diff options
| author | pennae <github@quasiparticle.net> | 2022-08-28 21:18:44 +0200 |
|---|---|---|
| committer | pennae <github@quasiparticle.net> | 2022-08-31 16:32:53 +0200 |
| commit | ef176dcf7e76c3639571d7c6051246c8fbadf12a (patch) | |
| tree | 3bb88ef3515ace2ad477e245bf347213c6055464 /nixos/modules/services/security | |
| parent | 5a643387ec1234c5f25357f2ff962a84895436f6 (diff) | |
| download | nixlib-ef176dcf7e76c3639571d7c6051246c8fbadf12a.tar nixlib-ef176dcf7e76c3639571d7c6051246c8fbadf12a.tar.gz nixlib-ef176dcf7e76c3639571d7c6051246c8fbadf12a.tar.bz2 nixlib-ef176dcf7e76c3639571d7c6051246c8fbadf12a.tar.lz nixlib-ef176dcf7e76c3639571d7c6051246c8fbadf12a.tar.xz nixlib-ef176dcf7e76c3639571d7c6051246c8fbadf12a.tar.zst nixlib-ef176dcf7e76c3639571d7c6051246c8fbadf12a.zip | |
nixos/*: automatically convert option descriptions
conversions were done using https://github.com/pennae/nix-doc-munge
using (probably) rev f34e145 running
nix-doc-munge nixos/**/*.nix
nix-doc-munge --import nixos/**/*.nix
the tool ensures that only changes that could affect the generated
manual *but don't* are committed, other changes require manual review
and are discarded.
Diffstat (limited to 'nixos/modules/services/security')
23 files changed, 43 insertions, 43 deletions
diff --git a/nixos/modules/services/security/aesmd.nix b/nixos/modules/services/security/aesmd.nix index 2f7deb7c8491..7b0a46d6d029 100644 --- a/nixos/modules/services/security/aesmd.nix +++ b/nixos/modules/services/security/aesmd.nix @@ -19,7 +19,7 @@ let in { options.services.aesmd = { - enable = mkEnableOption "Intel's Architectural Enclave Service Manager (AESM) for Intel SGX"; + enable = mkEnableOption (lib.mdDoc "Intel's Architectural Enclave Service Manager (AESM) for Intel SGX"); debug = mkOption { type = types.bool; default = false; diff --git a/nixos/modules/services/security/certmgr.nix b/nixos/modules/services/security/certmgr.nix index 40a566bc960d..e2883856b6d4 100644 --- a/nixos/modules/services/security/certmgr.nix +++ b/nixos/modules/services/security/certmgr.nix @@ -35,7 +35,7 @@ let in { options.services.certmgr = { - enable = mkEnableOption "certmgr"; + enable = mkEnableOption (lib.mdDoc "certmgr"); package = mkOption { type = types.package; diff --git a/nixos/modules/services/security/cfssl.nix b/nixos/modules/services/security/cfssl.nix index 9408a602f137..006b31b18688 100644 --- a/nixos/modules/services/security/cfssl.nix +++ b/nixos/modules/services/security/cfssl.nix @@ -6,7 +6,7 @@ let cfg = config.services.cfssl; in { options.services.cfssl = { - enable = mkEnableOption "the CFSSL CA api-server"; + enable = mkEnableOption (lib.mdDoc "the CFSSL CA api-server"); dataDir = mkOption { default = "/var/lib/cfssl"; diff --git a/nixos/modules/services/security/clamav.nix b/nixos/modules/services/security/clamav.nix index 1b1194d31135..34897a9ac7db 100644 --- a/nixos/modules/services/security/clamav.nix +++ b/nixos/modules/services/security/clamav.nix @@ -26,7 +26,7 @@ in options = { services.clamav = { daemon = { - enable = mkEnableOption "ClamAV clamd daemon"; + enable = mkEnableOption (lib.mdDoc "ClamAV clamd daemon"); settings = mkOption { type = with types; attrsOf (oneOf [ bool int str (listOf str) ]); @@ -38,7 +38,7 @@ in }; }; updater = { - enable = mkEnableOption "ClamAV freshclam updater"; + enable = mkEnableOption (lib.mdDoc "ClamAV freshclam updater"); frequency = mkOption { type = types.int; diff --git a/nixos/modules/services/security/fprintd.nix b/nixos/modules/services/security/fprintd.nix index 45b370009c38..28f9b5908b53 100644 --- a/nixos/modules/services/security/fprintd.nix +++ b/nixos/modules/services/security/fprintd.nix @@ -18,7 +18,7 @@ in services.fprintd = { - enable = mkEnableOption "fprintd daemon and PAM module for fingerprint readers handling"; + enable = mkEnableOption (lib.mdDoc "fprintd daemon and PAM module for fingerprint readers