treewide: fix syntax errors in nix code blocks

Fixes all code blocks with "nix" language in markdown files for syntax
errors to be able to run nixfmt in the next step.
This commit is contained in:
Wolfgang Walther 2025-07-22 22:04:23 +02:00
parent 52ee822768
commit 6c47e7d5da
No known key found for this signature in database
GPG Key ID: B39893FA5F65CAE1
23 changed files with 282 additions and 232 deletions

View File

@ -126,17 +126,19 @@ in turn will not make the service / timer start on login.
You can define services by adding them to `systemd.services`:
```nix
systemd.services.myservice = {
after = [ "network-online.target" ];
requires = [ "network-online.target" ];
{
systemd.services.myservice = {
after = [ "network-online.target" ];
requires = [ "network-online.target" ];
before = [ "multi-user.target" ];
wantedBy = [ "multi-user.target" ];
before = [ "multi-user.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "...";
serviceConfig = {
ExecStart = "...";
};
};
};
}
```
If you want to specify a multi-line script for `ExecStart`,

View File

@ -111,7 +111,7 @@ If there are shared libraries missing add them with
extraPkgs = pkgs: [
# missing libraries here, e.g.: `pkgs.libepoxy`
];
}
};
}
```

View File

@ -33,7 +33,7 @@ To enable Mattermost using Postgres, use a config like this:
# For example, to disable auto-installation of prepackaged plugins.
settings.PluginSettings.AutomaticPrepackagedPlugins = false;
}
};
}
```

View File

@ -137,7 +137,9 @@ the Perl script. It aims to eventually replace the Perl script by default.
You can enable Userborn via:
```nix
services.userborn.enable = true;
{
services.userborn.enable = true;
}
```
You can configure Userborn to store the password files
@ -145,7 +147,9 @@ You can configure Userborn to store the password files
location to `/etc`:
```nix
services.userborn.passwordFilesLocation = "/persistent/etc";
{
services.userborn.passwordFilesLocation = "/persistent/etc";
}
```
This is useful when you store `/etc` on a `tmpfs` or if `/etc` is immutable

