; - username = "admin"; - fullName = "Administrator"; - passwordFile = "/path/to/password_file"; + email = "admin@example.com"; + username = "admin"; + fullName = "Administrator"; + passwordFile = "/path/to/password_file"; }; mail.outgoing = { - serverAddress = "smtp.emailprovider.com"; + serverAddress = "smtp.emailprovider.com"; port = 587; - username = "user@emailprovider.com"; - passwordFile = "/path/to/smtp_password_file"; + username = "user@emailprovider.com"; + passwordFile = "/path/to/smtp_password_file"; }; mail.incoming.enable = true; plugins = with config.services.discourse.package.plugins; [ @@ -346,10 +325,8 @@ services.discourse = { spoiler_enabled = false; }; }; - secretKeyBaseFile = "/path/to/secret_key_base_file"; + secretKeyBaseFile = "/path/to/secret_key_base_file"; }; - -
From 1be48def9638ced0d6e4e44c9f805bcff1f7bd0d Mon Sep 17 00:00:00 2001 From: pennae Date: Tue, 3 Jan 2023 07:08:43 +0100 Subject: [PATCH 058/155] nixos/grocy: convert manual chapter to MD --- nixos/modules/services/web-apps/grocy.md | 66 ++++++++++++++++++ nixos/modules/services/web-apps/grocy.nix | 2 + nixos/modules/services/web-apps/grocy.xml | 81 +++++++++++------------ 3 files changed, 108 insertions(+), 41 deletions(-) create mode 100644 nixos/modules/services/web-apps/grocy.md diff --git a/nixos/modules/services/web-apps/grocy.md b/nixos/modules/services/web-apps/grocy.md new file mode 100644 index 00000000000..62aad4b103d --- /dev/null +++ b/nixos/modules/services/web-apps/grocy.md @@ -0,0 +1,66 @@ +# Grocy {#module-services-grocy} + +[Grocy](https://grocy.info/) is a web-based self-hosted groceries +& household management solution for your home. + +## Basic usage {#module-services-grocy-basic-usage} + +A very basic configuration may look like this: +``` +{ pkgs, ... }: +{ + services.grocy = { + enable = true; + hostName = "grocy.tld"; + }; +} +``` +This configures a simple vhost using [nginx](#opt-services.nginx.enable) +which listens to `grocy.tld` with fully configured ACME/LE (this can be +disabled by setting [services.grocy.nginx.enableSSL](#opt-services.grocy.nginx.enableSSL) +to `false`). After the initial setup the credentials `admin:admin` +can be used to login. + +The application's state is persisted at `/var/lib/grocy/grocy.db` in a +`sqlite3` database. The migration is applied when requesting the `/`-route +of the application. + +## Settings {#module-services-grocy-settings} + +The configuration for `grocy` is located at `/etc/grocy/config.php`. +By default, the following settings can be defined in the NixOS-configuration: +``` +{ pkgs, ... }: +{ + services.grocy.settings = { + # The default currency in the system for invoices etc. + # Please note that exchange rates aren't taken into account, this + # is just the setting for what's shown in the frontend. + currency = "EUR"; + + # The display language (and locale configuration) for grocy. + culture = "de"; + + calendar = { + # Whether or not to show the week-numbers + # in the calendar. + showWeekNumber = true; + + # Index of the first day to be shown in the calendar (0=Sunday, 1=Monday, + # 2=Tuesday and so on). + firstDayOfWeek = 2; + }; + }; +} +``` + +If you want to alter the configuration file on your own, you can do this manually with +an expression like this: +``` +{ lib, ... }: +{ + environment.etc."grocy/config.php".text = lib.mkAfter '' + // Arbitrary PHP code in grocy's configuration file + ''; +} +``` diff --git a/nixos/modules/services/web-apps/grocy.nix b/nixos/modules/services/web-apps/grocy.nix index 6efc2ccfd30..1716f27ccad 100644 --- a/nixos/modules/services/web-apps/grocy.nix +++ b/nixos/modules/services/web-apps/grocy.nix @@ -167,6 +167,8 @@ in { meta = { maintainers = with maintainers; [ ma27 ]; + # Don't edit the docbook xml directly, edit the md and generate it: + # `pandoc grocy.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > grocy.xml` doc = ./grocy.xml; }; } diff --git a/nixos/modules/services/web-apps/grocy.xml b/nixos/modules/services/web-apps/grocy.xml index 025c08721c6..b02627aaafe 100644 --- a/nixos/modules/services/web-apps/grocy.xml +++ b/nixos/modules/services/web-apps/grocy.xml @@ -1,57 +1,58 @@ - - + Grocy - Grocy is a web-based self-hosted groceries - & household management solution for your home. + Grocy is a web-based + self-hosted groceries & household management solution for your + home. -
- Basic usage - - A very basic configuration may look like this: - + Basic usage + + A very basic configuration may look like this: + + { pkgs, ... }: { services.grocy = { enable = true; - hostName = "grocy.tld"; + hostName = "grocy.tld"; }; } - This configures a simple vhost using nginx - which listens to grocy.tld with fully configured ACME/LE (this can be - disabled by setting services.grocy.nginx.enableSSL - to false). After the initial setup the credentials admin:admin - can be used to login. - - - The application's state is persisted at /var/lib/grocy/grocy.db in a - sqlite3 database. The migration is applied when requesting the /-route - of the application. - + + This configures a simple vhost using + nginx which + listens to grocy.tld with fully configured + ACME/LE (this can be disabled by setting + services.grocy.nginx.enableSSL + to false). After the initial setup the + credentials admin:admin can be used to login. + + + The application's state is persisted at + /var/lib/grocy/grocy.db in a + sqlite3 database. The migration is applied when + requesting the /-route of the application. +
-
- Settings - - The configuration for grocy is located at /etc/grocy/config.php. - By default, the following settings can be defined in the NixOS-configuration: - + Settings + + The configuration for grocy is located at + /etc/grocy/config.php. By default, the + following settings can be defined in the NixOS-configuration: + + { pkgs, ... }: { services.grocy.settings = { # The default currency in the system for invoices etc. # Please note that exchange rates aren't taken into account, this # is just the setting for what's shown in the frontend. - currency = "EUR"; + currency = "EUR"; # The display language (and locale configuration) for grocy. - culture = "de"; + culture = "de"; calendar = { # Whether or not to show the week-numbers @@ -65,19 +66,17 @@ }; } - - - If you want to alter the configuration file on your own, you can do this manually with - an expression like this: - + + If you want to alter the configuration file on your own, you can + do this manually with an expression like this: + + { lib, ... }: { - environment.etc."grocy/config.php".text = lib.mkAfter '' + environment.etc."grocy/config.php".text = lib.mkAfter '' // Arbitrary PHP code in grocy's configuration file ''; } -
- From b5990a47e01109f654f9928e5247c2b29ddca778 Mon Sep 17 00:00:00 2001 From: pennae Date: Tue, 3 Jan 2023 07:14:51 +0100 Subject: [PATCH 059/155] nixos/jitsi-meet: convert manual chapter to MD --- nixos/modules/services/web-apps/jitsi-meet.md | 45 ++++++++++++++ .../modules/services/web-apps/jitsi-meet.nix | 2 + .../modules/services/web-apps/jitsi-meet.xml | 58 +++++++++---------- 3 files changed, 73 insertions(+), 32 deletions(-) create mode 100644 nixos/modules/services/web-apps/jitsi-meet.md diff --git a/nixos/modules/services/web-apps/jitsi-meet.md b/nixos/modules/services/web-apps/jitsi-meet.md new file mode 100644 index 00000000000..060ef975265 --- /dev/null +++ b/nixos/modules/services/web-apps/jitsi-meet.md @@ -0,0 +1,45 @@ +# Jitsi Meet {#module-services-jitsi-meet} + +With Jitsi Meet on NixOS you can quickly configure a complete, +private, self-hosted video conferencing solution. + +## Basic usage {#module-services-jitsi-basic-usage} + +A minimal configuration using Let's Encrypt for TLS certificates looks like this: +``` +{ + services.jitsi-meet = { + enable = true; + hostName = "jitsi.example.com"; + }; + services.jitsi-videobridge.openFirewall = true; + networking.firewall.allowedTCPPorts = [ 80 443 ]; + security.acme.email = "me@example.com"; + security.acme.acceptTerms = true; +} +``` + +## Configuration {#module-services-jitsi-configuration} + +Here is the minimal configuration with additional configurations: +``` +{ + services.jitsi-meet = { + enable = true; + hostName = "jitsi.example.com"; + config = { + enableWelcomePage = false; + prejoinPageEnabled = true; + defaultLang = "fi"; + }; + interfaceConfig = { + SHOW_JITSI_WATERMARK = false; + SHOW_WATERMARK_FOR_GUESTS = false; + }; + }; + services.jitsi-videobridge.openFirewall = true; + networking.firewall.allowedTCPPorts = [ 80 443 ]; + security.acme.email = "me@example.com"; + security.acme.acceptTerms = true; +} +``` diff --git a/nixos/modules/services/web-apps/jitsi-meet.nix b/nixos/modules/services/web-apps/jitsi-meet.nix index 5b0934b2fb7..19ac9427f4a 100644 --- a/nixos/modules/services/web-apps/jitsi-meet.nix +++ b/nixos/modules/services/web-apps/jitsi-meet.nix @@ -451,6 +451,8 @@ in }; }; + # Don't edit the docbook xml directly, edit the md and generate it: + # `pandoc jitsi-meet.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > jitsi-meet.xml` meta.doc = ./jitsi-meet.xml; meta.maintainers = lib.teams.jitsi.members; } diff --git a/nixos/modules/services/web-apps/jitsi-meet.xml b/nixos/modules/services/web-apps/jitsi-meet.xml index 796105732c2..18c4e5b52cc 100644 --- a/nixos/modules/services/web-apps/jitsi-meet.xml +++ b/nixos/modules/services/web-apps/jitsi-meet.xml @@ -1,46 +1,42 @@ - - Jitsi Meet - - With Jitsi Meet on NixOS you can quickly configure a complete, - private, self-hosted video conferencing solution. - - -
- Basic usage - - A minimal configuration using Let's Encrypt for TLS certificates looks like this: - + + Jitsi Meet + + With Jitsi Meet on NixOS you can quickly configure a complete, + private, self-hosted video conferencing solution. + +
+ Basic usage + + A minimal configuration using Let's Encrypt for TLS certificates + looks like this: + + { services.jitsi-meet = { enable = true; - hostName = "jitsi.example.com"; + hostName = "jitsi.example.com"; }; services.jitsi-videobridge.openFirewall = true; networking.firewall.allowedTCPPorts = [ 80 443 ]; - security.acme.email = "me@example.com"; + security.acme.email = "me@example.com"; security.acme.acceptTerms = true; } - -
- -
- Configuration - - Here is the minimal configuration with additional configurations: - +
+
+ Configuration + + Here is the minimal configuration with additional configurations: + + { services.jitsi-meet = { enable = true; - hostName = "jitsi.example.com"; + hostName = "jitsi.example.com"; config = { enableWelcomePage = false; prejoinPageEnabled = true; - defaultLang = "fi"; + defaultLang = "fi"; }; interfaceConfig = { SHOW_JITSI_WATERMARK = false; @@ -49,11 +45,9 @@ }; services.jitsi-videobridge.openFirewall = true; networking.firewall.allowedTCPPorts = [ 80 443 ]; - security.acme.email = "me@example.com"; + security.acme.email = "me@example.com"; security.acme.acceptTerms = true; } - -
- +
From 760eaa3c940d808f7b268a49e27651ec3a2b1ffe Mon Sep 17 00:00:00 2001 From: pennae Date: Tue, 3 Jan 2023 07:29:52 +0100 Subject: [PATCH 060/155] nixos/keycloak: convert manual chapter to MD --- nixos/modules/services/web-apps/keycloak.md | 141 +++++++ nixos/modules/services/web-apps/keycloak.nix | 2 + nixos/modules/services/web-apps/keycloak.xml | 365 +++++++++---------- 3 files changed, 313 insertions(+), 195 deletions(-) create mode 100644 nixos/modules/services/web-apps/keycloak.md diff --git a/nixos/modules/services/web-apps/keycloak.md b/nixos/modules/services/web-apps/keycloak.md new file mode 100644 index 00000000000..aa8de40d642 --- /dev/null +++ b/nixos/modules/services/web-apps/keycloak.md @@ -0,0 +1,141 @@ +# Keycloak {#module-services-keycloak} + +[Keycloak](https://www.keycloak.org/) is an +open source identity and access management server with support for +[OpenID Connect](https://openid.net/connect/), +[OAUTH 2.0](https://oauth.net/2/) and +[SAML 2.0](https://en.wikipedia.org/wiki/SAML_2.0). + +## Administration {#module-services-keycloak-admin} + +An administrative user with the username +`admin` is automatically created in the +`master` realm. Its initial password can be +configured by setting [](#opt-services.keycloak.initialAdminPassword) +and defaults to `changeme`. The password is +not stored safely and should be changed immediately in the +admin panel. + +Refer to the [Keycloak Server Administration Guide]( + https://www.keycloak.org/docs/latest/server_admin/index.html +) for information on +how to administer your Keycloak +instance. + +## Database access {#module-services-keycloak-database} + +Keycloak can be used with either PostgreSQL, MariaDB or +MySQL. Which one is used can be +configured in [](#opt-services.keycloak.database.type). The selected +database will automatically be enabled and a database and role +created unless [](#opt-services.keycloak.database.host) is changed +from its default of `localhost` or +[](#opt-services.keycloak.database.createLocally) is set to `false`. + +External database access can also be configured by setting +[](#opt-services.keycloak.database.host), +[](#opt-services.keycloak.database.name), +[](#opt-services.keycloak.database.username), +[](#opt-services.keycloak.database.useSSL) and +[](#opt-services.keycloak.database.caCert) as +appropriate. Note that you need to manually create the database +and allow the configured database user full access to it. + +[](#opt-services.keycloak.database.passwordFile) +must be set to the path to a file containing the password used +to log in to the database. If [](#opt-services.keycloak.database.host) +and [](#opt-services.keycloak.database.createLocally) +are kept at their defaults, the database role +`keycloak` with that password is provisioned +on the local database instance. + +::: {.warning} +The path should be provided as a string, not a Nix path, since Nix +paths are copied into the world readable Nix store. +::: + +## Hostname {#module-services-keycloak-hostname} + +The hostname is used to build the public URL used as base for +all frontend requests and must be configured through +[](#opt-services.keycloak.settings.hostname). + +::: {.note} +If you're migrating an old Wildfly based Keycloak instance +and want to keep compatibility with your current clients, +you'll likely want to set [](#opt-services.keycloak.settings.http-relative-path) +to `/auth`. See the option description +for more details. +::: + +[](#opt-services.keycloak.settings.hostname-strict-backchannel) +determines whether Keycloak should force all requests to go +through the frontend URL. By default, +Keycloak allows backend requests to +instead use its local hostname or IP address and may also +advertise it to clients through its OpenID Connect Discovery +endpoint. + +For more information on hostname configuration, see the [Hostname +section of the Keycloak Server Installation and Configuration +Guide](https://www.keycloak.org/server/hostname). + +## Setting up TLS/SSL {#module-services-keycloak-tls} + +By default, Keycloak won't accept +unsecured HTTP connections originating from outside its local +network. + +HTTPS support requires a TLS/SSL certificate and a private key, +both [PEM formatted](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). +Their paths should be set through +[](#opt-services.keycloak.sslCertificate) and +[](#opt-services.keycloak.sslCertificateKey). + +::: {.warning} + The paths should be provided as a strings, not a Nix paths, +since Nix paths are copied into the world readable Nix store. +::: + +## Themes {#module-services-keycloak-themes} + +You can package custom themes and make them visible to +Keycloak through [](#opt-services.keycloak.themes). See the +[Themes section of the Keycloak Server Development Guide]( + https://www.keycloak.org/docs/latest/server_development/#_themes +) and the description of the aforementioned NixOS option for +more information. + +## Configuration file settings {#module-services-keycloak-settings} + +Keycloak server configuration parameters can be set in +[](#opt-services.keycloak.settings). These correspond +directly to options in +{file}`conf/keycloak.conf`. Some of the most +important parameters are documented as suboptions, the rest can +be found in the [All +configuration section of the Keycloak Server Installation and +Configuration Guide](https://www.keycloak.org/server/all-config). + +Options containing secret data should be set to an attribute +set containing the attribute `_secret` - a +string pointing to a file containing the value the option +should be set to. See the description of +[](#opt-services.keycloak.settings) for an example. + +## Example configuration {#module-services-keycloak-example-config} + +A basic configuration with some custom settings could look like this: +``` +services.keycloak = { + enable = true; + settings = { + hostname = "keycloak.example.com"; + hostname-strict-backchannel = true; + }; + initialAdminPassword = "e6Wcm0RrtegMEHl"; # change on first login + sslCertificate = "/run/keys/ssl_cert"; + sslCertificateKey = "/run/keys/ssl_key"; + database.passwordFile = "/run/keys/db_password"; +}; +``` diff --git a/nixos/modules/services/web-apps/keycloak.nix b/nixos/modules/services/web-apps/keycloak.nix index d52190a2864..a1f13f159f9 100644 --- a/nixos/modules/services/web-apps/keycloak.nix +++ b/nixos/modules/services/web-apps/keycloak.nix @@ -674,6 +674,8 @@ in mkIf createLocalMySQL (mkDefault dbPkg); }; + # Don't edit the docbook xml directly, edit the md and generate it: + # `pandoc keycloak.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > keycloak.xml` meta.doc = ./keycloak.xml; meta.maintainers = [ maintainers.talyz ]; } diff --git a/nixos/modules/services/web-apps/keycloak.xml b/nixos/modules/services/web-apps/keycloak.xml index 0d95ee3575a..f6602a3c70d 100644 --- a/nixos/modules/services/web-apps/keycloak.xml +++ b/nixos/modules/services/web-apps/keycloak.xml @@ -1,202 +1,177 @@ - - Keycloak - - Keycloak is an - open source identity and access management server with support for - OpenID - Connect, OAUTH - 2.0 and SAML - 2.0. - -
- Administration - - An administrative user with the username - admin is automatically created in the - master realm. Its initial password can be - configured by setting - and defaults to changeme. The password is - not stored safely and should be changed immediately in the - admin panel. - - - - Refer to the - Keycloak Server Administration Guide for information on - how to administer your Keycloak - instance. - -
- -
- Database access - - Keycloak can be used with either - PostgreSQL, - MariaDB or - MySQL. Which one is used can be - configured in . The selected - database will automatically be enabled and a database and role - created unless is changed - from its default of localhost or is - set to false. - - - - External database access can also be configured by setting - , , , and as - appropriate. Note that you need to manually create the database - and allow the configured database user full access to it. - - - - - must be set to the path to a file containing the password used - to log in to the database. If - and - are kept at their defaults, the database role - keycloak with that password is provisioned - on the local database instance. - - - - - The path should be provided as a string, not a Nix path, since Nix - paths are copied into the world readable Nix store. - - -
- -
- Hostname - - The hostname is used to build the public URL used as base for - all frontend requests and must be configured through . - - - - - If you're migrating an old Wildfly based Keycloak instance - and want to keep compatibility with your current clients, - you'll likely want to set to /auth. See the option description - for more details. - - - - - - determines whether Keycloak should force all requests to go - through the frontend URL. By default, - Keycloak allows backend requests to - instead use its local hostname or IP address and may also - advertise it to clients through its OpenID Connect Discovery - endpoint. - - - - For more information on hostname configuration, see the Hostname - section of the Keycloak Server Installation and Configuration - Guide. - -
- -
- Setting up TLS/SSL - - By default, Keycloak won't accept - unsecured HTTP connections originating from outside its local - network. - - - - HTTPS support requires a TLS/SSL certificate and a private key, - both PEM - formatted. Their paths should be set through and . - - - - - The paths should be provided as a strings, not a Nix paths, - since Nix paths are copied into the world readable Nix store. - - -
- -
- Themes - - You can package custom themes and make them visible to - Keycloak through . See the - Themes section of the Keycloak Server Development Guide - and the description of the aforementioned NixOS option for - more information. - -
- -
- Configuration file settings - - Keycloak server configuration parameters can be set in . These correspond - directly to options in - conf/keycloak.conf. Some of the most - important parameters are documented as suboptions, the rest can - be found in the All - configuration section of the Keycloak Server Installation and - Configuration Guide. - - - - Options containing secret data should be set to an attribute - set containing the attribute _secret - a - string pointing to a file containing the value the option - should be set to. See the description of for an example. - -
- - -
- Example configuration - - A basic configuration with some custom settings could look like this: - + + Keycloak + + Keycloak is an + open source identity and access management server with support for + OpenID + Connect, OAUTH + 2.0 and + SAML + 2.0. + +
+ Administration + + An administrative user with the username admin + is automatically created in the master realm. + Its initial password can be configured by setting + + and defaults to changeme. The password is not + stored safely and should be changed immediately in the admin + panel. + + + Refer to the + Keycloak + Server Administration Guide for information on how to + administer your Keycloak instance. + +
+
+ Database access + + Keycloak can be used with either PostgreSQL, MariaDB or MySQL. + Which one is used can be configured in + . The + selected database will automatically be enabled and a database and + role created unless + is + changed from its default of localhost or + + is set to false. + + + External database access can also be configured by setting + , + , + , + and + as + appropriate. Note that you need to manually create the database + and allow the configured database user full access to it. + + + + must be set to the path to a file containing the password used to + log in to the database. If + and + + are kept at their defaults, the database role + keycloak with that password is provisioned on + the local database instance. + + + + The path should be provided as a string, not a Nix path, since + Nix paths are copied into the world readable Nix store. + + +
+
+ Hostname + + The hostname is used to build the public URL used as base for all + frontend requests and must be configured through + . + + + + If you're migrating an old Wildfly based Keycloak instance and + want to keep compatibility with your current clients, you'll + likely want to set + + to /auth. See the option description for more + details. + + + + + determines whether Keycloak should force all requests to go + through the frontend URL. By default, Keycloak allows backend + requests to instead use its local hostname or IP address and may + also advertise it to clients through its OpenID Connect Discovery + endpoint. + + + For more information on hostname configuration, see the + Hostname + section of the Keycloak Server Installation and Configuration + Guide. + +
+
+ Setting up TLS/SSL + + By default, Keycloak won't accept unsecured HTTP connections + originating from outside its local network. + + + HTTPS support requires a TLS/SSL certificate and a private key, + both + PEM + formatted. Their paths should be set through + and + . + + + + The paths should be provided as a strings, not a Nix paths, + since Nix paths are copied into the world readable Nix store. + + +
+
+ Themes + + You can package custom themes and make them visible to Keycloak + through . See + the + Themes + section of the Keycloak Server Development Guide and the + description of the aforementioned NixOS option for more + information. + +
+
+ Configuration file settings + + Keycloak server configuration parameters can be set in + . These + correspond directly to options in + conf/keycloak.conf. Some of the most + important parameters are documented as suboptions, the rest can be + found in the + All + configuration section of the Keycloak Server Installation and + Configuration Guide. + + + Options containing secret data should be set to an attribute set + containing the attribute _secret - a string + pointing to a file containing the value the option should be set + to. See the description of + for an + example. + +
+
+ Example configuration + + A basic configuration with some custom settings could look like + this: + + services.keycloak = { enable = true; settings = { - hostname = "keycloak.example.com"; + hostname = "keycloak.example.com"; hostname-strict-backchannel = true; }; - initialAdminPassword = "e6Wcm0RrtegMEHl"; # change on first login - sslCertificate = "/run/keys/ssl_cert"; - sslCertificateKey = "/run/keys/ssl_key"; - database.passwordFile = "/run/keys/db_password"; + initialAdminPassword = "e6Wcm0RrtegMEHl"; # change on first login + sslCertificate = "/run/keys/ssl_cert"; + sslCertificateKey = "/run/keys/ssl_key"; + database.passwordFile = "/run/keys/db_password"; }; - - -
- +
+ From 66fdc39d804eb585f4bf94993bf4abeb5469f1ed Mon Sep 17 00:00:00 2001 From: pennae Date: Tue, 3 Jan 2023 07:41:04 +0100 Subject: [PATCH 061/155] nixos/matomo: convert manual chapter to MD --- nixos/modules/services/web-apps/matomo-doc.md | 77 ++++++++ .../modules/services/web-apps/matomo-doc.xml | 180 +++++++++--------- nixos/modules/services/web-apps/matomo.nix | 2 + 3 files changed, 168 insertions(+), 91 deletions(-) create mode 100644 nixos/modules/services/web-apps/matomo-doc.md diff --git a/nixos/modules/services/web-apps/matomo-doc.md b/nixos/modules/services/web-apps/matomo-doc.md new file mode 100644 index 00000000000..f5536a35f7a --- /dev/null +++ b/nixos/modules/services/web-apps/matomo-doc.md @@ -0,0 +1,77 @@ +# Matomo {#module-services-matomo} + +Matomo is a real-time web analytics application. This module configures +php-fpm as backend for Matomo, optionally configuring an nginx vhost as well. + +An automatic setup is not suported by Matomo, so you need to configure Matomo +itself in the browser-based Matomo setup. + +## Database Setup {#module-services-matomo-database-setup} + +You also need to configure a MariaDB or MySQL database and -user for Matomo +yourself, and enter those credentials in your browser. You can use +passwordless database authentication via the UNIX_SOCKET authentication +plugin with the following SQL commands: +``` +# For MariaDB +INSTALL PLUGIN unix_socket SONAME 'auth_socket'; +CREATE DATABASE matomo; +CREATE USER 'matomo'@'localhost' IDENTIFIED WITH unix_socket; +GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost'; + +# For MySQL +INSTALL PLUGIN auth_socket SONAME 'auth_socket.so'; +CREATE DATABASE matomo; +CREATE USER 'matomo'@'localhost' IDENTIFIED WITH auth_socket; +GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost'; +``` +Then fill in `matomo` as database user and database name, +and leave the password field blank. This authentication works by allowing +only the `matomo` unix user to authenticate as the +`matomo` database user (without needing a password), but no +other users. For more information on passwordless login, see +. + +Of course, you can use password based authentication as well, e.g. when the +database is not on the same host. + +## Archive Processing {#module-services-matomo-archive-processing} + +This module comes with the systemd service +`matomo-archive-processing.service` and a timer that +automatically triggers archive processing every hour. This means that you +can safely +[disable browser triggers for Matomo archiving]( +https://matomo.org/docs/setup-auto-archiving/#disable-browser-triggers-for-matomo-archiving-and-limit-matomo-reports-to-updating-every-hour +) at +`Administration > System > General Settings`. + +With automatic archive processing, you can now also enable to +[delete old visitor logs](https://matomo.org/docs/privacy/#step-2-delete-old-visitors-logs) +at `Administration > System > Privacy`, but make sure that you run `systemctl start +matomo-archive-processing.service` at least once without errors if +you have already collected data before, so that the reports get archived +before the source data gets deleted. + +## Backup {#module-services-matomo-backups} + +You only need to take backups of your MySQL database and the +{file}`/var/lib/matomo/config/config.ini.php` file. Use a user +in the `matomo` group or root to access the file. For more +information, see +. + +## Issues {#module-services-matomo-issues} + + - Matomo will warn you that the JavaScript tracker is not writable. This is + because it's located in the read-only nix store. You can safely ignore + this, unless you need a plugin that needs JavaScript tracker access. + +## Using other Web Servers than nginx {#module-services-matomo-other-web-servers} + +You can use other web servers by forwarding calls for +{file}`index.php` and {file}`piwik.php` to the +[`services.phpfpm.pools..socket`](#opt-services.phpfpm.pools._name_.socket) +fastcgi unix socket. You can use +the nginx configuration in the module code as a reference to what else +should be configured. diff --git a/nixos/modules/services/web-apps/matomo-doc.xml b/nixos/modules/services/web-apps/matomo-doc.xml index 78cd6dd4d43..af445a9e627 100644 --- a/nixos/modules/services/web-apps/matomo-doc.xml +++ b/nixos/modules/services/web-apps/matomo-doc.xml @@ -1,26 +1,23 @@ - - Matomo - - Matomo is a real-time web analytics application. This module configures - php-fpm as backend for Matomo, optionally configuring an nginx vhost as well. - - - An automatic setup is not suported by Matomo, so you need to configure Matomo - itself in the browser-based Matomo setup. - -
- Database Setup - + + Matomo - You also need to configure a MariaDB or MySQL database and -user for Matomo - yourself, and enter those credentials in your browser. You can use - passwordless database authentication via the UNIX_SOCKET authentication - plugin with the following SQL commands: - + Matomo is a real-time web analytics application. This module + configures php-fpm as backend for Matomo, optionally configuring an + nginx vhost as well. + + + An automatic setup is not suported by Matomo, so you need to + configure Matomo itself in the browser-based Matomo setup. + +
+ Database Setup + + You also need to configure a MariaDB or MySQL database and -user + for Matomo yourself, and enter those credentials in your browser. + You can use passwordless database authentication via the + UNIX_SOCKET authentication plugin with the following SQL commands: + + # For MariaDB INSTALL PLUGIN unix_socket SONAME 'auth_socket'; CREATE DATABASE matomo; @@ -33,75 +30,76 @@ CREATE DATABASE matomo; CREATE USER 'matomo'@'localhost' IDENTIFIED WITH auth_socket; GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost'; - Then fill in matomo as database user and database name, - and leave the password field blank. This authentication works by allowing - only the matomo unix user to authenticate as the - matomo database user (without needing a password), but no - other users. For more information on passwordless login, see - . - - - - Of course, you can use password based authentication as well, e.g. when the - database is not on the same host. - -
-
- Archive Processing - - - This module comes with the systemd service - matomo-archive-processing.service and a timer that - automatically triggers archive processing every hour. This means that you - can safely - - disable browser triggers for Matomo archiving at - Administration > System > General Settings. - - - - With automatic archive processing, you can now also enable to - - delete old visitor logs at Administration > System > - Privacy, but make sure that you run systemctl start - matomo-archive-processing.service at least once without errors if - you have already collected data before, so that the reports get archived - before the source data gets deleted. - -
-
- Backup - - - You only need to take backups of your MySQL database and the - /var/lib/matomo/config/config.ini.php file. Use a user - in the matomo group or root to access the file. For more - information, see - . - -
-
- Issues - - - - Matomo will warn you that the JavaScript tracker is not writable. This is - because it's located in the read-only nix store. You can safely ignore - this, unless you need a plugin that needs JavaScript tracker access. + Then fill in matomo as database user and + database name, and leave the password field blank. This + authentication works by allowing only the + matomo unix user to authenticate as the + matomo database user (without needing a + password), but no other users. For more information on + passwordless login, see + https://mariadb.com/kb/en/mariadb/unix_socket-authentication-plugin/. - - -
-
- Using other Web Servers than nginx - - - You can use other web servers by forwarding calls for - index.php and piwik.php to the - services.phpfpm.pools.<name>.socket fastcgi unix socket. You can use - the nginx configuration in the module code as a reference to what else - should be configured. - -
+ + Of course, you can use password based authentication as well, e.g. + when the database is not on the same host. + +
+
+ Archive Processing + + This module comes with the systemd service + matomo-archive-processing.service and a timer + that automatically triggers archive processing every hour. This + means that you can safely + disable + browser triggers for Matomo archiving at + Administration > System > General Settings. + + + With automatic archive processing, you can now also enable to + delete + old visitor logs at + Administration > System > Privacy, but + make sure that you run + systemctl start matomo-archive-processing.service + at least once without errors if you have already collected data + before, so that the reports get archived before the source data + gets deleted. + +
+
+ Backup + + You only need to take backups of your MySQL database and the + /var/lib/matomo/config/config.ini.php file. + Use a user in the matomo group or root to + access the file. For more information, see + https://matomo.org/faq/how-to-install/faq_138/. + +
+
+ Issues + + + + Matomo will warn you that the JavaScript tracker is not + writable. This is because it's located in the read-only nix + store. You can safely ignore this, unless you need a plugin + that needs JavaScript tracker access. + + + +
+
+ Using other Web Servers than nginx + + You can use other web servers by forwarding calls for + index.php and piwik.php + to the + services.phpfpm.pools.<name>.socket + fastcgi unix socket. You can use the nginx configuration in the + module code as a reference to what else should be configured. + +
diff --git a/nixos/modules/services/web-apps/matomo.nix b/nixos/modules/services/web-apps/matomo.nix index 0435d21ce8a..fcc5dc5650e 100644 --- a/nixos/modules/services/web-apps/matomo.nix +++ b/nixos/modules/services/web-apps/matomo.nix @@ -325,6 +325,8 @@ in { }; meta = { + # Don't edit the docbook xml directly, edit the md and generate it: + # `pandoc matomo-doc.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > matomo-doc.xml` doc = ./matomo-doc.xml; maintainers = with lib.maintainers; [ florianjacob ]; }; From 42ea3f26993cd6b467ec900495915ec3b0a01c26 Mon Sep 17 00:00:00 2001 From: pennae Date: Tue, 3 Jan 2023 08:03:20 +0100 Subject: [PATCH 062/155] nixos/nextcloud: convert manual chapter to MD --- nixos/modules/services/web-apps/nextcloud.md | 237 +++++++++ nixos/modules/services/web-apps/nextcloud.nix | 2 + nixos/modules/services/web-apps/nextcloud.xml | 502 +++++++++--------- 3 files changed, 500 insertions(+), 241 deletions(-) create mode 100644 nixos/modules/services/web-apps/nextcloud.md diff --git a/nixos/modules/services/web-apps/nextcloud.md b/nixos/modules/services/web-apps/nextcloud.md new file mode 100644 index 00000000000..014807f3da2 --- /dev/null +++ b/nixos/modules/services/web-apps/nextcloud.md @@ -0,0 +1,237 @@ +# Nextcloud {#module-services-nextcloud} + +[Nextcloud](https://nextcloud.com/) is an open-source, +self-hostable cloud platform. The server setup can be automated using +[services.nextcloud](#opt-services.nextcloud.enable). A +desktop client is packaged at `pkgs.nextcloud-client`. + +The current default by NixOS is `nextcloud25` which is also the latest +major version available. + +## Basic usage {#module-services-nextcloud-basic-usage} + +Nextcloud is a PHP-based application which requires an HTTP server +([`services.nextcloud`](#opt-services.nextcloud.enable) +optionally supports +[`services.nginx`](#opt-services.nginx.enable)) +and a database (it's recommended to use +[`services.postgresql`](#opt-services.postgresql.enable)). + +A very basic configuration may look like this: +``` +{ pkgs, ... }: +{ + services.nextcloud = { + enable = true; + hostName = "nextcloud.tld"; + config = { + dbtype = "pgsql"; + dbuser = "nextcloud"; + dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself + dbname = "nextcloud"; + adminpassFile = "/path/to/admin-pass-file"; + adminuser = "root"; + }; + }; + + services.postgresql = { + enable = true; + ensureDatabases = [ "nextcloud" ]; + ensureUsers = [ + { name = "nextcloud"; + ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES"; + } + ]; + }; + + # ensure that postgres is running *before* running the setup + systemd.services."nextcloud-setup" = { + requires = ["postgresql.service"]; + after = ["postgresql.service"]; + }; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; +} +``` + +The `hostName` option is used internally to configure an HTTP +server using [`PHP-FPM`](https://php-fpm.org/) +and `nginx`. The `config` attribute set is +used by the imperative installer and all values are written to an additional file +to ensure that changes can be applied by changing the module's options. + +In case the application serves multiple domains (those are checked with +[`$_SERVER['HTTP_HOST']`](http://php.net/manual/en/reserved.variables.server.php)) +it's needed to add them to +[`services.nextcloud.config.extraTrustedDomains`](#opt-services.nextcloud.config.extraTrustedDomains). + +Auto updates for Nextcloud apps can be enabled using +[`services.nextcloud.autoUpdateApps`](#opt-services.nextcloud.autoUpdateApps.enable). + +## Common problems {#module-services-nextcloud-pitfalls-during-upgrade} + + - **General notes.** + Unfortunately Nextcloud appears to be very stateful when it comes to + managing its own configuration. The config file lives in the home directory + of the `nextcloud` user (by default + `/var/lib/nextcloud/config/config.php`) and is also used to + track several states of the application (e.g., whether installed or not). + + All configuration parameters are also stored in + {file}`/var/lib/nextcloud/config/override.config.php` which is generated by + the module and linked from the store to ensure that all values from + {file}`config.php` can be modified by the module. + However {file}`config.php` manages the application's state and shouldn't be + touched manually because of that. + + ::: {.warning} + Don't delete {file}`config.php`! This file + tracks the application's state and a deletion can cause unwanted + side-effects! + ::: + + ::: {.warning} + Don't rerun `nextcloud-occ maintenance:install`! + This command tries to install the application + and can cause unwanted side-effects! + ::: + - **Multiple version upgrades.** + Nextcloud doesn't allow to move more than one major-version forward. E.g., if you're on + `v16`, you cannot upgrade to `v18`, you need to upgrade to + `v17` first. This is ensured automatically as long as the + [stateVersion](#opt-system.stateVersion) is declared properly. In that case + the oldest version available (one major behind the one from the previous NixOS + release) will be selected by default and the module will generate a warning that reminds + the user to upgrade to latest Nextcloud *after* that deploy. + - **`Error: Command "upgrade" is not defined.`** + This error usually occurs if the initial installation + ({command}`nextcloud-occ maintenance:install`) has failed. After that, the application + is not installed, but the upgrade is attempted to be executed. Further context can + be found in [NixOS/nixpkgs#111175](https://github.com/NixOS/nixpkgs/issues/111175). + + First of all, it makes sense to find out what went wrong by looking at the logs + of the installation via {command}`journalctl -u nextcloud-setup` and try to fix + the underlying issue. + + - If this occurs on an *existing* setup, this is most likely because + the maintenance mode is active. It can be deactivated by running + {command}`nextcloud-occ maintenance:mode --off`. It's advisable though to + check the logs first on why the maintenance mode was activated. + - ::: {.warning} + Only perform the following measures on + *freshly installed instances!* + ::: + + A re-run of the installer can be forced by *deleting* + {file}`/var/lib/nextcloud/config/config.php`. This is the only time + advisable because the fresh install doesn't have any state that can be lost. + In case that doesn't help, an entire re-creation can be forced via + {command}`rm -rf ~nextcloud/`. + + - **Server-side encryption.** + Nextcloud supports [server-side encryption (SSE)](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html). + This is not an end-to-end encryption, but can be used to encrypt files that will be persisted + to external storage such as S3. Please note that this won't work anymore when using OpenSSL 3 + for PHP's openssl extension because this is implemented using the legacy cipher RC4. + If [](#opt-system.stateVersion) is *above* `22.05`, + this is disabled by default. To turn it on again and for further information please refer to + [](#opt-services.nextcloud.enableBrokenCiphersForSSE). + +## Using an alternative webserver as reverse-proxy (e.g. `httpd`) {#module-services-nextcloud-httpd} + +By default, `nginx` is used as reverse-proxy for `nextcloud`. +However, it's possible to use e.g. `httpd` by explicitly disabling +`nginx` using [](#opt-services.nginx.enable) and fixing the +settings `listen.owner` & `listen.group` in the +[corresponding `phpfpm` pool](#opt-services.phpfpm.pools). + +An exemplary configuration may look like this: +``` +{ config, lib, pkgs, ... }: { + services.nginx.enable = false; + services.nextcloud = { + enable = true; + hostName = "localhost"; + + /* further, required options */ + }; + services.phpfpm.pools.nextcloud.settings = { + "listen.owner" = config.services.httpd.user; + "listen.group" = config.services.httpd.group; + }; + services.httpd = { + enable = true; + adminAddr = "webmaster@localhost"; + extraModules = [ "proxy_fcgi" ]; + virtualHosts."localhost" = { + documentRoot = config.services.nextcloud.package; + extraConfig = '' + + + + SetHandler "proxy:unix:${config.services.phpfpm.pools.nextcloud.socket}|fcgi://localhost/" + + + + RewriteEngine On + RewriteBase / + RewriteRule ^index\.php$ - [L] + RewriteCond %{REQUEST_FILENAME} !-f + RewriteCond %{REQUEST_FILENAME} !-d + RewriteRule . /index.php [L] + + DirectoryIndex index.php + Require all granted + Options +FollowSymLinks + + ''; + }; + }; +} +``` + +## Installing Apps and PHP extensions {#installing-apps-php-extensions-nextcloud} + +Nextcloud apps are installed statefully through the web interface. +Some apps may require extra PHP extensions to be installed. +This can be configured with the [](#opt-services.nextcloud.phpExtraExtensions) setting. + +Alternatively, extra apps can also be declared with the [](#opt-services.nextcloud.extraApps) setting. +When using this setting, apps can no longer be managed statefully because this can lead to Nextcloud updating apps +that are managed by Nix. If you want automatic updates it is recommended that you use web interface to install apps. + +## Maintainer information {#module-services-nextcloud-maintainer-info} + +As stated in the previous paragraph, we must provide a clean upgrade-path for Nextcloud +since it cannot move more than one major version forward on a single upgrade. This chapter +adds some notes how Nextcloud updates should be rolled out in the future. + +While minor and patch-level updates are no problem and can be done directly in the +package-expression (and should be backported to supported stable branches after that), +major-releases should be added in a new attribute (e.g. Nextcloud `v19.0.0` +should be available in `nixpkgs` as `pkgs.nextcloud19`). +To provide simple upgrade paths it's generally useful to backport those as well to stable +branches. As long as the package-default isn't altered, this won't break existing setups. +After that, the versioning-warning in the `nextcloud`-module should be +updated to make sure that the +[package](#opt-services.nextcloud.package)-option selects the latest version +on fresh setups. + +If major-releases will be abandoned by upstream, we should check first if those are needed +in NixOS for a safe upgrade-path before removing those. In that case we should keep those +packages, but mark them as insecure in an expression like this (in +``): +``` +/* ... */ +{ + nextcloud17 = generic { + version = "17.0.x"; + sha256 = "0000000000000000000000000000000000000000000000000000"; + eol = true; + }; +} +``` + +Ideally we should make sure that it's possible to jump two NixOS versions forward: +i.e. the warnings and the logic in the module should guard a user to upgrade from a +Nextcloud on e.g. 19.09 to a Nextcloud on 20.09. diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix index 90801e99681..58006486564 100644 --- a/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -1146,5 +1146,7 @@ in { } ]); + # Don't edit the docbook xml directly, edit the md and generate it: + # `pandoc nextcloud.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > nextcloud.xml` meta.doc = ./nextcloud.xml; } diff --git a/nixos/modules/services/web-apps/nextcloud.xml b/nixos/modules/services/web-apps/nextcloud.xml index 434df8f0d34..7d4b074514c 100644 --- a/nixos/modules/services/web-apps/nextcloud.xml +++ b/nixos/modules/services/web-apps/nextcloud.xml @@ -1,229 +1,247 @@ - - Nextcloud - - Nextcloud is an open-source, - self-hostable cloud platform. The server setup can be automated using - services.nextcloud. A - desktop client is packaged at pkgs.nextcloud-client. - - - The current default by NixOS is nextcloud25 which is also the latest - major version available. - -
- Basic usage - + + Nextcloud - Nextcloud is a PHP-based application which requires an HTTP server - (services.nextcloud - optionally supports - services.nginx) - and a database (it's recommended to use - services.postgresql). + Nextcloud is an + open-source, self-hostable cloud platform. The server setup can be + automated using + services.nextcloud. + A desktop client is packaged at + pkgs.nextcloud-client. - - A very basic configuration may look like this: - + The current default by NixOS is nextcloud25 which + is also the latest major version available. + +
+ Basic usage + + Nextcloud is a PHP-based application which requires an HTTP server + (services.nextcloud + optionally supports + services.nginx) + and a database (it's recommended to use + services.postgresql). + + + A very basic configuration may look like this: + + { pkgs, ... }: { services.nextcloud = { enable = true; - hostName = "nextcloud.tld"; + hostName = "nextcloud.tld"; config = { - dbtype = "pgsql"; - dbuser = "nextcloud"; - dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself - dbname = "nextcloud"; - adminpassFile = "/path/to/admin-pass-file"; - adminuser = "root"; + dbtype = "pgsql"; + dbuser = "nextcloud"; + dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself + dbname = "nextcloud"; + adminpassFile = "/path/to/admin-pass-file"; + adminuser = "root"; }; }; services.postgresql = { enable = true; - ensureDatabases = [ "nextcloud" ]; + ensureDatabases = [ "nextcloud" ]; ensureUsers = [ - { name = "nextcloud"; - ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES"; + { name = "nextcloud"; + ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES"; } ]; }; # ensure that postgres is running *before* running the setup - systemd.services."nextcloud-setup" = { - requires = ["postgresql.service"]; - after = ["postgresql.service"]; + systemd.services."nextcloud-setup" = { + requires = ["postgresql.service"]; + after = ["postgresql.service"]; }; networking.firewall.allowedTCPPorts = [ 80 443 ]; } - - - - The hostName option is used internally to configure an HTTP - server using PHP-FPM - and nginx. The config attribute set is - used by the imperative installer and all values are written to an additional file - to ensure that changes can be applied by changing the module's options. - - - - In case the application serves multiple domains (those are checked with - $_SERVER['HTTP_HOST']) - it's needed to add them to - services.nextcloud.config.extraTrustedDomains. - - - - Auto updates for Nextcloud apps can be enabled using - services.nextcloud.autoUpdateApps. - - -
- -
- Common problems - - - - General notes - - Unfortunately Nextcloud appears to be very stateful when it comes to - managing its own configuration. The config file lives in the home directory - of the nextcloud user (by default - /var/lib/nextcloud/config/config.php) and is also used to - track several states of the application (e.g., whether installed or not). - - - All configuration parameters are also stored in - /var/lib/nextcloud/config/override.config.php which is generated by - the module and linked from the store to ensure that all values from - config.php can be modified by the module. - However config.php manages the application's state and shouldn't be - touched manually because of that. + The hostName option is used internally to + configure an HTTP server using + PHP-FPM + and nginx. The config + attribute set is used by the imperative installer and all values + are written to an additional file to ensure that changes can be + applied by changing the module's options. - - Don't delete config.php! This file - tracks the application's state and a deletion can cause unwanted - side-effects! - - - - Don't rerun nextcloud-occ - maintenance:install! This command tries to install the application - and can cause unwanted side-effects! - - - - - Multiple version upgrades - - Nextcloud doesn't allow to move more than one major-version forward. E.g., if you're on - v16, you cannot upgrade to v18, you need to upgrade to - v17 first. This is ensured automatically as long as the - stateVersion is declared properly. In that case - the oldest version available (one major behind the one from the previous NixOS - release) will be selected by default and the module will generate a warning that reminds - the user to upgrade to latest Nextcloud after that deploy. - - - - - - <literal>Error: Command "upgrade" is not defined.</literal> - - This error usually occurs if the initial installation - (nextcloud-occ maintenance:install) has failed. After that, the application - is not installed, but the upgrade is attempted to be executed. Further context can - be found in NixOS/nixpkgs#111175. - - - First of all, it makes sense to find out what went wrong by looking at the logs - of the installation via journalctl -u nextcloud-setup and try to fix - the underlying issue. + In case the application serves multiple domains (those are checked + with + $_SERVER['HTTP_HOST']) + it's needed to add them to + services.nextcloud.config.extraTrustedDomains. + + Auto updates for Nextcloud apps can be enabled using + services.nextcloud.autoUpdateApps. + +
+
+ Common problems - - - If this occurs on an existing setup, this is most likely because - the maintenance mode is active. It can be deactivated by running - nextcloud-occ maintenance:mode --off. It's advisable though to - check the logs first on why the maintenance mode was activated. - - - - Only perform the following measures on - freshly installed instances! - - A re-run of the installer can be forced by deleting - /var/lib/nextcloud/config/config.php. This is the only time - advisable because the fresh install doesn't have any state that can be lost. - In case that doesn't help, an entire re-creation can be forced via - rm -rf ~nextcloud/. - - + + + General notes. + Unfortunately Nextcloud appears to be very stateful when it + comes to managing its own configuration. The config file lives + in the home directory of the nextcloud user + (by default + /var/lib/nextcloud/config/config.php) and + is also used to track several states of the application (e.g., + whether installed or not). + + + All configuration parameters are also stored in + /var/lib/nextcloud/config/override.config.php + which is generated by the module and linked from the store to + ensure that all values from config.php + can be modified by the module. However + config.php manages the application's + state and shouldn't be touched manually because of that. + + + + Don't delete config.php! This file + tracks the application's state and a deletion can cause + unwanted side-effects! + + + + + Don't rerun + nextcloud-occ maintenance:install! This + command tries to install the application and can cause + unwanted side-effects! + + + + + + Multiple version upgrades. + Nextcloud doesn't allow to move more than one major-version + forward. E.g., if you're on v16, you cannot + upgrade to v18, you need to upgrade to + v17 first. This is ensured automatically as + long as the + stateVersion is + declared properly. In that case the oldest version available + (one major behind the one from the previous NixOS release) + will be selected by default and the module will generate a + warning that reminds the user to upgrade to latest Nextcloud + after that deploy. + + + + + Error: Command "upgrade" is not defined. + This error usually occurs if the initial installation + (nextcloud-occ maintenance:install) has + failed. After that, the application is not installed, but the + upgrade is attempted to be executed. Further context can be + found in + NixOS/nixpkgs#111175. + + + First of all, it makes sense to find out what went wrong by + looking at the logs of the installation via + journalctl -u nextcloud-setup and try to + fix the underlying issue. + + + + + If this occurs on an existing setup, + this is most likely because the maintenance mode is + active. It can be deactivated by running + nextcloud-occ maintenance:mode --off. + It's advisable though to check the logs first on why the + maintenance mode was activated. + + + + + + Only perform the following measures on freshly + installed instances! + + + + A re-run of the installer can be forced by + deleting + /var/lib/nextcloud/config/config.php. + This is the only time advisable because the fresh install + doesn't have any state that can be lost. In case that + doesn't help, an entire re-creation can be forced via + rm -rf ~nextcloud/. + + + + + + + Server-side encryption. + Nextcloud supports + server-side + encryption (SSE). This is not an end-to-end encryption, + but can be used to encrypt files that will be persisted to + external storage such as S3. Please note that this won't work + anymore when using OpenSSL 3 for PHP's openssl extension + because this is implemented using the legacy cipher RC4. If + is + above 22.05, this is + disabled by default. To turn it on again and for further + information please refer to + . + + - - - - Server-side encryption - - Nextcloud supports server-side encryption (SSE). - This is not an end-to-end encryption, but can be used to encrypt files that will be persisted - to external storage such as S3. Please note that this won't work anymore when using OpenSSL 3 - for PHP's openssl extension because this is implemented using the legacy cipher RC4. - If is above 22.05, - this is disabled by default. To turn it on again and for further information please refer to - . - - - - -
- -
- Using an alternative webserver as reverse-proxy (e.g. <literal>httpd</literal>) - - By default, nginx is used as reverse-proxy for nextcloud. - However, it's possible to use e.g. httpd by explicitly disabling - nginx using and fixing the - settings listen.owner & listen.group in the - corresponding phpfpm pool. - - - An exemplary configuration may look like this: - +
+
+ Using an alternative webserver as reverse-proxy (e.g. + <literal>httpd</literal>) + + By default, nginx is used as reverse-proxy for + nextcloud. However, it's possible to use e.g. + httpd by explicitly disabling + nginx using + and fixing the + settings listen.owner & + listen.group in the + corresponding + phpfpm pool. + + + An exemplary configuration may look like this: + + { config, lib, pkgs, ... }: { services.nginx.enable = false; services.nextcloud = { enable = true; - hostName = "localhost"; + hostName = "localhost"; /* further, required options */ }; services.phpfpm.pools.nextcloud.settings = { - "listen.owner" = config.services.httpd.user; - "listen.group" = config.services.httpd.group; + "listen.owner" = config.services.httpd.user; + "listen.group" = config.services.httpd.group; }; services.httpd = { enable = true; - adminAddr = "webmaster@localhost"; - extraModules = [ "proxy_fcgi" ]; - virtualHosts."localhost" = { + adminAddr = "webmaster@localhost"; + extraModules = [ "proxy_fcgi" ]; + virtualHosts."localhost" = { documentRoot = config.services.nextcloud.package; extraConfig = '' - <Directory "${config.services.nextcloud.package}"> - <FilesMatch "\.php$"> - <If "-f %{REQUEST_FILENAME}"> - SetHandler "proxy:unix:${config.services.phpfpm.pools.nextcloud.socket}|fcgi://localhost/" + <Directory "${config.services.nextcloud.package}"> + <FilesMatch "\.php$"> + <If "-f %{REQUEST_FILENAME}"> + SetHandler "proxy:unix:${config.services.phpfpm.pools.nextcloud.socket}|fcgi://localhost/" </If> </FilesMatch> <IfModule mod_rewrite.c> @@ -243,69 +261,71 @@ }; } - -
- -
- Installing Apps and PHP extensions - - - Nextcloud apps are installed statefully through the web interface. - - Some apps may require extra PHP extensions to be installed. - This can be configured with the setting. - - - - Alternatively, extra apps can also be declared with the setting. - When using this setting, apps can no longer be managed statefully because this can lead to Nextcloud updating apps - that are managed by Nix. If you want automatic updates it is recommended that you use web interface to install apps. - -
- -
- Maintainer information - - - As stated in the previous paragraph, we must provide a clean upgrade-path for Nextcloud - since it cannot move more than one major version forward on a single upgrade. This chapter - adds some notes how Nextcloud updates should be rolled out in the future. - - - - While minor and patch-level updates are no problem and can be done directly in the - package-expression (and should be backported to supported stable branches after that), - major-releases should be added in a new attribute (e.g. Nextcloud v19.0.0 - should be available in nixpkgs as pkgs.nextcloud19). - To provide simple upgrade paths it's generally useful to backport those as well to stable - branches. As long as the package-default isn't altered, this won't break existing setups. - After that, the versioning-warning in the nextcloud-module should be - updated to make sure that the - package-option selects the latest version - on fresh setups. - - - - If major-releases will be abandoned by upstream, we should check first if those are needed - in NixOS for a safe upgrade-path before removing those. In that case we should keep those - packages, but mark them as insecure in an expression like this (in - <nixpkgs/pkgs/servers/nextcloud/default.nix>): - +
+
+ Installing Apps and PHP extensions + + Nextcloud apps are installed statefully through the web interface. + Some apps may require extra PHP extensions to be installed. This + can be configured with the + + setting. + + + Alternatively, extra apps can also be declared with the + setting. + When using this setting, apps can no longer be managed statefully + because this can lead to Nextcloud updating apps that are managed + by Nix. If you want automatic updates it is recommended that you + use web interface to install apps. + +
+
+ Maintainer information + + As stated in the previous paragraph, we must provide a clean + upgrade-path for Nextcloud since it cannot move more than one + major version forward on a single upgrade. This chapter adds some + notes how Nextcloud updates should be rolled out in the future. + + + While minor and patch-level updates are no problem and can be done + directly in the package-expression (and should be backported to + supported stable branches after that), major-releases should be + added in a new attribute (e.g. Nextcloud + v19.0.0 should be available in + nixpkgs as + pkgs.nextcloud19). To provide simple upgrade + paths it's generally useful to backport those as well to stable + branches. As long as the package-default isn't altered, this won't + break existing setups. After that, the versioning-warning in the + nextcloud-module should be updated to make sure + that the + package-option + selects the latest version on fresh setups. + + + If major-releases will be abandoned by upstream, we should check + first if those are needed in NixOS for a safe upgrade-path before + removing those. In that case we should keep those packages, but + mark them as insecure in an expression like this (in + <nixpkgs/pkgs/servers/nextcloud/default.nix>): + + /* ... */ { nextcloud17 = generic { - version = "17.0.x"; - sha256 = "0000000000000000000000000000000000000000000000000000"; + version = "17.0.x"; + sha256 = "0000000000000000000000000000000000000000000000000000"; eol = true; }; } - - - - Ideally we should make sure that it's possible to jump two NixOS versions forward: - i.e. the warnings and the logic in the module should guard a user to upgrade from a - Nextcloud on e.g. 19.09 to a Nextcloud on 20.09. - -
+ + Ideally we should make sure that it's possible to jump two NixOS + versions forward: i.e. the warnings and the logic in the module + should guard a user to upgrade from a Nextcloud on e.g. 19.09 to a + Nextcloud on 20.09. + +
