summary refs log tree commit diff
path: root/nixos/modules/services/security
diff options
context:
space:
mode:
authorNaïm Favier <n@monade.li>2021-10-03 18:06:03 +0200
committerNaïm Favier <n@monade.li>2021-10-04 12:47:20 +0200
commit2ddc335e6f32b875e14ad9610101325b306a0add (patch)
tree2a4591c137cb363a6ec09f529d587a10aa7a0bc7 /nixos/modules/services/security
parent330b1e08b8df4e1f0100a0a7810ec3157749e5ee (diff)
nixos/doc: clean up defaults and examples
Diffstat (limited to 'nixos/modules/services/security')
-rw-r--r--nixos/modules/services/security/certmgr.nix4


-rw-r--r--nixos/modules/services/security/cfssl.nix4


-rw-r--r--nixos/modules/services/security/fail2ban.nix10


-rw-r--r--nixos/modules/services/security/fprintd.nix4


-rw-r--r--nixos/modules/services/security/haka.nix2


-rw-r--r--nixos/modules/services/security/hockeypuck.nix2


-rw-r--r--nixos/modules/services/security/nginx-sso.nix4


-rw-r--r--nixos/modules/services/security/oauth2_proxy.nix2


-rw-r--r--nixos/modules/services/security/privacyidea.nix1


-rw-r--r--nixos/modules/services/security/shibboleth-sp.nix2


-rw-r--r--nixos/modules/services/security/sks.nix4


-rw-r--r--nixos/modules/services/security/step-ca.nix1


-rw-r--r--nixos/modules/services/security/tor.nix3


-rw-r--r--nixos/modules/services/security/usbguard.nix2


-rw-r--r--nixos/modules/services/security/vault.nix2


-rw-r--r--nixos/modules/services/security/vaultwarden/default.nix6


-rw-r--r--nixos/modules/services/security/yubikey-agent.nix2


17 files changed, 28 insertions, 27 deletions
diff --git a/nixos/modules/services/security/certmgr.nix b/nixos/modules/services/security/certmgr.nix
index 94c0ba141179e..d302a4e000209 100644
--- a/nixos/modules/services/security/certmgr.nix
+++ b/nixos/modules/services/security/certmgr.nix
@@ -40,7 +40,7 @@ in
     package = mkOption {
       type = types.package;
       default = pkgs.certmgr;
-      defaultText = "pkgs.certmgr";
+      defaultText = literalExpression "pkgs.certmgr";
       description = "Which certmgr package to use in the service.";
     };
 
@@ -76,7 +76,7 @@ in
 
     specs = mkOption {
       default = {};
-      example = literalExample ''
+      example = literalExpression ''
       {
         exampleCert =
         let
diff --git a/nixos/modules/services/security/cfssl.nix b/nixos/modules/services/security/cfssl.nix
index ee6d5d91fe155..e5bed0a9987c0 100644
--- a/nixos/modules/services/security/cfssl.nix
+++ b/nixos/modules/services/security/cfssl.nix
@@ -27,13 +27,13 @@ in {
     };
 
     ca = mkOption {
-      defaultText = "\${cfg.dataDir}/ca.pem";
+      defaultText = literalExpression ''"''${cfg.dataDir}/ca.pem"'';
       type = types.str;
       description = "CA used to sign the new certificate -- accepts '[file:]fname' or 'env:varname'.";
     };
 
     caKey = mkOption {
-      defaultText = "file:\${cfg.dataDir}/ca-key.pem";
+      defaultText = literalExpression ''"file:''${cfg.dataDir}/ca-key.pem"'';
       type = types.str;
       description = "CA private key -- accepts '[file:]fname' or 'env:varname'.";
     };
diff --git a/nixos/modules/services/security/fail2ban.nix b/nixos/modules/services/security/fail2ban.nix
index 499d346675096..67e1026dcef4d 100644
--- a/nixos/modules/services/security/fail2ban.nix
+++ b/nixos/modules/services/security/fail2ban.nix
@@ -55,22 +55,24 @@ in
 
