diff options
Diffstat (limited to 'nixos/modules/services/networking')
309 files changed, 4287 insertions, 2858 deletions
diff --git a/nixos/modules/services/networking/3proxy.nix b/nixos/modules/services/networking/3proxy.nix index ef695a7f49fa4..865916f7aff5f 100644 --- a/nixos/modules/services/networking/3proxy.nix +++ b/nixos/modules/services/networking/3proxy.nix @@ -6,11 +6,11 @@ let optionalList = list: if list == [ ] then "*" else concatMapStringsSep "," toString list; in { options.services._3proxy = { - enable = mkEnableOption (lib.mdDoc "3proxy"); + enable = mkEnableOption "3proxy"; confFile = mkOption { type = types.path; example = "/var/lib/3proxy/3proxy.conf"; - description = lib.mdDoc '' + description = '' Ignore all other 3proxy options and load configuration from this file. ''; }; @@ -18,7 +18,7 @@ in { type = types.nullOr types.path; default = null; example = "/var/lib/3proxy/3proxy.passwd"; - description = lib.mdDoc '' + description = '' Load users and passwords from this file. Example users file with plain-text passwords: @@ -55,7 +55,7 @@ in { "udppm" ]; example = "proxy"; - description = lib.mdDoc '' + description = '' Service type. The following values are valid: - `"proxy"`: HTTP/HTTPS proxy (default port 3128). @@ -72,7 +72,7 @@ in { type = types.str; default = "[::]"; example = "127.0.0.1"; - description = lib.mdDoc '' + description = '' Address used for service. ''; }; @@ -80,7 +80,7 @@ in { type = types.nullOr types.int; default = null; example = 3128; - description = lib.mdDoc '' + description = '' Override default port used for service. ''; }; @@ -88,14 +88,14 @@ in { type = types.int; default = 100; example = 1000; - description = lib.mdDoc '' + description = '' Maximum number of simulationeous connections to this service. ''; }; auth = mkOption { type = types.listOf (types.enum [ "none" "iponly" "strong" ]); example = [ "iponly" "strong" ]; - description = lib.mdDoc '' + description = '' Authentication type. The following values are valid: - `"none"`: disables both authentication and authorization. You can not use ACLs. @@ -128,7 +128,7 @@ in { rule = mkOption { type = types.enum [ "allow" "deny" ]; example = "allow"; - description = lib.mdDoc '' + description = '' ACL rule. The following values are valid: - `"allow"`: connections allowed. @@ -139,7 +139,7 @@ in { type = types.listOf types.str; default = [ ]; example = [ "user1" "user2" "user3" ]; - description = lib.mdDoc '' + description = '' List of users, use empty list for any. ''; }; @@ -147,7 +147,7 @@ in { type = types.listOf types.str; default = [ ]; example = [ "127.0.0.1" "192.168.1.0/24" ]; - description = lib.mdDoc '' + description = '' List of source IP range, use empty list for any. ''; }; @@ -155,7 +155,7 @@ in { type = types.listOf types.str; default = [ ]; example = [ "127.0.0.1" "192.168.1.0/24" ]; - description = lib.mdDoc '' + description = '' List of target IP ranges, use empty list for any. May also contain host names instead of addresses. It's possible to use wildmask in the beginning and in the the end of hostname, e.g. `*badsite.com` or `*badcontent*`. @@ -166,7 +166,7 @@ in { type = types.listOf types.int; default = [ ]; example = [ 80 443 ]; - description = lib.mdDoc '' + description = '' List of target ports, use empty list for any. ''; }; @@ -188,7 +188,7 @@ in { } ] ''; - description = lib.mdDoc '' + description = '' Use this option to limit user access to resources. ''; }; @@ -196,7 +196,7 @@ in { type = types.nullOr types.str; default = null; example = "-46"; - description = lib.mdDoc '' + description = '' Extra arguments for service. Consult "Options" section in [documentation](https://github.com/z3APA3A/3proxy/wiki/3proxy.cfg) for available arguments. ''; @@ -204,7 +204,7 @@ in { extraConfig = mkOption { type = types.nullOr types.lines; default = null; - description = lib.mdDoc '' + description = '' Extra configuration for service. Use this to configure things like bandwidth limiter or ACL-based redirection. Consult [documentation](https://github.com/z3APA3A/3proxy/wiki/3proxy.cfg) for available options. ''; @@ -234,14 +234,14 @@ in { } ] ''; - description = lib.mdDoc '' + description = '' Use this option to define 3proxy services. ''; }; denyPrivate = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to deny access to private IP ranges including loopback. ''; }; @@ -258,7 +258,7 @@ in { "::1" "fc00::/7" ]; - description = lib.mdDoc '' + description = '' What IP ranges to deny access when denyPrivate is set tu true. ''; }; @@ -269,7 +269,7 @@ in { type = types.listOf types.str; default = [ ]; example = [ "127.0.0.53" "192.168.1.3:5353/tcp" ]; - description = lib.mdDoc '' + description = '' List of nameservers to use. Up to 5 nservers may be specified. If no nserver is configured, @@ -279,12 +279,12 @@ in { nscache = mkOption { type = types.int; default = 65535; - description = lib.mdDoc "Set name cache size for IPv4."; + description = "Set name cache size for IPv4."; }; nscache6 = mkOption { type = types.int; default = 65535; - description = lib.mdDoc "Set name cache size for IPv6."; + description = "Set name cache size for IPv6."; }; nsrecord = mkOption { type = types.attrsOf types.str; @@ -295,19 +295,19 @@ in { "site.local" = "192.168.1.43"; } ''; - description = lib.mdDoc "Adds static nsrecords."; + description = "Adds static nsrecords."; }; }; }; default = { }; - description = lib.mdDoc '' + description = '' Use this option to configure name resolution and DNS caching. ''; }; extraConfig = mkOption { type = types.nullOr types.lines; default = null; - description = lib.mdDoc '' + description = '' Extra configuration, appended to the 3proxy configuration file. Consult [documentation](https://github.com/z3APA3A/3proxy/wiki/3proxy.cfg) for available options. ''; diff --git a/nixos/modules/services/networking/acme-dns.nix b/nixos/modules/services/networking/acme-dns.nix index 08fde65e4ca4e..08e0e1d173173 100644 --- a/nixos/modules/services/networking/acme-dns.nix +++ b/nixos/modules/services/networking/acme-dns.nix @@ -9,7 +9,6 @@ let format = pkgs.formats.toml { }; inherit (lib) literalExpression - mdDoc mkEnableOption mkOption mkPackageOption @@ -19,12 +18,12 @@ let in { options.services.acme-dns = { - enable = mkEnableOption (mdDoc "acme-dns"); + enable = mkEnableOption "acme-dns"; package = mkPackageOption pkgs "acme-dns" { }; settings = mkOption { - description = mdDoc '' + description = '' Free-form settings written directly to the `acme-dns.cfg` file. Refer to <https://github.com/joohoi/acme-dns/blob/master/README.md#configuration> for supported values. ''; @@ -37,38 +36,38 @@ in general = { listen = mkOption { type = types.str; - description = mdDoc "IP+port combination to bind and serve the DNS server on."; + description = "IP+port combination to bind and serve the DNS server on."; default = "[::]:53"; example = "127.0.0.1:53"; }; protocol = mkOption { type = types.enum [ "both" "both4" "both6" "udp" "udp4" "udp6" "tcp" "tcp4" "tcp6" ]; - description = mdDoc "Protocols to serve DNS responses on."; + description = "Protocols to serve DNS responses on."; default = "both"; }; domain = mkOption { type = types.str; - description = mdDoc "Domain name to serve the requests off of."; + description = "Domain name to serve the requests off of."; example = domain; }; nsname = mkOption { type = types.str; - description = mdDoc "Zone name server."; + description = "Zone name server."; example = domain; }; nsadmin = mkOption { type = types.str; - description = mdDoc "Zone admin email address for `SOA`."; + description = "Zone admin email address for `SOA`."; example = "admin.example.com"; }; records = mkOption { type = types.listOf types.str; - description = mdDoc "Predefined DNS records served in addition to the `_acme-challenge` TXT records."; + description = "Predefined DNS records served in addition to the `_acme-challenge` TXT records."; example = literalExpression '' [ # replace with your acme-dns server's public IPv4 @@ -85,12 +84,12 @@ in database = { engine = mkOption { type = types.enum [ "sqlite3" "postgres" ]; - description = mdDoc "Database engine to use."; + description = "Database engine to use."; default = "sqlite3"; }; connection = mkOption { type = types.str; - description = mdDoc "Database connection string."; + description = "Database connection string."; example = "postgres://user:password@localhost/acmedns"; default = "/var/lib/acme-dns/acme-dns.db"; }; @@ -99,14 +98,14 @@ in api = { ip = mkOption { type = types.str; - description = mdDoc "IP to bind the HTTP API on."; + description = "IP to bind the HTTP API on."; default = "[::]"; example = "127.0.0.1"; }; port = mkOption { type = types.port; - description = mdDoc "Listen port for the HTTP API."; + description = "Listen port for the HTTP API."; default = 8080; # acme-dns expects this value to be a string apply = toString; @@ -114,14 +113,14 @@ in disable_registration = mkOption { type = types.bool; - description = mdDoc "Whether to disable the HTTP registration endpoint."; + description = "Whether to disable the HTTP registration endpoint."; default = false; example = true; }; tls = mkOption { type = types.enum [ "letsencrypt" "letsencryptstaging" "cert" "none" ]; - description = mdDoc "TLS backend to use."; + description = "TLS backend to use."; default = "none"; }; }; @@ -130,7 +129,7 @@ in logconfig = { loglevel = mkOption { type = types.enum [ "error" "warning" "info" "debug" ]; - description = mdDoc "Level to log on."; + description = "Level to log on."; default = "info"; }; }; diff --git a/nixos/modules/services/networking/adguardhome.nix b/nixos/modules/services/networking/adguardhome.nix index 399d838ccc699..6958bcccf54cf 100644 --- a/nixos/modules/services/networking/adguardhome.nix +++ b/nixos/modules/services/networking/adguardhome.nix @@ -31,12 +31,12 @@ in ]; options.services.adguardhome = with types; { - enable = mkEnableOption (lib.mdDoc "AdGuard Home network-wide ad blocker"); + enable = mkEnableOption "AdGuard Home network-wide ad blocker"; openFirewall = mkOption { default = false; type = bool; - description = lib.mdDoc '' + description = '' Open ports in the firewall for the AdGuard Home web interface. Does not open the port needed to access the DNS resolver. ''; @@ -46,7 +46,7 @@ in default = cfg.settings.dhcp.enabled or false; defaultText = literalExpression ''config.services.adguardhome.settings.dhcp.enabled or false''; type = bool; - description = lib.mdDoc '' + description = '' Allows AdGuard Home to open raw sockets (`CAP_NET_RAW`), which is required for the integrated DHCP server. @@ -59,7 +59,7 @@ in mutableSettings = mkOption { default = true; type = bool; - description = lib.mdDoc '' + description = '' Allow changes made on the AdGuard Home web interface to persist between service restarts. ''; @@ -74,7 +74,7 @@ in default = pkgs.adguardhome.schema_version; defaultText = literalExpression "pkgs.adguardhome.schema_version"; type = int; - description = lib.mdDoc '' + description = '' Schema version for the configuration. Defaults to the `schema_version` supplied by `pkgs.adguardhome`. ''; @@ -82,20 +82,20 @@ in bind_host = mkOption { default = "0.0.0.0"; type = str; - description = lib.mdDoc '' + description = '' Host address to bind HTTP server to. ''; }; bind_port = mkOption { default = defaultBindPort; type = port; - description = lib.mdDoc '' + description = '' Port to serve HTTP pages on. ''; }; }; }); - description = lib.mdDoc '' + description = '' AdGuard Home configuration. Refer to <https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration#configuration-file> for details on supported values. @@ -115,7 +115,7 @@ in extraArgs = mkOption { default = [ ]; type = listOf str; - description = lib.mdDoc '' + description = '' Extra command line parameters to be passed to the adguardhome binary. ''; }; diff --git a/nixos/modules/services/networking/alice-lg.nix b/nixos/modules/services/networking/alice-lg.nix index fbf127d9410f6..dab2d38ca353a 100644 --- a/nixos/modules/services/networking/alice-lg.nix +++ b/nixos/modules/services/networking/alice-lg.nix @@ -9,14 +9,14 @@ in { options = { services.alice-lg = { - enable = mkEnableOption (lib.mdDoc "Alice Looking Glass"); + enable = mkEnableOption "Alice Looking Glass"; package = mkPackageOption pkgs "alice-lg" { }; settings = mkOption { type = settingsFormat.type; default = { }; - description = lib.mdDoc '' + description = '' alice-lg configuration, for configuration options see the example on [github](https://github.com/alice-lg/alice-lg/blob/main/etc/alice-lg/alice.example.conf) ''; example = literalExpression '' diff --git a/nixos/modules/services/networking/amuled.nix b/nixos/modules/services/networking/amuled.nix index 1cd543358196f..aa72a047526b0 100644 --- a/nixos/modules/services/networking/amuled.nix +++ b/nixos/modules/services/networking/amuled.nix @@ -19,7 +19,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to run the AMule daemon. You need to manually run "amuled --ec-config" to configure the service for the first time. ''; }; @@ -30,7 +30,7 @@ in defaultText = literalExpression '' "/home/''${config.${opt.user}}/" ''; - description = lib.mdDoc '' + description = '' The directory holding configuration, incoming and temporary files. ''; }; @@ -38,7 +38,7 @@ in user = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The user the AMule daemon should run as. ''; }; diff --git a/nixos/modules/services/networking/antennas.nix b/nixos/modules/services/networking/antennas.nix index c0e56890864a1..ef98af22f20f2 100644 --- a/nixos/modules/services/networking/antennas.nix +++ b/nixos/modules/services/networking/antennas.nix @@ -8,30 +8,30 @@ in { options = { services.antennas = { - enable = mkEnableOption (lib.mdDoc "Antennas"); + enable = mkEnableOption "Antennas"; tvheadendUrl = mkOption { type = types.str; default = "http://localhost:9981"; - description = lib.mdDoc "URL of Tvheadend."; + description = "URL of Tvheadend."; }; antennasUrl = mkOption { type = types.str; default = "http://127.0.0.1:5004"; - description = lib.mdDoc "URL of Antennas."; + description = "URL of Antennas."; }; tunerCount = mkOption { type = types.int; default = 6; - description = lib.mdDoc "Numbers of tuners in tvheadend."; + description = "Numbers of tuners in tvheadend."; }; deviceUUID = mkOption { type = types.str; default = "2f70c0d7-90a3-4429-8275-cbeeee9cd605"; - description = lib.mdDoc "Device tuner UUID. Change this if you are running multiple instances."; + description = "Device tuner UUID. Change this if you are running multiple instances."; }; }; }; diff --git a/nixos/modules/services/networking/aria2.nix b/nixos/modules/services/networking/aria2.nix index 1fb55b8367981..f32f5682c9801 100644 --- a/nixos/modules/services/networking/aria2.nix +++ b/nixos/modules/services/networking/aria2.nix @@ -31,7 +31,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether or not to enable the headless Aria2 daemon service. Aria2 daemon can be controlled via the RPC interface using @@ -44,7 +44,7 @@ in openPorts = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Open listen and RPC ports found in listenPortRange and rpcListenPort options in the firewall. ''; @@ -52,26 +52,26 @@ in downloadDir = mkOption { type = types.path; default = downloadDir; - description = lib.mdDoc '' + description = '' Directory to store downloaded files. ''; }; listenPortRange = mkOption { type = types.listOf types.attrs; default = [ { from = 6881; to = 6999; } ]; - description = lib.mdDoc '' + description = '' Set UDP listening port range used by DHT(IPv4, IPv6) and UDP tracker. ''; }; rpcListenPort = mkOption { type = types.int; default = 6800; - description = lib.mdDoc "Specify a port number for JSON-RPC/XML-RPC server to listen to. Possible Values: 1024-65535"; + description = "Specify a port number for JSON-RPC/XML-RPC server to listen to. Possible Values: 1024-65535"; }; rpcSecretFile = mkOption { type = types.path; example = "/run/secrets/aria2-rpc-token.txt"; - description = lib.mdDoc '' + description = '' A file containing the RPC secret authorization token. Read https://aria2.github.io/manual/en/html/aria2c.html#rpc-auth to know how this option value is used. ''; @@ -80,7 +80,7 @@ in type = types.separatedString " "; example = "--rpc-listen-all --remote-time=true"; default = ""; - description = lib.mdDoc '' + description = '' Additional arguments to be passed to Aria2. ''; }; diff --git a/nixos/modules/services/networking/asterisk.nix b/nixos/modules/services/networking/asterisk.nix index 78a69efc86af8..187dd5c3ccab3 100644 --- a/nixos/modules/services/networking/asterisk.nix +++ b/nixos/modules/services/networking/asterisk.nix @@ -59,7 +59,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the Asterisk PBX server. ''; }; @@ -72,7 +72,7 @@ in verbose=3 debug=3 ''; - description = lib.mdDoc '' + description = '' Extra configuration options appended to the default `asterisk.conf` file. ''; @@ -127,7 +127,7 @@ in '''; } ''; - description = lib.mdDoc '' + description = '' Sets the content of config files (typically ending with `.conf`) in the Asterisk configuration directory. @@ -148,7 +148,7 @@ in default = [ "ari.conf" "acl.conf" "agents.conf" "amd.conf" "calendar.conf" "cdr.conf" "cdr_syslog.conf" "cdr_custom.conf" "cel.conf" "cel_custom.conf" "cli_aliases.conf" "confbridge.conf" "dundi.conf" "features.conf" "hep.conf" "iax.conf" "pjsip.conf" "pjsip_wizard.conf" "phone.conf" "phoneprov.conf" "queues.conf" "res_config_sqlite3.conf" "res_parking.conf" "statsd.conf" "udptl.conf" "unistim.conf" ]; type = types.listOf types.str; example = [ "sip.conf" "dundi.conf" ]; - description = lib.mdDoc ''Sets these config files to the default content. The default value for + description = ''Sets these config files to the default content. The default value for this option contains all necesscary files to avoid errors at startup. This does not override settings via {option}`services.asterisk.confFiles`. ''; @@ -159,7 +159,7 @@ in type = types.listOf types.str; example = [ "-vvvddd" "-e" "1024" ]; - description = lib.mdDoc '' + description = '' Additional command line arguments to pass to Asterisk. ''; }; diff --git a/nixos/modules/services/networking/atftpd.nix b/nixos/modules/services/networking/atftpd.nix index e31b447e6c5b4..da5e305201f86 100644 --- a/nixos/modules/services/networking/atftpd.nix +++ b/nixos/modules/services/networking/atftpd.nix @@ -19,7 +19,7 @@ in enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to enable the atftpd TFTP server. By default, the server binds to address 0.0.0.0. ''; @@ -33,7 +33,7 @@ in "--verbose=7" ] ''; - description = lib.mdDoc '' + description = '' Extra command line arguments to pass to atftp. ''; }; @@ -41,7 +41,7 @@ in root = mkOption { default = "/srv/tftp"; type = types.path; - description = lib.mdDoc '' + description = '' Document root directory for the atftpd. ''; }; diff --git a/nixos/modules/services/networking/autossh.nix b/nixos/modules/services/networking/autossh.nix index ed9c07d9a1470..245f2bfc2cf38 100644 --- a/nixos/modules/services/networking/autossh.nix +++ b/nixos/modules/services/networking/autossh.nix @@ -22,18 +22,18 @@ in name = mkOption { type = types.str; example = "socks-peer"; - description = lib.mdDoc "Name of the local AutoSSH session"; + description = "Name of the local AutoSSH session"; }; user = mkOption { type = types.str; example = "bill"; - description = lib.mdDoc "Name of the user the AutoSSH session should run as"; + description = "Name of the user the AutoSSH session should run as"; }; monitoringPort = mkOption { type = types.int; default = 0; example = 20000; - description = lib.mdDoc '' + description = '' Port to be used by AutoSSH for peer monitoring. Note, that AutoSSH also uses mport+1. Value of 0 disables the keep-alive style monitoring @@ -42,7 +42,7 @@ in extraArguments = mkOption { type = types.separatedString " "; example = "-N -D4343 bill@socks.example.net"; - description = lib.mdDoc '' + description = '' Arguments to be passed to AutoSSH and retransmitted to SSH process. Some meaningful options include -N (don't run remote command), -D (open SOCKS proxy on local port), -R (forward @@ -54,7 +54,7 @@ in }); default = []; - description = lib.mdDoc '' + description = '' List of AutoSSH sessions to start as systemd services. Each service is named 'autossh-{session.name}'. ''; diff --git a/nixos/modules/services/networking/avahi-daemon.nix b/nixos/modules/services/networking/avahi-daemon.nix index 782681018116c..8bb8e71ec3fb3 100644 --- a/nixos/modules/services/networking/avahi-daemon.nix +++ b/nixos/modules/services/networking/avahi-daemon.nix @@ -49,7 +49,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to run the Avahi daemon, which allows Avahi clients to use Avahi's service discovery facilities and also allows the local machine to advertise its presence and services @@ -63,7 +63,7 @@ in type = types.str; default = config.networking.hostName; defaultText = literalExpression "config.networking.hostName"; - description = lib.mdDoc '' + description = '' Host name advertised on the LAN. If not set, avahi will use the value of {option}`config.networking.hostName`. ''; @@ -72,7 +72,7 @@ in domainName = mkOption { type = types.str; default = "local"; - description = lib.mdDoc '' + description = '' Domain name for all advertisements. ''; }; @@ -81,7 +81,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "0pointer.de" "zeroconf.org" ]; - description = lib.mdDoc '' + description = '' List of non-local DNS domains to be browsed. ''; }; @@ -89,19 +89,19 @@ in ipv4 = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to use IPv4."; + description = "Whether to use IPv4."; }; ipv6 = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to use IPv6."; + description = "Whether to use IPv6."; }; allowInterfaces = mkOption { type = types.nullOr (types.listOf types.str); default = null; - description = lib.mdDoc '' + description = '' List of network interfaces that should be used by the {command}`avahi-daemon`. Other interfaces will be ignored. If `null`, all local interfaces except loopback and point-to-point will be used. @@ -111,7 +111,7 @@ in denyInterfaces = mkOption { type = types.nullOr (types.listOf types.str); default = null; - description = lib.mdDoc '' + description = '' List of network interfaces that should be ignored by the {command}`avahi-daemon`. Other unspecified interfaces will be used, unless {option}`allowInterfaces` is set. This option takes precedence @@ -122,7 +122,7 @@ in openFirewall = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to open the firewall for UDP port 5353. Disabling this setting also disables discovering of network devices. ''; @@ -131,7 +131,7 @@ in allowPointToPoint = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to use POINTTOPOINT interfaces. Might make mDNS unreliable due to usually large latencies with such links and opens a potential security hole by allowing mDNS access from Internet connections. @@ -141,13 +141,13 @@ in wideArea = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to enable wide-area service discovery."; + description = "Whether to enable wide-area service discovery."; }; reflector = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Reflect incoming mDNS requests to all allowed network interfaces."; + description = "Reflect incoming mDNS requests to all allowed network interfaces."; }; extraServiceFiles = mkOption { @@ -169,7 +169,7 @@ in '''; } ''; - description = lib.mdDoc '' + description = '' Specify custom service definitions which are placed in the avahi service directory. See the {manpage}`avahi.service(5)` manpage for detailed information. ''; @@ -179,25 +179,25 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to allow publishing in general."; + description = "Whether to allow publishing in general."; }; userServices = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to publish user services. Will set `addresses=true`."; + description = "Whether to publish user services. Will set `addresses=true`."; }; addresses = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to register mDNS address records for all local IP addresses."; + description = "Whether to register mDNS address records for all local IP addresses."; }; hinfo = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to register a mDNS HINFO record which contains information about the local operating system and CPU. ''; @@ -206,7 +206,7 @@ in workstation = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to register a service of type "_workstation._tcp" on the local LAN. ''; }; @@ -214,14 +214,14 @@ in domain = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to announce the locally used domain name for browsing by other hosts."; + description = "Whether to announce the locally used domain name for browsing by other hosts."; }; }; nssmdns4 = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the mDNS NSS (Name Service Switch) plug-in for IPv4. Enabling it allows applications to resolve names in the `.local` domain by transparently querying the Avahi daemon. @@ -231,7 +231,7 @@ in nssmdns6 = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the mDNS NSS (Name Service Switch) plug-in for IPv6. Enabling it allows applications to resolve names in the `.local` domain by transparently querying the Avahi daemon. @@ -246,7 +246,7 @@ in cacheEntriesMax = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' Number of resource records to be cached per interface. Use 0 to disable caching. Avahi daemon defaults to 4096 if not set. ''; @@ -255,7 +255,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra config to append to avahi-daemon.conf. ''; }; diff --git a/nixos/modules/services/networking/babeld.nix b/nixos/modules/services/networking/babeld.nix index ff1ac6998ee98..5a3e92d9c813d 100644 --- a/nixos/modules/services/networking/babeld.nix +++ b/nixos/modules/services/networking/babeld.nix @@ -40,11 +40,11 @@ in services.babeld = { - enable = mkEnableOption (lib.mdDoc "the babeld network routing daemon"); + enable = mkEnableOption "the babeld network routing daemon"; interfaceDefaults = mkOption { default = null; - description = lib.mdDoc '' + description = '' A set describing default parameters for babeld interfaces. See {manpage}`babeld(8)` for options. ''; @@ -58,7 +58,7 @@ in interfaces = mkOption { default = {}; - description = lib.mdDoc '' + description = '' A set describing babeld interfaces. See {manpage}`babeld(8)` for options. ''; @@ -75,7 +75,7 @@ in extraConfig = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Options that will be copied to babeld.conf. See {manpage}`babeld(8)` for details. ''; diff --git a/nixos/modules/services/networking/bee.nix b/nixos/modules/services/networking/bee.nix index a4d20494bf6b9..da11ac9399abd 100644 --- a/nixos/modules/services/networking/bee.nix +++ b/nixos/modules/services/networking/bee.nix @@ -15,7 +15,7 @@ in { options = { services.bee = { - enable = mkEnableOption (lib.mdDoc "Ethereum Swarm Bee"); + enable = mkEnableOption "Ethereum Swarm Bee"; package = mkPackageOption pkgs "bee" { example = "bee-unstable"; @@ -23,7 +23,7 @@ in { settings = mkOption { type = format.type; - description = lib.mdDoc '' + description = '' Ethereum Swarm Bee configuration. Refer to <https://gateway.ethswarm.org/bzz/docs.swarm.eth/docs/installation/configuration/> for details on supported values. @@ -33,7 +33,7 @@ in { daemonNiceLevel = mkOption { type = types.int; default = 0; - description = lib.mdDoc '' + description = '' Daemon process priority for bee. 0 is the default Unix process priority, 19 is the lowest. ''; @@ -42,7 +42,7 @@ in { user = mkOption { type = types.str; default = "bee"; - description = lib.mdDoc '' + description = '' User the bee binary should execute under. ''; }; @@ -50,7 +50,7 @@ in { group = mkOption { type = types.str; default = "bee"; - description = lib.mdDoc '' + description = '' Group the bee binary should execute under. ''; }; diff --git a/nixos/modules/services/networking/biboumi.nix b/nixos/modules/services/networking/biboumi.nix index d44a46b35a29c..d92290626c316 100644 --- a/nixos/modules/services/networking/biboumi.nix +++ b/nixos/modules/services/networking/biboumi.nix @@ -15,10 +15,10 @@ in { options = { services.biboumi = { - enable = mkEnableOption (lib.mdDoc "the Biboumi XMPP gateway to IRC"); + enable = mkEnableOption "the Biboumi XMPP gateway to IRC"; settings = mkOption { - description = lib.mdDoc '' + description = '' See [biboumi 8.5](https://lab.louiz.org/louiz/biboumi/blob/8.5/doc/biboumi.1.rst) for documentation. ''; @@ -33,7 +33,7 @@ in default = []; example = ["admin@example.org"]; apply = concatStringsSep ":"; - description = lib.mdDoc '' + description = '' The bare JID of the gateway administrator. This JID will have more privileges than other standard users, for example some administration ad-hoc commands will only be available to that JID. @@ -42,7 +42,7 @@ in options.ca_file = mkOption { type = types.path; default = "/etc/ssl/certs/ca-certificates.crt"; - description = lib.mdDoc '' + description = '' Specifies which file should be used as the list of trusted CA when negotiating a TLS session. ''; @@ -50,7 +50,7 @@ in options.db_name = mkOption { type = with types; either path str; default = "${stateDir}/biboumi.sqlite"; - description = lib.mdDoc '' + description = '' The name of the database to use. ''; example = "postgresql://user:secret@localhost"; @@ -58,7 +58,7 @@ in options.hostname = mkOption { type = types.str; example = "biboumi.example.org"; - description = lib.mdDoc '' + description = '' The hostname served by the XMPP gateway. This domain must be configured in the XMPP server as an external component. @@ -68,21 +68,21 @@ in type = types.port; default = 113; example = 0; - description = lib.mdDoc '' + description = '' The TCP port on which to listen for identd queries. ''; }; options.log_level = mkOption { type = types.ints.between 0 3; default = 1; - description = lib.mdDoc '' + description = '' Indicate what type of log messages to write in the logs. 0 is debug, 1 is info, 2 is warning, 3 is error. ''; }; options.password = mkOption { type = with types; nullOr str; - description = lib.mdDoc '' + description = '' The password used to authenticate the XMPP component to your XMPP server. This password must be configured in the XMPP server, associated with the external component on @@ -95,7 +95,7 @@ in options.persistent_by_default = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether all rooms will be persistent by default: the value of the “persistent” option in the global configuration of each user will be “true”, but the value of each individual room will still @@ -107,7 +107,7 @@ in type = types.path; default = "${pkgs.biboumi}/etc/biboumi"; defaultText = literalExpression ''"''${pkgs.biboumi}/etc/biboumi"''; - description = lib.mdDoc '' + description = '' A directory that should contain the policy files, used to customize Botan’s behaviour when negotiating the TLS connections with the IRC servers. @@ -116,14 +116,14 @@ in options.port = mkOption { type = types.port; default = 5347; - description = lib.mdDoc '' + description = '' The TCP port to use to connect to the local XMPP component. ''; }; options.realname_customization = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether the users will be able to use the ad-hoc commands that lets them configure their realname and username. @@ -132,7 +132,7 @@ in options.realname_from_jid = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether the realname and username of each biboumi user will be extracted from their JID. Otherwise they will be set to the nick @@ -142,7 +142,7 @@ in options.xmpp_server_ip = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc '' + description = '' The IP address to connect to the XMPP server on. The connection to the XMPP server is unencrypted, so the biboumi instance and the server should @@ -154,7 +154,7 @@ in credentialsFile = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' Path to a configuration file to be merged with the settings. Beware not to surround "=" with spaces when setting biboumi's options in this file. Useful to merge a file which is better kept out of the Nix store @@ -165,7 +165,7 @@ in example = "/run/keys/biboumi.cfg"; }; - openFirewall = mkEnableOption (lib.mdDoc "opening of the identd port in the firewall"); + openFirewall = mkEnableOption "opening of the identd port in the firewall"; }; }; diff --git a/nixos/modules/services/networking/bind.nix b/nixos/modules/services/networking/bind.nix index da8633d5066f7..03c20f3fe3d36 100644 --- a/nixos/modules/services/networking/bind.nix +++ b/nixos/modules/services/networking/bind.nix @@ -17,28 +17,28 @@ let name = mkOption { type = types.str; default = name; - description = lib.mdDoc "Name of the zone."; + description = "Name of the zone."; }; master = mkOption { - description = lib.mdDoc "Master=false means slave server"; + description = "Master=false means slave server"; type = types.bool; }; file = mkOption { type = types.either types.str types.path; - description = lib.mdDoc "Zone file resource records contain columns of data, separated by whitespace, that define the record."; + description = "Zone file resource records contain columns of data, separated by whitespace, that define the record."; }; masters = mkOption { type = types.listOf types.str; - description = lib.mdDoc "List of servers for inclusion in stub and secondary zones."; + description = "List of servers for inclusion in stub and secondary zones."; }; slaves = mkOption { type = types.listOf types.str; - description = lib.mdDoc "Addresses who may request zone transfers."; + description = "Addresses who may request zone transfers."; default = [ ]; }; allowQuery = mkOption { type = types.listOf types.str; - description = lib.mdDoc '' + description = '' List of address ranges allowed to query this zone. Instead of the address(es), this may instead contain the single string "any". @@ -49,7 +49,7 @@ let }; extraConfig = mkOption { type = types.str; - description = lib.mdDoc "Extra zone config to be appended at the end of the zone section."; + description = "Extra zone config to be appended at the end of the zone section."; default = ""; }; }; @@ -115,15 +115,15 @@ in services.bind = { - enable = mkEnableOption (lib.mdDoc "BIND domain name server"); + enable = mkEnableOption "BIND domain name server"; package = mkPackageOption pkgs "bind" { }; cacheNetworks = mkOption { - default = [ "127.0.0.0/24" ]; + default = [ "127.0.0.0/24" "::1/128" ]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' What networks are allowed to use us as a resolver. Note that this is for recursive queries -- all networks are allowed to query zones configured with the `zones` option @@ -137,7 +137,7 @@ in blockedNetworks = mkOption { default = [ ]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' What networks are just blocked. ''; }; @@ -145,7 +145,7 @@ in ipv4Only = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Only use ipv4, even if the host supports ipv6. ''; }; @@ -154,7 +154,7 @@ in default = config.networking.nameservers; defaultText = literalExpression "config.networking.nameservers"; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' List of servers we should forward requests to. ''; }; @@ -162,7 +162,7 @@ in forward = mkOption { default = "first"; type = types.enum ["first" "only"]; - description = lib.mdDoc '' + description = '' Whether to forward 'first' (try forwarding but lookup directly if forwarding fails) or 'only'. ''; }; @@ -170,7 +170,7 @@ in listenOn = mkOption { default = [ "any" ]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' Interfaces to listen on. ''; }; @@ -178,7 +178,7 @@ in listenOnIpv6 = mkOption { default = [ "any" ]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' Ipv6 interfaces to listen on. ''; }; @@ -186,13 +186,13 @@ in directory = mkOption { type = types.str; default = "/run/named"; - description = lib.mdDoc "Working directory of BIND."; + description = "Working directory of BIND."; }; zones = mkOption { default = [ ]; type = with types; coercedTo (listOf attrs) bindZoneCoerce (attrsOf (types.submodule bindZoneOptions)); - description = lib.mdDoc '' + description = '' List of zones we claim authority over. ''; example = { @@ -209,7 +209,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra lines to be added verbatim to the generated named configuration file. ''; }; @@ -217,7 +217,7 @@ in extraOptions = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra lines to be added verbatim to the options section of the generated named configuration file. ''; @@ -227,7 +227,7 @@ in type = types.path; default = confFile; defaultText = literalExpression "confFile"; - description = lib.mdDoc '' + description = '' Overridable config file to use for named. By default, that generated by nixos. ''; diff --git a/nixos/modules/services/networking/bird-lg.nix b/nixos/modules/services/networking/bird-lg.nix index 1c59f7a6ae7c6..0c69b72fec10f 100644 --- a/nixos/modules/services/networking/bird-lg.nix +++ b/nixos/modules/services/networking/bird-lg.nix @@ -56,123 +56,123 @@ in user = mkOption { type = types.str; default = "bird-lg"; - description = lib.mdDoc "User to run the service."; + description = "User to run the service."; }; group = mkOption { type = types.str; default = "bird-lg"; - description = lib.mdDoc "Group to run the service."; + description = "Group to run the service."; }; frontend = { - enable = mkEnableOption (lib.mdDoc "Bird Looking Glass Frontend Webserver"); + enable = mkEnableOption "Bird Looking Glass Frontend Webserver"; listenAddress = mkOption { type = types.str; default = "127.0.0.1:5000"; - description = lib.mdDoc "Address to listen on."; + description = "Address to listen on."; }; proxyPort = mkOption { type = types.port; default = 8000; - description = lib.mdDoc "Port bird-lg-proxy is running on."; + description = "Port bird-lg-proxy is running on."; }; domain = mkOption { type = types.str; example = "dn42.lantian.pub"; - description = lib.mdDoc "Server name domain suffixes."; + description = "Server name domain suffixes."; }; servers = mkOption { type = types.listOf types.str; example = [ "gigsgigscloud" "hostdare" ]; - description = lib.mdDoc "Server name prefixes."; + description = "Server name prefixes."; }; whois = mkOption { type = types.str; default = "whois.verisign-grs.com"; - description = lib.mdDoc "Whois server for queries."; + description = "Whois server for queries."; }; dnsInterface = mkOption { type = types.str; default = "asn.cymru.com"; - description = lib.mdDoc "DNS zone to query ASN information."; + description = "DNS zone to query ASN information."; }; bgpMapInfo = mkOption { type = types.listOf types.str; default = [ "asn" "as-name" "ASName" "descr" ]; - description = lib.mdDoc "Information displayed in bgpmap."; + description = "Information displayed in bgpmap."; }; titleBrand = mkOption { type = types.str; default = "Bird-lg Go"; - description = lib.mdDoc "Prefix of page titles in browser tabs."; + description = "Prefix of page titles in browser tabs."; }; netSpecificMode = mkOption { type = types.str; default = ""; example = "dn42"; - description = lib.mdDoc "Apply network-specific changes for some networks."; + description = "Apply network-specific changes for some networks."; }; protocolFilter = mkOption { type = types.listOf types.str; default = [ ]; example = [ "ospf" ]; - description = lib.mdDoc "Information displayed in bgpmap."; + description = "Information displayed in bgpmap."; }; nameFilter = mkOption { type = types.str; default = ""; example = "^ospf"; - description = lib.mdDoc "Protocol names to hide in summary tables (RE2 syntax),"; + description = "Protocol names to hide in summary tables (RE2 syntax),"; }; timeout = mkOption { type = types.int; default = 120; - description = lib.mdDoc "Time before request timed out, in seconds."; + description = "Time before request timed out, in seconds."; }; navbar = { brand = mkOption { type = types.str; default = "Bird-lg Go"; - description = lib.mdDoc "Brand to show in the navigation bar ."; + description = "Brand to show in the navigation bar ."; }; brandURL = mkOption { type = types.str; default = "/"; - description = lib.mdDoc "URL of the brand to show in the navigation bar."; + description = "URL of the brand to show in the navigation bar."; }; allServers = mkOption { type = types.str; default = "ALL Servers"; - description = lib.mdDoc "Text of 'All server' button in the navigation bar."; + description = "Text of 'All server' button in the navigation bar."; }; allServersURL = mkOption { type = types.str; default = "all"; - description = lib.mdDoc "URL of 'All servers' button."; + description = "URL of 'All servers' button."; }; }; extraArgs = mkOption { type = with types; either lines (listOf str); default = [ ]; - description = lib.mdDoc '' + description = '' Extra parameters documented [here](https://github.com/xddxdd/bird-lg-go#frontend). :::{.note} @@ -183,25 +183,25 @@ in }; proxy = { - enable = mkEnableOption (lib.mdDoc "Bird Looking Glass Proxy"); + enable = mkEnableOption "Bird Looking Glass Proxy"; listenAddress = mkOption { type = types.str; default = "127.0.0.1:8000"; - description = lib.mdDoc "Address to listen on."; + description = "Address to listen on."; }; allowedIPs = mkOption { type = types.listOf types.str; default = [ ]; example = [ "192.168.25.52" "192.168.25.53" "192.168.0.0/24" ]; - description = lib.mdDoc "List of IPs or networks to allow (default all allowed)."; + description = "List of IPs or networks to allow (default all allowed)."; }; birdSocket = mkOption { type = types.str; default = "/var/run/bird/bird.ctl"; - description = lib.mdDoc "Bird control socket path."; + description = "Bird control socket path."; }; traceroute = { @@ -209,26 +209,26 @@ in type = types.str; default = "${pkgs.traceroute}/bin/traceroute"; defaultText = literalExpression ''"''${pkgs.traceroute}/bin/traceroute"''; - description = lib.mdDoc "Traceroute's binary path."; + description = "Traceroute's binary path."; }; flags = mkOption { type = with types; listOf str; default = [ ]; - description = lib.mdDoc "Flags for traceroute process"; + description = "Flags for traceroute process"; }; rawOutput = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Display traceroute output in raw format."; + description = "Display traceroute output in raw format."; }; }; extraArgs = mkOption { type = with types; either lines (listOf str); default = [ ]; - description = lib.mdDoc '' + description = '' Extra parameters documented [here](https://github.com/xddxdd/bird-lg-go#proxy). :::{.note} diff --git a/nixos/modules/services/networking/bird.nix b/nixos/modules/services/networking/bird.nix index e25f5c7b03794..01a5a48f1ed51 100644 --- a/nixos/modules/services/networking/bird.nix +++ b/nixos/modules/services/networking/bird.nix @@ -10,10 +10,10 @@ in ###### interface options = { services.bird2 = { - enable = mkEnableOption (lib.mdDoc "BIRD Internet Routing Daemon"); + enable = mkEnableOption "BIRD Internet Routing Daemon"; config = mkOption { type = types.lines; - description = lib.mdDoc '' + description = '' BIRD Internet Routing Daemon configuration file. <http://bird.network.cz/> ''; @@ -21,14 +21,14 @@ in autoReload = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether bird2 should be automatically reloaded when the configuration changes. ''; }; checkConfig = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether the config should be checked at build time. When the config can't be checked during build time, for example when it includes other files, either disable this option or use `preCheckConfig` to create @@ -41,7 +41,7 @@ in example = '' echo "cost 100;" > include.conf ''; - description = lib.mdDoc '' + description = '' Commands to execute before the config file check. The file to be checked will be available as `bird2.conf` in the current directory. diff --git a/nixos/modules/services/networking/birdwatcher.nix b/nixos/modules/services/networking/birdwatcher.nix index c8ebb22697643..4baab1e60a2d7 100644 --- a/nixos/modules/services/networking/birdwatcher.nix +++ b/nixos/modules/services/networking/birdwatcher.nix @@ -9,12 +9,12 @@ in options = { services.birdwatcher = { package = mkPackageOption pkgs "birdwatcher" { }; - enable = mkEnableOption (lib.mdDoc "Birdwatcher"); + enable = mkEnableOption "Birdwatcher"; flags = mkOption { default = [ ]; type = types.listOf types.str; example = [ "-worker-pool-size 16" "-6" ]; - description = lib.mdDoc '' + description = '' Flags to append to the program call ''; }; @@ -22,7 +22,7 @@ in settings = mkOption { type = types.lines; default = { }; - description = lib.mdDoc '' + description = '' birdwatcher configuration, for configuration options see the example on [github](https://github.com/alice-lg/birdwatcher/blob/master/etc/birdwatcher/birdwatcher.conf) ''; example = literalExpression '' diff --git a/nixos/modules/services/networking/bitcoind.nix b/nixos/modules/services/networking/bitcoind.nix index 59722e31c62ab..36cdcd49ea156 100644 --- a/nixos/modules/services/networking/bitcoind.nix +++ b/nixos/modules/services/networking/bitcoind.nix @@ -10,14 +10,14 @@ let name = mkOption { type = types.str; example = "alice"; - description = lib.mdDoc '' + description = '' Username for JSON-RPC connections. ''; }; passwordHMAC = mkOption { type = types.uniq (types.strMatching "[0-9a-f]+\\$[0-9a-f]{64}"); example = "f7efda5c189b999524f151318c0c86$d5b51b3beffbc02b724e5d095828e0bc8b2456e9ac8757ae3211a5d9b16a22ae"; - description = lib.mdDoc '' + description = '' Password HMAC-SHA-256 for JSON-RPC connections. Must be a string of the format \<SALT-HEX\>$\<HMAC-HEX\>. @@ -34,7 +34,7 @@ let bitcoindOpts = { config, lib, name, ...}: { options = { - enable = mkEnableOption (lib.mdDoc "Bitcoin daemon"); + enable = mkEnableOption "Bitcoin daemon"; package = mkPackageOption pkgs "bitcoind" { }; @@ -42,7 +42,7 @@ let type = types.nullOr types.path; default = null; example = "/var/lib/${name}/bitcoin.conf"; - description = lib.mdDoc "The configuration file path to supply bitcoind."; + description = "The configuration file path to supply bitcoind."; }; extraConfig = mkOption { @@ -53,32 +53,32 @@ let rpcthreads=16 logips=1 ''; - description = lib.mdDoc "Additional configurations to be appended to {file}`bitcoin.conf`."; + description = "Additional configurations to be appended to {file}`bitcoin.conf`."; }; dataDir = mkOption { type = types.path; default = "/var/lib/bitcoind-${name}"; - description = lib.mdDoc "The data directory for bitcoind."; + description = "The data directory for bitcoind."; }; user = mkOption { type = types.str; default = "bitcoind-${name}"; - description = lib.mdDoc "The user as which to run bitcoind."; + description = "The user as which to run bitcoind."; }; group = mkOption { type = types.str; default = config.user; - description = lib.mdDoc "The group as which to run bitcoind."; + description = "The group as which to run bitcoind."; }; rpc = { port = mkOption { type = types.nullOr types.port; default = null; - description = lib.mdDoc "Override the default port on which to listen for JSON-RPC connections."; + description = "Override the default port on which to listen for JSON-RPC connections."; }; users = mkOption { default = {}; @@ -89,33 +89,33 @@ let } ''; type = types.attrsOf (types.submodule rpcUserOpts); - description = lib.mdDoc "RPC user information for JSON-RPC connections."; + description = "RPC user information for JSON-RPC connections."; }; }; pidFile = mkOption { type = types.path; default = "${config.dataDir}/bitcoind.pid"; - description = lib.mdDoc "Location of bitcoind pid file."; + description = "Location of bitcoind pid file."; }; testnet = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to use the testnet instead of mainnet."; + description = "Whether to use the testnet instead of mainnet."; }; port = mkOption { type = types.nullOr types.port; default = null; - description = lib.mdDoc "Override the default port on which to listen for connections."; + description = "Override the default port on which to listen for connections."; }; dbCache = mkOption { type = types.nullOr (types.ints.between 4 16384); default = null; example = 4000; - description = lib.mdDoc "Override the default database cache size in MiB."; + description = "Override the default database cache size in MiB."; }; prune = mkOption { @@ -126,7 +126,7 @@ let ); default = null; example = 10000; - description = lib.mdDoc '' + description = '' Reduce storage requirements by enabling pruning (deleting) of old blocks. This allows the pruneblockchain RPC to be called to delete specific blocks, and enables automatic pruning of old blocks if a @@ -141,7 +141,7 @@ let extraCmdlineOptions = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' Extra command line options to pass to bitcoind. Run bitcoind --help to list all available options. ''; @@ -155,7 +155,7 @@ in services.bitcoind = mkOption { type = types.attrsOf (types.submodule bitcoindOpts); default = {}; - description = lib.mdDoc "Specification of one or more bitcoind instances."; + description = "Specification of one or more bitcoind instances."; }; }; diff --git a/nixos/modules/services/networking/bitlbee.nix b/nixos/modules/services/networking/bitlbee.nix index 146bffaa6edf8..20488e5f33fea 100644 --- a/nixos/modules/services/networking/bitlbee.nix +++ b/nixos/modules/services/networking/bitlbee.nix @@ -49,7 +49,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to run the BitlBee IRC to other chat network gateway. Running it allows you to access the MSN, Jabber, Yahoo! and ICQ chat networks via an IRC client. @@ -59,7 +59,7 @@ in interface = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc '' + description = '' The interface the BitlBee daemon will be listening to. If `127.0.0.1`, only clients on the local host can connect to it; if `0.0.0.0`, clients can access it from any network interface. @@ -69,7 +69,7 @@ in portNumber = mkOption { default = 6667; type = types.port; - description = lib.mdDoc '' + description = '' Number of the port BitlBee will be listening to. ''; }; @@ -77,7 +77,7 @@ in authBackend = mkOption { default = "storage"; type = types.enum [ "storage" "pam" ]; - description = lib.mdDoc '' + description = '' How users are authenticated storage -- save passwords internally pam -- Linux PAM authentication @@ -87,7 +87,7 @@ in authMode = mkOption { default = "Open"; type = types.enum [ "Open" "Closed" "Registered" ]; - description = lib.mdDoc '' + description = '' The following authentication modes are available: Open -- Accept connections from anyone, use NickServ for user authentication. Closed -- Require authorization (using the PASS command during login) before allowing the user to connect at all. @@ -98,7 +98,7 @@ in hostName = mkOption { default = ""; type = types.str; - description = lib.mdDoc '' + description = '' Normally, BitlBee gets a hostname using getsockname(). If you have a nicer alias for your BitlBee daemon, you can set it here and BitlBee will identify itself with that name instead. @@ -109,7 +109,7 @@ in type = types.listOf types.package; default = []; example = literalExpression "[ pkgs.bitlbee-facebook ]"; - description = lib.mdDoc '' + description = '' The list of bitlbee plugins to install. ''; }; @@ -118,7 +118,7 @@ in type = types.listOf types.package; default = []; example = literalExpression "[ pkgs.purple-matrix ]"; - description = lib.mdDoc '' + description = '' The list of libpurple plugins to install. ''; }; @@ -126,7 +126,7 @@ in configDir = mkOption { default = "/var/lib/bitlbee"; type = types.path; - description = lib.mdDoc '' + description = '' Specify an alternative directory to store all the per-user configuration files. ''; @@ -135,7 +135,7 @@ in protocols = mkOption { default = ""; type = types.str; - description = lib.mdDoc '' + description = '' This option allows to remove the support of protocol, even if compiled in. If nothing is given, there are no restrictions. ''; @@ -144,7 +144,7 @@ in extraSettings = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Will be inserted in the Settings section of the config file. ''; }; @@ -152,7 +152,7 @@ in extraDefaults = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Will be inserted in the Default section of the config file. ''; }; diff --git a/nixos/modules/services/networking/blockbook-frontend.nix b/nixos/modules/services/networking/blockbook-frontend.nix index bf476d814140a..504c98e9ab8e5 100644 --- a/nixos/modules/services/networking/blockbook-frontend.nix +++ b/nixos/modules/services/networking/blockbook-frontend.nix @@ -10,27 +10,27 @@ let options = { - enable = mkEnableOption (lib.mdDoc "blockbook-frontend application"); + enable = mkEnableOption "blockbook-frontend application"; package = mkPackageOption pkgs "blockbook" { }; user = mkOption { type = types.str; default = "blockbook-frontend-${name}"; - description = lib.mdDoc "The user as which to run blockbook-frontend-${name}."; + description = "The user as which to run blockbook-frontend-${name}."; }; group = mkOption { type = types.str; default = "${config.user}"; - description = lib.mdDoc "The group as which to run blockbook-frontend-${name}."; + description = "The group as which to run blockbook-frontend-${name}."; }; certFile = mkOption { type = types.nullOr types.path; default = null; example = "/etc/secrets/blockbook-frontend-${name}/certFile"; - description = lib.mdDoc '' + description = '' To enable SSL, specify path to the name of certificate files without extension. Expecting {file}`certFile.crt` and {file}`certFile.key`. ''; @@ -40,13 +40,13 @@ let type = with types; nullOr path; default = null; example = "${config.dataDir}/config.json"; - description = lib.mdDoc "Location of the blockbook configuration file."; + description = "Location of the blockbook configuration file."; }; coinName = mkOption { type = types.str; default = "Bitcoin"; - description = lib.mdDoc '' + description = '' See <https://github.com/trezor/blockbook/blob/master/bchain/coins/blockchain.go#L61> for current of coins supported in master (Note: may differ from release). ''; @@ -57,7 +57,7 @@ let default = "${config.package}/share/css/"; defaultText = literalExpression ''"''${package}/share/css/"''; example = literalExpression ''"''${dataDir}/static/css/"''; - description = lib.mdDoc '' + description = '' Location of the dir with {file}`main.css` CSS file. By default, the one shipped with the package is used. ''; @@ -66,56 +66,56 @@ let dataDir = mkOption { type = types.path; default = "/var/lib/blockbook-frontend-${name}"; - description = lib.mdDoc "Location of blockbook-frontend-${name} data directory."; + description = "Location of blockbook-frontend-${name} data directory."; }; debug = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Debug mode, return more verbose errors, reload templates on each request."; + description = "Debug mode, return more verbose errors, reload templates on each request."; }; internal = mkOption { type = types.nullOr types.str; default = ":9030"; - description = lib.mdDoc "Internal http server binding `[address]:port`."; + description = "Internal http server binding `[address]:port`."; }; messageQueueBinding = mkOption { type = types.str; default = "tcp://127.0.0.1:38330"; - description = lib.mdDoc "Message Queue Binding `address:port`."; + description = "Message Queue Binding `address:port`."; }; public = mkOption { type = types.nullOr types.str; default = ":9130"; - description = lib.mdDoc "Public http server binding `[address]:port`."; + description = "Public http server binding `[address]:port`."; }; rpc = { url = mkOption { type = types.str; default = "http://127.0.0.1"; - description = lib.mdDoc "URL for JSON-RPC connections."; + description = "URL for JSON-RPC connections."; }; port = mkOption { type = types.port; default = 8030; - description = lib.mdDoc "Port for JSON-RPC connections."; + description = "Port for JSON-RPC connections."; }; user = mkOption { type = types.str; default = "rpc"; - description = lib.mdDoc "Username for JSON-RPC connections."; + description = "Username for JSON-RPC connections."; }; password = mkOption { type = types.str; default = "rpc"; - description = lib.mdDoc '' + description = '' RPC password for JSON-RPC connections. Warning: this is stored in cleartext in the Nix store!!! Use `configFile` or `passwordFile` if needed. @@ -125,7 +125,7 @@ let passwordFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' File containing password of the RPC user. Note: This options is ignored when `configFile` is used. ''; @@ -135,7 +135,7 @@ let sync = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Synchronizes until tip, if together with zeromq, keeps index synchronized."; + description = "Synchronizes until tip, if together with zeromq, keeps index synchronized."; }; templateDir = mkOption { @@ -143,7 +143,7 @@ let default = "${config.package}/share/templates/"; defaultText = literalExpression ''"''${package}/share/templates/"''; example = literalExpression ''"''${dataDir}/templates/static/"''; - description = lib.mdDoc "Location of the HTML templates. By default, ones shipped with the package are used."; + description = "Location of the HTML templates. By default, ones shipped with the package are used."; }; extraConfig = mkOption { @@ -166,7 +166,7 @@ let "mempool_sub_workers" = 2; "block_addresses_to_keep" = 300; }''; - description = lib.mdDoc '' + description = '' Additional configurations to be appended to {file}`coin.conf`. Overrides any already defined configuration options. See <https://github.com/trezor/blockbook/tree/master/configs/coins> @@ -178,7 +178,7 @@ let type = types.listOf types.str; default = []; example = [ "-workers=1" "-dbcache=0" "-logtosderr" ]; - description = lib.mdDoc '' + description = '' Extra command line options to pass to Blockbook. Run blockbook --help to list all available options. ''; @@ -193,7 +193,7 @@ in services.blockbook-frontend = mkOption { type = types.attrsOf (types.submodule blockbookOpts); default = {}; - description = lib.mdDoc "Specification of one or more blockbook-frontend instances."; + description = "Specification of one or more blockbook-frontend instances."; }; }; diff --git a/nixos/modules/services/networking/blocky.nix b/nixos/modules/services/networking/blocky.nix index 30a41fa6a421d..b98c8b7bdb730 100644 --- a/nixos/modules/services/networking/blocky.nix +++ b/nixos/modules/services/networking/blocky.nix @@ -10,12 +10,12 @@ let in { options.services.blocky = { - enable = mkEnableOption (lib.mdDoc "blocky, a fast and lightweight DNS proxy as ad-blocker for local network with many features"); + enable = mkEnableOption "blocky, a fast and lightweight DNS proxy as ad-blocker for local network with many features"; settings = mkOption { type = format.type; default = { }; - description = lib.mdDoc '' + description = '' Blocky configuration. Refer to <https://0xerr0r.github.io/blocky/configuration/> for details on supported values. diff --git a/nixos/modules/services/networking/centrifugo.nix b/nixos/modules/services/networking/centrifugo.nix index 7c6c9a362fd20..65df02513d6e8 100644 --- a/nixos/modules/services/networking/centrifugo.nix +++ b/nixos/modules/services/networking/centrifugo.nix @@ -8,14 +8,14 @@ let in { options.services.centrifugo = { - enable = lib.mkEnableOption (lib.mdDoc "Centrifugo messaging server"); + enable = lib.mkEnableOption "Centrifugo messaging server"; package = lib.mkPackageOption pkgs "centrifugo" { }; settings = lib.mkOption { type = settingsFormat.type; default = { }; - description = lib.mdDoc '' + description = '' Declarative Centrifugo configuration. See the [Centrifugo documentation] for a list of options. @@ -29,7 +29,7 @@ in example = { CENTRIFUGO_UNI_GRPC_TLS_KEY = "/run/keys/centrifugo-uni-grpc-tls.key"; }; - description = lib.mdDoc '' + description = '' Environment variables with absolute paths to credentials files to load on service startup. ''; @@ -38,7 +38,7 @@ in environmentFiles = lib.mkOption { type = lib.types.listOf lib.types.path; default = [ ]; - description = lib.mdDoc '' + description = '' Files to load environment variables from. Options set via environment variables take precedence over {option}`settings`. @@ -53,7 +53,7 @@ in type = lib.types.listOf lib.types.str; default = [ ]; example = [ "redis-centrifugo" ]; - description = lib.mdDoc '' + description = '' Additional groups for the systemd service. ''; }; diff --git a/nixos/modules/services/networking/cgit.nix b/nixos/modules/services/networking/cgit.nix index 3de2eb192ed14..0ccbef756812e 100644 --- a/nixos/modules/services/networking/cgit.nix +++ b/nixos/modules/services/networking/cgit.nix @@ -96,30 +96,30 @@ in { options = { services.cgit = mkOption { - description = mdDoc "Configure cgit instances."; + description = "Configure cgit instances."; default = {}; type = types.attrsOf (types.submodule ({ config, ... }: { options = { - enable = mkEnableOption (mdDoc "cgit"); + enable = mkEnableOption "cgit"; package = mkPackageOption pkgs "cgit" {}; nginx.virtualHost = mkOption { - description = mdDoc "VirtualHost to serve cgit on, defaults to the attribute name."; + description = "VirtualHost to serve cgit on, defaults to the attribute name."; type = types.str; default = config._module.args.name; example = "git.example.com"; }; nginx.location = mkOption { - description = mdDoc "Location to serve cgit under."; + description = "Location to serve cgit under."; type = types.str; default = "/"; example = "/git/"; }; repos = mkOption { - description = mdDoc "cgit repository settings, see cgitrc(5)"; + description = "cgit repository settings, see cgitrc(5)"; type = with types; attrsOf (attrsOf settingType); default = {}; example = { @@ -131,14 +131,14 @@ in }; scanPath = mkOption { - description = mdDoc "A path which will be scanned for repositories."; + description = "A path which will be scanned for repositories."; type = types.nullOr types.path; default = null; example = "/var/lib/git"; }; settings = mkOption { - description = mdDoc "cgit configuration, see cgitrc(5)"; + description = "cgit configuration, see cgitrc(5)"; type = types.attrsOf settingType; default = {}; example = literalExpression '' @@ -150,7 +150,7 @@ in }; extraConfig = mkOption { - description = mdDoc "These lines go to the end of cgitrc verbatim."; + description = "These lines go to the end of cgitrc verbatim."; type = types.lines; default = ""; }; diff --git a/nixos/modules/services/networking/charybdis.nix b/nixos/modules/services/networking/charybdis.nix index 6eacdde7bb93e..6aaad823702ca 100644 --- a/nixos/modules/services/networking/charybdis.nix +++ b/nixos/modules/services/networking/charybdis.nix @@ -18,11 +18,11 @@ in services.charybdis = { - enable = mkEnableOption (lib.mdDoc "Charybdis IRC daemon"); + enable = mkEnableOption "Charybdis IRC daemon"; config = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Charybdis IRC daemon configuration file. ''; }; @@ -30,7 +30,7 @@ in statedir = mkOption { type = types.path; default = "/var/lib/charybdis"; - description = lib.mdDoc '' + description = '' Location of the state directory of charybdis. ''; }; @@ -38,7 +38,7 @@ in user = mkOption { type = types.str; default = "ircd"; - description = lib.mdDoc '' + description = '' Charybdis IRC daemon user. ''; }; @@ -46,7 +46,7 @@ in group = mkOption { type = types.str; default = "ircd"; - description = lib.mdDoc '' + description = '' Charybdis IRC daemon group. ''; }; @@ -54,7 +54,7 @@ in motd = mkOption { type = types.nullOr types.lines; default = null; - description = lib.mdDoc '' + description = '' Charybdis MOTD text. Charybdis will read its MOTD from /etc/charybdis/ircd.motd . diff --git a/nixos/modules/services/networking/chisel-server.nix b/nixos/modules/services/networking/chisel-server.nix index 134c71430cd07..9c6391701fafc 100644 --- a/nixos/modules/services/networking/chisel-server.nix +++ b/nixos/modules/services/networking/chisel-server.nix @@ -8,42 +8,42 @@ let in { options = { services.chisel-server = { - enable = mkEnableOption (mdDoc "Chisel Tunnel Server"); + enable = mkEnableOption "Chisel Tunnel Server"; host = mkOption { - description = mdDoc "Address to listen on, falls back to 0.0.0.0"; + description = "Address to listen on, falls back to 0.0.0.0"; type = with types; nullOr str; default = null; example = "[::1]"; }; port = mkOption { - description = mdDoc "Port to listen on, falls back to 8080"; + description = "Port to listen on, falls back to 8080"; type = with types; nullOr port; default = null; }; authfile = mkOption { - description = mdDoc "Path to auth.json file"; + description = "Path to auth.json file"; type = with types; nullOr path; default = null; }; keepalive = mkOption { - description = mdDoc "Keepalive interval, falls back to 25s"; + description = "Keepalive interval, falls back to 25s"; type = with types; nullOr str; default = null; example = "5s"; }; backend = mkOption { - description = mdDoc "HTTP server to proxy normal requests to"; + description = "HTTP server to proxy normal requests to"; type = with types; nullOr str; default = null; example = "http://127.0.0.1:8888"; }; socks5 = mkOption { - description = mdDoc "Allow clients access to internal SOCKS5 proxy"; + description = "Allow clients access to internal SOCKS5 proxy"; type = types.bool; default = false; }; reverse = mkOption { - description = mdDoc "Allow clients reverse port forwarding"; + description = "Allow clients reverse port forwarding"; type = types.bool; default = false; }; diff --git a/nixos/modules/services/networking/cjdns.nix b/nixos/modules/services/networking/cjdns.nix index 80085da92702c..f50031eb2ec4e 100644 --- a/nixos/modules/services/networking/cjdns.nix +++ b/nixos/modules/services/networking/cjdns.nix @@ -13,27 +13,27 @@ let { options = { password = mkOption { type = types.str; - description = lib.mdDoc "Authorized password to the opposite end of the tunnel."; + description = "Authorized password to the opposite end of the tunnel."; }; login = mkOption { default = ""; type = types.str; - description = lib.mdDoc "(optional) name your peer has for you"; + description = "(optional) name your peer has for you"; }; peerName = mkOption { default = ""; type = types.str; - description = lib.mdDoc "(optional) human-readable name for peer"; + description = "(optional) human-readable name for peer"; }; publicKey = mkOption { type = types.str; - description = lib.mdDoc "Public key at the opposite end of the tunnel."; + description = "Public key at the opposite end of the tunnel."; }; hostname = mkOption { default = ""; example = "foobar.hype"; type = types.str; - description = lib.mdDoc "Optional hostname to add to /etc/hosts; prevents reverse lookup failures."; + description = "Optional hostname to add to /etc/hosts; prevents reverse lookup failures."; }; }; }; @@ -87,7 +87,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the cjdns network encryption and routing engine. A file at /etc/cjdns.keys will be created if it does not exist to contain a random @@ -99,7 +99,7 @@ in type = types.attrs; default = {}; example = { router.interface.tunDevice = "tun10"; }; - description = lib.mdDoc '' + description = '' Extra configuration, given as attrs, that will be merged recursively with the rest of the JSON generated by this module, at the root node. ''; @@ -109,7 +109,7 @@ in type = types.nullOr types.path; default = null; example = "/etc/cjdroute.conf"; - description = lib.mdDoc '' + description = '' Ignore all other cjdns options and load configuration from this file. ''; }; @@ -122,7 +122,7 @@ in "z9md3t4p45mfrjzdjurxn4wuj0d8swv" "49275fut6tmzu354pq70sr5b95qq0vj" ]; - description = lib.mdDoc '' + description = '' Any remote cjdns nodes that offer these passwords on connection will be allowed to route through this node. ''; @@ -132,7 +132,7 @@ in bind = mkOption { type = types.str; default = "127.0.0.1:11234"; - description = lib.mdDoc '' + description = '' Bind the administration port to this address and port. ''; }; @@ -143,7 +143,7 @@ in type = types.str; default = ""; example = "192.168.1.32:43211"; - description = lib.mdDoc '' + description = '' Address and port to bind UDP tunnels to. ''; }; @@ -159,7 +159,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' Credentials for making UDP tunnels. ''; }; @@ -170,8 +170,7 @@ in type = types.str; default = ""; example = "eth0"; - description = - lib.mdDoc '' + description = '' Bind to this device for native ethernet operation. `all` is a pseudo-name which will try to connect to all devices. ''; @@ -180,7 +179,7 @@ in beacon = mkOption { type = types.int; default = 2; - description = lib.mdDoc '' + description = '' Auto-connect to other cjdns nodes on the same network. Options: 0: Disabled. @@ -206,7 +205,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' Credentials for connecting look similar to UDP credientials except they begin with the mac address. ''; @@ -216,7 +215,7 @@ in addExtraHosts = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to add cjdns peers with an associated hostname to {file}`/etc/hosts`. Beware that enabling this incurs heavy eval-time costs. @@ -246,12 +245,8 @@ in shopt -s lastpipe ${pkg}/bin/makekeys | { read private ipv6 public; } - umask 0077 - echo "CJDNS_PRIVATE_KEY=$private" >> /etc/cjdns.keys - echo -e "CJDNS_IPV6=$ipv6\nCJDNS_PUBLIC_KEY=$public" > /etc/cjdns.public - - chmod 600 /etc/cjdns.keys - chmod 444 /etc/cjdns.public + install -m 600 <(echo "CJDNS_PRIVATE_KEY=$private") /etc/cjdns.keys + install -m 444 <(echo -e "CJDNS_IPV6=$ipv6\nCJDNS_PUBLIC_KEY=$public") /etc/cjdns.public fi if [ -z "$CJDNS_ADMIN_PASSWORD" ]; then diff --git a/nixos/modules/services/networking/cloudflare-dyndns.nix b/nixos/modules/services/networking/cloudflare-dyndns.nix index 627fdb880a67f..ab5b1a08539a5 100644 --- a/nixos/modules/services/networking/cloudflare-dyndns.nix +++ b/nixos/modules/services/networking/cloudflare-dyndns.nix @@ -8,12 +8,12 @@ in { options = { services.cloudflare-dyndns = { - enable = mkEnableOption (lib.mdDoc "Cloudflare Dynamic DNS Client"); + enable = mkEnableOption "Cloudflare Dynamic DNS Client"; apiTokenFile = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The path to a file containing the CloudFlare API token. The file must have the form `CLOUDFLARE_API_TOKEN=...` @@ -23,7 +23,7 @@ in domains = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc '' + description = '' List of domain names to update records for. ''; }; @@ -31,7 +31,7 @@ in proxied = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether this is a DNS-only record, or also being proxied through CloudFlare. ''; }; @@ -39,7 +39,7 @@ in ipv4 = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable setting IPv4 A records. ''; }; @@ -47,7 +47,7 @@ in ipv6 = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable setting IPv6 AAAA records. ''; }; @@ -55,7 +55,7 @@ in deleteMissing = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to delete the record when no IP address is found. ''; }; diff --git a/nixos/modules/services/networking/cloudflared.nix b/nixos/modules/services/networking/cloudflared.nix index b9556bfa60d06..60f6b7c466892 100644 --- a/nixos/modules/services/networking/cloudflared.nix +++ b/nixos/modules/services/networking/cloudflared.nix @@ -10,8 +10,8 @@ let type = with types; nullOr str; default = null; example = "30s"; - description = lib.mdDoc '' - Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by [https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/local-management/ingress/#tlstimeout](tlsTimeout). + description = '' + Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by [tlsTimeout](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/local-management/ingress/#tlstimeout). ''; }; @@ -19,7 +19,7 @@ let type = with types; nullOr str; default = null; example = "10s"; - description = lib.mdDoc '' + description = '' Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server. ''; }; @@ -28,7 +28,7 @@ let type = with types; nullOr str; default = null; example = "30s"; - description = lib.mdDoc '' + description = '' The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server. ''; }; @@ -37,7 +37,7 @@ let type = with types; nullOr bool; default = null; example = false; - description = lib.mdDoc '' + description = '' Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols. ''; }; @@ -46,7 +46,7 @@ let type = with types; nullOr int; default = null; example = 100; - description = lib.mdDoc '' + description = '' Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections. ''; }; @@ -55,7 +55,7 @@ let type = with types; nullOr str; default = null; example = "1m30s"; - description = lib.mdDoc '' + description = '' Timeout after which an idle keepalive connection can be discarded. ''; }; @@ -64,7 +64,7 @@ let type = with types; nullOr str; default = null; example = ""; - description = lib.mdDoc '' + description = '' Sets the HTTP `Host` header on requests sent to the local service. ''; }; @@ -73,7 +73,7 @@ let type = with types; nullOr str; default = null; example = ""; - description = lib.mdDoc '' + description = '' Hostname that `cloudflared` should expect from your origin server certificate. ''; }; @@ -82,7 +82,7 @@ let type = with types; nullOr (either str path); default = null; example = ""; - description = lib.mdDoc '' + description = '' Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare. ''; }; @@ -91,7 +91,7 @@ let type = with types; nullOr bool; default = null; example = false; - description = lib.mdDoc '' + description = '' Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted. ''; }; @@ -100,7 +100,7 @@ let type = with types; nullOr bool; default = null; example = false; - description = lib.mdDoc '' + description = '' Disables chunked transfer encoding. Useful if you are running a WSGI server. ''; }; @@ -109,7 +109,7 @@ let type = with types; nullOr str; default = null; example = "127.0.0.1"; - description = lib.mdDoc '' + description = '' `cloudflared` starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures the listen address for that proxy. ''; }; @@ -118,7 +118,7 @@ let type = with types; nullOr int; default = null; example = 0; - description = lib.mdDoc '' + description = '' `cloudflared` starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures the listen port for that proxy. If set to zero, an unused port will randomly be chosen. ''; }; @@ -127,7 +127,7 @@ let type = with types; nullOr (enum [ "" "socks" ]); default = null; example = ""; - description = lib.mdDoc '' + description = '' `cloudflared` starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are: - `""` for the regular proxy @@ -138,24 +138,24 @@ let in { options.services.cloudflared = { - enable = mkEnableOption (lib.mdDoc "Cloudflare Tunnel client daemon (formerly Argo Tunnel)"); + enable = mkEnableOption "Cloudflare Tunnel client daemon (formerly Argo Tunnel)"; user = mkOption { type = types.str; default = "cloudflared"; - description = lib.mdDoc "User account under which Cloudflared runs."; + description = "User account under which Cloudflared runs."; }; group = mkOption { type = types.str; default = "cloudflared"; - description = lib.mdDoc "Group under which cloudflared runs."; + description = "Group under which cloudflared runs."; }; package = mkPackageOption pkgs "cloudflared" { }; tunnels = mkOption { - description = lib.mdDoc '' + description = '' Cloudflare tunnels. ''; type = types.attrsOf (types.submodule ({ name, ... }: { @@ -164,7 +164,7 @@ in credentialsFile = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Credential file. See [https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-useful-terms/#credentials-file](Credentials file). @@ -175,7 +175,7 @@ in enabled = mkOption { type = with types; nullOr bool; default = null; - description = lib.mdDoc '' + description = '' Enable warp routing. See [https://developers.cloudflare.com/cloudflare-one/tutorials/warp-to-tunnel/](Connect from WARP to a private network on Cloudflare using Cloudflare Tunnel). @@ -185,7 +185,7 @@ in default = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Catch-all service if no ingress matches. See `service`. @@ -201,7 +201,7 @@ in service = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Service to pass the traffic. See [https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/local-management/ingress/#supported-protocols](Supported protocols). @@ -212,7 +212,7 @@ in path = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Path filter. If not specified, all paths will be matched. @@ -223,7 +223,7 @@ in }; }))); default = { }; - description = lib.mdDoc '' + description = '' Ingress rules. See [https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/local-management/ingress/](Ingress rules). diff --git a/nixos/modules/services/networking/cntlm.nix b/nixos/modules/services/networking/cntlm.nix index 41510a8f074d2..16e9c3bb87b5c 100644 --- a/nixos/modules/services/networking/cntlm.nix +++ b/nixos/modules/services/networking/cntlm.nix @@ -33,37 +33,37 @@ in options.services.cntlm = { - enable = mkEnableOption (lib.mdDoc "cntlm, which starts a local proxy"); + enable = mkEnableOption "cntlm, which starts a local proxy"; username = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Proxy account name, without the possibility to include domain name ('at' sign is interpreted literally). ''; }; domain = mkOption { type = types.str; - description = lib.mdDoc "Proxy account domain/workgroup name."; + description = "Proxy account domain/workgroup name."; }; password = mkOption { default = "/etc/cntlm.password"; type = types.str; - description = lib.mdDoc "Proxy account password. Note: use chmod 0600 on /etc/cntlm.password for security."; + description = "Proxy account password. Note: use chmod 0600 on /etc/cntlm.password for security."; }; netbios_hostname = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' The hostname of your machine. ''; }; proxy = mkOption { type = types.listOf types.str; - description = lib.mdDoc '' + description = '' A list of NTLM/NTLMv2 authenticating HTTP proxies. Parent proxy, which requires authentication. The same as proxy on the command-line, can be used more than once to specify unlimited @@ -74,7 +74,7 @@ in }; noproxy = mkOption { - description = lib.mdDoc '' + description = '' A list of domains where the proxy is skipped. ''; default = []; @@ -85,19 +85,19 @@ in port = mkOption { default = [3128]; type = types.listOf types.port; - description = lib.mdDoc "Specifies on which ports the cntlm daemon listens."; + description = "Specifies on which ports the cntlm daemon listens."; }; extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Additional config appended to the end of the generated {file}`cntlm.conf`."; + description = "Additional config appended to the end of the generated {file}`cntlm.conf`."; }; configText = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Verbatim contents of {file}`cntlm.conf`."; + description = "Verbatim contents of {file}`cntlm.conf`."; }; }; diff --git a/nixos/modules/services/networking/connman.nix b/nixos/modules/services/networking/connman.nix index c626945ccd0c0..39bc348dd00f1 100644 --- a/nixos/modules/services/networking/connman.nix +++ b/nixos/modules/services/networking/connman.nix @@ -23,14 +23,14 @@ in { enable = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to use ConnMan for managing your network connections. ''; }; package = lib.mkOption { type = lib.types.package; - description = lib.mdDoc "The connman package / build flavor"; + description = "The connman package / build flavor"; default = pkgs.connman; defaultText = lib.literalExpression "pkgs.connman"; example = lib.literalExpression "pkgs.connmanFull"; @@ -39,7 +39,7 @@ in { enableVPN = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable ConnMan VPN service. ''; }; @@ -47,7 +47,7 @@ in { extraConfig = lib.mkOption { type = lib.types.lines; default = ""; - description = lib.mdDoc '' + description = '' Configuration lines appended to the generated connman configuration file. ''; }; @@ -55,7 +55,7 @@ in { networkInterfaceBlacklist = lib.mkOption { type = with lib.types; listOf str; default = [ "vmnet" "vboxnet" "virbr" "ifb" "ve" ]; - description = lib.mdDoc '' + description = '' Default blacklisted interfaces, this includes NixOS containers interfaces (ve). ''; }; @@ -64,7 +64,7 @@ in { backend = lib.mkOption { type = lib.types.enum [ "wpa_supplicant" "iwd" ]; default = "wpa_supplicant"; - description = lib.mdDoc '' + description = '' Specify the Wi-Fi backend used. Currently supported are {option}`wpa_supplicant` or {option}`iwd`. ''; @@ -75,7 +75,7 @@ in { type = with lib.types; listOf str; default = [ ]; example = [ "--nodnsproxy" ]; - description = lib.mdDoc '' + description = '' Extra flags to pass to connmand ''; }; diff --git a/nixos/modules/services/networking/consul.nix b/nixos/modules/services/networking/consul.nix index 1a0910fc93448..2d9b10514a722 100644 --- a/nixos/modules/services/networking/consul.nix +++ b/nixos/modules/services/networking/consul.nix @@ -28,7 +28,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enables the consul daemon. ''; }; @@ -38,7 +38,7 @@ in webUi = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enables the web interface on the consul http port. ''; }; @@ -46,7 +46,7 @@ in leaveOnStop = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' If enabled, causes a leave action to be sent when closing consul. This allows a clean termination of the node, but permanently removes it from the cluster. You probably don't want this option unless you @@ -60,7 +60,7 @@ in advertise = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The name of the interface to pull the advertise_addr from. ''; }; @@ -68,7 +68,7 @@ in bind = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The name of the interface to pull the bind_addr from. ''; }; @@ -77,7 +77,7 @@ in forceAddrFamily = mkOption { type = types.enum [ "any" "ipv4" "ipv6" ]; default = "any"; - description = lib.mdDoc '' + description = '' Whether to bind ipv4/ipv6 or both kind of addresses. ''; }; @@ -85,7 +85,7 @@ in forceIpv4 = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Deprecated: Use consul.forceAddrFamily instead. Whether we should force the interfaces to only pull ipv4 addresses. ''; @@ -94,7 +94,7 @@ in dropPrivileges = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether the consul agent should be run as a non-root consul user. ''; }; @@ -102,7 +102,7 @@ in extraConfig = mkOption { default = { }; type = types.attrsOf types.anything; - description = lib.mdDoc '' + description = '' Extra configuration options which are serialized to json and added to the config.json file. ''; @@ -111,37 +111,37 @@ in extraConfigFiles = mkOption { default = [ ]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' Additional configuration files to pass to consul NOTE: These will not trigger the service to be restarted when altered. ''; }; alerts = { - enable = mkEnableOption (lib.mdDoc "consul-alerts"); + enable = mkEnableOption "consul-alerts"; package = mkPackageOption pkgs "consul-alerts" { }; listenAddr = mkOption { - description = lib.mdDoc "Api listening address."; + description = "Api listening address."; default = "localhost:9000"; type = types.str; }; consulAddr = mkOption { - description = lib.mdDoc "Consul api listening address"; + description = "Consul api listening address"; default = "localhost:8500"; type = types.str; }; watchChecks = mkOption { - description = lib.mdDoc "Whether to enable check watcher."; + description = "Whether to enable check watcher."; default = true; type = types.bool; }; watchEvents = mkOption { - description = lib.mdDoc "Whether to enable event watcher."; + description = "Whether to enable event watcher."; default = true; type = types.bool; }; diff --git a/nixos/modules/services/networking/coredns.nix b/nixos/modules/services/networking/coredns.nix index f6eec2f962dd1..370b9e6e8043f 100644 --- a/nixos/modules/services/networking/coredns.nix +++ b/nixos/modules/services/networking/coredns.nix @@ -7,7 +7,7 @@ let configFile = pkgs.writeText "Corefile" cfg.config; in { options.services.coredns = { - enable = mkEnableOption (lib.mdDoc "Coredns dns server"); + enable = mkEnableOption "Coredns dns server"; config = mkOption { default = ""; @@ -17,7 +17,7 @@ in { } ''; type = types.lines; - description = lib.mdDoc '' + description = '' Verbatim Corefile to use. See <https://coredns.io/manual/toc/#configuration> for details. ''; @@ -29,7 +29,7 @@ in { default = []; example = [ "-dns.port=53" ]; type = types.listOf types.str; - description = lib.mdDoc "Extra arguments to pass to coredns."; + description = "Extra arguments to pass to coredns."; }; }; diff --git a/nixos/modules/services/networking/corerad.nix b/nixos/modules/services/networking/corerad.nix index 33ea2862174e9..2203aa30c1613 100644 --- a/nixos/modules/services/networking/corerad.nix +++ b/nixos/modules/services/networking/corerad.nix @@ -10,7 +10,7 @@ in { meta.maintainers = with maintainers; [ mdlayher ]; options.services.corerad = { - enable = mkEnableOption (lib.mdDoc "CoreRAD IPv6 NDP RA daemon"); + enable = mkEnableOption "CoreRAD IPv6 NDP RA daemon"; settings = mkOption { type = settingsFormat.type; @@ -36,7 +36,7 @@ in { }; } ''; - description = lib.mdDoc '' + description = '' Configuration for CoreRAD, see <https://github.com/mdlayher/corerad/blob/main/internal/config/reference.toml> for supported values. Ignored if configFile is set. ''; @@ -45,7 +45,7 @@ in { configFile = mkOption { type = types.path; example = literalExpression ''"''${pkgs.corerad}/etc/corerad/corerad.toml"''; - description = lib.mdDoc "Path to CoreRAD TOML configuration file."; + description = "Path to CoreRAD TOML configuration file."; }; package = mkPackageOption pkgs "corerad" { }; diff --git a/nixos/modules/services/networking/coturn.nix b/nixos/modules/services/networking/coturn.nix index 2f34a72377ce2..3166c0dfb578d 100644 --- a/nixos/modules/services/networking/coturn.nix +++ b/nixos/modules/services/networking/coturn.nix @@ -40,11 +40,11 @@ ${cfg.extraConfig} in { options = { services.coturn = { - enable = mkEnableOption (lib.mdDoc "coturn TURN server"); + enable = mkEnableOption "coturn TURN server"; listening-port = mkOption { type = types.int; default = 3478; - description = lib.mdDoc '' + description = '' TURN listener port for UDP and TCP. Note: actually, TLS and DTLS sessions can connect to the "plain" TCP and UDP port(s), too - if allowed by configuration. @@ -53,7 +53,7 @@ in { tls-listening-port = mkOption { type = types.int; default = 5349; - description = lib.mdDoc '' + description = '' TURN listener port for TLS. Note: actually, "plain" TCP and UDP sessions can connect to the TLS and DTLS port(s), too - if allowed by configuration. The TURN server @@ -69,7 +69,7 @@ in { type = types.int; default = cfg.listening-port + 1; defaultText = literalExpression "listening-port + 1"; - description = lib.mdDoc '' + description = '' Alternative listening port for UDP and TCP listeners; default (or zero) value means "listening port plus one". This is needed for RFC 5780 support @@ -84,7 +84,7 @@ in { type = types.int; default = cfg.tls-listening-port + 1; defaultText = literalExpression "tls-listening-port + 1"; - description = lib.mdDoc '' + description = '' Alternative listening port for TLS and DTLS protocols. ''; }; @@ -92,7 +92,7 @@ in { type = types.listOf types.str; default = []; example = [ "203.0.113.42" "2001:DB8::42" ]; - description = lib.mdDoc '' + description = '' Listener IP addresses of relay server. If no IP(s) specified in the config file or in the command line options, then all IPv4 and IPv6 system IPs will be used for listening. @@ -102,7 +102,7 @@ in { type = types.listOf types.str; default = []; example = [ "203.0.113.42" "2001:DB8::42" ]; - description = lib.mdDoc '' + description = '' Relay address (the local IP address that will be used to relay the packets to the peer). Multiple relay addresses may be used. @@ -118,28 +118,28 @@ in { min-port = mkOption { type = types.int; default = 49152; - description = lib.mdDoc '' + description = '' Lower bound of UDP relay endpoints ''; }; max-port = mkOption { type = types.int; default = 65535; - description = lib.mdDoc '' + description = '' Upper bound of UDP relay endpoints ''; }; lt-cred-mech = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Use long-term credential mechanism. ''; }; no-auth = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' This option is opposite to lt-cred-mech. (TURN Server with no-auth option allows anonymous access). If neither option is defined, and no users are defined, @@ -151,7 +151,7 @@ in { use-auth-secret = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' TURN REST API flag. Flag that sets a special authorization option that is based upon authentication secret. This feature can be used with the long-term authentication mechanism, only. @@ -175,7 +175,7 @@ in { static-auth-secret = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' 'Static' authentication secret value (a string) for TURN REST API only. If not set, then the turn server will try to use the 'dynamic' value in turn_secret table @@ -186,7 +186,7 @@ in { static-auth-secret-file = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Path to the file containing the static authentication secret. ''; }; @@ -195,7 +195,7 @@ in { default = config.networking.hostName; defaultText = literalExpression "config.networking.hostName"; example = "example.com"; - description = lib.mdDoc '' + description = '' The default realm to be used for the users when no explicit origin/realm relationship was found in the database, or if the TURN server is not using any database (just the commands-line settings @@ -207,7 +207,7 @@ in { type = types.nullOr types.str; default = null; example = "/var/lib/acme/example.com/fullchain.pem"; - description = lib.mdDoc '' + description = '' Certificate file in PEM format. ''; }; @@ -215,21 +215,21 @@ in { type = types.nullOr types.str; default = null; example = "/var/lib/acme/example.com/key.pem"; - description = lib.mdDoc '' + description = '' Private key file in PEM format. ''; }; dh-file = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Use custom DH TLS key, stored in PEM format in the file. ''; }; secure-stun = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Require authentication of the STUN Binding request. By default, the clients are allowed anonymous access to the STUN Binding functionality. ''; @@ -237,28 +237,28 @@ in { no-cli = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Turn OFF the CLI support. ''; }; cli-ip = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc '' + description = '' Local system IP address to be used for CLI server endpoint. ''; }; cli-port = mkOption { type = types.int; default = 5766; - description = lib.mdDoc '' + description = '' CLI server port. ''; }; cli-password = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' CLI access password. For the security reasons, it is recommended to use the encrypted for of the password (see the -P command in the turnadmin utility). @@ -267,37 +267,37 @@ in { no-udp = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Disable UDP client listener"; + description = "Disable UDP client listener"; }; no-tcp = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Disable TCP client listener"; + description = "Disable TCP client listener"; }; no-tls = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Disable TLS client listener"; + description = "Disable