diff options
| author | pennae <github@quasiparticle.net> | 2022-08-30 01:13:36 +0200 |
|---|---|---|
| committer | pennae <github@quasiparticle.net> | 2022-08-31 16:32:53 +0200 |
| commit | e4f876eb7e57f75c52d73b630258e6d85766d8f4 (patch) | |
| tree | 2a916a22f89984e3877052669b552740940a26c7 /nixos/modules/security | |
| parent | c915b915b5e466a0b0b2af2906cd4d2380b8a1de (diff) | |
nixos/*: convert varlist-using options to MD
there are sufficiently few variable list around, and they are sufficiently simple, that it doesn't seem helpful to add another markdown extension for them. rendering differences are small, except in the tor module: admonitions inside other blocks cannot be made to work well with mistune (and likely most other markdown processors), so those had to be shuffled a bit. we also lose paragraph breaks in the list items due to how we have to render from markdown to docbook, but once we remove docbook from the pipeline those paragraph breaks will be restored.
Diffstat (limited to 'nixos/modules/security')
| -rw-r--r-- | nixos/modules/security/misc.nix | 37 |
1 files changed, 11 insertions, 26 deletions
diff --git a/nixos/modules/security/misc.nix b/nixos/modules/security/misc.nix index 6833452a570e1..cd48eade7784f 100644 --- a/nixos/modules/security/misc.nix +++ b/nixos/modules/security/misc.nix @@ -83,34 +83,19 @@ with lib; security.virtualisation.flushL1DataCache = mkOption { type = types.nullOr (types.enum [ "never" "cond" "always" ]); default = null; - description = '' + description = lib.mdDoc '' Whether the hypervisor should flush the L1 data cache before entering guests. - See also <xref linkend="opt-security.allowSimultaneousMultithreading"/>. - - <variablelist> - <varlistentry> - <term><literal>null</literal></term> - <listitem><para>uses the kernel default</para></listitem> - </varlistentry> - <varlistentry> - <term><literal>"never"</literal></term> - <listitem><para>disables L1 data cache flushing entirely. - May be appropriate if all guests are trusted.</para></listitem> - </varlistentry> - <varlistentry> - <term><literal>"cond"</literal></term> - <listitem><para>flushes L1 data cache only for pre-determined - code paths. May leak information about the host address space - layout.</para></listitem> - </varlistentry> - <varlistentry> - <term><literal>"always"</literal></term> - <listitem><para>flushes L1 data cache every time the hypervisor - enters the guest. May incur significant performance cost. - </para></listitem> - </varlistentry> - </variablelist> + See also [](#opt-security.allowSimultaneousMultithreading). + + - `null`: uses the kernel default + - `"never"`: disables L1 data cache flushing entirely. + May be appropriate if all guests are trusted. + - `"cond"`: flushes L1 data cache only for pre-determined + code paths. May leak information about the host address space + layout. + - `"always"`: flushes L1 data cache every time the hypervisor + enters the guest. May incur significant performance cost. ''; }; }; |