_module.args
Additional arguments passed to each module in addition to ones
like lib
, config
,
and pkgs
, modulesPath
.
This option is also available to all submodules. Submodules do not
inherit args from their parent module, nor do they provide args to
their parent module or sibling submodules. The sole exception to
this is the argument name
which is provided by
parent modules to a submodule and contains the attribute name
the submodule is bound to, or a unique generated name if it is
not bound to an attribute.
Some arguments are already passed by default, of which the following cannot be changed with this option:
lib
: The nixpkgs library.
config
: The results of all options after merging the values from all modules together.
options
: The options declared in all modules.
specialArgs
: The specialArgs
argument passed to evalModules
.
All attributes of specialArgs
Whereas option values can generally depend on other option values
thanks to laziness, this does not apply to imports
, which
must be computed statically before anything else.
For this reason, callers of the module system can provide specialArgs
which are available during import resolution.
For NixOS, specialArgs
includes
modulesPath
, which allows you to import
extra modules from the nixpkgs package tree without having to
somehow make the module aware of the location of the
nixpkgs
or NixOS directories.
{ modulesPath, ... }: {
imports = [
(modulesPath + "/profiles/minimal.nix")
];
}
For NixOS, the default value for this option includes at least this argument:
pkgs
: The nixpkgs package set according to
the nixpkgs.pkgs
option.
Type: lazy attribute set of raw value
Declared by:
<nixpkgs/lib/modules.nix>
|
appstream.enable
Whether to install files to support the AppStream metadata specification.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/config/appstream.nix>
|
boot.enableContainers
Whether to enable support for NixOS containers. Defaults to true (at no cost if containers are not actually used).
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
boot.bcache.enable
Whether to enable bcache mount support.
Type: boolean
Default:
true
Example:
false
Declared by:
<nixpkgs/nixos/modules/tasks/bcache.nix>
|
boot.binfmt.addEmulatedSystemsToNixSandbox
Whether to add the boot.binfmt.emulatedSystems
to nix.settings.extra-platforms
.
Disable this to use remote builders for those platforms, while allowing testing binaries locally.
Type: boolean
Default:
true
Example:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/binfmt.nix>
|
boot.binfmt.emulatedSystems
List of systems to emulate. Will also configure Nix to support your new systems. Warning: the builder can execute all emulated systems within the same build, which introduces impurities in the case of cross compilation.
Type: list of (one of “aarch64-linux”, “aarch64_be-linux”, “alpha-linux”, “armv6l-linux”, “armv7l-linux”, “i386-linux”, “i486-linux”, “i586-linux”, “i686-linux”, “i686-windows”, “loongarch64-linux”, “mips-linux”, “mips64-linux”, “mips64-linuxabin32”, “mips64el-linux”, “mips64el-linuxabin32”, “mipsel-linux”, “powerpc-linux”, “powerpc64-linux”, “powerpc64le-linux”, “riscv32-linux”, “riscv64-linux”, “s390x-linux”, “sparc-linux”, “sparc64-linux”, “wasm32-wasi”, “wasm64-wasi”, “x86_64-linux”, “x86_64-windows”)
Default:
[ ]
Example:
[
"wasm32-wasi"
"x86_64-windows"
"aarch64-linux"
]
Declared by:
<nixpkgs/nixos/modules/system/boot/binfmt.nix>
|
boot.binfmt.preferStaticEmulators
Whether to use static emulators when available.
This enables the kernel to preload the emulator binaries when the binfmt registrations are added, obviating the need to make the emulator binaries available inside chroots and chroot-like sandboxes.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/binfmt.nix>
|
boot.binfmt.registrations
Extra binary formats to register with the kernel. See https://www.kernel.org/doc/html/latest/admin-guide/binfmt-misc.html for more details.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/system/boot/binfmt.nix>
|
boot.binfmt.registrations.<name>.fixBinary
Whether to open the interpreter file as soon as the registration is loaded, rather than waiting for a relevant file to be invoked.
See the description of the ‘F’ flag in the kernel docs for more details.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/binfmt.nix>
|
boot.binfmt.registrations.<name>.interpreter
The interpreter to invoke to run the program.
Note that the actual registration will point to /run/binfmt/${name}, so the kernel interpreter length limit doesn’t apply.
Type: absolute path
Declared by:
<nixpkgs/nixos/modules/system/boot/binfmt.nix>
|
boot.binfmt.registrations.<name>.magicOrExtension
The magic number or extension to match on.
Type: string
Declared by:
<nixpkgs/nixos/modules/system/boot/binfmt.nix>
|
boot.binfmt.registrations.<name>.mask
A mask to be ANDed with the byte sequence of the file before matching
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/system/boot/binfmt.nix>
|
boot.binfmt.registrations.<name>.matchCredentials
Whether to launch with the credentials and security token of the binary, not the interpreter (e.g. setuid bit).
See the description of the ‘C’ flag in the kernel docs for more details.
Implies/requires openBinary = true.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/binfmt.nix>
|
boot.binfmt.registrations.<name>.offset
The byte offset of the magic number used for recognition.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/system/boot/binfmt.nix>
|
boot.binfmt.registrations.<name>.openBinary
Whether to pass the binary to the interpreter as an open file descriptor, instead of a path.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/binfmt.nix>
|
boot.binfmt.registrations.<name>.preserveArgvZero
Whether to pass the original argv[0] to the interpreter.
See the description of the ‘P’ flag in the kernel docs for more details;
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/binfmt.nix>
|
boot.binfmt.registrations.<name>.recognitionType
Whether to recognize executables by magic number or extension.
Type: one of “magic”, “extension”
Default:
"magic"
Declared by:
<nixpkgs/nixos/modules/system/boot/binfmt.nix>
|
boot.binfmt.registrations.<name>.wrapInterpreterInShell
Whether to wrap the interpreter in a shell script.
This allows a shell command to be set as the interpreter.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/binfmt.nix>
|
boot.blacklistedKernelModules
List of names of kernel modules that should not be loaded automatically by the hardware probing code.
Type: list of string
Default:
[ ]
Example:
[
"cirrusfb"
"i2c_piix4"
]
Declared by:
<nixpkgs/nixos/modules/system/boot/modprobe.nix>
|
boot.bootspec.enableValidation
Whether to enable the validation of bootspec documents for each build. This will introduce Go in the build-time closure as we are relying on Cuelang for schema validation. Enable this option if you want to ascertain that your documents are correct .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/system/activation/bootspec.nix>
|
boot.bootspec.extensions
User-defined data that extends the bootspec document.
To reduce incompatibility and prevent names from clashing between applications, it is highly recommended to use a unique namespace for your extensions.
Type: attribute set of anything
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/system/activation/bootspec.nix>
|
boot.consoleLogLevel
The kernel console loglevel
. All Kernel Messages with a log level smaller
than this setting will be printed to the console.
Type: signed integer
Default:
4
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
|
boot.crashDump.enable
If enabled, NixOS will set up a kernel that will boot on crash, and leave the user in systemd rescue to be able to save the crashed kernel dump at /proc/vmcore. It also activates the NMI watchdog.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/misc/crashdump.nix>
|
boot.crashDump.kernelParams
Parameters that will be passed to the kernel kexec-ed on crash.
Type: list of string
Default:
[
"1"
"boot.shell_on_fail"
]
Declared by:
<nixpkgs/nixos/modules/misc/crashdump.nix>
|
boot.crashDump.reservedMemory
The amount of memory reserved for the crashdump kernel. If you choose a too high value, dmesg will mention “crashkernel reservation failed”.
Type: string
Default:
"128M"
Declared by:
<nixpkgs/nixos/modules/misc/crashdump.nix>
|
boot.devShmSize
Size limit for the /dev/shm tmpfs. Look at mount(8), tmpfs size option, for the accepted syntax.
Type: string
Default:
"50%"
Example:
"256m"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
boot.devSize
Size limit for the /dev tmpfs. Look at mount(8), tmpfs size option, for the accepted syntax.
Type: string
Default:
"5%"
Example:
"32m"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
boot.extraModprobeConfig
Any additional configuration to be appended to the generated
modprobe.conf
. This is typically used to
specify module options. See
modprobe.d(5) for details.
Type: strings concatenated with “\n”
Default:
""
Example:
''
options parport_pc io=0x378 irq=7 dma=1
''
Declared by:
<nixpkgs/nixos/modules/system/boot/modprobe.nix>
|
boot.extraModulePackages
A list of additional packages supplying kernel modules.
Type: list of package
Default:
[ ]
Example:
[ config.boot.kernelPackages.nvidia_x11 ]
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
|
boot.extraSystemdUnitPaths
Additional paths that get appended to the SYSTEMD_UNIT_PATH environment variable that can contain mutable unit files.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-2.nix>
|
boot.growPartition
Whether to enable growing the root partition on boot.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/grow-partition.nix>
|
boot.hardwareScan
Whether to try to load kernel modules for all detected hardware. Usually this does a good job of providing you with the modules you need, but sometimes it can crash the system or cause other nasty effects.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/hardware/udev.nix>
|
boot.initrd.enable
Whether to enable the NixOS initial RAM disk (initrd). This may be needed to perform some initialisation tasks (like mounting network/encrypted file systems) before continuing the boot process.
Type: boolean
Default:
!config.boot.isContainer
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.initrd.availableKernelModules
The set of kernel modules in the initial ramdisk used during the
boot process. This set must include all modules necessary for
mounting the root device. That is, it should include modules
for the physical device (e.g., SCSI drivers) and for the file
system (e.g., ext3). The set specified here is automatically
closed under the module dependency relation, i.e., all
dependencies of the modules list here are included
automatically. The modules listed here are available in the
initrd, but are only loaded on demand (e.g., the ext3 module is
loaded automatically when an ext3 filesystem is mounted, and
modules for PCI devices are loaded when they match the PCI ID
of a device in your system). To force a module to be loaded,
include it in boot.initrd.kernelModules
.
Type: list of string
Default:
[ ]
Example:
[
"sata_nv"
"ext3"
]
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
|
boot.initrd.checkJournalingFS
Whether to run fsck on journaling filesystems such as ext3.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.initrd.clevis.enable
Whether to enable Clevis in initrd.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/clevis.nix>
|
boot.initrd.clevis.package
Clevis package
Type: package
Default:
"pkgs.clevis"
Declared by:
<nixpkgs/nixos/modules/system/boot/clevis.nix>
|
boot.initrd.clevis.devices
Encrypted devices that need to be unlocked at boot using Clevis
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/system/boot/clevis.nix>
|
boot.initrd.clevis.devices.<name>.secretFile
Clevis JWE file used to decrypt the device at boot, in concert with the chosen pin (one of TPM2, Tang server, or SSS).
Type: absolute path
Declared by:
<nixpkgs/nixos/modules/system/boot/clevis.nix>
|
boot.initrd.clevis.useTang
Whether the Clevis JWE file used to decrypt the devices uses a Tang server as a pin.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/clevis.nix>
|
boot.initrd.compressor
The compressor to use on the initrd image. May be any of:
The name of one of the predefined compressors, see pkgs/build-support/kernel/initrd-compressor-meta.nix
for the definitions.
A function which, given the nixpkgs package set, returns the path to a compressor tool, e.g. pkgs: "${pkgs.pigz}/bin/pigz"
(not recommended, because it does not work when cross-compiling) the full path to a compressor tool, e.g. "${pkgs.pigz}/bin/pigz"
The given program should read data from stdin and write it to stdout compressed.
Type: string or function that evaluates to a(n) string
Default:
zstd
if the kernel supports it (5.9+), gzip
if not
Example:
"xz"
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.initrd.compressorArgs
Arguments to pass to the compressor for the initrd image, or null to use the compressor’s defaults.
Type: null or (list of string)
Default:
null
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.initrd.extraFiles
Extra files to link and copy in to the initrd.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.initrd.extraFiles.<name>.source
The object to make available inside the initrd.
Type: package
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.initrd.extraFirmwarePaths
Other firmware files (relative to "${config.hardware.firmware}/lib/firmware"
) to include in the final initrd we are building.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.initrd.includeDefaultModules
This option, if set, adds a collection of default kernel modules
to boot.initrd.availableKernelModules
and
boot.initrd.kernelModules
.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
|
boot.initrd.kernelModules
List of modules that are always loaded by the initrd.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
|
boot.initrd.luks.cryptoModules
A list of cryptographic kernel modules needed to decrypt the root device(s). The default includes all common modules.
Type: list of string
Default:
[
"aes"
"aes_generic"
"blowfish"
"twofish"
"serpent"
"cbc"
"xts"
"lrw"
"sha1"
"sha256"
"sha512"
"af_alg"
"algif_skcipher"
]
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices
The encrypted disk that should be opened before the root
filesystem is mounted. Both LVM-over-LUKS and LUKS-over-LVM
setups are supported. The unencrypted devices can be accessed as
/dev/mapper/«name»
.
Type: attribute set of (submodule)
Default:
{ }
Example:
{
luksroot = {
device = "/dev/disk/by-uuid/430e9eff-d852-4f68-aa3b-2fa3599ebe08";
};
}
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.allowDiscards
Whether to allow TRIM requests to the underlying device. This option has security implications; please read the LUKS documentation before activating it. This option is incompatible with authenticated encryption (dm-crypt stacked over dm-integrity).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.bypassWorkqueues
Whether to bypass dm-crypt’s internal read and write workqueues. Enabling this should improve performance on SSDs; see here for more information. Needs Linux 5.9 or later.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.device
Path of the underlying encrypted block device.
Type: string
Example:
"/dev/disk/by-uuid/430e9eff-d852-4f68-aa3b-2fa3599ebe08"
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.fallbackToPassword
Whether to fallback to interactive passphrase prompt if the keyfile cannot be found. This will prevent unattended boot should the keyfile go missing.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.fido2.credential
The FIDO2 credential ID.
Type: null or string
Default:
null
Example:
"f1d00200d8dc783f7fb1e10ace8da27f8312d72692abfca2f7e4960a73f48e82e1f7571f6ebfcee9fb434f9886ccc8fcc52a6614d8d2"
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.fido2.credentials
List of FIDO2 credential IDs.
Use this if you have multiple FIDO2 keys you want to use for the same luks device.
Type: list of string
Default:
[ ]
Example:
[
"f1d00200d8dc783f7fb1e10ace8da27f8312d72692abfca2f7e4960a73f48e82e1f7571f6ebfcee9fb434f9886ccc8fcc52a6614d8d2"
]
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.fido2.gracePeriod
Time in seconds to wait for the FIDO2 key.
Type: signed integer
Default:
10
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.fido2.passwordLess
Defines whatever to use an empty string as a default salt.
Enable only when your device is PIN protected, such as Trezor.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.gpgCard
The option to use this LUKS device with a GPG encrypted luks password by the GPG Smartcard. If null (the default), GPG-Smartcard will be disabled for this device.
Type: null or (submodule)
Default:
null
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.gpgCard.encryptedPass
Path to the GPG encrypted passphrase.
Type: absolute path
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.gpgCard.gracePeriod
Time in seconds to wait for the GPG Smartcard.
Type: signed integer
Default:
10
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.gpgCard.publicKey
Path to the Public Key.
Type: absolute path
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.header
The name of the file or block device that should be used as header for the encrypted device.
Type: null or string
Default:
null
Example:
"/root/header.img"
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.keyFile
The name of the file (can be a raw device or a partition) that should be used as the decryption key for the encrypted device. If not specified, you will be prompted for a passphrase instead.
Type: null or string
Default:
null
Example:
"/dev/sdb1"
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.keyFileOffset
The offset of the key file. Use this in combination with
keyFileSize
to use part of a file as key file
(often the case if a raw device or partition is used as a key file).
If not specified, the key begins at the first byte of
keyFile
.
Type: null or signed integer
Default:
null
Example:
4096
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.keyFileSize
The size of the key file. Use this if only the beginning of the
key file should be used as a key (often the case if a raw device
or partition is used as key file). If not specified, the whole
keyFile
will be used decryption, instead of just
the first keyFileSize
bytes.
Type: null or signed integer
Default:
null
Example:
4096
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.keyFileTimeout
The amount of time in seconds for a keyFile to appear before timing out and trying passwords.
Type: null or signed integer
Default:
null
Example:
5
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.postOpenCommands
Commands that should be run right after we have mounted our LUKS device.
Type: strings concatenated with “\n”
Default:
""
Example:
''
umount /tmp/persistent
''
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.preLVM
Whether the luksOpen will be attempted before LVM scan or after it.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.preOpenCommands
Commands that should be run right before we try to mount our LUKS device. This can be useful, if the keys needed to open the drive is on another partition.
Type: strings concatenated with “\n”
Default:
""
Example:
''
mkdir -p /tmp/persistent
mount -t zfs rpool/safe/persistent /tmp/persistent
''
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.tryEmptyPassphrase
If keyFile fails then try an empty passphrase first before prompting for password.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.yubikey
The options to use for this LUKS device in YubiKey-PBA. If null (the default), YubiKey-PBA will be disabled for this device.
Type: null or (submodule)
Default:
null
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.yubikey.gracePeriod
Time in seconds to wait for the YubiKey.
Type: signed integer
Default:
10
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.yubikey.iterationStep
How much the iteration count for PBKDF2 is increased at each successful authentication.
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.yubikey.keyLength
Length of the LUKS slot key derived with PBKDF2 in byte.
Type: signed integer
Default:
64
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.yubikey.saltLength
Length of the new salt in byte (64 is the effective maximum).
Type: signed integer
Default:
16
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.yubikey.slot
Which slot on the YubiKey to challenge.
Type: signed integer
Default:
2
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.yubikey.storage.device
An unencrypted device that will temporarily be mounted in stage-1. Must contain the current salt to create the challenge for this LUKS device.
Type: absolute path
Default:
"/dev/sda1"
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.yubikey.storage.fsType
The filesystem of the unencrypted device.
Type: string
Default:
"vfat"
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.yubikey.storage.path
Absolute path of the salt on the unencrypted device with that device’s root directory as “/”.
Type: string
Default:
"/crypt-storage/default"
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.yubikey.twoFactor
Whether to use a passphrase and a YubiKey (true), or only a YubiKey (false).
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.fido2Support
Enables support for authenticating with FIDO2 devices.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.gpgSupport
Enables support for authenticating with a GPG encrypted password.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.mitigateDMAAttacks
Unless enabled, encryption keys can be easily recovered by an attacker with physical access to any machine with PCMCIA, ExpressCard, ThunderBolt or FireWire port. More information is available at https://en.wikipedia.org/wiki/DMA_attack.
This option blacklists FireWire drivers, but doesn’t remove them. You can manually load the drivers if you need to use a FireWire device, but don’t forget to unload them!
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.reusePassphrases
When opening a new LUKS device try reusing last successful passphrase.
Useful for mounting a number of devices that use the same passphrase without retyping it several times.
Such setup can be useful if you use cryptsetup luksSuspend. Different LUKS devices will still have different master keys even when using the same passphrase.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.yubikeySupport
Enables support for authenticating with a YubiKey on LUKS devices. See the NixOS wiki for information on how to properly setup a LUKS device and a YubiKey to work with this feature.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.network.enable
Add network connectivity support to initrd. The network may be
configured using the ip
kernel parameter,
as described in the kernel documentation.
Otherwise, if
networking.useDHCP
is enabled, an IP address
is acquired using DHCP.
You should add the module(s) required for your network card to
boot.initrd.availableKernelModules.
lspci -v | grep -iA8 'network\|ethernet'
will tell you which.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-network.nix>
|
boot.initrd.network.flushBeforeStage2
Whether to clear the configuration of the interfaces that were set up in the initrd right before stage 2 takes over. Stage 2 will do the regular network configuration based on the NixOS networking options.
The default is false when systemd is enabled in initrd, because the systemd-networkd documentation suggests it.
Type: boolean
Default:
"!config.boot.initrd.systemd.enable"
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-network.nix>
|
boot.initrd.network.openvpn.enable
Starts an OpenVPN client during initrd boot. It can be used to e.g.
remotely accessing the SSH service controlled by
boot.initrd.network.ssh
or other network services
included. Service is killed when stage-1 boot is finished.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-openvpn.nix>
|
boot.initrd.network.openvpn.configuration
The configuration file for OpenVPN.
Unless your bootloader supports initrd secrets, this configuration is stored insecurely in the global Nix store.
Type: absolute path
Example:
./configuration.ovpn
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-openvpn.nix>
|
boot.initrd.network.postCommands
Shell commands to be executed after stage 1 of the boot has initialised the network.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-network.nix>
|
boot.initrd.network.ssh.enable
Start SSH service during initrd boot. It can be used to debug failing boot on a remote server, enter pasphrase for an encrypted partition etc. Service is killed when stage-1 boot is finished.
The sshd configuration is largely inherited from
services.openssh
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
|
boot.initrd.network.ssh.authorizedKeyFiles
Authorized keys taken from files for the root user on initrd.
You can combine the authorizedKeyFiles
and authorizedKeys
options.
Type: list of absolute path
Default:
config.users.users.root.openssh.authorizedKeys.keyFiles
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
|
boot.initrd.network.ssh.authorizedKeys
Authorized keys for the root user on initrd.
You can combine the authorizedKeys
and authorizedKeyFiles
options.
Type: list of string
Default:
config.users.users.root.openssh.authorizedKeys.keys
Example:
[
"ssh-rsa AAAAB3NzaC1yc2etc/etc/etcjwrsh8e596z6J0l7 example@host"
"ssh-ed25519 AAAAC3NzaCetcetera/etceteraJZMfk3QPfQ foo@bar"
]
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
|
boot.initrd.network.ssh.extraConfig
Verbatim contents of sshd_config
.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
|
boot.initrd.network.ssh.hostKeys
Specify SSH host keys to import into the initrd.
To generate keys, use ssh-keygen(1) as root:
ssh-keygen -t rsa -N "" -f /etc/secrets/initrd/ssh_host_rsa_key
ssh-keygen -t ed25519 -N "" -f /etc/secrets/initrd/ssh_host_ed25519_key
Unless your bootloader supports initrd secrets, these keys are stored insecurely in the global Nix store. Do NOT use your regular SSH host private keys for this purpose or you’ll expose them to regular users!
Additionally, even if your initrd supports secrets, if you’re using initrd SSH to unlock an encrypted disk then using your regular host keys exposes the private keys on your unencrypted boot partition.
Type: list of (string or absolute path)
Default:
[ ]
Example:
[
"/etc/secrets/initrd/ssh_host_rsa_key"
"/etc/secrets/initrd/ssh_host_ed25519_key"
]
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
|
boot.initrd.network.ssh.ignoreEmptyHostKeys
Allow leaving config.boot.initrd.network.ssh.hostKeys
empty,
to deploy ssh host keys out of band.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
|
boot.initrd.network.ssh.port
Port on which SSH initrd service should listen.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
22
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
|
boot.initrd.network.ssh.shell
Login shell of the remote user. Can be used to limit actions user can do.
Type: null or string
Default:
"\"/bin/ash\""
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
|
boot.initrd.network.udhcpc.enable
Enables the udhcpc service during stage 1 of the boot process. This
defaults to networking.useDHCP
. Therefore, this useful if
useDHCP is off but the initramfs should do dhcp.
Type: boolean
Default:
"networking.useDHCP"
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-network.nix>
|
boot.initrd.network.udhcpc.extraArgs
Additional command-line arguments passed verbatim to
udhcpc if boot.initrd.network.enable
and
boot.initrd.network.udhcpc.enable
are enabled.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-network.nix>
|
boot.initrd.postDeviceCommands
Shell commands to be executed immediately after stage 1 of the
boot has loaded kernel modules and created device nodes in
/dev
.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.initrd.postMountCommands
Shell commands to be executed immediately after the stage 1 filesystems have been mounted.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.initrd.postResumeCommands
Shell commands to be executed immediately after attempting to resume.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.initrd.preDeviceCommands
Shell commands to be executed before udev is started to create device nodes.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.initrd.preFailCommands
Shell commands to be executed before the failure prompt is shown.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.initrd.preLVMCommands
Shell commands to be executed immediately before LVM discovery.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.initrd.prepend
Other initrd files to prepend to the final initrd we are building.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.initrd.secrets
Secrets to append to the initrd. The attribute name is the path the secret should have inside the initrd, the value is the path it should be copied from (or null for the same path inside and out).
Note that nixos-rebuild switch
will generate the initrd
also for past generations, so if secrets are moved or deleted
you will also have to garbage collect the generations that
use those secrets.
Type: attribute set of (null or absolute path)
Default:
{ }
Example:
{ "/etc/dropbear/dropbear_rsa_host_key" =
./secret-dropbear-key;
}
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.initrd.services.bcache.enable
This will only be used when systemd is used in stage 1.
Whether to enable bcache support in the initrd.
Type: boolean
Default:
config.boot.initrd.systemd.enable && config.boot.bcache.enable
Example:
true
Declared by:
<nixpkgs/nixos/modules/tasks/bcache.nix>
|
boot.initrd.services.lvm.enable
This will only be used when systemd is used in stage 1.
Whether to enable booting from LVM2 in the initrd.
Type: boolean
Default:
config.boot.initrd.systemd.enable && config.services.lvm.enable
Example:
true
Declared by:
<nixpkgs/nixos/modules/tasks/lvm.nix>
|
boot.initrd.services.resolved.enable
Whether to enable resolved for stage 1 networking. Uses the toplevel ‘services.resolved’ options for ‘resolved.conf’
Type: unspecified value
Default:
"config.boot.initrd.systemd.network.enable"
Declared by:
<nixpkgs/nixos/modules/system/boot/resolved.nix>
|
boot.initrd.services.udev.packages
This will only be used when systemd is used in stage 1.
List of packages containing udev rules that will be copied to stage 1.
All files found in
«pkg»/etc/udev/rules.d
and
«pkg»/lib/udev/rules.d
will be included.
Type: list of absolute path
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/udev.nix>
|
boot.initrd.services.udev.binPackages
This will only be used when systemd is used in stage 1.
Packages to search for binaries that are referenced by the udev rules in stage 1. This list always contains /bin of the initrd.
Type: list of absolute path
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/udev.nix>
|
boot.initrd.services.udev.rules
udev rules to include in the initrd
only. They’ll be written into file
99-local.rules
. Thus they are read and applied
after the essential initrd rules.
Type: strings concatenated with “\n”
Default:
""
Example:
''
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:1D:60:B9:6D:4F", KERNEL=="eth*", NAME="my_fast_network_card"
''
Declared by:
<nixpkgs/nixos/modules/services/hardware/udev.nix>
|
boot.initrd.supportedFilesystems
Names of supported filesystem types, or an attribute set of file system types
and their state. The set form may be used together with lib.mkForce
to
explicitly disable support for specific filesystems, e.g. to disable ZFS
with an unsupported kernel.
Type: (attribute set of boolean) or (list of string) convertible to it
Default:
{ }
Example:
{
btrfs = true;
zfs = lib.mkForce false;
}
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.initrd.systemd.enable
Whether to enable systemd in initrd. The unit options such as
boot.initrd.systemd.services
are the same as their
stage 2 counterparts such as systemd.services
,
except that restartTriggers
and reloadTriggers
are not
supported.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
|
boot.initrd.systemd.package
The systemd package to use.
Type: package
Default:
config.systemd.package
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
|
boot.initrd.systemd.packages
Packages providing systemd units and hooks.
Type: list of package
Default:
[ ]
Example:
[ pkgs.systemd-cryptsetup-generator ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
|
boot.initrd.systemd.additionalUpstreamUnits
Additional units shipped with systemd that shall be enabled.
Type: list of string
Default:
[ ]
Example:
[
"debug-shell.service"
"systemd-quotacheck.service"
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
|
boot.initrd.systemd.automounts
Definition of systemd automount units. This is a list instead of an attrSet, because systemd mandates the names to be derived from the ‘where’ attribute.
Type: list of (submodule)
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
|
boot.initrd.systemd.contents
Set of files that have to be linked into the initrd
Type: attribute set of (submodule)
Default:
{ }
Example:
{
"/etc/machine-id".source = /etc/machine-id;
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
|
boot.initrd.systemd.contents.<name>.enable
Whether to enable copying of this file and symlinking it.
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
|
boot.initrd.systemd.contents.<name>.dlopen.features
Features to enable via dlopen ELF notes. These will be in addition to anything included via ‘usePriority’, regardless of their priority.
Type: list of (optionally newline-terminated) single-line string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
|
boot.initrd.systemd.contents.<name>.dlopen.usePriority
Priority of dlopen ELF notes to include. “required” is minimal, “recommended” includes “required”, and “suggested” includes “recommended”.
See: https://systemd.io/ELF_DLOPEN_METADATA/
Type: one of “required”, “recommended”, “suggested”
Default:
"recommended"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
|
boot.initrd.systemd.contents.<name>.source
Path of the source file.
Type: absolute path
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
|
boot.initrd.systemd.contents.<name>.target
Path of the symlink.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
|
boot.initrd.systemd.contents.<name>.text
Text of the file.
Type: null or strings concatenated with “\n”
Default:
null
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
|
boot.initrd.systemd.dbus.enable
Whether to enable dbus in stage 1.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/system/dbus.nix>
|
boot.initrd.systemd.dmVerity.enable
Mount verity-protected block devices in the initrd.
Enabling this option allows to use systemd-veritysetup
and
systemd-veritysetup-generator
in the initrd.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/dm-verity.nix>
|
boot.initrd.systemd.emergencyAccess
Set to true for unauthenticated emergency access, and false or null for no emergency access.
Can also be set to a hashed super user password to allow authenticated access to the emergency mode.
Type: boolean or null or (string, not containing newlines or colons)
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
|
boot.initrd.systemd.extraBin
Tools to add to /bin
Type: attribute set of absolute path
Default:
{ }
Example:
{
umount = ${pkgs.util-linux}/bin/umount;
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
|
boot.initrd.systemd.extraConfig
Extra config options for systemd. See systemd-system.conf(5) man page for available options.
Type: strings concatenated with “\n”
Default:
""
Example:
"DefaultLimitCORE=infinity"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
|
boot.initrd.systemd.fido2.enable
Whether to enable systemd FIDO2 support.
Type: boolean
Default:
config.boot.initrd.systemd.package.withFido2
Example:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/fido2.nix>
|
boot.initrd.systemd.groups
Groups to include in initrd.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
boot.initrd.systemd.groups.<name>.gid
ID of the group in initrd.
Type: signed integer
Default:
config.users.groups.${name}.gid
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
boot.initrd.systemd.initrdBin
Packages to include in /bin for the stage 1 emergency shell.
Type: list of package
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
|
boot.initrd.systemd.managerEnvironment
Environment variables of PID 1. These variables are not passed to started units.
Type: attribute set of (null or string or absolute path or package)
Default:
{ }
Example:
{
SYSTEMD_LOG_LEVEL = "debug";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
|
boot.initrd.systemd.mounts
Definition of systemd mount units. This is a list instead of an attrSet, because systemd mandates the names to be derived from the ‘where’ attribute.
Type: list of (submodule)
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
|
boot.initrd.systemd.network.enable
Whether to enable networkd or not.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
boot.initrd.systemd.network.config
Definition of global systemd network config.
Type: submodule
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
boot.initrd.systemd.network.links
Definition of systemd network links.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
boot.initrd.systemd.network.netdevs
Definition of systemd network devices.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
boot.initrd.systemd.network.networks
Definition of systemd networks.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
boot.initrd.systemd.network.wait-online.enable
Whether to enable the systemd-networkd-wait-online service.
systemd-networkd-wait-online can timeout and fail if there are no network interfaces available for it to manage. When systemd-networkd is enabled but a different service is responsible for managing the system’s internet connection (for example, NetworkManager or connman are used to manage WiFi connections), this service is unnecessary and can be disabled.
Type: boolean
Default:
true
Example:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
boot.initrd.systemd.network.wait-online.anyInterface
Whether to consider the network online when any interface is online, as opposed to all of them. This is useful on portable machines with a wired and a wireless interface, for example.
This is on by default if networking.useDHCP
is enabled.
Type: boolean
Default:
"config.networking.useDHCP"
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
boot.initrd.systemd.network.wait-online.extraArgs
Extra command-line arguments to pass to systemd-networkd-wait-online.
These also affect per-interface systemd-network-wait-online@
services.
See systemd-networkd-wait-online.service(8) for all available options.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
boot.initrd.systemd.network.wait-online.ignoredInterfaces
Network interfaces to be ignored when deciding if the system is online.
Type: list of string
Default:
[ ]
Example:
[
"wg0"
]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
boot.initrd.systemd.network.wait-online.timeout
Time to wait for the network to come online, in seconds. Set to 0 to disable.
Type: unsigned integer, meaning >=0
Default:
120
Example:
0
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
boot.initrd.systemd.paths
Definition of systemd path units.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
|
boot.initrd.systemd.repart.enable
Grow and add partitions to a partition table at boot time in the initrd. systemd-repart only works with GPT partition tables.
To run systemd-repart after the initrd, see
options.systemd.repart.enable
.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/repart.nix>
|
boot.initrd.systemd.repart.device
The device to operate on.
If device == null
, systemd-repart will operate on the device
backing the root partition. So in order to dynamically create the
root partition in the initrd you need to set a device.
Type: null or string
Default:
null
Example:
"/dev/vda"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/repart.nix>
|
boot.initrd.systemd.repart.empty
Controls how to operate on empty devices that contain no partition table yet. See systemd-repart(8) for details.
Type: one of “refuse”, “allow”, “require”, “force”, “create”
Default:
"refuse"
Example:
"require"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/repart.nix>
|
boot.initrd.systemd.root
Controls how systemd will interpret the root FS in initrd. See
kernel-command-line(7). NixOS currently does not
allow specifying the root file system itself this
way. Instead, the fstab
value is used in order to interpret
the root file system specified with the fileSystems
option.
Type: one of “fstab”, “gpt-auto”
Default:
"fstab"
Example:
"gpt-auto"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
|
boot.initrd.systemd.services
Definition of systemd service units.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
|
boot.initrd.systemd.slices
Definition of slice configurations.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
|
boot.initrd.systemd.sockets
Definition of systemd socket units.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
|
boot.initrd.systemd.storePaths
Store paths to copy into the initrd as well.
Type: list of ((submodule) or ((optionally newline-terminated) single-line string or package) convertible to it)
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
|
boot.initrd.systemd.storePaths.*.enable
Whether to enable copying of this file and symlinking it.
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
|
boot.initrd.systemd.storePaths.*.dlopen.features
Features to enable via dlopen ELF notes. These will be in addition to anything included via ‘usePriority’, regardless of their priority.
Type: list of (optionally newline-terminated) single-line string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
|
boot.initrd.systemd.storePaths.*.dlopen.usePriority
Priority of dlopen ELF notes to include. “required” is minimal, “recommended” includes “required”, and “suggested” includes “recommended”.
See: https://systemd.io/ELF_DLOPEN_METADATA/
Type: one of “required”, “recommended”, “suggested”
Default:
"recommended"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
|
boot.initrd.systemd.storePaths.*.source
Path of the source file.
Type: absolute path
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
|
boot.initrd.systemd.storePaths.*.target
Path of the symlink.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
|
boot.initrd.systemd.strip
Whether to completely strip executables and libraries copied to the initramfs.
Setting this to false may save on the order of 30MiB on the machine building the system (by avoiding a binutils reference), at the cost of ~1MiB of initramfs size. This puts this option firmly in the territory of micro-optimisation.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
|
boot.initrd.systemd.suppressedStorePaths
Store paths specified in the storePaths option that should not be copied.
Type: list of (optionally newline-terminated) single-line string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
|
boot.initrd.systemd.suppressedUnits
A list of units to skip when generating system systemd configuration directory. This has
priority over upstream units, boot.initrd.systemd.units
, and
boot.initrd.systemd.additionalUpstreamUnits
. The main purpose of this is to
prevent a upstream systemd unit from being added to the initrd with any modifications made to it
by other NixOS modules.
Type: list of string
Default:
[ ]
Example:
[
"systemd-backlight@.service"
]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
|
boot.initrd.systemd.targets
Definition of systemd target units.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
|
boot.initrd.systemd.timers
Definition of systemd timer units.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
|
boot.initrd.systemd.tmpfiles.settings
Similar to systemd.tmpfiles.settings
but the rules are
only applied by systemd-tmpfiles before initrd-switch-root.target
.
See bootup(7).
Type: attribute set of attribute set of attribute set of (submodule)
Default:
{ }
Example:
{
"10-mypackage" = {
"/var/lib/my-service/statefolder" = {
d = {
group = "root";
mode = "0755";
user = "root";
};
};
};
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/tmpfiles.nix>
|
boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.age
Delete a file when it reaches a certain age.
If a file or directory is older than the current time minus the age field, it is deleted.
If set to "-"
no automatic clean-up is done.
Type: string
Default:
"-"
Example:
"10d"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/tmpfiles.nix>
|
boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.argument
An argument whose meaning depends on the type of operation.
Please see the upstream documentation for the meaning of this parameter in different situations: tmpfiles.d(5)
Type: string
Default:
""
Example:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/tmpfiles.nix>
|
boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.group
The group of the file.
This may either be a numeric ID or a user/group name.
If omitted or when set to "-"
, the user and group of the user who
invokes systemd-tmpfiles is used.
Type: string
Default:
"-"
Example:
"root"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/tmpfiles.nix>
|
boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.mode
The file access mode to use when creating this file or directory.
Type: string
Default:
"-"
Example:
"0755"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/tmpfiles.nix>
|
boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.type
The type of operation to perform on the file.
The type consists of a single letter and optionally one or more modifier characters.
Please see the upstream documentation for the available types and more details: tmpfiles.d(5)
Type: string
Default:
"‹tmpfiles-type›"
Example:
"d"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/tmpfiles.nix>
|
boot.initrd.systemd.tmpfiles.settings.<config-name>.<path>.<tmpfiles-type>.user
The user of the file.
This may either be a numeric ID or a user/group name.
If omitted or when set to "-"
, the user and group of the user who
invokes systemd-tmpfiles is used.
Type: string
Default:
"-"
Example:
"root"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/tmpfiles.nix>
|
boot.initrd.systemd.tpm2.enable
Whether to enable systemd initrd TPM2 support.
Type: boolean
Default:
"boot.initrd.systemd.package.withTpm2Units"
Example:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/tpm2.nix>
|
boot.initrd.systemd.units
Definition of systemd units.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
|
boot.initrd.systemd.users
Users to include in initrd.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
boot.initrd.systemd.users.<name>.group
Group the user belongs to in initrd.
Type: (optionally newline-terminated) single-line string
Default:
config.users.users.${name}.group
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
boot.initrd.systemd.users.<name>.shell
The path to the user’s shell in initrd.
Type: absolute path, not containing newlines or colons
Default:
${pkgs.shadow}/bin/nologin
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
boot.initrd.systemd.users.<name>.uid
ID of the user in initrd.
Type: signed integer
Default:
config.users.users.${name}.uid
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
boot.initrd.unl0kr.enable
Whether to enable the unl0kr on-screen keyboard in initrd to unlock LUKS.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/unl0kr.nix>
|
boot.initrd.unl0kr.package
The buffybox package to use.
Type: package
Default:
pkgs.buffybox
Declared by:
<nixpkgs/nixos/modules/system/boot/unl0kr.nix>
|
boot.initrd.unl0kr.allowVendorDrivers
Whether to load additional drivers for certain vendors (I.E: Wacom, Intel, etc.)
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/unl0kr.nix>
|
boot.initrd.unl0kr.settings
Configuration for unl0kr
.
See unl0kr.conf(5)
for supported values.
Alternatively, visit https://gitlab.postmarketos.org/postmarketOS/buffybox/-/blob/3.2.0/unl0kr/unl0kr.conf
Type: attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))
Default:
{ }
Example:
{
general.animations = true;
general.backend = "drm";
theme = {
default = "pmos-dark";
alternate = "pmos-light";
};
}
Declared by:
<nixpkgs/nixos/modules/system/boot/unl0kr.nix>
|
boot.initrd.verbose
Verbosity of the initrd. Please note that disabling verbosity removes only the mandatory messages generated by the NixOS scripts. For a completely silent boot, you might also want to set the two following configuration options:
boot.consoleLogLevel = 0;
boot.kernelParams = [ "quiet" "udev.log_level=3" ];
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.isContainer
Whether this NixOS machine is a lightweight container running in another NixOS system.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
boot.iscsi-initiator.discoverPortal
iSCSI portal to boot from.
Type: null or string
Default:
null
Example:
"192.168.1.1:3260"
Declared by:
<nixpkgs/nixos/modules/services/networking/iscsi/root-initiator.nix>
|
boot.iscsi-initiator.extraConfig
Extra lines to append to /etc/iscsid.conf
Type: null or strings concatenated with “\n”
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/iscsi/root-initiator.nix>
|
boot.iscsi-initiator.extraConfigFile
Append an additional file’s contents to /etc/iscsid.conf
. Use a non-store path
and store passwords in this file. Note: the file specified here must be available
in the initrd, see: boot.initrd.secrets
.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/iscsi/root-initiator.nix>
|
boot.iscsi-initiator.extraIscsiCommands
Extra iscsi commands to run in the initrd.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/iscsi/root-initiator.nix>
|
boot.iscsi-initiator.logLevel
Higher numbers elicits more logs.
Type: signed integer
Default:
1
Example:
8
Declared by:
<nixpkgs/nixos/modules/services/networking/iscsi/root-initiator.nix>
|
boot.iscsi-initiator.loginAll
Do not log into a specific target on the portal, but to all that we discover. This overrides setting target.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/iscsi/root-initiator.nix>
|
boot.iscsi-initiator.name
Name of the iSCSI initiator to boot from. Note, booting from iscsi requires networkd based networking.
Type: null or string
Default:
null
Example:
"iqn.2020-08.org.linux-iscsi.initiatorhost:example"
Declared by:
<nixpkgs/nixos/modules/services/networking/iscsi/root-initiator.nix>
|
boot.iscsi-initiator.target
Name of the iSCSI target to boot from.
Type: null or string
Default:
null
Example:
"iqn.2020-08.org.linux-iscsi.targethost:example"
Declared by:
<nixpkgs/nixos/modules/services/networking/iscsi/root-initiator.nix>
|
boot.kernel.enable
Whether to enable the Linux kernel. This is useful for systemd-like containers which do not require a kernel.
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
|
boot.kernel.randstructSeed
Provides a custom seed for the RANDSTRUCT
security
option of the Linux kernel. Note that RANDSTRUCT
is
only enabled in NixOS hardened kernels. Using a custom seed requires
building the kernel and dependent packages locally, since this
customization happens at build time.
Type: string
Default:
""
Example:
"my secret seed"
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
|
boot.kernel.sysctl
Runtime parameters of the Linux kernel, as set by
sysctl(8). Note that sysctl
parameters names must be enclosed in quotes
(e.g. "vm.swappiness"
instead of
vm.swappiness
). The value of each
parameter may be a string, integer, boolean, or null
(signifying the option will not appear at all).
Type: attribute set of (sysctl option value)
Default:
{ }
Example:
{ "net.ipv4.tcp_syncookies" = false; "vm.swappiness" = 60; }
Declared by:
<nixpkgs/nixos/modules/config/sysctl.nix>
|
boot.kernel.sysctl."net.core.rmem_max"
The maximum receive socket buffer size in bytes. In case of conflicting values, the highest will be used.
Type: null or (unsigned integer, meaning >=0)
Default:
null
Declared by:
<nixpkgs/nixos/modules/config/sysctl.nix>
|
boot.kernel.sysctl."net.core.wmem_max"
The maximum send socket buffer size in bytes. In case of conflicting values, the highest will be used.
Type: null or (unsigned integer, meaning >=0)
Default:
null
Declared by:
<nixpkgs/nixos/modules/config/sysctl.nix>
|
boot.kernelModules
The set of kernel modules to be loaded in the second stage of
the boot process. Note that modules that are needed to
mount the root file system should be added to
boot.initrd.availableKernelModules
or
boot.initrd.kernelModules
.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
|
boot.kernelPackages
This option allows you to override the Linux kernel used by
NixOS. Since things like external kernel module packages are
tied to the kernel you’re using, it also overrides those.
This option is a function that takes Nixpkgs as an argument
(as a convenience), and returns an attribute set containing at
the very least an attribute kernel
.
Additional attributes may be needed depending on your
configuration. For instance, if you use the NVIDIA X driver,
then it also needs to contain an attribute
nvidia_x11
.
Please note that we strictly support kernel versions that are maintained by the Linux developers only. More information on the availability of kernel versions is documented in the Linux section of the manual.
Type: raw value
Default:
pkgs.linuxPackages
Example:
pkgs.linuxKernel.packages.linux_5_10
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
|
boot.kernelParams
Parameters added to the kernel command line.
Type: list of string, with spaces inside double quotes
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
|
boot.kernelPatches
A list of additional patches to apply to the kernel.
Every item should be an attribute set with the following attributes:
{
name = "foo"; # descriptive name, required
patch = ./foo.patch; # path or derivation that contains the patch source
# (required, but can be null if only config changes
# are needed)
extraStructuredConfig = { # attrset of extra configuration parameters without the CONFIG_ prefix
FOO = lib.kernel.yes; # (optional)
}; # values should generally be lib.kernel.yes,
# lib.kernel.no or lib.kernel.module
features = { # attrset of extra "features" the kernel is considered to have
foo = true; # (may be checked by other NixOS modules, optional)
};
extraConfig = "FOO y"; # extra configuration options in string form without the CONFIG_ prefix
# (optional, multiple lines allowed to specify multiple options)
# (deprecated, use extraStructuredConfig instead)
}
There’s a small set of existing kernel patches in Nixpkgs, available as pkgs.kernelPatches
,
that follow this format and can be used directly.
Type: list of (attribute set)
Default:
[ ]
Example:
[
{
name = "foo";
patch = ./foo.patch;
extraStructuredConfig.FOO = lib.kernel.yes;
features.foo = true;
}
{
name = "foo-ml-mbox";
patch = (fetchurl {
url = "https://lore.kernel.org/lkml/19700205182810.58382-1-email@domain/t.mbox.gz";
hash = "sha256-...";
});
}
]
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
|
boot.loader.efi.canTouchEfiVariables
Whether the installation process is allowed to modify EFI boot variables.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/efi.nix>
|
boot.loader.efi.efiSysMountPoint
Where the EFI System Partition is mounted.
Type: string
Default:
"/boot"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/efi.nix>
|
boot.loader.external.enable
Whether to enable using an external tool to install your bootloader.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/external/external.nix>
|
boot.loader.external.installHook
The full path to a program of your choosing which performs the bootloader installation process.
The program will be called with an argument pointing to the output of the system’s toplevel.
Type: absolute path
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/external/external.nix>
|
boot.loader.generationsDir.enable
Whether to create symlinks to the system generations under
/boot
. When enabled,
/boot/default/kernel
,
/boot/default/initrd
, etc., are updated to
point to the current generation’s kernel image, initial RAM
disk, and other bootstrap files.
This optional is not necessary with boot loaders such as GNU GRUB for which the menu is updated to point to the latest bootstrap files. However, it is needed for U-Boot on platforms where the boot command line is stored in flash memory rather than in a menu file.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/generations-dir/generations-dir.nix>
|
boot.loader.generationsDir.copyKernels
Whether to copy the necessary boot files into /boot, so /nix/store is not needed by the boot loader.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/generations-dir/generations-dir.nix>
|
boot.loader.generic-extlinux-compatible.enable
Whether to generate an extlinux-compatible configuration file
under /boot/extlinux.conf
. For instance,
U-Boot’s generic distro boot support uses this file format.
See U-boot’s documentation for more information.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible>
|
boot.loader.generic-extlinux-compatible.configurationLimit
Maximum number of configurations in the boot menu.
Type: signed integer
Default:
20
Example:
10
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible>
|
boot.loader.generic-extlinux-compatible.mirroredBoots
Mirror the boot configuration to multiple paths.
Type: list of (submodule)
Default:
[
{
path = "/boot";
}
]
Example:
[
{
path = "/boot1";
}
{
path = "/boot2";
}
]
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible>
|
boot.loader.generic-extlinux-compatible.mirroredBoots.*.path
The path to the boot directory where the extlinux-compatible configuration files will be written.
Type: string
Example:
"/boot1"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible>
|
boot.loader.generic-extlinux-compatible.populateCmd
Contains the builder command used to populate an image,
honoring all options except the -c <path-to-default-configuration>
argument.
Useful to have for sdImage.populateRootCommands
Type: string (read only)
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible>
|
boot.loader.generic-extlinux-compatible.useGenerationDeviceTree
Whether to generate Device Tree-related directives in the extlinux configuration.
When enabled, the bootloader will attempt to load the device tree binaries from the generation’s kernel.
Note that this affects all generations, regardless of the setting value used in their configurations.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible>
|
boot.loader.grub.enable
Whether to enable the GNU GRUB boot loader.
Type: boolean
Default:
!config.boot.isContainer
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.enableCryptodisk
Enable support for encrypted partitions. GRUB should automatically unlock the correct encrypted partition and look for filesystems.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.backgroundColor
Background color to be used for GRUB to fill the areas the image isn’t filling.
Type: null or string
Default:
null
Example:
"#7EBAE4"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.configurationLimit
Maximum of configurations in boot menu. GRUB has problems when there are too many entries.
Type: signed integer
Default:
100
Example:
120
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.configurationName
GRUB entry name instead of default.
Type: string
Default:
""
Example:
"Stable 2.6.21"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.copyKernels
Whether the GRUB menu builder should copy kernels and initial ramdisks to /boot. This is done automatically if /boot is on a different partition than /.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.default
Index of the default menu item to be booted. Can also be set to “saved”, which will make GRUB select the menu item that was used at the last boot.
Type: signed integer or string
Default:
"0"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.device
The device on which the GRUB boot loader will be installed.
The special value nodev
means that a GRUB
boot menu will be generated, but GRUB itself will not
actually be installed. To install GRUB on multiple devices,
use boot.loader.grub.devices
.
Type: string
Default:
""
Example:
"/dev/disk/by-id/wwn-0x500001234567890a"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.devices
The devices on which the boot loader, GRUB, will be
installed. Can be used instead of device
to
install GRUB onto multiple devices.
Type: list of string
Default:
[ ]
Example:
[
"/dev/disk/by-id/wwn-0x500001234567890a"
]
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.efiInstallAsRemovable
Whether to invoke grub-install
with
--removable
.
Unless you turn this on, GRUB will install itself somewhere in
boot.loader.efi.efiSysMountPoint
(exactly where
depends on other config variables). If you’ve set
boot.loader.efi.canTouchEfiVariables
AND you
are currently booted in UEFI mode, then GRUB will use
efibootmgr
to modify the boot order in the
EFI variables of your firmware to include this location. If you are
not booted in UEFI mode at the time GRUB is being installed, the
NVRAM will not be modified, and your system will not find GRUB at
boot time. However, GRUB will still return success so you may miss
the warning that gets printed (“efibootmgr: EFI variables are not supported on this system.
”).
If you turn this feature on, GRUB will install itself in a
special location within efiSysMountPoint
(namely
EFI/boot/boot$arch.efi
) which the firmwares
are hardcoded to try first, regardless of NVRAM EFI variables.
To summarize, turn this on if:
You are installing NixOS and want it to boot in UEFI mode, but you are currently booted in legacy mode
You want to make a drive that will boot regardless of the NVRAM state of the computer (like a USB “removable” drive)
You simply dislike the idea of depending on NVRAM state to make your drive bootable
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.efiSupport
Whether GRUB should be built with EFI support.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.entryOptions
Options applied to the primary NixOS menu entry.
Type: null or string
Default:
"--class nixos --unrestricted"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.extraConfig
Additional GRUB commands inserted in the configuration file just before the menu entries.
Type: strings concatenated with “\n”
Default:
""
Example:
''
serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1
terminal_input --append serial
terminal_output --append serial
''
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.extraEntries
Any additional entries you want added to the GRUB boot menu.
Type: strings concatenated with “\n”
Default:
""
Example:
''
# GRUB 2 example
menuentry "Windows 7" {
chainloader (hd0,4)+1
}
# GRUB 2 with UEFI example, chainloading another distro
menuentry "Fedora" {
set root=(hd1,1)
chainloader /efi/fedora/grubx64.efi
}
''
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.extraEntriesBeforeNixOS
Whether extraEntries are included before the default option.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.extraFiles
A set of files to be copied to /boot
.
Each attribute name denotes the destination file name in
/boot
, while the corresponding
attribute value specifies the source file.
Type: attribute set of absolute path
Default:
{ }
Example:
{ "memtest.bin" = "${pkgs.memtest86plus}/memtest.bin"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.extraGrubInstallArgs
Additional arguments passed to grub-install
.
A use case for this is to build specific GRUB2 modules
directly into the GRUB2 kernel image, so that they are available
and activated even in the grub rescue
shell.
They are also necessary when the BIOS/UEFI is bugged and cannot
correctly read large disks (e.g. above 2 TB), so GRUB2’s own
nativedisk
and related modules can be used
to use its own disk drivers. The example shows one such case.
This is also useful for booting from USB.
See the
GRUB source code
for which disk modules are available.
The list elements are passed directly as argv
arguments to the grub-install
program, in order.
Type: list of string
Default:
[ ]
Example:
[
"--modules=nativedisk ahci pata part_gpt part_msdos diskfilter mdraid1x lvm ext2"
]
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.extraInstallCommands
Additional shell commands inserted in the bootloader installer script after generating menu entries.
Type: strings concatenated with “\n”
Default:
""
Example:
''
# the example below generates detached signatures that GRUB can verify
# https://www.gnu.org/software/grub/manual/grub/grub.html#Using-digital-signatures
''${pkgs.findutils}/bin/find /boot -not -path "/boot/efi/*" -type f -name '*.sig' -delete
old_gpg_home=$GNUPGHOME
export GNUPGHOME="$(mktemp -d)"
''${pkgs.gnupg}/bin/gpg --import ''${priv_key} > /dev/null 2>&1
''${pkgs.findutils}/bin/find /boot -not -path "/boot/efi/*" -type f -exec ''${pkgs.gnupg}/bin/gpg --detach-sign "{}" \; > /dev/null 2>&1
rm -rf $GNUPGHOME
export GNUPGHOME=$old_gpg_home
''
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.extraPerEntryConfig
Additional GRUB commands inserted in the configuration file at the start of each NixOS menu entry.
Type: strings concatenated with “\n”
Default:
""
Example:
"root (hd0)"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.extraPrepareConfig
Additional bash commands to be run at the script that prepares the GRUB menu entries.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.font
Path to a TrueType, OpenType, or pf2 font to be used by Grub.
Type: null or absolute path
Default:
"${pkgs.grub2}/share/grub/unicode.pf2"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.fontSize
Font size for the grub menu. Ignored unless font
is set to a ttf or otf font.
Type: null or signed integer
Default:
null
Example:
16
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.forceInstall
Whether to try and forcibly install GRUB even if problems are detected. It is not recommended to enable this unless you know what you are doing.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.forcei686
Whether to force the use of a ia32 boot loader on x64 systems. Required to install and run NixOS on 64bit x86 systems with 32bit (U)EFI.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.fsIdentifier
Determines how GRUB will identify devices when generating the configuration file. A value of uuid / label signifies that grub will always resolve the uuid or label of the device before using it in the configuration. A value of provided means that GRUB will use the device name as show in df or mount. Note, zfs zpools / datasets are ignored and will always be mounted using their labels.
Type: one of “uuid”, “label”, “provided”
Default:
"uuid"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.gfxmodeBios
The gfxmode to pass to GRUB when loading a graphical boot interface under BIOS.
Type: string
Default:
"1024x768"
Example:
"auto"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.gfxmodeEfi
The gfxmode to pass to GRUB when loading a graphical boot interface under EFI.
Type: string
Default:
"auto"
Example:
"1024x768"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.gfxpayloadBios
The gfxpayload to pass to GRUB when loading a graphical boot interface under BIOS.
Type: string
Default:
"text"
Example:
"keep"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.gfxpayloadEfi
The gfxpayload to pass to GRUB when loading a graphical boot interface under EFI.
Type: string
Default:
"keep"
Example:
"text"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.ipxe
Set of iPXE scripts available for booting from the GRUB boot menu.
Type: attribute set of (absolute path or string)
Default:
{ }
Example:
{ demo = ''
#!ipxe
dhcp
chain http://boot.ipxe.org/demo/boot.php
'';
}
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/ipxe.nix>
|
boot.loader.grub.memtest86.enable
Make Memtest86+, a memory testing program, available from the GRUB boot menu.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/memtest.nix>
|
boot.loader.grub.memtest86.params
Parameters added to the Memtest86+ command line. As of memtest86+ 5.01 the following list of (apparently undocumented) parameters are accepted:
console=...
, set up a serial console.
Examples:
console=ttyS0
,
console=ttyS0,9600
or
console=ttyS0,115200n8
.
btrace
, enable boot trace.
maxcpus=N
, limit number of CPUs.
onepass
, run one pass and exit if there
are no errors.
tstlist=...
, list of tests to run.
Example: 0,1,2
.
cpumask=...
, set a CPU mask, to select CPUs
to use for testing.
This list of command line options was obtained by reading the Memtest86+ source code.
Type: list of string
Default:
[ ]
Example:
[
"console=ttyS0,115200"
]
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/memtest.nix>
|
boot.loader.grub.mirroredBoots
Mirror the boot configuration to multiple partitions and install grub to the respective devices corresponding to those partitions.
Type: list of (submodule)
Default:
[ ]
Example:
[
{
devices = [
"/dev/disk/by-id/wwn-0x500001234567890a"
];
path = "/boot1";
}
{
devices = [
"/dev/disk/by-id/wwn-0x500009876543210a"
];
path = "/boot2";
}
]
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.mirroredBoots.*.devices
The path to the devices which will have the GRUB MBR written. Note these are typically device paths and not paths to partitions.
Type: list of string
Default:
[ ]
Example:
[
"/dev/disk/by-id/wwn-0x500001234567890a"
"/dev/disk/by-id/wwn-0x500009876543210a"
]
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.mirroredBoots.*.efiBootloaderId
The id of the bootloader to store in efi nvram.
The default is to name it NixOS and append the path or efiSysMountPoint.
This is only used if boot.loader.efi.canTouchEfiVariables
is true.
Type: null or string
Default:
null
Example:
"NixOS-fsid"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.mirroredBoots.*.efiSysMountPoint
The path to the efi system mount point. Usually this is the same partition as the above path and can be left as null.
Type: null or string
Default:
null
Example:
"/boot1/efi"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.mirroredBoots.*.path
The path to the boot directory where GRUB will be written. Generally this boot path should double as an EFI path.
Type: string
Example:
"/boot1"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.splashImage
Background image used for GRUB.
Set to null
to run GRUB in text mode.
File must be one of .png, .tga, .jpg, or .jpeg. JPEG images must not be progressive. The image will be scaled if necessary to fit the screen.
Type: null or absolute path
Example:
./my-background.png
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.splashMode
Whether to stretch the image or show the image in the top-left corner unstretched.
Type: one of “normal”, “stretch”
Default:
"stretch"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.storePath
Path to the Nix store when looking for kernels at boot. Only makes sense when copyKernels is false.
Type: string
Default:
"/nix/store"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.subEntryOptions
Options applied to the secondary NixOS submenu entry.
Type: null or string
Default:
"--class nixos"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.theme
Path to the grub theme to be used.
Type: null or absolute path
Default:
null
Example:
"${pkgs.libsForQt5.breeze-grub}/grub/themes/breeze"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.timeoutStyle
menu
shows the menu.
countdown
uses a text-mode countdown.
hidden
hides GRUB entirely.
When using a theme, the default value (menu
) is appropriate for the graphical countdown.
When attempting to do flicker-free boot, hidden
should be used.
See the GRUB documentation section about timeout_style
.
If this option is set to ‘countdown’ or ‘hidden’ […] and ESC or F4 are pressed, or SHIFT is held down during that time, it will display the menu and wait for input.
From: Simple configuration handling page, under GRUB_TIMEOUT_STYLE.
Type: one of “menu”, “countdown”, “hidden”
Default:
"menu"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.useOSProber
If set to true, append entries for other OSs detected by os-prober.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.users
User accounts for GRUB. When specified, the GRUB command line and all boot options except the default are password-protected. All passwords and hashes provided will be stored in /boot/grub/grub.cfg, and will be visible to any local user who can read this file. Additionally, any passwords and hashes provided directly in a Nix configuration (as opposed to external files) will be copied into the Nix store, and will be visible to all local users.
Type: attribute set of (submodule)
Default:
{ }
Example:
{
root = {
hashedPasswordFile = "/path/to/file";
};
}
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.users.<name>.hashedPassword
Specifies the password hash for the account, generated with grub-mkpasswd-pbkdf2. This hash will be copied to the Nix store, and will be visible to all local users.
Type: null or string
Default:
null
Example:
"grub.pbkdf2.sha512.10000.674DFFDEF76E13EA...2CC972B102CF4355"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.users.<name>.hashedPasswordFile
Specifies the path to a file containing the password hash for the account, generated with grub-mkpasswd-pbkdf2. This hash will be stored in /boot/grub/grub.cfg, and will be visible to any local user who can read this file.
Type: null or string
Default:
null
Example:
"/path/to/file"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.users.<name>.password
Specifies the clear text password for the account. This password will be copied to the Nix store, and will be visible to all local users.
Type: null or string
Default:
null
Example:
"Pa$$w0rd!"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.users.<name>.passwordFile
Specifies the path to a file containing the clear text password for the account. This password will be stored in /boot/grub/grub.cfg, and will be visible to any local user who can read this file.
Type: null or string
Default:
null
Example:
"/path/to/file"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.zfsSupport
Whether GRUB should be built against libzfs.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.initScript.enable
Some systems require a /sbin/init script which is started. Or having it makes starting NixOS easier. This applies to some kind of hosting services and user mode linux.
Additionally this script will create /boot/init-other-configurations-contents.txt containing contents of remaining configurations. You can copy paste them into /sbin/init manually running a rescue system or such.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/init-script/init-script.nix>
|
boot.loader.limine.enable
Whether to enable the Limine Bootloader.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/limine/limine.nix>
|
boot.loader.limine.enableEditor
Whether to allow editing the boot entries before booting them.
It is recommended to set this to false, as it allows gaining root
access by passing init=/bin/sh
as a kernel parameter.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/limine/limine.nix>
|
boot.loader.limine.package
The limine package to use.
Type: package
Default:
pkgs.limine
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/limine/limine.nix>
|
boot.loader.limine.additionalFiles
A set of files to be copied to /boot
. Each attribute name denotes the
destination file name in /boot
, while the corresponding attribute value
specifies the source file.
Type: attribute set of absolute path
Default:
{ }
Example:
{ "efi/memtest86/memtest86.efi" = "${pkgs.memtest86-efi}/BOOTX64.efi"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/limine/limine.nix>
|
boot.loader.limine.biosDevice
Device to install the BIOS version of limine on.
Type: string
Default:
"nodev"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/limine/limine.nix>
|
boot.loader.limine.biosSupport
Whether or not to install limine for BIOS.
Type: boolean
Default:
!config.boot.loader.limine.efiSupport && pkgs.stdenv.hostPlatform.isx86
Example:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/limine/limine.nix>
|
boot.loader.limine.efiInstallAsRemovable
Whether or not to install the limine EFI files as removable.
See boot.loader.grub.efiInstallAsRemovable
Type: boolean
Default:
!config.boot.loader.efi.canTouchEfiVariables
Example:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/limine/limine.nix>
|
boot.loader.limine.efiSupport
Whether or not to install the limine EFI files.
Type: boolean
Default:
pkgs.stdenv.hostPlatform.isEfi
Example:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/limine/limine.nix>
|
boot.loader.limine.enrollConfig
Whether or not to enroll the config. Only works on EFI!
Type: boolean
Default:
boot.loader.limine.panicOnChecksumMismatch
Example:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/limine/limine.nix>
|
boot.loader.limine.extraConfig
A string which is prepended to limine.conf. The config format can be found here.
Type: strings concatenated with “\n”
Default:
""
Example:
serial: yes
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/limine/limine.nix>
|
boot.loader.limine.extraEntries
A string which is appended to the end of limine.conf. The config format can be found here.
Type: strings concatenated with “\n”
Default:
""
Example:
/memtest86
protocol: chainload
path: boot():///efi/memtest86/memtest86.efi
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/limine/limine.nix>
|
boot.loader.limine.forceMbr
Force MBR detection to work even if the safety checks fail, use absolutely only if necessary!
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/limine/limine.nix>
|
boot.loader.limine.maxGenerations
Maximum number of latest generations in the boot menu.
Useful to prevent boot partition of running out of disk space.
null
means no limit i.e. all generations that were not
garbage collected yet.
Type: null or signed integer
Default:
null
Example:
50
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/limine/limine.nix>
|
boot.loader.limine.panicOnChecksumMismatch
Whether or not checksum validation failure should be a fatal error at boot time.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/limine/limine.nix>
|
boot.loader.limine.partitionIndex
The 1-based index of the dedicated partition for limine’s second stage.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/limine/limine.nix>
|
boot.loader.limine.style.backdrop
Color to fill the rest of the screen with when wallpaper_style is centered in RRGGBB format.
Type: null or string
Default:
null
Example:
"7EBAE4"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/limine/limine.nix>
|
boot.loader.limine.style.graphicalTerminal.background
Text background color (TTRRGGBB). TT is transparency.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/limine/limine.nix>
|
boot.loader.limine.style.graphicalTerminal.brightBackground
Text background bright color (RRGGBB).
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/limine/limine.nix>
|
boot.loader.limine.style.graphicalTerminal.brightForeground
Text foreground bright color (RRGGBB).
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/limine/limine.nix>
|
boot.loader.limine.style.graphicalTerminal.brightPalette
A ; seperated array of 8 colors in the format RRGGBB: dark gray, bright red, bright green, yellow, bright blue, bright magenta, bright cyan, and white.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/limine/limine.nix>
|
boot.loader.limine.style.graphicalTerminal.font.scale
The scale of the font in the format <width>x<height>.
Type: null or string
Default:
null
Example:
2x2
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/limine/limine.nix>
|
boot.loader.limine.style.graphicalTerminal.font.spacing
The horizontal spacing between characters in pixels.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/limine/limine.nix>
|
boot.loader.limine.style.graphicalTerminal.foreground
Text foreground color (RRGGBB).
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/limine/limine.nix>
|
boot.loader.limine.style.graphicalTerminal.margin
The amount of margin around the terminal.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/limine/limine.nix>
|
boot.loader.limine.style.graphicalTerminal.marginGradient
The thickness in pixels for the margin around the terminal.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/limine/limine.nix>
|
boot.loader.limine.style.graphicalTerminal.palette
A ; seperated array of 8 colors in the format RRGGBB: black, red, green, brown, blue, magenta, cyan, and gray.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/limine/limine.nix>
|
boot.loader.limine.style.interface.branding
The title at the top of the screen.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/limine/limine.nix>
|
boot.loader.limine.style.interface.brandingColor
Color index of the title at the top of the screen in the range of 0-7 (Limine defaults to 6 (cyan)).
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/limine/limine.nix>
|
boot.loader.limine.style.interface.helpHidden
Whether or not to hide the keybinds at the top of the screen.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/limine/limine.nix>
|
boot.loader.limine.style.interface.resolution
The resolution of the interface.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/limine/limine.nix>
|
boot.loader.limine.style.wallpaperStyle
How the wallpaper should be fit to the screen.
Type: one of “centered”, “streched”, “tiled”
Default:
"streched"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/limine/limine.nix>
|
boot.loader.limine.style.wallpapers
A list of wallpapers. If more than one is specified, a random one will be selected at boot.
Type: list of absolute path
Default:
[ ]
Example:
[ pkgs.nixos-artwork.wallpapers.simple-dark-gray-bootloader.gnomeFilePath ]
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/limine/limine.nix>
|
boot.loader.limine.validateChecksums
Whether to validate file checksums before booting.
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/limine/limine.nix>
|
boot.loader.systemd-boot.enable
Whether to enable the systemd-boot (formerly gummiboot) EFI boot manager. For more information about systemd-boot: https://www.freedesktop.org/wiki/Software/systemd/systemd-boot/
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
|
boot.loader.systemd-boot.configurationLimit
Maximum number of latest generations in the boot menu. Useful to prevent boot partition running out of disk space.
null
means no limit i.e. all generations
that have not been garbage collected yet.
Type: null or signed integer
Default:
null
Example:
120
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
|
boot.loader.systemd-boot.consoleMode
The resolution of the console. The following values are valid:
"0"
: Standard UEFI 80x25 mode
"1"
: 80x50 mode, not supported by all devices
"2"
: The first non-standard mode provided by the device firmware, if any
"5"
: Applicable for SteamDeck where this mode represent horizontal mode
"auto"
: Pick a suitable mode automatically using heuristics
"max"
: Pick the highest-numbered available mode
"keep"
: Keep the mode selected by firmware (the default)
Type: one of “0”, “1”, “2”, “5”, “auto”, “max”, “keep”
Default:
"keep"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
|
boot.loader.systemd-boot.editor
Whether to allow editing the kernel command-line before boot. It is recommended to set this to false, as it allows gaining root access by passing init=/bin/sh as a kernel parameter. However, it is enabled by default for backwards compatibility.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
|
boot.loader.systemd-boot.edk2-uefi-shell.enable
Make the EDK2 UEFI Shell available from the systemd-boot menu. It can be used to manually boot other operating systems or for debugging.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
|
boot.loader.systemd-boot.edk2-uefi-shell.sortKey
systemd-boot
orders the menu entries by their sort keys,
so if you want something to appear after all the NixOS entries,
it should start with o
or onwards.
See also boot.loader.systemd-boot.sortKey
…
Type: string
Default:
"o_edk2-uefi-shell"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
|
boot.loader.systemd-boot.extraEntries
Any additional entries you want added to the systemd-boot
menu.
These entries will be copied to $BOOT/loader/entries
.
Each attribute name denotes the destination file name,
and the corresponding attribute value is the contents of the entry.
To control the ordering of the entry in the boot menu, use the sort-key
field, see
https://uapi-group.org/specifications/specs/boot_loader_specification/#sorting
and boot.loader.systemd-boot.sortKey
.
Type: attribute set of strings concatenated with “\n”
Default:
{ }
Example:
{ "memtest86.conf" = ''
title Memtest86+
efi /efi/memtest86/memtest.efi
sort-key z_memtest
''; }
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
|
boot.loader.systemd-boot.extraFiles
A set of files to be copied to $BOOT
.
Each attribute name denotes the destination file name in
$BOOT
, while the corresponding
attribute value specifies the source file.
Type: attribute set of absolute path
Default:
{ }
Example:
{ "efi/memtest86/memtest.efi" = "${pkgs.memtest86plus}/memtest.efi"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
|
boot.loader.systemd-boot.extraInstallCommands
Additional shell commands inserted in the bootloader installer
script after generating menu entries. It can be used to expand
on extra boot entries that cannot incorporate certain pieces of
information (such as the resulting init=
kernel parameter).
Type: strings concatenated with “\n”
Default:
""
Example:
''
default_cfg=$(cat /boot/loader/loader.conf | grep default | awk '{print $2}')
init_value=$(cat /boot/loader/entries/$default_cfg | grep init= | awk '{print $2}')
sed -i "s|@INIT@|$init_value|g" /boot/custom/config_with_placeholder.conf
''
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
|
boot.loader.systemd-boot.graceful
Invoke bootctl install
with the --graceful
option,
which ignores errors when EFI variables cannot be written or when the EFI System Partition
cannot be found. Currently only applies to random seed operations.
Only enable this option if systemd-boot
otherwise fails to install, as the
scope or implication of the --graceful
option may change in the future.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
|
boot.loader.systemd-boot.installDeviceTree
Install the devicetree blob specified by config.hardware.deviceTree.name
to the ESP and instruct systemd-boot to pass this DTB to linux.
Type: unspecified value
Default:
"with config.hardware.deviceTree; enable && name != null"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
|
boot.loader.systemd-boot.memtest86.enable
Make Memtest86+ available from the systemd-boot menu. Memtest86+ is a program for testing memory.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
|
boot.loader.systemd-boot.memtest86.sortKey
systemd-boot
orders the menu entries by their sort keys,
so if you want something to appear after all the NixOS entries,
it should start with o
or onwards.
See also boot.loader.systemd-boot.sortKey
.
Type: string
Default:
"o_memtest86"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
|
boot.loader.systemd-boot.netbootxyz.enable
Make netboot.xyz
available from the
systemd-boot
menu. netboot.xyz
is a menu system that allows you to boot OS installers and
utilities over the network.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
|
boot.loader.systemd-boot.netbootxyz.sortKey
systemd-boot
orders the menu entries by their sort keys,
so if you want something to appear after all the NixOS entries,
it should start with o
or onwards.
See also boot.loader.systemd-boot.sortKey
.
Type: string
Default:
"o_netbootxyz"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
|
boot.loader.systemd-boot.rebootForBitlocker
Enable EXPERIMENTAL BitLocker support.
Try to detect BitLocker encrypted drives along with an active TPM. If both are found and Windows Boot Manager is selected in the boot menu, set the “BootNext” EFI variable and restart the system. The firmware will then start Windows Boot Manager directly, leaving the TPM PCRs in expected states so that Windows can unseal the encryption key.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
|
boot.loader.systemd-boot.sortKey
The sort key used for the NixOS bootloader entries. This key determines sorting relative to non-NixOS entries. See also https://uapi-group.org/specifications/specs/boot_loader_specification/#sorting
This option can also be used to control the sorting of NixOS specialisations.
By default, specialisations inherit the sort key of their parent generation and will have the same value for both the sort-key and the version (i.e. the generation number), systemd-boot will therefore sort them based on their file name, meaning that in your boot menu you will have each main generation directly followed by its specialisations sorted alphabetically by their names.
If you want a different ordering for a specialisation, you can override its sort-key which will cause the specialisation to be uncoupled from its parent generation. It will then be sorted by its new sort-key just like any other boot entry.
The sort-key is stored in the generation’s bootspec, which means that generations keep their sort-keys even if the original definition of the generation was removed from the NixOS configuration. It also means that updating the sort-key will only affect new generations, while old ones will keep the sort-key that they were originally built with.
Type: string
Default:
"nixos"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
|
boot.loader.systemd-boot.windows
Make Windows bootable from systemd-boot. This option is not necessary when Windows and NixOS use the same EFI System Partition (ESP). In that case, Windows will automatically be detected by systemd-boot.
However, if Windows is installed on a separate drive or ESP, you can use this option to add a menu entry for each installation manually.
The attribute name is used for the title of the menu entry and internal file names.
Type: attribute set of (submodule)
Default:
{ }
Example:
{
"10".efiDeviceHandle = "HD0c3";
"11-ame" = {
title = "Windows 11 Ameliorated Edition";
efiDeviceHandle = "HD0b1";
};
"11-home" = {
title = "Windows 11 Home";
efiDeviceHandle = "FS1";
sortKey = "z_windows";
};
}
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
|
boot.loader.systemd-boot.windows.<name>.efiDeviceHandle
The device handle of the EFI System Partition (ESP) where the Windows bootloader is located. This is the device handle that the EDK2 UEFI Shell uses to load the bootloader.
To find this handle, follow these steps:
Set boot.loader.systemd-boot.edk2-uefi-shell.enable
to true
Run nixos-rebuild boot
Reboot and select “EDK2 UEFI Shell” from the systemd-boot menu
Run map -c
to list all consistent device handles
For each device handle (for example, HD0c1
), run ls HD0c1:\EFI
If the output contains the directory Microsoft
, you might have found the correct device handle
Run HD0c1:\EFI\Microsoft\Boot\Bootmgfw.efi
to check if Windows boots correctly
If it does, this device handle is the one you need (in this example, HD0c1
)
This option is required, there is no useful default.
Type: string
Example:
"HD1b3"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
|
boot.loader.systemd-boot.windows.<name>.sortKey
systemd-boot
orders the menu entries by their sort keys,
so if you want something to appear after all the NixOS entries,
it should start with o
or onwards.
See also boot.loader.systemd-boot.sortKey
…
Type: string
Default:
"attribute name of this entry, prefixed with \"o_windows_\""
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
|
boot.loader.systemd-boot.windows.<name>.title
The title of the boot menu entry.
Type: string
Default:
"attribute name of this entry, prefixed with \"Windows \""
Example:
"Michaelsoft Binbows"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
|
boot.loader.systemd-boot.xbootldrMountPoint
Where the XBOOTLDR partition is mounted.
If set, this partition will be used as $BOOT to store boot loader entries and extra files
instead of the EFI partition. As per the bootloader specification, it is recommended that
the EFI and XBOOTLDR partitions be mounted at /efi
and /boot
, respectively.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
|
boot.loader.timeout
Timeout (in seconds) until loader boots the default menu item. Use null if the loader menu should be displayed indefinitely.
Type: null or signed integer
Default:
5
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/loader.nix>
|
boot.modprobeConfig.enable
Whether to enable modprobe config. This is useful for systems like containers which do not require a kernel.
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/modprobe.nix>
|
boot.modprobeConfig.useUbuntuModuleBlacklist
Whether to enable Ubuntu distro’s module blacklist.
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/modprobe.nix>
|
boot.plymouth.enable
Whether to enable Plymouth boot splash screen.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/plymouth.nix>
|
boot.plymouth.extraConfig
Literal string to append to configFile
and the config file generated by the plymouth module.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/system/boot/plymouth.nix>
|
boot.plymouth.font
Font file made available for displaying text on the splash screen.
Type: absolute path
Default:
"${pkgs.dejavu_fonts.minimal}/share/fonts/truetype/DejaVuSans.ttf"
Declared by:
<nixpkgs/nixos/modules/system/boot/plymouth.nix>
|
boot.plymouth.logo
Logo which is displayed on the splash screen. Currently supports PNG file format only.
Type: absolute path
Default:
"${pkgs.nixos-icons}/share/icons/hicolor/48x48/apps/nix-snowflake-white.png"
Example:
pkgs.fetchurl {
url = "https://nixos.org/logo/nixos-hires.png";
sha256 = "1ivzgd7iz0i06y36p8m5w48fd8pjqwxhdaavc0pxs7w1g7mcy5si";
}
Declared by:
<nixpkgs/nixos/modules/system/boot/plymouth.nix>
|
boot.plymouth.theme
Splash screen theme.
Type: string
Default:
"bgrt"
Declared by:
<nixpkgs/nixos/modules/system/boot/plymouth.nix>
|
boot.plymouth.themePackages
Extra theme packages for plymouth.
Type: list of package
Default:
A NixOS branded variant of the breeze theme when
config.boot.plymouth.theme == "breeze"
, otherwise
[ ]
.
Declared by:
<nixpkgs/nixos/modules/system/boot/plymouth.nix>
|
boot.postBootCommands
Shell commands to be executed just before systemd is started.
Type: strings concatenated with “\n”
Default:
""
Example:
"rm -f /var/log/messages"
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-2.nix>
|
boot.readOnlyNixStore
If set, NixOS will enforce the immutability of the Nix store
by making /nix/store
a read-only bind
mount. Nix will automatically make the store writable when
needed.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-2.nix>
|
boot.resumeDevice
Device for manual resume attempt during boot. This should be used primarily
if you want to resume from file. If left empty, the swap partitions are used.
Specify here the device where the file resides.
You should also use boot.kernelParams
to specify
«resume_offset»
.
Type: string
Default:
""
Example:
"/dev/sda3"
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.runSize
Size limit for the /run tmpfs. Look at mount(8), tmpfs size option, for the accepted syntax.
Type: string
Default:
"25%"
Example:
"256m"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
boot.specialFileSystems.<name>.enable
Whether to enable the filesystem mount.
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
boot.specialFileSystems.<name>.depends
List of paths that should be mounted before this one. This filesystem’s
device
and mountPoint
are always
checked and do not need to be included explicitly. If a path is added
to this list, any other filesystem whose mount point is a parent of
the path will be mounted before this filesystem. The paths do not need
to actually be the mountPoint
of some other filesystem.
