treewide: fix syntax errors in nix code blocks
Fixes all code blocks with "nix" language in markdown files for syntax errors to be able to run nixfmt in the next step.
This commit is contained in:
parent
52ee822768
commit
6c47e7d5da
@ -126,17 +126,19 @@ in turn will not make the service / timer start on login.
|
||||
You can define services by adding them to `systemd.services`:
|
||||
|
||||
```nix
|
||||
systemd.services.myservice = {
|
||||
after = [ "network-online.target" ];
|
||||
requires = [ "network-online.target" ];
|
||||
{
|
||||
systemd.services.myservice = {
|
||||
after = [ "network-online.target" ];
|
||||
requires = [ "network-online.target" ];
|
||||
|
||||
before = [ "multi-user.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
before = [ "multi-user.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
serviceConfig = {
|
||||
ExecStart = "...";
|
||||
serviceConfig = {
|
||||
ExecStart = "...";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
If you want to specify a multi-line script for `ExecStart`,
|
||||
|
@ -111,7 +111,7 @@ If there are shared libraries missing add them with
|
||||
extraPkgs = pkgs: [
|
||||
# missing libraries here, e.g.: `pkgs.libepoxy`
|
||||
];
|
||||
}
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
|
@ -33,7 +33,7 @@ To enable Mattermost using Postgres, use a config like this:
|
||||
|
||||
# For example, to disable auto-installation of prepackaged plugins.
|
||||
settings.PluginSettings.AutomaticPrepackagedPlugins = false;
|
||||
}
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
|
@ -137,7 +137,9 @@ the Perl script. It aims to eventually replace the Perl script by default.
|
||||
You can enable Userborn via:
|
||||
|
||||
```nix
|
||||
services.userborn.enable = true;
|
||||
{
|
||||
services.userborn.enable = true;
|
||||
}
|
||||
```
|
||||
|
||||
You can configure Userborn to store the password files
|
||||
@ -145,7 +147,9 @@ You can configure Userborn to store the password files
|
||||
location to `/etc`:
|
||||
|
||||
```nix
|
||||
services.userborn.passwordFilesLocation = "/persistent/etc";
|
||||
{
|
||||
services.userborn.passwordFilesLocation = "/persistent/etc";
|
||||
}
|
||||
```
|
||||
|
||||
This is useful when you store `/etc` on a `tmpfs` or if `/etc` is immutable
|
||||
|
@ -22,25 +22,27 @@ You can run `vwifi-ctrl` on this node to control characteristics of the simulate
|
||||
physical layer.
|
||||
|
||||
```nix
|
||||
airgap =
|
||||
{ config, ... }:
|
||||
{
|
||||
networking.interfaces.eth1.ipv4.addresses = lib.mkForce [
|
||||
{
|
||||
address = "192.168.1.2";
|
||||
prefixLength = 24;
|
||||
}
|
||||
];
|
||||
services.vwifi = {
|
||||
server = {
|
||||
enable = true;
|
||||
ports.tcp = 8212;
|
||||
# uncomment if you want to enable monitor mode on another node
|
||||
# ports.spy = 8213;
|
||||
openFirewall = true;
|
||||
{
|
||||
airgap =
|
||||
{ config, ... }:
|
||||
{
|
||||
networking.interfaces.eth1.ipv4.addresses = lib.mkForce [
|
||||
{
|
||||
address = "192.168.1.2";
|
||||
prefixLength = 24;
|
||||
}
|
||||
];
|
||||
services.vwifi = {
|
||||
server = {
|
||||
enable = true;
|
||||
ports.tcp = 8212;
|
||||
# uncomment if you want to enable monitor mode on another node
|
||||
# ports.spy = 8213;
|
||||
openFirewall = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
### AP {#sec-nixos-test-wifi-ap}
|
||||
@ -48,40 +50,42 @@ airgap =
|
||||
A node like this will act as a wireless access point in infrastructure mode.
