diff options
| author | Janne Heß <janne@hess.ooo> | 2024-03-27 19:10:27 +0100 |
|---|---|---|
| committer | Valentin Gagarin <valentin.gagarin@tweag.io> | 2024-03-28 09:28:12 +0100 |
| commit | fcc95ff8172cc68a0d2d52aa1e8ef2120d2904ec (patch) | |
| tree | 8de1a02f7d1624c97562c7736896a6c95c74ec04 /nixos/modules/services | |
| parent | bc77c7a9730833c7668c92288c6af950e7270cb5 (diff) | |
treewide: Fix all Nix ASTs in all markdown files
This allows for correct highlighting and maybe future automatic
formatting. The AST was verified to work with nixfmt only.
Diffstat (limited to 'nixos/modules/services')
31 files changed, 876 insertions, 719 deletions
diff --git a/nixos/modules/services/audio/castopod.md b/nixos/modules/services/audio/castopod.md index ee8590737a7c..40838cc77aa6 100644 --- a/nixos/modules/services/audio/castopod.md +++ b/nixos/modules/services/audio/castopod.md @@ -7,16 +7,18 @@ Castopod is an open-source hosting platform made for podcasters who want to enga Use the following configuration to start a public instance of Castopod on `castopod.example.com` domain: ```nix -networking.firewall.allowedTCPPorts = [ 80 443 ]; -services.castopod = { - enable = true; - database.createLocally = true; - nginx.virtualHost = { - serverName = "castopod.example.com"; - enableACME = true; - forceSSL = true; +{ + networking.firewall.allowedTCPPorts = [ 80 443 ]; + services.castopod = { + enable = true; + database.createLocally = true; + nginx.virtualHost = { + serverName = "castopod.example.com"; + enableACME = true; + forceSSL = true; + }; }; -}; +} ``` Go to `https://castopod.example.com/cp-install` to create superadmin account after applying the above configuration. diff --git a/nixos/modules/services/backup/borgbackup.md b/nixos/modules/services/backup/borgbackup.md index 64d9e35720f1..2c91174732e1 100644 --- a/nixos/modules/services/backup/borgbackup.md +++ b/nixos/modules/services/backup/borgbackup.md @@ -24,19 +24,18 @@ A very basic configuration for backing up to a locally accessible directory is: ```nix { opt.services.borgbackup.jobs = { - { rootBackup = { - paths = "/"; - exclude = [ "/nix" "/path/to/local/repo" ]; - repo = "/path/to/local/repo"; - doInit = true; - encryption = { - mode = "repokey"; - passphrase = "secret"; - }; - compression = "auto,lzma"; - startAt = "weekly"; + rootBackup = { + paths = "/"; + exclude = [ "/nix" "/path/to/local/repo" ]; + repo = "/path/to/local/repo"; + doInit = true; + encryption = { + mode = "repokey"; + passphrase = "secret"; }; - } + compression = "auto,lzma"; + startAt = "weekly"; + }; }; } ``` @@ -96,7 +95,7 @@ accessible by root startAt = "hourly"; }; }; -}; +} ``` The following few commands (run as root) let you test your backup. diff --git a/nixos/modules/services/databases/foundationdb.md b/nixos/modules/services/databases/foundationdb.md index af17c9f95999..9f7addc9c140 100644 --- a/nixos/modules/services/databases/foundationdb.md +++ b/nixos/modules/services/databases/foundationdb.md @@ -16,8 +16,10 @@ key-value store. To enable FoundationDB, add the following to your {file}`configuration.nix`: ```nix -services.foundationdb.enable = true; -services.foundationdb.package = pkgs.foundationdb71; # FoundationDB 7.1.x +{ + services.foundationdb.enable = true; + services.foundationdb.package = pkgs.foundationdb71; # FoundationDB 7.1.x +} ``` The {option}`services.foundationdb.package` option is required, and @@ -110,7 +112,9 @@ FoundationDB stores all data for all server processes under {file}`/var/lib/foundationdb`. You can override this using {option}`services.foundationdb.dataDir`, e.g. ```nix -services.foundationdb.dataDir = "/data/fdb"; +{ + services.foundationdb.dataDir = "/data/fdb"; +} ``` Similarly, logs are stored under {file}`/var/log/foundationdb` @@ -266,7 +270,9 @@ For