nixos/manual: remove links from program listings

markdown cannot represent those links. remove them all now instead of in each chapter conversion to keep the diff for each chapter small and more understandable.
2023-01-02 22:57:19 +01:00
parent 798b7fdc5c
commit 80a78f2e1e
24 changed files with 349 additions and 350 deletions
--- a/nixos/modules/i18n/input-method/default.xml
+++ b/nixos/modules/i18n/input-method/default.xml
@@ -60,8 +60,8 @@
 <programlisting>
 i18n.inputMethod = {
-  <link linkend="opt-i18n.inputMethod.enabled">enabled</link> = "ibus";
+  enabled = "ibus";
-  <link linkend="opt-i18n.inputMethod.ibus.engines">ibus.engines</link> = with pkgs.ibus-engines; [ anthy hangul mozc ];
+  ibus.engines = with pkgs.ibus-engines; [ anthy hangul mozc ];
 };
 </programlisting>
@@ -151,8 +151,8 @@ ibus.engines = with pkgs.ibus-engines; [ table table-others ];
 <programlisting>
 i18n.inputMethod = {
-  <link linkend="opt-i18n.inputMethod.enabled">enabled</link> = "fcitx";
+  enabled = "fcitx";
-  <link linkend="opt-i18n.inputMethod.fcitx.engines">fcitx.engines</link> = with pkgs.fcitx-engines; [ mozc hangul m17n ];
+  fcitx.engines = with pkgs.fcitx-engines; [ mozc hangul m17n ];
 };
 </programlisting>
@@ -224,7 +224,7 @@ i18n.inputMethod = {
 <programlisting>
 i18n.inputMethod = {
-  <link linkend="opt-i18n.inputMethod.enabled">enabled</link> = "nabi";
+  enabled = "nabi";
 };
 </programlisting>
 </section>
@@ -242,7 +242,7 @@ i18n.inputMethod = {
 <programlisting>
 i18n.inputMethod = {
-  <link linkend="opt-i18n.inputMethod.enabled">enabled</link> = "uim";
+  enabled = "uim";
 };
 </programlisting>
@@ -267,7 +267,7 @@ i18n.inputMethod = {
 <programlisting>
 i18n.inputMethod = {
-  <link linkend="opt-i18n.inputMethod.enabled">enabled</link> = "hime";
+  enabled = "hime";
 };
 </programlisting>
 </section>
@@ -284,7 +284,7 @@ i18n.inputMethod = {
 <programlisting>
 i18n.inputMethod = {
-  <link linkend="opt-i18n.inputMethod.enabled">enabled</link> = "kime";
+  enabled = "kime";
 };
 </programlisting>
 </section>
--- a/nixos/modules/programs/digitalbitbox/doc.xml
+++ b/nixos/modules/programs/digitalbitbox/doc.xml
@@ -12,7 +12,7 @@
  setting <literal>programs.digitalbitbox</literal> to <literal>true</literal>
  in a manner similar to
 <programlisting>
-<xref linkend="opt-programs.digitalbitbox.enable"/> = true;
+programs.digitalbitbox.enable = true;
 </programlisting>
  and bundles the <literal>digitalbitbox</literal> package (see
  <xref
@@ -40,7 +40,7 @@
   <literal>digitalbitbox</literal> package which could be installed as
   follows:
 <programlisting>
-<xref linkend="opt-environment.systemPackages"/> = [
+environment.systemPackages = [
  pkgs.digitalbitbox
 ];
 </programlisting>
@@ -53,7 +53,7 @@
   The digitalbitbox hardware package enables the udev rules for Digital Bitbox
   devices and may be installed as follows:
 <programlisting>
-<xref linkend="opt-hardware.digitalbitbox.enable"/> = true;
+hardware.digitalbitbox.enable = true;
 </programlisting>
  </para>
@@ -63,8 +63,8 @@
   by means of overriding as follows:
 <programlisting>
 programs.digitalbitbox = {
-  <link linkend="opt-programs.digitalbitbox.enable">enable</link> = true;
+  enable = true;
-  <link linkend="opt-programs.digitalbitbox.package">package</link> = pkgs.digitalbitbox.override {
+  package = pkgs.digitalbitbox.override {
    udevRule51 = "something else";
  };
 };
--- a/nixos/modules/programs/plotinus.xml
+++ b/nixos/modules/programs/plotinus.xml
@@ -24,7 +24,7 @@
  To enable Plotinus, add the following to your
  <filename>configuration.nix</filename>:
 <programlisting>
-<xref linkend="opt-programs.plotinus.enable"/> = true;
+programs.plotinus.enable = true;
 </programlisting>
 </para>
 </chapter>
--- a/nixos/modules/security/acme/doc.xml
+++ b/nixos/modules/security/acme/doc.xml
@@ -57,37 +57,36 @@
  <para>
   NixOS supports fetching ACME certificates for you by setting
-   <literal><link linkend="opt-services.nginx.virtualHosts._name_.enableACME">enableACME</link>
+   <literal>enableACME = true;</literal> in a virtualHost config. We first create self-signed
   = true;</literal> in a virtualHost config. We first create self-signed
   placeholder certificates in place of the real ACME certs. The placeholder
   certs are overwritten when the ACME certs arrive. For
   <literal>foo.example.com</literal> the config would look like this:
  </para>
 <programlisting>
-<xref linkend="opt-security.acme.acceptTerms" /> = true;
+security.acme.acceptTerms = true;
-<xref linkend="opt-security.acme.defaults.email" /> = "admin+acme@example.com";
+security.acme.defaults.email = "admin+acme@example.com";
 services.nginx = {
-  <link linkend="opt-services.nginx.enable">enable</link> = true;
+  enable = true;
-  <link linkend="opt-services.nginx.virtualHosts">virtualHosts</link> = {
+  virtualHosts = {
    "foo.example.com" = {
-      <link linkend="opt-services.nginx.virtualHosts._name_.forceSSL">forceSSL</link> = true;
+      forceSSL = true;
-      <link linkend="opt-services.nginx.virtualHosts._name_.enableACME">enableACME</link> = true;
+      enableACME = true;
-      # All serverAliases will be added as <link linkend="opt-security.acme.certs._name_.extraDomainNames">extra domain names</link> on the certificate.
+      # All serverAliases will be added as extra domain names on the certificate.
-      <link linkend="opt-services.nginx.virtualHosts._name_.serverAliases">serverAliases</link> = [ "bar.example.com" ];
+      serverAliases = [ "bar.example.com" ];
      locations."/" = {
-        <link linkend="opt-services.nginx.virtualHosts._name_.locations._name_.root">root</link> = "/var/www";
+        root = "/var/www";
      };
    };
    # We can also add a different vhost and reuse the same certificate
    # but we have to append extraDomainNames manually beforehand:
-    # <link linkend="opt-security.acme.certs._name_.extraDomainNames">security.acme.certs."foo.example.com".extraDomainNames</link> = [ "baz.example.com" ];
+    # security.acme.certs."foo.example.com".extraDomainNames = [ "baz.example.com" ];
    "baz.example.com" = {
-      <link linkend="opt-services.nginx.virtualHosts._name_.forceSSL">forceSSL</link> = true;
+      forceSSL = true;
-      <link linkend="opt-services.nginx.virtualHosts._name_.useACMEHost">useACMEHost</link> = "foo.example.com";
+      useACMEHost = "foo.example.com";
      locations."/" = {
-        <link linkend="opt-services.nginx.virtualHosts._name_.locations._name_.root">root</link> = "/var/www";
+        root = "/var/www";
      };
    };
  };
@@ -114,41 +113,41 @@ services.nginx = {
  </para>
 <programlisting>
-<xref linkend="opt-security.acme.acceptTerms" /> = true;
+security.acme.acceptTerms = true;
-<xref linkend="opt-security.acme.defaults.email" /> = "admin+acme@example.com";
+security.acme.defaults.email = "admin+acme@example.com";
 # /var/lib/acme/.challenges must be writable by the ACME user
 # and readable by the Nginx user. The easiest way to achieve
 # this is to add the Nginx user to the ACME group.
-<link linkend="opt-users.users._name_.extraGroups">users.users.nginx.extraGroups</link> = [ "acme" ];
+users.users.nginx.extraGroups = [ "acme" ];
 services.nginx = {
-  <link linkend="opt-services.nginx.enable">enable</link> = true;
+  enable = true;
-  <link linkend="opt-services.nginx.virtualHosts">virtualHosts</link> = {
+  virtualHosts = {
    "acmechallenge.example.com" = {
      # Catchall vhost, will redirect users to HTTPS for all vhosts
-      <link linkend="opt-services.nginx.virtualHosts._name_.serverAliases">serverAliases</link> = [ "*.example.com" ];
+      serverAliases = [ "*.example.com" ];
      locations."/.well-known/acme-challenge" = {
-        <link linkend="opt-services.nginx.virtualHosts._name_.locations._name_.root">root</link> = "/var/lib/acme/.challenges";
+        root = "/var/lib/acme/.challenges";
      };
      locations."/" = {
-        <link linkend="opt-services.nginx.virtualHosts._name_.locations._name_.return">return</link> = "301 https://$host$request_uri";
+        return = "301 https://$host$request_uri";
      };
    };
  };
 }
 # Alternative config for Apache
-<link linkend="opt-users.users._name_.extraGroups">users.users.wwwrun.extraGroups</link> = [ "acme" ];
+users.users.wwwrun.extraGroups = [ "acme" ];
 services.httpd = {
-  <link linkend="opt-services.httpd.enable">enable = true;</link>
+  enable = true;
-  <link linkend="opt-services.httpd.virtualHosts">virtualHosts</link> = {
+  virtualHosts = {
    "acmechallenge.example.com" = {
      # Catchall vhost, will redirect users to HTTPS for all vhosts
-      <link linkend="opt-services.httpd.virtualHosts._name_.serverAliases">serverAliases</link> = [ "*.example.com" ];
+      serverAliases = [ "*.example.com" ];
