diff --git a/lib/generators.nix b/lib/generators.nix
index 376aa4081bf4f4..352644df0431e8 100644
--- a/lib/generators.nix
+++ b/lib/generators.nix
@@ -606,12 +606,12 @@ in rec {
in
# TODO: As discussed in #356502, deprecated functionality should be removed sometime after 25.11.
- lib.warnIf (!escape && lib.oldestSupportedReleaseIsAtLeast 2505) "Using `lib.generators.toPlist` without `escape = true` is deprecated"
- ''
-
-
-${expr "" v}
-'';
+ lib.warnIf (!escape && lib.oldestSupportedReleaseIsAtLeast 2505) "Using `lib.generators.toPlist` without `escape = true` is deprecated" ''
+
+
+
+ ${expr "" v}
+ '';
/**
Translate a simple Nix expression to Dhall notation.
diff --git a/lib/lists.nix b/lib/lists.nix
index ca436d7a9c94b5..4a325bb307afa8 100644
--- a/lib/lists.nix
+++ b/lib/lists.nix
@@ -1748,8 +1748,8 @@ rec {
```
:::
*/
- crossLists = warn
- ''lib.crossLists is deprecated, use lib.mapCartesianProduct instead.
+ crossLists = warn ''
+ lib.crossLists is deprecated, use lib.mapCartesianProduct instead.
For example, the following function call:
diff --git a/lib/meta.nix b/lib/meta.nix
index 798e7e74918cc0..dc279d9cc55fcb 100644
--- a/lib/meta.nix
+++ b/lib/meta.nix
@@ -475,7 +475,7 @@ rec {
"lib.meta.getExe': The first argument is of type ${typeOf x}, but it should be a derivation instead.";
assert assertMsg (isString y)
"lib.meta.getExe': The second argument is of type ${typeOf y}, but it should be a string instead.";
- assert assertMsg (match ".*\/.*" y == null)
+ assert assertMsg (match ".*/.*" y == null)
"lib.meta.getExe': The second argument \"${y}\" is a nested path with a \"/\" character, but it should just be the name of the executable instead.";
"${getBin x}/bin/${y}";
}
diff --git a/lib/options.nix b/lib/options.nix
index 5b22b1b37b86d1..908b089fafad28 100644
--- a/lib/options.nix
+++ b/lib/options.nix
@@ -426,7 +426,7 @@ rec {
# If the part is a named placeholder of the form "<...>" don't escape it.
# It may cause misleading escaping if somebody uses literally "<...>" in their option names.
# This is the trade-off to allow for placeholders in option names.
- isNamedPlaceholder = builtins.match "\<(.*)\>";
+ isNamedPlaceholder = builtins.match "<(.*)>";
escapeOptionPart = part:
if part == "*" || isNamedPlaceholder part != null
then part
diff --git a/lib/tests/modules/strMatching-merge.nix b/lib/tests/modules/strMatching-merge.nix
index 2e043a5f972370..de5c0032c7e6e1 100644
--- a/lib/tests/modules/strMatching-merge.nix
+++ b/lib/tests/modules/strMatching-merge.nix
@@ -3,12 +3,12 @@
imports = [
{
options.sm = lib.mkOption {
- type = lib.types.strMatching "\(.*\)";
+ type = lib.types.strMatching "\\(.*\\)";
};
}
{
options.sm = lib.mkOption {
- type = lib.types.strMatching "\(.*\)";
+ type = lib.types.strMatching "\\(.*\\)";
};
}
];
diff --git a/nixos/modules/hardware/video/nvidia.nix b/nixos/modules/hardware/video/nvidia.nix
index dc1120dda91693..6c2646feedfa7f 100644
--- a/nixos/modules/hardware/video/nvidia.nix
+++ b/nixos/modules/hardware/video/nvidia.nix
@@ -17,7 +17,7 @@ let
offloadCfg = pCfg.offload;
reverseSyncCfg = pCfg.reverseSync;
primeEnabled = syncCfg.enable || reverseSyncCfg.enable || offloadCfg.enable;
- busIDType = lib.types.strMatching "([[:print:]]+[\:\@][0-9]{1,3}\:[0-9]{1,2}\:[0-9])?";
+ busIDType = lib.types.strMatching "([[:print:]]+[:@][0-9]{1,3}:[0-9]{1,2}:[0-9])?";
ibtSupport = useOpenModules || (nvidia_x11.ibtSupport or false);
settingsFormat = pkgs.formats.keyValue { };
in
diff --git a/nixos/modules/misc/version.nix b/nixos/modules/misc/version.nix
index 6688ab9d1ca918..b1a58be8ef4cca 100644
--- a/nixos/modules/misc/version.nix
+++ b/nixos/modules/misc/version.nix
@@ -24,7 +24,7 @@ let
;
needsEscaping = s: null != builtins.match "[a-zA-Z0-9]+" s;
- escapeIfNecessary = s: if needsEscaping s then s else ''"${lib.escape [ "\$" "\"" "\\" "\`" ] s}"'';
+ escapeIfNecessary = s: if needsEscaping s then s else ''"${lib.escape [ "$" "\"" "\\" "`" ] s}"'';
attrsToText =
attrs:
concatStringsSep "\n" (mapAttrsToList (n: v: ''${n}=${escapeIfNecessary (toString v)}'') attrs)
diff --git a/nixos/modules/services/backup/borgbackup.nix b/nixos/modules/services/backup/borgbackup.nix