       package = mkOption {
         default = pkgs.fail2ban;
+        defaultText = literalExpression "pkgs.fail2ban";
         type = types.package;
-        example = "pkgs.fail2ban_0_11";
+        example = literalExpression "pkgs.fail2ban_0_11";
         description = "The fail2ban package to use for running the fail2ban service.";
       };
 
       packageFirewall = mkOption {
         default = pkgs.iptables;
+        defaultText = literalExpression "pkgs.iptables";
         type = types.package;
-        example = "pkgs.nftables";
+        example = literalExpression "pkgs.nftables";
         description = "The firewall package used by fail2ban service.";
       };
 
       extraPackages = mkOption {
         default = [];
         type = types.listOf types.package;
-        example = lib.literalExample "[ pkgs.ipset ]";
+        example = lib.literalExpression "[ pkgs.ipset ]";
         description = ''
           Extra packages to be made available to the fail2ban service. The example contains
           the packages needed by the `iptables-ipset-proto6` action.
@@ -202,7 +204,7 @@ in
 
       jails = mkOption {
         default = { };
-        example = literalExample ''
+        example = literalExpression ''
           { apache-nohome-iptables = '''
               # Block an IP address if it accesses a non-existent
               # home directory more than 5 times in 10 minutes,
diff --git a/nixos/modules/services/security/fprintd.nix b/nixos/modules/services/security/fprintd.nix
index fe0fba5b45d76..87c3f1f6f9e42 100644
--- a/nixos/modules/services/security/fprintd.nix
+++ b/nixos/modules/services/security/fprintd.nix
@@ -23,7 +23,7 @@ in
       package = mkOption {
         type = types.package;
         default = fprintdPkg;
-        defaultText = "if cfg.tod.enable then pkgs.fprintd-tod else pkgs.fprintd";
+        defaultText = literalExpression "if config.services.fprintd.tod.enable then pkgs.fprintd-tod else pkgs.fprintd";
         description = ''
           fprintd package to use.
         '';
@@ -35,7 +35,7 @@ in
 
         driver = mkOption {
           type = types.package;
-          example = literalExample "pkgs.libfprint-2-tod1-goodix";
+          example = literalExpression "pkgs.libfprint-2-tod1-goodix";
           description = ''
             Touch OEM Drivers (TOD) package to use.
           '';
diff --git a/nixos/modules/services/security/haka.nix b/nixos/modules/services/security/haka.nix
index 618e689924fd6..2cfc05f3033bb 100644
--- a/nixos/modules/services/security/haka.nix
+++ b/nixos/modules/services/security/haka.nix
@@ -59,7 +59,7 @@ in
 
       package = mkOption {
         default = pkgs.haka;
-        defaultText = "pkgs.haka";
+        defaultText = literalExpression "pkgs.haka";
         type = types.package;
         description = "
           Which Haka derivation to use.
diff --git a/nixos/modules/services/security/hockeypuck.nix b/nixos/modules/services/security/hockeypuck.nix
index 2e98624bb2eeb..d0e152934f508 100644
--- a/nixos/modules/services/security/hockeypuck.nix
+++ b/nixos/modules/services/security/hockeypuck.nix
@@ -18,7 +18,7 @@ in {
     settings = lib.mkOption {
       type = settingsFormat.type;
       default = { };
-      example = lib.literalExample ''
+      example = lib.literalExpression ''
         {
           hockeypuck = {
             loglevel = "INFO";
diff --git a/nixos/modules/services/security/nginx-sso.nix b/nixos/modules/services/security/nginx-sso.nix
index 50d250fc4d761..b4de1d36edd8d 100644
--- a/nixos/modules/services/security/nginx-sso.nix
+++ b/nixos/modules/services/security/nginx-sso.nix
@@ -13,7 +13,7 @@ in {
     package = mkOption {
       type = types.package;
       default = pkgs.nginx-sso;
-      defaultText = "pkgs.nginx-sso";
+      defaultText = literalExpression "pkgs.nginx-sso";
       description = ''
         The nginx-sso package that should be used.
       '';
@@ -22,7 +22,7 @@ in {
     configuration = mkOption {
       type = types.attrsOf types.unspecified;
       default = {};
-      example = literalExample ''
+      example = literalExpression ''
         {
           listen = { addr = "127.0.0.1"; port = 8080; };
 
