diff options
author | Naïm Favier <n@monade.li> | 2021-10-03 18:06:03 +0200 |
---|---|---|
committer | Naïm Favier <n@monade.li> | 2021-10-04 12:47:20 +0200 |
commit | 2ddc335e6f32b875e14ad9610101325b306a0add (patch) | |
tree | 2a4591c137cb363a6ec09f529d587a10aa7a0bc7 /nixos/modules/services/security | |
parent | 330b1e08b8df4e1f0100a0a7810ec3157749e5ee (diff) |
nixos/doc: clean up defaults and examples
Diffstat (limited to 'nixos/modules/services/security')
-rw-r--r-- | nixos/modules/services/security/certmgr.nix | 4 | ||||
-rw-r--r-- | nixos/modules/services/security/cfssl.nix | 4 | ||||
-rw-r--r-- | nixos/modules/services/security/fail2ban.nix | 10 | ||||
-rw-r--r-- | nixos/modules/services/security/fprintd.nix | 4 | ||||
-rw-r--r-- | nixos/modules/services/security/haka.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/security/hockeypuck.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/security/nginx-sso.nix | 4 | ||||
-rw-r--r-- | nixos/modules/services/security/oauth2_proxy.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/security/privacyidea.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/security/shibboleth-sp.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/security/sks.nix | 4 | ||||
-rw-r--r-- | nixos/modules/services/security/step-ca.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/security/tor.nix | 3 | ||||
-rw-r--r-- | nixos/modules/services/security/usbguard.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/security/vault.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/security/vaultwarden/default.nix | 6 | ||||
-rw-r--r-- | nixos/modules/services/security/yubikey-agent.nix | 2 |
17 files changed, 28 insertions, 27 deletions
diff --git a/nixos/modules/services/security/certmgr.nix b/nixos/modules/services/security/certmgr.nix index 94c0ba141179e..d302a4e000209 100644 --- a/nixos/modules/services/security/certmgr.nix +++ b/nixos/modules/services/security/certmgr.nix @@ -40,7 +40,7 @@ in package = mkOption { type = types.package; default = pkgs.certmgr; - defaultText = "pkgs.certmgr"; + defaultText = literalExpression "pkgs.certmgr"; description = "Which certmgr package to use in the service."; }; @@ -76,7 +76,7 @@ in specs = mkOption { default = {}; - example = literalExample '' + example = literalExpression '' { exampleCert = let diff --git a/nixos/modules/services/security/cfssl.nix b/nixos/modules/services/security/cfssl.nix index ee6d5d91fe155..e5bed0a9987c0 100644 --- a/nixos/modules/services/security/cfssl.nix +++ b/nixos/modules/services/security/cfssl.nix @@ -27,13 +27,13 @@ in { }; ca = mkOption { - defaultText = "\${cfg.dataDir}/ca.pem"; + defaultText = literalExpression ''"''${cfg.dataDir}/ca.pem"''; type = types.str; description = "CA used to sign the new certificate -- accepts '[file:]fname' or 'env:varname'."; }; caKey = mkOption { - defaultText = "file:\${cfg.dataDir}/ca-key.pem"; + defaultText = literalExpression ''"file:''${cfg.dataDir}/ca-key.pem"''; type = types.str; description = "CA private key -- accepts '[file:]fname' or 'env:varname'."; }; diff --git a/nixos/modules/services/security/fail2ban.nix b/nixos/modules/services/security/fail2ban.nix index 499d346675096..67e1026dcef4d 100644 --- a/nixos/modules/services/security/fail2ban.nix +++ b/nixos/modules/services/security/fail2ban.nix @@ -55,22 +55,24 @@ in package = mkOption { default = pkgs.fail2ban; + defaultText = literalExpression "pkgs.fail2ban"; type = types.package; - example = "pkgs.fail2ban_0_11"; + example = literalExpression "pkgs.fail2ban_0_11"; description = "The fail2ban package to use for running the fail2ban service."; }; packageFirewall = mkOption { default = pkgs.iptables; + defaultText = literalExpression "pkgs.iptables"; type = types.package; - example = "pkgs.nftables"; + example = literalExpression "pkgs.nftables"; description = "The firewall package used by fail2ban service."; }; extraPackages = mkOption { default = []; type = types.listOf types.package; - example = lib.literalExample "[ pkgs.ipset ]"; + example = lib.literalExpression "[ pkgs.ipset ]"; description = '' Extra packages to be made available to the fail2ban service. The example contains the packages needed by the `iptables-ipset-proto6` action. @@ -202,7 +204,7 @@ in jails = mkOption { default = { }; - example = literalExample '' + example = literalExpression '' { apache-nohome-iptables = ''' # Block an IP address if it accesses a non-existent # home directory more than 5 times in 10 minutes, diff --git a/nixos/modules/services/security/fprintd.nix b/nixos/modules/services/security/fprintd.nix index fe0fba5b45d76..87c3f1f6f9e42 100644 --- a/nixos/modules/services/security/fprintd.nix +++ b/nixos/modules/services/security/fprintd.nix @@ -23,7 +23,7 @@ in package = mkOption { type = types.package; default = fprintdPkg; - defaultText = "if cfg.tod.enable then pkgs.fprintd-tod else pkgs.fprintd"; + defaultText = literalExpression "if config.services.fprintd.tod.enable then pkgs.fprintd-tod else pkgs.fprintd"; description = '' fprintd package to use. ''; @@ -35,7 +35,7 @@ in driver = mkOption { type = types.package; - example = literalExample "pkgs.libfprint-2-tod1-goodix"; + example = literalExpression "pkgs.libfprint-2-tod1-goodix"; description = '' Touch OEM Drivers (TOD) package to use. ''; diff --git a/nixos/modules/services/security/haka.nix b/nixos/modules/services/security/haka.nix index 618e689924fd6..2cfc05f3033bb 100644 --- a/nixos/modules/services/security/haka.nix +++ b/nixos/modules/services/security/haka.nix @@ -59,7 +59,7 @@ in package = mkOption { default = pkgs.haka; - defaultText = "pkgs.haka"; + defaultText = literalExpression "pkgs.haka"; type = types.package; description = " Which Haka derivation to use. diff --git a/nixos/modules/services/security/hockeypuck.nix b/nixos/modules/services/security/hockeypuck.nix index 2e98624bb2eeb..d0e152934f508 100644 --- a/nixos/modules/services/security/hockeypuck.nix +++ b/nixos/modules/services/security/hockeypuck.nix @@ -18,7 +18,7 @@ in { settings = lib.mkOption { type = settingsFormat.type; default = { }; - example = lib.literalExample '' + example = lib.literalExpression '' { hockeypuck = { loglevel = "INFO"; diff --git a/nixos/modules/services/security/nginx-sso.nix b/nixos/modules/services/security/nginx-sso.nix index 50d250fc4d761..b4de1d36edd8d 100644 --- a/nixos/modules/services/security/nginx-sso.nix +++ b/nixos/modules/services/security/nginx-sso.nix @@ -13,7 +13,7 @@ in { package = mkOption { type = types.package; default = pkgs.nginx-sso; - defaultText = "pkgs.nginx-sso"; + defaultText = literalExpression "pkgs.nginx-sso"; description = '' The nginx-sso package that should be used. ''; @@ -22,7 +22,7 @@ in { configuration = mkOption { type = types.attrsOf types.unspecified; default = {}; - example = literalExample '' + example = literalExpression '' { listen = { addr = "127.0.0.1"; port = 8080; }; diff --git a/nixos/modules/services/security/oauth2_proxy.nix b/nixos/modules/services/security/oauth2_proxy.nix index e85fd4b75df4f..4d35624241708 100644 --- a/nixos/modules/services/security/oauth2_proxy.nix +++ b/nixos/modules/services/security/oauth2_proxy.nix @@ -91,7 +91,7 @@ in package = mkOption { type = types.package; default = pkgs.oauth2-proxy; - defaultText = "pkgs.oauth2-proxy"; + defaultText = literalExpression "pkgs.oauth2-proxy"; description = '' The package that provides oauth2-proxy. ''; diff --git a/nixos/modules/services/security/privacyidea.nix b/nixos/modules/services/security/privacyidea.nix index 5f894d0fa691e..e78c4383e4bae 100644 --- a/nixos/modules/services/security/privacyidea.nix +++ b/nixos/modules/services/security/privacyidea.nix @@ -169,7 +169,6 @@ in configFile = mkOption { type = types.path; - default = ""; description = '' Path to PrivacyIDEA LDAP Proxy configuration (proxy.ini). ''; diff --git a/nixos/modules/services/security/shibboleth-sp.nix b/nixos/modules/services/security/shibboleth-sp.nix index 5908f727d5355..fea2a855e20f0 100644 --- a/nixos/modules/services/security/shibboleth-sp.nix +++ b/nixos/modules/services/security/shibboleth-sp.nix @@ -14,7 +14,7 @@ in { configFile = mkOption { type = types.path; - example = "${pkgs.shibboleth-sp}/etc/shibboleth/shibboleth2.xml"; + example = literalExpression ''"''${pkgs.shibboleth-sp}/etc/shibboleth/shibboleth2.xml"''; description = "Path to shibboleth config file"; }; diff --git a/nixos/modules/services/security/sks.nix b/nixos/modules/services/security/sks.nix