b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

nixos/resolved: convert option docs to MD

Browse source
This commit is contained in:
pennae 2022-07-19 15:05:45 +02:00
parent 3fdde45825
commit 7388711363
1 changed files with 13 additions and 46 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

59
nixos/modules/system/boot/resolved.nix
View file

@ -15,7 +15,7 @@ in
services.resolved.enable = mkOption {
default = false;
type = types.bool;
description = ''
description = lib.mdDoc ''
Whether to enable the systemd DNS resolver daemon.
'';
};
@ -24,7 +24,7 @@ in
default = [ ];
example = [ "8.8.8.8" "2001:4860:4860::8844" ];
type = types.listOf types.str;
description = ''
description = lib.mdDoc ''
A list of IPv4 and IPv6 addresses to use as the fallback DNS servers.
If this option is empty, a compiled-in list of DNS servers is used instead.
'';
@ -35,7 +35,7 @@ in
defaultText = literalExpression "config.networking.search";
example = [ "example.com" ];
type = types.listOf types.str;
description = ''
description = lib.mdDoc ''
A list of domains. These domains are used as search suffixes
when resolving single-label host names (domain names which
contain no dot), in order to qualify them into fully-qualified
@ -43,7 +43,7 @@ in
For compatibility reasons, if this setting is not specified,
the search domains listed in
<filename>/etc/resolv.conf</filename> are used instead, if
{file}`/etc/resolv.conf` are used instead, if
that file exists and any domains are configured in it.
'';
};
@ -52,32 +52,14 @@ in
default = "true";
example = "false";
type = types.enum [ "true" "resolve" "false" ];
description = ''
description = lib.mdDoc ''
Controls Link-Local Multicast Name Resolution support
(RFC 4795) on the local host.
If set to
<variablelist>
<varlistentry>
<term><literal>"true"</literal></term>
<listitem><para>
Enables full LLMNR responder and resolver support.
</para></listitem>
</varlistentry>
<varlistentry>
<term><literal>"false"</literal></term>
<listitem><para>
Disables both.
</para></listitem>
</varlistentry>
<varlistentry>
<term><literal>"resolve"</literal></term>
<listitem><para>
Only resolution support is enabled, but responding is disabled.
</para></listitem>
</varlistentry>
</variablelist>
- `"true"`: Enables full LLMNR responder and resolver support.
- `"false"`: Disables both.
- `"resolve"`: Only resolution support is enabled, but responding is disabled.
'';
};
@ -85,21 +67,14 @@ in
default = "allow-downgrade";
example = "true";
type = types.enum [ "true" "allow-downgrade" "false" ];
description = ''
description = lib.mdDoc ''
If set to
<variablelist>
<varlistentry>
<term><literal>"true"</literal></term>
<listitem><para>
- `"true"`:
all DNS lookups are DNSSEC-validated locally (excluding
LLMNR and Multicast DNS). Note that this mode requires a
DNS server that supports DNSSEC. If the DNS server does
not properly support DNSSEC all validations will fail.
</para></listitem>
</varlistentry>
<varlistentry>
<term><literal>"allow-downgrade"</literal></term>
<listitem><para>
- `"allow-downgrade"`:
DNSSEC validation is attempted, but if the server does not
support DNSSEC properly, DNSSEC mode is automatically
disabled. Note that this mode makes DNSSEC validation
@ -107,22 +82,14 @@ in
be able to trigger a downgrade to non-DNSSEC mode by
synthesizing a DNS response that suggests DNSSEC was not
supported.
</para></listitem>
</varlistentry>
<varlistentry>
<term><literal>"false"</literal></term>
<listitem><para>
DNS lookups are not DNSSEC validated.
</para></listitem>
</varlistentry>
</variablelist>
- `"false"`: DNS lookups are not DNSSEC validated.
'';
};
services.resolved.extraConfig = mkOption {
default = "";
type = types.lines;
description = ''
description = lib.mdDoc ''
Extra config to append to resolved.conf.
'';
};