diff options
Diffstat (limited to 'nixos/modules/security')
-rw-r--r-- | nixos/modules/security/acme.nix | 4 | ||||
-rw-r--r-- | nixos/modules/security/ca.nix | 4 | ||||
-rw-r--r-- | nixos/modules/security/dhparams.nix | 2 | ||||
-rw-r--r-- | nixos/modules/security/doas.nix | 2 | ||||
-rw-r--r-- | nixos/modules/security/pam.nix | 2 | ||||
-rw-r--r-- | nixos/modules/security/pam_mount.nix | 4 | ||||
-rw-r--r-- | nixos/modules/security/sudo.nix | 4 | ||||
-rw-r--r-- | nixos/modules/security/systemd-confinement.nix | 4 | ||||
-rw-r--r-- | nixos/modules/security/tpm2.nix | 7 | ||||
-rw-r--r-- | nixos/modules/security/wrappers/default.nix | 2 |
10 files changed, 17 insertions, 18 deletions
diff --git a/nixos/modules/security/acme.nix b/nixos/modules/security/acme.nix index bcbd17d8e10..f522b7c4128 100644 --- a/nixos/modules/security/acme.nix +++ b/nixos/modules/security/acme.nix @@ -486,7 +486,7 @@ let extraDomainNames = mkOption { type = types.listOf types.str; default = []; - example = literalExample '' + example = literalExpression '' [ "example.org" "mydomain.org" @@ -656,7 +656,7 @@ in { to those units if they rely on the certificates being present, or trigger restarts of the service if certificates get renewed. ''; - example = literalExample '' + example = literalExpression '' { "example.com" = { webroot = "/var/lib/acme/acme-challenge/"; diff --git a/nixos/modules/security/ca.nix b/nixos/modules/security/ca.nix index 7df86e71423..83c15f90f92 100644 --- a/nixos/modules/security/ca.nix +++ b/nixos/modules/security/ca.nix @@ -24,7 +24,7 @@ in security.pki.certificateFiles = mkOption { type = types.listOf types.path; default = []; - example = literalExample "[ \"\${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt\" ]"; + example = literalExpression ''[ "''${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ]''; description = '' A list of files containing trusted root certificates in PEM format. These are concatenated to form @@ -37,7 +37,7 @@ in security.pki.certificates = mkOption { type = types.listOf types.str; default = []; - example = literalExample '' + example = literalExpression '' [ ''' NixOS.org ========= diff --git a/nixos/modules/security/dhparams.nix b/nixos/modules/security/dhparams.nix index 62a499ea624..012be2887d8 100644 --- a/nixos/modules/security/dhparams.nix +++ b/nixos/modules/security/dhparams.nix @@ -53,7 +53,7 @@ in { coerce = bits: { inherit bits; }; in attrsOf (coercedTo int coerce (submodule paramsSubmodule)); default = {}; - example = lib.literalExample "{ nginx.bits = 3072; }"; + example = lib.literalExpression "{ nginx.bits = 3072; }"; description = '' Diffie-Hellman parameters to generate. diff --git a/nixos/modules/security/doas.nix b/nixos/modules/security/doas.nix index 35f618b03e8..9a3daf4f504 100644 --- a/nixos/modules/security/doas.nix +++ b/nixos/modules/security/doas.nix @@ -77,7 +77,7 @@ in You can use <code>mkBefore</code> and/or <code>mkAfter</code> to ensure this is the case when configuration options are merged. ''; - example = literalExample '' + example = literalExpression '' [ # Allow execution of any command by any user in group doas, requiring # a password and keeping any previously-defined environment variables. diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index 8b1f653d4e2..4c18fa8cc67 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -586,7 +586,7 @@ in }; security.pam.services = mkOption { - default = []; + default = {}; type = with types; attrsOf (submodule pamOpts); description = '' diff --git a/nixos/modules/security/pam_mount.nix b/nixos/modules/security/pam_mount.nix index