From 1bb00a9c1241157d3747a46dbcafa3a8a9289093 Mon Sep 17 00:00:00 2001 From: pennae Date: Tue, 3 Jan 2023 08:10:03 +0100 Subject: [PATCH 063/155] nixos/plausible: convert manual chapter to MD --- nixos/modules/services/web-apps/plausible.md | 35 ++++++++++++++ nixos/modules/services/web-apps/plausible.nix | 2 + nixos/modules/services/web-apps/plausible.xml | 46 +++++++++---------- 3 files changed, 60 insertions(+), 23 deletions(-) create mode 100644 nixos/modules/services/web-apps/plausible.md diff --git a/nixos/modules/services/web-apps/plausible.md b/nixos/modules/services/web-apps/plausible.md new file mode 100644 index 00000000000..1328ce69441 --- /dev/null +++ b/nixos/modules/services/web-apps/plausible.md @@ -0,0 +1,35 @@ +# Plausible {#module-services-plausible} + +[Plausible](https://plausible.io/) is a privacy-friendly alternative to +Google analytics. + +## Basic Usage {#module-services-plausible-basic-usage} + +At first, a secret key is needed to be generated. This can be done with e.g. +```ShellSession +$ openssl rand -base64 64 +``` + +After that, `plausible` can be deployed like this: +``` +{ + services.plausible = { + enable = true; + adminUser = { + # activate is used to skip the email verification of the admin-user that's + # automatically created by plausible. This is only supported if + # postgresql is configured by the module. This is done by default, but + # can be turned off with services.plausible.database.postgres.setup. + activate = true; + email = "admin@localhost"; + passwordFile = "/run/secrets/plausible-admin-pwd"; + }; + server = { + baseUrl = "http://analytics.example.org"; + # secretKeybaseFile is a path to the file which contains the secret generated + # with openssl as described above. + secretKeybaseFile = "/run/secrets/plausible-secret-key-base"; + }; + }; +} +``` diff --git a/nixos/modules/services/web-apps/plausible.nix b/nixos/modules/services/web-apps/plausible.nix index e5dc1b10360..bbad8152b53 100644 --- a/nixos/modules/services/web-apps/plausible.nix +++ b/nixos/modules/services/web-apps/plausible.nix @@ -292,5 +292,7 @@ in { }; meta.maintainers = with maintainers; [ ma27 ]; + # Don't edit the docbook xml directly, edit the md and generate it: + # `pandoc plausible.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > plausible.xml` meta.doc = ./plausible.xml; } diff --git a/nixos/modules/services/web-apps/plausible.xml b/nixos/modules/services/web-apps/plausible.xml index 9546ae4e558..f84a91a9f8b 100644 --- a/nixos/modules/services/web-apps/plausible.xml +++ b/nixos/modules/services/web-apps/plausible.xml @@ -1,22 +1,23 @@ - - Plausible - - Plausible is a privacy-friendly alternative to - Google analytics. - -
- Basic Usage + + Plausible - At first, a secret key is needed to be generated. This can be done with e.g. - $ openssl rand -base64 64 + Plausible is a + privacy-friendly alternative to Google analytics. - - After that, plausible can be deployed like this: - +
+ Basic Usage + + At first, a secret key is needed to be generated. This can be done + with e.g. + + +$ openssl rand -base64 64 + + + After that, plausible can be deployed like + this: + + { services.plausible = { enable = true; @@ -26,18 +27,17 @@ # postgresql is configured by the module. This is done by default, but # can be turned off with services.plausible.database.postgres.setup. activate = true; - email = "admin@localhost"; - passwordFile = "/run/secrets/plausible-admin-pwd"; + email = "admin@localhost"; + passwordFile = "/run/secrets/plausible-admin-pwd"; }; server = { - baseUrl = "http://analytics.example.org"; + baseUrl = "http://analytics.example.org"; # secretKeybaseFile is a path to the file which contains the secret generated # with openssl as described above. - secretKeybaseFile = "/run/secrets/plausible-secret-key-base"; + secretKeybaseFile = "/run/secrets/plausible-secret-key-base"; }; }; } - -
+
From 8a86d1f7592bca2a0b8d0f5c959ae7cb906cc9bd Mon Sep 17 00:00:00 2001 From: pennae Date: Tue, 3 Jan 2023 08:23:40 +0100 Subject: [PATCH 064/155] nixos/garage: convert manual chapter to MD --- .../services/web-servers/garage-doc.md | 96 ++++++ .../services/web-servers/garage-doc.xml | 319 +++++++++++------- nixos/modules/services/web-servers/garage.nix | 2 + 3 files changed, 289 insertions(+), 128 deletions(-) create mode 100644 nixos/modules/services/web-servers/garage-doc.md diff --git a/nixos/modules/services/web-servers/garage-doc.md b/nixos/modules/services/web-servers/garage-doc.md new file mode 100644 index 00000000000..b1003e5dae1 --- /dev/null +++ b/nixos/modules/services/web-servers/garage-doc.md @@ -0,0 +1,96 @@ +# Garage {#module-services-garage} + +[Garage](https://garagehq.deuxfleurs.fr/) +is an open-source, self-hostable S3 store, simpler than MinIO, for geodistributed stores. +The server setup can be automated using +[services.garage](#opt-services.garage.enable). A + client configured to your local Garage instance is available in + the global environment as `garage-manage`. + +The current default by NixOS is `garage_0_8` which is also the latest +major version available. + +## General considerations on upgrades {#module-services-garage-upgrade-scenarios} + +Garage provides a cookbook documentation on how to upgrade: + + +::: {.warning} +Garage has two types of upgrades: patch-level upgrades and minor/major version upgrades. + +In all cases, you should read the changelog and ideally test the upgrade on a staging cluster. + +Checking the health of your cluster can be achieved using `garage-manage repair`. +::: + +::: {.warning} +Until 1.0 is released, patch-level upgrades are considered as minor version upgrades. +Minor version upgrades are considered as major version upgrades. +i.e. 0.6 to 0.7 is a major version upgrade. +::: + + - **Straightforward upgrades (patch-level upgrades).** + Upgrades must be performed one by one, i.e. for each node, stop it, upgrade it : change [stateVersion](#opt-system.stateVersion) or [services.garage.package](#opt-services.garage.package), restart it if it was not already by switching. + - **Multiple version upgrades.** + Garage do not provide any guarantee on moving more than one major-version forward. + E.g., if you're on `0.7`, you cannot upgrade to `0.9`. + You need to upgrade to `0.8` first. + As long as [stateVersion](#opt-system.stateVersion) is declared properly, + this is enforced automatically. The module will issue a warning to remind the user to upgrade to latest + Garage *after* that deploy. + +## Advanced upgrades (minor/major version upgrades) {#module-services-garage-advanced-upgrades} + +Here are some baseline instructions to handle advanced upgrades in Garage, when in doubt, please refer to upstream instructions. + + - Disable API and web access to Garage. + - Perform `garage-manage repair --all-nodes --yes tables` and `garage-manage repair --all-nodes --yes blocks`. + - Verify the resulting logs and check that data is synced properly between all nodes. + If you have time, do additional checks (`scrub`, `block_refs`, etc.). + - Check if queues are empty by `garage-manage stats` or through monitoring tools. + - Run `systemctl stop garage` to stop the actual Garage version. + - Backup the metadata folder of ALL your nodes, e.g. for a metadata directory (the default one) in `/var/lib/garage/meta`, + you can run `pushd /var/lib/garage; tar -acf meta-v0.7.tar.zst meta/; popd`. + - Run the offline migration: `nix-shell -p garage_0_8 --run "garage offline-repair --yes"`, this can take some time depending on how many objects are stored in your cluster. + - Bump Garage version in your NixOS configuration, either by changing [stateVersion](#opt-system.stateVersion) or bumping [services.garage.package](#opt-services.garage.package), this should restart Garage automatically. + - Perform `garage-manage repair --all-nodes --yes tables` and `garage-manage repair --all-nodes --yes blocks`. + - Wait for a full table sync to run. + +Your upgraded cluster should be in a working state, re-enable API and web access. + +## Maintainer information {#module-services-garage-maintainer-info} + +As stated in the previous paragraph, we must provide a clean upgrade-path for Garage +since it cannot move more than one major version forward on a single upgrade. This chapter +adds some notes how Garage updates should be rolled out in the future. +This is inspired from how Nextcloud does it. + +While patch-level updates are no problem and can be done directly in the +package-expression (and should be backported to supported stable branches after that), +major-releases should be added in a new attribute (e.g. Garage `v0.8.0` +should be available in `nixpkgs` as `pkgs.garage_0_8_0`). +To provide simple upgrade paths it's generally useful to backport those as well to stable +branches. As long as the package-default isn't altered, this won't break existing setups. +After that, the versioning-warning in the `garage`-module should be +updated to make sure that the +[package](#opt-services.garage.package)-option selects the latest version +on fresh setups. + +If major-releases will be abandoned by upstream, we should check first if those are needed +in NixOS for a safe upgrade-path before removing those. In that case we shold keep those +packages, but mark them as insecure in an expression like this (in +``): +``` +/* ... */ +{ + garage_0_7_3 = generic { + version = "0.7.3"; + sha256 = "0000000000000000000000000000000000000000000000000000"; + eol = true; + }; +} +``` + +Ideally we should make sure that it's possible to jump two NixOS versions forward: +i.e. the warnings and the logic in the module should guard a user to upgrade from a +Garage on e.g. 22.11 to a Garage on 23.11. diff --git a/nixos/modules/services/web-servers/garage-doc.xml b/nixos/modules/services/web-servers/garage-doc.xml index 5d013034690..36e73e676d3 100644 --- a/nixos/modules/services/web-servers/garage-doc.xml +++ b/nixos/modules/services/web-servers/garage-doc.xml @@ -1,141 +1,204 @@ - - Garage - - Garage - is an open-source, self-hostable S3 store, simpler than MinIO, for geodistributed stores. - The server setup can be automated using - services.garage. A - client configured to your local Garage instance is available in - the global environment as garage-manage. - - - The current default by NixOS is garage_0_8 which is also the latest - major version available. - -
- General considerations on upgrades - + + Garage - Garage provides a cookbook documentation on how to upgrade: - https://garagehq.deuxfleurs.fr/documentation/cookbook/upgrading/ + Garage is + an open-source, self-hostable S3 store, simpler than MinIO, for + geodistributed stores. The server setup can be automated using + services.garage. A + client configured to your local Garage instance is available in the + global environment as garage-manage. - - - Garage has two types of upgrades: patch-level upgrades and minor/major version upgrades. - - In all cases, you should read the changelog and ideally test the upgrade on a staging cluster. - - Checking the health of your cluster can be achieved using garage-manage repair. - - - - - Until 1.0 is released, patch-level upgrades are considered as minor version upgrades. - Minor version upgrades are considered as major version upgrades. - i.e. 0.6 to 0.7 is a major version upgrade. - - - - - - Straightforward upgrades (patch-level upgrades) + + The current default by NixOS is garage_0_8 which + is also the latest major version available. + +
+ General considerations on upgrades - Upgrades must be performed one by one, i.e. for each node, stop it, upgrade it : change stateVersion or services.garage.package, restart it if it was not already by switching. + Garage provides a cookbook documentation on how to upgrade: + https://garagehq.deuxfleurs.fr/documentation/cookbook/upgrading/ - - - - - - Multiple version upgrades + + + Garage has two types of upgrades: patch-level upgrades and + minor/major version upgrades. + + + In all cases, you should read the changelog and ideally test the + upgrade on a staging cluster. + + + Checking the health of your cluster can be achieved using + garage-manage repair. + + + + + Until 1.0 is released, patch-level upgrades are considered as + minor version upgrades. Minor version upgrades are considered as + major version upgrades. i.e. 0.6 to 0.7 is a major version + upgrade. + + + + + + Straightforward upgrades (patch-level + upgrades). Upgrades must be performed one by one, + i.e. for each node, stop it, upgrade it : change + stateVersion or + services.garage.package, + restart it if it was not already by switching. + + + + + Multiple version upgrades. + Garage do not provide any guarantee on moving more than one + major-version forward. E.g., if you're on + 0.7, you cannot upgrade to + 0.9. You need to upgrade to + 0.8 first. As long as + stateVersion is + declared properly, this is enforced automatically. The module + will issue a warning to remind the user to upgrade to latest + Garage after that deploy. + + + +
+
+ Advanced upgrades (minor/major version upgrades) - Garage do not provide any guarantee on moving more than one major-version forward. - E.g., if you're on 0.7, you cannot upgrade to 0.9. - You need to upgrade to 0.8 first. - - As long as stateVersion is declared properly, - this is enforced automatically. The module will issue a warning to remind the user to upgrade to latest - Garage after that deploy. - - - - -
- -
- Advanced upgrades (minor/major version upgrades) - Here are some baseline instructions to handle advanced upgrades in Garage, when in doubt, please refer to upstream instructions. - - - Disable API and web access to Garage. - Perform garage-manage repair --all-nodes --yes tables and garage-manage repair --all-nodes --yes blocks. - Verify the resulting logs and check that data is synced properly between all nodes. - If you have time, do additional checks (scrub, block_refs, etc.). - Check if queues are empty by garage-manage stats or through monitoring tools. - Run systemctl stop garage to stop the actual Garage version. - Backup the metadata folder of ALL your nodes, e.g. for a metadata directory (the default one) in /var/lib/garage/meta, - you can run pushd /var/lib/garage; tar -acf meta-v0.7.tar.zst meta/; popd. - Run the offline migration: nix-shell -p garage_0_8 --run "garage offline-repair --yes", this can take some time depending on how many objects are stored in your cluster. - Bump Garage version in your NixOS configuration, either by changing stateVersion or bumping services.garage.package, this should restart Garage automatically. - Perform garage-manage repair --all-nodes --yes tables and garage-manage repair --all-nodes --yes blocks. - Wait for a full table sync to run. - - - - Your upgraded cluster should be in a working state, re-enable API and web access. - -
- -
- Maintainer information - - - As stated in the previous paragraph, we must provide a clean upgrade-path for Garage - since it cannot move more than one major version forward on a single upgrade. This chapter - adds some notes how Garage updates should be rolled out in the future. - - This is inspired from how Nextcloud does it. - - - - While patch-level updates are no problem and can be done directly in the - package-expression (and should be backported to supported stable branches after that), - major-releases should be added in a new attribute (e.g. Garage v0.8.0 - should be available in nixpkgs as pkgs.garage_0_8_0). - To provide simple upgrade paths it's generally useful to backport those as well to stable - branches. As long as the package-default isn't altered, this won't break existing setups. - After that, the versioning-warning in the garage-module should be - updated to make sure that the - package-option selects the latest version - on fresh setups. - - - - If major-releases will be abandoned by upstream, we should check first if those are needed - in NixOS for a safe upgrade-path before removing those. In that case we shold keep those - packages, but mark them as insecure in an expression like this (in - <nixpkgs/pkgs/tools/filesystem/garage/default.nix>): - + Here are some baseline instructions to handle advanced upgrades in + Garage, when in doubt, please refer to upstream instructions. + + + + + Disable API and web access to Garage. + + + + + Perform + garage-manage repair --all-nodes --yes tables + and + garage-manage repair --all-nodes --yes blocks. + + + + + Verify the resulting logs and check that data is synced + properly between all nodes. If you have time, do additional + checks (scrub, + block_refs, etc.). + + + + + Check if queues are empty by + garage-manage stats or through monitoring + tools. + + + + + Run systemctl stop garage to stop the + actual Garage version. + + + + + Backup the metadata folder of ALL your nodes, e.g. for a + metadata directory (the default one) in + /var/lib/garage/meta, you can run + pushd /var/lib/garage; tar -acf meta-v0.7.tar.zst meta/; popd. + + + + + Run the offline migration: + nix-shell -p garage_0_8 --run "garage offline-repair --yes", + this can take some time depending on how many objects are + stored in your cluster. + + + + + Bump Garage version in your NixOS configuration, either by + changing + stateVersion or + bumping + services.garage.package, + this should restart Garage automatically. + + + + + Perform + garage-manage repair --all-nodes --yes tables + and + garage-manage repair --all-nodes --yes blocks. + + + + + Wait for a full table sync to run. + + + + + Your upgraded cluster should be in a working state, re-enable API + and web access. + +
+
+ Maintainer information + + As stated in the previous paragraph, we must provide a clean + upgrade-path for Garage since it cannot move more than one major + version forward on a single upgrade. This chapter adds some notes + how Garage updates should be rolled out in the future. This is + inspired from how Nextcloud does it. + + + While patch-level updates are no problem and can be done directly + in the package-expression (and should be backported to supported + stable branches after that), major-releases should be added in a + new attribute (e.g. Garage v0.8.0 should be + available in nixpkgs as + pkgs.garage_0_8_0). To provide simple upgrade + paths it's generally useful to backport those as well to stable + branches. As long as the package-default isn't altered, this won't + break existing setups. After that, the versioning-warning in the + garage-module should be updated to make sure + that the + package-option + selects the latest version on fresh setups. + + + If major-releases will be abandoned by upstream, we should check + first if those are needed in NixOS for a safe upgrade-path before + removing those. In that case we shold keep those packages, but + mark them as insecure in an expression like this (in + <nixpkgs/pkgs/tools/filesystem/garage/default.nix>): + + /* ... */ { garage_0_7_3 = generic { - version = "0.7.3"; - sha256 = "0000000000000000000000000000000000000000000000000000"; + version = "0.7.3"; + sha256 = "0000000000000000000000000000000000000000000000000000"; eol = true; }; } - - - - Ideally we should make sure that it's possible to jump two NixOS versions forward: - i.e. the warnings and the logic in the module should guard a user to upgrade from a - Garage on e.g. 22.11 to a Garage on 23.11. - -
- + + Ideally we should make sure that it's possible to jump two NixOS + versions forward: i.e. the warnings and the logic in the module + should guard a user to upgrade from a Garage on e.g. 22.11 to a + Garage on 23.11. + +
diff --git a/nixos/modules/services/web-servers/garage.nix b/nixos/modules/services/web-servers/garage.nix index d66bcd73150..eac0edc9d6f 100644 --- a/nixos/modules/services/web-servers/garage.nix +++ b/nixos/modules/services/web-servers/garage.nix @@ -9,6 +9,8 @@ let in { meta = { + # Don't edit the docbook xml directly, edit the md and generate it: + # `pandoc garage-doc.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > garage-doc.xml` doc = ./garage-doc.xml; maintainers = with pkgs.lib.maintainers; [ raitobezarius ]; }; From da6641a57a7bd33a59c6c00d2f82c9344ca15d2f Mon Sep 17 00:00:00 2001 From: pennae Date: Tue, 3 Jan 2023 08:44:06 +0100 Subject: [PATCH 065/155] nixos/gnome: convert manual chapter to MD --- .../services/x11/desktop-managers/gnome.md | 167 +++++++ .../services/x11/desktop-managers/gnome.nix | 2 + .../services/x11/desktop-managers/gnome.xml | 408 +++++++++--------- 3 files changed, 376 insertions(+), 201 deletions(-) create mode 100644 nixos/modules/services/x11/desktop-managers/gnome.md diff --git a/nixos/modules/services/x11/desktop-managers/gnome.md b/nixos/modules/services/x11/desktop-managers/gnome.md new file mode 100644 index 00000000000..d9e75bfe6bd --- /dev/null +++ b/nixos/modules/services/x11/desktop-managers/gnome.md @@ -0,0 +1,167 @@ +# GNOME Desktop {#chap-gnome} + +GNOME provides a simple, yet full-featured desktop environment with a focus on productivity. Its Mutter compositor supports both Wayland and X server, and the GNOME Shell user interface is fully customizable by extensions. + +## Enabling GNOME {#sec-gnome-enable} + +All of the core apps, optional apps, games, and core developer tools from GNOME are available. + +To enable the GNOME desktop use: + +``` +services.xserver.desktopManager.gnome.enable = true; +services.xserver.displayManager.gdm.enable = true; +``` + +::: {.note} +While it is not strictly necessary to use GDM as the display manager with GNOME, it is recommended, as some features such as screen lock [might not work](#sec-gnome-faq-can-i-use-lightdm-with-gnome) without it. +::: + +The default applications used in NixOS are very minimal, inspired by the defaults used in [gnome-build-meta](https://gitlab.gnome.org/GNOME/gnome-build-meta/blob/40.0/elements/core/meta-gnome-core-utilities.bst). + +### GNOME without the apps {#sec-gnome-without-the-apps} + +If you’d like to only use the GNOME desktop and not the apps, you can disable them with: + +``` +services.gnome.core-utilities.enable = false; +``` + +and none of them will be installed. + +If you’d only like to omit a subset of the core utilities, you can use +[](#opt-environment.gnome.excludePackages). +Note that this mechanism can only exclude core utilities, games and core developer tools. + +### Disabling GNOME services {#sec-gnome-disabling-services} + +It is also possible to disable many of the [core services](https://github.com/NixOS/nixpkgs/blob/b8ec4fd2a4edc4e30d02ba7b1a2cc1358f3db1d5/nixos/modules/services/x11/desktop-managers/gnome.nix#L329-L348). For example, if you do not need indexing files, you can disable Tracker with: + +``` +services.gnome.tracker-miners.enable = false; +services.gnome.tracker.enable = false; +``` + +Note, however, that doing so is not supported and might break some applications. Notably, GNOME Music cannot work without Tracker. + +### GNOME games {#sec-gnome-games} + +You can install all of the GNOME games with: + +``` +services.gnome.games.enable = true; +``` + +### GNOME core developer tools {#sec-gnome-core-developer-tools} + +You can install GNOME core developer tools with: + +``` +services.gnome.core-developer-tools.enable = true; +``` + +## Enabling GNOME Flashback {#sec-gnome-enable-flashback} + +GNOME Flashback provides a desktop environment based on the classic GNOME 2 architecture. You can enable the default GNOME Flashback session, which uses the Metacity window manager, with: + +``` +services.xserver.desktopManager.gnome.flashback.enableMetacity = true; +``` + +It is also possible to create custom sessions that replace Metacity with a different window manager using [](#opt-services.xserver.desktopManager.gnome.flashback.customSessions). + +The following example uses `xmonad` window manager: + +``` +services.xserver.desktopManager.gnome.flashback.customSessions = [ + { + wmName = "xmonad"; + wmLabel = "XMonad"; + wmCommand = "${pkgs.haskellPackages.xmonad}/bin/xmonad"; + enableGnomePanel = false; + } +]; +``` + +## Icons and GTK Themes {#sec-gnome-icons-and-gtk-themes} + +Icon themes and GTK themes don’t require any special option to install in NixOS. + +You can add them to [](#opt-environment.systemPackages) and switch to them with GNOME Tweaks. +If you’d like to do this manually in dconf, change the values of the following keys: + +``` +/org/gnome/desktop/interface/gtk-theme +/org/gnome/desktop/interface/icon-theme +``` + +in `dconf-editor` + +## Shell Extensions {#sec-gnome-shell-extensions} + +Most Shell extensions are packaged under the `gnomeExtensions` attribute. +Some packages that include Shell extensions, like `gnome.gpaste`, don’t have their extension decoupled under this attribute. + +You can install them like any other package: + +``` +environment.systemPackages = [ + gnomeExtensions.dash-to-dock + gnomeExtensions.gsconnect + gnomeExtensions.mpris-indicator-button +]; +``` + +Unfortunately, we lack a way for these to be managed in a completely declarative way. +So you have to enable them manually with an Extensions application. +It is possible to use a [GSettings override](#sec-gnome-gsettings-overrides) for this on `org.gnome.shell.enabled-extensions`, but that will only influence the default value. + +## GSettings Overrides {#sec-gnome-gsettings-overrides} + +Majority of software building on the GNOME platform use GLib’s [GSettings](https://developer.gnome.org/gio/unstable/GSettings.html) system to manage runtime configuration. For our purposes, the system consists of XML schemas describing the individual configuration options, stored in the package, and a settings backend, where the values of the settings are stored. On NixOS, like on most Linux distributions, dconf database is used as the backend. + +[GSettings vendor overrides](https://developer.gnome.org/gio/unstable/GSettings.html#id-1.4.19.2.9.25) can be used to adjust the default values for settings of the GNOME desktop and apps by replacing the default values specified in the XML schemas. Using overrides will allow you to pre-seed user settings before you even start the session. + +::: {.warning} +Overrides really only change the default values for GSettings keys so if you or an application changes the setting value, the value set by the override will be ignored. Until [NixOS’s dconf module implements changing values](https://github.com/NixOS/nixpkgs/issues/54150), you will either need to keep that in mind and clear the setting from the backend using `dconf reset` command when that happens, or use the [module from home-manager](https://nix-community.github.io/home-manager/options.html#opt-dconf.settings). +::: + +You can override the default GSettings values using the +[](#opt-services.xserver.desktopManager.gnome.extraGSettingsOverrides) option. + +Take note that whatever packages you want to override GSettings for, you need to add them to +[](#opt-services.xserver.desktopManager.gnome.extraGSettingsOverridePackages). + +You can use `dconf-editor` tool to explore which GSettings you can set. + +### Example {#sec-gnome-gsettings-overrides-example} + +``` +services.xserver.desktopManager.gnome = { + extraGSettingsOverrides = '' + # Change default background + [org.gnome.desktop.background] + picture-uri='file://${pkgs.nixos-artwork.wallpapers.mosaic-blue.gnomeFilePath}' + + # Favorite apps in gnome-shell + [org.gnome.shell] + favorite-apps=['org.gnome.Photos.desktop', 'org.gnome.Nautilus.desktop'] + ''; + + extraGSettingsOverridePackages = [ + pkgs.gsettings-desktop-schemas # for org.gnome.desktop + pkgs.gnome.gnome-shell # for org.gnome.shell + ]; +}; +``` + +## Frequently Asked Questions {#sec-gnome-faq} + +### Can I use LightDM with GNOME? {#sec-gnome-faq-can-i-use-lightdm-with-gnome} + +Yes you can, and any other display-manager in NixOS. + +However, it doesn’t work correctly for the Wayland session of GNOME Shell yet, and +won’t be able to lock your screen. + +See [this issue.](https://github.com/NixOS/nixpkgs/issues/56342) diff --git a/nixos/modules/services/x11/desktop-managers/gnome.nix b/nixos/modules/services/x11/desktop-managers/gnome.nix index 9c1978e362b..21c3608290c 100644 --- a/nixos/modules/services/x11/desktop-managers/gnome.nix +++ b/nixos/modules/services/x11/desktop-managers/gnome.nix @@ -66,6 +66,8 @@ in { meta = { + # Don't edit the docbook xml directly, edit the md and generate it: + # `pandoc gnome.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > gnome.xml` doc = ./gnome.xml; maintainers = teams.gnome.members; }; diff --git a/nixos/modules/services/x11/desktop-managers/gnome.xml b/nixos/modules/services/x11/desktop-managers/gnome.xml index 1b3a270c17e..d1038bded00 100644 --- a/nixos/modules/services/x11/desktop-managers/gnome.xml +++ b/nixos/modules/services/x11/desktop-managers/gnome.xml @@ -1,215 +1,224 @@ - - GNOME Desktop - - GNOME provides a simple, yet full-featured desktop environment with a focus on productivity. Its Mutter compositor supports both Wayland and X server, and the GNOME Shell user interface is fully customizable by extensions. - - -
- Enabling GNOME - + + GNOME Desktop - All of the core apps, optional apps, games, and core developer tools from GNOME are available. + GNOME provides a simple, yet full-featured desktop environment with + a focus on productivity. Its Mutter compositor supports both Wayland + and X server, and the GNOME Shell user interface is fully + customizable by extensions. - - - To enable the GNOME desktop use: - - - +
+ Enabling GNOME + + All of the core apps, optional apps, games, and core developer + tools from GNOME are available. + + + To enable the GNOME desktop use: + + services.xserver.desktopManager.gnome.enable = true; services.xserver.displayManager.gdm.enable = true; - - - - While it is not strictly necessary to use GDM as the display manager with GNOME, it is recommended, as some features such as screen lock might not work without it. - - - - - The default applications used in NixOS are very minimal, inspired by the defaults used in gnome-build-meta. - - -
- GNOME without the apps - - - If you’d like to only use the GNOME desktop and not the apps, you can disable them with: - - - + + + While it is not strictly necessary to use GDM as the display + manager with GNOME, it is recommended, as some features such as + screen lock + might + not work without it. + + + + The default applications used in NixOS are very minimal, inspired + by the defaults used in + gnome-build-meta. + +
+ GNOME without the apps + + If you’d like to only use the GNOME desktop and not the apps, + you can disable them with: + + services.gnome.core-utilities.enable = false; - - - and none of them will be installed. - - - - If you’d only like to omit a subset of the core utilities, you can use . - Note that this mechanism can only exclude core utilities, games and core developer tools. - -
- -
- Disabling GNOME services - - - It is also possible to disable many of the core services. For example, if you do not need indexing files, you can disable Tracker with: - - - + + and none of them will be installed. + + + If you’d only like to omit a subset of the core utilities, you + can use + . + Note that this mechanism can only exclude core utilities, games + and core developer tools. + +
+
+ Disabling GNOME services + + It is also possible to disable many of the + core + services. For example, if you do not need indexing files, + you can disable Tracker with: + + services.gnome.tracker-miners.enable = false; services.gnome.tracker.enable = false; - - - Note, however, that doing so is not supported and might break some applications. Notably, GNOME Music cannot work without Tracker. - -
- -
- GNOME games - - - You can install all of the GNOME games with: - - - + + Note, however, that doing so is not supported and might break + some applications. Notably, GNOME Music cannot work without + Tracker. + +
+
+ GNOME games + + You can install all of the GNOME games with: + + services.gnome.games.enable = true; -
- -
- GNOME core developer tools - - - You can install GNOME core developer tools with: - - - +
+
+ GNOME core developer tools + + You can install GNOME core developer tools with: + + services.gnome.core-developer-tools.enable = true; +
-
- -
- Enabling GNOME Flashback - - - GNOME Flashback provides a desktop environment based on the classic GNOME 2 architecture. You can enable the default GNOME Flashback session, which uses the Metacity window manager, with: - - - +
+ Enabling GNOME Flashback + + GNOME Flashback provides a desktop environment based on the + classic GNOME 2 architecture. You can enable the default GNOME + Flashback session, which uses the Metacity window manager, with: + + services.xserver.desktopManager.gnome.flashback.enableMetacity = true; - - - It is also possible to create custom sessions that replace Metacity with a different window manager using . - - - - The following example uses xmonad window manager: - - - + + It is also possible to create custom sessions that replace + Metacity with a different window manager using + . + + + The following example uses xmonad window + manager: + + services.xserver.desktopManager.gnome.flashback.customSessions = [ { - wmName = "xmonad"; - wmLabel = "XMonad"; - wmCommand = "${pkgs.haskellPackages.xmonad}/bin/xmonad"; + wmName = "xmonad"; + wmLabel = "XMonad"; + wmCommand = "${pkgs.haskellPackages.xmonad}/bin/xmonad"; enableGnomePanel = false; } ]; - -
- -
- Icons and GTK Themes - - - Icon themes and GTK themes don’t require any special option to install in NixOS. - - - - You can add them to and switch to them with GNOME Tweaks. - If you’d like to do this manually in dconf, change the values of the following keys: - - - +
+
+ Icons and GTK Themes + + Icon themes and GTK themes don’t require any special option to + install in NixOS. + + + You can add them to + and switch + to them with GNOME Tweaks. If you’d like to do this manually in + dconf, change the values of the following keys: + + /org/gnome/desktop/interface/gtk-theme /org/gnome/desktop/interface/icon-theme - - - in dconf-editor - -
- -
- Shell Extensions - - - Most Shell extensions are packaged under the gnomeExtensions attribute. - Some packages that include Shell extensions, like gnome.gpaste, don’t have their extension decoupled under this attribute. - - - - You can install them like any other package: - - - + + in dconf-editor + +
+
+ Shell Extensions + + Most Shell extensions are packaged under the + gnomeExtensions attribute. Some packages that + include Shell extensions, like gnome.gpaste, + don’t have their extension decoupled under this attribute. + + + You can install them like any other package: + + environment.systemPackages = [ gnomeExtensions.dash-to-dock gnomeExtensions.gsconnect gnomeExtensions.mpris-indicator-button ]; - - - Unfortunately, we lack a way for these to be managed in a completely declarative way. - So you have to enable them manually with an Extensions application. - It is possible to use a GSettings override for this on org.gnome.shell.enabled-extensions, but that will only influence the default value. - -
- -
- GSettings Overrides - - - Majority of software building on the GNOME platform use GLib’s GSettings system to manage runtime configuration. For our purposes, the system consists of XML schemas describing the individual configuration options, stored in the package, and a settings backend, where the values of the settings are stored. On NixOS, like on most Linux distributions, dconf database is used as the backend. - - - - GSettings vendor overrides can be used to adjust the default values for settings of the GNOME desktop and apps by replacing the default values specified in the XML schemas. Using overrides will allow you to pre-seed user settings before you even start the session. - - - - - Overrides really only change the default values for GSettings keys so if you or an application changes the setting value, the value set by the override will be ignored. Until NixOS’s dconf module implements changing values, you will either need to keep that in mind and clear the setting from the backend using dconf reset command when that happens, or use the module from home-manager. - - - - - You can override the default GSettings values using the option. - - - - Take note that whatever packages you want to override GSettings for, you need to add them to - . - - - - You can use dconf-editor tool to explore which GSettings you can set. - - -
- Example - - + + Unfortunately, we lack a way for these to be managed in a + completely declarative way. So you have to enable them manually + with an Extensions application. It is possible to use a + GSettings + override for this on + org.gnome.shell.enabled-extensions, but that + will only influence the default value. + +
+
+ GSettings Overrides + + Majority of software building on the GNOME platform use GLib’s + GSettings + system to manage runtime configuration. For our purposes, the + system consists of XML schemas describing the individual + configuration options, stored in the package, and a settings + backend, where the values of the settings are stored. On NixOS, + like on most Linux distributions, dconf database is used as the + backend. + + + GSettings + vendor overrides can be used to adjust the default values + for settings of the GNOME desktop and apps by replacing the + default values specified in the XML schemas. Using overrides will + allow you to pre-seed user settings before you even start the + session. + + + + Overrides really only change the default values for GSettings + keys so if you or an application changes the setting value, the + value set by the override will be ignored. Until + NixOS’s + dconf module implements changing values, you will either + need to keep that in mind and clear the setting from the backend + using dconf reset command when that happens, + or use the + module + from home-manager. + + + + You can override the default GSettings values using the + + option. + + + Take note that whatever packages you want to override GSettings + for, you need to add them to + . + + + You can use dconf-editor tool to explore which + GSettings you can set. + +
+ Example + services.xserver.desktopManager.gnome = { extraGSettingsOverrides = '' # Change default background @@ -227,27 +236,24 @@ services.xserver.desktopManager.gnome = { ]; }; +
-
- -
- Frequently Asked Questions - -
- Can I use LightDM with GNOME? - - - Yes you can, and any other display-manager in NixOS. - - - - However, it doesn’t work correctly for the Wayland session of GNOME Shell yet, and - won’t be able to lock your screen. - - - - See this issue. - +
+ Frequently Asked Questions +
+ Can I use LightDM with GNOME? + + Yes you can, and any other display-manager in NixOS. + + + However, it doesn’t work correctly for the Wayland session of + GNOME Shell yet, and won’t be able to lock your screen. + + + See + this + issue. + +
-
From 03c72f224cc721b359c5477aeef4bcfa185477bd Mon Sep 17 00:00:00 2001 From: pennae Date: Tue, 3 Jan 2023 09:12:23 +0100 Subject: [PATCH 066/155] nixos/pantheon: convert manual chapter to MD --- .../services/x11/desktop-managers/pantheon.md | 74 ++++++ .../x11/desktop-managers/pantheon.nix | 2 + .../x11/desktop-managers/pantheon.xml | 227 +++++++++++------- 3 files changed, 214 insertions(+), 89 deletions(-) create mode 100644 nixos/modules/services/x11/desktop-managers/pantheon.md diff --git a/nixos/modules/services/x11/desktop-managers/pantheon.md b/nixos/modules/services/x11/desktop-managers/pantheon.md new file mode 100644 index 00000000000..1c14ede8474 --- /dev/null +++ b/nixos/modules/services/x11/desktop-managers/pantheon.md @@ -0,0 +1,74 @@ +# Pantheon Desktop {#chap-pantheon} + +Pantheon is the desktop environment created for the elementary OS distribution. It is written from scratch in Vala, utilizing GNOME technologies with GTK and Granite. + +## Enabling Pantheon {#sec-pantheon-enable} + +All of Pantheon is working in NixOS and the applications should be available, aside from a few [exceptions](https://github.com/NixOS/nixpkgs/issues/58161). To enable Pantheon, set +``` +services.xserver.desktopManager.pantheon.enable = true; +``` +This automatically enables LightDM and Pantheon's LightDM greeter. If you'd like to disable this, set +``` +services.xserver.displayManager.lightdm.greeters.pantheon.enable = false; +services.xserver.displayManager.lightdm.enable = false; +``` +but please be aware using Pantheon without LightDM as a display manager will break screenlocking from the UI. The NixOS module for Pantheon installs all of Pantheon's default applications. If you'd like to not install Pantheon's apps, set +``` +services.pantheon.apps.enable = false; +``` +You can also use [](#opt-environment.pantheon.excludePackages) to remove any other app (like `elementary-mail`). + +## Wingpanel and Switchboard plugins {#sec-pantheon-wingpanel-switchboard} + +Wingpanel and Switchboard work differently than they do in other distributions, as far as using plugins. You cannot install a plugin globally (like with {option}`environment.systemPackages`) to start using it. You should instead be using the following options: + + - [](#opt-services.xserver.desktopManager.pantheon.extraWingpanelIndicators) + - [](#opt-services.xserver.desktopManager.pantheon.extraSwitchboardPlugs) + +to configure the programs with plugs or indicators. + +The difference in NixOS is both these programs are patched to load plugins from a directory that is the value of an environment variable. All of which is controlled in Nix. If you need to configure the particular packages manually you can override the packages like: +``` +wingpanel-with-indicators.override { + indicators = [ + pkgs.some-special-indicator + ]; +}; + +switchboard-with-plugs.override { + plugs = [ + pkgs.some-special-plug + ]; +}; +``` +please note that, like how the NixOS options describe these as extra plugins, this would only add to the default plugins included with the programs. If for some reason you'd like to configure which plugins to use exactly, both packages have an argument for this: +``` +wingpanel-with-indicators.override { + useDefaultIndicators = false; + indicators = specialListOfIndicators; +}; + +switchboard-with-plugs.override { + useDefaultPlugs = false; + plugs = specialListOfPlugs; +}; +``` +this could be most useful for testing a particular plug-in in isolation. + +## FAQ {#sec-pantheon-faq} + +[I have switched from a different desktop and Pantheon’s theming looks messed up.]{#sec-pantheon-faq-messed-up-theme} + : Open Switchboard and go to: Administration → About → Restore Default Settings → Restore Settings. This will reset any dconf settings to their Pantheon defaults. Note this could reset certain GNOME specific preferences if that desktop was used prior. + +[I cannot enable both GNOME and Pantheon.]{#sec-pantheon-faq-gnome-and-pantheon} + : This is a known [issue](https://github.com/NixOS/nixpkgs/issues/64611) and there is no known workaround. + +[Does AppCenter work, or is it available?]{#sec-pantheon-faq-appcenter} + : AppCenter has been available since 20.03. Starting from 21.11, the Flatpak backend should work so you can install some Flatpak applications using it. However, due to missing appstream metadata, the Packagekit backend does not function currently. See this [issue](https://github.com/NixOS/nixpkgs/issues/15932). + + If you are using Pantheon, AppCenter should be installed by default if you have [Flatpak support](#module-services-flatpak) enabled. If you also wish to add the `appcenter` Flatpak remote: + + ```ShellSession + $ flatpak remote-add --if-not-exists appcenter https://flatpak.elementary.io/repo.flatpakrepo + ``` diff --git a/nixos/modules/services/x11/desktop-managers/pantheon.nix b/nixos/modules/services/x11/desktop-managers/pantheon.nix index 5c0203224e1..25d5d861294 100644 --- a/nixos/modules/services/x11/desktop-managers/pantheon.nix +++ b/nixos/modules/services/x11/desktop-managers/pantheon.nix @@ -17,6 +17,8 @@ in { meta = { + # Don't edit the docbook xml directly, edit the md and generate it: + # `pandoc pantheon.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > pantheon.xml` doc = ./pantheon.xml; maintainers = teams.pantheon.members; }; diff --git a/nixos/modules/services/x11/desktop-managers/pantheon.xml b/nixos/modules/services/x11/desktop-managers/pantheon.xml index 72ce0edbef5..27ed5977ff0 100644 --- a/nixos/modules/services/x11/desktop-managers/pantheon.xml +++ b/nixos/modules/services/x11/desktop-managers/pantheon.xml @@ -1,53 +1,76 @@ - - Pantheon Desktop - - Pantheon is the desktop environment created for the elementary OS distribution. It is written from scratch in Vala, utilizing GNOME technologies with GTK and Granite. - -
- Enabling Pantheon - + + Pantheon Desktop - All of Pantheon is working in NixOS and the applications should be available, aside from a few exceptions. To enable Pantheon, set - + Pantheon is the desktop environment created for the elementary OS + distribution. It is written from scratch in Vala, utilizing GNOME + technologies with GTK and Granite. + +
+ Enabling Pantheon + + All of Pantheon is working in NixOS and the applications should be + available, aside from a few + exceptions. + To enable Pantheon, set + + services.xserver.desktopManager.pantheon.enable = true; - This automatically enables LightDM and Pantheon's LightDM greeter. If you'd like to disable this, set - + + This automatically enables LightDM and Pantheon's LightDM greeter. + If you'd like to disable this, set + + services.xserver.displayManager.lightdm.greeters.pantheon.enable = false; services.xserver.displayManager.lightdm.enable = false; - but please be aware using Pantheon without LightDM as a display manager will break screenlocking from the UI. The NixOS module for Pantheon installs all of Pantheon's default applications. If you'd like to not install Pantheon's apps, set - + + but please be aware using Pantheon without LightDM as a display + manager will break screenlocking from the UI. The NixOS module for + Pantheon installs all of Pantheon's default applications. If you'd + like to not install Pantheon's apps, set + + services.pantheon.apps.enable = false; - You can also use to remove any other app (like elementary-mail). - -
-
- Wingpanel and Switchboard plugins - - - Wingpanel and Switchboard work differently than they do in other distributions, as far as using plugins. You cannot install a plugin globally (like with ) to start using it. You should instead be using the following options: - - - - - - - - - - - - - to configure the programs with plugs or indicators. - - - - The difference in NixOS is both these programs are patched to load plugins from a directory that is the value of an environment variable. All of which is controlled in Nix. If you need to configure the particular packages manually you can override the packages like: - + + You can also use + + to remove any other app (like elementary-mail). + +
+
+ Wingpanel and Switchboard plugins + + Wingpanel and Switchboard work differently than they do in other + distributions, as far as using plugins. You cannot install a + plugin globally (like with + ) to start using it. + You should instead be using the following options: + + + + + + + + + + + + + + + to configure the programs with plugs or indicators. + + + The difference in NixOS is both these programs are patched to load + plugins from a directory that is the value of an environment + variable. All of which is controlled in Nix. If you need to + configure the particular packages manually you can override the + packages like: + + wingpanel-with-indicators.override { indicators = [ pkgs.some-special-indicator @@ -60,8 +83,14 @@ switchboard-with-plugs.override { ]; }; - please note that, like how the NixOS options describe these as extra plugins, this would only add to the default plugins included with the programs. If for some reason you'd like to configure which plugins to use exactly, both packages have an argument for this: - + + please note that, like how the NixOS options describe these as + extra plugins, this would only add to the default plugins included + with the programs. If for some reason you'd like to configure + which plugins to use exactly, both packages have an argument for + this: + + wingpanel-with-indicators.override { useDefaultIndicators = false; indicators = specialListOfIndicators; @@ -72,49 +101,69 @@ switchboard-with-plugs.override { plugs = specialListOfPlugs; }; - this could be most useful for testing a particular plug-in in isolation. - -
-
- FAQ - - - - - I have switched from a different desktop and Pantheon’s theming looks messed up. - - - - Open Switchboard and go to: Administration → About → Restore Default Settings → Restore Settings. This will reset any dconf settings to their Pantheon defaults. Note this could reset certain GNOME specific preferences if that desktop was used prior. - - - - - - I cannot enable both GNOME and Pantheon. - - - - This is a known issue and there is no known workaround. - - - - - - Does AppCenter work, or is it available? - - - - AppCenter has been available since 20.03. Starting from 21.11, the Flatpak backend should work so you can install some Flatpak applications using it. However, due to missing appstream metadata, the Packagekit backend does not function currently. See this issue. - - - If you are using Pantheon, AppCenter should be installed by default if you have Flatpak support enabled. If you also wish to add the appcenter Flatpak remote: - - -$ flatpak remote-add --if-not-exists appcenter https://flatpak.elementary.io/repo.flatpakrepo - - - - -
+ + this could be most useful for testing a particular plug-in in + isolation. + +
+
+ FAQ + + + + I have + switched from a different desktop and Pantheon’s theming looks + messed up. + + + + Open Switchboard and go to: Administration → About → Restore + Default Settings → Restore Settings. This will reset any + dconf settings to their Pantheon defaults. Note this could + reset certain GNOME specific preferences if that desktop was + used prior. + + + + + + I + cannot enable both GNOME and Pantheon. + + + + This is a known + issue + and there is no known workaround. + + + + + + Does AppCenter + work, or is it available? + + + + AppCenter has been available since 20.03. Starting from + 21.11, the Flatpak backend should work so you can install + some Flatpak applications using it. However, due to missing + appstream metadata, the Packagekit backend does not function + currently. See this + issue. + + + If you are using Pantheon, AppCenter should be installed by + default if you have + Flatpak + support enabled. If you also wish to add the + appcenter Flatpak remote: + + +$ flatpak remote-add --if-not-exists appcenter https://flatpak.elementary.io/repo.flatpakrepo + + + + +
From 23ea73b4169d68c0d22c3d9aed6e2a692a793ff5 Mon Sep 17 00:00:00 2001 From: pennae Date: Wed, 4 Jan 2023 06:56:24 +0100 Subject: [PATCH 067/155] nixos/manual: enable smart quotes for all MD chapters --- nixos/modules/i18n/input-method/default.nix | 2 +- nixos/modules/i18n/input-method/default.xml | 8 +-- .../programs/digitalbitbox/default.nix | 2 +- nixos/modules/programs/plotinus.nix | 2 +- nixos/modules/programs/zsh/oh-my-zsh.nix | 2 +- nixos/modules/programs/zsh/oh-my-zsh.xml | 4 +- nixos/modules/security/acme/default.nix | 2 +- nixos/modules/security/acme/doc.xml | 27 +++++----- nixos/modules/services/backup/borgbackup.nix | 2 +- nixos/modules/services/backup/borgbackup.xml | 2 +- .../services/databases/foundationdb.nix | 2 +- .../services/databases/foundationdb.xml | 16 +++--- .../modules/services/databases/postgresql.nix | 2 +- .../modules/services/databases/postgresql.xml | 8 +-- nixos/modules/services/editors/emacs.nix | 2 +- nixos/modules/services/hardware/trezord.nix | 2 +- nixos/modules/services/mail/mailman.nix | 2 +- nixos/modules/services/mail/mailman.xml | 4 +- nixos/modules/services/matrix/mjolnir.nix | 2 +- nixos/modules/services/matrix/mjolnir.xml | 16 +++--- nixos/modules/services/matrix/synapse.nix | 2 +- nixos/modules/services/matrix/synapse.xml | 10 ++-- nixos/modules/services/misc/gitlab.nix | 2 +- nixos/modules/services/misc/gitlab.xml | 6 +-- .../services/misc/sourcehut/default.nix | 2 +- .../services/misc/sourcehut/sourcehut.xml | 8 +-- .../services/misc/taskserver/default.nix | 2 +- .../modules/services/misc/taskserver/doc.xml | 8 +-- .../monitoring/prometheus/exporters.nix | 2 +- .../monitoring/prometheus/exporters.xml | 10 ++-- .../litestream/default.nix | 2 +- .../litestream/litestream.xml | 2 +- nixos/modules/services/networking/pleroma.nix | 2 +- nixos/modules/services/networking/pleroma.xml | 4 +- nixos/modules/services/networking/prosody.nix | 2 +- nixos/modules/services/networking/prosody.xml | 8 +-- .../modules/services/networking/yggdrasil.nix | 2 +- nixos/modules/services/web-apps/discourse.nix | 2 +- nixos/modules/services/web-apps/discourse.xml | 26 +++++----- nixos/modules/services/web-apps/grocy.nix | 2 +- nixos/modules/services/web-apps/grocy.xml | 2 +- .../modules/services/web-apps/jitsi-meet.nix | 2 +- .../modules/services/web-apps/jitsi-meet.xml | 2 +- nixos/modules/services/web-apps/keycloak.nix | 2 +- nixos/modules/services/web-apps/keycloak.xml | 6 +-- .../modules/services/web-apps/matomo-doc.xml | 6 +-- nixos/modules/services/web-apps/matomo.nix | 2 +- nixos/modules/services/web-apps/nextcloud.nix | 2 +- nixos/modules/services/web-apps/nextcloud.xml | 50 +++++++++---------- nixos/modules/services/web-apps/plausible.nix | 2 +- .../services/web-servers/garage-doc.xml | 20 ++++---- nixos/modules/services/web-servers/garage.nix | 2 +- .../services/x11/desktop-managers/gnome.nix | 2 +- .../x11/desktop-managers/pantheon.nix | 2 +- .../x11/desktop-managers/pantheon.xml | 10 ++-- 55 files changed, 162 insertions(+), 163 deletions(-) diff --git a/nixos/modules/i18n/input-method/default.nix b/nixos/modules/i18n/input-method/default.nix index 987e5be2833..3fa1f4c643d 100644 --- a/nixos/modules/i18n/input-method/default.nix +++ b/nixos/modules/i18n/input-method/default.nix @@ -67,7 +67,7 @@ in meta = { maintainers = with lib.maintainers; [ ericsagnes ]; # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc default.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > default.xml` + # `pandoc default.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > default.xml` doc = ./default.xml; }; diff --git a/nixos/modules/i18n/input-method/default.xml b/nixos/modules/i18n/input-method/default.xml index c6fda9a7c57..23295211980 100644 --- a/nixos/modules/i18n/input-method/default.xml +++ b/nixos/modules/i18n/input-method/default.xml @@ -114,7 +114,7 @@ ibus.engines = with pkgs.ibus-engines; [ table table-others ]; To use any input method, the package must be added in the configuration, as shown above, and also (after running nixos-rebuild) the input method must be added - from IBus' preference dialog. + from IBus’ preference dialog.
Troubleshooting @@ -221,7 +221,7 @@ i18n.inputMethod = {
Uim - Uim (short for "universal input method") is a + Uim (short for universal input method) is a multilingual input method framework. Applications can use it through so-called bridges. @@ -244,7 +244,7 @@ i18n.inputMethod = { Hime is an extremely easy-to-use input method framework. It is lightweight, stable, powerful and supports many commonly used input methods, including Cangjie, Zhuyin, Dayi, Rank, Shrimp, - Greek, Korean Pinyin, Latin Alphabet, etc... + Greek, Korean Pinyin, Latin Alphabet, etc… The following snippet can be used to configure Hime: @@ -258,7 +258,7 @@ i18n.inputMethod = {
Kime - Kime is Korean IME. it's built with Rust language and let you get + Kime is Korean IME. it’s built with Rust language and let you get simple, safe, fast Korean typing diff --git a/nixos/modules/programs/digitalbitbox/default.nix b/nixos/modules/programs/digitalbitbox/default.nix index 38420df3d9e..2aaa307782d 100644 --- a/nixos/modules/programs/digitalbitbox/default.nix +++ b/nixos/modules/programs/digitalbitbox/default.nix @@ -34,7 +34,7 @@ in meta = { # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc doc.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart > doc.xml` + # `pandoc doc.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart > doc.xml` doc = ./doc.xml; maintainers = with lib.maintainers; [ vidbina ]; }; diff --git a/nixos/modules/programs/plotinus.nix b/nixos/modules/programs/plotinus.nix index 161dda576c3..3f7bbba42b9 100644 --- a/nixos/modules/programs/plotinus.nix +++ b/nixos/modules/programs/plotinus.nix @@ -9,7 +9,7 @@ in meta = { maintainers = pkgs.plotinus.meta.maintainers; # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc plotinus.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > plotinus.xml` + # `pandoc plotinus.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > plotinus.xml` doc = ./plotinus.xml; }; diff --git a/nixos/modules/programs/zsh/oh-my-zsh.nix b/nixos/modules/programs/zsh/oh-my-zsh.nix index 88b293bdfc6..7a8fd88414a 100644 --- a/nixos/modules/programs/zsh/oh-my-zsh.nix +++ b/nixos/modules/programs/zsh/oh-my-zsh.nix @@ -143,6 +143,6 @@ in }; # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc oh-my-zsh.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > oh-my-zsh.xml` + # `pandoc oh-my-zsh.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > oh-my-zsh.xml` meta.doc = ./oh-my-zsh.xml; } diff --git a/nixos/modules/programs/zsh/oh-my-zsh.xml b/nixos/modules/programs/zsh/oh-my-zsh.xml index c20659e83cc..6125ba1488a 100644 --- a/nixos/modules/programs/zsh/oh-my-zsh.xml +++ b/nixos/modules/programs/zsh/oh-my-zsh.xml @@ -63,7 +63,7 @@ Rather than using a single mutable path for - ZSH_CUSTOM, it's also possible to generate this + ZSH_CUSTOM, it’s also possible to generate this path from a list of Nix packages: @@ -93,7 +93,7 @@
Package your own customizations - If third-party customizations (e.g. new themes) are supposed to be + If third-party customizations (e.g. new themes) are supposed to be added to oh-my-zsh there are several pitfalls to keep in mind: diff --git a/nixos/modules/security/acme/default.nix b/nixos/modules/security/acme/default.nix index 3be78084b95..dfa3742dacc 100644 --- a/nixos/modules/security/acme/default.nix +++ b/nixos/modules/security/acme/default.nix @@ -917,7 +917,7 @@ in { meta = { maintainers = lib.teams.acme.members; # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc doc.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > doc.xml` + # `pandoc doc.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > doc.xml` doc = ./doc.xml; }; } diff --git a/nixos/modules/security/acme/doc.xml b/nixos/modules/security/acme/doc.xml index c21f802caf4..42c73300d8b 100644 --- a/nixos/modules/security/acme/doc.xml +++ b/nixos/modules/security/acme/doc.xml @@ -3,7 +3,7 @@ NixOS supports automatic domain validation & certificate retrieval and renewal using the ACME protocol. Any provider can be - used, but by default NixOS uses Let's Encrypt. The alternative ACME + used, but by default NixOS uses Let’s Encrypt. The alternative ACME client lego is used under the hood. @@ -17,15 +17,15 @@
Prerequisites - To use the ACME module, you must accept the provider's terms of + To use the ACME module, you must accept the provider’s terms of service by setting to - true. The Let's Encrypt ToS can be found + true. The Let’s Encrypt ToS can be found here. You must also set an email address to be used when creating - accounts with Let's Encrypt. You can set this for all certs with + accounts with Let’s Encrypt. You can set this for all certs with and/or on a per-cert basis with . This @@ -93,7 +93,7 @@ services.nginx = { Using ACME certificates with Apache virtual hosts is identical to using them with Nginx. The attribute names are all the same, just - replace "nginx" with "httpd" where + replace nginx with httpd where appropriate.
@@ -257,7 +257,7 @@ systemd.services.dns-rfc2136-conf = { }; - Now you're all set to generate certs! You should monitor the first + Now you’re all set to generate certs! You should monitor the first invocation by running systemctl start acme-example.com.service & journalctl -fu acme-example.com.service and watching its log output. @@ -270,15 +270,14 @@ systemd.services.dns-rfc2136-conf = { including those automatically configured via the Nginx/Apache enableACME option. This configuration pattern is fully supported and part of - the module's test suite for Nginx + Apache. + the module’s test suite for Nginx + Apache. You must follow the guide above on configuring DNS-01 validation first, however instead of setting the options for one certificate - (e.g. - ) - you will set them as defaults (e.g. - ). + (e.g. ) + you will set them as defaults + (e.g. ). # Configure ACME appropriately @@ -304,7 +303,7 @@ services.nginx = { } - And that's it! Next time your configuration is rebuilt, or when + And that’s it! Next time your configuration is rebuilt, or when you add a new virtualHost, it will be DNS-01 validated.
@@ -316,7 +315,7 @@ services.nginx = { are not owned by root. PostgreSQL and OpenSMTPD are examples of these. There is no way to change the user the ACME module uses (it will always be acme), however you can use - systemd's LoadCredential feature to resolve + systemd’s LoadCredential feature to resolve this elegantly. Below is an example configuration for OpenSMTPD, but this pattern can be applied to any service. @@ -360,7 +359,7 @@ in { Regenerating certificates Should you need to regenerate a particular certificate in a hurry, - such as when a vulnerability is found in Let's Encrypt, there is + such as when a vulnerability is found in Let’s Encrypt, there is now a convenient mechanism for doing so. Running systemctl clean --what=state acme-example.com.service will remove all certificate files and the account data for the diff --git a/nixos/modules/services/backup/borgbackup.nix b/nixos/modules/services/backup/borgbackup.nix index 6c79cc601c6..bb037fc13ee 100644 --- a/nixos/modules/services/backup/borgbackup.nix +++ b/nixos/modules/services/backup/borgbackup.nix @@ -227,7 +227,7 @@ let in { meta.maintainers = with maintainers; [ dotlambda ]; # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc borgbackup.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > borgbackup.xml` + # `pandoc borgbackup.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > borgbackup.xml` meta.doc = ./borgbackup.xml; ###### interface diff --git a/nixos/modules/services/backup/borgbackup.xml b/nixos/modules/services/backup/borgbackup.xml index 26ba6b1e63c..1c1233b1124 100644 --- a/nixos/modules/services/backup/borgbackup.xml +++ b/nixos/modules/services/backup/borgbackup.xml @@ -200,7 +200,7 @@ sudo borg init --encryption=repokey-blake2 \ protect your data from disk failure, ransomware and theft. - It can be installed in NixOS e.g. by adding + It can be installed in NixOS e.g. by adding pkgs.vorta to . diff --git a/nixos/modules/services/databases/foundationdb.nix b/nixos/modules/services/databases/foundationdb.nix index fdfe5a28f31..0cdb832e4bc 100644 --- a/nixos/modules/services/databases/foundationdb.nix +++ b/nixos/modules/services/databases/foundationdb.nix @@ -425,7 +425,7 @@ in }; # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc foundationdb.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > foundationdb.xml` + # `pandoc foundationdb.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > foundationdb.xml` meta.doc = ./foundationdb.xml; meta.maintainers = with lib.maintainers; [ thoughtpolice ]; } diff --git a/nixos/modules/services/databases/foundationdb.xml b/nixos/modules/services/databases/foundationdb.xml index ae7a6dae955..e65458779d1 100644 --- a/nixos/modules/services/databases/foundationdb.xml +++ b/nixos/modules/services/databases/foundationdb.xml @@ -15,7 +15,7 @@ Available version(s): 5.1.x, 5.2.x, 6.0.x - FoundationDB (or "FDB") is an open source, distributed, + FoundationDB (or FDB) is an open source, distributed, transactional key-value store.
