diff options
Diffstat (limited to 'nixos/modules/services/web-servers')
37 files changed, 467 insertions, 511 deletions
diff --git a/nixos/modules/services/web-servers/agate.nix b/nixos/modules/services/web-servers/agate.nix index e03174c87945b..76c1a94f3bf28 100644 --- a/nixos/modules/services/web-servers/agate.nix +++ b/nixos/modules/services/web-servers/agate.nix @@ -8,14 +8,14 @@ in { options = { services.agate = { - enable = mkEnableOption (lib.mdDoc "Agate Server"); + enable = mkEnableOption "Agate Server"; package = mkPackageOption pkgs "agate" { }; addresses = mkOption { type = types.listOf types.str; default = [ "0.0.0.0:1965" ]; - description = lib.mdDoc '' + description = '' Addresses to listen on, IP:PORT, if you haven't disabled forwarding only set IPv4. ''; @@ -24,19 +24,19 @@ in contentDir = mkOption { default = "/var/lib/agate/content"; type = types.path; - description = lib.mdDoc "Root of the content directory."; + description = "Root of the content directory."; }; certificatesDir = mkOption { default = "/var/lib/agate/certificates"; type = types.path; - description = lib.mdDoc "Root of the certificate directory."; + description = "Root of the certificate directory."; }; hostnames = mkOption { default = [ ]; type = types.listOf types.str; - description = lib.mdDoc '' + description = '' Domain name of this Gemini server, enables checking hostname and port in requests. (multiple occurrences means basic vhosts) ''; @@ -45,20 +45,20 @@ in language = mkOption { default = null; type = types.nullOr types.str; - description = lib.mdDoc "RFC 4646 Language code for text/gemini documents."; + description = "RFC 4646 Language code for text/gemini documents."; }; onlyTls_1_3 = mkOption { default = false; type = types.bool; - description = lib.mdDoc "Only use TLSv1.3 (default also allows TLSv1.2)."; + description = "Only use TLSv1.3 (default also allows TLSv1.2)."; }; extraArgs = mkOption { type = types.listOf types.str; default = [ "" ]; example = [ "--log-ip" ]; - description = lib.mdDoc "Extra arguments to use running agate."; + description = "Extra arguments to use running agate."; }; }; }; diff --git a/nixos/modules/services/web-servers/apache-httpd/default.nix b/nixos/modules/services/web-servers/apache-httpd/default.nix index 016e4885a095a..4d49b29efff69 100644 --- a/nixos/modules/services/web-servers/apache-httpd/default.nix +++ b/nixos/modules/services/web-servers/apache-httpd/default.nix @@ -404,7 +404,7 @@ in services.httpd = { - enable = mkEnableOption (lib.mdDoc "the Apache HTTP Server"); + enable = mkEnableOption "the Apache HTTP Server"; package = mkPackageOption pkgs "apacheHttpd" { }; @@ -413,7 +413,7 @@ in default = confFile; defaultText = literalExpression "confFile"; example = literalExpression ''pkgs.writeText "httpd.conf" "# my custom config file ..."''; - description = lib.mdDoc '' + description = '' Override the configuration file used by Apache. By default, NixOS generates one automatically. ''; @@ -422,7 +422,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Configuration lines appended to the generated Apache configuration file. Note that this mechanism will not work when {option}`configFile` is overridden. @@ -438,7 +438,7 @@ in { name = "jk"; path = "''${pkgs.tomcat_connectors}/modules/mod_jk.so"; } ] ''; - description = lib.mdDoc '' + description = '' Additional Apache modules to be used. These can be specified as a string in the case of modules distributed with Apache, or as an attribute set specifying the @@ -451,14 +451,14 @@ in type = types.nullOr types.str; example = "admin@example.org"; default = null; - description = lib.mdDoc "E-mail address of the server administrator."; + description = "E-mail address of the server administrator."; }; logFormat = mkOption { type = types.str; default = "common"; example = "combined"; - description = lib.mdDoc '' + description = '' Log format for log files. Possible values are: combined, common, referer, agent, none. See <https://httpd.apache.org/docs/2.4/logs.html> for more details. ''; @@ -467,7 +467,7 @@ in logPerVirtualHost = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' If enabled, each virtual host gets its own {file}`access.log` and {file}`error.log`, namely suffixed by the @@ -478,7 +478,7 @@ in user = mkOption { type = types.str; default = "wwwrun"; - description = lib.mdDoc '' + description = '' User account under which httpd children processes run. If you require the main httpd process to run as @@ -492,7 +492,7 @@ in group = mkOption { type = types.str; default = "wwwrun"; - description = lib.mdDoc '' + description = '' Group under which httpd children processes run. ''; }; @@ -500,7 +500,7 @@ in logDir = mkOption { type = types.path; default = "/var/log/httpd"; - description = lib.mdDoc '' + description = '' Directory for Apache's log files. It is created automatically. ''; }; @@ -531,7 +531,7 @@ in }; } ''; - description = lib.mdDoc '' + description = '' Specification of the virtual hosts served by Apache. Each element should be an attribute set specifying the configuration of the virtual host. @@ -541,13 +541,13 @@ in enableMellon = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the mod_auth_mellon module."; + description = "Whether to enable the mod_auth_mellon module."; }; enablePHP = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the PHP module."; + description = "Whether to enable the PHP module."; }; phpPackage = mkPackageOption pkgs "php" { }; @@ -555,7 +555,7 @@ in enablePerl = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable the Perl module (mod_perl)."; + description = "Whether to enable the Perl module (mod_perl)."; }; phpOptions = mkOption { @@ -565,7 +565,7 @@ in '' date.timezone = "CET" ''; - description = lib.mdDoc '' + description = '' Options appended to the PHP configuration file {file}`php.ini`. ''; }; @@ -574,8 +574,7 @@ in type = types.enum [ "event" "prefork" "worker" ]; default = "event"; example = "worker"; - description = - lib.mdDoc '' + description = '' Multi-processing module to be used by Apache. Available modules are `prefork` (handles each request in a separate child process), `worker` @@ -590,14 +589,14 @@ in type = types.int; default = 150; example = 8; - description = lib.mdDoc "Maximum number of httpd processes (prefork)"; + description = "Maximum number of httpd processes (prefork)"; }; maxRequestsPerChild = mkOption { type = types.int; default = 0; example = 500; - description = lib.mdDoc '' + description = '' Maximum number of httpd requests answered per httpd child (prefork), 0 means unlimited. ''; }; @@ -605,14 +604,14 @@ in sslCiphers = mkOption { type = types.str; default = "HIGH:!aNULL:!MD5:!EXP"; - description = lib.mdDoc "Cipher Suite available for negotiation in SSL proxy handshake."; + description = "Cipher Suite available for negotiation in SSL proxy handshake."; }; sslProtocols = mkOption { type = types.str; default = "All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1"; example = "All -SSLv2 -SSLv3"; - description = lib.mdDoc "Allowed SSL/TLS protocol versions."; + description = "Allowed SSL/TLS protocol versions."; }; }; diff --git a/nixos/modules/services/web-servers/apache-httpd/location-options.nix b/nixos/modules/services/web-servers/apache-httpd/location-options.nix index f2d4f83570476..80dc1674c5a2a 100644 --- a/nixos/modules/services/web-servers/apache-httpd/location-options.nix +++ b/nixos/modules/services/web-servers/apache-httpd/location-options.nix @@ -9,7 +9,7 @@ in type = with types; nullOr str; default = null; example = "http://www.example.org/"; - description = lib.mdDoc '' + description = '' Sets up a simple reverse proxy as described by <https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple>. ''; }; @@ -18,7 +18,7 @@ in type = with types; nullOr str; default = null; example = "index.php index.html"; - description = lib.mdDoc '' + description = '' Adds DirectoryIndex directive. See <https://httpd.apache.org/docs/2.4/mod/mod_dir.html#directoryindex>. ''; }; @@ -27,7 +27,7 @@ in type = with types; nullOr path; default = null; example = "/your/alias/directory"; - description = lib.mdDoc '' + description = '' Alias directory for requests. See <https://httpd.apache.org/docs/2.4/mod/mod_alias.html#alias>. ''; }; @@ -35,7 +35,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' These lines go to the end of the location verbatim. ''; }; @@ -43,7 +43,7 @@ in priority = mkOption { type = types.int; default = 1000; - description = lib.mdDoc '' + description = '' Order of this location block in relation to the others in the vhost. The semantics are the same as with `lib.mkOrder`. Smaller values have a greater priority. diff --git a/nixos/modules/services/web-servers/apache-httpd/vhost-options.nix b/nixos/modules/services/web-servers/apache-httpd/vhost-options.nix index 7b87f9ef4bded..f3d57ac16ea2f 100644 --- a/nixos/modules/services/web-servers/apache-httpd/vhost-options.nix +++ b/nixos/modules/services/web-servers/apache-httpd/vhost-options.nix @@ -8,14 +8,14 @@ in hostName = mkOption { type = types.str; default = name; - description = lib.mdDoc "Canonical hostname for the server."; + description = "Canonical hostname for the server."; }; serverAliases = mkOption { type = types.listOf types.str; default = []; example = ["www.example.org" "www.example.org:8080" "example.org"]; - description = lib.mdDoc '' + description = '' Additional names of virtual hosts served by this virtual host configuration. ''; }; @@ -25,17 +25,17 @@ in options = { port = mkOption { type = types.port; - description = lib.mdDoc "Port to listen on"; + description = "Port to listen on"; }; ip = mkOption { type = types.str; default = "*"; - description = lib.mdDoc "IP to listen on. 0.0.0.0 for IPv4 only, * for all."; + description = "IP to listen on. 0.0.0.0 for IPv4 only, * for all."; }; ssl = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable SSL (https) support."; + description = "Whether to enable SSL (https) support."; }; }; })); @@ -45,7 +45,7 @@ in { ip = "192.154.1.1"; port = 80; } { ip = "*"; port = 8080; } ]; - description = lib.mdDoc '' + description = '' Listen addresses and ports for this virtual host. ::: {.note} @@ -59,7 +59,7 @@ in listenAddresses = mkOption { type = with types; nonEmptyListOf str; - description = lib.mdDoc '' + description = '' Listen addresses for this virtual host. Compared to `listen` this only sets the addresses and the ports are chosen automatically. @@ -77,7 +77,7 @@ in addSSL = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable HTTPS in addition to plain HTTP. This will set defaults for `listen` to listen on all interfaces on the respective default ports (80, 443). @@ -87,7 +87,7 @@ in onlySSL = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable HTTPS and reject plain HTTP connections. This will set defaults for `listen` to listen on all interfaces on port 443. ''; @@ -96,7 +96,7 @@ in forceSSL = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to add a separate nginx server block that permanently redirects (301) all plain HTTP traffic to HTTPS. This will set defaults for `listen` to listen on all interfaces on the respective default @@ -107,7 +107,7 @@ in enableACME = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to ask Let's Encrypt to sign a certificate for this vhost. Alternately, you can use an existing certificate through {option}`useACMEHost`. ''; @@ -116,7 +116,7 @@ in useACMEHost = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' A host of an existing Let's Encrypt certificate to use. This is useful if you have many subdomains and want to avoid hitting the [rate limit](https://letsencrypt.org/docs/rate-limits). @@ -128,7 +128,7 @@ in acmeRoot = mkOption { type = types.nullOr types.str; default = "/var/lib/acme/acme-challenge"; - description = lib.mdDoc '' + description = '' Directory for the acme challenge which is PUBLIC, don't put certs or keys in here. Set to null to inherit from config.security.acme. ''; @@ -137,26 +137,26 @@ in sslServerCert = mkOption { type = types.path; example = "/var/host.cert"; - description = lib.mdDoc "Path to server SSL certificate."; + description = "Path to server SSL certificate."; }; sslServerKey = mkOption { type = types.path; example = "/var/host.key"; - description = lib.mdDoc "Path to server SSL certificate key."; + description = "Path to server SSL certificate key."; }; sslServerChain = mkOption { type = types.nullOr types.path; default = null; example = "/var/ca.pem"; - description = lib.mdDoc "Path to server SSL chain file."; + description = "Path to server SSL chain file."; }; http2 = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable HTTP 2. HTTP/2 is supported in all multi-processing modules that come with httpd. *However, if you use the prefork mpm, there will be severe restrictions.