View File

@ -22,25 +22,27 @@ You can run `vwifi-ctrl` on this node to control characteristics of the simulate
physical layer.
```nix
airgap =
{ config, ... }:
{
networking.interfaces.eth1.ipv4.addresses = lib.mkForce [
{
address = "192.168.1.2";
prefixLength = 24;
}
];
services.vwifi = {
server = {
enable = true;
ports.tcp = 8212;
# uncomment if you want to enable monitor mode on another node
# ports.spy = 8213;
openFirewall = true;
{
airgap =
{ config, ... }:
{
networking.interfaces.eth1.ipv4.addresses = lib.mkForce [
{
address = "192.168.1.2";
prefixLength = 24;
}
];
services.vwifi = {
server = {
enable = true;
ports.tcp = 8212;
# uncomment if you want to enable monitor mode on another node
# ports.spy = 8213;
openFirewall = true;
};
};
};
};
}
```
### AP {#sec-nixos-test-wifi-ap}
@ -48,40 +50,42 @@ airgap =
A node like this will act as a wireless access point in infrastructure mode.
```nix
ap =
{ config, ... }:
{
networking.interfaces.eth1.ipv4.addresses = lib.mkForce [
{
address = "192.168.1.3";
prefixLength = 24;
}
];
services.hostapd = {
enable = true;
radios.wlan0 = {
channel = 1;
networks.wlan0 = {
ssid = "NixOS Test Wi-Fi Network";
authentication = {
mode = "wpa3-sae";
saePasswords = [ { password = "supersecret"; } ];
enableRecommendedPairwiseCiphers = true;
{
ap =
{ config, ... }:
{
networking.interfaces.eth1.ipv4.addresses = lib.mkForce [
{
address = "192.168.1.3";
prefixLength = 24;
}
];
services.hostapd = {
enable = true;
radios.wlan0 = {
channel = 1;
networks.wlan0 = {
ssid = "NixOS Test Wi-Fi Network";
authentication = {
mode = "wpa3-sae";
saePasswords = [ { password = "supersecret"; } ];
enableRecommendedPairwiseCiphers = true;
};
};
};
};
};
services.vwifi = {
module = {
enable = true;
macPrefix = "74:F8:F6:00:01";
};
client = {
enable = true;
serverAddress = "192.168.1.2";
services.vwifi = {
module = {
enable = true;
macPrefix = "74:F8:F6:00:01";
};
client = {
enable = true;
serverAddress = "192.168.1.2";
};
};
};
};
}
```
### Station {#sec-nixos-test-wifi-station}
@ -89,37 +93,39 @@ ap =
A node like this acts as a wireless client.
```nix
station =
{ config, ... }:
{
networking.interfaces.eth1.ipv4.addresses = lib.mkForce [
{
address = "192.168.1.3";
prefixLength = 24;
}
];
networking.wireless = {
# No, really, we want it enabled!
enable = lib.mkOverride 0 true;
interfaces = [ "wlan0" ];
networks = {
"NixOS Test Wi-Fi Network" = {
psk = "supersecret";
authProtocols = [ "SAE" ];
{
station =
{ config, ... }:
{
networking.interfaces.eth1.ipv4.addresses = lib.mkForce [
{
address = "192.168.1.3";
prefixLength = 24;
}
];
networking.wireless = {
# No, really, we want it enabled!
enable = lib.mkOverride 0 true;
interfaces = [ "wlan0" ];
networks = {
"NixOS Test Wi-Fi Network" = {
psk = "supersecret";
authProtocols = [ "SAE" ];
};
};
};
services.vwifi = {
module = {
enable = true;
macPrefix = "74:F8:F6:00:02";
};
client = {
enable = true;
serverAddress = "192.168.1.2";
};
};
};
services.vwifi = {
module = {
enable = true;
macPrefix = "74:F8:F6:00:02";
};
client = {
enable = true;
serverAddress = "192.168.1.2";
};
};
};
}
```
### Monitor {#sec-nixos-test-wifi-monitor}
@ -128,25 +134,28 @@ When the monitor mode interface is enabled, this node will receive
all packets broadcast by all other nodes through the spy interface.
```nix
monitor =
{ config, ... }:
{
networking.interfaces.eth1.ipv4.addresses = lib.mkForce [
{
address = "192.168.1.4";
prefixLength = 24;
}
];
{
monitor =
{ config, ... }:
{
networking.interfaces.eth1.ipv4.addresses = lib.mkForce [
{
address = "192.168.1.4";
prefixLength = 24;
}
];
services.vwifi = {
module = {
enable = true;
macPrefix = "74:F8:F6:00:03";
};
client = {
enable = true;
spy = true;
serverAddress = "192.168.1.2";
services.vwifi = {
module = {
enable = true;
macPrefix = "74:F8:F6:00:03";
};
client = {
enable = true;
spy = true;
serverAddress = "192.168.1.2";
};
};
};
}
```

View File

@ -25,7 +25,9 @@ The `image.modules` option can be used to set specific options per image variant
E.g. images for the cloud provider Linode use `grub2` as a bootloader by default. If you are using `systemd-boot` on other platforms and want to disable it for Linode only, you could use the following options:
``` nix
{
image.modules.linode = {
boot.loader.systemd-boot.enable = lib.mkForce false;
};
}
```

View File

@ -243,9 +243,11 @@ The pre-existing `services.ankisyncd` has been marked deprecated and will be dro
- `azure-cli` now has extension support. For example, to install the `aks-preview` extension, use
```nix
environment.systemPackages = [
(azure-cli.withExtensions [ azure-cli.extensions.aks-preview ])
];
{
environment.systemPackages = [
(azure-cli.withExtensions [ azure-cli.extensions.aks-preview ])
];
}
```
To make the `azure-cli` immutable and prevent clashes in case `azure-cli` is also installed via other package managers, some configuration files were moved into the derivation.
This can be disabled by overriding `withImmutableConfig = false` when building `azure-cli`.

