nixos/manual: enable smart quotes for all MD chapters

2025-06-12 04:35:41 +03:00 · 2023-01-04 06:56:24 +01:00 · 2023-01-04 06:56:24 +01:00 · 23ea73b416
commit 23ea73b416
parent 03c72f224c
55 changed files with 162 additions and 163 deletions
--- a/nixos/modules/i18n/input-method/default.nix
+++ b/nixos/modules/i18n/input-method/default.nix
@ -67,7 +67,7 @@ in
  meta = {
    maintainers = with lib.maintainers; [ ericsagnes ];
    # Don't edit the docbook xml directly, edit the md and generate it:
-    # `pandoc default.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > default.xml`
+    # `pandoc default.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > default.xml`
    doc = ./default.xml;
  };
--- a/nixos/modules/i18n/input-method/default.xml
+++ b/nixos/modules/i18n/input-method/default.xml
@ -114,7 +114,7 @@ ibus.engines = with pkgs.ibus-engines; [ table table-others ];
      To use any input method, the package must be added in the
      configuration, as shown above, and also (after running
      <literal>nixos-rebuild</literal>) the input method must be added
-      from IBus' preference dialog.
+      from IBus’ preference dialog.
    </para>
    <section xml:id="module-services-input-methods-troubleshooting">
      <title>Troubleshooting</title>
@ -221,7 +221,7 @@ i18n.inputMethod = {
  <section xml:id="module-services-input-methods-uim">
    <title>Uim</title>
    <para>
-      Uim (short for &quot;universal input method&quot;) is a
+      Uim (short for <quote>universal input method</quote>) is a
      multilingual input method framework. Applications can use it
      through so-called bridges.
    </para>
@ -244,7 +244,7 @@ i18n.inputMethod = {
      Hime is an extremely easy-to-use input method framework. It is
      lightweight, stable, powerful and supports many commonly used
      input methods, including Cangjie, Zhuyin, Dayi, Rank, Shrimp,
-      Greek, Korean Pinyin, Latin Alphabet, etc...
+      Greek, Korean Pinyin, Latin Alphabet, etc…
    </para>
    <para>
      The following snippet can be used to configure Hime:
@ -258,7 +258,7 @@ i18n.inputMethod = {
  <section xml:id="module-services-input-methods-kime">
    <title>Kime</title>
    <para>
-      Kime is Korean IME. it's built with Rust language and let you get
+      Kime is Korean IME. it’s built with Rust language and let you get
      simple, safe, fast Korean typing
    </para>
    <para>
--- a/nixos/modules/programs/digitalbitbox/default.nix
+++ b/nixos/modules/programs/digitalbitbox/default.nix
@ -34,7 +34,7 @@ in
  meta = {
    # Don't edit the docbook xml directly, edit the md and generate it:
-    # `pandoc doc.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart > doc.xml`
+    # `pandoc doc.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart > doc.xml`
    doc = ./doc.xml;
    maintainers = with lib.maintainers; [ vidbina ];
  };
--- a/nixos/modules/programs/plotinus.nix
+++ b/nixos/modules/programs/plotinus.nix
@ -9,7 +9,7 @@ in
  meta = {
    maintainers = pkgs.plotinus.meta.maintainers;
    # Don't edit the docbook xml directly, edit the md and generate it:
-    # `pandoc plotinus.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > plotinus.xml`
+    # `pandoc plotinus.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > plotinus.xml`
    doc = ./plotinus.xml;
  };
--- a/nixos/modules/programs/zsh/oh-my-zsh.nix
+++ b/nixos/modules/programs/zsh/oh-my-zsh.nix
@ -143,6 +143,6 @@ in
    };
    # Don't edit the docbook xml directly, edit the md and generate it:
-    # `pandoc oh-my-zsh.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > oh-my-zsh.xml`
+    # `pandoc oh-my-zsh.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > oh-my-zsh.xml`
    meta.doc = ./oh-my-zsh.xml;
  }
--- a/nixos/modules/programs/zsh/oh-my-zsh.xml
+++ b/nixos/modules/programs/zsh/oh-my-zsh.xml
@ -63,7 +63,7 @@
    </para>
    <para>
      Rather than using a single mutable path for
-      <literal>ZSH_CUSTOM</literal>, it's also possible to generate this
+      <literal>ZSH_CUSTOM</literal>, it’s also possible to generate this
      path from a list of Nix packages:
    </para>
    <programlisting>
@ -93,7 +93,7 @@
  <section xml:id="module-programs-oh-my-zsh-packaging-customizations">
    <title>Package your own customizations</title>
    <para>
-      If third-party customizations (e.g. new themes) are supposed to be
+      If third-party customizations (e.g. new themes) are supposed to be
      added to <literal>oh-my-zsh</literal> there are several pitfalls
      to keep in mind:
    </para>
--- a/nixos/modules/security/acme/default.nix
+++ b/nixos/modules/security/acme/default.nix
@ -917,7 +917,7 @@ in {
  meta = {
    maintainers = lib.teams.acme.members;
    # Don't edit the docbook xml directly, edit the md and generate it:
-    # `pandoc doc.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > doc.xml`
+    # `pandoc doc.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > doc.xml`
    doc = ./doc.xml;
  };
 }
--- a/nixos/modules/security/acme/doc.xml
+++ b/nixos/modules/security/acme/doc.xml
@ -3,7 +3,7 @@
  <para>
    NixOS supports automatic domain validation &amp; certificate
    retrieval and renewal using the ACME protocol. Any provider can be
-    used, but by default NixOS uses Let's Encrypt. The alternative ACME
+    used, but by default NixOS uses Let’s Encrypt. The alternative ACME
    client
    <link xlink:href="https://go-acme.github.io/lego/">lego</link> is
    used under the hood.
@ -17,15 +17,15 @@
  <section xml:id="module-security-acme-prerequisites">
    <title>Prerequisites</title>
    <para>
-      To use the ACME module, you must accept the provider's terms of
+      To use the ACME module, you must accept the provider’s terms of
      service by setting
      <xref linkend="opt-security.acme.acceptTerms"></xref> to
-      <literal>true</literal>. The Let's Encrypt ToS can be found
+      <literal>true</literal>. The Let’s Encrypt ToS can be found
      <link xlink:href="https://letsencrypt.org/repository/">here</link>.
    </para>
    <para>
      You must also set an email address to be used when creating
-      accounts with Let's Encrypt. You can set this for all certs with
+      accounts with Let’s Encrypt. You can set this for all certs with
      <xref linkend="opt-security.acme.defaults.email"></xref> and/or on
      a per-cert basis with
      <xref linkend="opt-security.acme.certs._name_.email"></xref>. This
@ -93,7 +93,7 @@ services.nginx = {
    <para>
      Using ACME certificates with Apache virtual hosts is identical to
      using them with Nginx. The attribute names are all the same, just
-      replace &quot;nginx&quot; with &quot;httpd&quot; where
+      replace <quote>nginx</quote> with <quote>httpd</quote> where
      appropriate.
    </para>
  </section>
@ -257,7 +257,7 @@ systemd.services.dns-rfc2136-conf = {
 };
 </programlisting>
    <para>
-      Now you're all set to generate certs! You should monitor the first
+      Now you’re all set to generate certs! You should monitor the first
      invocation by running
      <literal>systemctl start acme-example.com.service &amp; journalctl -fu acme-example.com.service</literal>
      and watching its log output.