@@ -115,8 +115,8 @@ a@link> SSD-storage based database for development and basic usage. This storage engine is designed for SSDs and will perform poorly on HDDs; however it can handle far more data than the alternative - "memory" engine and is a better default choice for most - deployments. (Note that you can change the storage backend + memory engine and is a better default choice for + most deployments. (Note that you can change the storage backend on-the-fly for a given FoundationDB cluster using fdbcli.) @@ -151,7 +151,7 @@ services.foundationdb.dataDir = "/data/fdb"; FoundationDB worker processes typically require 4GB of RAM per-process at minimum for good performance, so this option is set - to 1 by default since the maximum amount of RAM is unknown. You're + to 1 by default since the maximum amount of RAM is unknown. You’re advised to abide by this restriction, so pick a number of processes so that each has 4GB or more. @@ -282,7 +282,7 @@ fdbcli> coordinators auto FoundationDB uses a pluggable design to transport security, and out of the box it supports a LibreSSL-based plugin for TLS support. This plugin not only does in-flight encryption, but also - performs client authorization based on the given endpoint's + performs client authorization based on the given endpoint’s certificate chain. For example, a FoundationDB server may be configured to only accept client connections over TLS, where the client TLS certificate is from organization Acme @@ -303,7 +303,7 @@ fdbcli> coordinators auto After you have a key and certificate file in place, it is not - enough to simply set the NixOS module options -- you must also + enough to simply set the NixOS module options – you must also configure the fdb.cluster file to specify that a given set of coordinators use TLS. This is as simple as adding the suffix :tls to your cluster coordinator @@ -333,7 +333,7 @@ XXXXXX:XXXXXX@127.0.0.1:4500:tls However, a side effect of this is that the - fdbbackup command doesn't work properly for + fdbbackup command doesn’t work properly for local filesystem backups: FoundationDB uses a server process alongside the database processes to perform backups and copy the backups to the filesystem. As a result, this process is put under @@ -403,7 +403,7 @@ $ sudo -u foundationdb fdbbackup status -t default
Options - NixOS's FoundationDB module allows you to configure all of the + NixOS’s FoundationDB module allows you to configure all of the most relevant configuration options for fdbmonitor, matching it quite closely. A complete list of options for the FoundationDB module may be found diff --git a/nixos/modules/services/databases/postgresql.nix b/nixos/modules/services/databases/postgresql.nix index b390199a851..9a9a083b7c3 100644 --- a/nixos/modules/services/databases/postgresql.nix +++ b/nixos/modules/services/databases/postgresql.nix @@ -586,7 +586,7 @@ in }; # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc postgresql.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > postgresql.xml` + # `pandoc postgresql.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > postgresql.xml` meta.doc = ./postgresql.xml; meta.maintainers = with lib.maintainers; [ thoughtpolice danbst ]; } diff --git a/nixos/modules/services/databases/postgresql.xml b/nixos/modules/services/databases/postgresql.xml index 4cb0dc929c6..7ca03264e36 100644 --- a/nixos/modules/services/databases/postgresql.xml +++ b/nixos/modules/services/databases/postgresql.xml @@ -23,7 +23,7 @@ services.postgresql.package = pkgs.postgresql_11; Note that you are required to specify the desired version of - PostgreSQL (e.g. pkgs.postgresql_11). Since + PostgreSQL (e.g. pkgs.postgresql_11). Since upgrading your PostgreSQL version requires a database dump and reload (see below), NixOS cannot provide a default value for such as @@ -51,7 +51,7 @@ services.postgresql.dataDir = "/data/postgresql"; Major PostgreSQL upgrades require a downtime and a few imperative steps to be called. This is the case because each major version - has some internal changes in the databases' state during major + has some internal changes in the databases’ state during major releases. Because of that, NixOS places the state into /var/lib/postgresql/<version> where each version can be obtained like this: @@ -138,7 +138,7 @@ $ nix-instantiate --eval -A postgresql_13.psqlSchema - After the upgrade it's advisable to analyze the new cluster. + After the upgrade it’s advisable to analyze the new cluster. @@ -228,7 +228,7 @@ self: super: { } - Here's a recipe on how to override a particular plugin through an + Here’s a recipe on how to override a particular plugin through an overlay: diff --git a/nixos/modules/services/editors/emacs.nix b/nixos/modules/services/editors/emacs.nix index b4f447757e7..d30fd07577c 100644 --- a/nixos/modules/services/editors/emacs.nix +++ b/nixos/modules/services/editors/emacs.nix @@ -100,6 +100,6 @@ in }; # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc emacs.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > emacs.xml` + # `pandoc emacs.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > emacs.xml` meta.doc = ./emacs.xml; } diff --git a/nixos/modules/services/hardware/trezord.nix b/nixos/modules/services/hardware/trezord.nix index 014ba9164d4..708f02fafc2 100644 --- a/nixos/modules/services/hardware/trezord.nix +++ b/nixos/modules/services/hardware/trezord.nix @@ -9,7 +9,7 @@ in { meta = { # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc trezord.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > trezord.xml` + # `pandoc trezord.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > trezord.xml` doc = ./trezord.xml; }; diff --git a/nixos/modules/services/mail/mailman.nix b/nixos/modules/services/mail/mailman.nix index cc072505c3c..622efd87e7b 100644 --- a/nixos/modules/services/mail/mailman.nix +++ b/nixos/modules/services/mail/mailman.nix @@ -643,7 +643,7 @@ in { meta = { maintainers = with lib.maintainers; [ lheckemann qyliss ma27 ]; # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc mailman.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > mailman.xml` + # `pandoc mailman.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > mailman.xml` doc = ./mailman.xml; }; diff --git a/nixos/modules/services/mail/mailman.xml b/nixos/modules/services/mail/mailman.xml index 115f3225333..04f6d202056 100644 --- a/nixos/modules/services/mail/mailman.xml +++ b/nixos/modules/services/mail/mailman.xml @@ -61,7 +61,7 @@ up, the Postorius mailing list manager and the Hyperkitty archive browser will be available at https://lists.example.org/. Note that this setup is not sufficient to deliver emails to most email - providers nor to avoid spam -- a number of additional measures for + providers nor to avoid spam – a number of additional measures for authenticating incoming and outgoing mails, such as SPF, DMARC and DKIM are necessary, but outside the scope of the Mailman module. @@ -100,7 +100,7 @@ The exim config needs some special additions to work with Mailman. - Currently NixOS can't manage Exim config with such granularity. + Currently NixOS can’t manage Exim config with such granularity. Please refer to Mailman documentation for more info on configuring Mailman for diff --git a/nixos/modules/services/matrix/mjolnir.nix b/nixos/modules/services/matrix/mjolnir.nix index 26d5914151c..372b8ced1c2 100644 --- a/nixos/modules/services/matrix/mjolnir.nix +++ b/nixos/modules/services/matrix/mjolnir.nix @@ -237,7 +237,7 @@ in meta = { # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc mjolnir.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > mjolnir.xml` + # `pandoc mjolnir.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > mjolnir.xml` doc = ./mjolnir.xml; maintainers = with maintainers; [ jojosch ]; }; diff --git a/nixos/modules/services/matrix/mjolnir.xml b/nixos/modules/services/matrix/mjolnir.xml index 34a6767c476..2d2d5d3d9e2 100644 --- a/nixos/modules/services/matrix/mjolnir.xml +++ b/nixos/modules/services/matrix/mjolnir.xml @@ -7,7 +7,7 @@ As an all-in-one moderation tool, it can protect your server from - malicious invites, spam messages, and whatever else you don't want. + malicious invites, spam messages, and whatever else you don’t want. In addition to server-level protection, Mjolnir is great for communities wanting to protect their rooms without having to use their personal accounts for moderation. @@ -21,7 +21,7 @@ See the README page and the - Moderator's + Moderator’s guide for additional instructions on how to setup and use Mjolnir. @@ -36,7 +36,7 @@ First create a new Room which will be used as a management room for Mjolnir. In this room, Mjolnir will log possible errors and - debugging information. You'll need to set this Room-ID in + debugging information. You’ll need to set this Room-ID in services.mjolnir.managementRoom. @@ -51,7 +51,7 @@ If you want Mjolnir to be able to deactivate users, move room - aliases, shutdown rooms, etc. you'll need to make the Mjolnir user + aliases, shutdown rooms, etc. you’ll need to make the Mjolnir user a Matrix server admin. @@ -93,10 +93,10 @@ Element Matrix Services (EMS) If you are using a managed - "Element Matrix - Services (EMS)" server, you will need to consent to - the terms and conditions. Upon startup, an error log entry with - a URL to the consent page will be generated. + Element Matrix + Services (EMS) server, you will need to consent + to the terms and conditions. Upon startup, an error log entry + with a URL to the consent page will be generated.
diff --git a/nixos/modules/services/matrix/synapse.nix b/nixos/modules/services/matrix/synapse.nix index 154b4aca786..4f87744f8cc 100644 --- a/nixos/modules/services/matrix/synapse.nix +++ b/nixos/modules/services/matrix/synapse.nix @@ -802,7 +802,7 @@ in { meta = { buildDocsInSandbox = false; # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc synapse.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > synapse.xml` + # `pandoc synapse.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > synapse.xml` doc = ./synapse.xml; maintainers = teams.matrix.members; }; diff --git a/nixos/modules/services/matrix/synapse.xml b/nixos/modules/services/matrix/synapse.xml index 2d5eabfd11d..822f2c324ad 100644 --- a/nixos/modules/services/matrix/synapse.xml +++ b/nixos/modules/services/matrix/synapse.xml @@ -152,7 +152,7 @@ Success! When using , - the secret will end up in the world-readable store. Instead it's + the secret will end up in the world-readable store. Instead it’s recommended to deploy the secret in an additional file like this: @@ -173,9 +173,9 @@ registration_shared_secret: your-very-secret-secret nixops1 or sops-nix - to e.g. - /run/secrets/matrix-shared-secret and - ensure that it's readable by + to + e.g. /run/secrets/matrix-shared-secret + and ensure that it’s readable by matrix-synapse. @@ -195,7 +195,7 @@ registration_shared_secret: your-very-secret-secret - It's also possible to user alternative authentication mechanism + It’s also possible to user alternative authentication mechanism such as LDAP (via matrix-synapse-ldap3) or diff --git a/nixos/modules/services/misc/gitlab.nix b/nixos/modules/services/misc/gitlab.nix index d5dfc22dc22..c5eed5960e5 100644 --- a/nixos/modules/services/misc/gitlab.nix +++ b/nixos/modules/services/misc/gitlab.nix @@ -1503,7 +1503,7 @@ in { }; # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc gitlab.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > gitlab.xml` + # `pandoc gitlab.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > gitlab.xml` meta.doc = ./gitlab.xml; } diff --git a/nixos/modules/services/misc/gitlab.xml b/nixos/modules/services/misc/gitlab.xml index 42e26afa824..c2c4dc895e9 100644 --- a/nixos/modules/services/misc/gitlab.xml +++ b/nixos/modules/services/misc/gitlab.xml @@ -78,13 +78,13 @@ services.gitlab = { }; - If you're setting up a new GitLab instance, generate new secrets. + If you’re setting up a new GitLab instance, generate new secrets. You for instance use tr -dc A-Za-z0-9 < /dev/urandom | head -c 128 > /var/keys/gitlab/db to generate a new db secret. Make sure the files can be read by, and only by, the user specified by services.gitlab.user. - GitLab encrypts sensitive data stored in the database. If you're + GitLab encrypts sensitive data stored in the database. If you’re restoring an existing GitLab instance, you must specify the secrets secret from config/secrets.yml located in your GitLab state folder. @@ -125,7 +125,7 @@ $ systemctl start gitlab-backup.service
Rake tasks - You can run GitLab's rake tasks with + You can run GitLab’s rake tasks with gitlab-rake which will be available on the system when GitLab is enabled. You will have to run the command as the user that you configured to run GitLab with. diff --git a/nixos/modules/services/misc/sourcehut/default.nix b/nixos/modules/services/misc/sourcehut/default.nix index da3bf069813..c95761bbe97 100644 --- a/nixos/modules/services/misc/sourcehut/default.nix +++ b/nixos/modules/services/misc/sourcehut/default.nix @@ -1391,7 +1391,7 @@ in ]; # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc sourcehut.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > sourcehut.xml` + # `pandoc sourcehut.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > sourcehut.xml` meta.doc = ./sourcehut.xml; meta.maintainers = with maintainers; [ tomberek ]; } diff --git a/nixos/modules/services/misc/sourcehut/sourcehut.xml b/nixos/modules/services/misc/sourcehut/sourcehut.xml index 883b6f01ef8..d54a9c74417 100644 --- a/nixos/modules/services/misc/sourcehut/sourcehut.xml +++ b/nixos/modules/services/misc/sourcehut/sourcehut.xml @@ -97,12 +97,12 @@ in {
- Using an alternative webserver as reverse-proxy (e.g. - <literal>httpd</literal>) + Using an alternative webserver as reverse-proxy + (e.g. <literal>httpd</literal>) By default, nginx is used as reverse-proxy for - sourcehut. However, it's possible to use e.g. - httpd by explicitly disabling + sourcehut. However, it’s possible to use + e.g. httpd by explicitly disabling nginx using and fixing the settings. diff --git a/nixos/modules/services/misc/taskserver/default.nix b/nixos/modules/services/misc/taskserver/default.nix index c39cde81061..9a97d236452 100644 --- a/nixos/modules/services/misc/taskserver/default.nix +++ b/nixos/modules/services/misc/taskserver/default.nix @@ -567,6 +567,6 @@ in { ]; # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc doc.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > doc.xml` + # `pandoc doc.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > doc.xml` meta.doc = ./doc.xml; } diff --git a/nixos/modules/services/misc/taskserver/doc.xml b/nixos/modules/services/misc/taskserver/doc.xml index fb7c7be99fe..06ec397661a 100644 --- a/nixos/modules/services/misc/taskserver/doc.xml +++ b/nixos/modules/services/misc/taskserver/doc.xml @@ -16,7 +16,7 @@ certificates, so you either need to roll your own CA or purchase a certificate from a known CA, which allows creation of client certificates. These certificates are usually advertised as - "server certificates". + server certificates. So in order to make it easier to handle your own CA, there is a @@ -54,7 +54,7 @@ For example if you add a new organisation using nixos-taskserver org add foo, the organisation is not modified and deleted no matter what you define in - , even if you're + , even if you’re adding the same organisation in that option. @@ -80,7 +80,7 @@ client machine. - For example, let's say you have the following configuration: + For example, let’s say you have the following configuration: { @@ -121,7 +121,7 @@ $ ssh server nixos-taskserver user export my-company alice | sh If you set any options within service.taskserver.pki.manual.*, - nixos-taskserver won't issue certificates, but + nixos-taskserver won’t issue certificates, but you can still use it for adding or removing user accounts.
diff --git a/nixos/modules/services/monitoring/prometheus/exporters.nix b/nixos/modules/services/monitoring/prometheus/exporters.nix index e14eb51e704..e9401334352 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters.nix @@ -324,7 +324,7 @@ in meta = { # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc exporters.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > exporters.xml` + # `pandoc exporters.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > exporters.xml` doc = ./exporters.xml; maintainers = [ maintainers.willibutz ]; }; diff --git a/nixos/modules/services/monitoring/prometheus/exporters.xml b/nixos/modules/services/monitoring/prometheus/exporters.xml index 066903a81b3..f813f3cc39a 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters.xml +++ b/nixos/modules/services/monitoring/prometheus/exporters.xml @@ -11,7 +11,7 @@ One of the most common exporters is the node exporter, it provides hardware and OS metrics from the host - it's running on. The exporter could be configured as follows: + it’s running on. The exporter could be configured as follows: services.prometheus.exporters.node = { @@ -34,7 +34,7 @@ enabled by default, via http under /metrics. In this example the firewall should just allow incoming connections - to the exporter's port on the bridge interface + to the exporter’s port on the bridge interface br0 (this would have to be configured separately of course). For more information about configuration see man configuration.nix or search through the @@ -194,9 +194,9 @@ in This should already be enough for the postfix exporter. Additionally one could now add assertions and conditional - default values. This can be done in the 'meta-module' that - combines all exporter definitions and generates the - submodules: + default values. This can be done in the + meta-module that combines all exporter + definitions and generates the submodules: nixpkgs/nixos/modules/services/prometheus/exporters.nix diff --git a/nixos/modules/services/network-filesystems/litestream/default.nix b/nixos/modules/services/network-filesystems/litestream/default.nix index 24ac3130f36..73ef81a0f56 100644 --- a/nixos/modules/services/network-filesystems/litestream/default.nix +++ b/nixos/modules/services/network-filesystems/litestream/default.nix @@ -96,6 +96,6 @@ in }; # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc litestream.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > litestream.xml` + # `pandoc litestream.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > litestream.xml` meta.doc = ./litestream.xml; } diff --git a/nixos/modules/services/network-filesystems/litestream/litestream.xml b/nixos/modules/services/network-filesystems/litestream/litestream.xml index 6ea40c8bf47..0a2cfc3db1e 100644 --- a/nixos/modules/services/network-filesystems/litestream/litestream.xml +++ b/nixos/modules/services/network-filesystems/litestream/litestream.xml @@ -9,7 +9,7 @@ Litestream service is managed by a dedicated user named litestream which needs permission to the - database file. Here's an example config which gives required + database file. Here’s an example config which gives required permissions to access grafana database: diff --git a/nixos/modules/services/networking/pleroma.nix b/nixos/modules/services/networking/pleroma.nix index d4d659a41d1..287e189e2fe 100644 --- a/nixos/modules/services/networking/pleroma.nix +++ b/nixos/modules/services/networking/pleroma.nix @@ -148,6 +148,6 @@ in { }; meta.maintainers = with lib.maintainers; [ ninjatrappeur ]; # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc pleroma.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > pleroma.xml` + # `pandoc pleroma.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > pleroma.xml` meta.doc = ./pleroma.xml; } diff --git a/nixos/modules/services/networking/pleroma.xml b/nixos/modules/services/networking/pleroma.xml index 5014ac644f7..9a29512d363 100644 --- a/nixos/modules/services/networking/pleroma.xml +++ b/nixos/modules/services/networking/pleroma.xml @@ -136,7 +136,7 @@ config :web_push_encryption, :vapid_details, Note that the lines of the same configuration group are comma - separated (i.e. all the lines end with a comma, except the last + separated (i.e. all the lines end with a comma, except the last one), so when the lines with passwords are added or removed, commas must be adjusted accordingly. @@ -179,7 +179,7 @@ $ pleroma_ctl user new <nickname> <email> --admin --moderator --pas 4000. Nginx can be configured as a Reverse Proxy, for forwarding requests from public ports to the Pleroma service. This is an example of configuration, using - Let's Encrypt + Let’s Encrypt for the TLS certificates diff --git a/nixos/modules/services/networking/prosody.nix b/nixos/modules/services/networking/prosody.nix index 07d3afa73b1..3c685e30b03 100644 --- a/nixos/modules/services/networking/prosody.nix +++ b/nixos/modules/services/networking/prosody.nix @@ -906,6 +906,6 @@ in }; # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc prosody.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > prosody.xml` + # `pandoc prosody.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > prosody.xml` meta.doc = ./prosody.xml; } diff --git a/nixos/modules/services/networking/prosody.xml b/nixos/modules/services/networking/prosody.xml index 32b5dc8c129..2323f7596df 100644 --- a/nixos/modules/services/networking/prosody.xml +++ b/nixos/modules/services/networking/prosody.xml @@ -24,7 +24,7 @@ Multi User Chat (MUC) and the HTTP - File Upload ones. You'll need to create a DNS subdomain for + File Upload ones. You’ll need to create a DNS subdomain for each of those. The current convention is to name your MUC endpoint conference.example.org and your HTTP upload domain upload.example.org. @@ -58,18 +58,18 @@ services.prosody = {
- Let's Encrypt Configuration + Let’s Encrypt Configuration As you can see in the code snippet from the previous - section, you'll need a single TLS certificate covering your + section, you’ll need a single TLS certificate covering your main endpoint, the MUC one as well as the HTTP Upload one. We can generate such a certificate by leveraging the ACME extraDomainNames module option. - Provided the setup detailed in the previous section, you'll need + Provided the setup detailed in the previous section, you’ll need the following acme configuration to generate a TLS certificate for the three endponits: diff --git a/nixos/modules/services/networking/yggdrasil.nix b/nixos/modules/services/networking/yggdrasil.nix index 88ab728fc51..3c3ff4ce3c4 100644 --- a/nixos/modules/services/networking/yggdrasil.nix +++ b/nixos/modules/services/networking/yggdrasil.nix @@ -194,7 +194,7 @@ in { }); meta = { # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc yggdrasil.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > yggdrasil.xml` + # `pandoc yggdrasil.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > yggdrasil.xml` doc = ./yggdrasil.xml; maintainers = with lib.maintainers; [ gazally ehmry ]; }; diff --git a/nixos/modules/services/web-apps/discourse.nix b/nixos/modules/services/web-apps/discourse.nix index 834e0f12340..2796ba8c379 100644 --- a/nixos/modules/services/web-apps/discourse.nix +++ b/nixos/modules/services/web-apps/discourse.nix @@ -1081,7 +1081,7 @@ in }; # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc discourse.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > discourse.xml` + # `pandoc discourse.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > discourse.xml` meta.doc = ./discourse.xml; meta.maintainers = [ lib.maintainers.talyz ]; } diff --git a/nixos/modules/services/web-apps/discourse.xml b/nixos/modules/services/web-apps/discourse.xml index c33cf7eaf73..1aec160b7b4 100644 --- a/nixos/modules/services/web-apps/discourse.xml +++ b/nixos/modules/services/web-apps/discourse.xml @@ -7,7 +7,7 @@
Basic usage - A minimal configuration using Let's Encrypt for TLS certificates + A minimal configuration using Let’s Encrypt for TLS certificates looks like this: @@ -26,7 +26,7 @@ security.acme.email = "me@example.com"; security.acme.acceptTerms = true; - Provided a proper DNS setup, you'll be able to connect to the + Provided a proper DNS setup, you’ll be able to connect to the instance at discourse.example.com and log in using the credentials provided in services.discourse.admin. @@ -82,7 +82,7 @@ services.discourse = {
Email - In addition to the basic setup, you'll want to configure an SMTP + In addition to the basic setup, you’ll want to configure an SMTP server Discourse can use to send user registration and password reset emails, among others. You can also optionally let Discourse receive email, which enables people to reply to threads and @@ -116,11 +116,11 @@ services.discourse = { }; - This assumes you have set up an MX record for the address you've + This assumes you have set up an MX record for the address you’ve set in hostname and requires proper SPF, DKIM and DMARC configuration to be done - for the domain you're sending from, in order for email to be + for the domain you’re sending from, in order for email to be reliably delivered. @@ -135,7 +135,7 @@ services.discourse = { Setup of TLS for incoming email is currently only configured - automatically when a regular TLS certificate is used, i.e. when + automatically when a regular TLS certificate is used, i.e. when and @@ -155,18 +155,18 @@ services.discourse = {
Site settings - "Site settings" are the settings that can be changed - through the Discourse UI. Their default - values can be set using + Site settings are the settings that can be + changed through the Discourse UI. Their + default values can be set using . Settings are expressed as a Nix attribute set which matches the structure of the configuration in config/site_settings.yml. - To find a setting's path, you only need to care about the first - two levels; i.e. its category (e.g. login) - and name (e.g. invite_only). + To find a setting’s path, you only need to care about the first + two levels; i.e. its category (e.g. login) + and name (e.g. invite_only). Settings containing secret data should be set to an attribute @@ -263,7 +263,7 @@ services.discourse = { Developing with Ruby section of the Nixpkgs manual and the appropriate gem options set in bundlerEnvArgs (normally - gemdir is sufficient). A plugin's Ruby + gemdir is sufficient). A plugin’s Ruby dependencies are listed in its plugin.rb file as function calls to gem. To construct the corresponding Gemfile manually, run diff --git a/nixos/modules/services/web-apps/grocy.nix b/nixos/modules/services/web-apps/grocy.nix index 1716f27ccad..187eed8f0c8 100644 --- a/nixos/modules/services/web-apps/grocy.nix +++ b/nixos/modules/services/web-apps/grocy.nix @@ -168,7 +168,7 @@ in { meta = { maintainers = with maintainers; [ ma27 ]; # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc grocy.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > grocy.xml` + # `pandoc grocy.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > grocy.xml` doc = ./grocy.xml; }; } diff --git a/nixos/modules/services/web-apps/grocy.xml b/nixos/modules/services/web-apps/grocy.xml index b02627aaafe..5a0e043ea4d 100644 --- a/nixos/modules/services/web-apps/grocy.xml +++ b/nixos/modules/services/web-apps/grocy.xml @@ -29,7 +29,7 @@ credentials admin:admin can be used to login. - The application's state is persisted at + The application’s state is persisted at /var/lib/grocy/grocy.db in a sqlite3 database. The migration is applied when requesting the /-route of the application. diff --git a/nixos/modules/services/web-apps/jitsi-meet.nix b/nixos/modules/services/web-apps/jitsi-meet.nix index 19ac9427f4a..2c2d5f21319 100644 --- a/nixos/modules/services/web-apps/jitsi-meet.nix +++ b/nixos/modules/services/web-apps/jitsi-meet.nix @@ -452,7 +452,7 @@ in }; # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc jitsi-meet.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > jitsi-meet.xml` + # `pandoc jitsi-meet.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > jitsi-meet.xml` meta.doc = ./jitsi-meet.xml; meta.maintainers = lib.teams.jitsi.members; } diff --git a/nixos/modules/services/web-apps/jitsi-meet.xml b/nixos/modules/services/web-apps/jitsi-meet.xml index 18c4e5b52cc..f5cfadf89df 100644 --- a/nixos/modules/services/web-apps/jitsi-meet.xml +++ b/nixos/modules/services/web-apps/jitsi-meet.xml @@ -7,7 +7,7 @@
Basic usage - A minimal configuration using Let's Encrypt for TLS certificates + A minimal configuration using Let’s Encrypt for TLS certificates looks like this: diff --git a/nixos/modules/services/web-apps/keycloak.nix b/nixos/modules/services/web-apps/keycloak.nix index a1f13f159f9..8d7f046aa11 100644 --- a/nixos/modules/services/web-apps/keycloak.nix +++ b/nixos/modules/services/web-apps/keycloak.nix @@ -675,7 +675,7 @@ in }; # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc keycloak.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > keycloak.xml` + # `pandoc keycloak.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > keycloak.xml` meta.doc = ./keycloak.xml; meta.maintainers = [ maintainers.talyz ]; } diff --git a/nixos/modules/services/web-apps/keycloak.xml b/nixos/modules/services/web-apps/keycloak.xml index f6602a3c70d..a15cd9a4188 100644 --- a/nixos/modules/services/web-apps/keycloak.xml +++ b/nixos/modules/services/web-apps/keycloak.xml @@ -76,8 +76,8 @@ - If you're migrating an old Wildfly based Keycloak instance and - want to keep compatibility with your current clients, you'll + If you’re migrating an old Wildfly based Keycloak instance and + want to keep compatibility with your current clients, you’ll likely want to set to /auth. See the option description for more @@ -102,7 +102,7 @@
Setting up TLS/SSL - By default, Keycloak won't accept unsecured HTTP connections + By default, Keycloak won’t accept unsecured HTTP connections originating from outside its local network. diff --git a/nixos/modules/services/web-apps/matomo-doc.xml b/nixos/modules/services/web-apps/matomo-doc.xml index af445a9e627..0254d978698 100644 --- a/nixos/modules/services/web-apps/matomo-doc.xml +++ b/nixos/modules/services/web-apps/matomo-doc.xml @@ -41,8 +41,8 @@ GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost'; https://mariadb.com/kb/en/mariadb/unix_socket-authentication-plugin/. - Of course, you can use password based authentication as well, e.g. - when the database is not on the same host. + Of course, you can use password based authentication as well, + e.g. when the database is not on the same host.
@@ -84,7 +84,7 @@ GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost'; Matomo will warn you that the JavaScript tracker is not - writable. This is because it's located in the read-only nix + writable. This is because it’s located in the read-only nix store. You can safely ignore this, unless you need a plugin that needs JavaScript tracker access. diff --git a/nixos/modules/services/web-apps/matomo.nix b/nixos/modules/services/web-apps/matomo.nix index fcc5dc5650e..eb204eb3f3d 100644 --- a/nixos/modules/services/web-apps/matomo.nix +++ b/nixos/modules/services/web-apps/matomo.nix @@ -326,7 +326,7 @@ in { meta = { # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc matomo-doc.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > matomo-doc.xml` + # `pandoc matomo-doc.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > matomo-doc.xml` doc = ./matomo-doc.xml; maintainers = with lib.maintainers; [ florianjacob ]; }; diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix index 58006486564..3d30c712f67 100644 --- a/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -1147,6 +1147,6 @@ in { ]); # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc nextcloud.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > nextcloud.xml` + # `pandoc nextcloud.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > nextcloud.xml` meta.doc = ./nextcloud.xml; } diff --git a/nixos/modules/services/web-apps/nextcloud.xml b/nixos/modules/services/web-apps/nextcloud.xml index 7d4b074514c..0998f29bac2 100644 --- a/nixos/modules/services/web-apps/nextcloud.xml +++ b/nixos/modules/services/web-apps/nextcloud.xml @@ -19,7 +19,7 @@ (services.nextcloud optionally supports services.nginx) - and a database (it's recommended to use + and a database (it’s recommended to use services.postgresql). @@ -67,13 +67,13 @@ and nginx. The config attribute set is used by the imperative installer and all values are written to an additional file to ensure that changes can be - applied by changing the module's options. + applied by changing the module’s options. In case the application serves multiple domains (those are checked with $_SERVER['HTTP_HOST']) - it's needed to add them to + it’s needed to add them to services.nextcloud.config.extraTrustedDomains. @@ -101,19 +101,19 @@ which is generated by the module and linked from the store to ensure that all values from config.php can be modified by the module. However - config.php manages the application's - state and shouldn't be touched manually because of that. + config.php manages the application’s + state and shouldn’t be touched manually because of that. - Don't delete config.php! This file - tracks the application's state and a deletion can cause + Don’t delete config.php! This file + tracks the application’s state and a deletion can cause unwanted side-effects! - Don't rerun + Don’t rerun nextcloud-occ maintenance:install! This command tries to install the application and can cause unwanted side-effects! @@ -123,8 +123,8 @@ Multiple version upgrades. - Nextcloud doesn't allow to move more than one major-version - forward. E.g., if you're on v16, you cannot + Nextcloud doesn’t allow to move more than one major-version + forward. E.g., if you’re on v16, you cannot upgrade to v18, you need to upgrade to v17 first. This is ensured automatically as long as the @@ -159,7 +159,7 @@ this is most likely because the maintenance mode is active. It can be deactivated by running nextcloud-occ maintenance:mode --off. - It's advisable though to check the logs first on why the + It’s advisable though to check the logs first on why the maintenance mode was activated. @@ -175,8 +175,8 @@ deleting /var/lib/nextcloud/config/config.php. This is the only time advisable because the fresh install - doesn't have any state that can be lost. In case that - doesn't help, an entire re-creation can be forced via + doesn’t have any state that can be lost. In case that + doesn’t help, an entire re-creation can be forced via rm -rf ~nextcloud/. @@ -189,8 +189,8 @@ server-side encryption (SSE). This is not an end-to-end encryption, but can be used to encrypt files that will be persisted to - external storage such as S3. Please note that this won't work - anymore when using OpenSSL 3 for PHP's openssl extension + external storage such as S3. Please note that this won’t work + anymore when using OpenSSL 3 for PHP’s openssl extension because this is implemented using the legacy cipher RC4. If is above 22.05, this is @@ -202,12 +202,12 @@
- Using an alternative webserver as reverse-proxy (e.g. - <literal>httpd</literal>) + Using an alternative webserver as reverse-proxy + (e.g. <literal>httpd</literal>) By default, nginx is used as reverse-proxy for - nextcloud. However, it's possible to use e.g. - httpd by explicitly disabling + nextcloud. However, it’s possible to use + e.g. httpd by explicitly disabling nginx using and fixing the settings listen.owner & @@ -292,12 +292,12 @@ While minor and patch-level updates are no problem and can be done directly in the package-expression (and should be backported to supported stable branches after that), major-releases should be - added in a new attribute (e.g. Nextcloud + added in a new attribute (e.g. Nextcloud v19.0.0 should be available in nixpkgs as pkgs.nextcloud19). To provide simple upgrade - paths it's generally useful to backport those as well to stable - branches. As long as the package-default isn't altered, this won't + paths it’s generally useful to backport those as well to stable + branches. As long as the package-default isn’t altered, this won’t break existing setups. After that, the versioning-warning in the nextcloud-module should be updated to make sure that the @@ -322,9 +322,9 @@ } - Ideally we should make sure that it's possible to jump two NixOS - versions forward: i.e. the warnings and the logic in the module - should guard a user to upgrade from a Nextcloud on e.g. 19.09 to a + Ideally we should make sure that it’s possible to jump two NixOS + versions forward: i.e. the warnings and the logic in the module + should guard a user to upgrade from a Nextcloud on e.g. 19.09 to a Nextcloud on 20.09.
diff --git a/nixos/modules/services/web-apps/plausible.nix b/nixos/modules/services/web-apps/plausible.nix index bbad8152b53..cb46a88cd9f 100644 --- a/nixos/modules/services/web-apps/plausible.nix +++ b/nixos/modules/services/web-apps/plausible.nix @@ -293,6 +293,6 @@ in { meta.maintainers = with maintainers; [ ma27 ]; # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc plausible.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > plausible.xml` + # `pandoc plausible.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > plausible.xml` meta.doc = ./plausible.xml; } diff --git a/nixos/modules/services/web-servers/garage-doc.xml b/nixos/modules/services/web-servers/garage-doc.xml index 36e73e676d3..447a27d2bf8 100644 --- a/nixos/modules/services/web-servers/garage-doc.xml +++ b/nixos/modules/services/web-servers/garage-doc.xml @@ -36,7 +36,7 @@ Until 1.0 is released, patch-level upgrades are considered as minor version upgrades. Minor version upgrades are considered as - major version upgrades. i.e. 0.6 to 0.7 is a major version + major version upgrades. i.e. 0.6 to 0.7 is a major version upgrade. @@ -45,7 +45,7 @@ Straightforward upgrades (patch-level upgrades). Upgrades must be performed one by one, - i.e. for each node, stop it, upgrade it : change + i.e. for each node, stop it, upgrade it : change stateVersion or services.garage.package, restart it if it was not already by switching. @@ -55,7 +55,7 @@ Multiple version upgrades. Garage do not provide any guarantee on moving more than one - major-version forward. E.g., if you're on + major-version forward. E.g., if you’re on 0.7, you cannot upgrade to 0.9. You need to upgrade to 0.8 first. As long as @@ -110,7 +110,7 @@ - Backup the metadata folder of ALL your nodes, e.g. for a + Backup the metadata folder of ALL your nodes, e.g. for a metadata directory (the default one) in /var/lib/garage/meta, you can run pushd /var/lib/garage; tar -acf meta-v0.7.tar.zst meta/; popd. @@ -166,11 +166,11 @@ While patch-level updates are no problem and can be done directly in the package-expression (and should be backported to supported stable branches after that), major-releases should be added in a - new attribute (e.g. Garage v0.8.0 should be + new attribute (e.g. Garage v0.8.0 should be available in nixpkgs as pkgs.garage_0_8_0). To provide simple upgrade - paths it's generally useful to backport those as well to stable - branches. As long as the package-default isn't altered, this won't + paths it’s generally useful to backport those as well to stable + branches. As long as the package-default isn’t altered, this won’t break existing setups. After that, the versioning-warning in the garage-module should be updated to make sure that the @@ -195,9 +195,9 @@ } - Ideally we should make sure that it's possible to jump two NixOS - versions forward: i.e. the warnings and the logic in the module - should guard a user to upgrade from a Garage on e.g. 22.11 to a + Ideally we should make sure that it’s possible to jump two NixOS + versions forward: i.e. the warnings and the logic in the module + should guard a user to upgrade from a Garage on e.g. 22.11 to a Garage on 23.11.
diff --git a/nixos/modules/services/web-servers/garage.nix b/nixos/modules/services/web-servers/garage.nix index eac0edc9d6f..ed5b89f916c 100644 --- a/nixos/modules/services/web-servers/garage.nix +++ b/nixos/modules/services/web-servers/garage.nix @@ -10,7 +10,7 @@ in { meta = { # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc garage-doc.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > garage-doc.xml` + # `pandoc garage-doc.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > garage-doc.xml` doc = ./garage-doc.xml; maintainers = with pkgs.lib.maintainers; [ raitobezarius ]; }; diff --git a/nixos/modules/services/x11/desktop-managers/gnome.nix b/nixos/modules/services/x11/desktop-managers/gnome.nix index 21c3608290c..62535e996bb 100644 --- a/nixos/modules/services/x11/desktop-managers/gnome.nix +++ b/nixos/modules/services/x11/desktop-managers/gnome.nix @@ -67,7 +67,7 @@ in meta = { # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc gnome.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > gnome.xml` + # `pandoc gnome.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > gnome.xml` doc = ./gnome.xml; maintainers = teams.gnome.members; }; diff --git a/nixos/modules/services/x11/desktop-managers/pantheon.nix b/nixos/modules/services/x11/desktop-managers/pantheon.nix index 25d5d861294..14a03c0408e 100644 --- a/nixos/modules/services/x11/desktop-managers/pantheon.nix +++ b/nixos/modules/services/x11/desktop-managers/pantheon.nix @@ -18,7 +18,7 @@ in meta = { # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc pantheon.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > pantheon.xml` + # `pandoc pantheon.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > pantheon.xml` doc = ./pantheon.xml; maintainers = teams.pantheon.members; }; diff --git a/nixos/modules/services/x11/desktop-managers/pantheon.xml b/nixos/modules/services/x11/desktop-managers/pantheon.xml index 27ed5977ff0..5aa575aeec4 100644 --- a/nixos/modules/services/x11/desktop-managers/pantheon.xml +++ b/nixos/modules/services/x11/desktop-managers/pantheon.xml @@ -17,8 +17,8 @@ services.xserver.desktopManager.pantheon.enable = true; - This automatically enables LightDM and Pantheon's LightDM greeter. - If you'd like to disable this, set + This automatically enables LightDM and Pantheon’s LightDM greeter. + If you’d like to disable this, set services.xserver.displayManager.lightdm.greeters.pantheon.enable = false; @@ -27,8 +27,8 @@ services.xserver.displayManager.lightdm.enable = false; but please be aware using Pantheon without LightDM as a display manager will break screenlocking from the UI. The NixOS module for - Pantheon installs all of Pantheon's default applications. If you'd - like to not install Pantheon's apps, set + Pantheon installs all of Pantheon’s default applications. If you’d + like to not install Pantheon’s apps, set services.pantheon.apps.enable = false; @@ -86,7 +86,7 @@ switchboard-with-plugs.override { please note that, like how the NixOS options describe these as extra plugins, this would only add to the default plugins included - with the programs. If for some reason you'd like to configure + with the programs. If for some reason you’d like to configure which plugins to use exactly, both packages have an argument for this: From 785c0f2afaa326f45e6c2cfc83e257278f80a001 Mon Sep 17 00:00:00 2001 From: pennae Date: Wed, 4 Jan 2023 09:02:21 +0100 Subject: [PATCH 068/155] nixos/manual: mention that module chapters should use markdown --- .../development/meta-attributes.section.md | 20 ++++++++++++++++++ .../development/meta-attributes.section.xml | 21 +++++++++++++++++++ 2 files changed, 41 insertions(+) diff --git a/nixos/doc/manual/development/meta-attributes.section.md b/nixos/doc/manual/development/meta-attributes.section.md index 946c08efd0a..7129cf8723e 100644 --- a/nixos/doc/manual/development/meta-attributes.section.md +++ b/nixos/doc/manual/development/meta-attributes.section.md @@ -40,6 +40,26 @@ file. $ nix-build nixos/release.nix -A manual.x86_64-linux ``` + This file should *not* usually be written by hand. Instead it is preferred + to write documentation using CommonMark and converting it to CommonMark + using pandoc. The simplest documentation can be converted using just + + ```ShellSession + $ pandoc doc.md -t docbook --top-level-division=chapter -f markdown+smart > doc.xml + ``` + + More elaborate documentation may wish to add one or more of the pandoc + filters used to build the remainder of the manual, for example the GNOME + desktop uses + + ```ShellSession + $ pandoc gnome.md -t docbook --top-level-division=chapter \ + --extract-media=media -f markdown+smart \ + --lua-filter ../../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua \ + --lua-filter ../../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua \ + > gnome.xml + ``` + - `buildDocsInSandbox` indicates whether the option documentation for the module can be built in a derivation sandbox. This option is currently only honored for modules shipped by nixpkgs. User modules and modules taken from diff --git a/nixos/doc/manual/from_md/development/meta-attributes.section.xml b/nixos/doc/manual/from_md/development/meta-attributes.section.xml index 9cc58afa1fd..450a5f670f3 100644 --- a/nixos/doc/manual/from_md/development/meta-attributes.section.xml +++ b/nixos/doc/manual/from_md/development/meta-attributes.section.xml @@ -50,6 +50,27 @@ $ nix-build nixos/release.nix -A manual.x86_64-linux + + + This file should not usually be written by + hand. Instead it is preferred to write documentation using + CommonMark and converting it to CommonMark using pandoc. The + simplest documentation can be converted using just + + +$ pandoc doc.md -t docbook --top-level-division=chapter -f markdown+smart > doc.xml + + + More elaborate documentation may wish to add one or more of the + pandoc filters used to build the remainder of the manual, for + example the GNOME desktop uses + + +$ pandoc gnome.md -t docbook --top-level-division=chapter \ + --extract-media=media -f markdown+smart \ + --lua-filter ../../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua \ + --lua-filter ../../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua \ + > gnome.xml From dc7788efb8bcbe68d1183cf7ee281186315802ca Mon Sep 17 00:00:00 2001 From: pennae Date: Thu, 5 Jan 2023 05:50:12 +0100 Subject: [PATCH 069/155] nixos/manual: regenerate chapter xml files apparently pandoc has changed behavior over the past releases, so the files are no longer in sync. occasionally this requires edits to the markdown source to not remove an anchor that was there before (albeit wth a very questionable id), or where things were simply being misrendered due to syntax errors. --- .../services/monitoring/parsedmarc.xml | 6 +-- .../modules/services/networking/mosquitto.xml | 6 +-- nixos/modules/services/search/meilisearch.md | 12 +++--- nixos/modules/services/search/meilisearch.xml | 14 +++---- nixos/modules/services/web-apps/pict-rs.md | 1 + nixos/modules/services/web-apps/pict-rs.xml | 41 +++++++------------ .../system/boot/loader/external/external.md | 2 +- .../system/boot/loader/external/external.xml | 2 +- 8 files changed, 36 insertions(+), 48 deletions(-) diff --git a/nixos/modules/services/monitoring/parsedmarc.xml b/nixos/modules/services/monitoring/parsedmarc.xml index b6a4bcf8ff5..2db5f48d160 100644 --- a/nixos/modules/services/monitoring/parsedmarc.xml +++ b/nixos/modules/services/monitoring/parsedmarc.xml @@ -15,7 +15,7 @@ email address and saves them to a local Elasticsearch instance looks like this: - + services.parsedmarc = { enable = true; settings.imap = { @@ -44,7 +44,7 @@ services.parsedmarc = { email address that should be configured in the domain’s dmarc policy is dmarc@monitoring.example.com. - + services.parsedmarc = { enable = true; provision = { @@ -67,7 +67,7 @@ services.parsedmarc = { Elasticsearch instance is automatically added as a Grafana datasource, and the dashboard is added to Grafana as well. - + services.parsedmarc = { enable = true; provision = { diff --git a/nixos/modules/services/networking/mosquitto.xml b/nixos/modules/services/networking/mosquitto.xml index d16ab28c026..17dc85700f8 100644 --- a/nixos/modules/services/networking/mosquitto.xml +++ b/nixos/modules/services/networking/mosquitto.xml @@ -9,7 +9,7 @@ A minimal configuration for Mosquitto is - + services.mosquitto = { enable = true; listeners = [ { @@ -31,7 +31,7 @@ services.mosquitto = { restricted write access to a user service could look like - + services.mosquitto = { enable = true; listeners = [ { @@ -52,7 +52,7 @@ services.mosquitto = { TLS authentication is configured by setting TLS-related options of the listener: - + services.mosquitto = { enable = true; listeners = [ { diff --git a/nixos/modules/services/search/meilisearch.md b/nixos/modules/services/search/meilisearch.md index 98e7c542cb9..98af396117c 100644 --- a/nixos/modules/services/search/meilisearch.md +++ b/nixos/modules/services/search/meilisearch.md @@ -2,7 +2,7 @@ Meilisearch is a lightweight, fast and powerful search engine. Think elastic search with a much smaller footprint. -## Quickstart +## Quickstart {#module-services-meilisearch-quickstart} the minimum to start meilisearch is @@ -14,19 +14,19 @@ this will start the http server included with meilisearch on port 7700. test with `curl -X GET 'http://localhost:7700/health'` -## Usage +## Usage {#module-services-meilisearch-usage} you first need to add documents to an index before you can search for documents. -### Add a documents to the `movies` index +### Add a documents to the `movies` index {#module-services-meilisearch-quickstart-add} `curl -X POST 'http://127.0.0.1:7700/indexes/movies/documents' --data '[{"id": "123", "title": "Superman"}, {"id": 234, "title": "Batman"}]'` -### Search documents in the `movies` index +### Search documents in the `movies` index {#module-services-meilisearch-quickstart-search} `curl 'http://127.0.0.1:7700/indexes/movies/search' --data '{ "q": "botman" }'` (note the typo is intentional and there to demonstrate the typo tolerant capabilities) -## Defaults +## Defaults {#module-services-meilisearch-defaults} - The default nixos package doesn't come with the [dashboard](https://docs.meilisearch.com/learn/getting_started/quick_start.html#search), since the dashboard features makes some assets downloads at compile time. @@ -34,6 +34,6 @@ you first need to add documents to an index before you can search for documents. - Default deployment is development mode. It doesn't require a secret master key. All routes are not protected and accessible. -## Missing +## Missing {#module-services-meilisearch-missing} - the snapshot feature is not yet configurable from the module, it's just a matter of adding the relevant environment variables. diff --git a/nixos/modules/services/search/meilisearch.xml b/nixos/modules/services/search/meilisearch.xml index c1a73f358c2..c222c042562 100644 --- a/nixos/modules/services/search/meilisearch.xml +++ b/nixos/modules/services/search/meilisearch.xml @@ -4,12 +4,12 @@ Meilisearch is a lightweight, fast and powerful search engine. Think elastic search with a much smaller footprint. -
+
Quickstart the minimum to start meilisearch is - + services.meilisearch.enable = true; @@ -21,20 +21,20 @@ services.meilisearch.enable = true; curl -X GET 'http://localhost:7700/health'
-
+
Usage you first need to add documents to an index before you can search for documents. -
+
Add a documents to the <literal>movies</literal> index curl -X POST 'http://127.0.0.1:7700/indexes/movies/documents' --data '[{"id": "123", "title": "Superman"}, {"id": 234, "title": "Batman"}]'
-
+
Search documents in the <literal>movies</literal> index @@ -44,7 +44,7 @@ services.meilisearch.enable = true;
-
+
Defaults @@ -70,7 +70,7 @@ services.meilisearch.enable = true;
-
+
Missing diff --git a/nixos/modules/services/web-apps/pict-rs.md b/nixos/modules/services/web-apps/pict-rs.md index 4b622049909..2fa6bb3aebc 100644 --- a/nixos/modules/services/web-apps/pict-rs.md +++ b/nixos/modules/services/web-apps/pict-rs.md @@ -15,6 +15,7 @@ this will start the http server on port 8080 by default. ## Usage {#module-services-pict-rs-usage} pict-rs offers the following endpoints: + - `POST /image` for uploading an image. Uploaded content must be valid multipart/form-data with an image array located within the `images[]` key diff --git a/nixos/modules/services/web-apps/pict-rs.xml b/nixos/modules/services/web-apps/pict-rs.xml index bf129f5cc2a..6cae82e01ec 100644 --- a/nixos/modules/services/web-apps/pict-rs.xml +++ b/nixos/modules/services/web-apps/pict-rs.xml @@ -8,7 +8,7 @@ the minimum to start pict-rs is - + services.pict-rs.enable = true; @@ -18,34 +18,21 @@ services.pict-rs.enable = true;
Usage - pict-rs offers the following endpoints: - - POST /image for uploading an image. Uploaded - content must be valid multipart/form-data with an image array - located within the images[] key + pict-rs offers the following endpoints: - -This endpoint returns the following JSON structure on success with a 201 Created status -```json -{ - "files": [ - { - "delete_token": "JFvFhqJA98", - "file": "lkWZDRvugm.jpg" - }, - { - "delete_token": "kAYy9nk2WK", - "file": "8qFS0QooAn.jpg" - }, - { - "delete_token": "OxRpM3sf0Y", - "file": "1hJaYfGE01.jpg" - } - ], - "msg": "ok" -} -``` - + + + POST /image for uploading an image. + Uploaded content must be valid multipart/form-data with an + image array located within the images[] key + + + This endpoint returns the following JSON structure on success + with a 201 Created status + json { "files": [ { "delete_token": "JFvFhqJA98", "file": "lkWZDRvugm.jpg" }, { "delete_token": "kAYy9nk2WK", "file": "8qFS0QooAn.jpg" }, { "delete_token": "OxRpM3sf0Y", "file": "1hJaYfGE01.jpg" } ], "msg": "ok" } + + GET /image/download?url=... Download an diff --git a/nixos/modules/system/boot/loader/external/external.md b/nixos/modules/system/boot/loader/external/external.md index ba1dfd4d9b9..4f5b559dfc4 100644 --- a/nixos/modules/system/boot/loader/external/external.md +++ b/nixos/modules/system/boot/loader/external/external.md @@ -20,7 +20,7 @@ You can enable FooBoot like this: } ``` -## Developing Custom Bootloader Backends +## Developing Custom Bootloader Backends {#sec-bootloader-external-developing} Bootloaders should use [RFC-0125](https://github.com/NixOS/rfcs/pull/125)'s Bootspec format and synthesis tools to identify the key properties for bootable system generations. diff --git a/nixos/modules/system/boot/loader/external/external.xml b/nixos/modules/system/boot/loader/external/external.xml index 39ab2156bc8..08a0b56e5b2 100644 --- a/nixos/modules/system/boot/loader/external/external.xml +++ b/nixos/modules/system/boot/loader/external/external.xml @@ -29,7 +29,7 @@ }; } -
+
Developing Custom Bootloader Backends Bootloaders should use From bf92eaebe4afd03f029292f8cf5efa333fd0078a Mon Sep 17 00:00:00 2001 From: pennae Date: Thu, 5 Jan 2023 06:16:46 +0100 Subject: [PATCH 070/155] nixos/manual: generate module chapters with md-to-db.sh --- nixos/doc/manual/md-to-db.sh | 15 +++++ nixos/modules/i18n/input-method/default.nix | 3 +- nixos/modules/i18n/input-method/default.xml | 2 +- .../digitalbitbox/{doc.md => default.md} | 0 .../programs/digitalbitbox/default.nix | 5 +- .../digitalbitbox/{doc.xml => default.xml} | 12 ++-- nixos/modules/programs/plotinus.nix | 3 +- nixos/modules/programs/plotinus.xml | 2 +- nixos/modules/programs/zsh/oh-my-zsh.nix | 3 +- nixos/modules/programs/zsh/oh-my-zsh.xml | 2 +- .../security/acme/{doc.md => default.md} | 0 nixos/modules/security/acme/default.nix | 5 +- .../security/acme/{doc.xml => default.xml} | 24 ++++---- nixos/modules/services/backup/borgbackup.nix | 3 +- nixos/modules/services/backup/borgbackup.xml | 6 +- .../services/databases/foundationdb.nix | 3 +- .../services/databases/foundationdb.xml | 4 +- .../modules/services/databases/postgresql.nix | 3 +- .../modules/services/databases/postgresql.xml | 26 ++++----- nixos/modules/services/desktops/flatpak.nix | 3 +- nixos/modules/services/desktops/flatpak.xml | 2 +- .../services/development/blackfire.nix | 3 +- .../services/development/blackfire.xml | 2 +- nixos/modules/services/editors/emacs.nix | 3 +- nixos/modules/services/editors/emacs.xml | 32 +++++------ nixos/modules/services/hardware/trezord.nix | 3 +- nixos/modules/services/hardware/trezord.xml | 2 +- nixos/modules/services/mail/mailman.nix | 3 +- nixos/modules/services/matrix/mjolnir.nix | 3 +- nixos/modules/services/matrix/synapse.nix | 3 +- nixos/modules/services/matrix/synapse.xml | 12 ++-- nixos/modules/services/misc/gitlab.nix | 3 +- nixos/modules/services/misc/gitlab.xml | 2 +- .../sourcehut/{sourcehut.md => default.md} | 0 .../services/misc/sourcehut/default.nix | 5 +- .../sourcehut/{sourcehut.xml => default.xml} | 10 ++-- .../misc/taskserver/{doc.md => default.md} | 0 .../services/misc/taskserver/default.nix | 5 +- .../misc/taskserver/{doc.xml => default.xml} | 6 +- nixos/modules/services/misc/weechat.nix | 3 +- .../modules/services/monitoring/parsedmarc.md | 4 +- .../services/monitoring/parsedmarc.nix | 3 +- .../services/monitoring/parsedmarc.xml | 4 +- .../monitoring/prometheus/exporters.nix | 3 +- .../litestream/{litestream.md => default.md} | 0 .../litestream/default.nix | 5 +- .../{litestream.xml => default.xml} | 0 .../networking/firefox-syncserver.nix | 3 +- .../modules/services/networking/mosquitto.nix | 3 +- nixos/modules/services/networking/pleroma.nix | 3 +- nixos/modules/services/networking/pleroma.xml | 15 +++-- nixos/modules/services/networking/prosody.nix | 3 +- .../modules/services/networking/yggdrasil.nix | 3 +- .../modules/services/networking/yggdrasil.xml | 2 +- nixos/modules/services/search/meilisearch.nix | 3 +- nixos/modules/services/web-apps/discourse.nix | 3 +- nixos/modules/services/web-apps/discourse.xml | 57 +++++++++---------- nixos/modules/services/web-apps/grocy.nix | 3 +- .../modules/services/web-apps/jitsi-meet.nix | 3 +- nixos/modules/services/web-apps/keycloak.nix | 3 +- nixos/modules/services/web-apps/keycloak.xml | 48 ++++++++-------- nixos/modules/services/web-apps/lemmy.nix | 3 +- .../web-apps/{matomo-doc.md => matomo.md} | 0 nixos/modules/services/web-apps/matomo.nix | 5 +- .../web-apps/{matomo-doc.xml => matomo.xml} | 8 +-- nixos/modules/services/web-apps/nextcloud.nix | 3 +- nixos/modules/services/web-apps/nextcloud.xml | 26 ++++----- nixos/modules/services/web-apps/pict-rs.nix | 3 +- nixos/modules/services/web-apps/pict-rs.xml | 40 ++++++++++++- nixos/modules/services/web-apps/plausible.nix | 3 +- .../web-servers/{garage-doc.md => garage.md} | 0 nixos/modules/services/web-servers/garage.nix | 5 +- .../{garage-doc.xml => garage.xml} | 14 ++--- .../services/x11/desktop-managers/gnome.nix | 3 +- .../services/x11/desktop-managers/gnome.xml | 16 +++--- .../x11/desktop-managers/pantheon.nix | 3 +- .../x11/desktop-managers/pantheon.xml | 10 ++-- .../system/boot/loader/external/external.nix | 3 +- 78 files changed, 271 insertions(+), 271 deletions(-) rename nixos/modules/programs/digitalbitbox/{doc.md => default.md} (100%) rename nixos/modules/programs/digitalbitbox/{doc.xml => default.xml} (82%) rename nixos/modules/security/acme/{doc.md => default.md} (100%) rename nixos/modules/security/acme/{doc.xml => default.xml} (95%) rename nixos/modules/services/misc/sourcehut/{sourcehut.md => default.md} (100%) rename nixos/modules/services/misc/sourcehut/{sourcehut.xml => default.xml} (94%) rename nixos/modules/services/misc/taskserver/{doc.md => default.md} (100%) rename nixos/modules/services/misc/taskserver/{doc.xml => default.xml} (95%) rename nixos/modules/services/network-filesystems/litestream/{litestream.md => default.md} (100%) rename nixos/modules/services/network-filesystems/litestream/{litestream.xml => default.xml} (100%) rename nixos/modules/services/web-apps/{matomo-doc.md => matomo.md} (100%) rename nixos/modules/services/web-apps/{matomo-doc.xml => matomo.xml} (94%) rename nixos/modules/services/web-servers/{garage-doc.md => garage.md} (100%) rename nixos/modules/services/web-servers/{garage-doc.xml => garage.xml} (93%) diff --git a/nixos/doc/manual/md-to-db.sh b/nixos/doc/manual/md-to-db.sh index 4698e94f508..abf9417c50a 100755 --- a/nixos/doc/manual/md-to-db.sh +++ b/nixos/doc/manual/md-to-db.sh @@ -50,3 +50,18 @@ for mf in ${MD_FILES[*]}; do done popd + +# now handle module chapters. we'll need extra checks to ensure that we don't process +# markdown files we're not interested in, so we'll require an x.nix file for ever x.md +# that we'll convert to xml. +pushd "$DIR/../../modules" + +mapfile -t MD_FILES < <(find . -type f -regex '.*\.md$') + +for mf in ${MD_FILES[*]}; do + [ -f "${mf%.md}.nix" ] || continue + + pandoc --top-level-division=chapter "$mf" "${pandoc_flags[@]}" -o "${mf%.md}.xml" +done + +popd diff --git a/nixos/modules/i18n/input-method/default.nix b/nixos/modules/i18n/input-method/default.nix index 3fa1f4c643d..452b0d7b264 100644 --- a/nixos/modules/i18n/input-method/default.nix +++ b/nixos/modules/i18n/input-method/default.nix @@ -66,8 +66,7 @@ in meta = { maintainers = with lib.maintainers; [ ericsagnes ]; - # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc default.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > default.xml` + # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh doc = ./default.xml; }; diff --git a/nixos/modules/i18n/input-method/default.xml b/nixos/modules/i18n/input-method/default.xml index 23295211980..b3706086bef 100644 --- a/nixos/modules/i18n/input-method/default.xml +++ b/nixos/modules/i18n/input-method/default.xml @@ -234,7 +234,7 @@ i18n.inputMethod = { }; - Note: The + Note: The option can be used to choose uim toolbar.
diff --git a/nixos/modules/programs/digitalbitbox/doc.md b/nixos/modules/programs/digitalbitbox/default.md similarity index 100% rename from nixos/modules/programs/digitalbitbox/doc.md rename to nixos/modules/programs/digitalbitbox/default.md diff --git a/nixos/modules/programs/digitalbitbox/default.nix b/nixos/modules/programs/digitalbitbox/default.nix index 2aaa307782d..fb18c52187b 100644 --- a/nixos/modules/programs/digitalbitbox/default.nix +++ b/nixos/modules/programs/digitalbitbox/default.nix @@ -33,9 +33,8 @@ in }; meta = { - # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc doc.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart > doc.xml` - doc = ./doc.xml; + # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh + doc = ./default.xml; maintainers = with lib.maintainers; [ vidbina ]; }; } diff --git a/nixos/modules/programs/digitalbitbox/doc.xml b/nixos/modules/programs/digitalbitbox/default.xml similarity index 82% rename from nixos/modules/programs/digitalbitbox/doc.xml rename to nixos/modules/programs/digitalbitbox/default.xml index 30150640504..d5e1110bafb 100644 --- a/nixos/modules/programs/digitalbitbox/doc.xml +++ b/nixos/modules/programs/digitalbitbox/default.xml @@ -13,11 +13,11 @@ programs.digitalbitbox.enable = true; and bundles the digitalbitbox package (see - ), which contains - the dbb-app and dbb-cli - binaries, along with the hardware module (see - ) which - sets up the necessary udev rules to access the device. + ), which contains the + dbb-app and dbb-cli binaries, + along with the hardware module (see + ) which sets up + the necessary udev rules to access the device. Enabling the digitalbitbox module is pretty much the easiest way to @@ -25,7 +25,7 @@ programs.digitalbitbox.enable = true; For more information, see - https://digitalbitbox.com/start_linux. + https://digitalbitbox.com/start_linux.