index c1594ff2086a20..491aab1d1eb074 100644
--- a/nixos/modules/services/backup/borgbackup.nix
+++ b/nixos/modules/services/backup/borgbackup.nix
@@ -106,7 +106,7 @@ let
path = [
config.services.borgbackup.package pkgs.openssh
];
- script = "exec " + lib.optionalString cfg.inhibitsSleep ''\
+ script = "exec " + lib.optionalString cfg.inhibitsSleep ''
${pkgs.systemd}/bin/systemd-inhibit \
--who="borgbackup" \
--what="sleep" \
@@ -183,7 +183,7 @@ let
mode != "none" -> passCommand != null || passphrase != null;
message =
"passCommand or passphrase has to be specified because"
- + '' borgbackup.jobs.${name}.encryption != "none"'';
+ + " borgbackup.jobs.${name}.encryption != \"none\"";
};
mkRepoService = name: cfg:
diff --git a/nixos/modules/services/cluster/kubernetes/apiserver.nix b/nixos/modules/services/cluster/kubernetes/apiserver.nix
index e05bcb37e819f0..e40893f5aed8d4 100644
--- a/nixos/modules/services/cluster/kubernetes/apiserver.nix
+++ b/nixos/modules/services/cluster/kubernetes/apiserver.nix
@@ -320,7 +320,8 @@ in
after = [ "network.target" ];
serviceConfig = {
Slice = "kubernetes.slice";
- ExecStart = ''${top.package}/bin/kube-apiserver \
+ ExecStart = ''
+ ${top.package}/bin/kube-apiserver \
--allow-privileged=${lib.boolToString cfg.allowPrivileged} \
--authorization-mode=${lib.concatStringsSep "," cfg.authorizationMode} \
${lib.optionalString (lib.elem "ABAC" cfg.authorizationMode)
diff --git a/nixos/modules/services/cluster/kubernetes/proxy.nix b/nixos/modules/services/cluster/kubernetes/proxy.nix
index 2e3fdc87b4396a..7cf2591338d908 100644
--- a/nixos/modules/services/cluster/kubernetes/proxy.nix
+++ b/nixos/modules/services/cluster/kubernetes/proxy.nix
@@ -65,7 +65,8 @@ in
path = with pkgs; [ iptables conntrack-tools ];
serviceConfig = {
Slice = "kubernetes.slice";
- ExecStart = ''${top.package}/bin/kube-proxy \
+ ExecStart = ''
+ ${top.package}/bin/kube-proxy \
--bind-address=${cfg.bindAddress} \
${optionalString (top.clusterCidr!=null)
"--cluster-cidr=${top.clusterCidr}"} \
diff --git a/nixos/modules/services/databases/redis.nix b/nixos/modules/services/databases/redis.nix
index 31532646f8edc5..b542e94bf80d30 100644
--- a/nixos/modules/services/databases/redis.nix
+++ b/nixos/modules/services/databases/redis.nix
@@ -211,7 +211,8 @@ in {
masterAuth = lib.mkOption {
type = with types; nullOr str;
default = null;
- description = ''If the master is password protected (using the requirePass configuration)
+ description = ''
+ If the master is password protected (using the requirePass configuration)
it is possible to tell the slave to authenticate before starting the replication synchronization
process, otherwise the master will refuse the slave request.
(STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)'';
diff --git a/nixos/modules/services/desktops/pipewire/wireplumber.nix b/nixos/modules/services/desktops/pipewire/wireplumber.nix
index cccb892cecf7af..9b07c0eb2ad835 100644
--- a/nixos/modules/services/desktops/pipewire/wireplumber.nix
+++ b/nixos/modules/services/desktops/pipewire/wireplumber.nix
@@ -61,7 +61,8 @@ in
# in sections.
type = attrsOf (attrsOf json.type);
default = { };
- example = literalExpression ''{
+ example = literalExpression ''
+ {
"log-level-debug" = {
"context.properties" = {
# Output Debug log messages as opposed to only the default level (Notice)
@@ -88,7 +89,8 @@ in
}
];
};
- }'';
+ }
+ '';
description = ''
Additional configuration for the WirePlumber daemon when run in
single-instance mode (the default in nixpkgs and currently the only
@@ -166,7 +168,8 @@ in
configPackages = mkOption {
type = listOf package;
default = [ ];
- example = literalExpression ''[
+ example = literalExpression ''
+ [
(pkgs.writeTextDir "share/wireplumber/wireplumber.conf.d/10-bluez.conf" '''
monitor.bluez.properties = {
bluez5.roles = [ a2dp_sink a2dp_source bap_sink bap_source hsp_hs hsp_ag hfp_hf hfp_ag ]
@@ -175,7 +178,8 @@ in
bluez5.hfphsp-backend = "native"
}
''')
- ]'';
+ ]
+ '';
description = ''
List of packages that provide WirePlumber configuration, in the form of
`share/wireplumber/*/*.conf` files.