@ -270,15 +270,14 @@ systemd.services.dns-rfc2136-conf = {
      including those automatically configured via the Nginx/Apache
      <link linkend="opt-services.nginx.virtualHosts._name_.enableACME"><literal>enableACME</literal></link>
      option. This configuration pattern is fully supported and part of
-      the module's test suite for Nginx + Apache.
+      the module’s test suite for Nginx + Apache.
    </para>
    <para>
      You must follow the guide above on configuring DNS-01 validation
      first, however instead of setting the options for one certificate
-      (e.g.
+      (e.g. <xref linkend="opt-security.acme.certs._name_.dnsProvider"></xref>)
-      <xref linkend="opt-security.acme.certs._name_.dnsProvider"></xref>)
+      you will set them as defaults
-      you will set them as defaults (e.g.
+      (e.g. <xref linkend="opt-security.acme.defaults.dnsProvider"></xref>).
      <xref linkend="opt-security.acme.defaults.dnsProvider"></xref>).
    </para>
    <programlisting>
 # Configure ACME appropriately
@ -304,7 +303,7 @@ services.nginx = {
 }
 </programlisting>
    <para>
-      And that's it! Next time your configuration is rebuilt, or when
+      And that’s it! Next time your configuration is rebuilt, or when
      you add a new virtualHost, it will be DNS-01 validated.
    </para>
  </section>
@ -316,7 +315,7 @@ services.nginx = {
      are not owned by root. PostgreSQL and OpenSMTPD are examples of
      these. There is no way to change the user the ACME module uses (it
      will always be <literal>acme</literal>), however you can use
-      systemd's <literal>LoadCredential</literal> feature to resolve
+      systemd’s <literal>LoadCredential</literal> feature to resolve
      this elegantly. Below is an example configuration for OpenSMTPD,
      but this pattern can be applied to any service.
    </para>
@ -360,7 +359,7 @@ in {
    <title>Regenerating certificates</title>
    <para>
      Should you need to regenerate a particular certificate in a hurry,
-      such as when a vulnerability is found in Let's Encrypt, there is
+      such as when a vulnerability is found in Let’s Encrypt, there is
      now a convenient mechanism for doing so. Running
      <literal>systemctl clean --what=state acme-example.com.service</literal>
      will remove all certificate files and the account data for the
--- a/nixos/modules/services/backup/borgbackup.nix
+++ b/nixos/modules/services/backup/borgbackup.nix
@ -227,7 +227,7 @@ let
 in {
  meta.maintainers = with maintainers; [ dotlambda ];
  # Don't edit the docbook xml directly, edit the md and generate it:
-  # `pandoc borgbackup.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > borgbackup.xml`
+  # `pandoc borgbackup.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > borgbackup.xml`
  meta.doc = ./borgbackup.xml;
  ###### interface
--- a/nixos/modules/services/backup/borgbackup.xml
+++ b/nixos/modules/services/backup/borgbackup.xml
@ -200,7 +200,7 @@ sudo borg init --encryption=repokey-blake2  \
      protect your data from disk failure, ransomware and theft.
    </para>
    <para>
-      It can be installed in NixOS e.g. by adding
+      It can be installed in NixOS e.g. by adding
      <literal>pkgs.vorta</literal> to
      <xref linkend="opt-environment.systemPackages"></xref>.
    </para>
--- a/nixos/modules/services/databases/foundationdb.nix
+++ b/nixos/modules/services/databases/foundationdb.nix
@ -425,7 +425,7 @@ in
  };
  # Don't edit the docbook xml directly, edit the md and generate it:
-  # `pandoc foundationdb.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > foundationdb.xml`
+  # `pandoc foundationdb.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > foundationdb.xml`
  meta.doc         = ./foundationdb.xml;
  meta.maintainers = with lib.maintainers; [ thoughtpolice ];
 }
--- a/nixos/modules/services/databases/foundationdb.xml
+++ b/nixos/modules/services/databases/foundationdb.xml
@ -15,7 +15,7 @@
    <emphasis>Available version(s):</emphasis> 5.1.x, 5.2.x, 6.0.x
  </para>
  <para>
-    FoundationDB (or &quot;FDB&quot;) is an open source, distributed,
+    FoundationDB (or <quote>FDB</quote>) is an open source, distributed,
    transactional key-value store.
  </para>
  <section xml:id="module-services-foundationdb-configuring">
@ -115,8 +115,8 @@ a@link&gt;
      SSD-storage based database for development and basic usage. This
      storage engine is designed for SSDs and will perform poorly on
      HDDs; however it can handle far more data than the alternative
-      &quot;memory&quot; engine and is a better default choice for most
+      <quote>memory</quote> engine and is a better default choice for
-      deployments. (Note that you can change the storage backend
+      most deployments. (Note that you can change the storage backend
      on-the-fly for a given FoundationDB cluster using
      <command>fdbcli</command>.)
    </para>
@ -151,7 +151,7 @@ services.foundationdb.dataDir = &quot;/data/fdb&quot;;
    <para>
      FoundationDB worker processes typically require 4GB of RAM
      per-process at minimum for good performance, so this option is set
-      to 1 by default since the maximum amount of RAM is unknown. You're
+      to 1 by default since the maximum amount of RAM is unknown. You’re
      advised to abide by this restriction, so pick a number of
      processes so that each has 4GB or more.
    </para>
@ -282,7 +282,7 @@ fdbcli&gt; coordinators auto
      FoundationDB uses a pluggable design to transport security, and
      out of the box it supports a LibreSSL-based plugin for TLS
      support. This plugin not only does in-flight encryption, but also
-      performs client authorization based on the given endpoint's
+      performs client authorization based on the given endpoint’s
      certificate chain. For example, a FoundationDB server may be
      configured to only accept client connections over TLS, where the
      client TLS certificate is from organization <emphasis>Acme
@ -303,7 +303,7 @@ fdbcli&gt; coordinators auto
    </para>
    <para>
      After you have a key and certificate file in place, it is not
-      enough to simply set the NixOS module options -- you must also
+      enough to simply set the NixOS module options – you must also
      configure the <command>fdb.cluster</command> file to specify that
      a given set of coordinators use TLS. This is as simple as adding
      the suffix <command>:tls</command> to your cluster coordinator
@ -333,7 +333,7 @@ XXXXXX:XXXXXX@127.0.0.1:4500:tls
    </para>
    <para>
      However, a side effect of this is that the
-      <command>fdbbackup</command> command doesn't work properly for
+      <command>fdbbackup</command> command doesn’t work properly for
      local filesystem backups: FoundationDB uses a server process
      alongside the database processes to perform backups and copy the
      backups to the filesystem. As a result, this process is put under
@ -403,7 +403,7 @@ $ sudo -u foundationdb fdbbackup status -t default
  <section xml:id="module-services-foundationdb-options">
    <title>Options</title>
    <para>
-      NixOS's FoundationDB module allows you to configure all of the
+      NixOS’s FoundationDB module allows you to configure all of the
      most relevant configuration options for
      <command>fdbmonitor</command>, matching it quite closely. A
      complete list of options for the FoundationDB module may be found
--- a/nixos/modules/services/databases/postgresql.nix
+++ b/nixos/modules/services/databases/postgresql.nix
@ -586,7 +586,7 @@ in
  };
  # Don't edit the docbook xml directly, edit the md and generate it:
-  # `pandoc postgresql.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > postgresql.xml`
+  # `pandoc postgresql.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > postgresql.xml`
  meta.doc = ./postgresql.xml;
  meta.maintainers = with lib.maintainers; [ thoughtpolice danbst ];
 }
--- a/nixos/modules/services/databases/postgresql.xml
+++ b/nixos/modules/services/databases/postgresql.xml
@ -23,7 +23,7 @@ services.postgresql.package = pkgs.postgresql_11;
 </programlisting>
    <para>
      Note that you are required to specify the desired version of
-      PostgreSQL (e.g. <literal>pkgs.postgresql_11</literal>). Since
+      PostgreSQL (e.g. <literal>pkgs.postgresql_11</literal>). Since
      upgrading your PostgreSQL version requires a database dump and
      reload (see below), NixOS cannot provide a default value for
      <xref linkend="opt-services.postgresql.package"></xref> such as
@ -51,7 +51,7 @@ services.postgresql.dataDir = &quot;/data/postgresql&quot;;
    <para>
      Major PostgreSQL upgrades require a downtime and a few imperative
      steps to be called. This is the case because each major version
-      has some internal changes in the databases' state during major
+      has some internal changes in the databases’ state during major
      releases. Because of that, NixOS places the state into
      <filename>/var/lib/postgresql/&lt;version&gt;</filename> where
      each <literal>version</literal> can be obtained like this:
@ -138,7 +138,7 @@ $ nix-instantiate --eval -A postgresql_13.psqlSchema
      </listitem>
      <listitem>
        <para>
-          After the upgrade it's advisable to analyze the new cluster.