e25ace38f57..462b7f89e2f 100644 --- a/nixos/modules/security/pam_mount.nix +++ b/nixos/modules/security/pam_mount.nix @@ -33,7 +33,7 @@ in additionalSearchPaths = mkOption { type = types.listOf types.package; default = []; - example = literalExample "[ pkgs.bindfs ]"; + example = literalExpression "[ pkgs.bindfs ]"; description = '' Additional programs to include in the search path of pam_mount. Useful for example if you want to use some FUSE filesystems like bindfs. @@ -43,7 +43,7 @@ in fuseMountOptions = mkOption { type = types.listOf types.str; default = []; - example = literalExample '' + example = literalExpression '' [ "nodev" "nosuid" "force-user=%(USER)" "gid=%(USERGID)" "perms=0700" "chmod-deny" "chown-deny" "chgrp-deny" ] ''; description = '' diff --git a/nixos/modules/security/sudo.nix b/nixos/modules/security/sudo.nix index 2e73f8f4f31..99e578f8ada 100644 --- a/nixos/modules/security/sudo.nix +++ b/nixos/modules/security/sudo.nix @@ -45,7 +45,7 @@ in security.sudo.package = mkOption { type = types.package; default = pkgs.sudo; - defaultText = "pkgs.sudo"; + defaultText = literalExpression "pkgs.sudo"; description = '' Which package to use for `sudo`. ''; @@ -91,7 +91,7 @@ in this is the case when configuration options are merged. ''; default = []; - example = literalExample '' + example = literalExpression '' [ # Allow execution of any command by all users in group sudo, # requiring a password. diff --git a/nixos/modules/security/systemd-confinement.nix b/nixos/modules/security/systemd-confinement.nix index 0a09a755e93..d859c45c74f 100644 --- a/nixos/modules/security/systemd-confinement.nix +++ b/nixos/modules/security/systemd-confinement.nix @@ -62,8 +62,8 @@ in { options.confinement.binSh = lib.mkOption { type = types.nullOr types.path; default = toplevelConfig.environment.binsh; - defaultText = "config.environment.binsh"; - example = lib.literalExample "\${pkgs.dash}/bin/dash"; + defaultText = lib.literalExpression "config.environment.binsh"; + example = lib.literalExpression ''"''${pkgs.dash}/bin/dash"''; description = '' The program to make available as <filename>/bin/sh</filename> inside the chroot. If this is set to <literal>null</literal>, no diff --git a/nixos/modules/security/tpm2.nix b/nixos/modules/security/tpm2.nix index d37425166f8..be85fd246e3 100644 --- a/nixos/modules/security/tpm2.nix +++ b/nixos/modules/security/tpm2.nix @@ -26,8 +26,7 @@ in { ''; type = lib.types.nullOr lib.types.str; default = if cfg.abrmd.enable then "tss" else "root"; - defaultText = ''"tss" when using the userspace resource manager,'' + - ''"root" otherwise''; + defaultText = lib.literalExpression ''if config.security.tpm2.abrmd.enable then "tss" else "root"''; }; tssGroup = lib.mkOption { @@ -57,7 +56,7 @@ in { description = "tpm2-abrmd package to use"; type = lib.types.package; default = pkgs.tpm2-abrmd; - defaultText = "pkgs.tpm2-abrmd"; + defaultText = lib.literalExpression "pkgs.tpm2-abrmd"; }; }; @@ -71,7 +70,7 @@ in { description = "tpm2-pkcs11 package to use"; type = lib.types.package; default = pkgs.tpm2-pkcs11; - defaultText = "pkgs.tpm2-pkcs11"; + defaultText = lib.literalExpression "pkgs.tpm2-pkcs11"; }; }; diff --git a/nixos/modules/security/wrappers/default.nix b/nixos/modules/security/wrappers/default.nix index 2697ab0bde8..a47de7e04f7 100644 --- a/nixos/modules/security/wrappers/default.nix +++ b/nixos/modules/security/wrappers/default.nix @@ -152,7 +152,7 @@ in security.wrappers = lib.mkOption { type = lib.types.attrsOf wrapperType; default = {}; - example = lib.literalExample + example = lib.literalExpression '' { # a setuid root program |