Package diff --git a/nixos/modules/programs/plotinus.nix b/nixos/modules/programs/plotinus.nix index 3f7bbba42b9..cc73df2f791 100644 --- a/nixos/modules/programs/plotinus.nix +++ b/nixos/modules/programs/plotinus.nix @@ -8,8 +8,7 @@ in { meta = { maintainers = pkgs.plotinus.meta.maintainers; - # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc plotinus.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > plotinus.xml` + # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh doc = ./plotinus.xml; }; diff --git a/nixos/modules/programs/plotinus.xml b/nixos/modules/programs/plotinus.xml index 6d5147eaa7e..eb8c65f94bc 100644 --- a/nixos/modules/programs/plotinus.xml +++ b/nixos/modules/programs/plotinus.xml @@ -6,7 +6,7 @@ Upstream documentation: - https://github.com/p-e-w/plotinus + https://github.com/p-e-w/plotinus Plotinus is a searchable command palette in every modern GTK diff --git a/nixos/modules/programs/zsh/oh-my-zsh.nix b/nixos/modules/programs/zsh/oh-my-zsh.nix index 7a8fd88414a..a2d6eb14bdf 100644 --- a/nixos/modules/programs/zsh/oh-my-zsh.nix +++ b/nixos/modules/programs/zsh/oh-my-zsh.nix @@ -142,7 +142,6 @@ in }; - # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc oh-my-zsh.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > oh-my-zsh.xml` + # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh meta.doc = ./oh-my-zsh.xml; } diff --git a/nixos/modules/programs/zsh/oh-my-zsh.xml b/nixos/modules/programs/zsh/oh-my-zsh.xml index 6125ba1488a..be868326c25 100644 --- a/nixos/modules/programs/zsh/oh-my-zsh.xml +++ b/nixos/modules/programs/zsh/oh-my-zsh.xml @@ -93,7 +93,7 @@
Package your own customizations - If third-party customizations (e.g. new themes) are supposed to be + If third-party customizations (e.g. new themes) are supposed to be added to oh-my-zsh there are several pitfalls to keep in mind: diff --git a/nixos/modules/security/acme/doc.md b/nixos/modules/security/acme/default.md similarity index 100% rename from nixos/modules/security/acme/doc.md rename to nixos/modules/security/acme/default.md diff --git a/nixos/modules/security/acme/default.nix b/nixos/modules/security/acme/default.nix index dfa3742dacc..baa7a516ce3 100644 --- a/nixos/modules/security/acme/default.nix +++ b/nixos/modules/security/acme/default.nix @@ -916,8 +916,7 @@ in { meta = { maintainers = lib.teams.acme.members; - # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc doc.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > doc.xml` - doc = ./doc.xml; + # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh + doc = ./default.xml; }; } diff --git a/nixos/modules/security/acme/doc.xml b/nixos/modules/security/acme/default.xml similarity index 95% rename from nixos/modules/security/acme/doc.xml rename to nixos/modules/security/acme/default.xml index 42c73300d8b..766421c6237 100644 --- a/nixos/modules/security/acme/doc.xml +++ b/nixos/modules/security/acme/default.xml @@ -19,25 +19,24 @@ To use the ACME module, you must accept the provider’s terms of service by setting - to + to true. The Let’s Encrypt ToS can be found here. You must also set an email address to be used when creating accounts with Let’s Encrypt. You can set this for all certs with - and/or on - a per-cert basis with - . This + and/or on a + per-cert basis with + . This address is only used for registration and renewal reminders, and cannot be used to administer the certificates in any way. Alternatively, you can use a different ACME server by changing the - option - to a provider of your choosing, or just change the server for one - cert with - . + option to a + provider of your choosing, or just change the server for one cert + with . You will need an HTTP server or DNS server for verification. For @@ -173,7 +172,7 @@ security.acme.certs."foo.example.com" = { /var/lib/acme/foo.example.com. - Refer to for all available + Refer to for all available configuration options for the security.acme module. @@ -275,9 +274,10 @@ systemd.services.dns-rfc2136-conf = { You must follow the guide above on configuring DNS-01 validation first, however instead of setting the options for one certificate - (e.g. ) - you will set them as defaults - (e.g. ). + (e.g. + ) you + will set them as defaults (e.g. + ). # Configure ACME appropriately diff --git a/nixos/modules/services/backup/borgbackup.nix b/nixos/modules/services/backup/borgbackup.nix index bb037fc13ee..5489aac0111 100644 --- a/nixos/modules/services/backup/borgbackup.nix +++ b/nixos/modules/services/backup/borgbackup.nix @@ -226,8 +226,7 @@ let in { meta.maintainers = with maintainers; [ dotlambda ]; - # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc borgbackup.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > borgbackup.xml` + # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh meta.doc = ./borgbackup.xml; ###### interface diff --git a/nixos/modules/services/backup/borgbackup.xml b/nixos/modules/services/backup/borgbackup.xml index 1c1233b1124..1b864d6cdd5 100644 --- a/nixos/modules/services/backup/borgbackup.xml +++ b/nixos/modules/services/backup/borgbackup.xml @@ -6,7 +6,7 @@ Upstream documentation: - https://borgbackup.readthedocs.io/ + https://borgbackup.readthedocs.io/ BorgBackup @@ -200,9 +200,9 @@ sudo borg init --encryption=repokey-blake2 \ protect your data from disk failure, ransomware and theft. - It can be installed in NixOS e.g. by adding + It can be installed in NixOS e.g. by adding pkgs.vorta to - . + . Details about using Vorta can be found under diff --git a/nixos/modules/services/databases/foundationdb.nix b/nixos/modules/services/databases/foundationdb.nix index 0cdb832e4bc..3d72d8ec6d2 100644 --- a/nixos/modules/services/databases/foundationdb.nix +++ b/nixos/modules/services/databases/foundationdb.nix @@ -424,8 +424,7 @@ in }; }; - # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc foundationdb.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > foundationdb.xml` + # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh meta.doc = ./foundationdb.xml; meta.maintainers = with lib.maintainers; [ thoughtpolice ]; } diff --git a/nixos/modules/services/databases/foundationdb.xml b/nixos/modules/services/databases/foundationdb.xml index e65458779d1..e4a01260421 100644 --- a/nixos/modules/services/databases/foundationdb.xml +++ b/nixos/modules/services/databases/foundationdb.xml @@ -6,7 +6,7 @@ Upstream documentation: - https://apple.github.io/foundationdb/ + https://apple.github.io/foundationdb/ Maintainer: Austin Seipp @@ -417,7 +417,7 @@ $ sudo -u foundationdb fdbbackup status -t default FoundationDB is a complex piece of software, and requires careful administration to properly use. Full documentation for administration can be found here: - https://apple.github.io/foundationdb/. + https://apple.github.io/foundationdb/.
diff --git a/nixos/modules/services/databases/postgresql.nix b/nixos/modules/services/databases/postgresql.nix index 9a9a083b7c3..40a1acb39a3 100644 --- a/nixos/modules/services/databases/postgresql.nix +++ b/nixos/modules/services/databases/postgresql.nix @@ -585,8 +585,7 @@ in }; - # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc postgresql.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > postgresql.xml` + # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh meta.doc = ./postgresql.xml; meta.maintainers = with lib.maintainers; [ thoughtpolice danbst ]; } diff --git a/nixos/modules/services/databases/postgresql.xml b/nixos/modules/services/databases/postgresql.xml index 7ca03264e36..6aa2a3812ff 100644 --- a/nixos/modules/services/databases/postgresql.xml +++ b/nixos/modules/services/databases/postgresql.xml @@ -6,10 +6,10 @@ Upstream documentation: - http://www.postgresql.org/docs/ + http://www.postgresql.org/docs/ - PostgreSQL is an advanced, free relational database. + PostgreSQL is an advanced, free relational database.
Configuring @@ -23,17 +23,17 @@ services.postgresql.package = pkgs.postgresql_11; Note that you are required to specify the desired version of - PostgreSQL (e.g. pkgs.postgresql_11). Since + PostgreSQL (e.g. pkgs.postgresql_11). Since upgrading your PostgreSQL version requires a database dump and reload (see below), NixOS cannot provide a default value for - such as - the most recent release of PostgreSQL. + such as the + most recent release of PostgreSQL. By default, PostgreSQL stores its databases in /var/lib/postgresql/$psqlSchema. You can override this using - , e.g. + , e.g. services.postgresql.dataDir = "/data/postgresql"; @@ -122,7 +122,7 @@ $ nix-instantiate --eval -A postgresql_13.psqlSchema the new one. You may supply arguments like --jobs 4 and --link to speedup migration process. See - https://www.postgresql.org/docs/current/pgupgrade.html + https://www.postgresql.org/docs/current/pgupgrade.html for details. @@ -130,10 +130,9 @@ $ nix-instantiate --eval -A postgresql_13.psqlSchema Change postgresql package in NixOS configuration to the one you were upgrading to via - . - Rebuild NixOS. This should start new postgres using upgraded - data directory and all services you stopped during the - upgrade. + . Rebuild + NixOS. This should start new postgres using upgraded data + directory and all services you stopped during the upgrade. @@ -151,9 +150,8 @@ $ nix-instantiate --eval -A postgresql_13.psqlSchema For PostgreSQL < 14, run (as su -l postgres in the - , - in this example - /var/lib/postgresql/13): + , in + this example /var/lib/postgresql/13): $ ./analyze_new_cluster.sh diff --git a/nixos/modules/services/desktops/flatpak.nix b/nixos/modules/services/desktops/flatpak.nix index 367d367d0bc..b08d7db226d 100644 --- a/nixos/modules/services/desktops/flatpak.nix +++ b/nixos/modules/services/desktops/flatpak.nix @@ -7,8 +7,7 @@ let cfg = config.services.flatpak; in { meta = { - # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc flatpak.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > flatpak.xml` + # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh doc = ./flatpak.xml; maintainers = pkgs.flatpak.meta.maintainers; }; diff --git a/nixos/modules/services/desktops/flatpak.xml b/nixos/modules/services/desktops/flatpak.xml index 3a4cfc5ea40..6230a7b1fa0 100644 --- a/nixos/modules/services/desktops/flatpak.xml +++ b/nixos/modules/services/desktops/flatpak.xml @@ -6,7 +6,7 @@ Upstream documentation: - https://github.com/flatpak/flatpak/wiki + https://github.com/flatpak/flatpak/wiki Flatpak is a system for building, distributing, and running diff --git a/nixos/modules/services/development/blackfire.nix b/nixos/modules/services/development/blackfire.nix index 7d3365efa84..58ef75d23da 100644 --- a/nixos/modules/services/development/blackfire.nix +++ b/nixos/modules/services/development/blackfire.nix @@ -11,8 +11,7 @@ let in { meta = { maintainers = pkgs.blackfire.meta.maintainers; - # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc blackfire.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > blackfire.xml` + # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh doc = ./blackfire.xml; }; diff --git a/nixos/modules/services/development/blackfire.xml b/nixos/modules/services/development/blackfire.xml index f5e62218632..99afaa11e04 100644 --- a/nixos/modules/services/development/blackfire.xml +++ b/nixos/modules/services/development/blackfire.xml @@ -6,7 +6,7 @@ Upstream documentation: - https://blackfire.io/docs/introduction + https://blackfire.io/docs/introduction Blackfire is a diff --git a/nixos/modules/services/editors/emacs.nix b/nixos/modules/services/editors/emacs.nix index d30fd07577c..2aa38298716 100644 --- a/nixos/modules/services/editors/emacs.nix +++ b/nixos/modules/services/editors/emacs.nix @@ -99,7 +99,6 @@ in environment.variables.EDITOR = mkIf cfg.defaultEditor (mkOverride 900 "${editorScript}/bin/emacseditor"); }; - # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc emacs.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > emacs.xml` + # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh meta.doc = ./emacs.xml; } diff --git a/nixos/modules/services/editors/emacs.xml b/nixos/modules/services/editors/emacs.xml index 5e4f3e67427..d510556c29c 100644 --- a/nixos/modules/services/editors/emacs.xml +++ b/nixos/modules/services/editors/emacs.xml @@ -10,11 +10,11 @@ Emacs runs within a graphical desktop environment using the X Window System, but works equally well on a text terminal. Under macOS, a - "Mac port" edition is available, which uses Apple's native - GUI frameworks. + Mac port edition is available, which uses Apple’s + native GUI frameworks. - Nixpkgs provides a superior environment for running Emacs. It's + Nixpkgs provides a superior environment for running Emacs. It’s simple to create custom builds by overriding the default packages. Chaotic collections of Emacs Lisp code and extensions can be brought under control using declarative package management. NixOS even @@ -25,8 +25,8 @@ Installing Emacs Emacs can be installed in the normal way for Nix (see - ). In addition, a - NixOS service can be enabled. + ). In addition, a NixOS + service can be enabled.
The Different Releases of Emacs @@ -63,14 +63,14 @@ - Emacs with the "Mac port" patches, providing a - more native look and feel under macOS. + Emacs with the Mac port patches, providing + a more native look and feel under macOS. - If those aren't suitable, then the following imitation Emacs + If those aren’t suitable, then the following imitation Emacs editors are also available in Nixpkgs: Zile, mg, @@ -207,9 +207,9 @@ nix-env -f "<nixpkgs>" -qaP -A emacs.pkgs.orgPackages If you are on NixOS, you can install this particular Emacs for all users by adding it to the list of system packages (see - ). Simply - modify your file configuration.nix to make - it contain: + ). Simply modify + your file configuration.nix to make it + contain: @@ -224,7 +224,7 @@ nix-env -f "<nixpkgs>" -qaP -A emacs.pkgs.orgPackages In this case, the next nixos-rebuild switch will take care of adding your emacs to the PATH environment variable (see - ). + ). If you are not on NixOS or want to install this particular Emacs @@ -292,7 +292,7 @@ in [...] NixOS provides an optional systemd service which launches Emacs - daemon with the user's login session. + daemon with the user’s login session. Source: @@ -315,7 +315,7 @@ services.emacs.package = import /home/cassou/.emacs.d { pkgs = pkgs; }; emacsWithPackages. - Ensure that the Emacs server is enabled for your user's Emacs + Ensure that the Emacs server is enabled for your user’s Emacs configuration, either by customizing the server-mode variable, or by adding (server-start) to @@ -353,7 +353,7 @@ emacsclient --create-frame --tty # opens a new frame on the current terminal
Configuring the <varname>EDITOR</varname> variable - If is + If is true, the EDITOR variable will be set to a wrapper script which launches emacsclient. @@ -452,7 +452,7 @@ systemctl --user enable emacs To install the DocBook 5.0 schemas, either add pkgs.docbook5 to - + (NixOS), or run nix-env -f '<nixpkgs>' -iA docbook5 (Nix). diff --git a/nixos/modules/services/hardware/trezord.nix b/nixos/modules/services/hardware/trezord.nix index 708f02fafc2..ae19b7f3e5b 100644 --- a/nixos/modules/services/hardware/trezord.nix +++ b/nixos/modules/services/hardware/trezord.nix @@ -8,8 +8,7 @@ in { ### docs meta = { - # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc trezord.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > trezord.xml` + # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh doc = ./trezord.xml; }; diff --git a/nixos/modules/services/hardware/trezord.xml b/nixos/modules/services/hardware/trezord.xml index bf9409c7d63..6cdff821980 100644 --- a/nixos/modules/services/hardware/trezord.xml +++ b/nixos/modules/services/hardware/trezord.xml @@ -12,7 +12,7 @@ GPG and a password manager. For more information, guides and documentation, see - https://wiki.trezor.io. + https://wiki.trezor.io. To enable Trezor support, add the following to your diff --git a/nixos/modules/services/mail/mailman.nix b/nixos/modules/services/mail/mailman.nix index 622efd87e7b..89c11a5d2f7 100644 --- a/nixos/modules/services/mail/mailman.nix +++ b/nixos/modules/services/mail/mailman.nix @@ -642,8 +642,7 @@ in { meta = { maintainers = with lib.maintainers; [ lheckemann qyliss ma27 ]; - # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc mailman.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > mailman.xml` + # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh doc = ./mailman.xml; }; diff --git a/nixos/modules/services/matrix/mjolnir.nix b/nixos/modules/services/matrix/mjolnir.nix index 372b8ced1c2..d568beb2e7a 100644 --- a/nixos/modules/services/matrix/mjolnir.nix +++ b/nixos/modules/services/matrix/mjolnir.nix @@ -236,8 +236,7 @@ in }; meta = { - # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc mjolnir.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > mjolnir.xml` + # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh doc = ./mjolnir.xml; maintainers = with maintainers; [ jojosch ]; }; diff --git a/nixos/modules/services/matrix/synapse.nix b/nixos/modules/services/matrix/synapse.nix index 4f87744f8cc..fff2e31abe6 100644 --- a/nixos/modules/services/matrix/synapse.nix +++ b/nixos/modules/services/matrix/synapse.nix @@ -801,8 +801,7 @@ in { meta = { buildDocsInSandbox = false; - # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc synapse.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > synapse.xml` + # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh doc = ./synapse.xml; maintainers = teams.matrix.members; }; diff --git a/nixos/modules/services/matrix/synapse.xml b/nixos/modules/services/matrix/synapse.xml index 822f2c324ad..62c3c62d3d1 100644 --- a/nixos/modules/services/matrix/synapse.xml +++ b/nixos/modules/services/matrix/synapse.xml @@ -131,7 +131,7 @@ in { services.matrix-synapse.settings.enable_registration = true;. Otherwise, or you can generate a registration secret with pwgen -s 64 1 and set it with - . + . To create a new user or admin, run the following after you have set the secret and have rebuilt NixOS: @@ -151,7 +151,7 @@ Success! When using - , + , the secret will end up in the world-readable store. Instead it’s recommended to deploy the secret in an additional file like this: @@ -173,9 +173,9 @@ registration_shared_secret: your-very-secret-secret nixops1 or sops-nix - to - e.g. /run/secrets/matrix-shared-secret - and ensure that it’s readable by + to e.g. + /run/secrets/matrix-shared-secret and + ensure that it’s readable by matrix-synapse. @@ -217,7 +217,7 @@ registration_shared_secret: your-very-secret-secret https://element.myhostname.example.org and https://element.example.org. Alternatively, you can use the hosted copy at - https://app.element.io/, + https://app.element.io/, or use other web clients or native client applications. Due to the /.well-known urls set up done above, many clients should fill in the required connection details diff --git a/nixos/modules/services/misc/gitlab.nix b/nixos/modules/services/misc/gitlab.nix index c5eed5960e5..892e5307fef 100644 --- a/nixos/modules/services/misc/gitlab.nix +++ b/nixos/modules/services/misc/gitlab.nix @@ -1502,8 +1502,7 @@ in { }; - # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc gitlab.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > gitlab.xml` + # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh meta.doc = ./gitlab.xml; } diff --git a/nixos/modules/services/misc/gitlab.xml b/nixos/modules/services/misc/gitlab.xml index c2c4dc895e9..69c5cd16e01 100644 --- a/nixos/modules/services/misc/gitlab.xml +++ b/nixos/modules/services/misc/gitlab.xml @@ -97,7 +97,7 @@ services.gitlab = { enabled for fetching incoming mail. - Refer to for all available + Refer to for all available configuration options for the services.gitlab module. diff --git a/nixos/modules/services/misc/sourcehut/sourcehut.md b/nixos/modules/services/misc/sourcehut/default.md similarity index 100% rename from nixos/modules/services/misc/sourcehut/sourcehut.md rename to nixos/modules/services/misc/sourcehut/default.md diff --git a/nixos/modules/services/misc/sourcehut/default.nix b/nixos/modules/services/misc/sourcehut/default.nix index c95761bbe97..38531b96961 100644 --- a/nixos/modules/services/misc/sourcehut/default.nix +++ b/nixos/modules/services/misc/sourcehut/default.nix @@ -1390,8 +1390,7 @@ in '') ]; - # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc sourcehut.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > sourcehut.xml` - meta.doc = ./sourcehut.xml; + # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh + meta.doc = ./default.xml; meta.maintainers = with maintainers; [ tomberek ]; } diff --git a/nixos/modules/services/misc/sourcehut/sourcehut.xml b/nixos/modules/services/misc/sourcehut/default.xml similarity index 94% rename from nixos/modules/services/misc/sourcehut/sourcehut.xml rename to nixos/modules/services/misc/sourcehut/default.xml index d54a9c74417..cc309903889 100644 --- a/nixos/modules/services/misc/sourcehut/sourcehut.xml +++ b/nixos/modules/services/misc/sourcehut/default.xml @@ -97,14 +97,14 @@ in {
- Using an alternative webserver as reverse-proxy - (e.g. <literal>httpd</literal>) + Using an alternative webserver as reverse-proxy (e.g. + <literal>httpd</literal>) By default, nginx is used as reverse-proxy for - sourcehut. However, it’s possible to use - e.g. httpd by explicitly disabling + sourcehut. However, it’s possible to use e.g. + httpd by explicitly disabling nginx using - and fixing the + and fixing the settings.
diff --git a/nixos/modules/services/misc/taskserver/doc.md b/nixos/modules/services/misc/taskserver/default.md similarity index 100% rename from nixos/modules/services/misc/taskserver/doc.md rename to nixos/modules/services/misc/taskserver/default.md diff --git a/nixos/modules/services/misc/taskserver/default.nix b/nixos/modules/services/misc/taskserver/default.nix index 9a97d236452..dbb3ede4010 100644 --- a/nixos/modules/services/misc/taskserver/default.nix +++ b/nixos/modules/services/misc/taskserver/default.nix @@ -566,7 +566,6 @@ in { }) ]; - # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc doc.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > doc.xml` - meta.doc = ./doc.xml; + # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh + meta.doc = ./default.xml; } diff --git a/nixos/modules/services/misc/taskserver/doc.xml b/nixos/modules/services/misc/taskserver/default.xml similarity index 95% rename from nixos/modules/services/misc/taskserver/doc.xml rename to nixos/modules/services/misc/taskserver/default.xml index 06ec397661a..a4668731491 100644 --- a/nixos/modules/services/misc/taskserver/doc.xml +++ b/nixos/modules/services/misc/taskserver/default.xml @@ -7,7 +7,7 @@ Upstream documentation: - https://taskwarrior.org/docs/#taskd + https://taskwarrior.org/docs/#taskd
Configuration @@ -43,8 +43,8 @@ imperatively, the nixos-taskserver tool is used for addition and deletion of organisations along with users and groups defined by - and - as well for imperative set up. + and as + well for imperative set up. The tool is designed to not interfere if the command is used to diff --git a/nixos/modules/services/misc/weechat.nix b/nixos/modules/services/misc/weechat.nix index 3fa408d9c88..cb119f7c3fc 100644 --- a/nixos/modules/services/misc/weechat.nix +++ b/nixos/modules/services/misc/weechat.nix @@ -59,7 +59,6 @@ in }; }; - # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc weechat.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > weechat.xml` + # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh meta.doc = ./weechat.xml; } diff --git a/nixos/modules/services/monitoring/parsedmarc.md b/nixos/modules/services/monitoring/parsedmarc.md index 5a17f79da5d..eac07e0cc9f 100644 --- a/nixos/modules/services/monitoring/parsedmarc.md +++ b/nixos/modules/services/monitoring/parsedmarc.md @@ -25,7 +25,7 @@ services.parsedmarc = { Note that GeoIP provisioning is disabled in the example for simplicity, but should be turned on for fully functional reports. -## Local mail +## Local mail {#module-services-parsedmarc-local-mail} Instead of watching an external inbox, a local inbox can be automatically provisioned. The recipient's name is by default set to `dmarc`, but can be configured in @@ -49,7 +49,7 @@ services.parsedmarc = { }; ``` -## Grafana and GeoIP +## Grafana and GeoIP {#module-services-parsedmarc-grafana-geoip} The reports can be visualized and summarized with parsedmarc's official Grafana dashboard. For all views to work, and for the data to be complete, GeoIP databases are also required. The following example diff --git a/nixos/modules/services/monitoring/parsedmarc.nix b/nixos/modules/services/monitoring/parsedmarc.nix index 40c76b80455..e663e46cf00 100644 --- a/nixos/modules/services/monitoring/parsedmarc.nix +++ b/nixos/modules/services/monitoring/parsedmarc.nix @@ -539,8 +539,7 @@ in }; }; - # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc parsedmarc.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart > parsedmarc.xml` + # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh meta.doc = ./parsedmarc.xml; meta.maintainers = [ lib.maintainers.talyz ]; } diff --git a/nixos/modules/services/monitoring/parsedmarc.xml b/nixos/modules/services/monitoring/parsedmarc.xml index 2db5f48d160..f34d47429d8 100644 --- a/nixos/modules/services/monitoring/parsedmarc.xml +++ b/nixos/modules/services/monitoring/parsedmarc.xml @@ -31,7 +31,7 @@ services.parsedmarc = { simplicity, but should be turned on for fully functional reports.
-
+
Local mail Instead of watching an external inbox, a local inbox can be @@ -57,7 +57,7 @@ services.parsedmarc = { };
-
+
Grafana and GeoIP The reports can be visualized and summarized with parsedmarc’s diff --git a/nixos/modules/services/monitoring/prometheus/exporters.nix b/nixos/modules/services/monitoring/prometheus/exporters.nix index e9401334352..33df9e37fb9 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters.nix @@ -323,8 +323,7 @@ in ); meta = { - # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc exporters.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > exporters.xml` + # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh doc = ./exporters.xml; maintainers = [ maintainers.willibutz ]; }; diff --git a/nixos/modules/services/network-filesystems/litestream/litestream.md b/nixos/modules/services/network-filesystems/litestream/default.md similarity index 100% rename from nixos/modules/services/network-filesystems/litestream/litestream.md rename to nixos/modules/services/network-filesystems/litestream/default.md diff --git a/nixos/modules/services/network-filesystems/litestream/default.nix b/nixos/modules/services/network-filesystems/litestream/default.nix index 73ef81a0f56..5559198d580 100644 --- a/nixos/modules/services/network-filesystems/litestream/default.nix +++ b/nixos/modules/services/network-filesystems/litestream/default.nix @@ -95,7 +95,6 @@ in users.groups.litestream = {}; }; - # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc litestream.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > litestream.xml` - meta.doc = ./litestream.xml; + # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh + meta.doc = ./default.xml; } diff --git a/nixos/modules/services/network-filesystems/litestream/litestream.xml b/nixos/modules/services/network-filesystems/litestream/default.xml similarity index 100% rename from nixos/modules/services/network-filesystems/litestream/litestream.xml rename to nixos/modules/services/network-filesystems/litestream/default.xml diff --git a/nixos/modules/services/networking/firefox-syncserver.nix b/nixos/modules/services/networking/firefox-syncserver.nix index 9733fb16d90..663010999ff 100644 --- a/nixos/modules/services/networking/firefox-syncserver.nix +++ b/nixos/modules/services/networking/firefox-syncserver.nix @@ -311,8 +311,7 @@ in meta = { maintainers = with lib.maintainers; [ pennae ]; - # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc firefox-syncserver.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart > firefox-syncserver.xml` + # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh doc = ./firefox-syncserver.xml; }; } diff --git a/nixos/modules/services/networking/mosquitto.nix b/nixos/modules/services/networking/mosquitto.nix index 270450cb0c6..6c7e1ed720e 100644 --- a/nixos/modules/services/networking/mosquitto.nix +++ b/nixos/modules/services/networking/mosquitto.nix @@ -671,8 +671,7 @@ in meta = { maintainers = with lib.maintainers; [ pennae ]; - # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc mosquitto.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart > mosquitto.xml` + # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh doc = ./mosquitto.xml; }; } diff --git a/nixos/modules/services/networking/pleroma.nix b/nixos/modules/services/networking/pleroma.nix index 287e189e2fe..bbd52176767 100644 --- a/nixos/modules/services/networking/pleroma.nix +++ b/nixos/modules/services/networking/pleroma.nix @@ -147,7 +147,6 @@ in { }; meta.maintainers = with lib.maintainers; [ ninjatrappeur ]; - # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc pleroma.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > pleroma.xml` + # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh meta.doc = ./pleroma.xml; } diff --git a/nixos/modules/services/networking/pleroma.xml b/nixos/modules/services/networking/pleroma.xml index 9a29512d363..2a81e166d10 100644 --- a/nixos/modules/services/networking/pleroma.xml +++ b/nixos/modules/services/networking/pleroma.xml @@ -60,9 +60,8 @@ $ sudo -u postgres psql -f setup.psql This is an example of configuration, where - option - contains the content of the file config.exs, - generated + option contains + the content of the file config.exs, generated in the first section, but with the secrets (database password, endpoint secret key, salts, etc.) removed. Removing secrets is @@ -109,9 +108,9 @@ services.pleroma = { Secrets must be moved into a file pointed by - , in - our case /var/lib/pleroma/secrets.exs. This - file can be created copying the previously generated + , in our + case /var/lib/pleroma/secrets.exs. This file + can be created copying the previously generated config.exs file and then removing all the settings, except the secrets. This is an example @@ -136,7 +135,7 @@ config :web_push_encryption, :vapid_details, Note that the lines of the same configuration group are comma - separated (i.e. all the lines end with a comma, except the last + separated (i.e. all the lines end with a comma, except the last one), so when the lines with passwords are added or removed, commas must be adjusted accordingly. @@ -156,7 +155,7 @@ $ ssh -L 4000:localhost:4000 myuser@example.net and then accessing - http://localhost:4000 + http://localhost:4000 from a web browser.
diff --git a/nixos/modules/services/networking/prosody.nix b/nixos/modules/services/networking/prosody.nix index 3c685e30b03..5ef472bf9c2 100644 --- a/nixos/modules/services/networking/prosody.nix +++ b/nixos/modules/services/networking/prosody.nix @@ -905,7 +905,6 @@ in }; - # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc prosody.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > prosody.xml` + # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh meta.doc = ./prosody.xml; } diff --git a/nixos/modules/services/networking/yggdrasil.nix b/nixos/modules/services/networking/yggdrasil.nix index 3c3ff4ce3c4..fd2dede1357 100644 --- a/nixos/modules/services/networking/yggdrasil.nix +++ b/nixos/modules/services/networking/yggdrasil.nix @@ -193,8 +193,7 @@ in { environment.systemPackages = [ cfg.package ]; }); meta = { - # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc yggdrasil.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > yggdrasil.xml` + # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh doc = ./yggdrasil.xml; maintainers = with lib.maintainers; [ gazally ehmry ]; }; diff --git a/nixos/modules/services/networking/yggdrasil.xml b/nixos/modules/services/networking/yggdrasil.xml index 5b6f63b3ae0..35388ea4cf4 100644 --- a/nixos/modules/services/networking/yggdrasil.xml +++ b/nixos/modules/services/networking/yggdrasil.xml @@ -6,7 +6,7 @@ Upstream documentation: - https://yggdrasil-network.github.io/ + https://yggdrasil-network.github.io/ Yggdrasil is an early-stage implementation of a fully end-to-end diff --git a/nixos/modules/services/search/meilisearch.nix b/nixos/modules/services/search/meilisearch.nix index 3983b1b2c92..98364e141c2 100644 --- a/nixos/modules/services/search/meilisearch.nix +++ b/nixos/modules/services/search/meilisearch.nix @@ -9,8 +9,7 @@ in { meta.maintainers = with maintainers; [ Br1ght0ne happysalada ]; - # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc meilisearch.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart > meilisearch.xml` + # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh meta.doc = ./meilisearch.xml; ###### interface diff --git a/nixos/modules/services/web-apps/discourse.nix b/nixos/modules/services/web-apps/discourse.nix index 2796ba8c379..b00aeab89b0 100644 --- a/nixos/modules/services/web-apps/discourse.nix +++ b/nixos/modules/services/web-apps/discourse.nix @@ -1080,8 +1080,7 @@ in ]; }; - # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc discourse.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > discourse.xml` + # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh meta.doc = ./discourse.xml; meta.maintainers = [ lib.maintainers.talyz ]; } diff --git a/nixos/modules/services/web-apps/discourse.xml b/nixos/modules/services/web-apps/discourse.xml index 1aec160b7b4..ff7534ba5a5 100644 --- a/nixos/modules/services/web-apps/discourse.xml +++ b/nixos/modules/services/web-apps/discourse.xml @@ -36,8 +36,8 @@ security.acme.acceptTerms = true; Using a regular TLS certificate To set up TLS using a regular certificate and key on file, use the - and - + and + options: @@ -61,22 +61,20 @@ services.discourse = { Discourse uses PostgreSQL to store most of its data. A database will automatically be enabled and a database and role created - unless - is + unless is changed from its default of null or - + is set to false. External database access can also be configured by setting - , - - and - - as appropriate. Note that you need to manually create a database + , + and + as + appropriate. Note that you need to manually create a database called discourse (or the name you chose in - ) and - allow the configured database user full access to it. + ) and allow + the configured database user full access to it.
@@ -127,19 +125,18 @@ services.discourse = { If you want to use a different domain for your outgoing email (for example example.com instead of discourse.example.com) you should set - + and - + manually. Setup of TLS for incoming email is currently only configured - automatically when a regular TLS certificate is used, i.e. when - - and - - are set. + automatically when a regular TLS certificate is used, i.e. when + and + are + set.
@@ -148,8 +145,8 @@ services.discourse = { Additional site settings and backend settings, for which no explicit NixOS options are provided, can be set in - and - + and + respectively.
@@ -158,15 +155,15 @@ services.discourse = { Site settings are the settings that can be changed through the Discourse UI. Their default values can be set using - . + . Settings are expressed as a Nix attribute set which matches the structure of the configuration in config/site_settings.yml. To find a setting’s path, you only need to care about the first - two levels; i.e. its category (e.g. login) - and name (e.g. invite_only). + two levels; i.e. its category (e.g. login) + and name (e.g. invite_only). Settings containing secret data should be set to an attribute @@ -245,12 +242,12 @@ services.discourse = { Plugins You can install Discourse plugins using the - option. + option. Pre-packaged plugins are provided in <your_discourse_package_here>.plugins. If you want the full suite of plugins provided through nixpkgs, you can also set the - option to + option to pkgs.discourseAllPlugins. @@ -284,10 +281,10 @@ services.discourse = { Some plugins provide site settings. Their defaults can be configured using - , just - like regular site settings. To find the names of these settings, - look in the config/settings.yml file of the - plugin repo. + , just like + regular site settings. To find the names of these settings, look + in the config/settings.yml file of the plugin + repo. For example, to add the diff --git a/nixos/modules/services/web-apps/grocy.nix b/nixos/modules/services/web-apps/grocy.nix index 187eed8f0c8..1d5244b42ce 100644 --- a/nixos/modules/services/web-apps/grocy.nix +++ b/nixos/modules/services/web-apps/grocy.nix @@ -167,8 +167,7 @@ in { meta = { maintainers = with maintainers; [ ma27 ]; - # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc grocy.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > grocy.xml` + # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh doc = ./grocy.xml; }; } diff --git a/nixos/modules/services/web-apps/jitsi-meet.nix b/nixos/modules/services/web-apps/jitsi-meet.nix index 2c2d5f21319..b82138a307b 100644 --- a/nixos/modules/services/web-apps/jitsi-meet.nix +++ b/nixos/modules/services/web-apps/jitsi-meet.nix @@ -451,8 +451,7 @@ in }; }; - # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc jitsi-meet.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > jitsi-meet.xml` + # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh meta.doc = ./jitsi-meet.xml; meta.maintainers = lib.teams.jitsi.members; } diff --git a/nixos/modules/services/web-apps/keycloak.nix b/nixos/modules/services/web-apps/keycloak.nix index 8d7f046aa11..7b3814485b9 100644 --- a/nixos/modules/services/web-apps/keycloak.nix +++ b/nixos/modules/services/web-apps/keycloak.nix @@ -674,8 +674,7 @@ in mkIf createLocalMySQL (mkDefault dbPkg); }; - # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc keycloak.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > keycloak.xml` + # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh meta.doc = ./keycloak.xml; meta.maintainers = [ maintainers.talyz ]; } diff --git a/nixos/modules/services/web-apps/keycloak.xml b/nixos/modules/services/web-apps/keycloak.xml index a15cd9a4188..037ae7ff75a 100644 --- a/nixos/modules/services/web-apps/keycloak.xml +++ b/nixos/modules/services/web-apps/keycloak.xml @@ -15,8 +15,8 @@ An administrative user with the username admin is automatically created in the master realm. Its initial password can be configured by setting - - and defaults to changeme. The password is not + and + defaults to changeme. The password is not stored safely and should be changed immediately in the admin panel. @@ -32,30 +32,30 @@ Keycloak can be used with either PostgreSQL, MariaDB or MySQL. Which one is used can be configured in - . The + . The selected database will automatically be enabled and a database and role created unless - is - changed from its default of localhost or - - is set to false. + is changed + from its default of localhost or + is + set to false. External database access can also be configured by setting - , - , - , - and - as + , + , + , + and + as appropriate. Note that you need to manually create the database and allow the configured database user full access to it. - + must be set to the path to a file containing the password used to log in to the database. If - and - + and + are kept at their defaults, the database role keycloak with that password is provisioned on the local database instance. @@ -72,20 +72,20 @@ The hostname is used to build the public URL used as base for all frontend requests and must be configured through - . + . If you’re migrating an old Wildfly based Keycloak instance and want to keep compatibility with your current clients, you’ll likely want to set - + to /auth. See the option description for more details. - + determines whether Keycloak should force all requests to go through the frontend URL. By default, Keycloak allows backend requests to instead use its local hostname or IP address and may @@ -110,8 +110,8 @@ both PEM formatted. Their paths should be set through - and - . + and + . @@ -124,8 +124,7 @@ Themes You can package custom themes and make them visible to Keycloak - through . See - the + through . See the Themes section of the Keycloak Server Development Guide and the description of the aforementioned NixOS option for more @@ -136,7 +135,7 @@ Configuration file settings Keycloak server configuration parameters can be set in - . These + . These correspond directly to options in conf/keycloak.conf. Some of the most important parameters are documented as suboptions, the rest can be @@ -150,8 +149,7 @@ containing the attribute _secret - a string pointing to a file containing the value the option should be set to. See the description of - for an - example. + for an example.
diff --git a/nixos/modules/services/web-apps/lemmy.nix b/nixos/modules/services/web-apps/lemmy.nix index 267584dd0ca..db1518ec293 100644 --- a/nixos/modules/services/web-apps/lemmy.nix +++ b/nixos/modules/services/web-apps/lemmy.nix @@ -6,8 +6,7 @@ let in { meta.maintainers = with maintainers; [ happysalada ]; - # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc lemmy.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart > lemmy.xml` + # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh meta.doc = ./lemmy.xml; imports = [ diff --git a/nixos/modules/services/web-apps/matomo-doc.md b/nixos/modules/services/web-apps/matomo.md similarity index 100% rename from nixos/modules/services/web-apps/matomo-doc.md rename to nixos/modules/services/web-apps/matomo.md diff --git a/nixos/modules/services/web-apps/matomo.nix b/nixos/modules/services/web-apps/matomo.nix index eb204eb3f3d..706e41cbed0 100644 --- a/nixos/modules/services/web-apps/matomo.nix +++ b/nixos/modules/services/web-apps/matomo.nix @@ -325,9 +325,8 @@ in { }; meta = { - # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc matomo-doc.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > matomo-doc.xml` - doc = ./matomo-doc.xml; + # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh + doc = ./matomo.xml; maintainers = with lib.maintainers; [ florianjacob ]; }; } diff --git a/nixos/modules/services/web-apps/matomo-doc.xml b/nixos/modules/services/web-apps/matomo.xml similarity index 94% rename from nixos/modules/services/web-apps/matomo-doc.xml rename to nixos/modules/services/web-apps/matomo.xml index 0254d978698..0d76e4d7e59 100644 --- a/nixos/modules/services/web-apps/matomo-doc.xml +++ b/nixos/modules/services/web-apps/matomo.xml @@ -38,11 +38,11 @@ GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost'; matomo database user (without needing a password), but no other users. For more information on passwordless login, see - https://mariadb.com/kb/en/mariadb/unix_socket-authentication-plugin/. + https://mariadb.com/kb/en/mariadb/unix_socket-authentication-plugin/. - Of course, you can use password based authentication as well, - e.g. when the database is not on the same host. + Of course, you can use password based authentication as well, e.g. + when the database is not on the same host.
@@ -75,7 +75,7 @@ GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost'; /var/lib/matomo/config/config.ini.php file. Use a user in the matomo group or root to access the file. For more information, see - https://matomo.org/faq/how-to-install/faq_138/. + https://matomo.org/faq/how-to-install/faq_138/.
diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix index 3d30c712f67..64e8e4ed5d6 100644 --- a/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -1146,7 +1146,6 @@ in { } ]); - # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc nextcloud.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > nextcloud.xml` + # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh meta.doc = ./nextcloud.xml; } diff --git a/nixos/modules/services/web-apps/nextcloud.xml b/nixos/modules/services/web-apps/nextcloud.xml index 0998f29bac2..40d94cb5858 100644 --- a/nixos/modules/services/web-apps/nextcloud.xml +++ b/nixos/modules/services/web-apps/nextcloud.xml @@ -192,24 +192,24 @@ external storage such as S3. Please note that this won’t work anymore when using OpenSSL 3 for PHP’s openssl extension because this is implemented using the legacy cipher RC4. If - is + is above 22.05, this is disabled by default. To turn it on again and for further information please refer to - . + .
- Using an alternative webserver as reverse-proxy - (e.g. <literal>httpd</literal>) + Using an alternative webserver as reverse-proxy (e.g. + <literal>httpd</literal>) By default, nginx is used as reverse-proxy for - nextcloud. However, it’s possible to use - e.g. httpd by explicitly disabling + nextcloud. However, it’s possible to use e.g. + httpd by explicitly disabling nginx using - and fixing the + and fixing the settings listen.owner & listen.group in the corresponding @@ -268,13 +268,13 @@ Nextcloud apps are installed statefully through the web interface. Some apps may require extra PHP extensions to be installed. This can be configured with the - + setting. Alternatively, extra apps can also be declared with the - setting. - When using this setting, apps can no longer be managed statefully + setting. When + using this setting, apps can no longer be managed statefully because this can lead to Nextcloud updating apps that are managed by Nix. If you want automatic updates it is recommended that you use web interface to install apps. @@ -292,7 +292,7 @@ While minor and patch-level updates are no problem and can be done directly in the package-expression (and should be backported to supported stable branches after that), major-releases should be - added in a new attribute (e.g. Nextcloud + added in a new attribute (e.g. Nextcloud v19.0.0 should be available in nixpkgs as pkgs.nextcloud19). To provide simple upgrade @@ -323,8 +323,8 @@ Ideally we should make sure that it’s possible to jump two NixOS - versions forward: i.e. the warnings and the logic in the module - should guard a user to upgrade from a Nextcloud on e.g. 19.09 to a + versions forward: i.e. the warnings and the logic in the module + should guard a user to upgrade from a Nextcloud on e.g. 19.09 to a Nextcloud on 20.09.
diff --git a/nixos/modules/services/web-apps/pict-rs.nix b/nixos/modules/services/web-apps/pict-rs.nix index ee9ff9b484f..5f02bce3a0a 100644 --- a/nixos/modules/services/web-apps/pict-rs.nix +++ b/nixos/modules/services/web-apps/pict-rs.nix @@ -5,8 +5,7 @@ let in { meta.maintainers = with maintainers; [ happysalada ]; - # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc pict-rs.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart > pict-rs.xml` + # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh meta.doc = ./pict-rs.xml; options.services.pict-rs = { diff --git a/nixos/modules/services/web-apps/pict-rs.xml b/nixos/modules/services/web-apps/pict-rs.xml index 6cae82e01ec..511da8012b7 100644 --- a/nixos/modules/services/web-apps/pict-rs.xml +++ b/nixos/modules/services/web-apps/pict-rs.xml @@ -30,8 +30,26 @@ services.pict-rs.enable = true; This endpoint returns the following JSON structure on success with a 201 Created status - json { "files": [ { "delete_token": "JFvFhqJA98", "file": "lkWZDRvugm.jpg" }, { "delete_token": "kAYy9nk2WK", "file": "8qFS0QooAn.jpg" }, { "delete_token": "OxRpM3sf0Y", "file": "1hJaYfGE01.jpg" } ], "msg": "ok" } + +{ + "files": [ + { + "delete_token": "JFvFhqJA98", + "file": "lkWZDRvugm.jpg" + }, + { + "delete_token": "kAYy9nk2WK", + "file": "8qFS0QooAn.jpg" + }, + { + "delete_token": "OxRpM3sf0Y", + "file": "1hJaYfGE01.jpg" + } + ], + "msg": "ok" +} + @@ -53,8 +71,20 @@ services.pict-rs.enable = true; GET /image/details/original/{file} for getting the details of a full-resolution image. The returned JSON is structured like so: - json { "width": 800, "height": 537, "content_type": "image/webp", "created_at": [ 2020, 345, 67376, 394363487 ] } + +{ + "width": 800, + "height": 537, + "content_type": "image/webp", + "created_at": [ + 2020, + 345, + 67376, + 394363487 + ] +} + @@ -111,7 +141,11 @@ services.pict-rs.enable = true; An example of usage could be - GET /image/process.jpg?src=asdf.png&thumbnail=256&blur=3.0 + + +GET /image/process.jpg?src=asdf.png&thumbnail=256&blur=3.0 + + which would create a 256x256px JPEG thumbnail and blur it diff --git a/nixos/modules/services/web-apps/plausible.nix b/nixos/modules/services/web-apps/plausible.nix index cb46a88cd9f..0475bb796cd 100644 --- a/nixos/modules/services/web-apps/plausible.nix +++ b/nixos/modules/services/web-apps/plausible.nix @@ -292,7 +292,6 @@ in { }; meta.maintainers = with maintainers; [ ma27 ]; - # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc plausible.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > plausible.xml` + # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh meta.doc = ./plausible.xml; } diff --git a/nixos/modules/services/web-servers/garage-doc.md b/nixos/modules/services/web-servers/garage.md similarity index 100% rename from nixos/modules/services/web-servers/garage-doc.md rename to nixos/modules/services/web-servers/garage.md diff --git a/nixos/modules/services/web-servers/garage.nix b/nixos/modules/services/web-servers/garage.nix index ed5b89f916c..afdb8044c29 100644 --- a/nixos/modules/services/web-servers/garage.nix +++ b/nixos/modules/services/web-servers/garage.nix @@ -9,9 +9,8 @@ let in { meta = { - # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc garage-doc.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > garage-doc.xml` - doc = ./garage-doc.xml; + # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh + doc = ./garage.xml; maintainers = with pkgs.lib.maintainers; [ raitobezarius ]; }; diff --git a/nixos/modules/services/web-servers/garage-doc.xml b/nixos/modules/services/web-servers/garage.xml similarity index 93% rename from nixos/modules/services/web-servers/garage-doc.xml rename to nixos/modules/services/web-servers/garage.xml index 447a27d2bf8..cb9d50a2aa1 100644 --- a/nixos/modules/services/web-servers/garage-doc.xml +++ b/nixos/modules/services/web-servers/garage.xml @@ -16,7 +16,7 @@ General considerations on upgrades Garage provides a cookbook documentation on how to upgrade: - https://garagehq.deuxfleurs.fr/documentation/cookbook/upgrading/ + https://garagehq.deuxfleurs.fr/documentation/cookbook/upgrading/ @@ -36,7 +36,7 @@ Until 1.0 is released, patch-level upgrades are considered as minor version upgrades. Minor version upgrades are considered as - major version upgrades. i.e. 0.6 to 0.7 is a major version + major version upgrades. i.e. 0.6 to 0.7 is a major version upgrade. @@ -45,7 +45,7 @@ Straightforward upgrades (patch-level upgrades). Upgrades must be performed one by one, - i.e. for each node, stop it, upgrade it : change + i.e. for each node, stop it, upgrade it : change stateVersion or services.garage.package, restart it if it was not already by switching. @@ -110,7 +110,7 @@ - Backup the metadata folder of ALL your nodes, e.g. for a + Backup the metadata folder of ALL your nodes, e.g. for a metadata directory (the default one) in /var/lib/garage/meta, you can run pushd /var/lib/garage; tar -acf meta-v0.7.tar.zst meta/; popd. @@ -166,7 +166,7 @@ While patch-level updates are no problem and can be done directly in the package-expression (and should be backported to supported stable branches after that), major-releases should be added in a - new attribute (e.g. Garage v0.8.0 should be + new attribute (e.g. Garage v0.8.0 should be available in nixpkgs as pkgs.garage_0_8_0). To provide simple upgrade paths it’s generally useful to backport those as well to stable @@ -196,8 +196,8 @@ Ideally we should make sure that it’s possible to jump two NixOS - versions forward: i.e. the warnings and the logic in the module - should guard a user to upgrade from a Garage on e.g. 22.11 to a + versions forward: i.e. the warnings and the logic in the module + should guard a user to upgrade from a Garage on e.g. 22.11 to a Garage on 23.11.
diff --git a/nixos/modules/services/x11/desktop-managers/gnome.nix b/nixos/modules/services/x11/desktop-managers/gnome.nix index 62535e996bb..63de2159476 100644 --- a/nixos/modules/services/x11/desktop-managers/gnome.nix +++ b/nixos/modules/services/x11/desktop-managers/gnome.nix @@ -66,8 +66,7 @@ in { meta = { - # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc gnome.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > gnome.xml` + # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh doc = ./gnome.xml; maintainers = teams.gnome.members; }; diff --git a/nixos/modules/services/x11/desktop-managers/gnome.xml b/nixos/modules/services/x11/desktop-managers/gnome.xml index d1038bded00..2c46b39ead1 100644 --- a/nixos/modules/services/x11/desktop-managers/gnome.xml +++ b/nixos/modules/services/x11/desktop-managers/gnome.xml @@ -48,9 +48,9 @@ services.gnome.core-utilities.enable = false; If you’d only like to omit a subset of the core utilities, you can use - . - Note that this mechanism can only exclude core utilities, games - and core developer tools. + . Note + that this mechanism can only exclude core utilities, games and + core developer tools.
@@ -103,7 +103,7 @@ services.xserver.desktopManager.gnome.flashback.enableMetacity = true; It is also possible to create custom sessions that replace Metacity with a different window manager using - . + . The following example uses xmonad window @@ -128,8 +128,8 @@ services.xserver.desktopManager.gnome.flashback.customSessions = [ You can add them to - and switch - to them with GNOME Tweaks. If you’d like to do this manually in + and switch to + them with GNOME Tweaks. If you’d like to do this manually in dconf, change the values of the following keys: @@ -204,13 +204,13 @@ environment.systemPackages = [ You can override the default GSettings values using the - + option. Take note that whatever packages you want to override GSettings for, you need to add them to - . + . You can use dconf-editor tool to explore which diff --git a/nixos/modules/services/x11/desktop-managers/pantheon.nix b/nixos/modules/services/x11/desktop-managers/pantheon.nix index 14a03c0408e..90990cd54da 100644 --- a/nixos/modules/services/x11/desktop-managers/pantheon.nix +++ b/nixos/modules/services/x11/desktop-managers/pantheon.nix @@ -17,8 +17,7 @@ in { meta = { - # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc pantheon.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > pantheon.xml` + # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh doc = ./pantheon.xml; maintainers = teams.pantheon.members; }; diff --git a/nixos/modules/services/x11/desktop-managers/pantheon.xml b/nixos/modules/services/x11/desktop-managers/pantheon.xml index 5aa575aeec4..1377927fe6a 100644 --- a/nixos/modules/services/x11/desktop-managers/pantheon.xml +++ b/nixos/modules/services/x11/desktop-managers/pantheon.xml @@ -35,8 +35,8 @@ services.pantheon.apps.enable = false; You can also use - - to remove any other app (like elementary-mail). + to + remove any other app (like elementary-mail).
@@ -51,12 +51,12 @@ services.pantheon.apps.enable = false; - + - + @@ -108,7 +108,7 @@ switchboard-with-plugs.override {
FAQ - + I have diff --git a/nixos/modules/system/boot/loader/external/external.nix b/nixos/modules/system/boot/loader/external/external.nix index 5cf478e6c83..0f4f82da693 100644 --- a/nixos/modules/system/boot/loader/external/external.nix +++ b/nixos/modules/system/boot/loader/external/external.nix @@ -8,8 +8,7 @@ in { meta = { maintainers = with maintainers; [ cole-h grahamc raitobezarius ]; - # Don't edit the docbook xml directly, edit the md and generate it: - # `pandoc external.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart > external.xml` + # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh doc = ./external.xml; }; From b15f4d0f9735f3dbce30b7d8c490627f5d9394e5 Mon Sep 17 00:00:00 2001 From: pennae Date: Tue, 10 Jan 2023 10:37:57 +0100 Subject: [PATCH 071/155] nixos/akkoma: auto-generate module chapter from MD --- nixos/modules/services/web-apps/akkoma.nix | 1 + nixos/modules/services/web-apps/akkoma.xml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/nixos/modules/services/web-apps/akkoma.nix b/nixos/modules/services/web-apps/akkoma.nix index 47ba53e4222..170b7680f01 100644 --- a/nixos/modules/services/web-apps/akkoma.nix +++ b/nixos/modules/services/web-apps/akkoma.nix @@ -1082,5 +1082,6 @@ in { }; meta.maintainers = with maintainers; [ mvs ]; + # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh meta.doc = ./akkoma.xml; } diff --git a/nixos/modules/services/web-apps/akkoma.xml b/nixos/modules/services/web-apps/akkoma.xml index 76e6b806f30..a1c4c0e30be 100644 --- a/nixos/modules/services/web-apps/akkoma.xml +++ b/nixos/modules/services/web-apps/akkoma.xml @@ -371,7 +371,7 @@ services.systemd.akkoma.confinement.enable = true; and permit access to outside paths through bind mounts. Refer to - systemd.exec5 + systemd.exec5 for details.