example, to create backups in {command}`/opt/fdb-backups`, first set up the paths in the module options: ```nix -services.foundationdb.extraReadWritePaths = [ "/opt/fdb-backups" ]; +{ + services.foundationdb.extraReadWritePaths = [ "/opt/fdb-backups" ]; +} ``` Restart the FoundationDB service, and it will now be able to write to this diff --git a/nixos/modules/services/databases/postgresql.md b/nixos/modules/services/databases/postgresql.md index ce1f2856b019..6cce8f542a53 100644 --- a/nixos/modules/services/databases/postgresql.md +++ b/nixos/modules/services/databases/postgresql.md @@ -16,8 +16,10 @@ PostgreSQL is an advanced, free relational database. To enable PostgreSQL, add the following to your {file}`configuration.nix`: ```nix -services.postgresql.enable = true; -services.postgresql.package = pkgs.postgresql_15; +{ + services.postgresql.enable = true; + services.postgresql.package = pkgs.postgresql_15; +} ``` Note that you are required to specify the desired version of PostgreSQL (e.g. `pkgs.postgresql_15`). Since upgrading your PostgreSQL version requires a database dump and reload (see below), NixOS cannot provide a default value for [](#opt-services.postgresql.package) such as the most recent release of PostgreSQL. @@ -36,7 +38,9 @@ alice=> By default, PostgreSQL stores its databases in {file}`/var/lib/postgresql/$psqlSchema`. You can override this using [](#opt-services.postgresql.dataDir), e.g. ```nix -services.postgresql.dataDir = "/data/postgresql"; +{ + services.postgresql.dataDir = "/data/postgresql"; +} ``` ## Initializing {#module-services-postgres-initializing} @@ -95,16 +99,19 @@ databases from `ensureDatabases` and `extraUser1` from `ensureUsers` are already created. ```nix + { systemd.services.postgresql.postStart = lib.mkAfter '' $PSQL service1 -c 'GRANT SELECT ON ALL TABLES IN SCHEMA public TO "extraUser1"' $PSQL service1 -c 'GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO "extraUser1"' # .... ''; + } ``` ##### in intermediate oneshot service {#module-services-postgres-initializing-extra-permissions-superuser-oneshot} ```nix + { systemd.services."migrate-service1-db1" = { serviceConfig.Type = "oneshot"; requiredBy = "service1.service"; @@ -119,6 +126,7 @@ are already created. # .... ''; }; + } ``` #### as service user {#module-services-postgres-initializing-extra-permissions-service-user} @@ -130,6 +138,7 @@ are already created. ##### in service `preStart` {#module-services-postgres-initializing-extra-permissions-service-user-pre-start} ```nix + { environment.PSQL = "psql --port=${toString services.postgresql.port}"; path = [ postgresql ]; systemd.services."service1".preStart = '' @@ -137,11 +146,13 @@ are already created. $PSQL -c 'GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO "extraUser1"' # .... ''; + } ``` ##### in intermediate oneshot service {#module-services-postgres-initializing-extra-permissions-service-user-oneshot} ```nix + { systemd.services."migrate-service1-db1" = { serviceConfig.Type = "oneshot"; requiredBy = "service1.service"; @@ -156,6 +167,7 @@ are already created. # .... ''; }; + } ``` ## Upgrading {#module-services-postgres-upgrading} @@ -257,11 +269,13 @@ postgresql_15.pkgs.pg_partman postgresql_15.pkgs.pgroonga To add plugins via NixOS configuration, set `services.postgresql.extraPlugins`: ```nix -services.postgresql.package = pkgs.postgresql_12; -services.postgresql.extraPlugins = ps: with ps; [ - pg_repack - postgis -]; +{ + services.postgresql.package = pkgs.postgresql_12; + services.postgresql.extraPlugins = ps: with ps; [ + pg_repack + postgis + ]; +} ``` You can build custom PostgreSQL-with-plugins (to be used outside of NixOS) using function `.withPackages`. For example, creating a custom PostgreSQL package in an overlay can look like: diff --git