|
||||
|
||||
```nix
|
||||
ap =
|
||||
{ config, ... }:
|
||||
{
|
||||
networking.interfaces.eth1.ipv4.addresses = lib.mkForce [
|
||||
{
|
||||
address = "192.168.1.3";
|
||||
prefixLength = 24;
|
||||
}
|
||||
];
|
||||
services.hostapd = {
|
||||
enable = true;
|
||||
radios.wlan0 = {
|
||||
channel = 1;
|
||||
networks.wlan0 = {
|
||||
ssid = "NixOS Test Wi-Fi Network";
|
||||
authentication = {
|
||||
mode = "wpa3-sae";
|
||||
saePasswords = [ { password = "supersecret"; } ];
|
||||
enableRecommendedPairwiseCiphers = true;
|
||||
{
|
||||
ap =
|
||||
{ config, ... }:
|
||||
{
|
||||
networking.interfaces.eth1.ipv4.addresses = lib.mkForce [
|
||||
{
|
||||
address = "192.168.1.3";
|
||||
prefixLength = 24;
|
||||
}
|
||||
];
|
||||
services.hostapd = {
|
||||
enable = true;
|
||||
radios.wlan0 = {
|
||||
channel = 1;
|
||||
networks.wlan0 = {
|
||||
ssid = "NixOS Test Wi-Fi Network";
|
||||
authentication = {
|
||||
mode = "wpa3-sae";
|
||||
saePasswords = [ { password = "supersecret"; } ];
|
||||
enableRecommendedPairwiseCiphers = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
services.vwifi = {
|
||||
module = {
|
||||
enable = true;
|
||||
macPrefix = "74:F8:F6:00:01";
|
||||
};
|
||||
client = {
|
||||
enable = true;
|
||||
serverAddress = "192.168.1.2";
|
||||
services.vwifi = {
|
||||
module = {
|
||||
enable = true;
|
||||
macPrefix = "74:F8:F6:00:01";
|
||||
};
|
||||
client = {
|
||||
enable = true;
|
||||
serverAddress = "192.168.1.2";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
### Station {#sec-nixos-test-wifi-station}
|
||||
@ -89,37 +93,39 @@ ap =
|
||||
A node like this acts as a wireless client.
|
||||
|
||||
```nix
|
||||
station =
|
||||
{ config, ... }:
|
||||
{
|
||||
networking.interfaces.eth1.ipv4.addresses = lib.mkForce [
|
||||
{
|
||||
address = "192.168.1.3";
|
||||
prefixLength = 24;
|
||||
}
|
||||
];
|
||||
networking.wireless = {
|
||||
# No, really, we want it enabled!
|
||||
enable = lib.mkOverride 0 true;
|
||||
interfaces = [ "wlan0" ];
|
||||
networks = {
|
||||
"NixOS Test Wi-Fi Network" = {
|
||||
psk = "supersecret";
|
||||
authProtocols = [ "SAE" ];
|
||||
{
|
||||
station =
|
||||
{ config, ... }:
|
||||
{
|
||||
networking.interfaces.eth1.ipv4.addresses = lib.mkForce [
|
||||
{
|
||||
address = "192.168.1.3";
|
||||
prefixLength = 24;
|
||||
}
|
||||
];
|
||||
networking.wireless = {
|
||||
# No, really, we want it enabled!
|
||||
enable = lib.mkOverride 0 true;
|
||||
interfaces = [ "wlan0" ];
|
||||
networks = {
|
||||
"NixOS Test Wi-Fi Network" = {
|
||||
psk = "supersecret";
|
||||
authProtocols = [ "SAE" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
services.vwifi = {
|
||||
module = {
|
||||
enable = true;
|
||||
macPrefix = "74:F8:F6:00:02";
|
||||
};
|
||||
client = {
|
||||
enable = true;
|
||||
serverAddress = "192.168.1.2";
|
||||
};
|
||||
};
|
||||
};
|
||||
services.vwifi = {
|
||||
module = {
|
||||
enable = true;
|
||||
macPrefix = "74:F8:F6:00:02";
|
||||
};
|
||||
client = {
|
||||
enable = true;
|
||||
serverAddress = "192.168.1.2";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
### Monitor {#sec-nixos-test-wifi-monitor}
|
||||
@ -128,25 +134,28 @@ When the monitor mode interface is enabled, this node will receive
|
||||
all packets broadcast by all other nodes through the spy interface.
