Appendix A. Configuration Options

_module.args

Additional arguments passed to each module in addition to ones like lib, config, and pkgs, modulesPath.

This option is also available to all submodules. Submodules do not inherit args from their parent module, nor do they provide args to their parent module or sibling submodules. The sole exception to this is the argument name which is provided by parent modules to a submodule and contains the attribute name the submodule is bound to, or a unique generated name if it is not bound to an attribute.

Some arguments are already passed by default, of which the following cannot be changed with this option:

  • lib: The nixpkgs library.

  • config: The results of all options after merging the values from all modules together.

  • options: The options declared in all modules.

  • specialArgs: The specialArgs argument passed to evalModules.

  • All attributes of specialArgs

    Whereas option values can generally depend on other option values thanks to laziness, this does not apply to imports, which must be computed statically before anything else.

    For this reason, callers of the module system can provide specialArgs which are available during import resolution.

    For NixOS, specialArgs includes modulesPath, which allows you to import extra modules from the nixpkgs package tree without having to somehow make the module aware of the location of the nixpkgs or NixOS directories.

    { modulesPath, ... }: {
      imports = [
        (modulesPath + "/profiles/minimal.nix")
      ];
    }
    

For NixOS, the default value for this option includes at least this argument:

  • pkgs: The nixpkgs package set according to the nixpkgs.pkgs option.

Type: lazy attribute set of raw value

Declared by:

<nixpkgs/lib/modules.nix>
appstream.enable

Whether to install files to support the AppStream metadata specification.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/config/appstream.nix>
boot.enableContainers

Whether to enable support for NixOS containers. Defaults to true (at no cost if containers are not actually used).

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
boot.bcache.enable

Whether to enable bcache mount support.

Type: boolean

Default: true

Example: false

Declared by:

<nixpkgs/nixos/modules/tasks/bcache.nix>
boot.binfmt.emulatedSystems

List of systems to emulate. Will also configure Nix to support your new systems. Warning: the builder can execute all emulated systems within the same build, which introduces impurities in the case of cross compilation.

Type: list of (one of “aarch64-linux”, “aarch64_be-linux”, “alpha-linux”, “armv6l-linux”, “armv7l-linux”, “i386-linux”, “i486-linux”, “i586-linux”, “i686-linux”, “i686-windows”, “loongarch64-linux”, “mips-linux”, “mips64-linux”, “mips64-linuxabin32”, “mips64el-linux”, “mips64el-linuxabin32”, “mipsel-linux”, “powerpc-linux”, “powerpc64-linux”, “powerpc64le-linux”, “riscv32-linux”, “riscv64-linux”, “sparc-linux”, “sparc64-linux”, “wasm32-wasi”, “wasm64-wasi”, “x86_64-linux”, “x86_64-windows”)

Default: [ ]

Example:

[
  "wasm32-wasi"
  "x86_64-windows"
  "aarch64-linux"
]

Declared by:

<nixpkgs/nixos/modules/system/boot/binfmt.nix>
boot.binfmt.registrations

Extra binary formats to register with the kernel. See https://www.kernel.org/doc/html/latest/admin-guide/binfmt-misc.html for more details.

Type: attribute set of (submodule)

Default: { }

Declared by:

<nixpkgs/nixos/modules/system/boot/binfmt.nix>
boot.binfmt.registrations.<name>.fixBinary

Whether to open the interpreter file as soon as the registration is loaded, rather than waiting for a relevant file to be invoked.

See the description of the ‘F’ flag in the kernel docs for more details.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/binfmt.nix>
boot.binfmt.registrations.<name>.interpreter

The interpreter to invoke to run the program.

Note that the actual registration will point to /run/binfmt/${name}, so the kernel interpreter length limit doesn’t apply.

Type: path

Declared by:

<nixpkgs/nixos/modules/system/boot/binfmt.nix>
boot.binfmt.registrations.<name>.magicOrExtension

The magic number or extension to match on.

Type: string

Declared by:

<nixpkgs/nixos/modules/system/boot/binfmt.nix>
boot.binfmt.registrations.<name>.mask

A mask to be ANDed with the byte sequence of the file before matching

Type: null or string

Default: null

Declared by:

<nixpkgs/nixos/modules/system/boot/binfmt.nix>
boot.binfmt.registrations.<name>.matchCredentials

Whether to launch with the credentials and security token of the binary, not the interpreter (e.g. setuid bit).

See the description of the ‘C’ flag in the kernel docs for more details.

Implies/requires openBinary = true.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/binfmt.nix>
boot.binfmt.registrations.<name>.offset

The byte offset of the magic number used for recognition.

Type: null or signed integer

Default: null

Declared by:

<nixpkgs/nixos/modules/system/boot/binfmt.nix>
boot.binfmt.registrations.<name>.openBinary

Whether to pass the binary to the interpreter as an open file descriptor, instead of a path.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/binfmt.nix>
boot.binfmt.registrations.<name>.preserveArgvZero

Whether to pass the original argv[0] to the interpreter.

See the description of the ‘P’ flag in the kernel docs for more details;

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/binfmt.nix>
boot.binfmt.registrations.<name>.recognitionType

Whether to recognize executables by magic number or extension.

Type: one of “magic”, “extension”

Default: "magic"

Declared by:

<nixpkgs/nixos/modules/system/boot/binfmt.nix>
boot.binfmt.registrations.<name>.wrapInterpreterInShell

Whether to wrap the interpreter in a shell script.

This allows a shell command to be set as the interpreter.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/system/boot/binfmt.nix>
boot.blacklistedKernelModules

List of names of kernel modules that should not be loaded automatically by the hardware probing code.

Type: list of string

Default: [ ]

Example:

[
  "cirrusfb"
  "i2c_piix4"
]

Declared by:

<nixpkgs/nixos/modules/system/boot/modprobe.nix>
boot.bootspec.enableValidation

Whether to enable the validation of bootspec documents for each build. This will introduce Go in the build-time closure as we are relying on Cuelang for schema validation. Enable this option if you want to ascertain that your documents are correct .

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/system/activation/bootspec.nix>
boot.bootspec.extensions

User-defined data that extends the bootspec document.

To reduce incompatibility and prevent names from clashing between applications, it is highly recommended to use a unique namespace for your extensions.

Type: attribute set of anything

Default: { }

Declared by:

<nixpkgs/nixos/modules/system/activation/bootspec.nix>
boot.consoleLogLevel

The kernel console loglevel. All Kernel Messages with a log level smaller than this setting will be printed to the console.

Type: signed integer

Default: 4

Declared by:

<nixpkgs/nixos/modules/system/boot/kernel.nix>
boot.crashDump.enable

If enabled, NixOS will set up a kernel that will boot on crash, and leave the user in systemd rescue to be able to save the crashed kernel dump at /proc/vmcore. It also activates the NMI watchdog.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/misc/crashdump.nix>
boot.crashDump.kernelParams

Parameters that will be passed to the kernel kexec-ed on crash.

Type: list of string

Default:

[
  "1"
  "boot.shell_on_fail"
]

Declared by:

<nixpkgs/nixos/modules/misc/crashdump.nix>
boot.crashDump.reservedMemory

The amount of memory reserved for the crashdump kernel. If you choose a too high value, dmesg will mention “crashkernel reservation failed”.

Type: string

Default: "128M"

Declared by:

<nixpkgs/nixos/modules/misc/crashdump.nix>
boot.devShmSize

Size limit for the /dev/shm tmpfs. Look at mount(8), tmpfs size option, for the accepted syntax.

Type: string

Default: "50%"

Example: "256m"

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
boot.devSize

Size limit for the /dev tmpfs. Look at mount(8), tmpfs size option, for the accepted syntax.

Type: string

Default: "5%"

Example: "32m"

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
boot.extraModprobeConfig

Any additional configuration to be appended to the generated modprobe.conf. This is typically used to specify module options. See modprobe.d(5) for details.

Type: strings concatenated with “\n”

Default: ""

Example:

''
  options parport_pc io=0x378 irq=7 dma=1
''

Declared by:

<nixpkgs/nixos/modules/system/boot/modprobe.nix>
boot.extraModulePackages

A list of additional packages supplying kernel modules.

Type: list of package

Default: [ ]

Example: [ config.boot.kernelPackages.nvidia_x11 ]

Declared by:

<nixpkgs/nixos/modules/system/boot/kernel.nix>
boot.extraSystemdUnitPaths

Additional paths that get appended to the SYSTEMD_UNIT_PATH environment variable that can contain mutable unit files.

Type: list of string

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-2.nix>
boot.growPartition

Whether to enable growing the root partition on boot.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/system/boot/grow-partition.nix>
boot.hardwareScan

Whether to try to load kernel modules for all detected hardware. Usually this does a good job of providing you with the modules you need, but sometimes it can crash the system or cause other nasty effects.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/hardware/udev.nix>
boot.initrd.enable

Whether to enable the NixOS initial RAM disk (initrd). This may be needed to perform some initialisation tasks (like mounting network/encrypted file systems) before continuing the boot process.

Type: boolean

Default: !config.boot.isContainer

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-1.nix>
boot.initrd.availableKernelModules

The set of kernel modules in the initial ramdisk used during the boot process. This set must include all modules necessary for mounting the root device. That is, it should include modules for the physical device (e.g., SCSI drivers) and for the file system (e.g., ext3). The set specified here is automatically closed under the module dependency relation, i.e., all dependencies of the modules list here are included automatically. The modules listed here are available in the initrd, but are only loaded on demand (e.g., the ext3 module is loaded automatically when an ext3 filesystem is mounted, and modules for PCI devices are loaded when they match the PCI ID of a device in your system). To force a module to be loaded, include it in boot.initrd.kernelModules.

Type: list of string

Default: [ ]

Example:

[
  "sata_nv"
  "ext3"
]

Declared by:

<nixpkgs/nixos/modules/system/boot/kernel.nix>
boot.initrd.checkJournalingFS

Whether to run fsck on journaling filesystems such as ext3.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-1.nix>
boot.initrd.clevis.enable

Whether to enable Clevis in initrd.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/system/boot/clevis.nix>
boot.initrd.clevis.package

Clevis package

Type: package

Default: "pkgs.clevis"

Declared by:

<nixpkgs/nixos/modules/system/boot/clevis.nix>
boot.initrd.clevis.devices

Encrypted devices that need to be unlocked at boot using Clevis

Type: attribute set of (submodule)

Default: { }

Declared by:

<nixpkgs/nixos/modules/system/boot/clevis.nix>
boot.initrd.clevis.devices.<name>.secretFile

Clevis JWE file used to decrypt the device at boot, in concert with the chosen pin (one of TPM2, Tang server, or SSS).

Type: path

Declared by:

<nixpkgs/nixos/modules/system/boot/clevis.nix>
boot.initrd.clevis.useTang

Whether the Clevis JWE file used to decrypt the devices uses a Tang server as a pin.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/clevis.nix>
boot.initrd.compressor

The compressor to use on the initrd image. May be any of:

  • The name of one of the predefined compressors, see pkgs/build-support/kernel/initrd-compressor-meta.nix for the definitions.

  • A function which, given the nixpkgs package set, returns the path to a compressor tool, e.g. pkgs: "${pkgs.pigz}/bin/pigz"

  • (not recommended, because it does not work when cross-compiling) the full path to a compressor tool, e.g. "${pkgs.pigz}/bin/pigz"

The given program should read data from stdin and write it to stdout compressed.

Type: string or function that evaluates to a(n) string

Default: zstd if the kernel supports it (5.9+), gzip if not

Example: "xz"

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-1.nix>
boot.initrd.compressorArgs

Arguments to pass to the compressor for the initrd image, or null to use the compressor’s defaults.

Type: null or (list of string)

Default: null

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-1.nix>
boot.initrd.extraFiles

Extra files to link and copy in to the initrd.

Type: attribute set of (submodule)

Default: { }

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-1.nix>
boot.initrd.extraFiles.<name>.source

The object to make available inside the initrd.

Type: package

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-1.nix>
boot.initrd.includeDefaultModules

This option, if set, adds a collection of default kernel modules to boot.initrd.availableKernelModules and boot.initrd.kernelModules.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/system/boot/kernel.nix>
boot.initrd.kernelModules

List of modules that are always loaded by the initrd.

Type: list of string

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/kernel.nix>
boot.initrd.luks.cryptoModules

A list of cryptographic kernel modules needed to decrypt the root device(s). The default includes all common modules.

Type: list of string

Default:

[
  "aes"
  "aes_generic"
  "blowfish"
  "twofish"
  "serpent"
  "cbc"
  "xts"
  "lrw"
  "sha1"
  "sha256"
  "sha512"
  "af_alg"
  "algif_skcipher"
]

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices

The encrypted disk that should be opened before the root filesystem is mounted. Both LVM-over-LUKS and LUKS-over-LVM setups are supported. The unencrypted devices can be accessed as /dev/mapper/«name».

Type: attribute set of (submodule)

Default: { }

Example:

{
  luksroot = {
    device = "/dev/disk/by-uuid/430e9eff-d852-4f68-aa3b-2fa3599ebe08";
  };
}

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name>.allowDiscards

Whether to allow TRIM requests to the underlying device. This option has security implications; please read the LUKS documentation before activating it. This option is incompatible with authenticated encryption (dm-crypt stacked over dm-integrity).

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name>.bypassWorkqueues

Whether to bypass dm-crypt’s internal read and write workqueues. Enabling this should improve performance on SSDs; see here for more information. Needs Linux 5.9 or later.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name>.device

Path of the underlying encrypted block device.

Type: string

Example: "/dev/disk/by-uuid/430e9eff-d852-4f68-aa3b-2fa3599ebe08"

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name>.fallbackToPassword

Whether to fallback to interactive passphrase prompt if the keyfile cannot be found. This will prevent unattended boot should the keyfile go missing.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name>.fido2.credential

The FIDO2 credential ID.

Type: null or string

Default: null

Example: "f1d00200d8dc783f7fb1e10ace8da27f8312d72692abfca2f7e4960a73f48e82e1f7571f6ebfcee9fb434f9886ccc8fcc52a6614d8d2"

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name>.fido2.credentials

List of FIDO2 credential IDs.

Use this if you have multiple FIDO2 keys you want to use for the same luks device.

Type: list of string

Default: [ ]

Example:

[
  "f1d00200d8dc783f7fb1e10ace8da27f8312d72692abfca2f7e4960a73f48e82e1f7571f6ebfcee9fb434f9886ccc8fcc52a6614d8d2"
]

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name>.fido2.gracePeriod

Time in seconds to wait for the FIDO2 key.

Type: signed integer

Default: 10

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name>.fido2.passwordLess

Defines whatever to use an empty string as a default salt.

Enable only when your device is PIN protected, such as Trezor.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name>.gpgCard

The option to use this LUKS device with a GPG encrypted luks password by the GPG Smartcard. If null (the default), GPG-Smartcard will be disabled for this device.

Type: null or (submodule)

Default: null

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name>.gpgCard.encryptedPass

Path to the GPG encrypted passphrase.

Type: path

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name>.gpgCard.gracePeriod

Time in seconds to wait for the GPG Smartcard.

Type: signed integer

Default: 10

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name>.gpgCard.publicKey

Path to the Public Key.

Type: path

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name>.header

The name of the file or block device that should be used as header for the encrypted device.

Type: null or string

Default: null

Example: "/root/header.img"

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name>.keyFile

The name of the file (can be a raw device or a partition) that should be used as the decryption key for the encrypted device. If not specified, you will be prompted for a passphrase instead.

Type: null or string

Default: null

Example: "/dev/sdb1"

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name>.keyFileOffset

The offset of the key file. Use this in combination with keyFileSize to use part of a file as key file (often the case if a raw device or partition is used as a key file). If not specified, the key begins at the first byte of keyFile.

Type: null or signed integer

Default: null

Example: 4096

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name>.keyFileSize

The size of the key file. Use this if only the beginning of the key file should be used as a key (often the case if a raw device or partition is used as key file). If not specified, the whole keyFile will be used decryption, instead of just the first keyFileSize bytes.

Type: null or signed integer

Default: null

Example: 4096

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name>.keyFileTimeout

The amount of time in seconds for a keyFile to appear before timing out and trying passwords.

Type: null or signed integer

Default: null

Example: 5

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name>.postOpenCommands

Commands that should be run right after we have mounted our LUKS device.

Type: strings concatenated with “\n”

Default: ""

Example:

''
  umount /tmp/persistent
''

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name>.preLVM

Whether the luksOpen will be attempted before LVM scan or after it.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name>.preOpenCommands

Commands that should be run right before we try to mount our LUKS device. This can be useful, if the keys needed to open the drive is on another partition.

Type: strings concatenated with “\n”

Default: ""

Example:

''
  mkdir -p /tmp/persistent
  mount -t zfs rpool/safe/persistent /tmp/persistent
''

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name>.tryEmptyPassphrase

If keyFile fails then try an empty passphrase first before prompting for password.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name>.yubikey

The options to use for this LUKS device in YubiKey-PBA. If null (the default), YubiKey-PBA will be disabled for this device.

Type: null or (submodule)

Default: null

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name>.yubikey.gracePeriod

Time in seconds to wait for the YubiKey.

Type: signed integer

Default: 10

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name>.yubikey.iterationStep

How much the iteration count for PBKDF2 is increased at each successful authentication.

Type: signed integer

Default: 0

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name>.yubikey.keyLength

Length of the LUKS slot key derived with PBKDF2 in byte.

Type: signed integer

Default: 64

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name>.yubikey.saltLength

Length of the new salt in byte (64 is the effective maximum).

Type: signed integer

Default: 16

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name>.yubikey.slot

Which slot on the YubiKey to challenge.

Type: signed integer

Default: 2

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name>.yubikey.storage.device

An unencrypted device that will temporarily be mounted in stage-1. Must contain the current salt to create the challenge for this LUKS device.

Type: path

Default: "/dev/sda1"

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name>.yubikey.storage.fsType

The filesystem of the unencrypted device.

Type: string

Default: "vfat"

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name>.yubikey.storage.path

Absolute path of the salt on the unencrypted device with that device’s root directory as “/”.

Type: string

Default: "/crypt-storage/default"

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.devices.<name>.yubikey.twoFactor

Whether to use a passphrase and a YubiKey (true), or only a YubiKey (false).

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.fido2Support

Enables support for authenticating with FIDO2 devices.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.gpgSupport

Enables support for authenticating with a GPG encrypted password.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.mitigateDMAAttacks

Unless enabled, encryption keys can be easily recovered by an attacker with physical access to any machine with PCMCIA, ExpressCard, ThunderBolt or FireWire port. More information is available at https://en.wikipedia.org/wiki/DMA_attack.

This option blacklists FireWire drivers, but doesn’t remove them. You can manually load the drivers if you need to use a FireWire device, but don’t forget to unload them!

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.reusePassphrases

When opening a new LUKS device try reusing last successful passphrase.

Useful for mounting a number of devices that use the same passphrase without retyping it several times.

Such setup can be useful if you use cryptsetup luksSuspend. Different LUKS devices will still have different master keys even when using the same passphrase.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.luks.yubikeySupport

Enables support for authenticating with a YubiKey on LUKS devices. See the NixOS wiki for information on how to properly setup a LUKS device and a YubiKey to work with this feature.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/luksroot.nix>
boot.initrd.network.enable

Add network connectivity support to initrd. The network may be configured using the ip kernel parameter, as described in the kernel documentation. Otherwise, if networking.useDHCP is enabled, an IP address is acquired using DHCP.

You should add the module(s) required for your network card to boot.initrd.availableKernelModules. lspci -v | grep -iA8 'network\|ethernet' will tell you which.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/initrd-network.nix>
boot.initrd.network.flushBeforeStage2

Whether to clear the configuration of the interfaces that were set up in the initrd right before stage 2 takes over. Stage 2 will do the regular network configuration based on the NixOS networking options.

The default is false when systemd is enabled in initrd, because the systemd-networkd documentation suggests it.

Type: boolean

Default: "!config.boot.initrd.systemd.enable"

Declared by:

<nixpkgs/nixos/modules/system/boot/initrd-network.nix>
boot.initrd.network.openvpn.enable

Starts an OpenVPN client during initrd boot. It can be used to e.g. remotely accessing the SSH service controlled by boot.initrd.network.ssh or other network services included. Service is killed when stage-1 boot is finished.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/initrd-openvpn.nix>
boot.initrd.network.openvpn.configuration

The configuration file for OpenVPN.

Warning

Unless your bootloader supports initrd secrets, this configuration is stored insecurely in the global Nix store.

Type: path

Example: ./configuration.ovpn

Declared by:

<nixpkgs/nixos/modules/system/boot/initrd-openvpn.nix>
boot.initrd.network.postCommands

Shell commands to be executed after stage 1 of the boot has initialised the network.

Type: strings concatenated with “\n”

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/initrd-network.nix>
boot.initrd.network.ssh.enable

Start SSH service during initrd boot. It can be used to debug failing boot on a remote server, enter pasphrase for an encrypted partition etc. Service is killed when stage-1 boot is finished.

The sshd configuration is largely inherited from services.openssh.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
boot.initrd.network.ssh.authorizedKeyFiles

Authorized keys taken from files for the root user on initrd. You can combine the authorizedKeyFiles and authorizedKeys options.

Type: list of path

Default: config.users.users.root.openssh.authorizedKeys.keyFiles

Declared by:

<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
boot.initrd.network.ssh.authorizedKeys

Authorized keys for the root user on initrd. You can combine the authorizedKeys and authorizedKeyFiles options.

Type: list of string

Default: config.users.users.root.openssh.authorizedKeys.keys

Example:

[
  "ssh-rsa AAAAB3NzaC1yc2etc/etc/etcjwrsh8e596z6J0l7 example@host"
  "ssh-ed25519 AAAAC3NzaCetcetera/etceteraJZMfk3QPfQ foo@bar"
]

Declared by:

<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
boot.initrd.network.ssh.extraConfig

Verbatim contents of sshd_config.

Type: strings concatenated with “\n”

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
boot.initrd.network.ssh.hostKeys

Specify SSH host keys to import into the initrd.

To generate keys, use ssh-keygen(1) as root:

ssh-keygen -t rsa -N "" -f /etc/secrets/initrd/ssh_host_rsa_key
ssh-keygen -t ed25519 -N "" -f /etc/secrets/initrd/ssh_host_ed25519_key

Warning

Unless your bootloader supports initrd secrets, these keys are stored insecurely in the global Nix store. Do NOT use your regular SSH host private keys for this purpose or you’ll expose them to regular users!

Additionally, even if your initrd supports secrets, if you’re using initrd SSH to unlock an encrypted disk then using your regular host keys exposes the private keys on your unencrypted boot partition.

Type: list of (string or path)

Default: [ ]

Example:

[
  "/etc/secrets/initrd/ssh_host_rsa_key"
  "/etc/secrets/initrd/ssh_host_ed25519_key"
]

Declared by:

<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
boot.initrd.network.ssh.ignoreEmptyHostKeys

Allow leaving config.boot.initrd.network.ssh empty, to deploy ssh host keys out of band.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
boot.initrd.network.ssh.port

Port on which SSH initrd service should listen.

Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default: 22

Declared by:

<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
boot.initrd.network.ssh.shell

Login shell of the remote user. Can be used to limit actions user can do.

Type: null or string

Default: "\"/bin/ash\""

Declared by:

<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
boot.initrd.network.udhcpc.enable

Enables the udhcpc service during stage 1 of the boot process. This defaults to networking.useDHCP. Therefore, this useful if useDHCP is off but the initramfs should do dhcp.

Type: boolean

Default: "networking.useDHCP"

Declared by:

<nixpkgs/nixos/modules/system/boot/initrd-network.nix>
boot.initrd.network.udhcpc.extraArgs

Additional command-line arguments passed verbatim to udhcpc if boot.initrd.network.enable and boot.initrd.network.udhcpc.enable are enabled.

Type: list of string

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/initrd-network.nix>
boot.initrd.postDeviceCommands

Shell commands to be executed immediately after stage 1 of the boot has loaded kernel modules and created device nodes in /dev.

Type: strings concatenated with “\n”

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-1.nix>
boot.initrd.postMountCommands

Shell commands to be executed immediately after the stage 1 filesystems have been mounted.

Type: strings concatenated with “\n”

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-1.nix>
boot.initrd.postResumeCommands

Shell commands to be executed immediately after attempting to resume.

Type: strings concatenated with “\n”

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-1.nix>
boot.initrd.preDeviceCommands

Shell commands to be executed before udev is started to create device nodes.

Type: strings concatenated with “\n”

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-1.nix>
boot.initrd.preFailCommands

Shell commands to be executed before the failure prompt is shown.

Type: strings concatenated with “\n”

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-1.nix>
boot.initrd.preLVMCommands

Shell commands to be executed immediately before LVM discovery.

Type: strings concatenated with “\n”

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-1.nix>
boot.initrd.prepend

Other initrd files to prepend to the final initrd we are building.

Type: list of string

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-1.nix>
boot.initrd.secrets

Secrets to append to the initrd. The attribute name is the path the secret should have inside the initrd, the value is the path it should be copied from (or null for the same path inside and out).

Note that nixos-rebuild switch will generate the initrd also for past generations, so if secrets are moved or deleted you will also have to garbage collect the generations that use those secrets.

Type: attribute set of (null or path)

Default: { }

Example:

{ "/etc/dropbear/dropbear_rsa_host_key" =
    ./secret-dropbear-key;
}

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-1.nix>
boot.initrd.services.bcache.enable

This will only be used when systemd is used in stage 1.

Whether to enable bcache support in the initrd.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/tasks/bcache.nix>
boot.initrd.services.lvm.enable

This will only be used when systemd is used in stage 1.

Whether to enable booting from LVM2 in the initrd.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/tasks/lvm.nix>
boot.initrd.services.udev.packages

This will only be used when systemd is used in stage 1.

List of packages containing udev rules that will be copied to stage 1. All files found in «pkg»/etc/udev/rules.d and «pkg»/lib/udev/rules.d will be included.

Type: list of path

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/hardware/udev.nix>
boot.initrd.services.udev.binPackages

This will only be used when systemd is used in stage 1.

Packages to search for binaries that are referenced by the udev rules in stage 1. This list always contains /bin of the initrd.

Type: list of path

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/hardware/udev.nix>
boot.initrd.services.udev.rules

udev rules to include in the initrd only. They’ll be written into file 99-local.rules. Thus they are read and applied after the essential initrd rules.

Type: strings concatenated with “\n”

Default: ""

Example:

''
  SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:1D:60:B9:6D:4F", KERNEL=="eth*", NAME="my_fast_network_card"
''

Declared by:

<nixpkgs/nixos/modules/services/hardware/udev.nix>
boot.initrd.supportedFilesystems

Names of supported filesystem types, or an attribute set of file system types and their state. The set form may be used together with lib.mkForce to explicitly disable support for specific filesystems, e.g. to disable ZFS with an unsupported kernel.

Type: (attribute set of boolean) or (list of string) convertible to it

Default: { }

Example:

{
  btrfs = true;
  zfs = lib.mkForce false;
}

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-1.nix>
boot.initrd.systemd.enable

Whether to enable systemd in initrd. The unit options such as boot.initrd.systemd.services are the same as their stage 2 counterparts such as systemd.services, except that restartTriggers and reloadTriggers are not supported.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
boot.initrd.systemd.enableTpm2

Whether to enable TPM2 support in the initrd.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
boot.initrd.systemd.package

The systemd package to use.

Type: package

Default: config.systemd.package

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
boot.initrd.systemd.packages

Packages providing systemd units and hooks.

Type: list of package

Default: [ ]

Example: [ pkgs.systemd-cryptsetup-generator ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
boot.initrd.systemd.additionalUpstreamUnits

Additional units shipped with systemd that shall be enabled.

Type: list of string

Default: [ ]

Example:

[
  "debug-shell.service"
  "systemd-quotacheck.service"
]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
boot.initrd.systemd.automounts

Definition of systemd automount units. This is a list instead of an attrSet, because systemd mandates the names to be derived from the ‘where’ attribute.

Type: list of (submodule)

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
boot.initrd.systemd.contents

Set of files that have to be linked into the initrd

Type: attribute set of (submodule)

Default: { }

Example:

{
  "/etc/hostname".text = "mymachine";
}

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
boot.initrd.systemd.contents.<name>.enable

Whether to enable copying of this file and symlinking it.

Type: boolean

Default: true

Example: true

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
boot.initrd.systemd.contents.<name>.source

Path of the source file.

Type: path

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
boot.initrd.systemd.contents.<name>.target

Path of the symlink.

Type: path

Default: "‹name›"

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
boot.initrd.systemd.contents.<name>.text

Text of the file.

Type: null or strings concatenated with “\n”

Default: null

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
boot.initrd.systemd.dbus.enable

Whether to enable dbus in stage 1.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/system/dbus.nix>
boot.initrd.systemd.emergencyAccess

Set to true for unauthenticated emergency access, and false for no emergency access.

Can also be set to a hashed super user password to allow authenticated access to the emergency mode.

Type: boolean or null or (string, not containing newlines or colons)

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
boot.initrd.systemd.extraBin

Tools to add to /bin

Type: attribute set of path

Default: { }

Example:

{
  umount = ${pkgs.util-linux}/bin/umount;
}

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
boot.initrd.systemd.extraConfig

Extra config options for systemd. See systemd-system.conf(5) man page for available options.

Type: strings concatenated with “\n”

Default: ""

Example: "DefaultLimitCORE=infinity"

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
boot.initrd.systemd.groups

Groups to include in initrd.

Type: attribute set of (submodule)

Default: { }

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
boot.initrd.systemd.groups.<name>.gid

ID of the group in initrd.

Type: signed integer

Default: config.users.groups.${name}.gid

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
boot.initrd.systemd.initrdBin

Packages to include in /bin for the stage 1 emergency shell.

Type: list of package

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
boot.initrd.systemd.managerEnvironment

Environment variables of PID 1. These variables are not passed to started units.

Type: attribute set of (null or string or path or package)

Default: { }

Example:

{
  SYSTEMD_LOG_LEVEL = "debug";
}

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
boot.initrd.systemd.mounts

Definition of systemd mount units. This is a list instead of an attrSet, because systemd mandates the names to be derived from the ‘where’ attribute.

Type: list of (submodule)

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
boot.initrd.systemd.network.enable

Whether to enable networkd or not.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/networkd.nix>
boot.initrd.systemd.network.config

Definition of global systemd network config.

Type: submodule

Default: { }

Declared by:

<nixpkgs/nixos/modules/system/boot/networkd.nix>
boot.initrd.systemd.network.links

Definition of systemd network links.

Type: attribute set of (submodule)

Default: { }

Declared by:

<nixpkgs/nixos/modules/system/boot/networkd.nix>
boot.initrd.systemd.network.netdevs

Definition of systemd network devices.

Type: attribute set of (submodule)

Default: { }

Declared by:

<nixpkgs/nixos/modules/system/boot/networkd.nix>
boot.initrd.systemd.network.networks

Definition of systemd networks.

Type: attribute set of (submodule)

Default: { }

Declared by:

<nixpkgs/nixos/modules/system/boot/networkd.nix>
<nixpkgs/nixos/modules/system/boot/networkd.nix>
boot.initrd.systemd.network.wait-online.enable

Whether to enable the systemd-networkd-wait-online service.

systemd-networkd-wait-online can timeout and fail if there are no network interfaces available for it to manage. When systemd-networkd is enabled but a different service is responsible for managing the system’s internet connection (for example, NetworkManager or connman are used to manage WiFi connections), this service is unnecessary and can be disabled.

Type: boolean

Default: true

Example: false

Declared by:

<nixpkgs/nixos/modules/system/boot/networkd.nix>
boot.initrd.systemd.network.wait-online.anyInterface

Whether to consider the network online when any interface is online, as opposed to all of them. This is useful on portable machines with a wired and a wireless interface, for example.

