diff options
Diffstat (limited to 'nixpkgs/nixos/doc/manual/configuration')
5 files changed, 17 insertions, 228 deletions
diff --git a/nixpkgs/nixos/doc/manual/configuration/configuration.xml b/nixpkgs/nixos/doc/manual/configuration/configuration.xml index 5961209bc13..507d28814ea 100644 --- a/nixpkgs/nixos/doc/manual/configuration/configuration.xml +++ b/nixpkgs/nixos/doc/manual/configuration/configuration.xml @@ -21,7 +21,6 @@ <xi:include href="xfce.xml" /> <xi:include href="networking.xml" /> <xi:include href="linux-kernel.xml" /> - <xi:include href="matrix.xml" /> <xi:include href="../generated/modules.xml" xpointer="xpointer(//section[@id='modules']/*)" /> <xi:include href="profiles.xml" /> <xi:include href="kubernetes.xml" /> diff --git a/nixpkgs/nixos/doc/manual/configuration/matrix.xml b/nixpkgs/nixos/doc/manual/configuration/matrix.xml deleted file mode 100644 index ef8d5cbda88..00000000000 --- a/nixpkgs/nixos/doc/manual/configuration/matrix.xml +++ /dev/null @@ -1,203 +0,0 @@ -<chapter xmlns="http://docbook.org/ns/docbook" - xmlns:xlink="http://www.w3.org/1999/xlink" - xmlns:xi="http://www.w3.org/2001/XInclude" - version="5.0" - xml:id="module-services-matrix"> - <title>Matrix</title> - <para> - <link xlink:href="https://matrix.org/">Matrix</link> is an open standard for - interoperable, decentralised, real-time communication over IP. It can be used - to power Instant Messaging, VoIP/WebRTC signalling, Internet of Things - communication - or anywhere you need a standard HTTP API for publishing and - subscribing to data whilst tracking the conversation history. - </para> - <para> - This chapter will show you how to set up your own, self-hosted Matrix - homeserver using the Synapse reference homeserver, and how to serve your own - copy of the Riot web client. See the - <link xlink:href="https://matrix.org/docs/projects/try-matrix-now.html">Try - Matrix Now!</link> overview page for links to Riot Apps for Android and iOS, - desktop clients, as well as bridges to other networks and other projects - around Matrix. - </para> - <section xml:id="module-services-matrix-synapse"> - <title>Synapse Homeserver</title> - - <para> - <link xlink:href="https://github.com/matrix-org/synapse">Synapse</link> is - the reference homeserver implementation of Matrix from the core development - team at matrix.org. The following configuration example will set up a - synapse server for the <literal>example.org</literal> domain, served from - the host <literal>myhostname.example.org</literal>. For more information, - please refer to the - <link xlink:href="https://github.com/matrix-org/synapse#synapse-installation"> - installation instructions of Synapse </link>. -<programlisting> -let - fqdn = - let - join = hostName: domain: hostName + optionalString (domain != null) ".${domain}"; - in join config.networking.hostName config.networking.domain; -in { - networking = { - hostName = "myhostname"; - domain = "example.org"; - }; - networking.firewall.allowedTCPPorts = [ 80 443 ]; - - services.nginx = { - enable = true; - # only recommendedProxySettings and recommendedGzipSettings are strictly required, - # but the rest make sense as well - recommendedTlsSettings = true; - recommendedOptimisation = true; - recommendedGzipSettings = true; - recommendedProxySettings = true; - - virtualHosts = { - # This host section can be placed on a different host than the rest, - # i.e. to delegate from the host being accessible as ${config.networking.domain} - # to another host actually running the Matrix homeserver. - "${config.networking.domain}" = { - locations."= /.well-known/matrix/server".extraConfig = - let - # use 443 instead of the default 8448 port to unite - # the client-server and server-server port for simplicity - server = { "m.server" = "${fqdn}:443"; }; - in '' - add_header Content-Type application/json; - return 200 '${builtins.toJSON server}'; - ''; - locations."= /.well-known/matrix/client".extraConfig = - let - client = { - "m.homeserver" = { "base_url" = "https://${fqdn}"; }; - "m.identity_server" = { "base_url" = "https://vector.im"; }; - }; - # ACAO required to allow riot-web on any URL to request this json file - in '' - add_header Content-Type application/json; - add_header Access-Control-Allow-Origin *; - return 200 '${builtins.toJSON client}'; - ''; - }; - - # Reverse proxy for Matrix client-server and server-server communication - ${fqdn} = { - enableACME = true; - forceSSL = true; - - # Or do a redirect instead of the 404, or whatever is appropriate for you. - # But do not put a Matrix Web client here! See the Riot Web section below. - locations."