From 53fc887582fba4fd4938ce1b647d6152ea374ed1 Mon Sep 17 00:00:00 2001 From: pennae Date: Tue, 10 Jan 2023 12:34:37 +0100 Subject: [PATCH 072/155] nixos/manual: move "edit the MD file" comments to generated XML --- nixos/doc/manual/md-to-db.sh | 3 +++ nixos/modules/i18n/input-method/default.nix | 1 - nixos/modules/i18n/input-method/default.xml | 2 ++ nixos/modules/programs/digitalbitbox/default.nix | 1 - nixos/modules/programs/digitalbitbox/default.xml | 2 ++ nixos/modules/programs/plotinus.nix | 1 - nixos/modules/programs/plotinus.xml | 2 ++ nixos/modules/programs/zsh/oh-my-zsh.nix | 1 - nixos/modules/programs/zsh/oh-my-zsh.xml | 2 ++ nixos/modules/security/acme/default.nix | 1 - nixos/modules/security/acme/default.xml | 2 ++ nixos/modules/services/backup/borgbackup.nix | 1 - nixos/modules/services/backup/borgbackup.xml | 2 ++ nixos/modules/services/databases/foundationdb.nix | 1 - nixos/modules/services/databases/foundationdb.xml | 2 ++ nixos/modules/services/databases/postgresql.nix | 1 - nixos/modules/services/databases/postgresql.xml | 2 ++ nixos/modules/services/desktops/flatpak.nix | 1 - nixos/modules/services/desktops/flatpak.xml | 2 ++ nixos/modules/services/development/blackfire.nix | 1 - nixos/modules/services/development/blackfire.xml | 2 ++ nixos/modules/services/editors/emacs.nix | 1 - nixos/modules/services/editors/emacs.xml | 2 ++ nixos/modules/services/hardware/trezord.nix | 1 - nixos/modules/services/hardware/trezord.xml | 2 ++ nixos/modules/services/mail/mailman.nix | 1 - nixos/modules/services/mail/mailman.xml | 2 ++ nixos/modules/services/matrix/mjolnir.nix | 1 - nixos/modules/services/matrix/mjolnir.xml | 2 ++ nixos/modules/services/matrix/synapse.nix | 1 - nixos/modules/services/matrix/synapse.xml | 2 ++ nixos/modules/services/misc/gitlab.nix | 1 - nixos/modules/services/misc/gitlab.xml | 2 ++ nixos/modules/services/misc/sourcehut/default.nix | 1 - nixos/modules/services/misc/sourcehut/default.xml | 2 ++ nixos/modules/services/misc/taskserver/default.nix | 1 - nixos/modules/services/misc/taskserver/default.xml | 2 ++ nixos/modules/services/misc/weechat.nix | 1 - nixos/modules/services/misc/weechat.xml | 2 ++ nixos/modules/services/monitoring/parsedmarc.nix | 1 - nixos/modules/services/monitoring/parsedmarc.xml | 2 ++ nixos/modules/services/monitoring/prometheus/exporters.nix | 1 - nixos/modules/services/monitoring/prometheus/exporters.xml | 2 ++ .../services/network-filesystems/litestream/default.nix | 1 - .../services/network-filesystems/litestream/default.xml | 2 ++ nixos/modules/services/networking/firefox-syncserver.nix | 1 - nixos/modules/services/networking/firefox-syncserver.xml | 2 ++ nixos/modules/services/networking/mosquitto.nix | 1 - nixos/modules/services/networking/mosquitto.xml | 2 ++ nixos/modules/services/networking/pleroma.nix | 1 - nixos/modules/services/networking/pleroma.xml | 2 ++ nixos/modules/services/networking/prosody.nix | 1 - nixos/modules/services/networking/prosody.xml | 2 ++ nixos/modules/services/networking/yggdrasil.nix | 1 - nixos/modules/services/networking/yggdrasil.xml | 2 ++ nixos/modules/services/search/meilisearch.nix | 1 - nixos/modules/services/search/meilisearch.xml | 2 ++ nixos/modules/services/web-apps/akkoma.nix | 1 - nixos/modules/services/web-apps/akkoma.xml | 2 ++ nixos/modules/services/web-apps/discourse.nix | 1 - nixos/modules/services/web-apps/discourse.xml | 2 ++ nixos/modules/services/web-apps/grocy.nix | 1 - nixos/modules/services/web-apps/grocy.xml | 2 ++ nixos/modules/services/web-apps/jitsi-meet.nix | 1 - nixos/modules/services/web-apps/jitsi-meet.xml | 2 ++ nixos/modules/services/web-apps/keycloak.nix | 1 - nixos/modules/services/web-apps/keycloak.xml | 2 ++ nixos/modules/services/web-apps/lemmy.nix | 1 - nixos/modules/services/web-apps/lemmy.xml | 2 ++ nixos/modules/services/web-apps/matomo.nix | 1 - nixos/modules/services/web-apps/matomo.xml | 2 ++ nixos/modules/services/web-apps/nextcloud.nix | 1 - nixos/modules/services/web-apps/nextcloud.xml | 2 ++ nixos/modules/services/web-apps/pict-rs.nix | 1 - nixos/modules/services/web-apps/pict-rs.xml | 2 ++ nixos/modules/services/web-apps/plausible.nix | 1 - nixos/modules/services/web-apps/plausible.xml | 2 ++ nixos/modules/services/web-servers/garage.nix | 1 - nixos/modules/services/web-servers/garage.xml | 2 ++ nixos/modules/services/x11/desktop-managers/gnome.nix | 1 - nixos/modules/services/x11/desktop-managers/gnome.xml | 2 ++ nixos/modules/services/x11/desktop-managers/pantheon.nix | 1 - nixos/modules/services/x11/desktop-managers/pantheon.xml | 2 ++ nixos/modules/system/boot/loader/external/external.nix | 1 - nixos/modules/system/boot/loader/external/external.xml | 2 ++ 85 files changed, 87 insertions(+), 42 deletions(-) diff --git a/nixos/doc/manual/md-to-db.sh b/nixos/doc/manual/md-to-db.sh index abf9417c50a..a7421bed532 100755 --- a/nixos/doc/manual/md-to-db.sh +++ b/nixos/doc/manual/md-to-db.sh @@ -62,6 +62,9 @@ for mf in ${MD_FILES[*]}; do [ -f "${mf%.md}.nix" ] || continue pandoc --top-level-division=chapter "$mf" "${pandoc_flags[@]}" -o "${mf%.md}.xml" + sed -i -e '1 i ' \ + "${mf%.md}.xml" done popd diff --git a/nixos/modules/i18n/input-method/default.nix b/nixos/modules/i18n/input-method/default.nix index 452b0d7b264..07fb86bcc25 100644 --- a/nixos/modules/i18n/input-method/default.nix +++ b/nixos/modules/i18n/input-method/default.nix @@ -66,7 +66,6 @@ in meta = { maintainers = with lib.maintainers; [ ericsagnes ]; - # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh doc = ./default.xml; }; diff --git a/nixos/modules/i18n/input-method/default.xml b/nixos/modules/i18n/input-method/default.xml index b3706086bef..7b7907cd32a 100644 --- a/nixos/modules/i18n/input-method/default.xml +++ b/nixos/modules/i18n/input-method/default.xml @@ -1,3 +1,5 @@ + Input Methods diff --git a/nixos/modules/programs/digitalbitbox/default.nix b/nixos/modules/programs/digitalbitbox/default.nix index fb18c52187b..054110fe5df 100644 --- a/nixos/modules/programs/digitalbitbox/default.nix +++ b/nixos/modules/programs/digitalbitbox/default.nix @@ -33,7 +33,6 @@ in }; meta = { - # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh doc = ./default.xml; maintainers = with lib.maintainers; [ vidbina ]; }; diff --git a/nixos/modules/programs/digitalbitbox/default.xml b/nixos/modules/programs/digitalbitbox/default.xml index d5e1110bafb..ee892523223 100644 --- a/nixos/modules/programs/digitalbitbox/default.xml +++ b/nixos/modules/programs/digitalbitbox/default.xml @@ -1,3 +1,5 @@ + Digital Bitbox diff --git a/nixos/modules/programs/plotinus.nix b/nixos/modules/programs/plotinus.nix index cc73df2f791..a011bb862ae 100644 --- a/nixos/modules/programs/plotinus.nix +++ b/nixos/modules/programs/plotinus.nix @@ -8,7 +8,6 @@ in { meta = { maintainers = pkgs.plotinus.meta.maintainers; - # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh doc = ./plotinus.xml; }; diff --git a/nixos/modules/programs/plotinus.xml b/nixos/modules/programs/plotinus.xml index eb8c65f94bc..2d4db028514 100644 --- a/nixos/modules/programs/plotinus.xml +++ b/nixos/modules/programs/plotinus.xml @@ -1,3 +1,5 @@ + Plotinus diff --git a/nixos/modules/programs/zsh/oh-my-zsh.nix b/nixos/modules/programs/zsh/oh-my-zsh.nix index a2d6eb14bdf..41ea31b0f12 100644 --- a/nixos/modules/programs/zsh/oh-my-zsh.nix +++ b/nixos/modules/programs/zsh/oh-my-zsh.nix @@ -142,6 +142,5 @@ in }; - # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh meta.doc = ./oh-my-zsh.xml; } diff --git a/nixos/modules/programs/zsh/oh-my-zsh.xml b/nixos/modules/programs/zsh/oh-my-zsh.xml index be868326c25..2a2bba96b85 100644 --- a/nixos/modules/programs/zsh/oh-my-zsh.xml +++ b/nixos/modules/programs/zsh/oh-my-zsh.xml @@ -1,3 +1,5 @@ + Oh my ZSH diff --git a/nixos/modules/security/acme/default.nix b/nixos/modules/security/acme/default.nix index baa7a516ce3..06db420632e 100644 --- a/nixos/modules/security/acme/default.nix +++ b/nixos/modules/security/acme/default.nix @@ -916,7 +916,6 @@ in { meta = { maintainers = lib.teams.acme.members; - # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh doc = ./default.xml; }; } diff --git a/nixos/modules/security/acme/default.xml b/nixos/modules/security/acme/default.xml index 766421c6237..e80ce3b6a49 100644 --- a/nixos/modules/security/acme/default.xml +++ b/nixos/modules/security/acme/default.xml @@ -1,3 +1,5 @@ + SSL/TLS Certificates with ACME diff --git a/nixos/modules/services/backup/borgbackup.nix b/nixos/modules/services/backup/borgbackup.nix index 5489aac0111..c5fc09dcea0 100644 --- a/nixos/modules/services/backup/borgbackup.nix +++ b/nixos/modules/services/backup/borgbackup.nix @@ -226,7 +226,6 @@ let in { meta.maintainers = with maintainers; [ dotlambda ]; - # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh meta.doc = ./borgbackup.xml; ###### interface diff --git a/nixos/modules/services/backup/borgbackup.xml b/nixos/modules/services/backup/borgbackup.xml index 1b864d6cdd5..2b9e0baa6d0 100644 --- a/nixos/modules/services/backup/borgbackup.xml +++ b/nixos/modules/services/backup/borgbackup.xml @@ -1,3 +1,5 @@ + BorgBackup diff --git a/nixos/modules/services/databases/foundationdb.nix b/nixos/modules/services/databases/foundationdb.nix index 3d72d8ec6d2..16d539b661e 100644 --- a/nixos/modules/services/databases/foundationdb.nix +++ b/nixos/modules/services/databases/foundationdb.nix @@ -424,7 +424,6 @@ in }; }; - # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh meta.doc = ./foundationdb.xml; meta.maintainers = with lib.maintainers; [ thoughtpolice ]; } diff --git a/nixos/modules/services/databases/foundationdb.xml b/nixos/modules/services/databases/foundationdb.xml index e4a01260421..611535a9eb8 100644 --- a/nixos/modules/services/databases/foundationdb.xml +++ b/nixos/modules/services/databases/foundationdb.xml @@ -1,3 +1,5 @@ + FoundationDB diff --git a/nixos/modules/services/databases/postgresql.nix b/nixos/modules/services/databases/postgresql.nix index 40a1acb39a3..6665e7a088f 100644 --- a/nixos/modules/services/databases/postgresql.nix +++ b/nixos/modules/services/databases/postgresql.nix @@ -585,7 +585,6 @@ in }; - # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh meta.doc = ./postgresql.xml; meta.maintainers = with lib.maintainers; [ thoughtpolice danbst ]; } diff --git a/nixos/modules/services/databases/postgresql.xml b/nixos/modules/services/databases/postgresql.xml index 6aa2a3812ff..2f62d5d80b1 100644 --- a/nixos/modules/services/databases/postgresql.xml +++ b/nixos/modules/services/databases/postgresql.xml @@ -1,3 +1,5 @@ + PostgreSQL diff --git a/nixos/modules/services/desktops/flatpak.nix b/nixos/modules/services/desktops/flatpak.nix index b08d7db226d..3b14ad75ab3 100644 --- a/nixos/modules/services/desktops/flatpak.nix +++ b/nixos/modules/services/desktops/flatpak.nix @@ -7,7 +7,6 @@ let cfg = config.services.flatpak; in { meta = { - # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh doc = ./flatpak.xml; maintainers = pkgs.flatpak.meta.maintainers; }; diff --git a/nixos/modules/services/desktops/flatpak.xml b/nixos/modules/services/desktops/flatpak.xml index 6230a7b1fa0..cdc3278fa99 100644 --- a/nixos/modules/services/desktops/flatpak.xml +++ b/nixos/modules/services/desktops/flatpak.xml @@ -1,3 +1,5 @@ + Flatpak diff --git a/nixos/modules/services/development/blackfire.nix b/nixos/modules/services/development/blackfire.nix index 58ef75d23da..054cef9ae80 100644 --- a/nixos/modules/services/development/blackfire.nix +++ b/nixos/modules/services/development/blackfire.nix @@ -11,7 +11,6 @@ let in { meta = { maintainers = pkgs.blackfire.meta.maintainers; - # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh doc = ./blackfire.xml; }; diff --git a/nixos/modules/services/development/blackfire.xml b/nixos/modules/services/development/blackfire.xml index 99afaa11e04..842e5bec97d 100644 --- a/nixos/modules/services/development/blackfire.xml +++ b/nixos/modules/services/development/blackfire.xml @@ -1,3 +1,5 @@ + Blackfire profiler diff --git a/nixos/modules/services/editors/emacs.nix b/nixos/modules/services/editors/emacs.nix index 2aa38298716..5ae28cd9bbb 100644 --- a/nixos/modules/services/editors/emacs.nix +++ b/nixos/modules/services/editors/emacs.nix @@ -99,6 +99,5 @@ in environment.variables.EDITOR = mkIf cfg.defaultEditor (mkOverride 900 "${editorScript}/bin/emacseditor"); }; - # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh meta.doc = ./emacs.xml; } diff --git a/nixos/modules/services/editors/emacs.xml b/nixos/modules/services/editors/emacs.xml index d510556c29c..37d7a93a12b 100644 --- a/nixos/modules/services/editors/emacs.xml +++ b/nixos/modules/services/editors/emacs.xml @@ -1,3 +1,5 @@ + Emacs diff --git a/nixos/modules/services/hardware/trezord.nix b/nixos/modules/services/hardware/trezord.nix index ae19b7f3e5b..70c1fd09860 100644 --- a/nixos/modules/services/hardware/trezord.nix +++ b/nixos/modules/services/hardware/trezord.nix @@ -8,7 +8,6 @@ in { ### docs meta = { - # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh doc = ./trezord.xml; }; diff --git a/nixos/modules/services/hardware/trezord.xml b/nixos/modules/services/hardware/trezord.xml index 6cdff821980..1ba9dc1f188 100644 --- a/nixos/modules/services/hardware/trezord.xml +++ b/nixos/modules/services/hardware/trezord.xml @@ -1,3 +1,5 @@ + Trezor diff --git a/nixos/modules/services/mail/mailman.nix b/nixos/modules/services/mail/mailman.nix index 89c11a5d2f7..2adc7427abf 100644 --- a/nixos/modules/services/mail/mailman.nix +++ b/nixos/modules/services/mail/mailman.nix @@ -642,7 +642,6 @@ in { meta = { maintainers = with lib.maintainers; [ lheckemann qyliss ma27 ]; - # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh doc = ./mailman.xml; }; diff --git a/nixos/modules/services/mail/mailman.xml b/nixos/modules/services/mail/mailman.xml index 04f6d202056..23b0d0b7da4 100644 --- a/nixos/modules/services/mail/mailman.xml +++ b/nixos/modules/services/mail/mailman.xml @@ -1,3 +1,5 @@ + Mailman diff --git a/nixos/modules/services/matrix/mjolnir.nix b/nixos/modules/services/matrix/mjolnir.nix index d568beb2e7a..cbf7b93329d 100644 --- a/nixos/modules/services/matrix/mjolnir.nix +++ b/nixos/modules/services/matrix/mjolnir.nix @@ -236,7 +236,6 @@ in }; meta = { - # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh doc = ./mjolnir.xml; maintainers = with maintainers; [ jojosch ]; }; diff --git a/nixos/modules/services/matrix/mjolnir.xml b/nixos/modules/services/matrix/mjolnir.xml index 2d2d5d3d9e2..5bd2919e437 100644 --- a/nixos/modules/services/matrix/mjolnir.xml +++ b/nixos/modules/services/matrix/mjolnir.xml @@ -1,3 +1,5 @@ + Mjolnir (Matrix Moderation Tool) diff --git a/nixos/modules/services/matrix/synapse.nix b/nixos/modules/services/matrix/synapse.nix index fff2e31abe6..3087d879b9d 100644 --- a/nixos/modules/services/matrix/synapse.nix +++ b/nixos/modules/services/matrix/synapse.nix @@ -801,7 +801,6 @@ in { meta = { buildDocsInSandbox = false; - # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh doc = ./synapse.xml; maintainers = teams.matrix.members; }; diff --git a/nixos/modules/services/matrix/synapse.xml b/nixos/modules/services/matrix/synapse.xml index 62c3c62d3d1..686aec93ab6 100644 --- a/nixos/modules/services/matrix/synapse.xml +++ b/nixos/modules/services/matrix/synapse.xml @@ -1,3 +1,5 @@ + Matrix diff --git a/nixos/modules/services/misc/gitlab.nix b/nixos/modules/services/misc/gitlab.nix index 892e5307fef..e7c707228f1 100644 --- a/nixos/modules/services/misc/gitlab.nix +++ b/nixos/modules/services/misc/gitlab.nix @@ -1502,7 +1502,6 @@ in { }; - # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh meta.doc = ./gitlab.xml; } diff --git a/nixos/modules/services/misc/gitlab.xml b/nixos/modules/services/misc/gitlab.xml index 69c5cd16e01..a193657b0b7 100644 --- a/nixos/modules/services/misc/gitlab.xml +++ b/nixos/modules/services/misc/gitlab.xml @@ -1,3 +1,5 @@ + GitLab diff --git a/nixos/modules/services/misc/sourcehut/default.nix b/nixos/modules/services/misc/sourcehut/default.nix index 38531b96961..b03cf0739e9 100644 --- a/nixos/modules/services/misc/sourcehut/default.nix +++ b/nixos/modules/services/misc/sourcehut/default.nix @@ -1390,7 +1390,6 @@ in '') ]; - # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh meta.doc = ./default.xml; meta.maintainers = with maintainers; [ tomberek ]; } diff --git a/nixos/modules/services/misc/sourcehut/default.xml b/nixos/modules/services/misc/sourcehut/default.xml index cc309903889..1d8330931dd 100644 --- a/nixos/modules/services/misc/sourcehut/default.xml +++ b/nixos/modules/services/misc/sourcehut/default.xml @@ -1,3 +1,5 @@ + Sourcehut diff --git a/nixos/modules/services/misc/taskserver/default.nix b/nixos/modules/services/misc/taskserver/default.nix index dbb3ede4010..7331c323adb 100644 --- a/nixos/modules/services/misc/taskserver/default.nix +++ b/nixos/modules/services/misc/taskserver/default.nix @@ -566,6 +566,5 @@ in { }) ]; - # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh meta.doc = ./default.xml; } diff --git a/nixos/modules/services/misc/taskserver/default.xml b/nixos/modules/services/misc/taskserver/default.xml index a4668731491..bbb38211b7c 100644 --- a/nixos/modules/services/misc/taskserver/default.xml +++ b/nixos/modules/services/misc/taskserver/default.xml @@ -1,3 +1,5 @@ + Taskserver diff --git a/nixos/modules/services/misc/weechat.nix b/nixos/modules/services/misc/weechat.nix index cb119f7c3fc..663a767a0c1 100644 --- a/nixos/modules/services/misc/weechat.nix +++ b/nixos/modules/services/misc/weechat.nix @@ -59,6 +59,5 @@ in }; }; - # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh meta.doc = ./weechat.xml; } diff --git a/nixos/modules/services/misc/weechat.xml b/nixos/modules/services/misc/weechat.xml index 596acbb927b..83ae171217d 100644 --- a/nixos/modules/services/misc/weechat.xml +++ b/nixos/modules/services/misc/weechat.xml @@ -1,3 +1,5 @@ + WeeChat diff --git a/nixos/modules/services/monitoring/parsedmarc.nix b/nixos/modules/services/monitoring/parsedmarc.nix index e663e46cf00..2e7c4fd00b4 100644 --- a/nixos/modules/services/monitoring/parsedmarc.nix +++ b/nixos/modules/services/monitoring/parsedmarc.nix @@ -539,7 +539,6 @@ in }; }; - # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh meta.doc = ./parsedmarc.xml; meta.maintainers = [ lib.maintainers.talyz ]; } diff --git a/nixos/modules/services/monitoring/parsedmarc.xml b/nixos/modules/services/monitoring/parsedmarc.xml index f34d47429d8..4d9b12c9a42 100644 --- a/nixos/modules/services/monitoring/parsedmarc.xml +++ b/nixos/modules/services/monitoring/parsedmarc.xml @@ -1,3 +1,5 @@ + parsedmarc diff --git a/nixos/modules/services/monitoring/prometheus/exporters.nix b/nixos/modules/services/monitoring/prometheus/exporters.nix index 33df9e37fb9..f3fbfb149ad 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters.nix @@ -323,7 +323,6 @@ in ); meta = { - # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh doc = ./exporters.xml; maintainers = [ maintainers.willibutz ]; }; diff --git a/nixos/modules/services/monitoring/prometheus/exporters.xml b/nixos/modules/services/monitoring/prometheus/exporters.xml index f813f3cc39a..0ea95e513ff 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters.xml +++ b/nixos/modules/services/monitoring/prometheus/exporters.xml @@ -1,3 +1,5 @@ + Prometheus exporters diff --git a/nixos/modules/services/network-filesystems/litestream/default.nix b/nixos/modules/services/network-filesystems/litestream/default.nix index 5559198d580..0d987f12a32 100644 --- a/nixos/modules/services/network-filesystems/litestream/default.nix +++ b/nixos/modules/services/network-filesystems/litestream/default.nix @@ -95,6 +95,5 @@ in users.groups.litestream = {}; }; - # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh meta.doc = ./default.xml; } diff --git a/nixos/modules/services/network-filesystems/litestream/default.xml b/nixos/modules/services/network-filesystems/litestream/default.xml index 0a2cfc3db1e..756899fdb88 100644 --- a/nixos/modules/services/network-filesystems/litestream/default.xml +++ b/nixos/modules/services/network-filesystems/litestream/default.xml @@ -1,3 +1,5 @@ + Litestream diff --git a/nixos/modules/services/networking/firefox-syncserver.nix b/nixos/modules/services/networking/firefox-syncserver.nix index 663010999ff..c26a6ae265f 100644 --- a/nixos/modules/services/networking/firefox-syncserver.nix +++ b/nixos/modules/services/networking/firefox-syncserver.nix @@ -311,7 +311,6 @@ in meta = { maintainers = with lib.maintainers; [ pennae ]; - # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh doc = ./firefox-syncserver.xml; }; } diff --git a/nixos/modules/services/networking/firefox-syncserver.xml b/nixos/modules/services/networking/firefox-syncserver.xml index 66c81226695..440922cbba0 100644 --- a/nixos/modules/services/networking/firefox-syncserver.xml +++ b/nixos/modules/services/networking/firefox-syncserver.xml @@ -1,3 +1,5 @@ + Firefox Sync server diff --git a/nixos/modules/services/networking/mosquitto.nix b/nixos/modules/services/networking/mosquitto.nix index 6c7e1ed720e..56341202556 100644 --- a/nixos/modules/services/networking/mosquitto.nix +++ b/nixos/modules/services/networking/mosquitto.nix @@ -671,7 +671,6 @@ in meta = { maintainers = with lib.maintainers; [ pennae ]; - # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh doc = ./mosquitto.xml; }; } diff --git a/nixos/modules/services/networking/mosquitto.xml b/nixos/modules/services/networking/mosquitto.xml index 17dc85700f8..91934617c56 100644 --- a/nixos/modules/services/networking/mosquitto.xml +++ b/nixos/modules/services/networking/mosquitto.xml @@ -1,3 +1,5 @@ + Mosquitto diff --git a/nixos/modules/services/networking/pleroma.nix b/nixos/modules/services/networking/pleroma.nix index bbd52176767..f317510258b 100644 --- a/nixos/modules/services/networking/pleroma.nix +++ b/nixos/modules/services/networking/pleroma.nix @@ -147,6 +147,5 @@ in { }; meta.maintainers = with lib.maintainers; [ ninjatrappeur ]; - # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh meta.doc = ./pleroma.xml; } diff --git a/nixos/modules/services/networking/pleroma.xml b/nixos/modules/services/networking/pleroma.xml index 2a81e166d10..97954f4b951 100644 --- a/nixos/modules/services/networking/pleroma.xml +++ b/nixos/modules/services/networking/pleroma.xml @@ -1,3 +1,5 @@ + Pleroma diff --git a/nixos/modules/services/networking/prosody.nix b/nixos/modules/services/networking/prosody.nix index 5ef472bf9c2..0746bbf184f 100644 --- a/nixos/modules/services/networking/prosody.nix +++ b/nixos/modules/services/networking/prosody.nix @@ -905,6 +905,5 @@ in }; - # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh meta.doc = ./prosody.xml; } diff --git a/nixos/modules/services/networking/prosody.xml b/nixos/modules/services/networking/prosody.xml index 2323f7596df..5df046f8145 100644 --- a/nixos/modules/services/networking/prosody.xml +++ b/nixos/modules/services/networking/prosody.xml @@ -1,3 +1,5 @@ + Prosody diff --git a/nixos/modules/services/networking/yggdrasil.nix b/nixos/modules/services/networking/yggdrasil.nix index fd2dede1357..3d5cbdd2dc3 100644 --- a/nixos/modules/services/networking/yggdrasil.nix +++ b/nixos/modules/services/networking/yggdrasil.nix @@ -193,7 +193,6 @@ in { environment.systemPackages = [ cfg.package ]; }); meta = { - # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh doc = ./yggdrasil.xml; maintainers = with lib.maintainers; [ gazally ehmry ]; }; diff --git a/nixos/modules/services/networking/yggdrasil.xml b/nixos/modules/services/networking/yggdrasil.xml index 35388ea4cf4..39faacbf30e 100644 --- a/nixos/modules/services/networking/yggdrasil.xml +++ b/nixos/modules/services/networking/yggdrasil.xml @@ -1,3 +1,5 @@ + Yggdrasil diff --git a/nixos/modules/services/search/meilisearch.nix b/nixos/modules/services/search/meilisearch.nix index 98364e141c2..9b727b76b1c 100644 --- a/nixos/modules/services/search/meilisearch.nix +++ b/nixos/modules/services/search/meilisearch.nix @@ -9,7 +9,6 @@ in { meta.maintainers = with maintainers; [ Br1ght0ne happysalada ]; - # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh meta.doc = ./meilisearch.xml; ###### interface diff --git a/nixos/modules/services/search/meilisearch.xml b/nixos/modules/services/search/meilisearch.xml index c222c042562..8bfd64920b0 100644 --- a/nixos/modules/services/search/meilisearch.xml +++ b/nixos/modules/services/search/meilisearch.xml @@ -1,3 +1,5 @@ + Meilisearch diff --git a/nixos/modules/services/web-apps/akkoma.nix b/nixos/modules/services/web-apps/akkoma.nix index 170b7680f01..47ba53e4222 100644 --- a/nixos/modules/services/web-apps/akkoma.nix +++ b/nixos/modules/services/web-apps/akkoma.nix @@ -1082,6 +1082,5 @@ in { }; meta.maintainers = with maintainers; [ mvs ]; - # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh meta.doc = ./akkoma.xml; } diff --git a/nixos/modules/services/web-apps/akkoma.xml b/nixos/modules/services/web-apps/akkoma.xml index a1c4c0e30be..49cbcc911e1 100644 --- a/nixos/modules/services/web-apps/akkoma.xml +++ b/nixos/modules/services/web-apps/akkoma.xml @@ -1,3 +1,5 @@ + Akkoma diff --git a/nixos/modules/services/web-apps/discourse.nix b/nixos/modules/services/web-apps/discourse.nix index b00aeab89b0..b8104ade467 100644 --- a/nixos/modules/services/web-apps/discourse.nix +++ b/nixos/modules/services/web-apps/discourse.nix @@ -1080,7 +1080,6 @@ in ]; }; - # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh meta.doc = ./discourse.xml; meta.maintainers = [ lib.maintainers.talyz ]; } diff --git a/nixos/modules/services/web-apps/discourse.xml b/nixos/modules/services/web-apps/discourse.xml index ff7534ba5a5..a5e8b3656b7 100644 --- a/nixos/modules/services/web-apps/discourse.xml +++ b/nixos/modules/services/web-apps/discourse.xml @@ -1,3 +1,5 @@ + Discourse diff --git a/nixos/modules/services/web-apps/grocy.nix b/nixos/modules/services/web-apps/grocy.nix index 1d5244b42ce..6efc2ccfd30 100644 --- a/nixos/modules/services/web-apps/grocy.nix +++ b/nixos/modules/services/web-apps/grocy.nix @@ -167,7 +167,6 @@ in { meta = { maintainers = with maintainers; [ ma27 ]; - # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh doc = ./grocy.xml; }; } diff --git a/nixos/modules/services/web-apps/grocy.xml b/nixos/modules/services/web-apps/grocy.xml index 5a0e043ea4d..08de25b4ce2 100644 --- a/nixos/modules/services/web-apps/grocy.xml +++ b/nixos/modules/services/web-apps/grocy.xml @@ -1,3 +1,5 @@ + Grocy diff --git a/nixos/modules/services/web-apps/jitsi-meet.nix b/nixos/modules/services/web-apps/jitsi-meet.nix index b82138a307b..5b0934b2fb7 100644 --- a/nixos/modules/services/web-apps/jitsi-meet.nix +++ b/nixos/modules/services/web-apps/jitsi-meet.nix @@ -451,7 +451,6 @@ in }; }; - # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh meta.doc = ./jitsi-meet.xml; meta.maintainers = lib.teams.jitsi.members; } diff --git a/nixos/modules/services/web-apps/jitsi-meet.xml b/nixos/modules/services/web-apps/jitsi-meet.xml index f5cfadf89df..4d2d8aa55e1 100644 --- a/nixos/modules/services/web-apps/jitsi-meet.xml +++ b/nixos/modules/services/web-apps/jitsi-meet.xml @@ -1,3 +1,5 @@ + Jitsi Meet diff --git a/nixos/modules/services/web-apps/keycloak.nix b/nixos/modules/services/web-apps/keycloak.nix index 7b3814485b9..d52190a2864 100644 --- a/nixos/modules/services/web-apps/keycloak.nix +++ b/nixos/modules/services/web-apps/keycloak.nix @@ -674,7 +674,6 @@ in mkIf createLocalMySQL (mkDefault dbPkg); }; - # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh meta.doc = ./keycloak.xml; meta.maintainers = [ maintainers.talyz ]; } diff --git a/nixos/modules/services/web-apps/keycloak.xml b/nixos/modules/services/web-apps/keycloak.xml index 037ae7ff75a..148782d30f3 100644 --- a/nixos/modules/services/web-apps/keycloak.xml +++ b/nixos/modules/services/web-apps/keycloak.xml @@ -1,3 +1,5 @@ + Keycloak diff --git a/nixos/modules/services/web-apps/lemmy.nix b/nixos/modules/services/web-apps/lemmy.nix index db1518ec293..f2eb6e726b9 100644 --- a/nixos/modules/services/web-apps/lemmy.nix +++ b/nixos/modules/services/web-apps/lemmy.nix @@ -6,7 +6,6 @@ let in { meta.maintainers = with maintainers; [ happysalada ]; - # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh meta.doc = ./lemmy.xml; imports = [ diff --git a/nixos/modules/services/web-apps/lemmy.xml b/nixos/modules/services/web-apps/lemmy.xml index f04316b3c51..114e11f3488 100644 --- a/nixos/modules/services/web-apps/lemmy.xml +++ b/nixos/modules/services/web-apps/lemmy.xml @@ -1,3 +1,5 @@ + Lemmy diff --git a/nixos/modules/services/web-apps/matomo.nix b/nixos/modules/services/web-apps/matomo.nix index 706e41cbed0..98451065995 100644 --- a/nixos/modules/services/web-apps/matomo.nix +++ b/nixos/modules/services/web-apps/matomo.nix @@ -325,7 +325,6 @@ in { }; meta = { - # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh doc = ./matomo.xml; maintainers = with lib.maintainers; [ florianjacob ]; }; diff --git a/nixos/modules/services/web-apps/matomo.xml b/nixos/modules/services/web-apps/matomo.xml index 0d76e4d7e59..30994cc9f1d 100644 --- a/nixos/modules/services/web-apps/matomo.xml +++ b/nixos/modules/services/web-apps/matomo.xml @@ -1,3 +1,5 @@ + Matomo diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix index 64e8e4ed5d6..90801e99681 100644 --- a/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -1146,6 +1146,5 @@ in { } ]); - # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh meta.doc = ./nextcloud.xml; } diff --git a/nixos/modules/services/web-apps/nextcloud.xml b/nixos/modules/services/web-apps/nextcloud.xml index 40d94cb5858..a5ac05723ef 100644 --- a/nixos/modules/services/web-apps/nextcloud.xml +++ b/nixos/modules/services/web-apps/nextcloud.xml @@ -1,3 +1,5 @@ + Nextcloud diff --git a/nixos/modules/services/web-apps/pict-rs.nix b/nixos/modules/services/web-apps/pict-rs.nix index 5f02bce3a0a..ad07507ca37 100644 --- a/nixos/modules/services/web-apps/pict-rs.nix +++ b/nixos/modules/services/web-apps/pict-rs.nix @@ -5,7 +5,6 @@ let in { meta.maintainers = with maintainers; [ happysalada ]; - # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh meta.doc = ./pict-rs.xml; options.services.pict-rs = { diff --git a/nixos/modules/services/web-apps/pict-rs.xml b/nixos/modules/services/web-apps/pict-rs.xml index 511da8012b7..3f5900c55f1 100644 --- a/nixos/modules/services/web-apps/pict-rs.xml +++ b/nixos/modules/services/web-apps/pict-rs.xml @@ -1,3 +1,5 @@ + Pict-rs diff --git a/nixos/modules/services/web-apps/plausible.nix b/nixos/modules/services/web-apps/plausible.nix index 0475bb796cd..e5dc1b10360 100644 --- a/nixos/modules/services/web-apps/plausible.nix +++ b/nixos/modules/services/web-apps/plausible.nix @@ -292,6 +292,5 @@ in { }; meta.maintainers = with maintainers; [ ma27 ]; - # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh meta.doc = ./plausible.xml; } diff --git a/nixos/modules/services/web-apps/plausible.xml b/nixos/modules/services/web-apps/plausible.xml index f84a91a9f8b..39ff004ffd9 100644 --- a/nixos/modules/services/web-apps/plausible.xml +++ b/nixos/modules/services/web-apps/plausible.xml @@ -1,3 +1,5 @@ + Plausible diff --git a/nixos/modules/services/web-servers/garage.nix b/nixos/modules/services/web-servers/garage.nix index afdb8044c29..1c25d865f98 100644 --- a/nixos/modules/services/web-servers/garage.nix +++ b/nixos/modules/services/web-servers/garage.nix @@ -9,7 +9,6 @@ let in { meta = { - # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh doc = ./garage.xml; maintainers = with pkgs.lib.maintainers; [ raitobezarius ]; }; diff --git a/nixos/modules/services/web-servers/garage.xml b/nixos/modules/services/web-servers/garage.xml index cb9d50a2aa1..6a16b1693da 100644 --- a/nixos/modules/services/web-servers/garage.xml +++ b/nixos/modules/services/web-servers/garage.xml @@ -1,3 +1,5 @@ + Garage diff --git a/nixos/modules/services/x11/desktop-managers/gnome.nix b/nixos/modules/services/x11/desktop-managers/gnome.nix index 63de2159476..9c1978e362b 100644 --- a/nixos/modules/services/x11/desktop-managers/gnome.nix +++ b/nixos/modules/services/x11/desktop-managers/gnome.nix @@ -66,7 +66,6 @@ in { meta = { - # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh doc = ./gnome.xml; maintainers = teams.gnome.members; }; diff --git a/nixos/modules/services/x11/desktop-managers/gnome.xml b/nixos/modules/services/x11/desktop-managers/gnome.xml index 2c46b39ead1..6613f49eec7 100644 --- a/nixos/modules/services/x11/desktop-managers/gnome.xml +++ b/nixos/modules/services/x11/desktop-managers/gnome.xml @@ -1,3 +1,5 @@ + GNOME Desktop diff --git a/nixos/modules/services/x11/desktop-managers/pantheon.nix b/nixos/modules/services/x11/desktop-managers/pantheon.nix index 90990cd54da..5c0203224e1 100644 --- a/nixos/modules/services/x11/desktop-managers/pantheon.nix +++ b/nixos/modules/services/x11/desktop-managers/pantheon.nix @@ -17,7 +17,6 @@ in { meta = { - # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh doc = ./pantheon.xml; maintainers = teams.pantheon.members; }; diff --git a/nixos/modules/services/x11/desktop-managers/pantheon.xml b/nixos/modules/services/x11/desktop-managers/pantheon.xml index 1377927fe6a..0e98b08fb65 100644 --- a/nixos/modules/services/x11/desktop-managers/pantheon.xml +++ b/nixos/modules/services/x11/desktop-managers/pantheon.xml @@ -1,3 +1,5 @@ + Pantheon Desktop diff --git a/nixos/modules/system/boot/loader/external/external.nix b/nixos/modules/system/boot/loader/external/external.nix index 0f4f82da693..7c5455bb47a 100644 --- a/nixos/modules/system/boot/loader/external/external.nix +++ b/nixos/modules/system/boot/loader/external/external.nix @@ -8,7 +8,6 @@ in { meta = { maintainers = with maintainers; [ cole-h grahamc raitobezarius ]; - # Don't edit the docbook xml directly, edit the md and generate it using md-to-db.sh doc = ./external.xml; }; diff --git a/nixos/modules/system/boot/loader/external/external.xml b/nixos/modules/system/boot/loader/external/external.xml index 08a0b56e5b2..9a392c27441 100644 --- a/nixos/modules/system/boot/loader/external/external.xml +++ b/nixos/modules/system/boot/loader/external/external.xml @@ -1,3 +1,5 @@ + External Bootloader Backends From dc837121ca314e05bdb3e98b121d3ab5c0c27487 Mon Sep 17 00:00:00 2001 From: Ashish SHUKLA Date: Sat, 24 Dec 2022 22:17:36 +0530 Subject: [PATCH 073/155] vaultwarden: 1.26.0 -> 1.27.0 --- pkgs/tools/security/vaultwarden/default.nix | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/pkgs/tools/security/vaultwarden/default.nix b/pkgs/tools/security/vaultwarden/default.nix index c3240a32e53..91e481c5ab3 100644 --- a/pkgs/tools/security/vaultwarden/default.nix +++ b/pkgs/tools/security/vaultwarden/default.nix @@ -9,22 +9,16 @@ in rustPlatform.buildRustPackage rec { pname = "vaultwarden"; - version = "1.26.0"; + version = "1.27.0"; src = fetchFromGitHub { owner = "dani-garcia"; repo = pname; rev = version; - sha256 = "sha256-LPIc1odUBvjVJty3GYYFNhile4XBWMisLUeVtWH6xgE="; + hash = "sha256-QvU1Y3syr6PZbTRebbZF4sEzI4lIj1enJe2F/gGfvQM="; }; - cargoSha256 = "sha256-IfseODaoqlPNBlVjS+9+rKXAOq29TgULMA/ogmqg0NA="; - - postPatch = '' - # Upstream specifies 1.57; nixpkgs has 1.56 which also produces a working - # vaultwarden when using RUSTC_BOOTSTRAP=1 - sed -ri 's/^rust-version = .*//g' Cargo.toml - ''; + cargoHash = "sha256-lylRGg5pzJ4sBS3bY4ObMoJ5s5kakMLTtq1VOnmS5HM"; nativeBuildInputs = [ pkg-config ]; buildInputs = with lib; [ openssl ] From c0796f7158d05e1868f217d608ee78927fa4aba6 Mon Sep 17 00:00:00 2001 From: Ashish SHUKLA Date: Sat, 24 Dec 2022 22:21:51 +0530 Subject: [PATCH 074/155] vaultwarden.webvault: 2022.10.0 -> 2022.12.0 --- pkgs/tools/security/vaultwarden/webvault.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/security/vaultwarden/webvault.nix b/pkgs/tools/security/vaultwarden/webvault.nix index b2ac61fc857..74a75e24339 100644 --- a/pkgs/tools/security/vaultwarden/webvault.nix +++ b/pkgs/tools/security/vaultwarden/webvault.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "vaultwarden-webvault"; - version = "2022.10.0"; + version = "2022.12.0"; src = fetchurl { url = "https://github.com/dani-garcia/bw_web_builds/releases/download/v${version}/bw_web_v${version}.tar.gz"; - hash = "sha256-Sf1YnOikjZmloTQvdrFH/UAevQqKQEkNNrCRUhvNZfA="; + hash = "sha256-QC3/aqIF2NdJPHmwUbvJR62wsUGBrgsHJCyqBJ/0gMc="; }; buildCommand = '' From c7ce0c86a69f976b7dfb5f80221f02a18d15c706 Mon Sep 17 00:00:00 2001 From: Boey Maun Suang Date: Wed, 11 Jan 2023 02:27:40 +1100 Subject: [PATCH 075/155] gnat12: Fix GNAT Darwin dylib install names --- pkgs/development/compilers/gcc/12/default.nix | 3 +++ .../gcc/gnat-darwin-dylib-install-name.patch | 19 +++++++++++++++++++ 2 files changed, 22 insertions(+) create mode 100644 pkgs/development/compilers/gcc/gnat-darwin-dylib-install-name.patch diff --git a/pkgs/development/compilers/gcc/12/default.nix b/pkgs/development/compilers/gcc/12/default.nix index 1a4af0ab286..4287e4d67d4 100644 --- a/pkgs/development/compilers/gcc/12/default.nix +++ b/pkgs/development/compilers/gcc/12/default.nix @@ -112,6 +112,9 @@ let majorVersion = "12"; # Fix detection of bootstrap compiler Ada support (cctools as) on Nix Darwin ++ optional (stdenv.isDarwin && langAda) ../ada-cctools-as-detection-configure.patch + # Use absolute path in GNAT dylib install names on Darwin + ++ optional (stdenv.isDarwin && langAda) ../gnat-darwin-dylib-install-name.patch + # Obtain latest patch with ../update-mcfgthread-patches.sh ++ optional (!crossStageStatic && targetPlatform.isMinGW && threadsCross.model == "mcf") ./Added-mcf-thread-model-support-from-mcfgthread.patch; diff --git a/pkgs/development/compilers/gcc/gnat-darwin-dylib-install-name.patch b/pkgs/development/compilers/gcc/gnat-darwin-dylib-install-name.patch new file mode 100644 index 00000000000..01e5de86a43 --- /dev/null +++ b/pkgs/development/compilers/gcc/gnat-darwin-dylib-install-name.patch @@ -0,0 +1,19 @@ +--- a/gcc/ada/gcc-interface/Makefile.in 2022-08-19 18:09:52.000000000 +1000 ++++ b/gcc/ada/gcc-interface/Makefile.in 2023-01-11 01:54:06.000000000 +1100 +@@ -795,14 +795,14 @@ + -o libgnat$(hyphen)$(LIBRARY_VERSION)$(soext) \ + $(GNATRTL_NONTASKING_OBJS) $(LIBGNAT_OBJS) \ + $(SO_OPTS) \ +- -Wl,-install_name,@rpath/libgnat$(hyphen)$(LIBRARY_VERSION)$(soext) \ ++ -Wl,-install_name,$(ADA_RTL_DSO_DIR)/libgnat$(hyphen)$(LIBRARY_VERSION)$(soext) \ + $(MISCLIB) + cd $(RTSDIR); `echo "$(GCC_FOR_TARGET)" \ + | sed -e 's,\./xgcc,../../xgcc,' -e 's,-B\./,-B../../,'` -dynamiclib $(PICFLAG_FOR_TARGET) \ + -o libgnarl$(hyphen)$(LIBRARY_VERSION)$(soext) \ + $(GNATRTL_TASKING_OBJS) \ + $(SO_OPTS) \ +- -Wl,-install_name,@rpath/libgnarl$(hyphen)$(LIBRARY_VERSION)$(soext) \ ++ -Wl,-install_name,$(ADA_RTL_DSO_DIR)/libgnarl$(hyphen)$(LIBRARY_VERSION)$(soext) \ + $(THREADSLIB) -Wl,libgnat$(hyphen)$(LIBRARY_VERSION)$(soext) + cd $(RTSDIR); $(LN_S) libgnat$(hyphen)$(LIBRARY_VERSION)$(soext) \ + libgnat$(soext) From d34d4cda6946b88f15d589c1e12cae538bb4a643 Mon Sep 17 00:00:00 2001 From: Alexis Hildebrandt Date: Wed, 11 Jan 2023 06:48:37 +0100 Subject: [PATCH 076/155] mupdf: 1.20.3 -> 1.21.1 --- pkgs/applications/misc/mupdf/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/misc/mupdf/default.nix b/pkgs/applications/misc/mupdf/default.nix index ab91e1d7089..812bc9a5d76 100644 --- a/pkgs/applications/misc/mupdf/default.nix +++ b/pkgs/applications/misc/mupdf/default.nix @@ -47,12 +47,12 @@ let in stdenv.mkDerivation rec { - version = "1.20.3"; + version = "1.21.1"; pname = "mupdf"; src = fetchurl { url = "https://mupdf.com/downloads/archive/${pname}-${version}-source.tar.gz"; - sha256 = "sha256-a2AHD27sIOjYfStc0iz0kCAxGjzxXuEJmOPl9fmEses="; + sha256 = "sha256-sk3b4SUGzILeCNXNSUYUugg0b4F12x2YvPk4/5SSWlQ="; }; patches = [ ./0001-Use-command-v-in-favor-of-which.patch From 08649f0192cd7ed100f5cc3ece12af9df598d76a Mon Sep 17 00:00:00 2001 From: Sumner Evans Date: Wed, 11 Jan 2023 09:47:27 -0700 Subject: [PATCH 077/155] python3Packages.aiohttp-oauthlib: init at 0.1.0 Signed-off-by: Sumner Evans --- .../aiohttp-oauthlib/default.nix | 40 +++++++++++++++++++ pkgs/top-level/python-packages.nix | 2 + 2 files changed, 42 insertions(+) create mode 100644 pkgs/development/python-modules/aiohttp-oauthlib/default.nix diff --git a/pkgs/development/python-modules/aiohttp-oauthlib/default.nix b/pkgs/development/python-modules/aiohttp-oauthlib/default.nix new file mode 100644 index 00000000000..92981ea952c --- /dev/null +++ b/pkgs/development/python-modules/aiohttp-oauthlib/default.nix @@ -0,0 +1,40 @@ +{ lib +, buildPythonPackage +, fetchPypi +, pythonOlder +, oauthlib +, aiohttp +, setuptools-scm +}: + +buildPythonPackage rec { + pname = "aiohttp-oauthlib"; + version = "0.1.0"; + format = "setuptools"; + + disabled = pythonOlder "3.7"; + + src = fetchPypi { + inherit pname version; + hash = "sha256-iTzRpZ3dDC5OmA46VE+XELfE/7nie0zQOLUf4dcDk7c="; + }; + + propagatedBuildInputs = [ + oauthlib + aiohttp + ]; + + nativeBuildInputs = [ + setuptools-scm + ]; + + # Package has no tests. + doCheck = false; + + meta = with lib; { + homepage = "https://git.sr.ht/~whynothugo/aiohttp-oauthlib"; + description = "oauthlib integration for aiohttp clients"; + license = licenses.isc; + maintainers = with maintainers; [ sumnerevans ]; + }; +} diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 4deea32d2aa..729a2126eec 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -198,6 +198,8 @@ self: super: with self; { aiohttp-jinja2 = callPackage ../development/python-modules/aiohttp-jinja2 { }; + aiohttp-oauthlib = callPackage ../development/python-modules/aiohttp-oauthlib { }; + aiohttp-openmetrics = callPackage ../development/python-modules/aiohttp-openmetrics { }; aiohttp-remotes = callPackage ../development/python-modules/aiohttp-remotes { }; From 1480b0a441eee7ac8b04ec10cc2716c73348154d Mon Sep 17 00:00:00 2001 From: Sumner Evans Date: Wed, 11 Jan 2023 09:48:45 -0700 Subject: [PATCH 078/155] vdirsyncer: add aiohttp-oauthlib to dependencies This makes the "google" storage work again after the upstream asyncio refactor: https://github.com/pimutils/vdirsyncer/pull/906 Signed-off-by: Sumner Evans --- pkgs/development/python-modules/vdirsyncer/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/development/python-modules/vdirsyncer/default.nix b/pkgs/development/python-modules/vdirsyncer/default.nix index 0ddc9b988aa..c61ec16b87b 100644 --- a/pkgs/development/python-modules/vdirsyncer/default.nix +++ b/pkgs/development/python-modules/vdirsyncer/default.nix @@ -13,6 +13,7 @@ , pytest-subtesthack , setuptools-scm , aiostream +, aiohttp-oauthlib , aiohttp , pytest-asyncio , trustme @@ -49,6 +50,7 @@ buildPythonPackage rec { requests-toolbelt aiostream aiohttp + aiohttp-oauthlib ]; nativeBuildInputs = [ From b320df8745c443820e0542313b186bc7d0962c6e Mon Sep 17 00:00:00 2001 From: Nick Cao Date: Thu, 12 Jan 2023 10:11:55 +0800 Subject: [PATCH 079/155] qt6Packages.qxlsx: 1.4.4 -> 1.4.5 --- pkgs/development/libraries/qxlsx/default.nix | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/pkgs/development/libraries/qxlsx/default.nix b/pkgs/development/libraries/qxlsx/default.nix index b077b77517b..6251689d0e2 100644 --- a/pkgs/development/libraries/qxlsx/default.nix +++ b/pkgs/development/libraries/qxlsx/default.nix @@ -7,24 +7,18 @@ stdenv.mkDerivation rec { pname = "qxlsx"; - version = "1.4.4"; + version = "1.4.5"; src = fetchFromGitHub { owner = "QtExcel"; repo = "QXlsx"; rev = "v${version}"; - hash = "sha256-01G7eJRrnee/acEeobYAYMY+93y+I0ASOTVRGuO+IcA="; + hash = "sha256-T+PUeml4O6uwY6DCAsBer4gDo+nrSGGus+yQv02CJcE="; }; nativeBuildInputs = [ cmake ]; buildInputs = [ qtbase ]; - # Don't force Qt definitions onto users: https://github.com/QtExcel/QXlsx/commit/8e83402d - postPatch = '' - substituteInPlace QXlsx/CMakeLists.txt \ - --replace 'target_compile_definitions(QXlsx PUBLIC' 'target_compile_definitions(QXlsx PRIVATE' - ''; - preConfigure = '' cd QXlsx ''; From a9fca3ece2b129d68bfeccca573121858c0f3691 Mon Sep 17 00:00:00 2001 From: Mario Rodas Date: Thu, 12 Jan 2023 04:20:00 +0000 Subject: [PATCH 080/155] twilio-cli: 5.3.1 -> 5.3.2 https://github.com/twilio/twilio-cli/releases/tag/5.3.2 --- pkgs/development/tools/twilio-cli/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/tools/twilio-cli/default.nix b/pkgs/development/tools/twilio-cli/default.nix index 178c58f467b..c9dabfffe0f 100644 --- a/pkgs/development/tools/twilio-cli/default.nix +++ b/pkgs/development/tools/twilio-cli/default.nix @@ -2,11 +2,11 @@ stdenvNoCC.mkDerivation (finalAttrs: { pname = "twilio-cli"; - version = "5.3.1"; + version = "5.3.2"; src = fetchzip { url = "https://twilio-cli-prod.s3.amazonaws.com/twilio-v${finalAttrs.version}/twilio-v${finalAttrs.version}.tar.gz"; - sha256 = "sha256-NmxIDE2LXHTixqhV/Ov/B2H25KhvEay9BKq5MXSXHnk="; + sha256 = "sha256-Ld7drg2N+4XUtpsA7Jpg7BrrSWTWBVa1QhuJ+FNOIGw="; }; nativeBuildInputs = [ makeBinaryWrapper ]; From eb4891d2d3331a0a1c06098f7af1574fa671f363 Mon Sep 17 00:00:00 2001 From: Rhys Davies Date: Thu, 12 Jan 2023 01:48:12 -0800 Subject: [PATCH 081/155] nixos/vaultwarden: fix test --- nixos/tests/vaultwarden.nix | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/nixos/tests/vaultwarden.nix b/nixos/tests/vaultwarden.nix index c0e1d0585b9..d0b11e00538 100644 --- a/nixos/tests/vaultwarden.nix +++ b/nixos/tests/vaultwarden.nix @@ -107,7 +107,7 @@ let wait = WebDriverWait(driver, 10) - wait.until(EC.title_contains("Create Account")) + wait.until(EC.title_contains("Create account")) driver.find_element(By.CSS_SELECTOR, 'input#register-form_input_email').send_keys( '${userEmail}' @@ -122,18 +122,20 @@ let '${userPassword}' ) - driver.find_element(By.XPATH, "//button[contains(., 'Create Account')]").click() + driver.find_element(By.XPATH, "//button[contains(., 'Create account')]").click() - wait.until_not(EC.title_contains("Create Account")) + wait.until_not(EC.title_contains("Create account")) + + driver.find_element(By.XPATH, "//button[contains(., 'Continue')]").click() driver.find_element(By.CSS_SELECTOR, 'input#login_input_master-password').send_keys( '${userPassword}' ) - driver.find_element(By.XPATH, "//button[contains(., 'Log In')]").click() + driver.find_element(By.XPATH, "//button[contains(., 'Log in')]").click() - wait.until(EC.title_contains("Bitwarden Web Vault")) + wait.until(EC.title_contains("Vaultwarden Web Vault")) - driver.find_element(By.XPATH, "//button[contains(., 'Add Item')]").click() + driver.find_element(By.XPATH, "//button[contains(., 'Add item')]").click() driver.find_element(By.CSS_SELECTOR, 'input#name').send_keys( 'secrets' From c7990a51392e77067643c4eb1f815e9ad51a2a59 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Thu, 12 Jan 2023 10:18:51 +0000 Subject: [PATCH 082/155] rdma-core: 43.0 -> 44.0 --- pkgs/os-specific/linux/rdma-core/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/rdma-core/default.nix b/pkgs/os-specific/linux/rdma-core/default.nix index 2506b654fb4..32ea38e6cf5 100644 --- a/pkgs/os-specific/linux/rdma-core/default.nix +++ b/pkgs/os-specific/linux/rdma-core/default.nix @@ -5,13 +5,13 @@ stdenv.mkDerivation rec { pname = "rdma-core"; - version = "43.0"; + version = "44.0"; src = fetchFromGitHub { owner = "linux-rdma"; repo = "rdma-core"; rev = "v${version}"; - sha256 = "sha256-tqlanUZpDYT3wgvD0hA1D5RrMdzPzOqoELzuXGhjnz8="; + sha256 = "sha256-oV//+mT/0fgAAFkqkYVEZEIvPJwET+Rrjkooz6nHQH8="; }; strictDeps = true; From 0db6b38fa2c0319ae7c7c6e5bbde4ca89a75d2a9 Mon Sep 17 00:00:00 2001 From: Ben Gamari Date: Mon, 2 Jan 2023 19:06:44 -0500 Subject: [PATCH 083/155] roc-toolkit: 0.1.5 -> 0.2.1 --- .../0001-Remove-deprecated-scons-call.patch | 24 -------------- ...002-Fix-compatibility-with-new-SCons.patch | 31 ------------------- .../libraries/audio/roc-toolkit/default.nix | 14 ++++----- .../fix-pkgconfig-installation.patch | 13 ++++++++ 4 files changed, 19 insertions(+), 63 deletions(-) delete mode 100644 pkgs/development/libraries/audio/roc-toolkit/0001-Remove-deprecated-scons-call.patch delete mode 100644 pkgs/development/libraries/audio/roc-toolkit/0002-Fix-compatibility-with-new-SCons.patch create mode 100644 pkgs/development/libraries/audio/roc-toolkit/fix-pkgconfig-installation.patch diff --git a/pkgs/development/libraries/audio/roc-toolkit/0001-Remove-deprecated-scons-call.patch b/pkgs/development/libraries/audio/roc-toolkit/0001-Remove-deprecated-scons-call.patch deleted file mode 100644 index e13dda54970..00000000000 --- a/pkgs/development/libraries/audio/roc-toolkit/0001-Remove-deprecated-scons-call.patch +++ /dev/null @@ -1,24 +0,0 @@ -From abdfbb94df98fe88be4dd92ca587500126558411 Mon Sep 17 00:00:00 2001 -From: Victor Gaydov -Date: Sun, 26 Jul 2020 11:54:52 +0300 -Subject: [PATCH] Remove deprecated scons call - ---- - SConstruct | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/SConstruct b/SConstruct -index 407025d8..04afa91f 100644 ---- a/SConstruct -+++ b/SConstruct -@@ -49,7 +49,6 @@ env = Environment(ENV=os.environ, tools=[ - # performance tuning - env.Decider('MD5-timestamp') - env.SetOption('implicit_cache', 1) --env.SourceCode('.', None) - - # provide absolute path to force single sconsign file - # per-directory sconsign files seems to be buggy with generated sources --- -2.34.1 - diff --git a/pkgs/development/libraries/audio/roc-toolkit/0002-Fix-compatibility-with-new-SCons.patch b/pkgs/development/libraries/audio/roc-toolkit/0002-Fix-compatibility-with-new-SCons.patch deleted file mode 100644 index 097f1b3ff47..00000000000 --- a/pkgs/development/libraries/audio/roc-toolkit/0002-Fix-compatibility-with-new-SCons.