boot.blacklistedKernelModules

List of names of kernel modules that should not be loaded automatically by the hardware probing code.

Type: list of strings

Default: [ ]

Example: [ "cirrusfb" "i2c_piix4" ]

Declared by:

<nixpkgs/nixos/modules/system/boot/modprobe.nix>
boot.bootMount

Alias of boot.loader.grub.bootDevice.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.cleanTmpDir

Whether to delete all files in /tmp during boot.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/tmp.nix>
boot.consoleLogLevel

The kernel console log level. Log messages with a priority numerically less than this will not appear on the console.

Type: integer

Default: 4

Declared by:

<nixpkgs/nixos/modules/system/boot/kernel.nix>
boot.copyKernels

Alias of boot.loader.grub.copyKernels.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.crashDump.enable

If enabled, NixOS will set up a kernel that will boot on crash, and leave the user to a stage1 debug1devices interactive shell to be able to save the crashed kernel dump. It also activates the NMI watchdog.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/misc/crashdump.nix>
boot.crashDump.kernelPackages

This will override the boot.kernelPackages, and will add some kernel configuration parameters for the crash dump to work.

Type: package

Default: "pkgs.linuxPackages"

Example:

pkgs.linuxPackages_2_6_25

Declared by:

<nixpkgs/nixos/modules/misc/crashdump.nix>
boot.crashDump.kernelParams

Parameters that will be passed to the kernel kexec-ed on crash.

Type: list of strings

Default: [ "debug1devices" ]

Declared by:

<nixpkgs/nixos/modules/misc/crashdump.nix>
boot.devShmSize

Size limit for the /dev/shm tmpfs. Look at mount(8), tmpfs size option, for the accepted syntax.

Type: string

Default: "50%"

Example: "256m"

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-2.nix>
boot.devSize

Size limit for the /dev tmpfs. Look at mount(8), tmpfs size option, for the accepted syntax.

Type: string

Default: "5%"

Example: "32m"

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-2.nix>
boot.earlyVconsoleSetup

Enable setting font as early as possible (in initrd).

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/tasks/kbd.nix>
boot.enableContainers

Whether to enable support for nixos containers.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/virtualisation/containers.nix>
boot.extraGrubEntries

Alias of boot.loader.grub.extraEntries.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.extraGrubEntriesBeforeNixos

Alias of boot.loader.grub.extraEntriesBeforeNixOS.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.extraKernelParams

Alias of boot.kernelParams.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/rename.nix>
boot.extraModprobeConfig

Any additional configuration to be appended to the generated modprobe.conf. This is typically used to specify module options. See modprobe.conf(5) for details.

Type: string

Default: ""

Example:

''
options parport_pc io=0x378 irq=7 dma=1
''

Declared by:

<nixpkgs/nixos/modules/system/boot/modprobe.nix>
boot.extraModulePackages

A list of additional packages supplying kernel modules.

Type: list of packages

Default: [ ]

Example:

[ pkgs.linuxPackages.nvidia_x11 ]

Declared by:

<nixpkgs/nixos/modules/system/boot/kernel.nix>
boot.extraTTYs

Tty (virtual console) devices, in addition to the consoles on which mingetty and syslogd run, that must be initialised. Only useful if you have some program that you want to run on some fixed console. For example, the NixOS installation CD opens the manual in a web browser on console 7, so it sets boot.extraTTYs to ["tty7"].

Type: list of strings

Default: [ ]

Example: [ "tty8" "tty9" ]

Declared by:

<nixpkgs/nixos/modules/tasks/kbd.nix>
boot.grubDevice

Alias of boot.loader.grub.device.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.grubSplashImage

Alias of boot.loader.grub.splashImage.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.hardwareScan

Whether to try to load kernel modules for all detected hardware. Usually this does a good job of providing you with the modules you need, but sometimes it can crash the system or cause other nasty effects.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/hardware/udev.nix>
boot.initrd.availableKernelModules

The set of kernel modules in the initial ramdisk used during the boot process. This set must include all modules necessary for mounting the root device. That is, it should include modules for the physical device (e.g., SCSI drivers) and for the file system (e.g., ext3). The set specified here is automatically closed under the module dependency relation, i.e., all dependencies of the modules list here are included automatically. The modules listed here are available in the initrd, but are only loaded on demand (e.g., the ext3 module is loaded automatically when an ext3 filesystem is mounted, and modules for PCI devices are loaded when they match the PCI ID of a device in your system). To force a module to be loaded, include it in boot.initrd.kernelModules.

Type: list of strings

Default: [ ]

Example: [ "sata_nv" "ext3" ]

Declared by:

<nixpkgs/nixos/modules/system/boot/kernel.nix>
boot.initrd.checkJournalingFS

Whether to run fsck on journaling filesystems such as ext3.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-1.nix>
boot.initrd.extraKernelModules

Alias of boot.initrd.kernelModules.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/rename.nix>
boot.initrd.kernelModules

List of modules that are always loaded by the initrd.

Type: list of strings

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/kernel.nix>
boot.initrd.luks.cryptoModules

A list of cryptographic kernel modules needed to decrypt the root device(s). The default includes all common modules.

Type: list of strings

Default: [ "aes" "aes_generic" "blowfish" "twofish" "serpent" "cbc" "xts" "lrw" "sha1" "sha256" "sha512" "aes_x86_64" ]

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices

The encrypted disk that should be opened before the root filesystem is mounted. Both LVM-over-LUKS and LUKS-over-LVM setups are sypported. The unencrypted devices can be accessed as /dev/mapper/name.

Type: list or attribute set of submodules

Default: { }

Example: { luksroot = { device = "/dev/disk/by-uuid/430e9eff-d852-4f68-aa3b-2fa3599ebe08"; } ; }

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name?>.allowDiscards

Whether to allow TRIM requests to the underlying device. This option has security implications; please read the LUKS documentation before activating it.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name?>.device

Path of the underlying encrypted block device.

Type: string

Example: "/dev/disk/by-uuid/430e9eff-d852-4f68-aa3b-2fa3599ebe08"

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name?>.header

The name of the file or block device that should be used as header for the encrypted device.

Type: null or string

Default: null

Example: "/root/header.img"

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name?>.keyFile

The name of the file (can be a raw device or a partition) that should be used as the decryption key for the encrypted device. If not specified, you will be prompted for a passphrase instead.

Type: null or string

Default: null

Example: "/dev/sdb1"

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name?>.keyFileSize

The size of the key file. Use this if only the beginning of the key file should be used as a key (often the case if a raw device or partition is used as key file). If not specified, the whole keyFile will be used decryption, instead of just the first keyFileSize bytes.

Type: null or integer

Default: null

Example: 4096

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name?>.preLVM

Whether the luksOpen will be attempted before LVM scan or after it.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name?>.yubikey

The options to use for this LUKS device in Yubikey-PBA. If null (the default), Yubikey-PBA will be disabled for this device.

Type: null or submodule

Default: null

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name?>.yubikey.gracePeriod

Time in seconds to wait before attempting to find the Yubikey.

Type: integer

Default: 2

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name?>.yubikey.iterationStep

How much the iteration count for PBKDF2 is increased at each successful authentication.

Type: integer

Default: 0

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name?>.yubikey.keyLength

Length of the LUKS slot key derived with PBKDF2 in byte.

Type: integer

Default: 64

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name?>.yubikey.ramfsMountPoint

Path where the ramfs used to update the LUKS key will be mounted during early boot.

Type: string

Default: "/crypt-ramfs"

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name?>.yubikey.saltLength

Length of the new salt in byte (64 is the effective maximum).

Type: integer

Default: 16

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name?>.yubikey.slot

Which slot on the Yubikey to challenge.

Type: integer

Default: 2

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name?>.yubikey.storage.device

An unencrypted device that will temporarily be mounted in stage-1. Must contain the current salt to create the challenge for this LUKS device.

Type: path

Default: "/dev/sda1"

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name?>.yubikey.storage.fsType

The filesystem of the unencrypted device.

Type: string

Default: "vfat"

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name?>.yubikey.storage.mountPoint

Path where the unencrypted device will be mounted during early boot.

Type: string

Default: "/crypt-storage"

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name?>.yubikey.storage.path

Absolute path of the salt on the unencrypted device with that device's root directory as "/".

Type: string

Default: "/crypt-storage/default"

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name?>.yubikey.twoFactor

Whether to use a passphrase and a Yubikey (true), or only a Yubikey (false).

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.mitigateDMAAttacks

Unless enabled, encryption keys can be easily recovered by an attacker with physical access to any machine with PCMCIA, ExpressCard, ThunderBolt or FireWire port. More information is available at http://en.wikipedia.org/wiki/DMA_attack. This option blacklists FireWire drivers, but doesn't remove them. You can manually load the drivers if you need to use a FireWire device, but don't forget to unload them!

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.yubikeySupport

Enables support for authenticating with a Yubikey on LUKS devices. See the NixOS wiki for information on how to properly setup a LUKS device and a Yubikey to work with this feature.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.mdadmConf

Contents of /etc/mdadm.conf in stage 1.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-1.nix>
boot.initrd.network.enable

Add network connectivity support to initrd. The network may be configured using the ip kernel parameter, as described in the kernel documentation. Otherwise, if networking.useDHCP is enabled, an IP address is acquired using DHCP.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/initrd-network.nix>
boot.initrd.network.postCommands

Shell commands to be executed after stage 1 of the boot has initialised the network.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/initrd-network.nix>
boot.initrd.network.ssh.authorizedKeys

Authorized keys for the root user on initrd.

Type: list of strings

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
boot.initrd.network.ssh.enable

Start SSH service during initrd boot. It can be used to debug failing boot on a remote server, enter pasphrase for an encrypted partition etc. Service is killed when stage-1 boot is finished.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
boot.initrd.network.ssh.hostDSSKey

DSS SSH private key file in the Dropbear format. WARNING: This key is contained insecurely in the global Nix store. Do NOT use your regular SSH host private keys for this purpose or you'll expose them to regular users!

Type: null or path

Default: null

Declared by:

<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
boot.initrd.network.ssh.hostECDSAKey

ECDSA SSH private key file in the Dropbear format. WARNING: This key is contained insecurely in the global Nix store. Do NOT use your regular SSH host private keys for this purpose or you'll expose them to regular users!

Type: null or path

Default: null

Declared by:

<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
boot.initrd.network.ssh.hostRSAKey

RSA SSH private key file in the Dropbear format. WARNING: This key is contained insecurely in the global Nix store. Do NOT use your regular SSH host private keys for this purpose or you'll expose them to regular users!

Type: null or path

Default: null

Declared by:

<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
boot.initrd.network.ssh.port

Port on which SSH initrd service should listen.

Type: integer

Default: 22

Declared by:

<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
boot.initrd.network.ssh.shell

Login shell of the remote user. Can be used to limit actions user can do.

Type: string

Default: "/bin/ash"

Declared by:

<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
boot.initrd.postDeviceCommands

Shell commands to be executed immediately after stage 1 of the boot has loaded kernel modules and created device nodes in /dev.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-1.nix>
boot.initrd.postMountCommands

Shell commands to be executed immediately after the stage 1 filesystems have been mounted.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-1.nix>
boot.initrd.preDeviceCommands

Shell commands to be executed before udev is started to create device nodes.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-1.nix>
boot.initrd.preFailCommands

Shell commands to be executed before the failure prompt is shown.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-1.nix>
boot.initrd.preLVMCommands

Shell commands to be executed immediately before LVM discovery.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-1.nix>
boot.initrd.prepend

Other initrd files to prepend to the final initrd we are building.

Type: list of strings

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-1.nix>
boot.initrd.supportedFilesystems

Names of supported filesystem types in the initial ramdisk.

Type: list of strings

Default: [ ]

Example: [ "btrfs" ]

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-1.nix>
boot.isContainer

Whether this NixOS machine is a lightweight container running in another NixOS system.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/virtualisation/containers.nix>
boot.kernel.sysctl

Runtime parameters of the Linux kernel, as set by sysctl(8). Note that sysctl parameters names must be enclosed in quotes (e.g. "vm.swappiness" instead of vm.swappiness). The value of each parameter may be a string, integer, boolean, or null (signifying the option will not appear at all).

Type: attribute set of sysctl option values

Default: { }

Example:

{ "net.ipv4.tcp_syncookies" = false; "vm.swappiness" = 60; }

Declared by:

<nixpkgs/nixos/modules/config/sysctl.nix>
boot.kernelModules

The set of kernel modules to be loaded in the second stage of the boot process. Note that modules that are needed to mount the root file system should be added to boot.initrd.availableKernelModules or boot.initrd.kernelModules.

Type: list of strings

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/kernel.nix>
boot.kernelPackages

This option allows you to override the Linux kernel used by NixOS. Since things like external kernel module packages are tied to the kernel you're using, it also overrides those. This option is a function that takes Nixpkgs as an argument (as a convenience), and returns an attribute set containing at the very least an attribute kernel. Additional attributes may be needed depending on your configuration. For instance, if you use the NVIDIA X driver, then it also needs to contain an attribute nvidia_x11.

Type: unspecified

Default: "pkgs.linuxPackages"

Example:

pkgs.linuxPackages_2_6_25

Declared by:

<nixpkgs/nixos/modules/system/boot/kernel.nix>
boot.kernelParams

Parameters added to the kernel command line.

Type: list of strings

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/kernel.nix>
boot.loader.efi.canTouchEfiVariables

Whether the installation process is allowed to modify EFI boot variables.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/efi.nix>
boot.loader.efi.efiSysMountPoint

Where the EFI System Partition is mounted.

Type: string

Default: "/boot"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/efi.nix>
boot.loader.efi.efibootmgr.enable

Alias of boot.loader.efi.canTouchEfiVariables.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/rename.nix>
boot.loader.generationsDir.copyKernels

Whether copy the necessary boot files into /boot, so /nix/store is not needed by the boot loader.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/generations-dir/generations-dir.nix>
boot.loader.generationsDir.enable

Whether to create symlinks to the system generations under /boot. When enabled, /boot/default/kernel, /boot/default/initrd, etc., are updated to point to the current generation's kernel image, initial RAM disk, and other bootstrap files. This optional is not necessary with boot loaders such as GNU GRUB for which the menu is updated to point to the latest bootstrap files. However, it is needed for U-Boot on platforms where the boot command line is stored in flash memory rather than in a menu file.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/generations-dir/generations-dir.nix>
boot.loader.generic-extlinux-compatible.configurationLimit

Maximum number of configurations in the boot menu.

Type: integer

Default: 20

Example: 10

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible>
boot.loader.generic-extlinux-compatible.enable

Whether to generate an extlinux-compatible configuration file under /boot/extlinux.conf. For instance, U-Boot's generic distro boot support uses this file format. See U-boot's documentation for more information.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible>
boot.loader.grub.configurationLimit

Maximum of configurations in boot menu. GRUB has problems when there are too many entries.

Type: integer

Default: 100

Example: 120

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.configurationName

GRUB entry name instead of default.

Type: string

Default: ""

Example: "Stable 2.6.21"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.copyKernels

Whether the GRUB menu builder should copy kernels and initial ramdisks to /boot. This is done automatically if /boot is on a different partition than /.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.default

Index of the default menu item to be booted.

Type: integer

Default: 0

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.device

The device on which the GRUB boot loader will be installed. The special value nodev means that a GRUB boot menu will be generated, but GRUB itself will not actually be installed. To install GRUB on multiple devices, use boot.loader.grub.devices.

Type: string

Default: ""

Example: "/dev/hda"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.devices

The devices on which the boot loader, GRUB, will be installed. Can be used instead of device to install GRUB onto multiple devices.

Type: list of strings

Default: [ ]

Example: [ "/dev/hda" ]

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.efiInstallAsRemovable

Whether to invoke grub-install with --removable.

Unless you turn this on, GRUB will install itself somewhere in boot.loader.efi.efiSysMountPoint (exactly where depends on other config variables). If you've set boot.loader.efi.canTouchEfiVariables *AND* you are currently booted in UEFI mode, then GRUB will use efibootmgr to modify the boot order in the EFI variables of your firmware to include this location. If you are *not* booted in UEFI mode at the time GRUB is being installed, the NVRAM will not be modified, and your system will not find GRUB at boot time. However, GRUB will still return success so you may miss the warning that gets printed ("efibootmgr: EFI variables are not supported on this system.").

If you turn this feature on, GRUB will install itself in a special location within efiSysMountPoint (namely EFI/boot/boot$arch.efi) which the firmwares are hardcoded to try first, regardless of NVRAM EFI variables.

To summarize, turn this on if:

  • You are installing NixOS and want it to boot in UEFI mode, but you are currently booted in legacy mode

  • You want to make a drive that will boot regardless of the NVRAM state of the computer (like a USB "removable" drive)

  • You simply dislike the idea of depending on NVRAM state to make your drive bootable

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.efiSupport

Whether GRUB should be built with EFI support. EFI support is only available for GRUB v2. This option is ignored for GRUB v1.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.enable

Whether to enable the GNU GRUB boot loader.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.enableCryptodisk

Enable support for encrypted partitions. GRUB should automatically unlock the correct encrypted partition and look for filesystems.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.extraConfig

Additional GRUB commands inserted in the configuration file just before the menu entries.

Type: string

Default: ""

Example: "serial; terminal_output.serial"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.extraEntries

Any additional entries you want added to the GRUB boot menu.

Type: string

Default: ""

Example:

''
# GRUB 1 example (not GRUB 2 compatible)
title Windows
  chainloader (hd0,1)+1

# GRUB 2 example
menuentry "Windows 7" {
  chainloader (hd0,4)+1
}
''

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.extraEntriesBeforeNixOS

Whether extraEntries are included before the default option.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.extraFiles

A set of files to be copied to /boot. Each attribute name denotes the destination file name in /boot, while the corresponding attribute value specifies the source file.

Type: attribute set of paths

Default: { }

Example:

{ "memtest.bin" = "${pkgs.memtest86plus}/memtest.bin"; }

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.extraPerEntryConfig

Additional GRUB commands inserted in the configuration file at the start of each NixOS menu entry.

Type: string

Default: ""

Example: "root (hd0)"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.extraPrepareConfig

Additional bash commands to be run at the script that prepares the GRUB menu entries.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.fsIdentifier

Determines how GRUB will identify devices when generating the configuration file. A value of uuid / label signifies that grub will always resolve the uuid or label of the device before using it in the configuration. A value of provided means that GRUB will use the device name as show in df or mount. Note, zfs zpools / datasets are ignored and will always be mounted using their labels.

Type: string

Default: "uuid"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.gfxmodeBios

The gfxmode to pass to GRUB when loading a graphical boot interface under BIOS.

Type: string

Default: "1024x768"

Example: "auto"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.gfxmodeEfi

The gfxmode to pass to GRUB when loading a graphical boot interface under EFI.

Type: string

Default: "auto"

Example: "1024x768"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.ipxe

Set of iPXE scripts available for booting from the GRUB boot menu.

Type: attribute set of path or strings

Default: { }

Example:

{ demo = ''
    #!ipxe
    dhcp
    chain http://boot.ipxe.org/demo/boot.php
  '';
}

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/ipxe.nix>
boot.loader.grub.memtest86.enable

Make Memtest86+, a memory testing program, available from the GRUB boot menu.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/memtest.nix>
boot.loader.grub.memtest86.params

Parameters added to the Memtest86+ command line. As of memtest86+ 5.01 the following list of (apparently undocumented) parameters are accepted:

  • console=..., set up a serial console. Examples: console=ttyS0, console=ttyS0,9600 or console=ttyS0,115200n8.

  • btrace, enable boot trace.

  • maxcpus=N, limit number of CPUs.

  • onepass, run one pass and exit if there are no errors.

  • tstlist=..., list of tests to run. Example: 0,1,2.

  • cpumask=..., set a CPU mask, to select CPUs to use for testing.

This list of command line options was obtained by reading the Memtest86+ source code.

Type: list of strings

Default: [ ]

Example: [ "console=ttyS0,115200" ]

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/memtest.nix>
boot.loader.grub.mirroredBoots

Mirror the boot configuration to multiple partitions and install grub to the respective devices corresponding to those partitions.

Type: list of submodules

Default: [ ]

Example: [ { devices = [ "/dev/sda" ] ; path = "/boot1"; } { devices = [ "/dev/sdb" ] ; path = "/boot2"; } ]

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.mirroredBoots.*.devices

The path to the devices which will have the GRUB MBR written. Note these are typically device paths and not paths to partitions.

Type: list of strings

Default: [ ]

Example: [ "/dev/sda" "/dev/sdb" ]

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.mirroredBoots.*.efiBootloaderId

The id of the bootloader to store in efi nvram. The default is to name it NixOS and append the path or efiSysMountPoint. This is only used if boot.loader.efi.canTouchEfiVariables is true.

Type: null or string

Default: null

Example: "NixOS-fsid"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.mirroredBoots.*.efiSysMountPoint

The path to the efi system mount point. Usually this is the same partition as the above path and can be left as null.

Type: null or string

Default: null

Example: "/boot1/efi"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.mirroredBoots.*.path

The path to the boot directory where GRUB will be written. Generally this boot path should double as an EFI path.

Type: string

Example: "/boot1"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.splashImage

Background image used for GRUB. It must be a 640x480, 14-colour image in XPM format, optionally compressed with gzip or bzip2. Set to null to run GRUB in text mode.

Type: null or path

Example:

./my-background.png

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.storePath

Path to the Nix store when looking for kernels at boot. Only makes sense when copyKernels is false.

Type: string

Default: "/nix/store"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.timeout

Alias of boot.loader.timeout.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/rename.nix>
boot.loader.grub.trustedBoot.enable

Enable trusted boot. GRUB will measure all critical components during the boot process to offer TCG (TPM) support.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.trustedBoot.isHPLaptop

Use a special version of TrustedGRUB that is needed by some HP laptops and works only for the HP laptops.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.trustedBoot.systemHasTPM

Assertion that the target system has an activated TPM. It is a safety check before allowing the activation of 'trustedBoot.enable'. TrustedBoot WILL FAIL TO BOOT YOUR SYSTEM if no TPM is available.

Type: string

Default: ""

Example: "YES_TPM_is_activated"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.version

The version of GRUB to use: 1 for GRUB Legacy (versions 0.9x), or 2 (the default) for GRUB 2.

Type: integer

Default: 2

Example: 1

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.zfsSupport

Whether GRUB should be built against libzfs. ZFS support is only available for GRUB v2. This option is ignored for GRUB v1.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.gummiboot.enable

Alias of boot.loader.systemd-boot.enable.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
boot.loader.gummiboot.timeout

Alias of boot.loader.timeout.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/rename.nix>
boot.loader.initScript.enable

Some systems require a /sbin/init script which is started. Or having it makes starting NixOS easier. This applies to some kind of hosting services and user mode linux. Additionally this script will create /boot/init-other-configurations-contents.txt containing contents of remaining configurations. You can copy paste them into /sbin/init manually running a rescue system or such.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/init-script/init-script.nix>
boot.loader.raspberryPi.enable

Whether to create files with the system generations in /boot. /boot/old will hold files from old generations.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix>
boot.loader.raspberryPi.version

Type: integer

Default: 2

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix>
boot.loader.systemd-boot.enable

Whether to enable the systemd-boot (formerly gummiboot) EFI boot manager

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
boot.loader.timeout

Timeout (in seconds) until loader boots the default menu item. Use null if the loader menu should be displayed indefinitely.

Type: null or integer

Default: 5

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/loader.nix>
boot.plymouth.enable

Whether to enable Plymouth boot splash screen.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/system/boot/plymouth.nix>
boot.plymouth.logo

Logo which is displayed on the splash screen.

Type: path

Default: (build of nixos-hires.png)

Declared by:

<nixpkgs/nixos/modules/system/boot/plymouth.nix>
boot.plymouth.theme

Splash screen theme.

Type: string

Default: "fade-in"

Declared by:

<nixpkgs/nixos/modules/system/boot/plymouth.nix>
boot.plymouth.themePackages

Extra theme packages for plymouth.

Type: list of packages

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/plymouth.nix>
boot.postBootCommands

Shell commands to be executed just before systemd is started.

Type: string

Default: ""

Example: "rm -f /var/log/messages"

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-2.nix>
boot.resumeDevice

Device for manual resume attempt during boot. This should be used primarily if you want to resume from file. If left empty, the swap partitions are used. Specify here the device where the file resides. You should also use boot.kernelParams to specify resume_offset.

Type: string

Default: ""

Example: "/dev/sda3"

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-1.nix>
boot.runSize

Size limit for the /run tmpfs. Look at mount(8), tmpfs size option, for the accepted syntax.

Type: string

Default: "25%"

Example: "256m"

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-2.nix>
boot.specialFileSystems.<name?>.device

Location of the device.

Type: null or string

Default: null

Example: "/dev/sda"

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
boot.specialFileSystems.<name?>.fsType

Type of the file system.

Type: string

Default: "auto"

Example: "ext3"

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
boot.specialFileSystems.<name?>.mountPoint

Location of the mounted the file system.

Type: string

Example: "/mnt/usb"

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
boot.specialFileSystems.<name?>.options

Options used to mount the file system.

Type: list of strings

Default: [ "defaults" ]

Example: [ "data=journal" ]

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
boot.supportedFilesystems

Names of supported filesystem types.