/".extraConfig = '' - return 404; - ''; - - # forward all Matrix API calls to the synapse Matrix homeserver - locations."/_matrix" = { - proxyPass = "http://[::1]:8008"; # without a trailing / - }; - }; - }; - }; - services.matrix-synapse = { - enable = true; - server_name = config.networking.domain; - listeners = [ - { - port = 8008; - bind_address = "::1"; - type = "http"; - tls = false; - x_forwarded = true; - resources = [ - { names = [ "client" "federation" ]; compress = false; } - ]; - } - ]; - }; -}; -</programlisting> - </para> - - <para> - If the <code>A</code> and <code>AAAA</code> DNS records on - <literal>example.org</literal> do not point on the same host as the records - for <code>myhostname.example.org</code>, you can easily move the - <code>/.well-known</code> virtualHost section of the code to the host that - is serving <literal>example.org</literal>, while the rest stays on - <literal>myhostname.example.org</literal> with no other changes required. - This pattern also allows to seamlessly move the homeserver from - <literal>myhostname.example.org</literal> to - <literal>myotherhost.example.org</literal> by only changing the - <code>/.well-known</code> redirection target. - </para> - - <para> - If you want to run a server with public registration by anybody, you can - then enable <option>services.matrix-synapse.enable_registration = - true;</option>. Otherwise, or you can generate a registration secret with - <command>pwgen -s 64 1</command> and set it with - <option>services.matrix-synapse.registration_shared_secret</option>. To - create a new user or admin, run the following after you have set the secret - and have rebuilt NixOS: -<screen> -<prompt>$ </prompt>nix run nixpkgs.matrix-synapse -<prompt>$ </prompt>register_new_matrix_user -k <replaceable>your-registration-shared-secret</replaceable> http://localhost:8008 -<prompt>New user localpart: </prompt><replaceable>your-username</replaceable> -<prompt>Password:</prompt> -<prompt>Confirm password:</prompt> -<prompt>Make admin [no]:</prompt> -Success! -</screen> - In the example, this would create a user with the Matrix Identifier - <literal>@your-username:example.org</literal>. Note that the registration - secret ends up in the nix store and therefore is world-readable by any user - on your machine, so it makes sense to only temporarily activate the - <option>registration_shared_secret</option> option until a better solution - for NixOS is in place. - </para> - </section> - <section xml:id="module-services-matrix-riot-web"> - <title>Riot Web Client</title> - - <para> - <link xlink:href="https://github.com/vector-im/riot-web/">Riot Web</link> is - the reference web client for Matrix and developed by the core team at - matrix.org. The following snippet can be optionally added to the code before - to complete the synapse installation with a web client served at - <code>https://riot.myhostname.example.org</code> and - <code>https://riot.example.org</code>. Alternatively, you can use the hosted - copy at <link xlink:href="https://riot.im/app">https://riot.im/app</link>, - or use other web clients or native client applications. Due to the - <literal>/.well-known</literal> urls set up done above, many clients should - fill in the required connection details automatically when you enter your - Matrix Identifier. See - <link xlink:href="https://matrix.org/docs/projects/try-matrix-now.html">Try - Matrix Now!</link> for a list of existing clients and their supported - featureset. -<programlisting> -services.nginx.virtualHosts."riot.${fqdn}" = { - enableACME = true; - forceSSL = true; - serverAliases = [ - "riot.