diff --git a/nixos/modules/services/mail/dovecot.nix b/nixos/modules/services/mail/dovecot.nix
index 4388be30a9350a..c513ee9173dfa9 100644
--- a/nixos/modules/services/mail/dovecot.nix
+++ b/nixos/modules/services/mail/dovecot.nix
@@ -93,7 +93,7 @@ let
# The idea is to match everything that looks like `$term =`
# but not `# $term something something`
# or `# $term = some value` because those are comments.
- configContainsSetting = lines: term: (match "^[^#]*\b${term}\b.*=" lines) != null;
+ configContainsSetting = lines: term: (match "[[:blank:]]*${term}[[:blank:]]*=.*" lines) != null;
warnAboutExtraConfigCollisions = map mkExtraConfigCollisionWarning (
filter (configContainsSetting cfg.extraConfig) automaticallySetPluginSettings
diff --git a/nixos/modules/services/misc/gitlab.nix b/nixos/modules/services/misc/gitlab.nix
index 80bbee5f49ce94..6acc2a6f6987ac 100644
--- a/nixos/modules/services/misc/gitlab.nix
+++ b/nixos/modules/services/misc/gitlab.nix
@@ -1080,12 +1080,13 @@ in {
warnings = [
(mkIf
(cfg.registry.enable && versionAtLeast (getVersion cfg.packages.gitlab) "16.0.0" && cfg.registry.package == pkgs.docker-distribution)
- ''Support for container registries other than gitlab-container-registry has ended since GitLab 16.0.0 and is scheduled for removal in a future release.
+ ''
+ Support for container registries other than gitlab-container-registry has ended since GitLab 16.0.0 and is scheduled for removal in a future release.
Please back up your data and migrate to the gitlab-container-registry package.''
)
(mkIf
- (versionAtLeast (getVersion cfg.packages.gitlab) "16.2.0" && versionOlder (getVersion cfg.packages.gitlab) "16.5.0")
- ''GitLab instances created or updated between versions [15.11.0, 15.11.2] have an incorrect database schema.
+ (versionAtLeast (getVersion cfg.packages.gitlab) "16.2.0" && versionOlder (getVersion cfg.packages.gitlab) "16.5.0") ''
+ GitLab instances created or updated between versions [15.11.0, 15.11.2] have an incorrect database schema.
Check the upstream documentation for a workaround: https://docs.gitlab.com/ee/update/versions/gitlab_16_changes.html#undefined-column-error-upgrading-to-162-or-later''
)
];
diff --git a/nixos/modules/services/misc/snapper.nix b/nixos/modules/services/misc/snapper.nix
index 42f782bcd6e188..16e9b122741c7e 100644
--- a/nixos/modules/services/misc/snapper.nix
+++ b/nixos/modules/services/misc/snapper.nix
@@ -36,7 +36,7 @@ let
};
intOrNumberOrRange = lib.types.either lib.types.ints.unsigned (
- lib.types.strMatching "[[:digit:]]+(\-[[:digit:]]+)?"
+ lib.types.strMatching "[[:digit:]]+(-[[:digit:]]+)?"
// {
description = "string containing either a number or a range";
descriptionClass = "conjunction";
diff --git a/nixos/modules/services/monitoring/prometheus/exporters/smokeping.nix b/nixos/modules/services/monitoring/prometheus/exporters/smokeping.nix
index 0a3ceba88d2011..5f85f86ec44f21 100644
--- a/nixos/modules/services/monitoring/prometheus/exporters/smokeping.nix
+++ b/nixos/modules/services/monitoring/prometheus/exporters/smokeping.nix
@@ -13,7 +13,7 @@ let
name = "goDuration";
description = "Go duration (https://golang.org/pkg/time/#ParseDuration)";
check =
- x: types.str.check x && builtins.match "(-?[0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+" x != null;
+ x: types.str.check x && builtins.match "(-?[0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+" x != null;
inherit (types.str) merge;
};
in
diff --git a/nixos/modules/services/network-filesystems/ceph.nix b/nixos/modules/services/network-filesystems/ceph.nix
index 5961731dbf446a..d71019086f49f1 100644
--- a/nixos/modules/services/network-filesystems/ceph.nix
+++ b/nixos/modules/services/network-filesystems/ceph.nix
@@ -42,8 +42,9 @@ let
StateDirectory = stateDirectory;
User = "ceph";
Group = if daemonType == "osd" then "disk" else "ceph";
- ExecStart = ''${ceph.out}/bin/${if daemonType == "rgw" then "radosgw" else "ceph-${daemonType}"} \
- -f --cluster ${clusterName} --id ${daemonId}'';
+ ExecStart = ''
+ ${ceph.out}/bin/${if daemonType == "rgw" then "radosgw" else "ceph-${daemonType}"} \
+ -f --cluster ${clusterName} --id ${daemonId}'';
} // lib.optionalAttrs (daemonType == "osd") {
ExecStartPre = "${ceph.lib}/libexec/ceph/ceph-osd-prestart.sh --id ${daemonId} --cluster ${clusterName}";
RestartSec = "20s";
diff --git a/nixos/modules/services/networking/lxd-image-server.nix b/nixos/modules/services/networking/lxd-image-server.nix
index 98906262ce1ebc..34f6ace072b2ed 100644
--- a/nixos/modules/services/networking/lxd-image-server.nix
+++ b/nixos/modules/services/networking/lxd-image-server.nix
@@ -105,19 +105,19 @@ in
};
# Serve json files with content type header application/json
- "~ \.json$" = {
+ "~ \\.json$" = {
extraConfig = ''
add_header Content-Type application/json;
'';
};
- "~ \.tar.xz$" = {
+ "~ \\.tar.xz$" = {
extraConfig = ''
add_header Content-Type application/octet-stream;
'';
};
- "~ \.tar.gz$" = {
+ "~ \\.tar.gz$" = {
extraConfig = ''
add_header Content-Type application/octet-stream;
'';
diff --git a/nixos/modules/services/networking/smokeping.nix b/nixos/modules/services/networking/smokeping.nix
index f96853939bd296..483f579b354a3f 100644
--- a/nixos/modules/services/networking/smokeping.nix
+++ b/nixos/modules/services/networking/smokeping.nix
@@ -119,7 +119,8 @@ in
MAX 0.5 144 7200
MIN 0.5 144 7200
'';
- description = ''Configure the ping frequency and retention of the rrd files.