      # /var/lib/acme/.challenges must be writable by the ACME user and readable by the Apache user.
      # By default, this is the case.
-      <link linkend="opt-services.httpd.virtualHosts._name_.documentRoot">documentRoot</link> = "/var/lib/acme/.challenges";
+      documentRoot = "/var/lib/acme/.challenges";
-      <link linkend="opt-services.httpd.virtualHosts._name_.extraConfig">extraConfig</link> = ''
+      extraConfig = ''
        RewriteEngine On
        RewriteCond %{HTTPS} off
        RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge [NC]
@@ -164,16 +163,16 @@ services.httpd = {
  </para>
 <programlisting>
-<xref linkend="opt-security.acme.certs"/>."foo.example.com" = {
+security.acme.certs."foo.example.com" = {
-  <link linkend="opt-security.acme.certs._name_.webroot">webroot</link> = "/var/lib/acme/.challenges";
+  webroot = "/var/lib/acme/.challenges";
-  <link linkend="opt-security.acme.certs._name_.email">email</link> = "foo@example.com";
+  email = "foo@example.com";
  # Ensure that the web server you use can read the generated certs
-  # Take a look at the <link linkend="opt-services.nginx.group">group</link> option for the web server you choose.
+  # Take a look at the group option for the web server you choose.
-  <link linkend="opt-security.acme.certs._name_.group">group</link> = "nginx";
+  group = "nginx";
  # Since we have a wildcard vhost to handle port 80,
  # we can generate certs for anything!
  # Just make sure your DNS resolves them.
-  <link linkend="opt-security.acme.certs._name_.extraDomainNames">extraDomainNames</link> = [ "mail.example.com" ];
+  extraDomainNames = [ "mail.example.com" ];
 };
 </programlisting>
@@ -203,11 +202,11 @@ services.httpd = {
 <programlisting>
 services.bind = {
-  <link linkend="opt-services.bind.enable">enable</link> = true;
+  enable = true;
-  <link linkend="opt-services.bind.extraConfig">extraConfig</link> = ''
+  extraConfig = ''
    include "/var/lib/secrets/dnskeys.conf";
  '';
-  <link linkend="opt-services.bind.zones">zones</link> = [
+  zones = [
    rec {
      name = "example.com";
      file = "/var/db/bind/${name}";
@@ -218,14 +217,14 @@ services.bind = {
 }
 # Now we can configure ACME
-<xref linkend="opt-security.acme.acceptTerms" /> = true;
+security.acme.acceptTerms = true;
-<xref linkend="opt-security.acme.defaults.email" /> = "admin+acme@example.com";
+security.acme.defaults.email = "admin+acme@example.com";
-<xref linkend="opt-security.acme.certs" />."example.com" = {
+security.acme.certs."example.com" = {
-  <link linkend="opt-security.acme.certs._name_.domain">domain</link> = "*.example.com";
+  domain = "*.example.com";
-  <link linkend="opt-security.acme.certs._name_.dnsProvider">dnsProvider</link> = "rfc2136";
+  dnsProvider = "rfc2136";
-  <link linkend="opt-security.acme.certs._name_.credentialsFile">credentialsFile</link> = "/var/lib/secrets/certs.secret";
+  credentialsFile = "/var/lib/secrets/certs.secret";
  # We don't need to wait for propagation since this is a local DNS server
-  <link linkend="opt-security.acme.certs._name_.dnsPropagationCheck">dnsPropagationCheck</link> = false;
+  dnsPropagationCheck = false;
 };
 </programlisting>
@@ -296,23 +295,23 @@ systemd.services.dns-rfc2136-conf = {
 <programlisting>
 # Configure ACME appropriately
-<xref linkend="opt-security.acme.acceptTerms" /> = true;
+security.acme.acceptTerms = true;
-<xref linkend="opt-security.acme.defaults.email" /> = "admin+acme@example.com";
+security.acme.defaults.email = "admin+acme@example.com";
-<xref linkend="opt-security.acme.defaults" /> = {
+security.acme.defaults = {
-  <link linkend="opt-security.acme.defaults.dnsProvider">dnsProvider</link> = "rfc2136";
+  dnsProvider = "rfc2136";
-  <link linkend="opt-security.acme.defaults.credentialsFile">credentialsFile</link> = "/var/lib/secrets/certs.secret";
+  credentialsFile = "/var/lib/secrets/certs.secret";
  # We don't need to wait for propagation since this is a local DNS server
-  <link linkend="opt-security.acme.defaults.dnsPropagationCheck">dnsPropagationCheck</link> = false;
+  dnsPropagationCheck = false;
 };
 # For each virtual host you would like to use DNS-01 validation with,
 # set acmeRoot = null
 services.nginx = {
-  <link linkend="opt-services.nginx.enable">enable</link> = true;
+  enable = true;
-  <link linkend="opt-services.nginx.virtualHosts">virtualHosts</link> = {
+  virtualHosts = {
    "foo.example.com" = {
-      <link linkend="opt-services.nginx.virtualHosts._name_.enableACME">enableACME</link> = true;
+      enableACME = true;
-      <link linkend="opt-services.nginx.virtualHosts._name_.acmeRoot">acmeRoot</link> = null;
+      acmeRoot = null;
    };
  };
 }
@@ -349,8 +348,8 @@ security.acme.certs."mail.example.com".postRun = ''
 # Now you must augment OpenSMTPD's systemd service to load
 # the certificate files.
-<link linkend="opt-systemd.services._name_.requires">systemd.services.opensmtpd.requires</link> = ["acme-finished-mail.example.com.target"];
+systemd.services.opensmtpd.requires = ["acme-finished-mail.example.com.target"];
-<link linkend="opt-systemd.services._name_.serviceConfig">systemd.services.opensmtpd.serviceConfig.LoadCredential</link> = let
+systemd.services.opensmtpd.serviceConfig.LoadCredential = let
  certDir = config.security.acme.certs."mail.example.com".directory;
 in [
  "cert.pem:${certDir}/cert.pem"
--- a/nixos/modules/services/databases/postgresql.xml
+++ b/nixos/modules/services/databases/postgresql.xml
@@ -23,8 +23,8 @@
  <para>
   To enable PostgreSQL, add the following to your <filename>configuration.nix</filename>:
 <programlisting>
-<xref linkend="opt-services.postgresql.enable"/> = true;
+services.postgresql.enable = true;
-<xref linkend="opt-services.postgresql.package"/> = pkgs.postgresql_11;
+services.postgresql.package = pkgs.postgresql_11;
 </programlisting>
   Note that you are required to specify the desired version of PostgreSQL (e.g. <literal>pkgs.postgresql_11</literal>). Since upgrading your PostgreSQL version requires a database dump and reload (see below), NixOS cannot provide a default value for <xref linkend="opt-services.postgresql.package"/> such as the most recent release of PostgreSQL.
  </para>
@@ -45,7 +45,7 @@ Type "help" for help.
  <para>
   By default, PostgreSQL stores its databases in <filename>/var/lib/postgresql/$psqlSchema</filename>. You can override this using <xref linkend="opt-services.postgresql.dataDir"/>, e.g.
 <programlisting>
-<xref linkend="opt-services.postgresql.dataDir"/> = "/data/postgresql";
+services.postgresql.dataDir = "/data/postgresql";
 </programlisting>
  </para>
 </section>
@@ -71,7 +71,7 @@ Type "help" for help.
