1 files changed, 31 insertions, 31 deletions

diff --git a/nixos/modules/security/acme/default.nix b/nixos/modules/security/acme/default.nix
index d827c448055..54b44dcab62 100644
--- a/nixos/modules/security/acme/default.nix
+++ b/nixos/modules/security/acme/default.nix
@@ -445,7 +445,7 @@ let
       validMinDays = mkOption {
         type = types.int;
         inherit (defaultAndText "validMinDays" 30) default defaultText;
-        description = "Minimum remaining validity before renewal in days.";
+        description = lib.mdDoc "Minimum remaining validity before renewal in days.";
       };
 
       renewInterval = mkOption {
@@ -466,11 +466,11 @@ let
         type = types.nullOr types.str;
         inherit (defaultAndText "webroot" null) default defaultText;
         example = "/var/lib/acme/acme-challenge";
-        description = ''
+        description = lib.mdDoc ''
           Where the webroot of the HTTP vhost is located.
-          <filename>.well-known/acme-challenge/</filename> directory
+          {file}`.well-known/acme-challenge/` directory
           will be created below the webroot if it doesn't exist.
-          <literal>http://example.org/.well-known/acme-challenge/</literal> must also
+          `http://example.org/.well-known/acme-challenge/` must also
           be available (notice unencrypted HTTP).
         '';
       };
@@ -478,17 +478,17 @@ let
       server = mkOption {
         type = types.nullOr types.str;
         inherit (defaultAndText "server" null) default defaultText;
-        description = ''
+        description = lib.mdDoc ''
           ACME Directory Resource URI. Defaults to Let's Encrypt's
           production endpoint,
-          <link xlink:href="https://acme-v02.api.letsencrypt.org/directory"/>, if unset.
+          <https://acme-v02.api.letsencrypt.org/directory>, if unset.
         '';
       };
 
       email = mkOption {
         type = types.str;
         inherit (defaultAndText "email" null) default defaultText;
-        description = ''
+        description = lib.mdDoc ''
           Email address for account creation and correspondence from the CA.
           It is recommended to use the same email for all certs to avoid account
           creation limits.
@@ -498,7 +498,7 @@ let
       group = mkOption {
         type = types.str;
         inherit (defaultAndText "group" "acme") default defaultText;
-        description = "Group running the ACME client.";
+        description = lib.mdDoc "Group running the ACME client.";
       };
 
       reloadServices = mkOption {
@@ -514,7 +514,7 @@ let
         type = types.lines;
         inherit (defaultAndText "postRun" "") default defaultText;
         example = "cp full.pem backup.pem";
-        description = ''
+        description = lib.mdDoc ''
           Commands to run after new certificates go live. Note that
           these commands run as the root user.
 
@@ -525,10 +525,10 @@ let
       keyType = mkOption {
         type = types.str;
         inherit (defaultAndText "keyType" "ec256") default defaultText;
-        description = ''
+        description = lib.mdDoc ''
           Key type to use for private keys.
           For an up to date list of supported values check the --key-type option
-          at <link xlink:href="https://go-acme.github.io/lego/usage/cli/#usage"/>.
+          at <https://go-acme.github.io/lego/usage/cli/#usage>.
         '';
       };
 
@@ -536,9 +536,9 @@ let
         type = types.nullOr types.str;
         inherit (defaultAndText "dnsProvider" null) default defaultText;
         example = "route53";
-        description = ''
+        description = lib.mdDoc ''
           DNS Challenge provider. For a list of supported providers, see the "code"
-          field of the DNS providers listed at <link xlink:href="https://go-acme.github.io/lego/dns/"/>.
+          field of the DNS providers listed at <https://go-acme.github.io/lego/dns/>.
         '';
       };
 