This is on by default if networking.useDHCP is enabled.

Type: boolean

Default: "config.networking.useDHCP"

Declared by:

<nixpkgs/nixos/modules/system/boot/networkd.nix>
boot.initrd.systemd.network.wait-online.extraArgs

Extra command-line arguments to pass to systemd-networkd-wait-online. These also affect per-interface systemd-network-wait-online@ services.

See systemd-networkd-wait-online.service(8) for all available options.

Type: list of string

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/networkd.nix>
boot.initrd.systemd.network.wait-online.ignoredInterfaces

Network interfaces to be ignored when deciding if the system is online.

Type: list of string

Default: [ ]

Example:

[
  "wg0"
]

Declared by:

<nixpkgs/nixos/modules/system/boot/networkd.nix>
boot.initrd.systemd.network.wait-online.timeout

Time to wait for the network to come online, in seconds. Set to 0 to disable.

Type: unsigned integer, meaning >=0

Default: 120

Example: 0

Declared by:

<nixpkgs/nixos/modules/system/boot/networkd.nix>
boot.initrd.systemd.paths

Definition of systemd path units.

Type: attribute set of (submodule)

Default: { }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
boot.initrd.systemd.repart.enable

Grow and add partitions to a partition table at boot time in the initrd. systemd-repart only works with GPT partition tables.

To run systemd-repart after the initrd, see options.systemd.repart.enable.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd/repart.nix>
boot.initrd.systemd.repart.device

The device to operate on.

If device == null, systemd-repart will operate on the device backing the root partition. So in order to dynamically create the root partition in the initrd you need to set a device.

Type: null or string

Default: null

Example: "/dev/vda"

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd/repart.nix>
boot.initrd.systemd.root

Controls how systemd will interpret the root FS in initrd. See kernel-command-line(7). NixOS currently does not allow specifying the root file system itself this way. Instead, the fstab value is used in order to interpret the root file system specified with the fileSystems option.

Type: one of “fstab”, “gpt-auto”

Default: "fstab"

Example: "gpt-auto"

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
boot.initrd.systemd.services

Definition of systemd service units.

Type: attribute set of (submodule)

Default: { }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
boot.initrd.systemd.slices

Definition of slice configurations.

Type: attribute set of (submodule)

Default: { }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
boot.initrd.systemd.sockets

Definition of systemd socket units.

Type: attribute set of (submodule)

Default: { }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
boot.initrd.systemd.storePaths

Store paths to copy into the initrd as well.

Type: list of ((optionally newline-terminated) single-line string or package)

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
boot.initrd.systemd.strip

Whether to completely strip executables and libraries copied to the initramfs.

Setting this to false may save on the order of 30MiB on the machine building the system (by avoiding a binutils reference), at the cost of ~1MiB of initramfs size. This puts this option firmly in the territory of micro-optimisation.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
boot.initrd.systemd.suppressedStorePaths

Store paths specified in the storePaths option that should not be copied.

Type: list of (optionally newline-terminated) single-line string

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
boot.initrd.systemd.suppressedUnits

A list of units to skip when generating system systemd configuration directory. This has priority over upstream units, boot.initrd.systemd.units, and boot.initrd.systemd.additionalUpstreamUnits. The main purpose of this is to prevent a upstream systemd unit from being added to the initrd with any modifications made to it by other NixOS modules.

Type: list of string

Default: [ ]

Example:

[
  "systemd-backlight@.service"
]

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
boot.initrd.systemd.targets

Definition of systemd target units.

Type: attribute set of (submodule)

Default: { }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
boot.initrd.systemd.timers

Definition of systemd timer units.

Type: attribute set of (submodule)

Default: { }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
boot.initrd.systemd.units

Definition of systemd units.

Type: attribute set of (submodule)

Default: { }

Declared by:

<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
boot.initrd.systemd.users

Users to include in initrd.

Type: attribute set of (submodule)

Default: { }

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
boot.initrd.systemd.users.<name>.group

Group the user belongs to in initrd.

Type: (optionally newline-terminated) single-line string

Default: config.users.users.${name}.group

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
boot.initrd.systemd.users.<name>.shell

The path to the user’s shell in initrd.

Type: path, not containing newlines or colons

Default: ${pkgs.shadow}/bin/nologin

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
boot.initrd.systemd.users.<name>.uid

ID of the user in initrd.

Type: signed integer

Default: config.users.users.${name}.uid

Declared by:

<nixpkgs/nixos/modules/config/users-groups.nix>
boot.initrd.unl0kr.enable

Whether to enable the unl0kr on-screen keyboard in initrd to unlock LUKS.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/system/boot/unl0kr.nix>
boot.initrd.verbose

Verbosity of the initrd. Please note that disabling verbosity removes only the mandatory messages generated by the NixOS scripts. For a completely silent boot, you might also want to set the two following configuration options:

  • boot.consoleLogLevel = 0;

  • boot.kernelParams = [ "quiet" "udev.log_level=3" ];

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-1.nix>
boot.isContainer

Whether this NixOS machine is a lightweight container running in another NixOS system.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
boot.iscsi-initiator.discoverPortal

iSCSI portal to boot from.

Type: null or string

Default: null

Example: "192.168.1.1:3260"

Declared by:

<nixpkgs/nixos/modules/services/networking/iscsi/root-initiator.nix>
boot.iscsi-initiator.extraConfig

Extra lines to append to /etc/iscsid.conf

Type: null or strings concatenated with “\n”

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/iscsi/root-initiator.nix>
boot.iscsi-initiator.extraConfigFile

Append an additional file’s contents to /etc/iscsid.conf. Use a non-store path and store passwords in this file. Note: the file specified here must be available in the initrd, see: boot.initrd.secrets.

Type: null or string

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/iscsi/root-initiator.nix>
boot.iscsi-initiator.extraIscsiCommands

Extra iscsi commands to run in the initrd.

Type: strings concatenated with “\n”

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/iscsi/root-initiator.nix>
boot.iscsi-initiator.logLevel

Higher numbers elicits more logs.

Type: signed integer

Default: 1

Example: 8

Declared by:

<nixpkgs/nixos/modules/services/networking/iscsi/root-initiator.nix>
boot.iscsi-initiator.loginAll

Do not log into a specific target on the portal, but to all that we discover. This overrides setting target.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/iscsi/root-initiator.nix>
boot.iscsi-initiator.name

Name of the iSCSI initiator to boot from. Note, booting from iscsi requires networkd based networking.

Type: null or string

Default: null

Example: "iqn.2020-08.org.linux-iscsi.initiatorhost:example"

Declared by:

<nixpkgs/nixos/modules/services/networking/iscsi/root-initiator.nix>
boot.iscsi-initiator.target

Name of the iSCSI target to boot from.

Type: null or string

Default: null

Example: "iqn.2020-08.org.linux-iscsi.targethost:example"

Declared by:

<nixpkgs/nixos/modules/services/networking/iscsi/root-initiator.nix>
boot.kernel.enable

Whether to enable the Linux kernel. This is useful for systemd-like containers which do not require a kernel.

Type: boolean

Default: true

Example: true

Declared by:

<nixpkgs/nixos/modules/system/boot/kernel.nix>
boot.kernel.randstructSeed

Provides a custom seed for the RANDSTRUCT security option of the Linux kernel. Note that RANDSTRUCT is only enabled in NixOS hardened kernels. Using a custom seed requires building the kernel and dependent packages locally, since this customization happens at build time.

Type: string

Default: ""

Example: "my secret seed"

Declared by:

<nixpkgs/nixos/modules/system/boot/kernel.nix>
boot.kernel.sysctl

Runtime parameters of the Linux kernel, as set by sysctl(8). Note that sysctl parameters names must be enclosed in quotes (e.g. "vm.swappiness" instead of vm.swappiness). The value of each parameter may be a string, integer, boolean, or null (signifying the option will not appear at all).

Type: attribute set of (sysctl option value)

Default: { }

Example:

{ "net.ipv4.tcp_syncookies" = false; "vm.swappiness" = 60; }

Declared by:

<nixpkgs/nixos/modules/config/sysctl.nix>
boot.kernel.sysctl."net.core.rmem_max"

The maximum receive socket buffer size in bytes. In case of conflicting values, the highest will be used.

Type: null or (unsigned integer, meaning >=0)

Default: null

Declared by:

<nixpkgs/nixos/modules/config/sysctl.nix>
boot.kernel.sysctl."net.core.wmem_max"

The maximum send socket buffer size in bytes. In case of conflicting values, the highest will be used.

Type: null or (unsigned integer, meaning >=0)

Default: null

Declared by:

<nixpkgs/nixos/modules/config/sysctl.nix>
boot.kernelModules

The set of kernel modules to be loaded in the second stage of the boot process. Note that modules that are needed to mount the root file system should be added to boot.initrd.availableKernelModules or boot.initrd.kernelModules.

Type: list of string

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/kernel.nix>
boot.kernelPackages

This option allows you to override the Linux kernel used by NixOS. Since things like external kernel module packages are tied to the kernel you’re using, it also overrides those. This option is a function that takes Nixpkgs as an argument (as a convenience), and returns an attribute set containing at the very least an attribute kernel. Additional attributes may be needed depending on your configuration. For instance, if you use the NVIDIA X driver, then it also needs to contain an attribute nvidia_x11.

Please note that we strictly support kernel versions that are maintained by the Linux developers only. More information on the availability of kernel versions is documented in the Linux section of the manual.

Type: raw value

Default: pkgs.linuxPackages

Example: pkgs.linuxKernel.packages.linux_5_10

Declared by:

<nixpkgs/nixos/modules/system/boot/kernel.nix>
boot.kernelParams

Parameters added to the kernel command line.

Type: list of string, with spaces inside double quotes

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/system/boot/kernel.nix>
boot.kernelPatches

A list of additional patches to apply to the kernel.

Every item should be an attribute set with the following attributes:

{
  name = "foo";                 # descriptive name, required

  patch = ./foo.patch;          # path or derivation that contains the patch source
                                # (required, but can be null if only config changes
                                # are needed)

  extraStructuredConfig = {     # attrset of extra configuration parameters without the CONFIG_ prefix
    FOO = lib.kernel.yes;       # (optional)
  };                            # values should generally be lib.kernel.yes,
                                # lib.kernel.no or lib.kernel.module

  features = {                  # attrset of extra "features" the kernel is considered to have
    foo = true;                 # (may be checked by other NixOS modules, optional)
  };

  extraConfig = "FOO y";        # extra configuration options in string form without the CONFIG_ prefix
                                # (optional, multiple lines allowed to specify multiple options)
                                # (deprecated, use extraStructuredConfig instead)
}

There’s a small set of existing kernel patches in Nixpkgs, available as pkgs.kernelPatches, that follow this format and can be used directly.

Type: list of (attribute set)

Default: [ ]

Example:

[
  {
    name = "foo";
    patch = ./foo.patch;
    extraStructuredConfig.FOO = lib.kernel.yes;
    features.foo = true;
  }
  {
    name = "foo-ml-mbox";
    patch = (fetchurl {
      url = "https://lore.kernel.org/lkml/19700205182810.58382-1-email@domain/t.mbox.gz";
      hash = "sha256-...";
    });
  }
]

Declared by:

<nixpkgs/nixos/modules/system/boot/kernel.nix>
boot.loader.efi.canTouchEfiVariables

Whether the installation process is allowed to modify EFI boot variables.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/efi.nix>
boot.loader.efi.efiSysMountPoint

Where the EFI System Partition is mounted.

Type: string

Default: "/boot"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/efi.nix>
boot.loader.external.enable

Whether to enable using an external tool to install your bootloader.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/external/external.nix>
boot.loader.external.installHook

The full path to a program of your choosing which performs the bootloader installation process.

The program will be called with an argument pointing to the output of the system’s toplevel.

Type: path

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/external/external.nix>
boot.loader.generationsDir.enable

Whether to create symlinks to the system generations under /boot. When enabled, /boot/default/kernel, /boot/default/initrd, etc., are updated to point to the current generation’s kernel image, initial RAM disk, and other bootstrap files.

This optional is not necessary with boot loaders such as GNU GRUB for which the menu is updated to point to the latest bootstrap files. However, it is needed for U-Boot on platforms where the boot command line is stored in flash memory rather than in a menu file.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/generations-dir/generations-dir.nix>
boot.loader.generationsDir.copyKernels

Whether copy the necessary boot files into /boot, so /nix/store is not needed by the boot loader.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/generations-dir/generations-dir.nix>
boot.loader.generic-extlinux-compatible.enable

Whether to generate an extlinux-compatible configuration file under /boot/extlinux.conf. For instance, U-Boot’s generic distro boot support uses this file format.

See U-boot’s documentation for more information.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible>
boot.loader.generic-extlinux-compatible.configurationLimit

Maximum number of configurations in the boot menu.

Type: signed integer

Default: 20

Example: 10

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible>
boot.loader.generic-extlinux-compatible.populateCmd

Contains the builder command used to populate an image, honoring all options except the -c <path-to-default-configuration> argument. Useful to have for sdImage.populateRootCommands

Type: string (read only)

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible>
boot.loader.generic-extlinux-compatible.useGenerationDeviceTree

Whether to generate Device Tree-related directives in the extlinux configuration.

When enabled, the bootloader will attempt to load the device tree binaries from the generation’s kernel.

Note that this affects all generations, regardless of the setting value used in their configurations.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible>
boot.loader.grub.enable

Whether to enable the GNU GRUB boot loader.

Type: boolean

Default: !config.boot.isContainer

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.enableCryptodisk

Enable support for encrypted partitions. GRUB should automatically unlock the correct encrypted partition and look for filesystems.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.backgroundColor

Background color to be used for GRUB to fill the areas the image isn’t filling.

Type: null or string

Default: null

Example: "#7EBAE4"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.configurationLimit

Maximum of configurations in boot menu. GRUB has problems when there are too many entries.

Type: signed integer

Default: 100

Example: 120

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.configurationName

GRUB entry name instead of default.

Type: string

Default: ""

Example: "Stable 2.6.21"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.copyKernels

Whether the GRUB menu builder should copy kernels and initial ramdisks to /boot. This is done automatically if /boot is on a different partition than /.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.default

Index of the default menu item to be booted. Can also be set to “saved”, which will make GRUB select the menu item that was used at the last boot.

Type: signed integer or string

Default: "0"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.device

The device on which the GRUB boot loader will be installed. The special value nodev means that a GRUB boot menu will be generated, but GRUB itself will not actually be installed. To install GRUB on multiple devices, use boot.loader.grub.devices.

Type: string

Default: ""

Example: "/dev/disk/by-id/wwn-0x500001234567890a"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.devices

The devices on which the boot loader, GRUB, will be installed. Can be used instead of device to install GRUB onto multiple devices.

Type: list of string

Default: [ ]

Example:

[
  "/dev/disk/by-id/wwn-0x500001234567890a"
]

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.efiInstallAsRemovable

Whether to invoke grub-install with --removable.

Unless you turn this on, GRUB will install itself somewhere in boot.loader.efi.efiSysMountPoint (exactly where depends on other config variables). If you’ve set boot.loader.efi.canTouchEfiVariables AND you are currently booted in UEFI mode, then GRUB will use efibootmgr to modify the boot order in the EFI variables of your firmware to include this location. If you are not booted in UEFI mode at the time GRUB is being installed, the NVRAM will not be modified, and your system will not find GRUB at boot time. However, GRUB will still return success so you may miss the warning that gets printed (“efibootmgr: EFI variables are not supported on this system.”).

If you turn this feature on, GRUB will install itself in a special location within efiSysMountPoint (namely EFI/boot/boot$arch.efi) which the firmwares are hardcoded to try first, regardless of NVRAM EFI variables.

To summarize, turn this on if:

  • You are installing NixOS and want it to boot in UEFI mode, but you are currently booted in legacy mode

  • You want to make a drive that will boot regardless of the NVRAM state of the computer (like a USB “removable” drive)

  • You simply dislike the idea of depending on NVRAM state to make your drive bootable

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.efiSupport

Whether GRUB should be built with EFI support.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.entryOptions

Options applied to the primary NixOS menu entry.

Type: null or string

Default: "--class nixos --unrestricted"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.extraConfig

Additional GRUB commands inserted in the configuration file just before the menu entries.

Type: strings concatenated with “\n”

Default: ""

Example:

''
  serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1
  terminal_input --append serial
  terminal_output --append serial
''

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.extraEntries

Any additional entries you want added to the GRUB boot menu.

Type: strings concatenated with “\n”

Default: ""

Example:

''
  # GRUB 2 example
  menuentry "Windows 7" {
    chainloader (hd0,4)+1
  }
  
  # GRUB 2 with UEFI example, chainloading another distro
  menuentry "Fedora" {
    set root=(hd1,1)
    chainloader /efi/fedora/grubx64.efi
  }
''

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.extraEntriesBeforeNixOS

Whether extraEntries are included before the default option.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.extraFiles

A set of files to be copied to /boot. Each attribute name denotes the destination file name in /boot, while the corresponding attribute value specifies the source file.

Type: attribute set of path

Default: { }

Example:

{ "memtest.bin" = "${pkgs.memtest86plus}/memtest.bin"; }

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.extraGrubInstallArgs

Additional arguments passed to grub-install.

A use case for this is to build specific GRUB2 modules directly into the GRUB2 kernel image, so that they are available and activated even in the grub rescue shell.

They are also necessary when the BIOS/UEFI is bugged and cannot correctly read large disks (e.g. above 2 TB), so GRUB2’s own nativedisk and related modules can be used to use its own disk drivers. The example shows one such case. This is also useful for booting from USB. See the GRUB source code for which disk modules are available.

The list elements are passed directly as argv arguments to the grub-install program, in order.

Type: list of string

Default: [ ]

Example:

[
  "--modules=nativedisk ahci pata part_gpt part_msdos diskfilter mdraid1x lvm ext2"
]

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.extraInstallCommands

Additional shell commands inserted in the bootloader installer script after generating menu entries.

Type: strings concatenated with “\n”

Default: ""

Example:

''
  # the example below generates detached signatures that GRUB can verify
  # https://www.gnu.org/software/grub/manual/grub/grub.html#Using-digital-signatures
  ''${pkgs.findutils}/bin/find /boot -not -path "/boot/efi/*" -type f -name '*.sig' -delete
  old_gpg_home=$GNUPGHOME
  export GNUPGHOME="$(mktemp -d)"
  ''${pkgs.gnupg}/bin/gpg --import ''${priv_key} > /dev/null 2>&1
  ''${pkgs.findutils}/bin/find /boot -not -path "/boot/efi/*" -type f -exec ''${pkgs.gnupg}/bin/gpg --detach-sign "{}" \; > /dev/null 2>&1
  rm -rf $GNUPGHOME
  export GNUPGHOME=$old_gpg_home
''

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.extraPerEntryConfig

Additional GRUB commands inserted in the configuration file at the start of each NixOS menu entry.

Type: strings concatenated with “\n”

Default: ""

Example: "root (hd0)"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.extraPrepareConfig

Additional bash commands to be run at the script that prepares the GRUB menu entries.

Type: strings concatenated with “\n”

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.font

Path to a TrueType, OpenType, or pf2 font to be used by Grub.

Type: null or path

Default: "${pkgs.grub2}/share/grub/unicode.pf2"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.fontSize

Font size for the grub menu. Ignored unless font is set to a ttf or otf font.

Type: null or signed integer

Default: null

Example: 16

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.forceInstall

Whether to try and forcibly install GRUB even if problems are detected. It is not recommended to enable this unless you know what you are doing.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.forcei686

Whether to force the use of a ia32 boot loader on x64 systems. Required to install and run NixOS on 64bit x86 systems with 32bit (U)EFI.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.fsIdentifier

Determines how GRUB will identify devices when generating the configuration file. A value of uuid / label signifies that grub will always resolve the uuid or label of the device before using it in the configuration. A value of provided means that GRUB will use the device name as show in df or mount. Note, zfs zpools / datasets are ignored and will always be mounted using their labels.

Type: one of “uuid”, “label”, “provided”

Default: "uuid"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.gfxmodeBios

The gfxmode to pass to GRUB when loading a graphical boot interface under BIOS.

Type: string

Default: "1024x768"

Example: "auto"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.gfxmodeEfi

The gfxmode to pass to GRUB when loading a graphical boot interface under EFI.

Type: string

Default: "auto"

Example: "1024x768"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.gfxpayloadBios

The gfxpayload to pass to GRUB when loading a graphical boot interface under BIOS.

Type: string

Default: "text"

Example: "keep"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.gfxpayloadEfi

The gfxpayload to pass to GRUB when loading a graphical boot interface under EFI.

Type: string

Default: "keep"

Example: "text"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.ipxe

Set of iPXE scripts available for booting from the GRUB boot menu.

Type: attribute set of (path or string)

Default: { }

Example:

{ demo = ''
    #!ipxe
    dhcp
    chain http://boot.ipxe.org/demo/boot.php
  '';
}

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/ipxe.nix>
boot.loader.grub.memtest86.enable

Make Memtest86+, a memory testing program, available from the GRUB boot menu.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/memtest.nix>
boot.loader.grub.memtest86.params

Parameters added to the Memtest86+ command line. As of memtest86+ 5.01 the following list of (apparently undocumented) parameters are accepted:

  • console=..., set up a serial console. Examples: console=ttyS0, console=ttyS0,9600 or console=ttyS0,115200n8.

  • btrace, enable boot trace.

  • maxcpus=N, limit number of CPUs.

  • onepass, run one pass and exit if there are no errors.

  • tstlist=..., list of tests to run. Example: 0,1,2.

  • cpumask=..., set a CPU mask, to select CPUs to use for testing.

This list of command line options was obtained by reading the Memtest86+ source code.

Type: list of string

Default: [ ]

Example:

[
  "console=ttyS0,115200"
]

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/memtest.nix>
boot.loader.grub.mirroredBoots

Mirror the boot configuration to multiple partitions and install grub to the respective devices corresponding to those partitions.

Type: list of (submodule)

Default: [ ]

Example:

[
  {
    devices = [
      "/dev/disk/by-id/wwn-0x500001234567890a"
    ];
    path = "/boot1";
  }
  {
    devices = [
      "/dev/disk/by-id/wwn-0x500009876543210a"
    ];
    path = "/boot2";
  }
]

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.mirroredBoots.*.devices

The path to the devices which will have the GRUB MBR written. Note these are typically device paths and not paths to partitions.

Type: list of string

Default: [ ]

Example:

[
  "/dev/disk/by-id/wwn-0x500001234567890a"
  "/dev/disk/by-id/wwn-0x500009876543210a"
]

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.mirroredBoots.*.efiBootloaderId

The id of the bootloader to store in efi nvram. The default is to name it NixOS and append the path or efiSysMountPoint. This is only used if boot.loader.efi.canTouchEfiVariables is true.

Type: null or string

Default: null

Example: "NixOS-fsid"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.mirroredBoots.*.efiSysMountPoint

The path to the efi system mount point. Usually this is the same partition as the above path and can be left as null.

Type: null or string

Default: null

Example: "/boot1/efi"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.mirroredBoots.*.path

The path to the boot directory where GRUB will be written. Generally this boot path should double as an EFI path.

Type: string

Example: "/boot1"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.splashImage

Background image used for GRUB. Set to null to run GRUB in text mode.

Note

File must be one of .png, .tga, .jpg, or .jpeg. JPEG images must not be progressive. The image will be scaled if necessary to fit the screen.

Type: null or path

Example: ./my-background.png

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.splashMode

Whether to stretch the image or show the image in the top-left corner unstretched.

Type: one of “normal”, “stretch”

Default: "stretch"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.storePath

Path to the Nix store when looking for kernels at boot. Only makes sense when copyKernels is false.

Type: string

Default: "/nix/store"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.subEntryOptions

Options applied to the secondary NixOS submenu entry.

Type: null or string

Default: "--class nixos"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.theme

Path to the grub theme to be used.

Type: null or path

Default: null

Example: "${pkgs.libsForQt5.breeze-grub}/grub/themes/breeze"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.timeoutStyle
  • menu shows the menu.

  • countdown uses a text-mode countdown.

  • hidden hides GRUB entirely.

When using a theme, the default value (menu) is appropriate for the graphical countdown.

When attempting to do flicker-free boot, hidden should be used.

See the GRUB documentation section about timeout_style.

Note

If this option is set to ‘countdown’ or ‘hidden’ […] and ESC or F4 are pressed, or SHIFT is held down during that time, it will display the menu and wait for input.

From: Simple configuration handling page, under GRUB_TIMEOUT_STYLE.

Type: one of “menu”, “countdown”, “hidden”

Default: "menu"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.useOSProber

If set to true, append entries for other OSs detected by os-prober.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.users

User accounts for GRUB. When specified, the GRUB command line and all boot options except the default are password-protected. All passwords and hashes provided will be stored in /boot/grub/grub.cfg, and will be visible to any local user who can read this file. Additionally, any passwords and hashes provided directly in a Nix configuration (as opposed to external files) will be copied into the Nix store, and will be visible to all local users.

Type: attribute set of (submodule)

Default: { }

Example:

{
  root = {
    hashedPasswordFile = "/path/to/file";
  };
}

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.users.<name>.hashedPassword

Specifies the password hash for the account, generated with grub-mkpasswd-pbkdf2. This hash will be copied to the Nix store, and will be visible to all local users.

Type: null or string

Default: null

Example: "grub.pbkdf2.sha512.10000.674DFFDEF76E13EA...2CC972B102CF4355"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.users.<name>.hashedPasswordFile

Specifies the path to a file containing the password hash for the account, generated with grub-mkpasswd-pbkdf2. This hash will be stored in /boot/grub/grub.cfg, and will be visible to any local user who can read this file.

Type: null or string

Default: null

Example: "/path/to/file"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.users.<name>.password

Specifies the clear text password for the account. This password will be copied to the Nix store, and will be visible to all local users.

Type: null or string

Default: null

Example: "Pa$$w0rd!"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.users.<name>.passwordFile

Specifies the path to a file containing the clear text password for the account. This password will be stored in /boot/grub/grub.cfg, and will be visible to any local user who can read this file.

Type: null or string

Default: null

Example: "/path/to/file"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.grub.zfsSupport

Whether GRUB should be built against libzfs.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
boot.loader.initScript.enable

Some systems require a /sbin/init script which is started. Or having it makes starting NixOS easier. This applies to some kind of hosting services and user mode linux.

Additionally this script will create /boot/init-other-configurations-contents.txt containing contents of remaining configurations. You can copy paste them into /sbin/init manually running a rescue system or such.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/init-script/init-script.nix>
boot.loader.raspberryPi.enable

Whether to create files with the system generations in /boot. /boot/old will hold files from old generations.

Note

These options are deprecated, unsupported, and may not work like expected.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix>
boot.loader.raspberryPi.firmwareConfig

Extra options that will be appended to /boot/config.txt file. For possible values, see: https://www.raspberrypi.com/documentation/computers/config_txt.html

Note

These options are deprecated, unsupported, and may not work like expected.

Type: null or strings concatenated with “\n”

Default: null

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix>
boot.loader.raspberryPi.uboot.enable

Enable using uboot as bootmanager for the raspberry pi.

Note

These options are deprecated, unsupported, and may not work like expected.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix>
boot.loader.raspberryPi.uboot.configurationLimit

Maximum number of configurations in the boot menu.

Note

These options are deprecated, unsupported, and may not work like expected.

Type: signed integer

Default: 20

Example: 10

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix>
boot.loader.raspberryPi.version

Type: one of 0, 1, 2, 3, 4

Default: 2

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix>
boot.loader.systemd-boot.enable

Whether to enable the systemd-boot (formerly gummiboot) EFI boot manager. For more information about systemd-boot: https://www.freedesktop.org/wiki/Software/systemd/systemd-boot/

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
boot.loader.systemd-boot.configurationLimit

Maximum number of latest generations in the boot menu. Useful to prevent boot partition running out of disk space.

null means no limit i.e. all generations that have not been garbage collected yet.

Type: null or signed integer

Default: null

Example: 120

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
boot.loader.systemd-boot.consoleMode

The resolution of the console. The following values are valid:

  • "0": Standard UEFI 80x25 mode

  • "1": 80x50 mode, not supported by all devices

  • "2": The first non-standard mode provided by the device firmware, if any

  • "auto": Pick a suitable mode automatically using heuristics

  • "max": Pick the highest-numbered available mode

  • "keep": Keep the mode selected by firmware (the default)

Type: one of “0”, “1”, “2”, “auto”, “max”, “keep”

Default: "keep"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
boot.loader.systemd-boot.editor

Whether to allow editing the kernel command-line before boot. It is recommended to set this to false, as it allows gaining root access by passing init=/bin/sh as a kernel parameter. However, it is enabled by default for backwards compatibility.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
boot.loader.systemd-boot.extraEntries

Any additional entries you want added to the systemd-boot menu. These entries will be copied to $BOOT/loader/entries. Each attribute name denotes the destination file name, and the corresponding attribute value is the contents of the entry.

To control the ordering of the entry in the boot menu, use the sort-key field, see https://uapi-group.org/specifications/specs/boot_loader_specification/#sorting and boot.loader.systemd-boot.sortKey.

Type: attribute set of strings concatenated with “\n”

Default: { }

Example:

{ "memtest86.conf" = ''
  title Memtest86+
  efi /efi/memtest86/memtest.efi
  sort-key z_memtest
''; }

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
boot.loader.systemd-boot.extraFiles

A set of files to be copied to $BOOT. Each attribute name denotes the destination file name in $BOOT, while the corresponding attribute value specifies the source file.

Type: attribute set of path

Default: { }

Example:

{ "efi/memtest86/memtest.efi" = "${pkgs.memtest86plus}/memtest.efi"; }

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
boot.loader.systemd-boot.extraInstallCommands

Additional shell commands inserted in the bootloader installer script after generating menu entries. It can be used to expand on extra boot entries that cannot incorporate certain pieces of information (such as the resulting init= kernel parameter).

Type: strings concatenated with “\n”

Default: ""

Example:

''
  default_cfg=$(cat /boot/loader/loader.conf | grep default | awk '{print $2}')
  init_value=$(cat /boot/loader/entries/$default_cfg | grep init= | awk '{print $2}')
  sed -i "s|@INIT@|$init_value|g" /boot/custom/config_with_placeholder.conf
''

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
boot.loader.systemd-boot.graceful

Invoke bootctl install with the --graceful option, which ignores errors when EFI variables cannot be written or when the EFI System Partition cannot be found. Currently only applies to random seed operations.

Only enable this option if systemd-boot otherwise fails to install, as the scope or implication of the --graceful option may change in the future.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
boot.loader.systemd-boot.memtest86.enable

Make Memtest86+ available from the systemd-boot menu. Memtest86+ is a program for testing memory.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
boot.loader.systemd-boot.memtest86.sortKey

systemd-boot orders the menu entries by their sort keys, so if you want something to appear after all the NixOS entries, it should start with o or onwards.

See also boot.loader.systemd-boot.sortKey.

Type: string

Default: "o_memtest86"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
boot.loader.systemd-boot.netbootxyz.enable

Make netboot.xyz available from the systemd-boot menu. netboot.xyz is a menu system that allows you to boot OS installers and utilities over the network.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
boot.loader.systemd-boot.netbootxyz.sortKey

systemd-boot orders the menu entries by their sort keys, so if you want something to appear after all the NixOS entries, it should start with o or onwards.

See also boot.loader.systemd-boot.sortKey.

Type: string

Default: "o_netbootxyz"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
boot.loader.systemd-boot.sortKey

The sort key used for the NixOS bootloader entries. This key determines sorting relative to non-NixOS entries. See also https://uapi-group.org/specifications/specs/boot_loader_specification/#sorting

This option can also be used to control the sorting of NixOS specialisations.

