nixos/security.wrappers: improve documentation

* The source attribute is mandatory, not optional
* The program attribute is optional
* Move the info about the mandatory attribute first (most important,
  IMHO)

1 files changed, 8 insertions, 6 deletions

diff --git a/nixos/modules/security/wrappers/default.nix b/nixos/modules/security/wrappers/default.nix
index 98913a974fc9..861ce225257d 100644
--- a/nixos/modules/security/wrappers/default.nix
+++ b/nixos/modules/security/wrappers/default.nix
@@ -116,16 +116,18 @@ in
         default (setuid root, but not setgid root).
 
         <note>
+          <para>The sub-attribute <literal>source</literal> is mandatory,
+          it must be the absolute path to the program to be wrapped.
+          </para>
+
+          <para>The sub-attribute <literal>program</literal> is optional and
+          can give the wrapper program a new name. The default name is the same
+          as the attribute name itself.</para>
+
           <para>Additionally, this option can set capabilities on a
           wrapper program that propagates those capabilities down to the
           wrapped, real program.</para>
 
-          <para>The <literal>program</literal> attribute is the name of
-          the program to be wrapped. If no <literal>source</literal>
-          attribute is provided, specifying the absolute path to the
-          program, then the program will be searched for in the path
-          environment variable.</para>
-
           <para>NOTE: cap_setpcap, which is required for the wrapper
           program to be able to raise caps into the Ambient set is NOT
           raised to the Ambient set so that the real program cannot