+          After the upgrade it’s advisable to analyze the new cluster.
        </para>
        <itemizedlist>
          <listitem>
@ -228,7 +228,7 @@ self: super: {
 }
 </programlisting>
    <para>
-      Here's a recipe on how to override a particular plugin through an
+      Here’s a recipe on how to override a particular plugin through an
      overlay:
    </para>
    <programlisting>
--- a/nixos/modules/services/editors/emacs.nix
+++ b/nixos/modules/services/editors/emacs.nix
@ -100,6 +100,6 @@ in
  };
  # Don't edit the docbook xml directly, edit the md and generate it:
-  # `pandoc emacs.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > emacs.xml`
+  # `pandoc emacs.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > emacs.xml`
  meta.doc = ./emacs.xml;
 }
--- a/nixos/modules/services/hardware/trezord.nix
+++ b/nixos/modules/services/hardware/trezord.nix
@ -9,7 +9,7 @@ in {
  meta = {
    # Don't edit the docbook xml directly, edit the md and generate it:
-    # `pandoc trezord.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > trezord.xml`
+    # `pandoc trezord.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > trezord.xml`
    doc = ./trezord.xml;
  };
--- a/nixos/modules/services/mail/mailman.nix
+++ b/nixos/modules/services/mail/mailman.nix
@ -643,7 +643,7 @@ in {
  meta = {
    maintainers = with lib.maintainers; [ lheckemann qyliss ma27 ];
    # Don't edit the docbook xml directly, edit the md and generate it:
-    # `pandoc mailman.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > mailman.xml`
+    # `pandoc mailman.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > mailman.xml`
    doc = ./mailman.xml;
  };
--- a/nixos/modules/services/mail/mailman.xml
+++ b/nixos/modules/services/mail/mailman.xml
@ -61,7 +61,7 @@
      up, the Postorius mailing list manager and the Hyperkitty archive
      browser will be available at https://lists.example.org/. Note that
      this setup is not sufficient to deliver emails to most email
-      providers nor to avoid spam -- a number of additional measures for
+      providers nor to avoid spam – a number of additional measures for
      authenticating incoming and outgoing mails, such as SPF, DMARC and
      DKIM are necessary, but outside the scope of the Mailman module.
    </para>
@ -100,7 +100,7 @@
 </programlisting>
    <para>
      The exim config needs some special additions to work with Mailman.
-      Currently NixOS can't manage Exim config with such granularity.
+      Currently NixOS can’t manage Exim config with such granularity.
      Please refer to
      <link xlink:href="https://mailman.readthedocs.io/en/latest/src/mailman/docs/mta.html">Mailman
      documentation</link> for more info on configuring Mailman for
--- a/nixos/modules/services/matrix/mjolnir.nix
+++ b/nixos/modules/services/matrix/mjolnir.nix
@ -237,7 +237,7 @@ in
  meta = {
    # Don't edit the docbook xml directly, edit the md and generate it:
-    # `pandoc mjolnir.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > mjolnir.xml`
+    # `pandoc mjolnir.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > mjolnir.xml`
    doc = ./mjolnir.xml;
    maintainers = with maintainers; [ jojosch ];
  };
--- a/nixos/modules/services/matrix/mjolnir.xml
+++ b/nixos/modules/services/matrix/mjolnir.xml
@ -7,7 +7,7 @@
  </para>
  <para>
    As an all-in-one moderation tool, it can protect your server from
-    malicious invites, spam messages, and whatever else you don't want.
+    malicious invites, spam messages, and whatever else you don’t want.
    In addition to server-level protection, Mjolnir is great for
    communities wanting to protect their rooms without having to use
    their personal accounts for moderation.
@ -21,7 +21,7 @@
    See the
    <link xlink:href="https://github.com/matrix-org/mjolnir#readme">README</link>
    page and the
-    <link xlink:href="https://github.com/matrix-org/mjolnir/blob/main/docs/moderators.md">Moderator's
+    <link xlink:href="https://github.com/matrix-org/mjolnir/blob/main/docs/moderators.md">Moderator’s
    guide</link> for additional instructions on how to setup and use
    Mjolnir.
  </para>
@ -36,7 +36,7 @@
    <para>
      First create a new Room which will be used as a management room
      for Mjolnir. In this room, Mjolnir will log possible errors and
-      debugging information. You'll need to set this Room-ID in
+      debugging information. You’ll need to set this Room-ID in
      <link linkend="opt-services.mjolnir.managementRoom">services.mjolnir.managementRoom</link>.
    </para>
    <para>
@ -51,7 +51,7 @@
    </para>
    <para>
      If you want Mjolnir to be able to deactivate users, move room
-      aliases, shutdown rooms, etc. you'll need to make the Mjolnir user
+      aliases, shutdown rooms, etc. you’ll need to make the Mjolnir user
      a Matrix server admin.
    </para>
    <para>
@ -93,10 +93,10 @@
      <title>Element Matrix Services (EMS)</title>
      <para>
        If you are using a managed
-        <link xlink:href="https://ems.element.io/">&quot;Element Matrix
+        <link xlink:href="https://ems.element.io/"><quote>Element Matrix
-        Services (EMS)&quot;</link> server, you will need to consent to
+        Services (EMS)</quote></link> server, you will need to consent
-        the terms and conditions. Upon startup, an error log entry with
+        to the terms and conditions. Upon startup, an error log entry
-        a URL to the consent page will be generated.
+        with a URL to the consent page will be generated.