Type: list of string (with check: non-empty without trailing slash)
Default:
[ ]
Example:
[
"/persist"
]
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
boot.specialFileSystems.<name>.device
Location of the device.
Type: null or string (with check: non-empty)
Default:
null
Example:
"/dev/sda"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
boot.specialFileSystems.<name>.fsType
Type of the file system.
Type: string (with check: non-empty)
Default:
"auto"
Example:
"ext3"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
boot.specialFileSystems.<name>.mountPoint
Location of the mounted file system.
Type: string (with check: non-empty without trailing slash)
Example:
"/mnt/usb"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
boot.specialFileSystems.<name>.options
Options used to mount the file system. See mount(8) for common options.
Type: non-empty (list of string (with check: non-empty))
Default:
[
"defaults"
]
Example:
[
"data=journal"
]
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
boot.specialFileSystems.<name>.stratis.poolUuid
UUID of the stratis pool that the fs is located in
Type: null or string
Default:
null
Example:
"04c68063-90a5-4235-b9dd-6180098a20d9"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
boot.supportedFilesystems
Names of supported filesystem types, or an attribute set of file system types
and their state. The set form may be used together with lib.mkForce
to
explicitly disable support for specific filesystems, e.g. to disable ZFS
with an unsupported kernel.
Type: (attribute set of boolean) or (list of string) convertible to it
Default:
{ }
Example:
{
btrfs = true;
zfs = lib.mkForce false;
}
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
boot.swraid.enable
Whether to enable support for Linux MD RAID arrays.
When this is enabled, mdadm will be added to the system path, and MD RAID arrays will be detected and activated automatically, both in stage-1 (initramfs) and in stage-2 (the final NixOS system).
This should be enabled if you want to be able to access and/or boot from MD RAID arrays. nixos-generate-config should detect it correctly in the standard installation procedure.
Type: boolean
Default:
"`true` if stateVersion is older than 23.11"
Example:
true
Declared by:
<nixpkgs/nixos/modules/tasks/swraid.nix>
|
boot.swraid.mdadmConf
Contents of /etc/mdadm.conf
.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/tasks/swraid.nix>
|
boot.systemdExecutable
The program to execute to start systemd.
Type: string
Default:
"/run/current-system/systemd/lib/systemd/systemd"
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-2.nix>
|
boot.tmp.cleanOnBoot
Whether to delete all files in /tmp
during boot.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/tmp.nix>
|
boot.tmp.tmpfsSize
Size of tmpfs in percentage. Percentage is defined by systemd.
Type: string or (positive integer, meaning >0)
Default:
"50%"
Declared by:
<nixpkgs/nixos/modules/system/boot/tmp.nix>
|
boot.tmp.useTmpfs
Whether to mount a tmpfs on /tmp
during boot.
Large Nix builds can fail if the mounted tmpfs is not large enough. In such a case either increase the tmpfsSize or disable this option.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/tmp.nix>
|
boot.uki.configFile
The configuration file passed to ukify(1) to create the UKI.
By default this configuration file is created from boot.uki.settings
.
Type: absolute path
Declared by:
<nixpkgs/nixos/modules/system/boot/uki.nix>
|
boot.uki.name
Name of the UKI
Type: string
Declared by:
<nixpkgs/nixos/modules/system/boot/uki.nix>
|
boot.uki.settings
The configuration settings for ukify. These control what the UKI contains and how it is built.
Type: attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))
Declared by:
<nixpkgs/nixos/modules/system/boot/uki.nix>
|
boot.uki.tries
Number of boot attempts before this UKI is considered bad.
If no tries are specified (the default) automatic boot assessment remains inactive.
See documentation on Automatic Boot Assessment and boot counting for more information.
Type: null or (unsigned integer, meaning >=0)
Default:
null
Declared by:
<nixpkgs/nixos/modules/system/boot/uki.nix>
|
boot.uki.version
Version of the image or generation the UKI belongs to
Type: null or string
Default:
config.system.image.version
Declared by:
<nixpkgs/nixos/modules/system/boot/uki.nix>
|
boot.uvesafb.enable
Whether to enable uvesafb.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/system/boot/uvesafb.nix>
|
boot.uvesafb.gfx-mode
Screen resolution in modedb format. See uvesafb and modedb documentation for more details. The default value is a sensible default but may be not ideal for all setups.
Type: string
Default:
"1024x768-32"
Declared by:
<nixpkgs/nixos/modules/system/boot/uvesafb.nix>
|
boot.uvesafb.v86d.package
Which v86d package to use with uvesafb
Type: package
Default:
''
config.boot.kernelPackages.v86d.overrideAttrs (old: {
hardeningDisable = [ "all" ];
})''
Declared by:
<nixpkgs/nixos/modules/system/boot/uvesafb.nix>
|
boot.vesa
(Deprecated) This option, if set, activates the VESA 800x600 video
mode on boot and disables kernel modesetting. It is equivalent to
specifying [ "vga=0x317" "nomodeset" ]
in the
boot.kernelParams
option. This option is
deprecated as of 2020: Xorg now works better with modesetting, and
you might want a different VESA vga setting, anyway.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
|
boot.zfs.enabled
True if ZFS filesystem support is enabled
Type: boolean (read only)
Default:
true
if ZFS filesystem support is enabled
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
boot.zfs.package
Configured ZFS userland tools package.
Type: package
Default:
pkgs.zfs
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
boot.zfs.allowHibernation
Allow hibernation support, this may be a unsafe option depending on your setup. Make sure to NOT use Swap on ZFS.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
boot.zfs.devNodes
Name of directory from which to import ZFS device, this is passed to zpool import
as the value of the -d
option.
For guidance on choosing this value, see the ZFS documentation.
Type: absolute path
Default:
"/dev/disk/by-id"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
boot.zfs.extraPools
Name or GUID of extra ZFS pools that you wish to import during boot.
Usually this is not necessary. Instead, you should set the mountpoint property
of ZFS filesystems to legacy
and add the ZFS filesystems to
NixOS’s fileSystems
option, which makes NixOS automatically
import the associated pool.
However, in some cases (e.g. if you have many filesystems) it may be preferable to exclusively use ZFS commands to manage filesystems. If so, since NixOS/systemd will not be managing those filesystems, you will need to specify the ZFS pool here so that NixOS automatically imports it on every boot.
Type: list of string
Default:
[ ]
Example:
[
"tank"
"data"
]
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
boot.zfs.forceImportAll
Forcibly import all ZFS pool(s).
If you set this option to false
and NixOS subsequently fails to
import your non-root ZFS pool(s), you should manually import each pool with
“zpool import -f <pool-name>”, and then reboot. You should only need to do
this once.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
boot.zfs.forceImportRoot
Forcibly import the ZFS root pool(s) during early boot.
This is enabled by default for backwards compatibility purposes, but it is highly recommended to disable this option, as it bypasses some of the safeguards ZFS uses to protect your ZFS pools.
If you set this option to false
and NixOS subsequently fails to
boot because it cannot import the root pool, you should boot with the
zfs_force=1
option as a kernel parameter (e.g. by manually
editing the kernel params in grub during boot). You should only need to do this
once.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
boot.zfs.passwordTimeout
Timeout in seconds to wait for password entry for decrypt at boot.
Defaults to 0, which waits forever.
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
boot.zfs.pools
Configuration for individual pools to override global defaults.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
boot.zfs.pools.<name>.devNodes
Name of directory from which to import ZFS device, this is passed to zpool import
as the value of the -d
option.
For guidance on choosing this value, see the ZFS documentation.
Type: absolute path
Default:
"config.boot.zfs.devNodes"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
boot.zfs.removeLinuxDRM
Patch the kernel to change symbols needed by ZFS from EXPORT_SYMBOL_GPL to EXPORT_SYMBOL.
Currently has no effect, but may again in future if a kernel update breaks ZFS due to symbols being newly changed to GPL.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
boot.zfs.requestEncryptionCredentials
If true on import encryption keys or passwords for all encrypted datasets are requested. To only decrypt selected datasets supply a list of dataset names instead. For root pools the encryption key can be supplied via both an interactive prompt (keylocation=prompt) and from a file (keylocation=file://).
Type: boolean or list of string
Default:
true
Example:
[
"tank"
"data"
]
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
console.enable
Whether to enable virtual console.
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/config/console.nix>
|
console.packages
List of additional packages that provide console fonts, keymaps and other resources for virtual consoles use.
Type: list of package
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/config/console.nix>
|
console.colors
The 16 colors palette used by the virtual consoles. Leave empty to use the default colors. Colors must be in hexadecimal format and listed in order from color 0 to color 15.
Type: list of string matching the pattern [[:xdigit:]]{6}
Default:
[ ]
Example:
[
"002b36"
"dc322f"
"859900"
"b58900"
"268bd2"
"d33682"
"2aa198"
"eee8d5"
"002b36"
"cb4b16"
"586e75"
"657b83"
"839496"
"6c71c4"
"93a1a1"
"fdf6e3"
]
Declared by:
<nixpkgs/nixos/modules/config/console.nix>
|
console.earlySetup
Enable setting virtual console options as early as possible (in initrd).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/console.nix>
|
console.font
The font used for the virtual consoles.
Can be null
, a font name, or a path to a PSF font file.
Use null
to let the kernel choose a built-in font.
The default is 8x16, and, as of Linux 5.3, Terminus 32 bold for display
resolutions of 2560x1080 and higher.
These fonts cover the IBM437 character set.
Type: null or string or absolute path
Default:
null
Example:
"LatArCyrHeb-16"
Declared by:
<nixpkgs/nixos/modules/config/console.nix>
|
console.keyMap
The keyboard mapping table for the virtual consoles.
Type: string or absolute path
Default:
"us"
Example:
"fr"
Declared by:
<nixpkgs/nixos/modules/config/console.nix>
|
console.useXkbConfig
If set, configure the virtual console keymap from the xserver keyboard settings.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/console.nix>
|
containers
A set of NixOS system configurations to be run as lightweight
containers. Each container appears as a service
container-«name»
on the host system, allowing it to be started and stopped via
systemctl.
Type: attribute set of (submodule)
Default:
{ }
Example:
{ webserver =
{ path = "/nix/var/nix/profiles/webserver";
};
database =
{ config =
{ config, pkgs, ... }:
{ services.postgresql.enable = true;
services.postgresql.package = pkgs.postgresql_14;
system.stateVersion = "25.05";
};
};
}
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.enableTun
Allows the container to create and setup tunnel interfaces
by granting the NET_ADMIN
capability and
enabling access to /dev/net/tun
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.additionalCapabilities
Grant additional capabilities to the container. See the capabilities(7) and systemd-nspawn(1) man pages for more information.
Type: list of string
Default:
[ ]
Example:
[
"CAP_NET_ADMIN"
"CAP_MKNOD"
]
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.allowedDevices
A list of device nodes to which the containers has access to.
Type: list of (submodule)
Default:
[ ]
Example:
[
{
modifier = "rwm";
node = "/dev/net/tun";
}
]
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.allowedDevices.*.modifier
Device node access modifier. Takes a combination
r
(read), w
(write), and
m
(mknod). See the
systemd.resource-control(5) man page for more
information.
Type: string
Example:
"rw"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.allowedDevices.*.node
Path to device node
Type: string
Example:
"/dev/net/tun"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.autoStart
Whether the container is automatically started at boot-time.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.bindMounts
An extra list of directories that is bound to the container.
Type: attribute set of (submodule)
Default:
{ }
Example:
{ "/home" = { hostPath = "/home/alice";
isReadOnly = false; };
}
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.bindMounts.<name>.hostPath
Location of the host path to be mounted.
Type: null or string
Default:
null
Example:
"/home/alice"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.bindMounts.<name>.isReadOnly
Determine whether the mounted path will be accessed in read-only mode.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.bindMounts.<name>.mountPoint
Mount point on the container file system.
Type: string
Example:
"/mnt/usb"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.config
A specification of the desired configuration of this container, as a NixOS module.
Type: Toplevel NixOS config
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.ephemeral
Runs container in ephemeral mode with the empty root filesystem at boot. This way container will be bootstrapped from scratch on each boot and will be cleaned up on shutdown leaving no traces behind. Useful for completely stateless, reproducible containers.
Note that this option might require to do some adjustments to the container configuration,
e.g. you might want to set
systemd.network.networks.$interface.dhcpV4Config.ClientIdentifier
to “mac”
if you use macvlans
option.
This way dhcp client identifier will be stable between the container restarts.
Note that the container journal will not be linked to the host if this option is enabled.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.extraFlags
Extra flags passed to the systemd-nspawn command. See systemd-nspawn(1) for details.
Type: list of string
Default:
[ ]
Example:
[
"--drop-capability=CAP_SYS_CHROOT"
]
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.extraVeths
Extra veth-pairs to be created for the container.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.extraVeths.<name>.forwardPorts
List of forwarded ports from host to container. Each forwarded port is specified by protocol, hostPort and containerPort. By default, protocol is tcp and hostPort and containerPort are assumed to be the same if containerPort is not explicitly given.
Type: list of (submodule)
Default:
[ ]
Example:
[
{
containerPort = 80;
hostPort = 8080;
protocol = "tcp";
}
]
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.extraVeths.<name>.forwardPorts.*.containerPort
Target port of container
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.extraVeths.<name>.forwardPorts.*.hostPort
Source port of the external interface on host
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.extraVeths.<name>.forwardPorts.*.protocol
The protocol specifier for port forwarding between host and container
Type: string
Default:
"tcp"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.extraVeths.<name>.hostAddress
The IPv4 address assigned to the host interface. (Not used when hostBridge is set.)
Type: null or string
Default:
null
Example:
"10.231.136.1"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.extraVeths.<name>.hostAddress6
The IPv6 address assigned to the host interface. (Not used when hostBridge is set.)
Type: null or string
Default:
null
Example:
"fc00::1"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.extraVeths.<name>.hostBridge
Put the host-side of the veth-pair into the named bridge. Only one of hostAddress* or hostBridge can be given.
Type: null or string
Default:
null
Example:
"br0"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.extraVeths.<name>.localAddress
The IPv4 address assigned to the interface in the container. If a hostBridge is used, this should be given with netmask to access the whole network. Otherwise the default netmask is /32 and routing is set up from localAddress to hostAddress and back.
Type: null or string
Default:
null
Example:
"10.231.136.2"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.extraVeths.<name>.localAddress6
The IPv6 address assigned to the interface in the container. If a hostBridge is used, this should be given with netmask to access the whole network. Otherwise the default netmask is /128 and routing is set up from localAddress6 to hostAddress6 and back.
Type: null or string
Default:
null
Example:
"fc00::2"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.forwardPorts
List of forwarded ports from host to container. Each forwarded port is specified by protocol, hostPort and containerPort. By default, protocol is tcp and hostPort and containerPort are assumed to be the same if containerPort is not explicitly given.
Type: list of (submodule)
Default:
[ ]
Example:
[
{
containerPort = 80;
hostPort = 8080;
protocol = "tcp";
}
]
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.forwardPorts.*.containerPort
Target port of container
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.forwardPorts.*.hostPort
Source port of the external interface on host
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.forwardPorts.*.protocol
The protocol specifier for port forwarding between host and container
Type: string
Default:
"tcp"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.hostAddress
The IPv4 address assigned to the host interface. (Not used when hostBridge is set.)
Type: null or string
Default:
null
Example:
"10.231.136.1"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.hostAddress6
The IPv6 address assigned to the host interface. (Not used when hostBridge is set.)
Type: null or string
Default:
null
Example:
"fc00::1"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.hostBridge
Put the host-side of the veth-pair into the named bridge. Only one of hostAddress* or hostBridge can be given.
Type: null or string
Default:
null
Example:
"br0"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.interfaces
The list of interfaces to be moved into the container.
Type: list of string
Default:
[ ]
Example:
[
"eth1"
"eth2"
]
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.localAddress
The IPv4 address assigned to the interface in the container. If a hostBridge is used, this should be given with netmask to access the whole network. Otherwise the default netmask is /32 and routing is set up from localAddress to hostAddress and back.
Type: null or string
Default:
null
Example:
"10.231.136.2"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.localAddress6
The IPv6 address assigned to the interface in the container. If a hostBridge is used, this should be given with netmask to access the whole network. Otherwise the default netmask is /128 and routing is set up from localAddress6 to hostAddress6 and back.
Type: null or string
Default:
null
Example:
"fc00::2"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.macvlans
The list of host interfaces from which macvlans will be created. For each interface specified, a macvlan interface will be created and moved to the container.
Type: list of string
Default:
[ ]
Example:
[
"eth1"
"eth2"
]
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.networkNamespace
Takes the path to a file representing a kernel network namespace that the container shall run in. The specified path should refer to a (possibly bind-mounted) network namespace file, as exposed by the kernel below /proc/<PID>/ns/net. This makes the container enter the given network namespace. One of the typical use cases is to give a network namespace under /run/netns created by ip-netns(8). Note that this option cannot be used together with other network-related options, such as --private-network or --network-interface=.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.nixpkgs
A path to the nixpkgs that provide the modules, pkgs and lib for evaluating the container.
To only change the pkgs
argument used inside the container modules,
set the nixpkgs.*
options in the container config
.
Setting config.nixpkgs.pkgs = pkgs
speeds up the container evaluation
by reusing the system pkgs, but the nixpkgs.config
option in the
container config is ignored in this case.
Type: absolute path
Default:
pkgs.path
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.path
As an alternative to specifying
config
, you can specify the path to
the evaluated NixOS system configuration, typically a
symlink to a system profile.
Type: absolute path
Example:
"/nix/var/nix/profiles/per-container/webserver"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.privateNetwork
Whether to give the container its own private virtual
Ethernet interface. The interface is called
eth0
, and is hooked up to the interface
ve-«container-name»
on the host. If this option is not set, then the
container shares the network interfaces of the host,
and can bind to any port on any interface.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.privateUsers
Whether to give the container its own private UIDs/GIDs space (user namespacing).
Disabled by default (no
).
If set to a number (usually above host’s UID/GID range: 65536), user namespacing is enabled and the container UID/GIDs will start at that number.
If set to identity
, mostly equivalent to 0
, this will only provide
process capability isolation (no UID/GID isolation, as they are the same as host).
If set to pick
, user namespacing is enabled and the UID/GID range is automatically chosen,
so that no overlapping UID/GID ranges are assigned to multiple containers.
This is the recommanded option as it enhances container security massively and operates fully automatically in most cases.
See https://www.freedesktop.org/software/systemd/man/latest/systemd-nspawn.html#–private-users= for details.
Type: 32 bit unsigned integer; between 0 and 4294967295 (both inclusive) or one of “no”, “identity”, “pick”
Default:
"no"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.restartIfChanged
Whether the container should be restarted during a NixOS configuration switch if its definition has changed.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.specialArgs
A set of special arguments to be passed to NixOS modules.
This will be merged into the specialArgs
used to evaluate
the NixOS configurations.
Type: attribute set of unspecified value
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.timeoutStartSec
Time for the container to start. In case of a timeout, the container processes get killed. See systemd.time(7) for more information about the format.
Type: string
Default:
"1min"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.tmpfs
Mounts a set of tmpfs file systems into the container. Multiple paths can be specified. Valid items must conform to the --tmpfs argument of systemd-nspawn. See systemd-nspawn(1) for details.
Type: list of string
Default:
[ ]
Example:
[
"/var"
]
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
documentation.enable
Whether to install documentation of packages from
environment.systemPackages
into the generated system path.
See “Multiple-output packages” chapter in the nixpkgs manual for more info.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/misc/documentation.nix>
|
documentation.dev.enable
Whether to install documentation targeted at developers.
This includes man pages targeted at developers if documentation.man.enable
is
set (this also includes “devman” outputs).
This includes info pages targeted at developers if documentation.info.enable
is set (this also includes “devinfo” outputs).
This includes other pages targeted at developers if documentation.doc.enable
is set (this also includes “devdoc” outputs).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/misc/documentation.nix>
|
documentation.doc.enable
Whether to install documentation distributed in packages’ /share/doc
.
Usually plain text and/or HTML.
This also includes “doc” outputs.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/misc/documentation.nix>
|
documentation.info.enable
Whether to install info pages and the info command. This also includes “info” outputs.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/misc/documentation.nix>
|
documentation.man.enable
Whether to install manual pages.
This also includes man
outputs.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/misc/documentation.nix>
|
documentation.man.generateCaches
Whether to generate the manual page index caches.
This allows searching for a page or
keyword using utilities like apropos(1)
and the -k
option of
man(1).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/misc/documentation.nix>
|
documentation.man.man-db.enable
Whether to enable man-db as the default man page viewer.
Type: boolean
Default:
config.documentation.man.enable
Example:
false
Declared by:
<nixpkgs/nixos/modules/misc/man-db.nix>
|
documentation.man.man-db.package
The man-db
derivation to use. Useful to override
configuration options used for the package.
Type: package
Default:
pkgs.man-db
Declared by:
<nixpkgs/nixos/modules/misc/man-db.nix>
|
documentation.man.man-db.manualPages
The manual pages to generate caches for if documentation.man.generateCaches
is enabled. Must be a path to a directory with man pages under
/share/man
; see the source for an example.
Advanced users can make this a content-addressed derivation to save a few rebuilds.
Type: absolute path
Default:
all man pages in config.environment.systemPackages
Declared by:
<nixpkgs/nixos/modules/misc/man-db.nix>
|
documentation.man.mandoc.enable
Whether to enable mandoc as the default man page viewer.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/misc/mandoc.nix>
|
documentation.man.mandoc.package
The mandoc
derivation to use. Useful to override
configuration options used for the package.
Type: package
Default:
pkgs.mandoc
Declared by:
<nixpkgs/nixos/modules/misc/mandoc.nix>
|
documentation.man.mandoc.cachePath
Change the paths where mandoc makewhatis(8)generates the
manual page index caches. documentation.man.generateCaches
should be enabled to allow cache generation. This list should only
include the paths to manpages installed in the system configuration,
i. e. /run/current-system/sw/share/man. makewhatis(8)
creates a database in each directory using the files
mansection/[arch/]title.section
and catsection/[arch/]title.0
in it. If a directory contains no manual pages, no database is
created in that directory.
This option only needs to be set manually if extra paths should be
indexed or documentation.man.manPath
contains paths that
can’t be indexed.
Type: list of string
Default:
config.documentation.man.mandoc.manPath
Example:
[ "share/man" "share/man/fr" ]
Declared by:
<nixpkgs/nixos/modules/misc/mandoc.nix>
|
documentation.man.mandoc.extraConfig
Extra configuration to write to man.conf(5).
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/misc/mandoc.nix>
|
documentation.man.mandoc.manPath
Change the paths included in the MANPATH environment variable, i. e. the directories where man(1) looks for section-specific directories of man pages. You only need to change this setting if you want extra man pages (e. g. in non-english languages). All values must be strings that are a valid path from the target prefix (without including it). The first value given takes priority. Note that this will not add manpath directives to man.conf(5).
Type: list of string
Default:
[
"share/man"
]
Example:
[ "share/man" "share/man/fr" ]
Declared by:
<nixpkgs/nixos/modules/misc/mandoc.nix>
|
documentation.man.mandoc.settings
Configuration for man.conf(5)
Type: submodule
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/misc/mandoc.nix>
|
documentation.man.mandoc.settings.manpath
Override the default search path for man(1),
apropos(1), and makewhatis(8). It can be
used multiple times to specify multiple paths, with the order
determining the manual page search order.
This is not recommended in favor of
documentation.man.mandoc.manPath
, but if it’s needed to
specify the manpath in this way, set
documentation.man.mandoc.manPath
to an empty list ([]
).
Type: list of string
Default:
[ ]
Example:
[ "/run/current-system/sw/share/man" ]
Declared by:
<nixpkgs/nixos/modules/misc/mandoc.nix>
|
documentation.man.mandoc.settings.output.fragment
Whether to omit the <!DOCTYPE> declaration and the <html>, <head>, and <body> elements and only emit the subtree below the <body> element in HTML output of mandoc(1). The style argument will be ignored. This is useful when embedding manual content within existing documents.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/misc/mandoc.nix>
|
documentation.man.mandoc.settings.output.includes
A string of relative path used as a template for the output path of
linked header files (usually via the In macro) in HTML output.
Instances of %I
are replaced with the include filename. The
default is not to present a hyperlink.
Type: null or string
Default:
null
Example:
../src/%I.html
Declared by:
<nixpkgs/nixos/modules/misc/mandoc.nix>
|
documentation.man.mandoc.settings.output.indent
Number of blank characters at the left margin for normal text,
default of 5
for mdoc(7) and 7
for
man(7). Increasing this is not recommended; it may
result in degraded formatting, for example overfull lines or ugly
line breaks. When output is to a pager on a terminal that is less
than 66 columns wide, the default is reduced to three columns.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/misc/mandoc.nix>
|
documentation.man.mandoc.settings.output.man
A template for linked manuals (usually via the Xr macro) in HTML output. Instances of ‘%N’ and ‘%S’ are replaced with the linked manual’s name and section, respectively. If no section is included, section 1 is assumed. The default is not to present a hyperlink. If two formats are given and a file %N.%S exists in the current directory, the first format is used; otherwise, the second format is used.
Type: null or string
Default:
null
Example:
../html%S/%N.%S.html
Declared by:
<nixpkgs/nixos/modules/misc/mandoc.nix>
|
documentation.man.mandoc.settings.output.paper
This option is for generating PostScript and PDF output. The paper
size name may be one of a3
, a4
, a5
, legal
, or letter
.
You may also manually specify dimensions as NNxNN
, width by
height in millimetres. If an unknown value is encountered, letter
is used. Output pages default to letter sized and are rendered in
the Times font family, 11-point. Margins are calculated as 1/9 the
page length and width. Line-height is 1.4m.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/misc/mandoc.nix>
|
documentation.man.mandoc.settings.output.style
Path to the file used for an external style-sheet. This must be a valid absolute or relative URI.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/misc/mandoc.nix>
|
documentation.man.mandoc.settings.output.toc
Whether to enable printing a table of contents near the beginning of the HTML output of mandoc(1) if an input file contains at least two non-standard sections .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/misc/mandoc.nix>
|
documentation.man.mandoc.settings.output.width
The ASCII and UTF-8 output width, default is 78
. When output is a
pager on a terminal that is less than 79 columns wide, the
default is reduced to one less than the terminal width. In any case,
lines that are output in literal mode are never wrapped and may
exceed the output width.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/misc/mandoc.nix>
|
documentation.nixos.enable
Whether to install NixOS’s own documentation.
This includes man pages like
configuration.nix(5) if documentation.man.enable
is
set.
This includes the HTML manual and the nixos-help command if
documentation.doc.enable
is set.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/misc/documentation.nix>
|
documentation.nixos.extraModuleSources
Which extra NixOS module paths the generated NixOS’s documentation should strip from options.
Type: list of (absolute path or string)
Default:
[ ]
Example:
# e.g. with options from modules in ${pkgs.customModules}/nix:
[ pkgs.customModules ]
Declared by:
<nixpkgs/nixos/modules/misc/documentation.nix>
|
documentation.nixos.extraModules
Modules for which to show options even when not imported.
Type: list of raw value
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/misc/documentation.nix>
|
documentation.nixos.includeAllModules
Whether the generated NixOS’s documentation should include documentation for all
the options from all the NixOS modules included in the current
configuration.nix
. Disabling this will make the manual
generator to ignore options defined outside of baseModules
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/misc/documentation.nix>
|
documentation.nixos.options.splitBuild
Whether to split the option docs build into a cacheable and an uncacheable part. Splitting the build can substantially decrease the amount of time needed to build the manual, but some user modules may be incompatible with this splitting.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/misc/documentation.nix>
|
documentation.nixos.options.warningsAreErrors
Treat warning emitted during the option documentation build (eg for missing option descriptions) as errors.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/misc/documentation.nix>
|
ec2.zfs.datasets
Datasets to create under the tank
and boot
zpools.
NOTE: This option is used only at image creation time, and does not attempt to declaratively create or manage datasets on an existing system.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/virtualisation/amazon-options.nix>
|
ec2.zfs.datasets.<name>.mount
Where to mount this dataset.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/virtualisation/amazon-options.nix>
|
ec2.zfs.datasets.<name>.properties
Properties to set on this dataset.
Type: attribute set of string
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/virtualisation/amazon-options.nix>
|
environment.enableAllTerminfo
Whether to install all terminfo outputs
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/terminfo.nix>
|
environment.enableDebugInfo
Some NixOS packages provide debug symbols. However, these are
not included in the system closure by default to save disk
space. Enabling this option causes the debug symbols to appear
in /run/current-system/sw/lib/debug/.build-id
,
where tools such as gdb can find them.
If you need debug symbols for a package that doesn’t
provide them by default, you can enable them as follows:
nixpkgs.config.packageOverrides = pkgs: {
hello = pkgs.hello.overrideAttrs (oldAttrs: {
separateDebugInfo = true;
});
};
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/debug-info.nix>
|
environment.budgie.excludePackages
Which packages Budgie should exclude from the default environment.
Type: list of package
Default:
[ ]
Example:
[ pkgs.mate-terminal ]
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/budgie.nix>
|
environment.checkConfigurationOptions
Alias of _module.check
.
Type: boolean
Declared by:
<nixpkgs/nixos/modules/rename.nix>
|
environment.cinnamon.excludePackages
Which packages cinnamon should exclude from the default environment
Type: list of package
Default:
[ ]
Example:
[ pkgs.blueman ]
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/cinnamon.nix>
|
environment.deepin.excludePackages
List of default packages to exclude from the configuration
Type: list of package
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/deepin.nix>
|
environment.defaultPackages
Set of default packages that aren’t strictly necessary for a running system, entries can be removed for a more minimal NixOS installation.
Like with systemPackages, packages are installed to
/run/current-system/sw
. They are
automatically available to all users, and are
automatically updated every time you rebuild the system
configuration.
Type: list of package
Default:
these packages, with their meta.priority
numerically increased
(thus lowering their installation priority):
[ pkgs.perl pkgs.rsync pkgs.strace ]
Example:
[ ]
Declared by:
<nixpkgs/nixos/modules/config/system-path.nix>
|
environment.etc
Set of files that have to be linked in /etc
.
Type: attribute set of (submodule)
Default:
{ }
Example:
{ example-configuration-file =
{ source = "/nix/store/.../etc/dir/file.conf.example";
mode = "0440";
};
"default/useradd".text = "GROUP=100 ...";
}
Declared by:
<nixpkgs/nixos/modules/system/etc/etc.nix>
|
environment.etc.<name>.enable
Whether this /etc file should be generated. This option allows specific /etc files to be disabled.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/system/etc/etc.nix>
|
environment.etc.<name>.gid
GID of created file. Only takes effect when the file is copied (that is, the mode is not ‘symlink’).
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/system/etc/etc.nix>
|
environment.etc.<name>.group
Group name of file owner.
Only takes effect when the file is copied (that is, the
mode is not symlink
).
When services.userborn.enable
, this option has no effect.
You have to assign a gid
instead. Otherwise this option
takes precedence over gid
.
Type: string
Default:
"+0"
Declared by:
<nixpkgs/nixos/modules/system/etc/etc.nix>
|
environment.etc.<name>.mode
If set to something else than symlink
,
the file is copied instead of symlinked, with the given
file mode.
Type: string
Default:
"symlink"
Example:
"0600"
Declared by:
<nixpkgs/nixos/modules/system/etc/etc.nix>
|
environment.etc.<name>.source
Path of the source file.
Type: absolute path
Declared by:
<nixpkgs/nixos/modules/system/etc/etc.nix>
|
environment.etc.<name>.target
Name of symlink (relative to
/etc
). Defaults to the attribute
name.
Type: string
Declared by:
<nixpkgs/nixos/modules/system/etc/etc.nix>
|
environment.etc.<name>.text
Text of the file.
Type: null or strings concatenated with “\n”
Default:
null
Declared by:
<nixpkgs/nixos/modules/system/etc/etc.nix>
|
environment.etc.<name>.uid
UID of created file. Only takes effect when the file is copied (that is, the mode is not ‘symlink’).
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/system/etc/etc.nix>
|
environment.etc.<name>.user
User name of file owner.
Only takes effect when the file is copied (that is, the
mode is not symlink
).
When services.userborn.enable
, this option has no effect.
You have to assign a uid
instead. Otherwise this option
takes precedence over uid
.
Type: string
Default:
"+0"
Declared by:
<nixpkgs/nixos/modules/system/etc/etc.nix>
|
environment.extraInit
Shell script code called during global environment initialisation after all variables and profileVariables have been set. This code is assumed to be shell-independent, which means you should stick to pure sh without sh word split.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
|
environment.extraOutputsToInstall
Entries listed here will be appended to the meta.outputsToInstall
attribute for each package in environment.systemPackages
, and the files from the corresponding derivation outputs symlinked into /run/current-system/sw
.
For example, this can be used to install the dev
and info
outputs for all packages in the system environment, if they are available.
To use specific outputs instead of configuring them globally, select the corresponding attribute on the package derivation, e.g. libxml2.dev
or coreutils.info
.
Type: list of string
Default:
[ ]
Example:
[
"dev"
"info"
]
Declared by:
<nixpkgs/nixos/modules/config/system-path.nix>
|
environment.extraSetup
Shell fragments to be run after the system environment has been created. This should only be used for things that need to modify the internals of the environment, e.g. generating MIME caches. The environment being built can be accessed at $out.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/config/system-path.nix>
|
environment.freetds
Configure freetds database entries. Each attribute denotes a section within freetds.conf, and the value (a string) is the config content for that section. When at least one entry is configured the global environment variables FREETDSCONF, FREETDS and SYBASE will be configured to allow the programs that use freetds to find the library and config.
Type: attribute set of string
Default:
{ }
Example:
{ MYDATABASE = ''
host = 10.0.2.100
port = 1433
tds version = 7.2
'';
}
Declared by:
<nixpkgs/nixos/modules/programs/freetds.nix>
|
environment.gnome.excludePackages
Which packages gnome should exclude from the default environment
Type: list of package
Default:
[ ]
Example:
[ pkgs.totem ]
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome.nix>
|
environment.homeBinInPath
Include ~/bin/ in $PATH.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
|
environment.interactiveShellInit
Shell script code called during interactive shell initialisation. This code is assumed to be shell-independent, which means you should stick to pure sh without sh word split.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
|
environment.ldso
The executable to link into the normal FHS location of the ELF loader.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/config/ldso.nix>
|
environment.ldso32
The executable to link into the normal FHS location of the 32-bit ELF loader.
This currently only works on x86_64 architectures.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/config/ldso.nix>
|
environment.localBinInPath
Add ~/.local/bin/ to $PATH
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
|
environment.loginShellInit
Shell script code called during login shell initialisation. This code is assumed to be shell-independent, which means you should stick to pure sh without sh word split.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
|
environment.lxqt.excludePackages
Which LXQt packages to exclude from the default environment
Type: list of package
Default:
[ ]
Example:
[ pkgs.lxqt.qterminal ]
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/lxqt.nix>
|
environment.mate.excludePackages
Which MATE packages to exclude from the default environment
Type: list of package
Default:
[ ]
Example:
[ pkgs.mate.mate-terminal pkgs.mate.pluma ]
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/mate.nix>
|
environment.memoryAllocator.provider
The system-wide memory allocator.
Briefly, the system-wide memory allocator providers are:
libc
: the standard allocator provided by libc
graphene-hardened
: Hardened memory allocator coming from GrapheneOS project. The default configuration template has all normal optional security features enabled and is quite aggressive in terms of sacrificing performance and memory usage for security.
graphene-hardened-light
: Hardened memory allocator coming from GrapheneOS project. The light configuration template disables the slab quarantines, write after free check, slot randomization and raises the guard slab interval from 1 to 8 but leaves zero-on-free and slab canaries enabled. The light configuration has solid performance and memory usage while still being far more secure than mainstream allocators with much better security properties.
jemalloc
: A general purpose allocator that emphasizes fragmentation avoidance and scalable concurrency support.
mimalloc
: A compact and fast general purpose allocator, which may optionally be built with mitigations against various heap vulnerabilities.
scudo
: A user-mode allocator based on LLVM Sanitizer’s CombinedAllocator, which aims at providing additional mitigations against heap based vulnerabilities, while maintaining good performance.
Selecting an alternative allocator (i.e., anything other than
libc
) may result in instability, data loss,
and/or service failure.
Type: one of “libc”, “graphene-hardened”, “graphene-hardened-light”, “jemalloc”, “mimalloc”, “scudo”
Default:
"libc"
Declared by:
<nixpkgs/nixos/modules/config/malloc.nix>
|
environment.pantheon.excludePackages
Which packages pantheon should exclude from the default environment
Type: list of package
Default:
[ ]
Example:
[ pkgs.pantheon.elementary-camera ]
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix>
|
environment.pathsToLink
List of directories to be symlinked in /run/current-system/sw
.
Type: list of string
Default:
[ ]
Example:
[
"/"
]
Declared by:
<nixpkgs/nixos/modules/config/system-path.nix>
|
environment.plasma5.excludePackages
List of default packages to exclude from the configuration
Type: list of package
Default:
[ ]
Example:
[ pkgs.plasma5Packages.oxygen ]
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/plasma5.nix>
|
environment.plasma6.excludePackages
List of default packages to exclude from the configuration
Type: list of package
Default:
[ ]
Example:
[ pkgs.kdePackages.elisa ]
Declared by:
<nixpkgs/nixos/modules/services/desktop-managers/plasma6.nix>
|
environment.profileRelativeEnvVars
Attribute set of environment variable. Each attribute maps to a list
of relative paths. Each relative path is appended to the each profile
of environment.profiles
to form the content of the
corresponding environment variable.
Type: attribute set of list of string
Example:
{
MANPATH = [
"/man"
"/share/man"
];
PATH = [
"/bin"
];
}
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
|
environment.profileRelativeSessionVariables
Attribute set of environment variable used in the global environment. These variables will be set by PAM early in the login process.
Variable substitution is available as described in pam_env.conf(5).
Each attribute maps to a list of relative paths. Each relative
path is appended to the each profile of
environment.profiles
to form the content of
the corresponding environment variable.
Also, these variables are merged into
environment.profileRelativeEnvVars
and it is
therefore not possible to use PAM style variables such as
@{HOME}
.
Type: attribute set of list of string
Example:
{
MANPATH = [
"/man"
"/share/man"
];
PATH = [
"/bin"
];
}
Declared by:
<nixpkgs/nixos/modules/config/system-environment.nix>
|
environment.profiles
A list of profiles used to setup the global environment.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
|
environment.sessionVariables
A set of environment variables used in the global environment. These variables will be set by PAM early in the login process.
The value of each session variable can be either a string or a list of strings. The latter is concatenated, interspersed with colon characters.
Note, due to limitations in the PAM format values may not
contain the "
character.
Also, these variables are merged into
environment.variables
and it is
therefore not possible to use PAM style variables such as
@{HOME}
.
Type: attribute set of ((list of (signed integer or string or absolute path)) or signed integer or string or absolute path)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/config/system-environment.nix>
|
environment.shellAliases
An attribute set that maps aliases (the top level attribute names in
this option) to command strings or directly to build outputs. The
aliases are added to all users’ shells.
Aliases mapped to null
are ignored.
Type: attribute set of (null or string or absolute path)
Example:
{
l = null;
ll = "ls -l";
}
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
|
environment.shellInit
Shell script code called during shell initialisation. This code is assumed to be shell-independent, which means you should stick to pure sh without sh word split.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
|
environment.shells
A list of permissible login shells for user accounts.
No need to mention /bin/sh
here, it is placed into this list implicitly.
Type: list of (package or absolute path)
Default:
[ ]
Example:
[ pkgs.bashInteractive pkgs.zsh ]
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
|
environment.stub-ld.enable
Install a stub ELF loader to print an informative error message in the event that a user attempts to run an ELF binary not compiled for NixOS.
Type: boolean
Default:
true
Example:
false
Declared by:
<nixpkgs/nixos/modules/config/stub-ld.nix>
|
environment.systemPackages
The set of packages that appear in
/run/current-system/sw. These packages are
automatically available to all users, and are
automatically updated every time you rebuild the system
configuration. (The latter is the main difference with
installing them in the default profile,
/nix/var/nix/profiles/default
.
Type: list of package
Default:
[ ]
Example:
[ pkgs.firefox pkgs.thunderbird ]
Declared by:
<nixpkgs/nixos/modules/config/system-path.nix>
|
environment.unixODBCDrivers
Specifies Unix ODBC drivers to be registered in
/etc/odbcinst.ini
. You may also want to
add pkgs.unixODBC
to the system path to get
a command line client to connect to ODBC databases.
Type: list of package
Default:
[ ]
Example:
with pkgs.unixODBCDrivers; [ sqlite psql ]
Declared by:
<nixpkgs/nixos/modules/config/unix-odbc-drivers.nix>
|
environment.variables
A set of environment variables used in the global environment. These variables will be set on shell initialisation (e.g. in /etc/profile). The value of each variable can be either a string or a list of strings. The latter is concatenated, interspersed with colon characters.
Type: attribute set of ((list of (signed integer or string or absolute path)) or signed integer or string or absolute path)
Default:
{ }
Example:
{
EDITOR = "nvim";
VISUAL = "nvim";
}
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
|
environment.wordlist.enable
Whether to enable environment variables for lists of words.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/misc/wordlist.nix>
|
environment.wordlist.lists
A set with the key names being the environment variable you’d like to set and the values being a list of paths to text documents containing lists of words. The various files will be merged, sorted, duplicates removed, and extraneous spacing removed.
If you have a handful of words that you want to add to an already
existing wordlist, you may find builtins.toFile
useful for this
task.
Type: attribute set of non-empty (list of absolute path)
Default:
{
WORDLIST = [ "${pkgs.scowl}/share/dict/words.txt" ];
}
Example:
{
WORDLIST = [ "${pkgs.scowl}/share/dict/words.txt" ];
AUGMENTED_WORDLIST = [
"${pkgs.scowl}/share/dict/words.txt"
"${pkgs.scowl}/share/dict/words.variants.txt"
(builtins.toFile "extra-words" ''
desynchonization
oobleck'')
];
}
Declared by:
<nixpkgs/nixos/modules/misc/wordlist.nix>
|
environment.wvdial.dialerDefaults
Contents of the “Dialer Defaults” section of <filename>/etc/wvdial.conf</filename>.
Type: string
Default:
""
Example:
"Init1 = AT+CGDCONT=1,\"IP\",\"internet.t-mobile\""
Declared by:
<nixpkgs/nixos/modules/services/networking/wvdial.nix>
|
environment.wvdial.pppDefaults
Default ppp settings for wvdial.
Type: string
Default:
''
noipdefault
usepeerdns
defaultroute
persist
noauth
''
Declared by:
<nixpkgs/nixos/modules/services/networking/wvdial.nix>
|
environment.xfce.excludePackages
Which packages XFCE should exclude from the default environment
Type: list of package
Default:
[ ]
Example:
[ pkgs.xfce.xfce4-volumed-pulse ]
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/xfce.nix>
|
fileSystems
The file systems to be mounted. It must include an entry for
the root directory (mountPoint = "/"
). Each
entry in the list is an attribute set with the following fields:
mountPoint
, device
,
fsType
(a file system type recognised by
mount; defaults to
"auto"
), and options
(the mount options passed to mount using the
-o
flag; defaults to [ "defaults" ]
).
Instead of specifying device
, you can also
specify a volume label (label
) for file
systems that support it, such as ext2/ext3 (see mke2fs -L).
Type: attribute set of (submodule)
Default:
{ }
Example:
{
"/".device = "/dev/hda1";
"/data" = {
device = "/dev/hda2";
fsType = "ext3";
options = [ "data=journal" ];
};
"/bigdisk".label = "bigdisk";
}
Declared by:
fileSystems.<name>.enable
Whether to enable the filesystem mount.
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
fileSystems.<name>.autoFormat
If the device does not currently contain a filesystem (as
determined by blkid), then automatically
format it with the filesystem type specified in
fsType
. Use with caution.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
fileSystems.<name>.autoResize
If set, the filesystem is grown to its maximum size before being mounted. (This is typically the size of the containing partition.) This is currently only supported for ext2/3/4 filesystems that are mounted during early boot.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
fileSystems.<name>.depends
List of paths that should be mounted before this one. This filesystem’s
device
and mountPoint
are always
checked and do not need to be included explicitly. If a path is added
to this list, any other filesystem whose mount point is a parent of
the path will be mounted before this filesystem. The paths do not need
to actually be the mountPoint
of some other filesystem.
Type: list of string (with check: non-empty without trailing slash)
Default:
[ ]
Example:
[
"/persist"
]
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
fileSystems.<name>.device
Location of the device.
Type: null or string (with check: non-empty)
Default:
null
Example:
"/dev/sda"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
fileSystems.<name>.encrypted.enable
The block device is backed by an encrypted one, adds this device as a initrd luks entry.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
|
fileSystems.<name>.encrypted.blkDev
Location of the backing encrypted device.
Type: null or string
Default:
null
Example:
"/dev/sda1"
Declared by:
<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
|
fileSystems.<name>.encrypted.keyFile
Path to a keyfile used to unlock the backing encrypted
device. When systemd stage 1 is not enabled, at the time
this keyfile is accessed, the neededForBoot
filesystems
(see utils.fsNeededForBoot
) will have been mounted under
/mnt-root
, so the keyfile path should usually start with
“/mnt-root/”. When systemd stage 1 is enabled,
fsNeededForBoot
file systems will be mounted as needed
under /sysroot
, and the keyfile will not be accessed until
its requisite mounts are done.
Type: null or string
Default:
null
Example:
"/mnt-root/root/.swapkey"
Declared by:
<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
|
fileSystems.<name>.encrypted.label
Label of the unlocked encrypted device. Set fileSystems.<name?>.device
to /dev/mapper/<label>
to mount the unlocked device.
Type: null or string
Default:
null
Example:
"rootfs"
Declared by:
<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
|
fileSystems.<name>.fsType
Type of the file system.
Type: string (with check: non-empty)
Default:
"auto"
Example:
"ext3"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
fileSystems.<name>.label
Label of the device (if any).
Type: null or string (with check: non-empty)
Default:
null
Example:
"root-partition"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
fileSystems.<name>.mountPoint
Location of the mounted file system.
Type: string (with check: non-empty without trailing slash)
Example:
"/mnt/usb"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
fileSystems.<name>.neededForBoot
If set, this file system will be mounted in the initial ramdisk.
Note that the file system will always be mounted in the initial
ramdisk if its mount point is one of the following:
/
, /nix
, /nix/store
, /var
, /var/log
, /var/lib
, /var/lib/nixos
, /etc
, /usr
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
fileSystems.<name>.noCheck
Disable running fsck on this filesystem.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
fileSystems.<name>.options
Options used to mount the file system. See mount(8) for common options.
Type: non-empty (list of string (with check: non-empty))
Default:
[
"defaults"
]
Example:
[
"data=journal"
]
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
fileSystems.<name>.overlay.lowerdir
The list of path(s) to the lowerdir(s).
To create a writable overlay, you MUST provide an upperdir
and a
workdir
.
You can create a read-only overlay when you provide multiple (at
least 2!) lowerdirs and neither an upperdir
nor a workdir
.
Type: null or (non-empty (list of (string or path in the Nix store)))
Default:
null
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/overlayfs.nix>
|
fileSystems.<name>.overlay.upperdir
The path to the upperdir.
If this is null, a read-only overlay is created using the lowerdir.
If the filesystem is neededForBoot
, this will be prefixed with /sysroot
,
unless useStage1BaseDirectories
is set to true
.
If you set this to some value you MUST also set workdir
.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/overlayfs.nix>
|
fileSystems.<name>.overlay.useStage1BaseDirectories
If enabled, lowerdir
, upperdir
and workdir
will be prefixed with /sysroot
.
Disabling this can be useful to create an overlay over directories which aren’t on the real root.
Disabling this does not work with the scripted (i.e. non-systemd) initrd.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/overlayfs.nix>
|
fileSystems.<name>.overlay.workdir
The path to the workdir.
If the filesystem is neededForBoot
, this will be prefixed with /sysroot
,
unless useStage1BaseDirectories
is set to true
.
This MUST be set if you set upperdir
.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/overlayfs.nix>
|
fileSystems.<name>.stratis.poolUuid
UUID of the stratis pool that the fs is located in
Type: null or string
Default:
null
Example:
"04c68063-90a5-4235-b9dd-6180098a20d9"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
fonts.enableDefaultPackages
Enable a basic set of fonts providing several styles and families and reasonable coverage of Unicode.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/fonts/packages.nix>
|
fonts.enableGhostscriptFonts
Whether to add the fonts provided by Ghostscript (such as various URW fonts and the “Base-14” Postscript fonts) to the list of system fonts, making them available to X11 applications.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/fonts/ghostscript.nix>
|
fonts.packages
List of primary font packages.
Type: list of absolute path
Default:
[ ]
Example:
[ pkgs.dejavu_fonts ]
Declared by:
<nixpkgs/nixos/modules/config/fonts/packages.nix>
|
fonts.fontDir.enable
Whether to create a directory with links to all fonts in
/run/current-system/sw/share/X11/fonts
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontdir.nix>
|
fonts.fontDir.decompressFonts
Whether to decompress fonts in
/run/current-system/sw/share/X11/fonts
.
Type: boolean
Default:
config.programs.xwayland.enable
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontdir.nix>
|
fonts.fontconfig.enable
If enabled, a Fontconfig configuration file will be built pointing to a set of default fonts. If you don’t care about running X11 applications or any other program that uses Fontconfig, you can turn this option off and prevent a dependency on all those fonts.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontconfig.allowBitmaps
Allow bitmap fonts. Set to false
to ban all
bitmap fonts.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontconfig.allowType1
Allow Type-1 fonts. Default is false
because of
poor rendering.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontconfig.antialias
Enable font antialiasing. At high resolution (> 200 DPI), antialiasing has no visible effect; users of such displays may want to disable this option.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontconfig.cache32Bit
Generate system fonts cache for 32-bit applications.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontconfig.defaultFonts.emoji
System-wide default emoji font(s). Multiple fonts may be listed in case a font does not support all emoji.
Note that fontconfig matches color emoji fonts preferentially, so if you want to use a black and white font while having a color font installed (eg. Noto Color Emoji installed alongside Noto Emoji), fontconfig will still choose the color font even when it is later in the list.
Type: list of string
Default:
[
"Noto Color Emoji"
]
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontconfig.defaultFonts.monospace
System-wide default monospace font(s). Multiple fonts may be listed in case multiple languages must be supported.
Type: list of string
Default:
[
"DejaVu Sans Mono"
]
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontconfig.defaultFonts.sansSerif
System-wide default sans serif font(s). Multiple fonts may be listed in case multiple languages must be supported.
Type: list of string
Default:
[
"DejaVu Sans"
]
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontconfig.defaultFonts.serif
System-wide default serif font(s). Multiple fonts may be listed in case multiple languages must be supported.
Type: list of string
Default:
[
"DejaVu Serif"
]
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontconfig.hinting.enable
Enable font hinting. Hinting aligns glyphs to pixel boundaries to improve rendering sharpness at low resolution. At high resolution (> 200 dpi) hinting will do nothing (at best); users of such displays may want to disable this option.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontconfig.hinting.autohint
Enable the autohinter in place of the default interpreter. The results are usually lower quality than correctly-hinted fonts, but better than unhinted fonts.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontconfig.hinting.style
Hintstyle is the amount of font reshaping done to line up to the grid.
slight will make the font more fuzzy to line up to the grid but will be better in retaining font shape, while full will be a crisp font that aligns well to the pixel grid but will lose a greater amount of font shape.
Type: one of “none”, “slight”, “medium”, “full”
Default:
"slight"
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontconfig.includeUserConf
Include the user configuration from
~/.config/fontconfig/fonts.conf
or
~/.config/fontconfig/conf.d
.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontconfig.localConf
System-wide customization file contents, has higher priority than
defaultFonts
settings.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontconfig.subpixel.lcdfilter
FreeType LCD filter. At high resolution (> 200 DPI), LCD filtering
has no visible effect; users of such displays may want to select
none
.
Type: one of “none”, “default”, “light”, “legacy”
Default:
"default"
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontconfig.subpixel.rgba
Subpixel order. The overwhelming majority of displays are
rgb
in their normal orientation. Select
vrgb
for mounting such a display 90 degrees
clockwise from its normal orientation or vbgr
for mounting 90 degrees counter-clockwise. Select
bgr
in the unlikely event of mounting 180
degrees from the normal orientation. Reverse these directions in
the improbable event that the display’s native subpixel order is
bgr
.
Type: one of “rgb”, “bgr”, “vrgb”, “vbgr”, “none”
Default:
"none"
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontconfig.useEmbeddedBitmaps
Use embedded bitmaps in fonts like Calibri.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
gtk.iconCache.enable
Whether to build icon theme caches for GTK applications.
Type: boolean
Default:
config.services.xserver.enable
Declared by:
<nixpkgs/nixos/modules/config/gtk/gtk-icon-cache.nix>
|
hardware.enableAllFirmware
Whether to enable all firmware regardless of license.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/all-firmware.nix>
|
hardware.enableAllHardware
Whether to enable Enable support for most hardware.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/all-hardware.nix>
|
hardware.enableRedistributableFirmware
Whether to enable firmware with a license allowing redistribution.
Type: boolean
Default:
config.hardware.enableAllFirmware
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/all-firmware.nix>
|
hardware.acpilight.enable
Enable acpilight. This will allow brightness control via xbacklight from users in the video group
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/acpilight.nix>
|
hardware.alsa.enable
Whether to set up the user space part of the Advanced Linux Sound Architecture (ALSA)
Enable this option only if you want to use ALSA as your main sound system, not if you’re using a sound server (e.g. PulseAudio or Pipewire).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/audio/alsa.nix>
|
hardware.alsa.enableOSSEmulation
Whether to enable the OSS emulation.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/audio/alsa.nix>
|
hardware.alsa.enablePersistence
Whether to enable ALSA sound card state saving on shutdown. This is generally not necessary if you’re using an external sound server.
Type: boolean
Default:
config.hardware.alsa.enable
Declared by:
<nixpkgs/nixos/modules/services/audio/alsa.nix>
|
hardware.alsa.enableRecorder
Whether to set up a loopback device that continuously records and allows to play back audio from the computer.
The loopback device is named pcm.recorder
, audio can be saved
by capturing from this device as with any microphone.
By default the output is duplicated to the recorder assuming stereo
audio, for a more complex layout you have to override the pcm.splitter
device using hardware.alsa.config
.
See the generated /etc/asound.conf for its definition.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/audio/alsa.nix>
|
hardware.alsa.cardAliases
Assign custom names and reorder the sound cards.
You can find the card ids by looking at /proc/asound/cards
.
Type: attribute set of (submodule)
Default:
{ }
Example:
{
soundchip = { driver = "snd_intel_hda"; id = 0; };
videocard = { driver = "snd_intel_hda"; id = 1; };
usb = { driver = "snd_usb_audio"; id = 2; };
}
Declared by:
<nixpkgs/nixos/modules/services/audio/alsa.nix>
|
hardware.alsa.cardAliases.<name>.driver
Name of the kernel module that provides the card.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/audio/alsa.nix>
|
hardware.alsa.cardAliases.<name>.id
The ID of the sound card
Type: signed integer
Default:
"default"
Declared by:
<nixpkgs/nixos/modules/services/audio/alsa.nix>
|
hardware.alsa.config
The content of the system-wide ALSA configuration (/etc/asound.conf).
Documentation of the configuration language and examples can be found in the unofficial ALSA wiki: https://alsa.opensrc.org/Asoundrc
Type: strings concatenated with “\n”
Default:
""
Example:
# Send audio to a remote host via SSH
pcm.remote {
@args [ HOSTNAME ]
@args.HOSTNAME { type string }
type file
format raw
slave.pcm pcm.null
file {
@func concat
strings [
"| ${lib.getExec pkgs.openssh} -C "
$HOSTNAME
" aplay -f %f -c %c -r %r -"
]
}
}
Declared by:
<nixpkgs/nixos/modules/services/audio/alsa.nix>
|
hardware.alsa.controls
Virtual volume controls (softvols) to add to a sound card. These can be used to control the volume of specific applications or a digital output device (HDMI video card).
Type: attribute set of (submodule)
Default:
{ }
Example:
{
firefox = { device = "front"; maxVolume = -25.0; };
mpv = { device = "front"; maxVolume = -25.0; };
# and run programs with `env ALSA_AUDIO_OUT=<name>`
}
Declared by:
<nixpkgs/nixos/modules/services/audio/alsa.nix>
|
hardware.alsa.controls.<name>.card
Name of the PCM card to control (slave).
Type: string
Default:
"default"
Declared by:
<nixpkgs/nixos/modules/services/audio/alsa.nix>
|
hardware.alsa.controls.<name>.device
Name of the PCM device to control (slave).
Type: string
Default:
"default"
Declared by:
<nixpkgs/nixos/modules/services/audio/alsa.nix>
|
hardware.alsa.controls.<name>.maxVolume
The maximum volume in dB.
Type: floating point number
Default:
0.0
Declared by:
<nixpkgs/nixos/modules/services/audio/alsa.nix>
|
hardware.alsa.controls.<name>.name
Name of the control, as it appears in alsamixer
.
If null it will be the same as the softvol device name.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/audio/alsa.nix>
|
hardware.alsa.defaultDevice.capture
The default capture device (i.e. microphone). Leave empty to let ALSA pick the default automatically.
The device can be changed at runtime by setting the ALSA_AUDIO_IN environment variables (but only before starting a program).
Type: string
Default:
""
Example:
"dsnoop:CARD=0,DEV=2"
Declared by:
<nixpkgs/nixos/modules/services/audio/alsa.nix>
|
hardware.alsa.defaultDevice.playback
The default playback device. Leave empty to let ALSA pick the default automatically.
The device can be changed at runtime by setting the ALSA_AUDIO_OUT environment variables (but only before starting a program).
Type: string
Default:
""
Example:
"dmix:CARD=1,DEV=0"
Declared by:
<nixpkgs/nixos/modules/services/audio/alsa.nix>
|
hardware.alsa.deviceAliases
Assign custom names to sound cards.
Type: attribute set of string
Default:
{ }
Example:
{
hdmi1 = "hw:CARD=videocard,DEV=5";
hdmi2 = "hw:CARD=videocard,DEV=6";
}
Declared by:
<nixpkgs/nixos/modules/services/audio/alsa.nix>
|
hardware.amdgpu.amdvlk.enable
Whether to enable AMDVLK Vulkan driver.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/hardware/amdvlk.nix>
|
hardware.amdgpu.amdvlk.package
The amdvlk package to use.
Type: package
Default:
pkgs.amdvlk
Declared by:
<nixpkgs/nixos/modules/services/hardware/amdvlk.nix>
|
hardware.amdgpu.amdvlk.settings
Runtime settings for AMDVLK to be configured /etc/amd/amdVulkanSettings.cfg
.
See AMDVLK GitHub page.
Type: attribute set of (string or signed integer)
Default:
{ }
Example:
{
AllowVkPipelineCachingToDisk = 1;
EnableVmAlwaysValid = 1;
IFH = 0;
IdleAfterSubmitGpuMask = 1;
ShaderCacheMode = 1;
}
Declared by:
<nixpkgs/nixos/modules/services/hardware/amdvlk.nix>
|
hardware.amdgpu.amdvlk.support32Bit.enable
Whether to enable 32-bit driver support.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/hardware/amdvlk.nix>
|
hardware.amdgpu.amdvlk.support32Bit.package
The amdvlk package to use.
Type: package
Default:
pkgs.driversi686Linux.amdvlk
Declared by:
<nixpkgs/nixos/modules/services/hardware/amdvlk.nix>
|
hardware.amdgpu.amdvlk.supportExperimental.enable
Whether to enable Experimental features support.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/hardware/amdvlk.nix>
|
hardware.amdgpu.initrd.enable
Whether to enable loading amdgpu
kernelModule in stage 1.
Can fix lower resolution in boot screen during initramfs phase
.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/hardware/amdgpu.nix>
|
hardware.amdgpu.legacySupport.enable
Whether to enable using amdgpu
kernel driver instead of radeon
for Southern Islands
(Radeon HD 7000) series and Sea Islands (Radeon HD 8000)
series cards. Note: this removes support for analog video outputs,
which is only available in the radeon
driver
.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/hardware/amdgpu.nix>
|
hardware.amdgpu.opencl.enable
Whether to enable OpenCL support using ROCM runtime library.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/hardware/amdgpu.nix>
|
hardware.apple.touchBar.enable
Whether to enable support for the Touch Bar on some Apple laptops using tiny-dfr.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/apple-touchbar.nix>
|
hardware.apple.touchBar.package
The tiny-dfr package to use.
Type: package
Default:
pkgs.tiny-dfr
Declared by:
<nixpkgs/nixos/modules/hardware/apple-touchbar.nix>
|
hardware.apple.touchBar.settings
Configuration for tiny-dfr. See example configuration for available options.
Type: TOML value
Default:
{ }
Example:
{
MediaLayerDefault = true;
ShowButtonOutlines = false;
EnablePixelShift = true;
}
Declared by:
<nixpkgs/nixos/modules/hardware/apple-touchbar.nix>
|
hardware.bladeRF.enable
Enables udev rules for BladeRF devices. By default grants access to users in the “bladerf” group. You may want to install the libbladeRF package.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/bladeRF.nix>
|
hardware.block.defaultScheduler
Default block I/O scheduler.
Unless null
, the value is assigned through a udev rule matching all
block devices.
Type: null or udev rule value
Default:
null
Example:
"kyber"
Declared by:
<nixpkgs/nixos/modules/hardware/iosched.nix>
|
hardware.block.defaultSchedulerExclude
Device name pattern to exclude from default scheduler assignment
through config.hardware.block.defaultScheduler
and
config.hardware.block.defaultSchedulerRotational
.
By default this excludes loop devices which generally do not benefit from extra I/O scheduling in addition to the scheduling already performed for their backing devices.
This setting does not affect config.hardware.block.scheduler
.
Type: null or udev rule value
Default:
"loop[0-9]*"
Declared by:
<nixpkgs/nixos/modules/hardware/iosched.nix>
|
hardware.block.defaultSchedulerRotational
Default block I/O scheduler for rotational drives (e.g. hard disks).
Unless null
, the value is assigned through a udev rule matching all
rotational block devices.
This option takes precedence over
config.hardware.block.defaultScheduler
.
Type: null or udev rule value
Default:
null
Example:
"bfq"
Declared by:
<nixpkgs/nixos/modules/hardware/iosched.nix>
|
hardware.block.scheduler
Assign block I/O scheduler by device name pattern.
Names are matched using the udev(7) pattern syntax:
*
Matches zero or more characters.
?
Matches any single character.
[]
Matches any single character specified in the brackets. Ranges are
supported via the -
character.
|
Separates alternative patterns.
Please note that overlapping patterns may produce unexpected results.
More complex configurations requiring these should instead be specified
directly through custom udev rules, for example via
config.services.udev.extraRules
,
to ensure correct ordering.
Available schedulers depend on the kernel configuration but modern Linux systems typically support:
none
No‐operation scheduler with no re‐ordering of requests. Suitable for devices with fast random I/O such as NVMe SSDs.
mq-deadline
Simple latency‐oriented general‐purpose scheduler.
kyber
Simple latency‐oriented scheduler for fast multi‐queue devices like NVMe SSDs.
bfq
Complex fairness‐oriented scheduler. Higher processing overhead, but good interactive response, especially with slower devices.
Schedulers assigned through this option take precedence over
config.hardware.block.defaultScheduler
and
config.hardware.block.defaultSchedulerRotational
but may be
overridden by other udev rules.
Type: attribute set of udev rule value
Default:
{ }
Example:
{
"mmcblk[0-9]*" = "bfq";
"nvme[0-9]*" = "kyber";
}
Declared by:
<nixpkgs/nixos/modules/hardware/iosched.nix>
|
hardware.bluetooth.enable
Whether to enable support for Bluetooth.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/hardware/bluetooth.nix>
|
hardware.bluetooth.package
The bluez package to use.
Type: package
Default:
pkgs.bluez
Declared by:
<nixpkgs/nixos/modules/services/hardware/bluetooth.nix>
|
hardware.bluetooth.disabledPlugins
Built-in plugins to disable
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/bluetooth.nix>
|
hardware.bluetooth.hsphfpd.enable
Whether to enable support for hsphfpd[-prototype] implementation.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/hardware/bluetooth.nix>
|
hardware.bluetooth.input
Set configuration for the input service (/etc/bluetooth/input.conf). See https://github.com/bluez/bluez/blob/master/profiles/input/input.conf for full list of options.
Type: attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))
Default:
{ }
Example:
{
General = {
ClassicBondedOnly = true;
IdleTimeout = 30;
};
}
Declared by:
<nixpkgs/nixos/modules/services/hardware/bluetooth.nix>
|
hardware.bluetooth.network
Set configuration for the network service (/etc/bluetooth/network.conf). See https://github.com/bluez/bluez/blob/master/profiles/network/network.conf for full list of options.
Type: attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))
Default:
{ }
Example:
{
General = {
DisableSecurity = true;
};
}
Declared by:
<nixpkgs/nixos/modules/services/hardware/bluetooth.nix>
|
hardware.bluetooth.powerOnBoot
Whether to power up the default Bluetooth controller on boot.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/hardware/bluetooth.nix>
|
hardware.bluetooth.settings
Set configuration for system-wide bluetooth (/etc/bluetooth/main.conf). See https://github.com/bluez/bluez/blob/master/src/main.conf for full list of options.
Type: attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))
Default:
{ }
Example:
{
General = {
ControllerMode = "bredr";
};
}
Declared by:
<nixpkgs/nixos/modules/services/hardware/bluetooth.nix>
|
hardware.brillo.enable
Whether to enable brillo in userspace. This will allow brightness control from users in the video group .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/brillo.nix>
|
hardware.bumblebee.enable
Enable the bumblebee daemon to manage Optimus hybrid video cards. This should power off secondary GPU until its use is requested by running an application with optirun.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/video/bumblebee.nix>
|
hardware.bumblebee.connectDisplay
Set to true if you intend to connect your discrete card to a monitor. This option will set up your Nvidia card for EDID discovery and to turn on the monitor signal.
Only nvidia driver is supported so far.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/video/bumblebee.nix>
|
hardware.bumblebee.driver
Set driver used by bumblebeed. Supported are nouveau and nvidia.
Type: one of “nvidia”, “nouveau”
Default:
"nvidia"
Declared by:
<nixpkgs/nixos/modules/hardware/video/bumblebee.nix>
|
hardware.bumblebee.group
Group for bumblebee socket
Type: string
Default:
"wheel"
Example:
"video"
Declared by:
<nixpkgs/nixos/modules/hardware/video/bumblebee.nix>
|
hardware.bumblebee.pmMethod
Set preferred power management method for unused card.
Type: one of “auto”, “bbswitch”, “switcheroo”, “none”
Default:
"auto"
Declared by:
<nixpkgs/nixos/modules/hardware/video/bumblebee.nix>
|
hardware.ckb-next.enable
Whether to enable the Corsair keyboard/mouse driver.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/ckb-next.nix>
|
hardware.ckb-next.package
The ckb-next package to use.
Type: package
Default:
pkgs.ckb-next
Declared by:
<nixpkgs/nixos/modules/hardware/ckb-next.nix>
|
hardware.ckb-next.gid
Limit access to the ckb daemon to a particular group.
Type: null or signed integer
Default:
null
Example:
100
Declared by:
<nixpkgs/nixos/modules/hardware/ckb-next.nix>
|
hardware.coral.pcie.enable
Whether to enable Coral PCIe support.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/coral.nix>
|
hardware.coral.usb.enable
Whether to enable Coral USB support.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/coral.nix>
|
hardware.cpu.amd.ryzen-smu.enable
Whether to enable ryzen_smu, a linux kernel driver that exposes access to the SMU (System Management Unit) for certain AMD Ryzen Processors.
WARNING: Damage cause by use of your AMD processor outside of official AMD specifications or outside of factory settings are not covered under any AMD product warranty and may not be covered by your board or system manufacturer’s warranty .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/cpu/amd-ryzen-smu.nix>
|
hardware.cpu.amd.sev.enable
Whether to enable access to the AMD SEV device.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/cpu/amd-sev.nix>
|
hardware.cpu.amd.sev.group
Group to assign to the SEV device.
Type: string
Default:
"sev"
Declared by:
<nixpkgs/nixos/modules/hardware/cpu/amd-sev.nix>
|
hardware.cpu.amd.sev.mode
Mode to set for the SEV device.
Type: string
Default:
"0660"
Declared by:
<nixpkgs/nixos/modules/hardware/cpu/amd-sev.nix>
|
hardware.cpu.amd.sev.user
Owner to assign to the SEV device.
Type: string
Default:
"root"
Declared by:
<nixpkgs/nixos/modules/hardware/cpu/amd-sev.nix>
|
hardware.cpu.amd.sevGuest.enable
Whether to enable access to the AMD SEV guest device.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/cpu/amd-sev.nix>
|
hardware.cpu.amd.sevGuest.group
Group to assign to the SEV guest device.
Type: string
Default:
"sev-guest"
Declared by:
<nixpkgs/nixos/modules/hardware/cpu/amd-sev.nix>
|
hardware.cpu.amd.sevGuest.mode
Mode to set for the SEV guest device.
Type: string
Default:
"0660"
Declared by:
<nixpkgs/nixos/modules/hardware/cpu/amd-sev.nix>
|
hardware.cpu.amd.sevGuest.user
Owner to assign to the SEV guest device.
Type: string
Default:
"root"
Declared by:
<nixpkgs/nixos/modules/hardware/cpu/amd-sev.nix>
|
hardware.cpu.amd.updateMicrocode
Update the CPU microcode for AMD processors.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/cpu/amd-microcode.nix>
|
hardware.cpu.intel.sgx.enableDcapCompat
Whether to enable backward compatibility for SGX software build for the out-of-tree Intel SGX DCAP driver.
Creates symbolic links for the SGX devices /dev/sgx_enclave
and /dev/sgx_provision
to make them available as
/dev/sgx/enclave
and /dev/sgx/provision
,
respectively.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/hardware/cpu/intel-sgx.nix>
|
hardware.cpu.intel.sgx.provision.enable
Whether to enable access to the Intel SGX provisioning device.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/cpu/intel-sgx.nix>
|
hardware.cpu.intel.sgx.provision.group
Group to assign to the SGX provisioning device.
Type: string
Default:
"sgx_prv"
Declared by:
<nixpkgs/nixos/modules/hardware/cpu/intel-sgx.nix>
|
hardware.cpu.intel.sgx.provision.mode
Mode to set for the SGX provisioning device.
Type: string
Default:
"0660"
Declared by:
<nixpkgs/nixos/modules/hardware/cpu/intel-sgx.nix>
|
hardware.cpu.intel.sgx.provision.user
Owner to assign to the SGX provisioning device.
Type: string
Default:
"root"
Declared by:
<nixpkgs/nixos/modules/hardware/cpu/intel-sgx.nix>
|
hardware.cpu.intel.updateMicrocode
Update the CPU microcode for Intel processors.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/cpu/intel-microcode.nix>
|
hardware.cpu.x86.msr.enable
Whether to enable the msr
(Model-Specific Registers) kernel module and configure udev
rules for its devices (usually /dev/cpu/*/msr
).
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/cpu/x86-msr.nix>
|
hardware.cpu.x86.msr.group
Group to set for devices of the msr
kernel subsystem.
Type: string
Default:
"msr"
Example:
"nobody"
Declared by:
<nixpkgs/nixos/modules/hardware/cpu/x86-msr.nix>
|
hardware.cpu.x86.msr.mode
Mode to set for devices of the msr
kernel subsystem.
Type: string
Default:
"0640"
Example:
"0660"
Declared by:
<nixpkgs/nixos/modules/hardware/cpu/x86-msr.nix>
|
hardware.cpu.x86.msr.owner
Owner to set for devices of the msr
kernel subsystem.
Type: string
Default:
"root"
Example:
"nobody"
Declared by:
<nixpkgs/nixos/modules/hardware/cpu/x86-msr.nix>
|
hardware.cpu.x86.msr.settings
Parameters for the msr
kernel module.
Type: attribute set of (boolean or signed integer or string)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/hardware/cpu/x86-msr.nix>
|
hardware.cpu.x86.msr.settings.allow-writes
Whether to allow writes to MSRs ("on"
) or not ("off"
).
Type: null or one of “on”, “off”
Default:
null
Declared by:
<nixpkgs/nixos/modules/hardware/cpu/x86-msr.nix>
|
hardware.decklink.enable
Whether to enable hardware support for the Blackmagic Design Decklink audio/video interfaces.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/decklink.nix>
|
hardware.deviceTree.enable
Build device tree files. These are used to describe the non-discoverable hardware of a system.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/device-tree.nix>
|
hardware.deviceTree.dtbSource
Path to dtb directory that overlays and other processing will be applied to. Uses device trees bundled with the Linux kernel by default.
Type: absolute path
Default:
${cfg.kernelPackage}/dtbs
Declared by:
<nixpkgs/nixos/modules/hardware/device-tree.nix>
|
hardware.deviceTree.dtboBuildExtraIncludePaths
Additional include paths that will be passed to the preprocessor when creating the final .dts to compile into .dtbo
Type: list of absolute path
Default:
[ ]
Example:
[
./my_custom_include_dir_1
./custom_include_dir_2
]
Declared by:
<nixpkgs/nixos/modules/hardware/device-tree.nix>
|
hardware.deviceTree.dtboBuildExtraPreprocessorFlags
Additional flags to pass to the preprocessor during dtbo compilations
Type: list of string
Default:
[ ]
Example:
[ "-DMY_DTB_DEFINE" ]
Declared by:
<nixpkgs/nixos/modules/hardware/device-tree.nix>
|
hardware.deviceTree.filter
Only include .dtb files matching glob expression.
Type: null or string
Default:
null
Example:
"*rpi*.dtb"
Declared by:
<nixpkgs/nixos/modules/hardware/device-tree.nix>
|
hardware.deviceTree.kernelPackage
Kernel package where device tree include directory is from. Also used as default source of dtb package to apply overlays to
Type: absolute path
Default:
config.boot.kernelPackages.kernel
Example:
pkgs.linux_latest
Declared by:
<nixpkgs/nixos/modules/hardware/device-tree.nix>
|
hardware.deviceTree.name
The name of an explicit dtb to be loaded, relative to the dtb base. Useful in extlinux scenarios if the bootloader doesn’t pick the right .dtb file from FDTDIR.
Type: null or string
Default:
null
Example:
"some-dtb.dtb"
Declared by:
<nixpkgs/nixos/modules/hardware/device-tree.nix>
|
hardware.deviceTree.overlays
List of overlays to apply to base device-tree (.dtb) files.
Type: list of ((submodule) or absolute path convertible to it)
Default:
[ ]
Example:
[
{ name = "pps"; dtsFile = ./dts/pps.dts; }
{ name = "spi";
dtsText = "...";
}
{ name = "precompiled"; dtboFile = ./dtbos/example.dtbo; }
]
Declared by:
<nixpkgs/nixos/modules/hardware/device-tree.nix>
|
hardware.deviceTree.overlays.*.dtboFile
Path to .dtbo compiled overlay file.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/hardware/device-tree.nix>
|
hardware.deviceTree.overlays.*.dtsFile
Path to .dts overlay file, overlay is applied to each .dtb file matching “compatible” of the overlay.
Type: null or absolute path
Default:
null
Example:
./dts/overlays.dts
Declared by:
<nixpkgs/nixos/modules/hardware/device-tree.nix>
|
hardware.deviceTree.overlays.*.dtsText
Literal DTS contents, overlay is applied to each .dtb file matching “compatible” of the overlay.
Type: null or string
Default:
null
Example:
''
/dts-v1/;
/plugin/;
/ {
compatible = "raspberrypi";
};
&{/soc} {
pps {
compatible = "pps-gpio";
status = "okay";
};
};
''
Declared by:
<nixpkgs/nixos/modules/hardware/device-tree.nix>
|
hardware.deviceTree.overlays.*.filter
Only apply to .dtb files matching glob expression.
Type: null or string
Default:
null
Example:
"*rpi*.dtb"
Declared by:
<nixpkgs/nixos/modules/hardware/device-tree.nix>
|
hardware.deviceTree.overlays.*.name
Name of this overlay
Type: string
Declared by:
<nixpkgs/nixos/modules/hardware/device-tree.nix>
|
hardware.digitalbitbox.enable
Enables udev rules for Digital Bitbox devices.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/digitalbitbox.nix>
|
hardware.digitalbitbox.package
The digitalbitbox package to use. This can be used to install a package with udev rules that differ from the defaults.
Type: package
Default:
pkgs.digitalbitbox
Declared by:
<nixpkgs/nixos/modules/hardware/digitalbitbox.nix>
|
hardware.display.edid.enable
Enables handling of EDID files
Type: boolean
Default:
config.hardware.display.edid.packages != null
Declared by:
<nixpkgs/nixos/modules/services/hardware/display.nix>
|
hardware.display.edid.packages
List of packages containing EDID binary files at $out/lib/firmware/edid
.
Such files will be available for use in drm.edid_firmware
kernel
parameter as edid/<filename>
.
You can craft one directly here or use sibling options linuxhw
and modelines
.
Type: list of package
Default:
[ ]
Example:
[
(pkgs.runCommand "edid-custom" {} ''
mkdir -p "$out/lib/firmware/edid"
base64 -d > "$out/lib/firmware/edid/custom1.bin" <<'EOF'
<insert your base64 encoded EDID file here `base64 < /sys/class/drm/card0-.../edid`>
EOF
'')
]
Declared by:
<nixpkgs/nixos/modules/services/hardware/display.nix>
|
hardware.display.edid.linuxhw
Exposes EDID files from users-sourced database at https://github.com/linuxhw/EDID
Attribute names will be mapped to EDID filenames <NAME>.bin
.
Attribute values are lists of awk
regexp patterns that (together) must match
exactly one line in either of:
There is no universal way of locating your device config, but here are some practical tips:
locate your device:
find your model number (second column)
locate manufacturer (first column) and go through the list manually
narrow down results using other columns until there is only one left:
Name
column
production date (Made
column)
resolution Res
screen diagonal (Inch
column)
as a last resort use ID
from the last column
Type: attribute set of list of string
Default:
{ }
Example:
{
PG278Q_2014 = [ "PG278Q" "2014" ];
}
Declared by:
<nixpkgs/nixos/modules/services/hardware/display.nix>
|
hardware.display.edid.modelines
Attribute set of XFree86 Modelines automatically converted
and exposed as edid/<name>.bin
files in initrd.
See for more information:
Type: attribute set of string
Default:
{ }
Example:
{
"PG278Q_60" = " 241.50 2560 2608 2640 2720 1440 1443 1448 1481 -hsync +vsync";
"PG278Q_120" = " 497.75 2560 2608 2640 2720 1440 1443 1448 1525 +hsync -vsync";
"U2711_60" = " 241.50 2560 2600 2632 2720 1440 1443 1448 1481 -hsync +vsync";
}
Declared by:
<nixpkgs/nixos/modules/services/hardware/display.nix>
|
hardware.display.outputs
Hardware/kernel-level configuration of specific outputs.
Type: attribute set of (submodule)
Default:
{ }
Example:
{
edid.modelines."PG278Q_60" = "241.50 2560 2608 2640 2720 1440 1443 1448 1481 -hsync +vsync";
outputs."DP-1".edid = "PG278Q_60.bin";
outputs."DP-1".mode = "e";
}
Declared by:
<nixpkgs/nixos/modules/services/hardware/display.nix>
|
hardware.display.outputs.<name>.edid
An EDID filename to be used for configured display, as in edid/<filename>
.