diff --git a/nixos/modules/services/security/oauth2_proxy.nix b/nixos/modules/services/security/oauth2_proxy.nix
index e85fd4b75df4f..4d35624241708 100644
--- a/nixos/modules/services/security/oauth2_proxy.nix
+++ b/nixos/modules/services/security/oauth2_proxy.nix
@@ -91,7 +91,7 @@ in
     package = mkOption {
       type = types.package;
       default = pkgs.oauth2-proxy;
-      defaultText = "pkgs.oauth2-proxy";
+      defaultText = literalExpression "pkgs.oauth2-proxy";
       description = ''
         The package that provides oauth2-proxy.
       '';
diff --git a/nixos/modules/services/security/privacyidea.nix b/nixos/modules/services/security/privacyidea.nix
index 5f894d0fa691e..e78c4383e4bae 100644
--- a/nixos/modules/services/security/privacyidea.nix
+++ b/nixos/modules/services/security/privacyidea.nix
@@ -169,7 +169,6 @@ in
 
         configFile = mkOption {
           type = types.path;
-          default = "";
           description = ''
             Path to PrivacyIDEA LDAP Proxy configuration (proxy.ini).
           '';
diff --git a/nixos/modules/services/security/shibboleth-sp.nix b/nixos/modules/services/security/shibboleth-sp.nix
index 5908f727d5355..fea2a855e20f0 100644
--- a/nixos/modules/services/security/shibboleth-sp.nix
+++ b/nixos/modules/services/security/shibboleth-sp.nix
@@ -14,7 +14,7 @@ in {
 
       configFile = mkOption {
         type = types.path;
-        example = "${pkgs.shibboleth-sp}/etc/shibboleth/shibboleth2.xml";
+        example = literalExpression ''"''${pkgs.shibboleth-sp}/etc/shibboleth/shibboleth2.xml"'';
         description = "Path to shibboleth config file";
       };
 
diff --git a/nixos/modules/services/security/sks.nix b/nixos/modules/services/security/sks.nix
index a91060dc659a7..f4911597564b6 100644
--- a/nixos/modules/services/security/sks.nix
+++ b/nixos/modules/services/security/sks.nix
@@ -23,7 +23,7 @@ in {
 
       package = mkOption {
         default = pkgs.sks;
-        defaultText = "pkgs.sks";
+        defaultText = literalExpression "pkgs.sks";
         type = types.package;
         description = "Which SKS derivation to use.";
       };
@@ -74,7 +74,7 @@ in {
       webroot = mkOption {
         type = types.nullOr types.path;
         default = "${sksPkg.webSamples}/OpenPKG";
-        defaultText = "\${pkgs.sks.webSamples}/OpenPKG";
+        defaultText = literalExpression ''"''${package.webSamples}/OpenPKG"'';
         description = ''
           Source directory (will be symlinked, if not null) for the files the
           built-in webserver should serve. SKS (''${pkgs.sks.webSamples})
diff --git a/nixos/modules/services/security/step-ca.nix b/nixos/modules/services/security/step-ca.nix
index 64eee11f58805..2eccc30e4056a 100644
--- a/nixos/modules/services/security/step-ca.nix
+++ b/nixos/modules/services/security/step-ca.nix
@@ -13,6 +13,7 @@ in
       package = lib.mkOption {
         type = lib.types.package;
         default = pkgs.step-ca;
+        defaultText = lib.literalExpression "pkgs.step-ca";
         description = "Which step-ca package to use.";
       };
       address = lib.mkOption {
diff --git a/nixos/modules/services/security/tor.nix b/nixos/modules/services/security/tor.nix
index 1e1f443905d44..c94b248d5f101 100644
--- a/nixos/modules/services/security/tor.nix
+++ b/nixos/modules/services/security/tor.nix
@@ -232,8 +232,7 @@ in
       package = mkOption {
         type = types.package;
         default = pkgs.tor;
-        defaultText = "pkgs.tor";
-        example = literalExample "pkgs.tor";
+        defaultText = literalExpression "pkgs.tor";
         description = "Tor package to use.";
       };
 