      </para>
    </section>
  </section>
--- a/nixos/modules/services/matrix/synapse.nix
+++ b/nixos/modules/services/matrix/synapse.nix
@ -802,7 +802,7 @@ in {
  meta = {
    buildDocsInSandbox = false;
    # Don't edit the docbook xml directly, edit the md and generate it:
-    # `pandoc synapse.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > synapse.xml`
+    # `pandoc synapse.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > synapse.xml`
    doc = ./synapse.xml;
    maintainers = teams.matrix.members;
  };
--- a/nixos/modules/services/matrix/synapse.xml
+++ b/nixos/modules/services/matrix/synapse.xml
@ -152,7 +152,7 @@ Success!
      <para>
        When using
        <xref linkend="opt-services.matrix-synapse.settings.registration_shared_secret"></xref>,
-        the secret will end up in the world-readable store. Instead it's
+        the secret will end up in the world-readable store. Instead it’s
        recommended to deploy the secret in an additional file like
        this:
      </para>
@ -173,9 +173,9 @@ registration_shared_secret: your-very-secret-secret
            <citerefentry><refentrytitle>nixops</refentrytitle><manvolnum>1</manvolnum></citerefentry>
            or
            <link xlink:href="https://github.com/Mic92/sops-nix/">sops-nix</link>
-            to e.g.
+            to
-            <filename>/run/secrets/matrix-shared-secret</filename> and
+            e.g. <filename>/run/secrets/matrix-shared-secret</filename>
-            ensure that it's readable by
+            and ensure that it’s readable by
            <literal>matrix-synapse</literal>.
          </para>
        </listitem>
@ -195,7 +195,7 @@ registration_shared_secret: your-very-secret-secret
    </warning>
    <note>
      <para>
-        It's also possible to user alternative authentication mechanism
+        It’s also possible to user alternative authentication mechanism
        such as
        <link xlink:href="https://github.com/matrix-org/matrix-synapse-ldap3">LDAP
        (via <literal>matrix-synapse-ldap3</literal>)</link> or
--- a/nixos/modules/services/misc/gitlab.nix
+++ b/nixos/modules/services/misc/gitlab.nix
@ -1503,7 +1503,7 @@ in {
  };
  # Don't edit the docbook xml directly, edit the md and generate it:
-  # `pandoc gitlab.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > gitlab.xml`
+  # `pandoc gitlab.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > gitlab.xml`
  meta.doc = ./gitlab.xml;
 }
--- a/nixos/modules/services/misc/gitlab.xml
+++ b/nixos/modules/services/misc/gitlab.xml
@ -78,13 +78,13 @@ services.gitlab = {
 };
 </programlisting>
    <para>
-      If you're setting up a new GitLab instance, generate new secrets.
+      If you’re setting up a new GitLab instance, generate new secrets.
      You for instance use
      <literal>tr -dc A-Za-z0-9 &lt; /dev/urandom | head -c 128 &gt; /var/keys/gitlab/db</literal>
      to generate a new db secret. Make sure the files can be read by,
      and only by, the user specified by
      <link linkend="opt-services.gitlab.user">services.gitlab.user</link>.
-      GitLab encrypts sensitive data stored in the database. If you're
+      GitLab encrypts sensitive data stored in the database. If you’re
      restoring an existing GitLab instance, you must specify the
      secrets secret from <literal>config/secrets.yml</literal> located
      in your GitLab state folder.
@ -125,7 +125,7 @@ $ systemctl start gitlab-backup.service
    <section xml:id="module-services-gitlab-maintenance-rake">
      <title>Rake tasks</title>
      <para>
-        You can run GitLab's rake tasks with
+        You can run GitLab’s rake tasks with
        <literal>gitlab-rake</literal> which will be available on the
        system when GitLab is enabled. You will have to run the command
        as the user that you configured to run GitLab with.
--- a/nixos/modules/services/misc/sourcehut/default.nix
+++ b/nixos/modules/services/misc/sourcehut/default.nix
@ -1391,7 +1391,7 @@ in
  ];
  # Don't edit the docbook xml directly, edit the md and generate it:
-  # `pandoc sourcehut.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > sourcehut.xml`
+  # `pandoc sourcehut.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > sourcehut.xml`
  meta.doc = ./sourcehut.xml;
  meta.maintainers = with maintainers; [ tomberek ];
 }
--- a/nixos/modules/services/misc/sourcehut/sourcehut.xml
+++ b/nixos/modules/services/misc/sourcehut/sourcehut.xml
@ -97,12 +97,12 @@ in {
    </para>
  </section>
  <section xml:id="module-services-sourcehut-httpd">
-    <title>Using an alternative webserver as reverse-proxy (e.g.
+    <title>Using an alternative webserver as reverse-proxy
-    <literal>httpd</literal>)</title>
+    (e.g. <literal>httpd</literal>)</title>
    <para>
      By default, <literal>nginx</literal> is used as reverse-proxy for
-      <literal>sourcehut</literal>. However, it's possible to use e.g.
+      <literal>sourcehut</literal>. However, it’s possible to use
-      <literal>httpd</literal> by explicitly disabling
+      e.g. <literal>httpd</literal> by explicitly disabling
      <literal>nginx</literal> using
      <xref linkend="opt-services.nginx.enable"></xref> and fixing the
      <literal>settings</literal>.
--- a/nixos/modules/services/misc/taskserver/default.nix
+++ b/nixos/modules/services/misc/taskserver/default.nix
@ -567,6 +567,6 @@ in {
  ];
  # Don't edit the docbook xml directly, edit the md and generate it:
-  # `pandoc doc.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > doc.xml`
+  # `pandoc doc.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > doc.xml`
  meta.doc = ./doc.xml;
 }
--- a/nixos/modules/services/misc/taskserver/doc.xml
+++ b/nixos/modules/services/misc/taskserver/doc.xml
@ -16,7 +16,7 @@
      certificates, so you either need to roll your own CA or purchase a
      certificate from a known CA, which allows creation of client
      certificates. These certificates are usually advertised as
-      &quot;server certificates&quot;.
+      <quote>server certificates</quote>.
    </para>
    <para>
      So in order to make it easier to handle your own CA, there is a
@ -54,7 +54,7 @@
      For example if you add a new organisation using
      <command>nixos-taskserver org add foo</command>, the organisation
      is not modified and deleted no matter what you define in
-      <option>services.taskserver.organisations</option>, even if you're
+      <option>services.taskserver.organisations</option>, even if you’re
      adding the same organisation in that option.
    </para>
    <para>
@ -80,7 +80,7 @@
      client machine.
    </para>
    <para>
-      For example, let's say you have the following configuration:
+      For example, let’s say you have the following configuration:
    </para>
    <programlisting>
 {
@ -121,7 +121,7 @@ $ ssh server nixos-taskserver user export my-company alice | sh
    <para>
      If you set any options within
      <link linkend="opt-services.taskserver.pki.manual.ca.cert">service.taskserver.pki.manual</link>.*,
-      <command>nixos-taskserver</command> won't issue certificates, but
+      <command>nixos-taskserver</command> won’t issue certificates, but
      you can still use it for adding or removing user accounts.
