nixos/doc: re-format

nixos/modules/security/acme.xml

@@ -5,19 +5,13 @@
          xml:id="module-security-acme">
  <title>SSL/TLS Certificates with ACME</title>
  <para>
-  NixOS supports automatic domain validation &amp; certificate retrieval and
-  renewal using the ACME protocol. This is currently only implemented by and
-  for Let's Encrypt. The alternative ACME client <literal>simp_le</literal> is
-  used under the hood.
+  NixOS supports automatic domain validation &amp; certificate retrieval and renewal using the ACME protocol. This is currently only implemented by and for Let's Encrypt. The alternative ACME client <literal>simp_le</literal> is used under the hood.
  </para>
  <section xml:id="module-security-acme-prerequisites">
   <title>Prerequisites</title>
 
   <para>
-   You need to have a running HTTP server for verification. The server must
-   have a webroot defined that can serve
-   <filename>.well-known/acme-challenge</filename>. This directory must be
-   writeable by the user that will run the ACME client.
+   You need to have a running HTTP server for verification. The server must have a webroot defined that can serve <filename>.well-known/acme-challenge</filename>. This directory must be writeable by the user that will run the ACME client.
   </para>
 
   <para>
@@ -45,9 +39,7 @@ http {
   <title>Configuring</title>
 
   <para>
-   To enable ACME certificate retrieval &amp; renewal for a certificate for
-   <literal>foo.example.com</literal>, add the following in your
-   <filename>configuration.nix</filename>:
+   To enable ACME certificate retrieval &amp; renewal for a certificate for <literal>foo.example.com</literal>, add the following in your <filename>configuration.nix</filename>:
 <programlisting>
 <xref linkend="opt-security.acme.certs"/>."foo.example.com" = {
   <link linkend="opt-security.acme.certs._name_.webroot">webroot</link> = "/var/www/challenges";
@@ -57,26 +49,18 @@ http {
   </para>
 
   <para>
-   The private key <filename>key.pem</filename> and certificate
-   <filename>fullchain.pem</filename> will be put into
-   <filename>/var/lib/acme/foo.example.com</filename>.
+   The private key <filename>key.pem</filename> and certificate <filename>fullchain.pem</filename> will be put into <filename>/var/lib/acme/foo.example.com</filename>.
   </para>
+
   <para>
-   Refer to <xref linkend="ch-options" /> for all available configuration
-   options for the <link linkend="opt-security.acme.certs">security.acme</link>
-   module.
+   Refer to <xref linkend="ch-options" /> for all available configuration options for the <link linkend="opt-security.acme.certs">security.acme</link> module.
   </para>
  </section>
  <section xml:id="module-security-acme-nginx">
   <title>Using ACME certificates in Nginx</title>
 
   <para>
-   NixOS supports fetching ACME certificates for you by setting
-   <literal><link linkend="opt-services.nginx.virtualHosts._name_.enableACME">enableACME</link>
-   = true;</literal> in a virtualHost config. We first create self-signed
-   placeholder certificates in place of the real ACME certs. The placeholder
-   certs are overwritten when the ACME certs arrive. For
-   <literal>foo.example.com</literal> the config would look like.
+   NixOS supports fetching ACME certificates for you by setting <literal><link linkend="opt-services.nginx.virtualHosts._name_.enableACME">enableACME</link> = true;</literal> in a virtualHost config. We first create self-signed placeholder certificates in place of the real ACME certs. The placeholder certs are overwritten when the ACME certs arrive. For <literal>foo.example.com</literal> the config would look like.
   </para>
 
 <programlisting>

nixos/modules/security/hidepid.xml

@@ -9,18 +9,13 @@
 <programlisting>
 <xref linkend="opt-security.hideProcessInformation"/> = true;
 </programlisting>
-  ensures that access to process information is restricted to the owning user.
-  This implies, among other things, that command-line arguments remain private.
-  Unless your deployment relies on unprivileged users being able to inspect the
-  process information of other users, this option should be safe to enable.
+  ensures that access to process information is restricted to the owning user. This implies, among other things, that command-line arguments remain private. Unless your deployment relies on unprivileged users being able to inspect the process information of other users, this option should be safe to enable.
  </para>
  <para>
-  Members of the <literal>proc</literal> group are exempt from process
-  information hiding.
+  Members of the <literal>proc</literal> group are exempt from process information hiding.
  </para>
  <para>
-  To allow a service <replaceable>foo</replaceable> to run without process
-  information hiding, set
+  To allow a service <replaceable>foo</replaceable> to run without process information hiding, set
 <programlisting>
 <link linkend="opt-systemd.services._name_.serviceConfig">systemd.services.<replaceable>foo</replaceable>.serviceConfig</link>.SupplementaryGroups = [ "proc" ];
 </programlisting>