diff --git a/nixos/modules/services/security/usbguard.nix b/nixos/modules/services/security/usbguard.nix
index 4cdb3a041b59d..201b37f17ba58 100644
--- a/nixos/modules/services/security/usbguard.nix
+++ b/nixos/modules/services/security/usbguard.nix
@@ -44,7 +44,7 @@ in
       package = mkOption {
         type = types.package;
         default = pkgs.usbguard;
-        defaultText = "pkgs.usbguard";
+        defaultText = literalExpression "pkgs.usbguard";
         description = ''
           The usbguard package to use. If you do not need the Qt GUI, use
           <literal>pkgs.usbguard-nox</literal> to save disk space.
diff --git a/nixos/modules/services/security/vault.nix b/nixos/modules/services/security/vault.nix
index 5a20f6413b1b7..b0ade62d97c9b 100644
--- a/nixos/modules/services/security/vault.nix
+++ b/nixos/modules/services/security/vault.nix
@@ -42,7 +42,7 @@ in
       package = mkOption {
         type = types.package;
         default = pkgs.vault;
-        defaultText = "pkgs.vault";
+        defaultText = literalExpression "pkgs.vault";
         description = "This option specifies the vault package to use.";
       };
 
diff --git a/nixos/modules/services/security/vaultwarden/default.nix b/nixos/modules/services/security/vaultwarden/default.nix
index d28ea61e66aa1..5b951bc85ec0a 100644
--- a/nixos/modules/services/security/vaultwarden/default.nix
+++ b/nixos/modules/services/security/vaultwarden/default.nix
@@ -60,7 +60,7 @@ in {
     config = mkOption {
       type = attrsOf (nullOr (oneOf [ bool int str ]));
       default = {};
-      example = literalExample ''
+      example = literalExpression ''
         {
           domain = "https://bw.domain.tld:8443";
           signupsAllowed = true;
@@ -106,14 +106,14 @@ in {
     package = mkOption {
       type = package;
       default = pkgs.vaultwarden;
-      defaultText = "pkgs.vaultwarden";
+      defaultText = literalExpression "pkgs.vaultwarden";
       description = "Vaultwarden package to use.";
     };
 
     webVaultPackage = mkOption {
       type = package;
       default = pkgs.vaultwarden-vault;
-      defaultText = "pkgs.vaultwarden-vault";
+      defaultText = literalExpression "pkgs.vaultwarden-vault";
       description = "Web vault package to use.";
     };
   };
diff --git a/nixos/modules/services/security/yubikey-agent.nix b/nixos/modules/services/security/yubikey-agent.nix
index 2972c64a36413..8a2f98d0412d1 100644
--- a/nixos/modules/services/security/yubikey-agent.nix
+++ b/nixos/modules/services/security/yubikey-agent.nix
@@ -33,7 +33,7 @@ in
       package = mkOption {
         type = types.package;
         default = pkgs.yubikey-agent;
-        defaultText = "pkgs.yubikey-agent";
+        defaultText = literalExpression "pkgs.yubikey-agent";
         description = ''
           The package used for the yubikey-agent daemon.
         '';

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-20 14:25:34 +0000