a/nixos/modules/services/databases/tigerbeetle.md b/nixos/modules/services/databases/tigerbeetle.md index ed05c982350d..12d920e7bcc7 100644 --- a/nixos/modules/services/databases/tigerbeetle.md +++ b/nixos/modules/services/databases/tigerbeetle.md @@ -8,7 +8,9 @@ TigerBeetle is a distributed financial accounting database designed for mission To enable TigerBeetle, add the following to your {file}`configuration.nix`: ```nix +{ services.tigerbeetle.enable = true; +} ``` When first started, the TigerBeetle service will create its data file at {file}`/var/lib/tigerbeetle` unless the file already exists, in which case it will just use the existing file. @@ -21,12 +23,14 @@ To configure it to listen on a different interface (and to configure it to conne Note that the TigerBeetle module won't open any firewall ports automatically, so if you configure it to listen on an external interface, you'll need to ensure that connections can reach it: ```nix +{ services.tigerbeetle = { enable = true; addresses = [ "0.0.0.0:3001" ]; }; networking.firewall.allowedTCPPorts = [ 3001 ]; +} ``` A complete list of options for TigerBeetle can be found [here](#opt-services.tigerbeetle.enable). diff --git a/nixos/modules/services/desktops/flatpak.md b/nixos/modules/services/desktops/flatpak.md index 57aa41b56224..5299b32a03c7 100644 --- a/nixos/modules/services/desktops/flatpak.md +++ b/nixos/modules/services/desktops/flatpak.md @@ -9,7 +9,9 @@ applications on Linux. To enable Flatpak, add the following to your {file}`configuration.nix`: ```nix +{ services.flatpak.enable = true; +} ``` For the sandboxed apps to work correctly, desktop integration portals need to @@ -17,8 +19,10 @@ be installed. If you run GNOME, this will be handled automatically for you; in other cases, you will need to add something like the following to your {file}`configuration.nix`: ```nix +{ xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; xdg.portal.config.common.default = "gtk"; +} ``` Then, you will need to add a repository, for example, diff --git a/nixos/modules/services/development/athens.md b/nixos/modules/services/development/athens.md index 142cc74b5d0d..2795930b0a02 100644 --- a/nixos/modules/services/development/athens.md +++ b/nixos/modules/services/development/athens.md @@ -42,7 +42,7 @@ To use the local proxy in Go builds, you can set the proxy as environment variab ```nix { environment.variables = { - GOPROXY = "http://localhost:3000" + GOPROXY = "http://localhost:3000"; }; } ``` diff --git a/nixos/modules/services/development/livebook.md b/nixos/modules/services/development/livebook.md index 3a3d9584675b..aac9c58d081c 100644 --- a/nixos/modules/services/development/livebook.md +++ b/nixos/modules/services/development/livebook.md @@ -52,5 +52,7 @@ learning Kinos require `gcc` and `gnumake`. To add these, use `extraPackages`: ```nix -services.livebook.extraPackages = with pkgs; [ gcc gnumake ]; +{ + services.livebook.extraPackages = with pkgs; [ gcc gnumake ]; +} ``` diff --git a/nixos/modules/services/editors/emacs.md b/nixos/modules/services/editors/emacs.md index 9164ee2adcb5..885f927422bd 100644 --- a/nixos/modules/services/editors/emacs.md +++ b/nixos/modules/services/editors/emacs.md @@ -242,7 +242,7 @@ let rm $out/share/applications/emacs.desktop ''; }); -in [...] +in [ /* ... */ ] ``` ::: @@ -263,7 +263,9 @@ with the user's login session. To install and enable the {command}`systemd` user service for Emacs daemon, add the following to your {file}`configuration.nix`: ```nix -services.emacs.enable = true; +{ + services.emacs.enable = true; +} ``` The {var}`services.emacs.package` option allows a custom @@ -324,8 +326,10 @@ by symlinks in {file}`/etc/systemd/user`. In the case where Emacs daemon is not wanted for all users, it is possible to install the service but not globally enable it: ```nix -services.emacs.enable = false; -services.emacs.install = true; +{ + services.emacs.enable = false; + services.emacs.install = true; +} ``` To enable the {command}`systemd` user service for just the diff --git a/nixos/modules/services/matrix/maubot.md b/nixos/modules/services/matrix/maubot.md index f6a05db56caf..d49066057a23 100644 --- a/nixos/modules/services/matrix/maubot.md +++ b/nixos/modules/services/matrix/maubot.md @@ -10,7 +10,9 @@ framework for Matrix. 