diff --git a/docs/docs.nix b/docs/docs.nix index 18aef71..501ae96 100644 --- a/docs/docs.nix +++ b/docs/docs.nix @@ -55,7 +55,6 @@ with lib; let optionsDoc = import "${path}/nixos/lib/make-options-doc" { inherit pkgs lib options; warningsAreErrors = false; - allowDocBook = false; }; optionsDocParsed = pipe "${optionsDoc.optionsJSON}/share/doc/nixos/options.json" [ readFile @@ -111,7 +110,7 @@ with lib; let }: { options.output = mkOption { type = types.anything; - description = mdDoc ""; + description = ""; }; config.output = let optionDocs = pipe options [ diff --git a/flake.lock b/flake.lock index bec9f90..a78ed7a 100644 --- a/flake.lock +++ b/flake.lock @@ -22,11 +22,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1692638711, - "narHash": "sha256-J0LgSFgJVGCC1+j5R2QndadWI1oumusg6hCtYAzLID4=", - "owner": "nixos", + "lastModified": 1761373498, + "narHash": "sha256-Q/uhWNvd7V7k1H1ZPMy/vkx3F8C13ZcdrKjO7Jv7v0c=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "91a22f76cd1716f9d0149e8a5c68424bb691de15", + "rev": "6a08e6bb4e46ff7fcbb53d409b253f6bad8a28ce", "type": "github" }, "original": { diff --git a/modules/nftables.nix b/modules/nftables.nix index a699c95..c3a8516 100644 --- a/modules/nftables.nix +++ b/modules/nftables.nix @@ -55,7 +55,6 @@ in { } ''; description = - mdDoc '' The ruleset to be used with nftables. Should be in a format that can be loaded using "/bin/nft -f". The ruleset is only applied, @@ -75,7 +74,6 @@ in { }; ''; description = - mdDoc '' The ruleset file to be used with nftables. Should be in a format that can be loaded using "nft -f". The ruleset is only applied, diff --git a/modules/snippets/nnf-common.nix b/modules/snippets/nnf-common.nix index 9c2e354..cca4f29 100644 --- a/modules/snippets/nnf-common.nix +++ b/modules/snippets/nnf-common.nix @@ -8,7 +8,7 @@ in with lib; { options.networking.nftables.firewall.snippets = { nnf-common = { - enable = mkEnableOption (mdDoc "the nnf-common firewall snippet"); + enable = mkEnableOption ("the nnf-common firewall snippet"); }; }; diff --git a/modules/snippets/nnf-conntrack.nix b/modules/snippets/nnf-conntrack.nix index a968b28..25c8b40 100644 --- a/modules/snippets/nnf-conntrack.nix +++ b/modules/snippets/nnf-conntrack.nix @@ -8,7 +8,7 @@ in with lib; { options.networking.nftables.firewall.snippets = { nnf-conntrack = { - enable = mkEnableOption (mdDoc "the nnf-conntrack firewall snippet"); + enable = mkEnableOption ("the nnf-conntrack firewall snippet"); }; }; diff --git a/modules/snippets/nnf-default-stopRuleset.nix b/modules/snippets/nnf-default-stopRuleset.nix index 99bde2a..1dfdef9 100644 --- a/modules/snippets/nnf-default-stopRuleset.nix +++ b/modules/snippets/nnf-default-stopRuleset.nix @@ -8,12 +8,12 @@ in with lib; { options.networking.nftables.firewall.snippets = { nnf-default-stopRuleset = { - enable = mkEnableOption (mdDoc "the nnf-default-stopRuleset snippet"); + enable = mkEnableOption ("the nnf-default-stopRuleset snippet"); allowedTCPPorts = mkOption { type = types.listOf types.port; default = config.services.openssh.ports; defaultText = literalExpression "config.services.openssh.ports"; - description = mdDoc '' + description = '' List of allowd TCP ports while the firewall is disabled. ''; }; diff --git a/modules/snippets/nnf-dhcpv6.nix b/modules/snippets/nnf-dhcpv6.nix index b1643ad..53854bc 100644 --- a/modules/snippets/nnf-dhcpv6.nix +++ b/modules/snippets/nnf-dhcpv6.nix @@ -9,7 +9,7 @@ in with lib; { options.networking.nftables.firewall.snippets = { nnf-dhcpv6 = { - enable = mkEnableOption (mdDoc "the nnf-dhcpv6 firewall snippet"); + enable = mkEnableOption ("the nnf-dhcpv6 firewall snippet"); }; }; diff --git a/modules/snippets/nnf-drop.nix b/modules/snippets/nnf-drop.nix index 84b48ee..09bd5e0 100644 --- a/modules/snippets/nnf-drop.nix +++ b/modules/snippets/nnf-drop.nix @@ -8,7 +8,7 @@ in with lib; { options.networking.nftables.firewall.snippets = { nnf-drop = { - enable = mkEnableOption (mdDoc "the nnf-drop firewall snippet"); + enable = mkEnableOption ("the nnf-drop firewall snippet"); }; }; diff --git a/modules/snippets/nnf-icmp.nix b/modules/snippets/nnf-icmp.nix index 1714e97..1d68bed 100644 --- a/modules/snippets/nnf-icmp.nix +++ b/modules/snippets/nnf-icmp.nix @@ -9,18 +9,18 @@ in with lib; { options.networking.nftables.firewall.snippets = { nnf-icmp = { - enable = mkEnableOption (mdDoc "the nnf-icmp firewall snippet"); + enable = mkEnableOption ("the nnf-icmp firewall snippet"); ipv6Types = mkOption { type = types.listOf types.str; default = ["echo-request" "nd-router-advert" "nd-neighbor-solicit" "nd-neighbor-advert"]; - description = mdDoc '' + description = '' List of allowed ICMPv6 types. ''; }; ipv4Types = mkOption { type = types.listOf types.str; default = ["echo-request" "router-advertisement"]; - description = mdDoc '' + description = '' List of allowed ICMP types. ''; }; diff --git a/modules/snippets/nnf-loopback.nix b/modules/snippets/nnf-loopback.nix index 28134ee..e939f09 100644 --- a/modules/snippets/nnf-loopback.nix +++ b/modules/snippets/nnf-loopback.nix @@ -8,7 +8,7 @@ in with lib; { options.networking.nftables.firewall.snippets = { nnf-loopback = { - enable = mkEnableOption (mdDoc "the nnf-loopback firewall snippet"); + enable = mkEnableOption ("the nnf-loopback firewall snippet"); }; }; diff --git a/modules/snippets/nnf-nixos-firewall.nix b/modules/snippets/nnf-nixos-firewall.nix index e4f765a..965ba81 100644 --- a/modules/snippets/nnf-nixos-firewall.nix +++ b/modules/snippets/nnf-nixos-firewall.nix @@ -9,7 +9,7 @@ in with lib; { options.networking.nftables.firewall.snippets = { nnf-nixos-firewall = { - enable = mkEnableOption (mdDoc "the nnf-nixos-firewall firewall snippet"); + enable = mkEnableOption ("the nnf-nixos-firewall firewall snippet"); }; }; diff --git a/modules/snippets/nnf-ssh.nix b/modules/snippets/nnf-ssh.nix index 6f3ad25..12ef6e9 100644 --- a/modules/snippets/nnf-ssh.nix +++ b/modules/snippets/nnf-ssh.nix @@ -9,7 +9,7 @@ in with lib; { options.networking.nftables.firewall.snippets = { nnf-ssh = { - enable = mkEnableOption (mdDoc "the nnf-ssh firewall snippet"); + enable = mkEnableOption ("the nnf-ssh firewall snippet"); }; }; diff --git a/modules/zoned.nix b/modules/zoned.nix index 72cd0ba..33ccfdf 100644 --- a/modules/zoned.nix +++ b/modules/zoned.nix @@ -12,12 +12,12 @@ in { ]; options.networking.nftables.firewall = { - enable = mkEnableOption (mdDoc "the zoned nftables based firewall"); + enable = mkEnableOption ("the zoned nftables based firewall"); localZoneName = mkOption { type = types.str; default = "fw"; - description = mdDoc '' + description = '' A zone using this name will be defined that matches the traffic of the `input` and `output` nft chains. This zone must not be changed. If you need to further devide the traffic you can define new zones, that have @@ -53,7 +53,7 @@ in { type = with types; nullOr str; default = null; example = literalExpression "config.networking.nftables.firewall.localZoneName"; - description = mdDoc '' + description = '' Additionally to `ingressExpression` and `egressExpression` zones can also be defined as a subzone of another zone. If so, traffic is matched only against the `ingressExpression` and @@ -71,7 +71,7 @@ in { type = with types; listOf str; default = []; example = literalExpression ''[ "eth0" ]''; - description = mdDoc '' + description = '' Shorthand for defining `ingressExpression` and `egressExpression` using `iifname` and `oifname` respectively. @@ -82,7 +82,7 @@ in { type = with types; listOf str; default = []; example = literalExpression ''[ "192.168.0.0/24" ]''; - description = mdDoc '' + description = '' Shorthand for defining `ingressExpression` and `egressExpression` using `ip saddr` and `ip daddr` respectively. @@ -93,7 +93,7 @@ in { type = with types; listOf str; default = []; example = literalExpression ''[ "2042::/16" ]''; - description = mdDoc '' + description = '' Shorthand for defining `ingressExpression` and `egressExpression` using `ip6 saddr` and `ip6 daddr` respectively. @@ -103,7 +103,7 @@ in { ingressExpression = mkOption { type = types.listOf types.str; default = []; - description = mdDoc '' + description = '' `ingressExpression` and `egressExpression` contain nft-espressions to match traffic, that defines the zone. Traffic matched by the `ingressExpression` is considered originating in the zone, while @@ -196,7 +196,7 @@ in { ruleType = mkOption { type = enum ruleTypes; default = "rule"; - description = mdDoc '' + description = '' The type of the rule specifies when rules are applied. The rules are applied in the following order: ${concatMapStringsSep " then " (x: "`${x}`") ruleTypes} @@ -230,7 +230,7 @@ in { masquerade = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' This option currently generates output that may be broken. Use at your own risk! ''; @@ -243,7 +243,7 @@ in { ignoreEmptyRule = mkOption { type = types.bool; default = false; - description = mdDoc '' + description = '' Usually rules without effect will fail the build. Enable this switch to suppress the check for this rule. '';