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 15b37bb12a362c7889ac431eca4a47d6b2bdb97c Mon Sep 17 00:00:00 2001 -From: Victor Gaydov -Date: Sat, 5 Dec 2020 18:38:36 +0300 -Subject: [PATCH] Fix compatibility with new SCons - ---- - site_scons/site_tools/roc/config.py | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/site_scons/site_tools/roc/config.py b/site_scons/site_tools/roc/config.py -index b42b3adb..03b76be7 100644 ---- a/site_scons/site_tools/roc/config.py -+++ b/site_scons/site_tools/roc/config.py -@@ -13,7 +13,13 @@ def _run_prog(context, src, suffix): - # RunProg may incorrectly use cached results from a previous run saved for - # different file contents but the same invocation number. To prevent this, we - # monkey patch its global counter with a hashsum of the file contents. -- SCons.SConf._ac_build_counter = int(hashlib.md5(src.encode()).hexdigest(), 16) -+ # The workaround is needed only for older versions of SCons, where -+ # _ac_build_counter was an integer. -+ try: -+ if type(SCons.SConf._ac_build_counter) is int: -+ SCons.SConf._ac_build_counter = int(hashlib.md5(src.encode()).hexdigest(), 16) -+ except: -+ pass - return context.RunProg(src, suffix) - - def CheckLibWithHeaderExt(context, libs, headers, language, expr='1', run=True): --- -2.34.1 - diff --git a/pkgs/development/libraries/audio/roc-toolkit/default.nix b/pkgs/development/libraries/audio/roc-toolkit/default.nix index 98c088ed549..e93ff5ef9a7 100644 --- a/pkgs/development/libraries/audio/roc-toolkit/default.nix +++ b/pkgs/development/libraries/audio/roc-toolkit/default.nix @@ -8,6 +8,7 @@ libuv, openfecSupport ? true, openfec, + speexdsp, libunwindSupport ? true, libunwind, pulseaudioSupport ? true, @@ -16,13 +17,13 @@ stdenv.mkDerivation rec { pname = "roc-toolkit"; - version = "0.1.5"; + version = "0.2.1"; src = fetchFromGitHub { owner = "roc-streaming"; repo = "roc-toolkit"; rev = "v${version}"; - sha256 = "sha256:1pld340zfch4p3qaf5anrspq7vmxrgf9ddsdsq92pk49axaaz19w"; + sha256 = "sha256-W8PiI5W1T6pNaYzR4u6fPtkP8DKq/Z85Kq/WF5dXVxo="; }; nativeBuildInputs = [ @@ -37,15 +38,14 @@ stdenv.mkDerivation rec { libunwind openfec libpulseaudio + speexdsp ]; sconsFlags = [ "--build=${stdenv.buildPlatform.config}" "--host=${stdenv.hostPlatform.config}" "--prefix=${placeholder "out"}" - "--disable-sox" - "--disable-doc" - "--disable-tests" ] ++ + "--disable-sox" ] ++ lib.optional (!libunwindSupport) "--disable-libunwind" ++ lib.optional (!pulseaudioSupport) "--disable-pulseaudio" ++ (if (!openfecSupport) @@ -56,10 +56,8 @@ stdenv.mkDerivation rec { prePatch = lib.optionalString stdenv.isAarch64 "sed -i 's/c++98/c++11/g' SConstruct"; - # TODO: Remove these patches in the next version. patches = [ - ./0001-Remove-deprecated-scons-call.patch - ./0002-Fix-compatibility-with-new-SCons.patch + ./fix-pkgconfig-installation.patch ]; meta = with lib; { diff --git a/pkgs/development/libraries/audio/roc-toolkit/fix-pkgconfig-installation.patch b/pkgs/development/libraries/audio/roc-toolkit/fix-pkgconfig-installation.patch new file mode 100644 index 00000000000..8c6982f1f7c --- /dev/null +++ b/pkgs/development/libraries/audio/roc-toolkit/fix-pkgconfig-installation.patch @@ -0,0 +1,13 @@ +diff --git a/src/SConscript b/src/SConscript +index b59f67a7..9f16e0a2 100644 +--- a/src/SConscript ++++ b/src/SConscript +@@ -141,7 +141,7 @@ if not GetOption('disable_shared') or GetOption('enable_static') or GetOption('e + desc='Real-time audio streaming over the network.', + url='https://roc-streaming.org', + version=env['ROC_VERSION']) +- env.AddDistFile(env['PKG_CONFIG_PATH'], pc_file) ++ env.AddDistFile(os.path.join(env['ROC_SYSTEM_LIBDIR'], 'pkgconfig'), pc_file) + + if GetOption('enable_examples'): + examples_env = subenvs.examples.Clone() From 91558c86dedf5a84734654f1e4003d7b0fcbd085 Mon Sep 17 00:00:00 2001 From: K900 Date: Thu, 12 Jan 2023 16:18:42 +0300 Subject: [PATCH 084/155] roc-toolkit: propagate buildInputs Required by the pkg-config file for libroc. --- pkgs/development/libraries/audio/roc-toolkit/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/libraries/audio/roc-toolkit/default.nix b/pkgs/development/libraries/audio/roc-toolkit/default.nix index e93ff5ef9a7..a4916eecfe4 100644 --- a/pkgs/development/libraries/audio/roc-toolkit/default.nix +++ b/pkgs/development/libraries/audio/roc-toolkit/default.nix @@ -33,7 +33,7 @@ stdenv.mkDerivation rec { pkg-config ]; - buildInputs = [ + propagatedBuildInputs = [ libuv libunwind openfec From b942453f08b06227cbe7afe342a5273f278950e4 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Thu, 12 Jan 2023 14:18:39 +0000 Subject: [PATCH 085/155] srvc: 0.9.0 -> 0.10.1 --- pkgs/applications/version-management/srvc/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/version-management/srvc/default.nix b/pkgs/applications/version-management/srvc/default.nix index 699103b98f5..2c9fa57f0ab 100644 --- a/pkgs/applications/version-management/srvc/default.nix +++ b/pkgs/applications/version-management/srvc/default.nix @@ -2,16 +2,16 @@ rustPlatform.buildRustPackage rec { pname = "srvc"; - version = "0.9.0"; + version = "0.10.1"; src = fetchFromGitHub { owner = "insilica"; repo = "rs-srvc"; rev = "v${version}"; - sha256 = "sha256-XslMwA1DhztK9DPNCucUpzjCQXz6PN8ml8JBvKtJeqg="; + sha256 = "sha256-yeyAorVMHFl9wm57gmK6ZAI1w5daN2xl29Gqq0DsTtc="; }; - cargoSha256 = "sha256-KxwBF5t8lcaH8ZD4SorIBiq7p6r9LGHfEOyNXtB9HJw="; + cargoHash = "sha256-/1TL0lWb4I9h6nGV7exx7U6ACrieN0EULTWg7Weexeg="; buildInputs = lib.optionals stdenv.isDarwin [ Security From fac3f731cc01b58bad957412e37511081be01173 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Thu, 12 Jan 2023 15:08:18 +0000 Subject: [PATCH 086/155] python310Packages.google-cloud-bigquery-datatransfer: 3.9.0 -> 3.10.0 --- .../google-cloud-bigquery-datatransfer/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/google-cloud-bigquery-datatransfer/default.nix b/pkgs/development/python-modules/google-cloud-bigquery-datatransfer/default.nix index d97dc95ad74..abe6c484ecc 100644 --- a/pkgs/development/python-modules/google-cloud-bigquery-datatransfer/default.nix +++ b/pkgs/development/python-modules/google-cloud-bigquery-datatransfer/default.nix @@ -14,14 +14,14 @@ buildPythonPackage rec { pname = "google-cloud-bigquery-datatransfer"; - version = "3.9.0"; + version = "3.10.0"; format = "setuptools"; disabled = pythonOlder "3.7"; src = fetchPypi { inherit pname version; - hash = "sha256-AH6Xq5jMIo1arGQazoPWgWnKefEavHnas6FIy+LFNP8="; + hash = "sha256-R6CIL1CA3UR81kUeIlFGJaxDGO33GBKOzT4Qo2LWlQk="; }; propagatedBuildInputs = [ From f5f2b39cdbcf3b84e3dbb5ddecffe403f589a939 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Thu, 12 Jan 2023 15:37:00 +0000 Subject: [PATCH 087/155] python310Packages.xlsx2csv: 0.8.0 -> 0.8.1 --- pkgs/development/python-modules/xlsx2csv/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/xlsx2csv/default.nix b/pkgs/development/python-modules/xlsx2csv/default.nix index 21a40f0c35f..7cf71eabdb8 100644 --- a/pkgs/development/python-modules/xlsx2csv/default.nix +++ b/pkgs/development/python-modules/xlsx2csv/default.nix @@ -6,12 +6,12 @@ buildPythonPackage rec { pname = "xlsx2csv"; - version = "0.8.0"; + version = "0.8.1"; format = "pyproject"; src = fetchPypi { inherit pname version; - sha256 = "sha256-LCaOUJt3ZspKJPLzYwLpGHBcXq0vzeP0vV8cphUvfiw="; + sha256 = "sha256-fs1tK8JCby5DL0/awSIR4ZdtPLtl+QM+Htpl7dogReM="; }; nativeBuildInputs = [ From 96ebc83053b12a488dfeef144f288827b819d023 Mon Sep 17 00:00:00 2001 From: Artturin Date: Tue, 10 Jan 2023 22:45:10 +0200 Subject: [PATCH 088/155] deterministic-uname: init for reproducibility deterministic-uname: dont hardcode OPERATING_SYSTEM_VAL to GNU/Linux --- .../deterministic-uname/default.nix | 54 ++++++ .../deterministic-uname.sh | 175 ++++++++++++++++++ .../linux/lsb-release/lsb_release.sh | 2 +- pkgs/top-level/all-packages.nix | 2 + 4 files changed, 232 insertions(+), 1 deletion(-) create mode 100644 pkgs/build-support/deterministic-uname/default.nix create mode 100644 pkgs/build-support/deterministic-uname/deterministic-uname.sh diff --git a/pkgs/build-support/deterministic-uname/default.nix b/pkgs/build-support/deterministic-uname/default.nix new file mode 100644 index 00000000000..917569618b4 --- /dev/null +++ b/pkgs/build-support/deterministic-uname/default.nix @@ -0,0 +1,54 @@ +# expr and script based on our lsb_release +{ stdenv +, lib +, substituteAll +, coreutils +, getopt +, modDirVersion ? "" +}: + +substituteAll { + name = "uname"; + + src = ./deterministic-uname.sh; + + dir = "bin"; + isExecutable = true; + + inherit coreutils getopt; + + uSystem = if stdenv.buildPlatform.uname.system != null then stdenv.buildPlatform.uname.system else "unknown"; + inherit (stdenv.buildPlatform.uname) processor; + + # uname -o + # maybe add to lib/systems/default.nix uname attrset + # https://github.com/coreutils/coreutils/blob/7fc84d1c0f6b35231b0b4577b70aaa26bf548a7c/src/uname.c#L373-L374 + # https://stackoverflow.com/questions/61711186/where-does-host-operating-system-in-uname-c-comes-from + # https://github.com/coreutils/gnulib/blob/master/m4/host-os.m4 + operatingSystem = + if stdenv.buildPlatform.isLinux + then "GNU/Linux" + else if stdenv.buildPlatform.isDarwin + then "Darwin" # darwin isn't in host-os.m4 so where does this come from? + else "unknown"; + + # in os-specific/linux module packages + # --replace '$(shell uname -r)' "${kernel.modDirVersion}" \ + # is a common thing to do. + modDirVersion = if modDirVersion != "" then modDirVersion else "unknown"; + + meta = with lib; { + description = "Print certain system information (hardcoded with values)"; + longDescription = '' + This package provides a replacement for `uname` whose output depends only + on `stdenv.buildPlatform`. It is meant to be used from within derivations. + Many packages' build processes run `uname` at compile time and embed its + output into the result of the build. Since `uname` calls into the kernel, + and the Nix sandbox currently does not intercept these calls, builds made + on different kernels will produce different results. + ''; + license = [ licenses.mit ]; + maintainers = with maintainers; [ artturin ]; + platforms = platforms.all; + }; +} diff --git a/pkgs/build-support/deterministic-uname/deterministic-uname.sh b/pkgs/build-support/deterministic-uname/deterministic-uname.sh new file mode 100644 index 00000000000..134bd467bce --- /dev/null +++ b/pkgs/build-support/deterministic-uname/deterministic-uname.sh @@ -0,0 +1,175 @@ +#! @shell@ + +set -o errexit +set -o nounset + +show_help() { + @coreutils@/bin/cat << EOF +Usage: uname [OPTION]... +Print certain system information. With no OPTION, same as -s. + + -a, --all print all information, in the following order, + except omit -p and -i if unknown: + -s, --kernel-name print the kernel name + -n, --nodename print the network node hostname + -r, --kernel-release print the kernel release + -v, --kernel-version print the kernel version + -m, --machine print the machine hardware name + -p, --processor print the processor type (non-portable) + -i, --hardware-platform print the hardware platform (non-portable) + -o, --operating-system print the operating system + --help display this help and exit + --version output version information and exit +EOF + exit 0 +} + +# Potential command-line options. +version=0 +all=0 + + +kernel_name=0 +nodename=0 +kernel_release=0 +kernel_version=0 +machine=0 +processor=0 +hardware_platform=0 +operating_system=0 + + +@getopt@/bin/getopt --test > /dev/null && rc=$? || rc=$? +if [[ $rc -ne 4 ]]; then + # This shouldn't happen. + echo "Warning: Enhanced getopt not supported, please open an issue in nixpkgs." >&2 +else + # Define all short and long options. + SHORT=hvsnrvmpioa + LONG=help,version,kernel-name,nodename,kernel-release,kernel-version,machine,processor,hardware-platform,operating-system,all + + # Parse all options. + PARSED=`@getopt@/bin/getopt --options $SHORT --longoptions $LONG --name "$0" -- "$@"` + + eval set -- "$PARSED" +fi + +# With no OPTION, same as -s. +if [[ $# -eq 0 ]]; then + kernel_name=1 +fi + +# Process each argument, and set the appropriate flag if we recognize it. +while [[ $# -ge 1 ]]; do + case "$1" in + --version) + version=1 + ;; + -s|--kernel-name) + kernel_name=1 + ;; + -n|--nodename) + nodename=1 + ;; + -r|--kernel-release) + kernel_release=1 + ;; + -v|--kernel-version) + kernel_version=1 + ;; + -m|--machine) + machine=1 + ;; + -p|--processor) + processor=1 + ;; + -i|--hardware-platform) + hardware_platform=1 + ;; + -o|--operating-system) + operating_system=1 + ;; + -a|--all) + all=1 + ;; + --help) + show_help + ;; + --) + shift + break + ;; + *) + echo "uname: unrecognized option '$1'" + echo "Type 'uname --help' for a list of available options." + exit 1 + ;; + esac + shift +done + + +KERNEL_NAME_VAL=@uSystem@ +NODENAME_VAL=nixpkgs +KERNEL_RELEASE_VAL=@modDirVersion@ +# #1-NixOS SMP PREEMPT_DYNAMIC Wed Dec 14 10:41:06 UTC 2022 +KERNEL_VERSION_VAL="#1-NixOS Tue Jan 1 00:00:00 UTC 1980" +MACHINE_VAL=@processor@ +PROCESSOR_VAL=unknown +HARDWARE_PLATFORM_VAL=unknown +OPERATING_SYSTEM_VAL=@operatingSystem@ + + +if [[ "$version" = "1" ]]; then + # in case some script greps for GNU coreutils. + echo "uname (GNU coreutils) 9.1" + echo "Nixpkgs deterministic-uname" + exit +fi + +# output of the real uname from GNU coreutils +# Darwin: +# Darwin *nodename* 22.1.0 Darwin Kernel Version 22.1.0: Sun Oct 9 20:14:30 PDT 2022; root:xnu-8792.41.9~2/RELEASE_ARM64_T8103 arm64 arm Darwin +# NixOS: +# Linux *nodename* 6.0.13 #1-NixOS SMP PREEMPT_DYNAMIC Wed Dec 14 10:41:06 UTC 2022 x86_64 GNU/Linux +if [[ "$all" = "1" ]]; then + echo -n "$KERNEL_NAME_VAL $NODENAME_VAL $KERNEL_RELEASE_VAL $KERNEL_VERSION_VAL $MACHINE_VAL" + # in help: except omit -p and -i if unknown. + #echo -n "$PROCESSOR_VAL $HARDWARE_PLATFORM_VAL\n" + echo -n "$OPERATING_SYSTEM_VAL" +fi + +if [[ "$kernel_name" = "1" ]]; then + echo -n "$KERNEL_NAME_VAL" +fi + +if [[ "$nodename" = "1" ]]; then + echo -n "$NODENAME_VAL" +fi + +if [[ "$kernel_release" = "1" ]]; then + echo -n "$KERNEL_RELEASE_VAL" +fi + +if [[ "$kernel_version" = "1" ]]; then + echo -n "$KERNEL_VERSION_VAL" +fi + +if [[ "$machine" = "1" ]]; then + echo -n "$MACHINE_VAL" +fi + +if [[ "$processor" = "1" ]]; then + echo -n "$PROCESSOR_VAL" +fi + +if [[ "$hardware_platform" = "1" ]]; then + echo -n "$HARDWARE_PLATFORM_VAL" +fi + +if [[ "$operating_system" = "1" ]]; then + echo -n "$OPERATING_SYSTEM_VAL" +fi + +# for newline. +echo diff --git a/pkgs/os-specific/linux/lsb-release/lsb_release.sh b/pkgs/os-specific/linux/lsb-release/lsb_release.sh index 47b449c3161..ae524181e88 100644 --- a/pkgs/os-specific/linux/lsb-release/lsb_release.sh +++ b/pkgs/os-specific/linux/lsb-release/lsb_release.sh @@ -32,7 +32,7 @@ short=0 @getopt@/bin/getopt --test > /dev/null && rc=$? || rc=$? if [[ $rc -ne 4 ]]; then # This shouldn't happen. - echo "Warning: Enhanced getopt not supported, please open an issue." >&2 + echo "Warning: Enhanced getopt not supported, please open an issue in nixpkgs." >&2 else # Define all short and long options. SHORT=hvidrcas diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 2470aae99a2..0a43cafe6b8 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -2984,6 +2984,8 @@ with pkgs; detect-secrets = with python3Packages; toPythonApplication detect-secrets; + deterministic-uname = callPackage ../build-support/deterministic-uname { }; + dfmt = callPackage ../tools/text/dfmt { }; diopser = callPackage ../applications/audio/diopser { stdenv = gcc10StdenvCompat; }; From faee5b03a8f646c5ef401559e340401bb0271934 Mon Sep 17 00:00:00 2001 From: Artturin Date: Tue, 10 Jan 2023 23:00:39 +0200 Subject: [PATCH 089/155] libgtop: use deterministic-uname this will make the build reproducible libgtop_server2 contained Linux 5.15.68 x86_64 This libgtop was compiled on %s %s %s --- pkgs/development/libraries/libgtop/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkgs/development/libraries/libgtop/default.nix b/pkgs/development/libraries/libgtop/default.nix index 51765508098..bfe0726c454 100644 --- a/pkgs/development/libraries/libgtop/default.nix +++ b/pkgs/development/libraries/libgtop/default.nix @@ -7,6 +7,7 @@ , gobject-introspection , gnome , gtk-doc +, deterministic-uname }: stdenv.mkDerivation rec { @@ -21,6 +22,8 @@ stdenv.mkDerivation rec { }; nativeBuildInputs = [ + # uname output embedded in https://gitlab.gnome.org/GNOME/libgtop/-/blob/master/src/daemon/Makefile.am + deterministic-uname pkg-config gtk-doc perl From 33c8edced58fd32e5fb0b9d959005b25043743c5 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Thu, 12 Jan 2023 16:31:05 +0000 Subject: [PATCH 090/155] python310Packages.google-cloud-websecurityscanner: 1.10.0 -> 1.11.0 --- .../google-cloud-websecurityscanner/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/google-cloud-websecurityscanner/default.nix b/pkgs/development/python-modules/google-cloud-websecurityscanner/default.nix index 024a637ce8c..ed566191ca5 100644 --- a/pkgs/development/python-modules/google-cloud-websecurityscanner/default.nix +++ b/pkgs/development/python-modules/google-cloud-websecurityscanner/default.nix @@ -12,14 +12,14 @@ buildPythonPackage rec { pname = "google-cloud-websecurityscanner"; - version = "1.10.0"; + version = "1.11.0"; format = "setuptools"; disabled = pythonOlder "3.7"; src = fetchPypi { inherit pname version; - hash = "sha256-93ijizxgVFxXzj8IzxrgzzXTQKl7UH3egvL41HVk5is="; + hash = "sha256-1XuY1Xf4QwJqEWCv0m2seSpoteDJxWep38lyP2Okk1Q="; }; propagatedBuildInputs = [ From b82416c9f2093b98904fe1af3cec94de4f8bf6cb Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Thu, 12 Jan 2023 16:45:03 +0000 Subject: [PATCH 091/155] python310Packages.google-cloud-iot: 2.7.0 -> 2.8.0 --- pkgs/development/python-modules/google-cloud-iot/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/google-cloud-iot/default.nix b/pkgs/development/python-modules/google-cloud-iot/default.nix index 4cbfcbe4242..b973d1a95da 100644 --- a/pkgs/development/python-modules/google-cloud-iot/default.nix +++ b/pkgs/development/python-modules/google-cloud-iot/default.nix @@ -14,14 +14,14 @@ buildPythonPackage rec { pname = "google-cloud-iot"; - version = "2.7.0"; + version = "2.8.0"; format = "setuptools"; disabled = pythonOlder "3.7"; src = fetchPypi { inherit pname version; - hash = "sha256-vV5emuGcFwUctnPNRW1NSFej599Lc6rFSKAlaaCatZw="; + hash = "sha256-YckGLp3A4rngs/KXOg3/AE4RyboUIoy0NGf44unn/ns="; }; propagatedBuildInputs = [ From 78f30999e059a05a2fcd2825fbf81a1cf0adb37f Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Thu, 12 Jan 2023 17:57:28 +0100 Subject: [PATCH 092/155] python310Packages.identify: 2.5.12 -> 2.5.13 --- pkgs/development/python-modules/identify/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/identify/default.nix b/pkgs/development/python-modules/identify/default.nix index cc533cbb21c..ceb9be227b4 100644 --- a/pkgs/development/python-modules/identify/default.nix +++ b/pkgs/development/python-modules/identify/default.nix @@ -9,7 +9,7 @@ buildPythonPackage rec { pname = "identify"; - version = "2.5.12"; + version = "2.5.13"; format = "setuptools"; disabled = pythonOlder "3.7"; @@ -18,7 +18,7 @@ buildPythonPackage rec { owner = "pre-commit"; repo = pname; rev = "v${version}"; - sha256 = "sha256-8hfO2gmgSdhrECsXgG2i+REBIV+OqsQeAabvqKJOU1c="; + sha256 = "sha256-8QkDAVHjVEqicntSMb98JitmR5toOTGhgEk7cH3xSFI="; }; checkInputs = [ From 34d8c467b92111f0a4966417662f230085d03118 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Thu, 12 Jan 2023 17:12:38 +0000 Subject: [PATCH 093/155] python310Packages.google-cloud-vision: 3.2.0 -> 3.3.0 --- .../python-modules/google-cloud-vision/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/google-cloud-vision/default.nix b/pkgs/development/python-modules/google-cloud-vision/default.nix index 86a83155f56..d683feca313 100644 --- a/pkgs/development/python-modules/google-cloud-vision/default.nix +++ b/pkgs/development/python-modules/google-cloud-vision/default.nix @@ -12,14 +12,14 @@ buildPythonPackage rec { pname = "google-cloud-vision"; - version = "3.2.0"; + version = "3.3.0"; format = "setuptools"; disabled = pythonOlder "3.7"; src = fetchPypi { inherit pname version; - hash = "sha256-SZQxkx57cY+8q4Mg880jT8TlYcfwLz4KEpHiyOb2Ujc="; + hash = "sha256-Rj6yR/8V65wOILVSlLEi6+IRgNk3t/t7grVaHc8sRJY="; }; propagatedBuildInputs = [ From 5e7a6742032f5ae5ff974723d8baf7bdfe7f4427 Mon Sep 17 00:00:00 2001 From: Tristan Ross Date: Thu, 12 Jan 2023 09:27:38 -0800 Subject: [PATCH 094/155] maintainers: add Tristan Ross --- maintainers/maintainer-list.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index cb621e5762b..3a5d8f1a44c 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -16271,4 +16271,10 @@ github = "Detegr"; githubId = 724433; }; + RossComputerGuy = { + name = "Tristan Ross"; + email = "tristan.ross@midstall.com"; + github = "RossComputerGuy"; + githubId = 19699320; + }; } From 39d228cf6b8e6961dd97050a9fbebe8ff09893d5 Mon Sep 17 00:00:00 2001 From: Tristan Ross Date: Thu, 12 Jan 2023 09:28:02 -0800 Subject: [PATCH 095/155] lens: 5.5.3 -> 6.3.0 --- .../networking/cluster/lens/default.nix | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/pkgs/applications/networking/cluster/lens/default.nix b/pkgs/applications/networking/cluster/lens/default.nix index ef70e283280..cd75bad0a0f 100644 --- a/pkgs/applications/networking/cluster/lens/default.nix +++ b/pkgs/applications/networking/cluster/lens/default.nix @@ -1,14 +1,14 @@ -{ lib, fetchurl, appimageTools, wrapGAppsHook }: +{ lib, fetchurl, appimageTools, wrapGAppsHook, makeWrapper }: let pname = "lens"; - version = "5.5.3"; - build = "${version}-latest.20220602.2"; + version = "6.3.0"; + build = "2022.12.221341-latest"; name = "${pname}-${version}"; src = fetchurl { url = "https://api.k8slens.dev/binaries/Lens-${build}.x86_64.AppImage"; - sha256 = "sha256-lwiwyXoO+7KgDnQ2Ly0QK0oEVHR73nsMZMGOd2j48dg="; + sha256 = "sha256-IJkm2Woz362jydFph9ek+5Jh2jtDH8kKvWoLQhTZPvc="; name = "${pname}.AppImage"; }; @@ -23,11 +23,12 @@ appimageTools.wrapType2 { extraInstallCommands = '' mv $out/bin/${name} $out/bin/${pname} - + source "${makeWrapper}/nix-support/setup-hook" + wrapProgram $out/bin/${pname} \ + --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" install -m 444 -D ${appimageContents}/lens.desktop $out/share/applications/${pname}.desktop install -m 444 -D ${appimageContents}/usr/share/icons/hicolor/512x512/apps/lens.png \ $out/share/icons/hicolor/512x512/apps/${pname}.png - substituteInPlace $out/share/applications/${pname}.desktop \ --replace 'Icon=lens' 'Icon=${pname}' \ --replace 'Exec=AppRun' 'Exec=${pname}' @@ -37,7 +38,7 @@ appimageTools.wrapType2 { description = "The Kubernetes IDE"; homepage = "https://k8slens.dev/"; license = licenses.mit; - maintainers = with maintainers; [ dbirks ]; + maintainers = with maintainers; [ dbirks RossComputerGuy ]; platforms = [ "x86_64-linux" ]; }; } From 713cb4fbdad99a3857dea49761092333371b17af Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Thu, 12 Jan 2023 18:41:34 +0100 Subject: [PATCH 096/155] python310Packages.sfrbox-api: 0.0.2 -> 0.0.4 Changelog: https://github.com/hacf-fr/sfrbox-api/releases/tag/v0.0.4 --- pkgs/development/python-modules/sfrbox-api/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/sfrbox-api/default.nix b/pkgs/development/python-modules/sfrbox-api/default.nix index 1780d94ded9..8f1746713bf 100644 --- a/pkgs/development/python-modules/sfrbox-api/default.nix +++ b/pkgs/development/python-modules/sfrbox-api/default.nix @@ -14,7 +14,7 @@ buildPythonPackage rec { pname = "sfrbox-api"; - version = "0.0.2"; + version = "0.0.4"; format = "pyproject"; disabled = pythonOlder "3.8"; @@ -23,7 +23,7 @@ buildPythonPackage rec { owner = "hacf-fr"; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-kXM+Y7ZKKczVdKTXqmbgSxlFfHx3hAvT9nkF3Ex7ChY="; + hash = "sha256-mdE7H17vbKwQS7JloYasap8qAjaacdLuDPvIPxJSUXI="; }; postPatch = '' From 202c6e5720546835d377f9380ea8dfb24cf7b46f Mon Sep 17 00:00:00 2001 From: K900 Date: Thu, 12 Jan 2023 16:14:40 +0300 Subject: [PATCH 097/155] pipewire: 0.3.63 -> 0.3.64 --- .../development/libraries/pipewire/default.nix | 18 ++---------------- 1 file changed, 2 insertions(+), 16 deletions(-) diff --git a/pkgs/development/libraries/pipewire/default.nix b/pkgs/development/libraries/pipewire/default.nix index 62b6536c047..ad2bf00a6c2 100644 --- a/pkgs/development/libraries/pipewire/default.nix +++ b/pkgs/development/libraries/pipewire/default.nix @@ -2,7 +2,6 @@ , lib , buildPackages , fetchFromGitLab -, fetchpatch , python3 , meson , ninja @@ -68,7 +67,7 @@ let self = stdenv.mkDerivation rec { pname = "pipewire"; - version = "0.3.63"; + version = "0.3.64"; outputs = [ "out" @@ -86,7 +85,7 @@ let owner = "pipewire"; repo = "pipewire"; rev = version; - sha256 = "sha256-GQJpw5G9YN7T2upu2FLUxE8UvMRev3K2j4Z1uK1/dt4="; + sha256 = "sha256-wIvdciLBWIQjENEipzbVID0eliOcEwqS567pLxVVOsc="; }; patches = [ @@ -102,19 +101,6 @@ let ./0090-pipewire-config-template-paths.patch # Place SPA data files in lib output to avoid dependency cycles ./0095-spa-data-dir.patch - - # FIXME: backports, remove after 0.3.64 - # fix bluetooth issues - (fetchpatch { - url = "https://gitlab.freedesktop.org/pipewire/pipewire/-/commit/c7b3ef0d9ff16a1e69a299870860bebcb628e298.patch"; - hash = "sha256-hiZ6VUhMu8NgwX5DZ/JRVl/g1Go0nZQSjQVrmqIzXoY="; - }) - - # fix routes getting lost - (fetchpatch { - url = "https://gitlab.freedesktop.org/pipewire/pipewire/-/commit/89ac6b353521fb9a6d6eb6bb74724c4fa968f75c.patch"; - hash = "sha256-vzHiKWGmyuUF2iDS/ZQws+bCXVYYEl048JaMckY/fGI="; - }) ]; nativeBuildInputs = [ From b25e0e8ebcd90009462765bb8c49c337ba6af082 Mon Sep 17 00:00:00 2001 From: pacien Date: Thu, 12 Jan 2023 19:50:27 +0100 Subject: [PATCH 098/155] nixos/tests: add qemu-vm-restrictnetwork test --- nixos/tests/all-tests.nix | 1 + nixos/tests/qemu-vm-restrictnetwork.nix | 36 +++++++++++++++++++++++++ 2 files changed, 37 insertions(+) create mode 100644 nixos/tests/qemu-vm-restrictnetwork.nix diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index fbbebc2520a..7ed310c0d7c 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -533,6 +533,7 @@ in { public-inbox = handleTest ./public-inbox.nix {}; pulseaudio = discoverTests (import ./pulseaudio.nix); qboot = handleTestOn ["x86_64-linux" "i686-linux"] ./qboot.nix {}; + qemu-vm-restrictnetwork = handleTest ./qemu-vm-restrictnetwork.nix {}; quorum = handleTest ./quorum.nix {}; quake3 = handleTest ./quake3.nix {}; rabbitmq = handleTest ./rabbitmq.nix {}; diff --git a/nixos/tests/qemu-vm-restrictnetwork.nix b/nixos/tests/qemu-vm-restrictnetwork.nix new file mode 100644 index 00000000000..49a105ef107 --- /dev/null +++ b/nixos/tests/qemu-vm-restrictnetwork.nix @@ -0,0 +1,36 @@ +import ./make-test-python.nix ({ + name = "qemu-vm-restrictnetwork"; + + nodes = { + unrestricted = { config, pkgs, ... }: { + virtualisation.restrictNetwork = false; + }; + + restricted = { config, pkgs, ... }: { + virtualisation.restrictNetwork = true; + }; + }; + + testScript = '' + import os + + if os.fork() == 0: + # Start some HTTP server on the qemu host to test guest isolation. + from http.server import HTTPServer, BaseHTTPRequestHandler + HTTPServer(("", 8000), BaseHTTPRequestHandler).serve_forever() + + else: + start_all() + unrestricted.wait_for_unit("network-online.target") + restricted.wait_for_unit("network-online.target") + + # Guests should be able to reach each other on the same VLAN. + unrestricted.succeed("ping -c1 restricted") + restricted.succeed("ping -c1 unrestricted") + + # Only the unrestricted guest should be able to reach host services. + # 10.0.2.2 is the gateway mapping to the host's loopback interface. + unrestricted.succeed("curl -s http://10.0.2.2:8000") + restricted.fail("curl -s http://10.0.2.2:8000") + ''; +}) From fec6e19fd1a32d7dce6cf63b85a535ea4555809f Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Thu, 12 Jan 2023 22:56:46 +0100 Subject: [PATCH 099/155] nixos/tests/acme/generate-certs: deprecate phases --- nixos/tests/common/acme/server/generate-certs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/tests/common/acme/server/generate-certs.nix b/nixos/tests/common/acme/server/generate-certs.nix index 85c751c56ad..4f38ca309b0 100644 --- a/nixos/tests/common/acme/server/generate-certs.nix +++ b/nixos/tests/common/acme/server/generate-certs.nix @@ -15,7 +15,7 @@ in mkDerivation { sed -i 's_NotAfter: time.Now().AddDate(2, 0, 30),_NotAfter: time.Now().AddDate(20, 0, 0),_' main.go ''; })) ]; - phases = [ "buildPhase" "installPhase" ]; + dontUnpack = true; buildPhase = '' minica \ From 3c202950dde91a4370d9d134b90143c4819b4f54 Mon Sep 17 00:00:00 2001 From: figsoda Date: Thu, 12 Jan 2023 20:55:40 -0500 Subject: [PATCH 100/155] vimPlugins.nvim-ts-rainbow: switch to maintained fork --- pkgs/applications/editors/vim/plugins/vim-plugin-names | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/applications/editors/vim/plugins/vim-plugin-names b/pkgs/applications/editors/vim/plugins/vim-plugin-names index 30a191de7b1..f9da7543b82 100644 --- a/pkgs/applications/editors/vim/plugins/vim-plugin-names +++ b/pkgs/applications/editors/vim/plugins/vim-plugin-names @@ -541,7 +541,7 @@ https://github.com/nvim-treesitter/nvim-treesitter-refactor/,, https://github.com/nvim-treesitter/nvim-treesitter-textobjects/,, https://github.com/windwp/nvim-ts-autotag/,, https://github.com/joosepalviste/nvim-ts-context-commentstring/,, -https://github.com/p00f/nvim-ts-rainbow/,, +https://github.com/mrjones2014/nvim-ts-rainbow/,, https://gitlab.com/HiPhish/nvim-ts-rainbow2,HEAD, https://github.com/kyazdani42/nvim-web-devicons/,, https://github.com/AckslD/nvim-whichkey-setup.lua/,, From f66f25f2995680f7dcdba9c422b1677219490547 Mon Sep 17 00:00:00 2001 From: figsoda Date: Thu, 12 Jan 2023 20:57:08 -0500 Subject: [PATCH 101/155] vimPlugins: update --- .../editors/vim/plugins/generated.nix | 404 +++++++++--------- .../editors/vim/plugins/overrides.nix | 2 +- 2 files changed, 203 insertions(+), 203 deletions(-) diff --git a/pkgs/applications/editors/vim/plugins/generated.nix b/pkgs/applications/editors/vim/plugins/generated.nix index 68afc481206..946db59c6cb 100644 --- a/pkgs/applications/editors/vim/plugins/generated.nix +++ b/pkgs/applications/editors/vim/plugins/generated.nix @@ -293,12 +293,12 @@ final: prev: SchemaStore-nvim = buildVimPluginFrom2Nix { pname = "SchemaStore.nvim"; - version = "2023-01-05"; + version = "2023-01-11"; src = fetchFromGitHub { owner = "b0o"; repo = "SchemaStore.nvim"; - rev = "c55c35929dd4e670af7ab6e2e197a4687baa2076"; - sha256 = "08qymjfh22737q73mf1l84wydagg6lgc9yrm1k2qm8h2gr310rc2"; + rev = "2af488a5c74e44215349258a4c9e74bea8e061be"; + sha256 = "01md07zdlmyyl4layp1rkyhksi0n7d6j4cbs3i837a38g3s3bf97"; }; meta.homepage = "https://github.com/b0o/SchemaStore.nvim/"; }; @@ -847,12 +847,12 @@ final: prev: barbecue-nvim = buildVimPluginFrom2Nix { pname = "barbecue.nvim"; - version = "2023-01-09"; + version = "2023-01-11"; src = fetchFromGitHub { owner = "utilyre"; repo = "barbecue.nvim"; - rev = "51e6be4c0836b5fa9a9e6f679589f0e3cf90ec93"; - sha256 = "09yl34b4qiv87rl88daa258443rgcxb6kx9yrhkc6ssalkh1a3gp"; + rev = "231d6f545afd108330bd515fc69f4cb509c97c0c"; + sha256 = "04blr13rjyjpa47y58d8hlsl6zf7wb8bsiq8q4sl57ygvp6hrz8m"; }; meta.homepage = "https://github.com/utilyre/barbecue.nvim/"; }; @@ -1027,12 +1027,12 @@ final: prev: calendar-vim = buildVimPluginFrom2Nix { pname = "calendar.vim"; - version = "2023-01-04"; + version = "2023-01-10"; src = fetchFromGitHub { owner = "itchyny"; repo = "calendar.vim"; - rev = "5ab65172102035d93fabb7f9c31b8539618a6297"; - sha256 = "1jkilabr0y3ijihzvgj49xy2mz0r8cy8cxvaw6p8cc7rx2r6a5cg"; + rev = "93a024f83c64b24ee4c55e8b57b3c45aa7d545cb"; + sha256 = "0vqrajr527dqpig790csqc06rqpz3y6rw3i5kw53wzc8cmxrsgsa"; }; meta.homepage = "https://github.com/itchyny/calendar.vim/"; }; @@ -1495,12 +1495,12 @@ final: prev: cmp-nvim-ultisnips = buildVimPluginFrom2Nix { pname = "cmp-nvim-ultisnips"; - version = "2022-04-22"; + version = "2023-01-12"; src = fetchFromGitHub { owner = "quangnguyen30192"; repo = "cmp-nvim-ultisnips"; - rev = "21f02b62deb409ce69928a23406076bd0043ddbc"; - sha256 = "0jil0i9g33i0h3ynng58qaam5k18sdlqdzrbyqgn4gjzchcxpfqv"; + rev = "43b69a235b2dc54db692049fe0d5cc60c6b58b4b"; + sha256 = "0h3xm2pclylvr923sw9g9jj6bh867n0f2c4a9ndg803wky0pxmh0"; }; meta.homepage = "https://github.com/quangnguyen30192/cmp-nvim-ultisnips/"; }; @@ -2275,12 +2275,12 @@ final: prev: dashboard-nvim = buildVimPluginFrom2Nix { pname = "dashboard-nvim"; - version = "2022-12-31"; + version = "2023-01-10"; src = fetchFromGitHub { owner = "glepnir"; repo = "dashboard-nvim"; - rev = "e517188dab55493fb9034b4d4f1a508ccacfcd45"; - sha256 = "1r51idix6yicy3ycm1f6sp0cjc7hklwrnipl8hkmcryny49zcdvf"; + rev = "f7d623457d6621b25a1292b24e366fae40cb79ab"; + sha256 = "17vwcqajvxhbvifg562zxvzwln0llb3gzyih3k61yssdp5akcfl0"; }; meta.homepage = "https://github.com/glepnir/dashboard-nvim/"; }; @@ -2758,12 +2758,12 @@ final: prev: editorconfig-nvim = buildVimPluginFrom2Nix { pname = "editorconfig.nvim"; - version = "2023-01-03"; + version = "2023-01-10"; src = fetchFromGitHub { owner = "gpanders"; repo = "editorconfig.nvim"; - rev = "4b0da4c50727551bfabde7b8a1f7499e2abc0d2f"; - sha256 = "0ndysssrnbkykpq9dwl0mi0gq4b9ya2fp4zmrmnzsjlr362v2ni7"; + rev = "5b9e303e1d6f7abfe616ce4cc8d3fffc554790bf"; + sha256 = "1rkkq11qwql4h7f3fa1pj7gmnwgx5wb9j9p1jrw62m6xhjs7n7m5"; }; meta.homepage = "https://github.com/gpanders/editorconfig.nvim/"; }; @@ -3060,12 +3060,12 @@ final: prev: friendly-snippets = buildVimPluginFrom2Nix { pname = "friendly-snippets"; - version = "2023-01-03"; + version = "2023-01-13"; src = fetchFromGitHub { owner = "rafamadriz"; repo = "friendly-snippets"; - rev = "484fb38b8f493ceeebf4e6fc499ebe41e10aae25"; - sha256 = "1kjcc0gsn12zrd2bn19w54b4a5ww6g5vsv4rfrw6wk67bk1ckfkf"; + rev = "a7d3b945fe72c2b007266dceb28b7fbc1c72b4a6"; + sha256 = "045785ih0xalpmh710jsgk4igskif37461qz5a11wlkmm4bi0gm1"; }; meta.homepage = "https://github.com/rafamadriz/friendly-snippets/"; }; @@ -3172,8 +3172,8 @@ final: prev: src = fetchFromGitHub { owner = "ibhagwan"; repo = "fzf-lua"; - rev = "632dbf6407b95cfa7995765f44d16c8d1663a04c"; - sha256 = "0j4p73mcqllbr7rivcqlcc1zk7x67z04dkyww60ibbnzfzins4gr"; + rev = "d9c9574b38e90bbbd19b241ba7cf7cbcb9afc549"; + sha256 = "1z7ifmflbkdazxx6b7z8ibni08inyw7fxjn4593r20hy5zqwr6gh"; }; meta.homepage = "https://github.com/ibhagwan/fzf-lua/"; }; @@ -3264,12 +3264,12 @@ final: prev: git-blame-nvim = buildVimPluginFrom2Nix { pname = "git-blame.nvim"; - version = "2022-11-05"; + version = "2023-01-10"; src = fetchFromGitHub { owner = "f-person"; repo = "git-blame.nvim"; - rev = "d3afb1c57918720548effb42edec530232436378"; - sha256 = "1dwnkrp1h452129xsa1jszrw38as0czhiykf0fvqvfa5yhsq0aga"; + rev = "746aed33ccdfe1e41f8b7d5683052337f1b20f01"; + sha256 = "1iabaicj66ncmykrzrc65rx9zaxd284fqqm9icmccjs6v5lvxklp"; }; meta.homepage = "https://github.com/f-person/git-blame.nvim/"; }; @@ -3324,12 +3324,12 @@ final: prev: gitsigns-nvim = buildNeovimPluginFrom2Nix { pname = "gitsigns.nvim"; - version = "2023-01-09"; + version = "2023-01-12"; src = fetchFromGitHub { owner = "lewis6991"; repo = "gitsigns.nvim"; - rev = "114362a85e51918ab2965181ffa31932c181f32f"; - sha256 = "047gb4m4xzf34lsbax3fvb77gklig1p5k1srq5kxp1xn5vyl2w74"; + rev = "addd6e174a85fc1c4007ab0b65d77e6555b417bf"; + sha256 = "09gnk8szbdxc26g46hyjw6zb41i9nswz7pxcadmx9x2f0j9sma3m"; }; meta.homepage = "https://github.com/lewis6991/gitsigns.nvim/"; }; @@ -3348,12 +3348,12 @@ final: prev: glance-nvim = buildVimPluginFrom2Nix { pname = "glance.nvim"; - version = "2023-01-04"; + version = "2023-01-10"; src = fetchFromGitHub { owner = "DNLHC"; repo = "glance.nvim"; - rev = "b179dae9f53c3567ff98e1c974973d665422d959"; - sha256 = "10xam5i94r6abkyqn8ba84jkhsh7zapbjz1glqf1idw4jj02xd7a"; + rev = "611478d2b36beb3c416c92f77e7c116d7bd25ee6"; + sha256 = "0fhxg27yq2lfwfwgpg2zf28hrb6kfa6nffrm6bzajk192z1zbak0"; }; meta.homepage = "https://github.com/DNLHC/glance.nvim/"; }; @@ -4115,12 +4115,12 @@ final: prev: lazy-nvim = buildVimPluginFrom2Nix { pname = "lazy.nvim"; - version = "2023-01-09"; + version = "2023-01-12"; src = fetchFromGitHub { owner = "folke"; repo = "lazy.nvim"; - rev = "e6ee0fa6103e9514e85a96fc16902ad7f777b53f"; - sha256 = "1463an1sdccsnxk8hlcxl3zb6bmwwd2mgqmdbixn5v33ijncjsr4"; + rev = "70e5e08dc12613006ee86489291929c592f1145d"; + sha256 = "0bmxkf4q84np49bjv0aiimwhbdgq6ac432lrbbd483wj77s5sshj"; }; meta.homepage = "https://github.com/folke/lazy.nvim/"; }; @@ -4139,12 +4139,12 @@ final: prev: lean-nvim = buildVimPluginFrom2Nix { pname = "lean.nvim"; - version = "2023-01-03"; + version = "2023-01-12"; src = fetchFromGitHub { owner = "Julian"; repo = "lean.nvim"; - rev = "38c0714bb0e3e7cf4be93cf7a3a06107aea89a58"; - sha256 = "1avdgwa8nd5l6hj99jd3ibydbpvsvamz4ykj8j0hjip0blx5g81s"; + rev = "af5ac626ffac9af956eedda1f5b31bf36572708e"; + sha256 = "184qjx3dpak2adk1b0y23cngpb2hfyvq6l7hkrd8z256gcx27wm9"; }; meta.homepage = "https://github.com/Julian/lean.nvim/"; }; @@ -4367,12 +4367,12 @@ final: prev: lir-nvim = buildVimPluginFrom2Nix { pname = "lir.nvim"; - version = "2023-01-09"; + version = "2023-01-11"; src = fetchFromGitHub { owner = "tamago324"; repo = "lir.nvim"; - rev = "1fb0c78906677ec67493ffc3b4b6f7d584d25498"; - sha256 = "0pf5ik5yma1j2w32gx4kb6s3p0hh0rhh0w9hkks7670jwib9sg3g"; + rev = "364277da61f40902910e640866679c358e3384a3"; + sha256 = "166nwbdcnkfgnl23jx6f2370yqkk6pgh128wwxm8sl2iiblwpc1f"; }; meta.homepage = "https://github.com/tamago324/lir.nvim/"; }; @@ -4523,12 +4523,12 @@ final: prev: lsp-zero-nvim = buildVimPluginFrom2Nix { pname = "lsp-zero.nvim"; - version = "2023-01-09"; + version = "2023-01-12"; src = fetchFromGitHub { owner = "VonHeikemen"; repo = "lsp-zero.nvim"; - rev = "b3d60f170a23ba52cfd56fd6f8ce70a38e853330"; - sha256 = "1xhdqc16qyhkp9gp2lgqx3y7ayssnwcmy48m0s4phw7hkmjf4g6r"; + rev = "c7ad31be1fbd106fd590c5f175ed9c34c66dddc1"; + sha256 = "0zf3k2a631q3dzplh9k57zvnpprygdb5pndziab1agj8y3in42zg"; }; meta.homepage = "https://github.com/VonHeikemen/lsp-zero.nvim/"; }; @@ -4618,12 +4618,12 @@ final: prev: lualine-nvim = buildVimPluginFrom2Nix { pname = "lualine.nvim"; - version = "2023-01-05"; + version = "2023-01-11"; src = fetchFromGitHub { owner = "nvim-lualine"; repo = "lualine.nvim"; - rev = "d8c392dd75778d6258da4e7c55522e94ac389732"; - sha256 = "1axqp7is8dkbpvsc2w30mwlcjgvi07sj2binwv2nnrdn2v1ci1mk"; + rev = "0050b308552e45f7128f399886c86afefc3eb988"; + sha256 = "12c6f3xcj38zbiya3m4glwr5pkh0fq51gmch994i2mg5xy1ni3yw"; }; meta.homepage = "https://github.com/nvim-lualine/lualine.nvim/"; }; @@ -4727,12 +4727,12 @@ final: prev: mason-nvim = buildVimPluginFrom2Nix { pname = "mason.nvim"; - version = "2023-01-09"; + version = "2023-01-12"; src = fetchFromGitHub { owner = "williamboman"; repo = "mason.nvim"; - rev = "a4ebe1f14ba31242cd09f9e0709d5b1f9d2bcecb"; - sha256 = "0jwqfmd89dghfrmfp7srcahxz5c7rkafyzd056s7qiwpciqi7hbn"; + rev = "4d734aee41efce4f1a4be7619ad040b53237042e"; + sha256 = "19383cijxb4kvc1mngcbwk392xs07v7dd02fk6g1pqqljzpjagk8"; }; meta.homepage = "https://github.com/williamboman/mason.nvim/"; }; @@ -4751,24 +4751,24 @@ final: prev: material-nvim = buildVimPluginFrom2Nix { pname = "material.nvim"; - version = "2022-12-21"; + version = "2023-01-13"; src = fetchFromGitHub { owner = "marko-cerovac"; repo = "material.nvim"; - rev = "0560abaac9369d1027169a50e5219c3e069d00f3"; - sha256 = "190cw0fzrswigq1vc43nmf28mzhbn82wg2xhiq5rymbdf1lvpm2m"; + rev = "c5f6a24d526a8ddcd651c5d1291de89a51f923fa"; + sha256 = "1lwrxaaa11q9fwmiagy4zgx0chc69fdapqq5kw2nqc7f4wrqc6mm"; }; meta.homepage = "https://github.com/marko-cerovac/material.nvim/"; }; material-vim = buildVimPluginFrom2Nix { pname = "material.vim"; - version = "2022-12-22"; + version = "2023-01-12"; src = fetchFromGitHub { owner = "kaicataldo"; repo = "material.vim"; - rev = "bdccc06f963d722111fc8887b22473997750b2de"; - sha256 = "1j23wi0hh5h0pc0rk5dxvsc60k484h5haa2gfxzahjqd7kzil4y8"; + rev = "ec5a2cecee50ea2074e6f19bd1c98e7d868a52c7"; + sha256 = "08s8k9nwnmyqzlpvfz2pp1j8dhip1syhkilrrzbj723xknclxyzf"; }; meta.homepage = "https://github.com/kaicataldo/material.vim/"; }; @@ -4799,12 +4799,12 @@ final: prev: mini-nvim = buildVimPluginFrom2Nix { pname = "mini.nvim"; - version = "2023-01-05"; + version = "2023-01-12"; src = fetchFromGitHub { owner = "echasnovski"; repo = "mini.nvim"; - rev = "1e9e353c5f4075dda2be25b8fe2bff5134b99e41"; - sha256 = "0ccwcs55s7czh066d2sn7hr4jhrc4l78n84adh4am6chfq9kf3qm"; + rev = "96e648cae35dfd361c9077bf79306dd05d23db2f"; + sha256 = "1ncscamzd2f8gsylyakq6i4dxn58624lx006s7qw69dbhj318xwf"; }; meta.homepage = "https://github.com/echasnovski/mini.nvim/"; }; @@ -5123,12 +5123,12 @@ final: prev: neco-vim = buildVimPluginFrom2Nix { pname = "neco-vim"; - version = "2022-11-24"; + version = "2023-01-10"; src = fetchFromGitHub { owner = "Shougo"; repo = "neco-vim"; - rev = "7fb5b63881a25c3d5a8321f8dae21737a1b01634"; - sha256 = "1843wss72yisfbp1xrrl6ajvvf3kmfcg3jwjcmyqv9vrsbivvijq"; + rev = "6c581808ac3179ea0c640e43c77de48bbbec4fbc"; + sha256 = "0jad8phdvslv57mah0psp0xlvh116s2dwmh7v1g4kmk598j4ljm4"; }; meta.homepage = "https://github.com/Shougo/neco-vim/"; }; @@ -5159,12 +5159,12 @@ final: prev: neoconf-nvim = buildVimPluginFrom2Nix { pname = "neoconf.nvim"; - version = "2023-01-09"; + version = "2023-01-13"; src = fetchFromGitHub { owner = "folke"; repo = "neoconf.nvim"; - rev = "4b4e539325db1d939be5a1d7a4b2d5644c59eda2"; - sha256 = "1gdpiakgwn7f8lfx2hfvr4vaxnczni6i6yxfkc7hzf0r6h64q4h0"; + rev = "74cdafcbf931874a51ef75d53ce60f0408dbcdbd"; + sha256 = "09svmnbqgmw2b9fm6vv43xv475nqy1dzhlivd3q2vdqldjr4zg68"; }; meta.homepage = "https://github.com/folke/neoconf.nvim/"; }; @@ -5183,36 +5183,36 @@ final: prev: neodev-nvim = buildVimPluginFrom2Nix { pname = "neodev.nvim"; - version = "2023-01-04"; + version = "2023-01-11"; src = fetchFromGitHub { owner = "folke"; repo = "neodev.nvim"; - rev = "258b83f48405c6b530c09dd96950693664dc6bc0"; - sha256 = "14l9j877h47n1za97szwaj76y0xlf0w0l8wb73i3076n4j29148h"; + rev = "0e3f5e763639951f96f9acbdc9f52a9fedf91b46"; + sha256 = "16r6c3p1k61cq98rhdj8zmj9xa9c6spzc1n1lkxrxcvyijcd66g5"; }; meta.homepage = "https://github.com/folke/neodev.nvim/"; }; neoformat = buildVimPluginFrom2Nix { pname = "neoformat"; - version = "2022-12-06"; + version = "2023-01-11"; src = fetchFromGitHub { owner = "sbdchd"; repo = "neoformat"; - rev = "902f674b9e8a703fad9dafdda9d8f7c88ecf689f"; - sha256 = "12zxmyhk06xiyr5sahqip9pf6f5zyvr46yb6a4ayzdk81k8wmdky"; + rev = "ec601d38a2e9309109f405ce038c5a6ce774f1a9"; + sha256 = "028xycbvjhs7mvnzlismjipibgqdhjm9s0asmjpg3g7y2qhkw3ix"; }; meta.homepage = "https://github.com/sbdchd/neoformat/"; }; neogit = buildVimPluginFrom2Nix { pname = "neogit"; - version = "2023-01-09"; + version = "2023-01-12"; src = fetchFromGitHub { owner = "TimUntersberger"; repo = "neogit"; - rev = "a364c3da583a78f707aac761f5927967a0165143"; - sha256 = "1y9vn5a35kq9imvp57gdal2pi2vhrv27l2vc5xzsa8clvcd05jxy"; + rev = "981207efd10425fef82ca09fa8bd22c3ac3e622d"; + sha256 = "16rfvllp4w1d3sph1zdilprp5kfwsc669zaspxnclyk0nyi8cs8b"; }; meta.homepage = "https://github.com/TimUntersberger/neogit/"; }; @@ -5267,12 +5267,12 @@ final: prev: neorg = buildVimPluginFrom2Nix { pname = "neorg"; - version = "2023-01-06"; + version = "2023-01-12"; src = fetchFromGitHub { owner = "nvim-neorg"; repo = "neorg"; - rev = "4ad79529477fd8b84fec75485e705eab2d3ca34a"; - sha256 = "072gyzqhpcylc18bn0fr9jg1k3ap449pkji234lnsfkgj4w245zv"; + rev = "91840274112f1286ff5f4063ac6f515683b6dc67"; + sha256 = "1am76r8crxnsl2zhl782ycmpd5cs6an6vih23dz5vchlf0n02gvb"; }; meta.homepage = "https://github.com/nvim-neorg/neorg/"; }; @@ -5471,12 +5471,12 @@ final: prev: nightfox-nvim = buildVimPluginFrom2Nix { pname = "nightfox.nvim"; - version = "2023-01-06"; + version = "2023-01-12"; src = fetchFromGitHub { owner = "EdenEast"; repo = "nightfox.nvim"; - rev = "6677c99d89050fa940ffc320fe780fb52baa68ac"; - sha256 = "0ry0w633jsbv0v27xn6b3j1k2k9dpkr91aq5a2d9cp65rs0gl5xn"; + rev = "925cca4bb4978530b13f96eb2de887ded19484d0"; + sha256 = "1i7psxqfvjqg7596mn316fdgsdh6qzx1bilz1z7vgcy7vgyv71zs"; }; meta.homepage = "https://github.com/EdenEast/nightfox.nvim/"; }; @@ -5495,24 +5495,24 @@ final: prev: nix-develop-nvim = buildVimPluginFrom2Nix { pname = "nix-develop.nvim"; - version = "2023-01-10"; + version = "2023-01-11"; src = fetchFromGitHub { owner = "figsoda"; repo = "nix-develop.nvim"; - rev = "456f0b202cc179390bc9ed84fbd589832849e983"; - sha256 = "0yk7661336sjlvmsk7p7v6ssr5242r6xy5cm4d22pvk9zz5yzxwc"; + rev = "ce61f6d964232c86b522c292667841f42ebee618"; + sha256 = "0yfs2iws6d370scq4jgc7gq3n5r3a0lwqfs7awcliks524768c6j"; }; meta.homepage = "https://github.com/figsoda/nix-develop.nvim/"; }; nlsp-settings-nvim = buildVimPluginFrom2Nix { pname = "nlsp-settings.nvim"; - version = "2023-01-09"; + version = "2023-01-12"; src = fetchFromGitHub { owner = "tamago324"; repo = "nlsp-settings.nvim"; - rev = "ce9c4b5869e6ff2714812ada81553e9aa063e3ef"; - sha256 = "1k0cjkvlfk5x92v5gcrcla3kj6r6kb5ygbm02jpr8ypraasy57nm"; + rev = "8918dd0f319715d50b041cef3022973c1eb25af2"; + sha256 = "1jicjj7xcgz5gcp4zagqk884dzja1ikk9gp9zcix81xdwx11php6"; }; meta.homepage = "https://github.com/tamago324/nlsp-settings.nvim/"; }; @@ -5543,12 +5543,12 @@ final: prev: noice-nvim = buildVimPluginFrom2Nix { pname = "noice.nvim"; - version = "2023-01-04"; + version = "2023-01-11"; src = fetchFromGitHub { owner = "folke"; repo = "noice.nvim"; - rev = "eadc279a27abc34ffcde84596e24e7780add11b1"; - sha256 = "1dww1rzbakznxjbcfa8gck02m7fli64ym8i00rr16gri6drp5hkm"; + rev = "36eabb66be53c6ed20c712a7820f0edaa0c00bb8"; + sha256 = "1xfn4iqrv61dpsr3yh2ic69kbz60qw6689dfbxjq34rf1pakkabx"; }; meta.homepage = "https://github.com/folke/noice.nvim/"; }; @@ -5675,12 +5675,12 @@ final: prev: nvim-base16 = buildVimPluginFrom2Nix { pname = "nvim-base16"; - version = "2022-12-21"; + version = "2023-01-11"; src = fetchFromGitHub { owner = "RRethy"; repo = "nvim-base16"; - rev = "be09864ae8b60f6f96d42ed60752dcfa3b7d31b5"; - sha256 = "02hy4358jqdf8pwis4w7z8rg4qw039c5cjvjlgbw4fzb02rqpvf6"; + rev = "cf8252058c8fc486bc565a815083a2eb390f7621"; + sha256 = "1hcj0k8szin32b2ki6mkqwpckinyca8vpwvd3rmaf597qnk0bv5h"; }; meta.homepage = "https://github.com/RRethy/nvim-base16/"; }; @@ -5759,12 +5759,12 @@ final: prev: nvim-cokeline = buildVimPluginFrom2Nix { pname = "nvim-cokeline"; - version = "2022-09-11"; + version = "2023-01-10"; src = fetchFromGitHub { owner = "noib3"; repo = "nvim-cokeline"; - rev = "501f93ec84af0d505d95d3827cad470b9c5e86dc"; - sha256 = "1vb6p497rwi6jmj08a3vpcxkc6c9qkblkv56gn1qgrdrx66gh0q5"; + rev = "dc72c4a8dcbcc4763e33899876512b15c2d2aa4e"; + sha256 = "0lqzzycim4g1x5715845mcp4rrabgpl37jk7mrhh2k4mciraxwmg"; }; meta.homepage = "https://github.com/noib3/nvim-cokeline/"; }; @@ -5843,12 +5843,12 @@ final: prev: nvim-dap = buildVimPluginFrom2Nix { pname = "nvim-dap"; - version = "2023-01-08"; + version = "2023-01-12"; src = fetchFromGitHub { owner = "mfussenegger"; repo = "nvim-dap"; - rev = "700a3c7d6fbe5b07bee74e9952b456120d355c47"; - sha256 = "16hrqqa6577lq51hcx048j8rwa6aqdb6dz9b94rv1ki0jy52cx00"; + rev = "b8201fd104287e9c24f898f1f7f5202896eea203"; + sha256 = "0nmqkx8vza9792nk9zf216hd4k2g10agpy0wahdvmiajplfb9l5v"; }; meta.homepage = "https://github.com/mfussenegger/nvim-dap/"; }; @@ -5879,12 +5879,12 @@ final: prev: nvim-dap-ui = buildVimPluginFrom2Nix { pname = "nvim-dap-ui"; - version = "2023-01-04"; + version = "2023-01-11"; src = fetchFromGitHub { owner = "rcarriga"; repo = "nvim-dap-ui"; - rev = "f2206de65ea39093e3f13992507fc985c17aa763"; - sha256 = "1ylgzhb063xaslwya75ds7ngn4bdv09ajp5x3lawla17dbkry4ic"; + rev = "b80227ea56a48177786904f6322abc8b2dc0bc36"; + sha256 = "11a9jn4m1db2zlkfvwym98h15l46idf14gaddczf1njxhms52nm1"; }; meta.homepage = "https://github.com/rcarriga/nvim-dap-ui/"; }; @@ -5987,12 +5987,12 @@ final: prev: nvim-hlslens = buildVimPluginFrom2Nix { pname = "nvim-hlslens"; - version = "2023-01-05"; + version = "2023-01-12"; src = fetchFromGitHub { owner = "kevinhwang91"; repo = "nvim-hlslens"; - rev = "9234f0fd7ec6042e8b4c70d41d25478a6cbf3a8e"; - sha256 = "1qlwhfdlg55pfx883k95i914myn509p69wkdjlv44asad36qhij4"; + rev = "0800f077ada1ba8cd92dc1f104c59ec1862de7df"; + sha256 = "1pnygqlippcmy74phm1j0s55mlh2vyyw5qfl4sga37ba5qdcxfq2"; }; meta.homepage = "https://github.com/kevinhwang91/nvim-hlslens/"; }; @@ -6095,12 +6095,12 @@ final: prev: nvim-lspconfig = buildVimPluginFrom2Nix { pname = "nvim-lspconfig"; - version = "2023-01-09"; + version = "2023-01-11"; src = fetchFromGitHub { owner = "neovim"; repo = "nvim-lspconfig"; - rev = "7b98aadc6e85db4fc3af6c1ec22c4774d965506e"; - sha256 = "1b0ygz9jyaj0i993qnjvfnr6yxf65sa8vkfjg2qh2gh1dphsvhfp"; + rev = "f0221821d8ceed70f0525a2c35380ba56672e107"; + sha256 = "156rys98bv2kwhfrpwqda3pkhjl4lxbjfcm7kwhjxpsrnnyf7an3"; }; meta.homepage = "https://github.com/neovim/nvim-lspconfig/"; }; @@ -6143,12 +6143,12 @@ final: prev: nvim-metals = buildVimPluginFrom2Nix { pname = "nvim-metals"; - version = "2023-01-02"; + version = "2023-01-12"; src = fetchFromGitHub { owner = "scalameta"; repo = "nvim-metals"; - rev = "ddc1cb77b84c96152ab2a05cd22215da49d624ba"; - sha256 = "0fxbxi7xy19qhd1mzq2h8q5plq6sbmgy50z6kipc8n8lf57f2p5v"; + rev = "11da0d84c7b6b2c170b84aca17f54b74413b72a7"; + sha256 = "16pk37kiq6cshjp1f6wf3lwlpyajn1rwb445njb4sm1s60jvplfl"; }; meta.homepage = "https://github.com/scalameta/nvim-metals/"; }; @@ -6179,12 +6179,12 @@ final: prev: nvim-neoclip-lua = buildVimPluginFrom2Nix { pname = "nvim-neoclip.lua"; - version = "2023-01-06"; + version = "2023-01-10"; src = fetchFromGitHub { owner = "AckslD"; repo = "nvim-neoclip.lua"; - rev = "996b46fc661f9977ab214ddfc1322668f646d92d"; - sha256 = "0myzmnckzxnv0ikqbp6dpdaxsry01pya469iz3ncx4lnmwzvc372"; + rev = "e112a0bfaf137bcc0df361a4bad98bc21657ae2c"; + sha256 = "004izyg49921mspzqzdz8z06pxfzal1j58s4dw065rfnm2wjfjkn"; }; meta.homepage = "https://github.com/AckslD/nvim-neoclip.lua/"; }; @@ -6239,12 +6239,12 @@ final: prev: nvim-scrollbar = buildVimPluginFrom2Nix { pname = "nvim-scrollbar"; - version = "2023-01-04"; + version = "2023-01-12"; src = fetchFromGitHub { owner = "petertriho"; repo = "nvim-scrollbar"; - rev = "6e704cdeb7114385b4b19f9dc4b8f0c442019edc"; - sha256 = "0pw3x1k5r0z2g5bxfgvaafh6jzc2zfw3v7f69p2jn9yzbg5afchy"; + rev = "6a2065fbcd032075a06d2ab54508b69842bc4496"; + sha256 = "0i6kg4lw7v9fggi7j13lyb7ncchk1w10qdkzdgxn2cani2clwx9s"; }; meta.homepage = "https://github.com/petertriho/nvim-scrollbar/"; }; @@ -6263,12 +6263,12 @@ final: prev: nvim-snippy = buildVimPluginFrom2Nix { pname = "nvim-snippy"; - version = "2023-01-06"; + version = "2023-01-11"; src = fetchFromGitHub { owner = "dcampos"; repo = "nvim-snippy"; - rev = "8418bdb156822a780d00a86b50a0fe1c0bcf6200"; - sha256 = "17mklxh1vaf24kjkndj9c7cnc0kagcnl985vafd3iqbphpbyb3np"; + rev = "1be7830ee622dcae5bc5b1e59c1028d5606aa862"; + sha256 = "07rrwcglhhl6grncq1b0n6kdi60w4d8yvqfynjmhwjf6r9dkyq60"; }; meta.homepage = "https://github.com/dcampos/nvim-snippy/"; }; @@ -6287,12 +6287,12 @@ final: prev: nvim-spectre = buildVimPluginFrom2Nix { pname = "nvim-spectre"; - version = "2022-12-20"; + version = "2023-01-11"; src = fetchFromGitHub { owner = "nvim-pack"; repo = "nvim-spectre"; - rev = "68ea562b485b6593e325e7916c3bd6e833d433e7"; - sha256 = "1r32ad6q18y3w3adkdgscya6gw9iynab5pgqv9an3924vzpbvi8w"; + rev = "24275beae382e6bd0180b3064cf5729548641a02"; + sha256 = "0rw2g0a1sdd92ac22rgmvb4yk17ps2c760g03pbdwfca14d50fnh"; }; meta.homepage = "https://github.com/nvim-pack/nvim-spectre/"; }; @@ -6335,24 +6335,24 @@ final: prev: nvim-tree-lua = buildVimPluginFrom2Nix { pname = "nvim-tree.lua"; - version = "2023-01-09"; + version = "2023-01-10"; src = fetchFromGitHub { owner = "nvim-tree"; repo = "nvim-tree.lua"; - rev = "87961d38a7b6cd799ebe193946e86a1037ba66e8"; - sha256 = "0ch5df2x39knvjs0j5vkbxlkl8md218ghdhms1gykj57074jsc2x"; + rev = "3ce0a8e770f70a135ef969e0a640bd8d05baf42c"; + sha256 = "0bh7fhzw1ipmmw7p1ksaspi0h62gmiksv72ivjfayhdqqixb76n5"; }; meta.homepage = "https://github.com/nvim-tree/nvim-tree.lua/"; }; nvim-treesitter = buildVimPluginFrom2Nix { pname = "nvim-treesitter"; - version = "2023-01-09"; + version = "2023-01-12"; src = fetchFromGitHub { owner = "nvim-treesitter"; repo = "nvim-treesitter"; - rev = "5fb315df12a3091f241b0326aed0ec70381adbd8"; - sha256 = "00cpr1qalmgp6qbs0nhyj082dpndyir0ck2i3p09qqah2bfb1sy8"; + rev = "9a257d989a526c413a28c252c4ec9113a7d35a28"; + sha256 = "0pns64cibi4g0wms1wcddlyf5p95srh6xzagnaj29b60ym71wrqr"; }; meta.homepage = "https://github.com/nvim-treesitter/nvim-treesitter/"; }; @@ -6431,35 +6431,35 @@ final: prev: nvim-ts-rainbow = buildVimPluginFrom2Nix { pname = "nvim-ts-rainbow"; - version = "2023-01-02"; + version = "2023-01-09"; src = fetchFromGitHub { - owner = "p00f"; + owner = "mrjones2014"; repo = "nvim-ts-rainbow"; - rev = "ef95c15a935f97c65a80e48e12fe72d49aacf9b9"; - sha256 = "0ldv8g9i25286n0xqa1cj7a2lglcz9564dawz6ixd4ipsysjj571"; + rev = "aa83e4967bf78f85ffd9a11e159900c7ea7e423b"; + sha256 = "09x3bq4j9398avmzix78gm1qam0m34r9ifz7rb6l5rcqw7lhvr5q"; }; - meta.homepage = "https://github.com/p00f/nvim-ts-rainbow/"; + meta.homepage = "https://github.com/mrjones2014/nvim-ts-rainbow/"; }; nvim-ts-rainbow2 = buildVimPluginFrom2Nix { pname = "nvim-ts-rainbow2"; - version = "2023-01-08"; + version = "2023-01-12"; src = fetchgit { url = "https://gitlab.com/HiPhish/nvim-ts-rainbow2"; - rev = "09dcb851701747b3f4c5c1088befc88e1601942d"; - sha256 = "0a905qsy01wyyxsgcy354mfn7039dy3ib82yzixacdbwzmng1kcz"; + rev = "11b61f2c6f0dbc679202d112b9094054869d7941"; + sha256 = "1wbk101a8j5pf2p3lylbdrm8f7i8afd94rypfg0pcr213f33318s"; }; meta.homepage = "https://gitlab.com/HiPhish/nvim-ts-rainbow2"; }; nvim-web-devicons = buildVimPluginFrom2Nix { pname = "nvim-web-devicons"; - version = "2023-01-06"; + version = "2023-01-09"; src = fetchFromGitHub { owner = "nvim-tree"; repo = "nvim-web-devicons"; - rev = "7f55bc36eddec87597167a97de5b690997edaf7d"; - sha256 = "00vzb60399h45rykgs0fma7nxqs24z0bi7q6wqvzbb3ggmyin43k"; + rev = "6c38926351372ea87034dec26182b62c835ff3bc"; + sha256 = "1qvpzja9j9hlnafmmsw5bjbbcf2fbn260bmcsmdy7pi17mrd5aha"; }; meta.homepage = "https://github.com/nvim-tree/nvim-web-devicons/"; }; @@ -6598,12 +6598,12 @@ final: prev: onedarkpro-nvim = buildVimPluginFrom2Nix { pname = "onedarkpro.nvim"; - version = "2023-01-09"; + version = "2023-01-10"; src = fetchFromGitHub { owner = "olimorris"; repo = "onedarkpro.nvim"; - rev = "61b4f4509a59247118ff93f1707f41d4674a5ac2"; - sha256 = "154r8gibyjzb8cp34xpz00l71f1drixvcsvsrw8lp1hqaak3hywd"; + rev = "cf006baefa1d0ad6dafeb8f9a99cfe971ad7f0b4"; + sha256 = "18k1j9wl0imyf865bq03yvnb4pms8bpfhi8iggjjzsmcsy0dzln4"; }; meta.homepage = "https://github.com/olimorris/onedarkpro.nvim/"; }; @@ -6670,12 +6670,12 @@ final: prev: oxocarbon-nvim = buildVimPluginFrom2Nix { pname = "oxocarbon.nvim"; - version = "2023-01-03"; + version = "2023-01-10"; src = fetchFromGitHub { owner = "nyoom-engineering"; repo = "oxocarbon.nvim"; - rev = "71cd5475050ddf173a8d94dd0ea067b78d88397b"; - sha256 = "0nqvq33ljpjq3m54l31zhd6givq524pgyzp5vf8f19ky7bvd833f"; + rev = "b58812cde84df6ec0c2f54e602d608d94a78ebef"; + sha256 = "0gk2j9dkdjdiagz49wxj0skm9w50fifl0xg2496rcdarvhh5lny7"; }; meta.homepage = "https://github.com/nyoom-engineering/oxocarbon.nvim/"; }; @@ -6694,12 +6694,12 @@ final: prev: packer-nvim = buildVimPluginFrom2Nix { pname = "packer.nvim"; - version = "2022-12-18"; + version = "2023-01-11"; src = fetchFromGitHub { owner = "wbthomason"; repo = "packer.nvim"; - rev = "dac4088c70f4337c6c40d1a2751266a324765797"; - sha256 = "129axd8cfm5y4n520z63cfsn8pix882f4l4nzvwmf62fqnr292i0"; + rev = "1d0cf98a561f7fd654c970c49f917d74fafe1530"; + sha256 = "1nx3ip7pab0a2c4w3rwmpj8a1qizmpw06b11v6js3mbp4hb40230"; }; meta.homepage = "https://github.com/wbthomason/packer.nvim/"; }; @@ -6814,12 +6814,12 @@ final: prev: plenary-nvim = buildNeovimPluginFrom2Nix { pname = "plenary.nvim"; - version = "2023-01-06"; + version = "2023-01-10"; src = fetchFromGitHub { owner = "nvim-lua"; repo = "plenary.nvim"; - rev = "9d81624fbcedd3dd43b38d7e13a1e7b3f873d8cd"; - sha256 = "0y3qn0rwlwp720517lwg35f09b30b591hprbvb6hgvn1waw2ljzc"; + rev = "1c7e3e6b0f4dd5a174fcea9fda8a4d7de593b826"; + sha256 = "12hp9a2q80hg93ynfa97v03fmxqwv4d6f1yb92bi6ih3kbjyjsji"; }; meta.homepage = "https://github.com/nvim-lua/plenary.nvim/"; }; @@ -7706,12 +7706,12 @@ final: prev: suda-vim = buildVimPluginFrom2Nix { pname = "suda.vim"; - version = "2022-10-19"; + version = "2023-01-10"; src = fetchFromGitHub { owner = "lambdalisue"; repo = "suda.vim"; - rev = "2fc45dc4bcafb245b613ebd6847a244924735cc6"; - sha256 = "1k8cx22p2xb1bvnz5zcwrxd8qnhdcwlrs9xqhjry5y4jpb16hdzc"; + rev = "08abd39dfe1cee681b8ce3e7321da5fa03e045c1"; + sha256 = "0sivx4smg6d02dd16d9aa4v652vl90lpkbpz69kpi5llii6kb1xf"; }; meta.homepage = "https://github.com/lambdalisue/suda.vim/"; }; @@ -8225,12 +8225,12 @@ final: prev: telescope-nvim = buildVimPluginFrom2Nix { pname = "telescope.nvim"; - version = "2023-01-07"; + version = "2023-01-11"; src = fetchFromGitHub { owner = "nvim-telescope"; repo = "telescope.nvim"; - rev = "04af51dbfb17c2afa0b8d82b0e842e0638201ca9"; - sha256 = "16m9k42cy4kd5a067y7wnbzzqizms74837n9p5hqj3l1s429vr1v"; + rev = "1ba7278cf08da8048e7f589ef6b65a39fd3e4dbf"; + sha256 = "07msm2fjyqqx687809wci3k1birrwrjw26h5qv20f5wjbh2bxii5"; }; meta.homepage = "https://github.com/nvim-telescope/telescope.nvim/"; }; @@ -8442,12 +8442,12 @@ final: prev: toggleterm-nvim = buildVimPluginFrom2Nix { pname = "toggleterm.nvim"; - version = "2022-12-09"; + version = "2023-01-12"; src = fetchFromGitHub { owner = "akinsho"; repo = "toggleterm.nvim"; - rev = "b02a1674bd0010d7982b056fd3df4f717ff8a57a"; - sha256 = "1ibkq0mv39n8pf43nxrridn4hdn95qk7pq0mv28qrb9p8dnxczfj"; + rev = "528d6375745dc3c5db6ab7d5fba0ddbdec5bf4e0"; + sha256 = "1z8ximxagl3qpx3w5a6nbva5agnkayn3j3dg5xhrydjkbs9iq1lr"; }; meta.homepage = "https://github.com/akinsho/toggleterm.nvim/"; }; @@ -8490,12 +8490,12 @@ final: prev: treesj = buildVimPluginFrom2Nix { pname = "treesj"; - version = "2023-01-07"; + version = "2023-01-12"; src = fetchFromGitHub { owner = "Wansmer"; repo = "treesj"; - rev = "c7dae6b68c541ccb2bb6fdf113649234acb176e6"; - sha256 = "1hbkwipaw61g1fxmvkvmgf5x2j9nxx3639mxr57jbfqp17zdfrnm"; + rev = "ba9e816da2f0a436d9c10cfd878760974148860e"; + sha256 = "1jmf3wjnp92gwqnih75xaxhz320gbv8zwql7s2m7ay30h1j9hmnb"; }; meta.homepage = "https://github.com/Wansmer/treesj/"; }; @@ -9054,12 +9054,12 @@ final: prev: vim-airline = buildVimPluginFrom2Nix { pname = "vim-airline"; - version = "2023-01-09"; + version = "2023-01-11"; src = fetchFromGitHub { owner = "vim-airline"; repo = "vim-airline"; - rev = "4f5b641710bc8cffddb28c6821b2ee7abaafefe6"; - sha256 = "1pbg094i8s314f4ffa3ppcdycp1ylzd6z29xhvcsf4q83ji212r4"; + rev = "1ecbc7668276eb2780181d7fe4d6bd8e1a27716e"; + sha256 = "0lx13zq4s7piyp115x0yp63nfif3zdcb1sw0gwin6wnly0xqxz8x"; }; meta.homepage = "https://github.com/vim-airline/vim-airline/"; }; @@ -9450,12 +9450,12 @@ final: prev: vim-clap = buildVimPluginFrom2Nix { pname = "vim-clap"; - version = "2023-01-09"; + version = "2023-01-12"; src = fetchFromGitHub { owner = "liuchengxu"; repo = "vim-clap"; - rev = "d388abc011762b01a0b31cb07a37e4da7f594eeb"; - sha256 = "03ik7icaal6i6w3pdizkip0l7cjgz9hfm6y6dhlrgq1szf5mnq6c"; + rev = "fc641d913759303898b1c898eb330ae9a12486e3"; + sha256 = "0s0c5pvs3wvwinqda7sngyqf38nkrdybaxlz8hp34j5xm5z5qbck"; }; meta.homepage = "https://github.com/liuchengxu/vim-clap/"; }; @@ -10242,12 +10242,12 @@ final: prev: vim-fugitive = buildVimPluginFrom2Nix { pname = "vim-fugitive"; - version = "2022-12-30"; + version = "2023-01-12"; src = fetchFromGitHub { owner = "tpope"; repo = "vim-fugitive"; - rev = "99cdb88bc64063dc4656ae53496f06fb2a394cd4"; - sha256 = "0l1s4ngbn98aha8621i0s4l5vm0gzh112qkfcllmva4f2kkgb0xm"; + rev = "9c5f675db54139c18ed4a1a18989ea2da37d6cae"; + sha256 = "136mwdgdybaair4vcx37i9ca890icismpybnhi3a5zkv8dv5sh9s"; }; meta.homepage = "https://github.com/tpope/vim-fugitive/"; }; @@ -10687,12 +10687,12 @@ final: prev: vim-illuminate = buildVimPluginFrom2Nix { pname = "vim-illuminate"; - version = "2022-11-11"; + version = "2023-01-11"; src = fetchFromGitHub { owner = "RRethy"; repo = "vim-illuminate"; - rev = "a6d0b28ea7d6b9d139374be1f94a16bd120fcda3"; - sha256 = "0wby253z3njala4syizy3m463gi8l45gcf7rj866r2jhnfxg9ba8"; + rev = "da80f3877896adcf77f59fb0bf74e9601615d372"; + sha256 = "129r4jrdffy18yklk18gbplgxf7dkngda8cgssf9xfawizyg739v"; }; meta.homepage = "https://github.com/RRethy/vim-illuminate/"; }; @@ -11000,12 +11000,12 @@ final: prev: vim-ledger = buildVimPluginFrom2Nix { pname = "vim-ledger"; - version = "2022-11-27"; + version = "2023-01-10"; src = fetchFromGitHub { owner = "ledger"; repo = "vim-ledger"; - rev = "b7fda15b5a7080c7ee9728765fa6e5b4b1c5fca4"; - sha256 = "1cb2mld2jk7zbyiwa863vmkj6a52d7dzs57vmzw1s047nl04lnb8"; + rev = "653fb20b4c0eedabdc5486719b571813d5c8878c"; + sha256 = "1y6hzjx4qknwvilqxshqgl8q6wy7ycabmlzy2kgww7257cxsan1x"; }; meta.homepage = "https://github.com/ledger/vim-ledger/"; }; @@ -11733,12 +11733,12 @@ final: prev: vim-pandoc-syntax = buildVimPluginFrom2Nix { pname = "vim-pandoc-syntax"; - version = "2022-07-23"; + version = "2023-01-10"; src = fetchFromGitHub { owner = "vim-pandoc"; repo = "vim-pandoc-syntax"; - rev = "2baeabb9584bb948618806f22bc4cef5685535fc"; - sha256 = "095hsn5vm0s8ky84l85cshn9hsa3cmyy27r9n9cdq28x373nabdr"; + rev = "4268535e1d33117a680a91160d845cd3833dfe28"; + sha256 = "0wd6fxv3l19rh7a6zfqi7ylcd1wjk8haiix7cq3zzyvq3zfidp0z"; }; meta.homepage = "https://github.com/vim-pandoc/vim-pandoc-syntax/"; }; @@ -11973,12 +11973,12 @@ final: prev: vim-ps1 = buildVimPluginFrom2Nix { pname = "vim-ps1"; - version = "2022-09-12"; + version = "2023-01-11"; src = fetchFromGitHub { owner = "PProvost"; repo = "vim-ps1"; - rev = "e7cc3b08f6f9e2dc1909f397aa3d5b0a7acb661c"; - sha256 = "1n4c6sgmpr2zb0m5f1nw866fg4s4hqbbsbkz46x2sndr96r6gk1l"; + rev = "502590f90a21f0de2b7664d6d0dcc90e5bb28a9c"; + sha256 = "0v335bgbf1a6ry8dvphfqwmlhlz8x94cj4x6z7ssz16hpasrlhx6"; }; meta.homepage = "https://github.com/PProvost/vim-ps1/"; }; @@ -12693,12 +12693,12 @@ final: prev: vim-terraform = buildVimPluginFrom2Nix { pname = "vim-terraform"; - version = "2021-07-10"; + version = "2023-01-11"; src = fetchFromGitHub { owner = "hashivim"; repo = "vim-terraform"; - rev = "f0b17ac9f1bbdf3a29dba8b17ab429b1eed5d443"; - sha256 = "0j87i6kxafwl8a8szy2gzv7d0qhzwynd93iw8k0i42jnpqm8rp3a"; + rev = "d00503de9bed3a1da7206090cb148c6a1acce870"; + sha256 = "1vh8yv2cpyfnqmmjza8dm3b11mhz9x8lwln865hdjggzbj9vdbcg"; }; meta.homepage = "https://github.com/hashivim/vim-terraform/"; }; @@ -12718,12 +12718,12 @@ final: prev: vim-test = buildVimPluginFrom2Nix { pname = "vim-test"; - version = "2023-01-05"; + version = "2023-01-10"; src = fetchFromGitHub { owner = "vim-test"; repo = "vim-test"; - rev = "4d6c408c14632b097465ff3be3eeb0dc34ab3112"; - sha256 = "0dm34lnbk9f89r29i71znm29bfdha4l1ki3jwdlyqi9szgrnn5gh"; + rev = "ca2502545a8c563e15f556d0eb8a59e0f74d2864"; + sha256 = "1ijfdhnsr3dlp5bw3xarp2nxkavab59lnk563gvjcw74889alip9"; }; meta.homepage = "https://github.com/vim-test/vim-test/"; }; @@ -12862,12 +12862,12 @@ final: prev: vim-tmux-navigator = buildVimPluginFrom2Nix { pname = "vim-tmux-navigator"; - version = "2023-01-08"; + version = "2023-01-10"; src = fetchFromGitHub { owner = "christoomey"; repo = "vim-tmux-navigator"; - rev = "9337b6d5d417e8006c09f1faadb5069296c8da02"; - sha256 = "14wj5jqhyjpsdnlvx34fvk7zax6w2appi6rg7mc91z2z7gmrzf8q"; + rev = "cdd66d6a37d991bba7997d593586fc51a5b37aa8"; + sha256 = "12jb59c9x3xbhfc9xps64dq3h9a5gsjfb60hv8kd8k2hl3jmnpc0"; }; meta.homepage = "https://github.com/christoomey/vim-tmux-navigator/"; }; @@ -13114,12 +13114,12 @@ final: prev: vim-wakatime = buildVimPluginFrom2Nix { pname = "vim-wakatime"; - version = "2022-12-29"; + version = "2023-01-10"; src = fetchFromGitHub { owner = "wakatime"; repo = "vim-wakatime"; - rev = "7d8ca4667f46e783388609ca7f04a65e4389338a"; - sha256 = "0a2gz61yrq85qapg9mnyfj55kmzhz4iaxibxzk78ac4nj43sv8vn"; + rev = "b487cccc0e920e4fdf84f72d2fc1c86ef8dc3bdc"; + sha256 = "13741pp29f2pqr44sslh9fl49aw7a19l3ff78k1qm4i97ms4r0xc"; }; meta.homepage = "https://github.com/wakatime/vim-wakatime/"; }; @@ -13427,12 +13427,12 @@ final: prev: vimtex = buildVimPluginFrom2Nix { pname = "vimtex"; - version = "2023-01-02"; + version = "2023-01-12"; src = fetchFromGitHub { owner = "lervag"; repo = "vimtex"; - rev = "e8c2c8087f810f0c67373d11d05b47c6a2800b98"; - sha256 = "1np2byzc00kyaqvpr72dhnki8mbdgqsmzwjbdwayrdg43s59pi7s"; + rev = "bd0173e7d3c0097c5b855265ce83f5863f073c85"; + sha256 = "0swydbyqk0rv35b0c3axxg59ninhwihp5c2jvvxnifmzkrz0s5g8"; }; meta.homepage = "https://github.com/lervag/vimtex/"; }; @@ -13535,12 +13535,12 @@ final: prev: which-key-nvim = buildVimPluginFrom2Nix { pname = "which-key.nvim"; - version = "2023-01-09"; + version = "2023-01-12"; src = fetchFromGitHub { owner = "folke"; repo = "which-key.nvim"; - rev = "85f69b07afce4ea77c58ae9a3aeb4e6c918b4d34"; - sha256 = "11ffalyyl29jk9h29vmg5vj9jil4brpjxa8rsys6n6zc1gydis8n"; + rev = "e4fa445065a2bb0bbc3cca85346b67817f28e83e"; + sha256 = "1gj1qkq1zxn9by6zxwg46rplpks51wvv3pmdjh8qr0ldkxk9yavy"; }; meta.homepage = "https://github.com/folke/which-key.nvim/"; }; diff --git a/pkgs/applications/editors/vim/plugins/overrides.nix b/pkgs/applications/editors/vim/plugins/overrides.nix index fa25a8c0e23..7ba2cb470c3 100644 --- a/pkgs/applications/editors/vim/plugins/overrides.nix +++ b/pkgs/applications/editors/vim/plugins/overrides.nix @@ -1052,7 +1052,7 @@ self: super: { libiconv ]; - cargoSha256 = "sha256-5hez6snn0neQEE3W8PbwUoGeSj8Bvu23Ftxz5T0iPAw="; + cargoSha256 = "sha256-ls4WZQees78SNJilXoL3CSXAaILxX1/WUMCyO7+14IM="; }; in '' From 82b31d46749d3e9977ef213221a899cd8f886801 Mon Sep 17 00:00:00 2001 From: figsoda Date: Thu, 12 Jan 2023 20:57:57 -0500 Subject: [PATCH 102/155] vimPlugins.nvim-treesitter: update grammars --- .../vim/plugins/nvim-treesitter/generated.nix | 54 +++++++++---------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/pkgs/applications/editors/vim/plugins/nvim-treesitter/generated.nix b/pkgs/applications/editors/vim/plugins/nvim-treesitter/generated.nix index 9717e2014ff..e9232c98112 100644 --- a/pkgs/applications/editors/vim/plugins/nvim-treesitter/generated.nix +++ b/pkgs/applications/editors/vim/plugins/nvim-treesitter/generated.nix @@ -115,12 +115,12 @@ }; c_sharp = buildGrammar { language = "c_sharp"; - version = "f076a8e"; + version = "3b661ce"; source = fetchFromGitHub { owner = "tree-sitter"; repo = "tree-sitter-c-sharp"; - rev = "f076a8efe30a0b8c249eeb61383f6d914376114c"; - hash = "sha256-CFqVngYaGe+ZFwpMaQI5HKAioJPmciBDhHxfO3yjKuE="; + rev = "3b661ced8d510aa424e2f68314520c281dd8c113"; + hash = "sha256-Z+ueKX2CAtWTCMipElZUl97hrUEb8Dv1po8xSLI3iJA="; }; meta.homepage = "https://github.com/tree-sitter/tree-sitter-c-sharp"; }; @@ -338,12 +338,12 @@ }; embedded_template = buildGrammar { language = "embedded_template"; - version = "91fc5ae"; + version = "a130858"; source = fetchFromGitHub { owner = "tree-sitter"; repo = "tree-sitter-embedded-template"; - rev = "91fc5ae1140d5c9d922312431f7d251a48d7b8ce"; - hash = "sha256-WAMCwKS+gOvBVC9h0qKHLgNedCRQwbJV+++SDqHhK5g="; + rev = "a13085849cf69e2401ec44e38cffc3d73f22f3df"; + hash = "sha256-JNyLOW/na8J0WEsLDv3BuC+UXxGpYMYvAlywq4z6Wzo="; }; meta.homepage = "https://github.com/tree-sitter/tree-sitter-embedded-template"; }; @@ -758,12 +758,12 @@ }; julia = buildGrammar { language = "julia"; - version = "1cd300b"; + version = "0412178"; source = fetchFromGitHub { owner = "tree-sitter"; repo = "tree-sitter-julia"; - rev = "1cd300bda52e680872053cd55a228c1809cb0c3a"; - hash = "sha256-qdKC1yk2CQGQlVWI/0XHrsTF81rRFUlmKSNJ3RoZcdI="; + rev = "041217800bf423099015e1654c9a4fdd75310bb1"; + hash = "sha256-DwRU4yqnMFqMIh4mAo9a57SRXhOLTnWKjO6zSaczUNU="; }; meta.homepage = "https://github.com/tree-sitter/tree-sitter-julia"; }; @@ -914,12 +914,12 @@ }; nickel = buildGrammar { language = "nickel"; - version = "9d83db4"; + version = "7867780"; source = fetchFromGitHub { owner = "nickel-lang"; repo = "tree-sitter-nickel"; - rev = "9d83db400b6c11260b9106f131f93ddda8131933"; - hash = "sha256-Jv7GMm6TpJE8+0pG045rFWkW/9rkv1Pn/6ko2a0bpmY="; + rev = "7867780e52ebeda0daa4a55acb870100e070d274"; + hash = "sha256-SXM15LbQ4bGKx+2QY7jMHq4G4ATtak2Umnb3SHFUqM0="; }; meta.homepage = "https://github.com/nickel-lang/tree-sitter-nickel"; }; @@ -1214,12 +1214,12 @@ }; ruby = buildGrammar { language = "ruby"; - version = "c919603"; + version = "7a1921b"; source = fetchFromGitHub { owner = "tree-sitter"; repo = "tree-sitter-ruby"; - rev = "c91960320d0f337bdd48308a8ad5500bd2616979"; - hash = "sha256-zUNs7s7SLGLU4h08FHLUA3YhbhRotMQVqk+zG9bmtjE="; + rev = "7a1921bcfd90e3a04c1ad011059087aaf0168dd4"; + hash = "sha256-niL8gqKv1Nq1z8y4c49amqkDo+FoIP3XEJz+dV2UmWo="; }; meta.homepage = "https://github.com/tree-sitter/tree-sitter-ruby"; }; @@ -1236,12 +1236,12 @@ }; scala = buildGrammar { language = "scala"; - version = "c4c7d2e"; + version = "fd05f09"; source = fetchFromGitHub { owner = "tree-sitter"; repo = "tree-sitter-scala"; - rev = "c4c7d2e454014659be7383a582bd84456688bb1c"; - hash = "sha256-weAn9/X63M0ZOYv2eCgDblR5b9fUvdIFQ8sWcnrApGw="; + rev = "fd05f09043051c82fba695aa95cee9c534fbc533"; + hash = "sha256-/o9TsnKGeukIGgfOjwNDjdxPkr5zyIPh1bZsvr2FX90="; }; meta.homepage = "https://github.com/tree-sitter/tree-sitter-scala"; }; @@ -1313,12 +1313,12 @@ }; sql = buildGrammar { language = "sql"; - version = "8635357"; + version = "3647b9f"; source = fetchFromGitHub { owner = "derekstride"; repo = "tree-sitter-sql"; - rev = "8635357363f8b01931ce6abbe0c937aa73e47bf8"; - hash = "sha256-p3R8uGIHyzYnRnKYWpeqMAcuk1xjKlPvB5vllPqUvrs="; + rev = "3647b9f5b937269f43ac6e4b6ebcb6f52e033c17"; + hash = "sha256-flZtgmMflDlWggMisUfVOA7ikGpkYwAGxzlc4jYzrrQ="; }; generate = true; meta.homepage = "https://github.com/derekstride/tree-sitter-sql"; @@ -1574,23 +1574,23 @@ }; wgsl = buildGrammar { language = "wgsl"; - version = "4c03f73"; + version = "40259f3"; source = fetchFromGitHub { owner = "szebniok"; repo = "tree-sitter-wgsl"; - rev = "4c03f73822c72130c63c385a112e44ad5a69f3e9"; - hash = "sha256-YqGrjtWmBHthV6c9WvCUT2Q13vQJGpvWPR6DTwHMEr4="; + rev = "40259f3c77ea856841a4e0c4c807705f3e4a2b65"; + hash = "sha256-voLkcJ/062hzipb3Ak/mgQvFbrLUJdnXq1IupzjMJXA="; }; meta.homepage = "https://github.com/szebniok/tree-sitter-wgsl"; }; wgsl_bevy = buildGrammar { language = "wgsl_bevy"; - version = "2475727"; + version = "7cd38d6"; source = fetchFromGitHub { owner = "theHamsta"; repo = "tree-sitter-wgsl-bevy"; - rev = "24757275fa01e813ebfdb6acab85862ced9405d7"; - hash = "sha256-Zevra1HCnQWyx5zZ2m9P/qEGnmpptTnwXyttNiciKCA="; + rev = "7cd38d6895060b023353e04f7af099ec64add5d1"; + hash = "sha256-QzfeFzGhWJGD+l+MeKyedRpdZsH+dGKE7UxRmh2uMH0="; }; meta.homepage = "https://github.com/theHamsta/tree-sitter-wgsl-bevy"; }; From fa9cc1b2a0f60805ced5e66367f4210cb43b1806 Mon Sep 17 00:00:00 2001 From: colin Date: Fri, 16 Dec 2022 00:05:53 +0000 Subject: [PATCH 103/155] kiwix: split libkiwix out its own toplevel package this allows libkiwix to be more easily used by non-nixpkgs consumers. --- pkgs/applications/misc/kiwix/default.nix | 4 ++-- pkgs/applications/misc/kiwix/lib.nix | 10 +++++++++- pkgs/top-level/all-packages.nix | 2 ++ 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/misc/kiwix/default.nix b/pkgs/applications/misc/kiwix/default.nix index 3263f0f992d..49c0155bf98 100644 --- a/pkgs/applications/misc/kiwix/default.nix +++ b/pkgs/applications/misc/kiwix/default.nix @@ -1,5 +1,5 @@ { lib, mkDerivation, fetchFromGitHub -, callPackage +, libkiwix , pkg-config , qmake , qtbase @@ -26,11 +26,11 @@ mkDerivation rec { ]; buildInputs = [ + libkiwix qtbase qtwebengine qtsvg qtimageformats - (callPackage ./lib.nix {}) ]; qtWrapperArgs = [ diff --git a/pkgs/applications/misc/kiwix/lib.nix b/pkgs/applications/misc/kiwix/lib.nix index 4e3ff063aa5..ffbcd1bb301 100644 --- a/pkgs/applications/misc/kiwix/lib.nix +++ b/pkgs/applications/misc/kiwix/lib.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitHub +{ lib, stdenv, fetchFromGitHub , meson, ninja, pkg-config , python3 , curl @@ -51,4 +51,12 @@ stdenv.mkDerivation rec { postPatch = '' patchShebangs scripts ''; + + meta = with lib; { + description = "Common code base for all Kiwix ports"; + homepage = "https://kiwix.org"; + license = licenses.gpl3; + platforms = platforms.linux; + maintainers = with maintainers; [ colinsane ]; + }; } diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 887b2961337..4266a723337 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -30172,6 +30172,8 @@ with pkgs; leo-editor = libsForQt5.callPackage ../applications/editors/leo-editor { }; + libkiwix = callPackage ../applications/misc/kiwix/lib.nix { }; + libowfat = callPackage ../development/libraries/libowfat { }; libowlevelzs = callPackage ../development/libraries/libowlevelzs { }; From f45dd59576c3d5e03074c6c6f19c184bd368c8e8 Mon Sep 17 00:00:00 2001 From: colin Date: Fri, 16 Dec 2022 00:19:54 +0000 Subject: [PATCH 104/155] kiwix-tools: init at 3.4.0 this provides the `kiwix-serve` tool asked for in , but does not implement the systemd service requested. package contents: - bin/kiwix-manage - bin/kiwix-search - bin/kiwix-serve tested by invoking `kiwix-serve` and connecting to it in a web browser: ```sh nix build '.#kiwix-tools' wget 'https://dumps.wikimedia.org/other/kiwix/zim/wikipedia/wikipedia_en_simple_all_mini_2022-11.zim' ./result/bin/kiwix-serve -p 1080 ./wikipedia_en_simple_all_mini_2022-11.zim curl http://localhost:1080 ``` --- pkgs/applications/misc/kiwix/default.nix | 2 +- pkgs/applications/misc/kiwix/lib.nix | 2 +- pkgs/applications/misc/kiwix/tools.nix | 41 ++++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 ++ 4 files changed, 45 insertions(+), 2 deletions(-) create mode 100644 pkgs/applications/misc/kiwix/tools.nix diff --git a/pkgs/applications/misc/kiwix/default.nix b/pkgs/applications/misc/kiwix/default.nix index 49c0155bf98..600ea299d18 100644 --- a/pkgs/applications/misc/kiwix/default.nix +++ b/pkgs/applications/misc/kiwix/default.nix @@ -40,7 +40,7 @@ mkDerivation rec { meta = with lib; { description = "An offline reader for Web content"; homepage = "https://kiwix.org"; - license = licenses.gpl3; + license = licenses.gpl3Plus; platforms = platforms.linux; maintainers = with maintainers; [ ajs124 ]; }; diff --git a/pkgs/applications/misc/kiwix/lib.nix b/pkgs/applications/misc/kiwix/lib.nix index ffbcd1bb301..84fede08f31 100644 --- a/pkgs/applications/misc/kiwix/lib.nix +++ b/pkgs/applications/misc/kiwix/lib.nix @@ -55,7 +55,7 @@ stdenv.mkDerivation rec { meta = with lib; { description = "Common code base for all Kiwix ports"; homepage = "https://kiwix.org"; - license = licenses.gpl3; + license = licenses.gpl3Plus; platforms = platforms.linux; maintainers = with maintainers; [ colinsane ]; }; diff --git a/pkgs/applications/misc/kiwix/tools.nix b/pkgs/applications/misc/kiwix/tools.nix new file mode 100644 index 00000000000..fe70f5b317a --- /dev/null +++ b/pkgs/applications/misc/kiwix/tools.nix @@ -0,0 +1,41 @@ +{ lib +, fetchFromGitHub +, icu +, libkiwix +, meson +, ninja +, pkg-config +, stdenv +}: + +stdenv.mkDerivation rec { + pname = "kiwix-tools"; + version = "3.4.0"; + + src = fetchFromGitHub { + owner = "kiwix"; + repo = "kiwix-tools"; + rev = version; + sha256 = "sha256-r3/aTH/YoDuYpKLPakP4toS3OtiRueTUjmR34rdmr+w="; + }; + + nativeBuildInputs = [ + meson + ninja + pkg-config + ]; + + buildInputs = [ + icu + libkiwix + ]; + + meta = with lib; { + description = "Command line Kiwix tools: kiwix-serve, kiwix-manage, ..."; + homepage = "https://kiwix.org"; + license = licenses.gpl3Plus; + platforms = platforms.linux; + maintainers = with maintainers; [ colinsane ]; + }; +} + diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 4266a723337..d33baeb9295 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -29952,6 +29952,8 @@ with pkgs; kiwix = libsForQt5.callPackage ../applications/misc/kiwix { }; + kiwix-tools = callPackage ../applications/misc/kiwix/tools.nix { }; + klayout = libsForQt5.callPackage ../applications/misc/klayout { }; klee = callPackage ../applications/science/logic/klee (with llvmPackages_11; { From 8d8da41aaaf2917b66dd6a59e803044c09c32584 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Fri, 13 Jan 2023 07:33:52 +0000 Subject: [PATCH 105/155] python310Packages.flask-caching: 2.0.1 -> 2.0.2 --- pkgs/development/python-modules/flask-caching/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/flask-caching/default.nix b/pkgs/development/python-modules/flask-caching/default.nix index a75e1b4a435..334851cf0fa 100644 --- a/pkgs/development/python-modules/flask-caching/default.nix +++ b/pkgs/development/python-modules/flask-caching/default.nix @@ -11,13 +11,13 @@ buildPythonPackage rec { pname = "Flask-Caching"; - version = "2.0.1"; + version = "2.0.2"; format = "setuptools"; disabled = pythonOlder "3.7"; src = fetchPypi { inherit pname version; - sha256 = "sha256-EN8gCgPwMq9gB3vv5Bd53ZSJi2fIIEDTTochC3G6Jjg="; + sha256 = "sha256-JLYMVS1ZqWBcwbakLFbNs5qCoo2rRTK77bkiKuVOy04="; }; postPatch = '' From fe7cfed92655301d88c5ada343b8445a61614ab6 Mon Sep 17 00:00:00 2001 From: Mario Rodas Date: Fri, 13 Jan 2023 07:34:00 +0000 Subject: [PATCH 106/155] python310Packages.flask-caching: remove unnused postPatch --- pkgs/development/python-modules/flask-caching/default.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/pkgs/development/python-modules/flask-caching/default.nix b/pkgs/development/python-modules/flask-caching/default.nix index 334851cf0fa..ef494b638a0 100644 --- a/pkgs/development/python-modules/flask-caching/default.nix +++ b/pkgs/development/python-modules/flask-caching/default.nix @@ -20,11 +20,6 @@ buildPythonPackage rec { sha256 = "sha256-JLYMVS1ZqWBcwbakLFbNs5qCoo2rRTK77bkiKuVOy04="; }; - postPatch = '' - substituteInPlace setup.py \ - --replace "Flask <= 2.1.2" "Flask <= 2.2" - ''; - propagatedBuildInputs = [ cachelib flask From 1edee9b53d445021f8a1c9491b3de361a1fecfb8 Mon Sep 17 00:00:00 2001 From: Mario Rodas Date: Fri, 13 Jan 2023 07:34:00 +0000 Subject: [PATCH 107/155] python310Packages.flask-caching: update meta --- pkgs/development/python-modules/flask-caching/default.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/flask-caching/default.nix b/pkgs/development/python-modules/flask-caching/default.nix index ef494b638a0..9ecdaa07482 100644 --- a/pkgs/development/python-modules/flask-caching/default.nix +++ b/pkgs/development/python-modules/flask-caching/default.nix @@ -40,8 +40,10 @@ buildPythonPackage rec { ]; meta = with lib; { - description = "Adds caching support to your Flask application"; - homepage = "https://github.com/sh4nks/flask-caching"; + description = "A caching extension for Flask"; + homepage = "https://github.com/pallets-eco/flask-caching"; + changelog = "https://github.com/pallets-eco/flask-caching/blob/v${version}/CHANGES.rst"; + maintainers = with maintainers; [ ]; license = licenses.bsd3; }; } From 5d6d47252419510931908e02c710bc7173f9e937 Mon Sep 17 00:00:00 2001 From: Mario Rodas Date: Fri, 13 Jan 2023 07:34:00 +0000 Subject: [PATCH 108/155] python310Packages.flask-caching: ignore flaky test --- pkgs/development/python-modules/flask-caching/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkgs/development/python-modules/flask-caching/default.nix b/pkgs/development/python-modules/flask-caching/default.nix index 9ecdaa07482..48ab1870895 100644 --- a/pkgs/development/python-modules/flask-caching/default.nix +++ b/pkgs/development/python-modules/flask-caching/default.nix @@ -1,4 +1,5 @@ { lib +, stdenv , buildPythonPackage , pythonOlder , fetchPypi @@ -37,6 +38,9 @@ buildPythonPackage rec { # optional backends "Redis" "Memcache" + ] ++ lib.optionals stdenv.isDarwin [ + # ignore flaky test + "test_cached_view_class" ]; meta = with lib; { From d8377f52d655e60cb4d6a6a9e39588bd6dcebe32 Mon Sep 17 00:00:00 2001 From: Uri Baghin Date: Tue, 10 Jan 2023 22:03:42 +1100 Subject: [PATCH 109/155] bazel-watcher: 0.17.0 -> 0.21.2 --- .../tools/bazel-watcher/default.nix | 13 +++++++------ .../bazel-watcher/fix-rules-go-3408.patch | 18 ++++++++++++++++++ .../tools/bazel-watcher/use-go-in-path.patch | 4 ++-- 3 files changed, 27 insertions(+), 8 deletions(-) create mode 100644 pkgs/development/tools/bazel-watcher/fix-rules-go-3408.patch diff --git a/pkgs/development/tools/bazel-watcher/default.nix b/pkgs/development/tools/bazel-watcher/default.nix index a109fe44039..38ea03d9f95 100644 --- a/pkgs/development/tools/bazel-watcher/default.nix +++ b/pkgs/development/tools/bazel-watcher/default.nix @@ -10,6 +10,7 @@ let patches = [ ./use-go-in-path.patch + ./fix-rules-go-3408.patch ]; # Patch the protoc alias so that it always builds from source. @@ -29,13 +30,13 @@ let in buildBazelPackage rec { pname = "bazel-watcher"; - version = "0.17.0"; + version = "0.21.2"; src = fetchFromGitHub { owner = "bazelbuild"; repo = "bazel-watcher"; rev = "v${version}"; - sha256 = "sha256-aK18Q2nYxYajk9f/EEmtV7YJ8cYqbamR7vh3BTgu53Q="; + sha256 = "sha256-wigrE9u1VuFnqLWyVJK3M7xsjyme2dDG6YTcD9whKnw="; }; nativeBuildInputs = [ go git python3 ]; @@ -44,7 +45,7 @@ buildBazelPackage rec { bazel = bazel_5; bazelFlags = [ "--override_repository=rules_proto=${rulesProto}" ]; bazelBuildFlags = lib.optionals stdenv.cc.isClang [ "--cxxopt=-x" "--cxxopt=c++" "--host_cxxopt=-x" "--host_cxxopt=c++" ]; - bazelTarget = "//ibazel"; + bazelTarget = "//cmd/ibazel"; fetchConfigured = false; # we want to fetch all dependencies, regardless of the current system fetchAttrs = { @@ -81,7 +82,7 @@ buildBazelPackage rec { rm -rf $bazelOut/external/com_google_protobuf ''; - sha256 = "sha256-tRtlwv38bExvtHaCbRUp1kLgxvZSNaYCpFG/wwrkFrk="; + sha256 = "sha256-le8IepS+IGVX45Gj1aicPjYOkuUA+VVUy/PEeKLNYss="; }; buildAttrs = { @@ -90,12 +91,12 @@ buildBazelPackage rec { preBuild = '' patchShebangs . - substituteInPlace ibazel/BUILD --replace '{STABLE_GIT_VERSION}' ${version} + substituteInPlace cmd/ibazel/BUILD.bazel --replace '{STABLE_GIT_VERSION}' ${version} echo ${bazel_5.version} > .bazelversion ''; installPhase = '' - install -Dm755 bazel-bin/ibazel/ibazel_/ibazel $out/bin/ibazel + install -Dm755 bazel-bin/cmd/ibazel/ibazel_/ibazel $out/bin/ibazel ''; }; diff --git a/pkgs/development/tools/bazel-watcher/fix-rules-go-3408.patch b/pkgs/development/tools/bazel-watcher/fix-rules-go-3408.patch new file mode 100644 index 00000000000..b28090f7ba7 --- /dev/null +++ b/pkgs/development/tools/bazel-watcher/fix-rules-go-3408.patch @@ -0,0 +1,18 @@ +diff --git a/WORKSPACE b/WORKSPACE +index 555ab93..9f3b8a0 100644 +--- a/WORKSPACE ++++ b/WORKSPACE +@@ -46,10 +46,11 @@ rules_proto_toolchains() + # gazelle:repository go_repository name=com_github_bazelbuild_rules_go importpath=github.com/bazelbuild/rules_go + http_archive( + name = "io_bazel_rules_go", +- sha256 = "56d8c5a5c91e1af73eca71a6fab2ced959b67c86d12ba37feedb0a2dfea441a6", ++ sha256 = "7fd912837cc971b708037ab1d0d721b892c62dadbfdcfae5066e8e90d25876e9", ++ strip_prefix = "rules_go-8d309d5af15814b4096d80b60f80fa86128c43f2", + urls = [ +- "https://mirror.bazel.build/github.com/bazelbuild/rules_go/releases/download/v0.37.0/rules_go-v0.37.0.zip", +- "https://github.com/bazelbuild/rules_go/releases/download/v0.37.0/rules_go-v0.37.0.zip", ++ "https://mirror.bazel.build/github.com/bazelbuild/rules_go/archive/8d309d5af15814b4096d80b60f80fa86128c43f2.zip", ++ "https://github.com/bazelbuild/rules_go/archive/8d309d5af15814b4096d80b60f80fa86128c43f2.zip", + ], + ) diff --git a/pkgs/development/tools/bazel-watcher/use-go-in-path.patch b/pkgs/development/tools/bazel-watcher/use-go-in-path.patch index d9d90c9127f..5ce4f81ff3a 100644 --- a/pkgs/development/tools/bazel-watcher/use-go-in-path.patch +++ b/pkgs/development/tools/bazel-watcher/use-go-in-path.patch @@ -6,8 +6,8 @@ index 51273b6..fcf9ffb 100644 go_rules_dependencies() --go_register_toolchains(version = "1.17.6") +-go_register_toolchains(version = "1.19.4") +go_register_toolchains(go_version = "host") - load("@bazel_gazelle//:deps.bzl", "gazelle_dependencies", "go_repository") + load("@bazel_gazelle//:deps.bzl", "gazelle_dependencies") From d912468885f9d61d5ebf4fb3546f88e9b5bd0567 Mon Sep 17 00:00:00 2001 From: Philip Munksgaard Date: Fri, 13 Jan 2023 12:31:43 +0100 Subject: [PATCH 110/155] maintainers: add munksgaard --- maintainers/maintainer-list.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index 5711042a65f..6bdeb91b6b7 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -9740,6 +9740,16 @@ githubId = 5047140; name = "Victor Collod"; }; + munksgaard = { + name = "Philip Munksgaard"; + email = "philip@munksgaard.me"; + github = "munksgaard"; + githubId = 230613; + matrix = "@philip:matrix.munksgaard.me"; + keys = [{ + fingerprint = "5658 4D09 71AF E45F CC29 6BD7 4CE6 2A90 EFC0 B9B2"; + }]; + }; muscaln = { email = "muscaln@protonmail.com"; github = "muscaln"; From 04bbb6fb78fbb5d69bb51fb4e9029ee11c74972f Mon Sep 17 00:00:00 2001 From: Philip Munksgaard Date: Fri, 13 Jan 2023 12:32:09 +0100 Subject: [PATCH 111/155] smlfmt: init at 1.0.0 --- pkgs/development/tools/smlfmt/default.nix | 37 +++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 ++ 2 files changed, 39 insertions(+) create mode 100644 pkgs/development/tools/smlfmt/default.nix diff --git a/pkgs/development/tools/smlfmt/default.nix b/pkgs/development/tools/smlfmt/default.nix new file mode 100644 index 00000000000..1475de94193 --- /dev/null +++ b/pkgs/development/tools/smlfmt/default.nix @@ -0,0 +1,37 @@ +{ lib, stdenv, fetchFromGitHub, pkg-config, mlton }: + +stdenv.mkDerivation rec { + pname = "smlfmt"; + version = "1.0.0"; + + src = fetchFromGitHub { + owner = "shwestrick"; + repo = pname; + rev = "v${version}"; + hash = "sha256-7CTfMiEvuOena5SOE0qKpFPq6ARxmkE6d+loznZNbC0="; + }; + + nativeBuildInputs = [ mlton ]; + + installPhase = '' + runHook preInstall + install -Dm755 -t $out/bin smlfmt + runHook postInstall + ''; + + meta = { + description = "A custom parser/auto-formatter for Standard ML"; + longDescription = '' + A custom parser and code formatter for Standard ML, with helpful error messages. + + Supports SML source files (.sml, .sig, .fun, etc.) as well as MLBasis + compilation files (.mlb) using MLton conventions, including MLBasis path + maps. + ''; + + license = lib.licenses.mit; + maintainers = with lib.maintainers; [ munksgaard ]; + platforms = mlton.meta.platforms; + homepage = "https://github.com/shwestrick/smlfmt"; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 967dcde1c9a..6a8d3c1a90c 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -15591,6 +15591,8 @@ with pkgs; shmig = callPackage ../development/tools/database/shmig { }; + smlfmt = callPackage ../development/tools/smlfmt { }; + # smlnjBootstrap should be redundant, now that smlnj works on Darwin natively smlnjBootstrap = callPackage ../development/compilers/smlnj/bootstrap.nix { }; smlnj = callPackage ../development/compilers/smlnj { From 5c7fa218c12a7a15685b0bb123c75201837e2503 Mon Sep 17 00:00:00 2001 From: Peder Bergebakken Sundt Date: Sun, 8 Jan 2023 21:30:13 +0100 Subject: [PATCH 112/155] nixos/flexget: add package option --- nixos/modules/services/torrent/flexget.