diff options
Diffstat (limited to 'nixpkgs/nixos/modules/services/misc/taskserver/default.nix')
-rw-r--r-- | nixpkgs/nixos/modules/services/misc/taskserver/default.nix | 93 |
1 files changed, 46 insertions, 47 deletions
diff --git a/nixpkgs/nixos/modules/services/misc/taskserver/default.nix b/nixpkgs/nixos/modules/services/misc/taskserver/default.nix index ff63c41e193c..ad4ab93a872a 100644 --- a/nixpkgs/nixos/modules/services/misc/taskserver/default.nix +++ b/nixpkgs/nixos/modules/services/misc/taskserver/default.nix @@ -89,7 +89,7 @@ let type = types.uniq (types.listOf types.str); default = []; example = [ "alice" "bob" ]; - description = '' + description = lib.mdDoc '' A list of user names that belong to the organization. ''; }; @@ -98,7 +98,7 @@ let type = types.listOf types.str; default = []; example = [ "workers" "slackers" ]; - description = '' + description = lib.mdDoc '' A list of group names that belong to the organization. ''; }; @@ -106,7 +106,7 @@ let certtool = "${pkgs.gnutls.bin}/bin/certtool"; - nixos-taskserver = with pkgs.python2.pkgs; buildPythonApplication { + nixos-taskserver = with pkgs.python3.pkgs; buildPythonApplication { name = "nixos-taskserver"; src = pkgs.runCommand "nixos-taskserver-src" { preferLocalBuild = true; } '' @@ -151,19 +151,19 @@ in { user = mkOption { type = types.str; default = "taskd"; - description = "User for Taskserver."; + description = lib.mdDoc "User for Taskserver."; }; group = mkOption { type = types.str; default = "taskd"; - description = "Group for Taskserver."; + description = lib.mdDoc "Group for Taskserver."; }; dataDir = mkOption { type = types.path; default = "/var/lib/taskserver"; - description = "Data directory for Taskserver."; + description = lib.mdDoc "Data directory for Taskserver."; }; ciphers = mkOption { @@ -184,17 +184,17 @@ in { example.myShinyOrganisation.users = [ "alice" "bob" ]; example.myShinyOrganisation.groups = [ "staff" "outsiders" ]; example.yetAnotherOrganisation.users = [ "foo" "bar" ]; - description = '' + description = lib.mdDoc '' An attribute set where the keys name the organisation and the values - are a set of lists of <option>users</option> and - <option>groups</option>. + are a set of lists of {option}`users` and + {option}`groups`. ''; }; confirmation = mkOption { type = types.bool; default = true; - description = '' + description = lib.mdDoc '' Determines whether certain commands are confirmed. ''; }; @@ -202,7 +202,7 @@ in { debug = mkOption { type = types.bool; default = false; - description = '' + description = lib.mdDoc '' Logs debugging information. ''; }; @@ -210,7 +210,7 @@ in { extensions = mkOption { type = types.nullOr types.path; default = null; - description = '' + description = lib.mdDoc '' Fully qualified path of the Taskserver extension scripts. Currently there are none. ''; @@ -219,7 +219,7 @@ in { ipLog = mkOption { type = types.bool; default = false; - description = '' + description = lib.mdDoc '' Logs the IP addresses of incoming requests. ''; }; @@ -227,18 +227,15 @@ in { queueSize = mkOption { type = types.int; default = 10; - description = '' - Size of the connection backlog, see <citerefentry> - <refentrytitle>listen</refentrytitle> - <manvolnum>2</manvolnum> - </citerefentry>. + description = lib.mdDoc '' + Size of the connection backlog, see {manpage}`listen(2)`. ''; }; requestLimit = mkOption { type = types.int; default = 1048576; - description = '' + description = lib.mdDoc '' Size limit of incoming requests, in bytes. ''; }; @@ -247,13 +244,13 @@ in { type = with types; either str (listOf str); default = []; example = [ "[Tt]ask [2-9]+" ]; - description = '' + description = lib.mdDoc '' A list of regular expressions that are matched against the reported - client id (such as <literal>task 2.3.0</literal>). + client id (such as `task 2.3.0`). - The values <literal>all</literal> or <literal>none</literal> have + The values `all` or `none` have special meaning. Overidden by any entry in the option - <option>services.taskserver.disallowedClientIDs</option>. + {option}`services.taskserver.disallowedClientIDs`. ''; }; @@ -261,13 +258,13 @@ in { type = with types; either str (listOf str); default = []; example = [ "[Tt]ask [2-9]+" ]; - description = '' + description = lib.mdDoc '' A list of regular expressions that are matched against the reported - client id (such as <literal>task 2.3.0</literal>). + client id (such as `task 2.3.0`). - The values <literal>all</literal> or <literal>none</literal> have + The values `all` or `none` have special meaning. Any entry here overrides those in - <option>services.taskserver.allowedClientIDs</option>. + {option}`services.taskserver.allowedClientIDs`. ''; }; @@ -275,27 +272,31 @@ in { type = types.str; default = "localhost"; example = "::"; - description = '' + description = lib.mdDoc '' The address (IPv4, IPv6 or DNS) to listen on. - - If the value is something else than <literal>localhost</literal> the - port defined by <option>listenPort</option> is automatically added to - <option>networking.firewall.allowedTCPPorts</option>. ''; }; listenPort = mkOption { type = types.int; default = 53589; - description = '' + description = lib.mdDoc '' Port number of the Taskserver. ''; }; + openFirewall = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Whether to open the firewall for the specified Taskserver port. + ''; + }; + fqdn = mkOption { type = types.str; default = "localhost"; - description = '' + description = lib.mdDoc '' The fully qualified domain name of this server, which is also used as the common name in the certificates. ''; @@ -304,12 +305,12 @@ in { trust = mkOption { type = types.enum [ "allow all" "strict" ]; default = "strict"; - description = '' + description = lib.mdDoc '' Determines how client certificates are validated. - The value <literal>allow all</literal> performs no client + The value `allow all` performs no client certificate validation. This is not recommended. The value - <literal>strict</literal> causes the client certificate to be + `strict` causes the client certificate to be validated against a CA. ''; }; @@ -320,18 +321,16 @@ in { config = mkOption { type = types.attrs; example.client.cert = "/tmp/debugging.cert"; - description = '' + description = lib.mdDoc '' Configuration options to pass to Taskserver. - The options here are the same as described in <citerefentry> - <refentrytitle>taskdrc</refentrytitle> - <manvolnum>5</manvolnum> - </citerefentry>, but with one difference: + The options here are the same as described in + {manpage}`taskdrc(5)`, but with one difference: - The <literal>server</literal> option is - <literal>server.listen</literal> here, because the - <literal>server</literal> option would collide with other options - like <literal>server.cert</literal> and we would run in a type error + The `server` option is + `server.listen` here, because the + `server` option would collide with other options + like `server.cert` and we would run in a type error (attribute set versus string). Nix types like integers or booleans are automatically converted to @@ -560,7 +559,7 @@ in { ''; }; }) - (mkIf (cfg.enable && cfg.listenHost != "localhost") { + (mkIf (cfg.enable && cfg.openFirewall) { networking.firewall.allowedTCPPorts = [ cfg.listenPort ]; }) ]; |