+ description = ''
+ Configure the ping frequency and retention of the rrd files.
Once set, changing the interval will require deletion or migration of all
the collected data.'';
};
diff --git a/nixos/modules/services/networking/tinyproxy.nix b/nixos/modules/services/networking/tinyproxy.nix
index 6e07c6a541e9bf..bcf8fbbca726b9 100644
--- a/nixos/modules/services/networking/tinyproxy.nix
+++ b/nixos/modules/services/networking/tinyproxy.nix
@@ -33,14 +33,16 @@ in
settings = mkOption {
description = "Configuration for [tinyproxy](https://tinyproxy.github.io/).";
default = { };
- example = literalExpression ''{
+ example = literalExpression ''
+ {
Port 8888;
Listen 127.0.0.1;
Timeout 600;
Allow 127.0.0.1;
Anonymous = ['"Host"' '"Authorization"'];
ReversePath = '"/example/" "http://www.example.com/"';
- }'';
+ }
+ '';
type = types.submodule ({name, ...}: {
freeformType = settingsFormat.type;
options = {
diff --git a/nixos/modules/services/networking/wg-quick.nix b/nixos/modules/services/networking/wg-quick.nix
index 369c5a93976590..2130c49f374ec9 100644
--- a/nixos/modules/services/networking/wg-quick.nix
+++ b/nixos/modules/services/networking/wg-quick.nix
@@ -194,7 +194,8 @@ let
allowedIPs = mkOption {
example = [ "10.192.122.3/32" "10.192.124.1/24" ];
type = with types; listOf str;
- description = ''List of IP (v4 or v6) addresses with CIDR masks from
+ description = ''
+ List of IP (v4 or v6) addresses with CIDR masks from
which this peer is allowed to send incoming traffic and to which
outgoing traffic for this peer is directed. The catch-all 0.0.0.0/0 may
be specified for matching all IPv4 addresses, and ::/0 may be specified
@@ -205,7 +206,8 @@ let
default = null;
example = "demo.wireguard.io:12913";
type = with types; nullOr str;
- description = ''Endpoint IP or hostname of the peer, followed by a colon,
+ description = ''
+ Endpoint IP or hostname of the peer, followed by a colon,
and then a port number of the peer.'';
};
@@ -213,7 +215,8 @@ let
default = null;
type = with types; nullOr int;
example = 25;
- description = ''This is optional and is by default off, because most
+ description = ''
+ This is optional and is by default off, because most
users will not need it. It represents, in seconds, between 1 and 65535
inclusive, how often to send an authenticated empty packet to the peer,
for the purpose of keeping a stateful firewall or NAT mapping valid
diff --git a/nixos/modules/services/networking/wireguard.nix b/nixos/modules/services/networking/wireguard.nix
index a3308a1cd39644..5d9bcc9e767a27 100644
--- a/nixos/modules/services/networking/wireguard.nix
+++ b/nixos/modules/services/networking/wireguard.nix
@@ -127,7 +127,8 @@ let
default = null;
type = with types; nullOr str;
example = "container";
- description = ''The pre-existing network namespace in which the
+ description = ''
+ The pre-existing network namespace in which the
WireGuard interface is created, and which retains the socket even if the
interface is moved via {option}`interfaceNamespace`. When
`null`, the interface is created in the init namespace.
@@ -139,7 +140,8 @@ let
default = null;
type = with types; nullOr str;
example = "init";
- description = ''The pre-existing network namespace the WireGuard
+ description = ''
+ The pre-existing network namespace the WireGuard
interface is moved to. The special value `init` means
the init namespace. When `null`, the interface is not
moved.