${config.networking.domain}" - ]; - - root = pkgs.riot-web; -}; -</programlisting> - </para> - - <para> - Note that the Riot developers do not recommend running Riot and your Matrix - homeserver on the same fully-qualified domain name for security reasons. In - the example, this means that you should not reuse the - <literal>myhostname.example.org</literal> virtualHost to also serve Riot, - but instead serve it on a different subdomain, like - <literal>riot.example.org</literal> in the example. See the - <link xlink:href="https://github.com/vector-im/riot-web#important-security-note">Riot - Important Security Notes</link> for more information on this subject. - </para> - </section> -</chapter> diff --git a/nixpkgs/nixos/doc/manual/configuration/modularity.xml b/nixpkgs/nixos/doc/manual/configuration/modularity.xml index 7ad0ae80a48..532a2c615e4 100644 --- a/nixpkgs/nixos/doc/manual/configuration/modularity.xml +++ b/nixpkgs/nixos/doc/manual/configuration/modularity.xml @@ -36,6 +36,7 @@ { <xref linkend="opt-services.xserver.enable"/> = true; <xref linkend="opt-services.xserver.displayManager.sddm.enable"/> = true; <xref linkend="opt-services.xserver.desktopManager.plasma5.enable"/> = true; + <xref linkend="opt-environment.systemPackages"/> = [ pkgs.vim ]; } </programlisting> Note that both <filename>configuration.nix</filename> and diff --git a/nixpkgs/nixos/doc/manual/configuration/network-manager.xml b/nixpkgs/nixos/doc/manual/configuration/network-manager.xml index d103ee24978..3953e0ffe85 100644 --- a/nixpkgs/nixos/doc/manual/configuration/network-manager.xml +++ b/nixpkgs/nixos/doc/manual/configuration/network-manager.xml @@ -28,17 +28,21 @@ <command>nmtui</command> (curses-based terminal user interface). See their manual pages for details on their usage. Some desktop environments (GNOME, KDE) have their own configuration tools for NetworkManager. On XFCE, there is - no configuration tool for NetworkManager by default: by adding - <code>networkmanagerapplet</code> to the list of system packages, the - graphical applet will be installed and will launch automatically when XFCE is - starting (and will show in the status tray). + no configuration tool for NetworkManager by default: by enabling <xref linkend="opt-programs.nm-applet.enable"/>, the + graphical applet will be installed and will launch automatically when the graphical session is started. </para> <note> <para> <code>networking.networkmanager</code> and <code>networking.wireless</code> - (WPA Supplicant) cannot be enabled at the same time: you can still connect - to the wireless networks using NetworkManager. + (WPA Supplicant) can be used together if desired. To do this you need to instruct + NetworkManager to ignore those interfaces like: +<programlisting> +<xref linkend="opt-networking.networkmanager.unmanaged"/> = [ + "*" "except:type:wwan" "except:type:gsm" +]; +</programlisting> + Refer to the option description for the exact syntax and references to external documentation. </para> </note> </section> diff --git a/nixpkgs/nixos/doc/manual/configuration/xfce.xml b/nixpkgs/nixos/doc/manual/configuration/xfce.xml index 7d2862f8b31..ebf1f493c5c 100644 --- a/nixpkgs/nixos/doc/manual/configuration/xfce.xml +++ b/nixpkgs/nixos/doc/manual/configuration/xfce.xml @@ -9,7 +9,6 @@ <programlisting> <xref linkend="opt-services.xserver.desktopManager.xfce.enable" /> = true; <xref linkend="opt-services.xserver.displayManager.defaultSession" /> = "xfce"; -}; </programlisting> </para> <para> @@ -28,25 +27,14 @@ <para> Some Xfce programs are not installed automatically. To install them manually (system wide), put them into your - <xref linkend="opt-environment.systemPackages"/>. + <xref linkend="opt-environment.systemPackages"/> from <literal>pkgs.xfce</literal>. </para> - <simplesect xml:id="sec-xfce-thunar-volumes"> - <title>Thunar Volume Support</title> - <para> - To enable <emphasis>Thunar</emphasis> volume support, put -<programlisting> -<xref linkend="opt-services.xserver.desktopManager.xfce.enable"/> = true; -</programlisting> - into your <emphasis>configuration.nix</emphasis>. - </para> - </simplesect> - <simplesect xml:id="sec-xfce-polkit"> - <title>Polkit Authentication Agent</title> + <simplesect xml:id="sec-xfce-thunar-plugins"> + <title>Thunar Plugins</title> <para> - There is no authentication agent automatically installed alongside Xfce. To - allow mounting of local (non-removable) filesystems, you will need to - install one. Installing <emphasis>polkit_gnome</emphasis>, a rebuild, logout - and login did the trick. + If you'd like to add extra plugins to Thunar, add them to + <xref linkend="opt-services.xserver.desktopManager.xfce.thunarPlugins"/>. + You shouldn't just add them to <xref linkend="opt-environment.systemPackages"/>. </para> </simplesect> <simplesect xml:id="sec-xfce-troubleshooting"> |