diff options
author | Graham Christensen <graham@grahamc.com> | 2018-04-30 21:30:20 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-04-30 21:30:20 -0400 |
commit | d1165dba9979b6bd4ba063b7e39384ece33eec4e (patch) | |
tree | 97ef14c099cb326ce0271de38f075ac3ed4df91a /nixos/modules/security | |
parent | 8cb0252b1e50a5236793e0fbf39b39510725ccf0 (diff) | |
parent | 7292c5a5701bacc4188a00e0399a92aa748ec6a5 (diff) | |
download | nixpkgs-d1165dba9979b6bd4ba063b7e39384ece33eec4e.tar nixpkgs-d1165dba9979b6bd4ba063b7e39384ece33eec4e.tar.gz nixpkgs-d1165dba9979b6bd4ba063b7e39384ece33eec4e.tar.bz2 nixpkgs-d1165dba9979b6bd4ba063b7e39384ece33eec4e.tar.lz nixpkgs-d1165dba9979b6bd4ba063b7e39384ece33eec4e.tar.xz nixpkgs-d1165dba9979b6bd4ba063b7e39384ece33eec4e.tar.zst nixpkgs-d1165dba9979b6bd4ba063b7e39384ece33eec4e.zip |
Merge pull request #38831 from rdnetto/improve-cross-refs
Improve cross referencing in NixOS Manual
Diffstat (limited to 'nixos/modules/security')
-rw-r--r-- | nixos/modules/security/acme.xml | 22 | ||||
-rw-r--r-- | nixos/modules/security/hidepid.xml | 12 |
2 files changed, 17 insertions, 17 deletions
diff --git a/nixos/modules/security/acme.xml b/nixos/modules/security/acme.xml index 6130ed82ed3..7cdc554989e 100644 --- a/nixos/modules/security/acme.xml +++ b/nixos/modules/security/acme.xml @@ -48,9 +48,9 @@ http { <filename>configuration.nix</filename>: <programlisting> -security.acme.certs."foo.example.com" = { - webroot = "/var/www/challenges"; - email = "foo@example.com"; +<xref linkend="opt-security.acme.certs"/>."foo.example.com" = { + <link linkend="opt-security.acme.certs._name_.webroot">webroot</link> = "/var/www/challenges"; + <link linkend="opt-security.acme.certs._name_.email">email</link> = "foo@example.com"; }; </programlisting> </para> @@ -58,17 +58,17 @@ security.acme.certs."foo.example.com" = { <para>The private key <filename>key.pem</filename> and certificate <filename>fullchain.pem</filename> will be put into <filename>/var/lib/acme/foo.example.com</filename>. The target directory can -be configured with the option <literal>security.acme.directory</literal>. +be configured with the option <xref linkend="opt-security.acme.directory"/>. </para> <para>Refer to <xref linkend="ch-options" /> for all available configuration -options for the <literal>security.acme</literal> module.</para> +options for the <link linkend="opt-security.acme.certs">security.acme</link> module.</para> </section> <section><title>Using ACME certificates in Nginx</title> <para>NixOS supports fetching ACME certificates for you by setting -<literal>enableACME = true;</literal> in a virtualHost config. We + <literal><link linkend="opt-services.nginx.virtualHosts._name_.enableACME">enableACME</link> = true;</literal> in a virtualHost config. We first create self-signed placeholder certificates in place of the real ACME certs. The placeholder certs are overwritten when the ACME certs arrive. For <literal>foo.example.com</literal> the config would @@ -77,13 +77,13 @@ look like. <programlisting> services.nginx = { - enable = true; - virtualHosts = { + <link linkend="opt-services.nginx.enable">enable = true;</link> + <link linkend="opt-services.nginx.virtualHosts">virtualHosts</link> = { "foo.example.com" = { - forceSSL = true; - enableACME = true; + <link linkend="opt-services.nginx.virtualHosts._name_.forceSSL">forceSSL</link> = true; + <link linkend="opt-services.nginx.virtualHosts._name_.enableACME">enableACME</link> = true; locations."/" = { - root = "/var/www"; + <link linkend="opt-services.nginx.virtualHosts._name_.locations._name_.root">root</link> = "/var/www"; }; }; }; diff --git a/nixos/modules/security/hidepid.xml b/nixos/modules/security/hidepid.xml index 5715ee7ac16..d69341eb3cd 100644 --- a/nixos/modules/security/hidepid.xml +++ b/nixos/modules/security/hidepid.xml @@ -8,9 +8,9 @@ <para> Setting - <programlisting> - security.hideProcessInformation = true; - </programlisting> +<programlisting> +<xref linkend="opt-security.hideProcessInformation"/> = true; +</programlisting> ensures that access to process information is restricted to the owning user. This implies, among other things, that command-line arguments remain private. Unless your deployment relies on unprivileged @@ -25,9 +25,9 @@ <para> To allow a service <replaceable>foo</replaceable> to run without process information hiding, set - <programlisting> - systemd.services.<replaceable>foo</replaceable>.serviceConfig.SupplementaryGroups = [ "proc" ]; - </programlisting> +<programlisting> +<link linkend="opt-systemd.services._name_.serviceConfig">systemd.services.<replaceable>foo</replaceable>.serviceConfig</link>.SupplementaryGroups = [ "proc" ]; +</programlisting> </para> </chapter> |