1 files changed, 24 insertions, 24 deletions
diff --git a/nixos/modules/services/security/fail2ban.nix b/nixos/modules/services/security/fail2ban.nix
index 67e1026dcef..24c84151bc7 100644
--- a/nixos/modules/services/security/fail2ban.nix
+++ b/nixos/modules/services/security/fail2ban.nix
@@ -45,10 +45,10 @@ in
       enable = mkOption {
         default = false;
         type = types.bool;
-        description = ''
+        description = lib.mdDoc ''
           Whether to enable the fail2ban service.
 
-          See the documentation of <option>services.fail2ban.jails</option>
+          See the documentation of {option}`services.fail2ban.jails`
           for what jails are enabled by default.
         '';
       };
@@ -58,7 +58,7 @@ in
         defaultText = literalExpression "pkgs.fail2ban";
         type = types.package;
         example = literalExpression "pkgs.fail2ban_0_11";
-        description = "The fail2ban package to use for running the fail2ban service.";
+        description = lib.mdDoc "The fail2ban package to use for running the fail2ban service.";
       };
 
       packageFirewall = mkOption {
@@ -66,7 +66,7 @@ in
         defaultText = literalExpression "pkgs.iptables";
         type = types.package;
         example = literalExpression "pkgs.nftables";
-        description = "The firewall package used by fail2ban service.";
+        description = lib.mdDoc "The firewall package used by fail2ban service.";
       };
 
       extraPackages = mkOption {
@@ -82,14 +82,14 @@ in
       maxretry = mkOption {
         default = 3;
         type = types.ints.unsigned;
-        description = "Number of failures before a host gets banned.";
+        description = lib.mdDoc "Number of failures before a host gets banned.";
       };
 
       banaction = mkOption {
         default = "iptables-multiport";
         type = types.str;
         example = "nftables-multiport";
-        description = ''
+        description = lib.mdDoc ''
           Default banning action (e.g. iptables, iptables-new, iptables-multiport,
           shorewall, etc) It is used to define action_* variables. Can be overridden
           globally or per section within jail.local file
@@ -100,7 +100,7 @@ in
         default = "iptables-allport";
         type = types.str;
         example = "nftables-allport";
-        description = ''
+        description = lib.mdDoc ''
           Default banning action (e.g. iptables, iptables-new, iptables-multiport,
           shorewall, etc) It is used to define action_* variables. Can be overridden
           globally or per section within jail.local file
@@ -110,7 +110,7 @@ in
       bantime-increment.enable = mkOption {
         default = false;
         type = types.bool;
-        description = ''
+        description = lib.mdDoc ''
           Allows to use database for searching of previously banned ip's to increase
           a default ban time using special formula, default it is banTime * 1, 2, 4, 8, 16, 32...
         '';
@@ -120,7 +120,7 @@ in
         default = "4m";
         type = types.str;
         example = "8m";
-        description = ''
+        description = lib.mdDoc ''
           "bantime-increment.rndtime" is the max number of seconds using for mixing with random time
           to prevent "clever" botnets calculate exact time IP can be unbanned again
         '';
@@ -130,7 +130,7 @@ in
         default = "10h";
         type = types.str;
         example = "48h";
-        description = ''
+        description = lib.mdDoc ''
           "bantime-increment.maxtime" is the max number of seconds using the ban time can reach (don't grows further)
         '';
       };
@@ -139,7 +139,7 @@ in
         default = "1";
         type = types.str;
         example = "4";
-        description = ''
+        description = lib.mdDoc ''
           "bantime-increment.factor" is a coefficient to calculate exponent growing of the formula or common multiplier,
           default value of factor is 1 and with default value of formula, the ban time grows by 1, 2, 4, 8, 16 ...
         '';
@@ -149,7 +149,7 @@ in
         default = "ban.Time * (1<<(ban.Count if ban.Count<20 else 20)) * banFactor";
         type = types.str;
         example = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)";
-        description = ''
+        description = lib.mdDoc ''
           "bantime-increment.formula" used by default to calculate next value of ban time, default value bellow,
           the same ban time growing will be reached by multipliers 1, 2, 4, 8, 16, 32...
         '';
@@ -159,7 +159,7 @@ in
         default = "1 2 4 8 16 32 64";
         type = types.str;
         example = "2 4 16 128";
-        description = ''
+        description = lib.mdDoc ''
           "bantime-increment.multipliers" used to calculate next value of ban time instead of formula, coresponding
           previously ban count and given "bantime.factor" (for multipliers default is 1);
           following example grows ban time by 1, 2, 4, 8, 16 ... and if last ban count greater as multipliers count,
@@ -171,7 +171,7 @@ in
         default = false;
         type = types.bool;
         example = true;
-        description = ''
+        description = lib.mdDoc ''
           "bantime-increment.overalljails"  (if true) specifies the search of IP in the database will be executed
           cross over all jails, if false (dafault), only current jail of the ban IP will be searched
         '';
@@ -181,7 +181,7 @@ in
         default = [ ];
         type = types.listOf types.str;
         example = [ "192.168.0.0/16" "2001:DB8::42" ];
-        description = ''
+        description = lib.mdDoc ''
           "ignoreIP" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban will not ban a host which
           matches an address in this list. Several addresses can be defined using space (and/or comma) separator.
         '';
@@ -196,7 +196,7 @@ in
           dbfile    = /var/lib/fail2ban/fail2ban.sqlite3
         '';
         type = types.lines;
-        description = ''
+        description = lib.mdDoc ''
           The contents of Fail2ban's main configuration file.  It's
           generally not necessary to change it.
        '';
@@ -219,22 +219,22 @@ in
           }
         '';
         type = types.attrsOf types.lines;
-        description = ''
+        description = lib.mdDoc ''
           The configuration of each Fail2ban “jail”.  A jail
           consists of an action (such as blocking a port using
-          <command>iptables</command>) that is triggered when a
+          {command}`iptables`) that is triggered when a
           filter applied to a log file triggers more than a certain
           number of times in a certain time period.  Actions are
-          defined in <filename>/etc/fail2ban/action.d</filename>,
+          defined in {file}`/etc/fail2ban/action.d`,
           while filters are defined in
-          <filename>/etc/fail2ban/filter.d</filename>.
+          {file}`/etc/fail2ban/filter.d`.
 
-          NixOS comes with a default <literal>sshd</literal> jail;
+          NixOS comes with a default `sshd` jail;
           for it to work well,
-          <option>services.openssh.logLevel</option> should be set to
-          <literal>"VERBOSE"</literal> or higher so that fail2ban
+          {option}`services.openssh.logLevel` should be set to
+          `"VERBOSE"` or higher so that fail2ban
           can observe failed login attempts.
-          This module sets it to <literal>"VERBOSE"</literal> if
+          This module sets it to `"VERBOSE"` if
           not set otherwise, so enabling fail2ban can make SSH logs
           more verbose.
         '';