View File

@ -615,8 +615,10 @@
Then, follow the instructions on the [upstream release notes](https://github.com/majewsky/portunus/releases/tag/v2.0.0) to upgrade all existing user accounts to strong password hashes.
If you need to upgrade to 24.11 without having completed the migration, consider the security implications of weak password hashes on your user accounts, and add the following to your configuration:
```nix
services.portunus.package = pkgs.portunus.override { libxcrypt = pkgs.libxcrypt-legacy; };
services.portunus.ldap.package = pkgs.openldap.override { libxcrypt = pkgs.libxcrypt-legacy; };
{
services.portunus.package = pkgs.portunus.override { libxcrypt = pkgs.libxcrypt-legacy; };
services.portunus.ldap.package = pkgs.openldap.override { libxcrypt = pkgs.libxcrypt-legacy; };
}
```
- The default value of `services.kubernetes.kubelet.hostname` is now lowercased.
@ -956,24 +958,26 @@ If you set `sound.mediaKeys` in your configuration:
- If you want to maintain the exact behavior of the option, use the following snippet
```nix
services.actkbd = let
volumeStep = "1%";
in {
enable = true;
bindings = [
# "Mute" media key
{ keys = [ 113 ]; events = [ "key" ]; command = "${alsa-utils}/bin/amixer -q set Master toggle"; }
{
services.actkbd = let
volumeStep = "1%";
in {
enable = true;
bindings = [
# "Mute" media key
{ keys = [ 113 ]; events = [ "key" ]; command = "${alsa-utils}/bin/amixer -q set Master toggle"; }
# "Lower Volume" media key
{ keys = [ 114 ]; events = [ "key" "rep" ]; command = "${alsa-utils}/bin/amixer -q set Master ${volumeStep}- unmute"; }
# "Lower Volume" media key
{ keys = [ 114 ]; events = [ "key" "rep" ]; command = "${alsa-utils}/bin/amixer -q set Master ${volumeStep}- unmute"; }
# "Raise Volume" media key
{ keys = [ 115 ]; events = [ "key" "rep" ]; command = "${alsa-utils}/bin/amixer -q set Master ${volumeStep}+ unmute"; }
# "Raise Volume" media key
{ keys = [ 115 ]; events = [ "key" "rep" ]; command = "${alsa-utils}/bin/amixer -q set Master ${volumeStep}+ unmute"; }
# "Mic Mute" media key
{ keys = [ 190 ]; events = [ "key" ]; command = "${alsa-utils}/bin/amixer -q set Capture toggle"; }
];
};
# "Mic Mute" media key
{ keys = [ 190 ]; events = [ "key" ]; command = "${alsa-utils}/bin/amixer -q set Capture toggle"; }
];
};
}
```
### `hardware.deviceTree.overlays` compatible string matching {#sec-release-24.11-migration-dto-compatible}

View File

@ -355,10 +355,12 @@ Alongside many enhancements to NixOS modules and general system improvements, th
- To avoid delaying user logins unnecessarily the `multi-user.target` is no longer ordered after `network-online.target`.
System services requiring a connection to start correctly must explicitly state so, i.e.
```nix
systemd.services.<name> = {
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
};
{
systemd.services."<name>" = {
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
};
}
```
This changed follows a deprecation period of one year started in NixOS 24.05 (see [PR #283818](https://github.com/NixOS/nixpkgs/pull/283818)).
@ -457,15 +459,17 @@ Alongside many enhancements to NixOS modules and general system improvements, th
Example:
```nix
services.mysql = {
enable = true;
galeraCluster = {
{
services.mysql = {
enable = true;
localName = "Node 1";
localAddress = "galera_01";
nodeAddresses = [ "galera_01" "galera_02" "galera_03"];
galeraCluster = {
enable = true;
localName = "Node 1";
localAddress = "galera_01";
nodeAddresses = [ "galera_01" "galera_02" "galera_03"];
};
};
};
}
```
- systemd's {manpage}`systemd-ssh-generator(8)` now works out of the box on NixOS.

View File

@ -94,13 +94,13 @@ database migrations.
`ensureUsers` is run in `postgresql-setup`, so this is where `postStart` must be added to:
```nix
{
systemd.services.postgresql-setup.postStart = ''
psql service1 -c 'GRANT SELECT ON ALL TABLES IN SCHEMA public TO "extraUser1"'
psql service1 -c 'GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO "extraUser1"'
# ....
'';
}
{
systemd.services.postgresql-setup.postStart = ''
psql service1 -c 'GRANT SELECT ON ALL TABLES IN SCHEMA public TO "extraUser1"'
psql service1 -c 'GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO "extraUser1"'
# ....
'';
}
```
#### in intermediate oneshot service {#module-services-postgres-initializing-extra-permissions-superuser-oneshot}
@ -114,22 +114,22 @@ They differ in two aspects:
Both can lead to unexpected errors either during initial database creation or restore, when using `postgresql.service`.
```nix
{
systemd.services."migrate-service1-db1" = {
serviceConfig.Type = "oneshot";
requiredBy = "service1.service";
before = "service1.service";
after = "postgresql.target";
serviceConfig.User = "postgres";
environment.PGPORT = toString services.postgresql.settings.port;
path = [ postgresql ];
script = ''
psql service1 -c 'GRANT SELECT ON ALL TABLES IN SCHEMA public TO "extraUser1"'
psql service1 -c 'GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO "extraUser1"'
# ....
'';
};
}
{
systemd.services."migrate-service1-db1" = {
serviceConfig.Type = "oneshot";
requiredBy = "service1.service";
before = "service1.service";
after = "postgresql.target";
serviceConfig.User = "postgres";
environment.PGPORT = toString services.postgresql.settings.port;
path = [ postgresql ];
script = ''
psql service1 -c 'GRANT SELECT ON ALL TABLES IN SCHEMA public TO "extraUser1"'
psql service1 -c 'GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO "extraUser1"'
# ....
'';
};
}
```
## Authentication {#module-services-postgres-authentication}
@ -147,13 +147,15 @@ Assume that your app creates a role `admin` and you want the `root` user to be a
You can then use [](#opt-services.postgresql.identMap) to define the map and [](#opt-services.postgresql.authentication) to enable it:
```nix
services.postgresql = {
identMap = ''
admin root admin
'';
authentication = ''
local all admin peer map=admin
'';
{
services.postgresql = {
identMap = ''
admin root admin
'';
authentication = ''
local all admin peer map=admin
'';
};
}
```

