diff options
Diffstat (limited to 'nixpkgs/nixos/modules/services/networking/nsd.nix')
-rw-r--r-- | nixpkgs/nixos/modules/services/networking/nsd.nix | 63 |
1 files changed, 31 insertions, 32 deletions
diff --git a/nixpkgs/nixos/modules/services/networking/nsd.nix b/nixpkgs/nixos/modules/services/networking/nsd.nix index cf2afcacc528..09f3bdc7ae07 100644 --- a/nixpkgs/nixos/modules/services/networking/nsd.nix +++ b/nixpkgs/nixos/modules/services/networking/nsd.nix @@ -213,24 +213,24 @@ let example = [ "192.0.2.0/24 NOKEY" "10.0.0.1-10.0.0.5 my_tsig_key_name" "10.0.3.4&255.255.0.0 BLOCKED" ]; - description = '' + description = lib.mdDoc '' Listed primary servers are allowed to notify this secondary server. - <screen><![CDATA[ - Format: <ip> <key-name | NOKEY | BLOCKED> - <ip> either a plain IPv4/IPv6 address or range. Valid patters for ranges: - * 10.0.0.0/24 # via subnet size - * 10.0.0.0&255.255.255.0 # via subnet mask - * 10.0.0.1-10.0.0.254 # via range + Format: `<ip> <key-name | NOKEY | BLOCKED>` + + `<ip>` either a plain IPv4/IPv6 address or range. + Valid patters for ranges: + * `10.0.0.0/24`: via subnet size + * `10.0.0.0&255.255.255.0`: via subnet mask + * `10.0.0.1-10.0.0.254`: via range A optional port number could be added with a '@': - * 2001:1234::1@1234 + * `2001:1234::1@1234` - <key-name | NOKEY | BLOCKED> - * <key-name> will use the specified TSIG key - * NOKEY no TSIG signature is required - * BLOCKED notifies from non-listed or blocked IPs will be ignored - * ]]></screen> + `<key-name | NOKEY | BLOCKED>` + * `<key-name>` will use the specified TSIG key + * `NOKEY` no TSIG signature is required + * `BLOCKED`notifies from non-listed or blocked IPs will be ignored ''; }; @@ -262,7 +262,7 @@ let ''; }; - dnssec = mkEnableOption "DNSSEC"; + dnssec = mkEnableOption (lib.mdDoc "DNSSEC"); dnssecPolicy = { algorithm = mkOption { @@ -344,18 +344,17 @@ let type = types.listOf types.str; default = []; example = [ "10.0.0.1@3721 my_key" "::5 NOKEY" ]; - description = '' + description = lib.mdDoc '' This primary server will notify all given secondary servers about zone changes. - <screen><![CDATA[ - Format: <ip> <key-name | NOKEY> - <ip> a plain IPv4/IPv6 address with on optional port number (ip@port) + Format: `<ip> <key-name | NOKEY>` + + `<ip>` a plain IPv4/IPv6 address with on optional port number (ip@port) - <key-name | NOKEY> - * <key-name> sign notifies with the specified key - * NOKEY don't sign notifies - ]]></screen> + `<key-name | NOKEY>` + - `<key-name>` sign notifies with the specified key + - `NOKEY` don't sign notifies ''; }; @@ -372,7 +371,7 @@ let default = null; example = "2000::1@1234"; description = lib.mdDoc '' - This address will be used for zone-transfere requests if configured + This address will be used for zone-transfer requests if configured as a secondary server or notifications in case of a primary server. Supply either a plain IPv4 or IPv6 address with an optional port number (ip@port). @@ -383,9 +382,9 @@ let type = types.listOf types.str; default = []; example = [ "192.0.2.0/24 NOKEY" "192.0.2.0/24 my_tsig_key_name" ]; - description = '' + description = lib.mdDoc '' Allow these IPs and TSIG to transfer zones, addr TSIG|NOKEY|BLOCKED - address range 192.0.2.0/24, 1.2.3.4&255.255.0.0, 3.0.2.20-3.0.2.40 + address range 192.0.2.0/24, 1.2.3.4&255.255.0.0, 3.0.2.20-3.0.2.40 ''; }; @@ -479,9 +478,9 @@ in # options are ordered alphanumerically options.services.nsd = { - enable = mkEnableOption "NSD authoritative DNS server"; + enable = mkEnableOption (lib.mdDoc "NSD authoritative DNS server"); - bind8Stats = mkEnableOption "BIND8 like statistics"; + bind8Stats = mkEnableOption (lib.mdDoc "BIND8 like statistics"); dnssecInterval = mkOption { type = types.str; @@ -589,7 +588,7 @@ in }; port = mkOption { - type = types.int; + type = types.port; default = 53; description = lib.mdDoc '' Port the service should bind do. @@ -617,7 +616,7 @@ in ''; }; - roundRobin = mkEnableOption "round robin rotation of records"; + roundRobin = mkEnableOption (lib.mdDoc "round robin rotation of records"); serverCount = mkOption { type = types.int; @@ -736,7 +735,7 @@ in ratelimit = { - enable = mkEnableOption "ratelimit capabilities"; + enable = mkEnableOption (lib.mdDoc "ratelimit capabilities"); ipv4PrefixLength = mkOption { type = types.nullOr types.int; @@ -797,7 +796,7 @@ in remoteControl = { - enable = mkEnableOption "remote control via nsd-control"; + enable = mkEnableOption (lib.mdDoc "remote control via nsd-control"); controlCertFile = mkOption { type = types.path; @@ -826,7 +825,7 @@ in }; port = mkOption { - type = types.int; + type = types.port; default = 8952; description = lib.mdDoc '' Port number for remote control operations (uses TLS over TCP). |