diff --git a/krebs/3modules/airdcpp.nix b/krebs/3modules/airdcpp.nix
index 0ac9d3350..4ac6e30ee 100644
--- a/krebs/3modules/airdcpp.nix
+++ b/krebs/3modules/airdcpp.nix
@@ -45,7 +45,7 @@ let
Nick Name for hub
'';
type = str;
- default = cfg.Nick;
+ default = cfg.dcpp.Nick;
};
Password = mkOption {
description = ''
diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix
index 910324f3c..c5cb1cae6 100644
--- a/krebs/3modules/backup.nix
+++ b/krebs/3modules/backup.nix
@@ -14,7 +14,7 @@ let
default = {};
type = types.attrsOf (types.submodule ({ config, ... }: {
options = {
- enable = mkEnableOption "krebs.backup.${config.name}" // {
+ enable = mkEnableOption "krebs.backup.${config._module.args.name}" // {
default = true;
};
method = mkOption {
@@ -23,6 +23,7 @@ let
name = mkOption {
type = types.str;
default = config._module.args.name;
+ defaultText = "‹name›";
};
src = mkOption {
type = types.krebs.file-location;
diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix
index 051646b63..c374aa9af 100644
--- a/krebs/3modules/bepasty-server.nix
+++ b/krebs/3modules/bepasty-server.nix
@@ -58,6 +58,7 @@ let
permissions will be set to 755
'';
default = config.users.extraUsers.bepasty.home;
+ defaultText = "\${config.users.extraUsers.bepasty.home}";
};
dataDir = mkOption {
@@ -67,6 +68,7 @@ let
/var/lib/bepasty-server/data
'';
default = "${config.users.extraUsers.bepasty.home}/data";
+ defaultText = "\${config.users.extraUsers.bepasty.home}/data";
};
extraConfig = mkOption {
diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix
index 904deb164..5f961617f 100644
--- a/krebs/3modules/build.nix
+++ b/krebs/3modules/build.nix
@@ -10,7 +10,7 @@ with import ;
};
profile = mkOption {
- type = types.absolute-path;
+ type = types.absolute-pathname;
default = "/nix/var/nix/profiles/system";
};
diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix
index a845bb281..e55bd95ea 100644
--- a/krebs/3modules/buildbot/master.nix
+++ b/krebs/3modules/buildbot/master.nix
@@ -137,7 +137,7 @@ let
type = types.listOf types.str;
example = [ "cac.json" ];
description = ''
- List of all the secrets in which should be copied into the
+ List of all the secrets in ‹secrets› which should be copied into the
buildbot master directory.
'';
};
diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix
index c5969caac..4eb1d6411 100644
--- a/krebs/3modules/exim-smarthost.nix
+++ b/krebs/3modules/exim-smarthost.nix
@@ -31,6 +31,7 @@ let
owner.name = "exim";
source-path = toString + "/${config.domain}.dkim.priv";
};
+ defaultText = "‹secrets/‹domain›.dkim.priv›";
};
selector = mkOption {
type = types.str;
diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix
index 0aa1ae0f2..1bfd58e31 100644
--- a/krebs/3modules/git.nix
+++ b/krebs/3modules/git.nix
@@ -53,7 +53,7 @@ let
control system, using a built in cache to decrease pressure on the
git server.
cgit in this module is being served via fastcgi nginx.This module
- deploys a http://cgit. nginx configuration and enables nginx
+ deploys a http://cgit.‹hostname› nginx configuration and enables nginx
if not yet enabled.
'';
};
@@ -207,7 +207,7 @@ let
List of users that should be able to do everything with this repo.
This option is currently not used by krebs.git but instead can be
- used to create rules. See e.g. for
+ used to create rules. See e.g. ‹stockholm/lass/2configs/git.nix› for
an example.
'';
};
@@ -222,6 +222,7 @@ let
path = mkOption {
type = types.str;
default = "${cfg.dataDir}/${config.name}";
+ defaultText = "${cfg.dataDir}/‹reponame›";
description = ''
An absolute path to the repository directory. For non-bare
repositories this is the .git-directory.
@@ -237,6 +238,7 @@ let
url = mkOption {
type = types.str;
default = config.name;
+ defaultText = "‹reponame›";
description = ''
The relative url used to access the repository.
'';
@@ -249,7 +251,7 @@ let
List of users that should be able to fetch from this repo.
This option is currently not used by krebs.git but instead can be
- used to create rules. See e.g. for
+ used to create rules. See e.g. ‹stockholm/tv/2configs/git.nix› for
an example.
