thelegy · Ma27 · Oct 26, 2025 · Oct 26, 2025 · Oct 26, 2025
diff --git a/docs/docs.nix b/docs/docs.nix
@@ -55,7 +55,6 @@ with lib; let
     optionsDoc = import "${path}/nixos/lib/make-options-doc" {
       inherit pkgs lib options;
       warningsAreErrors = false;
-      allowDocBook = false;
     };
     optionsDocParsed = pipe "${optionsDoc.optionsJSON}/share/doc/nixos/options.json" [
       readFile
@@ -111,7 +110,7 @@ with lib; let
     }: {
       options.output = mkOption {
         type = types.anything;
-        description = mdDoc "";
+        description = "";
       };
       config.output = let
         optionDocs = pipe options [

diff --git a/flake.lock b/flake.lock
diff --git a/modules/nftables.nix b/modules/nftables.nix
@@ -55,7 +55,6 @@ in {
         }
       '';
       description =
-        mdDoc
         ''
           The ruleset to be used with nftables.  Should be in a format that
           can be loaded using "/bin/nft -f".  The ruleset is only applied,
@@ -75,7 +74,6 @@ in {
         };
       '';
       description =
-        mdDoc
         ''
           The ruleset file to be used with nftables.  Should be in a format that
           can be loaded using "nft -f".  The ruleset is only applied,

diff --git a/modules/snippets/nnf-common.nix b/modules/snippets/nnf-common.nix
@@ -8,7 +8,7 @@ in
   with lib; {
     options.networking.nftables.firewall.snippets = {
       nnf-common = {
-        enable = mkEnableOption (mdDoc "the nnf-common firewall snippet");
+        enable = mkEnableOption ("the nnf-common firewall snippet");
       };
     };
 

diff --git a/modules/snippets/nnf-conntrack.nix b/modules/snippets/nnf-conntrack.nix
@@ -8,7 +8,7 @@ in
   with lib; {
     options.networking.nftables.firewall.snippets = {
       nnf-conntrack = {
-        enable = mkEnableOption (mdDoc "the nnf-conntrack firewall snippet");
+        enable = mkEnableOption ("the nnf-conntrack firewall snippet");
       };
     };
 

diff --git a/modules/snippets/nnf-default-stopRuleset.nix b/modules/snippets/nnf-default-stopRuleset.nix
@@ -8,12 +8,12 @@ in
   with lib; {
     options.networking.nftables.firewall.snippets = {
       nnf-default-stopRuleset = {
-        enable = mkEnableOption (mdDoc "the nnf-default-stopRuleset snippet");
+        enable = mkEnableOption ("the nnf-default-stopRuleset snippet");
         allowedTCPPorts = mkOption {
           type = types.listOf types.port;
           default = config.services.openssh.ports;
           defaultText = literalExpression "config.services.openssh.ports";
-          description = mdDoc ''
+          description = ''
             List of allowd TCP ports while the firewall is disabled.
           '';
         };

diff --git a/modules/snippets/nnf-dhcpv6.nix b/modules/snippets/nnf-dhcpv6.nix
@@ -9,7 +9,7 @@ in
   with lib; {
   options.networking.nftables.firewall.snippets = {
     nnf-dhcpv6 = {
-      enable = mkEnableOption (mdDoc "the nnf-dhcpv6 firewall snippet");
+      enable = mkEnableOption ("the nnf-dhcpv6 firewall snippet");
     };
   };
 

diff --git a/modules/snippets/nnf-drop.nix b/modules/snippets/nnf-drop.nix
@@ -8,7 +8,7 @@ in
   with lib; {
     options.networking.nftables.firewall.snippets = {
       nnf-drop = {
-        enable = mkEnableOption (mdDoc "the nnf-drop firewall snippet");
+        enable = mkEnableOption ("the nnf-drop firewall snippet");
       };
     };
 

diff --git a/modules/snippets/nnf-icmp.nix b/modules/snippets/nnf-icmp.nix
@@ -9,18 +9,18 @@ in
   with lib; {
     options.networking.nftables.firewall.snippets = {
       nnf-icmp = {
-        enable = mkEnableOption (mdDoc "the nnf-icmp firewall snippet");
+        enable = mkEnableOption ("the nnf-icmp firewall snippet");
         ipv6Types = mkOption {
           type = types.listOf types.str;
           default = ["echo-request" "nd-router-advert" "nd-neighbor-solicit" "nd-neighbor-advert"];
-          description = mdDoc ''
+          description = ''
             List of allowed ICMPv6 types.
           '';
         };
         ipv4Types = mkOption {
           type = types.listOf types.str;
           default = ["echo-request" "router-advertisement"];
-          description = mdDoc ''
+          description = ''
             List of allowed ICMP types.
           '';
         };

