summary refs log tree commit diff
path: root/nixos/modules/services/networking
diff options
context:
space:
mode:
authorEelco Dolstra <eelco.dolstra@logicblox.com>2013-10-30 17:37:45 +0100
committerEelco Dolstra <eelco.dolstra@logicblox.com>2013-10-30 18:47:43 +0100
commit408b8b5725c3e6fff75aef772da248d3e95ff414 (patch)
tree692e3b61dbbff85cc97e3becf13a1376dea04a92 /nixos/modules/services/networking
parentd882e1966251880240599d3c1b31e060661506ee (diff)
downloadnixlib-408b8b5725c3e6fff75aef772da248d3e95ff414.tar
nixlib-408b8b5725c3e6fff75aef772da248d3e95ff414.tar.gz
nixlib-408b8b5725c3e6fff75aef772da248d3e95ff414.tar.bz2
nixlib-408b8b5725c3e6fff75aef772da248d3e95ff414.tar.lz
nixlib-408b8b5725c3e6fff75aef772da248d3e95ff414.tar.xz
nixlib-408b8b5725c3e6fff75aef772da248d3e95ff414.tar.zst
nixlib-408b8b5725c3e6fff75aef772da248d3e95ff414.zip
Add lots of missing option types
Diffstat (limited to 'nixos/modules/services/networking')
-rw-r--r--nixos/modules/services/networking/firewall.nix6


-rw-r--r--nixos/modules/services/networking/nat.nix11


-rw-r--r--nixos/modules/services/networking/rpcbind.nix1


-rw-r--r--nixos/modules/services/networking/ssh/sshd.nix15


4 files changed, 26 insertions, 7 deletions
diff --git a/nixos/modules/services/networking/firewall.nix b/nixos/modules/services/networking/firewall.nix
index b24ac2d70325..4ed859c2e7ea 100644
--- a/nixos/modules/services/networking/firewall.nix
+++ b/nixos/modules/services/networking/firewall.nix
@@ -53,6 +53,7 @@ in
   options = {
 
     networking.firewall.enable = mkOption {
+      type = types.bool;
       default = false;
       description =
         ''
@@ -64,6 +65,7 @@ in
     };
 
     networking.firewall.logRefusedConnections = mkOption {
+      type = types.bool;
       default = true;
       description =
         ''
@@ -72,6 +74,7 @@ in
     };
 
     networking.firewall.logRefusedPackets = mkOption {
+      type = types.bool;
       default = false;
       description =
         ''
@@ -82,6 +85,7 @@ in
     };
 
     networking.firewall.logRefusedUnicastsOnly = mkOption {
+      type = types.bool;
       default = true;
       description =
         ''
@@ -93,6 +97,7 @@ in
     };
 
     networking.firewall.rejectPackets = mkOption {
+      type = types.bool;
       default = false;
       description =
         ''
@@ -193,6 +198,7 @@ in
     };
 
     networking.firewall.extraCommands = mkOption {
+      type = types.lines;
       default = "";
       example = "iptables -A INPUT -p icmp -j ACCEPT";
       description =
diff --git a/nixos/modules/services/networking/nat.nix b/nixos/modules/services/networking/nat.nix
index 9d62a764f060..ce28f0188284 100644
--- a/nixos/modules/services/networking/nat.nix
+++ b/nixos/modules/services/networking/nat.nix
@@ -19,6 +19,7 @@ in
   options = {
 
     networking.nat.enable = mkOption {
+      type = types.bool;
       default = false;
       description =
         ''
@@ -27,6 +28,7 @@ in
     };
 
     networking.nat.internalIPs = mkOption {
+      type = types.listOf types.str;
       example = [ "192.168.1.0/24" ] ;
       description =
         ''
@@ -34,12 +36,10 @@ in
           coming from these networks and destined for the external
           interface will be rewritten.
         '';
-      # Backward compatibility: this used to be a single range instead
-      # of a list.
-      apply = x: if isList x then x else [x];
     };
 
     networking.nat.externalInterface = mkOption {
+      type = types.str;
       example = "eth1";
       description =
         ''
@@ -48,7 +48,8 @@ in
     };
 
