mirrors_public/oddlama_nix-config
1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-10 23:00:39 +02:00
Code Activity

chore: remove uses of mdDoc

Browse source
This commit is contained in:
oddlama 2023-12-23 00:12:53 +01:00
parent d5304bbe2b
commit cb1565c713
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
8 changed files with 33 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

5
modules/acme-wildcard.nix
View file

@ -10,7 +10,6 @@
genAttrs
hasInfix
head
mdDoc
mkIf
mkOption
removeSuffix
@ -21,7 +20,7 @@ in {
default = [];
example = ["example.org"];
type = types.listOf types.str;
description = mdDoc ''
description = ''
All domains for which a wildcard certificate will be generated.
This will define the given `security.acme.certs` and set `extraDomainNames` correctly,
but does not fill any options such as credentials or dnsProvider. These have to be set
@ -34,7 +33,7 @@ in {
options.useACMEWildcardHost = mkOption {
type = types.bool;
default = false;
description = mdDoc ''Automatically set useACMEHost with the correct wildcard domain for the virtualHosts's main domain.'';
description = ''Automatically set useACMEHost with the correct wildcard domain for the virtualHosts's main domain.'';
};
config = let
# This retrieves all matching wildcard certs that would include

7
modules/deterministic-ids.nix
View file

@ -9,7 +9,6 @@
flip
mapAttrsToList
mkDefault
mdDoc
mkIf
mkOption
types
@ -20,7 +19,7 @@ in {
options = {
users.deterministicIds = mkOption {
default = {};
description = mdDoc ''
description = ''
Maps a user or group name to its expected uid/gid values. If a user/group is
used on the system without specifying a uid/gid, this module will assign the
corresponding ids defined here, or show an error if the definition is missing.
@ -30,12 +29,12 @@ in {
uid = mkOption {
type = types.nullOr types.int;
default = null;
description = mdDoc "The uid to assign if it is missing in `users.users.<name>`.";
description = "The uid to assign if it is missing in `users.users.<name>`.";
};
gid = mkOption {
type = types.nullOr types.int;
default = null;
description = mdDoc "The gid to assign if it is missing in `users.groups.<name>`.";
description = "The gid to assign if it is missing in `users.groups.<name>`.";
};
};
});

3
modules/distributed-config.nix
View file

@ -9,7 +9,6 @@
attrNames
concatMap
getAttrFromPath
mdDoc
mkOption
mkOptionType
mkMerge
@ -22,7 +21,7 @@ in {
# TODO expose exactly what we can configure! not everything
options.nodes = mkOption {
default = {};
description = mdDoc "Allows extending the configuration of other machines.";
description = "Allows extending the configuration of other machines.";
type = types.attrsOf (mkOptionType {
name = "Toplevel NixOS config";
merge = _loc: map (x: x.value);

11
modules/oauth2-proxy.nix
View file

@ -6,7 +6,6 @@
inherit
(lib)
concatStringsSep
mdDoc
mkDefault
mkEnableOption
mkIf
@ -18,27 +17,27 @@
cfg = config.meta.oauth2_proxy;
in {
options.meta.oauth2_proxy = {
enable = mkEnableOption (mdDoc "oauth2 proxy");
enable = mkEnableOption "oauth2 proxy";
cookieDomain = mkOption {
type = types.str;
description = mdDoc "The domain under which to store the credential cookie, and to which redirects will be allowed.";
description = "The domain under which to store the credential cookie, and to which redirects will be allowed.";
};
portalDomain = mkOption {
type = types.str;
description = mdDoc "A domain on which to setup the oauth2 callback.";
description = "A domain on which to setup the oauth2 callback.";
};
};
options.services.nginx.virtualHosts = mkOption {
type = types.attrsOf (types.submodule ({config, ...}: {
options.oauth2 = {
enable = mkEnableOption (mdDoc "access protection of this resource using oauth2_proxy.");
enable = mkEnableOption "access protection of this resource using oauth2_proxy.";
allowedGroups = mkOption {
type = types.listOf types.str;
default = [];
description = mdDoc ''
description = ''
A list of groups that are allowed to access this resource, or the
empty list to allow any authenticated client.
'';

5
modules/promtail.nix
View file

@ -7,7 +7,6 @@
}: let
inherit
(lib)
mdDoc
mkEnableOption
mkIf
mkOption
@ -17,10 +16,10 @@
cfg = config.meta.promtail;
in {
options.meta.promtail = {
enable = mkEnableOption (mdDoc "promtail to push logs to a loki instance.");
enable = mkEnableOption "promtail to push logs to a loki instance.";
proxy = mkOption {
type = types.str;
description = mdDoc "The node name of the proxy server which provides the https loki api endpoint.";
description = "The node name of the proxy server which provides the https loki api endpoint.";
};
};

3
modules/secrets.nix
View file

@ -9,7 +9,6 @@
assertMsg
literalExpression
mapAttrs
mdDoc
mkOption
types
;
@ -42,7 +41,7 @@ in {
default = {};
type = types.attrsOf types.path;
example = literalExpression "{ local = ./secrets.nix.age; }";
description = mdDoc ''
description = ''
This file manages the origin for this machine's repository-secrets. Anything that is
technically not a secret in the classical sense (i.e. that it has to be protected
after it has been deployed), but something you want to keep secret from the public;