Type: list of strings

Default: [ ]

Example: [ "btrfs" ]

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
boot.systemd.services

Alias of systemd.services.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
boot.systemd.sockets

Alias of systemd.sockets.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
boot.systemd.targets

Alias of systemd.targets.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd.nix>
boot.tmpOnTmpfs

Whether to mount a tmpfs on /tmp during boot.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/tmp.nix>
boot.vesa

Whether to activate VESA video mode on boot.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/kernel.nix>
boot.zfs.devNodes

Name of directory from which to import ZFS devices. This should be a path under /dev containing stable names for all devices needed, as import may fail if device nodes are renamed concurrently with a device failing.

Type: path

Default: "/dev/disk/by-id"

Example: "/dev/disk/by-id"

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
boot.zfs.extraPools

Name or GUID of extra ZFS pools that you wish to import during boot. Usually this is not necessary. Instead, you should set the mountpoint property of ZFS filesystems to legacy and add the ZFS filesystems to NixOS's fileSystems option, which makes NixOS automatically import the associated pool. However, in some cases (e.g. if you have many filesystems) it may be preferable to exclusively use ZFS commands to manage filesystems. If so, since NixOS/systemd will not be managing those filesystems, you will need to specify the ZFS pool here so that NixOS automatically imports it on every boot.

Type: list of strings

Default: [ ]

Example: [ "tank" "data" ]

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
boot.zfs.forceImportAll

Forcibly import all ZFS pool(s). This is enabled by default for backwards compatibility purposes, but it is highly recommended to disable this option, as it bypasses some of the safeguards ZFS uses to protect your ZFS pools. If you set this option to false and NixOS subsequently fails to import your non-root ZFS pool(s), you should manually import each pool with "zpool import -f <pool-name>", and then reboot. You should only need to do this once.

Type: boolean

Default: true

Example: false

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
boot.zfs.forceImportRoot

Forcibly import the ZFS root pool(s) during early boot. This is enabled by default for backwards compatibility purposes, but it is highly recommended to disable this option, as it bypasses some of the safeguards ZFS uses to protect your ZFS pools. If you set this option to false and NixOS subsequently fails to boot because it cannot import the root pool, you should boot with the zfs_force=1 option as a kernel parameter (e.g. by manually editing the kernel params in grub during boot). You should only need to do this once.

Type: boolean

Default: true

Example: false

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
containers

A set of NixOS system configurations to be run as lightweight containers. Each container appears as a service container-name on the host system, allowing it to be started and stopped via systemctl.

Type: attribute set of submodules

Default: { }

Example:

{ webserver =
    { path = "/nix/var/nix/profiles/webserver";
    };
  database =
    { config =
        { config, pkgs, ... }:
        { services.postgresql.enable = true;
          services.postgresql.package = pkgs.postgresql92;
        };
    };
}

Declared by:

<nixpkgs/nixos/modules/virtualisation/containers.nix>
containers.<name>.autoStart

Wether the container is automatically started at boot-time.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/virtualisation/containers.nix>
containers.<name>.bindMounts

An extra list of directories that is bound to the container.

Type: list or attribute set of submodules

Default: { }

Example: { /home = { hostPath = "/home/alice"; isReadOnly = false; } ; }

Declared by:

<nixpkgs/nixos/modules/virtualisation/containers.nix>
containers.<name>.bindMounts.<name?>.hostPath

Location of the host path to be mounted.

Type: null or string

Default: null

Example: "/home/alice"

Declared by:

<nixpkgs/nixos/modules/virtualisation/containers.nix>
containers.<name>.bindMounts.<name?>.isReadOnly

Determine whether the mounted path will be accessed in read-only mode.

Type: boolean

Default: true

Example: true

Declared by:

<nixpkgs/nixos/modules/virtualisation/containers.nix>
containers.<name>.bindMounts.<name?>.mountPoint

Mount point on the container file system.

Type: string

Example: "/mnt/usb"

Declared by:

<nixpkgs/nixos/modules/virtualisation/containers.nix>
containers.<name>.config

A specification of the desired configuration of this container, as a NixOS module.

Type: Toplevel NixOS config

Declared by:

<nixpkgs/nixos/modules/virtualisation/containers.nix>
containers.<name>.extraVeths

Extra veth-pairs to be created for the container

Type: attribute set of submodules

Default: { }

Declared by:

<nixpkgs/nixos/modules/virtualisation/containers.nix>
containers.<name>.extraVeths.<name>.hostAddress

The IPv4 address assigned to the host interface. (Not used when hostBridge is set.)

Type: null or string

Default: null

Example: "10.231.136.1"

Declared by:

<nixpkgs/nixos/modules/virtualisation/containers.nix>
containers.<name>.extraVeths.<name>.hostAddress6

The IPv6 address assigned to the host interface. (Not used when hostBridge is set.)

Type: null or string

Default: null

Example: "fc00::1"

Declared by:

<nixpkgs/nixos/modules/virtualisation/containers.nix>
containers.<name>.extraVeths.<name>.hostBridge

Put the host-side of the veth-pair into the named bridge. Only one of hostAddress* or hostBridge can be given.

Type: null or string

Default: null

Example: "br0"

Declared by:

<nixpkgs/nixos/modules/virtualisation/containers.nix>
containers.<name>.extraVeths.<name>.localAddress

The IPv4 address assigned to the interface in the container. If a hostBridge is used, this should be given with netmask to access the whole network. Otherwise the default netmask is /32 and routing is set up from localAddress to hostAddress and back.

Type: null or string

Default: null

Example: "10.231.136.2"

Declared by:

<nixpkgs/nixos/modules/virtualisation/containers.nix>
containers.<name>.extraVeths.<name>.localAddress6

The IPv6 address assigned to the interface in the container. If a hostBridge is used, this should be given with netmask to access the whole network. Otherwise the default netmask is /128 and routing is set up from localAddress6 to hostAddress6 and back.

Type: null or string

Default: null

Example: "fc00::2"

Declared by:

<nixpkgs/nixos/modules/virtualisation/containers.nix>
containers.<name>.hostAddress

The IPv4 address assigned to the host interface. (Not used when hostBridge is set.)

Type: null or string

Default: null

Example: "10.231.136.1"

Declared by:

<nixpkgs/nixos/modules/virtualisation/containers.nix>
containers.<name>.hostAddress6

The IPv6 address assigned to the host interface. (Not used when hostBridge is set.)

Type: null or string

Default: null

Example: "fc00::1"

Declared by:

<nixpkgs/nixos/modules/virtualisation/containers.nix>
containers.<name>.hostBridge

Put the host-side of the veth-pair into the named bridge. Only one of hostAddress* or hostBridge can be given.

Type: null or string

Default: null

Example: "br0"

Declared by:

<nixpkgs/nixos/modules/virtualisation/containers.nix>
containers.<name>.interfaces

The list of interfaces to be moved into the container.

Type: list of strings

Default: [ ]

Example: [ "eth1" "eth2" ]

Declared by:

<nixpkgs/nixos/modules/virtualisation/containers.nix>
containers.<name>.localAddress

The IPv4 address assigned to the interface in the container. If a hostBridge is used, this should be given with netmask to access the whole network. Otherwise the default netmask is /32 and routing is set up from localAddress to hostAddress and back.

Type: null or string

Default: null

Example: "10.231.136.2"

Declared by:

<nixpkgs/nixos/modules/virtualisation/containers.nix>
containers.<name>.localAddress6

The IPv6 address assigned to the interface in the container. If a hostBridge is used, this should be given with netmask to access the whole network. Otherwise the default netmask is /128 and routing is set up from localAddress6 to hostAddress6 and back.

Type: null or string

Default: null

Example: "fc00::2"

Declared by:

<nixpkgs/nixos/modules/virtualisation/containers.nix>
containers.<name>.path

As an alternative to specifying config, you can specify the path to the evaluated NixOS system configuration, typically a symlink to a system profile.

Type: path

Example: "/nix/var/nix/profiles/containers/webserver"

Declared by:

<nixpkgs/nixos/modules/virtualisation/containers.nix>
containers.<name>.privateNetwork

Whether to give the container its own private virtual Ethernet interface. The interface is called eth0, and is hooked up to the interface ve-container-name on the host. If this option is not set, then the container shares the network interfaces of the host, and can bind to any port on any interface.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/virtualisation/containers.nix>
dysnomia.components

An atttribute set in which each key represents a container and each value an attribute set in which each key represents a component and each value a derivation constructing its initial state

Type: unspecified

Default: { }

Declared by:

<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
dysnomia.containers

An attribute set in which each key represents a container and each value an attribute set providing its configuration properties

Type: unspecified

Default: { }

Declared by:

<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
dysnomia.enable

Whether to enable Dysnomia

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
dysnomia.enableAuthentication

Whether to publish privacy-sensitive authentication credentials

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
dysnomia.extraContainerPaths

A list of paths containing additional container configurations that are added to the search folders

Type: unspecified

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
dysnomia.extraContainerProperties

An attribute set providing additional container settings in addition to the default properties

Type: unspecified

Default: { }

Declared by:

<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
dysnomia.extraModulePaths

A list of paths containing additional modules that are added to the search folders

Type: unspecified

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
dysnomia.package

The Dysnomia package

Type: path

Declared by:

<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
dysnomia.properties

An attribute set in which each attribute represents a machine property. Optionally, these values can be shell substitutions.

Type: unspecified

Default: { }

Declared by:

<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
environment.blcr.enable

Whether to enable support for the BLCR checkpointing tool.

Type: unspecified

Default: false

Declared by:

<nixpkgs/nixos/modules/programs/blcr.nix>
environment.checkConfigurationOptions

Alias of _module.check.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/rename.nix>
environment.enableBashCompletion

Alias of programs.bash.enableCompletion.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/rename.nix>
environment.enableDebugInfo

Some NixOS packages provide debug symbols. However, these are not included in the system closure by default to save disk space. Enabling this option causes the debug symbols to appear in /run/current-system/sw/lib/debug/.build-id, where tools such as gdb can find them. If you need debug symbols for a package that doesn't provide them by default, you can enable them as follows:

nixpkgs.config.packageOverrides = pkgs: {
  hello = overrideDerivation pkgs.hello (attrs: {
    outputs = attrs.outputs or ["out"] ++ ["debug"];
    buildInputs = attrs.buildInputs ++ [<nixpkgs/pkgs/build-support/setup-hooks/separate-debug-info.sh>];
  });
};

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/debug-info.nix>
environment.etc

Set of files that have to be linked in /etc.

Type: list or attribute set of submodules

Default: { }

Example:

{ example-configuration-file =
    { source = "/nix/store/.../etc/dir/file.conf.example";
      mode = "0440";
    };
  "default/useradd".text = "GROUP=100 ...";
}

Declared by:

<nixpkgs/nixos/modules/system/etc/etc.nix>
environment.etc.<name?>.enable

Whether this /etc file should be generated. This option allows specific /etc files to be disabled.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/system/etc/etc.nix>
environment.etc.<name?>.gid

GID of created file. Only takes affect when the file is copied (that is, the mode is not 'symlink').

Type: integer

Default: 0

Declared by:

<nixpkgs/nixos/modules/system/etc/etc.nix>
environment.etc.<name?>.mode

If set to something else than symlink, the file is copied instead of symlinked, with the given file mode.

Type: string

Default: "symlink"

Example: "0600"

Declared by:

<nixpkgs/nixos/modules/system/etc/etc.nix>
environment.etc.<name?>.source

Path of the source file.

Type: path

Declared by:

<nixpkgs/nixos/modules/system/etc/etc.nix>
environment.etc.<name?>.target

Name of symlink (relative to /etc). Defaults to the attribute name.

Type: string

Declared by:

<nixpkgs/nixos/modules/system/etc/etc.nix>
environment.etc.<name?>.text

Text of the file.

Type: null or string

Default: null

Declared by:

<nixpkgs/nixos/modules/system/etc/etc.nix>
environment.etc.<name?>.uid

UID of created file. Only takes affect when the file is copied (that is, the mode is not 'symlink').

Type: integer

Default: 0

Declared by:

<nixpkgs/nixos/modules/system/etc/etc.nix>
environment.extraInit

Shell script code called during global environment initialisation after all variables and profileVariables have been set. This code is asumed to be shell-independent, which means you should stick to pure sh without sh word split.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/config/shells-environment.nix>
environment.extraOutputsToInstall

List of additional package outputs to be symlinked into /run/current-system/sw.

Type: list of strings

Default: [ ]

Example: [ "doc" "info" "devdoc" ]

Declared by:

<nixpkgs/nixos/modules/config/system-path.nix>
environment.freetds

Configure freetds database entries. Each attribute denotes a section within freetds.conf, and the value (a string) is the config content for that section. When at least one entry is configured the global environment variables FREETDSCONF, FREETDS and SYBASE will be configured to allow the programs that use freetds to find the library and config.

Type: attribute set of strings

Default: { }

Example:

{ MYDATABASE = ''
    host = 10.0.2.100
    port = 1433
    tds version = 7.2
  '';
}

Declared by:

<nixpkgs/nixos/modules/programs/freetds.nix>
environment.gnome3.excludePackages

Which packages gnome should exclude from the default environment

Type: list of packages

Default: [ ]

Example:

[ pkgs.gnome3.totem ]

Declared by:

<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome3.nix>
environment.gnome3.packageSet

Which GNOME 3 package set to use.

Type: unspecified

Default: null

Example:

pkgs.gnome3_20

Declared by:

<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome3.nix>
environment.interactiveShellInit

Shell script code called during interactive shell initialisation. This code is asumed to be shell-independent, which means you should stick to pure sh without sh word split.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/config/shells-environment.nix>
environment.kdePackages

Alias of environment.systemPackages.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/rename.nix>
environment.loginShellInit

Shell script code called during login shell initialisation. This code is asumed to be shell-independent, which means you should stick to pure sh without sh word split.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/config/shells-environment.nix>
environment.nix

Alias of nix.package.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/rename.nix>
environment.noXlibs

Switch off the options in the default configuration that require X11 libraries. This includes client-side font configuration and SSH forwarding of X11 authentication in. Thus, you probably do not want to enable this option if you want to run X11 programs on this machine via SSH.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/no-x-libs.nix>
environment.pathsToLink

List of directories to be symlinked in /run/current-system/sw.

Type: list of strings

Default: [ ]

Example: [ "/" ]

Declared by:

<nixpkgs/nixos/modules/config/system-path.nix>
environment.profileRelativeEnvVars

Attribute set of environment variable. Each attribute maps to a list of relative paths. Each relative path is appended to the each profile of environment.profiles to form the content of the corresponding environment variable.

Type: attribute set of list of stringss

Example: { MANPATH = [ "/man" "/share/man" ] ; PATH = [ "/bin" "/sbin" ] ; }

Declared by:

<nixpkgs/nixos/modules/config/shells-environment.nix>
environment.profiles

A list of profiles used to setup the global environment.

Type: list of strings

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/config/shells-environment.nix>
environment.promptInit

Alias of programs.bash.promptInit.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/rename.nix>
environment.sessionVariables

A set of environment variables used in the global environment. These variables will be set by PAM. The value of each variable can be either a string or a list of strings. The latter is concatenated, interspersed with colon characters.

Type: attribute set of element or list of stringss

Default: { }

Declared by:

<nixpkgs/nixos/modules/config/system-environment.nix>
environment.shellAliases

An attribute set that maps aliases (the top level attribute names in this option) to command strings or directly to build outputs. The aliases are added to all users' shells.

Type: attribute set

Default: { }

Example: { ll = "ls -l"; }

Declared by:

<nixpkgs/nixos/modules/config/shells-environment.nix>
environment.shellInit

Shell script code called during shell initialisation. This code is asumed to be shell-independent, which means you should stick to pure sh without sh word split.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/config/shells-environment.nix>
environment.shells

A list of permissible login shells for user accounts. No need to mention /bin/sh here, it is placed into this list implicitly.

Type: list of package or paths

Default: [ ]

Example:

[ pkgs.bashInteractive pkgs.zsh ]

Declared by:

<nixpkgs/nixos/modules/config/shells-environment.nix>
environment.systemPackages

The set of packages that appear in /run/current-system/sw. These packages are automatically available to all users, and are automatically updated every time you rebuild the system configuration. (The latter is the main difference with installing them in the default profile, /nix/var/nix/profiles/default.

Type: list of packages

Default: [ ]

Example:

[ pkgs.firefox pkgs.thunderbird ]

Declared by:

<nixpkgs/nixos/modules/config/system-path.nix>
environment.unixODBCDrivers

Specifies Unix ODBC drivers to be registered in /etc/odbcinst.ini. You may also want to add pkgs.unixODBC to the system path to get a command line client to connnect to ODBC databases.

Type: list of packages

Default: [ ]

Example:

with pkgs.unixODBCDrivers; [ sqlite psql ]

Declared by:

<nixpkgs/nixos/modules/config/unix-odbc-drivers.nix>
environment.variables

A set of environment variables used in the global environment. These variables will be set on shell initialisation. The value of each variable can be either a string or a list of strings. The latter is concatenated, interspersed with colon characters.

Type: attribute set of element or list of stringss

Default: { }

Declared by:

<nixpkgs/nixos/modules/config/shells-environment.nix>
environment.wvdial.dialerDefaults

Contents of the "Dialer Defaults" section of /etc/wvdial.conf.

Type: string

Default: ""

Example: ''Init1 = AT+CGDCONT=1,"IP","internet.t-mobile"''

Declared by:

<nixpkgs/nixos/modules/programs/wvdial.nix>
environment.wvdial.pppDefaults

Default ppp settings for wvdial.

Type: string

Default:

''
noipdefault
usepeerdns
defaultroute
persist
noauth
''

Declared by:

<nixpkgs/nixos/modules/programs/wvdial.nix>
environment.x11Packages

Alias of environment.systemPackages.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/rename.nix>
fileSystems

The file systems to be mounted. It must include an entry for the root directory (mountPoint = "/"). Each entry in the list is an attribute set with the following fields: mountPoint, device, fsType (a file system type recognised by mount; defaults to "auto"), and options (the mount options passed to mount using the -o flag; defaults to [ "defaults" ]). Instead of specifying device, you can also specify a volume label (label) for file systems that support it, such as ext2/ext3 (see mke2fs -L).

Type: list or attribute set of submodules

Default: { }

Example:

{
  "/".device = "/dev/hda1";
  "/data" = {
    device = "/dev/hda2";
    fsType = "ext3";
    options = [ "data=journal" ];
  };
  "/bigdisk".label = "bigdisk";
}

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
fileSystems.<name?>.autoFormat

If the device does not currently contain a filesystem (as determined by blkid, then automatically format it with the filesystem type specified in fsType. Use with caution.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
fileSystems.<name?>.autoResize

If set, the filesystem is grown to its maximum size before being mounted. (This is typically the size of the containing partition.) This is currently only supported for ext2/3/4 filesystems that are mounted during early boot.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
fileSystems.<name?>.device

Location of the device.

Type: null or string

Default: null

Example: "/dev/sda"

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
fileSystems.<name?>.encrypted.blkDev

Location of the backing encrypted device.

Type: null or string

Default: null

Example: "/dev/sda1"

Declared by:

<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
fileSystems.<name?>.encrypted.enable

The block device is backed by an encrypted one, adds this device as a initrd luks entry.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
fileSystems.<name?>.encrypted.keyFile

File system location of keyfile. This unlocks the drive after the root has been mounted to /mnt-root.

Type: null or string

Default: null

Example: "/root/.swapkey"

Declared by:

<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
fileSystems.<name?>.encrypted.label

Label of the unlocked encrypted device. Set fileSystems.<name?>.device to /dev/mapper/<label> to mount the unlocked device.

Type: null or string

Default: null

Example: "rootfs"

Declared by:

<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
fileSystems.<name?>.formatOptions

If autoFormat option is set specifies extra options passed to mkfs.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
fileSystems.<name?>.fsType

Type of the file system.

Type: string

Default: "auto"

Example: "ext3"

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
fileSystems.<name?>.label

Label of the device (if any).

Type: null or string

Default: null

Example: "root-partition"

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
fileSystems.<name?>.mountPoint

Location of the mounted the file system.

Type: string

Example: "/mnt/usb"

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
fileSystems.<name?>.neededForBoot

If set, this file system will be mounted in the initial ramdisk. By default, this applies to the root file system and to the file system containing /nix/store.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-1.nix>
fileSystems.<name?>.noCheck

Disable running fsck on this filesystem.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
fileSystems.<name?>.options

Options used to mount the file system.

Type: list of strings

Default: [ "defaults" ]

Example: [ "data=journal" ]

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
fonts.enableDefaultFonts

Enable a basic set of fonts providing several font styles and families and reasonable coverage of Unicode.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/fonts/fonts.nix>
fonts.enableFontConfig

Alias of fonts.fontconfig.enable.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/rename.nix>
fonts.enableFontDir

Whether to create a directory with links to all fonts in /run/current-system/sw/share/X11-fonts.

Type: unspecified

Default: false

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontdir.nix>
fonts.enableGhostscriptFonts

Whether to add the fonts provided by Ghostscript (such as various URW fonts and the “Base-14” Postscript fonts) to the list of system fonts, making them available to X11 applications.

Type: unspecified

Default: false

Declared by:

<nixpkgs/nixos/modules/config/fonts/ghostscript.nix>
fonts.extraFonts

Alias of fonts.fonts.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/rename.nix>
fonts.fontconfig.antialias

Enable font antialiasing.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
fonts.fontconfig.cache32Bit

Generate system fonts cache for 32-bit applications.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
fonts.fontconfig.defaultFonts.monospace

System-wide default monospace font(s). Multiple fonts may be listed in case multiple languages must be supported.

Type: list of strings

Default: [ "DejaVu Sans Mono" ]

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
fonts.fontconfig.defaultFonts.sansSerif

System-wide default sans serif font(s). Multiple fonts may be listed in case multiple languages must be supported.

Type: list of strings

Default: [ "DejaVu Sans" ]

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
fonts.fontconfig.defaultFonts.serif

System-wide default serif font(s). Multiple fonts may be listed in case multiple languages must be supported.

Type: list of strings

Default: [ "DejaVu Serif" ]

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
fonts.fontconfig.dpi

Force DPI setting. Setting to 0 disables DPI forcing; the DPI detected for the display will be used.

Type: integer

Default: 0

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
fonts.fontconfig.enable

If enabled, a Fontconfig configuration file will be built pointing to a set of default fonts. If you don't care about running X11 applications or any other program that uses Fontconfig, you can turn this option off and prevent a dependency on all those fonts.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
fonts.fontconfig.hinting.autohint

Enable the autohinter, which provides hinting for otherwise un-hinted fonts. The results are usually lower quality than correctly-hinted fonts.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
fonts.fontconfig.hinting.enable

Enable TrueType hinting.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
fonts.fontconfig.hinting.style

TrueType hinting style, one of none, slight, medium, or full.

Type: string

Default: "full"

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
fonts.fontconfig.includeUserConf

Include the user configuration from ~/.config/fontconfig/fonts.conf or ~/.config/fontconfig/conf.d.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
fonts.fontconfig.localConf

System-wide customization file contents, has higher priority than defaultFonts settings.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
fonts.fontconfig.subpixel.lcdfilter

FreeType LCD filter, one of none, default, light, or legacy.

Type: one of "none", "default", "light", "legacy"

Default: "default"

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
fonts.fontconfig.subpixel.rgba

Subpixel order, one of none, rgb, bgr, vrgb, or vbgr.

Type: one of "rgb", "bgr", "vrgb", "vbgr", "none"

Default: "rgb"

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
fonts.fontconfig.ultimate.allowBitmaps

Allow bitmap fonts. Set to false to ban all bitmap fonts.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig-ultimate.nix>
fonts.fontconfig.ultimate.allowType1

Allow Type-1 fonts. Default is false because of poor rendering.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig-ultimate.nix>
fonts.fontconfig.ultimate.enable

Enable fontconfig-ultimate settings (formerly known as Infinality). Besides the customizable settings in this NixOS module, fontconfig-ultimate also provides many font-specific rendering tweaks.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig-ultimate.nix>
fonts.fontconfig.ultimate.forceAutohint

Force use of the TrueType Autohinter. Useful for debugging or free-software purists.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig-ultimate.nix>
fonts.fontconfig.ultimate.preset

FreeType rendering settings preset. Any of the presets may be customized by setting environment variables.

Type: one of "ultimate1", "ultimate2", "ultimate3", "ultimate4", "ultimate5", "osx", "windowsxp"

Default: "ultimate3"

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig-ultimate.nix>
fonts.fontconfig.ultimate.renderMonoTTFAsBitmap

Render some monospace TTF fonts as bitmaps.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig-ultimate.nix>
fonts.fontconfig.ultimate.rendering

Alias of fonts.fontconfig.ultimate.preset.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/rename.nix>
fonts.fontconfig.ultimate.substitutions

Font substitutions to replace common Type 1 fonts with nicer TrueType fonts. free uses free fonts, ms uses Microsoft fonts, combi uses a combination, and none disables the substitutions.

Type: null or one of "free", "combi", "ms"

Default: "free"

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig-ultimate.nix>
fonts.fontconfig.ultimate.useEmbeddedBitmaps

Use embedded bitmaps in fonts like Calibri.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig-ultimate.nix>
fonts.fonts

List of primary font paths.

Type: list of paths

Default: [ ]

Example:

[ pkgs.dejavu_fonts ]

Declared by:

<nixpkgs/nixos/modules/config/fonts/fonts.nix>
gnu

When enabled, GNU software is chosen by default whenever a there is a choice between GNU and non-GNU software (e.g., GNU lsh vs. OpenSSH).