@@ -262,7 +264,8 @@ let
allowedIPs = mkOption {
example = [ "10.192.122.3/32" "10.192.124.1/24" ];
type = with types; listOf str;
- description = ''List of IP (v4 or v6) addresses with CIDR masks from
+ description = ''
+ List of IP (v4 or v6) addresses with CIDR masks from
which this peer is allowed to send incoming traffic and to which
outgoing traffic for this peer is directed. The catch-all 0.0.0.0/0 may
be specified for matching all IPv4 addresses, and ::/0 may be specified
@@ -328,7 +331,8 @@ let
default = null;
type = with types; nullOr int;
example = 25;
- description = ''This is optional and is by default off, because most
+ description = ''
+ This is optional and is by default off, because most
users will not need it. It represents, in seconds, between 1 and 65535
inclusive, how often to send an authenticated empty packet to the peer,
for the purpose of keeping a stateful firewall or NAT mapping valid
diff --git a/nixos/modules/services/security/certmgr.nix b/nixos/modules/services/security/certmgr.nix
index 84f17bf87d5122..6a744e572101b4 100644
--- a/nixos/modules/services/security/certmgr.nix
+++ b/nixos/modules/services/security/certmgr.nix
@@ -123,7 +123,7 @@ in
service = lib.mkOption {
type = nullOr str;
default = null;
- description = "The service on which to perform \ after fetching.";
+ description = "The service on which to perform \\ after fetching.";
};
action = lib.mkOption {
diff --git a/nixos/modules/services/video/frigate.nix b/nixos/modules/services/video/frigate.nix
index 7dff18c52790b4..8885f0744f41f5 100644
--- a/nixos/modules/services/video/frigate.nix
+++ b/nixos/modules/services/video/frigate.nix
@@ -403,7 +403,7 @@ in
}
'';
};
- "~* /api/.*\.(jpg|jpeg|png|webp|gif)$" = {
+ "~* /api/.*\\.(jpg|jpeg|png|webp|gif)$" = {
proxyPass = "http://frigate-api";
recommendedProxySettings = true;
extraConfig = nginxAuthRequest + nginxProxySettings + ''
diff --git a/nixos/modules/services/web-apps/agorakit.nix b/nixos/modules/services/web-apps/agorakit.nix
index f8c9f1db370bb8..583f68ee5881f1 100644
--- a/nixos/modules/services/web-apps/agorakit.nix
+++ b/nixos/modules/services/web-apps/agorakit.nix
@@ -367,10 +367,10 @@ in
index = "index.php";
tryFiles = "$uri $uri/ /index.php?$query_string";
};
- "~ \.php$".extraConfig = ''
+ "~ \\.php$".extraConfig = ''
fastcgi_pass unix:${config.services.phpfpm.pools."agorakit".socket};
'';
- "~ \.(js|css|gif|png|ico|jpg|jpeg)$" = {
+ "~ \\.(js|css|gif|png|ico|jpg|jpeg)$" = {
extraConfig = "expires 365d;";
};
};
diff --git a/nixos/modules/services/web-apps/castopod.nix b/nixos/modules/services/web-apps/castopod.nix
index fae20df530ef6d..018dafd07bdaf0 100644
--- a/nixos/modules/services/web-apps/castopod.nix
+++ b/nixos/modules/services/web-apps/castopod.nix
@@ -328,7 +328,7 @@ in
'';
};
- locations."~ \.php$" = {
+ locations."~ \\.php$" = {
fastcgiParams = {
SERVER_NAME = "$host";
};
diff --git a/nixos/modules/services/web-apps/davis.nix b/nixos/modules/services/web-apps/davis.nix
index 621f2ff20e2bb7..a2c4c49108ef01 100644
--- a/nixos/modules/services/web-apps/davis.nix
+++ b/nixos/modules/services/web-apps/davis.nix
@@ -496,7 +496,7 @@ in
return 302 https://$host/dav/;
'';
};
- "~ ^(.+\.php)(.*)$" = {
+ "~ ^(.+\\.php)(.*)$" = {
extraConfig = ''
try_files $fastcgi_script_name =404;
include ${config.services.nginx.package}/conf/fastcgi_params;
diff --git a/nixos/modules/services/web-apps/discourse.nix b/nixos/modules/services/web-apps/discourse.nix
index 45a36138ff5421..d91249aa0ddf9d 100644
--- a/nixos/modules/services/web-apps/discourse.nix
+++ b/nixos/modules/services/web-apps/discourse.nix
@@ -925,7 +925,7 @@ in
};
"~ ^/uploads/short-url/" = proxy { };
"~ ^/secure-media-uploads/" = proxy { };
- "~* (fonts|assets|plugins|uploads)/.*\.(eot|ttf|woff|woff2|ico|otf)$".extraConfig =
+ "~* (fonts|assets|plugins|uploads)/.*\\.(eot|ttf|woff|woff2|ico|otf)$".extraConfig =
cache_1y
+ ''
add_header Access-Control-Allow-Origin *;