TLS client listener"; }; no-dtls = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Disable DTLS client listener"; + description = "Disable DTLS client listener"; }; no-udp-relay = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Disable UDP relay endpoints"; + description = "Disable UDP relay endpoints"; }; no-tcp-relay = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Disable TCP relay endpoints"; + description = "Disable TCP relay endpoints"; }; extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Additional configuration options"; + description = "Additional configuration options"; }; }; }; diff --git a/nixos/modules/services/networking/create_ap.nix b/nixos/modules/services/networking/create_ap.nix index 994aa6d36d2ae..9bdbcee018edc 100644 --- a/nixos/modules/services/networking/create_ap.nix +++ b/nixos/modules/services/networking/create_ap.nix @@ -8,11 +8,11 @@ let in { options = { services.create_ap = { - enable = mkEnableOption (lib.mdDoc "setting up wifi hotspots using create_ap"); + enable = mkEnableOption "setting up wifi hotspots using create_ap"; settings = mkOption { type = with types; attrsOf (oneOf [ int bool str ]); default = {}; - description = lib.mdDoc '' + description = '' Configuration for `create_ap`. See [upstream example configuration](https://raw.githubusercontent.com/lakinduakash/linux-wifi-hotspot/master/src/scripts/create_ap.conf) for supported values. diff --git a/nixos/modules/services/networking/croc.nix b/nixos/modules/services/networking/croc.nix index 45bfd447da454..799bf390d526c 100644 --- a/nixos/modules/services/networking/croc.nix +++ b/nixos/modules/services/networking/croc.nix @@ -6,19 +6,19 @@ let in { options.services.croc = { - enable = lib.mkEnableOption (lib.mdDoc "croc relay"); + enable = lib.mkEnableOption "croc relay"; ports = lib.mkOption { type = with types; listOf port; default = [9009 9010 9011 9012 9013]; - description = lib.mdDoc "Ports of the relay."; + description = "Ports of the relay."; }; pass = lib.mkOption { type = with types; either path str; default = "pass123"; - description = lib.mdDoc "Password or passwordfile for the relay."; + description = "Password or passwordfile for the relay."; }; - openFirewall = lib.mkEnableOption (lib.mdDoc "opening of the peer port(s) in the firewall"); - debug = lib.mkEnableOption (lib.mdDoc "debug logs"); + openFirewall = lib.mkEnableOption "opening of the peer port(s) in the firewall"; + debug = lib.mkEnableOption "debug logs"; }; config = lib.mkIf cfg.enable { diff --git a/nixos/modules/services/networking/dae.nix b/nixos/modules/services/networking/dae.nix index 404ce59741f8f..34ebb47c18e77 100644 --- a/nixos/modules/services/networking/dae.nix +++ b/nixos/modules/services/networking/dae.nix @@ -13,8 +13,7 @@ in options = { services.dae = with lib;{ - enable = mkEnableOption - (mdDoc "dae, a Linux high-performance transparent proxy solution based on eBPF"); + enable = mkEnableOption "dae, a Linux high-performance transparent proxy solution based on eBPF"; package = mkPackageOption pkgs "dae" { }; @@ -23,7 +22,7 @@ in type = with types;(listOf path); default = with pkgs; [ v2ray-geoip v2ray-domain-list-community ]; defaultText = literalExpression "with pkgs; [ v2ray-geoip v2ray-domain-list-community ]"; - description = mdDoc '' + description = '' Assets required to run dae. ''; }; @@ -37,7 +36,7 @@ in paths = assets; })/share/v2ray ''; - description = mdDoc '' + description = '' The path which contains geolocation database. This option will override `assets`. ''; @@ -46,7 +45,7 @@ in openFirewall = mkOption { type = with types; submodule { options = { - enable = mkEnableOption (mdDoc "opening {option}`port` in the firewall"); + enable = mkEnableOption "opening {option}`port` in the firewall"; port = mkOption { type = types.port; description = '' @@ -65,7 +64,7 @@ in port = 12345; } ''; - description = mdDoc '' + description = '' Open the firewall port. ''; }; @@ -74,7 +73,7 @@ in type = with types; (nullOr path); default = null; example = "/path/to/your/config.dae"; - description = mdDoc '' + description = '' The path of dae config file, end with `.dae`. ''; }; @@ -82,7 +81,7 @@ in config = mkOption { type = with types; (nullOr str); default = null; - description = mdDoc '' + description = '' WARNING: This option will expose store your config unencrypted world-readable in the nix store. Config text for dae. @@ -91,7 +90,7 @@ in }; disableTxChecksumIpGeneric = - mkEnableOption "" // { description = mdDoc "See <https://github.com/daeuniverse/dae/issues/43>"; }; + mkEnableOption "" // { description = "See <https://github.com/daeuniverse/dae/issues/43>"; }; }; }; diff --git a/nixos/modules/services/networking/dante.nix b/nixos/modules/services/networking/dante.nix index f0d1d6305c54d..d5e76b83986b0 100644 --- a/nixos/modules/services/networking/dante.nix +++ b/nixos/modules/services/networking/dante.nix @@ -19,11 +19,11 @@ in options = { services.dante = { - enable = mkEnableOption (lib.mdDoc "Dante SOCKS proxy"); + enable = mkEnableOption "Dante SOCKS proxy"; config = mkOption { type = types.lines; - description = lib.mdDoc '' + description = '' Contents of Dante's configuration file. NOTE: user.privileged, user.unprivileged and logoutput are set by the service. ''; diff --git a/nixos/modules/services/networking/ddclient.nix b/nixos/modules/services/networking/ddclient.nix index 18f205b8d99ef..b912550e1155e 100644 --- a/nixos/modules/services/networking/ddclient.nix +++ b/nixos/modules/services/networking/ddclient.nix @@ -63,7 +63,7 @@ with lib; enable = mkOption { default = false; type = bool; - description = lib.mdDoc '' + description = '' Whether to synchronise your machine's IP address with a dynamic DNS provider (e.g. dyndns.org). ''; }; @@ -72,7 +72,7 @@ with lib; type = package; default = pkgs.ddclient; defaultText = lib.literalExpression "pkgs.ddclient"; - description = lib.mdDoc '' + description = '' The ddclient executable package run by the service. ''; }; @@ -80,7 +80,7 @@ with lib; domains = mkOption { default = [ "" ]; type = listOf str; - description = lib.mdDoc '' + description = '' Domain name(s) to synchronize. ''; }; @@ -90,7 +90,7 @@ with lib; default = lib.optionalString (config.services.ddclient.protocol == "nsupdate") "${pkgs.bind.dnsutils}/bin/nsupdate"; defaultText = ""; type = str; - description = lib.mdDoc '' + description = '' User name. ''; }; @@ -98,7 +98,7 @@ with lib; passwordFile = mkOption { default = null; type = nullOr str; - description = lib.mdDoc '' + description = '' A file containing the password or a TSIG key in named format when using the nsupdate protocol. ''; }; @@ -106,7 +106,7 @@ with lib; interval = mkOption { default = "10min"; type = str; - description = lib.mdDoc '' + description = '' The interval at which to run the check and update. See {command}`man 7 systemd.time` for the format. ''; @@ -115,7 +115,7 @@ with lib; configFile = mkOption { default = null; type = nullOr path; - description = lib.mdDoc '' + description = '' Path to configuration file. When set this overrides the generated configuration from module options. ''; @@ -125,7 +125,7 @@ with lib; protocol = mkOption { default = "dyndns2"; type = str; - description = lib.mdDoc '' + description = '' Protocol to use with dynamic DNS provider (see https://ddclient.net/protocols.html ). ''; }; @@ -133,7 +133,7 @@ with lib; server = mkOption { default = ""; type = str; - description = lib.mdDoc '' + description = '' Server address. ''; }; @@ -141,7 +141,7 @@ with lib; ssl = mkOption { default = true; type = bool; - description = lib.mdDoc '' + description = '' Whether to use SSL/TLS to connect to dynamic DNS provider. ''; }; @@ -149,7 +149,7 @@ with lib; quiet = mkOption { default = false; type = bool; - description = lib.mdDoc '' + description = '' Print no messages for unnecessary updates. ''; }; @@ -157,7 +157,7 @@ with lib; script = mkOption { default = ""; type = str; - description = lib.mdDoc '' + description = '' script as required by some providers. ''; }; @@ -165,7 +165,7 @@ with lib; use = mkOption { default = "web, web=checkip.dyndns.com/, web-skip='Current IP Address: '"; type = str; - description = lib.mdDoc '' + description = '' Method to determine the IP address to send to the dynamic DNS provider. ''; }; @@ -173,7 +173,7 @@ with lib; verbose = mkOption { default = false; type = bool; - description = lib.mdDoc '' + description = '' Print verbose information. ''; }; @@ -181,7 +181,7 @@ with lib; zone = mkOption { default = ""; type = str; - description = lib.mdDoc '' + description = '' zone as required by some providers. ''; }; @@ -189,7 +189,7 @@ with lib; extraConfig = mkOption { default = ""; type = lines; - description = lib.mdDoc '' + description = '' Extra configuration. Contents will be added verbatim to the configuration file. ::: {.note} diff --git a/nixos/modules/services/networking/deconz.nix b/nixos/modules/services/networking/deconz.nix index 05b7247087771..88b0ee612d871 100644 --- a/nixos/modules/services/networking/deconz.nix +++ b/nixos/modules/services/networking/deconz.nix @@ -93,6 +93,13 @@ in # be garbage collected. Ensure the file gets "refreshed" on every start. rm -f ${stateDir}/.local/share/dresden-elektronik/deCONZ/zcldb.txt ''; + postStart = '' + # Delay signalling service readiness until it's actually up. + while ! "${lib.getExe pkgs.curl}" -sSfL -o /dev/null "http://${cfg.listenAddress}:${toString cfg.httpPort}"; do + echo "Waiting for TCP port ${toString cfg.httpPort} to be open..." + sleep 1 + done + ''; environment = { HOME = stateDir; XDG_RUNTIME_DIR = "/run/${name}"; diff --git a/nixos/modules/services/networking/dhcpcd.nix b/nixos/modules/services/networking/dhcpcd.nix index 8d5ac02ba88be..a88ce0f1b5a5b 100644 --- a/nixos/modules/services/networking/dhcpcd.nix +++ b/nixos/modules/services/networking/dhcpcd.nix @@ -119,7 +119,7 @@ in networking.dhcpcd.enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable dhcpcd for device configuration. This is mainly to explicitly disable dhcpcd (for example when using networkd). ''; @@ -128,7 +128,7 @@ in networking.dhcpcd.persistent = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whenever to leave interfaces configured on dhcpcd daemon shutdown. Set to true if you have your root or store mounted over the network or this machine accepts SSH connections @@ -140,7 +140,7 @@ in networking.dhcpcd.denyInterfaces = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' Disable the DHCP client for any interface whose name matches any of the shell glob patterns in this list. The purpose of this option is to blacklist virtual interfaces such as those @@ -151,7 +151,7 @@ in networking.dhcpcd.allowInterfaces = mkOption { type = types.nullOr (types.listOf types.str); default = null; - description = lib.mdDoc '' + description = '' Enable the DHCP client for any interface whose name matches any of the shell glob patterns in this list. Any interface not explicitly matched by this pattern will be denied. This pattern only @@ -162,7 +162,7 @@ in networking.dhcpcd.extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Literal string to append to the config file generated for dhcpcd. ''; }; @@ -170,7 +170,7 @@ in networking.dhcpcd.IPv6rs = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Force enable or disable solicitation and receipt of IPv6 Router Advertisements. This is required, for example, when using a static unique local IPv6 address (ULA) and global IPv6 address auto-configuration with SLAAC. @@ -181,7 +181,7 @@ in type = types.lines; default = ""; example = "if [[ $reason =~ BOUND ]]; then echo $interface: Routers are $new_routers - were $old_routers; fi"; - description = lib.mdDoc '' + description = '' Shell code that will be run after all other hooks. See `man dhcpcd-run-hooks` for details on what is possible. ''; @@ -190,7 +190,7 @@ in networking.dhcpcd.wait = mkOption { type = types.enum [ "background" "any" "ipv4" "ipv6" "both" "if-carrier-up" ]; default = "any"; - description = lib.mdDoc '' + description = '' This option specifies when the dhcpcd service will fork to background. If set to "background", dhcpcd will fork to background immediately. If set to "ipv4" or "ipv6", dhcpcd will wait for the corresponding IP diff --git a/nixos/modules/services/networking/dnscache.nix b/nixos/modules/services/networking/dnscache.nix index 4f5b77a5b6851..160c7611c6b83 100644 --- a/nixos/modules/services/networking/dnscache.nix +++ b/nixos/modules/services/networking/dnscache.nix @@ -38,26 +38,26 @@ in { enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc "Whether to run the dnscache caching dns server."; + description = "Whether to run the dnscache caching dns server."; }; ip = mkOption { default = "0.0.0.0"; type = types.str; - description = lib.mdDoc "IP address on which to listen for connections."; + description = "IP address on which to listen for connections."; }; clientIps = mkOption { default = [ "127.0.0.1" ]; type = types.listOf types.str; - description = lib.mdDoc "Client IP addresses (or prefixes) from which to accept connections."; + description = "Client IP addresses (or prefixes) from which to accept connections."; example = ["192.168" "172.23.75.82"]; }; domainServers = mkOption { default = { }; type = types.attrsOf (types.listOf types.str); - description = lib.mdDoc '' + description = '' Table of {hostname: server} pairs to use as authoritative servers for hosts (and subhosts). If entry for @ is not specified predefined list of root servers is used. ''; @@ -72,7 +72,7 @@ in { forwardOnly = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to treat root servers (for @) as caching servers, requesting addresses the same way a client does. This is needed if you want to use e.g. Google DNS as your upstream DNS. diff --git a/nixos/modules/services/networking/dnscrypt-proxy2.nix b/nixos/modules/services/networking/dnscrypt-proxy2.nix index 4592a0c2f6b32..980eda117b1eb 100644 --- a/nixos/modules/services/networking/dnscrypt-proxy2.nix +++ b/nixos/modules/services/networking/dnscrypt-proxy2.nix @@ -6,10 +6,10 @@ in { options.services.dnscrypt-proxy2 = { - enable = mkEnableOption (lib.mdDoc "dnscrypt-proxy2"); + enable = mkEnableOption "dnscrypt-proxy2"; settings = mkOption { - description = lib.mdDoc '' + description = '' Attrset that is converted and passed as TOML config file. For available params, see: <https://github.com/DNSCrypt/dnscrypt-proxy/blob/${pkgs.dnscrypt-proxy.version}/dnscrypt-proxy/example-dnscrypt-proxy.toml> ''; @@ -28,7 +28,7 @@ in }; upstreamDefaults = mkOption { - description = lib.mdDoc '' + description = '' Whether to base the config declared in {option}`services.dnscrypt-proxy2.settings` on the upstream example config (<https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/dnscrypt-proxy/example-dnscrypt-proxy.toml>) Disable this if you want to declare your dnscrypt config from scratch. @@ -38,7 +38,7 @@ in }; configFile = mkOption { - description = lib.mdDoc '' + description = '' Path to TOML config file. See: <https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/dnscrypt-proxy/example-dnscrypt-proxy.toml> If this option is set, it will override any configuration done in options.services.dnscrypt-proxy2.settings. ''; @@ -49,12 +49,12 @@ in passAsFile = [ "json" ]; } '' ${if cfg.upstreamDefaults then '' - ${pkgs.remarshal}/bin/toml2json ${pkgs.dnscrypt-proxy.src}/dnscrypt-proxy/example-dnscrypt-proxy.toml > example.json - ${pkgs.jq}/bin/jq --slurp add example.json $jsonPath > config.json # merges the two + ${pkgs.buildPackages.remarshal}/bin/toml2json ${pkgs.dnscrypt-proxy.src}/dnscrypt-proxy/example-dnscrypt-proxy.toml > example.json + ${pkgs.buildPackages.jq}/bin/jq --slurp add example.json $jsonPath > config.json # merges the two '' else '' cp $jsonPath config.json ''} - ${pkgs.remarshal}/bin/json2toml < config.json > $out + ${pkgs.buildPackages.remarshal}/bin/json2toml < config.json > $out ''; defaultText = literalMD "TOML file generated from {option}`services.dnscrypt-proxy2.settings`"; }; diff --git a/nixos/modules/services/networking/dnscrypt-wrapper.nix b/nixos/modules/services/networking/dnscrypt-wrapper.nix index 741f054cd88be..fb07d893b88ee 100644 --- a/nixos/modules/services/networking/dnscrypt-wrapper.nix +++ b/nixos/modules/services/networking/dnscrypt-wrapper.nix @@ -124,12 +124,12 @@ in { ###### interface options.services.dnscrypt-wrapper = { - enable = mkEnableOption (lib.mdDoc "DNSCrypt wrapper"); + enable = mkEnableOption "DNSCrypt wrapper"; address = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc '' + description = '' The DNSCrypt wrapper will bind to this IP address. ''; }; @@ -137,7 +137,7 @@ in { port = mkOption { type = types.port; default = 5353; - description = lib.mdDoc '' + description = '' The DNSCrypt wrapper will listen for DNS queries on this port. ''; }; @@ -147,7 +147,7 @@ in { default = "2.dnscrypt-cert.${config.networking.hostName}"; defaultText = literalExpression ''"2.dnscrypt-cert.''${config.networking.hostName}"''; example = "2.dnscrypt-cert.myresolver"; - description = lib.mdDoc '' + description = '' The name that will be given to this DNSCrypt resolver. Note: the resolver name must start with `2.dnscrypt-cert.`. ''; @@ -157,7 +157,7 @@ in { type = types.nullOr types.path; default = null; example = "/etc/secrets/public.key"; - description = lib.mdDoc '' + description = '' The filepath to the provider public key. If not given a new provider key pair will be generated on the first run. ''; @@ -167,7 +167,7 @@ in { type = types.nullOr types.path; default = null; example = "/etc/secrets/secret.key"; - description = lib.mdDoc '' + description = '' The filepath to the provider secret key. If not given a new provider key pair will be generated on the first run. ''; @@ -176,7 +176,7 @@ in { upstream.address = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc '' + description = '' The IP address of the upstream DNS server DNSCrypt will "wrap". ''; }; @@ -184,7 +184,7 @@ in { upstream.port = mkOption { type = types.port; default = 53; - description = lib.mdDoc '' + description = '' The port of the upstream DNS server DNSCrypt will "wrap". ''; }; @@ -192,7 +192,7 @@ in { keys.expiration = mkOption { type = types.int; default = 30; - description = lib.mdDoc '' + description = '' The duration (in days) of the time-limited secret key. This will be automatically rotated before expiration. ''; @@ -201,7 +201,7 @@ in { keys.checkInterval = mkOption { type = types.int; default = 1440; - description = lib.mdDoc '' + description = '' The time interval (in minutes) between key expiration checks. ''; }; diff --git a/nixos/modules/services/networking/dnsdist.nix b/nixos/modules/services/networking/dnsdist.nix index 792185c9fbea4..cf17a87f649f4 100644 --- a/nixos/modules/services/networking/dnsdist.nix +++ b/nixos/modules/services/networking/dnsdist.nix @@ -80,31 +80,31 @@ let in { options = { services.dnsdist = { - enable = mkEnableOption (lib.mdDoc "dnsdist domain name server"); + enable = mkEnableOption "dnsdist domain name server"; listenAddress = mkOption { type = types.str; - description = lib.mdDoc "Listen IP address"; + description = "Listen IP address"; default = "0.0.0.0"; }; listenPort = mkOption { type = types.port; - description = lib.mdDoc "Listen port"; + description = "Listen port"; default = 53; }; dnscrypt = { - enable = mkEnableOption (lib.mdDoc "a DNSCrypt endpoint to dnsdist"); + enable = mkEnableOption "a DNSCrypt endpoint to dnsdist"; listenAddress = mkOption { type = types.str; - description = lib.mdDoc "Listen IP address of the endpoint"; + description = "Listen IP address of the endpoint"; default = "0.0.0.0"; }; listenPort = mkOption { type = types.port; - description = lib.mdDoc "Listen port of the endpoint"; + description = "Listen port of the endpoint"; default = 443; }; @@ -113,7 +113,7 @@ in { default = "2.dnscrypt-cert.${config.networking.hostName}"; defaultText = literalExpression "2.dnscrypt-cert.\${config.networking.hostName}"; example = "2.dnscrypt-cert.myresolver"; - description = lib.mdDoc '' + description = '' The name that will be given to this DNSCrypt resolver. ::: {.note} @@ -125,7 +125,7 @@ in { providerKey = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' The filepath to the provider secret key. If not given a new provider key pair will be generated in /var/lib/dnsdist on the first run. @@ -139,7 +139,7 @@ in { certLifetime = mkOption { type = types.ints.positive; default = 15; - description = lib.mdDoc '' + description = '' The lifetime (in minutes) of the resolver certificate. This will be automatically rotated before expiration. ''; @@ -150,7 +150,7 @@ in { extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra lines to be added verbatim to dnsdist.conf. ''; }; diff --git a/nixos/modules/services/networking/dnsmasq.nix b/nixos/modules/services/networking/dnsmasq.nix index d01a1b6707a53..e9052cdd3faef 100644 --- a/nixos/modules/services/networking/dnsmasq.nix +++ b/nixos/modules/services/networking/dnsmasq.nix @@ -48,7 +48,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to run dnsmasq. ''; }; @@ -58,7 +58,7 @@ in resolveLocalQueries = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether dnsmasq should resolve local queries (i.e. add 127.0.0.1 to /etc/resolv.conf). ''; @@ -67,7 +67,7 @@ in alwaysKeepRunning = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' If enabled, systemd will always respawn dnsmasq even if shut down manually. The default, disabled, will only restart it on error. ''; }; @@ -81,14 +81,14 @@ in type = types.listOf types.str; default = [ ]; example = [ "8.8.8.8" "8.8.4.4" ]; - description = lib.mdDoc '' + description = '' The DNS servers which dnsmasq should query. ''; }; }; default = { }; - description = lib.mdDoc '' + description = '' Configuration of dnsmasq. Lists get added one value per line (empty lists and false values don't get added, though false values get turned to comments). Gets merged with @@ -110,7 +110,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra configuration directives that should be added to `dnsmasq.conf`. diff --git a/nixos/modules/services/networking/dnsproxy.nix b/nixos/modules/services/networking/dnsproxy.nix index f0be74d7591f4..80b66743ce9d6 100644 --- a/nixos/modules/services/networking/dnsproxy.nix +++ b/nixos/modules/services/networking/dnsproxy.nix @@ -7,7 +7,6 @@ let lists literalExpression maintainers - mdDoc mkEnableOption mkIf mkOption @@ -25,7 +24,7 @@ in options.services.dnsproxy = { - enable = mkEnableOption (lib.mdDoc "dnsproxy"); + enable = mkEnableOption "dnsproxy"; package = mkPackageOption pkgs "dnsproxy" { }; @@ -48,7 +47,7 @@ in ]; } ''; - description = mdDoc '' + description = '' Contents of the `config.yaml` config file. The `--config-path` argument will only be passed if this set is not empty. @@ -60,7 +59,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "--upstream=1.1.1.1:53" ]; - description = lib.mdDoc '' + description = '' A list of extra command-line flags to pass to dnsproxy. For details on the available options, see <https://github.com/AdguardTeam/dnsproxy#usage>. Keep in mind that options passed through command-line flags override diff --git a/nixos/modules/services/networking/doh-proxy-rust.nix b/nixos/modules/services/networking/doh-proxy-rust.nix index 7f8bbb8a76998..1f3850a77bf1c 100644 --- a/nixos/modules/services/networking/doh-proxy-rust.nix +++ b/nixos/modules/services/networking/doh-proxy-rust.nix @@ -10,13 +10,13 @@ in { options.services.doh-proxy-rust = { - enable = mkEnableOption (lib.mdDoc "doh-proxy-rust"); + enable = mkEnableOption "doh-proxy-rust"; flags = mkOption { type = types.listOf types.str; default = []; example = [ "--server-address=9.9.9.9:53" ]; - description = lib.mdDoc '' + description = '' A list of command-line flags to pass to doh-proxy. For details on the available options, see <https://github.com/jedisct1/doh-server#usage>. ''; diff --git a/nixos/modules/services/networking/ejabberd.nix b/nixos/modules/services/networking/ejabberd.nix index 78af256f9c81b..3e92a2d3f7eb2 100644 --- a/nixos/modules/services/networking/ejabberd.nix +++ b/nixos/modules/services/networking/ejabberd.nix @@ -26,7 +26,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable ejabberd server"; + description = "Whether to enable ejabberd server"; }; package = mkPackageOption pkgs "ejabberd" { }; @@ -34,50 +34,50 @@ in { user = mkOption { type = types.str; default = "ejabberd"; - description = lib.mdDoc "User under which ejabberd is ran"; + description = "User under which ejabberd is ran"; }; group = mkOption { type = types.str; default = "ejabberd"; - description = lib.mdDoc "Group under which ejabberd is ran"; + description = "Group under which ejabberd is ran"; }; spoolDir = mkOption { type = types.path; default = "/var/lib/ejabberd"; - description = lib.mdDoc "Location of the spooldir of ejabberd"; + description = "Location of the spooldir of ejabberd"; }; logsDir = mkOption { type = types.path; default = "/var/log/ejabberd"; - description = lib.mdDoc "Location of the logfile directory of ejabberd"; + description = "Location of the logfile directory of ejabberd"; }; configFile = mkOption { type = types.nullOr types.path; - description = lib.mdDoc "Configuration file for ejabberd in YAML format"; + description = "Configuration file for ejabberd in YAML format"; default = null; }; ctlConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Configuration of ejabberdctl"; + description = "Configuration of ejabberdctl"; }; loadDumps = mkOption { type = types.listOf types.path; default = []; - description = lib.mdDoc "Configuration dumps that should be loaded on the first startup"; + description = "Configuration dumps that should be loaded on the first startup"; example = literalExpression "[ ./myejabberd.dump ]"; }; imagemagick = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Add ImageMagick to server's path; allows for image thumbnailing"; + description = "Add ImageMagick to server's path; allows for image thumbnailing"; }; }; diff --git a/nixos/modules/services/networking/envoy.nix b/nixos/modules/services/networking/envoy.nix index 779c77ff6c81e..b36c184fe8d53 100644 --- a/nixos/modules/services/networking/envoy.nix +++ b/nixos/modules/services/networking/envoy.nix @@ -15,14 +15,14 @@ in { options.services.envoy = { - enable = mkEnableOption (lib.mdDoc "Envoy reverse proxy"); + enable = mkEnableOption "Envoy reverse proxy"; package = mkPackageOption pkgs "envoy" { }; requireValidConfig = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether a failure during config validation at build time is fatal. When the config can't be checked during build time, for example when it includes other files, disable this option. @@ -50,7 +50,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' Specify the configuration for Envoy in Nix. ''; }; diff --git a/nixos/modules/services/networking/epmd.nix b/nixos/modules/services/networking/epmd.nix index 318e325944b5d..b450aa1b62c75 100644 --- a/nixos/modules/services/networking/epmd.nix +++ b/nixos/modules/services/networking/epmd.nix @@ -11,7 +11,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable socket activation for Erlang Port Mapper Daemon (epmd), which acts as a name server on all hosts involved in distributed Erlang computations. @@ -22,7 +22,7 @@ in { type = types.str; default = "[::]:4369"; - description = lib.mdDoc '' + description = '' the listenStream used by the systemd socket. see https://www.freedesktop.org/software/systemd/man/systemd.socket.html#ListenStream= for more information. use this to change the port epmd will run on. diff --git a/nixos/modules/services/networking/ergo.nix b/nixos/modules/services/networking/ergo.nix index 1bee0f43f988a..7e06b7d76b202 100644 --- a/nixos/modules/services/networking/ergo.nix +++ b/nixos/modules/services/networking/ergo.nix @@ -33,25 +33,25 @@ in { options = { services.ergo = { - enable = mkEnableOption (lib.mdDoc "Ergo service"); + enable = mkEnableOption "Ergo service"; dataDir = mkOption { type = types.path; default = "/var/lib/ergo"; - description = lib.mdDoc "The data directory for the Ergo node."; + description = "The data directory for the Ergo node."; }; listen = { ip = mkOption { type = types.str; default = "0.0.0.0"; - description = lib.mdDoc "IP address on which the Ergo node should listen."; + description = "IP address on which the Ergo node should listen."; }; port = mkOption { type = types.port; default = 9006; - description = lib.mdDoc "Listen port for the Ergo node."; + description = "Listen port for the Ergo node."; }; }; @@ -60,20 +60,20 @@ in { type = types.nullOr types.str; default = null; example = "324dcf027dd4a30a932c441f365a25e86b173defa4b8e58948253471b81b72cf"; - description = lib.mdDoc "Hex-encoded Blake2b256 hash of an API key as a 64-chars long Base16 string."; + description = "Hex-encoded Blake2b256 hash of an API key as a 64-chars long Base16 string."; }; listen = { ip = mkOption { type = types.str; default = "0.0.0.0"; - description = lib.mdDoc "IP address that the Ergo node API should listen on if {option}`api.keyHash` is defined."; + description = "IP address that the Ergo node API should listen on if {option}`api.keyHash` is defined."; }; port = mkOption { type = types.port; default = 9052; - description = lib.mdDoc "Listen port for the API endpoint if {option}`api.keyHash` is defined."; + description = "Listen port for the API endpoint if {option}`api.keyHash` is defined."; }; }; }; @@ -81,26 +81,26 @@ in { testnet = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Connect to testnet network instead of the default mainnet."; + description = "Connect to testnet network instead of the default mainnet."; }; user = mkOption { type = types.str; default = "ergo"; - description = lib.mdDoc "The user as which to run the Ergo node."; + description = "The user as which to run the Ergo node."; }; group = mkOption { type = types.str; default = cfg.user; defaultText = literalExpression "config.${opt.user}"; - description = lib.mdDoc "The group as which to run the Ergo node."; + description = "The group as which to run the Ergo node."; }; openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Open ports in the firewall for the Ergo node as well as the API."; + description = "Open ports in the firewall for the Ergo node as well as the API."; }; }; }; diff --git a/nixos/modules/services/networking/ergochat.nix b/nixos/modules/services/networking/ergochat.nix index a003512677ebc..b4b4e488fc115 100644 --- a/nixos/modules/services/networking/ergochat.nix +++ b/nixos/modules/services/networking/ergochat.nix @@ -4,12 +4,12 @@ in { options = { services.ergochat = { - enable = lib.mkEnableOption (lib.mdDoc "Ergo IRC daemon"); + enable = lib.mkEnableOption "Ergo IRC daemon"; openFilesLimit = lib.mkOption { type = lib.types.int; default = 1024; - description = lib.mdDoc '' + description = '' Maximum number of open files. Limits the clients and server connections. ''; }; @@ -18,7 +18,7 @@ in { type = lib.types.path; default = (pkgs.formats.yaml {}).generate "ergo.conf" cfg.settings; defaultText = lib.literalMD "generated config file from `settings`"; - description = lib.mdDoc '' + description = '' Path to configuration file. Setting this will skip any configuration done via `settings` ''; @@ -26,7 +26,7 @@ in { settings = lib.mkOption { type = (pkgs.formats.yaml {}).type; - description = lib.mdDoc '' + description = '' Ergo IRC daemon configuration file. https://raw.githubusercontent.com/ergochat/ergo/master/default.yaml ''; diff --git a/nixos/modules/services/networking/eternal-terminal.nix b/nixos/modules/services/networking/eternal-terminal.nix index c6b6b04dcf72e..f4456f4d99c8b 100644 --- a/nixos/modules/services/networking/eternal-terminal.nix +++ b/nixos/modules/services/networking/eternal-terminal.nix @@ -16,12 +16,12 @@ in services.eternal-terminal = { - enable = mkEnableOption (lib.mdDoc "Eternal Terminal server"); + enable = mkEnableOption "Eternal Terminal server"; port = mkOption { default = 2022; type = types.port; - description = lib.mdDoc '' + description = '' The port the server should listen on. Will use the server's default (2022) if not specified. Make sure to open this port in the firewall if necessary. @@ -31,7 +31,7 @@ in verbosity = mkOption { default = 0; type = types.enum (lib.range 0 9); - description = lib.mdDoc '' + description = '' The verbosity level (0-9). ''; }; @@ -39,7 +39,7 @@ in silent = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' If enabled, disables all logging. ''; }; @@ -47,7 +47,7 @@ in logSize = mkOption { default = 20971520; type = types.int; - description = lib.mdDoc '' + description = '' The maximum log size. ''; }; diff --git a/nixos/modules/services/networking/expressvpn.nix b/nixos/modules/services/networking/expressvpn.nix index 05c24d8bccffc..c1d287f57bc2c 100644 --- a/nixos/modules/services/networking/expressvpn.nix +++ b/nixos/modules/services/networking/expressvpn.nix @@ -5,7 +5,7 @@ with lib; options.services.expressvpn.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable the ExpressVPN daemon. ''; }; diff --git a/nixos/modules/services/networking/fakeroute.nix b/nixos/modules/services/networking/fakeroute.nix index faf5879a6ed31..c832a33ffedd7 100644 --- a/nixos/modules/services/networking/fakeroute.nix +++ b/nixos/modules/services/networking/fakeroute.nix @@ -14,7 +14,7 @@ in services.fakeroute = { - enable = lib.mkEnableOption (lib.mdDoc "the fakeroute service"); + enable = lib.mkEnableOption "the fakeroute service"; route = lib.mkOption { type = with lib.types; listOf str; @@ -25,7 +25,7 @@ in "198.116.142.34" "63.199.8.242" ]; - description = lib.mdDoc '' + description = '' Fake route that will appear after the real one to any host running a traceroute. ''; diff --git a/nixos/modules/services/networking/ferm.nix b/nixos/modules/services/networking/ferm.nix index 5ebf7aacb4dbb..91412f53009c1 100644 --- a/nixos/modules/services/networking/ferm.nix +++ b/nixos/modules/services/networking/ferm.nix @@ -20,7 +20,7 @@ in { enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to enable Ferm Firewall. *Warning*: Enabling this service WILL disable the existing NixOS firewall! Default firewall rules provided by packages are not @@ -28,7 +28,7 @@ in { ''; }; config = mkOption { - description = lib.mdDoc "Verbatim ferm.conf configuration."; + description = "Verbatim ferm.conf configuration."; default = ""; defaultText = literalMD "empty firewall, allows any traffic"; type = types.lines; diff --git a/nixos/modules/services/networking/firefox-syncserver.nix b/nixos/modules/services/networking/firefox-syncserver.nix index 71eb2f537acc8..a9fcd883beb07 100644 --- a/nixos/modules/services/networking/firefox-syncserver.nix +++ b/nixos/modules/services/networking/firefox-syncserver.nix @@ -77,7 +77,7 @@ in { options = { services.firefox-syncserver = { - enable = lib.mkEnableOption (lib.mdDoc '' + enable = lib.mkEnableOption '' the Firefox Sync storage service. Out of the box this will not be very useful unless you also configure at least @@ -92,13 +92,13 @@ in ``` {option}`${opt.singleNode.enable}` does this automatically when enabled - ''); + ''; package = lib.mkOption { type = lib.types.package; default = pkgs.syncstorage-rs; defaultText = lib.literalExpression "pkgs.syncstorage-rs"; - description = lib.mdDoc '' + description = '' Package to use. ''; }; @@ -109,7 +109,7 @@ in # behavior ever change. type = lib.types.strMatching "[a-z_][a-z0-9_]*"; default = defaultDatabase; - description = lib.mdDoc '' + description = '' Database to use for storage. Will be created automatically if it does not exist and `config.${opt.database.createLocally}` is set. ''; @@ -118,7 +118,7 @@ in database.user = lib.mkOption { type = lib.types.str; default = defaultUser; - description = lib.mdDoc '' + description = '' Username for database connections. ''; }; @@ -126,7 +126,7 @@ in database.host = lib.mkOption { type = lib.types.str; default = "localhost"; - description = lib.mdDoc '' + description = '' Database host name. `localhost` is treated specially and inserts systemd dependencies, other hostnames or IP addresses of the local machine do not. ''; @@ -135,7 +135,7 @@ in database.createLocally = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to create database and user on the local machine if they do not exist. This includes enabling unix domain socket authentication for the configured user. ''; @@ -144,7 +144,7 @@ in logLevel = lib.mkOption { type = lib.types.str; default = "error"; - description = lib.mdDoc '' + description = '' Log level to run with. This can be a simple log level like `error` or `trace`, or a more complicated logging expression. ''; @@ -152,7 +152,7 @@ in secrets = lib.mkOption { type = lib.types.path; - description = lib.mdDoc '' + description = '' A file containing the various secrets. Should be in the format expected by systemd's `EnvironmentFile` directory. Two secrets are currently available: `SYNC_MASTER_SECRET` and @@ -161,15 +161,15 @@ in }; singleNode = { - enable = lib.mkEnableOption (lib.mdDoc "auto-configuration for a simple single-node setup"); + enable = lib.mkEnableOption "auto-configuration for a simple single-node setup"; - enableTLS = lib.mkEnableOption (lib.mdDoc "automatic TLS setup"); + enableTLS = lib.mkEnableOption "automatic TLS setup"; - enableNginx = lib.mkEnableOption (lib.mdDoc "nginx virtualhost definitions"); + enableNginx = lib.mkEnableOption "nginx virtualhost definitions"; hostname = lib.mkOption { type = lib.types.str; - description = lib.mdDoc '' + description = '' Host name to use for this service. ''; }; @@ -177,7 +177,7 @@ in capacity = lib.mkOption { type = lib.types.ints.unsigned; default = 10; - description = lib.mdDoc '' + description = '' How many sync accounts are allowed on this server. Setting this value equal to or less than the number of currently active accounts will effectively deny service to accounts not yet registered here. @@ -190,7 +190,7 @@ in defaultText = lib.literalExpression '' ''${if cfg.singleNode.enableTLS then "https" else "http"}://''${config.${opt.singleNode.hostname}} ''; - description = lib.mdDoc '' + description = '' URL of the host. If you are not using the automatic webserver proxy setup you will have to change this setting or your sync server may not be functional. ''; @@ -205,7 +205,7 @@ in port = lib.mkOption { type = lib.types.port; default = 5000; - description = lib.mdDoc '' + description = '' Port to bind to. ''; }; @@ -213,14 +213,14 @@ in tokenserver.enabled = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable the token service as well. ''; }; }; }; default = { }; - description = lib.mdDoc '' + description = '' Settings for the sync server. These take priority over values computed from NixOS options. diff --git a/nixos/modules/services/networking/fireqos.nix b/nixos/modules/services/networking/fireqos.nix index b7f51a89c0e13..0b34f0b6b8b48 100644 --- a/nixos/modules/services/networking/fireqos.nix +++ b/nixos/modules/services/networking/fireqos.nix @@ -10,7 +10,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' If enabled, FireQOS will be launched with the specified configuration given in `config`. ''; @@ -28,7 +28,7 @@ in { class web commit 50kbit match tcp ports 80,443 ''; - description = lib.mdDoc '' + description = '' The FireQOS configuration goes here. ''; }; diff --git a/nixos/modules/services/networking/firewall-iptables.nix b/nixos/modules/services/networking/firewall-iptables.nix index 2d11517700086..91756f826fe81 100644 --- a/nixos/modules/services/networking/firewall-iptables.nix +++ b/nixos/modules/services/networking/firewall-iptables.nix @@ -260,7 +260,7 @@ in type = types.lines; default = ""; example = "iptables -A INPUT -p icmp -j ACCEPT"; - description = lib.mdDoc '' + description = '' Additional shell commands executed as part of the firewall initialisation script. These are executed just before the final "reject" firewall rule is added, so they can be used @@ -274,7 +274,7 @@ in type = types.lines; default = ""; example = "iptables -P INPUT ACCEPT"; - description = lib.mdDoc '' + description = '' Additional shell commands executed as part of the firewall shutdown script. These are executed just after the removal of the NixOS input rule, or if the service enters a failed diff --git a/nixos/modules/services/networking/firewall-nftables.nix b/nixos/modules/services/networking/firewall-nftables.nix index 7c7136cc96f10..de336113843ef 100644 --- a/nixos/modules/services/networking/firewall-nftables.nix +++ b/nixos/modules/services/networking/firewall-nftables.nix @@ -26,7 +26,7 @@ in type = types.lines; default = ""; example = "ip6 saddr { fc00::/7, fe80::/10 } tcp dport 24800 accept"; - description = lib.mdDoc '' + description = '' Additional nftables rules to be appended to the input-allow chain. @@ -38,7 +38,7 @@ in type = types.lines; default = ""; example = "iifname wg0 accept"; - description = lib.mdDoc '' + description = '' Additional nftables rules to be appended to the forward-allow chain. diff --git a/nixos/modules/services/networking/firewall.nix b/nixos/modules/services/networking/firewall.nix index ac02a93836b84..a35cc51a38705 100644 --- a/nixos/modules/services/networking/firewall.nix +++ b/nixos/modules/services/networking/firewall.nix @@ -15,7 +15,7 @@ let default = [ ]; apply = canonicalizePortList; example = [ 22 80 ]; - description = lib.mdDoc '' + description = '' List of TCP ports on which incoming connections are accepted. ''; @@ -25,7 +25,7 @@ let type = types.listOf (types.attrsOf types.port); default = [ ]; example = [{ from = 8999; to = 9003; }]; - description = lib.mdDoc '' + description = '' A range of TCP ports on which incoming connections are accepted. ''; @@ -36,7 +36,7 @@ let default = [ ]; apply = canonicalizePortList; example = [ 53 ]; - description = lib.mdDoc '' + description = '' List of open UDP ports. ''; }; @@ -45,7 +45,7 @@ let type = types.listOf (types.attrsOf types.port); default = [ ]; example = [{ from = 60000; to = 61000; }]; - description = lib.mdDoc '' + description = '' Range of open UDP ports. ''; }; @@ -61,7 +61,7 @@ in enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable the firewall. This is a simple stateful firewall that blocks connection attempts to unauthorised TCP or UDP ports on this machine. @@ -73,7 +73,7 @@ in default = if config.networking.nftables.enable then pkgs.nftables else pkgs.iptables; defaultText = literalExpression ''if config.networking.nftables.enable then "pkgs.nftables" else "pkgs.iptables"''; example = literalExpression "pkgs.iptables-legacy"; - description = lib.mdDoc '' + description = '' The package to use for running the firewall service. ''; }; @@ -81,7 +81,7 @@ in logRefusedConnections = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to log rejected or dropped incoming connections. Note: The logs are found in the kernel logs, i.e. dmesg or journalctl -k. @@ -91,7 +91,7 @@ in logRefusedPackets = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to log all rejected or dropped incoming packets. This tends to give a lot of log messages, so it's mostly useful for debugging. @@ -103,7 +103,7 @@ in logRefusedUnicastsOnly = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' If {option}`networking.firewall.logRefusedPackets` and this option are enabled, then only log packets specifically directed at this machine, i.e., not broadcasts @@ -114,7 +114,7 @@ in rejectPackets = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' If set, refused packets are rejected rather than dropped (ignored). This means that an ICMP "port unreachable" error message is sent back to the client (or a TCP RST packet in @@ -127,7 +127,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "enp0s2" ]; - description = lib.mdDoc '' + description = '' Traffic coming in from these interfaces will be accepted unconditionally. Traffic from the loopback (lo) interface will always be accepted. @@ -137,7 +137,7 @@ in allowPing = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to respond to incoming ICMPv4 echo requests ("pings"). ICMPv6 pings are always allowed because the larger address space of IPv6 makes network scanning much @@ -149,7 +149,7 @@ in type = types.nullOr (types.separatedString " "); default = null; example = "--limit 1/minute --limit-burst 5"; - description = lib.mdDoc '' + description = '' If pings are allowed, this allows setting rate limits on them. For the iptables based firewall, it should be set like @@ -165,7 +165,7 @@ in default = true; defaultText = literalMD "`true` except if the iptables based firewall is in use and the kernel lacks rpfilter support"; example = "loose"; - description = lib.mdDoc '' + description = '' Performs a reverse path filter test on a packet. If a reply to the packet would not be sent via the same interface that the packet arrived on, it is refused. @@ -183,7 +183,7 @@ in logReversePathDrops = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Logs dropped packets failing the reverse path filter test if the option networking.firewall.checkReversePath is enabled. ''; @@ -192,7 +192,7 @@ in filterForward = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable filtering in IP forwarding. This option only works with the nftables based firewall. @@ -203,7 +203,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "ftp" "irc" "sane" "sip" "tftp" "amanda" "h323" "netbios_sn" "pptp" "snmp" ]; - description = lib.mdDoc '' + description = '' List of connection-tracking helpers that are auto-loaded. The complete list of possible values is given in the example. @@ -222,7 +222,7 @@ in autoLoadConntrackHelpers = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to auto-load connection-tracking helpers. See the description at networking.firewall.connectionTrackingModules @@ -234,7 +234,7 @@ in type = types.listOf types.package; default = [ ]; example = literalExpression "[ pkgs.ipset ]"; - description = lib.mdDoc '' + description = '' Additional packages to be included in the environment of the system as well as the path of networking.firewall.extraCommands. ''; @@ -243,7 +243,7 @@ in interfaces = mkOption { default = { }; type = with types; attrsOf (submodule [{ options = commonOptions; }]); - description = lib.mdDoc '' + description = '' Interface-specific open ports. ''; }; @@ -253,7 +253,7 @@ in visible = false; default = { default = mapAttrs (name: value: cfg.${name}) commonOptions; } // cfg.interfaces; type = with types; attrsOf (submodule [{ options = commonOptions; }]); - description = lib.mdDoc '' + description = '' All open ports. ''; }; diff --git a/nixos/modules/services/networking/flannel.nix b/nixos/modules/services/networking/flannel.nix index 2c2b6dc58cce6..c55557b668b84 100644 --- a/nixos/modules/services/networking/flannel.nix +++ b/nixos/modules/services/networking/flannel.nix @@ -14,12 +14,12 @@ let }; in { options.services.flannel = { - enable = mkEnableOption (lib.mdDoc "flannel"); + enable = mkEnableOption "flannel"; package = mkPackageOption pkgs "flannel" { }; publicIp = mkOption { - description = lib.mdDoc '' + description = '' IP accessible by other nodes for inter-host communication. Defaults to the IP of the interface being used for communication. ''; @@ -28,7 +28,7 @@ in { }; iface = mkOption { - description = lib.mdDoc '' + description = '' Interface to use (IP or name) for inter-host communication. Defaults to the interface for the default route on the machine. ''; @@ -38,38 +38,38 @@ in { etcd = { endpoints = mkOption { - description = lib.mdDoc "Etcd endpoints"; + description = "Etcd endpoints"; type = types.listOf types.str; default = ["http://127.0.0.1:2379"]; }; prefix = mkOption { - description = lib.mdDoc "Etcd key prefix"; + description = "Etcd key prefix"; type = types.str; default = "/coreos.com/network"; }; caFile = mkOption { - description = lib.mdDoc "Etcd certificate authority file"; + description = "Etcd certificate authority file"; type = types.nullOr types.path; default = null; }; certFile = mkOption { - description = lib.mdDoc "Etcd cert file"; + description = "Etcd cert file"; type = types.nullOr types.path; default = null; }; keyFile = mkOption { - description = lib.mdDoc "Etcd key file"; + description = "Etcd key file"; type = types.nullOr types.path; default = null; }; }; kubeconfig = mkOption { - description = lib.mdDoc '' + description = '' Path to kubeconfig to use for storing flannel config using the Kubernetes API ''; @@ -78,12 +78,12 @@ in { }; network = mkOption { - description = lib.mdDoc " IPv4 network in CIDR format to use for the entire flannel network."; + description = " IPv4 network in CIDR format to use for the entire flannel network."; type = types.str; }; nodeName = mkOption { - description = lib.mdDoc '' + description = '' Needed when running with Kubernetes as backend as this cannot be auto-detected"; ''; type = types.nullOr types.str; @@ -93,13 +93,13 @@ in { }; storageBackend = mkOption { - description = lib.mdDoc "Determines where flannel stores its configuration at runtime"; + description = "Determines where flannel stores its configuration at runtime"; type = types.enum ["etcd" "kubernetes"]; default = "etcd"; }; subnetLen = mkOption { - description = lib.mdDoc '' + description = '' The size of the subnet allocated to each host. Defaults to 24 (i.e. /24) unless the Network was configured to be smaller than a /24 in which case it is one less than the network. @@ -109,7 +109,7 @@ in { }; subnetMin = mkOption { - description = lib.mdDoc '' + description = '' The beginning of IP range which the subnet allocation should start with. Defaults to the first subnet of Network. ''; @@ -118,7 +118,7 @@ in { }; subnetMax = mkOption { - description = lib.mdDoc '' + description = '' The end of IP range which the subnet allocation should start with. Defaults to the last subnet of Network. ''; @@ -127,7 +127,7 @@ in { }; backend = mkOption { - description = lib.mdDoc "Type of backend to use and specific configurations for that backend."; + description = "Type of backend to use and specific configurations for that backend."; type = types.attrs; default = { Type = "vxlan"; diff --git a/nixos/modules/services/networking/freenet.nix b/nixos/modules/services/networking/freenet.nix index e1737e820a519..3da3ab0c7df48 100644 --- a/nixos/modules/services/networking/freenet.nix +++ b/nixos/modules/services/networking/freenet.nix @@ -22,13 +22,13 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable the Freenet daemon"; + description = "Enable the Freenet daemon"; }; nice = mkOption { type = types.int; default = 10; - description = lib.mdDoc "Set the nice level for the Freenet daemon"; + description = "Set the nice level for the Freenet daemon"; }; }; diff --git a/nixos/modules/services/networking/freeradius.nix b/nixos/modules/services/networking/freeradius.nix index 419a683cb774d..7fa3a8fa17fa7 100644 --- a/nixos/modules/services/networking/freeradius.nix +++ b/nixos/modules/services/networking/freeradius.nix @@ -33,12 +33,12 @@ let }; freeradiusConfig = { - enable = mkEnableOption (lib.mdDoc "the freeradius server"); + enable = mkEnableOption "the freeradius server"; configDir = mkOption { type = types.path; default = "/etc/raddb"; - description = lib.mdDoc '' + description = '' The path of the freeradius server configuration directory. ''; }; @@ -46,7 +46,7 @@ let debug = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable debug logging for freeradius (-xx option). This should not be left on, since it includes sensitive data such as passwords in the logs. diff --git a/nixos/modules/services/networking/frp.nix b/nixos/modules/services/networking/frp.nix index eb022308bc29f..fc15efe5642db 100644 --- a/nixos/modules/services/networking/frp.nix +++ b/nixos/modules/services/networking/frp.nix @@ -12,13 +12,13 @@ in { options = { services.frp = { - enable = mkEnableOption (mdDoc "frp"); + enable = mkEnableOption "frp"; package = mkPackageOption pkgs "frp" { }; role = mkOption { type = types.enum [ "server" "client" ]; - description = mdDoc '' + description = '' The frp consists of `client` and `server`. The server is usually deployed on the machine with a public IP address, and the client is usually deployed on the machine @@ -29,7 +29,7 @@ in settings = mkOption { type = settingsFormat.type; default = { }; - description = mdDoc '' + description = '' Frp configuration, for configuration options see the example of [client](https://github.com/fatedier/frp/blob/dev/conf/frpc_full_example.toml) or [server](https://github.com/fatedier/frp/blob/dev/conf/frps_full_example.toml) on github. diff --git a/nixos/modules/services/networking/frr.nix b/nixos/modules/services/networking/frr.nix index 8488a4e4ef481..7f611ce7b1c7d 100644 --- a/nixos/modules/services/networking/frr.nix +++ b/nixos/modules/services/networking/frr.nix @@ -52,13 +52,13 @@ let serviceOptions = service: { - enable = mkEnableOption (lib.mdDoc "the FRR ${toUpper service} routing protocol"); + enable = mkEnableOption "the FRR ${toUpper service} routing protocol"; configFile = mkOption { type = types.nullOr types.path; default = null; example = "/etc/frr/${daemonName service}.conf"; - description = lib.mdDoc '' + description = '' Configuration file to use for FRR ${daemonName service}. By default the NixOS generated files are used. ''; @@ -87,7 +87,7 @@ let }; in examples.${service} or ""; - description = lib.mdDoc '' + description = '' ${daemonName service} configuration statements. ''; }; @@ -95,7 +95,7 @@ let vtyListenAddress = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc '' + description = '' Address to bind to for the VTY interface. ''; }; @@ -103,7 +103,7 @@ let vtyListenPort = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' TCP Port to bind to for the VTY interface. ''; }; @@ -111,7 +111,7 @@ let extraOptions = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' Extra options for the daemon. ''; }; @@ -129,7 +129,7 @@ in enable = mkOption { type = types.bool; default = any isEnabled services; - description = lib.mdDoc '' + description = '' Whether to enable the Zebra routing manager. The Zebra routing manager is automatically enabled diff --git a/nixos/modules/services/networking/gateone.nix b/nixos/modules/services/networking/gateone.nix index ac3f3c9bbf2cf..e68f8a47d5c0d 100644 --- a/nixos/modules/services/networking/gateone.nix +++ b/nixos/modules/services/networking/gateone.nix @@ -6,16 +6,16 @@ in { options = { services.gateone = { - enable = mkEnableOption (lib.mdDoc "GateOne server"); + enable = mkEnableOption "GateOne server"; pidDir = mkOption { default = "/run/gateone"; type = types.path; - description = lib.mdDoc "Path of pid files for GateOne."; + description = "Path of pid files for GateOne."; }; settingsDir = mkOption { default = "/var/lib/gateone"; type = types.path; - description = lib.mdDoc "Path of configuration files for GateOne."; + description = "Path of configuration files for GateOne."; }; }; }; diff --git a/nixos/modules/services/networking/gdomap.nix b/nixos/modules/services/networking/gdomap.nix index 53ea8b6875d8e..3d829cb691353 100644 --- a/nixos/modules/services/networking/gdomap.nix +++ b/nixos/modules/services/networking/gdomap.nix @@ -8,7 +8,7 @@ with lib; # options = { services.gdomap = { - enable = mkEnableOption (lib.mdDoc "GNUstep Distributed Objects name server"); + enable = mkEnableOption "GNUstep Distributed Objects name server"; }; }; diff --git a/nixos/modules/services/networking/ghostunnel.nix b/nixos/modules/services/networking/ghostunnel.nix index d5e2ff19ce50d..b8d3cc3629790 100644 --- a/nixos/modules/services/networking/ghostunnel.nix +++ b/nixos/modules/services/networking/ghostunnel.nix @@ -24,21 +24,21 @@ let options = { listen = mkOption { - description = lib.mdDoc '' + description = '' Address and port to listen on (can be HOST:PORT, unix:PATH). ''; type = types.str; }; target = mkOption { - description = lib.mdDoc '' + description = '' Address to forward connections to (can be HOST:PORT or unix:PATH). ''; type = types.str; }; keystore = mkOption { - description = lib.mdDoc '' + description = '' Path to keystore (combined PEM with cert/key, or PKCS12 keystore). NB: storepass is not supported because it would expose credentials via `/proc/*/cmdline`. @@ -50,7 +50,7 @@ let }; cert = mkOption { - description = lib.mdDoc '' + description = '' Path to certificate (PEM with certificate chain). Not required if `keystore` is set. @@ -60,7 +60,7 @@ let }; key = mkOption { - description = lib.mdDoc '' + description = '' Path to certificate private key (PEM with private key). Not required if `keystore` is set. @@ -70,14 +70,14 @@ let }; cacert = mkOption { - description = lib.mdDoc '' + description = '' Path to CA bundle file (PEM/X509). Uses system trust store if `null`. ''; type = types.nullOr types.str; }; disableAuthentication = mkOption { - description = lib.mdDoc '' + description = '' Disable client authentication, no client certificate will be required. ''; type = types.bool; @@ -85,7 +85,7 @@ let }; allowAll = mkOption { - description = lib.mdDoc '' + description = '' If true, allow all clients, do not check client cert subject. ''; type = types.bool; @@ -93,7 +93,7 @@ let }; allowCN = mkOption { - description = lib.mdDoc '' + description = '' Allow client if common name appears in the list. ''; type = types.listOf types.str; @@ -101,7 +101,7 @@ let }; allowOU = mkOption { - description = lib.mdDoc '' + description = '' Allow client if organizational unit name appears in the list. ''; type = types.listOf types.str; @@ -109,7 +109,7 @@ let }; allowDNS = mkOption { - description = lib.mdDoc '' + description = '' Allow client if DNS subject alternative name appears in the list. ''; type = types.listOf types.str; @@ -117,7 +117,7 @@ let }; allowURI = mkOption { - description = lib.mdDoc '' + description = '' Allow client if URI subject alternative name appears in the list. ''; type = types.listOf types.str; @@ -125,13 +125,13 @@ let }; extraArguments = mkOption { - description = lib.mdDoc "Extra arguments to pass to `ghostunnel server`"; + description = "Extra arguments to pass to `ghostunnel server`"; type = types.separatedString " "; default = ""; }; unsafeTarget = mkOption { - description = lib.mdDoc '' + description = '' If set, does not limit target to localhost, 127.0.0.1, [::1], or UNIX sockets. This is meant to protect against accidental unencrypted traffic on @@ -214,12 +214,12 @@ in { options = { - services.ghostunnel.enable = mkEnableOption (lib.mdDoc "ghostunnel"); + services.ghostunnel.enable = mkEnableOption "ghostunnel"; services.ghostunnel.package = mkPackageOption pkgs "ghostunnel" { }; services.ghostunnel.servers = mkOption { - description = lib.mdDoc '' + description = '' Server mode ghostunnels (TLS listener -> plain TCP/UNIX target) ''; type = types.attrsOf (types.submodule module); diff --git a/nixos/modules/services/networking/git-daemon.nix b/nixos/modules/services/networking/git-daemon.nix index 80b15eedbbd4e..6be72505c216e 100644 --- a/nixos/modules/services/networking/git-daemon.nix +++ b/nixos/modules/services/networking/git-daemon.nix @@ -15,7 +15,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable Git daemon, which allows public hosting of git repositories without any access controls. This is mostly intended for read-only access. @@ -31,7 +31,7 @@ in type = types.str; default = ""; example = "/srv/git/"; - description = lib.mdDoc '' + description = '' Remap all the path requests as relative to the given path. For example, if you set base-path to /srv/git, then if you later try to pull git://example.com/hello.git, Git daemon will interpret the path as /srv/git/hello.git. @@ -41,7 +41,7 @@ in exportAll = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Publish all directories that look like Git repositories (have the objects and refs subdirectories), even if they do not have the git-daemon-export-ok file. @@ -57,7 +57,7 @@ in type = types.listOf types.str; default = []; example = [ "/srv/git" "/home/user/git/repo2" ]; - description = lib.mdDoc '' + description = '' A whitelist of paths of git repositories, or directories containing repositories all of which would be published. Paths must not end in "/". @@ -70,31 +70,31 @@ in type = types.str; default = ""; example = "example.com"; - description = lib.mdDoc "Listen on a specific IP address or hostname."; + description = "Listen on a specific IP address or hostname."; }; port = mkOption { type = types.port; default = 9418; - description = lib.mdDoc "Port to listen on."; + description = "Port to listen on."; }; options = mkOption { type = types.str; default = ""; - description = lib.mdDoc "Extra configuration options to be passed to Git daemon."; + description = "Extra configuration options to be passed to Git daemon."; }; user = mkOption { type = types.str; default = "git"; - description = lib.mdDoc "User under which Git daemon would be running."; + description = "User under which Git daemon would be running."; }; group = mkOption { type = types.str; default = "git"; - description = lib.mdDoc "Group under which Git daemon would be running."; + description = "Group under which Git daemon would be running."; }; }; diff --git a/nixos/modules/services/networking/globalprotect-vpn.nix b/nixos/modules/services/networking/globalprotect-vpn.nix index 36aa937804025..4292bba78f767 100644 --- a/nixos/modules/services/networking/globalprotect-vpn.nix +++ b/nixos/modules/services/networking/globalprotect-vpn.nix @@ -14,10 +14,10 @@ in { options.services.globalprotect = { - enable = mkEnableOption (lib.mdDoc "globalprotect"); + enable = mkEnableOption "globalprotect"; settings = mkOption { - description = lib.mdDoc '' + description = '' GlobalProtect-openconnect configuration. For more information, visit <https://github.com/yuezk/GlobalProtect-openconnect/wiki/Configuration>. ''; @@ -31,7 +31,7 @@ in }; csdWrapper = mkOption { - description = lib.mdDoc '' + description = '' A script that will produce a Host Integrity Protection (HIP) report, as described at <https://www.infradead.org/openconnect/hip.html> ''; diff --git a/nixos/modules/services/networking/gns3-server.nix b/nixos/modules/services/networking/gns3-server.nix index 25583765de672..ba0d6be30f499 100644 --- a/nixos/modules/services/networking/gns3-server.nix +++ b/nixos/modules/services/networking/gns3-server.nix @@ -14,25 +14,25 @@ in { options = { services.gns3-server = { - enable = lib.mkEnableOption (lib.mdDoc "GNS3 Server daemon"); + enable = lib.mkEnableOption "GNS3 Server daemon"; package = lib.mkPackageOptionMD pkgs "gns3-server" { }; auth = { - enable = lib.mkEnableOption (lib.mdDoc "password based HTTP authentication to access the GNS3 Server"); + enable = lib.mkEnableOption "password based HTTP authentication to access the GNS3 Server"; user = lib.mkOption { type = lib.types.nullOr lib.types.str; default = null; example = "gns3"; - description = lib.mdDoc ''Username used to access the GNS3 Server.''; + description = ''Username used to access the GNS3 Server.''; }; passwordFile = lib.mkOption { type = lib.types.nullOr lib.types.path; default = null; example = "/run/secrets/gns3-server-password"; - description = lib.mdDoc '' + description = '' A file containing the password to access the GNS3 Server. ::: {.warning} @@ -47,7 +47,7 @@ in { type = lib.types.submodule { freeformType = settingsFormat.type; }; default = {}; example = { host = "127.0.0.1"; port = 3080; }; - description = lib.mdDoc '' + description = '' The global options in `config` file in ini format. Refer to <https://docs.gns3.com/docs/using-gns3/administration/gns3-server-configuration-file/> @@ -59,20 +59,20 @@ in { file = lib.mkOption { type = lib.types.nullOr lib.types.path; default = "/var/log/gns3/server.log"; - description = lib.mdDoc ''Path of the file GNS3 Server should log to.''; + description = ''Path of the file GNS3 Server should log to.''; }; - debug = lib.mkEnableOption (lib.mdDoc "debug logging"); + debug = lib.mkEnableOption "debug logging"; }; ssl = { - enable = lib.mkEnableOption (lib.mdDoc "SSL encryption"); + enable = lib.mkEnableOption "SSL encryption"; certFile = lib.mkOption { type = lib.types.nullOr lib.types.path; default = null; example = "/var/lib/gns3/ssl/server.pem"; - description = lib.mdDoc '' + description = '' Path to the SSL certificate file. This certificate will be offered to, and may be verified by, clients. ''; @@ -82,22 +82,22 @@ in { type = lib.types.nullOr lib.types.path; default = null; example = "/var/lib/gns3/ssl/server.key"; - description = lib.mdDoc "Private key file for the certificate."; + description = "Private key file for the certificate."; }; }; dynamips = { - enable = lib.mkEnableOption (lib.mdDoc ''Whether to enable Dynamips support.''); + enable = lib.mkEnableOption ''Whether to enable Dynamips support.''; package = lib.mkPackageOptionMD pkgs "dynamips" { }; }; ubridge = { - enable = lib.mkEnableOption (lib.mdDoc ''Whether to enable uBridge support.''); + enable = lib.mkEnableOption ''Whether to enable uBridge support.''; package = lib.mkPackageOptionMD pkgs "ubridge" { }; }; vpcs = { - enable = lib.mkEnableOption (lib.mdDoc ''Whether to enable VPCS support.''); + enable = lib.mkEnableOption ''Whether to enable VPCS support.''; package = lib.mkPackageOptionMD pkgs "vpcs" { }; }; }; diff --git a/nixos/modules/services/networking/gnunet.nix b/nixos/modules/services/networking/gnunet.nix index a235f1605e54f..cfe1e1709142e 100644 --- a/nixos/modules/services/networking/gnunet.nix +++ b/nixos/modules/services/networking/gnunet.nix @@ -47,7 +47,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to run the GNUnet daemon. GNUnet is GNU's anonymous peer-to-peer communication and file sharing framework. ''; @@ -57,7 +57,7 @@ in quota = mkOption { type = types.int; default = 1024; - description = lib.mdDoc '' + description = '' Maximum file system usage (in MiB) for file sharing. ''; }; @@ -67,7 +67,7 @@ in port = mkOption { type = types.port; default = 2086; # assigned by IANA - description = lib.mdDoc '' + description = '' The UDP port for use by GNUnet. ''; }; @@ -77,7 +77,7 @@ in port = mkOption { type = types.port; default = 2086; # assigned by IANA - description = lib.mdDoc '' + description = '' The TCP port for use by GNUnet. ''; }; @@ -87,7 +87,7 @@ in maxNetDownBandwidth = mkOption { type = types.int; default = 50000; - description = lib.mdDoc '' + description = '' Maximum bandwidth usage (in bits per second) for GNUnet when downloading data. ''; @@ -96,7 +96,7 @@ in maxNetUpBandwidth = mkOption { type = types.int; default = 50000; - description = lib.mdDoc '' + description = '' Maximum bandwidth usage (in bits per second) for GNUnet when downloading data. ''; @@ -105,7 +105,7 @@ in hardNetUpBandwidth = mkOption { type = types.int; default = 0; - description = lib.mdDoc '' + description = '' Hard bandwidth limit (in bits per second) when uploading data. ''; @@ -119,7 +119,7 @@ in extraOptions = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Additional options that will be copied verbatim in `gnunet.conf`. See {manpage}`gnunet.conf(5)` for details. ''; diff --git a/nixos/modules/services/networking/go-autoconfig.nix b/nixos/modules/services/networking/go-autoconfig.nix index 07c628ae2cadf..2fc7c53218ca4 100644 --- a/nixos/modules/services/networking/go-autoconfig.nix +++ b/nixos/modules/services/networking/go-autoconfig.nix @@ -12,11 +12,11 @@ in { options = { services.go-autoconfig = { - enable = mkEnableOption (mdDoc "IMAP/SMTP autodiscover feature for mail clients"); + enable = mkEnableOption "IMAP/SMTP autodiscover feature for mail clients"; settings = mkOption { default = { }; - description = mdDoc '' + description = '' Configuration for go-autoconfig. See <https://github.com/L11R/go-autoconfig/blob/master/config.yml> for more information. diff --git a/nixos/modules/services/networking/go-neb.nix b/nixos/modules/services/networking/go-neb.nix index 78d24ecf17d98..ae414509162b2 100644 --- a/nixos/modules/services/networking/go-neb.nix +++ b/nixos/modules/services/networking/go-neb.nix @@ -9,11 +9,11 @@ let configFile = settingsFormat.generate "config.yaml" cfg.config; in { options.services.go-neb = { - enable = mkEnableOption (lib.mdDoc "an extensible matrix bot written in Go"); + enable = mkEnableOption "an extensible matrix bot written in Go"; bindAddress = mkOption { type = types.str; - description = lib.mdDoc "Port (and optionally address) to listen on."; + description = "Port (and optionally address) to listen on."; default = ":4050"; }; @@ -21,7 +21,7 @@ in { type = types.nullOr types.path; default = null; example = "/run/keys/go-neb.env"; - description = lib.mdDoc '' + description = '' Environment variables from this file will be interpolated into the final config file using envsubst with this syntax: `$ENVIRONMENT` or `''${VARIABLE}`. @@ -32,12 +32,12 @@ in { baseUrl = mkOption { type = types.str; - description = lib.mdDoc "Public-facing endpoint that can receive webhooks."; + description = "Public-facing endpoint that can receive webhooks."; }; config = mkOption { inherit (settingsFormat) type; - description = lib.mdDoc '' + description = '' Your {file}`config.yaml` as a Nix attribute set. See [config.sample.yaml](https://github.com/matrix-org/go-neb/blob/master/config.sample.yaml) for possible options. diff --git a/nixos/modules/services/networking/go-shadowsocks2.nix b/nixos/modules/services/networking/go-shadowsocks2.nix index d9c4a2421d722..afbd7ea27c65c 100644 --- a/nixos/modules/services/networking/go-shadowsocks2.nix +++ b/nixos/modules/services/networking/go-shadowsocks2.nix @@ -5,11 +5,11 @@ let cfg = config.services.go-shadowsocks2.server; in { options.services.go-shadowsocks2.server = { - enable = mkEnableOption (lib.mdDoc "go-shadowsocks2 server"); + enable = mkEnableOption "go-shadowsocks2 server"; listenAddress = mkOption { type = types.str; - description = lib.mdDoc "Server listen address or URL"; + description = "Server listen address or URL"; example = "ss://AEAD_CHACHA20_POLY1305:your-password@:8488"; }; }; diff --git a/nixos/modules/services/networking/gobgpd.nix b/nixos/modules/services/networking/gobgpd.nix index b22242edaade7..e5d8c190b9118 100644 --- a/nixos/modules/services/networking/gobgpd.nix +++ b/nixos/modules/services/networking/gobgpd.nix @@ -8,12 +8,12 @@ let confFile = format.generate "gobgpd.conf" cfg.settings; in { options.services.gobgpd = { - enable = mkEnableOption (lib.mdDoc "GoBGP Routing Daemon"); + enable = mkEnableOption "GoBGP Routing Daemon"; settings = mkOption { type = format.type; default = { }; - description = lib.mdDoc '' + description = '' GoBGP configuration. Refer to <https://github.com/osrg/gobgp#documentation> for details on supported values. diff --git a/nixos/modules/services/networking/gvpe.nix b/nixos/modules/services/networking/gvpe.nix index 558f499022c81..275146ada2d0f 100644 --- a/nixos/modules/services/networking/gvpe.nix +++ b/nixos/modules/services/networking/gvpe.nix @@ -42,12 +42,12 @@ in { options = { services.gvpe = { - enable = lib.mkEnableOption (lib.mdDoc "gvpe"); + enable = lib.mkEnableOption "gvpe"; nodename = mkOption { default = null; type = types.nullOr types.str; - description =lib.mdDoc '' + description = '' GVPE node name ''; }; @@ -68,7 +68,7 @@ in on alpha if-up = if-up-0 on alpha pid-file = /var/gvpe/gvpe.pid ''; - description = lib.mdDoc '' + description = '' GVPE config contents ''; }; @@ -76,14 +76,14 @@ in default = null; type = types.nullOr types.path; example = "/root/my-gvpe-conf"; - description = lib.mdDoc '' + description = '' GVPE config file, if already present ''; }; ipAddress = mkOption { default = null; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' IP address to assign to GVPE interface ''; }; @@ -91,14 +91,14 @@ in default = null; type = types.nullOr types.str; example = "10.0.0.0/8"; - description = lib.mdDoc '' + description = '' IP subnet assigned to GVPE network ''; }; customIFSetup = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Additional commands to apply in ifup script ''; }; diff --git a/nixos/modules/services/networking/hans.nix b/nixos/modules/services/networking/hans.nix index 3ea95b3bdae97..00d276bcdf60a 100644 --- a/nixos/modules/services/networking/hans.nix +++ b/nixos/modules/services/networking/hans.nix @@ -19,7 +19,7 @@ in services.hans = { clients = mkOption { default = {}; - description = lib.mdDoc '' + description = '' Each attribute of this option defines a systemd service that runs hans. Many or none may be defined. The name of each service is @@ -41,21 +41,21 @@ in server = mkOption { type = types.str; default = ""; - description = lib.mdDoc "IP address of server running hans"; + description = "IP address of server running hans"; example = "192.0.2.1"; }; extraConfig = mkOption { type = types.str; default = ""; - description = lib.mdDoc "Additional command line parameters"; + description = "Additional command line parameters"; example = "-v"; }; passwordFile = mkOption { type = types.str; default = ""; - description = lib.mdDoc "File that contains password"; + description = "File that contains password"; }; }; @@ -66,33 +66,33 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "enable hans server"; + description = "enable hans server"; }; ip = mkOption { type = types.str; default = ""; - description = lib.mdDoc "The assigned ip range"; + description = "The assigned ip range"; example = "198.51.100.0"; }; respondToSystemPings = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Force hans respond to ordinary pings"; + description = "Force hans respond to ordinary pings"; }; extraConfig = mkOption { type = types.str; default = ""; - description = lib.mdDoc "Additional command line parameters"; + description = "Additional command line parameters"; example = "-v"; }; passwordFile = mkOption { type = types.str; default = ""; - description = lib.mdDoc "File that contains password"; + description = "File that contains password"; }; }; diff --git a/nixos/modules/services/networking/haproxy.nix b/nixos/modules/services/networking/haproxy.nix index a2f3be6c49cef..c764b447b0cb9 100644 --- a/nixos/modules/services/networking/haproxy.nix +++ b/nixos/modules/services/networking/haproxy.nix @@ -17,26 +17,26 @@ with lib; options = { services.haproxy = { - enable = mkEnableOption (lib.mdDoc "HAProxy, the reliable, high performance TCP/HTTP load balancer."); + enable = mkEnableOption "HAProxy, the reliable, high performance TCP/HTTP load balancer."; package = mkPackageOption pkgs "haproxy" { }; user = mkOption { type = types.str; default = "haproxy"; - description = lib.mdDoc "User account under which haproxy runs."; + description = "User account under which haproxy runs."; }; group = mkOption { type = types.str; default = "haproxy"; - description = lib.mdDoc "Group account under which haproxy runs."; + description = "Group account under which haproxy runs."; }; config = mkOption { type = types.nullOr types.lines; default = null; - description = lib.mdDoc '' + description = '' Contents of the HAProxy configuration file, {file}`haproxy.conf`. ''; diff --git a/nixos/modules/services/networking/harmonia.nix b/nixos/modules/services/networking/harmonia.nix index b384ac9261376..629ee436e63d8 100644 --- a/nixos/modules/services/networking/harmonia.nix +++ b/nixos/modules/services/networking/harmonia.nix @@ -6,12 +6,12 @@ in { options = { services.harmonia = { - enable = lib.mkEnableOption (lib.mdDoc "Harmonia: Nix binary cache written in Rust"); + enable = lib.mkEnableOption "Harmonia: Nix binary cache written in Rust"; signKeyPath = lib.mkOption { type = lib.types.nullOr lib.types.path; default = null; - description = lib.mdDoc "Path to the signing key that will be used for signing the cache"; + description = "Path to the signing key that will be used for signing the cache"; }; package = lib.mkPackageOption pkgs "harmonia" { }; @@ -19,7 +19,7 @@ in settings = lib.mkOption { inherit (format) type; default = { }; - description = lib.mdDoc '' + description = '' Settings to merge with the default configuration. For the list of the default configuration, see <https://github.com/nix-community/harmonia/tree/master#configuration>. ''; diff --git a/nixos/modules/services/networking/headscale.nix b/nixos/modules/services/networking/headscale.nix index 0159da37de872..ea66faeabbf28 100644 --- a/nixos/modules/services/networking/headscale.nix +++ b/nixos/modules/services/networking/headscale.nix @@ -15,14 +15,14 @@ with lib; let in { options = { services.headscale = { - enable = mkEnableOption (lib.mdDoc "headscale, Open Source coordination server for Tailscale"); + enable = mkEnableOption "headscale, Open Source coordination server for Tailscale"; package = mkPackageOption pkgs "headscale" { }; user = mkOption { default = "headscale"; type = types.str; - description = lib.mdDoc '' + description = '' User account under which headscale runs. ::: {.note} @@ -36,7 +36,7 @@ in { group = mkOption { default = "headscale"; type = types.str; - description = lib.mdDoc '' + description = '' Group under which headscale runs. ::: {.note} @@ -50,7 +50,7 @@ in { address = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc '' + description = '' Listening address of headscale. ''; example = "0.0.0.0"; @@ -59,14 +59,14 @@ in { port = mkOption { type = types.port; default = 8080; - description = lib.mdDoc '' + description = '' Listening port of headscale. ''; example = 443; }; settings = mkOption { - description = lib.mdDoc '' + description = '' Overrides to {file}`config.yaml` as a Nix attribute set. Check the [example config](https://github.com/juanfont/headscale/blob/main/config-example.yaml) for possible options. @@ -78,7 +78,7 @@ in { server_url = mkOption { type = types.str; default = "http://127.0.0.1:8080"; - description = lib.mdDoc '' + description = '' The url clients will connect to. ''; example = "https://myheadscale.example.com:443"; @@ -87,7 +87,7 @@ in { private_key_path = mkOption { type = types.path; default = "${dataDir}/private.key"; - description = lib.mdDoc '' + description = '' Path to private key file, generated automatically if it does not exist. ''; }; @@ -95,7 +95,7 @@ in { noise.private_key_path = mkOption { type = types.path; default = "${dataDir}/noise_private.key"; - description = lib.mdDoc '' + description = '' Path to noise private key file, generated automatically if it does not exist. ''; }; @@ -104,7 +104,7 @@ in { urls = mkOption { type = types.listOf types.str; default = ["https://controlplane.tailscale.com/derpmap/default"]; - description = lib.mdDoc '' + description = '' List of urls containing DERP maps. See [How Tailscale works](https://tailscale.com/blog/how-tailscale-works/) for more information on DERP maps. ''; @@ -113,7 +113,7 @@ in { paths = mkOption { type = types.listOf types.path; default = []; - description = lib.mdDoc '' + description = '' List of file paths containing DERP maps. See [How Tailscale works](https://tailscale.com/blog/how-tailscale-works/) for more information on DERP maps. ''; @@ -122,7 +122,7 @@ in { auto_update_enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to automatically update DERP maps on a set frequency. ''; example = false; @@ -131,7 +131,7 @@ in { update_frequency = mkOption { type = types.str; default = "24h"; - description = lib.mdDoc '' + description = '' Frequency to update DERP maps. ''; example = "5m"; @@ -141,7 +141,7 @@ in { ephemeral_node_inactivity_timeout = mkOption { type = types.str; default = "30m"; - description = lib.mdDoc '' + description = '' Time before an inactive ephemeral node is deleted. ''; example = "5m"; @@ -151,42 +151,42 @@ in { type = types.enum ["sqlite3" "postgres"]; example = "postgres"; default = "sqlite3"; - description = lib.mdDoc "Database engine to use."; + description = "Database engine to use."; }; db_host = mkOption { type = types.nullOr types.str; default = null; example = "127.0.0.1"; - description = lib.mdDoc "Database host address."; + description = "Database host address."; }; db_port = mkOption { type = types.nullOr types.port; default = null; example = 3306; - description = lib.mdDoc "Database host port."; + description = "Database host port."; }; db_name = mkOption { type = types.nullOr types.str; default = null; example = "headscale"; - description = lib.mdDoc "Database name."; + description = "Database name."; }; db_user = mkOption { type = types.nullOr types.str; default = null; example = "headscale"; - description = lib.mdDoc "Database user."; + description = "Database user."; }; db_password_file = mkOption { type = types.nullOr types.path; default = null; example = "/run/keys/headscale-dbpassword"; - description = lib.mdDoc '' + description = '' A file containing the password corresponding to {option}`database.user`. ''; @@ -195,13 +195,13 @@ in { db_path = mkOption { type = types.nullOr types.str; default = "${dataDir}/db.sqlite"; - description = lib.mdDoc "Path to the sqlite3 database file."; + description = "Path to the sqlite3 database file."; }; log.level = mkOption { type = types.str; default = "info"; - description = lib.mdDoc '' + description = '' headscale log level. ''; example = "debug"; @@ -210,7 +210,7 @@ in { log.format = mkOption { type = types.str; default = "text"; - description = lib.mdDoc '' + description = '' headscale log format. ''; example = "json"; @@ -220,7 +220,7 @@ in { nameservers = mkOption { type = types.listOf types.str; default = ["1.1.1.1"]; - description = lib.mdDoc '' + description = '' List of nameservers to pass to Tailscale clients. ''; }; @@ -228,7 +228,7 @@ in { override_local_dns = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to use [Override local DNS](https://tailscale.com/kb/1054/dns/). ''; example = true; @@ -237,7 +237,7 @@ in { domains = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' Search domains to inject to Tailscale clients. ''; example = ["mydomain.internal"]; @@ -246,7 +246,7 @@ in { magic_dns = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to use [MagicDNS](https://tailscale.com/kb/1081/magicdns/). Only works if there is at least a nameserver defined. ''; @@ -256,7 +256,7 @@ in { base_domain = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Defines the base domain to create the hostnames for MagicDNS. {option}`baseDomain` must be a FQDNs, without the trailing dot. The FQDN of the hosts will be @@ -270,7 +270,7 @@ in { issuer = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' URL to OpenID issuer. ''; example = "https://openid.example.com"; @@ -279,7 +279,7 @@ in { client_id = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' OpenID Connect client ID. ''; }; @@ -287,7 +287,7 @@ in { client_secret_path = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Path to OpenID Connect client secret file. Expands environment variables in format ''${VAR}. ''; }; @@ -295,7 +295,7 @@ in { scope = mkOption { type = types.listOf types.str; default = ["openid" "profile" "email"]; - description = lib.mdDoc '' + description = '' Scopes used in the OIDC flow. ''; }; @@ -303,7 +303,7 @@ in { extra_params = mkOption { type = types.attrsOf types.str; default = { }; - description = lib.mdDoc '' + description = '' Custom query parameters to send with the Authorize Endpoint request. ''; example = { @@ -314,7 +314,7 @@ in { allowed_domains = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc '' + description = '' Allowed principal domains. if an authenticated user's domain is not in this list authentication request will be rejected. ''; @@ -324,7 +324,7 @@ in { allowed_users = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc '' + description = '' Users allowed to authenticate even if not in allowedDomains. ''; example = [ "alice@example.com" ]; @@ -333,7 +333,7 @@ in { strip_email_domain = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether the domain part of the email address should be removed when generating namespaces. ''; }; @@ -342,7 +342,7 @@ in { tls_letsencrypt_hostname = mkOption { type = types.nullOr types.str; default = ""; - description = lib.mdDoc '' + description = '' Domain name to request a TLS certificate for. ''; }; @@ -350,7 +350,7 @@ in { tls_letsencrypt_challenge_type = mkOption { type = types.enum ["TLS-ALPN-01" "HTTP-01"]; default = "HTTP-01"; - description = lib.mdDoc '' + description = '' Type of ACME challenge to use, currently supported types: `HTTP-01` or `TLS-ALPN-01`. ''; @@ -359,7 +359,7 @@ in { tls_letsencrypt_listen = mkOption { type = types.nullOr types.str; default = ":http"; - description = lib.mdDoc '' + description = '' When HTTP-01 challenge is chosen, letsencrypt must set up a verification endpoint, and it will be listening on: `:http = port 80`. @@ -369,7 +369,7 @@ in { tls_cert_path = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Path to already created certificate. ''; }; @@ -377,7 +377,7 @@ in { tls_key_path = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Path to key for already created certificate. ''; }; @@ -385,7 +385,7 @@ in { acl_policy_path = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Path to a file containing ACL policies. ''; }; diff --git a/nixos/modules/services/networking/hostapd.nix b/nixos/modules/services/networking/hostapd.nix index 40542155ed63b..1bef5a1f0a9e8 100644 --- a/nixos/modules/services/networking/hostapd.nix +++ b/nixos/modules/services/networking/hostapd.nix @@ -28,7 +28,6 @@ let literalExpression maintainers mapAttrsToList - mdDoc mkDefault mkEnableOption mkIf @@ -115,12 +114,12 @@ in { options = { services.hostapd = { - enable = mkEnableOption (mdDoc '' + enable = mkEnableOption '' hostapd, a user space daemon for access point and authentication servers. It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators, RADIUS client, EAP server, and RADIUS authentication server - ''); + ''; package = mkPackageOption pkgs "hostapd" {}; @@ -165,7 +164,7 @@ in { }; } ''; - description = mdDoc '' + description = '' This option allows you to define APs for one or multiple physical radios. At least one radio must be specified. @@ -186,7 +185,7 @@ in { default = "nl80211"; example = "none"; type = types.str; - description = mdDoc '' + description = '' The driver {command}`hostapd` will use. {var}`nl80211` is used with all Linux mac80211 drivers. {var}`none` is used if building a standalone RADIUS server that does @@ -198,7 +197,7 @@ in { noScan = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Disables scan for overlapping BSSs in HT40+/- mode. Caution: turning this on will likely violate regulatory requirements! ''; @@ -208,7 +207,7 @@ in { default = null; example = "US"; type = types.nullOr types.str; - description = mdDoc '' + description = '' Country code (ISO/IEC 3166-1). Used to set regulatory domain. Set as needed to indicate country in which device is operating. This can limit available channels and transmit power. @@ -229,7 +228,7 @@ in { band = mkOption { default = "2g"; type = types.enum ["2g" "5g" "6g" "60g"]; - description = mdDoc '' + description = '' Specifies the frequency band to use, possible values are 2g for 2.4 GHz, 5g for 5 GHz, 6g for 6 GHz and 60g for 60 GHz. ''; @@ -239,7 +238,7 @@ in { default = 7; example = 11; type = types.int; - description = mdDoc '' + description = '' The channel to operate on. Use 0 to enable ACS (Automatic Channel Selection). Beware that not every device supports ACS in which case {command}`hostapd` will fail to start. @@ -252,7 +251,7 @@ in { type = types.submodule { freeformType = extraSettingsFormat.type; }; - description = mdDoc '' + description = '' Extra configuration options to put at the end of global initialization, before defining BSSs. To find out which options are global and which are per-bss you have to read hostapd's source code, which is non-trivial and not documented otherwise. @@ -277,7 +276,7 @@ in { '''; } ''; - description = mdDoc '' + description = '' All of these scripts will be executed in lexicographical order before hostapd is started, right after the global segment was generated and may dynamically append global options the generated configuration file. @@ -292,7 +291,7 @@ in { enable = mkOption { default = true; type = types.bool; - description = mdDoc '' + description = '' Enables support for IEEE 802.11n (WiFi 4, HT). This is enabled by default, since the vase majority of devices are expected to support this. @@ -303,7 +302,7 @@ in { type = types.listOf types.str; default = ["HT40" "HT40-" "SHORT-GI-20" "SHORT-GI-40"]; example = ["LDPC" "HT40+" "HT40-" "GF" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1"]; - description = mdDoc '' + description = '' HT (High Throughput) capabilities given as a list of flags. Please refer to the hostapd documentation for allowed values and only set values supported by your physical adapter. @@ -315,7 +314,7 @@ in { require = mkOption { default = false; type = types.bool; - description = mdDoc "Require stations (clients) to support WiFi 4 (HT) and disassociate them if they don't."; + description = "Require stations (clients) to support WiFi 4 (HT) and disassociate them if they don't."; }; }; @@ -325,14 +324,14 @@ in { enable = mkOption { default = true; type = types.bool; - description = mdDoc "Enables support for IEEE 802.11ac (WiFi 5, VHT)"; + description = "Enables support for IEEE 802.11ac (WiFi 5, VHT)"; }; capabilities = mkOption { type = types.listOf types.str; default = []; example = ["SHORT-GI-80" "TX-STBC-2BY1" "RX-STBC-1" "RX-ANTENNA-PATTERN" "TX-ANTENNA-PATTERN"]; - description = mdDoc '' + description = '' VHT (Very High Throughput) capabilities given as a list of flags. Please refer to the hostapd documentation for allowed values and only set values supported by your physical adapter. @@ -342,7 +341,7 @@ in { require = mkOption { default = false; type = types.bool; - description = mdDoc "Require stations (clients) to support WiFi 5 (VHT) and disassociate them if they don't."; + description = "Require stations (clients) to support WiFi 5 (VHT) and disassociate them if they don't."; }; operatingChannelWidth = mkOption { @@ -355,7 +354,7 @@ in { "160" = 2; "80+80" = 3; }; - description = mdDoc '' + description = '' Determines the operating channel width for VHT. - {var}`"20or40"`: 20 or 40 MHz operating channel width @@ -372,31 +371,31 @@ in { enable = mkOption { default = false; type = types.bool; - description = mdDoc "Enables support for IEEE 802.11ax (WiFi 6, HE)"; + description = "Enables support for IEEE 802.11ax (WiFi 6, HE)"; }; require = mkOption { default = false; type = types.bool; - description = mdDoc "Require stations (clients) to support WiFi 6 (HE) and disassociate them if they don't."; + description = "Require stations (clients) to support WiFi 6 (HE) and disassociate them if they don't."; }; singleUserBeamformer = mkOption { default = false; type = types.bool; - description = mdDoc "HE single user beamformer support"; + description = "HE single user beamformer support"; }; singleUserBeamformee = mkOption { default = false; type = types.bool; - description = mdDoc "HE single user beamformee support"; + description = "HE single user beamformee support"; }; multiUserBeamformer = mkOption { default = false; type = types.bool; - description = mdDoc "HE multi user beamformee support"; + description = "HE multi user beamformee support"; }; operatingChannelWidth = mkOption { @@ -409,7 +408,7 @@ in { "160" = 2; "80+80" = 3; }; - description = mdDoc '' + description = '' Determines the operating channel width for HE. - {var}`"20or40"`: 20 or 40 MHz operating channel width @@ -426,7 +425,7 @@ in { enable = mkOption { default = false; type = types.bool; - description = mdDoc '' + description = '' Enables support for IEEE 802.11be (WiFi 7, EHT). This is currently experimental and requires you to manually enable CONFIG_IEEE80211BE when building hostapd. ''; @@ -435,19 +434,19 @@ in { singleUserBeamformer = mkOption { default = false; type = types.bool; - description = mdDoc "EHT single user beamformer support"; + description = "EHT single user beamformer support"; }; singleUserBeamformee = mkOption { default = false; type = types.bool; - description = mdDoc "EHT single user beamformee support"; + description = "EHT single user beamformee support"; }; multiUserBeamformer = mkOption { default = false; type = types.bool; - description = mdDoc "EHT multi user beamformee support"; + description = "EHT multi user beamformee support"; }; operatingChannelWidth = mkOption { @@ -460,7 +459,7 @@ in { "160" = 2; "80+80" = 3; }; - description = mdDoc '' + description = '' Determines the operating channel width for EHT. - {var}`"20or40"`: 20 or 40 MHz operating channel width @@ -487,7 +486,7 @@ in { }; } ''; - description = mdDoc '' + description = '' This defines a BSS, colloquially known as a WiFi network. You have to specify at least one. ''; @@ -496,7 +495,7 @@ in { logLevel = mkOption { default = 2; type = types.int; - description = mdDoc '' + description = '' Levels (minimum value for logged events): 0 = verbose debugging 1 = debugging @@ -510,7 +509,7 @@ in { default = "wheel"; example = "network"; type = types.str; - description = mdDoc '' + description = '' Members of this group can access the control socket for this interface. ''; }; @@ -518,20 +517,20 @@ in { utf8Ssid = mkOption { default = true; type = types.bool; - description = mdDoc "Whether the SSID is to be interpreted using UTF-8 encoding."; + description = "Whether the SSID is to be interpreted using UTF-8 encoding."; }; ssid = mkOption { example = "❄️ cool ❄️"; type = types.str; - description = mdDoc "SSID to be used in IEEE 802.11 management frames."; + description = "SSID to be used in IEEE 802.11 management frames."; }; bssid = mkOption { type = types.nullOr types.str; default = null; example = "11:22:33:44:55:66"; - description = mdDoc '' + description = '' Specifies the BSSID for this BSS. Usually determined automatically, but for now you have to manually specify them when using multiple BSS. Try assigning related addresses from the locally administered MAC address ranges, @@ -550,7 +549,7 @@ in { "allow" = 1; "radius" = 2; }; - description = mdDoc '' + description = '' Station MAC address -based authentication. The following modes are available: - {var}`"deny"`: Allow unless listed in {option}`macDeny` (default) @@ -567,7 +566,7 @@ in { type = types.listOf types.str; default = []; example = ["11:22:33:44:55:66"]; - description = mdDoc '' + description = '' Specifies the MAC addresses to allow if {option}`macAcl` is set to {var}`"allow"` or {var}`"radius"`. These values will be world-readable in the Nix store. Values will automatically be merged with {option}`macAllowFile` if necessary. @@ -577,7 +576,7 @@ in { macAllowFile = mkOption { type = types.nullOr types.path; default = null; - description = mdDoc '' + description = '' Specifies a file containing the MAC addresses to allow if {option}`macAcl` is set to {var}`"allow"` or {var}`"radius"`. The file should contain exactly one MAC address per line. Comments and empty lines are ignored, only lines starting with a valid MAC address will be considered (e.g. `11:22:33:44:55:66`) and @@ -589,7 +588,7 @@ in { type = types.listOf types.str; default = []; example = ["11:22:33:44:55:66"]; - description = mdDoc '' + description = '' Specifies the MAC addresses to deny if {option}`macAcl` is set to {var}`"deny"` or {var}`"radius"`. These values will be world-readable in the Nix store. Values will automatically be merged with {option}`macDenyFile` if necessary. @@ -599,7 +598,7 @@ in { macDenyFile = mkOption { type = types.nullOr types.path; default = null; - description = mdDoc '' + description = '' Specifies a file containing the MAC addresses to deny if {option}`macAcl` is set to {var}`"deny"` or {var}`"radius"`. The file should contain exactly one MAC address per line. Comments and empty lines are ignored, only lines starting with a valid MAC address will be considered (e.g. `11:22:33:44:55:66`) and @@ -616,7 +615,7 @@ in { "empty" = 1; "clear" = 2; }; - description = mdDoc '' + description = '' Send empty SSID in beacons and ignore probe request frames that do not specify full SSID, i.e., require stations to know SSID. Note that this does not increase security, since your clients will then broadcast the SSID instead, @@ -633,7 +632,7 @@ in { apIsolate = mkOption { default = false; type = types.bool; - description = mdDoc '' + description = '' Isolate traffic between stations (clients) and prevent them from communicating with each other. ''; @@ -645,7 +644,7 @@ in { type = types.submodule { freeformType = extraSettingsFormat.type; }; - description = mdDoc '' + description = '' Extra configuration options to put at the end of this BSS's defintion in the hostapd.conf for the associated interface. To find out which options are global and which are per-bss you have to read hostapd's source code, which is non-trivial @@ -673,7 +672,7 @@ in { '''; } ''; - description = mdDoc '' + description = '' All of these scripts will be executed in lexicographical order before hostapd is started, right after the bss segment was generated and may dynamically append bss options to the generated configuration file. @@ -689,7 +688,7 @@ in { mode = mkOption { default = "wpa3-sae"; type = types.enum ["none" "wpa2-sha256" "wpa3-sae-transition" "wpa3-sae"]; - description = mdDoc '' + description = '' Selects the authentication mode for this AP. - {var}`"none"`: Don't configure any authentication. This will disable wpa alltogether @@ -711,7 +710,7 @@ in { default = ["CCMP"]; example = ["CCMP-256" "GCMP-256"]; type = types.listOf types.str; - description = mdDoc '' + description = '' Set of accepted cipher suites (encryption algorithms) for pairwise keys (unicast packets). By default this allows just CCMP, which is the only commonly supported secure option. Use {option}`enableRecommendedPairwiseCiphers` to also enable newer recommended ciphers. @@ -726,7 +725,7 @@ in { default = false; example = true; type = types.bool; - description = mdDoc '' + description = '' Additionally enable the recommended set of pairwise ciphers. This enables newer secure ciphers, additionally to those defined in {option}`pairwiseCiphers`. You will have to test whether your hardware supports these by trial-and-error, because @@ -742,7 +741,7 @@ in { default = null; example = "a flakey password"; type = types.nullOr types.str; - description = mdDoc '' + description = '' Sets the password for WPA-PSK that will be converted to the pre-shared key. The password length must be in the range [8, 63] characters. While some devices may allow arbitrary characters (such as UTF-8) to be used, but the standard specifies @@ -759,7 +758,7 @@ in { wpaPasswordFile = mkOption { default = null; type = types.nullOr types.path; - description = mdDoc '' + description = '' Sets the password for WPA-PSK. Follows the same rules as {option}`wpaPassword`, but reads the password from the given file to prevent the password from being put into the Nix store. @@ -771,7 +770,7 @@ in { wpaPskFile = mkOption { default = null; type = types.nullOr types.path; - description = mdDoc '' + description = '' Sets the password(s) for WPA-PSK. Similar to {option}`wpaPasswordFile`, but additionally allows specifying multiple passwords, and some other options. @@ -803,7 +802,7 @@ in { { password = "sekret pazzword"; mac = "11:22:33:44:55:66"; } ] ''; - description = mdDoc '' + description = '' Sets allowed passwords for WPA3-SAE. The last matching (based on peer MAC address and identifier) entry is used to @@ -820,7 +819,7 @@ in { password = mkOption { example = "a flakey password"; type = types.str; - description = mdDoc '' + description = '' The password for this entry. SAE technically imposes no restrictions on password length or character set. But due to limitations of {command}`hostapd`'s config file format, a true newline character cannot be parsed. @@ -834,7 +833,7 @@ in { default = null; example = "11:22:33:44:55:66"; type = types.nullOr types.str; - description = mdDoc '' + description = '' If this attribute is not included, or if is set to the wildcard address (`ff:ff:ff:ff:ff:ff`), the entry is available for any station (client) to use. If a specific peer MAC address is included, only a station with that MAC address is allowed to use the entry. @@ -845,14 +844,14 @@ in { default = null; example = 1; type = types.nullOr types.int; - description = mdDoc "If this attribute is given, all clients using this entry will get tagged with the given VLAN ID."; + description = "If this attribute is given, all clients using this entry will get tagged with the given VLAN ID."; }; pk = mkOption { default = null; example = ""; type = types.nullOr types.str; - description = mdDoc '' + description = '' If this attribute is given, SAE-PK will be enabled for this connection. This prevents evil-twin attacks, but a public key is required additionally to connect. (Essentially adds pubkey authentication such that the client can verify identity of the AP) @@ -863,7 +862,7 @@ in { default = null; example = ""; type = types.nullOr types.str; - description = mdDoc '' + description = '' If this attribute is given with non-zero length, it will set the password identifier for this entry. It can then only be used with that identifier. ''; @@ -875,7 +874,7 @@ in { saePasswordsFile = mkOption { default = null; type = types.nullOr types.path; - description = mdDoc '' + description = '' Sets the password for WPA3-SAE. Follows the same rules as {option}`saePasswords`, but reads the entries from the given file to prevent them from being put into the Nix store. @@ -892,7 +891,7 @@ in { saeAddToMacAllow = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' If set, all sae password entries that have a non-wildcard MAC associated to them will additionally be used to populate the MAC allow list. This is additional to any entries set via {option}`macAllow` or {option}`macAllowFile`. diff --git a/nixos/modules/services/networking/htpdate.nix b/nixos/modules/services/networking/htpdate.nix index 8b9bb2888dacb..6954e5b060c4c 100644 --- a/nixos/modules/services/networking/htpdate.nix +++ b/nixos/modules/services/networking/htpdate.nix @@ -19,7 +19,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable htpdate daemon. ''; }; @@ -27,7 +27,7 @@ in extraOptions = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Additional command line arguments to pass to htpdate. ''; }; @@ -35,7 +35,7 @@ in servers = mkOption { type = types.listOf types.str; default = [ "www.google.com" ]; - description = lib.mdDoc '' + description = '' HTTP servers to use for time synchronization. ''; }; @@ -44,7 +44,7 @@ in type = types.str; default = ""; example = "127.0.0.1:8118"; - description = lib.mdDoc '' + description = '' HTTP proxy used for requests. ''; }; diff --git a/nixos/modules/services/networking/https-dns-proxy.nix b/nixos/modules/services/networking/https-dns-proxy.nix index 87eb23ea45851..63c38d20ac8f2 100644 --- a/nixos/modules/services/networking/https-dns-proxy.nix +++ b/nixos/modules/services/networking/https-dns-proxy.nix @@ -46,23 +46,23 @@ in ###### interface options.services.https-dns-proxy = { - enable = mkEnableOption (lib.mdDoc "https-dns-proxy daemon"); + enable = mkEnableOption "https-dns-proxy daemon"; address = mkOption { - description = lib.mdDoc "The address on which to listen"; + description = "The address on which to listen"; type = types.str; default = "127.0.0.1"; }; port = mkOption { - description = lib.mdDoc "The port on which to listen"; + description = "The port on which to listen"; type = types.port; default = 5053; }; provider = { kind = mkOption { - description = lib.mdDoc '' + description = '' The upstream provider to use or custom in case you do not trust any of the predefined providers or just want to use your own. @@ -80,18 +80,18 @@ in }; ips = mkOption { - description = lib.mdDoc "The custom provider IPs"; + description = "The custom provider IPs"; type = types.listOf types.str; }; url = mkOption { - description = lib.mdDoc "The custom provider URL"; + description = "The custom provider URL"; type = types.str; }; }; preferIPv4 = mkOption { - description = lib.mdDoc '' + description = '' https_dns_proxy will by default use IPv6 and fail if it is not available. To play it safe, we choose IPv4. ''; @@ -100,7 +100,7 @@ in }; extraArgs = mkOption { - description = lib.mdDoc "Additional arguments to pass to the process."; + description = "Additional arguments to pass to the process."; type = types.listOf types.str; default = [ "-v" ]; }; diff --git a/nixos/modules/services/networking/hylafax/options.nix b/nixos/modules/services/networking/hylafax/options.nix index 49b2bef90a5fe..1880aebe7a6be 100644 --- a/nixos/modules/services/networking/hylafax/options.nix +++ b/nixos/modules/services/networking/hylafax/options.nix @@ -37,7 +37,7 @@ let name = mkOption { type = nonEmptyStr; example = "ttyS1"; - description = lib.mdDoc '' + description = '' Name of modem device, will be searched for in {file}`/dev`. ''; @@ -45,7 +45,7 @@ let type = mkOption { type = nonEmptyStr; example = "cirrus"; - description = lib.mdDoc '' + description = '' Name of modem configuration file, will be searched for in {file}`config` in the spooling area directory. @@ -59,7 +59,7 @@ let FAXNumber = "123456"; LocalIdentifier = "LostInBerlin"; }; - description = lib.mdDoc '' + description = '' Attribute set of values for the given modem. ${commonDescr} Options defined here override options in @@ -118,13 +118,13 @@ in options.services.hylafax = { - enable = mkEnableOption (lib.mdDoc "HylaFAX server"); + enable = mkEnableOption "HylaFAX server"; autostart = mkOption { type = bool; default = true; example = false; - description = lib.mdDoc '' + description = '' Autostart the HylaFAX queue manager at system start. If this is `false`, the queue manager will still be started if there are pending @@ -136,34 +136,34 @@ in type = nullOr nonEmptyStr; default = null; example = "49"; - description = lib.mdDoc "Country code for server and all modems."; + description = "Country code for server and all modems."; }; areaCode = mkOption { type = nullOr nonEmptyStr; default = null; example = "30"; - description = lib.mdDoc "Area code for server and all modems."; + description = "Area code for server and all modems."; }; longDistancePrefix = mkOption { type = nullOr str; default = null; example = "0"; - description = lib.mdDoc "Long distance prefix for server and all modems."; + description = "Long distance prefix for server and all modems."; }; internationalPrefix = mkOption { type = nullOr str; default = null; example = "00"; - description = lib.mdDoc "International prefix for server and all modems."; + description = "International prefix for server and all modems."; }; spoolAreaPath = mkOption { type = path; default = "/var/spool/fax"; - description = lib.mdDoc '' + description = '' The spooling area will be created/maintained at the location given here. ''; @@ -172,7 +172,7 @@ in userAccessFile = mkOption { type = path; default = "/etc/hosts.hfaxd"; - description = lib.mdDoc '' + description = '' The {file}`hosts.hfaxd` file entry in the spooling area will be symlinked to the location given here. @@ -197,7 +197,7 @@ in type = path; example = literalExpression ''"''${pkgs.postfix}/bin/sendmail"''; # '' ; # fix vim - description = lib.mdDoc '' + description = '' Path to {file}`sendmail` program. The default uses the local sendmail wrapper (see {option}`config.services.mail.sendmailSetuidWrapper`), @@ -209,7 +209,7 @@ in hfaxdConfig = mkOption { type = configAttrType; example.RecvqProtection = "0400"; - description = lib.mdDoc '' + description = '' Attribute set of lines for the global hfaxd config file {file}`etc/hfaxd.conf`. ${commonDescr} @@ -222,7 +222,7 @@ in InternationalPrefix = "00"; LongDistancePrefix = "0"; }; - description = lib.mdDoc '' + description = '' Attribute set of lines for the global faxq config file {file}`etc/config`. ${commonDescr} @@ -235,7 +235,7 @@ in InternationalPrefix = "00"; LongDistancePrefix = "0"; }; - description = lib.mdDoc '' + description = '' Attribute set of default values for modem config files {file}`etc/config.*`. ${commonDescr} @@ -254,7 +254,7 @@ in LocalIdentifier = "Smith"; }; }; - description = lib.mdDoc '' + description = '' Description of installed modems. At least on modem must be defined to enable the HylaFAX server. @@ -265,22 +265,22 @@ in type = lines; default = ""; example = "chmod 0755 . # everyone may read my faxes"; - description = lib.mdDoc '' + description = '' Additional shell code that is executed within the spooling area directory right after its setup. ''; }; - faxcron.enable.spoolInit = mkEnableOption (lib.mdDoc '' + faxcron.enable.spoolInit = mkEnableOption '' purging old files from the spooling area with {file}`faxcron` each time the spooling area is initialized - ''); + ''; faxcron.enable.frequency = mkOption { type = nullOr nonEmptyStr; default = null; example = "daily"; - description = lib.mdDoc '' + description = '' purging old files from the spooling area with {file}`faxcron` with the given frequency (see systemd.time(7)) @@ -289,7 +289,7 @@ in faxcron.infoDays = mkOption { type = ints.positive; default = 30; - description = lib.mdDoc '' + description = '' Set the expiration time for data in the remote machine information directory in days. ''; @@ -297,7 +297,7 @@ in faxcron.logDays = mkOption { type = ints.positive; default = 30; - description = lib.mdDoc '' + description = '' Set the expiration time for session trace log files in days. ''; @@ -305,22 +305,22 @@ in faxcron.rcvDays = mkOption { type = ints.positive; default = 7; - description = lib.mdDoc '' + description = '' Set the expiration time for files in the received facsimile queue in days. ''; }; - faxqclean.enable.spoolInit = mkEnableOption (lib.mdDoc '' + faxqclean.enable.spoolInit = mkEnableOption '' Purge old files from the spooling area with {file}`faxqclean` each time the spooling area is initialized. - ''); + ''; faxqclean.enable.frequency = mkOption { type = nullOr nonEmptyStr; default = null; example = "daily"; - description = lib.mdDoc '' + description = '' Purge old files from the spooling area with {file}`faxcron` with the given frequency (see systemd.time(7)). @@ -330,7 +330,7 @@ in type = enum [ "never" "as-flagged" "always" ]; default = "as-flagged"; example = "always"; - description = lib.mdDoc '' + description = '' Enable or suppress job archiving: `never` disables job archiving, `as-flagged` archives jobs that @@ -343,7 +343,7 @@ in type = ints.positive; default = 15; example = literalExpression "24*60"; - description = lib.mdDoc '' + description = '' Set the job age threshold (in minutes) that controls how long jobs may reside in the doneq directory. @@ -353,7 +353,7 @@ in type = ints.positive; default = 60; example = literalExpression "24*60"; - description = lib.mdDoc '' + description = '' Set the document age threshold (in minutes) that controls how long unreferenced files may reside in the docq directory. diff --git a/nixos/modules/services/networking/i2p.nix b/nixos/modules/services/networking/i2p.nix index c5c7a955cbd4f..2b38697b1f471 100644 --- a/nixos/modules/services/networking/i2p.nix +++ b/nixos/modules/services/networking/i2p.nix @@ -5,9 +5,10 @@ with lib; let cfg = config.services.i2p; homeDir = "/var/lib/i2p"; -in { +in +{ ###### interface - options.services.i2p.enable = mkEnableOption (lib.mdDoc "I2P router"); + options.services.i2p.enable = mkEnableOption "I2P router"; ###### implementation config = mkIf cfg.enable { @@ -27,7 +28,7 @@ in { User = "i2p"; WorkingDirectory = homeDir; Restart = "on-abort"; - ExecStart = "${pkgs.i2p}/bin/i2prouter-plain"; + ExecStart = "${pkgs.i2p}/bin/i2prouter"; }; }; }; diff --git a/nixos/modules/services/networking/i2pd.nix b/nixos/modules/services/networking/i2pd.nix index 8d9eff61488ca..aa059b1b7c90a 100644 --- a/nixos/modules/services/networking/i2pd.nix +++ b/nixos/modules/services/networking/i2pd.nix @@ -17,36 +17,36 @@ let optionalNullInt = o: i: optional (i != null) (intOpt o i); optionalEmptyList = o: l: optional ([] != l) (lstOpt o l); - mkEnableTrueOption = name: mkEnableOption (lib.mdDoc name) // { default = true; }; + mkEnableTrueOption = name: mkEnableOption name // { default = true; }; mkEndpointOpt = name: addr: port: { - enable = mkEnableOption (lib.mdDoc name); + enable = mkEnableOption name; name = mkOption { type = types.str; default = name; - description = lib.mdDoc "The endpoint name."; + description = "The endpoint name."; }; address = mkOption { type = types.str; default = addr; - description = lib.mdDoc "Bind address for ${name} endpoint."; + description = "Bind address for ${name} endpoint."; }; port = mkOption { type = types.port; default = port; - description = lib.mdDoc "Bind port for ${name} endpoint."; + description = "Bind port for ${name} endpoint."; }; }; i2cpOpts = name: { length = mkOption { type = types.int; - description = lib.mdDoc "Guaranteed minimum hops for ${name} tunnels."; + description = "Guaranteed minimum hops for ${name} tunnels."; default = 3; }; quantity = mkOption { type = types.int; - description = lib.mdDoc "Number of simultaneous ${name} tunnels."; + description = "Number of simultaneous ${name} tunnels."; default = 5; }; }; @@ -56,7 +56,7 @@ let keys = mkOption { type = with types; nullOr str; default = keyloc; - description = lib.mdDoc '' + description = '' File to persist ${lib.toUpper name} keys. ''; }; @@ -64,12 +64,12 @@ let outbound = i2cpOpts name; latency.min = mkOption { type = with types; nullOr int; - description = lib.mdDoc "Min latency for tunnels."; + description = "Min latency for tunnels."; default = null; }; latency.max = mkOption { type = with types; nullOr int; - description = lib.mdDoc "Max latency for tunnels."; + description = "Max latency for tunnels."; default = null; }; }; @@ -79,17 +79,17 @@ let inbound = i2cpOpts name; crypto.tagsToSend = mkOption { type = types.int; - description = lib.mdDoc "Number of ElGamal/AES tags to send."; + description = "Number of ElGamal/AES tags to send."; default = 40; }; destination = mkOption { type = types.str; - description = lib.mdDoc "Remote endpoint, I2P hostname or b32.i2p address."; + description = "Remote endpoint, I2P hostname or b32.i2p address."; }; keys = mkOption { type = types.str; default = name + "-keys.dat"; - description = lib.mdDoc "Keyset used for tunnel identity."; + description = "Keyset used for tunnel identity."; }; } // mkEndpointOpt name "127.0.0.1" 0; @@ -236,8 +236,8 @@ in services.i2pd = { - enable = mkEnableOption (lib.mdDoc "I2Pd daemon") // { - description = lib.mdDoc '' + enable = mkEnableOption "I2Pd daemon" // { + description = '' Enables I2Pd as a running service upon activation. Please read <https://i2pd.readthedocs.io/en/latest/> for further configuration help. @@ -249,7 +249,7 @@ in logLevel = mkOption { type = types.enum ["debug" "info" "warn" "error"]; default = "error"; - description = lib.mdDoc '' + description = '' The log level. {command}`i2pd` defaults to "info" but that generates copious amounts of log messages. @@ -258,12 +258,12 @@ in ''; }; - logCLFTime = mkEnableOption (lib.mdDoc "full CLF-formatted date and time to log"); + logCLFTime = mkEnableOption "full CLF-formatted date and time to log"; address = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Your external IP or hostname. ''; }; @@ -271,7 +271,7 @@ in family = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Specify a family the router belongs to. ''; }; @@ -279,7 +279,7 @@ in dataDir = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Alternative path to storage of i2pd data (RI, keys, peer profiles, ...) ''; }; @@ -287,7 +287,7 @@ in share = mkOption { type = types.int; default = 100; - description = lib.mdDoc '' + description = '' Limit of transit traffic from max bandwidth in percents. ''; }; @@ -295,7 +295,7 @@ in ifname = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Network interface to bind to. ''; }; @@ -303,7 +303,7 @@ in ifname4 = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' IPv4 interface to bind to. ''; }; @@ -311,7 +311,7 @@ in ifname6 = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' IPv6 interface to bind to. ''; }; @@ -319,7 +319,7 @@ in ntcpProxy = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Proxy URL for NTCP transport. ''; }; @@ -327,14 +327,14 @@ in ntcp = mkEnableTrueOption "ntcp"; ssu = mkEnableTrueOption "ssu"; - notransit = mkEnableOption (lib.mdDoc "notransit") // { - description = lib.mdDoc '' + notransit = mkEnableOption "notransit" // { + description = '' Tells the router to not accept transit tunnels during startup. ''; }; - floodfill = mkEnableOption (lib.mdDoc "floodfill") // { - description = lib.mdDoc '' + floodfill = mkEnableOption "floodfill" // { + description = '' If the router is declared to be unreachable and needs introduction nodes. ''; }; @@ -342,7 +342,7 @@ in netid = mkOption { type = types.int; default = 2; - description = lib.mdDoc '' + description = '' I2P overlay netid. ''; }; @@ -350,7 +350,7 @@ in bandwidth = mkOption { type = with types; nullOr int; default = null; - description = lib.mdDoc '' + description = '' Set a router bandwidth limit integer in KBps. If not set, {command}`i2pd` defaults to 32KBps. ''; @@ -359,26 +359,26 @@ in port = mkOption { type = with types; nullOr int; default = null; - description = lib.mdDoc '' + description = '' I2P listen port. If no one is given the router will pick between 9111 and 30777. ''; }; enableIPv4 = mkEnableTrueOption "IPv4 connectivity"; - enableIPv6 = mkEnableOption (lib.mdDoc "IPv6 connectivity"); + enableIPv6 = mkEnableOption "IPv6 connectivity"; nat = mkEnableTrueOption "NAT bypass"; - upnp.enable = mkEnableOption (lib.mdDoc "UPnP service discovery"); + upnp.enable = mkEnableOption "UPnP service discovery"; upnp.name = mkOption { type = types.str; default = "I2Pd"; - description = lib.mdDoc '' + description = '' Name i2pd appears in UPnP forwardings list. ''; }; precomputation.elgamal = mkEnableTrueOption "Precomputed ElGamal tables" // { - description = lib.mdDoc '' + description = '' Whenever to use precomputated tables for ElGamal. {command}`i2pd` defaults to `false` to save 64M of memory (and looses some performance). @@ -388,12 +388,12 @@ in ''; }; - reseed.verify = mkEnableOption (lib.mdDoc "SU3 signature verification"); + reseed.verify = mkEnableOption "SU3 signature verification"; reseed.file = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Full path to SU3 file to reseed from. ''; }; @@ -401,7 +401,7 @@ in reseed.urls = mkOption { type = with types; listOf str; default = []; - description = lib.mdDoc '' + description = '' Reseed URLs. ''; }; @@ -409,7 +409,7 @@ in reseed.floodfill = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Path to router info of floodfill to reseed from. ''; }; @@ -417,7 +417,7 @@ in reseed.zipfile = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Path to local .zip file to reseed from. ''; }; @@ -425,7 +425,7 @@ in reseed.proxy = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' URL for reseed proxy, supports http/socks. ''; }; @@ -433,7 +433,7 @@ in addressbook.defaulturl = mkOption { type = types.str; default = "http://joajgazyztfssty4w2on5oaqksz6tqoxbduy553y34mf4byv6gpq.b32.i2p/export/alive-hosts.txt"; - description = lib.mdDoc '' + description = '' AddressBook subscription URL for initial setup ''; }; @@ -444,17 +444,17 @@ in "http://i2p-projekt.i2p/hosts.txt" "http://stats.i2p/cgi-bin/newhosts.txt" ]; - description = lib.mdDoc '' + description = '' AddressBook subscription URLs ''; }; - trust.enable = mkEnableOption (lib.mdDoc "explicit trust options"); + trust.enable = mkEnableOption "explicit trust options"; trust.family = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Router Family to trust for first hops. ''; }; @@ -462,12 +462,12 @@ in trust.routers = mkOption { type = with types; listOf str; default = []; - description = lib.mdDoc '' + description = '' Only connect to the listed routers. ''; }; - trust.hidden = mkEnableOption (lib.mdDoc "router concealment"); + trust.hidden = mkEnableOption "router concealment"; websocket = mkEndpointOpt "websockets" "127.0.0.1" 7666; @@ -475,11 +475,11 @@ in exploratory.outbound = i2cpOpts "exploratory"; ntcp2.enable = mkEnableTrueOption "NTCP2"; - ntcp2.published = mkEnableOption (lib.mdDoc "NTCP2 publication"); + ntcp2.published = mkEnableOption "NTCP2 publication"; ntcp2.port = mkOption { type = types.port; default = 0; - description = lib.mdDoc '' + description = '' Port to listen for incoming NTCP2 connections (0=auto). ''; }; @@ -487,7 +487,7 @@ in limits.transittunnels = mkOption { type = types.int; default = 2500; - description = lib.mdDoc '' + description = '' Maximum number of active transit sessions. ''; }; @@ -495,7 +495,7 @@ in limits.coreSize = mkOption { type = types.int; default = 0; - description = lib.mdDoc '' + description = '' Maximum size of corefile in Kb (0 - use system limit). ''; }; @@ -503,7 +503,7 @@ in limits.openFiles = mkOption { type = types.int; default = 0; - description = lib.mdDoc '' + description = '' Maximum number of open files (0 - use system default). ''; }; @@ -511,7 +511,7 @@ in limits.ntcpHard = mkOption { type = types.int; default = 0; - description = lib.mdDoc '' + description = '' Maximum number of active transit sessions. ''; }; @@ -519,7 +519,7 @@ in limits.ntcpSoft = mkOption { type = types.int; default = 0; - description = lib.mdDoc '' + description = '' Threshold to start probabalistic backoff with ntcp sessions (default: use system limit). ''; }; @@ -527,17 +527,17 @@ in limits.ntcpThreads = mkOption { type = types.int; default = 1; - description = lib.mdDoc '' + description = '' Maximum number of threads used by NTCP DH worker. ''; }; - yggdrasil.enable = mkEnableOption (lib.mdDoc "Yggdrasil"); + yggdrasil.enable = mkEnableOption "Yggdrasil"; yggdrasil.address = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Your local yggdrasil address. Specify it if you want to bind your router to a particular address. ''; @@ -545,12 +545,12 @@ in proto.http = (mkEndpointOpt "http" "127.0.0.1" 7070) // { - auth = mkEnableOption (lib.mdDoc "webconsole authentication"); + auth = mkEnableOption "webconsole authentication"; user = mkOption { type = types.str; default = "i2pd"; - description = lib.mdDoc '' + description = '' Username for webconsole access ''; }; @@ -558,7 +558,7 @@ in pass = mkOption { type = types.str; default = "i2pd"; - description = lib.mdDoc '' + description = '' Password for webconsole access. ''; }; @@ -566,7 +566,7 @@ in strictHeaders = mkOption { type = with types; nullOr bool; default = null; - description = lib.mdDoc '' + description = '' Enable strict host checking on WebUI. ''; }; @@ -574,7 +574,7 @@ in hostname = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Expected hostname for WebUI. ''; }; @@ -585,21 +585,21 @@ in outproxy = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc "Upstream outproxy bind address."; + description = "Upstream outproxy bind address."; }; }; proto.socksProxy = (mkKeyedEndpointOpt "socksproxy" "127.0.0.1" 4447 "socksproxy-keys.dat") // { - outproxyEnable = mkEnableOption (lib.mdDoc "SOCKS outproxy"); + outproxyEnable = mkEnableOption "SOCKS outproxy"; outproxy = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc "Upstream outproxy bind address."; + description = "Upstream outproxy bind address."; }; outproxyPort = mkOption { type = types.int; default = 4444; - description = lib.mdDoc "Upstream outproxy bind port."; + description = "Upstream outproxy bind port."; }; }; @@ -616,7 +616,7 @@ in destinationPort = mkOption { type = with types; nullOr int; default = null; - description = lib.mdDoc "Connect to particular port at destination."; + description = "Connect to particular port at destination."; }; } // commonTunOpts name; config = { @@ -624,7 +624,7 @@ in }; } )); - description = lib.mdDoc '' + description = '' Connect to someone as a client and establish a local accept endpoint ''; }; @@ -637,12 +637,12 @@ in inPort = mkOption { type = types.int; default = 0; - description = lib.mdDoc "Service port. Default to the tunnel's listen port."; + description = "Service port. Default to the tunnel's listen port."; }; accessList = mkOption { type = with types; listOf str; default = []; - description = lib.mdDoc "I2P nodes that are allowed to connect to this service."; + description = "I2P nodes that are allowed to connect to this service."; }; } // commonTunOpts name; config = { @@ -650,7 +650,7 @@ in }; } )); - description = lib.mdDoc '' + description = '' Serve something on I2P network at port and delegate requests to address inPort. ''; }; diff --git a/nixos/modules/services/networking/icecream/daemon.nix b/nixos/modules/services/networking/icecream/daemon.nix index 48363cc22c367..0626766eddd07 100644 --- a/nixos/modules/services/networking/icecream/daemon.nix +++ b/nixos/modules/services/networking/icecream/daemon.nix @@ -12,18 +12,18 @@ in { services.icecream.daemon = { - enable = mkEnableOption (lib.mdDoc "Icecream Daemon"); + enable = mkEnableOption "Icecream Daemon"; openFirewall = mkOption { type = types.bool; - description = lib.mdDoc '' + description = '' Whether to automatically open receive port in the firewall. ''; }; openBroadcast = mkOption { type = types.bool; - description = lib.mdDoc '' + description = '' Whether to automatically open the firewall for scheduler discovery. ''; }; @@ -31,7 +31,7 @@ in { cacheLimit = mkOption { type = types.ints.u16; default = 256; - description = lib.mdDoc '' + description = '' Maximum size in Megabytes of cache used to store compile environments of compile clients. ''; }; @@ -39,7 +39,7 @@ in { netName = mkOption { type = types.str; default = "ICECREAM"; - description = lib.mdDoc '' + description = '' Network name to connect to. A scheduler with the same name needs to be running. ''; }; @@ -47,7 +47,7 @@ in { noRemote = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Prevent jobs from other nodes being scheduled on this daemon. ''; }; @@ -55,7 +55,7 @@ in { schedulerHost = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Explicit scheduler hostname, useful in firewalled environments. Uses scheduler autodiscovery via broadcast if set to null. @@ -65,7 +65,7 @@ in { maxProcesses = mkOption { type = types.nullOr types.ints.u16; default = null; - description = lib.mdDoc '' + description = '' Maximum number of compile jobs started in parallel for this daemon. Uses the number of CPUs if set to null. @@ -75,7 +75,7 @@ in { nice = mkOption { type = types.int; default = 5; - description = lib.mdDoc '' + description = '' The level of niceness to use. ''; }; @@ -83,7 +83,7 @@ in { hostname = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Hostname of the daemon in the icecream infrastructure. Uses the hostname retrieved via uname if set to null. @@ -93,7 +93,7 @@ in { user = mkOption { type = types.str; default = "icecc"; - description = lib.mdDoc '' + description = '' User to run the icecream daemon as. Set to root to enable receive of remote compile environments. ''; @@ -104,7 +104,7 @@ in { extraArgs = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc "Additional command line parameters."; + description = "Additional command line parameters."; example = [ "-v" ]; }; }; diff --git a/nixos/modules/services/networking/icecream/scheduler.nix b/nixos/modules/services/networking/icecream/scheduler.nix index 2d53282ba88f7..597a554d0b87e 100644 --- a/nixos/modules/services/networking/icecream/scheduler.nix +++ b/nixos/modules/services/networking/icecream/scheduler.nix @@ -11,12 +11,12 @@ in { options = { services.icecream.scheduler = { - enable = mkEnableOption (lib.mdDoc "Icecream Scheduler"); + enable = mkEnableOption "Icecream Scheduler"; netName = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Network name for the icecream scheduler. Uses the default ICECREAM if null. @@ -26,14 +26,14 @@ in { port = mkOption { type = types.port; default = 8765; - description = lib.mdDoc '' + description = '' Server port to listen for icecream daemon requests. ''; }; openFirewall = mkOption { type = types.bool; - description = lib.mdDoc '' + description = '' Whether to automatically open the daemon port in the firewall. ''; }; @@ -41,7 +41,7 @@ in { openTelnet = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to open the telnet TCP port on 8766. ''; }; @@ -49,7 +49,7 @@ in { persistentClientConnection = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to prevent clients from connecting to a better scheduler. ''; }; @@ -59,7 +59,7 @@ in { extraArgs = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc "Additional command line parameters"; + description = "Additional command line parameters"; example = [ "-v" ]; }; }; diff --git a/nixos/modules/services/networking/imaginary.nix b/nixos/modules/services/networking/imaginary.nix index a655903d1031c..cb2fb62f34b39 100644 --- a/nixos/modules/services/networking/imaginary.nix +++ b/nixos/modules/services/networking/imaginary.nix @@ -1,17 +1,17 @@ { lib, config, pkgs, utils, ... }: let - inherit (lib) mdDoc mkEnableOption mkIf mkOption types; + inherit (lib) mkEnableOption mkIf mkOption types; cfg = config.services.imaginary; in { options.services.imaginary = { - enable = mkEnableOption (mdDoc "imaginary image processing microservice"); + enable = mkEnableOption "imaginary image processing microservice"; address = mkOption { type = types.str; default = "localhost"; - description = mdDoc '' + description = '' Bind address. Corresponds to the `-a` flag. Set to `""` to bind to all addresses. ''; @@ -21,11 +21,11 @@ in { port = mkOption { type = types.port; default = 8088; - description = mdDoc "Bind port. Corresponds to the `-p` flag."; + description = "Bind port. Corresponds to the `-p` flag."; }; settings = mkOption { - description = mdDoc '' + description = '' Command line arguments passed to the imaginary executable, stripped of the prefix `-`. See upstream's [README](https://github.com/h2non/imaginary#command-line-usage) for all @@ -43,7 +43,7 @@ in { return-size = mkOption { type = types.bool; default = false; - description = mdDoc "Return the image size in the HTTP headers."; + description = "Return the image size in the HTTP headers."; }; }; }; diff --git a/nixos/modules/services/networking/inspircd.nix b/nixos/modules/services/networking/inspircd.nix index da193df105b74..5838b76d1da5d 100644 --- a/nixos/modules/services/networking/inspircd.nix +++ b/nixos/modules/services/networking/inspircd.nix @@ -12,14 +12,14 @@ in { options = { services.inspircd = { - enable = lib.mkEnableOption (lib.mdDoc "InspIRCd"); + enable = lib.mkEnableOption "InspIRCd"; package = lib.mkOption { type = lib.types.package; default = pkgs.inspircd; defaultText = lib.literalExpression "pkgs.inspircd"; example = lib.literalExpression "pkgs.inspircdMinimal"; - description = lib.mdDoc '' + description = '' The InspIRCd package to use. This is mainly useful to specify an overridden version of the `pkgs.inspircd` dervivation, for @@ -32,7 +32,7 @@ in { config = lib.mkOption { type = lib.types.lines; - description = lib.mdDoc '' + description = '' Verbatim `inspircd.conf` file. For a list of options, consult the [InspIRCd documentation](https://docs.inspircd.org/3/configuration/), the diff --git a/nixos/modules/services/networking/iodine.nix b/nixos/modules/services/networking/iodine.nix index ea2fa3ac4be4d..c474f5f278bf8 100644 --- a/nixos/modules/services/networking/iodine.nix +++ b/nixos/modules/services/networking/iodine.nix @@ -28,7 +28,7 @@ in services.iodine = { clients = mkOption { default = {}; - description = lib.mdDoc '' + description = '' Each attribute of this option defines a systemd service that runs iodine. Many or none may be defined. The name of each service is @@ -52,28 +52,28 @@ in server = mkOption { type = types.str; default = ""; - description = lib.mdDoc "Hostname of server running iodined"; + description = "Hostname of server running iodined"; example = "tunnel.mydomain.com"; }; relay = mkOption { type = types.str; default = ""; - description = lib.mdDoc "DNS server to use as an intermediate relay to the iodined server"; + description = "DNS server to use as an intermediate relay to the iodined server"; example = "8.8.8.8"; }; extraConfig = mkOption { type = types.str; default = ""; - description = lib.mdDoc "Additional command line parameters"; + description = "Additional command line parameters"; example = "-l 192.168.1.10 -p 23"; }; passwordFile = mkOption { type = types.str; default = ""; - description = lib.mdDoc "Path to a file containing the password."; + description = "Path to a file containing the password."; }; }; } @@ -85,34 +85,34 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "enable iodined server"; + description = "enable iodined server"; }; ip = mkOption { type = types.str; default = ""; - description = lib.mdDoc "The assigned ip address or ip range"; + description = "The assigned ip address or ip range"; example = "172.16.10.1/24"; }; domain = mkOption { type = types.str; default = ""; - description = lib.mdDoc "Domain or subdomain of which nameservers point to us"; + description = "Domain or subdomain of which nameservers point to us"; example = "tunnel.mydomain.com"; }; extraConfig = mkOption { type = types.str; default = ""; - description = lib.mdDoc "Additional command line parameters"; + description = "Additional command line parameters"; example = "-l 192.168.1.10 -p 23"; }; passwordFile = mkOption { type = types.str; default = ""; - description = lib.mdDoc "File that contains password"; + description = "File that contains password"; }; }; diff --git a/nixos/modules/services/networking/iperf3.nix b/nixos/modules/services/networking/iperf3.nix index 0a204524e00fa..55a8fe4db595a 100644 --- a/nixos/modules/services/networking/iperf3.nix +++ b/nixos/modules/services/networking/iperf3.nix @@ -3,56 +3,56 @@ let cfg = config.services.iperf3; api = { - enable = mkEnableOption (lib.mdDoc "iperf3 network throughput testing server"); + enable = mkEnableOption "iperf3 network throughput testing server"; port = mkOption { type = types.ints.u16; default = 5201; - description = lib.mdDoc "Server port to listen on for iperf3 client requests."; + description = "Server port to listen on for iperf3 client requests."; }; affinity = mkOption { type = types.nullOr types.ints.unsigned; default = null; - description = lib.mdDoc "CPU affinity for the process."; + description = "CPU affinity for the process."; }; bind = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "Bind to the specific interface associated with the given address."; + description = "Bind to the specific interface associated with the given address."; }; openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Open ports in the firewall for iperf3."; + description = "Open ports in the firewall for iperf3."; }; verbose = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Give more detailed output."; + description = "Give more detailed output."; }; forceFlush = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Force flushing output at every interval."; + description = "Force flushing output at every interval."; }; debug = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Emit debugging output."; + description = "Emit debugging output."; }; rsaPrivateKey = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc "Path to the RSA private key (not password-protected) used to decrypt authentication credentials from the client."; + description = "Path to the RSA private key (not password-protected) used to decrypt authentication credentials from the client."; }; authorizedUsersFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc "Path to the configuration file containing authorized users credentials to run iperf tests."; + description = "Path to the configuration file containing authorized users credentials to run iperf tests."; }; extraFlags = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc "Extra flags to pass to iperf3(1)."; + description = "Extra flags to pass to iperf3(1)."; }; }; diff --git a/nixos/modules/services/networking/ircd-hybrid/default.nix b/nixos/modules/services/networking/ircd-hybrid/default.nix index 64a34cc52d25a..6422e31a7bddf 100644 --- a/nixos/modules/services/networking/ircd-hybrid/default.nix +++ b/nixos/modules/services/networking/ircd-hybrid/default.nix @@ -36,12 +36,12 @@ in services.ircdHybrid = { - enable = mkEnableOption (lib.mdDoc "IRCD"); + enable = mkEnableOption "IRCD"; serverName = mkOption { default = "hades.arpa"; type = types.str; - description = lib.mdDoc '' + description = '' IRCD server name. ''; }; @@ -49,7 +49,7 @@ in sid = mkOption { default = "0NL"; type = types.str; - description = lib.mdDoc '' + description = '' IRCD server unique ID in a net of servers. ''; }; @@ -57,7 +57,7 @@ in description = mkOption { default = "Hybrid-7 IRC server."; type = types.str; - description = lib.mdDoc '' + description = '' IRCD server description. ''; }; @@ -66,7 +66,7 @@ in default = null; example = literalExpression "/root/certificates/irc.key"; type = types.nullOr types.path; - description = lib.mdDoc '' + description = '' IRCD server RSA key. ''; }; @@ -75,7 +75,7 @@ in default = null; example = literalExpression "/root/certificates/irc.pem"; type = types.nullOr types.path; - description = lib.mdDoc '' + description = '' IRCD server SSL certificate. There are some limitations - read manual. ''; }; @@ -84,7 +84,7 @@ in default = "<bit-bucket@example.com>"; type = types.str; example = "<name@domain.tld>"; - description = lib.mdDoc '' + description = '' IRCD server administrator e-mail. ''; }; @@ -93,7 +93,7 @@ in default = []; example = ["127.0.0.1"]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' Extra IP's to bind. ''; }; @@ -101,7 +101,7 @@ in extraPort = mkOption { default = "7117"; type = types.str; - description = lib.mdDoc '' + description = '' Extra port to avoid filtering. ''; }; diff --git a/nixos/modules/services/networking/iscsi/initiator.nix b/nixos/modules/services/networking/iscsi/initiator.nix index 2d802d8cfc709..a89d58403c6bc 100644 --- a/nixos/modules/services/networking/iscsi/initiator.nix +++ b/nixos/modules/services/networking/iscsi/initiator.nix @@ -4,19 +4,19 @@ let in { options.services.openiscsi = with types; { - enable = mkEnableOption (lib.mdDoc "the openiscsi iscsi daemon"); - enableAutoLoginOut = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption "the openiscsi iscsi daemon"; + enableAutoLoginOut = mkEnableOption '' automatic login and logout of all automatic targets. You probably do not want this - ''); + ''; discoverPortal = mkOption { type = nullOr str; default = null; - description = lib.mdDoc "Portal to discover targets on"; + description = "Portal to discover targets on"; }; name = mkOption { type = str; - description = lib.mdDoc "Name of this iscsi initiator"; + description = "Name of this iscsi initiator"; example = "iqn.2020-08.org.linux-iscsi.initiatorhost:example"; }; package = mkPackageOption pkgs "openiscsi" { }; @@ -24,11 +24,11 @@ in extraConfig = mkOption { type = str; default = ""; - description = lib.mdDoc "Lines to append to default iscsid.conf"; + description = "Lines to append to default iscsid.conf"; }; extraConfigFile = mkOption { - description = lib.mdDoc '' + description = '' Append an additional file's contents to /etc/iscsid.conf. Use a non-store path and store passwords in this file. ''; diff --git a/nixos/modules/services/networking/iscsi/root-initiator.nix b/nixos/modules/services/networking/iscsi/root-initiator.nix index 895467cc674ab..3d80d1c575524 100644 --- a/nixos/modules/services/networking/iscsi/root-initiator.nix +++ b/nixos/modules/services/networking/iscsi/root-initiator.nix @@ -19,7 +19,7 @@ in # machines to be up. options.boot.iscsi-initiator = with types; { name = mkOption { - description = lib.mdDoc '' + description = '' Name of the iSCSI initiator to boot from. Note, booting from iscsi requires networkd based networking. ''; @@ -29,7 +29,7 @@ in }; discoverPortal = mkOption { - description = lib.mdDoc '' + description = '' iSCSI portal to boot from. ''; default = null; @@ -38,7 +38,7 @@ in }; target = mkOption { - description = lib.mdDoc '' + description = '' Name of the iSCSI target to boot from. ''; default = null; @@ -47,7 +47,7 @@ in }; logLevel = mkOption { - description = lib.mdDoc '' + description = '' Higher numbers elicits more logs. ''; default = 1; @@ -56,7 +56,7 @@ in }; loginAll = mkOption { - description = lib.mdDoc '' + description = '' Do not log into a specific target on the portal, but to all that we discover. This overrides setting target. ''; @@ -65,19 +65,19 @@ in }; extraIscsiCommands = mkOption { - description = lib.mdDoc "Extra iscsi commands to run in the initrd."; + description = "Extra iscsi commands to run in the initrd."; default = ""; type = lines; }; extraConfig = mkOption { - description = lib.mdDoc "Extra lines to append to /etc/iscsid.conf"; + description = "Extra lines to append to /etc/iscsid.conf"; default = null; type = nullOr lines; }; extraConfigFile = mkOption { - description = lib.mdDoc '' + description = '' Append an additional file's contents to `/etc/iscsid.conf`. Use a non-store path and store passwords in this file. Note: the file specified here must be available in the initrd, see: `boot.initrd.secrets`. diff --git a/nixos/modules/services/networking/iscsi/target.nix b/nixos/modules/services/networking/iscsi/target.nix index 88eaf45900300..8a10e7d346ae3 100644 --- a/nixos/modules/services/networking/iscsi/target.nix +++ b/nixos/modules/services/networking/iscsi/target.nix @@ -9,12 +9,12 @@ in ###### interface options = { services.target = with types; { - enable = mkEnableOption (lib.mdDoc "the kernel's LIO iscsi target"); + enable = mkEnableOption "the kernel's LIO iscsi target"; config = mkOption { type = attrs; default = {}; - description = lib.mdDoc '' + description = '' Content of /etc/target/saveconfig.json This file is normally read and written by targetcli ''; diff --git a/nixos/modules/services/networking/ivpn.nix b/nixos/modules/services/networking/ivpn.nix index 6c9ae599e670f..535510f4e8134 100644 --- a/nixos/modules/services/networking/ivpn.nix +++ b/nixos/modules/services/networking/ivpn.nix @@ -8,7 +8,7 @@ with lib; enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' This option enables iVPN daemon. This sets {option}`networking.firewall.checkReversePath` to "loose", which might be undesirable for security. ''; diff --git a/nixos/modules/services/networking/iwd.nix b/nixos/modules/services/networking/iwd.nix index d46c1a69a6197..bf1795f87e737 100644 --- a/nixos/modules/services/networking/iwd.nix +++ b/nixos/modules/services/networking/iwd.nix @@ -17,7 +17,7 @@ let in { options.networking.wireless.iwd = { - enable = mkEnableOption (lib.mdDoc "iwd"); + enable = mkEnableOption "iwd"; package = mkPackageOption pkgs "iwd" { }; @@ -34,7 +34,7 @@ in }; }; - description = lib.mdDoc '' + description = '' Options passed to iwd. See [here](https://iwd.wiki.kernel.org/networkconfigurationsettings) for supported options. ''; diff --git a/nixos/modules/services/networking/jibri/default.nix b/nixos/modules/services/networking/jibri/default.nix index dfba38896a914..b8cddafb74f97 100644 --- a/nixos/modules/services/networking/jibri/default.nix +++ b/nixos/modules/services/networking/jibri/default.nix @@ -84,11 +84,11 @@ let in { options.services.jibri = with types; { - enable = mkEnableOption (lib.mdDoc "Jitsi BRoadcasting Infrastructure. Currently Jibri must be run on a host that is also running {option}`services.jitsi-meet.enable`, so for most use cases it will be simpler to run {option}`services.jitsi-meet.jibri.enable`"); + enable = mkEnableOption "Jitsi BRoadcasting Infrastructure. Currently Jibri must be run on a host that is also running {option}`services.jitsi-meet.enable`, so for most use cases it will be simpler to run {option}`services.jitsi-meet.jibri.enable`"; config = mkOption { type = format.type; default = { }; - description = lib.mdDoc '' + description = '' Jibri configuration. See <https://github.com/jitsi/jibri/blob/master/src/main/resources/reference.conf> for default configuration with comments. @@ -131,7 +131,7 @@ in exit 0 ''''''; ''; - description = lib.mdDoc '' + description = '' This script runs when jibri finishes recording a video of a conference. ''; }; @@ -140,14 +140,14 @@ in type = bool; default = false; example = true; - description = lib.mdDoc '' + description = '' Whether to enable the flag "--ignore-certificate-errors" for the Chromium browser opened by Jibri. Intended for use in automated tests or anywhere else where using a verified cert for Jitsi-Meet is not possible. ''; }; xmppEnvironments = mkOption { - description = lib.mdDoc '' + description = '' XMPP servers to connect to. ''; example = literalExpression '' @@ -184,54 +184,54 @@ in xmppServerHosts = mkOption { type = listOf str; example = [ "xmpp.example.org" ]; - description = lib.mdDoc '' + description = '' Hostnames of the XMPP servers to connect to. ''; }; xmppDomain = mkOption { type = str; example = "xmpp.example.org"; - description = lib.mdDoc '' + description = '' The base XMPP domain. ''; }; control.muc.domain = mkOption { type = str; - description = lib.mdDoc '' + description = '' The domain part of the MUC to connect to for control. ''; }; control.muc.roomName = mkOption { type = str; default = "JibriBrewery"; - description = lib.mdDoc '' + description = '' The room name of the MUC to connect to for control. ''; }; control.muc.nickname = mkOption { type = str; default = "jibri"; - description = lib.mdDoc '' + description = '' The nickname for this Jibri instance in the MUC. ''; }; control.login.domain = mkOption { type = str; - description = lib.mdDoc '' + description = '' The domain part of the JID for this Jibri instance. ''; }; control.login.username = mkOption { type = str; default = "jvb"; - description = lib.mdDoc '' + description = '' User part of the JID. ''; }; control.login.passwordFile = mkOption { type = str; example = "/run/keys/jibri-xmpp1"; - description = lib.mdDoc '' + description = '' File containing the password for the user. ''; }; @@ -239,28 +239,28 @@ in call.login.domain = mkOption { type = str; example = "recorder.xmpp.example.org"; - description = lib.mdDoc '' + description = '' The domain part of the JID for the recorder. ''; }; call.login.username = mkOption { type = str; default = "recorder"; - description = lib.mdDoc '' + description = '' User part of the JID for the recorder. ''; }; call.login.passwordFile = mkOption { type = str; example = "/run/keys/jibri-recorder-xmpp1"; - description = lib.mdDoc '' + description = '' File containing the password for the user. ''; }; disableCertificateVerification = mkOption { type = bool; default = false; - description = lib.mdDoc '' + description = '' Whether to skip validation of the server's certificate. ''; }; @@ -269,7 +269,7 @@ in type = str; default = "0"; example = "conference."; - description = lib.mdDoc '' + description = '' The prefix to strip from the room's JID domain to derive the call URL. ''; }; @@ -277,7 +277,7 @@ in type = str; default = "0"; example = "1 hour"; - description = lib.mdDoc '' + description = '' The duration that the Jibri session can be. A value of zero means indefinitely. ''; diff --git a/nixos/modules/services/networking/jicofo.nix b/nixos/modules/services/networking/jicofo.nix index 380344c8eaa15..d4199c10fa2e3 100644 --- a/nixos/modules/services/networking/jicofo.nix +++ b/nixos/modules/services/networking/jicofo.nix @@ -11,12 +11,12 @@ let in { options.services.jicofo = with types; { - enable = mkEnableOption (lib.mdDoc "Jitsi Conference Focus - component of Jitsi Meet"); + enable = mkEnableOption "Jitsi Conference Focus - component of Jitsi Meet"; xmppHost = mkOption { type = str; example = "localhost"; - description = lib.mdDoc '' + description = '' Hostname of the XMPP server to connect to. ''; }; @@ -24,7 +24,7 @@ in xmppDomain = mkOption { type = nullOr str; example = "meet.example.org"; - description = lib.mdDoc '' + description = '' Domain name of the XMMP server to which to connect as a component. If null, {option}`xmppHost` is used. @@ -34,7 +34,7 @@ in componentPasswordFile = mkOption { type = str; example = "/run/keys/jicofo-component"; - description = lib.mdDoc '' + description = '' Path to file containing component secret. ''; }; @@ -42,7 +42,7 @@ in userName = mkOption { type = str; default = "focus"; - description = lib.mdDoc '' + description = '' User part of the JID for XMPP user connection. ''; }; @@ -50,7 +50,7 @@ in userDomain = mkOption { type = str; example = "auth.meet.example.org"; - description = lib.mdDoc '' + description = '' Domain part of the JID for XMPP user connection. ''; }; @@ -58,7 +58,7 @@ in userPasswordFile = mkOption { type = str; example = "/run/keys/jicofo-user"; - description = lib.mdDoc '' + description = '' Path to file containing password for XMPP user connection. ''; }; @@ -66,7 +66,7 @@ in bridgeMuc = mkOption { type = str; example = "jvbbrewery@internal.meet.example.org"; - description = lib.mdDoc '' + description = '' JID of the internal MUC used to communicate with Videobridges. ''; }; @@ -79,7 +79,7 @@ in jicofo.bridge.max-bridge-participants = 42; } ''; - description = lib.mdDoc '' + description = '' Contents of the {file}`jicofo.conf` configuration file. ''; }; diff --git a/nixos/modules/services/networking/jitsi-videobridge.nix b/nixos/modules/services/networking/jitsi-videobridge.nix index 00ea5b9da5461..d73a9f256dfb9 100644 --- a/nixos/modules/services/networking/jitsi-videobridge.nix +++ b/nixos/modules/services/networking/jitsi-videobridge.nix @@ -48,7 +48,7 @@ in ) ]; options.services.jitsi-videobridge = with types; { - enable = mkEnableOption (lib.mdDoc "Jitsi Videobridge, a WebRTC compatible video router"); + enable = mkEnableOption "Jitsi Videobridge, a WebRTC compatible video router"; config = mkOption { type = attrs; @@ -64,7 +64,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' Videobridge configuration. See <https://github.com/jitsi/jitsi-videobridge/blob/master/jvb/src/main/resources/reference.conf> @@ -73,7 +73,7 @@ in }; xmppConfigs = mkOption { - description = lib.mdDoc '' + description = '' XMPP servers to connect to. See <https://github.com/jitsi/jitsi-videobridge/blob/master/doc/muc.md> for more information. @@ -95,7 +95,7 @@ in hostName = mkOption { type = str; example = "xmpp.example.org"; - description = lib.mdDoc '' + description = '' Hostname of the XMPP server to connect to. Name of the attribute set is used by default. ''; }; @@ -103,35 +103,35 @@ in type = nullOr str; default = null; example = "auth.xmpp.example.org"; - description = lib.mdDoc '' + description = '' Domain part of JID of the XMPP user, if it is different from hostName. ''; }; userName = mkOption { type = str; default = "jvb"; - description = lib.mdDoc '' + description = '' User part of the JID. ''; }; passwordFile = mkOption { type = str; example = "/run/keys/jitsi-videobridge-xmpp1"; - description = lib.mdDoc '' + description = '' File containing the password for the user. ''; }; mucJids = mkOption { type = str; example = "jvbbrewery@internal.xmpp.example.org"; - description = lib.mdDoc '' + description = '' JID of the MUC to join. JiCoFo needs to be configured to join the same MUC. ''; }; mucNickname = mkOption { # Upstream DEBs use UUID, let's use hostname instead. type = str; - description = lib.mdDoc '' + description = '' Videobridges use the same XMPP account and need to be distinguished by the nickname (aka resource part of the JID). By default, system hostname is used. ''; @@ -139,7 +139,7 @@ in disableCertificateVerification = mkOption { type = bool; default = false; - description = lib.mdDoc '' + description = '' Whether to skip validation of the server's certificate. ''; }; @@ -158,7 +158,7 @@ in type = nullOr str; default = null; example = "192.168.1.42"; - description = lib.mdDoc '' + description = '' Local address when running behind NAT. ''; }; @@ -167,7 +167,7 @@ in type = nullOr str; default = null; example = "1.2.3.4"; - description = lib.mdDoc '' + description = '' Public address when running behind NAT. ''; }; @@ -176,7 +176,7 @@ in extraProperties = mkOption { type = attrsOf str; default = { }; - description = lib.mdDoc '' + description = '' Additional Java properties passed to jitsi-videobridge. ''; }; @@ -184,14 +184,14 @@ in openFirewall = mkOption { type = bool; default = false; - description = lib.mdDoc '' + description = '' Whether to open ports in the firewall for the videobridge. ''; }; colibriRestApi = mkOption { type = bool; - description = lib.mdDoc '' + description = '' Whether to enable the private rest API for the COLIBRI control interface. Needed for monitoring jitsi, enabling scraping of the /colibri/stats endpoint. ''; diff --git a/nixos/modules/services/networking/jool.nix b/nixos/modules/services/networking/jool.nix index d2d2b0956e8aa..8db947db6a458 100644 --- a/nixos/modules/services/networking/jool.nix +++ b/nixos/modules/services/networking/jool.nix @@ -47,7 +47,7 @@ let options.framework = lib.mkOption { type = lib.types.enum [ "netfilter" "iptables" ]; default = "netfilter"; - description = lib.mdDoc '' + description = '' The framework to use for attaching Jool's translation to the exist kernel packet processing rules. See the [documentation](https://nicmx.github.io/Jool/en/intro-jool.html#design) @@ -58,7 +58,7 @@ let type = lib.types.strMatching "[[:xdigit:]:]+/[[:digit:]]+" // { description = "Network prefix in CIDR notation"; }; default = "64:ff9b::/96"; - description = lib.mdDoc '' + description = '' The prefix used for embedding IPv4 into IPv6 addresses. Defaults to the well-known NAT64 prefix, defined by [RFC 6052](https://datatracker.ietf.org/doc/html/rfc6052). @@ -126,7 +126,7 @@ in type = lib.types.bool; default = false; relatedPackages = [ "linuxPackages.jool" "jool-cli" ]; - description = lib.mdDoc '' + description = '' Whether to enable Jool, an Open Source implementation of IPv4/IPv6 translation on Linux. @@ -181,7 +181,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' Definitions of NAT64 instances of Jool. See the [documentation](https://nicmx.github.io/Jool/en/config-atomic.html) for @@ -226,7 +226,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' Definitions of SIIT instances of Jool. See the [documentation](https://nicmx.github.io/Jool/en/config-atomic.html) for diff --git a/nixos/modules/services/networking/kea.nix b/nixos/modules/services/networking/kea.nix index 656ddd41fd12b..66173c145d16a 100644 --- a/nixos/modules/services/networking/kea.nix +++ b/nixos/modules/services/networking/kea.nix @@ -9,7 +9,6 @@ with lib; let cfg = config.services.kea; - xor = x: y: (!x && y) || (x && !y); format = pkgs.formats.json {}; chooseNotNull = x: y: if x != null then x else y; @@ -35,18 +34,18 @@ in { options.services.kea = with types; { ctrl-agent = mkOption { - description = lib.mdDoc '' + description = '' Kea Control Agent configuration ''; default = {}; type = submodule { options = { - enable = mkEnableOption (lib.mdDoc "Kea Control Agent"); + enable = mkEnableOption "Kea Control Agent"; extraArgs = mkOption { type = listOf str; default = []; - description = lib.mdDoc '' + description = '' List of additional arguments to pass to the daemon. ''; }; @@ -54,7 +53,7 @@ in configFile = mkOption { type = nullOr path; default = null; - description = lib.mdDoc '' + description = '' Kea Control Agent configuration as a path, see <https://kea.readthedocs.io/en/kea-${package.version}/arm/agent.html>. Takes preference over [settings](#opt-services.kea.ctrl-agent.settings). @@ -65,7 +64,7 @@ in settings = mkOption { type = format.type; default = null; - description = lib.mdDoc '' + description = '' Kea Control Agent configuration as an attribute set, see <https://kea.readthedocs.io/en/kea-${package.version}/arm/agent.html>. ''; }; @@ -74,18 +73,18 @@ in }; dhcp4 = mkOption { - description = lib.mdDoc '' + description = '' DHCP4 Server configuration ''; default = {}; type = submodule { options = { - enable = mkEnableOption (lib.mdDoc "Kea DHCP4 server"); + enable = mkEnableOption "Kea DHCP4 server"; extraArgs = mkOption { type = listOf str; default = []; - description = lib.mdDoc '' + description = '' List of additional arguments to pass to the daemon. ''; }; @@ -93,7 +92,7 @@ in configFile = mkOption { type = nullOr path; default = null; - description = lib.mdDoc '' + description = '' Kea DHCP4 configuration as a path, see <https://kea.readthedocs.io/en/kea-${package.version}/arm/dhcp4-srv.html>. Takes preference over [settings](#opt-services.kea.dhcp4.settings). @@ -125,7 +124,7 @@ in } ]; } ]; }; - description = lib.mdDoc '' + description = '' Kea DHCP4 configuration as an attribute set, see <https://kea.readthedocs.io/en/kea-${package.version}/arm/dhcp4-srv.html>. ''; }; @@ -134,18 +133,18 @@ in }; dhcp6 = mkOption { - description = lib.mdDoc '' + description = '' DHCP6 Server configuration ''; default = {}; type = submodule { options = { - enable = mkEnableOption (lib.mdDoc "Kea DHCP6 server"); + enable = mkEnableOption "Kea DHCP6 server"; extraArgs = mkOption { type = listOf str; default = []; - description = lib.mdDoc '' + description = '' List of additional arguments to pass to the daemon. ''; }; @@ -153,7 +152,7 @@ in configFile = mkOption { type = nullOr path; default = null; - description = lib.mdDoc '' + description = '' Kea DHCP6 configuration as a path, see <https://kea.readthedocs.io/en/kea-${package.version}/arm/dhcp6-srv.html>. Takes preference over [settings](#opt-services.kea.dhcp6.settings). @@ -186,7 +185,7 @@ in } ]; } ]; }; - description = lib.mdDoc '' + description = '' Kea DHCP6 configuration as an attribute set, see <https://kea.readthedocs.io/en/kea-${package.version}/arm/dhcp6-srv.html>. ''; }; @@ -195,18 +194,18 @@ in }; dhcp-ddns = mkOption { - description = lib.mdDoc '' + description = '' Kea DHCP-DDNS configuration ''; default = {}; type = submodule { options = { - enable = mkEnableOption (lib.mdDoc "Kea DDNS server"); + enable = mkEnableOption "Kea DDNS server"; extraArgs = mkOption { type = listOf str; default = []; - description = lib.mdDoc '' + description = '' List of additional arguments to pass to the daemon. ''; }; @@ -214,7 +213,7 @@ in configFile = mkOption { type = nullOr path; default = null; - description = lib.mdDoc '' + description = '' Kea DHCP-DDNS configuration as a path, see <https://kea.readthedocs.io/en/kea-${package.version}/arm/ddns.html>. Takes preference over [settings](#opt-services.kea.dhcp-ddns.settings). @@ -239,7 +238,7 @@ in ddns-domains = [ ]; }; }; - description = lib.mdDoc '' + description = '' Kea DHCP-DDNS configuration as an attribute set, see <https://kea.readthedocs.io/en/kea-${package.version}/arm/ddns.html>. ''; }; diff --git a/nixos/modules/services/networking/keepalived/default.nix b/nixos/modules/services/networking/keepalived/default.nix index 599dfd52e271f..1eaf0fd8b4aa8 100644 --- a/nixos/modules/services/networking/keepalived/default.nix +++ b/nixos/modules/services/networking/keepalived/default.nix @@ -148,7 +148,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable Keepalived. ''; }; @@ -156,7 +156,7 @@ in openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to automatically allow VRRP and AH packets in the firewall. ''; }; @@ -164,7 +164,7 @@ in enableScriptSecurity = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Don't run scripts configured to be run as root if any part of the path is writable by a non-root user. ''; }; @@ -174,7 +174,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the builtin AgentX subagent. ''; }; @@ -182,7 +182,7 @@ in socket = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Socket to use for connecting to SNMP master agent. If this value is set to null, keepalived's default will be used, which is unix:/var/agentx/master, unless using a network namespace, when the @@ -193,7 +193,7 @@ in enableKeepalived = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable SNMP handling of vrrp element of KEEPALIVED MIB. ''; }; @@ -201,7 +201,7 @@ in enableChecker = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable SNMP handling of checker element of KEEPALIVED MIB. ''; }; @@ -209,7 +209,7 @@ in enableRfc = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable SNMP handling of RFC2787 and RFC6527 VRRP MIBs. ''; }; @@ -217,7 +217,7 @@ in enableRfcV2 = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable SNMP handling of RFC2787 VRRP MIB. ''; }; @@ -225,7 +225,7 @@ in enableRfcV3 = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable SNMP handling of RFC6527 VRRP MIB. ''; }; @@ -233,7 +233,7 @@ in enableTraps = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable SNMP traps. ''; }; @@ -245,7 +245,7 @@ in inherit lib; })); default = {}; - description = lib.mdDoc "Declarative vrrp script config"; + description = "Declarative vrrp script config"; }; vrrpInstances = mkOption { @@ -253,13 +253,13 @@ in inherit lib; })); default = {}; - description = lib.mdDoc "Declarative vhost config"; + description = "Declarative vhost config"; }; extraGlobalDefs = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra lines to be added verbatim to the 'global_defs' block of the configuration file ''; @@ -268,7 +268,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra lines to be added verbatim to the configuration file. ''; }; @@ -277,7 +277,7 @@ in type = types.nullOr types.path; default = null; example = "/run/keys/keepalived.env"; - description = lib.mdDoc '' + description = '' Environment variables from this file will be interpolated into the final config file using envsubst with this syntax: `$ENVIRONMENT` or `''${VARIABLE}`. diff --git a/nixos/modules/services/networking/keepalived/virtual-ip-options.nix b/nixos/modules/services/networking/keepalived/virtual-ip-options.nix index 1fa6a0ee3bf4f..1b8889b1b4724 100644 --- a/nixos/modules/services/networking/keepalived/virtual-ip-options.nix +++ b/nixos/modules/services/networking/keepalived/virtual-ip-options.nix @@ -6,7 +6,7 @@ with lib; addr = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' IP address, optionally with a netmask: IPADDR[/MASK] ''; }; @@ -14,7 +14,7 @@ with lib; brd = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The broadcast address on the interface. ''; }; @@ -22,7 +22,7 @@ with lib; dev = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The name of the device to add the address to. ''; }; @@ -30,7 +30,7 @@ with lib; scope = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The scope of the area where this address is valid. ''; }; @@ -38,7 +38,7 @@ with lib; label = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Each address may be tagged with a label string. In order to preserve compatibility with Linux-2.0 net aliases, this string must coincide with the name of the device or must be prefixed with the device name followed diff --git a/nixos/modules/services/networking/keepalived/vrrp-instance-options.nix b/nixos/modules/services/networking/keepalived/vrrp-instance-options.nix index 35401d439a919..da681e74ff3c1 100644 --- a/nixos/modules/services/networking/keepalived/vrrp-instance-options.nix +++ b/nixos/modules/services/networking/keepalived/vrrp-instance-options.nix @@ -6,7 +6,7 @@ with lib; interface = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Interface for inside_network, bound by vrrp. ''; }; @@ -14,7 +14,7 @@ with lib; state = mkOption { type = types.enum [ "MASTER" "BACKUP" ]; default = "BACKUP"; - description = lib.mdDoc '' + description = '' Initial state. As soon as the other machine(s) come up, an election will be held and the machine with the highest "priority" will become MASTER. So the entry here doesn't matter a whole lot. @@ -23,7 +23,7 @@ with lib; virtualRouterId = mkOption { type = types.ints.between 1 255; - description = lib.mdDoc '' + description = '' Arbitrary unique number 1..255. Used to differentiate multiple instances of vrrpd running on the same NIC (and hence same socket). ''; @@ -32,7 +32,7 @@ with lib; priority = mkOption { type = types.int; default = 100; - description = lib.mdDoc '' + description = '' For electing MASTER, highest priority wins. To be MASTER, make 50 more than other machines. ''; @@ -41,7 +41,7 @@ with lib; noPreempt = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' VRRP will normally preempt a lower priority machine when a higher priority machine comes online. "nopreempt" allows the lower priority machine to maintain the master role, even when a higher priority machine @@ -53,7 +53,7 @@ with lib; useVmac = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Use VRRP Virtual MAC. ''; }; @@ -61,7 +61,7 @@ with lib; vmacInterface = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Name of the vmac interface to use. keepalived will come up with a name if you don't specify one. ''; @@ -70,7 +70,7 @@ with lib; vmacXmitBase = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Send/Recv VRRP messages from base interface instead of VMAC interface. ''; }; @@ -78,7 +78,7 @@ with lib; unicastSrcIp = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Default IP for binding vrrpd is the primary IP on interface. If you want to hide location of vrrpd, use this IP as src_addr for unicast vrrp packets. @@ -88,7 +88,7 @@ with lib; unicastPeers = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' Do not send VRRP adverts over VRRP multicast group. Instead it sends adverts to the following list of ip addresses using unicast design fashion. It can be cool to use VRRP FSM and features in a networking @@ -103,27 +103,27 @@ with lib; })); default = []; # TODO: example - description = lib.mdDoc "Declarative vhost config"; + description = "Declarative vhost config"; }; trackScripts = mkOption { type = types.listOf types.str; default = []; example = [ "chk_cmd1" "chk_cmd2" ]; - description = lib.mdDoc "List of script names to invoke for health tracking."; + description = "List of script names to invoke for health tracking."; }; trackInterfaces = mkOption { type = types.listOf types.str; default = []; example = [ "eth0" "eth1" ]; - description = lib.mdDoc "List of network interfaces to monitor for health tracking."; + description = "List of network interfaces to monitor for health tracking."; }; extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra lines to be added verbatim to the vrrp_instance section. ''; }; diff --git a/nixos/modules/services/networking/keepalived/vrrp-script-options.nix b/nixos/modules/services/networking/keepalived/vrrp-script-options.nix index 852d6b0ec26f1..df7a89cff8cdd 100644 --- a/nixos/modules/services/networking/keepalived/vrrp-script-options.nix +++ b/nixos/modules/services/networking/keepalived/vrrp-script-options.nix @@ -8,55 +8,55 @@ with lib.types; script = mkOption { type = str; example = literalExpression ''"''${pkgs.curl} -f http://localhost:80"''; - description = lib.mdDoc "(Path of) Script command to execute followed by args, i.e. cmd [args]..."; + description = "(Path of) Script command to execute followed by args, i.e. cmd [args]..."; }; interval = mkOption { type = int; default = 1; - description = lib.mdDoc "Seconds between script invocations."; + description = "Seconds between script invocations."; }; timeout = mkOption { type = int; default = 5; - description = lib.mdDoc "Seconds after which script is considered to have failed."; + description = "Seconds after which script is considered to have failed."; }; weight = mkOption { type = int; default = 0; - description = lib.mdDoc "Following a failure, adjust the priority by this weight."; + description = "Following a failure, adjust the priority by this weight."; }; rise = mkOption { type = int; default = 5; - description = lib.mdDoc "Required number of successes for OK transition."; + description = "Required number of successes for OK transition."; }; fall = mkOption { type = int; default = 3; - description = lib.mdDoc "Required number of failures for KO transition."; + description = "Required number of failures for KO transition."; }; user = mkOption { type = str; default = "keepalived_script"; - description = lib.mdDoc "Name of user to run the script under."; + description = "Name of user to run the script under."; }; group = mkOption { type = nullOr str; default = null; - description = lib.mdDoc "Name of group to run the script under. Defaults to user group."; + description = "Name of group to run the script under. Defaults to user group."; }; extraConfig = mkOption { type = lines; default = ""; - description = lib.mdDoc "Extra lines to be added verbatim to the vrrp_script section."; + description = "Extra lines to be added verbatim to the vrrp_script section."; }; }; diff --git a/nixos/modules/services/networking/keybase.nix b/nixos/modules/services/networking/keybase.nix index ae10aebb86e25..495102cb7eeee 100644 --- a/nixos/modules/services/networking/keybase.nix +++ b/nixos/modules/services/networking/keybase.nix @@ -14,7 +14,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to start the Keybase service."; + description = "Whether to start the Keybase service."; }; }; diff --git a/nixos/modules/services/networking/knot.nix b/nixos/modules/services/networking/knot.nix index 6488a159b3b73..89d3ea5e9626a 100644 --- a/nixos/modules/services/networking/knot.nix +++ b/nixos/modules/services/networking/knot.nix @@ -226,7 +226,7 @@ in { }; settings = mkOption { - type = types.attrs; + type = types.submodule { freeformType = types.attrs; }; default = {}; description = '' Extra configuration as nix values. diff --git a/nixos/modules/services/networking/kresd.nix b/nixos/modules/services/networking/kresd.nix index 307414abf1703..d295e40f39228 100644 --- a/nixos/modules/services/networking/kresd.nix +++ b/nixos/modules/services/networking/kresd.nix @@ -50,7 +50,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable knot-resolver domain name server. DNSSEC validation is turned on by default. You can run `sudo nc -U /run/knot-resolver/control/1` @@ -63,7 +63,7 @@ in { extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra lines to be added verbatim to the generated configuration file. ''; }; @@ -71,7 +71,7 @@ in { type = with types; listOf str; default = [ "[::1]:53" "127.0.0.1:53" ]; example = [ "53" ]; - description = lib.mdDoc '' + description = '' What addresses and ports the server should listen on. For detailed syntax see ListenStream in {manpage}`systemd.socket(5)`. ''; @@ -80,7 +80,7 @@ in { type = with types; listOf str; default = []; example = [ "198.51.100.1:853" "[2001:db8::1]:853" "853" ]; - description = lib.mdDoc '' + description = '' Addresses and ports on which kresd should provide DNS over TLS (see RFC 7858). For detailed syntax see ListenStream in {manpage}`systemd.socket(5)`. ''; @@ -89,7 +89,7 @@ in { type = with types; listOf str; default = []; example = [ "198.51.100.1:443" "[2001:db8::1]:443" "443" ]; - description = lib.mdDoc '' + description = '' Addresses and ports on which kresd should provide DNS over HTTPS/2 (see RFC 8484). For detailed syntax see ListenStream in {manpage}`systemd.socket(5)`. ''; @@ -97,7 +97,7 @@ in { instances = mkOption { type = types.ints.unsigned; default = 1; - description = lib.mdDoc '' + description = '' The number of instances to start. They will be called kresd@{1,2,...}.service. Knot Resolver uses no threads, so this is the way to scale. You can dynamically start/stop them at will, so this is just system default. diff --git a/nixos/modules/services/networking/lambdabot.nix b/nixos/modules/services/networking/lambdabot.nix index 01914097ad726..a141962f512ff 100644 --- a/nixos/modules/services/networking/lambdabot.nix +++ b/nixos/modules/services/networking/lambdabot.nix @@ -21,7 +21,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable the Lambdabot IRC bot"; + description = "Enable the Lambdabot IRC bot"; }; package = mkPackageOption pkgs "lambdabot" { }; @@ -29,7 +29,7 @@ in script = mkOption { type = types.str; default = ""; - description = lib.mdDoc "Lambdabot script"; + description = "Lambdabot script"; }; }; diff --git a/nixos/modules/services/networking/legit.nix b/nixos/modules/services/networking/legit.nix index ff8e0dd4f93ca..412f8275800b7 100644 --- a/nixos/modules/services/networking/legit.nix +++ b/nixos/modules/services/networking/legit.nix @@ -4,7 +4,6 @@ let inherit (lib) literalExpression mkEnableOption - mdDoc mkIf mkOption mkPackageOption @@ -23,25 +22,25 @@ let in { options.services.legit = { - enable = mkEnableOption (mdDoc "legit git web frontend"); + enable = mkEnableOption "legit git web frontend"; package = mkPackageOption pkgs "legit-web" { }; user = mkOption { type = types.str; default = "legit"; - description = mdDoc "User account under which legit runs."; + description = "User account under which legit runs."; }; group = mkOption { type = types.str; default = "legit"; - description = mdDoc "Group account under which legit runs."; + description = "Group account under which legit runs."; }; settings = mkOption { default = { }; - description = mdDoc '' + description = '' The primary legit configuration. See the [sample configuration](https://github.com/icyphox/legit/blob/master/config.yaml) for possible values. @@ -51,22 +50,22 @@ in scanPath = mkOption { type = types.path; default = defaultStateDir; - description = mdDoc "Directory where legit will scan for repositories."; + description = "Directory where legit will scan for repositories."; }; readme = mkOption { type = types.listOf types.str; default = [ ]; - description = mdDoc "Readme files to look for."; + description = "Readme files to look for."; }; mainBranch = mkOption { type = types.listOf types.str; default = [ "main" "master" ]; - description = mdDoc "Main branch to look for."; + description = "Main branch to look for."; }; ignore = mkOption { type = types.listOf types.str; default = [ ]; - description = mdDoc "Repositories to ignore."; + description = "Repositories to ignore."; }; }; options.dirs = { @@ -74,42 +73,42 @@ in type = types.path; default = "${pkgs.legit-web}/lib/legit/templates"; defaultText = literalExpression ''"''${pkgs.legit-web}/lib/legit/templates"''; - description = mdDoc "Directories where template files are located."; + description = "Directories where template files are located."; }; static = mkOption { type = types.path; default = "${pkgs.legit-web}/lib/legit/static"; defaultText = literalExpression ''"''${pkgs.legit-web}/lib/legit/static"''; - description = mdDoc "Directories where static files are located."; + description = "Directories where static files are located."; }; }; options.meta = { title = mkOption { type = types.str; default = "legit"; - description = mdDoc "Website title."; + description = "Website title."; }; description = mkOption { type = types.str; default = "git frontend"; - description = mdDoc "Website description."; + description = "Website description."; }; }; options.server = { name = mkOption { type = types.str; default = "localhost"; - description = mdDoc "Server name."; + description = "Server name."; }; host = mkOption { type = types.str; default = "127.0.0.1"; - description = mdDoc "Host address."; + description = "Host address."; }; port = mkOption { type = types.port; default = 5555; - description = mdDoc "Legit port."; + description = "Legit port."; }; }; }; diff --git a/nixos/modules/services/networking/libreswan.nix b/nixos/modules/services/networking/libreswan.nix index a44cac93d5f61..ae71acf089f48 100644 --- a/nixos/modules/services/networking/libreswan.nix +++ b/nixos/modules/services/networking/libreswan.nix @@ -47,7 +47,7 @@ in services.libreswan = { - enable = mkEnableOption (lib.mdDoc "Libreswan IPsec service"); + enable = mkEnableOption "Libreswan IPsec service"; configSetup = mkOption { type = types.lines; @@ -60,7 +60,7 @@ in protostack=netkey virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10 ''; - description = lib.mdDoc "Options to go in the 'config setup' section of the Libreswan IPsec configuration"; + description = "Options to go in the 'config setup' section of the Libreswan IPsec configuration"; }; connections = mkOption { @@ -79,7 +79,7 @@ in '''; } ''; - description = lib.mdDoc "A set of connections to define for the Libreswan IPsec service"; + description = "A set of connections to define for the Libreswan IPsec service"; }; policies = mkOption { @@ -93,7 +93,7 @@ in '''; } ''; - description = lib.mdDoc '' + description = '' A set of policies to apply to the IPsec connections. ::: {.note} @@ -105,7 +105,7 @@ in disableRedirects = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to disable send and accept redirects for all network interfaces. See the Libreswan [ FAQ](https://libreswan.org/wiki/FAQ#Why_is_it_recommended_to_disable_send_redirects_in_.2Fproc.2Fsys.2Fnet_.3F) page for why this is recommended. diff --git a/nixos/modules/services/networking/lldpd.nix b/nixos/modules/services/networking/lldpd.nix index b7ac99d75d75e..d5de9c45d84b7 100644 --- a/nixos/modules/services/networking/lldpd.nix +++ b/nixos/modules/services/networking/lldpd.nix @@ -9,13 +9,13 @@ in { options.services.lldpd = { - enable = mkEnableOption (lib.mdDoc "Link Layer Discovery Protocol Daemon"); + enable = mkEnableOption "Link Layer Discovery Protocol Daemon"; extraArgs = mkOption { type = types.listOf types.str; default = []; example = [ "-c" "-k" "-I eth0" ]; - description = lib.mdDoc "List of command line parameters for lldpd"; + description = "List of command line parameters for lldpd"; }; }; diff --git a/nixos/modules/services/networking/logmein-hamachi.nix b/nixos/modules/services/networking/logmein-hamachi.nix index 7c00b82e3b348..b7d960264d21d 100644 --- a/nixos/modules/services/networking/logmein-hamachi.nix +++ b/nixos/modules/services/networking/logmein-hamachi.nix @@ -17,8 +17,7 @@ in services.logmein-hamachi.enable = mkOption { type = types.bool; default = false; - description = - lib.mdDoc '' + description = '' Whether to enable LogMeIn Hamachi, a proprietary (closed source) commercial VPN software. ''; diff --git a/nixos/modules/services/networking/lokinet.nix b/nixos/modules/services/networking/lokinet.nix index 8f64d3f0119f9..76203c61b504e 100644 --- a/nixos/modules/services/networking/lokinet.nix +++ b/nixos/modules/services/networking/lokinet.nix @@ -7,7 +7,7 @@ let configFile = settingsFormat.generate "lokinet.ini" (lib.filterAttrsRecursive (n: v: v != null) cfg.settings); in with lib; { options.services.lokinet = { - enable = mkEnableOption (lib.mdDoc "Lokinet daemon"); + enable = mkEnableOption "Lokinet daemon"; package = mkPackageOption pkgs "lokinet" { }; @@ -15,7 +15,7 @@ in with lib; { type = types.bool; default = false; example = true; - description = lib.mdDoc "Whether to use Lokinet locally."; + description = "Whether to use Lokinet locally."; }; settings = mkOption { @@ -28,14 +28,14 @@ in with lib; { bind = mkOption { type = str; default = "127.3.2.1"; - description = lib.mdDoc "Address to bind to for handling DNS requests."; + description = "Address to bind to for handling DNS requests."; }; upstream = mkOption { type = listOf str; default = [ "9.9.9.10" ]; example = [ "1.1.1.1" "8.8.8.8" ]; - description = lib.mdDoc '' + description = '' Upstream resolver(s) to use as fallback for non-loki addresses. Multiple values accepted. ''; @@ -46,7 +46,7 @@ in with lib; { exit = mkOption { type = bool; default = false; - description = lib.mdDoc '' + description = '' Whether to act as an exit node. Beware that this increases demand on the server and may pose liability concerns. Enable at your own risk. @@ -60,7 +60,7 @@ in with lib; { exit-node = [ "example.loki" ]; # maps all exit traffic to example.loki exit-node = [ "example.loki:100.0.0.0/24" ]; # maps 100.0.0.0/24 to example.loki ''; - description = lib.mdDoc '' + description = '' Specify a `.loki` address and an optional ip range to use as an exit broker. See <http://probably.loki/wiki/index.php?title=Exit_Nodes> for a list of exit nodes. @@ -71,7 +71,7 @@ in with lib; { type = nullOr str; default = null; example = "snappkey.private"; - description = lib.mdDoc '' + description = '' The private key to persist address with. If not specified the address will be ephemeral. This keyfile is generated automatically if the specified file doesn't exist. ''; @@ -90,7 +90,7 @@ in with lib; { network.exit-node = [ "example.loki" "example2.loki" ]; } ''; - description = lib.mdDoc '' + description = '' Configuration for Lokinet. Currently, the best way to view the available settings is by generating a config file using `lokinet -g`. diff --git a/nixos/modules/services/networking/lxd-image-server.nix b/nixos/modules/services/networking/lxd-image-server.nix index d8e32eb997e8a..93374a385a90c 100644 --- a/nixos/modules/services/networking/lxd-image-server.nix +++ b/nixos/modules/services/networking/lxd-image-server.nix @@ -11,18 +11,18 @@ in { options = { services.lxd-image-server = { - enable = mkEnableOption (lib.mdDoc "lxd-image-server"); + enable = mkEnableOption "lxd-image-server"; group = mkOption { type = types.str; - description = lib.mdDoc "Group assigned to the user and the webroot directory."; + description = "Group assigned to the user and the webroot directory."; default = "nginx"; example = "www-data"; }; settings = mkOption { type = format.type; - description = lib.mdDoc '' + description = '' Configuration for lxd-image-server. Example see <https://github.com/Avature/lxd-image-server/blob/master/config.toml>. @@ -31,10 +31,10 @@ in }; nginx = { - enable = mkEnableOption (lib.mdDoc "nginx"); + enable = mkEnableOption "nginx"; domain = mkOption { type = types.str; - description = lib.mdDoc "Domain to use for nginx virtual host."; + description = "Domain to use for nginx virtual host."; example = "images.example.org"; }; }; diff --git a/nixos/modules/services/networking/magic-wormhole-mailbox-server.nix b/nixos/modules/services/networking/magic-wormhole-mailbox-server.nix index 9dd1f62350aff..03210bca371cf 100644 --- a/nixos/modules/services/networking/magic-wormhole-mailbox-server.nix +++ b/nixos/modules/services/networking/magic-wormhole-mailbox-server.nix @@ -9,7 +9,7 @@ let in { options.services.magic-wormhole-mailbox-server = { - enable = mkEnableOption (lib.mdDoc "Magic Wormhole Mailbox Server"); + enable = mkEnableOption "Magic Wormhole Mailbox Server"; }; config = mkIf cfg.enable { diff --git a/nixos/modules/services/networking/matterbridge.nix b/nixos/modules/services/networking/matterbridge.nix index 2921074fcd2b0..cdcb69070dfb7 100644 --- a/nixos/modules/services/networking/matterbridge.nix +++ b/nixos/modules/services/networking/matterbridge.nix @@ -17,13 +17,13 @@ in { options = { services.matterbridge = { - enable = mkEnableOption (lib.mdDoc "Matterbridge chat platform bridge"); + enable = mkEnableOption "Matterbridge chat platform bridge"; configPath = mkOption { type = with types; nullOr str; default = null; example = "/etc/nixos/matterbridge.toml"; - description = lib.mdDoc '' + description = '' The path to the matterbridge configuration file. ''; }; @@ -62,7 +62,7 @@ in account="mattermost.work" channel="off-topic" ''; - description = lib.mdDoc '' + description = '' WARNING: THIS IS INSECURE, as your password will end up in {file}`/nix/store`, thus publicly readable. Use `services.matterbridge.configPath` instead. @@ -73,7 +73,7 @@ in user = mkOption { type = types.str; default = "matterbridge"; - description = lib.mdDoc '' + description = '' User which runs the matterbridge service. ''; }; @@ -81,7 +81,7 @@ in group = mkOption { type = types.str; default = "matterbridge"; - description = lib.mdDoc '' + description = '' Group which runs the matterbridge service. ''; }; diff --git a/nixos/modules/services/networking/microsocks.nix b/nixos/modules/services/networking/microsocks.nix index be79a8495636f..09afaf6edf031 100644 --- a/nixos/modules/services/networking/microsocks.nix +++ b/nixos/modules/services/networking/microsocks.nix @@ -19,22 +19,22 @@ let ++ lib.optionals (cfg.authUsername != null) [ "-u" cfg.authUsername ]; in { options.services.microsocks = { - enable = lib.mkEnableOption (lib.mdDoc "Tiny, portable SOCKS5 server with very moderate resource usage"); + enable = lib.mkEnableOption "Tiny, portable SOCKS5 server with very moderate resource usage"; user = lib.mkOption { default = "microsocks"; - description = lib.mdDoc "User microsocks runs as."; + description = "User microsocks runs as."; type = lib.types.str; }; group = lib.mkOption { default = "microsocks"; - description = lib.mdDoc "Group microsocks runs as."; + description = "Group microsocks runs as."; type = lib.types.str; }; package = lib.mkPackageOption pkgs "microsocks" {}; ip = lib.mkOption { type = lib.types.str; default = "127.0.0.1"; - description = lib.mdDoc '' + description = '' IP on which microsocks should listen. Defaults to 127.0.0.1 for security reasons. ''; @@ -42,17 +42,17 @@ in { port = lib.mkOption { type = lib.types.port; default = 1080; - description = lib.mdDoc "Port on which microsocks should listen."; + description = "Port on which microsocks should listen."; }; disableLogging = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc "If true, microsocks will not log any messages to stdout/stderr."; + description = "If true, microsocks will not log any messages to stdout/stderr."; }; authOnce = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' If true, once a specific ip address authed successfully with user/pass, it is added to a whitelist and may use the proxy without auth. ''; @@ -60,19 +60,19 @@ in { outgoingBindIp = lib.mkOption { type = lib.types.nullOr lib.types.str; default = null; - description = lib.mdDoc "Specifies which ip outgoing connections are bound to"; + description = "Specifies which ip outgoing connections are bound to"; }; authUsername = lib.mkOption { type = lib.types.nullOr lib.types.str; default = null; example = "alice"; - description = lib.mdDoc "Optional username to use for authentication."; + description = "Optional username to use for authentication."; }; authPasswordFile = lib.mkOption { type = lib.types.nullOr lib.types.path; default = null; example = "/run/secrets/microsocks-password"; - description = lib.mdDoc "Path to a file containing the password for authentication."; + description = "Path to a file containing the password for authentication."; }; execWrapper = lib.mkOption { type = lib.types.nullOr lib.types.str; @@ -80,7 +80,7 @@ in { example = '' ''${pkgs.mullvad-vpn}/bin/mullvad-exclude ''; - description = lib.mdDoc '' + description = '' An optional command to prepend to the microsocks command (such as proxychains, or a VPN exclude command). ''; }; diff --git a/nixos/modules/services/networking/mihomo.nix b/nixos/modules/services/networking/mihomo.nix index ae700603b5290..312530caeaade 100644 --- a/nixos/modules/services/networking/mihomo.nix +++ b/nixos/modules/services/networking/mihomo.nix @@ -12,7 +12,7 @@ let in { options.services.mihomo = { - enable = lib.mkEnableOption "Mihomo, A rule-based proxy in Go."; + enable = lib.mkEnableOption "Mihomo, A rule-based proxy in Go"; package = lib.mkPackageOption pkgs "mihomo" { }; @@ -28,14 +28,14 @@ in description = '' Local web interface to use. - You can also use the following website, just in case: + You can also use the following website: - metacubexd: - https://d.metacubex.one - https://metacubex.github.io/metacubexd - https://metacubexd.pages.dev - yacd: - https://yacd.haishan.me - - clash-dashboard (buggy): + - clash-dashboard: - https://clash.razord.top ''; }; @@ -49,7 +49,7 @@ in tunMode = lib.mkEnableOption '' necessary permission for Mihomo's systemd service for TUN mode to function properly. - Keep in mind, that you still need to enable TUN mode manually in Mihomo's configuration. + Keep in mind, that you still need to enable TUN mode manually in Mihomo's configuration ''; }; diff --git a/nixos/modules/services/networking/minidlna.nix b/nixos/modules/services/networking/minidlna.nix index d0de6cd4fdc6b..7f3e63dd055a7 100644 --- a/nixos/modules/services/networking/minidlna.nix +++ b/nixos/modules/services/networking/minidlna.nix @@ -13,7 +13,7 @@ in options.services.minidlna.