2. If you want to use PostgreSQL instead of SQLite, do this: ```nix - services.maubot.settings.database = "postgresql://maubot@localhost/maubot"; + { + services.maubot.settings.database = "postgresql://maubot@localhost/maubot"; + } ``` If the PostgreSQL connection requires a password, you will have to @@ -18,54 +20,58 @@ framework for Matrix. 3. If you plan to expose your Maubot interface to the web, do something like this: ```nix - services.nginx.virtualHosts."matrix.example.org".locations = { - "/_matrix/maubot/" = { - proxyPass = "http://127.0.0.1:${toString config.services.maubot.settings.server.port}"; - proxyWebsockets = true; + { + services.nginx.virtualHosts."matrix.example.org".locations = { + "/_matrix/maubot/" = { + proxyPass = "http://127.0.0.1:${toString config.services.maubot.settings.server.port}"; + proxyWebsockets = true; + }; }; - }; - services.maubot.settings.server.public_url = "matrix.example.org"; - # do the following only if you want to use something other than /_matrix/maubot... - services.maubot.settings.server.ui_base_path = "/another/base/path"; + services.maubot.settings.server.public_url = "matrix.example.org"; + # do the following only if you want to use something other than /_matrix/maubot... + services.maubot.settings.server.ui_base_path = "/another/base/path"; + } ``` 4. Optionally, set `services.maubot.pythonPackages` to a list of python3 packages to make available for Maubot plugins. 5. Optionally, set `services.maubot.plugins` to a list of Maubot plugins (full list available at https://plugins.maubot.xyz/): ```nix - services.maubot.plugins = with config.services.maubot.package.plugins; [ - reactbot - # This will only change the default config! After you create a - # plugin instance, the default config will be copied into that - # instance's config in Maubot's database, and further base config - # changes won't affect the running plugin. - (rss.override { - base_config = { - update_interval = 60; - max_backoff = 7200; - spam_sleep = 2; - command_prefix = "rss"; - admins = [ "@chayleaf:pavluk.org" ]; - }; - }) - ]; - # ...or... - services.maubot.plugins = config.services.maubot.package.plugins.allOfficialPlugins; - # ...or... - services.maubot.plugins = config.services.maubot.package.plugins.allPlugins; - # ...or... - services.maubot.plugins = with config.services.maubot.package.plugins; [ - (weather.override { - # you can pass base_config as a string - base_config = '' - default_location: New York - default_units: M - default_language: - show_link: true - show_image: false - ''; - }) - ]; + { + services.maubot.plugins = with config.services.maubot.package.plugins; [ + reactbot + # This will only change the default config! After you create a + # plugin instance, the default config will be copied into that + # instance's config in Maubot's database, and further base config + # changes won't affect the running plugin. + (rss.override { + base_config = { + update_interval = 60; + max_backoff = 7200; + spam_sleep = 2; + command_prefix = "rss"; + admins = [ "@chayleaf:pavluk.org" ]; + }; + }) + ]; + # ...or... + services.maubot.plugins = config.services.maubot.package.plugins.allOfficialPlugins; + # ...or... + services.maubot.plugins = config.services.maubot.package.plugins.allPlugins; + # ...or... + services.maubot.plugins = with