diff --git a/nixos/modules/services/web-apps/dokuwiki.nix b/nixos/modules/services/web-apps/dokuwiki.nix
index d6ca14c40ef970..b63f38d6c7b295 100644
--- a/nixos/modules/services/web-apps/dokuwiki.nix
+++ b/nixos/modules/services/web-apps/dokuwiki.nix
@@ -436,7 +436,7 @@ in
extraConfig = "internal;";
};
- "~ ^/lib.*\.(js|css|gif|png|ico|jpg|jpeg)$" = {
+ "~ ^/lib.*\\.(js|css|gif|png|ico|jpg|jpeg)$" = {
extraConfig = "expires 365d;";
};
diff --git a/nixos/modules/services/web-apps/firefly-iii-data-importer.nix b/nixos/modules/services/web-apps/firefly-iii-data-importer.nix
index cbf089ce2fb751..1370e055853880 100644
--- a/nixos/modules/services/web-apps/firefly-iii-data-importer.nix
+++ b/nixos/modules/services/web-apps/firefly-iii-data-importer.nix
@@ -239,7 +239,7 @@ in
sendfile off;
'';
};
- "~ \.php$" = {
+ "~ \\.php$" = {
extraConfig = ''
include ${config.services.nginx.package}/conf/fastcgi_params ;
fastcgi_param SCRIPT_FILENAME $request_filename;
diff --git a/nixos/modules/services/web-apps/firefly-iii.nix b/nixos/modules/services/web-apps/firefly-iii.nix
index 42d6cdcb06b37d..436e1228e6fc9f 100644
--- a/nixos/modules/services/web-apps/firefly-iii.nix
+++ b/nixos/modules/services/web-apps/firefly-iii.nix
@@ -361,7 +361,7 @@ in
sendfile off;
'';
};
- "~ \.php$" = {
+ "~ \\.php$" = {
extraConfig = ''
include ${config.services.nginx.package}/conf/fastcgi_params ;
fastcgi_param SCRIPT_FILENAME $request_filename;
diff --git a/nixos/modules/services/web-apps/flarum.nix b/nixos/modules/services/web-apps/flarum.nix
index d7f558c73d07e2..c466d2700b1c71 100644
--- a/nixos/modules/services/web-apps/flarum.nix
+++ b/nixos/modules/services/web-apps/flarum.nix
@@ -164,7 +164,7 @@ in
enable = true;
virtualHosts."${cfg.domain}" = {
root = "${cfg.stateDir}/public";
- locations."~ \.php$".extraConfig = ''
+ locations."~ \\.php$".extraConfig = ''
fastcgi_pass unix:${config.services.phpfpm.pools.flarum.socket};
fastcgi_index site.php;
'';
diff --git a/nixos/modules/services/web-apps/freshrss.nix b/nixos/modules/services/web-apps/freshrss.nix
index 0e8bcc703efa95..41a45d0690f997 100644
--- a/nixos/modules/services/web-apps/freshrss.nix
+++ b/nixos/modules/services/web-apps/freshrss.nix
@@ -211,7 +211,7 @@ in
# php files handling
# this regex is mandatory because of the API
- locations."~ ^.+?\.php(/.*)?$".extraConfig = ''
+ locations."~ ^.+?\\.php(/.*)?$".extraConfig = ''
fastcgi_pass unix:${config.services.phpfpm.pools.${cfg.pool}.socket};
fastcgi_split_path_info ^(.+\.php)(/.*)$;
# By default, the variable PATH_INFO is not set under PHP-FPM
diff --git a/nixos/modules/services/web-apps/galene.nix b/nixos/modules/services/web-apps/galene.nix
index 013b8b3da8a0a8..133873cd94f0f3 100644
--- a/nixos/modules/services/web-apps/galene.nix
+++ b/nixos/modules/services/web-apps/galene.nix
@@ -150,7 +150,8 @@ in
User = cfg.user;
Group = cfg.group;
WorkingDirectory = cfg.stateDir;
- ExecStart = ''${cfg.package}/bin/galene \
+ ExecStart = ''
+ ${cfg.package}/bin/galene \
${optionalString (cfg.insecure) "-insecure"} \
-http ${cfg.httpAddress}:${toString cfg.httpPort} \
-turn ${cfg.turnAddress} \
diff --git a/nixos/modules/services/web-apps/monica.nix b/nixos/modules/services/web-apps/monica.nix
index 16151f3be9dc9a..16263e70c2e8b3 100644
--- a/nixos/modules/services/web-apps/monica.nix
+++ b/nixos/modules/services/web-apps/monica.nix
@@ -355,10 +355,10 @@ in {
index = "index.php";
tryFiles = "$uri $uri/ /index.php?$query_string";
};
- "~ \.php$".extraConfig = ''
+ "~ \\.php$".extraConfig = ''
fastcgi_pass unix:${config.services.phpfpm.pools."monica".socket};
'';
- "~ \.(js|css|gif|png|ico|jpg|jpeg)$" = {
+ "~ \\.(js|css|gif|png|ico|jpg|jpeg)$" = {
extraConfig = "expires 365d;";
};
};
diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix
index 64c17aa44b4a3f..10c72550f2cd48 100644
--- a/nixos/modules/services/web-apps/nextcloud.nix
+++ b/nixos/modules/services/web-apps/nextcloud.nix
@@ -770,15 +770,17 @@ in {
description = ''
Extra options which should be appended to Nextcloud's config.php file.