* Refer to <https://httpd.apache.org/docs/2.4/howto/http2.html#mpm-config> for details. ''; @@ -166,14 +166,14 @@ in type = types.nullOr types.str; default = null; example = "admin@example.org"; - description = lib.mdDoc "E-mail address of the server administrator."; + description = "E-mail address of the server administrator."; }; documentRoot = mkOption { type = types.nullOr types.path; default = null; example = "/data/webserver/docs"; - description = lib.mdDoc '' + description = '' The path of Apache's document root directory. If left undefined, an empty directory in the Nix store will be used as root. ''; @@ -187,7 +187,7 @@ in dir = "/home/eelco/Dev/nix-homepage"; } ]; - description = lib.mdDoc '' + description = '' This option provides a simple way to serve static directories. ''; }; @@ -200,7 +200,7 @@ in file = "/home/eelco/some-file.png"; } ]; - description = lib.mdDoc '' + description = '' This option provides a simple way to serve individual, static files. ::: {.note} @@ -220,7 +220,7 @@ in AllowOverride All </Directory> ''; - description = lib.mdDoc '' + description = '' These lines go to httpd.conf verbatim. They will go after directories and directory aliases defined by default. ''; @@ -229,7 +229,7 @@ in enableUserDir = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable serving {file}`~/public_html` as `/~«username»`. ''; @@ -239,7 +239,7 @@ in type = types.nullOr types.str; default = null; example = "http://newserver.example.org/"; - description = lib.mdDoc '' + description = '' If set, all requests for this host are redirected permanently to the given URL. ''; @@ -249,7 +249,7 @@ in type = types.str; default = "common"; example = "combined"; - description = lib.mdDoc '' + description = '' Log format for Apache's log files. Possible values are: combined, common, referer, agent. ''; }; @@ -258,7 +258,7 @@ in type = types.lines; default = ""; example = "Disallow: /foo/"; - description = lib.mdDoc '' + description = '' Specification of pages to be ignored by web crawlers. See <http://www.robotstxt.org/> for details. ''; }; @@ -276,7 +276,7 @@ in }; }; ''; - description = lib.mdDoc '' + description = '' Declarative location config. See <https://httpd.apache.org/docs/2.4/mod/core.html#location> for details. ''; }; diff --git a/nixos/modules/services/web-servers/caddy/default.nix b/nixos/modules/services/web-servers/caddy/default.nix index 95dc219d108cc..08ce50bff62c0 100644 --- a/nixos/modules/services/web-servers/caddy/default.nix +++ b/nixos/modules/services/web-servers/caddy/default.nix @@ -64,12 +64,12 @@ in # interface options.services.caddy = { - enable = mkEnableOption (lib.mdDoc "Caddy web server"); + enable = mkEnableOption "Caddy web server"; user = mkOption { default = "caddy"; type = types.str; - description = lib.mdDoc '' + description = '' User account under which caddy runs. ::: {.note} @@ -83,7 +83,7 @@ in group = mkOption { default = "caddy"; type = types.str; - description = lib.mdDoc '' + description = '' Group account under which caddy runs. ::: {.note} @@ -99,7 +99,7 @@ in dataDir = mkOption { type = types.path; default = "/var/lib/caddy"; - description = lib.mdDoc '' + description = '' The data directory for caddy. ::: {.note} @@ -116,7 +116,7 @@ in logDir = mkOption { type = types.path; default = "/var/log/caddy"; - description = lib.mdDoc '' + description = '' Directory for storing Caddy access logs. ::: {.note} @@ -135,7 +135,7 @@ in example = literalExpression '' mkForce "level INFO"; ''; - description = lib.mdDoc '' + description = '' Configuration for the default logger. See <https://caddyserver.com/docs/caddyfile/options#log> for details. @@ -155,7 +155,7 @@ in file_server '''; ''; - description = lib.mdDoc '' + description = '' Override the configuration file used by Caddy. By default, NixOS generates one automatically. @@ -170,7 +170,7 @@ in ''; example = literalExpression "nginx"; type = with types; nullOr str; - description = lib.mdDoc '' + description = '' Name of the config adapter to use. See <https://caddyserver.com/docs/config-adapters> for the full list. @@ -192,7 +192,7 @@ in resume = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Use saved config, if any (and prefer over any specified configuration passed with `--config`). ''; }; @@ -208,7 +208,7 @@ in } } ''; - description = lib.mdDoc '' + description = '' Additional lines of configuration appended to the global config section of the `Caddyfile`. @@ -227,7 +227,7 @@ in root /srv/http } ''; - description = lib.mdDoc '' + description = '' Additional lines of configuration appended to the automatically generated `Caddyfile`. ''; @@ -247,7 +247,7 @@ in }; }; ''; - description = lib.mdDoc '' + description = '' Declarative specification of virtual hosts served by Caddy. ''; }; @@ -256,7 +256,7 @@ in default = null; example = "https://acme-v02.api.letsencrypt.org/directory"; type = with types; nullOr str; - description = lib.mdDoc '' + description = '' ::: {.note} Sets the [`acme_ca` option](https://caddyserver.com/docs/caddyfile/options#acme-ca) in the global options block of the resulting Caddyfile. @@ -276,7 +276,7 @@ in email = mkOption { default = null; type = with types; nullOr str; - description = lib.mdDoc '' + description = '' Your email address. Mainly used when creating an ACME account with your CA, and is highly recommended in case there are problems with your certificates. @@ -286,7 +286,7 @@ in enableReload = mkOption { default = true; type = types.bool; - description = lib.mdDoc '' + description = '' Reload Caddy instead of restarting it when configuration file changes. Note that enabling this option requires the [admin API](https://caddyserver.com/docs/caddyfile/options#admin) @@ -302,7 +302,7 @@ in settings = mkOption { type = settingsFormat.type; default = {}; - description = lib.mdDoc '' + description = '' Structured configuration for Caddy to generate a Caddy JSON configuration file. See <https://caddyserver.com/docs/json/> for available options. diff --git a/nixos/modules/services/web-servers/caddy/vhost-options.nix b/nixos/modules/services/web-servers/caddy/vhost-options.nix index 229b53efb49f7..c092f2d796375 100644 --- a/nixos/modules/services/web-servers/caddy/vhost-options.nix +++ b/nixos/modules/services/web-servers/caddy/vhost-options.nix @@ -9,21 +9,21 @@ in hostName = mkOption { type = types.str; default = name; - description = lib.mdDoc "Canonical hostname for the server."; + description = "Canonical hostname for the server."; }; serverAliases = mkOption { type = with types; listOf str; default = [ ]; example = [ "www.example.org" "example.org" ]; - description = lib.mdDoc '' + description = '' Additional names of virtual hosts served by this virtual host configuration. ''; }; listenAddresses = mkOption { type = with types; listOf str; - description = lib.mdDoc '' + description = '' A list of host interfaces to bind to for this virtual host. ''; default = [ ]; @@ -33,7 +33,7 @@ in useACMEHost = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' A host of an existing Let's Encrypt certificate to use. This is mostly useful if you use DNS challenges but Caddy does not currently support your provider. @@ -57,7 +57,7 @@ in output discard '''; ''; - description = lib.mdDoc '' + description = '' Configuration for HTTP request logging (also known as access logs). See <https://caddyserver.com/docs/caddyfile/directives/log#log> for details. @@ -67,7 +67,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Additional lines of configuration appended to this virtual host in the automatically generated `Caddyfile`. ''; diff --git a/nixos/modules/services/web-servers/darkhttpd.nix b/nixos/modules/services/web-servers/darkhttpd.nix index 1e3a7166bc412..f6b693139a1ef 100644 --- a/nixos/modules/services/web-servers/darkhttpd.nix +++ b/nixos/modules/services/web-servers/darkhttpd.nix @@ -15,12 +15,12 @@ let in { options.services.darkhttpd = with types; { - enable = mkEnableOption (lib.mdDoc "DarkHTTPd web server"); + enable = mkEnableOption "DarkHTTPd web server"; port = mkOption { default = 80; type = types.port; - description = lib.mdDoc '' + description = '' Port to listen on. Pass 0 to let the system choose any free port for you. ''; @@ -29,7 +29,7 @@ in { address = mkOption { default = "127.0.0.1"; type = str; - description = lib.mdDoc '' + description = '' Address to listen on. Pass `all` to listen on all interfaces. ''; @@ -37,7 +37,7 @@ in { rootDir = mkOption { type = path; - description = lib.mdDoc '' + description = '' Path from which to serve files. ''; }; @@ -45,7 +45,7 @@ in { hideServerId = mkOption { type = bool; default = true; - description = lib.mdDoc '' + description = '' Don't identify the server type in headers or directory listings. ''; }; @@ -53,7 +53,7 @@ in { extraArgs = mkOption { type = listOf str; default = []; - description = lib.mdDoc '' + description = '' Additional configuration passed to the executable. ''; }; diff --git a/nixos/modules/services/web-servers/fcgiwrap.nix b/nixos/modules/services/web-servers/fcgiwrap.nix index 3a57ef383065b..3250e9c05ed66 100644 --- a/nixos/modules/services/web-servers/fcgiwrap.nix +++ b/nixos/modules/services/web-servers/fcgiwrap.nix @@ -11,38 +11,38 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable fcgiwrap, a server for running CGI applications over FastCGI."; + description = "Whether to enable fcgiwrap, a server for running CGI applications over FastCGI."; }; preforkProcesses = mkOption { type = types.int; default = 1; - description = lib.mdDoc "Number of processes to prefork."; + description = "Number of processes to prefork."; }; socketType = mkOption { type = types.enum [ "unix" "tcp" "tcp6" ]; default = "unix"; - description = lib.mdDoc "Socket type: 'unix', 'tcp' or 'tcp6'."; + description = "Socket type: 'unix', 'tcp' or 'tcp6'."; }; socketAddress = mkOption { type = types.str; default = "/run/fcgiwrap.sock"; example = "1.2.3.4:5678"; - description = lib.mdDoc "Socket address. In case of a UNIX socket, this should be its filesystem path."; + description = "Socket address. In case of a UNIX socket, this should be its filesystem path."; }; user = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "User permissions for the socket."; + description = "User permissions for the socket."; }; group = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc "Group permissions for the socket."; + description = "Group permissions for the socket."; }; }; }; diff --git a/nixos/modules/services/web-servers/garage.nix b/nixos/modules/services/web-servers/garage.nix index 616be978b6e5b..39ea8f21b126f 100644 --- a/nixos/modules/services/web-servers/garage.nix +++ b/nixos/modules/services/web-servers/garage.nix @@ -14,18 +14,18 @@ in }; options.services.garage = { - enable = mkEnableOption (lib.mdDoc "Garage Object Storage (S3 compatible)"); + enable = mkEnableOption "Garage Object Storage (S3 compatible)"; extraEnvironment = mkOption { type = types.attrsOf types.str; - description = lib.mdDoc "Extra environment variables to pass to the Garage server."; + description = "Extra environment variables to pass to the Garage server."; default = { }; example = { RUST_BACKTRACE = "yes"; }; }; environmentFile = mkOption { type = types.nullOr types.path; - description = lib.mdDoc "File containing environment variables to be passed to the Garage server."; + description = "File containing environment variables to be passed to the Garage server."; default = null; }; @@ -33,7 +33,7 @@ in type = types.enum ([ "error" "warn" "info" "debug" "trace" ]); default = "info"; example = "debug"; - description = lib.mdDoc "Garage log level, see <https://garagehq.deuxfleurs.fr/documentation/quick-start/#launching-the-garage-server> for examples."; + description = "Garage log level, see <https://garagehq.deuxfleurs.fr/documentation/quick-start/#launching-the-garage-server> for examples."; }; settings = mkOption { @@ -44,29 +44,29 @@ in metadata_dir = mkOption { default = "/var/lib/garage/meta"; type = types.path; - description = lib.mdDoc "The metadata directory, put this on a fast disk (e.g. SSD) if possible."; + description = "The metadata directory, put this on a fast disk (e.g. SSD) if possible."; }; data_dir = mkOption { default = "/var/lib/garage/data"; type = types.path; - description = lib.mdDoc "The main data storage, put this on your large storage (e.g. high capacity HDD)"; + description = "The main data storage, put this on your large storage (e.g. high capacity HDD)"; }; replication_mode = mkOption { default = "none"; type = types.enum ([ "none" "1" "2" "3" "2-dangerous" "3-dangerous" "3-degraded" 1 2 3 ]); apply = v: toString v; - description = lib.mdDoc "Garage replication mode, defaults to none, see: <https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/#replication-mode> for reference."; + description = "Garage replication mode, defaults to none, see: <https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/#replication-mode> for reference."; }; }; }; - description = lib.mdDoc "Garage configuration, see <https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/> for reference."; + description = "Garage configuration, see <https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/> for reference."; }; package = mkOption { type = types.package; - description = lib.mdDoc "Garage package to use, needs to be set explicitly. If you are upgrading from a major version, please read NixOS and Garage release notes for upgrade instructions."; + description = "Garage package to use, needs to be set explicitly. If you are upgrading from a major version, please read NixOS and Garage release notes for upgrade instructions."; }; }; diff --git a/nixos/modules/services/web-servers/hitch/default.nix b/nixos/modules/services/web-servers/hitch/default.nix index 6c8b3cda5f72e..b1c72c0dd7b7b 100644 --- a/nixos/modules/services/web-servers/hitch/default.nix +++ b/nixos/modules/services/web-servers/hitch/default.nix @@ -17,11 +17,11 @@ with lib; { options = { services.hitch = { - enable = mkEnableOption (lib.mdDoc "Hitch Server"); + enable = mkEnableOption "Hitch Server"; backend = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The host and port Hitch connects to when receiving a connection in the form [HOST]:PORT ''; @@ -30,13 +30,13 @@ with lib; ciphers = mkOption { type = types.str; default = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; - description = lib.mdDoc "The list of ciphers to use"; + description = "The list of ciphers to use"; }; frontend = mkOption { type = types.either types.str (types.listOf types.str); default = "[127.0.0.1]:443"; - description = lib.mdDoc '' + description = '' The port and interface of the listen endpoint in the form [HOST]:PORT[+CERT]. ''; @@ -46,33 +46,33 @@ with lib; pem-files = mkOption { type = types.listOf types.path; default = []; - description = lib.mdDoc "PEM files to use"; + description = "PEM files to use"; }; ocsp-stapling = { enabled = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Whether to enable OCSP Stapling"; + description = "Whether to enable OCSP Stapling"; }; }; user = mkOption { type = types.str; default = "hitch"; - description = lib.mdDoc "The user to run as"; + description = "The user to run as"; }; group = mkOption { type = types.str; default = "hitch"; - description = lib.mdDoc "The group to run as"; + description = "The group to run as"; }; extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc "Additional configuration lines"; + description = "Additional configuration lines"; }; }; diff --git a/nixos/modules/services/web-servers/hydron.nix b/nixos/modules/services/web-servers/hydron.nix index 9d30fdc0caab0..68c0859fc3322 100644 --- a/nixos/modules/services/web-servers/hydron.nix +++ b/nixos/modules/services/web-servers/hydron.nix @@ -4,20 +4,20 @@ let cfg = config.services.hydron; in with lib; { options.services.hydron = { - enable = mkEnableOption (lib.mdDoc "hydron"); + enable = mkEnableOption "hydron"; dataDir = mkOption { type = types.path; default = "/var/lib/hydron"; example = "/home/okina/hydron"; - description = lib.mdDoc "Location where hydron runs and stores data."; + description = "Location where hydron runs and stores data."; }; interval = mkOption { type = types.str; default = "weekly"; example = "06:00"; - description = lib.mdDoc '' + description = '' How often we run hydron import and possibly fetch tags. Runs by default every week. The format is described in @@ -29,19 +29,19 @@ in with lib; { type = types.str; default = "hydron"; example = "dumbpass"; - description = lib.mdDoc "Password for the hydron database."; + description = "Password for the hydron database."; }; passwordFile = mkOption { type = types.path; default = "/run/keys/hydron-password-file"; example = "/home/okina/hydron/keys/pass"; - description = lib.mdDoc "Password file for the hydron database."; + description = "Password file for the hydron database."; }; postgresArgs = mkOption { type = types.str; - description = lib.mdDoc "Postgresql connection arguments."; + description = "Postgresql connection arguments."; example = '' { "driver": "postgres", @@ -54,27 +54,27 @@ in with lib; { type = types.path; default = "/run/keys/hydron-postgres-args"; example = "/home/okina/hydron/keys/postgres"; - description = lib.mdDoc "Postgresql connection arguments file."; + description = "Postgresql connection arguments file."; }; listenAddress = mkOption { type = types.nullOr types.str; default = null; example = "127.0.0.1:8010"; - description = lib.mdDoc "Listen on a specific IP address and port."; + description = "Listen on a specific IP address and port."; }; importPaths = mkOption { type = types.listOf types.path; default = []; example = [ "/home/okina/Pictures" ]; - description = lib.mdDoc "Paths that hydron will recursively import."; + description = "Paths that hydron will recursively import."; }; fetchTags = mkOption { type = types.bool; default = true; - description = lib.mdDoc "Fetch tags for imported images and webm from gelbooru."; + description = "Fetch tags for imported images and webm from gelbooru."; }; }; diff --git a/nixos/modules/services/web-servers/jboss/default.nix b/nixos/modules/services/web-servers/jboss/default.nix index 05b354d567fe4..d243e0f3f1b78 100644 --- a/nixos/modules/services/web-servers/jboss/default.nix +++ b/nixos/modules/services/web-servers/jboss/default.nix @@ -26,49 +26,49 @@ in enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to enable JBoss. WARNING : this package is outdated and is known to have vulnerabilities."; + description = "Whether to enable JBoss. WARNING : this package is outdated and is known to have vulnerabilities."; }; tempDir = mkOption { default = "/tmp"; type = types.str; - description = lib.mdDoc "Location where JBoss stores its temp files"; + description = "Location where JBoss stores its temp files"; }; logDir = mkOption { default = "/var/log/jboss"; type = types.str; - description = lib.mdDoc "Location of the logfile directory of JBoss"; + description = "Location of the logfile directory of JBoss"; }; serverDir = mkOption { - description = lib.mdDoc "Location of the server instance files"; + description = "Location of the server instance files"; default = "/var/jboss/server"; type = types.str; }; deployDir = mkOption { - description = lib.mdDoc "Location of the deployment files"; + description = "Location of the deployment files"; default = "/nix/var/nix/profiles/default/server/default/deploy/"; type = types.str; }; libUrl = mkOption { default = "file:///nix/var/nix/profiles/default/server/default/lib"; - description = lib.mdDoc "Location where the shared library JARs are stored"; + description = "Location where the shared library JARs are stored"; type = types.str; }; user = mkOption { default = "nobody"; - description = lib.mdDoc "User account under which jboss runs."; + description = "User account under which jboss runs."; type = types.str; }; useJK = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Whether to use to connector to the Apache HTTP server"; + description = "Whether to use to connector to the Apache HTTP server"; }; }; diff --git a/nixos/modules/services/web-servers/keter/default.nix b/nixos/modules/services/web-servers/keter/default.nix index 0cd9c30cea14d..8685953d6e9d5 100644 --- a/nixos/modules/services/web-servers/keter/default.nix +++ b/nixos/modules/services/web-servers/keter/default.nix @@ -14,22 +14,22 @@ in ]; options.services.keter = { - enable = lib.mkEnableOption (lib.mdDoc ''keter, a web app deployment manager. + enable = lib.mkEnableOption ''keter, a web app deployment manager. Note that this module only support loading of webapps: Keep an old app running and swap the ports when the new one is booted -''); +''; root = lib.mkOption { type = lib.types.str; default = "/var/lib/keter"; - description = lib.mdDoc "Mutable state folder for keter"; + description = "Mutable state folder for keter"; }; package = lib.mkOption { type = lib.types.package; default = pkgs.haskellPackages.keter; defaultText = lib.literalExpression "pkgs.haskellPackages.keter"; - description = lib.mdDoc "The keter package to be used"; + description = "The keter package to be used"; }; @@ -40,7 +40,7 @@ Keep an old app running and swap the ports when the new one is booted ip-from-header = lib.mkOption { default = true; type = lib.types.bool; - description = lib.mdDoc "You want that ip-from-header in the nginx setup case. It allows nginx setting the original ip address rather then it being localhost (due to reverse proxying)"; + description = "You want that ip-from-header in the nginx setup case. It allows nginx setting the original ip address rather then it being localhost (due to reverse proxying)"; }; listeners = lib.mkOption { default = [{ host = "*"; port = 6981; }]; @@ -48,15 +48,15 @@ Keep an old app running and swap the ports when the new one is booted options = { host = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "host"; + description = "host"; }; port = lib.mkOption { type = lib.types.port; - description = lib.mdDoc "port"; + description = "port"; }; }; }); - description = lib.mdDoc '' + description = '' You want that ip-from-header in the nginx setup case. It allows nginx setting the original ip address rather @@ -67,7 +67,7 @@ Keep an old app running and swap the ports when the new one is booted rotate-logs = lib.mkOption { default = false; type = lib.types.bool; - description = lib.mdDoc '' + description = '' emits keter logs and it's applications to stderr. which allows journald to capture them. Set to true to let keter put the logs in files @@ -76,31 +76,31 @@ Keep an old app running and swap the ports when the new one is booted }; }; }; - description = lib.mdDoc "Global config for keter, see <https://github.com/snoyberg/keter/blob/master/etc/keter-config.yaml> for reference"; + description = "Global config for keter, see <https://github.com/snoyberg/keter/blob/master/etc/keter-config.yaml> for reference"; }; bundle = { appName = lib.mkOption { type = lib.types.str; default = "myapp"; - description = lib.mdDoc "The name keter assigns to this bundle"; + description = "The name keter assigns to this bundle"; }; executable = lib.mkOption { type = lib.types.path; - description = lib.mdDoc "The executable to be run"; + description = "The executable to be run"; }; domain = lib.mkOption { type = lib.types.str; default = "example.com"; - description = lib.mdDoc "The domain keter will bind to"; + description = "The domain keter will bind to"; }; publicScript = lib.mkOption { type = lib.types.str; default = ""; - description = lib.mdDoc '' + description = '' Allows loading of public environment variables, these are emitted to the log so it shouldn't contain secrets. ''; @@ -110,7 +110,7 @@ Keep an old app running and swap the ports when the new one is booted secretScript = lib.mkOption { type = lib.types.str; default = ""; - description = lib.mdDoc "Allows loading of private environment variables"; + description = "Allows loading of private environment variables"; example = "MY_AWS_KEY=$(cat /run/keys/AWS_ACCESS_KEY_ID)"; }; }; diff --git a/nixos/modules/services/web-servers/lighttpd/cgit.nix b/nixos/modules/services/web-servers/lighttpd/cgit.nix index e9f42c41183b1..b825d4757b8c1 100644 --- a/nixos/modules/services/web-servers/lighttpd/cgit.nix +++ b/nixos/modules/services/web-servers/lighttpd/cgit.nix @@ -23,7 +23,7 @@ in enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' If true, enable cgit (fast web interface for git repositories) as a sub-service in lighttpd. ''; @@ -33,7 +33,7 @@ in default = "cgit"; example = ""; type = types.str; - description = lib.mdDoc '' + description = '' The subdirectory in which to serve cgit. The web application will be accessible at http://yourserver/''${subdir} ''; @@ -50,7 +50,7 @@ in ''' ''; type = types.lines; - description = lib.mdDoc '' + description = '' Verbatim contents of the cgit runtime configuration file. Documentation (with cgitrc example file) is available in "man cgitrc". Or online: http://git.zx2c4.com/cgit/tree/cgitrc.5.txt diff --git a/nixos/modules/services/web-servers/lighttpd/collectd.nix b/nixos/modules/services/web-servers/lighttpd/collectd.nix index 9a4285e3e2d21..5e5c0adda1c26 100644 --- a/nixos/modules/services/web-servers/lighttpd/collectd.nix +++ b/nixos/modules/services/web-servers/lighttpd/collectd.nix @@ -25,7 +25,7 @@ in options.services.lighttpd.collectd = { - enable = mkEnableOption (lib.mdDoc "collectd subservice accessible at http://yourserver/collectd"); + enable = mkEnableOption "collectd subservice accessible at http://yourserver/collectd"; collectionCgi = mkOption { type = types.path; @@ -33,7 +33,7 @@ in defaultText = literalMD '' `config.${options.services.collectd.package}` configured for lighttpd ''; - description = lib.mdDoc '' + description = '' Path to collection.cgi script from (collectd sources)/contrib/collection.cgi This option allows to use a customized version ''; diff --git a/nixos/modules/services/web-servers/lighttpd/default.nix b/nixos/modules/services/web-servers/lighttpd/default.nix index 3a33137b27d20..ea5ad835f3ab5 100644 --- a/nixos/modules/services/web-servers/lighttpd/default.nix +++ b/nixos/modules/services/web-servers/lighttpd/default.nix @@ -130,7 +130,7 @@ in enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Enable the lighttpd web server. ''; }; @@ -140,7 +140,7 @@ in port = mkOption { default = 80; type = types.port; - description = lib.mdDoc '' + description = '' TCP port number for lighttpd to bind to. ''; }; @@ -148,7 +148,7 @@ in document-root = mkOption { default = "/srv/www"; type = types.path; - description = lib.mdDoc '' + description = '' Document-root of the web server. Must be readable by the "lighttpd" user. ''; }; @@ -156,7 +156,7 @@ in mod_userdir = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' If true, requests in the form /~user/page.html are rewritten to take the file public_html/page.html from the home directory of the user. ''; @@ -166,7 +166,7 @@ in type = types.listOf types.str; default = [ ]; example = [ "mod_cgi" "mod_status" ]; - description = lib.mdDoc '' + description = '' List of lighttpd modules to enable. Sub-services take care of enabling modules as needed, so this option is mainly for when you want to add custom stuff to @@ -178,7 +178,7 @@ in enableUpstreamMimeTypes = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to include the list of mime types bundled with lighttpd (upstream). If you disable this, no mime types will be added by NixOS and you will have to add your own mime types in @@ -189,7 +189,7 @@ in mod_status = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Show server status overview at /server-status, statistics at /server-statistics and list of loaded modules at /server-config. ''; @@ -199,7 +199,7 @@ in default = ""; type = types.lines; example = "...verbatim config file contents..."; - description = lib.mdDoc '' + description = '' Overridable config file contents to use for lighttpd. By default, use the contents automatically generated by NixOS. ''; @@ -208,7 +208,7 @@ in extraConfig = mkOption { default = ""; type = types.lines; - description = lib.mdDoc '' + description = '' These configuration lines will be appended to the generated lighttpd config file. Note that this mechanism does not work when the manual {option}`configText` option is used. diff --git a/nixos/modules/services/web-servers/lighttpd/gitweb.nix b/nixos/modules/services/web-servers/lighttpd/gitweb.nix index e129e8bc1666d..c494d6966a7f5 100644 --- a/nixos/modules/services/web-servers/lighttpd/gitweb.nix +++ b/nixos/modules/services/web-servers/lighttpd/gitweb.nix @@ -16,7 +16,7 @@ in enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' If true, enable gitweb in lighttpd. Access it at http://yourserver/gitweb ''; }; diff --git a/nixos/modules/services/web-servers/merecat.nix b/nixos/modules/services/web-servers/merecat.nix index aad93605b7176..ff65480a0f2d6 100644 --- a/nixos/modules/services/web-servers/merecat.nix +++ b/nixos/modules/services/web-servers/merecat.nix @@ -19,12 +19,12 @@ in { options.services.merecat = { - enable = mkEnableOption (lib.mdDoc "Merecat HTTP server"); + enable = mkEnableOption "Merecat HTTP server"; settings = mkOption { inherit (format) type; default = { }; - description = lib.mdDoc '' + description = '' Merecat configuration. Refer to merecat(8) for details on supported values. ''; example = { diff --git a/nixos/modules/services/web-servers/mighttpd2.nix b/nixos/modules/services/web-servers/mighttpd2.nix index bb75dc4f2ff47..1162696751444 100644 --- a/nixos/modules/services/web-servers/mighttpd2.nix +++ b/nixos/modules/services/web-servers/mighttpd2.nix @@ -8,7 +8,7 @@ let routingFile = pkgs.writeText "mighty-routing" cfg.routing; in { options.services.mighttpd2 = { - enable = mkEnableOption (lib.mdDoc "Mighttpd2 web server"); + enable = mkEnableOption "Mighttpd2 web server"; config = mkOption { default = ""; @@ -42,7 +42,7 @@ in { Service: 0 # 0 is HTTP only, 1 is HTTPS only, 2 is both ''; type = types.lines; - description = lib.mdDoc '' + description = '' Verbatim config file to use (see https://kazu-yamamoto.github.io/mighttpd2/config.html) ''; @@ -76,7 +76,7 @@ in { / -> /export/www/ ''; type = types.lines; - description = lib.mdDoc '' + description = '' Verbatim routing file to use (see https://kazu-yamamoto.github.io/mighttpd2/config.html) ''; @@ -85,7 +85,7 @@ in { cores = mkOption { default = null; type = types.nullOr types.int; - description = lib.mdDoc '' + description = '' How many cores to use. If null it will be determined automatically ''; diff --git a/nixos/modules/services/web-servers/minio.nix b/nixos/modules/services/web-servers/minio.nix index be6946657e23d..4ddd90bfa3edd 100644 --- a/nixos/modules/services/web-servers/minio.nix +++ b/nixos/modules/services/web-servers/minio.nix @@ -14,36 +14,36 @@ in meta.maintainers = [ maintainers.bachp ]; options.services.minio = { - enable = mkEnableOption (lib.mdDoc "Minio Object Storage"); + enable = mkEnableOption "Minio Object Storage"; listenAddress = mkOption { default = ":9000"; type = types.str; - description = lib.mdDoc "IP address and port of the server."; + description = "IP address and port of the server."; }; consoleAddress = mkOption { default = ":9001"; type = types.str; - description = lib.mdDoc "IP address and port of the web UI (console)."; + description = "IP address and port of the web UI (console)."; }; dataDir = mkOption { default = [ "/var/lib/minio/data" ]; type = types.listOf (types.either types.path types.str); - description = lib.mdDoc "The list of data directories or nodes for storing the objects. Use one path for regular operation and the minimum of 4 endpoints for Erasure Code mode."; + description = "The list of data directories or nodes for storing the objects. Use one path for regular operation and the minimum of 4 endpoints for Erasure Code mode."; }; configDir = mkOption { default = "/var/lib/minio/config"; type = types.path; - description = lib.mdDoc "The config directory, for the access keys and other settings."; + description = "The config directory, for the access keys and other settings."; }; accessKey = mkOption { default = ""; type = types.str; - description = lib.mdDoc '' + description = '' Access key of 5 to 20 characters in length that clients use to access the server. This overrides the access key that is generated by minio on first startup and stored inside the `configDir` directory. @@ -53,7 +53,7 @@ in secretKey = mkOption { default = ""; type = types.str; - description = lib.mdDoc '' + description = '' Specify the Secret key of 8 to 40 characters in length that clients use to access the server. This overrides the secret key that is generated by minio on first startup and stored inside the `configDir` directory. @@ -63,7 +63,7 @@ in rootCredentialsFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' File containing the MINIO_ROOT_USER, default is "minioadmin", and MINIO_ROOT_PASSWORD (length >= 8), default is "minioadmin"; in the format of an EnvironmentFile=, as described by systemd.exec(5). @@ -74,7 +74,7 @@ in region = mkOption { default = "us-east-1"; type = types.str; - description = lib.mdDoc '' + description = '' The physical location of the server. By default it is set to us-east-1, which is same as AWS S3's and Minio's default region. ''; }; @@ -82,7 +82,7 @@ in browser = mkOption { default = true; type = types.bool; - description = lib.mdDoc "Enable or disable access to web UI."; + description = "Enable or disable access to web UI."; }; package = mkPackageOption pkgs "minio" { }; diff --git a/nixos/modules/services/web-servers/molly-brown.nix b/nixos/modules/services/web-servers/molly-brown.nix index 6d7ca0c12ef70..f4aa98cde9592 100644 --- a/nixos/modules/services/web-servers/molly-brown.nix +++ b/nixos/modules/services/web-servers/molly-brown.nix @@ -10,12 +10,12 @@ in { options.services.molly-brown = { - enable = mkEnableOption (lib.mdDoc "Molly-Brown Gemini server"); + enable = mkEnableOption "Molly-Brown Gemini server"; port = mkOption { default = 1965; type = types.port; - description = lib.mdDoc '' + description = '' TCP port for molly-brown to bind to. ''; }; @@ -24,7 +24,7 @@ in { type = types.str; default = config.networking.hostName; defaultText = literalExpression "config.networking.hostName"; - description = lib.mdDoc '' + description = '' The hostname to respond to requests for. Requests for URLs with other hosts will result in a status 53 (PROXY REQUEST REFUSED) response. @@ -34,7 +34,7 @@ in { certPath = mkOption { type = types.path; example = "/var/lib/acme/example.com/cert.pem"; - description = lib.mdDoc '' + description = '' Path to TLS certificate. An ACME certificate and key may be shared with an HTTP server, but only if molly-brown has permissions allowing it to read such keys. @@ -50,19 +50,19 @@ in { keyPath = mkOption { type = types.path; example = "/var/lib/acme/example.com/key.pem"; - description = lib.mdDoc "Path to TLS key. See {option}`CertPath`."; + description = "Path to TLS key. See {option}`CertPath`."; }; docBase = mkOption { type = types.path; example = "/var/lib/molly-brown"; - description = lib.mdDoc "Base directory for Gemini content."; + description = "Base directory for Gemini content."; }; settings = mkOption { inherit (settingsFormat) type; default = { }; - description = lib.mdDoc '' + description = '' molly-brown configuration. Refer to <https://tildegit.org/solderpunk/molly-brown/src/branch/master/example.conf> for details on supported values. diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index 93b1a3fdfaddd..08fab09e1e559 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -164,7 +164,7 @@ let ${commonHttpConfig} ${optionalString (cfg.resolver.addresses != []) '' - resolver ${toString cfg.resolver.addresses} ${optionalString (cfg.resolver.valid != "") "valid=${cfg.resolver.valid}"} ${optionalString (!cfg.resolver.ipv6) "ipv6=off"}; + resolver ${toString cfg.resolver.addresses} ${optionalString (cfg.resolver.valid != "") "valid=${cfg.resolver.valid}"} ${optionalString (!cfg.resolver.ipv4) "ipv4=off"} ${optionalString (!cfg.resolver.ipv6) "ipv6=off"}; ''} ${upstreamConfig} @@ -352,7 +352,8 @@ let # The acme-challenge location doesn't need to be added if we are not using any automated # certificate provisioning and can also be omitted when we use a certificate obtained via a DNS-01 challenge - acmeLocation = optionalString (vhost.enableACME || (vhost.useACMEHost != null && config.security.acme.certs.${vhost.useACMEHost}.dnsProvider == null)) + acmeName = if vhost.useACMEHost != null then vhost.useACMEHost else vhostName; + acmeLocation = optionalString ((vhost.enableACME || vhost.useACMEHost != null) && config.security.acme.certs.${acmeName}.dnsProvider == null) # Rule for legitimate ACME Challenge requests (like /.well-known/acme-challenge/xxxxxxxxx) # We use ^~ here, so that we don't check any regexes (which could # otherwise easily override this intended match accidentally). @@ -477,12 +478,12 @@ in { options = { services.nginx = { - enable = mkEnableOption (lib.mdDoc "Nginx Web Server"); + enable = mkEnableOption "Nginx Web Server"; statusPage = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Enable status page reachable from localhost on http://127.0.0.1/nginx_status. ''; }; @@ -490,7 +491,7 @@ in recommendedTlsSettings = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Enable recommended TLS settings. ''; }; @@ -498,7 +499,7 @@ in recommendedOptimisation = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Enable recommended optimisation settings. ''; }; @@ -506,7 +507,7 @@ in recommendedBrotliSettings = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Enable recommended brotli settings. Learn more about compression in Brotli format [here](https://github.com/google/ngx_brotli/). @@ -517,7 +518,7 @@ in recommendedGzipSettings = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Enable recommended gzip settings. Learn more about compression in Gzip format [here](https://docs.nginx.com/nginx/admin-guide/web-server/compression/). ''; @@ -526,7 +527,7 @@ in recommendedZstdSettings = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Enable recommended zstd settings. Learn more about compression in Zstd format [here](https://github.com/tokers/zstd-nginx-module). @@ -537,7 +538,7 @@ in recommendedProxySettings = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Whether to enable recommended proxy settings if a vhost does not specify the option manually. ''; }; @@ -546,7 +547,7 @@ in type = types.str; default = "60s"; example = "20s"; - description = lib.mdDoc '' + description = '' Change the proxy related timeouts in recommendedProxySettings. ''; }; @@ -556,26 +557,26 @@ in options = { addr = mkOption { type = str; - description = lib.mdDoc "IP address."; + description = "IP address."; }; port = mkOption { type = nullOr port; - description = lib.mdDoc "Port number."; + description = "Port number."; default = null; }; ssl = mkOption { type = nullOr bool; default = null; - description = lib.mdDoc "Enable SSL."; + description = "Enable SSL."; }; proxyProtocol = mkOption { type = bool; - description = lib.mdDoc "Enable PROXY protocol."; + description = "Enable PROXY protocol."; default = false; }; extraParameters = mkOption { type = listOf str; - description = lib.mdDoc "Extra parameters of this listen directive."; + description = "Extra parameters of this listen directive."; default = [ ]; example = [ "backlog=1024" "deferred" ]; }; @@ -589,7 +590,7 @@ in { addr = "[::0]"; } ] ''; - description = lib.mdDoc '' + description = '' If vhosts do not specify listen, use these addresses by default. This option takes precedence over {option}`defaultListenAddresses` and other listen-related defaults options. @@ -601,7 +602,7 @@ in default = [ "0.0.0.0" ] ++ optional enableIPv6 "[::0]"; defaultText = literalExpression ''[ "0.0.0.0" ] ++ lib.optional config.networking.enableIPv6 "[::0]"''; example = literalExpression ''[ "10.0.0.12" "[2002:a00:1::]" ]''; - description = lib.mdDoc '' + description = '' If vhosts do not specify listenAddresses, use these addresses by default. This is akin to writing `defaultListen = [ { addr = "0.0.0.0" } ]`. ''; @@ -611,7 +612,7 @@ in type = types.port; default = 80; example = 8080; - description = lib.mdDoc '' + description = '' If vhosts do not specify listen.port, use these ports for HTTP by default. ''; }; @@ -620,7 +621,7 @@ in type = types.port; default = 443; example = 8443; - description = lib.mdDoc '' + description = '' If vhosts do not specify listen.port, use these ports for SSL by default. ''; }; @@ -630,7 +631,7 @@ in default = "${pkgs.mailcap}/etc/nginx/mime.types"; defaultText = literalExpression "$''{pkgs.mailcap}/etc/nginx/mime.types"; example = literalExpression "$''{pkgs.nginx}/conf/mime.types"; - description = lib.mdDoc '' + description = '' Default MIME types for NGINX, as MIME types definitions from NGINX are very incomplete, we use by default the ones bundled in the mailcap package, used by most of the other Linux distributions. @@ -644,7 +645,7 @@ in apply = p: p.override { modules = lib.unique (p.modules ++ cfg.additionalModules); }; - description = lib.mdDoc '' + description = '' Nginx package to use. This defaults to the stable version. Note that the nginx team recommends to use the mainline version which available in nixpkgs as `nginxMainline`. @@ -657,7 +658,7 @@ in default = []; type = types.listOf (types.attrsOf types.anything); example = literalExpression "[ pkgs.nginxModules.echo ]"; - description = lib.mdDoc '' + description = '' Additional [third-party nginx modules](https://www.nginx.com/resources/wiki/modules/) to install. Packaged modules are available in `pkgs.nginxModules`. ''; @@ -666,7 +667,7 @@ in logError = mkOption { default = "stderr"; type = types.str; - description = lib.mdDoc '' + description = '' Configures logging. The first parameter defines a file that will store the log. The special value stderr selects the standard error file. Logging to @@ -683,7 +684,7 @@ in preStart = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Shell commands executed before the service's nginx is started. ''; }; @@ -691,7 +692,7 @@ in config = mkOption { type = types.str; default = ""; - description = lib.mdDoc '' + description = '' Verbatim {file}`nginx.conf` configuration. This is mutually exclusive to any other config option for {file}`nginx.conf` except for @@ -707,7 +708,7 @@ in appendConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Configuration lines appended to the generated Nginx configuration file. Commonly used by different modules providing http snippets. {option}`appendConfig` @@ -727,7 +728,7 @@ in '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent"'; ''; - description = lib.mdDoc '' + description = '' With nginx you must provide common http context definitions before they are used, e.g. log_format, resolver, etc. inside of server or location contexts. Use this attribute to set these definitions @@ -738,7 +739,7 @@ in httpConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Configuration lines to be set inside the http block. This is mutually exclusive with the structured configuration via virtualHosts and the recommendedXyzSettings configuration @@ -756,7 +757,7 @@ in proxy_pass 192.168.0.1:53535; } ''; - description = lib.mdDoc '' + description = '' Configuration lines to be set inside the stream block. ''; }; @@ -764,7 +765,7 @@ in eventsConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Configuration lines to be set inside the events block. ''; }; @@ -772,7 +773,7 @@ in appendHttpConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' Configuration lines to be appended to the generated http block. This is mutually exclusive with using config and httpConfig for specifying the whole http block verbatim. @@ -782,7 +783,7 @@ in enableReload = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Reload nginx when configuration file changes (instead of restart). The configuration file is exposed at {file}`/etc/nginx/nginx.conf`. See also `systemd.services.