By default, specialisations inherit the sort key of their parent generation and will have the same value for both the sort-key and the version (i.e. the generation number), systemd-boot will therefore sort them based on their file name, meaning that in your boot menu you will have each main generation directly followed by its specialisations sorted alphabetically by their names.

If you want a different ordering for a specialisation, you can override its sort-key which will cause the specialisation to be uncoupled from its parent generation. It will then be sorted by its new sort-key just like any other boot entry.

The sort-key is stored in the generation’s bootspec, which means that generations keep their sort-keys even if the original definition of the generation was removed from the NixOS configuration. It also means that updating the sort-key will only affect new generations, while old ones will keep the sort-key that they were originally built with.

Type: string

Default: "nixos"

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
boot.loader.systemd-boot.xbootldrMountPoint

Where the XBOOTLDR partition is mounted.

If set, this partition will be used as $BOOT to store boot loader entries and extra files instead of the EFI partition. As per the bootloader specification, it is recommended that the EFI and XBOOTLDR partitions be mounted at /efi and /boot, respectively.

Type: null or string

Default: null

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
boot.loader.timeout

Timeout (in seconds) until loader boots the default menu item. Use null if the loader menu should be displayed indefinitely.

Type: null or signed integer

Default: 5

Declared by:

<nixpkgs/nixos/modules/system/boot/loader/loader.nix>
boot.modprobeConfig.enable

Whether to enable modprobe config. This is useful for systems like containers which do not require a kernel.

Type: boolean

Default: true

Example: true

Declared by:

<nixpkgs/nixos/modules/system/boot/modprobe.nix>
boot.plymouth.enable

Whether to enable Plymouth boot splash screen.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/system/boot/plymouth.nix>
boot.plymouth.extraConfig

Literal string to append to configFile and the config file generated by the plymouth module.

Type: strings concatenated with “\n”

Default: ""

Declared by:

<nixpkgs/nixos/modules/system/boot/plymouth.nix>
boot.plymouth.font

Font file made available for displaying text on the splash screen.

Type: path

Default: "${pkgs.dejavu_fonts.minimal}/share/fonts/truetype/DejaVuSans.ttf"

Declared by:

<nixpkgs/nixos/modules/system/boot/plymouth.nix>
boot.plymouth.logo

Logo which is displayed on the splash screen. Currently supports PNG file format only.

Type: path

Default: "${pkgs.nixos-icons}/share/icons/hicolor/48x48/apps/nix-snowflake-white.png"

Example:

pkgs.fetchurl {
  url = "https://nixos.org/logo/nixos-hires.png";
  sha256 = "1ivzgd7iz0i06y36p8m5w48fd8pjqwxhdaavc0pxs7w1g7mcy5si";
}

Declared by:

<nixpkgs/nixos/modules/system/boot/plymouth.nix>
boot.plymouth.theme

Splash screen theme.

Type: string

Default: "bgrt"

Declared by:

<nixpkgs/nixos/modules/system/boot/plymouth.nix>
boot.plymouth.themePackages

Extra theme packages for plymouth.

Type: list of package

Default: A NixOS branded variant of the breeze theme when config.boot.plymouth.theme == "breeze", otherwise [ ].

Declared by:

<nixpkgs/nixos/modules/system/boot/plymouth.nix>
boot.postBootCommands

Shell commands to be executed just before systemd is started.

Type: strings concatenated with “\n”

Default: ""

Example: "rm -f /var/log/messages"

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-2.nix>
boot.readOnlyNixStore

If set, NixOS will enforce the immutability of the Nix store by making /nix/store a read-only bind mount. Nix will automatically make the store writable when needed.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-2.nix>
boot.resumeDevice

Device for manual resume attempt during boot. This should be used primarily if you want to resume from file. If left empty, the swap partitions are used. Specify here the device where the file resides. You should also use boot.kernelParams to specify «resume_offset».

Type: string

Default: ""

Example: "/dev/sda3"

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-1.nix>
boot.runSize

Size limit for the /run tmpfs. Look at mount(8), tmpfs size option, for the accepted syntax.

Type: string

Default: "25%"

Example: "256m"

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
boot.specialFileSystems.<name>.depends

List of paths that should be mounted before this one. This filesystem’s device and mountPoint are always checked and do not need to be included explicitly. If a path is added to this list, any other filesystem whose mount point is a parent of the path will be mounted before this filesystem. The paths do not need to actually be the mountPoint of some other filesystem.

Type: list of string (with check: non-empty without trailing slash)

Default: [ ]

Example:

[
  "/persist"
]

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
boot.specialFileSystems.<name>.device

Location of the device.

Type: null or string (with check: non-empty)

Default: null

Example: "/dev/sda"

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
boot.specialFileSystems.<name>.fsType

Type of the file system.

Type: string (with check: non-empty)

Default: "auto"

Example: "ext3"

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
boot.specialFileSystems.<name>.mountPoint

Location of the mounted file system.

Type: string (with check: non-empty without trailing slash)

Example: "/mnt/usb"

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
boot.specialFileSystems.<name>.options

Options used to mount the file system.

Type: non-empty (list of string (with check: non-empty))

Default:

[
  "defaults"
]

Example:

[
  "data=journal"
]

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
boot.specialFileSystems.<name>.stratis.poolUuid

UUID of the stratis pool that the fs is located in

Type: null or string

Default: null

Example: "04c68063-90a5-4235-b9dd-6180098a20d9"

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
boot.supportedFilesystems

Names of supported filesystem types, or an attribute set of file system types and their state. The set form may be used together with lib.mkForce to explicitly disable support for specific filesystems, e.g. to disable ZFS with an unsupported kernel.

Type: (attribute set of boolean) or (list of string) convertible to it

Default: { }

Example:

{
  btrfs = true;
  zfs = lib.mkForce false;
}

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
boot.swraid.enable

Whether to enable support for Linux MD RAID arrays.

When this is enabled, mdadm will be added to the system path, and MD RAID arrays will be detected and activated automatically, both in stage-1 (initramfs) and in stage-2 (the final NixOS system).

This should be enabled if you want to be able to access and/or boot from MD RAID arrays. nixos-generate-config should detect it correctly in the standard installation procedure.

Type: boolean

Default: "`true` if stateVersion is older than 23.11"

Example: true

Declared by:

<nixpkgs/nixos/modules/tasks/swraid.nix>
boot.swraid.mdadmConf

Contents of /etc/mdadm.conf.

Type: strings concatenated with “\n”

Default: ""

Declared by:

<nixpkgs/nixos/modules/tasks/swraid.nix>
boot.systemdExecutable

The program to execute to start systemd.

Type: string

Default: "/run/current-system/systemd/lib/systemd/systemd"

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-2.nix>
boot.tmp.cleanOnBoot

Whether to delete all files in /tmp during boot.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/tmp.nix>
boot.tmp.tmpfsSize

Size of tmpfs in percentage. Percentage is defined by systemd.

Type: string or (positive integer, meaning >0)

Default: "50%"

Declared by:

<nixpkgs/nixos/modules/system/boot/tmp.nix>
boot.tmp.useTmpfs

Whether to mount a tmpfs on /tmp during boot.

Note

Large Nix builds can fail if the mounted tmpfs is not large enough. In such a case either increase the tmpfsSize or disable this option.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/tmp.nix>
boot.uki.configFile

The configuration file passed to ukify(1) to create the UKI.

By default this configuration file is created from boot.uki.settings.

Type: path

Declared by:

<nixpkgs/nixos/modules/system/boot/uki.nix>
boot.uki.name

Name of the UKI

Type: string

Declared by:

<nixpkgs/nixos/modules/system/boot/uki.nix>
boot.uki.settings

The configuration settings for ukify. These control what the UKI contains and how it is built.

Type: attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))

Declared by:

<nixpkgs/nixos/modules/system/boot/uki.nix>
boot.uki.tries

Number of boot attempts before this UKI is considered bad.

If no tries are specified (the default) automatic boot assessment remains inactive.

See documentation on Automatic Boot Assessment and boot counting for more information.

Type: null or (unsigned integer, meaning >=0)

Default: null

Declared by:

<nixpkgs/nixos/modules/system/boot/uki.nix>
boot.uki.version

Version of the image or generation the UKI belongs to

Type: null or string

Default: config.system.image.version

Declared by:

<nixpkgs/nixos/modules/system/boot/uki.nix>
boot.uvesafb.enable

Whether to enable uvesafb.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/system/boot/uvesafb.nix>
boot.uvesafb.gfx-mode

Screen resolution in modedb format. See uvesafb and modedb documentation for more details. The default value is a sensible default but may be not ideal for all setups.

Type: string

Default: "1024x768-32"

Declared by:

<nixpkgs/nixos/modules/system/boot/uvesafb.nix>
boot.uvesafb.v86d.package

Which v86d package to use with uvesafb

Type: package

Default:

''
  config.boot.kernelPackages.v86d.overrideAttrs (old: {
            hardeningDisable = [ "all" ];
          })''

Declared by:

<nixpkgs/nixos/modules/system/boot/uvesafb.nix>
boot.vesa

(Deprecated) This option, if set, activates the VESA 800x600 video mode on boot and disables kernel modesetting. It is equivalent to specifying [ "vga=0x317" "nomodeset" ] in the boot.kernelParams option. This option is deprecated as of 2020: Xorg now works better with modesetting, and you might want a different VESA vga setting, anyway.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/kernel.nix>
boot.zfs.enabled

True if ZFS filesystem support is enabled

Type: boolean (read only)

Default: true if ZFS filesystem support is enabled

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
boot.zfs.package

Configured ZFS userland tools package, use pkgs.zfs_unstable if you want to track the latest staging ZFS branch.

Type: package

Default: pkgs.zfs

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
boot.zfs.allowHibernation

Allow hibernation support, this may be a unsafe option depending on your setup. Make sure to NOT use Swap on ZFS.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
boot.zfs.devNodes

Name of directory from which to import ZFS devices.

This should be a path under /dev containing stable names for all devices needed, as import may fail if device nodes are renamed concurrently with a device failing.

Type: path

Default: "/dev/disk/by-id"

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
boot.zfs.extraPools

Name or GUID of extra ZFS pools that you wish to import during boot.

Usually this is not necessary. Instead, you should set the mountpoint property of ZFS filesystems to legacy and add the ZFS filesystems to NixOS’s fileSystems option, which makes NixOS automatically import the associated pool.

However, in some cases (e.g. if you have many filesystems) it may be preferable to exclusively use ZFS commands to manage filesystems. If so, since NixOS/systemd will not be managing those filesystems, you will need to specify the ZFS pool here so that NixOS automatically imports it on every boot.

Type: list of string

Default: [ ]

Example:

[
  "tank"
  "data"
]

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
boot.zfs.forceImportAll

Forcibly import all ZFS pool(s).

If you set this option to false and NixOS subsequently fails to import your non-root ZFS pool(s), you should manually import each pool with “zpool import -f <pool-name>”, and then reboot. You should only need to do this once.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
boot.zfs.forceImportRoot

Forcibly import the ZFS root pool(s) during early boot.

This is enabled by default for backwards compatibility purposes, but it is highly recommended to disable this option, as it bypasses some of the safeguards ZFS uses to protect your ZFS pools.

If you set this option to false and NixOS subsequently fails to boot because it cannot import the root pool, you should boot with the zfs_force=1 option as a kernel parameter (e.g. by manually editing the kernel params in grub during boot). You should only need to do this once.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
boot.zfs.passwordTimeout

Timeout in seconds to wait for password entry for decrypt at boot.

Defaults to 0, which waits forever.

Type: signed integer

Default: 0

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
boot.zfs.removeLinuxDRM

Patch the kernel to change symbols needed by ZFS from EXPORT_SYMBOL_GPL to EXPORT_SYMBOL.

Currently has no effect, but may again in future if a kernel update breaks ZFS due to symbols being newly changed to GPL.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
boot.zfs.requestEncryptionCredentials

If true on import encryption keys or passwords for all encrypted datasets are requested. To only decrypt selected datasets supply a list of dataset names instead. For root pools the encryption key can be supplied via both an interactive prompt (keylocation=prompt) and from a file (keylocation=file://).

Type: boolean or list of string

Default: true

Example:

[
  "tank"
  "data"
]

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
console.enable

Whether to enable virtual console.

Type: boolean

Default: true

Example: true

Declared by:

<nixpkgs/nixos/modules/config/console.nix>
console.packages

List of additional packages that provide console fonts, keymaps and other resources for virtual consoles use.

Type: list of package

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/config/console.nix>
console.colors

The 16 colors palette used by the virtual consoles. Leave empty to use the default colors. Colors must be in hexadecimal format and listed in order from color 0 to color 15.

Type: list of string matching the pattern [[:xdigit:]]{6}

Default: [ ]

Example:

[
  "002b36"
  "dc322f"
  "859900"
  "b58900"
  "268bd2"
  "d33682"
  "2aa198"
  "eee8d5"
  "002b36"
  "cb4b16"
  "586e75"
  "657b83"
  "839496"
  "6c71c4"
  "93a1a1"
  "fdf6e3"
]

Declared by:

<nixpkgs/nixos/modules/config/console.nix>
console.earlySetup

Enable setting virtual console options as early as possible (in initrd).

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/console.nix>
console.font

The font used for the virtual consoles. Can be null, a font name, or a path to a PSF font file.

Use null to let the kernel choose a built-in font. The default is 8x16, and, as of Linux 5.3, Terminus 32 bold for display resolutions of 2560x1080 and higher. These fonts cover the IBM437 character set.

Type: null or string or path

Default: null

Example: "LatArCyrHeb-16"

Declared by:

<nixpkgs/nixos/modules/config/console.nix>
console.keyMap

The keyboard mapping table for the virtual consoles.

Type: string or path

Default: "us"

Example: "fr"

Declared by:

<nixpkgs/nixos/modules/config/console.nix>
console.useXkbConfig

If set, configure the virtual console keymap from the xserver keyboard settings.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/console.nix>
containers

A set of NixOS system configurations to be run as lightweight containers. Each container appears as a service container-«name» on the host system, allowing it to be started and stopped via systemctl.

Type: attribute set of (submodule)

Default: { }

Example:

{ webserver =
    { path = "/nix/var/nix/profiles/webserver";
    };
  database =
    { config =
        { config, pkgs, ... }:
        { services.postgresql.enable = true;
          services.postgresql.package = pkgs.postgresql_14;

          system.stateVersion = "24.05";
        };
    };
}

Declared by:

<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
containers.<name>.enableTun

Allows the container to create and setup tunnel interfaces by granting the NET_ADMIN capability and enabling access to /dev/net/tun.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
containers.<name>.additionalCapabilities

Grant additional capabilities to the container. See the capabilities(7) and systemd-nspawn(1) man pages for more information.

Type: list of string

Default: [ ]

Example:

[
  "CAP_NET_ADMIN"
  "CAP_MKNOD"
]

Declared by:

<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
containers.<name>.allowedDevices

A list of device nodes to which the containers has access to.

Type: list of (submodule)

Default: [ ]

Example:

[
  {
    modifier = "rw";
    node = "/dev/net/tun";
  }
]

Declared by:

<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
containers.<name>.allowedDevices.*.modifier

Device node access modifier. Takes a combination r (read), w (write), and m (mknod). See the systemd.resource-control(5) man page for more information.

Type: string

Example: "rw"

Declared by:

<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
containers.<name>.allowedDevices.*.node

Path to device node

Type: string

Example: "/dev/net/tun"

Declared by:

<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
containers.<name>.autoStart

Whether the container is automatically started at boot-time.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
containers.<name>.bindMounts

An extra list of directories that is bound to the container.

Type: attribute set of (submodule)

Default: { }

Example:

{ "/home" = { hostPath = "/home/alice";
              isReadOnly = false; };
}

Declared by:

<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
containers.<name>.bindMounts.<name>.hostPath

Location of the host path to be mounted.

Type: null or string

Default: null

Example: "/home/alice"

Declared by:

<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
containers.<name>.bindMounts.<name>.isReadOnly

Determine whether the mounted path will be accessed in read-only mode.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
containers.<name>.bindMounts.<name>.mountPoint

Mount point on the container file system.

Type: string

Example: "/mnt/usb"

Declared by:

<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
containers.<name>.config

A specification of the desired configuration of this container, as a NixOS module.

Type: Toplevel NixOS config

Declared by:

<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
containers.<name>.ephemeral

Runs container in ephemeral mode with the empty root filesystem at boot. This way container will be bootstrapped from scratch on each boot and will be cleaned up on shutdown leaving no traces behind. Useful for completely stateless, reproducible containers.

Note that this option might require to do some adjustments to the container configuration, e.g. you might want to set systemd.network.networks.$interface.dhcpV4Config.ClientIdentifier to “mac” if you use macvlans option. This way dhcp client identifier will be stable between the container restarts.

Note that the container journal will not be linked to the host if this option is enabled.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
containers.<name>.extraFlags

Extra flags passed to the systemd-nspawn command. See systemd-nspawn(1) for details.

Type: list of string

Default: [ ]

Example:

[
  "--drop-capability=CAP_SYS_CHROOT"
]

Declared by:

<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
containers.<name>.extraVeths

Extra veth-pairs to be created for the container.

Type: attribute set of (submodule)

Default: { }

Declared by:

<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
containers.<name>.extraVeths.<name>.forwardPorts

List of forwarded ports from host to container. Each forwarded port is specified by protocol, hostPort and containerPort. By default, protocol is tcp and hostPort and containerPort are assumed to be the same if containerPort is not explicitly given.

Type: list of (submodule)

Default: [ ]

Example:

[
  {
    containerPort = 80;
    hostPort = 8080;
    protocol = "tcp";
  }
]

Declared by:

<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
containers.<name>.extraVeths.<name>.forwardPorts.*.containerPort

Target port of container

Type: null or signed integer

Default: null

Declared by:

<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
containers.<name>.extraVeths.<name>.forwardPorts.*.hostPort

Source port of the external interface on host

Type: signed integer

Declared by:

<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
containers.<name>.extraVeths.<name>.forwardPorts.*.protocol

The protocol specifier for port forwarding between host and container

Type: string

Default: "tcp"

Declared by:

<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
containers.<name>.extraVeths.<name>.hostAddress

The IPv4 address assigned to the host interface. (Not used when hostBridge is set.)

Type: null or string

Default: null

Example: "10.231.136.1"

Declared by:

<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
containers.<name>.extraVeths.<name>.hostAddress6

The IPv6 address assigned to the host interface. (Not used when hostBridge is set.)

Type: null or string

Default: null

Example: "fc00::1"

Declared by:

<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
containers.<name>.extraVeths.<name>.hostBridge

Put the host-side of the veth-pair into the named bridge. Only one of hostAddress* or hostBridge can be given.

Type: null or string

Default: null

Example: "br0"

Declared by:

<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
containers.<name>.extraVeths.<name>.localAddress

The IPv4 address assigned to the interface in the container. If a hostBridge is used, this should be given with netmask to access the whole network. Otherwise the default netmask is /32 and routing is set up from localAddress to hostAddress and back.

Type: null or string

Default: null

Example: "10.231.136.2"

Declared by:

<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
containers.<name>.extraVeths.<name>.localAddress6

The IPv6 address assigned to the interface in the container. If a hostBridge is used, this should be given with netmask to access the whole network. Otherwise the default netmask is /128 and routing is set up from localAddress6 to hostAddress6 and back.

Type: null or string

Default: null

Example: "fc00::2"

Declared by:

<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
containers.<name>.forwardPorts

List of forwarded ports from host to container. Each forwarded port is specified by protocol, hostPort and containerPort. By default, protocol is tcp and hostPort and containerPort are assumed to be the same if containerPort is not explicitly given.

Type: list of (submodule)

Default: [ ]

Example:

[
  {
    containerPort = 80;
    hostPort = 8080;
    protocol = "tcp";
  }
]

Declared by:

<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
containers.<name>.forwardPorts.*.containerPort

Target port of container

Type: null or signed integer

Default: null

Declared by:

<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
containers.<name>.forwardPorts.*.hostPort

Source port of the external interface on host

Type: signed integer

Declared by:

<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
containers.<name>.forwardPorts.*.protocol

The protocol specifier for port forwarding between host and container

Type: string

Default: "tcp"

Declared by:

<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
containers.<name>.hostAddress

The IPv4 address assigned to the host interface. (Not used when hostBridge is set.)

Type: null or string

Default: null

Example: "10.231.136.1"

Declared by:

<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
containers.<name>.hostAddress6

The IPv6 address assigned to the host interface. (Not used when hostBridge is set.)

Type: null or string

Default: null

Example: "fc00::1"

Declared by:

<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
containers.<name>.hostBridge

Put the host-side of the veth-pair into the named bridge. Only one of hostAddress* or hostBridge can be given.

Type: null or string

Default: null

Example: "br0"

Declared by:

<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
containers.<name>.interfaces

The list of interfaces to be moved into the container.

Type: list of string

Default: [ ]

Example:

[
  "eth1"
  "eth2"
]

Declared by:

<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
containers.<name>.localAddress

The IPv4 address assigned to the interface in the container. If a hostBridge is used, this should be given with netmask to access the whole network. Otherwise the default netmask is /32 and routing is set up from localAddress to hostAddress and back.

Type: null or string

Default: null

Example: "10.231.136.2"

Declared by:

<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
containers.<name>.localAddress6

The IPv6 address assigned to the interface in the container. If a hostBridge is used, this should be given with netmask to access the whole network. Otherwise the default netmask is /128 and routing is set up from localAddress6 to hostAddress6 and back.

Type: null or string

Default: null

Example: "fc00::2"

Declared by:

<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
containers.<name>.macvlans

The list of host interfaces from which macvlans will be created. For each interface specified, a macvlan interface will be created and moved to the container.

Type: list of string

Default: [ ]

Example:

[
  "eth1"
  "eth2"
]

Declared by:

<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
containers.<name>.nixpkgs

A path to the nixpkgs that provide the modules, pkgs and lib for evaluating the container.

To only change the pkgs argument used inside the container modules, set the nixpkgs.* options in the container config. Setting config.nixpkgs.pkgs = pkgs speeds up the container evaluation by reusing the system pkgs, but the nixpkgs.config option in the container config is ignored in this case.

Type: path

Default: pkgs.path

Declared by:

<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
containers.<name>.path

As an alternative to specifying config, you can specify the path to the evaluated NixOS system configuration, typically a symlink to a system profile.

Type: path

Example: "/nix/var/nix/profiles/per-container/webserver"

Declared by:

<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
containers.<name>.privateNetwork

Whether to give the container its own private virtual Ethernet interface. The interface is called eth0, and is hooked up to the interface ve-«container-name» on the host. If this option is not set, then the container shares the network interfaces of the host, and can bind to any port on any interface.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
containers.<name>.restartIfChanged

Whether the container should be restarted during a NixOS configuration switch if its definition has changed.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
containers.<name>.specialArgs

A set of special arguments to be passed to NixOS modules. This will be merged into the specialArgs used to evaluate the NixOS configurations.

Type: attribute set of unspecified value

Default: { }

Declared by:

<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
containers.<name>.timeoutStartSec

Time for the container to start. In case of a timeout, the container processes get killed. See systemd.time(7) for more information about the format.

Type: string

Default: "1min"

Declared by:

<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
containers.<name>.tmpfs

Mounts a set of tmpfs file systems into the container. Multiple paths can be specified. Valid items must conform to the --tmpfs argument of systemd-nspawn. See systemd-nspawn(1) for details.

Type: list of string

Default: [ ]

Example:

[
  "/var"
]

Declared by:

<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
documentation.enable

Whether to install documentation of packages from environment.systemPackages into the generated system path.

See “Multiple-output packages” chapter in the nixpkgs manual for more info.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/misc/documentation.nix>
documentation.dev.enable

Whether to install documentation targeted at developers.

  • This includes man pages targeted at developers if documentation.man.enable is set (this also includes “devman” outputs).

  • This includes info pages targeted at developers if documentation.info.enable is set (this also includes “devinfo” outputs).

  • This includes other pages targeted at developers if documentation.doc.enable is set (this also includes “devdoc” outputs).

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/misc/documentation.nix>
documentation.doc.enable

Whether to install documentation distributed in packages’ /share/doc. Usually plain text and/or HTML. This also includes “doc” outputs.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/misc/documentation.nix>
documentation.info.enable

Whether to install info pages and the info command. This also includes “info” outputs.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/misc/documentation.nix>
documentation.man.enable

Whether to install manual pages. This also includes man outputs.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/misc/documentation.nix>
documentation.man.generateCaches

Whether to generate the manual page index caches. This allows searching for a page or keyword using utilities like apropos(1) and the -k option of man(1).

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/misc/documentation.nix>
documentation.man.man-db.enable

Whether to enable man-db as the default man page viewer.

Type: boolean

Default: config.documentation.man.enable

Example: false

Declared by:

<nixpkgs/nixos/modules/misc/man-db.nix>
documentation.man.man-db.package

The man-db derivation to use. Useful to override configuration options used for the package.

Type: package

Default: pkgs.man-db

Declared by:

<nixpkgs/nixos/modules/misc/man-db.nix>
documentation.man.man-db.manualPages

The manual pages to generate caches for if documentation.man.generateCaches is enabled. Must be a path to a directory with man pages under /share/man; see the source for an example. Advanced users can make this a content-addressed derivation to save a few rebuilds.

Type: path

Default: all man pages in config.environment.systemPackages

Declared by:

<nixpkgs/nixos/modules/misc/man-db.nix>
documentation.man.mandoc.enable

Whether to enable mandoc as the default man page viewer.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/misc/mandoc.nix>
documentation.man.mandoc.package

The mandoc derivation to use. Useful to override configuration options used for the package.

Type: package

Default: pkgs.mandoc

Declared by:

<nixpkgs/nixos/modules/misc/mandoc.nix>
documentation.man.mandoc.cachePath

Change the paths where mandoc makewhatis(8)generates the manual page index caches. documentation.man.generateCaches should be enabled to allow cache generation. This list should only include the paths to manpages installed in the system configuration, i. e. /run/current-system/sw/share/man. makewhatis(8) creates a database in each directory using the files mansection/[arch/]title.section and catsection/[arch/]title.0 in it. If a directory contains no manual pages, no database is created in that directory. This option only needs to be set manually if extra paths should be indexed or documentation.man.manPath contains paths that can’t be indexed.

Type: list of string

Default: config.documentation.man.mandoc.manPath

Example: [ "share/man" "share/man/fr" ]

Declared by:

<nixpkgs/nixos/modules/misc/mandoc.nix>
documentation.man.mandoc.extraConfig

Extra configuration to write to man.conf(5).

Type: strings concatenated with “\n”

Default: ""

Declared by:

<nixpkgs/nixos/modules/misc/mandoc.nix>
documentation.man.mandoc.manPath

Change the paths included in the MANPATH environment variable, i. e. the directories where man(1) looks for section-specific directories of man pages. You only need to change this setting if you want extra man pages (e. g. in non-english languages). All values must be strings that are a valid path from the target prefix (without including it). The first value given takes priority. Note that this will not add manpath directives to man.conf(5).

Type: list of string

Default:

[
  "share/man"
]

Example: [ "share/man" "share/man/fr" ]

Declared by:

<nixpkgs/nixos/modules/misc/mandoc.nix>
documentation.man.mandoc.settings

Configuration for man.conf(5)

Type: submodule

Default: { }

Declared by:

<nixpkgs/nixos/modules/misc/mandoc.nix>
documentation.man.mandoc.settings.manpath

Override the default search path for man(1), apropos(1), and makewhatis(8). It can be used multiple times to specify multiple paths, with the order determining the manual page search order. This is not recommended in favor of documentation.man.mandoc.manPath, but if it’s needed to specify the manpath in this way, set documentation.man.mandoc.manPath to an empty list ([]).

Type: list of string

Default: [ ]

Example: [ "/run/current-system/sw/share/man" ]

Declared by:

<nixpkgs/nixos/modules/misc/mandoc.nix>
documentation.man.mandoc.settings.output.fragment

Whether to enable Omit the <!DOCTYPE> declaration and the <html>, <head>, and <body> elements and only emit the subtree below the <body> element in HTML output of mandoc(1). The style argument will be ignored. This is useful when embedding manual content within existing documents. .

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/misc/mandoc.nix>
documentation.man.mandoc.settings.output.includes

A string of relative path used as a template for the output path of linked header files (usually via the In macro) in HTML output. Instances of %I are replaced with the include filename. The default is not to present a hyperlink.

Type: null or string

Default: null

Example: ../src/%I.html

Declared by:

<nixpkgs/nixos/modules/misc/mandoc.nix>
documentation.man.mandoc.settings.output.indent

Number of blank characters at the left margin for normal text, default of 5 for mdoc(7) and 7 for man(7). Increasing this is not recommended; it may result in degraded formatting, for example overfull lines or ugly line breaks. When output is to a pager on a terminal that is less than 66 columns wide, the default is reduced to three columns.

Type: null or signed integer

Default: null

Declared by:

<nixpkgs/nixos/modules/misc/mandoc.nix>
documentation.man.mandoc.settings.output.man

A template for linked manuals (usually via the Xr macro) in HTML output. Instances of ‘%N’ and ‘%S’ are replaced with the linked manual’s name and section, respectively. If no section is included, section 1 is assumed. The default is not to present a hyperlink. If two formats are given and a file %N.%S exists in the current directory, the first format is used; otherwise, the second format is used.

Type: null or string

Default: null

Example: ../html%S/%N.%S.html

Declared by:

<nixpkgs/nixos/modules/misc/mandoc.nix>
documentation.man.mandoc.settings.output.paper

This option is for generating PostScript and PDF output. The paper size name may be one of a3, a4, a5, legal, or letter. You may also manually specify dimensions as NNxNN, width by height in millimetres. If an unknown value is encountered, letter is used. Output pages default to letter sized and are rendered in the Times font family, 11-point. Margins are calculated as 1/9 the page length and width. Line-height is 1.4m.

Type: null or string

Default: null

Declared by:

<nixpkgs/nixos/modules/misc/mandoc.nix>
documentation.man.mandoc.settings.output.style

Path to the file used for an external style-sheet. This must be a valid absolute or relative URI.

Type: null or path

Default: null

Declared by:

<nixpkgs/nixos/modules/misc/mandoc.nix>
documentation.man.mandoc.settings.output.toc

Whether to enable In HTML output of mandoc(1), If an input file contains at least two non-standard sections, print a table of contents near the beginning of the output. .

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/misc/mandoc.nix>
documentation.man.mandoc.settings.output.width

The ASCII and UTF-8 output width, default is 78. When output is a pager on a terminal that is less than 79 columns wide, the default is reduced to one less than the terminal width. In any case, lines that are output in literal mode are never wrapped and may exceed the output width.

Type: null or signed integer

Default: null

Declared by:

<nixpkgs/nixos/modules/misc/mandoc.nix>
documentation.nixos.enable

Whether to install NixOS’s own documentation.

  • This includes man pages like configuration.nix(5) if documentation.man.enable is set.

  • This includes the HTML manual and the nixos-help command if documentation.doc.enable is set.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/misc/documentation.nix>
documentation.nixos.extraModuleSources

Which extra NixOS module paths the generated NixOS’s documentation should strip from options.

Type: list of (path or string)

Default: [ ]

Example:

# e.g. with options from modules in ${pkgs.customModules}/nix:
[ pkgs.customModules ]

Declared by:

<nixpkgs/nixos/modules/misc/documentation.nix>
documentation.nixos.extraModules

Modules for which to show options even when not imported.