See for more information:
hardware.display.edid.packages
https://wiki.archlinux.org/title/Kernel_mode_setting#Forcing_modes_and_EDID
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/hardware/display.nix>
|
hardware.display.outputs.<name>.mode
A video
kernel parameter (framebuffer mode) configuration for the specific output:
<xres>x<yres>[M][R][-<bpp>][@<refresh>][i][m][eDd]
See for more information:
https://docs.kernel.org/fb/modedb.html
https://wiki.archlinux.org/title/Kernel_mode_setting#Forcing_modes
Type: null or string
Default:
null
Example:
"e"
Declared by:
<nixpkgs/nixos/modules/services/hardware/display.nix>
|
hardware.facetimehd.enable
Whether to enable the facetimehd kernel module.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/video/webcam/facetimehd.nix>
|
hardware.facetimehd.withCalibration
Whether to include sensor calibration files for facetimehd. This makes colors look much better but is experimental, see https://github.com/patjak/facetimehd/wiki/Extracting-the-sensor-calibration-files for details.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/video/webcam/facetimehd.nix>
|
hardware.fancontrol.enable
Whether to enable software fan control (requires fancontrol.config).
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/hardware/fancontrol.nix>
|
hardware.fancontrol.config
Required fancontrol configuration file content. See pwmconfig(8) from the lm_sensors package.
Type: strings concatenated with “\n”
Example:
''
# Configuration file generated by pwmconfig
INTERVAL=10
DEVPATH=hwmon3=devices/virtual/thermal/thermal_zone2 hwmon4=devices/platform/f71882fg.656
DEVNAME=hwmon3=soc_dts1 hwmon4=f71869a
FCTEMPS=hwmon4/device/pwm1=hwmon3/temp1_input
FCFANS=hwmon4/device/pwm1=hwmon4/device/fan1_input
MINTEMP=hwmon4/device/pwm1=35
MAXTEMP=hwmon4/device/pwm1=65
MINSTART=hwmon4/device/pwm1=150
MINSTOP=hwmon4/device/pwm1=0
''
Declared by:
<nixpkgs/nixos/modules/services/hardware/fancontrol.nix>
|
hardware.firmware
List of packages containing firmware files. Such files will be loaded automatically if the kernel asks for them (i.e., when it has detected specific hardware that requires firmware to function). If multiple packages contain firmware files with the same name, the first package in the list takes precedence. Note that you must rebuild your system if you add files to any of these directories.
Type: list of package
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/udev.nix>
|
hardware.firmwareCompression
Whether to compress firmware files. Defaults depend on the kernel version. For kernels older than 5.3, firmware files are not compressed. For kernels 5.3 and newer, firmware files are compressed with xz. For kernels 5.19 and newer, firmware files are compressed with zstd.
Type: one of “xz”, “zstd”, “none”
Default:
"auto"
Declared by:
<nixpkgs/nixos/modules/services/hardware/udev.nix>
|
hardware.flipperzero.enable
Whether to enable udev rules and software for Flipper Zero devices.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/flipperzero.nix>
|
hardware.flirc.enable
Whether to enable software to configure a Flirc USB device.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/flirc.nix>
|
hardware.glasgow.enable
Enables Glasgow udev rules and ensures ‘plugdev’ group exists. This is a prerequisite to using Glasgow without being root.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/glasgow.nix>
|
hardware.gpgSmartcards.enable
Whether to enable udev rules for gnupg smart cards.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/gpgsmartcards.nix>
|
hardware.graphics.enable
Whether to enable hardware accelerated graphics drivers.
This is required to allow most graphical applications and environments to use hardware rendering, video encode/decode acceleration, etc.
This option should be enabled by default by the corresponding modules, so you do not usually have to set it yourself.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/graphics.nix>
|
hardware.graphics.enable32Bit
On 64-bit systems, whether to also install 32-bit drivers for 32-bit applications (such as Wine).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/graphics.nix>
|
hardware.graphics.extraPackages
Additional packages to add to the default graphics driver lookup path. This can be used to add OpenCL drivers, VA-API/VDPAU drivers, etc.
intel-media-driver supports hardware Broadwell (2014) or newer. Older hardware should use the mostly unmaintained intel-vaapi-driver driver.
Type: list of package
Default:
[ ]
Example:
with pkgs; [ intel-media-driver intel-ocl intel-vaapi-driver ]
Declared by:
<nixpkgs/nixos/modules/hardware/graphics.nix>
|
hardware.graphics.extraPackages32
Additional packages to add to 32-bit graphics driver lookup path on 64-bit systems.
Used when enable32Bit
is set. This can be used to add OpenCL drivers, VA-API/VDPAU drivers, etc.
intel-media-driver supports hardware Broadwell (2014) or newer. Older hardware should use the mostly unmaintained intel-vaapi-driver driver.
Type: list of package
Default:
[ ]
Example:
with pkgs.pkgsi686Linux; [ intel-media-driver intel-vaapi-driver ]
Declared by:
<nixpkgs/nixos/modules/hardware/graphics.nix>
|
hardware.hackrf.enable
Enables hackrf udev rules and ensures ‘plugdev’ group exists. This is a prerequisite to using HackRF devices without being root, since HackRF USB descriptors will be owned by plugdev through udev. Ensure your user is a member of the ‘plugdev’ group after enabling.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/hackrf.nix>
|
hardware.i2c.enable
Whether to enable i2c devices support. By default access is granted to users in the “i2c” group (will be created if non-existent) and any user with a seat, meaning logged on the computer locally .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/i2c.nix>
|
hardware.i2c.group
Grant access to i2c devices (/dev/i2c-*) to users in this group.
Type: string
Default:
"i2c"
Declared by:
<nixpkgs/nixos/modules/hardware/i2c.nix>
|
hardware.infiniband.enable
Whether to enable Infiniband support.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/infiniband.nix>
|
hardware.infiniband.guids
A list of infiniband port guids on the system. This is discoverable using ibstat -p
Type: list of string
Default:
[ ]
Example:
[
"0xe8ebd30000eee2e1"
]
Declared by:
<nixpkgs/nixos/modules/hardware/infiniband.nix>
|
hardware.inputmodule.enable
Whether to enable Support for Framework input modules.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/inputmodule.nix>
|
hardware.intel-gpu-tools.enable
Whether to enable a setcap wrapper for intel-gpu-tools.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/video/intel-gpu-tools.nix>
|
hardware.ipu6.enable
Whether to enable support for Intel IPU6/MIPI cameras.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/video/webcam/ipu6.nix>
|
hardware.ipu6.platform
Choose the version for your hardware platform.
Use ipu6
for Tiger Lake, ipu6ep
for Alder Lake or Raptor Lake,
and ipu6epmtl
for Meteor Lake.
Type: one of “ipu6”, “ipu6ep”, “ipu6epmtl”
Declared by:
<nixpkgs/nixos/modules/hardware/video/webcam/ipu6.nix>
|
hardware.keyboard.qmk.enable
Whether to enable non-root access to the firmware of QMK keyboards.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/keyboard/qmk.nix>
|
hardware.keyboard.teck.enable
Whether to enable non-root access to the firmware of TECK keyboards.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/keyboard/teck.nix>
|
hardware.keyboard.uhk.enable
Whether to enable non-root access to the firmware of UHK keyboards. You need it when you want to flash a new firmware on the keyboard. Access to the keyboard is granted to users in the “input” group. You may want to install the uhk-agent package .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/keyboard/uhk.nix>
|
hardware.keyboard.zsa.enable
Whether to enable udev rules for keyboards from ZSA like the ErgoDox EZ, Planck EZ and Moonlander Mark I. You need it when you want to flash a new configuration on the keyboard or use their live training in the browser. You may want to install the wally-cli package .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/keyboard/zsa.nix>
|
hardware.ksm.enable
Whether to enable Linux kernel Same-Page Merging.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/ksm.nix>
|
hardware.ksm.sleep
How many milliseconds ksmd should sleep between scans.
Setting it to null
uses the kernel’s default time.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/hardware/ksm.nix>
|
hardware.ledger.enable
Whether to enable udev rules for Ledger devices.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/ledger.nix>
|
hardware.libftdi.enable
Whether to enable udev rules for devices supported by libftdi.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/libftdi.nix>
|
hardware.libftdi.package
The libftdi1 package to use.
Type: package
Default:
pkgs.libftdi1
Declared by:
<nixpkgs/nixos/modules/hardware/libftdi.nix>
|
hardware.libjaylink.enable
Whether to enable udev rules for devices supported by libjaylink.
Add users to the jlink
group in order to grant
them access
.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/libjaylink.nix>
|
hardware.libjaylink.package
The libjaylink package to use.
Type: package
Default:
pkgs.libjaylink
Declared by:
<nixpkgs/nixos/modules/hardware/libjaylink.nix>
|
hardware.logitech.lcd.enable
Whether to enable support for Logitech LCD Devices.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/logitech.nix>
|
hardware.logitech.lcd.devices
List of USB device ids supported by g15daemon.
You most likely do not need to change this.
Type: list of string
Default:
[
"0a07"
"c222"
"c225"
"c227"
"c251"
]
Declared by:
<nixpkgs/nixos/modules/hardware/logitech.nix>
|
hardware.logitech.lcd.startWhenNeeded
Only run the service when an actual supported device is plugged.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/hardware/logitech.nix>
|
hardware.logitech.wireless.enable
Whether to enable support for Logitech Wireless Devices.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/logitech.nix>
|
hardware.logitech.wireless.enableGraphical
Enable graphical support applications.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/logitech.nix>
|
hardware.mcelog.enable
Enable the Machine Check Exception logger.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/mcelog.nix>
|
hardware.mwProCapture.enable
Whether to enable the Magewell Pro Capture family kernel module.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/video/capture/mwprocapture.nix>
|
hardware.new-lg4ff.enable
Enables improved Linux module drivers for Logitech driving wheels. This will replace the existing in-kernel hid-logitech modules. Works most notably on the Logitech G25, G27, G29 and Driving Force (GT).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/new-lg4ff.nix>
|
hardware.nfc-nci.enable
Whether to enable PN5xx kernel module with udev rules, libnfc-nci userland, and optional ifdnfc-nci PC/SC driver.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/nfc-nci.nix>
|
hardware.nfc-nci.enableIFD
Register ifdnfc-nci as a serial reader with pcscd.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/hardware/nfc-nci.nix>
|
hardware.nfc-nci.settings
Configuration to be written to the libncf-nci configuration files. To understand the configuration format, refer to https://github.com/NXPNFCLinux/linux_libnfc-nci/tree/master/conf.
Type: attribute set
Default:
{
init = {
NXPLOG_EXTNS_LOGLEVEL = "0x01";
NXPLOG_FWDNLD_LOGLEVEL = "0x00";
NXPLOG_GLOBAL_LOGLEVEL = "0x01";
NXPLOG_NCIHAL_LOGLEVEL = "0x01";
NXPLOG_NCIR_LOGLEVEL = "0x01";
NXPLOG_NCIX_LOGLEVEL = "0x01";
NXPLOG_TML_LOGLEVEL = "0x01";
NXP_ACT_PROP_EXTN = "{2F, 02, 00}";
NXP_CORE_STANDBY = "{2F, 00, 01, 01}";
NXP_I2C_FRAGMENTATION_ENABLED = "0x01";
NXP_NFC_DEV_NODE = "\"/dev/pn544\"";
NXP_NFC_PROFILE_EXTN = ''
{20, 02, 05, 01,
A0, 44, 01, 00
}
'';
};
nci = {
APPL_TRACE_LEVEL = "0x01";
HOST_LISTEN_TECH_MASK = "0x07";
P2P_LISTEN_TECH_MASK = "0xC5";
POLLING_TECH_MASK = "0xEF";
PROTOCOL_TRACE_LEVEL = "0x01";
};
pn54x = {
MIFARE_READER_ENABLE = "0x01";
NXP_CORE_CONF = ''
{20, 02, 2B, 0D,
28, 01, 00,
21, 01, 00,
30, 01, 08,
31, 01, 03,
33, 04, 04, 03, 02, 01,
54, 01, 06,
50, 01, 02,
5B, 01, 00,
60, 01, 0E,
80, 01, 01,
81, 01, 01,
82, 01, 0E,
18, 01, 01
}
'';
NXP_CORE_CONF_EXTN = ''
{20, 02, 30, 04,
A0, 5E, 01, 01,
A0, 40, 01, 00,
A0, 43, 01, 00,
A0, 0F, 20,
00, 03, 1D, 01, 03, 00, 02, 00,
01, 00, 01, 00, 00, 00, 00, 00,
00, 00, 00, 00, 00, 00, 00, 00,
00, 00, 00, 00, 00, 00, 00, 00
}
'';
NXP_EXT_TVDD_CFG = "0x01";
NXP_EXT_TVDD_CFG_1 = ''
{20, 02, 07, 01,
A0, 0E, 03, 16, 09, 00
}
'';
NXP_NFC_MAX_EE_SUPPORTED = "0x00";
NXP_NFC_PROPRIETARY_CFG = "{05:FF:FF:06:81:80:70:FF:FF}";
NXP_SYS_CLK_FREQ_SEL = "0x00";
NXP_SYS_CLK_SRC_SEL = "0x01";
NXP_SYS_CLOCK_TO_CFG = "0x01";
};
}
Declared by:
<nixpkgs/nixos/modules/hardware/nfc-nci.nix>
|
hardware.nitrokey.enable
Enables udev rules for Nitrokey devices.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/nitrokey.nix>
|
hardware.nvidia.enabled
True if NVIDIA support is enabled
Type: boolean (read only)
Default:
true
if NVIDIA support is enabled
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
|
hardware.nvidia.package
The NVIDIA driver package to use.
Type: unspecified value
Default:
config.boot.kernelPackages.nvidiaPackages."\$\{if cfg.datacenter.enable then "dc" else "stable"}"
Example:
"config.boot.kernelPackages.nvidiaPackages.legacy_470"
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
|
hardware.nvidia.datacenter.enable
Whether to enable Data Center drivers for NVIDIA cards on a NVLink topology .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
|
hardware.nvidia.datacenter.settings
Additional configuration options for fabricmanager.
Type: attribute set of (atom (null, bool, int, float or string))
Default:
{
LOG_LEVEL=4;
LOG_FILE_NAME="/var/log/fabricmanager.log";
LOG_APPEND_TO_LOG=1;
LOG_FILE_MAX_SIZE=1024;
LOG_USE_SYSLOG=0;
DAEMONIZE=1;
BIND_INTERFACE_IP="127.0.0.1";
STARTING_TCP_PORT=16000;
FABRIC_MODE=0;
FABRIC_MODE_RESTART=0;
STATE_FILE_NAME="/var/tmp/fabricmanager.state";
FM_CMD_BIND_INTERFACE="127.0.0.1";
FM_CMD_PORT_NUMBER=6666;
FM_STAY_RESIDENT_ON_FAILURES=0;
ACCESS_LINK_FAILURE_MODE=0;
TRUNK_LINK_FAILURE_MODE=0;
NVSWITCH_FAILURE_MODE=0;
ABORT_CUDA_JOBS_ON_FM_EXIT=1;
}
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
|
hardware.nvidia.dynamicBoost.enable
Whether to enable dynamic Boost balances power between the CPU and the GPU for improved performance on supported laptops using the nvidia-powerd daemon. For more information, see the NVIDIA docs, on Chapter 23. Dynamic Boost on Linux .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
|
hardware.nvidia.forceFullCompositionPipeline
Whether to enable forcefully the full composition pipeline. This sometimes fixes screen tearing issues. This has been reported to reduce the performance of some OpenGL applications and may produce issues in WebGL. It also drastically increases the time the driver needs to clock down after load .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
|
hardware.nvidia.gsp.enable
Whether to enable the GPU System Processor (GSP) on the video card .
Type: boolean
Default:
config.hardware.nvidia.open == true || lib.versionAtLeast config.hardware.nvidia.package.version "555"
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
|
hardware.nvidia.modesetting.enable
Whether to enable kernel modesetting when using the NVIDIA proprietary driver.
Enabling this fixes screen tearing when using Optimus via PRIME (see
hardware.nvidia.prime.sync.enable
. This is not enabled
by default because it is not officially supported by NVIDIA and would not
work with SLI.
Enabling this and using version 545 or newer of the proprietary NVIDIA driver causes it to provide its own framebuffer device, which can cause Wayland compositors to work when they otherwise wouldn’t. .
Type: boolean
Default:
lib.versionAtLeast cfg.package.version "535"
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
|
hardware.nvidia.nvidiaPersistenced
Whether to enable nvidia-persistenced a update for NVIDIA GPU headless mode, i.e. It ensures all GPUs stay awake even during headless mode .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
|
hardware.nvidia.nvidiaSettings
Whether to enable nvidia-settings, NVIDIA’s GUI configuration tool .
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
|
hardware.nvidia.open
Whether to enable the open source NVIDIA kernel module.
Type: null or boolean
Default:
if lib.versionOlder config.hardware.nvidia.package.version "560" then false else null
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
|
hardware.nvidia.powerManagement.enable
Whether to enable experimental power management through systemd. For more information, see the NVIDIA docs, on Chapter 21. Configuring Power Management Support .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
|
hardware.nvidia.powerManagement.finegrained
Whether to enable experimental power management of PRIME offload. For more information, see the NVIDIA docs, on Chapter 22. PCI-Express Runtime D3 (RTD3) Power Management .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
|
hardware.nvidia.prime.allowExternalGpu
Whether to enable configuring X to allow external NVIDIA GPUs when using Prime [Reverse] sync optimus .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
|
hardware.nvidia.prime.amdgpuBusId
Bus ID of the AMD APU. You can find it using lspci; for example if lspci shows the AMD APU at “04:00.0”, set this option to “PCI:4:0:0”.
Type: string matching the pattern ([[:print:]]+[:@][0-9]{1,3}:[0-9]{1,2}:[0-9])?
Default:
""
Example:
"PCI:4:0:0"
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
|
hardware.nvidia.prime.intelBusId
Bus ID of the Intel GPU. You can find it using lspci; for example if lspci shows the Intel GPU at “00:02.0”, set this option to “PCI:0:2:0”.
Type: string matching the pattern ([[:print:]]+[:@][0-9]{1,3}:[0-9]{1,2}:[0-9])?
Default:
""
Example:
"PCI:0:2:0"
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
|
hardware.nvidia.prime.nvidiaBusId
Bus ID of the NVIDIA GPU. You can find it using lspci; for example if lspci shows the NVIDIA GPU at “01:00.0”, set this option to “PCI:1:0:0”.
Type: string matching the pattern ([[:print:]]+[:@][0-9]{1,3}:[0-9]{1,2}:[0-9])?
Default:
""
Example:
"PCI:1:0:0"
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
|
hardware.nvidia.prime.offload.enable
Whether to enable render offload support using the NVIDIA proprietary driver via PRIME.
If this is enabled, then the bus IDs of the NVIDIA and Intel/AMD GPUs have to
be specified (hardware.nvidia.prime.nvidiaBusId
and
hardware.nvidia.prime.intelBusId
or
hardware.nvidia.prime.amdgpuBusId
)
.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
|
hardware.nvidia.prime.offload.enableOffloadCmd
Whether to enable adding a nvidia-offload
convenience script to environment.systemPackages
for offloading programs to an nvidia device. To work, should have also enabled
hardware.nvidia.prime.offload.enable
or hardware.nvidia.prime.reverseSync.enable
.
Example usage nvidia-offload sauerbraten_client
.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
|
hardware.nvidia.prime.reverseSync.enable
Whether to enable NVIDIA Optimus support using the NVIDIA proprietary driver via reverse PRIME. If enabled, the Intel/AMD GPU will be used for all rendering, while enabling output to displays attached only to the NVIDIA GPU without a multiplexer.
Warning: This feature is relatively new, depending on your system this might work poorly. AMD support, especially so. See: https://forums.developer.nvidia.com/t/the-all-new-outputsink-feature-aka-reverse-prime/129828
Note that this option only has any effect if the “nvidia” driver is specified
in services.xserver.videoDrivers
, and it should preferably
be the only driver there.
If this is enabled, then the bus IDs of the NVIDIA and Intel/AMD GPUs have to
be specified (hardware.nvidia.prime.nvidiaBusId
and
hardware.nvidia.prime.intelBusId
or
hardware.nvidia.prime.amdgpuBusId
).
If you enable this, you may want to also enable kernel modesetting for the
NVIDIA driver (hardware.nvidia.modesetting.enable
) in order
to prevent tearing.
Note that this configuration will only be successful when a display manager
for which the services.xserver.displayManager.setupCommands
option is supported is used
.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
|
hardware.nvidia.prime.reverseSync.setupCommands.enable
Whether to enable configure the display manager to be able to use the outputs
attached to the NVIDIA GPU.
Disable in order to configure the NVIDIA GPU outputs manually using xrandr.
Note that this configuration will only be successful when a display manager
for which the services.xserver.displayManager.setupCommands
option is supported is used
.
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
|
hardware.nvidia.prime.sync.enable
Whether to enable NVIDIA Optimus support using the NVIDIA proprietary driver via PRIME. If enabled, the NVIDIA GPU will be always on and used for all rendering, while enabling output to displays attached only to the integrated Intel/AMD GPU without a multiplexer.
Note that this option only has any effect if the “nvidia” driver is specified
in services.xserver.videoDrivers
, and it should preferably
be the only driver there.
If this is enabled, then the bus IDs of the NVIDIA and Intel/AMD GPUs have to
be specified (hardware.nvidia.prime.nvidiaBusId
and
hardware.nvidia.prime.intelBusId
or
hardware.nvidia.prime.amdgpuBusId
).
If you enable this, you may want to also enable kernel modesetting for the
NVIDIA driver (hardware.nvidia.modesetting.enable
) in order
to prevent tearing.
Note that this configuration will only be successful when a display manager
for which the services.xserver.displayManager.setupCommands
option is supported is used
.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
|
hardware.nvidia.videoAcceleration
Whether to enable Whether video acceleration (VA-API) should be enabled. .
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
|
hardware.nvidia-container-toolkit.enable
Enable dynamic CDI configuration for Nvidia devices by running nvidia-container-toolkit on boot.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/nvidia-container-toolkit>
|
hardware.nvidia-container-toolkit.package
The nvidia-container-toolkit package to use.
Type: package
Default:
pkgs.nvidia-container-toolkit
Declared by:
<nixpkgs/nixos/modules/services/hardware/nvidia-container-toolkit>
|
hardware.nvidia-container-toolkit.device-name-strategy
Specify the strategy for generating device names,
passed to nvidia-ctk cdi generate
. This will affect how
you reference the device using nvidia.com/gpu=
in
the container runtime.
Type: one of “index”, “uuid”, “type-index”
Default:
"index"
Declared by:
<nixpkgs/nixos/modules/services/hardware/nvidia-container-toolkit>
|
hardware.nvidia-container-toolkit.mount-nvidia-docker-1-directories
Mount nvidia-docker-1 directories on containers: /usr/local/nvidia/lib and /usr/local/nvidia/lib64.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/hardware/nvidia-container-toolkit>
|
hardware.nvidia-container-toolkit.mount-nvidia-executables
Mount executables nvidia-smi, nvidia-cuda-mps-control, nvidia-cuda-mps-server, nvidia-debugdump, nvidia-powerd and nvidia-ctk on containers.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/hardware/nvidia-container-toolkit>
|
hardware.nvidia-container-toolkit.mounts
Mounts to be added to every container under the Nvidia CDI profile.
Type: list of (submodule)
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/nvidia-container-toolkit>
|
hardware.nvidia-container-toolkit.mounts.*.containerPath
Container path.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/hardware/nvidia-container-toolkit>
|
hardware.nvidia-container-toolkit.mounts.*.hostPath
Host path.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/hardware/nvidia-container-toolkit>
|
hardware.nvidia-container-toolkit.mounts.*.mountOptions
Mount options.
Type: list of string
Default:
[
"ro"
"nosuid"
"nodev"
"bind"
]
Declared by:
<nixpkgs/nixos/modules/services/hardware/nvidia-container-toolkit>
|
hardware.nvidiaOptimus.disable
Completely disable the NVIDIA graphics card and use the integrated graphics processor instead.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/nvidia-optimus.nix>
|
hardware.onlykey.enable
Enable OnlyKey device (https://crp.to/p/) support.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/onlykey/default.nix>
|
hardware.openrazer.enable
Whether to enable OpenRazer drivers and userspace daemon .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/openrazer.nix>
|
hardware.openrazer.batteryNotifier
Settings for device battery notifications.
Type: submodule
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/hardware/openrazer.nix>
|
hardware.openrazer.batteryNotifier.enable
Mouse battery notifier.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/hardware/openrazer.nix>
|
hardware.openrazer.batteryNotifier.frequency
How often battery notifications should be shown (in seconds). A value of 0 disables notifications.
Type: signed integer
Default:
600
Declared by:
<nixpkgs/nixos/modules/hardware/openrazer.nix>
|
hardware.openrazer.batteryNotifier.percentage
At what battery percentage the device should reach before sending notifications.
Type: signed integer
Default:
33
Declared by:
<nixpkgs/nixos/modules/hardware/openrazer.nix>
|
hardware.openrazer.devicesOffOnScreensaver
Turn off the devices when the systems screensaver kicks in.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/hardware/openrazer.nix>
|
hardware.openrazer.keyStatistics
Collects number of keypresses per hour per key used to generate a heatmap.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/openrazer.nix>
|
hardware.openrazer.syncEffectsEnabled
Set the sync effects flag to true so any assignment of effects will work across devices.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/hardware/openrazer.nix>
|
hardware.openrazer.users
Usernames to be added to the “openrazer” group, so that they can start and interact with the OpenRazer userspace daemon.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/hardware/openrazer.nix>
|
hardware.openrazer.verboseLogging
Whether to enable verbose logging. Logs debug messages.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/openrazer.nix>
|
hardware.opentabletdriver.enable
Enable OpenTabletDriver udev rules, user service and blacklist kernel modules known to conflict with OpenTabletDriver.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/opentabletdriver.nix>
|
hardware.opentabletdriver.package
The opentabletdriver package to use.
Type: package
Default:
pkgs.opentabletdriver
Declared by:
<nixpkgs/nixos/modules/hardware/opentabletdriver.nix>
|
hardware.opentabletdriver.blacklistedKernelModules
Blacklist of kernel modules known to conflict with OpenTabletDriver.
Type: list of string
Default:
[
"hid-uclogic"
"wacom"
]
Declared by:
<nixpkgs/nixos/modules/hardware/opentabletdriver.nix>
|
hardware.opentabletdriver.daemon.enable
Whether to start OpenTabletDriver daemon as a systemd user service.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/hardware/opentabletdriver.nix>
|
hardware.parallels.enable
This enables Parallels Tools for Linux guests, along with provided video, mouse and other hardware drivers.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/virtualisation/parallels-guest.nix>
|
hardware.parallels.package
Defines which package to use for prl-tools. Override to change the version.
Type: null or package
Default:
"config.boot.kernelPackages.prl-tools"
Example:
config.boot.kernelPackages.prl-tools
Declared by:
<nixpkgs/nixos/modules/virtualisation/parallels-guest.nix>
|
hardware.pcmcia.enable
Enable this option to support PCMCIA card.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/pcmcia.nix>
|
hardware.pcmcia.config
Path to the configuration file which maps the memory, IRQs and ports used by the PCMCIA hardware.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/hardware/pcmcia.nix>
|
hardware.pcmcia.firmware
List of firmware used to handle specific PCMCIA card.
Type: list of absolute path
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/hardware/pcmcia.nix>
|
hardware.printers.ensureDefaultPrinter
Ensures the named printer is the default CUPS printer / printer queue.
Type: null or printable string without spaces, # and /
Default:
null
Declared by:
<nixpkgs/nixos/modules/hardware/printers.nix>
|
hardware.printers.ensurePrinters
Will regularly ensure that the given CUPS printers are configured as declared here. If a printer’s options are manually changed afterwards, they will be overwritten eventually. This option will never delete any printer, even if removed from this list. You can check existing printers with lpstat -s and remove printers with lpadmin -x <printer-name>. Printers not listed here can still be manually configured.
Type: list of (submodule)
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/hardware/printers.nix>
|
hardware.printers.ensurePrinters.*.description
Optional human-readable description.
Type: null or string
Default:
null
Example:
"Brother HL-5140"
Declared by:
<nixpkgs/nixos/modules/hardware/printers.nix>
|
hardware.printers.ensurePrinters.*.deviceUri
How to reach the printer. lpinfo -v shows a list of supported device URIs and schemes.
Type: string
Example:
"ipp://printserver.local/printers/BrotherHL_Workroom"
"usb://HP/DESKJET%20940C?serial=CN16E6C364BH"
Declared by:
<nixpkgs/nixos/modules/hardware/printers.nix>
|
hardware.printers.ensurePrinters.*.location
Optional human-readable location.
Type: null or string
Default:
null
Example:
"Workroom"
Declared by:
<nixpkgs/nixos/modules/hardware/printers.nix>
|
hardware.printers.ensurePrinters.*.model
Location of the ppd driver file for the printer. lpinfo -m shows a list of supported models.
Type: string
Example:
"gutenprint.${lib.versions.majorMinor (lib.getVersion pkgs.gutenprint)}://brother-hl-5140/expert"
Declared by:
<nixpkgs/nixos/modules/hardware/printers.nix>
|
hardware.printers.ensurePrinters.*.name
Name of the printer / printer queue. May contain any printable characters except “/”, “#”, and space.
Type: printable string without spaces, # and /
Example:
"BrotherHL_Workroom"
Declared by:
<nixpkgs/nixos/modules/hardware/printers.nix>
|
hardware.printers.ensurePrinters.*.ppdOptions
Sets PPD options for the printer. lpoptions [-p printername] -l shows supported PPD options for the given printer.
Type: attribute set of string
Default:
{ }
Example:
{
Duplex = "DuplexNoTumble";
PageSize = "A4";
}
Declared by:
<nixpkgs/nixos/modules/hardware/printers.nix>
|
hardware.raid.HPSmartArray.enable
Whether to enable HP Smart Array kernel modules and CLI utility.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/raid/hpsa.nix>
|
hardware.rasdaemon.enable
Whether to enable RAS logging daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/hardware/rasdaemon.nix>
|
hardware.rasdaemon.package
The rasdaemon package to use.
Type: package
Default:
pkgs.rasdaemon
Declared by:
<nixpkgs/nixos/modules/services/hardware/rasdaemon.nix>
|
hardware.rasdaemon.config
rasdaemon configuration, currently only used for CE PFA for details, read rasdaemon.outPath/etc/sysconfig/rasdaemon’s comments
Type: strings concatenated with “\n”
Default:
""
Example:
''
# defaults from included config
PAGE_CE_REFRESH_CYCLE="24h"
PAGE_CE_THRESHOLD="50"
PAGE_CE_ACTION="soft"
''
Declared by:
<nixpkgs/nixos/modules/services/hardware/rasdaemon.nix>
|
hardware.rasdaemon.extraModules
extra kernel modules to load
Type: list of string
Default:
[ ]
Example:
[
"i7core_edac"
]
Declared by:
<nixpkgs/nixos/modules/services/hardware/rasdaemon.nix>
|
hardware.rasdaemon.labels
Additional memory module label descriptions to be placed in /etc/ras/dimm_labels.d/labels
Type: strings concatenated with “\n”
Default:
""
Example:
''
# vendor and model may be shown by 'ras-mc-ctl --mainboard'
vendor: ASRock
product: To Be Filled By O.E.M.
model: B450M Pro4
# these labels are names for the motherboard slots
# the numbers may be shown by `ras-mc-ctl --error-count`
# they are mc:csrow:channel
DDR4_A1: 0.2.0; DDR4_B1: 0.2.1;
DDR4_A2: 0.3.0; DDR4_B2: 0.3.1;
''
Declared by:
<nixpkgs/nixos/modules/services/hardware/rasdaemon.nix>
|
hardware.rasdaemon.mainboard
Custom mainboard description, see ras-mc-ctl(8) for more details.
Type: strings concatenated with “\n”
Default:
""
Example:
''
vendor = ASRock
model = B450M Pro4
# it should default to such values from
# /sys/class/dmi/id/board_[vendor|name]
# alternatively one can supply a script
# that returns the same format as above
script = <path to script>
''
Declared by:
<nixpkgs/nixos/modules/services/hardware/rasdaemon.nix>
|
hardware.rasdaemon.record
record events via sqlite3, required for ras-mc-ctl
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/hardware/rasdaemon.nix>
|
hardware.rasdaemon.testing
Whether to enable error injection infrastructure.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/hardware/rasdaemon.nix>
|
hardware.rtl-sdr.enable
Enables rtl-sdr udev rules, ensures ‘plugdev’ group exists, and blacklists DVB kernel modules. This is a prerequisite to using devices supported by rtl-sdr without being root, since rtl-sdr USB descriptors will be owned by plugdev through udev.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/rtl-sdr.nix>
|
hardware.rtl-sdr.package
The rtl-sdr package to use.
Type: package
Default:
pkgs.rtl-sdr
Declared by:
<nixpkgs/nixos/modules/hardware/rtl-sdr.nix>
|
hardware.saleae-logic.enable
Whether to enable udev rules for Saleae Logic devices.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/saleae-logic.nix>
|
hardware.saleae-logic.package
Saleae Logic package to use.
Type: package
Default:
pkgs.saleae-logic-2
Declared by:
<nixpkgs/nixos/modules/hardware/saleae-logic.nix>
|
hardware.sane.enable
Enable support for SANE scanners.
Users in the “scanner” group will gain access to the scanner, or the “lp” group if it’s also a printer.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane.nix>
|
hardware.sane.backends-package
Backends driver package to use.
Type: package
Default:
pkgs.sane-backends
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane.nix>
|
hardware.sane.brscan4.enable
When enabled, will automatically register the “brscan4” sane backend and bring configuration files to their expected location.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix>
|
hardware.sane.brscan4.netDevices
The list of network devices that will be registered against the brscan4 sane backend.
Type: attribute set of (submodule)
Default:
{ }
Example:
{
office1 = {
ip = "192.168.1.2";
model = "MFC-7860DW";
};
office2 = {
model = "MFC-7860DW";
nodename = "BRW0080927AFBCE";
};
}
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix>
|
hardware.sane.brscan4.netDevices.<name>.ip
The ip address of the device. If undefined, you will have to provide a nodename.
Type: null or string
Default:
null
Example:
"192.168.1.2"
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix>
|
hardware.sane.brscan4.netDevices.<name>.model
The model of the network device.
Type: string
Example:
"MFC-7860DW"
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix>
|
hardware.sane.brscan4.netDevices.<name>.name
The friendly name you give to the network device. If undefined, the name of attribute will be used.
Type: string
Example:
"office1"
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix>
|
hardware.sane.brscan4.netDevices.<name>.nodename
The node name of the device. If undefined, you will have to provide an ip.
Type: null or string
Default:
null
Example:
"BRW0080927AFBCE"
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix>
|
hardware.sane.brscan5.enable
Whether to enable the Brother brscan5 sane backend.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan5.nix>
|
hardware.sane.brscan5.netDevices
The list of network devices that will be registered against the brscan5 sane backend.
Type: attribute set of (submodule)
Default:
{ }
Example:
{
office1 = {
ip = "192.168.1.2";
model = "MFC-7860DW";
};
office2 = {
model = "MFC-7860DW";
nodename = "BRW0080927AFBCE";
};
}
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan5.nix>
|
hardware.sane.brscan5.netDevices.<name>.ip
The ip address of the device. If undefined, you will have to provide a nodename.
Type: null or string
Default:
null
Example:
"192.168.1.2"
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan5.nix>
|
hardware.sane.brscan5.netDevices.<name>.model
The model of the network device.
Type: string
Example:
"ADS-1200"
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan5.nix>
|
hardware.sane.brscan5.netDevices.<name>.name
The friendly name you give to the network device. If undefined, the name of attribute will be used.
Type: string
Example:
"office1"
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan5.nix>
|
hardware.sane.brscan5.netDevices.<name>.nodename
The node name of the device. If undefined, you will have to provide an ip.
Type: null or string
Default:
null
Example:
"BRW0080927AFBCE"
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan5.nix>
|
hardware.sane.disabledDefaultBackends
Names of backends which are enabled by default but should be disabled.
See $SANE_CONFIG_DIR/dll.conf
for the list of possible names.
Type: list of string
Default:
[ ]
Example:
[
"v4l"
]
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane.nix>
|
hardware.sane.drivers.scanSnap.enable
Whether to enable drivers for the Fujitsu ScanSnap scanners.
The driver files are unfree and extracted from the Windows driver image.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane.nix>
|
hardware.sane.drivers.scanSnap.package
The epjitsu package to use. Useful if you want to extract the driver files yourself.
The process is described in the /etc/sane.d/epjitsu.conf
file in
the sane-backends
package.
Type: package
Default:
pkgs.sane-drivers.epjitsu
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane.nix>
|
hardware.sane.dsseries.enable
When enabled, will automatically register the “dsseries” SANE backend.
This supports the Brother DSmobile scanner series, including the DS-620, DS-720D, DS-820W, and DS-920DW scanners.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/dsseries.nix>
|
hardware.sane.extraBackends
Packages providing extra SANE backends to enable.
The example contains the package for HP scanners, and the package for Apple AirScan and Microsoft WSD support (supports many vendors/devices).
Type: list of absolute path
Default:
[ ]
Example:
[ pkgs.hplipWithPlugin pkgs.sane-airscan ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane.nix>
|
hardware.sane.netConf
Network hosts that should be probed for remote scanners.
Type: strings concatenated with “\n”
Default:
""
Example:
"192.168.0.16"
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane.nix>
|
hardware.sane.openFirewall
Open ports needed for discovery of scanners on the local network, e.g. needed for Canon scanners (BJNP protocol).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane.nix>
|
hardware.sane.snapshot
Use a development snapshot of SANE scanner drivers.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane.nix>
|
hardware.sata.timeout.enable
Whether to enable SATA drive timeouts.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/sata.nix>
|
hardware.sata.timeout.deciSeconds
Set SCT Error Recovery Control timeout in deciseconds for use in RAID configurations.
Values are as follows: 0 = disable SCT ERT 70 = default in consumer drives (7 seconds)
Maximum is disk dependant but probably 60 seconds.
Type: signed integer
Example:
70
Declared by:
<nixpkgs/nixos/modules/hardware/sata.nix>
|
hardware.sata.timeout.drives
List of drives for which to configure the timeout.
Type: list of (submodule)
Declared by:
<nixpkgs/nixos/modules/hardware/sata.nix>
|
hardware.sata.timeout.drives.*.idBy
The method to identify the drive.
Type: one of “path”, “wwn”
Default:
"path"
Declared by:
<nixpkgs/nixos/modules/hardware/sata.nix>
|
hardware.sata.timeout.drives.*.name
Drive name without the full path.
Type: string
Declared by:
<nixpkgs/nixos/modules/hardware/sata.nix>
|
hardware.sensor.hddtemp.enable
Enable this option to support HDD/SSD temperature sensors.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/sensor/hddtemp.nix>
|
hardware.sensor.hddtemp.dbEntries
Additional DB entries
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/hardware/sensor/hddtemp.nix>
|
hardware.sensor.hddtemp.drives
List of drives to monitor. If you pass /dev/disk/by-path/* entries the symlinks will be resolved as hddtemp doesn’t like names with colons.
Type: list of string
Declared by:
<nixpkgs/nixos/modules/hardware/sensor/hddtemp.nix>
|
hardware.sensor.hddtemp.extraArgs
Additional arguments passed to the daemon.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/hardware/sensor/hddtemp.nix>
|
hardware.sensor.hddtemp.unit
Celsius or Fahrenheit
Type: one of “C”, “F”
Default:
"C"
Declared by:
<nixpkgs/nixos/modules/hardware/sensor/hddtemp.nix>
|
hardware.sensor.iio.enable
Enable this option to support IIO sensors with iio-sensor-proxy.
IIO sensors are used for orientation and ambient light sensors on some mobile devices.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/sensor/iio.nix>
|
hardware.spacenavd.enable
Whether to enable spacenavd to support 3DConnexion devices.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/hardware/spacenavd.nix>
|
hardware.steam-hardware.enable
Enable udev rules for Steam hardware such as the Steam Controller, other supported controllers and the HTC Vive
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/steam-hardware.nix>
|
hardware.system76.enableAll
Whether to enable all recommended configuration for system76 systems.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/system-76.nix>
|
hardware.system76.firmware-daemon.enable
Whether to enable the system76 firmware daemon
Type: boolean
Default:
config.hardware.system76.enableAll
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/system-76.nix>
|
hardware.system76.kernel-modules.enable
Whether to make the system76 out-of-tree kernel modules available
Type: boolean
Default:
config.hardware.system76.enableAll
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/system-76.nix>
|
hardware.system76.power-daemon.enable
Whether to enable the system76 power daemon
Type: boolean
Default:
config.hardware.system76.enableAll
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/system-76.nix>
|
hardware.trackpoint.enable
Enable sensitivity and speed configuration for trackpoints.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/tasks/trackpoint.nix>
|
hardware.trackpoint.device
The device name of the trackpoint. You can check with xinput. Some newer devices (example x1c6) use “TPPS/2 Elan TrackPoint”.
Type: string
Default:
"TPPS/2 IBM TrackPoint"
Declared by:
<nixpkgs/nixos/modules/tasks/trackpoint.nix>
|
hardware.trackpoint.emulateWheel
Enable scrolling while holding the middle mouse button.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/tasks/trackpoint.nix>
|
hardware.trackpoint.fakeButtons
Switch to “bare” PS/2 mouse support in case Trackpoint buttons are not recognized properly. This can happen for example on models like the L430, T450, T450s, on which the Trackpoint buttons are actually a part of the Synaptics touchpad.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/tasks/trackpoint.nix>
|
hardware.trackpoint.sensitivity
Configure the trackpoint sensitivity. By default, the kernel configures 128.
Type: signed integer
Default:
128
Example:
255
Declared by:
<nixpkgs/nixos/modules/tasks/trackpoint.nix>
|
hardware.trackpoint.speed
Configure the trackpoint speed. By default, the kernel configures 97.
Type: signed integer
Default:
97
Example:
255
Declared by:
<nixpkgs/nixos/modules/tasks/trackpoint.nix>
|
hardware.tuxedo-drivers.enable
Whether to enable The tuxedo-drivers driver enables access to the following on TUXEDO notebooks:
Driver for Fn-keys
SysFS control of brightness/color/mode for most TUXEDO keyboards
Hardware I/O driver for TUXEDO Control Center
For more inforation it is best to check at the source code description: https://gitlab.com/tuxedocomputers/development/packages/tuxedo-drivers .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/tuxedo-drivers.nix>
|
hardware.tuxedo-rs.enable
Whether to enable Rust utilities for interacting with hardware from TUXEDO Computers.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/hardware/tuxedo-rs.nix>
|
hardware.tuxedo-rs.tailor-gui.enable
Whether to enable tailor-gui, an alternative to TUXEDO Control Center, written in Rust.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/hardware/tuxedo-rs.nix>
|
hardware.ubertooth.enable
Whether to enable Ubertooth software and its udev rules.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/ubertooth.nix>
|
hardware.ubertooth.group
Group for Ubertooth’s udev rules.
Type: string
Default:
"ubertooth"
Example:
"wheel"
Declared by:
<nixpkgs/nixos/modules/hardware/ubertooth.nix>
|
hardware.uinput.enable
Whether to enable uinput support.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/uinput.nix>
|
hardware.uni-sync.enable
Whether to enable udev rules and software for Lian Li Uni Controllers.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/uni-sync.nix>
|
hardware.uni-sync.package
The uni-sync package to use.
Type: package
Default:
pkgs.uni-sync
Declared by:
<nixpkgs/nixos/modules/hardware/uni-sync.nix>
|
hardware.uni-sync.devices
List of controllers with their configurations.
Type: list of (submodule)
Default:
[ ]
Example:
[
{
device_id = "VID:1111/PID:11111/SN:1111111111";
sync_rgb = true;
channels = [
{
mode = "PWM";
}
{
mode = "Manual";
speed = 100;
}
{
mode = "Manual";
speed = 54;
}
{
mode = "Manual";
speed = 0;
}
];
}
{
device_id = "VID:1010/PID:10101/SN:1010101010";
sync_rgb = false;
channels = [
{
mode = "Manual";
speed = 0;
}
];
}
]
Declared by:
<nixpkgs/nixos/modules/hardware/uni-sync.nix>
|
hardware.uni-sync.devices.*.channels
List of channels connected to the controller.
Type: list of (submodule)
Default:
[ ]
Example:
[
{
mode = "PWM";
}
{
mode = "Manual";
speed = 100;
}
{
mode = "Manual";
speed = 54;
}
{
mode = "Manual";
speed = 0;
}
]
Declared by:
<nixpkgs/nixos/modules/hardware/uni-sync.nix>
|
hardware.uni-sync.devices.*.channels.*.mode
“PWM” to enable PWM sync. “Manual” to set speed.
Type: one of “Manual”, “PWM”
Default:
"Manual"
Example:
"PWM"
Declared by:
<nixpkgs/nixos/modules/hardware/uni-sync.nix>
|
hardware.uni-sync.devices.*.channels.*.speed
Fan speed as percentage (clamped between 0 and 100).
Type: signed integer
Default:
"50"
Example:
"100"
Declared by:
<nixpkgs/nixos/modules/hardware/uni-sync.nix>
|
hardware.uni-sync.devices.*.device_id
Unique device ID displayed at each startup.
Type: string
Example:
"VID:1111/PID:11111/SN:1111111111"
Declared by:
<nixpkgs/nixos/modules/hardware/uni-sync.nix>
|
hardware.uni-sync.devices.*.sync_rgb
Enable ARGB header sync.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/uni-sync.nix>
|
hardware.usb-modeswitch.enable
Enable this option to support certain USB WLAN and WWAN adapters.
These network adapters initial present themselves as Flash Drives containing their drivers. This option enables automatic switching to the networking mode.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/usb-modeswitch.nix>
|
hardware.usbStorage.manageShutdown
Enable this option to gracefully spin-down external storage during shutdown.
If you suspect improper head parking after poweroff, install smartmontools
and check
for the Power-Off_Retract_Count
field for an increment.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/usb-storage.nix>
|
hardware.wirelessRegulatoryDatabase
Whether to enable loading the wireless regulatory database at boot.
Type: boolean
Default:
Enabled if proprietary firmware is allowed via enableRedistributableFirmware
or enableAllFirmware
.
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/all-firmware.nix>
|
hardware.wooting.enable
Whether to enable support for Wooting keyboards.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/wooting.nix>
|
hardware.xone.enable
Whether to enable the xone driver for Xbox One and Xbox Series X|S accessories.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/xone.nix>
|
hardware.xpadneo.enable
Whether to enable the xpadneo driver for Xbox One wireless controllers.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/xpadneo.nix>
|
i18n.defaultLocale
The default locale. It determines the language for program messages, the format for dates and times, sort order, and so on. It also determines the character set, such as UTF-8.
Type: string
Default:
"en_US.UTF-8"
Example:
"nl_NL.UTF-8"
Declared by:
<nixpkgs/nixos/modules/config/i18n.nix>
|
i18n.extraLocaleSettings
A set of additional system-wide locale settings other than
LANG
which can be configured with
i18n.defaultLocale
.
Type: attribute set of string
Default:
{ }
Example:
{
LC_MESSAGES = "en_US.UTF-8";
LC_TIME = "de_DE.UTF-8";
}
Declared by:
<nixpkgs/nixos/modules/config/i18n.nix>
|
i18n.glibcLocales
Customized pkg.glibcLocales package.
Changing this option can disable handling of i18n.defaultLocale and supportedLocale.
Type: absolute path
Default:
pkgs.glibcLocales.override {
allLocales = lib.any (x: x == "all") config.i18n.supportedLocales;
locales = config.i18n.supportedLocales;
}
Example:
pkgs.glibcLocales
Declared by:
<nixpkgs/nixos/modules/config/i18n.nix>
|
i18n.inputMethod.enable
Whether to enable an additional input method type.
Type: boolean
Default:
true
if the deprecated option enabled
is set, false otherwise
Example:
true
Declared by:
<nixpkgs/nixos/modules/i18n/input-method/default.nix>
|
i18n.inputMethod.enabled
Deprecated - use type
and enable = true
instead
Type: null or one of “ibus”, “fcitx5”, “nabi”, “uim”, “hime”, “kime”
Default:
null
Example:
"fcitx5"
Declared by:
<nixpkgs/nixos/modules/i18n/input-method/default.nix>
|
i18n.inputMethod.fcitx5.addons
Enabled Fcitx5 addons.
Type: list of package
Default:
[ ]
Example:
with pkgs; [ fcitx5-rime ]
Declared by:
<nixpkgs/nixos/modules/i18n/input-method/fcitx5.nix>
|
i18n.inputMethod.fcitx5.ignoreUserConfig
Ignore the user configures. Warning: When this is enabled, the user config files are totally ignored and the user dict can’t be saved and loaded.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/i18n/input-method/fcitx5.nix>
|
i18n.inputMethod.fcitx5.plasma6Support
Use qt6 versions of fcitx5 packages. Required for configuring fcitx5 in KDE System Settings.
Type: boolean
Default:
config.services.desktopManager.plasma6.enable
Declared by:
<nixpkgs/nixos/modules/i18n/input-method/fcitx5.nix>
|
i18n.inputMethod.fcitx5.quickPhrase
Quick phrases.
Type: attribute set of string
Default:
{ }
Example:
{
smile = "(・∀・)";
angry = "( ̄ー ̄)";
}
Declared by:
<nixpkgs/nixos/modules/i18n/input-method/fcitx5.nix>
|
i18n.inputMethod.fcitx5.quickPhraseFiles
Quick phrase files.
Type: attribute set of absolute path
Default:
{ }
Example:
{
words = ./words.mb;
numbers = ./numbers.mb;
}
Declared by:
<nixpkgs/nixos/modules/i18n/input-method/fcitx5.nix>
|
i18n.inputMethod.fcitx5.settings.addons
The addon configures in conf
folder in ini format with global sections.
Each item is written to the corresponding file.
Type: attribute set of anything
Default:
{ }
Example:
{ pinyin.globalSection.EmojiEnabled = "True"; }
Declared by:
<nixpkgs/nixos/modules/i18n/input-method/fcitx5.nix>
|
i18n.inputMethod.fcitx5.settings.globalOptions
The global options in config
file in ini format.
Type: attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/i18n/input-method/fcitx5.nix>
|
i18n.inputMethod.fcitx5.settings.inputMethod
The input method configure in profile
file in ini format.
Type: attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/i18n/input-method/fcitx5.nix>
|
i18n.inputMethod.fcitx5.waylandFrontend
Use the Wayland input method frontend. See Using Fcitx 5 on Wayland.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/i18n/input-method/fcitx5.nix>
|
i18n.inputMethod.ibus.engines
Enabled IBus engines. Available engines are: anthy
, bamboo
, cangjie
, hangul
, kkc
, libpinyin
, libthai
, m17n
, mozc
, mozc-ut
, openbangla-keyboard
, pinyin
, rime
, table
, table-chinese
, table-others
, typing-booster
, typing-booster-unwrapped
, uniemoji
.
Type: list of ibus-engine
Default:
[ ]
Example:
with pkgs.ibus-engines; [ mozc hangul ]
Declared by:
<nixpkgs/nixos/modules/i18n/input-method/ibus.nix>
|
i18n.inputMethod.ibus.panel
Replace the IBus panel with another panel.
Type: null or absolute path
Default:
null
Example:
"${pkgs.plasma5Packages.plasma-desktop}/libexec/kimpanel-ibus-panel"
Declared by:
<nixpkgs/nixos/modules/i18n/input-method/ibus.nix>
|
i18n.inputMethod.kime.daemonModules
List of enabled daemon modules
Type: list of (one of “Xim”, “Wayland”, “Indicator”)
Default:
[
"Xim"
"Wayland"
"Indicator"
]
Example:
[
"Xim"
"Indicator"
]
Declared by:
<nixpkgs/nixos/modules/i18n/input-method/kime.nix>
|
i18n.inputMethod.kime.extraConfig
extra kime configuration. Refer to https://github.com/Riey/kime/blob/v3.1.1/docs/CONFIGURATION.md for details on supported values.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/i18n/input-method/kime.nix>
|
i18n.inputMethod.kime.iconColor
Color of the indicator icon
Type: one of “Black”, “White”
Default:
"Black"
Example:
"White"
Declared by:
<nixpkgs/nixos/modules/i18n/input-method/kime.nix>
|
i18n.inputMethod.type
Select the enabled input method. Input methods is a software to input symbols that are not available on standard input devices.
Input methods are specially used to input Chinese, Japanese and Korean characters.
Currently the following input methods are available in NixOS:
ibus: The intelligent input bus, extra input engines can be added using i18n.inputMethod.ibus.engines
.
fcitx5: The next generation of fcitx, addons (including engines, dictionaries, skins) can be added using i18n.inputMethod.fcitx5.addons
.
nabi: A Korean input method based on XIM. Nabi doesn’t support Qt 5.
uim: The universal input method, is a library with a XIM bridge. uim mainly support Chinese, Japanese and Korean.
hime: An extremely easy-to-use input method framework.
kime: Koream IME.
Type: null or one of “ibus”, “fcitx5”, “nabi”, “uim”, “hime”, “kime”
Default:
The value of the deprecated option enabled
, defaulting to null
Example:
"fcitx5"
Declared by:
<nixpkgs/nixos/modules/i18n/input-method/default.nix>
|
i18n.inputMethod.uim.toolbar
selected UIM toolbar.
Type: one of “gtk”, “gtk3”, “gtk-systray”, “gtk3-systray”, “qt5”
Default:
"gtk"
Example:
"gtk-systray"
Declared by:
<nixpkgs/nixos/modules/i18n/input-method/uim.nix>
|
i18n.supportedLocales
List of locales that the system should support. The value
"all"
means that all locales supported by
Glibc will be installed. A full list of supported locales
can be found at https://sourceware.org/git/?p=glibc.git;a=blob;f=localedata/SUPPORTED.
Type: list of string
Default:
lib.unique
(builtins.map (l: (lib.replaceStrings [ "utf8" "utf-8" "UTF8" ] [ "UTF-8" "UTF-8" "UTF-8" ] l) + "/UTF-8") (
[
"C.UTF-8"
"en_US.UTF-8"
config.i18n.defaultLocale
] ++ (lib.attrValues (lib.filterAttrs (n: v: n != "LANGUAGE") config.i18n.extraLocaleSettings))
))
Example:
[
"en_US.UTF-8/UTF-8"
"nl_NL.UTF-8/UTF-8"
"nl_NL/ISO-8859-1"
]
Declared by:
<nixpkgs/nixos/modules/config/i18n.nix>
|
image.modules
image-specific NixOS Modules used for system.build.images
.
Type: attribute set of module
Declared by:
<nixpkgs/nixos/modules/image/images.nix>
|
image.repart.package
The systemd-repart package to use.
Type: package
Default:
pkgs.buildPackages.systemd
Example:
pkgs.buildPackages.systemdMinimal.override { withCryptsetup = true; }
Declared by:
<nixpkgs/nixos/modules/image/repart.nix>
|
image.repart.compression.enable
Whether to enable Image compression.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/image/repart.nix>
|
image.repart.compression.algorithm
Compression algorithm
Type: one of “zstd”, “xz”, “zstd-seekable”
Default:
"zstd"
Declared by:
<nixpkgs/nixos/modules/image/repart.nix>
|
image.repart.compression.level
Compression level. The available range depends on the used algorithm.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/image/repart.nix>
|
image.repart.imageFile
Filename of the image including all extensions (e.g image_1.raw
or
image_1.raw.zst
).
Type: string (read only)
Declared by:
<nixpkgs/nixos/modules/image/repart.nix>
|
image.repart.imageFileBasename
Basename of the image filename without any extension (e.g. image_1
).
Type: string (read only)
Declared by:
<nixpkgs/nixos/modules/image/repart.nix>
|
image.repart.mkfsOptions
Specify extra options for created file systems. The specified options
are converted to individual environment variables of the format
SYSTEMD_REPART_MKFS_OPTIONS_<FSTYPE>
.
See upstream systemd documentation for information about the usage of these environment variables.
The example would produce the following environment variable:
SYSTEMD_REPART_MKFS_OPTIONS_VFAT="-S 512 -c"
Type: attribute set of list of string
Default:
{ }
Example:
{
vfat = [ "-S 512" "-c" ];
}
Declared by:
<nixpkgs/nixos/modules/image/repart.nix>
|
image.repart.name
Name of the image.
If this option is unset but config.system.image.id is set, config.system.image.id is used as the default value.
Type: string
Declared by:
<nixpkgs/nixos/modules/image/repart.nix>
|
image.repart.partitions
Specify partitions as a set of the names of the partitions with their configuration as the key.
Type: attribute set of (submodule)
Default:
{ }
Example:
{
"10-esp" = {
contents = {
"/EFI/BOOT/BOOTX64.EFI".source =
"${pkgs.systemd}/lib/systemd/boot/efi/systemd-bootx64.efi";
}
repartConfig = {
Type = "esp";
Format = "fat";
};
};
"20-root" = {
storePaths = [ config.system.build.toplevel ];
repartConfig = {
Type = "root";
Format = "ext4";
Minimize = "guess";
};
};
};
Declared by:
<nixpkgs/nixos/modules/image/repart.nix>
|
image.repart.partitions.<name>.contents
The contents to end up in the filesystem image.
Type: attribute set of (submodule)
Default:
{ }
Example:
{
"/EFI/BOOT/BOOTX64.EFI".source =
"${pkgs.systemd}/lib/systemd/boot/efi/systemd-bootx64.efi";
"/loader/entries/nixos.conf".source = systemdBootEntry;
}
Declared by:
<nixpkgs/nixos/modules/image/repart.nix>
|
image.repart.partitions.<name>.contents.<name>.source
Path of the source file.
Type: absolute path
Declared by:
<nixpkgs/nixos/modules/image/repart.nix>
|
image.repart.partitions.<name>.repartConfig
Specify the repart options for a partiton as a structural setting. See repart.d(5) for all available options.
Type: attribute set of (string or signed integer or boolean or list of string)
Example:
{
SizeMaxBytes = "2G";
SizeMinBytes = "512M";
Type = "home";
}
Declared by:
<nixpkgs/nixos/modules/image/repart.nix>
|
image.repart.partitions.<name>.storePaths
The store paths to include in the partition.
Type: list of absolute path
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/image/repart.nix>
|
image.repart.partitions.<name>.stripNixStorePrefix
Whether to strip /nix/store/
from the store paths. This is useful
when you want to build a partition that only contains store paths and
is mounted under /nix/store
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/image/repart.nix>
|
image.repart.sectorSize
The sector size of the disk image produced by systemd-repart. This value must be a power of 2 between 512 and 4096.
Type: null or signed integer
Default:
512
Example:
4096
Declared by:
<nixpkgs/nixos/modules/image/repart.nix>
|
image.repart.seed
A UUID to use as a seed. You can set this to null
to explicitly
randomize the partition UUIDs.
Type: null or string
Default:
"0867da16-f251-457d-a9e8-c31f9a3c220b"
Declared by:
<nixpkgs/nixos/modules/image/repart.nix>
|
image.repart.split
Enables generation of split artifacts from partitions. If enabled, for each partition with SplitName= set, a separate output file containing just the contents of that partition is generated.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/image/repart.nix>
|
image.repart.verityStore.enable
Whether to enable building images with a dm-verity protected nix store.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/image/repart-verity-store.nix>
|
image.repart.verityStore.partitionIds.esp
Specify the attribute name of the ESP.
Type: string
Default:
"00-esp"
Declared by:
<nixpkgs/nixos/modules/image/repart-verity-store.nix>
|
image.repart.verityStore.partitionIds.store
Specify the attribute name of the store partition.
Type: string
Default:
"20-store"
Declared by:
<nixpkgs/nixos/modules/image/repart-verity-store.nix>
|
image.repart.verityStore.partitionIds.store-verity
Specify the attribute name of the store’s dm-verity hash partition.
Type: string
Default:
"10-store-verity"
Declared by:
<nixpkgs/nixos/modules/image/repart-verity-store.nix>
|
image.repart.verityStore.ukiPath
Specify the location on the ESP where the UKI is placed.
Type: string
Default:
"/EFI/Linux/\${config.system.boot.loader.ukiFile}"
Declared by:
<nixpkgs/nixos/modules/image/repart-verity-store.nix>
|
image.repart.version
Version of the image
Type: null or string
Default:
config.system.image.version
Declared by:
<nixpkgs/nixos/modules/image/repart.nix>
|
lib
This option allows modules to define helper functions, constants, etc.
Type: attribute set of (attribute set)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/misc/lib.nix>
|
location.latitude
Your current latitude, between
-90.0
and 90.0
. Must be provided
along with longitude.
Type: floating point number
Declared by:
<nixpkgs/nixos/modules/config/locale.nix>
|
location.longitude
Your current longitude, between
between -180.0
and 180.0
. Must be
provided along with latitude.
Type: floating point number
Declared by:
<nixpkgs/nixos/modules/config/locale.nix>
|
location.provider
The location provider to use for determining your location. If set to
manual
you must also provide latitude/longitude.
Type: one of “manual”, “geoclue2”
Default:
"manual"
Declared by:
<nixpkgs/nixos/modules/config/locale.nix>
|
networking.enableB43Firmware
Turn on this option if you want firmware for the NICs supported by the b43 module.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/network/b43.nix>
|
networking.enableIPv6
Whether to enable support for IPv6.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.enableIntel2200BGFirmware
Turn on this option if you want firmware for the Intel PRO/Wireless 2200BG to be loaded automatically. This is required if you want to use this device.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/network/intel-2200bg.nix>
|
networking.bonds
This option allows you to define bond devices that aggregate multiple, underlying networking interfaces together. The value of this option is an attribute set. Each attribute specifies a bond, with the attribute name specifying the name of the bond’s network interface
Type: attribute set of (submodule)
Default:
{ }
Example:
{
bond0 = {
interfaces = [ "eth0" "wlan0" ];
driverOptions = {
miimon = "100";
mode = "active-backup";
}
;
};
anotherBond.interfaces = [ "enp4s0f0" "enp4s0f1" "enp5s0f0" "enp5s0f1" ];
}
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.bonds.<name>.driverOptions
Options for the bonding driver. Documentation can be found in https://www.kernel.org/doc/Documentation/networking/bonding.txt
Type: attribute set of string
Default:
{ }
Example:
{
miimon = "100";
mode = "active-backup";
}
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.bonds.<name>.interfaces
The interfaces to bond together
Type: list of string
Example:
[
"enp4s0f0"
"enp4s0f1"
"wlan0"
]
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.bonds.<name>.lacp_rate
DEPRECATED, use driverOptions
.
Option specifying the rate in which we’ll ask our link partner
to transmit LACPDU packets in 802.3ad mode.
Type: null or string
Default:
null
Example:
"fast"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.bonds.<name>.miimon
DEPRECATED, use driverOptions
.
Miimon is the number of millisecond in between each round of polling
by the device driver for failed links. By default polling is not
enabled and the driver is trusted to properly detect and handle
failure scenarios.
Type: null or signed integer
Default:
null
Example:
100
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.bonds.<name>.mode
DEPRECATED, use driverOptions
.
The mode which the bond will be running. The default mode for
the bonding driver is balance-rr, optimizing for throughput.
More information about valid modes can be found at
https://www.kernel.org/doc/Documentation/networking/bonding.txt
Type: null or string
Default:
null
Example:
"active-backup"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.bonds.<name>.xmit_hash_policy
DEPRECATED, use driverOptions
.
Selects the transmit hash policy to use for slave selection in
balance-xor, 802.3ad, and tlb modes.
Type: null or string
Default:
null
Example:
"layer2+3"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.bridges
This option allows you to define Ethernet bridge devices that connect physical networks together. The value of this option is an attribute set. Each attribute specifies a bridge, with the attribute name specifying the name of the bridge’s network interface.
Type: attribute set of (submodule)
Default:
{ }
Example:
{
br0 = {
interfaces = [
"eth0"
"eth1"
];
};
br1 = {
interfaces = [
"eth2"
"wlan0"
];
};
}
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.bridges.<name>.interfaces
The physical network interfaces connected by the bridge.
Type: list of string
Example:
[
"eth0"
"eth1"
]
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.bridges.<name>.rstp
Whether the bridge interface should enable rstp.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.defaultGateway
The default gateway. It can be left empty if it is auto-detected through DHCP. It can be specified as a string or an option set along with a network interface.
Type: null or ((submodule) or string convertible to it)
Default:
null
Example:
{
address = "131.211.84.1";
interface = "enp3s0";
}
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.defaultGateway.address
The default gateway address.
Type: string
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.defaultGateway.interface
The default gateway interface.
Type: null or string
Default:
null
Example:
"enp0s3"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.defaultGateway.metric
The default gateway metric/preference.
Type: null or signed integer
Default:
null
Example:
42
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.defaultGateway6
The default ipv6 gateway. It can be left empty if it is auto-detected through DHCP. It can be specified as a string or an option set along with a network interface.
Type: null or ((submodule) or string convertible to it)
Default:
null
Example:
{
address = "2001:4d0:1e04:895::1";
interface = "enp3s0";
}
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.defaultGateway6.address
The default gateway address.
Type: string
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.defaultGateway6.interface
The default gateway interface.
Type: null or string
Default:
null
Example:
"enp0s3"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.defaultGateway6.metric
The default gateway metric/preference.
Type: null or signed integer
Default:
null
Example:
42
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.defaultGatewayWindowSize
The window size of the default gateway. It limits maximal data bursts that TCP peers are allowed to send to us.
Type: null or signed integer
Default:
null
Example:
524288
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.dhcpcd.enable
Whether to enable dhcpcd for device configuration. This is mainly to explicitly disable dhcpcd (for example when using networkd).
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
|
networking.dhcpcd.IPv6rs
Force enable or disable solicitation and receipt of IPv6 Router Advertisements. This is required, for example, when using a static unique local IPv6 address (ULA) and global IPv6 address auto-configuration with SLAAC.
Type: null or boolean
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
|
networking.dhcpcd.allowInterfaces
Enable the DHCP client for any interface whose name matches any of the shell glob patterns in this list. Any interface not explicitly matched by this pattern will be denied. This pattern only applies when non-null.
Type: null or (list of string)
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
|
networking.dhcpcd.denyInterfaces
Disable the DHCP client for any interface whose name matches any of the shell glob patterns in this list. The purpose of this option is to blacklist virtual interfaces such as those created by Xen, libvirt, LXC, etc.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
|
networking.dhcpcd.extraConfig
Literal string to append to the config file generated for dhcpcd.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
|
networking.dhcpcd.persistent
Whenever to leave interfaces configured on dhcpcd daemon shutdown. Set to true if you have your root or store mounted over the network or this machine accepts SSH connections through DHCP interfaces and clients should be notified when it shuts down.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
|
networking.dhcpcd.runHook
Shell code that will be run after all other hooks. See
man dhcpcd-run-hooks
for details on what is possible.
To use sudo or similar tools in your script you may have to set:
systemd.services.dhcpcd.serviceConfig.NoNewPrivileges = false;
In addition, as most of the filesystem is inaccessible to dhcpcd by default, you may want to define some exceptions, e.g.
systemd.services.dhcpcd.serviceConfig.ReadOnlyPaths = [
"/run/user/1000/bus" # to send desktop notifications
];
Type: strings concatenated with “\n”
Default:
""
Example:
"if [[ $reason =~ BOUND ]]; then echo $interface: Routers are $new_routers - were $old_routers; fi"
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
|
networking.dhcpcd.wait
This option specifies when the dhcpcd service will fork to background. If set to “background”, dhcpcd will fork to background immediately. If set to “ipv4” or “ipv6”, dhcpcd will wait for the corresponding IP address to be assigned. If set to “any”, dhcpcd will wait for any type (IPv4 or IPv6) to be assigned. If set to “both”, dhcpcd will wait for both an IPv4 and an IPv6 address before forking. The option “if-carrier-up” is equivalent to “any” if either ethernet is plugged nor WiFi is powered, and to “background” otherwise.
Type: one of “background”, “any”, “ipv4”, “ipv6”, “both”, “if-carrier-up”
Default:
"any"
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
|
networking.domain
The domain. It can be left empty if it is auto-detected through DHCP.
Type: null or string
Default:
null
Example:
"home.arpa"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.extraHosts
Additional verbatim entries to be appended to /etc/hosts
.
For adding hosts from derivation results, use networking.hostFiles
instead.
Type: strings concatenated with “\n”
Default:
""
Example:
"192.168.0.1 lanlocalhost"
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
|
networking.firewall.enable
Whether to enable the firewall. This is a simple stateful firewall that blocks connection attempts to unauthorised TCP or UDP ports on this machine.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.package
The package to use for running the firewall service.
Type: package
Default:
if config.networking.nftables.enable then "pkgs.nftables" else "pkgs.iptables"
Example:
pkgs.iptables-legacy
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.allowPing
Whether to respond to incoming ICMPv4 echo requests (“pings”). ICMPv6 pings are always allowed because the larger address space of IPv6 makes network scanning much less effective.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.allowedTCPPortRanges
A range of TCP ports on which incoming connections are accepted.
Type: list of attribute set of 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
[ ]
Example:
[
{
from = 8999;
to = 9003;
}
]
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.allowedTCPPorts
List of TCP ports on which incoming connections are accepted.
Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
[ ]
Example:
[
22
80
]
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.allowedUDPPortRanges
Range of open UDP ports.
Type: list of attribute set of 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
[ ]
Example:
[
{
from = 60000;
to = 61000;
}
]
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.allowedUDPPorts
List of open UDP ports.
Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
[ ]
Example:
[
53
]
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.autoLoadConntrackHelpers
Whether to auto-load connection-tracking helpers. See the description at networking.firewall.connectionTrackingModules
(needs kernel 3.5+)
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.checkReversePath
Performs a reverse path filter test on a packet. If a reply to the packet would not be sent via the same interface that the packet arrived on, it is refused.
If using asymmetric routing or other complicated routing, set this option to loose mode or disable it and setup your own counter-measures.
This option can be either true (or “strict”), “loose” (only drop the packet if the source address is not reachable via any interface) or false.
Type: boolean or one of “strict”, “loose”
Default:
true
except if the iptables based firewall is in use and the kernel lacks rpfilter support
Example:
"loose"
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.connectionTrackingModules
List of connection-tracking helpers that are auto-loaded. The complete list of possible values is given in the example.
As helpers can pose as a security risk, it is advised to set this to an empty list and disable the setting networking.firewall.autoLoadConntrackHelpers unless you know what you are doing. Connection tracking is disabled by default.
Loading of helpers is recommended to be done through the CT target. More info: https://home.regit.org/netfilter-en/secure-use-of-helpers/
Type: list of string
Default:
[ ]
Example:
[
"ftp"
"irc"
"sane"
"sip"
"tftp"
"amanda"
"h323"
"netbios_sn"
"pptp"
"snmp"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.extraCommands
Additional shell commands executed as part of the firewall initialisation script. These are executed just before the final “reject” firewall rule is added, so they can be used to allow packets that would otherwise be refused.
This option only works with the iptables based firewall.
Type: strings concatenated with “\n”
Default:
""
Example:
"iptables -A INPUT -p icmp -j ACCEPT"
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall-iptables.nix>
|
networking.firewall.extraForwardRules
Additional nftables rules to be appended to the forward-allow chain.
This option only works with the nftables based firewall.
Type: strings concatenated with “\n”
Default:
""
Example:
"iifname wg0 accept"
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall-nftables.nix>
|
networking.firewall.extraInputRules
Additional nftables rules to be appended to the input-allow chain.
This option only works with the nftables based firewall.
Type: strings concatenated with “\n”
Default:
""
Example:
"ip6 saddr { fc00::/7, fe80::/10 } tcp dport 24800 accept"
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall-nftables.nix>
|
networking.firewall.extraPackages
Additional packages to be included in the environment of the system as well as the path of networking.firewall.extraCommands.
Type: list of package
Default:
[ ]
Example:
[ pkgs.ipset ]
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.extraReversePathFilterRules
Additional nftables rules to be appended to the rpfilter-allow chain.
This option only works with the nftables based firewall.
Type: strings concatenated with “\n”
Default:
""
Example:
"fib daddr . mark . iif type local accept"
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall-nftables.nix>
|
networking.firewall.extraStopCommands
Additional shell commands executed as part of the firewall shutdown script. These are executed just after the removal of the NixOS input rule, or if the service enters a failed state.
This option only works with the iptables based firewall.
Type: strings concatenated with “\n”
Default:
""
Example:
"iptables -P INPUT ACCEPT"
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall-iptables.nix>
|
networking.firewall.filterForward
Enable filtering in IP forwarding.
This option only works with the nftables based firewall.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.interfaces
Interface-specific open ports.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.interfaces.<name>.allowedTCPPortRanges
A range of TCP ports on which incoming connections are accepted.
Type: list of attribute set of 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
[ ]
Example:
[
{
from = 8999;
to = 9003;
}
]
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.interfaces.<name>.allowedTCPPorts
List of TCP ports on which incoming connections are accepted.
Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
[ ]
Example:
[
22
80
]
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.interfaces.<name>.allowedUDPPortRanges
Range of open UDP ports.
Type: list of attribute set of 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
[ ]
Example:
[
{
from = 60000;
to = 61000;
}
]
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.interfaces.<name>.allowedUDPPorts
List of open UDP ports.
Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
[ ]
Example:
[
53
]
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.logRefusedConnections
Whether to log rejected or dropped incoming connections. Note: The logs are found in the kernel logs, i.e. dmesg or journalctl -k.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.logRefusedPackets
Whether to log all rejected or dropped incoming packets. This tends to give a lot of log messages, so it’s mostly useful for debugging. Note: The logs are found in the kernel logs, i.e. dmesg or journalctl -k.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.logRefusedUnicastsOnly
If networking.firewall.logRefusedPackets
and this option are enabled, then only log packets
specifically directed at this machine, i.e., not broadcasts
or multicasts.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.logReversePathDrops
Logs dropped packets failing the reverse path filter test if the option networking.firewall.checkReversePath is enabled.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.pingLimit
If pings are allowed, this allows setting rate limits on them.
For the iptables based firewall, it should be set like “–limit 1/minute --limit-burst 5”.
For the nftables based firewall, it should be set like “2/second” or “1/minute burst 5 packets”.
Type: null or strings concatenated with " "
Default:
null
Example:
"--limit 1/minute --limit-burst 5"
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.rejectPackets
If set, refused packets are rejected rather than dropped (ignored). This means that an ICMP “port unreachable” error message is sent back to the client (or a TCP RST packet in case of an existing connection). Rejecting packets makes port scanning somewhat easier.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.trustedInterfaces
Traffic coming in from these interfaces will be accepted unconditionally. Traffic from the loopback (lo) interface will always be accepted.
Type: list of string
Default:
[ ]
Example:
[
"enp0s2"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.fooOverUDP
This option allows you to configure Foo Over UDP and Generic UDP Encapsulation endpoints. See ip-fou(8) for details.
Type: attribute set of (submodule)
Default:
{ }
Example:
{
backup = {
port = 9002;
};
primary = {
local = {
address = "192.0.2.1";
dev = "eth0";
};
port = 9001;
};
}
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.fooOverUDP.<name>.local
Local address (and optionally device) to bind to using the given port.
Type: null or (submodule)
Default:
null
Example:
{
address = "203.0.113.22";
}
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.fooOverUDP.<name>.local.address
Local address to bind to. The address must be available when the FOU
endpoint is created, using the scripted network setup this can be achieved
either by setting dev
or adding dependency information to
systemd.services.<name>-fou-encap
; it isn’t supported
when using networkd.
Type: string
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.fooOverUDP.<name>.local.dev
Network device to bind to.
Type: null or string
Default:
null
Example:
"eth0"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.fooOverUDP.<name>.port
Local port of the encapsulation UDP socket.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.fooOverUDP.<name>.protocol
Protocol number of the encapsulated packets. Specifying null
(the default) creates a GUE endpoint, specifying a protocol number will create
a FOU endpoint.
Type: null or integer between 1 and 255 (both inclusive)
Default:
null
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.fqdn
The fully qualified domain name (FQDN) of this host. It is the result
of combining networking.hostName
and networking.domain.
Using this
option will result in an evaluation error if the hostname is empty or
no domain is specified.
Modules that accept a mere networking.hostName
but prefer a fully qualified
domain name may use networking.fqdnOrHostName
instead.
Type: string (read only)
Default:
"${networking.hostName}.${networking.domain}"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.fqdnOrHostName
Either the fully qualified domain name (FQDN), or just the host name if it does not exists.
This is a convenience option for modules to read instead of fqdn
when
a mere hostName
is also an acceptable value; this option does not
throw an error when domain
is unset.
Type: string (read only)
Default:
if cfg.domain == null then cfg.hostName else cfg.fqdn
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.greTunnels
This option allows you to define Generic Routing Encapsulation (GRE) tunnels.
Type: attribute set of (submodule)
Default:
{ }
Example:
{
greBridge = {
remote = "10.0.0.1";
local = "10.0.0.22";
dev = "enp4s0f0";
type = "tap";
ttl = 255;
};
gre6Tunnel = {
remote = "fd7a:5634::1";
local = "fd7a:5634::2";
dev = "enp4s0f0";
type = "tun6";
ttl = 255;
};
}
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.greTunnels.<name>.dev
The underlying network device on which the tunnel resides.
Type: null or string
Default:
null
Example:
"enp4s0f0"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.greTunnels.<name>.local
The address of the local endpoint which the remote side should send packets to.
Type: null or string
Default:
null
Example:
"10.0.0.22"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.greTunnels.<name>.remote
The address of the remote endpoint to forward traffic over.
Type: null or string
Default:
null
Example:
"10.0.0.1"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.greTunnels.<name>.ttl
The time-to-live/hoplimit of the connection to the remote tunnel endpoint.
Type: null or signed integer
Default:
null
Example:
255
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.greTunnels.<name>.type
Whether the tunnel routes layer 2 (tap) or layer 3 (tun) traffic.
Type: one of “tun”, “tap”, “tun6”, “tap6”
Default:
"tap"
Example:
"tap"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.hostFiles
Files that should be concatenated together to form /etc/hosts
.
Type: list of absolute path
Default:
Hosts from networking.hosts
and networking.extraHosts
Example:
[ "${pkgs.my-blocklist-package}/share/my-blocklist/hosts" ]
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
|
networking.hostId
The 32-bit host ID of the machine, formatted as 8 hexadecimal characters.
You should try to make this ID unique among your machines. You can generate a random 32-bit ID using the following commands:
head -c 8 /etc/machine-id
(this derives it from the machine-id that systemd generates) or
head -c4 /dev/urandom | od -A none -t x4
The primary use case is to ensure when using ZFS that a pool isn’t imported accidentally on a wrong machine.
Type: null or string
Default:
null
Example:
"4e98920d"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.hostName
The name of the machine. Leave it empty if you want to obtain it from a DHCP server (if using DHCP). The hostname must be a valid DNS label (see RFC 1035 section 2.3.1: “Preferred name syntax”, RFC 1123 section 2.1: “Host Names and Numbers”) and as such must not contain the domain part. This means that the hostname must start with a letter or digit, end with a letter or digit, and have as interior characters only letters, digits, and hyphen. The maximum length is 63 characters. Additionally it is recommended to only use lower-case characters. If (e.g. for legacy reasons) a FQDN is required as the Linux kernel network node hostname (uname --nodename) the option boot.kernel.sysctl.“kernel.hostname” can be used as a workaround (but the 64 character limit still applies).
WARNING: Do not use underscores (_) or you may run into unexpected issues.
Type: string matching the pattern ^$|^[[:alnum:]]([[:alnum:]_-]{0,61}[[:alnum:]])?$
Default:
config.system.nixos.distroId
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.hosts
Locally defined maps of hostnames to IP addresses.