 <programlisting>
 { config, pkgs, ... }:
 {
-  <xref linkend="opt-environment.systemPackages" /> = [
+  environment.systemPackages = [
    (let
      # XXX specify the postgresql package you'd like to upgrade to.
      # Do not forget to list the extensions you need.
@@ -87,8 +87,8 @@ Type "help" for help.
      export NEWBIN="${newPostgres}/bin"
-      export OLDDATA="${config.<xref linkend="opt-services.postgresql.dataDir"/>}"
+      export OLDDATA="${config.services.postgresql.dataDir}"
-      export OLDBIN="${config.<xref linkend="opt-services.postgresql.package"/>}/bin"
+      export OLDBIN="${config.services.postgresql.package}/bin"
      install -d -m 0700 -o postgres -g postgres "$NEWDATA"
      cd "$NEWDATA"
@@ -189,8 +189,8 @@ postgresql_11.pkgs.pg_partman        postgresql_11.pkgs.pgroonga
  <para>
   To add plugins via NixOS configuration, set <literal>services.postgresql.extraPlugins</literal>:
 <programlisting>
-<xref linkend="opt-services.postgresql.package"/> = pkgs.postgresql_11;
+services.postgresql.package = pkgs.postgresql_11;
-<xref linkend="opt-services.postgresql.extraPlugins"/> = with pkgs.postgresql_11.pkgs; [
+services.postgresql.extraPlugins = with pkgs.postgresql_11.pkgs; [
  pg_repack
  postgis
 ];
--- a/nixos/modules/services/desktops/flatpak.xml
+++ b/nixos/modules/services/desktops/flatpak.xml
@@ -20,7 +20,7 @@
  To enable Flatpak, add the following to your
  <filename>configuration.nix</filename>:
 <programlisting>
-  <xref linkend="opt-services.flatpak.enable"/> = true;
+  services.flatpak.enable = true;
 </programlisting>
 </para>
 <para>
@@ -29,7 +29,7 @@
  in other cases, you will need to add something like the following to your
  <filename>configuration.nix</filename>:
 <programlisting>
-  <xref linkend="opt-xdg.portal.extraPortals"/> = [ pkgs.xdg-desktop-portal-gtk ];
+  xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
 </programlisting>
 </para>
 <para>
--- a/nixos/modules/services/editors/emacs.xml
+++ b/nixos/modules/services/editors/emacs.xml
@@ -375,8 +375,8 @@ in [...]
    To install and enable the <command>systemd</command> user service for Emacs
    daemon, add the following to your <filename>configuration.nix</filename>:
 <programlisting>
-<xref linkend="opt-services.emacs.enable"/> = true;
+services.emacs.enable = true;
-<xref linkend="opt-services.emacs.package"/> = import /home/cassou/.emacs.d { pkgs = pkgs; };
+services.emacs.package = import /home/cassou/.emacs.d { pkgs = pkgs; };
 </programlisting>
   </para>
@@ -459,8 +459,8 @@ emacsclient --create-frame --tty  # opens a new frame on the current terminal
    Emacs daemon is not wanted for all users, it is possible to install the
    service but not globally enable it:
 <programlisting>
-<xref linkend="opt-services.emacs.enable"/> = false;
+services.emacs.enable = false;
-<xref linkend="opt-services.emacs.install"/> = true;
+services.emacs.install = true;
 </programlisting>
   </para>
--- a/nixos/modules/services/hardware/trezord.xml
+++ b/nixos/modules/services/hardware/trezord.xml
@@ -19,7 +19,7 @@
 <para>
  To enable Trezor support, add the following to your <filename>configuration.nix</filename>:
 <programlisting>
-<xref linkend="opt-services.trezord.enable"/> = true;
+services.trezord.enable = true;
 </programlisting>
  This will add all necessary udev rules and start Trezor Bridge.
 </para>
--- a/nixos/modules/services/mail/mailman.xml
+++ b/nixos/modules/services/mail/mailman.xml
@@ -28,14 +28,14 @@
    };
  };
  services.mailman = {
-    <link linkend="opt-services.mailman.enable">enable</link> = true;
+    enable = true;
-    <link linkend="opt-services.mailman.serve.enable">serve.enable</link> = true;
+    serve.enable = true;
-    <link linkend="opt-services.mailman.hyperkitty.enable">hyperkitty.enable</link> = true;
+    hyperkitty.enable = true;
-    <link linkend="opt-services.mailman.webHosts">webHosts</link> = ["lists.example.org"];
+    webHosts = ["lists.example.org"];
-    <link linkend="opt-services.mailman.siteOwner">siteOwner</link> = "mailman@example.org";
+    siteOwner = "mailman@example.org";
  };
-  <link linkend="opt-services.nginx.virtualHosts._name_.enableACME">services.nginx.virtualHosts."lists.example.org".enableACME</link> = true;
+  services.nginx.virtualHosts."lists.example.org".enableACME = true;
-  <link linkend="opt-networking.firewall.allowedTCPPorts">networking.firewall.allowedTCPPorts</link> = [ 25 80 443 ];
+  networking.firewall.allowedTCPPorts = [ 25 80 443 ];
 }</programlisting>
    </para>
    <para>
@@ -65,7 +65,7 @@
    mailman = {
      enable = true;
      siteOwner = "mailman@example.org";
-      <link linkend="opt-services.mailman.enablePostfix">enablePostfix</link> = false;
+      enablePostfix = false;
      settings.mta = {
        incoming = "mailman.mta.exim4.LMTP";
        outgoing = "mailman.mta.deliver.deliver";
--- a/nixos/modules/services/matrix/mjolnir.xml
+++ b/nixos/modules/services/matrix/mjolnir.xml
@@ -67,16 +67,16 @@
 {
  services.mjolnir = {
    enable = true;
-    <link linkend="opt-services.mjolnir.homeserverUrl">homeserverUrl</link> = "https://matrix.domain.tld";
+    homeserverUrl = "https://matrix.domain.tld";
-    <link linkend="opt-services.mjolnir.pantalaimon">pantalaimon</link> = {
+    pantalaimon = {
-       <link linkend="opt-services.mjolnir.pantalaimon.enable">enable</link> = true;
+       enable = true;
-       <link linkend="opt-services.mjolnir.pantalaimon.username">username</link> = "mjolnir";
+       username = "mjolnir";
-       <link linkend="opt-services.mjolnir.pantalaimon.passwordFile">passwordFile</link> = "/run/secrets/mjolnir-password";
+       passwordFile = "/run/secrets/mjolnir-password";
    };
-    <link linkend="opt-services.mjolnir.protectedRooms">protectedRooms</link> = [
+    protectedRooms = [
      "https://matrix.to/#/!xxx:domain.tld"
    ];
-    <link linkend="opt-services.mjolnir.managementRoom">managementRoom</link> = "!yyy:domain.tld";
+    managementRoom = "!yyy:domain.tld";
  };
 }
 </programlisting>
--- a/nixos/modules/services/matrix/synapse.xml
+++ b/nixos/modules/services/matrix/synapse.xml
@@ -47,12 +47,12 @@ let
    return 200 '${builtins.toJSON data}';
  '';
 in {
-  <xref linkend="opt-networking.hostName" /> = "myhostname";
+  networking.hostName = "myhostname";
-  <xref linkend="opt-networking.domain" /> = "example.org";
+  networking.domain = "example.org";
-  <xref linkend="opt-networking.firewall.allowedTCPPorts" /> = [ 80 443 ];
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
-  <xref linkend="opt-services.postgresql.enable" /> = true;
+  services.postgresql.enable = true;
-  <xref linkend="opt-services.postgresql.initialScript" /> = pkgs.writeText "synapse-init.sql" ''
+  services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" ''
    CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
    CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
      TEMPLATE template0
@@ -61,42 +61,42 @@ in {
  '';
  services.nginx = {
-    <link linkend="opt-services.nginx.enable">enable</link> = true;
+    enable = true;
-    <link linkend="opt-services.nginx.recommendedTlsSettings">recommendedTlsSettings</link> = true;
+    recommendedTlsSettings = true;
-    <link linkend="opt-services.nginx.recommendedOptimisation">recommendedOptimisation</link> = true;
+    recommendedOptimisation = true;
-    <link linkend="opt-services.nginx.recommendedGzipSettings">recommendedGzipSettings</link> = true;
+    recommendedGzipSettings = true;
-    <link linkend="opt-services.nginx.recommendedProxySettings">recommendedProxySettings</link> = true;
+    recommendedProxySettings = true;
-    <link linkend="opt-services.nginx.virtualHosts">virtualHosts</link> = {
+    virtualHosts = {
      "${config.networking.domain}" = { <co xml:id='ex-matrix-synapse-dns' />
-        <link linkend="opt-services.nginx.virtualHosts._name_.enableACME">enableACME</link> = true;
+        enableACME = true;
-        <link linkend="opt-services.nginx.virtualHosts._name_.forceSSL">forceSSL</link> = true;
+        forceSSL = true;
-        <link linkend="opt-services.nginx.virtualHosts._name_.locations._name_.extraConfig">locations."= /.well-known/matrix/server".extraConfig</link> = mkWellKnown serverConfig; <co xml:id='ex-matrix-synapse-well-known-server' />
+        locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; <co xml:id='ex-matrix-synapse-well-known-server' />
-        <link linkend="opt-services.nginx.virtualHosts._name_.locations._name_.extraConfig">locations."= /.well-known/matrix/client".extraConfig</link> = mkWellKnown clientConfig; <co xml:id='ex-matrix-synapse-well-known-client' />