Type: list of raw value

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/misc/documentation.nix>
documentation.nixos.includeAllModules

Whether the generated NixOS’s documentation should include documentation for all the options from all the NixOS modules included in the current configuration.nix. Disabling this will make the manual generator to ignore options defined outside of baseModules.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/misc/documentation.nix>
documentation.nixos.options.splitBuild

Whether to split the option docs build into a cacheable and an uncacheable part. Splitting the build can substantially decrease the amount of time needed to build the manual, but some user modules may be incompatible with this splitting.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/misc/documentation.nix>
documentation.nixos.options.warningsAreErrors

Treat warning emitted during the option documentation build (eg for missing option descriptions) as errors.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/misc/documentation.nix>
dysnomia.enable

Whether to enable Dysnomia

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
dysnomia.enableAuthentication

Whether to publish privacy-sensitive authentication credentials

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
dysnomia.enableLegacyModules

Whether to enable Dysnomia legacy process and wrapper modules

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
dysnomia.package

The Dysnomia package

Type: path

Declared by:

<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
dysnomia.components

An attribute set in which each key represents a container and each value an attribute set in which each key represents a component and each value a derivation constructing its initial state

Type: attribute set of (attribute set)

Default: { }

Declared by:

<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
dysnomia.containers

An attribute set in which each key represents a container and each value an attribute set providing its configuration properties

Type: attribute set of (attribute set)

Default: { }

Declared by:

<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
dysnomia.extraContainerPaths

A list of paths containing additional container configurations that are added to the search folders

Type: list of path

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
dysnomia.extraContainerProperties

An attribute set providing additional container settings in addition to the default properties

Type: attribute set

Default: { }

Declared by:

<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
dysnomia.extraModulePaths

A list of paths containing additional modules that are added to the search folders

Type: list of path

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
dysnomia.properties

An attribute set in which each attribute represents a machine property. Optionally, these values can be shell substitutions.

Type: attribute set

Default: { }

Declared by:

<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
ec2.zfs.datasets

Datasets to create under the tank and boot zpools.

NOTE: This option is used only at image creation time, and does not attempt to declaratively create or manage datasets on an existing system.

Type: attribute set of (submodule)

Default: { }

Declared by:

<nixpkgs/nixos/modules/virtualisation/amazon-options.nix>
ec2.zfs.datasets.<name>.mount

Where to mount this dataset.

Type: null or string

Default: null

Declared by:

<nixpkgs/nixos/modules/virtualisation/amazon-options.nix>
ec2.zfs.datasets.<name>.properties

Properties to set on this dataset.

Type: attribute set of string

Default: { }

Declared by:

<nixpkgs/nixos/modules/virtualisation/amazon-options.nix>
environment.enableAllTerminfo

Whether to install all terminfo outputs

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/terminfo.nix>
environment.enableDebugInfo

Some NixOS packages provide debug symbols. However, these are not included in the system closure by default to save disk space. Enabling this option causes the debug symbols to appear in /run/current-system/sw/lib/debug/.build-id, where tools such as gdb can find them. If you need debug symbols for a package that doesn’t provide them by default, you can enable them as follows:

nixpkgs.config.packageOverrides = pkgs: {
  hello = pkgs.hello.overrideAttrs (oldAttrs: {
    separateDebugInfo = true;
  });
};

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/debug-info.nix>
environment.budgie.excludePackages

Which packages Budgie should exclude from the default environment.

Type: list of package

Default: [ ]

Example: [ pkgs.mate-terminal ]

Declared by:

<nixpkgs/nixos/modules/services/x11/desktop-managers/budgie.nix>
environment.checkConfigurationOptions

Alias of _module.check.

Type: boolean

Declared by:

<nixpkgs/nixos/modules/rename.nix>
environment.cinnamon.excludePackages

Which packages cinnamon should exclude from the default environment

Type: list of package

Default: [ ]

Example: [ pkgs.cinnamon.blueberry ]

Declared by:

<nixpkgs/nixos/modules/services/x11/desktop-managers/cinnamon.nix>
environment.deepin.excludePackages

List of default packages to exclude from the configuration

Type: list of package

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/x11/desktop-managers/deepin.nix>
environment.defaultPackages

Set of default packages that aren’t strictly necessary for a running system, entries can be removed for a more minimal NixOS installation.

Like with systemPackages, packages are installed to /run/current-system/sw. They are automatically available to all users, and are automatically updated every time you rebuild the system configuration.

Type: list of package

Default: these packages, with their meta.priority numerically increased (thus lowering their installation priority):

[ pkgs.perl pkgs.rsync pkgs.strace ]

Example: [ ]

Declared by:

<nixpkgs/nixos/modules/config/system-path.nix>
environment.etc

Set of files that have to be linked in /etc.

Type: attribute set of (submodule)

Default: { }

Example:

{ example-configuration-file =
    { source = "/nix/store/.../etc/dir/file.conf.example";
      mode = "0440";
    };
  "default/useradd".text = "GROUP=100 ...";
}

Declared by:

<nixpkgs/nixos/modules/system/etc/etc.nix>
environment.etc.<name>.enable

Whether this /etc file should be generated. This option allows specific /etc files to be disabled.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/system/etc/etc.nix>
environment.etc.<name>.gid

GID of created file. Only takes effect when the file is copied (that is, the mode is not ‘symlink’).

Type: signed integer

Default: 0

Declared by:

<nixpkgs/nixos/modules/system/etc/etc.nix>
environment.etc.<name>.group

Group name of created file. Only takes effect when the file is copied (that is, the mode is not ‘symlink’). Changing this option takes precedence over gid.

Type: string

Default: "+0"

Declared by:

<nixpkgs/nixos/modules/system/etc/etc.nix>
environment.etc.<name>.mode

If set to something else than symlink, the file is copied instead of symlinked, with the given file mode.

Type: string

Default: "symlink"

Example: "0600"

Declared by:

<nixpkgs/nixos/modules/system/etc/etc.nix>
environment.etc.<name>.source

Path of the source file.

Type: path

Declared by:

<nixpkgs/nixos/modules/system/etc/etc.nix>
environment.etc.<name>.target

Name of symlink (relative to /etc). Defaults to the attribute name.

Type: string

Declared by:

<nixpkgs/nixos/modules/system/etc/etc.nix>
environment.etc.<name>.text

Text of the file.

Type: null or strings concatenated with “\n”

Default: null

Declared by:

<nixpkgs/nixos/modules/system/etc/etc.nix>
environment.etc.<name>.uid

UID of created file. Only takes effect when the file is copied (that is, the mode is not ‘symlink’).

Type: signed integer

Default: 0

Declared by:

<nixpkgs/nixos/modules/system/etc/etc.nix>
environment.etc.<name>.user

User name of created file. Only takes effect when the file is copied (that is, the mode is not ‘symlink’). Changing this option takes precedence over uid.

Type: string

Default: "+0"

Declared by:

<nixpkgs/nixos/modules/system/etc/etc.nix>
environment.extraInit

Shell script code called during global environment initialisation after all variables and profileVariables have been set. This code is assumed to be shell-independent, which means you should stick to pure sh without sh word split.

Type: strings concatenated with “\n”

Default: ""

Declared by:

<nixpkgs/nixos/modules/config/shells-environment.nix>
environment.extraOutputsToInstall

Entries listed here will be appended to the meta.outputsToInstall attribute for each package in environment.systemPackages, and the files from the corresponding derivation outputs symlinked into /run/current-system/sw.

For example, this can be used to install the dev and info outputs for all packages in the system environment, if they are available.

To use specific outputs instead of configuring them globally, select the corresponding attribute on the package derivation, e.g. libxml2.dev or coreutils.info.

Type: list of string

Default: [ ]

Example:

[
  "dev"
  "info"
]

Declared by:

<nixpkgs/nixos/modules/config/system-path.nix>
environment.extraSetup

Shell fragments to be run after the system environment has been created. This should only be used for things that need to modify the internals of the environment, e.g. generating MIME caches. The environment being built can be accessed at $out.

Type: strings concatenated with “\n”

Default: ""

Declared by:

<nixpkgs/nixos/modules/config/system-path.nix>
environment.freetds

Configure freetds database entries. Each attribute denotes a section within freetds.conf, and the value (a string) is the config content for that section. When at least one entry is configured the global environment variables FREETDSCONF, FREETDS and SYBASE will be configured to allow the programs that use freetds to find the library and config.

Type: attribute set of string

Default: { }

Example:

{ MYDATABASE = ''
    host = 10.0.2.100
    port = 1433
    tds version = 7.2
  '';
}

Declared by:

<nixpkgs/nixos/modules/programs/freetds.nix>
environment.gnome.excludePackages

Which packages gnome should exclude from the default environment

Type: list of package

Default: [ ]

Example: [ pkgs.gnome.totem ]

Declared by:

<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome.nix>
environment.homeBinInPath

Include ~/bin/ in $PATH.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/shells-environment.nix>
environment.interactiveShellInit

Shell script code called during interactive shell initialisation. This code is assumed to be shell-independent, which means you should stick to pure sh without sh word split.

Type: strings concatenated with “\n”

Default: ""

Declared by:

<nixpkgs/nixos/modules/config/shells-environment.nix>
environment.ldso

The executable to link into the normal FHS location of the ELF loader.

Type: null or path

Default: null

Declared by:

<nixpkgs/nixos/modules/config/ldso.nix>
environment.ldso32

The executable to link into the normal FHS location of the 32-bit ELF loader.

This currently only works on x86_64 architectures.

Type: null or path

Default: null

Declared by:

<nixpkgs/nixos/modules/config/ldso.nix>
environment.localBinInPath

Add ~/.local/bin/ to $PATH

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/shells-environment.nix>
environment.loginShellInit

Shell script code called during login shell initialisation. This code is assumed to be shell-independent, which means you should stick to pure sh without sh word split.

Type: strings concatenated with “\n”

Default: ""

Declared by:

<nixpkgs/nixos/modules/config/shells-environment.nix>
environment.lxqt.excludePackages

Which LXQt packages to exclude from the default environment

Type: list of package

Default: [ ]

Example: [ pkgs.lxqt.qterminal ]

Declared by:

<nixpkgs/nixos/modules/services/x11/desktop-managers/lxqt.nix>
environment.mate.excludePackages

Which MATE packages to exclude from the default environment

Type: list of package

Default: [ ]

Example: [ pkgs.mate.mate-terminal pkgs.mate.pluma ]

Declared by:

<nixpkgs/nixos/modules/services/x11/desktop-managers/mate.nix>
environment.memoryAllocator.provider

The system-wide memory allocator.

Briefly, the system-wide memory allocator providers are:

  • libc: the standard allocator provided by libc

  • graphene-hardened: Hardened memory allocator coming from GrapheneOS project. The default configuration template has all normal optional security features enabled and is quite aggressive in terms of sacrificing performance and memory usage for security.

  • graphene-hardened-light: Hardened memory allocator coming from GrapheneOS project. The light configuration template disables the slab quarantines, write after free check, slot randomization and raises the guard slab interval from 1 to 8 but leaves zero-on-free and slab canaries enabled. The light configuration has solid performance and memory usage while still being far more secure than mainstream allocators with much better security properties.

  • jemalloc: A general purpose allocator that emphasizes fragmentation avoidance and scalable concurrency support.

  • mimalloc: A compact and fast general purpose allocator, which may optionally be built with mitigations against various heap vulnerabilities.

  • scudo: A user-mode allocator based on LLVM Sanitizer’s CombinedAllocator, which aims at providing additional mitigations against heap based vulnerabilities, while maintaining good performance.

Warning

Selecting an alternative allocator (i.e., anything other than libc) may result in instability, data loss, and/or service failure.

Type: one of “libc”, “graphene-hardened”, “graphene-hardened-light”, “jemalloc”, “mimalloc”, “scudo”

Default: "libc"

Declared by:

<nixpkgs/nixos/modules/config/malloc.nix>
environment.noXlibs

Switch off the options in the default configuration that require X11 libraries. This includes client-side font configuration and SSH forwarding of X11 authentication in. Thus, you probably do not want to enable this option if you want to run X11 programs on this machine via SSH.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/no-x-libs.nix>
environment.pantheon.excludePackages

Which packages pantheon should exclude from the default environment

Type: list of package

Default: [ ]

Example: [ pkgs.pantheon.elementary-camera ]

Declared by:

<nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix>
environment.pathsToLink

List of directories to be symlinked in /run/current-system/sw.

Type: list of string

Default: [ ]

Example:

[
  "/"
]

Declared by:

<nixpkgs/nixos/modules/config/system-path.nix>
environment.plasma5.excludePackages

List of default packages to exclude from the configuration

Type: list of package

Default: [ ]

Example: [ pkgs.plasma5Packages.oxygen ]

Declared by:

<nixpkgs/nixos/modules/services/x11/desktop-managers/plasma5.nix>
environment.plasma6.excludePackages

List of default packages to exclude from the configuration

Type: list of package

Default: [ ]

Example: [ pkgs.kdePackages.elisa ]

Declared by:

<nixpkgs/nixos/modules/services/desktop-managers/plasma6.nix>
environment.profileRelativeEnvVars

Attribute set of environment variable. Each attribute maps to a list of relative paths. Each relative path is appended to the each profile of environment.profiles to form the content of the corresponding environment variable.

Type: attribute set of list of string

Example:

{
  MANPATH = [
    "/man"
    "/share/man"
  ];
  PATH = [
    "/bin"
  ];
}

Declared by:

<nixpkgs/nixos/modules/config/shells-environment.nix>
environment.profileRelativeSessionVariables

Attribute set of environment variable used in the global environment. These variables will be set by PAM early in the login process.

Variable substitution is available as described in pam_env.conf(5).

Each attribute maps to a list of relative paths. Each relative path is appended to the each profile of environment.profiles to form the content of the corresponding environment variable.

Also, these variables are merged into environment.profileRelativeEnvVars and it is therefore not possible to use PAM style variables such as @{HOME}.

Type: attribute set of list of string

Example:

{
  MANPATH = [
    "/man"
    "/share/man"
  ];
  PATH = [
    "/bin"
  ];
}

Declared by:

<nixpkgs/nixos/modules/config/system-environment.nix>
environment.profiles

A list of profiles used to setup the global environment.

Type: list of string

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/config/shells-environment.nix>
environment.sessionVariables

A set of environment variables used in the global environment. These variables will be set by PAM early in the login process.

The value of each session variable can be either a string or a list of strings. The latter is concatenated, interspersed with colon characters.

Note, due to limitations in the PAM format values may not contain the " character.

Also, these variables are merged into environment.variables and it is therefore not possible to use PAM style variables such as @{HOME}.

Type: attribute set of ((list of (floating point number or signed integer or string)) or floating point number or signed integer or string or path)

Default: { }

Declared by:

<nixpkgs/nixos/modules/config/system-environment.nix>
environment.shellAliases

An attribute set that maps aliases (the top level attribute names in this option) to command strings or directly to build outputs. The aliases are added to all users’ shells. Aliases mapped to null are ignored.

Type: attribute set of (null or string or path)

Example:

{
  l = null;
  ll = "ls -l";
}

Declared by:

<nixpkgs/nixos/modules/config/shells-environment.nix>
environment.shellInit

Shell script code called during shell initialisation. This code is assumed to be shell-independent, which means you should stick to pure sh without sh word split.

Type: strings concatenated with “\n”

Default: ""

Declared by:

<nixpkgs/nixos/modules/config/shells-environment.nix>
environment.shells

A list of permissible login shells for user accounts. No need to mention /bin/sh here, it is placed into this list implicitly.

Type: list of (package or path)

Default: [ ]

Example: [ pkgs.bashInteractive pkgs.zsh ]

Declared by:

<nixpkgs/nixos/modules/config/shells-environment.nix>
environment.stub-ld.enable

Install a stub ELF loader to print an informative error message in the event that a user attempts to run an ELF binary not compiled for NixOS.

Type: boolean

Default: true

Example: false

Declared by:

<nixpkgs/nixos/modules/config/stub-ld.nix>
environment.systemPackages

The set of packages that appear in /run/current-system/sw. These packages are automatically available to all users, and are automatically updated every time you rebuild the system configuration. (The latter is the main difference with installing them in the default profile, /nix/var/nix/profiles/default.

Type: list of package

Default: [ ]

Example: [ pkgs.firefox pkgs.thunderbird ]

Declared by:

<nixpkgs/nixos/modules/config/system-path.nix>
environment.unixODBCDrivers

Specifies Unix ODBC drivers to be registered in /etc/odbcinst.ini. You may also want to add pkgs.unixODBC to the system path to get a command line client to connect to ODBC databases.

Type: list of package

Default: [ ]

Example: with pkgs.unixODBCDrivers; [ sqlite psql ]

Declared by:

<nixpkgs/nixos/modules/config/unix-odbc-drivers.nix>
environment.variables

A set of environment variables used in the global environment. These variables will be set on shell initialisation (e.g. in /etc/profile). The value of each variable can be either a string or a list of strings. The latter is concatenated, interspersed with colon characters.

Type: attribute set of ((list of (floating point number or signed integer or string)) or floating point number or signed integer or string or path)

Default: { }

Example:

{
  EDITOR = "nvim";
  VISUAL = "nvim";
}

Declared by:

<nixpkgs/nixos/modules/config/shells-environment.nix>
environment.wordlist.enable

Whether to enable environment variables for lists of words.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/misc/wordlist.nix>
environment.wordlist.lists

A set with the key names being the environment variable you’d like to set and the values being a list of paths to text documents containing lists of words. The various files will be merged, sorted, duplicates removed, and extraneous spacing removed.

If you have a handful of words that you want to add to an already existing wordlist, you may find builtins.toFile useful for this task.

Type: attribute set of non-empty (list of path)

Default:

{
  WORDLIST = [ "${pkgs.scowl}/share/dict/words.txt" ];
}

Example:

{
  WORDLIST = [ "${pkgs.scowl}/share/dict/words.txt" ];
  AUGMENTED_WORDLIST = [
    "${pkgs.scowl}/share/dict/words.txt"
    "${pkgs.scowl}/share/dict/words.variants.txt"
    (builtins.toFile "extra-words" ''
      desynchonization
      oobleck'')
  ];
}

Declared by:

<nixpkgs/nixos/modules/misc/wordlist.nix>
environment.xfce.excludePackages

Which packages XFCE should exclude from the default environment

Type: list of package

Default: [ ]

Example: [ pkgs.xfce.xfce4-volumed-pulse ]

Declared by:

<nixpkgs/nixos/modules/services/x11/desktop-managers/xfce.nix>
fileSystems

The file systems to be mounted. It must include an entry for the root directory (mountPoint = "/"). Each entry in the list is an attribute set with the following fields: mountPoint, device, fsType (a file system type recognised by mount; defaults to "auto"), and options (the mount options passed to mount using the -o flag; defaults to [ "defaults" ]).

Instead of specifying device, you can also specify a volume label (label) for file systems that support it, such as ext2/ext3 (see mke2fs -L).

Type: attribute set of (submodule)

Default: { }

Example:

{
  "/".device = "/dev/hda1";
  "/data" = {
    device = "/dev/hda2";
    fsType = "ext3";
    options = [ "data=journal" ];
  };
  "/bigdisk".label = "bigdisk";
}

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems/overlayfs.nix>
<nixpkgs/nixos/modules/tasks/filesystems.nix>
<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
fileSystems.<name>.autoFormat

If the device does not currently contain a filesystem (as determined by blkid), then automatically format it with the filesystem type specified in fsType. Use with caution.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
fileSystems.<name>.autoResize

If set, the filesystem is grown to its maximum size before being mounted. (This is typically the size of the containing partition.) This is currently only supported for ext2/3/4 filesystems that are mounted during early boot.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
fileSystems.<name>.depends

List of paths that should be mounted before this one. This filesystem’s device and mountPoint are always checked and do not need to be included explicitly. If a path is added to this list, any other filesystem whose mount point is a parent of the path will be mounted before this filesystem. The paths do not need to actually be the mountPoint of some other filesystem.

Type: list of string (with check: non-empty without trailing slash)

Default: [ ]

Example:

[
  "/persist"
]

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
fileSystems.<name>.device

Location of the device.

Type: null or string (with check: non-empty)

Default: null

Example: "/dev/sda"

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
fileSystems.<name>.encrypted.enable

The block device is backed by an encrypted one, adds this device as a initrd luks entry.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
fileSystems.<name>.encrypted.blkDev

Location of the backing encrypted device.

Type: null or string

Default: null

Example: "/dev/sda1"

Declared by:

<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
fileSystems.<name>.encrypted.keyFile

Path to a keyfile used to unlock the backing encrypted device. When systemd stage 1 is not enabled, at the time this keyfile is accessed, the neededForBoot filesystems (see utils.fsNeededForBoot) will have been mounted under /mnt-root, so the keyfile path should usually start with “/mnt-root/”. When systemd stage 1 is enabled, fsNeededForBoot file systems will be mounted as needed under /sysroot, and the keyfile will not be accessed until its requisite mounts are done.

Type: null or string

Default: null

Example: "/mnt-root/root/.swapkey"

Declared by:

<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
fileSystems.<name>.encrypted.label

Label of the unlocked encrypted device. Set fileSystems.<name?>.device to /dev/mapper/<label> to mount the unlocked device.

Type: null or string

Default: null

Example: "rootfs"

Declared by:

<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
fileSystems.<name>.fsType

Type of the file system.

Type: string (with check: non-empty)

Default: "auto"

Example: "ext3"

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
fileSystems.<name>.label

Label of the device (if any).

Type: null or string (with check: non-empty)

Default: null

Example: "root-partition"

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
fileSystems.<name>.mountPoint

Location of the mounted file system.

Type: string (with check: non-empty without trailing slash)

Example: "/mnt/usb"

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
fileSystems.<name>.neededForBoot

If set, this file system will be mounted in the initial ramdisk. Note that the file system will always be mounted in the initial ramdisk if its mount point is one of the following: /, /nix, /nix/store, /var, /var/log, /var/lib, /var/lib/nixos, /etc, /usr.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/system/boot/stage-1.nix>
fileSystems.<name>.noCheck

Disable running fsck on this filesystem.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
fileSystems.<name>.options

Options used to mount the file system.

Type: non-empty (list of string (with check: non-empty))

Default:

[
  "defaults"
]

Example:

[
  "data=journal"
]

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
fileSystems.<name>.overlay.lowerdir

The list of path(s) to the lowerdir(s).

To create a writable overlay, you MUST provide an upperdir and a workdir.

You can create a read-only overlay when you provide multiple (at least 2!) lowerdirs and neither an upperdir nor a workdir.

Type: null or (non-empty (list of (string or path in the Nix store)))

Default: null

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems/overlayfs.nix>
fileSystems.<name>.overlay.upperdir

The path to the upperdir.

If this is null, a read-only overlay is created using the lowerdir.

If you set this to some value you MUST also set workdir.

Type: null or string

Default: null

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems/overlayfs.nix>
fileSystems.<name>.overlay.workdir

The path to the workdir.

This MUST be set if you set upperdir.

Type: null or string

Default: null

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems/overlayfs.nix>
fileSystems.<name>.stratis.poolUuid

UUID of the stratis pool that the fs is located in

Type: null or string

Default: null

Example: "04c68063-90a5-4235-b9dd-6180098a20d9"

Declared by:

<nixpkgs/nixos/modules/tasks/filesystems.nix>
fonts.enableDefaultPackages

Enable a basic set of fonts providing several styles and families and reasonable coverage of Unicode.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/fonts/packages.nix>
fonts.enableGhostscriptFonts

Whether to add the fonts provided by Ghostscript (such as various URW fonts and the “Base-14” Postscript fonts) to the list of system fonts, making them available to X11 applications.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/fonts/ghostscript.nix>
fonts.packages

List of primary font packages.

Type: list of path

Default: [ ]

Example: [ pkgs.dejavu_fonts ]

Declared by:

<nixpkgs/nixos/modules/config/fonts/packages.nix>
fonts.fontDir.enable

Whether to create a directory with links to all fonts in /run/current-system/sw/share/X11/fonts.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontdir.nix>
fonts.fontDir.decompressFonts

Whether to decompress fonts in /run/current-system/sw/share/X11/fonts.

Type: boolean

Default: config.programs.xwayland.enable

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontdir.nix>
fonts.fontconfig.enable

If enabled, a Fontconfig configuration file will be built pointing to a set of default fonts. If you don’t care about running X11 applications or any other program that uses Fontconfig, you can turn this option off and prevent a dependency on all those fonts.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
fonts.fontconfig.allowBitmaps

Allow bitmap fonts. Set to false to ban all bitmap fonts.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
fonts.fontconfig.allowType1

Allow Type-1 fonts. Default is false because of poor rendering.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
fonts.fontconfig.antialias

Enable font antialiasing. At high resolution (> 200 DPI), antialiasing has no visible effect; users of such displays may want to disable this option.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
fonts.fontconfig.cache32Bit

Generate system fonts cache for 32-bit applications.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
fonts.fontconfig.defaultFonts.emoji

System-wide default emoji font(s). Multiple fonts may be listed in case a font does not support all emoji.

Note that fontconfig matches color emoji fonts preferentially, so if you want to use a black and white font while having a color font installed (eg. Noto Color Emoji installed alongside Noto Emoji), fontconfig will still choose the color font even when it is later in the list.

Type: list of string

Default:

[
  "Noto Color Emoji"
]

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
fonts.fontconfig.defaultFonts.monospace

System-wide default monospace font(s). Multiple fonts may be listed in case multiple languages must be supported.

Type: list of string

Default:

[
  "DejaVu Sans Mono"
]

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
fonts.fontconfig.defaultFonts.sansSerif

System-wide default sans serif font(s). Multiple fonts may be listed in case multiple languages must be supported.

Type: list of string

Default:

[
  "DejaVu Sans"
]

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
fonts.fontconfig.defaultFonts.serif

System-wide default serif font(s). Multiple fonts may be listed in case multiple languages must be supported.

Type: list of string

Default:

[
  "DejaVu Serif"
]

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
fonts.fontconfig.hinting.enable

Enable font hinting. Hinting aligns glyphs to pixel boundaries to improve rendering sharpness at low resolution. At high resolution (> 200 dpi) hinting will do nothing (at best); users of such displays may want to disable this option.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
fonts.fontconfig.hinting.autohint

Enable the autohinter in place of the default interpreter. The results are usually lower quality than correctly-hinted fonts, but better than unhinted fonts.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
fonts.fontconfig.hinting.style

Hintstyle is the amount of font reshaping done to line up to the grid.

slight will make the font more fuzzy to line up to the grid but will be better in retaining font shape, while full will be a crisp font that aligns well to the pixel grid but will lose a greater amount of font shape.

Type: one of “none”, “slight”, “medium”, “full”

Default: "slight"

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
fonts.fontconfig.includeUserConf

Include the user configuration from ~/.config/fontconfig/fonts.conf or ~/.config/fontconfig/conf.d.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
fonts.fontconfig.localConf

System-wide customization file contents, has higher priority than defaultFonts settings.

Type: strings concatenated with “\n”

Default: ""

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
fonts.fontconfig.subpixel.lcdfilter

FreeType LCD filter. At high resolution (> 200 DPI), LCD filtering has no visible effect; users of such displays may want to select none.

Type: one of “none”, “default”, “light”, “legacy”

Default: "default"

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
fonts.fontconfig.subpixel.rgba

Subpixel order. The overwhelming majority of displays are rgb in their normal orientation. Select vrgb for mounting such a display 90 degrees clockwise from its normal orientation or vbgr for mounting 90 degrees counter-clockwise. Select bgr in the unlikely event of mounting 180 degrees from the normal orientation. Reverse these directions in the improbable event that the display’s native subpixel order is bgr.

Type: one of “rgb”, “bgr”, “vrgb”, “vbgr”, “none”

Default: "none"

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
fonts.fontconfig.useEmbeddedBitmaps

Use embedded bitmaps in fonts like Calibri.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
gtk.iconCache.enable

Whether to build icon theme caches for GTK applications.

Type: boolean

Default: config.services.xserver.enable

Declared by:

<nixpkgs/nixos/modules/config/gtk/gtk-icon-cache.nix>
hardware.enableAllFirmware

Whether to enable all firmware regardless of license.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/all-firmware.nix>
hardware.enableRedistributableFirmware

Whether to enable firmware with a license allowing redistribution.

Type: boolean

Default: config.hardware.enableAllFirmware

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/all-firmware.nix>
hardware.acpilight.enable

Enable acpilight. This will allow brightness control via xbacklight from users in the video group

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/acpilight.nix>
hardware.amdgpu.amdvlk.enable

Whether to enable AMDVLK Vulkan driver.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/hardware/amdvlk.nix>
hardware.amdgpu.amdvlk.package

The amdvlk package to use.

Type: package

Default: pkgs.amdvlk

Declared by:

<nixpkgs/nixos/modules/services/hardware/amdvlk.nix>
hardware.amdgpu.amdvlk.settings

Runtime settings for AMDVLK to be configured /etc/amd/amdVulkanSettings.cfg. See AMDVLK GitHub page.

Type: attribute set of (string or signed integer)

Default: { }

Example:

{
  AllowVkPipelineCachingToDisk = 1;
  EnableVmAlwaysValid = 1;
  IFH = 0;
  IdleAfterSubmitGpuMask = 1;
  ShaderCacheMode = 1;
}

Declared by:

<nixpkgs/nixos/modules/services/hardware/amdvlk.nix>
hardware.amdgpu.amdvlk.support32Bit.enable

Whether to enable 32-bit driver support.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/hardware/amdvlk.nix>
hardware.amdgpu.amdvlk.support32Bit.package

The amdvlk package to use.

Type: package

Default: pkgs.driversi686Linux.amdvlk

Declared by:

<nixpkgs/nixos/modules/services/hardware/amdvlk.nix>
hardware.amdgpu.amdvlk.supportExperimental.enable

Whether to enable Experimental features support.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/hardware/amdvlk.nix>
hardware.bladeRF.enable

Enables udev rules for BladeRF devices. By default grants access to users in the “bladerf” group. You may want to install the libbladeRF package.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/bladeRF.nix>
hardware.bluetooth.enable

Whether to enable support for Bluetooth.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/hardware/bluetooth.nix>
hardware.bluetooth.package

The bluez package to use.

Type: package

Default: pkgs.bluez

Declared by:

<nixpkgs/nixos/modules/services/hardware/bluetooth.nix>
hardware.bluetooth.disabledPlugins

Built-in plugins to disable

Type: list of string

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/hardware/bluetooth.nix>
hardware.bluetooth.hsphfpd.enable

Whether to enable support for hsphfpd[-prototype] implementation.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/hardware/bluetooth.nix>
hardware.bluetooth.input

Set configuration for the input service (/etc/bluetooth/input.conf).

Type: attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))

Default: { }

Example:

{
  General = {
    ClassicBondedOnly = true;
    IdleTimeout = 30;
  };
}

Declared by:

<nixpkgs/nixos/modules/services/hardware/bluetooth.nix>
hardware.bluetooth.network

Set configuration for the network service (/etc/bluetooth/network.conf).

Type: attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))

Default: { }

Example:

{
  General = {
    DisableSecurity = true;
  };
}

Declared by:

<nixpkgs/nixos/modules/services/hardware/bluetooth.nix>
hardware.bluetooth.powerOnBoot

Whether to power up the default Bluetooth controller on boot.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/hardware/bluetooth.nix>
hardware.bluetooth.settings

Set configuration for system-wide bluetooth (/etc/bluetooth/main.conf).

Type: attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))

Default: { }

Example:

{
  General = {
    ControllerMode = "bredr";
  };
}

Declared by:

<nixpkgs/nixos/modules/services/hardware/bluetooth.nix>
hardware.brillo.enable

Whether to enable brillo in userspace. This will allow brightness control from users in the video group .

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/brillo.nix>
hardware.bumblebee.enable

Enable the bumblebee daemon to manage Optimus hybrid video cards. This should power off secondary GPU until its use is requested by running an application with optirun.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/video/bumblebee.nix>
hardware.bumblebee.connectDisplay

Set to true if you intend to connect your discrete card to a monitor. This option will set up your Nvidia card for EDID discovery and to turn on the monitor signal.