handling"); package = mkOption { type = types.package; @@ -31,7 +31,7 @@ in tod = { - enable = mkEnableOption "Touch OEM Drivers library support"; + enable = mkEnableOption (lib.mdDoc "Touch OEM Drivers library support"); driver = mkOption { type = types.package; diff --git a/nixos/modules/services/security/haka.nix b/nixos/modules/services/security/haka.nix index 893ab89d2a86..c93638f44d60 100644 --- a/nixos/modules/services/security/haka.nix +++ b/nixos/modules/services/security/haka.nix @@ -55,7 +55,7 @@ in services.haka = { - enable = mkEnableOption "Haka"; + enable = mkEnableOption (lib.mdDoc "Haka"); package = mkOption { default = pkgs.haka; @@ -103,9 +103,9 @@ in description = lib.mdDoc "Whether to enable pcap"; }; - nfqueue = mkEnableOption "nfqueue"; + nfqueue = mkEnableOption (lib.mdDoc "nfqueue"); - dump.enable = mkEnableOption "dump"; + dump.enable = mkEnableOption (lib.mdDoc "dump"); dump.input = mkOption { default = "/tmp/input.pcap"; example = "/path/to/file.pcap"; diff --git a/nixos/modules/services/security/haveged.nix b/nixos/modules/services/security/haveged.nix index c65d5ab2923e..db12a28a7d0b 100644 --- a/nixos/modules/services/security/haveged.nix +++ b/nixos/modules/services/security/haveged.nix @@ -15,10 +15,10 @@ in services.haveged = { - enable = mkEnableOption '' + enable = mkEnableOption (lib.mdDoc '' haveged entropy daemon, which refills /dev/random when low. NOTE: does nothing on kernels newer than 5.6. - ''; + ''); # source for the note https://github.com/jirka-h/haveged/issues/57 refill_threshold = mkOption { diff --git a/nixos/modules/services/security/hockeypuck.nix b/nixos/modules/services/security/hockeypuck.nix index 43e90c646054..d3fdaf9b9973 100644 --- a/nixos/modules/services/security/hockeypuck.nix +++ b/nixos/modules/services/security/hockeypuck.nix @@ -7,7 +7,7 @@ in { meta.maintainers = with lib.maintainers; [ etu ]; options.services.hockeypuck = { - enable = lib.mkEnableOption "Hockeypuck OpenPGP Key Server"; + enable = lib.mkEnableOption (lib.mdDoc "Hockeypuck OpenPGP Key Server"); port = lib.mkOption { default = 11371; diff --git a/nixos/modules/services/security/infnoise.nix b/nixos/modules/services/security/infnoise.nix index 883185fab171..739a0a84d90b 100644 --- a/nixos/modules/services/security/infnoise.nix +++ b/nixos/modules/services/security/infnoise.nix @@ -7,7 +7,7 @@ let in { options = { services.infnoise = { - enable = mkEnableOption "the Infinite Noise TRNG driver"; + enable = mkEnableOption (lib.mdDoc "the Infinite Noise TRNG driver"); fillDevRandom = mkOption { description = lib.mdDoc '' diff --git a/nixos/modules/services/security/kanidm.nix b/nixos/modules/services/security/kanidm.nix index 6429273705da..53929761b86c 100644 --- a/nixos/modules/services/security/kanidm.nix +++ b/nixos/modules/services/security/kanidm.nix @@ -53,9 +53,9 @@ let in { options.services.kanidm = { - enableClient = lib.mkEnableOption "the Kanidm client"; - enableServer = lib.mkEnableOption "the Kanidm server"; - enablePam = lib.mkEnableOption "the Kanidm PAM and NSS integration."; + enableClient = lib.mkEnableOption (lib.mdDoc "the Kanidm client"); + enableServer = lib.mkEnableOption (lib.mdDoc "the Kanidm server"); + enablePam = lib.mkEnableOption (lib.mdDoc "the Kanidm PAM and NSS integration."); serverSettings = lib.mkOption { type = lib.types.submodule { diff --git a/nixos/modules/services/security/munge.nix b/nixos/modules/services/security/munge.nix index e2b0921b4bc0..4d6fe33f697b 100644 --- a/nixos/modules/services/security/munge.nix +++ b/nixos/modules/services/security/munge.nix @@ -15,7 +15,7 @@ in options = { services.munge = { - enable = mkEnableOption "munge service"; + enable = mkEnableOption (lib.mdDoc "munge service"); password = mkOption { default = "/etc/munge/munge.key"; diff --git a/nixos/modules/services/security/nginx-sso.nix b/nixos/modules/services/security/nginx-sso.nix index 