Type: attribute set of list of string
Example:
{
"127.0.0.1" = [ "foo.bar.baz" ];
"192.168.0.2" = [ "fileserver.local" "nameserver.local" ];
};
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
|
networking.interfaces
The configuration for each network interface.
Please note that systemd.network.netdevs
has more features
and is better maintained. When building new things, it is advised to
use that instead.
Type: attribute set of (submodule)
Default:
{ }
Example:
{
eth0 = {
ipv4 = {
addresses = [
{
address = "131.211.84.78";
prefixLength = 25;
}
];
};
};
}
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.ipv4.addresses
List of IPv4 addresses that will be statically assigned to the interface.
Type: list of (submodule)
Default:
[ ]
Example:
[
{
address = "10.0.0.1";
prefixLength = 16;
}
{
address = "192.168.1.1";
prefixLength = 24;
}
]
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.ipv4.addresses.*.address
IPv4 address of the interface. Leave empty to configure the interface using DHCP.
Type: string
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.ipv4.addresses.*.prefixLength
Subnet mask of the interface, specified as the number of
bits in the prefix (24
).
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.ipv4.routes
List of extra IPv4 static routes that will be assigned to the interface.
If the route type is the default unicast
, then the scope
is set differently depending on the value of networking.useNetworkd
:
the script-based backend sets it to link
, while networkd sets
it to global
.
If you want consistency between the two implementations,
set the scope of the route manually with
networking.interfaces.eth0.ipv4.routes = [{ options.scope = "global"; }]
for example.
Type: list of (submodule)
Default:
[ ]
Example:
[
{
address = "10.0.0.0";
prefixLength = 16;
}
{
address = "192.168.2.0";
prefixLength = 24;
via = "192.168.1.1";
}
]
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.ipv4.routes.*.address
IPv4 address of the network.
Type: string
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.ipv4.routes.*.options
Other route options. See the symbol OPTIONS
in the ip-route(8) manual page for the details.
You may also specify metric
,
src
, protocol
,
scope
, from
and table
, which are technically
not route options, in the sense used in the manual.
Type: attribute set of string
Default:
{ }
Example:
{
mtu = "1492";
window = "524288";
}
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.ipv4.routes.*.prefixLength
Subnet mask of the network, specified as the number of
bits in the prefix (24
).
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.ipv4.routes.*.type
Type of the route. See the Route types
section
in the ip-route(8) manual page for the details.
Note that prohibit
, blackhole
,
unreachable
, and throw
cannot
be configured per device, so they are not available here. Similarly,
nat
hasn’t been supported since kernel 2.6.
Type: null or one of “unicast”, “local”, “broadcast”, “multicast”
Default:
null
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.ipv4.routes.*.via
IPv4 address of the next hop.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.ipv6.addresses
List of IPv6 addresses that will be statically assigned to the interface.
Type: list of (submodule)
Default:
[ ]
Example:
[
{
address = "fdfd:b3f0:482::1";
prefixLength = 48;
}
{
address = "2001:1470:fffd:2098::e006";
prefixLength = 64;
}
]
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.ipv6.addresses.*.address
IPv6 address of the interface. Leave empty to configure the interface using DHCP.
Type: string
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.ipv6.addresses.*.prefixLength
Subnet mask of the interface, specified as the number of
bits in the prefix (64
).
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.ipv6.routes
List of extra IPv6 static routes that will be assigned to the interface.
Type: list of (submodule)
Default:
[ ]
Example:
[
{
address = "fdfd:b3f0::";
prefixLength = 48;
}
{
address = "2001:1470:fffd:2098::";
prefixLength = 64;
via = "fdfd:b3f0::1";
}
]
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.ipv6.routes.*.address
IPv6 address of the network.
Type: string
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.ipv6.routes.*.options
Other route options. See the symbol OPTIONS
in the ip-route(8) manual page for the details.
You may also specify metric
,
src
, protocol
,
scope
, from
and table
, which are technically
not route options, in the sense used in the manual.
Type: attribute set of string
Default:
{ }
Example:
{
mtu = "1492";
window = "524288";
}
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.ipv6.routes.*.prefixLength
Subnet mask of the network, specified as the number of
bits in the prefix (64
).
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.ipv6.routes.*.type
Type of the route. See the Route types
section
in the ip-route(8) manual page for the details.
Note that prohibit
, blackhole
,
unreachable
, and throw
cannot
be configured per device, so they are not available here. Similarly,
nat
hasn’t been supported since kernel 2.6.
Type: null or one of “unicast”, “local”, “broadcast”, “multicast”
Default:
null
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.ipv6.routes.*.via
IPv6 address of the next hop.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.macAddress
MAC address of the interface. Leave empty to use the default.
Type: null or string
Default:
null
Example:
"00:11:22:33:44:55"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.mtu
MTU size for packets leaving the interface. Leave empty to use the default.
Type: null or signed integer
Default:
null
Example:
9000
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.name
Name of the interface.
Type: string
Example:
"eth0"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.proxyARP
Turn on proxy_arp for this device. This is mainly useful for creating pseudo-bridges between a real interface and a virtual network such as VPN or a virtual machine for interfaces that don’t support real bridging (most wlan interfaces). As ARP proxying acts slightly above the link-layer, below-ip traffic isn’t bridged, so things like DHCP won’t work. The advantage above using NAT lies in the fact that no IP addresses are shared, so all hosts are reachable/routeable.
WARNING: turns on ip-routing, so if you have multiple interfaces, you should think of the consequence and setup firewall rules to limit this.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.tempAddress
When IPv6 is enabled with SLAAC, this option controls the use of temporary address (aka privacy extensions) on this interface. This is used to reduce tracking.
See also the global option
networking.tempAddresses
, which
applies to all interfaces where this is not set.
Possible values are:
"default"
to generate IPv6 temporary addresses and use these as source addresses in routing;
"disabled"
to completely disable IPv6 temporary addresses;
"enabled"
to generate IPv6 temporary addresses but still use EUI-64 addresses as source addresses;
Type: one of “default”, “disabled”, “enabled”
Default:
config.networking.tempAddresses
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.useDHCP
Whether this interface should be configured with DHCP. Overrides the
default set by networking.useDHCP
. If null
(the default),
DHCP is enabled if the interface has no IPv4 addresses configured
with networking.interfaces.<name>.ipv4.addresses
, and
disabled otherwise.
Type: null or boolean
Default:
null
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.virtual
Whether this interface is virtual and should be created by tunctl. This is mainly useful for creating bridges between a host and a virtual network such as VPN or a virtual machine.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.virtualOwner
In case of a virtual device, the user who owns it.
Type: string
Default:
"root"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.virtualType
The type of interface to create. The default is TUN for an interface name starting with “tun”, otherwise TAP.
Type: one of “tun”, “tap”
Default:
if hasPrefix "tun" name then "tun" else "tap"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.wakeOnLan.enable
Whether to enable wol on this interface.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.wakeOnLan.policy
The Wake-on-LAN policy to set for the device.
The options are
phy
: Wake on PHY activity
unicast
: Wake on unicast messages
multicast
: Wake on multicast messages
broadcast
: Wake on broadcast messages
arp
: Wake on ARP
magic
: Wake on receipt of a magic packet
Type: list of (one of “phy”, “unicast”, “multicast”, “broadcast”, “arp”, “magic”, “secureon”)
Default:
[
"magic"
]
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.iproute2.enable
Whether to enable copying IP route configuration files.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/config/iproute2.nix>
|
networking.iproute2.rttablesExtraConfig
Verbatim lines to add to /etc/iproute2/rt_tables
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/config/iproute2.nix>
|
networking.jool.enable
Whether to enable Jool, an Open Source implementation of IPv4/IPv6 translation on Linux.
Jool can perform stateless IP/ICMP translation (SIIT) or stateful NAT64, analogous to the IPv4 NAPT. Refer to the upstream documentation for the supported modes of translation and how to configure them.
Enabling this option will install the Jool kernel module and the command line tools for controlling it.
Type: boolean
Default:
false
Related packages:
Declared by:
<nixpkgs/nixos/modules/services/networking/jool.nix>
|
networking.jool.nat64
Definitions of NAT64 instances of Jool. See the documentation for the available options. Also check out the tutorial for an introduction to NAT64 and how to troubleshoot the setup.
The attribute name defines the name of the instance, with the main one
being default
: this can be accessed from the command line without
specifying the name with -i
.
Instances created imperatively from the command line will not interfere
with the NixOS instances, provided the respective pool4
addresses and
port ranges are not overlapping.
Changes to an instance performed via jool -i <name>
are applied
correctly but will be lost after restarting the respective
jool-nat64-<name>.service
.
Type: attribute set of (JSON value)
Default:
{ }
Example:
{
default = {
# custom NAT64 prefix
global.pool6 = "2001:db8:64::/96";
# Port forwarding
bib = [
{ # SSH 192.0.2.16 → 2001:db8:a::1
"protocol" = "TCP";
"ipv4 address" = "192.0.2.16#22";
"ipv6 address" = "2001:db8:a::1#22";
}
{ # DNS (TCP) 192.0.2.16 → 2001:db8:a::2
"protocol" = "TCP";
"ipv4 address" = "192.0.2.16#53";
"ipv6 address" = "2001:db8:a::2#53";
}
{ # DNS (UDP) 192.0.2.16 → 2001:db8:a::2
"protocol" = "UDP";
"ipv4 address" = "192.0.2.16#53";
"ipv6 address" = "2001:db8:a::2#53";
}
];
pool4 = [
# Port ranges for dynamic translation
{ protocol = "TCP"; prefix = "192.0.2.16/32"; "port range" = "40001-65535"; }
{ protocol = "UDP"; prefix = "192.0.2.16/32"; "port range" = "40001-65535"; }
{ protocol = "ICMP"; prefix = "192.0.2.16/32"; "port range" = "40001-65535"; }
# Ports for static BIB entries
{ protocol = "TCP"; prefix = "192.0.2.16/32"; "port range" = "22"; }
{ protocol = "UDP"; prefix = "192.0.2.16/32"; "port range" = "53"; }
];
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/jool.nix>
|
networking.jool.nat64.<name>.framework
The framework to use for attaching Jool’s translation to the exist kernel packet processing rules. See the documentation for the differences between the two options.
Type: one of “netfilter”, “iptables”
Default:
"netfilter"
Declared by:
<nixpkgs/nixos/modules/services/networking/jool.nix>
|
networking.jool.nat64.<name>.global.pool6
The prefix used for embedding IPv4 into IPv6 addresses. Defaults to the well-known NAT64 prefix, defined by RFC 6052.
Type: Network prefix in CIDR notation
Default:
"64:ff9b::/96"
Declared by:
<nixpkgs/nixos/modules/services/networking/jool.nix>
|
networking.jool.siit
Definitions of SIIT instances of Jool. See the documentation for the available options. Also check out the tutorial for an introduction to SIIT and how to troubleshoot the setup.
The attribute name defines the name of the instance, with the main one
being default
: this can be accessed from the command line without
specifying the name with -i
.
Instances created imperatively from the command line will not interfere with the NixOS instances, provided the respective EAMT addresses and port ranges are not overlapping.
Changes to an instance performed via jool -i <name>
are applied
correctly but will be lost after restarting the respective
jool-siit-<name>.service
.
Type: attribute set of (JSON value)
Default:
{ }
Example:
{
default = {
# Maps any IPv4 address x.y.z.t to 2001:db8::x.y.z.t and v.v.
global.pool6 = "2001:db8::/96";
# Explicit address mappings
eamt = [
# 2001:db8:1:: ←→ 192.0.2.0
{ "ipv6 prefix" = "2001:db8:1::/128"; "ipv4 prefix" = "192.0.2.0"; }
# 2001:db8:1::x ←→ 198.51.100.x
{ "ipv6 prefix" = "2001:db8:2::/120"; "ipv4 prefix" = "198.51.100.0/24"; }
];
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/jool.nix>
|
networking.jool.siit.<name>.framework
The framework to use for attaching Jool’s translation to the exist kernel packet processing rules. See the documentation for the differences between the two options.
Type: one of “netfilter”, “iptables”
Default:
"netfilter"
Declared by:
<nixpkgs/nixos/modules/services/networking/jool.nix>
|
networking.localCommands
Shell commands to be executed at the end of the
network-setup
systemd service. Note that if
you are using DHCP to obtain the network configuration,
interfaces may not be fully configured yet.
Type: strings concatenated with “\n”
Default:
""
Example:
"text=anything; echo You can put $text here."
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.macvlans
This option allows you to define macvlan interfaces which should be automatically created.
Type: attribute set of (submodule)
Default:
{ }
Example:
{
wan = {
interface = "enp2s0";
mode = "vepa";
};
}
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.macvlans.<name>.interface
The interface the macvlan will transmit packets through.
Type: string
Example:
"enp4s0"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.macvlans.<name>.mode
The mode of the macvlan device.
Type: null or string
Default:
null
Example:
"vepa"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.modemmanager.enable
Whether to use ModemManager to manage modem devices. This is usually used by some higher layer manager such as NetworkManager but can be used standalone especially if using a modem for non-IP connectivity (e.g. GPS).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/modemmanager.nix>
|
networking.modemmanager.package
The modemmanager package to use.
Type: package
Default:
pkgs.modemmanager
Declared by:
<nixpkgs/nixos/modules/services/networking/modemmanager.nix>
|
networking.modemmanager.fccUnlockScripts
List of FCC unlock scripts to enable on the system, behaving as described in https://modemmanager.org/docs/modemmanager/fcc-unlock/#integration-with-third-party-fcc-unlock-tools.
Type: list of (submodule)
Default:
[ ]
Example:
[{ id = "03f0:4e1d"; path = "${pkgs.modemmanager}/share/ModemManager/fcc-unlock.available.d/03f0:4e1d"; }]
Declared by:
<nixpkgs/nixos/modules/services/networking/modemmanager.nix>
|
networking.modemmanager.fccUnlockScripts.*.id
vid:pid of either the PCI or USB vendor and product ID
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/modemmanager.nix>
|
networking.modemmanager.fccUnlockScripts.*.path
Path to the unlock script
Type: absolute path
Declared by:
<nixpkgs/nixos/modules/services/networking/modemmanager.nix>
|
networking.nameservers
The list of nameservers. It can be left empty if it is auto-detected through DHCP.
Type: list of string
Default:
[ ]
Example:
[
"130.161.158.4"
"130.161.33.17"
]
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.nat.enable
Whether to enable Network Address Translation (NAT). A properly configured firewall or a trusted L2 on all network interfaces is required to prevent unauthorized access to the internal network.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.nat.enableIPv6
Whether to enable IPv6 NAT.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.nat.dmzHost
The local IP address to which all traffic that does not match any forwarding rule is forwarded.
Type: null or string
Default:
null
Example:
"10.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.nat.externalIP
The public IP address to which packets from the local network are to be rewritten. If this is left empty, the IP address associated with the external interface will be used. Only connections made to this IP address will be forwarded to the internal network when using forwardPorts.
Type: null or string
Default:
null
Example:
"203.0.113.123"
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.nat.externalIPv6
The public IPv6 address to which packets from the local network are to be rewritten. If this is left empty, the IP address associated with the external interface will be used. Only connections made to this IP address will be forwarded to the internal network when using forwardPorts.
Type: null or string
Default:
null
Example:
"2001:dc0:2001:11::175"
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.nat.externalInterface
The name of the external network interface.
Type: null or string
Default:
null
Example:
"eth1"
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.nat.extraCommands
Additional shell commands executed as part of the nat initialisation script.
This option is incompatible with the nftables based nat module.
Type: strings concatenated with “\n”
Default:
""
Example:
"iptables -A INPUT -p icmp -j ACCEPT"
Declared by:
<nixpkgs/nixos/modules/services/networking/nat-iptables.nix>
|
networking.nat.extraStopCommands
Additional shell commands executed as part of the nat teardown script.
This option is incompatible with the nftables based nat module.
Type: strings concatenated with “\n”
Default:
""
Example:
"iptables -D INPUT -p icmp -j ACCEPT || true"
Declared by:
<nixpkgs/nixos/modules/services/networking/nat-iptables.nix>
|
networking.nat.forwardPorts
List of forwarded ports from the external interface to internal destinations by using DNAT. Destination can be IPv6 if IPv6 NAT is enabled.
Type: list of (submodule)
Default:
[ ]
Example:
[
{
destination = "10.0.0.1:80";
proto = "tcp";
sourcePort = 8080;
}
{
destination = "[fc00::2]:80";
proto = "tcp";
sourcePort = 8080;
}
]
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.nat.forwardPorts.*.destination
Forward connection to destination ip:port (or [ipv6]:port); to specify a port range, use ip:start-end
Type: string
Example:
"10.0.0.1:80"
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.nat.forwardPorts.*.loopbackIPs
Public IPs for NAT reflection; for connections to loopbackip:sourcePort
from the host itself and from other hosts behind NAT
Type: list of string
Default:
[ ]
Example:
[ "55.1.2.3" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.nat.forwardPorts.*.proto
Protocol of forwarded connection
Type: string
Default:
"tcp"
Example:
"udp"
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.nat.forwardPorts.*.sourcePort
Source port of the external interface; to specify a port range, use a string with a colon (e.g. “60000:61000”)
Type: signed integer or string matching the pattern [[:digit:]]+:[[:digit:]]+
Example:
8080
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.nat.internalIPs
The IP address ranges for which to perform NAT. Packets coming from these addresses (on any interface) and destined for the external interface will be rewritten.
Type: list of string
Default:
[ ]
Example:
[
"192.168.1.0/24"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.nat.internalIPv6s
The IPv6 address ranges for which to perform NAT. Packets coming from these addresses (on any interface) and destined for the external interface will be rewritten.
Type: list of string
Default:
[ ]
Example:
[
"fc00::/64"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.nat.internalInterfaces
The interfaces for which to perform NAT. Packets coming from these interface and destined for the external interface will be rewritten.
Type: list of string
Default:
[ ]
Example:
[
"eth0"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.networkmanager.enable
Whether to use NetworkManager to obtain an IP address and other
configuration for all network interfaces that are not manually
configured. If enabled, a group networkmanager
will be created. Add all users that should have permission
to change network settings to this group.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.enableStrongSwan
Enable the StrongSwan plugin.
If you enable this option the
networkmanager_strongswan
plugin will be added to
the networking.networkmanager.plugins
option
so you don’t need to do that yourself.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.package
The networkmanager package to use.
Type: package
Default:
pkgs.networkmanager
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.appendNameservers
A list of name servers that should be appended to the ones configured in NetworkManager or received by DHCP.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.connectionConfig
Configuration for the [connection] section of NetworkManager.conf. Refer to https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html#id-1.2.3.11 or NetworkManager.conf(5) for more information.
Type: attribute set of (null or boolean or signed integer or string)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.dhcp
Which program (or internal library) should be used for DHCP.
Type: one of “dhcpcd”, “internal”
Default:
"internal"
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.dispatcherScripts
A list of scripts which will be executed in response to network events.
Type: list of (submodule)
Default:
[ ]
Example:
[ {
source = pkgs.writeText "upHook" ''
if [ "$2" != "up" ]; then
logger "exit: event $2 != up"
exit
fi
# coreutils and iproute are in PATH too
logger "Device $DEVICE_IFACE coming up"
'';
type = "basic";
} ]
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.dispatcherScripts.*.source
Path to the hook script.
Type: absolute path
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.dispatcherScripts.*.type
Dispatcher hook type. Look up the hooks described at https://developer.gnome.org/NetworkManager/stable/NetworkManager.html and choose the type depending on the output folder. You should then filter the event type (e.g., “up”/“down”) from within your script.
Type: one of “basic”, “pre-down”, “pre-up”
Default:
"basic"
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.dns
Set the DNS (resolv.conf
) processing mode.
A description of these modes can be found in the main section of https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html or in NetworkManager.conf(5).
Type: one of “default”, “dnsmasq”, “systemd-resolved”, “none”
Default:
"default"
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.ensureProfiles.environmentFiles
Files to load as environment file. Environment variables from this file will be substituted into the static configuration file using envsubst.
Type: list of absolute path
Default:
[ ]
Example:
[
"/run/secrets/network-manager.env"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.ensureProfiles.profiles
Declaratively define NetworkManager profiles. You can find information about the generated file format here and here.
You current profiles which are most likely stored in /etc/NetworkManager/system-connections
and there is a tool to convert them to the needed nix code.
If you add a new ad-hoc connection via a GUI or nmtui or anything similar it should just work together with the declarative ones.
And if you edit a declarative profile NetworkManager will move it to the persistent storage and treat it like a ad-hoc one,
but there will be two profiles as soon as the systemd unit from this option runs again which can be confusing since NetworkManager tools will start displaying two profiles with the same name and probably a bit different settings depending on what you edited.
A profile won’t be deleted even if it’s removed from the config until the system reboots because that’s when NetworkManager clears it’s temp directory.
If networking.resolvconf.enable
is true, attributes affecting the name resolution (such as ignore-auto-dns
) may not end up changing /etc/resolv.conf
as expected when other name services (for example networking.dhcpcd
) are enabled. Run resolvconf -l
in the terminal to see what each service produces.
Type: attribute set of (attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string)))
Default:
{ }
Example:
{
home-wifi = {
connection = {
id = "home-wifi";
permissions = "";
type = "wifi";
};
ipv4 = {
dns-search = "";
method = "auto";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
dns-search = "";
method = "auto";
};
wifi = {
mac-address-blacklist = "";
mode = "infrastructure";
ssid = "Home Wi-Fi";
};
wifi-security = {
auth-alg = "open";
key-mgmt = "wpa-psk";
psk = "$HOME_WIFI_PASSWORD";
};
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.ensureProfiles.profiles.<name>.connection.id
This is the name that will be displayed by NetworkManager and GUIs.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.ensureProfiles.profiles.<name>.connection.type
The connection type defines the connection kind, like vpn, wireguard, gsm, wifi and more.
Type: string
Example:
"vpn"
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.ensureProfiles.secrets.package
The nm-file-secret-agent package to use.
Type: package
Default:
pkgs.nm-file-secret-agent
Declared by:
<nixpkgs/nixos/modules/services/networking/nm-file-secret-agent.nix>
|
networking.networkmanager.ensureProfiles.secrets.entries
A list of secrets to provide to NetworkManager by reading their values from configured files.
Note that NetworkManager should be configured to read secrets from a secret agent.
This can be done for example through the networking.networkmanager.ensureProfiles.profiles
options.
Type: list of (submodule)
Default:
[ ]
Example:
[
{
file = "/root/wireguard_key";
key = "private-key";
matchId = "My WireGuard VPN";
matchSetting = "wireguard";
matchType = "wireguard";
}
]
Declared by:
<nixpkgs/nixos/modules/services/networking/nm-file-secret-agent.nix>
|
networking.networkmanager.ensureProfiles.secrets.entries.*.file
file from which the secret value is read
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/nm-file-secret-agent.nix>
|
networking.networkmanager.ensureProfiles.secrets.entries.*.key
key in the setting section for which this entry provides a value
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/nm-file-secret-agent.nix>
|
networking.networkmanager.ensureProfiles.secrets.entries.*.matchId
connection id used by NetworkManager. Often displayed as name in GUIs.
NetworkManager describes this as a human readable unique identifier for the connection, like “Work Wi-Fi” or “T-Mobile 3G”.
Type: null or string
Default:
null
Example:
"wifi1"
Declared by:
<nixpkgs/nixos/modules/services/networking/nm-file-secret-agent.nix>
|
networking.networkmanager.ensureProfiles.secrets.entries.*.matchIface
interface name of the NetworkManager connection
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/nm-file-secret-agent.nix>
|
networking.networkmanager.ensureProfiles.secrets.entries.*.matchSetting
name of the setting section for which secrets are requested
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/nm-file-secret-agent.nix>
|
networking.networkmanager.ensureProfiles.secrets.entries.*.matchType
NetworkManager connection type
The NetworkManager configuration settings reference roughly corresponds to connection types. More might be available on your system depending on the installed plugins.
https://networkmanager.dev/docs/api/latest/ch01.html
Type: null or string
Default:
null
Example:
"wireguard"
Declared by:
<nixpkgs/nixos/modules/services/networking/nm-file-secret-agent.nix>
|
networking.networkmanager.ensureProfiles.secrets.entries.*.matchUuid
UUID of the connection profile
UUIDs are assigned once on connection creation and should never change as long as the connection still applies to the same network.
Type: null or string
Default:
null
Example:
"669ea4c9-4cb3-4901-ab52-f9606590976e"
Declared by:
<nixpkgs/nixos/modules/services/networking/nm-file-secret-agent.nix>
|
networking.networkmanager.ethernet.macAddress
Set the MAC address of the interface.
"XX:XX:XX:XX:XX:XX"
: MAC address of the interface
"permanent"
: Use the permanent MAC address of the device
"preserve"
: Don’t change the MAC address of the device upon activation
"random"
: Generate a randomized value upon each connect
"stable"
: Generate a stable, hashed MAC address
Type: string or one of “permanent”, “preserve”, “random”, “stable”
Default:
"preserve"
Example:
"00:11:22:33:44:55"
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.insertNameservers
A list of name servers that should be inserted before the ones configured in NetworkManager or received by DHCP.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.logLevel
Set the default logging verbosity level.
Type: one of “OFF”, “ERR”, “WARN”, “INFO”, “DEBUG”, “TRACE”
Default:
"WARN"
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.plugins
List of NetworkManager plug-ins to enable. Some plug-ins are enabled by the NetworkManager module by default.
Type: list of NetworkManager plug-in
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.settings
Configuration added to the generated NetworkManager.conf, note that you can overwrite settings with this. Refer to https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html or NetworkManager.conf(5) for more information.
Type: attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.unmanaged
List of interfaces that will not be managed by NetworkManager. Interface name can be specified here, but if you need more fidelity, refer to https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html#device-spec or the “Device List Format” Appendix of NetworkManager.conf(5).
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.wifi.backend
Specify the Wi-Fi backend used for the device.
Currently supported are wpa_supplicant
or iwd
(experimental).
Type: one of “wpa_supplicant”, “iwd”
Default:
"wpa_supplicant"
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.wifi.macAddress
Set the MAC address of the interface.
"XX:XX:XX:XX:XX:XX"
: MAC address of the interface
"permanent"
: Use the permanent MAC address of the device
"preserve"
: Don’t change the MAC address of the device upon activation
"random"
: Generate a randomized value upon each connect
"stable"
: Generate a stable, hashed MAC address
"stable-ssid"
: Generate a stable MAC addressed based on Wi-Fi network
Type: string or one of “permanent”, “preserve”, “random”, “stable”, “stable-ssid”
Default:
"preserve"
Example:
"00:11:22:33:44:55"
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.wifi.powersave
Whether to enable Wi-Fi power saving.
Type: null or boolean
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.wifi.scanRandMacAddress
Whether to enable MAC address randomization of a Wi-Fi device during scanning.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.nftables.enable
Whether to enable nftables and use nftables based firewall if enabled. nftables is a Linux-based packet filtering framework intended to replace frameworks like iptables.
Note that if you have Docker enabled you will not be able to use nftables without intervention. Docker uses iptables internally to setup NAT for containers. This module disables the ip_tables kernel module, however Docker automatically loads the module. Please see https://github.com/NixOS/nixpkgs/issues/24318#issuecomment-289216273 for more information.
There are other programs that use iptables internally too, such as libvirt. For information on how the two firewalls interact, see https://wiki.nftables.org/wiki-nftables/index.php/Troubleshooting#Question_4._How_do_nftables_and_iptables_interact_when_used_on_the_same_system.3F.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/nftables.nix>
|
networking.nftables.checkRuleset
Run nft check
on the ruleset to spot syntax errors during build.
Because this is executed in a sandbox, the check might fail if it requires
access to any environmental factors or paths outside the Nix store.
To circumvent this, the ruleset file can be edited using the preCheckRuleset
option to work in the sandbox environment.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/nftables.nix>
|
networking.nftables.checkRulesetRedirects
Set of paths that should be intercepted and rewritten while checking the ruleset
using pkgs.buildPackages.libredirect
.
Type: attribute set of absolute path
Default:
{
"/etc/hosts" = config.environment.etc.hosts.source;
"/etc/protocols" = config.environment.etc.protocols.source;
"/etc/services" = config.environment.etc.services.source;
}
Declared by:
<nixpkgs/nixos/modules/services/networking/nftables.nix>
|
networking.nftables.extraDeletions
Extra deletion commands to be run on every firewall start, reload and after stopping the firewall.
Type: strings concatenated with “\n”
Default:
""
Example:
''
# this makes deleting a non-existing table a no-op instead of an error
table inet some-table;
delete table inet some-table;
''
Declared by:
<nixpkgs/nixos/modules/services/networking/nftables.nix>
|
networking.nftables.flattenRulesetFile
Use builtins.readFile
rather than include
to handle networking.nftables.rulesetFile
. It is useful when you want to apply networking.nftables.preCheckRuleset
to networking.nftables.rulesetFile
.
It is expected that networking.nftables.rulesetFile
can be accessed from the build sandbox.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/nftables.nix>
|
networking.nftables.flushRuleset
Whether to enable flushing the entire ruleset on each reload.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/nftables.nix>
|
networking.nftables.preCheckRuleset
This script gets run before the ruleset is checked. It can be used to create additional files needed for the ruleset check to work, or modify the ruleset for cases the build environment cannot cover.
Type: strings concatenated with “\n”
Default:
""
Example:
sed 's/skgid meadow/skgid nogroup/g' -i ruleset.conf
Declared by:
<nixpkgs/nixos/modules/services/networking/nftables.nix>
|
networking.nftables.ruleset
The ruleset to be used with nftables. Should be in a format that can be loaded using “/bin/nft -f”. The ruleset is updated atomically. Note that if the tables should be cleaned first, either:
networking.nftables.flushRuleset = true; needs to be set (flushes all tables)
networking.nftables.extraDeletions needs to be set
or networking.nftables.tables can be used, which will clean up the table automatically
Type: strings concatenated with “\n”
Default:
""
Example:
''
# Check out https://wiki.nftables.org/ for better documentation.
# Table for both IPv4 and IPv6.
table inet filter {
# Block all incoming connections traffic except SSH and "ping".
chain input {
type filter hook input priority 0;
# accept any localhost traffic
iifname lo accept
# accept traffic originated from us
ct state {established, related} accept
# ICMP
# routers may also want: mld-listener-query, nd-router-solicit
ip6 nexthdr icmpv6 icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept
ip protocol icmp icmp type { destination-unreachable, router-advertisement, time-exceeded, parameter-problem } accept
# allow "ping"
ip6 nexthdr icmpv6 icmpv6 type echo-request accept
ip protocol icmp icmp type echo-request accept
# accept SSH connections (required for a server)
tcp dport 22 accept
# count and drop any other traffic
counter drop
}
# Allow all outgoing connections.
chain output {
type filter hook output priority 0;
accept
}
chain forward {
type filter hook forward priority 0;
accept
}
}
''
Declared by:
<nixpkgs/nixos/modules/services/networking/nftables.nix>
|
networking.nftables.rulesetFile
The ruleset file to be used with nftables. Should be in a format that can be loaded using “nft -f”. The ruleset is updated atomically.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/nftables.nix>
|
networking.nftables.tables
Tables to be added to ruleset. Tables will be added together with delete statements to clean up the table before every update.
Type: attribute set of (submodule)
Default:
{ }
Example:
{
filter = {
content = ''
# Check out https://wiki.nftables.org/ for better documentation.
# Table for both IPv4 and IPv6.
# Block all incoming connections traffic except SSH and "ping".
chain input {
type filter hook input priority 0;
# accept any localhost traffic
iifname lo accept
# accept traffic originated from us
ct state {established, related} accept
# ICMP
# routers may also want: mld-listener-query, nd-router-solicit
ip6 nexthdr icmpv6 icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept
ip protocol icmp icmp type { destination-unreachable, router-advertisement, time-exceeded, parameter-problem } accept
# allow "ping"
ip6 nexthdr icmpv6 icmpv6 type echo-request accept
ip protocol icmp icmp type echo-request accept
# accept SSH connections (required for a server)
tcp dport 22 accept
# count and drop any other traffic
counter drop
}
# Allow all outgoing connections.
chain output {
type filter hook output priority 0;
accept
}
chain forward {
type filter hook forward priority 0;
accept
}
'';
family = "inet";
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/nftables.nix>
|
networking.nftables.tables.<name>.enable
Enable this table.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/nftables.nix>
|
networking.nftables.tables.<name>.content
The table content.
Type: strings concatenated with “\n”
Declared by:
<nixpkgs/nixos/modules/services/networking/nftables.nix>
|
networking.nftables.tables.<name>.family
Table family.
Type: one of “ip”, “ip6”, “inet”, “arp”, “bridge”, “netdev”
Declared by:
<nixpkgs/nixos/modules/services/networking/nftables.nix>
|
networking.nftables.tables.<name>.name
Table name.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/nftables.nix>
|
networking.openconnect.package
The openconnect package to use.
Type: package
Default:
pkgs.openconnect
Declared by:
<nixpkgs/nixos/modules/services/networking/openconnect.nix>
|
networking.openconnect.interfaces
OpenConnect interfaces.
Type: attribute set of (submodule)
Default:
{ }
Example:
{
openconnect0 = {
gateway = "gateway.example.com";
passwordFile = "/var/lib/secrets/openconnect-passwd";
protocol = "anyconnect";
user = "example-user";
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/openconnect.nix>
|
networking.openconnect.interfaces.<name>.autoStart
Whether this VPN connection should be started automatically.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/openconnect.nix>
|
networking.openconnect.interfaces.<name>.certificate
Certificate to authenticate with.
Type: null or absolute path or PKCS#11 URI
Default:
null
Example:
"/var/lib/secrets/openconnect_certificate.pem"
Declared by:
<nixpkgs/nixos/modules/services/networking/openconnect.nix>
|
networking.openconnect.interfaces.<name>.extraOptions
Extra config to be appended to the interface config. It should
contain long-format options as would be accepted on the command
line by openconnect
(see https://www.infradead.org/openconnect/manual.html).
Non-key-value options like deflate
can be used by
declaring them as booleans, i. e. deflate = true;
.
Type: attribute set of (string or boolean)
Default:
{ }
Example:
{
compression = "stateless";
no-dtls = true;
no-http-keepalive = true;
}
Declared by:
<nixpkgs/nixos/modules/services/networking/openconnect.nix>
|
networking.openconnect.interfaces.<name>.gateway
Gateway server to connect to.
Type: string
Example:
"gateway.example.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/openconnect.nix>
|
networking.openconnect.interfaces.<name>.passwordFile
File containing the password to authenticate with. This
is passed to openconnect
via the
--passwd-on-stdin
option.
Type: null or absolute path
Default:
null
Example:
"/var/lib/secrets/openconnect-passwd"
Declared by:
<nixpkgs/nixos/modules/services/networking/openconnect.nix>
|
networking.openconnect.interfaces.<name>.privateKey
Private key to authenticate with.
Type: null or absolute path or PKCS#11 URI
Default:
null
Example:
"/var/lib/secrets/openconnect_private_key.pem"
Declared by:
<nixpkgs/nixos/modules/services/networking/openconnect.nix>
|
networking.openconnect.interfaces.<name>.protocol
Protocol to use.
Type: one of “anyconnect”, “array”, “nc”, “pulse”, “gp”, “f5”, “fortinet”
Example:
"anyconnect"
Declared by:
<nixpkgs/nixos/modules/services/networking/openconnect.nix>
|
networking.openconnect.interfaces.<name>.user
Username to authenticate with.
Type: null or string
Default:
null
Example:
"example-user"
Declared by:
<nixpkgs/nixos/modules/services/networking/openconnect.nix>
|
networking.proxy.allProxy
This option specifies the all_proxy environment variable.
Type: null or string
Default:
config.networking.proxy.default
Example:
"http://127.0.0.1:3128"
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
|
networking.proxy.default
This option specifies the default value for httpProxy, httpsProxy, ftpProxy and rsyncProxy.
Type: null or string
Default:
null
Example:
"http://127.0.0.1:3128"
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
|
networking.proxy.ftpProxy
This option specifies the ftp_proxy environment variable.
Type: null or string
Default:
config.networking.proxy.default
Example:
"http://127.0.0.1:3128"
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
|
networking.proxy.httpProxy
This option specifies the http_proxy environment variable.
Type: null or string
Default:
config.networking.proxy.default
Example:
"http://127.0.0.1:3128"
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
|
networking.proxy.httpsProxy
This option specifies the https_proxy environment variable.
Type: null or string
Default:
config.networking.proxy.default
Example:
"http://127.0.0.1:3128"
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
|
networking.proxy.noProxy
This option specifies the no_proxy environment variable. If a default proxy is used and noProxy is null, then noProxy will be set to 127.0.0.1,localhost.
Type: null or string
Default:
null
Example:
"127.0.0.1,localhost,.localdomain"
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
|
networking.proxy.rsyncProxy
This option specifies the rsync_proxy environment variable.
Type: null or string
Default:
config.networking.proxy.default
Example:
"http://127.0.0.1:3128"
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
|
networking.resolvconf.enable
Whether DNS configuration is managed by resolvconf.
Type: boolean
Default:
!(config.environment.etc ? "resolv.conf")
Declared by:
<nixpkgs/nixos/modules/config/resolvconf.nix>
|
networking.resolvconf.package
The package that provides the system-wide resolvconf command. Defaults to openresolv
if this module is enabled. Otherwise, can be used by other modules (for example services.resolved
) to
provide a compatibility layer.
This option generally shouldn’t be set by the user.
Type: package
Default:
pkgs.openresolv
Declared by:
<nixpkgs/nixos/modules/config/resolvconf.nix>
|
networking.resolvconf.dnsExtensionMechanism
Enable the edns0
option in resolv.conf
. With
that option set, glibc
supports use of the extension mechanisms for
DNS (EDNS) specified in RFC 2671. The most popular user of that feature is DNSSEC,
which does not work without it.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/config/resolvconf.nix>
|
networking.resolvconf.dnsSingleRequest
Recent versions of glibc will issue both ipv4 (A) and ipv6 (AAAA) address queries at the same time, from the same port. Sometimes upstream routers will systemically drop the ipv4 queries. The symptom of this problem is that ‘getent hosts example.com’ only returns ipv6 (or perhaps only ipv4) addresses. The workaround for this is to specify the option ‘single-request’ in /etc/resolv.conf. This option enables that.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/resolvconf.nix>
|
networking.resolvconf.extraConfig
Extra configuration to append to resolvconf.conf
.
Type: strings concatenated with “\n”
Default:
""
Example:
"libc=NO"
Declared by:
<nixpkgs/nixos/modules/config/resolvconf.nix>
|
networking.resolvconf.extraOptions
Set the options in /etc/resolv.conf
.
Type: list of string
Default:
[ ]
Example:
[
"ndots:1"
"rotate"
]
Declared by:
<nixpkgs/nixos/modules/config/resolvconf.nix>
|
networking.resolvconf.useLocalResolver
Use local DNS server for resolving.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/resolvconf.nix>
|
networking.rxe.enable
Whether to enable RDMA over converged ethernet.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/rxe.nix>
|
networking.rxe.interfaces
Enable RDMA on the listed interfaces. The corresponding virtual RDMA interfaces will be named rxe_<interface>. UDP port 4791 must be open on the respective ethernet interfaces.
Type: list of string
Default:
[ ]
Example:
[
"eth0"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/rxe.nix>
|
networking.search
The list of search paths used when resolving domain names.
Type: list of string
Default:
[ ]
Example:
[
"example.com"
"home.arpa"
]
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.sits
This option allows you to define 6-to-4 interfaces which should be automatically created.
Type: attribute set of (submodule)
Default:
{ }
Example:
{
hurricane = {
remote = "10.0.0.1";
local = "10.0.0.22";
ttl = 255;
};
msipv6 = {
remote = "192.168.0.1";
dev = "enp3s0";
ttl = 127;
};
}
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.sits.<name>.dev
The underlying network device on which the tunnel resides.
Type: null or string
Default:
null
Example:
"enp4s0f0"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.sits.<name>.encapsulation
Configures encapsulation in UDP packets.
Type: null or (submodule)
Default:
null
Example:
{
port = 9001;
type = "fou";
}
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.sits.<name>.encapsulation.port
Destination port for encapsulated packets.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Example:
9001
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.sits.<name>.encapsulation.sourcePort
Source port for encapsulated packets. Will be chosen automatically by the kernel if unset.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
null
Example:
9002
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.sits.<name>.encapsulation.type
Selects encapsulation type. See ip-link(8) for details.
Type: one of “fou”, “gue”
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.sits.<name>.local
The address of the local endpoint which the remote side should send packets to.
Type: null or string
Default:
null
Example:
"10.0.0.22"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.sits.<name>.remote
The address of the remote endpoint to forward traffic over.
Type: null or string
Default:
null
Example:
"10.0.0.1"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.sits.<name>.ttl
The time-to-live of the connection to the remote tunnel endpoint.
Type: null or signed integer
Default:
null
Example:
255
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.stevenblack.enable
Whether to enable the stevenblack hosts file blocklist.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/config/stevenblack.nix>
|
networking.stevenblack.package
The stevenblack-blocklist package to use.
Type: package
Default:
pkgs.stevenblack-blocklist
Declared by:
<nixpkgs/nixos/modules/config/stevenblack.nix>
|
networking.stevenblack.block
Additional blocklist extensions.
Type: list of (one of “fakenews”, “gambling”, “porn”, “social”)
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/config/stevenblack.nix>
|
networking.supplicant
Interfaces for which to start wpa_supplicant. The supplicant is used to scan for and associate with wireless networks, or to authenticate with 802.1x capable network switches.
The value of this option is an attribute set. Each attribute configures a
wpa_supplicant service, where the attribute name specifies
the name of the interface that wpa_supplicant operates on.
The attribute name can be a space separated list of interfaces.
The attribute names WLAN
, LAN
and DBUS
have a special meaning. WLAN
and LAN
are
configurations for universal wpa_supplicant service that is
started for each WLAN interface or for each LAN interface, respectively.
DBUS
defines a device-unrelated wpa_supplicant
service that can be accessed through D-Bus
.
Type: attribute set of (submodule)
Default:
{ }
Example:
{ "wlan0 wlan1" = {
configFile.path = "/etc/wpa_supplicant.conf";
userControlled.group = "network";
extraConf = ''
ap_scan=1
p2p_disabled=1
'';
extraCmdArgs = "-u -W";
bridge = "br0";
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/supplicant.nix>
|
networking.supplicant.<name>.bridge
Name of the bridge interface that wpa_supplicant should listen at.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/supplicant.nix>
|
networking.supplicant.<name>.configFile.path
External wpa_supplicant.conf
configuration file.
The configuration options defined declaratively within networking.supplicant
have
precedence over options defined in configFile
.
Type: null or absolute path
Default:
null
Example:
/etc/wpa_supplicant.conf
Declared by:
<nixpkgs/nixos/modules/services/networking/supplicant.nix>
|
networking.supplicant.<name>.configFile.writable
Whether the configuration file at configFile.path
should be written to by
wpa_supplicant
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/supplicant.nix>
|
networking.supplicant.<name>.driver
Force a specific wpa_supplicant driver.
Type: null or string
Default:
"nl80211,wext"
Declared by:
<nixpkgs/nixos/modules/services/networking/supplicant.nix>
|
networking.supplicant.<name>.extraCmdArgs
Command line arguments to add when executing wpa_supplicant
.
Type: string
Default:
""
Example:
"-e/run/wpa_supplicant/entropy.bin"
Declared by:
<nixpkgs/nixos/modules/services/networking/supplicant.nix>
|
networking.supplicant.<name>.extraConf
Configuration options for wpa_supplicant.conf
.
Options defined here have precedence over options in configFile
.
NOTE: Do not write sensitive data into extraConf
as it will
be world-readable in the nix-store
. For sensitive information
use the configFile
instead.
Type: strings concatenated with “\n”
Default:
""
Example:
''
ap_scan=1
device_name=My-NixOS-Device
device_type=1-0050F204-1
driver_param=use_p2p_group_interface=1
disable_scan_offload=1
p2p_listen_reg_class=81
p2p_listen_channel=1
p2p_oper_reg_class=81
p2p_oper_channel=1
manufacturer=NixOS
model_name=NixOS_Unstable
model_number=2015
''
Declared by:
<nixpkgs/nixos/modules/services/networking/supplicant.nix>
|
networking.supplicant.<name>.userControlled.enable
Allow normal users to control wpa_supplicant through wpa_gui or wpa_cli. This is useful for laptop users that switch networks a lot and don’t want to depend on a large package such as NetworkManager just to pick nearby access points.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/supplicant.nix>
|
networking.supplicant.<name>.userControlled.group
Members of this group can control wpa_supplicant.
Type: string
Default:
"wheel"
Example:
"network"
Declared by:
<nixpkgs/nixos/modules/services/networking/supplicant.nix>
|
networking.supplicant.<name>.userControlled.socketDir
Directory of sockets for controlling wpa_supplicant.
Type: string
Default:
"/run/wpa_supplicant"
Declared by:
<nixpkgs/nixos/modules/services/networking/supplicant.nix>
|
networking.tcpcrypt.enable
Whether to enable opportunistic TCP encryption. If the other end speaks Tcpcrypt, then your traffic will be encrypted; otherwise it will be sent in clear text. Thus, Tcpcrypt alone provides no guarantees – it is best effort. If, however, a Tcpcrypt connection is successful and any attackers that exist are passive, then Tcpcrypt guarantees privacy.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/tcpcrypt.nix>
|
networking.tempAddresses
Whether to enable IPv6 Privacy Extensions for interfaces not
configured explicitly in
networking.interfaces.<name>.tempAddress
.
This sets the ipv6.conf.*.use_tempaddr sysctl for all interfaces. Possible values are:
"default"
to generate IPv6 temporary addresses and use these as source addresses in routing;
"disabled"
to completely disable IPv6 temporary addresses;
"enabled"
to generate IPv6 temporary addresses but still use EUI-64 addresses as source addresses;
Type: one of “default”, “disabled”, “enabled”
Default:
if ${config.networking.enableIPv6} then "default" else "disabled"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.timeServers
The set of NTP servers from which to synchronise.
Type: list of string
Default:
[
"0.nixos.pool.ntp.org"
"1.nixos.pool.ntp.org"
"2.nixos.pool.ntp.org"
"3.nixos.pool.ntp.org"
]
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
|
networking.ucarp.enable
Whether to enable ucarp, userspace implementation of CARP.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
|
networking.ucarp.package
The ucarp package to use. Please note that the default package, pkgs.ucarp, has not received any upstream updates for a long time and can be considered as unmaintained.
Type: package
Default:
pkgs.ucarp
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
|
networking.ucarp.addr
Virtual shared IP address.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
|
networking.ucarp.advBase
Advertisement frequency in seconds.
Type: unsigned integer, meaning >=0
Default:
1
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
|
networking.ucarp.advSkew
Advertisement skew in seconds.
Type: unsigned integer, meaning >=0
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
|
networking.ucarp.deadratio
Ratio to consider a host as dead.
Type: unsigned integer, meaning >=0
Default:
3
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
|
networking.ucarp.downscript
Command to run after become backup, the interface name, virtual address and optional extra parameters are passed as arguments.
Type: absolute path
Example:
pkgs.writeScript "downscript" ''
#!/bin/sh
${pkgs.iproute2}/bin/ip addr del "$2"/24 dev "$1"
'';
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
|
networking.ucarp.extraParam
Extra parameter to pass to the up/down scripts.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
|
networking.ucarp.ignoreIfState
Ignore interface state, e.g., down or no carrier.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
|
networking.ucarp.interface
Network interface to bind to.
Type: string
Example:
"eth0"
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
|
networking.ucarp.neutral
Do not run downscript at start if the host is the backup.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
|
networking.ucarp.noMcast
Use broadcast instead of multicast advertisements.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
|
networking.ucarp.passwordFile
File containing shared password between CARP hosts.
Type: string
Example:
"/run/keys/ucarp-password"
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
|
networking.ucarp.preempt
Enable preemptive failover. Thus, this host becomes the CARP master as soon as possible.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
|
networking.ucarp.shutdown
Call downscript at exit.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
|
networking.ucarp.srcIp
Source (real) IP address of this host.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
|
networking.ucarp.upscript
Command to run after become master, the interface name, virtual address and optional extra parameters are passed as arguments.
Type: absolute path
Example:
pkgs.writeScript "upscript" ''
#!/bin/sh
${pkgs.iproute2}/bin/ip addr add "$2"/24 dev "$1"
'';
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
|
networking.ucarp.vhId
Virtual IP identifier shared between CARP hosts.
Type: integer between 1 and 255 (both inclusive)
Example:
1
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
|
networking.useDHCP
Whether to use DHCP to obtain an IP address and other configuration for all network interfaces that do not have any manually configured IPv4 addresses.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.useHostResolvConf
In containers, whether to use the
resolv.conf
supplied by the host.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.useNetworkd
Whether we should use networkd as the network configuration backend or the legacy script based system. Note that this option is experimental, enable at your own risk.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.usePredictableInterfaceNames
Whether to assign predictable names to network interfaces.
If enabled, interfaces
are assigned names that contain topology information
(e.g. wlp3s0
) and thus should be stable
across reboots. If disabled, names depend on the order in
which interfaces are discovered by the kernel, which may
change randomly across reboots; for instance, you may find
eth0
and eth1
flipping
unpredictably.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/hardware/udev.nix>
|
networking.vlans
This option allows you to define vlan devices that tag packets on top of a physical interface. The value of this option is an attribute set. Each attribute specifies a vlan, with the name specifying the name of the vlan interface.
Type: attribute set of (submodule)
Default:
{ }
Example:
{
vlan0 = {
id = 3;
interface = "enp3s0";
};
vlan1 = {
id = 1;
interface = "wlan0";
};
}
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.vlans.<name>.id
The vlan identifier
Type: signed integer
Example:
1
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.vlans.<name>.interface
The interface the vlan will transmit packets through.
Type: string
Example:
"enp4s0"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.vswitches
This option allows you to define Open vSwitches that connect physical networks together. The value of this option is an attribute set. Each attribute specifies a vswitch, with the attribute name specifying the name of the vswitch’s network interface.
Type: attribute set of (submodule)
Default:
{ }
Example:
{
vs0 = {
interfaces = {
eth0 = { };
lo1 = {
type = "internal";
};
};
};
vs1 = {
interfaces = [
{
name = "eth2";
}
{
name = "lo2";
type = "internal";
}
];
};
}
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.vswitches.<name>.controllers
Specify the controller targets. For the allowed options see man 8 ovs-vsctl
.
Type: list of string
Default:
[ ]
Example:
[
"ptcp:6653:[::1]"
]
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.vswitches.<name>.extraOvsctlCmds
Commands to manipulate the Open vSwitch database. Every line executed with ovs-vsctl
.
All commands are bundled together with the operations for adding the interfaces
into one atomic operation.
Type: strings concatenated with “\n”
Default:
""
Example:
''
set-fail-mode <switch_name> secure
set Bridge <switch_name> stp_enable=true
''
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.vswitches.<name>.interfaces
The physical network interfaces connected by the vSwitch.
Type: attribute set of (submodule)
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.vswitches.<name>.interfaces.<name>.name
Name of the interface
Type: string
Example:
"eth0"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.vswitches.<name>.interfaces.<name>.type
Openvswitch type to assign to interface
Type: null or string
Default:
null
Example:
"internal"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.vswitches.<name>.interfaces.<name>.vlan
Vlan tag to apply to interface
Type: null or signed integer
Default:
null
Example:
10
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.vswitches.<name>.openFlowRules
OpenFlow rules to insert into the Open vSwitch. All openFlowRules
are
loaded with ovs-ofctl
within one atomic operation.
Type: strings concatenated with “\n”
Default:
""
Example:
''
actions=normal
''
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.vswitches.<name>.openFlowVersion
Version of OpenFlow protocol to use when communicating with the switch internally (e.g. with openFlowRules
).
Type: string
Default:
"OpenFlow13"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.vswitches.<name>.supportedOpenFlowVersions
Supported versions to enable on this switch.
Type: list of string
Default:
[
"OpenFlow13"
]
Example:
[
"OpenFlow10"
"OpenFlow13"
"OpenFlow14"
]
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.wg-quick.interfaces
Wireguard interfaces.
Type: attribute set of (submodule)
Default:
{ }
Example:
{
wg0 = {
address = [
"192.168.20.4/24"
];
peers = [
{
allowedIPs = [
"192.168.20.1/32"
];
endpoint = "demo.wireguard.io:12913";
publicKey = "xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg=";
}
];
privateKey = "yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk=";
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
|
networking.wg-quick.interfaces.<name>.address
The IP addresses of the interface.
Type: list of string
Default:
[ ]
Example:
[
"192.168.2.1/24"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
|
networking.wg-quick.interfaces.<name>.autostart
Whether to bring up this interface automatically during boot.
Type: boolean
Default:
true
Example:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
|
networking.wg-quick.interfaces.<name>.configFile
wg-quick .conf file, describing the interface. Using this option can be a useful means of configuring WireGuard if one has an existing .conf file. This overrides any other configuration interface configuration options. See wg-quick manpage for more details.
Type: null or string
Default:
null
Example:
"/secret/wg0.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
|
networking.wg-quick.interfaces.<name>.dns
The IP addresses of DNS servers to configure.
Type: list of string
Default:
[ ]
Example:
[
"192.168.2.2"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
|
networking.wg-quick.interfaces.<name>.extraOptions
Extra options to append to the interface section. Can be used to define AmneziaWG-specific options.
Type: attribute set of (string or signed integer)
Default:
{ }
Example:
{
H4 = 12345;
Jc = 5;
Jmax = 42;
Jmin = 10;
S1 = 60;
S2 = 90;
}
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
|
networking.wg-quick.interfaces.<name>.generatePrivateKeyFile
Automatically generate a private key with wg genkey, at the privateKeyFile location.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
|
networking.wg-quick.interfaces.<name>.listenPort
16-bit port for listening. Optional; if not specified, automatically generated based on interface name.
Type: null or signed integer
Default:
null
Example:
51820
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
|
networking.wg-quick.interfaces.<name>.mtu
If not specified, the MTU is automatically determined from the endpoint addresses or the system default route, which is usually a sane choice. However, to manually specify an MTU to override this automatic discovery, this value may be specified explicitly.
Type: null or signed integer
Default:
null
Example:
1248
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
|
networking.wg-quick.interfaces.<name>.peers
Peers linked to the interface.
Type: list of (submodule)
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
|
networking.wg-quick.interfaces.<name>.peers.*.allowedIPs
List of IP (v4 or v6) addresses with CIDR masks from which this peer is allowed to send incoming traffic and to which outgoing traffic for this peer is directed. The catch-all 0.0.0.0/0 may be specified for matching all IPv4 addresses, and ::/0 may be specified for matching all IPv6 addresses.
Type: list of string
Example:
[
"10.192.122.3/32"
"10.192.124.1/24"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
|
networking.wg-quick.interfaces.<name>.peers.*.endpoint
Endpoint IP or hostname of the peer, followed by a colon, and then a port number of the peer.
Type: null or string
Default:
null
Example:
"demo.wireguard.io:12913"
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
|
networking.wg-quick.interfaces.<name>.peers.*.persistentKeepalive
This is optional and is by default off, because most users will not need it. It represents, in seconds, between 1 and 65535 inclusive, how often to send an authenticated empty packet to the peer, for the purpose of keeping a stateful firewall or NAT mapping valid persistently. For example, if the interface very rarely sends traffic, but it might at anytime receive traffic from a peer, and it is behind NAT, the interface might benefit from having a persistent keepalive interval of 25 seconds; however, most users will not need this.
Type: null or signed integer
Default:
null
Example:
25
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
|
networking.wg-quick.interfaces.<name>.peers.*.presharedKey
Base64 preshared key generated by wg genpsk. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance.
Warning: Consider using presharedKeyFile instead if you do not want to store the key in the world-readable Nix store.
Type: null or string
Default:
null
Example:
"rVXs/Ni9tu3oDBLS4hOyAUAa1qTWVA3loR8eL20os3I="
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
|
networking.wg-quick.interfaces.<name>.peers.*.presharedKeyFile
File pointing to preshared key as generated by wg genpsk. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance.
Type: null or string
Default:
null
Example:
"/private/wireguard_psk"
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
|
networking.wg-quick.interfaces.<name>.peers.*.publicKey
The base64 public key to the peer.
Type: string
Example:
"xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg="
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
|
networking.wg-quick.interfaces.<name>.postDown
Command called after the interface is taken down.
Type: strings concatenated with “\n” or (list of string) convertible to it
Default:
""
Example:
"${pkgs.iproute2}/bin/ip netns del foo"
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
|
networking.wg-quick.interfaces.<name>.postUp
Commands called after the interface setup.
Type: strings concatenated with “\n” or (list of string) convertible to it
Default:
""
Example:
"${pkgs.iproute2}/bin/ip netns add foo"
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
|
networking.wg-quick.interfaces.<name>.preDown
Command called before the interface is taken down.
Type: strings concatenated with “\n” or (list of string) convertible to it
Default:
""
Example:
"${pkgs.iproute2}/bin/ip netns del foo"
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
|
networking.wg-quick.interfaces.<name>.preUp
Commands called at the start of the interface setup.
Type: strings concatenated with “\n” or (list of string) convertible to it
Default:
""
Example:
"${pkgs.iproute2}/bin/ip netns add foo"
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
|
networking.wg-quick.interfaces.<name>.privateKey
Base64 private key generated by wg genkey.
Warning: Consider using privateKeyFile instead if you do not want to store the key in the world-readable Nix store.
Type: null or string
Default:
null
Example:
"yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk="
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
|
networking.wg-quick.interfaces.<name>.privateKeyFile
Private key file as generated by wg genkey.
Type: null or string
Default:
null
Example:
"/private/wireguard_key"
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
|
networking.wg-quick.interfaces.<name>.table
The kernel routing table to add this interface’s associated routes to. Setting this is useful for e.g. policy routing (“ip rule”) or virtual routing and forwarding (“ip vrf”). Both numeric table IDs and table names (/etc/rt_tables) can be used. Defaults to “main”.
Type: null or string
Default:
null
Example:
"main"
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
|
networking.wg-quick.interfaces.<name>.type
The type of the interface. Currently only “wireguard” and “amneziawg” are supported.
Type: one of “wireguard”, “amneziawg”
Default:
"wireguard"
Example:
"amneziawg"
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
|
networking.wireguard.enable
Whether to enable WireGuard.
By default, this module is powered by a script-based backend. You can
enable the networkd backend with networking.wireguard.useNetworkd
.
Type: boolean
Default:
config.networking.wireguard.interfaces != { }
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces
WireGuard interfaces.
Type: attribute set of (submodule)
Default:
{ }
Example:
{
wg0 = {
ips = [
"192.168.20.4/24"
];
peers = [
{
allowedIPs = [
"192.168.20.1/32"
];
endpoint = "demo.wireguard.io:12913";
publicKey = "xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg=";
}
];
privateKey = "yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk=";
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.allowedIPsAsRoutes
Determines whether to add allowed IPs as routes or not.
Type: boolean
Default:
true
Example:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.dynamicEndpointRefreshSeconds
Periodically refresh the endpoint hostname or address for all peers. Allows WireGuard to notice DNS and IPv4/IPv6 connectivity changes. This option can be set or overridden for individual peers.
Setting this to 0
disables periodic refresh.
When networking.wireguard.useNetworkd
is enabled, this
option deletes the Wireguard interface and brings it back up by
reconfiguring the network with networkctl reload
on every refresh.
This could have adverse effects on your network and cause brief
connectivity blips. See systemd/systemd#9911
for an upstream feature request that can make this less hacky.
Type: signed integer
Default:
0
Example:
300
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.extraOptions
Extra options to append to the interface section. Can be used to define AmneziaWG-specific options.
Type: attribute set of (string or signed integer)
Default:
{ }
Example:
{
H4 = 12345;
Jc = 5;
Jmax = 42;
Jmin = 10;
S1 = 60;
S2 = 90;
}
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.fwMark
Mark all wireguard packets originating from this interface with the given firewall mark. The firewall mark can be used in firewalls or policy routing to filter the wireguard packets. This can be useful for setup where all traffic goes through the wireguard tunnel, because the wireguard packets need to be routed differently.
Type: null or string
Default:
null
Example:
"0x6e6978"
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.generatePrivateKeyFile
Automatically generate a private key with wg genkey, at the privateKeyFile location.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.interfaceNamespace
The pre-existing network namespace the WireGuard
interface is moved to. The special value init
means
the init namespace. When null
, the interface is not
moved.
See documentation.
Type: null or string
Default:
null
Example:
"init"
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.ips
The IP addresses of the interface.
Type: list of string
Default:
[ ]
Example:
[
"192.168.2.1/24"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.listenPort
16-bit port for listening. Optional; if not specified, automatically generated based on interface name.
Type: null or signed integer
Default:
null
Example:
51820
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.metric
Set the metric of routes related to this Wireguard interface.
Type: null or signed integer
Default:
null
Example:
700
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.mtu
Set the maximum transmission unit in bytes for the wireguard interface. Beware that the wireguard packets have a header that may add up to 80 bytes to the mtu. By default, the MTU is (1500 - 80) = 1420. However, if the MTU of the upstream network is lower, the MTU of the wireguard network has to be adjusted as well.
Type: null or signed integer
Default:
null
Example:
1280
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.peers
Peers linked to the interface.
Type: list of (submodule)
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.peers.*.allowedIPs
List of IP (v4 or v6) addresses with CIDR masks from which this peer is allowed to send incoming traffic and to which outgoing traffic for this peer is directed. The catch-all 0.0.0.0/0 may be specified for matching all IPv4 addresses, and ::/0 may be specified for matching all IPv6 addresses.
Type: list of string
Example:
[
"10.192.122.3/32"
"10.192.124.1/24"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.peers.*.dynamicEndpointRefreshRestartSeconds
When the dynamic endpoint refresh that is configured via dynamicEndpointRefreshSeconds exits (likely due to a failure), restart that service after this many seconds.
If set to null
the value of
networking.wireguard.dynamicEndpointRefreshSeconds
will be used as the default.
Type: null or (unsigned integer, meaning >=0)
Default:
null
Example:
5
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.peers.*.dynamicEndpointRefreshSeconds
Periodically re-execute the wg
utility every
this many seconds in order to let WireGuard notice DNS / hostname
changes.
Setting this to 0
disables periodic reexecution.
This peer-level setting is not available when networking.wireguard.useNetworkd
is enabled. The interface-level setting may be used instead.
Type: null or signed integer
Default:
config.networking.wireguard.interfaces.<name>.dynamicEndpointRefreshSeconds
Example:
5
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.peers.*.endpoint
Endpoint IP or hostname of the peer, followed by a colon, and then a port number of the peer.
Warning for endpoints with changing IPs:
The WireGuard kernel side cannot perform DNS resolution.
Thus DNS resolution is done once by the wg
userspace
utility, when setting up WireGuard. Consequently, if the IP address
behind the name changes, WireGuard will not notice.
This is especially common for dynamic-DNS setups, but also applies to
any other DNS-based setup.
If you do not use IP endpoints, you likely want to set
networking.wireguard.dynamicEndpointRefreshSeconds
to refresh the IPs periodically.
Type: null or string
Default:
null
Example:
"demo.wireguard.io:12913"
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.peers.*.name
Name used to derive peer unit name.
Type: string
Default:
publicKey
Example:
"bernd"
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.peers.*.persistentKeepalive
This is optional and is by default off, because most users will not need it. It represents, in seconds, between 1 and 65535 inclusive, how often to send an authenticated empty packet to the peer, for the purpose of keeping a stateful firewall or NAT mapping valid persistently. For example, if the interface very rarely sends traffic, but it might at anytime receive traffic from a peer, and it is behind NAT, the interface might benefit from having a persistent keepalive interval of 25 seconds; however, most users will not need this.
Type: null or signed integer
Default:
null
Example:
25
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.peers.*.presharedKey
Base64 preshared key generated by wg genpsk. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance.
Warning: Consider using presharedKeyFile instead if you do not want to store the key in the world-readable Nix store.
Type: null or string
Default:
null
Example:
"rVXs/Ni9tu3oDBLS4hOyAUAa1qTWVA3loR8eL20os3I="
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.peers.*.presharedKeyFile
File pointing to preshared key as generated by wg genpsk. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance.
Type: null or string
Default:
null
Example:
"/private/wireguard_psk"
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.peers.*.publicKey
The base64 public key of the peer.
Type: (optionally newline-terminated) single-line string
Example:
"xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg="
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.postSetup
Commands called at the end of the interface setup.
Type: strings concatenated with “\n” or (list of string) convertible to it
Default:
""
Example:
''printf "nameserver 10.200.100.1" | ${pkgs.openresolv}/bin/resolvconf -a wg0 -m 0''
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.postShutdown
Commands called after shutting down the interface.
Type: strings concatenated with “\n” or (list of string) convertible to it
Default:
""
Example:
"${pkgs.openresolv}/bin/resolvconf -d wg0"
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.preSetup
Commands called at the start of the interface setup.
Type: strings concatenated with “\n” or (list of string) convertible to it
Default:
""
Example:
"${pkgs.iproute2}/bin/ip netns add foo"
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.preShutdown
Commands called before shutting down the interface.
Type: strings concatenated with “\n” or (list of string) convertible to it
Default:
""
Example:
"${pkgs.iproute2}/bin/ip netns del foo"
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.privateKey
Base64 private key generated by wg genkey.
Warning: Consider using privateKeyFile instead if you do not want to store the key in the world-readable Nix store.
Type: null or string
Default:
null
Example:
"yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk="
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.privateKeyFile
Private key file as generated by wg genkey.
Type: null or string
Default:
null
Example:
"/private/wireguard_key"
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.socketNamespace
The pre-existing network namespace in which the
WireGuard interface is created, and which retains the socket even if the
interface is moved via interfaceNamespace
. When
null
, the interface is created in the init namespace.
See documentation.
Type: null or string
Default:
null
Example:
"container"
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.table
The kernel routing table to add this interface’s associated routes to. Setting this is useful for e.g. policy routing (“ip rule”) or virtual routing and forwarding (“ip vrf”). Both numeric table IDs and table names (/etc/rt_tables) can be used. Defaults to “main”.
Type: string
Default:
"main"
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.type
The type of the interface. Currently only “wireguard” and “amneziawg” are supported.
Type: one of “wireguard”, “amneziawg”
Default:
"wireguard"
Example:
"amneziawg"
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.useNetworkd
Whether to use networkd as the network configuration backend for Wireguard instead of the legacy script-based system.
Some options have slightly different behavior with the networkd and script-based backends. Check the documentation for each Wireguard option you use before enabling this option.
Type: boolean
Default:
config.networking.useNetworkd
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard-networkd.nix>
|
networking.wireless.enable
Whether to enable wpa_supplicant.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.allowAuxiliaryImperativeNetworks
Whether to allow configuring networks “imperatively” (e.g. via
wpa_supplicant_gui
) and declaratively via
networking.wireless.networks
.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.athUserRegulatoryDomain
If enabled, sets the ATH_USER_REGD kernel config switch to true to disable the enforcement of EEPROM regulatory restrictions for ath drivers. Requires at least Linux 5.8.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/hardware/network/ath-user-regd.nix>
|
networking.wireless.dbusControlled
Whether to enable the DBus control interface. This is only needed when using NetworkManager or connman.
Type: boolean
Default:
length config.networking.wireless.interfaces < 2
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.driver
Force a specific wpa_supplicant driver.
Type: string
Default:
"nl80211,wext"
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.extraConfig
Extra lines appended to the configuration file. See wpa_supplicant.conf(5) for available options.
Type: string
Default:
""
Example:
''
p2p_disabled=1
''
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.fallbackToWPA2
Whether to fall back to WPA2 authentication protocols if WPA3 failed. This allows old wireless cards (that lack recent features required by WPA3) to connect to mixed WPA2/WPA3 access points.
To avoid possible downgrade attacks, disable this options.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.interfaces
The interfaces wpa_supplicant will use. If empty, it will automatically use all wireless interfaces.
A separate wpa_supplicant instance will be started for each interface.
Type: list of string
Default:
[ ]
Example:
[
"wlan0"
"wlan1"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.iwd.enable
Whether to enable iwd.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/iwd.nix>
|
networking.wireless.iwd.package
The iwd package to use.
Type: package
Default:
pkgs.iwd
Declared by:
<nixpkgs/nixos/modules/services/networking/iwd.nix>
|
networking.wireless.iwd.settings
Options passed to iwd. See iwd.config(5) for supported options.
Type: attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))
Default:
{ }
Example:
{
Network = {
EnableIPv6 = true;
RoutePriorityOffset = 300;
};
Settings = {
AutoConnect = true;
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/iwd.nix>
|
networking.wireless.networks
The network definitions to automatically connect to when wpa_supplicant is running. If this parameter is left empty wpa_supplicant will use /etc/wpa_supplicant.conf as the configuration file.
Type: attribute set of (submodule)
Default:
{ }
Example:
{ echelon = { # SSID with no spaces or special characters
psk = "abcdefgh"; # (password will be written to /nix/store!)
};
echelon = { # safe version of the above: read PSK from the
pskRaw = "ext:psk_echelon"; # variable psk_echelon, defined in secretsFile,
}; # this won't leak into /nix/store
"echelon's AP" = { # SSID with spaces and/or special characters
psk = "ijklmnop"; # (password will be written to /nix/store!)
};
"free.wifi" = {}; # Public wireless network
}
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.networks.<name>.auth
Use this option to configure advanced authentication methods like EAP. See wpa_supplicant.conf(5) for example configurations.
Be aware that this will be written to the Nix store
in plaintext! Use an external reference like
ext:secretname
for secrets.
Mutually exclusive with psk
and pskRaw
.
Type: null or string
Default:
null
Example:
''
eap=PEAP
identity="user@example.com"
password=ext:example_password
''
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.networks.<name>.authProtocols
The list of authentication protocols accepted by this network.
This corresponds to the key_mgmt
option in wpa_supplicant.
Type: list of (one of “WPA-PSK”, “WPA-EAP”, “IEEE8021X”, “NONE”, “WPA-NONE”, “FT-PSK”, “FT-EAP”, “FT-EAP-SHA384”, “WPA-PSK-SHA256”, “WPA-EAP-SHA256”, “SAE”, “FT-SAE”, “WPA-EAP-SUITE-B”, “WPA-EAP-SUITE-B-192”, “OSEN”, “FILS-SHA256”, “FILS-SHA384”, “FT-FILS-SHA256”, “FT-FILS-SHA384”, “OWE”, “DPP”)
Default:
[
"WPA-PSK"
"WPA-EAP"
"SAE"
"FT-PSK"
"FT-EAP"
"FT-SAE"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.networks.<name>.extraConfig
Extra configuration lines appended to the network block. See wpa_supplicant.conf(5) for available options.
Type: string
Default:
""
Example:
''
bssid_blacklist=02:11:22:33:44:55 02:22:aa:44:55:66
''
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.networks.<name>.hidden
Set this to true
if the SSID of the network is hidden.
Type: boolean
Default:
false
Example:
{ echelon = {
hidden = true;
psk = "abcdefgh";
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.networks.<name>.priority
By default, all networks will get same priority group (0). If some of the networks are more desirable, this field can be used to change the order in which wpa_supplicant goes through the networks when selecting a BSS. The priority groups will be iterated in decreasing priority (i.e., the larger the priority value, the sooner the network is matched against the scan results). Within each priority group, networks will be selected based on security policy, signal strength, etc.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.networks.<name>.psk
The network’s pre-shared key in plaintext defaulting to being a network without any authentication.
Be aware that this will be written to the Nix store
in plaintext! Use pskRaw
with an external
reference to keep it safe.
Mutually exclusive with pskRaw
.
Type: null or string matching the pattern [[:print:]]{8,63}
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.networks.<name>.pskRaw
Either the raw pre-shared key in hexadecimal format
or the name of the secret (as defined inside
networking.wireless.secretsFile
and prefixed
with ext:
) containing the network pre-shared key.
Be aware that this will be written to the Nix store in plaintext! Always use an external reference.
The external secret can be either the plaintext passphrase or the raw pre-shared key.
Mutually exclusive with psk
and auth
.
Type: null or string matching the pattern ([[:xdigit:]]{64})|(ext:[^=]+)
Default:
null
Example:
"ext:name_of_the_secret_here"
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.scanOnLowSignal
Whether to periodically scan for (better) networks when the signal of the current one is low. This will make roaming between access points faster, but will consume more power.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.secretsFile
File consisting of lines of the form varname=value
to define variables for the wireless configuration.
Secrets (PSKs, passwords, etc.) can be provided without adding them to
the world-readable Nix store by defining them in the secrets file and
referring to them in option networking.wireless.networks
with the syntax ext:secretname
. Example:
# content of /run/secrets/wireless.conf
psk_home=mypassword
psk_other=6a381cea59c7a2d6b30736ba0e6f397f7564a044bcdb7a327a1d16a1ed91b327
pass_work=myworkpassword
# wireless-related configuration
networking.wireless.secretsFile = "/run/secrets/wireless.conf";
networking.wireless.networks = {
home.pskRaw = "ext:psk_home";
other.pskRaw = "ext:psk_other";
work.auth = ''
eap=PEAP
identity="my-user@example.com"
password=ext:pass_work
'';
};
Type: null or absolute path
Default:
null
Example:
"/run/secrets/wireless.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.userControlled.enable
Allow normal users to control wpa_supplicant through wpa_gui or wpa_cli. This is useful for laptop users that switch networks a lot and don’t want to depend on a large package such as NetworkManager just to pick nearby access points.
When using a declarative network specification you cannot persist any settings via wpa_gui or wpa_cli.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.userControlled.group
Members of this group can control wpa_supplicant.
Type: string
Default:
"wheel"
Example:
"network"
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wlanInterfaces
Creating multiple WLAN interfaces on top of one physical WLAN device (NIC).
The name of the WLAN interface corresponds to the name of the attribute.
A NIC is referenced by the persistent device name of the WLAN interface that
udev
assigns to a NIC by default.
If a NIC supports multiple WLAN interfaces, then the one NIC can be used as
device
for multiple WLAN interfaces.
If a NIC is used for creating WLAN interfaces, then the default WLAN interface
with a persistent device name form udev
is not created.
A WLAN interface with the persistent name assigned from udev
would have to be created explicitly.
Type: attribute set of (submodule)
Default:
{ }
Example:
{
wlan-station0 = {
device = "wlp6s0";
};
wlan-adhoc0 = {
type = "ibss";
device = "wlp6s0";
mac = "02:00:00:00:00:01";
};
wlan-p2p0 = {
device = "wlp6s0";
mac = "02:00:00:00:00:02";
};
wlan-ap0 = {
device = "wlp6s0";
mac = "02:00:00:00:00:03";
};
}
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.wlanInterfaces.<name>.device
The name of the underlying hardware WLAN device as assigned by udev
.
Type: string
Example:
"wlp6s0"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.wlanInterfaces.<name>.flags
Flags for interface of type monitor
.
Type: null or one of “none”, “fcsfail”, “control”, “otherbss”, “cook”, “active”
Default:
null
Example:
"control"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.wlanInterfaces.<name>.fourAddr
Whether to enable 4-address mode
with type managed
.
Type: null or boolean
Default:
null
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.wlanInterfaces.<name>.mac
MAC address to use for the device. If null
, then the MAC of the
underlying hardware WLAN device is used.
INFO: Locally administered MAC addresses are of the form:
x2:xx:xx:xx:xx:xx
x6:xx:xx:xx:xx:xx
xA:xx:xx:xx:xx:xx
xE:xx:xx:xx:xx:xx
Type: null or string
Default:
null
Example:
"02:00:00:00:00:01"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.wlanInterfaces.<name>.meshID
MeshID of interface with type mesh
.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.wlanInterfaces.<name>.type
The type of the WLAN interface. The type has to be supported by the underlying hardware of the device.
Type: one of “managed”, “ibss”, “monitor”, “mesh”, “wds”
Default:
"managed"
Example:
"ibss"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
nix.enable
Whether to enable Nix. Disabling Nix makes the system hard to modify and the Nix programs and configuration will not be made available by NixOS itself.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/system/nix-daemon.nix>
|
nix.package
This option specifies the Nix package instance to use throughout the system.
Type: package
Default:
pkgs.nix
Declared by:
<nixpkgs/nixos/modules/services/system/nix-daemon.nix>
|
nix.buildMachines
This option lists the machines to be used if distributed builds are
enabled (see nix.distributedBuilds
).
Nix will perform derivations on those machines via SSH by copying the
inputs to the Nix store on the remote machine, starting the build,
then copying the output back to the local Nix store.
Type: list of (submodule)
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/config/nix-remote-build.nix>
|
nix.buildMachines.*.hostName
The hostname of the build machine.
Type: string
Example:
"nixbuilder.example.org"
Declared by:
<nixpkgs/nixos/modules/config/nix-remote-build.nix>
|
nix.buildMachines.*.mandatoryFeatures
A list of features mandatory for this builder. The builder will
be ignored for derivations that don’t require all features in
this list. All mandatory features are automatically included in
supportedFeatures
.
Type: list of string
Default:
[ ]
Example:
[
"big-parallel"
]
Declared by:
<nixpkgs/nixos/modules/config/nix-remote-build.nix>
|
nix.buildMachines.*.maxJobs
The number of concurrent jobs the build machine supports. The build machine will enforce its own limits, but this allows hydra to schedule better since there is no work-stealing between build machines.
Type: signed integer
Default:
1
Declared by:
<nixpkgs/nixos/modules/config/nix-remote-build.nix>
|
nix.buildMachines.*.protocol
The protocol used for communicating with the build machine.
Use ssh-ng
if your remote builder and your
local Nix version support that improved protocol.
Use null
when trying to change the special localhost builder
without a protocol which is for example used by hydra.
Type: one of <null>, “ssh”, “ssh-ng”
Default:
"ssh"
Example:
"ssh-ng"
Declared by:
<nixpkgs/nixos/modules/config/nix-remote-build.nix>
|
nix.buildMachines.*.publicHostKey
The (base64-encoded) public host key of this builder. The field is calculated via base64 -w0 /etc/ssh/ssh_host_type_key.pub. If null, SSH will use its regular known-hosts file when connecting.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/config/nix-remote-build.nix>
|
nix.buildMachines.*.speedFactor
The relative speed of this builder. This is an arbitrary integer that indicates the speed of this builder, relative to other builders. Higher is faster.
Type: signed integer
Default:
1
Declared by:
<nixpkgs/nixos/modules/config/nix-remote-build.nix>
|
nix.buildMachines.*.sshKey
The path to the SSH private key with which to authenticate on the build machine. The private key must not have a passphrase. If null, the building user (root on NixOS machines) must have an appropriate ssh configuration to log in non-interactively.
Note that for security reasons, this path must point to a file in the local filesystem, not to the nix store.
Type: null or string
Default:
null
Example:
"/root/.ssh/id_buildhost_builduser"
Declared by:
<nixpkgs/nixos/modules/config/nix-remote-build.nix>
|
nix.buildMachines.*.sshUser
The username to log in as on the remote host. This user must be
able to log in and run nix commands non-interactively. It must
also be privileged to build derivations, so must be included in
nix.settings.trusted-users
.
Type: null or string
Default:
null
Example:
"builder"
Declared by:
<nixpkgs/nixos/modules/config/nix-remote-build.nix>
|
nix.buildMachines.*.supportedFeatures
A list of features supported by this builder. The builder will be ignored for derivations that require features not in this list.
Type: list of string
Default:
[ ]
Example:
[
"kvm"
"big-parallel"
]
Declared by:
<nixpkgs/nixos/modules/config/nix-remote-build.nix>
|
nix.buildMachines.*.system
The system type the build machine can execute derivations on.
Either this attribute or systems
must be
present, where system
takes precedence if
both are set.