Only nvidia driver is supported so far.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/video/bumblebee.nix>
hardware.bumblebee.driver

Set driver used by bumblebeed. Supported are nouveau and nvidia.

Type: one of “nvidia”, “nouveau”

Default: "nvidia"

Declared by:

<nixpkgs/nixos/modules/hardware/video/bumblebee.nix>
hardware.bumblebee.group

Group for bumblebee socket

Type: string

Default: "wheel"

Example: "video"

Declared by:

<nixpkgs/nixos/modules/hardware/video/bumblebee.nix>
hardware.bumblebee.pmMethod

Set preferred power management method for unused card.

Type: one of “auto”, “bbswitch”, “switcheroo”, “none”

Default: "auto"

Declared by:

<nixpkgs/nixos/modules/hardware/video/bumblebee.nix>
hardware.ckb-next.enable

Whether to enable the Corsair keyboard/mouse driver.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/ckb-next.nix>
hardware.ckb-next.package

The ckb-next package to use.

Type: package

Default: pkgs.ckb-next

Declared by:

<nixpkgs/nixos/modules/hardware/ckb-next.nix>
hardware.ckb-next.gid

Limit access to the ckb daemon to a particular group.

Type: null or signed integer

Default: null

Example: 100

Declared by:

<nixpkgs/nixos/modules/hardware/ckb-next.nix>
hardware.cpu.amd.ryzen-smu.enable

Whether to enable ryzen_smu, a linux kernel driver that exposes access to the SMU (System Management Unit) for certain AMD Ryzen Processors.

WARNING: Damage cause by use of your AMD processor outside of official AMD specifications or outside of factory settings are not covered under any AMD product warranty and may not be covered by your board or system manufacturer’s warranty .

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/cpu/amd-ryzen-smu.nix>
hardware.cpu.amd.sev.enable

Whether to enable access to the AMD SEV device.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/cpu/amd-sev.nix>
hardware.cpu.amd.sev.group

Group to assign to the SEV device.

Type: string

Default: "sev"

Declared by:

<nixpkgs/nixos/modules/hardware/cpu/amd-sev.nix>
hardware.cpu.amd.sev.mode

Mode to set for the SEV device.

Type: string

Default: "0660"

Declared by:

<nixpkgs/nixos/modules/hardware/cpu/amd-sev.nix>
hardware.cpu.amd.sev.user

Owner to assign to the SEV device.

Type: string

Default: "root"

Declared by:

<nixpkgs/nixos/modules/hardware/cpu/amd-sev.nix>
hardware.cpu.amd.sevGuest.enable

Whether to enable access to the AMD SEV guest device.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/cpu/amd-sev.nix>
hardware.cpu.amd.sevGuest.group

Group to assign to the SEV guest device.

Type: string

Default: "sev-guest"

Declared by:

<nixpkgs/nixos/modules/hardware/cpu/amd-sev.nix>
hardware.cpu.amd.sevGuest.mode

Mode to set for the SEV guest device.

Type: string

Default: "0660"

Declared by:

<nixpkgs/nixos/modules/hardware/cpu/amd-sev.nix>
hardware.cpu.amd.sevGuest.user

Owner to assign to the SEV guest device.

Type: string

Default: "root"

Declared by:

<nixpkgs/nixos/modules/hardware/cpu/amd-sev.nix>
hardware.cpu.amd.updateMicrocode

Update the CPU microcode for AMD processors.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/cpu/amd-microcode.nix>
hardware.cpu.intel.sgx.enableDcapCompat

Whether to enable backward compatibility for SGX software build for the out-of-tree Intel SGX DCAP driver.

Creates symbolic links for the SGX devices /dev/sgx_enclave and /dev/sgx_provision to make them available as /dev/sgx/enclave and /dev/sgx/provision, respectively.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/hardware/cpu/intel-sgx.nix>
hardware.cpu.intel.sgx.provision.enable

Whether to enable access to the Intel SGX provisioning device.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/cpu/intel-sgx.nix>
hardware.cpu.intel.sgx.provision.group

Group to assign to the SGX provisioning device.

Type: string

Default: "sgx_prv"

Declared by:

<nixpkgs/nixos/modules/hardware/cpu/intel-sgx.nix>
hardware.cpu.intel.sgx.provision.mode

Mode to set for the SGX provisioning device.

Type: string

Default: "0660"

Declared by:

<nixpkgs/nixos/modules/hardware/cpu/intel-sgx.nix>
hardware.cpu.intel.sgx.provision.user

Owner to assign to the SGX provisioning device.

Type: string

Default: "root"

Declared by:

<nixpkgs/nixos/modules/hardware/cpu/intel-sgx.nix>
hardware.cpu.intel.updateMicrocode

Update the CPU microcode for Intel processors.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/cpu/intel-microcode.nix>
hardware.cpu.x86.msr.enable

Whether to enable the msr (Model-Specific Registers) kernel module and configure udev rules for its devices (usually /dev/cpu/*/msr).

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/cpu/x86-msr.nix>
hardware.cpu.x86.msr.group

Group to set for devices of the msr kernel subsystem.

Type: string

Default: "msr"

Example: "nobody"

Declared by:

<nixpkgs/nixos/modules/hardware/cpu/x86-msr.nix>
hardware.cpu.x86.msr.mode

Mode to set for devices of the msr kernel subsystem.

Type: string

Default: "0640"

Example: "0660"

Declared by:

<nixpkgs/nixos/modules/hardware/cpu/x86-msr.nix>
hardware.cpu.x86.msr.owner

Owner to set for devices of the msr kernel subsystem.

Type: string

Default: "root"

Example: "nobody"

Declared by:

<nixpkgs/nixos/modules/hardware/cpu/x86-msr.nix>
hardware.cpu.x86.msr.settings

Parameters for the msr kernel module.

Type: attribute set of (boolean or signed integer or string)

Default: { }

Declared by:

<nixpkgs/nixos/modules/hardware/cpu/x86-msr.nix>
hardware.cpu.x86.msr.settings.allow-writes

Whether to allow writes to MSRs ("on") or not ("off").

Type: null or one of “on”, “off”

Default: null

Declared by:

<nixpkgs/nixos/modules/hardware/cpu/x86-msr.nix>
hardware.decklink.enable

Whether to enable hardware support for the Blackmagic Design Decklink audio/video interfaces.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/decklink.nix>
hardware.deviceTree.enable

Build device tree files. These are used to describe the non-discoverable hardware of a system.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/device-tree.nix>
hardware.deviceTree.dtbSource

Path to dtb directory that overlays and other processing will be applied to. Uses device trees bundled with the Linux kernel by default.

Type: path

Default: ${cfg.kernelPackage}/dtbs

Declared by:

<nixpkgs/nixos/modules/hardware/device-tree.nix>
hardware.deviceTree.dtboBuildExtraIncludePaths

Additional include paths that will be passed to the preprocessor when creating the final .dts to compile into .dtbo

Type: list of path

Default: [ ]

Example:

[
  ./my_custom_include_dir_1
  ./custom_include_dir_2
]

Declared by:

<nixpkgs/nixos/modules/hardware/device-tree.nix>
hardware.deviceTree.dtboBuildExtraPreprocessorFlags

Additional flags to pass to the preprocessor during dtbo compilations

Type: list of string

Default: [ ]

Example: [ "-DMY_DTB_DEFINE" ]

Declared by:

<nixpkgs/nixos/modules/hardware/device-tree.nix>
hardware.deviceTree.filter

Only include .dtb files matching glob expression.

Type: null or string

Default: null

Example: "*rpi*.dtb"

Declared by:

<nixpkgs/nixos/modules/hardware/device-tree.nix>
hardware.deviceTree.kernelPackage

Kernel package where device tree include directory is from. Also used as default source of dtb package to apply overlays to

Type: path

Default: config.boot.kernelPackages.kernel

Example: pkgs.linux_latest

Declared by:

<nixpkgs/nixos/modules/hardware/device-tree.nix>
hardware.deviceTree.name

The name of an explicit dtb to be loaded, relative to the dtb base. Useful in extlinux scenarios if the bootloader doesn’t pick the right .dtb file from FDTDIR.

Type: null or string

Default: null

Example: "some-dtb.dtb"

Declared by:

<nixpkgs/nixos/modules/hardware/device-tree.nix>
hardware.deviceTree.overlays

List of overlays to apply to base device-tree (.dtb) files.

Type: list of ((submodule) or path convertible to it)

Default: [ ]

Example:

[
  { name = "pps"; dtsFile = ./dts/pps.dts; }
  { name = "spi";
    dtsText = "...";
  }
  { name = "precompiled"; dtboFile = ./dtbos/example.dtbo; }
]

Declared by:

<nixpkgs/nixos/modules/hardware/device-tree.nix>
hardware.deviceTree.overlays.*.dtboFile

Path to .dtbo compiled overlay file.

Type: null or path

Default: null

Declared by:

<nixpkgs/nixos/modules/hardware/device-tree.nix>
hardware.deviceTree.overlays.*.dtsFile

Path to .dts overlay file, overlay is applied to each .dtb file matching “compatible” of the overlay.

Type: null or path

Default: null

Example: ./dts/overlays.dts

Declared by:

<nixpkgs/nixos/modules/hardware/device-tree.nix>
hardware.deviceTree.overlays.*.dtsText

Literal DTS contents, overlay is applied to each .dtb file matching “compatible” of the overlay.

Type: null or string

Default: null

Example:

''
  /dts-v1/;
  /plugin/;
  / {
          compatible = "raspberrypi";
  };
  &{/soc} {
          pps {
                  compatible = "pps-gpio";
                  status = "okay";
          };
  };
''

Declared by:

<nixpkgs/nixos/modules/hardware/device-tree.nix>
hardware.deviceTree.overlays.*.filter

Only apply to .dtb files matching glob expression.

Type: null or string

Default: null

Example: "*rpi*.dtb"

Declared by:

<nixpkgs/nixos/modules/hardware/device-tree.nix>
hardware.deviceTree.overlays.*.name

Name of this overlay

Type: string

Declared by:

<nixpkgs/nixos/modules/hardware/device-tree.nix>
hardware.digitalbitbox.enable

Enables udev rules for Digital Bitbox devices.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/digitalbitbox.nix>
hardware.digitalbitbox.package

The digitalbitbox package to use. This can be used to install a package with udev rules that differ from the defaults.

Type: package

Default: pkgs.digitalbitbox

Declared by:

<nixpkgs/nixos/modules/hardware/digitalbitbox.nix>
hardware.facetimehd.enable

Whether to enable the facetimehd kernel module.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/video/webcam/facetimehd.nix>
hardware.facetimehd.withCalibration

Whether to include sensor calibration files for facetimehd. This makes colors look much better but is experimental, see https://github.com/patjak/facetimehd/wiki/Extracting-the-sensor-calibration-files for details.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/video/webcam/facetimehd.nix>
hardware.fancontrol.enable

Whether to enable software fan control (requires fancontrol.config).

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/hardware/fancontrol.nix>
hardware.fancontrol.config

Required fancontrol configuration file content. See pwmconfig(8) from the lm_sensors package.

Type: strings concatenated with “\n”

Example:

''
  # Configuration file generated by pwmconfig
  INTERVAL=10
  DEVPATH=hwmon3=devices/virtual/thermal/thermal_zone2 hwmon4=devices/platform/f71882fg.656
  DEVNAME=hwmon3=soc_dts1 hwmon4=f71869a
  FCTEMPS=hwmon4/device/pwm1=hwmon3/temp1_input
  FCFANS=hwmon4/device/pwm1=hwmon4/device/fan1_input
  MINTEMP=hwmon4/device/pwm1=35
  MAXTEMP=hwmon4/device/pwm1=65
  MINSTART=hwmon4/device/pwm1=150
  MINSTOP=hwmon4/device/pwm1=0
''

Declared by:

<nixpkgs/nixos/modules/services/hardware/fancontrol.nix>
hardware.firmware

List of packages containing firmware files. Such files will be loaded automatically if the kernel asks for them (i.e., when it has detected specific hardware that requires firmware to function). If multiple packages contain firmware files with the same name, the first package in the list takes precedence. Note that you must rebuild your system if you add files to any of these directories.

Type: list of package

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/hardware/udev.nix>
hardware.flipperzero.enable

Whether to enable udev rules and software for Flipper Zero devices.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/flipperzero.nix>
hardware.flirc.enable

Whether to enable software to configure a Flirc USB device.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/flirc.nix>
hardware.gkraken.enable

Whether to enable gkraken’s udev rules for NZXT AIO liquid coolers.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/gkraken.nix>
hardware.glasgow.enable

Enables Glasgow udev rules and ensures ‘plugdev’ group exists. This is a prerequisite to using Glasgow without being root.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/glasgow.nix>
hardware.gpgSmartcards.enable

Whether to enable udev rules for gnupg smart cards.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/gpgsmartcards.nix>
hardware.hackrf.enable

Enables hackrf udev rules and ensures ‘plugdev’ group exists. This is a prerequisite to using HackRF devices without being root, since HackRF USB descriptors will be owned by plugdev through udev.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/hackrf.nix>
hardware.i2c.enable

Whether to enable i2c devices support. By default access is granted to users in the “i2c” group (will be created if non-existent) and any user with a seat, meaning logged on the computer locally .

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/i2c.nix>
hardware.i2c.group

Grant access to i2c devices (/dev/i2c-*) to users in this group.

Type: string

Default: "i2c"

Declared by:

<nixpkgs/nixos/modules/hardware/i2c.nix>
hardware.infiniband.enable

Whether to enable Infiniband support.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/infiniband.nix>
hardware.infiniband.guids

A list of infiniband port guids on the system. This is discoverable using ibstat -p

Type: list of string

Default: [ ]

Example:

[
  "0xe8ebd30000eee2e1"
]

Declared by:

<nixpkgs/nixos/modules/hardware/infiniband.nix>
hardware.intel-gpu-tools.enable

Whether to enable a setcap wrapper for intel-gpu-tools.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/video/intel-gpu-tools.nix>
hardware.ipu6.enable

Whether to enable support for Intel IPU6/MIPI cameras.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/video/webcam/ipu6.nix>
hardware.ipu6.platform

Choose the version for your hardware platform.

Use ipu6 for Tiger Lake, ipu6ep for Alder Lake or Raptor Lake, and ipu6epmtl for Meteor Lake.

Type: one of “ipu6”, “ipu6ep”, “ipu6epmtl”

Declared by:

<nixpkgs/nixos/modules/hardware/video/webcam/ipu6.nix>
hardware.keyboard.qmk.enable

Whether to enable non-root access to the firmware of QMK keyboards.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/keyboard/qmk.nix>
hardware.keyboard.teck.enable

Whether to enable non-root access to the firmware of TECK keyboards.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/keyboard/teck.nix>
hardware.keyboard.uhk.enable

Whether to enable non-root access to the firmware of UHK keyboards. You need it when you want to flash a new firmware on the keyboard. Access to the keyboard is granted to users in the “input” group. You may want to install the uhk-agent package .

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/keyboard/uhk.nix>
hardware.keyboard.zsa.enable

Whether to enable udev rules for keyboards from ZSA like the ErgoDox EZ, Planck EZ and Moonlander Mark I. You need it when you want to flash a new configuration on the keyboard or use their live training in the browser. You may want to install the wally-cli package .

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/keyboard/zsa.nix>
hardware.ksm.enable

Whether to enable Linux kernel Same-Page Merging.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/ksm.nix>
hardware.ksm.sleep

How many milliseconds ksmd should sleep between scans. Setting it to null uses the kernel’s default time.

Type: null or signed integer

Default: null

Declared by:

<nixpkgs/nixos/modules/hardware/ksm.nix>
hardware.ledger.enable

Whether to enable udev rules for Ledger devices.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/ledger.nix>
hardware.logitech.lcd.enable

Whether to enable support for Logitech LCD Devices.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/logitech.nix>
hardware.logitech.lcd.devices

List of USB device ids supported by g15daemon.

You most likely do not need to change this.

Type: list of string

Default:

[
  "0a07"
  "c222"
  "c225"
  "c227"
  "c251"
]

Declared by:

<nixpkgs/nixos/modules/hardware/logitech.nix>
hardware.logitech.lcd.startWhenNeeded

Only run the service when an actual supported device is plugged.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/hardware/logitech.nix>
hardware.logitech.wireless.enable

Whether to enable support for Logitech Wireless Devices.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/logitech.nix>
hardware.logitech.wireless.enableGraphical

Enable graphical support applications.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/logitech.nix>
hardware.mcelog.enable

Enable the Machine Check Exception logger.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/mcelog.nix>
hardware.mwProCapture.enable

Whether to enable the Magewell Pro Capture family kernel module.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/video/capture/mwprocapture.nix>
hardware.new-lg4ff.enable

Enables improved Linux module drivers for Logitech driving wheels. This will replace the existing in-kernel hid-logitech modules. Works most notably on the Logitech G25, G27, G29 and Driving Force (GT).

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/new-lg4ff.nix>
hardware.nitrokey.enable

Enables udev rules for Nitrokey devices. By default grants access to users in the “nitrokey” group. You may want to install the nitrokey-app package, depending on your device and needs.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/nitrokey.nix>
hardware.nvidia.package

The NVIDIA driver package to use.

Type: unspecified value

Default:

config.boot.kernelPackages.nvidiaPackages."\$\{if cfg.datacenter.enable then "dc" else "stable"}"

Example: "config.boot.kernelPackages.nvidiaPackages.legacy_470"

Declared by:

<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
hardware.nvidia.datacenter.enable

Whether to enable Data Center drivers for NVIDIA cards on a NVLink topology .

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
hardware.nvidia.datacenter.settings

Additional configuration options for fabricmanager.

Type: attribute set of (atom (null, bool, int, float or string))

Default:

{
  LOG_LEVEL=4;
  LOG_FILE_NAME="/var/log/fabricmanager.log";
  LOG_APPEND_TO_LOG=1;
  LOG_FILE_MAX_SIZE=1024;
  LOG_USE_SYSLOG=0;
  DAEMONIZE=1;
  BIND_INTERFACE_IP="127.0.0.1";
  STARTING_TCP_PORT=16000;
  FABRIC_MODE=0;
  FABRIC_MODE_RESTART=0;
  STATE_FILE_NAME="/var/tmp/fabricmanager.state";
  FM_CMD_BIND_INTERFACE="127.0.0.1";
  FM_CMD_PORT_NUMBER=6666;
  FM_STAY_RESIDENT_ON_FAILURES=0;
  ACCESS_LINK_FAILURE_MODE=0;
  TRUNK_LINK_FAILURE_MODE=0;
  NVSWITCH_FAILURE_MODE=0;
  ABORT_CUDA_JOBS_ON_FM_EXIT=1;
  TOPOLOGY_FILE_PATH="${nvidia_x11.fabricmanager}/share/nvidia-fabricmanager/nvidia/nvswitch";
  DATABASE_PATH="${nvidia_x11.fabricmanager}/share/nvidia-fabricmanager/nvidia/nvswitch";
}

Declared by:

<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
hardware.nvidia.dynamicBoost.enable

Whether to enable dynamic Boost balances power between the CPU and the GPU for improved performance on supported laptops using the nvidia-powerd daemon. For more information, see the NVIDIA docs, on Chapter 23. Dynamic Boost on Linux .

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
hardware.nvidia.forceFullCompositionPipeline

Whether to enable forcefully the full composition pipeline. This sometimes fixes screen tearing issues. This has been reported to reduce the performance of some OpenGL applications and may produce issues in WebGL. It also drastically increases the time the driver needs to clock down after load .

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
hardware.nvidia.modesetting.enable

Whether to enable kernel modesetting when using the NVIDIA proprietary driver.

Enabling this fixes screen tearing when using Optimus via PRIME (see hardware.nvidia.prime.sync.enable. This is not enabled by default because it is not officially supported by NVIDIA and would not work with SLI .

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
hardware.nvidia.nvidiaPersistenced

Whether to enable nvidia-persistenced a update for NVIDIA GPU headless mode, i.e. It ensures all GPUs stay awake even during headless mode .

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
hardware.nvidia.nvidiaSettings

Whether to enable nvidia-settings, NVIDIA’s GUI configuration tool .

Type: boolean

Default: true

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
hardware.nvidia.open

Whether to enable the open source NVIDIA kernel module .

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
hardware.nvidia.powerManagement.enable

Whether to enable experimental power management through systemd. For more information, see the NVIDIA docs, on Chapter 21. Configuring Power Management Support .

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
hardware.nvidia.powerManagement.finegrained

Whether to enable experimental power management of PRIME offload. For more information, see the NVIDIA docs, on Chapter 22. PCI-Express Runtime D3 (RTD3) Power Management .

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
hardware.nvidia.prime.allowExternalGpu

Whether to enable configuring X to allow external NVIDIA GPUs when using Prime [Reverse] sync optimus .

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
hardware.nvidia.prime.amdgpuBusId

Bus ID of the AMD APU. You can find it using lspci; for example if lspci shows the AMD APU at “04:00.0”, set this option to “PCI:4:0:0”.

Type: string matching the pattern ([[:print:]]+[:@][0-9]{1,3}:[0-9]{1,2}:[0-9])?

Default: ""

Example: "PCI:4:0:0"

Declared by:

<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
hardware.nvidia.prime.intelBusId

Bus ID of the Intel GPU. You can find it using lspci; for example if lspci shows the Intel GPU at “00:02.0”, set this option to “PCI:0:2:0”.

Type: string matching the pattern ([[:print:]]+[:@][0-9]{1,3}:[0-9]{1,2}:[0-9])?

Default: ""

Example: "PCI:0:2:0"

Declared by:

<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
hardware.nvidia.prime.nvidiaBusId

Bus ID of the NVIDIA GPU. You can find it using lspci; for example if lspci shows the NVIDIA GPU at “01:00.0”, set this option to “PCI:1:0:0”.

Type: string matching the pattern ([[:print:]]+[:@][0-9]{1,3}:[0-9]{1,2}:[0-9])?

Default: ""

Example: "PCI:1:0:0"

Declared by:

<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
hardware.nvidia.prime.offload.enable

Whether to enable render offload support using the NVIDIA proprietary driver via PRIME.

If this is enabled, then the bus IDs of the NVIDIA and Intel/AMD GPUs have to be specified (hardware.nvidia.prime.nvidiaBusId and hardware.nvidia.prime.intelBusId or hardware.nvidia.prime.amdgpuBusId) .

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
hardware.nvidia.prime.offload.enableOffloadCmd

Whether to enable adding a nvidia-offload convenience script to environment.systemPackages for offloading programs to an nvidia device. To work, should have also enabled hardware.nvidia.prime.offload.enable or hardware.nvidia.prime.reverseSync.enable.

Example usage nvidia-offload sauerbraten_client .

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
hardware.nvidia.prime.reverseSync.enable

Whether to enable NVIDIA Optimus support using the NVIDIA proprietary driver via reverse PRIME. If enabled, the Intel/AMD GPU will be used for all rendering, while enabling output to displays attached only to the NVIDIA GPU without a multiplexer.

Warning: This feature is relatively new, depending on your system this might work poorly. AMD support, especially so. See: https://forums.developer.nvidia.com/t/the-all-new-outputsink-feature-aka-reverse-prime/129828

Note that this option only has any effect if the “nvidia” driver is specified in services.xserver.videoDrivers, and it should preferably be the only driver there.

If this is enabled, then the bus IDs of the NVIDIA and Intel/AMD GPUs have to be specified (hardware.nvidia.prime.nvidiaBusId and hardware.nvidia.prime.intelBusId or hardware.nvidia.prime.amdgpuBusId).

If you enable this, you may want to also enable kernel modesetting for the NVIDIA driver (hardware.nvidia.modesetting.enable) in order to prevent tearing.

Note that this configuration will only be successful when a display manager for which the services.xserver.displayManager.setupCommands option is supported is used .

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
hardware.nvidia.prime.sync.enable

Whether to enable NVIDIA Optimus support using the NVIDIA proprietary driver via PRIME. If enabled, the NVIDIA GPU will be always on and used for all rendering, while enabling output to displays attached only to the integrated Intel/AMD GPU without a multiplexer.

Note that this option only has any effect if the “nvidia” driver is specified in services.xserver.videoDrivers, and it should preferably be the only driver there.

If this is enabled, then the bus IDs of the NVIDIA and Intel/AMD GPUs have to be specified (hardware.nvidia.prime.nvidiaBusId and hardware.nvidia.prime.intelBusId or hardware.nvidia.prime.amdgpuBusId).

If you enable this, you may want to also enable kernel modesetting for the NVIDIA driver (hardware.nvidia.modesetting.enable) in order to prevent tearing.

Note that this configuration will only be successful when a display manager for which the services.xserver.displayManager.setupCommands option is supported is used .

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
hardware.nvidia-container-toolkit.enable

Enable dynamic CDI configuration for NVidia devices by running nvidia-container-toolkit on boot.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/hardware/nvidia-container-toolkit>
hardware.nvidia-container-toolkit.mount-nvidia-docker-1-directories

Mount nvidia-docker-1 directories on containers: /usr/local/nvidia/lib and /usr/local/nvidia/lib64.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/hardware/nvidia-container-toolkit>
hardware.nvidia-container-toolkit.mount-nvidia-executables

Mount executables nvidia-smi, nvidia-cuda-mps-control, nvidia-cuda-mps-server, nvidia-debugdump, nvidia-powerd and nvidia-ctk on containers.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/hardware/nvidia-container-toolkit>
hardware.nvidia-container-toolkit.mounts

Mounts to be added to every container under the Nvidia CDI profile.

Type: list of (submodule)

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/hardware/nvidia-container-toolkit>
hardware.nvidia-container-toolkit.mounts.*.containerPath

Container path.

Type: string

Declared by:

<nixpkgs/nixos/modules/services/hardware/nvidia-container-toolkit>
hardware.nvidia-container-toolkit.mounts.*.hostPath

Host path.

Type: string

Declared by:

<nixpkgs/nixos/modules/services/hardware/nvidia-container-toolkit>
hardware.nvidia-container-toolkit.mounts.*.mountOptions

Mount options.

Type: list of string

Default:

[
  "ro"
  "nosuid"
  "nodev"
  "bind"
]

Declared by:

<nixpkgs/nixos/modules/services/hardware/nvidia-container-toolkit>
hardware.nvidiaOptimus.disable

Completely disable the NVIDIA graphics card and use the integrated graphics processor instead.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/hardware/nvidia-optimus.nix>
hardware.onlykey.enable

Enable OnlyKey device (https://crp.to/p/) support.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/onlykey/default.nix>
hardware.opengl.enable

Whether to enable OpenGL drivers. This is needed to enable OpenGL support in X11 systems, as well as for Wayland compositors like sway and Weston. It is enabled by default by the corresponding modules, so you do not usually have to set it yourself, only if there is no module for your wayland compositor of choice. See services.xserver.enable and programs.sway.enable.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/opengl.nix>
hardware.opengl.driSupport

Whether to enable accelerated OpenGL rendering through the Direct Rendering Interface (DRI).

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/hardware/opengl.nix>
hardware.opengl.driSupport32Bit

On 64-bit systems, whether to support Direct Rendering for 32-bit applications (such as Wine). This is currently only supported for the nvidia as well as Mesa.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/opengl.nix>
hardware.opengl.extraPackages

Additional packages to add to OpenGL drivers. This can be used to add OpenCL drivers, VA-API/VDPAU drivers etc.

Note

intel-media-driver supports hardware Broadwell (2014) or newer. Older hardware should use the mostly unmaintained intel-vaapi-driver driver.

Type: list of package

Default: [ ]

Example: with pkgs; [ intel-media-driver intel-ocl intel-vaapi-driver ]

Declared by:

<nixpkgs/nixos/modules/hardware/opengl.nix>
hardware.opengl.extraPackages32

Additional packages to add to 32-bit OpenGL drivers on 64-bit systems. Used when driSupport32Bit is set. This can be used to add OpenCL drivers, VA-API/VDPAU drivers etc.

Note

intel-media-driver supports hardware Broadwell (2014) or newer. Older hardware should use the mostly unmaintained intel-vaapi-driver driver.

Type: list of package

Default: [ ]

Example: with pkgs.pkgsi686Linux; [ intel-media-driver intel-vaapi-driver ]

Declared by:

<nixpkgs/nixos/modules/hardware/opengl.nix>
hardware.openrazer.enable

Whether to enable OpenRazer drivers and userspace daemon .

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/openrazer.nix>
hardware.openrazer.batteryNotifier

Settings for device battery notifications.

Type: submodule

Default: { }

Declared by:

<nixpkgs/nixos/modules/hardware/openrazer.nix>
hardware.openrazer.batteryNotifier.enable

Mouse battery notifier.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/hardware/openrazer.nix>
hardware.openrazer.batteryNotifier.frequency

How often battery notifications should be shown (in seconds). A value of 0 disables notifications.

Type: signed integer

Default: 600

Declared by:

<nixpkgs/nixos/modules/hardware/openrazer.nix>
hardware.openrazer.batteryNotifier.percentage

At what battery percentage the device should reach before sending notifications.

Type: signed integer

Default: 33

Declared by:

<nixpkgs/nixos/modules/hardware/openrazer.nix>
hardware.openrazer.devicesOffOnScreensaver

Turn off the devices when the systems screensaver kicks in.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/hardware/openrazer.nix>
hardware.openrazer.keyStatistics

Collects number of keypresses per hour per key used to generate a heatmap.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/openrazer.nix>
hardware.openrazer.syncEffectsEnabled

Set the sync effects flag to true so any assignment of effects will work across devices.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/hardware/openrazer.nix>
hardware.openrazer.users

Usernames to be added to the “openrazer” group, so that they can start and interact with the OpenRazer userspace daemon.

Type: list of string

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/hardware/openrazer.nix>
hardware.openrazer.verboseLogging

Whether to enable verbose logging. Logs debug messages.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/openrazer.nix>
hardware.opentabletdriver.enable

Enable OpenTabletDriver udev rules, user service and blacklist kernel modules known to conflict with OpenTabletDriver.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/opentabletdriver.nix>
hardware.opentabletdriver.package

The opentabletdriver package to use.

Type: package

Default: pkgs.opentabletdriver

Declared by:

<nixpkgs/nixos/modules/hardware/opentabletdriver.nix>
hardware.opentabletdriver.blacklistedKernelModules

Blacklist of kernel modules known to conflict with OpenTabletDriver.

Type: list of string

Default:

[
  "hid-uclogic"
  "wacom"
]

Declared by:

<nixpkgs/nixos/modules/hardware/opentabletdriver.nix>
hardware.opentabletdriver.daemon.enable

Whether to start OpenTabletDriver daemon as a systemd user service.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/hardware/opentabletdriver.nix>
hardware.parallels.enable

This enables Parallels Tools for Linux guests, along with provided video, mouse and other hardware drivers.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/virtualisation/parallels-guest.nix>
hardware.parallels.package

Defines which package to use for prl-tools. Override to change the version.

Type: null or package

Default: "config.boot.kernelPackages.prl-tools"

Example: config.boot.kernelPackages.prl-tools

Declared by:

<nixpkgs/nixos/modules/virtualisation/parallels-guest.nix>
hardware.parallels.autoMountShares

Control prlfsmountd service. When this service is running, shares can not be manually mounted through mount -t prl_fs ... as this service will remount and trample any set options. Recommended to enable for simple file sharing, but extended share use such as for code should disable this to manually mount shares.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/virtualisation/parallels-guest.nix>
hardware.pcmcia.enable

Enable this option to support PCMCIA card.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/pcmcia.nix>
hardware.pcmcia.config

Path to the configuration file which maps the memory, IRQs and ports used by the PCMCIA hardware.