View File

@ -21,7 +21,9 @@ configure this in the module, but you can e.g. use systemd to give the unit
access to the command at runtime.
```nix
systemd.services.paisa.path = [ pkgs.hledger ];
{
systemd.services.paisa.path = [ pkgs.hledger ];
}
```
::: {.note}

View File

@ -16,5 +16,5 @@ Use the following configuration to start a public instance of Glances locally:
enable = true;
openFirewall = true;
};
};
}
```

View File

@ -103,7 +103,7 @@ Additionally you can set an optional timeout value.
certificate = ./dns.example.com.crt;
key = "/dns.example.com.key";
# optional (default = 3000)
timeout_ms = 3000
timeout_ms = 3000;
}
];
}

View File

@ -15,11 +15,13 @@ This adds `jotta-cli` to `environment.systemPackages` and starts a user service
## Example Configuration {#module-services-jotta-cli-example-configuration}
```nix
services.jotta-cli = {
enable = true;
options = [ "slow" ];
package = pkgs.jotta-cli;
};
{
services.jotta-cli = {
enable = true;
options = [ "slow" ];
package = pkgs.jotta-cli;
};
}
```
This uses `jotta-cli` and `jottad` from the `pkgs.jotta-cli` package and starts `jottad` in low memory mode.

View File

@ -9,34 +9,36 @@ To fully setup Netbird as a self-hosted server, we need both a Coturn server and
There are quite a few settings that need to be passed to Netbird for it to function, and a minimal config looks like :
```nix
services.netbird.server = {
enable = true;
domain = "netbird.example.selfhosted";
enableNginx = true;
coturn = {
{
services.netbird.server = {
enable = true;
passwordFile = "/path/to/a/secret/password";
};
domain = "netbird.example.selfhosted";
management = {
oidcConfigEndpoint = "https://sso.example.selfhosted/oauth2/openid/netbird/.well-known/openid-configuration";
enableNginx = true;
settings = {
TURNConfig = {
Turns = [
{
Proto = "udp";
URI = "turn:netbird.example.selfhosted:3478";
Username = "netbird";
Password._secret = "/path/to/a/secret/password";
}
];
coturn = {
enable = true;
passwordFile = "/path/to/a/secret/password";
};
management = {
oidcConfigEndpoint = "https://sso.example.selfhosted/oauth2/openid/netbird/.well-known/openid-configuration";
settings = {
TURNConfig = {
Turns = [
{
Proto = "udp";
URI = "turn:netbird.example.selfhosted:3478";
Username = "netbird";
Password._secret = "/path/to/a/secret/password";
}
];
};
};
};
};
};
}
```

View File

@ -99,17 +99,16 @@ to configure additional interfaces with different configuration, use
{
services.pihole-ftl = {
settings.misc.dnsmasq_lines = [
# Specify the secondary interface
"interface=enp1s0"
# A different device is the router on this network, e.g. the one
# provided by your ISP
"dhcp-option=enp1s0,option:router,192.168.0.1"
# Specify the IPv4 ranges to allocate, with a 1-day lease time
"dhcp-range=enp1s0,192.168.0.10,192.168.0.253,1d"
# Enable IPv6
"dhcp-range=::f,::ff,constructor:enp1s0,ra-names,ra-stateless"
];
};
# Specify the secondary interface
"interface=enp1s0"
# A different device is the router on this network, e.g. the one
# provided by your ISP
"dhcp-option=enp1s0,option:router,192.168.0.1"
# Specify the IPv4 ranges to allocate, with a 1-day lease time
"dhcp-range=enp1s0,192.168.0.10,192.168.0.253,1d"
# Enable IPv6
"dhcp-range=::f,::ff,constructor:enp1s0,ra-names,ra-stateless"
];
};
}
```