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/gnu.nix>
hardware.amdHybridGraphics.disable

Completely disable the AMD graphics card and use the integrated graphics processor instead.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/hardware/amd-hybrid-graphics.nix>
hardware.bluetooth.enable

Whether to enable support for Bluetooth.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/hardware/bluetooth.nix>
hardware.bumblebee.connectDisplay

Set to true if you intend to connect your discrete card to a monitor. This option will set up your Nvidia card for EDID discovery and to turn on the monitor signal. Only nvidia driver is supported so far.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/video/bumblebee.nix>
hardware.bumblebee.driver

Set driver used by bumblebeed. Supported are nouveau and nvidia.

Type: one of "nvidia", "nouveau"

Default: "nvidia"

Declared by:

<nixpkgs/nixos/modules/hardware/video/bumblebee.nix>
hardware.bumblebee.enable

Enable the bumblebee daemon to manage Optimus hybrid video cards. This should power off secondary GPU until its use is requested by running an application with optirun. Only nvidia driver is supported so far.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/video/bumblebee.nix>
hardware.bumblebee.group

Group for bumblebee socket

Type: string

Default: "wheel"

Example: "video"

Declared by:

<nixpkgs/nixos/modules/hardware/video/bumblebee.nix>
hardware.cpu.amd.updateMicrocode

Update the CPU microcode for AMD processors.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/cpu/amd-microcode.nix>
hardware.cpu.intel.updateMicrocode

Update the CPU microcode for Intel processors.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/cpu/intel-microcode.nix>
hardware.enableAllFirmware

Turn on this option if you want to enable all the firmware shipped in linux-firmware.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/all-firmware.nix>
hardware.enableKSM

Whether to enable Kernel Same-Page Merging.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/ksm.nix>
hardware.facetimehd.enable

Whether to enable facetimehd kernel module.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/video/webcam/facetimehd.nix>
hardware.firmware

List of packages containing firmware files. Such files will be loaded automatically if the kernel asks for them (i.e., when it has detected specific hardware that requires firmware to function). If multiple packages contain firmware files with the same name, the first package in the list takes precedence. Note that you must rebuild your system if you add files to any of these directories.

Type: list of packages

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/hardware/udev.nix>
hardware.nvidiaOptimus.disable

Completely disable the NVIDIA graphics card and use the integrated graphics processor instead.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/hardware/nvidia-optimus.nix>
hardware.opengl.driSupport

Whether to enable accelerated OpenGL rendering through the Direct Rendering Interface (DRI).

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/hardware/opengl.nix>
hardware.opengl.driSupport32Bit

On 64-bit systems, whether to support Direct Rendering for 32-bit applications (such as Wine). This is currently only supported for the nvidia and ati_unfree drivers, as well as Mesa.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/opengl.nix>
hardware.opengl.extraPackages

Additional packages to add to OpenGL drivers. This can be used to add additional VA-API/VDPAU drivers.

Type: list of packages

Default: [ ]

Example:

with pkgs; [ vaapiIntel libvdpau-va-gl vaapiVdpau ]

Declared by:

<nixpkgs/nixos/modules/hardware/opengl.nix>
hardware.opengl.extraPackages32

Additional packages to add to 32-bit OpenGL drivers on 64-bit systems. Used when driSupport32Bit is set. This can be used to add additional VA-API/VDPAU drivers.

Type: list of packages

Default: [ ]

Example:

with pkgs.pkgsi686Linux; [ vaapiIntel libvdpau-va-gl vaapiVdpau ]

Declared by:

<nixpkgs/nixos/modules/hardware/opengl.nix>
hardware.opengl.s3tcSupport

Make S3TC(S3 Texture Compression) via libtxc_dxtn available to OpenGL drivers instead of the patent-free S2TC replacement. Using this library may require a patent license depending on your location.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/opengl.nix>
hardware.opengl.videoDrivers

Alias of services.xserver.videoDrivers.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/rename.nix>
hardware.parallels.enable

This enables Parallels Tools for Linux guests, along with provided video, mouse and other hardware drivers.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/virtualisation/parallels-guest.nix>
hardware.pcmcia.config

Path to the configuration file which maps the memory, IRQs and ports used by the PCMCIA hardware.

Type: unspecified

Default: null

Declared by:

<nixpkgs/nixos/modules/hardware/pcmcia.nix>
hardware.pcmcia.enable

Enable this option to support PCMCIA card.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/pcmcia.nix>
hardware.pcmcia.firmware

List of firmware used to handle specific PCMCIA card.

Type: list of paths

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/hardware/pcmcia.nix>
hardware.pulseaudio.configFile

The path to the default configuration options the PulseAudio server should use. By default, the "default.pa" configuration from the PulseAudio distribution is used.

Type: null or path

Declared by:

<nixpkgs/nixos/modules/config/pulseaudio.nix>
hardware.pulseaudio.daemon.logLevel

The log level that the system-wide pulseaudio daemon should use, if activated.

Type: string

Default: "notice"

Declared by:

<nixpkgs/nixos/modules/config/pulseaudio.nix>
hardware.pulseaudio.enable

Whether to enable the PulseAudio sound server.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/pulseaudio.nix>
hardware.pulseaudio.extraClientConf

Extra configuration appended to pulse/client.conf file.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/config/pulseaudio.nix>
hardware.pulseaudio.extraConfig

Literal string to append to configFile and the config file generated by the pulseaudio module.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/config/pulseaudio.nix>
hardware.pulseaudio.package

The PulseAudio derivation to use. This can be used to enable features (such as JACK support, Bluetooth) via the pulseaudioFull package.

Type: package

Default: "pkgs.pulseaudioLight"

Example:

pkgs.pulseaudioFull

Declared by:

<nixpkgs/nixos/modules/config/pulseaudio.nix>
hardware.pulseaudio.support32Bit

Whether to include the 32-bit pulseaudio libraries in the systemn or not. This is only useful on 64-bit systems and currently limited to x86_64-linux.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/pulseaudio.nix>
hardware.pulseaudio.systemWide

If false, a PulseAudio server is launched automatically for each user that tries to use the sound system. The server runs with user privileges. This is the recommended and most secure way to use PulseAudio. If true, one system-wide PulseAudio server is launched on boot, running as the user "pulse". Please read the PulseAudio documentation for more details.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/pulseaudio.nix>
hardware.pulseaudio.tcp.anonymousClients.allowAll

Whether to enable all anonymous clients to stream to the server.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/config/pulseaudio.nix>
hardware.pulseaudio.tcp.anonymousClients.allowedIpRanges

A list of IP subnets that are allowed to stream to the server.

Type: list of strings

Default: [ ]

Example:

[ "127.0.0.1" "192.168.1.0/24" ]

Declared by:

<nixpkgs/nixos/modules/config/pulseaudio.nix>
hardware.pulseaudio.tcp.enable

Whether to enable tcp streaming support.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/config/pulseaudio.nix>
hardware.pulseaudio.zeroconf.discovery.enable

Whether to enable discovery of pulseaudio sinks in the local network.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/config/pulseaudio.nix>
hardware.pulseaudio.zeroconf.publish.enable

Whether to enable publishing the pulseaudio sink in the local network.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/config/pulseaudio.nix>
hardware.sane.configDir

The value of SANE_CONFIG_DIR.

Type: string

Declared by:

<nixpkgs/nixos/modules/services/hardware/sane.nix>
hardware.sane.enable

Enable support for SANE scanners.

Note: Users in the "scanner" group will gain access to the scanner.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/hardware/sane.nix>
hardware.sane.extraBackends

Packages providing extra SANE backends to enable.

Note: The example contains the package for HP scanners.

Type: list of paths

Default: [ ]

Example:

[ pkgs.hplipWithPlugin ]

Declared by:

<nixpkgs/nixos/modules/services/hardware/sane.nix>
hardware.sane.snapshot

Use a development snapshot of SANE scanner drivers.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/hardware/sane.nix>
hardware.trackpoint.emulateWheel

Enable scrolling while holding the middle mouse button.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/tasks/trackpoint.nix>
hardware.trackpoint.enable

Enable sensitivity and speed configuration for trackpoints.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/tasks/trackpoint.nix>
hardware.trackpoint.fakeButtons

Switch to "bare" PS/2 mouse support in case Trackpoint buttons are not recognized properly. This can happen for example on models like the L430, T450, T450s, on which the Trackpoint buttons are actually a part of the Synaptics touchpad.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/tasks/trackpoint.nix>
hardware.trackpoint.sensitivity

Configure the trackpoint sensitivity. By default, the kernel configures 128.

Type: integer

Default: 128

Example: 255

Declared by:

<nixpkgs/nixos/modules/tasks/trackpoint.nix>
hardware.trackpoint.speed

Configure the trackpoint speed. By default, the kernel configures 97.

Type: integer

Default: 97

Example: 255

Declared by:

<nixpkgs/nixos/modules/tasks/trackpoint.nix>
i18n.consoleColors

The 16 colors palette used by the virtual consoles. Leave empty to use the default colors. Colors must be in hexadecimal format and listed in order from color 0 to color 15.

Type: list of strings

Default: [ ]

Example: [ "002b36" "dc322f" "859900" "b58900" "268bd2" "d33682" "2aa198" "eee8d5" "002b36" "cb4b16" "586e75" "657b83" "839496" "6c71c4" "93a1a1" "fdf6e3" ]

Declared by:

<nixpkgs/nixos/modules/config/i18n.nix>
i18n.consoleFont

The font used for the virtual consoles. Leave empty to use whatever the setfont program considers the default font.

Type: string

Default: "Lat2-Terminus16"

Example: "LatArCyrHeb-16"

Declared by:

<nixpkgs/nixos/modules/config/i18n.nix>
i18n.consoleKeyMap

The keyboard mapping table for the virtual consoles.

Type: string or path

Default: "us"

Example: "fr"

Declared by:

<nixpkgs/nixos/modules/config/i18n.nix>
i18n.consolePackages

List of additional packages that provide console fonts, keymaps and other resources.

Type: list of packages

Default: [ (build of dvp-1.2.1) (build of neo-2476) ]

Declared by:

<nixpkgs/nixos/modules/config/i18n.nix>
i18n.consoleUseXkbConfig

If set, configure the console keymap from the xserver keyboard settings.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/i18n.nix>
i18n.defaultLocale

The default locale. It determines the language for program messages, the format for dates and times, sort order, and so on. It also determines the character set, such as UTF-8.

Type: string

Default: "en_US.UTF-8"

Example: "nl_NL.UTF-8"

Declared by:

<nixpkgs/nixos/modules/config/i18n.nix>
i18n.inputMethod.enabled

Select the enabled input method. Input methods is a software to input symbols that are not available on standard input devices. Input methods are specially used to input Chinese, Japanese and Korean characters. Currently the following input methods are available in NixOS:

  • ibus: The intelligent input bus, extra input engines can be added using i18n.inputMethod.ibus.engines.

  • fcitx: A customizable lightweight input method, extra input engines can be added using i18n.inputMethod.fcitx.engines.

  • nabi: A Korean input method based on XIM. Nabi doesn't support Qt 5.

  • uim: The universal input method, is a library with a XIM bridge. uim mainly support Chinese, Japanese and Korean.

Type: null or one of "ibus", "fcitx", "nabi", "uim"

Default: null

Example: "fcitx"

Declared by:

<nixpkgs/nixos/modules/i18n/input-method/default.nix>
i18n.inputMethod.fcitx.engines

Enabled Fcitx engines. Available engines are: anthy, chewing, cloudpinyin, hangul, m17n, mozc, recurseForDerivations, table-other, unikey.

Type: list of fcitx-engines

Default: [ ]

Example:

with pkgs.fcitx-engines; [ mozc hangul ]

Declared by:

<nixpkgs/nixos/modules/i18n/input-method/fcitx.nix>
i18n.inputMethod.ibus.engines

Enabled IBus engines. Available engines are: anthy, hangul, libpinyin, m17n, mozc, recurseForDerivations, table, table-others.

Type: list of ibus-engines

Default: [ ]

Example:

with pkgs.ibus-engines; [ mozc hangul ]

Declared by:

<nixpkgs/nixos/modules/i18n/input-method/ibus.nix>
i18n.inputMethod.uim.toolbar

selected UIM toolbar.

Type: one of "gtk", "gtk3", "gtk-systray", "gtk3-systray", "qt4"

Default: "gtk"

Example: "gtk-systray"

Declared by:

<nixpkgs/nixos/modules/i18n/input-method/uim.nix>
i18n.supportedLocales

List of locales that the system should support. The value "all" means that all locales supported by Glibc will be installed. A full list of supported locales can be found at http://sourceware.org/cgi-bin/cvsweb.cgi/libc/localedata/SUPPORTED?cvsroot=glibc.

Type: list of strings

Default: [ "all" ]

Example: [ "en_US.UTF-8/UTF-8" "nl_NL.UTF-8/UTF-8" "nl_NL/ISO-8859-1" ]

Declared by:

<nixpkgs/nixos/modules/config/i18n.nix>
jobs

Alias of systemd.services.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/rename.nix>
kde.extraPackages

Alias of environment.systemPackages.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/rename.nix>
krb5.defaultRealm

Default realm.

Type: unspecified

Default: "ATENA.MIT.EDU"

Declared by:

<nixpkgs/nixos/modules/config/krb5.nix>
krb5.domainRealm

Default domain realm.

Type: unspecified

Default: "atena.mit.edu"

Declared by:

<nixpkgs/nixos/modules/config/krb5.nix>
krb5.enable

Whether to enable Kerberos V.

Type: unspecified

Default: false

Declared by:

<nixpkgs/nixos/modules/config/krb5.nix>
krb5.kdc

Key Distribution Center

Type: unspecified

Default: "kerberos.mit.edu"

Declared by:

<nixpkgs/nixos/modules/config/krb5.nix>
krb5.kerberosAdminServer

Kerberos Admin Server.

Type: unspecified

Default: "kerberos.mit.edu"

Declared by:

<nixpkgs/nixos/modules/config/krb5.nix>
lib

This option allows modules to define helper functions, constants, etc.

Type: attribute set of attribute sets

Default: { }

Declared by:

<nixpkgs/nixos/modules/misc/lib.nix>
nesting.children

Additional configurations to build.

Type: unspecified

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/activation/top-level.nix>
nesting.clone

Additional configurations to build based on the current configuration which then has a lower priority.

Type: unspecified

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/activation/top-level.nix>
networking.bonds

This option allows you to define bond devices that aggregate multiple, underlying networking interfaces together. The value of this option is an attribute set. Each attribute specifies a bond, with the attribute name specifying the name of the bond's network interface

Type: attribute set of submodules

Default: { }

Example:

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.bonds.<name>.interfaces

The interfaces to bond together

Type: list of strings

Example: [ "enp4s0f0" "enp4s0f1" "wlan0" ]

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.bonds.<name>.lacp_rate

Option specifying the rate in which we'll ask our link partner to transmit LACPDU packets in 802.3ad mode.

Type: null or string

Default: null

Example: "fast"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.bonds.<name>.miimon

Miimon is the number of millisecond in between each round of polling by the device driver for failed links. By default polling is not enabled and the driver is trusted to properly detect and handle failure scenarios.

Type: null or integer

Default: null

Example: 100

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.bonds.<name>.mode

The mode which the bond will be running. The default mode for the bonding driver is balance-rr, optimizing for throughput. More information about valid modes can be found at https://www.kernel.org/doc/Documentation/networking/bonding.txt

Type: null or string

Default: null

Example: "active-backup"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.bonds.<name>.xmit_hash_policy

Selects the transmit hash policy to use for slave selection in balance-xor, 802.3ad, and tlb modes.

Type: null or string

Default: null

Example: "layer2+3"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.bridges

This option allows you to define Ethernet bridge devices that connect physical networks together. The value of this option is an attribute set. Each attribute specifies a bridge, with the attribute name specifying the name of the bridge's network interface.

Type: attribute set of submodules

Default: { }

Example: { br0 = { interfaces = [ "eth0" "eth1" ] ; } ; br1 = { interfaces = [ "eth2" "wlan0" ] ; } ; }

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.bridges.<name>.interfaces

The physical network interfaces connected by the bridge.

Type: list of strings

Example: [ "eth0" "eth1" ]

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.bridges.<name>.rstp

Whether the bridge interface should enable rstp.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.connman.enable

Whether to use ConnMan for managing your network connections.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/connman.nix>
networking.connman.extraConfig

Configuration lines appended to the generated connman configuration file.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/connman.nix>
networking.connman.networkInterfaceBlacklist

Default blacklisted interfaces, this includes NixOS containers interfaces (ve).

Type: list of strings

Default: [ "vmnet" "vboxnet" "virbr" "ifb" "ve" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/connman.nix>
networking.defaultGateway

The default gateway. It can be left empty if it is auto-detected through DHCP.

Type: null or string

Default: null

Example: "131.211.84.1"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.defaultGateway6

The default ipv6 gateway. It can be left empty if it is auto-detected through DHCP.

Type: null or string

Default: null

Example: "2001:4d0:1e04:895::1"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.defaultGatewayWindowSize

The window size of the default gateway. It limits maximal data bursts that TCP peers are allowed to send to us.

Type: null or integer

Default: null

Example: 524288

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.defaultMailServer.authPass

Password used for SMTP auth. (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)

Type: string

Default: ""

Example: "correctHorseBatteryStaple"

Declared by:

<nixpkgs/nixos/modules/programs/ssmtp.nix>
networking.defaultMailServer.authUser

Username used for SMTP auth. Leave blank to disable.

Type: string

Default: ""

Example: "foo@example.org"

Declared by:

<nixpkgs/nixos/modules/programs/ssmtp.nix>
networking.defaultMailServer.directDelivery

Use the trivial Mail Transfer Agent (MTA) ssmtp package to allow programs to send e-mail. If you don't want to run a “real” MTA like sendmail or postfix on your machine, set this option to true, and set the option networking.defaultMailServer.hostName to the host name of your preferred mail server.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/programs/ssmtp.nix>
networking.defaultMailServer.domain

The domain from which mail will appear to be sent.

Type: string

Default: ""

Example: "example.org"

Declared by:

<nixpkgs/nixos/modules/programs/ssmtp.nix>
networking.defaultMailServer.hostName

The host name of the default mail server to use to deliver e-mail.

Type: string

Example: "mail.example.org"

Declared by:

<nixpkgs/nixos/modules/programs/ssmtp.nix>
networking.defaultMailServer.root

The e-mail to which mail for users with UID < 1000 is forwarded.

Type: string

Default: ""

Example: "root@example.org"

Declared by:

<nixpkgs/nixos/modules/programs/ssmtp.nix>
networking.defaultMailServer.setSendmail

Whether to set the system sendmail to ssmtp's.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/programs/ssmtp.nix>
networking.defaultMailServer.useSTARTTLS

Whether the STARTTLS should be used to connect to the default mail server. (This is needed for TLS-capable mail servers running on the default SMTP port 25.)

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/programs/ssmtp.nix>
networking.defaultMailServer.useTLS

Whether TLS should be used to connect to the default mail server.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/programs/ssmtp.nix>
networking.dhcpcd.allowInterfaces

Enable the DHCP client for any interface whose name matches any of the shell glob patterns in this list. Any interface not explicitly matched by this pattern will be denied. This pattern only applies when non-null.

Type: null or list of strings

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
networking.dhcpcd.denyInterfaces

Disable the DHCP client for any interface whose name matches any of the shell glob patterns in this list. The purpose of this option is to blacklist virtual interfaces such as those created by Xen, libvirt, LXC, etc.

Type: list of strings

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
networking.dhcpcd.extraConfig

Literal string to append to the config file generated for dhcpcd.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
networking.dhcpcd.persistent

Whenever to leave interfaces configured on dhcpcd daemon shutdown. Set to true if you have your root or store mounted over the network or this machine accepts SSH connections through DHCP interfaces and clients should be notified when it shuts down.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
networking.dhcpcd.runHook

Shell code that will be run after all other hooks. See `man dhcpcd-run-hooks` for details on what is possible.

Type: string

Default: ""

Example: "if [[ \$reason =~ BOUND ]]; then echo \$interface: Routers are \$new_routers - were \$old_routers; fi"

Declared by:

<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
networking.dnsExtensionMechanism

Enable the edns0 option in resolv.conf. With that option set, glibc supports use of the extension mechanisms for DNS (EDNS) specified in RFC 2671. The most popular user of that feature is DNSSEC, which does not work without it.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/networking.nix>
networking.dnsSingleRequest

Recent versions of glibc will issue both ipv4 (A) and ipv6 (AAAA) address queries at the same time, from the same port. Sometimes upstream routers will systemically drop the ipv4 queries. The symptom of this problem is that 'getent hosts example.com' only returns ipv6 (or perhaps only ipv4) addresses. The workaround for this is to specify the option 'single-request' in /etc/resolv.conf. This option enables that.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/networking.nix>
networking.domain

The domain. It can be left empty if it is auto-detected through DHCP.

Type: null or string

Default: null

Example: "home"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.enableB43Firmware

Turn on this option if you want firmware for the NICs supported by the b43 module.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/network/b43.nix>
networking.enableIPv6

Whether to enable support for IPv6.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.enableIntel2100BGFirmware

Turn on this option if you want firmware for the Intel PRO/Wireless 2100BG to be loaded automatically. This is required if you want to use this device.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/network/intel-2100bg.nix>
networking.enableIntel2200BGFirmware

Turn on this option if you want firmware for the Intel PRO/Wireless 2200BG to be loaded automatically. This is required if you want to use this device.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/network/intel-2200bg.nix>
networking.enableIntel3945ABGFirmware

This option enables automatic loading of the firmware for the Intel PRO/Wireless 3945ABG.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/network/intel-3945abg.nix>
networking.enableRT73Firmware

Alias of networking.enableRalinkFirmware.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/rename.nix>
networking.enableRTL8192cFirmware

Turn on this option if you want firmware for the RTL8192c (and related) NICs.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/network/rtl8192c.nix>
networking.enableRalinkFirmware

Turn on this option if you want firmware for the RT73 NIC.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/network/ralink.nix>
networking.enableWLAN

Alias of networking.wireless.enable.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/rename.nix>
networking.extraHosts

Additional entries to be appended to /etc/hosts.

Type: string

Default: ""

Example: "192.168.0.1 lanlocalhost"

Declared by:

<nixpkgs/nixos/modules/config/networking.nix>
networking.extraResolvconfConf

Extra configuration to append to resolvconf.conf.

Type: string

Default: ""

Example: "libc=NO"

Declared by:

<nixpkgs/nixos/modules/config/networking.nix>
networking.fan.enable

Whether to enable FAN Networking.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/networking/fan.nix>
networking.firewall.allowPing

Whether to respond to incoming ICMPv4 echo requests ("pings"). ICMPv6 pings are always allowed because the larger address space of IPv6 makes network scanning much less effective.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.allowedTCPPortRanges

A range of TCP ports on which incoming connections are accepted.

Type: list of attribute set of integerss

Default: [ ]

Example: [ { from = 8999; to = 9003; } ]

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.allowedTCPPorts

List of TCP ports on which incoming connections are accepted.

Type: list of integers

Default: [ ]

Example: [ 22 80 ]

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.allowedUDPPortRanges

Range of open UDP ports.

Type: list of attribute set of integerss

Default: [ ]

Example: [ { from = 60000; to = 61000; } ]

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.allowedUDPPorts

List of open UDP ports.

Type: list of integers

Default: [ ]

Example: [ 53 ]

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.autoLoadConntrackHelpers

Whether to auto-load connection-tracking helpers. See the description at networking.firewall.connectionTrackingModules (needs kernel 3.5+)

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.checkReversePath

Performs a reverse path filter test on a packet. If a reply to the packet would not be sent via the same interface that the packet arrived on, it is refused. If using asymmetric routing or other complicated routing, disable this setting and setup your own counter-measures. (needs kernel 3.3+)

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.connectionTrackingModules

List of connection-tracking helpers that are auto-loaded. The complete list of possible values is given in the example. As helpers can pose as a security risk, it is advised to set this to an empty list and disable the setting networking.firewall.autoLoadConntrackHelpers Loading of helpers is recommended to be done through the new CT target. More info: https://home.regit.org/netfilter-en/secure-use-of-helpers/

Type: list of strings

Default: [ "ftp" ]

Example: [ "ftp" "irc" "sane" "sip" "tftp" "amanda" "h323" "netbios_sn" "pptp" "snmp" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.enable

Whether to enable the firewall. This is a simple stateful firewall that blocks connection attempts to unauthorised TCP or UDP ports on this machine. It does not affect packet forwarding.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.extraCommands

Additional shell commands executed as part of the firewall initialisation script. These are executed just before the final "reject" firewall rule is added, so they can be used to allow packets that would otherwise be refused.

Type: string

Default: ""

Example: "iptables -A INPUT -p icmp -j ACCEPT"

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.extraPackages

Additional packages to be included in the environment of the system as well as the path of networking.firewall.extraCommands.

Type: list of packages

Default: [ ]

Example:

[ pkgs.ipset ]

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.extraStopCommands

Additional shell commands executed as part of the firewall shutdown script. These are executed just after the removal of the nixos input rule, or if the service enters a failed state.

Type: string

Default: ""

Example: "iptables -P INPUT ACCEPT"

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.logRefusedConnections

Whether to log rejected or dropped incoming connections.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.logRefusedPackets

Whether to log all rejected or dropped incoming packets. This tends to give a lot of log messages, so it's mostly useful for debugging.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.logRefusedUnicastsOnly

If networking.firewall.logRefusedPackets and this option are enabled, then only log packets specifically directed at this machine, i.e., not broadcasts or multicasts.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.logReversePathDrops

Logs dropped packets failing the reverse path filter test if the option networking.firewall.checkReversePath is enabled.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.pingLimit

If pings are allowed, this allows setting rate limits on them. If non-null, this option should be in the form of flags like "--limit 1/minute --limit-burst 5"

Type: null or string

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.rejectPackets

If set, forbidden packets are rejected rather than dropped (ignored). This means that an ICMP "port unreachable" error message is sent back to the client. Rejecting packets makes port scanning somewhat easier.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.trustedInterfaces

Traffic coming in from these interfaces will be accepted unconditionally.