Type: null or path

Default: null

Declared by:

<nixpkgs/nixos/modules/hardware/pcmcia.nix>
hardware.pcmcia.firmware

List of firmware used to handle specific PCMCIA card.

Type: list of path

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/hardware/pcmcia.nix>
hardware.printers.ensureDefaultPrinter

Ensures the named printer is the default CUPS printer / printer queue.

Type: null or printable string without spaces, # and /

Default: null

Declared by:

<nixpkgs/nixos/modules/hardware/printers.nix>
hardware.printers.ensurePrinters

Will regularly ensure that the given CUPS printers are configured as declared here. If a printer’s options are manually changed afterwards, they will be overwritten eventually. This option will never delete any printer, even if removed from this list. You can check existing printers with lpstat -s and remove printers with lpadmin -x <printer-name>. Printers not listed here can still be manually configured.

Type: list of (submodule)

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/hardware/printers.nix>
hardware.printers.ensurePrinters.*.description

Optional human-readable description.

Type: null or string

Default: null

Example: "Brother HL-5140"

Declared by:

<nixpkgs/nixos/modules/hardware/printers.nix>
hardware.printers.ensurePrinters.*.deviceUri

How to reach the printer. lpinfo -v shows a list of supported device URIs and schemes.

Type: string

Example:

"ipp://printserver.local/printers/BrotherHL_Workroom"
"usb://HP/DESKJET%20940C?serial=CN16E6C364BH"

Declared by:

<nixpkgs/nixos/modules/hardware/printers.nix>
hardware.printers.ensurePrinters.*.location

Optional human-readable location.

Type: null or string

Default: null

Example: "Workroom"

Declared by:

<nixpkgs/nixos/modules/hardware/printers.nix>
hardware.printers.ensurePrinters.*.model

Location of the ppd driver file for the printer. lpinfo -m shows a list of supported models.

Type: string

Example:

"gutenprint.${lib.versions.majorMinor (lib.getVersion pkgs.gutenprint)}://brother-hl-5140/expert"

Declared by:

<nixpkgs/nixos/modules/hardware/printers.nix>
hardware.printers.ensurePrinters.*.name

Name of the printer / printer queue. May contain any printable characters except “/”, “#”, and space.

Type: printable string without spaces, # and /

Example: "BrotherHL_Workroom"

Declared by:

<nixpkgs/nixos/modules/hardware/printers.nix>
hardware.printers.ensurePrinters.*.ppdOptions

Sets PPD options for the printer. lpoptions [-p printername] -l shows supported PPD options for the given printer.

Type: attribute set of string

Default: { }

Example:

{
  Duplex = "DuplexNoTumble";
  PageSize = "A4";
}

Declared by:

<nixpkgs/nixos/modules/hardware/printers.nix>
hardware.pulseaudio.enable

Whether to enable the PulseAudio sound server.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/pulseaudio.nix>
hardware.pulseaudio.package

The PulseAudio derivation to use. This can be used to enable features (such as JACK support, Bluetooth) via the pulseaudioFull package.

Type: package

Default: pkgs.pulseaudio

Example: pkgs.pulseaudioFull

Declared by:

<nixpkgs/nixos/modules/config/pulseaudio.nix>
hardware.pulseaudio.configFile

The path to the default configuration options the PulseAudio server should use. By default, the “default.pa” configuration from the PulseAudio distribution is used.

Type: null or path

Declared by:

<nixpkgs/nixos/modules/config/pulseaudio.nix>
hardware.pulseaudio.daemon.config

Config of the pulse daemon. See man pulse-daemon.conf.

Type: attribute set of unspecified value

Default: { }

Example: { realtime-scheduling = "yes"; }

Declared by:

<nixpkgs/nixos/modules/config/pulseaudio.nix>
hardware.pulseaudio.daemon.logLevel

The log level that the system-wide pulseaudio daemon should use, if activated.

Type: string

Default: "notice"

Declared by:

<nixpkgs/nixos/modules/config/pulseaudio.nix>
hardware.pulseaudio.extraClientConf

Extra configuration appended to pulse/client.conf file.

Type: strings concatenated with “\n”

Default: ""

Declared by:

<nixpkgs/nixos/modules/config/pulseaudio.nix>
hardware.pulseaudio.extraConfig

Literal string to append to configFile and the config file generated by the pulseaudio module.

Type: strings concatenated with “\n”

Default: ""

Declared by:

<nixpkgs/nixos/modules/config/pulseaudio.nix>
hardware.pulseaudio.extraModules

Extra pulseaudio modules to use. This is intended for out-of-tree pulseaudio modules like extra bluetooth codecs.

Extra modules take precedence over built-in pulseaudio modules.

Type: list of package

Default: [ ]

Example: [ pkgs.pulseaudio-modules-bt ]

Declared by:

<nixpkgs/nixos/modules/config/pulseaudio.nix>
hardware.pulseaudio.support32Bit

Whether to include the 32-bit pulseaudio libraries in the system or not. This is only useful on 64-bit systems and currently limited to x86_64-linux.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/pulseaudio.nix>
hardware.pulseaudio.systemWide

If false, a PulseAudio server is launched automatically for each user that tries to use the sound system. The server runs with user privileges. If true, one system-wide PulseAudio server is launched on boot, running as the user “pulse”, and only users in the “pulse-access” group will have access to the server. Please read the PulseAudio documentation for more details.

Don’t enable this option unless you know what you are doing.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/pulseaudio.nix>
hardware.pulseaudio.tcp.enable

Whether to enable tcp streaming support.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/config/pulseaudio.nix>
hardware.pulseaudio.tcp.anonymousClients.allowAll

Whether to enable all anonymous clients to stream to the server.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/config/pulseaudio.nix>
hardware.pulseaudio.tcp.anonymousClients.allowedIpRanges

A list of IP subnets that are allowed to stream to the server.

Type: list of string

Default: [ ]

Example: [ "127.0.0.1" "192.168.1.0/24" ]

Declared by:

<nixpkgs/nixos/modules/config/pulseaudio.nix>
hardware.pulseaudio.zeroconf.discovery.enable

Whether to enable discovery of pulseaudio sinks in the local network.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/config/pulseaudio.nix>
hardware.pulseaudio.zeroconf.publish.enable

Whether to enable publishing the pulseaudio sink in the local network.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/config/pulseaudio.nix>
hardware.raid.HPSmartArray.enable

Whether to enable HP Smart Array kernel modules and CLI utility.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/raid/hpsa.nix>
hardware.rasdaemon.enable

Whether to enable RAS logging daemon.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/hardware/rasdaemon.nix>
hardware.rasdaemon.config

rasdaemon configuration, currently only used for CE PFA for details, read rasdaemon.outPath/etc/sysconfig/rasdaemon’s comments

Type: strings concatenated with “\n”

Default: ""

Example:

''
  # defaults from included config
  PAGE_CE_REFRESH_CYCLE="24h"
  PAGE_CE_THRESHOLD="50"
  PAGE_CE_ACTION="soft"
''

Declared by:

<nixpkgs/nixos/modules/services/hardware/rasdaemon.nix>
hardware.rasdaemon.extraModules

extra kernel modules to load

Type: list of string

Default: [ ]

Example:

[
  "i7core_edac"
]

Declared by:

<nixpkgs/nixos/modules/services/hardware/rasdaemon.nix>
hardware.rasdaemon.labels

Additional memory module label descriptions to be placed in /etc/ras/dimm_labels.d/labels

Type: strings concatenated with “\n”

Default: ""

Example:

''
  # vendor and model may be shown by 'ras-mc-ctl --mainboard'
  vendor: ASRock
    product: To Be Filled By O.E.M.
    model: B450M Pro4
      # these labels are names for the motherboard slots
      # the numbers may be shown by `ras-mc-ctl --error-count`
      # they are mc:csrow:channel
      DDR4_A1: 0.2.0;  DDR4_B1: 0.2.1;
      DDR4_A2: 0.3.0;  DDR4_B2: 0.3.1;
''

Declared by:

<nixpkgs/nixos/modules/services/hardware/rasdaemon.nix>
hardware.rasdaemon.mainboard

Custom mainboard description, see ras-mc-ctl(8) for more details.

Type: strings concatenated with “\n”

Default: ""

Example:

''
  vendor = ASRock
  model = B450M Pro4
  
  # it should default to such values from
  # /sys/class/dmi/id/board_[vendor|name]
  # alternatively one can supply a script
  # that returns the same format as above
  
  script = <path to script>
''

Declared by:

<nixpkgs/nixos/modules/services/hardware/rasdaemon.nix>
hardware.rasdaemon.record

record events via sqlite3, required for ras-mc-ctl

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/hardware/rasdaemon.nix>
hardware.rasdaemon.testing

Whether to enable error injection infrastructure.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/hardware/rasdaemon.nix>
hardware.rtl-sdr.enable

Enables rtl-sdr udev rules, ensures ‘plugdev’ group exists, and blacklists DVB kernel modules. This is a prerequisite to using devices supported by rtl-sdr without being root, since rtl-sdr USB descriptors will be owned by plugdev through udev.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/rtl-sdr.nix>
hardware.saleae-logic.enable

Whether to enable udev rules for Saleae Logic devices.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/saleae-logic.nix>
hardware.saleae-logic.package

Saleae Logic package to use.

Type: package

Default: pkgs.saleae-logic-2

Declared by:

<nixpkgs/nixos/modules/hardware/saleae-logic.nix>
hardware.sane.enable

Enable support for SANE scanners.

Note

Users in the “scanner” group will gain access to the scanner, or the “lp” group if it’s also a printer.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/hardware/sane.nix>
hardware.sane.backends-package

Backends driver package to use.

Type: package

Default: pkgs.sane-backends

Declared by:

<nixpkgs/nixos/modules/services/hardware/sane.nix>
hardware.sane.brscan4.enable

When enabled, will automatically register the “brscan4” sane backend and bring configuration files to their expected location.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix>
hardware.sane.brscan4.netDevices

The list of network devices that will be registered against the brscan4 sane backend.

Type: attribute set of (submodule)

Default: { }

Example:

{
  office1 = {
    ip = "192.168.1.2";
    model = "MFC-7860DW";
  };
  office2 = {
    model = "MFC-7860DW";
    nodename = "BRW0080927AFBCE";
  };
}

Declared by:

<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix>
hardware.sane.brscan4.netDevices.<name>.ip

The ip address of the device. If undefined, you will have to provide a nodename.

Type: null or string

Default: null

Example: "192.168.1.2"

Declared by:

<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix>
hardware.sane.brscan4.netDevices.<name>.model

The model of the network device.

Type: string

Example: "MFC-7860DW"

Declared by:

<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix>
hardware.sane.brscan4.netDevices.<name>.name

The friendly name you give to the network device. If undefined, the name of attribute will be used.

Type: string

Example: "office1"

Declared by:

<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix>
hardware.sane.brscan4.netDevices.<name>.nodename

The node name of the device. If undefined, you will have to provide an ip.

Type: null or string

Default: null

Example: "BRW0080927AFBCE"

Declared by:

<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix>
hardware.sane.brscan5.enable

Whether to enable the Brother brscan5 sane backend.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan5.nix>
hardware.sane.brscan5.netDevices

The list of network devices that will be registered against the brscan5 sane backend.

Type: attribute set of (submodule)

Default: { }

Example:

{
  office1 = {
    ip = "192.168.1.2";
    model = "MFC-7860DW";
  };
  office2 = {
    model = "MFC-7860DW";
    nodename = "BRW0080927AFBCE";
  };
}

Declared by:

<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan5.nix>
hardware.sane.brscan5.netDevices.<name>.ip

The ip address of the device. If undefined, you will have to provide a nodename.

Type: null or string

Default: null

Example: "192.168.1.2"

Declared by:

<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan5.nix>
hardware.sane.brscan5.netDevices.<name>.model

The model of the network device.

Type: string

Example: "ADS-1200"

Declared by:

<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan5.nix>
hardware.sane.brscan5.netDevices.<name>.name

The friendly name you give to the network device. If undefined, the name of attribute will be used.

Type: string

Example: "office1"

Declared by:

<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan5.nix>
hardware.sane.brscan5.netDevices.<name>.nodename

The node name of the device. If undefined, you will have to provide an ip.

Type: null or string

Default: null

Example: "BRW0080927AFBCE"

Declared by:

<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan5.nix>
hardware.sane.disabledDefaultBackends

Names of backends which are enabled by default but should be disabled. See $SANE_CONFIG_DIR/dll.conf for the list of possible names.

Type: list of string

Default: [ ]

Example:

[
  "v4l"
]

Declared by:

<nixpkgs/nixos/modules/services/hardware/sane.nix>
hardware.sane.drivers.scanSnap.enable

Whether to enable drivers for the Fujitsu ScanSnap scanners.

The driver files are unfree and extracted from the Windows driver image.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/hardware/sane.nix>
hardware.sane.drivers.scanSnap.package

The epjitsu package to use. Useful if you want to extract the driver files yourself.

The process is described in the /etc/sane.d/epjitsu.conf file in the sane-backends package.

Type: package

Default: pkgs.sane-drivers.epjitsu

Declared by:

<nixpkgs/nixos/modules/services/hardware/sane.nix>
hardware.sane.dsseries.enable

When enabled, will automatically register the “dsseries” SANE backend.

This supports the Brother DSmobile scanner series, including the DS-620, DS-720D, DS-820W, and DS-920DW scanners.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/dsseries.nix>
hardware.sane.extraBackends

Packages providing extra SANE backends to enable.

Note

The example contains the package for HP scanners, and the package for Apple AirScan and Microsoft WSD support (supports many vendors/devices).

Type: list of path

Default: [ ]

Example: [ pkgs.hplipWithPlugin pkgs.sane-airscan ]

Declared by:

<nixpkgs/nixos/modules/services/hardware/sane.nix>
hardware.sane.netConf

Network hosts that should be probed for remote scanners.

Type: strings concatenated with “\n”

Default: ""

Example: "192.168.0.16"

Declared by:

<nixpkgs/nixos/modules/services/hardware/sane.nix>
hardware.sane.openFirewall

Open ports needed for discovery of scanners on the local network, e.g. needed for Canon scanners (BJNP protocol).

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/hardware/sane.nix>
hardware.sane.snapshot

Use a development snapshot of SANE scanner drivers.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/hardware/sane.nix>
hardware.sata.timeout.enable

Whether to enable SATA drive timeouts.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/sata.nix>
hardware.sata.timeout.deciSeconds

Set SCT Error Recovery Control timeout in deciseconds for use in RAID configurations.

Values are as follows: 0 = disable SCT ERT 70 = default in consumer drives (7 seconds)

Maximum is disk dependant but probably 60 seconds.

Type: signed integer

Example: 70

Declared by:

<nixpkgs/nixos/modules/hardware/sata.nix>
hardware.sata.timeout.drives

List of drives for which to configure the timeout.

Type: list of (submodule)

Declared by:

<nixpkgs/nixos/modules/hardware/sata.nix>
hardware.sata.timeout.drives.*.idBy

The method to identify the drive.

Type: one of “path”, “wwn”

Default: "path"

Declared by:

<nixpkgs/nixos/modules/hardware/sata.nix>
hardware.sata.timeout.drives.*.name

Drive name without the full path.

Type: string

Declared by:

<nixpkgs/nixos/modules/hardware/sata.nix>
hardware.sensor.hddtemp.enable

Enable this option to support HDD/SSD temperature sensors.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/sensor/hddtemp.nix>
hardware.sensor.hddtemp.dbEntries

Additional DB entries

Type: list of string

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/hardware/sensor/hddtemp.nix>
hardware.sensor.hddtemp.drives

List of drives to monitor. If you pass /dev/disk/by-path/* entries the symlinks will be resolved as hddtemp doesn’t like names with colons.

Type: list of string

Declared by:

<nixpkgs/nixos/modules/hardware/sensor/hddtemp.nix>
hardware.sensor.hddtemp.extraArgs

Additional arguments passed to the daemon.

Type: list of string

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/hardware/sensor/hddtemp.nix>
hardware.sensor.hddtemp.unit

Celsius or Fahrenheit

Type: one of “C”, “F”

Default: "C"

Declared by:

<nixpkgs/nixos/modules/hardware/sensor/hddtemp.nix>
hardware.sensor.iio.enable

Enable this option to support IIO sensors with iio-sensor-proxy.

IIO sensors are used for orientation and ambient light sensors on some mobile devices.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/sensor/iio.nix>
hardware.spacenavd.enable

Whether to enable spacenavd to support 3DConnexion devices.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/hardware/spacenavd.nix>
hardware.steam-hardware.enable

Enable udev rules for Steam hardware such as the Steam Controller, other supported controllers and the HTC Vive

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/steam-hardware.nix>
hardware.system76.enableAll

Whether to enable all recommended configuration for system76 systems.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/system-76.nix>
hardware.system76.firmware-daemon.enable

Whether to enable the system76 firmware daemon

Type: boolean

Default: config.hardware.system76.enableAll

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/system-76.nix>
hardware.system76.kernel-modules.enable

Whether to make the system76 out-of-tree kernel modules available

Type: boolean

Default: config.hardware.system76.enableAll

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/system-76.nix>
hardware.system76.power-daemon.enable

Whether to enable the system76 power daemon

Type: boolean

Default: config.hardware.system76.enableAll

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/system-76.nix>
hardware.trackpoint.enable

Enable sensitivity and speed configuration for trackpoints.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/tasks/trackpoint.nix>
hardware.trackpoint.device

The device name of the trackpoint. You can check with xinput. Some newer devices (example x1c6) use “TPPS/2 Elan TrackPoint”.

Type: string

Default: "TPPS/2 IBM TrackPoint"

Declared by:

<nixpkgs/nixos/modules/tasks/trackpoint.nix>
hardware.trackpoint.emulateWheel

Enable scrolling while holding the middle mouse button.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/tasks/trackpoint.nix>
hardware.trackpoint.fakeButtons

Switch to “bare” PS/2 mouse support in case Trackpoint buttons are not recognized properly. This can happen for example on models like the L430, T450, T450s, on which the Trackpoint buttons are actually a part of the Synaptics touchpad.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/tasks/trackpoint.nix>
hardware.trackpoint.sensitivity

Configure the trackpoint sensitivity. By default, the kernel configures 128.

Type: signed integer

Default: 128

Example: 255

Declared by:

<nixpkgs/nixos/modules/tasks/trackpoint.nix>
hardware.trackpoint.speed

Configure the trackpoint speed. By default, the kernel configures 97.

Type: signed integer

Default: 97

Example: 255

Declared by:

<nixpkgs/nixos/modules/tasks/trackpoint.nix>
hardware.tuxedo-keyboard.enable

Whether to enable the tuxedo-keyboard driver.

To configure the driver, pass the options to the boot.kernelParams configuration. There are several parameters you can change. It’s best to check at the source code description which options are supported. You can find all the supported parameters at: https://github.com/tuxedocomputers/tuxedo-keyboard#kernelparam

In order to use the custom lighting with the maximumg brightness and a color of 0xff0a0a one would put pass boot.kernelParams like this:

boot.kernelParams = [
 "tuxedo_keyboard.mode=0"
 "tuxedo_keyboard.brightness=255"
 "tuxedo_keyboard.color_left=0xff0a0a"
];

.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/tuxedo-keyboard.nix>
hardware.tuxedo-rs.enable

Whether to enable Rust utilities for interacting with hardware from TUXEDO Computers.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/hardware/tuxedo-rs.nix>
hardware.tuxedo-rs.tailor-gui.enable

Whether to enable tailor-gui, an alternative to TUXEDO Control Center, written in Rust.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/hardware/tuxedo-rs.nix>
hardware.ubertooth.enable

Whether to enable Ubertooth software and its udev rules.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/ubertooth.nix>
hardware.ubertooth.group

Group for Ubertooth’s udev rules.

Type: string

Default: "ubertooth"

Example: "wheel"

Declared by:

<nixpkgs/nixos/modules/hardware/ubertooth.nix>
hardware.uinput.enable

Whether to enable uinput support.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/uinput.nix>
hardware.uni-sync.enable

Whether to enable udev rules and software for Lian Li Uni Controllers.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/uni-sync.nix>
hardware.uni-sync.package

The uni-sync package to use.

Type: package

Default: pkgs.uni-sync

Declared by:

<nixpkgs/nixos/modules/hardware/uni-sync.nix>
hardware.uni-sync.devices

List of controllers with their configurations.

Type: list of (submodule)

Default: [ ]

Example:

[
  {
    device_id = "VID:1111/PID:11111/SN:1111111111";
    sync_rgb = true;
    channels = [
      {
        mode = "PWM";
      }
      {
        mode = "Manual";
        speed = 100;
      }
      {
        mode = "Manual";
        speed = 54;
      }
      {
        mode = "Manual";
        speed = 0;
      }
    ];
  }
  {
    device_id = "VID:1010/PID:10101/SN:1010101010";
    sync_rgb = false;
    channels = [
      {
        mode = "Manual";
        speed = 0;
      }
    ];
  }
]

Declared by:

<nixpkgs/nixos/modules/hardware/uni-sync.nix>
hardware.uni-sync.devices.*.channels

List of channels connected to the controller.

Type: list of (submodule)

Default: [ ]

Example:

[
  {
    mode = "PWM";
  }
  {
    mode = "Manual";
    speed = 100;
  }
  {
    mode = "Manual";
    speed = 54;
  }
  {
    mode = "Manual";
    speed = 0;
  }
]

Declared by:

<nixpkgs/nixos/modules/hardware/uni-sync.nix>
hardware.uni-sync.devices.*.channels.*.mode

“PWM” to enable PWM sync. “Manual” to set speed.

Type: one of “Manual”, “PWM”

Default: "Manual"

Example: "PWM"

Declared by:

<nixpkgs/nixos/modules/hardware/uni-sync.nix>
hardware.uni-sync.devices.*.channels.*.speed

Fan speed as percentage (clamped between 0 and 100).

Type: signed integer

Default: "50"

Example: "100"

Declared by:

<nixpkgs/nixos/modules/hardware/uni-sync.nix>
hardware.uni-sync.devices.*.device_id

Unique device ID displayed at each startup.

Type: string

Example: "VID:1111/PID:11111/SN:1111111111"

Declared by:

<nixpkgs/nixos/modules/hardware/uni-sync.nix>
hardware.uni-sync.devices.*.sync_rgb

Enable ARGB header sync.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/uni-sync.nix>
hardware.usb-modeswitch.enable

Enable this option to support certain USB WLAN and WWAN adapters.

These network adapters initial present themselves as Flash Drives containing their drivers. This option enables automatic switching to the networking mode.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/usb-modeswitch.nix>
hardware.usbStorage.manageStartStop

Enable this option to gracefully spin-down external storage during shutdown. If you suspect improper head parking after poweroff, install smartmontools and check for the Power-Off_Retract_Count field for an increment.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/hardware/usb-storage.nix>
hardware.wirelessRegulatoryDatabase

Whether to enable loading the wireless regulatory database at boot.

Type: boolean

Default: Enabled if proprietary firmware is allowed via enableRedistributableFirmware or enableAllFirmware.

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/all-firmware.nix>
hardware.wooting.enable

Whether to enable support for Wooting keyboards. Note that users must be in the “input” group for udev rules to apply.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/wooting.nix>
hardware.xone.enable

Whether to enable the xone driver for Xbox One and Xbobx Series X|S accessories.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/xone.nix>
hardware.xpadneo.enable

Whether to enable the xpadneo driver for Xbox One wireless controllers.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/hardware/xpadneo.nix>
i18n.defaultLocale

The default locale. It determines the language for program messages, the format for dates and times, sort order, and so on. It also determines the character set, such as UTF-8.

Type: string

Default: "en_US.UTF-8"

Example: "nl_NL.UTF-8"

Declared by:

<nixpkgs/nixos/modules/config/i18n.nix>
i18n.extraLocaleSettings

A set of additional system-wide locale settings other than LANG which can be configured with i18n.defaultLocale.

Type: attribute set of string

Default: { }

Example:

{
  LC_MESSAGES = "en_US.UTF-8";
  LC_TIME = "de_DE.UTF-8";
}

Declared by:

<nixpkgs/nixos/modules/config/i18n.nix>
i18n.glibcLocales

Customized pkg.glibcLocales package.

Changing this option can disable handling of i18n.defaultLocale and supportedLocale.

Type: path

Default:

pkgs.glibcLocales.override {
  allLocales = any (x: x == "all") config.i18n.supportedLocales;
  locales = config.i18n.supportedLocales;
}

Example: pkgs.glibcLocales

Declared by:

<nixpkgs/nixos/modules/config/i18n.nix>
i18n.inputMethod.enabled

Select the enabled input method. Input methods is a software to input symbols that are not available on standard input devices.

Input methods are specially used to input Chinese, Japanese and Korean characters.

Currently the following input methods are available in NixOS:

  • ibus: The intelligent input bus, extra input engines can be added using i18n.inputMethod.ibus.engines.

  • fcitx5: The next generation of fcitx, addons (including engines, dictionaries, skins) can be added using i18n.inputMethod.fcitx5.addons.

  • nabi: A Korean input method based on XIM. Nabi doesn’t support Qt 5.

  • uim: The universal input method, is a library with a XIM bridge. uim mainly support Chinese, Japanese and Korean.

  • hime: An extremely easy-to-use input method framework.

  • kime: Koream IME.

Type: null or one of “ibus”, “fcitx5”, “nabi”, “uim”, “hime”, “kime”

Default: null

Example: "fcitx5"

Declared by:

<nixpkgs/nixos/modules/i18n/input-method/default.nix>
i18n.inputMethod.fcitx5.addons

Enabled Fcitx5 addons.

Type: list of package

Default: [ ]

Example: with pkgs; [ fcitx5-rime ]

Declared by:

<nixpkgs/nixos/modules/i18n/input-method/fcitx5.nix>
i18n.inputMethod.fcitx5.ignoreUserConfig

Ignore the user configures. Warning: When this is enabled, the user config files are totally ignored and the user dict can’t be saved and loaded.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/i18n/input-method/fcitx5.nix>
i18n.inputMethod.fcitx5.plasma6Support

Use qt6 versions of fcitx5 packages. Required for configuring fcitx5 in KDE System Settings.

Type: boolean

Default: config.services.desktopManager.plasma6.enable

Declared by:

<nixpkgs/nixos/modules/i18n/input-method/fcitx5.nix>
i18n.inputMethod.fcitx5.quickPhrase

Quick phrases.

Type: attribute set of string

Default: { }

Example:

{
  smile = "(・∀・)";
  angry = "( ̄ー ̄)";
}

Declared by:

<nixpkgs/nixos/modules/i18n/input-method/fcitx5.nix>
i18n.inputMethod.fcitx5.quickPhraseFiles

Quick phrase files.

Type: attribute set of path

Default: { }

Example:

{
  words = ./words.mb;
  numbers = ./numbers.mb;
}

Declared by:

<nixpkgs/nixos/modules/i18n/input-method/fcitx5.nix>
i18n.inputMethod.fcitx5.settings.addons

The addon configures in conf folder in ini format with global sections. Each item is written to the corresponding file.

Type: attribute set of anything

Default: { }

Example: { pinyin.globalSection.EmojiEnabled = "True"; }

Declared by:

<nixpkgs/nixos/modules/i18n/input-method/fcitx5.nix>
i18n.inputMethod.fcitx5.settings.globalOptions

The global options in config file in ini format.

Type: attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))

Default: { }

Declared by:

<nixpkgs/nixos/modules/i18n/input-method/fcitx5.nix>
i18n.inputMethod.fcitx5.settings.inputMethod

The input method configure in profile file in ini format.

Type: attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))

Default: { }

Declared by:

<nixpkgs/nixos/modules/i18n/input-method/fcitx5.nix>
i18n.inputMethod.fcitx5.waylandFrontend

Use the Wayland input method frontend. See Using Fcitx 5 on Wayland.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/i18n/input-method/fcitx5.nix>
i18n.inputMethod.ibus.engines

Enabled IBus engines. Available engines are: anthy, bamboo, cangjie, hangul, kkc, libpinyin, libthai, m17n, mozc, openbangla-keyboard, rime, table, table-chinese, table-others, typing-booster, typing-booster-unwrapped, uniemoji.

Type: list of package

Default: [ ]

Example: with pkgs.ibus-engines; [ mozc hangul ]

Declared by:

<nixpkgs/nixos/modules/i18n/input-method/ibus.nix>
i18n.inputMethod.ibus.panel

Replace the IBus panel with another panel.

Type: null or path

Default: null

Example: "${pkgs.plasma5Packages.plasma-desktop}/libexec/kimpanel-ibus-panel"

Declared by:

<nixpkgs/nixos/modules/i18n/input-method/ibus.nix>
i18n.inputMethod.kime.daemonModules

List of enabled daemon modules

Type: list of (one of “Xim”, “Wayland”, “Indicator”)

Default:

[
  "Xim"
  "Wayland"
  "Indicator"
]

Example:

[
  "Xim"
  "Indicator"
]

Declared by:

<nixpkgs/nixos/modules/i18n/input-method/kime.nix>
i18n.inputMethod.kime.extraConfig

extra kime configuration. Refer to https://github.com/Riey/kime/blob/v3.0.2/docs/CONFIGURATION.md for details on supported values.

Type: strings concatenated with “\n”

Default: ""

Declared by:

<nixpkgs/nixos/modules/i18n/input-method/kime.nix>
i18n.inputMethod.kime.iconColor

Color of the indicator icon

Type: one of “Black”, “White”

Default: "Black"

Example: "White"

Declared by:

<nixpkgs/nixos/modules/i18n/input-method/kime.nix>
i18n.inputMethod.uim.toolbar

selected UIM toolbar.

Type: one of “gtk”, “gtk3”, “gtk-systray”, “gtk3-systray”, “qt5”

Default: "gtk"

Example: "gtk-systray"

Declared by:

<nixpkgs/nixos/modules/i18n/input-method/uim.nix>
i18n.supportedLocales

List of locales that the system should support. The value "all" means that all locales supported by Glibc will be installed. A full list of supported locales can be found at https://sourceware.org/git/?p=glibc.git;a=blob;f=localedata/SUPPORTED.

Type: list of string

Default:

unique
  (builtins.map (l: (replaceStrings [ "utf8" "utf-8" "UTF8" ] [ "UTF-8" "UTF-8" "UTF-8" ] l) + "/UTF-8") (
    [
      "C.UTF-8"
      "en_US.UTF-8"
      config.i18n.defaultLocale
    ] ++ (attrValues (filterAttrs (n: v: n != "LANGUAGE") config.i18n.extraLocaleSettings))
  ))

Example:

[
  "en_US.UTF-8/UTF-8"
  "nl_NL.UTF-8/UTF-8"
  "nl_NL/ISO-8859-1"
]

Declared by:

<nixpkgs/nixos/modules/config/i18n.nix>
image.repart.package

The systemd-repart package to use.

Type: package

Default: pkgs.buildPackages.systemd

Example: pkgs.buildPackages.systemdMinimal.override { withCryptsetup = true; }

Declared by:

<nixpkgs/nixos/modules/image/repart.nix>
image.repart.compression.enable

Whether to enable Image compression.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/image/repart.nix>
image.repart.compression.algorithm

Compression algorithm

Type: one of “zstd”, “xz”

Default: "zstd"

Declared by:

<nixpkgs/nixos/modules/image/repart.nix>
image.repart.compression.level

Compression level. The available range depends on the used algorithm.

Type: signed integer

Declared by:

<nixpkgs/nixos/modules/image/repart.nix>
image.repart.imageFile

Filename of the image including all extensions (e.g image_1.raw or image_1.raw.zst).

Type: string (read only)

Declared by:

<nixpkgs/nixos/modules/image/repart.nix>
image.repart.imageFileBasename

Basename of the image filename without any extension (e.g. image_1).