+        locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; <co xml:id='ex-matrix-synapse-well-known-client' />
      };
      "${fqdn}" = {
-        <link linkend="opt-services.nginx.virtualHosts._name_.enableACME">enableACME</link> = true;
+        enableACME = true;
-        <link linkend="opt-services.nginx.virtualHosts._name_.forceSSL">forceSSL</link> = true;
+        forceSSL = true;
-        <link linkend="opt-services.nginx.virtualHosts._name_.locations._name_.extraConfig">locations."/".extraConfig</link> = '' <co xml:id='ex-matrix-synapse-rev-default' />
+        locations."/".extraConfig = '' <co xml:id='ex-matrix-synapse-rev-default' />
          return 404;
        '';
-        <link linkend="opt-services.nginx.virtualHosts._name_.locations._name_.proxyPass">locations."/_matrix".proxyPass</link> = "http://[::1]:8008"; <co xml:id='ex-matrix-synapse-rev-proxy-pass' />
+        locations."/_matrix".proxyPass = "http://[::1]:8008"; <co xml:id='ex-matrix-synapse-rev-proxy-pass' />
-        <link linkend="opt-services.nginx.virtualHosts._name_.locations._name_.proxyPass">locations."/_synapse/client".proxyPass</link> = "http://[::1]:8008"; <co xml:id='ex-matrix-synapse-rev-client' />
+        locations."/_synapse/client".proxyPass = "http://[::1]:8008"; <co xml:id='ex-matrix-synapse-rev-client' />
      };
    };
  };
  services.matrix-synapse = {
-    <link linkend="opt-services.matrix-synapse.enable">enable</link> = true;
+    enable = true;
-    <link linkend="opt-services.matrix-synapse.settings.server_name">settings.server_name</link> = config.networking.domain;
+    settings.server_name = config.networking.domain;
-    <link linkend="opt-services.matrix-synapse.settings.listeners">settings.listeners</link> = [
+    settings.listeners = [
-      { <link linkend="opt-services.matrix-synapse.settings.listeners._.port">port</link> = 8008;
+      { port = 8008;
-        <link linkend="opt-services.matrix-synapse.settings.listeners._.bind_addresses">bind_addresses</link> = [ "::1" ];
+        bind_addresses = [ "::1" ];
-        <link linkend="opt-services.matrix-synapse.settings.listeners._.type">type</link> = "http";
+        type = "http";
-        <link linkend="opt-services.matrix-synapse.settings.listeners._.tls">tls</link> = false;
+        tls = false;
-        <link linkend="opt-services.matrix-synapse.settings.listeners._.x_forwarded">x_forwarded</link> = true;
+        x_forwarded = true;
-        <link linkend="opt-services.matrix-synapse.settings.listeners._.resources">resources</link> = [ {
+        resources = [ {
-          <link linkend="opt-services.matrix-synapse.settings.listeners._.resources._.names">names</link> = [ "client" "federation" ];
+          names = [ "client" "federation" ];
-          <link linkend="opt-services.matrix-synapse.settings.listeners._.resources._.compress">compress</link> = true;
+          compress = true;
        } ];
      }
    ];
@@ -159,7 +159,7 @@ in {
  <title>Registering Matrix users</title>
  <para>
   If you want to run a server with public registration by anybody, you can
-   then enable <literal><link linkend="opt-services.matrix-synapse.settings.enable_registration">services.matrix-synapse.settings.enable_registration</link> =
+   then enable <literal>services.matrix-synapse.settings.enable_registration =
   true;</literal>. Otherwise, or you can generate a registration secret with
   <command>pwgen -s 64 1</command> and set it with
   <option><link linkend="opt-services.matrix-synapse.settings.registration_shared_secret">services.matrix-synapse.settings.registration_shared_secret</link></option>.
@@ -202,7 +202,7 @@ Success!
        Include the file like this in your configuration:
 <programlisting>
 {
-  <xref linkend="opt-services.matrix-synapse.extraConfigFiles" /> = [
+  services.matrix-synapse.extraConfigFiles = [
    "/run/secrets/matrix-shared-secret"
  ];
 }
@@ -244,13 +244,13 @@ Success!
 <programlisting>
 {
  services.nginx.virtualHosts."element.${fqdn}" = {
-    <link linkend="opt-services.nginx.virtualHosts._name_.enableACME">enableACME</link> = true;
+    enableACME = true;
-    <link linkend="opt-services.nginx.virtualHosts._name_.forceSSL">forceSSL</link> = true;
+    forceSSL = true;
-    <link linkend="opt-services.nginx.virtualHosts._name_.serverAliases">serverAliases</link> = [
+    serverAliases = [
      "element.${config.networking.domain}"
    ];
-    <link linkend="opt-services.nginx.virtualHosts._name_.root">root</link> = pkgs.element-web.override {
+    root = pkgs.element-web.override {
      conf = {
        default_server_config = clientConfig; # see `clientConfig` from the snippet above.
      };
--- a/nixos/modules/services/misc/gitlab.xml
+++ b/nixos/modules/services/misc/gitlab.xml
@@ -20,16 +20,16 @@
   For instance, the following configuration could be used to use nginx as
   frontend proxy:
 <programlisting>
-<link linkend="opt-services.nginx.enable">services.nginx</link> = {
+services.nginx = {
-  <link linkend="opt-services.nginx.enable">enable</link> = true;
+  enable = true;
-  <link linkend="opt-services.nginx.recommendedGzipSettings">recommendedGzipSettings</link> = true;
+  recommendedGzipSettings = true;
-  <link linkend="opt-services.nginx.recommendedOptimisation">recommendedOptimisation</link> = true;
+  recommendedOptimisation = true;
-  <link linkend="opt-services.nginx.recommendedProxySettings">recommendedProxySettings</link> = true;
+  recommendedProxySettings = true;
-  <link linkend="opt-services.nginx.recommendedTlsSettings">recommendedTlsSettings</link> = true;
+  recommendedTlsSettings = true;
-  <link linkend="opt-services.nginx.virtualHosts">virtualHosts</link>."git.example.com" = {
+  virtualHosts."git.example.com" = {
-    <link linkend="opt-services.nginx.virtualHosts._name_.enableACME">enableACME</link> = true;
+    enableACME = true;
-    <link linkend="opt-services.nginx.virtualHosts._name_.forceSSL">forceSSL</link> = true;
+    forceSSL = true;
-    <link linkend="opt-services.nginx.virtualHosts._name_.locations._name_.proxyPass">locations."/".proxyPass</link> = "http://unix:/run/gitlab/gitlab-workhorse.socket";
+    locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
  };
 };
 </programlisting>
@@ -53,26 +53,26 @@
   A basic configuration with some custom settings could look like this:
 <programlisting>
 services.gitlab = {
-  <link linkend="opt-services.gitlab.enable">enable</link> = true;
+  enable = true;
-  <link linkend="opt-services.gitlab.databasePasswordFile">databasePasswordFile</link> = "/var/keys/gitlab/db_password";
+  databasePasswordFile = "/var/keys/gitlab/db_password";
-  <link linkend="opt-services.gitlab.initialRootPasswordFile">initialRootPasswordFile</link> = "/var/keys/gitlab/root_password";
+  initialRootPasswordFile = "/var/keys/gitlab/root_password";
-  <link linkend="opt-services.gitlab.https">https</link> = true;
+  https = true;
-  <link linkend="opt-services.gitlab.host">host</link> = "git.example.com";
+  host = "git.example.com";
-  <link linkend="opt-services.gitlab.port">port</link> = 443;
+  port = 443;
-  <link linkend="opt-services.gitlab.user">user</link> = "git";
+  user = "git";
-  <link linkend="opt-services.gitlab.group">group</link> = "git";
+  group = "git";
  smtp = {
-    <link linkend="opt-services.gitlab.smtp.enable">enable</link> = true;
+    enable = true;
-    <link linkend="opt-services.gitlab.smtp.address">address</link> = "localhost";
+    address = "localhost";
-    <link linkend="opt-services.gitlab.smtp.port">port</link> = 25;
+    port = 25;
  };
  secrets = {
-    <link linkend="opt-services.gitlab.secrets.dbFile">dbFile</link> = "/var/keys/gitlab/db";
+    dbFile = "/var/keys/gitlab/db";
-    <link linkend="opt-services.gitlab.secrets.secretFile">secretFile</link> = "/var/keys/gitlab/secret";
+    secretFile = "/var/keys/gitlab/secret";
-    <link linkend="opt-services.gitlab.secrets.otpFile">otpFile</link> = "/var/keys/gitlab/otp";
+    otpFile = "/var/keys/gitlab/otp";
-    <link linkend="opt-services.gitlab.secrets.jwsFile">jwsFile</link> = "/var/keys/gitlab/jws";
+    jwsFile = "/var/keys/gitlab/jws";
  };
-  <link linkend="opt-services.gitlab.extraConfig">extraConfig</link> = {
+  extraConfig = {
    gitlab = {
      email_from = "gitlab-no-reply@example.com";
      email_display_name = "Example GitLab";
--- a/nixos/modules/services/misc/sourcehut/sourcehut.xml
+++ b/nixos/modules/services/misc/sourcehut/sourcehut.xml
@@ -15,11 +15,11 @@
  <para>
   Sourcehut is a Python and Go based set of applications.