Type: null or string
Default:
null
Example:
"x86_64-linux"
Declared by:
<nixpkgs/nixos/modules/config/nix-remote-build.nix>
|
nix.buildMachines.*.systems
The system types the build machine can execute derivations on.
Either this attribute or system
must be
present, where system
takes precedence if
both are set.
Type: list of string
Default:
[ ]
Example:
[
"x86_64-linux"
"aarch64-linux"
]
Declared by:
<nixpkgs/nixos/modules/config/nix-remote-build.nix>
|
nix.channel.enable
Whether the nix-channel
command and state files are made available on the machine.
The following files are initialized when enabled:
/nix/var/nix/profiles/per-user/root/channels
/root/.nix-channels
$HOME/.nix-defexpr/channels
(on login)
Disabling this option will not remove the state files from the system.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/config/nix-channel.nix>
|
nix.checkAllErrors
If enabled, checks the nix.conf parsing for any kind of error. When disabled, checks only for unknown settings.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/config/nix.nix>
|
nix.checkConfig
If enabled, checks that Nix can parse the generated nix.conf.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/config/nix.nix>
|
nix.daemonCPUSchedPolicy
Nix daemon process CPU scheduling policy. This policy propagates to
build processes. other
is the default scheduling
policy for regular tasks. The batch
policy is
similar to other
, but optimised for
non-interactive tasks. idle
is for extremely
low-priority tasks that should only be run when no other task
requires CPU time.
Please note that while using the idle
policy may
greatly improve responsiveness of a system performing expensive
builds, it may also slow down and potentially starve crucial
configuration updates during load.
idle
may therefore be a sensible policy for
systems that experience only intermittent phases of high CPU load,
such as desktop or portable computers used interactively. Other
systems should use the other
or
batch
policy instead.
For more fine-grained resource control, please refer to
systemd.resource-control(5) and adjust
systemd.services.nix-daemon
directly.
Type: one of “other”, “batch”, “idle”
Default:
"other"
Example:
"batch"
Declared by:
<nixpkgs/nixos/modules/services/system/nix-daemon.nix>
|
nix.daemonIOSchedClass
Nix daemon process I/O scheduling class. This class propagates to
build processes. best-effort
is the default
class for regular tasks. The idle
class is for
extremely low-priority tasks that should only perform I/O when no
other task does.
Please note that while using the idle
scheduling
class can improve responsiveness of a system performing expensive
builds, it might also slow down or starve crucial configuration
updates during load.
idle
may therefore be a sensible class for
systems that experience only intermittent phases of high I/O load,
such as desktop or portable computers used interactively. Other
systems should use the best-effort
class.
Type: one of “best-effort”, “idle”
Default:
"best-effort"
Example:
"idle"
Declared by:
<nixpkgs/nixos/modules/services/system/nix-daemon.nix>
|
nix.daemonIOSchedPriority
Nix daemon process I/O scheduling priority. This priority propagates to build processes. The supported priorities depend on the scheduling policy: With idle, priorities are not used in scheduling decisions. best-effort supports values in the range 0 (high) to 7 (low).
Type: signed integer
Default:
4
Example:
1
Declared by:
<nixpkgs/nixos/modules/services/system/nix-daemon.nix>
|
nix.distributedBuilds
Whether to distribute builds to the machines listed in
nix.buildMachines
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/nix-remote-build.nix>
|
nix.extraOptions
Additional text appended to nix.conf
.
Type: strings concatenated with “\n”
Default:
""
Example:
''
keep-outputs = true
keep-derivations = true
''
Declared by:
<nixpkgs/nixos/modules/config/nix.nix>
|
nix.gc.automatic
Automatically run the garbage collector at a specific time.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-gc.nix>
|
nix.gc.dates
How often or when garbage collection is performed. For most desktop and server systems a sufficient garbage collection is once a week.
This value must be a calendar event in the format specified by systemd.time(7).
Type: (optionally newline-terminated) single-line string
Default:
"03:15"
Example:
"weekly"
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-gc.nix>
|
nix.gc.options
Options given to nix-collect-garbage
when the garbage collector is run automatically.
Type: (optionally newline-terminated) single-line string
Default:
""
Example:
"--max-freed $((64 * 1024**3))"
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-gc.nix>
|
nix.gc.persistent
Takes a boolean argument. If true, the time when the service unit was last triggered is stored on disk. When the timer is activated, the service unit is triggered immediately if it would have been triggered at least once during the time when the timer was inactive. Such triggering is nonetheless subject to the delay imposed by RandomizedDelaySec=. This is useful to catch up on missed runs of the service when the system was powered down.
Type: boolean
Default:
true
Example:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-gc.nix>
|
nix.gc.randomizedDelaySec
Add a randomized delay before each garbage collection. The delay will be chosen between zero and this value. This value must be a time span in the format specified by systemd.time(7)
Type: (optionally newline-terminated) single-line string
Default:
"0"
Example:
"45min"
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-gc.nix>
|
nix.nixPath
The default Nix expression search path, used by the Nix
evaluator to look up paths enclosed in angle brackets
(e.g. <nixpkgs>
).
Type: list of string
Default:
''
if nix.channel.enable
then [
"nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos"
"nixos-config=/etc/nixos/configuration.nix"
"/nix/var/nix/profiles/per-user/root/channels"
]
else [];
''
Declared by:
<nixpkgs/nixos/modules/config/nix-channel.nix>
|
nix.nrBuildUsers
Number of nixbld
user accounts created to
perform secure concurrent builds. If you receive an error
message saying that “all build users are currently in use”,
you should increase this value.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/services/system/nix-daemon.nix>
|
nix.optimise.automatic
Automatically run the nix store optimiser at a specific time.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-optimise.nix>
|
nix.optimise.dates
Specification (in the format described by systemd.time(7)) of the time at which the optimiser will run.
Type: list of string
Default:
[
"03:45"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-optimise.nix>
|
nix.optimise.persistent
Takes a boolean argument. If true, the time when the service unit was last triggered is stored on disk. When the timer is activated, the service unit is triggered immediately if it would have been triggered at least once during the time when the timer was inactive. Such triggering is nonetheless subject to the delay imposed by RandomizedDelaySec=. This is useful to catch up on missed runs of the service when the system was powered down.
Type: boolean
Default:
true
Example:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-optimise.nix>
|
nix.optimise.randomizedDelaySec
Add a randomized delay before the optimizer will run. The delay will be chosen between zero and this value. This value must be a time span in the format specified by systemd.time(7)
Type: (optionally newline-terminated) single-line string
Default:
"1800"
Example:
"45min"
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-optimise.nix>
|
nix.registry
A system-wide flake registry.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/config/nix-flakes.nix>
|
nix.registry.<name>.exact
Whether the from
reference needs to match exactly. If set,
a from
reference like nixpkgs
does not
match with a reference like nixpkgs/nixos-20.03
.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/config/nix-flakes.nix>
|
nix.registry.<name>.flake
The flake input from
is rewritten to.
Type: null or (attribute set)
Default:
null
Example:
nixpkgs
Declared by:
<nixpkgs/nixos/modules/config/nix-flakes.nix>
|
nix.registry.<name>.from
The flake reference to be rewritten.
Type: attribute set of (string or signed integer or boolean or absolute path or package)
Example:
{
id = "nixpkgs";
type = "indirect";
}
Declared by:
<nixpkgs/nixos/modules/config/nix-flakes.nix>
|
nix.registry.<name>.to
The flake reference from
is rewritten to.
Type: attribute set of (string or signed integer or boolean or absolute path or package)
Example:
{
owner = "my-org";
repo = "my-nixpkgs";
type = "github";
}
Declared by:
<nixpkgs/nixos/modules/config/nix-flakes.nix>
|
nix.settings
Configuration for Nix, see https://nixos.org/manual/nix/stable/command-ref/conf-file.html or nix.conf(5) for available options. The value declared here will be translated directly to the key-value pairs Nix expects.
You can use nix-instantiate --eval --strict '<nixpkgs/nixos>' -A config.nix.settings to view the current value. By default it is empty.
Nix configurations defined under nix.*
will be translated and applied to this
option. In addition, configuration specified in nix.extraOptions
will be appended
verbatim to the resulting config file.
Type: attribute set of (Nix config atom (null, bool, int, float, str, path or package) or list of (Nix config atom (null, bool, int, float, str, path or package)))
Default:
{ }
Example:
{
use-sandbox = true;
show-trace = true;
sandbox-paths = [ "/bin/sh=${pkgs.busybox-sandbox-shell.out}/bin/busybox" ];
}
Declared by:
<nixpkgs/nixos/modules/config/nix.nix>
|
nix.settings.allowed-users
A list of names of users (separated by whitespace) that are
allowed to connect to the Nix daemon. As with
nix.settings.trusted-users
, you can specify groups by
prefixing them with @
. Also, you can
allow all users by specifying *
. The
default is *
. Note that trusted users are
always allowed to connect.
Type: list of string
Default:
[
"*"
]
Example:
[
"@wheel"
"@builders"
"alice"
"bob"
]
Declared by:
<nixpkgs/nixos/modules/config/nix.nix>
|
nix.settings.auto-optimise-store
If set to true, Nix automatically detects files in the store that have identical contents, and replaces them with hard links to a single copy. This saves disk space. If set to false (the default), you can still run nix-store --optimise to get rid of duplicate files.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/config/nix.nix>
|
nix.settings.cores
This option defines the maximum number of concurrent tasks during one build. It affects, e.g., -j option for make. The special value 0 means that the builder should use all available CPU cores in the system. Some builds may become non-deterministic with this option; use with care! Packages will only be affected if enableParallelBuilding is set for them.
Type: signed integer
Default:
0
Example:
64
Declared by:
<nixpkgs/nixos/modules/config/nix.nix>
|
nix.settings.extra-sandbox-paths
Directories from the host filesystem to be included in the sandbox.
Type: list of string
Default:
[ ]
Example:
[
"/dev"
"/proc"
]
Declared by:
<nixpkgs/nixos/modules/config/nix.nix>
|
nix.settings.max-jobs
This option defines the maximum number of jobs that Nix will try to build in parallel. The default is auto, which means it will use all available logical cores. It is recommend to set it to the total number of logical cores in your system (e.g., 16 for two CPUs with 4 cores each and hyper-threading).
Type: signed integer or value “auto” (singular enum)
Default:
"auto"
Example:
64
Declared by:
<nixpkgs/nixos/modules/config/nix.nix>
|
nix.settings.require-sigs
If enabled (the default), Nix will only download binaries from binary caches if
they are cryptographically signed with any of the keys listed in
nix.settings.trusted-public-keys
. If disabled, signatures are neither
required nor checked, so it’s strongly recommended that you use only
trustworthy caches and https to prevent man-in-the-middle attacks.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/config/nix.nix>
|
nix.settings.sandbox
If set, Nix will perform builds in a sandboxed environment that it will set up automatically for each build. This prevents impurities in builds by disallowing access to dependencies outside of the Nix store by using network and mount namespaces in a chroot environment.
This is enabled by default even though it has a possible performance impact due to the initial setup time of a sandbox for each build. It doesn’t affect derivation hashes, so changing this option will not trigger a rebuild of packages.
When set to “relaxed”, this option permits derivations that set
__noChroot = true;
to run outside of the sandboxed environment.
Exercise caution when using this mode of operation! It is intended to
be a quick hack when building with packages that are not easily setup
to be built reproducibly.
Type: boolean or value “relaxed” (singular enum)
Default:
true
Declared by:
<nixpkgs/nixos/modules/config/nix.nix>
|
nix.settings.substituters
List of binary cache URLs used to obtain pre-built binaries of Nix packages.
By default https://cache.nixos.org/ is added.
Type: list of string
Declared by:
<nixpkgs/nixos/modules/config/nix.nix>
|
nix.settings.system-features
The set of features supported by the machine. Derivations
can express dependencies on system features through the
requiredSystemFeatures
attribute.
Type: list of string
Default:
[ "nixos-test" "benchmark" "big-parallel" "kvm" "gccarch-<arch>" ]
Declared by:
<nixpkgs/nixos/modules/config/nix.nix>
|
nix.settings.trusted-public-keys
List of public keys used to sign binary caches. If
nix.settings.trusted-public-keys
is enabled,
then Nix will use a binary from a binary cache if and only
if it is signed by any of the keys
listed here. By default, only the key for
cache.nixos.org
is included.
Type: list of string
Example:
[
"hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
]
Declared by:
<nixpkgs/nixos/modules/config/nix.nix>
|
nix.settings.trusted-substituters
List of binary cache URLs that non-root users can use (in
addition to those specified using
nix.settings.substituters
) by passing
--option binary-caches
to Nix commands.
Type: list of string
Default:
[ ]
Example:
[
"https://hydra.nixos.org/"
]
Declared by:
<nixpkgs/nixos/modules/config/nix.nix>
|
nix.settings.trusted-users
A list of names of users that have additional rights when
connecting to the Nix daemon, such as the ability to specify
additional binary caches, or to import unsigned NARs. You
can also specify groups by prefixing them with
@
; for instance,
@wheel
means all users in the wheel
group.
Type: list of string
Example:
[
"root"
"alice"
"@wheel"
]
Declared by:
<nixpkgs/nixos/modules/config/nix.nix>
|
nix.sshServe.enable
Whether to enable serving the Nix store as a remote store via SSH.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-ssh-serve.nix>
|
nix.sshServe.keys
A list of SSH public keys allowed to access the binary cache via SSH.
Type: list of string
Default:
[ ]
Example:
[
"ssh-dss AAAAB3NzaC1k... alice@example.org"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-ssh-serve.nix>
|
nix.sshServe.protocol
The specific Nix-over-SSH protocol to use.
Type: one of “ssh”, “ssh-ng”
Default:
"ssh"
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-ssh-serve.nix>
|
nix.sshServe.write
Whether to enable writing to the Nix store as a remote store via SSH. Note: the sshServe user is named nix-ssh and is not a trusted-user. nix-ssh should be added to the nix.settings.trusted-users
option in most use cases, such as allowing remote building of derivations.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-ssh-serve.nix>
|
nixops.enableDeprecatedAutoLuks
Whether to enable the deprecated NixOps AutoLuks module.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/misc/nixops-autoluks.nix>
|
nixpkgs.buildPlatform
Specifies the platform on which NixOS should be built. By default, NixOS is built on the system where it runs, but you can change where it’s built. Setting this option will cause NixOS to be cross-compiled.
For instance, if you’re doing distributed multi-platform deployment, or if you’re building machines, you can set this to match your development system and/or build farm.
Ignored when nixpkgs.pkgs
is set.
Type: string or (attribute set)
Default:
config.nixpkgs.hostPlatform
Example:
{
system = "x86_64-linux";
}
Declared by:
<nixpkgs/nixos/modules/misc/nixpkgs.nix>
|
nixpkgs.config
Global configuration for Nixpkgs. The complete list of Nixpkgs configuration options is in the Nixpkgs manual section on global configuration.
Ignored when nixpkgs.pkgs
is set.
Type: nixpkgs config
Default:
{ }
Example:
{ allowBroken = true; allowUnfree = true; }
Declared by:
<nixpkgs/nixos/modules/misc/nixpkgs.nix>
|
nixpkgs.crossSystem
Systems with a recently generated hardware-configuration.nix
may instead specify only nixpkgs.buildPlatform
,
or fall back to removing the nixpkgs.hostPlatform
line from the generated config.
Specifies the platform for which NixOS should be
built. Specify this only if it is different from
nixpkgs.localSystem
, the platform
on which NixOS should be built. In other
words, specify this to cross-compile NixOS. Otherwise it
should be set as null, the default. See its description in the
Nixpkgs manual for more details.
Ignored when nixpkgs.pkgs
or hostPlatform
is set.
Type: null or (attribute set)
Default:
null
Example:
{
system = "aarch64-linux";
}
Declared by:
<nixpkgs/nixos/modules/misc/nixpkgs.nix>
|
nixpkgs.flake.setFlakeRegistry
Whether to pin nixpkgs in the system-wide flake registry (/etc/nix/registry.json
) to the
store path of the sources of nixpkgs used to build the NixOS system.
This is on by default for NixOS configurations built with flakes.
This option makes nix run nixpkgs#hello reuse dependencies from the system, avoid refetching nixpkgs, and have a consistent result every time.
Note that this option makes the NixOS closure depend on the nixpkgs sources, which may add undesired closure size if the system will not have any nix commands run on it.
Type: boolean
Default:
"config.nixpkgs.flake.source != null"
Declared by:
<nixpkgs/nixos/modules/misc/nixpkgs-flake.nix>
|
nixpkgs.flake.setNixPath
Whether to set NIX_PATH
to include nixpkgs=flake:nixpkgs
such that <nixpkgs>
lookups receive the version of nixpkgs that the system was built with, in concert with
nixpkgs.flake.setFlakeRegistry
.
This is on by default for NixOS configurations built with flakes.
This makes nix-build '<nixpkgs>' -A hello work out of the box on flake systems.
Note that this option makes the NixOS closure depend on the nixpkgs sources, which may add undesired closure size if the system will not have any nix commands run on it.
Type: boolean
Default:
"config.nixpkgs.flake.source != null"
Declared by:
<nixpkgs/nixos/modules/misc/nixpkgs-flake.nix>
|
nixpkgs.flake.source
The path to the nixpkgs sources used to build the system. This is automatically set up to be
the store path of the nixpkgs flake used to build the system if using
nixpkgs.lib.nixosSystem
, and is otherwise null by default.
This can also be optionally set if the NixOS system is not built with a flake but still uses
pinned sources: set this to the store path for the nixpkgs sources used to build the system,
as may be obtained by builtins.fetchTarball
, for example.
Note: the name of the store path must be “source” due to https://github.com/NixOS/nix/issues/7075.
Type: null or string or absolute path
Default:
"if (using nixpkgsFlake.lib.nixosSystem) then self.outPath else null"
Example:
"builtins.fetchTarball { name = \"source\"; sha256 = \"sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\"; url = \"https://github.com/nixos/nixpkgs/archive/somecommit.tar.gz\"; }"
Declared by:
<nixpkgs/nixos/modules/misc/nixpkgs-flake.nix>
|
nixpkgs.hostPlatform
Specifies the platform where the NixOS configuration will run.
To cross-compile, set also nixpkgs.buildPlatform
.
Ignored when nixpkgs.pkgs
is set.
Type: string or (attribute set)
Default:
(import "${nixos}/../lib").lib.systems.examples.aarch64-multiplatform
Example:
{
system = "aarch64-linux";
}
Declared by:
<nixpkgs/nixos/modules/misc/nixpkgs.nix>
|
nixpkgs.localSystem
Systems with a recently generated hardware-configuration.nix
do not need to specify this option, unless cross-compiling, in which case
you should set only nixpkgs.buildPlatform
.
If this is somehow not feasible, you may fall back to removing the
nixpkgs.hostPlatform
line from the generated config and
use the old options.
Specifies the platform on which NixOS should be built. When
nixpkgs.crossSystem
is unset, it also specifies
the platform for which NixOS should be
built. If this option is unset, it defaults to the platform
type of the machine where evaluation happens. Specifying this
option is useful when doing distributed multi-platform
deployment, or when building virtual machines. See its
description in the Nixpkgs manual for more details.
Ignored when nixpkgs.pkgs
or hostPlatform
is set.
Type: attribute set
Default:
(import "${nixos}/../lib").lib.systems.examples.aarch64-multiplatform
Example:
{
system = "aarch64-linux";
}
Declared by:
<nixpkgs/nixos/modules/misc/nixpkgs.nix>
|
nixpkgs.overlays
List of overlays to apply to Nixpkgs.
This option allows modifying the Nixpkgs package set accessed through the pkgs
module argument.
For details, see the Overlays chapter in the Nixpkgs manual.
If the nixpkgs.pkgs
option is set, overlays specified using nixpkgs.overlays
will be applied after the overlays that were already included in nixpkgs.pkgs
.
Type: list of (nixpkgs overlay)
Default:
[ ]
Example:
[
(self: super: {
openssh = super.openssh.override {
hpnSupport = true;
kerberos = self.libkrb5;
};
})
]
Declared by:
<nixpkgs/nixos/modules/misc/nixpkgs.nix>
|
nixpkgs.pkgs
If set, the pkgs argument to all NixOS modules is the value of
this option, extended with nixpkgs.overlays
, if
that is also set. Either nixpkgs.crossSystem
or
nixpkgs.localSystem
will be used in an assertion
to check that the NixOS and Nixpkgs architectures match. Any
other options in nixpkgs.*
, notably config
,
will be ignored.
If unset, the pkgs argument to all NixOS modules is determined as shown in the default value for this option.
The default value imports the Nixpkgs source files
relative to the location of this NixOS module, because
NixOS and Nixpkgs are distributed together for consistency,
so the nixos
in the default value is in fact a
relative path. The config
, overlays
,
localSystem
, and crossSystem
come
from this option’s siblings.
This option can be used by applications like NixOps to increase
the performance of evaluation, or to create packages that depend
on a container that should be built with the exact same evaluation
of Nixpkgs, for example. Applications like this should set
their default value using lib.mkDefault
, so
user-provided configuration can override it without using
lib
.
Note that using a distinct version of Nixpkgs with NixOS may be an unexpected source of problems. Use this option with care.
Type: An evaluation of Nixpkgs; the top level attribute set of packages
Default:
import "${nixos}/.." {
inherit (cfg) config overlays localSystem crossSystem;
}
Example:
import <nixpkgs> {}
Declared by:
<nixpkgs/nixos/modules/misc/nixpkgs.nix>
|
nixpkgs.system
This option does not need to be specified for NixOS configurations
with a recently generated hardware-configuration.nix
.
Specifies the Nix platform type on which NixOS should be built.
It is better to specify nixpkgs.localSystem
instead.
{
nixpkgs.system = ..;
}
is the same as
{
nixpkgs.localSystem.system = ..;
}
See nixpkgs.localSystem
for more information.
Ignored when nixpkgs.pkgs
, nixpkgs.localSystem
or nixpkgs.hostPlatform
is set.
Type: string
Default:
Traditionally builtins.currentSystem
, but unset when invoking NixOS through lib.nixosSystem
.
Example:
"i686-linux"
Declared by:
<nixpkgs/nixos/modules/misc/nixpkgs.nix>
|
openstack.zfs.datasets
Datasets to create under the tank
and boot
zpools.
NOTE: This option is used only at image creation time, and does not attempt to declaratively create or manage datasets on an existing system.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/virtualisation/openstack-options.nix>
|
openstack.zfs.datasets.<name>.mount
Where to mount this dataset.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/virtualisation/openstack-options.nix>
|
openstack.zfs.datasets.<name>.properties
Properties to set on this dataset.
Type: attribute set of string
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/virtualisation/openstack-options.nix>
|
power.ups.enable
Whether to enable support for Power Devices, such as Uninterruptible Power Supplies, Power Distribution Units and Solar Controllers .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.maxStartDelay
This can be set as a global variable above your first UPS definition and it can also be set in a UPS section. This value controls how long upsdrvctl will wait for the driver to finish starting. This keeps your system from getting stuck due to a broken driver or UPS.
Type: signed integer
Default:
45
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.mode
The MODE determines which part of the NUT is to be started, and which configuration files must be modified.
The values of MODE can be:
none: NUT is not configured, or use the Integrated Power Management, or use some external system to startup NUT components. So nothing is to be started.
standalone: This mode address a local only configuration, with 1 UPS protecting the local system. This implies to start the 3 NUT layers (driver, upsd and upsmon) and the matching configuration files. This mode can also address UPS redundancy.
netserver: same as for the standalone configuration, but also need some more ACLs and possibly a specific LISTEN directive in upsd.conf. Since this MODE is opened to the network, a special care should be applied to security concerns.
netclient: this mode only requires upsmon.
Type: one of “none”, “standalone”, “netserver”, “netclient”
Default:
"standalone"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.openFirewall
Open ports in the firewall for upsd
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.schedulerRules
File which contains the rules to handle UPS events.
Type: string
Example:
"/etc/nixos/upssched.conf"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.ups
This is where you configure all the UPSes that this system will be monitoring directly. These are usually attached to serial ports, but USB devices are also supported.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.ups.<name>.description
Description of the UPS.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.ups.<name>.directives
List of configuration directives for this UPS.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.ups.<name>.driver
Specify the program to run to talk to this UPS. apcsmart, bestups, and sec are some examples.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.ups.<name>.maxStartDelay
This can be set as a global variable above your first UPS definition and it can also be set in a UPS section. This value controls how long upsdrvctl will wait for the driver to finish starting. This keeps your system from getting stuck due to a broken driver or UPS.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.ups.<name>.port
The serial port to which your UPS is connected. /dev/ttyS0 is usually the first port on Linux boxes, for example.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.ups.<name>.shutdownOrder
When you have multiple UPSes on your system, you usually need to turn them off in a certain order. upsdrvctl shuts down all the 0s, then the 1s, 2s, and so on. To exclude a UPS from the shutdown sequence, set this to -1.
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.ups.<name>.summary
Lines which would be added inside ups.conf for handling this UPS.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.upsd
Options for the upsd.conf
configuration file.
Type: submodule
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.upsd.enable
Whether to enable upsd
.
Type: boolean
Default:
true
if mode
is one of standalone
, netserver
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.upsd.extraConfig
Additional lines to add to upsd.conf
.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.upsd.listen
Address of the interface for upsd
to listen on.
See man upsd
for details`.
Type: list of (submodule)
Default:
[ ]
Example:
[
{
address = "192.168.50.1";
}
{
address = "::1";
port = 5923;
}
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.upsd.listen.*.address
Address of the interface for upsd
to listen on.
See man upsd.conf
for details.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.upsd.listen.*.port
TCP port for upsd
to listen on.
See man upsd.conf
for details.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
3493
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.upsmon
Options for the upsmon.conf
configuration file.
Type: submodule
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.upsmon.enable
Whether to enable upsmon
.
Type: boolean
Default:
true
if mode
is one of standalone
, netserver
, netclient
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.upsmon.monitor
Set of UPS to monitor. See man upsmon.conf
for details.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.upsmon.monitor.<name>.passwordFile
The full path to a file containing the password from
upsd.users
for accessing this UPS. The password file
is read on service start.
See upsmon.conf
for details.
Type: string
Default: power.ups.users.${user}.passwordFile
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.upsmon.monitor.<name>.powerValue
Number of power supplies that the UPS feeds on this system.
See upsmon.conf
for details.
Type: signed integer
Default:
1
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.upsmon.monitor.<name>.system
Identifier of the UPS to monitor, in this form: <upsname>[@<hostname>[:<port>]]
See upsmon.conf
for details.
Type: string
Default:
"‹name›"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.upsmon.monitor.<name>.type
The relationship with upsd
.
See upsmon.conf
for details.
Type: string
Default:
"master"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.upsmon.monitor.<name>.user
Username from upsd.users
for accessing this UPS.
See upsmon.conf
for details.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.upsmon.settings
Additional settings to add to upsmon.conf
.
Type: attribute set of (atom (null, bool, int, float or string) or list of non-empty (list of (atom (null, bool, int, float or string))))
Default: { MINSUPPLIES = 1; MONITOR = <generated from config.power.ups.upsmon.monitor> NOTIFYCMD = “${pkgs.nut}/bin/upssched”; POWERDOWNFLAG = “/run/killpower”; RUN_AS_USER = “root”; SHUTDOWNCMD = “${pkgs.systemd}/bin/shutdown now”; }
Example: { MINSUPPLIES = 2; NOTIFYFLAG = [ [ “ONLINE” “SYSLOG+EXEC” ] [ “ONBATT” “SYSLOG+EXEC” ] ]; }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.users
Users that can access upsd. See man upsd.users
.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.users.<name>.actions
Allow the user to do certain things with upsd.
See man upsd.users
for details.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.users.<name>.instcmds
Let the user initiate specific instant commands. Use “ALL” to grant all commands automatically. For the full list of what your UPS supports, use “upscmd -l”.
See man upsd.users
for details.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.users.<name>.passwordFile
The full path to a file that contains the user’s (clear text) password. The password file is read on service start.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.users.<name>.upsmon
Add the necessary actions for a upsmon process to work.
See man upsd.users
for details.
Type: null or one of “primary”, “secondary”
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
powerManagement.enable
Whether to enable power management. This includes support for suspend-to-RAM and powersave features on laptops.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/config/power-management.nix>
|
powerManagement.cpuFreqGovernor
Configure the governor used to regulate the frequency of the available CPUs. By default, the kernel configures the performance governor, although this may be overwritten in your hardware-configuration.nix file.
Often used values: “ondemand”, “powersave”, “performance”
Type: null or string
Default:
null
Example:
"ondemand"
Declared by:
<nixpkgs/nixos/modules/tasks/cpu-freq.nix>
|
powerManagement.cpufreq.max
The maximum frequency the CPU will use. Defaults to the maximum possible.
Type: null or (unsigned integer, meaning >=0)
Default:
null
Example:
2200000
Declared by:
<nixpkgs/nixos/modules/tasks/cpu-freq.nix>
|
powerManagement.cpufreq.min
The minimum frequency the CPU will use.
Type: null or (unsigned integer, meaning >=0)
Default:
null
Example:
800000
Declared by:
<nixpkgs/nixos/modules/tasks/cpu-freq.nix>
|
powerManagement.powerDownCommands
Commands executed when the machine powers down. That is, they’re executed both when the system shuts down and when it goes to suspend or hibernation.
Type: strings concatenated with “\n”
Default:
""
Example:
"${pkgs.hdparm}/sbin/hdparm -B 255 /dev/sda"
Declared by:
<nixpkgs/nixos/modules/config/power-management.nix>
|
powerManagement.powerUpCommands
Commands executed when the machine powers up. That is, they’re executed both when the system first boots and when it resumes from suspend or hibernation.
Type: strings concatenated with “\n”
Default:
""
Example:
"${pkgs.hdparm}/sbin/hdparm -B 255 /dev/sda"
Declared by:
<nixpkgs/nixos/modules/config/power-management.nix>
|
powerManagement.powertop.enable
Whether to enable powertop auto tuning on startup.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/tasks/powertop.nix>
|
powerManagement.powertop.postStart
Shell commands executed after powertop
is started.
This can be used to workaround problematic configurations. For example,
you can retrigger an udev
rule to disable power saving on unsupported
USB devices:
services.udev.extraRules = '''
# disable USB auto suspend for Logitech, Inc. G PRO Gaming Mouse
ACTION=="bind", SUBSYSTEM=="usb", ATTR{idVendor}=="046d", ATTR{idProduct}=="c08c", TEST=="power/control", ATTR{power/control}="on"
''';
Type: strings concatenated with “\n”
Default:
""
Example:
''
''${lib.getExe' config.systemd.package "udevadm"} trigger -c bind -s usb -a idVendor=046d -a idProduct=c08c
''
Declared by:
<nixpkgs/nixos/modules/tasks/powertop.nix>
|
powerManagement.powertop.preStart
Shell commands executed before powertop
is started.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/tasks/powertop.nix>
|
powerManagement.resumeCommands
Commands executed after the system resumes from suspend-to-RAM.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/config/power-management.nix>
|
powerManagement.scsiLinkPolicy
SCSI link power management policy. The kernel default is “max_performance”.
“med_power_with_dipm” is supported by kernel versions 4.15 and newer.
Type: null or one of “min_power”, “max_performance”, “medium_power”, “med_power_with_dipm”
Default:
null
Declared by:
<nixpkgs/nixos/modules/tasks/scsi-link-power-management.nix>
|
programs._1password.enable
Whether to enable the 1Password CLI tool.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/_1password.nix>
|
programs._1password.package
The 1Password CLI package to use.
Type: package
Default:
pkgs._1password-cli
Declared by:
<nixpkgs/nixos/modules/programs/_1password.nix>
|
programs._1password-gui.enable
Whether to enable the 1Password GUI application.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/_1password-gui.nix>
|
programs._1password-gui.package
The 1Password GUI package to use.
Type: package
Default:
pkgs._1password-gui
Declared by:
<nixpkgs/nixos/modules/programs/_1password-gui.nix>
|
programs._1password-gui.polkitPolicyOwners
A list of users who should be able to integrate 1Password with polkit-based authentication mechanisms.
Type: list of string
Default:
[ ]
Example:
["user1" "user2" "user3"]
Declared by:
<nixpkgs/nixos/modules/programs/_1password-gui.nix>
|
programs.adb.enable
Whether to configure system to use Android Debug Bridge (adb).
To grant access to a user, it must be part of adbusers group:
users.users.alice.extraGroups = ["adbusers"];
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/adb.nix>
|
programs.alvr.enable
Whether to enable ALVR, the VR desktop streamer.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/alvr.nix>
|
programs.alvr.package
The alvr package to use.
Type: package
Default:
pkgs.alvr
Declared by:
<nixpkgs/nixos/modules/programs/alvr.nix>
|
programs.alvr.openFirewall
Whether to open the default ports in the firewall for the ALVR server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/alvr.nix>
|
programs.amnezia-vpn.enable
Whether to enable The AmneziaVPN client.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/amnezia-vpn.nix>
|
programs.appgate-sdp.enable
Whether to enable the AppGate SDP VPN client.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/appgate-sdp.nix>
|
programs.appimage.enable
Whether to enable appimage-run wrapper script for executing appimages on NixOS.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/appimage.nix>
|
programs.appimage.package
The appimage-run package to use.
Type: package
Default:
pkgs.appimage-run
Example:
pkgs.appimage-run.override {
extraPkgs = pkgs: [ pkgs.ffmpeg pkgs.imagemagick ];
}
Declared by:
<nixpkgs/nixos/modules/programs/appimage.nix>
|
programs.appimage.binfmt
Whether to enable binfmt registration to run appimages via appimage-run seamlessly.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/appimage.nix>
|
programs.arp-scan.enable
Whether to configure a setcap wrapper for arp-scan.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/arp-scan.nix>
|
programs.atop.enable
Whether to enable Atop, a tool for monitoring system resources.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/atop.nix>
|
programs.atop.package
The atop package to use.
Type: package
Default:
pkgs.atop
Declared by:
<nixpkgs/nixos/modules/programs/atop.nix>
|
programs.atop.atopRotateTimer.enable
Whether to enable the atop-rotate timer, which restarts the atop service daily to make sure the data files are rotate.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/programs/atop.nix>
|
programs.atop.atopService.enable
Whether to enable the atop service responsible for storing statistics for long-term analysis.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/programs/atop.nix>
|
programs.atop.atopacctService.enable
Whether to enable the atopacct service which manages process accounting. This allows Atop to gather data about processes that disappeared in between two refresh intervals.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/programs/atop.nix>
|
programs.atop.atopgpu.enable
Whether to install and enable the atopgpud daemon to get information about NVIDIA gpus.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/atop.nix>
|
programs.atop.netatop.enable
Whether to install and enable the netatop kernel module. Note: this sets the kernel taint flag “O” for loading out-of-tree modules.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/atop.nix>
|
programs.atop.netatop.package
Which package to use for netatop.
Type: package
Default:
config.boot.kernelPackages.netatop
Declared by:
<nixpkgs/nixos/modules/programs/atop.nix>
|
programs.atop.settings
Parameters to be written to /etc/atoprc
.
Type: attribute set
Default:
{ }
Example:
{
flags = "a1f";
interval = 5;
}
Declared by:
<nixpkgs/nixos/modules/programs/atop.nix>
|
programs.atop.setuidWrapper.enable
Whether to install a setuid wrapper for Atop. This is required to use some of the features as non-root user (e.g.: ipc information, netatop, atopgpu). Atop tries to drop the root privileges shortly after starting.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/atop.nix>
|
programs.ausweisapp.enable
Whether to enable AusweisApp.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/ausweisapp.nix>
|
programs.ausweisapp.openFirewall
Whether to open the required firewall ports for the Smartphone as Card Reader (SaC) functionality of AusweisApp.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/ausweisapp.nix>
|
programs.autojump.enable
Whether to enable autojump.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/autojump.nix>
|
programs.bandwhich.enable
Whether to add bandwhich to the global environment and configure a setcap wrapper for it.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/bandwhich.nix>
|
programs.bash.enableLsColors
Whether to enable extra colors in directory listings.
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/bash/ls-colors.nix>
|
programs.bash.blesh.enable
Whether to enable blesh, a full-featured line editor written in pure Bash.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/bash/blesh.nix>
|
programs.bash.completion.enable
Whether to enable Bash completion for all interactive bash shells.
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/bash/bash-completion.nix>
|
programs.bash.completion.package
The bash-completion package to use.
Type: package
Default:
pkgs.bash-completion
Declared by:
<nixpkgs/nixos/modules/programs/bash/bash-completion.nix>
|
programs.bash.interactiveShellInit
Shell script code called during interactive bash shell initialisation.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/programs/bash/bash.nix>
|
programs.bash.loginShellInit
Shell script code called during login bash shell initialisation.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/programs/bash/bash.nix>
|
programs.bash.lsColorsFile
Alternative colorscheme for ls colors
Type: null or absolute path
Default:
null
Example:
${pkgs.dircolors-solarized}/ansi-dark
Declared by:
<nixpkgs/nixos/modules/programs/bash/ls-colors.nix>
|
programs.bash.promptInit
Shell script code used to initialise the bash prompt.
Type: strings concatenated with “\n”
Default:
''
# Provide a nice prompt if the terminal supports it.
if [ "$TERM" != "dumb" ] || [ -n "$INSIDE_EMACS" ]; then
PROMPT_COLOR="1;31m"
((UID)) && PROMPT_COLOR="1;32m"
if [ -n "$INSIDE_EMACS" ]; then
# Emacs term mode doesn't support xterm title escape sequence (\e]0;)
PS1="\n\[\033[$PROMPT_COLOR\][\u@\h:\w]\\$\[\033[0m\] "
else
PS1="\n\[\033[$PROMPT_COLOR\][\[\e]0;\u@\h: \w\a\]\u@\h:\w]\\$\[\033[0m\] "
fi
if test "$TERM" = "xterm"; then
PS1="\[\033]2;\h:\u:\w\007\]$PS1"
fi
fi
''
Declared by:
<nixpkgs/nixos/modules/programs/bash/bash.nix>
|
programs.bash.shellAliases
Set of aliases for bash shell, which overrides environment.shellAliases
.
See environment.shellAliases
for an option format description.
Type: attribute set of (null or string or absolute path)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/programs/bash/bash.nix>
|
programs.bash.shellInit
Shell script code called during bash shell initialisation.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/programs/bash/bash.nix>
|
programs.bash.undistractMe.enable
Whether to enable notifications when long-running terminal commands complete.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/bash/undistract-me.nix>
|
programs.bash.undistractMe.playSound
Whether to enable notification sounds when long-running terminal commands complete.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/bash/undistract-me.nix>
|
programs.bash.undistractMe.timeout
Number of seconds it would take for a command to be considered long-running.
Type: signed integer
Default:
10
Declared by:
<nixpkgs/nixos/modules/programs/bash/undistract-me.nix>
|
programs.bash.vteIntegration
Whether to enable Bash integration for VTE terminals. This allows it to preserve the current directory of the shell across terminals.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/vte.nix>
|
programs.bash-my-aws.enable
Whether to enable bash-my-aws.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/bash-my-aws.nix>
|
programs.bat.enable
Whether to enable bat
, a cat(1) clone with wings.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/bat.nix>
|
programs.bat.package
The bat package to use.
Type: package
Default:
pkgs.bat
Declared by:
<nixpkgs/nixos/modules/programs/bat.nix>
|
programs.bat.extraPackages
Extra bat
scripts to be added to the system configuration.
Type: list of package
Default:
[ ]
Example:
with pkgs.bat-extras; [
batdiff
batman
prettybat
];
Declared by:
<nixpkgs/nixos/modules/programs/bat.nix>
|
programs.bat.settings
Parameters to be written to the system-wide bat
configuration file.
Type: attribute set of (atom (null, bool, int, float or string) or a list of them for duplicate keys)
Default:
{ }
Example:
{
italic-text = "always";
map-syntax = [
"*.ino:C++"
".ignore:Git Ignore"
];
pager = "less --RAW-CONTROL-CHARS --quit-if-one-screen --mouse";
paging = "never";
theme = "TwoDark";
}
Declared by:
<nixpkgs/nixos/modules/programs/bat.nix>
|
programs.bazecor.enable
Whether to enable Bazecor, the graphical configurator for Dygma Products.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/bazecor.nix>
|
programs.bazecor.package
The bazecor package to use.
Type: package
Default:
pkgs.bazecor
Declared by:
<nixpkgs/nixos/modules/programs/bazecor.nix>
|
programs.bcc.enable
Whether to enable bcc, tools for BPF-based Linux IO analysis, networking, monitoring, and more.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/bcc.nix>
|
programs.benchexec.enable
Whether to enable BenchExec.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/benchexec.nix>
|
programs.benchexec.package
The benchexec package to use.
Type: package
Default:
pkgs.benchexec
Declared by:
<nixpkgs/nixos/modules/programs/benchexec.nix>
|
programs.benchexec.users
Users that intend to use BenchExec.
Provide usernames of users that are configured via users.users
as string,
and UIDs of “mutable users” as integers.
Control group delegation will be configured via systemd.
For more information, see https://github.com/sosy-lab/benchexec/blob/3.18/doc/INSTALL.md#setting-up-cgroups.
Type: list of (string or signed integer)
Default:
[ ]
Example:
[
"alice" # username of a user configured via users.users
1007 # UID of a mutable user
]
Declared by:
<nixpkgs/nixos/modules/programs/benchexec.nix>
|
programs.browserpass.enable
Whether to enable Browserpass native messaging host.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/browserpass.nix>
|
programs.calls.enable
Whether to enable GNOME calls: a phone dialer and call handler .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/calls.nix>
|
programs.captive-browser.enable
Whether to enable captive browser, a dedicated Chrome instance to log into captive portals without messing with DNS settings.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/captive-browser.nix>
|
programs.captive-browser.package
The captive-browser package to use.
Type: package
Default:
pkgs.captive-browser
Declared by:
<nixpkgs/nixos/modules/programs/captive-browser.nix>
|
programs.captive-browser.bindInterface
Binds captive-browser
to the network interface declared in
cfg.interface
. This can be used to avoid collisions
with private subnets.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/programs/captive-browser.nix>
|
programs.captive-browser.browser
The shell (/bin/sh) command executed once the proxy starts. When browser exits, the proxy exits. An extra env var PROXY is available.
Here, we use a separate Chrome instance in Incognito mode, so that it can run (and be waited for) alongside the default one, and that it maintains no state across runs. To configure this browser open a normal window in it, settings will be preserved.
@volth: chromium is to open a plain HTTP (not HTTPS nor redirect to HTTPS!) website. upstream uses http://example.com but I have seen captive portals whose DNS server resolves “example.com” to 127.0.0.1
Type: string
Default:
env XDG_CONFIG_HOME="$PREV_CONFIG_HOME" ${pkgs.chromium}/bin/chromium --user-data-dir=${XDG_DATA_HOME:-$HOME/.local/share}/chromium-captive --proxy-server="socks5://$PROXY" --host-resolver-rules="MAP * ~NOTFOUND , EXCLUDE localhost" --no-first-run --new-window --incognito -no-default-browser-check http://cache.nixos.org/
Declared by:
<nixpkgs/nixos/modules/programs/captive-browser.nix>
|
programs.captive-browser.dhcp-dns
The shell (/bin/sh) command executed to obtain the DHCP DNS server address. The first match of an IPv4 regex is used. IPv4 only, because let’s be real, it’s a captive portal.
Type: string
Declared by:
<nixpkgs/nixos/modules/programs/captive-browser.nix>
|
programs.captive-browser.interface
your public network interface (wlp3s0, wlan0, eth0, …)
Type: string
Declared by:
<nixpkgs/nixos/modules/programs/captive-browser.nix>
|
programs.captive-browser.socks5-addr
the listen address for the SOCKS5 proxy server
Type: string
Default:
"localhost:1666"
Declared by:
<nixpkgs/nixos/modules/programs/captive-browser.nix>
|
programs.cardboard.enable
Whether to enable cardboard.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/wayland/cardboard.nix>
|
programs.cardboard.package
The cardboard package to use.
Type: package
Default:
pkgs.cardboard
Declared by:
<nixpkgs/nixos/modules/programs/wayland/cardboard.nix>
|
programs.ccache.enable
Whether to enable CCache, a compiler cache for fast recompilation of C/C++ code.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/ccache.nix>
|
programs.ccache.packageNames
Nix top-level packages to be compiled using CCache
Type: list of string
Default:
[ ]
Example:
[
"wxGTK32"
"ffmpeg"
"libav_all"
]
Declared by:
<nixpkgs/nixos/modules/programs/ccache.nix>
|
programs.ccache.cacheDir
CCache directory
Type: absolute path
Default:
"/var/cache/ccache"
Declared by:
<nixpkgs/nixos/modules/programs/ccache.nix>
|
programs.ccache.group
Group owner of CCache directory
Type: string
Default:
"nixbld"
Declared by:
<nixpkgs/nixos/modules/programs/ccache.nix>
|
programs.ccache.owner
Owner of CCache directory
Type: string
Default:
"root"
Declared by:
<nixpkgs/nixos/modules/programs/ccache.nix>
|
programs.cdemu.enable
cdemu for members of
programs.cdemu.group
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/cdemu.nix>
|
programs.cdemu.group
Group that users must be in to use cdemu.
Type: string
Default:
"cdrom"
Declared by:
<nixpkgs/nixos/modules/programs/cdemu.nix>
|
programs.cdemu.gui
Whether to install the cdemu GUI (gCDEmu).
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/programs/cdemu.nix>
|
programs.cdemu.image-analyzer
Whether to install the image analyzer.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/programs/cdemu.nix>
|
programs.cfs-zen-tweaks.enable
Whether to enable CFS Zen Tweaks.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/cfs-zen-tweaks.nix>
|
programs.chromium.enable
Whether to enable policies for chromium based browsers like Chromium, Google Chrome or Brave.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/chromium.nix>
|
programs.chromium.enablePlasmaBrowserIntegration
Whether to enable Native Messaging Host for Plasma Browser Integration.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/chromium.nix>
|
programs.chromium.defaultSearchProviderEnabled
Enable the default search provider.
Type: null or boolean
Default:
null
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/chromium.nix>
|
programs.chromium.defaultSearchProviderSearchURL
Chromium default search provider url.
Type: null or string
Default:
null
Example:
"https://encrypted.google.com/search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}"
Declared by:
<nixpkgs/nixos/modules/programs/chromium.nix>
|
programs.chromium.defaultSearchProviderSuggestURL
Chromium default search provider url for suggestions.
Type: null or string
Default:
null
Example:
"https://encrypted.google.com/complete/search?output=chrome&q={searchTerms}"
Declared by:
<nixpkgs/nixos/modules/programs/chromium.nix>
|
programs.chromium.extensions
List of chromium extensions to install. For list of plugins ids see id in url of extensions on chrome web store page. To install a chromium extension not included in the chrome web store, append to the extension id a semicolon “;” followed by a URL pointing to an Update Manifest XML file. See ExtensionInstallForcelist for additional details.
Type: null or (list of string)
Default:
null
Example:
[
"chlffgpmiacpedhhbkiomidkjlcfhogd" # pushbullet
"mbniclmhobmnbdlbpiphghaielnnpgdp" # lightshot
"gcbommkclmclpchllfjekcdonpmejbdp" # https everywhere
"cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin
]
Declared by:
<nixpkgs/nixos/modules/programs/chromium.nix>
|
programs.chromium.extraOpts
Extra chromium policy options. A list of available policies can be found in the Chrome Enterprise documentation: https://cloud.google.com/docs/chrome-enterprise/policies/ Make sure the selected policy is supported on Linux and your browser version.
Type: attribute set
Default:
{ }
Example:
{
"BrowserSignin" = 0;
"SyncDisabled" = true;
"PasswordManagerEnabled" = false;
"SpellcheckEnabled" = true;
"SpellcheckLanguage" = [
"de"
"en-US"
];
}
Declared by:
<nixpkgs/nixos/modules/programs/chromium.nix>
|
programs.chromium.homepageLocation
Chromium default homepage
Type: null or string
Default:
null
Example:
"https://nixos.org"
Declared by:
<nixpkgs/nixos/modules/programs/chromium.nix>
|
programs.chromium.initialPrefs
Initial preferences are used to configure the browser for the first run.
Unlike programs.chromium.extraOpts
, initialPrefs can be changed by users in the browser settings.
More information can be found in the Chromium documentation:
https://www.chromium.org/administrators/configuring-other-preferences/
Type: attribute set
Default:
{ }
Example:
{
"first_run_tabs" = [
"https://nixos.org/"
];
}
Declared by:
<nixpkgs/nixos/modules/programs/chromium.nix>
|
programs.chromium.plasmaBrowserIntegrationPackage
The plasma-browser-integration package to use.
Type: package
Default:
pkgs.plasma5Packages.plasma-browser-integration
Declared by:
<nixpkgs/nixos/modules/programs/chromium.nix>
|
programs.clash-verge.enable
Whether to enable Clash Verge.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/clash-verge.nix>
|
programs.clash-verge.package
The clash-verge package to use. Available options are clash-verge-rev and clash-nyanpasu, both are forks of the original clash-verge project.
Type: package
Default:
pkgs.clash-verge-rev
Declared by:
<nixpkgs/nixos/modules/programs/clash-verge.nix>
|
programs.clash-verge.autoStart
Whether to enable Clash Verge auto launch.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/clash-verge.nix>
|
programs.cnping.enable
Whether to enable a setcap wrapper for cnping.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/cnping.nix>
|
programs.command-not-found.enable
Whether interactive shells should show which Nix package (if any) provides a missing command.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/programs/command-not-found/command-not-found.nix>
|
programs.command-not-found.dbPath
Absolute path to programs.sqlite.
By default this file will be provided by your channel (nixexprs.tar.xz).
Type: absolute path
Default:
"/nix/var/nix/profiles/per-user/root/channels/nixos/programs.sqlite"
Declared by:
<nixpkgs/nixos/modules/programs/command-not-found/command-not-found.nix>
|
programs.coolercontrol.enable
Whether to enable CoolerControl GUI & its background services.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/coolercontrol.nix>
|
programs.coolercontrol.nvidiaSupport
Enable support for Nvidia GPUs.
Type: boolean
Default:
lib.elem "nvidia" config.services.xserver.videoDrivers
Declared by:
<nixpkgs/nixos/modules/programs/coolercontrol.nix>
|
programs.corectrl.enable
Whether to enable CoreCtrl, a tool to overclock amd graphics cards and processors. Add your user to the corectrl group to run corectrl without needing to enter your password .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/corectrl.nix>
|
programs.corectrl.package
The corectrl package to use. Useful for overriding the configuration options used for the package.
Type: package
Default:
pkgs.corectrl
Declared by:
<nixpkgs/nixos/modules/hardware/corectrl.nix>
|
programs.corectrl.gpuOverclock.enable
Whether to enable GPU overclocking .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/hardware/corectrl.nix>
|
programs.corectrl.gpuOverclock.ppfeaturemask
Sets the amdgpu.ppfeaturemask
kernel option.
In particular, it is used here to set the overdrive bit.
Default is 0xfffd7fff
as it is less likely to cause flicker issues.
Setting it to 0xffffffff
enables all features.
Type: string
Default:
"0xfffd7fff"
Example:
"0xffffffff"
Declared by:
<nixpkgs/nixos/modules/hardware/corectrl.nix>
|
programs.corefreq.enable
Whether to enable Whether to enable the corefreq daemon and kernel module.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/corefreq.nix>
|
programs.corefreq.package
The corefreq package to use.
Type: package
Default:
config.boot.kernelPackages.corefreq
Declared by:
<nixpkgs/nixos/modules/programs/corefreq.nix>
|
programs.cpu-energy-meter.enable
Whether to enable CPU Energy Meter.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/cpu-energy-meter.nix>
|
programs.cpu-energy-meter.package
The cpu-energy-meter package to use.
Type: package
Default:
pkgs.cpu-energy-meter
Declared by:
<nixpkgs/nixos/modules/programs/cpu-energy-meter.nix>
|
programs.criu.enable
Install criu along with necessary kernel options.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/criu.nix>
|
programs.darling.enable
Whether to enable Darling, a Darwin/macOS compatibility layer for Linux.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/darling.nix>
|
programs.darling.package
The darling package to use.
Type: package
Default:
pkgs.darling
Declared by:
<nixpkgs/nixos/modules/programs/darling.nix>
|
programs.dconf.enable
Whether to enable dconf.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/dconf.nix>
|
programs.dconf.packages
A list of packages which provide dconf profiles and databases in /etc/dconf
.
Type: list of package
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/programs/dconf.nix>
|
programs.dconf.profiles
Attrset of dconf profiles. By default the user
profile is used which
ends up in /etc/dconf/profile/user
.
Type: attribute set of (absolute path or package or (submodule))
Default:
{ }
Example:
{
# A "user" profile with a database
user.databases = [
{
settings = { };
}
];
# A "bar" profile from a package
bar = pkgs.bar-dconf-profile;
# A "foo" profile from a path
foo = ${./foo}
};
Declared by:
<nixpkgs/nixos/modules/programs/dconf.nix>
|
programs.digitalbitbox.enable
Installs the Digital Bitbox application and enables the complementary hardware module.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/digitalbitbox/default.nix>
|
programs.digitalbitbox.package
The digitalbitbox package to use. This can be used to install a package with udev rules that differ from the defaults.
Type: package
Default:
pkgs.digitalbitbox
Declared by:
<nixpkgs/nixos/modules/programs/digitalbitbox/default.nix>
|
programs.direnv.enable
Whether to enable direnv integration. Takes care of both installation and setting up the sourcing of the shell. Additionally enables nix-direnv integration. Note that you need to logout and login for this change to apply .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/direnv.nix>
|
programs.direnv.enableBashIntegration
Whether to enable Bash integration .
Type: boolean
Default:
true
Example:
false
Declared by:
<nixpkgs/nixos/modules/programs/direnv.nix>
|
programs.direnv.enableFishIntegration
Whether to enable Fish integration .
Type: boolean
Default:
true
Example:
false
Declared by:
<nixpkgs/nixos/modules/programs/direnv.nix>
|
programs.direnv.enableXonshIntegration
Whether to enable Xonsh integration .
Type: boolean
Default:
true
Example:
false
Declared by:
<nixpkgs/nixos/modules/programs/direnv.nix>
|
programs.direnv.enableZshIntegration
Whether to enable Zsh integration .
Type: boolean
Default:
true
Example:
false
Declared by:
<nixpkgs/nixos/modules/programs/direnv.nix>
|
programs.direnv.package
The direnv package to use.
Type: package
Default:
pkgs.direnv
Declared by:
<nixpkgs/nixos/modules/programs/direnv.nix>
|
programs.direnv.direnvrcExtra
Extra lines to append to the sourced direnvrc
Type: strings concatenated with “\n”
Default:
""
Example:
''
export FOO="foo"
echo "loaded direnv!"
''
Declared by:
<nixpkgs/nixos/modules/programs/direnv.nix>
|
programs.direnv.loadInNixShell
Whether to enable loading direnv in nix-shell
nix shell
or nix develop
.
Type: boolean
Default:
true
Example:
false
Declared by:
<nixpkgs/nixos/modules/programs/direnv.nix>
|
programs.direnv.nix-direnv.enable
Whether to enable a faster, persistent implementation of use_nix and use_flake, to replace the builtin one .
Type: boolean
Default:
true
Example:
false
Declared by:
<nixpkgs/nixos/modules/programs/direnv.nix>
|
programs.direnv.nix-direnv.package
The nix-direnv package to use
Type: package
Default:
"pkgs.nix-direnv"
Declared by:
<nixpkgs/nixos/modules/programs/direnv.nix>
|
programs.direnv.silent
Whether to enable the hiding of direnv logging .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/direnv.nix>
|
programs.dmrconfig.enable
Whether to configure system to enable use of dmrconfig. This enables the required udev rules and installs the program.
Type: boolean
Default:
false
Related packages:
Declared by:
<nixpkgs/nixos/modules/programs/dmrconfig.nix>
|
programs.dmrconfig.package
The dmrconfig package to use.
Type: package
Default:
pkgs.dmrconfig
Declared by:
<nixpkgs/nixos/modules/programs/dmrconfig.nix>
|
programs.droidcam.enable
Whether to enable DroidCam client.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/droidcam.nix>
|
programs.dublin-traceroute.enable
Whether to enable dublin-traceroute (including setcap wrapper).
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/dublin-traceroute.nix>
|
programs.dublin-traceroute.package
The dublin-traceroute package to use.
Type: package
Default:
pkgs.dublin-traceroute
Declared by:
<nixpkgs/nixos/modules/programs/dublin-traceroute.nix>
|
programs.ecryptfs.enable
Whether to enable ecryptfs setuid mount wrappers.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/ecryptfs.nix>
|
programs.envision.enable
Whether to enable envision.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/envision.nix>
|
programs.envision.package
The envision package to use.
Type: package
Default:
pkgs.envision
Declared by:
<nixpkgs/nixos/modules/programs/envision.nix>
|
programs.envision.openFirewall
Whether to enable the default ports in the firewall for the WiVRn server.
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/envision.nix>
|
programs.evince.enable
Whether to enable Evince, the GNOME document viewer.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/evince.nix>
|
programs.evince.package
The evince package to use.
Type: package
Default:
pkgs.evince
Declared by:
<nixpkgs/nixos/modules/programs/evince.nix>
|
programs.evolution.enable
Whether to enable Evolution, a Personal information management application that provides integrated mail, calendaring and address book functionality.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome/evolution-data-server.nix>
|
programs.evolution.plugins
Plugins for Evolution.
Type: list of package
Default:
[ ]
Example:
[ pkgs.evolution-ews ]
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome/evolution-data-server.nix>
|
programs.extra-container.enable
Whether to enable extra-container, a tool for running declarative NixOS containers without host system rebuilds .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/extra-container.nix>
|
programs.fcast-receiver.enable
Whether to enable FCast Receiver.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/fcast-receiver.nix>
|
programs.fcast-receiver.package
The fcast-receiver package to use.
Type: package
Default:
pkgs.fcast-receiver
Declared by:
<nixpkgs/nixos/modules/programs/fcast-receiver.nix>
|
programs.fcast-receiver.openFirewall
Open ports needed for the functionality of the program.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/fcast-receiver.nix>
|
programs.feedbackd.enable
Whether to enable the feedbackd D-BUS service and udev rules.
Your user needs to be in the feedbackd
group to trigger effects
.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/feedbackd.nix>
|
programs.feedbackd.package
The feedbackd package to use.
Type: package
Default:
pkgs.feedbackd
Declared by:
<nixpkgs/nixos/modules/programs/feedbackd.nix>
|
programs.file-roller.enable
Whether to enable File Roller, an archive manager for GNOME.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/file-roller.nix>
|
programs.file-roller.package
The file-roller package to use.
Type: package
Default:
pkgs.file-roller
Declared by:
<nixpkgs/nixos/modules/programs/file-roller.nix>
|
programs.firefox.enable
Whether to enable the Firefox web browser.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/firefox.nix>
|
programs.firefox.package
Firefox package to use.
Type: package
Default:
pkgs.firefox
Related packages:
Declared by:
<nixpkgs/nixos/modules/programs/firefox.nix>
|
programs.firefox.autoConfig
AutoConfig files can be used to set and lock preferences that are not covered by the policies.json for Mac and Linux. This method can be used to automatically change user preferences or prevent the end user from modifiying specific preferences by locking them. More info can be found in https://support.mozilla.org/en-US/kb/customizing-firefox-using-autoconfig.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/programs/firefox.nix>
|
programs.firefox.autoConfigFiles
AutoConfig files can be used to set and lock preferences that are not covered by the policies.json for Mac and Linux. This method can be used to automatically change user preferences or prevent the end user from modifiying specific preferences by locking them. More info can be found in https://support.mozilla.org/en-US/kb/customizing-firefox-using-autoconfig.
Files are concated and autoConfig is appended.
Type: list of absolute path
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/programs/firefox.nix>
|
programs.firefox.languagePacks
The language packs to install.
Type: list of (one of “ach”, “af”, “an”, “ar”, “ast”, “az”, “be”, “bg”, “bn”, “br”, “bs”, “ca-valencia”, “ca”, “cak”, “cs”, “cy”, “da”, “de”, “dsb”, “el”, “en-CA”, “en-GB”, “en-US”, “eo”, “es-AR”, “es-CL”, “es-ES”, “es-MX”, “et”, “eu”, “fa”, “ff”, “fi”, “fr”, “fur”, “fy-NL”, “ga-IE”, “gd”, “gl”, “gn”, “gu-IN”, “he”, “hi-IN”, “hr”, “hsb”, “hu”, “hy-AM”, “ia”, “id”, “is”, “it”, “ja”, “ka”, “kab”, “kk”, “km”, “kn”, “ko”, “lij”, “lt”, “lv”, “mk”, “mr”, “ms”, “my”, “nb-NO”, “ne-NP”, “nl”, “nn-NO”, “oc”, “pa-IN”, “pl”, “pt-BR”, “pt-PT”, “rm”, “ro”, “ru”, “sat”, “sc”, “sco”, “si”, “sk”, “skr”, “sl”, “son”, “sq”, “sr”, “sv-SE”, “szl”, “ta”, “te”, “tg”, “th”, “tl”, “tr”, “trs”, “uk”, “ur”, “uz”, “vi”, “xh”, “zh-CN”, “zh-TW”)
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/programs/firefox.nix>
|
programs.firefox.nativeMessagingHosts.packages
Additional packages containing native messaging hosts that should be made available to Firefox extensions.
Type: list of package
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/programs/firefox.nix>
|
programs.firefox.nativeMessagingHosts.browserpass
Whether to enable Browserpass support.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/firefox.nix>
|
programs.firefox.nativeMessagingHosts.bukubrow
Whether to enable Bukubrow support.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/firefox.nix>
|
programs.firefox.nativeMessagingHosts.euwebid
Whether to enable Web eID support.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/firefox.nix>
|
programs.firefox.nativeMessagingHosts.ff2mpv
Whether to enable ff2mpv support.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/firefox.nix>
|
programs.firefox.nativeMessagingHosts.fxCast
Whether to enable fx_cast support.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/firefox.nix>
|
programs.firefox.nativeMessagingHosts.gsconnect
Whether to enable GSConnect support.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/firefox.nix>
|
programs.firefox.nativeMessagingHosts.jabref
Whether to enable JabRef support.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/firefox.nix>
|
programs.firefox.nativeMessagingHosts.passff
Whether to enable PassFF support.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/firefox.nix>
|
programs.firefox.nativeMessagingHosts.tridactyl
Whether to enable Tridactyl support.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/firefox.nix>
|
programs.firefox.nativeMessagingHosts.ugetIntegrator
Whether to enable Uget Integrator support.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/firefox.nix>
|
programs.firefox.policies
Group policies to install.
See Mozilla’s documentation for a list of available options.
This can be used to install extensions declaratively! Check out the
documentation of the ExtensionSettings
policy for details.
When this option is in use, Firefox will inform you that “your browser is managed by your organisation”. That message appears because NixOS installs what you have declared here such that it cannot be overridden through the user interface. It does not mean that someone else has been given control of your browser, unless of course they also control your NixOS configuration.
Type: JSON value
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/programs/firefox.nix>
|
programs.firefox.preferences
Preferences to set from about:config
.
Some of these might be able to be configured more ergonomically using policies.
When this option is in use, Firefox will inform you that “your browser is managed by your organisation”. That message appears because NixOS installs what you have declared here such that it cannot be overridden through the user interface. It does not mean that someone else has been given control of your browser, unless of course they also control your NixOS configuration.
Type: attribute set of (boolean or signed integer or string)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/programs/firefox.nix>
|
programs.firefox.preferencesStatus
The status of firefox.preferences
.
status
can assume the following values:
"default"
: Preferences appear as default.
"locked"
: Preferences appear as default and can’t be changed.
"user"
: Preferences appear as changed.
"clear"
: Value has no effect. Resets to factory defaults on each startup.
Type: one of “default”, “locked”, “user”, “clear”
Default:
"locked"
Declared by:
<nixpkgs/nixos/modules/programs/firefox.nix>
|
programs.firefox.wrapperConfig
Arguments to pass to Firefox wrapper
Type: attribute set
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/programs/firefox.nix>
|
programs.firejail.enable
Whether to enable firejail, a sandboxing tool for Linux.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/firejail.nix>
|
programs.firejail.wrappedBinaries
Wrap the binaries in firejail and place them in the global path.
Type: attribute set of (absolute path or (submodule))
Default:
{ }
Example:
{
firefox = {
executable = "${lib.getBin pkgs.firefox}/bin/firefox";
profile = "${pkgs.firejail}/etc/firejail/firefox.profile";
};
mpv = {
executable = "${lib.getBin pkgs.mpv}/bin/mpv";
profile = "${pkgs.firejail}/etc/firejail/mpv.profile";
};
}
Declared by:
<nixpkgs/nixos/modules/programs/firejail.nix>
|
programs.fish.enable
Whether to configure fish as an interactive shell.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/fish.nix>
|
programs.fish.package
The fish package to use.
Type: package
Default:
pkgs.fish
Declared by:
<nixpkgs/nixos/modules/programs/fish.nix>
|
programs.fish.interactiveShellInit
Shell script code called during interactive fish shell initialisation.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/programs/fish.nix>
|
programs.fish.loginShellInit
Shell script code called during fish login shell initialisation.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/programs/fish.nix>
|
programs.fish.promptInit
Shell script code used to initialise fish prompt.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/programs/fish.nix>
|
programs.fish.shellAbbrs
Set of fish abbreviations.
Type: attribute set of string
Default:
{ }
Example:
{
gco = "git checkout";
npu = "nix-prefetch-url";
}
Declared by:
<nixpkgs/nixos/modules/programs/fish.nix>
|
programs.fish.shellAliases
Set of aliases for fish shell, which overrides environment.shellAliases
.
See environment.shellAliases
for an option format description.
Type: attribute set of (null or string or absolute path)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/programs/fish.nix>
|
programs.fish.shellInit
Shell script code called during fish shell initialisation.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/programs/fish.nix>
|
programs.fish.useBabelfish
If enabled, the configured environment will be translated to native fish using babelfish. Otherwise, foreign-env will be used.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/fish.nix>
|
programs.fish.vendor.completions.enable
Whether fish should use completion files provided by other packages.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/programs/fish.nix>
|
programs.fish.vendor.config.enable
Whether fish should source configuration snippets provided by other packages.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/programs/fish.nix>
|
programs.fish.vendor.functions.enable
Whether fish should autoload fish functions provided by other packages.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/programs/fish.nix>
|
programs.flashprog.enable
Whether to enable configuring flashprog udev rules and installing flashprog as system package .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/flashprog.nix>
|
programs.flashprog.package
The flashprog package to use.
Type: package
Default:
pkgs.flashprog
Declared by:
<nixpkgs/nixos/modules/programs/flashprog.nix>
|
programs.flashrom.enable
Installs flashrom and configures udev rules for programmers used by flashrom. Grants access to users in the “flashrom” group.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/flashrom.nix>
|
programs.flashrom.package
The flashrom package to use.
Type: package
Default:
pkgs.flashrom
Declared by:
<nixpkgs/nixos/modules/programs/flashrom.nix>
|
programs.flexoptix-app.enable
Whether to enable FLEXOPTIX app + udev rules.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/flexoptix-app.nix>
|
programs.flexoptix-app.package
The flexoptix-app package to use.
Type: package
Default:
pkgs.flexoptix-app
Declared by:
<nixpkgs/nixos/modules/programs/flexoptix-app.nix>
|
programs.foot.enable
Whether to enable foot terminal emulator.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/foot>
|
programs.foot.enableBashIntegration
Whether to enable foot bash integration.
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/foot>
|
programs.foot.enableFishIntegration
Whether to enable foot fish integration.
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/foot>
|
programs.foot.enableZshIntegration
Whether to enable foot zsh integration.
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/foot>
|
programs.foot.package
The foot package to use.
Type: package
Default:
pkgs.foot
Declared by:
<nixpkgs/nixos/modules/programs/foot>
|
programs.foot.settings
Configuration for foot terminal emulator. Further information can be found in man 5 foot.ini.
Global configuration has to be written under the [main] section.
Type: attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string) or a list of them for duplicate keys)
Default:
{ }
Example:
{
main = {
font = "FreeMono:size=12";
};
scrollback = {
lines = 100000;
};
}
Declared by:
<nixpkgs/nixos/modules/programs/foot>
|
programs.foot.theme
Theme name. Check https://codeberg.org/dnkl/foot/src/branch/master/themes for available themes.
Type: null or string
Default:
null
Example:
"aeroroot"
Declared by:
<nixpkgs/nixos/modules/programs/foot>
|
programs.fuse.mountMax
Set the maximum number of FUSE mounts allowed to non-root users.
Type: integer between 0 and 32767 (both inclusive)
Default:
1000
Declared by:
<nixpkgs/nixos/modules/programs/fuse.nix>
|
programs.fuse.userAllowOther
Allow non-root users to specify the allow_other or allow_root mount options, see mount.fuse3(8).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/fuse.nix>
|
programs.fzf.fuzzyCompletion
Whether to enable fuzzy completion with fzf.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/fzf.nix>
|
programs.fzf.keybindings
Whether to enable fzf keybindings.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/fzf.nix>
|
programs.gamemode.enable
Whether to enable GameMode to optimise system performance on demand.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/gamemode.nix>
|
programs.gamemode.enableRenice
Whether to enable CAP_SYS_NICE on gamemoded to support lowering process niceness.
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/gamemode.nix>
|
programs.gamemode.settings
System-wide configuration for GameMode (/etc/gamemode.ini). See gamemoded(8) man page for available settings.
Type: attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string) or a list of them for duplicate keys)
Default:
{ }
Example:
{
general = {
renice = 10;
};
# Warning: GPU optimisations have the potential to damage hardware
gpu = {
apply_gpu_optimisations = "accept-responsibility";
gpu_device = 0;
amd_performance_level = "high";
};
custom = {
start = "${pkgs.libnotify}/bin/notify-send 'GameMode started'";
end = "${pkgs.libnotify}/bin/notify-send 'GameMode ended'";
};
}
Declared by:
<nixpkgs/nixos/modules/programs/gamemode.nix>
|
programs.gamescope.enable
Whether to enable gamescope, the SteamOS session compositing window manager.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/gamescope.nix>
|
programs.gamescope.package
The gamescope package to use.
Type: package
Default:
pkgs.gamescope
Declared by:
<nixpkgs/nixos/modules/programs/gamescope.nix>
|
programs.gamescope.args
Arguments passed to GameScope on startup.
Type: list of string
Default:
[ ]
Example:
[
"--rt"
"--prefer-vk-device 8086:9bc4"
]
Declared by:
<nixpkgs/nixos/modules/programs/gamescope.nix>
|
programs.gamescope.capSysNice
Add cap_sys_nice capability to the GameScope binary so that it may renice itself.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/gamescope.nix>
|
programs.gamescope.env
Default environment variables available to the GameScope process, overridable at runtime.
Type: attribute set of string
Default:
{ }
Example:
# for Prime render offload on Nvidia laptops.
# Also requires `hardware.nvidia.prime.offload.enable`.
{
__NV_PRIME_RENDER_OFFLOAD = "1";
__VK_LAYER_NV_optimus = "NVIDIA_only";
__GLX_VENDOR_LIBRARY_NAME = "nvidia";
}
Declared by:
<nixpkgs/nixos/modules/programs/gamescope.nix>
|
programs.gdk-pixbuf.modulePackages
Packages providing GDK-Pixbuf modules, for cache generation.
Type: list of package
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/programs/gdk-pixbuf.nix>
|
programs.geary.enable
Whether to enable Geary, a Mail client for GNOME.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/geary.nix>
|
programs.ghidra.enable
Whether to enable Ghidra, a software reverse engineering (SRE) suite of tools.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/ghidra.nix>
|
programs.ghidra.package
The ghidra package to use.
Type: package
Default:
pkgs.ghidra
Example:
ghidra-bin
Declared by:
<nixpkgs/nixos/modules/programs/ghidra.nix>
|
programs.ghidra.gdb
Whether to add to gdbinit the python modules required to make Ghidra’s debugger work.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/programs/ghidra.nix>
|
programs.git.enable
Whether to enable git, a distributed version control system.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/git.nix>
|
programs.git.package
The git package to use.
Type: package
Default:
pkgs.git
Example:
gitFull
Declared by:
<nixpkgs/nixos/modules/programs/git.nix>
|
programs.git.config
Configuration to write to /etc/gitconfig. A list can also be
specified to keep the configuration in order. For example, setting
config
to [ { foo.x = 42; } { bar.y = 42; }]
will put the foo
section before the bar
section unlike the default alphabetical
order, which can be helpful for sections such as include
and
includeIf
. See the CONFIGURATION FILE section of git-config(1) for
more information.
Type: (attribute set of attribute set of anything) or list of attribute set of attribute set of anything
Default:
[ ]
Example:
{
init = {
defaultBranch = "main";
};
url = {
"https://github.com/" = {
insteadOf = [
"gh:"
"github:"
];
};
};
}
Declared by:
<nixpkgs/nixos/modules/programs/git.nix>
|
programs.git.lfs.enable
Whether to enable git-lfs (Large File Storage).
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/git.nix>
|
programs.git.lfs.enablePureSSHTransfer
Whether to enable Enable pure SSH transfer in server side by adding git-lfs-transfer to environment.systemPackages.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/git.nix>
|
programs.git.lfs.package
The git-lfs package to use.
Type: package
Default:
pkgs.git-lfs
Declared by:
<nixpkgs/nixos/modules/programs/git.nix>
|
programs.git.prompt.enable
Whether to enable automatically sourcing git-prompt.sh. This does not change $PS1; it simply provides relevant utility functions.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/git.nix>
|
programs.git-worktree-switcher.enable
Whether to enable git-worktree-switcher, switch between git worktrees with speed…
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/git-worktree-switcher.nix>
|
programs.gnome-disks.enable
Whether to enable GNOME Disks daemon, a program designed to be a UDisks2 graphical front-end.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/gnome-disks.nix>
|
programs.gnome-terminal.enable
Whether to enable GNOME Terminal.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/gnome-terminal.nix>
|
programs.gnupg.package
The gnupg package to use.
Type: package
Default:
pkgs.gnupg
Declared by:
<nixpkgs/nixos/modules/programs/gnupg.nix>
|
programs.gnupg.agent.enable
Enables GnuPG agent with socket-activation for every user session.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/gnupg.nix>
|
programs.gnupg.agent.enableBrowserSocket
Enable browser socket for GnuPG agent.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/gnupg.nix>
|
programs.gnupg.agent.enableExtraSocket
Enable extra socket for GnuPG agent.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/gnupg.nix>
|
programs.gnupg.agent.enableSSHSupport
Enable SSH agent support in GnuPG agent. Also sets SSH_AUTH_SOCK environment variable correctly. This will disable socket-activation and thus always start a GnuPG agent per user session.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/gnupg.nix>
|
programs.gnupg.agent.pinentryPackage
Which pinentry package to use. The path to the mainProgram as defined in the package’s meta attributes will be set in /etc/gnupg/gpg-agent.conf. If not set by the user, it’ll pick an appropriate flavor depending on the system configuration (qt flavor for lxqt and plasma5, gtk2 for xfce, gnome3 on all other systems with X enabled, curses otherwise).
Type: null or package
Default:
matching the configured desktop environment or pkgs.pinentry-curses
Example: pkgs.pinentry-gnome3
Declared by:
<nixpkgs/nixos/modules/programs/gnupg.nix>
|
programs.gnupg.agent.settings
Configuration for /etc/gnupg/gpg-agent.conf. See gpg-agent(1) for supported options.
Type: attribute set of (atom (null, bool, int, float or string))
Default:
{ }
Example:
{
default-cache-ttl = 600;
}
Declared by:
<nixpkgs/nixos/modules/programs/gnupg.nix>
|
programs.gnupg.dirmngr.enable
Enables GnuPG network certificate management daemon with socket-activation for every user session.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/gnupg.nix>
|
programs.goldwarden.enable
Whether to enable Goldwarden.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/goldwarden.nix>
|
programs.goldwarden.package
The goldwarden package to use.
Type: package
Default:
pkgs.goldwarden
Declared by:
<nixpkgs/nixos/modules/programs/goldwarden.nix>
|
programs.goldwarden.useSshAgent
Whether to enable Goldwarden’s SSH Agent.
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/goldwarden.nix>
|
programs.gpaste.enable
Whether to enable GPaste, a clipboard manager.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/gpaste.nix>
|
programs.gphoto2.enable
Whether to configure system to use gphoto2.
To grant digital camera access to a user, the user must
be part of the camera group:
users.users.alice.extraGroups = ["camera"];
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/gphoto2.nix>
|
programs.gpu-screen-recorder.enable
Whether to install gpu-screen-recorder and generate setcap wrappers for promptless recording.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/gpu-screen-recorder.nix>
|
programs.gpu-screen-recorder.package
The gpu-screen-recorder package to use.
Type: package
Default:
pkgs.gpu-screen-recorder
Declared by:
<nixpkgs/nixos/modules/programs/gpu-screen-recorder.nix>
|
programs.haguichi.enable
Whether to enable Haguichi, a Linux GUI frontend to the proprietary LogMeIn Hamachi.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/haguichi.nix>
|
programs.hamster.enable
Whether to enable hamster, a time tracking program.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/hamster.nix>
|
programs.htop.enable
Whether to enable htop process monitor.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/htop.nix>
|
programs.htop.package
The htop package to use.
Type: package
Default:
pkgs.htop
Declared by:
<nixpkgs/nixos/modules/programs/htop.nix>
|
programs.htop.settings
Extra global default configuration for htop which is read on first startup only. Htop subsequently uses ~/.config/htop/htoprc as configuration source.
Type: attribute set of (string or signed integer or boolean or list of (string or signed integer or boolean))
Default:
{ }
Example:
{
hide_kernel_threads = true;
hide_userland_threads = true;
}
Declared by:
<nixpkgs/nixos/modules/programs/htop.nix>
|
programs.hyprland.enable
Whether to enable Hyprland, the dynamic tiling Wayland compositor that doesn’t sacrifice on its looks.
You can manually launch Hyprland by executing Hyprland on a TTY.
A configuration file will be generated in ~/.config/hypr/hyprland.conf
.
See https://wiki.hyprland.org for more information.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/wayland/hyprland.nix>
|
programs.hyprland.package
The hyprland package to use. If the package is not overridable with enableXWayland
, then the module option
xwayland
will have no effect.
Type: package
Default:
pkgs.hyprland
Declared by:
<nixpkgs/nixos/modules/programs/wayland/hyprland.nix>
|
programs.hyprland.portalPackage
The xdg-desktop-portal-hyprland package to use. If the package is not overridable with hyprland
, then the Hyprland package
used by the portal may differ from the one set in the module option package
.
Type: package
Default:
pkgs.xdg-desktop-portal-hyprland
Declared by:
<nixpkgs/nixos/modules/programs/wayland/hyprland.nix>
|
programs.hyprland.systemd.setPath.enable
Set environment path of systemd to include the current system’s bin directory. This is needed in Hyprland setups, where opening links in applications do not work. Enabled by default for Hyprland versions older than 0.41.2.
Type: boolean
Default:
lib.versionOlder cfg.package.version "0.41.2"
Example:
false
Declared by:
<nixpkgs/nixos/modules/programs/wayland/hyprland.nix>
|
programs.hyprland.withUWSM
Launch Hyprland with the UWSM (Universal Wayland Session Manager) session manager.
This has improved systemd support and is recommended for most users.
This automatically starts appropiate targets like graphical-session.target
,
and wayland-session@Hyprland.target
.
Some changes may need to be made to Hyprland configs depending on your setup, see Hyprland wiki.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/wayland/hyprland.nix>
|
programs.hyprland.xwayland.enable
Whether to enable XWayland.