config.services.maubot.package.plugins; [ + (weather.override { + # you can pass base_config as a string + base_config = '' + default_location: New York + default_units: M + default_language: + show_link: true + show_image: false + ''; + }) + ]; + } ``` 6. Start Maubot at least once before doing the following steps (it's necessary to generate the initial config). diff --git a/nixos/modules/services/misc/forgejo.md b/nixos/modules/services/misc/forgejo.md index 14b21933e6b0..f234ebf44aef 100644 --- a/nixos/modules/services/misc/forgejo.md +++ b/nixos/modules/services/misc/forgejo.md @@ -57,23 +57,25 @@ locations and database, instead of having to copy or rename them. Make sure to disable `services.gitea`, when doing this. ```nix -services.gitea.enable = false; - -services.forgejo = { - enable = true; - user = "gitea"; - group = "gitea"; - stateDir = "/var/lib/gitea"; - database.name = "gitea"; - database.user = "gitea"; -}; - -users.users.gitea = { - home = "/var/lib/gitea"; - useDefaultShell = true; - group = "gitea"; - isSystemUser = true; -}; - -users.groups.gitea = {}; +{ + services.gitea.enable = false; + + services.forgejo = { + enable = true; + user = "gitea"; + group = "gitea"; + stateDir = "/var/lib/gitea"; + database.name = "gitea"; + database.user = "gitea"; + }; + + users.users.gitea = { + home = "/var/lib/gitea"; + useDefaultShell = true; + group = "gitea"; + isSystemUser = true; + }; + + users.groups.gitea = {}; +} ``` diff --git a/nixos/modules/services/misc/gitlab.md b/nixos/modules/services/misc/gitlab.md index ea1b95607c63..f7a5a8027489 100644 --- a/nixos/modules/services/misc/gitlab.md +++ b/nixos/modules/services/misc/gitlab.md @@ -11,18 +11,20 @@ configure a webserver to proxy HTTP requests to the socket. For instance, the following configuration could be used to use nginx as frontend proxy: ```nix -services.nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - virtualHosts."git.example.com" = { - enableACME = true; - forceSSL = true; - locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket"; +{ + services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + virtualHosts."git.example.com" = { + enableACME = true; + forceSSL = true; + locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket"; + }; }; -}; +} ``` ## Configuring {#module-services-gitlab-configuring} @@ -36,35 +38,37 @@ all data like the repositories and uploads will be stored. A basic configuration with some custom settings could look like this: ```nix -services.gitlab = { - enable = true; - databasePasswordFile = "/var/keys/gitlab/db_password"; - initialRootPasswordFile = "/var/keys/gitlab/root_password"; - https = true; - host = "git.example.com"; - port = 443; - user = "git"; - group = "git"; - smtp = { +{ + services.gitlab = { enable = true; - address = "localhost"; - port = 25; - }; - secrets = { - dbFile = "/var/keys/gitlab/db"; - secretFile = "/var/keys/gitlab/secret"; - otpFile = "/var/keys/gitlab/otp"; - jwsFile = "/var/keys/gitlab/jws"; - }; - extraConfig = { - gitlab = { - email_from = "gitlab-no-reply@example.com"; - email_display_name = "Example GitLab"; - email_reply_to = "gitlab-no-reply@example.com"; - default_projects_features = { builds = false; }; + databasePasswordFile = "/var/keys/gitlab/db_password"; + initialRootPasswordFile = "/var/keys/gitlab/root_password"; + https = true; + host = "git.example.com"; + port = 443; + user = "git"; + group = "git"; + smtp = { + enable = true; + address = "localhost"; + port = 25; + }; + secrets = { + dbFile = "/var/keys/gitlab/db"; + secretFile = "/var/keys/gitlab/secret"; + otpFile = "/var/keys/gitlab/otp"; + jwsFile = "/var/keys/gitlab/jws"; + }; + extraConfig = { + gitlab = { + email_from = "gitlab-no-reply@example.com"; + email_display_name = "Example GitLab"; + email_reply_to = "gitlab-no-reply@example.com"; + default_projects_features = { builds = false; }; + }; }; }; -}; +} ``` If you're setting up a new GitLab instance, generate new diff --git a/nixos/modules/services/misc/sourcehut/default.md b/nixos/modules/services/misc/sourcehut/default.md index 5f841833a954..f965c395038a 100644 --- a/nixos/modules/services/misc/sourcehut/default.md +++ b/nixos/modules/services/misc/sourcehut/default.md @@ -66,9 +66,9 @@ in { # Settings to setup what certificates are used for which endpoint. virtualHosts = { "${fqdn}".enableACME = true; - "meta.