View File

@ -24,7 +24,7 @@ To enable a Kerberos server:
admin_server = "kerberos.example.com";
};
};
}
};
services.kerberos-server = {
enable = true;

View File

@ -208,7 +208,9 @@ release notes when upgrading.
the cache size to zero:
```nix
services.nextcloud.phpOptions."realpath_cache_size" = "0";
{
services.nextcloud.phpOptions."realpath_cache_size" = "0";
}
```
- **Empty Files on chunked uploads**
@ -286,9 +288,9 @@ that are managed by Nix:
```nix
{ config, pkgs, ... }: {
services.nextcloud.extraApps = with config.services.nextcloud.package.packages.apps; [
services.nextcloud.extraApps = with config.services.nextcloud.package.packages.apps; {
inherit user_oidc calendar contacts;
];
};
}
```

View File

@ -40,10 +40,10 @@ The prefered method to run this service is behind a reverse proxy not to expose
server = {
port = 8080;
...
# ...
};
...
# ...
};
services.nginx.virtualHosts."szurubooru.domain.tld" = {

View File

@ -6,26 +6,30 @@ containerd. This can be done in a few lines of configuration.
## Configure Containerd
```nix
virtualisation.containerd = {
enable = true;
settings.plugins."io.containerd.grpc.v1.cri".cni = {
bin_dir = "/var/lib/rancher/k3s/data/current/bin";
conf_dir = "/var/lib/rancher/k3s/agent/etc/cni/net.d";
{
virtualisation.containerd = {
enable = true;
settings.plugins."io.containerd.grpc.v1.cri".cni = {
bin_dir = "/var/lib/rancher/k3s/data/current/bin";
conf_dir = "/var/lib/rancher/k3s/agent/etc/cni/net.d";
};
# Optionally, configure containerd to use the k3s pause image
settings.plugins."io.containerd.grpc.v1.cri" = {
sandbox_image = "docker.io/rancher/mirrored-pause:3.6";
};
};
# Optionally, configure containerd to use the k3s pause image
settings.plugins."io.containerd.grpc.v1.cri" = {
sandbox_image = "docker.io/rancher/mirrored-pause:3.6";
};
};
}
```
## Configure k3s
```nix
services.k3s = {
enable = true;
extraFlags = [ "--container-runtime-endpoint unix:///run/containerd/containerd.sock" ];
};
{
services.k3s = {
enable = true;
extraFlags = [ "--container-runtime-endpoint unix:///run/containerd/containerd.sock" ];
};
}
```
## Importing Container Images

View File

@ -99,9 +99,14 @@ Definitions like the following however, _can_ be transitioned:
```nix
# all-packages.nix
fooWithBaz = foo.override {
bar = baz;
};
{
fooWithBaz = foo.override {
bar = baz;
};
}
```
```nix
# turned into pkgs/by-name/fo/fooWithBaz/package.nix with:
{
foo,

View File

@ -56,6 +56,7 @@ The output should look something like this:
Based on this, you can add an attribute to `extensions-manual.nix`:
```nix
{
azure-devops = mkAzExtension {
pname = "azure-devops";
version = "1.0.0";
@ -67,6 +68,7 @@ Based on this, you can add an attribute to `extensions-manual.nix`:
];
meta.maintainers = with lib.maintainers; [ katexochen ];
};
}
```
* The attribute name should be the same as `pname`.
@ -113,5 +115,7 @@ If extensions are removed upstream, an alias is added to the end of `extensions-
this example:
```nix
blockchain = throw "The 'blockchain' extension for azure-cli was deprecated upstream"; # Added 2024-04-26
{
blockchain = throw "The 'blockchain' extension for azure-cli was deprecated upstream"; # Added 2024-04-26
}
```

View File

@ -80,6 +80,7 @@ needs to be. Instead of applying brittle substitutions the version constraint
can be ignored on a per requirement basis.
```nix
{
dependencies = [
pyemvue
];
@ -88,5 +89,5 @@ can be ignored on a per requirement basis.
ignoreVersionRequirement = [
"pyemvue"
];
}
```
`