|
||||
|
||||
```nix
|
||||
monitor =
|
||||
{ config, ... }:
|
||||
{
|
||||
networking.interfaces.eth1.ipv4.addresses = lib.mkForce [
|
||||
{
|
||||
address = "192.168.1.4";
|
||||
prefixLength = 24;
|
||||
}
|
||||
];
|
||||
{
|
||||
monitor =
|
||||
{ config, ... }:
|
||||
{
|
||||
networking.interfaces.eth1.ipv4.addresses = lib.mkForce [
|
||||
{
|
||||
address = "192.168.1.4";
|
||||
prefixLength = 24;
|
||||
}
|
||||
];
|
||||
|
||||
services.vwifi = {
|
||||
module = {
|
||||
enable = true;
|
||||
macPrefix = "74:F8:F6:00:03";
|
||||
};
|
||||
client = {
|
||||
enable = true;
|
||||
spy = true;
|
||||
serverAddress = "192.168.1.2";
|
||||
services.vwifi = {
|
||||
module = {
|
||||
enable = true;
|
||||
macPrefix = "74:F8:F6:00:03";
|
||||
};
|
||||
client = {
|
||||
enable = true;
|
||||
spy = true;
|
||||
serverAddress = "192.168.1.2";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
```
|
||||
|
@ -25,7 +25,9 @@ The `image.modules` option can be used to set specific options per image variant
|
||||
E.g. images for the cloud provider Linode use `grub2` as a bootloader by default. If you are using `systemd-boot` on other platforms and want to disable it for Linode only, you could use the following options:
|
||||
|
||||
``` nix
|
||||
{
|
||||
image.modules.linode = {
|
||||
boot.loader.systemd-boot.enable = lib.mkForce false;
|
||||
};
|
||||
}
|
||||
```
|
||||
|
@ -243,9 +243,11 @@ The pre-existing `services.ankisyncd` has been marked deprecated and will be dro
|
||||
- `azure-cli` now has extension support. For example, to install the `aks-preview` extension, use
|
||||
|
||||
```nix
|
||||
environment.systemPackages = [
|
||||
(azure-cli.withExtensions [ azure-cli.extensions.aks-preview ])
|
||||
];
|
||||
{
|
||||
environment.systemPackages = [
|
||||
(azure-cli.withExtensions [ azure-cli.extensions.aks-preview ])
|
||||
];
|
||||
}
|
||||
```
|
||||
To make the `azure-cli` immutable and prevent clashes in case `azure-cli` is also installed via other package managers, some configuration files were moved into the derivation.
|
||||
This can be disabled by overriding `withImmutableConfig = false` when building `azure-cli`.
|
||||
|
@ -615,8 +615,10 @@
|
||||
Then, follow the instructions on the [upstream release notes](https://github.com/majewsky/portunus/releases/tag/v2.0.0) to upgrade all existing user accounts to strong password hashes.
|
||||
If you need to upgrade to 24.11 without having completed the migration, consider the security implications of weak password hashes on your user accounts, and add the following to your configuration:
|
||||
```nix
|
||||
services.portunus.package = pkgs.portunus.override { libxcrypt = pkgs.libxcrypt-legacy; };
|
||||
services.portunus.ldap.package = pkgs.openldap.override { libxcrypt = pkgs.libxcrypt-legacy; };
|
||||
{
|
||||
services.portunus.package = pkgs.portunus.override { libxcrypt = pkgs.libxcrypt-legacy; };
|
||||
services.portunus.ldap.package = pkgs.openldap.override { libxcrypt = pkgs.libxcrypt-legacy; };
|
||||
}
|
||||
```
|
||||
|
||||
- The default value of `services.kubernetes.kubelet.hostname` is now lowercased.
