diff options
Diffstat (limited to 'nixos/modules/services/networking/wireguard.nix')
-rw-r--r-- | nixos/modules/services/networking/wireguard.nix | 52 |
1 files changed, 26 insertions, 26 deletions
diff --git a/nixos/modules/services/networking/wireguard.nix b/nixos/modules/services/networking/wireguard.nix index a3c3c245f1d..412e9c921f5 100644 --- a/nixos/modules/services/networking/wireguard.nix +++ b/nixos/modules/services/networking/wireguard.nix @@ -19,15 +19,15 @@ let example = [ "192.168.2.1/24" ]; default = []; type = with types; listOf str; - description = "The IP addresses of the interface."; + description = lib.mdDoc "The IP addresses of the interface."; }; privateKey = mkOption { example = "yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk="; type = with types; nullOr str; default = null; - description = '' - Base64 private key generated by <command>wg genkey</command>. + description = lib.mdDoc '' + Base64 private key generated by {command}`wg genkey`. Warning: Consider using privateKeyFile instead if you do not want to store the key in the world-readable Nix store. @@ -37,9 +37,9 @@ let generatePrivateKeyFile = mkOption { default = false; type = types.bool; - description = '' + description = lib.mdDoc '' Automatically generate a private key with - <command>wg genkey</command>, at the privateKeyFile location. + {command}`wg genkey`, at the privateKeyFile location. ''; }; @@ -47,8 +47,8 @@ let example = "/private/wireguard_key"; type = with types; nullOr str; default = null; - description = '' - Private key file as generated by <command>wg genkey</command>. + description = lib.mdDoc '' + Private key file as generated by {command}`wg genkey`. ''; }; @@ -56,7 +56,7 @@ let default = null; type = with types; nullOr int; example = 51820; - description = '' + description = lib.mdDoc '' 16-bit port for listening. Optional; if not specified, automatically generated based on interface name. ''; @@ -66,7 +66,7 @@ let example = literalExpression ''"''${pkgs.iproute2}/bin/ip netns add foo"''; default = ""; type = with types; coercedTo (listOf str) (concatStringsSep "\n") lines; - description = '' + description = lib.mdDoc '' Commands called at the start of the interface setup. ''; }; @@ -77,20 +77,20 @@ let ''; default = ""; type = with types; coercedTo (listOf str) (concatStringsSep "\n") lines; - description = "Commands called at the end of the interface setup."; + description = lib.mdDoc "Commands called at the end of the interface setup."; }; postShutdown = mkOption { example = literalExpression ''"''${pkgs.openresolv}/bin/resolvconf -d wg0"''; default = ""; type = with types; coercedTo (listOf str) (concatStringsSep "\n") lines; - description = "Commands called after shutting down the interface."; + description = lib.mdDoc "Commands called after shutting down the interface."; }; table = mkOption { default = "main"; type = types.str; - description = '' + description = lib.mdDoc '' The kernel routing table to add this interface's associated routes to. Setting this is useful for e.g. policy routing ("ip rule") or virtual routing and forwarding ("ip vrf"). Both @@ -101,7 +101,7 @@ let peers = mkOption { default = []; - description = "Peers linked to the interface."; + description = lib.mdDoc "Peers linked to the interface."; type = with types; listOf (submodule peerOpts); }; @@ -109,7 +109,7 @@ let example = false; default = true; type = types.bool; - description = '' + description = lib.mdDoc '' Determines whether to add allowed IPs as routes or not. ''; }; @@ -152,15 +152,15 @@ let publicKey = mkOption { example = "xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg="; type = types.str; - description = "The base64 public key of the peer."; + description = lib.mdDoc "The base64 public key of the peer."; }; presharedKey = mkOption { default = null; example = "rVXs/Ni9tu3oDBLS4hOyAUAa1qTWVA3loR8eL20os3I="; type = with types; nullOr str; - description = '' - Base64 preshared key generated by <command>wg genpsk</command>. + description = lib.mdDoc '' + Base64 preshared key generated by {command}`wg genpsk`. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance. @@ -174,8 +174,8 @@ let default = null; example = "/private/wireguard_psk"; type = with types; nullOr str; - description = '' - File pointing to preshared key as generated by <command>wg genpsk</command>. + description = lib.mdDoc '' + File pointing to preshared key as generated by {command}`wg genpsk`. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance. @@ -185,7 +185,7 @@ let allowedIPs = mkOption { example = [ "10.192.122.3/32" "10.192.124.1/24" ]; type = with types; listOf str; - description = ''List of IP (v4 or v6) addresses with CIDR masks from + description = lib.mdDoc ''List of IP (v4 or v6) addresses with CIDR masks from which this peer is allowed to send incoming traffic and to which outgoing traffic for this peer is directed. The catch-all 0.0.0.0/0 may be specified for matching all IPv4 addresses, and ::/0 may be specified @@ -216,12 +216,12 @@ let default = 0; example = 5; type = with types; int; - description = '' - Periodically re-execute the <literal>wg</literal> utility every + description = lib.mdDoc '' + Periodically re-execute the `wg` utility every this many seconds in order to let WireGuard notice DNS / hostname changes. - Setting this to <literal>0</literal> disables periodic reexecution. + Setting this to `0` disables periodic reexecution. ''; }; @@ -229,7 +229,7 @@ let default = null; type = with types; nullOr int; example = 25; - description = ''This is optional and is by default off, because most + description = lib.mdDoc ''This is optional and is by default off, because most users will not need it. It represents, in seconds, between 1 and 65535 inclusive, how often to send an authenticated empty packet to the peer, for the purpose of keeping a stateful firewall or NAT mapping valid @@ -437,7 +437,7 @@ in networking.wireguard = { enable = mkOption { - description = "Whether to enable WireGuard."; + description = lib.mdDoc "Whether to enable WireGuard."; type = types.bool; # 2019-05-25: Backwards compatibility. default = cfg.interfaces != {}; @@ -446,7 +446,7 @@ in }; interfaces = mkOption { - description = "WireGuard interfaces."; + description = lib.mdDoc "WireGuard interfaces."; default = {}; example = { wg0 = { |