     networking.nat.externalIP = mkOption {
-      default = "";
+      type = types.nullOr types.str;
+      default = null;
       example = "203.0.113.123";
       description =
         ''
@@ -86,7 +87,7 @@ in
             ''
             iptables -t nat -A POSTROUTING \
               -s ${network} -o ${cfg.externalInterface} \
-              ${if cfg.externalIP == ""
+              ${if cfg.externalIP == null
                 then "-j MASQUERADE"
                 else "-j SNAT --to-source ${cfg.externalIP}"}
             ''
diff --git a/nixos/modules/services/networking/rpcbind.nix b/nixos/modules/services/networking/rpcbind.nix
index 00c958c5a4a2..c966f85e260d 100644
--- a/nixos/modules/services/networking/rpcbind.nix
+++ b/nixos/modules/services/networking/rpcbind.nix
@@ -40,6 +40,7 @@ in
     services.rpcbind = {
 
       enable = mkOption {
+        type = types.bool;
         default = false;
         description = ''
           Whether to enable `rpcbind', an ONC RPC directory service
diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix
index 360c745f3627..48eddb3b2f60 100644
--- a/nixos/modules/services/networking/ssh/sshd.nix
+++ b/nixos/modules/services/networking/ssh/sshd.nix
@@ -27,7 +27,7 @@ let
 
     openssh.authorizedKeys = {
       keys = mkOption {
-        type = types.listOf types.string;
+        type = types.listOf types.str;
         default = [];
         description = ''
           A list of verbatim OpenSSH public keys that should be added to the
@@ -39,6 +39,7 @@ let
       };
 
       keyFiles = mkOption {
+        type = types.listOf types.str;
         default = [];
         description = ''
           A list of files each containing one OpenSSH public key that should be
@@ -77,6 +78,7 @@ in
     services.openssh = {
 
       enable = mkOption {
+        type = types.bool;
         default = false;
         description = ''
           Whether to enable the OpenSSH secure shell daemon, which
@@ -85,6 +87,7 @@ in
       };
 
       forwardX11 = mkOption {
+        type = types.bool;
         default = cfgc.setXAuthLocation;
         description = ''
           Whether to allow X11 connections to be forwarded.
@@ -92,6 +95,7 @@ in
       };
 
       allowSFTP = mkOption {
+        type = types.bool;
         default = true;
         description = ''
           Whether to enable the SFTP subsystem in the SSH daemon.  This
@@ -112,6 +116,7 @@ in
       };
 
       gatewayPorts = mkOption {
+        type = types.str;
         default = "no";
         description = ''
           Specifies whether remote hosts are allowed to connect to
@@ -122,6 +127,7 @@ in
       };
 
       ports = mkOption {
+        type = types.listOf types.int;
         default = [22];
         description = ''
           Specifies on which ports the SSH daemon listens.
@@ -129,6 +135,7 @@ in
       };
 
       passwordAuthentication = mkOption {
+        type = types.bool;
         default = true;
         description = ''
           Specifies whether password authentication is allowed.
@@ -136,6 +143,7 @@ in
       };
 
       challengeResponseAuthentication = mkOption {
+        type = types.bool;
         default = true;
         description = ''
           Specifies whether challenge/response authentication is allowed.
@@ -143,6 +151,7 @@ in
       };
 
       hostKeys = mkOption {
+        type = types.listOf types.attrs;
         default =
           [ { path = "/etc/ssh/ssh_host_dsa_key";
               type = "dsa";
@@ -163,11 +172,13 @@ in
       };
 
       authorizedKeysFiles = mkOption {
+        type = types.listOf types.str;
         default = [];
         description = "Files from with authorized keys are read.";
       };
 
       extraConfig = mkOption {
+        type = types.lines;
         default = "";
         description = "Verbatim contents of <filename>sshd_config</filename>.";
       };
@@ -202,7 +213,7 @@ in
               The path to the public key file for the host. The public
               key file is read at build time and saved in the Nix store.
               You can fetch a public key file from a running SSH server
-              with the <literal>ssh-keyscan</literal> command.
+              with the <command>ssh-keyscan</command> command.
             '';
           };
         };

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-25 18:36:15 +0000