'';
- example = literalExpression '' {
- redis = {
- host = "/run/redis/redis.sock";
- port = 0;
- dbindex = 0;
- password = "secret";
- timeout = 1.5;
- };
- } '';
+ example = literalExpression ''
+ {
+ redis = {
+ host = "/run/redis/redis.sock";
+ port = 0;
+ dbindex = 0;
+ password = "secret";
+ timeout = 1.5;
+ };
+ }
+ '';
};
secretFile = mkOption {
diff --git a/nixos/modules/services/web-apps/onlyoffice.nix b/nixos/modules/services/web-apps/onlyoffice.nix
index d56a4d66283cfb..f56dfd341dcc60 100644
--- a/nixos/modules/services/web-apps/onlyoffice.nix
+++ b/nixos/modules/services/web-apps/onlyoffice.nix
@@ -105,27 +105,27 @@ in
virtualHosts.${cfg.hostname} = {
locations = {
# /etc/nginx/includes/ds-docservice.conf
- "~ ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/(web-apps\/apps\/api\/documents\/api\.js)$".extraConfig =
+ "~ ^(\\/[\\d]+\\.[\\d]+\\.[\\d]+[\\.|-][\\d]+)?\\/(web-apps\\/apps\\/api\\/documents\\/api\\.js)$".extraConfig =
''
expires -1;
alias ${cfg.package}/var/www/onlyoffice/documentserver/$2;
'';
- "~ ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/(web-apps)(\/.*\.json)$".extraConfig = ''
+ "~ ^(\\/[\\d]+\\.[\\d]+\\.[\\d]+[\\.|-][\\d]+)?\\/(web-apps)(\\/.*\\.json)$".extraConfig = ''
expires 365d;
error_log /dev/null crit;
alias ${cfg.package}/var/www/onlyoffice/documentserver/$2$3;
'';
- "~ ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/(sdkjs-plugins)(\/.*\.json)$".extraConfig = ''
+ "~ ^(\\/[\\d]+\\.[\\d]+\\.[\\d]+[\\.|-][\\d]+)?\\/(sdkjs-plugins)(\\/.*\\.json)$".extraConfig = ''
expires 365d;
error_log /dev/null crit;
alias ${cfg.package}/var/www/onlyoffice/documentserver/$2$3;
'';
- "~ ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/(web-apps|sdkjs|sdkjs-plugins|fonts)(\/.*)$".extraConfig =
+ "~ ^(\\/[\\d]+\\.[\\d]+\\.[\\d]+[\\.|-][\\d]+)?\\/(web-apps|sdkjs|sdkjs-plugins|fonts)(\\/.*)$".extraConfig =
''
expires 365d;
alias ${cfg.package}/var/www/onlyoffice/documentserver/$2$3;
'';
- "~* ^(\/cache\/files.*)(\/.*)".extraConfig = ''
+ "~* ^(\\/cache\\/files.*)(\\/.*)".extraConfig = ''
alias /var/lib/onlyoffice/documentserver/App_Data$1;
add_header Content-Disposition "attachment; filename*=UTF-8''$arg_filename";
@@ -141,12 +141,12 @@ in
return 410;
}
'';
- "~* ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/(internal)(\/.*)$".extraConfig = ''
+ "~* ^(\\/[\\d]+\\.[\\d]+\\.[\\d]+[\\.|-][\\d]+)?\\/(internal)(\\/.*)$".extraConfig = ''
allow 127.0.0.1;
deny all;
proxy_pass http://onlyoffice-docservice/$2$3;
'';
- "~* ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/(info)(\/.*)$".extraConfig = ''
+ "~* ^(\\/[\\d]+\\.[\\d]+\\.[\\d]+[\\.|-][\\d]+)?\\/(info)(\\/.*)$".extraConfig = ''
allow 127.0.0.1;
deny all;
proxy_pass http://onlyoffice-docservice/$2$3;
@@ -154,19 +154,19 @@ in
"/".extraConfig = ''
proxy_pass http://onlyoffice-docservice;
'';
- "~ ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?(\/doc\/.*)".extraConfig = ''
+ "~ ^(\\/[\\d]+\\.[\\d]+\\.[\\d]+[\\.|-][\\d]+)?(\\/doc\\/.*)".extraConfig = ''
proxy_pass http://onlyoffice-docservice$2;
proxy_http_version 1.1;
'';
"/${cfg.package.version}/".extraConfig = ''
proxy_pass http://onlyoffice-docservice/;
'';
- "~ ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/(dictionaries)(\/.*)$".extraConfig = ''
+ "~ ^(\\/[\\d]+\\.[\\d]+\\.[\\d]+[\\.|-][\\d]+)?\\/(dictionaries)(\\/.*)$".extraConfig = ''
expires 365d;
alias ${cfg.package}/var/www/onlyoffice/documentserver/$2$3;
'';
# /etc/nginx/includes/ds-example.conf
- "~ ^(\/welcome\/.*)$".extraConfig = ''
+ "~ ^(\\/welcome\\/.*)$".extraConfig = ''
expires 365d;
alias ${cfg.package}/var/www/onlyoffice/documentserver-example$1;
index docker.html;
diff --git a/nixos/modules/services/web-apps/peertube.nix b/nixos/modules/services/web-apps/peertube.nix
index b61344a95db888..f52a4ccf6266f5 100644
--- a/nixos/modules/services/web-apps/peertube.nix
+++ b/nixos/modules/services/web-apps/peertube.nix
@@ -696,7 +696,7 @@ in
};