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable MiniDLNA, a simple DLNA server. It serves media files such as video and music to DLNA client devices such as televisions and media players. If you use the firewall, consider @@ -24,14 +24,14 @@ in options.services.minidlna.openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to open both HTTP (TCP) and SSDP (UDP) ports in the firewall. ''; }; options.services.minidlna.settings = mkOption { default = {}; - description = lib.mdDoc '' + description = '' The contents of MiniDLNA's configuration file. When the service is activated, a basic template is generated from the current options opened here. ''; @@ -42,7 +42,7 @@ in type = types.listOf types.str; default = []; example = [ "/data/media" "V,/home/alice/video" ]; - description = lib.mdDoc '' + description = '' Directories to be scanned for media files. The `A,` `V,` `P,` prefixes restrict a directory to audio, video or image files. The directories must be accessible to the `minidlna` user account. @@ -51,7 +51,7 @@ in options.notify_interval = mkOption { type = types.int; default = 90000; - description = lib.mdDoc '' + description = '' The interval between announces (in seconds). Instead of waiting for announces, you should set `openFirewall` option to use SSDP discovery. Lower values (e.g. 30 seconds) should be used if your network blocks the discovery unicast. @@ -62,47 +62,47 @@ in options.port = mkOption { type = types.port; default = 8200; - description = lib.mdDoc "Port number for HTTP traffic (descriptions, SOAP, media transfer)."; + description = "Port number for HTTP traffic (descriptions, SOAP, media transfer)."; }; options.db_dir = mkOption { type = types.path; default = "/var/cache/minidlna"; example = "/tmp/minidlna"; - description = lib.mdDoc "Specify the directory where you want MiniDLNA to store its database and album art cache."; + description = "Specify the directory where you want MiniDLNA to store its database and album art cache."; }; options.friendly_name = mkOption { type = types.str; default = config.networking.hostName; defaultText = literalExpression "config.networking.hostName"; example = "rpi3"; - description = lib.mdDoc "Name that the DLNA server presents to clients."; + description = "Name that the DLNA server presents to clients."; }; options.root_container = mkOption { type = types.str; default = "B"; example = "."; - description = lib.mdDoc "Use a different container as the root of the directory tree presented to clients."; + description = "Use a different container as the root of the directory tree presented to clients."; }; options.log_level = mkOption { type = types.str; default = "warn"; example = "general,artwork,database,inotify,scanner,metadata,http,ssdp,tivo=warn"; - description = lib.mdDoc "Defines the type of messages that should be logged and down to which level of importance."; + description = "Defines the type of messages that should be logged and down to which level of importance."; }; options.inotify = mkOption { type = types.enum [ "yes" "no" ]; default = "no"; - description = lib.mdDoc "Whether to enable inotify monitoring to automatically discover new files."; + description = "Whether to enable inotify monitoring to automatically discover new files."; }; options.enable_tivo = mkOption { type = types.enum [ "yes" "no" ]; default = "no"; - description = lib.mdDoc "Support for streaming .jpg and .mp3 files to a TiVo supporting HMO."; + description = "Support for streaming .jpg and .mp3 files to a TiVo supporting HMO."; }; options.wide_links = mkOption { type = types.enum [ "yes" "no" ]; default = "no"; - description = lib.mdDoc "Set this to yes to allow symlinks that point outside user-defined `media_dir`."; + description = "Set this to yes to allow symlinks that point outside user-defined `media_dir`."; }; }; }; diff --git a/nixos/modules/services/networking/miniupnpd.nix b/nixos/modules/services/networking/miniupnpd.nix index 116298dc6b1db..9494d6f68e090 100644 --- a/nixos/modules/services/networking/miniupnpd.nix +++ b/nixos/modules/services/networking/miniupnpd.nix @@ -28,11 +28,11 @@ in { options = { services.miniupnpd = { - enable = mkEnableOption (lib.mdDoc "MiniUPnP daemon"); + enable = mkEnableOption "MiniUPnP daemon"; externalInterface = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Name of the external interface. ''; }; @@ -40,17 +40,17 @@ in internalIPs = mkOption { type = types.listOf types.str; example = [ "192.168.1.1/24" "enp1s0" ]; - description = lib.mdDoc '' + description = '' The IP address ranges to listen on. ''; }; - natpmp = mkEnableOption (lib.mdDoc "NAT-PMP support"); + natpmp = mkEnableOption "NAT-PMP support"; upnp = mkOption { default = true; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to enable UPNP support. ''; }; @@ -58,7 +58,7 @@ in appendConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Configuration lines appended to the MiniUPnP config. ''; }; diff --git a/nixos/modules/services/networking/miredo.nix b/nixos/modules/services/networking/miredo.nix index 0c43839c15ab4..12be41b7e7b6b 100644 --- a/nixos/modules/services/networking/miredo.nix +++ b/nixos/modules/services/networking/miredo.nix @@ -20,14 +20,14 @@ in services.miredo = { - enable = mkEnableOption (lib.mdDoc "the Miredo IPv6 tunneling service"); + enable = mkEnableOption "the Miredo IPv6 tunneling service"; package = mkPackageOption pkgs "miredo" { }; serverAddress = mkOption { default = "teredo.remlab.net"; type = types.str; - description = lib.mdDoc '' + description = '' The hostname or primary IPv4 address of the Teredo server. This setting is required if Miredo runs as a Teredo client. "teredo.remlab.net" is an experimental service for testing only. @@ -38,7 +38,7 @@ in interfaceName = mkOption { default = "teredo"; type = types.str; - description = lib.mdDoc '' + description = '' Name of the network tunneling interface. ''; }; @@ -46,7 +46,7 @@ in bindAddress = mkOption { default = null; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' Depending on the local firewall/NAT rules, you might need to force Miredo to use a fixed UDP port and or IPv4 address. ''; @@ -55,7 +55,7 @@ in bindPort = mkOption { default = null; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' Depending on the local firewall/NAT rules, you might need to force Miredo to use a fixed UDP port and or IPv4 address. ''; diff --git a/nixos/modules/services/networking/mjpg-streamer.nix b/nixos/modules/services/networking/mjpg-streamer.nix index 8f8d5f5c4d350..7867a5af1e514 100644 --- a/nixos/modules/services/networking/mjpg-streamer.nix +++ b/nixos/modules/services/networking/mjpg-streamer.nix @@ -12,12 +12,12 @@ in { services.mjpg-streamer = { - enable = mkEnableOption (lib.mdDoc "mjpg-streamer webcam streamer"); + enable = mkEnableOption "mjpg-streamer webcam streamer"; inputPlugin = mkOption { type = types.str; default = "input_uvc.so"; - description = lib.mdDoc '' + description = '' Input plugin. See plugins documentation for more information. ''; }; @@ -25,7 +25,7 @@ in { outputPlugin = mkOption { type = types.str; default = "output_http.so -w @www@ -n -p 5050"; - description = lib.mdDoc '' + description = '' Output plugin. `@www@` is substituted for default mjpg-streamer www directory. See plugins documentation for more information. ''; @@ -34,13 +34,13 @@ in { user = mkOption { type = types.str; default = "mjpg-streamer"; - description = lib.mdDoc "mjpg-streamer user name."; + description = "mjpg-streamer user name."; }; group = mkOption { type = types.str; default = "video"; - description = lib.mdDoc "mjpg-streamer group name."; + description = "mjpg-streamer group name."; }; }; diff --git a/nixos/modules/services/networking/mmsd.nix b/nixos/modules/services/networking/mmsd.nix index 7e262a9326c1e..e801150a3fc98 100644 --- a/nixos/modules/services/networking/mmsd.nix +++ b/nixos/modules/services/networking/mmsd.nix @@ -14,10 +14,10 @@ let in { options.services.mmsd = { - enable = mkEnableOption (mdDoc "Multimedia Messaging Service Daemon"); + enable = mkEnableOption "Multimedia Messaging Service Daemon"; extraArgs = mkOption { type = with types; listOf str; - description = mdDoc "Extra arguments passed to `mmsd-tng`"; + description = "Extra arguments passed to `mmsd-tng`"; default = []; example = ["--debug"]; }; diff --git a/nixos/modules/services/networking/monero.nix b/nixos/modules/services/networking/monero.nix index 0de02882acab9..37a687f524b97 100644 --- a/nixos/modules/services/networking/monero.nix +++ b/nixos/modules/services/networking/monero.nix @@ -50,12 +50,12 @@ in services.monero = { - enable = mkEnableOption (lib.mdDoc "Monero node daemon"); + enable = mkEnableOption "Monero node daemon"; dataDir = mkOption { type = types.str; default = "/var/lib/monero"; - description = lib.mdDoc '' + description = '' The directory where Monero stores its data files. ''; }; @@ -63,7 +63,7 @@ in mining.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to mine monero. ''; }; @@ -71,7 +71,7 @@ in mining.address = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Monero address where to send mining rewards. ''; }; @@ -79,7 +79,7 @@ in mining.threads = mkOption { type = types.addCheck types.int (x: x>=0); default = 0; - description = lib.mdDoc '' + description = '' Number of threads used for mining. Set to `0` to use all available. ''; @@ -88,7 +88,7 @@ in rpc.user = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' User name for RPC connections. ''; }; @@ -96,7 +96,7 @@ in rpc.password = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Password for RPC connections. ''; }; @@ -104,7 +104,7 @@ in rpc.address = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc '' + description = '' IP address the RPC server will bind to. ''; }; @@ -112,7 +112,7 @@ in rpc.port = mkOption { type = types.port; default = 18081; - description = lib.mdDoc '' + description = '' Port the RPC server will bind to. ''; }; @@ -120,7 +120,7 @@ in rpc.restricted = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to restrict RPC to view only commands. ''; }; @@ -128,7 +128,7 @@ in limits.upload = mkOption { type = types.addCheck types.int (x: x>=-1); default = -1; - description = lib.mdDoc '' + description = '' Limit of the upload rate in kB/s. Set to `-1` to leave unlimited. ''; @@ -137,7 +137,7 @@ in limits.download = mkOption { type = types.addCheck types.int (x: x>=-1); default = -1; - description = lib.mdDoc '' + description = '' Limit of the download rate in kB/s. Set to `-1` to leave unlimited. ''; @@ -146,7 +146,7 @@ in limits.threads = mkOption { type = types.addCheck types.int (x: x>=0); default = 0; - description = lib.mdDoc '' + description = '' Maximum number of threads used for a parallel job. Set to `0` to leave unlimited. ''; @@ -155,7 +155,7 @@ in limits.syncSize = mkOption { type = types.addCheck types.int (x: x>=0); default = 0; - description = lib.mdDoc '' + description = '' Maximum number of blocks to sync at once. Set to `0` for adaptive. ''; @@ -164,7 +164,7 @@ in extraNodes = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc '' + description = '' List of additional peer IP addresses to add to the local list. ''; }; @@ -172,7 +172,7 @@ in priorityNodes = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc '' + description = '' List of peer IP addresses to connect to and attempt to keep the connection open. ''; @@ -181,7 +181,7 @@ in exclusiveNodes = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc '' + description = '' List of peer IP addresses to connect to *only*. If given the other peer options will be ignored. ''; @@ -190,7 +190,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra lines to be added verbatim to monerod configuration. ''; }; diff --git a/nixos/modules/services/networking/morty.nix b/nixos/modules/services/networking/morty.nix index 6954596addfd2..c3ed718fe8d84 100644 --- a/nixos/modules/services/networking/morty.nix +++ b/nixos/modules/services/networking/morty.nix @@ -16,19 +16,18 @@ in services.morty = { - enable = mkEnableOption - (lib.mdDoc "Morty proxy server. See https://github.com/asciimoo/morty"); + enable = mkEnableOption "Morty proxy server. See https://github.com/asciimoo/morty"; ipv6 = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Allow IPv6 HTTP requests?"; + description = "Allow IPv6 HTTP requests?"; }; key = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' HMAC url validation key (hexadecimal encoded). Leave blank to disable. Without validation key, anyone can submit proxy requests. Leave blank to disable. @@ -39,7 +38,7 @@ in timeout = mkOption { type = types.int; default = 2; - description = lib.mdDoc "Request timeout in seconds."; + description = "Request timeout in seconds."; }; package = mkPackageOption pkgs "morty" { }; @@ -47,13 +46,13 @@ in port = mkOption { type = types.port; default = 3000; - description = lib.mdDoc "Listing port"; + description = "Listing port"; }; listenAddress = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc "The address on which the service listens"; + description = "The address on which the service listens"; }; }; diff --git a/nixos/modules/services/networking/mosquitto.nix b/nixos/modules/services/networking/mosquitto.nix index 4a08f5ed23709..9825af47777e5 100644 --- a/nixos/modules/services/networking/mosquitto.nix +++ b/nixos/modules/services/networking/mosquitto.nix @@ -36,7 +36,7 @@ let password = mkOption { type = uniq (nullOr str); default = null; - description = lib.mdDoc '' + description = '' Specifies the (clear text) password for the MQTT User. ''; }; @@ -45,7 +45,7 @@ let type = uniq (nullOr path); example = "/path/to/file"; default = null; - description = lib.mdDoc '' + description = '' Specifies the path to a file containing the clear text password for the MQTT user. The file is securely passed to mosquitto by @@ -57,7 +57,7 @@ let hashedPassword = mkOption { type = uniq (nullOr str); default = null; - description = mdDoc '' + description = '' Specifies the hashed password for the MQTT User. To generate hashed password install the `mosquitto` package and use `mosquitto_passwd`, then extract @@ -70,7 +70,7 @@ let type = uniq (nullOr path); example = "/path/to/file"; default = null; - description = mdDoc '' + description = '' Specifies the path to a file containing the hashed password for the MQTT user. To generate hashed password install the `mosquitto` @@ -86,7 +86,7 @@ let type = listOf str; example = [ "read A/B" "readwrite A/#" ]; default = []; - description = lib.mdDoc '' + description = '' Control client access to topics on the broker. ''; }; @@ -181,14 +181,14 @@ let options = { plugin = mkOption { type = path; - description = mdDoc '' + description = '' Plugin path to load, should be a `.so` file. ''; }; denySpecialChars = mkOption { type = bool; - description = mdDoc '' + description = '' Automatically disallow all clients using `#` or `+` in their name/id. ''; @@ -197,7 +197,7 @@ let options = mkOption { type = attrsOf optionType; - description = mdDoc '' + description = '' Options for the auth plugin. Each key turns into a `auth_opt_*` line in the config. ''; @@ -257,7 +257,7 @@ let options = { port = mkOption { type = port; - description = lib.mdDoc '' + description = '' Port to listen on. Must be set to 0 to listen on a unix domain socket. ''; default = 1883; @@ -265,7 +265,7 @@ let address = mkOption { type = nullOr str; - description = mdDoc '' + description = '' Address to listen on. Listen on `0.0.0.0`/`::` when unset. ''; @@ -274,7 +274,7 @@ let authPlugins = mkOption { type = listOf authPluginOptions; - description = mdDoc '' + description = '' Authentication plugin to attach to this listener. Refer to the [mosquitto.conf documentation](https://mosquitto.org/man/mosquitto-conf-5.html) for details on authentication plugins. @@ -285,7 +285,7 @@ let users = mkOption { type = attrsOf userOptions; example = { john = { password = "123456"; acl = [ "readwrite john/#" ]; }; }; - description = lib.mdDoc '' + description = '' A set of users and their passwords and ACLs. ''; default = {}; @@ -293,7 +293,7 @@ let omitPasswordAuth = mkOption { type = bool; - description = lib.mdDoc '' + description = '' Omits password checking, allowing anyone to log in with any user name unless other mandatory authentication methods (eg TLS client certificates) are configured. ''; @@ -302,7 +302,7 @@ let acl = mkOption { type = listOf str; - description = lib.mdDoc '' + description = '' Additional ACL items to prepend to the generated ACL file. ''; example = [ "pattern read #" "topic readwrite anon/report/#" ]; @@ -313,7 +313,7 @@ let type = submodule { freeformType = attrsOf optionType; }; - description = lib.mdDoc '' + description = '' Additional settings for this listener. ''; default = {}; @@ -380,14 +380,14 @@ let options = { address = mkOption { type = str; - description = lib.mdDoc '' + description = '' Address of the remote MQTT broker. ''; }; port = mkOption { type = port; - description = lib.mdDoc '' + description = '' Port of the remote MQTT broker. ''; default = 1883; @@ -395,14 +395,14 @@ let }; }); default = []; - description = lib.mdDoc '' + description = '' Remote endpoints for the bridge. ''; }; topics = mkOption { type = listOf str; - description = lib.mdDoc '' + description = '' Topic patterns to be shared between the two brokers. Refer to the [ mosquitto.conf documentation](https://mosquitto.org/man/mosquitto-conf-5.html) for details on the format. @@ -415,7 +415,7 @@ let type = submodule { freeformType = attrsOf optionType; }; - description = lib.mdDoc '' + description = '' Additional settings for this bridge. ''; default = {}; @@ -469,14 +469,14 @@ let }; globalOptions = with types; { - enable = mkEnableOption (lib.mdDoc "the MQTT Mosquitto broker"); + enable = mkEnableOption "the MQTT Mosquitto broker"; package = mkPackageOption pkgs "mosquitto" { }; bridges = mkOption { type = attrsOf bridgeOptions; default = {}; - description = lib.mdDoc '' + description = '' Bridges to build to other MQTT brokers. ''; }; @@ -484,14 +484,14 @@ let listeners = mkOption { type = listOf listenerOptions; default = {}; - description = lib.mdDoc '' + description = '' Listeners to configure on this broker. ''; }; includeDirs = mkOption { type = listOf path; - description = mdDoc '' + description = '' Directories to be scanned for further config files to include. Directories will processed in the order given, `*.conf` files in the directory will be @@ -502,7 +502,7 @@ let logDest = mkOption { type = listOf (either path (enum [ "stdout" "stderr" "syslog" "topic" "dlt" ])); - description = lib.mdDoc '' + description = '' Destinations to send log messages to. ''; default = [ "stderr" ]; @@ -511,7 +511,7 @@ let logType = mkOption { type = listOf (enum [ "debug" "error" "warning" "notice" "information" "subscribe" "unsubscribe" "websockets" "none" "all" ]); - description = lib.mdDoc '' + description = '' Types of messages to log. ''; default = []; @@ -519,7 +519,7 @@ let persistence = mkOption { type = bool; - description = lib.mdDoc '' + description = '' Enable persistent storage of subscriptions and messages. ''; default = true; @@ -528,7 +528,7 @@ let dataDir = mkOption { default = "/var/lib/mosquitto"; type = types.path; - description = lib.mdDoc '' + description = '' The data directory. ''; }; @@ -537,7 +537,7 @@ let type = submodule { freeformType = attrsOf optionType; }; - description = lib.mdDoc '' + description = '' Global configuration options for the mosquitto broker. ''; default = {}; diff --git a/nixos/modules/services/networking/mozillavpn.nix b/nixos/modules/services/networking/mozillavpn.nix index cf962879b4210..c10272b4d7fff 100644 --- a/nixos/modules/services/networking/mozillavpn.nix +++ b/nixos/modules/services/networking/mozillavpn.nix @@ -2,7 +2,7 @@ { options.services.mozillavpn.enable = - lib.mkEnableOption (lib.mdDoc "Mozilla VPN daemon"); + lib.mkEnableOption "Mozilla VPN daemon"; config = lib.mkIf config.services.mozillavpn.enable { environment.systemPackages = [ pkgs.mozillavpn ]; diff --git a/nixos/modules/services/networking/mstpd.nix b/nixos/modules/services/networking/mstpd.nix index ba82c5ac8232a..bd71010ce549c 100644 --- a/nixos/modules/services/networking/mstpd.nix +++ b/nixos/modules/services/networking/mstpd.nix @@ -9,7 +9,7 @@ with lib; enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to enable the multiple spanning tree protocol daemon. ''; }; diff --git a/nixos/modules/services/networking/mtprotoproxy.nix b/nixos/modules/services/networking/mtprotoproxy.nix index 3dd197697b23a..679e84458b20b 100644 --- a/nixos/modules/services/networking/mtprotoproxy.nix +++ b/nixos/modules/services/networking/mtprotoproxy.nix @@ -37,12 +37,12 @@ in services.mtprotoproxy = { - enable = mkEnableOption (lib.mdDoc "mtprotoproxy"); + enable = mkEnableOption "mtprotoproxy"; port = mkOption { type = types.port; default = 3256; - description = lib.mdDoc '' + description = '' TCP port to accept mtproto connections on. ''; }; @@ -53,7 +53,7 @@ in tg = "00000000000000000000000000000000"; tg2 = "0123456789abcdef0123456789abcdef"; }; - description = lib.mdDoc '' + description = '' Allowed users and their secrets. A secret is a 32 characters long hex string. ''; }; @@ -61,7 +61,7 @@ in secureOnly = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Don't allow users to connect in non-secure mode (without random padding). ''; }; @@ -71,7 +71,7 @@ in default = null; # Taken from mtproxyproto's repo. example = "3c09c680b76ee91a4c25ad51f742267d"; - description = lib.mdDoc '' + description = '' Tag for advertising that can be obtained from @MTProxybot. ''; }; @@ -82,7 +82,7 @@ in example = { STATS_PRINT_PERIOD = 600; }; - description = lib.mdDoc '' + description = '' Extra configuration options for mtprotoproxy. ''; }; diff --git a/nixos/modules/services/networking/mtr-exporter.nix b/nixos/modules/services/networking/mtr-exporter.nix index 38bc0401a7e65..2b96cb2491acd 100644 --- a/nixos/modules/services/networking/mtr-exporter.nix +++ b/nixos/modules/services/networking/mtr-exporter.nix @@ -4,7 +4,7 @@ let inherit (lib) maintainers types literalExpression escapeShellArg escapeShellArgs - mkEnableOption mkOption mkRemovedOptionModule mkIf mdDoc + mkEnableOption mkOption mkRemovedOptionModule mkIf mkPackageOption optionalString concatMapStrings concatStringsSep; cfg = config.services.mtr-exporter; @@ -21,25 +21,25 @@ in { options = { services = { mtr-exporter = { - enable = mkEnableOption (mdDoc "a Prometheus exporter for MTR"); + enable = mkEnableOption "a Prometheus exporter for MTR"; address = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc "Listen address for MTR exporter."; + description = "Listen address for MTR exporter."; }; port = mkOption { type = types.port; default = 8080; - description = mdDoc "Listen port for MTR exporter."; + description = "Listen port for MTR exporter."; }; extraFlags = mkOption { type = types.listOf types.str; default = []; example = ["-flag.deprecatedMetrics"]; - description = mdDoc '' + description = '' Extra command line options to pass to MTR exporter. ''; }; @@ -49,32 +49,32 @@ in { mtrPackage = mkPackageOption pkgs "mtr" { }; jobs = mkOption { - description = mdDoc "List of MTR jobs. Will be added to /etc/mtr-exporter.conf"; + description = "List of MTR jobs. Will be added to /etc/mtr-exporter.conf"; type = types.nonEmptyListOf (types.submodule { options = { name = mkOption { type = types.str; - description = mdDoc "Name of ICMP pinging job."; + description = "Name of ICMP pinging job."; }; address = mkOption { type = types.str; example = "host.example.org:1234"; - description = mdDoc "Target address for MTR client."; + description = "Target address for MTR client."; }; schedule = mkOption { type = types.str; default = "@every 60s"; example = "@hourly"; - description = mdDoc "Schedule of MTR checks. Also accepts Cron format."; + description = "Schedule of MTR checks. Also accepts Cron format."; }; flags = mkOption { type = with types; listOf str; default = []; example = ["-G1"]; - description = mdDoc "Additional flags to pass to MTR."; + description = "Additional flags to pass to MTR."; }; }; }); diff --git a/nixos/modules/services/networking/mullvad-vpn.nix b/nixos/modules/services/networking/mullvad-vpn.nix index 5da4ca1d1d803..0a339cefd3f00 100644 --- a/nixos/modules/services/networking/mullvad-vpn.nix +++ b/nixos/modules/services/networking/mullvad-vpn.nix @@ -8,7 +8,7 @@ with lib; enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' This option enables Mullvad VPN daemon. This sets {option}`networking.firewall.checkReversePath` to "loose", which might be undesirable for security. ''; @@ -17,7 +17,7 @@ with lib; enableExcludeWrapper = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' This option activates the wrapper that allows the use of mullvad-exclude. Might have minor security impact, so consider disabling if you do not use the feature. ''; diff --git a/nixos/modules/services/networking/multipath.nix b/nixos/modules/services/networking/multipath.nix index 42ffc3c88426c..85cc11a316834 100644 --- a/nixos/modules/services/networking/multipath.nix +++ b/nixos/modules/services/networking/multipath.nix @@ -22,7 +22,7 @@ in { options.services.multipath = with types; { - enable = mkEnableOption (lib.mdDoc "the device mapper multipath (DM-MP) daemon"); + enable = mkEnableOption "the device mapper multipath (DM-MP) daemon"; package = mkPackageOption pkgs "multipath-tools" { }; @@ -39,7 +39,7 @@ in { }, ... ] ''; - description = lib.mdDoc '' + description = '' This option allows you to define arrays for use in multipath groups. ''; @@ -49,62 +49,62 @@ in { vendor = mkOption { type = str; example = "COMPELNT"; - description = lib.mdDoc "Regular expression to match the vendor name"; + description = "Regular expression to match the vendor name"; }; product = mkOption { type = str; example = "Compellent Vol"; - description = lib.mdDoc "Regular expression to match the product name"; + description = "Regular expression to match the product name"; }; revision = mkOption { type = nullOr str; default = null; - description = lib.mdDoc "Regular expression to match the product revision"; + description = "Regular expression to match the product revision"; }; product_blacklist = mkOption { type = nullOr str; default = null; - description = lib.mdDoc "Products with the given vendor matching this string are blacklisted"; + description = "Products with the given vendor matching this string are blacklisted"; }; alias_prefix = mkOption { type = nullOr str; default = null; - description = lib.mdDoc "The user_friendly_names prefix to use for this device type, instead of the default mpath"; + description = "The user_friendly_names prefix to use for this device type, instead of the default mpath"; }; vpd_vendor = mkOption { type = nullOr str; default = null; - description = lib.mdDoc "The vendor specific vpd page information, using the vpd page abbreviation"; + description = "The vendor specific vpd page information, using the vpd page abbreviation"; }; hardware_handler = mkOption { type = nullOr (enum [ "emc" "rdac" "hp_sw" "alua" "ana" ]); default = null; - description = lib.mdDoc "The hardware handler to use for this device type"; + description = "The hardware handler to use for this device type"; }; # Optional arguments path_grouping_policy = mkOption { type = nullOr (enum [ "failover" "multibus" "group_by_serial" "group_by_prio" "group_by_node_name" ]); default = null; # real default: "failover" - description = lib.mdDoc "The default path grouping policy to apply to unspecified multipaths"; + description = "The default path grouping policy to apply to unspecified multipaths"; }; uid_attribute = mkOption { type = nullOr str; default = null; - description = lib.mdDoc "The udev attribute providing a unique path identifier (WWID)"; + description = "The udev attribute providing a unique path identifier (WWID)"; }; getuid_callout = mkOption { type = nullOr str; default = null; - description = lib.mdDoc '' + description = '' (Superseded by uid_attribute) The default program and args to callout to obtain a unique path identifier. Should be specified with an absolute path. ''; @@ -118,13 +118,13 @@ in { ''"historical-service-time 0"'' ]); default = null; # real default: "service-time 0" - description = lib.mdDoc "The default path selector algorithm to use; they are offered by the kernel multipath target"; + description = "The default path selector algorithm to use; they are offered by the kernel multipath target"; }; path_checker = mkOption { type = enum [ "readsector0" "tur" "emc_clariion" "hp_sw" "rdac" "directio" "cciss_tur" "none" ]; default = "tur"; - description = lib.mdDoc "The default method used to determine the paths state"; + description = "The default method used to determine the paths state"; }; prio = mkOption { @@ -133,31 +133,31 @@ in { "random" "weightedpath" "path_latency" "ana" "datacore" "iet" ]); default = null; # real default: "const" - description = lib.mdDoc "The name of the path priority routine"; + description = "The name of the path priority routine"; }; prio_args = mkOption { type = nullOr str; default = null; - description = lib.mdDoc "Arguments to pass to to the prio function"; + description = "Arguments to pass to to the prio function"; }; features = mkOption { type = nullOr str; default = null; - description = lib.mdDoc "Specify any device-mapper features to be used"; + description = "Specify any device-mapper features to be used"; }; failback = mkOption { type = nullOr str; default = null; # real default: "manual" - description = lib.mdDoc "Tell multipathd how to manage path group failback. Quote integers as strings"; + description = "Tell multipathd how to manage path group failback. Quote integers as strings"; }; rr_weight = mkOption { type = nullOr (enum [ "priorities" "uniform" ]); default = null; # real default: "uniform" - description = lib.mdDoc '' + description = '' If set to priorities the multipath configurator will assign path weights as "path prio * rr_min_io". ''; @@ -166,13 +166,13 @@ in { no_path_retry = mkOption { type = nullOr str; default = null; # real default: "fail" - description = lib.mdDoc "Specify what to do when all paths are down. Quote integers as strings"; + description = "Specify what to do when all paths are down. Quote integers as strings"; }; rr_min_io = mkOption { type = nullOr int; default = null; # real default: 1000 - description = lib.mdDoc '' + description = '' Number of I/O requests to route to a path before switching to the next in the same path group. This is only for Block I/O (BIO) based multipath and only apply to round-robin path_selector. @@ -182,7 +182,7 @@ in { rr_min_io_rq = mkOption { type = nullOr int; default = null; # real default: 1 - description = lib.mdDoc '' + description = '' Number of I/O requests to route to a path before switching to the next in the same path group. This is only for Request based multipath and only apply to round-robin path_selector. @@ -192,7 +192,7 @@ in { fast_io_fail_tmo = mkOption { type = nullOr str; default = null; # real default: 5 - description = lib.mdDoc '' + description = '' Specify the number of seconds the SCSI layer will wait after a problem has been detected on a FC remote port before failing I/O to devices on that remote port. This should be smaller than dev_loss_tmo. Setting this to "off" will disable @@ -203,7 +203,7 @@ in { dev_loss_tmo = mkOption { type = nullOr str; default = null; # real default: 600 - description = lib.mdDoc '' + description = '' Specify the number of seconds the SCSI layer will wait after a problem has been detected on a FC remote port before removing it from the system. This can be set to "infinity" which sets it to the max value of 2147483647 @@ -219,7 +219,7 @@ in { flush_on_last_del = mkOption { type = nullOr (enum [ "yes" "no" ]); default = null; # real default: "no" - description = lib.mdDoc '' + description = '' If set to "yes" multipathd will disable queueing when the last path to a device has been deleted. ''; @@ -228,7 +228,7 @@ in { user_friendly_names = mkOption { type = nullOr (enum [ "yes" "no" ]); default = null; # real default: "no" - description = lib.mdDoc '' + description = '' If set to "yes", using the bindings file /etc/multipath/bindings to assign a persistent and unique alias to the multipath, in the form of mpath. If set to "no" use the WWID as the alias. In either @@ -240,7 +240,7 @@ in { detect_prio = mkOption { type = nullOr (enum [ "yes" "no" ]); default = null; # real default: "yes" - description = lib.mdDoc '' + description = '' If set to "yes", multipath will try to detect if the device supports SCSI-3 ALUA. If so, the device will automatically use the sysfs prioritizer if the required sysf attributes access_state and @@ -252,7 +252,7 @@ in { detect_checker = mkOption { type = nullOr (enum [ "yes" "no" ]); default = null; # real default: "yes" - description = lib.mdDoc '' + description = '' If set to "yes", multipath will try to detect if the device supports SCSI-3 ALUA. If so, the device will automatically use the tur checker. If set to "no", the checker will be selected as usual. @@ -262,7 +262,7 @@ in { deferred_remove = mkOption { type = nullOr (enum [ "yes" "no" ]); default = null; # real default: "no" - description = lib.mdDoc '' + description = '' If set to "yes", multipathd will do a deferred remove instead of a regular remove when the last path device has been deleted. This means that if the multipath device is still in use, it will be freed when @@ -274,7 +274,7 @@ in { san_path_err_threshold = mkOption { type = nullOr str; default = null; - description = lib.mdDoc '' + description = '' If set to a value greater than 0, multipathd will watch paths and check how many times a path has been failed due to errors.If the number of failures on a particular path is greater then the san_path_err_threshold, @@ -287,7 +287,7 @@ in { san_path_err_forget_rate = mkOption { type = nullOr str; default = null; - description = lib.mdDoc '' + description = '' If set to a value greater than 0, multipathd will check whether the path failures has exceeded the san_path_err_threshold within this many checks i.e san_path_err_forget_rate. If so we will not reinstante the path till @@ -298,7 +298,7 @@ in { san_path_err_recovery_time = mkOption { type = nullOr str; default = null; - description = lib.mdDoc '' + description = '' If set to a value greater than 0, multipathd will make sure that when path failures has exceeded the san_path_err_threshold within san_path_err_forget_rate then the path will be placed in failed state @@ -311,61 +311,61 @@ in { marginal_path_err_sample_time = mkOption { type = nullOr int; default = null; - description = lib.mdDoc "One of the four parameters of supporting path check based on accounting IO error such as intermittent error"; + description = "One of the four parameters of supporting path check based on accounting IO error such as intermittent error"; }; marginal_path_err_rate_threshold = mkOption { type = nullOr int; default = null; - description = lib.mdDoc "The error rate threshold as a permillage (1/1000)"; + description = "The error rate threshold as a permillage (1/1000)"; }; marginal_path_err_recheck_gap_time = mkOption { type = nullOr str; default = null; - description = lib.mdDoc "One of the four parameters of supporting path check based on accounting IO error such as intermittent error"; + description = "One of the four parameters of supporting path check based on accounting IO error such as intermittent error"; }; marginal_path_double_failed_time = mkOption { type = nullOr str; default = null; - description = lib.mdDoc "One of the four parameters of supporting path check based on accounting IO error such as intermittent error"; + description = "One of the four parameters of supporting path check based on accounting IO error such as intermittent error"; }; delay_watch_checks = mkOption { type = nullOr str; default = null; - description = lib.mdDoc "This option is deprecated, and mapped to san_path_err_forget_rate"; + description = "This option is deprecated, and mapped to san_path_err_forget_rate"; }; delay_wait_checks = mkOption { type = nullOr str; default = null; - description = lib.mdDoc "This option is deprecated, and mapped to san_path_err_recovery_time"; + description = "This option is deprecated, and mapped to san_path_err_recovery_time"; }; skip_kpartx = mkOption { type = nullOr (enum [ "yes" "no" ]); default = null; # real default: "no" - description = lib.mdDoc "If set to yes, kpartx will not automatically create partitions on the device"; + description = "If set to yes, kpartx will not automatically create partitions on the device"; }; max_sectors_kb = mkOption { type = nullOr int; default = null; - description = lib.mdDoc "Sets the max_sectors_kb device parameter on all path devices and the multipath device to the specified value"; + description = "Sets the max_sectors_kb device parameter on all path devices and the multipath device to the specified value"; }; ghost_delay = mkOption { type = nullOr int; default = null; - description = lib.mdDoc "Sets the number of seconds that multipath will wait after creating a device with only ghost paths before marking it ready for use in systemd"; + description = "Sets the number of seconds that multipath will wait after creating a device with only ghost paths before marking it ready for use in systemd"; }; all_tg_pt = mkOption { type = nullOr str; default = null; - description = lib.mdDoc "Set the 'all targets ports' flag when registering keys with mpathpersist"; + description = "Set the 'all targets ports' flag when registering keys with mpathpersist"; }; }; @@ -375,7 +375,7 @@ in { defaults = mkOption { type = nullOr str; default = null; - description = lib.mdDoc '' + description = '' This section defines default values for attributes which are used whenever no values are given in the appropriate device or multipath sections. @@ -385,7 +385,7 @@ in { blacklist = mkOption { type = nullOr str; default = null; - description = lib.mdDoc '' + description = '' This section defines which devices should be excluded from the multipath topology discovery. ''; @@ -394,7 +394,7 @@ in { blacklist_exceptions = mkOption { type = nullOr str; default = null; - description = lib.mdDoc '' + description = '' This section defines which devices should be included in the multipath topology discovery, despite being listed in the blacklist section. @@ -404,7 +404,7 @@ in { overrides = mkOption { type = nullOr str; default = null; - description = lib.mdDoc '' + description = '' This section defines values for attributes that should override the device-specific settings for all devices. ''; @@ -413,13 +413,13 @@ in { extraConfig = mkOption { type = nullOr str; default = null; - description = lib.mdDoc "Lines to append to default multipath.conf"; + description = "Lines to append to default multipath.conf"; }; extraConfigFile = mkOption { type = nullOr str; default = null; - description = lib.mdDoc "Append an additional file's contents to /etc/multipath.conf"; + description = "Append an additional file's contents to /etc/multipath.conf"; }; pathGroups = mkOption { @@ -434,7 +434,7 @@ in { }, ... ] ''; - description = lib.mdDoc '' + description = '' This option allows you to define multipath groups as described in http://christophe.varoqui.free.fr/usage.html. ''; @@ -444,34 +444,34 @@ in { alias = mkOption { type = int; example = 1001234; - description = lib.mdDoc "The name of the multipath device"; + description = "The name of the multipath device"; }; wwid = mkOption { type = hexStr; example = "360080e500043b35c0123456789abcdef"; - description = lib.mdDoc "The identifier for the multipath device"; + description = "The identifier for the multipath device"; }; array = mkOption { type = str; default = null; example = "bigarray.example.com"; - description = lib.mdDoc "The DNS name of the storage array"; + description = "The DNS name of the storage array"; }; fsType = mkOption { type = nullOr str; default = null; example = "zfs"; - description = lib.mdDoc "Type of the filesystem"; + description = "Type of the filesystem"; }; options = mkOption { type = nullOr str; default = null; example = "ro"; - description = lib.mdDoc "Options used to mount the file system"; + description = "Options used to mount the file system"; }; }; diff --git a/nixos/modules/services/networking/murmur.nix b/nixos/modules/services/networking/murmur.nix index 1fb5063e5ad8d..41d8ab4058bcc 100644 --- a/nixos/modules/services/networking/murmur.nix +++ b/nixos/modules/services/networking/murmur.nix @@ -58,13 +58,13 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "If enabled, start the Murmur Mumble server."; + description = "If enabled, start the Murmur Mumble server."; }; openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Open ports in the firewall for the Murmur Mumble server. ''; }; @@ -72,7 +72,7 @@ in autobanAttempts = mkOption { type = types.int; default = 10; - description = lib.mdDoc '' + description = '' Number of attempts a client is allowed to make in `autobanTimeframe` seconds, before being banned for `autobanTime`. @@ -82,7 +82,7 @@ in autobanTimeframe = mkOption { type = types.int; default = 120; - description = lib.mdDoc '' + description = '' Timeframe in which a client can connect without being banned for repeated attempts (in seconds). ''; @@ -91,32 +91,32 @@ in autobanTime = mkOption { type = types.int; default = 300; - description = lib.mdDoc "The amount of time an IP ban lasts (in seconds)."; + description = "The amount of time an IP ban lasts (in seconds)."; }; logFile = mkOption { type = types.nullOr types.path; default = null; example = "/var/log/murmur/murmurd.log"; - description = lib.mdDoc "Path to the log file for Murmur daemon. Empty means log to journald."; + description = "Path to the log file for Murmur daemon. Empty means log to journald."; }; welcometext = mkOption { type = types.str; default = ""; - description = lib.mdDoc "Welcome message for connected clients."; + description = "Welcome message for connected clients."; }; port = mkOption { type = types.port; default = 64738; - description = lib.mdDoc "Ports to bind to (UDP and TCP)."; + description = "Ports to bind to (UDP and TCP)."; }; hostName = mkOption { type = types.str; default = ""; - description = lib.mdDoc "Host to bind to. Defaults binding on all addresses."; + description = "Host to bind to. Defaults binding on all addresses."; }; package = mkPackageOption pkgs "murmur" { }; @@ -124,13 +124,13 @@ in password = mkOption { type = types.str; default = ""; - description = lib.mdDoc "Required password to join server, if specified."; + description = "Required password to join server, if specified."; }; bandwidth = mkOption { type = types.int; default = 72000; - description = lib.mdDoc '' + description = '' Maximum bandwidth (in bits per second) that clients may send speech at. ''; @@ -139,25 +139,25 @@ in users = mkOption { type = types.int; default = 100; - description = lib.mdDoc "Maximum number of concurrent clients allowed."; + description = "Maximum number of concurrent clients allowed."; }; textMsgLength = mkOption { type = types.int; default = 5000; - description = lib.mdDoc "Max length of text messages. Set 0 for no limit."; + description = "Max length of text messages. Set 0 for no limit."; }; imgMsgLength = mkOption { type = types.int; default = 131072; - description = lib.mdDoc "Max length of image messages. Set 0 for no limit."; + description = "Max length of image messages. Set 0 for no limit."; }; allowHtml = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Allow HTML in client messages, comments, and channel descriptions. ''; @@ -166,7 +166,7 @@ in logDays = mkOption { type = types.int; default = 31; - description = lib.mdDoc '' + description = '' How long to store RPC logs for in the database. Set 0 to keep logs forever, or -1 to disable DB logging. ''; @@ -175,7 +175,7 @@ in bonjour = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable Bonjour auto-discovery, which allows clients over your LAN to automatically discover Murmur servers. ''; @@ -184,13 +184,13 @@ in sendVersion = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Send Murmur version in UDP response."; + description = "Send Murmur version in UDP response."; }; registerName = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Public server registration name, and also the name of the Root channel. Even if you don't publicly register your server, you probably still want to set this. @@ -200,7 +200,7 @@ in registerPassword = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Public server registry password, used authenticate your server to the registry to prevent impersonation; required for subsequent registry updates. @@ -210,13 +210,13 @@ in registerUrl = mkOption { type = types.str; default = ""; - description = lib.mdDoc "URL website for your server."; + description = "URL website for your server."; }; registerHostname = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' DNS hostname where your server can be reached. This is only needed if you want your server to be accessed by its hostname and not IP - but the name *must* resolve on the @@ -227,38 +227,38 @@ in clientCertRequired = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Require clients to authenticate via certificates."; + description = "Require clients to authenticate via certificates."; }; sslCert = mkOption { type = types.str; default = ""; - description = lib.mdDoc "Path to your SSL certificate."; + description = "Path to your SSL certificate."; }; sslKey = mkOption { type = types.str; default = ""; - description = lib.mdDoc "Path to your SSL key."; + description = "Path to your SSL key."; }; sslCa = mkOption { type = types.str; default = ""; - description = lib.mdDoc "Path to your SSL CA certificate."; + description = "Path to your SSL CA certificate."; }; extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Extra configuration to put into murmur.ini."; + description = "Extra configuration to put into murmur.ini."; }; environmentFile = mkOption { type = types.nullOr types.path; default = null; example = "/var/lib/murmur/murmurd.env"; - description = lib.mdDoc '' + description = '' Environment file as defined in {manpage}`systemd.exec(5)`. Secrets may be passed to the service without adding them to the world-readable @@ -283,7 +283,7 @@ in dbus = mkOption { type = types.enum [ null "session" "system" ]; default = null; - description = lib.mdDoc "Enable D-Bus remote control. Set to the bus you want Murmur to connect to."; + description = "Enable D-Bus remote control. Set to the bus you want Murmur to connect to."; }; }; }; diff --git a/nixos/modules/services/networking/mxisd.nix b/nixos/modules/services/networking/mxisd.nix index 47d2b16a15018..e53fb71788cdc 100644 --- a/nixos/modules/services/networking/mxisd.nix +++ b/nixos/modules/services/networking/mxisd.nix @@ -37,14 +37,14 @@ let in { options = { services.mxisd = { - enable = mkEnableOption (lib.mdDoc "matrix federated identity server"); + enable = mkEnableOption "matrix federated identity server"; package = mkPackageOption pkgs "ma1sd" { }; environmentFile = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Path to an environment-file which may contain secrets to be substituted via `envsubst`. ''; @@ -53,20 +53,20 @@ in { dataDir = mkOption { type = types.str; default = "/var/lib/mxisd"; - description = lib.mdDoc "Where data mxisd/ma1sd uses resides"; + description = "Where data mxisd/ma1sd uses resides"; }; extraConfig = mkOption { type = types.attrs; default = {}; - description = lib.mdDoc "Extra options merged into the mxisd/ma1sd configuration"; + description = "Extra options merged into the mxisd/ma1sd configuration"; }; matrix = { domain = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' the domain of the matrix homeserver ''; }; @@ -78,7 +78,7 @@ in { name = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Public hostname of mxisd/ma1sd, if different from the Matrix domain. ''; }; @@ -86,7 +86,7 @@ in { port = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' HTTP port to listen on (unencrypted) ''; }; diff --git a/nixos/modules/services/networking/namecoind.nix b/nixos/modules/services/networking/namecoind.nix index 085d6c5fe2828..8f7a5123f7e18 100644 --- a/nixos/modules/services/networking/namecoind.nix +++ b/nixos/modules/services/networking/namecoind.nix @@ -44,12 +44,12 @@ in services.namecoind = { - enable = mkEnableOption (lib.mdDoc "namecoind, Namecoin client"); + enable = mkEnableOption "namecoind, Namecoin client"; wallet = mkOption { type = types.path; default = "${dataDir}/wallet.dat"; - description = lib.mdDoc '' + description = '' Wallet file. The ownership of the file has to be namecoin:namecoin, and the permissions must be 0640. ''; @@ -58,7 +58,7 @@ in generate = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to generate (mine) Namecoins. ''; }; @@ -66,7 +66,7 @@ in extraNodes = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc '' + description = '' List of additional peer IP addresses to connect to. ''; }; @@ -74,7 +74,7 @@ in trustedNodes = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc '' + description = '' List of the only peer IP addresses to connect to. If specified no other connection will be made. ''; @@ -83,7 +83,7 @@ in rpc.user = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' User name for RPC connections. ''; }; @@ -91,7 +91,7 @@ in rpc.password = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Password for RPC connections. ''; }; @@ -99,7 +99,7 @@ in rpc.address = mkOption { type = types.str; default = "0.0.0.0"; - description = lib.mdDoc '' + description = '' IP address the RPC server will bind to. ''; }; @@ -107,7 +107,7 @@ in rpc.port = mkOption { type = types.port; default = 8332; - description = lib.mdDoc '' + description = '' Port the RPC server will bind to. ''; }; @@ -116,7 +116,7 @@ in type = types.nullOr types.path; default = null; example = "/var/lib/namecoind/server.cert"; - description = lib.mdDoc '' + description = '' Certificate file for securing RPC connections. ''; }; @@ -125,7 +125,7 @@ in type = types.nullOr types.path; default = null; example = "/var/lib/namecoind/server.pem"; - description = lib.mdDoc '' + description = '' Key file for securing RPC connections. ''; }; @@ -134,7 +134,7 @@ in rpc.allowFrom = mkOption { type = types.listOf types.str; default = [ "127.0.0.1" ]; - description = lib.mdDoc '' + description = '' List of IP address ranges allowed to use the RPC API. Wiledcards (*) can be user to specify a range. ''; diff --git a/nixos/modules/services/networking/nar-serve.nix b/nixos/modules/services/networking/nar-serve.nix index 02b8979bd8bc7..b2082032ad90f 100644 --- a/nixos/modules/services/networking/nar-serve.nix +++ b/nixos/modules/services/networking/nar-serve.nix @@ -10,12 +10,12 @@ in }; options = { services.nar-serve = { - enable = mkEnableOption (lib.mdDoc "serving NAR file contents via HTTP"); + enable = mkEnableOption "serving NAR file contents via HTTP"; port = mkOption { type = types.port; default = 8383; - description = lib.mdDoc '' + description = '' Port number where nar-serve will listen on. ''; }; @@ -23,7 +23,7 @@ in cacheURL = mkOption { type = types.str; default = "https://cache.nixos.org/"; - description = lib.mdDoc '' + description = '' Binary cache URL to connect to. The URL format is compatible with the nix remote url style, such as: diff --git a/nixos/modules/services/networking/nat-iptables.nix b/nixos/modules/services/networking/nat-iptables.nix index d1bed401feeb9..351ba9ec35542 100644 --- a/nixos/modules/services/networking/nat-iptables.nix +++ b/nixos/modules/services/networking/nat-iptables.nix @@ -135,7 +135,7 @@ in type = types.lines; default = ""; example = "iptables -A INPUT -p icmp -j ACCEPT"; - description = lib.mdDoc '' + description = '' Additional shell commands executed as part of the nat initialisation script. @@ -147,7 +147,7 @@ in type = types.lines; default = ""; example = "iptables -D INPUT -p icmp -j ACCEPT || true"; - description = lib.mdDoc '' + description = '' Additional shell commands executed as part of the nat teardown script. diff --git a/nixos/modules/services/networking/nat.nix b/nixos/modules/services/networking/nat.nix index 3afe6fe0a9711..c2e0cfee9b854 100644 --- a/nixos/modules/services/networking/nat.nix +++ b/nixos/modules/services/networking/nat.nix @@ -19,7 +19,7 @@ in networking.nat.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable Network Address Translation (NAT). ''; }; @@ -27,7 +27,7 @@ in networking.nat.enableIPv6 = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable IPv6 NAT. ''; }; @@ -36,7 +36,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "eth0" ]; - description = lib.mdDoc '' + description = '' The interfaces for which to perform NAT. Packets coming from these interface and destined for the external interface will be rewritten. @@ -47,7 +47,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "192.168.1.0/24" ]; - description = lib.mdDoc '' + description = '' The IP address ranges for which to perform NAT. Packets coming from these addresses (on any interface) and destined for the external interface will be rewritten. @@ -58,7 +58,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "fc00::/64" ]; - description = lib.mdDoc '' + description = '' The IPv6 address ranges for which to perform NAT. Packets coming from these addresses (on any interface) and destined for the external interface will be rewritten. @@ -69,7 +69,7 @@ in type = types.nullOr types.str; default = null; example = "eth1"; - description = lib.mdDoc '' + description = '' The name of the external network interface. ''; }; @@ -78,7 +78,7 @@ in type = types.nullOr types.str; default = null; example = "203.0.113.123"; - description = lib.mdDoc '' + description = '' The public IP address to which packets from the local network are to be rewritten. If this is left empty, the IP address associated with the external interface will be @@ -90,7 +90,7 @@ in type = types.nullOr types.str; default = null; example = "2001:dc0:2001:11::175"; - description = lib.mdDoc '' + description = '' The public IPv6 address to which packets from the local network are to be rewritten. If this is left empty, the IP address associated with the external interface will be @@ -104,27 +104,27 @@ in sourcePort = mkOption { type = types.either types.int (types.strMatching "[[:digit:]]+:[[:digit:]]+"); example = 8080; - description = lib.mdDoc "Source port of the external interface; to specify a port range, use a string with a colon (e.g. \"60000:61000\")"; + description = "Source port of the external interface; to specify a port range, use a string with a colon (e.g. \"60000:61000\")"; }; destination = mkOption { type = types.str; example = "10.0.0.1:80"; - description = lib.mdDoc "Forward connection to destination ip:port (or [ipv6]:port); to specify a port range, use ip:start-end"; + description = "Forward connection to destination ip:port (or [ipv6]:port); to specify a port range, use ip:start-end"; }; proto = mkOption { type = types.str; default = "tcp"; example = "udp"; - description = lib.mdDoc "Protocol of forwarded connection"; + description = "Protocol of forwarded connection"; }; loopbackIPs = mkOption { type = types.listOf types.str; default = [ ]; example = literalExpression ''[ "55.1.2.3" ]''; - description = lib.mdDoc "Public IPs for NAT reflection; for connections to `loopbackip:sourcePort` from the host itself and from other hosts behind NAT"; + description = "Public IPs for NAT reflection; for connections to `loopbackip:sourcePort` from the host itself and from other hosts behind NAT"; }; }; }); @@ -133,7 +133,7 @@ in { sourcePort = 8080; destination = "10.0.0.1:80"; proto = "tcp"; } { sourcePort = 8080; destination = "[fc00::2]:80"; proto = "tcp"; } ]; - description = lib.mdDoc '' + description = '' List of forwarded ports from the external interface to internal destinations by using DNAT. Destination can be IPv6 if IPv6 NAT is enabled. @@ -144,7 +144,7 @@ in type = types.nullOr types.str; default = null; example = "10.0.0.1"; - description = lib.mdDoc '' + description = '' The local IP address to which all traffic that does not match any forwarding rule is forwarded. ''; diff --git a/nixos/modules/services/networking/nats.nix b/nixos/modules/services/networking/nats.nix index 6c21e21b5cb88..f159ef068b561 100644 --- a/nixos/modules/services/networking/nats.nix +++ b/nixos/modules/services/networking/nats.nix @@ -16,35 +16,35 @@ in { options = { services.nats = { - enable = mkEnableOption (lib.mdDoc "NATS messaging system"); + enable = mkEnableOption "NATS messaging system"; user = mkOption { type = types.str; default = "nats"; - description = lib.mdDoc "User account under which NATS runs."; + description = "User account under which NATS runs."; }; group = mkOption { type = types.str; default = "nats"; - description = lib.mdDoc "Group under which NATS runs."; + description = "Group under which NATS runs."; }; serverName = mkOption { default = "nats"; example = "n1-c3"; type = types.str; - description = lib.mdDoc '' + description = '' Name of the NATS server, must be unique if clustered. ''; }; - jetstream = mkEnableOption (lib.mdDoc "JetStream"); + jetstream = mkEnableOption "JetStream"; port = mkOption { default = 4222; type = types.port; - description = lib.mdDoc '' + description = '' Port on which to listen. ''; }; @@ -52,7 +52,7 @@ in { dataDir = mkOption { default = "/var/lib/nats"; type = types.path; - description = lib.mdDoc '' + description = '' The NATS data directory. Only used if JetStream is enabled, for storing stream metadata and messages. @@ -74,7 +74,7 @@ in { }; }; ''; - description = lib.mdDoc '' + description = '' Declarative NATS configuration. See the [ NATS documentation](https://docs.nats.io/nats-server/configuration) for a list of options. diff --git a/nixos/modules/services/networking/nbd.nix b/nixos/modules/services/networking/nbd.nix index b4bf7ede84632..e4a7bb1604f9a 100644 --- a/nixos/modules/services/networking/nbd.nix +++ b/nixos/modules/services/networking/nbd.nix @@ -43,12 +43,12 @@ in options = { services.nbd = { server = { - enable = mkEnableOption (lib.mdDoc "the Network Block Device (nbd) server"); + enable = mkEnableOption "the Network Block Device (nbd) server"; listenPort = mkOption { type = types.port; default = 10809; - description = lib.mdDoc "Port to listen on. The port is NOT automatically opened in the firewall."; + description = "Port to listen on. The port is NOT automatically opened in the firewall."; }; extraOptions = mkOption { @@ -56,21 +56,21 @@ in default = { allowlist = false; }; - description = lib.mdDoc '' + description = '' Extra options for the server. See {manpage}`nbd-server(5)`. ''; }; exports = mkOption { - description = lib.mdDoc "Files or block devices to make available over the network."; + description = "Files or block devices to make available over the network."; default = { }; type = with types; attrsOf (submodule { options = { path = mkOption { type = str; - description = lib.mdDoc "File or block device to export."; + description = "File or block device to export."; example = "/dev/sdb1"; }; @@ -78,7 +78,7 @@ in type = nullOr (listOf str); default = null; example = [ "10.10.0.0/24" "127.0.0.1" ]; - description = lib.mdDoc "IPs and subnets that are authorized to connect for this device. If not specified, the server will allow all connections."; + description = "IPs and subnets that are authorized to connect for this device. If not specified, the server will allow all connections."; }; extraOptions = mkOption { @@ -87,7 +87,7 @@ in flush = true; fua = true; }; - description = lib.mdDoc '' + description = '' Extra options for this export. See {manpage}`nbd-server(5)`. ''; @@ -98,7 +98,7 @@ in listenAddress = mkOption { type = with types; nullOr str; - description = lib.mdDoc "Address to listen on. If not specified, the server will listen on all interfaces."; + description = "Address to listen on. If not specified, the server will listen on all interfaces."; default = null; example = "10.10.0.1"; }; diff --git a/nixos/modules/services/networking/ncdns.nix b/nixos/modules/services/networking/ncdns.nix index cc97beb14e01f..d9aeb29e285fd 100644 --- a/nixos/modules/services/networking/ncdns.nix +++ b/nixos/modules/services/networking/ncdns.nix @@ -50,16 +50,16 @@ in services.ncdns = { - enable = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption '' ncdns, a Go daemon to bridge Namecoin to DNS. To resolve .bit domains set `services.namecoind.enable = true;` and an RPC username/password - ''); + ''; address = mkOption { type = types.str; default = "[::1]"; - description = lib.mdDoc '' + description = '' The IP address the ncdns resolver will bind to. Leave this unchanged if you do not wish to directly expose the resolver. ''; @@ -68,7 +68,7 @@ in port = mkOption { type = types.port; default = 5333; - description = lib.mdDoc '' + description = '' The port the ncdns resolver will bind to. ''; }; @@ -78,7 +78,7 @@ in default = config.networking.hostName; defaultText = literalExpression "config.networking.hostName"; example = "example.com"; - description = lib.mdDoc '' + description = '' The hostname of this ncdns instance, which defaults to the machine hostname. If specified, ncdns lists the hostname as an NS record at the zone apex: @@ -96,7 +96,7 @@ in type = types.str; default = ""; example = "root@example.com"; - description = lib.mdDoc '' + description = '' An email address for the SOA record at the bit zone. If you are only using ncdns locally you can ignore this. ''; @@ -105,25 +105,25 @@ in identity.address = mkOption { type = types.str; default = "127.127.127.127"; - description = lib.mdDoc '' + description = '' The IP address the hostname specified in {option}`services.ncdns.identity.hostname` should resolve to. If you are only using ncdns locally you can ignore this. ''; }; - dnssec.enable = mkEnableOption (lib.mdDoc '' + dnssec.enable = mkEnableOption '' DNSSEC support in ncdns. This will generate KSK and ZSK keypairs (unless provided via the options {option}`services.ncdns.dnssec.publicKey`, {option}`services.ncdns.dnssec.privateKey` etc.) and add a trust anchor to recursive resolvers - ''); + ''; dnssec.keys.public = mkOption { type = types.path; default = defaultFiles.public; - description = lib.mdDoc '' + description = '' Path to the file containing the KSK public key. The key can be generated using the `dnssec-keygen` command, provided by the package `bind` as follows: @@ -136,7 +136,7 @@ in dnssec.keys.private = mkOption { type = types.path; default = defaultFiles.private; - description = lib.mdDoc '' + description = '' Path to the file containing the KSK private key. ''; }; @@ -144,7 +144,7 @@ in dnssec.keys.zonePublic = mkOption { type = types.path; default = defaultFiles.zonePublic; - description = lib.mdDoc '' + description = '' Path to the file containing the ZSK public key. The key can be generated using the `dnssec-keygen` command, provided by the package `bind` as follows: @@ -157,7 +157,7 @@ in dnssec.keys.zonePrivate = mkOption { type = types.path; default = defaultFiles.zonePrivate; - description = lib.mdDoc '' + description = '' Path to the file containing the ZSK private key. ''; }; @@ -176,7 +176,7 @@ in certstore.nssdbdir = "../../home/alice/.pki/nssdb"; } ''; - description = lib.mdDoc '' + description = '' ncdns settings. Use this option to configure ncds settings not exposed in a NixOS option or to bypass one. See the example ncdns.conf file at <https://github.com/namecoin/ncdns/blob/master/_doc/ncdns.conf.example> @@ -189,7 +189,7 @@ in services.pdns-recursor.resolveNamecoin = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Resolve `.bit` top-level domains using ncdns and namecoin. ''; }; diff --git a/nixos/modules/services/networking/ndppd.nix b/nixos/modules/services/networking/ndppd.nix index d221c95ae6200..102bf1160cd0b 100644 --- a/nixos/modules/services/networking/ndppd.nix +++ b/nixos/modules/services/networking/ndppd.nix @@ -26,7 +26,7 @@ let options = { interface = mkOption { type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' Listen for any Neighbor Solicitation messages on this interface, and respond to them according to a set of rules. Defaults to the name of the attrset. @@ -35,14 +35,14 @@ let }; router = mkOption { type = types.bool; - description = lib.mdDoc '' + description = '' Turns on or off the router flag for Neighbor Advertisement Messages. ''; default = true; }; timeout = mkOption { type = types.int; - description = lib.mdDoc '' + description = '' Controls how long to wait for a Neighbor Advertisement Message before invalidating the entry, in milliseconds. ''; @@ -50,7 +50,7 @@ let }; ttl = mkOption { type = types.int; - description = lib.mdDoc '' + description = '' Controls how long a valid or invalid entry remains in the cache, in milliseconds. ''; @@ -58,7 +58,7 @@ let }; rules = mkOption { type = types.attrsOf rule; - description = lib.mdDoc '' + description = '' This is a rule that the target address is to match against. If no netmask is provided, /128 is assumed. You may have several rule sections, and the addresses may or may not overlap. @@ -72,7 +72,7 @@ let options = { network = mkOption { type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' This is the target address is to match against. If no netmask is provided, /128 is assumed. The addresses of several rules may or may not overlap. @@ -82,7 +82,7 @@ let }; method = mkOption { type = types.enum [ "static" "iface" "auto" ]; - description = lib.mdDoc '' + description = '' static: Immediately answer any Neighbor Solicitation Messages (if they match the IP rule). iface: Forward the Neighbor Solicitation Message through the specified @@ -95,7 +95,7 @@ let }; interface = mkOption { type = types.nullOr types.str; - description = lib.mdDoc "Interface to use when method is iface."; + description = "Interface to use when method is iface."; default = null; }; }; @@ -103,10 +103,10 @@ let in { options.services.ndppd = { - enable = mkEnableOption (lib.mdDoc "daemon that proxies NDP (Neighbor Discovery Protocol) messages between interfaces"); + enable = mkEnableOption "daemon that proxies NDP (Neighbor Discovery Protocol) messages between interfaces"; interface = mkOption { type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' Interface which is on link-level with router. (Legacy option, use services.ndppd.proxies.\<interface\>.rules.\<network\> instead) ''; @@ -115,7 +115,7 @@ in { }; network = mkOption { type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' Network that we proxy. (Legacy option, use services.ndppd.proxies.\<interface\>.rules.\<network\> instead) ''; @@ -124,12 +124,12 @@ in { }; configFile = mkOption { type = types.nullOr types.path; - description = lib.mdDoc "Path to configuration file."; + description = "Path to configuration file."; default = null; }; routeTTL = mkOption { type = types.int; - description = lib.mdDoc '' + description = '' This tells 'ndppd' how often to reload the route file /proc/net/ipv6_route, in milliseconds. ''; @@ -137,7 +137,7 @@ in { }; proxies = mkOption { type = types.attrsOf proxy; - description = lib.mdDoc '' + description = '' This sets up a listener, that will listen for any Neighbor Solicitation messages, and respond to them according to a set of rules. ''; diff --git a/nixos/modules/services/networking/nebula.nix b/nixos/modules/services/networking/nebula.nix index 2f9e41ae9c801..56eed04c3e8d9 100644 --- a/nixos/modules/services/networking/nebula.nix +++ b/nixos/modules/services/networking/nebula.nix @@ -26,40 +26,40 @@ in options = { services.nebula = { networks = mkOption { - description = lib.mdDoc "Nebula network definitions."; + description = "Nebula network definitions."; default = {}; type = types.attrsOf (types.submodule { options = { enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Enable or disable this network."; + description = "Enable or disable this network."; }; package = mkPackageOption pkgs "nebula" { }; ca = mkOption { type = types.path; - description = lib.mdDoc "Path to the certificate authority certificate."; + description = "Path to the certificate authority certificate."; example = "/etc/nebula/ca.crt"; }; cert = mkOption { type = types.path; - description = lib.mdDoc "Path to the host certificate."; + description = "Path to the host certificate."; example = "/etc/nebula/host.crt"; }; key = mkOption { type = types.path; - description = lib.mdDoc "Path to the host key."; + description = "Path to the host key."; example = "/etc/nebula/host.key"; }; staticHostMap = mkOption { type = types.attrsOf (types.listOf (types.str)); default = {}; - description = lib.mdDoc '' + description = '' The static host map defines a set of hosts with fixed IP addresses on the internet (or any network). A host can have multiple fixed IP addresses defined here, and nebula will try each when establishing a tunnel. ''; @@ -69,19 +69,19 @@ in isLighthouse = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether this node is a lighthouse."; + description = "Whether this node is a lighthouse."; }; isRelay = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether this node is a relay."; + description = "Whether this node is a relay."; }; lighthouses = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' List of IPs of lighthouse hosts this node should report to and query from. This should be empty on lighthouse nodes. The IPs should be the lighthouse's Nebula IPs, not their external IPs. ''; @@ -91,7 +91,7 @@ in relays = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' List of IPs of relays that this node should allow traffic from. ''; example = [ "192.168.100.1" ]; @@ -100,7 +100,7 @@ in listen.host = mkOption { type = types.str; default = "0.0.0.0"; - description = lib.mdDoc "IP address to listen on."; + description = "IP address to listen on."; }; listen.port = mkOption { @@ -113,13 +113,13 @@ in else 0; ''; - description = lib.mdDoc "Port number to listen on."; + description = "Port number to listen on."; }; tun.disable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' When tun is disabled, a lighthouse can be started without a local tun interface (and therefore without root). ''; }; @@ -127,27 +127,27 @@ in tun.device = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "Name of the tun device. Defaults to nebula.\${networkName}."; + description = "Name of the tun device. Defaults to nebula.\${networkName}."; }; firewall.outbound = mkOption { type = types.listOf types.attrs; default = []; - description = lib.mdDoc "Firewall rules for outbound traffic."; + description = "Firewall rules for outbound traffic."; example = [ { port = "any"; proto = "any"; host = "any"; } ]; }; firewall.inbound = mkOption { type = types.listOf types.attrs; default = []; - description = lib.mdDoc "Firewall rules for inbound traffic."; + description = "Firewall rules for inbound traffic."; example = [ { port = "any"; proto = "any"; host = "any"; } ]; }; settings = mkOption { type = format.type; default = {}; - description = lib.mdDoc '' + description = '' Nebula configuration. Refer to <https://github.com/slackhq/nebula/blob/master/examples/config.yml> for details on supported values. diff --git a/nixos/modules/services/networking/netbird.nix b/nixos/modules/services/networking/netbird.nix index 6a1511d4d0842..7add377896cab 100644 --- a/nixos/modules/services/networking/netbird.nix +++ b/nixos/modules/services/networking/netbird.nix @@ -42,7 +42,7 @@ in meta.doc = ./netbird.md; options.services.netbird = { - enable = mkEnableOption (lib.mdDoc "Netbird daemon"); + enable = mkEnableOption "Netbird daemon"; package = mkPackageOption pkgs "netbird" { }; tunnels = mkOption { diff --git a/nixos/modules/services/networking/netbird/coturn.nix b/nixos/modules/services/networking/netbird/coturn.nix new file mode 100644 index 0000000000000..dd032abb2d75e --- /dev/null +++ b/nixos/modules/services/networking/netbird/coturn.nix @@ -0,0 +1,160 @@ +{ + config, + lib, + pkgs, + ... +}: + +let + inherit (lib) + getExe + literalExpression + mkAfter + mkEnableOption + mkIf + mkMerge + mkOption + optionalAttrs + optionalString + ; + + inherit (lib.types) + bool + listOf + nullOr + path + port + str + ; + + cfg = config.services.netbird.server.coturn; +in + +{ + options.services.netbird.server.coturn = { + enable = mkEnableOption "a Coturn server for Netbird, will also open the firewall on the configured range"; + + useAcmeCertificates = mkOption { + type = bool; + default = false; + description = '' + Whether to use ACME certificates corresponding to the given domain for the server. + ''; + }; + + domain = mkOption { + type = str; + description = "The domain under which the coturn server runs."; + }; + + user = mkOption { + type = str; + default = "netbird"; + description = '' + The username used by netbird to connect to the coturn server. + ''; + }; + + password = mkOption { + type = nullOr str; + default = null; + description = '' + The password of the user used by netbird to connect to the coturn server. + ''; + }; + + passwordFile = mkOption { + type = nullOr path; + default = null; + description = '' + The path to a file containing the password of the user used by netbird to connect to the coturn server. + ''; + }; + + openPorts = mkOption { + type = listOf port; + default = with config.services.coturn; [ + listening-port + alt-listening-port + tls-listening-port + alt-tls-listening-port + ]; + defaultText = literalExpression '' + with config.services.coturn; [ + listening-port + alt-listening-port + tls-listening-port + alt-tls-listening-port + ]; + ''; + + description = '' + The list of ports used by coturn for listening to open in the firewall. + ''; + }; + }; + + config = mkIf cfg.enable (mkMerge [ + { + assertions = [ + { + assertion = (cfg.password == null) != (cfg.passwordFile == null); + message = "Exactly one of `password` or `passwordFile` must be given for the coturn setup."; + } + ]; + + services.coturn = + { + enable = true; + + realm = cfg.domain; + lt-cred-mech = true; + no-cli = true; + + extraConfig = '' + fingerprint + user=${cfg.user}:${if cfg.password != null then cfg.password else "@password@"} + no-software-attribute + ''; + } + // (optionalAttrs cfg.useAcmeCertificates { + cert = "@cert@"; + pkey = "@pkey@"; + }); + + systemd.services.coturn = + let + dir = config.security.acme.certs.${cfg.domain}.directory; + preStart' = + (optionalString (cfg.passwordFile != null) '' + ${getExe pkgs.replace-secret} @password@ ${cfg.passwordFile} /run/coturn/turnserver.cfg + '') + + (optionalString cfg.useAcmeCertificates '' + ${getExe pkgs.replace-secret} @cert@ "$CREDENTIALS_DIRECTORY/cert.pem" /run/coturn/turnserver.cfg + ${getExe pkgs.replace-secret} @pkey@ "$CREDENTIALS_DIRECTORY/pkey.pem" /run/coturn/turnserver.cfg + ''); + in + (optionalAttrs (preStart' != "") { preStart = mkAfter preStart'; }) + // (optionalAttrs cfg.useAcmeCertificates { + serviceConfig.LoadCredential = [ + "cert.pem:${dir}/fullchain.pem" + "pkey.pem:${dir}/key.pem" + ]; + }); + + security.acme.certs.${cfg.domain}.postRun = optionalString cfg.useAcmeCertificates "systemctl restart coturn.service"; + + networking.firewall = { + allowedUDPPorts = cfg.openPorts; + allowedTCPPorts = cfg.openPorts; + + allowedUDPPortRanges = [ + { + from = cfg.minPort; + to = cfg.maxPort; + } + ]; + }; + } + ]); +} diff --git a/nixos/modules/services/networking/netbird/dashboard.nix b/nixos/modules/services/networking/netbird/dashboard.nix new file mode 100644 index 0000000000000..6fc3086155900 --- /dev/null +++ b/nixos/modules/services/networking/netbird/dashboard.nix @@ -0,0 +1,186 @@ +{ + config, + lib, + pkgs, + ... +}: + +let + inherit (lib) + boolToString + concatStringsSep + hasAttr + isBool + mapAttrs + mkDefault + mkEnableOption + mkIf + mkOption + mkPackageOption + ; + + inherit (lib.types) + attrsOf + bool + either + package + str + submodule + ; + + toStringEnv = value: if isBool value then boolToString value else toString value; + + cfg = config.services.netbird.server.dashboard; +in + +{ + options.services.netbird.server.dashboard = { + enable = mkEnableOption "the static netbird dashboard frontend"; + + package = mkPackageOption pkgs "netbird-dashboard" { }; + + enableNginx = mkEnableOption "Nginx reverse-proxy to serve the dashboard."; + + domain = mkOption { + type = str; + default = "localhost"; + description = "The domain under which the dashboard runs."; + }; + + managementServer = mkOption { + type = str; + description = "The address of the management server, used for the API endpoints."; + }; + + settings = mkOption { + type = submodule { freeformType = attrsOf (either str bool); }; + + defaultText = '' + { + AUTH_AUDIENCE = "netbird"; + AUTH_CLIENT_ID = "netbird"; + AUTH_SUPPORTED_SCOPES = "openid profile email"; + NETBIRD_TOKEN_SOURCE = "idToken"; + USE_AUTH0 = false; + } + ''; + + description = '' + An attribute set that will be used to substitute variables when building the dashboard. + Any values set here will be templated into the frontend and be public for anyone that can reach your website. + The exact values sadly aren't documented anywhere. + A starting point when searching for valid values is this [script](https://github.com/netbirdio/dashboard/blob/main/docker/init_react_envs.sh) + The only mandatory value is 'AUTH_AUTHORITY' as we cannot set a default value here. + ''; + }; + + finalDrv = mkOption { + readOnly = true; + type = package; + description = '' + The derivation containing the final templated dashboard. + ''; + }; + }; + + config = mkIf cfg.enable { + assertions = [ + { + assertion = hasAttr "AUTH_AUTHORITY" cfg.settings; + message = "The setting AUTH_AUTHORITY is required for the dasboard to function."; + } + ]; + + services.netbird.server.dashboard = { + settings = + { + # Due to how the backend and frontend work this secret will be templated into the backend + # and then served statically from your website + # This enables you to login without the normally needed indirection through the backend + # but this also means anyone that can reach your website can + # fetch this secret, which is why there is no real need to put it into + # special options as its public anyway + # As far as I know leaking this secret is just + # an information leak as one can fetch some basic app + # informations from the IDP + # To actually do something one still needs to have login + # data and this secret so this being public will not + # suffice for anything just decreasing security + AUTH_CLIENT_SECRET = ""; + + NETBIRD_MGMT_API_ENDPOINT = cfg.managementServer; + NETBIRD_MGMT_GRPC_API_ENDPOINT = cfg.managementServer; + } + // (mapAttrs (_: mkDefault) { + # Those values have to be easily overridable + AUTH_AUDIENCE = "netbird"; # must be set for your devices to be able to log in + AUTH_CLIENT_ID = "netbird"; + AUTH_SUPPORTED_SCOPES = "openid profile email"; + NETBIRD_TOKEN_SOURCE = "idToken"; + USE_AUTH0 = false; + }); + + # The derivation containing the templated dashboard + finalDrv = + pkgs.runCommand "netbird-dashboard" + { + nativeBuildInputs = [ pkgs.gettext ]; + env = { + ENV_STR = concatStringsSep " " [ + "$AUTH_AUDIENCE" + "$AUTH_AUTHORITY" + "$AUTH_CLIENT_ID" + "$AUTH_CLIENT_SECRET" + "$AUTH_REDIRECT_URI" + "$AUTH_SILENT_REDIRECT_URI" + "$AUTH_SUPPORTED_SCOPES" + "$NETBIRD_DRAG_QUERY_PARAMS" + "$NETBIRD_GOOGLE_ANALYTICS_ID" + "$NETBIRD_HOTJAR_TRACK_ID" + "$NETBIRD_MGMT_API_ENDPOINT" + "$NETBIRD_MGMT_GRPC_API_ENDPOINT" + "$NETBIRD_TOKEN_SOURCE" + "$USE_AUTH0" + ]; + } // (mapAttrs (_: toStringEnv) cfg.settings); + } + '' + cp -R ${cfg.package} build + + find build -type d -exec chmod 755 {} \; + OIDC_TRUSTED_DOMAINS="build/OidcTrustedDomains.js" + + envsubst "$ENV_STR" < "$OIDC_TRUSTED_DOMAINS.tmpl" > "$OIDC_TRUSTED_DOMAINS" + + for f in $(grep -R -l AUTH_SUPPORTED_SCOPES build/); do + mv "$f" "$f.copy" + envsubst "$ENV_STR" < "$f.copy" > "$f" + rm "$f.copy" + done + + cp -R build $out + ''; + }; + + services.nginx = mkIf cfg.enableNginx { + enable = true; + + virtualHosts.${cfg.domain} = { + locations = { + "/" = { + root = cfg.finalDrv; + tryFiles = "$uri $uri.html $uri/ =404"; + }; + + "/404.html".extraConfig = '' + internal; + ''; + }; + + extraConfig = '' + error_page 404 /404.html; + ''; + }; + }; + }; +} diff --git a/nixos/modules/services/networking/netbird/management.nix b/nixos/modules/services/networking/netbird/management.nix new file mode 100644 index 0000000000000..52f033959143c --- /dev/null +++ b/nixos/modules/services/networking/netbird/management.nix @@ -0,0 +1,460 @@ +{ + config, + lib, + pkgs, + utils, + ... +}: + +let + inherit (lib) + any + concatMap + getExe' + literalExpression + mkEnableOption + mkIf + mkOption + mkPackageOption + optional + recursiveUpdate + ; + + inherit (lib.types) + bool + enum + listOf + port + str + ; + + inherit (utils) escapeSystemdExecArgs genJqSecretsReplacementSnippet; + + stateDir = "/var/lib/netbird-mgmt"; + + settingsFormat = pkgs.formats.json { }; + + defaultSettings = { + Stuns = [ + { + Proto = "udp"; + URI = "stun:${cfg.turnDomain}:3478"; + Username = ""; + Password = null; + } + ]; + + TURNConfig = { + Turns = [ + { + Proto = "udp"; + URI = "turn:${cfg.turnDomain}:${builtins.toString cfg.turnPort}"; + Username = "netbird"; + Password = "netbird"; + } + ]; + + CredentialsTTL = "12h"; + Secret = "not-secure-secret"; + TimeBasedCredentials = false; + }; + + Signal = { + Proto = "https"; + URI = "${cfg.domain}:443"; + Username = ""; + Password = null; + }; + + ReverseProxy = { + TrustedHTTPProxies = [ ]; + TrustedHTTPProxiesCount = 0; + TrustedPeers = [ "0.0.0.0/0" ]; + }; + + Datadir = "${stateDir}/data"; + DataStoreEncryptionKey = "very-insecure-key"; + StoreConfig = { + Engine = "sqlite"; + }; + + HttpConfig = { + Address = "127.0.0.1:${builtins.toString cfg.port}"; + IdpSignKeyRefreshEnabled = true; + OIDCConfigEndpoint = cfg.oidcConfigEndpoint; + }; + + IdpManagerConfig = { + ManagerType = "none"; + ClientConfig = { + Issuer = ""; + TokenEndpoint = ""; + ClientID = "netbird"; + ClientSecret = ""; + GrantType = "client_credentials"; + }; + + ExtraConfig = { }; + Auth0ClientCredentials = null; + AzureClientCredentials = null; + KeycloakClientCredentials = null; + ZitadelClientCredentials = null; + }; + + DeviceAuthorizationFlow = { + Provider = "none"; + ProviderConfig = { + Audience = "netbird"; + Domain = null; + ClientID = "netbird"; + TokenEndpoint = null; + DeviceAuthEndpoint = ""; + Scope = "openid profile email"; + UseIDToken = false; + }; + }; + + PKCEAuthorizationFlow = { + ProviderConfig = { + Audience = "netbird"; + ClientID = "netbird"; + ClientSecret = ""; + AuthorizationEndpoint = ""; + TokenEndpoint = ""; + Scope = "openid profile email"; + RedirectURLs = [ "http://localhost:53000" ]; + UseIDToken = false; + }; + }; + }; + + managementConfig = recursiveUpdate defaultSettings cfg.settings; + + managementFile = settingsFormat.generate "config.json" managementConfig; + + cfg = config.services.netbird.server.management; +in + +{ + options.services.netbird.server.management = { + enable = mkEnableOption "Netbird Management Service."; + + package = mkPackageOption pkgs "netbird" { }; + + domain = mkOption { + type = str; + description = "The domain under which the management API runs."; + }; + + turnDomain = mkOption { + type = str; + description = "The domain of the TURN server to use."; + }; + + turnPort = mkOption { + type = port; + default = 3478; + description = '' + The port of the TURN server to use. + ''; + }; + + dnsDomain = mkOption { + type = str; + default = "netbird.selfhosted"; + description = "Domain used for peer resolution."; + }; + + singleAccountModeDomain = mkOption { + type = str; + default = "netbird.selfhosted"; + description = '' + Enables single account mode. + This means that all the users will be under the same account grouped by the specified domain. + If the installation has more than one account, the property is ineffective. + ''; + }; + + disableAnonymousMetrics = mkOption { + type = bool; + default = true; + description = "Disables push of anonymous usage metrics to NetBird."; + }; + + disableSingleAccountMode = mkOption { + type = bool; + default = false; + description = '' + If set to true, disables single account mode. + The `singleAccountModeDomain` property will be ignored and every new user will have a separate NetBird account. + ''; + }; + + port = mkOption { + type = port; + default = 8011; + description = "Internal port of the management server."; + }; + + extraOptions = mkOption { + type = listOf str; + default = [ ]; + description = '' + Additional options given to netbird-mgmt as commandline arguments. + ''; + }; + + oidcConfigEndpoint = mkOption { + type = str; + description = "The oidc discovery endpoint."; + example = "https://example.eu.auth0.com/.well-known/openid-configuration"; + }; + + settings = mkOption { + inherit (settingsFormat) type; + + defaultText = literalExpression '' + defaultSettings = { + Stuns = [ + { + Proto = "udp"; + URI = "stun:''${cfg.turnDomain}:3478"; + Username = ""; + Password = null; + } + ]; + + TURNConfig = { + Turns = [ + { + Proto = "udp"; + URI = "turn:''${cfg.turnDomain}:3478"; + Username = "netbird"; + Password = "netbird"; + } + ]; + + CredentialsTTL = "12h"; + Secret = "not-secure-secret"; + TimeBasedCredentials = false; + }; + + Signal = { + Proto = "https"; + URI = "''${cfg.domain}:443"; + Username = ""; + Password = null; + }; + + ReverseProxy = { + TrustedHTTPProxies = [ ]; + TrustedHTTPProxiesCount = 0; + TrustedPeers = [ "0.0.0.0/0" ]; + }; + + Datadir = "''${stateDir}/data"; + DataStoreEncryptionKey = "genEVP6j/Yp2EeVujm0zgqXrRos29dQkpvX0hHdEUlQ="; + StoreConfig = { Engine = "sqlite"; }; + + HttpConfig = { + Address = "127.0.0.1:''${builtins.toString cfg.port}"; + IdpSignKeyRefreshEnabled = true; + OIDCConfigEndpoint = cfg.oidcConfigEndpoint; + }; + + IdpManagerConfig = { + ManagerType = "none"; + ClientConfig = { + Issuer = ""; + TokenEndpoint = ""; + ClientID = "netbird"; + ClientSecret = ""; + GrantType = "client_credentials"; + }; + + ExtraConfig = { }; + Auth0ClientCredentials = null; + AzureClientCredentials = null; + KeycloakClientCredentials = null; + ZitadelClientCredentials = null; + }; + + DeviceAuthorizationFlow = { + Provider = "none"; + ProviderConfig = { + Audience = "netbird"; + Domain = null; + ClientID = "netbird"; + TokenEndpoint = null; + DeviceAuthEndpoint = ""; + Scope = "openid profile email offline_access api"; + UseIDToken = false; + }; + }; + + PKCEAuthorizationFlow = { + ProviderConfig = { + Audience = "netbird"; + ClientID = "netbird"; + ClientSecret = ""; + AuthorizationEndpoint = ""; + TokenEndpoint = ""; + Scope = "openid profile email offline_access api"; + RedirectURLs = "http://localhost:53000"; + UseIDToken = false; + }; + }; + }; + ''; + + default = { }; + + description = '' + Configuration of the netbird management server. + Options containing secret data should be set to an attribute set containing the attribute _secret + - a string pointing to a file containing the value the option should be set to. + See the example to get a better picture of this: in the resulting management.json file, + the `DataStoreEncryptionKey` key will be set to the contents of the /run/agenix/netbird_mgmt-data_store_encryption_key file. + ''; + + example = { + DataStoreEncryptionKey = { + _secret = "/run/agenix/netbird_mgmt-data_store_encryption_key"; + }; + }; + }; + + logLevel = mkOption { + type = enum [ + "ERROR" + "WARN" + "INFO" + "DEBUG" + ]; + default = "INFO"; + description = "Log level of the netbird services."; + }; + + enableNginx = mkEnableOption "Nginx reverse-proxy for the netbird management service."; + }; + + config = mkIf cfg.enable { + warnings = + concatMap + ( + { check, name }: + optional check "${name} is world-readable in the Nix Store, you should provide it as a _secret." + ) + [ + { + check = builtins.isString managementConfig.TURNConfig.Secret; + name = "The TURNConfig.secret"; + } + { + check = builtins.isString managementConfig.DataStoreEncryptionKey; + name = "The DataStoreEncryptionKey"; + } + { + check = any (T: (T ? Password) && builtins.isString T.Password) managementConfig.TURNConfig.Turns; + name = "A Turn configuration's password"; + } + ]; + + systemd.services.netbird-management = { + description = "The management server for Netbird, a wireguard VPN"; + documentation = [ "https://netbird.io/docs/" ]; + + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + restartTriggers = [ managementFile ]; + + preStart = genJqSecretsReplacementSnippet managementConfig "${stateDir}/management.json"; + + serviceConfig = { + ExecStart = escapeSystemdExecArgs ( + [ + (getExe' cfg.package "netbird-mgmt") + "management" + # Config file + "--config" + "${stateDir}/management.json" + # Data directory + "--datadir" + "${stateDir}/data" + # DNS domain + "--dns-domain" + cfg.dnsDomain + # Port to listen on + "--port" + cfg.port + # Log to stdout + "--log-file" + "console" + # Log level + "--log-level" + cfg.logLevel + # + "--idp-sign-key-refresh-enabled" + # Domain for internal resolution + "--single-account-mode-domain" + cfg.singleAccountModeDomain + ] + ++ (optional cfg.disableAnonymousMetrics "--disable-anonymous-metrics") + ++ (optional cfg.disableSingleAccountMode "--disable-single-account-mode") + ++ cfg.extraOptions + ); + Restart = "always"; + RuntimeDirectory = "netbird-mgmt"; + StateDirectory = [ + "netbird-mgmt" + "netbird-mgmt/data" + ]; + WorkingDirectory = stateDir; + + # hardening + LockPersonality = true; + MemoryDenyWriteExecute = true; + NoNewPrivileges = true; + PrivateMounts = true; + PrivateTmp = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectSystem = true; + RemoveIPC = true; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + }; + + stopIfChanged = false; + }; + + services.nginx = mkIf cfg.enableNginx { + enable = true; + + virtualHosts.