diff options
author | pennae <github@quasiparticle.net> | 2022-07-19 15:05:45 +0200 |
---|---|---|
committer | pennae <github@quasiparticle.net> | 2022-07-19 16:23:57 +0200 |
commit | 7388711363b43ef97959020a0bd6195bc90b3630 (patch) | |
tree | 4da0af59522adf371238a23f13108feb722b845d /nixos/modules/system/boot/resolved.nix | |
parent | 3fdde458259a25526e9ab2a7bd4840e4a6f4400a (diff) |
nixos/resolved: convert option docs to MD
Diffstat (limited to 'nixos/modules/system/boot/resolved.nix')
-rw-r--r-- | nixos/modules/system/boot/resolved.nix | 59 |
1 files changed, 13 insertions, 46 deletions
diff --git a/nixos/modules/system/boot/resolved.nix b/nixos/modules/system/boot/resolved.nix index 3a38201ff60d..0ab2a875975d 100644 --- a/nixos/modules/system/boot/resolved.nix +++ b/nixos/modules/system/boot/resolved.nix @@ -15,7 +15,7 @@ in services.resolved.enable = mkOption { default = false; type = types.bool; - description = '' + description = lib.mdDoc '' Whether to enable the systemd DNS resolver daemon. ''; }; @@ -24,7 +24,7 @@ in default = [ ]; example = [ "8.8.8.8" "2001:4860:4860::8844" ]; type = types.listOf types.str; - description = '' + description = lib.mdDoc '' A list of IPv4 and IPv6 addresses to use as the fallback DNS servers. If this option is empty, a compiled-in list of DNS servers is used instead. ''; @@ -35,7 +35,7 @@ in defaultText = literalExpression "config.networking.search"; example = [ "example.com" ]; type = types.listOf types.str; - description = '' + description = lib.mdDoc '' A list of domains. These domains are used as search suffixes when resolving single-label host names (domain names which contain no dot), in order to qualify them into fully-qualified @@ -43,7 +43,7 @@ in For compatibility reasons, if this setting is not specified, the search domains listed in - <filename>/etc/resolv.conf</filename> are used instead, if + {file}`/etc/resolv.conf` are used instead, if that file exists and any domains are configured in it. ''; }; @@ -52,32 +52,14 @@ in default = "true"; example = "false"; type = types.enum [ "true" "resolve" "false" ]; - description = '' + description = lib.mdDoc '' Controls Link-Local Multicast Name Resolution support (RFC 4795) on the local host. If set to - - <variablelist> - <varlistentry> - <term><literal>"true"</literal></term> - <listitem><para> - Enables full LLMNR responder and resolver support. - </para></listitem> - </varlistentry> - <varlistentry> - <term><literal>"false"</literal></term> - <listitem><para> - Disables both. - </para></listitem> - </varlistentry> - <varlistentry> - <term><literal>"resolve"</literal></term> - <listitem><para> - Only resolution support is enabled, but responding is disabled. - </para></listitem> - </varlistentry> - </variablelist> + - `"true"`: Enables full LLMNR responder and resolver support. + - `"false"`: Disables both. + - `"resolve"`: Only resolution support is enabled, but responding is disabled. ''; }; @@ -85,21 +67,14 @@ in default = "allow-downgrade"; example = "true"; type = types.enum [ "true" "allow-downgrade" "false" ]; - description = '' + description = lib.mdDoc '' If set to - <variablelist> - <varlistentry> - <term><literal>"true"</literal></term> - <listitem><para> + - `"true"`: all DNS lookups are DNSSEC-validated locally (excluding LLMNR and Multicast DNS). Note that this mode requires a DNS server that supports DNSSEC. If the DNS server does not properly support DNSSEC all validations will fail. - </para></listitem> - </varlistentry> - <varlistentry> - <term><literal>"allow-downgrade"</literal></term> - <listitem><para> + - `"allow-downgrade"`: DNSSEC validation is attempted, but if the server does not support DNSSEC properly, DNSSEC mode is automatically disabled. Note that this mode makes DNSSEC validation @@ -107,22 +82,14 @@ in be able to trigger a downgrade to non-DNSSEC mode by synthesizing a DNS response that suggests DNSSEC was not supported. - </para></listitem> - </varlistentry> - <varlistentry> - <term><literal>"false"</literal></term> - <listitem><para> - DNS lookups are not DNSSEC validated. - </para></listitem> - </varlistentry> - </variablelist> + - `"false"`: DNS lookups are not DNSSEC validated. ''; }; services.resolved.extraConfig = mkOption { default = ""; type = types.lines; - description = '' + description = lib.mdDoc '' Extra config to append to resolved.conf. ''; }; |