Type: list of strings

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.hostId

The 32-bit host ID of the machine, formatted as 8 hexadecimal characters. You should try to make this ID unique among your machines. You can generate a random 32-bit ID using the following commands: cksum /etc/machine-id | while read c rest; do printf "%x" $c; done (this derives it from the machine-id that systemd generates) or head -c4 /dev/urandom | od -A none -t x4

Type: null or string

Default: null

Example: "4e98920d"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.hostName

The name of the machine. Leave it empty if you want to obtain it from a DHCP server (if using DHCP).

Type: string

Default: "nixos"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces

The configuration for each network interface. If networking.useDHCP is true, then every interface not listed here will be configured using DHCP.

Type: list or attribute set of submodules

Default: { }

Example: { eth0 = { ip4 = [ { address = "131.211.84.78"; prefixLength = 25; } ] ; } ; }

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name?>.ip4

List of IPv4 addresses that will be statically assigned to the interface.

Type: list of submodules

Default: [ ]

Example: [ { address = "10.0.0.1"; prefixLength = 16; } { address = "192.168.1.1"; prefixLength = 24; } ]

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name?>.ip4.*.address

IPv4 address of the interface. Leave empty to configure the interface using DHCP.

Type: string

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name?>.ip4.*.prefixLength

Subnet mask of the interface, specified as the number of bits in the prefix (24).

Type: integer

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name?>.ip6

List of IPv6 addresses that will be statically assigned to the interface.

Type: list of submodules

Default: [ ]

Example: [ { address = "fdfd:b3f0:482::1"; prefixLength = 48; } { address = "2001:1470:fffd:2098::e006"; prefixLength = 64; } ]

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name?>.ip6.*.address

IPv6 address of the interface. Leave empty to configure the interface using DHCP.

Type: string

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name?>.ip6.*.prefixLength

Subnet mask of the interface, specified as the number of bits in the prefix (64).

Type: integer

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name?>.ipAddress

IP address of the interface. Leave empty to configure the interface using DHCP.

Type: null or string

Default: null

Example: "10.0.0.1"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name?>.ipv6Address

IPv6 address of the interface. Leave empty to configure the interface using NDP.

Type: null or string

Default: null

Example: "2001:1470:fffd:2098::e006"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name?>.ipv6PrefixLength

Subnet mask of the interface, specified as the number of bits in the prefix (64).

Type: integer

Default: 64

Example: 64

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name?>.macAddress

MAC address of the interface. Leave empty to use the default.

Type: null or string

Default: null

Example: "00:11:22:33:44:55"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name?>.mtu

MTU size for packets leaving the interface. Leave empty to use the default.

Type: null or integer

Default: null

Example: 9000

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name?>.name

Name of the interface.

Type: string

Example: "eth0"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name?>.prefixLength

Subnet mask of the interface, specified as the number of bits in the prefix (24).

Type: null or integer

Default: null

Example: 24

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name?>.proxyARP

Turn on proxy_arp for this device (and proxy_ndp for ipv6). This is mainly useful for creating pseudo-bridges between a real interface and a virtual network such as VPN or a virtual machine for interfaces that don't support real bridging (most wlan interfaces). As ARP proxying acts slightly above the link-layer, below-ip traffic isn't bridged, so things like DHCP won't work. The advantage above using NAT lies in the fact that no IP addresses are shared, so all hosts are reachable/routeable. WARNING: turns on ip-routing, so if you have multiple interfaces, you should think of the consequence and setup firewall rules to limit this.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name?>.subnetMask

Defunct, supply the prefix length instead.

Type: unspecified

Default: null

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name?>.useDHCP

Whether this interface should be configured with dhcp. Null implies the old behavior which depends on whether ip addresses are specified or not.

Type: null or boolean

Default: null

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name?>.virtual

Whether this interface is virtual and should be created by tunctl. This is mainly useful for creating bridges between a host a virtual network such as VPN or a virtual machine.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name?>.virtualOwner

In case of a virtual device, the user who owns it.

Type: string

Default: "root"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name?>.virtualType

The explicit type of interface to create. Accepts tun or tap strings. Also accepts null to implicitly detect the type of device.

Type: null or string

Default: null

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.localCommands

Shell commands to be executed at the end of the network-setup systemd service. Note that if you are using DHCP to obtain the network configuration, interfaces may not be fully configured yet.

Type: string

Default: ""

Example: "text=anything; echo You can put \$text here."

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.macvlans

This option allows you to define macvlan interfaces which should be automatically created.

Type: attribute set of submodules

Default: { }

Example:

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.macvlans.<name>.interface

The interface the macvlan will transmit packets through.

Type: string

Example: "enp4s0"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.macvlans.<name>.mode

The mode of the macvlan device.

Type: null or string

Default: null

Example: "vepa"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.nameservers

The list of nameservers. It can be left empty if it is auto-detected through DHCP.

Type: list of strings

Default: [ ]

Example: [ "130.161.158.4" "130.161.33.17" ]

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.nat.enable

Whether to enable Network Address Translation (NAT).

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/nat.nix>
networking.nat.externalIP

The public IP address to which packets from the local network are to be rewritten. If this is left empty, the IP address associated with the external interface will be used.

Type: null or string

Default: null

Example: "203.0.113.123"

Declared by:

<nixpkgs/nixos/modules/services/networking/nat.nix>
networking.nat.externalInterface

The name of the external network interface.

Type: string

Example: "eth1"

Declared by:

<nixpkgs/nixos/modules/services/networking/nat.nix>
networking.nat.forwardPorts

List of forwarded ports from the external interface to internal destinations by using DNAT.

Type: list of submodules

Default: [ ]

Example: [ { destination = "10.0.0.1:80"; sourcePort = 8080; } ]

Declared by:

<nixpkgs/nixos/modules/services/networking/nat.nix>
networking.nat.forwardPorts.*.destination

Forward tcp connection to destination ip:port

Type: string

Example: "10.0.0.1:80"

Declared by:

<nixpkgs/nixos/modules/services/networking/nat.nix>
networking.nat.forwardPorts.*.sourcePort

Source port of the external interface

Type: integer

Example: 8080

Declared by:

<nixpkgs/nixos/modules/services/networking/nat.nix>
networking.nat.internalIPs

The IP address ranges for which to perform NAT. Packets coming from these addresses (on any interface) and destined for the external interface will be rewritten.

Type: list of strings

Default: [ ]

Example: [ "192.168.1.0/24" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/nat.nix>
networking.nat.internalInterfaces

The interfaces for which to perform NAT. Packets coming from these interface and destined for the external interface will be rewritten.

Type: list of strings

Default: [ ]

Example: [ "eth0" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/nat.nix>
networking.networkmanager.appendNameservers

A list of name servers that should be appended to the ones configured in NetworkManager or received by DHCP.

Type: list of strings

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
networking.networkmanager.dispatcherScripts

A list of scripts which will be executed in response to network events.

Type: list of submodules

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
networking.networkmanager.dispatcherScripts.*.source

A script source.

Type: string

Declared by:

<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
networking.networkmanager.dispatcherScripts.*.type

Dispatcher hook type. Only basic hooks are currently available.

Type: one of "basic", "pre-down", "pre-up"

Default: "basic"

Declared by:

<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
networking.networkmanager.enable

Whether to use NetworkManager to obtain an IP address and other configuration for all network interfaces that are not manually configured. If enabled, a group networkmanager will be created. Add all users that should have permission to change network settings to this group.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
networking.networkmanager.insertNameservers

A list of name servers that should be inserted before the ones configured in NetworkManager or received by DHCP.

Type: list of strings

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
networking.networkmanager.packages

Extra packages that provide NetworkManager plugins.

Type: list of paths

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
networking.networkmanager.unmanaged

List of interfaces that will not be managed by NetworkManager. Interface name can be specified here, but if you need more fidelity see "Device List Format" in NetworkManager.conf man page.

Type: list of strings

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
networking.proxy.allProxy

This option specifies the all_proxy environment variable.

Type: null or string

Default: null

Example: "http://127.0.0.1:3128"

Declared by:

<nixpkgs/nixos/modules/config/networking.nix>
networking.proxy.default

This option specifies the default value for httpProxy, httpsProxy, ftpProxy and rsyncProxy.

Type: null or string

Default: null

Example: "http://127.0.0.1:3128"

Declared by:

<nixpkgs/nixos/modules/config/networking.nix>
networking.proxy.ftpProxy

This option specifies the ftp_proxy environment variable.

Type: null or string

Default: null

Example: "http://127.0.0.1:3128"

Declared by:

<nixpkgs/nixos/modules/config/networking.nix>
networking.proxy.httpProxy

This option specifies the http_proxy environment variable.

Type: null or string

Default: null

Example: "http://127.0.0.1:3128"

Declared by:

<nixpkgs/nixos/modules/config/networking.nix>
networking.proxy.httpsProxy

This option specifies the https_proxy environment variable.

Type: null or string

Default: null

Example: "http://127.0.0.1:3128"

Declared by:

<nixpkgs/nixos/modules/config/networking.nix>
networking.proxy.noProxy

This option specifies the no_proxy environment variable. If a default proxy is used and noProxy is null, then noProxy will be set to 127.0.0.1,localhost.

Type: null or string

Default: null

Example: "127.0.0.1,localhost,.localdomain"

Declared by:

<nixpkgs/nixos/modules/config/networking.nix>
networking.proxy.rsyncProxy

This option specifies the rsync_proxy environment variable.

Type: null or string

Default: null

Example: "http://127.0.0.1:3128"

Declared by:

<nixpkgs/nixos/modules/config/networking.nix>
networking.resolvconfOptions

Set the options in /etc/resolv.conf.

Type: list of strings

Default: [ ]

Example: [ "ndots:1" "rotate" ]

Declared by:

<nixpkgs/nixos/modules/config/networking.nix>
networking.search

The list of search paths used when resolving domain names.

Type: list of strings

Default: [ ]

Example: [ "example.com" "local.domain" ]

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.sits

This option allows you to define 6-to-4 interfaces which should be automatically created.

Type: attribute set of submodules

Default: { }

Example:

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.sits.<name>.dev

The underlying network device on which the tunnel resides.

Type: null or string

Default: null

Example: "enp4s0f0"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.sits.<name>.local

The address of the local endpoint which the remote side should send packets to.

Type: null or string

Default: null

Example: "10.0.0.22"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.sits.<name>.remote

The address of the remote endpoint to forward traffic over.

Type: null or string

Default: null

Example: "10.0.0.1"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.sits.<name>.ttl

The time-to-live of the connection to the remote tunnel endpoint.

Type: null or integer

Default: null

Example: 255

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.supplicant

Interfaces for which to start wpa_supplicant. The supplicant is used to scan for and associate with wireless networks, or to authenticate with 802.1x capable network switches. The value of this option is an attribute set. Each attribute configures a wpa_supplicant service, where the attribute name specifies the name of the interface that wpa_supplicant operates on. The attribute name can be a space separated list of interfaces. The attribute names WLAN, LAN and DBUS have a special meaning. WLAN and LAN are configurations for universal wpa_supplicant service that is started for each WLAN interface or for each LAN interface, respectively. DBUS defines a device-unrelated wpa_supplicant service that can be accessed through D-Bus.

Type: attribute set of submodules

Default: { }

Example: { wlan0 wlan1 = { bridge = "br0"; configFile = "/etc/wpa_supplicant"; extraCmdArgs = "-u -W"; extraConf = "ap_scan=1\np2p_disabled=1\n"; userControlled = { group = "network"; } ; } ; }

Declared by:

<nixpkgs/nixos/modules/services/networking/supplicant.nix>
networking.supplicant.<name>.bridge

Name of the bridge interface that wpa_supplicant should listen at.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/supplicant.nix>
networking.supplicant.<name>.configFile.path

External wpa_supplicant.conf configuration file. The configuration options defined declaratively within networking.supplicant have precedence over options defined in configFile.

Type: path

Example:

/etc/wpa_supplicant.conf

Declared by:

<nixpkgs/nixos/modules/services/networking/supplicant.nix>
networking.supplicant.<name>.configFile.writable

Whether the configuration file at configFile.path should be written to by wpa_supplicant.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/supplicant.nix>
networking.supplicant.<name>.driver

Force a specific wpa_supplicant driver.

Type: null or string

Default: "nl80211,wext"

Declared by:

<nixpkgs/nixos/modules/services/networking/supplicant.nix>
networking.supplicant.<name>.extraCmdArgs

Command line arguments to add when executing wpa_supplicant.

Type: string

Default: ""

Example: "-e/var/run/wpa_supplicant/entropy.bin"

Declared by:

<nixpkgs/nixos/modules/services/networking/supplicant.nix>
networking.supplicant.<name>.extraConf

Configuration options for wpa_supplicant.conf. Options defined here have precedence over options in configFile. NOTE: Do not write sensitive data into extraConf as it will be world-readable in the nix-store. For sensitive information use the configFile instead.

Type: string

Default: ""

Example:

''
ap_scan=1
device_name=My-NixOS-Device
device_type=1-0050F204-1
driver_param=use_p2p_group_interface=1
disable_scan_offload=1
p2p_listen_reg_class=81
p2p_listen_channel=1
p2p_oper_reg_class=81
p2p_oper_channel=1
manufacturer=NixOS
model_name=NixOS_Unstable
model_number=2015
''

Declared by:

<nixpkgs/nixos/modules/services/networking/supplicant.nix>
networking.supplicant.<name>.userControlled.enable

Allow normal users to control wpa_supplicant through wpa_gui or wpa_cli. This is useful for laptop users that switch networks a lot and don't want to depend on a large package such as NetworkManager just to pick nearby access points.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/supplicant.nix>
networking.supplicant.<name>.userControlled.group

Members of this group can control wpa_supplicant.

Type: string

Default: "wheel"

Example: "network"

Declared by:

<nixpkgs/nixos/modules/services/networking/supplicant.nix>
networking.supplicant.<name>.userControlled.socketDir

Directory of sockets for controlling wpa_supplicant.

Type: string

Default: "/var/run/wpa_supplicant"

Declared by:

<nixpkgs/nixos/modules/services/networking/supplicant.nix>
networking.tcpcrypt.enable

Whether to enable opportunistic TCP encryption. If the other end speaks Tcpcrypt, then your traffic will be encrypted; otherwise it will be sent in clear text. Thus, Tcpcrypt alone provides no guarantees -- it is best effort. If, however, a Tcpcrypt connection is successful and any attackers that exist are passive, then Tcpcrypt guarantees privacy.

Type: unspecified

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/tcpcrypt.nix>
networking.useDHCP

Whether to use DHCP to obtain an IP address and other configuration for all network interfaces that are not manually configured.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.useHostResolvConf

In containers, whether to use the resolv.conf supplied by the host.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.useNetworkd

Whether we should use networkd as the network configuration backend or the legacy script based system. Note that this option is experimental, enable at your own risk.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.usePredictableInterfaceNames

Whether to assign predictable names to network interfaces. If enabled, interfaces are assigned names that contain topology information (e.g. wlp3s0) and thus should be stable across reboots. If disabled, names depend on the order in which interfaces are discovered by the kernel, which may change randomly across reboots; for instance, you may find eth0 and eth1 flipping unpredictably.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/hardware/udev.nix>
networking.vlans

This option allows you to define vlan devices that tag packets on top of a physical interface. The value of this option is an attribute set. Each attribute specifies a vlan, with the name specifying the name of the vlan interface.

Type: attribute set of submodules

Default: { }

Example:

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.vlans.<name>.id

The vlan identifier

Type: integer

Example: 1

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.vlans.<name>.interface

The interface the vlan will transmit packets through.

Type: string

Example: "enp4s0"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.vpnc.services

The names of cisco VPNs and their associated definitions

Type: attribute set of strings

Default: { }

Example:

{ test = ''
    IPSec gateway 192.168.1.1
    IPSec ID someID
    IPSec secret secretKey
    Xauth username name
    Xauth password pass
  '';
}

Declared by:

<nixpkgs/nixos/modules/config/vpnc.nix>
networking.vswitches

This option allows you to define Open vSwitches that connect physical networks together. The value of this option is an attribute set. Each attribute specifies a vswitch, with the attribute name specifying the name of the vswitch's network interface.

Type: attribute set of submodules

Default: { }

Example: { vs0 = { interfaces = [ "eth0" "eth1" ] ; } ; vs1 = { interfaces = [ "eth2" "wlan0" ] ; } ; }

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.vswitches.<name>.controllers

Specify the controller targets. For the allowed options see man 8 ovs-vsctl.

Type: list of strings

Default: [ ]

Example: [ "ptcp:6653:[::1]" ]

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.vswitches.<name>.extraOvsctlCmds

Commands to manipulate the Open vSwitch database. Every line executed with ovs-vsctl. All commands are bundled together with the operations for adding the interfaces into one atomic operation.

Type: string

Default: ""

Example:

''
set-fail-mode <switch_name> secure
set Bridge <switch_name> stp_enable=true
''

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.vswitches.<name>.interfaces

The physical network interfaces connected by the vSwitch.

Type: list of strings

Example: [ "eth0" "eth1" ]

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.vswitches.<name>.openFlowRules

OpenFlow rules to insert into the Open vSwitch. All openFlowRules are loaded with ovs-ofctl within one atomic operation.

Type: string

Default: ""

Example:

''
actions=normal
''

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.wicd.enable

Whether to start wicd. Wired and wireless network configurations can then be managed by wicd-client.

Type: unspecified

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/wicd.nix>
networking.wireless.driver

Force a specific wpa_supplicant driver.

Type: string

Default: "nl80211,wext"

Declared by:

<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
networking.wireless.enable

Whether to enable wpa_supplicant.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
networking.wireless.interfaces

The interfaces wpa_supplicant will use. If empty, it will automatically use all wireless interfaces.

Type: list of strings

Default: [ ]

Example: [ "wlan0" "wlan1" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
networking.wireless.networks

The network definitions to automatically connect to when wpa_supplicant is running. If this parameter is left empty wpa_supplicant will use /etc/wpa_supplicant.conf as the configuration file.

Type: attribute set of submodules

Default: { }

Example:

{ echelon = {
    psk = "abcdefgh";
  };
  "free.wifi" = {};
}

Declared by:

<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
networking.wireless.networks.<name>.psk

The network's pre-shared key in plaintext defaulting to being a network without any authentication. Be aware that these will be written to the nix store in plaintext! Mutually exclusive with pskRaw.

Type: null or string

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
networking.wireless.networks.<name>.pskRaw

The network's pre-shared key in hex defaulting to being a network without any authentication. Mutually exclusive with psk.

Type: null or string

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
networking.wireless.userControlled.enable

Allow normal users to control wpa_supplicant through wpa_gui or wpa_cli. This is useful for laptop users that switch networks a lot and don't want to depend on a large package such as NetworkManager just to pick nearby access points. When using a declarative network specification you cannot persist any settings via wpa_gui or wpa_cli.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
networking.wireless.userControlled.group

Members of this group can control wpa_supplicant.

Type: string

Default: "wheel"

Example: "network"

Declared by:

<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
networking.wlanInterfaces

Creating multiple WLAN interfaces on top of one physical WLAN device (NIC). The name of the WLAN interface corresponds to the name of the attribute. A NIC is referenced by the persistent device name of the WLAN interface that udev assigns to a NIC by default. If a NIC supports multiple WLAN interfaces, then the one NIC can be used as device for multiple WLAN interfaces. If a NIC is used for creating WLAN interfaces, then the default WLAN interface with a persistent device name form udev is not created. A WLAN interface with the persistent name assigned from udev would have to be created explicitly.

Type: attribute set of submodules

Default: { }

Example:

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.wlanInterfaces.<name>.device

The name of the underlying hardware WLAN device as assigned by udev.

Type: string

Example: "wlp6s0"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.wlanInterfaces.<name>.flags

Flags for interface of type monitor. The valid flags are: none: no special flags fcsfail: show frames with FCS errors control: show control frames otherbss: show frames from other BSSes cook: use cooked mode active: use active mode (ACK incoming unicast packets)

Type: null or string

Default: null

Example: "control"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.wlanInterfaces.<name>.fourAddr

Whether to enable 4-address mode with type managed.

Type: null or boolean

Default: null

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.wlanInterfaces.<name>.mac

MAC address to use for the device. If null, then the MAC of the underlying hardware WLAN device is used. INFO: Locally administered MAC addresses are of the form:

  • x2:xx:xx:xx:xx:xx

  • x6:xx:xx:xx:xx:xx

  • xA:xx:xx:xx:xx:xx

  • xE:xx:xx:xx:xx:xx

Type: null or string

Default: null

Example: "02:00:00:00:00:01"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.wlanInterfaces.<name>.meshID

MeshID of interface with type mesh.

Type: null or string

Default: null

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.wlanInterfaces.<name>.type

The type of the WLAN interface. The type has to be either managed, ibss, monitor, mesh or wds. Also, the type has to be supported by the underlying hardware of the device.

Type: string

Default: "managed"

Example: "ibss"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
nix.allowedUsers

A list of names of users (separated by whitespace) that are allowed to connect to the Nix daemon. As with nix.trustedUsers, you can specify groups by prefixing them with @. Also, you can allow all users by specifying *. The default is *. Note that trusted users are always allowed to connect.

Type: list of strings

Default: [ "*" ]

Example: [ "@wheel" "@builders" "alice" "bob" ]

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.binaryCachePublicKeys

List of public keys used to sign binary caches. If nix.requireSignedBinaryCaches is enabled, then Nix will use a binary from a binary cache if and only if it is signed by any of the keys listed here. By default, only the key for cache.nixos.org is included.

Type: list of strings

Example: [ "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" ]

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.binaryCaches

List of binary cache URLs used to obtain pre-built binaries of Nix packages.

Type: list of strings

Default: [ "https://cache.nixos.org/" ]

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.buildCores

This option defines the maximum number of concurrent tasks during one build. It affects, e.g., -j option for make. The default is 1. The special value 0 means that the builder should use all available CPU cores in the system. Some builds may become non-deterministic with this option; use with care! Packages will only be affected if enableParallelBuilding is set for them.

Type: integer

Default: 1

Example: 64

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.buildMachines

This option lists the machines to be used if distributed builds are enabled (see nix.distributedBuilds). Nix will perform derivations on those machines via SSH by copying the inputs to the Nix store on the remote machine, starting the build, then copying the output back to the local Nix store. Each element of the list should be an attribute set containing the machine's host name (hostname), the user name to be used for the SSH connection (sshUser), the Nix system type (system, e.g., "i686-linux"), the maximum number of jobs to be run in parallel on that machine (maxJobs), the path to the SSH private key to be used to connect (sshKey), a list of supported features of the machine (supportedFeatures) and a list of mandatory features of the machine (mandatoryFeatures). The SSH private key should not have a passphrase, and the corresponding public key should be added to ~sshUser/authorized_keys on the remote machine.

Type: list of attribute sets

Default: [ ]

Example: [ { hostName = "voila.labs.cs.uu.nl"; maxJobs = 1; sshKey = "/root/.ssh/id_buildfarm"; sshUser = "nix"; system = "powerpc-darwin"; } { hostName = "linux64.example.org"; mandatoryFeatures = "perf"; maxJobs = 2; sshKey = "/root/.ssh/id_buildfarm"; sshUser = "buildfarm"; supportedFeatures = "kvm"; system = "x86_64-linux"; } ]

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.chrootDirs

Alias of nix.sandboxPaths.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/rename.nix>
nix.daemonIONiceLevel

Nix daemon process I/O priority. This priority propagates to build processes. 0 is the default Unix process I/O priority, 7 is the lowest.

Type: integer

Default: 0

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.daemonNiceLevel

Nix daemon process priority. This priority propagates to build processes. 0 is the default Unix process priority, 19 is the lowest.

Type: integer

Default: 0

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.distributedBuilds

Whether to distribute builds to the machines listed in nix.buildMachines.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.extraOptions

Additional text appended to nix.conf.

Type: string

Default: ""

Example:

''
gc-keep-outputs = true
gc-keep-derivations = true
''

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.gc.automatic

Automatically run the garbage collector at a specific time.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-gc.nix>
nix.gc.dates

Specification (in the format described by systemd.time(5)) of the time at which the garbage collector will run.

Type: string

Default: "03:15"

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-gc.nix>
nix.gc.options

Options given to nix-collect-garbage when the garbage collector is run automatically.

Type: string

Default: ""

Example: "--max-freed \$((64 * 1024**3))"

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-gc.nix>
nix.maxJobs

This option defines the maximum number of jobs that Nix will try to build in parallel. The default is 1. You should generally set it to the total number of logical cores in your system (e.g., 16 for two CPUs with 4 cores each and hyper-threading).

Type: integer

Default: 1

Example: 64

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.nixPath

The default Nix expression search path, used by the Nix evaluator to look up paths enclosed in angle brackets (e.g. <nixpkgs>).

Type: list of strings

Default: [ "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs" "nixos-config=/etc/nixos/configuration.nix" "/nix/var/nix/profiles/per-user/root/channels" ]

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.nrBuildUsers

Number of nixbld user accounts created to perform secure concurrent builds. If you receive an error message saying that “all build users are currently in use”, you should increase this value.

Type: integer

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.package

This option specifies the Nix package instance to use throughout the system.