Type: string (read only)

Declared by:

<nixpkgs/nixos/modules/image/repart.nix>
image.repart.mkfsOptions

Specify extra options for created file systems. The specified options are converted to individual environment variables of the format SYSTEMD_REPART_MKFS_OPTIONS_<FSTYPE>.

See upstream systemd documentation for information about the usage of these environment variables.

The example would produce the following environment variable:

SYSTEMD_REPART_MKFS_OPTIONS_VFAT="-S 512 -c"

Type: attribute set of list of string

Default: { }

Example:

{
  vfat = [ "-S 512" "-c" ];
}

Declared by:

<nixpkgs/nixos/modules/image/repart.nix>
image.repart.name

Name of the image.

If this option is unset but config.system.image.id is set, config.system.image.id is used as the default value.

Type: string

Declared by:

<nixpkgs/nixos/modules/image/repart.nix>
image.repart.partitions

Specify partitions as a set of the names of the partitions with their configuration as the key.

Type: attribute set of (submodule)

Default: { }

Example:

{
  "10-esp" = {
    contents = {
      "/EFI/BOOT/BOOTX64.EFI".source =
        "${pkgs.systemd}/lib/systemd/boot/efi/systemd-bootx64.efi";
    }
    repartConfig = {
      Type = "esp";
      Format = "fat";
    };
  };
  "20-root" = {
    storePaths = [ config.system.build.toplevel ];
    repartConfig = {
      Type = "root";
      Format = "ext4";
      Minimize = "guess";
    };
  };
};

Declared by:

<nixpkgs/nixos/modules/image/repart.nix>
image.repart.partitions.<name>.contents

The contents to end up in the filesystem image.

Type: attribute set of (submodule)

Default: { }

Example:

{
  "/EFI/BOOT/BOOTX64.EFI".source =
    "${pkgs.systemd}/lib/systemd/boot/efi/systemd-bootx64.efi";

  "/loader/entries/nixos.conf".source = systemdBootEntry;
}

Declared by:

<nixpkgs/nixos/modules/image/repart.nix>
image.repart.partitions.<name>.contents.<name>.source

Path of the source file.

Type: path

Declared by:

<nixpkgs/nixos/modules/image/repart.nix>
image.repart.partitions.<name>.repartConfig

Specify the repart options for a partiton as a structural setting. See https://www.freedesktop.org/software/systemd/man/repart.d.html for all available options.

Type: attribute set of (string or signed integer or boolean)

Example:

{
  SizeMaxBytes = "2G";
  SizeMinBytes = "512M";
  Type = "home";
}

Declared by:

<nixpkgs/nixos/modules/image/repart.nix>
image.repart.partitions.<name>.storePaths

The store paths to include in the partition.

Type: list of path

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/image/repart.nix>
image.repart.partitions.<name>.stripNixStorePrefix

Whether to strip /nix/store/ from the store paths. This is useful when you want to build a partition that only contains store paths and is mounted under /nix/store.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/image/repart.nix>
image.repart.sectorSize

The sector size of the disk image produced by systemd-repart. This value must be a power of 2 between 512 and 4096.

Type: null or signed integer

Default: 512

Example: 4096

Declared by:

<nixpkgs/nixos/modules/image/repart.nix>
image.repart.seed

A UUID to use as a seed. You can set this to null to explicitly randomize the partition UUIDs.

Type: null or string

Default: "0867da16-f251-457d-a9e8-c31f9a3c220b"

Declared by:

<nixpkgs/nixos/modules/image/repart.nix>
image.repart.split

Enables generation of split artifacts from partitions. If enabled, for each partition with SplitName= set, a separate output file containing just the contents of that partition is generated.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/image/repart.nix>
image.repart.version

Version of the image

Type: null or string

Default: config.system.image.version

Declared by:

<nixpkgs/nixos/modules/image/repart.nix>
lib

This option allows modules to define helper functions, constants, etc.

Type: attribute set of (attribute set)

Default: { }

Declared by:

<nixpkgs/nixos/modules/misc/lib.nix>
location.latitude

Your current latitude, between -90.0 and 90.0. Must be provided along with longitude.

Type: floating point number

Declared by:

<nixpkgs/nixos/modules/config/locale.nix>
location.longitude

Your current longitude, between between -180.0 and 180.0. Must be provided along with latitude.

Type: floating point number

Declared by:

<nixpkgs/nixos/modules/config/locale.nix>
location.provider

The location provider to use for determining your location. If set to manual you must also provide latitude/longitude.

Type: one of “manual”, “geoclue2”

Default: "manual"

Declared by:

<nixpkgs/nixos/modules/config/locale.nix>
networking.enableB43Firmware

Turn on this option if you want firmware for the NICs supported by the b43 module.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/network/b43.nix>
networking.enableIPv6

Whether to enable support for IPv6.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.enableIntel2200BGFirmware

Turn on this option if you want firmware for the Intel PRO/Wireless 2200BG to be loaded automatically. This is required if you want to use this device.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/hardware/network/intel-2200bg.nix>
networking.bonds

This option allows you to define bond devices that aggregate multiple, underlying networking interfaces together. The value of this option is an attribute set. Each attribute specifies a bond, with the attribute name specifying the name of the bond’s network interface

Type: attribute set of (submodule)

Default: { }

Example:

{
  bond0 = {
    interfaces = [ "eth0" "wlan0" ];
    driverOptions = {
  miimon = "100";
  mode = "active-backup";
}
;
  };
  anotherBond.interfaces = [ "enp4s0f0" "enp4s0f1" "enp5s0f0" "enp5s0f1" ];
}

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.bonds.<name>.driverOptions

Options for the bonding driver. Documentation can be found in https://www.kernel.org/doc/Documentation/networking/bonding.txt

Type: attribute set of string

Default: { }

Example:

{
  miimon = "100";
  mode = "active-backup";
}

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.bonds.<name>.interfaces

The interfaces to bond together

Type: list of string

Example:

[
  "enp4s0f0"
  "enp4s0f1"
  "wlan0"
]

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.bonds.<name>.lacp_rate

DEPRECATED, use driverOptions. Option specifying the rate in which we’ll ask our link partner to transmit LACPDU packets in 802.3ad mode.

Type: null or string

Default: null

Example: "fast"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.bonds.<name>.miimon

DEPRECATED, use driverOptions. Miimon is the number of millisecond in between each round of polling by the device driver for failed links. By default polling is not enabled and the driver is trusted to properly detect and handle failure scenarios.

Type: null or signed integer

Default: null

Example: 100

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.bonds.<name>.mode

DEPRECATED, use driverOptions. The mode which the bond will be running. The default mode for the bonding driver is balance-rr, optimizing for throughput. More information about valid modes can be found at https://www.kernel.org/doc/Documentation/networking/bonding.txt

Type: null or string

Default: null

Example: "active-backup"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.bonds.<name>.xmit_hash_policy

DEPRECATED, use driverOptions. Selects the transmit hash policy to use for slave selection in balance-xor, 802.3ad, and tlb modes.

Type: null or string

Default: null

Example: "layer2+3"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.bridges

This option allows you to define Ethernet bridge devices that connect physical networks together. The value of this option is an attribute set. Each attribute specifies a bridge, with the attribute name specifying the name of the bridge’s network interface.

Type: attribute set of (submodule)

Default: { }

Example:

{
  br0 = {
    interfaces = [
      "eth0"
      "eth1"
    ];
  };
  br1 = {
    interfaces = [
      "eth2"
      "wlan0"
    ];
  };
}

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.bridges.<name>.interfaces

The physical network interfaces connected by the bridge.

Type: list of string

Example:

[
  "eth0"
  "eth1"
]

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.bridges.<name>.rstp

Whether the bridge interface should enable rstp.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.defaultGateway

The default gateway. It can be left empty if it is auto-detected through DHCP. It can be specified as a string or an option set along with a network interface.

Type: null or ((submodule) or string convertible to it)

Default: null

Example:

{
  address = "131.211.84.1";
  interface = "enp3s0";
}

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.defaultGateway.address

The default gateway address.

Type: string

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.defaultGateway.interface

The default gateway interface.

Type: null or string

Default: null

Example: "enp0s3"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.defaultGateway.metric

The default gateway metric/preference.

Type: null or signed integer

Default: null

Example: 42

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.defaultGateway6

The default ipv6 gateway. It can be left empty if it is auto-detected through DHCP. It can be specified as a string or an option set along with a network interface.

Type: null or ((submodule) or string convertible to it)

Default: null

Example:

{
  address = "2001:4d0:1e04:895::1";
  interface = "enp3s0";
}

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.defaultGateway6.address

The default gateway address.

Type: string

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.defaultGateway6.interface

The default gateway interface.

Type: null or string

Default: null

Example: "enp0s3"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.defaultGateway6.metric

The default gateway metric/preference.

Type: null or signed integer

Default: null

Example: 42

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.defaultGatewayWindowSize

The window size of the default gateway. It limits maximal data bursts that TCP peers are allowed to send to us.

Type: null or signed integer

Default: null

Example: 524288

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.dhcpcd.enable

Whether to enable dhcpcd for device configuration. This is mainly to explicitly disable dhcpcd (for example when using networkd).

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
networking.dhcpcd.IPv6rs

Force enable or disable solicitation and receipt of IPv6 Router Advertisements. This is required, for example, when using a static unique local IPv6 address (ULA) and global IPv6 address auto-configuration with SLAAC.

Type: null or boolean

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
networking.dhcpcd.allowInterfaces

Enable the DHCP client for any interface whose name matches any of the shell glob patterns in this list. Any interface not explicitly matched by this pattern will be denied. This pattern only applies when non-null.

Type: null or (list of string)

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
networking.dhcpcd.denyInterfaces

Disable the DHCP client for any interface whose name matches any of the shell glob patterns in this list. The purpose of this option is to blacklist virtual interfaces such as those created by Xen, libvirt, LXC, etc.

Type: list of string

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
networking.dhcpcd.extraConfig

Literal string to append to the config file generated for dhcpcd.

Type: strings concatenated with “\n”

Default: ""

Declared by:

<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
networking.dhcpcd.persistent

Whenever to leave interfaces configured on dhcpcd daemon shutdown. Set to true if you have your root or store mounted over the network or this machine accepts SSH connections through DHCP interfaces and clients should be notified when it shuts down.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
networking.dhcpcd.runHook

Shell code that will be run after all other hooks. See man dhcpcd-run-hooks for details on what is possible.

Type: strings concatenated with “\n”

Default: ""

Example: "if [[ $reason =~ BOUND ]]; then echo $interface: Routers are $new_routers - were $old_routers; fi"

Declared by:

<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
networking.dhcpcd.wait

This option specifies when the dhcpcd service will fork to background. If set to “background”, dhcpcd will fork to background immediately. If set to “ipv4” or “ipv6”, dhcpcd will wait for the corresponding IP address to be assigned. If set to “any”, dhcpcd will wait for any type (IPv4 or IPv6) to be assigned. If set to “both”, dhcpcd will wait for both an IPv4 and an IPv6 address before forking. The option “if-carrier-up” is equivalent to “any” if either ethernet is plugged nor WiFi is powered, and to “background” otherwise.

Type: one of “background”, “any”, “ipv4”, “ipv6”, “both”, “if-carrier-up”

Default: "any"

Declared by:

<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
networking.domain

The domain. It can be left empty if it is auto-detected through DHCP.

Type: null or string

Default: null

Example: "home.arpa"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.extraHosts

Additional verbatim entries to be appended to /etc/hosts. For adding hosts from derivation results, use networking.hostFiles instead.

Type: strings concatenated with “\n”

Default: ""

Example: "192.168.0.1 lanlocalhost"

Declared by:

<nixpkgs/nixos/modules/config/networking.nix>
networking.firewall.enable

Whether to enable the firewall. This is a simple stateful firewall that blocks connection attempts to unauthorised TCP or UDP ports on this machine.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.package

The package to use for running the firewall service.

Type: package

Default: if config.networking.nftables.enable then "pkgs.nftables" else "pkgs.iptables"

Example: pkgs.iptables-legacy

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.allowPing

Whether to respond to incoming ICMPv4 echo requests (“pings”). ICMPv6 pings are always allowed because the larger address space of IPv6 makes network scanning much less effective.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.allowedTCPPortRanges

A range of TCP ports on which incoming connections are accepted.

Type: list of attribute set of 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default: [ ]

Example:

[
  {
    from = 8999;
    to = 9003;
  }
]

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.allowedTCPPorts

List of TCP ports on which incoming connections are accepted.

Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default: [ ]

Example:

[
  22
  80
]

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.allowedUDPPortRanges

Range of open UDP ports.

Type: list of attribute set of 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default: [ ]

Example:

[
  {
    from = 60000;
    to = 61000;
  }
]

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.allowedUDPPorts

List of open UDP ports.

Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default: [ ]

Example:

[
  53
]

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.autoLoadConntrackHelpers

Whether to auto-load connection-tracking helpers. See the description at networking.firewall.connectionTrackingModules

(needs kernel 3.5+)

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.checkReversePath

Performs a reverse path filter test on a packet. If a reply to the packet would not be sent via the same interface that the packet arrived on, it is refused.

If using asymmetric routing or other complicated routing, set this option to loose mode or disable it and setup your own counter-measures.

This option can be either true (or “strict”), “loose” (only drop the packet if the source address is not reachable via any interface) or false.

Type: boolean or one of “strict”, “loose”

Default: true except if the iptables based firewall is in use and the kernel lacks rpfilter support

Example: "loose"

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.connectionTrackingModules

List of connection-tracking helpers that are auto-loaded. The complete list of possible values is given in the example.

As helpers can pose as a security risk, it is advised to set this to an empty list and disable the setting networking.firewall.autoLoadConntrackHelpers unless you know what you are doing. Connection tracking is disabled by default.

Loading of helpers is recommended to be done through the CT target. More info: https://home.regit.org/netfilter-en/secure-use-of-helpers/

Type: list of string

Default: [ ]

Example:

[
  "ftp"
  "irc"
  "sane"
  "sip"
  "tftp"
  "amanda"
  "h323"
  "netbios_sn"
  "pptp"
  "snmp"
]

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.extraCommands

Additional shell commands executed as part of the firewall initialisation script. These are executed just before the final “reject” firewall rule is added, so they can be used to allow packets that would otherwise be refused.

This option only works with the iptables based firewall.

Type: strings concatenated with “\n”

Default: ""

Example: "iptables -A INPUT -p icmp -j ACCEPT"

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall-iptables.nix>
networking.firewall.extraForwardRules

Additional nftables rules to be appended to the forward-allow chain.

This option only works with the nftables based firewall.

Type: strings concatenated with “\n”

Default: ""

Example: "iifname wg0 accept"

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall-nftables.nix>
networking.firewall.extraInputRules

Additional nftables rules to be appended to the input-allow chain.

This option only works with the nftables based firewall.

Type: strings concatenated with “\n”

Default: ""

Example: "ip6 saddr { fc00::/7, fe80::/10 } tcp dport 24800 accept"

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall-nftables.nix>
networking.firewall.extraPackages

Additional packages to be included in the environment of the system as well as the path of networking.firewall.extraCommands.

Type: list of package

Default: [ ]

Example: [ pkgs.ipset ]

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.extraReversePathFilterRules

Additional nftables rules to be appended to the rpfilter-allow chain.

This option only works with the nftables based firewall.

Type: strings concatenated with “\n”

Default: ""

Example: "fib daddr . mark . iif type local accept"

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall-nftables.nix>
networking.firewall.extraStopCommands

Additional shell commands executed as part of the firewall shutdown script. These are executed just after the removal of the NixOS input rule, or if the service enters a failed state.

This option only works with the iptables based firewall.

Type: strings concatenated with “\n”

Default: ""

Example: "iptables -P INPUT ACCEPT"

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall-iptables.nix>
networking.firewall.filterForward

Enable filtering in IP forwarding.

This option only works with the nftables based firewall.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.interfaces

Interface-specific open ports.

Type: attribute set of (submodule)

Default: { }

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.interfaces.<name>.allowedTCPPortRanges

A range of TCP ports on which incoming connections are accepted.

Type: list of attribute set of 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default: [ ]

Example:

[
  {
    from = 8999;
    to = 9003;
  }
]

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.interfaces.<name>.allowedTCPPorts

List of TCP ports on which incoming connections are accepted.

Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default: [ ]

Example:

[
  22
  80
]

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.interfaces.<name>.allowedUDPPortRanges

Range of open UDP ports.

Type: list of attribute set of 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default: [ ]

Example:

[
  {
    from = 60000;
    to = 61000;
  }
]

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.interfaces.<name>.allowedUDPPorts

List of open UDP ports.

Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default: [ ]

Example:

[
  53
]

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.logRefusedConnections

Whether to log rejected or dropped incoming connections. Note: The logs are found in the kernel logs, i.e. dmesg or journalctl -k.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.logRefusedPackets

Whether to log all rejected or dropped incoming packets. This tends to give a lot of log messages, so it’s mostly useful for debugging. Note: The logs are found in the kernel logs, i.e. dmesg or journalctl -k.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.logRefusedUnicastsOnly

If networking.firewall.logRefusedPackets and this option are enabled, then only log packets specifically directed at this machine, i.e., not broadcasts or multicasts.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.logReversePathDrops

Logs dropped packets failing the reverse path filter test if the option networking.firewall.checkReversePath is enabled.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.pingLimit

If pings are allowed, this allows setting rate limits on them.

For the iptables based firewall, it should be set like “–limit 1/minute --limit-burst 5”.

For the nftables based firewall, it should be set like “2/second” or “1/minute burst 5 packets”.

Type: null or strings concatenated with " "

Default: null

Example: "--limit 1/minute --limit-burst 5"

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.rejectPackets

If set, refused packets are rejected rather than dropped (ignored). This means that an ICMP “port unreachable” error message is sent back to the client (or a TCP RST packet in case of an existing connection). Rejecting packets makes port scanning somewhat easier.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.firewall.trustedInterfaces

Traffic coming in from these interfaces will be accepted unconditionally. Traffic from the loopback (lo) interface will always be accepted.

Type: list of string

Default: [ ]

Example:

[
  "enp0s2"
]

Declared by:

<nixpkgs/nixos/modules/services/networking/firewall.nix>
networking.fooOverUDP

This option allows you to configure Foo Over UDP and Generic UDP Encapsulation endpoints. See ip-fou(8) for details.

Type: attribute set of (submodule)

Default: { }

Example:

{
  backup = {
    port = 9002;
  };
  primary = {
    local = {
      address = "192.0.2.1";
      dev = "eth0";
    };
    port = 9001;
  };
}

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.fooOverUDP.<name>.local

Local address (and optionally device) to bind to using the given port.

Type: null or (submodule)

Default: null

Example:

{
  address = "203.0.113.22";
}

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.fooOverUDP.<name>.local.address

Local address to bind to. The address must be available when the FOU endpoint is created, using the scripted network setup this can be achieved either by setting dev or adding dependency information to systemd.services.<name>-fou-encap; it isn’t supported when using networkd.

Type: string

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.fooOverUDP.<name>.local.dev

Network device to bind to.

Type: null or string

Default: null

Example: "eth0"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.fooOverUDP.<name>.port

Local port of the encapsulation UDP socket.

Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.fooOverUDP.<name>.protocol

Protocol number of the encapsulated packets. Specifying null (the default) creates a GUE endpoint, specifying a protocol number will create a FOU endpoint.

Type: null or integer between 1 and 255 (both inclusive)

Default: null

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.fqdn

The fully qualified domain name (FQDN) of this host. It is the result of combining networking.hostName and networking.domain. Using this option will result in an evaluation error if the hostname is empty or no domain is specified.

Modules that accept a mere networking.hostName but prefer a fully qualified domain name may use networking.fqdnOrHostName instead.

Type: string (read only)

Default: "${networking.hostName}.${networking.domain}"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.fqdnOrHostName

Either the fully qualified domain name (FQDN), or just the host name if it does not exists.

This is a convenience option for modules to read instead of fqdn when a mere hostName is also an acceptable value; this option does not throw an error when domain is unset.

Type: string (read only)

Default:

if cfg.domain == null then cfg.hostName else cfg.fqdn

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.greTunnels

This option allows you to define Generic Routing Encapsulation (GRE) tunnels.

Type: attribute set of (submodule)

Default: { }

Example:

{
  greBridge = {
    remote = "10.0.0.1";
    local = "10.0.0.22";
    dev = "enp4s0f0";
    type = "tap";
    ttl = 255;
  };
  gre6Tunnel = {
    remote = "fd7a:5634::1";
    local = "fd7a:5634::2";
    dev = "enp4s0f0";
    type = "tun6";
    ttl = 255;
  };
}

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.greTunnels.<name>.dev

The underlying network device on which the tunnel resides.

Type: null or string

Default: null

Example: "enp4s0f0"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.greTunnels.<name>.local

The address of the local endpoint which the remote side should send packets to.

Type: null or string

Default: null

Example: "10.0.0.22"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.greTunnels.<name>.remote

The address of the remote endpoint to forward traffic over.

Type: null or string

Default: null

Example: "10.0.0.1"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.greTunnels.<name>.ttl

The time-to-live/hoplimit of the connection to the remote tunnel endpoint.

Type: null or signed integer

Default: null

Example: 255

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.greTunnels.<name>.type

Whether the tunnel routes layer 2 (tap) or layer 3 (tun) traffic.

Type: one of “tun”, “tap”, “tun6”, “tap6”

Default: "tap"

Example: "tap"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.hostFiles

Files that should be concatenated together to form /etc/hosts.

Type: list of path

Default: Hosts from networking.hosts and networking.extraHosts

Example: [ "${pkgs.my-blocklist-package}/share/my-blocklist/hosts" ]

Declared by:

<nixpkgs/nixos/modules/config/networking.nix>
networking.hostId

The 32-bit host ID of the machine, formatted as 8 hexadecimal characters.

You should try to make this ID unique among your machines. You can generate a random 32-bit ID using the following commands:

head -c 8 /etc/machine-id

(this derives it from the machine-id that systemd generates) or

head -c4 /dev/urandom | od -A none -t x4

The primary use case is to ensure when using ZFS that a pool isn’t imported accidentally on a wrong machine.

Type: null or string

Default: null

Example: "4e98920d"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.hostName

The name of the machine. Leave it empty if you want to obtain it from a DHCP server (if using DHCP). The hostname must be a valid DNS label (see RFC 1035 section 2.3.1: “Preferred name syntax”, RFC 1123 section 2.1: “Host Names and Numbers”) and as such must not contain the domain part. This means that the hostname must start with a letter or digit, end with a letter or digit, and have as interior characters only letters, digits, and hyphen. The maximum length is 63 characters. Additionally it is recommended to only use lower-case characters. If (e.g. for legacy reasons) a FQDN is required as the Linux kernel network node hostname (uname --nodename) the option boot.kernel.sysctl.“kernel.hostname” can be used as a workaround (but the 64 character limit still applies).

WARNING: Do not use underscores (_) or you may run into unexpected issues.

Type: string matching the pattern ^$|^[[:alnum:]]([[:alnum:]_-]{0,61}[[:alnum:]])?$

Default: config.system.nixos.distroId

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.hosts

Locally defined maps of hostnames to IP addresses.

Type: attribute set of list of string

Example:

{
  "127.0.0.1" = [ "foo.bar.baz" ];
  "192.168.0.2" = [ "fileserver.local" "nameserver.local" ];
};

Declared by:

<nixpkgs/nixos/modules/config/networking.nix>
networking.interfaces

The configuration for each network interface.

Please note that systemd.network.netdevs has more features and is better maintained. When building new things, it is advised to use that instead.

Type: attribute set of (submodule)

Default: { }

Example:

{
  eth0 = {
    ipv4 = {
      addresses = [
        {
          address = "131.211.84.78";
          prefixLength = 25;
        }
      ];
    };
  };
}

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name>.ipv4.addresses

List of IPv4 addresses that will be statically assigned to the interface.

Type: list of (submodule)

Default: [ ]

Example:

[
  {
    address = "10.0.0.1";
    prefixLength = 16;
  }
  {
    address = "192.168.1.1";
    prefixLength = 24;
  }
]

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name>.ipv4.addresses.*.address

IPv4 address of the interface. Leave empty to configure the interface using DHCP.

Type: string

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name>.ipv4.addresses.*.prefixLength

Subnet mask of the interface, specified as the number of bits in the prefix (24).

Type: signed integer

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name>.ipv4.routes

List of extra IPv4 static routes that will be assigned to the interface.

Warning

If the route type is the default unicast, then the scope is set differently depending on the value of networking.useNetworkd: the script-based backend sets it to link, while networkd sets it to global.

If you want consistency between the two implementations, set the scope of the route manually with networking.interfaces.eth0.ipv4.routes = [{ options.scope = "global"; }] for example.

Type: list of (submodule)

Default: [ ]

Example:

[
  {
    address = "10.0.0.0";
    prefixLength = 16;
  }
  {
    address = "192.168.2.0";
    prefixLength = 24;
    via = "192.168.1.1";
  }
]

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name>.ipv4.routes.*.address

IPv4 address of the network.

Type: string

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name>.ipv4.routes.*.options

Other route options. See the symbol OPTIONS in the ip-route(8) manual page for the details. You may also specify metric, src, protocol, scope, from and table, which are technically not route options, in the sense used in the manual.

Type: attribute set of string

Default: { }

Example:

{
  mtu = "1492";
  window = "524288";
}

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name>.ipv4.routes.*.prefixLength

Subnet mask of the network, specified as the number of bits in the prefix (24).

Type: signed integer

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name>.ipv4.routes.*.type

Type of the route. See the Route types section in the ip-route(8) manual page for the details.

Note that prohibit, blackhole, unreachable, and throw cannot be configured per device, so they are not available here. Similarly, nat hasn’t been supported since kernel 2.6.

Type: null or one of “unicast”, “local”, “broadcast”, “multicast”

Default: null

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name>.ipv4.routes.*.via

IPv4 address of the next hop.

Type: null or string

Default: null

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name>.ipv6.addresses

List of IPv6 addresses that will be statically assigned to the interface.

Type: list of (submodule)

Default: [ ]

Example:

[
  {
    address = "fdfd:b3f0:482::1";
    prefixLength = 48;
  }
  {
    address = "2001:1470:fffd:2098::e006";
    prefixLength = 64;
  }
]

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name>.ipv6.addresses.*.address

IPv6 address of the interface. Leave empty to configure the interface using DHCP.

Type: string

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name>.ipv6.addresses.*.prefixLength

Subnet mask of the interface, specified as the number of bits in the prefix (64).

Type: signed integer

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name>.ipv6.routes

List of extra IPv6 static routes that will be assigned to the interface.

Type: list of (submodule)

Default: [ ]

Example:

[
  {
    address = "fdfd:b3f0::";
    prefixLength = 48;
  }
  {
    address = "2001:1470:fffd:2098::";
    prefixLength = 64;
    via = "fdfd:b3f0::1";
  }
]

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name>.ipv6.routes.*.address

IPv6 address of the network.

Type: string

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name>.ipv6.routes.*.options

Other route options. See the symbol OPTIONS in the ip-route(8) manual page for the details. You may also specify metric, src, protocol, scope, from and table, which are technically not route options, in the sense used in the manual.

Type: attribute set of string

Default: { }

Example:

{
  mtu = "1492";
  window = "524288";
}

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name>.ipv6.routes.*.prefixLength

Subnet mask of the network, specified as the number of bits in the prefix (64).

Type: signed integer

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name>.ipv6.routes.*.type

Type of the route. See the Route types section in the ip-route(8) manual page for the details.

Note that prohibit, blackhole, unreachable, and throw cannot be configured per device, so they are not available here. Similarly, nat hasn’t been supported since kernel 2.6.

Type: null or one of “unicast”, “local”, “broadcast”, “multicast”

Default: null

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name>.ipv6.routes.*.via

IPv6 address of the next hop.

Type: null or string

Default: null

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name>.macAddress

MAC address of the interface. Leave empty to use the default.

Type: null or string

Default: null

Example: "00:11:22:33:44:55"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name>.mtu

MTU size for packets leaving the interface. Leave empty to use the default.

Type: null or signed integer

Default: null

Example: 9000

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name>.name

Name of the interface.

Type: string

Example: "eth0"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name>.proxyARP

Turn on proxy_arp for this device. This is mainly useful for creating pseudo-bridges between a real interface and a virtual network such as VPN or a virtual machine for interfaces that don’t support real bridging (most wlan interfaces). As ARP proxying acts slightly above the link-layer, below-ip traffic isn’t bridged, so things like DHCP won’t work. The advantage above using NAT lies in the fact that no IP addresses are shared, so all hosts are reachable/routeable.

WARNING: turns on ip-routing, so if you have multiple interfaces, you should think of the consequence and setup firewall rules to limit this.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name>.tempAddress

When IPv6 is enabled with SLAAC, this option controls the use of temporary address (aka privacy extensions) on this interface. This is used to reduce tracking.

See also the global option networking.tempAddresses, which applies to all interfaces where this is not set.

Possible values are:

  • "default" to generate IPv6 temporary addresses and use these as source addresses in routing;

  • "disabled" to completely disable IPv6 temporary addresses;

  • "enabled" to generate IPv6 temporary addresses but still use EUI-64 addresses as source addresses;

Type: one of “default”, “disabled”, “enabled”

Default: config.networking.tempAddresses

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name>.useDHCP

Whether this interface should be configured with DHCP. Overrides the default set by networking.useDHCP. If null (the default), DHCP is enabled if the interface has no IPv4 addresses configured with networking.interfaces.<name>.ipv4.addresses, and disabled otherwise.

Type: null or boolean

Default: null

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name>.virtual

Whether this interface is virtual and should be created by tunctl. This is mainly useful for creating bridges between a host and a virtual network such as VPN or a virtual machine.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name>.virtualOwner

In case of a virtual device, the user who owns it.

Type: string

Default: "root"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name>.virtualType

The type of interface to create. The default is TUN for an interface name starting with “tun”, otherwise TAP.

Type: one of “tun”, “tap”

Default: if hasPrefix "tun" name then "tun" else "tap"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name>.wakeOnLan.enable

Whether to enable wol on this interface.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.interfaces.<name>.wakeOnLan.policy

The Wake-on-LAN policy to set for the device.

The options are

  • phy: Wake on PHY activity

  • unicast: Wake on unicast messages

  • multicast: Wake on multicast messages

  • broadcast: Wake on broadcast messages

  • arp: Wake on ARP

  • magic: Wake on receipt of a magic packet

Type: list of (one of “phy”, “unicast”, “multicast”, “broadcast”, “arp”, “magic”, “secureon”)

Default:

[
  "magic"
]

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.iproute2.enable

Whether to enable copying IP route configuration files.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/config/iproute2.nix>
networking.iproute2.rttablesExtraConfig

Verbatim lines to add to /etc/iproute2/rt_tables

Type: strings concatenated with “\n”

Default: ""

Declared by:

<nixpkgs/nixos/modules/config/iproute2.nix>
networking.jool.enable

Whether to enable Jool, an Open Source implementation of IPv4/IPv6 translation on Linux.

Jool can perform stateless IP/ICMP translation (SIIT) or stateful NAT64, analogous to the IPv4 NAPT. Refer to the upstream documentation for the supported modes of translation and how to configure them.

Enabling this option will install the Jool kernel module and the command line tools for controlling it.

Type: boolean

Default: false

Related packages:

Declared by:

<nixpkgs/nixos/modules/services/networking/jool.nix>
networking.jool.nat64

Definitions of NAT64 instances of Jool. See the documentation for the available options. Also check out the tutorial for an introduction to NAT64 and how to troubleshoot the setup.

The attribute name defines the name of the instance, with the main one being default: this can be accessed from the command line without specifying the name with -i.

Note

Instances created imperatively from the command line will not interfere with the NixOS instances, provided the respective pool4 addresses and port ranges are not overlapping.