1c23c29781c0..971f22ed3476 100644 --- a/nixos/modules/services/security/nginx-sso.nix +++ b/nixos/modules/services/security/nginx-sso.nix @@ -8,7 +8,7 @@ let configYml = pkgs.writeText "nginx-sso.yml" (builtins.toJSON cfg.configuration); in { options.services.nginx.sso = { - enable = mkEnableOption "nginx-sso service"; + enable = mkEnableOption (lib.mdDoc "nginx-sso service"); package = mkOption { type = types.package; diff --git a/nixos/modules/services/security/oauth2_proxy.nix b/nixos/modules/services/security/oauth2_proxy.nix index e0b22d3f38eb..e3f8e75ca247 100644 --- a/nixos/modules/services/security/oauth2_proxy.nix +++ b/nixos/modules/services/security/oauth2_proxy.nix @@ -86,7 +86,7 @@ let in { options.services.oauth2_proxy = { - enable = mkEnableOption "oauth2_proxy"; + enable = mkEnableOption (lib.mdDoc "oauth2_proxy"); package = mkOption { type = types.package; diff --git a/nixos/modules/services/security/opensnitch.nix b/nixos/modules/services/security/opensnitch.nix index 4558236339e5..1612b0edf016 100644 --- a/nixos/modules/services/security/opensnitch.nix +++ b/nixos/modules/services/security/opensnitch.nix @@ -8,7 +8,7 @@ let in { options = { services.opensnitch = { - enable = mkEnableOption "Opensnitch application firewall"; + enable = mkEnableOption (lib.mdDoc "Opensnitch application firewall"); settings = mkOption { type = types.submodule { freeformType = format.type; diff --git a/nixos/modules/services/security/pass-secret-service.nix b/nixos/modules/services/security/pass-secret-service.nix index 611cea48ee6f..c3c70d97ff59 100644 --- a/nixos/modules/services/security/pass-secret-service.nix +++ b/nixos/modules/services/security/pass-secret-service.nix @@ -7,7 +7,7 @@ let in { options.services.passSecretService = { - enable = mkEnableOption "pass secret service"; + enable = mkEnableOption (lib.mdDoc "pass secret service"); package = mkOption { type = types.package; diff --git a/nixos/modules/services/security/privacyidea.nix b/nixos/modules/services/security/privacyidea.nix index ce98b0393ee7..26d9a8835bd3 100644 --- a/nixos/modules/services/security/privacyidea.nix +++ b/nixos/modules/services/security/privacyidea.nix @@ -66,7 +66,7 @@ in { options = { services.privacyidea = { - enable = mkEnableOption "PrivacyIDEA"; + enable = mkEnableOption (lib.mdDoc "PrivacyIDEA"); environmentFile = mkOption { type = types.nullOr types.path; @@ -179,7 +179,7 @@ in }; ldap-proxy = { - enable = mkEnableOption "PrivacyIDEA LDAP Proxy"; + enable = mkEnableOption (lib.mdDoc "PrivacyIDEA LDAP Proxy"); configFile = mkOption { type = types.nullOr types.path; diff --git a/nixos/modules/services/security/sks.nix b/nixos/modules/services/security/sks.nix index e9205e4855e5..550b61916a22 100644 --- a/nixos/modules/services/security/sks.nix +++ b/nixos/modules/services/security/sks.nix @@ -16,10 +16,10 @@ in { services.sks = { - enable = mkEnableOption '' + enable = mkEnableOption (lib.mdDoc '' SKS (synchronizing key server for OpenPGP) and start the database server. You need to create "''${dataDir}/dump/*.gpg" for the initial - import''; + import''); package = mkOption { default = pkgs.sks; diff --git a/nixos/modules/services/security/sslmate-agent.nix b/nixos/modules/services/security/sslmate-agent.nix index c850eb22a031..2d72406f0db8 100644 --- a/nixos/modules/services/security/sslmate-agent.nix +++ b/nixos/modules/services/security/sslmate-agent.nix @@ -10,7 +10,7 @@ in { options = { services.sslmate-agent = { - enable = mkEnableOption "sslmate-agent, a daemon for managing SSL/TLS certificates on a server"; + enable = mkEnableOption (lib.mdDoc "sslmate-agent, a daemon for managing SSL/TLS certificates on a server"); }; }; diff --git a/nixos/modules/services/security/step-ca.nix b/nixos/modules/services/security/step-ca.nix index 1afcf659632e..8cbab5af0977 100644 --- a/nixos/modules/services/security/step-ca.nix +++ b/nixos/modules/services/security/step-ca.nix @@ -8,8 +8,8 @@ in options = { services.step-ca = { - enable = lib.mkEnableOption "the smallstep certificate authority server"; - openFirewall = lib.mkEnableOption "opening the certificate authority server port"; + enable = lib.mkEnableOption (lib.mdDoc "the smallstep certificate authority server"); + openFirewall = lib.mkEnableOption (lib.mdDoc "opening the certificate authority server port"); package = lib.mkOption { type = lib.types.package; default = pkgs.step-ca; diff --git a/nixos/modules/services/security/tor.nix b/nixos/modules/services/security/tor.nix index 75f9cf3cc7f4..c5978f461a5a 100644 --- a/nixos/modules/services/security/tor.nix +++ b/nixos/modules/services/security/tor.nix @@ -224,11 +224,11 @@ in options = { services.tor = { - enable = mkEnableOption ''Tor daemon. + enable = mkEnableOption (lib.mdDoc ''Tor daemon. By default, the daemon is run without - relay, exit, bridge or client connectivity''; + relay, exit, bridge or client connectivity''); - openFirewall = mkEnableOption "opening of the relay port(s) in the firewall"; + openFirewall = mkEnableOption (lib.mdDoc "opening of the relay port(s) in the firewall"); package = mkOption { type = types.package; @@ -237,19 +237,19 @@ in description = lib.mdDoc "Tor package to use."; }; - enableGeoIP = mkEnableOption ''use of GeoIP databases. + enableGeoIP = mkEnableOption (lib.mdDoc ''use of GeoIP databases. Disabling this will disable by-country statistics for bridges and relays - and some client and third-party software functionality'' // { default = true; }; + and some client and third-party software functionality'') // { default = true; }; - controlSocket.enable = mkEnableOption ''control socket, - created in <literal>${runDir}/control</literal>''; + controlSocket.enable = mkEnableOption (lib.mdDoc ''control socket, + created in `${runDir}/control`''); client = { - enable = mkEnableOption ''the routing of application connections. - You might want to disable this if you plan running a dedicated Tor relay''; + enable = mkEnableOption (lib.mdDoc ''the routing of application connections. + You might want to disable this if you plan running a dedicated Tor relay''); - transparentProxy.enable = mkEnableOption "transparent proxy"; - dns.enable = mkEnableOption "DNS resolver"; + transparentProxy.enable = mkEnableOption (lib.mdDoc "transparent proxy"); + dns.enable = mkEnableOption (lib.mdDoc "DNS resolver"); socksListenAddress = mkOption { type = optionSOCKSPort false; diff --git a/nixos/modules/services/security/usbguard.nix b/nixos/modules/services/security/usbguard.nix index 242475939068..1b1fa84c4fa3 100644 --- a/nixos/modules/services/security/usbguard.nix +++ b/nixos/modules/services/security/usbguard.nix @@ -39,7 +39,7 @@ in options = { services.usbguard = { - enable = mkEnableOption "USBGuard daemon"; + enable = mkEnableOption (lib.mdDoc "USBGuard daemon"); package = mkOption { type = types.package; diff --git a/nixos/modules/services/security/vault.nix b/nixos/modules/services/security/vault.nix index c471bf01869b..73943458829d 100644 --- a/nixos/modules/services/security/vault.nix +++ b/nixos/modules/services/security/vault.nix @@ -43,7 +43,7 @@ in { options = { services.vault = { - enable = mkEnableOption "Vault daemon"; + enable = mkEnableOption (lib.mdDoc "Vault daemon"); package = mkOption { type = types.package; diff --git a/nixos/modules/services/security/vaultwarden/default.nix b/nixos/modules/services/security/vaultwarden/default.nix index 3aa38ed819f6..fd8b00ffc5e2 100644 --- a/nixos/modules/services/security/vaultwarden/default.nix +++ b/nixos/modules/services/security/vaultwarden/default.nix @@ -39,7 +39,7 @@ in { ]; options.services.vaultwarden = with types; { - enable = mkEnableOption "vaultwarden"; + enable = mkEnableOption (lib.mdDoc "vaultwarden"); dbBackend = mkOption { type = enum [ "sqlite" "mysql" "postgresql" ]; |