   This NixOS module also provides basic configuration integrating Sourcehut into locally running
-   <literal><link linkend="opt-services.nginx.enable">services.nginx</link></literal>,
+   <literal>services.nginx</literal>,
-   <literal><link linkend="opt-services.redis.servers">services.redis.servers.sourcehut</link></literal>,
+   <literal>services.redis.servers.sourcehut</literal>,
-   <literal><link linkend="opt-services.postfix.enable">services.postfix</link></literal>
+   <literal>services.postfix</literal>
   and
-   <literal><link linkend="opt-services.postgresql.enable">services.postgresql</link></literal> services.
+   <literal>services.postgresql</literal> services.
  </para>
  <para>
@@ -34,21 +34,21 @@ let
 in {
  networking = {
-    <link linkend="opt-networking.hostName">hostName</link> = "srht";
+    hostName = "srht";
-    <link linkend="opt-networking.domain">domain</link> = "tld";
+    domain = "tld";
-    <link linkend="opt-networking.firewall.allowedTCPPorts">firewall.allowedTCPPorts</link> = [ 22 80 443 ];
+    firewall.allowedTCPPorts = [ 22 80 443 ];
  };
  services.sourcehut = {
-    <link linkend="opt-services.sourcehut.enable">enable</link> = true;
+    enable = true;
-    <link linkend="opt-services.sourcehut.git.enable">git.enable</link> = true;
+    git.enable = true;
-    <link linkend="opt-services.sourcehut.man.enable">man.enable</link> = true;
+    man.enable = true;
-    <link linkend="opt-services.sourcehut.meta.enable">meta.enable</link> = true;
+    meta.enable = true;
-    <link linkend="opt-services.sourcehut.nginx.enable">nginx.enable</link> = true;
+    nginx.enable = true;
-    <link linkend="opt-services.sourcehut.postfix.enable">postfix.enable</link> = true;
+    postfix.enable = true;
-    <link linkend="opt-services.sourcehut.postgresql.enable">postgresql.enable</link> = true;
+    postgresql.enable = true;
-    <link linkend="opt-services.sourcehut.redis.enable">redis.enable</link> = true;
+    redis.enable = true;
-    <link linkend="opt-services.sourcehut.settings">settings</link> = {
+    settings = {
        "sr.ht" = {
          environment = "production";
          global-domain = fqdn;
@@ -61,26 +61,26 @@ in {
    };
  };
-  <link linkend="opt-security.acme.certs._name_.extraDomainNames">security.acme.certs."${fqdn}".extraDomainNames</link> = [
+  security.acme.certs."${fqdn}".extraDomainNames = [
    "meta.${fqdn}"
    "man.${fqdn}"
    "git.${fqdn}"
  ];
  services.nginx = {
-    <link linkend="opt-services.nginx.enable">enable</link> = true;
+    enable = true;
    # only recommendedProxySettings are strictly required, but the rest make sense as well.
-    <link linkend="opt-services.nginx.recommendedTlsSettings">recommendedTlsSettings</link> = true;
+    recommendedTlsSettings = true;
-    <link linkend="opt-services.nginx.recommendedOptimisation">recommendedOptimisation</link> = true;
+    recommendedOptimisation = true;
-    <link linkend="opt-services.nginx.recommendedGzipSettings">recommendedGzipSettings</link> = true;
+    recommendedGzipSettings = true;
-    <link linkend="opt-services.nginx.recommendedProxySettings">recommendedProxySettings</link> = true;
+    recommendedProxySettings = true;
    # Settings to setup what certificates are used for which endpoint.
-    <link linkend="opt-services.nginx.virtualHosts">virtualHosts</link> = {
+    virtualHosts = {
-      <link linkend="opt-services.nginx.virtualHosts._name_.enableACME">"${fqdn}".enableACME</link> = true;
+      "${fqdn}".enableACME = true;
-      <link linkend="opt-services.nginx.virtualHosts._name_.useACMEHost">"meta.${fqdn}".useACMEHost</link> = fqdn:
+      "meta.${fqdn}".useACMEHost = fqdn:
-      <link linkend="opt-services.nginx.virtualHosts._name_.useACMEHost">"man.${fqdn}".useACMEHost</link> = fqdn:
+      "man.${fqdn}".useACMEHost = fqdn:
-      <link linkend="opt-services.nginx.virtualHosts._name_.useACMEHost">"git.${fqdn}".useACMEHost</link> = fqdn:
+      "git.${fqdn}".useACMEHost = fqdn:
    };
  };
 }
--- a/nixos/modules/services/misc/taskserver/doc.xml
+++ b/nixos/modules/services/misc/taskserver/doc.xml
@@ -91,10 +91,10 @@
   For example, let's say you have the following configuration:
 <screen>
 {
-  <xref linkend="opt-services.taskserver.enable"/> = true;
+  services.taskserver.enable = true;
-  <xref linkend="opt-services.taskserver.fqdn"/> = "server";
+  services.taskserver.fqdn = "server";
-  <xref linkend="opt-services.taskserver.listenHost"/> = "::";
+  services.taskserver.listenHost = "::";
-  <link linkend="opt-services.taskserver.organisations._name_.users">services.taskserver.organisations.my-company.users</link> = [ "alice" ];
+  services.taskserver.organisations.my-company.users = [ "alice" ];
 }
 </screen>
   This creates an organisation called <literal>my-company</literal> with the
--- a/nixos/modules/services/misc/weechat.xml
+++ b/nixos/modules/services/misc/weechat.xml
@@ -25,7 +25,7 @@
 { ... }:
 {
-  <link linkend="opt-services.weechat.enable">services.weechat.enable</link> = true;
+  services.weechat.enable = true;
 }
 </programlisting>
  </para>
@@ -46,7 +46,7 @@
   support:
 <programlisting>
 {
-  <link linkend="opt-programs.screen.screenrc">programs.screen.screenrc</link> = ''
+  programs.screen.screenrc = ''
    multiuser on
    acladd normal_user
  '';
--- a/nixos/modules/services/networking/prosody.xml
+++ b/nixos/modules/services/networking/prosody.xml
@@ -38,21 +38,21 @@
    endpoint will look like this:
    <programlisting>
 services.prosody = {
-  <link linkend="opt-services.prosody.enable">enable</link> = true;
+  enable = true;
-  <link linkend="opt-services.prosody.admins">admins</link> = [ "root@example.org" ];
+  admins = [ "root@example.org" ];
-  <link linkend="opt-services.prosody.ssl.cert">ssl.cert</link> = "/var/lib/acme/example.org/fullchain.pem";
+  ssl.cert = "/var/lib/acme/example.org/fullchain.pem";
-  <link linkend="opt-services.prosody.ssl.key">ssl.key</link> = "/var/lib/acme/example.org/key.pem";
+  ssl.key = "/var/lib/acme/example.org/key.pem";
-  <link linkend="opt-services.prosody.virtualHosts">virtualHosts</link>."example.org" = {
+  virtualHosts."example.org" = {
-      <link linkend="opt-services.prosody.virtualHosts._name_.enabled">enabled</link> = true;
+      enabled = true;
-      <link linkend="opt-services.prosody.virtualHosts._name_.domain">domain</link> = "example.org";
+      domain = "example.org";
-      <link linkend="opt-services.prosody.virtualHosts._name_.ssl.cert">ssl.cert</link> = "/var/lib/acme/example.org/fullchain.pem";
+      ssl.cert = "/var/lib/acme/example.org/fullchain.pem";
-      <link linkend="opt-services.prosody.virtualHosts._name_.ssl.key">ssl.key</link> = "/var/lib/acme/example.org/key.pem";
+      ssl.key = "/var/lib/acme/example.org/key.pem";
  };
-  <link linkend="opt-services.prosody.muc">muc</link> = [ {
+  muc = [ {
-      <link linkend="opt-services.prosody.muc">domain</link> = "conference.example.org";
+      domain = "conference.example.org";
  } ];
-  <link linkend="opt-services.prosody.uploadHttp">uploadHttp</link> = {
+  uploadHttp = {
-      <link linkend="opt-services.prosody.uploadHttp.domain">domain</link> = "upload.example.org";
+      domain = "upload.example.org";
  };
 };</programlisting>
  </para>
@@ -72,13 +72,13 @@ services.prosody = {
   a TLS certificate for the three endponits:
    <programlisting>
 security.acme = {
-  <link linkend="opt-security.acme.defaults.email">email</link> = "root@example.org";
+  email = "root@example.org";
-  <link linkend="opt-security.acme.acceptTerms">acceptTerms</link> = true;
+  acceptTerms = true;
-  <link linkend="opt-security.acme.certs">certs</link> = {
+  certs = {
    "example.org" = {
-      <link linkend="opt-security.acme.certs._name_.webroot">webroot</link> = "/var/www/example.org";
+      webroot = "/var/www/example.org";
-      <link linkend="opt-security.acme.certs._name_.email">email</link> = "root@example.org";
+      email = "root@example.org";
-      <link linkend="opt-security.acme.certs._name_.extraDomainNames">extraDomainNames</link> = [ "conference.example.org" "upload.example.org" ];
+      extraDomainNames = [ "conference.example.org" "upload.example.org" ];
    };
  };
 };</programlisting>
--- a/nixos/modules/services/web-apps/discourse.xml
+++ b/nixos/modules/services/web-apps/discourse.xml
@@ -15,18 +15,18 @@
     A minimal configuration using Let's Encrypt for TLS certificates looks like this:
 <programlisting>
 services.discourse = {
-  <link linkend="opt-services.discourse.enable">enable</link> = true;
+  enable = true;
-  <link linkend="opt-services.discourse.hostname">hostname</link> = "discourse.example.com";
+  hostname = "discourse.example.com";
  admin = {
-    <link linkend="opt-services.discourse.admin.email">email</link> = "admin@example.com";
+    email = "admin@example.com";
-    <link linkend="opt-services.discourse.admin.username">username</link> = "admin";
+    username = "admin";
-    <link linkend="opt-services.discourse.admin.fullName">fullName</link> = "Administrator";
+    fullName = "Administrator";
-    <link linkend="opt-services.discourse.admin.passwordFile">passwordFile</link> = "/path/to/password_file";
+    passwordFile = "/path/to/password_file";
  };
-  <link linkend="opt-services.discourse.secretKeyBaseFile">secretKeyBaseFile</link> = "/path/to/secret_key_base_file";
+  secretKeyBaseFile = "/path/to/secret_key_base_file";
 };
-<link linkend="opt-security.acme.defaults.email">security.acme.email</link> = "me@example.com";