*.restartIfChanged`. @@ -792,7 +793,7 @@ in enableQuicBPF = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' Enables routing of QUIC packets using eBPF. When enabled, this allows to support QUIC connection migration. The directive is only supported on Linux 5.7+. @@ -805,52 +806,52 @@ in user = mkOption { type = types.str; default = "nginx"; - description = lib.mdDoc "User account under which nginx runs."; + description = "User account under which nginx runs."; }; group = mkOption { type = types.str; default = "nginx"; - description = lib.mdDoc "Group account under which nginx runs."; + description = "Group account under which nginx runs."; }; serverTokens = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Show nginx version in headers and error pages."; + description = "Show nginx version in headers and error pages."; }; clientMaxBodySize = mkOption { type = types.str; default = "10m"; - description = lib.mdDoc "Set nginx global client_max_body_size."; + description = "Set nginx global client_max_body_size."; }; sslCiphers = mkOption { type = types.nullOr types.str; # Keep in sync with https://ssl-config.mozilla.org/#server=nginx&config=intermediate - default = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; - description = lib.mdDoc "Ciphers to choose from when negotiating TLS handshakes."; + default = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305"; + description = "Ciphers to choose from when negotiating TLS handshakes."; }; sslProtocols = mkOption { type = types.str; default = "TLSv1.2 TLSv1.3"; example = "TLSv1 TLSv1.1 TLSv1.2 TLSv1.3"; - description = lib.mdDoc "Allowed TLS protocol versions."; + description = "Allowed TLS protocol versions."; }; sslDhparam = mkOption { type = types.nullOr types.path; default = null; example = "/path/to/dhparams.pem"; - description = lib.mdDoc "Path to DH parameters file."; + description = "Path to DH parameters file."; }; proxyResolveWhileRunning = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Resolves domains of proxyPass targets at runtime and not only at start, you have to set services.nginx.resolver, too. @@ -860,7 +861,7 @@ in mapHashBucketSize = mkOption { type = types.nullOr (types.enum [ 32 64 128 ]); default = null; - description = lib.mdDoc '' + description = '' Sets the bucket size for the map variables hash tables. Default value depends on the processor’s cache line size. ''; @@ -869,7 +870,7 @@ in mapHashMaxSize = mkOption { type = types.nullOr types.ints.positive; default = null; - description = lib.mdDoc '' + description = '' Sets the maximum size of the map variables hash tables. ''; }; @@ -877,7 +878,7 @@ in serverNamesHashBucketSize = mkOption { type = types.nullOr types.ints.positive; default = null; - description = lib.mdDoc '' + description = '' Sets the bucket size for the server names hash tables. Default value depends on the processor’s cache line size. ''; @@ -886,7 +887,7 @@ in serverNamesHashMaxSize = mkOption { type = types.nullOr types.ints.positive; default = null; - description = lib.mdDoc '' + description = '' Sets the maximum size of the server names hash tables. ''; }; @@ -894,27 +895,27 @@ in proxyCachePath = mkOption { type = types.attrsOf (types.submodule ({ ... }: { options = { - enable = mkEnableOption (lib.mdDoc "this proxy cache path entry"); + enable = mkEnableOption "this proxy cache path entry"; keysZoneName = mkOption { type = types.str; default = "cache"; example = "my_cache"; - description = lib.mdDoc "Set name to shared memory zone."; + description = "Set name to shared memory zone."; }; keysZoneSize = mkOption { type = types.str; default = "10m"; example = "32m"; - description = lib.mdDoc "Set size to shared memory zone."; + description = "Set size to shared memory zone."; }; levels = mkOption { type = types.str; default = "1:2"; example = "1:2:2"; - description = lib.mdDoc '' + description = '' The levels parameter defines structure of subdirectories in cache: from 1 to 3, each level accepts values 1 or 2. Сan be used any combination of 1 and 2 in these formats: x, x:x and x:x:x. @@ -925,7 +926,7 @@ in type = types.bool; default = false; example = true; - description = lib.mdDoc '' + description = '' Nginx first writes files that are destined for the cache to a temporary storage area, and the use_temp_path=off directive instructs Nginx to write them to the same directories where they will be cached. Recommended @@ -938,7 +939,7 @@ in type = types.str; default = "10m"; example = "1d"; - description = lib.mdDoc '' + description = '' Cached data that has not been accessed for the time specified by the inactive parameter is removed from the cache, regardless of its freshness. @@ -949,12 +950,12 @@ in type = types.str; default = "1g"; example = "2048m"; - description = lib.mdDoc "Set maximum cache size"; + description = "Set maximum cache size"; }; }; })); default = {}; - description = lib.mdDoc '' + description = '' Configure a proxy cache path entry. See <https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_path> for documentation. ''; @@ -967,21 +968,30 @@ in type = types.listOf types.str; default = []; example = literalExpression ''[ "[::1]" "127.0.0.1:5353" ]''; - description = lib.mdDoc "List of resolvers to use"; + description = "List of resolvers to use"; }; valid = mkOption { type = types.str; default = ""; example = "30s"; - description = lib.mdDoc '' + description = '' By default, nginx caches answers using the TTL value of a response. An optional valid parameter allows overriding it ''; }; + ipv4 = mkOption { + type = types.bool; + default = true; + description = '' + By default, nginx will look up both IPv4 and IPv6 addresses while resolving. + If looking up of IPv4 addresses is not desired, the ipv4=off parameter can be + specified. + ''; + }; ipv6 = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' By default, nginx will look up both IPv4 and IPv6 addresses while resolving. If looking up of IPv6 addresses is not desired, the ipv6=off parameter can be specified. @@ -989,7 +999,7 @@ in }; }; }; - description = lib.mdDoc '' + description = '' Configures name servers used to resolve names of upstream servers into addresses ''; default = {}; @@ -1005,14 +1015,14 @@ in backup = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Marks the server as a backup server. It will be passed requests when the primary servers are unavailable. ''; }; }; }); - description = lib.mdDoc '' + description = '' Defines the address and other parameters of the upstream servers. See [the documentation](https://nginx.org/en/docs/http/ngx_http_upstream_module.html#server) for the available parameters. @@ -1023,13 +1033,13 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' These lines go to the end of the upstream verbatim. ''; }; }; }); - description = lib.mdDoc '' + description = '' Defines a group of servers to use as proxy target. ''; default = {}; @@ -1070,7 +1080,7 @@ in }; }; ''; - description = lib.mdDoc "Declarative vhost config"; + description = "Declarative vhost config"; }; }; }; @@ -1179,6 +1189,13 @@ in to answer to ACME requests. ''; } + + { + assertion = cfg.resolver.ipv4 || cfg.resolver.ipv6; + message = '' + At least one of services.nginx.resolver.ipv4 and services.nginx.resolver.ipv6 must be true. + ''; + } ] ++ map (name: mkCertOwnershipAssertion { inherit (cfg) group user; cert = config.security.acme.certs.${name}; diff --git a/nixos/modules/services/web-servers/nginx/gitweb.nix b/nixos/modules/services/web-servers/nginx/gitweb.nix index ec2c432ca573e..9242c1adbde16 100644 --- a/nixos/modules/services/web-servers/nginx/gitweb.nix +++ b/nixos/modules/services/web-servers/nginx/gitweb.nix @@ -17,7 +17,7 @@ in enable = mkOption { default = false; type = types.bool; - description = lib.mdDoc '' + description = '' If true, enable gitweb in nginx. ''; }; @@ -25,7 +25,7 @@ in location = mkOption { default = "/gitweb"; type = types.str; - description = lib.mdDoc '' + description = '' Location to serve gitweb on. ''; }; @@ -33,7 +33,7 @@ in user = mkOption { default = "nginx"; type = types.str; - description = lib.mdDoc '' + description = '' Existing user that the CGI process will belong to. (Default almost surely will do.) ''; }; @@ -41,7 +41,7 @@ in group = mkOption { default = "nginx"; type = types.str; - description = lib.mdDoc '' + description = '' Group that the CGI process will belong to. (Set to `config.services.gitolite.group` if you are using gitolite.) ''; }; @@ -49,7 +49,7 @@ in virtualHost = mkOption { default = "_"; type = types.str; - description = lib.mdDoc '' + description = '' VirtualHost to serve gitweb on. Default is catch-all. ''; }; diff --git a/nixos/modules/services/web-servers/nginx/location-options.nix b/nixos/modules/services/web-servers/nginx/location-options.nix index 2138e551fd434..8cefd481d3f93 100644 --- a/nixos/modules/services/web-servers/nginx/location-options.nix +++ b/nixos/modules/services/web-servers/nginx/location-options.nix @@ -17,7 +17,7 @@ with lib; user = "password"; }; ''; - description = lib.mdDoc '' + description = '' Basic Auth protection for a vhost. WARNING: This is implemented to store the password in plain text in the @@ -28,7 +28,7 @@ with lib; basicAuthFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Basic Auth password file for a vhost. Can be created via: {command}`htpasswd -c <filename> <username>`. @@ -41,7 +41,7 @@ with lib; type = types.nullOr types.str; default = null; example = "http://www.example.org/"; - description = lib.mdDoc '' + description = '' Adds proxy_pass directive and sets recommended proxy headers if recommendedProxySettings is enabled. ''; @@ -51,7 +51,7 @@ with lib; type = types.bool; default = false; example = true; - description = lib.mdDoc '' + description = '' Whether to support proxying websocket connections with HTTP/1.1. ''; }; @@ -60,7 +60,7 @@ with lib; type = types.nullOr types.str; default = null; example = "index.php index.html"; - description = lib.mdDoc '' + description = '' Adds index directive. ''; }; @@ -69,7 +69,7 @@ with lib; type = types.nullOr types.str; default = null; example = "$uri =404"; - description = lib.mdDoc '' + description = '' Adds try_files directive. ''; }; @@ -78,7 +78,7 @@ with lib; type = types.nullOr types.path; default = null; example = "/your/root/directory"; - description = lib.mdDoc '' + description = '' Root directory for requests. ''; }; @@ -87,7 +87,7 @@ with lib; type = types.nullOr types.path; default = null; example = "/your/alias/directory"; - description = lib.mdDoc '' + description = '' Alias directory for requests. ''; }; @@ -96,7 +96,7 @@ with lib; type = with types; nullOr (oneOf [ str int ]); default = null; example = "301 http://example.com$request_uri"; - description = lib.mdDoc '' + description = '' Adds a return directive, for e.g. redirections. ''; }; @@ -104,7 +104,7 @@ with lib; fastcgiParams = mkOption { type = types.attrsOf (types.either types.str types.path); default = {}; - description = lib.mdDoc '' + description = '' FastCGI parameters to override. Unlike in the Nginx configuration file, overriding only some default parameters won't unset the default values for other parameters. @@ -114,7 +114,7 @@ with lib; extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' These lines go to the end of the location verbatim. ''; }; @@ -122,7 +122,7 @@ with lib; priority = mkOption { type = types.int; default = 1000; - description = lib.mdDoc '' + description = '' Order of this location block in relation to the others in the vhost. The semantics are the same as with `lib.mkOrder`. Smaller values have a greater priority. @@ -133,7 +133,7 @@ with lib; type = types.bool; default = config.services.nginx.recommendedProxySettings; defaultText = literalExpression "config.services.nginx.recommendedProxySettings"; - description = lib.mdDoc '' + description = '' Enable recommended proxy settings. ''; }; diff --git a/nixos/modules/services/web-servers/nginx/tailscale-auth.nix b/nixos/modules/services/web-servers/nginx/tailscale-auth.nix index a2e4d4a30be5c..ca272268f5724 100644 --- a/nixos/modules/services/web-servers/nginx/tailscale-auth.nix +++ b/nixos/modules/services/web-servers/nginx/tailscale-auth.nix @@ -1,117 +1,57 @@ { config, lib, pkgs, ... }: -with lib; - let + inherit (lib) + genAttrs + maintainers + mkAliasOptionModule + mkEnableOption + mkIf + mkOption + types + ; cfg = config.services.nginx.tailscaleAuth; + cfgAuth = config.services.tailscaleAuth; in { - options.services.nginx.tailscaleAuth = { - enable = mkEnableOption (lib.mdDoc "Enable tailscale.nginx-auth, to authenticate nginx users via tailscale."); - - package = lib.mkPackageOptionMD pkgs "tailscale-nginx-auth" {}; - - user = mkOption { - type = types.str; - default = "tailscale-nginx-auth"; - description = lib.mdDoc "User which runs tailscale-nginx-auth"; - }; + imports = [ + (mkAliasOptionModule [ "services" "nginx" "tailscaleAuth" "package" ] [ "services" "tailscaleAuth" "package" ]) + (mkAliasOptionModule [ "services" "nginx" "tailscaleAuth" "user" ] [ "services" "tailscaleAuth" "user" ]) + (mkAliasOptionModule [ "services" "nginx" "tailscaleAuth" "group" ] [ "services" "tailscaleAuth" "group" ]) + (mkAliasOptionModule [ "services" "nginx" "tailscaleAuth" "socketPath" ] [ "services" "tailscaleAuth" "socketPath" ]) + ]; - group = mkOption { - type = types.str; - default = "tailscale-nginx-auth"; - description = lib.mdDoc "Group which runs tailscale-nginx-auth"; - }; + options.services.nginx.tailscaleAuth = { + enable = mkEnableOption "Enable tailscale.nginx-auth, to authenticate nginx users via tailscale."; expectedTailnet = mkOption { default = ""; type = types.nullOr types.str; example = "tailnet012345.ts.net"; - description = lib.mdDoc '' + description = '' If you want to prevent node sharing from allowing users to access services across tailnets, declare your expected tailnets domain here. ''; }; - socketPath = mkOption { - default = "/run/tailscale-nginx-auth/tailscale-nginx-auth.sock"; - type = types.path; - description = lib.mdDoc '' - Path of the socket listening to nginx authorization requests. - ''; - }; - virtualHosts = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc '' + description = '' A list of nginx virtual hosts to put behind tailscale.nginx-auth ''; }; }; config = mkIf cfg.enable { - services.tailscale.enable = true; + services.tailscaleAuth.enable = true; services.nginx.enable = true; - users.users.