${cfg.domain} = { + locations = { + "/api".proxyPass = "http://localhost:${builtins.toString cfg.port}"; + + "/management.ManagementService/".extraConfig = '' + # This is necessary so that grpc connections do not get closed early + # see https://stackoverflow.com/a/67805465 + client_body_timeout 1d; + + grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + grpc_pass grpc://localhost:${builtins.toString cfg.port}; + grpc_read_timeout 1d; + grpc_send_timeout 1d; + grpc_socket_keepalive on; + ''; + }; + }; + }; + }; +} diff --git a/nixos/modules/services/networking/netbird/server.md b/nixos/modules/services/networking/netbird/server.md new file mode 100644 index 0000000000000..3649e97b379e5 --- /dev/null +++ b/nixos/modules/services/networking/netbird/server.md @@ -0,0 +1,42 @@ +# Netbird server {#module-services-netbird-server} + +NetBird is a VPN built on top of WireGuard® making it easy to create secure private networks for your organization or home. + +## Quickstart {#module-services-netbird-server-quickstart} + +To fully setup Netbird as a self-hosted server, we need both a Coturn server and an identity provider, the list of supported SSOs and their setup are available [on Netbird's documentation](https://docs.netbird.io/selfhosted/selfhosted-guide#step-3-configure-identity-provider-idp). + +There are quite a few settings that need to be passed to Netbird for it to function, and a minimal config looks like : + +```nix +services.netbird.server = { + enable = true; + + domain = "netbird.example.selfhosted"; + + enableNginx = true; + + coturn = { + enable = true; + + passwordFile = "/path/to/a/secret/password"; + }; + + management = { + oidcConfigEndpoint = "https://sso.example.selfhosted/oauth2/openid/netbird/.well-known/openid-configuration"; + + settings = { + TURNConfig = { + Turns = [ + { + Proto = "udp"; + URI = "turn:netbird.example.selfhosted:3478"; + Username = "netbird"; + Password._secret = "/path/to/a/secret/password"; + } + ]; + }; + }; + }; +}; +``` diff --git a/nixos/modules/services/networking/netbird/server.nix b/nixos/modules/services/networking/netbird/server.nix new file mode 100644 index 0000000000000..a4de0fda6a134 --- /dev/null +++ b/nixos/modules/services/networking/netbird/server.nix @@ -0,0 +1,67 @@ +{ config, lib, ... }: + +let + inherit (lib) + mkEnableOption + mkIf + mkOption + optionalAttrs + ; + + inherit (lib.types) str; + + cfg = config.services.netbird.server; +in + +{ + meta = { + maintainers = with lib.maintainers; [ thubrecht ]; + doc = ./server.md; + }; + + # Import the separate components + imports = [ + ./coturn.nix + ./dashboard.nix + ./management.nix + ./signal.nix + ]; + + options.services.netbird.server = { + enable = mkEnableOption "Netbird Server stack, comprising the dashboard, management API and signal service"; + + enableNginx = mkEnableOption "Nginx reverse-proxy for the netbird server services."; + + domain = mkOption { + type = str; + description = "The domain under which the netbird server runs."; + }; + }; + + config = mkIf cfg.enable { + services.netbird.server = { + dashboard = { + inherit (cfg) enable domain enableNginx; + + managementServer = "https://${cfg.domain}"; + }; + + management = + { + inherit (cfg) enable domain enableNginx; + } + // (optionalAttrs cfg.coturn.enable { + turnDomain = cfg.domain; + turnPort = config.services.coturn.tls-listening-port; + }); + + signal = { + inherit (cfg) enable domain enableNginx; + }; + + coturn = { + inherit (cfg) domain; + }; + }; + }; +} diff --git a/nixos/modules/services/networking/netbird/signal.nix b/nixos/modules/services/networking/netbird/signal.nix new file mode 100644 index 0000000000000..8408d20e874b5 --- /dev/null +++ b/nixos/modules/services/networking/netbird/signal.nix @@ -0,0 +1,123 @@ +{ + config, + lib, + pkgs, + utils, + ... +}: + +let + inherit (lib) + getExe' + mkEnableOption + mkIf + mkPackageOption + mkOption + ; + + inherit (lib.types) enum port str; + + inherit (utils) escapeSystemdExecArgs; + + cfg = config.services.netbird.server.signal; +in + +{ + options.services.netbird.server.signal = { + enable = mkEnableOption "Netbird's Signal Service"; + + package = mkPackageOption pkgs "netbird" { }; + + enableNginx = mkEnableOption "Nginx reverse-proxy for the netbird signal service."; + + domain = mkOption { + type = str; + description = "The domain name for the signal service."; + }; + + port = mkOption { + type = port; + default = 8012; + description = "Internal port of the signal server."; + }; + + logLevel = mkOption { + type = enum [ + "ERROR" + "WARN" + "INFO" + "DEBUG" + ]; + default = "INFO"; + description = "Log level of the netbird signal service."; + }; + }; + + config = mkIf cfg.enable { + systemd.services.netbird-signal = { + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + ExecStart = escapeSystemdExecArgs [ + (getExe' cfg.package "netbird-signal") + "run" + # Port to listen on + "--port" + cfg.port + # Log to stdout + "--log-file" + "console" + # Log level + "--log-level" + cfg.logLevel + ]; + + Restart = "always"; + RuntimeDirectory = "netbird-mgmt"; + StateDirectory = "netbird-mgmt"; + WorkingDirectory = "/var/lib/netbird-mgmt"; + + # hardening + LockPersonality = true; + MemoryDenyWriteExecute = true; + NoNewPrivileges = true; + PrivateMounts = true; + PrivateTmp = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectSystem = true; + RemoveIPC = true; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + }; + + stopIfChanged = false; + }; + + services.nginx = mkIf cfg.enableNginx { + enable = true; + + virtualHosts.${cfg.domain} = { + locations."/signalexchange.SignalExchange/".extraConfig = '' + # This is necessary so that grpc connections do not get closed early + # see https://stackoverflow.com/a/67805465 + client_body_timeout 1d; + + grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + grpc_pass grpc://localhost:${builtins.toString cfg.port}; + grpc_read_timeout 1d; + grpc_send_timeout 1d; + grpc_socket_keepalive on; + ''; + }; + }; + }; +} diff --git a/nixos/modules/services/networking/netclient.nix b/nixos/modules/services/networking/netclient.nix index 43b8f07cca046..b4819f84bab2c 100644 --- a/nixos/modules/services/networking/netclient.nix +++ b/nixos/modules/services/networking/netclient.nix @@ -6,7 +6,7 @@ in meta.maintainers = with lib.maintainers; [ wexder ]; options.services.netclient = { - enable = lib.mkEnableOption (lib.mdDoc "Netclient Daemon"); + enable = lib.mkEnableOption "Netclient Daemon"; package = lib.mkPackageOption pkgs "netclient" { }; }; diff --git a/nixos/modules/services/networking/networkd-dispatcher.nix b/nixos/modules/services/networking/networkd-dispatcher.nix index c5319ca7b88a2..039888e3c0646 100644 --- a/nixos/modules/services/networking/networkd-dispatcher.nix +++ b/nixos/modules/services/networking/networkd-dispatcher.nix @@ -11,11 +11,11 @@ in { options = { services.networkd-dispatcher = { - enable = mkEnableOption (mdDoc '' + enable = mkEnableOption '' Networkd-dispatcher service for systemd-networkd connection status change. See [https://gitlab.com/craftyguy/networkd-dispatcher](upstream instructions) for usage. - ''); + ''; rules = mkOption { default = {}; @@ -33,7 +33,7 @@ in { }; }; ''; - description = lib.mdDoc '' + description = '' Declarative configuration of networkd-dispatcher rules. See [https://gitlab.com/craftyguy/networkd-dispatcher](upstream instructions) for an introduction and example scripts. @@ -46,7 +46,7 @@ in { "configuring" "configured" ]); default = null; - description = lib.mdDoc '' + description = '' List of names of the systemd-networkd operational states which should trigger the script. See <https://www.freedesktop.org/software/systemd/man/networkctl.html> for a description of the specific state type. @@ -54,7 +54,7 @@ in { }; script = mkOption { type = types.lines; - description = lib.mdDoc '' + description = '' Shell commands executed on specified operational states. ''; }; diff --git a/nixos/modules/services/networking/networkmanager.nix b/nixos/modules/services/networking/networkmanager.nix index 1eaf065972d21..e33bbb2af178f 100644 --- a/nixos/modules/services/networking/networkmanager.nix +++ b/nixos/modules/services/networking/networkmanager.nix @@ -10,49 +10,31 @@ let enableIwd = cfg.wifi.backend == "iwd"; - mkValue = v: - if v == true then "yes" - else if v == false then "no" - else if lib.isInt v then toString v - else v; - - mkSection = name: attrs: '' - [${name}] - ${ - lib.concatStringsSep "\n" - (lib.mapAttrsToList - (k: v: "${k}=${mkValue v}") - (lib.filterAttrs - (k: v: v != null) - attrs)) - } - ''; - - configFile = pkgs.writeText "NetworkManager.conf" (lib.concatStringsSep "\n" [ - (mkSection "main" { + configAttrs = lib.recursiveUpdate { + main = { plugins = "keyfile"; inherit (cfg) dhcp dns; # If resolvconf is disabled that means that resolv.conf is managed by some other module. rc-manager = if config.networking.resolvconf.enable then "resolvconf" else "unmanaged"; - }) - (mkSection "keyfile" { + }; + keyfile = { unmanaged-devices = - if cfg.unmanaged == [ ] then null - else lib.concatStringsSep ";" cfg.unmanaged; - }) - (mkSection "logging" { + if cfg.unmanaged == [ ] then null + else lib.concatStringsSep ";" cfg.unmanaged; + }; + logging = { audit = config.security.audit.enable; level = cfg.logLevel; - }) - (mkSection "connection" cfg.connectionConfig) - (mkSection "device" { - "wifi.scan-rand-mac-address" = cfg.wifi.scanRandMacAddress; - "wifi.backend" = cfg.wifi.backend; - }) - cfg.extraConfig - ]); + }; + connection = cfg.connectionConfig; + device = { + "wifi.scan-rand-mac-address" = cfg.wifi.scanRandMacAddress; + "wifi.backend" = cfg.wifi.backend; + }; + } cfg.settings; + configFile = ini.generate "NetworkManager.conf" configAttrs; /* [network-manager] @@ -105,7 +87,7 @@ let type = types.either types.str (types.enum [ "permanent" "preserve" "random" "stable" "stable-ssid" ]); default = "preserve"; example = "00:11:22:33:44:55"; - description = lib.mdDoc '' + description = '' Set the MAC address of the interface. - `"XX:XX:XX:XX:XX:XX"`: MAC address of the interface @@ -121,7 +103,7 @@ let type = types.either types.str (types.enum [ "permanent" "preserve" "random" "stable" ]); default = "preserve"; example = "00:11:22:33:44:55"; - description = lib.mdDoc '' + description = '' Set the MAC address of the interface. - `"XX:XX:XX:XX:XX:XX"`: MAC address of the interface @@ -145,7 +127,7 @@ in { meta = { - maintainers = teams.freedesktop.members; + maintainers = teams.freedesktop.members ++ [ lib.maintainers.janik ]; }; ###### interface @@ -157,7 +139,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to use NetworkManager to obtain an IP address and other configuration for all network interfaces that are not manually configured. If enabled, a group `networkmanager` @@ -173,7 +155,7 @@ in str ])); default = { }; - description = lib.mdDoc '' + description = '' Configuration for the [connection] section of NetworkManager.conf. Refer to [ @@ -185,11 +167,11 @@ in ''; }; - extraConfig = mkOption { - type = types.lines; - default = ""; - description = lib.mdDoc '' - Configuration appended to the generated NetworkManager.conf. + settings = mkOption { + type = ini.type; + default = {}; + description = '' + Configuration added to the generated NetworkManager.conf, note that you can overwrite settings with this. Refer to [ https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html @@ -203,7 +185,7 @@ in unmanaged = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc '' + description = '' List of interfaces that will not be managed by NetworkManager. Interface name can be specified here, but if you need more fidelity, refer to @@ -234,7 +216,7 @@ in in types.listOf networkManagerPluginPackage; default = [ ]; - description = lib.mdDoc '' + description = '' List of NetworkManager plug-ins to enable. Some plug-ins are enabled by the NetworkManager module by default. ''; @@ -243,7 +225,7 @@ in dhcp = mkOption { type = types.enum [ "dhcpcd" "internal" ]; default = "internal"; - description = lib.mdDoc '' + description = '' Which program (or internal library) should be used for DHCP. ''; }; @@ -251,7 +233,7 @@ in logLevel = mkOption { type = types.enum [ "OFF" "ERR" "WARN" "INFO" "DEBUG" "TRACE" ]; default = "WARN"; - description = lib.mdDoc '' + description = '' Set the default logging verbosity level. ''; }; @@ -259,7 +241,7 @@ in appendNameservers = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc '' + description = '' A list of name servers that should be appended to the ones configured in NetworkManager or received by DHCP. ''; @@ -268,7 +250,7 @@ in insertNameservers = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc '' + description = '' A list of name servers that should be inserted before the ones configured in NetworkManager or received by DHCP. ''; @@ -282,7 +264,7 @@ in backend = mkOption { type = types.enum [ "wpa_supplicant" "iwd" ]; default = "wpa_supplicant"; - description = lib.mdDoc '' + description = '' Specify the Wi-Fi backend used for the device. Currently supported are {option}`wpa_supplicant` or {option}`iwd` (experimental). ''; @@ -291,7 +273,7 @@ in powersave = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to enable Wi-Fi power saving. ''; }; @@ -299,7 +281,7 @@ in scanRandMacAddress = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable MAC address randomization of a Wi-Fi device during scanning. ''; @@ -309,7 +291,7 @@ in dns = mkOption { type = types.enum [ "default" "dnsmasq" "systemd-resolved" "none" ]; default = "default"; - description = lib.mdDoc '' + description = '' Set the DNS (`resolv.conf`) processing mode. A description of these modes can be found in the main section of @@ -326,7 +308,7 @@ in options = { source = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' Path to the hook script. ''; }; @@ -334,7 +316,7 @@ in type = mkOption { type = types.enum (attrNames dispatcherTypesSubdirMap); default = "basic"; - description = lib.mdDoc '' + description = '' Dispatcher hook type. Look up the hooks described at [https://developer.gnome.org/NetworkManager/stable/NetworkManager.html](https://developer.gnome.org/NetworkManager/stable/NetworkManager.html) and choose the type depending on the output folder. @@ -358,7 +340,7 @@ in type = "basic"; } ] ''; - description = lib.mdDoc '' + description = '' A list of scripts which will be executed in response to network events. ''; }; @@ -366,7 +348,7 @@ in enableStrongSwan = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable the StrongSwan plugin. If you enable this option the @@ -381,17 +363,17 @@ in options = { id = mkOption { type = types.str; - description = lib.mdDoc "vid:pid of either the PCI or USB vendor and product ID"; + description = "vid:pid of either the PCI or USB vendor and product ID"; }; path = mkOption { type = types.path; - description = lib.mdDoc "Path to the unlock script"; + description = "Path to the unlock script"; }; }; }); default = [ ]; example = literalExpression ''[{ id = "03f0:4e1d"; path = "''${pkgs.modemmanager}/share/ModemManager/fcc-unlock.available.d/03f0:4e1d"; }]''; - description = lib.mdDoc '' + description = '' List of FCC unlock scripts to enable on the system, behaving as described in https://modemmanager.org/docs/modemmanager/fcc-unlock/#integration-with-third-party-fcc-unlock-tools. ''; @@ -445,7 +427,7 @@ in }; }; }; - description = lib.mdDoc '' + description = '' Declaratively define NetworkManager profiles. You can find information about the generated file format [here](https://networkmanager.dev/docs/api/latest/nm-settings-keyfile.html) and [here](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_networking/assembly_networkmanager-connection-profiles-in-keyfile-format_configuring-and-managing-networking). You current profiles which are most likely stored in `/etc/NetworkManager/system-connections` and there is [a tool](https://github.com/janik-haag/nm2nix) to convert them to the needed nix code. If you add a new ad-hoc connection via a GUI or nmtui or anything similar it should just work together with the declarative ones. @@ -459,7 +441,7 @@ in default = []; type = types.listOf types.path; example = [ "/run/secrets/network-manager.env" ]; - description = lib.mdDoc '' + description = '' Files to load as environment file. Environment variables from this file will be substituted into the static configuration file using [envsubst](https://github.com/a8m/envsubst). ''; @@ -471,8 +453,28 @@ in imports = [ (mkRenamedOptionModule [ "networking" "networkmanager" "packages" ] - [ "networking" "networkmanager" "plugins" ]) - (mkRenamedOptionModule [ "networking" "networkmanager" "useDnsmasq" ] [ "networking" "networkmanager" "dns" ]) + [ "networking" "networkmanager" "plugins" ] + ) + (mkRenamedOptionModule + [ "networking" "networkmanager" "useDnsmasq" ] + [ "networking" "networkmanager" "dns" ] + ) + (mkRemovedOptionModule [ "networking" "networkmanager" "extraConfig" ] '' + This option was removed in favour of `networking.networkmanager.settings`, + which accepts structured nix-code equivalent to the ini + and allows for overriding settings. + Example patch: + ```patch + networking.networkmanager = { + - extraConfig = ''' + - [main] + - no-auto-default=* + - ''' + + extraConfig.main.no-auto-default = "*"; + }; + ``` + '' + ) (mkRemovedOptionModule [ "networking" "networkmanager" "enableFccUnlock" ] '' This option was removed, because using bundled FCC unlock scripts is risky, might conflict with vendor-provided unlock scripts, and should diff --git a/nixos/modules/services/networking/nextdns.nix b/nixos/modules/services/networking/nextdns.nix index 697fa605049e9..b070eeec894fe 100644 --- a/nixos/modules/services/networking/nextdns.nix +++ b/nixos/modules/services/networking/nextdns.nix @@ -10,13 +10,13 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the NextDNS DNS/53 to DoH Proxy service."; + description = "Whether to enable the NextDNS DNS/53 to DoH Proxy service."; }; arguments = mkOption { type = types.listOf types.str; default = []; example = [ "-config" "10.0.3.0/24=abcdef" ]; - description = lib.mdDoc "Additional arguments to be passed to nextdns run."; + description = "Additional arguments to be passed to nextdns run."; }; }; }; diff --git a/nixos/modules/services/networking/nftables.nix b/nixos/modules/services/networking/nftables.nix index 2351ebf4b7074..ada9b83716a50 100644 --- a/nixos/modules/services/networking/nftables.nix +++ b/nixos/modules/services/networking/nftables.nix @@ -8,21 +8,21 @@ let enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Enable this table."; + description = "Enable this table."; }; name = mkOption { type = types.str; - description = lib.mdDoc "Table name."; + description = "Table name."; }; content = mkOption { type = types.lines; - description = lib.mdDoc "The table content."; + description = "The table content."; }; family = mkOption { - description = lib.mdDoc "Table family."; + description = "Table family."; type = types.enum [ "ip" "ip6" "inet" "arp" "bridge" "netdev" ]; }; }; @@ -39,8 +39,7 @@ in networking.nftables.enable = mkOption { type = types.bool; default = false; - description = - lib.mdDoc '' + description = '' Whether to enable nftables and use nftables based firewall if enabled. nftables is a Linux-based packet filtering framework intended to replace frameworks like iptables. @@ -61,7 +60,7 @@ in networking.nftables.checkRuleset = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Run `nft check` on the ruleset to spot syntax errors during build. Because this is executed in a sandbox, the check might fail if it requires access to any environmental factors or paths outside the Nix store. @@ -84,7 +83,7 @@ in "/etc/services" = config.environment.etc.services.source; } ''; - description = mdDoc '' + description = '' Set of paths that should be intercepted and rewritten while checking the ruleset using `pkgs.buildPackages.libredirect`. ''; @@ -96,14 +95,14 @@ in example = lib.literalExpression '' sed 's/skgid meadow/skgid nogroup/g' -i ruleset.conf ''; - description = lib.mdDoc '' + description = '' This script gets run before the ruleset is checked. It can be used to create additional files needed for the ruleset check to work, or modify the ruleset for cases the build environment cannot cover. ''; }; - networking.nftables.flushRuleset = mkEnableOption (lib.mdDoc "flushing the entire ruleset on each reload"); + networking.nftables.flushRuleset = mkEnableOption "flushing the entire ruleset on each reload"; networking.nftables.extraDeletions = mkOption { type = types.lines; @@ -114,8 +113,7 @@ in delete table inet some-table; ''; - description = - lib.mdDoc '' + description = '' Extra deletion commands to be run on every firewall start, reload and after stopping the firewall. ''; @@ -166,8 +164,7 @@ in } } ''; - description = - lib.mdDoc '' + description = '' The ruleset to be used with nftables. Should be in a format that can be loaded using "/bin/nft -f". The ruleset is updated atomically. Note that if the tables should be cleaned first, either: @@ -179,8 +176,7 @@ in networking.nftables.rulesetFile = mkOption { type = types.nullOr types.path; default = null; - description = - lib.mdDoc '' + description = '' The ruleset file to be used with nftables. Should be in a format that can be loaded using "nft -f". The ruleset is updated atomically. ''; @@ -189,7 +185,7 @@ in networking.nftables.flattenRulesetFile = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Use `builtins.readFile` rather than `include` to handle {option}`networking.nftables.rulesetFile`. It is useful when you want to apply {option}`networking.nftables.preCheckRuleset` to {option}`networking.nftables.rulesetFile`. ::: {.note} @@ -203,7 +199,7 @@ in default = {}; - description = lib.mdDoc '' + description = '' Tables to be added to ruleset. Tables will be added together with delete statements to clean up the table before every update. ''; diff --git a/nixos/modules/services/networking/nghttpx/backend-params-submodule.nix b/nixos/modules/services/networking/nghttpx/backend-params-submodule.nix index 510dc02b5c9f8..6523f4b8b9e0f 100644 --- a/nixos/modules/services/networking/nghttpx/backend-params-submodule.nix +++ b/nixos/modules/services/networking/nghttpx/backend-params-submodule.nix @@ -3,7 +3,7 @@ proto = lib.mkOption { type = lib.types.enum [ "h2" "http/1.1" ]; default = "http/1.1"; - description = lib.mdDoc '' + description = '' This option configures the protocol the backend server expects to use. @@ -15,7 +15,7 @@ tls = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' This option determines whether nghttpx will negotiate its connection with a backend server using TLS or not. The burden is on the backend server to provide the TLS certificate! @@ -28,7 +28,7 @@ sni = lib.mkOption { type = lib.types.nullOr lib.types.str; default = null; - description = lib.mdDoc '' + description = '' Override the TLS SNI field value. This value (in nghttpx) defaults to the host value of the backend configuration. @@ -40,7 +40,7 @@ fall = lib.mkOption { type = lib.types.int; default = 0; - description = lib.mdDoc '' + description = '' If nghttpx cannot connect to the backend N times in a row, the backend is assumed to be offline and is excluded from load balancing. If N is 0 the backend is never excluded from load @@ -54,7 +54,7 @@ rise = lib.mkOption { type = lib.types.int; default = 0; - description = lib.mdDoc '' + description = '' If the backend is excluded from load balancing, nghttpx will periodically attempt to make a connection to the backend. If the connection is successful N times in a row the backend is @@ -69,7 +69,7 @@ affinity = lib.mkOption { type = lib.types.enum [ "ip" "none" ]; default = "none"; - description = lib.mdDoc '' + description = '' If "ip" is given, client IP based session affinity is enabled. If "none" is given, session affinity is disabled. @@ -91,7 +91,7 @@ dns = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Name resolution of a backends host name is done at start up, or configuration reload. If "dns" is true, name resolution takes place dynamically. @@ -108,7 +108,7 @@ redirect-if-not-tls = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' If true, a backend match requires the frontend connection be TLS encrypted. If it is not, nghttpx responds to the request with a 308 status code and https URI the client should use diff --git a/nixos/modules/services/networking/nghttpx/backend-submodule.nix b/nixos/modules/services/networking/nghttpx/backend-submodule.nix index af99b21c9ab36..eb559e926e76b 100644 --- a/nixos/modules/services/networking/nghttpx/backend-submodule.nix +++ b/nixos/modules/services/networking/nghttpx/backend-submodule.nix @@ -13,7 +13,7 @@ host = "127.0.0.1"; port = 80; }; - description = lib.mdDoc '' + description = '' Backend server location specified as either a host:port pair or a unix domain docket. ''; @@ -27,7 +27,7 @@ "/somepath" ]; default = []; - description = lib.mdDoc '' + description = '' List of nghttpx backend patterns. Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b @@ -42,7 +42,7 @@ tls = true; }; default = null; - description = lib.mdDoc '' + description = '' Parameters to configure a backend. ''; }; diff --git a/nixos/modules/services/networking/nghttpx/frontend-params-submodule.nix b/nixos/modules/services/networking/nghttpx/frontend-params-submodule.nix index 66c6d7efa6a0a..33c8572bd14fc 100644 --- a/nixos/modules/services/networking/nghttpx/frontend-params-submodule.nix +++ b/nixos/modules/services/networking/nghttpx/frontend-params-submodule.nix @@ -3,7 +3,7 @@ tls = lib.mkOption { type = lib.types.enum [ "tls" "no-tls" ]; default = "tls"; - description = lib.mdDoc '' + description = '' Enable or disable TLS. If true (enabled) the key and certificate must be configured for nghttpx. @@ -15,7 +15,7 @@ sni-fwd = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' When performing a match to select a backend server, SNI host name received from the client is used instead of the request host. See --backend option about the pattern match. @@ -28,7 +28,7 @@ api = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable API access for this frontend. This enables you to dynamically modify nghttpx at run-time therefore this feature is disabled by default and should be turned on with care. @@ -41,7 +41,7 @@ healthmon = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Make this frontend a health monitor endpoint. Any request received on this frontend is responded to with a 200 OK. @@ -53,7 +53,7 @@ proxyproto = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Accept PROXY protocol version 1 on frontend connection. Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-f diff --git a/nixos/modules/services/networking/nghttpx/frontend-submodule.nix b/nixos/modules/services/networking/nghttpx/frontend-submodule.nix index 3175df20eec5b..887ef45021319 100644 --- a/nixos/modules/services/networking/nghttpx/frontend-submodule.nix +++ b/nixos/modules/services/networking/nghttpx/frontend-submodule.nix @@ -13,7 +13,7 @@ host = "127.0.0.1"; port = 80; }; - description = lib.mdDoc '' + description = '' Frontend server interface binding specification as either a host:port pair or a unix domain docket. @@ -28,7 +28,7 @@ tls = "tls"; }; default = null; - description = lib.mdDoc '' + description = '' Parameters to configure a backend. ''; }; diff --git a/nixos/modules/services/networking/nghttpx/nghttpx-options.nix b/nixos/modules/services/networking/nghttpx/nghttpx-options.nix index 82ab8c4223e60..cb77c0c6d1cd0 100644 --- a/nixos/modules/services/networking/nghttpx/nghttpx-options.nix +++ b/nixos/modules/services/networking/nghttpx/nghttpx-options.nix @@ -1,10 +1,10 @@ { lib, ... }: { options.services.nghttpx = { - enable = lib.mkEnableOption (lib.mdDoc "nghttpx"); + enable = lib.mkEnableOption "nghttpx"; frontends = lib.mkOption { type = lib.types.listOf (lib.types.submodule (import ./frontend-submodule.nix)); - description = lib.mdDoc '' + description = '' A list of frontend listener specifications. ''; example = [ @@ -22,7 +22,7 @@ backends = lib.mkOption { type = lib.types.listOf (lib.types.submodule (import ./backend-submodule.nix)); - description = lib.mdDoc '' + description = '' A list of backend specifications. ''; example = [ @@ -42,7 +42,7 @@ tls = lib.mkOption { type = lib.types.nullOr (lib.types.submodule (import ./tls-submodule.nix)); default = null; - description = lib.mdDoc '' + description = '' TLS certificate and key paths. Note that this does not enable TLS for a frontend listener, to do so, a frontend specification must set `params.tls` to true. @@ -56,7 +56,7 @@ extraConfig = lib.mkOption { type = lib.types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra configuration options to be appended to the generated configuration file. ''; @@ -65,7 +65,7 @@ single-process = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Run this program in a single process mode for debugging purpose. Without this option, nghttpx creates at least 2 processes: master and worker processes. If this option is @@ -81,7 +81,7 @@ backlog = lib.mkOption { type = lib.types.int; default = 65536; - description = lib.mdDoc '' + description = '' Listen backlog size. Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx--backlog @@ -95,7 +95,7 @@ "IPv6" ]; default = "auto"; - description = lib.mdDoc '' + description = '' Specify address family of backend connections. If "auto" is given, both IPv4 and IPv6 are considered. If "IPv4" is given, only IPv4 address is considered. If "IPv6" is given, only IPv6 @@ -108,7 +108,7 @@ workers = lib.mkOption { type = lib.types.int; default = 1; - description = lib.mdDoc '' + description = '' Set the number of worker threads. Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-n @@ -118,7 +118,7 @@ single-thread = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Run everything in one thread inside the worker process. This feature is provided for better debugging experience, or for the platforms which lack thread support. If threading is @@ -131,7 +131,7 @@ rlimit-nofile = lib.mkOption { type = lib.types.int; default = 0; - description = lib.mdDoc '' + description = '' Set maximum number of open files (RLIMIT_NOFILE) to \<N\>. If 0 is given, nghttpx does not set the limit. diff --git a/nixos/modules/services/networking/nghttpx/server-options.nix b/nixos/modules/services/networking/nghttpx/server-options.nix index 48e2a30455969..ef23bfd793c5c 100644 --- a/nixos/modules/services/networking/nghttpx/server-options.nix +++ b/nixos/modules/services/networking/nghttpx/server-options.nix @@ -3,14 +3,14 @@ host = lib.mkOption { type = lib.types.str; example = "127.0.0.1"; - description = lib.mdDoc '' + description = '' Server host address. ''; }; port = lib.mkOption { type = lib.types.int; example = 5088; - description = lib.mdDoc '' + description = '' Server host port. ''; }; diff --git a/nixos/modules/services/networking/nghttpx/tls-submodule.nix b/nixos/modules/services/networking/nghttpx/tls-submodule.nix index bb6cdae07e582..8f3cdaae2c818 100644 --- a/nixos/modules/services/networking/nghttpx/tls-submodule.nix +++ b/nixos/modules/services/networking/nghttpx/tls-submodule.nix @@ -4,7 +4,7 @@ type = lib.types.str; example = "/etc/ssl/keys/mykeyfile.key"; default = "/etc/ssl/keys/server.key"; - description = lib.mdDoc '' + description = '' Path to the TLS key file. ''; }; @@ -13,7 +13,7 @@ type = lib.types.str; example = "/etc/ssl/certs/mycert.crt"; default = "/etc/ssl/certs/server.crt"; - description = lib.mdDoc '' + description = '' Path to the TLS certificate file. ''; }; diff --git a/nixos/modules/services/networking/ngircd.nix b/nixos/modules/services/networking/ngircd.nix index a2fff78fdff89..76e4642c86194 100644 --- a/nixos/modules/services/networking/ngircd.nix +++ b/nixos/modules/services/networking/ngircd.nix @@ -20,10 +20,10 @@ let in { options = { services.ngircd = { - enable = mkEnableOption (lib.mdDoc "the ngircd IRC server"); + enable = mkEnableOption "the ngircd IRC server"; config = mkOption { - description = lib.mdDoc "The ngircd configuration (see ngircd.conf(5))."; + description = "The ngircd configuration (see ngircd.conf(5))."; type = types.lines; }; diff --git a/nixos/modules/services/networking/nix-serve.nix b/nixos/modules/services/networking/nix-serve.nix index a0c0be2ff254f..9f1c54adcfb4a 100644 --- a/nixos/modules/services/networking/nix-serve.nix +++ b/nixos/modules/services/networking/nix-serve.nix @@ -8,12 +8,12 @@ in { options = { services.nix-serve = { - enable = mkEnableOption (lib.mdDoc "nix-serve, the standalone Nix binary cache server"); + enable = mkEnableOption "nix-serve, the standalone Nix binary cache server"; port = mkOption { type = types.port; default = 5000; - description = lib.mdDoc '' + description = '' Port number where nix-serve will listen on. ''; }; @@ -21,7 +21,7 @@ in bindAddress = mkOption { type = types.str; default = "0.0.0.0"; - description = lib.mdDoc '' + description = '' IP address where nix-serve will bind its listening socket. ''; }; @@ -31,13 +31,13 @@ in openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Open ports in the firewall for nix-serve."; + description = "Open ports in the firewall for nix-serve."; }; secretKeyFile = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The path to the file used for signing derivation data. Generate with: @@ -52,7 +52,7 @@ in extraParams = mkOption { type = types.separatedString " "; default = ""; - description = lib.mdDoc '' + description = '' Extra command line parameters for nix-serve. ''; }; diff --git a/nixos/modules/services/networking/nix-store-gcs-proxy.nix b/nixos/modules/services/networking/nix-store-gcs-proxy.nix index 531b2bde7633a..0012302db2e3c 100644 --- a/nixos/modules/services/networking/nix-store-gcs-proxy.nix +++ b/nixos/modules/services/networking/nix-store-gcs-proxy.nix @@ -9,18 +9,18 @@ let default = true; type = types.bool; example = true; - description = lib.mdDoc "Whether to enable proxy for this bucket"; + description = "Whether to enable proxy for this bucket"; }; bucketName = mkOption { type = types.str; default = name; example = "my-bucket-name"; - description = lib.mdDoc "Name of Google storage bucket"; + description = "Name of Google storage bucket"; }; address = mkOption { type = types.str; example = "localhost:3000"; - description = lib.mdDoc "The address of the proxy."; + description = "The address of the proxy."; }; }; }; @@ -31,7 +31,7 @@ in options.services.nix-store-gcs-proxy = mkOption { type = types.attrsOf (types.submodule opts); default = {}; - description = lib.mdDoc '' + description = '' An attribute set describing an HTTP to GCS proxy that allows us to use GCS bucket via HTTP protocol. ''; diff --git a/nixos/modules/services/networking/nixops-dns.nix b/nixos/modules/services/networking/nixops-dns.nix index 378c2ee6d05fb..5e33d872ea452 100644 --- a/nixos/modules/services/networking/nixops-dns.nix +++ b/nixos/modules/services/networking/nixops-dns.nix @@ -12,7 +12,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the nixops-dns resolution of NixOps virtual machines via dnsmasq and fake domain name. ''; @@ -20,7 +20,7 @@ in user = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The user the nixops-dns daemon should run as. This should be the user, which is also used for nixops and have the .nixops directory in its home. @@ -29,7 +29,7 @@ in domain = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Fake domain name to resolve to NixOps virtual machines. For example "ops" will resolve "vm.ops". @@ -40,7 +40,7 @@ in dnsmasq = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Enable dnsmasq forwarding to nixops-dns. This allows to use nixops-dns for `services.nixops-dns.domain` resolution while forwarding the rest of the queries to original resolvers. diff --git a/nixos/modules/services/networking/nncp.nix b/nixos/modules/services/networking/nncp.nix index 3cfe41995e76c..f4ed7ecc7d4a6 100644 --- a/nixos/modules/services/networking/nncp.nix +++ b/nixos/modules/services/networking/nncp.nix @@ -39,7 +39,7 @@ in { ''; listenStreams = mkOption { type = with types; listOf str; - description = lib.mdDoc '' + description = '' TCP sockets to bind to. See [](#opt-systemd.sockets._name_.listenStreams). ''; diff --git a/nixos/modules/services/networking/nntp-proxy.nix b/nixos/modules/services/networking/nntp-proxy.nix index b887c0e16ef43..0a174ec346642 100644 --- a/nixos/modules/services/networking/nntp-proxy.nix +++ b/nixos/modules/services/networking/nntp-proxy.nix @@ -59,13 +59,13 @@ in options = { services.nntp-proxy = { - enable = mkEnableOption (lib.mdDoc "NNTP-Proxy"); + enable = mkEnableOption "NNTP-Proxy"; upstreamServer = mkOption { type = types.str; default = ""; example = "ssl-eu.astraweb.com"; - description = lib.mdDoc '' + description = '' Upstream server address ''; }; @@ -73,7 +73,7 @@ in upstreamPort = mkOption { type = types.port; default = 563; - description = lib.mdDoc '' + description = '' Upstream server port ''; }; @@ -81,7 +81,7 @@ in upstreamMaxConnections = mkOption { type = types.int; default = 20; - description = lib.mdDoc '' + description = '' Upstream server maximum allowed concurrent connections ''; }; @@ -89,7 +89,7 @@ in upstreamUser = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Upstream server username ''; }; @@ -97,7 +97,7 @@ in upstreamPassword = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Upstream server password ''; }; @@ -106,7 +106,7 @@ in type = types.str; default = "127.0.0.1"; example = "[::]"; - description = lib.mdDoc '' + description = '' Proxy listen address (IPv6 literal addresses need to be enclosed in "[" and "]" characters) ''; }; @@ -114,7 +114,7 @@ in port = mkOption { type = types.port; default = 5555; - description = lib.mdDoc '' + description = '' Proxy listen port ''; }; @@ -123,7 +123,7 @@ in type = types.str; default = "key.pem"; example = "/path/to/your/key.file"; - description = lib.mdDoc '' + description = '' Proxy ssl key path ''; }; @@ -132,7 +132,7 @@ in type = types.str; default = "cert.pem"; example = "/path/to/your/cert.file"; - description = lib.mdDoc '' + description = '' Proxy ssl certificate path ''; }; @@ -140,7 +140,7 @@ in prohibitPosting = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to prohibit posting to the upstream server ''; }; @@ -149,7 +149,7 @@ in type = types.enum [ "error" "warning" "notice" "info" "debug" ]; default = "info"; example = "error"; - description = lib.mdDoc '' + description = '' Verbosity level ''; }; @@ -159,7 +159,7 @@ in options = { username = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Username ''; }; @@ -167,7 +167,7 @@ in passwordHash = mkOption { type = types.str; example = "$6$GtzE7FrpE$wwuVgFYU.TZH4Rz.Snjxk9XGua89IeVwPQ/fEUD8eujr40q5Y021yhn0aNcsQ2Ifw.BLclyzvzgegopgKcneL0"; - description = lib.mdDoc '' + description = '' SHA-512 password hash (can be generated by `mkpasswd -m sha-512 <password>`) ''; @@ -176,13 +176,13 @@ in maxConnections = mkOption { type = types.int; default = 1; - description = lib.mdDoc '' + description = '' Maximum number of concurrent connections to the proxy for this user ''; }; }; }); - description = lib.mdDoc '' + description = '' NNTP-Proxy user configuration ''; diff --git a/nixos/modules/services/networking/nomad.nix b/nixos/modules/services/networking/nomad.nix index 8cb0264648de2..a30622ac8548a 100644 --- a/nixos/modules/services/networking/nomad.nix +++ b/nixos/modules/services/networking/nomad.nix @@ -8,14 +8,14 @@ in ##### interface options = { services.nomad = { - enable = mkEnableOption (lib.mdDoc "Nomad, a distributed, highly available, datacenter-aware scheduler"); + enable = mkEnableOption "Nomad, a distributed, highly available, datacenter-aware scheduler"; package = mkPackageOption pkgs "nomad" { }; extraPackages = mkOption { type = types.listOf types.package; default = [ ]; - description = lib.mdDoc '' + description = '' Extra packages to add to {env}`PATH` for the Nomad agent process. ''; example = literalExpression '' @@ -26,7 +26,7 @@ in dropPrivileges = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether the nomad agent should be run as a non-root nomad user. ''; }; @@ -34,7 +34,7 @@ in enableDocker = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Enable Docker support. Needed for Nomad's docker driver. Note that the docker group membership is effectively equivalent @@ -45,7 +45,7 @@ in extraSettingsPaths = mkOption { type = types.listOf types.path; default = [ ]; - description = lib.mdDoc '' + description = '' Additional settings paths used to configure nomad. These can be files or directories. ''; example = literalExpression '' @@ -56,7 +56,7 @@ in extraSettingsPlugins = mkOption { type = types.listOf (types.either types.package types.path); default = [ ]; - description = lib.mdDoc '' + description = '' Additional plugins dir used to configure nomad. ''; example = literalExpression '' @@ -65,7 +65,7 @@ in }; credentials = mkOption { - description = lib.mdDoc '' + description = '' Credentials envs used to configure nomad secrets. ''; type = types.attrsOf types.str; @@ -79,7 +79,7 @@ in settings = mkOption { type = format.type; default = { }; - description = lib.mdDoc '' + description = '' Configuration for Nomad. See the [documentation](https://www.nomadproject.io/docs/configuration) for supported values. diff --git a/nixos/modules/services/networking/nsd.nix b/nixos/modules/services/networking/nsd.nix index 6db728e7aa5ae..b17416c1e3d34 100644 --- a/nixos/modules/services/networking/nsd.nix +++ b/nixos/modules/services/networking/nsd.nix @@ -81,7 +81,6 @@ let zonesdir: "${stateDir}" # the list of dynamically added zones. - database: "${stateDir}/var/nsd.db" pidfile: "${pidFile}" xfrdfile: "${stateDir}/var/xfrd.state" xfrdir: "${stateDir}/tmp" @@ -112,6 +111,7 @@ let ${maybeString "version: " cfg.version} xfrd-reload-timeout: ${toString cfg.xfrdReloadTimeout} zonefiles-check: ${yesOrNo cfg.zonefilesCheck} + zonefiles-write: ${toString cfg.zonefilesWrite} ${maybeString "rrl-ipv4-prefix-length: " cfg.ratelimit.ipv4PrefixLength} ${maybeString "rrl-ipv6-prefix-length: " cfg.ratelimit.ipv6PrefixLength} @@ -152,9 +152,7 @@ let copyKeys = concatStrings (mapAttrsToList (keyName: keyOptions: '' secret=$(cat "${keyOptions.keyFile}") dest="${stateDir}/private/${keyName}" - echo " secret: \"$secret\"" > "$dest" - chown ${username}:${username} "$dest" - chmod 0400 "$dest" + install -m 0400 -o "${username}" -g "${username}" <(echo " secret: \"$secret\"") "$dest" '') cfg.keys); @@ -173,6 +171,7 @@ let ${maybeToString "min-retry-time: " zone.minRetrySecs} allow-axfr-fallback: ${yesOrNo zone.allowAXFRFallback} + multi-master-check: ${yesOrNo zone.multiMasterCheck} ${forEach " allow-notify: " zone.allowNotify} ${forEach " request-xfr: " zone.requestXFR} @@ -201,7 +200,7 @@ let allowAXFRFallback = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' If NSD as secondary server should be allowed to AXFR if the primary server does not allow IXFR. ''; @@ -213,7 +212,7 @@ let example = [ "192.0.2.0/24 NOKEY" "10.0.0.1-10.0.0.5 my_tsig_key_name" "10.0.3.4&255.255.0.0 BLOCKED" ]; - description = lib.mdDoc '' + description = '' Listed primary servers are allowed to notify this secondary server. Format: `<ip> <key-name | NOKEY | BLOCKED>` @@ -243,7 +242,7 @@ let # to default values, breaking the parent inheriting function. type = types.attrsOf types.anything; default = {}; - description = lib.mdDoc '' + description = '' Children zones inherit all options of their parents. Attributes defined in a child will overwrite the ones of its parent. Only leaf zones will be actually served. This way it's possible to @@ -256,29 +255,29 @@ let data = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' The actual zone data. This is the content of your zone file. Use imports or pkgs.lib.readFile if you don't want this data in your config file. ''; }; - dnssec = mkEnableOption (lib.mdDoc "DNSSEC"); + dnssec = mkEnableOption "DNSSEC"; dnssecPolicy = { algorithm = mkOption { type = types.str; default = "RSASHA256"; - description = lib.mdDoc "Which algorithm to use for DNSSEC"; + description = "Which algorithm to use for DNSSEC"; }; keyttl = mkOption { type = types.str; default = "1h"; - description = lib.mdDoc "TTL for dnssec records"; + description = "TTL for dnssec records"; }; coverage = mkOption { type = types.str; default = "1y"; - description = lib.mdDoc '' + description = '' The length of time to ensure that keys will be correct; no action will be taken to create new keys to be activated after this time. ''; }; @@ -289,7 +288,7 @@ let postPublish = "1w"; rollPeriod = "1mo"; }; - description = lib.mdDoc "Key policy for zone signing keys"; + description = "Key policy for zone signing keys"; }; ksk = mkOption { type = keyPolicy; @@ -298,14 +297,14 @@ let postPublish = "1mo"; rollPeriod = "0"; }; - description = lib.mdDoc "Key policy for key signing keys"; + description = "Key policy for key signing keys"; }; }; maxRefreshSecs = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' Limit refresh time for secondary zones. This is the timer which checks to see if the zone has to be refetched when it expires. Normally the value from the SOA record is used, but this option @@ -316,7 +315,7 @@ let minRefreshSecs = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' Limit refresh time for secondary zones. ''; }; @@ -324,7 +323,7 @@ let maxRetrySecs = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' Limit retry time for secondary zones. This is the timeout after a failed fetch attempt for the zone. Normally the value from the SOA record is used, but this option restricts that value. @@ -334,17 +333,26 @@ let minRetrySecs = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' Limit retry time for secondary zones. ''; }; + multiMasterCheck = mkOption { + type = types.bool; + default = false; + description = '' + If enabled, checks all masters for the last zone version. + It uses the higher version from all configured masters. + Useful if you have multiple masters that have different version numbers served. + ''; + }; notify = mkOption { type = types.listOf types.str; default = []; example = [ "10.0.0.1@3721 my_key" "::5 NOKEY" ]; - description = lib.mdDoc '' + description = '' This primary server will notify all given secondary servers about zone changes. @@ -361,7 +369,7 @@ let notifyRetry = mkOption { type = types.int; default = 5; - description = lib.mdDoc '' + description = '' Specifies the number of retries for failed notifies. Set this along with notify. ''; }; @@ -370,7 +378,7 @@ let type = types.nullOr types.str; default = null; example = "2000::1@1234"; - description = lib.mdDoc '' + description = '' This address will be used for zone-transfer requests if configured as a secondary server or notifications in case of a primary server. Supply either a plain IPv4 or IPv6 address with an optional port @@ -382,7 +390,7 @@ let type = types.listOf types.str; default = []; example = [ "192.0.2.0/24 NOKEY" "192.0.2.0/24 my_tsig_key_name" ]; - description = lib.mdDoc '' + description = '' Allow these IPs and TSIG to transfer zones, addr TSIG|NOKEY|BLOCKED address range 192.0.2.0/24, 1.2.3.4&255.255.0.0, 3.0.2.20-3.0.2.40 ''; @@ -391,7 +399,7 @@ let requestXFR = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' Format: `[AXFR|UDP] <ip-address> <key-name | NOKEY>` ''; }; @@ -399,7 +407,7 @@ let rrlWhitelist = mkOption { type = with types; listOf (enum [ "nxdomain" "error" "referral" "any" "rrsig" "wildcard" "nodata" "dnskey" "positive" "all" ]); default = []; - description = lib.mdDoc '' + description = '' Whitelists the given rrl-types. ''; }; @@ -408,7 +416,7 @@ let type = types.nullOr types.str; default = null; example = "%s"; - description = lib.mdDoc '' + description = '' When set to something distinct to null NSD is able to collect statistics per zone. All statistics of this zone(s) will be added to the group specified by this given name. Use "%s" to use the zones @@ -423,19 +431,19 @@ let options = { keySize = mkOption { type = types.int; - description = lib.mdDoc "Key size in bits"; + description = "Key size in bits"; }; prePublish = mkOption { type = types.str; - description = lib.mdDoc "How long in advance to publish new keys"; + description = "How long in advance to publish new keys"; }; postPublish = mkOption { type = types.str; - description = lib.mdDoc "How long after deactivation to keep a key in the zone"; + description = "How long after deactivation to keep a key in the zone"; }; rollPeriod = mkOption { type = types.str; - description = lib.mdDoc "How frequently to change keys"; + description = "How frequently to change keys"; }; }; }; @@ -447,9 +455,7 @@ let dnssecTools = pkgs.bind.override { enablePython = true; }; signZones = optionalString dnssec '' - mkdir -p ${stateDir}/dnssec - chown ${username}:${username} ${stateDir}/dnssec - chmod 0600 ${stateDir}/dnssec + install -m 0600 -o "${username}" -g "${username}" -d "${stateDir}/dnssec" ${concatStrings (mapAttrsToList signZone dnssecZones)} ''; @@ -478,14 +484,14 @@ in # options are ordered alphanumerically options.services.nsd = { - enable = mkEnableOption (lib.mdDoc "NSD authoritative DNS server"); + enable = mkEnableOption "NSD authoritative DNS server"; - bind8Stats = mkEnableOption (lib.mdDoc "BIND8 like statistics"); + bind8Stats = mkEnableOption "BIND8 like statistics"; dnssecInterval = mkOption { type = types.str; default = "1h"; - description = lib.mdDoc '' + description = '' How often to check whether dnssec key rollover is required ''; }; @@ -493,7 +499,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra nsd config. ''; }; @@ -501,7 +507,7 @@ in hideVersion = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether NSD should answer VERSION.BIND and VERSION.SERVER CHAOS class queries. ''; }; @@ -509,7 +515,7 @@ in identity = mkOption { type = types.str; default = "unidentified server"; - description = lib.mdDoc '' + description = '' Identify the server (CH TXT ID.SERVER entry). ''; }; @@ -517,7 +523,7 @@ in interfaces = mkOption { type = types.listOf types.str; default = [ "127.0.0.0" "::1" ]; - description = lib.mdDoc '' + description = '' What addresses the server should listen to. ''; }; @@ -525,7 +531,7 @@ in ipFreebind = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to bind to nonlocal addresses and interfaces that are down. Similar to ip-transparent. ''; @@ -534,7 +540,7 @@ in ipTransparent = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Allow binding to non local addresses. ''; }; @@ -542,7 +548,7 @@ in ipv4 = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to listen on IPv4 connections. ''; }; @@ -550,7 +556,7 @@ in ipv4EDNSSize = mkOption { type = types.int; default = 4096; - description = lib.mdDoc '' + description = '' Preferred EDNS buffer size for IPv4. ''; }; @@ -558,7 +564,7 @@ in ipv6 = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to listen on IPv6 connections. ''; }; @@ -566,7 +572,7 @@ in ipv6EDNSSize = mkOption { type = types.int; default = 4096; - description = lib.mdDoc '' + description = '' Preferred EDNS buffer size for IPv6. ''; }; @@ -574,7 +580,7 @@ in logTimeAscii = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Log time in ascii, if false then in unix epoch seconds. ''; }; @@ -582,7 +588,7 @@ in nsid = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' NSID identity (hex string, or "ascii_somestring"). ''; }; @@ -590,7 +596,7 @@ in port = mkOption { type = types.port; default = 53; - description = lib.mdDoc '' + description = '' Port the service should bind do. ''; }; @@ -599,7 +605,7 @@ in type = types.bool; default = pkgs.stdenv.isLinux; defaultText = literalExpression "pkgs.stdenv.isLinux"; - description = lib.mdDoc '' + description = '' Whether to enable SO_REUSEPORT on all used sockets. This lets multiple processes bind to the same port. This speeds up operation especially if the server count is greater than one and makes fast restarts less @@ -610,18 +616,18 @@ in rootServer = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether this server will be a root server (a DNS root server, you usually don't want that). ''; }; - roundRobin = mkEnableOption (lib.mdDoc "round robin rotation of records"); + roundRobin = mkEnableOption "round robin rotation of records"; serverCount = mkOption { type = types.int; default = 1; - description = lib.mdDoc '' + description = '' Number of NSD servers to fork. Put the number of CPUs to use here. ''; }; @@ -629,7 +635,7 @@ in statistics = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' Statistics are produced every number of seconds. Prints to log. If null no statistics are logged. ''; @@ -638,7 +644,7 @@ in tcpCount = mkOption { type = types.int; default = 100; - description = lib.mdDoc '' + description = '' Maximum number of concurrent TCP connections per server. ''; }; @@ -646,7 +652,7 @@ in tcpQueryCount = mkOption { type = types.int; default = 0; - description = lib.mdDoc '' + description = '' Maximum number of queries served on a single TCP connection. 0 means no maximum. ''; @@ -655,7 +661,7 @@ in tcpTimeout = mkOption { type = types.int; default = 120; - description = lib.mdDoc '' + description = '' TCP timeout in seconds. ''; }; @@ -663,7 +669,7 @@ in verbosity = mkOption { type = types.int; default = 0; - description = lib.mdDoc '' + description = '' Verbosity level. ''; }; @@ -671,7 +677,7 @@ in version = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The version string replied for CH TXT version.server and version.bind queries. Will use the compiled package version on null. See hideVersion for enabling/disabling this responses. @@ -681,7 +687,7 @@ in xfrdReloadTimeout = mkOption { type = types.int; default = 1; - description = lib.mdDoc '' + description = '' Number of seconds between reloads triggered by xfrd. ''; }; @@ -689,11 +695,22 @@ in zonefilesCheck = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to check mtime of all zone files on start and sighup. ''; }; + zonefilesWrite = mkOption { + type = types.int; + default = 0; + description = '' + Write changed secondary zones to their zonefile every N seconds. + If the zone (pattern) configuration has "" zonefile, it is not written. + Zones that have received zone transfer updates are written to their zonefile. + 0 disables writing to zone files. + ''; + }; + keys = mkOption { type = types.attrsOf (types.submodule { @@ -702,14 +719,14 @@ in algorithm = mkOption { type = types.str; default = "hmac-sha256"; - description = lib.mdDoc '' + description = '' Authentication algorithm for this key. ''; }; keyFile = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' Path to the file which contains the actual base64 encoded key. The key will be copied into "${stateDir}/private" before NSD starts. The copied file is only accessibly by the NSD @@ -727,7 +744,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' Define your TSIG keys here. ''; }; @@ -735,12 +752,12 @@ in ratelimit = { - enable = mkEnableOption (lib.mdDoc "ratelimit capabilities"); + enable = mkEnableOption "ratelimit capabilities"; ipv4PrefixLength = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' IPv4 prefix length. Addresses are grouped by netblock. ''; }; @@ -748,7 +765,7 @@ in ipv6PrefixLength = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' IPv6 prefix length. Addresses are grouped by netblock. ''; }; @@ -756,7 +773,7 @@ in ratelimit = mkOption { type = types.int; default = 200; - description = lib.mdDoc '' + description = '' Max qps allowed from any query source. 0 means unlimited. With an verbosity of 2 blocked and unblocked subnets will be logged. @@ -766,7 +783,7 @@ in slip = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' Number of packets that get discarded before replying a SLIP response. 0 disables SLIP responses. 1 will make every response a SLIP response. ''; @@ -775,7 +792,7 @@ in size = mkOption { type = types.int; default = 1000000; - description = lib.mdDoc '' + description = '' Size of the hashtable. More buckets use more memory but lower the chance of hash hash collisions. ''; @@ -784,7 +801,7 @@ in whitelistRatelimit = mkOption { type = types.int; default = 2000; - description = lib.mdDoc '' + description = '' Max qps allowed from whitelisted sources. 0 means unlimited. Set the rrl-whitelist option for specific queries to apply this limit instead of the default to them. @@ -796,12 +813,12 @@ in remoteControl = { - enable = mkEnableOption (lib.mdDoc "remote control via nsd-control"); + enable = mkEnableOption "remote control via nsd-control"; controlCertFile = mkOption { type = types.path; default = "/etc/nsd/nsd_control.pem"; - description = lib.mdDoc '' + description = '' Path to the client certificate signed with the server certificate. This file is used by nsd-control and generated by nsd-control-setup. ''; @@ -810,7 +827,7 @@ in controlKeyFile = mkOption { type = types.path; default = "/etc/nsd/nsd_control.key"; - description = lib.mdDoc '' + description = '' Path to the client private key, which is used by nsd-control but not by the server. This file is generated by nsd-control-setup. ''; @@ -819,7 +836,7 @@ in interfaces = mkOption { type = types.listOf types.str; default = [ "127.0.0.1" "::1" ]; - description = lib.mdDoc '' + description = '' Which interfaces NSD should bind to for remote control. ''; }; @@ -827,7 +844,7 @@ in port = mkOption { type = types.port; default = 8952; - description = lib.mdDoc '' + description = '' Port number for remote control operations (uses TLS over TCP). ''; }; @@ -835,7 +852,7 @@ in serverCertFile = mkOption { type = types.path; default = "/etc/nsd/nsd_server.pem"; - description = lib.mdDoc '' + description = '' Path to the server self signed certificate, which is used by the server but and by nsd-control. This file is generated by nsd-control-setup. ''; @@ -844,7 +861,7 @@ in serverKeyFile = mkOption { type = types.path; default = "/etc/nsd/nsd_server.key"; - description = lib.mdDoc '' + description = '' Path to the server private key, which is used by the server but not by nsd-control. This file is generated by nsd-control-setup. ''; @@ -886,7 +903,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' Define your zones here. Zones can cascade other zones and therefore inherit settings from parent zones. Look at the definition of children to learn about inheritance and child zones. @@ -940,9 +957,9 @@ in rm -Rf "${stateDir}/private/" rm -Rf "${stateDir}/tmp/" - mkdir -m 0700 -p "${stateDir}/private" - mkdir -m 0700 -p "${stateDir}/tmp" - mkdir -m 0700 -p "${stateDir}/var" + install -dm 0700 -o "${username}" -g "${username}" "${stateDir}/private" + install -dm 0700 -o "${username}" -g "${username}" "${stateDir}/tmp" + install -dm 0700 -o "${username}" -g "${username}" "${stateDir}/var" cat > "${stateDir}/don't touch anything in here" << EOF Everything in this directory except NSD's state in var and dnssec @@ -950,10 +967,6 @@ in the nsd.service pre-start script. EOF - chown ${username}:${username} -R "${stateDir}/private" - chown ${username}:${username} -R "${stateDir}/tmp" - chown ${username}:${username} -R "${stateDir}/var" - rm -rf "${stateDir}/zones" cp -rL "${nsdEnv}/zones" "${stateDir}/zones" diff --git a/nixos/modules/services/networking/ntopng.nix b/nixos/modules/services/networking/ntopng.nix index a47ee0773d179..ebe9e3072e982 100644 --- a/nixos/modules/services/networking/ntopng.nix +++ b/nixos/modules/services/networking/ntopng.nix @@ -43,7 +43,7 @@ in enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Enable ntopng, a high-speed web-based traffic analysis and flow collection tool. @@ -63,7 +63,7 @@ in default = [ "any" ]; example = [ "eth0" "wlan0" ]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' List of interfaces to monitor. Use "any" to monitor all interfaces. ''; }; @@ -71,7 +71,7 @@ in httpPort = mkOption { default = 3000; type = types.int; - description = lib.mdDoc '' + description = '' Sets the HTTP port of the embedded web server. ''; }; @@ -79,7 +79,7 @@ in redis.address = mkOption { type = types.str; example = literalExpression "config.services.redis.ntopng.unixSocket"; - description = lib.mdDoc '' + description = '' Redis address - may be a Unix socket or a network host and port. ''; }; @@ -87,7 +87,7 @@ in redis.createInstance = mkOption { type = types.nullOr types.str; default = optionalString (versionAtLeast config.system.stateVersion "22.05") "ntopng"; - description = lib.mdDoc '' + description = '' Local Redis instance name. Set to `null` to disable local Redis instance. Defaults to `""` for `system.stateVersion` older than 22.05. @@ -102,7 +102,7 @@ in --disable-login ''; type = types.lines; - description = lib.mdDoc '' + description = '' Overridable configuration file contents to use for ntopng. By default, use the contents automatically generated by NixOS. ''; @@ -111,7 +111,7 @@ in extraConfig = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Configuration lines that will be appended to the generated ntopng configuration file. Note that this mechanism does not work when the manual {option}`configText` option is used. diff --git a/nixos/modules/services/networking/ntp/chrony.nix b/nixos/modules/services/networking/ntp/chrony.nix index b56bea4e134f6..978b156414a73 100644 --- a/nixos/modules/services/networking/ntp/chrony.nix +++ b/nixos/modules/services/networking/ntp/chrony.nix @@ -41,7 +41,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to synchronise your machine's time using chrony. Make sure you disable NTP if you enable this service. ''; @@ -53,7 +53,7 @@ in default = config.networking.timeServers; defaultText = literalExpression "config.networking.timeServers"; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' The set of NTP servers from which to synchronise. ''; }; @@ -61,7 +61,7 @@ in serverOption = mkOption { default = "iburst"; type = types.enum [ "iburst" "offline" ]; - description = lib.mdDoc '' + description = '' Set option for server directives. Use "iburst" to rapidly poll on startup. Recommended if your machine @@ -76,7 +76,7 @@ in type = types.bool; default = config.environment.memoryAllocator.provider != "graphene-hardened"; defaultText = ''config.environment.memoryAllocator.provider != "graphene-hardened"''; - description = lib.mdDoc '' + description = '' Whether to add the `-m` flag to lock memory. ''; }; @@ -84,7 +84,7 @@ in enableRTCTrimming = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Enable tracking of the RTC offset to the system clock and automatic trimming. See also [](#opt-services.chrony.autotrimThreshold) @@ -111,7 +111,7 @@ in enableNTS = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable Network Time Security authentication. Make sure it is supported by your selected NTP server(s). ''; @@ -121,7 +121,7 @@ in enabled = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Allow chronyd to make a rapid measurement of the system clock error at boot time, and to correct the system clock by stepping before normal operation begins. @@ -131,7 +131,7 @@ in threshold = mkOption { type = types.either types.float types.int; default = 1000; # by default, same threshold as 'ntpd -g' (1000s) - description = lib.mdDoc '' + description = '' The threshold of system clock error (in seconds) above which the clock will be stepped. If the correction required is less than the threshold, a slew is used instead. @@ -142,13 +142,13 @@ in directory = mkOption { type = types.str; default = "/var/lib/chrony"; - description = lib.mdDoc "Directory where chrony state is stored."; + description = "Directory where chrony state is stored."; }; extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra configuration directives that should be added to `chrony.conf` ''; @@ -158,7 +158,7 @@ in default = [ ]; example = [ "-s" ]; type = types.listOf types.str; - description = lib.mdDoc "Extra flags passed to the chronyd command."; + description = "Extra flags passed to the chronyd command."; }; }; }; diff --git a/nixos/modules/services/networking/ntp/ntpd-rs.nix b/nixos/modules/services/networking/ntp/ntpd-rs.nix index 4643ac146ddb9..296c89c4c6f54 100644 --- a/nixos/modules/services/networking/ntp/ntpd-rs.nix +++ b/nixos/modules/services/networking/ntp/ntpd-rs.nix @@ -15,7 +15,7 @@ in useNetworkingTimeServers = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc '' + description = '' Use source time servers from {var}`networking.timeServers` in config. ''; }; @@ -25,7 +25,7 @@ in freeformType = format.type; }; default = { }; - description = lib.mdDoc '' + description = '' Settings to write to {file}`ntp.toml` See <https://docs.ntpd-rs.pendulum-project.org/man/ntp.toml.5> diff --git a/nixos/modules/services/networking/ntp/ntpd.nix b/nixos/modules/services/networking/ntp/ntpd.nix index 2bc690cacf096..e7ea8866d79bc 100644 --- a/nixos/modules/services/networking/ntp/ntpd.nix +++ b/nixos/modules/services/networking/ntp/ntpd.nix @@ -40,7 +40,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to synchronise your machine's time using ntpd, as a peer in the NTP network. @@ -50,7 +50,7 @@ in restrictDefault = mkOption { type = types.listOf types.str; - description = lib.mdDoc '' + description = '' The restriction flags to be set by default. The default flags prevent external hosts from using ntpd as a DDoS @@ -63,7 +63,7 @@ in restrictSource = mkOption { type = types.listOf types.str; - description = lib.mdDoc '' + description = '' The restriction flags to be set on source. The default flags allow peers to be added by ntpd from configured @@ -76,7 +76,7 @@ in default = config.networking.timeServers; defaultText = literalExpression "config.networking.timeServers"; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' The set of NTP servers from which to synchronise. ''; }; @@ -87,14 +87,14 @@ in example = '' fudge 127.127.1.0 stratum 10 ''; - description = lib.mdDoc '' + description = '' Additional text appended to {file}`ntp.conf`. ''; }; extraFlags = mkOption { type = types.listOf types.str; - description = lib.mdDoc "Extra flags passed to the ntpd command."; + description = "Extra flags passed to the ntpd command."; example = literalExpression ''[ "--interface=eth0" ]''; default = []; }; diff --git a/nixos/modules/services/networking/ntp/openntpd.nix b/nixos/modules/services/networking/ntp/openntpd.nix index 05df1f6e6266d..9414be1f85021 100644 --- a/nixos/modules/services/networking/ntp/openntpd.nix +++ b/nixos/modules/services/networking/ntp/openntpd.nix @@ -19,7 +19,7 @@ in ###### interface options.services.openntpd = { - enable = mkEnableOption (lib.mdDoc "OpenNTP time synchronization server"); + enable = mkEnableOption "OpenNTP time synchronization server"; servers = mkOption { default = config.services.ntp.servers; @@ -35,7 +35,7 @@ in listen on 127.0.0.1 listen on ::1 ''; - description = lib.mdDoc '' + description = '' Additional text appended to {file}`openntpd.conf`. ''; }; @@ -44,7 +44,7 @@ in type = with types; separatedString " "; default = ""; example = "-s"; - description = lib.mdDoc '' + description = '' Extra options used when launching openntpd. ''; }; diff --git a/nixos/modules/services/networking/nullidentdmod.nix b/nixos/modules/services/networking/nullidentdmod.nix index e74e1dd6b795d..b0d338a279410 100644 --- a/nixos/modules/services/networking/nullidentdmod.nix +++ b/nixos/modules/services/networking/nullidentdmod.nix @@ -3,11 +3,11 @@ in { options.services.nullidentdmod = with types; { - enable = mkEnableOption (lib.mdDoc "the nullidentdmod identd daemon"); + enable = mkEnableOption "the nullidentdmod identd daemon"; userid = mkOption { type = nullOr str; - description = lib.mdDoc "User ID to return. Set to null to return a random string each time."; + description = "User ID to return. Set to null to return a random string each time."; default = null; example = "alice"; }; diff --git a/nixos/modules/services/networking/nylon.nix b/nixos/modules/services/networking/nylon.nix index 401dbe97c52d7..f1b9abf61d608 100644 --- a/nixos/modules/services/networking/nylon.nix +++ b/nixos/modules/services/networking/nylon.nix @@ -29,7 +29,7 @@ let enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enables nylon as a running service upon activation. ''; }; @@ -37,13 +37,13 @@ let name = mkOption { type = types.str; default = ""; - description = lib.mdDoc "The name of this nylon instance."; + description = "The name of this nylon instance."; }; nrConnections = mkOption { type = types.int; default = 10; - description = lib.mdDoc '' + description = '' The number of allowed simultaneous connections to the daemon, default 10. ''; }; @@ -51,7 +51,7 @@ let logging = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable logging, default is no logging. ''; }; @@ -59,7 +59,7 @@ let verbosity = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable verbose output, default is to not be verbose. ''; }; @@ -67,7 +67,7 @@ let acceptInterface = mkOption { type = types.str; default = "lo"; - description = lib.mdDoc '' + description = '' Tell nylon which interface to listen for client requests on, default is "lo". ''; }; @@ -75,7 +75,7 @@ let bindInterface = mkOption { type = types.str; default = "enp3s0f0"; - description = lib.mdDoc '' + description = '' Tell nylon which interface to use as an uplink, default is "enp3s0f0". ''; }; @@ -83,7 +83,7 @@ let port = mkOption { type = types.port; default = 1080; - description = lib.mdDoc '' + description = '' What port to listen for client requests, default is 1080. ''; }; @@ -91,7 +91,7 @@ let allowedIPRanges = mkOption { type = with types; listOf str; default = [ "192.168.0.0/16" "127.0.0.1/8" "172.16.0.1/12" "10.0.0.0/8" ]; - description = lib.mdDoc '' + description = '' Allowed client IP ranges are evaluated first, defaults to ARIN IPv4 private ranges: [ "192.168.0.0/16" "127.0.0.0/8" "172.16.0.0/12" "10.0.0.0/8" ] ''; @@ -100,7 +100,7 @@ let deniedIPRanges = mkOption { type = with types; listOf str; default = [ "0.0.0.0/0" ]; - description = lib.mdDoc '' + description = '' Denied client IP ranges, these gets evaluated after the allowed IP ranges, defaults to all IPv4 addresses: [ "0.0.0.0/0" ] To block all other access than the allowed. @@ -139,7 +139,7 @@ in services.nylon = mkOption { default = {}; - description = lib.mdDoc "Collection of named nylon instances"; + description = "Collection of named nylon instances"; type = with types; attrsOf (submodule nylonOpts); internal = true; }; diff --git a/nixos/modules/services/networking/ocserv.nix b/nixos/modules/services/networking/ocserv.nix index 3c61d56b893e9..afdd8254ffd22 100644 --- a/nixos/modules/services/networking/ocserv.nix +++ b/nixos/modules/services/networking/ocserv.nix @@ -10,12 +10,12 @@ in { options.services.ocserv = { - enable = mkEnableOption (lib.mdDoc "ocserv"); + enable = mkEnableOption "ocserv"; config = mkOption { type = types.lines; - description = lib.mdDoc '' + description = '' Configuration content to start an OCServ server. For a full configuration reference,please refer to the online documentation diff --git a/nixos/modules/services/networking/ofono.nix b/nixos/modules/services/networking/ofono.nix index 960fc35a70acd..460b06443c412 100644 --- a/nixos/modules/services/networking/ofono.nix +++ b/nixos/modules/services/networking/ofono.nix @@ -19,13 +19,13 @@ in ###### interface options = { services.ofono = { - enable = mkEnableOption (lib.mdDoc "Ofono"); + enable = mkEnableOption "Ofono"; plugins = mkOption { type = types.listOf types.package; default = []; example = literalExpression "[ pkgs.modem-manager-gui ]"; - description = lib.mdDoc '' + description = '' The list of plugins to install. ''; }; diff --git a/nixos/modules/services/networking/oidentd.nix b/nixos/modules/services/networking/oidentd.nix index 7c7883c94611c..feb84806ba99c 100644 --- a/nixos/modules/services/networking/oidentd.nix +++ b/nixos/modules/services/networking/oidentd.nix @@ -11,7 +11,7 @@ with lib; services.oidentd.enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to enable ‘oidentd’, an implementation of the Ident protocol (RFC 1413). It allows remote systems to identify the name of the user associated with a TCP connection. diff --git a/nixos/modules/services/networking/onedrive.nix b/nixos/modules/services/networking/onedrive.nix index d782ec05352b7..0c4e27507c1c6 100644 --- a/nixos/modules/services/networking/onedrive.nix +++ b/nixos/modules/services/networking/onedrive.nix @@ -26,13 +26,13 @@ in { ### Interface options.services.onedrive = { - enable = lib.mkEnableOption (lib.mdDoc "OneDrive service"); + enable = lib.mkEnableOption "OneDrive service"; package = lib.mkOption { type = lib.types.package; default = pkgs.onedrive; defaultText = lib.literalExpression "pkgs.onedrive"; - description = lib.mdDoc '' + description = '' OneDrive package to use. ''; }; diff --git a/nixos/modules/services/networking/openconnect.nix b/nixos/modules/services/networking/openconnect.nix index d2730faf9381c..e2c06943e1d72 100644 --- a/nixos/modules/services/networking/openconnect.nix +++ b/nixos/modules/services/networking/openconnect.nix @@ -11,25 +11,25 @@ let options = { autoStart = mkOption { default = true; - description = lib.mdDoc "Whether this VPN connection should be started automatically."; + description = "Whether this VPN connection should be started automatically."; type = types.bool; }; gateway = mkOption { - description = lib.mdDoc "Gateway server to connect to."; + description = "Gateway server to connect to."; example = "gateway.example.com"; type = types.str; }; protocol = mkOption { - description = lib.mdDoc "Protocol to use."; + description = "Protocol to use."; example = "anyconnect"; type = types.enum [ "anyconnect" "array" "nc" "pulse" "gp" "f5" "fortinet" ]; }; user = mkOption { - description = lib.mdDoc "Username to authenticate with."; + description = "Username to authenticate with."; example = "example-user"; type = types.nullOr types.str; default = null; @@ -39,7 +39,7 @@ let # set an authentication cookie, because they have to be requested # for every new connection and would only work once. passwordFile = mkOption { - description = lib.mdDoc '' + description = '' File containing the password to authenticate with. This is passed to `openconnect` via the `--passwd-on-stdin` option. @@ -50,21 +50,21 @@ let }; certificate = mkOption { - description = lib.mdDoc "Certificate to authenticate with."; + description = "Certificate to authenticate with."; default = null; example = "/var/lib/secrets/openconnect_certificate.pem"; type = with types; nullOr (either path pkcs11); }; privateKey = mkOption { - description = lib.mdDoc "Private key to authenticate with."; + description = "Private key to authenticate with."; example = "/var/lib/secrets/openconnect_private_key.pem"; default = null; type = with types; nullOr (either path pkcs11); }; extraOptions = mkOption { - description = lib.mdDoc '' + description = '' Extra config to be appended to the interface config. It should contain long-format options as would be accepted on the command line by `openconnect` @@ -120,7 +120,7 @@ in { package = mkPackageOption pkgs "openconnect" { }; interfaces = mkOption { - description = lib.mdDoc "OpenConnect interfaces."; + description = "OpenConnect interfaces."; default = { }; example = { openconnect0 = { diff --git a/nixos/modules/services/networking/openvpn.nix b/nixos/modules/services/networking/openvpn.nix index 9a5866f2afd40..4a00cdc649754 100644 --- a/nixos/modules/services/networking/openvpn.nix +++ b/nixos/modules/services/networking/openvpn.nix @@ -124,7 +124,7 @@ in } ''; - description = lib.mdDoc '' + description = '' Each attribute of this option defines a systemd service that runs an OpenVPN instance. These can be OpenVPN servers or clients. The name of each systemd service is @@ -139,7 +139,7 @@ in config = mkOption { type = types.lines; - description = lib.mdDoc '' + description = '' Configuration of this OpenVPN instance. See {manpage}`openvpn(8)` for details. @@ -152,7 +152,7 @@ in up = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Shell commands executed when the instance is starting. ''; }; @@ -160,7 +160,7 @@ in down = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Shell commands executed when the instance is shutting down. ''; }; @@ -168,13 +168,13 @@ in autoStart = mkOption { default = true; type = types.bool; - description = lib.mdDoc "Whether this OpenVPN instance should be started automatically."; + description = "Whether this OpenVPN instance should be started automatically."; }; updateResolvConf = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Use the script from the update-resolv-conf package to automatically update resolv.conf with the DNS information provided by openvpn. The script will be run after the "up" commands and before the "down" commands. @@ -183,7 +183,7 @@ in authUserPass = mkOption { default = null; - description = lib.mdDoc '' + description = '' This option can be used to store the username / password credentials with the "auth-user-pass" authentication method. @@ -193,12 +193,12 @@ in options = { username = mkOption { - description = lib.mdDoc "The username to store inside the credentials file."; + description = "The username to store inside the credentials file."; type = types.str; }; password = mkOption { - description = lib.mdDoc "The password to store inside the credentials file."; + description = "The password to store inside the credentials file."; type = types.str; }; }; @@ -213,7 +213,7 @@ in services.openvpn.restartAfterSleep = mkOption { default = true; type = types.bool; - description = lib.mdDoc "Whether OpenVPN client should be restarted after sleep."; + description = "Whether OpenVPN client should be restarted after sleep."; }; }; diff --git a/nixos/modules/services/networking/ostinato.nix b/nixos/modules/services/networking/ostinato.nix index dc07313ea901c..635c4e9bc0fa6 100644 --- a/nixos/modules/services/networking/ostinato.nix +++ b/nixos/modules/services/networking/ostinato.nix @@ -26,12 +26,12 @@ in services.ostinato = { - enable = mkEnableOption (lib.mdDoc "Ostinato agent-controller (Drone)"); + enable = mkEnableOption "Ostinato agent-controller (Drone)"; port = mkOption { type = types.port; default = 7878; - description = lib.mdDoc '' + description = '' Port to listen on. ''; }; @@ -39,7 +39,7 @@ in rateAccuracy = mkOption { type = types.enum [ "High" "Low" ]; default = "High"; - description = lib.mdDoc '' + description = '' To ensure that the actual transmit rate is as close as possible to the configured transmit rate, Drone runs a busy-wait loop. While this provides the maximum accuracy possible, the CPU @@ -52,7 +52,7 @@ in address = mkOption { type = types.str; default = "0.0.0.0"; - description = lib.mdDoc '' + description = '' By default, the Drone RPC server will listen on all interfaces and local IPv4 addresses for incoming connections from clients. Specify a single IPv4 or IPv6 address if you want to restrict that. @@ -66,7 +66,7 @@ in type = types.listOf types.str; default = []; example = [ "eth*" "lo*" ]; - description = lib.mdDoc '' + description = '' For a port to pass the filter and appear on the port list managed by drone, it be allowed by this include list. ''; @@ -75,7 +75,7 @@ in type = types.listOf types.str; default = []; example = [ "usbmon*" "eth0" ]; - description = lib.mdDoc '' + description = '' A list of ports does not appear on the port list managed by drone. ''; }; diff --git a/nixos/modules/services/networking/owamp.nix b/nixos/modules/services/networking/owamp.nix index 32b2dab9e3c74..45907f7d6e9a7 100644 --- a/nixos/modules/services/networking/owamp.nix +++ b/nixos/modules/services/networking/owamp.nix @@ -10,7 +10,7 @@ in ###### interface options = { - services.owamp.enable = mkEnableOption (lib.mdDoc "OWAMP server"); + services.owamp.enable = mkEnableOption "OWAMP server"; }; diff --git a/nixos/modules/services/networking/pdns-recursor.nix b/nixos/modules/services/networking/pdns-recursor.nix index f929532ba09fc..a03a20e6bc6dc 100644 --- a/nixos/modules/services/networking/pdns-recursor.nix +++ b/nixos/modules/services/networking/pdns-recursor.nix @@ -27,12 +27,12 @@ let in { options.services.pdns-recursor = { - enable = mkEnableOption (lib.mdDoc "PowerDNS Recursor, a recursive DNS server"); + enable = mkEnableOption "PowerDNS Recursor, a recursive DNS server"; dns.address = mkOption { type = oneOrMore types.str; default = [ "::" "0.0.0.0" ]; - description = lib.mdDoc '' + description = '' IP addresses Recursor DNS server will bind to. ''; }; @@ -40,7 +40,7 @@ in { dns.port = mkOption { type = types.port; default = 53; - description = lib.mdDoc '' + description = '' Port number Recursor DNS server will bind to. ''; }; @@ -53,7 +53,7 @@ in { "::1/128" "fc00::/7" "fe80::/10" ]; example = [ "0.0.0.0/0" "::/0" ]; - description = lib.mdDoc '' + description = '' IP address ranges of clients allowed to make DNS queries. ''; }; @@ -61,7 +61,7 @@ in { api.address = mkOption { type = types.str; default = "0.0.0.0"; - description = lib.mdDoc '' + description = '' IP address Recursor REST API server will bind to. ''; }; @@ -69,7 +69,7 @@ in { api.port = mkOption { type = types.port; default = 8082; - description = lib.mdDoc '' + description = '' Port number Recursor REST API server will bind to. ''; }; @@ -78,7 +78,7 @@ in { type = types.listOf types.str; default = [ "127.0.0.1" "::1" ]; example = [ "0.0.0.0/0" "::/0" ]; - description = lib.mdDoc '' + description = '' IP address ranges of clients allowed to make API requests. ''; }; @@ -86,7 +86,7 @@ in { exportHosts = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to export names and IP addresses defined in /etc/hosts. ''; }; @@ -94,7 +94,7 @@ in { forwardZones = mkOption { type = types.attrs; default = {}; - description = lib.mdDoc '' + description = '' DNS zones to be forwarded to other authoritative servers. ''; }; @@ -103,7 +103,7 @@ in { type = types.attrs; example = { eth = "[::1]:5353"; }; default = {}; - description = lib.mdDoc '' + description = '' DNS zones to be forwarded to other recursive servers. ''; }; @@ -111,7 +111,7 @@ in { dnssecValidation = mkOption { type = types.enum ["off" "process-no-validate" "process" "log-fail" "validate"]; default = "validate"; - description = lib.mdDoc '' + description = '' Controls the level of DNSSEC processing done by the PowerDNS Recursor. See https://doc.powerdns.com/md/recursor/dnssec/ for a detailed explanation. ''; @@ -120,7 +120,7 @@ in { serveRFC1918 = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to directly resolve the RFC1918 reverse-mapping domains: `10.in-addr.arpa`, `168.192.in-addr.arpa`, @@ -138,7 +138,7 @@ in { log-common-errors = true; } ''; - description = lib.mdDoc '' + description = '' PowerDNS Recursor settings. Use this option to configure Recursor settings not exposed in a NixOS option or to bypass one. See the full documentation at @@ -150,7 +150,7 @@ in { luaConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' The content Lua configuration file for PowerDNS Recursor. See <https://doc.powerdns.com/recursor/lua-config/index.html>. ''; diff --git a/nixos/modules/services/networking/pdnsd.nix b/nixos/modules/services/networking/pdnsd.nix index 8fe27a44eee62..50b9b9d202891 100644 --- a/nixos/modules/services/networking/pdnsd.nix +++ b/nixos/modules/services/networking/pdnsd.nix @@ -24,18 +24,18 @@ in { options = { services.pdnsd = - { enable = mkEnableOption (lib.mdDoc "pdnsd"); + { enable = mkEnableOption "pdnsd"; cacheDir = mkOption { type = types.str; default = "/var/cache/pdnsd"; - description = lib.mdDoc "Directory holding the pdnsd cache"; + description = "Directory holding the pdnsd cache"; }; globalConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Global configuration that should be added to the global directory of `pdnsd.conf`. ''; @@ -44,7 +44,7 @@ in serverConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Server configuration that should be added to the server directory of `pdnsd.conf`. ''; @@ -53,7 +53,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Extra configuration directives that should be added to `pdnsd.conf`. ''; diff --git a/nixos/modules/services/networking/peroxide.nix b/nixos/modules/services/networking/peroxide.nix index 34c82e2c8b039..582e25fbacc9a 100644 --- a/nixos/modules/services/networking/peroxide.nix +++ b/nixos/modules/services/networking/peroxide.nix @@ -9,7 +9,7 @@ let in { options.services.peroxide = { - enable = mkEnableOption (lib.mdDoc "peroxide"); + enable = mkEnableOption "peroxide"; package = mkPackageOption pkgs "peroxide" { default = [ "peroxide" ]; @@ -20,7 +20,7 @@ in type = types.enum [ "Panic" "Fatal" "Error" "Warning" "Info" "Debug" "Trace" ]; default = "Warning"; example = "Info"; - description = lib.mdDoc "Only log messages of this priority or higher."; + description = "Only log messages of this priority or higher."; }; settings = mkOption { @@ -31,25 +31,25 @@ in UserPortImap = mkOption { type = types.port; default = 1143; - description = lib.mdDoc "The port on which to listen for IMAP connections."; + description = "The port on which to listen for IMAP connections."; }; UserPortSmtp = mkOption { type = types.port; default = 1025; - description = lib.mdDoc "The port on which to listen for SMTP connections."; + description = "The port on which to listen for SMTP connections."; }; ServerAddress = mkOption { type = types.str; default = "[::0]"; example = "localhost"; - description = lib.mdDoc "The address on which to listen for connections."; + description = "The address on which to listen for connections."; }; }; }; default = { }; - description = lib.mdDoc '' + description = '' Configuration for peroxide. See [config.example.yaml](https://github.com/ljanyst/peroxide/blob/master/config.example.yaml) for an example configuration. diff --git a/nixos/modules/services/networking/picosnitch.nix b/nixos/modules/services/networking/picosnitch.nix index c9b38c1929ca1..bdbb1e691227f 100644 --- a/nixos/modules/services/networking/picosnitch.nix +++ b/nixos/modules/services/networking/picosnitch.nix @@ -7,7 +7,7 @@ let in { options.services.picosnitch = { - enable = mkEnableOption (lib.mdDoc "picosnitch daemon"); + enable = mkEnableOption "picosnitch daemon"; }; config = mkIf cfg.enable { environment.systemPackages = [ pkgs.picosnitch ]; diff --git a/nixos/modules/services/networking/pixiecore.nix b/nixos/modules/services/networking/pixiecore.nix index 1f47a1d0b631d..e61d32e136095 100644 --- a/nixos/modules/services/networking/pixiecore.nix +++ b/nixos/modules/services/networking/pixiecore.nix @@ -10,18 +10,18 @@ in options = { services.pixiecore = { - enable = mkEnableOption (lib.mdDoc "Pixiecore"); + enable = mkEnableOption "Pixiecore"; openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Open ports (67, 69, 4011 UDP and 'port', 'statusPort' TCP) in the firewall for Pixiecore. ''; }; mode = mkOption { - description = lib.mdDoc "Which mode to use"; + description = "Which mode to use"; default = "boot"; type = types.enum [ "api" "boot" "quick" ]; }; @@ -29,17 +29,17 @@ in debug = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Log more things that aren't directly related to booting a recognized client"; + description = "Log more things that aren't directly related to booting a recognized client"; }; dhcpNoBind = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Handle DHCP traffic without binding to the DHCP server port"; + description = "Handle DHCP traffic without binding to the DHCP server port"; }; quick = mkOption { - description = lib.mdDoc "Which quick option to use"; + description = "Which quick option to use"; default = "xyz"; type = types.enum [ "arch" "centos" "coreos" "debian" "fedora" "ubuntu" "xyz" ]; }; @@ -47,49 +47,49 @@ in kernel = mkOption { type = types.str or types.path; default = ""; - description = lib.mdDoc "Kernel path. Ignored unless mode is set to 'boot'"; + description = "Kernel path. Ignored unless mode is set to 'boot'"; }; initrd = mkOption { type = types.str or types.path; default = ""; - description = lib.mdDoc "Initrd path. Ignored unless mode is set to 'boot'"; + description = "Initrd path. Ignored unless mode is set to 