+security.acme.email = "me@example.com";
-<link linkend="opt-security.acme.acceptTerms">security.acme.acceptTerms</link> = true;
+security.acme.acceptTerms = true;
 </programlisting>
   </para>
@@ -48,17 +48,17 @@ services.discourse = {
 <programlisting>
 services.discourse = {
-  <link linkend="opt-services.discourse.enable">enable</link> = true;
+  enable = true;
-  <link linkend="opt-services.discourse.hostname">hostname</link> = "discourse.example.com";
+  hostname = "discourse.example.com";
-  <link linkend="opt-services.discourse.sslCertificate">sslCertificate</link> = "/path/to/ssl_certificate";
+  sslCertificate = "/path/to/ssl_certificate";
-  <link linkend="opt-services.discourse.sslCertificateKey">sslCertificateKey</link> = "/path/to/ssl_certificate_key";
+  sslCertificateKey = "/path/to/ssl_certificate_key";
  admin = {
-    <link linkend="opt-services.discourse.admin.email">email</link> = "admin@example.com";
+    email = "admin@example.com";
-    <link linkend="opt-services.discourse.admin.username">username</link> = "admin";
+    username = "admin";
-    <link linkend="opt-services.discourse.admin.fullName">fullName</link> = "Administrator";
+    fullName = "Administrator";
-    <link linkend="opt-services.discourse.admin.passwordFile">passwordFile</link> = "/path/to/password_file";
+    passwordFile = "/path/to/password_file";
  };
-  <link linkend="opt-services.discourse.secretKeyBaseFile">secretKeyBaseFile</link> = "/path/to/secret_key_base_file";
+  secretKeyBaseFile = "/path/to/secret_key_base_file";
 };
 </programlisting>
@@ -108,24 +108,24 @@ services.discourse = {
 <programlisting>
 services.discourse = {
-  <link linkend="opt-services.discourse.enable">enable</link> = true;
+  enable = true;
-  <link linkend="opt-services.discourse.hostname">hostname</link> = "discourse.example.com";
+  hostname = "discourse.example.com";
-  <link linkend="opt-services.discourse.sslCertificate">sslCertificate</link> = "/path/to/ssl_certificate";
+  sslCertificate = "/path/to/ssl_certificate";
-  <link linkend="opt-services.discourse.sslCertificateKey">sslCertificateKey</link> = "/path/to/ssl_certificate_key";
+  sslCertificateKey = "/path/to/ssl_certificate_key";
  admin = {
-    <link linkend="opt-services.discourse.admin.email">email</link> = "admin@example.com";
+    email = "admin@example.com";
-    <link linkend="opt-services.discourse.admin.username">username</link> = "admin";
+    username = "admin";
-    <link linkend="opt-services.discourse.admin.fullName">fullName</link> = "Administrator";
+    fullName = "Administrator";
-    <link linkend="opt-services.discourse.admin.passwordFile">passwordFile</link> = "/path/to/password_file";
+    passwordFile = "/path/to/password_file";
  };
  mail.outgoing = {
-    <link linkend="opt-services.discourse.mail.outgoing.serverAddress">serverAddress</link> = "smtp.emailprovider.com";
+    serverAddress = "smtp.emailprovider.com";
-    <link linkend="opt-services.discourse.mail.outgoing.port">port</link> = 587;
+    port = 587;
-    <link linkend="opt-services.discourse.mail.outgoing.username">username</link> = "user@emailprovider.com";
+    username = "user@emailprovider.com";
-    <link linkend="opt-services.discourse.mail.outgoing.passwordFile">passwordFile</link> = "/path/to/smtp_password_file";
+    passwordFile = "/path/to/smtp_password_file";
  };
-  <link linkend="opt-services.discourse.mail.incoming.enable">mail.incoming.enable</link> = true;
+  mail.incoming.enable = true;
-  <link linkend="opt-services.discourse.secretKeyBaseFile">secretKeyBaseFile</link> = "/path/to/secret_key_base_file";
+  secretKeyBaseFile = "/path/to/secret_key_base_file";
 };
 </programlisting>
@@ -210,24 +210,24 @@ services.discourse = {
       and changes a few request limits in the backend settings:
 <programlisting>
 services.discourse = {
-  <link linkend="opt-services.discourse.enable">enable</link> = true;
+  enable = true;
-  <link linkend="opt-services.discourse.hostname">hostname</link> = "discourse.example.com";
+  hostname = "discourse.example.com";
-  <link linkend="opt-services.discourse.sslCertificate">sslCertificate</link> = "/path/to/ssl_certificate";
+  sslCertificate = "/path/to/ssl_certificate";
-  <link linkend="opt-services.discourse.sslCertificateKey">sslCertificateKey</link> = "/path/to/ssl_certificate_key";
+  sslCertificateKey = "/path/to/ssl_certificate_key";
  admin = {
-    <link linkend="opt-services.discourse.admin.email">email</link> = "admin@example.com";
+    email = "admin@example.com";
-    <link linkend="opt-services.discourse.admin.username">username</link> = "admin";
+    username = "admin";
-    <link linkend="opt-services.discourse.admin.fullName">fullName</link> = "Administrator";
+    fullName = "Administrator";
-    <link linkend="opt-services.discourse.admin.passwordFile">passwordFile</link> = "/path/to/password_file";
+    passwordFile = "/path/to/password_file";
  };
  mail.outgoing = {
-    <link linkend="opt-services.discourse.mail.outgoing.serverAddress">serverAddress</link> = "smtp.emailprovider.com";
+    serverAddress = "smtp.emailprovider.com";
-    <link linkend="opt-services.discourse.mail.outgoing.port">port</link> = 587;
+    port = 587;
-    <link linkend="opt-services.discourse.mail.outgoing.username">username</link> = "user@emailprovider.com";
+    username = "user@emailprovider.com";
-    <link linkend="opt-services.discourse.mail.outgoing.passwordFile">passwordFile</link> = "/path/to/smtp_password_file";
+    passwordFile = "/path/to/smtp_password_file";
  };
-  <link linkend="opt-services.discourse.mail.incoming.enable">mail.incoming.enable</link> = true;
+  mail.incoming.enable = true;
-  <link linkend="opt-services.discourse.siteSettings">siteSettings</link> = {
+  siteSettings = {
    required = {
      title = "My Cats";
      site_description = "Discuss My Cats (and be nice plz)";
@@ -238,13 +238,13 @@ services.discourse = {
      github_client_secret._secret = /run/keys/discourse_github_client_secret;
    };
  };
-  <link linkend="opt-services.discourse.backendSettings">backendSettings</link> = {
+  backendSettings = {
    max_reqs_per_ip_per_minute = 300;
    max_reqs_per_ip_per_10_seconds = 60;
    max_asset_reqs_per_ip_per_10_seconds = 250;
    max_reqs_per_ip_mode = "warn+block";
  };
-  <link linkend="opt-services.discourse.secretKeyBaseFile">secretKeyBaseFile</link> = "/path/to/secret_key_base_file";
+  secretKeyBaseFile = "/path/to/secret_key_base_file";
 };
 </programlisting>
     </para>
@@ -320,33 +320,33 @@ services.discourse = {
 <programlisting>
 services.discourse = {
-  <link linkend="opt-services.discourse.enable">enable</link> = true;
+  enable = true;
-  <link linkend="opt-services.discourse.hostname">hostname</link> = "discourse.example.com";
+  hostname = "discourse.example.com";
-  <link linkend="opt-services.discourse.sslCertificate">sslCertificate</link> = "/path/to/ssl_certificate";
+  sslCertificate = "/path/to/ssl_certificate";
-  <link linkend="opt-services.discourse.sslCertificateKey">sslCertificateKey</link> = "/path/to/ssl_certificate_key";
+  sslCertificateKey = "/path/to/ssl_certificate_key";
  admin = {
-    <link linkend="opt-services.discourse.admin.email">email</link> = "admin@example.com";
+    email = "admin@example.com";
-    <link linkend="opt-services.discourse.admin.username">username</link> = "admin";
+    username = "admin";
-    <link linkend="opt-services.discourse.admin.fullName">fullName</link> = "Administrator";
+    fullName = "Administrator";
-    <link linkend="opt-services.discourse.admin.passwordFile">passwordFile</link> = "/path/to/password_file";
+    passwordFile = "/path/to/password_file";
  };
  mail.outgoing = {
-    <link linkend="opt-services.discourse.mail.outgoing.serverAddress">serverAddress</link> = "smtp.emailprovider.com";
+    serverAddress = "smtp.emailprovider.com";
-    <link linkend="opt-services.discourse.mail.outgoing.port">port</link> = 587;
+    port = 587;
-    <link linkend="opt-services.discourse.mail.outgoing.username">username</link> = "user@emailprovider.com";
+    username = "user@emailprovider.com";
-    <link linkend="opt-services.discourse.mail.outgoing.passwordFile">passwordFile</link> = "/path/to/smtp_password_file";
+    passwordFile = "/path/to/smtp_password_file";
  };
-  <link linkend="opt-services.discourse.mail.incoming.enable">mail.incoming.enable</link> = true;
+  mail.incoming.enable = true;
-  <link linkend="opt-services.discourse.mail.incoming.enable">plugins</link> = with config.services.discourse.package.plugins; [
+  plugins = with config.services.discourse.package.plugins; [
    discourse-spoiler-alert
    discourse-solved
  ];
-  <link linkend="opt-services.discourse.siteSettings">siteSettings</link> = {
+  siteSettings = {
    plugins = {
      spoiler_enabled = false;
    };
  };
-  <link linkend="opt-services.discourse.secretKeyBaseFile">secretKeyBaseFile</link> = "/path/to/secret_key_base_file";
+  secretKeyBaseFile = "/path/to/secret_key_base_file";
 };
 </programlisting>
--- a/nixos/modules/services/web-apps/grocy.xml
+++ b/nixos/modules/services/web-apps/grocy.xml
@@ -17,8 +17,8 @@
 <programlisting>{ pkgs, ... }:
 {
  services.grocy = {
-    <link linkend="opt-services.grocy.enable">enable</link> = true;
+    enable = true;
-    <link linkend="opt-services.grocy.hostName">hostName</link> = "grocy.tld";
+    hostName = "grocy.tld";
  };
 }</programlisting>
    This configures a simple vhost using <link linkend="opt-services.nginx.enable">nginx</link>
