From 527b3dc1df24ae6097fc5aa2fc6986a25799cecc Mon Sep 17 00:00:00 2001
From: Joachim Fasting <joachifm@fastmail.fm>
Date: Thu, 15 Sep 2016 15:23:52 +0200
Subject: hidepid module: detailed description to external doc

---
 nixos/modules/security/hidepid.nix | 24 ++++++++++++------------
 nixos/modules/security/hidepid.xml | 33 +++++++++++++++++++++++++++++++++
 2 files changed, 45 insertions(+), 12 deletions(-)
 create mode 100644 nixos/modules/security/hidepid.xml

diff --git a/nixos/modules/security/hidepid.nix b/nixos/modules/security/hidepid.nix
index 8f2df380cfe..ee351eb8447 100644
--- a/nixos/modules/security/hidepid.nix
+++ b/nixos/modules/security/hidepid.nix
@@ -2,19 +2,19 @@
 with lib;
 
 {
-  options = {
-    security.hideProcessInformation = mkEnableOption "" // { description = ''
-      Restrict access to process information to the owning user.  Enabling
-      this option implies, among other things, that command-line arguments
-      remain private.  This option is recommended for most systems, unless
-      there's a legitimate reason for allowing unprivileged users to inspect
-      the process information of other users.
+  meta = {
+    maintainers = [ maintainers.joachifm ];
+    doc = ./hidepid.xml;
+  };
 
-      Members of the group "proc" are exempt from process information hiding.
-      To allow a service to run without process information hiding, add "proc"
-      to its supplementary groups via
-      <option>systemd.services.&lt;name?&gt;.serviceConfig.SupplementaryGroups</option>.
-    ''; };
+  options = {
+    security.hideProcessInformation = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        Restrict process information to the owning user.
+      '';
+    };
   };
 
   config = mkIf config.security.hideProcessInformation {
diff --git a/nixos/modules/security/hidepid.xml b/nixos/modules/security/hidepid.xml
new file mode 100644
index 00000000000..5715ee7ac16
--- /dev/null
+++ b/nixos/modules/security/hidepid.xml
@@ -0,0 +1,33 @@
+<chapter xmlns="http://docbook.org/ns/docbook"
+         xmlns:xlink="http://www.w3.org/1999/xlink"
+         xmlns:xi="http://www.w3.org/2001/XInclude"
+         version="5.0"
+         xml:id="sec-hidepid">
+
+  <title>Hiding process information</title>
+
+  <para>
+    Setting
+    <programlisting>
+      security.hideProcessInformation = true;
+    </programlisting>
+    ensures that access to process information is restricted to the
+    owning user.  This implies, among other things, that command-line
+    arguments remain private.  Unless your deployment relies on unprivileged
+    users being able to inspect the process information of other users, this
+    option should be safe to enable.
+  </para>
+
+  <para>
+    Members of the <literal>proc</literal> group are exempt from process
+    information hiding.
+  </para>
+
+  <para>
+    To allow a service <replaceable>foo</replaceable> to run without process information hiding, set
+    <programlisting>
+      systemd.services.<replaceable>foo</replaceable>.serviceConfig.SupplementaryGroups = [ "proc" ];
+    </programlisting>
+  </para>
+
+</chapter>
-- 
cgit 1.4.1