Type: package

Default: "pkgs.nix"

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.proxy

Alias of networking.proxy.default.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/rename.nix>
nix.readOnlyStore

If set, NixOS will enforce the immutability of the Nix store by making /nix/store a read-only bind mount. Nix will automatically make the store writable when needed.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.requireSignedBinaryCaches

If enabled (the default), Nix will only download binaries from binary caches if they are cryptographically signed with any of the keys listed in nix.binaryCachePublicKeys. If disabled, signatures are neither required nor checked, so it's strongly recommended that you use only trustworthy caches and https to prevent man-in-the-middle attacks.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.sandboxPaths

Directories from the host filesystem to be included in the sandbox.

Type: list of strings

Default: [ ]

Example: [ "/dev" "/proc" ]

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.sshServe.enable

Whether to enable serving the Nix store as a binary cache via SSH.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-ssh-serve.nix>
nix.sshServe.keys

A list of SSH public keys allowed to access the binary cache via SSH.

Type: list of strings

Default: [ ]

Example: [ "ssh-dss AAAAB3NzaC1k... alice@example.org" ]

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-ssh-serve.nix>
nix.trustedBinaryCaches

List of binary cache URLs that non-root users can use (in addition to those specified using nix.binaryCaches) by passing --option binary-caches to Nix commands.

Type: list of strings

Default: [ ]

Example: [ "http://hydra.nixos.org/" ]

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.trustedUsers

A list of names of users that have additional rights when connecting to the Nix daemon, such as the ability to specify additional binary caches, or to import unsigned NARs. You can also specify groups by prefixing them with @; for instance, @wheel means all users in the wheel group.

Type: list of strings

Default: [ "root" ]

Example: [ "root" "alice" "@wheel" ]

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nix.useChroot

Alias of nix.useSandbox.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/rename.nix>
nix.useSandbox

If set, Nix will perform builds in a sandboxed environment that it will set up automatically for each build. This prevents impurities in builds by disallowing access to dependencies outside of the Nix store.

Type: boolean or one of "relaxed"

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
nixpkgs.config

The configuration of the Nix Packages collection. (For details, see the Nixpkgs documentation.) It allows you to set package configuration options, and to override packages globally through the packageOverrides option. The latter is a function that takes as an argument the original Nixpkgs, and must evaluate to a set of new or overridden packages.

Type: nixpkgs config

Default: { }

Example:

{ firefox.enableGeckoMediaPlayer = true;
  packageOverrides = pkgs: {
    firefox60Pkgs = pkgs.firefox60Pkgs.override {
      enableOfficialBranding = true;
    };
  };
}

Declared by:

<nixpkgs/nixos/modules/misc/nixpkgs.nix>
nixpkgs.system

Specifies the Nix platform type for which NixOS should be built. If unset, it defaults to the platform type of your host system. Specifying this option is useful when doing distributed multi-platform deployment, or when building virtual machines.

Type: string

Example: "i686-linux"

Declared by:

<nixpkgs/nixos/modules/misc/nixpkgs.nix>
power.ups.enable

Enables support for Power Devices, such as Uninterruptible Power Supplies, Power Distribution Units and Solar Controllers.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/monitoring/ups.nix>
power.ups.maxStartDelay

This can be set as a global variable above your first UPS definition and it can also be set in a UPS section. This value controls how long upsdrvctl will wait for the driver to finish starting. This keeps your system from getting stuck due to a broken driver or UPS.

Type: integer

Default: 45

Declared by:

<nixpkgs/nixos/modules/services/monitoring/ups.nix>
power.ups.mode

The MODE determines which part of the NUT is to be started, and which configuration files must be modified. The values of MODE can be: - none: NUT is not configured, or use the Integrated Power Management, or use some external system to startup NUT components. So nothing is to be started. - standalone: This mode address a local only configuration, with 1 UPS protecting the local system. This implies to start the 3 NUT layers (driver, upsd and upsmon) and the matching configuration files. This mode can also address UPS redundancy. - netserver: same as for the standalone configuration, but also need some more ACLs and possibly a specific LISTEN directive in upsd.conf. Since this MODE is opened to the network, a special care should be applied to security concerns. - netclient: this mode only requires upsmon.

Type: string

Default: "standalone"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/ups.nix>
power.ups.schedulerRules

File which contains the rules to handle UPS events.

Type: string

Example: "/etc/nixos/upssched.conf"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/ups.nix>
power.ups.ups

This is where you configure all the UPSes that this system will be monitoring directly. These are usually attached to serial ports, but USB devices are also supported.

Type: attribute set of submodules

Default: { }

Declared by:

<nixpkgs/nixos/modules/services/monitoring/ups.nix>
power.ups.ups.<name>.description

Description of the UPS.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/monitoring/ups.nix>
power.ups.ups.<name>.directives

List of configuration directives for this UPS.

Type: list of strings

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/monitoring/ups.nix>
power.ups.ups.<name>.driver

Specify the program to run to talk to this UPS. apcsmart, bestups, and sec are some examples.

Type: string

Declared by:

<nixpkgs/nixos/modules/services/monitoring/ups.nix>
power.ups.ups.<name>.maxStartDelay

This can be set as a global variable above your first UPS definition and it can also be set in a UPS section. This value controls how long upsdrvctl will wait for the driver to finish starting. This keeps your system from getting stuck due to a broken driver or UPS.

Type: null or integer

Default: null

Declared by:

<nixpkgs/nixos/modules/services/monitoring/ups.nix>
power.ups.ups.<name>.port

The serial port to which your UPS is connected. /dev/ttyS0 is usually the first port on Linux boxes, for example.

Type: string

Declared by:

<nixpkgs/nixos/modules/services/monitoring/ups.nix>
power.ups.ups.<name>.shutdownOrder

When you have multiple UPSes on your system, you usually need to turn them off in a certain order. upsdrvctl shuts down all the 0s, then the 1s, 2s, and so on. To exclude a UPS from the shutdown sequence, set this to -1.

Type: integer

Default: 0

Declared by:

<nixpkgs/nixos/modules/services/monitoring/ups.nix>
power.ups.ups.<name>.summary

Lines which would be added inside ups.conf for handling this UPS.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/monitoring/ups.nix>
powerManagement.cpuFreqGovernor

Configure the governor used to regulate the frequence of the available CPUs. By default, the kernel configures the performance governor.

Type: null or string

Default: null

Example: "ondemand"

Declared by:

<nixpkgs/nixos/modules/tasks/cpu-freq.nix>
powerManagement.enable

Whether to enable power management. This includes support for suspend-to-RAM and powersave features on laptops.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/config/power-management.nix>
powerManagement.powerDownCommands

Commands executed when the machine powers down. That is, they're executed both when the system shuts down and when it goes to suspend or hibernation.

Type: string

Default: ""

Example:

"${pkgs.hdparm}/sbin/hdparm -B 255 /dev/sda"

Declared by:

<nixpkgs/nixos/modules/config/power-management.nix>
powerManagement.powerUpCommands

Commands executed when the machine powers up. That is, they're executed both when the system first boots and when it resumes from suspend or hibernation.

Type: string

Default: ""

Example:

"${pkgs.hdparm}/sbin/hdparm -B 255 /dev/sda"

Declared by:

<nixpkgs/nixos/modules/config/power-management.nix>
powerManagement.resumeCommands

Commands executed after the system resumes from suspend-to-RAM.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/config/power-management.nix>
powerManagement.scsiLinkPolicy

SCSI link power management policy. The kernel default is "max_performance".

Type: null or one of "min_power", "max_performance", "medium_power"

Default: null

Declared by:

<nixpkgs/nixos/modules/tasks/scsi-link-power-management.nix>
programs.atop.settings

Parameters to be written to /etc/atoprc.

Type: attribute set

Default: { }

Example: { flags = "a1f"; interval = 5; }

Declared by:

<nixpkgs/nixos/modules/programs/atop.nix>
programs.bash.enableCompletion

Enable Bash completion for all interactive bash shells.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/programs/bash/bash.nix>
programs.bash.interactiveShellInit

Shell script code called during interactive bash shell initialisation.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/programs/bash/bash.nix>
programs.bash.loginShellInit

Shell script code called during login bash shell initialisation.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/programs/bash/bash.nix>
programs.bash.promptInit

Shell script code used to initialise the bash prompt.

Type: string

Default:

''
# Provide a nice prompt if the terminal supports it.
if [ "$TERM" != "dumb" -o -n "$INSIDE_EMACS" ]; then
  PROMPT_COLOR="1;31m"
  let $UID && PROMPT_COLOR="1;32m"
  PS1="\n\[\033[$PROMPT_COLOR\][\u@\h:\w]\\$\[\033[0m\] "
  if test "$TERM" = "xterm"; then
    PS1="\[\033]2;\h:\u:\w\007\]$PS1"
  fi
fi
''

Declared by:

<nixpkgs/nixos/modules/programs/bash/bash.nix>
programs.bash.shellAliases

Set of aliases for bash shell. See environment.shellAliases for an option format description.

Type: attribute set

Default: { l = "ls -alh"; ll = "ls -l"; ls = "ls --color=tty"; }

Declared by:

<nixpkgs/nixos/modules/programs/bash/bash.nix>
programs.bash.shellInit

Shell script code called during bash shell initialisation.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/programs/bash/bash.nix>
programs.cdemu.enable

cdemu for members of programs.cdemu.group.

Type: unspecified

Default: false

Declared by:

<nixpkgs/nixos/modules/programs/cdemu.nix>
programs.cdemu.group

Group that users must be in to use cdemu.

Type: unspecified

Default: "cdrom"

Declared by:

<nixpkgs/nixos/modules/programs/cdemu.nix>
programs.cdemu.gui

Whether to install the cdemu GUI (gCDEmu).

Type: unspecified

Default: true

Declared by:

<nixpkgs/nixos/modules/programs/cdemu.nix>
programs.cdemu.image-analyzer

Whether to install the image analyzer.

Type: unspecified

Default: true

Declared by:

<nixpkgs/nixos/modules/programs/cdemu.nix>
programs.fish.enable

Whether to configure fish as an interactive shell.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/programs/fish.nix>
programs.fish.interactiveShellInit

Shell script code called during interactive fish shell initialisation.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/programs/fish.nix>
programs.fish.loginShellInit

Shell script code called during fish login shell initialisation.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/programs/fish.nix>
programs.fish.promptInit

Shell script code used to initialise fish prompt.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/programs/fish.nix>
programs.fish.shellAliases

Set of aliases for fish shell. See environment.shellAliases for an option format description.

Type: attribute set

Default: { l = "ls -alh"; ll = "ls -l"; ls = "ls --color=tty"; }

Declared by:

<nixpkgs/nixos/modules/programs/fish.nix>
programs.fish.shellInit

Shell script code called during fish shell initialisation.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/programs/fish.nix>
programs.ibus.plugins

Alias of i18n.inputMethod.ibus.engines.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/rename.nix>
programs.info.enable

Whether to enable info pages and the info command.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/programs/info.nix>
programs.kbdlight.enable

Whether to enable kbdlight.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/programs/kbdlight.nix>
programs.light.enable

Whether to install Light backlight control with setuid wrapper.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/programs/light.nix>
programs.man.enable

Whether to enable manual pages and the man command.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/programs/man.nix>
programs.mosh.enable

Whether to enable mosh. Note, this will open ports in your firewall!

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/programs/mosh.nix>
programs.nano.nanorc

The system-wide nano configuration. See nanorc(5).

Type: string

Default: ""

Example:

''
set nowrap
set tabstospaces
set tabsize 4
''

Declared by:

<nixpkgs/nixos/modules/programs/nano.nix>
programs.screen.screenrc

The contents of /etc/screenrc file.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/programs/screen.nix>
programs.spacefm.enable

Whether to install SpaceFM and create /etc/spacefm/spacefm.conf.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/programs/spacefm.nix>
programs.spacefm.settings

The system-wide spacefm configuration. Parameters to be written to /etc/spacefm/spacefm.conf. Refer to the relevant entry in the SpaceFM manual.

Type: attribute set

Default: { graphical_su = "\${pkgs.gksu}/bin/gksu"; terminal_su = "\${pkgs.sudo}/bin/sudo"; tmp_dir = "/tmp"; }

Example:

{
          tmp_dir = "/tmp";
          terminal_su = "${pkgs.sudo}/bin/sudo";
          graphical_su = "${pkgs.gksu}/bin/gksu";
        }

Declared by:

<nixpkgs/nixos/modules/programs/spacefm.nix>
programs.ssh.agentTimeout

How long to keep the private keys in memory. Use null to keep them forever.

Type: null or string

Default: null

Example: "1h"

Declared by:

<nixpkgs/nixos/modules/programs/ssh.nix>
programs.ssh.askPassword

Program used by SSH to ask for passwords.

Type: string

Default: "\${pkgs.x11_ssh_askpass}/libexec/x11-ssh-askpass"

Declared by:

<nixpkgs/nixos/modules/programs/ssh.nix>
programs.ssh.extraConfig

Extra configuration text appended to ssh_config. See ssh_config(5) for help.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/programs/ssh.nix>
programs.ssh.forwardX11

Whether to request X11 forwarding on outgoing connections by default. This is useful for running graphical programs on the remote machine and have them display to your local X11 server. Historically, this value has depended on the value used by the local sshd daemon, but there really isn't a relation between the two. Note: there are some security risks to forwarding an X11 connection. NixOS's X server is built with the SECURITY extension, which prevents some obvious attacks. To enable or disable forwarding on a per-connection basis, see the -X and -x options to ssh. The -Y option to ssh enables trusted forwarding, which bypasses the SECURITY extension.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/programs/ssh.nix>
programs.ssh.knownHosts

The set of system-wide known SSH hosts.

Type: list or attribute set of submodules

Default: { }

Example:

[
  {
    hostNames = [ "myhost" "myhost.mydomain.com" "10.10.1.4" ];
    publicKeyFile = "./pubkeys/myhost_ssh_host_dsa_key.pub";
  }
  {
    hostNames = [ "myhost2" ];
    publicKeyFile = "./pubkeys/myhost2_ssh_host_dsa_key.pub";
  }
]

Declared by:

<nixpkgs/nixos/modules/programs/ssh.nix>
programs.ssh.knownHosts.<name?>.hostNames

A list of host names and/or IP numbers used for accessing the host's ssh service.

Type: list of strings

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/programs/ssh.nix>
programs.ssh.knownHosts.<name?>.publicKey

The public key data for the host. You can fetch a public key from a running SSH server with the ssh-keyscan command. The public key should not include any host names, only the key type and the key itself.

Type: null or string

Default: null

Example: "ecdsa-sha2-nistp521 AAAAE2VjZHN...UEPg=="

Declared by:

<nixpkgs/nixos/modules/programs/ssh.nix>
programs.ssh.knownHosts.<name?>.publicKeyFile

The path to the public key file for the host. The public key file is read at build time and saved in the Nix store. You can fetch a public key file from a running SSH server with the ssh-keyscan command. The content of the file should follow the same format as described for the publicKey option.

Type: null or path

Default: null

Declared by:

<nixpkgs/nixos/modules/programs/ssh.nix>
programs.ssh.package

The package used for the openssh client and daemon.

Type: package

Default: "pkgs.openssh"

Declared by:

<nixpkgs/nixos/modules/programs/ssh.nix>
programs.ssh.setXAuthLocation

Whether to set the path to xauth for X11-forwarded connections. This causes a dependency on X11 packages.

Type: boolean

Declared by:

<nixpkgs/nixos/modules/programs/ssh.nix>
programs.ssh.startAgent

Whether to start the OpenSSH agent when you log in. The OpenSSH agent remembers private keys for you so that you don't have to type in passphrases every time you make an SSH connection. Use ssh-add to add a key to the agent.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/programs/ssh.nix>
programs.tmux.aggressiveResize

Resize the window to the size of the smallest session for which it is the current window.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/programs/tmux.nix>
programs.tmux.baseIndex

Base index for windows and panes.

Type: integer

Default: 0

Example: 1

Declared by:

<nixpkgs/nixos/modules/programs/tmux.nix>
programs.tmux.clock24

Use 24 hour clock.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/programs/tmux.nix>
programs.tmux.customPaneNavigationAndResize

Override the hjkl and HJKL bindings for pane navigation and resizing in VI mode.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/programs/tmux.nix>
programs.tmux.enable

Whether to enable tmux - a screen replacement..

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/programs/tmux.nix>
programs.tmux.escapeTime

Time in milliseconds for which tmux waits after an escape is input.

Type: integer

Default: 500

Example: 0

Declared by:

<nixpkgs/nixos/modules/programs/tmux.nix>
programs.tmux.extraTmuxConf

Additional contents of /etc/tmux.conf

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/programs/tmux.nix>
programs.tmux.historyLimit

Maximum number of lines held in window history.

Type: integer

Default: 2000

Example: 5000

Declared by:

<nixpkgs/nixos/modules/programs/tmux.nix>
programs.tmux.keyMode

VI or Emacs style shortcuts.

Type: one of "emacs", "vi"

Default: "emacs"

Example: "vi"

Declared by:

<nixpkgs/nixos/modules/programs/tmux.nix>
programs.tmux.newSession

Automatically spawn a session if trying to attach and none are running.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/programs/tmux.nix>
programs.tmux.resizeAmount

Number of lines/columns when resizing.

Type: integer

Default: 5

Example: 10

Declared by:

<nixpkgs/nixos/modules/programs/tmux.nix>
programs.tmux.reverseSplit

Reverse the window split shortcuts.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/programs/tmux.nix>
programs.tmux.shortcut

Ctrl following by this key is used as the main shortcut.

Type: string

Default: "b"

Example: "a"

Declared by:

<nixpkgs/nixos/modules/programs/tmux.nix>
programs.tmux.terminal

Set the $TERM variable.

Type: string

Default: "screen"

Example: "screen-256color"

Declared by:

<nixpkgs/nixos/modules/programs/tmux.nix>
programs.unity3d.enable

Alias of security.chromiumSuidSandbox.enable.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/rename.nix>
programs.virtualbox.addNetworkInterface

Alias of virtualisation.virtualbox.host.addNetworkInterface.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/rename.nix>
programs.virtualbox.enable

Alias of virtualisation.virtualbox.host.enable.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/rename.nix>
programs.virtualbox.enableHardening

Alias of virtualisation.virtualbox.host.enableHardening.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/rename.nix>
programs.xfs_quota.projects

Setup of xfs_quota projects. Make sure the filesystem is mounted with the pquota option.

Type: attribute set of submodules

Default: { }

Example: { projname = { id = 50; path = "/xfsprojects/projname"; sizeHardLimit = "50g"; } ; }

Declared by:

<nixpkgs/nixos/modules/programs/xfs_quota.nix>
programs.xfs_quota.projects.<name>.fileSystem

XFS filesystem hosting the xfs_quota project.

Type: string

Default: "/"

Declared by:

<nixpkgs/nixos/modules/programs/xfs_quota.nix>
programs.xfs_quota.projects.<name>.id

Project ID.

Type: integer

Declared by:

<nixpkgs/nixos/modules/programs/xfs_quota.nix>
programs.xfs_quota.projects.<name>.path

Project directory.

Type: string

Declared by:

<nixpkgs/nixos/modules/programs/xfs_quota.nix>
programs.xfs_quota.projects.<name>.sizeHardLimit

Hard limit of the project size.

Type: null or string

Default: null

Example: "50g"

Declared by:

<nixpkgs/nixos/modules/programs/xfs_quota.nix>
programs.xfs_quota.projects.<name>.sizeSoftLimit

Soft limit of the project size

Type: null or string

Default: null

Example: "30g"

Declared by:

<nixpkgs/nixos/modules/programs/xfs_quota.nix>
programs.xonsh.config

Control file to customize your shell behavior.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/programs/xonsh.nix>
programs.xonsh.enable

Whether to configure xnosh as an interactive shell.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/programs/xonsh.nix>
programs.xonsh.package

xonsh package to use.

Type: package

Example:

pkgs.xonsh.override { configFile = "/path/to/xonshrc"; }

Declared by:

<nixpkgs/nixos/modules/programs/xonsh.nix>
programs.zsh.enable

Whether to configure zsh as an interactive shell.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
programs.zsh.enableCompletion

Enable zsh completion for all interactive zsh shells.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
programs.zsh.interactiveShellInit

Shell script code called during interactive zsh shell initialisation.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
programs.zsh.loginShellInit

Shell script code called during zsh login shell initialisation.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
programs.zsh.promptInit

Shell script code used to initialise the zsh prompt.

Type: string

Default:

''
autoload -U promptinit && promptinit && prompt walters
''

Declared by:

<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
programs.zsh.shellAliases

Set of aliases for zsh shell. See environment.shellAliases for an option format description.

Type: attribute set

Default: { l = "ls -alh"; ll = "ls -l"; ls = "ls --color=tty"; }

Declared by:

<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
programs.zsh.shellInit

Shell script code called during zsh shell initialisation.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
security.acme.certs

Attribute set of certificates to get signed and renewed.

Type: list or attribute set of submodules

Default: { }

Example: { bar.example.com = { email = "bar@example.com"; webroot = "/var/www/challenges/"; } ; example.com = { email = "foo@example.com"; extraDomains = { foo.example.com = "/var/www/foo/"; www.example.com = null; } ; webroot = "/var/www/challenges/"; } ; }

Declared by:

<nixpkgs/nixos/modules/security/acme.nix>
security.acme.certs.<name?>.allowKeysForGroup

Give read permissions to the specified group to read SSL private certificates.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/acme.nix>
security.acme.certs.<name?>.email

Contact email address for the CA to be able to reach you.

Type: null or string

Default: null

Declared by:

<nixpkgs/nixos/modules/security/acme.nix>
security.acme.certs.<name?>.extraDomains

Extra domain names for which certificates are to be issued, with their own server roots if needed.

Type: attribute set of null or strings

Default: { }

Example: { example.org = "/srv/http/nginx"; mydomain.org = null; }

Declared by:

<nixpkgs/nixos/modules/security/acme.nix>
security.acme.certs.<name?>.group

Group running the ACME client.

Type: string

Default: "root"

Declared by:

<nixpkgs/nixos/modules/security/acme.nix>
security.acme.certs.<name?>.plugins

Plugins to enable. With default settings simp_le will store public certificate bundle in fullchain.pem and private key in key.pem in its state directory.

Type: list of one of "cert.der", "cert.pem", "chain.pem", "external.sh", "fullchain.pem", "full.pem", "key.der", "key.pem", "account_key.json"s

Default: [ "fullchain.pem" "key.pem" "account_key.json" ]

Declared by:

<nixpkgs/nixos/modules/security/acme.nix>
security.acme.certs.<name?>.postRun

Commands to run after certificates are re-issued. Typically the web server and other servers using certificates need to be reloaded.

Type: string

Default: ""

Example: "systemctl reload nginx.service"

Declared by:

<nixpkgs/nixos/modules/security/acme.nix>
security.acme.certs.<name?>.user

User running the ACME client.

Type: string

Default: "root"

Declared by:

<nixpkgs/nixos/modules/security/acme.nix>
security.acme.certs.<name?>.webroot

Where the webroot of the HTTP vhost is located. .well-known/acme-challenge/ directory will be created automatically if it doesn't exist. http://example.org/.well-known/acme-challenge/ must also be available (notice unencrypted HTTP).

Type: string

Declared by:

<nixpkgs/nixos/modules/security/acme.nix>
security.acme.directory

Directory where certs and other state will be stored by default.

Type: string

Default: "/var/lib/acme"

Declared by:

<nixpkgs/nixos/modules/security/acme.nix>
security.acme.preliminarySelfsigned

Whether a preliminary self-signed certificate should be generated before doing ACME requests. This can be useful when certificates are required in a webserver, but ACME needs the webserver to make its requests. With preliminary self-signed certificate the webserver can be started and can later reload the correct ACME certificates.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/security/acme.nix>
security.acme.renewInterval

Systemd calendar expression when to check for renewal. See systemd.time(5).

Type: string

Default: "weekly"

Declared by:

<nixpkgs/nixos/modules/security/acme.nix>
security.acme.validMin

Minimum remaining validity before renewal in seconds.

Type: integer

Default: 2592000

Declared by:

<nixpkgs/nixos/modules/security/acme.nix>
security.apparmor.confineSUIDApplications

Install AppArmor profiles for commonly-used SUID application to mitigate potential privilege escalation attacks due to bugs in such applications. Currently available profiles: ping

Type: unspecified

Default: true

Declared by:

<nixpkgs/nixos/modules/security/apparmor-suid.nix>
security.apparmor.enable

Enable the AppArmor Mandatory Access Control system.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/apparmor.nix>
security.apparmor.profiles

List of files containing AppArmor profiles.

Type: list of paths

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/security/apparmor.nix>
security.audit.backlogLimit

The maximum number of outstanding audit buffers allowed; exceeding this is considered a failure and handled in a manner specified by failureMode.

Type: integer

Default: 64

Declared by:

<nixpkgs/nixos/modules/security/audit.nix>
security.audit.enable

Whether to enable the Linux audit system. The special `lock' value can be used to enable auditing and prevent disabling it until a restart. Be careful about locking this, as it will prevent you from changing your audit configuration until you restart. If possible, test your configuration using build-vm beforehand.

Type: one of <bool>, <bool>, "lock"

Default: false

Declared by:

<nixpkgs/nixos/modules/security/audit.nix>
security.audit.failureMode

How to handle critical errors in the auditing system

Type: one of "silent", "printk", "panic"

Default: "printk"

Declared by:

<nixpkgs/nixos/modules/security/audit.nix>
security.audit.rateLimit

The maximum messages per second permitted before triggering a failure as specified by failureMode. Setting it to zero disables the limit.