@@ -45,19 +45,19 @@
    # The default currency in the system for invoices etc.
    # Please note that exchange rates aren't taken into account, this
    # is just the setting for what's shown in the frontend.
-    <link linkend="opt-services.grocy.settings.currency">currency</link> = "EUR";
+    currency = "EUR";
    # The display language (and locale configuration) for grocy.
-    <link linkend="opt-services.grocy.settings.currency">culture</link> = "de";
+    culture = "de";
    calendar = {
      # Whether or not to show the week-numbers
      # in the calendar.
-      <link linkend="opt-services.grocy.settings.calendar.showWeekNumber">showWeekNumber</link> = true;
+      showWeekNumber = true;
      # Index of the first day to be shown in the calendar (0=Sunday, 1=Monday,
      # 2=Tuesday and so on).
-      <link linkend="opt-services.grocy.settings.calendar.firstDayOfWeek">firstDayOfWeek</link> = 2;
+      firstDayOfWeek = 2;
    };
  };
 }</programlisting>
--- a/nixos/modules/services/web-apps/jitsi-meet.xml
+++ b/nixos/modules/services/web-apps/jitsi-meet.xml
@@ -15,13 +15,13 @@
     A minimal configuration using Let's Encrypt for TLS certificates looks like this:
 <programlisting>{
  services.jitsi-meet = {
-    <link linkend="opt-services.jitsi-meet.enable">enable</link> = true;
+    enable = true;
-    <link linkend="opt-services.jitsi-meet.enable">hostName</link> = "jitsi.example.com";
+    hostName = "jitsi.example.com";
  };
-  <link linkend="opt-services.jitsi-videobridge.openFirewall">services.jitsi-videobridge.openFirewall</link> = true;
+  services.jitsi-videobridge.openFirewall = true;
-  <link linkend="opt-networking.firewall.allowedTCPPorts">networking.firewall.allowedTCPPorts</link> = [ 80 443 ];
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
-  <link linkend="opt-security.acme.defaults.email">security.acme.email</link> = "me@example.com";
+  security.acme.email = "me@example.com";
-  <link linkend="opt-security.acme.acceptTerms">security.acme.acceptTerms</link> = true;
+  security.acme.acceptTerms = true;
 }</programlisting>
   </para>
 </section>
@@ -32,22 +32,22 @@
     Here is the minimal configuration with additional configurations:
 <programlisting>{
  services.jitsi-meet = {
-    <link linkend="opt-services.jitsi-meet.enable">enable</link> = true;
+    enable = true;
-    <link linkend="opt-services.jitsi-meet.enable">hostName</link> = "jitsi.example.com";
+    hostName = "jitsi.example.com";
-    <link linkend="opt-services.jitsi-meet.config">config</link> = {
+    config = {
      enableWelcomePage = false;
      prejoinPageEnabled = true;
      defaultLang = "fi";
    };
-    <link linkend="opt-services.jitsi-meet.interfaceConfig">interfaceConfig</link> = {
+    interfaceConfig = {
      SHOW_JITSI_WATERMARK = false;
      SHOW_WATERMARK_FOR_GUESTS = false;
    };
  };
-  <link linkend="opt-services.jitsi-videobridge.openFirewall">services.jitsi-videobridge.openFirewall</link> = true;
+  services.jitsi-videobridge.openFirewall = true;
-  <link linkend="opt-networking.firewall.allowedTCPPorts">networking.firewall.allowedTCPPorts</link> = [ 80 443 ];
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
-  <link linkend="opt-security.acme.defaults.email">security.acme.email</link> = "me@example.com";
+  security.acme.email = "me@example.com";
-  <link linkend="opt-security.acme.acceptTerms">security.acme.acceptTerms</link> = true;
+  security.acme.acceptTerms = true;
 }</programlisting>
   </para>
 </section>
--- a/nixos/modules/services/web-apps/keycloak.xml
+++ b/nixos/modules/services/web-apps/keycloak.xml
@@ -185,15 +185,15 @@
       A basic configuration with some custom settings could look like this:
 <programlisting>
 services.keycloak = {
-  <link linkend="opt-services.keycloak.enable">enable</link> = true;
+  enable = true;
  settings = {
-    <link linkend="opt-services.keycloak.settings.hostname">hostname</link> = "keycloak.example.com";
+    hostname = "keycloak.example.com";
-    <link linkend="opt-services.keycloak.settings.hostname-strict-backchannel">hostname-strict-backchannel</link> = true;
+    hostname-strict-backchannel = true;
  };
-  <link linkend="opt-services.keycloak.initialAdminPassword">initialAdminPassword</link> = "e6Wcm0RrtegMEHl";  # change on first login
+  initialAdminPassword = "e6Wcm0RrtegMEHl";  # change on first login
-  <link linkend="opt-services.keycloak.sslCertificate">sslCertificate</link> = "/run/keys/ssl_cert";
+  sslCertificate = "/run/keys/ssl_cert";
-  <link linkend="opt-services.keycloak.sslCertificateKey">sslCertificateKey</link> = "/run/keys/ssl_key";
+  sslCertificateKey = "/run/keys/ssl_key";
-  <link linkend="opt-services.keycloak.database.passwordFile">database.passwordFile</link> = "/run/keys/db_password";
+  database.passwordFile = "/run/keys/db_password";
 };
 </programlisting>
     </para>
--- a/nixos/modules/services/web-apps/nextcloud.xml
+++ b/nixos/modules/services/web-apps/nextcloud.xml
@@ -31,22 +31,22 @@
 <programlisting>{ pkgs, ... }:
 {
  services.nextcloud = {
-    <link linkend="opt-services.nextcloud.enable">enable</link> = true;
+    enable = true;
-    <link linkend="opt-services.nextcloud.hostName">hostName</link> = "nextcloud.tld";
+    hostName = "nextcloud.tld";
    config = {
-      <link linkend="opt-services.nextcloud.config.dbtype">dbtype</link> = "pgsql";
+      dbtype = "pgsql";
-      <link linkend="opt-services.nextcloud.config.dbuser">dbuser</link> = "nextcloud";
+      dbuser = "nextcloud";
-      <link linkend="opt-services.nextcloud.config.dbhost">dbhost</link> = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
+      dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
-      <link linkend="opt-services.nextcloud.config.dbname">dbname</link> = "nextcloud";
+      dbname = "nextcloud";
-      <link linkend="opt-services.nextcloud.config.adminpassFile">adminpassFile</link> = "/path/to/admin-pass-file";
+      adminpassFile = "/path/to/admin-pass-file";
-      <link linkend="opt-services.nextcloud.config.adminuser">adminuser</link> = "root";
+      adminuser = "root";
    };
  };
  services.postgresql = {
-    <link linkend="opt-services.postgresql.enable">enable</link> = true;
+    enable = true;
-    <link linkend="opt-services.postgresql.ensureDatabases">ensureDatabases</link> = [ "nextcloud" ];
+    ensureDatabases = [ "nextcloud" ];
-    <link linkend="opt-services.postgresql.ensureUsers">ensureUsers</link> = [
+    ensureUsers = [
     { name = "nextcloud";
       ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
     }
@@ -59,7 +59,7 @@
    after = ["postgresql.service"];
  };
-  <link linkend="opt-networking.firewall.allowedTCPPorts">networking.firewall.allowedTCPPorts</link> = [ 80 443 ];
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
 }</programlisting>
  </para>
@@ -199,24 +199,24 @@
  <para>
   An exemplary configuration may look like this:
 <programlisting>{ config, lib, pkgs, ... }: {
-  <link linkend="opt-services.nginx.enable">services.nginx.enable</link> = false;
+  services.nginx.enable = false;
  services.nextcloud = {
