diff options
Diffstat (limited to 'nixos/modules/services/security/kanidm.nix')
-rw-r--r-- | nixos/modules/services/security/kanidm.nix | 46 |
1 files changed, 23 insertions, 23 deletions
diff --git a/nixos/modules/services/security/kanidm.nix b/nixos/modules/services/security/kanidm.nix index a7c51b9a877..6429273705d 100644 --- a/nixos/modules/services/security/kanidm.nix +++ b/nixos/modules/services/security/kanidm.nix @@ -63,60 +63,60 @@ in options = { bindaddress = lib.mkOption { - description = "Address/port combination the webserver binds to."; + description = lib.mdDoc "Address/port combination the webserver binds to."; example = "[::1]:8443"; type = lib.types.str; }; # Should be optional but toml does not accept null ldapbindaddress = lib.mkOption { - description = '' - Address and port the LDAP server is bound to. Setting this to <literal>null</literal> disables the LDAP interface. + description = lib.mdDoc '' + Address and port the LDAP server is bound to. Setting this to `null` disables the LDAP interface. ''; example = "[::1]:636"; default = null; type = lib.types.nullOr lib.types.str; }; origin = lib.mkOption { - description = "The origin of your Kanidm instance. Must have https as protocol."; + description = lib.mdDoc "The origin of your Kanidm instance. Must have https as protocol."; example = "https://idm.example.org"; type = lib.types.strMatching "^https://.*"; }; domain = lib.mkOption { - description = '' - The <literal>domain</literal> that Kanidm manages. Must be below or equal to the domain - specified in <literal>serverSettings.origin</literal>. - This can be left at <literal>null</literal>, only if your instance has the role <literal>ReadOnlyReplica</literal>. + description = lib.mdDoc '' + The `domain` that Kanidm manages. Must be below or equal to the domain + specified in `serverSettings.origin`. + This can be left at `null`, only if your instance has the role `ReadOnlyReplica`. While it is possible to change the domain later on, it requires extra steps! Please consider the warnings and execute the steps described - <link xlink:href="https://kanidm.github.io/kanidm/stable/administrivia.html#rename-the-domain">in the documentation</link>. + [in the documentation](https://kanidm.github.io/kanidm/stable/administrivia.html#rename-the-domain). ''; example = "example.org"; default = null; type = lib.types.nullOr lib.types.str; }; db_path = lib.mkOption { - description = "Path to Kanidm database."; + description = lib.mdDoc "Path to Kanidm database."; default = "/var/lib/kanidm/kanidm.db"; readOnly = true; type = lib.types.path; }; log_level = lib.mkOption { - description = "Log level of the server."; + description = lib.mdDoc "Log level of the server."; default = "default"; type = lib.types.enum [ "default" "verbose" "perfbasic" "perffull" ]; }; role = lib.mkOption { - description = "The role of this server. This affects the replication relationship and thereby available features."; + description = lib.mdDoc "The role of this server. This affects the replication relationship and thereby available features."; default = "WriteReplica"; type = lib.types.enum [ "WriteReplica" "WriteReplicaNoUI" "ReadOnlyReplica" ]; }; }; }; default = { }; - description = '' + description = lib.mdDoc '' Settings for Kanidm, see - <link xlink:href="https://github.com/kanidm/kanidm/blob/master/kanidm_book/src/server_configuration.md">the documentation</link> - and <link xlink:href="https://github.com/kanidm/kanidm/blob/master/examples/server.toml">example configuration</link> + [the documentation](https://github.com/kanidm/kanidm/blob/master/kanidm_book/src/server_configuration.md) + and [example configuration](https://github.com/kanidm/kanidm/blob/master/examples/server.toml) for possible values. ''; }; @@ -126,15 +126,15 @@ in freeformType = settingsFormat.type; options.uri = lib.mkOption { - description = "Address of the Kanidm server."; + description = lib.mdDoc "Address of the Kanidm server."; example = "http://127.0.0.1:8080"; type = lib.types.str; }; }; - description = '' + description = lib.mdDoc '' Configure Kanidm clients, needed for the PAM daemon. See - <link xlink:href="https://github.com/kanidm/kanidm/blob/master/kanidm_book/src/client_tools.md#kanidm-configuration">the documentation</link> - and <link xlink:href="https://github.com/kanidm/kanidm/blob/master/examples/config">example configuration</link> + [the documentation](https://github.com/kanidm/kanidm/blob/master/kanidm_book/src/client_tools.md#kanidm-configuration) + and [example configuration](https://github.com/kanidm/kanidm/blob/master/examples/config) for possible values. ''; }; @@ -144,15 +144,15 @@ in freeformType = settingsFormat.type; options.pam_allowed_login_groups = lib.mkOption { - description = "Kanidm groups that are allowed to login using PAM."; + description = lib.mdDoc "Kanidm groups that are allowed to login using PAM."; example = "my_pam_group"; type = lib.types.listOf lib.types.str; }; }; - description = '' + description = lib.mdDoc '' Configure Kanidm unix daemon. - See <link xlink:href="https://github.com/kanidm/kanidm/blob/master/kanidm_book/src/pam_and_nsswitch.md#the-unix-daemon">the documentation</link> - and <link xlink:href="https://github.com/kanidm/kanidm/blob/master/examples/unixd">example configuration</link> + See [the documentation](https://github.com/kanidm/kanidm/blob/master/kanidm_book/src/pam_and_nsswitch.md#the-unix-daemon) + and [example configuration](https://github.com/kanidm/kanidm/blob/master/examples/unixd) for possible values. ''; }; |