Type: integer

Default: 0

Declared by:

<nixpkgs/nixos/modules/security/audit.nix>
security.audit.rules

The ordered audit rules, with each string appearing as one line of the audit.rules file.

Type: list of strings

Default: [ ]

Example: [ "-a exit,always -F arch=b64 -S execve" ]

Declared by:

<nixpkgs/nixos/modules/security/audit.nix>
security.chromiumSuidSandbox.enable

Whether to install the Chromium SUID sandbox which is an executable that Chromium may use in order to achieve sandboxing. If you get the error "The SUID sandbox helper binary was found, but is not configured correctly.", turning this on might help. Also, if the URL chrome://sandbox tells you that "You are not adequately sandboxed!", turning this on might resolve the issue. Finally, if you have security.grsecurity enabled and you use Chromium, you probably need this.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/chromium-suid-sandbox.nix>
security.duosec.acceptEnvFactor

Look for factor selection or passcode in the $DUO_PASSCODE environment variable before prompting the user for input. When $DUO_PASSCODE is non-empty, it will override autopush. The SSH client will need SendEnv DUO_PASSCODE in its configuration, and the SSH server will similarly need AcceptEnv DUO_PASSCODE.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/duosec.nix>
security.duosec.allowTcpForwarding

By default, when SSH forwarding, enabling Duo Security will disable TCP forwarding. By enabling this, you potentially undermine some of the SSH based login security. Note this is not needed if you use PAM.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/duosec.nix>
security.duosec.autopush

If true, Duo Unix will automatically send a push login request to the user’s phone, falling back on a phone call if push is unavailable. If false, the user will be prompted to choose an authentication method. When configured with autopush = yes, we recommend setting prompts = 1.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/duosec.nix>
security.duosec.failmode

On service or configuration errors that prevent Duo authentication, fail "safe" (allow access) or "secure" (deny access). The default is "safe".

Type: string

Default: "safe"

Declared by:

<nixpkgs/nixos/modules/security/duosec.nix>
security.duosec.fallbackLocalIP

Duo Unix reports the IP address of the authorizing user, for the purposes of authorization and whitelisting. If Duo Unix cannot detect the IP address of the client, setting fallbackLocalIP = yes will cause Duo Unix to send the IP address of the server it is running on. If you are using IP whitelisting, enabling this option could cause unauthorized logins if the local IP is listed in the whitelist.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/duosec.nix>
security.duosec.group

Use Duo authentication for users only in this group.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/security/duosec.nix>
security.duosec.host

Duo API hostname.

Type: string

Declared by:

<nixpkgs/nixos/modules/security/duosec.nix>
security.duosec.ikey

Integration key.

Type: string

Declared by:

<nixpkgs/nixos/modules/security/duosec.nix>
security.duosec.motd

Print the contents of /etc/motd to screen after a successful login.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/duosec.nix>
security.duosec.pam.enable

If enabled, protect logins with Duo Security using PAM support.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/duosec.nix>
security.duosec.prompts

If a user fails to authenticate with a second factor, Duo Unix will prompt the user to authenticate again. This option sets the maximum number of prompts that Duo Unix will display before denying access. Must be 1, 2, or 3. Default is 3. For example, when prompts = 1, the user will have to successfully authenticate on the first prompt, whereas if prompts = 2, if the user enters incorrect information at the initial prompt, he/she will be prompted to authenticate again. When configured with autopush = true, we recommend setting prompts = 1.

Type: integer

Default: 3

Declared by:

<nixpkgs/nixos/modules/security/duosec.nix>
security.duosec.pushinfo

Include information such as the command to be executed in the Duo Push message.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/duosec.nix>
security.duosec.skey

Secret key.

Type: string

Declared by:

<nixpkgs/nixos/modules/security/duosec.nix>
security.duosec.ssh.enable

If enabled, protect SSH logins with Duo Security.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/duosec.nix>
security.extraSetuidPrograms

Alias of security.setuidPrograms.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/rename.nix>
security.grsecurity.disableEfiRuntimeServices

Whether to disable access to EFI runtime services. Enabling EFI runtime services creates a venue for code injection attacks on the kernel and should be disabled if at all possible. Changing this option enters into effect upon reboot.

Type: boolean

Default: true

Example: false

Declared by:

<nixpkgs/nixos/modules/security/grsecurity.nix>
security.grsecurity.enable

Whether to enable grsecurity/PaX.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/security/grsecurity.nix>
security.grsecurity.lockTunables

Whether to automatically lock grsecurity tunables (boot.kernel.sysctl."kernel.grsecurity.*"). Disable this to allow runtime configuration of grsecurity features. Activate the grsec-lock service unit to prevent further configuration until the next reboot.

Type: boolean

Default: true

Example: false

Declared by:

<nixpkgs/nixos/modules/security/grsecurity.nix>
security.hideProcessInformation

Restrict access to process information to the owning user. Enabling this option implies, among other things, that command-line arguments remain private. This option is recommended for most systems, unless there's a legitimate reason for allowing unprivileged users to inspect the process information of other users. Members of the group "proc" are exempt from process information hiding. To allow a service to run without process information hiding, add "proc" to its supplementary groups via systemd.services.<name?>.serviceConfig.SupplementaryGroups.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/security/hidepid.nix>
security.pam.enableEcryptfs

Enable eCryptfs PAM module (mounting ecryptfs home directory on login).

Type: unspecified

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.enableOTPW

Enable the OTPW (one-time password) PAM module.

Type: unspecified

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.enableSSHAgentAuth

Enable sudo logins if the user's SSH agent provides a key present in ~/.ssh/authorized_keys. This allows machines to exclusively use SSH keys instead of passwords.

Type: unspecified

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.enableU2F

Enable the U2F PAM module.

Type: unspecified

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.loginLimits

Define resource limits that should apply to users or groups. Each item in the list should be an attribute set with a domain, type, item, and value attribute. The syntax and semantics of these attributes must be that described in the limits.conf(5) man page.

Type: unspecified

Default: [ ]

Example: [ { domain = "ftp"; item = "nproc"; type = "hard"; value = "0"; } { domain = "@student"; item = "maxlogins"; type = "-"; value = "4"; } ]

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.mount.enable

Enable PAM mount system to mount fileystems on user login.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam_mount.nix>
security.pam.mount.extraVolumes

List of volume definitions for pam_mount. For more information, visit http://pam-mount.sourceforge.net/pam_mount.conf.5.html.

Type: list of strings

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/security/pam_mount.nix>
security.pam.oath.digits

Specify the length of the one-time password in number of digits.

Type: one of 6, 7, 8

Default: 6

Declared by:

<nixpkgs/nixos/modules/security/oath.nix>
security.pam.oath.enable

Enable the OATH (one-time password) PAM module.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/oath.nix>
security.pam.oath.usersFile

Set the path to file where the user's credentials are stored. This file must not be world readable!

Type: path

Default: "/etc/users.oath"

Declared by:

<nixpkgs/nixos/modules/security/oath.nix>
security.pam.oath.window

Specify the number of one-time passwords to check in order to accommodate for situations where the system and the client are slightly out of sync (iteration for HOTP or time steps for TOTP).

Type: integer

Default: 5

Declared by:

<nixpkgs/nixos/modules/security/oath.nix>
security.pam.services

This option defines the PAM services. A service typically corresponds to a program that uses PAM, e.g. login or passwd. Each attribute of this set defines a PAM service, with the attribute name defining the name of the service.

Type: list or attribute set of submodules

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name?>.allowNullPassword

Whether to allow logging into accounts that have no password set (i.e., have an empty password field in /etc/passwd or /etc/group). This does not enable logging into disabled accounts (i.e., that have the password field set to !). Note that regardless of what the pam_unix documentation says, accounts with hashed empty passwords are always allowed to log in.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name?>.enableAppArmor

Enable support for attaching AppArmor profiles at the user/group level, e.g., as part of a role based access control scheme.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name?>.forwardXAuth

Whether X authentication keys should be passed from the calling user to the target user (e.g. for su)

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name?>.fprintAuth

If set, fingerprint reader will be used (if exists and your fingerprints are enrolled).

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name?>.limits

Attribute set describing resource limits. Defaults to the value of security.pam.loginLimits.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name?>.logFailures

Whether to log authentication failures in /var/log/faillog.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name?>.makeHomeDir

Whether to try to create home directories for users with $HOMEs pointing to nonexistent locations on session login.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name?>.name

Name of the PAM service.

Type: string

Example: "sshd"

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name?>.oathAuth

If set, the OATH Toolkit will be used.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name?>.otpwAuth

If set, the OTPW system will be used (if ~/.otpw exists).

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name?>.pamMount

Enable PAM mount (pam_mount) system to mount fileystems on user login.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name?>.requireWheel

Whether to permit root access only to members of group wheel.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name?>.rootOK

If set, root doesn't need to authenticate (e.g. for the useradd service).

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name?>.setEnvironment

Whether the service should set the environment variables listed in environment.sessionVariables using pam_env.so.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name?>.setLoginUid

Set the login uid of the process (/proc/self/loginuid) for auditing purposes. The login uid is only set by ‘entry points’ like login and sshd, not by commands like sudo.

Type: boolean

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name?>.showMotd

Whether to show the message of the day.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name?>.sshAgentAuth

If set, the calling user's SSH agent is used to authenticate against the keys in the calling user's ~/.ssh/authorized_keys. This is useful for sudo on password-less remote systems.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name?>.startSession

If set, the service will register a new session with systemd's login manager. For local sessions, this will give the user access to audio devices, CD-ROM drives. In the default PolicyKit configuration, it also allows the user to reboot the system.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name?>.text

Contents of the PAM service file.

Type: null or string

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name?>.u2fAuth

If set, users listed in ~/.yubico/u2f_keys are able to log in with the associated U2F key.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name?>.unixAuth

Whether users can log in with passwords defined in /etc/shadow.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name?>.updateWtmp

Whether to update /var/log/wtmp.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.services.<name?>.usbAuth

If set, users listed in /etc/pamusb.conf are able to log in with the associated USB key.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam.nix>
security.pam.usb.enable

Enable USB login for all login systems that support it. For more information, visit http://pamusb.org/doc/quickstart#setting_up.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/pam_usb.nix>
security.pki.certificateFiles

A list of files containing trusted root certificates in PEM format. These are concatenated to form /etc/ssl/certs/ca-certificates.crt, which is used by many programs that use OpenSSL, such as curl and git.

Type: list of paths

Default: [ ]

Example:

[ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ]

Declared by:

<nixpkgs/nixos/modules/security/ca.nix>
security.pki.certificates

A list of trusted root certificates in PEM format.

Type: list of strings

Default: [ ]

Example:

[ ''
    NixOS.org
    =========
    -----BEGIN CERTIFICATE-----
    MIIGUDCCBTigAwIBAgIDD8KWMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJ
    TDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0
    ...
    -----END CERTIFICATE-----
  ''
]

Declared by:

<nixpkgs/nixos/modules/security/ca.nix>
security.polkit.adminIdentities

Specifies which users are considered “administrators”, for those actions that require the user to authenticate as an administrator (i.e. have an auth_admin value). By default, this is the root user and all users in the wheel group.

Type: list of strings

Default: [ "unix-user:0" "unix-group:wheel" ]

Example: [ "unix-user:alice" "unix-group:admin" ]

Declared by:

<nixpkgs/nixos/modules/security/polkit.nix>
security.polkit.enable

Whether to enable PolKit.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/security/polkit.nix>
security.polkit.extraConfig

Any polkit rules to be added to config (in JavaScript ;-). See: http://www.freedesktop.org/software/polkit/docs/latest/polkit.8.html#polkit-rules

Type: string

Default: ""

Example:

''
/* Log authorization checks. */
polkit.addRule(function(action, subject) {
  polkit.log("user " +  subject.user + " is attempting action " + action.id + " from PID " + subject.pid);
});

/* Allow any local user to do anything (dangerous!). */
polkit.addRule(function(action, subject) {
  if (subject.local) return "yes";
});
''

Declared by:

<nixpkgs/nixos/modules/security/polkit.nix>
security.rngd.enable

Whether to enable the rng daemon, which adds entropy from hardware sources of randomness to the kernel entropy pool when available.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/security/rngd.nix>
security.rtkit.enable

Whether to enable the RealtimeKit system service, which hands out realtime scheduling priority to user processes on demand. For example, the PulseAudio server uses this to acquire realtime priority.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/security/rtkit.nix>
security.setuidOwners

This option allows the ownership and permissions on the setuid wrappers for specific programs to be overridden from the default (setuid root, but not setgid root).

Type: list of attribute sets

Default: [ ]

Example: [ { group = "postdrop"; owner = "nobody"; permissions = "u+rx,g+x,o+x"; program = "sendmail"; setgid = true; setuid = false; } ]

Declared by:

<nixpkgs/nixos/modules/security/setuid-wrappers.nix>
security.setuidPrograms

The Nix store cannot contain setuid/setgid programs directly. For this reason, NixOS can automatically generate wrapper programs that have the necessary privileges. This option lists the names of programs in the system environment for which setuid root wrappers should be created.

Type: list of strings

Default: [ ]

Example: [ "passwd" ]

Declared by:

<nixpkgs/nixos/modules/security/setuid-wrappers.nix>
security.sudo.configFile

This string contains the contents of the sudoers file.

Type: string

Declared by:

<nixpkgs/nixos/modules/security/sudo.nix>
security.sudo.enable

Whether to enable the sudo command, which allows non-root users to execute commands as root.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/security/sudo.nix>
security.sudo.extraConfig

Extra configuration text appended to sudoers.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/security/sudo.nix>
security.sudo.wheelNeedsPassword

Whether users of the wheel group can execute commands as super user without entering a password.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/security/sudo.nix>
services.accounts-daemon.enable

Whether to enable AccountsService, a DBus service for accessing the list of user accounts and information attached to those accounts.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/desktops/accountsservice.nix>
services.acpid.acEventCommands

Shell commands to execute on an ac_adapter.* event.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/hardware/acpid.nix>
services.acpid.enable

Whether to enable the ACPI daemon.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/hardware/acpid.nix>
services.acpid.handlers

Event handlers.

Type: attribute set of submodules

Default: { }

Example: { mute = { action = "amixer set Master toggle"; event = "button/mute.*"; } ; }

Declared by:

<nixpkgs/nixos/modules/services/hardware/acpid.nix>
services.acpid.handlers.<name>.action

Shell commands to execute when the event is triggered.

Type: string

Declared by:

<nixpkgs/nixos/modules/services/hardware/acpid.nix>
services.acpid.handlers.<name>.event

Event type.

Type: string

Example: [ "button/power.*" "button/lid.*" "ac_adapter.*" "button/mute.*" "button/volumedown.*" "cd/play.*" "cd/next.*" ]

Declared by:

<nixpkgs/nixos/modules/services/hardware/acpid.nix>
services.acpid.lidEventCommands

Shell commands to execute on a button/lid.* event.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/hardware/acpid.nix>
services.acpid.powerEventCommands

Shell commands to execute on a button/power.* event.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/hardware/acpid.nix>
services.activemq.baseDir

The base directory where ActiveMQ stores its persistent data and logs. This will be overridden if you set "activemq.base" and "activemq.data" in the javaProperties option. You can also override this in activemq.xml.

Type: string

Default: "/var/activemq"

Declared by:

<nixpkgs/nixos/modules/services/amqp/activemq/default.nix>
services.activemq.configurationDir

The base directory for ActiveMQ's configuration. By default, this directory is searched for a file named activemq.xml, which should contain the configuration for the broker service.

Type: unspecified

Default: "\${pkgs.activemq}/conf"

Declared by:

<nixpkgs/nixos/modules/services/amqp/activemq/default.nix>
services.activemq.configurationURI

The URI that is passed along to the BrokerFactory to set up the configuration of the ActiveMQ broker service. You should not need to change this. For custom configuration, set the configurationDir instead, and create an activemq.xml configuration file in it.

Type: string

Default: "xbean:activemq.xml"

Declared by:

<nixpkgs/nixos/modules/services/amqp/activemq/default.nix>
services.activemq.enable

Enable the Apache ActiveMQ message broker service.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/amqp/activemq/default.nix>
services.activemq.extraJavaOptions

Add extra options here that you want to be sent to the Java runtime when the broker service is started.

Type: string

Default: ""

Example: "-Xmx2G -Xms2G -XX:MaxPermSize=512M"

Declared by:

<nixpkgs/nixos/modules/services/amqp/activemq/default.nix>
services.activemq.javaProperties

Specifies Java properties that are sent to the ActiveMQ broker service with the "-D" option. You can set properties here to change the behaviour and configuration of the broker. All essential properties that are not set here are automatically given reasonable defaults.

Type: attribute set

Default: { }

Example: { java.net.preferIPv4Stack = "true"; }

Declared by:

<nixpkgs/nixos/modules/services/amqp/activemq/default.nix>
services.actkbd.bindings

Key bindings for actkbd. See actkbd README for documentation. The example shows a piece of what sound.enableMediaKeys does when enabled.

Type: list of submodules

Default: [ ]

Example:

[ { keys = [ 113 ]; events = [ "key" ]; command = "${pkgs.alsaUtils}/bin/amixer -q set Master toggle"; }
]

Declared by:

<nixpkgs/nixos/modules/services/hardware/actkbd.nix>
services.actkbd.bindings.*.attributes

List of attributes.

Type: list of strings

Default: [ "exec" ]

Declared by:

<nixpkgs/nixos/modules/services/hardware/actkbd.nix>
services.actkbd.bindings.*.command

What to run.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/hardware/actkbd.nix>
services.actkbd.bindings.*.events

List of events to match.

Type: list of one of "key", "rep", "rel"s

Default: [ "key" ]

Declared by:

<nixpkgs/nixos/modules/services/hardware/actkbd.nix>
services.actkbd.bindings.*.keys

List of keycodes to match.

Type: list of integers

Declared by:

<nixpkgs/nixos/modules/services/hardware/actkbd.nix>
services.actkbd.enable

Whether to enable the actkbd key mapping daemon. Turning this on will start an actkbd instance for every evdev input that has at least one key (which is okay even for systems with tiny memory footprint, since actkbd normally uses <100 bytes of memory per instance). This allows binding keys globally without the need for e.g. X11.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/hardware/actkbd.nix>
services.actkbd.extraConfig

Literal contents to append to the end of actkbd configuration file.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/hardware/actkbd.nix>
services.aiccu.automatic

Automatic Login and Tunnel activation

Type: boolean

Default: true

Example: false

Declared by:

<nixpkgs/nixos/modules/services/networking/aiccu.nix>
services.aiccu.behindNAT

Notify the user that a NAT-kind network is detected

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/networking/aiccu.nix>
services.aiccu.defaultRoute

Add a default route

Type: boolean

Default: true

Example: false

Declared by:

<nixpkgs/nixos/modules/services/networking/aiccu.nix>
services.aiccu.enable

Enable aiccu IPv6 over IPv4 SiXXs tunnel

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/networking/aiccu.nix>
services.aiccu.interfaceName

The name of the interface that will be used as a tunnel interface. On *BSD the ipv6_interface should be set to gifX (eg gif0) for proto-41 tunnels or tunX (eg tun0) for AYIYA tunnels.

Type: string

Default: "aiccu"

Example: "sixxs"

Declared by:

<nixpkgs/nixos/modules/services/networking/aiccu.nix>
services.aiccu.localIPv4Override

Overrides the IPv4 parameter received from TIC This allows one to configure a NAT into "DMZ" mode and then forwarding the proto-41 packets to an internal host. This is only needed for static proto-41 tunnels! AYIYA and heartbeat tunnels don't require this.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/networking/aiccu.nix>
services.aiccu.makeHeartBeats

In general you don't want to turn this off Of course only applies to AYIYA and heartbeat tunnels not to static ones

Type: boolean

Default: true

Example: false

Declared by:

<nixpkgs/nixos/modules/services/networking/aiccu.nix>
services.aiccu.noConfigure

Don't configure anything

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/networking/aiccu.nix>
services.aiccu.password

Login credential

Type: null or string

Default: null

Example: "TmAkRbBEr0"

Declared by:

<nixpkgs/nixos/modules/services/networking/aiccu.nix>
services.aiccu.pidFile

Location of PID File

Type: path

Default: "/run/aiccu.pid"

Example: "/var/lib/aiccu/aiccu.pid"

Declared by:

<nixpkgs/nixos/modules/services/networking/aiccu.nix>
services.aiccu.protocol

Protocol to use for setting up the tunnel

Type: string

Default: "tic"

Example: "tic|tsp|l2tp"

Declared by:

<nixpkgs/nixos/modules/services/networking/aiccu.nix>
services.aiccu.requireTLS

When set to true, if TLS is not supported on the server the TIC transaction will fail. When set to false, it will try a starttls, when that is not supported it will continue. In any case if AICCU is build with TLS support it will try to do a 'starttls' to the TIC server to see if that is supported.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/networking/aiccu.nix>
services.aiccu.server

Server to use for setting up the tunnel

Type: string

Default: "tic.sixxs.net"

Example: "enabled.ipv6server.net"

Declared by:

<nixpkgs/nixos/modules/services/networking/aiccu.nix>
services.aiccu.setupScript

Script to run after setting up the interfaces

Type: null or path

Default: null

Example: "/var/lib/aiccu/fix-subnets.sh"

Declared by:

<nixpkgs/nixos/modules/services/networking/aiccu.nix>
services.aiccu.tunnelID

The tunnel id to use, only required when there are multiple tunnels in the list

Type: null or string

Default: null

Example: "T12345"

Declared by:

<nixpkgs/nixos/modules/services/networking/aiccu.nix>
services.aiccu.username

Login credential

Type: null or string

Default: null

Example: "FAB5-SIXXS"

Declared by:

<nixpkgs/nixos/modules/services/networking/aiccu.nix>
services.aiccu.verbose

Be verbose?

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/networking/aiccu.nix>
services.almir.director_address

IP/Hostname for Director to connect with bconsole.

Type: unspecified

Default: "127.0.0.1"

Declared by:

<nixpkgs/nixos/modules/services/backup/almir.nix>
services.almir.director_name

Name of the Director to connect with bconsole.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/services/backup/almir.nix>
services.almir.director_password

Password for Director to connect with bconsole.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/services/backup/almir.nix>
services.almir.director_port

Port for Director to connect with bconsole.

Type: integer

Default: 9101

Declared by:

<nixpkgs/nixos/modules/services/backup/almir.nix>
services.almir.enable

Enable Almir web server. Also configures postgresql database and installs bacula.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/backup/almir.nix>
services.almir.port

Port for Almir web server to listen on.

Type: integer

Default: 35000

Declared by:

<nixpkgs/nixos/modules/services/backup/almir.nix>
services.almir.sqlalchemy_engine_url

Define SQL database connection to bacula catalog as specified in http://docs.sqlalchemy.org/en/latest/core/engines.html#database-urls

Type: unspecified

Default: "postgresql:///bacula"

Example:

''
postgresql://bacula:bacula@localhost:5432/bacula
mysql+mysqlconnector://<user>:<password>@<hostname>/<database>'
sqlite:////var/lib/bacula/bacula.db'
''

Declared by:

<nixpkgs/nixos/modules/services/backup/almir.nix>
services.almir.timezone

Timezone as specified in https://en.wikipedia.org/wiki/List_of_tz_database_time_zones

Type: unspecified

Example: "Europe/Ljubljana"

Declared by:

<nixpkgs/nixos/modules/services/backup/almir.nix>
services.amule.dataDir

The directory holding configuration, incoming and temporary files.

Type: unspecified

Default: "/home/amule/"

Declared by:

<nixpkgs/nixos/modules/services/networking/amuled.nix>
services.amule.enable

Whether to run the AMule daemon. You need to manually run "amuled --ec-config" to configure the service for the first time.

Type: unspecified

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/amuled.nix>
services.amule.user

The user the AMule daemon should run as.

Type: unspecified

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/amuled.nix>
services.apache-kafka.brokerId

Broker ID.

Type: integer

Default: 0

Declared by:

<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
services.apache-kafka.enable

Whether to enable Apache Kafka.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
services.apache-kafka.extraProperties

Extra properties for server.properties.

Type: null or string

Default: null

Declared by:

<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
services.apache-kafka.hostname

Hostname the broker should bind to.

Type: string

Default: "localhost"

Declared by:

<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
services.apache-kafka.jvmOptions

Extra command line options for the JVM running Kafka.

Type: list of strings

Default: [ "-server" "-Xmx1G" "-Xms1G" "-XX:+UseCompressedOops" "-XX:+UseParNewGC" "-XX:+UseConcMarkSweepGC" "-XX:+CMSClassUnloadingEnabled" "-XX:+CMSScavengeBeforeRemark" "-XX:+DisableExplicitGC" "-Djava.awt.headless=true" "-Djava.net.preferIPv4Stack=true" ]

Example: [ "-Djava.net.preferIPv4Stack=true" "-Dcom.sun.management.jmxremote" "-Dcom.sun.management.jmxremote.local.only=true" ]

Declared by:

<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
services.apache-kafka.log4jProperties

Kafka log4j property configuration.

Type: string

Default:

''
log4j.rootLogger=INFO, stdout 

log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=[%d] %p %m (%c)%n
''

Declared by:

<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
services.apache-kafka.logDirs

Log file directories

Type: list of paths

Default: [ "/tmp/kafka-logs" ]

Declared by:

<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
services.apache-kafka.package

The kafka package to use

Type: package

Default: "pkgs.apacheKafka"

Declared by:

<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
services.apache-kafka.port

Port number the broker should listen on.