    </para>
  </section>
--- a/nixos/modules/services/monitoring/prometheus/exporters.nix
+++ b/nixos/modules/services/monitoring/prometheus/exporters.nix
@ -324,7 +324,7 @@ in
  meta = {
    # Don't edit the docbook xml directly, edit the md and generate it:
-    # `pandoc exporters.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > exporters.xml`
+    # `pandoc exporters.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > exporters.xml`
    doc = ./exporters.xml;
    maintainers = [ maintainers.willibutz ];
  };
--- a/nixos/modules/services/monitoring/prometheus/exporters.xml
+++ b/nixos/modules/services/monitoring/prometheus/exporters.xml
@ -11,7 +11,7 @@
      One of the most common exporters is the
      <link xlink:href="https://github.com/prometheus/node_exporter">node
      exporter</link>, it provides hardware and OS metrics from the host
-      it's running on. The exporter could be configured as follows:
+      it’s running on. The exporter could be configured as follows:
    </para>
    <programlisting>
  services.prometheus.exporters.node = {
@ -34,7 +34,7 @@
      <link xlink:href="https://github.com/prometheus/node_exporter#enabled-by-default">enabled
      by default</link>, via http under <literal>/metrics</literal>. In
      this example the firewall should just allow incoming connections
-      to the exporter's port on the bridge interface
+      to the exporter’s port on the bridge interface
      <literal>br0</literal> (this would have to be configured
      separately of course). For more information about configuration
      see <literal>man configuration.nix</literal> or search through the
@ -194,9 +194,9 @@ in
        <para>
          This should already be enough for the postfix exporter.
          Additionally one could now add assertions and conditional
-          default values. This can be done in the 'meta-module' that
+          default values. This can be done in the
-          combines all exporter definitions and generates the
+          <quote>meta-module</quote> that combines all exporter
-          submodules:
+          definitions and generates the submodules:
          <literal>nixpkgs/nixos/modules/services/prometheus/exporters.nix</literal>
        </para>
      </listitem>
--- a/nixos/modules/services/network-filesystems/litestream/default.nix
+++ b/nixos/modules/services/network-filesystems/litestream/default.nix
@ -96,6 +96,6 @@ in
  };
  # Don't edit the docbook xml directly, edit the md and generate it:
-  # `pandoc litestream.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > litestream.xml`
+  # `pandoc litestream.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > litestream.xml`
  meta.doc = ./litestream.xml;
 }
--- a/nixos/modules/services/network-filesystems/litestream/litestream.xml
+++ b/nixos/modules/services/network-filesystems/litestream/litestream.xml
@ -9,7 +9,7 @@
    <para>
      Litestream service is managed by a dedicated user named
      <literal>litestream</literal> which needs permission to the
-      database file. Here's an example config which gives required
+      database file. Here’s an example config which gives required
      permissions to access
      <link linkend="opt-services.grafana.settings.database.path">grafana
      database</link>:
--- a/nixos/modules/services/networking/pleroma.nix
+++ b/nixos/modules/services/networking/pleroma.nix
@ -148,6 +148,6 @@ in {
  };
  meta.maintainers = with lib.maintainers; [ ninjatrappeur ];
  # Don't edit the docbook xml directly, edit the md and generate it:
-  # `pandoc pleroma.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > pleroma.xml`
+  # `pandoc pleroma.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > pleroma.xml`
  meta.doc = ./pleroma.xml;
 }
--- a/nixos/modules/services/networking/pleroma.xml
+++ b/nixos/modules/services/networking/pleroma.xml
@ -136,7 +136,7 @@ config :web_push_encryption, :vapid_details,
 </programlisting>
    <para>
      Note that the lines of the same configuration group are comma
-      separated (i.e. all the lines end with a comma, except the last
+      separated (i.e. all the lines end with a comma, except the last
      one), so when the lines with passwords are added or removed,
      commas must be adjusted accordingly.
    </para>
@ -179,7 +179,7 @@ $ pleroma_ctl user new &lt;nickname&gt; &lt;email&gt;  --admin --moderator --pas
      4000. Nginx can be configured as a Reverse Proxy, for forwarding
      requests from public ports to the Pleroma service. This is an
      example of configuration, using
-      <link xlink:href="https://letsencrypt.org/">Let's Encrypt</link>
+      <link xlink:href="https://letsencrypt.org/">Let’s Encrypt</link>
      for the TLS certificates
    </para>
    <programlisting>
--- a/nixos/modules/services/networking/prosody.nix
+++ b/nixos/modules/services/networking/prosody.nix
@ -906,6 +906,6 @@ in
  };
  # Don't edit the docbook xml directly, edit the md and generate it:
-  # `pandoc prosody.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > prosody.xml`
+  # `pandoc prosody.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > prosody.xml`
  meta.doc = ./prosody.xml;
 }
--- a/nixos/modules/services/networking/prosody.xml
+++ b/nixos/modules/services/networking/prosody.xml
@ -24,7 +24,7 @@
      <link xlink:href="https://xmpp.org/extensions/xep-0045.html">Multi
      User Chat (MUC)</link> and the
      <link xlink:href="https://xmpp.org/extensions/xep-0363.html">HTTP
-      File Upload</link> ones. You'll need to create a DNS subdomain for
+      File Upload</link> ones. You’ll need to create a DNS subdomain for
      each of those. The current convention is to name your MUC endpoint
      <literal>conference.example.org</literal> and your HTTP upload
      domain <literal>upload.example.org</literal>.
@ -58,18 +58,18 @@ services.prosody = {
 </programlisting>
  </section>
  <section xml:id="module-services-prosody-letsencrypt">
-    <title>Let's Encrypt Configuration</title>
+    <title>Let’s Encrypt Configuration</title>
    <para>
      As you can see in the code snippet from the
      <link linkend="module-services-prosody-basic-usage">previous
-      section</link>, you'll need a single TLS certificate covering your
+      section</link>, you’ll need a single TLS certificate covering your
      main endpoint, the MUC one as well as the HTTP Upload one. We can
      generate such a certificate by leveraging the ACME
      <link linkend="opt-security.acme.certs._name_.extraDomainNames">extraDomainNames</link>
      module option.
    </para>
    <para>
-      Provided the setup detailed in the previous section, you'll need
+      Provided the setup detailed in the previous section, you’ll need
      the following acme configuration to generate a TLS certificate for
      the three endponits:
    </para>
--- a/nixos/modules/services/networking/yggdrasil.nix
+++ b/nixos/modules/services/networking/yggdrasil.nix
@ -194,7 +194,7 @@ in {
  });
  meta = {
    # Don't edit the docbook xml directly, edit the md and generate it:
-    # `pandoc yggdrasil.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > yggdrasil.xml`
+    # `pandoc yggdrasil.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > yggdrasil.xml`
    doc = ./yggdrasil.xml;
    maintainers = with lib.maintainers; [ gazally ehmry ];
  };
--- a/nixos/modules/services/web-apps/discourse.nix
+++ b/nixos/modules/services/web-apps/discourse.nix
@ -1081,7 +1081,7 @@ in
  };
  # Don't edit the docbook xml directly, edit the md and generate it:
-  # `pandoc discourse.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > discourse.xml`
+  # `pandoc discourse.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > discourse.xml`
  meta.doc = ./discourse.xml;
  meta.maintainers = [ lib.maintainers.talyz ];
 }
--- a/nixos/modules/services/web-apps/discourse.xml
+++ b/nixos/modules/services/web-apps/discourse.xml
@ -7,7 +7,7 @@
  <section xml:id="module-services-discourse-basic-usage">
    <title>Basic usage</title>
    <para>
-      A minimal configuration using Let's Encrypt for TLS certificates
+      A minimal configuration using Let’s Encrypt for TLS certificates
      looks like this:
    </para>
    <programlisting>
@ -26,7 +26,7 @@ security.acme.email = &quot;me@example.com&quot;;
 security.acme.acceptTerms = true;
 </programlisting>
    <para>
-      Provided a proper DNS setup, you'll be able to connect to the
+      Provided a proper DNS setup, you’ll be able to connect to the
      instance at <literal>discourse.example.com</literal> and log in
      using the credentials provided in
      <literal>services.discourse.admin</literal>.