'boot'"; }; cmdLine = mkOption { type = types.str; default = ""; - description = lib.mdDoc "Kernel commandline arguments. Ignored unless mode is set to 'boot'"; + description = "Kernel commandline arguments. Ignored unless mode is set to 'boot'"; }; listen = mkOption { type = types.str; default = "0.0.0.0"; - description = lib.mdDoc "IPv4 address to listen on"; + description = "IPv4 address to listen on"; }; port = mkOption { type = types.port; default = 80; - description = lib.mdDoc "Port to listen on for HTTP"; + description = "Port to listen on for HTTP"; }; statusPort = mkOption { type = types.port; default = 80; - description = lib.mdDoc "HTTP port for status information (can be the same as --port)"; + description = "HTTP port for status information (can be the same as --port)"; }; apiServer = mkOption { type = types.str; example = "localhost:8080"; - description = lib.mdDoc "host:port to connect to the API. Ignored unless mode is set to 'api'"; + description = "host:port to connect to the API. Ignored unless mode is set to 'api'"; }; extraArguments = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc "Additional command line arguments to pass to Pixiecore"; + description = "Additional command line arguments to pass to Pixiecore"; }; }; }; diff --git a/nixos/modules/services/networking/pleroma.nix b/nixos/modules/services/networking/pleroma.nix index 8470f5e9cbc0c..a152b72143dae 100644 --- a/nixos/modules/services/networking/pleroma.nix +++ b/nixos/modules/services/networking/pleroma.nix @@ -4,32 +4,32 @@ let in { options = { services.pleroma = with lib; { - enable = mkEnableOption (lib.mdDoc "pleroma"); + enable = mkEnableOption "pleroma"; package = mkPackageOption pkgs "pleroma" { }; user = mkOption { type = types.str; default = "pleroma"; - description = lib.mdDoc "User account under which pleroma runs."; + description = "User account under which pleroma runs."; }; group = mkOption { type = types.str; default = "pleroma"; - description = lib.mdDoc "Group account under which pleroma runs."; + description = "Group account under which pleroma runs."; }; stateDir = mkOption { type = types.str; default = "/var/lib/pleroma"; readOnly = true; - description = lib.mdDoc "Directory where the pleroma service will save the uploads and static files."; + description = "Directory where the pleroma service will save the uploads and static files."; }; configs = mkOption { type = with types; listOf str; - description = lib.mdDoc '' + description = '' Pleroma public configuration. This list gets appended from left to @@ -54,7 +54,7 @@ in { secretConfigFile = mkOption { type = types.str; default = "/var/lib/pleroma/secrets.exs"; - description = lib.mdDoc '' + description = '' Path to the file containing your secret pleroma configuration. *DO NOT POINT THIS OPTION TO THE NIX diff --git a/nixos/modules/services/networking/polipo.nix b/nixos/modules/services/networking/polipo.nix index 8581553829bfa..e9cac7181b5cb 100644 --- a/nixos/modules/services/networking/polipo.nix +++ b/nixos/modules/services/networking/polipo.nix @@ -23,25 +23,25 @@ in services.polipo = { - enable = mkEnableOption (lib.mdDoc "polipo caching web proxy"); + enable = mkEnableOption "polipo caching web proxy"; proxyAddress = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc "IP address on which Polipo will listen."; + description = "IP address on which Polipo will listen."; }; proxyPort = mkOption { type = types.port; default = 8123; - description = lib.mdDoc "TCP port on which Polipo will listen."; + description = "TCP port on which Polipo will listen."; }; allowedClients = mkOption { type = types.listOf types.str; default = [ "127.0.0.1" "::1" ]; example = [ "127.0.0.1" "::1" "134.157.168.0/24" "2001:660:116::/48" ]; - description = lib.mdDoc '' + description = '' List of IP addresses or network addresses that may connect to Polipo. ''; }; @@ -50,7 +50,7 @@ in type = types.str; default = ""; example = "localhost:8124"; - description = lib.mdDoc '' + description = '' Hostname and port number of an HTTP parent proxy; it should have the form ‘host:port’. ''; @@ -60,7 +60,7 @@ in type = types.str; default = ""; example = "localhost:9050"; - description = lib.mdDoc '' + description = '' Hostname and port number of an SOCKS parent proxy; it should have the form ‘host:port’. ''; @@ -69,7 +69,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Polio configuration. Contents will be added verbatim to the configuration file. ''; diff --git a/nixos/modules/services/networking/powerdns.nix b/nixos/modules/services/networking/powerdns.nix index 03bf93301d85d..bd8d08bc878cb 100644 --- a/nixos/modules/services/networking/powerdns.nix +++ b/nixos/modules/services/networking/powerdns.nix @@ -9,12 +9,12 @@ let in { options = { services.powerdns = { - enable = mkEnableOption (lib.mdDoc "PowerDNS domain name server"); + enable = mkEnableOption "PowerDNS domain name server"; extraConfig = mkOption { type = types.lines; default = "launch=bind"; - description = lib.mdDoc '' + description = '' PowerDNS configuration. Refer to <https://doc.powerdns.com/authoritative/settings.html> for details on supported values. @@ -25,7 +25,7 @@ in { type = types.nullOr types.path; default = null; example = "/run/keys/powerdns.env"; - description = lib.mdDoc '' + description = '' Environment variables from this file will be interpolated into the final config file using envsubst with this syntax: `$ENVIRONMENT` or `''${VARIABLE}`. diff --git a/nixos/modules/services/networking/pppd.nix b/nixos/modules/services/networking/pppd.nix index 855b5358f47f6..d937456efddd4 100644 --- a/nixos/modules/services/networking/pppd.nix +++ b/nixos/modules/services/networking/pppd.nix @@ -12,13 +12,13 @@ in options = { services.pppd = { - enable = mkEnableOption (lib.mdDoc "pppd"); + enable = mkEnableOption "pppd"; package = mkPackageOption pkgs "ppp" { }; peers = mkOption { default = {}; - description = lib.mdDoc "pppd peers."; + description = "pppd peers."; type = types.attrsOf (types.submodule ( { name, ... }: { @@ -27,27 +27,27 @@ in type = types.str; default = name; example = "dialup"; - description = lib.mdDoc "Name of the PPP peer."; + description = "Name of the PPP peer."; }; enable = mkOption { type = types.bool; default = true; example = false; - description = lib.mdDoc "Whether to enable this PPP peer."; + description = "Whether to enable this PPP peer."; }; autostart = mkOption { type = types.bool; default = true; example = false; - description = lib.mdDoc "Whether the PPP session is automatically started at boot time."; + description = "Whether the PPP session is automatically started at boot time."; }; config = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "pppd configuration for this peer, see the pppd(8) man page."; + description = "pppd configuration for this peer, see the pppd(8) man page."; }; }; })); diff --git a/nixos/modules/services/networking/pptpd.nix b/nixos/modules/services/networking/pptpd.nix index 703dda99803e2..b28015800f3cf 100644 --- a/nixos/modules/services/networking/pptpd.nix +++ b/nixos/modules/services/networking/pptpd.nix @@ -5,35 +5,35 @@ with lib; { options = { services.pptpd = { - enable = mkEnableOption (lib.mdDoc "pptpd, the Point-to-Point Tunneling Protocol daemon"); + enable = mkEnableOption "pptpd, the Point-to-Point Tunneling Protocol daemon"; serverIp = mkOption { type = types.str; - description = lib.mdDoc "The server-side IP address."; + description = "The server-side IP address."; default = "10.124.124.1"; }; clientIpRange = mkOption { type = types.str; - description = lib.mdDoc "The range from which client IPs are drawn."; + description = "The range from which client IPs are drawn."; default = "10.124.124.2-11"; }; maxClients = mkOption { type = types.int; - description = lib.mdDoc "The maximum number of simultaneous connections."; + description = "The maximum number of simultaneous connections."; default = 10; }; extraPptpdOptions = mkOption { type = types.lines; - description = lib.mdDoc "Adds extra lines to the pptpd configuration file."; + description = "Adds extra lines to the pptpd configuration file."; default = ""; }; extraPppdOptions = mkOption { type = types.lines; - description = lib.mdDoc "Adds extra lines to the pppd options file."; + description = "Adds extra lines to the pppd options file."; default = ""; example = '' ms-dns 8.8.8.8 diff --git a/nixos/modules/services/networking/privoxy.nix b/nixos/modules/services/networking/privoxy.nix index 619490a4c020c..d40dd603085a9 100644 --- a/nixos/modules/services/networking/privoxy.nix +++ b/nixos/modules/services/networking/privoxy.nix @@ -53,12 +53,12 @@ in options.services.privoxy = { - enable = mkEnableOption (lib.mdDoc "Privoxy, non-caching filtering proxy"); + enable = mkEnableOption "Privoxy, non-caching filtering proxy"; enableTor = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to configure Privoxy to use Tor's faster SOCKS port, suitable for HTTP. ''; @@ -67,7 +67,7 @@ in inspectHttps = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to configure Privoxy to inspect HTTPS requests, meaning all encrypted traffic will be filtered as well. This works by decrypting and re-encrypting the requests using a per-domain generated certificate. @@ -89,7 +89,7 @@ in type = ageType; default = "10d"; example = "12h"; - description = lib.mdDoc '' + description = '' If `inspectHttps` is enabled, the time generated HTTPS certificates will be stored in a temporary directory for reuse. Once the lifetime has expired the directory will cleared and the certificate @@ -108,7 +108,7 @@ in userActions = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Actions to be included in a `user.action` file. This will have a higher priority and can be used to override all other actions. @@ -118,7 +118,7 @@ in userFilters = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Filters to be included in a `user.filter` file. This will have a higher priority and can be used to override all other filters definitions. @@ -132,13 +132,13 @@ in options.listen-address = mkOption { type = types.str; default = "127.0.0.1:8118"; - description = lib.mdDoc "Pair of address:port the proxy server is listening to."; + description = "Pair of address:port the proxy server is listening to."; }; options.enable-edit-actions = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether the web-based actions file editor may be used."; + description = "Whether the web-based actions file editor may be used."; }; options.actionsfile = mkOption { @@ -148,7 +148,7 @@ in apply = x: x ++ optional (cfg.userActions != "") (toString (pkgs.writeText "user.actions" cfg.userActions)); default = [ "match-all.action" "default.action" ]; - description = lib.mdDoc '' + description = '' List of paths to Privoxy action files. These paths may either be absolute or relative to the privoxy configuration directory. ''; @@ -159,7 +159,7 @@ in default = [ "default.filter" ]; apply = x: x ++ optional (cfg.userFilters != "") (toString (pkgs.writeText "user.filter" cfg.userFilters)); - description = lib.mdDoc '' + description = '' List of paths to Privoxy filter files. These paths may either be absolute or relative to the privoxy configuration directory. ''; @@ -181,7 +181,7 @@ in # debug 64 } ''; - description = lib.mdDoc '' + description = '' This option is mapped to the main Privoxy configuration file. Check out the Privoxy user manual at <https://www.privoxy.org/user-manual/config.html> diff --git a/nixos/modules/services/networking/prosody.nix b/nixos/modules/services/networking/prosody.nix index 2952df2a10993..0de07a9b870c6 100644 --- a/nixos/modules/services/networking/prosody.nix +++ b/nixos/modules/services/networking/prosody.nix @@ -10,19 +10,19 @@ let key = mkOption { type = types.path; - description = lib.mdDoc "Path to the key file."; + description = "Path to the key file."; }; # TODO: rename to certificate to match the prosody config cert = mkOption { type = types.path; - description = lib.mdDoc "Path to the certificate file."; + description = "Path to the certificate file."; }; extraOptions = mkOption { type = types.attrs; default = {}; - description = lib.mdDoc "Extra SSL configuration options."; + description = "Extra SSL configuration options."; }; }; @@ -32,11 +32,11 @@ let options = { url = mkOption { type = types.str; - description = lib.mdDoc "URL of the endpoint you want to make discoverable"; + description = "URL of the endpoint you want to make discoverable"; }; description = mkOption { type = types.str; - description = lib.mdDoc "A short description of the endpoint you want to advertise"; + description = "A short description of the endpoint you want to advertise"; }; }; }; @@ -46,216 +46,216 @@ let roster = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Allow users to have a roster"; + description = "Allow users to have a roster"; }; saslauth = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Authentication for clients and servers. Recommended if you want to log in."; + description = "Authentication for clients and servers. Recommended if you want to log in."; }; tls = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Add support for secure TLS on c2s/s2s connections"; + description = "Add support for secure TLS on c2s/s2s connections"; }; dialback = mkOption { type = types.bool; default = true; - description = lib.mdDoc "s2s dialback support"; + description = "s2s dialback support"; }; disco = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Service discovery"; + description = "Service discovery"; }; # Not essential, but recommended carbons = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Keep multiple clients in sync"; + description = "Keep multiple clients in sync"; }; csi = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Implements the CSI protocol that allows clients to report their active/inactive state to the server"; + description = "Implements the CSI protocol that allows clients to report their active/inactive state to the server"; }; cloud_notify = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Push notifications to inform users of new messages or other pertinent information even when they have no XMPP clients online"; + description = "Push notifications to inform users of new messages or other pertinent information even when they have no XMPP clients online"; }; pep = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Enables users to publish their mood, activity, playing music and more"; + description = "Enables users to publish their mood, activity, playing music and more"; }; private = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Private XML storage (for room bookmarks, etc.)"; + description = "Private XML storage (for room bookmarks, etc.)"; }; blocklist = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Allow users to block communications with other users"; + description = "Allow users to block communications with other users"; }; vcard = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Allow users to set vCards"; + description = "Allow users to set vCards"; }; vcard_legacy = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Converts users profiles and Avatars between old and new formats"; + description = "Converts users profiles and Avatars between old and new formats"; }; bookmarks = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Allows interop between older clients that use XEP-0048: Bookmarks in its 1.0 version and recent clients which use it in PEP"; + description = "Allows interop between older clients that use XEP-0048: Bookmarks in its 1.0 version and recent clients which use it in PEP"; }; # Nice to have version = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Replies to server version requests"; + description = "Replies to server version requests"; }; uptime = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Report how long server has been running"; + description = "Report how long server has been running"; }; time = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Let others know the time here on this server"; + description = "Let others know the time here on this server"; }; ping = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Replies to XMPP pings with pongs"; + description = "Replies to XMPP pings with pongs"; }; register = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Allow users to register on this server using a client and change passwords"; + description = "Allow users to register on this server using a client and change passwords"; }; mam = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Store messages in an archive and allow users to access it"; + description = "Store messages in an archive and allow users to access it"; }; smacks = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Allow a client to resume a disconnected session, and prevent message loss"; + description = "Allow a client to resume a disconnected session, and prevent message loss"; }; # Admin interfaces admin_adhoc = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Allows administration via an XMPP client that supports ad-hoc commands"; + description = "Allows administration via an XMPP client that supports ad-hoc commands"; }; http_files = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Serve static files from a directory over HTTP"; + description = "Serve static files from a directory over HTTP"; }; proxy65 = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Enables a file transfer proxy service which clients behind NAT can use"; + description = "Enables a file transfer proxy service which clients behind NAT can use"; }; admin_telnet = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Opens telnet console interface on localhost port 5582"; + description = "Opens telnet console interface on localhost port 5582"; }; # HTTP modules bosh = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable BOSH clients, aka 'Jabber over HTTP'"; + description = "Enable BOSH clients, aka 'Jabber over HTTP'"; }; websocket = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable WebSocket support"; + description = "Enable WebSocket support"; }; # Other specific functionality limits = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable bandwidth limiting for XMPP connections"; + description = "Enable bandwidth limiting for XMPP connections"; }; groups = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Shared roster support"; + description = "Shared roster support"; }; server_contact_info = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Publish contact information for this service"; + description = "Publish contact information for this service"; }; announce = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Send announcement to all online users"; + description = "Send announcement to all online users"; }; welcome = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Welcome users who register accounts"; + description = "Welcome users who register accounts"; }; watchregistrations = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Alert admins of registrations"; + description = "Alert admins of registrations"; }; motd = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Send a message to users when they log in"; + description = "Send a message to users when they log in"; }; legacyauth = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Legacy authentication. Only used by some old clients and bots"; + description = "Legacy authentication. Only used by some old clients and bots"; }; }; @@ -279,27 +279,27 @@ let options = { domain = mkOption { type = types.str; - description = lib.mdDoc "Domain name of the MUC"; + description = "Domain name of the MUC"; }; name = mkOption { type = types.str; - description = lib.mdDoc "The name to return in service discovery responses for the MUC service itself"; + description = "The name to return in service discovery responses for the MUC service itself"; default = "Prosody Chatrooms"; }; restrictRoomCreation = mkOption { type = types.enum [ true false "admin" "local" ]; default = false; - description = lib.mdDoc "Restrict room creation to server admins"; + description = "Restrict room creation to server admins"; }; maxHistoryMessages = mkOption { type = types.int; default = 20; - description = lib.mdDoc "Specifies a limit on what each room can be configured to keep"; + description = "Specifies a limit on what each room can be configured to keep"; }; roomLocking = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Enables room locking, which means that a room must be configured before it can be used. Locked rooms are invisible and cannot be entered by anyone but the creator @@ -308,7 +308,7 @@ let roomLockTimeout = mkOption { type = types.int; default = 300; - description = lib.mdDoc '' + description = '' Timeout after which the room is destroyed or unlocked if not configured, in seconds ''; @@ -316,7 +316,7 @@ let tombstones = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' When a room is destroyed, it leaves behind a tombstone which prevents the room being entered or recreated. It also allows anyone who was not in the room at the time it was destroyed @@ -329,7 +329,7 @@ let tombstoneExpiry = mkOption { type = types.int; default = 2678400; - description = lib.mdDoc '' + description = '' This settings controls how long a tombstone is considered valid. It defaults to 31 days. After this time, the room in question can be created again. @@ -339,7 +339,7 @@ let vcard_muc = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Adds the ability to set vCard for Multi User Chat rooms"; + description = "Adds the ability to set vCard for Multi User Chat rooms"; }; # Extra parameters. Defaulting to prosody default values. @@ -350,42 +350,42 @@ let roomDefaultPublic = mkOption { type = types.bool; default = true; - description = lib.mdDoc "If set, the MUC rooms will be public by default."; + description = "If set, the MUC rooms will be public by default."; }; roomDefaultMembersOnly = mkOption { type = types.bool; default = false; - description = lib.mdDoc "If set, the MUC rooms will only be accessible to the members by default."; + description = "If set, the MUC rooms will only be accessible to the members by default."; }; roomDefaultModerated = mkOption { type = types.bool; default = false; - description = lib.mdDoc "If set, the MUC rooms will be moderated by default."; + description = "If set, the MUC rooms will be moderated by default."; }; roomDefaultPublicJids = mkOption { type = types.bool; default = false; - description = lib.mdDoc "If set, the MUC rooms will display the public JIDs by default."; + description = "If set, the MUC rooms will display the public JIDs by default."; }; roomDefaultChangeSubject = mkOption { type = types.bool; default = false; - description = lib.mdDoc "If set, the rooms will display the public JIDs by default."; + description = "If set, the rooms will display the public JIDs by default."; }; roomDefaultHistoryLength = mkOption { type = types.int; default = 20; - description = lib.mdDoc "Number of history message sent to participants by default."; + description = "Number of history message sent to participants by default."; }; roomDefaultLanguage = mkOption { type = types.str; default = "en"; - description = lib.mdDoc "Default room language."; + description = "Default room language."; }; extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Additional MUC specific configuration"; + description = "Additional MUC specific configuration"; }; }; }; @@ -394,30 +394,30 @@ let options = { domain = mkOption { type = types.nullOr types.str; - description = lib.mdDoc "Domain name for the http-upload service"; + description = "Domain name for the http-upload service"; }; uploadFileSizeLimit = mkOption { type = types.str; default = "50 * 1024 * 1024"; - description = lib.mdDoc "Maximum file size, in bytes. Defaults to 50MB."; + description = "Maximum file size, in bytes. Defaults to 50MB."; }; uploadExpireAfter = mkOption { type = types.str; default = "60 * 60 * 24 * 7"; - description = lib.mdDoc "Max age of a file before it gets deleted, in seconds."; + description = "Max age of a file before it gets deleted, in seconds."; }; userQuota = mkOption { type = types.nullOr types.int; default = null; example = 1234; - description = lib.mdDoc '' + description = '' Maximum size of all uploaded files per user, in bytes. There will be no quota if this option is set to null. ''; }; httpUploadPath = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Directory where the uploaded files will be stored. By default, uploaded files are put in a sub-directory of the default Prosody storage path (usually /var/lib/prosody). @@ -434,25 +434,25 @@ let # TODO: require attribute domain = mkOption { type = types.str; - description = lib.mdDoc "Domain name"; + description = "Domain name"; }; enabled = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the virtual host"; + description = "Whether to enable the virtual host"; }; ssl = mkOption { type = types.nullOr (types.submodule sslOpts); default = null; - description = lib.mdDoc "Paths to SSL files"; + description = "Paths to SSL files"; }; extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Additional virtual host specific configuration"; + description = "Additional virtual host specific configuration"; }; }; @@ -472,13 +472,13 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the prosody server"; + description = "Whether to enable the prosody server"; }; xmppComplianceSuite = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' The XEP-0423 defines a set of recommended XEPs to implement for a server. It's generally a good idea to implement this set of extensions if you want to provide your users with a @@ -508,7 +508,7 @@ in dataDir = mkOption { type = types.path; default = "/var/lib/prosody"; - description = lib.mdDoc '' + description = '' The prosody home directory used to store all data. If left as the default value this directory will automatically be created before the prosody server starts, otherwise you are responsible for ensuring the directory exists with appropriate ownership @@ -519,13 +519,13 @@ in disco_items = mkOption { type = types.listOf (types.submodule discoOpts); default = []; - description = lib.mdDoc "List of discoverable items you want to advertise."; + description = "List of discoverable items you want to advertise."; }; user = mkOption { type = types.str; default = "prosody"; - description = lib.mdDoc '' + description = '' User account under which prosody runs. ::: {.note} @@ -539,7 +539,7 @@ in group = mkOption { type = types.str; default = "prosody"; - description = lib.mdDoc '' + description = '' Group account under which prosody runs. ::: {.note} @@ -553,38 +553,38 @@ in allowRegistration = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Allow account creation"; + description = "Allow account creation"; }; # HTTP server-related options httpPorts = mkOption { type = types.listOf types.int; - description = lib.mdDoc "Listening HTTP ports list for this service."; + description = "Listening HTTP ports list for this service."; default = [ 5280 ]; }; httpInterfaces = mkOption { type = types.listOf types.str; default = [ "*" "::" ]; - description = lib.mdDoc "Interfaces on which the HTTP server will listen on."; + description = "Interfaces on which the HTTP server will listen on."; }; httpsPorts = mkOption { type = types.listOf types.int; - description = lib.mdDoc "Listening HTTPS ports list for this service."; + description = "Listening HTTPS ports list for this service."; default = [ 5281 ]; }; httpsInterfaces = mkOption { type = types.listOf types.str; default = [ "*" "::" ]; - description = lib.mdDoc "Interfaces on which the HTTPS server will listen on."; + description = "Interfaces on which the HTTPS server will listen on."; }; c2sRequireEncryption = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Force clients to use encrypted connections? This option will prevent clients from authenticating unless they are using encryption. ''; @@ -593,7 +593,7 @@ in s2sRequireEncryption = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Force servers to use encrypted connections? This option will prevent servers from authenticating unless they are using encryption. Note that this is different from authentication. @@ -603,7 +603,7 @@ in s2sSecureAuth = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Force certificate authentication for server-to-server connections? This provides ideal security, but requires servers you communicate with to support encryption AND present valid, trusted certificates. @@ -615,7 +615,7 @@ in type = types.listOf types.str; default = []; example = [ "insecure.example.com" ]; - description = lib.mdDoc '' + description = '' Some servers have invalid or self-signed certificates. You can list remote domains here that will not be required to authenticate using certificates. They will be authenticated using DNS instead, even @@ -627,7 +627,7 @@ in type = types.listOf types.str; default = []; example = [ "jabber.org" ]; - description = lib.mdDoc '' + description = '' Even if you leave s2s_secure_auth disabled, you can still require valid certificates for some domains by specifying a list here. ''; @@ -639,17 +639,17 @@ in extraModules = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc "Enable custom modules"; + description = "Enable custom modules"; }; extraPluginPaths = mkOption { type = types.listOf types.path; default = []; - description = lib.mdDoc "Additional path in which to look find plugins/modules"; + description = "Additional path in which to look find plugins/modules"; }; uploadHttp = mkOption { - description = lib.mdDoc '' + description = '' Configures the Prosody builtin HTTP server to handle user uploads. ''; type = types.nullOr (types.submodule uploadHttpOpts); @@ -665,12 +665,12 @@ in example = [ { domain = "conference.my-xmpp-example-host.org"; } ]; - description = lib.mdDoc "Multi User Chat (MUC) configuration"; + description = "Multi User Chat (MUC) configuration"; }; virtualHosts = mkOption { - description = lib.mdDoc "Define the virtual hosts"; + description = "Define the virtual hosts"; type = with types; attrsOf (submodule vHostOpts); @@ -693,27 +693,27 @@ in ssl = mkOption { type = types.nullOr (types.submodule sslOpts); default = null; - description = lib.mdDoc "Paths to SSL files"; + description = "Paths to SSL files"; }; admins = mkOption { type = types.listOf types.str; default = []; example = [ "admin1@example.com" "admin2@example.com" ]; - description = lib.mdDoc "List of administrators of the current host"; + description = "List of administrators of the current host"; }; authentication = mkOption { type = types.enum [ "internal_plain" "internal_hashed" "cyrus" "anonymous" ]; default = "internal_hashed"; example = "internal_plain"; - description = lib.mdDoc "Authentication mechanism used for logins."; + description = "Authentication mechanism used for logins."; }; extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Additional prosody configuration"; + description = "Additional prosody configuration"; }; }; diff --git a/nixos/modules/services/networking/quassel.nix b/nixos/modules/services/networking/quassel.nix index 4294d67fffd31..30b61dd9e5996 100644 --- a/nixos/modules/services/networking/quassel.nix +++ b/nixos/modules/services/networking/quassel.nix @@ -17,12 +17,12 @@ in services.quassel = { - enable = mkEnableOption (lib.mdDoc "the Quassel IRC client daemon"); + enable = mkEnableOption "the Quassel IRC client daemon"; certificateFile = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Path to the certificate used for SSL connections with clients. ''; }; @@ -30,7 +30,7 @@ in requireSSL = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Require SSL for connections from clients. ''; }; @@ -40,7 +40,7 @@ in interfaces = mkOption { type = types.listOf types.str; default = [ "127.0.0.1" ]; - description = lib.mdDoc '' + description = '' The interfaces the Quassel daemon will be listening to. If `[ 127.0.0.1 ]`, only clients on the local host can connect to it; if `[ 0.0.0.0 ]`, clients can access it from any network interface. @@ -50,7 +50,7 @@ in portNumber = mkOption { type = types.port; default = 4242; - description = lib.mdDoc '' + description = '' The port number the Quassel daemon will be listening to. ''; }; @@ -61,7 +61,7 @@ in "/home/''${config.${opt.user}}/.config/quassel-irc.org" ''; type = types.str; - description = lib.mdDoc '' + description = '' The directory holding configuration files, the SQlite database and the SSL Cert. ''; }; @@ -69,7 +69,7 @@ in user = mkOption { default = null; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' The existing user the Quassel daemon should run as. If left empty, a default "quassel" user will be created. ''; }; diff --git a/nixos/modules/services/networking/quicktun.nix b/nixos/modules/services/networking/quicktun.nix index 2d44659f20804..b9fc5c8ebdb74 100644 --- a/nixos/modules/services/networking/quicktun.nix +++ b/nixos/modules/services/networking/quicktun.nix @@ -1,7 +1,7 @@ { options, config, pkgs, lib, ... }: let - inherit (lib) mkOption mdDoc types mkIf; + inherit (lib) mkOption types mkIf; opt = options.services.quicktun; cfg = config.services.quicktun; @@ -10,7 +10,7 @@ in options = { services.quicktun = mkOption { default = { }; - description = mdDoc '' + description = '' QuickTun tunnels. See <http://wiki.ucis.nl/QuickTun> for more information about available options. @@ -23,14 +23,14 @@ in type = with types; coercedTo bool (b: if b then 1 else 0) (ints.between 0 1); default = false; example = true; - description = mdDoc "Whether to operate in tun (IP) or tap (Ethernet) mode."; + description = "Whether to operate in tun (IP) or tap (Ethernet) mode."; }; remoteAddress = mkOption { type = types.str; default = "0.0.0.0"; example = "tunnel.example.com"; - description = mdDoc '' + description = '' IP address or hostname of the remote end (use `0.0.0.0` for a floating/dynamic remote endpoint). ''; }; @@ -39,27 +39,27 @@ in type = with types; nullOr str; default = null; example = "0.0.0.0"; - description = mdDoc "IP address or hostname of the local end."; + description = "IP address or hostname of the local end."; }; localPort = mkOption { type = types.port; default = 2998; - description = mdDoc "Local UDP port."; + description = "Local UDP port."; }; remotePort = mkOption { type = types.port; default = qtcfg.localPort; defaultText = lib.literalExpression "config.services.quicktun.<name>.localPort"; - description = mdDoc " remote UDP port"; + description = " remote UDP port"; }; remoteFloat = mkOption { type = with types; coercedTo bool (b: if b then 1 else 0) (ints.between 0 1); default = false; example = true; - description = mdDoc '' + description = '' Whether to allow the remote address and port to change when properly encrypted packets are received. ''; }; @@ -67,13 +67,13 @@ in protocol = mkOption { type = types.enum [ "raw" "nacl0" "nacltai" "salty" ]; default = "nacltai"; - description = mdDoc "Which protocol to use."; + description = "Which protocol to use."; }; privateKey = mkOption { type = with types; nullOr str; default = null; - description = mdDoc '' + description = '' Local secret key in hexadecimal form. ::: {.warning} @@ -91,7 +91,7 @@ in # This is a hack to deprecate `privateKey` without using `mkChangedModuleOption` default = if qtcfg.privateKey == null then null else pkgs.writeText "quickttun-key-${name}" qtcfg.privateKey; defaultText = "null"; - description = mdDoc '' + description = '' Path to file containing local secret key in binary or hexadecimal form. ::: {.note} @@ -103,7 +103,7 @@ in publicKey = mkOption { type = with types; nullOr str; default = null; - description = mdDoc '' + description = '' Remote public key in hexadecimal form. ::: {.note} @@ -115,7 +115,7 @@ in timeWindow = mkOption { type = types.ints.unsigned; default = 5; - description = mdDoc '' + description = '' Allowed time window for first received packet in seconds (positive number allows packets from history) ''; }; @@ -123,7 +123,7 @@ in upScript = mkOption { type = with types; nullOr lines; default = null; - description = mdDoc '' + description = '' Run specified command or script after the tunnel device has been opened. ''; }; diff --git a/nixos/modules/services/networking/quorum.nix b/nixos/modules/services/networking/quorum.nix index 4b90b12f86fc1..bddcd18c7fbe1 100644 --- a/nixos/modules/services/networking/quorum.nix +++ b/nixos/modules/services/networking/quorum.nix @@ -13,87 +13,87 @@ in { options = { services.quorum = { - enable = mkEnableOption (lib.mdDoc "Quorum blockchain daemon"); + enable = mkEnableOption "Quorum blockchain daemon"; user = mkOption { type = types.str; default = "quorum"; - description = lib.mdDoc "The user as which to run quorum."; + description = "The user as which to run quorum."; }; group = mkOption { type = types.str; default = cfg.user; defaultText = literalExpression "config.${opt.user}"; - description = lib.mdDoc "The group as which to run quorum."; + description = "The group as which to run quorum."; }; port = mkOption { type = types.port; default = 21000; - description = lib.mdDoc "Override the default port on which to listen for connections."; + description = "Override the default port on which to listen for connections."; }; nodekeyFile = mkOption { type = types.path; default = "${dataDir}/nodekey"; - description = lib.mdDoc "Path to the nodekey."; + description = "Path to the nodekey."; }; staticNodes = mkOption { type = types.listOf types.str; default = []; example = [ "enode://dd333ec28f0a8910c92eb4d336461eea1c20803eed9cf2c056557f986e720f8e693605bba2f4e8f289b1162e5ac7c80c914c7178130711e393ca76abc1d92f57@0.0.0.0:30303?discport=0" ]; - description = lib.mdDoc "List of validator nodes."; + description = "List of validator nodes."; }; privateconfig = mkOption { type = types.str; default = "ignore"; - description = lib.mdDoc "Configuration of privacy transaction manager."; + description = "Configuration of privacy transaction manager."; }; syncmode = mkOption { type = types.enum [ "fast" "full" "light" ]; default = "full"; - description = lib.mdDoc "Blockchain sync mode."; + description = "Blockchain sync mode."; }; blockperiod = mkOption { type = types.int; default = 5; - description = lib.mdDoc "Default minimum difference between two consecutive block's timestamps in seconds."; + description = "Default minimum difference between two consecutive block's timestamps in seconds."; }; permissioned = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Allow only a defined list of nodes to connect."; + description = "Allow only a defined list of nodes to connect."; }; rpc = { enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Enable RPC interface."; + description = "Enable RPC interface."; }; address = mkOption { type = types.str; default = "0.0.0.0"; - description = lib.mdDoc "Listening address for RPC connections."; + description = "Listening address for RPC connections."; }; port = mkOption { type = types.port; default = 22004; - description = lib.mdDoc "Override the default port on which to listen for RPC connections."; + description = "Override the default port on which to listen for RPC connections."; }; api = mkOption { type = types.str; default = "admin,db,eth,debug,miner,net,shh,txpool,personal,web3,quorum,istanbul"; - description = lib.mdDoc "API's offered over the HTTP-RPC interface."; + description = "API's offered over the HTTP-RPC interface."; }; }; @@ -101,31 +101,31 @@ in { enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Enable WS-RPC interface."; + description = "Enable WS-RPC interface."; }; address = mkOption { type = types.str; default = "0.0.0.0"; - description = lib.mdDoc "Listening address for WS-RPC connections."; + description = "Listening address for WS-RPC connections."; }; port = mkOption { type = types.port; default = 8546; - description = lib.mdDoc "Override the default port on which to listen for WS-RPC connections."; + description = "Override the default port on which to listen for WS-RPC connections."; }; api = mkOption { type = types.str; default = "admin,db,eth,debug,miner,net,shh,txpool,personal,web3,quorum,istanbul"; - description = lib.mdDoc "API's offered over the WS-RPC interface."; + description = "API's offered over the WS-RPC interface."; }; origins = mkOption { type = types.str; default = "*"; - description = lib.mdDoc "Origins from which to accept websockets requests"; + description = "Origins from which to accept websockets requests"; }; }; @@ -160,7 +160,7 @@ in { parentHash = "0x0000000000000000000000000000000000000000000000000000000000000000"; timestamp = "0x00"; }''; - description = lib.mdDoc "Blockchain genesis settings."; + description = "Blockchain genesis settings."; }; }; }; diff --git a/nixos/modules/services/networking/r53-ddns.nix b/nixos/modules/services/networking/r53-ddns.nix index 277b65dcecd47..a8839762d530d 100644 --- a/nixos/modules/services/networking/r53-ddns.nix +++ b/nixos/modules/services/networking/r53-ddns.nix @@ -10,27 +10,27 @@ in options = { services.r53-ddns = { - enable = mkEnableOption (lib.mdDoc "r53-ddyns"); + enable = mkEnableOption "r53-ddyns"; interval = mkOption { type = types.str; default = "15min"; - description = lib.mdDoc "How often to update the entry"; + description = "How often to update the entry"; }; zoneID = mkOption { type = types.str; - description = lib.mdDoc "The ID of your zone in Route53"; + description = "The ID of your zone in Route53"; }; domain = mkOption { type = types.str; - description = lib.mdDoc "The name of your domain in Route53"; + description = "The name of your domain in Route53"; }; hostname = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Manually specify the hostname. Otherwise the tool will try to use the name returned by the OS (Call to gethostname) ''; @@ -38,7 +38,7 @@ in environmentFile = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' File containing the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY in the format of an EnvironmentFile as described by systemd.exec(5) ''; diff --git a/nixos/modules/services/networking/radicale.nix b/nixos/modules/services/networking/radicale.nix index 00dbd6bbe386d..62a242e88c9b4 100644 --- a/nixos/modules/services/networking/radicale.nix +++ b/nixos/modules/services/networking/radicale.nix @@ -25,10 +25,10 @@ let in { options.services.radicale = { - enable = mkEnableOption (lib.mdDoc "Radicale CalDAV and CardDAV server"); + enable = mkEnableOption "Radicale CalDAV and CardDAV server"; package = mkOption { - description = lib.mdDoc "Radicale package to use."; + description = "Radicale package to use."; # Default cannot be pkgs.radicale because non-null values suppress # warnings about incompatible configuration and storage formats. type = with types; nullOr package // { inherit (package) description; }; @@ -39,7 +39,7 @@ in { config = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Radicale configuration, this will set the service configuration file. This option is mutually exclusive with {option}`settings`. @@ -50,7 +50,7 @@ in { settings = mkOption { type = format.type; default = { }; - description = lib.mdDoc '' + description = '' Configuration for Radicale. See <https://radicale.org/3.0.html#documentation/configuration>. This option is mutually exclusive with {option}`config`. @@ -72,7 +72,7 @@ in { rights = mkOption { type = format.type; - description = lib.mdDoc '' + description = '' Configuration for Radicale's rights file. See <https://radicale.org/3.0.html#documentation/authentication-and-rights>. This option only works in conjunction with {option}`settings`. @@ -102,7 +102,7 @@ in { extraArgs = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc "Extra arguments passed to the Radicale daemon."; + description = "Extra arguments passed to the Radicale daemon."; }; }; @@ -200,5 +200,5 @@ in { }; }; - meta.maintainers = with lib.maintainers; [ infinisil dotlambda ]; + meta.maintainers = with lib.maintainers; [ dotlambda ]; } diff --git a/nixos/modules/services/networking/radvd.nix b/nixos/modules/services/networking/radvd.nix index 57aa212870503..4e3e501d2f593 100644 --- a/nixos/modules/services/networking/radvd.nix +++ b/nixos/modules/services/networking/radvd.nix @@ -21,8 +21,7 @@ in enable = mkOption { type = types.bool; default = false; - description = - lib.mdDoc '' + description = '' Whether to enable the Router Advertisement Daemon ({command}`radvd`), which provides link-local advertisements of IPv6 router addresses and prefixes using @@ -43,8 +42,7 @@ in prefix 2001:db8:1234:5678::/64 { }; }; ''; - description = - lib.mdDoc '' + description = '' The contents of the radvd configuration file. ''; }; diff --git a/nixos/modules/services/networking/rdnssd.nix b/nixos/modules/services/networking/rdnssd.nix index c63356e734683..726ba409a81a3 100644 --- a/nixos/modules/services/networking/rdnssd.nix +++ b/nixos/modules/services/networking/rdnssd.nix @@ -20,8 +20,7 @@ in type = types.bool; default = false; #default = config.networking.enableIPv6; - description = - lib.mdDoc '' + description = '' Whether to enable the RDNSS daemon ({command}`rdnssd`), which configures DNS servers in {file}`/etc/resolv.conf` from RDNSS diff --git a/nixos/modules/services/networking/redsocks.nix b/nixos/modules/services/networking/redsocks.nix index 30d6a0a6336d4..279e416c9c986 100644 --- a/nixos/modules/services/networking/redsocks.nix +++ b/nixos/modules/services/networking/redsocks.nix @@ -11,26 +11,25 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable redsocks."; + description = "Whether to enable redsocks."; }; log_debug = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Log connection progress."; + description = "Log connection progress."; }; log_info = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Log start and end of client sessions."; + description = "Log start and end of client sessions."; }; log = mkOption { type = types.str; default = "stderr"; - description = - lib.mdDoc '' + description = '' Where to send logs. Possible values are: @@ -44,16 +43,14 @@ in chroot = mkOption { type = with types; nullOr str; default = null; - description = - lib.mdDoc '' + description = '' Chroot under which to run redsocks. Log file is opened before chroot, but if logging to syslog /etc/localtime may be required. ''; }; redsocks = mkOption { - description = - lib.mdDoc '' + description = '' Local port to proxy associations to be performed. The example shows how to configure a proxy to handle port 80 as HTTP @@ -73,8 +70,7 @@ in ip = mkOption { type = types.str; default = "127.0.0.1"; - description = - lib.mdDoc '' + description = '' IP on which redsocks should listen. Defaults to 127.0.0.1 for security reasons. ''; @@ -83,13 +79,12 @@ in port = mkOption { type = types.port; default = 12345; - description = lib.mdDoc "Port on which redsocks should listen."; + description = "Port on which redsocks should listen."; }; proxy = mkOption { type = types.str; - description = - lib.mdDoc '' + description = '' Proxy through which redsocks should forward incoming traffic. Example: "example.org:8080" ''; @@ -97,20 +92,19 @@ in type = mkOption { type = types.enum [ "socks4" "socks5" "http-connect" "http-relay" ]; - description = lib.mdDoc "Type of proxy."; + description = "Type of proxy."; }; login = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc "Login to send to proxy."; + description = "Login to send to proxy."; }; password = mkOption { type = with types; nullOr str; default = null; - description = - lib.mdDoc '' + description = '' Password to send to proxy. WARNING, this will end up world-readable in the store! Awaiting https://github.com/NixOS/nix/issues/8 to be able to fix. @@ -121,8 +115,7 @@ in type = types.enum [ "false" "X-Forwarded-For" "Forwarded_ip" "Forwarded_ipport" ]; default = "false"; - description = - lib.mdDoc '' + description = '' Way to disclose client IP to the proxy. - "false": do not disclose @@ -136,14 +129,13 @@ in redirectInternetOnly = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Exclude all non-globally-routable IPs from redsocks"; + description = "Exclude all non-globally-routable IPs from redsocks"; }; doNotRedirect = mkOption { type = with types; listOf str; default = []; - description = - lib.mdDoc '' + description = '' Iptables filters that if matched will get the packet off of redsocks. ''; @@ -153,8 +145,7 @@ in redirectCondition = mkOption { type = with types; either bool str; default = false; - description = - lib.mdDoc '' + description = '' Conditions to make outbound packets go through this redsocks instance. diff --git a/nixos/modules/services/networking/resilio.nix b/nixos/modules/services/networking/resilio.nix index 7f6358d00d0b5..395796d39db8e 100644 --- a/nixos/modules/services/networking/resilio.nix +++ b/nixos/modules/services/networking/resilio.nix @@ -76,7 +76,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' If enabled, start the Resilio Sync daemon. Once enabled, you can interact with the service through the Web UI, or configure it in your NixOS configuration. @@ -88,7 +88,7 @@ in example = "Voltron"; default = config.networking.hostName; defaultText = literalExpression "config.networking.hostName"; - description = lib.mdDoc '' + description = '' Name of the Resilio Sync device. ''; }; @@ -97,7 +97,7 @@ in type = types.int; default = 0; example = 44444; - description = lib.mdDoc '' + description = '' Listening port. Defaults to 0 which randomizes the port. ''; }; @@ -105,7 +105,7 @@ in checkForUpdates = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Determines whether to check for updates and alert the user about them in the UI. ''; @@ -114,7 +114,7 @@ in useUpnp = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Use Universal Plug-n-Play (UPnP) ''; }; @@ -123,7 +123,7 @@ in type = types.int; default = 0; example = 1024; - description = lib.mdDoc '' + description = '' Download speed limit. 0 is unlimited (default). ''; }; @@ -132,7 +132,7 @@ in type = types.int; default = 0; example = 1024; - description = lib.mdDoc '' + description = '' Upload speed limit. 0 is unlimited (default). ''; }; @@ -141,7 +141,7 @@ in type = types.str; default = "[::1]"; example = "0.0.0.0"; - description = lib.mdDoc '' + description = '' HTTP address to bind to. ''; }; @@ -149,7 +149,7 @@ in httpListenPort = mkOption { type = types.int; default = 9000; - description = lib.mdDoc '' + description = '' HTTP port to bind on. ''; }; @@ -158,7 +158,7 @@ in type = types.str; example = "allyourbase"; default = ""; - description = lib.mdDoc '' + description = '' HTTP web login username. ''; }; @@ -167,7 +167,7 @@ in type = types.str; example = "arebelongtous"; default = ""; - description = lib.mdDoc '' + description = '' HTTP web login password. ''; }; @@ -175,13 +175,13 @@ in encryptLAN = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Encrypt LAN data."; + description = "Encrypt LAN data."; }; enableWebUI = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable Web UI for administration. Bound to the specified `httpListenAddress` and `httpListenPort`. @@ -191,7 +191,7 @@ in storagePath = mkOption { type = types.path; default = "/var/lib/resilio-sync/"; - description = lib.mdDoc '' + description = '' Where BitTorrent Sync will store it's database files (containing things like username info and licenses). Generally, you should not need to ever change this. @@ -201,14 +201,14 @@ in apiKey = mkOption { type = types.str; default = ""; - description = lib.mdDoc "API key, which enables the developer API."; + description = "API key, which enables the developer API."; }; directoryRoot = mkOption { type = types.str; default = ""; example = "/media"; - description = lib.mdDoc "Default directory to add folders in the web UI."; + description = "Default directory to add folders in the web UI."; }; sharedFolders = mkOption { @@ -228,7 +228,7 @@ in ]; } ]; - description = lib.mdDoc '' + description = '' Shared folder list. If enabled, web UI must be disabled. Secrets can be generated using `rslsync --generate-secret`. diff --git a/nixos/modules/services/networking/robustirc-bridge.nix b/nixos/modules/services/networking/robustirc-bridge.nix index 9b93828c396c5..8bd7b12a9d710 100644 --- a/nixos/modules/services/networking/robustirc-bridge.nix +++ b/nixos/modules/services/networking/robustirc-bridge.nix @@ -8,12 +8,12 @@ in { options = { services.robustirc-bridge = { - enable = mkEnableOption (lib.mdDoc "RobustIRC bridge"); + enable = mkEnableOption "RobustIRC bridge"; extraFlags = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc ''Extra flags passed to the {command}`robustirc-bridge` command. See [RobustIRC Documentation](https://robustirc.net/docs/adminguide.html#_bridge) or robustirc-bridge(1) for details.''; + description = ''Extra flags passed to the {command}`robustirc-bridge` command. See [RobustIRC Documentation](https://robustirc.net/docs/adminguide.html#_bridge) or robustirc-bridge(1) for details.''; example = [ "-network robustirc.net" ]; diff --git a/nixos/modules/services/networking/rosenpass.nix b/nixos/modules/services/networking/rosenpass.nix index 487cb6f601429..373a6c7690799 100644 --- a/nixos/modules/services/networking/rosenpass.nix +++ b/nixos/modules/services/networking/rosenpass.nix @@ -13,7 +13,6 @@ let filterAttrsRecursive flatten getExe - mdDoc mkIf optional ; @@ -27,7 +26,6 @@ in let inherit (lib) literalExpression - mdDoc mkOption ; inherit (lib.types) @@ -40,13 +38,13 @@ in ; in { - enable = lib.mkEnableOption (mdDoc "Rosenpass"); + enable = lib.mkEnableOption "Rosenpass"; package = lib.mkPackageOption pkgs "rosenpass" { }; defaultDevice = mkOption { type = nullOr str; - description = mdDoc "Name of the network interface to use for all peers by default."; + description = "Name of the network interface to use for all peers by default."; example = "wg0"; }; @@ -57,17 +55,17 @@ in options = { public_key = mkOption { type = path; - description = mdDoc "Path to a file containing the public key of the local Rosenpass peer. Generate this by running {command}`rosenpass gen-keys`."; + description = "Path to a file containing the public key of the local Rosenpass peer. Generate this by running {command}`rosenpass gen-keys`."; }; secret_key = mkOption { type = path; - description = mdDoc "Path to a file containing the secret key of the local Rosenpass peer. Generate this by running {command}`rosenpass gen-keys`."; + description = "Path to a file containing the secret key of the local Rosenpass peer. Generate this by running {command}`rosenpass gen-keys`."; }; listen = mkOption { type = listOf str; - description = mdDoc "List of local endpoints to listen for connections."; + description = "List of local endpoints to listen for connections."; default = [ ]; example = literalExpression "[ \"0.0.0.0:10000\" ]"; }; @@ -75,7 +73,7 @@ in verbosity = mkOption { type = enum [ "Verbose" "Quiet" ]; default = "Quiet"; - description = mdDoc "Verbosity of output produced by the service."; + description = "Verbosity of output produced by the service."; }; peers = @@ -86,38 +84,38 @@ in options = { public_key = mkOption { type = path; - description = mdDoc "Path to a file containing the public key of the remote Rosenpass peer."; + description = "Path to a file containing the public key of the remote Rosenpass peer."; }; endpoint = mkOption { type = nullOr str; default = null; - description = mdDoc "Endpoint of the remote Rosenpass peer."; + description = "Endpoint of the remote Rosenpass peer."; }; device = mkOption { type = str; default = cfg.defaultDevice; defaultText = literalExpression "config.${opt.defaultDevice}"; - description = mdDoc "Name of the local WireGuard interface to use for this peer."; + description = "Name of the local WireGuard interface to use for this peer."; }; peer = mkOption { type = str; - description = mdDoc "WireGuard public key corresponding to the remote Rosenpass peer."; + description = "WireGuard public key corresponding to the remote Rosenpass peer."; }; }; }; in mkOption { type = listOf peer; - description = mdDoc "List of peers to exchange keys with."; + description = "List of peers to exchange keys with."; default = [ ]; }; }; }; default = { }; - description = mdDoc "Configuration for Rosenpass, see <https://rosenpass.eu/> for further information."; + description = "Configuration for Rosenpass, see <https://rosenpass.eu/> for further information."; }; }; @@ -133,21 +131,21 @@ in root = config.systemd.network.netdevs; peer = (x: x.wireguardPeers); key = (x: if x.wireguardPeerConfig ? PublicKey then x.wireguardPeerConfig.PublicKey else null); - description = mdDoc "${options.systemd.network.netdevs}.\"<name>\".wireguardPeers.*.wireguardPeerConfig.PublicKey"; + description = "${options.systemd.network.netdevs}.\"<name>\".wireguardPeers.*.wireguardPeerConfig.PublicKey"; } { relevant = config.networking.wireguard.enable; root = config.networking.wireguard.interfaces; peer = (x: x.peers); key = (x: x.publicKey); - description = mdDoc "${options.networking.wireguard.interfaces}.\"<name>\".peers.*.publicKey"; + description = "${options.networking.wireguard.interfaces}.\"<name>\".peers.*.publicKey"; } rec { relevant = root != { }; root = config.networking.wg-quick.interfaces; peer = (x: x.peers); key = (x: x.publicKey); - description = mdDoc "${options.networking.wg-quick.interfaces}.\"<name>\".peers.*.publicKey"; + description = "${options.networking.wg-quick.interfaces}.\"<name>\".peers.*.publicKey"; } ]; relevantExtractions = filter (x: x.relevant) extractions; diff --git a/nixos/modules/services/networking/routedns.nix b/nixos/modules/services/networking/routedns.nix index 126539702438f..e3047a29280aa 100644 --- a/nixos/modules/services/networking/routedns.nix +++ b/nixos/modules/services/networking/routedns.nix @@ -12,7 +12,7 @@ let in { options.services.routedns = { - enable = mkEnableOption (lib.mdDoc "RouteDNS - DNS stub resolver, proxy and router"); + enable = mkEnableOption "RouteDNS - DNS stub resolver, proxy and router"; settings = mkOption { type = settingsFormat.type; @@ -38,7 +38,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' Configuration for RouteDNS, see <https://github.com/folbricht/routedns/blob/master/doc/configuration.md> for more information. ''; @@ -49,7 +49,7 @@ in defaultText = "A RouteDNS configuration file automatically generated by values from services.routedns.*"; type = types.path; example = literalExpression ''"''${pkgs.routedns}/cmd/routedns/example-config/use-case-1.toml"''; - description = lib.mdDoc "Path to RouteDNS TOML configuration file."; + description = "Path to RouteDNS TOML configuration file."; }; package = mkPackageOption pkgs "routedns" { }; diff --git a/nixos/modules/services/networking/rpcbind.nix b/nixos/modules/services/networking/rpcbind.nix index 63c4859fbd07a..e7814e7cdee50 100644 --- a/nixos/modules/services/networking/rpcbind.nix +++ b/nixos/modules/services/networking/rpcbind.nix @@ -13,7 +13,7 @@ with lib; enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable `rpcbind`, an ONC RPC directory service notably used by NFS and NIS, and which can be queried using the rpcinfo(1) command. `rpcbind` is a replacement for diff --git a/nixos/modules/services/networking/rxe.nix b/nixos/modules/services/networking/rxe.nix index 07437ed71195b..2f283c3767fab 100644 --- a/nixos/modules/services/networking/rxe.nix +++ b/nixos/modules/services/networking/rxe.nix @@ -10,12 +10,12 @@ in { options = { networking.rxe = { - enable = mkEnableOption (lib.mdDoc "RDMA over converged ethernet"); + enable = mkEnableOption "RDMA over converged ethernet"; interfaces = mkOption { type = types.listOf types.str; default = [ ]; example = [ "eth0" ]; - description = lib.mdDoc '' + description = '' Enable RDMA on the listed interfaces. The corresponding virtual RDMA interfaces will be named rxe_\<interface\>. UDP port 4791 must be open on the respective ethernet interfaces. diff --git a/nixos/modules/services/networking/sabnzbd.nix b/nixos/modules/services/networking/sabnzbd.nix index 2f0d17ad3d177..10b3a8cd5976f 100644 --- a/nixos/modules/services/networking/sabnzbd.nix +++ b/nixos/modules/services/networking/sabnzbd.nix @@ -15,32 +15,32 @@ in options = { services.sabnzbd = { - enable = mkEnableOption (lib.mdDoc "the sabnzbd server"); + enable = mkEnableOption "the sabnzbd server"; package = mkPackageOption pkgs "sabnzbd" { }; configFile = mkOption { type = types.path; default = "/var/lib/sabnzbd/sabnzbd.ini"; - description = lib.mdDoc "Path to config file."; + description = "Path to config file."; }; user = mkOption { default = "sabnzbd"; type = types.str; - description = lib.mdDoc "User to run the service as"; + description = "User to run the service as"; }; group = mkOption { type = types.str; default = "sabnzbd"; - description = lib.mdDoc "Group to run the service as"; + description = "Group to run the service as"; }; openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Open ports in the firewall for the sabnzbd web interface ''; }; diff --git a/nixos/modules/services/networking/scion/scion-control.nix b/nixos/modules/services/networking/scion/scion-control.nix index fdf3a9ba3cc15..c3a22039aa524 100644 --- a/nixos/modules/services/networking/scion/scion-control.nix +++ b/nixos/modules/services/networking/scion/scion-control.nix @@ -28,7 +28,7 @@ let in { options.services.scion.scion-control = { - enable = mkEnableOption (lib.mdDoc "the scion-control service"); + enable = mkEnableOption "the scion-control service"; settings = mkOption { default = { }; type = toml.type; @@ -42,7 +42,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' scion-control configuration. Refer to <https://docs.scion.org/en/latest/manuals/common.html> for details on supported values. diff --git a/nixos/modules/services/networking/scion/scion-daemon.nix b/nixos/modules/services/networking/scion/scion-daemon.nix index 0bcc18771fc3c..53b56841c3929 100644 --- a/nixos/modules/services/networking/scion/scion-daemon.nix +++ b/nixos/modules/services/networking/scion/scion-daemon.nix @@ -25,7 +25,7 @@ let in { options.services.scion.scion-daemon = { - enable = mkEnableOption (lib.mdDoc "the scion-daemon service"); + enable = mkEnableOption "the scion-daemon service"; settings = mkOption { default = { }; type = toml.type; @@ -39,7 +39,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' scion-daemon configuration. Refer to <https://docs.scion.org/en/latest/manuals/common.html> for details on supported values. diff --git a/nixos/modules/services/networking/scion/scion-dispatcher.nix b/nixos/modules/services/networking/scion/scion-dispatcher.nix index bab1ec0a989b5..05d1fd0782af5 100644 --- a/nixos/modules/services/networking/scion/scion-dispatcher.nix +++ b/nixos/modules/services/networking/scion/scion-dispatcher.nix @@ -19,7 +19,7 @@ let in { options.services.scion.scion-dispatcher = { - enable = mkEnableOption (lib.mdDoc "the scion-dispatcher service"); + enable = mkEnableOption "the scion-dispatcher service"; settings = mkOption { default = { }; type = toml.type; @@ -35,7 +35,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' scion-dispatcher configuration. Refer to <https://docs.scion.org/en/latest/manuals/common.html> for details on supported values. diff --git a/nixos/modules/services/networking/scion/scion-router.nix b/nixos/modules/services/networking/scion/scion-router.nix index cbe83c6dbf8d1..488dfd12b3a57 100644 --- a/nixos/modules/services/networking/scion/scion-router.nix +++ b/nixos/modules/services/networking/scion/scion-router.nix @@ -15,7 +15,7 @@ let in { options.services.scion.scion-router = { - enable = mkEnableOption (lib.mdDoc "the scion-router service"); + enable = mkEnableOption "the scion-router service"; settings = mkOption { default = { }; type = toml.type; @@ -24,7 +24,7 @@ in general.id = "br"; } ''; - description = lib.mdDoc '' + description = '' scion-router configuration. Refer to <https://docs.scion.org/en/latest/manuals/common.html> for details on supported values. diff --git a/nixos/modules/services/networking/scion/scion.nix b/nixos/modules/services/networking/scion/scion.nix index 704f942b5d9e3..5e3445edbb89a 100644 --- a/nixos/modules/services/networking/scion/scion.nix +++ b/nixos/modules/services/networking/scion/scion.nix @@ -7,11 +7,11 @@ let in { options.services.scion = { - enable = mkEnableOption (lib.mdDoc "all of the scion components and services"); + enable = mkEnableOption "all of the scion components and services"; bypassBootstrapWarning = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' bypass Nix warning about SCION PKI bootstrapping ''; }; diff --git a/nixos/modules/services/networking/seafile.nix b/nixos/modules/services/networking/seafile.nix index b2d12234900ac..486bc145cd5d6 100644 --- a/nixos/modules/services/networking/seafile.nix +++ b/nixos/modules/services/networking/seafile.nix @@ -38,7 +38,7 @@ in ###### Interface options.services.seafile = { - enable = mkEnableOption (lib.mdDoc "Seafile server"); + enable = mkEnableOption "Seafile server"; ccnetSettings = mkOption { type = types.submodule { @@ -49,7 +49,7 @@ in SERVICE_URL = mkOption { type = types.str; example = "https://www.example.com"; - description = lib.mdDoc '' + description = '' Seahub public URL. ''; }; @@ -57,7 +57,7 @@ in }; }; default = { }; - description = lib.mdDoc '' + description = '' Configuration for ccnet, see <https://manual.seafile.com/config/ccnet-conf/> for supported values. @@ -73,7 +73,7 @@ in port = mkOption { type = types.port; default = 8082; - description = lib.mdDoc '' + description = '' The tcp port used by seafile fileserver. ''; }; @@ -81,7 +81,7 @@ in type = types.str; default = "127.0.0.1"; example = "0.0.0.0"; - description = lib.mdDoc '' + description = '' The binding address used by seafile fileserver. ''; }; @@ -89,7 +89,7 @@ in }; }; default = { }; - description = lib.mdDoc '' + description = '' Configuration for seafile-server, see <https://manual.seafile.com/config/seafile-conf/> for supported values. @@ -100,7 +100,7 @@ in type = types.int; default = 4; example = 10; - description = lib.mdDoc '' + description = '' The number of gunicorn worker processes for handling requests. ''; }; @@ -108,7 +108,7 @@ in adminEmail = mkOption { example = "john@example.com"; type = types.str; - description = lib.mdDoc '' + description = '' Seafile Seahub Admin Account Email. ''; }; @@ -116,7 +116,7 @@ in initialAdminPassword = mkOption { example = "someStrongPass"; type = types.str; - description = lib.mdDoc '' + description = '' Seafile Seahub Admin Account initial password. Should be change via Seahub web front-end. ''; @@ -127,7 +127,7 @@ in seahubExtraConf = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Extra config to append to `seahub_settings.py` file. Refer to <https://manual.seafile.com/config/seahub_settings_py/> for all available options. diff --git a/nixos/modules/services/networking/searx.nix b/nixos/modules/services/networking/searx.nix index 5bbf875f0d57b..15bb097d23fd2 100644 --- a/nixos/modules/services/networking/searx.nix +++ b/nixos/modules/services/networking/searx.nix @@ -49,13 +49,13 @@ in type = types.bool; default = false; relatedPackages = [ "searx" ]; - description = lib.mdDoc "Whether to enable Searx, the meta search engine."; + description = "Whether to enable Searx, the meta search engine."; }; environmentFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Environment file (see `systemd.exec(5)` "EnvironmentFile=" section for the syntax) to define variables for Searx. This option can be used to safely include secret keys into the @@ -66,7 +66,7 @@ in redisCreateLocally = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Configure a local Redis server for SearXNG. This is required if you want to enable the rate limiter and bot protection of SearXNG. ''; @@ -88,7 +88,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' Searx settings. These will be merged with (taking precedence over) the default configuration. It's also possible to refer to environment variables @@ -105,7 +105,7 @@ in settingsFile = mkOption { type = types.path; default = "${runDir}/settings.yml"; - description = lib.mdDoc '' + description = '' The path of the Searx server settings.yml file. If no file is specified, a default file is used (default config file has debug mode enabled). Note: setting this options overrides @@ -133,7 +133,7 @@ in ]; } ''; - description = lib.mdDoc '' + description = '' Limiter settings for SearXNG. ::: {.note} @@ -148,7 +148,7 @@ in runInUwsgi = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to run searx in uWSGI as a "vassal", instead of using its built-in HTTP server. This is the recommended mode for public or large instances, but is unnecessary for LAN or local-only use. @@ -170,7 +170,7 @@ in chmod-socket = "660"; # allow the searx group to read/write to the socket } ''; - description = lib.mdDoc '' + description = '' Additional configuration of the uWSGI vassal running searx. It should notably specify on which interfaces and ports the vassal should listen. diff --git a/nixos/modules/services/networking/shadowsocks.nix b/nixos/modules/services/networking/shadowsocks.nix index 2034dca6f26b2..2f6f40f2b0f60 100644 --- a/nixos/modules/services/networking/shadowsocks.nix +++ b/nixos/modules/services/networking/shadowsocks.nix @@ -34,7 +34,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to run shadowsocks-libev shadowsocks server. ''; }; @@ -42,7 +42,7 @@ in localAddress = mkOption { type = types.coercedTo types.str singleton (types.listOf types.str); default = [ "[::0]" "0.0.0.0" ]; - description = lib.mdDoc '' + description = '' Local addresses to which the server binds. ''; }; @@ -50,7 +50,7 @@ in port = mkOption { type = types.port; default = 8388; - description = lib.mdDoc '' + description = '' Port which the server uses. ''; }; @@ -58,7 +58,7 @@ in password = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Password for connecting clients. ''; }; @@ -66,7 +66,7 @@ in passwordFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Password file with a password for connecting clients. ''; }; @@ -74,7 +74,7 @@ in mode = mkOption { type = types.enum [ "tcp_only" "tcp_and_udp" "udp_only" ]; default = "tcp_and_udp"; - description = lib.mdDoc '' + description = '' Relay protocols. ''; }; @@ -82,7 +82,7 @@ in fastOpen = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' use TCP fast-open ''; }; @@ -90,7 +90,7 @@ in encryptionMethod = mkOption { type = types.str; default = "chacha20-ietf-poly1305"; - description = lib.mdDoc '' + description = '' Encryption method. See <https://github.com/shadowsocks/shadowsocks-org/wiki/AEAD-Ciphers>. ''; }; @@ -99,7 +99,7 @@ in type = types.nullOr types.str; default = null; example = literalExpression ''"''${pkgs.shadowsocks-v2ray-plugin}/bin/v2ray-plugin"''; - description = lib.mdDoc '' + description = '' SIP003 plugin for shadowsocks ''; }; @@ -108,7 +108,7 @@ in type = types.str; default = ""; example = "server;host=example.com"; - description = lib.mdDoc '' + description = '' Options to pass to the plugin if one was specified ''; }; @@ -119,7 +119,7 @@ in example = { nameserver = "8.8.8.8"; }; - description = lib.mdDoc '' + description = '' Additional configuration for shadowsocks that is not covered by the provided options. The provided attrset will be serialized to JSON and has to contain valid shadowsocks options. Unfortunately most @@ -136,10 +136,16 @@ in ###### implementation config = mkIf cfg.enable { - assertions = singleton - { assertion = cfg.password == null || cfg.passwordFile == null; - message = "Cannot use both password and passwordFile for shadowsocks-libev"; - }; + assertions = [ + { + # xor, make sure either password or passwordFile be set. + # shadowsocks-libev not support plain/none encryption method + # which indicated that password must set. + assertion = let noPasswd = cfg.password == null; noPasswdFile = cfg.passwordFile == null; + in (noPasswd && !noPasswdFile) || (!noPasswd && noPasswdFile); + message = "Option `password` or `passwordFile` must be set and cannot be set simultaneously"; + } + ]; systemd.services.shadowsocks-libev = { description = "shadowsocks-libev Daemon"; diff --git a/nixos/modules/services/networking/shairport-sync.nix b/nixos/modules/services/networking/shairport-sync.nix index 75684eea3ad18..eb61663e4d922 100644 --- a/nixos/modules/services/networking/shairport-sync.nix +++ b/nixos/modules/services/networking/shairport-sync.nix @@ -19,7 +19,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable the shairport-sync daemon. Running with a local system-wide or remote pulseaudio server @@ -30,7 +30,7 @@ in arguments = mkOption { type = types.str; default = "-v -o pa"; - description = lib.mdDoc '' + description = '' Arguments to pass to the daemon. Defaults to a local pulseaudio server. ''; @@ -39,7 +39,7 @@ in openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to automatically open ports in the firewall. ''; }; @@ -47,7 +47,7 @@ in user = mkOption { type = types.str; default = "shairport"; - description = lib.mdDoc '' + description = '' User account name under which to run shairport-sync. The account will be created. ''; @@ -56,7 +56,7 @@ in group = mkOption { type = types.str; default = "shairport"; - description = lib.mdDoc '' + description = '' Group account name under which to run shairport-sync. The account will be created. ''; diff --git a/nixos/modules/services/networking/shellhub-agent.nix b/nixos/modules/services/networking/shellhub-agent.nix index ad33c50f9d633..57825945d9f76 100644 --- a/nixos/modules/services/networking/shellhub-agent.nix +++ b/nixos/modules/services/networking/shellhub-agent.nix @@ -12,14 +12,14 @@ in services.shellhub-agent = { - enable = mkEnableOption (lib.mdDoc "ShellHub Agent daemon"); + enable = mkEnableOption "ShellHub Agent daemon"; package = mkPackageOption pkgs "shellhub-agent" { }; preferredHostname = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Set the device preferred hostname. This provides a hint to the server to use this as hostname if it is available. ''; @@ -28,7 +28,7 @@ in keepAliveInterval = mkOption { type = types.int; default = 30; - description = lib.mdDoc '' + description = '' Determine the interval to send the keep alive message to the server. This has a direct impact of the bandwidth used by the device. @@ -38,7 +38,7 @@ in tenantId = mkOption { type = types.str; example = "ba0a880c-2ada-11eb-a35e-17266ef329d6"; - description = lib.mdDoc '' + description = '' The tenant ID to use when connecting to the ShellHub Gateway. ''; @@ -47,7 +47,7 @@ in server = mkOption { type = types.str; default = "https://cloud.shellhub.io"; - description = lib.mdDoc '' + description = '' Server address of ShellHub Gateway to connect. ''; }; @@ -55,7 +55,7 @@ in privateKey = mkOption { type = types.path; default = "/var/lib/shellhub-agent/private.key"; - description = lib.mdDoc '' + description = '' Location where to store the ShellHub Agent private key. ''; diff --git a/nixos/modules/services/networking/shorewall.nix b/nixos/modules/services/networking/shorewall.nix index ba59d71120da5..05087aaa8b3b8 100644 --- a/nixos/modules/services/networking/shorewall.nix +++ b/nixos/modules/services/networking/shorewall.nix @@ -8,7 +8,7 @@ in { enable = lib.mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable Shorewall IPv4 Firewall. ::: {.warning} @@ -22,12 +22,12 @@ in { type = types.package; default = pkgs.shorewall; defaultText = lib.literalExpression "pkgs.shorewall"; - description = lib.mdDoc "The shorewall package to use."; + description = "The shorewall package to use."; }; configs = lib.mkOption { type = types.attrsOf types.lines; default = {}; - description = lib.mdDoc '' + description = '' This option defines the Shorewall configs. The attribute name defines the name of the config, and the attribute value defines the content of the config. diff --git a/nixos/modules/services/networking/shorewall6.nix b/nixos/modules/services/networking/shorewall6.nix index e54be290bfb39..1eab3284d15fd 100644 --- a/nixos/modules/services/networking/shorewall6.nix +++ b/nixos/modules/services/networking/shorewall6.nix @@ -8,7 +8,7 @@ in { enable = lib.mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable Shorewall IPv6 Firewall. ::: {.warning} @@ -22,12 +22,12 @@ in { type = types.package; default = pkgs.shorewall; defaultText = lib.literalExpression "pkgs.shorewall"; - description = lib.mdDoc "The shorewall package to use."; + description = "The shorewall package to use."; }; configs = lib.mkOption { type = types.attrsOf types.lines; default = {}; - description = lib.mdDoc '' + description = '' This option defines the Shorewall configs. The attribute name defines the name of the config, and the attribute value defines the content of the config. diff --git a/nixos/modules/services/networking/shout.nix b/nixos/modules/services/networking/shout.nix index 0b1687d44d9e7..017b8590197af 100644 --- a/nixos/modules/services/networking/shout.nix +++ b/nixos/modules/services/networking/shout.nix @@ -23,12 +23,12 @@ let in { options.services.shout = { - enable = mkEnableOption (lib.mdDoc "Shout web IRC client"); + enable = mkEnableOption "Shout web IRC client"; private = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Make your shout instance private. You will need to configure user accounts by adding entries in {file}`${shoutHome}/users`. ''; @@ -37,19 +37,19 @@ in { listenAddress = mkOption { type = types.str; default = "0.0.0.0"; - description = lib.mdDoc "IP interface to listen on for http connections."; + description = "IP interface to listen on for http connections."; }; port = mkOption { type = types.port; default = 9000; - description = lib.mdDoc "TCP port to listen on for http connections."; + description = "TCP port to listen on for http connections."; }; configFile = mkOption { type = types.nullOr types.lines; default = null; - description = lib.mdDoc '' + description = '' Contents of Shout's {file}`config.js` file. Used for backward compatibility, recommended way is now to use @@ -70,7 +70,7 @@ in { port = 6697; }; }; - description = lib.mdDoc '' + description = '' Shout {file}`config.js` contents as attribute set (will be converted to JSON to generate the configuration file). diff --git a/nixos/modules/services/networking/sing-box.nix b/nixos/modules/services/networking/sing-box.nix index ea7363713601e..9f09e528e74d5 100644 --- a/nixos/modules/services/networking/sing-box.nix +++ b/nixos/modules/services/networking/sing-box.nix @@ -11,7 +11,7 @@ in options = { services.sing-box = { - enable = lib.mkEnableOption (lib.mdDoc "sing-box universal proxy platform"); + enable = lib.mkEnableOption "sing-box universal proxy platform"; package = lib.mkPackageOption pkgs "sing-box" { }; @@ -24,7 +24,7 @@ in type = lib.types.path; default = "${pkgs.sing-geoip}/share/sing-box/geoip.db"; defaultText = lib.literalExpression "\${pkgs.sing-geoip}/share/sing-box/geoip.db"; - description = lib.mdDoc '' + description = '' The path to the sing-geoip database. ''; }; @@ -32,7 +32,7 @@ in type = lib.types.path; default = "${pkgs.sing-geosite}/share/sing-box/geosite.db"; defaultText = lib.literalExpression "\${pkgs.sing-geosite}/share/sing-box/geosite.db"; - description = lib.mdDoc '' + description = '' The path to the sing-geosite database. ''; }; @@ -40,7 +40,7 @@ in }; }; default = { }; - description = lib.mdDoc '' + description = '' The sing-box configuration, see https://sing-box.sagernet.org/configuration/ for documentation. Options containing secret data should be set to an attribute set diff --git a/nixos/modules/services/networking/sitespeed-io.nix b/nixos/modules/services/networking/sitespeed-io.nix index f7eab0bb19d77..2af12ac0be520 100644 --- a/nixos/modules/services/networking/sitespeed-io.nix +++ b/nixos/modules/services/networking/sitespeed-io.nix @@ -5,38 +5,38 @@ let in { options.services.sitespeed-io = { - enable = lib.mkEnableOption (lib.mdDoc "Sitespeed.io"); + enable = lib.mkEnableOption "Sitespeed.io"; user = lib.mkOption { type = lib.types.str; default = "sitespeed-io"; - description = lib.mdDoc "User account under which sitespeed-io runs."; + description = "User account under which sitespeed-io runs."; }; package = lib.mkOption { type = lib.types.package; default = pkgs.sitespeed-io; defaultText = "pkgs.sitespeed-io"; - description = lib.mdDoc "Sitespeed.io package to use."; + description = "Sitespeed.io package to use."; }; dataDir = lib.mkOption { default = "/var/lib/sitespeed-io"; type = lib.types.str; - description = lib.mdDoc "The base sitespeed-io data directory."; + description = "The base sitespeed-io data directory."; }; period = lib.mkOption { type = lib.types.str; default = "hourly"; - description = lib.mdDoc '' + description = '' Systemd calendar expression when to run. See {manpage}`systemd.time(7)`. ''; }; runs = lib.mkOption { default = [ ]; - description = lib.mdDoc '' + description = '' A list of run configurations. The service will call sitespeed-io once for every run listed here. This lets you examine different websites with different sitespeed-io settings. @@ -46,7 +46,7 @@ in urls = lib.mkOption { type = with lib.types; listOf str; default = []; - description = lib.mdDoc '' + description = '' URLs the service should monitor. ''; }; @@ -57,7 +57,7 @@ in options = { }; }; default = { }; - description = lib.mdDoc '' + description = '' Configuration for sitespeed-io, see <https://www.sitespeed.io/documentation/sitespeed.io/configuration/> for available options. The value here will be directly transformed to @@ -68,7 +68,7 @@ in extraArgs = lib.mkOption { type = with lib.types; listOf str; default = []; - description = lib.mdDoc '' + description = '' Extra command line arguments to pass to the program. ''; }; diff --git a/nixos/modules/services/networking/skydns.nix b/nixos/modules/services/networking/skydns.nix index 0514bff2767e6..8c38a5fa64209 100644 --- a/nixos/modules/services/networking/skydns.nix +++ b/nixos/modules/services/networking/skydns.nix @@ -7,51 +7,51 @@ let in { options.services.skydns = { - enable = mkEnableOption (lib.mdDoc "skydns service"); + enable = mkEnableOption "skydns service"; etcd = { machines = mkOption { default = [ "http://127.0.0.1:2379" ]; type = types.listOf types.str; - description = lib.mdDoc "Skydns list of etcd endpoints to connect to."; + description = "Skydns list of etcd endpoints to connect to."; }; tlsKey = mkOption { default = null; type = types.nullOr types.path; - description = lib.mdDoc "Skydns path of TLS client certificate - private key."; + description = "Skydns path of TLS client certificate - private key."; }; tlsPem = mkOption { default = null; type = types.nullOr types.path; - description = lib.mdDoc "Skydns path of TLS client certificate - public key."; + description = "Skydns path of TLS client certificate - public key."; }; caCert = mkOption { default = null; type = types.nullOr types.path; - description = lib.mdDoc "Skydns path of TLS certificate authority public key."; + description = "Skydns path of TLS certificate authority public key."; }; }; address = mkOption { default = "0.0.0.0:53"; type = types.str; - description = lib.mdDoc "Skydns address to bind to."; + description = "Skydns address to bind to."; }; domain = mkOption { default = "skydns.local."; type = types.str; - description = lib.mdDoc "Skydns default domain if not specified by etcd config."; + description = "Skydns default domain if not specified by etcd config."; }; nameservers = mkOption { default = map (n: n + ":53") config.networking.nameservers; defaultText = literalExpression ''map (n: n + ":53") config.networking.nameservers''; type = types.listOf types.str; - description = lib.mdDoc "Skydns list of nameservers to forward DNS requests to when not authoritative for a domain."; + description = "Skydns list of nameservers to forward DNS requests to when not authoritative for a domain."; example = ["8.8.8.8:53" "8.8.4.4:53"]; }; @@ -60,7 +60,7 @@ in { extraConfig = mkOption { default = {}; type = types.attrsOf types.str; - description = lib.mdDoc "Skydns attribute set of extra config options passed as environment variables."; + description = "Skydns attribute set of extra config options passed as environment variables."; }; }; diff --git a/nixos/modules/services/networking/smartdns.nix b/nixos/modules/services/networking/smartdns.nix index af8ee8b00c0a3..dcae26333a2a8 100644 --- a/nixos/modules/services/networking/smartdns.nix +++ b/nixos/modules/services/networking/smartdns.nix @@ -20,12 +20,12 @@ let } cfg.settings); in { options.services.smartdns = { - enable = mkEnableOption (lib.mdDoc "SmartDNS DNS server"); + enable = mkEnableOption "SmartDNS DNS server"; bindPort = mkOption { type = types.port; default = 53; - description = lib.mdDoc "DNS listening port number."; + description = "DNS listening port number."; }; settings = mkOption { @@ -42,7 +42,7 @@ in { speed-check-mode = "ping,tcp:80"; }; ''; - description = lib.mdDoc '' + description = '' A set that will be generated into configuration file, see the [SmartDNS README](https://github.com/pymumu/smartdns/blob/master/ReadMe_en.md#configuration-parameter) for details of configuration parameters. You could override the options here like {option}`services.smartdns.bindPort` by writing `settings.bind = ":5353 -no-rule -group example";`. ''; diff --git a/nixos/modules/services/networking/smokeping.nix b/nixos/modules/services/networking/smokeping.nix index 4ecf411c74967..38d6e4452c97b 100644 --- a/nixos/modules/services/networking/smokeping.nix +++ b/nixos/modules/services/networking/smokeping.nix @@ -49,7 +49,7 @@ in { options = { services.smokeping = { - enable = mkEnableOption (lib.mdDoc "smokeping service"); + enable = mkEnableOption "smokeping service"; alertConfig = mkOption { type = types.lines; @@ -67,19 +67,19 @@ in pattern = >0%,*12*,>0%,*12*,>0% comment = loss 3 times in a row; ''; - description = lib.mdDoc "Configuration for alerts."; + description = "Configuration for alerts."; }; cgiUrl = mkOption { type = types.str; default = "http://${cfg.hostName}:${toString cfg.port}/smokeping.cgi"; defaultText = literalExpression ''"http://''${hostName}:''${toString port}/smokeping.cgi"''; example = "https://somewhere.example.com/smokeping.cgi"; - description = lib.mdDoc "URL to the smokeping cgi."; + description = "URL to the smokeping cgi."; }; config = mkOption { type = types.nullOr types.lines; default = null; - description = lib.mdDoc '' + description = '' Full smokeping config supplied by the user. Overrides and replaces any other configuration supplied. ''; @@ -112,28 +112,28 @@ in MAX 0.5 144 7200 MIN 0.5 144 7200 ''; - description = lib.mdDoc ''Configure the ping frequency and retention of the rrd files. + description = ''Configure the ping frequency and retention of the rrd files. Once set, changing the interval will require deletion or migration of all the collected data.''; }; extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Any additional customization not already included."; + description = "Any additional customization not already included."; }; hostName = mkOption { type = types.str; default = config.networking.fqdn; defaultText = literalExpression "config.networking.fqdn"; example = "somewhere.example.com"; - description = lib.mdDoc "DNS name for the urls generated in the cgi."; + description = "DNS name for the urls generated in the cgi."; }; imgUrl = mkOption { type = types.str; default = "cache"; defaultText = literalExpression ''"cache"''; example = "https://somewhere.example.com/cache"; - description = lib.mdDoc '' + description = '' Base url for images generated in the cgi. The default is a relative URL to ensure it works also when e.g. forwarding @@ -144,33 +144,33 @@ in type = types.enum [ "original" "absolute" "relative" ]; default = "relative"; example = "absolute"; - description = lib.mdDoc "DNS name for the urls generated in the cgi."; + description = "DNS name for the urls generated in the cgi."; }; mailHost = mkOption { type = types.str; default = ""; example = "localhost"; - description = lib.mdDoc "Use this SMTP server to send alerts"; + description = "Use this SMTP server to send alerts"; }; owner = mkOption { type = types.str; default = "nobody"; example = "Bob Foobawr"; - description = lib.mdDoc "Real name of the owner of the instance"; + description = "Real name of the owner of the instance"; }; ownerEmail = mkOption { type = types.str; default = "no-reply@${cfg.hostName}"; defaultText = literalExpression ''"no-reply@''${hostName}"''; example = "no-reply@yourdomain.com"; - description = lib.mdDoc "Email contact for owner"; + description = "Email contact for owner"; }; package = mkPackageOption pkgs "smokeping" { }; host = mkOption { type = types.nullOr types.str; default = "localhost"; example = "192.0.2.1"; # rfc5737 example IP for documentation - description = lib.mdDoc '' + description = '' Host/IP to bind to for the web server. Setting it to `null` skips passing the -h option to thttpd, @@ -180,7 +180,7 @@ in port = mkOption { type = types.port; default = 8081; - description = lib.mdDoc "TCP port to use for the web server."; + description = "TCP port to use for the web server."; }; presentationConfig = mkOption { type = types.lines; @@ -221,13 +221,13 @@ in "Last 10 Days" 10d "Last 360 Days" 360d ''; - description = lib.mdDoc "presentation graph style"; + description = "presentation graph style"; }; presentationTemplate = mkOption { type = types.str; default = "${pkgs.smokeping}/etc/basepage.html.dist"; defaultText = literalExpression ''"''${pkgs.smokeping}/etc/basepage.html.dist"''; - description = lib.mdDoc "Default page layout for the web UI."; + description = "Default page layout for the web UI."; }; probeConfig = mkOption { type = types.lines; @@ -241,19 +241,19 @@ in binary = ''${config.security.wrapperDir}/fping ''' ''; - description = lib.mdDoc "Probe configuration"; + description = "Probe configuration"; }; sendmail = mkOption { type = types.nullOr types.path; default = null; example = "/run/wrappers/bin/sendmail"; - description = lib.mdDoc "Use this sendmail compatible script to deliver alerts"; + description = "Use this sendmail compatible script to deliver alerts"; }; smokeMailTemplate = mkOption { type = types.str; default = "${cfg.package}/etc/smokemail.dist"; defaultText = literalExpression ''"''${package}/etc/smokemail.dist"''; - description = lib.mdDoc "Specify the smokemail template for alerts."; + description = "Specify the smokemail template for alerts."; }; targetConfig = mkOption { type = types.lines; @@ -271,17 +271,17 @@ in title = This host host = localhost ''; - description = lib.mdDoc "Target configuration"; + description = "Target configuration"; }; user = mkOption { type = types.str; default = "smokeping"; - description = lib.mdDoc "User that runs smokeping and (optionally) thttpd. A group of the same name will be created as well."; + description = "User that runs smokeping and (optionally) thttpd. A group of the same name will be created as well."; }; webService = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Enable a smokeping web interface"; + description = "Enable a smokeping web interface"; }; }; diff --git a/nixos/modules/services/networking/sniproxy.nix b/nixos/modules/services/networking/sniproxy.nix index b805b7b44d72e..adca5398e4abf 100644 --- a/nixos/modules/services/networking/sniproxy.nix +++ b/nixos/modules/services/networking/sniproxy.nix @@ -18,24 +18,24 @@ in options = { services.sniproxy = { - enable = mkEnableOption (lib.mdDoc "sniproxy server"); + enable = mkEnableOption "sniproxy server"; user = mkOption { type = types.str; default = "sniproxy"; - description = lib.mdDoc "User account under which sniproxy runs."; + description = "User account under which sniproxy runs."; }; group = mkOption { type = types.str; default = "sniproxy"; - description = lib.mdDoc "Group under which sniproxy runs."; + description = "Group under which sniproxy runs."; }; config = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "sniproxy.conf configuration excluding the daemon username and pid file."; + description = "sniproxy.conf configuration excluding the daemon username and pid file."; example = '' error_log { filename /var/log/sniproxy/error.log diff --git a/nixos/modules/services/networking/snowflake-proxy.nix b/nixos/modules/services/networking/snowflake-proxy.nix index 19b68f1e20ba6..078fb382bae61 100644 --- a/nixos/modules/services/networking/snowflake-proxy.nix +++ b/nixos/modules/services/networking/snowflake-proxy.nix @@ -8,28 +8,28 @@ in { options = { services.snowflake-proxy = { - enable = mkEnableOption (lib.mdDoc "snowflake-proxy, a system to defeat internet censorship"); + enable = mkEnableOption "snowflake-proxy, a system to defeat internet censorship"; broker = mkOption { - description = lib.mdDoc "Broker URL (default \"https://snowflake-broker.torproject.net/\")"; + description = "Broker URL (default \"https://snowflake-broker.torproject.net/\")"; type = with types; nullOr str; default = null; }; capacity = mkOption { - description = lib.mdDoc "Limits the amount of maximum concurrent clients allowed."; + description = "Limits the amount of maximum concurrent clients allowed."; type = with types; nullOr int; default = null; }; relay = mkOption { - description = lib.mdDoc "websocket relay URL (default \"wss://snowflake.bamsoftware.com/\")"; + description = "websocket relay URL (default \"wss://snowflake.bamsoftware.com/\")"; type = with types; nullOr str; default = null; }; stun = mkOption { - description = lib.mdDoc "STUN broker URL (default \"stun:stun.stunprotocol.org:3478\")"; + description = "STUN broker URL (default \"stun:stun.stunprotocol.org:3478\")"; type = with types; nullOr str; default = null; }; diff --git a/nixos/modules/services/networking/softether.nix b/nixos/modules/services/networking/softether.nix index 234832ea0c0f8..1844b0a88b0a7 100644 --- a/nixos/modules/services/networking/softether.nix +++ b/nixos/modules/services/networking/softether.nix @@ -16,27 +16,27 @@ in services.softether = { - enable = mkEnableOption (lib.mdDoc "SoftEther VPN services"); + enable = mkEnableOption "SoftEther VPN services"; package = mkPackageOption pkgs "softether" { }; - vpnserver.enable = mkEnableOption (lib.mdDoc "SoftEther VPN Server"); + vpnserver.enable = mkEnableOption "SoftEther VPN Server"; - vpnbridge.enable = mkEnableOption (lib.mdDoc "SoftEther VPN Bridge"); + vpnbridge.enable = mkEnableOption "SoftEther VPN Bridge"; vpnclient = { - enable = mkEnableOption (lib.mdDoc "SoftEther VPN Client"); + enable = mkEnableOption "SoftEther VPN Client"; up = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Shell commands executed when the Virtual Network Adapter(s) is/are starting. ''; }; down = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Shell commands executed when the Virtual Network Adapter(s) is/are shutting down. ''; }; @@ -45,7 +45,7 @@ in dataDir = mkOption { type = types.path; default = "/var/lib/softether"; - description = lib.mdDoc '' + description = '' Data directory for SoftEther VPN. ''; }; diff --git a/nixos/modules/services/networking/soju.nix b/nixos/modules/services/networking/soju.nix index d69ec08ca13a0..0f4969b930e4b 100644 --- a/nixos/modules/services/networking/soju.nix +++ b/nixos/modules/services/networking/soju.nix @@ -5,7 +5,10 @@ with lib; let cfg = config.services.soju; stateDir = "/var/lib/soju"; - listenCfg = concatMapStringsSep "\n" (l: "listen ${l}") cfg.listen; + runtimeDir = "/run/soju"; + listen = cfg.listen + ++ optional cfg.adminSocket.enable "unix+admin://${runtimeDir}/admin"; + listenCfg = concatMapStringsSep "\n" (l: "listen ${l}") listen; tlsCfg = optionalString (cfg.tlsCertificate != null) "tls ${cfg.tlsCertificate} ${cfg.tlsCertificateKey}"; logCfg = optionalString cfg.enableMessageLogging @@ -22,17 +25,23 @@ let ${cfg.extraConfig} ''; + + sojuctl = pkgs.writeShellScriptBin "sojuctl" '' + exec ${cfg.package}/bin/sojuctl --config ${configFile} "$@" + ''; in { ###### interface options.services.soju = { - enable = mkEnableOption (lib.mdDoc "soju"); + enable = mkEnableOption "soju"; + + package = mkPackageOption pkgs "soju" { }; listen = mkOption { type = types.listOf types.str; default = [ ":6697" ]; - description = lib.mdDoc '' + description = '' Where soju should listen for incoming connections. See the `listen` directive in {manpage}`soju(1)`. @@ -43,33 +52,41 @@ in type = types.str; default = config.networking.hostName; defaultText = literalExpression "config.networking.hostName"; - description = lib.mdDoc "Server hostname."; + description = "Server hostname."; }; tlsCertificate = mkOption { type = types.nullOr types.path; default = null; example = "/var/host.cert"; - description = lib.mdDoc "Path to server TLS certificate."; + description = "Path to server TLS certificate."; }; tlsCertificateKey = mkOption { type = types.nullOr types.path; default = null; example = "/var/host.key"; - description = lib.mdDoc "Path to server TLS certificate key."; + description = "Path to server TLS certificate key."; }; enableMessageLogging = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to enable message logging."; + description = "Whether to enable message logging."; + }; + + adminSocket.enable = mkOption { + type = types.bool; + default = true; + description = '' + Listen for admin connections from sojuctl at /run/soju/admin. + ''; }; httpOrigins = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' List of allowed HTTP origins for WebSocket listeners. The parameters are interpreted as shell patterns, see {manpage}`glob(7)`. @@ -79,7 +96,7 @@ in acceptProxyIP = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' Allow the specified IPs to act as a proxy. Proxys have the ability to overwrite the remote and local connection addresses (via the X-Forwarded-\* HTTP header fields). The special name "localhost" accepts the loopback @@ -90,7 +107,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Lines added verbatim to the configuration file."; + description = "Lines added verbatim to the configuration file."; }; }; @@ -107,6 +124,8 @@ in } ]; + environment.systemPackages = [ sojuctl ]; + systemd.services.soju = { description = "soju IRC bouncer"; wantedBy = [ "multi-user.target" ]; @@ -115,8 +134,9 @@ in serviceConfig = { DynamicUser = true; Restart = "always"; - ExecStart = "${pkgs.soju}/bin/soju -config ${configFile}"; + ExecStart = "${cfg.package}/bin/soju -config ${configFile}"; StateDirectory = "soju"; + RuntimeDirectory = "soju"; }; }; }; diff --git a/nixos/modules/services/networking/solanum.nix b/nixos/modules/services/networking/solanum.nix index 07a37279fecc5..f9d3c30b3bbbf 100644 --- a/nixos/modules/services/networking/solanum.nix +++ b/nixos/modules/services/networking/solanum.nix @@ -16,7 +16,7 @@ in services.solanum = { - enable = mkEnableOption (lib.mdDoc "Solanum IRC daemon"); + enable = mkEnableOption "Solanum IRC daemon"; config = mkOption { type = types.str; @@ -44,7 +44,7 @@ in default_split_user_count = 0; }; ''; - description = lib.mdDoc '' + description = '' Solanum IRC daemon configuration file. check <https://github.com/solanum-ircd/solanum/blob/main/doc/reference.conf> for all options. ''; @@ -53,7 +53,7 @@ in openFilesLimit = mkOption { type = types.int; default = 1024; - description = lib.mdDoc '' + description = '' Maximum number of open files. Limits the clients and server connections. ''; }; @@ -61,7 +61,7 @@ in motd = mkOption { type = types.nullOr types.lines; default = null; - description = lib.mdDoc '' + description = '' Solanum MOTD text. Solanum will read its MOTD from `/etc/solanum/ircd.motd`. diff --git a/nixos/modules/services/networking/spacecookie.nix b/nixos/modules/services/networking/spacecookie.nix index 745c942ba60b7..0e37b6d0305eb 100644 --- a/nixos/modules/services/networking/spacecookie.nix +++ b/nixos/modules/services/networking/spacecookie.nix @@ -25,7 +25,7 @@ in { services.spacecookie = { - enable = mkEnableOption (lib.mdDoc "spacecookie"); + enable = mkEnableOption "spacecookie"; package = mkPackageOption pkgs "spacecookie" { example = "haskellPackages.spacecookie"; @@ -34,7 +34,7 @@ in { openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to open the necessary port in the firewall for spacecookie. ''; }; @@ -42,7 +42,7 @@ in { port = mkOption { type = types.port; default = 70; - description = lib.mdDoc '' + description = '' Port the gopher service should be exposed on. ''; }; @@ -50,7 +50,7 @@ in { address = mkOption { type = types.str; default = "[::]"; - description = lib.mdDoc '' + description = '' Address to listen on. Must be in the `ListenStream=` syntax of [systemd.socket(5)](https://www.freedesktop.org/software/systemd/man/systemd.socket.html). @@ -64,7 +64,7 @@ in { options.hostname = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc '' + description = '' The hostname the service is reachable via. Clients will use this hostname for further requests after loading the initial gopher menu. @@ -74,7 +74,7 @@ in { options.root = mkOption { type = types.path; default = "/srv/gopher"; - description = lib.mdDoc '' + description = '' The directory spacecookie should serve via gopher. Files in there need to be world-readable since the spacecookie service file sets @@ -83,13 +83,13 @@ in { }; options.log = { - enable = mkEnableOption (lib.mdDoc "logging for spacecookie") + enable = mkEnableOption "logging for spacecookie" // { default = true; example = false; }; hide-ips = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' If enabled, spacecookie will hide personal information of users like IP addresses from log output. @@ -103,7 +103,7 @@ in { # journald will add timestamps, so no need # to double up. default = true; - description = lib.mdDoc '' + description = '' If enabled, spacecookie will not print timestamps at the beginning of every log line. ''; @@ -116,14 +116,14 @@ in { "error" ]; default = "info"; - description = lib.mdDoc '' + description = '' Log level for the spacecookie service. ''; }; }; }; - description = lib.mdDoc '' + description = '' Settings for spacecookie. The settings set here are directly translated to the spacecookie JSON config file. See diff --git a/nixos/modules/services/networking/spiped.nix b/nixos/modules/services/networking/spiped.nix index 547317dbcbe2a..ada36ee9be0bc 100644 --- a/nixos/modules/services/networking/spiped.nix +++ b/nixos/modules/services/networking/spiped.nix @@ -11,7 +11,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable the spiped service module."; + description = "Enable the spiped service module."; }; config = mkOption { @@ -21,7 +21,7 @@ in encrypt = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Take unencrypted connections from the `source` socket and send encrypted connections to the `target` socket. @@ -31,7 +31,7 @@ in decrypt = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Take encrypted connections from the `source` socket and send unencrypted connections to the `target` socket. @@ -40,7 +40,7 @@ in source = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Address on which spiped should listen for incoming connections. Must be in one of the following formats: `/absolute/path/to/unix/socket`, @@ -56,12 +56,12 @@ in target = mkOption { type = types.str; - description = lib.mdDoc "Address to which spiped should connect."; + description = "Address to which spiped should connect."; }; keyfile = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' Name of a file containing the spiped key. As the daemon runs as the `spiped` user, the key file must be somewhere owned by that user. By @@ -73,7 +73,7 @@ in timeout = mkOption { type = types.int; default = 5; - description = lib.mdDoc '' + description = '' Timeout, in seconds, after which an attempt to connect to the target or a protocol handshake will be aborted (and the connection dropped) if not completed @@ -83,7 +83,7 @@ in maxConns = mkOption { type = types.int; default = 100; - description = lib.mdDoc '' + description = '' Limit on the number of simultaneous connections allowed. ''; }; @@ -91,7 +91,7 @@ in waitForDNS = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Wait for DNS. Normally when `spiped` is launched it resolves addresses and binds to its source socket before the parent process returns; with this option @@ -106,13 +106,13 @@ in disableKeepalives = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Disable transport layer keep-alives."; + description = "Disable transport layer keep-alives."; }; weakHandshake = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Use fast/weak handshaking: This reduces the CPU time spent in the initial connection setup, at the expense of losing perfect forward secrecy. @@ -122,7 +122,7 @@ in resolveRefresh = mkOption { type = types.int; default = 60; - description = lib.mdDoc '' + description = '' Resolution refresh time for the target socket, in seconds. ''; }; @@ -130,7 +130,7 @@ in disableReresolution = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Disable target address re-resolution."; + description = "Disable target address re-resolution."; }; }; } @@ -155,7 +155,7 @@ in } ''; - description = lib.mdDoc '' + description = '' Configuration for a secure pipe daemon. The daemon can be started, stopped, or examined using `systemctl`, under the name diff --git a/nixos/modules/services/networking/squid.nix b/nixos/modules/services/networking/squid.nix index 68f4dc3d6dc12..4865718b24f7e 100644 --- a/nixos/modules/services/networking/squid.nix +++ b/nixos/modules/services/networking/squid.nix @@ -108,7 +108,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to run squid web proxy."; + description = "Whether to run squid web proxy."; }; package = mkPackageOption pkgs "squid" { }; @@ -116,19 +116,19 @@ in proxyAddress = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "IP address on which squid will listen."; + description = "IP address on which squid will listen."; }; proxyPort = mkOption { type = types.int; default = 3128; - description = lib.mdDoc "TCP port on which squid will listen."; + description = "TCP port on which squid will listen."; }; extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Squid configuration. Contents will be added verbatim to the configuration file. ''; @@ -137,7 +137,7 @@ in configText = mkOption { type = types.nullOr types.lines; default = null; - description = lib.mdDoc '' + description = '' Verbatim contents of squid.conf. If null (default), use the autogenerated file from NixOS instead. ''; diff --git a/nixos/modules/services/networking/ssh/lshd.nix b/nixos/modules/services/networking/ssh/lshd.nix index 129e420555143..a833d738f885f 100644 --- a/nixos/modules/services/networking/ssh/lshd.nix +++ b/nixos/modules/services/networking/ssh/lshd.nix @@ -21,7 +21,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the GNU lshd SSH2 daemon, which allows secure remote login. ''; @@ -30,7 +30,7 @@ in portNumber = mkOption { default = 22; type = types.port; - description = lib.mdDoc '' + description = '' The port on which to listen for connections. ''; }; @@ -38,7 +38,7 @@ in interfaces = mkOption { default = []; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' List of network interfaces where listening for connections. When providing the empty list, `[]`, lshd listens on all network interfaces. @@ -49,7 +49,7 @@ in hostKey = mkOption { default = "/etc/lsh/host-key"; type = types.str; - description = lib.mdDoc '' + description = '' Path to the server's private key. Note that this key must have been created, e.g., using "lsh-keygen --server | lsh-writekey --server", so that you can run lshd. @@ -59,31 +59,31 @@ in syslog = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to enable syslog output."; + description = "Whether to enable syslog output."; }; passwordAuthentication = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to enable password authentication."; + description = "Whether to enable password authentication."; }; publicKeyAuthentication = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to enable public key authentication."; + description = "Whether to enable public key authentication."; }; rootLogin = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable remote root login."; + description = "Whether to enable remote root login."; }; loginShell = mkOption { default = null; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' If non-null, override the default login shell with the specified value. ''; @@ -93,7 +93,7 @@ in srpKeyExchange = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to enable SRP key exchange and user authentication. ''; }; @@ -101,18 +101,18 @@ in tcpForwarding = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to enable TCP/IP forwarding."; + description = "Whether to enable TCP/IP forwarding."; }; x11Forwarding = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to enable X11 forwarding."; + description = "Whether to enable X11 forwarding."; }; subsystems = mkOption { type = types.listOf types.path; - description = lib.mdDoc '' + description = '' List of subsystem-path pairs, where the head of the pair denotes the subsystem name, and the tail denotes the path to an executable implementing it. diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix index aca8343b7d597..5f2f6cb07af79 100644 --- a/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixos/modules/services/networking/ssh/sshd.nix @@ -68,7 +68,7 @@ let keys = mkOption { type = types.listOf types.singleLineStr; default = []; - description = lib.mdDoc '' + description = '' A list of verbatim OpenSSH public keys that should be added to the user's authorized keys. The keys are added to a file that the SSH daemon reads in addition to the the user's authorized_keys file. @@ -86,7 +86,7 @@ let keyFiles = mkOption { type = types.listOf types.path; default = []; - description = lib.mdDoc '' + description = '' A list of files each containing one OpenSSH public key that should be added to the user's authorized keys. The contents of the files are read at build time and added to a file that the SSH daemon reads in @@ -99,7 +99,7 @@ let options.openssh.authorizedPrincipals = mkOption { type = with types; listOf types.singleLineStr; default = []; - description = mdDoc '' + description = '' A list of verbatim principal names that should be added to the user's authorized principals. ''; @@ -163,7 +163,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the OpenSSH secure shell daemon, which allows secure remote logins. ''; @@ -172,7 +172,7 @@ in startWhenNeeded = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' If set, {command}`sshd` is socket-activated; that is, instead of having it permanently running as a daemon, systemd will start an instance for each incoming connection. @@ -182,7 +182,7 @@ in allowSFTP = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable the SFTP subsystem in the SSH daemon. This enables the use of commands such as {command}`sftp` and {command}`sshfs`. @@ -192,7 +192,7 @@ in sftpServerExecutable = mkOption { type = types.str; example = "internal-sftp"; - description = lib.mdDoc '' + description = '' The sftp server executable. Can be a path or "internal-sftp" to use the sftp server built into the sshd binary. ''; @@ -202,7 +202,7 @@ in type = with types; listOf str; default = []; example = [ "-f AUTHPRIV" "-l INFO" ]; - description = lib.mdDoc '' + description = '' Commandline flags to add to sftp-server. ''; }; @@ -210,7 +210,7 @@ in ports = mkOption { type = types.listOf types.port; default = [22]; - description = lib.mdDoc '' + description = '' Specifies on which ports the SSH daemon listens. ''; }; @@ -218,7 +218,7 @@ in openFirewall = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to automatically open the specified ports in the firewall. ''; }; @@ -229,14 +229,14 @@ in addr = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Host, IPv4 or IPv6 address to listen to. ''; }; port = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' Port to listen to. ''; }; @@ -244,7 +244,7 @@ in }); default = []; example = [ { addr = "192.168.3.1"; port = 22; } { addr = "0.0.0.0"; port = 64022; } ]; - description = lib.mdDoc '' + description = '' List of addresses and ports to listen on (ListenAddress directive in config). If port is not specified for address sshd will listen on all ports specified by `ports` option. @@ -264,7 +264,7 @@ in [ { type = "rsa"; bits = 4096; path = "/etc/ssh/ssh_host_rsa_key"; rounds = 100; openSSHFormat = true; } { type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; rounds = 100; comment = "key comment"; } ]; - description = lib.mdDoc '' + description = '' NixOS can automatically generate SSH host keys. This option specifies the path, type and size of each key. See {manpage}`ssh-keygen(1)` for supported types @@ -275,7 +275,7 @@ in banner = mkOption { type = types.nullOr types.lines; default = null; - description = lib.mdDoc '' + description = '' Message to display to the remote user before authentication is allowed. ''; }; @@ -283,7 +283,7 @@ in authorizedKeysFiles = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' Specify the rules for which files to read on the host. This is an advanced option. If you're looking to configure user @@ -299,7 +299,7 @@ in authorizedKeysCommand = mkOption { type = types.str; default = "none"; - description = lib.mdDoc '' + description = '' Specifies a program to be used to look up the user's public keys. The program must be owned by root, not writable by group or others and specified by an absolute path. @@ -309,7 +309,7 @@ in authorizedKeysCommandUser = mkOption { type = types.str; default = "nobody"; - description = lib.mdDoc '' + description = '' Specifies the user under whose account the AuthorizedKeysCommand is run. It is recommended to use a dedicated user that has no other role on the host than running authorized keys commands. @@ -319,7 +319,7 @@ in settings = mkOption { - description = lib.mdDoc "Configuration for `sshd_config(5)`."; + description = "Configuration for `sshd_config(5)`."; default = { }; example = literalExpression '' { @@ -333,7 +333,7 @@ in AuthorizedPrincipalsFile = mkOption { type = types.str; default = "none"; # upstream default - description = lib.mdDoc '' + description = '' Specifies a file that lists principal names that are accepted for certificate authentication. The default is `"none"`, i.e. not to use a principals file. ''; @@ -341,7 +341,7 @@ in LogLevel = mkOption { type = types.enum [ "QUIET" "FATAL" "ERROR" "INFO" "VERBOSE" "DEBUG" "DEBUG1" "DEBUG2" "DEBUG3" ]; default = "INFO"; # upstream default - description = lib.mdDoc '' + description = '' Gives the verbosity level that is used when logging messages from sshd(8). Logging with a DEBUG level violates the privacy of users and is not recommended. ''; @@ -350,7 +350,7 @@ in type = types.bool; # apply if cfg.useDns then "yes" else "no" default = false; - description = lib.mdDoc '' + description = '' Specifies whether sshd(8) should look up the remote host name, and to check that the resolved host name for the remote IP address maps back to the very same IP address. If this option is set to no (the default) then only addresses and not host names may be used in @@ -360,35 +360,35 @@ in X11Forwarding = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to allow X11 connections to be forwarded. ''; }; PasswordAuthentication = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Specifies whether password authentication is allowed. ''; }; PermitRootLogin = mkOption { default = "prohibit-password"; type = types.enum ["yes" "without-password" "prohibit-password" "forced-commands-only" "no"]; - description = lib.mdDoc '' + description = '' Whether the root user can login using ssh. ''; }; KbdInteractiveAuthentication = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Specifies whether keyboard-interactive authentication is allowed. ''; }; GatewayPorts = mkOption { type = types.str; default = "no"; - description = lib.mdDoc '' + description = '' Specifies whether remote hosts are allowed to connect to ports forwarded for the client. See {manpage}`sshd_config(5)`. @@ -402,7 +402,7 @@ in "curve25519-sha256@libssh.org" "diffie-hellman-group-exchange-sha256" ]; - description = lib.mdDoc '' + description = '' Allowed key exchange algorithms Uses the lower bound recommended in both @@ -418,7 +418,7 @@ in "hmac-sha2-256-etm@openssh.com" "umac-128-etm@openssh.com" ]; - description = lib.mdDoc '' + description = '' Allowed MACs Defaults to recommended settings from both @@ -430,7 +430,7 @@ in StrictModes = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether sshd should check file modes and ownership of directories ''; }; @@ -444,7 +444,7 @@ in "aes192-ctr" "aes128-ctr" ]; - description = lib.mdDoc '' + description = '' Allowed ciphers Defaults to recommended settings from both @@ -456,7 +456,7 @@ in AllowUsers = mkOption { type = with types; nullOr (listOf str); default = null; - description = lib.mdDoc '' + description = '' If specified, login is allowed only for the listed users. See {manpage}`sshd_config(5)` for details. ''; @@ -464,7 +464,7 @@ in DenyUsers = mkOption { type = with types; nullOr (listOf str); default = null; - description = lib.mdDoc '' + description = '' If specified, login is denied for all listed users. Takes precedence over [](#opt-services.openssh.settings.AllowUsers). See {manpage}`sshd_config(5)` for details. @@ -473,7 +473,7 @@ in AllowGroups = mkOption { type = with types; nullOr (listOf str); default = null; - description = lib.mdDoc '' + description = '' If specified, login is allowed only for users part of the listed groups. See {manpage}`sshd_config(5)` for details. @@ -482,7 +482,7 @@ in DenyGroups = mkOption { type = with types; nullOr (listOf str); default = null; - description = lib.mdDoc '' + description = '' If specified, login is denied for all users part of the listed groups. Takes precedence over [](#opt-services.openssh.settings.AllowGroups). See @@ -496,13 +496,13 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Verbatim contents of {file}`sshd_config`."; + description = "Verbatim contents of {file}`sshd_config`."; }; moduliFile = mkOption { example = "/etc/my-local-ssh-moduli;"; type = types.path; - description = lib.mdDoc '' + description = '' Path to `moduli` file to install in `/etc/ssh/moduli`. If this option is unset, then the `moduli` file shipped with OpenSSH will be used. diff --git a/nixos/modules/services/networking/sslh.nix b/nixos/modules/services/networking/sslh.nix index dd29db510020a..aad9e284d92ce 100644 --- a/nixos/modules/services/networking/sslh.nix +++ b/nixos/modules/services/networking/sslh.nix @@ -23,12 +23,12 @@ in meta.buildDocsInSandbox = false; options.services.sslh = { - enable = mkEnableOption (lib.mdDoc "sslh, protocol demultiplexer"); + enable = mkEnableOption "sslh, protocol demultiplexer"; method = mkOption { type = types.enum [ "fork" "select" "ev" ]; default = "fork"; - description = lib.mdDoc '' + description = '' The method to use for handling connections: - `fork` forks a new process for each incoming connection. It is @@ -47,13 +47,13 @@ in listenAddresses = mkOption { type = with types; coercedTo str singleton (listOf str); default = [ "0.0.0.0" "[::]" ]; - description = lib.mdDoc "Listening addresses or hostnames."; + description = "Listening addresses or hostnames."; }; port = mkOption { type = types.port; default = 443; - description = lib.mdDoc "Listening port."; + description = "Listening port."; }; settings = mkOption { @@ -63,13 +63,13 @@ in options.timeout = mkOption { type = types.ints.unsigned; default = 2; - description = lib.mdDoc "Timeout in seconds."; + description = "Timeout in seconds."; }; options.transparent = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether the services behind sslh (Apache, sshd and so on) will see the external IP and ports as if the external world connected directly to them. @@ -79,7 +79,7 @@ in options.verbose-connections = mkOption { type = types.ints.between 0 4; default = 0; - description = lib.mdDoc '' + description = '' Where to log connections information. Possible values are: 0. don't log anything @@ -93,7 +93,7 @@ in options.numeric = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to disable reverse DNS lookups, thus keeping IP address literals in the log. ''; @@ -109,7 +109,7 @@ in { name = "tls"; host = "localhost"; port = "443"; } { name = "anyprot"; host = "localhost"; port = "443"; } ]; - description = lib.mdDoc '' + description = '' List of protocols sslh will probe for and redirect. Each protocol entry consists of: @@ -129,7 +129,7 @@ in ''; }; }; - description = lib.mdDoc "sslh configuration. See {manpage}`sslh(8)` for available settings."; + description = "sslh configuration. See {manpage}`sslh(8)` for available settings."; }; }; diff --git a/nixos/modules/services/networking/strongswan-swanctl/module.nix b/nixos/modules/services/networking/strongswan-swanctl/module.nix index c1f0aeb64e967..e6b5f6ffdeaf9 100644 --- a/nixos/modules/services/networking/strongswan-swanctl/module.nix +++ b/nixos/modules/services/networking/strongswan-swanctl/module.nix @@ -11,14 +11,14 @@ let swanctlParams = import ./swanctl-params.nix lib; in { options.services.strongswan-swanctl = { - enable = mkEnableOption (lib.mdDoc "strongswan-swanctl service"); + enable = mkEnableOption "strongswan-swanctl service"; package = mkPackageOption pkgs "strongswan" { }; strongswan.extraConfig = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Contents of the `strongswan.conf` file. ''; }; diff --git a/nixos/modules/services/networking/strongswan-swanctl/param-constructors.nix b/nixos/modules/services/networking/strongswan-swanctl/param-constructors.nix index dc6d8f48e6269..8746cfc58f722 100644 --- a/nixos/modules/services/networking/strongswan-swanctl/param-constructors.nix +++ b/nixos/modules/services/networking/strongswan-swanctl/param-constructors.nix @@ -57,8 +57,8 @@ rec { documentDefault = description : strongswanDefault : if strongswanDefault == null - then mdDoc description - else mdDoc (description + '' + then description + else (description + '' StrongSwan default: ````${builtins.toJSON strongswanDefault}```` @@ -121,7 +121,7 @@ rec { option = mkOption { type = types.attrsOf option; default = {}; - description = mdDoc description; + description = description; }; render = single (attrs: (paramsToRenderedStrings attrs @@ -139,7 +139,7 @@ rec { option = mkOption { type = types.attrsOf option; default = {}; - description = mdDoc description; + description = description; }; render = prefix: attrs: let prefixedAttrs = mapAttrs' (name: nameValuePair "${prefix}-${name}") attrs; @@ -152,7 +152,7 @@ rec { option = mkOption { type = types.attrsOf (types.submodule {options = paramsToOptions params;}); default = {}; - description = lib.mdDoc description; + description = description; }; render = postfix: attrs: let postfixedAttrs = mapAttrs' (name: nameValuePair "${name}-${postfix}") attrs; diff --git a/nixos/modules/services/networking/strongswan.nix b/nixos/modules/services/networking/strongswan.nix index dcf04d2a1917c..0c04a9c853960 100644 --- a/nixos/modules/services/networking/strongswan.nix +++ b/nixos/modules/services/networking/strongswan.nix @@ -51,13 +51,13 @@ let in { options.services.strongswan = { - enable = mkEnableOption (lib.mdDoc "strongSwan"); + enable = mkEnableOption "strongSwan"; secrets = mkOption { type = types.listOf types.str; default = []; example = [ "/run/keys/ipsec-foo.secret" ]; - description = lib.mdDoc '' + description = '' A list of paths to IPSec secret files. These files will be included into the main ipsec.secrets file with the `include` directive. It is safer if these @@ -69,7 +69,7 @@ in type = types.attrsOf types.str; default = {}; example = { cachecrls = "yes"; strictcrlpolicy = "yes"; }; - description = lib.mdDoc '' + description = '' A set of options for the ‘config setup’ section of the {file}`ipsec.conf` file. Defines general configuration parameters. @@ -94,7 +94,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' A set of connections and their options for the ‘conn xxx’ sections of the {file}`ipsec.conf` file. ''; @@ -110,7 +110,7 @@ in crluri = "http://crl2.strongswan.org/strongswan.crl"; }; }; - description = lib.mdDoc '' + description = '' A set of CAs (certification authorities) and their options for the ‘ca xxx’ sections of the {file}`ipsec.conf` file. @@ -120,7 +120,7 @@ in managePlugins = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' If set to true, this option will disable automatic plugin loading and then tell strongSwan to enable the plugins specified in the {option}`enabledPlugins` option. @@ -130,7 +130,7 @@ in enabledPlugins = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' A list of additional plugins to enable if {option}`managePlugins` is true. ''; diff --git a/nixos/modules/services/networking/stubby.nix b/nixos/modules/services/networking/stubby.nix index 183002ff72b98..0898daab0dae1 100644 --- a/nixos/modules/services/networking/stubby.nix +++ b/nixos/modules/services/networking/stubby.nix @@ -25,7 +25,7 @@ in { options = { services.stubby = { - enable = mkEnableOption (lib.mdDoc "Stubby DNS resolver"); + enable = mkEnableOption "Stubby DNS resolver"; settings = mkOption { type = types.attrsOf settingsFormat.type; @@ -41,7 +41,7 @@ in { }]; }; ''; - description = lib.mdDoc '' + description = '' Content of the Stubby configuration file. All Stubby settings may be set or queried here. The default settings are available at `pkgs.stubby.passthru.settingsExample`. See @@ -66,7 +66,7 @@ in { default = null; type = types.nullOr (types.enum (attrNames logLevels ++ attrValues logLevels)); apply = v: if isString v then logLevels.${v} else v; - description = lib.mdDoc "Log verbosity (syslog keyword or level)."; + description = "Log verbosity (syslog keyword or level)."; }; }; diff --git a/nixos/modules/services/networking/stunnel.nix b/nixos/modules/services/networking/stunnel.nix index 996e9b2253921..9f9068c8e0779 100644 --- a/nixos/modules/services/networking/stunnel.nix +++ b/nixos/modules/services/networking/stunnel.nix @@ -42,42 +42,42 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the stunnel TLS tunneling service."; + description = "Whether to enable the stunnel TLS tunneling service."; }; user = mkOption { type = with types; nullOr str; default = "nobody"; - description = lib.mdDoc "The user under which stunnel runs."; + description = "The user under which stunnel runs."; }; group = mkOption { type = with types; nullOr str; default = "nogroup"; - description = lib.mdDoc "The group under which stunnel runs."; + description = "The group under which stunnel runs."; }; logLevel = mkOption { type = types.enum [ "emerg" "alert" "crit" "err" "warning" "notice" "info" "debug" ]; default = "info"; - description = lib.mdDoc "Verbosity of stunnel output."; + description = "Verbosity of stunnel output."; }; fipsMode = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable FIPS 140-2 mode required for compliance."; + description = "Enable FIPS 140-2 mode required for compliance."; }; enableInsecureSSLv3 = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable support for the insecure SSLv3 protocol."; + description = "Enable support for the insecure SSLv3 protocol."; }; servers = mkOption { - description = lib.mdDoc '' + description = '' Define the server configurations. See "SERVICE-LEVEL OPTIONS" in {manpage}`stunnel(8)`. @@ -94,7 +94,7 @@ in }; clients = mkOption { - description = lib.mdDoc '' + description = '' Define the client configurations. By default, verifyChain and OCSPaia are enabled and a CAFile is provided from pkgs.cacert. diff --git a/nixos/modules/services/networking/sunshine.nix b/nixos/modules/services/networking/sunshine.nix new file mode 100644 index 0000000000000..c115b9cd5cf99 --- /dev/null +++ b/nixos/modules/services/networking/sunshine.nix @@ -0,0 +1,156 @@ +{ config, lib, pkgs, utils, ... }: +let + inherit (lib) mkEnableOption mkPackageOption mkOption mkIf mkDefault types optionals getExe; + inherit (utils) escapeSystemdExecArgs; + cfg = config.services.sunshine; + + # ports used are offset from a single base port, see https://docs.lizardbyte.dev/projects/sunshine/en/latest/about/advanced_usage.html#port + generatePorts = port: offsets: map (offset: port + offset) offsets; + defaultPort = 47989; + + appsFormat = pkgs.formats.json { }; + settingsFormat = pkgs.formats.keyValue { }; + + appsFile = appsFormat.generate "apps.json" cfg.applications; + configFile = settingsFormat.generate "sunshine.conf" cfg.settings; +in +{ + options.services.sunshine = with types; { + enable = mkEnableOption "Sunshine, a self-hosted game stream host for Moonlight"; + package = mkPackageOption pkgs "sunshine" { }; + openFirewall = mkOption { + type = bool; + default = false; + description = '' + Whether to automatically open ports in the firewall. + ''; + }; + capSysAdmin = mkOption { + type = bool; + default = false; + description = '' + Whether to give the Sunshine binary CAP_SYS_ADMIN, required for DRM/KMS screen capture. + ''; + }; + settings = mkOption { + default = { }; + description = '' + Settings to be rendered into the configuration file. If this is set, no configuration is possible from the web UI. + + See https://docs.lizardbyte.dev/projects/sunshine/en/latest/about/advanced_usage.html#configuration for syntax. + ''; + example = '' + { + sunshine_name = "nixos"; + } + ''; + type = submodule (settings: { + freeformType = settingsFormat.type; + options.port = mkOption { + type = port; + default = defaultPort; + description = '' + Base port -- others used are offset from this one, see https://docs.lizardbyte.dev/projects/sunshine/en/latest/about/advanced_usage.html#port for details. + ''; + }; + }); + }; + applications = mkOption { + default = { }; + description = '' + Configuration for applications to be exposed to Moonlight. If this is set, no configuration is possible from the web UI, and must be by the `settings` option. + ''; + example = '' + { + env = { + PATH = "$(PATH):$(HOME)/.local/bin"; + }; + apps = [ + { + name = "1440p Desktop"; + prep-cmd = [ + { + do = "''${pkgs.kdePackages.libkscreen}/bin/kscreen-doctor output.DP-4.mode.2560x1440@144"; + undo = "''${pkgs.kdePackages.libkscreen}/bin/kscreen-doctor output.DP-4.mode.3440x1440@144"; + } + ]; + exclude-global-prep-cmd = "false"; + auto-detach = "true"; + } + ]; + } + ''; + type = submodule { + options = { + env = mkOption { + default = { }; + description = '' + Environment variables to be set for the applications. + ''; + type = attrsOf str; + }; + apps = mkOption { + default = [ ]; + description = '' + Applications to be exposed to Moonlight. + ''; + type = listOf attrs; + }; + }; + }; + }; + }; + + config = mkIf cfg.enable { + services.sunshine.settings.file_apps = mkIf (cfg.applications.apps != [ ]) "${appsFile}"; + + environment.systemPackages = [ + cfg.package + ]; + + networking.firewall = mkIf cfg.openFirewall { + allowedTCPPorts = generatePorts cfg.settings.port [ (-5) 0 1 21 ]; + allowedUDPPorts = generatePorts cfg.settings.port [ 9 10 11 13 21 ]; + }; + + boot.kernelModules = [ "uinput" ]; + + services.udev.packages = [ cfg.package ]; + + services.avahi = { + enable = mkDefault true; + publish = { + enable = mkDefault true; + userServices = mkDefault true; + }; + }; + + security.wrappers.sunshine = mkIf cfg.capSysAdmin { + owner = "root"; + group = "root"; + capabilities = "cap_sys_admin+p"; + source = getExe cfg.package; + }; + + systemd.user.services.sunshine = { + description = "Self-hosted game stream host for Moonlight"; + + wantedBy = [ "graphical-session.target" ]; + partOf = [ "graphical-session.target" ]; + wants = [ "graphical-session.target" ]; + after = [ "graphical-session.target" ]; + + startLimitIntervalSec = 500; + startLimitBurst = 5; + + serviceConfig = { + # only add configFile if an application or a setting other than the default port is set to allow configuration from web UI + ExecStart = escapeSystemdExecArgs ([ + (if cfg.capSysAdmin then "${config.security.wrapperDir}/sunshine" else "${getExe cfg.package}") + ] ++ optionals (cfg.applications.apps != [ ] || (builtins.length (builtins.attrNames cfg.settings) > 1 || cfg.settings.port != defaultPort)) [ "${configFile}" ]); + Restart = "on-failure"; + RestartSec = "5s"; + }; + }; + }; +} diff --git a/nixos/modules/services/networking/supplicant.nix b/nixos/modules/services/networking/supplicant.nix index 13d84736e2c27..52645500d4f6a 100644 --- a/nixos/modules/services/networking/supplicant.nix +++ b/nixos/modules/services/networking/supplicant.nix @@ -74,7 +74,7 @@ in type = types.nullOr types.path; default = null; example = literalExpression "/etc/wpa_supplicant.conf"; - description = lib.mdDoc '' + description = '' External `wpa_supplicant.conf` configuration file. The configuration options defined declaratively within `networking.supplicant` have precedence over options defined in `configFile`. @@ -84,7 +84,7 @@ in writable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether the configuration file at `configFile.path` should be written to by `wpa_supplicant`. ''; @@ -109,7 +109,7 @@ in model_name=NixOS_Unstable model_number=2015 ''; - description = lib.mdDoc '' + description = '' Configuration options for `wpa_supplicant.conf`. Options defined here have precedence over options in `configFile`. NOTE: Do not write sensitive data into `extraConf` as it will @@ -122,20 +122,19 @@ in type = types.str; default = ""; example = "-e/run/wpa_supplicant/entropy.bin"; - description = - lib.mdDoc "Command line arguments to add when executing `wpa_supplicant`."; + description = "Command line arguments to add when executing `wpa_supplicant`."; }; driver = mkOption { type = types.nullOr types.str; default = "nl80211,wext"; - description = lib.mdDoc "Force a specific wpa_supplicant driver."; + description = "Force a specific wpa_supplicant driver."; }; bridge = mkOption { type = types.str; default = ""; - description = lib.mdDoc "Name of the bridge interface that wpa_supplicant should listen at."; + description = "Name of the bridge interface that wpa_supplicant should listen at."; }; userControlled = { @@ -143,7 +142,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Allow normal users to control wpa_supplicant through wpa_gui or wpa_cli. This is useful for laptop users that switch networks a lot and don't want to depend on a large package such as NetworkManager just to pick nearby @@ -154,14 +153,14 @@ in socketDir = mkOption { type = types.str; default = "/run/wpa_supplicant"; - description = lib.mdDoc "Directory of sockets for controlling wpa_supplicant."; + description = "Directory of sockets for controlling wpa_supplicant."; }; group = mkOption { type = types.str; default = "wheel"; example = "network"; - description = lib.mdDoc "Members of this group can control wpa_supplicant."; + description = "Members of this group can control wpa_supplicant."; }; }; @@ -184,7 +183,7 @@ in } ''; - description = lib.mdDoc '' + description = '' Interfaces for which to start {command}`wpa_supplicant`. The supplicant is used to scan for and associate with wireless networks, or to authenticate with 802.1x capable network switches. diff --git a/nixos/modules/services/networking/supybot.nix b/nixos/modules/services/networking/supybot.nix index 22ba015cc55db..f72e2351a6b01 100644 --- a/nixos/modules/services/networking/supybot.nix +++ b/nixos/modules/services/networking/supybot.nix @@ -16,7 +16,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable Supybot, an IRC bot (also known as Limnoria)."; + description = "Enable Supybot, an IRC bot (also known as Limnoria)."; }; stateDir = mkOption { @@ -25,12 +25,12 @@ in then "/var/lib/supybot" else "/home/supybot"; defaultText = literalExpression "/var/lib/supybot"; - description = lib.mdDoc "The root directory, logs and plugins are stored here"; + description = "The root directory, logs and plugins are stored here"; }; configFile = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' Path to initial supybot config file. This can be generated by running supybot-wizard. @@ -42,7 +42,7 @@ in plugins = mkOption { type = types.attrsOf types.path; default = {}; - description = lib.mdDoc '' + description = '' Attribute set of additional plugins that will be symlinked to the {file}`plugin` subdirectory. @@ -67,7 +67,7 @@ in type = types.functionTo (types.listOf types.package); default = p: []; defaultText = literalExpression "p: []"; - description = lib.mdDoc '' + description = '' Extra Python packages available to supybot plugins. The value must be a function which receives the attrset defined in {var}`python3Packages` as the sole argument. diff --git a/nixos/modules/services/networking/syncplay.nix b/nixos/modules/services/networking/syncplay.nix index 151259b6d4ad2..b56754ea3f2e4 100644 --- a/nixos/modules/services/networking/syncplay.nix +++ b/nixos/modules/services/networking/syncplay.nix @@ -18,13 +18,13 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "If enabled, start the Syncplay server."; + description = "If enabled, start the Syncplay server."; }; port = mkOption { type = types.port; default = 8999; - description = lib.mdDoc '' + description = '' TCP port to bind to. ''; }; @@ -32,7 +32,7 @@ in salt = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Salt to allow room operator passwords generated by this server instance to still work when the server is restarted. The salt will be readable in the nix store and the processlist. If this is not @@ -44,7 +44,7 @@ in saltFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Path to the file that contains the server salt. This allows room operator passwords generated by this server instance to still work when the server is restarted. `null`, the server doesn't load the @@ -56,7 +56,7 @@ in certDir = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' TLS certificates directory to use for encryption. See <https://github.com/Syncplay/syncplay/wiki/TLS-support>. ''; @@ -65,7 +65,7 @@ in extraArgs = mkOption { type = types.listOf types.str; default = [ ]; - description = lib.mdDoc '' + description = '' Additional arguments to be passed to the service. ''; }; @@ -73,7 +73,7 @@ in user = mkOption { type = types.str; default = "nobody"; - description = lib.mdDoc '' + description = '' User to use when running Syncplay. ''; }; @@ -81,7 +81,7 @@ in group = mkOption { type = types.str; default = "nogroup"; - description = lib.mdDoc '' + description = '' Group to use when running Syncplay. ''; }; @@ -89,7 +89,7 @@ in passwordFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Path to the file that contains the server password. If `null`, the server doesn't require a password. ''; diff --git a/nixos/modules/services/networking/syncthing-relay.nix b/nixos/modules/services/networking/syncthing-relay.nix index 64c4e731b9825..b6bf3944e94cc 100644 --- a/nixos/modules/services/networking/syncthing-relay.nix +++ b/nixos/modules/services/networking/syncthing-relay.nix @@ -22,13 +22,13 @@ in { ###### interface options.services.syncthing.relay = { - enable = mkEnableOption (lib.mdDoc "Syncthing relay service"); + enable = mkEnableOption "Syncthing relay service"; listenAddress = mkOption { type = types.str; default = ""; example = "1.2.3.4"; - description = lib.mdDoc '' + description = '' Address to listen on for relay traffic. ''; }; @@ -36,7 +36,7 @@ in { port = mkOption { type = types.port; default = 22067; - description = lib.mdDoc '' + description = '' Port to listen on for relay traffic. This port should be added to `networking.firewall.allowedTCPPorts`. ''; @@ -46,7 +46,7 @@ in { type = types.str; default = ""; example = "1.2.3.4"; - description = lib.mdDoc '' + description = '' Address to listen on for serving the relay status API. ''; }; @@ -54,7 +54,7 @@ in { statusPort = mkOption { type = types.port; default = 22070; - description = lib.mdDoc '' + description = '' Port to listen on for serving the relay status API. This port should be added to `networking.firewall.allowedTCPPorts`. ''; @@ -63,7 +63,7 @@ in { pools = mkOption { type = types.nullOr (types.listOf types.str); default = null; - description = lib.mdDoc '' + description = '' Relay pools to join. If null, uses the default global pool. ''; }; @@ -71,7 +71,7 @@ in { providedBy = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Human-readable description of the provider of the relay (you). ''; }; @@ -79,7 +79,7 @@ in { globalRateBps = mkOption { type = types.nullOr types.ints.positive; default = null; - description = lib.mdDoc '' + description = '' Global bandwidth rate limit in bytes per second. ''; }; @@ -87,7 +87,7 @@ in { perSessionRateBps = mkOption { type = types.nullOr types.ints.positive; default = null; - description = lib.mdDoc '' + description = '' Per session bandwidth rate limit in bytes per second. ''; }; @@ -95,7 +95,7 @@ in { extraOptions = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' Extra command line arguments to pass to strelaysrv. ''; }; diff --git a/nixos/modules/services/networking/syncthing.nix b/nixos/modules/services/networking/syncthing.nix index e0425792431e6..45503ef89aaa1 100644 --- a/nixos/modules/services/networking/syncthing.nix +++ b/nixos/modules/services/networking/syncthing.nix @@ -147,13 +147,12 @@ in { options = { services.syncthing = { - enable = mkEnableOption - (lib.mdDoc "Syncthing, a self-hosted open-source alternative to Dropbox and Bittorrent Sync"); + enable = mkEnableOption "Syncthing, a self-hosted open-source alternative to Dropbox and Bittorrent Sync"; cert = mkOption { type = types.nullOr types.str; default = null; - description = mdDoc '' + description = '' Path to the `cert.pem` file, which will be copied into Syncthing's [configDir](#opt-services.syncthing.configDir). ''; @@ -162,7 +161,7 @@ in { key = mkOption { type = types.nullOr types.str; default = null; - description = mdDoc '' + description = '' Path to the `key.pem` file, which will be copied into Syncthing's [configDir](#opt-services.syncthing.configDir). ''; @@ -171,7 +170,7 @@ in { overrideDevices = mkOption { type = types.bool; default = true; - description = mdDoc '' + description = '' Whether to delete the devices which are not configured via the [devices](#opt-services.syncthing.settings.devices) option. If set to `false`, devices added via the web @@ -182,7 +181,7 @@ in { overrideFolders = mkOption { type = types.bool; default = true; - description = mdDoc '' + description = '' Whether to delete the folders which are not configured via the [folders](#opt-services.syncthing.settings.folders) option. If set to `false`, folders added via the web @@ -197,7 +196,7 @@ in { # global options options = mkOption { default = {}; - description = mdDoc '' + description = '' The options element contains all other global configuration options ''; type = types.submodule ({ name, ... }: { @@ -206,7 +205,7 @@ in { localAnnounceEnabled = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to send announcements to the local LAN, also use such announcements to find other devices. ''; }; @@ -214,7 +213,7 @@ in { localAnnouncePort = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' The port on which to listen and send IPv4 broadcast announcements to. ''; }; @@ -222,7 +221,7 @@ in { relaysEnabled = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' When true, relays will be connected to and potentially used for device to device connections. ''; }; @@ -230,7 +229,7 @@ in { urAccepted = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' Whether the user has accepted to submit anonymous usage data. The default, 0, mean the user has not made a choice, and Syncthing will ask at some point in the future. "-1" means no, a number above zero means that that version of usage reporting has been accepted. @@ -240,7 +239,7 @@ in { limitBandwidthInLan = mkOption { type = types.nullOr types.bool; default = null; - description = lib.mdDoc '' + description = '' Whether to apply bandwidth limits to devices in the same broadcast domain as the local device. ''; }; @@ -248,7 +247,7 @@ in { maxFolderConcurrency = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' This option controls how many folders may concurrently be in I/O-intensive operations such as syncing or scanning. The mechanism is described in detail in a [separate chapter](https://docs.syncthing.net/advanced/option-max-concurrency.html). ''; @@ -260,7 +259,7 @@ in { # device settings devices = mkOption { default = {}; - description = mdDoc '' + description = '' Peers/devices which Syncthing should communicate with. Note that you can still add devices manually, but those changes @@ -280,14 +279,14 @@ in { name = mkOption { type = types.str; default = name; - description = lib.mdDoc '' + description = '' The name of the device. ''; }; id = mkOption { type = types.str; - description = mdDoc '' + description = '' The device ID. See <https://docs.syncthing.net/dev/device-ids.html>. ''; }; @@ -295,7 +294,7 @@ in { autoAcceptFolders = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Automatically create or share folders that this device advertises at the default path. See <https://docs.syncthing.net/users/config.html?highlight=autoaccept#config-file-format>. ''; @@ -308,7 +307,7 @@ in { # folder settings folders = mkOption { default = {}; - description = mdDoc '' + description = '' Folders which should be shared by Syncthing. Note that you can still add folders manually, but those changes @@ -330,7 +329,7 @@ in { enable = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to share this folder. This option is useful when you want to define all folders in one place, but not every machine should share all folders. @@ -345,7 +344,7 @@ in { description = types.str.description + " starting with / or ~/"; }; default = name; - description = lib.mdDoc '' + description = '' The path to the folder which should be shared. Only absolute paths (starting with `/`) and paths relative to the [user](#opt-services.syncthing.user)'s home directory @@ -356,7 +355,7 @@ in { id = mkOption { type = types.str; default = name; - description = lib.mdDoc '' + description = '' The ID of the folder. Must be the same on all devices. ''; }; @@ -364,7 +363,7 @@ in { label = mkOption { type = types.str; default = name; - description = lib.mdDoc '' + description = '' The label of the folder. ''; }; @@ -372,7 +371,7 @@ in { devices = mkOption { type = types.listOf types.str; default = []; - description = mdDoc '' + description = '' The devices this folder should be shared with. Each device must be defined in the [devices](#opt-services.syncthing.settings.devices) option. ''; @@ -380,7 +379,7 @@ in { versioning = mkOption { default = null; - description = mdDoc '' + description = '' How to keep changed/deleted files with Syncthing. There are 4 different types of versioning with different parameters. See <https://docs.syncthing.net/users/versioning.html>. @@ -426,7 +425,7 @@ in { options = { type = mkOption { type = enum [ "external" "simple" "staggered" "trashcan" ]; - description = mdDoc '' + description = '' The type of versioning. See <https://docs.syncthing.net/users/versioning.html>. ''; @@ -438,7 +437,7 @@ in { copyOwnershipFromParent = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' On Unix systems, tries to copy file/folder ownership from the parent directory (the directory it’s located in). Requires running Syncthing as a privileged user, or granting it additional capabilities (e.g. CAP_CHOWN on Linux). ''; @@ -450,7 +449,7 @@ in { }; }; default = {}; - description = mdDoc '' + description = '' Extra configuration options for Syncthing. See <https://docs.syncthing.net/users/config.html>. Note that this attribute set does not exactly match the documented @@ -486,7 +485,7 @@ in { guiAddress = mkOption { type = types.str; default = "127.0.0.1:8384"; - description = lib.mdDoc '' + description = '' The address to serve the web interface at. ''; }; @@ -494,7 +493,7 @@ in { systemService = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to auto-launch Syncthing as a system service. ''; }; @@ -503,7 +502,7 @@ in { type = types.str; default = defaultUser; example = "yourUser"; - description = mdDoc '' + description = '' The user to run Syncthing as. By default, a user named `${defaultUser}` will be created whose home directory is [dataDir](#opt-services.syncthing.dataDir). @@ -514,7 +513,7 @@ in { type = types.str; default = defaultGroup; example = "yourGroup"; - description = mdDoc '' + description = '' The group to run Syncthing under. By default, a group named `${defaultGroup}` will be created. ''; @@ -524,7 +523,7 @@ in { type = with types; nullOr str; default = null; example = "socks5://address.com:1234"; - description = mdDoc '' + description = '' Overwrites the all_proxy environment variable for the Syncthing process to the given value. This is normally used to let Syncthing connect through a SOCKS5 proxy server. @@ -536,7 +535,7 @@ in { type = types.path; default = "/var/lib/syncthing"; example = "/home/yourUser"; - description = lib.mdDoc '' + description = '' The path where synchronised directories will exist. ''; }; @@ -545,7 +544,7 @@ in { cond = versionAtLeast config.system.stateVersion "19.03"; in mkOption { type = types.path; - description = lib.mdDoc '' + description = '' The path where the settings and keys will exist. ''; default = cfg.dataDir + optionalString cond "/.config/syncthing"; @@ -561,7 +560,7 @@ in { databaseDir = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' The directory containing the database and logs. ''; default = cfg.configDir; @@ -572,7 +571,7 @@ in { type = types.listOf types.str; default = []; example = [ "--reset-deltas" ]; - description = lib.mdDoc '' + description = '' Extra flags passed to the syncthing command in the service definition. ''; }; @@ -581,7 +580,7 @@ in { type = types.bool; default = false; example = true; - description = lib.mdDoc '' + description = '' Whether to open the default ports in the firewall: TCP/UDP 22000 for transfers and UDP 21027 for discovery. diff --git a/nixos/modules/services/networking/tailscale-auth.nix b/nixos/modules/services/networking/tailscale-auth.nix new file mode 100644 index 0000000000000..c3a515212e782 --- /dev/null +++ b/nixos/modules/services/networking/tailscale-auth.nix @@ -0,0 +1,104 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) + getExe + maintainers + mkEnableOption + mkPackageOption + mkIf + mkOption + types + ; + cfg = config.services.tailscaleAuth; +in +{ + options.services.tailscaleAuth = { + enable = mkEnableOption "Enable tailscale.nginx-auth, to authenticate users via tailscale."; + + package = mkPackageOption pkgs "tailscale-nginx-auth" {}; + + user = mkOption { + type = types.str; + default = "tailscale-nginx-auth"; + description = "User which runs tailscale-nginx-auth"; + }; + + group = mkOption { + type = types.str; + default = "tailscale-nginx-auth"; + description = "Group which runs tailscale-nginx-auth"; + }; + + socketPath = mkOption { + default = "/run/tailscale-nginx-auth/tailscale-nginx-auth.sock"; + type = types.path; + description = '' + Path of the socket listening to authorization requests. + ''; + }; + }; + + config = mkIf cfg.enable { + services.tailscale.enable = true; + + users.users.${cfg.user} = { + isSystemUser = true; + inherit (cfg) group; + }; + users.groups.${cfg.group} = { }; + + systemd.sockets.tailscale-nginx-auth = { + description = "Tailscale NGINX Authentication socket"; + partOf = [ "tailscale-nginx-auth.service" ]; + wantedBy = [ "sockets.target" ]; + listenStreams = [ cfg.socketPath ]; + socketConfig = { + SocketMode = "0660"; + SocketUser = cfg.user; + SocketGroup = cfg.group; + }; + }; + + systemd.services.tailscale-nginx-auth = { + description = "Tailscale NGINX Authentication service"; + requires = [ "tailscale-nginx-auth.socket" ]; + + serviceConfig = { + ExecStart = getExe cfg.package; + RuntimeDirectory = "tailscale-nginx-auth"; + User = cfg.user; + Group = cfg.group; + + BindPaths = [ "/run/tailscale/tailscaled.sock" ]; + + CapabilityBoundingSet = ""; + DeviceAllow = ""; + LockPersonality = true; + MemoryDenyWriteExecute = true; + PrivateDevices = true; + PrivateUsers = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + RestrictNamespaces = true; + RestrictAddressFamilies = [ "AF_UNIX" ]; + RestrictRealtime = true; + RestrictSUIDSGID = true; + + SystemCallArchitectures = "native"; + SystemCallErrorNumber = "EPERM"; + SystemCallFilter = [ + "@system-service" + "~@cpu-emulation" "~@debug" "~@keyring" "~@memlock" "~@obsolete" "~@privileged" "~@setuid" + ]; + }; + }; + }; + + meta.maintainers = with maintainers; [ dan-theriault phaer ]; +} diff --git a/nixos/modules/services/networking/tailscale.nix b/nixos/modules/services/networking/tailscale.nix index 972299a4697a0..2a77c0c7a23e7 100644 --- a/nixos/modules/services/networking/tailscale.nix +++ b/nixos/modules/services/networking/tailscale.nix @@ -9,24 +9,24 @@ in { meta.maintainers = with maintainers; [ danderson mbaillie twitchyliquid64 mfrw ]; options.services.tailscale = { - enable = mkEnableOption (lib.mdDoc "Tailscale client daemon"); + enable = mkEnableOption "Tailscale client daemon"; port = mkOption { type = types.port; default = 41641; - description = lib.mdDoc "The port to listen on for tunnel traffic (0=autoselect)."; + description = "The port to listen on for tunnel traffic (0=autoselect)."; }; interfaceName = mkOption { type = types.str; default = "tailscale0"; - description = lib.mdDoc ''The interface name for tunnel traffic. Use "userspace-networking" (beta) to not use TUN.''; + description = ''The interface name for tunnel traffic. Use "userspace-networking" (beta) to not use TUN.''; }; permitCertUid = mkOption { type = types.nullOr types.nonEmptyStr; default = null; - description = lib.mdDoc "Username or user ID of the user allowed to to fetch Tailscale TLS certificates for the node."; + description = "Username or user ID of the user allowed to to fetch Tailscale TLS certificates for the node."; }; package = lib.mkPackageOption pkgs "tailscale" {}; @@ -34,14 +34,14 @@ in { openFirewall = mkOption { default = false; type = types.bool; - description = lib.mdDoc "Whether to open the firewall for the specified port."; + description = "Whether to open the firewall for the specified port."; }; useRoutingFeatures = mkOption { type = types.enum [ "none" "client" "server" "both" ]; default = "none"; example = "server"; - description = lib.mdDoc '' + description = '' Enables settings required for Tailscale's routing features like subnet routers and exit nodes. To use these these features, you will still need to call `sudo tailscale up` with the relevant flags like `--advertise-exit-node` and `--exit-node`. @@ -55,20 +55,20 @@ in { type = types.nullOr types.path; default = null; example = "/run/secrets/tailscale_key"; - description = lib.mdDoc '' + description = '' A file containing the auth key. ''; }; extraUpFlags = mkOption { - description = lib.mdDoc "Extra flags to pass to {command}`tailscale up`."; + description = "Extra flags to pass to {command}`tailscale up`."; type = types.listOf types.str; default = []; example = ["--ssh"]; }; extraDaemonFlags = mkOption { - description = lib.mdDoc "Extra flags to pass to {command}`tailscaled`."; + description = "Extra flags to pass to {command}`tailscaled`."; type = types.listOf types.str; default = []; example = ["--no-logs-no-support"]; diff --git a/nixos/modules/services/networking/tayga.nix b/nixos/modules/services/networking/tayga.nix index 63423bf029222..1a0df33fe883d 100644 --- a/nixos/modules/services/networking/tayga.nix +++ b/nixos/modules/services/networking/tayga.nix @@ -24,12 +24,12 @@ let options = { address = mkOption { type = types.str; - description = lib.mdDoc "IPv${toString v} address."; + description = "IPv${toString v} address."; }; prefixLength = mkOption { type = types.addCheck types.int (n: n >= 0 && n <= (if v == 4 then 32 else 128)); - description = lib.mdDoc '' + description = '' Subnet mask of the interface, specified as the number of bits in the prefix ("${if v == 4 then "24" else "64"}"). ''; @@ -42,19 +42,19 @@ let router = { address = mkOption { type = types.str; - description = lib.mdDoc "The IPv${toString v} address of the router."; + description = "The IPv${toString v} address of the router."; }; }; address = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "The source IPv${toString v} address of the TAYGA server."; + description = "The source IPv${toString v} address of the TAYGA server."; }; pool = mkOption { type = with types; nullOr (submodule (addrOpts v)); - description = lib.mdDoc "The pool of IPv${toString v} addresses which are used for translation."; + description = "The pool of IPv${toString v} addresses which are used for translation."; }; }; }; @@ -62,13 +62,13 @@ in { options = { services.tayga = { - enable = mkEnableOption (lib.mdDoc "Tayga"); + enable = mkEnableOption "Tayga"; package = mkPackageOption pkgs "tayga" { }; ipv4 = mkOption { type = types.submodule (versionOpts 4); - description = lib.mdDoc "IPv4-specific configuration."; + description = "IPv4-specific configuration."; example = literalExpression '' { address = "192.0.2.0"; @@ -85,7 +85,7 @@ in ipv6 = mkOption { type = types.submodule (versionOpts 6); - description = lib.mdDoc "IPv6-specific configuration."; + description = "IPv6-specific configuration."; example = literalExpression '' { address = "2001:db8::1"; @@ -103,13 +103,13 @@ in dataDir = mkOption { type = types.path; default = "/var/lib/tayga"; - description = lib.mdDoc "Directory for persistent data"; + description = "Directory for persistent data"; }; tunDevice = mkOption { type = types.str; default = "nat64"; - description = lib.mdDoc "Name of the nat64 tun device"; + description = "Name of the nat64 tun device"; }; }; }; diff --git a/nixos/modules/services/networking/tcpcrypt.nix b/nixos/modules/services/networking/tcpcrypt.nix index f2115a6660cbf..5a91054e1668e 100644 --- a/nixos/modules/services/networking/tcpcrypt.nix +++ b/nixos/modules/services/networking/tcpcrypt.nix @@ -17,7 +17,7 @@ in networking.tcpcrypt.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable opportunistic TCP encryption. If the other end speaks Tcpcrypt, then your traffic will be encrypted; otherwise it will be sent in clear text. Thus, Tcpcrypt alone provides no diff --git a/nixos/modules/services/networking/teamspeak3.nix b/nixos/modules/services/networking/teamspeak3.nix index ff41539a6d9b7..17a0021ae1115 100644 --- a/nixos/modules/services/networking/teamspeak3.nix +++ b/nixos/modules/services/networking/teamspeak3.nix @@ -19,7 +19,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to run the Teamspeak3 voice communication server daemon. ''; }; @@ -27,7 +27,7 @@ in dataDir = mkOption { type = types.path; default = "/var/lib/teamspeak3-server"; - description = lib.mdDoc '' + description = '' Directory to store TS3 database and other state/data files. ''; }; @@ -35,7 +35,7 @@ in logPath = mkOption { type = types.path; default = "/var/log/teamspeak3-server/"; - description = lib.mdDoc '' + description = '' Directory to store log files in. ''; }; @@ -44,7 +44,7 @@ in type = types.nullOr types.str; default = null; example = "[::]"; - description = lib.mdDoc '' + description = '' IP on which the server instance will listen for incoming voice connections. Defaults to any IP. ''; }; @@ -52,7 +52,7 @@ in defaultVoicePort = mkOption { type = types.port; default = 9987; - description = lib.mdDoc '' + description = '' Default UDP port for clients to connect to virtual servers - used for first virtual server, subsequent ones will open on incrementing port numbers by default. ''; }; @@ -61,7 +61,7 @@ in type = types.nullOr types.str; default = null; example = "[::]"; - description = lib.mdDoc '' + description = '' IP on which the server instance will listen for incoming file transfer connections. Defaults to any IP. ''; }; @@ -69,7 +69,7 @@ in fileTransferPort = mkOption { type = types.port; default = 30033; - description = lib.mdDoc '' + description = '' TCP port opened for file transfers. ''; }; @@ -78,7 +78,7 @@ in type = types.nullOr types.str; default = null; example = "0.0.0.0"; - description = lib.mdDoc '' + description = '' IP on which the server instance will listen for incoming ServerQuery connections. Defaults to any IP. ''; }; @@ -86,7 +86,7 @@ in queryPort = mkOption { type = types.port; default = 10011; - description = lib.mdDoc '' + description = '' TCP port opened for ServerQuery connections using the raw telnet protocol. ''; }; @@ -94,7 +94,7 @@ in querySshPort = mkOption { type = types.port; default = 10022; - description = lib.mdDoc '' + description = '' TCP port opened for ServerQuery connections using the SSH protocol. ''; }; @@ -102,7 +102,7 @@ in queryHttpPort = mkOption { type = types.port; default = 10080; - description = lib.mdDoc '' + description = '' TCP port opened for ServerQuery connections using the HTTP protocol. ''; }; @@ -110,13 +110,13 @@ in openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Open ports in the firewall for the TeamSpeak3 server."; + description = "Open ports in the firewall for the TeamSpeak3 server."; }; openFirewallServerQuery = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Open ports in the firewall for the TeamSpeak3 serverquery (administration) system. Requires openFirewall."; + description = "Open ports in the firewall for the TeamSpeak3 serverquery (administration) system. Requires openFirewall."; }; }; diff --git a/nixos/modules/services/networking/technitium-dns-server.nix b/nixos/modules/services/networking/technitium-dns-server.nix new file mode 100644 index 0000000000000..0c8499e072d4f --- /dev/null +++ b/nixos/modules/services/networking/technitium-dns-server.nix @@ -0,0 +1,109 @@ +{ + config, + lib, + pkgs, + ... +}: + +let + cfg = config.services.technitium-dns-server; + stateDir = "/var/lib/technitium-dns-server"; + inherit (lib) + mkEnableOption + mkPackageOption + mkOption + mkIf + types + ; +in +{ + options.services.technitium-dns-server = { + enable = mkEnableOption "Technitium DNS Server"; + + package = mkPackageOption pkgs "technitium-dns-server" { }; + + openFirewall = mkOption { + type = types.bool; + default = false; + description = '' + Whether to open ports in the firewall. + Standard ports are 53 (UDP and TCP, for DNS), 5380 and 53443 (TCP, HTTP and HTTPS for web interface). + Specify different or additional ports in options firewallUDPPorts and firewallTCPPorts if necessary. + ''; + }; + + firewallUDPPorts = mkOption { + type = with types; listOf int; + default = [ 53 ]; + description = '' + List of UDP ports to open in firewall. + ''; + }; + + firewallTCPPorts = mkOption { + type = with types; listOf int; + default = [ + 53 + 5380 # web interface HTTP + 53443 # web interface HTTPS + ]; + description = '' + List of TCP ports to open in firewall. + You might want to open ports 443 and 853 if you intend to use DNS over HTTPS or DNS over TLS. + ''; + }; + }; + + config = mkIf cfg.enable { + systemd.services.technitium-dns-server = { + description = "Technitium DNS Server"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + + serviceConfig = { + ExecStart = "${cfg.package}/bin/technitium-dns-server ${stateDir}"; + + DynamicUser = true; + + StateDirectory = "technitium-dns-server"; + WorkingDirectory = stateDir; + BindPaths = stateDir; + + Restart = "always"; + RestartSec = 10; + TimeoutStopSec = 10; + KillSignal = "SIGINT"; + + # Harden the service + LockPersonality = true; + NoNewPrivileges = true; + PrivateDevices = true; + PrivateMounts = true; + PrivateTmp = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectSystem = "strict"; + RemoveIPC = true; + RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX AF_NETLINK"; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + + AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ]; + CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ]; + }; + }; + + networking.firewall = mkIf cfg.openFirewall { + allowedUDPPorts = cfg.firewallUDPPorts; + allowedTCPPorts = cfg.firewallTCPPorts; + }; + }; + + meta.maintainers = with lib.maintainers; [ fabianrig ]; +} diff --git a/nixos/modules/services/networking/teleport.nix b/nixos/modules/services/networking/teleport.nix index add6b47315b1d..e656d235e9fbd 100644 --- a/nixos/modules/services/networking/teleport.nix +++ b/nixos/modules/services/networking/teleport.nix @@ -9,7 +9,7 @@ in { options = { services.teleport = with lib.types; { - enable = mkEnableOption (lib.mdDoc "the Teleport service"); + enable = mkEnableOption "the Teleport service"; package = mkPackageOption pkgs "teleport" { example = "teleport_11"; @@ -37,7 +37,7 @@ in auth_service.enabled = false; } ''; - description = lib.mdDoc '' + description = '' Contents of the `teleport.yaml` config file. The `--config` arguments will only be passed if this set is not empty. @@ -45,7 +45,7 @@ in ''; }; - insecure.enable = mkEnableOption (lib.mdDoc '' + insecure.enable = mkEnableOption '' starting teleport in insecure mode. This is dangerous! @@ -53,25 +53,25 @@ in Proceed with caution! Teleport starts with disabled certificate validation on Proxy Service, validation still occurs on Auth Service - ''); + ''; diag = { - enable = mkEnableOption (lib.mdDoc '' + enable = mkEnableOption '' endpoints for monitoring purposes. See <https://goteleport.com/docs/setup/admin/troubleshooting/#troubleshooting/> - ''); + ''; addr = mkOption { type = str; default = "127.0.0.1"; - description = lib.mdDoc "Metrics and diagnostics address."; + description = "Metrics and diagnostics address."; }; port = mkOption { type = port; default = 3000; - description = lib.mdDoc "Metrics and diagnostics port."; + description = "Metrics and diagnostics port."; }; }; }; diff --git a/nixos/modules/services/networking/tetrd.nix b/nixos/modules/services/networking/tetrd.nix index 6284a5b1fb1bc..0801ce1292464 100644 --- a/nixos/modules/services/networking/tetrd.nix +++ b/nixos/modules/services/networking/tetrd.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: { - options.services.tetrd.enable = lib.mkEnableOption (lib.mdDoc "tetrd"); + options.services.tetrd.enable = lib.mkEnableOption "tetrd"; config = lib.mkIf config.services.tetrd.enable { environment = { diff --git a/nixos/modules/services/networking/tftpd.nix b/nixos/modules/services/networking/tftpd.nix index a4dc137daa4c9..c9c0a2b321d5a 100644 --- a/nixos/modules/services/networking/tftpd.nix +++ b/nixos/modules/services/networking/tftpd.nix @@ -11,7 +11,7 @@ with lib; services.tftpd.enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable tftpd, a Trivial File Transfer Protocol server. The server will be run as an xinetd service. ''; @@ -20,7 +20,7 @@ with lib; services.tftpd.path = mkOption { type = types.path; default = "/srv/tftp"; - description = lib.mdDoc '' + description = '' Where the tftp server files are stored. ''; }; diff --git a/nixos/modules/services/networking/thelounge.nix b/nixos/modules/services/networking/thelounge.nix index 92da2e6c254bb..0e064a1c0e004 100644 --- a/nixos/modules/services/networking/thelounge.nix +++ b/nixos/modules/services/networking/thelounge.nix @@ -23,14 +23,14 @@ in imports = [ (mkRemovedOptionModule [ "services" "thelounge" "private" ] "The option was renamed to `services.thelounge.public` to follow upstream changes.") ]; options.services.thelounge = { - enable = mkEnableOption (lib.mdDoc "The Lounge web IRC client"); + enable = mkEnableOption "The Lounge web IRC client"; package = mkPackageOption pkgs "thelounge" { }; public = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Make your The Lounge instance public. Setting this to `false` will require you to configure user accounts by using the ({command}`thelounge`) command or by adding @@ -42,7 +42,7 @@ in port = mkOption { type = types.port; default = 9000; - description = lib.mdDoc "TCP port to listen on for http connections."; + description = "TCP port to listen on for http connections."; }; extraConfig = mkOption { @@ -58,7 +58,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' The Lounge's {file}`config.js` contents as attribute set (will be converted to JSON to generate the configuration file). @@ -73,7 +73,7 @@ in default = [ ]; type = types.listOf types.package; example = literalExpression "[ pkgs.theLoungePlugins.themes.solarized ]"; - description = lib.mdDoc '' + description = '' The Lounge plugins to install. Plugins can be found in `pkgs.theLoungePlugins.plugins` and `pkgs.theLoungePlugins.themes`. ''; diff --git a/nixos/modules/services/networking/tinc.nix b/nixos/modules/services/networking/tinc.nix index eb769f53901cf..5f625c10840be 100644 --- a/nixos/modules/services/networking/tinc.nix +++ b/nixos/modules/services/networking/tinc.nix @@ -24,13 +24,13 @@ let options = { address = mkOption { type = types.str; - description = lib.mdDoc "The external IP address or hostname where the host can be reached."; + description = "The external IP address or hostname where the host can be reached."; }; port = mkOption { type = types.nullOr types.port; default = null; - description = lib.mdDoc '' + description = '' The port where the host can be reached. If no port is specified, the default Port is used. @@ -43,7 +43,7 @@ let options = { address = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The subnet of this host. Subnets can either be single MAC, IPv4 or IPv6 addresses, in which case @@ -60,7 +60,7 @@ let prefixLength = mkOption { type = with types; nullOr (addCheck int (n: n >= 0 && n <= 128)); default = null; - description = lib.mdDoc '' + description = '' The prefix length of the subnet. If null, a subnet consisting of only that single address is assumed. @@ -72,7 +72,7 @@ let weight = mkOption { type = types.ints.unsigned; default = 10; - description = lib.mdDoc '' + description = '' Indicates the priority over identical Subnets owned by different nodes. Lower values indicate higher priority. Packets will be sent to the @@ -89,7 +89,7 @@ let addresses = mkOption { type = types.listOf (types.submodule addressSubmodule); default = [ ]; - description = lib.mdDoc '' + description = '' The external address where the host can be reached. This will set this host's {option}`settings.Address` option. @@ -100,7 +100,7 @@ let subnets = mkOption { type = types.listOf (types.submodule subnetSubmodule); default = [ ]; - description = lib.mdDoc '' + description = '' The subnets which this tinc daemon will serve. This will set this host's {option}`settings.Subnet` option. @@ -114,7 +114,7 @@ let rsaPublicKey = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Legacy RSA public key of the host in PEM format, including start and end markers. @@ -128,7 +128,7 @@ let settings = mkOption { default = { }; type = types.submodule { freeformType = tincConfType; }; - description = lib.mdDoc '' + description = '' Configuration for this host. See <https://tinc-vpn.org/documentation-1.1/Host-configuration-variables.html> @@ -167,7 +167,7 @@ in extraConfig = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Extra lines to add to the tinc service configuration file. Note that using the declarative {option}`service.tinc.networks.<name>.settings` @@ -178,7 +178,7 @@ in name = mkOption { default = null; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' The name of the node which is used as an identifier when communicating with the remote nodes in the mesh. If null then the hostname of the system is used to derive a name (note that tinc may replace non-alphanumeric characters in @@ -189,7 +189,7 @@ in ed25519PrivateKeyFile = mkOption { default = null; type = types.nullOr types.path; - description = lib.mdDoc '' + description = '' Path of the private ed25519 keyfile. ''; }; @@ -197,7 +197,7 @@ in rsaPrivateKeyFile = mkOption { default = null; type = types.nullOr types.path; - description = lib.mdDoc '' + description = '' Path of the private RSA keyfile. ''; }; @@ -205,7 +205,7 @@ in debugLevel = mkOption { default = 0; type = types.addCheck types.int (l: l >= 0 && l <= 5); - description = lib.mdDoc '' + description = '' The amount of debugging information to add to the log. 0 means little logging while 5 is the most logging. {command}`man tincd` for more details. @@ -215,7 +215,7 @@ in hosts = mkOption { default = { }; type = types.attrsOf types.lines; - description = lib.mdDoc '' + description = '' The name of the host in the network as well as the configuration for that host. This name should only contain alphanumerics and underscores. @@ -249,7 +249,7 @@ in } ''; type = types.attrsOf (types.submodule hostSubmodule); - description = lib.mdDoc '' + description = '' The name of the host in the network as well as the configuration for that host. This name should only contain alphanumerics and underscores. ''; @@ -258,7 +258,7 @@ in interfaceType = mkOption { default = "tun"; type = types.enum [ "tun" "tap" ]; - description = lib.mdDoc '' + description = '' The type of virtual interface used for the network connection. ''; }; @@ -266,7 +266,7 @@ in listenAddress = mkOption { default = null; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' The ip address to listen on for incoming connections. ''; }; @@ -274,7 +274,7 @@ in bindToAddress = mkOption { default = null; type = types.nullOr types.str; - description = lib.mdDoc '' + description = '' The ip address to bind to (both listen on and send packets from). ''; }; @@ -284,7 +284,7 @@ in chroot = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Change process root directory to the directory where the config file is located (/etc/tinc/netname/), for added security. The chroot is performed after all the initialization is done, after writing pid files and opening network sockets. @@ -302,7 +302,7 @@ in Mode = "switch"; } ''; - description = lib.mdDoc '' + description = '' Configuration of the Tinc daemon for this network. See <https://tinc-vpn.org/documentation-1.1/Main-configuration-variables.html> @@ -330,7 +330,7 @@ in }; })); - description = lib.mdDoc '' + description = '' Defines the tinc networks which will be started. Each network invokes a different daemon. ''; @@ -348,7 +348,7 @@ in (flip mapAttrsToList cfg.networks (network: data: flip mapAttrs' data.hosts (host: text: nameValuePair ("tinc/${network}/hosts/${host}") - ({ mode = "0644"; user = "tinc.${network}"; inherit text; }) + ({ mode = "0644"; user = "tinc-${network}"; inherit text; }) ) // { "tinc/${network}/tinc.conf" = { mode = "0444"; @@ -375,13 +375,13 @@ in Restart = "always"; RestartSec = "3"; ExecReload = mkIf (versionAtLeast version "1.1pre") "${data.package}/bin/tinc -n ${network} reload"; - ExecStart = "${data.package}/bin/tincd -D -U tinc.${network} -n ${network} ${optionalString (data.chroot) "-R"} --pidfile /run/tinc.${network}.pid -d ${toString data.debugLevel}"; + ExecStart = "${data.package}/bin/tincd -D -U tinc-${network} -n ${network} ${optionalString (data.chroot) "-R"} --pidfile /run/tinc.${network}.pid -d ${toString data.debugLevel}"; }; preStart = '' mkdir -p /etc/tinc/${network}/hosts - chown tinc.${network} /etc/tinc/${network}/hosts + chown tinc-${network} /etc/tinc/${network}/hosts mkdir -p /etc/tinc/${network}/invitations - chown tinc.${network} /etc/tinc/${network}/invitations + chown tinc-${network} /etc/tinc/${network}/invitations # Determine how we should generate our keys if type tinc >/dev/null 2>&1; then @@ -420,14 +420,14 @@ in in [ cli-wrappers ]; users.users = flip mapAttrs' cfg.networks (network: _: - nameValuePair ("tinc.${network}") ({ + nameValuePair ("tinc-${network}") ({ description = "Tinc daemon user for ${network}"; isSystemUser = true; - group = "tinc.${network}"; + group = "tinc-${network}"; }) ); users.groups = flip mapAttrs' cfg.networks (network: _: - nameValuePair "tinc.