# Bypass PeerTube for performance reasons.
- locations."~ ^/client/(assets/images/(icons/icon-36x36\.png|icons/icon-48x48\.png|icons/icon-72x72\.png|icons/icon-96x96\.png|icons/icon-144x144\.png|icons/icon-192x192\.png|icons/icon-512x512\.png|logo\.svg|favicon\.png|default-playlist\.jpg|default-avatar-account\.png|default-avatar-account-48x48\.png|default-avatar-video-channel\.png|default-avatar-video-channel-48x48\.png))$" =
+ locations."~ ^/client/(assets/images/(icons/icon-36x36\\.png|icons/icon-48x48\\.png|icons/icon-72x72\\.png|icons/icon-96x96\\.png|icons/icon-144x144\\.png|icons/icon-192x192\\.png|icons/icon-512x512\\.png|logo\\.svg|favicon\\.png|default-playlist\\.jpg|default-avatar-account\\.png|default-avatar-account-48x48\\.png|default-avatar-video-channel\\.png|default-avatar-video-channel-48x48\\.png))$" =
{
tryFiles = "/client-overrides/$1 /client/$1 $1";
priority = 1310;
@@ -704,7 +704,7 @@ in
extraConfig = nginxCommonHeaders;
};
- locations."~ ^/client/(.*\.(js|css|png|svg|woff2|otf|ttf|woff|eot))$" = {
+ locations."~ ^/client/(.*\\.(js|css|png|svg|woff2|otf|ttf|woff|eot))$" = {
alias = "${cfg.package}/client/dist/$1";
priority = 1320;
extraConfig =
diff --git a/nixos/modules/services/web-apps/privatebin.nix b/nixos/modules/services/web-apps/privatebin.nix
index 4315664dabc200..ea1d9933d0b789 100644
--- a/nixos/modules/services/web-apps/privatebin.nix
+++ b/nixos/modules/services/web-apps/privatebin.nix
@@ -186,7 +186,7 @@ in
sendfile off;
'';
};
- "~ \.php$" = {
+ "~ \\.php$" = {
extraConfig = ''
include ${config.services.nginx.package}/conf/fastcgi_params ;
fastcgi_param SCRIPT_FILENAME $request_filename;
diff --git a/nixos/modules/services/web-apps/rutorrent.nix b/nixos/modules/services/web-apps/rutorrent.nix
index 8cbda677c2b125..be2af96ae05b6e 100644
--- a/nixos/modules/services/web-apps/rutorrent.nix
+++ b/nixos/modules/services/web-apps/rutorrent.nix
@@ -305,7 +305,7 @@ in
${cfg.hostName} = {
root = cfg.dataDir;
locations = {
- "~ [^/]\.php(/|$)" = {
+ "~ [^/]\\.php(/|$)" = {
extraConfig = ''
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
diff --git a/nixos/modules/services/web-apps/snipe-it.nix b/nixos/modules/services/web-apps/snipe-it.nix
index e9a68006ae646c..07163d08d9b630 100644
--- a/nixos/modules/services/web-apps/snipe-it.nix
+++ b/nixos/modules/services/web-apps/snipe-it.nix
@@ -368,7 +368,7 @@ in {
index = "index.php";
extraConfig = ''try_files $uri $uri/ /index.php?$query_string;'';
};
- "~ \.php$" = {
+ "~ \\.php$" = {
extraConfig = ''
try_files $uri $uri/ /index.php?$query_string;
include ${config.services.nginx.package}/conf/fastcgi_params;
@@ -378,7 +378,7 @@ in {
${optionalString (cfg.nginx.addSSL || cfg.nginx.forceSSL || cfg.nginx.onlySSL || cfg.nginx.enableACME) "fastcgi_param HTTPS on;"}
'';
};
- "~ \.(js|css|gif|png|ico|jpg|jpeg)$" = {
+ "~ \\.(js|css|gif|png|ico|jpg|jpeg)$" = {
extraConfig = "expires 365d;";
};
};
diff --git a/nixos/modules/services/web-apps/zabbix.nix b/nixos/modules/services/web-apps/zabbix.nix
index 3463148b30e0d7..5c9a5865e759ad 100644
--- a/nixos/modules/services/web-apps/zabbix.nix
+++ b/nixos/modules/services/web-apps/zabbix.nix
@@ -342,7 +342,7 @@ in
index = "index.html index.htm index.php";
tryFiles = "$uri $uri/ =404";
};
- locations."~ \.php$".extraConfig = ''
+ locations."~ \\.php$".extraConfig = ''
fastcgi_pass unix:${fpm.socket};
fastcgi_index index.php;
'';
diff --git a/nixos/modules/services/x11/display-managers/lightdm.nix b/nixos/modules/services/x11/display-managers/lightdm.nix
index 3e964ef53266d0..8034e779f5b8dd 100644
--- a/nixos/modules/services/x11/display-managers/lightdm.nix
+++ b/nixos/modules/services/x11/display-managers/lightdm.nix
@@ -155,7 +155,7 @@ in
};
background = mkOption {
- type = types.either types.path (types.strMatching "^#[0-9]\{6\}$");
+ type = types.either types.path (types.strMatching "^#[0-9]{6}$");
# Manual cannot depend on packages, we are actually setting the default in config below.
defaultText = literalExpression "pkgs.nixos-artwork.wallpapers.simple-dark-gray-bottom.gnomeFilePath";
description = ''
diff --git a/nixos/modules/system/activation/top-level.nix b/nixos/modules/system/activation/top-level.nix
index 85e5631e77a25b..3c42e6c04a485f 100644
--- a/nixos/modules/system/activation/top-level.nix
+++ b/nixos/modules/system/activation/top-level.nix
@@ -319,8 +319,8 @@ in
system.extraSystemBuilderCmds =
optionalString
- config.system.copySystemConfiguration
- ''ln -s '${import ../../../lib/from-env.nix "NIXOS_CONFIG" }' \
+ config.system.copySystemConfiguration ''
+ ln -s '${import ../../../lib/from-env.nix "NIXOS_CONFIG" }' \
"$out/configuration.nix"
'' +
optionalString