diff --git a/krebs/3modules/airdcpp.nix b/krebs/3modules/airdcpp.nix index 0ac9d3350..4ac6e30ee 100644 --- a/krebs/3modules/airdcpp.nix +++ b/krebs/3modules/airdcpp.nix @@ -45,7 +45,7 @@ let Nick Name for hub ''; type = str; - default = cfg.Nick; + default = cfg.dcpp.Nick; }; Password = mkOption { description = '' diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix index 910324f3c..c5cb1cae6 100644 --- a/krebs/3modules/backup.nix +++ b/krebs/3modules/backup.nix @@ -14,7 +14,7 @@ let default = {}; type = types.attrsOf (types.submodule ({ config, ... }: { options = { - enable = mkEnableOption "krebs.backup.${config.name}" // { + enable = mkEnableOption "krebs.backup.${config._module.args.name}" // { default = true; }; method = mkOption { @@ -23,6 +23,7 @@ let name = mkOption { type = types.str; default = config._module.args.name; + defaultText = "‹name›"; }; src = mkOption { type = types.krebs.file-location; diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix index 051646b63..c374aa9af 100644 --- a/krebs/3modules/bepasty-server.nix +++ b/krebs/3modules/bepasty-server.nix @@ -58,6 +58,7 @@ let permissions will be set to 755 ''; default = config.users.extraUsers.bepasty.home; + defaultText = "\${config.users.extraUsers.bepasty.home}"; }; dataDir = mkOption { @@ -67,6 +68,7 @@ let /var/lib/bepasty-server/data ''; default = "${config.users.extraUsers.bepasty.home}/data"; + defaultText = "\${config.users.extraUsers.bepasty.home}/data"; }; extraConfig = mkOption { diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix index 904deb164..5f961617f 100644 --- a/krebs/3modules/build.nix +++ b/krebs/3modules/build.nix @@ -10,7 +10,7 @@ with import ; }; profile = mkOption { - type = types.absolute-path; + type = types.absolute-pathname; default = "/nix/var/nix/profiles/system"; }; diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix index a845bb281..e55bd95ea 100644 --- a/krebs/3modules/buildbot/master.nix +++ b/krebs/3modules/buildbot/master.nix @@ -137,7 +137,7 @@ let type = types.listOf types.str; example = [ "cac.json" ]; description = '' - List of all the secrets in which should be copied into the + List of all the secrets in ‹secrets› which should be copied into the buildbot master directory. ''; }; diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix index c5969caac..4eb1d6411 100644 --- a/krebs/3modules/exim-smarthost.nix +++ b/krebs/3modules/exim-smarthost.nix @@ -31,6 +31,7 @@ let owner.name = "exim"; source-path = toString + "/${config.domain}.dkim.priv"; }; + defaultText = "‹secrets/‹domain›.dkim.priv›"; }; selector = mkOption { type = types.str; diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index 0aa1ae0f2..1bfd58e31 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -53,7 +53,7 @@ let control system, using a built in cache to decrease pressure on the git server. cgit in this module is being served via fastcgi nginx.This module - deploys a http://cgit. nginx configuration and enables nginx + deploys a http://cgit.‹hostname› nginx configuration and enables nginx if not yet enabled. ''; }; @@ -207,7 +207,7 @@ let List of users that should be able to do everything with this repo. This option is currently not used by krebs.git but instead can be - used to create rules. See e.g. for + used to create rules. See e.g. ‹stockholm/lass/2configs/git.nix› for an example. ''; }; @@ -222,6 +222,7 @@ let path = mkOption { type = types.str; default = "${cfg.dataDir}/${config.name}"; + defaultText = "${cfg.dataDir}/‹reponame›"; description = '' An absolute path to the repository directory. For non-bare repositories this is the .git-directory. @@ -237,6 +238,7 @@ let url = mkOption { type = types.str; default = config.name; + defaultText = "‹reponame›"; description = '' The relative url used to access the repository. ''; @@ -249,7 +251,7 @@ let List of users that should be able to fetch from this repo. This option is currently not used by krebs.git but instead can be - used to create rules. See e.g. for + used to create rules. See e.g. ‹stockholm/tv/2configs/git.nix› for an example. ''; }; @@ -258,6 +260,7 @@ let description = '' Repository name. ''; + defaultText = "‹reponame›"; }; hooks = mkOption { type = types.attrsOf types.str; diff --git a/krebs/3modules/github-hosts-sync.nix b/krebs/3modules/github-hosts-sync.nix index d385ec355..9421576df 100644 --- a/krebs/3modules/github-hosts-sync.nix +++ b/krebs/3modules/github-hosts-sync.nix @@ -18,10 +18,12 @@ let srcDir = mkOption { type = types.str; default = "${config.krebs.tinc.retiolum.confDir}/hosts"; + defaultText = "\${config.krebs.tinc.retiolum.confDir}/hosts"; }; ssh-identity-file = mkOption { type = types.suffixed-str [".ssh.id_ed25519" ".ssh.id_rsa"]; default = toString ; + defaultText = "‹secrets/github-hosts-sync.ssh.id_ed25519›"; }; url = mkOption { type = types.str; diff --git a/krebs/3modules/github-known-hosts.nix b/krebs/3modules/github-known-hosts.nix index 39b9722ec..d30b41ee5 100644 --- a/krebs/3modules/github-known-hosts.nix +++ b/krebs/3modules/github-known-hosts.nix @@ -2,8 +2,8 @@ services.openssh.knownHosts.github = { hostNames = [ "github.com" - # List generated with - # curl -sS https://api.github.com/meta | jq -r .git[] | nix-shell -p cidr2glob --run cidr2glob | jq -R . + # List generated with (IPv6 addresses are currently ignored): + # curl -sS https://api.github.com/meta | jq -r .git[] | grep -v : | nix-shell -p cidr2glob --run cidr2glob | jq -R . "192.30.252.*" "192.30.253.*" "192.30.254.*" @@ -28,6 +28,22 @@ "140.82.125.*" "140.82.126.*" "140.82.127.*" + "143.55.64.*" + "143.55.65.*" + "143.55.66.*" + "143.55.67.*" + "143.55.68.*" + "143.55.69.*" + "143.55.70.*" + "143.55.71.*" + "143.55.72.*" + "143.55.73.*" + "143.55.74.*" + "143.55.75.*" + "143.55.76.*" + "143.55.77.*" + "143.55.78.*" + "143.55.79.*" "13.114.40.48" "52.192.72.89" "52.69.186.44" @@ -44,6 +60,9 @@ "18.228.52.138" "18.228.67.229" "18.231.5.6" + "20.201.28.151" + "20.205.243.166" + "102.133.202.242" "18.181.13.223" "54.238.117.237" "54.168.17.15" @@ -60,6 +79,9 @@ "54.233.131.104" "18.231.104.233" "18.228.167.86" + "20.201.28.152" + "20.205.243.160" + "102.133.202.246" ]; publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="; }; diff --git a/krebs/3modules/htgen.nix b/krebs/3modules/htgen.nix index 063bccc68..517dad76f 100644 --- a/krebs/3modules/htgen.nix +++ b/krebs/3modules/htgen.nix @@ -13,7 +13,7 @@ let default = {}; type = types.attrsOf (types.submodule ({ config, ... }: { options = { - enable = mkEnableOption "krebs.htgen-${config.name}"; + enable = mkEnableOption "krebs.htgen-${config._module.args.name}"; name = mkOption { type = types.username; @@ -38,6 +38,10 @@ let name = "htgen-${config.name}"; home = "/var/lib/htgen-${config.name}"; }; + defaultText = { + name = "htgen-‹name›"; + home = "/var/lib/htgen-‹name›"; + }; }; }; })); diff --git a/krebs/3modules/reaktor2.nix b/krebs/3modules/reaktor2.nix index fcc453fa4..26aac5d5a 100644 --- a/krebs/3modules/reaktor2.nix +++ b/krebs/3modules/reaktor2.nix @@ -26,11 +26,13 @@ with import ; }; stateDir = mkOption { default = "/var/lib/${self.config.username}"; + defaultText = "/var/lib/‹username›"; readOnly = true; type = types.absolute-pathname; }; systemd-service-name = mkOption { default = "reaktor2${optionalString (name != "default") "-${name}"}"; + defaultText = "reaktor2-‹name› or just reaktor2 if ‹name› is \"default\""; type = types.filename; }; sendDelaySec = mkOption { @@ -39,6 +41,7 @@ with import ; }; username = mkOption { default = self.config.systemd-service-name; + defaultText = "‹systemd-service-name›"; type = types.username; }; useTLS = mkOption { diff --git a/krebs/3modules/rtorrent.nix b/krebs/3modules/rtorrent.nix index e5566f329..4a96f6203 100644 --- a/krebs/3modules/rtorrent.nix +++ b/krebs/3modules/rtorrent.nix @@ -96,7 +96,7 @@ let basic authentication to be used. If unset, no authentication will be enabled. - Refer to `services.nginx.virtualHosts..basicAuth` + Refer to `services.nginx.virtualHosts.‹name›.basicAuth` ''; default = {}; }; diff --git a/krebs/3modules/shadow.nix b/krebs/3modules/shadow.nix index 9505efb0c..f056cfd8e 100644 --- a/krebs/3modules/shadow.nix +++ b/krebs/3modules/shadow.nix @@ -55,11 +55,11 @@ in { The overrides file may contain either regular shadow(5) entries like: - <login-name>:<hashed-password>:1:::::: + ‹login-name›:‹hashed-password›:1:::::: Or shortened entries only containing login name and password like: - <login-name>:<hashed-password> + ‹login-name›:‹hashed-password› ''; type = types.nullOr (types.either types.path types.absolute-pathname); }; diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index 2c19aefdb..898b5e8c3 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -81,9 +81,16 @@ let ''} ${tinc.config.tincUpExtra} ''; + defaultText = '' + ip -4 addr add ‹net.ip4.addr› dev ${netname} + ip -4 route add ‹net.ip4.prefix› dev ${netname} + ip -6 addr add ‹net.ip6.addr› dev ${netname} + ip -6 route add ‹net.ip6.prefix› dev ${netname} + ${tinc.config.tincUpExtra} + ''; description = '' tinc-up script to be used. Defaults to setting the - krebs.host.nets..ip4 and ip6 for the new ips and + krebs.host.nets.‹netname›.ip4 and ip6 for the new ips and configures forwarding of the respecitive netmask as subnet. ''; }; @@ -103,6 +110,7 @@ let type = with types; attrsOf host; default = filterAttrs (_: h: hasAttr tinc.config.netname h.nets) config.krebs.hosts; + defaultText = "‹all-hosts-of-‹netname››"; description = '' Hosts to generate config.krebs.tinc.retiolum.hostsPackage. Note that these hosts must have a network named @@ -138,9 +146,10 @@ let '') tinc.config.hosts)} ''; }; + defaultText = "‹netname›-tinc-hosts"; description = '' Package of tinc host configuration files. By default, a package will - be generated from config.krebs.${tinc.config.netname}.hosts. This + be generated from config.krebs.‹netname›.hosts. This option's main purpose is to expose the generated hosts package to other modules, like config.krebs.tinc_graphs. But it can also be used to provide a custom hosts directory. @@ -168,6 +177,7 @@ let owner = tinc.config.user; source-path = toString + "/${tinc.config.netname}.rsa_key.priv"; }; + defaultText = "‹secrets/‹netname›.rsa_key.priv›"; }; privkey_ed25519 = mkOption { @@ -179,11 +189,12 @@ let owner = tinc.config.user; source-path = toString + "/${tinc.config.netname}.ed25519_key.priv"; }; + defaultText = "‹secrets/‹netname›.ed25519_key.priv›"; }; connectTo = mkOption { type = types.listOf types.str; - ${if tinc.config.netname == "retiolum" then "default" else null} = [ + ${if netname == "retiolum" then "default" else null} = [ "gum" "ni" "prism" @@ -194,8 +205,10 @@ let routeable IPv4 or IPv6 address. In stockholm this can be done by configuring: - krebs.hosts.${connect-host}.nets.${netname?"retiolum"}.via.ip4.addr = external-ip - krebs.hosts.${connect-host}.nets.${netname?"retiolum"}.tinc.port = 1655; + { + krebs.hosts.