|
||||
@ -956,24 +958,26 @@ If you set `sound.mediaKeys` in your configuration:
|
||||
- If you want to maintain the exact behavior of the option, use the following snippet
|
||||
|
||||
```nix
|
||||
services.actkbd = let
|
||||
volumeStep = "1%";
|
||||
in {
|
||||
enable = true;
|
||||
bindings = [
|
||||
# "Mute" media key
|
||||
{ keys = [ 113 ]; events = [ "key" ]; command = "${alsa-utils}/bin/amixer -q set Master toggle"; }
|
||||
{
|
||||
services.actkbd = let
|
||||
volumeStep = "1%";
|
||||
in {
|
||||
enable = true;
|
||||
bindings = [
|
||||
# "Mute" media key
|
||||
{ keys = [ 113 ]; events = [ "key" ]; command = "${alsa-utils}/bin/amixer -q set Master toggle"; }
|
||||
|
||||
# "Lower Volume" media key
|
||||
{ keys = [ 114 ]; events = [ "key" "rep" ]; command = "${alsa-utils}/bin/amixer -q set Master ${volumeStep}- unmute"; }
|
||||
# "Lower Volume" media key
|
||||
{ keys = [ 114 ]; events = [ "key" "rep" ]; command = "${alsa-utils}/bin/amixer -q set Master ${volumeStep}- unmute"; }
|
||||
|
||||
# "Raise Volume" media key
|
||||
{ keys = [ 115 ]; events = [ "key" "rep" ]; command = "${alsa-utils}/bin/amixer -q set Master ${volumeStep}+ unmute"; }
|
||||
# "Raise Volume" media key
|
||||
{ keys = [ 115 ]; events = [ "key" "rep" ]; command = "${alsa-utils}/bin/amixer -q set Master ${volumeStep}+ unmute"; }
|
||||
|
||||
# "Mic Mute" media key
|
||||
{ keys = [ 190 ]; events = [ "key" ]; command = "${alsa-utils}/bin/amixer -q set Capture toggle"; }
|
||||
];
|
||||
};
|
||||
# "Mic Mute" media key
|
||||
{ keys = [ 190 ]; events = [ "key" ]; command = "${alsa-utils}/bin/amixer -q set Capture toggle"; }
|
||||
];
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
### `hardware.deviceTree.overlays` compatible string matching {#sec-release-24.11-migration-dto-compatible}
|
||||
|
@ -355,10 +355,12 @@ Alongside many enhancements to NixOS modules and general system improvements, th
|
||||
- To avoid delaying user logins unnecessarily the `multi-user.target` is no longer ordered after `network-online.target`.
|
||||
System services requiring a connection to start correctly must explicitly state so, i.e.
|
||||
```nix
|
||||
systemd.services.<name> = {
|
||||
wants = [ "network-online.target" ];
|
||||
after = [ "network-online.target" ];
|
||||
};
|
||||
{
|
||||
systemd.services."<name>" = {
|
||||
wants = [ "network-online.target" ];
|
||||
after = [ "network-online.target" ];
|
||||
};
|
||||
}
|
||||
```
|
||||
This changed follows a deprecation period of one year started in NixOS 24.05 (see [PR #283818](https://github.com/NixOS/nixpkgs/pull/283818)).
|
||||
|
||||
@ -457,15 +459,17 @@ Alongside many enhancements to NixOS modules and general system improvements, th
|
||||
Example:
|
||||
|
||||
```nix
|
||||
services.mysql = {
|
||||
enable = true;
|
||||
galeraCluster = {
|
||||
{
|
||||
services.mysql = {
|
||||
enable = true;
|
||||
localName = "Node 1";
|
||||
localAddress = "galera_01";
|
||||
nodeAddresses = [ "galera_01" "galera_02" "galera_03"];
|
||||
galeraCluster = {
|
||||
enable = true;
|
||||
localName = "Node 1";
|
||||
localAddress = "galera_01";
|
||||
nodeAddresses = [ "galera_01" "galera_02" "galera_03"];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
- systemd's {manpage}`systemd-ssh-generator(8)` now works out of the box on NixOS.
|
||||
|
@ -94,13 +94,13 @@ database migrations.
|
||||
`ensureUsers` is run in `postgresql-setup`, so this is where `postStart` must be added to:
|
||||
|
||||
```nix
|
||||
{
|
||||
systemd.services.postgresql-setup.postStart = ''
|
||||
psql service1 -c 'GRANT SELECT ON ALL TABLES IN SCHEMA public TO "extraUser1"'
|
||||
psql service1 -c 'GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO "extraUser1"'
|
||||
# ....
|
||||
'';
|
||||
}
|
||||
{
|
||||
systemd.services.postgresql-setup.postStart = ''
|
||||
psql service1 -c 'GRANT SELECT ON ALL TABLES IN SCHEMA public TO "extraUser1"'
|
||||
psql service1 -c 'GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO "extraUser1"'
|
||||
# ....
|
||||
'';
|
||||
}
|
||||
```
|
||||
|
||||
#### in intermediate oneshot service {#module-services-postgres-initializing-extra-permissions-superuser-oneshot}
|
||||
@ -114,22 +114,22 @@ They differ in two aspects:
|
||||
Both can lead to unexpected errors either during initial database creation or restore, when using `postgresql.service`.
