diff options
| author | pennae <github@quasiparticle.net> | 2022-08-02 02:47:05 +0200 |
|---|---|---|
| committer | pennae <github@quasiparticle.net> | 2022-08-03 21:03:23 +0200 |
| commit | 16102dce2fbad670bd47dd75c860a8daa5fe47ad (patch) | |
| tree | 26fa9aed51c066b5145eae0d87f4ba387e3ecd48 /nixos/modules/security | |
| parent | 694d5b19d30bf66687b42fb77f43ea7cd1002a62 (diff) | |
nixos/*: replace <code> in option docs with <literal>
markdown can't represent the difference without another extension and both the html manual and the manpage render them the same, so keeping the distinction is not very useful on its own. with the distinction removed we can automatically convert many options that use <code> tags to markdown. the manpage remains unchanged, html manual does not render differently (but class names on code tags do change from "code" to "literal").
Diffstat (limited to 'nixos/modules/security')
| -rw-r--r-- | nixos/modules/security/acme/default.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/security/doas.nix | 32 | ||||
| -rw-r--r-- | nixos/modules/security/sudo.nix | 14 |
3 files changed, 24 insertions, 24 deletions
diff --git a/nixos/modules/security/acme/default.nix b/nixos/modules/security/acme/default.nix index 54b44dcab62be..5f4344d451c88 100644 --- a/nixos/modules/security/acme/default.nix +++ b/nixos/modules/security/acme/default.nix @@ -505,7 +505,7 @@ let type = types.listOf types.str; inherit (defaultAndText "reloadServices" []) default defaultText; description = '' - The list of systemd services to call <code>systemctl try-reload-or-restart</code> + The list of systemd services to call <literal>systemctl try-reload-or-restart</literal> on. ''; }; diff --git a/nixos/modules/security/doas.nix b/nixos/modules/security/doas.nix index d4b51b406e288..2641548221a95 100644 --- a/nixos/modules/security/doas.nix +++ b/nixos/modules/security/doas.nix @@ -63,7 +63,7 @@ in type = with types; bool; default = true; description = '' - Whether users of the <code>wheel</code> group must provide a password to + Whether users of the <literal>wheel</literal> group must provide a password to run commands as super user via <command>doas</command>. ''; }; @@ -74,7 +74,7 @@ in Define specific rules to be set in the <filename>/etc/doas.conf</filename> file. More specific rules should come after more general ones in order to yield the expected behavior. - You can use <code>mkBefore</code> and/or <code>mkAfter</code> to ensure + You can use <literal>mkBefore</literal> and/or <literal>mkAfter</literal> to ensure this is the case when configuration options are merged. ''; example = literalExpression '' @@ -114,7 +114,7 @@ in type = with types; bool; default = false; description = '' - If <code>true</code>, the user is not required to enter a + If <literal>true</literal>, the user is not required to enter a password. ''; }; @@ -123,7 +123,7 @@ in type = with types; bool; default = false; description = '' - If <code>true</code>, successful executions will not be logged + If <literal>true</literal>, successful executions will not be logged to <citerefentry><refentrytitle>syslogd</refentrytitle><manvolnum>8</manvolnum></citerefentry>. ''; @@ -133,7 +133,7 @@ in type = with types; bool; default = false; description = '' - If <code>true</code>, do not ask for a password again for some + If <literal>true</literal>, do not ask for a password again for some time after the user successfully authenticates. ''; }; @@ -142,7 +142,7 @@ in type = with types; bool; default = false; description = '' - If <code>true</code>, environment variables other than those + If <literal>true</literal>, environment variables other than those listed in <citerefentry><refentrytitle>doas</refentrytitle><manvolnum>1</manvolnum></citerefentry> are kept when creating the environment for the new process. @@ -155,15 +155,15 @@ in description = '' Keep or set the specified variables. Variables may also be removed with a leading '-' or set using - <code>variable=value</code>. If the first character of - <code>value</code> is a '$', the value to be set is taken from + <literal>variable=value</literal>. If the first character of + <literal>value</literal> is a '$', the value to be set is taken from the existing environment variable of the indicated name. This option is processed after the default environment has been created. - NOTE: All rules have <code>setenv { SSH_AUTH_SOCK }</code> by - default. To prevent <code>SSH_AUTH_SOCK</code> from being - inherited, add <code>"-SSH_AUTH_SOCK"</code> anywhere in this + NOTE: All rules have <literal>setenv { SSH_AUTH_SOCK }</literal> by + default. To prevent <literal>SSH_AUTH_SOCK</literal> from being + inherited, add <literal>"-SSH_AUTH_SOCK"</literal> anywhere in this list. ''; }; @@ -185,12 +185,12 @@ in default = null; description = '' Which user or group the specified command is allowed to run as. - When set to <code>null</code> (the default), all users are + When set to <literal>null</literal> (the default), all users are allowed. A user can be specified using just the username: - <code>"foo"</code>. It is also possible to only allow running as - a specific group with <code>":bar"</code>. + <literal>"foo"</literal>. It is also possible to only allow running as + a specific group with <literal>":bar"</literal>. ''; }; @@ -199,7 +199,7 @@ in default = null; description = '' The command the user is allowed to run. When set to - <code>null</code> (the default), all commands are allowed. + <literal>null</literal> (the default), all commands are allowed. NOTE: It is best practice to specify absolute paths. If a relative path is specified, only a restricted PATH will be @@ -212,7 +212,7 @@ in default = null; description = '' Arguments that must be provided to the command. When set to - <code>[]</code>, the command must be run without any arguments. + <literal>[]</literal>, the command must be run without any arguments. ''; }; }; diff --git a/nixos/modules/security/sudo.nix b/nixos/modules/security/sudo.nix index 2e30a8915d865..c1a69aedde452 100644 --- a/nixos/modules/security/sudo.nix +++ b/nixos/modules/security/sudo.nix @@ -56,7 +56,7 @@ in default = true; description = '' - Whether users of the <code>wheel</code> group must + Whether users of the <literal>wheel</literal> group must provide a password to run commands as super user via <command>sudo</command>. ''; }; @@ -65,9 +65,9 @@ in type = types.bool; default = false; description = '' - Only allow members of the <code>wheel</code> group to execute sudo by + Only allow members of the <literal>wheel</literal> group to execute sudo by setting the executable's permissions accordingly. - This prevents users that are not members of <code>wheel</code> from + This prevents users that are not members of <literal>wheel</literal> from exploiting vulnerabilities in sudo such as CVE-2021-3156. ''; }; @@ -142,9 +142,9 @@ in description = '' Under which user/group the specified command is allowed to run. - A user can be specified using just the username: <code>"foo"</code>. - It is also possible to specify a user/group combination using <code>"foo:bar"</code> - or to only allow running as a specific group with <code>":bar"</code>. + A user can be specified using just the username: <literal>"foo"</literal>. + It is also possible to specify a user/group combination using <literal>"foo:bar"</literal> + or to only allow running as a specific group with <literal>":bar"</literal>. ''; }; @@ -159,7 +159,7 @@ in type = with types; str; description = '' A command being either just a path to a binary to allow any arguments, - the full command with arguments pre-set or with <code>""</code> used as the argument, + the full command with arguments pre-set or with <literal>""</literal> used as the argument, not allowing arguments to the command at all. ''; }; |