@ -82,7 +82,7 @@ services.discourse = {
  <section xml:id="module-services-discourse-mail">
    <title>Email</title>
    <para>
-      In addition to the basic setup, you'll want to configure an SMTP
+      In addition to the basic setup, you’ll want to configure an SMTP
      server Discourse can use to send user registration and password
      reset emails, among others. You can also optionally let Discourse
      receive email, which enables people to reply to threads and
@ -116,11 +116,11 @@ services.discourse = {
 };
 </programlisting>
    <para>
-      This assumes you have set up an MX record for the address you've
+      This assumes you have set up an MX record for the address you’ve
      set in
      <link linkend="opt-services.discourse.hostname">hostname</link>
      and requires proper SPF, DKIM and DMARC configuration to be done
-      for the domain you're sending from, in order for email to be
+      for the domain you’re sending from, in order for email to be
      reliably delivered.
    </para>
    <para>
@ -135,7 +135,7 @@ services.discourse = {
    <note>
      <para>
        Setup of TLS for incoming email is currently only configured
-        automatically when a regular TLS certificate is used, i.e. when
+        automatically when a regular TLS certificate is used, i.e. when
        <xref linkend="opt-services.discourse.sslCertificate"></xref>
        and
        <xref linkend="opt-services.discourse.sslCertificateKey"></xref>
@ -155,18 +155,18 @@ services.discourse = {
    <section xml:id="module-services-discourse-site-settings">
      <title>Site settings</title>
      <para>
-        &quot;Site settings&quot; are the settings that can be changed
+        <quote>Site settings</quote> are the settings that can be
-        through the Discourse UI. Their <emphasis>default</emphasis>
+        changed through the Discourse UI. Their
-        values can be set using
+        <emphasis>default</emphasis> values can be set using
        <xref linkend="opt-services.discourse.siteSettings"></xref>.
      </para>
      <para>
        Settings are expressed as a Nix attribute set which matches the
        structure of the configuration in
        <link xlink:href="https://github.com/discourse/discourse/blob/master/config/site_settings.yml">config/site_settings.yml</link>.
-        To find a setting's path, you only need to care about the first
+        To find a setting’s path, you only need to care about the first
-        two levels; i.e. its category (e.g. <literal>login</literal>)
+        two levels; i.e. its category (e.g. <literal>login</literal>)
-        and name (e.g. <literal>invite_only</literal>).
+        and name (e.g. <literal>invite_only</literal>).
      </para>
      <para>
        Settings containing secret data should be set to an attribute
@ -263,7 +263,7 @@ services.discourse = {
      <link xlink:href="https://nixos.org/manual/nixpkgs/stable/#developing-with-ruby">Developing
      with Ruby</link> section of the Nixpkgs manual and the appropriate
      gem options set in <literal>bundlerEnvArgs</literal> (normally
-      <literal>gemdir</literal> is sufficient). A plugin's Ruby
+      <literal>gemdir</literal> is sufficient). A plugin’s Ruby
      dependencies are listed in its <filename>plugin.rb</filename> file
      as function calls to <literal>gem</literal>. To construct the
      corresponding <filename>Gemfile</filename> manually, run
--- a/nixos/modules/services/web-apps/grocy.nix
+++ b/nixos/modules/services/web-apps/grocy.nix
@ -168,7 +168,7 @@ in {
  meta = {
    maintainers = with maintainers; [ ma27 ];
    # Don't edit the docbook xml directly, edit the md and generate it:
-    # `pandoc grocy.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > grocy.xml`
+    # `pandoc grocy.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > grocy.xml`
    doc = ./grocy.xml;
  };
 }
--- a/nixos/modules/services/web-apps/grocy.xml
+++ b/nixos/modules/services/web-apps/grocy.xml
@ -29,7 +29,7 @@
      credentials <literal>admin:admin</literal> can be used to login.
    </para>
    <para>
-      The application's state is persisted at
+      The application’s state is persisted at
      <literal>/var/lib/grocy/grocy.db</literal> in a
      <literal>sqlite3</literal> database. The migration is applied when
      requesting the <literal>/</literal>-route of the application.
--- a/nixos/modules/services/web-apps/jitsi-meet.nix
+++ b/nixos/modules/services/web-apps/jitsi-meet.nix
@ -452,7 +452,7 @@ in
  };
  # Don't edit the docbook xml directly, edit the md and generate it:
-  # `pandoc jitsi-meet.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > jitsi-meet.xml`
+  # `pandoc jitsi-meet.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > jitsi-meet.xml`
  meta.doc = ./jitsi-meet.xml;
  meta.maintainers = lib.teams.jitsi.members;
 }
--- a/nixos/modules/services/web-apps/jitsi-meet.xml
+++ b/nixos/modules/services/web-apps/jitsi-meet.xml
@ -7,7 +7,7 @@
  <section xml:id="module-services-jitsi-basic-usage">
    <title>Basic usage</title>
    <para>
-      A minimal configuration using Let's Encrypt for TLS certificates
+      A minimal configuration using Let’s Encrypt for TLS certificates
      looks like this:
    </para>
    <programlisting>
--- a/nixos/modules/services/web-apps/keycloak.nix
+++ b/nixos/modules/services/web-apps/keycloak.nix
@ -675,7 +675,7 @@ in
      };
  # Don't edit the docbook xml directly, edit the md and generate it:
-  # `pandoc keycloak.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > keycloak.xml`
+  # `pandoc keycloak.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > keycloak.xml`
  meta.doc = ./keycloak.xml;
  meta.maintainers = [ maintainers.talyz ];
 }
--- a/nixos/modules/services/web-apps/keycloak.xml
+++ b/nixos/modules/services/web-apps/keycloak.xml
@ -76,8 +76,8 @@
    </para>
    <note>
      <para>
-        If you're migrating an old Wildfly based Keycloak instance and
+        If you’re migrating an old Wildfly based Keycloak instance and
-        want to keep compatibility with your current clients, you'll
+        want to keep compatibility with your current clients, you’ll
        likely want to set
        <xref linkend="opt-services.keycloak.settings.http-relative-path"></xref>
        to <literal>/auth</literal>. See the option description for more
@ -102,7 +102,7 @@
  <section xml:id="module-services-keycloak-tls">
    <title>Setting up TLS/SSL</title>
    <para>
-      By default, Keycloak won't accept unsecured HTTP connections
+      By default, Keycloak won’t accept unsecured HTTP connections
      originating from outside its local network.
    </para>
    <para>
--- a/nixos/modules/services/web-apps/matomo-doc.xml
+++ b/nixos/modules/services/web-apps/matomo-doc.xml
@ -41,8 +41,8 @@ GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost';
      <link xlink:href="https://mariadb.com/kb/en/mariadb/unix_socket-authentication-plugin/" role="uri">https://mariadb.com/kb/en/mariadb/unix_socket-authentication-plugin/</link>.