|
||||
|
||||
```nix
|
||||
{
|
||||
systemd.services."migrate-service1-db1" = {
|
||||
serviceConfig.Type = "oneshot";
|
||||
requiredBy = "service1.service";
|
||||
before = "service1.service";
|
||||
after = "postgresql.target";
|
||||
serviceConfig.User = "postgres";
|
||||
environment.PGPORT = toString services.postgresql.settings.port;
|
||||
path = [ postgresql ];
|
||||
script = ''
|
||||
psql service1 -c 'GRANT SELECT ON ALL TABLES IN SCHEMA public TO "extraUser1"'
|
||||
psql service1 -c 'GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO "extraUser1"'
|
||||
# ....
|
||||
'';
|
||||
};
|
||||
}
|
||||
{
|
||||
systemd.services."migrate-service1-db1" = {
|
||||
serviceConfig.Type = "oneshot";
|
||||
requiredBy = "service1.service";
|
||||
before = "service1.service";
|
||||
after = "postgresql.target";
|
||||
serviceConfig.User = "postgres";
|
||||
environment.PGPORT = toString services.postgresql.settings.port;
|
||||
path = [ postgresql ];
|
||||
script = ''
|
||||
psql service1 -c 'GRANT SELECT ON ALL TABLES IN SCHEMA public TO "extraUser1"'
|
||||
psql service1 -c 'GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO "extraUser1"'
|
||||
# ....
|
||||
'';
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
## Authentication {#module-services-postgres-authentication}
|
||||
@ -147,13 +147,15 @@ Assume that your app creates a role `admin` and you want the `root` user to be a
|
||||
You can then use [](#opt-services.postgresql.identMap) to define the map and [](#opt-services.postgresql.authentication) to enable it:
|
||||
|
||||
```nix
|
||||
services.postgresql = {
|
||||
identMap = ''
|
||||
admin root admin
|
||||
'';
|
||||
authentication = ''
|
||||
local all admin peer map=admin
|
||||
'';
|
||||
{
|
||||
services.postgresql = {
|
||||
identMap = ''
|
||||
admin root admin
|
||||
'';
|
||||
authentication = ''
|
||||
local all admin peer map=admin
|
||||
'';
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
|
@ -21,7 +21,9 @@ configure this in the module, but you can e.g. use systemd to give the unit
|
||||
access to the command at runtime.
|
||||
|
||||
```nix
|
||||
systemd.services.paisa.path = [ pkgs.hledger ];
|
||||
{
|
||||
systemd.services.paisa.path = [ pkgs.hledger ];
|
||||
}
|
||||
```
|
||||
|
||||
::: {.note}
|
||||
|
@ -16,5 +16,5 @@ Use the following configuration to start a public instance of Glances locally:
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
```
|
||||
|
@ -103,7 +103,7 @@ Additionally you can set an optional timeout value.
|
||||
certificate = ./dns.example.com.crt;
|
||||
key = "/dns.example.com.key";
|
||||
# optional (default = 3000)
|
||||
timeout_ms = 3000
|
||||
timeout_ms = 3000;
|
||||
}
|
||||
];
|
||||
}
|
||||
|
@ -15,11 +15,13 @@ This adds `jotta-cli` to `environment.systemPackages` and starts a user service
|
||||
## Example Configuration {#module-services-jotta-cli-example-configuration}
|
||||
|
||||
```nix
|
||||
services.jotta-cli = {
|
||||
enable = true;
|
||||
options = [ "slow" ];
|
||||
package = pkgs.jotta-cli;
|
||||
};
|
||||
{
|
||||
services.jotta-cli = {
|
||||
enable = true;
|
||||
options = [ "slow" ];
|
||||
package = pkgs.jotta-cli;
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
This uses `jotta-cli` and `jottad` from the `pkgs.jotta-cli` package and starts `jottad` in low memory mode.