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/nixos/modules/services/torrent/flexget.nix b/nixos/modules/services/torrent/flexget.nix index 2a9ffac18d9..1b971838b32 100644 --- a/nixos/modules/services/torrent/flexget.nix +++ b/nixos/modules/services/torrent/flexget.nix @@ -4,7 +4,7 @@ with lib; let cfg = config.services.flexget; - pkg = pkgs.flexget; + pkg = cfg.package; ymlFile = pkgs.writeText "flexget.yml" '' ${cfg.config} @@ -16,6 +16,8 @@ in { services.flexget = { enable = mkEnableOption (lib.mdDoc "Run FlexGet Daemon"); + package = mkPackageOptionMD pkgs "flexget" {}; + user = mkOption { default = "deluge"; example = "some_user"; From b6427439deead716ba4d178432b2a2e15304e40f Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Fri, 13 Jan 2023 13:20:53 +0100 Subject: [PATCH 113/155] python3Packages.matplotlib: Disable strictoverflow hardening on darwin --- pkgs/development/python-modules/matplotlib/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkgs/development/python-modules/matplotlib/default.nix b/pkgs/development/python-modules/matplotlib/default.nix index 79c842f6d3e..a033e8a11ba 100644 --- a/pkgs/development/python-modules/matplotlib/default.nix +++ b/pkgs/development/python-modules/matplotlib/default.nix @@ -45,6 +45,11 @@ buildPythonPackage rec { Cocoa ]; + # clang-11: error: argument unused during compilation: '-fno-strict-overflow' [-Werror,-Wunused-command-line-argument] + hardeningDisable = lib.optionals stdenv.isDarwin [ + "strictoverflow" + ]; + propagatedBuildInputs = [ certifi contourpy From 907dbb741bccb9533a9a50453508a9b10543bd5b Mon Sep 17 00:00:00 2001 From: Markus Kowalewski Date: Fri, 13 Jan 2023 13:32:08 +0100 Subject: [PATCH 114/155] elpa: 2022.05.001 -> 2022.11.001 --- pkgs/development/libraries/elpa/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/elpa/default.nix b/pkgs/development/libraries/elpa/default.nix index 11e8ac1309f..de54bb746bd 100644 --- a/pkgs/development/libraries/elpa/default.nix +++ b/pkgs/development/libraries/elpa/default.nix @@ -18,13 +18,13 @@ assert blas.isILP64 == scalapack.isILP64; stdenv.mkDerivation rec { pname = "elpa"; - version = "2022.05.001"; + version = "2022.11.001"; passthru = { inherit (blas) isILP64; }; src = fetchurl { url = "https://elpa.mpcdf.mpg.de/software/tarball-archive/Releases/${version}/elpa-${version}.tar.gz"; - sha256 = "sha256-IH5vJtZTL7cDc6/D7z04JVITr2He9lnCXa06MOT8o4s="; + sha256 = "sha256-NeOX18CvlbtDvHvvf/8pQlwdpAD6DNhq6NO9L/L52Zk="; }; patches = [ From a01cdceffb51ece9697d948076c6dc145d56a458 Mon Sep 17 00:00:00 2001 From: Markus Kowalewski Date: Fri, 13 Jan 2023 14:11:21 +0100 Subject: [PATCH 115/155] libxc: 6.0.0 -> 6.1.0 --- pkgs/development/libraries/libxc/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libxc/default.nix b/pkgs/development/libraries/libxc/default.nix index 1706653c713..c8cbf8aa6c1 100644 --- a/pkgs/development/libraries/libxc/default.nix +++ b/pkgs/development/libraries/libxc/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "libxc"; - version = "6.0.0"; + version = "6.1.0"; src = fetchFromGitLab { owner = "libxc"; repo = "libxc"; rev = version; - hash = "sha256-g1BjqzSVauDrzxIqqU2kLl6RFs6/oe2VthtndbnJQCc="; + hash = "sha256-PqKqZbL9Y7lKu7tKo+DfAhoEeFSsYWEcwiFX41VhRIs="; }; nativeBuildInputs = [ perl cmake gfortran ]; From be0d0f2905686ba3d753b0c566782c1548e0af54 Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Fri, 13 Jan 2023 04:02:35 +0000 Subject: [PATCH 116/155] pkgsStatic.bash: fix build Link: https://lists.gnu.org/archive/html/bug-bash/2022-10/msg00000.html --- pkgs/shells/bash/5.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/pkgs/shells/bash/5.nix b/pkgs/shells/bash/5.nix index 6e16c083bc7..40db2abe03a 100644 --- a/pkgs/shells/bash/5.nix +++ b/pkgs/shells/bash/5.nix @@ -51,7 +51,12 @@ stdenv.mkDerivation rec { patchFlags = [ "-p0" ]; patches = upstreamPatches - ++ [ ./pgrp-pipe-5.patch ]; + ++ [ ./pgrp-pipe-5.patch ] + ++ lib.optional stdenv.hostPlatform.isStatic (fetchurl { + name = "fix-static.patch"; + url = "https://cgit.freebsd.org/ports/plain/shells/bash/files/patch-configure?id=3e147a1f594751a68fea00a28090d0792bee0b51"; + sha256 = "XHFMQ6eXTReNoywdETyrfQEv1rKF8+XFbQZP4YoVKFk="; + }); configureFlags = [ (if interactive then "--with-installed-readline" else "--disable-readline") From e173a0544e14c38df6875267531ddaabd9bf702e Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Fri, 13 Jan 2023 14:19:45 +0100 Subject: [PATCH 117/155] python3Packages.django-vite: fix src.rev --- pkgs/development/python-modules/django-vite/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/python-modules/django-vite/default.nix b/pkgs/development/python-modules/django-vite/default.nix index 9a8a7c5e461..34bb765cff5 100644 --- a/pkgs/development/python-modules/django-vite/default.nix +++ b/pkgs/development/python-modules/django-vite/default.nix @@ -15,7 +15,7 @@ buildPythonPackage rec { src = fetchFromGitHub { owner = "MrBin99"; repo = pname; - rev = "refs/tags/v${version}"; + rev = "refs/tags/${version}"; hash = "sha256-lYRFNHTIQBn7CDnWFxSzXELzqEtQcbwHedSZnR7ZtbE="; }; From 82779d710896f9ad0d68ad654a61a9e1eeadcd1f Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Fri, 13 Jan 2023 14:20:37 +0100 Subject: [PATCH 118/155] python3Packages.django-phonenumber-field: fix src.rev --- .../python-modules/django-phonenumber-field/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/python-modules/django-phonenumber-field/default.nix b/pkgs/development/python-modules/django-phonenumber-field/default.nix index 8af5e8fee89..a185a94aff9 100644 --- a/pkgs/development/python-modules/django-phonenumber-field/default.nix +++ b/pkgs/development/python-modules/django-phonenumber-field/default.nix @@ -20,7 +20,7 @@ buildPythonPackage rec { src = fetchFromGitHub { owner = "stefanfoulis"; repo = pname; - rev = "refs/tags/v${version}"; + rev = "refs/tags/${version}"; hash = "sha256-rrJTCWn1mFV4QQu8wyLDxheHkZQ/FIE7mRC/9nXNSaM="; }; From 4aab9ea39d7a6e6710f4fa1ac23546e5d6b7789f Mon Sep 17 00:00:00 2001 From: Nikolay Korotkiy Date: Fri, 13 Jan 2023 16:21:40 +0300 Subject: [PATCH 119/155] =?UTF-8?q?jc:=201.22.4=20=E2=86=92=201.22.5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pkgs/development/python-modules/jc/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/jc/default.nix b/pkgs/development/python-modules/jc/default.nix index 42803c89461..4a5c68188f1 100644 --- a/pkgs/development/python-modules/jc/default.nix +++ b/pkgs/development/python-modules/jc/default.nix @@ -10,14 +10,14 @@ buildPythonPackage rec { pname = "jc"; - version = "1.22.4"; + version = "1.22.5"; disabled = pythonOlder "3.6"; src = fetchFromGitHub { owner = "kellyjonbrazil"; repo = pname; rev = "refs/tags/v${version}"; - sha256 = "sha256-8uL+n9eQmGVtQmwYqUr/368IqQ1RLJGBLMlY9eAqUa4="; + sha256 = "sha256-ktK/s9Tt1XNIiW/Ztn4znsPXIMrScB4KAS027YqxIVM="; }; propagatedBuildInputs = [ ruamel-yaml xmltodict pygments ]; From 9f87711f0ddedc8291090b244fbfdd3848a0fde7 Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Thu, 12 Jan 2023 17:29:07 +0000 Subject: [PATCH 120/155] seatd: broaden platforms From the homepage: > Currently supports Linux and FreeBSD, and has experimental NetBSD support. --- pkgs/applications/misc/seatd/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/applications/misc/seatd/default.nix b/pkgs/applications/misc/seatd/default.nix index 22a1b9e74b7..8c10219903d 100644 --- a/pkgs/applications/misc/seatd/default.nix +++ b/pkgs/applications/misc/seatd/default.nix @@ -38,7 +38,7 @@ stdenv.mkDerivation rec { changelog = "https://git.sr.ht/~kennylevinsen/seatd/refs/${version}"; homepage = "https://sr.ht/~kennylevinsen/seatd/"; license = licenses.mit; - platforms = platforms.linux; + platforms = with platforms; freebsd ++ linux ++ netbsd; maintainers = with maintainers; [ emantor ]; }; } From 697b730fc56ea48bb1275890486a6257891660ee Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Fri, 13 Jan 2023 14:22:12 +0100 Subject: [PATCH 121/155] python3Packages.django-rest-registration: fix src.rev --- .../python-modules/django-rest-registration/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/python-modules/django-rest-registration/default.nix b/pkgs/development/python-modules/django-rest-registration/default.nix index c1605a93d39..bfce8141f47 100644 --- a/pkgs/development/python-modules/django-rest-registration/default.nix +++ b/pkgs/development/python-modules/django-rest-registration/default.nix @@ -18,7 +18,7 @@ buildPythonPackage rec { src = fetchFromGitHub { owner = "apragacz"; repo = pname; - rev = "refs/tags/v${version}"; + rev = "refs/tags/${version}"; hash = "sha256-JoIeVjl5s60ilq9kU28Jo+GaYRKU61hoqy1GzYmMdZQ="; }; From 54cb39a3f5cd6a1b1138ec8dcc90ffaf7e8f0927 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Fri, 13 Jan 2023 14:24:57 +0100 Subject: [PATCH 122/155] apache-airflow: fix src.hash Got broken due to limitations of the python bulk updater --- pkgs/development/python-modules/apache-airflow/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/python-modules/apache-airflow/default.nix b/pkgs/development/python-modules/apache-airflow/default.nix index 68b2cf396de..496e5f9f710 100644 --- a/pkgs/development/python-modules/apache-airflow/default.nix +++ b/pkgs/development/python-modules/apache-airflow/default.nix @@ -86,7 +86,7 @@ let # Download using the git protocol rather than using tarballs, because the # GitHub archive tarballs don't appear to include tests forceFetchGit = true; - sha256 = "sha256-gE/kPFb5PyPOi6sqtA9YqMokbjVSKgclGNQ6fbiCdgQ="; + hash = "sha256-QWUXSG+RSHkF5kP1ZYtx+tHjO0n7hfya9CFA3lBhJHk="; }; # airflow bundles a web interface, which is built using webpack by an undocumented shell script in airflow's source tree. From 1a93ad6e56a4050c9f69ecebd62c3bd6ca78cf7f Mon Sep 17 00:00:00 2001 From: me00001 <37930867+me00001@users.noreply.github.com> Date: Fri, 13 Jan 2023 16:27:44 +0300 Subject: [PATCH 123/155] libreoffice: add Arabic language pack --- pkgs/applications/office/libreoffice/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/applications/office/libreoffice/default.nix b/pkgs/applications/office/libreoffice/default.nix index cc40237d155..fdf76152a65 100644 --- a/pkgs/applications/office/libreoffice/default.nix +++ b/pkgs/applications/office/libreoffice/default.nix @@ -96,7 +96,7 @@ , gpgme , libwebp , abseil-cpp -, langs ? [ "ca" "cs" "da" "de" "en-GB" "en-US" "eo" "es" "fr" "hu" "it" "ja" "nl" "pl" "pt" "pt-BR" "ro" "ru" "sl" "tr" "uk" "zh-CN" ] +, langs ? [ "ar" "ca" "cs" "da" "de" "en-GB" "en-US" "eo" "es" "fr" "hu" "it" "ja" "nl" "pl" "pt" "pt-BR" "ro" "ru" "sl" "tr" "uk" "zh-CN" ] , withHelp ? true , kdeIntegration ? false , mkDerivation ? null From 5a6019fc8312b11b38a37eefa287a12db34c8823 Mon Sep 17 00:00:00 2001 From: Weijia Wang <9713184+wegank@users.noreply.github.com> Date: Fri, 13 Jan 2023 15:21:31 +0100 Subject: [PATCH 124/155] lensfun: fix build on x86_64-darwin --- pkgs/development/libraries/lensfun/default.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/pkgs/development/libraries/lensfun/default.nix b/pkgs/development/libraries/lensfun/default.nix index 2f0e2148dfe..efd65c1695d 100644 --- a/pkgs/development/libraries/lensfun/default.nix +++ b/pkgs/development/libraries/lensfun/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchFromGitHub, pkg-config, glib, zlib, libpng, cmake, libxml2, python3 }: +{ lib, stdenv, fetchFromGitHub, fetchpatch, pkg-config, glib, zlib, libpng, cmake, libxml2, python3 }: let version = "0.3.3"; @@ -24,6 +24,14 @@ stdenv.mkDerivation { sha256 = "0ixf0f7qv0mc7zrw9w1sb60w833g4rqrfj8cjxwzv2vimqcksccz"; }; + patches = [ + (fetchpatch { + name = "fix-compilation-with-clang.patch"; + url = "https://github.com/lensfun/lensfun/commit/5c2065685a22f19f8138365c0e5acf0be8329c02.patch"; + sha256 = "sha256-tAOCNL37pKE7hfQCu+hUTKLFnRHWF5Dplqf+GaucG+4="; + }) + ]; + # replace database with a more recent snapshot # the mastr branch uses version 2 profiles, while 0.3.3 requires version 1 profiles, # so we run the conversion tool the project provides, From 225ff463a78ba256426121421ae36ab39484c27d Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Fri, 13 Jan 2023 14:25:28 +0000 Subject: [PATCH 125/155] lagrange: 1.14.1 -> 1.14.2 --- pkgs/applications/networking/browsers/lagrange/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/networking/browsers/lagrange/default.nix b/pkgs/applications/networking/browsers/lagrange/default.nix index a46ea32cebf..0a0eb47b0a1 100644 --- a/pkgs/applications/networking/browsers/lagrange/default.nix +++ b/pkgs/applications/networking/browsers/lagrange/default.nix @@ -17,13 +17,13 @@ stdenv.mkDerivation (finalAttrs: { pname = "lagrange"; - version = "1.14.1"; + version = "1.14.2"; src = fetchFromGitHub { owner = "skyjake"; repo = "lagrange"; rev = "v${finalAttrs.version}"; - hash = "sha256-xS6cyramlcItjRBSSunzm39zcGXdX9s/pvi0tsaTkW8="; + hash = "sha256-9onjQ7fRLlL5/1vMtNHjBBcB7Fyk1ERaHg5IwtwbJQg="; }; nativeBuildInputs = [ cmake pkg-config zip ]; From e2c4605e2b8299bdcfd212f47497742b71bbcaeb Mon Sep 17 00:00:00 2001 From: figsoda Date: Fri, 13 Jan 2023 10:13:54 -0500 Subject: [PATCH 126/155] nurl: 0.3.4 -> 0.3.5 Diff: https://github.com/nix-community/nurl/compare/v0.3.4...v0.3.5 Changelog: https://github.com/nix-community/nurl/blob/v0.3.5/CHANGELOG.md --- pkgs/tools/misc/nurl/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/tools/misc/nurl/default.nix b/pkgs/tools/misc/nurl/default.nix index 60b27d17823..ab2b28c52e0 100644 --- a/pkgs/tools/misc/nurl/default.nix +++ b/pkgs/tools/misc/nurl/default.nix @@ -12,16 +12,16 @@ rustPlatform.buildRustPackage rec { pname = "nurl"; - version = "0.3.4"; + version = "0.3.5"; src = fetchFromGitHub { owner = "nix-community"; repo = "nurl"; rev = "v${version}"; - hash = "sha256-cPbvYrMeARNi9b97EPUUzYN5j0YjenOCDdrdRVLBviw="; + hash = "sha256-MPgJIO7pHpXeryJZB/u1iBpBhleKfTWkrArW2L0E4EM="; }; - cargoSha256 = "sha256-CBZe3UdTucgWrCzbXCSWjBjCNWCFUHmCpRwCXUX2sA8="; + cargoSha256 = "sha256-yMWNFY9exmDyqcU2iT9YFAcknYmtbYJ9VhJqlKg+NF4="; nativeBuildInputs = [ installShellFiles From c8dc0133d1da6a52abe022c18cbdc07890f76bbf Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Fri, 13 Jan 2023 15:34:10 +0000 Subject: [PATCH 127/155] osv-scanner: 1.0.2 -> 1.1.0 --- pkgs/tools/security/osv-scanner/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/tools/security/osv-scanner/default.nix b/pkgs/tools/security/osv-scanner/default.nix index 192d9f13b0f..3057f6fa896 100644 --- a/pkgs/tools/security/osv-scanner/default.nix +++ b/pkgs/tools/security/osv-scanner/default.nix @@ -6,16 +6,16 @@ }: buildGoModule rec { pname = "osv-scanner"; - version = "1.0.2"; + version = "1.1.0"; src = fetchFromGitHub { owner = "google"; repo = pname; rev = "v${version}"; - hash = "sha256-RmR6ZJg+UkE+eSmz4hGuMlObl6UvnGKNoLtBGVKoQ8Q="; + hash = "sha256-wU42911t4L2tsVBdmNnc1ABu3zEv94SRi9Z0/8zfUJs="; }; - vendorHash = "sha256-HUgzoQuWBRnt8+lCiu9QfO1XR5EMnqVIkrL+nIMf0IA="; + vendorHash = "sha256-8z/oRR2ru4SNdxgqelAQGmAPvOEvh9jlLl17k7Cv20g="; ldflags = [ "-s" From 566d6acb96884cde4c4d2a6120eb1252d8d28a36 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Fri, 13 Jan 2023 15:58:12 +0000 Subject: [PATCH 128/155] kluctl: 2.18.3 -> 2.18.4 --- pkgs/applications/networking/cluster/kluctl/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/networking/cluster/kluctl/default.nix b/pkgs/applications/networking/cluster/kluctl/default.nix index d297c48f80b..aefcef2bacc 100644 --- a/pkgs/applications/networking/cluster/kluctl/default.nix +++ b/pkgs/applications/networking/cluster/kluctl/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "kluctl"; - version = "2.18.3"; + version = "2.18.4"; src = fetchFromGitHub { owner = "kluctl"; repo = "kluctl"; rev = "v${version}"; - hash = "sha256-vlNFIxhytgRtECj42Xng+j69JPciID26g1q8w9K14xY="; + hash = "sha256-nHfJ7Dt9nAY4fY+U7W46cPRwWSgtGvwdbUjQAynOQdw="; }; - vendorHash = "sha256-JpAQ8tyGJXOUH13uHHCtaYd/jbqZ8zZNCNq7ddPf6U8="; + vendorHash = "sha256-ADYXLcCYmlQim9KvqkXGdEXJ9cACBsRCb3emcmrL0kg="; ldflags = [ "-s" "-w" "-X main.version=v${version}" ]; From 62d571148a24889811b8f4cdb69c05eb00d260ba Mon Sep 17 00:00:00 2001 From: Adam Joseph Date: Fri, 12 Aug 2022 17:58:08 -0700 Subject: [PATCH 129/155] default-crate-overrides: servo-fontconfig-sys needs fontconfig --- pkgs/build-support/rust/default-crate-overrides.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/build-support/rust/default-crate-overrides.nix b/pkgs/build-support/rust/default-crate-overrides.nix index cc6abdb90d3..28b3a87cd82 100644 --- a/pkgs/build-support/rust/default-crate-overrides.nix +++ b/pkgs/build-support/rust/default-crate-overrides.nix @@ -28,6 +28,7 @@ , cmake , glib , freetype +, fontconfig , rdkafka , udev , libevdev @@ -253,7 +254,7 @@ in servo-fontconfig-sys = attrs: { nativeBuildInputs = [ pkg-config ]; - buildInputs = [ freetype ]; + buildInputs = [ freetype fontconfig ]; }; thrussh-libsodium = attrs: { From 275ddaec5318819e9b911855d1f6b818e8ead43d Mon Sep 17 00:00:00 2001 From: Anthony Roussel Date: Sun, 8 Jan 2023 23:02:24 +0100 Subject: [PATCH 130/155] nodejs-14_x: 14.21.1 -> 14.21.2 --- pkgs/development/web/nodejs/v14.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/web/nodejs/v14.nix b/pkgs/development/web/nodejs/v14.nix index 86358be5bcf..4563dd7a045 100644 --- a/pkgs/development/web/nodejs/v14.nix +++ b/pkgs/development/web/nodejs/v14.nix @@ -8,7 +8,7 @@ let in buildNodejs { inherit enableNpm; - version = "14.21.1"; - sha256 = "sha256-PbldbKcolXvwkLYwGnqdLYBxSyoG2Jih22XG5Csdp6w="; + version = "14.21.2"; + sha256 = "00zzl43iis8mr8x48hww5ncj8mj5dmpn05rq7ihpffkp2q7rmw6q"; patches = lib.optional stdenv.isDarwin ./bypass-xcodebuild.diff; } From 920bb038e9f0ef9fa5b44814340437a156ba9587 Mon Sep 17 00:00:00 2001 From: Anthony Roussel Date: Sun, 8 Jan 2023 23:02:43 +0100 Subject: [PATCH 131/155] nodejs-16_x: 16.18.1 -> 16.19.0 --- pkgs/development/web/nodejs/v16.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/web/nodejs/v16.nix b/pkgs/development/web/nodejs/v16.nix index 8483e7251b4..c8241ababc0 100644 --- a/pkgs/development/web/nodejs/v16.nix +++ b/pkgs/development/web/nodejs/v16.nix @@ -10,8 +10,8 @@ let in buildNodejs { inherit enableNpm; - version = "16.18.1"; - sha256 = "sha256-H4BRqI+G9CBk9EFf56mA5ZsKUC7Mje9YP2MDvE1EUjg="; + version = "16.19.0"; + sha256 = "01k72p0hp4lhlpz1syd9cbkm2gpfww0hn10xdpmzd4i3x8dfq7sg"; patches = [ ./disable-darwin-v8-system-instrumentation.patch ./bypass-darwin-xcrun-node16.patch From 7146e2a152c78854bd05793c76e7da8eb0002048 Mon Sep 17 00:00:00 2001 From: Anthony Roussel Date: Sun, 8 Jan 2023 23:02:56 +0100 Subject: [PATCH 132/155] nodejs-18_x: 18.12.1 -> 18.13.0 --- pkgs/development/web/nodejs/v18.nix | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/pkgs/development/web/nodejs/v18.nix b/pkgs/development/web/nodejs/v18.nix index b91f2c9f2c2..5d1dfa55543 100644 --- a/pkgs/development/web/nodejs/v18.nix +++ b/pkgs/development/web/nodejs/v18.nix @@ -1,4 +1,4 @@ -{ callPackage, openssl, fetchpatch, python3, enableNpm ? true }: +{ callPackage, openssl, python3, enableNpm ? true }: let buildNodejs = callPackage ./nodejs.nix { @@ -10,17 +10,9 @@ let in buildNodejs { inherit enableNpm; - version = "18.12.1"; - sha256 = "sha256-T6QGRRvFJlmikOUs/bIWKnYL1UnaS4u+vmop8pbZON8="; + version = "18.13.0"; + sha256 = "0s6sscynhw9limpp43f965rn9grdamcvsnd9wfb2h5qxw1icajpx"; patches = [ - (fetchpatch { - # Fixes cross compilation to aarch64-linux by reverting https://github.com/nodejs/node/pull/43200 - name = "revert-arm64-pointer-auth.patch"; - url = "https://github.com/nodejs/node/pull/43200/commits/d42c42cc8ac652ab387aa93205aed6ece8a5040a.patch"; - sha256 = "sha256-ipGzg4lEoftTJbt6sW+0QJO/AZqHvUkFKe0qlum+iLY="; - revert = true; - }) - ./disable-darwin-v8-system-instrumentation.patch ./bypass-darwin-xcrun-node16.patch ] ++ npmPatches; From e40de94c4266c3c21f6c7e8f2e85c9fef25078d2 Mon Sep 17 00:00:00 2001 From: Adam Joseph Date: Thu, 24 Nov 2022 23:31:31 -0800 Subject: [PATCH 133/155] default-crate-overrides: add pkg-config to evdev-sys --- pkgs/build-support/rust/default-crate-overrides.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/build-support/rust/default-crate-overrides.nix b/pkgs/build-support/rust/default-crate-overrides.nix index 28b3a87cd82..36bf6813cb5 100644 --- a/pkgs/build-support/rust/default-crate-overrides.nix +++ b/pkgs/build-support/rust/default-crate-overrides.nix @@ -82,6 +82,7 @@ in }; evdev-sys = attrs: { + nativeBuildInputs = [ pkg-config ]; buildInputs = [ libevdev ]; }; From ba5367b708fad8a910f1a99b7afa87d506df9f9a Mon Sep 17 00:00:00 2001 From: Anthony Roussel Date: Sun, 8 Jan 2023 23:03:08 +0100 Subject: [PATCH 134/155] nodejs-19_x: 19.2.0 -> 19.4.0 --- pkgs/development/web/nodejs/v19.nix | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/pkgs/development/web/nodejs/v19.nix b/pkgs/development/web/nodejs/v19.nix index 335477aa7dd..454d647dad2 100644 --- a/pkgs/development/web/nodejs/v19.nix +++ b/pkgs/development/web/nodejs/v19.nix @@ -6,15 +6,14 @@ let python = python3; }; - npmPatches = callPackage ./npm-patches.nix { }; in buildNodejs { inherit enableNpm; - version = "19.2.0"; - sha256 = "sha256-CVaw/wHy9jg4J+kWpgSBWc4r2wUhf2VKj/9U6BFtwX4="; + version = "19.4.0"; + sha256 = "0qdj67dgxbjpllm2z9vm46c50s3dqk8a34hbp81vsa7mf3b42182"; patches = [ ./revert-arm64-pointer-auth.patch ./disable-darwin-v8-system-instrumentation-node19.patch ./bypass-darwin-xcrun-node16.patch - ] ++ npmPatches; + ]; } From 9297b5382f6b38e58cb636909d2d3a48760e765f Mon Sep 17 00:00:00 2001 From: Adam Joseph <54836058+amjoseph-nixpkgs@users.noreply.github.com> Date: Fri, 13 Jan 2023 16:43:39 +0000 Subject: [PATCH 135/155] default-crate-overrides.nix: add graphene-sys --- pkgs/build-support/rust/default-crate-overrides.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/pkgs/build-support/rust/default-crate-overrides.nix b/pkgs/build-support/rust/default-crate-overrides.nix index 36bf6813cb5..60b0cfc31c6 100644 --- a/pkgs/build-support/rust/default-crate-overrides.nix +++ b/pkgs/build-support/rust/default-crate-overrides.nix @@ -17,6 +17,7 @@ , libsodium , postgresql , gmp +, gobject-introspection , foundationdb , capnproto , nettle @@ -33,6 +34,7 @@ , udev , libevdev , alsa-lib +, graphene , ... }: @@ -171,6 +173,11 @@ in buildInputs = [ udev ]; }; + graphene-sys = attrs: { + nativeBuildInputs = [ pkg-config ]; + buildInputs = [ graphene gobject-introspection ]; + }; + nettle-sys = attrs: { nativeBuildInputs = [ pkg-config ]; buildInputs = [ nettle clang ]; From d11f7fadff8db0b2fc97bdac44ec3ab4bcb1c7e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Fri, 13 Jan 2023 18:05:34 +0100 Subject: [PATCH 136/155] docker-compose: 2.14.2 -> 2.15.1 Diff: https://github.com/docker/compose/compare/v2.14.2...v2.15.1 --- pkgs/applications/virtualization/docker/compose.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/virtualization/docker/compose.nix b/pkgs/applications/virtualization/docker/compose.nix index 467a235dc88..1646c051751 100644 --- a/pkgs/applications/virtualization/docker/compose.nix +++ b/pkgs/applications/virtualization/docker/compose.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "docker-compose"; - version = "2.14.2"; + version = "2.15.1"; src = fetchFromGitHub { owner = "docker"; repo = "compose"; rev = "v${version}"; - sha256 = "sha256-Yr4R2w6tUsir57etZeex2jT1PW3EZvsLJkVAo/QkhUA="; + sha256 = "sha256-CDkewlZFvjp6kb6UoMDUv9iAUfm0akMD9RpI9/H7Sz8="; }; postPatch = '' @@ -16,7 +16,7 @@ buildGoModule rec { rm -rf e2e/ ''; - vendorSha256 = "sha256-ar61gvbcm7bcgoPodppqrVJnyFHdZkPIMQ6IUXNpGBA="; + vendorSha256 = "sha256-sv4lK6MRwmp/1CSGBoYMpcGunVCuE8p1vB4VKaRuwQc="; ldflags = [ "-X github.com/docker/compose/v2/internal.Version=${version}" "-s" "-w" ]; From 97c335216ddd967315225aac1fb103eeafbade6e Mon Sep 17 00:00:00 2001 From: Adam Joseph Date: Wed, 11 Jan 2023 20:19:04 -0800 Subject: [PATCH 137/155] glibc: allow overriding common.nix --- pkgs/development/libraries/glibc/common.nix | 7 +------ pkgs/development/libraries/glibc/default.nix | 18 ++++++++++-------- 2 files changed, 11 insertions(+), 14 deletions(-) diff --git a/pkgs/development/libraries/glibc/common.nix b/pkgs/development/libraries/glibc/common.nix index 61c0c92d528..22e566fb8b3 100644 --- a/pkgs/development/libraries/glibc/common.nix +++ b/pkgs/development/libraries/glibc/common.nix @@ -37,7 +37,6 @@ , profilingLibraries ? false , withGd ? false , withLibcrypt ? false -, meta , extraBuildInputs ? [] , extraNativeBuildInputs ? [] , ... @@ -264,9 +263,5 @@ stdenv.mkDerivation ({ maintainers = with maintainers; [ eelco ma27 ]; platforms = platforms.linux; - } // meta; -} - -// lib.optionalAttrs (stdenv.hostPlatform != stdenv.buildPlatform) { - preInstall = null; # clobber the native hook + } // (args.meta or {}); }) diff --git a/pkgs/development/libraries/glibc/default.nix b/pkgs/development/libraries/glibc/default.nix index 791ac47536f..2d7e6614cec 100644 --- a/pkgs/development/libraries/glibc/default.nix +++ b/pkgs/development/libraries/glibc/default.nix @@ -14,16 +14,17 @@ let ]; in -callPackage ./common.nix { inherit stdenv; } { - pname = "glibc" + lib.optionalString withGd "-gd"; - - inherit withLinuxHeaders profilingLibraries withGd withLibcrypt; +(callPackage ./common.nix { inherit stdenv; } { + inherit withLinuxHeaders withGd profilingLibraries withLibcrypt; + pname = "glibc" + lib.optionalString withGd "-gd"; +}).overrideAttrs(previousAttrs: { # Note: # Things you write here override, and do not add to, # the values in `common.nix`. # (For example, if you define `patches = [...]` here, it will - # override the patches in `common.nix`.) + # override the patches in `common.nix` -- so instead you should + # write `patches = (previousAttrs.patches or []) ++ [ ... ]`. NIX_NO_SELF_RPATH = true; @@ -74,7 +75,7 @@ callPackage ./common.nix { inherit stdenv; } { # - dejagnu: during linux bootstrap tcl SIGSEGVs # - clang-wrapper in cross-compilation # Last attempt: https://github.com/NixOS/nixpkgs/pull/36948 - preInstall = '' + preInstall = lib.optionalString (stdenv.hostPlatform == stdenv.buildPlatform) '' if [ -f ${stdenv.cc.cc}/lib/libgcc_s.so.1 ]; then mkdir -p $out/lib cp ${stdenv.cc.cc}/lib/libgcc_s.so.1 $out/lib/libgcc_s.so.1 @@ -153,5 +154,6 @@ callPackage ./common.nix { inherit stdenv; } { separateDebugInfo = true; - meta.description = "The GNU C Library"; - } + meta = (previousAttrs.meta or {}) // { description = "The GNU C Library"; }; +}) + From ac8f963d0789d56a6a5b59fbd15c5ef7e9855a62 Mon Sep 17 00:00:00 2001 From: Weijia Wang <9713184+wegank@users.noreply.github.com> Date: Fri, 13 Jan 2023 18:31:45 +0100 Subject: [PATCH 138/155] dvdstyler: 3.1.2 -> 3.2.1 --- pkgs/applications/video/dvdstyler/default.nix | 13 +++++++++---- pkgs/applications/video/dvdstyler/wxgtk32.patch | 12 ++++++++++++ pkgs/top-level/all-packages.nix | 2 +- 3 files changed, 22 insertions(+), 5 deletions(-) create mode 100644 pkgs/applications/video/dvdstyler/wxgtk32.patch diff --git a/pkgs/applications/video/dvdstyler/default.nix b/pkgs/applications/video/dvdstyler/default.nix index cd369145833..ba0d4945385 100644 --- a/pkgs/applications/video/dvdstyler/default.nix +++ b/pkgs/applications/video/dvdstyler/default.nix @@ -17,7 +17,7 @@ , libjpeg , pkg-config , wrapGAppsHook -, wxGTK30 # crash with wxGTK30 with GTK2 compat +, wxGTK32 , wxSVG , xine-ui , xmlto @@ -33,13 +33,18 @@ let inherit (lib) optionals makeBinPath; in stdenv.mkDerivation rec { pname = "dvdstyler"; - version = "3.1.2"; + version = "3.2.1"; src = fetchurl { url = "mirror://sourceforge/project/dvdstyler/dvdstyler/${version}/DVDStyler-${version}.tar.bz2"; - sha256 = "03lsblqficcadlzkbyk8agh5rqcfz6y6dqvy9y866wqng3163zq4"; + sha256 = "sha256-C7M0hzn0yTCXRUuBTss6WPa6zo8DD0Fhmp/ur7R0dVg="; }; + patches = [ + # https://sourceforge.net/p/dvdstyler/DVDStyler/ci/679fa8dc6ac7657775eda9d7b0ed9da9d069aeec/ + ./wxgtk32.patch + ]; + nativeBuildInputs = [ bison docbook_xml_dtd_412 @@ -62,7 +67,7 @@ in stdenv.mkDerivation rec { libexif libjpeg wxSVG - wxGTK30 + wxGTK32 xine-ui ] ++ optionals dvdisasterSupport [ dvdisaster ] diff --git a/pkgs/applications/video/dvdstyler/wxgtk32.patch b/pkgs/applications/video/dvdstyler/wxgtk32.patch new file mode 100644 index 00000000000..92b3c3fbe3b --- /dev/null +++ b/pkgs/applications/video/dvdstyler/wxgtk32.patch @@ -0,0 +1,12 @@ +--- a/wxVillaLib/PropDlg.cpp ++++ b/wxVillaLib/PropDlg.cpp +@@ -12,7 +12,9 @@ + #include "utils.h" + #include + #include ++#ifdef __WXMSW__ + #include ++#endif + #include + #include + #include diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 212f4936209..91c45f1942c 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -23392,7 +23392,7 @@ with pkgs; }; wxSVG = callPackage ../development/libraries/wxSVG { - wxGTK = wxGTK30; + wxGTK = wxGTK32; }; wtk = callPackage ../development/libraries/wtk { }; From 956e68f8efa7a0a47d8ea5229dfbabeba0e01ea2 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Fri, 13 Jan 2023 19:56:15 +0000 Subject: [PATCH 139/155] swayr: 0.22.0 -> 0.24.0 --- pkgs/tools/wayland/swayr/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/tools/wayland/swayr/default.nix b/pkgs/tools/wayland/swayr/default.nix index c42a9cbf9c4..789ca9a3216 100644 --- a/pkgs/tools/wayland/swayr/default.nix +++ b/pkgs/tools/wayland/swayr/default.nix @@ -2,16 +2,16 @@ rustPlatform.buildRustPackage rec { pname = "swayr"; - version = "0.22.0"; + version = "0.24.0"; src = fetchFromSourcehut { owner = "~tsdh"; repo = "swayr"; rev = "swayr-${version}"; - sha256 = "sha256-HThKeuFe4slqakQE1QAfu3SMUL/Gq9DodnAKcU/gTEY="; + sha256 = "sha256-Cl/c8KfBfrBIL/AqhZK7DfEcMQNLvxOoWvAq9qqLQDQ="; }; - cargoSha256 = "sha256-c13u5EWRrTd9HbL6oLMd4xeQyAncrx5OjzW7FwPIBsE="; + cargoHash = "sha256-+z/Ru1c4U/v8EDtz5uUPy/qQu47p1BzdCIWhsHWViGY="; patches = [ ./icon-paths.patch From 6f6b4a1d4175d3f6fb72dbaceea8d6e4e79c5d6e Mon Sep 17 00:00:00 2001 From: Adam Joseph Date: Sun, 2 Oct 2022 18:04:22 -0700 Subject: [PATCH 140/155] systemd: default withLibBPF to false if isMips64 libBPF does not compile for mips64 targets using clang (rathern than gcc) because clang lacks the necessary _MIPS_SZPTR compiler builtin. Let's allow the rest of systemd to compile. - The glibc people noticed this problem [way back in 2011](https://sourceware.org/pipermail/libc-ports/2011-June/001959.html) and consider it to be a clang/llvm bug. I am inclined to agree. - [clang has the `_MIPS_SZPTR` builtin](https://github.com/llvm/clangir/blob/3af9cb5375084541165b4b63d36e3798801c95ab/clang/lib/Basic/Targets/Mips.cpp#L185) and seems to have had it since before they switched to git. This may in fact be a nixpkgs bug -- that we're not invoking clang in a way that tells the frontend to make the mips builtins available, even if the backend is emitting mips binaries. Or at least we aren't tricking systemd's build machinery into doing that. --- pkgs/os-specific/linux/systemd/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index 4e3f3762370..33b7a92d8cf 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -94,6 +94,7 @@ , withHwdb ? true , withImportd ? !stdenv.hostPlatform.isMusl , withLibBPF ? lib.versionAtLeast buildPackages.llvmPackages.clang.version "10.0" + && !stdenv.hostPlatform.isMips64 # see https://github.com/NixOS/nixpkgs/pull/194149#issuecomment-1266642211 , withLocaled ? true , withLogind ? true , withMachined ? true From 88cc922bba7a1f1cd233d65804b3556fe6bedc2e Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Fri, 13 Jan 2023 21:15:33 +0000 Subject: [PATCH 141/155] nb: 7.2.1 -> 7.3.0 --- pkgs/tools/misc/nb/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/misc/nb/default.nix b/pkgs/tools/misc/nb/default.nix index c6fc4d6fe16..207de747d2c 100644 --- a/pkgs/tools/misc/nb/default.nix +++ b/pkgs/tools/misc/nb/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "nb"; - version = "7.2.1"; + version = "7.3.0"; src = fetchFromGitHub { owner = "xwmx"; repo = "nb"; rev = version; - sha256 = "sha256-JBWZsMs1FijV1gWw2+K8DturOSEosGRfYmeHDPCwIs8="; + sha256 = "sha256-R5B49648X9UP2al4VRRAl/T9clgvCztYxpbDHwQmDM8="; }; nativeBuildInputs = [ installShellFiles ]; From 5c1405edb9472433873522462e268046d399dc42 Mon Sep 17 00:00:00 2001 From: ChaosAttractor Date: Sat, 14 Jan 2023 05:21:29 +0800 Subject: [PATCH 142/155] qq: move gtk3 from runtimeDependencies to buildInputs --- pkgs/applications/networking/instant-messengers/qq/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/applications/networking/instant-messengers/qq/default.nix b/pkgs/applications/networking/instant-messengers/qq/default.nix index d74f7a0530c..b7b77742ccb 100644 --- a/pkgs/applications/networking/instant-messengers/qq/default.nix +++ b/pkgs/applications/networking/instant-messengers/qq/default.nix @@ -49,6 +49,7 @@ stdenv.mkDerivation { alsa-lib at-spi2-core cups + gtk3 libdrm libgcrypt libkrb5 @@ -58,7 +59,6 @@ stdenv.mkDerivation { ]; runtimeDependencies = [ - gtk3 (lib.getLib systemd) ]; From 27e12fc30c920f42e9985c1991b93913fedc38ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Thu, 12 Jan 2023 06:33:21 -0800 Subject: [PATCH 143/155] python310Packages.python-ecobee-api: 0.2.15 -> 0.2.16 --- pkgs/development/python-modules/python-ecobee-api/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/python-ecobee-api/default.nix b/pkgs/development/python-modules/python-ecobee-api/default.nix index d1769806e28..e287d7490b9 100644 --- a/pkgs/development/python-modules/python-ecobee-api/default.nix +++ b/pkgs/development/python-modules/python-ecobee-api/default.nix @@ -6,11 +6,11 @@ buildPythonPackage rec { pname = "python-ecobee-api"; - version = "0.2.15"; + version = "0.2.16"; src = fetchPypi { inherit pname version; - sha256 = "91929b0dda6acc2af6661d0fb539eb6375323d7529d3d64b67915efb1dc1a6ca"; + hash = "sha256-wzL1WylQAFLxWu3lDFqQtLxJbQjse4OX/fbzaaEuvGQ="; }; propagatedBuildInputs = [ From 1b27c803ec12ca3651892a85dd549575b7dd0043 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Thu, 12 Jan 2023 01:58:22 -0800 Subject: [PATCH 144/155] python310Packages.bite-parser: 0.1.3 -> 0.2.1 https://github.com/jgosmann/bite-parser/blob/v0.2.1/CHANGELOG.rst --- pkgs/development/python-modules/bite-parser/default.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/pkgs/development/python-modules/bite-parser/default.nix b/pkgs/development/python-modules/bite-parser/default.nix index dc11813554a..66cafb2434d 100644 --- a/pkgs/development/python-modules/bite-parser/default.nix +++ b/pkgs/development/python-modules/bite-parser/default.nix @@ -10,15 +10,16 @@ buildPythonPackage rec { pname = "bite-parser"; - version = "0.1.3"; + version = "0.2.1"; - disabled = pythonOlder "3.7"; + disabled = pythonOlder "3.8"; format = "pyproject"; src = fetchPypi { - inherit pname version; - sha256 = "0f246e98a5556d6ed9a33fda1e94c3ab906305729feb30d25e35344b3e1c1fd9"; + pname = "bite_parser"; + inherit version; + hash = "sha256-PmZCCQzxCfCq6Mr1qn03tj/7/0we9Bfk5fj4K+wMhsk="; }; nativeBuildInputs = [ From b165b45b2055bd30ff7a03b45f1be0a7d77820da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Wed, 11 Jan 2023 19:44:50 -0800 Subject: [PATCH 145/155] cutemaze: 1.3.1 -> 1.3.2 https://github.com/gottcode/cutemaze/releases/tag/v1.3.2 --- pkgs/games/cutemaze/default.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/pkgs/games/cutemaze/default.nix b/pkgs/games/cutemaze/default.nix index ae6ade155f2..a141591211c 100644 --- a/pkgs/games/cutemaze/default.nix +++ b/pkgs/games/cutemaze/default.nix @@ -11,11 +11,11 @@ stdenv.mkDerivation rec { pname = "cutemaze"; - version = "1.3.1"; + version = "1.3.2"; src = fetchurl { - url = "https://gottcode.org/cutemaze/${pname}-${version}-src.tar.bz2"; - sha256 = "6944931cd39e9ef202c11483b7b2b7409a068c52fa5fd4419ff938b1158c72ab"; + url = "https://gottcode.org/cutemaze/${pname}-${version}.tar.bz2"; + hash = "sha256-hjDlY18O+VDJR68vwrIZwsQAa40xU+V3bCAA4GFHJEQ="; }; nativeBuildInputs = [ @@ -36,8 +36,9 @@ stdenv.mkDerivation rec { ''; meta = with lib; { - homepage = "https://gottcode.org/cutemaze/"; + changelog = "https://github.com/gottcode/cutemaze/blob/v${version}/ChangeLog"; description = "Simple, top-down game in which mazes are randomly generated"; + homepage = "https://gottcode.org/cutemaze/"; license = licenses.gpl3Plus; maintainers = with maintainers; [ dotlambda ]; platforms = platforms.unix; From ba8bd1ba949035a7b73211817c3eccffc7659cfe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Fri, 13 Jan 2023 02:21:29 -0800 Subject: [PATCH 146/155] sc-im: 0.8.2 -> 0.8.3 https://github.com/andmarti1424/sc-im/releases/tag/v0.8.3 --- pkgs/applications/misc/sc-im/default.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/misc/sc-im/default.nix b/pkgs/applications/misc/sc-im/default.nix index e299ec2ac86..69a71c6563c 100644 --- a/pkgs/applications/misc/sc-im/default.nix +++ b/pkgs/applications/misc/sc-im/default.nix @@ -15,13 +15,13 @@ stdenv.mkDerivation rec { pname = "sc-im"; - version = "0.8.2"; + version = "0.8.3"; src = fetchFromGitHub { owner = "andmarti1424"; repo = "sc-im"; rev = "v${version}"; - sha256 = "sha256-H+GQUpouiXc/w6GWdkSVvTXZ/Dtb7sUmBLGcpxG3Mts="; + sha256 = "sha256-QlnxMe0WsRX9J2xzpf2Udcf9+N3MvQWqmYl2YKsGpYM="; }; sourceRoot = "${src.name}/src"; @@ -49,6 +49,7 @@ stdenv.mkDerivation rec { ''; meta = with lib; { + changelog = "https://github.com/andmarti1424/sc-im/blob/${src.rev}/CHANGES"; homepage = "https://github.com/andmarti1424/sc-im"; description = "An ncurses spreadsheet program for terminal"; license = licenses.bsdOriginal; From 1d4151ed5b402e6e67140b859435c4d69d0b7652 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= Date: Fri, 13 Jan 2023 08:19:05 -0800 Subject: [PATCH 147/155] deltachat-desktop: 1.34.1 -> 1.34.2 https://github.com/deltachat/deltachat-desktop/releases/tag/v1.34.2 --- .../instant-messengers/deltachat-desktop/default.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/pkgs/applications/networking/instant-messengers/deltachat-desktop/default.nix b/pkgs/applications/networking/instant-messengers/deltachat-desktop/default.nix index c113618bbb7..bd3d75bd66b 100644 --- a/pkgs/applications/networking/instant-messengers/deltachat-desktop/default.nix +++ b/pkgs/applications/networking/instant-messengers/deltachat-desktop/default.nix @@ -21,17 +21,17 @@ let libdeltachat' = libdeltachat.overrideAttrs (old: rec { - version = "1.104.0"; + version = "1.106.0"; src = fetchFromGitHub { owner = "deltachat"; repo = "deltachat-core-rust"; rev = version; - hash = "sha256-+FQ6XE+CtvSNSgpEr8h0mcr9DCC6TvGgLrYGdw0Ve2o="; + hash = "sha256-S53ghVFb1qDI7MVNbc2ZlHqDN4VRBFQJCJg2J+w0erc="; }; cargoDeps = rustPlatform.fetchCargoTarball { inherit src; name = "${old.pname}-${version}"; - hash = "sha256-c3tt+nYZksI/VhJk4bNHu9ZXeDTaA2aLAQo1BmuF+2g="; + hash = "sha256-k4j814Ao7FAyd0w1nH2fuX1cJKjBkhPw0CVZqNU7Hqs="; }; }); esbuild' = esbuild.override { @@ -48,16 +48,16 @@ let }; in buildNpmPackage rec { pname = "deltachat-desktop"; - version = "1.34.1"; + version = "1.34.2"; src = fetchFromGitHub { owner = "deltachat"; repo = "deltachat-desktop"; rev = "v${version}"; - hash = "sha256-/F1fU54eTM9mUaQe/Ex9DnTDb+fzl/1HNyYvLWE2BBU="; + hash = "sha256-XOGfKa0eGVZKKKC0Pm2kw48XWWcrxCyDdYzCSKp+wco="; }; - npmDepsHash = "sha256-3wzN7G27IGTlFZUE9RzQXfApVfaTc92Sbb+jjH/zeoc="; + npmDepsHash = "sha256-ZMXXBDVT5rHTzHOrKAUAezL/1UTMdzbBllG69kxg55M="; nativeBuildInputs = [ makeWrapper From 8522fb282a3a4470ddfa6a185d1f3e9dcc01e641 Mon Sep 17 00:00:00 2001 From: figsoda Date: Fri, 13 Jan 2023 17:39:10 -0500 Subject: [PATCH 148/155] cargo-modules: 0.7.3 -> 0.7.4 Diff: https://github.com/regexident/cargo-modules/compare/0.7.3...0.7.4 Changelog: https://github.com/regexident/cargo-modules/blob/0.7.4/CHANGELOG.md --- pkgs/development/tools/rust/cargo-modules/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/tools/rust/cargo-modules/default.nix b/pkgs/development/tools/rust/cargo-modules/default.nix index 060b710f8f7..52a89b92047 100644 --- a/pkgs/development/tools/rust/cargo-modules/default.nix +++ b/pkgs/development/tools/rust/cargo-modules/default.nix @@ -2,16 +2,16 @@ rustPlatform.buildRustPackage rec { pname = "cargo-modules"; - version = "0.7.3"; + version = "0.7.4"; src = fetchFromGitHub { owner = "regexident"; repo = pname; rev = version; - sha256 = "sha256-xjAjm23hzuyvxU0S7m9AsfvXui/jb0oFrAqcY8m9Cq0="; + sha256 = "sha256-5j7zTAFUkevhSpiOn8KNG5+N7M9M1+c6hAKpDwPXdBQ="; }; - cargoSha256 = "sha256-XU4kNP0xODuY5I16zLZeQqpxS37HJI67YF3enB/5N+s="; + cargoSha256 = "sha256-jCbs/y0L9YP9VDEtofeqWXbUlsBpVRMbjIYtPRlmQVY="; buildInputs = lib.optionals stdenv.isDarwin [ darwin.apple_sdk.frameworks.CoreServices From fee38f5ad5e406fabc92f5c7f0cecff59cf2e37d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Fri, 13 Jan 2023 14:07:41 +0100 Subject: [PATCH 149/155] nix-index: 0.1.3 -> 0.1.4 Diff: https://github.com/bennofs/nix-index/compare/v0.1.3...v0.1.4 --- pkgs/tools/package-management/nix-index/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/tools/package-management/nix-index/default.nix b/pkgs/tools/package-management/nix-index/default.nix index b63d8491641..87714112621 100644 --- a/pkgs/tools/package-management/nix-index/default.nix +++ b/pkgs/tools/package-management/nix-index/default.nix @@ -4,16 +4,16 @@ rustPlatform.buildRustPackage rec { pname = "nix-index"; - version = "0.1.3"; + version = "0.1.4"; src = fetchFromGitHub { owner = "bennofs"; repo = "nix-index"; rev = "v${version}"; - sha256 = "sha256-UbM4041AiYUOcj8e5dJ5HmD26Db3szs6dABVCwseliU="; + sha256 = "sha256-TDGtnSgY897fRm1BWLlQZQa8v6Wu5/JIF4UH+1CZm4U="; }; - cargoSha256 = "sha256-TMfnjtUo7Kxx/kWnc0scC8qU6vi+E+TL0hE73NNIyjk="; + cargoSha256 = "sha256-z1lLpZBD4HjO6gLw96wbucfchRgZs26Q8Gl+hpUB1xo="; nativeBuildInputs = [ pkg-config ]; buildInputs = [ openssl curl sqlite ] From 8a2e0b566ff621967153b6f6ac5f16567eaad073 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Sat, 14 Jan 2023 00:59:25 +0000 Subject: [PATCH 150/155] drone-runner-docker: 1.8.2 -> 1.8.3 --- .../continuous-integration/drone-runner-docker/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/tools/continuous-integration/drone-runner-docker/default.nix b/pkgs/development/tools/continuous-integration/drone-runner-docker/default.nix index 649351c28d1..784486f49ce 100644 --- a/pkgs/development/tools/continuous-integration/drone-runner-docker/default.nix +++ b/pkgs/development/tools/continuous-integration/drone-runner-docker/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "drone-runner-docker"; - version = "1.8.2"; + version = "1.8.3"; src = fetchFromGitHub { owner = "drone-runners"; repo = pname; rev = "refs/tags/v${version}"; - sha256 = "sha256-ZpkVfzqeltZSYrKYB6dXtlVjl1uFpQdl2fa+c5ApiW4="; + sha256 = "sha256-ZoQeCuT5FRhxp/ikB0gkp3QVOQ6OS7ukkz4QanWT9G0="; }; - vendorSha256 = "sha256-KcNp3VdJ201oxzF0bLXY4xWHqHNz54ZrVSI96cfhU+k="; + vendorHash = "sha256-KcNp3VdJ201oxzF0bLXY4xWHqHNz54ZrVSI96cfhU+k="; meta = with lib; { maintainers = with maintainers; [ endocrimes indeednotjames ]; From b8c2af873ec15485f3122c64992f35cedcb4b262 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Sat, 14 Jan 2023 01:59:30 +0000 Subject: [PATCH 151/155] clash-geoip: 20221212 -> 20230112 --- pkgs/data/misc/clash-geoip/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/data/misc/clash-geoip/default.nix b/pkgs/data/misc/clash-geoip/default.nix index 241b209d9e2..c138ac710d5 100644 --- a/pkgs/data/misc/clash-geoip/default.nix +++ b/pkgs/data/misc/clash-geoip/default.nix @@ -2,11 +2,11 @@ stdenvNoCC.mkDerivation rec { pname = "clash-geoip"; - version = "20221212"; + version = "20230112"; src = fetchurl { url = "https://github.com/Dreamacro/maxmind-geoip/releases/download/${version}/Country.mmdb"; - sha256 = "sha256-pApPPRIvG8qak5chupTN2u1IUKANXtkcEMlSAPedjH4="; + sha256 = "sha256-mMu+U3gtoZmi6LrTMTqsNZKZ+w4J6LZ16Aorneyy7P8="; }; dontUnpack = true; From 8d29fa02b3cbe09c41fb91c4fb523d93b37c90b9 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Sat, 14 Jan 2023 03:47:39 +0000 Subject: [PATCH 152/155] coreth: 0.11.5 -> 0.11.6 --- pkgs/applications/networking/coreth/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/applications/networking/coreth/default.nix b/pkgs/applications/networking/coreth/default.nix index 0bc78278609..243b0d16a25 100644 --- a/pkgs/applications/networking/coreth/default.nix +++ b/pkgs/applications/networking/coreth/default.nix @@ -6,19 +6,19 @@ buildGoModule rec { pname = "coreth"; - version = "0.11.5"; + version = "0.11.6"; src = fetchFromGitHub { owner = "ava-labs"; repo = pname; rev = "v${version}"; - hash = "sha256-tXwcwMNSrjgQOXcEIucEZjpmPL0cvgYPOV4CMU51Bz8="; + hash = "sha256-Me+kmEfvSJs8EPU4D7MwkEyHQuvDmQCSIATxygXws5o="; }; # go mod vendor has a bug, see: golang/go#57529 proxyVendor = true; - vendorHash = "sha256-Wd0m/Bcbn3so0mh83tTfebfOBn51MiAxF3Azmu6ZA0o="; + vendorHash = "sha256-jI01tdAVdJOj/ocpwCiaANdyYKSLw00bV7ZtU7HvslA="; ldflags = [ "-s" From 562fdbed606822880a8f2ed204708d103ebe196b Mon Sep 17 00:00:00 2001 From: Aaron Bieber Date: Fri, 13 Jan 2023 06:05:11 -0700 Subject: [PATCH 153/155] maintainers/team-list: add qbit to go maintainers --- maintainers/team-list.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/maintainers/team-list.nix b/maintainers/team-list.nix index b37d2d0a28a..8bf5f07bc4e 100644 --- a/maintainers/team-list.nix +++ b/maintainers/team-list.nix @@ -280,6 +280,7 @@ with lib.maintainers; { kalbasit mic92 zowoq + qbit ]; scope = "Maintain Golang compilers."; shortName = "Go"; From 65e8ccfad63609e58f3efe7aa4042794182e2616 Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Fri, 13 Jan 2023 15:47:38 +1000 Subject: [PATCH 154/155] go_1_20: 1.20rc2 -> 1.20rc3 --- pkgs/development/compilers/go/1.20.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/compilers/go/1.20.nix b/pkgs/development/compilers/go/1.20.nix index 9ae9af3c668..009ecb8bf42 100644 --- a/pkgs/development/compilers/go/1.20.nix +++ b/pkgs/development/compilers/go/1.20.nix @@ -45,11 +45,11 @@ let in stdenv.mkDerivation rec { pname = "go"; - version = "1.20rc2"; + version = "1.20rc3"; src = fetchurl { url = "https://go.dev/dl/go${version}.src.tar.gz"; - sha256 = "sha256-V1IqKi4pXKYpJJRQHxMfiJO1kRqMD4VzfniqdOC5/PY="; + sha256 = "sha256-iMSJjeo/vu1Mi/CXZCXyxx27EdodN7U3TdR2JjKOMYs="; }; strictDeps = true; From 2b78639484d824eb61aaaeb9999f250e75247921 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sat, 14 Jan 2023 04:55:09 +0100 Subject: [PATCH 155/155] python3Packages.clevercsv: 0.7.4 -> 0.7.5 https://github.com/alan-turing-institute/CleverCSV/blob/v0.7.5/CHANGELOG.md --- .../python-modules/clevercsv/default.nix | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/pkgs/development/python-modules/clevercsv/default.nix b/pkgs/development/python-modules/clevercsv/default.nix index 0760fb36c6f..823ecb87c30 100644 --- a/pkgs/development/python-modules/clevercsv/default.nix +++ b/pkgs/development/python-modules/clevercsv/default.nix @@ -1,7 +1,6 @@ { lib , buildPythonPackage , fetchFromGitHub -, fetchpatch , cchardet , chardet , pandas @@ -13,24 +12,20 @@ buildPythonPackage rec { pname = "clevercsv"; - version = "0.7.4"; + version = "0.7.5"; format = "setuptools"; src = fetchFromGitHub { owner = "alan-turing-institute"; repo = "CleverCSV"; rev = "refs/tags/v${version}"; - hash = "sha256-2OLvVJbqV/wR+Quq0cAlR/vCUe1/Km/nALwfoHD9B+U="; + hash = "sha256-zpnUw0ThYbbYS7CYgsi0ZL1qxbY4B1cy2NhrUU9uzig="; }; - patches = [ - (fetchpatch { - # Fixes compat with setuptools>=65.6.0 - # https://github.com/alan-turing-institute/CleverCSV/issues/77 - url = "https://github.com/alan-turing-institute/CleverCSV/commit/0614fe16fa0e8e08c4c916efc956209fe2aa8ce6.patch"; - hash = "sha256-ZL0cc5Si8ga6kd3JhfaIUOWXdnEgep9tvHBVpXjsI+w="; - }) - ]; + postPatch = '' + substituteInPlace setup.py \ + --replace "packaging>=23.0" "packaging" + ''; propagatedBuildInputs = [ cchardet