Type: integer

Default: 9092

Declared by:

<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
services.apache-kafka.serverProperties

Complete server.properties content. Other server.properties config options will be ignored if this option is used.

Type: null or string

Default: null

Declared by:

<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
services.apache-kafka.zookeeper

Zookeeper connection string

Type: string

Default: "localhost:2181"

Declared by:

<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
services.apcupsd.configText

Contents of the runtime configuration file, apcupsd.conf. The default settings makes apcupsd autodetect USB UPSes, limit network access to localhost and shutdown the system when the battery level is below 50 percent, or when the UPS has calculated that it has 5 minutes or less of remaining power-on time. See man apcupsd.conf for details.

Type: string

Default:

''
UPSTYPE usb
NISIP 127.0.0.1
BATTERYLEVEL 50
MINUTES 5
''

Declared by:

<nixpkgs/nixos/modules/services/monitoring/apcupsd.nix>
services.apcupsd.enable

Whether to enable the APC UPS daemon. apcupsd monitors your UPS and permits orderly shutdown of your computer in the event of a power failure. User manual: http://www.apcupsd.com/manual/manual.html. Note that apcupsd runs as root (to allow shutdown of computer). You can check the status of your UPS with the "apcaccess" command.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/monitoring/apcupsd.nix>
services.apcupsd.hooks

Each attribute in this option names an apcupsd event and the string value it contains will be executed in a shell, in response to that event (prior to the default action). See "man apccontrol" for the list of events and what they represent. A hook script can stop apccontrol from doing its default action by exiting with value 99. Do not do this unless you know what you're doing.

Type: attribute set of strings

Default: { }

Example: { doshutdown = "# shell commands to notify that the computer is shutting down"; }

Declared by:

<nixpkgs/nixos/modules/services/monitoring/apcupsd.nix>
services.asterisk.confFiles

Sets the content of config files (typically ending with .conf) in the Asterisk configuration directory. Note that if you want to change asterisk.conf, it is preferable to use the services.asterisk.extraConfig option over this option. If "asterisk.conf" is specified with the confFiles option (not recommended), you must be prepared to set your own astetcdir path. See http://www.asterisk.org/community/documentation for more examples of what is possible here.

Type: attribute set of strings

Default: { }

Example:

{
  "extensions.conf" = ''
    [tests]
    ; Dial 100 for "hello, world"
    exten => 100,1,Answer()
    same  =>     n,Wait(1)
    same  =>     n,Playback(hello-world)
    same  =>     n,Hangup()

    [softphones]
    include => tests

    [unauthorized]
  '';
  "sip.conf" = ''
    [general]
    allowguest=no              ; Require authentication
    context=unauthorized       ; Send unauthorized users to /dev/null
    srvlookup=no               ; Don't do DNS lookup
    udpbindaddr=0.0.0.0        ; Listen on all interfaces
    nat=force_rport,comedia    ; Assume device is behind NAT

    [softphone](!)
    type=friend                ; Match on username first, IP second
    context=softphones         ; Send to softphones context in
                               ; extensions.conf file
    host=dynamic               ; Device will register with asterisk
    disallow=all               ; Manually specify codecs to allow
    allow=g722
    allow=ulaw
    allow=alaw

    [myphone](softphone)
    secret=GhoshevFew          ; Change this password!
  '';
  "logger.conf" = ''
    [general]

    [logfiles]
    ; Add debug output to log
    syslog.local0 => notice,warning,error,debug
  '';
}

Declared by:

<nixpkgs/nixos/modules/services/networking/asterisk.nix>
services.asterisk.enable

Whether to enable the Asterisk PBX server.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/asterisk.nix>
services.asterisk.extraArguments

Additional command line arguments to pass to Asterisk.

Type: list of strings

Default: [ ]

Example: [ "-vvvddd" "-e" "1024" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/asterisk.nix>
services.asterisk.extraConfig

Extra configuration options appended to the default asterisk.conf file.

Type: string

Default: ""

Example:

''
[options]
verbose=3
debug=3
''

Declared by:

<nixpkgs/nixos/modules/services/networking/asterisk.nix>
services.atd.allowEveryone

Whether to make /var/spool/at{jobs,spool} writeable by everyone (and sticky). This is normally not needed since the at commands are setuid/setgid atd.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/scheduling/atd.nix>
services.atd.enable

Whether to enable the at daemon, a command scheduler.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/scheduling/atd.nix>
services.atftpd.enable

Whenever to enable the atftpd TFTP server.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/atftpd.nix>
services.atftpd.root

Document root directory for the atftpd.

Type: string

Default: "/var/empty"

Declared by:

<nixpkgs/nixos/modules/services/networking/atftpd.nix>
services.autofs.autoMaster

file contents of /etc/auto.master. See man auto.master See man 5 auto.master and man 5 autofs.

Type: string

Example:

let
  mapConf = pkgs.writeText "auto" ''
   kernel    -ro,soft,intr       ftp.kernel.org:/pub/linux
   boot      -fstype=ext2        :/dev/hda1
   windoze   -fstype=smbfs       ://windoze/c
   removable -fstype=ext2        :/dev/hdd
   cd        -fstype=iso9660,ro  :/dev/hdc
   floppy    -fstype=auto        :/dev/fd0
   server    -rw,hard,intr       / -ro myserver.me.org:/ \
                                 /usr myserver.me.org:/usr \
                                 /home myserver.me.org:/home
  '';
in ''
  /auto file:${mapConf}
''

Declared by:

<nixpkgs/nixos/modules/services/misc/autofs.nix>
services.autofs.debug

pass -d and -7 to automount and write log to /var/log/autofs

Type: unspecified

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/autofs.nix>
services.autofs.enable

Mount filesystems on demand. Unmount them automatically. You may also be interested in afuese.

Type: unspecified

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/autofs.nix>
services.autofs.timeout

Set the global minimum timeout, in seconds, until directories are unmounted

Type: unspecified

Default: 600

Declared by:

<nixpkgs/nixos/modules/services/misc/autofs.nix>
services.autossh.sessions

List of AutoSSH sessions to start as systemd services. Each service is named 'autossh-{session.name}'.

Type: list of submodules

Default: [ ]

Example: [ { extraArguments = "-N -D4343 billremote@socks.host.net"; monitoringPort = 20000; name = "socks-peer"; user = "bill"; } ]

Declared by:

<nixpkgs/nixos/modules/services/networking/autossh.nix>
services.autossh.sessions.*.extraArguments

Arguments to be passed to AutoSSH and retransmitted to SSH process. Some meaningful options include -N (don't run remote command), -D (open SOCKS proxy on local port), -R (forward remote port), -L (forward local port), -v (Enable debug). Check ssh manual for the complete list.

Type: string

Example: "-N -D4343 bill@socks.example.net"

Declared by:

<nixpkgs/nixos/modules/services/networking/autossh.nix>
services.autossh.sessions.*.monitoringPort

Port to be used by AutoSSH for peer monitoring. Note, that AutoSSH also uses mport+1. Value of 0 disables the keep-alive style monitoring

Type: integer

Default: 0

Example: 20000

Declared by:

<nixpkgs/nixos/modules/services/networking/autossh.nix>
services.autossh.sessions.*.name

Name of the local AutoSSH session

Type: string

Example: "socks-peer"

Declared by:

<nixpkgs/nixos/modules/services/networking/autossh.nix>
services.autossh.sessions.*.user

Name of the user the AutoSSH session should run as

Type: string

Example: "bill"

Declared by:

<nixpkgs/nixos/modules/services/networking/autossh.nix>
services.avahi.browseDomains

List of non-local DNS domains to be browsed.

Type: unspecified

Default: [ ]

Example: [ "0pointer.de" "zeroconf.org" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
services.avahi.domainName

Domain name for all advertisements.

Type: string

Default: "local"

Declared by:

<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
services.avahi.enable

Whether to run the Avahi daemon, which allows Avahi clients to use Avahi's service discovery facilities and also allows the local machine to advertise its presence and services (through the mDNS responder implemented by `avahi-daemon').

Type: unspecified

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
services.avahi.hostName

Host name advertised on the LAN. If not set, avahi will use the value of config.networking.hostName.

Type: string

Declared by:

<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
services.avahi.interfaces

List of network interfaces that should be used by the avahi-daemon. Other interfaces will be ignored. If null all local interfaces except loopback and point-to-point will be used.

Type: null or list of strings

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
services.avahi.ipv4

Whether to use IPv4

Type: unspecified

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
services.avahi.ipv6

Whether to use IPv6

Type: unspecified

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
services.avahi.nssmdns

Whether to enable the mDNS NSS (Name Service Switch) plug-in. Enabling it allows applications to resolve names in the `.local' domain by transparently querying the Avahi daemon.

Type: unspecified

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
services.avahi.publish.addresses

Whether to register mDNS address records for all local IP addresses.

Type: unspecified

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
services.avahi.publish.domain

Whether to announce the locally used domain name for browsing by other hosts.

Type: unspecified

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
services.avahi.publish.enable

Whether to allow publishing in general.

Type: unspecified

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
services.avahi.publish.hinfo

Whether to register an mDNS HINFO record which contains information about the local operating system and CPU.

Type: unspecified

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
services.avahi.publish.userServices

Whether to publish user services. Will set addresses=true.

Type: unspecified

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
services.avahi.publish.workstation

Whether to register a service of type "_workstation._tcp" on the local LAN.

Type: unspecified

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
services.avahi.wideArea

Whether to enable wide-area service discovery.

Type: unspecified

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
services.awstats.enable

Enable the awstats program (but not service). Currently only simple httpd (Apache) configs are supported, and awstats plugins may not work correctly.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/logging/awstats.nix>
services.awstats.extraConfig

Extra configuration to be appendend to awstats.conf.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/logging/awstats.nix>
services.awstats.service.enable

Enable the awstats web service. This switches on httpd.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/logging/awstats.nix>
services.awstats.service.urlPrefix

The URL prefix under which the awstats service appears.

Type: string

Default: "/awstats"

Declared by:

<nixpkgs/nixos/modules/services/logging/awstats.nix>
services.awstats.updateAt

Specification of the time at which awstats will get updated. (in the format described by systemd.time(5))

Type: null or string

Default: null

Example: "hourly"

Declared by:

<nixpkgs/nixos/modules/services/logging/awstats.nix>
services.awstats.vardir

The directory where variable awstats data will be stored.

Type: path

Default: "/var/lib/awstats"

Declared by:

<nixpkgs/nixos/modules/services/logging/awstats.nix>
services.bacula-dir.enable

Whether to enable Bacula Director Daemon.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-dir.extraConfig

Extra configuration for Bacula Director Daemon.

Type: unspecified

Default: ""

Example:

''
TODO
''

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-dir.extraDirectorConfig

Extra configuration to be passed in Director directive.

Type: unspecified

Default: ""

Example:

''
Maximum Concurrent Jobs = 20;
Heartbeat Interval = 30;
''

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-dir.extraMessagesConfig

Extra configuration to be passed in Messages directive.

Type: unspecified

Default: ""

Example:

''
console = all
''

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-dir.name

The director name used by the system administrator. This directive is required.

Type: unspecified

Default: "nixos-dir"

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-dir.password

Specifies the password that must be supplied for a Director.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-dir.port

Specify the port (a positive integer) on which the Director daemon will listen for Bacula Console connections. This same port number must be specified in the Director resource of the Console configuration file. The default is 9101, so normally this directive need not be specified. This directive should not be used if you specify DirAddresses (N.B plural) directive.

Type: integer

Default: 9101

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-fd.director

This option defines director resources in Bacula File Daemon.

Type: attribute set of submodules

Default: { }

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-fd.director.<name>.monitor

If Monitor is set to no (default), this director will have full

Type: unspecified

Default: "no"

Example: "yes"

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-fd.director.<name>.password

Specifies the password that must be supplied for a Director to b

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-fd.enable

Whether to enable the Bacula File Daemon.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-fd.extraClientConfig

Extra configuration to be passed in Client directive.

Type: unspecified

Default: ""

Example:

''
Maximum Concurrent Jobs = 20;
Heartbeat Interval = 30;
''

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-fd.extraMessagesConfig

Extra configuration to be passed in Messages directive.

Type: unspecified

Default: ""

Example:

''
console = all
''

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-fd.name

The client name that must be used by the Director when connecting. Generally, it is a good idea to use a name related to the machine so that error messages can be easily identified if you have multiple Clients. This directive is required.

Type: unspecified

Default: "nixos-fd"

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-fd.port

This specifies the port number on which the Client listens for Director connections. It must agree with the FDPort specified in the Client resource of the Director's configuration file.

Type: integer

Default: 9102

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-sd.device

This option defines Device resources in Bacula Storage Daemon.

Type: attribute set of submodules

Default: { }

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-sd.device.<name>.archiveDevice

The specified name-string gives the system file name of the storage device managed by this storage daemon. This will usually be the device file name of a removable storage device (tape drive), for example " /dev/nst0" or "/dev/rmt/0mbn". For a DVD-writer, it will be for example /dev/hdc. It may also be a directory name if you are archiving to disk storage.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-sd.device.<name>.extraDeviceConfig

Extra configuration to be passed in Device directive.

Type: unspecified

Default: ""

Example:

''
LabelMedia = yes
Random Access = no
AutomaticMount = no
RemovableMedia = no
MaximumOpenWait = 60
AlwaysOpen = no
''

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-sd.device.<name>.mediaType

The specified name-string names the type of media supported by this device, for example, "DLT7000". Media type names are arbitrary in that you set them to anything you want, but they must be known to the volume database to keep track of which storage daemons can read which volumes. In general, each different storage type should have a unique Media Type associated with it. The same name-string must appear in the appropriate Storage resource definition in the Director's configuration file.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-sd.director

This option defines Director resources in Bacula Storage Daemon.

Type: attribute set of submodules

Default: { }

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-sd.director.<name>.monitor

If Monitor is set to no (default), this director will have full

Type: unspecified

Default: "no"

Example: "yes"

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-sd.director.<name>.password

Specifies the password that must be supplied for a Director to b

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-sd.enable

Whether to enable Bacula Storage Daemon.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-sd.extraMessagesConfig

Extra configuration to be passed in Messages directive.

Type: unspecified

Default: ""

Example:

''
console = all
''

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-sd.extraStorageConfig

Extra configuration to be passed in Storage directive.

Type: unspecified

Default: ""

Example:

''
Maximum Concurrent Jobs = 20;
Heartbeat Interval = 30;
''

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-sd.name

Specifies the Name of the Storage daemon.

Type: unspecified

Default: "nixos-sd"

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bacula-sd.port

Specifies port number on which the Storage daemon listens for Director connections. The default is 9103.

Type: integer

Default: 9103

Declared by:

<nixpkgs/nixos/modules/services/backup/bacula.nix>
services.bepasty.enable

Whether to enable Bepasty servers.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/misc/bepasty.nix>
services.bepasty.servers

configure a number of bepasty servers which will be started with gunicorn.

Type: attribute set of submodules

Default: { }

Declared by:

<nixpkgs/nixos/modules/services/misc/bepasty.nix>
services.bepasty.servers.<name>.bind

Bind address to be used for this server.

Type: string

Default: "127.0.0.1:8000"

Example: "0.0.0.0:8000"

Declared by:

<nixpkgs/nixos/modules/services/misc/bepasty.nix>
services.bepasty.servers.<name>.dataDir

Path to the directory where the pastes will be saved to

Type: string

Default: "/var/lib/bepasty/data"

Declared by:

<nixpkgs/nixos/modules/services/misc/bepasty.nix>
services.bepasty.servers.<name>.defaultPermissions

default permissions for all unauthenticated accesses.

Type: string

Default: "read"

Example: "read,create,delete"

Declared by:

<nixpkgs/nixos/modules/services/misc/bepasty.nix>
services.bepasty.servers.<name>.extraConfig

Extra configuration for bepasty server to be appended on the configuration. see https://bepasty-server.readthedocs.org/en/latest/quickstart.html#configuring-bepasty for all options.

Type: string

Default: ""

Example:

''
PERMISSIONS = {
  'myadminsecret': 'admin,list,create,read,delete',
}
MAX_ALLOWED_FILE_SIZE = 5 * 1000 * 1000
''

Declared by:

<nixpkgs/nixos/modules/services/misc/bepasty.nix>
services.bepasty.servers.<name>.secretKey

server secret for safe session cookies, must be set.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/misc/bepasty.nix>
services.bepasty.servers.<name>.workDir

Path to the working directory (used for config and pidfile). Defaults to the users home directory.

Type: string

Default: "/var/lib/bepasty"

Declared by:

<nixpkgs/nixos/modules/services/misc/bepasty.nix>
services.bind.blockedNetworks

What networks are just blocked.

Type: unspecified

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/networking/bind.nix>
services.bind.cacheNetworks

What networks are allowed to use us as a resolver.

Type: unspecified

Default: [ "127.0.0.0/24" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/bind.nix>
services.bind.configFile

Overridable config file to use for named. By default, that generated by nixos.

Type: path

Default: "confFile"

Declared by:

<nixpkgs/nixos/modules/services/networking/bind.nix>
services.bind.enable

Whether to enable BIND domain name server.

Type: unspecified

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/bind.nix>
services.bind.extraConfig

Extra lines to be added verbatim to the generated named configuration file.

Type: unspecified

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/bind.nix>
services.bind.forwarders

List of servers we should forward requests to.

Type: unspecified

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/networking/bind.nix>
services.bind.ipv4Only

Only use ipv4, even if the host supports ipv6.

Type: unspecified

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/bind.nix>
services.bind.zones

List of zones we claim authority over. master=false means slave server; slaves means addresses who may request zone transfer.

Type: unspecified

Default: [ ]

Example: [ { file = "/var/dns/example.com"; master = false; masters = [ "192.168.0.1" ] ; name = "example.com"; slaves = [ ] ; } ]

Declared by:

<nixpkgs/nixos/modules/services/networking/bind.nix>
services.bird.config

BIRD Internet Routing Daemon configuration file. http://bird.network.cz/

Type: string

Declared by:

<nixpkgs/nixos/modules/services/networking/bird.nix>
services.bird.enable

Whether to enable BIRD Internet Routing Daemon.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/networking/bird.nix>
services.bird.group

BIRD Internet Routing Daemon group.

Type: string

Default: "bird"

Declared by:

<nixpkgs/nixos/modules/services/networking/bird.nix>
services.bird.user

BIRD Internet Routing Daemon user.

Type: string

Default: "bird"

Declared by:

<nixpkgs/nixos/modules/services/networking/bird.nix>
services.bitlbee.authMode

The following authentication modes are available: Open -- Accept connections from anyone, use NickServ for user authentication. Closed -- Require authorization (using the PASS command during login) before allowing the user to connect at all. Registered -- Only allow registered users to use this server; this disables the register- and the account command until the user identifies himself.

Type: string

Default: "Open"

Declared by:

<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
services.bitlbee.configDir

Specify an alternative directory to store all the per-user configuration files.

Type: path

Default: "/var/lib/bitlbee"

Declared by:

<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
services.bitlbee.enable

Whether to run the BitlBee IRC to other chat network gateway. Running it allows you to access the MSN, Jabber, Yahoo! and ICQ chat networks via an IRC client.

Type: unspecified

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
services.bitlbee.extraDefaults

Will be inserted in the Default section of the config file.

Type: unspecified

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
services.bitlbee.extraSettings

Will be inserted in the Settings section of the config file.

Type: unspecified

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
services.bitlbee.hostName

Normally, BitlBee gets a hostname using getsockname(). If you have a nicer alias for your BitlBee daemon, you can set it here and BitlBee will identify itself with that name instead.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
services.bitlbee.interface

The interface the BitlBee deamon will be listening to. If `127.0.0.1', only clients on the local host can connect to it; if `0.0.0.0', clients can access it from any network interface.

Type: unspecified

Default: "127.0.0.1"

Declared by:

<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
services.bitlbee.plugins

The list of bitlbee plugins to install.

Type: list of packages

Default: [ ]

Example:

[ pkgs.bitlbee-facebook ]

Declared by:

<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
services.bitlbee.portNumber

Number of the port BitlBee will be listening to.

Type: unspecified

Default: 6667

Declared by:

<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
services.bitlbee.protocols

This option allows to remove the support of protocol, even if compiled in. If nothing is given, there are no restrictions.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
services.bosun.checkFrequency

Bosun's check frequency

Type: string

Default: "5m"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
services.bosun.enable

Whether to run bosun.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
services.bosun.extraConfig

Extra configuration options for Bosun. You should describe your desired templates, alerts, macros, etc through this configuration option. A detailed description of the supported syntax can be found at-spi2-atk http://bosun.org/configuration.html

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
services.bosun.group

Group account under which bosun runs.

Type: string

Default: "bosun"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
services.bosun.influxHost

Host and port of the influxdb database.

Type: null or string

Default: null

Example: "localhost:8086"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
services.bosun.ledisDir

Path to bosun's ledis data dir

Type: path

Default: "/var/lib/bosun/ledis_data"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
services.bosun.listenAddress

The host address and port that bosun's web interface will listen on.

Type: string

Default: ":8070"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
services.bosun.opentsdbHost

Host and port of the OpenTSDB database that stores bosun data. To disable opentsdb you can pass null as parameter.

Type: null or string

Default: "localhost:4242"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
services.bosun.package

bosun binary to use.

Type: package

Default: "pkgs.bosun"

Example:

pkgs.bosun

Declared by:

<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
services.bosun.stateFile

Path to bosun's state file.

Type: path

Default: "/var/lib/bosun/bosun.state"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
services.bosun.user

User account under which bosun runs.

Type: string

Default: "bosun"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
services.brltty.enable

Whether to enable the BRLTTY daemon.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/hardware/brltty.nix>
services.btsync.apiKey

API key, which enables the developer API.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/btsync.nix>
services.btsync.checkForUpdates

Determines whether to check for updates and alert the user about them in the UI.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/btsync.nix>
services.btsync.deviceName

Name of the Bittorrent Sync device.

Type: string

Example: "Voltron"

Declared by:

<nixpkgs/nixos/modules/services/networking/btsync.nix>
services.btsync.directoryRoot

Default directory to add folders in the web UI.

Type: string

Default: ""

Example: "/media"

Declared by:

<nixpkgs/nixos/modules/services/networking/btsync.nix>
services.btsync.downloadLimit

Download speed limit. 0 is unlimited (default).

Type: integer

Default: 0

Example: 1024

Declared by:

<nixpkgs/nixos/modules/services/networking/btsync.nix>
services.btsync.enable

If enabled, start the Bittorrent Sync daemon. Once enabled, you can interact with the service through the Web UI, or configure it in your NixOS configuration. Enabling the btsync service also installs a systemd user unit which can be used to start user-specific copies of the daemon. Once installed, you can use systemctl --user start btsync as your user to start the daemon using the configuration file located at $HOME/.config/btsync.conf.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/btsync.nix>
services.btsync.enableWebUI

Enable Web UI for administration. Bound to the specified httpListenAddress and httpListenPort.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/btsync.nix>
services.btsync.encryptLAN

Encrypt LAN data.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/btsync.nix>
services.btsync.httpListenAddr

HTTP address to bind to.

Type: string

Default: "0.0.0.0"

Example: "1.2.3.4"

Declared by:

<nixpkgs/nixos/modules/services/networking/btsync.nix>
services.btsync.httpListenPort

HTTP port to bind on.

Type: integer

Default: 9000

Declared by:

<nixpkgs/nixos/modules/services/networking/btsync.nix>
services.btsync.httpLogin

HTTP web login username.

Type: string

Default: ""

Example: "allyourbase"

Declared by:

<nixpkgs/nixos/modules/services/networking/btsync.nix>
services.btsync.httpPass

HTTP web login password.

Type: string

Default: ""

Example: "arebelongtous"

Declared by:

<nixpkgs/nixos/modules/services/networking/btsync.nix>
services.btsync.listeningPort

Listening port. Defaults to 0 which randomizes the port.

Type: integer

Default: 0

Example: 44444

Declared by:

<nixpkgs/nixos/modules/services/networking/btsync.nix>
services.btsync.package

Branch of bittorrent sync to use.

Type: package

Example:

pkgs.bittorrentSync20

Declared by:

<nixpkgs/nixos/modules/services/networking/btsync.nix>
services.btsync.sharedFolders

Shared folder list. If enabled, web UI must be disabled. Secrets can be generated using btsync --generate-secret. Note that this secret will be put inside the Nix store, so it is realistically not very secret. If you would like to be able to modify the contents of this directories, it is recommended that you make your user a member of the btsync group. Directories in this list should be in the btsync group, and that group must have write access to the directory. It is also recommended that chmod g+s is applied to the directory so that any sub directories created will also belong to the btsync group. Also, setfacl -d -m group:btsync:rwx and setfacl -m group:btsync:rwx should also be applied so that the sub directories are writable by the group.

Type: unspecified

Default: [ ]

Example: [ { directory = "/home/user/sync_test"; knownHosts = [ "192.168.1.2:4444" "192.168.1.3:4444" ] ; searchLAN = true; secret = "AHMYFPCQAHBM7LQPFXQ7WV6Y42IGUXJ5Y"; useDHT = false; useRelayServer = true; useSyncTrash = true; useTracker = true; } ]

Declared by:

<nixpkgs/nixos/modules/services/networking/btsync.nix>
services.btsync.storagePath

Where BitTorrent Sync will store it's database files (containing things like username info and licenses). Generally, you should not need to ever change this.

Type: path

Default: "/var/lib/btsync/"

Example: "/var/lib/btsync/"

Declared by:

<nixpkgs/nixos/modules/services/networking/btsync.nix>
services.btsync.uploadLimit

Upload speed limit. 0 is unlimited (default).