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/wayland/hyprland.nix>
|
programs.hyprlock.enable
Whether to enable hyprlock, Hyprland’s GPU-accelerated screen locking utility.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/wayland/hyprlock.nix>
|
programs.hyprlock.package
The hyprlock package to use.
Type: package
Default:
pkgs.hyprlock
Declared by:
<nixpkgs/nixos/modules/programs/wayland/hyprlock.nix>
|
programs.i3lock.enable
Whether to enable i3lock.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/i3lock.nix>
|
programs.i3lock.package
The i3lock package to use. ::: {.note} The i3lock package must include a i3lock file or link in its out directory in order for the u2fSupport option to work correctly. :::
Type: package
Default:
pkgs.i3lock
Example:
i3lock-color
Declared by:
<nixpkgs/nixos/modules/programs/i3lock.nix>
|
programs.i3lock.u2fSupport
Whether to enable U2F support in the i3lock program. U2F enables authentication using a hardware device, such as a security key. When U2F support is enabled, the i3lock program will set the setuid bit on the i3lock binary and enable the pam u2fAuth service,
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/i3lock.nix>
|
programs.iay.enable
Whether to enable iay, a minimalistic shell prompt.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/iay.nix>
|
programs.iay.package
The iay package to use.
Type: package
Default:
pkgs.iay
Declared by:
<nixpkgs/nixos/modules/programs/iay.nix>
|
programs.iay.minimalPrompt
Use minimal one-liner prompt.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/iay.nix>
|
programs.iftop.enable
Whether to enable iftop and setcap wrapper for it.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/iftop.nix>
|
programs.iio-hyprland.enable
Whether to enable iio-hyprland and iio-sensor-proxy.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/iio-hyprland.nix>
|
programs.iio-hyprland.package
The iio-hyprland package to use.
Type: package
Default:
pkgs.iio-hyprland
Declared by:
<nixpkgs/nixos/modules/programs/iio-hyprland.nix>
|
programs.immersed.enable
Whether to enable immersed.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/immersed.nix>
|
programs.immersed.package
The immersed package to use.
Type: package
Default:
pkgs.immersed
Declared by:
<nixpkgs/nixos/modules/programs/immersed.nix>
|
programs.iotop.enable
Whether to enable iotop + setcap wrapper.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/iotop.nix>
|
programs.java.enable
Install and setup the Java development kit.
This adds JAVA_HOME to the global environment, by sourcing the jdk’s setup-hook on shell init. It is equivalent to starting a shell through ‘nix-shell -p jdk’, or roughly the following system-wide configuration:
environment.variables.JAVA_HOME = ${pkgs.jdk.home}/lib/openjdk;
environment.systemPackages = [ pkgs.jdk ];
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/java.nix>
|
programs.java.package
The jdk package to use.
Type: package
Default:
pkgs.jdk
Example:
jre
Declared by:
<nixpkgs/nixos/modules/programs/java.nix>
|
programs.java.binfmt
Whether to enable binfmt to execute java jar’s and classes.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/java.nix>
|
programs.joycond-cemuhook.enable
Whether to enable joycond-cemuhook, a program to enable support for cemuhook’s UDP protocol for joycond devices.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/joycond-cemuhook.nix>
|
programs.k3b.enable
Whether to enable k3b, the KDE disk burning application.
Additionally to installing k3b
enabling this will
add setuid
wrappers in /run/wrappers/bin
for both cdrdao
and cdrecord
. On first
run you must manually configure the path of cdrdae
and
cdrecord
to correspond to the appropriate paths under
/run/wrappers/bin
in the “Setup External Programs” menu.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/k3b.nix>
|
programs.k40-whisperer.enable
Whether to enable K40-Whisperer.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/k40-whisperer.nix>
|
programs.k40-whisperer.package
The k40-whisperer package to use.
Type: package
Default:
pkgs.k40-whisperer
Declared by:
<nixpkgs/nixos/modules/programs/k40-whisperer.nix>
|
programs.k40-whisperer.group
Group assigned to the device when connected.
Type: string
Default:
"k40"
Declared by:
<nixpkgs/nixos/modules/programs/k40-whisperer.nix>
|
programs.kbdlight.enable
Whether to enable kbdlight.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/kbdlight.nix>
|
programs.kclock.enable
Whether to enable KClock.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/kclock.nix>
|
programs.kde-pim.enable
Whether to enable KDE PIM base packages.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/kde-pim.nix>
|
programs.kde-pim.kmail
Whether to enable KMail.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/kde-pim.nix>
|
programs.kde-pim.kontact
Whether to enable Kontact.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/kde-pim.nix>
|
programs.kde-pim.merkuro
Whether to enable Merkuro.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/kde-pim.nix>
|
programs.kdeconnect.enable
Whether to enable kdeconnect.
Note that it will open the TCP and UDP port from
1714 to 1764 as they are needed for it to function properly.
You can use the package
to use
gnomeExtensions.gsconnect
as an alternative
implementation if you use Gnome
.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/kdeconnect.nix>
|
programs.kdeconnect.package
The kdeconnect-kde package to use.
Type: package
Default:
pkgs.plasma5Packages.kdeconnect-kde
Example:
gnomeExtensions.gsconnect
Declared by:
<nixpkgs/nixos/modules/programs/kdeconnect.nix>
|
programs.kubeswitch.enable
Whether to enable kubeswitch.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/kubeswitch.nix>
|
programs.kubeswitch.package
The package to install for kubeswitch
Type: package
Default:
pkgs.kubeswitch
Declared by:
<nixpkgs/nixos/modules/programs/kubeswitch.nix>
|
programs.kubeswitch.commandName
The name of the command to use
Type: string
Default:
"kswitch"
Declared by:
<nixpkgs/nixos/modules/programs/kubeswitch.nix>
|
programs.labwc.enable
Whether to enable labwc.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/wayland/labwc.nix>
|
programs.labwc.package
The labwc package to use.
Type: package
Default:
pkgs.labwc
Declared by:
<nixpkgs/nixos/modules/programs/wayland/labwc.nix>
|
programs.ladybird.enable
Whether to enable the Ladybird web browser.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/ladybird.nix>
|
programs.lazygit.enable
Whether to enable lazygit, a simple terminal UI for git commands.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/lazygit.nix>
|
programs.lazygit.package
The lazygit package to use.
Type: package
Default:
pkgs.lazygit
Declared by:
<nixpkgs/nixos/modules/programs/lazygit.nix>
|
programs.lazygit.settings
Lazygit configuration.
See https://github.com/jesseduffield/lazygit/blob/master/docs/Config.md for documentation.
Type: YAML value
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/programs/lazygit.nix>
|
programs.less.enable
Whether to enable less, a file pager.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/less.nix>
|
programs.less.package
The less package to use.
Type: package
Default:
pkgs.less
Declared by:
<nixpkgs/nixos/modules/programs/less.nix>
|
programs.less.clearDefaultCommands
Clear all default commands. You should remember to set the quit key. Otherwise you will not be able to leave less without killing it.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/less.nix>
|
programs.less.commands
Defines new command keys.
Type: attribute set of string
Default:
{ }
Example:
{
h = "noaction 5\\e(";
l = "noaction 5\\e)";
}
Declared by:
<nixpkgs/nixos/modules/programs/less.nix>
|
programs.less.configFile
Path to lesskey configuration file.
configFile
takes precedence over commands
,
clearDefaultCommands
, lineEditingKeys
, and
envVariables
.
Type: null or absolute path
Default:
null
Example:
"${pkgs.my-configs}/lesskey"
Declared by:
<nixpkgs/nixos/modules/programs/less.nix>
|
programs.less.envVariables
Defines environment variables.
Type: attribute set of string
Default:
{
LESS = "-R";
}
Example:
{
LESS = "--quit-if-one-screen";
}
Declared by:
<nixpkgs/nixos/modules/programs/less.nix>
|
programs.less.lessclose
When less closes a file opened in such a way, it will call another program, called the input postprocessor, which may perform any desired clean-up action (such as deleting the replacement file created by LESSOPEN).
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/programs/less.nix>
|
programs.less.lessopen
Before less opens a file, it first gives your input preprocessor a chance to modify the way the contents of the file are displayed.
Type: null or string
Default:
null
Example:
"|${pkgs.lesspipe}/bin/lesspipe.sh %s"
Declared by:
<nixpkgs/nixos/modules/programs/less.nix>
|
programs.less.lineEditingKeys
Defines new line-editing keys.
Type: attribute set of string
Default:
{ }
Example:
{
e = "abort";
}
Declared by:
<nixpkgs/nixos/modules/programs/less.nix>
|
programs.liboping.enable
Whether to enable liboping.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/liboping.nix>
|
programs.light.enable
Whether to install Light backlight control command and udev rules granting access to members of the “video” group.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/light.nix>
|
programs.light.brightnessKeys.enable
Whether to enable brightness control with keyboard keys.
This is mainly useful for minimalistic (desktop) environments. You may want to leave this disabled if you run a feature-rich desktop environment such as KDE, GNOME or Xfce as those handle the brightness keys themselves. However, enabling brightness control with this setting makes the control independent of X, so the keys work in non-graphical ttys, so you might want to consider using this instead of the default offered by the desktop environment.
Enabling this will turn on services.actkbd
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/light.nix>
|
programs.light.brightnessKeys.minBrightness
The minimum authorized brightness value, e.g. to avoid the display going dark.
Type: integer or floating point number between 0 and 100 (both inclusive)
Default:
0.1
Declared by:
<nixpkgs/nixos/modules/programs/light.nix>
|
programs.light.brightnessKeys.step
The percentage value by which to increase/decrease brightness.
Type: signed integer
Default:
10
Declared by:
<nixpkgs/nixos/modules/programs/light.nix>
|
programs.localsend.enable
Whether to enable localsend, an open source cross-platform alternative to AirDrop.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/localsend.nix>
|
programs.localsend.package
The localsend package to use.
Type: package
Default:
pkgs.localsend
Declared by:
<nixpkgs/nixos/modules/programs/localsend.nix>
|
programs.localsend.openFirewall
Whether to enable opening the firewall port 53317 for receiving files.
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/localsend.nix>
|
programs.mdevctl.enable
Whether to enable Mediated Device Management.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/mdevctl.nix>
|
programs.mepo.enable
Whether to enable Mepo, a fast, simple and hackable OSM map viewer.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/mepo.nix>
|
programs.mepo.locationBackends.geoclue
Whether to enable location detection via geoclue
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/programs/mepo.nix>
|
programs.mepo.locationBackends.gpsd
Whether to enable location detection via gpsd. This may require additional configuration of gpsd, see here
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/mepo.nix>
|
programs.mininet.enable
Whether to enable Mininet, an emulator for rapid prototyping of Software Defined Networks.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/mininet.nix>
|
programs.minipro.enable
Whether to enable minipro and its udev rules.
Users of the plugdev
group can interact with connected MiniPRO chip programmers.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/minipro.nix>
|
programs.minipro.package
The minipro package to use.
Type: package
Default:
pkgs.minipro
Declared by:
<nixpkgs/nixos/modules/programs/minipro.nix>
|
programs.miriway.enable
Whether to enable Miriway, a Mir based Wayland compositor. You can manually launch Miriway by executing “exec miriway” on a TTY, or launch it from a display manager. Copy /etc/xdg/xdg-miriway/miriway-shell.config to ~/.config/miriway-shell.config to modify the system-wide configuration on a per-user basis. See https://github.com/Miriway/Miriway, and “miriway --help” for more information.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/miriway.nix>
|
programs.miriway.config
Miriway’s config. This will be installed system-wide. The default will install the miriway package’s barebones example config.
Type: strings concatenated with “\n”
Default:
''
x11-window-title=Miriway (Mir-on-X)
idle-timeout=600
ctrl-alt=t:miriway-terminal # Default "terminal emulator finder"
shell-component=dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY
meta=Left:@dock-left
meta=Right:@dock-right
meta=Space:@toggle-maximized
meta=Home:@workspace-begin
meta=End:@workspace-end
meta=Page_Up:@workspace-up
meta=Page_Down:@workspace-down
ctrl-alt=BackSpace:@exit
''
Example:
''
idle-timeout=300
ctrl-alt=t:weston-terminal
add-wayland-extensions=all
shell-components=dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY
shell-component=waybar
shell-component=wbg Pictures/wallpaper
shell-meta=a:synapse
meta=Left:@dock-left
meta=Right:@dock-right
meta=Space:@toggle-maximized
meta=Home:@workspace-begin
meta=End:@workspace-end
meta=Page_Up:@workspace-up
meta=Page_Down:@workspace-down
ctrl-alt=BackSpace:@exit
''
Declared by:
<nixpkgs/nixos/modules/programs/miriway.nix>
|
programs.mosh.enable
Whether to enable mosh.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/mosh.nix>
|
programs.mosh.package
The mosh package to use.
Type: package
Default:
pkgs.mosh
Declared by:
<nixpkgs/nixos/modules/programs/mosh.nix>
|
programs.mosh.openFirewall
Whether to automatically open the necessary ports in the firewall.
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/mosh.nix>
|
programs.mosh.withUtempter
Whether to enable libutempter for mosh.
This is required so that mosh can write to /var/run/utmp (which can be queried with who
to display currently connected user sessions).
Note, this will add a guid wrapper for the group utmp!
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/mosh.nix>
|
programs.mouse-actions.enable
Whether to install and set up mouse-actions and it’s udev rules.
Note that only users in the “uinput” group will be able to use the package
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/mouse-actions.nix>
|
programs.mouse-actions.package
The mouse-actions package to use.
Type: package
Default:
pkgs.mouse-actions
Example:
mouse-actions-gui
Declared by:
<nixpkgs/nixos/modules/programs/mouse-actions.nix>
|
programs.mouse-actions.autorun
Whether to start a user service to run mouse-actions on startup.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/mouse-actions.nix>
|
programs.msmtp.enable
Whether to enable msmtp - an SMTP client.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/msmtp.nix>
|
programs.msmtp.accounts
Named accounts and their respective configurations. The special name “default” allows a default account to be defined. See msmtp(1) for the available options.
Use programs.msmtp.extraConfig
instead of this attribute set-based
option if ordered account inheritance is needed.
It is advised to use the passwordeval
setting to read the password
from a secret file to avoid having it written in the world-readable
nix store. The password file must end with a newline (\n
).
Type: attribute set of (attribute set)
Default:
{ }
Example:
{
default = {
auth = true;
host = "smtp.example";
passwordeval = "cat /secrets/password.txt";
user = "someone";
};
}
Declared by:
<nixpkgs/nixos/modules/programs/msmtp.nix>
|
programs.msmtp.defaults
Default values applied to all accounts. See msmtp(1) for the available options.
Type: attribute set
Default:
{ }
Example:
{
aliases = "/etc/aliases";
port = 587;
tls = true;
}
Declared by:
<nixpkgs/nixos/modules/programs/msmtp.nix>
|
programs.msmtp.extraConfig
Extra lines to add to the msmtp configuration verbatim. See msmtp(1) for the syntax and available options.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/programs/msmtp.nix>
|
programs.msmtp.setSendmail
Whether to set the system sendmail to msmtp’s.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/programs/msmtp.nix>
|
programs.mtr.enable
Whether to add mtr to the global environment and configure a setcap wrapper for it.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/mtr.nix>
|
programs.mtr.package
The mtr package to use.
Type: package
Default:
pkgs.mtr
Declared by:
<nixpkgs/nixos/modules/programs/mtr.nix>
|
programs.nano.enable
Whether to enable nano, a small user-friendly console text editor.
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/nano.nix>
|
programs.nano.package
The nano package to use.
Type: package
Default:
pkgs.nano
Declared by:
<nixpkgs/nixos/modules/programs/nano.nix>
|
programs.nano.nanorc
The system-wide nano configuration. See nanorc(5).
Type: strings concatenated with “\n”
Default:
""
Example:
''
set nowrap
set tabstospaces
set tabsize 2
''
Declared by:
<nixpkgs/nixos/modules/programs/nano.nix>
|
programs.nano.syntaxHighlight
Whether to enable syntax highlight for various languages.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/programs/nano.nix>
|
programs.nautilus-open-any-terminal.enable
Whether to enable nautilus-open-any-terminal.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/nautilus-open-any-terminal.nix>
|
programs.nautilus-open-any-terminal.terminal
The terminal emulator to add to context-entry of nautilus. Supported terminal emulators are listed in https://github.com/Stunkymonkey/nautilus-open-any-terminal#supported-terminal-emulators.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/programs/nautilus-open-any-terminal.nix>
|
programs.nbd.enable
Whether to enable Network Block Device (nbd) support.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/nbd.nix>
|
programs.neovim.enable
Whether to enable Neovim.
When enabled through this option, Neovim is wrapped to use a
configuration managed by this module. The configuration file in the
user’s home directory at ~/.config/nvim/init.vim
is no longer
loaded by default.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/neovim.nix>
|
programs.neovim.package
The neovim-unwrapped package to use.
Type: package
Default:
pkgs.neovim-unwrapped
Declared by:
<nixpkgs/nixos/modules/programs/neovim.nix>
|
programs.neovim.configure
Generate your init file from your list of plugins and custom commands. Neovim will then be wrapped to load nvim -u /nix/store/«hash»-vimrc
Type: attribute set
Default:
{ }
Example:
{
customRC = ''
" here your custom configuration goes!
'';
packages.myVimPackage = with pkgs.vimPlugins; {
# loaded on launch
start = [ fugitive ];
# manually loadable by calling `:packadd $plugin-name`
opt = [ ];
};
}
Declared by:
<nixpkgs/nixos/modules/programs/neovim.nix>
|
programs.neovim.defaultEditor
When enabled, installs neovim and configures neovim to be the default editor using the EDITOR environment variable.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/neovim.nix>
|
programs.neovim.runtime
Set of files that have to be linked in runtime
.
Type: attribute set of (submodule)
Default:
{ }
Example:
{ "ftplugin/c.vim".text = "setlocal omnifunc=v:lua.vim.lsp.omnifunc"; }
Declared by:
<nixpkgs/nixos/modules/programs/neovim.nix>
|
programs.neovim.runtime.<name>.enable
Whether this runtime directory should be generated. This option allows specific runtime files to be disabled.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/programs/neovim.nix>
|
programs.neovim.runtime.<name>.source
Path of the source file.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/programs/neovim.nix>
|
programs.neovim.runtime.<name>.target
Name of symlink. Defaults to the attribute name.
Type: string
Declared by:
<nixpkgs/nixos/modules/programs/neovim.nix>
|
programs.neovim.runtime.<name>.text
Text of the file.
Type: null or strings concatenated with “\n”
Default:
null
Declared by:
<nixpkgs/nixos/modules/programs/neovim.nix>
|
programs.neovim.viAlias
Symlink vi to nvim binary.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/neovim.nix>
|
programs.neovim.vimAlias
Symlink vim to nvim binary.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/neovim.nix>
|
programs.neovim.withNodeJs
Enable Node provider.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/neovim.nix>
|
programs.neovim.withPython3
Enable Python 3 provider.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/programs/neovim.nix>
|
programs.neovim.withRuby
Enable Ruby provider.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/programs/neovim.nix>
|
programs.nethoscope.enable
Whether to add nethoscope to the global environment and configure a setcap wrapper for it.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/nethoscope.nix>
|
programs.nexttrace.enable
Whether to enable Nexttrace to the global environment and configure a setcap wrapper for it.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/nexttrace.nix>
|
programs.nexttrace.package
The nexttrace package to use.
Type: package
Default:
pkgs.nexttrace
Declared by:
<nixpkgs/nixos/modules/programs/nexttrace.nix>
|
programs.nh.enable
Whether to enable nh, yet another Nix CLI helper.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/nh.nix>
|
programs.nh.package
The nh package to use.
Type: package
Default:
pkgs.nh
Declared by:
<nixpkgs/nixos/modules/programs/nh.nix>
|
programs.nh.clean.enable
Whether to enable periodic garbage collection with nh clean all.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/nh.nix>
|
programs.nh.clean.dates
How often cleanup is performed. Passed to systemd.time
The format is described in systemd.time(7).
Type: (optionally newline-terminated) single-line string
Default:
"weekly"
Declared by:
<nixpkgs/nixos/modules/programs/nh.nix>
|
programs.nh.clean.extraArgs
Options given to nh clean when the service is run automatically.
See nh clean all --help
for more information.
Type: (optionally newline-terminated) single-line string
Default:
""
Example:
"--keep 5 --keep-since 3d"
Declared by:
<nixpkgs/nixos/modules/programs/nh.nix>
|
programs.nh.flake
The path that will be used for the FLAKE
environment variable.
FLAKE
is used by nh as the default flake for performing actions, like nh os switch
.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/programs/nh.nix>
|
programs.niri.enable
Whether to enable Niri, a scrollable-tiling Wayland compositor.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/wayland/niri.nix>
|
programs.niri.package
The niri package to use.
Type: package
Default:
pkgs.niri
Declared by:
<nixpkgs/nixos/modules/programs/wayland/niri.nix>
|
programs.nix-index.enable
Whether to enable nix-index, a file database for nixpkgs.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/nix-index.nix>
|
programs.nix-index.enableBashIntegration
Whether to enable Bash integration.
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/nix-index.nix>
|
programs.nix-index.enableFishIntegration
Whether to enable Fish integration.
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/nix-index.nix>
|
programs.nix-index.enableZshIntegration
Whether to enable Zsh integration.
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/nix-index.nix>
|
programs.nix-index.package
The nix-index package to use.
Type: package
Default:
pkgs.nix-index
Declared by:
<nixpkgs/nixos/modules/programs/nix-index.nix>
|
programs.nix-ld.enable
Whether to enable nix-ld, Documentation: https://github.com/Mic92/nix-ld.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/nix-ld.nix>
|
programs.nix-ld.package
The nix-ld package to use.
Type: package
Default:
pkgs.nix-ld
Declared by:
<nixpkgs/nixos/modules/programs/nix-ld.nix>
|
programs.nix-ld.libraries
Libraries that automatically become available to all programs. The default set includes common libraries.
Type: list of package
Default:
baseLibraries derived from systemd and nix dependencies.
Declared by:
<nixpkgs/nixos/modules/programs/nix-ld.nix>
|
programs.nix-required-mounts.enable
Whether to enable Expose extra paths to the sandbox depending on derivations’ requiredSystemFeatures.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/nix-required-mounts.nix>
|
programs.nix-required-mounts.allowedPatterns
The hook config, describing which paths to mount for which system features
Type: attribute set of (submodule)
Default:
{
opengl.paths = config.hardware.graphics.extraPackages ++ [
config.graphics.opengl.package
pkgs.addDriverRunpath.driverLink
"/dev/dri"
];
}
Example:
{
require-ipfs = {
onFeatures = [
"ifps"
];
paths = [
"/ipfs"
];
};
}
Declared by:
<nixpkgs/nixos/modules/programs/nix-required-mounts.nix>
|
programs.nix-required-mounts.allowedPatterns.<name>.onFeatures
Which requiredSystemFeatures should trigger relaxation of the sandbox
Type: list of string
Default:
[
"‹name›"
]
Declared by:
<nixpkgs/nixos/modules/programs/nix-required-mounts.nix>
|
programs.nix-required-mounts.allowedPatterns.<name>.paths
A list of glob patterns, indicating which paths to expose to the sandbox
Type: list of (absolute path or (submodule))
Declared by:
<nixpkgs/nixos/modules/programs/nix-required-mounts.nix>
|
programs.nix-required-mounts.allowedPatterns.<name>.unsafeFollowSymlinks
Whether to enable Instructs the hook to mount the symlink targets as well, when any of
the paths
contain symlinks. This may not work correctly with glob
patterns.
.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/nix-required-mounts.nix>
|
programs.nix-required-mounts.extraWrapperArgs
List of extra arguments (such as --add-flags -v
) to pass to the hook’s wrapper
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/programs/nix-required-mounts.nix>
|
programs.nix-required-mounts.presets.nvidia-gpu.enable
Whether to enable Declare the support for derivations that require an Nvidia GPU to be
available, e.g. derivations with requiredSystemFeatures = [ "cuda" ]
.
This mounts the corresponding userspace drivers and device nodes in the
sandbox, but only for derivations that request these special features.
You may extend or override the exposed paths via the
programs.nix-required-mounts.allowedPatterns.nvidia-gpu.paths
option.
.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/nix-required-mounts.nix>
|
programs.nm-applet.enable
Whether to enable nm-applet, a NetworkManager control applet for GNOME.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/nm-applet.nix>
|
programs.nm-applet.indicator
Whether to use indicator instead of status icon. It is needed for Appindicator environments, like Enlightenment.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/programs/nm-applet.nix>
|
programs.nncp.enable
Whether to enable NNCP (Node to Node copy) utilities and configuration.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/nncp.nix>
|
programs.nncp.package
The nncp package to use.
Type: package
Default:
pkgs.nncp
Declared by:
<nixpkgs/nixos/modules/programs/nncp.nix>
|
programs.nncp.group
The group under which NNCP files shall be owned. Any member of this group may access the secret keys of this NNCP node.
Type: string
Default:
"uucp"
Declared by:
<nixpkgs/nixos/modules/programs/nncp.nix>
|
programs.nncp.secrets
A list of paths to NNCP configuration files that should not be
in the Nix store. These files are layered on top of the values at
programs.nncp.settings
.
Type: list of string
Example:
[
"/run/keys/nncp.hjson"
]
Declared by:
<nixpkgs/nixos/modules/programs/nncp.nix>
|
programs.nncp.settings
NNCP configuration, see
http://www.nncpgo.org/Configuration.html.
At runtime these settings will be overlayed by the contents of
programs.nncp.secrets
into the file
/run/nncp.hjson
. Node keypairs go in
secrets
, do not specify them in
settings
as they will be leaked into
/nix/store
!
Type: JSON value
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/programs/nncp.nix>
|
programs.noisetorch.enable
Whether to enable noisetorch (+ setcap wrapper), a virtual microphone device with noise suppression.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/noisetorch.nix>
|
programs.noisetorch.package
The noisetorch package to use.
Type: package
Default:
pkgs.noisetorch
Declared by:
<nixpkgs/nixos/modules/programs/noisetorch.nix>
|
programs.npm.enable
Whether to enable npm global config.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/npm.nix>
|
programs.npm.package
The npm package to use.
Type: package
Default:
pkgs.nodePackages.npm
Example:
nodePackages_13_x.npm
Declared by:
<nixpkgs/nixos/modules/programs/npm.nix>
|
programs.npm.npmrc
The system-wide npm configuration. See https://docs.npmjs.com/misc/config.
Type: strings concatenated with “\n”
Default:
''
prefix = ''${HOME}/.npm
''
Example:
''
prefix = ''${HOME}/.npm
https-proxy=proxy.example.com
init-license=MIT
init-author-url=https://www.npmjs.com/
color=true
''
Declared by:
<nixpkgs/nixos/modules/programs/npm.nix>
|
programs.ns-usbloader.enable
Whether to enable ns-usbloader application with udev rules applied.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/ns-usbloader.nix>
|
programs.obs-studio.enable
Whether to enable Free and open source software for video recording and live streaming.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/obs-studio.nix>
|
programs.obs-studio.enableVirtualCamera
Installs and sets up the v4l2loopback kernel module, necessary for OBS to start a virtual camera.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/obs-studio.nix>
|
programs.obs-studio.package
The obs-studio package to use.
Type: null or package
Default:
pkgs.obs-studio
Example:
obs-studio
Declared by:
<nixpkgs/nixos/modules/programs/obs-studio.nix>
|
programs.obs-studio.plugins
Optional OBS plugins.
Type: list of package
Default:
[ ]
Example:
[ pkgs.obs-studio-plugins.wlrobs ]
Declared by:
<nixpkgs/nixos/modules/programs/obs-studio.nix>
|
programs.oddjobd.enable
Whether to enable oddjob, a D-Bus service which runs odd jobs on behalf of client applications.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/oddjobd.nix>
|
programs.oddjobd.package
The oddjob package to use.
Type: package
Default:
pkgs.oddjob
Declared by:
<nixpkgs/nixos/modules/programs/oddjobd.nix>
|
programs.opengamepadui.enable
Whether to enable opengamepadui.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/opengamepadui.nix>
|
programs.opengamepadui.package
The OpenGamepadUI package to use.
Type: package
Default:
pkgs.opengamepadui
Declared by:
<nixpkgs/nixos/modules/programs/opengamepadui.nix>
|
programs.opengamepadui.args
Arguments to be passed to OpenGamepadUI
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/programs/opengamepadui.nix>
|
programs.opengamepadui.extraPackages
Additional packages to add to the OpenGamepadUI environment.
Type: list of package
Default:
[ ]
Example:
with pkgs; [
gamescope
]
Declared by:
<nixpkgs/nixos/modules/programs/opengamepadui.nix>
|
programs.opengamepadui.fontPackages
Font packages to use in OpenGamepadUI.
Defaults to system fonts, but could be overridden to use other fonts — useful for users who would like to customize CJK fonts used in opengamepadui. According to the upstream issue, opengamepadui only follows the per-user fontconfig configuration.
Type: list of package
Default:
builtins.filter lib.types.package.check config.fonts.packages
Example:
with pkgs; [ source-han-sans ]
Declared by:
<nixpkgs/nixos/modules/programs/opengamepadui.nix>
|
programs.opengamepadui.gamescopeSession
Run a GameScope driven OpenGamepadUI session from your display-manager
Type: submodule
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/programs/opengamepadui.nix>
|
programs.opengamepadui.gamescopeSession.enable
Whether to enable GameScope Session.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/opengamepadui.nix>
|
programs.opengamepadui.gamescopeSession.args
Arguments to be passed to GameScope for the session.
Type: list of string
Default:
[
"--prefer-output"
"*,eDP-1"
"--xwayland-count"
"2"
"--default-touch-mode"
"4"
"--hide-cursor-delay"
"3000"
"--fade-out-duration"
"200"
"--steam"
]
Declared by:
<nixpkgs/nixos/modules/programs/opengamepadui.nix>
|
programs.opengamepadui.gamescopeSession.env
Environmental variables to be passed to GameScope for the session.
Type: attribute set of string
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/programs/opengamepadui.nix>
|
programs.opengamepadui.inputplumber.enable
Whether to enable Run InputPlumber service for input management and gamepad configuration. .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/opengamepadui.nix>
|
programs.opengamepadui.powerstation.enable
Whether to enable Run PowerStation service for TDP control and performance settings. .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/opengamepadui.nix>
|
programs.openvpn3.enable
Whether to enable the openvpn3 client.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/openvpn3.nix>
|
programs.openvpn3.package
The openvpn3 package to use.
Type: package
Default:
pkgs.openvpn3
Declared by:
<nixpkgs/nixos/modules/programs/openvpn3.nix>
|
programs.openvpn3.log-service
Log service configuration
Type: submodule
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/programs/openvpn3.nix>
|
programs.openvpn3.log-service.settings
Options stored in /etc/openvpn3/log-service.json
configuration file
Type: JSON value
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/programs/openvpn3.nix>
|
programs.openvpn3.log-service.settings.journald
Use systemd-journald
Type: boolean
Default:
true
Example:
false
Declared by:
<nixpkgs/nixos/modules/programs/openvpn3.nix>
|
programs.openvpn3.log-service.settings.log_dbus_details
Add D-Bus details in log file/syslog
Type: boolean
Default:
true
Example:
false
Declared by:
<nixpkgs/nixos/modules/programs/openvpn3.nix>
|
programs.openvpn3.log-service.settings.log_level
How verbose should the logging be
Type: integer between 0 and 7 (both inclusive)
Default:
3
Example:
6
Declared by:
<nixpkgs/nixos/modules/programs/openvpn3.nix>
|
programs.openvpn3.log-service.settings.timestamp
Add timestamp log file
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/openvpn3.nix>
|
programs.openvpn3.netcfg
Network configuration
Type: submodule
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/programs/openvpn3.nix>
|
programs.openvpn3.netcfg.settings
Options stored in /etc/openvpn3/netcfg.json
configuration file
Type: JSON value
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/programs/openvpn3.nix>
|
programs.openvpn3.netcfg.settings.systemd_resolved
Whether to use systemd-resolved integration
Type: boolean
Default:
config.services.resolved.enable
Example:
false
Declared by:
<nixpkgs/nixos/modules/programs/openvpn3.nix>
|
programs.partition-manager.enable
Whether to enable KDE Partition Manager.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/partition-manager.nix>
|
programs.partition-manager.package
The partitionmanager package to use.
Type: package
Default:
pkgs.libsForQt5.partitionmanager
Declared by:
<nixpkgs/nixos/modules/programs/partition-manager.nix>
|
programs.pay-respects.enable
Whether to enable pay-respects, an app which corrects your previous console command.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/pay-respects.nix>
|
programs.pay-respects.package
The pay-respects package to use.
Type: package
Default:
pkgs.pay-respects
Declared by:
<nixpkgs/nixos/modules/programs/pay-respects.nix>
|
programs.pay-respects.aiIntegration
Whether to enable pay-respects
’ LLM integration. When there is no rule for a given error, pay-respects
can query an OpenAI-compatible API endpoint for command corrections.
If this is set to false
, all LLM-related features are disabled.
If this is set to true
, the default OpenAI endpoint will be used, using upstream’s API key. This default API key may be rate-limited.
You can also set a custom API endpoint, large language model and locale for command corrections. Simply access the aiIntegration.url
, aiIntegration.model
and aiIntegration.locale
options, as described in the example.
Take a look at the services.ollama NixOS module if you wish to host a local large language model for pay-respects
.
For all of these methods, you can set a custom secret API key by using the _PR_AI_API_KEY
environment variable.
Type: boolean or (submodule)
Default:
false
Example:
{
locale = "nl-be";
model = "llama3";
url = "http://127.0.0.1:11434/v1/chat/completions";
}
Declared by:
<nixpkgs/nixos/modules/programs/pay-respects.nix>
|
programs.pay-respects.alias
pay-respects
needs an alias to be configured.
The default value is f
, but you can use anything else as well.
Type: string
Default:
"f"
Declared by:
<nixpkgs/nixos/modules/programs/pay-respects.nix>
|
programs.pay-respects.runtimeRules
List of rules to be added to /etc/xdg/pay-respects/rules
.
pay-respects
will read the contents of these generated rules to recommend command corrections.
Each rule module should start with the command
attribute that specifies the command name. See the upstream documentation for more information.
Type: list of (TOML value)
Default:
[ ]
Example:
[
{
command = "xl";
match_err = [
{
pattern = [
"Permission denied"
];
suggest = [
''
#[executable(sudo), !cmd_contains(sudo), err_contains(libxl: error:)]
sudo {{command}}
''
];
}
];
}
];
Declared by:
<nixpkgs/nixos/modules/programs/pay-respects.nix>
|
programs.plotinus.enable
Whether to enable the Plotinus GTK 3 plugin. Plotinus provides a popup (triggered by Ctrl-Shift-P) to search the menus of a compatible application.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/plotinus.nix>
|
programs.pqos-wrapper.enable
Whether to enable PQoS Wrapper for BenchExec.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/pqos-wrapper.nix>
|
programs.pqos-wrapper.package
The pqos-wrapper package to use.
Type: package
Default:
pkgs.pqos-wrapper
Declared by:
<nixpkgs/nixos/modules/programs/pqos-wrapper.nix>
|
programs.projecteur.enable
Whether to enable projecteur, an application for the Logitech Spotlight device (and similar).
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/projecteur.nix>
|
programs.projecteur.package
The projecteur package to use.
Type: package
Default:
pkgs.projecteur
Declared by:
<nixpkgs/nixos/modules/programs/projecteur.nix>
|
programs.proxychains.enable
Whether to enable proxychains configuration.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/proxychains.nix>
|
programs.proxychains.package
The proxychains package to use.
Type: package
Default:
pkgs.proxychains
Example:
proxychains-ng
Declared by:
<nixpkgs/nixos/modules/programs/proxychains.nix>
|
programs.proxychains.chain.length
Chain length for random chain.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/programs/proxychains.nix>
|
programs.proxychains.chain.type
dynamic
- Each connection will be done via chained proxies
all proxies chained in the order as they appear in the list
at least one proxy must be online to play in chain
(dead proxies are skipped)
otherwise EINTR
is returned to the app.
strict
- Each connection will be done via chained proxies
all proxies chained in the order as they appear in the list
all proxies must be online to play in chain
otherwise EINTR
is returned to the app.
random
- Each connection will be done via random proxy
(or proxy chain, see programs.proxychains.chain.length
) from the list.
Type: one of “dynamic”, “strict”, “random”
Default:
"strict"
Declared by:
<nixpkgs/nixos/modules/programs/proxychains.nix>
|
programs.proxychains.localnet
By default enable localnet for loopback address ranges.
Type: string
Default:
"127.0.0.0/255.0.0.0"
Declared by:
<nixpkgs/nixos/modules/programs/proxychains.nix>
|
programs.proxychains.proxies
Proxies to be used by proxychains.
Type: attribute set of (submodule)
Example:
{ myproxy =
{ type = "socks4";
host = "127.0.0.1";
port = 1337;
};
}
Declared by:
<nixpkgs/nixos/modules/programs/proxychains.nix>
|
programs.proxychains.proxies.<name>.enable
Whether to enable this proxy.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/proxychains.nix>
|
programs.proxychains.proxies.<name>.host
Proxy host or IP address.
Type: string
Declared by:
<nixpkgs/nixos/modules/programs/proxychains.nix>
|
programs.proxychains.proxies.<name>.port
Proxy port
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Declared by:
<nixpkgs/nixos/modules/programs/proxychains.nix>
|
programs.proxychains.proxies.<name>.type
Proxy type.
Type: one of “http”, “socks4”, “socks5”
Declared by:
<nixpkgs/nixos/modules/programs/proxychains.nix>
|
programs.proxychains.proxyDNS
Proxy DNS requests - no leak for DNS data.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/programs/proxychains.nix>
|
programs.proxychains.quietMode
Whether to enable Quiet mode (no output from the library).
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/proxychains.nix>
|
programs.proxychains.remoteDNSSubnet
Set the class A subnet number to use for the internal remote DNS mapping, uses the reserved 224.x.x.x range by default.
Type: one of 10, 127, 224
Default:
224
Declared by:
<nixpkgs/nixos/modules/programs/proxychains.nix>
|
programs.proxychains.tcpConnectTimeOut
Connection time-out in milliseconds.
Type: signed integer
Default:
8000
Declared by:
<nixpkgs/nixos/modules/programs/proxychains.nix>
|
programs.proxychains.tcpReadTimeOut
Connection read time-out in milliseconds.
Type: signed integer
Default:
15000
Declared by:
<nixpkgs/nixos/modules/programs/proxychains.nix>
|
programs.pulseview.enable
Whether to enable pulseview, a sigrok GUI.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/pulseview.nix>
|
programs.qdmr.enable
Whether to enable QDMR - a GUI application and command line tool for programming DMR radios.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/qdmr.nix>
|
programs.qdmr.package
The qdmr package to use.
Type: package
Default:
pkgs.qdmr
Declared by:
<nixpkgs/nixos/modules/programs/qdmr.nix>
|
programs.qgroundcontrol.enable
Whether to enable qgroundcontrol.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/qgroundcontrol.nix>
|
programs.qgroundcontrol.package
The qgroundcontrol package to use.
Type: package
Default:
pkgs.qgroundcontrol
Declared by:
<nixpkgs/nixos/modules/programs/qgroundcontrol.nix>
|
programs.qgroundcontrol.blacklistModemManagerFromTTYUSB
Disallow ModemManager from interfering with serial connections that QGroundControl might use.
Note that if you use a modem that’s connected via USB, you might want to disable this option.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/programs/qgroundcontrol.nix>
|
programs.quark-goldleaf.enable
Whether to enable quark-goldleaf with udev rules applied.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/quark-goldleaf.nix>
|
programs.regreet.enable
Enable ReGreet, a clean and customizable greeter for greetd.
To use ReGreet, services.greetd
has to be enabled and
services.greetd.settings.default_session
should contain the
appropriate configuration to launch
config.programs.regreet.package
. For examples, see the
ReGreet Readme.
A minimal configuration that launches ReGreet in cage is enabled by this module by default.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/regreet.nix>
|
programs.regreet.package
The regreet package to use.
Type: package
Default:
pkgs.greetd.regreet
Declared by:
<nixpkgs/nixos/modules/programs/regreet.nix>
|
programs.regreet.cageArgs
Additional arguments to be passed to cage.
Type: list of string
Default:
[
"-s"
]
Example:
[ "-s" "-m" "last" ]
Declared by:
<nixpkgs/nixos/modules/programs/regreet.nix>
|
programs.regreet.cursorTheme.package
The package that provides the cursor theme given in the name option.
Type: package
Default:
pkgs.adwaita-icon-theme
Declared by:
<nixpkgs/nixos/modules/programs/regreet.nix>
|
programs.regreet.cursorTheme.name
Name of the cursor theme to use for regreet.
Type: string
Default:
"Adwaita"
Declared by:
<nixpkgs/nixos/modules/programs/regreet.nix>
|
programs.regreet.extraCss
Extra CSS rules to apply on top of the GTK theme. Refer to GTK CSS Properties for modifiable properties.
Type: absolute path or strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/programs/regreet.nix>
|
programs.regreet.font.package
The package that provides the font given in the name option.
Type: package
Default:
pkgs.cantarell-fonts
Declared by:
<nixpkgs/nixos/modules/programs/regreet.nix>
|
programs.regreet.font.name
Name of the font to use for regreet.
Type: string
Default:
"Cantarell"
Declared by:
<nixpkgs/nixos/modules/programs/regreet.nix>
|
programs.regreet.font.size
Size of the font to use for regreet.
Type: positive integer, meaning >0
Default:
16
Declared by:
<nixpkgs/nixos/modules/programs/regreet.nix>
|
programs.regreet.iconTheme.package
The package that provides the icon theme given in the name option.
Type: package
Default:
pkgs.adwaita-icon-theme
Declared by:
<nixpkgs/nixos/modules/programs/regreet.nix>
|
programs.regreet.iconTheme.name
Name of the icon theme to use for regreet.
Type: string
Default:
"Adwaita"
Declared by:
<nixpkgs/nixos/modules/programs/regreet.nix>
|
programs.regreet.settings
ReGreet configuration file. Refer https://github.com/rharish101/ReGreet/blob/main/regreet.sample.toml for options.
Type: TOML value
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/programs/regreet.nix>
|
programs.regreet.theme.package
The package that provides the theme given in the name option.
Type: package
Default:
pkgs.gnome-themes-extra
Declared by:
<nixpkgs/nixos/modules/programs/regreet.nix>
|
programs.regreet.theme.name
Name of the theme to use for regreet.
Type: string
Default:
"Adwaita"
Declared by:
<nixpkgs/nixos/modules/programs/regreet.nix>
|
programs.river.enable
Whether to enable river, a dynamic tiling Wayland compositor.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/wayland/river.nix>
|
programs.river.package
The river package to use. If the package is not overridable with xwaylandSupport
, then the module option
xwayland
will have no effect.
Set to null
to not add any River package to your path.
This should be done if you want to use the Home Manager River module to install River.
Type: null or package
Default:
pkgs.river
Declared by:
<nixpkgs/nixos/modules/programs/wayland/river.nix>
|
programs.river.extraPackages
Extra packages to be installed system wide. See Common X11 apps used on i3 with Wayland alternatives for a list of useful software.
Type: list of package
Default:
with pkgs; [ swaylock foot dmenu ];
Example:
with pkgs; [ termite rofi light ]
Declared by:
<nixpkgs/nixos/modules/programs/wayland/river.nix>
|
programs.river.xwayland.enable
Whether to enable XWayland.
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/wayland/river.nix>
|
programs.rog-control-center.enable
Whether to enable the rog-control-center application.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/rog-control-center.nix>
|
programs.rog-control-center.autoStart
Whether rog-control-center should be started automatically.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/rog-control-center.nix>
|
programs.rust-motd.enable
Whether to enable rust-motd, a Message Of The Day (MOTD) generator.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/rust-motd.nix>
|
programs.rust-motd.enableMotdInSSHD
Whether to let openssh
print the
result when entering a new ssh
-session.
By default either nothing or a static file defined via
users.motd
is printed. Because of that,
the latter option is incompatible with this module.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/programs/rust-motd.nix>
|
programs.rust-motd.order
The order of the sections in programs.rust-motd.settings
.
By default they are ordered alphabetically.
Context: since attribute sets in Nix are always ordered alphabetically internally this means that
{
uptime = { /* ... */ };
banner = { /* ... */ };
}
will still have banner
displayed before uptime
.
To work around that, this option can be used to define the order of all keys, i.e.
{
order = [
"uptime"
"banner"
];
}
makes sure that uptime
is placed before banner
in the motd.
Type: list of string
Default:
attrNames cfg.settings
Declared by:
<nixpkgs/nixos/modules/programs/rust-motd.nix>
|
programs.rust-motd.refreshInterval
Interval in which the motd(5) file is refreshed. For possible formats, please refer to systemd.time(7).
Type: string
Default:
"*:0/5"
Declared by:
<nixpkgs/nixos/modules/programs/rust-motd.nix>
|
programs.rust-motd.settings
Settings on what to generate. Please read the upstream documentation for further information.
Type: attribute set of (TOML value)
Declared by:
<nixpkgs/nixos/modules/programs/rust-motd.nix>
|
programs.ryzen-monitor-ng.enable
Whether to enable ryzen_monitor_ng, a userspace application for setting and getting Ryzen SMU (System Management Unit) parameters via the ryzen_smu kernel driver.
Monitor power information of Ryzen processors via the PM table of the SMU.
SMU Set and Get for many parameters and CO counts.
https://github.com/mann1x/ryzen_monitor_ng
WARNING: Damage cause by use of your AMD processor outside of official AMD specifications or outside of factory settings are not covered under any AMD product warranty and may not be covered by your board or system manufacturer’s warranty .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/ryzen-monitor-ng.nix>
|
programs.ryzen-monitor-ng.package
The ryzen-monitor-ng package to use.
Type: package
Default:
pkgs.ryzen-monitor-ng
Declared by:
<nixpkgs/nixos/modules/programs/ryzen-monitor-ng.nix>
|
programs.schroot.enable
Whether to enable schroot, a lightweight virtualisation tool.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/schroot.nix>
|
programs.schroot.package
The schroot package to use.
Type: package
Default:
pkgs.schroot
Declared by:
<nixpkgs/nixos/modules/programs/schroot.nix>
|
programs.schroot.profiles
Custom configuration profiles for schroot.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/programs/schroot.nix>
|
programs.schroot.profiles.<name>.copyfiles
A list of files to copy into the chroot from the host system.
Type: list of string
Example:
[
"/etc/resolv.conf"
]
Declared by:
<nixpkgs/nixos/modules/programs/schroot.nix>
|
programs.schroot.profiles.<name>.fstab
A file in the format described in fstab(5), used to mount filesystems inside the chroot. The mount location is relative to the root of the chroot.
Type: absolute path
Example:
pkgs.writeText "my-schroot-fstab" ''
/proc /proc none rw,bind 0 0
/sys /sys none rw,bind 0 0
/dev /dev none rw,bind 0 0
/dev/pts /dev/pts none rw,bind 0 0
/home /home none rw,rbind 0 0
/tmp /tmp none rw,bind 0 0
/dev/shm /dev/shm none rw,bind 0 0
/nix /nix none ro,bind 0 0
/run/current-system /run/current-system none rw,bind 0 0
/run/wrappers /run/wrappers none rw,bind 0 0
''
Declared by:
<nixpkgs/nixos/modules/programs/schroot.nix>
|
programs.schroot.profiles.<name>.nssdatabases
System databases (as described in /etc/nsswitch.conf on GNU/Linux systems) to copy into the chroot from the host.
Type: list of string
Example:
[
"passwd"
"shadow"
"group"
"gshadow"
"services"
"protocols"
"networks"
"hosts"
]
Declared by:
<nixpkgs/nixos/modules/programs/schroot.nix>
|
programs.schroot.settings
Schroot configuration settings. For more details, see schroot.conf(5).
Type: attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))
Default:
{ }
Example:
{
noble = {
description = "Ubuntu 24.04 Noble";
directory = "/srv/chroot/noble";
personality = "linux";
preserve-environment = false;
profile = "my-profile";
root-users = "my-user";
shell = "/bin/bash";
type = "directory";
users = "my-user";
};
}
Declared by:
<nixpkgs/nixos/modules/programs/schroot.nix>
|
programs.screen.enable
Whether to enable screen, a basic terminal multiplexer.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/screen.nix>
|
programs.screen.package
The screen package to use.
Type: package
Default:
pkgs.screen
Declared by:
<nixpkgs/nixos/modules/programs/screen.nix>
|
programs.screen.screenrc
The contents of /etc/screenrc
file
Type: strings concatenated with “\n”
Default:
""
Example:
''
defscrollback 10000
startup_message off
''
Declared by:
<nixpkgs/nixos/modules/programs/screen.nix>
|
programs.seahorse.enable
Whether to enable Seahorse, a GNOME application for managing encryption keys and passwords in the GNOME Keyring.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/seahorse.nix>
|
programs.sedutil.enable
Whether to enable sedutil, to manage self encrypting drives that conform to the Trusted Computing Group OPAL 2.0 SSC specification.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/sedutil.nix>
|
programs.sharing.enable
Whether to enable sharing, a CLI tool for sharing files.
Note that it will opens the 7478 port for TCP in the firewall, which is needed for it to function properly .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/sharing.nix>
|
programs.singularity.enable
Whether to install Singularity/Apptainer with system-level overriding such as SUID support.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/singularity.nix>
|
programs.singularity.enableExternalLocalStateDir
Whether to use top-level directories as LOCALSTATEDIR
instead of the store path ones.
This affects the SESSIONDIR of Apptainer/Singularity.
If set to true, the SESSIONDIR will become
/var/lib/${projectName}/mnt/session
.
Type: boolean
Default:
true
Example:
false
Declared by:
<nixpkgs/nixos/modules/programs/singularity.nix>
|
programs.singularity.enableFakeroot
Whether to enable the --fakeroot
support of Singularity/Apptainer.
This option is deprecated and has no effect.
--fakeroot
support is enabled automatically,
as systemBinPaths = [ "/run/wrappers/bin" ]
is always specified.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/programs/singularity.nix>
|
programs.singularity.enableSuid
Whether to enable the SUID support of Singularity/Apptainer.
Type: boolean
Default:
config.services.singularity.package.projectName != "apptainer"
Example:
false
Declared by:
<nixpkgs/nixos/modules/programs/singularity.nix>
|
programs.singularity.package
The singularity package to use.
Type: package
Default:
pkgs.singularity
Example:
apptainer
Declared by:
<nixpkgs/nixos/modules/programs/singularity.nix>
|
programs.singularity.packageOverriden
This option provides access to the overridden result of programs.singularity.package
.
For example, the following configuration makes all the Nixpkgs packages use the overridden singularity
:
{ config, lib, pkgs, ... }:
{
nixpkgs.overlays = [
(final: prev: {
_singularity-orig = prev.singularity;
singularity = config.programs.singularity.packageOverriden;
})
];
programs.singularity.enable = true;
programs.singularity.package = pkgs._singularity-orig;
}
Use lib.mkForce
to forcefully specify the overridden package.
Type: null or package
Default:
null
Declared by:
<nixpkgs/nixos/modules/programs/singularity.nix>
|
programs.singularity.systemBinPaths
(Extra) system-wide /**/bin paths for Apptainer/Singularity to find command-line utilities in.
"/run/wrappers/bin"
is included by default to make
utilities with SUID bit set available to Apptainer/Singularity.
Use lib.mkForce
to shadow the default values.
Type: list of absolute path
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/programs/singularity.nix>
|
programs.skim.package
The skim package to use.
Type: package
Default:
pkgs.skim
Declared by:
<nixpkgs/nixos/modules/programs/skim.nix>
|
programs.skim.fuzzyCompletion
Whether to enable fuzzy completion with skim.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/skim.nix>
|
programs.skim.keybindings
Whether to enable skim keybindings.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/skim.nix>
|
programs.slock.enable
Whether to install slock screen locker with setuid wrapper.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/slock.nix>
|
programs.slock.package
The slock package to use.
Type: package
Default:
pkgs.slock
Declared by:
<nixpkgs/nixos/modules/programs/slock.nix>
|
programs.sniffnet.enable
Whether to enable sniffnet, a network traffic monitor application.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/sniffnet.nix>
|
programs.soundmodem.enable
Whether to add Soundmodem to the global environment and configure a wrapper for ‘soundmodemconfig’ for users in the ‘soundmodem’ group.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/soundmodem.nix>
|
programs.soundmodem.package
The soundmodem package to use.
Type: package
Default:
pkgs.soundmodem
Declared by:
<nixpkgs/nixos/modules/programs/soundmodem.nix>
|
programs.spacefm.enable
Whether to install SpaceFM and create /etc/spacefm/spacefm.conf
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/spacefm.nix>
|
programs.spacefm.settings
The system-wide spacefm configuration.
Parameters to be written to /etc/spacefm/spacefm.conf
.
Refer to the relevant entry in the SpaceFM manual.
Type: attribute set
Default:
{
tmp_dir = "/tmp";
terminal_su = "${pkgs.sudo}/bin/sudo";
}
Declared by:
<nixpkgs/nixos/modules/programs/spacefm.nix>
|
programs.ssh.enableAskPassword
Whether to configure SSH_ASKPASS in the environment.
Type: boolean
Default:
config.services.xserver.enable
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.package
The openssh package to use.
Type: package
Default:
pkgs.openssh
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.agentPKCS11Whitelist
A pattern-list of acceptable paths for PKCS#11 shared libraries that may be used with the -s option to ssh-add.
Type: null or string
Default:
null
Example:
"${pkgs.opensc}/lib/opensc-pkcs11.so"
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.agentTimeout
How long to keep the private keys in memory. Use null to keep them forever.
Type: null or string
Default:
null
Example:
"1h"
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.askPassword
Program used by SSH to ask for passwords.
Type: string
Default:
"${pkgs.x11_ssh_askpass}/libexec/x11-ssh-askpass"
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.ciphers
Specifies the ciphers allowed and their order of preference.
Type: null or (list of string)
Default:
null
Example:
[
"chacha20-poly1305@openssh.com"
"aes256-gcm@openssh.com"
]
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.extraConfig
Extra configuration text prepended to ssh_config
. Other generated
options will be added after a Host *
pattern.
See ssh_config(5)
for help.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.forwardX11
Whether to request X11 forwarding on outgoing connections by default. If set to null, the option is not set at all. This is useful for running graphical programs on the remote machine and have them display to your local X11 server. Historically, this value has depended on the value used by the local sshd daemon, but there really isn’t a relation between the two. Note: there are some security risks to forwarding an X11 connection. NixOS’s X server is built with the SECURITY extension, which prevents some obvious attacks. To enable or disable forwarding on a per-connection basis, see the -X and -x options to ssh. The -Y option to ssh enables trusted forwarding, which bypasses the SECURITY extension.
Type: null or boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.hostKeyAlgorithms
Specifies the host key algorithms that the client wants to use in order of preference.
Type: list of string
Default:
[ ]
Example:
[
"ssh-ed25519"
"ssh-rsa"
]
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.kexAlgorithms
Specifies the available KEX (Key Exchange) algorithms.
Type: null or (list of string)
Default:
null
Example:
[
"curve25519-sha256@libssh.org"
"diffie-hellman-group-exchange-sha256"
]
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.knownHosts
The set of system-wide known SSH hosts. To make simple setups more
convenient the name of an attribute in this set is used as a host name
for the entry. This behaviour can be disabled by setting
hostNames
explicitly. You can use
extraHostNames
to add additional host names without
disabling this default.
Type: attribute set of (submodule)
Default:
{ }
Example:
{
myhost = {
extraHostNames = [ "myhost.mydomain.com" "10.10.1.4" ];
publicKeyFile = ./pubkeys/myhost_ssh_host_dsa_key.pub;
};
"myhost2.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIRuJ8p1Fi+m6WkHV0KWnRfpM1WxoW8XAS+XvsSKsTK";
"myhost2.net/dsa" = {
hostNames = [ "myhost2.net" ];
publicKeyFile = ./pubkeys/myhost2_ssh_host_dsa_key.pub;
};
}
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.knownHosts.<name>.certAuthority
This public key is an SSH certificate authority, rather than an individual host’s key.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.knownHosts.<name>.extraHostNames
A list of additional host names and/or IP numbers used for
accessing the host’s ssh service. This list is ignored if
hostNames
is set explicitly.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.knownHosts.<name>.hostNames
A list of host names and/or IP numbers used for accessing
the host’s ssh service. This list includes the name of the
containing knownHosts
attribute by default
for convenience. If you wish to configure multiple host keys
for the same host use multiple knownHosts
entries with different attribute names and the same
hostNames
list.
Type: list of string
Default:
[ ‹name› ] ++ config.programs.ssh.knownHosts.<name>.extraHostNames
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.knownHosts.<name>.publicKey
The public key data for the host. You can fetch a public key from a running SSH server with the ssh-keyscan command. The public key should not include any host names, only the key type and the key itself.
Type: null or string
Default:
null
Example:
"ecdsa-sha2-nistp521 AAAAE2VjZHN...UEPg=="
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.knownHosts.<name>.publicKeyFile
The path to the public key file for the host. The public
key file is read at build time and saved in the Nix store.
You can fetch a public key file from a running SSH server
with the ssh-keyscan command. The content
of the file should follow the same format as described for
the publicKey
option. Only a single key
is supported. If a host has multiple keys, use
programs.ssh.knownHostsFiles
instead.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.knownHostsFiles
Files containing SSH host keys to set as global known hosts.
/etc/ssh/ssh_known_hosts
(which is
generated by programs.ssh.knownHosts
) is
always included.
Type: list of absolute path
Default:
[ ]
Example:
[
./known_hosts
(writeText "github.keys" ''
github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
'')
]
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.macs
Specifies the MAC (message authentication code) algorithms in order of preference. The MAC algorithm is used for data integrity protection.
Type: null or (list of string)
Default:
null
Example:
[
"hmac-sha2-512-etm@openssh.com"
"hmac-sha1"
]
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.pubkeyAcceptedKeyTypes
Specifies the key lib.types that will be used for public key authentication.
Type: list of string
Default:
[ ]
Example:
[
"ssh-ed25519"
"ssh-rsa"
]
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.setXAuthLocation
Whether to set the path to xauth for X11-forwarded connections. This causes a dependency on X11 packages.
Type: boolean
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.startAgent
Whether to start the OpenSSH agent when you log in. The OpenSSH agent remembers private keys for you so that you don’t have to type in passphrases every time you make an SSH connection. Use ssh-add to add a key to the agent.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.starship.enable
Whether to enable the Starship shell prompt.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/starship.nix>
|
programs.starship.package
The starship package to use.
Type: package
Default:
pkgs.starship
Declared by:
<nixpkgs/nixos/modules/programs/starship.nix>
|
programs.starship.interactiveOnly
Whether to enable starship only when the shell is interactive. Some plugins require this to be set to false to function correctly .
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/starship.nix>
|
programs.starship.presets
Presets files to be merged with settings in order.
Type: list of string
Default:
[ ]
Example:
[
"nerd-font-symbols"
]
Declared by:
<nixpkgs/nixos/modules/programs/starship.nix>
|
programs.starship.settings
Configuration included in starship.toml
.
See https://starship.rs/config/#prompt for documentation.
Type: TOML value
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/programs/starship.nix>
|
programs.steam.enable
Whether to enable steam.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/steam.nix>
|
programs.steam.package
The Steam package to use. Additional libraries are added from the system configuration to ensure graphics work properly.
Use this option to customise the Steam package rather than adding your
custom Steam to environment.systemPackages
yourself.
Type: package
Default:
pkgs.steam
Example:
pkgs.steam.override {
extraEnv = {
MANGOHUD = true;
OBS_VKCAPTURE = true;
RADV_TEX_ANISO = 16;
};
extraLibraries = p: with p; [
atk
];
}
Declared by:
<nixpkgs/nixos/modules/programs/steam.nix>
|
programs.steam.dedicatedServer.openFirewall
Open ports in the firewall for Source Dedicated Server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/steam.nix>
|
programs.steam.extest.enable
Whether to enable Load the extest library into Steam, to translate X11 input events to uinput events (e.g. for using Steam Input on Wayland) .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/steam.nix>
|
programs.steam.extraCompatPackages
Extra packages to be used as compatibility tools for Steam on Linux. Packages will be included
in the STEAM_EXTRA_COMPAT_TOOLS_PATHS
environmental variable. For more information see
https://github.com/ValveSoftware/steam-for-linux/issues/6310.
These packages must be Steam compatibility tools that have a steamcompattool
output.
Type: list of package
Default:
[ ]
Example:
with pkgs; [
proton-ge-bin
]
Declared by:
<nixpkgs/nixos/modules/programs/steam.nix>
|
programs.steam.extraPackages
Additional packages to add to the Steam environment.
Type: list of package
Default:
[ ]
Example:
with pkgs; [
gamescope
]
Declared by:
<nixpkgs/nixos/modules/programs/steam.nix>
|
programs.steam.fontPackages
Font packages to use in Steam.
Defaults to system fonts, but could be overridden to use other fonts — useful for users who would like to customize CJK fonts used in Steam. According to the upstream issue, Steam only follows the per-user fontconfig configuration.
Type: list of package
Default:
builtins.filter lib.types.package.check config.fonts.packages
Example:
with pkgs; [ source-han-sans ]
Declared by:
<nixpkgs/nixos/modules/programs/steam.nix>
|
programs.steam.gamescopeSession
Run a GameScope driven Steam session from your display-manager
Type: submodule
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/programs/steam.nix>
|
programs.steam.gamescopeSession.enable
Whether to enable GameScope Session.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/steam.nix>
|
programs.steam.gamescopeSession.args
Arguments to be passed to GameScope for the session.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/programs/steam.nix>
|
programs.steam.gamescopeSession.env
Environmental variables to be passed to GameScope for the session.
Type: attribute set of string
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/programs/steam.nix>
|
programs.steam.localNetworkGameTransfers.openFirewall
Open ports in the firewall for Steam Local Network Game Transfers.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/steam.nix>
|
programs.steam.protontricks.enable
Whether to enable protontricks, a simple wrapper for running Winetricks commands for Proton-enabled games.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/steam.nix>
|
programs.steam.protontricks.package
The protontricks package to use.
Type: package
Default:
pkgs.protontricks
Declared by:
<nixpkgs/nixos/modules/programs/steam.nix>
|
programs.steam.remotePlay.openFirewall
Open ports in the firewall for Steam Remote Play.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/steam.nix>
|
programs.streamcontroller.enable
Whether to enable StreamController.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/streamcontroller.nix>
|
programs.streamcontroller.package
The streamcontroller package to use.
Type: package
Default:
pkgs.streamcontroller
Declared by:
<nixpkgs/nixos/modules/programs/streamcontroller.nix>
|
programs.streamdeck-ui.enable
Whether to enable streamdeck-ui.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/streamdeck-ui.nix>
|
programs.streamdeck-ui.package
The streamdeck-ui package to use.
Type: package
Default:
pkgs.streamdeck-ui
Declared by:
<nixpkgs/nixos/modules/programs/streamdeck-ui.nix>
|
programs.streamdeck-ui.autoStart
Whether streamdeck-ui should be started automatically.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/programs/streamdeck-ui.nix>
|
programs.sway.enable
Whether to enable Sway, the i3-compatible tiling Wayland compositor. You can manually launch Sway by executing “exec sway” on a TTY. Copy /etc/sway/config to ~/.config/sway/config to modify the default configuration. See https://github.com/swaywm/sway/wiki and “man 5 sway” for more information.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/wayland/sway.nix>
|
programs.sway.package
The sway package to use. If the package is not overridable with extraSessionCommands
, extraOptions
,
withBaseWrapper
, withGtkWrapper
, enableXWayland
and isNixOS
,
then the module options wrapperFeatures
, extraSessionCommands
,
extraOptions
and xwayland
will have no effect.
Set to null
to not add any Sway package to your path.
This should be done if you want to use the Home Manager Sway module to install Sway.
Type: null or package
Default:
pkgs.sway
Declared by:
<nixpkgs/nixos/modules/programs/wayland/sway.nix>
|
programs.sway.extraOptions
Command line arguments passed to launch Sway. Please DO NOT report issues if you use an unsupported GPU (proprietary drivers).
Type: list of string
Default:
[ ]
Example:
[
"--verbose"
"--debug"
"--unsupported-gpu"
]
Declared by:
<nixpkgs/nixos/modules/programs/wayland/sway.nix>
|
programs.sway.extraPackages
Extra packages to be installed system wide. See https://github.com/swaywm/sway/wiki/Useful-add-ons-for-sway and https://github.com/swaywm/sway/wiki/i3-Migration-Guide#common-x11-apps-used-on-i3-with-wayland-alternatives for a list of useful software.
Type: list of package
Default:
with pkgs; [ brightnessctl foot grim pulseaudio swayidle swaylock wmenu ];
Example:
with pkgs; [ i3status i3status-rust termite rofi light ]
Declared by:
<nixpkgs/nixos/modules/programs/wayland/sway.nix>
|
programs.sway.extraSessionCommands
Shell commands executed just before Sway is started. See https://github.com/swaywm/sway/wiki/Running-programs-natively-under-wayland and https://github.com/swaywm/wlroots/blob/master/docs/env_vars.md for some useful environment variables.
Type: strings concatenated with “\n”
Default:
""
Example:
''
# SDL:
export SDL_VIDEODRIVER=wayland
# QT (needs qt5.qtwayland in systemPackages):
export QT_QPA_PLATFORM=wayland-egl
export QT_WAYLAND_DISABLE_WINDOWDECORATION="1"
# Fix for some Java AWT applications (e.g. Android Studio),
# use this if they aren't displayed properly:
export _JAVA_AWT_WM_NONREPARENTING=1
''
Declared by:
<nixpkgs/nixos/modules/programs/wayland/sway.nix>
|
programs.sway.wrapperFeatures.base
Whether to enable the base wrapper to execute extra session commands and prepend a dbus-run-session to the sway command.
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/wayland/sway.nix>
|
programs.sway.wrapperFeatures.gtk
Whether to enable the wrapGAppsHook wrapper to execute sway with required environment variables for GTK applications.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/wayland/sway.nix>
|
programs.sway.xwayland.enable
Whether to enable XWayland.
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/wayland/sway.nix>
|
programs.sysdig.enable
Whether to enable sysdig, a tracing tool.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/sysdig.nix>
|
programs.system-config-printer.enable
Whether to enable system-config-printer, a Graphical user interface for CUPS administration.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/system-config-printer.nix>
|
programs.systemtap.enable
Install systemtap along with necessary kernel options.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/systemtap.nix>
|
programs.tcpdump.enable
Whether to configure a setcap wrapper for tcpdump.
To use it, add your user to the pcap
group.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/tcpdump.nix>
|
programs.thefuck.enable
Whether to enable thefuck, an app which corrects your previous console command.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/thefuck.nix>
|
programs.thefuck.alias
thefuck
needs an alias to be configured.
The default value is fuck
, but you can use anything else as well.
Type: string
Default:
"fuck"
Declared by:
<nixpkgs/nixos/modules/programs/thefuck.nix>
|
programs.thunar.enable
Whether to enable Thunar, the Xfce file manager.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/thunar.nix>
|
programs.thunar.plugins
List of thunar plugins to install.
Type: list of package
Default:
[ ]
Example:
with pkgs.xfce; [ thunar-archive-plugin thunar-volman ]
Declared by:
<nixpkgs/nixos/modules/programs/thunar.nix>
|
programs.thunderbird.enable
Whether to enable Thunderbird mail client.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/thunderbird.nix>
|
programs.thunderbird.package
The thunderbird package to use.
Type: package
Default:
pkgs.thunderbird
Declared by:
<nixpkgs/nixos/modules/programs/thunderbird.nix>
|
programs.thunderbird.policies
Group policies to install.
See Thunderbird’s documentation for a list of available options.
This can be used to install extensions declaratively! Check out the
documentation of the ExtensionSettings
policy for details.
Type: JSON value
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/programs/thunderbird.nix>
|
programs.thunderbird.preferences
Preferences to set from about:config
.
Some of these might be able to be configured more ergonomically using policies.
Type: attribute set of (boolean or signed integer or string)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/programs/thunderbird.nix>
|
programs.thunderbird.preferencesStatus
The status of thunderbird.preferences
.
status
can assume the following values:
"default"
: Preferences appear as default.
"locked"
: Preferences appear as default and can’t be changed.
"user"
: Preferences appear as changed.
"clear"
: Value has no effect. Resets to factory defaults on each startup.
Type: one of “default”, “locked”, “user”, “clear”
Default:
"locked"
Declared by:
<nixpkgs/nixos/modules/programs/thunderbird.nix>
|
programs.tmux.enable
Whenever to configure tmux system-wide.
Type: boolean
Default:
false
Related packages:
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.package
The tmux package to use.
Type: package
Default:
pkgs.tmux
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.aggressiveResize
Resize the window to the size of the smallest session for which it is the current window.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.baseIndex
Base index for windows and panes.
Type: signed integer
Default:
0
Example:
1
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.clock24
Use 24 hour clock.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.customPaneNavigationAndResize
Override the hjkl and HJKL bindings for pane navigation and resizing in VI mode.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.escapeTime
Time in milliseconds for which tmux waits after an escape is input.
Type: signed integer
Default:
500
Example:
0
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.extraConfig
Additional contents of /etc/tmux.conf, to be run after sourcing plugins.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.extraConfigBeforePlugins
Additional contents of /etc/tmux.conf, to be run before sourcing plugins.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.historyLimit
Maximum number of lines held in window history.
Type: signed integer
Default:
2000
Example:
5000
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.keyMode
VI or Emacs style shortcuts.
Type: one of “emacs”, “vi”
Default:
"emacs"
Example:
"vi"
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.newSession
Automatically spawn a session if trying to attach and none are running.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.plugins
List of plugins to install.
Type: list of package
Default:
[ ]
Example:
[ pkgs.tmuxPlugins.nord ]
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.resizeAmount
Number of lines/columns when resizing.
Type: signed integer
Default:
5
Example:
10
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.reverseSplit
Reverse the window split shortcuts.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.secureSocket
Store tmux socket under /run, which is more secure than /tmp, but as a downside it doesn’t survive user logout.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.shortcut
Ctrl following by this key is used as the main shortcut.
Type: string
Default:
"b"
Example:
"a"
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.terminal
Set the $TERM variable. Use tmux-direct if italics or 24bit true color support is needed.
Type: string
Default:
"screen"
Example:
"screen-256color"
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.withUtempter
Whether to enable libutempter for tmux.
This is required so that tmux can write to /var/run/utmp (which can be queried with who
to display currently connected user sessions).
Note, this will add a guid wrapper for the group utmp!
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.traceroute.enable
Whether to configure a setcap wrapper for traceroute.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/traceroute.nix>
|
programs.trippy.enable
Whether to enable trippy, a network diagnostic tool.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/trippy.nix>
|
programs.tsmClient.enable
Whether to enable IBM Storage Protect (Tivoli Storage Manager, TSM) client command line applications with a client system-options file “dsm.sys” .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/tsm-client.nix>
|
programs.tsmClient.package
The tsm-client package to use. It will be used with .override
to add paths to the client system-options file.
Type: package
Default:
pkgs.tsm-client
Example:
tsm-client-withGui
Declared by:
<nixpkgs/nixos/modules/programs/tsm-client.nix>
|
programs.tsmClient.defaultServername
If multiple server stanzas are declared with
programs.tsmClient.servers
,
this option may be used to name a default
server stanza that IBM TSM uses in the absence of
a user-defined dsm.opt
file.
This option translates to a
defaultserver
configuration line.
Type: null or string matching the pattern [^[:space:]]{1,64}
Default:
null
Example:
"mainTsmServer"
Declared by:
<nixpkgs/nixos/modules/programs/tsm-client.nix>
|
programs.tsmClient.dsmSysText
This configuration key contains the effective text of the client system-options file “dsm.sys”. It should not be changed, but may be used to feed the configuration into other TSM-depending packages used on the system.
Type: strings concatenated with “\n” (read only)
Declared by:
<nixpkgs/nixos/modules/programs/tsm-client.nix>
|
programs.tsmClient.servers
Server definitions (“stanzas”)
for the client system-options file.
The name of each entry will be used for
the internal servername
by default.
Each attribute will be transformed into a line
with a key-value pair within the server’s stanza.
Integers as values will be
canonically turned into strings.
The boolean value true
will be turned
into a line with just the attribute’s name.
The value null
will not generate a line.
A list as values generates an entry for
each value, according to the rules above.
Type: attribute set of (attribute set of (one of true, <null> or signed integer or absolute path or (optionally newline-terminated) single-line string or list of (one of true, <null> or signed integer or absolute path or (optionally newline-terminated) single-line string)))
Default:
{ }
Example:
{
mainTsmServer = {
compression = "yes";
nodename = "MY-TSM-NODE";
tcpserveraddress = "tsmserver.company.com";
};
}
Declared by:
<nixpkgs/nixos/modules/programs/tsm-client.nix>
|
programs.tsmClient.servers.<name>.genPasswd
Whether to enable automatic client password generation.
This option does not cause a line in
dsm.sys
by itself, but generates a
corresponding passwordaccess
directive.
The password will be stored in the directory
given by the option passworddir
.
Caution:
If this option is enabled and the server forces
to renew the password (e.g. on first connection),
a random password will be generated and stored
.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/tsm-client.nix>
|
programs.tsmClient.servers.<name>.inclexcl
Text lines with include.*
and exclude.*
directives
to be used when sending files to the IBM TSM server,
or an absolute path pointing to a file with such lines.
Type: (null or absolute path) or strings concatenated with “\n” convertible to it
Default:
null
Example:
''
exclude.dir /nix/store
include.encrypt /home/.../*
''
Declared by:
<nixpkgs/nixos/modules/programs/tsm-client.nix>
|
programs.tsmClient.servers.<name>.nodename
Target node name on the IBM TSM server.
Type: non-empty string
Example:
"MY-TSM-NODE"
Declared by:
<nixpkgs/nixos/modules/programs/tsm-client.nix>
|
programs.tsmClient.servers.<name>.passworddir
Directory that holds the TSM node’s password information.
Type: null or absolute path
Default:
null
Example:
"/home/alice/tsm-password"
Declared by:
<nixpkgs/nixos/modules/programs/tsm-client.nix>
|
programs.tsmClient.servers.<name>.servername
Local name of the IBM TSM server, must not contain space or more than 64 chars.
Type: string matching the pattern [^[:space:]]{1,64}
Default:
"‹name›"
Example:
"mainTsmServer"
Declared by:
<nixpkgs/nixos/modules/programs/tsm-client.nix>
|
programs.tsmClient.servers.<name>.tcpport
TCP port of the IBM TSM server. TSM does not support ports above 32767.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
1500
Declared by:
<nixpkgs/nixos/modules/programs/tsm-client.nix>
|
programs.tsmClient.servers.<name>.tcpserveraddress
Host/domain name or IP address of the IBM TSM server.
Type: non-empty string
Example:
"tsmserver.company.com"
Declared by:
<nixpkgs/nixos/modules/programs/tsm-client.nix>
|
programs.tsmClient.wrappedPackage
The tsm-client package to use. This option is to provide the effective derivation, wrapped with the path to the client system-options file “dsm.sys”. It should not be changed, but exists for other modules that want to call TSM executables.
Type: package (read only)
Declared by:
<nixpkgs/nixos/modules/programs/tsm-client.nix>
|
programs.turbovnc.ensureHeadlessSoftwareOpenGL
Whether to set up NixOS such that TurboVNC’s built-in software OpenGL implementation works.
This will enable hardware.graphics.enable
so that OpenGL
programs can find Mesa’s llvmpipe drivers.
Setting this option to false
does not mean that software
OpenGL won’t work; it may still work depending on your system
configuration.
This option is also intended to generate warnings if you are using some configuration that’s incompatible with using headless software OpenGL in TurboVNC.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/turbovnc.nix>
|
programs.tuxclocker.enable
Whether to enable TuxClocker, a hardware control and monitoring program .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/tuxclocker.nix>
|
programs.tuxclocker.enableAMD
Whether to enable AMD GPU controls.
Sets the amdgpu.ppfeaturemask
kernel parameter to 0xfffd7fff to enable all TuxClocker controls
.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/tuxclocker.nix>
|
programs.tuxclocker.enabledNVIDIADevices
Enable NVIDIA GPU controls for a device by index.
Sets the Coolbits
Xorg option to enable all TuxClocker controls.
Type: list of signed integer
Default:
[ ]
Example:
[
0
1
]
Declared by:
<nixpkgs/nixos/modules/services/misc/tuxclocker.nix>
|
programs.tuxclocker.useUnfree
Whether to use components requiring unfree dependencies. Disabling this allows you to get everything from the binary cache.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/tuxclocker.nix>
|
programs.udevil.enable
Whether to enable udevil, to mount filesystems without password.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/udevil.nix>
|
programs.usbtop.enable
Whether to enable usbtop and required kernel module, to show estimated USB bandwidth.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/usbtop.nix>
|
programs.uwsm.enable
Whether to enable uwsm, which wraps standalone Wayland compositors with a set
of Systemd units on the fly. This essentially
binds the wayland compositor into graphical-session-pre.target
,
graphical-session.target
, xdg-desktop-autostart.target
.
This is useful for Wayland compositors like Hyprland, Sway, Wayfire, etc. that do not start these targets and services on their own.
You must configure waylandCompositors
suboptions as well
so that UWSM knows which compositors to manage.
Additionally, this by default uses dbus-broker
as the dbus
implementation for better compatibility. If you dislike this behavior
you can set services.dbus.implementation = lib.mkForce "dbus"
in your configuration.
If you are having trouble starting a service that depends on
graphical-session.target
, while using a WM, enabling this option
might help
.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/wayland/uwsm.nix>
|
programs.uwsm.package
The uwsm package to use.
Type: package
Default:
pkgs.uwsm
Declared by:
<nixpkgs/nixos/modules/programs/wayland/uwsm.nix>
|
programs.uwsm.waylandCompositors
Configuration for UWSM-managed Wayland Compositors. This creates a desktop entry file which will be used by Display Managers like GDM, to allow starting the UWSM managed session.
Type: attribute set of (submodule)
Example:
hyprland = {
prettyName = "Hyprland";
comment = "Hyprland compositor managed by UWSM";
binPath = "/run/current-system/sw/bin/Hyprland";
};
sway = {
prettyName = "Sway";
comment = "Sway compositor managed by UWSM";
binPath = "/run/current-system/sw/bin/sway";
};
Declared by:
<nixpkgs/nixos/modules/programs/wayland/uwsm.nix>
|
programs.uwsm.waylandCompositors.<name>.binPath
The wayland-compositor binary path that will be called by UWSM.
It is recommended to use the /run/current-system/sw/bin/
path
instead of lib.getExe pkgs.<compositor>
to avoid version mismatch
of the compositor used by UWSM and the one installed in the system.
Type: absolute path
Example:
"/run/current-system/sw/bin/ExampleCompositor"
Declared by:
<nixpkgs/nixos/modules/programs/wayland/uwsm.nix>
|
programs.uwsm.waylandCompositors.<name>.comment
The comment field of the desktop entry file.
Type: string
Default:
"An intelligent Wayland compositor managed by UWSM."
Declared by:
<nixpkgs/nixos/modules/programs/wayland/uwsm.nix>
|
programs.uwsm.waylandCompositors.<name>.prettyName
The full name of the desktop entry file.
Type: string
Example:
"ExampleWaylandCompositor"
Declared by:
<nixpkgs/nixos/modules/programs/wayland/uwsm.nix>
|
programs.vim.enable
Whether to enable Vi IMproved, an advanced text.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/vim.nix>
|
programs.vim.package
The vim package to use.