index a91060dc659a7..f4911597564b6 100644 --- a/nixos/modules/services/security/sks.nix +++ b/nixos/modules/services/security/sks.nix @@ -23,7 +23,7 @@ in { package = mkOption { default = pkgs.sks; - defaultText = "pkgs.sks"; + defaultText = literalExpression "pkgs.sks"; type = types.package; description = "Which SKS derivation to use."; }; @@ -74,7 +74,7 @@ in { webroot = mkOption { type = types.nullOr types.path; default = "${sksPkg.webSamples}/OpenPKG"; - defaultText = "\${pkgs.sks.webSamples}/OpenPKG"; + defaultText = literalExpression ''"''${package.webSamples}/OpenPKG"''; description = '' Source directory (will be symlinked, if not null) for the files the built-in webserver should serve. SKS (''${pkgs.sks.webSamples}) diff --git a/nixos/modules/services/security/step-ca.nix b/nixos/modules/services/security/step-ca.nix index 64eee11f58805..2eccc30e4056a 100644 --- a/nixos/modules/services/security/step-ca.nix +++ b/nixos/modules/services/security/step-ca.nix @@ -13,6 +13,7 @@ in package = lib.mkOption { type = lib.types.package; default = pkgs.step-ca; + defaultText = lib.literalExpression "pkgs.step-ca"; description = "Which step-ca package to use."; }; address = lib.mkOption { diff --git a/nixos/modules/services/security/tor.nix b/nixos/modules/services/security/tor.nix index 1e1f443905d44..c94b248d5f101 100644 --- a/nixos/modules/services/security/tor.nix +++ b/nixos/modules/services/security/tor.nix @@ -232,8 +232,7 @@ in package = mkOption { type = types.package; default = pkgs.tor; - defaultText = "pkgs.tor"; - example = literalExample "pkgs.tor"; + defaultText = literalExpression "pkgs.tor"; description = "Tor package to use."; }; diff --git a/nixos/modules/services/security/usbguard.nix b/nixos/modules/services/security/usbguard.nix index 4cdb3a041b59d..201b37f17ba58 100644 --- a/nixos/modules/services/security/usbguard.nix +++ b/nixos/modules/services/security/usbguard.nix @@ -44,7 +44,7 @@ in package = mkOption { type = types.package; default = pkgs.usbguard; - defaultText = "pkgs.usbguard"; + defaultText = literalExpression "pkgs.usbguard"; description = '' The usbguard package to use. If you do not need the Qt GUI, use <literal>pkgs.usbguard-nox</literal> to save disk space. diff --git a/nixos/modules/services/security/vault.nix b/nixos/modules/services/security/vault.nix index 5a20f6413b1b7..b0ade62d97c9b 100644 --- a/nixos/modules/services/security/vault.nix +++ b/nixos/modules/services/security/vault.nix @@ -42,7 +42,7 @@ in package = mkOption { type = types.package; default = pkgs.vault; - defaultText = "pkgs.vault"; + defaultText = literalExpression "pkgs.vault"; description = "This option specifies the vault package to use."; }; diff --git a/nixos/modules/services/security/vaultwarden/default.nix b/nixos/modules/services/security/vaultwarden/default.nix index d28ea61e66aa1..5b951bc85ec0a 100644 --- a/nixos/modules/services/security/vaultwarden/default.nix +++ b/nixos/modules/services/security/vaultwarden/default.nix @@ -60,7 +60,7 @@ in { config = mkOption { type = attrsOf (nullOr (oneOf [ bool int str ])); default = {}; - example = literalExample '' + example = literalExpression '' { domain = "https://bw.domain.tld:8443"; signupsAllowed = true; @@ -106,14 +106,14 @@ in { package = mkOption { type = package; default = pkgs.vaultwarden; - defaultText = "pkgs.vaultwarden"; + defaultText = literalExpression "pkgs.vaultwarden"; description = "Vaultwarden package to use."; }; webVaultPackage = mkOption { type = package; default = pkgs.vaultwarden-vault; - defaultText = "pkgs.vaultwarden-vault"; + defaultText = literalExpression "pkgs.vaultwarden-vault"; description = "Web vault package to use."; }; }; diff --git a/nixos/modules/services/security/yubikey-agent.nix b/nixos/modules/services/security/yubikey-agent.nix index 2972c64a36413..8a2f98d0412d1 100644 --- a/nixos/modules/services/security/yubikey-agent.nix +++ b/nixos/modules/services/security/yubikey-agent.nix @@ -33,7 +33,7 @@ in package = mkOption { type = types.package; default = pkgs.yubikey-agent; - defaultText = "pkgs.yubikey-agent"; + defaultText = literalExpression "pkgs.yubikey-agent"; description = '' The package used for the yubikey-agent daemon. ''; |