summary refs log tree commit diff
path: root/nixos/modules/services/networking/wireguard.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/modules/services/networking/wireguard.nix')
-rw-r--r--nixos/modules/services/networking/wireguard.nix52
1 files changed, 26 insertions, 26 deletions
diff --git a/nixos/modules/services/networking/wireguard.nix b/nixos/modules/services/networking/wireguard.nix
index a3c3c245f1d..412e9c921f5 100644
--- a/nixos/modules/services/networking/wireguard.nix
+++ b/nixos/modules/services/networking/wireguard.nix
@@ -19,15 +19,15 @@ let
         example = [ "192.168.2.1/24" ];
         default = [];
         type = with types; listOf str;
-        description = "The IP addresses of the interface.";
+        description = lib.mdDoc "The IP addresses of the interface.";
       };
 
       privateKey = mkOption {
         example = "yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk=";
         type = with types; nullOr str;
         default = null;
-        description = ''
-          Base64 private key generated by <command>wg genkey</command>.
+        description = lib.mdDoc ''
+          Base64 private key generated by {command}`wg genkey`.
 
           Warning: Consider using privateKeyFile instead if you do not
           want to store the key in the world-readable Nix store.
@@ -37,9 +37,9 @@ let
       generatePrivateKeyFile = mkOption {
         default = false;
         type = types.bool;
-        description = ''
+        description = lib.mdDoc ''
           Automatically generate a private key with
-          <command>wg genkey</command>, at the privateKeyFile location.
+          {command}`wg genkey`, at the privateKeyFile location.
         '';
       };
 
@@ -47,8 +47,8 @@ let
         example = "/private/wireguard_key";
         type = with types; nullOr str;
         default = null;
-        description = ''
-          Private key file as generated by <command>wg genkey</command>.
+        description = lib.mdDoc ''
+          Private key file as generated by {command}`wg genkey`.
         '';
       };
 
@@ -56,7 +56,7 @@ let
         default = null;
         type = with types; nullOr int;
         example = 51820;
-        description = ''
+        description = lib.mdDoc ''
           16-bit port for listening. Optional; if not specified,
           automatically generated based on interface name.
         '';
@@ -66,7 +66,7 @@ let
         example = literalExpression ''"''${pkgs.iproute2}/bin/ip netns add foo"'';
         default = "";
         type = with types; coercedTo (listOf str) (concatStringsSep "\n") lines;
-        description = ''
+        description = lib.mdDoc ''
           Commands called at the start of the interface setup.
         '';
       };
@@ -77,20 +77,20 @@ let
         '';
         default = "";
         type = with types; coercedTo (listOf str) (concatStringsSep "\n") lines;
-        description = "Commands called at the end of the interface setup.";
+        description = lib.mdDoc "Commands called at the end of the interface setup.";
       };
 
       postShutdown = mkOption {
         example = literalExpression ''"''${pkgs.openresolv}/bin/resolvconf -d wg0"'';
         default = "";
         type = with types; coercedTo (listOf str) (concatStringsSep "\n") lines;
-        description = "Commands called after shutting down the interface.";
+        description = lib.mdDoc "Commands called after shutting down the interface.";
       };
 
       table = mkOption {
         default = "main";
         type = types.str;
-        description = ''
+        description = lib.mdDoc ''
           The kernel routing table to add this interface's
           associated routes to. Setting this is useful for e.g. policy routing
           ("ip rule") or virtual routing and forwarding ("ip vrf"). Both
@@ -101,7 +101,7 @@ let
 
       peers = mkOption {
         default = [];
-        description = "Peers linked to the interface.";
+        description = lib.mdDoc "Peers linked to the interface.";
         type = with types; listOf (submodule peerOpts);
       };
 
@@ -109,7 +109,7 @@ let
         example = false;
         default = true;
         type = types.bool;
-        description = ''
+        description = lib.mdDoc ''
           Determines whether to add allowed IPs as routes or not.
         '';
       };
@@ -152,15 +152,15 @@ let
       publicKey = mkOption {
         example = "xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg=";
         type = types.str;
-        description = "The base64 public key of the peer.";
+        description = lib.mdDoc "The base64 public key of the peer.";
       };
 
       presharedKey = mkOption {
         default = null;
         example = "rVXs/Ni9tu3oDBLS4hOyAUAa1qTWVA3loR8eL20os3I=";
         type = with types; nullOr str;
-        description = ''
-          Base64 preshared key generated by <command>wg genpsk</command>.
+        description = lib.mdDoc ''
+          Base64 preshared key generated by {command}`wg genpsk`.
           Optional, and may be omitted. This option adds an additional layer of
           symmetric-key cryptography to be mixed into the already existing
           public-key cryptography, for post-quantum resistance.
@@ -174,8 +174,8 @@ let
         default = null;
         example = "/private/wireguard_psk";
         type = with types; nullOr str;
-        description = ''
-          File pointing to preshared key as generated by <command>wg genpsk</command>.
+        description = lib.mdDoc ''
+          File pointing to preshared key as generated by {command}`wg genpsk`.
           Optional, and may be omitted. This option adds an additional layer of
           symmetric-key cryptography to be mixed into the already existing
           public-key cryptography, for post-quantum resistance.
@@ -185,7 +185,7 @@ let
       allowedIPs = mkOption {
         example = [ "10.192.122.3/32" "10.192.124.1/24" ];
         type = with types; listOf str;
-        description = ''List of IP (v4 or v6) addresses with CIDR masks from
+        description = lib.mdDoc ''List of IP (v4 or v6) addresses with CIDR masks from
         which this peer is allowed to send incoming traffic and to which
         outgoing traffic for this peer is directed. The catch-all 0.0.0.0/0 may
         be specified for matching all IPv4 addresses, and ::/0 may be specified
@@ -216,12 +216,12 @@ let
         default = 0;
         example = 5;
         type = with types; int;
-        description = ''
-          Periodically re-execute the <literal>wg</literal> utility every
+        description = lib.mdDoc ''
+          Periodically re-execute the `wg` utility every
           this many seconds in order to let WireGuard notice DNS / hostname
           changes.
 
-          Setting this to <literal>0</literal> disables periodic reexecution.
+          Setting this to `0` disables periodic reexecution.
         '';
       };
 
@@ -229,7 +229,7 @@ let
         default = null;
         type = with types; nullOr int;
         example = 25;
-        description = ''This is optional and is by default off, because most
+        description = lib.mdDoc ''This is optional and is by default off, because most
         users will not need it. It represents, in seconds, between 1 and 65535
         inclusive, how often to send an authenticated empty packet to the peer,
         for the purpose of keeping a stateful firewall or NAT mapping valid
@@ -437,7 +437,7 @@ in
     networking.wireguard = {
 
       enable = mkOption {
-        description = "Whether to enable WireGuard.";
+        description = lib.mdDoc "Whether to enable WireGuard.";
         type = types.bool;
         # 2019-05-25: Backwards compatibility.
         default = cfg.interfaces != {};
@@ -446,7 +446,7 @@ in
       };
 
       interfaces = mkOption {
-        description = "WireGuard interfaces.";
+        description = lib.mdDoc "WireGuard interfaces.";
         default = {};
         example = {
           wg0 = {
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-08 12:34:03 +0000