Type: package
Default:
pkgs.vim
Example:
vim-full
Declared by:
<nixpkgs/nixos/modules/programs/vim.nix>
|
programs.vim.defaultEditor
Whether to enable vim as the default editor.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/vim.nix>
|
programs.virt-manager.enable
Whether to enable virt-manager, an UI for managing virtual machines in libvirt.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/virt-manager.nix>
|
programs.virt-manager.package
The virt-manager package to use.
Type: package
Default:
pkgs.virt-manager
Declared by:
<nixpkgs/nixos/modules/programs/virt-manager.nix>
|
programs.vivid.enable
Whether to configure LS_COLORS with vivid.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/vivid.nix>
|
programs.vivid.package
The vivid package to use.
Type: package
Default:
pkgs.vivid
Example:
vivid
Declared by:
<nixpkgs/nixos/modules/programs/vivid.nix>
|
programs.vivid.theme
Theme to be used (see vivid themes
)
Type: string
Default:
"gruvbox-dark-soft"
Example:
"solarized-dark"
Declared by:
<nixpkgs/nixos/modules/programs/vivid.nix>
|
programs.wavemon.enable
Whether to add wavemon to the global environment and configure a setcap wrapper for it.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/wavemon.nix>
|
programs.waybar.enable
Whether to enable waybar, a highly customizable Wayland bar for Sway and Wlroots based compositors.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/wayland/waybar.nix>
|
programs.waybar.package
The waybar package to use.
Type: package
Default:
pkgs.waybar
Declared by:
<nixpkgs/nixos/modules/programs/wayland/waybar.nix>
|
programs.wayfire.enable
Whether to enable Wayfire, a wayland compositor based on wlroots.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/wayland/wayfire.nix>
|
programs.wayfire.package
The wayfire package to use.
Type: package
Default:
pkgs.wayfire
Declared by:
<nixpkgs/nixos/modules/programs/wayland/wayfire.nix>
|
programs.wayfire.plugins
Additional plugins to use with the wayfire window manager.
Type: list of package
Default:
with pkgs.wayfirePlugins; [ wcm wf-shell ]
Example:
with pkgs.wayfirePlugins; [
wcm
wf-shell
wayfire-plugins-extra
];
Declared by:
<nixpkgs/nixos/modules/programs/wayland/wayfire.nix>
|
programs.wayfire.xwayland.enable
Whether to enable XWayland.
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/wayland/wayfire.nix>
|
programs.wayland.miracle-wm.enable
Whether to enable miracle-wm, a tiling Mir based Wayland compositor. You can manually launch miracle-wm by executing “exec miracle-wm” on a TTY, or launch it from a display manager. Consult the USERGUIDE.md at https://github.com/mattkae/miracle-wm for information on how to use & configure it .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/wayland/miracle-wm.nix>
|
programs.weylus.enable
Whether to enable weylus, which turns your smart phone into a graphic tablet/touch screen for your computer.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/weylus.nix>
|
programs.weylus.package
The weylus package to use.
Type: package
Default:
pkgs.weylus
Declared by:
<nixpkgs/nixos/modules/programs/weylus.nix>
|
programs.weylus.openFirewall
Open ports needed for the functionality of the program.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/weylus.nix>
|
programs.weylus.users
To enable stylus and multi-touch support, the user you’re going to use must be added to this list. These users can synthesize input events system-wide, even when another user is logged in - untrusted users should not be added.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/programs/weylus.nix>
|
programs.winbox.enable
Whether to enable MikroTik Winbox.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/winbox.nix>
|
programs.winbox.package
The winbox package to use.
Type: package
Default:
pkgs.winbox
Declared by:
<nixpkgs/nixos/modules/programs/winbox.nix>
|
programs.winbox.openFirewall
Whether to open ports for the MikroTik Neighbor Discovery protocol. Required for Winbox neighbor discovery.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/winbox.nix>
|
programs.wireshark.enable
Whether to add Wireshark to the global environment and create a ‘wireshark’
group. To configure what users can capture, set the dumpcap.enable
and
usbmon.enable
options. By default, users in the ‘wireshark’ group are
allowed to capture network traffic but not USB traffic.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/wireshark.nix>
|
programs.wireshark.package
The wireshark-cli package to use.
Type: package
Default:
pkgs.wireshark-cli
Example:
wireshark
Declared by:
<nixpkgs/nixos/modules/programs/wireshark.nix>
|
programs.wireshark.dumpcap.enable
Whether to allow users in the ‘wireshark’ group to capture network traffic. This configures a setcap wrapper for ‘dumpcap’ for users in the ‘wireshark’ group.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/programs/wireshark.nix>
|
programs.wireshark.usbmon.enable
Whether to allow users in the ‘wireshark’ group to capture USB traffic. This adds udev rules to give users in the ‘wireshark’ group read permissions to all devices in the usbmon subsystem.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/wireshark.nix>
|
programs.wshowkeys.enable
Whether to enable wshowkeys (displays keypresses on screen on supported Wayland compositors). It requires root permissions to read input events, but these permissions are dropped after startup.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/wshowkeys.nix>
|
programs.wshowkeys.package
The wshowkeys package to use.
Type: package
Default:
pkgs.wshowkeys
Declared by:
<nixpkgs/nixos/modules/programs/wshowkeys.nix>
|
programs.xastir.enable
Whether to enable Xastir Graphical APRS client.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/xastir.nix>
|
programs.xfconf.enable
Whether to enable Xfconf, the Xfce configuration storage system.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/xfconf.nix>
|
programs.xfs_quota.projects
Setup of xfs_quota projects. Make sure the filesystem is mounted with the pquota option.
Type: attribute set of (submodule)
Default:
{ }
Example:
{
projname = {
id = 50;
path = "/xfsprojects/projname";
sizeHardLimit = "50g";
};
}
Declared by:
<nixpkgs/nixos/modules/programs/xfs_quota.nix>
|
programs.xfs_quota.projects.<name>.fileSystem
XFS filesystem hosting the xfs_quota project.
Type: string
Default:
"/"
Declared by:
<nixpkgs/nixos/modules/programs/xfs_quota.nix>
|
programs.xfs_quota.projects.<name>.id
Project ID.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/programs/xfs_quota.nix>
|
programs.xfs_quota.projects.<name>.path
Project directory.
Type: string
Declared by:
<nixpkgs/nixos/modules/programs/xfs_quota.nix>
|
programs.xfs_quota.projects.<name>.sizeHardLimit
Hard limit of the project size.
Type: null or string
Default:
null
Example:
"50g"
Declared by:
<nixpkgs/nixos/modules/programs/xfs_quota.nix>
|
programs.xfs_quota.projects.<name>.sizeSoftLimit
Soft limit of the project size
Type: null or string
Default:
null
Example:
"30g"
Declared by:
<nixpkgs/nixos/modules/programs/xfs_quota.nix>
|
programs.xonsh.enable
Whether to configure xonsh as an interactive shell.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/xonsh.nix>
|
programs.xonsh.package
The xonsh package to use. The argument extraPackages
of this package will be overridden by
the option programs.xonsh.extraPackages
.
Type: package
Default:
pkgs.xonsh
Declared by:
<nixpkgs/nixos/modules/programs/xonsh.nix>
|
programs.xonsh.bashCompletion.enable
Whether to enable bash completions for xonsh.
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/xonsh.nix>
|
programs.xonsh.bashCompletion.package
The bash-completion package to use.
Type: package
Default:
pkgs.bash-completion
Declared by:
<nixpkgs/nixos/modules/programs/xonsh.nix>
|
programs.xonsh.config
Extra text added to the end of /etc/xonsh/xonshrc
,
the system-wide control file for xonsh.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/programs/xonsh.nix>
|
programs.xonsh.extraPackages
Xontribs and extra Python packages to be available in xonsh.
Type: (function that evaluates to a(n) list of package) or (list of package) convertible to it
Default:
ps: [ ]
Example:
ps: with ps; [ numpy xonsh.xontribs.xontrib-vox ]
Declared by:
<nixpkgs/nixos/modules/programs/xonsh.nix>
|
programs.xss-lock.enable
Whether to enable xss-lock.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/xss-lock.nix>
|
programs.xss-lock.extraOptions
Additional command-line arguments to pass to xss-lock.
Type: list of string
Default:
[ ]
Example:
[
"--ignore-sleep"
]
Declared by:
<nixpkgs/nixos/modules/programs/xss-lock.nix>
|
programs.xss-lock.lockerCommand
Locker to be used with xsslock
Type: strings concatenated with " "
Default:
"${pkgs.i3lock}/bin/i3lock"
Example:
"${pkgs.i3lock-fancy}/bin/i3lock-fancy"
Declared by:
<nixpkgs/nixos/modules/programs/xss-lock.nix>
|
programs.xwayland.enable
Whether to enable Xwayland (an X server for interfacing X11 apps with the Wayland protocol).
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/xwayland.nix>
|
programs.xwayland.package
The Xwayland package to use.
Type: absolute path
Default:
pkgs.xwayland.override (oldArgs: {
inherit (config.programs.xwayland) defaultFontPath;
})
Declared by:
<nixpkgs/nixos/modules/programs/xwayland.nix>
|
programs.xwayland.defaultFontPath
Default font path. Setting this option causes Xwayland to be rebuilt.
Type: string
Default:
optionalString config.fonts.fontDir.enable "/run/current-system/sw/share/X11/fonts"
Declared by:
<nixpkgs/nixos/modules/programs/xwayland.nix>
|
programs.yabar.enable
Whether to enable yabar, a status bar for X window managers.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/yabar.nix>
|
programs.yabar.package
The package which contains the yabar
binary.
Nixpkgs provides the yabar
and yabar-unstable
,
so it’s possible to choose.
Type: package
Default:
pkgs.yabar-unstable
Example:
pkgs.yabar
Declared by:
<nixpkgs/nixos/modules/programs/yabar.nix>
|
programs.yabar.bars
List of bars that should be rendered by yabar.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/programs/yabar.nix>
|
programs.yabar.bars.<name>.extra
An attribute set which contains further attributes of a bar.
Type: attribute set of string
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/programs/yabar.nix>
|
programs.yabar.bars.<name>.font
The font that will be used to draw the status bar.
Type: string
Default:
"sans bold 9"
Example:
"Droid Sans, FontAwesome Bold 9"
Declared by:
<nixpkgs/nixos/modules/programs/yabar.nix>
|
programs.yabar.bars.<name>.indicators
Indicators that should be rendered by yabar.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/programs/yabar.nix>
|
programs.yabar.bars.<name>.indicators.<name>.align
Whether to align the indicator at the left or right of the bar.
Type: one of “left”, “center”, “right”
Default:
"left"
Example:
"right"
Declared by:
<nixpkgs/nixos/modules/programs/yabar.nix>
|
programs.yabar.bars.<name>.indicators.<name>.exec
The type of the indicator to be executed.
Type: string
Example:
"YABAR_DATE"
Declared by:
<nixpkgs/nixos/modules/programs/yabar.nix>
|
programs.yabar.bars.<name>.indicators.<name>.extra
An attribute set which contains further attributes of a indicator.
Type: attribute set of (string or signed integer)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/programs/yabar.nix>
|
programs.yabar.bars.<name>.position
The position where the bar will be rendered.
Type: one of “top”, “bottom”
Default:
"top"
Example:
"bottom"
Declared by:
<nixpkgs/nixos/modules/programs/yabar.nix>
|
programs.yazi.enable
Whether to enable yazi terminal file manager.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/yazi.nix>
|
programs.yazi.package
The yazi package to use.
Type: package
Default:
pkgs.yazi
Declared by:
<nixpkgs/nixos/modules/programs/yazi.nix>
|
programs.yazi.flavors
Pre-made themes.
See https://yazi-rs.github.io/docs/flavors/overview/ for documentation.
Type: attribute set of (absolute path or package)
Default:
{ }
Example:
{
foo = ./foo;
bar = pkgs.bar;
}
Declared by:
<nixpkgs/nixos/modules/programs/yazi.nix>
|
programs.yazi.initLua
The init.lua for Yazi itself.
Type: null or absolute path
Default:
null
Example:
./init.lua
Declared by:
<nixpkgs/nixos/modules/programs/yazi.nix>
|
programs.yazi.plugins
Lua plugins.
See https://yazi-rs.github.io/docs/plugins/overview/ for documentation.
Type: attribute set of (absolute path or package)
Default:
{ }
Example:
{
foo = ./foo;
bar = pkgs.bar;
}
Declared by:
<nixpkgs/nixos/modules/programs/yazi.nix>
|
programs.yazi.settings
Configuration included in $YAZI_CONFIG_HOME
.
Type: submodule
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/programs/yazi.nix>
|
programs.yazi.settings.keymap
Configuration included in keymap.toml
.
See https://yazi-rs.github.io/docs/configuration/keymap/ for documentation.
Type: TOML value
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/programs/yazi.nix>
|
programs.yazi.settings.theme
Configuration included in theme.toml
.
See https://yazi-rs.github.io/docs/configuration/theme/ for documentation.
Type: TOML value
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/programs/yazi.nix>
|
programs.yazi.settings.yazi
Configuration included in yazi.toml
.
See https://yazi-rs.github.io/docs/configuration/yazi/ for documentation.
Type: TOML value
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/programs/yazi.nix>
|
programs.ydotool.enable
Whether to enable ydotoold system service and ydotool for members of
programs.ydotool.group
.
.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/ydotool.nix>
|
programs.ydotool.group
Group which users must be in to use ydotool.
Type: string
Default:
"ydotool"
Declared by:
<nixpkgs/nixos/modules/programs/ydotool.nix>
|
programs.yubikey-touch-detector.enable
Whether to enable yubikey-touch-detector.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/yubikey-touch-detector.nix>
|
programs.yubikey-touch-detector.libnotify
If set to true, yubikey-touch-detctor will send notifications using libnotify
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/programs/yubikey-touch-detector.nix>
|
programs.yubikey-touch-detector.unixSocket
If set to true, yubikey-touch-detector will send notifications to a unix socket
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/programs/yubikey-touch-detector.nix>
|
programs.yubikey-touch-detector.verbose
Enables verbose logging
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/yubikey-touch-detector.nix>
|
programs.zmap.enable
Whether to enable ZMap, a network scanner designed for Internet-wide network surveys.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/zmap.nix>
|
programs.zsh.enable
Whether to configure zsh as an interactive shell. To enable zsh for
a particular user, use the users.users.<name?>.shell
option for that user. To enable zsh system-wide use the
users.defaultUserShell
option.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
|
programs.zsh.enableBashCompletion
Enable compatibility with bash’s programmable completion system.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
|
programs.zsh.enableCompletion
Enable zsh completion for all interactive zsh shells.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
|
programs.zsh.enableGlobalCompInit
Enable execution of compinit call for all interactive zsh shells.
This option can be disabled if the user wants to extend its
fpath
and a custom compinit
call in the local config is required.
Type: boolean
Default:
config.programs.zsh.enableCompletion
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
|
programs.zsh.enableLsColors
Enable extra colors in directory listings (used by ls
and tree
).
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
|
programs.zsh.autosuggestions.enable
Whether to enable zsh-autosuggestions.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh-autosuggestions.nix>
|
programs.zsh.autosuggestions.async
Whether to fetch suggestions asynchronously
Type: boolean
Default:
true
Example:
false
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh-autosuggestions.nix>
|
programs.zsh.autosuggestions.extraConfig
Attribute set with additional configuration values
Type: attribute set of string
Default:
{ }
Example:
{
"ZSH_AUTOSUGGEST_BUFFER_MAX_SIZE" = "20";
}
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh-autosuggestions.nix>
|
programs.zsh.autosuggestions.highlightStyle
Highlight style for suggestions ({fore,back}ground color)
Type: string
Default:
"fg=8"
Example:
"fg=cyan"
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh-autosuggestions.nix>
|
programs.zsh.autosuggestions.strategy
ZSH_AUTOSUGGEST_STRATEGY
is an array that specifies how suggestions should be generated.
The strategies in the array are tried successively until a suggestion is found.
There are currently three built-in strategies to choose from:
history
: Chooses the most recent match from history.
completion
: Chooses a suggestion based on what tab-completion would suggest. (requires zpty
module)
match_prev_cmd
: Like history
, but chooses the most recent match whose preceding history item matches
the most recently executed command. Note that this strategy won’t work as expected with ZSH options that
don’t preserve the history order such as HIST_IGNORE_ALL_DUPS
or HIST_EXPIRE_DUPS_FIRST
.
Type: list of (one of “history”, “completion”, “match_prev_cmd”)
Default:
[
"history"
]
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh-autosuggestions.nix>
|
programs.zsh.histFile
Change history file.
Type: string
Default:
"$HOME/.zsh_history"
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
|
programs.zsh.histSize
Change history size.
Type: signed integer
Default:
2000
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
|
programs.zsh.interactiveShellInit
Shell script code called during interactive zsh shell initialisation.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
|
programs.zsh.loginShellInit
Shell script code called during zsh login shell initialisation.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
|
programs.zsh.ohMyZsh.enable
Enable oh-my-zsh.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/programs/zsh/oh-my-zsh.nix>
|
programs.zsh.ohMyZsh.package
The oh-my-zsh package to use.
Type: package
Default:
pkgs.oh-my-zsh
Declared by:
<nixpkgs/nixos/modules/programs/zsh/oh-my-zsh.nix>
|
programs.zsh.ohMyZsh.cacheDir
Cache directory to be used by oh-my-zsh
.
Without this option it would default to the read-only nix store.
Type: string
Default:
"$HOME/.cache/oh-my-zsh"
Declared by:
<nixpkgs/nixos/modules/programs/zsh/oh-my-zsh.nix>
|
programs.zsh.ohMyZsh.custom
Path to a custom oh-my-zsh package to override config of oh-my-zsh.
(Can’t be used along with customPkgs
).
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/programs/zsh/oh-my-zsh.nix>
|
programs.zsh.ohMyZsh.customPkgs
List of custom packages that should be loaded into oh-my-zsh
.
Type: list of package
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/programs/zsh/oh-my-zsh.nix>
|
programs.zsh.ohMyZsh.plugins
List of oh-my-zsh plugins
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/programs/zsh/oh-my-zsh.nix>
|
programs.zsh.ohMyZsh.preLoaded
Shell commands executed before the oh-my-zsh
is loaded.
For example, to disable async git prompt write zstyle ':omz:alpha:lib:git' async-prompt no
(more information https://github.com/ohmyzsh/ohmyzsh?tab=readme-ov-file#async-git-prompt)
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/programs/zsh/oh-my-zsh.nix>
|
programs.zsh.ohMyZsh.theme
Name of the theme to be used by oh-my-zsh.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/programs/zsh/oh-my-zsh.nix>
|
programs.zsh.promptInit
Shell script code used to initialise the zsh prompt.
Type: strings concatenated with “\n”
Default:
''
# Note that to manually override this in ~/.zshrc you should run `prompt off`
# before setting your PS1 and etc. Otherwise this will likely to interact with
# your ~/.zshrc configuration in unexpected ways as the default prompt sets
# a lot of different prompt variables.
autoload -U promptinit && promptinit && prompt suse && setopt prompt_sp
''
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
|
programs.zsh.setOptions
Configure zsh options. See zshoptions(1).
Type: list of string
Default:
[
"HIST_IGNORE_DUPS"
"SHARE_HISTORY"
"HIST_FCNTL_LOCK"
]
Example:
[
"EXTENDED_HISTORY"
"RM_STAR_WAIT"
]
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
|
programs.zsh.shellAliases
Set of aliases for zsh shell, which overrides environment.shellAliases
.
See environment.shellAliases
for an option format description.
Type: attribute set of (null or string or absolute path)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
|
programs.zsh.shellInit
Shell script code called during zsh shell initialisation.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
|
programs.zsh.syntaxHighlighting.enable
Whether to enable zsh-syntax-highlighting.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh-syntax-highlighting.nix>
|
programs.zsh.syntaxHighlighting.highlighters
Specifies the highlighters to be used by zsh-syntax-highlighting.
The following defined options can be found here: https://github.com/zsh-users/zsh-syntax-highlighting/blob/master/docs/highlighters.md
Type: list of (one of “main”, “brackets”, “pattern”, “cursor”, “regexp”, “root”, “line”)
Default:
[
"main"
]
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh-syntax-highlighting.nix>
|
programs.zsh.syntaxHighlighting.patterns
Specifies custom patterns to be highlighted by zsh-syntax-highlighting.
Please refer to the docs for more information about the usage: https://github.com/zsh-users/zsh-syntax-highlighting/blob/master/docs/highlighters/pattern.md
Type: attribute set of string
Default:
{ }
Example:
{
"rm -rf *" = "fg=white,bold,bg=red";
}
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh-syntax-highlighting.nix>
|
programs.zsh.syntaxHighlighting.styles
Specifies custom styles to be highlighted by zsh-syntax-highlighting.
Please refer to the docs for more information about the usage: https://github.com/zsh-users/zsh-syntax-highlighting/blob/master/docs/highlighters/main.md
Type: attribute set of string
Default:
{ }
Example:
{
"alias" = "fg=magenta,bold";
}
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh-syntax-highlighting.nix>
|
programs.zsh.vteIntegration
Whether to enable Zsh integration for VTE terminals. This allows it to preserve the current directory of the shell across terminals.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/config/vte.nix>
|
programs.zsh.zsh-autoenv.enable
Whether to enable zsh-autoenv.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh-autoenv.nix>
|
programs.zsh.zsh-autoenv.package
The zsh-autoenv package to use.
Type: package
Default:
pkgs.zsh-autoenv
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh-autoenv.nix>
|
qt.enable
Whether to enable Qt configuration, including theming.
Enabling this option is necessary for Qt plugins to work in the
installed profiles (e.g.: nix-env -i
or environment.systemPackages
).
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/config/qt.nix>
|
qt.platformTheme
Selects the platform theme to use for Qt applications.
The options are
gnome
: Use GNOME theme with qgnomeplatform
gtk2
: Use GTK theme with qtstyleplugins
kde
: Use Qt settings from Plasma.
lxqt
: Use LXQt style set using the lxqt-config-appearance
application.
qt5ct
: Use Qt style set using the qt5ct
and qt6ct applications.
Type: null or one of “gnome”, “gtk2”, “kde”, “lxqt”, “qt5ct”
Default:
null
Example:
"gnome"
Related packages:
Declared by:
<nixpkgs/nixos/modules/config/qt.nix>
|
qt.style
Selects the style to use for Qt applications.
The options are
adwaita
, adwaita-dark
, adwaita-highcontrast
, adawaita-highcontrastinverse
:
Use Adwaita Qt style with
adwaita
breeze
: Use the Breeze style from
breeze
bb10bright
, bb10dark
, cleanlooks
, gtk2
, motif
, plastique
:
Use styles from
qtstyleplugins
kvantum
: Use styles from
kvantum
Type: null or one of “adwaita”, “adwaita-dark”, “adwaita-highcontrast”, “adwaita-highcontrastinverse”, “bb10bright”, “bb10dark”, “breeze”, “cde”, “cleanlooks”, “gtk2”, “kvantum”, “motif”, “plastique”
Default:
null
Example:
"adwaita"
Related packages:
Declared by:
<nixpkgs/nixos/modules/config/qt.nix>
|
security.enableWrappers
Whether to enable SUID/SGID wrappers.
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
|
security.acme.acceptTerms
Accept the CA’s terms of service. The default provider is Let’s Encrypt, you can find their ToS at https://letsencrypt.org/repository/.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs
Attribute set of certificates to get signed and renewed. Creates
acme-${cert}.{service,timer}
systemd units for
each certificate defined here. Other services can add dependencies
to those units if they rely on the certificates being present,
or trigger restarts of the service if certificates get renewed.
Type: attribute set of (submodule)
Default:
{ }
Example:
{
"example.com" = {
webroot = "/var/lib/acme/acme-challenge/";
email = "foo@example.com";
extraDomainNames = [ "www.example.com" "foo.example.com" ];
};
"bar.example.com" = {
webroot = "/var/lib/acme/acme-challenge/";
email = "bar@example.com";
};
}
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.enableDebugLogs
Whether to enable debug logging for this certificate.
Type: boolean
Default:
config.security.acme.defaults.enableDebugLogs
Example:
true
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.credentialFiles
Environment variables suffixed by “_FILE” to set for the cert’s service for your selected dnsProvider. To find out what values you need to set, consult the documentation at https://go-acme.github.io/lego/dns/ for the corresponding dnsProvider. This allows to securely pass credential files to lego by leveraging systemd credentials.
Type: attribute set of absolute path
Default:
config.security.acme.defaults.credentialFiles
Example:
{
"RFC2136_TSIG_SECRET_FILE" = "/run/secrets/tsig-secret-example.org";
}
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.directory
Directory where certificate and other state is stored.
Type: string (read only)
Default:
"/var/lib/acme/‹name›"
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.dnsPropagationCheck
Toggles lego DNS propagation check, which is used alongside DNS-01 challenge to ensure the DNS entries required are available.
Type: boolean
Default:
config.security.acme.defaults.dnsPropagationCheck
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.dnsProvider
DNS Challenge provider. For a list of supported providers, see the “code” field of the DNS providers listed at https://go-acme.github.io/lego/dns/.
Type: null or string
Default:
config.security.acme.defaults.dnsProvider
Example:
"route53"
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.dnsResolver
Set the resolver to use for performing recursive DNS queries. Supported: host:port. The default is to use the system resolvers, or Google’s DNS resolvers if the system’s cannot be determined.
Type: null or string
Default:
config.security.acme.defaults.dnsResolver
Example:
"1.1.1.1:53"
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.domain
Domain to fetch certificate for (defaults to the entry name).
Type: string
Default:
"‹name›"
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.email
Email address for account creation and correspondence from the CA. It is recommended to use the same email for all certs to avoid account creation limits.
Type: null or string
Default:
config.security.acme.defaults.email
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.environmentFile
Path to an EnvironmentFile for the cert’s service containing any required and optional environment variables for your selected dnsProvider. To find out what values you need to set, consult the documentation at https://go-acme.github.io/lego/dns/ for the corresponding dnsProvider.
Type: null or absolute path
Default:
config.security.acme.defaults.environmentFile
Example:
"/var/src/secrets/example.org-route53-api-token"
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.extraDomainNames
A list of extra domain names, which are included in the one certificate to be issued.
Type: list of string
Default:
[ ]
Example:
[
"example.org"
"mydomain.org"
]
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.extraLegoFlags
Additional global flags to pass to all lego commands.
Type: list of string
Default:
config.security.acme.defaults.extraLegoFlags
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.extraLegoRenewFlags
Additional flags to pass to lego renew.
Type: list of string
Default:
config.security.acme.defaults.extraLegoRenewFlags
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.extraLegoRunFlags
Additional flags to pass to lego run.
Type: list of string
Default:
config.security.acme.defaults.extraLegoRunFlags
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.group
Group running the ACME client.
Type: string
Default:
config.security.acme.defaults.group
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.inheritDefaults
Whether to inherit values set in security.acme.defaults
or not.
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.keyType
Key type to use for private keys. For an up to date list of supported values check the --key-type option at https://go-acme.github.io/lego/usage/cli/options/.
Type: string
Default:
config.security.acme.defaults.keyType
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.listenHTTP
Interface and port to listen on to solve HTTP challenges
in the form [INTERFACE]:PORT
.
If you use a port other than 80, you must proxy port 80 to this port.
Type: null or string
Default:
config.security.acme.defaults.listenHTTP
Example:
":1360"
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.ocspMustStaple
Turns on the OCSP Must-Staple TLS extension. Make sure you know what you’re doing! See:
Type: boolean
Default:
config.security.acme.defaults.ocspMustStaple
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.postRun
Commands to run after new certificates go live. Note that these commands run as the root user.
Executed in the same directory with the new certificate.
Type: strings concatenated with “\n”
Default:
config.security.acme.defaults.postRun
Example:
"cp full.pem backup.pem"
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.reloadServices
The list of systemd services to call systemctl try-reload-or-restart
on.
Type: list of string
Default:
config.security.acme.defaults.reloadServices
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.renewInterval
Systemd calendar expression when to check for renewal. See systemd.time(7).
Type: string
Default:
config.security.acme.defaults.renewInterval
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.s3Bucket
S3 bucket name to use for HTTP-01 based challenges. Challenges will be written to the S3 bucket.
Type: null or string
Default:
null
Example:
"acme"
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.server
ACME Directory Resource URI. Defaults to Let’s Encrypt’s production endpoint. For testing Let’s Encrypt’s staging endpoint should be used to avoid the rather tight rate limit on the production endpoint.
Type: null or string
Default:
config.security.acme.defaults.server
Example:
"https://acme-staging-v02.api.letsencrypt.org/directory"
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.validMinDays
Minimum remaining validity before renewal in days.
Type: signed integer
Default:
config.security.acme.defaults.validMinDays
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.webroot
Where the webroot of the HTTP vhost is located.
.well-known/acme-challenge/
directory
will be created below the webroot if it doesn’t exist.
http://example.org/.well-known/acme-challenge/
must also
be available (notice unencrypted HTTP).
Type: null or string
Default:
config.security.acme.defaults.webroot
Example:
"/var/lib/acme/acme-challenge"
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.defaults
Default values inheritable by all configured certs. You can
use this to define options shared by all your certs. These defaults
can also be ignored on a per-cert basis using the
security.acme.certs.${cert}.inheritDefaults
option.
Type: submodule
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.defaults.enableDebugLogs
Whether to enable debug logging for this certificate.
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.defaults.credentialFiles
Environment variables suffixed by “_FILE” to set for the cert’s service for your selected dnsProvider. To find out what values you need to set, consult the documentation at https://go-acme.github.io/lego/dns/ for the corresponding dnsProvider. This allows to securely pass credential files to lego by leveraging systemd credentials.
Type: attribute set of absolute path
Default:
{ }
Example:
{
"RFC2136_TSIG_SECRET_FILE" = "/run/secrets/tsig-secret-example.org";
}
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.defaults.dnsPropagationCheck
Toggles lego DNS propagation check, which is used alongside DNS-01 challenge to ensure the DNS entries required are available.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.defaults.dnsProvider
DNS Challenge provider. For a list of supported providers, see the “code” field of the DNS providers listed at https://go-acme.github.io/lego/dns/.
Type: null or string
Default:
null
Example:
"route53"
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.defaults.dnsResolver
Set the resolver to use for performing recursive DNS queries. Supported: host:port. The default is to use the system resolvers, or Google’s DNS resolvers if the system’s cannot be determined.
Type: null or string
Default:
null
Example:
"1.1.1.1:53"
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.defaults.email
Email address for account creation and correspondence from the CA. It is recommended to use the same email for all certs to avoid account creation limits.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.defaults.environmentFile
Path to an EnvironmentFile for the cert’s service containing any required and optional environment variables for your selected dnsProvider. To find out what values you need to set, consult the documentation at https://go-acme.github.io/lego/dns/ for the corresponding dnsProvider.
Type: null or absolute path
Default:
null
Example:
"/var/src/secrets/example.org-route53-api-token"
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.defaults.extraLegoFlags
Additional global flags to pass to all lego commands.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.defaults.extraLegoRenewFlags
Additional flags to pass to lego renew.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.defaults.extraLegoRunFlags
Additional flags to pass to lego run.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.defaults.group
Group running the ACME client.
Type: string
Default:
"acme"
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.defaults.keyType
Key type to use for private keys. For an up to date list of supported values check the --key-type option at https://go-acme.github.io/lego/usage/cli/options/.
Type: string
Default:
"ec256"
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.defaults.listenHTTP
Interface and port to listen on to solve HTTP challenges
in the form [INTERFACE]:PORT
.
If you use a port other than 80, you must proxy port 80 to this port.
Type: null or string
Default:
null
Example:
":1360"
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.defaults.ocspMustStaple
Turns on the OCSP Must-Staple TLS extension. Make sure you know what you’re doing! See:
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.defaults.postRun
Commands to run after new certificates go live. Note that these commands run as the root user.
Executed in the same directory with the new certificate.
Type: strings concatenated with “\n”
Default:
""
Example:
"cp full.pem backup.pem"
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.defaults.reloadServices
The list of systemd services to call systemctl try-reload-or-restart
on.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.defaults.renewInterval
Systemd calendar expression when to check for renewal. See systemd.time(7).
Type: string
Default:
"daily"
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.defaults.server
ACME Directory Resource URI. Defaults to Let’s Encrypt’s production endpoint. For testing Let’s Encrypt’s staging endpoint should be used to avoid the rather tight rate limit on the production endpoint.
Type: null or string
Default:
"https://acme-v02.api.letsencrypt.org/directory"
Example:
"https://acme-staging-v02.api.letsencrypt.org/directory"
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.defaults.validMinDays
Minimum remaining validity before renewal in days.
Type: signed integer
Default:
30
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.defaults.webroot
Where the webroot of the HTTP vhost is located.
.well-known/acme-challenge/
directory
will be created below the webroot if it doesn’t exist.
http://example.org/.well-known/acme-challenge/
must also
be available (notice unencrypted HTTP).
Type: null or string
Default:
null
Example:
"/var/lib/acme/acme-challenge"
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.maxConcurrentRenewals
Maximum number of concurrent certificate generation or renewal jobs. All other jobs will queue and wait running jobs to finish. Reduces the system load of certificate generation.
Set to 0
to allow unlimited number of concurrent job runs."
Type: signed integer
Default:
5
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.preliminarySelfsigned
Whether a preliminary self-signed certificate should be generated before doing ACME requests. This can be useful when certificates are required in a webserver, but ACME needs the webserver to make its requests.
With preliminary self-signed certificate the webserver can be started and can later reload the correct ACME certificates.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.useRoot
Whether to use the root user when generating certs. This is not recommended for security + compatibility reasons. If a service requires root owned certificates consider following the guide on “Using ACME with services demanding root owned certificates” in the NixOS manual, and only using this as a fallback or for testing.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.allowSimultaneousMultithreading
Whether to allow SMT/hyperthreading. Disabling SMT means that only physical CPU cores will be usable at runtime, potentially at significant performance cost.
The primary motivation for disabling SMT is to mitigate the risk of leaking data between threads running on the same CPU core (due to e.g., shared caches). This attack vector is unproven.
Disabling SMT is a supplement to the L1 data cache flushing mitigation
(see security.virtualisation.flushL1DataCache
)
versus malicious VM guests (SMT could “bring back” previously flushed
data).
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/security/misc.nix>
|
security.allowUserNamespaces
Whether to allow creation of user namespaces.
The motivation for disabling user namespaces is the potential presence of code paths where the kernel’s permission checking logic fails to account for namespacing, instead permitting a namespaced process to act outside the namespace with the same privileges as it would have inside it. This is particularly damaging in the common case of running as root within the namespace.
When user namespace creation is disallowed, attempting to create a user namespace fails with “no space left on device” (ENOSPC). root may re-enable user namespace creation at runtime.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/security/misc.nix>
|
security.apparmor.enable
Whether to enable the AppArmor Mandatory Access Control system.
If you’re enabling this module on a running system, note that a reboot will be required to activate AppArmor in the kernel.
Also, beware that enabling this module privileges stability over security by not trying to kill unconfined but newly confinable running processes by default, though it would be needed because AppArmor can only confine new or already confined processes of an executable. This killing would for instance be necessary when upgrading to a NixOS revision introducing for the first time an AppArmor profile for the executable of a running process.
Enable security.apparmor.killUnconfinedConfinables
if you want this service to do such killing
by sending a SIGTERM
to those running processes.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/security/apparmor.nix>
|
security.apparmor.enableCache
Whether to enable caching of AppArmor policies
in /var/cache/apparmor/
.
Beware that AppArmor policies almost always contain Nix store paths, and thus produce at each change of these paths a new cached version accumulating in the cache.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/security/apparmor.nix>
|
security.apparmor.packages
List of packages to be added to AppArmor’s include path
Type: list of package
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/security/apparmor.nix>
|
security.apparmor.includes
List of paths to be added to AppArmor’s searched paths
when resolving include
directives.
Type: attribute set of strings concatenated with “\n”
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/security/apparmor.nix>
|
security.apparmor.killUnconfinedConfinables
Whether to enable killing of processes which have an AppArmor profile enabled
(in security.apparmor.policies
)
but are not confined (because AppArmor can only confine new processes).
This is only sending a gracious SIGTERM
signal to the processes,
not a SIGKILL
.
Beware that due to a current limitation of AppArmor, only profiles with exact paths (and no name) can enable such kills.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/security/apparmor.nix>
|
security.apparmor.policies
AppArmor policies.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/security/apparmor.nix>
|
security.apparmor.policies.<name>.path
A path of a profile file to include. Incompatible with profile.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/security/apparmor.nix>
|
security.apparmor.policies.<name>.profile
The profile file contents. Incompatible with path.
Type: strings concatenated with “\n”
Declared by:
<nixpkgs/nixos/modules/security/apparmor.nix>
|
security.apparmor.policies.<name>.state
How strictly this policy should be enforced
Type: one of “disable”, “complain”, “enforce”
Default:
"enforce"
Declared by:
<nixpkgs/nixos/modules/security/apparmor.nix>
|
security.audit.enable
Whether to enable the Linux audit system. The special lock
value can be used to
enable auditing and prevent disabling it until a restart. Be careful about locking
this, as it will prevent you from changing your audit configuration until you
restart. If possible, test your configuration using build-vm beforehand.
Type: one of false, true, “lock”
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/audit.nix>
|
security.audit.backlogLimit
The maximum number of outstanding audit buffers allowed; exceeding this is considered a failure and handled in a manner specified by failureMode.
Type: signed integer
Default:
64
Declared by:
<nixpkgs/nixos/modules/security/audit.nix>
|
security.audit.failureMode
How to handle critical errors in the auditing system
Type: one of “silent”, “printk”, “panic”
Default:
"printk"
Declared by:
<nixpkgs/nixos/modules/security/audit.nix>
|
security.audit.rateLimit
The maximum messages per second permitted before triggering a failure as specified by failureMode. Setting it to zero disables the limit.
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/security/audit.nix>
|
security.audit.rules
The ordered audit rules, with each string appearing as one line of the audit.rules file.
Type: list of string
Default:
[ ]
Example:
[
"-a exit,always -F arch=b64 -S execve"
]
Declared by:
<nixpkgs/nixos/modules/security/audit.nix>
|
security.auditd.enable
Whether to enable the Linux Audit daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/security/auditd.nix>
|
security.chromiumSuidSandbox.enable
Whether to install the Chromium SUID sandbox which is an executable that Chromium may use in order to achieve sandboxing.
If you get the error “The SUID sandbox helper binary was found, but is not configured correctly.”, turning this on might help.
Also, if the URL chrome://sandbox tells you that “You are not adequately sandboxed!”, turning this on might resolve the issue.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/chromium-suid-sandbox.nix>
|
security.dhparams.enable
Whether to generate new DH params and clean up old DH params.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/dhparams.nix>
|
security.dhparams.defaultBitSize
This allows to override the default bit size for all of the
Diffie-Hellman parameters set in
security.dhparams.params
.
Type: integer of at least 16 bits
Default:
2048
Declared by:
<nixpkgs/nixos/modules/security/dhparams.nix>
|
security.dhparams.params
Diffie-Hellman parameters to generate.
The value is the size (in bits) of the DH params to generate. The
generated DH params path can be found in
config.security.dhparams.params.«name».path
.
The name of the DH params is taken as being the name of the service it serves and the params will be generated before the said service is started.
If you are removing all dhparams from this list, you
have to leave security.dhparams.enable
for at
least one activation in order to have them be cleaned up. This also
means if you rollback to a version without any dhparams the
existing ones won’t be cleaned up. Of course this only applies if
security.dhparams.stateful
is
true
.
For module implementers: It’s recommended
to not set a specific bit size here, so that users can easily
override this by setting
security.dhparams.defaultBitSize
.
Type: attribute set of ((submodule) or signed integer convertible to it)
Default:
{ }
Example:
{ nginx.bits = 3072; }
Declared by:
<nixpkgs/nixos/modules/security/dhparams.nix>
|
security.dhparams.params.<name>.bits
The bit size for the prime that is used during a Diffie-Hellman key exchange.
Type: integer of at least 16 bits
Default:
config.security.dhparams.defaultBitSize
Declared by:
<nixpkgs/nixos/modules/security/dhparams.nix>
|
security.dhparams.params.<name>.path
The resulting path of the generated Diffie-Hellman parameters
file for other services to reference. This could be either a
store path or a file inside the directory specified by
security.dhparams.path
.
Type: absolute path (read only)
Declared by:
<nixpkgs/nixos/modules/security/dhparams.nix>
|
security.dhparams.path
Path to the directory in which Diffie-Hellman parameters will be
stored. This only is relevant if
security.dhparams.stateful
is
true
.
Type: string
Default:
"/var/lib/dhparams"
Declared by:
<nixpkgs/nixos/modules/security/dhparams.nix>
|
security.dhparams.stateful
Whether generation of Diffie-Hellman parameters should be stateful or
not. If this is enabled, PEM-encoded files for Diffie-Hellman
parameters are placed in the directory specified by
security.dhparams.path
. Otherwise the files are
created within the Nix store.
If this is false
the resulting store
path will be non-deterministic and will be rebuilt every time the
openssl
package changes.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/security/dhparams.nix>
|
security.doas.enable
Whether to enable the doas command, which allows non-root users to execute commands as root.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/doas.nix>
|
security.doas.extraConfig
Extra configuration text appended to doas.conf
. Be aware that
this option cannot be used to override the behaviour allowing
passwordless operation for root.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/security/doas.nix>
|
security.doas.extraRules
Define specific rules to be set in the
/etc/doas.conf
file. More specific rules should
come after more general ones in order to yield the expected behavior.
You can use mkBefore
and/or mkAfter
to ensure
this is the case when configuration options are merged. Be aware that
this option cannot be used to override the behaviour allowing
passwordless operation for root.
Type: list of (submodule)
Default:
[ ]
Example:
[
# Allow execution of any command by any user in group doas, requiring
# a password and keeping any previously-defined environment variables.
{ groups = [ "doas" ]; noPass = false; keepEnv = true; }
# Allow execution of "/home/root/secret.sh" by user `backup` OR user
# `database` OR any member of the group with GID `1006`, without a
# password.
{ users = [ "backup" "database" ]; groups = [ 1006 ];
cmd = "/home/root/secret.sh"; noPass = true; }
# Allow any member of group `bar` to run `/home/baz/cmd1.sh` as user
# `foo` with argument `hello-doas`.
{ groups = [ "bar" ]; runAs = "foo";
cmd = "/home/baz/cmd1.sh"; args = [ "hello-doas" ]; }
# Allow any member of group `bar` to run `/home/baz/cmd2.sh` as user
# `foo` with no arguments.
{ groups = [ "bar" ]; runAs = "foo";
cmd = "/home/baz/cmd2.sh"; args = [ ]; }
# Allow user `abusers` to execute "nano" and unset the value of
# SSH_AUTH_SOCK, override the value of ALPHA to 1, and inherit the
# value of BETA from the current environment.
{ users = [ "abusers" ]; cmd = "nano";
setEnv = [ "-SSH_AUTH_SOCK" "ALPHA=1" "BETA" ]; }
]
Declared by:
<nixpkgs/nixos/modules/security/doas.nix>
|
security.doas.extraRules.*.args
Arguments that must be provided to the command. When set to
[]
, the command must be run without any arguments.
Type: null or (list of string)
Default:
null
Declared by:
<nixpkgs/nixos/modules/security/doas.nix>
|
security.doas.extraRules.*.cmd
The command the user is allowed to run. When set to
null
(the default), all commands are allowed.
NOTE: It is best practice to specify absolute paths. If a relative path is specified, only a restricted PATH will be searched.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/security/doas.nix>
|
security.doas.extraRules.*.groups
The groups / GIDs this rule should apply for.
Type: list of (string or signed integer)
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/security/doas.nix>
|
security.doas.extraRules.*.keepEnv
If true
, environment variables other than those
listed in
doas(1)
are kept when creating the environment for the new process.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/doas.nix>
|
security.doas.extraRules.*.noLog
If true
, successful executions will not be logged
to
syslogd(8).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/doas.nix>
|
security.doas.extraRules.*.noPass
If true
, the user is not required to enter a
password.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/doas.nix>
|
security.doas.extraRules.*.persist
If true
, do not ask for a password again for some
time after the user successfully authenticates.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/doas.nix>
|
security.doas.extraRules.*.runAs
Which user or group the specified command is allowed to run as.
When set to null
(the default), all users are
allowed.
A user can be specified using just the username:
"foo"
. It is also possible to only allow running as
a specific group with ":bar"
.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/security/doas.nix>
|
security.doas.extraRules.*.setEnv
Keep or set the specified variables. Variables may also be
removed with a leading ‘-’ or set using
variable=value
. If the first character of
value
is a ‘$’, the value to be set is taken from
the existing environment variable of the indicated name. This
option is processed after the default environment has been
created.
NOTE: All rules have setenv { SSH_AUTH_SOCK }
by
default. To prevent SSH_AUTH_SOCK
from being
inherited, add "-SSH_AUTH_SOCK"
anywhere in this
list.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/security/doas.nix>
|
security.doas.extraRules.*.users
The usernames / UIDs this rule should apply for.
Type: list of (string or signed integer)
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/security/doas.nix>
|
security.doas.wheelNeedsPassword
Whether users of the wheel
group must provide a password to
run commands as super user via doas.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/security/doas.nix>
|
security.duosec.acceptEnvFactor
Look for factor selection or passcode in the
$DUO_PASSCODE
environment variable before
prompting the user for input.
When $DUO_PASSCODE is non-empty, it will override autopush. The SSH client will need SendEnv DUO_PASSCODE in its configuration, and the SSH server will similarly need AcceptEnv DUO_PASSCODE.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.allowTcpForwarding
By default, when SSH forwarding, enabling Duo Security will disable TCP forwarding. By enabling this, you potentially undermine some of the SSH based login security. Note this is not needed if you use PAM.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.autopush
If true
, Duo Unix will automatically send
a push login request to the user’s phone, falling back on a
phone call if push is unavailable. If
false
, the user will be prompted to
choose an authentication method. When configured with
autopush = yes
, we recommend setting
prompts = 1
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.failmode
On service or configuration errors that prevent Duo authentication, fail “safe” (allow access) or “secure” (deny access). The default is “safe”.
Type: one of “safe”, “secure”
Default:
"safe"
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.fallbackLocalIP
Duo Unix reports the IP address of the authorizing user, for
the purposes of authorization and whitelisting. If Duo Unix
cannot detect the IP address of the client, setting
fallbackLocalIP = yes
will cause Duo Unix
to send the IP address of the server it is running on.
If you are using IP whitelisting, enabling this option could cause unauthorized logins if the local IP is listed in the whitelist.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.groups
If specified, Duo authentication is required only for users whose primary group or supplementary group list matches one of the space-separated pattern lists. Refer to https://duo.com/docs/duounix for details.
Type: string
Default:
""
Example:
"users,!wheel,!*admin guests"
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.host
Duo API hostname.
Type: string
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.integrationKey
Integration key.
Type: string
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.motd
Print the contents of /etc/motd
to screen
after a successful login.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.pam.enable
If enabled, protect logins with Duo Security using PAM support.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.prompts
If a user fails to authenticate with a second factor, Duo Unix will prompt the user to authenticate again. This option sets the maximum number of prompts that Duo Unix will display before denying access. Must be 1, 2, or 3. Default is 3.
For example, when prompts = 1
, the user
will have to successfully authenticate on the first prompt,
whereas if prompts = 2
, if the user
enters incorrect information at the initial prompt, he/she
will be prompted to authenticate again.
When configured with autopush = true
, we
recommend setting prompts = 1
.
Type: one of 1, 2, 3
Default:
3
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.pushinfo
Include information such as the command to be executed in the Duo Push message.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.secretKeyFile
A file containing your secret key. The security of your Duo application is tied to the security of your secret key.
Type: null or absolute path
Default:
null
Example:
"/run/keys/duo-skey"
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.ssh.enable
If enabled, protect SSH logins with Duo Security.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.forcePageTableIsolation
Whether to force-enable the Page Table Isolation (PTI) Linux kernel feature even on CPU models that claim to be safe from Meltdown.
This hardening feature is most beneficial to systems that run untrusted workloads that rely on address space isolation for security.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/misc.nix>
|
security.googleOsLogin.enable
Whether to enable Google OS Login.
The OS Login package enables the following components: AuthorizedKeysCommand to query valid SSH keys from the user’s OS Login profile during ssh authentication phase. NSS Module to provide user and group information PAM Module for the sshd service, providing authorization and authentication support, allowing the system to use data stored in Google Cloud IAM permissions to control both, the ability to log into an instance, and to perform operations as root (sudo).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/google_oslogin.nix>
|
security.ipa.enable
Whether to enable FreeIPA domain integration.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/security/ipa.nix>
|
security.ipa.basedn
Base DN to use when performing LDAP operations.
Type: string
Example:
"dc=example,dc=com"
Declared by:
<nixpkgs/nixos/modules/security/ipa.nix>
|
security.ipa.cacheCredentials
Whether to cache credentials.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/security/ipa.nix>
|
security.ipa.certificate
IPA server CA certificate.
Use nix-prefetch-url http://$server/ipa/config/ca.crt
to
obtain the file and the hash.
Type: package
Example:
pkgs.fetchurl {
url = http://ipa.example.com/ipa/config/ca.crt;
sha256 = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
};
Declared by:
<nixpkgs/nixos/modules/security/ipa.nix>
|
security.ipa.chromiumSupport
Whether to whitelist the FreeIPA domain in Chromium.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/security/ipa.nix>
|
security.ipa.domain
Domain of the IPA server.
Type: string
Example:
"example.com"
Declared by:
<nixpkgs/nixos/modules/security/ipa.nix>
|
security.ipa.dyndns.enable
Whether to enable FreeIPA automatic hostname updates.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/security/ipa.nix>
|
security.ipa.dyndns.interface
Network interface to perform hostname updates through.
Type: string
Default:
"*"
Example:
"eth0"
Declared by:
<nixpkgs/nixos/modules/security/ipa.nix>
|
security.ipa.ifpAllowedUids
A list of users allowed to access the ifp dbus interface.
Type: list of string
Default:
[
"root"
]
Declared by:
<nixpkgs/nixos/modules/security/ipa.nix>
|
security.ipa.ipaHostname
Fully-qualified hostname used to identify this host in the IPA domain.
Type: string
Default:
if config.networking.domain != null then config.networking.fqdn
else "${networking.hostName}.${security.ipa.domain}"
Example:
"myworkstation.example.com"
Declared by:
<nixpkgs/nixos/modules/security/ipa.nix>
|
security.ipa.offlinePasswords
Whether to store offline passwords when the server is down.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/security/ipa.nix>
|
security.ipa.realm
Kerberos realm.
Type: string
Example:
"EXAMPLE.COM"
Declared by:
<nixpkgs/nixos/modules/security/ipa.nix>
|
security.ipa.server
IPA Server hostname.
Type: string
Example:
"ipa.example.com"
Declared by:
<nixpkgs/nixos/modules/security/ipa.nix>
|
security.isolate.enable
Whether to enable Sandbox for securely executing untrusted programs .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/security/isolate.nix>
|
security.isolate.package
The isolate-unwrapped package to use.
Type: package
Default:
pkgs.isolate-unwrapped
Declared by:
<nixpkgs/nixos/modules/security/isolate.nix>
|
security.isolate.boxRoot
All sandboxes are created under this directory. To avoid symlink attacks, this directory and all its ancestors must be writeable only by root.
Type: absolute path
Default:
"/var/lib/isolate/boxes"
Declared by:
<nixpkgs/nixos/modules/security/isolate.nix>
|
security.isolate.cgRoot
Control group which subgroups are placed under.
Either an explicit path to a subdirectory in cgroupfs, or “auto:file” to read
the path from “file”, where it is put by isolate-cg-helper
.
Type: string
Default:
"auto:/run/isolate/cgroup"
Declared by:
<nixpkgs/nixos/modules/security/isolate.nix>
|
security.isolate.extraConfig
Extra configuration to append to the configuration file.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/security/isolate.nix>
|
security.isolate.firstGid
Start of block of GIDs reserved for sandboxes.
Type: integer or floating point number between 1000 and 65533 (both inclusive)
Default:
60000
Declared by:
<nixpkgs/nixos/modules/security/isolate.nix>
|
security.isolate.firstUid
Start of block of UIDs reserved for sandboxes.
Type: integer or floating point number between 1000 and 65533 (both inclusive)
Default:
60000
Declared by:
<nixpkgs/nixos/modules/security/isolate.nix>
|
security.isolate.lockRoot
Directory where lock files are created.
Type: absolute path
Default:
"/run/isolate/locks"
Declared by:
<nixpkgs/nixos/modules/security/isolate.nix>
|
security.isolate.numBoxes
Number of UIDs and GIDs to reserve, starting from
firstUid
and firstGid
.
Type: integer or floating point number between 1000 and 65533 (both inclusive)
Default:
1000
Declared by:
<nixpkgs/nixos/modules/security/isolate.nix>
|
security.isolate.restrictedInit
If true, only root can create sandboxes.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/isolate.nix>
|
security.krb5.enable
Enable and configure Kerberos utilities
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/krb5>
|
security.krb5.package
The krb5 package to use.
Type: package
Default:
pkgs.krb5
Example:
heimdal
Declared by:
<nixpkgs/nixos/modules/security/krb5>
|
security.krb5.settings
Structured contents of the krb5.conf
file. See
krb5.conf(5) for details about configuration.
Type: attribute set of attribute set of ((list of attribute set of ((list of (signed integer or string or boolean)) or signed integer or string or boolean)) or attribute set of ((list of (signed integer or string or boolean)) or signed integer or string or boolean) or (list of (signed integer or string or boolean)) or signed integer or string or boolean)
Default:
{ }
Example:
{
domain_realm = {
"mit.edu" = "ATHENA.MIT.EDU";
};
include = [
"/run/secrets/secret-krb5.conf"
];
includedir = [
"/run/secrets/secret-krb5.conf.d"
];
libdefaults = {
default_realm = "ATHENA.MIT.EDU";
};
logging = {
admin_server = "SYSLOG:NOTICE";
default = "SYSLOG:NOTICE";
kdc = "SYSLOG:NOTICE";
};
realms = {
"ATHENA.MIT.EDU" = {
admin_server = "athena.mit.edu";
kdc = [
"athena01.mit.edu"
"athena02.mit.edu"
];
};
};
}
Declared by:
<nixpkgs/nixos/modules/security/krb5>
|
security.krb5.settings.include
Files to include in the Kerberos configuration.
Type: (list of absolute path) or absolute path convertible to it
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/security/krb5>
|
security.krb5.settings.includedir
Directories containing files to include in the Kerberos configuration.
Type: (list of absolute path) or absolute path convertible to it
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/security/krb5>
|
security.krb5.settings.module
Modules to obtain Kerberos configuration from.
Type: (list of absolute path) or absolute path convertible to it
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/security/krb5>
|
security.lockKernelModules
Disable kernel module loading once the system is fully initialised.
Module loading is disabled until the next reboot. Problems caused
by delayed module loading can be fixed by adding the module(s) in
question to boot.kernelModules
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/lock-kernel-modules.nix>
|
security.loginDefs.package
The shadow package to use.
Type: package
Default:
pkgs.shadow
Declared by:
<nixpkgs/nixos/modules/programs/shadow.nix>
|
security.loginDefs.chfnRestrict
Use chfn SUID to allow non-root users to change their account GECOS information.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/programs/shadow.nix>
|
security.loginDefs.settings
Config options for the /etc/login.defs file, that defines the site-specific configuration for the shadow password suite. See login.defs(5) man page for available options.
Type: attribute set of (atom (null, bool, int, float or string))
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/programs/shadow.nix>
|
security.loginDefs.settings.DEFAULT_HOME
Indicate if login is allowed if we can’t cd to the home directory.
Type: one of “yes”, “no”
Default:
"yes"
Declared by:
<nixpkgs/nixos/modules/programs/shadow.nix>
|
security.loginDefs.settings.ENCRYPT_METHOD
This defines the system default encryption algorithm for encrypting passwords.
Type: one of “YESCRYPT”, “SHA512”, “SHA256”, “MD5”, “DES”
Default:
"YESCRYPT"
Declared by:
<nixpkgs/nixos/modules/programs/shadow.nix>
|
security.loginDefs.settings.GID_MAX
Range of group IDs used for the creation of regular groups by useradd, groupadd, or newusers.
Type: signed integer
Default:
29999
Declared by:
<nixpkgs/nixos/modules/programs/shadow.nix>
|
security.loginDefs.settings.GID_MIN
Range of group IDs used for the creation of regular groups by useradd, groupadd, or newusers.
Type: signed integer
Default:
1000
Declared by:
<nixpkgs/nixos/modules/programs/shadow.nix>
|
security.loginDefs.settings.SYS_GID_MAX
Range of group IDs used for the creation of system groups by useradd, groupadd, or newusers
Type: signed integer
Default:
999
Declared by:
<nixpkgs/nixos/modules/programs/shadow.nix>
|
security.loginDefs.settings.SYS_GID_MIN
Range of group IDs used for the creation of system groups by useradd, groupadd, or newusers
Type: signed integer
Default:
400
Declared by:
<nixpkgs/nixos/modules/programs/shadow.nix>
|
security.loginDefs.settings.SYS_UID_MAX
Range of user IDs used for the creation of system users by useradd or newusers.
Type: signed integer
Default:
999
Declared by:
<nixpkgs/nixos/modules/programs/shadow.nix>
|
security.loginDefs.settings.SYS_UID_MIN
Range of user IDs used for the creation of system users by useradd or newusers.
Type: signed integer
Default:
400
Declared by:
<nixpkgs/nixos/modules/programs/shadow.nix>
|
security.loginDefs.settings.TTYGROUP
The terminal permissions: the login tty will be owned by the TTYGROUP group, and the permissions will be set to TTYPERM
Type: string
Default:
"tty"
Declared by:
<nixpkgs/nixos/modules/programs/shadow.nix>
|
security.loginDefs.settings.TTYPERM
The terminal permissions: the login tty will be owned by the TTYGROUP group, and the permissions will be set to TTYPERM
Type: string
Default:
"0620"
Declared by:
<nixpkgs/nixos/modules/programs/shadow.nix>
|
security.loginDefs.settings.UID_MAX
Range of user IDs used for the creation of regular users by useradd or newusers.
Type: signed integer
Default:
29999
Declared by:
<nixpkgs/nixos/modules/programs/shadow.nix>
|
security.loginDefs.settings.UID_MIN
Range of user IDs used for the creation of regular users by useradd or newusers.
Type: signed integer
Default:
1000
Declared by:
<nixpkgs/nixos/modules/programs/shadow.nix>
|
security.loginDefs.settings.UMASK
The file mode creation mask is initialized to this value.
Type: string
Default:
"077"
Declared by:
<nixpkgs/nixos/modules/programs/shadow.nix>
|
security.pam.enableEcryptfs
Whether to enable eCryptfs PAM module (mounting ecryptfs home directory on login).
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.enableFscrypt
Whether to enable fscrypt, to automatically unlock directories with the user’s login password.
This also enables a service at security.pam.services.fscrypt which is used by fscrypt to verify the user’s password when setting up a new protector. If you use something other than pam_unix to verify user passwords, please remember to adjust this PAM service .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.enableOTPW
Whether to enable the OTPW (one-time password) PAM module.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.package
The pam package to use.
Type: package
Default:
pkgs.pam
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.dp9ik.enable
Whether to enable the dp9ik pam module provided by tlsclient.
If set, users can be authenticated against the 9front
authentication server given in security.pam.dp9ik.authserver
.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.dp9ik.authserver
This controls the hostname for the 9front authentication server that users will be authenticated against.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.dp9ik.control
This option sets the pam “control” used for this module.
Type: string
Default:
"sufficient"
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.krb5.enable
Enables Kerberos PAM modules (pam-krb5
,
pam-ccreds
).
If set, users can authenticate with their Kerberos password.
This requires a valid Kerberos configuration
(security.krb5.enable
should be set to true
).
Note that the Kerberos PAM modules are not necessary when using SSS to handle Kerberos authentication.
Type: boolean
Default:
config.security.krb5.enable
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.loginLimits
Define resource limits that should apply to users or groups.
Each item in the list should be an attribute set with a
domain
, type
,
item
, and value
attribute. The syntax and semantics of these attributes
must be that described in limits.conf(5).
Note that these limits do not apply to systemd services,
whose limits can be changed via systemd.extraConfig
instead.
Type: list of (submodule)
Default:
[ ]
Example:
[
{
domain = "ftp";
item = "nproc";
type = "hard";
value = "0";
}
{
domain = "@student";
item = "maxlogins";
type = "-";
value = "4";
}
]
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.loginLimits.*.domain
Username, groupname, or wildcard this limit applies to
Type: string
Example:
"@wheel"
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.loginLimits.*.item
Item this limit applies to
Type: one of “core”, “data”, “fsize”, “memlock”, “nofile”, “rss”, “stack”, “cpu”, “nproc”, “as”, “maxlogins”, “maxsyslogins”, “priority”, “locks”, “sigpending”, “msgqueue”, “nice”, “rtprio”
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.loginLimits.*.type
Type of this limit
Type: one of “-”, “hard”, “soft”
Default:
"-"
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.loginLimits.*.value
Value of this limit
Type: string or signed integer
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.makeHomeDir.skelDirectory
Path to skeleton directory whose contents are copied to home
directories newly created by pam_mkhomedir
.
Type: string
Default:
"/var/empty"
Example:
"/etc/skel"
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.makeHomeDir.umask
The user file mode creation mask to use on home directories
newly created by pam_mkhomedir
.
Type: string
Default:
"0077"
Example:
"0022"
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.mount.enable
Enable PAM mount system to mount filesystems on user login.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam_mount.nix>
|
security.pam.mount.additionalSearchPaths
Additional programs to include in the search path of pam_mount. Useful for example if you want to use some FUSE filesystems like bindfs.
Type: list of package
Default:
[ ]
Example:
[ pkgs.bindfs ]
Declared by:
<nixpkgs/nixos/modules/security/pam_mount.nix>
|
security.pam.mount.createMountPoints
Create mountpoints for volumes if they do not exist.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/security/pam_mount.nix>
|
security.pam.mount.cryptMountOptions
Global mount options that apply to every crypt volume. You can define volume-specific options in the volume definitions.
Type: list of string
Default:
[ ]
Example:
[ "allow_discard" ]
Declared by:
<nixpkgs/nixos/modules/security/pam_mount.nix>
|
security.pam.mount.debugLevel
Sets the Debug-Level. 0 disables debugging, 1 enables pam_mount tracing, and 2 additionally enables tracing in mount.crypt. The default is 0. For more information, visit https://pam-mount.sourceforge.net/pam_mount.conf.5.html.
Type: signed integer
Default:
0
Example:
1
Declared by:
<nixpkgs/nixos/modules/security/pam_mount.nix>
|
security.pam.mount.extraVolumes
List of volume definitions for pam_mount. For more information, visit https://pam-mount.sourceforge.net/pam_mount.conf.5.html.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/security/pam_mount.nix>
|
security.pam.mount.fuseMountOptions
Global mount options that apply to every FUSE volume. You can define volume-specific options in the volume definitions.
Type: list of string
Default:
[ ]
Example:
[ "nodev" "nosuid" "force-user=%(USER)" "gid=%(USERGID)" "perms=0700" "chmod-deny" "chown-deny" "chgrp-deny" ]
Declared by:
<nixpkgs/nixos/modules/security/pam_mount.nix>
|
security.pam.mount.logoutHup
Kill remaining processes after logout by sending a SIGHUP.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam_mount.nix>
|
security.pam.mount.logoutKill
Kill remaining processes after logout by sending a SIGKILL.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam_mount.nix>
|
security.pam.mount.logoutTerm
Kill remaining processes after logout by sending a SIGTERM.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam_mount.nix>
|
security.pam.mount.logoutWait
Amount of microseconds to wait until killing remaining processes after final logout. For more information, visit https://pam-mount.sourceforge.net/pam_mount.conf.5.html.
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/security/pam_mount.nix>
|
security.pam.mount.removeCreatedMountPoints
Remove mountpoints created by pam_mount after logout. This only affects mountpoints that have been created by pam_mount in the same session.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/security/pam_mount.nix>
|
security.pam.oath.enable
Enable the OATH (one-time password) PAM module.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/oath.nix>
|
security.pam.oath.digits
Specify the lib.length of the one-time password in number of digits.
Type: one of 6, 7, 8
Default:
6
Declared by:
<nixpkgs/nixos/modules/security/oath.nix>
|
security.pam.oath.usersFile
Set the path to file where the user’s credentials are stored. This file must not be world readable!
Type: absolute path
Default:
"/etc/users.oath"
Declared by:
<nixpkgs/nixos/modules/security/oath.nix>
|
security.pam.oath.window
Specify the number of one-time passwords to check in order to accommodate for situations where the system and the client are slightly out of sync (iteration for HOTP or time steps for TOTP).
Type: signed integer
Default:
5
Declared by:
<nixpkgs/nixos/modules/security/oath.nix>
|
security.pam.p11.enable
Enables P11 PAM (pam_p11
) module.
If set, users can log in with SSH keys and PKCS#11 tokens.
More information can be found here.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.p11.control
This option sets pam “control”. If you want to have multi factor authentication, use “required”. If you want to use the PKCS#11 device instead of the regular password, use “sufficient”.
Read pam.conf(5) for better understanding of this option.
Type: one of “required”, “requisite”, “sufficient”, “optional”
Default:
"sufficient"
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.rssh.enable
Whether to enable authenticating using a signature performed by the ssh-agent.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.rssh.settings
Options to pass to the pam_rssh module. Refer to https://github.com/z4yx/pam_rssh/blob/main/README.md#optional-arguments for supported values.
Boolean values render just the key if true, and nothing if false. Null values are ignored. All other values are rendered as key-value pairs.
Type: attribute set of (null or boolean or string or signed integer or path in the Nix store)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.rssh.settings.auth_key_file
Path to file with trusted public keys in OpenSSH’s authorized_keys
format. The following
variables are expanded to the respective PAM items:
service
: PAM_SERVICE
, the service name,
user
: PAM_USER
, the username of the entity under whose identity service will be given,
tty
: PAM_TTY
, the terminal name,
rhost
: PAM_RHOST
, the requesting hostname, and
ruser
: PAM_RUSER
, the requesting entity.
These PAM items are explained in pam_get_item(3).
Variables may be specified as $var
, ${var}
or ${var:defaultValue}
.
Specifying user-writeable files here results in an insecure configuration: a malicious process
can then edit such an authorized_keys
file and bypass the ssh-agent-based authentication.
This option is ignored if security.pam.rssh.settings.authorized_keys_command
is set.
If both this option and security.pam.rssh.settings.authorized_keys_command
are unset,
the keys will be read from ${HOME}/.ssh/authorized_keys
, which should be considered
insecure.
Type: null or non-empty string
Default:
"/etc/ssh/authorized_keys.d/$ruser"
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services
This option defines the PAM services. A service typically corresponds to a program that uses PAM, e.g. login or passwd. Each attribute of this set defines a PAM service, with the attribute name defining the name of the service.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.enableAppArmor
Enable support for attaching AppArmor profiles at the user/group level, e.g., as part of a role based access control scheme.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.enableGnomeKeyring
If enabled, pam_gnome_keyring will attempt to automatically unlock the user’s default Gnome keyring upon login. If the user login password does not match their keyring password, Gnome Keyring will prompt separately after login.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.allowNullPassword
Whether to allow logging into accounts that have no password
set (i.e., have an empty password field in
/etc/passwd
or
/etc/group
). This does not enable
logging into disabled accounts (i.e., that have the password
field set to !
). Note that regardless of
what the pam_unix documentation says, accounts with hashed
empty passwords are always allowed to log in.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.duoSecurity.enable
If set, use the Duo Security pam module
pam_duo
for authentication. Requires
configuration of security.duosec
options.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.failDelay.enable
If enabled, this will replace the FAIL_DELAY
setting from login.defs
.
Change the delay on failure per-application.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.failDelay.delay
The delay time (in microseconds) on failure.
Type: signed integer
Default:
3000000
Example:
1000000
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.forwardXAuth
Whether X authentication keys should be passed from the calling user to the target user (e.g. for su)
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.fprintAuth
If set, fingerprint reader will be used (if exists and your fingerprints are enrolled).
Type: boolean
Default:
config.services.fprintd.enable
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.gnupg.enable
If enabled, pam_gnupg will attempt to automatically unlock the
user’s GPG keys with the login password via
gpg-agent. The keygrips of all keys to be
unlocked should be written to ~/.pam-gnupg
,
and can be queried with gpg -K --with-keygrip.
Presetting passphrases must be enabled by adding
allow-preset-passphrase
in
~/.gnupg/gpg-agent.conf
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.gnupg.noAutostart
Don’t start gpg-agent if it is not running. Useful in conjunction with starting gpg-agent as a systemd user service.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.gnupg.storeOnly
Don’t send the password immediately after login, but store for PAM
session
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.googleAuthenticator.enable
If set, users with enabled Google Authenticator (created
~/.google_authenticator
) will be required
to provide Google Authenticator token to log in.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.googleOsLoginAccountVerification
If set, will use the Google OS Login PAM modules
(pam_oslogin_login
,
pam_oslogin_admin
) to verify possible OS Login
users and set sudoers configuration accordingly.
This only makes sense to enable for the sshd
PAM
service.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.googleOsLoginAuthentication
If set, will use the pam_oslogin_login
’s user
authentication methods to authenticate users using 2FA.
This only makes sense to enable for the sshd
PAM
service.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.kwallet.enable
If enabled, pam_wallet will attempt to automatically unlock the user’s default KDE wallet upon login. If the user has no wallet named “kdewallet”, or the login password does not match their wallet password, KDE will prompt separately after login.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.kwallet.package
The kwallet-pam package to use.
Type: package
Default:
pkgs.plasma5Packages.kwallet-pam
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.kwallet.forceRun
The force_run
option is used to tell the PAM module for KWallet
to forcefully run even if no graphical session (such as a GUI
display manager) is detected. This is useful for when you are
starting an X Session or a Wayland Session from a TTY. If you
intend to log-in from a TTY, it is recommended that you enable
this option and ensure that plasma-kwallet-pam.service
is
started by graphical-session.target
.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.limits
Attribute set describing resource limits. Defaults to the
value of security.pam.loginLimits
.
The meaning of the values is explained in limits.conf(5).
Type: list of (submodule)
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.limits.*.domain
Username, groupname, or wildcard this limit applies to
Type: string
Example:
"@wheel"
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.limits.*.item
Item this limit applies to
Type: one of “core”, “data”, “fsize”, “memlock”, “nofile”, “rss”, “stack”, “cpu”, “nproc”, “as”, “maxlogins”, “maxsyslogins”, “priority”, “locks”, “sigpending”, “msgqueue”, “nice”, “rtprio”
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.limits.*.type
Type of this limit
Type: one of “-”, “hard”, “soft”
Default:
"-"
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.limits.*.value
Value of this limit
Type: string or signed integer
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.logFailures
Whether to log authentication failures in /var/log/faillog
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.makeHomeDir
Whether to try to create home directories for users
with $HOME
s pointing to nonexistent
locations on session login.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.mysqlAuth
If set, the pam_mysql
module will be used to
authenticate users against a MySQL/MariaDB database.
Type: boolean
Default:
config.users.mysql.enable
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.name
Name of the PAM service.
Type: string
Example:
"sshd"
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.nodelay
Whether the delay after typing a wrong password should be disabled.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.oathAuth
If set, the OATH Toolkit will be used.
Type: boolean
Default:
config.security.pam.oath.enable
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.otpwAuth
If set, the OTPW system will be used (if
~/.otpw
exists).
Type: boolean
Default:
config.security.pam.enableOTPW
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.p11Auth
If set, keys listed in
~/.ssh/authorized_keys
and
~/.eid/authorized_certificates
can be used to log in with the associated PKCS#11 tokens.
Type: boolean
Default:
config.security.pam.p11.enable
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.pamMount
Enable PAM mount (pam_mount) system to mount filesystems on user login.
Type: boolean
Default:
config.security.pam.mount.enable
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.requireWheel
Whether to permit root access only to members of group wheel.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.rootOK
If set, root doesn’t need to authenticate (e.g. for the useradd service).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.rssh
If set, the calling user’s SSH agent is used to authenticate against the configured keys. This module works in a manner similar to pam_ssh_agent_auth, but supports a wider range of SSH key types, including those protected by security keys (FIDO2).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.setEnvironment
Whether the service should set the environment variables
listed in environment.sessionVariables
using pam_env.so
.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.setLoginUid
Set the login uid of the process
(/proc/self/loginuid
) for auditing
purposes. The login uid is only set by ‘entry points’ like
login and sshd, not by
commands like sudo.
Type: boolean
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.showMotd
Whether to show the message of the day.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.sshAgentAuth
If set, the calling user’s SSH agent is used to authenticate
against the keys in the calling user’s
~/.ssh/authorized_keys
. This is useful
for sudo on password-less remote systems.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.sssdStrictAccess
enforce sssd access control
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.startSession
If set, the service will register a new session with systemd’s login manager. For local sessions, this will give the user access to audio devices, CD-ROM drives. In the default PolicyKit configuration, it also allows the user to reboot the system.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.text
Contents of the PAM service file.
Type: null or strings concatenated with “\n”
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.ttyAudit.enable
Enable or disable TTY auditing for specified users
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.ttyAudit.enablePattern
For each user matching one of comma-separated glob patterns, enable TTY auditing
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.ttyAudit.disablePattern
For each user matching one of comma-separated glob patterns, disable TTY auditing
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.ttyAudit.openOnly
Set the TTY audit flag when opening the session, but do not restore it when closing the session. Using this option is necessary for some services that don’t fork() to run the authenticated session, such as sudo.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.u2fAuth
If set, users listed in
$XDG_CONFIG_HOME/Yubico/u2f_keys
(or
$HOME/.config/Yubico/u2f_keys
if XDG variable is
not set) are able to log in with the associated U2F key. Path can be
changed using security.pam.u2f.authFile
option.
Type: boolean
Default:
config.security.pam.u2f.enable
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.unixAuth
Whether users can log in with passwords defined in
/etc/shadow
.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.updateWtmp
Whether to update /var/log/wtmp
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.usshAuth
If set, users with an SSH certificate containing an authorized principal
in their SSH agent are able to log in. Specific options are controlled
using the security.pam.ussh
options.
Note that the security.pam.ussh.enable
must also be
set for this option to take effect.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.yubicoAuth
If set, users listed in
~/.yubico/authorized_yubikeys
are able to log in with the associated Yubikey tokens.
Type: boolean
Default:
config.security.pam.yubico.enable
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.zfs
Enable unlocking and mounting of encrypted ZFS home dataset at login.
Type: boolean
Default:
config.security.pam.zfs.enable
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.sshAgentAuth.enable
Whether to enable authenticating using a signature performed by the ssh-agent. This allows using SSH keys exclusively, instead of passwords, for instance on remote machines .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.sshAgentAuth.authorizedKeysFiles
A list of paths to files in OpenSSH’s authorized_keys
format, containing
the keys that will be trusted by the pam_ssh_agent_auth
module.
The following patterns are expanded when interpreting the path:
%f
and %H
respectively expand to the fully-qualified and short hostname ;
%u
expands to the username ;
~
or %h
expands to the user’s home directory.
Specifying user-writeable files here result in an insecure configuration: a malicious process can then edit such an authorized_keys file and bypass the ssh-agent-based authentication.
See issue #31611
Type: list of string
Default:
[
"/etc/ssh/authorized_keys.d/%u"
]
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.u2f.enable
Enables U2F PAM (pam-u2f
) module.
If set, users listed in
$XDG_CONFIG_HOME/Yubico/u2f_keys
(or
$HOME/.config/Yubico/u2f_keys
if XDG variable is
not set) are able to log in with the associated U2F key. The path can
be changed using security.pam.u2f.authFile
option.
File format is:
<username1>:<KeyHandle1>,<UserKey1>,<CoseType1>,<Options1>:<KeyHandle2>,<UserKey2>,<CoseType2>,<Options2>:...
<username2>:<KeyHandle1>,<UserKey1>,<CoseType1>,<Options1>:<KeyHandle2>,<UserKey2>,<CoseType2>,<Options2>:...
This file can be generated using pamu2fcfg command.
More information can be found here.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.u2f.control
This option sets pam “control”. If you want to have multi factor authentication, use “required”. If you want to use U2F device instead of regular password, use “sufficient”.
Read pam.conf(5) for better understanding of this option.
Type: one of “required”, “requisite”, “sufficient”, “optional”
Default:
"sufficient"
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.u2f.settings
Options to pass to the PAM module.
Boolean values render just the key if true, and nothing if false. Null values are ignored. All other values are rendered as key-value pairs.
Type: attribute set of (null or boolean or string or signed integer or path in the Nix store)
Default:
{ }
Example:
{
authfile = "/etc/u2f_keys";
authpending_file = "";
pinverification = 1;
userpresence = 0;
}
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.u2f.settings.appid
By default pam-u2f
module sets the application
ID to pam://$HOSTNAME
.
When using pamu2fcfg, you can specify your
application ID with the -i
flag.
More information can be found here
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.u2f.settings.authfile
By default pam-u2f
module reads the keys from
$XDG_CONFIG_HOME/Yubico/u2f_keys
(or
$HOME/.config/Yubico/u2f_keys
if XDG variable is
not set).
If you want to change auth file locations or centralize database (for
example use /etc/u2f-mappings
) you can set this
option.
File format is:
username:first_keyHandle,first_public_key: second_keyHandle,second_public_key
This file can be generated using pamu2fcfg command.
More information can be found here.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.u2f.settings.cue
By default pam-u2f
module does not inform user
that he needs to use the u2f device, it just waits without a prompt.
If you set this option to true
,
cue
option is added to pam-u2f
module and reminder message will be displayed.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.u2f.settings.debug
Debug output to stderr.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.u2f.settings.interactive
Set to prompt a message and wait before testing the presence of a U2F device. Recommended if your device doesn’t have a tactile trigger.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.u2f.settings.origin
By default pam-u2f
module sets the origin
to pam://$HOSTNAME
.
Setting origin to an host independent value will allow you to
reuse credentials across machines
When using pamu2fcfg, you can specify your
application ID with the -o
flag.
More information can be found here
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.ussh.enable
Enables Uber’s USSH PAM (pam-ussh
) module.
This is similar to pam-ssh-agent
, except that
the presence of a CA-signed SSH key with a valid principal is checked
instead.
Note that this module must both be enabled using this option and on a
per-PAM-service level as well (using usshAuth
).
More information can be found here.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.ussh.authorizedPrincipals
Comma-separated list of authorized principals to permit; if the user presents a certificate with one of these principals, then they will be authorized.
Note that pam-ussh
also requires that the certificate
contain a principal matching the user’s username. The principals from
this list are in addition to those principals.
Mutually exclusive with authorizedPrincipalsFile
.
Type: null or strings concatenated with “,”
Default:
null
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.ussh.authorizedPrincipalsFile
Path to a list of principals; if the user presents a certificate with one of these principals, then they will be authorized.
Note that pam-ussh
also requires that the certificate
contain a principal matching the user’s username. The principals from
this file are in addition to those principals.
Mutually exclusive with authorizedPrincipals
.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.ussh.caFile
By default pam-ussh
reads the trusted user CA keys
from /etc/ssh/trusted_user_ca
.
This should be set the same as your TrustedUserCAKeys
option for sshd.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.ussh.control
This option sets pam “control”. If you want to have multi factor authentication, use “required”. If you want to use the SSH certificate instead of the regular password, use “sufficient”.
Read pam.conf(5) for better understanding of this option.
Type: one of “required”, “requisite”, “sufficient”, “optional”
Default:
"sufficient"
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.ussh.group
If set, then the authenticating user must be a member of this group to use this module.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.yubico.enable
Enables Yubico PAM (yubico-pam
) module.
If set, users listed in
~/.yubico/authorized_yubikeys
are able to log in with the associated Yubikey tokens.