    </para>
    <para>
-      Of course, you can use password based authentication as well, e.g.
+      Of course, you can use password based authentication as well,
-      when the database is not on the same host.
+      e.g. when the database is not on the same host.
    </para>
  </section>
  <section xml:id="module-services-matomo-archive-processing">
@ -84,7 +84,7 @@ GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'localhost';
      <listitem>
        <para>
          Matomo will warn you that the JavaScript tracker is not
-          writable. This is because it's located in the read-only nix
+          writable. This is because it’s located in the read-only nix
          store. You can safely ignore this, unless you need a plugin
          that needs JavaScript tracker access.
        </para>
--- a/nixos/modules/services/web-apps/matomo.nix
+++ b/nixos/modules/services/web-apps/matomo.nix
@ -326,7 +326,7 @@ in {
  meta = {
    # Don't edit the docbook xml directly, edit the md and generate it:
-    # `pandoc matomo-doc.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > matomo-doc.xml`
+    # `pandoc matomo-doc.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > matomo-doc.xml`
    doc = ./matomo-doc.xml;
    maintainers = with lib.maintainers; [ florianjacob ];
  };
--- a/nixos/modules/services/web-apps/nextcloud.nix
+++ b/nixos/modules/services/web-apps/nextcloud.nix
@ -1147,6 +1147,6 @@ in {
  ]);
  # Don't edit the docbook xml directly, edit the md and generate it:
-  # `pandoc nextcloud.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > nextcloud.xml`
+  # `pandoc nextcloud.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > nextcloud.xml`
  meta.doc = ./nextcloud.xml;
 }
--- a/nixos/modules/services/web-apps/nextcloud.xml
+++ b/nixos/modules/services/web-apps/nextcloud.xml
@ -19,7 +19,7 @@
      (<link linkend="opt-services.nextcloud.enable"><literal>services.nextcloud</literal></link>
      optionally supports
      <link linkend="opt-services.nginx.enable"><literal>services.nginx</literal></link>)
-      and a database (it's recommended to use
+      and a database (it’s recommended to use
      <link linkend="opt-services.postgresql.enable"><literal>services.postgresql</literal></link>).
    </para>
    <para>
@ -67,13 +67,13 @@
      and <literal>nginx</literal>. The <literal>config</literal>
      attribute set is used by the imperative installer and all values
      are written to an additional file to ensure that changes can be
-      applied by changing the module's options.
+      applied by changing the module’s options.
    </para>
    <para>
      In case the application serves multiple domains (those are checked
      with
      <link xlink:href="http://php.net/manual/en/reserved.variables.server.php"><literal>$_SERVER['HTTP_HOST']</literal></link>)
-      it's needed to add them to
+      it’s needed to add them to
      <link linkend="opt-services.nextcloud.config.extraTrustedDomains"><literal>services.nextcloud.config.extraTrustedDomains</literal></link>.
    </para>
    <para>
@ -101,19 +101,19 @@
          which is generated by the module and linked from the store to
          ensure that all values from <filename>config.php</filename>
          can be modified by the module. However
-          <filename>config.php</filename> manages the application's
+          <filename>config.php</filename> manages the application’s
-          state and shouldn't be touched manually because of that.
+          state and shouldn’t be touched manually because of that.
        </para>
        <warning>
          <para>
-            Don't delete <filename>config.php</filename>! This file
+            Don’t delete <filename>config.php</filename>! This file
-            tracks the application's state and a deletion can cause
+            tracks the application’s state and a deletion can cause
            unwanted side-effects!
          </para>
        </warning>
        <warning>
          <para>
-            Don't rerun
+            Don’t rerun
            <literal>nextcloud-occ maintenance:install</literal>! This
            command tries to install the application and can cause
            unwanted side-effects!
@ -123,8 +123,8 @@
      <listitem>
        <para>
          <emphasis role="strong">Multiple version upgrades.</emphasis>
-          Nextcloud doesn't allow to move more than one major-version
+          Nextcloud doesn’t allow to move more than one major-version
-          forward. E.g., if you're on <literal>v16</literal>, you cannot
+          forward. E.g., if you’re on <literal>v16</literal>, you cannot
          upgrade to <literal>v18</literal>, you need to upgrade to
          <literal>v17</literal> first. This is ensured automatically as
          long as the
@ -159,7 +159,7 @@
              this is most likely because the maintenance mode is
              active. It can be deactivated by running
              <command>nextcloud-occ maintenance:mode --off</command>.
-              It's advisable though to check the logs first on why the
+              It’s advisable though to check the logs first on why the
              maintenance mode was activated.
            </para>
          </listitem>
@ -175,8 +175,8 @@
              <emphasis>deleting</emphasis>
              <filename>/var/lib/nextcloud/config/config.php</filename>.
              This is the only time advisable because the fresh install
-              doesn't have any state that can be lost. In case that
+              doesn’t have any state that can be lost. In case that
-              doesn't help, an entire re-creation can be forced via
+              doesn’t help, an entire re-creation can be forced via
              <command>rm -rf ~nextcloud/</command>.
            </para>
          </listitem>
@ -189,8 +189,8 @@
          <link xlink:href="https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html">server-side
          encryption (SSE)</link>. This is not an end-to-end encryption,
          but can be used to encrypt files that will be persisted to
-          external storage such as S3. Please note that this won't work
+          external storage such as S3. Please note that this won’t work
-          anymore when using OpenSSL 3 for PHP's openssl extension
+          anymore when using OpenSSL 3 for PHP’s openssl extension
          because this is implemented using the legacy cipher RC4. If
          <xref linkend="opt-system.stateVersion"></xref> is
          <emphasis>above</emphasis> <literal>22.05</literal>, this is
@ -202,12 +202,12 @@
    </itemizedlist>
  </section>
  <section xml:id="module-services-nextcloud-httpd">
-    <title>Using an alternative webserver as reverse-proxy (e.g.
+    <title>Using an alternative webserver as reverse-proxy
-    <literal>httpd</literal>)</title>
+    (e.g. <literal>httpd</literal>)</title>
    <para>
      By default, <literal>nginx</literal> is used as reverse-proxy for
-      <literal>nextcloud</literal>. However, it's possible to use e.g.
+      <literal>nextcloud</literal>. However, it’s possible to use
-      <literal>httpd</literal> by explicitly disabling
+      e.g. <literal>httpd</literal> by explicitly disabling
      <literal>nginx</literal> using
      <xref linkend="opt-services.nginx.enable"></xref> and fixing the
      settings <literal>listen.owner</literal> &amp;
@ -292,12 +292,12 @@
      While minor and patch-level updates are no problem and can be done
      directly in the package-expression (and should be backported to
      supported stable branches after that), major-releases should be
-      added in a new attribute (e.g. Nextcloud
+      added in a new attribute (e.g. Nextcloud
      <literal>v19.0.0</literal> should be available in
      <literal>nixpkgs</literal> as
      <literal>pkgs.nextcloud19</literal>). To provide simple upgrade
-      paths it's generally useful to backport those as well to stable
+      paths it’s generally useful to backport those as well to stable
-      branches. As long as the package-default isn't altered, this won't
+      branches. As long as the package-default isn’t altered, this won’t
      break existing setups. After that, the versioning-warning in the
      <literal>nextcloud</literal>-module should be updated to make sure
      that the
@ -322,9 +322,9 @@
 }
 </programlisting>
    <para>
-      Ideally we should make sure that it's possible to jump two NixOS
+      Ideally we should make sure that it’s possible to jump two NixOS
-      versions forward: i.e. the warnings and the logic in the module
+      versions forward: i.e. the warnings and the logic in the module
-      should guard a user to upgrade from a Nextcloud on e.g. 19.09 to a
+      should guard a user to upgrade from a Nextcloud on e.g. 19.09 to a
      Nextcloud on 20.09.