${fqdn}".useACMEHost = fqdn: - "man.${fqdn}".useACMEHost = fqdn: - "git.${fqdn}".useACMEHost = fqdn: + "meta.${fqdn}".useACMEHost = fqdn; + "man.${fqdn}".useACMEHost = fqdn; + "git.${fqdn}".useACMEHost = fqdn; }; }; } diff --git a/nixos/modules/services/monitoring/certspotter.md b/nixos/modules/services/monitoring/certspotter.md index 9bf6e1d946a0..e999bfe65ec3 100644 --- a/nixos/modules/services/monitoring/certspotter.md +++ b/nixos/modules/services/monitoring/certspotter.md @@ -9,17 +9,19 @@ A basic config that notifies you of all certificate changes for your domain would look as follows: ```nix -services.certspotter = { - enable = true; - # replace example.org with your domain name - watchlist = [ ".example.org" ]; - emailRecipients = [ "webmaster@example.org" ]; -}; +{ + services.certspotter = { + enable = true; + # replace example.org with your domain name + watchlist = [ ".example.org" ]; + emailRecipients = [ "webmaster@example.org" ]; + }; -# Configure an SMTP client -programs.msmtp.enable = true; -# Or you can use any other module that provides sendmail, like -# services.nullmailer, services.opensmtpd, services.postfix + # Configure an SMTP client + programs.msmtp.enable = true; + # Or you can use any other module that provides sendmail, like + # services.nullmailer, services.opensmtpd, services.postfix +} ``` In this case, the leading dot in `".example.org"` means that Cert @@ -59,16 +61,18 @@ For example, you can remove `emailRecipients` and send email notifications manually using the following hook: ```nix -services.certspotter.hooks = [ - (pkgs.writeShellScript "certspotter-hook" '' - function print_email() { - echo "Subject: [certspotter] $SUMMARY" - echo "Mime-Version: 1.0" - echo "Content-Type: text/plain; charset=US-ASCII" - echo - cat "$TEXT_FILENAME" - } - print_email | ${config.services.certspotter.sendmailPath} -i webmaster@example.org - '') -]; +{ + services.certspotter.hooks = [ + (pkgs.writeShellScript "certspotter-hook" '' + function print_email() { + echo "Subject: [certspotter] $SUMMARY" + echo "Mime-Version: 1.0" + echo "Content-Type: text/plain; charset=US-ASCII" + echo + cat "$TEXT_FILENAME" + } + print_email | ${config.services.certspotter.sendmailPath} -i webmaster@example.org + '') + ]; +} ``` diff --git a/nixos/modules/services/monitoring/parsedmarc.md b/nixos/modules/services/monitoring/parsedmarc.md index eac07e0cc9fe..765846bbbaf3 100644 --- a/nixos/modules/services/monitoring/parsedmarc.md +++ b/nixos/modules/services/monitoring/parsedmarc.md @@ -11,15 +11,17 @@ email address and saves them to a local Elasticsearch instance looks like this: ```nix -services.parsedmarc = { - enable = true; - settings.imap = { - host = "imap.example.com"; - user = "alice@example.com"; - password = "/path/to/imap_password_file"; +{ + services.parsedmarc = { + enable = true; + settings.imap = { + host = "imap.example.com"; + user = "alice@example.com"; + password = "/path/to/imap_password_file"; + }; + provision.geoIp = false; # Not recommended! }; - provision.geoIp = false; # Not recommended! -}; +} ``` Note that GeoIP provisioning is disabled in the example for @@ -37,16 +39,18 @@ configured in the domain's dmarc policy is `dmarc@monitoring.example.com`. ```nix |