|
||||
|
@ -9,34 +9,36 @@ To fully setup Netbird as a self-hosted server, we need both a Coturn server and
|
||||
There are quite a few settings that need to be passed to Netbird for it to function, and a minimal config looks like :
|
||||
|
||||
```nix
|
||||
services.netbird.server = {
|
||||
enable = true;
|
||||
|
||||
domain = "netbird.example.selfhosted";
|
||||
|
||||
enableNginx = true;
|
||||
|
||||
coturn = {
|
||||
{
|
||||
services.netbird.server = {
|
||||
enable = true;
|
||||
|
||||
passwordFile = "/path/to/a/secret/password";
|
||||
};
|
||||
domain = "netbird.example.selfhosted";
|
||||
|
||||
management = {
|
||||
oidcConfigEndpoint = "https://sso.example.selfhosted/oauth2/openid/netbird/.well-known/openid-configuration";
|
||||
enableNginx = true;
|
||||
|
||||
settings = {
|
||||
TURNConfig = {
|
||||
Turns = [
|
||||
{
|
||||
Proto = "udp";
|
||||
URI = "turn:netbird.example.selfhosted:3478";
|
||||
Username = "netbird";
|
||||
Password._secret = "/path/to/a/secret/password";
|
||||
}
|
||||
];
|
||||
coturn = {
|
||||
enable = true;
|
||||
|
||||
passwordFile = "/path/to/a/secret/password";
|
||||
};
|
||||
|
||||
management = {
|
||||
oidcConfigEndpoint = "https://sso.example.selfhosted/oauth2/openid/netbird/.well-known/openid-configuration";
|
||||
|
||||
settings = {
|
||||
TURNConfig = {
|
||||
Turns = [
|
||||
{
|
||||
Proto = "udp";
|
||||
URI = "turn:netbird.example.selfhosted:3478";
|
||||
Username = "netbird";
|
||||
Password._secret = "/path/to/a/secret/password";
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
```
|
||||
|
@ -99,17 +99,16 @@ to configure additional interfaces with different configuration, use
|
||||
{
|
||||
services.pihole-ftl = {
|
||||
settings.misc.dnsmasq_lines = [
|
||||
# Specify the secondary interface
|
||||
"interface=enp1s0"
|
||||
# A different device is the router on this network, e.g. the one
|
||||
# provided by your ISP
|
||||
"dhcp-option=enp1s0,option:router,192.168.0.1"
|
||||
# Specify the IPv4 ranges to allocate, with a 1-day lease time
|
||||
"dhcp-range=enp1s0,192.168.0.10,192.168.0.253,1d"
|
||||
# Enable IPv6
|
||||
"dhcp-range=::f,::ff,constructor:enp1s0,ra-names,ra-stateless"
|
||||
];
|
||||
};
|
||||
# Specify the secondary interface
|
||||
"interface=enp1s0"
|
||||
# A different device is the router on this network, e.g. the one
|
||||
# provided by your ISP
|
||||
"dhcp-option=enp1s0,option:router,192.168.0.1"
|
||||
# Specify the IPv4 ranges to allocate, with a 1-day lease time
|
||||
"dhcp-range=enp1s0,192.168.0.10,192.168.0.253,1d"
|
||||
# Enable IPv6
|
||||
"dhcp-range=::f,::ff,constructor:enp1s0,ra-names,ra-stateless"
|
||||
];
|
||||
};
|
||||
}
|
||||
```
|
||||
|
@ -24,7 +24,7 @@ To enable a Kerberos server:
|
||||
admin_server = "kerberos.example.com";
|
||||
};
|
||||
};
|
||||
}
|
||||
};
|
||||
|
||||
services.kerberos-server = {
|
||||
enable = true;
|
||||
|
@ -208,7 +208,9 @@ release notes when upgrading.
|
||||
the cache size to zero:
|
||||
|
||||
```nix
|
||||
services.nextcloud.phpOptions."realpath_cache_size" = "0";
|
||||
{
|
||||
services.nextcloud.phpOptions."realpath_cache_size" = "0";
|
||||
}
|
||||
```
|
||||
|
||||
- **Empty Files on chunked uploads**
|
||||
@ -286,9 +288,9 @@ that are managed by Nix:
|
||||
|
||||
```nix
|
||||
{ config, pkgs, ... }: {
|
||||
services.nextcloud.extraApps = with config.services.nextcloud.package.packages.apps; [
|
||||
services.nextcloud.extraApps = with config.services.nextcloud.package.packages.apps; {
|
||||
inherit user_oidc calendar contacts;
|
||||
];
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
|
@ -40,10 +40,10 @@ The prefered method to run this service is behind a reverse proxy not to expose
|
||||
|
||||
server = {
|
||||
port = 8080;
|
||||
...