Warning

Changes to an instance performed via jool -i <name> are applied correctly but will be lost after restarting the respective jool-nat64-<name>.service.

Type: attribute set of (JSON value)

Default: { }

Example:

{
  default = {
    # custom NAT64 prefix
    global.pool6 = "2001:db8:64::/96";

    # Port forwarding
    bib = [
      { # SSH 192.0.2.16 → 2001:db8:a::1
        "protocol"     = "TCP";
        "ipv4 address" = "192.0.2.16#22";
        "ipv6 address" = "2001:db8:a::1#22";
      }
      { # DNS (TCP) 192.0.2.16 → 2001:db8:a::2
        "protocol"     = "TCP";
        "ipv4 address" = "192.0.2.16#53";
        "ipv6 address" = "2001:db8:a::2#53";
      }
      { # DNS (UDP) 192.0.2.16 → 2001:db8:a::2
        "protocol" = "UDP";
        "ipv4 address" = "192.0.2.16#53";
        "ipv6 address" = "2001:db8:a::2#53";
      }
    ];

    pool4 = [
      # Port ranges for dynamic translation
      { protocol =  "TCP";  prefix = "192.0.2.16/32"; "port range" = "40001-65535"; }
      { protocol =  "UDP";  prefix = "192.0.2.16/32"; "port range" = "40001-65535"; }
      { protocol = "ICMP";  prefix = "192.0.2.16/32"; "port range" = "40001-65535"; }

      # Ports for static BIB entries
      { protocol =  "TCP";  prefix = "192.0.2.16/32"; "port range" = "22"; }
      { protocol =  "UDP";  prefix = "192.0.2.16/32"; "port range" = "53"; }
    ];
  };
}

Declared by:

<nixpkgs/nixos/modules/services/networking/jool.nix>
networking.jool.nat64.<name>.framework

The framework to use for attaching Jool’s translation to the exist kernel packet processing rules. See the documentation for the differences between the two options.

Type: one of “netfilter”, “iptables”

Default: "netfilter"

Declared by:

<nixpkgs/nixos/modules/services/networking/jool.nix>
networking.jool.nat64.<name>.global.pool6

The prefix used for embedding IPv4 into IPv6 addresses. Defaults to the well-known NAT64 prefix, defined by RFC 6052.

Type: Network prefix in CIDR notation

Default: "64:ff9b::/96"

Declared by:

<nixpkgs/nixos/modules/services/networking/jool.nix>
networking.jool.siit

Definitions of SIIT instances of Jool. See the documentation for the available options. Also check out the tutorial for an introduction to SIIT and how to troubleshoot the setup.

The attribute name defines the name of the instance, with the main one being default: this can be accessed from the command line without specifying the name with -i.

Note

Instances created imperatively from the command line will not interfere with the NixOS instances, provided the respective EAMT addresses and port ranges are not overlapping.

Warning

Changes to an instance performed via jool -i <name> are applied correctly but will be lost after restarting the respective jool-siit-<name>.service.

Type: attribute set of (JSON value)

Default: { }

Example:

{
  default = {
    # Maps any IPv4 address x.y.z.t to 2001:db8::x.y.z.t and v.v.
    global.pool6 = "2001:db8::/96";

    # Explicit address mappings
    eamt = [
      # 2001:db8:1:: ←→ 192.0.2.0
      { "ipv6 prefix" = "2001:db8:1::/128"; "ipv4 prefix" = "192.0.2.0"; }
      # 2001:db8:1::x ←→ 198.51.100.x
      { "ipv6 prefix" = "2001:db8:2::/120"; "ipv4 prefix" = "198.51.100.0/24"; }
    ];
  };
}

Declared by:

<nixpkgs/nixos/modules/services/networking/jool.nix>
networking.jool.siit.<name>.framework

The framework to use for attaching Jool’s translation to the exist kernel packet processing rules. See the documentation for the differences between the two options.

Type: one of “netfilter”, “iptables”

Default: "netfilter"

Declared by:

<nixpkgs/nixos/modules/services/networking/jool.nix>
networking.localCommands

Shell commands to be executed at the end of the network-setup systemd service. Note that if you are using DHCP to obtain the network configuration, interfaces may not be fully configured yet.

Type: strings concatenated with “\n”

Default: ""

Example: "text=anything; echo You can put $text here."

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.macvlans

This option allows you to define macvlan interfaces which should be automatically created.

Type: attribute set of (submodule)

Default: { }

Example:

{
  wan = {
    interface = "enp2s0";
    mode = "vepa";
  };
}

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.macvlans.<name>.interface

The interface the macvlan will transmit packets through.

Type: string

Example: "enp4s0"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.macvlans.<name>.mode

The mode of the macvlan device.

Type: null or string

Default: null

Example: "vepa"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.nameservers

The list of nameservers. It can be left empty if it is auto-detected through DHCP.

Type: list of string

Default: [ ]

Example:

[
  "130.161.158.4"
  "130.161.33.17"
]

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.nat.enable

Whether to enable Network Address Translation (NAT).

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/nat.nix>
networking.nat.enableIPv6

Whether to enable IPv6 NAT.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/nat.nix>
networking.nat.dmzHost

The local IP address to which all traffic that does not match any forwarding rule is forwarded.

Type: null or string

Default: null

Example: "10.0.0.1"

Declared by:

<nixpkgs/nixos/modules/services/networking/nat.nix>
networking.nat.externalIP

The public IP address to which packets from the local network are to be rewritten. If this is left empty, the IP address associated with the external interface will be used.

Type: null or string

Default: null

Example: "203.0.113.123"

Declared by:

<nixpkgs/nixos/modules/services/networking/nat.nix>
networking.nat.externalIPv6

The public IPv6 address to which packets from the local network are to be rewritten. If this is left empty, the IP address associated with the external interface will be used.

Type: null or string

Default: null

Example: "2001:dc0:2001:11::175"

Declared by:

<nixpkgs/nixos/modules/services/networking/nat.nix>
networking.nat.externalInterface

The name of the external network interface.

Type: null or string

Default: null

Example: "eth1"

Declared by:

<nixpkgs/nixos/modules/services/networking/nat.nix>
networking.nat.extraCommands

Additional shell commands executed as part of the nat initialisation script.

This option is incompatible with the nftables based nat module.

Type: strings concatenated with “\n”

Default: ""

Example: "iptables -A INPUT -p icmp -j ACCEPT"

Declared by:

<nixpkgs/nixos/modules/services/networking/nat-iptables.nix>
networking.nat.extraStopCommands

Additional shell commands executed as part of the nat teardown script.

This option is incompatible with the nftables based nat module.

Type: strings concatenated with “\n”

Default: ""

Example: "iptables -D INPUT -p icmp -j ACCEPT || true"

Declared by:

<nixpkgs/nixos/modules/services/networking/nat-iptables.nix>
networking.nat.forwardPorts

List of forwarded ports from the external interface to internal destinations by using DNAT. Destination can be IPv6 if IPv6 NAT is enabled.

Type: list of (submodule)

Default: [ ]

Example:

[
  {
    destination = "10.0.0.1:80";
    proto = "tcp";
    sourcePort = 8080;
  }
  {
    destination = "[fc00::2]:80";
    proto = "tcp";
    sourcePort = 8080;
  }
]

Declared by:

<nixpkgs/nixos/modules/services/networking/nat.nix>
networking.nat.forwardPorts.*.destination

Forward connection to destination ip:port (or [ipv6]:port); to specify a port range, use ip:start-end

Type: string

Example: "10.0.0.1:80"

Declared by:

<nixpkgs/nixos/modules/services/networking/nat.nix>
networking.nat.forwardPorts.*.loopbackIPs

Public IPs for NAT reflection; for connections to loopbackip:sourcePort from the host itself and from other hosts behind NAT

Type: list of string

Default: [ ]

Example: [ "55.1.2.3" ]

Declared by:

<nixpkgs/nixos/modules/services/networking/nat.nix>
networking.nat.forwardPorts.*.proto

Protocol of forwarded connection

Type: string

Default: "tcp"

Example: "udp"

Declared by:

<nixpkgs/nixos/modules/services/networking/nat.nix>
networking.nat.forwardPorts.*.sourcePort

Source port of the external interface; to specify a port range, use a string with a colon (e.g. “60000:61000”)

Type: signed integer or string matching the pattern [[:digit:]]+:[[:digit:]]+

Example: 8080

Declared by:

<nixpkgs/nixos/modules/services/networking/nat.nix>
networking.nat.internalIPs

The IP address ranges for which to perform NAT. Packets coming from these addresses (on any interface) and destined for the external interface will be rewritten.

Type: list of string

Default: [ ]

Example:

[
  "192.168.1.0/24"
]

Declared by:

<nixpkgs/nixos/modules/services/networking/nat.nix>
networking.nat.internalIPv6s

The IPv6 address ranges for which to perform NAT. Packets coming from these addresses (on any interface) and destined for the external interface will be rewritten.

Type: list of string

Default: [ ]

Example:

[
  "fc00::/64"
]

Declared by:

<nixpkgs/nixos/modules/services/networking/nat.nix>
networking.nat.internalInterfaces

The interfaces for which to perform NAT. Packets coming from these interface and destined for the external interface will be rewritten.

Type: list of string

Default: [ ]

Example:

[
  "eth0"
]

Declared by:

<nixpkgs/nixos/modules/services/networking/nat.nix>
networking.networkmanager.enable

Whether to use NetworkManager to obtain an IP address and other configuration for all network interfaces that are not manually configured. If enabled, a group networkmanager will be created. Add all users that should have permission to change network settings to this group.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
networking.networkmanager.enableStrongSwan

Enable the StrongSwan plugin.

If you enable this option the networkmanager_strongswan plugin will be added to the networking.networkmanager.plugins option so you don’t need to do that yourself.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
networking.networkmanager.appendNameservers

A list of name servers that should be appended to the ones configured in NetworkManager or received by DHCP.

Type: list of string

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
networking.networkmanager.connectionConfig

Configuration for the [connection] section of NetworkManager.conf. Refer to https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html#id-1.2.3.11 or NetworkManager.conf(5) for more information.

Type: attribute set of (null or boolean or signed integer or string)

Default: { }

Declared by:

<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
networking.networkmanager.dhcp

Which program (or internal library) should be used for DHCP.

Type: one of “dhcpcd”, “internal”

Default: "internal"

Declared by:

<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
networking.networkmanager.dispatcherScripts

A list of scripts which will be executed in response to network events.

Type: list of (submodule)

Default: [ ]

Example:

[ {
  source = pkgs.writeText "upHook" ''
    if [ "$2" != "up" ]; then
      logger "exit: event $2 != up"
      exit
    fi

    # coreutils and iproute are in PATH too
    logger "Device $DEVICE_IFACE coming up"
  '';
  type = "basic";
} ]

Declared by:

<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
networking.networkmanager.dispatcherScripts.*.source

Path to the hook script.

Type: path

Declared by:

<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
networking.networkmanager.dispatcherScripts.*.type

Dispatcher hook type. Look up the hooks described at https://developer.gnome.org/NetworkManager/stable/NetworkManager.html and choose the type depending on the output folder. You should then filter the event type (e.g., “up”/“down”) from within your script.

Type: one of “basic”, “pre-down”, “pre-up”

Default: "basic"

Declared by:

<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
networking.networkmanager.dns

Set the DNS (resolv.conf) processing mode.

A description of these modes can be found in the main section of https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html or in NetworkManager.conf(5).

Type: one of “default”, “dnsmasq”, “systemd-resolved”, “none”

Default: "default"

Declared by:

<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
networking.networkmanager.ensureProfiles.environmentFiles

Files to load as environment file. Environment variables from this file will be substituted into the static configuration file using envsubst.

Type: list of path

Default: [ ]

Example:

[
  "/run/secrets/network-manager.env"
]

Declared by:

<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
networking.networkmanager.ensureProfiles.profiles

Declaratively define NetworkManager profiles. You can find information about the generated file format here and here. You current profiles which are most likely stored in /etc/NetworkManager/system-connections and there is a tool to convert them to the needed nix code. If you add a new ad-hoc connection via a GUI or nmtui or anything similar it should just work together with the declarative ones. And if you edit a declarative profile NetworkManager will move it to the persistent storage and treat it like a ad-hoc one, but there will be two profiles as soon as the systemd unit from this option runs again which can be confusing since NetworkManager tools will start displaying two profiles with the same name and probably a bit different settings depending on what you edited. A profile won’t be deleted even if it’s removed from the config until the system reboots because that’s when NetworkManager clears it’s temp directory. If networking.resolvconf.enable is true, attributes affecting the name resolution (such as ignore-auto-dns) may not end up changing /etc/resolv.conf as expected when other name services (for example networking.dhcpcd) are enabled. Run resolvconf -l in the terminal to see what each service produces.

Type: attribute set of (attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string)))

Default: { }

Example:

{
  home-wifi = {
    connection = {
      id = "home-wifi";
      permissions = "";
      type = "wifi";
    };
    ipv4 = {
      dns-search = "";
      method = "auto";
    };
    ipv6 = {
      addr-gen-mode = "stable-privacy";
      dns-search = "";
      method = "auto";
    };
    wifi = {
      mac-address-blacklist = "";
      mode = "infrastructure";
      ssid = "Home Wi-Fi";
    };
    wifi-security = {
      auth-alg = "open";
      key-mgmt = "wpa-psk";
      psk = "$HOME_WIFI_PASSWORD";
    };
  };
}

Declared by:

<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
networking.networkmanager.ensureProfiles.profiles.<name>.connection.id

This is the name that will be displayed by NetworkManager and GUIs.

Type: string

Declared by:

<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
networking.networkmanager.ensureProfiles.profiles.<name>.connection.type

The connection type defines the connection kind, like vpn, wireguard, gsm, wifi and more.

Type: string

Example: "vpn"

Declared by:

<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
networking.networkmanager.ethernet.macAddress

Set the MAC address of the interface.

  • "XX:XX:XX:XX:XX:XX": MAC address of the interface

  • "permanent": Use the permanent MAC address of the device

  • "preserve": Don’t change the MAC address of the device upon activation

  • "random": Generate a randomized value upon each connect

  • "stable": Generate a stable, hashed MAC address

Type: string or one of “permanent”, “preserve”, “random”, “stable”

Default: "preserve"

Example: "00:11:22:33:44:55"

Declared by:

<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
networking.networkmanager.fccUnlockScripts

List of FCC unlock scripts to enable on the system, behaving as described in https://modemmanager.org/docs/modemmanager/fcc-unlock/#integration-with-third-party-fcc-unlock-tools.

Type: list of (submodule)

Default: [ ]

Example: [{ id = "03f0:4e1d"; path = "${pkgs.modemmanager}/share/ModemManager/fcc-unlock.available.d/03f0:4e1d"; }]

Declared by:

<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
networking.networkmanager.fccUnlockScripts.*.id

vid:pid of either the PCI or USB vendor and product ID

Type: string

Declared by:

<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
networking.networkmanager.fccUnlockScripts.*.path

Path to the unlock script

Type: path

Declared by:

<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
networking.networkmanager.insertNameservers

A list of name servers that should be inserted before the ones configured in NetworkManager or received by DHCP.

Type: list of string

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
networking.networkmanager.logLevel

Set the default logging verbosity level.

Type: one of “OFF”, “ERR”, “WARN”, “INFO”, “DEBUG”, “TRACE”

Default: "WARN"

Declared by:

<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
networking.networkmanager.plugins

List of NetworkManager plug-ins to enable. Some plug-ins are enabled by the NetworkManager module by default.

Type: list of NetworkManager plug-in

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
networking.networkmanager.settings

Configuration added to the generated NetworkManager.conf, note that you can overwrite settings with this. Refer to https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html or NetworkManager.conf(5) for more information.

Type: attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))

Default: { }

Declared by:

<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
networking.networkmanager.unmanaged

List of interfaces that will not be managed by NetworkManager. Interface name can be specified here, but if you need more fidelity, refer to https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html#device-spec or the “Device List Format” Appendix of NetworkManager.conf(5).

Type: list of string

Default: [ ]

Declared by:

<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
networking.networkmanager.wifi.backend

Specify the Wi-Fi backend used for the device. Currently supported are wpa_supplicant or iwd (experimental).

Type: one of “wpa_supplicant”, “iwd”

Default: "wpa_supplicant"

Declared by:

<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
networking.networkmanager.wifi.macAddress

Set the MAC address of the interface.

  • "XX:XX:XX:XX:XX:XX": MAC address of the interface

  • "permanent": Use the permanent MAC address of the device

  • "preserve": Don’t change the MAC address of the device upon activation

  • "random": Generate a randomized value upon each connect

  • "stable": Generate a stable, hashed MAC address

  • "stable-ssid": Generate a stable MAC addressed based on Wi-Fi network

Type: string or one of “permanent”, “preserve”, “random”, “stable”, “stable-ssid”

Default: "preserve"

Example: "00:11:22:33:44:55"

Declared by:

<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
networking.networkmanager.wifi.powersave

Whether to enable Wi-Fi power saving.

Type: null or boolean

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
networking.networkmanager.wifi.scanRandMacAddress

Whether to enable MAC address randomization of a Wi-Fi device during scanning.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
networking.nftables.enable

Whether to enable nftables and use nftables based firewall if enabled. nftables is a Linux-based packet filtering framework intended to replace frameworks like iptables.

Note that if you have Docker enabled you will not be able to use nftables without intervention. Docker uses iptables internally to setup NAT for containers. This module disables the ip_tables kernel module, however Docker automatically loads the module. Please see https://github.com/NixOS/nixpkgs/issues/24318#issuecomment-289216273 for more information.

There are other programs that use iptables internally too, such as libvirt. For information on how the two firewalls interact, see https://wiki.nftables.org/wiki-nftables/index.php/Troubleshooting#Question_4._How_do_nftables_and_iptables_interact_when_used_on_the_same_system.3F.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/nftables.nix>
networking.nftables.checkRuleset

Run nft check on the ruleset to spot syntax errors during build. Because this is executed in a sandbox, the check might fail if it requires access to any environmental factors or paths outside the Nix store. To circumvent this, the ruleset file can be edited using the preCheckRuleset option to work in the sandbox environment.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/nftables.nix>
networking.nftables.checkRulesetRedirects

Set of paths that should be intercepted and rewritten while checking the ruleset using pkgs.buildPackages.libredirect.

Type: attribute set of path

Default:

{
  "/etc/hosts" = config.environment.etc.hosts.source;
  "/etc/protocols" = config.environment.etc.protocols.source;
  "/etc/services" = config.environment.etc.services.source;
}

Declared by:

<nixpkgs/nixos/modules/services/networking/nftables.nix>
networking.nftables.extraDeletions

Extra deletion commands to be run on every firewall start, reload and after stopping the firewall.

Type: strings concatenated with “\n”

Default: ""

Example:

''
  # this makes deleting a non-existing table a no-op instead of an error
  table inet some-table;
  
  delete table inet some-table;
''

Declared by:

<nixpkgs/nixos/modules/services/networking/nftables.nix>
networking.nftables.flattenRulesetFile

Use builtins.readFile rather than include to handle networking.nftables.rulesetFile. It is useful when you want to apply networking.nftables.preCheckRuleset to networking.nftables.rulesetFile.

Note

It is expected that networking.nftables.rulesetFile can be accessed from the build sandbox.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/services/networking/nftables.nix>
networking.nftables.flushRuleset

Whether to enable flushing the entire ruleset on each reload.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/networking/nftables.nix>
networking.nftables.preCheckRuleset

This script gets run before the ruleset is checked. It can be used to create additional files needed for the ruleset check to work, or modify the ruleset for cases the build environment cannot cover.

Type: strings concatenated with “\n”

Default: ""

Example:

sed 's/skgid meadow/skgid nogroup/g' -i ruleset.conf

Declared by:

<nixpkgs/nixos/modules/services/networking/nftables.nix>
networking.nftables.ruleset

The ruleset to be used with nftables. Should be in a format that can be loaded using “/bin/nft -f”. The ruleset is updated atomically. Note that if the tables should be cleaned first, either:

  • networking.nftables.flushRuleset = true; needs to be set (flushes all tables)

  • networking.nftables.extraDeletions needs to be set

  • or networking.nftables.tables can be used, which will clean up the table automatically

Type: strings concatenated with “\n”

Default: ""

Example:

''
  # Check out https://wiki.nftables.org/ for better documentation.
  # Table for both IPv4 and IPv6.
  table inet filter {
    # Block all incoming connections traffic except SSH and "ping".
    chain input {
      type filter hook input priority 0;
  
      # accept any localhost traffic
      iifname lo accept
  
      # accept traffic originated from us
      ct state {established, related} accept
  
      # ICMP
      # routers may also want: mld-listener-query, nd-router-solicit
      ip6 nexthdr icmpv6 icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept
      ip protocol icmp icmp type { destination-unreachable, router-advertisement, time-exceeded, parameter-problem } accept
  
      # allow "ping"
      ip6 nexthdr icmpv6 icmpv6 type echo-request accept
      ip protocol icmp icmp type echo-request accept
  
      # accept SSH connections (required for a server)
      tcp dport 22 accept
  
      # count and drop any other traffic
      counter drop
    }
  
    # Allow all outgoing connections.
    chain output {
      type filter hook output priority 0;
      accept
    }
  
    chain forward {
      type filter hook forward priority 0;
      accept
    }
  }
''

Declared by:

<nixpkgs/nixos/modules/services/networking/nftables.nix>
networking.nftables.rulesetFile

The ruleset file to be used with nftables. Should be in a format that can be loaded using “nft -f”. The ruleset is updated atomically.

Type: null or path

Default: null

Declared by:

<nixpkgs/nixos/modules/services/networking/nftables.nix>
networking.nftables.tables

Tables to be added to ruleset. Tables will be added together with delete statements to clean up the table before every update.

Type: attribute set of (submodule)

Default: { }

Example:

{
  filter = {
    content = ''
      # Check out https://wiki.nftables.org/ for better documentation.
      # Table for both IPv4 and IPv6.
      # Block all incoming connections traffic except SSH and "ping".
      chain input {
        type filter hook input priority 0;
      
        # accept any localhost traffic
        iifname lo accept
      
        # accept traffic originated from us
        ct state {established, related} accept
      
        # ICMP
        # routers may also want: mld-listener-query, nd-router-solicit
        ip6 nexthdr icmpv6 icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept
        ip protocol icmp icmp type { destination-unreachable, router-advertisement, time-exceeded, parameter-problem } accept
      
        # allow "ping"
        ip6 nexthdr icmpv6 icmpv6 type echo-request accept
        ip protocol icmp icmp type echo-request accept
      
        # accept SSH connections (required for a server)
        tcp dport 22 accept
      
        # count and drop any other traffic
        counter drop
      }
      
      # Allow all outgoing connections.
      chain output {
        type filter hook output priority 0;
        accept
      }
      
      chain forward {
        type filter hook forward priority 0;
        accept
      }
    '';
    family = "inet";
  };
}

Declared by:

<nixpkgs/nixos/modules/services/networking/nftables.nix>
networking.nftables.tables.<name>.enable

Enable this table.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/nftables.nix>
networking.nftables.tables.<name>.content

The table content.

Type: strings concatenated with “\n”

Declared by:

<nixpkgs/nixos/modules/services/networking/nftables.nix>
networking.nftables.tables.<name>.family

Table family.

Type: one of “ip”, “ip6”, “inet”, “arp”, “bridge”, “netdev”

Declared by:

<nixpkgs/nixos/modules/services/networking/nftables.nix>
networking.nftables.tables.<name>.name

Table name.

Type: string

Declared by:

<nixpkgs/nixos/modules/services/networking/nftables.nix>
networking.openconnect.package

The openconnect package to use.

Type: package

Default: pkgs.openconnect

Declared by:

<nixpkgs/nixos/modules/services/networking/openconnect.nix>
networking.openconnect.interfaces

OpenConnect interfaces.

Type: attribute set of (submodule)

Default: { }

Example:

{
  openconnect0 = {
    gateway = "gateway.example.com";
    passwordFile = "/var/lib/secrets/openconnect-passwd";
    protocol = "anyconnect";
    user = "example-user";
  };
}

Declared by:

<nixpkgs/nixos/modules/services/networking/openconnect.nix>
networking.openconnect.interfaces.<name>.autoStart

Whether this VPN connection should be started automatically.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/services/networking/openconnect.nix>
networking.openconnect.interfaces.<name>.certificate

Certificate to authenticate with.

Type: null or path or PKCS#11 URI

Default: null

Example: "/var/lib/secrets/openconnect_certificate.pem"

Declared by:

<nixpkgs/nixos/modules/services/networking/openconnect.nix>
networking.openconnect.interfaces.<name>.extraOptions

Extra config to be appended to the interface config. It should contain long-format options as would be accepted on the command line by openconnect (see https://www.infradead.org/openconnect/manual.html). Non-key-value options like deflate can be used by declaring them as booleans, i. e. deflate = true;.

Type: attribute set of (string or boolean)

Default: { }

Example:

{
  compression = "stateless";
  no-dtls = true;
  no-http-keepalive = true;
}

Declared by:

<nixpkgs/nixos/modules/services/networking/openconnect.nix>
networking.openconnect.interfaces.<name>.gateway

Gateway server to connect to.

Type: string

Example: "gateway.example.com"

Declared by:

<nixpkgs/nixos/modules/services/networking/openconnect.nix>
networking.openconnect.interfaces.<name>.passwordFile

File containing the password to authenticate with. This is passed to openconnect via the --passwd-on-stdin option.

Type: null or path

Default: null

Example: "/var/lib/secrets/openconnect-passwd"

Declared by:

<nixpkgs/nixos/modules/services/networking/openconnect.nix>
networking.openconnect.interfaces.<name>.privateKey

Private key to authenticate with.

Type: null or path or PKCS#11 URI

Default: null

Example: "/var/lib/secrets/openconnect_private_key.pem"

Declared by:

<nixpkgs/nixos/modules/services/networking/openconnect.nix>
networking.openconnect.interfaces.<name>.protocol

Protocol to use.

Type: one of “anyconnect”, “array”, “nc”, “pulse”, “gp”, “f5”, “fortinet”

Example: "anyconnect"

Declared by:

<nixpkgs/nixos/modules/services/networking/openconnect.nix>
networking.openconnect.interfaces.<name>.user

Username to authenticate with.

Type: null or string

Default: null

Example: "example-user"

Declared by:

<nixpkgs/nixos/modules/services/networking/openconnect.nix>
networking.proxy.allProxy

This option specifies the all_proxy environment variable.

Type: null or string

Default: config.networking.proxy.default

Example: "http://127.0.0.1:3128"

Declared by:

<nixpkgs/nixos/modules/config/networking.nix>
networking.proxy.default

This option specifies the default value for httpProxy, httpsProxy, ftpProxy and rsyncProxy.

Type: null or string

Default: null

Example: "http://127.0.0.1:3128"

Declared by:

<nixpkgs/nixos/modules/config/networking.nix>
networking.proxy.ftpProxy

This option specifies the ftp_proxy environment variable.

Type: null or string

Default: config.networking.proxy.default

Example: "http://127.0.0.1:3128"

Declared by:

<nixpkgs/nixos/modules/config/networking.nix>
networking.proxy.httpProxy

This option specifies the http_proxy environment variable.

Type: null or string

Default: config.networking.proxy.default

Example: "http://127.0.0.1:3128"

Declared by:

<nixpkgs/nixos/modules/config/networking.nix>
networking.proxy.httpsProxy

This option specifies the https_proxy environment variable.

Type: null or string

Default: config.networking.proxy.default

Example: "http://127.0.0.1:3128"

Declared by:

<nixpkgs/nixos/modules/config/networking.nix>
networking.proxy.noProxy

This option specifies the no_proxy environment variable. If a default proxy is used and noProxy is null, then noProxy will be set to 127.0.0.1,localhost.

Type: null or string

Default: null

Example: "127.0.0.1,localhost,.localdomain"

Declared by:

<nixpkgs/nixos/modules/config/networking.nix>
networking.proxy.rsyncProxy

This option specifies the rsync_proxy environment variable.

Type: null or string

Default: config.networking.proxy.default

Example: "http://127.0.0.1:3128"

Declared by:

<nixpkgs/nixos/modules/config/networking.nix>
networking.resolvconf.enable

Whether DNS configuration is managed by resolvconf.

Type: boolean

Default: !(config.environment.etc ? "resolv.conf")

Declared by:

<nixpkgs/nixos/modules/config/resolvconf.nix>
networking.resolvconf.package

The package that provides the system-wide resolvconf command. Defaults to openresolv if this module is enabled. Otherwise, can be used by other modules (for example services.resolved) to provide a compatibility layer.

This option generally shouldn’t be set by the user.

Type: package

Default: pkgs.openresolv

Declared by:

<nixpkgs/nixos/modules/config/resolvconf.nix>
networking.resolvconf.dnsExtensionMechanism

Enable the edns0 option in resolv.conf. With that option set, glibc supports use of the extension mechanisms for DNS (EDNS) specified in RFC 2671. The most popular user of that feature is DNSSEC, which does not work without it.

Type: boolean

Default: true

Declared by:

<nixpkgs/nixos/modules/config/resolvconf.nix>
networking.resolvconf.dnsSingleRequest

Recent versions of glibc will issue both ipv4 (A) and ipv6 (AAAA) address queries at the same time, from the same port. Sometimes upstream routers will systemically drop the ipv4 queries. The symptom of this problem is that ‘getent hosts example.com’ only returns ipv6 (or perhaps only ipv4) addresses. The workaround for this is to specify the option ‘single-request’ in /etc/resolv.conf. This option enables that.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/resolvconf.nix>
networking.resolvconf.extraConfig

Extra configuration to append to resolvconf.conf.

Type: strings concatenated with “\n”

Default: ""

Example: "libc=NO"

Declared by:

<nixpkgs/nixos/modules/config/resolvconf.nix>
networking.resolvconf.extraOptions

Set the options in /etc/resolv.conf.

Type: list of string

Default: [ ]

Example:

[
  "ndots:1"
  "rotate"
]

Declared by:

<nixpkgs/nixos/modules/config/resolvconf.nix>
networking.resolvconf.useLocalResolver

Use local DNS server for resolving.

Type: boolean

Default: false

Declared by:

<nixpkgs/nixos/modules/config/resolvconf.nix>
networking.rxe.enable

Whether to enable RDMA over converged ethernet.

Type: boolean

Default: false

Example: true

Declared by:

<nixpkgs/nixos/modules/services/networking/rxe.nix>
networking.rxe.interfaces

Enable RDMA on the listed interfaces. The corresponding virtual RDMA interfaces will be named rxe_<interface>. UDP port 4791 must be open on the respective ethernet interfaces.

Type: list of string

Default: [ ]

Example:

[
  "eth0"
]

Declared by:

<nixpkgs/nixos/modules/services/networking/rxe.nix>
networking.search

The list of search paths used when resolving domain names.

Type: list of string

Default: [ ]

Example:

[
  "example.com"
  "home.arpa"
]

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.sits

This option allows you to define 6-to-4 interfaces which should be automatically created.

Type: attribute set of (submodule)

Default: { }

Example:

{
  hurricane = {
    remote = "10.0.0.1";
    local = "10.0.0.22";
    ttl = 255;
  };
  msipv6 = {
    remote = "192.168.0.1";
    dev = "enp3s0";
    ttl = 127;
  };
}

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.sits.<name>.dev

The underlying network device on which the tunnel resides.

Type: null or string

Default: null

Example: "enp4s0f0"

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.sits.<name>.encapsulation

Configures encapsulation in UDP packets.

Type: null or (submodule)

Default: null

Example:

{
  port = 9001;
  type = "fou";
}

Declared by:

<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
networking.sits.<name>.encapsulation.port

Destination port for encapsulated packets.

Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Example: 9001

Declared by:

<nixpkgs/nixos/mod