'';
};
@@ -258,6 +260,7 @@ let
description = ''
Repository name.
'';
+ defaultText = "‹reponame›";
};
hooks = mkOption {
type = types.attrsOf types.str;
diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix
index d385ec355..9421576df 100644
--- a/krebs/3modules/github-hosts-sync.nix
+++ b/krebs/3modules/github-hosts-sync.nix
@@ -18,10 +18,12 @@ let
srcDir = mkOption {
type = types.str;
default = "${config.krebs.tinc.retiolum.confDir}/hosts";
+ defaultText = "\${config.krebs.tinc.retiolum.confDir}/hosts";
};
ssh-identity-file = mkOption {
type = types.suffixed-str [".ssh.id_ed25519" ".ssh.id_rsa"];
default = toString ;
+ defaultText = "‹secrets/github-hosts-sync.ssh.id_ed25519›";
};
url = mkOption {
type = types.str;
diff --git a/krebs/3modules/github-known-hosts.nix b/krebs/3modules/github-known-hosts.nix
index 39b9722ec..d30b41ee5 100644
--- a/krebs/3modules/github-known-hosts.nix
+++ b/krebs/3modules/github-known-hosts.nix
@@ -2,8 +2,8 @@
services.openssh.knownHosts.github = {
hostNames = [
"github.com"
- # List generated with
- # curl -sS https://api.github.com/meta | jq -r .git[] | nix-shell -p cidr2glob --run cidr2glob | jq -R .
+ # List generated with (IPv6 addresses are currently ignored):
+ # curl -sS https://api.github.com/meta | jq -r .git[] | grep -v : | nix-shell -p cidr2glob --run cidr2glob | jq -R .
"192.30.252.*"
"192.30.253.*"
"192.30.254.*"
@@ -28,6 +28,22 @@
"140.82.125.*"
"140.82.126.*"
"140.82.127.*"
+ "143.55.64.*"
+ "143.55.65.*"
+ "143.55.66.*"
+ "143.55.67.*"
+ "143.55.68.*"
+ "143.55.69.*"
+ "143.55.70.*"
+ "143.55.71.*"
+ "143.55.72.*"
+ "143.55.73.*"
+ "143.55.74.*"
+ "143.55.75.*"
+ "143.55.76.*"
+ "143.55.77.*"
+ "143.55.78.*"
+ "143.55.79.*"
"13.114.40.48"
"52.192.72.89"
"52.69.186.44"
@@ -44,6 +60,9 @@
"18.228.52.138"
"18.228.67.229"
"18.231.5.6"
+ "20.201.28.151"
+ "20.205.243.166"
+ "102.133.202.242"
"18.181.13.223"
"54.238.117.237"
"54.168.17.15"
@@ -60,6 +79,9 @@
"54.233.131.104"
"18.231.104.233"
"18.228.167.86"
+ "20.201.28.152"
+ "20.205.243.160"
+ "102.133.202.246"
];
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
};
diff --git a/krebs/3modules/htgen.nix b/krebs/3modules/htgen.nix
index 063bccc68..517dad76f 100644
--- a/krebs/3modules/htgen.nix
+++ b/krebs/3modules/htgen.nix
@@ -13,7 +13,7 @@ let
default = {};
type = types.attrsOf (types.submodule ({ config, ... }: {
options = {
- enable = mkEnableOption "krebs.htgen-${config.name}";
+ enable = mkEnableOption "krebs.htgen-${config._module.args.name}";
name = mkOption {
type = types.username;
@@ -38,6 +38,10 @@ let
name = "htgen-${config.name}";
home = "/var/lib/htgen-${config.name}";
};
+ defaultText = {
+ name = "htgen-‹name›";
+ home = "/var/lib/htgen-‹name›";
+ };
};
};
}));
diff --git a/krebs/3modules/reaktor2.nix b/krebs/3modules/reaktor2.nix
index fcc453fa4..26aac5d5a 100644
--- a/krebs/3modules/reaktor2.nix
+++ b/krebs/3modules/reaktor2.nix
@@ -26,11 +26,13 @@ with import ;
};
stateDir = mkOption {
default = "/var/lib/${self.config.username}";
+ defaultText = "/var/lib/‹username›";
readOnly = true;
type = types.absolute-pathname;
};
systemd-service-name = mkOption {
default = "reaktor2${optionalString (name != "default") "-${name}"}";
+ defaultText = "reaktor2-‹name› or just reaktor2 if ‹name› is \"default\"";
type = types.filename;
};
sendDelaySec = mkOption {
@@ -39,6 +41,7 @@ with import ;
};
username = mkOption {
default = self.config.systemd-service-name;
+ defaultText = "‹systemd-service-name›";
type = types.username;
};
useTLS = mkOption {
diff --git a/krebs/3modules/rtorrent.nix b/krebs/3modules/rtorrent.nix
index e5566f329..4a96f6203 100644
--- a/krebs/3modules/rtorrent.nix
+++ b/krebs/3modules/rtorrent.nix
@@ -96,7 +96,7 @@ let
basic authentication to be used. If unset, no authentication will be
enabled.