Type: integer

Default: 0

Example: 1024

Declared by:

<nixpkgs/nixos/modules/services/networking/btsync.nix>
services.btsync.useUpnp

Use Universal Plug-n-Play (UPnP)

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/btsync.nix>
services.buildkite-agent.enable

Whether to enable buildkite-agent.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agent.nix>
services.buildkite-agent.meta-data

Meta data for the agent.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agent.nix>
services.buildkite-agent.name

The name of the agent.

Type: string

Declared by:

<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agent.nix>
services.buildkite-agent.openssh.privateKey

Private agent key.

Type: string

Declared by:

<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agent.nix>
services.buildkite-agent.openssh.publicKey

Public agent key.

Type: string

Declared by:

<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agent.nix>
services.buildkite-agent.token

The token from your Buildkite "Agents" page.

Type: string

Declared by:

<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agent.nix>
services.caddy.agree

Agree to Let's Encrypt Subscriber Agreement

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/web-servers/caddy.nix>
services.caddy.ca

Certificate authority ACME server. The default (Let's Encrypt production server) should be fine for most people.

Type: string

Default: "https://acme-v01.api.letsencrypt.org/directory"

Example: "https://acme-staging.api.letsencrypt.org/directory"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/caddy.nix>
services.caddy.config

Verbatim Caddyfile to use

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/services/web-servers/caddy.nix>
services.caddy.dataDir

The data directory, for storing certificates.

Type: path

Default: "/var/lib/caddy"

Declared by:

<nixpkgs/nixos/modules/services/web-servers/caddy.nix>
services.caddy.email

Email address (for Let's Encrypt certificate)

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/web-servers/caddy.nix>
services.caddy.enable

Whether to enable Caddy web server.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/web-servers/caddy.nix>
services.cadvisor.enable

Whether to enable cadvisor service.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
services.cadvisor.host

Alias of services.cadvisor.listenAddress.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/rename.nix>
services.cadvisor.listenAddress

Cadvisor listening host

Type: string

Default: "127.0.0.1"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
services.cadvisor.port

Cadvisor listening port

Type: integer

Default: 8080

Declared by:

<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
services.cadvisor.storageDriver

Cadvisor storage driver.

Type: null or string

Default: null

Example: "influxdb"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
services.cadvisor.storageDriverDb

Cadvisord storage driver database name.

Type: string

Default: "root"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
services.cadvisor.storageDriverHost

Cadvisor storage driver host.

Type: string

Default: "localhost:8086"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
services.cadvisor.storageDriverPassword

Cadvisor storage driver password.

Type: string

Default: "root"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
services.cadvisor.storageDriverSecure

Cadvisor storage driver, enable secure communication.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
services.cadvisor.storageDriverUser

Cadvisor storage driver username.

Type: string

Default: "root"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
services.calibre-server.enable

Whether to enable calibre-server.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/misc/calibre-server.nix>
services.calibre-server.libraryDir

The directory where the Calibre library to serve is.

Type: path

Declared by:

<nixpkgs/nixos/modules/services/misc/calibre-server.nix>
services.canto-daemon.enable

Whether to enable the canto RSS daemon.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/canto-daemon.nix>
services.cfdyndns.apikey

The API Key to use to authenticate to CloudFlare.

Type: string

Declared by:

<nixpkgs/nixos/modules/services/misc/cfdyndns.nix>
services.cfdyndns.email

The email address to use to authenticate to CloudFlare.

Type: string

Declared by:

<nixpkgs/nixos/modules/services/misc/cfdyndns.nix>
services.cfdyndns.enable

Whether to enable Cloudflare Dynamic DNS Client.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/misc/cfdyndns.nix>
services.cfdyndns.records

The records to update in CloudFlare.

Type: list of strings

Default: [ ]

Example: [ "host.tld" ]

Declared by:

<nixpkgs/nixos/modules/services/misc/cfdyndns.nix>
services.cgminer.config

Additional config

Type: unspecified

Default: { }

Example: { auto-fan = true; auto-gpu = true; expiry = 120; failover-only = true; gpu-threads = 2; log = 5; queue = 1; scan-time = 60; temp-histeresys = 3; }

Declared by:

<nixpkgs/nixos/modules/services/misc/cgminer.nix>
services.cgminer.enable

Whether to enable cgminer, an ASIC/FPGA/GPU miner for bitcoin and litecoin.

Type: unspecified

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/cgminer.nix>
services.cgminer.hardware

List of config options for every GPU

Type: unspecified

Default: [ ]

Example: [ { gpu-engine = "0-985"; gpu-fan = "0-85"; gpu-memclock = 860; gpu-powertune = 20; intensity = 9; temp-cutoff = 95; temp-overheat = 85; temp-target = 75; } { gpu-engine = "0-950"; gpu-fan = "0-85"; gpu-memclock = 825; gpu-powertune = 20; intensity = 9; temp-cutoff = 95; temp-overheat = 85; temp-target = 75; } ]

Declared by:

<nixpkgs/nixos/modules/services/misc/cgminer.nix>
services.cgminer.package

Which cgminer derivation to use.

Type: package

Default: "pkgs.cgminer"

Declared by:

<nixpkgs/nixos/modules/services/misc/cgminer.nix>
services.cgminer.pools

List of pools where to mine

Type: unspecified

Default: [ ]

Example: [ { password = "X"; url = "http://p2pool.org:9332"; username = "17EUZxTvs9uRmPsjPZSYUU3zCz9iwstudk"; } ]

Declared by:

<nixpkgs/nixos/modules/services/misc/cgminer.nix>
services.cgminer.user

User account under which cgminer runs

Type: unspecified

Default: "cgminer"

Declared by:

<nixpkgs/nixos/modules/services/misc/cgminer.nix>
services.charybdis.config

Charybdis IRC daemon configuration file.

Type: string

Declared by:

<nixpkgs/nixos/modules/services/networking/charybdis.nix>
services.charybdis.enable

Whether to enable Charybdis IRC daemon.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/networking/charybdis.nix>
services.charybdis.group

Charybdis IRC daemon group.

Type: string

Default: "ircd"

Declared by:

<nixpkgs/nixos/modules/services/networking/charybdis.nix>
services.charybdis.statedir

Location of the state directory of charybdis.

Type: string

Default: "/var/lib/charybdis"

Declared by:

<nixpkgs/nixos/modules/services/networking/charybdis.nix>
services.charybdis.user

Charybdis IRC daemon user.

Type: string

Default: "ircd"

Declared by:

<nixpkgs/nixos/modules/services/networking/charybdis.nix>
services.chronos.enable

Whether to enable graphite web frontend.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/scheduling/chronos.nix>
services.chronos.httpPort

Chronos listening port

Type: integer

Default: 4400

Declared by:

<nixpkgs/nixos/modules/services/scheduling/chronos.nix>
services.chronos.master

Chronos mesos master zookeeper address

Type: string

Default: "zk://localhost:2181/mesos"

Declared by:

<nixpkgs/nixos/modules/services/scheduling/chronos.nix>
services.chronos.zookeeperHosts

Chronos mesos zookepper addresses

Type: list of strings

Default: [ "localhost:2181" ]

Declared by:

<nixpkgs/nixos/modules/services/scheduling/chronos.nix>
services.chrony.enable

Whether to synchronise your machine's time using chrony. Make sure you disable NTP if you enable this service.

Type: unspecified

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/chrony.nix>
services.chrony.extraConfig

Extra configuration directives that should be added to chrony.conf

Type: unspecified

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/chrony.nix>
services.chrony.initstepslew

Allow chronyd to make a rapid measurement of the system clock error at boot time, and to correct the system clock by stepping before normal operation begins.

Type: unspecified

Default: { enabled = true; servers = [ "0.nixos.pool.ntp.org" "1.nixos.pool.ntp.org" "2.nixos.pool.ntp.org" "3.nixos.pool.ntp.org" ] ; threshold = 1000; }

Declared by:

<nixpkgs/nixos/modules/services/networking/chrony.nix>
services.chrony.servers

The set of NTP servers from which to synchronise.

Type: unspecified

Default: [ "0.nixos.pool.ntp.org" "1.nixos.pool.ntp.org" "2.nixos.pool.ntp.org" "3.nixos.pool.ntp.org" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/chrony.nix>
services.cjdns.ETHInterface.beacon

Auto-connect to other cjdns nodes on the same network. Options: 0: Disabled. 1: Accept beacons, this will cause cjdns to accept incoming beacon messages and try connecting to the sender. 2: Accept and send beacons, this will cause cjdns to broadcast messages on the local network which contain a randomly generated per-session password, other nodes which have this set to 1 or 2 will hear the beacon messages and connect automatically.

Type: integer

Default: 2

Declared by:

<nixpkgs/nixos/modules/services/networking/cjdns.nix>
services.cjdns.ETHInterface.bind

Bind to this device for native ethernet operation. all is a pseudo-name which will try to connect to all devices.

Type: unspecified

Default: ""

Example: "eth0"

Declared by:

<nixpkgs/nixos/modules/services/networking/cjdns.nix>
services.cjdns.ETHInterface.connectTo

Credentials for connecting look similar to UDP credientials except they begin with the mac address.

Type: attribute set of submodules

Default: { }

Example: { 01:02:03:04:05:06 = { hostname = "homer.hype"; password = "5kG15EfpdcKNX3f2GSQ0H1HC7yIfxoCoImnO5FHM"; publicKey = "371zpkgs8ss387tmr81q04mp0hg1skb51hw34vk1cq644mjqhup0.k"; } ; }

Declared by:

<nixpkgs/nixos/modules/services/networking/cjdns.nix>
services.cjdns.ETHInterface.connectTo.<name>.hostname

Optional hostname to add to /etc/hosts; prevents reverse lookup failures.

Type: string

Default: ""

Example: "foobar.hype"

Declared by:

<nixpkgs/nixos/modules/services/networking/cjdns.nix>
services.cjdns.ETHInterface.connectTo.<name>.password

Authorized password to the opposite end of the tunnel.

Type: string

Declared by:

<nixpkgs/nixos/modules/services/networking/cjdns.nix>
services.cjdns.ETHInterface.connectTo.<name>.publicKey

Public key at the opposite end of the tunnel.

Type: string

Declared by:

<nixpkgs/nixos/modules/services/networking/cjdns.nix>
services.cjdns.UDPInterface.bind

Address and port to bind UDP tunnels to.

Type: string

Default: ""

Example: "192.168.1.32:43211"

Declared by:

<nixpkgs/nixos/modules/services/networking/cjdns.nix>
services.cjdns.UDPInterface.connectTo

Credentials for making UDP tunnels.

Type: attribute set of submodules

Default: { }

Example: { 192.168.1.1:27313 = { hostname = "homer.hype"; password = "5kG15EfpdcKNX3f2GSQ0H1HC7yIfxoCoImnO5FHM"; publicKey = "371zpkgs8ss387tmr81q04mp0hg1skb51hw34vk1cq644mjqhup0.k"; } ; }

Declared by:

<nixpkgs/nixos/modules/services/networking/cjdns.nix>
services.cjdns.UDPInterface.connectTo.<name>.hostname

Optional hostname to add to /etc/hosts; prevents reverse lookup failures.

Type: string

Default: ""

Example: "foobar.hype"

Declared by:

<nixpkgs/nixos/modules/services/networking/cjdns.nix>
services.cjdns.UDPInterface.connectTo.<name>.password

Authorized password to the opposite end of the tunnel.

Type: string

Declared by:

<nixpkgs/nixos/modules/services/networking/cjdns.nix>
services.cjdns.UDPInterface.connectTo.<name>.publicKey

Public key at the opposite end of the tunnel.

Type: string

Declared by:

<nixpkgs/nixos/modules/services/networking/cjdns.nix>
services.cjdns.admin.bind

Bind the administration port to this address and port.

Type: string

Default: "127.0.0.1:11234"

Declared by:

<nixpkgs/nixos/modules/services/networking/cjdns.nix>
services.cjdns.authorizedPasswords

Any remote cjdns nodes that offer these passwords on connection will be allowed to route through this node.

Type: list of strings

Default: [ ]

Example: [ "snyrfgkqsc98qh1y4s5hbu0j57xw5s0" "z9md3t4p45mfrjzdjurxn4wuj0d8swv" "49275fut6tmzu354pq70sr5b95qq0vj" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/cjdns.nix>
services.cjdns.confFile

Ignore all other cjdns options and load configuration from this file.

Type: string

Default: ""

Example: "/etc/cjdroute.conf"

Declared by:

<nixpkgs/nixos/modules/services/networking/cjdns.nix>
services.cjdns.enable

Whether to enable the cjdns network encryption and routing engine. A file at /etc/cjdns.keys will be created if it does not exist to contain a random secret key that your IPv6 address will be derived from.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/cjdns.nix>
services.clamav.daemon.enable

Whether to enable ClamAV clamd daemon.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/security/clamav.nix>
services.clamav.daemon.extraConfig

Extra configuration for clamd. Contents will be added verbatim to the configuration file.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/security/clamav.nix>
services.clamav.updater.config

Alias of services.clamav.updater.extraConfig.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/rename.nix>
services.clamav.updater.enable

Whether to enable ClamAV freshclam updater.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/security/clamav.nix>
services.clamav.updater.extraConfig

Extra configuration for freshclam. Contents will be added verbatim to the configuration file.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/security/clamav.nix>
services.clamav.updater.frequency

Number of database checks per day.

Type: integer

Default: 12

Declared by:

<nixpkgs/nixos/modules/services/security/clamav.nix>
services.clamav.updater.interval

How often freshclam is invoked. See systemd.time(7) for more information about the format.

Type: string

Default: "hourly"

Declared by:

<nixpkgs/nixos/modules/services/security/clamav.nix>
services.cloud-init.enable

Enable the cloud-init service. This services reads configuration metadata in a cloud environment and configures the machine according to this metadata. This configuration is not completely compatible with the NixOS way of doing configuration, as configuration done by cloud-init might be overriden by a subsequent nixos-rebuild call. However, some parts of cloud-init fall outside of NixOS's responsibility, like filesystem resizing and ssh public key provisioning, and cloud-init is useful for that parts. Thus, be wary that using cloud-init in NixOS might come as some cost.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/system/cloud-init.nix>
services.cntlm.domain

Proxy account domain/workgroup name.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/services/networking/cntlm.nix>
services.cntlm.enable

Whether to enable the cntlm, which start a local proxy.

Type: unspecified

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/cntlm.nix>
services.cntlm.extraConfig

Verbatim contents of cntlm.conf.

Type: unspecified

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/cntlm.nix>
services.cntlm.netbios_hostname

The hostname of your machine.

Type: string

Declared by:

<nixpkgs/nixos/modules/services/networking/cntlm.nix>
services.cntlm.password

Proxy account password. Note: use chmod 0600 on /etc/cntlm.password for security.

Type: string

Default: "/etc/cntlm.password"

Declared by:

<nixpkgs/nixos/modules/services/networking/cntlm.nix>
services.cntlm.port

Specifies on which ports the cntlm daemon listens.

Type: unspecified

Default: [ 3128 ]

Declared by:

<nixpkgs/nixos/modules/services/networking/cntlm.nix>
services.cntlm.proxy

A list of NTLM/NTLMv2 authenticating HTTP proxies. Parent proxy, which requires authentication. The same as proxy on the command-line, can be used more than once to specify unlimited number of proxies. Should one proxy fail, cntlm automatically moves on to the next one. The connect request fails only if the whole list of proxies is scanned and (for each request) and found to be invalid. Command-line takes precedence over the configuration file.

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/services/networking/cntlm.nix>
services.cntlm.username

Proxy account name, without the possibility to include domain name ('at' sign is interpreted literally).

Type: unspecified

Declared by:

<nixpkgs/nixos/modules/services/networking/cntlm.nix>
services.collectd.autoLoadPlugin

Enable plugin autoloading.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
services.collectd.dataDir

Data directory for collectd agent.

Type: path

Default: "/var/lib/collectd"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
services.collectd.enable

Whether to enable collectd agent.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
services.collectd.extraConfig

Extra configuration for collectd.

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
services.collectd.include

Additional paths to load config from.

Type: list of strings

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
services.collectd.package

Which collectd package to use.

Type: package

Default: "pkgs.collectd"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
services.collectd.pidFile

Location of collectd pid file.

Type: path

Default: "/var/run/collectd.pid"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
services.collectd.user

User under which to run collectd.

Type: null or string

Default: "collectd"

Declared by:

<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
services.colord.enable

Whether to enable colord, the color management daemon.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/x11/colord.nix>
services.compton.activeOpacity

Opacity of active windows.

Type: string

Default: "1.0"

Example: "0.8"

Declared by:

<nixpkgs/nixos/modules/services/x11/compton.nix>
services.compton.backend

Backend to use: glx or xrender.

Type: string

Default: "glx"

Declared by:

<nixpkgs/nixos/modules/services/x11/compton.nix>
services.compton.enable

Whether of not to enable Compton as the X.org composite manager.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/x11/compton.nix>
services.compton.extraOptions

Additional Compton configuration.

Type: string

Default: ""

Example:

''
unredir-if-possible = true;
dbe = true;
''

Declared by:

<nixpkgs/nixos/modules/services/x11/compton.nix>
services.compton.fade

Fade windows in and out.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/x11/compton.nix>
services.compton.fadeDelta

Time between fade animation step (in ms).

Type: integer

Default: 10

Example: 5

Declared by:

<nixpkgs/nixos/modules/services/x11/compton.nix>
services.compton.fadeExclude

List of condition of windows that should have no shadow. See compton(1) man page for more examples.

Type: list of strings

Default: [ ]

Example: [ "window_type *= 'menu'" "name ~= 'Firefox\$'" "focused = 1" ]

Declared by:

<nixpkgs/nixos/modules/services/x11/compton.nix>
services.compton.fadeSteps

Opacity change between fade steps (in and out).

Type: list of strings

Default: [ "0.028" "0.03" ]

Example: [ "0.04" "0.04" ]

Declared by:

<nixpkgs/nixos/modules/services/x11/compton.nix>
services.compton.inactiveOpacity

Opacity of inactive windows.

Type: string

Default: "1.0"

Example: "0.8"

Declared by:

<nixpkgs/nixos/modules/services/x11/compton.nix>
services.compton.menuOpacity

Opacity of dropdown and popup menu.

Type: string

Default: "1.0"

Example: "0.8"

Declared by:

<nixpkgs/nixos/modules/services/x11/compton.nix>
services.compton.package

Compton derivation to use.

Type: package

Default: (build of compton-0.1_beta2)

Example:

pkgs.compton

Declared by:

<nixpkgs/nixos/modules/services/x11/compton.nix>
services.compton.refreshRate

Screen refresh rate (0 = automatically detect).

Type: integer

Default: 0

Example: 60

Declared by:

<nixpkgs/nixos/modules/services/x11/compton.nix>
services.compton.shadow

Draw window shadows.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/x11/compton.nix>
services.compton.shadowExclude

List of condition of windows that should have no shadow. See compton(1) man page for more examples.

Type: list of strings

Default: [ ]

Example: [ "window_type *= 'menu'" "name ~= 'Firefox\$'" "focused = 1" ]

Declared by:

<nixpkgs/nixos/modules/services/x11/compton.nix>
services.compton.shadowOffsets

Left and right offset for shadows (in pixels).

Type: list of integers

Default: [ -15 -15 ]

Example: [ -10 -15 ]

Declared by:

<nixpkgs/nixos/modules/services/x11/compton.nix>
services.compton.shadowOpacity

Window shadows opacity (number in range 0 - 1).

Type: string

Default: "0.75"

Example: "0.8"

Declared by:

<nixpkgs/nixos/modules/services/x11/compton.nix>
services.compton.vSync

Enable vertical synchronization using the specified method. See compton(1) man page available methods.

Type: string

Default: "none"

Example: "opengl-swc"

Declared by:

<nixpkgs/nixos/modules/services/x11/compton.nix>
services.confd.backend

Confd config storage backend to use.

Type: one of "etcd", "consul", "redis", "zookeeper"

Default: "etcd"

Declared by:

<nixpkgs/nixos/modules/services/misc/confd.nix>
services.confd.confDir

The path to the confd configs.

Type: path

Default: "/etc/confd"

Declared by:

<nixpkgs/nixos/modules/services/misc/confd.nix>
services.confd.enable

Whether to enable confd service.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/misc/confd.nix>
services.confd.interval

Confd check interval.

Type: integer

Default: 10

Declared by:

<nixpkgs/nixos/modules/services/misc/confd.nix>
services.confd.logLevel

Confd log level.

Type: one of "info", "debug"

Default: "info"

Declared by:

<nixpkgs/nixos/modules/services/misc/confd.nix>
services.confd.nodes

Confd list of nodes to connect to.

Type: list of strings

Default: [ "http://127.0.0.1:4001" ]

Declared by:

<nixpkgs/nixos/modules/services/misc/confd.nix>
services.confd.package

Confd package to use.

Type: package

Default: "pkgs.confd"

Declared by:

<nixpkgs/nixos/modules/services/misc/confd.nix>
services.confd.prefix

The string to prefix to keys.

Type: path

Default: "/"

Declared by:

<nixpkgs/nixos/modules/services/misc/confd.nix>
services.confd.watch

Confd, whether to watch etcd config for changes.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/misc/confd.nix>
services.consul.alerts.consulAddr

Consul api listening adddress

Type: string

Default: "localhost:8500"

Declared by:

<nixpkgs/nixos/modules/services/networking/consul.nix>
services.consul.alerts.enable

Whether to enable consul-alerts.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/networking/consul.nix>
services.consul.alerts.listenAddr

Api listening address.

Type: string

Default: "localhost:9000"

Declared by:

<nixpkgs/nixos/modules/services/networking/consul.nix>
services.consul.alerts.package

Package to use for consul-alerts.

Type: package

Default: "pkgs.consul-alerts"

Declared by:

<nixpkgs/nixos/modules/services/networking/consul.nix>
services.consul.alerts.watchChecks

Whether to enable check watcher.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/consul.nix>
services.consul.alerts.watchEvents

Whether to enable event watcher.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/consul.nix>
services.consul.dropPrivileges

Whether the consul agent should be run as a non-root consul user.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/consul.nix>
services.consul.enable

Enables the consul daemon.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/consul.nix>
services.consul.extraConfig

Extra configuration options which are serialized to json and added to the config.json file.

Type: unspecified

Default: { }

Declared by:

<nixpkgs/nixos/modules/services/networking/consul.nix>
services.consul.extraConfigFiles

Additional configuration files to pass to consul NOTE: These will not trigger the service to be restarted when altered.

Type: list of strings

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/networking/consul.nix>
services.consul.forceIpv4

Whether we should force the interfaces to only pull ipv4 addresses.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/consul.nix>
services.consul.interface.advertise

The name of the interface to pull the advertise_addr from.

Type: null or string

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/consul.nix>
services.consul.interface.bind

The name of the interface to pull the bind_addr from.

Type: null or string

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/consul.nix>
services.consul.leaveOnStop

If enabled, causes a leave action to be sent when closing consul. This allows a clean termination of the node, but permanently removes it from the cluster. You probably don't want this option unless you are running a node which going offline in a permanent / semi-permanent fashion.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/consul.nix>
services.consul.package

The package used for the Consul agent and CLI.

Type: package

Default: "pkgs.consul"

Declared by:

<nixpkgs/nixos/modules/services/networking/consul.nix>
services.consul.webUi

Enables the web interface on the consul http port.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/consul.nix>
services.coturn.alt-listening-port

Alternative listening port for UDP and TCP listeners; default (or zero) value means "listening port plus one". This is needed for RFC 5780 support (STUN extension specs, NAT behavior discovery). The TURN Server supports RFC 5780 only if it is started with more than one listening IP address of the same family (IPv4 or IPv6). RFC 5780 is supported only by UDP protocol, other protocols are listening to that endpoint only for "symmetry".

Type: integer

Default: "listening-port + 1"

Declared by:

<nixpkgs/nixos/modules/services/networking/coturn.nix>
services.coturn.alt-tls-listening-port

Alternative listening port for TLS and DTLS protocols.

Type: integer

Default: "tls-listening-port + 1"

Declared by:

<nixpkgs/nixos/modules/services/networking/coturn.nix>
services.coturn.cert

Certificate file in PEM format.

Type: null or string

Default: null

Example: "/var/lib/acme/example.com/fullchain.pem"

Declared by:

<nixpkgs/nixos/modules/services/networking/coturn.nix>
services.coturn.cli-ip

Local system IP address to be used for CLI server endpoint.

Type: string

Default: "127.0.0.1"

Declared by:

<nixpkgs/nixos/modules/services/networking/coturn.nix>
services.coturn.cli-password

CLI access password. For the security reasons, it is recommended to use the encrypted for of the password (see the -P command in the turnadmin utility).

Type: null or string

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/coturn.nix>
services.coturn.cli-port

CLI server port.

Type: integer

Default: 5766

Declared by:

<nixpkgs/nixos/modules/services/networking/coturn.nix>
services.coturn.dh-file

Use custom DH TLS key, stored in PEM format in the file.

Type: null or string

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/coturn.nix>
services.coturn.enable

Whether to enable coturn TURN server.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/networking/coturn.nix>
services.coturn.extraConfig

Additional configuration options

Type: string

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/coturn.nix>
services.coturn.listening-ips

Listener IP addresses of relay server. If no IP(s) specified in the config file or in the command line options, then all IPv4 and IPv6 system IPs will be used for listening.

Type: list of strings

Default: [ ]

Example: [ "203.0.113.42" "2001:DB8::42" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/coturn.nix>