${cfg.user} = { - isSystemUser = true; - inherit (cfg) group; - }; - users.groups.${cfg.group} = { }; - users.users.${config.services.nginx.user}.extraGroups = [ cfg.group ]; - systemd.sockets.tailscale-nginx-auth = { - description = "Tailscale NGINX Authentication socket"; - partOf = [ "tailscale-nginx-auth.service" ]; - wantedBy = [ "sockets.target" ]; - listenStreams = [ cfg.socketPath ]; - socketConfig = { - SocketMode = "0660"; - SocketUser = cfg.user; - SocketGroup = cfg.group; - }; - }; - + users.users.${config.services.nginx.user}.extraGroups = [ cfgAuth.group ]; systemd.services.tailscale-nginx-auth = { - description = "Tailscale NGINX Authentication service"; after = [ "nginx.service" ]; wants = [ "nginx.service" ]; - requires = [ "tailscale-nginx-auth.socket" ]; - - serviceConfig = { - ExecStart = "${lib.getExe cfg.package}"; - RuntimeDirectory = "tailscale-nginx-auth"; - User = cfg.user; - Group = cfg.group; - - BindPaths = [ "/run/tailscale/tailscaled.sock" ]; - - CapabilityBoundingSet = ""; - DeviceAllow = ""; - LockPersonality = true; - MemoryDenyWriteExecute = true; - PrivateDevices = true; - PrivateUsers = true; - ProtectClock = true; - ProtectControlGroups = true; - ProtectHome = true; - ProtectHostname = true; - ProtectKernelLogs = true; - ProtectKernelModules = true; - ProtectKernelTunables = true; - RestrictNamespaces = true; - RestrictAddressFamilies = [ "AF_UNIX" ]; - RestrictRealtime = true; - RestrictSUIDSGID = true; - - SystemCallArchitectures = "native"; - SystemCallErrorNumber = "EPERM"; - SystemCallFilter = [ - "@system-service" - "~@cpu-emulation" "~@debug" "~@keyring" "~@memlock" "~@obsolete" "~@privileged" "~@setuid" - ]; - }; }; services.nginx.virtualHosts = genAttrs @@ -121,7 +61,7 @@ in extraConfig = '' internal; - proxy_pass http://unix:${cfg.socketPath}; + proxy_pass http://unix:${cfgAuth.socketPath}; proxy_pass_request_body off; # Upstream uses $http_host here, but we are using gixy to check nginx configurations diff --git a/nixos/modules/services/web-servers/nginx/vhost-options.nix b/nixos/modules/services/web-servers/nginx/vhost-options.nix index ea98439d3823d..24fcb101c910d 100644 --- a/nixos/modules/services/web-servers/nginx/vhost-options.nix +++ b/nixos/modules/services/web-servers/nginx/vhost-options.nix @@ -11,7 +11,7 @@ with lib; serverName = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Name of this virtual host. Defaults to attribute name in virtualHosts. ''; example = "example.org"; @@ -21,7 +21,7 @@ with lib; type = types.listOf types.str; default = []; example = [ "www.example.org" "example.org" ]; - description = lib.mdDoc '' + description = '' Additional names of virtual hosts served by this virtual host configuration. ''; }; @@ -31,11 +31,11 @@ with lib; options = { addr = mkOption { type = str; - description = lib.mdDoc "Listen address."; + description = "Listen address."; }; port = mkOption { type = types.nullOr port; - description = lib.mdDoc '' + description = '' Port number to listen on. If unset and the listen address is not a socket then nginx defaults to 80. ''; @@ -43,17 +43,17 @@ with lib; }; ssl = mkOption { type = bool; - description = lib.mdDoc "Enable SSL."; + description = "Enable SSL."; default = false; }; proxyProtocol = mkOption { type = bool; - description = lib.mdDoc "Enable PROXY protocol."; + description = "Enable PROXY protocol."; default = false; }; extraParameters = mkOption { type = listOf str; - description = lib.mdDoc "Extra parameters of this listen directive."; + description = "Extra parameters of this listen directive."; default = [ ]; example = [ "backlog=1024" "deferred" ]; }; @@ -65,7 +65,7 @@ with lib; { addr = "192.154.1.1"; port = 80; } { addr = "unix:/var/run/nginx.sock"; } ]; - description = lib.mdDoc '' + description = '' Listen addresses and ports for this virtual host. IPv6 addresses must be enclosed in square brackets. Note: this option overrides `addSSL` @@ -79,7 +79,7 @@ with lib; listenAddresses = mkOption { type = with types; listOf str; - description = lib.mdDoc '' + description = '' Listen addresses for this virtual host. Compared to `listen` this only sets the addresses and the ports are chosen automatically. @@ -93,7 +93,7 @@ with lib; enableACME = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to ask Let's Encrypt to sign a certificate for this vhost. Alternately, you can use an existing certificate through {option}`useACMEHost`. ''; @@ -102,7 +102,7 @@ with lib; useACMEHost = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' A host of an existing Let's Encrypt certificate to use. This is useful if you have many subdomains and want to avoid hitting the [rate limit](https://letsencrypt.org/docs/rate-limits). @@ -114,7 +114,7 @@ with lib; acmeRoot = mkOption { type = types.nullOr types.str; default = "/var/lib/acme/acme-challenge"; - description = lib.mdDoc '' + description = '' Directory for the ACME challenge, which is **public**. Don't put certs or keys in here. Set to null to inherit from config.security.acme. ''; @@ -123,7 +123,7 @@ with lib; acmeFallbackHost = mkOption { type = types.nullOr types.str; default = null; - description = lib.mdDoc '' + description = '' Host which to proxy requests to if ACME challenge is not found. Useful if you want multiple hosts to be able to verify the same domain name. @@ -136,7 +136,7 @@ with lib; addSSL = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable HTTPS in addition to plain HTTP. This will set defaults for `listen` to listen on all interfaces on the respective default ports (80, 443). @@ -146,7 +146,7 @@ with lib; onlySSL = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable HTTPS and reject plain HTTP connections. This will set defaults for `listen` to listen on all interfaces on port 443. ''; @@ -161,7 +161,7 @@ with lib; forceSSL = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to add a separate nginx server block that redirects (defaults to 301, configurable with `redirectCode`) all plain HTTP traffic to HTTPS. This will set defaults for `listen` to listen on all interfaces @@ -173,7 +173,7 @@ with lib; rejectSSL = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to listen for and reject all HTTPS connections to this vhost. Useful in [default](#opt-services.nginx.virtualHosts._name_.default) server blocks to avoid serving the certificate for another vhost. Uses the @@ -185,7 +185,7 @@ with lib; kTLS = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable kTLS support. Implementing TLS in the kernel (kTLS) improves performance by significantly reducing the need for copying operations between user space and the kernel. @@ -196,26 +196,26 @@ with lib; sslCertificate = mkOption { type = types.path; example = "/var/host.cert"; - description = lib.mdDoc "Path to server SSL certificate."; + description = "Path to server SSL certificate."; }; sslCertificateKey = mkOption { type = types.path; example = "/var/host.key"; - description = lib.mdDoc "Path to server SSL certificate key."; + description = "Path to server SSL certificate key."; }; sslTrustedCertificate = mkOption { type = types.nullOr types.path; default = null; example = literalExpression ''"''${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"''; - description = lib.mdDoc "Path to root SSL certificate for stapling and client certificates."; + description = "Path to root SSL certificate for stapling and client certificates."; }; http2 = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable the HTTP/2 protocol. Note that (as of writing) due to nginx's implementation, to disable HTTP/2 you have to disable it on all vhosts that use a given @@ -229,7 +229,7 @@ with lib; http3 = mkOption { type = types.bool; default = true; - description = lib.mdDoc '' + description = '' Whether to enable the HTTP/3 protocol. This requires using `pkgs.nginxQuic` package which can be achieved by setting `services.nginx.package = pkgs.nginxQuic;` @@ -244,7 +244,7 @@ with lib; http3_hq = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests. This requires using `pkgs.nginxQuic` package which can be achieved by setting `services.nginx.package = pkgs.nginxQuic;` @@ -258,7 +258,7 @@ with lib; quic = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Whether to enable the QUIC transport protocol. This requires using `pkgs.nginxQuic` package which can be achieved by setting `services.nginx.package = pkgs.nginxQuic;`. @@ -271,7 +271,7 @@ with lib; reuseport = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Create an individual listening socket . It is required to specify only once on one of the hosts. ''; @@ -281,7 +281,7 @@ with lib; type = types.nullOr types.path; default = null; example = "/data/webserver/docs"; - description = lib.mdDoc '' + description = '' The path of the web root directory. ''; }; @@ -289,7 +289,7 @@ with lib; default = mkOption { type = types.bool; default = false; - description = lib.mdDoc '' + description = '' Makes this vhost the default. ''; }; @@ -297,7 +297,7 @@ with lib; extraConfig = mkOption { type = types.lines; default = ""; - description = lib.mdDoc '' + description = '' These lines go to the end of the vhost verbatim. ''; }; @@ -306,7 +306,7 @@ with lib; type = types.nullOr types.str; default = null; example = "newserver.example.org"; - description = lib.mdDoc '' + description = '' If set, all requests for this host are redirected (defaults to 301, configurable with `redirectCode`) to the given hostname. ''; @@ -316,7 +316,7 @@ with lib; type = types.ints.between 300 399; default = 301; example = 308; - description = lib.mdDoc '' + description = '' HTTP status used by `globalRedirect` and `forceSSL`. Possible usecases include temporary (302, 307) redirects, keeping the request method and body (307, 308), or explicitly resetting the method to GET (303). @@ -332,7 +332,7 @@ with lib; user = "password"; }; ''; - description = lib.mdDoc '' + description = '' Basic Auth protection for a vhost. WARNING: This is implemented to store the password in plain text in the @@ -343,7 +343,7 @@ with lib; basicAuthFile = mkOption { type = types.nullOr types.path; default = null; - description = lib.mdDoc '' + description = '' Basic Auth password file for a vhost. Can be created via: {command}`htpasswd -c <filename> <username>`. @@ -364,7 +364,7 @@ with lib; }; }; ''; - description = lib.mdDoc "Declarative location config"; + description = "Declarative location config"; }; }; } diff --git a/nixos/modules/services/web-servers/phpfpm/default.nix b/nixos/modules/services/web-servers/phpfpm/default.nix index 4132a97b95437..ca77a0838f550 100644 --- a/nixos/modules/services/web-servers/phpfpm/default.nix +++ b/nixos/modules/services/web-servers/phpfpm/default.nix @@ -40,7 +40,7 @@ let socket = mkOption { type = types.str; readOnly = true; - description = lib.mdDoc '' + description = '' Path to the unix socket file on which to accept FastCGI requests. ::: {.note} @@ -54,7 +54,7 @@ let type = types.str; default = ""; example = "/path/to/unix/socket"; - description = lib.mdDoc '' + description = '' The address on which to accept FastCGI requests. ''; }; @@ -63,14 +63,14 @@ let type = types.package; default = cfg.phpPackage; defaultText = literalExpression "config.services.phpfpm.phpPackage"; - description = lib.mdDoc '' + description = '' The PHP package to use for running this PHP-FPM pool. ''; }; phpOptions = mkOption { type = types.lines; - description = lib.mdDoc '' + description = '' "Options appended to the PHP configuration file {file}`php.ini` used for this PHP-FPM pool." ''; }; @@ -78,7 +78,7 @@ let phpEnv = lib.mkOption { type = with types; attrsOf str; default = {}; - description = lib.mdDoc '' + description = '' Environment variables used for this PHP-FPM pool. ''; example = literalExpression '' @@ -93,18 +93,18 @@ let user = mkOption { type = types.str; - description = lib.mdDoc "User account under which this pool runs."; + description = "User account under which this pool runs."; }; group = mkOption { type = types.str; - description = lib.mdDoc "Group account under which this pool runs."; + description = "Group account under which this pool runs."; }; settings = mkOption { type = with types; attrsOf (oneOf [ str int bool ]); default = {}; - description = lib.mdDoc '' + description = '' PHP-FPM pool directives. Refer to the "List of pool directives" section of <https://www.php.net/manual/en/install.fpm.configuration.php> for details. Note that settings names must be enclosed in quotes (e.g. @@ -125,7 +125,7 @@ let extraConfig = mkOption { type = with types; nullOr lines; default = null; - description = lib.mdDoc '' + description = '' Extra lines that go into the pool configuration. See the documentation on `php-fpm.conf` for details on configuration directives. @@ -157,7 +157,7 @@ in { settings = mkOption { type = with types; attrsOf (oneOf [ str int bool ]); default = {}; - description = lib.mdDoc '' + description = '' PHP-FPM global directives. Refer to the "List of global php-fpm.conf directives" section of <https://www.php.net/manual/en/install.fpm.configuration.php> for details. Note that settings names must be enclosed in quotes (e.g. @@ -170,7 +170,7 @@ in { extraConfig = mkOption { type = with types; nullOr lines; default = null; - description = lib.mdDoc '' + description = '' Extra configuration that should be put in the global section of the PHP-FPM configuration file. Do not specify the options `error_log` or @@ -188,7 +188,7 @@ in { '' date.timezone = "CET" ''; - description = lib.mdDoc '' + description = '' Options appended to the PHP configuration file {file}`php.ini`. ''; }; @@ -212,7 +212,7 @@ in { }; } }''; - description = lib.mdDoc '' + description = '' PHP-FPM pools. If no pools are defined, the PHP-FPM service is disabled. ''; diff --git a/nixos/modules/services/web-servers/pomerium.nix b/nixos/modules/services/web-servers/pomerium.nix index 90748f74d24e3..441475f91ce6c 100644 --- a/nixos/modules/services/web-servers/pomerium.nix +++ b/nixos/modules/services/web-servers/pomerium.nix @@ -7,18 +7,18 @@ let in { options.services.pomerium = { - enable = mkEnableOption (lib.mdDoc "the Pomerium authenticating reverse proxy"); + enable = mkEnableOption "the Pomerium authenticating reverse proxy"; configFile = mkOption { type = with types; nullOr path; default = null; - description = lib.mdDoc "Path to Pomerium config YAML. If set, overrides services.pomerium.settings."; + description = "Path to Pomerium config YAML. If set, overrides services.pomerium.settings."; }; useACMEHost = mkOption { type = with types; nullOr str; default = null; - description = lib.mdDoc '' + description = '' If set, use a NixOS-generated ACME certificate with the specified name. Note that this will require you to use a non-HTTP-based challenge, or @@ -32,7 +32,7 @@ in }; settings = mkOption { - description = lib.mdDoc '' + description = '' The contents of Pomerium's config.yaml, in Nix expressions. Specifying configFile will override this in its entirety. @@ -48,7 +48,7 @@ in secretsFile = mkOption { type = with types; nullOr path; default = null; - description = lib.mdDoc '' + description = '' Path to file containing secrets for Pomerium, in systemd EnvironmentFile format. See the systemd.exec(5) man page. ''; diff --git a/nixos/modules/services/web-servers/rustus.nix b/nixos/modules/services/web-servers/rustus.nix index 6d3b2e6a65d98..b356133df085d 100644 --- a/nixos/modules/services/web-servers/rustus.nix +++ b/nixos/modules/services/web-servers/rustus.nix @@ -8,11 +8,11 @@ in options.services.rustus = { - enable = mkEnableOption (lib.mdDoc "TUS protocol implementation in Rust"); + enable = mkEnableOption "TUS protocol implementation in Rust"; host = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' The host that rustus will connect to. ''; default = "127.0.0.1"; @@ -21,7 +21,7 @@ in port = mkOption { type = types.port; - description = lib.mdDoc '' + description = '' The port that rustus will connect to. ''; default = 1081; @@ -30,7 +30,7 @@ in log_level = mkOption { type = types.enum [ "DEBUG" "INFO" "ERROR" ]; - description = lib.mdDoc '' + description = '' Desired log level ''; default = "INFO"; @@ -39,7 +39,7 @@ in max_body_size = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' Maximum body size in bytes ''; default = "10000000"; # 10 mb @@ -48,7 +48,7 @@ in url = mkOption { type = types.str; - description = lib.mdDoc '' + description = '' url path for uploads ''; default = "/files"; @@ -56,7 +56,7 @@ in disable_health_access_logs = mkOption { type = types.bool; - description = lib.mdDoc '' + description = '' disable access log for /health endpoint ''; default = false; @@ -64,7 +64,7 @@ in cors = mkOption { type = types.listOf types.str; - description = lib.mdDoc '' + description = '' list of origins allowed to upload ''; default = ["*"]; @@ -81,7 +81,7 @@ in "concatenation" "checksum" ]); - description = lib.mdDoc '' + description = '' Since TUS protocol offers extensibility you can turn off some protocol extensions. ''; default = [ @@ -97,7 +97,7 @@ in remove_parts = mkOption { type = types.bool; - description = lib.mdDoc '' + description = '' remove parts files after successful concatenation ''; default = true; @@ -105,7 +105,7 @@ in }; storage = lib.mkOption { - description = lib.mdDoc '' + description = '' Storages are used to actually store your files. You can configure where you want to store files. ''; default = {}; @@ -122,43 +122,43 @@ in options = { type = lib.mkOption { type = lib.types.enum ["file-storage" "hybrid-s3"]; - description = lib.mdDoc "Type of storage to use"; + description = "Type of storage to use"; }; s3_access_key_file = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "File path that contains the S3 access key."; + description = "File path that contains the S3 access key."; }; s3_secret_key_file = lib.mkOption { type = lib.types.path; - description = lib.mdDoc "File path that contains the S3 secret key."; + description = "File path that contains the S3 secret key."; }; s3_region = lib.mkOption { type = lib.types.str; default = "us-east-1"; - description = lib.mdDoc "S3 region name."; + description = "S3 region name."; }; s3_bucket = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "S3 bucket."; + description = "S3 bucket."; }; s3_url = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "S3 url."; + description = "S3 url."; }; force_sync = lib.mkOption { type = lib.types.bool; - description = lib.mdDoc "calls fsync system call after every write to disk in local storage"; + description = "calls fsync system call after every write to disk in local storage"; default = true; }; data_dir = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "path to the local directory where all files are stored"; + description = "path to the local directory where all files are stored"; default = "/var/lib/rustus"; }; dir_structure = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "pattern of a directory structure locally and on s3"; + description = "pattern of a directory structure locally and on s3"; default = "{year}/{month}/{day}"; }; }; @@ -166,7 +166,7 @@ in }; info_storage = lib.mkOption { - description = lib.mdDoc '' + description = '' Info storages are used to store information about file uploads. These storages must be persistent, because every time chunk is uploaded rustus updates information about upload. And when someone wants to download file, information about it requested from storage to get actual path of an upload. ''; default = {}; @@ -174,12 +174,12 @@ in options = { type = lib.mkOption { type = lib.types.enum ["file-info-storage"]; - description = lib.mdDoc "Type of info storage to use"; + description = "Type of info storage to use"; default = "file-info-storage"; }; dir = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "directory to store info about uploads"; + description = "directory to store info about uploads"; default = "/var/lib/rustus"; }; }; diff --git a/nixos/modules/services/web-servers/stargazer.nix b/nixos/modules/services/web-servers/stargazer.nix index 4eca33326040b..da39c8172c8bf 100644 --- a/nixos/modules/services/web-servers/stargazer.nix +++ b/nixos/modules/services/web-servers/stargazer.nix @@ -34,14 +34,14 @@ let in { options.services.stargazer = { - enable = lib.mkEnableOption (lib.mdDoc "Stargazer Gemini server"); + enable = lib.mkEnableOption "Stargazer Gemini server"; listen = lib.mkOption { type = lib.types.listOf lib.types.str; default = [ "0.0.0.0" ] ++ lib.optional config.networking.enableIPv6 "[::0]"; defaultText = lib.literalExpression ''[ "0.0.0.0" ] ++ lib.optional config.networking.enableIPv6 "[::0]"''; example = lib.literalExpression ''[ "10.0.0.12" "[2002:a00:1::]" ]''; - description = lib.mdDoc '' + description = '' Address and port to listen on. ''; }; @@ -49,25 +49,25 @@ in connectionLogging = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc "Whether or not to log connections to stdout."; + description = "Whether or not to log connections to stdout."; }; ipLog = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc "Log client IP addresses in the connection log."; + description = "Log client IP addresses in the connection log."; }; ipLogPartial = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc "Log partial client IP addresses in the connection log."; + description = "Log partial client IP addresses in the connection log."; }; requestTimeout = lib.mkOption { type = lib.types.int; default = 5; - description = lib.mdDoc '' + description = '' Number of seconds to wait for the client to send a complete request. Set to 0 to disable. ''; @@ -76,7 +76,7 @@ in responseTimeout = lib.mkOption { type = lib.types.int; default = 0; - description = lib.mdDoc '' + description = '' Number of seconds to wait for the client to send a complete request and for stargazer to finish sending the response. Set to 0 to disable. @@ -86,7 +86,7 @@ in store = lib.mkOption { type = lib.types.path; default = /var/lib/gemini/certs; - description = lib.mdDoc '' + description = '' Path to the certificate store on disk. This should be a persistent directory writable by Stargazer. ''; @@ -95,7 +95,7 @@ in certOrg = lib.mkOption { type = lib.types.str; default = "stargazer"; - description = lib.mdDoc '' + description = '' The name of the organization responsible for the X.509 certificate's /O name. ''; @@ -104,7 +104,7 @@ in genCerts = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc '' + description = '' Set to false to disable automatic certificate generation. Use if you want to provide your own certs. ''; @@ -113,7 +113,7 @@ in regenCerts = lib.mkOption { type = lib.types.bool; default = true; - description = lib.mdDoc '' + description = '' Set to false to turn off automatic regeneration of expired certificates. Use if you want to provide your own certs. ''; @@ -122,7 +122,7 @@ in certLifetime = lib.mkOption { type = lib.types.str; default = ""; - description = lib.mdDoc '' + description = '' How long certs generated by Stargazer should live for. Certs live forever by default. ''; @@ -132,7 +132,7 @@ in debugMode = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc "Run Stargazer in debug mode."; + description = "Run Stargazer in debug mode."; }; routes = lib.mkOption { @@ -149,11 +149,11 @@ in }); options.route = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "Route section name"; + description = "Route section name"; }; }); default = [ ]; - description = lib.mdDoc '' + description = '' Routes that Stargazer should server. Expressed as a list of attribute sets. Each set must have a key `route` @@ -185,13 +185,13 @@ in user = lib.mkOption { type = lib.types.str; default = "stargazer"; - description = lib.mdDoc "User account under which stargazer runs."; + description = "User account under which stargazer runs."; }; group = lib.mkOption { type = lib.types.str; default = "stargazer"; - description = lib.mdDoc "Group account under which stargazer runs."; + description = "Group account under which stargazer runs."; }; }; diff --git a/nixos/modules/services/web-servers/static-web-server.nix b/nixos/modules/services/web-servers/static-web-server.nix index 07187f00feccb..9a80f141efcf0 100644 --- a/nixos/modules/services/web-servers/static-web-server.nix +++ b/nixos/modules/services/web-servers/static-web-server.nix @@ -7,11 +7,11 @@ let in { options = { services.static-web-server = { - enable = lib.mkEnableOption (lib.mdDoc ''Static Web Server''); + enable = lib.mkEnableOption ''Static Web Server''; listen = lib.mkOption { default = "[::]:8787"; type = lib.types.str; - description = lib.mdDoc '' + description = '' The "ListenStream" used in static-web-server.socket. This is equivalent to SWS's "host" and "port" options. See here for specific syntax: <https://www.freedesktop.org/software/systemd/man/systemd.socket.html#ListenStream=> @@ -19,7 +19,7 @@ in { }; root = lib.mkOption { type = lib.types.path; - description = lib.mdDoc '' + description = '' The location of files for SWS to serve. Equivalent to SWS's "root" config value. NOTE: This folder must exist before starting SWS. ''; @@ -30,7 +30,7 @@ in { example = { general = { log-level = "error"; directory-listing = true; }; }; - description = lib.mdDoc '' + description = '' Configuration for Static Web Server. See <https://static-web-server.net/configuration/config-file/>. NOTE: Don't set "host", "port", or "root" here. They will be ignored. diff --git a/nixos/modules/services/web-servers/tomcat.nix b/nixos/modules/services/web-servers/tomcat.nix index 54ea7b66151f8..e243778cc747c 100644 --- a/nixos/modules/services/web-servers/tomcat.nix +++ b/nixos/modules/services/web-servers/tomcat.nix @@ -15,7 +15,7 @@ in options = { services.tomcat = { - enable = lib.mkEnableOption (lib.mdDoc "Apache Tomcat"); + enable = lib.mkEnableOption "Apache Tomcat"; package = lib.mkPackageOption pkgs "tomcat9" { example = "tomcat10"; @@ -24,7 +24,7 @@ in purifyOnStart = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc '' + description = '' On startup, the `baseDir` directory is populated with various files, subdirectories and symlinks. If this option is enabled, these items (except for the `logs` and `work` subdirectories) are first removed. @@ -36,7 +36,7 @@ in baseDir = lib.mkOption { type = lib.types.path; default = "/var/tomcat"; - description = lib.mdDoc '' + description = '' Location where Tomcat stores configuration files, web applications and logfiles. Note that it is partially cleared on each service startup if `purifyOnStart` is enabled. @@ -46,63 +46,63 @@ in logDirs = lib.mkOption { default = [ ]; type = lib.types.listOf lib.types.path; - description = lib.mdDoc "Directories to create in baseDir/logs/"; + description = "Directories to create in baseDir/logs/"; }; extraConfigFiles = lib.mkOption { default = [ ]; type = lib.types.listOf lib.types.path; - description = lib.mdDoc "Extra configuration files to pull into the tomcat conf directory"; + description = "Extra configuration files to pull into the tomcat conf directory"; }; extraEnvironment = lib.mkOption { type = lib.types.listOf lib.types.str; default = [ ]; example = [ "ENVIRONMENT=production" ]; - description = lib.mdDoc "Environment Variables to pass to the tomcat service"; + description = "Environment Variables to pass to the tomcat service"; }; extraGroups = lib.mkOption { default = [ ]; type = lib.types.listOf lib.types.str; example = [ "users" ]; - description = lib.mdDoc "Defines extra groups to which the tomcat user belongs."; + description = "Defines extra groups to which the tomcat user belongs."; }; user = lib.mkOption { type = lib.types.str; default = "tomcat"; - description = lib.mdDoc "User account under which Apache Tomcat runs."; + description = "User account under which Apache Tomcat runs."; }; group = lib.mkOption { type = lib.types.str; default = "tomcat"; - description = lib.mdDoc "Group account under which Apache Tomcat runs."; + description = "Group account under which Apache Tomcat runs."; }; javaOpts = lib.mkOption { type = lib.types.either (lib.types.listOf lib.types.str) lib.types.str; default = ""; - description = lib.mdDoc "Parameters to pass to the Java Virtual Machine which spawns Apache Tomcat"; + description = "Parameters to pass to the Java Virtual Machine which spawns Apache Tomcat"; }; catalinaOpts = lib.mkOption { type = lib.types.either (lib.types.listOf lib.types.str) lib.types.str; default = ""; - description = lib.mdDoc "Parameters to pass to the Java Virtual Machine which spawns the Catalina servlet container"; + description = "Parameters to pass to the Java Virtual Machine which spawns the Catalina servlet container"; }; sharedLibs = lib.mkOption { type = lib.types.listOf lib.types.str; default = [ ]; - description = lib.mdDoc "List containing JAR files or directories with JAR files which are libraries shared by the web applications"; + description = "List containing JAR files or directories with JAR files which are libraries shared by the web applications"; }; serverXml = lib.mkOption { type = lib.types.lines; default = ""; - description = lib.mdDoc '' + description = '' Verbatim server.xml configuration. This is mutually exclusive with the virtualHosts options. ''; @@ -111,14 +111,14 @@ in commonLibs = lib.mkOption { type = lib.types.listOf lib.types.str; default = [ ]; - description = lib.mdDoc "List containing JAR files or directories with JAR files which are libraries shared by the web applications and the servlet container"; + description = "List containing JAR files or directories with JAR files which are libraries shared by the web applications and the servlet container"; }; webapps = lib.mkOption { type = lib.types.listOf lib.types.path; default = [ tomcat.webapps ]; defaultText = lib.literalExpression "[ config.services.tomcat.package.webapps ]"; - description = lib.mdDoc "List containing WAR files or directories with WAR files which are web applications to be deployed on Tomcat"; + description = "List containing WAR files or directories with WAR files which are web applications to be deployed on Tomcat"; }; virtualHosts = lib.mkOption { @@ -126,16 +126,16 @@ in options = { name = lib.mkOption { type = lib.types.str; - description = lib.mdDoc "name of the virtualhost"; + description = "name of the virtualhost"; }; aliases = lib.mkOption { type = lib.types.listOf lib.types.str; - description = lib.mdDoc "aliases of the virtualhost"; + description = "aliases of the virtualhost"; default = [ ]; }; webapps = lib.mkOption { type = lib.types.listOf lib.types.path; - description = lib.mdDoc '' + description = '' List containing web application WAR files and/or directories containing web applications and configuration files for the virtual host. ''; @@ -144,13 +144,13 @@ in }; }); default = [ ]; - description = lib.mdDoc "List consisting of a virtual host name and a list of web applications to deploy on each virtual host"; + description = "List consisting of a virtual host name and a list of web applications to deploy on each virtual host"; }; logPerVirtualHost = lib.mkOption { type = lib.types.bool; default = false; - description = lib.mdDoc "Whether to enable logging per virtual host."; + description = "Whether to enable logging per virtual host."; }; jdk = lib.mkPackageOption pkgs "jdk" { }; @@ -161,7 +161,7 @@ in services = lib.mkOption { default = [ ]; type = lib.types.listOf lib.types.str; - description = lib.mdDoc "List containing AAR files or directories with AAR files which are web services to be deployed on Axis2"; + description = "List containing AAR files or directories with AAR files which are web services to be deployed on Axis2"; }; }; }; diff --git a/nixos/modules/services/web-servers/traefik.nix b/nixos/modules/services/web-servers/traefik.nix index fc9eb504ebf81..9c53455bcf3d7 100644 --- a/nixos/modules/services/web-servers/traefik.nix +++ b/nixos/modules/services/web-servers/traefik.nix @@ -55,20 +55,20 @@ let else "/run/traefik/config.toml"; in { options.services.traefik = { - enable = mkEnableOption (lib.mdDoc "Traefik web server"); + enable = mkEnableOption "Traefik web server"; staticConfigFile = mkOption { default = null; example = literalExpression "/path/to/static_config.toml"; type = types.nullOr types.path; - description = lib.mdDoc '' + description = '' Path to traefik's static configuration to use. (Using that option has precedence over `staticConfigOptions` and `dynamicConfigOptions`) ''; }; staticConfigOptions = mkOption { - description = lib.mdDoc '' + description = '' Static configuration for Traefik. ''; type = jsonValue; @@ -85,14 +85,14 @@ in { default = null; example = literalExpression "/path/to/dynamic_config.toml"; type = types.nullOr types.path; - description = lib.mdDoc '' + description = '' Path to traefik's dynamic configuration to use. (Using that option has precedence over `dynamicConfigOptions`) ''; }; dynamicConfigOptions = mkOption { - description = lib.mdDoc '' + description = '' Dynamic configuration for Traefik. ''; type = jsonValue; @@ -111,7 +111,7 @@ in { dataDir = mkOption { default = "/var/lib/traefik"; type = types.path; - description = lib.mdDoc '' + description = '' Location for any persistent data traefik creates, ie. acme ''; }; @@ -120,7 +120,7 @@ in { default = "traefik"; type = types.str; example = "docker"; - description = lib.mdDoc '' + description = '' Set the group that traefik runs under. For the docker backend this needs to be set to `docker` instead. ''; @@ -132,7 +132,7 @@ in { default = []; type = types.listOf types.path; example = [ "/run/secrets/traefik.env" ]; - description = lib.mdDoc '' + description = '' Files to load as environment file. Environment variables from this file will be substituted into the static configuration file using envsubst. ''; diff --git a/nixos/modules/services/web-servers/trafficserver/default.nix b/nixos/modules/services/web-servers/trafficserver/default.nix index 17dece8746a1a..1cae7c7e13df2 100644 --- a/nixos/modules/services/web-servers/trafficserver/default.nix +++ b/nixos/modules/services/web-servers/trafficserver/default.nix @@ -33,13 +33,13 @@ let in { options.services.trafficserver = { - enable = mkEnableOption (lib.mdDoc "Apache Traffic Server"); + enable = mkEnableOption "Apache Traffic Server"; cache = mkOption { type = types.lines; default = ""; example = "dest_domain=example.com suffix=js action=never-cache"; - description = lib.mdDoc '' + description = '' Caching rules that overrule the origin's caching policy. Consult the [upstream @@ -51,7 +51,7 @@ in type = types.lines; default = ""; example = "domain=example.com volume=1"; - description = lib.mdDoc '' + description = '' Partition the cache according to origin server or domain Consult the [ @@ -73,7 +73,7 @@ in }]; } ''; - description = lib.mdDoc '' + description = '' Control client access to Traffic Server and Traffic Server connections to upstream servers. @@ -87,7 +87,7 @@ in default = lib.importJSON ./logging.json; defaultText = literalMD "upstream defaults"; example = { }; - description = lib.mdDoc '' + description = '' Configure logs. Consult the [upstream @@ -101,7 +101,7 @@ in example = '' dest_domain=. method=get parent="p1.example:8080; p2.example:8080" round_robin=true ''; - description = lib.mdDoc '' + description = '' Identify the parent proxies used in an cache hierarchy. Consult the [upstream @@ -112,7 +112,7 @@ in plugins = mkOption { default = [ ]; - description = lib.mdDoc '' + description = '' Controls run-time loadable plugins available to Traffic Server, as well as their configuration. @@ -125,7 +125,7 @@ in options.path = mkOption { type = str; example = "xdebug.so"; - description = lib.mdDoc '' + description = '' Path to plugin. The path can either be absolute, or relative to the plugin directory. ''; @@ -134,7 +134,7 @@ in type = str; default = ""; example = "--header=ATS-My-Debug"; - description = lib.mdDoc "arguments to pass to the plugin"; + description = "arguments to pass to the plugin"; }; }); }; @@ -148,7 +148,7 @@ in valueType; default = { }; example = { proxy.config.proxy_name = "my_server"; }; - description = lib.mdDoc '' + description = '' List of configurable variables used by Traffic Server. Consult the [ @@ -160,7 +160,7 @@ in type = types.lines; default = ""; example = "map http://from.example http://origin.example"; - description = lib.mdDoc '' + description = '' URL remapping rules used by Traffic Server. Consult the [ @@ -175,7 +175,7 @@ in dest_domain=internal.corp.example named="255.255.255.255:212 255.255.255.254" def_domain=corp.example search_list="corp.example corp1.example" dest_domain=!internal.corp.example named=255.255.255.253 ''; - description = lib.mdDoc '' + description = '' Specify the DNS server that Traffic Server should use under specific conditions. @@ -188,7 +188,7 @@ in type = types.lines; default = ""; example = "dest_ip=* ssl_cert_name=default.pem"; - description = lib.mdDoc '' + description = '' Configure SSL server certificates to terminate the SSL sessions. Consult the [ @@ -207,7 +207,7 @@ in }]; } ''; - description = lib.mdDoc '' + description = '' Configure aspects of TLS connection handling for both inbound and outbound connections. @@ -220,7 +220,7 @@ in type = types.lines; default = "/var/cache/trafficserver 256M"; example = "/dev/disk/by-id/XXXXX volume=1"; - description = lib.mdDoc '' + description = '' List all the storage that make up the Traffic Server cache. Consult the [ @@ -231,7 +231,7 @@ in strategies = mkOption { type = types.nullOr yaml.type; default = null; - description = lib.mdDoc '' + description = '' Specify the next hop proxies used in an cache hierarchy and the algorithms used to select the next proxy. @@ -244,7 +244,7 @@ in type = types.nullOr yaml.type; default = ""; example = "volume=1 scheme=http size=20%"; - description = lib.mdDoc '' + description = '' Manage cache space more efficiently and restrict disk usage by creating cache volumes of different sizes. diff --git a/nixos/modules/services/web-servers/unit/default.nix b/nixos/modules/services/web-servers/unit/default.nix index a5f1a872ce81c..5e7b7be91a15b 100644 --- a/nixos/modules/services/web-servers/unit/default.nix +++ b/nixos/modules/services/web-servers/unit/default.nix @@ -10,27 +10,27 @@ let in { options = { services.unit = { - enable = mkEnableOption (lib.mdDoc "Unit App Server"); + enable = mkEnableOption "Unit App Server"; package = mkPackageOption pkgs "unit" { }; user = mkOption { type = types.str; default = "unit"; - description = lib.mdDoc "User account under which unit runs."; + description = "User account under which unit runs."; }; group = mkOption { type = types.str; default = "unit"; - description = lib.mdDoc "Group account under which unit runs."; + description = "Group account under which unit runs."; }; stateDir = mkOption { type = types.path; default = "/var/spool/unit"; - description = lib.mdDoc "Unit data directory."; + description = "Unit data directory."; }; logDir = mkOption { type = types.path; default = "/var/log/unit"; - description = lib.mdDoc "Unit log directory."; + description = "Unit log directory."; }; config = mkOption { type = types.str; @@ -70,7 +70,7 @@ in { } } ''; - description = lib.mdDoc "Unit configuration in JSON format. More details here https://unit.nginx.org/configuration"; + description = "Unit configuration in JSON format. More details here https://unit.nginx.org/configuration"; }; }; }; diff --git a/nixos/modules/services/web-servers/uwsgi.nix b/nixos/modules/services/web-servers/uwsgi.nix index 510582feaae10..e4e3d346f256b 100644 --- a/nixos/modules/services/web-servers/uwsgi.nix +++ b/nixos/modules/services/web-servers/uwsgi.nix @@ -75,13 +75,13 @@ in { enable = mkOption { type = types.bool; default = false; - description = lib.mdDoc "Enable uWSGI"; + description = "Enable uWSGI"; }; runDir = mkOption { type = types.path; default = "/run/uwsgi"; - description = lib.mdDoc "Where uWSGI communication sockets can live"; + description = "Where uWSGI communication sockets can live"; }; package = mkOption { @@ -124,7 +124,7 @@ in { }; } ''; - description = lib.mdDoc '' + description = '' uWSGI configuration. It awaits an attribute `type` inside which can be either `normal` or `emperor`. @@ -142,19 +142,19 @@ in { plugins = mkOption { type = types.listOf types.str; default = []; - description = lib.mdDoc "Plugins used with uWSGI"; + description = "Plugins used with uWSGI"; }; user = mkOption { type = types.str; default = "uwsgi"; - description = lib.mdDoc "User account under which uWSGI runs."; + description = "User account under which uWSGI runs."; }; group = mkOption { type = types.str; default = "uwsgi"; - description = lib.mdDoc "Group account under which uWSGI runs."; + description = "Group account under which uWSGI runs."; }; capabilities = mkOption { @@ -167,7 +167,7 @@ in { "CAP_NET_RAW" # open raw sockets ] ''; - description = lib.mdDoc '' + description = '' Grant capabilities to the uWSGI instance. See the `capabilities(7)` for available values. diff --git a/nixos/modules/services/web-servers/varnish/default.nix b/nixos/modules/services/web-servers/varnish/default.nix index 857dd64c01beb..b8e7532b2e0a9 100644 --- a/nixos/modules/services/web-servers/varnish/default.nix +++ b/nixos/modules/services/web-servers/varnish/default.nix @@ -11,23 +11,23 @@ in { options = { services.varnish = { - enable = mkEnableOption (lib.mdDoc "Varnish Server"); + enable = mkEnableOption "Varnish Server"; - enableConfigCheck = mkEnableOption (lib.mdDoc "checking the config during build time") // { default = true; }; + enableConfigCheck = mkEnableOption "checking the config during build time" // { default = true; }; package = mkPackageOption pkgs "varnish" { }; http_address = mkOption { type = types.str; default = "*:6081"; - description = lib.mdDoc '' + description = '' HTTP listen address and port. ''; }; config = mkOption { type = types.lines; - description = lib.mdDoc '' + description = '' Verbatim default.vcl configuration. ''; }; @@ -36,7 +36,7 @@ in type = types.path; default = "/var/spool/varnish/${config.networking.hostName}"; defaultText = literalExpression ''"/var/spool/varnish/''${config.networking.hostName}"''; - description = lib.mdDoc '' + description = '' Directory holding all state for Varnish to run. ''; }; @@ -45,7 +45,7 @@ in type = types.listOf types.package; default = []; example = literalExpression "[ pkgs.varnishPackages.geoip ]"; - description = lib.mdDoc '' + description = '' Varnish modules (except 'std'). ''; }; @@ -54,7 +54,7 @@ in type = types.str; default = ""; example = "-s malloc,256M"; - description = lib.mdDoc '' + description = '' Command line switches for varnishd (run 'varnishd -?' to get list of options) ''; }; |