-    <link linkend="opt-services.nextcloud.enable">enable</link> = true;
+    enable = true;
-    <link linkend="opt-services.nextcloud.hostName">hostName</link> = "localhost";
+    hostName = "localhost";
    /* further, required options */
  };
-  <link linkend="opt-services.phpfpm.pools._name_.settings">services.phpfpm.pools.nextcloud.settings</link> = {
+  services.phpfpm.pools.nextcloud.settings = {
    "listen.owner" = config.services.httpd.user;
    "listen.group" = config.services.httpd.group;
  };
  services.httpd = {
-    <link linkend="opt-services.httpd.enable">enable</link> = true;
+    enable = true;
-    <link linkend="opt-services.httpd.adminAddr">adminAddr</link> = "webmaster@localhost";
+    adminAddr = "webmaster@localhost";
-    <link linkend="opt-services.httpd.extraModules">extraModules</link> = [ "proxy_fcgi" ];
+    extraModules = [ "proxy_fcgi" ];
    virtualHosts."localhost" = {
-      <link linkend="opt-services.httpd.virtualHosts._name_.documentRoot">documentRoot</link> = config.services.nextcloud.package;
+      documentRoot = config.services.nextcloud.package;
-      <link linkend="opt-services.httpd.virtualHosts._name_.extraConfig">extraConfig</link> = ''
+      extraConfig = ''
        &lt;Directory "${config.services.nextcloud.package}"&gt;
          &lt;FilesMatch "\.php$"&gt;
            &lt;If "-f %{REQUEST_FILENAME}"&gt;
--- a/nixos/modules/services/web-apps/plausible.xml
+++ b/nixos/modules/services/web-apps/plausible.xml
@@ -18,15 +18,15 @@
   After that, <package>plausible</package> can be deployed like this:
 <programlisting>{
  services.plausible = {
-    <link linkend="opt-services.plausible.enable">enable</link> = true;
+    enable = true;
    adminUser = {
-      <link linkend="opt-services.plausible.adminUser.activate">activate</link> = true; <co xml:id='ex-plausible-cfg-activate' />
+      activate = true; <co xml:id='ex-plausible-cfg-activate' />
-      <link linkend="opt-services.plausible.adminUser.email">email</link> = "admin@localhost";
+      email = "admin@localhost";
-      <link linkend="opt-services.plausible.adminUser.passwordFile">passwordFile</link> = "/run/secrets/plausible-admin-pwd";
+      passwordFile = "/run/secrets/plausible-admin-pwd";
    };
    server = {
-      <link linkend="opt-services.plausible.server.baseUrl">baseUrl</link> = "http://analytics.example.org";
+      baseUrl = "http://analytics.example.org";
-      <link linkend="opt-services.plausible.server.secretKeybaseFile">secretKeybaseFile</link> = "/run/secrets/plausible-secret-key-base"; <co xml:id='ex-plausible-cfg-secretbase' />
+      secretKeybaseFile = "/run/secrets/plausible-secret-key-base"; <co xml:id='ex-plausible-cfg-secretbase' />
    };
  };
 }</programlisting>
--- a/nixos/modules/services/x11/desktop-managers/gnome.xml
+++ b/nixos/modules/services/x11/desktop-managers/gnome.xml
@@ -18,8 +18,8 @@
  </para>
 <programlisting>
-<xref linkend="opt-services.xserver.desktopManager.gnome.enable"/> = true;
+services.xserver.desktopManager.gnome.enable = true;
-<xref linkend="opt-services.xserver.displayManager.gdm.enable"/> = true;
+services.xserver.displayManager.gdm.enable = true;
 </programlisting>
  <note>
@@ -40,7 +40,7 @@
   </para>
 <programlisting>
-<xref linkend="opt-services.gnome.core-utilities.enable"/> = false;
+services.gnome.core-utilities.enable = false;
 </programlisting>
   <para>
@@ -61,8 +61,8 @@
   </para>
 <programlisting>
-<xref linkend="opt-services.gnome.tracker-miners.enable"/> = false;
+services.gnome.tracker-miners.enable = false;
-<xref linkend="opt-services.gnome.tracker.enable"/> = false;
+services.gnome.tracker.enable = false;
 </programlisting>
   <para>
@@ -78,7 +78,7 @@
   </para>
 <programlisting>
-<xref linkend="opt-services.gnome.games.enable"/> = true;
+services.gnome.games.enable = true;
 </programlisting>
  </section>
@@ -90,7 +90,7 @@
   </para>
 <programlisting>
-<xref linkend="opt-services.gnome.core-developer-tools.enable"/> = true;
+services.gnome.core-developer-tools.enable = true;
 </programlisting>
  </section>
 </section>
@@ -103,7 +103,7 @@
  </para>
 <programlisting>
-<xref linkend="opt-services.xserver.desktopManager.gnome.flashback.enableMetacity"/> = true;
+services.xserver.desktopManager.gnome.flashback.enableMetacity = true;
 </programlisting>
  <para>
@@ -115,7 +115,7 @@
  </para>
 <programlisting>
-<xref linkend="opt-services.xserver.desktopManager.gnome.flashback.customSessions"/> = [
+services.xserver.desktopManager.gnome.flashback.customSessions = [
  {
    wmName = "xmonad";
    wmLabel = "XMonad";
@@ -162,7 +162,7 @@
  </para>
 <programlisting>
-<xref linkend="opt-environment.systemPackages"/> = [
+environment.systemPackages = [
  gnomeExtensions.dash-to-dock
  gnomeExtensions.gsconnect
  gnomeExtensions.mpris-indicator-button
@@ -211,7 +211,7 @@
 <programlisting>
 services.xserver.desktopManager.gnome = {
-  <link xlink:href="#opt-services.xserver.desktopManager.gnome.extraGSettingsOverrides">extraGSettingsOverrides</link> = ''
+  extraGSettingsOverrides = ''
    # Change default background
    [org.gnome.desktop.background]
    picture-uri='file://${pkgs.nixos-artwork.wallpapers.mosaic-blue.gnomeFilePath}'
@@ -221,7 +221,7 @@ services.xserver.desktopManager.gnome = {
    favorite-apps=['org.gnome.Photos.desktop', 'org.gnome.Nautilus.desktop']
  '';
-  <link xlink:href="#opt-services.xserver.desktopManager.gnome.extraGSettingsOverridePackages">extraGSettingsOverridePackages</link> = [
+  extraGSettingsOverridePackages = [
    pkgs.gsettings-desktop-schemas # for org.gnome.desktop
    pkgs.gnome.gnome-shell # for org.gnome.shell
  ];
--- a/nixos/modules/services/x11/desktop-managers/pantheon.xml
+++ b/nixos/modules/services/x11/desktop-managers/pantheon.xml
@@ -11,16 +11,16 @@
  <para>
   All of Pantheon is working in NixOS and the applications should be available, aside from a few <link xlink:href="https://github.com/NixOS/nixpkgs/issues/58161">exceptions</link>. To enable Pantheon, set
 <programlisting>
-<xref linkend="opt-services.xserver.desktopManager.pantheon.enable"/> = true;
+services.xserver.desktopManager.pantheon.enable = true;
 </programlisting>
   This automatically enables LightDM and Pantheon's LightDM greeter. If you'd like to disable this, set
 <programlisting>
-<xref linkend="opt-services.xserver.displayManager.lightdm.greeters.pantheon.enable"/> = false;
+services.xserver.displayManager.lightdm.greeters.pantheon.enable = false;
-<xref linkend="opt-services.xserver.displayManager.lightdm.enable"/> = false;
+services.xserver.displayManager.lightdm.enable = false;
 </programlisting>
   but please be aware using Pantheon without LightDM as a display manager will break screenlocking from the UI. The NixOS module for Pantheon installs all of Pantheon's default applications. If you'd like to not install Pantheon's apps, set
 <programlisting>
-<xref linkend="opt-services.pantheon.apps.enable"/> = false;
+services.pantheon.apps.enable = false;
 </programlisting>
   You can also use <xref linkend="opt-environment.pantheon.excludePackages"/> to remove any other app (like <package>elementary-mail</package>).
  </para>