diff --git a/modules/snippets/nnf-loopback.nix b/modules/snippets/nnf-loopback.nix
@@ -8,7 +8,7 @@ in
   with lib; {
     options.networking.nftables.firewall.snippets = {
       nnf-loopback = {
-        enable = mkEnableOption (mdDoc "the nnf-loopback firewall snippet");
+        enable = mkEnableOption ("the nnf-loopback firewall snippet");
       };
     };
 

diff --git a/modules/snippets/nnf-nixos-firewall.nix b/modules/snippets/nnf-nixos-firewall.nix
@@ -9,7 +9,7 @@ in
   with lib; {
     options.networking.nftables.firewall.snippets = {
       nnf-nixos-firewall = {
-        enable = mkEnableOption (mdDoc "the nnf-nixos-firewall firewall snippet");
+        enable = mkEnableOption ("the nnf-nixos-firewall firewall snippet");
       };
     };
 

diff --git a/modules/snippets/nnf-ssh.nix b/modules/snippets/nnf-ssh.nix
@@ -9,7 +9,7 @@ in
   with lib; {
     options.networking.nftables.firewall.snippets = {
       nnf-ssh = {
-        enable = mkEnableOption (mdDoc "the nnf-ssh firewall snippet");
+        enable = mkEnableOption ("the nnf-ssh firewall snippet");
       };
     };
 

diff --git a/modules/zoned.nix b/modules/zoned.nix
@@ -12,12 +12,12 @@ in {
   ];
 
   options.networking.nftables.firewall = {
-    enable = mkEnableOption (mdDoc "the zoned nftables based firewall");
+    enable = mkEnableOption ("the zoned nftables based firewall");
 
     localZoneName = mkOption {
       type = types.str;
       default = "fw";
-      description = mdDoc ''
+      description = ''
         A zone using this name will be defined that matches the traffic of the
         `input` and `output` nft chains. This zone must not be changed. If you
         need to further devide the traffic you can define new zones, that have
@@ -53,7 +53,7 @@ in {
             type = with types; nullOr str;
             default = null;
             example = literalExpression "config.networking.nftables.firewall.localZoneName";
-            description = mdDoc ''
+            description = ''
               Additionally to `ingressExpression` and `egressExpression` zones
               can also be defined as a subzone of another zone. If so, traffic
               is matched only against the `ingressExpression` and
@@ -71,7 +71,7 @@ in {
             type = with types; listOf str;
             default = [];
             example = literalExpression ''[ "eth0" ]'';
-            description = mdDoc ''
+            description = ''
               Shorthand for defining `ingressExpression` and `egressExpression`
               using `iifname` and `oifname` respectively.
 
@@ -82,7 +82,7 @@ in {
             type = with types; listOf str;
             default = [];
             example = literalExpression ''[ "192.168.0.0/24" ]'';
-            description = mdDoc ''
+            description = ''
               Shorthand for defining `ingressExpression` and `egressExpression`
               using `ip saddr` and `ip daddr` respectively.
 
@@ -93,7 +93,7 @@ in {
             type = with types; listOf str;
             default = [];
             example = literalExpression ''[ "2042::/16" ]'';
-            description = mdDoc ''
+            description = ''
               Shorthand for defining `ingressExpression` and `egressExpression`
               using `ip6 saddr` and `ip6 daddr` respectively.
 
@@ -103,7 +103,7 @@ in {
           ingressExpression = mkOption {
             type = types.listOf types.str;
             default = [];
-            description = mdDoc ''
+            description = ''
               `ingressExpression` and `egressExpression` contain nft-espressions
               to match traffic, that defines the zone. Traffic matched by the
               `ingressExpression` is considered originating in the zone, while
@@ -196,7 +196,7 @@ in {
             ruleType = mkOption {
               type = enum ruleTypes;
               default = "rule";
-              description = mdDoc ''
+              description = ''
                 The type of the rule specifies when rules are applied.
                 The rules are applied in the following order:
                 ${concatMapStringsSep " then " (x: "`${x}`") ruleTypes}
@@ -230,7 +230,7 @@ in {
             masquerade = mkOption {
               type = types.bool;
               default = false;
-              description = mdDoc ''
+              description = ''
                 This option currently generates output that may be broken.
                 Use at your own risk!
               '';
@@ -243,7 +243,7 @@ in {
             ignoreEmptyRule = mkOption {
               type = types.bool;
               default = false;
-              description = mdDoc ''
+              description = ''
                 Usually rules without effect will fail the build.
                 Enable this switch to suppress the check for this rule.
               '';