- Refer to `services.nginx.virtualHosts..basicAuth`
+ Refer to `services.nginx.virtualHosts.‹name›.basicAuth`
'';
default = {};
};
diff --git a/krebs/3modules/shadow.nix b/krebs/3modules/shadow.nix
index 9505efb0c..f056cfd8e 100644
--- a/krebs/3modules/shadow.nix
+++ b/krebs/3modules/shadow.nix
@@ -55,11 +55,11 @@ in {
The overrides file may contain either regular shadow(5) entries like:
- <login-name>:<hashed-password>:1::::::
+ ‹login-name›:‹hashed-password›:1::::::
Or shortened entries only containing login name and password like:
- <login-name>:<hashed-password>
+ ‹login-name›:‹hashed-password›
'';
type = types.nullOr (types.either types.path types.absolute-pathname);
};
diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix
index 2c19aefdb..898b5e8c3 100644
--- a/krebs/3modules/tinc.nix
+++ b/krebs/3modules/tinc.nix
@@ -81,9 +81,16 @@ let
''}
${tinc.config.tincUpExtra}
'';
+ defaultText = ''
+ ip -4 addr add ‹net.ip4.addr› dev ${netname}
+ ip -4 route add ‹net.ip4.prefix› dev ${netname}
+ ip -6 addr add ‹net.ip6.addr› dev ${netname}
+ ip -6 route add ‹net.ip6.prefix› dev ${netname}
+ ${tinc.config.tincUpExtra}
+ '';
description = ''
tinc-up script to be used. Defaults to setting the
- krebs.host.nets..ip4 and ip6 for the new ips and
+ krebs.host.nets.‹netname›.ip4 and ip6 for the new ips and
configures forwarding of the respecitive netmask as subnet.
'';
};
@@ -103,6 +110,7 @@ let
type = with types; attrsOf host;
default =
filterAttrs (_: h: hasAttr tinc.config.netname h.nets) config.krebs.hosts;
+ defaultText = "‹all-hosts-of-‹netname››";
description = ''
Hosts to generate config.krebs.tinc.retiolum.hostsPackage.
Note that these hosts must have a network named
@@ -138,9 +146,10 @@ let
'') tinc.config.hosts)}
'';
};
+ defaultText = "‹netname›-tinc-hosts";
description = ''
Package of tinc host configuration files. By default, a package will
- be generated from config.krebs.${tinc.config.netname}.hosts. This
+ be generated from config.krebs.‹netname›.hosts. This
option's main purpose is to expose the generated hosts package to other
modules, like config.krebs.tinc_graphs. But it can
also be used to provide a custom hosts directory.
@@ -168,6 +177,7 @@ let
owner = tinc.config.user;
source-path = toString + "/${tinc.config.netname}.rsa_key.priv";
};
+ defaultText = "‹secrets/‹netname›.rsa_key.priv›";
};
privkey_ed25519 = mkOption {
@@ -179,11 +189,12 @@ let
owner = tinc.config.user;
source-path = toString + "/${tinc.config.netname}.ed25519_key.priv";
};
+ defaultText = "‹secrets/‹netname›.ed25519_key.priv›";
};
connectTo = mkOption {
type = types.listOf types.str;
- ${if tinc.config.netname == "retiolum" then "default" else null} = [
+ ${if netname == "retiolum" then "default" else null} = [
"gum"
"ni"
"prism"
@@ -194,8 +205,10 @@ let
routeable IPv4 or IPv6 address.