@@ -546,7 +546,7 @@ let
         type = types.nullOr types.str;
         inherit (defaultAndText "dnsResolver" null) default defaultText;
         example = "1.1.1.1:53";
-        description = ''
+        description = lib.mdDoc ''
           Set the resolver to use for performing recursive DNS queries. Supported:
           host:port. The default is to use the system resolvers, or Google's DNS
           resolvers if the system's cannot be determined.
@@ -556,11 +556,11 @@ let
       credentialsFile = mkOption {
         type = types.path;
         inherit (defaultAndText "credentialsFile" null) default defaultText;
-        description = ''
+        description = lib.mdDoc ''
           Path to an EnvironmentFile for the cert's service containing any required and
           optional environment variables for your selected dnsProvider.
           To find out what values you need to set, consult the documentation at
-          <link xlink:href="https://go-acme.github.io/lego/dns/"/> for the corresponding dnsProvider.
+          <https://go-acme.github.io/lego/dns/> for the corresponding dnsProvider.
         '';
         example = "/var/src/secrets/example.org-route53-api-token";
       };
@@ -568,7 +568,7 @@ let
       dnsPropagationCheck = mkOption {
         type = types.bool;
         inherit (defaultAndText "dnsPropagationCheck" true) default defaultText;
-        description = ''
+        description = lib.mdDoc ''
           Toggles lego DNS propagation check, which is used alongside DNS-01
           challenge to ensure the DNS entries required are available.
         '';
@@ -590,7 +590,7 @@ let
       extraLegoFlags = mkOption {
         type = types.listOf types.str;
         inherit (defaultAndText "extraLegoFlags" []) default defaultText;
-        description = ''
+        description = lib.mdDoc ''
           Additional global flags to pass to all lego commands.
         '';
       };
@@ -598,7 +598,7 @@ let
       extraLegoRenewFlags = mkOption {
         type = types.listOf types.str;
         inherit (defaultAndText "extraLegoRenewFlags" []) default defaultText;
-        description = ''
+        description = lib.mdDoc ''
           Additional flags to pass to lego renew.
         '';
       };
@@ -606,7 +606,7 @@ let
       extraLegoRunFlags = mkOption {
         type = types.listOf types.str;
         inherit (defaultAndText "extraLegoRunFlags" []) default defaultText;
-        description = ''
+        description = lib.mdDoc ''
           Additional flags to pass to lego run.
         '';
       };
@@ -637,13 +637,13 @@ let
         type = types.str;
         readOnly = true;
         default = "/var/lib/acme/${name}";
-        description = "Directory where certificate and other state is stored.";
+        description = lib.mdDoc "Directory where certificate and other state is stored.";
       };
 
       domain = mkOption {
         type = types.str;
         default = name;
-        description = "Domain to fetch certificate for (defaults to the entry name).";
+        description = lib.mdDoc "Domain to fetch certificate for (defaults to the entry name).";
       };
 
       extraDomainNames = mkOption {
@@ -655,7 +655,7 @@ let
             "mydomain.org"
           ]
         '';
-        description = ''
+        description = lib.mdDoc ''
           A list of extra domain names, which are included in the one certificate to be issued.
         '';
       };
@@ -667,7 +667,7 @@ let
         type = types.nullOr types.str;
         default = null;
         example = ":1360";
-        description = ''
+        description = lib.mdDoc ''
           Interface and port to listen on to solve HTTP challenges
           in the form [INTERFACE]:PORT.
           If you use a port other than 80, you must proxy port 80 to this port.
@@ -690,7 +690,7 @@ in {
       preliminarySelfsigned = mkOption {
         type = types.bool;
         default = true;
-        description = ''
+        description = lib.mdDoc ''
           Whether a preliminary self-signed certificate should be generated before
           doing ACME requests. This can be useful when certificates are required in
           a webserver, but ACME needs the webserver to make its requests.
@@ -703,16 +703,16 @@ in {
       acceptTerms = mkOption {
         type = types.bool;
         default = false;
-        description = ''
+        description = lib.mdDoc ''
           Accept the CA's terms of service. The default provider is Let's Encrypt,
-          you can find their ToS at <link xlink:href="https://letsencrypt.org/repository/"/>.
+          you can find their ToS at <https://letsencrypt.org/repository/>.
         '';
       };
 
       useRoot = mkOption {
         type = types.bool;
         default = false;
-        description = ''
+        description = lib.mdDoc ''
           Whether to use the root user when generating certs. This is not recommended
           for security + compatiblity reasons. If a service requires root owned certificates
           consider following the guide on "Using ACME with services demanding root
@@ -723,7 +723,7 @@ in {
 
       defaults = mkOption {
         type = types.submodule (inheritableModule true);
-        description = ''
+        description = lib.mdDoc ''
           Default values inheritable by all configured certs. You can
           use this to define options shared by all your certs. These defaults
           can also be ignored on a per-cert basis using the
@@ -734,9 +734,9 @@ in {
       certs = mkOption {
         default = { };
         type = with types; attrsOf (submodule [ (inheritableModule false) certOpts ]);
-        description = ''
+        description = lib.mdDoc ''
           Attribute set of certificates to get signed and renewed. Creates
-          <literal>acme-''${cert}.{service,timer}</literal> systemd units for
+          `acme-''${cert}.{service,timer}` systemd units for
           each certificate defined here. Other services can add dependencies
           to those units if they rely on the certificates being present,
           or trigger restarts of the service if certificates get renewed.