9
modules/wireguard-proxy.nix
View file

@ -8,7 +8,6 @@
(lib)
attrNames
flip
mdDoc
mkIf
mkMerge
mkOption
@ -19,7 +18,7 @@
in {
options.meta.wireguard-proxy = mkOption {
default = {};
description = mdDoc ''
description = ''
Each entry here will setup a wireguard network that connects via the
given node and adds appropriate firewall zones. There will be a zone for
the interface and one for the proxy server specifically. A corresponding
@ -30,17 +29,17 @@ in {
nicName = mkOption {
type = types.str;
default = "proxy-${name}";
description = mdDoc "The name for the created wireguard network and its interface";
description = "The name for the created wireguard network and its interface";
};
allowedTCPPorts = mkOption {
type = types.listOf types.int;
default = [];
description = mdDoc "Convenience option to allow incoming TCP connections from the proxy server (just the server, not the entire network).";
description = "Convenience option to allow incoming TCP connections from the proxy server (just the server, not the entire network).";
};
allowedUDPPorts = mkOption {
type = types.listOf types.int;
default = [];
description = mdDoc "Convenience option to allow incoming UDP connections from the proxy server (just the server, not the entire network).";
description = "Convenience option to allow incoming UDP connections from the proxy server (just the server, not the entire network).";
};
};
}));

31
modules/wireguard.nix
View file

@ -17,7 +17,6 @@
genAttrs
head
mapAttrsToList
mdDoc
mergeToplevelConfigs
mkIf
mkOption
@ -256,32 +255,32 @@ in {
host = mkOption {
default = null;
type = types.nullOr types.str;
description = mdDoc "The hostname or ip address which other peers can use to reach this host. No server funnctionality will be activated if set to null.";
description = "The hostname or ip address which other peers can use to reach this host. No server funnctionality will be activated if set to null.";
};
port = mkOption {
default = 51820;
type = types.port;
description = mdDoc "The port to listen on.";
description = "The port to listen on.";
};
openFirewall = mkOption {
default = false;
type = types.bool;
description = mdDoc "Whether to open the firewall for the specified {option}`port`.";
description = "Whether to open the firewall for the specified {option}`port`.";
};
openFirewallRules = mkOption {
default = [];
type = types.listOf types.str;
description = mdDoc "The {option}`port` will be opened for all of the given rules in the nftable-firewall.";
description = "The {option}`port` will be opened for all of the given rules in the nftable-firewall.";
};
externalPeers = mkOption {
type = types.attrsOf (types.listOf (types.net.ip-in config.addresses));
default = {};
example = {my-android-phone = ["10.0.0.97"];};
description = mdDoc ''
description = ''
Allows defining an extra set of peers that should be added to this wireguard network,
but will not be managed by this flake. (e.g. phones)
@ -295,7 +294,7 @@ in {
type = types.listOf types.net.cidr;
default = [];
example = ["10.0.0.1/24" "fd00:cafe::/64"];
description = mdDoc ''
description = ''
Allows defining extra cidr network ranges that shall be reserved for this network.
Reservation means that those address spaces will be guaranteed to be included in
the spanned network, but no rules will be enforced as to who in the network may use them.
@ -312,7 +311,7 @@ in {
via = mkOption {
default = null;
type = types.nullOr types.str;
description = mdDoc ''
description = ''
The server node via which to connect to the network.
No client functionality will be activated if set to null.
'';
@ -321,27 +320,27 @@ in {
keepalive = mkOption {
default = true;
type = types.bool;
description = mdDoc "Whether to keep this connection alive using PersistentKeepalive. Set to false only for networks where client and server IPs are stable.";
description = "Whether to keep this connection alive using PersistentKeepalive. Set to false only for networks where client and server IPs are stable.";
};
};
priority = mkOption {
default = 40;
type = types.int;
description = mdDoc "The order priority used when creating systemd netdev and network files.";
description = "The order priority used when creating systemd netdev and network files.";
};
linkName = mkOption {
default = name;
type = types.str;
description = mdDoc "The name for the created network interface.";
description = "The name for the created network interface.";
};
unitConfName = mkOption {
default = "${toString config.priority}-${config.linkName}";
readOnly = true;
type = types.str;
description = mdDoc ''
description = ''
The name used for unit configuration files. This is a read-only option.
Access this if you want to add additional settings to the generated systemd units.
'';
@ -350,7 +349,7 @@ in {
ipv4 = mkOption {
type = types.lazyOf types.net.ipv4;
default = types.lazyValue (wireguard name).assignedIpv4Addresses.${nodeName};
description = mdDoc ''
description = ''
The ipv4 address for this machine. If you do not set this explicitly,
a semi-stable ipv4 address will be derived automatically based on the
hostname of this machine. At least one participating server must reserve
@ -362,7 +361,7 @@ in {
ipv6 = mkOption {
type = types.lazyOf types.net.ipv6;
default = types.lazyValue (wireguard name).assignedIpv6Addresses.${nodeName};
description = mdDoc ''
description = ''
The ipv6 address for this machine. If you do not set this explicitly,
a semi-stable ipv6 address will be derived automatically based on the
hostname of this machine. At least one participating server must reserve
@ -377,7 +376,7 @@ in {
(head options.ipv4.definitions)
(head options.ipv6.definitions)
];
description = mdDoc ''
description = ''
The ip addresses (v4 and/or v6) to use for this machine.
The actual network cidr will automatically be derived from all network participants.
By default this will just include {option}`ipv4` and {option}`ipv6` as configured.
@ -394,7 +393,7 @@ in {
type = types.listOf types.net.cidr;
default = [];
example = ["0.0.0.0/0"];
description = mdDoc ''
description = ''
Additional networks that are accessible through this machine. This will allow
other participants of the network to access these networks through the tunnel.