${network}" {} + nameValuePair "tinc-${network}" {} ); }); diff --git a/nixos/modules/services/networking/tinydns.nix b/nixos/modules/services/networking/tinydns.nix index ea91af5f19678..2c44ad49296d7 100644 --- a/nixos/modules/services/networking/tinydns.nix +++ b/nixos/modules/services/networking/tinydns.nix @@ -10,19 +10,19 @@ with lib; enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc "Whether to run the tinydns dns server"; + description = "Whether to run the tinydns dns server"; }; data = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "The DNS data to serve, in the format described by tinydns-data(8)"; + description = "The DNS data to serve, in the format described by tinydns-data(8)"; }; ip = mkOption { default = "0.0.0.0"; type = types.str; - description = lib.mdDoc "IP address on which to listen for connections"; + description = "IP address on which to listen for connections"; }; }; }; diff --git a/nixos/modules/services/networking/tinyproxy.nix b/nixos/modules/services/networking/tinyproxy.nix index 2b7509e99ca4d..6e07c6a541e9b 100644 --- a/nixos/modules/services/networking/tinyproxy.nix +++ b/nixos/modules/services/networking/tinyproxy.nix @@ -28,10 +28,10 @@ in options = { services.tinyproxy = { - enable = mkEnableOption (lib.mdDoc "Tinyproxy daemon"); + enable = mkEnableOption "Tinyproxy daemon"; package = mkPackageOption pkgs "tinyproxy" {}; settings = mkOption { - description = lib.mdDoc "Configuration for [tinyproxy](https://tinyproxy.github.io/)."; + description = "Configuration for [tinyproxy](https://tinyproxy.github.io/)."; default = { }; example = literalExpression ''{ Port 8888; @@ -47,28 +47,28 @@ in Listen = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc '' + description = '' Specify which address to listen to. ''; }; Port = mkOption { type = types.int; default = 8888; - description = lib.mdDoc '' + description = '' Specify which port to listen to. ''; }; Anonymous = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' If an `Anonymous` keyword is present, then anonymous proxying is enabled. The headers listed with `Anonymous` are allowed through, while all others are denied. If no Anonymous keyword is present, then all headers are allowed through. You must include quotes around the headers. ''; }; Filter = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Tinyproxy supports filtering of web sites based on URLs or domains. This option specifies the location of the file containing the filter rules, one rule per line. ''; }; diff --git a/nixos/modules/services/networking/tmate-ssh-server.nix b/nixos/modules/services/networking/tmate-ssh-server.nix index 6bee2721f9a72..349bc3d36939c 100644 --- a/nixos/modules/services/networking/tmate-ssh-server.nix +++ b/nixos/modules/services/networking/tmate-ssh-server.nix @@ -16,13 +16,13 @@ let in { options.services.tmate-ssh-server = { - enable = mkEnableOption (mdDoc "tmate ssh server"); + enable = mkEnableOption "tmate ssh server"; package = mkPackageOption pkgs "tmate-ssh-server" { }; host = mkOption { type = types.str; - description = mdDoc "External host name"; + description = "External host name"; defaultText = lib.literalExpression "config.networking.domain or config.networking.hostName"; default = if domain == null then @@ -33,24 +33,24 @@ in port = mkOption { type = types.port; - description = mdDoc "Listen port for the ssh server"; + description = "Listen port for the ssh server"; default = 2222; }; openFirewall = mkOption { type = types.bool; default = false; - description = mdDoc "Whether to automatically open the specified ports in the firewall."; + description = "Whether to automatically open the specified ports in the firewall."; }; advertisedPort = mkOption { type = types.port; - description = mdDoc "External port advertised to clients"; + description = "External port advertised to clients"; }; keysDir = mkOption { type = with types; nullOr str; - description = mdDoc "Directory containing ssh keys, defaulting to auto-generation"; + description = "Directory containing ssh keys, defaulting to auto-generation"; default = null; }; }; diff --git a/nixos/modules/services/networking/tox-bootstrapd.nix b/nixos/modules/services/networking/tox-bootstrapd.nix index 0f310a28d266d..2c505fa3dcb72 100644 --- a/nixos/modules/services/networking/tox-bootstrapd.nix +++ b/nixos/modules/services/networking/tox-bootstrapd.nix @@ -22,8 +22,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = - lib.mdDoc '' + description = '' Whether to enable the Tox DHT bootstrap daemon. ''; }; @@ -31,20 +30,19 @@ in port = mkOption { type = types.port; default = 33445; - description = lib.mdDoc "Listening port (UDP)."; + description = "Listening port (UDP)."; }; keysFile = mkOption { type = types.str; default = "${WorkingDirectory}/keys"; - description = lib.mdDoc "Node key file."; + description = "Node key file."; }; extraConfig = mkOption { type = types.lines; default = ""; - description = - lib.mdDoc '' + description = '' Configuration for bootstrap daemon. See <https://github.com/irungentoo/toxcore/blob/master/other/bootstrap_daemon/tox-bootstrapd.conf> and <https://wiki.tox.chat/users/nodes>. diff --git a/nixos/modules/services/networking/tox-node.nix b/nixos/modules/services/networking/tox-node.nix index 884fd55dae51d..e85b72c4db7c1 100644 --- a/nixos/modules/services/networking/tox-node.nix +++ b/nixos/modules/services/networking/tox-node.nix @@ -28,47 +28,47 @@ let in { options.services.tox-node = { - enable = mkEnableOption (lib.mdDoc "Tox Node service"); + enable = mkEnableOption "Tox Node service"; logType = mkOption { type = types.enum [ "Stderr" "Stdout" "Syslog" "None" ]; default = "Stderr"; - description = lib.mdDoc "Logging implementation."; + description = "Logging implementation."; }; keysFile = mkOption { type = types.str; default = "${homeDir}/keys"; - description = lib.mdDoc "Path to the file where DHT keys are stored."; + description = "Path to the file where DHT keys are stored."; }; udpAddress = mkOption { type = types.str; default = "0.0.0.0:33445"; - description = lib.mdDoc "UDP address to run DHT node."; + description = "UDP address to run DHT node."; }; tcpAddresses = mkOption { type = types.listOf types.str; default = [ "0.0.0.0:33445" ]; - description = lib.mdDoc "TCP addresses to run TCP relay."; + description = "TCP addresses to run TCP relay."; }; tcpConnectionLimit = mkOption { type = types.int; default = 8192; - description = lib.mdDoc "Maximum number of active TCP connections relay can hold"; + description = "Maximum number of active TCP connections relay can hold"; }; lanDiscovery = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Enable local network discovery."; + description = "Enable local network discovery."; }; threads = mkOption { type = types.int; default = 1; - description = lib.mdDoc "Number of threads for execution"; + description = "Number of threads for execution"; }; motd = mkOption { type = types.str; default = "Hi from tox-rs! I'm up {{uptime}}. TCP: incoming {{tcp_packets_in}}, outgoing {{tcp_packets_out}}, UDP: incoming {{udp_packets_in}}, outgoing {{udp_packets_out}}"; - description = lib.mdDoc "Message of the day"; + description = "Message of the day"; }; }; diff --git a/nixos/modules/services/networking/toxvpn.nix b/nixos/modules/services/networking/toxvpn.nix index 3a14b5f73091c..e42ff3d8ea9b7 100644 --- a/nixos/modules/services/networking/toxvpn.nix +++ b/nixos/modules/services/networking/toxvpn.nix @@ -5,25 +5,25 @@ with lib; { options = { services.toxvpn = { - enable = mkEnableOption (lib.mdDoc "toxvpn running on startup"); + enable = mkEnableOption "toxvpn running on startup"; localip = mkOption { type = types.str; default = "10.123.123.1"; - description = lib.mdDoc "your ip on the vpn"; + description = "your ip on the vpn"; }; port = mkOption { type = types.port; default = 33445; - description = lib.mdDoc "udp port for toxcore, port-forward to help with connectivity if you run many nodes behind one NAT"; + description = "udp port for toxcore, port-forward to help with connectivity if you run many nodes behind one NAT"; }; auto_add_peers = mkOption { type = types.listOf types.str; default = []; example = [ "toxid1" "toxid2" ]; - description = lib.mdDoc "peers to automatically connect to on startup"; + description = "peers to automatically connect to on startup"; }; }; }; diff --git a/nixos/modules/services/networking/trickster.nix b/nixos/modules/services/networking/trickster.nix index 4b920ec446e04..21649f0303f36 100644 --- a/nixos/modules/services/networking/trickster.nix +++ b/nixos/modules/services/networking/trickster.nix @@ -15,7 +15,7 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Enable Trickster. ''; }; @@ -25,7 +25,7 @@ in configFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Path to configuration file. ''; }; @@ -33,7 +33,7 @@ in instance-id = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' Instance ID for when running multiple processes (default null). ''; }; @@ -41,7 +41,7 @@ in log-level = mkOption { type = types.str; default = "info"; - description = lib.mdDoc '' + description = '' Level of Logging to use (debug, info, warn, error) (default "info"). ''; }; @@ -49,7 +49,7 @@ in metrics-port = mkOption { type = types.port; default = 8082; - description = lib.mdDoc '' + description = '' Port that the /metrics endpoint will listen on. ''; }; @@ -57,7 +57,7 @@ in origin-type = mkOption { type = types.enum [ "prometheus" "influxdb" ]; default = "prometheus"; - description = lib.mdDoc '' + description = '' Type of origin (prometheus, influxdb) ''; }; @@ -65,7 +65,7 @@ in origin-url = mkOption { type = types.str; default = "http://prometheus:9090"; - description = lib.mdDoc '' + description = '' URL to the Origin. Enter it like you would in grafana, e.g., http://prometheus:9090 (default http://prometheus:9090). ''; }; @@ -73,7 +73,7 @@ in profiler-port = mkOption { type = types.nullOr types.port; default = null; - description = lib.mdDoc '' + description = '' Port that the /debug/pprof endpoint will listen on. ''; }; @@ -81,7 +81,7 @@ in proxy-port = mkOption { type = types.port; default = 9090; - description = lib.mdDoc '' + description = '' Port that the Proxy server will listen on. ''; }; diff --git a/nixos/modules/services/networking/trust-dns.nix b/nixos/modules/services/networking/trust-dns.nix index 47020341024b5..e6f8cc15819f6 100644 --- a/nixos/modules/services/networking/trust-dns.nix +++ b/nixos/modules/services/networking/trust-dns.nix @@ -11,14 +11,14 @@ let options = with lib; { zone = mkOption { type = types.str; - description = mdDoc '' + description = '' Zone name, like "example.com", "localhost", or "0.0.127.in-addr.arpa". ''; }; zone_type = mkOption { type = types.enum [ "Primary" "Secondary" "Hint" "Forward" ]; default = "Primary"; - description = mdDoc '' + description = '' One of: - "Primary" (the master, authority for the zone). - "Secondary" (the slave, replicated from the primary). @@ -34,7 +34,7 @@ let type = types.either types.path types.str; default = "${config.zone}.zone"; defaultText = literalExpression ''"''${config.zone}.zone"''; - description = mdDoc '' + description = '' Path to the .zone file. If not fully-qualified, this path will be interpreted relative to the `directory` option. If omitted, defaults to the value of the `zone` option suffixed with ".zone". @@ -47,7 +47,7 @@ in meta.maintainers = with lib.maintainers; [ colinsane ]; options = { services.trust-dns = with lib; { - enable = mkEnableOption (lib.mdDoc "trust-dns"); + enable = mkEnableOption "trust-dns"; package = mkPackageOption pkgs "trust-dns" { extraDescription = '' ::: {.note} @@ -58,7 +58,7 @@ in quiet = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Log ERROR level messages only. This option is mutually exclusive with the `debug` option. If neither `quiet` nor `debug` are enabled, logging defaults to the INFO level. @@ -67,14 +67,14 @@ in debug = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Log DEBUG, INFO, WARN and ERROR messages. This option is mutually exclusive with the `debug` option. If neither `quiet` nor `debug` are enabled, logging defaults to the INFO level. ''; }; settings = mkOption { - description = lib.mdDoc '' + description = '' Settings for trust-dns. The options enumerated here are not exhaustive. Refer to upstream documentation for all available options: - [Example settings](https://github.com/bluejekyll/trust-dns/blob/main/tests/test-data/test_configs/example.toml) @@ -85,7 +85,7 @@ in listen_addrs_ipv4 = mkOption { type = types.listOf types.str; default = [ "0.0.0.0" ]; - description = mdDoc '' + description = '' List of ipv4 addresses on which to listen for DNS queries. ''; }; @@ -93,27 +93,27 @@ in type = types.listOf types.str; default = lib.optional config.networking.enableIPv6 "::0"; defaultText = literalExpression ''lib.optional config.networking.enableIPv6 "::0"''; - description = mdDoc '' + description = '' List of ipv6 addresses on which to listen for DNS queries. ''; }; listen_port = mkOption { type = types.port; default = 53; - description = mdDoc '' + description = '' Port to listen on (applies to all listen addresses). ''; }; directory = mkOption { type = types.str; default = "/var/lib/trust-dns"; - description = mdDoc '' + description = '' The directory in which trust-dns should look for .zone files, whenever zones aren't specified by absolute path. ''; }; zones = mkOption { - description = mdDoc "List of zones to serve."; + description = "List of zones to serve."; default = {}; type = types.listOf (types.coercedTo types.str (zone: { inherit zone; }) zoneType); }; diff --git a/nixos/modules/services/networking/tvheadend.nix b/nixos/modules/services/networking/tvheadend.nix index 466dbbccad539..19a10a03bd9b6 100644 --- a/nixos/modules/services/networking/tvheadend.nix +++ b/nixos/modules/services/networking/tvheadend.nix @@ -9,17 +9,17 @@ in { options = { services.tvheadend = { - enable = mkEnableOption (lib.mdDoc "Tvheadend"); + enable = mkEnableOption "Tvheadend"; httpPort = mkOption { type = types.int; default = 9981; - description = lib.mdDoc "Port to bind HTTP to."; + description = "Port to bind HTTP to."; }; htspPort = mkOption { type = types.int; default = 9982; - description = lib.mdDoc "Port to bind HTSP to."; + description = "Port to bind HTSP to."; }; }; }; diff --git a/nixos/modules/services/networking/twingate.nix b/nixos/modules/services/networking/twingate.nix index 6874b1c18b573..94339d8c217ad 100644 --- a/nixos/modules/services/networking/twingate.nix +++ b/nixos/modules/services/networking/twingate.nix @@ -5,7 +5,7 @@ let in { options.services.twingate = { - enable = lib.mkEnableOption (lib.mdDoc "Twingate Client daemon"); + enable = lib.mkEnableOption "Twingate Client daemon"; package = lib.mkPackageOption pkgs "twingate" { }; }; diff --git a/nixos/modules/services/networking/ucarp.nix b/nixos/modules/services/networking/ucarp.nix index 56799fe00adef..dca99da263a85 100644 --- a/nixos/modules/services/networking/ucarp.nix +++ b/nixos/modules/services/networking/ucarp.nix @@ -28,34 +28,34 @@ let ); in { options.networking.ucarp = { - enable = mkEnableOption (lib.mdDoc "ucarp, userspace implementation of CARP"); + enable = mkEnableOption "ucarp, userspace implementation of CARP"; interface = mkOption { type = types.str; - description = lib.mdDoc "Network interface to bind to."; + description = "Network interface to bind to."; example = "eth0"; }; srcIp = mkOption { type = types.str; - description = lib.mdDoc "Source (real) IP address of this host."; + description = "Source (real) IP address of this host."; }; vhId = mkOption { type = types.ints.between 1 255; - description = lib.mdDoc "Virtual IP identifier shared between CARP hosts."; + description = "Virtual IP identifier shared between CARP hosts."; example = 1; }; passwordFile = mkOption { type = types.str; - description = lib.mdDoc "File containing shared password between CARP hosts."; + description = "File containing shared password between CARP hosts."; example = "/run/keys/ucarp-password"; }; preempt = mkOption { type = types.bool; - description = lib.mdDoc '' + description = '' Enable preemptive failover. Thus, this host becomes the CARP master as soon as possible. ''; @@ -64,30 +64,30 @@ in { neutral = mkOption { type = types.bool; - description = lib.mdDoc "Do not run downscript at start if the host is the backup."; + description = "Do not run downscript at start if the host is the backup."; default = false; }; addr = mkOption { type = types.str; - description = lib.mdDoc "Virtual shared IP address."; + description = "Virtual shared IP address."; }; advBase = mkOption { type = types.ints.unsigned; - description = lib.mdDoc "Advertisement frequency in seconds."; + description = "Advertisement frequency in seconds."; default = 1; }; advSkew = mkOption { type = types.ints.unsigned; - description = lib.mdDoc "Advertisement skew in seconds."; + description = "Advertisement skew in seconds."; default = 0; }; upscript = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' Command to run after become master, the interface name, virtual address and optional extra parameters are passed as arguments. ''; @@ -101,7 +101,7 @@ in { downscript = mkOption { type = types.path; - description = lib.mdDoc '' + description = '' Command to run after become backup, the interface name, virtual address and optional extra parameters are passed as arguments. ''; @@ -115,31 +115,31 @@ in { deadratio = mkOption { type = types.ints.unsigned; - description = lib.mdDoc "Ratio to consider a host as dead."; + description = "Ratio to consider a host as dead."; default = 3; }; shutdown = mkOption { type = types.bool; - description = lib.mdDoc "Call downscript at exit."; + description = "Call downscript at exit."; default = false; }; ignoreIfState = mkOption { type = types.bool; - description = lib.mdDoc "Ignore interface state, e.g., down or no carrier."; + description = "Ignore interface state, e.g., down or no carrier."; default = false; }; noMcast = mkOption { type = types.bool; - description = lib.mdDoc "Use broadcast instead of multicast advertisements."; + description = "Use broadcast instead of multicast advertisements."; default = false; }; extraParam = mkOption { type = types.nullOr types.str; - description = lib.mdDoc "Extra parameter to pass to the up/down scripts."; + description = "Extra parameter to pass to the up/down scripts."; default = null; }; diff --git a/nixos/modules/services/networking/unbound.nix b/nixos/modules/services/networking/unbound.nix index 242fcd500bb0b..c03912ed21fa0 100644 --- a/nixos/modules/services/networking/unbound.nix +++ b/nixos/modules/services/networking/unbound.nix @@ -52,33 +52,33 @@ in { options = { services.unbound = { - enable = mkEnableOption (lib.mdDoc "Unbound domain name server"); + enable = mkEnableOption "Unbound domain name server"; package = mkPackageOption pkgs "unbound-with-systemd" { }; user = mkOption { type = types.str; default = "unbound"; - description = lib.mdDoc "User account under which unbound runs."; + description = "User account under which unbound runs."; }; group = mkOption { type = types.str; default = "unbound"; - description = lib.mdDoc "Group under which unbound runs."; + description = "Group under which unbound runs."; }; stateDir = mkOption { type = types.path; default = "/var/lib/unbound"; - description = lib.mdDoc "Directory holding all state for unbound to run."; + description = "Directory holding all state for unbound to run."; }; checkconf = mkOption { type = types.bool; default = !cfg.settings ? include && !cfg.settings ? remote-control; defaultText = "!services.unbound.settings ? include && !services.unbound.settings ? remote-control"; - description = lib.mdDoc '' + description = '' Wether to check the resulting config file with unbound checkconf for syntax errors. If settings.include is used, this options is disabled, as the import can likely not be accessed at build time. @@ -89,7 +89,7 @@ in { resolveLocalQueries = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether unbound should resolve local queries (i.e. add 127.0.0.1 to /etc/resolv.conf). ''; @@ -98,7 +98,7 @@ in { enableRootTrustAnchor = mkOption { default = true; type = types.bool; - description = lib.mdDoc "Use and update root trust anchor for DNSSEC validation."; + description = "Use and update root trust anchor for DNSSEC validation."; }; localControlSocketPath = mkOption { @@ -109,7 +109,7 @@ in { # but I haven't verified yet. type = types.nullOr types.str; example = "/run/unbound/unbound.ctl"; - description = lib.mdDoc '' + description = '' When not set to `null` this option defines the path at which the unbound remote control socket should be created at. The socket will be owned by the unbound user (`unbound`) @@ -169,7 +169,7 @@ in { remote-control.control-enable = true; }; ''; - description = lib.mdDoc '' + description = '' Declarative Unbound configuration See the {manpage}`unbound.conf(5)` manpage for a list of available options. diff --git a/nixos/modules/services/networking/unifi.nix b/nixos/modules/services/networking/unifi.nix index 8eb29f2bcdb6f..38908e3d6f1d1 100644 --- a/nixos/modules/services/networking/unifi.nix +++ b/nixos/modules/services/networking/unifi.nix @@ -22,7 +22,7 @@ in services.unifi.enable = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether or not to enable the unifi controller service. ''; }; @@ -31,7 +31,7 @@ in type = lib.types.package; default = if (lib.versionAtLeast (lib.getVersion cfg.unifiPackage) "7.5") then pkgs.jdk17_headless else if (lib.versionAtLeast (lib.getVersion cfg.unifiPackage) "7.3") then pkgs.jdk11 else pkgs.jre8; defaultText = lib.literalExpression ''if (lib.versionAtLeast (lib.getVersion cfg.unifiPackage) "7.5") then pkgs.jdk17_headless else if (lib.versionAtLeast (lib.getVersion cfg.unifiPackage) "7.3" then pkgs.jdk11 else pkgs.jre8''; - description = lib.mdDoc '' + description = '' The JRE package to use. Check the release notes to ensure it is supported. ''; }; @@ -39,10 +39,10 @@ in services.unifi.unifiPackage = lib.mkPackageOption pkgs "unifi5" { }; services.unifi.mongodbPackage = lib.mkPackageOption pkgs "mongodb" { - default = "mongodb-4_4"; + default = "mongodb-5_0"; extraDescription = '' ::: {.note} - unifi7 officially only supports mongodb up until 3.6 but works with 4.4. + unifi7 officially only supports mongodb up until 4.4 but works with 5.0. ::: ''; }; @@ -50,7 +50,7 @@ in services.unifi.openFirewall = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether or not to open the minimum required ports on the firewall. This is necessary to allow firmware upgrades and device discovery to @@ -63,7 +63,7 @@ in type = with lib.types; nullOr int; default = null; example = 1024; - description = lib.mdDoc '' + description = '' Set the initial heap size for the JVM in MB. If this option isn't set, the JVM will decide this value at runtime. ''; @@ -73,7 +73,7 @@ in type = with lib.types; nullOr int; default = null; example = 4096; - description = lib.mdDoc '' + description = '' Set the maximum heap size for the JVM in MB. If this option isn't set, the JVM will decide this value at runtime. ''; @@ -83,7 +83,7 @@ in type = with lib.types; listOf str; default = [ ]; example = lib.literalExpression ''["-Xlog:gc"]''; - description = lib.mdDoc '' + description = '' Set extra options to pass to the JVM. ''; }; diff --git a/nixos/modules/services/networking/uptermd.nix b/nixos/modules/services/networking/uptermd.nix index f824d617f59e8..c0f8dfbba2274 100644 --- a/nixos/modules/services/networking/uptermd.nix +++ b/nixos/modules/services/networking/uptermd.nix @@ -8,12 +8,12 @@ in { options = { services.uptermd = { - enable = mkEnableOption (lib.mdDoc "uptermd"); + enable = mkEnableOption "uptermd"; openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to open the firewall for the port in {option}`services.uptermd.port`. ''; }; @@ -21,7 +21,7 @@ in port = mkOption { type = types.port; default = 2222; - description = lib.mdDoc '' + description = '' Port the server will listen on. ''; }; @@ -30,7 +30,7 @@ in type = types.str; default = "[::]"; example = "127.0.0.1"; - description = lib.mdDoc '' + description = '' Address the server will listen on. ''; }; @@ -39,7 +39,7 @@ in type = types.nullOr types.path; default = null; example = "/run/keys/upterm_host_ed25519_key"; - description = lib.mdDoc '' + description = '' Path to SSH host key. If not defined, an ed25519 keypair is generated automatically. ''; }; @@ -48,7 +48,7 @@ in type = types.listOf types.str; default = []; example = [ "--debug" ]; - description = lib.mdDoc '' + description = '' Extra flags passed to the uptermd command. ''; }; diff --git a/nixos/modules/services/networking/v2ray.nix b/nixos/modules/services/networking/v2ray.nix index 3e1895fbe20c4..2ee931177b69d 100644 --- a/nixos/modules/services/networking/v2ray.nix +++ b/nixos/modules/services/networking/v2ray.nix @@ -9,7 +9,7 @@ with lib; enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to run v2ray server. Either `configFile` or `config` must be specified. @@ -22,7 +22,7 @@ with lib; type = types.nullOr types.str; default = null; example = "/etc/v2ray/config.json"; - description = lib.mdDoc '' + description = '' The absolute path to the configuration file. Either `configFile` or `config` must be specified. @@ -44,7 +44,7 @@ with lib; protocol = "freedom"; }]; }; - description = lib.mdDoc '' + description = '' The configuration object. Either `configFile` or `config` must be specified. diff --git a/nixos/modules/services/networking/v2raya.nix b/nixos/modules/services/networking/v2raya.nix index 0bea73798daf1..aefb47bf048db 100644 --- a/nixos/modules/services/networking/v2raya.nix +++ b/nixos/modules/services/networking/v2raya.nix @@ -5,7 +5,7 @@ with lib; { options = { services.v2raya = { - enable = options.mkEnableOption (mdDoc "the v2rayA service"); + enable = options.mkEnableOption "the v2rayA service"; }; }; @@ -42,7 +42,7 @@ with lib; }; wantedBy = [ "multi-user.target" ]; - path = with pkgs; [ iptables bash iproute2 ]; # required by v2rayA TProxy functionality + path = with pkgs; [ iptables bash iproute2 ] ++ lib.optionals nftablesEnabled [ nftables ]; # required by v2rayA TProxy functionality }; }; diff --git a/nixos/modules/services/networking/vdirsyncer.nix b/nixos/modules/services/networking/vdirsyncer.nix index 165dc70f0876a..10a101befa7bd 100644 --- a/nixos/modules/services/networking/vdirsyncer.nix +++ b/nixos/modules/services/networking/vdirsyncer.nix @@ -71,15 +71,15 @@ in { options = { services.vdirsyncer = { - enable = mkEnableOption (mdDoc "vdirsyncer"); + enable = mkEnableOption "vdirsyncer"; package = mkPackageOption pkgs "vdirsyncer" {}; jobs = mkOption { - description = mdDoc "vdirsyncer job configurations"; + description = "vdirsyncer job configurations"; type = types.attrsOf (types.submodule { options = { - enable = (mkEnableOption (mdDoc "this vdirsyncer job")) // { + enable = (mkEnableOption "this vdirsyncer job") // { default = true; example = false; }; @@ -87,7 +87,7 @@ in user = mkOption { type = types.nullOr types.str; default = null; - description = mdDoc '' + description = '' User account to run vdirsyncer as, otherwise as a systemd dynamic user ''; @@ -96,19 +96,19 @@ in group = mkOption { type = types.nullOr types.str; default = null; - description = mdDoc "group to run vdirsyncer as"; + description = "group to run vdirsyncer as"; }; additionalGroups = mkOption { type = types.listOf types.str; default = []; - description = mdDoc "additional groups to add the dynamic user to"; + description = "additional groups to add the dynamic user to"; }; forceDiscover = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Run `yes | vdirsyncer discover` prior to `vdirsyncer sync` ''; }; @@ -119,13 +119,13 @@ in OnBootSec = "1h"; OnUnitActiveSec = "6h"; }; - description = mdDoc "systemd timer configuration"; + description = "systemd timer configuration"; }; configFile = mkOption { type = types.nullOr types.path; default = null; - description = mdDoc "existing configuration file"; + description = "existing configuration file"; }; config = { @@ -133,19 +133,19 @@ in type = types.nullOr types.str; default = null; defaultText = literalExpression "/var/lib/vdirsyncer/\${attrName}"; - description = mdDoc "vdirsyncer's status path"; + description = "vdirsyncer's status path"; }; general = mkOption { type = types.attrs; default = {}; - description = mdDoc "general configuration"; + description = "general configuration"; }; pairs = mkOption { type = types.attrsOf types.attrs; default = {}; - description = mdDoc "vdirsyncer pair configurations"; + description = "vdirsyncer pair configurations"; example = literalExpression '' { my_contacts = { @@ -162,7 +162,7 @@ in storages = mkOption { type = types.attrsOf types.attrs; default = {}; - description = mdDoc "vdirsyncer storage configurations"; + description = "vdirsyncer storage configurations"; example = literalExpression '' { my_cloud_contacts = { diff --git a/nixos/modules/services/networking/vsftpd.nix b/nixos/modules/services/networking/vsftpd.nix index 318ceb4e5094e..25f950600b91c 100644 --- a/nixos/modules/services/networking/vsftpd.nix +++ b/nixos/modules/services/networking/vsftpd.nix @@ -27,7 +27,7 @@ let type = types.bool; name = nixosName; value = mkOption { - description = lib.mdDoc description; + description = description; inherit default; type = types.bool; }; @@ -150,19 +150,19 @@ in services.vsftpd = { - enable = mkEnableOption (lib.mdDoc "vsftpd"); + enable = mkEnableOption "vsftpd"; userlist = mkOption { default = []; type = types.listOf types.str; - description = lib.mdDoc "See {option}`userlistFile`."; + description = "See {option}`userlistFile`."; }; userlistFile = mkOption { type = types.path; default = pkgs.writeText "userlist" (concatMapStrings (x: "${x}\n") cfg.userlist); defaultText = literalExpression ''pkgs.writeText "userlist" (concatMapStrings (x: "''${x}\n") cfg.userlist)''; - description = lib.mdDoc '' + description = '' Newline separated list of names to be allowed/denied if {option}`userlistEnable` is `true`. Meaning see {option}`userlistDeny`. @@ -175,7 +175,7 @@ in enableVirtualUsers = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the `pam_userdb`-based virtual user system ''; @@ -185,7 +185,7 @@ in type = types.nullOr types.str; example = "/etc/vsftpd/userDb"; default = null; - description = lib.mdDoc '' + description = '' Only applies if {option}`enableVirtualUsers` is true. Path pointing to the `pam_userdb` user database used by vsftpd to authenticate the virtual users. @@ -219,7 +219,7 @@ in type = types.nullOr types.str; default = null; example = "/var/www/$USER"; - description = lib.mdDoc '' + description = '' This option represents a directory which vsftpd will try to change into after a local (i.e. non- anonymous) login. @@ -230,7 +230,7 @@ in anonymousUserHome = mkOption { type = types.path; default = "/home/ftp/"; - description = lib.mdDoc '' + description = '' Directory to consider the HOME of the anonymous user. ''; }; @@ -238,27 +238,27 @@ in rsaCertFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc "RSA certificate file."; + description = "RSA certificate file."; }; rsaKeyFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc "RSA private key file."; + description = "RSA private key file."; }; anonymousUmask = mkOption { type = types.str; default = "077"; example = "002"; - description = lib.mdDoc "Anonymous write umask."; + description = "Anonymous write umask."; }; extraConfig = mkOption { type = types.lines; default = ""; example = "ftpd_banner=Hello"; - description = lib.mdDoc "Extra configuration to add at the bottom of the generated configuration file."; + description = "Extra configuration to add at the bottom of the generated configuration file."; }; } // (listToAttrs (catAttrs "nixosOption" optionDescription)); diff --git a/nixos/modules/services/networking/wasabibackend.nix b/nixos/modules/services/networking/wasabibackend.nix index e3a48afd2a2c5..89431ae9b4196 100644 --- a/nixos/modules/services/networking/wasabibackend.nix +++ b/nixos/modules/services/networking/wasabibackend.nix @@ -29,37 +29,37 @@ in { options = { services.wasabibackend = { - enable = mkEnableOption (lib.mdDoc "Wasabi backend service"); + enable = mkEnableOption "Wasabi backend service"; dataDir = mkOption { type = types.path; default = "/var/lib/wasabibackend"; - description = lib.mdDoc "The data directory for the Wasabi backend node."; + description = "The data directory for the Wasabi backend node."; }; customConfigFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc "Defines the path to a custom configuration file that is copied to the user's directory. Overrides any config options."; + description = "Defines the path to a custom configuration file that is copied to the user's directory. Overrides any config options."; }; network = mkOption { type = types.enum [ "mainnet" "testnet" "regtest" ]; default = "mainnet"; - description = lib.mdDoc "The network to use for the Wasabi backend service."; + description = "The network to use for the Wasabi backend service."; }; endpoint = { ip = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc "IP address for P2P connection to bitcoind."; + description = "IP address for P2P connection to bitcoind."; }; port = mkOption { type = types.port; default = 8333; - description = lib.mdDoc "Port for P2P connection to bitcoind."; + description = "Port for P2P connection to bitcoind."; }; }; @@ -67,45 +67,45 @@ in { ip = mkOption { type = types.str; default = "127.0.0.1"; - description = lib.mdDoc "IP address for RPC connection to bitcoind."; + description = "IP address for RPC connection to bitcoind."; }; port = mkOption { type = types.port; default = 8332; - description = lib.mdDoc "Port for RPC connection to bitcoind."; + description = "Port for RPC connection to bitcoind."; }; user = mkOption { type = types.str; default = "bitcoin"; - description = lib.mdDoc "RPC user for the bitcoin endpoint."; + description = "RPC user for the bitcoin endpoint."; }; password = mkOption { type = types.str; default = "password"; - description = lib.mdDoc "RPC password for the bitcoin endpoint. Warning: this is stored in cleartext in the Nix store! Use `configFile` or `passwordFile` if needed."; + description = "RPC password for the bitcoin endpoint. Warning: this is stored in cleartext in the Nix store! Use `configFile` or `passwordFile` if needed."; }; passwordFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc "File that contains the password of the RPC user."; + description = "File that contains the password of the RPC user."; }; }; user = mkOption { type = types.str; default = "wasabibackend"; - description = lib.mdDoc "The user as which to run the wasabibackend node."; + description = "The user as which to run the wasabibackend node."; }; group = mkOption { type = types.str; default = cfg.user; defaultText = literalExpression "config.${opt.user}"; - description = lib.mdDoc "The group as which to run the wasabibackend node."; + description = "The group as which to run the wasabibackend node."; }; }; }; diff --git a/nixos/modules/services/networking/webhook.nix b/nixos/modules/services/networking/webhook.nix index b020db6961c32..3c24bd9849f41 100644 --- a/nixos/modules/services/networking/webhook.nix +++ b/nixos/modules/services/networking/webhook.nix @@ -14,13 +14,13 @@ let id = mkOption { type = types.str; default = name; - description = mdDoc '' + description = '' The ID of your hook. This value is used to create the HTTP endpoint (`protocol://yourserver:port/prefix/''${id}`). ''; }; execute-command = mkOption { type = types.str; - description = mdDoc "The command that should be executed when the hook is triggered."; + description = "The command that should be executed when the hook is triggered."; }; }; }); @@ -31,16 +31,16 @@ let in { options = { services.webhook = { - enable = mkEnableOption (mdDoc '' + enable = mkEnableOption '' [Webhook](https://github.com/adnanh/webhook), a server written in Go that allows you to create HTTP endpoints (hooks), which execute configured commands for any person or service that knows the URL - ''); + ''; package = mkPackageOption pkgs "webhook" {}; user = mkOption { type = types.str; default = defaultUser; - description = mdDoc '' + description = '' Webhook will be run under this user. If set, you must create this user yourself! @@ -49,7 +49,7 @@ in { group = mkOption { type = types.str; default = defaultUser; - description = mdDoc '' + description = '' Webhook will be run under this group. If set, you must create this group yourself! @@ -58,7 +58,7 @@ in { ip = mkOption { type = types.str; default = "0.0.0.0"; - description = mdDoc '' + description = '' The IP webhook should serve hooks on. The default means it can be reached on any interface if `openFirewall = true`. @@ -67,12 +67,12 @@ in { port = mkOption { type = types.port; default = 9000; - description = mdDoc "The port webhook should be reachable from."; + description = "The port webhook should be reachable from."; }; openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Open the configured port in the firewall for external ingress traffic. Preferably the Webhook server is instead put behind a reverse proxy. ''; @@ -81,7 +81,7 @@ in { type = types.bool; default = cfg.hooksTemplated != {}; defaultText = literalExpression "hooksTemplated != {}"; - description = mdDoc '' + description = '' Enable the generated hooks file to be parsed as a Go template. See [the documentation](https://github.com/adnanh/webhook/blob/master/docs/Templates.md) for more information. ''; @@ -89,7 +89,7 @@ in { urlPrefix = mkOption { type = types.str; default = "hooks"; - description = mdDoc '' + description = '' The URL path prefix to use for served hooks (`protocol://yourserver:port/''${prefix}/hook-id`). ''; }; @@ -106,7 +106,7 @@ in { command-working-directory = "/var/webhook"; }; }; - description = mdDoc '' + description = '' The actual configuration of which hooks will be served. Read more on the [project homepage] and on the [hook definition] page. @@ -128,7 +128,7 @@ in { } ''; }; - description = mdDoc '' + description = '' Same as {option}`hooks`, but these hooks are specified as literal strings instead of Nix values, and hence can include [template syntax](https://github.com/adnanh/webhook/blob/master/docs/Templates.md) which might not be representable as JSON. @@ -140,13 +140,13 @@ in { verbose = mkOption { type = types.bool; default = true; - description = mdDoc "Whether to show verbose output."; + description = "Whether to show verbose output."; }; extraArgs = mkOption { type = types.listOf types.str; default = []; example = [ "-secure" ]; - description = mdDoc '' + description = '' These are arguments passed to the webhook command in the systemd service. You can find the available arguments and options in the [documentation][parameters]. @@ -156,7 +156,7 @@ in { environment = mkOption { type = types.attrsOf types.str; default = {}; - description = mdDoc "Extra environment variables passed to webhook."; + description = "Extra environment variables passed to webhook."; }; }; }; diff --git a/nixos/modules/services/networking/websockify.nix b/nixos/modules/services/networking/websockify.nix index 27ad8953d3faf..41336000b0add 100644 --- a/nixos/modules/services/networking/websockify.nix +++ b/nixos/modules/services/networking/websockify.nix @@ -6,7 +6,7 @@ let cfg = config.services.networking.websockify; in { options = { services.networking.websockify = { enable = mkOption { - description = lib.mdDoc "Whether to enable websockify to forward websocket connections to TCP connections."; + description = "Whether to enable websockify to forward websocket connections to TCP connections."; default = false; @@ -14,19 +14,19 @@ let cfg = config.services.networking.websockify; in { }; sslCert = mkOption { - description = lib.mdDoc "Path to the SSL certificate."; + description = "Path to the SSL certificate."; type = types.path; }; sslKey = mkOption { - description = lib.mdDoc "Path to the SSL key."; + description = "Path to the SSL key."; default = cfg.sslCert; defaultText = literalExpression "config.services.networking.websockify.sslCert"; type = types.path; }; portMap = mkOption { - description = lib.mdDoc "Ports to map by default."; + description = "Ports to map by default."; default = {}; type = types.attrsOf types.int; }; diff --git a/nixos/modules/services/networking/wg-netmanager.nix b/nixos/modules/services/networking/wg-netmanager.nix index b260c573726b9..493ff7ceba9f1 100644 --- a/nixos/modules/services/networking/wg-netmanager.nix +++ b/nixos/modules/services/networking/wg-netmanager.nix @@ -9,7 +9,7 @@ in options = { services.wg-netmanager = { - enable = mkEnableOption (lib.mdDoc "Wireguard network manager"); + enable = mkEnableOption "Wireguard network manager"; }; }; diff --git a/nixos/modules/services/networking/wg-quick.nix b/nixos/modules/services/networking/wg-quick.nix index 68e0e06d0469d..2062f2806d79f 100644 --- a/nixos/modules/services/networking/wg-quick.nix +++ b/nixos/modules/services/networking/wg-quick.nix @@ -15,7 +15,7 @@ let example = "/secret/wg0.conf"; default = null; type = with types; nullOr str; - description = lib.mdDoc '' + description = '' wg-quick .conf file, describing the interface. Using this option can be a useful means of configuring WireGuard if one has an existing .conf file. @@ -28,11 +28,11 @@ let example = [ "192.168.2.1/24" ]; default = []; type = with types; listOf str; - description = lib.mdDoc "The IP addresses of the interface."; + description = "The IP addresses of the interface."; }; autostart = mkOption { - description = lib.mdDoc "Whether to bring up this interface automatically during boot."; + description = "Whether to bring up this interface automatically during boot."; default = true; example = false; type = types.bool; @@ -42,14 +42,14 @@ let example = [ "192.168.2.2" ]; default = []; type = with types; listOf str; - description = lib.mdDoc "The IP addresses of DNS servers to configure."; + description = "The IP addresses of DNS servers to configure."; }; privateKey = mkOption { example = "yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk="; type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Base64 private key generated by {command}`wg genkey`. Warning: Consider using privateKeyFile instead if you do not @@ -61,7 +61,7 @@ let example = "/private/wireguard_key"; type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Private key file as generated by {command}`wg genkey`. ''; }; @@ -70,7 +70,7 @@ let default = null; type = with types; nullOr int; example = 51820; - description = lib.mdDoc '' + description = '' 16-bit port for listening. Optional; if not specified, automatically generated based on interface name. ''; @@ -80,7 +80,7 @@ let example = literalExpression ''"''${pkgs.iproute2}/bin/ip netns add foo"''; default = ""; type = with types; coercedTo (listOf str) (concatStringsSep "\n") lines; - description = lib.mdDoc '' + description = '' Commands called at the start of the interface setup. ''; }; @@ -89,7 +89,7 @@ let example = literalExpression ''"''${pkgs.iproute2}/bin/ip netns del foo"''; default = ""; type = with types; coercedTo (listOf str) (concatStringsSep "\n") lines; - description = lib.mdDoc '' + description = '' Command called before the interface is taken down. ''; }; @@ -98,7 +98,7 @@ let example = literalExpression ''"''${pkgs.iproute2}/bin/ip netns add foo"''; default = ""; type = with types; coercedTo (listOf str) (concatStringsSep "\n") lines; - description = lib.mdDoc '' + description = '' Commands called after the interface setup. ''; }; @@ -107,7 +107,7 @@ let example = literalExpression ''"''${pkgs.iproute2}/bin/ip netns del foo"''; default = ""; type = with types; coercedTo (listOf str) (concatStringsSep "\n") lines; - description = lib.mdDoc '' + description = '' Command called after the interface is taken down. ''; }; @@ -116,7 +116,7 @@ let example = "main"; default = null; type = with types; nullOr str; - description = lib.mdDoc '' + description = '' The kernel routing table to add this interface's associated routes to. Setting this is useful for e.g. policy routing ("ip rule") or virtual routing and forwarding ("ip vrf"). Both @@ -129,7 +129,7 @@ let example = 1248; default = null; type = with types; nullOr int; - description = lib.mdDoc '' + description = '' If not specified, the MTU is automatically determined from the endpoint addresses or the system default route, which is usually a sane choice. However, to manually specify an MTU to override this @@ -139,7 +139,7 @@ let peers = mkOption { default = []; - description = lib.mdDoc "Peers linked to the interface."; + description = "Peers linked to the interface."; type = with types; listOf (submodule peerOpts); }; }; @@ -152,14 +152,14 @@ let publicKey = mkOption { example = "xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg="; type = types.str; - description = lib.mdDoc "The base64 public key to the peer."; + description = "The base64 public key to the peer."; }; presharedKey = mkOption { default = null; example = "rVXs/Ni9tu3oDBLS4hOyAUAa1qTWVA3loR8eL20os3I="; type = with types; nullOr str; - description = lib.mdDoc '' + description = '' Base64 preshared key generated by {command}`wg genpsk`. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing @@ -174,7 +174,7 @@ let default = null; example = "/private/wireguard_psk"; type = with types; nullOr str; - description = lib.mdDoc '' + description = '' File pointing to preshared key as generated by {command}`wg genpsk`. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing @@ -185,7 +185,7 @@ let allowedIPs = mkOption { example = [ "10.192.122.3/32" "10.192.124.1/24" ]; type = with types; listOf str; - description = lib.mdDoc ''List of IP (v4 or v6) addresses with CIDR masks from + description = ''List of IP (v4 or v6) addresses with CIDR masks from which this peer is allowed to send incoming traffic and to which outgoing traffic for this peer is directed. The catch-all 0.0.0.0/0 may be specified for matching all IPv4 addresses, and ::/0 may be specified @@ -196,7 +196,7 @@ let default = null; example = "demo.wireguard.io:12913"; type = with types; nullOr str; - description = lib.mdDoc ''Endpoint IP or hostname of the peer, followed by a colon, + description = ''Endpoint IP or hostname of the peer, followed by a colon, and then a port number of the peer.''; }; @@ -204,7 +204,7 @@ let default = null; type = with types; nullOr int; example = 25; - description = lib.mdDoc ''This is optional and is by default off, because most + description = ''This is optional and is by default off, because most users will not need it. It represents, in seconds, between 1 and 65535 inclusive, how often to send an authenticated empty packet to the peer, for the purpose of keeping a stateful firewall or NAT mapping valid @@ -310,7 +310,7 @@ in { options = { networking.wg-quick = { interfaces = mkOption { - description = lib.mdDoc "Wireguard interfaces."; + description = "Wireguard interfaces."; default = {}; example = { wg0 = { diff --git a/nixos/modules/services/networking/wgautomesh.nix b/nixos/modules/services/networking/wgautomesh.nix index 094281403f73a..c66e3e376343e 100644 --- a/nixos/modules/services/networking/wgautomesh.nix +++ b/nixos/modules/services/networking/wgautomesh.nix @@ -21,20 +21,20 @@ let in { options.services.wgautomesh = { - enable = mkEnableOption (mdDoc "the wgautomesh daemon"); + enable = mkEnableOption "the wgautomesh daemon"; logLevel = mkOption { type = types.enum [ "trace" "debug" "info" "warn" "error" ]; default = "info"; - description = mdDoc "wgautomesh log level."; + description = "wgautomesh log level."; }; enableGossipEncryption = mkOption { type = types.bool; default = true; - description = mdDoc "Enable encryption of gossip traffic."; + description = "Enable encryption of gossip traffic."; }; gossipSecretFile = mkOption { type = types.path; - description = mdDoc '' + description = '' File containing the gossip secret, a shared secret key to use for gossip encryption. Required if `enableGossipEncryption` is set. This file may contain any arbitrary-length utf8 string. To generate a new gossip @@ -44,12 +44,12 @@ in enablePersistence = mkOption { type = types.bool; default = true; - description = mdDoc "Enable persistence of Wireguard peer info between restarts."; + description = "Enable persistence of Wireguard peer info between restarts."; }; openFirewall = mkOption { type = types.bool; default = true; - description = mdDoc "Automatically open gossip port in firewall (recommended)."; + description = "Automatically open gossip port in firewall (recommended)."; }; settings = mkOption { type = types.submodule { @@ -58,7 +58,7 @@ in interface = mkOption { type = types.str; - description = mdDoc '' + description = '' Wireguard interface to manage (it is NOT created by wgautomesh, you should use another NixOS option to create it such as `networking.wireguard.interfaces.wg0 = {...};`). @@ -67,7 +67,7 @@ in }; gossip_port = mkOption { type = types.port; - description = mdDoc '' + description = '' wgautomesh gossip port, this MUST be the same number on all nodes in the wgautomesh network. ''; @@ -76,12 +76,12 @@ in lan_discovery = mkOption { type = types.bool; default = true; - description = mdDoc "Enable discovery of peers on the same LAN using UDP broadcast."; + description = "Enable discovery of peers on the same LAN using UDP broadcast."; }; upnp_forward_external_port = mkOption { type = types.nullOr types.port; default = null; - description = mdDoc '' + description = '' Public port number to try to redirect to this machine's Wireguard daemon using UPnP IGD. ''; @@ -91,11 +91,11 @@ in options = { pubkey = mkOption { type = types.str; - description = mdDoc "Wireguard public key of this peer."; + description = "Wireguard public key of this peer."; }; address = mkOption { type = types.str; - description = mdDoc '' + description = '' Wireguard address of this peer (a single IP address, multiple addresses or address ranges are not supported). ''; @@ -103,7 +103,7 @@ in }; endpoint = mkOption { type = types.nullOr types.str; - description = mdDoc '' + description = '' Bootstrap endpoint for connecting to this Wireguard peer if no other address is known or none are working. ''; @@ -113,13 +113,13 @@ in }; }); default = [ ]; - description = mdDoc "wgautomesh peer list."; + description = "wgautomesh peer list."; }; }; }; default = { }; - description = mdDoc "Configuration for wgautomesh."; + description = "Configuration for wgautomesh."; }; }; diff --git a/nixos/modules/services/networking/wireguard.nix b/nixos/modules/services/networking/wireguard.nix index d36be87daf60f..3f68af3a86c96 100644 --- a/nixos/modules/services/networking/wireguard.nix +++ b/nixos/modules/services/networking/wireguard.nix @@ -19,14 +19,14 @@ let example = [ "192.168.2.1/24" ]; default = []; type = with types; listOf str; - description = lib.mdDoc "The IP addresses of the interface."; + description = "The IP addresses of the interface."; }; privateKey = mkOption { example = "yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk="; type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Base64 private key generated by {command}`wg genkey`. Warning: Consider using privateKeyFile instead if you do not @@ -37,7 +37,7 @@ let generatePrivateKeyFile = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Automatically generate a private key with {command}`wg genkey`, at the privateKeyFile location. ''; @@ -47,7 +47,7 @@ let example = "/private/wireguard_key"; type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' Private key file as generated by {command}`wg genkey`. ''; }; @@ -56,7 +56,7 @@ let default = null; type = with types; nullOr int; example = 51820; - description = lib.mdDoc '' + description = '' 16-bit port for listening. Optional; if not specified, automatically generated based on interface name. ''; @@ -66,7 +66,7 @@ let example = literalExpression ''"''${pkgs.iproute2}/bin/ip netns add foo"''; default = ""; type = with types; coercedTo (listOf str) (concatStringsSep "\n") lines; - description = lib.mdDoc '' + description = '' Commands called at the start of the interface setup. ''; }; @@ -77,20 +77,20 @@ let ''; default = ""; type = with types; coercedTo (listOf str) (concatStringsSep "\n") lines; - description = lib.mdDoc "Commands called at the end of the interface setup."; + description = "Commands called at the end of the interface setup."; }; postShutdown = mkOption { example = literalExpression ''"''${pkgs.openresolv}/bin/resolvconf -d wg0"''; default = ""; type = with types; coercedTo (listOf str) (concatStringsSep "\n") lines; - description = lib.mdDoc "Commands called after shutting down the interface."; + description = "Commands called after shutting down the interface."; }; table = mkOption { default = "main"; type = types.str; - description = lib.mdDoc '' + description = '' The kernel routing table to add this interface's associated routes to. Setting this is useful for e.g. policy routing ("ip rule") or virtual routing and forwarding ("ip vrf"). Both @@ -101,7 +101,7 @@ let peers = mkOption { default = []; - description = lib.mdDoc "Peers linked to the interface."; + description = "Peers linked to the interface."; type = with types; listOf (submodule peerOpts); }; @@ -109,7 +109,7 @@ let example = false; default = true; type = types.bool; - description = lib.mdDoc '' + description = '' Determines whether to add allowed IPs as routes or not. ''; }; @@ -118,7 +118,7 @@ let default = null; type = with types; nullOr str; example = "container"; - description = lib.mdDoc ''The pre-existing network namespace in which the + description = ''The pre-existing network namespace in which the WireGuard interface is created, and which retains the socket even if the interface is moved via {option}`interfaceNamespace`. When `null`, the interface is created in the init namespace. @@ -130,7 +130,7 @@ let default = null; type = with types; nullOr str; example = "init"; - description = lib.mdDoc ''The pre-existing network namespace the WireGuard + description = ''The pre-existing network namespace the WireGuard interface is moved to. The special value `init` means the init namespace. When `null`, the interface is not moved. @@ -142,7 +142,7 @@ let default = null; type = with types; nullOr str; example = "0x6e6978"; - description = lib.mdDoc '' + description = '' Mark all wireguard packets originating from this interface with the given firewall mark. The firewall mark can be used in firewalls or policy routing to filter the wireguard packets. @@ -156,7 +156,7 @@ let default = null; type = with types; nullOr int; example = 1280; - description = lib.mdDoc '' + description = '' Set the maximum transmission unit in bytes for the wireguard interface. Beware that the wireguard packets have a header that may add up to 80 bytes to the mtu. By default, the MTU is (1500 - 80) = @@ -169,7 +169,7 @@ let default = null; type = with types; nullOr int; example = 700; - description = lib.mdDoc '' + description = '' Set the metric of routes related to this Wireguard interface. ''; }; @@ -192,20 +192,20 @@ let defaultText = literalExpression "publicKey"; example = "bernd"; type = types.str; - description = lib.mdDoc "Name used to derive peer unit name."; + description = "Name used to derive peer unit name."; }; publicKey = mkOption { example = "xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg="; type = types.singleLineStr; - description = lib.mdDoc "The base64 public key of the peer."; + description = "The base64 public key of the peer."; }; presharedKey = mkOption { default = null; example = "rVXs/Ni9tu3oDBLS4hOyAUAa1qTWVA3loR8eL20os3I="; type = with types; nullOr str; - description = lib.mdDoc '' + description = '' Base64 preshared key generated by {command}`wg genpsk`. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing @@ -220,7 +220,7 @@ let default = null; example = "/private/wireguard_psk"; type = with types; nullOr str; - description = lib.mdDoc '' + description = '' File pointing to preshared key as generated by {command}`wg genpsk`. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing @@ -231,7 +231,7 @@ let allowedIPs = mkOption { example = [ "10.192.122.3/32" "10.192.124.1/24" ]; type = with types; listOf str; - description = lib.mdDoc ''List of IP (v4 or v6) addresses with CIDR masks from + description = ''List of IP (v4 or v6) addresses with CIDR masks from which this peer is allowed to send incoming traffic and to which outgoing traffic for this peer is directed. The catch-all 0.0.0.0/0 may be specified for matching all IPv4 addresses, and ::/0 may be specified @@ -242,7 +242,7 @@ let default = null; example = "demo.wireguard.io:12913"; type = with types; nullOr str; - description = lib.mdDoc '' + description = '' Endpoint IP or hostname of the peer, followed by a colon, and then a port number of the peer. @@ -263,7 +263,7 @@ let default = 0; example = 5; type = with types; int; - description = lib.mdDoc '' + description = '' Periodically re-execute the `wg` utility every this many seconds in order to let WireGuard notice DNS / hostname changes. @@ -276,7 +276,7 @@ let default = null; example = 5; type = with types; nullOr ints.unsigned; - description = lib.mdDoc '' + description = '' When the dynamic endpoint refresh that is configured via dynamicEndpointRefreshSeconds exits (likely due to a failure), restart that service after this many seconds. @@ -291,7 +291,7 @@ let default = null; type = with types; nullOr int; example = 25; - description = lib.mdDoc ''This is optional and is by default off, because most + description = ''This is optional and is by default off, because most users will not need it. It represents, in seconds, between 1 and 65535 inclusive, how often to send an authenticated empty packet to the peer, for the purpose of keeping a stateful firewall or NAT mapping valid @@ -519,7 +519,7 @@ in networking.wireguard = { enable = mkOption { - description = lib.mdDoc '' + description = '' Whether to enable WireGuard. Please note that {option}`systemd.network.netdevs` has more features @@ -534,7 +534,7 @@ in }; interfaces = mkOption { - description = lib.mdDoc '' + description = '' WireGuard interfaces. Please note that {option}`systemd.network.netdevs` has more features diff --git a/nixos/modules/services/networking/wpa_supplicant.nix b/nixos/modules/services/networking/wpa_supplicant.nix index 4586550ed75e7..435cd530c18d4 100644 --- a/nixos/modules/services/networking/wpa_supplicant.nix +++ b/nixos/modules/services/networking/wpa_supplicant.nix @@ -124,11 +124,20 @@ let fi ''} + # ensure wpa_supplicant.conf exists, or the daemon will fail to start + ${optionalString cfg.allowAuxiliaryImperativeNetworks '' + touch /etc/wpa_supplicant.conf + ''} + # substitute environment variables if [ -f "${configFile}" ]; then ${pkgs.gawk}/bin/awk '{ - for(varname in ENVIRON) - gsub("@"varname"@", ENVIRON[varname]) + for(varname in ENVIRON) { + find = "@"varname"@" + repl = ENVIRON[varname] + if (i = index($0, find)) + $0 = substr($0, 1, i-1) repl substr($0, i+length(find)) + } print }' "${configFile}" > "${finalConfig}" else @@ -172,13 +181,13 @@ let in { options = { networking.wireless = { - enable = mkEnableOption (lib.mdDoc "wpa_supplicant"); + enable = mkEnableOption "wpa_supplicant"; interfaces = mkOption { type = types.listOf types.str; default = []; example = [ "wlan0" "wlan1" ]; - description = lib.mdDoc '' + description = '' The interfaces {command}`wpa_supplicant` will use. If empty, it will automatically use all wireless interfaces. @@ -191,11 +200,11 @@ in { driver = mkOption { type = types.str; default = "nl80211,wext"; - description = lib.mdDoc "Force a specific wpa_supplicant driver."; + description = "Force a specific wpa_supplicant driver."; }; - allowAuxiliaryImperativeNetworks = mkEnableOption (lib.mdDoc "support for imperative & declarative networks") // { - description = lib.mdDoc '' + allowAuxiliaryImperativeNetworks = mkEnableOption "support for imperative & declarative networks" // { + description = '' Whether to allow configuring networks "imperatively" (e.g. via `wpa_supplicant_gui`) and declaratively via [](#opt-networking.wireless.networks). @@ -207,7 +216,7 @@ in { scanOnLowSignal = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to periodically scan for (better) networks when the signal of the current one is low. This will make roaming between access points faster, but will consume more power. @@ -217,7 +226,7 @@ in { fallbackToWPA2 = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to fall back to WPA2 authentication protocols if WPA3 failed. This allows old wireless cards (that lack recent features required by WPA3) to connect to mixed WPA2/WPA3 access points. @@ -230,7 +239,7 @@ in { type = types.nullOr types.path; default = null; example = "/run/secrets/wireless.env"; - description = lib.mdDoc '' + description = '' File consisting of lines of the form `varname=value` to define variables for the wireless configuration. @@ -268,7 +277,7 @@ in { psk = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The network's pre-shared key in plaintext defaulting to being a network without any authentication. @@ -286,7 +295,7 @@ in { pskRaw = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' The network's pre-shared key in hex defaulting to being a network without any authentication. @@ -337,7 +346,7 @@ in { "OWE" "DPP" ]); - description = lib.mdDoc '' + description = '' The list of authentication protocols accepted by this network. This corresponds to the `key_mgmt` option in wpa_supplicant. ''; @@ -351,7 +360,7 @@ in { identity="user@example.com" password="@EXAMPLE_PASSWORD@" ''; - description = lib.mdDoc '' + description = '' Use this option to configure advanced authentication methods like EAP. See {manpage}`wpa_supplicant.conf(5)` @@ -372,7 +381,7 @@ in { hidden = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Set this to `true` if the SSID of the network is hidden. ''; example = literalExpression '' @@ -387,7 +396,7 @@ in { priority = mkOption { type = types.nullOr types.int; default = null; - description = lib.mdDoc '' + description = '' By default, all networks will get same priority group (0). If some of the networks are more desirable, this field can be used to change the order in which wpa_supplicant goes through the networks when selecting a BSS. The @@ -404,7 +413,7 @@ in { example = '' bssid_blacklist=02:11:22:33:44:55 02:22:aa:44:55:66 ''; - description = lib.mdDoc '' + description = '' Extra configuration lines appended to the network block. See {manpage}`wpa_supplicant.conf(5)` @@ -414,7 +423,7 @@ in { }; }); - description = lib.mdDoc '' + description = '' The network definitions to automatically connect to when {command}`wpa_supplicant` is running. If this parameter is left empty wpa_supplicant will use @@ -443,7 +452,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Allow normal users to control wpa_supplicant through wpa_gui or wpa_cli. This is useful for laptop users that switch networks a lot and don't want to depend on a large package such as NetworkManager just to pick nearby @@ -458,7 +467,7 @@ in { type = types.str; default = "wheel"; example = "network"; - description = lib.mdDoc "Members of this group can control wpa_supplicant."; + description = "Members of this group can control wpa_supplicant."; }; }; @@ -466,7 +475,7 @@ in { type = types.bool; default = lib.length cfg.interfaces < 2; defaultText = literalExpression "length config.${opt.interfaces} < 2"; - description = lib.mdDoc '' + description = '' Whether to enable the DBus control interface. This is only needed when using NetworkManager or connman. ''; @@ -478,7 +487,7 @@ in { example = '' p2p_disabled=1 ''; - description = lib.mdDoc '' + description = '' Extra lines appended to the configuration file. See {manpage}`wpa_supplicant.conf(5)` diff --git a/nixos/modules/services/networking/wstunnel.nix b/nixos/modules/services/networking/wstunnel.nix index 2762c85651f46..efb65aead116a 100644 --- a/nixos/modules/services/networking/wstunnel.nix +++ b/nixos/modules/services/networking/wstunnel.nix @@ -10,11 +10,11 @@ let hostPortSubmodule = { options = { host = mkOption { - description = mdDoc "The hostname."; + description = "The hostname."; type = types.str; }; port = mkOption { - description = mdDoc "The port."; + description = "The port."; type = types.port; }; }; @@ -22,7 +22,7 @@ let localRemoteSubmodule = { options = { local = mkOption { - description = mdDoc "Local address and port to listen on."; + description = "Local address and port to listen on."; type = types.submodule hostPortSubmodule; example = { host = "127.0.0.1"; @@ -30,7 +30,7 @@ let }; }; remote = mkOption { - description = mdDoc "Address and port on remote to forward traffic to."; + description = "Address and port on remote to forward traffic to."; type = types.submodule hostPortSubmodule; example = { host = "127.0.0.1"; @@ -43,7 +43,7 @@ let localRemoteToString = { local, remote }: utils.escapeSystemdExecArg "${hostPortToString local}:${hostPortToString remote}"; commonOptions = { enable = mkOption { - description = mdDoc "Whether to enable this `wstunnel` instance."; + description = "Whether to enable this `wstunnel` instance."; type = types.bool; default = true; }; @@ -51,13 +51,13 @@ let package = mkPackageOption pkgs "wstunnel" {}; autoStart = mkOption { - description = mdDoc "Whether this tunnel server should be started automatically."; + description = "Whether this tunnel server should be started automatically."; type = types.bool; default = true; }; extraArgs = mkOption { - description = mdDoc "Extra command line arguments to pass to `wstunnel`. Attributes of the form `argName = true;` will be translated to `--argName`, and `argName = \"value\"` to `--argName=value`."; + description = "Extra command line arguments to pass to `wstunnel`. Attributes of the form `argName = true;` will be translated to `--argName`, and `argName = \"value\"` to `--argName=value`."; type = with types; attrsOf (either str bool); default = {}; example = { @@ -67,13 +67,13 @@ let }; verboseLogging = mkOption { - description = mdDoc "Enable verbose logging."; + description = "Enable verbose logging."; type = types.bool; default = false; }; environmentFile = mkOption { - description = mdDoc "Environment file to be passed to the systemd service. Useful for passing secrets to the service to prevent them from being world-readable in the Nix store. Note however that the secrets are passed to `wstunnel` through the command line, which makes them locally readable for all users of the system at runtime."; + description = "Environment file to be passed to the systemd service. Useful for passing secrets to the service to prevent them from being world-readable in the Nix store. Note however that the secrets are passed to `wstunnel` through the command line, which makes them locally readable for all users of the system at runtime."; type = types.nullOr types.path; default = null; example = "/var/lib/secrets/wstunnelSecrets"; @@ -83,7 +83,7 @@ let serverSubmodule = { config, ...}: { options = commonOptions // { listen = mkOption { - description = mdDoc "Address and port to listen on. Setting the port to a value below 1024 will also give the process the required `CAP_NET_BIND_SERVICE` capability."; + description = "Address and port to listen on. Setting the port to a value below 1024 will also give the process the required `CAP_NET_BIND_SERVICE` capability."; type = types.submodule hostPortSubmodule; default = { host = "0.0.0.0"; @@ -98,7 +98,7 @@ let }; restrictTo = mkOption { - description = mdDoc "Accepted traffic will be forwarded only to this service. Set to `null` to allow forwarding to arbitrary addresses."; + description = "Accepted traffic will be forwarded only to this service. Set to `null` to allow forwarding to arbitrary addresses."; type = types.nullOr (types.submodule hostPortSubmodule); example = { host = "127.0.0.1"; @@ -107,27 +107,27 @@ let }; enableHTTPS = mkOption { - description = mdDoc "Use HTTPS for the tunnel server."; + description = "Use HTTPS for the tunnel server."; type = types.bool; default = true; }; tlsCertificate = mkOption { - description = mdDoc "TLS certificate to use instead of the hardcoded one in case of HTTPS connections. Use together with `tlsKey`."; + description = "TLS certificate to use instead of the hardcoded one in case of HTTPS connections. Use together with `tlsKey`."; type = types.nullOr types.path; default = null; example = "/var/lib/secrets/cert.pem"; }; tlsKey = mkOption { - description = mdDoc "TLS key to use instead of the hardcoded on in case of HTTPS connections. Use together with `tlsCertificate`."; + description = "TLS key to use instead of the hardcoded on in case of HTTPS connections. Use together with `tlsCertificate`."; type = types.nullOr types.path; default = null; example = "/var/lib/secrets/key.pem"; }; useACMEHost = mkOption { - description = mdDoc "Use a certificate generated by the NixOS ACME module for the given host. Note that this will not generate a new certificate - you will need to do so with `security.acme.certs`."; + description = "Use a certificate generated by the NixOS ACME module for the given host. Note that this will not generate a new certificate - you will need to do so with `security.acme.certs`."; type = types.nullOr types.str; default = null; example = "example.com"; @@ -137,7 +137,7 @@ let clientSubmodule = { config, ... }: { options = commonOptions // { connectTo = mkOption { - description = mdDoc "Server address and port to connect to."; + description = "Server address and port to connect to."; type = types.submodule hostPortSubmodule; example = { host = "example.com"; @@ -145,13 +145,13 @@ let }; enableHTTPS = mkOption { - description = mdDoc "Enable HTTPS when connecting to the server."; + description = "Enable HTTPS when connecting to the server."; type = types.bool; default = true; }; localToRemote = mkOption { - description = mdDoc "Local hosts and ports to listen on, plus the hosts and ports on remote to forward traffic to. Setting a local port to a value less than 1024 will additionally give the process the required CAP_NET_BIND_SERVICE capability."; + description = "Local hosts and ports to listen on, plus the hosts and ports on remote to forward traffic to. Setting a local port to a value less than 1024 will additionally give the process the required CAP_NET_BIND_SERVICE capability."; type = types.listOf (types.submodule localRemoteSubmodule); default = []; example = [ { @@ -167,7 +167,7 @@ let }; dynamicToRemote = mkOption { - description = mdDoc "Host and port for the SOCKS5 proxy to dynamically forward traffic to. Leave this at `null` to disable the SOCKS5 proxy. Setting the port to a value less than 1024 will additionally give the service the required CAP_NET_BIND_SERVICE capability."; + description = "Host and port for the SOCKS5 proxy to dynamically forward traffic to. Leave this at `null` to disable the SOCKS5 proxy. Setting the port to a value less than 1024 will additionally give the service the required CAP_NET_BIND_SERVICE capability."; type = types.nullOr (types.submodule hostPortSubmodule); default = null; example = { @@ -177,19 +177,19 @@ let }; udp = mkOption { - description = mdDoc "Whether to forward UDP instead of TCP traffic."; + description = "Whether to forward UDP instead of TCP traffic."; type = types.bool; default = false; }; udpTimeout = mkOption { - description = mdDoc "When using UDP forwarding, timeout in seconds after which the tunnel connection is closed. `-1` means no timeout."; + description = "When using UDP forwarding, timeout in seconds after which the tunnel connection is closed. `-1` means no timeout."; type = types.int; default = 30; }; httpProxy = mkOption { - description = mdDoc '' + description = '' Proxy to use to connect to the wstunnel server (`USER:PASS@HOST:PORT`). ::: {.warning} @@ -202,45 +202,45 @@ let }; soMark = mkOption { - description = mdDoc "Mark network packets with the SO_MARK sockoption with the specified value. Setting this option will also enable the required `CAP_NET_ADMIN` capability for the systemd service."; + description = "Mark network packets with the SO_MARK sockoption with the specified value. Setting this option will also enable the required `CAP_NET_ADMIN` capability for the systemd service."; type = types.nullOr types.int; default = null; }; upgradePathPrefix = mkOption { - description = mdDoc "Use a specific HTTP path prefix that will show up in the upgrade request to the `wstunnel` server. Useful when running `wstunnel` behind a reverse proxy."; + description = "Use a specific HTTP path prefix that will show up in the upgrade request to the `wstunnel` server. Useful when running `wstunnel` behind a reverse proxy."; type = types.nullOr types.str; default = null; example = "wstunnel"; }; hostHeader = mkOption { - description = mdDoc "Use this as the HTTP host header instead of the real hostname. Useful for circumventing hostname-based firewalls."; + description = "Use this as the HTTP host header instead of the real hostname. Useful for circumventing hostname-based firewalls."; type = types.nullOr types.str; default = null; }; tlsSNI = mkOption { - description = mdDoc "Use this as the SNI while connecting via TLS. Useful for circumventing hostname-based firewalls."; + description = "Use this as the SNI while connecting via TLS. Useful for circumventing hostname-based firewalls."; type = types.nullOr types.str; default = null; }; tlsVerifyCertificate = mkOption { - description = mdDoc "Whether to verify the TLS certificate of the server. It might be useful to set this to `false` when working with the `tlsSNI` option."; + description = "Whether to verify the TLS certificate of the server. It might be useful to set this to `false` when working with the `tlsSNI` option."; type = types.bool; default = true; }; # The original argument name `websocketPingFrequency` is a misnomer, as the frequency is the inverse of the interval. websocketPingInterval = mkOption { - description = mdDoc "Do a heartbeat ping every N seconds to keep up the websocket connection."; + description = "Do a heartbeat ping every N seconds to keep up the websocket connection."; type = types.nullOr types.ints.unsigned; default = null; }; upgradeCredentials = mkOption { - description = mdDoc '' + description = '' Use these credentials to authenticate during the HTTP upgrade request (Basic authorization type, `USER:[PASS]`). ::: {.warning} @@ -252,7 +252,7 @@ let }; customHeaders = mkOption { - description = mdDoc "Custom HTTP headers to send during the upgrade request."; + description = "Custom HTTP headers to send during the upgrade request."; type = types.attrsOf types.str; default = {}; example = { @@ -355,10 +355,10 @@ let }; in { options.services.wstunnel = { - enable = mkEnableOption (mdDoc "wstunnel"); + enable = mkEnableOption "wstunnel"; servers = mkOption { - description = mdDoc "`wstunnel` servers to set up."; + description = "`wstunnel` servers to set up."; type = types.attrsOf (types.submodule serverSubmodule); default = {}; example = { @@ -376,7 +376,7 @@ in { }; clients = mkOption { - description = mdDoc "`wstunnel` clients to set up."; + description = "`wstunnel` clients to set up."; type = types.attrsOf (types.submodule clientSubmodule); default = {}; example = { diff --git a/nixos/modules/services/networking/x2goserver.nix b/nixos/modules/services/networking/x2goserver.nix index f1eba9fafc1c2..e46a493924ef7 100644 --- a/nixos/modules/services/networking/x2goserver.nix +++ b/nixos/modules/services/networking/x2goserver.nix @@ -22,16 +22,16 @@ in { ]; options.services.x2goserver = { - enable = mkEnableOption (lib.mdDoc "x2goserver") // { - description = lib.mdDoc '' + enable = mkEnableOption "x2goserver" // { + description = '' Enables the x2goserver module. NOTE: This will create a good amount of symlinks in `/usr/local/bin` ''; }; superenicer = { - enable = mkEnableOption (lib.mdDoc "superenicer") // { - description = lib.mdDoc '' + enable = mkEnableOption "superenicer" // { + description = '' Enables the SupeReNicer code in x2gocleansessions, this will renice suspended sessions to nice level 19 and renice them to level 0 if the session becomes marked as running again @@ -42,7 +42,7 @@ in { nxagentDefaultOptions = mkOption { type = types.listOf types.str; default = [ "-extension GLX" "-nolisten tcp" ]; - description = lib.mdDoc '' + description = '' List of default nx agent options. ''; }; @@ -50,7 +50,7 @@ in { settings = mkOption { type = types.attrsOf types.attrs; default = {}; - description = lib.mdDoc '' + description = '' x2goserver.conf ini configuration as nix attributes. See `x2goserver.conf(5)` for details ''; diff --git a/nixos/modules/services/networking/xandikos.nix b/nixos/modules/services/networking/xandikos.nix index 147f07ac546de..e05fee1656cd0 100644 --- a/nixos/modules/services/networking/xandikos.nix +++ b/nixos/modules/services/networking/xandikos.nix @@ -9,14 +9,14 @@ in options = { services.xandikos = { - enable = mkEnableOption (lib.mdDoc "Xandikos CalDAV and CardDAV server"); + enable = mkEnableOption "Xandikos CalDAV and CardDAV server"; package = mkPackageOption pkgs "xandikos" { }; address = mkOption { type = types.str; default = "localhost"; - description = lib.mdDoc '' + description = '' The IP address on which Xandikos will listen. By default listens on localhost. ''; @@ -25,13 +25,13 @@ in port = mkOption { type = types.port; default = 8080; - description = lib.mdDoc "The port of the Xandikos web application"; + description = "The port of the Xandikos web application"; }; routePrefix = mkOption { type = types.str; default = "/"; - description = lib.mdDoc '' + description = '' Path to Xandikos. Useful when Xandikos is behind a reverse proxy. ''; @@ -47,14 +47,14 @@ in "--dump-dav-xml" ] ''; - description = lib.mdDoc '' + description = '' Extra command line arguments to pass to xandikos. ''; }; nginx = mkOption { default = {}; - description = lib.mdDoc '' + description = '' Configuration for nginx reverse proxy. ''; @@ -63,14 +63,14 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Configure the nginx reverse proxy settings. ''; }; hostName = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The hostname use to setup the virtualhost configuration ''; }; diff --git a/nixos/modules/services/networking/xinetd.nix b/nixos/modules/services/networking/xinetd.nix index fb3de7077e31e..e42943285d125 100644 --- a/nixos/modules/services/networking/xinetd.nix +++ b/nixos/modules/services/networking/xinetd.nix @@ -44,19 +44,19 @@ in options = { - services.xinetd.enable = mkEnableOption (lib.mdDoc "the xinetd super-server daemon"); + services.xinetd.enable = mkEnableOption "the xinetd super-server daemon"; services.xinetd.extraDefaults = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Additional configuration lines added to the default section of xinetd's configuration. ''; }; services.xinetd.services = mkOption { default = []; - description = lib.mdDoc '' + description = '' A list of services provided by xinetd. ''; @@ -67,51 +67,50 @@ in name = mkOption { type = types.str; example = "login"; - description = lib.mdDoc "Name of the service."; + description = "Name of the service."; }; protocol = mkOption { type = types.str; default = "tcp"; - description = - lib.mdDoc "Protocol of the service. Usually `tcp` or `udp`."; + description = "Protocol of the service. Usually `tcp` or `udp`."; }; port = mkOption { type = types.port; default = 0; example = 123; - description = lib.mdDoc "Port number of the service."; + description = "Port number of the service."; }; user = mkOption { type = types.str; default = "nobody"; - description = lib.mdDoc "User account for the service"; + description = "User account for the service"; }; server = mkOption { type = types.str; example = "/foo/bin/ftpd"; - description = lib.mdDoc "Path of the program that implements the service."; + description = "Path of the program that implements the service."; }; serverArgs = mkOption { type = types.separatedString " "; default = ""; - description = lib.mdDoc "Command-line arguments for the server program."; + description = "Command-line arguments for the server program."; }; flags = mkOption { type = types.str; default = ""; - description = lib.mdDoc ""; + description = ""; }; unlisted = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether this server is listed in {file}`/etc/services`. If so, the port number can be omitted. @@ -121,7 +120,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Extra configuration-lines added to the section of the service."; + description = "Extra configuration-lines added to the section of the service."; }; }; diff --git a/nixos/modules/services/networking/xl2tpd.nix b/nixos/modules/services/networking/xl2tpd.nix index 7d25957076122..8d192be6c2fa8 100644 --- a/nixos/modules/services/networking/xl2tpd.nix +++ b/nixos/modules/services/networking/xl2tpd.nix @@ -5,29 +5,29 @@ with lib; { options = { services.xl2tpd = { - enable = mkEnableOption (lib.mdDoc "xl2tpd, the Layer 2 Tunnelling Protocol Daemon"); + enable = mkEnableOption "xl2tpd, the Layer 2 Tunnelling Protocol Daemon"; serverIp = mkOption { type = types.str; - description = lib.mdDoc "The server-side IP address."; + description = "The server-side IP address."; default = "10.125.125.1"; }; clientIpRange = mkOption { type = types.str; - description = lib.mdDoc "The range from which client IPs are drawn."; + description = "The range from which client IPs are drawn."; default = "10.125.125.2-11"; }; extraXl2tpOptions = mkOption { type = types.lines; - description = lib.mdDoc "Adds extra lines to the xl2tpd configuration file."; + description = "Adds extra lines to the xl2tpd configuration file."; default = ""; }; extraPppdOptions = mkOption { type = types.lines; - description = lib.mdDoc "Adds extra lines to the pppd options file."; + description = "Adds extra lines to the pppd options file."; default = ""; example = '' ms-dns 8.8.8.8 diff --git a/nixos/modules/services/networking/xray.nix b/nixos/modules/services/networking/xray.nix index 56c7887b3308e..40a154d8d030b 100644 --- a/nixos/modules/services/networking/xray.nix +++ b/nixos/modules/services/networking/xray.nix @@ -9,7 +9,7 @@ with lib; enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to run xray server. Either `settingsFile` or `settings` must be specified. @@ -22,7 +22,7 @@ with lib; type = types.nullOr types.path; default = null; example = "/etc/xray/config.json"; - description = lib.mdDoc '' + description = '' The absolute path to the configuration file. Either `settingsFile` or `settings` must be specified. @@ -44,7 +44,7 @@ with lib; protocol = "freedom"; }]; }; - description = lib.mdDoc '' + description = '' The configuration object. Either `settingsFile` or `settings` must be specified. diff --git a/nixos/modules/services/networking/xrdp.nix b/nixos/modules/services/networking/xrdp.nix index 7e6634cd239aa..884325d13159b 100644 --- a/nixos/modules/services/networking/xrdp.nix +++ b/nixos/modules/services/networking/xrdp.nix @@ -49,19 +49,19 @@ in services.xrdp = { - enable = mkEnableOption (lib.mdDoc "xrdp, the Remote Desktop Protocol server"); + enable = mkEnableOption "xrdp, the Remote Desktop Protocol server"; package = mkPackageOptionMD pkgs "xrdp" { }; audio = { - enable = mkEnableOption (lib.mdDoc "audio support for xrdp sessions. So far it only works with PulseAudio sessions on the server side. No PipeWire support yet"); + enable = mkEnableOption "audio support for xrdp sessions. So far it only works with PulseAudio sessions on the server side. No PipeWire support yet"; package = mkPackageOptionMD pkgs "pulseaudio-module-xrdp" {}; }; port = mkOption { type = types.port; default = 3389; - description = lib.mdDoc '' + description = '' Specifies on which port the xrdp daemon listens. ''; }; @@ -69,14 +69,14 @@ in openFirewall = mkOption { default = false; type = types.bool; - description = lib.mdDoc "Whether to open the firewall for the specified RDP port."; + description = "Whether to open the firewall for the specified RDP port."; }; sslKey = mkOption { type = types.str; default = "/etc/xrdp/key.pem"; example = "/path/to/your/key.pem"; - description = lib.mdDoc '' + description = '' ssl private key path A self-signed certificate will be generated if file not exists. ''; @@ -86,7 +86,7 @@ in type = types.str; default = "/etc/xrdp/cert.pem"; example = "/path/to/your/cert.pem"; - description = lib.mdDoc '' + description = '' ssl certificate path A self-signed certificate will be generated if file not exists. ''; @@ -96,7 +96,7 @@ in type = types.str; default = "xterm"; example = "xfce4-session"; - description = lib.mdDoc '' + description = '' The script to run when user log in, usually a window manager, e.g. "icewm", "xfce4-session" This is per-user overridable, if file ~/startwm.sh exists it will be used instead. ''; @@ -106,7 +106,7 @@ in type = types.path; default = confDir; internal = true; - description = lib.mdDoc '' + description = '' Configuration directory of xrdp and sesman. Changes to this must be made through extraConfDirCommands. @@ -117,7 +117,7 @@ in extraConfDirCommands = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Extra commands to run on the default confDir derivation. ''; example = '' diff --git a/nixos/modules/services/networking/yggdrasil.nix b/nixos/modules/services/networking/yggdrasil.nix index 9173e7eb3457b..c1c952adac390 100644 --- a/nixos/modules/services/networking/yggdrasil.nix +++ b/nixos/modules/services/networking/yggdrasil.nix @@ -18,7 +18,7 @@ in options = with types; { services.yggdrasil = { - enable = mkEnableOption (lib.mdDoc "the yggdrasil system service"); + enable = mkEnableOption "the yggdrasil system service"; settings = mkOption { type = format.type; @@ -32,7 +32,7 @@ in "tcp://0.0.0.0:xxxxx" ]; }; - description = lib.mdDoc '' + description = '' Configuration for yggdrasil, as a Nix attribute set. Warning: this is stored in the WORLD-READABLE Nix store! @@ -61,7 +61,7 @@ in type = nullOr path; default = null; example = "/run/keys/yggdrasil.conf"; - description = lib.mdDoc '' + description = '' A file which contains JSON or HJSON configuration for yggdrasil. See the {option}`settings` option for more information. @@ -76,13 +76,13 @@ in type = types.nullOr types.str; default = null; example = "wheel"; - description = lib.mdDoc "Group to grant access to the Yggdrasil control socket. If `null`, only root can access the socket."; + description = "Group to grant access to the Yggdrasil control socket. If `null`, only root can access the socket."; }; openMulticastPort = mkOption { type = bool; default = false; - description = lib.mdDoc '' + description = '' Whether to open the UDP port used for multicast peer discovery. The NixOS firewall blocks link-local communication, so in order to make incoming local peering work you will also need to configure @@ -98,7 +98,7 @@ in type = listOf str; default = [ ]; example = [ "tap*" ]; - description = lib.mdDoc '' + description = '' Disable the DHCP client for any interface whose name matches any of the shell glob patterns in this list. Use this option to prevent the DHCP client from broadcasting requests @@ -110,17 +110,17 @@ in package = mkPackageOption pkgs "yggdrasil" { }; - persistentKeys = mkEnableOption (lib.mdDoc '' + persistentKeys = mkEnableOption '' persistent keys. If enabled then keys will be generated once and Yggdrasil will retain the same IPv6 address when the service is restarted. Keys are stored at ${keysPath} - ''); + ''; extraArgs = mkOption { type = listOf str; default = [ ]; example = [ "-loglevel" "info" ]; - description = lib.mdDoc "Extra command line arguments."; + description = "Extra command line arguments."; }; }; diff --git a/nixos/modules/services/networking/zerobin.nix b/nixos/modules/services/networking/zerobin.nix index 735d4fa25fb16..62b606ec3b00c 100644 --- a/nixos/modules/services/networking/zerobin.nix +++ b/nixos/modules/services/networking/zerobin.nix @@ -12,12 +12,12 @@ in { options = { services.zerobin = { - enable = mkEnableOption (lib.mdDoc "0bin"); + enable = mkEnableOption "0bin"; dataDir = mkOption { type = types.str; default = "/var/lib/zerobin"; - description = lib.mdDoc '' + description = '' Path to the 0bin data directory ''; }; @@ -25,7 +25,7 @@ in user = mkOption { type = types.str; default = "zerobin"; - description = lib.mdDoc '' + description = '' The user 0bin should run as ''; }; @@ -33,7 +33,7 @@ in group = mkOption { type = types.str; default = "zerobin"; - description = lib.mdDoc '' + description = '' The group 0bin should run as ''; }; @@ -42,7 +42,7 @@ in type = types.int; default = 8000; example = 1357; - description = lib.mdDoc '' + description = '' The port zerobin should listen on ''; }; @@ -51,7 +51,7 @@ in type = types.str; default = "localhost"; example = "127.0.0.1"; - description = lib.mdDoc '' + description = '' The address zerobin should listen to ''; }; @@ -65,7 +65,7 @@ in ) COMPRESSED_STATIC_FILE = True ''; - description = lib.mdDoc '' + description = '' Extra configuration to be appended to the 0bin config file (see https://0bin.readthedocs.org/en/latest/en/options.html) ''; diff --git a/nixos/modules/services/networking/zeronet.nix b/nixos/modules/services/networking/zeronet.nix index 7e88a8b346d9a..8d734a5291d27 100644 --- a/nixos/modules/services/networking/zeronet.nix +++ b/nixos/modules/services/networking/zeronet.nix @@ -18,7 +18,7 @@ let }; in with lib; { options.services.zeronet = { - enable = mkEnableOption (lib.mdDoc "zeronet"); + enable = mkEnableOption "zeronet"; package = mkPackageOption pkgs "zeronet" { }; @@ -27,7 +27,7 @@ in with lib; { default = {}; example = literalExpression "{ global.tor = enable; }"; - description = lib.mdDoc '' + description = '' {file}`zeronet.conf` configuration. Refer to <https://zeronet.readthedocs.io/en/latest/faq/#is-it-possible-to-use-a-configuration-file> for details on supported values; @@ -37,7 +37,7 @@ in with lib; { port = mkOption { type = types.port; default = 43110; - description = lib.mdDoc "Optional zeronet web UI port."; + description = "Optional zeronet web UI port."; }; fileserverPort = mkOption { @@ -45,19 +45,19 @@ in with lib; { # read-only config file and crashes type = types.port; default = 12261; - description = lib.mdDoc "Zeronet fileserver port."; + description = "Zeronet fileserver port."; }; tor = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Use TOR for zeronet traffic where possible."; + description = "Use TOR for zeronet traffic where possible."; }; torAlways = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Use TOR for all zeronet traffic."; + description = "Use TOR for all zeronet traffic."; }; }; diff --git a/nixos/modules/services/networking/zerotierone.nix b/nixos/modules/services/networking/zerotierone.nix index 60615d553041b..86c1efc629a98 100644 --- a/nixos/modules/services/networking/zerotierone.nix +++ b/nixos/modules/services/networking/zerotierone.nix @@ -8,13 +8,13 @@ let localConfFilePath = "/var/lib/zerotier-one/local.conf"; in { - options.services.zerotierone.enable = mkEnableOption (lib.mdDoc "ZeroTierOne"); + options.services.zerotierone.enable = mkEnableOption "ZeroTierOne"; options.services.zerotierone.joinNetworks = mkOption { default = []; example = [ "a8a2c3c10c1a68de" ]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' List of ZeroTier Network IDs to join on startup. Note that networks are only ever joined, but not automatically left after removing them from the list. To remove networks, use the ZeroTier CLI: `zerotier-cli leave <network-id>` @@ -24,7 +24,7 @@ in options.services.zerotierone.port = mkOption { default = 9993; type = types.port; - description = lib.mdDoc '' + description = '' Network port used by ZeroTier. ''; }; @@ -33,7 +33,7 @@ in options.services.zerotierone.localConf = mkOption { default = null; - description = mdDoc '' + description = '' Optional configuration to be written to the Zerotier JSON-based local.conf. If set, the configuration will be symlinked to `/var/lib/zerotier-one/local.conf` at build time. To understand the configuration format, refer to https://docs.zerotier.com/config/#local-configuration-options. diff --git a/nixos/modules/services/networking/znc/default.nix b/nixos/modules/services/networking/znc/default.nix index e15233293cf25..1a5793ee0ff58 100644 --- a/nixos/modules/services/networking/znc/default.nix +++ b/nixos/modules/services/networking/znc/default.nix @@ -81,13 +81,13 @@ in options = { services.znc = { - enable = mkEnableOption (lib.mdDoc "ZNC"); + enable = mkEnableOption "ZNC"; user = mkOption { default = "znc"; example = "john"; type = types.str; - description = lib.mdDoc '' + description = '' The name of an existing user account to use to own the ZNC server process. If not specified, a default user will be created. ''; @@ -97,7 +97,7 @@ in default = defaultUser; example = "users"; type = types.str; - description = lib.mdDoc '' + description = '' Group to own the ZNC process. ''; }; @@ -106,7 +106,7 @@ in default = "/var/lib/znc"; example = "/home/john/.znc"; type = types.path; - description = lib.mdDoc '' + description = '' The state directory for ZNC. The config and the modules will be linked to from this directory as well. ''; @@ -115,7 +115,7 @@ in openFirewall = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to open ports in the firewall for ZNC. Does work with ports for listeners specified in {option}`services.znc.config.Listener`. @@ -149,7 +149,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' Configuration for ZNC, see <https://wiki.znc.in/Configuration> for details. The Nix value declared here will be translated directly to the xml-like @@ -177,7 +177,7 @@ in configFile = mkOption { type = types.path; example = literalExpression "~/.znc/configs/znc.conf"; - description = lib.mdDoc '' + description = '' Configuration file for ZNC. It is recommended to use the {option}`config` option instead. @@ -191,7 +191,7 @@ in type = types.listOf types.package; default = [ ]; example = literalExpression "[ pkgs.zncModules.fish pkgs.zncModules.push ]"; - description = lib.mdDoc '' + description = '' A list of global znc module packages to add to znc. ''; }; @@ -199,7 +199,7 @@ in mutable = mkOption { default = true; # TODO: Default to true when config is set, make sure to not delete the old config if present type = types.bool; - description = lib.mdDoc '' + description = '' Indicates whether to allow the contents of the `dataDir` directory to be changed by the user at run-time. @@ -217,7 +217,7 @@ in default = [ ]; example = [ "--debug" ]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' Extra arguments to use for executing znc. ''; }; diff --git a/nixos/modules/services/networking/znc/options.nix b/nixos/modules/services/networking/znc/options.nix index bd67ec86d5130..32e5fd9d50253 100644 --- a/nixos/modules/services/networking/znc/options.nix +++ b/nixos/modules/services/networking/znc/options.nix @@ -12,7 +12,7 @@ let server = mkOption { type = types.str; example = "irc.libera.chat"; - description = lib.mdDoc '' + description = '' IRC server address. ''; }; @@ -20,7 +20,7 @@ let port = mkOption { type = types.port; default = 6697; - description = lib.mdDoc '' + description = '' IRC server port. ''; }; @@ -28,7 +28,7 @@ let password = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' IRC server password, such as for a Slack gateway. ''; }; @@ -36,7 +36,7 @@ let useSSL = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to use SSL to connect to the IRC server. ''; }; @@ -45,7 +45,7 @@ let type = types.listOf types.str; default = [ "simple_away" ]; example = literalExpression ''[ "simple_away" "sasl" ]''; - description = lib.mdDoc '' + description = '' ZNC network modules to load. ''; }; @@ -54,7 +54,7 @@ let type = types.listOf types.str; default = []; example = [ "nixos" ]; - description = lib.mdDoc '' + description = '' IRC channels to join. ''; }; @@ -62,7 +62,7 @@ let hasBitlbeeControlChannel = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to add the special Bitlbee operations channel. ''; }; @@ -79,7 +79,7 @@ let JoinDelay = 0 Nick = johntron ''; - description = lib.mdDoc '' + description = '' Extra config for the network. Consider using {option}`services.znc.config` instead. ''; @@ -97,7 +97,7 @@ in useLegacyConfig = mkOption { default = true; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to propagate the legacy options under {option}`services.znc.confOptions.*` to the znc config. If this is turned on, the znc config will contain a user with the default name @@ -118,7 +118,7 @@ in type = types.listOf types.str; default = [ "webadmin" "adminlog" ]; example = [ "partyline" "webadmin" "adminlog" "log" ]; - description = lib.mdDoc '' + description = '' A list of modules to include in the `znc.conf` file. ''; }; @@ -127,7 +127,7 @@ in type = types.listOf types.str; default = [ "chansaver" "controlpanel" ]; example = [ "chansaver" "controlpanel" "fish" "push" ]; - description = lib.mdDoc '' + description = '' A list of user modules to include in the `znc.conf` file. ''; }; @@ -136,7 +136,7 @@ in default = "znc"; example = "johntron"; type = types.str; - description = lib.mdDoc '' + description = '' The user name used to log in to the ZNC web admin interface. ''; }; @@ -144,7 +144,7 @@ in networks = mkOption { default = { }; type = with types; attrsOf (submodule networkOpts); - description = lib.mdDoc '' + description = '' IRC networks to connect the user to. ''; example = literalExpression '' @@ -163,7 +163,7 @@ in default = "znc-user"; example = "john"; type = types.str; - description = lib.mdDoc '' + description = '' The IRC nick. ''; }; @@ -177,7 +177,7 @@ in </Pass> ''; type = types.str; - description = lib.mdDoc '' + description = '' Generate with {command}`nix-shell -p znc --command "znc --makepass"`. This is the password used to log in to the ZNC web admin interface. You can also set this through @@ -189,7 +189,7 @@ in port = mkOption { default = 5000; type = types.port; - description = lib.mdDoc '' + description = '' Specifies the port on which to listen. ''; }; @@ -197,7 +197,7 @@ in useSSL = mkOption { default = true; type = types.bool; - description = lib.mdDoc '' + description = '' Indicates whether the ZNC server should use SSL when listening on the specified port. A self-signed certificate will be generated. ''; @@ -207,7 +207,7 @@ in type = types.nullOr types.str; default = null; example = "/znc/"; - description = lib.mdDoc '' + description = '' An optional URI prefix for the ZNC web interface. Can be used to make ZNC available behind a reverse proxy. ''; @@ -216,7 +216,7 @@ in extraZncConf = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' Extra config to `znc.conf` file. ''; }; |