|
||||
# ...
|
||||
};
|
||||
|
||||
...
|
||||
# ...
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."szurubooru.domain.tld" = {
|
||||
|
@ -6,26 +6,30 @@ containerd. This can be done in a few lines of configuration.
|
||||
## Configure Containerd
|
||||
|
||||
```nix
|
||||
virtualisation.containerd = {
|
||||
enable = true;
|
||||
settings.plugins."io.containerd.grpc.v1.cri".cni = {
|
||||
bin_dir = "/var/lib/rancher/k3s/data/current/bin";
|
||||
conf_dir = "/var/lib/rancher/k3s/agent/etc/cni/net.d";
|
||||
{
|
||||
virtualisation.containerd = {
|
||||
enable = true;
|
||||
settings.plugins."io.containerd.grpc.v1.cri".cni = {
|
||||
bin_dir = "/var/lib/rancher/k3s/data/current/bin";
|
||||
conf_dir = "/var/lib/rancher/k3s/agent/etc/cni/net.d";
|
||||
};
|
||||
# Optionally, configure containerd to use the k3s pause image
|
||||
settings.plugins."io.containerd.grpc.v1.cri" = {
|
||||
sandbox_image = "docker.io/rancher/mirrored-pause:3.6";
|
||||
};
|
||||
};
|
||||
# Optionally, configure containerd to use the k3s pause image
|
||||
settings.plugins."io.containerd.grpc.v1.cri" = {
|
||||
sandbox_image = "docker.io/rancher/mirrored-pause:3.6";
|
||||
};
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
## Configure k3s
|
||||
|
||||
```nix
|
||||
services.k3s = {
|
||||
enable = true;
|
||||
extraFlags = [ "--container-runtime-endpoint unix:///run/containerd/containerd.sock" ];
|
||||
};
|
||||
{
|
||||
services.k3s = {
|
||||
enable = true;
|
||||
extraFlags = [ "--container-runtime-endpoint unix:///run/containerd/containerd.sock" ];
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
## Importing Container Images
|
||||
|
@ -99,9 +99,14 @@ Definitions like the following however, _can_ be transitioned:
|
||||
|
||||
```nix
|
||||
# all-packages.nix
|
||||
fooWithBaz = foo.override {
|
||||
bar = baz;
|
||||
};
|
||||
{
|
||||
fooWithBaz = foo.override {
|
||||
bar = baz;
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
```nix
|
||||
# turned into pkgs/by-name/fo/fooWithBaz/package.nix with:
|
||||
{
|
||||
foo,
|
||||
|
@ -56,6 +56,7 @@ The output should look something like this:
|
||||
Based on this, you can add an attribute to `extensions-manual.nix`:
|
||||
|
||||
```nix
|
||||
{
|
||||
azure-devops = mkAzExtension {
|
||||
pname = "azure-devops";
|
||||
version = "1.0.0";
|
||||
@ -67,6 +68,7 @@ Based on this, you can add an attribute to `extensions-manual.nix`:
|
||||
];
|
||||
meta.maintainers = with lib.maintainers; [ katexochen ];
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
* The attribute name should be the same as `pname`.
|
||||
@ -113,5 +115,7 @@ If extensions are removed upstream, an alias is added to the end of `extensions-
|
||||
this example:
|
||||
|
||||
```nix
|
||||
blockchain = throw "The 'blockchain' extension for azure-cli was deprecated upstream"; # Added 2024-04-26
|
||||
{
|
||||
blockchain = throw "The 'blockchain' extension for azure-cli was deprecated upstream"; # Added 2024-04-26
|
||||
}
|
||||
```
|
||||
|
@ -80,6 +80,7 @@ needs to be. Instead of applying brittle substitutions the version constraint
|
||||
can be ignored on a per requirement basis.
|
||||
|
||||
```nix
|
||||
{
|
||||
dependencies = [
|
||||
pyemvue
|
||||
];
|
||||
@ -88,5 +89,5 @@ can be ignored on a per requirement basis.
|
||||
ignoreVersionRequirement = [
|
||||
"pyemvue"
|
||||
];
|
||||
}
|
||||
```
|
||||
`
|
||||
|
Loading…
x
Reference in New Issue
Block a user