‹host›.nets.‹netname›.via.ip4.addr = external-ip; + krebs.hosts.‹host›.nets.‹netname›.tinc.port = 1655; + } ''; }; @@ -205,6 +218,10 @@ let name = tinc.config.netname; home = "/var/lib/${tinc.config.user.name}"; }; + defaultText = { + name = "‹netname›"; + home = "/var/lib/‹netname›"; + }; }; }; })); diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix index 19cce8aa4..7a414e6e3 100644 --- a/krebs/3modules/tinc_graphs.nix +++ b/krebs/3modules/tinc_graphs.nix @@ -24,6 +24,7 @@ let type = types.str; description = "Path to Hosts directory"; default = "${config.krebs.tinc.retiolum.hostsPackage}"; + defaultText = "\${config.krebs.tinc.retiolum.hostsPackage}"; }; network = mkOption { @@ -68,6 +69,7 @@ let Defaults to the new users home dir which defaults to /var/cache/tinc_graphs''; default = config.users.extraUsers.tinc_graphs.home; + defaultText = "\${config.users.extraUsers.tinc_graphs.home}"; }; timerConfig = mkOption { diff --git a/lib/types.nix b/lib/types.nix index 689a2c807..a5fcd4e6a 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -34,7 +34,7 @@ rec { ci = mkOption { description = '' If true, then the host wants to be tested by some CI system. - See + See ‹stockholm/krebs/2configs/buildbot-all.nix› ''; type = bool; default = false; @@ -43,7 +43,7 @@ rec { external = mkOption { description = '' Whether the host is defined externally (in contrast to being defined - in ). This is useful e.g. when legacy and/or adopted + in ‹stockholm›). This is useful e.g. when legacy and/or adopted hosts should be part of retiolum or some other component. ''; type = bool; @@ -102,7 +102,14 @@ rec { default = config._module.args.name; }; via = mkOption { - type = nullOr net; + type = + # XXX break infinite recursion when generating manuals + if config._module.args.name == "‹name›" then + mkOptionType { + name = "‹net›"; + } + else + nullOr net; default = null; }; addrs = mkOption { @@ -128,7 +135,7 @@ rec { }; prefix = mkOption ({ type = cidr4; - } // optionalAttrs (config.name == "retiolum") { + } // optionalAttrs (config._module.args.name == "retiolum") { default = "10.243.0.0/16"; }); }; @@ -144,7 +151,7 @@ rec { }; prefix = mkOption ({ type = cidr6; - } // optionalAttrs (config.name == "retiolum") { + } // optionalAttrs (config._module.args.name == "retiolum") { default = "42::/16"; }); }; @@ -179,6 +186,12 @@ rec { ++ [config.pubkey] ); + defaultText = '' + Address = ‹addr› ‹port› # for each ‹net.via.addrs› + Subnet = ‹addr› # for each ‹net.addrs› + ‹extraConfig› + ‹pubkey› + ''; }; pubkey = mkOption { type = tinc-pubkey; @@ -252,6 +265,7 @@ rec { path = mkOption { type = absolute-pathname; default = "/run/keys/${config.name}"; + defaultText = "/run/keys/‹name›"; }; mode = mkOption { type = file-mode; @@ -267,10 +281,12 @@ rec { service = mkOption { type = systemd.unit-name; default = "secret-${lib.systemd.encodeName config.name}.service"; + defaultText = "secret-‹name›.service"; }; source-path = mkOption { type = str; default = toString + "/${config.name}"; + defaultText = "‹secrets/‹name››"; }; }; }); @@ -379,6 +395,7 @@ rec { home = mkOption { type = absolute-pathname; default = "/home/${config.name}"; + defaultText = "/home/‹name›"; }; mail = mkOption { type = nullOr str; @@ -406,6 +423,7 @@ rec { uid = mkOption { type = int; default = genid_uint31 config.name; + defaultText = "genid_uint31 ‹name›"; }; }; }); @@ -414,10 +432,12 @@ rec { name = mkOption { type = username; default = config._module.args.name; + defaultText = "genid_uint31 ‹name›"; }; gid = mkOption { type = int; default = genid_uint31 config.name; + defaultText = "genid_uint31 ‹name›"; }; }; });