In stockholm this can be done by configuring:
- krebs.hosts.${connect-host}.nets.${netname?"retiolum"}.via.ip4.addr = external-ip
- krebs.hosts.${connect-host}.nets.${netname?"retiolum"}.tinc.port = 1655;
+ {
+ krebs.hosts.‹host›.nets.‹netname›.via.ip4.addr = external-ip;
+ krebs.hosts.‹host›.nets.‹netname›.tinc.port = 1655;
+ }
'';
};
@@ -205,6 +218,10 @@ let
name = tinc.config.netname;
home = "/var/lib/${tinc.config.user.name}";
};
+ defaultText = {
+ name = "‹netname›";
+ home = "/var/lib/‹netname›";
+ };
};
};
}));
diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix
index 19cce8aa4..7a414e6e3 100644
--- a/krebs/3modules/tinc_graphs.nix
+++ b/krebs/3modules/tinc_graphs.nix
@@ -24,6 +24,7 @@ let
type = types.str;
description = "Path to Hosts directory";
default = "${config.krebs.tinc.retiolum.hostsPackage}";
+ defaultText = "\${config.krebs.tinc.retiolum.hostsPackage}";
};
network = mkOption {
@@ -68,6 +69,7 @@ let
Defaults to the new users home dir which defaults to
/var/cache/tinc_graphs'';
default = config.users.extraUsers.tinc_graphs.home;
+ defaultText = "\${config.users.extraUsers.tinc_graphs.home}";
};
timerConfig = mkOption {
diff --git a/lib/types.nix b/lib/types.nix
index 689a2c807..a5fcd4e6a 100644
--- a/lib/types.nix
+++ b/lib/types.nix
@@ -34,7 +34,7 @@ rec {
ci = mkOption {
description = ''
If true, then the host wants to be tested by some CI system.
- See
+ See ‹stockholm/krebs/2configs/buildbot-all.nix›
'';
type = bool;
default = false;
@@ -43,7 +43,7 @@ rec {
external = mkOption {
description = ''
Whether the host is defined externally (in contrast to being defined
- in ). This is useful e.g. when legacy and/or adopted
+ in ‹stockholm›). This is useful e.g. when legacy and/or adopted
hosts should be part of retiolum or some other component.
'';
type = bool;
@@ -102,7 +102,14 @@ rec {
default = config._module.args.name;
};
via = mkOption {
- type = nullOr net;
+ type =
+ # XXX break infinite recursion when generating manuals
+ if config._module.args.name == "‹name›" then
+ mkOptionType {
+ name = "‹net›";
+ }
+ else
+ nullOr net;
default = null;
};
addrs = mkOption {
@@ -128,7 +135,7 @@ rec {
};
prefix = mkOption ({
type = cidr4;
- } // optionalAttrs (config.name == "retiolum") {
+ } // optionalAttrs (config._module.args.name == "retiolum") {
default = "10.243.0.0/16";
});
};
@@ -144,7 +151,7 @@ rec {
};
prefix = mkOption ({
type = cidr6;
- } // optionalAttrs (config.name == "retiolum") {
+ } // optionalAttrs (config._module.args.name == "retiolum") {
default = "42::/16";
});
};
@@ -179,6 +186,12 @@ rec {
++
[config.pubkey]
);
+ defaultText = ''
+ Address = ‹addr› ‹port› # for each ‹net.via.addrs›
+ Subnet = ‹addr› # for each ‹net.addrs›
+ ‹extraConfig›
+ ‹pubkey›
+ '';
};
pubkey = mkOption {
type = tinc-pubkey;
@@ -252,6 +265,7 @@ rec {
path = mkOption {
type = absolute-pathname;
default = "/run/keys/${config.name}";
+ defaultText = "/run/keys/‹name›";
};
mode = mkOption {
type = file-mode;
@@ -267,10 +281,12 @@ rec {
service = mkOption {
type = systemd.unit-name;
default = "secret-${lib.systemd.encodeName config.name}.service";
+ defaultText = "secret-‹name›.service";
};
source-path = mkOption {
type = str;
default = toString + "/${config.name}";
+ defaultText = "‹secrets/‹name››";
};
};
});
@@ -379,6 +395,7 @@ rec {
home = mkOption {
type = absolute-pathname;
default = "/home/${config.name}";
+ defaultText = "/home/‹name›";
};
mail = mkOption {
type = nullOr str;
@@ -406,6 +423,7 @@ rec {
uid = mkOption {
type = int;
default = genid_uint31 config.name;
+ defaultText = "genid_uint31 ‹name›";
};
};
});
@@ -414,10 +432,12 @@ rec {
name = mkOption {
type = username;
default = config._module.args.name;
+ defaultText = "genid_uint31 ‹name›";
};
gid = mkOption {
type = int;
default = genid_uint31 config.name;
+ defaultText = "genid_uint31 ‹name›";
};
};
});