    </para>
  </section>
--- a/nixos/modules/services/web-apps/plausible.nix
+++ b/nixos/modules/services/web-apps/plausible.nix
@ -293,6 +293,6 @@ in {
  meta.maintainers = with maintainers; [ ma27 ];
  # Don't edit the docbook xml directly, edit the md and generate it:
-  # `pandoc plausible.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > plausible.xml`
+  # `pandoc plausible.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > plausible.xml`
  meta.doc = ./plausible.xml;
 }
--- a/nixos/modules/services/web-servers/garage-doc.xml
+++ b/nixos/modules/services/web-servers/garage-doc.xml
@ -36,7 +36,7 @@
      <para>
        Until 1.0 is released, patch-level upgrades are considered as
        minor version upgrades. Minor version upgrades are considered as
-        major version upgrades. i.e. 0.6 to 0.7 is a major version
+        major version upgrades. i.e. 0.6 to 0.7 is a major version
        upgrade.
      </para>
    </warning>
@ -45,7 +45,7 @@
        <para>
          <emphasis role="strong">Straightforward upgrades (patch-level
          upgrades).</emphasis> Upgrades must be performed one by one,
-          i.e. for each node, stop it, upgrade it : change
+          i.e. for each node, stop it, upgrade it : change
          <link linkend="opt-system.stateVersion">stateVersion</link> or
          <link linkend="opt-services.garage.package">services.garage.package</link>,
          restart it if it was not already by switching.
@ -55,7 +55,7 @@
        <para>
          <emphasis role="strong">Multiple version upgrades.</emphasis>
          Garage do not provide any guarantee on moving more than one
-          major-version forward. E.g., if you're on
+          major-version forward. E.g., if you’re on
          <literal>0.7</literal>, you cannot upgrade to
          <literal>0.9</literal>. You need to upgrade to
          <literal>0.8</literal> first. As long as
@ -110,7 +110,7 @@
      </listitem>
      <listitem>
        <para>
-          Backup the metadata folder of ALL your nodes, e.g. for a
+          Backup the metadata folder of ALL your nodes, e.g. for a
          metadata directory (the default one) in
          <literal>/var/lib/garage/meta</literal>, you can run
          <literal>pushd /var/lib/garage; tar -acf meta-v0.7.tar.zst meta/; popd</literal>.
@ -166,11 +166,11 @@
      While patch-level updates are no problem and can be done directly
      in the package-expression (and should be backported to supported
      stable branches after that), major-releases should be added in a
-      new attribute (e.g. Garage <literal>v0.8.0</literal> should be
+      new attribute (e.g. Garage <literal>v0.8.0</literal> should be
      available in <literal>nixpkgs</literal> as
      <literal>pkgs.garage_0_8_0</literal>). To provide simple upgrade
-      paths it's generally useful to backport those as well to stable
+      paths it’s generally useful to backport those as well to stable
-      branches. As long as the package-default isn't altered, this won't
+      branches. As long as the package-default isn’t altered, this won’t
      break existing setups. After that, the versioning-warning in the
      <literal>garage</literal>-module should be updated to make sure
      that the
@ -195,9 +195,9 @@
 }
 </programlisting>
    <para>
-      Ideally we should make sure that it's possible to jump two NixOS
+      Ideally we should make sure that it’s possible to jump two NixOS
-      versions forward: i.e. the warnings and the logic in the module
+      versions forward: i.e. the warnings and the logic in the module
-      should guard a user to upgrade from a Garage on e.g. 22.11 to a
+      should guard a user to upgrade from a Garage on e.g. 22.11 to a
      Garage on 23.11.
    </para>
  </section>
--- a/nixos/modules/services/web-servers/garage.nix
+++ b/nixos/modules/services/web-servers/garage.nix
@ -10,7 +10,7 @@ in
 {
  meta = {
    # Don't edit the docbook xml directly, edit the md and generate it:
-    # `pandoc garage-doc.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > garage-doc.xml`
+    # `pandoc garage-doc.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > garage-doc.xml`
    doc = ./garage-doc.xml;
    maintainers = with pkgs.lib.maintainers; [ raitobezarius ];
  };
--- a/nixos/modules/services/x11/desktop-managers/gnome.nix
+++ b/nixos/modules/services/x11/desktop-managers/gnome.nix
@ -67,7 +67,7 @@ in
  meta = {
    # Don't edit the docbook xml directly, edit the md and generate it:
-    # `pandoc gnome.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > gnome.xml`
+    # `pandoc gnome.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > gnome.xml`
    doc = ./gnome.xml;
    maintainers = teams.gnome.members;
  };
--- a/nixos/modules/services/x11/desktop-managers/pantheon.nix
+++ b/nixos/modules/services/x11/desktop-managers/pantheon.nix
@ -18,7 +18,7 @@ in
  meta = {
    # Don't edit the docbook xml directly, edit the md and generate it:
-    # `pandoc pantheon.md -t docbook --top-level-division=chapter --extract-media=media -f markdown-smart --lua-filter ../../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > pantheon.xml`
+    # `pandoc pantheon.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart --lua-filter ../../../../../doc/build-aux/pandoc-filters/myst-reader/roles.lua --lua-filter ../../../../../doc/build-aux/pandoc-filters/docbook-writer/rst-roles.lua > pantheon.xml`
    doc = ./pantheon.xml;
    maintainers = teams.pantheon.members;
  };
--- a/nixos/modules/services/x11/desktop-managers/pantheon.xml
+++ b/nixos/modules/services/x11/desktop-managers/pantheon.xml
@ -17,8 +17,8 @@
 services.xserver.desktopManager.pantheon.enable = true;
 </programlisting>
    <para>
-      This automatically enables LightDM and Pantheon's LightDM greeter.
+      This automatically enables LightDM and Pantheon’s LightDM greeter.
-      If you'd like to disable this, set
+      If you’d like to disable this, set
    </para>
    <programlisting>
 services.xserver.displayManager.lightdm.greeters.pantheon.enable = false;
@ -27,8 +27,8 @@ services.xserver.displayManager.lightdm.enable = false;
    <para>
      but please be aware using Pantheon without LightDM as a display
      manager will break screenlocking from the UI. The NixOS module for
-      Pantheon installs all of Pantheon's default applications. If you'd
+      Pantheon installs all of Pantheon’s default applications. If you’d
-      like to not install Pantheon's apps, set
+      like to not install Pantheon’s apps, set
    </para>
    <programlisting>
 services.pantheon.apps.enable = false;
@ -86,7 +86,7 @@ switchboard-with-plugs.override {
    <para>
      please note that, like how the NixOS options describe these as
      extra plugins, this would only add to the default plugins included
-      with the programs. If for some reason you'd like to configure
+      with the programs. If for some reason you’d like to configure
      which plugins to use exactly, both packages have an argument for
      this:
    </para>