The file must have only one line:
username:yubikey_token_id1:yubikey_token_id2
More information can be found here.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.yubico.challengeResponsePath
If not null, set the path used by yubico pam module where the challenge expected response is stored.
More information can be found here.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.yubico.control
This option sets pam “control”. If you want to have multi factor authentication, use “required”. If you want to use Yubikey instead of regular password, use “sufficient”.
Read pam.conf(5) for better understanding of this option.
Type: one of “required”, “requisite”, “sufficient”, “optional”
Default:
"sufficient"
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.yubico.debug
Debug output to stderr.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.yubico.id
client id
Type: string
Example:
"42"
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.yubico.mode
Mode of operation.
Use “client” for online validation with a YubiKey validation service such as the YubiCloud.
Use “challenge-response” for offline validation using YubiKeys with HMAC-SHA-1 Challenge-Response configurations. See the man-page ykpamcfg(1) for further details on how to configure offline Challenge-Response validation.
More information can be found here.
Type: one of “client”, “challenge-response”
Default:
"client"
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.zfs.enable
Enable unlocking and mounting of encrypted ZFS home dataset at login.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.zfs.homes
Prefix of home datasets. This value will be concatenated with
"/" + <username>
in order to determine the home dataset to unlock.
Type: string
Default:
"rpool/home"
Example:
"rpool/home"
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.zfs.noUnmount
Do not unmount home dataset on logout.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pki.caBundle
(Read-only) the path to the final bundle of certificate authorities as a single file.
Type: absolute path (read only)
Declared by:
<nixpkgs/nixos/modules/security/ca.nix>
|
security.pki.caCertificateBlacklist
A list of blacklisted CA certificate names that won’t be imported from
the Mozilla Trust Store into
/etc/ssl/certs/ca-certificates.crt
. Use the
names from that file.
Type: list of string
Default:
[ ]
Example:
[
"WoSign"
"WoSign China"
"CA WoSign ECC Root"
"Certification Authority of WoSign G2"
]
Declared by:
<nixpkgs/nixos/modules/security/ca.nix>
|
security.pki.certificateFiles
A list of files containing trusted root certificates in PEM
format. These are concatenated to form
/etc/ssl/certs/ca-certificates.crt
, which is
used by many programs that use OpenSSL, such as
curl and git.
Type: list of absolute path
Default:
[ ]
Example:
[ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ]
Declared by:
<nixpkgs/nixos/modules/security/ca.nix>
|
security.pki.certificates
A list of trusted root certificates in PEM format.
Type: list of string
Default:
[ ]
Example:
[ ''
NixOS.org
=========
-----BEGIN CERTIFICATE-----
MIIGUDCCBTigAwIBAgIDD8KWMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJ
TDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0
...
-----END CERTIFICATE-----
''
]
Declared by:
<nixpkgs/nixos/modules/security/ca.nix>
|
security.pki.useCompatibleBundle
Whether to enable usage of a compatibility bundle.
Such a bundle consists exclusively of BEGIN CERTIFICATE
and no BEGIN TRUSTED CERTIFICATE
,
which is an OpenSSL specific PEM format.
It is known to be incompatible with certain software stacks.
Nevertheless, enabling this will strip all additional trust rules provided by the certificates themselves. This can have security consequences depending on your usecases .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/security/ca.nix>
|
security.please.enable
Whether to enable please, a Sudo clone which allows a users to execute a command or edit a file as another user .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/security/please.nix>
|
security.please.package
The please package to use.
Type: package
Default:
pkgs.please
Declared by:
<nixpkgs/nixos/modules/security/please.nix>
|
security.please.settings
Please configuration. Refer to https://github.com/edneville/please/blob/master/please.ini.md for details.
Type: attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))
Default:
{ }
Example:
{
jim_edit_etc_hosts_as_root = {
editmode = 644;
name = "jim";
require_pass = true;
rule = "/etc/hosts";
target = "root";
type = "edit";
};
jim_run_any_as_root = {
name = "jim";
require_pass = false;
rule = ".*";
target = "root";
type = "run";
};
}
Declared by:
<nixpkgs/nixos/modules/security/please.nix>
|
security.please.wheelNeedsPassword
Whether users of the wheel
group must provide a password to run
commands or edit files with please and
pleaseedit respectively.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/security/please.nix>
|
security.polkit.enable
Whether to enable polkit.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/security/polkit.nix>
|
security.polkit.package
The polkit package to use.
Type: package
Default:
pkgs.polkit
Declared by:
<nixpkgs/nixos/modules/security/polkit.nix>
|
security.polkit.adminIdentities
Specifies which users are considered “administrators”, for those
actions that require the user to authenticate as an
administrator (i.e. have an auth_admin
value). By default, this is all users in the wheel
group.
Type: list of string
Default:
[
"unix-group:wheel"
]
Example:
[
"unix-user:alice"
"unix-group:admin"
]
Declared by:
<nixpkgs/nixos/modules/security/polkit.nix>
|
security.polkit.debug
Whether to enable debug logs from polkit. This is required in order to see log messages from rule definitions.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/security/polkit.nix>
|
security.polkit.extraConfig
Any polkit rules to be added to config (in JavaScript ;-). See: https://www.freedesktop.org/software/polkit/docs/latest/polkit.8.html#polkit-rules
Type: strings concatenated with “\n”
Default:
""
Example:
''
/* Log authorization checks. */
polkit.addRule(function(action, subject) {
// Make sure to set { security.polkit.debug = true; } in configuration.nix
polkit.log("user " + subject.user + " is attempting action " + action.id + " from PID " + subject.pid);
});
/* Allow any local user to do anything (dangerous!). */
polkit.addRule(function(action, subject) {
if (subject.local) return "yes";
});
''
Declared by:
<nixpkgs/nixos/modules/security/polkit.nix>
|
security.protectKernelImage
Whether to prevent replacing the running kernel image.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/misc.nix>
|
security.rtkit.enable
Whether to enable the RealtimeKit system service, which hands out realtime scheduling priority to user processes on demand. For example, PulseAudio and PipeWire use this to acquire realtime priority.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/rtkit.nix>
|
security.rtkit.args
Command-line options for rtkit-daemon
.
Type: list of string
Default:
[ ]
Example:
[
"--our-realtime-priority=29"
"--max-realtime-priority=28"
]
Declared by:
<nixpkgs/nixos/modules/security/rtkit.nix>
|
security.shadow.enable
Enable the shadow authentication suite, which provides critical programs such as su, login, passwd.
Note: This is currently experimental. Only disable this if you’re confident that you can recover your system if it breaks.
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/programs/shadow.nix>
|
security.soteria.enable
Whether to enable Soteria, a Polkit authentication agent for any desktop environment.
You should only enable this if you are on a Desktop Environment that does not provide a graphical polkit authentication agent, or you are on a standalone window manager or Wayland compositor.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/security/soteria.nix>
|
security.soteria.package
The soteria package to use.
Type: package
Default:
pkgs.soteria
Declared by:
<nixpkgs/nixos/modules/security/soteria.nix>
|
security.sudo.enable
Whether to enable the sudo command, which allows non-root users to execute commands as root.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
|
security.sudo.package
The sudo package to use.
Type: package
Default:
pkgs.sudo
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
|
security.sudo.configFile
This string contains the contents of the
sudoers
file.
Type: strings concatenated with “\n”
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
|
security.sudo.defaultOptions
Options used for the default rules, granting root
and the
wheel
group permission to run any command as any user.
Type: list of string
Default:
[
"SETENV"
]
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
|
security.sudo.execWheelOnly
Only allow members of the wheel
group to execute sudo by
setting the executable’s permissions accordingly.
This prevents users that are not members of wheel
from
exploiting vulnerabilities in sudo such as CVE-2021-3156.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
|
security.sudo.extraConfig
Extra configuration text appended to sudoers
.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
|
security.sudo.extraRules
Define specific rules to be in the sudoers
file.
More specific rules should come after more general ones in order to
yield the expected behavior. You can use mkBefore/mkAfter to ensure
this is the case when configuration options are merged.
Type: list of (submodule)
Default:
[ ]
Example:
[
# Allow execution of any command by all users in group sudo,
# requiring a password.
{ groups = [ "sudo" ]; commands = [ "ALL" ]; }
# Allow execution of "/home/root/secret.sh" by user `backup`, `database`
# and the group with GID `1006` without a password.
{ users = [ "backup" "database" ]; groups = [ 1006 ];
commands = [ { command = "/home/root/secret.sh"; options = [ "SETENV" "NOPASSWD" ]; } ]; }
# Allow all users of group `bar` to run two executables as user `foo`
# with arguments being pre-set.
{ groups = [ "bar" ]; runAs = "foo";
commands =
[ "/home/baz/cmd1.sh hello-sudo"
{ command = ''/home/baz/cmd2.sh ""''; options = [ "SETENV" ]; } ]; }
]
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
|
security.sudo.extraRules.*.commands
The commands for which the rule should apply.
Type: list of (string or (submodule))
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
|
security.sudo.extraRules.*.groups
The groups / GIDs this rule should apply for.
Type: list of (string or signed integer)
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
|
security.sudo.extraRules.*.host
For what host this rule should apply.
Type: string
Default:
"ALL"
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
|
security.sudo.extraRules.*.runAs
Under which user/group the specified command is allowed to run.
A user can be specified using just the username: "foo"
.
It is also possible to specify a user/group combination using "foo:bar"
or to only allow running as a specific group with ":bar"
.
Type: string
Default:
"ALL:ALL"
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
|
security.sudo.extraRules.*.users
The usernames / UIDs this rule should apply for.
Type: list of (string or signed integer)
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
|
security.sudo.keepTerminfo
Whether to preserve the TERMINFO
and TERMINFO_DIRS
environment variables, for root
and the wheel
group.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/config/terminfo.nix>
|
security.sudo.wheelNeedsPassword
Whether users of the wheel
group must
provide a password to run commands as super user via sudo.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
|
security.sudo-rs.enable
Whether to enable a memory-safe implementation of the sudo command, which allows non-root users to execute commands as root .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/security/sudo-rs.nix>
|
security.sudo-rs.package
The sudo-rs package to use.
Type: package
Default:
pkgs.sudo-rs
Declared by:
<nixpkgs/nixos/modules/security/sudo-rs.nix>
|
security.sudo-rs.configFile
This string contains the contents of the
sudoers
file.
Type: strings concatenated with “\n”
Declared by:
<nixpkgs/nixos/modules/security/sudo-rs.nix>
|
security.sudo-rs.defaultOptions
Options used for the default rules, granting root
and the
wheel
group permission to run any command as any user.
Type: list of string
Default:
[
"SETENV"
]
Declared by:
<nixpkgs/nixos/modules/security/sudo-rs.nix>
|
security.sudo-rs.execWheelOnly
Only allow members of the wheel
group to execute sudo by
setting the executable’s permissions accordingly.
This prevents users that are not members of wheel
from
exploiting vulnerabilities in sudo such as CVE-2021-3156.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/sudo-rs.nix>
|
security.sudo-rs.extraConfig
Extra configuration text appended to sudoers
.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/security/sudo-rs.nix>
|
security.sudo-rs.extraRules
Define specific rules to be in the sudoers
file.
More specific rules should come after more general ones in order to
yield the expected behavior. You can use lib.mkBefore
/lib.mkAfter
to ensure
this is the case when configuration options are merged.
Type: list of (submodule)
Default:
[ ]
Example:
[
# Allow execution of any command by all users in group sudo,
# requiring a password.
{ groups = [ "sudo" ]; commands = [ "ALL" ]; }
# Allow execution of "/home/root/secret.sh" by user `backup`, `database`
# and the group with GID `1006` without a password.
{ users = [ "backup" "database" ]; groups = [ 1006 ];
commands = [ { command = "/home/root/secret.sh"; options = [ "SETENV" "NOPASSWD" ]; } ]; }
# Allow all users of group `bar` to run two executables as user `foo`
# with arguments being pre-set.
{ groups = [ "bar" ]; runAs = "foo";
commands =
[ "/home/baz/cmd1.sh hello-sudo"
{ command = ''/home/baz/cmd2.sh ""''; options = [ "SETENV" ]; } ]; }
]
Declared by:
<nixpkgs/nixos/modules/security/sudo-rs.nix>
|
security.sudo-rs.extraRules.*.commands
The commands for which the rule should apply.
Type: list of (string or (submodule))
Declared by:
<nixpkgs/nixos/modules/security/sudo-rs.nix>
|
security.sudo-rs.extraRules.*.groups
The groups / GIDs this rule should apply for.
Type: list of (string or signed integer)
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/security/sudo-rs.nix>
|
security.sudo-rs.extraRules.*.host
For what host this rule should apply.
Type: string
Default:
"ALL"
Declared by:
<nixpkgs/nixos/modules/security/sudo-rs.nix>
|
security.sudo-rs.extraRules.*.runAs
Under which user/group the specified command is allowed to run.
A user can be specified using just the username: "foo"
.
It is also possible to specify a user/group combination using "foo:bar"
or to only allow running as a specific group with ":bar"
.
Type: string
Default:
"ALL:ALL"
Declared by:
<nixpkgs/nixos/modules/security/sudo-rs.nix>
|
security.sudo-rs.extraRules.*.users
The usernames / UIDs this rule should apply for.
Type: list of (string or signed integer)
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/security/sudo-rs.nix>
|
security.sudo-rs.wheelNeedsPassword
Whether users of the wheel
group must
provide a password to run commands as super user via sudo.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/security/sudo-rs.nix>
|
security.tpm2.enable
Whether to enable Trusted Platform Module 2 support.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/security/tpm2.nix>
|
security.tpm2.abrmd.enable
Whether to enable Trusted Platform 2 userspace resource manager daemon .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/security/tpm2.nix>
|
security.tpm2.abrmd.package
tpm2-abrmd package to use
Type: package
Default:
pkgs.tpm2-abrmd
Declared by:
<nixpkgs/nixos/modules/security/tpm2.nix>
|
security.tpm2.applyUdevRules
Whether to make the /dev/tpm[0-9] devices accessible by the tssUser, or the /dev/tpmrm[0-9] by tssGroup respectively
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/security/tpm2.nix>
|
security.tpm2.pkcs11.enable
Whether to enable TPM2 PKCS#11 tool and shared library in system path
(/run/current-system/sw/lib/libtpm2_pkcs11.so
)
.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/security/tpm2.nix>
|
security.tpm2.pkcs11.package
tpm2-pkcs11 package to use
Type: package
Default:
pkgs.tpm2-pkcs11
Declared by:
<nixpkgs/nixos/modules/security/tpm2.nix>
|
security.tpm2.tctiEnvironment.enable
Set common TCTI environment variables to the specified value. The variables are
TPM2TOOLS_TCTI
TPM2_PKCS11_TCTI
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/tpm2.nix>
|
security.tpm2.tctiEnvironment.deviceConf
Configuration part of the device TCTI, e.g. the path to the TPM device. Applies if interface is set to “device”. The format is specified in the tpm2-tools repository.
Type: string
Default:
"/dev/tpmrm0"
Declared by:
<nixpkgs/nixos/modules/security/tpm2.nix>
|
security.tpm2.tctiEnvironment.interface
The name of the TPM command transmission interface (TCTI) library to use.
Type: one of “tabrmd”, “device”
Default:
"device"
Declared by:
<nixpkgs/nixos/modules/security/tpm2.nix>
|
security.tpm2.tctiEnvironment.tabrmdConf
Configuration part of the tabrmd TCTI, like the D-Bus bus name. Applies if interface is set to “tabrmd”. The format is specified in the tpm2-tools repository.
Type: string
Default:
"bus_name=com.intel.tss2.Tabrmd"
Declared by:
<nixpkgs/nixos/modules/security/tpm2.nix>
|
security.tpm2.tssGroup
Group of the tpm kernel resource manager (tpmrm) device-group, set if applyUdevRules is set.
Type: null or string
Default:
"tss"
Declared by:
<nixpkgs/nixos/modules/security/tpm2.nix>
|
security.tpm2.tssUser
Name of the tpm device-owner and service user, set if applyUdevRules is set.
Type: null or string
Default:
if config.security.tpm2.abrmd.enable then "tss" else "root"
Declared by:
<nixpkgs/nixos/modules/security/tpm2.nix>
|
security.unprivilegedUsernsClone
When disabled, unprivileged users will not be able to create new namespaces. By default unprivileged user namespaces are disabled. This option only works in a hardened profile.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/misc.nix>
|
security.virtualisation.flushL1DataCache
Whether the hypervisor should flush the L1 data cache before
entering guests.
See also security.allowSimultaneousMultithreading
.
null
: uses the kernel default
"never"
: disables L1 data cache flushing entirely.
May be appropriate if all guests are trusted.
"cond"
: flushes L1 data cache only for pre-determined
code paths. May leak information about the host address space
layout.
"always"
: flushes L1 data cache every time the hypervisor
enters the guest. May incur significant performance cost.
Type: null or one of “never”, “cond”, “always”
Default:
null
Declared by:
<nixpkgs/nixos/modules/security/misc.nix>
|
security.wrapperDirSize
Size limit for the /run/wrappers tmpfs. Look at mount(8), tmpfs size option, for the accepted syntax. WARNING: don’t set to less than 64MB.
Type: string
Default:
"50%"
Example:
"10G"
Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
|
security.wrappers
This option effectively allows adding setuid/setgid bits, capabilities,
changing file ownership and permissions of a program without directly
modifying it. This works by creating a wrapper program in a directory
(not configurable), which is then added to the shell PATH
.
Type: attribute set of (submodule)
Default:
{ }
Example:
{
# a setuid root program
doas =
{ setuid = true;
owner = "root";
group = "root";
source = "${pkgs.doas}/bin/doas";
};
# a setgid program
locate =
{ setgid = true;
owner = "root";
group = "mlocate";
source = "${pkgs.locate}/bin/locate";
};
# a program with the CAP_NET_RAW capability
ping =
{ owner = "root";
group = "root";
capabilities = "cap_net_raw+ep";
source = "${pkgs.iputils.out}/bin/ping";
};
}
Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
|
security.wrappers.<name>.enable
Whether to enable the wrapper.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
|
security.wrappers.<name>.capabilities
A comma-separated list of capability clauses to be given to the wrapper program. The format for capability clauses is described in the “TEXTUAL REPRESENTATION” section of the cap_from_text(3) manual page. For a list of capabilities supported by the system, check the capabilities(7) manual page.
cap_setpcap
, which is required for the wrapper
program to be able to raise caps into the Ambient set is NOT raised
to the Ambient set so that the real program cannot modify its own
capabilities!! This may be too restrictive for cases in which the
real program needs cap_setpcap but it at least leans on the side
security paranoid vs. too relaxed.
Type: strings concatenated with “,”
Default:
""
Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
|
security.wrappers.<name>.group
The group of the wrapper program.
Type: string
Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
|
security.wrappers.<name>.owner
The owner of the wrapper program.
Type: string
Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
|
security.wrappers.<name>.permissions
The permissions of the wrapper program. The format is that of a symbolic or numeric file mode understood by chmod.
Type: file mode string
Default:
"u+rx,g+x,o+x"
Example:
"a+rx"
Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
|
security.wrappers.<name>.program
The name of the wrapper program. Defaults to the attribute name.
Type: null or string
Default:
"‹name›"
Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
|
security.wrappers.<name>.setgid
Whether to add the setgid bit the wrapper program.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
|
security.wrappers.<name>.setuid
Whether to add the setuid bit the wrapper program.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
|
security.wrappers.<name>.source
The absolute path to the program to be wrapped.
Type: absolute path
Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
|
services.packagekit.enable
Whether to enable PackageKit, a cross-platform D-Bus abstraction layer for installing software. Software utilizing PackageKit can install software regardless of the package manager .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/packagekit.nix>
|
services.packagekit.settings
Additional settings passed straight through to PackageKit.conf
Type: attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/misc/packagekit.nix>
|
services.packagekit.vendorSettings
Additional settings passed straight through to Vendor.conf
Type: attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/misc/packagekit.nix>
|
services.SystemdJournal2Gelf.enable
Whether to enable SystemdJournal2Gelf.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/logging/SystemdJournal2Gelf.nix>
|
services.SystemdJournal2Gelf.package
The systemd-journal2gelf package to use.
Type: package
Default:
pkgs.systemd-journal2gelf
Declared by:
<nixpkgs/nixos/modules/services/logging/SystemdJournal2Gelf.nix>
|
services.SystemdJournal2Gelf.extraOptions
Any extra flags to pass to SystemdJournal2Gelf. Note that
these are basically journalctl
flags.
Type: strings concatenated with " "
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/logging/SystemdJournal2Gelf.nix>
|
services.SystemdJournal2Gelf.graylogServer
Host and port of your graylog2 input. This should be a GELF UDP input.
Type: string
Example:
"graylog2.example.com:11201"
Declared by:
<nixpkgs/nixos/modules/services/logging/SystemdJournal2Gelf.nix>
|
services._3proxy.enable
Whether to enable 3proxy.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.confFile
Ignore all other 3proxy options and load configuration from this file.
Type: absolute path
Example:
"/var/lib/3proxy/3proxy.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.denyPrivate
Whether to deny access to private IP ranges including loopback.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.extraConfig
Extra configuration, appended to the 3proxy configuration file. Consult documentation for available options.
Type: null or strings concatenated with “\n”
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.privateRanges
What IP ranges to deny access when denyPrivate is set tu true.
Type: list of string
Default:
[
"0.0.0.0/8"
"127.0.0.0/8"
"10.0.0.0/8"
"100.64.0.0/10"
"172.16.0.0/12"
"192.168.0.0/16"
"::"
"::1"
"fc00::/7"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.resolution
Use this option to configure name resolution and DNS caching.
Type: submodule
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.resolution.nscache
Set name cache size for IPv4.
Type: signed integer
Default:
65535
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.resolution.nscache6
Set name cache size for IPv6.
Type: signed integer
Default:
65535
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.resolution.nserver
List of nameservers to use.
Up to 5 nservers may be specified. If no nserver is configured, default system name resolution functions are used.
Type: list of string
Default:
[ ]
Example:
[
"127.0.0.53"
"192.168.1.3:5353/tcp"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.resolution.nsrecord
Adds static nsrecords.
Type: attribute set of string
Default:
{ }
Example:
{
"files.local" = "192.168.1.12";
"site.local" = "192.168.1.43";
}
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.services
Use this option to define 3proxy services.
Type: list of (submodule)
Default:
[ ]
Example:
[
{
type = "proxy";
bindAddress = "192.168.1.24";
bindPort = 3128;
auth = [ "none" ];
}
{
type = "proxy";
bindAddress = "10.10.1.20";
bindPort = 3128;
auth = [ "iponly" ];
}
{
type = "socks";
bindAddress = "172.17.0.1";
bindPort = 1080;
auth = [ "strong" ];
}
]
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.services.*.acl
Use this option to limit user access to resources.
Type: list of (submodule)
Default:
[ ]
Example:
[
{
rule = "allow";
users = [ "user1" ];
}
{
rule = "allow";
sources = [ "192.168.1.0/24" ];
}
{
rule = "deny";
}
]
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.services.*.acl.*.rule
ACL rule. The following values are valid:
"allow"
: connections allowed.
"deny"
: connections not allowed.
Type: one of “allow”, “deny”
Example:
"allow"
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.services.*.acl.*.sources
List of source IP range, use empty list for any.
Type: list of string
Default:
[ ]
Example:
[
"127.0.0.1"
"192.168.1.0/24"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.services.*.acl.*.targetPorts
List of target ports, use empty list for any.
Type: list of signed integer
Default:
[ ]
Example:
[
80
443
]
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.services.*.acl.*.targets
List of target IP ranges, use empty list for any.
May also contain host names instead of addresses.
It’s possible to use wildmask in the beginning and in the the end of hostname, e.g. *badsite.com
or *badcontent*
.
Hostname is only checked if hostname presents in request.
Type: list of string
Default:
[ ]
Example:
[
"127.0.0.1"
"192.168.1.0/24"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.services.*.acl.*.users
List of users, use empty list for any.
Type: list of string
Default:
[ ]
Example:
[
"user1"
"user2"
"user3"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.services.*.auth
Authentication type. The following values are valid:
"none"
: disables both authentication and authorization. You can not use ACLs.
"iponly"
: specifies no authentication. ACLs authorization is used.
"strong"
: authentication by username/password. If user is not registered their access is denied regardless of ACLs.
Double authentication is possible, e.g.
{
auth = [ "iponly" "strong" ];
acl = [
{
rule = "allow";
targets = [ "192.168.0.0/16" ];
}
{
rule = "allow"
users = [ "user1" "user2" ];
}
];
}
In this example strong username authentication is not required to access 192.168.0.0/16.
Type: list of (one of “none”, “iponly”, “strong”)
Example:
[
"iponly"
"strong"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.services.*.bindAddress
Address used for service.
Type: string
Default:
"[::]"
Example:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.services.*.bindPort
Override default port used for service.
Type: null or signed integer
Default:
null
Example:
3128
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.services.*.extraArguments
Extra arguments for service. Consult “Options” section in documentation for available arguments.
Type: null or string
Default:
null
Example:
"-46"
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.services.*.extraConfig
Extra configuration for service. Use this to configure things like bandwidth limiter or ACL-based redirection. Consult documentation for available options.
Type: null or strings concatenated with “\n”
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.services.*.maxConnections
Maximum number of simulationeous connections to this service.
Type: signed integer
Default:
100
Example:
1000
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.services.*.type
Service type. The following values are valid:
"proxy"
: HTTP/HTTPS proxy (default port 3128).
"socks"
: SOCKS 4/4.5/5 proxy (default port 1080).
"pop3p"
: POP3 proxy (default port 110).
"ftppr"
: FTP proxy (default port 21).
"admin"
: Web interface (default port 80).
"dnspr"
: Caching DNS proxy (default port 53).
"tcppm"
: TCP portmapper.
"udppm"
: UDP portmapper.
Type: one of “proxy”, “socks”, “pop3p”, “ftppr”, “admin”, “dnspr”, “tcppm”, “udppm”
Example:
"proxy"
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.usersFile
Load users and passwords from this file.
Example users file with plain-text passwords:
test1:CL:password1
test2:CL:password2
Example users file with md5-crypted passwords:
test1:CR:$1$tFkisVd2$1GA8JXkRmTXdLDytM/i3a1
test2:CR:$1$rkpibm5J$Aq1.9VtYAn0JrqZ8M.1ME.
You can generate md5-crypted passwords via https://unix4lyfe.org/crypt/ Note that htpasswd tool generates incompatible md5-crypted passwords. Consult documentation for more information.
Type: null or absolute path
Default:
null
Example:
"/var/lib/3proxy/3proxy.passwd"
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services.accounts-daemon.enable
Whether to enable AccountsService, a DBus service for accessing the list of user accounts and information attached to those accounts.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/desktops/accountsservice.nix>
|
services.acme-dns.enable
Whether to enable acme-dns.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/acme-dns.nix>
|
services.acme-dns.package
The acme-dns package to use.
Type: package
Default:
pkgs.acme-dns
Declared by:
<nixpkgs/nixos/modules/services/networking/acme-dns.nix>
|
services.acme-dns.settings
Free-form settings written directly to the acme-dns.cfg
file.
Refer to https://github.com/joohoi/acme-dns/blob/master/README.md#configuration for supported values.
Type: TOML value
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/networking/acme-dns.nix>
|
services.acme-dns.settings.api.disable_registration
Whether to disable the HTTP registration endpoint.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/acme-dns.nix>
|
services.acme-dns.settings.api.ip
IP to bind the HTTP API on.
Type: string
Default:
"[::]"
Example:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/acme-dns.nix>
|
services.acme-dns.settings.api.port
Listen port for the HTTP API.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
8080
Declared by:
<nixpkgs/nixos/modules/services/networking/acme-dns.nix>
|
services.acme-dns.settings.api.tls
TLS backend to use.
Type: one of “letsencrypt”, “letsencryptstaging”, “cert”, “none”
Default:
"none"
Declared by:
<nixpkgs/nixos/modules/services/networking/acme-dns.nix>
|
services.acme-dns.settings.database.connection
Database connection string.
Type: string
Default:
"/var/lib/acme-dns/acme-dns.db"
Example:
"postgres://user:password@localhost/acmedns"
Declared by:
<nixpkgs/nixos/modules/services/networking/acme-dns.nix>
|
services.acme-dns.settings.database.engine
Database engine to use.
Type: one of “sqlite3”, “postgres”
Default:
"sqlite3"
Declared by:
<nixpkgs/nixos/modules/services/networking/acme-dns.nix>
|
services.acme-dns.settings.general.domain
Domain name to serve the requests off of.
Type: string
Example:
"acme-dns.example.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/acme-dns.nix>
|
services.acme-dns.settings.general.listen
IP+port combination to bind and serve the DNS server on.
Type: string
Default:
"[::]:53"
Example:
"127.0.0.1:53"
Declared by:
<nixpkgs/nixos/modules/services/networking/acme-dns.nix>
|
services.acme-dns.settings.general.nsadmin
Zone admin email address for SOA
.
Type: string
Example:
"admin.example.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/acme-dns.nix>
|
services.acme-dns.settings.general.nsname
Zone name server.
Type: string
Example:
"acme-dns.example.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/acme-dns.nix>
|
services.acme-dns.settings.general.protocol
Protocols to serve DNS responses on.
Type: one of “both”, “both4”, “both6”, “udp”, “udp4”, “udp6”, “tcp”, “tcp4”, “tcp6”
Default:
"both"
Declared by:
<nixpkgs/nixos/modules/services/networking/acme-dns.nix>
|
services.acme-dns.settings.general.records
Predefined DNS records served in addition to the _acme-challenge
TXT records.
Type: list of string
Example:
[
# replace with your acme-dns server's public IPv4
"acme-dns.example.com. A 198.51.100.1"
# replace with your acme-dns server's public IPv6
"acme-dns.example.com. AAAA 2001:db8::1"
# acme-dns.example.com should resolve any *.acme-dns.example.com records
"acme-dns.example.com. NS acme-dns.example.com."
]
Declared by:
<nixpkgs/nixos/modules/services/networking/acme-dns.nix>
|
services.acme-dns.settings.logconfig.loglevel
Level to log on.
Type: one of “error”, “warning”, “info”, “debug”
Default:
"info"
Declared by:
<nixpkgs/nixos/modules/services/networking/acme-dns.nix>
|
services.acpid.enable
Whether to enable the ACPI daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/hardware/acpid.nix>
|
services.acpid.acEventCommands
Shell commands to execute on an ac_adapter.* event.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/hardware/acpid.nix>
|
services.acpid.handlers
Event handlers.
Handler can be a single command.
Type: attribute set of (submodule)
Default:
{ }
Example:
{
ac-power = {
action = ''
vals=($1) # space separated string to array of multiple values
case ''${vals[3]} in
00000000)
echo unplugged >> /tmp/acpi.log
;;
00000001)
echo plugged in >> /tmp/acpi.log
;;
*)
echo unknown >> /tmp/acpi.log
;;
esac
'';
event = "ac_adapter/*";
};
}
Declared by:
<nixpkgs/nixos/modules/services/hardware/acpid.nix>
|
services.acpid.handlers.<name>.action
Shell commands to execute when the event is triggered.
Type: strings concatenated with “\n”
Declared by:
<nixpkgs/nixos/modules/services/hardware/acpid.nix>
|
services.acpid.handlers.<name>.event
Event type.
Type: string
Example:
"button/power.*" "button/lid.*" "ac_adapter.*" "button/mute.*" "button/volumedown.*" "cd/play.*" "cd/next.*"
Declared by:
<nixpkgs/nixos/modules/services/hardware/acpid.nix>
|
services.acpid.lidEventCommands
Shell commands to execute on a button/lid.* event.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/hardware/acpid.nix>
|
services.acpid.logEvents
Log all event activity.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/acpid.nix>
|
services.acpid.powerEventCommands
Shell commands to execute on a button/power.* event.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/hardware/acpid.nix>
|
services.activemq.enable
Enable the Apache ActiveMQ message broker service.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/amqp/activemq/default.nix>
|
services.activemq.baseDir
The base directory where ActiveMQ stores its persistent data and logs.
This will be overridden if you set “activemq.base” and “activemq.data”
in the javaProperties
option. You can also override
this in activemq.xml.
Type: string
Default:
"/var/activemq"
Declared by:
<nixpkgs/nixos/modules/services/amqp/activemq/default.nix>
|
services.activemq.configurationDir
The base directory for ActiveMQ’s configuration. By default, this directory is searched for a file named activemq.xml, which should contain the configuration for the broker service.
Type: string
Default:
"${pkgs.activemq}/conf"
Declared by:
<nixpkgs/nixos/modules/services/amqp/activemq/default.nix>
|
services.activemq.configurationURI
The URI that is passed along to the BrokerFactory to
set up the configuration of the ActiveMQ broker service.
You should not need to change this. For custom configuration,
set the configurationDir
instead, and create
an activemq.xml configuration file in it.
Type: string
Default:
"xbean:activemq.xml"
Declared by:
<nixpkgs/nixos/modules/services/amqp/activemq/default.nix>
|
services.activemq.extraJavaOptions
Add extra options here that you want to be sent to the Java runtime when the broker service is started.
Type: strings concatenated with " "
Default:
""
Example:
"-Xmx2G -Xms2G -XX:MaxPermSize=512M"
Declared by:
<nixpkgs/nixos/modules/services/amqp/activemq/default.nix>
|
services.activemq.javaProperties
Specifies Java properties that are sent to the ActiveMQ broker service with the “-D” option. You can set properties here to change the behaviour and configuration of the broker. All essential properties that are not set here are automatically given reasonable defaults.
Type: attribute set
Default:
{ }
Example:
{
"java.net.preferIPv4Stack" = "true";
}
Declared by:
<nixpkgs/nixos/modules/services/amqp/activemq/default.nix>
|
services.actkbd.enable
Whether to enable the actkbd key mapping daemon.
Turning this on will start an actkbd instance for every evdev input that has at least one key (which is okay even for systems with tiny memory footprint, since actkbd normally uses <100 bytes of memory per instance).
This allows binding keys globally without the need for e.g. X11.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/actkbd.nix>
|
services.actkbd.bindings
Key bindings for actkbd.
See actkbd README
for documentation.
The example shows a piece of what sound.mediaKeys.enable
does when enabled.
Type: list of (submodule)
Default:
[ ]
Example:
[ { keys = [ 113 ]; events = [ "key" ]; command = "${pkgs.alsa-utils}/bin/amixer -q set Master toggle"; }
]
Declared by:
<nixpkgs/nixos/modules/services/hardware/actkbd.nix>
|
services.actkbd.bindings.*.attributes
List of attributes.
Type: list of string
Default:
[
"exec"
]
Declared by:
<nixpkgs/nixos/modules/services/hardware/actkbd.nix>
|
services.actkbd.bindings.*.command
What to run.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/hardware/actkbd.nix>
|
services.actkbd.bindings.*.events
List of events to match.
Type: list of (one of “key”, “rep”, “rel”)
Default:
[
"key"
]
Declared by:
<nixpkgs/nixos/modules/services/hardware/actkbd.nix>
|
services.actkbd.bindings.*.keys
List of keycodes to match.
Type: list of signed integer
Declared by:
<nixpkgs/nixos/modules/services/hardware/actkbd.nix>
|
services.actkbd.extraConfig
Literal contents to append to the end of actkbd configuration file.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/hardware/actkbd.nix>
|
services.actual.enable
Whether to enable actual, a privacy focused app for managing your finances.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/actual.nix>
|
services.actual.package
The actual-server package to use.
Type: package
Default:
pkgs.actual-server
Declared by:
<nixpkgs/nixos/modules/services/web-apps/actual.nix>
|
services.actual.openFirewall
Whether to open the firewall for the specified port.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/actual.nix>
|
services.actual.settings
Server settings, refer to the documentation for available options.
Type: JSON value
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/actual.nix>
|
services.actual.settings.hostname
The address to listen on
Type: string
Default:
"::"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/actual.nix>
|
services.actual.settings.port
The port to listen on
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
3000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/actual.nix>
|
services.adguardhome.enable
Whether to enable AdGuard Home network-wide ad blocker.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/adguardhome.nix>
|
services.adguardhome.package
The package that runs adguardhome.
Type: package
Default:
pkgs.adguardhome
Declared by:
<nixpkgs/nixos/modules/services/networking/adguardhome.nix>
|
services.adguardhome.allowDHCP
Allows AdGuard Home to open raw sockets (CAP_NET_RAW
), which is
required for the integrated DHCP server.
The default enables this conditionally if the declarative configuration enables the integrated DHCP server. Manually setting this option is only required for non-declarative setups.
Type: boolean
Default:
config.services.adguardhome.settings.dhcp.enabled or false
Declared by:
<nixpkgs/nixos/modules/services/networking/adguardhome.nix>
|
services.adguardhome.extraArgs
Extra command line parameters to be passed to the adguardhome binary.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/adguardhome.nix>
|
services.adguardhome.host
Host address to bind HTTP server to.
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/adguardhome.nix>
|
services.adguardhome.mutableSettings
Allow changes made on the AdGuard Home web interface to persist between service restarts.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/adguardhome.nix>
|
services.adguardhome.openFirewall
Open ports in the firewall for the AdGuard Home web interface. Does not open the port needed to access the DNS resolver.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/adguardhome.nix>
|
services.adguardhome.port
Port to serve HTTP pages on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
3000
Declared by:
<nixpkgs/nixos/modules/services/networking/adguardhome.nix>
|
services.adguardhome.settings
AdGuard Home configuration. Refer to https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration#configuration-file for details on supported values.
On start and if mutableSettings
is true
,
these options are merged into the configuration file on start, taking
precedence over configuration changes made on the web interface.
Set this to null
(default) for a non-declarative configuration without any
Nix-supplied values.
Declarative configurations are supplied with a default schema_version
, and http.address
.
Type: null or (YAML value)
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/adguardhome.nix>
|
services.adguardhome.settings.schema_version
Schema version for the configuration.
Defaults to the schema_version
supplied by cfg.package
.
Type: signed integer
Default:
cfg.package.schema_version
Declared by:
<nixpkgs/nixos/modules/services/networking/adguardhome.nix>
|
services.aerospike.enable
Whether to enable Aerospike server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/databases/aerospike.nix>
|
services.aerospike.package
The aerospike package to use.
Type: package
Default:
pkgs.aerospike
Declared by:
<nixpkgs/nixos/modules/services/databases/aerospike.nix>
|
services.aerospike.extraConfig
Extra configuration
Type: strings concatenated with “\n”
Default:
""
Example:
''
namespace test {
replication-factor 2
memory-size 4G
default-ttl 30d
storage-engine memory
}
''
Declared by:
<nixpkgs/nixos/modules/services/databases/aerospike.nix>
|
services.aerospike.networkConfig
network section of configuration file
Type: strings concatenated with “\n”
Default:
''
service {
address any
port 3000
}
heartbeat {
address any
mode mesh
port 3002
interval 150
timeout 10
}
fabric {
address any
port 3001
}
info {
address any
port 3003
}
''
Declared by:
<nixpkgs/nixos/modules/services/databases/aerospike.nix>
|
services.aerospike.workDir
Location where Aerospike stores its files
Type: string
Default:
"/var/lib/aerospike"
Declared by:
<nixpkgs/nixos/modules/services/databases/aerospike.nix>
|
services.aesmd.enable
Whether to enable Intel’s Architectural Enclave Service Manager (AESM) for Intel SGX.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/security/aesmd.nix>
|
services.aesmd.package
The sgx-psw package to use.
Type: package
Default:
pkgs.sgx-psw
Declared by:
<nixpkgs/nixos/modules/services/security/aesmd.nix>
|
services.aesmd.environment
Additional environment variables to pass to the AESM service.
Type: attribute set of string
Default:
{ }
Example:
{
AZDCAP_COLLATERAL_VERSION = "v2";
AZDCAP_DEBUG_LOG_LEVEL = "INFO";
}
Declared by:
<nixpkgs/nixos/modules/services/security/aesmd.nix>
|
services.aesmd.quoteProviderLibrary
Custom quote provider library to use.
Type: null or absolute path
Default:
null
Example:
pkgs.sgx-azure-dcap-client
Declared by:
<nixpkgs/nixos/modules/services/security/aesmd.nix>
|
services.aesmd.settings
AESM configuration
Type: submodule
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/security/aesmd.nix>
|
services.aesmd.settings.defaultQuotingType
Attestation quote type.
Type: null or one of “ecdsa_256”, “epid_linkable”, “epid_unlinkable”
Default:
null
Example:
"ecdsa_256"
Declared by:
<nixpkgs/nixos/modules/services/security/aesmd.nix>
|
services.aesmd.settings.proxy
HTTP network proxy.
Type: null or string
Default:
null
Example:
"http://proxy_url:1234"
Declared by:
<nixpkgs/nixos/modules/services/security/aesmd.nix>
|
services.aesmd.settings.proxyType
Type of proxy to use. The default
uses the system’s default proxy.
If direct
is given, uses no proxy.
A value of manual
uses the proxy from
services.aesmd.settings.proxy
.
Type: null or one of “default”, “direct”, “manual”
Default:
if (config.services.aesmd.settings.proxy != null) then "manual" else null
Example:
"default"
Declared by:
<nixpkgs/nixos/modules/services/security/aesmd.nix>
|
services.aesmd.settings.whitelistUrl
URL to retrieve authorized Intel SGX enclave signers.
Type: null or string
Default:
null
Example:
"http://whitelist.trustedservices.intel.com/SGX/LCWL/Linux/sgx_white_list_cert.bin"
Declared by:
<nixpkgs/nixos/modules/services/security/aesmd.nix>
|
services.agate.enable
Whether to enable Agate Server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/agate.nix>
|
services.agate.package
The agate package to use.
Type: package
Default:
pkgs.agate
Declared by:
<nixpkgs/nixos/modules/services/web-servers/agate.nix>
|
services.agate.addresses
Addresses to listen on, IP:PORT, if you haven’t disabled forwarding only set IPv4.
Type: list of string
Default:
[
"0.0.0.0:1965"
]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/agate.nix>
|
services.agate.certificatesDir
Root of the certificate directory.
Type: absolute path
Default:
"/var/lib/agate/certificates"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/agate.nix>
|
services.agate.contentDir
Root of the content directory.
Type: absolute path
Default:
"/var/lib/agate/content"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/agate.nix>
|
services.agate.extraArgs
Extra arguments to use running agate.
Type: list of string
Default:
[
""
]
Example:
[
"--log-ip"
]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/agate.nix>
|
services.agate.hostnames
Domain name of this Gemini server, enables checking hostname and port in requests. (multiple occurrences means basic vhosts)
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/agate.nix>
|
services.agate.language
RFC 4646 Language code for text/gemini documents.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/agate.nix>
|
services.agate.onlyTls_1_3
Only use TLSv1.3 (default also allows TLSv1.2).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/agate.nix>
|
services.agorakit.enable
Whether to enable agorakit.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.appKeyFile
A file containing the Laravel APP_KEY - a 32 character long, base64 encoded key used for encryption where needed. Can be generated with <code>head -c 32 /dev/urandom | base64</code>.
Type: absolute path
Example:
"/run/keys/agorakit-appkey"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.appURL
The root URL that you want to host agorakit on. All URLs in agorakit will be generated using this value. If you change this in the future you may need to run a command to update stored URLs in the database. Command example: <code>php artisan agorakit:update-url https://old.example.com https://new.example.com</code>
Type: string
Default:
"http\${lib.optionalString tlsEnabled \"s\"}://\${cfg.hostName}"
Example:
"https://example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.config
Agorakit configuration options to set in the <filename>.env</filename> file.
Refer to <link xlink:href=“https://github.com/agorakit/agorakit”/> for details on supported values.
Settings containing secret data should be set to an attribute set containing the attribute <literal>_secret</literal> - a string pointing to a file containing the value the option should be set to. See the example to get a better picture of this: in the resulting <filename>.env</filename> file, the <literal>OIDC_CLIENT_SECRET</literal> key will be set to the contents of the <filename>/run/keys/oidc_secret</filename> file.
Type: attribute set of (null or boolean or signed integer or 16 bit unsigned integer; between 0 and 65535 (both inclusive) or absolute path or string or (submodule))
Default:
{ }
Example:
''
{
ALLOWED_IFRAME_HOSTS = "https://example.com";
AUTH_METHOD = "oidc";
OIDC_NAME = "MyLogin";
OIDC_DISPLAY_NAME_CLAIMS = "name";
OIDC_CLIENT_ID = "agorakit";
OIDC_CLIENT_SECRET = {_secret = "/run/keys/oidc_secret"};
OIDC_ISSUER = "https://keycloak.example.com/auth/realms/My%20Realm";
OIDC_ISSUER_DISCOVER = true;
}
''
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.dataDir
agorakit data directory
Type: absolute path
Default:
"/var/lib/agorakit"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.database.createLocally
Create the database and database user locally.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.database.host
Database host address.
Type: string
Default:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.database.name
Database name.
Type: string
Default:
"agorakit"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.database.passwordFile
A file containing the password corresponding to <option>database.user</option>.
Type: null or absolute path
Default:
null
Example:
"/run/keys/agorakit-dbpassword"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.database.port
Database host port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
3306
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.database.user
Database username.
Type: string
Default:
user
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.group
Group agorakit runs as.
Type: string
Default:
"agorakit"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.hostName
The hostname to serve agorakit on.
Type: string
Default:
config.networking.fqdn
Example:
"agorakit.example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.mail.driver
Mail driver to use.
Type: one of “smtp”, “sendmail”
Default:
"smtp"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.mail.encryption
SMTP encryption mechanism to use.
Type: null or value “tls” (singular enum)
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.mail.from
Mail “from” email.
Type: string
Default:
"mail@agorakit.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.mail.fromName
Mail “from” name.
Type: string
Default:
"agorakit"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.mail.host
Mail host address.
Type: string
Default:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.mail.passwordFile
A file containing the password corresponding to <option>mail.user</option>.
Type: null or absolute path
Default:
null
Example:
"/run/keys/agorakit-mailpassword"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.mail.port
Mail host port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
1025
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.mail.user
Mail username.
Type: null or string
Default:
null
Example:
"agorakit"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.maxUploadSize
The maximum size for uploads (e.g. images).
Type: string
Default:
"18M"
Example:
"1G"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx
With this option, you can customize the nginx virtualHost settings.
Type: submodule
Default:
{ }
Example:
''
{
serverAliases = [
"agorakit.''${config.networking.domain}"
];
# To enable encryption and let let's encrypt take care of certificate
forceSSL = true;
enableACME = true;
}
''
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.enableACME
Whether to ask Let’s Encrypt to sign a certificate for this vhost.
Alternately, you can use an existing certificate through useACMEHost
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.acmeFallbackHost
Host which to proxy requests to if ACME challenge is not found. Useful if you want multiple hosts to be able to verify the same domain name.
With this option, you could request certificates for the present domain with an ACME client that is running on another host, which you would specify here.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.acmeRoot
Directory for the ACME challenge, which is public. Don’t put certs or keys in here. Set to null to inherit from config.security.acme.
Type: null or string
Default:
"/var/lib/acme/acme-challenge"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.addSSL
Whether to enable HTTPS in addition to plain HTTP. This will set defaults for
listen
to listen on all interfaces on the respective default
ports (80, 443).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.basicAuth
Basic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the Nix store.
Type: attribute set of string
Default:
{ }
Example:
{
user = "password";
};
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.basicAuthFile
Basic Auth password file for a vhost. Can be created by running nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.default
Makes this vhost the default.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.extraConfig
These lines go to the end of the vhost verbatim.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.forceSSL
Whether to add a separate nginx server block that redirects (defaults
to 301, configurable with redirectCode
) all plain HTTP traffic to
HTTPS. This will set defaults for listen
to listen on all interfaces
on the respective default ports (80, 443), where the non-SSL listens
are used for the redirect vhosts.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.globalRedirect
If set, all requests for this host are redirected (defaults to 301,
configurable with redirectCode
) to the given hostname.
Type: null or string
Default:
null
Example:
"newserver.example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.http2
Whether to enable the HTTP/2 protocol. Note that (as of writing) due to nginx’s implementation, to disable HTTP/2 you have to disable it on all vhosts that use a given IP address / port. If there is one server block configured to enable http2, then it is enabled for all server blocks on this IP. See https://stackoverflow.com/a/39466948/263061.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.http3
Whether to enable the HTTP/3 protocol.
This requires using pkgs.nginxQuic
package
which can be achieved by setting services.nginx.package = pkgs.nginxQuic;
and activate the QUIC transport protocol
services.nginx.virtualHosts.<name>.quic = true;
.
Note that HTTP/3 support is experimental and not yet recommended for production.
Read more at https://quic.nginx.org/
HTTP/3 availability must be manually advertised, preferably in each location block.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.http3_hq
Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests.
This requires using pkgs.nginxQuic
package
which can be achieved by setting services.nginx.package = pkgs.nginxQuic;
and activate the QUIC transport protocol
services.nginx.virtualHosts.<name>.quic = true;
.
Note that special application protocol support is experimental and not yet recommended for production.
Read more at https://quic.nginx.org/
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.kTLS
Whether to enable kTLS support. Implementing TLS in the kernel (kTLS) improves performance by significantly reducing the need for copying operations between user space and the kernel. Required Nginx version 1.21.4 or later.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.listen
Listen addresses and ports for this virtual host.
IPv6 addresses must be enclosed in square brackets.
Note: this option overrides addSSL
and onlySSL
.
If you only want to set the addresses manually and not
the ports, take a look at listenAddresses
.
Type: list of (submodule)
Default:
[ ]
Example:
[
{
addr = "195.154.1.1";
port = 443;
ssl = true;
}
{
addr = "192.154.1.1";
port = 80;
}
{
addr = "unix:/var/run/nginx.sock";
}
]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.listen.*.addr
Listen address.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.listen.*.extraParameters
Extra parameters of this listen directive.
Type: list of string
Default:
[ ]
Example:
[
"backlog=1024"
"deferred"
]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.listen.*.port
Port number to listen on. If unset and the listen address is not a socket then nginx defaults to 80.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.listen.*.proxyProtocol
Enable PROXY protocol.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.listen.*.ssl
Enable SSL.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.listenAddresses
Listen addresses for this virtual host.
Compared to listen
this only sets the addresses
and the ports are chosen automatically.
Note: This option overrides enableIPv6
Type: list of string
Default:
[ ]
Example:
[
"127.0.0.1"
"[::1]"
]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.locations
Declarative location config
Type: attribute set of (submodule)
Default:
{ }
Example:
{
"/" = {
proxyPass = "http://localhost:3000";
};
};
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.locations.<name>.alias
Alias directory for requests.
Type: null or absolute path
Default:
null
Example:
"/your/alias/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.locations.<name>.basicAuth
Basic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the Nix store.
Type: attribute set of string
Default:
{ }
Example:
{
user = "password";
};
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.locations.<name>.basicAuthFile
Basic Auth password file for a vhost. Can be created by running nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.locations.<name>.extraConfig
These lines go to the end of the location verbatim.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.locations.<name>.fastcgiParams
FastCGI parameters to override. Unlike in the Nginx configuration file, overriding only some default parameters won’t unset the default values for other parameters.
Type: attribute set of (string or absolute path)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.locations.<name>.index
Adds index directive.
Type: null or string
Default:
null
Example:
"index.php index.html"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.locations.<name>.priority
Order of this location block in relation to the others in the vhost.
The semantics are the same as with lib.mkOrder
. Smaller values have
a greater priority.
Type: signed integer
Default:
1000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.locations.<name>.proxyPass
Adds proxy_pass directive and sets recommended proxy headers if recommendedProxySettings is enabled.
Type: null or string
Default:
null
Example:
"http://www.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.locations.<name>.proxyWebsockets
Whether to support proxying websocket connections with HTTP/1.1.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.locations.<name>.recommendedProxySettings
Enable recommended proxy settings.
Type: boolean
Default:
config.services.nginx.recommendedProxySettings
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.locations.<name>.recommendedUwsgiSettings
Enable recommended uwsgi settings.
Type: boolean
Default:
config.services.nginx.recommendedUwsgiSettings
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.locations.<name>.return
Adds a return directive, for e.g. redirections.
Type: null or string or signed integer
Default:
null
Example:
"301 http://example.com$request_uri"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.locations.<name>.root
Root directory for requests.
Type: null or absolute path
Default:
null
Example:
"/your/root/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.locations.<name>.tryFiles
Adds try_files directive.
Type: null or string
Default:
null
Example:
"$uri =404"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.locations.<name>.uwsgiPass
Adds uwsgi_pass directive and sets recommended proxy headers if recommendedUwsgiSettings is enabled.
Type: null or string
Default:
null
Example:
"unix:/run/example/example.sock"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.onlySSL
Whether to enable HTTPS and reject plain HTTP connections. This will set
defaults for listen
to listen on all interfaces on port 443.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.quic
Whether to enable the QUIC transport protocol.
This requires using pkgs.nginxQuic
package
which can be achieved by setting services.nginx.package = pkgs.nginxQuic;
.
Note that QUIC support is experimental and
not yet recommended for production.
Read more at https://quic.nginx.org/
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.redirectCode
HTTP status used by globalRedirect
and forceSSL
. Possible usecases
include temporary (302, 307) redirects, keeping the request method and
body (307, 308), or explicitly resetting the method to GET (303).
See https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections.
Type: integer between 300 and 399 (both inclusive)
Default:
301
Example:
308
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.rejectSSL
Whether to listen for and reject all HTTPS connections to this vhost. Useful in
default
server blocks to avoid serving the certificate for another vhost. Uses the
ssl_reject_handshake
directive available in nginx versions
1.19.4 and above.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.reuseport
Create an individual listening socket . It is required to specify only once on one of the hosts.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.root
The path of the web root directory.
Type: null or absolute path
Default:
null
Example:
"/data/webserver/docs"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.serverAliases
Additional names of virtual hosts served by this virtual host configuration.
Type: list of string
Default:
[ ]
Example:
[
"www.example.org"
"example.org"
]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.serverName
Name of this virtual host. Defaults to attribute name in virtualHosts.
Type: null or string
Default:
null
Example:
"example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.sslCertificate
Path to server SSL certificate.
Type: absolute path
Example:
"/var/host.cert"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.sslCertificateKey
Path to server SSL certificate key.
Type: absolute path
Example:
"/var/host.key"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.sslTrustedCertificate
Path to root SSL certificate for stapling and client certificates.
Type: null or absolute path
Default:
null
Example:
"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.nginx.useACMEHost
A host of an existing Let’s Encrypt certificate to use.
This is useful if you have many subdomains and want to avoid hitting the
rate limit.
Alternately, you can generate a certificate through enableACME
.
Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using security.acme.certs
.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.poolConfig
Options for the agorakit PHP pool. See the documentation on <literal>php-fpm.conf</literal> for details on configuration directives.
Type: attribute set of (string or signed integer or boolean)
Default:
{
pm = "dynamic";
"pm.max_children" = 32;
"pm.max_requests" = 500;
"pm.max_spare_servers" = 4;
"pm.min_spare_servers" = 2;
"pm.start_servers" = 2;
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.agorakit.user
User agorakit runs as.
Type: string
Default:
"agorakit"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/agorakit.nix>
|
services.airsonic.enable
Whether to enable Airsonic, the Free and Open Source media streaming server (fork of Subsonic and Libresonic).
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/airsonic.nix>
|
services.airsonic.contextPath
The context path, i.e., the last part of the Airsonic URL. Typically ‘/’ or ‘/airsonic’. Default ‘/’
Type: absolute path
Default:
"/"
Declared by:
<nixpkgs/nixos/modules/services/misc/airsonic.nix>
|
services.airsonic.home
The directory where Airsonic will create files. Make sure it is writable.
Type: absolute path
Default:
"/var/lib/airsonic"
Declared by:
<nixpkgs/nixos/modules/services/misc/airsonic.nix>
|
services.airsonic.jre
The jre8 package to use. ::: {.note} Airsonic only supports Java 8, airsonic-advanced requires at least Java 11. :::
Type: package
Default:
pkgs.jre8
Declared by:
<nixpkgs/nixos/modules/services/misc/airsonic.nix>
|
services.airsonic.jvmOptions
Extra command line options for the JVM running AirSonic. Useful for sending jukebox output to non-default alsa devices.
Type: list of string
Default:
[ ]
Example:
[
"-Djavax.sound.sampled.Clip='#CODEC [plughw:1,0]'"
"-Djavax.sound.sampled.Port='#Port CODEC [hw:1]'"
"-Djavax.sound.sampled.SourceDataLine='#CODEC [plughw:1,0]'"
"-Djavax.sound.sampled.TargetDataLine='#CODEC [plughw:1,0]'"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/airsonic.nix>
|
services.airsonic.listenAddress
The host name or IP address on which to bind Airsonic. The default value is appropriate for first launch, when the default credentials are easy to guess. It is also appropriate if you intend to use the virtualhost option in the service module. In other cases, you may want to change this to a specific IP or 0.0.0.0 to listen on all interfaces.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/misc/airsonic.nix>
|
services.airsonic.maxMemory
The memory limit (max Java heap size) in megabytes. Default: 100
Type: signed integer
Default:
100
Declared by:
<nixpkgs/nixos/modules/services/misc/airsonic.nix>
|
services.airsonic.port
The port on which Airsonic will listen for incoming HTTP traffic. Set to 0 to disable.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
4040
Declared by:
<nixpkgs/nixos/modules/services/misc/airsonic.nix>
|
services.airsonic.transcoders
List of paths to transcoder executables that should be accessible from Airsonic. Symlinks will be created to each executable inside ${config.services.airsonic.home}/transcoders.
Type: list of absolute path
Default:
[ "${pkgs.ffmpeg.bin}/bin/ffmpeg" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/airsonic.nix>
|
services.airsonic.user
User account under which airsonic runs.
Type: string
Default:
"airsonic"
Declared by:
<nixpkgs/nixos/modules/services/misc/airsonic.nix>
|
services.airsonic.virtualHost
Name of the nginx virtualhost to use and setup. If null, do not setup any virtualhost.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/airsonic.nix>
|
services.airsonic.war
Airsonic war file to use.
Type: absolute path
Default:
"${pkgs.airsonic}/webapps/airsonic.war"
Declared by:
<nixpkgs/nixos/modules/services/misc/airsonic.nix>
|
services.akkoma.enable
Whether to enable Akkoma.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.package
The akkoma package to use.
Type: package
Default:
pkgs.akkoma
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.config
Configuration for Akkoma. The attributes are serialised to Elixir DSL.
Refer to https://docs.akkoma.dev/stable/configuration/cheatsheet/ for configuration options.
Settings containing secret data should be set to an attribute set containing the
attribute _secret
- a string pointing to a file containing the value the option
should be set to.
Type: attribute set of attribute set of (Elixir value)
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.config.":joken".":default_signer"
JWT signing secret.
The attribute _secret
should point to a file containing the secret.
This secret can be generated as follows:
$ tr -dc 'A-Za-z0-9-._~' </dev/urandom | head -c 64
Type: secret value
Default:
{
_secret = "/var/lib/secrets/akkoma/jwt-signer";
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.config.":logger".":ex_syslogger".level
Log level.
Refer to https://hexdocs.pm/logger/Logger.html#module-levels for options.
Type: non-empty string
Default:
":info"
Example:
":warning"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.config.":pleroma".":frontends"
Frontend configuration.
Users should rely on the default value and prefer to configure frontends through
config.services.akkoma.frontends
.
Type: Elixir value
Default:
lib.mapAttrs (key: val:
(pkgs.formats.elixirConf { }).lib.mkMap { name = val.name; ref = val.ref; })
config.services.akkoma.frontends;
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.config.":pleroma".":instance".description
Instance description.
Type: non-empty string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.config.":pleroma".":instance".email
Instance administrator email.
Type: non-empty string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.config.":pleroma".":instance".name
Instance name.
Type: non-empty string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.config.":pleroma".":instance".static_dir
Directory of static files.
This directory can be built using a derivation, or it can be managed as mutable state by setting the option to an absolute path.
Type: absolute path
Default: Derivation gathering the following paths into a directory:
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.config.":pleroma".":instance".upload_dir
Directory where Akkoma will put uploaded files.
Type: absolute path
Default:
"/var/lib/akkoma/uploads"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.config.":pleroma".":media_proxy".enabled
Whether to enable proxying of remote media through the instance’s proxy.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.config.":pleroma".":media_proxy".base_url
Base path for the media proxy. Whilst this can just be set to a subdirectory of the main domain, it is now recommended to use a different subdomain.
Type: null or non-empty string
Default:
if lib.versionOlder config.system.stateVersion "24.05"
then "$\{httpConf.scheme}://$\{httpConf.host}:$\{builtins.toString httpConf.port}"
else null;
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.config.":pleroma"."Pleroma.Repo"
Database configuration.
Refer to https://hexdocs.pm/ecto_sql/Ecto.Adapters.Postgres.html#module-connection-options for options.
Type: Elixir value
Default:
{
adapter = (pkgs.formats.elixirConf { }).lib.mkRaw "Ecto.Adapters.Postgres";
socket_dir = "/run/postgresql";
username = config.services.akkoma.user;
database = "akkoma";
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.config.":pleroma"."Pleroma.Upload".base_url
Base path which uploads will be stored at. Whilst this can just be set to a subdirectory of the main domain, it is now recommended to use a different subdomain.
Type: non-empty string
Default:
if lib.versionOlder config.system.stateVersion "24.05"
then "$\{httpConf.scheme}://$\{httpConf.host}:$\{builtins.toString httpConf.port}/media/"
else null;
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.config.":pleroma"."Pleroma.Web.Endpoint".http.ip
Listener IP address or Unix socket path.
The value is automatically converted to Elixir’s internal address representation during serialisation.
Type: absolute path or IPv4 or IPv6 address
Default:
"/run/akkoma/socket"
Example:
"::1"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.config.":pleroma"."Pleroma.Web.Endpoint".http.port
Listener port number.
Must be 0 if using a Unix socket.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
if isAbsolutePath config.services.akkoma.config.:pleroma"."Pleroma.Web.Endpoint".http.ip
then 0
else 4000;
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.config.":pleroma"."Pleroma.Web.Endpoint".live_view.signing_salt
LiveView signing salt.
The attribute _secret
should point to a file containing the secret.
This salt can be generated as follows:
$ tr -dc 'A-Za-z0-9-._~' </dev/urandom | head -c 8
Type: secret value
Default:
{
_secret = "/var/lib/secrets/akkoma/liveview-salt";
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.config.":pleroma"."Pleroma.Web.Endpoint".secret_key_base
Secret key used as a base to generate further secrets for encrypting and signing data.
The attribute _secret
should point to a file containing the secret.
This key can generated can be generated as follows:
$ tr -dc 'A-Za-z-._~' </dev/urandom | head -c 64
Type: secret value
Default:
{
_secret = "/var/lib/secrets/akkoma/key-base";
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.config.":pleroma"."Pleroma.Web.Endpoint".signing_salt
Signing salt.
The attribute _secret
should point to a file containing the secret.
This salt can be generated as follows:
$ tr -dc 'A-Za-z0-9-._~' </dev/urandom | head -c 8
Type: secret value
Default:
{
_secret = "/var/lib/secrets/akkoma/signing-salt";
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.config.":pleroma"."Pleroma.Web.Endpoint".url.host
Domain name of the instance.
Type: non-empty string
Default:
config.networking.fqdn
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.config.":pleroma"."Pleroma.Web.Endpoint".url.port
External port number.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
443
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.config.":pleroma"."Pleroma.Web.Endpoint".url.scheme
URL scheme.
Type: non-empty string
Default:
"https"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.config.":web_push_encryption"
Web Push Notifications configuration.
The necessary key pair can be generated as follows:
$ nix-shell -p nodejs --run 'npx web-push generate-vapid-keys'
Type: Elixir value
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.config.":web_push_encryption".":vapid_details".private_key
base64-encoded private ECDH key.
The attribute _secret
should point to a file containing the secret.
Type: secret value
Default:
{
_secret = "/var/lib/secrets/akkoma/vapid-private";
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.config.":web_push_encryption".":vapid_details".public_key
base64-encoded public ECDH key.
Type: non-empty string or secret value
Default:
{
_secret = "/var/lib/secrets/akkoma/vapid-public";
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.config.":web_push_encryption".":vapid_details".subject
mailto URI for administrative contact.
Type: non-empty string
Default:
"mailto:${config.services.akkoma.config.":pleroma".":instance".email}"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.dist.address
Listen address for Erlang distribution protocol and Port Mapper Daemon (epmd).
Type: IPv4 or IPv6 address
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.dist.cookie
Erlang release cookie.
If set to null
, a temporary random cookie will be generated.
Type: null or secret value
Default:
null
Example:
{
_secret = "/var/lib/secrets/akkoma/releaseCookie";
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.dist.epmdPort
TCP port to bind Erlang Port Mapper Daemon to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
4369
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.dist.extraFlags
Extra flags to pass to Erlang
Type: list of string
Default:
[ ]
Example:
[
"+sbwt"
"none"
"+sbwtdcpu"
"none"
"+sbwtdio"
"none"
]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.dist.portMax
Upper bound for Erlang distribution protocol TCP port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
65535
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.dist.portMin
Lower bound for Erlang distribution protocol TCP port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
49152
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.extraPackages
List of extra packages to include in the executable search path of the service unit. These are needed by various configurable components such as:
ExifTool for the Pleroma.Upload.Filter.Exiftool
upload filter,
ImageMagick for still image previews in the media proxy as well as for the
Pleroma.Upload.Filters.Mogrify
upload filter, and
ffmpeg for video previews in the media proxy.
Type: list of package
Default:
with pkgs; [ exiftool ffmpeg-headless imagemagick ]
Example:
with pkgs; [ exiftool ffmpeg-full imagemagick ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.extraStatic
Attribute set of extra packages to add to the static files directory.
Do not add frontends here. These should be configured through
services.akkoma.frontends
.
Type: null or (attribute set of package)
Default:
null
Example:
{
"emoji/blobs.gg" = pkgs.blobs_gg;
"static/terms-of-service.html" = pkgs.writeText "terms-of-service.html" ''
…
'';
"favicon.png" = let
rev = "697a8211b0f427a921e7935a35d14bb3e32d0a2c";
in pkgs.stdenvNoCC.mkDerivation {
name = "favicon.png";
src = pkgs.fetchurl {
url = "https://raw.githubusercontent.com/TilCreator/NixOwO/${rev}/NixOwO_plain.svg";
hash = "sha256-tWhHMfJ3Od58N9H5yOKPMfM56hYWSOnr/TGCBi8bo9E=";
};
nativeBuildInputs = with pkgs; [ librsvg ];
dontUnpack = true;
installPhase = ''
rsvg-convert -o $out -w 96 -h 96 $src
'';
};
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.frontends
Akkoma frontends.
Type: attribute set of (submodule)
Default:
{
primary = {
package = pkgs.akkoma-fe;
name = "akkoma-fe";
ref = "stable";
};
admin = {
package = pkgs.akkoma-admin-fe;
name = "admin-fe";
ref = "stable";
};
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.frontends.<name>.package
Akkoma frontend package.
Type: package
Example:
pkgs.akkoma-fe
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.frontends.<name>.name
Akkoma frontend name.
Type: non-empty string
Example:
"akkoma-fe"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.frontends.<name>.ref
Akkoma frontend reference.
Type: non-empty string
Example:
"stable"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.group
Group account under which Akkoma runs.
Type: non-empty string
Default:
"akkoma"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.initDb.enable
Whether to automatically initialise the database on startup. This will create a database role and database if they do not already exist, and (re)set the role password and the ownership of the database.
This setting can be used safely even if the database already exists and contains data.
The database settings are configured through
config.services.akkoma.config.":pleroma"."Pleroma.Repo"
.
If disabled, the database has to be set up manually:
CREATE ROLE akkoma LOGIN;
CREATE DATABASE akkoma
OWNER akkoma
TEMPLATE template0
ENCODING 'utf8'
LOCALE 'C';
\connect akkoma
CREATE EXTENSION IF NOT EXISTS citext;
CREATE EXTENSION IF NOT EXISTS pg_trgm;
CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.initDb.password
Password of the database user to initialise the database with.
If set to null
, no password will be used.
The attribute _secret
should point to a file containing the secret.
Type: null or secret value
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.initDb.username
Name of the database user to initialise the database with.
This user is required to have the CREATEROLE
and CREATEDB
capabilities.
Type: non-empty string
Default:
config.services.postgresql.superUser
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.initSecrets
Whether to initialise non‐existent secrets with random values.
If enabled, appropriate secrets for the following options will be created automatically
if the files referenced in the _secrets
attribute do not exist during startup.
config.":pleroma"."Pleroma.Web.Endpoint".secret_key_base
config.":pleroma"."Pleroma.Web.Endpoint".signing_salt
config.":pleroma"."Pleroma.Web.Endpoint".live_view.signing_salt
config.":web_push_encryption".":vapid_details".private_key
config.":web_push_encryption".":vapid_details".public_key
config.":joken".":default_signer"
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.installWrapper
Whether to install a wrapper around pleroma_ctl
to simplify administration of the
Akkoma instance.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx
Extra configuration for the nginx virtual host of Akkoma.
If set to null
, no virtual host will be added to the nginx configuration.
Type: null or (submodule)
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.enableACME
Whether to ask Let’s Encrypt to sign a certificate for this vhost.
Alternately, you can use an existing certificate through useACMEHost
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.acmeFallbackHost
Host which to proxy requests to if ACME challenge is not found. Useful if you want multiple hosts to be able to verify the same domain name.
With this option, you could request certificates for the present domain with an ACME client that is running on another host, which you would specify here.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.acmeRoot
Directory for the ACME challenge, which is public. Don’t put certs or keys in here. Set to null to inherit from config.security.acme.
Type: null or string
Default:
"/var/lib/acme/acme-challenge"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.addSSL
Whether to enable HTTPS in addition to plain HTTP. This will set defaults for
listen
to listen on all interfaces on the respective default
ports (80, 443).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.basicAuth
Basic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the Nix store.
Type: attribute set of string
Default:
{ }
Example:
{
user = "password";
};
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.basicAuthFile
Basic Auth password file for a vhost. Can be created by running nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.default
Makes this vhost the default.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.extraConfig
These lines go to the end of the vhost verbatim.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.forceSSL
Whether to add a separate nginx server block that redirects (defaults
to 301, configurable with redirectCode
) all plain HTTP traffic to
HTTPS. This will set defaults for listen
to listen on all interfaces
on the respective default ports (80, 443), where the non-SSL listens
are used for the redirect vhosts.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.globalRedirect
If set, all requests for this host are redirected (defaults to 301,
configurable with redirectCode
) to the given hostname.
Type: null or string
Default:
null
Example:
"newserver.example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.http2
Whether to enable the HTTP/2 protocol. Note that (as of writing) due to nginx’s implementation, to disable HTTP/2 you have to disable it on all vhosts that use a given IP address / port. If there is one server block configured to enable http2, then it is enabled for all server blocks on this IP. See https://stackoverflow.com/a/39466948/263061.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.http3
Whether to enable the HTTP/3 protocol.
This requires using pkgs.nginxQuic
package
which can be achieved by setting services.nginx.package = pkgs.nginxQuic;
and activate the QUIC transport protocol
services.nginx.virtualHosts.<name>.quic = true;
.
Note that HTTP/3 support is experimental and not yet recommended for production.
Read more at https://quic.nginx.org/
HTTP/3 availability must be manually advertised, preferably in each location block.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.http3_hq
Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests.
This requires using pkgs.nginxQuic
package
which can be achieved by setting services.nginx.package = pkgs.nginxQuic;
and activate the QUIC transport protocol
services.nginx.virtualHosts.<name>.quic = true;
.
Note that special application protocol support is experimental and not yet recommended for production.
Read more at https://quic.nginx.org/
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.kTLS
Whether to enable kTLS support. Implementing TLS in the kernel (kTLS) improves performance by significantly reducing the need for copying operations between user space and the kernel. Required Nginx version 1.21.4 or later.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.listen
Listen addresses and ports for this virtual host.
IPv6 addresses must be enclosed in square brackets.
Note: this option overrides addSSL
and onlySSL
.
If you only want to set the addresses manually and not
the ports, take a look at listenAddresses
.
Type: list of (submodule)
Default:
[ ]
Example:
[
{
addr = "195.154.1.1";
port = 443;
ssl = true;
}
{
addr = "192.154.1.1";
port = 80;
}
{
addr = "unix:/var/run/nginx.sock";
}
]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.listen.*.addr
Listen address.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.listen.*.extraParameters
Extra parameters of this listen directive.
Type: list of string
Default:
[ ]
Example:
[
"backlog=1024"
"deferred"
]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.listen.*.port
Port number to listen on. If unset and the listen address is not a socket then nginx defaults to 80.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.listen.*.proxyProtocol
Enable PROXY protocol.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.listen.*.ssl
Enable SSL.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.listenAddresses
Listen addresses for this virtual host.
Compared to listen
this only sets the addresses
and the ports are chosen automatically.
Note: This option overrides enableIPv6
Type: list of string
Default:
[ ]
Example:
[
"127.0.0.1"
"[::1]"
]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.locations
Declarative location config
Type: attribute set of (submodule)
Default:
{ }
Example:
{
"/" = {
proxyPass = "http://localhost:3000";
};
};
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.locations.<name>.alias
Alias directory for requests.
Type: null or absolute path
Default:
null
Example:
"/your/alias/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.locations.<name>.basicAuth
Basic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the Nix store.
Type: attribute set of string
Default:
{ }
Example:
{
user = "password";
};
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.locations.<name>.basicAuthFile
Basic Auth password file for a vhost. Can be created by running nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.locations.<name>.extraConfig
These lines go to the end of the location verbatim.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.locations.<name>.fastcgiParams
FastCGI parameters to override. Unlike in the Nginx configuration file, overriding only some default parameters won’t unset the default values for other parameters.
Type: attribute set of (string or absolute path)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.locations.<name>.index
Adds index directive.
Type: null or string
Default:
null
Example:
"index.php index.html"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.locations.<name>.priority
Order of this location block in relation to the others in the vhost.
The semantics are the same as with lib.mkOrder
. Smaller values have
a greater priority.
Type: signed integer
Default:
1000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.locations.<name>.proxyPass
Adds proxy_pass directive and sets recommended proxy headers if recommendedProxySettings is enabled.
Type: null or string
Default:
null
Example:
"http://www.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.locations.<name>.proxyWebsockets
Whether to support proxying websocket connections with HTTP/1.1.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.locations.<name>.recommendedProxySettings
Enable recommended proxy settings.
Type: boolean
Default:
config.services.nginx.recommendedProxySettings
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.locations.<name>.recommendedUwsgiSettings
Enable recommended uwsgi settings.
Type: boolean
Default:
config.services.nginx.recommendedUwsgiSettings
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.locations.<name>.return
Adds a return directive, for e.g. redirections.
Type: null or string or signed integer
Default:
null
Example:
"301 http://example.com$request_uri"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.locations.<name>.root
Root directory for requests.
Type: null or absolute path
Default:
null
Example:
"/your/root/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.locations.<name>.tryFiles
Adds try_files directive.
Type: null or string
Default:
null
Example:
"$uri =404"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.locations.<name>.uwsgiPass
Adds uwsgi_pass directive and sets recommended proxy headers if recommendedUwsgiSettings is enabled.
Type: null or string
Default:
null
Example:
"unix:/run/example/example.sock"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.onlySSL
Whether to enable HTTPS and reject plain HTTP connections. This will set
defaults for listen
to listen on all interfaces on port 443.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.quic
Whether to enable the QUIC transport protocol.
This requires using pkgs.nginxQuic
package
which can be achieved by setting services.nginx.package = pkgs.nginxQuic;
.
Note that QUIC support is experimental and
not yet recommended for production.
Read more at https://quic.nginx.org/
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.redirectCode
HTTP status used by globalRedirect
and forceSSL
. Possible usecases
include temporary (302, 307) redirects, keeping the request method and
body (307, 308), or explicitly resetting the method to GET (303).
See https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections.
Type: integer between 300 and 399 (both inclusive)
Default:
301
Example:
308
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.rejectSSL
Whether to listen for and reject all HTTPS connections to this vhost. Useful in
default
server blocks to avoid serving the certificate for another vhost. Uses the
ssl_reject_handshake
directive available in nginx versions
1.19.4 and above.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.reuseport
Create an individual listening socket . It is required to specify only once on one of the hosts.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.root
The path of the web root directory.
Type: null or absolute path
Default:
null
Example:
"/data/webserver/docs"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.serverAliases
Additional names of virtual hosts served by this virtual host configuration.
Type: list of string
Default:
[ ]
Example:
[
"www.example.org"
"example.org"
]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.serverName
Name of this virtual host. Defaults to attribute name in virtualHosts.
Type: null or string
Default:
null
Example:
"example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.sslCertificate
Path to server SSL certificate.
Type: absolute path
Example:
"/var/host.cert"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.sslCertificateKey
Path to server SSL certificate key.
Type: absolute path
Example:
"/var/host.key"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.sslTrustedCertificate
Path to root SSL certificate for stapling and client certificates.
Type: null or absolute path
Default:
null
Example:
"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.nginx.useACMEHost
A host of an existing Let’s Encrypt certificate to use.
This is useful if you have many subdomains and want to avoid hitting the
rate limit.
Alternately, you can generate a certificate through enableACME
.
Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using security.acme.certs
.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.akkoma.user
User account under which Akkoma runs.
Type: non-empty string
Default:
"akkoma"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/akkoma.nix>
|
services.alerta.enable
Whether to enable alerta.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/alerta.nix>
|
services.alerta.authenticationRequired
Whether users must authenticate when using the web UI or command-line tool
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/alerta.nix>
|
services.alerta.bind
Address to bind to. The default is to bind to all addresses
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/alerta.nix>
|
services.alerta.corsOrigins
List of URLs that can access the API for Cross-Origin Resource Sharing (CORS)
Type: list of string
Default:
[
"http://localhost"
"http://localhost:5000"
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/alerta.nix>
|
services.alerta.databaseName
Name of the database instance to connect to
Type: string
Default:
"monitoring"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/alerta.nix>
|
services.alerta.databaseUrl
URL of the MongoDB or PostgreSQL database to connect to
Type: string
Default:
"mongodb://localhost"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/alerta.nix>
|
services.alerta.extraConfig
These lines go into alertad.conf verbatim.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/alerta.nix>
|
services.alerta.logDir
Location where the logfiles are stored
Type: absolute path
Default:
"/var/log/alerta"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/alerta.nix>
|
services.alerta.port
Port of Alerta
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
5000
Declared by:
<nixpkgs/nixos/modules/services/monitoring/alerta.nix>
|
services.alerta.signupEnabled
Whether to prevent sign-up of new users via the web UI
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/alerta.nix>
|
services.alice-lg.enable
Whether to enable Alice Looking Glass.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/alice-lg.nix>
|
services.alice-lg.package
The alice-lg package to use.
Type: package
Default:
pkgs.alice-lg
Declared by:
<nixpkgs/nixos/modules/services/networking/alice-lg.nix>
|
services.alice-lg.settings
alice-lg configuration, for configuration options see the example on github
Type: attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))
Default:
{ }
Example:
{
server = {
# configures the built-in webserver and provides global application settings
listen_http = "127.0.0.1:7340";
enable_prefix_lookup = true;
asn = 9033;
store_backend = postgres;
routes_store_refresh_parallelism = 5;
neighbors_store_refresh_parallelism = 10000;
routes_store_refresh_interval = 5;
neighbors_store_refresh_interval = 5;
};
postgres = {
url = "postgres://postgres:postgres@localhost:5432/alice";
min_connections = 2;
max_connections = 128;
};
pagination = {
routes_filtered_page_size = 250;
routes_accepted_page_size = 250;
routes_not_exported_page_size = 250;
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/alice-lg.nix>
|
services.alloy.enable
Whether to enable Grafana Alloy.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/alloy.nix>
|
services.alloy.package
The grafana-alloy package to use.
Type: package
Default:
pkgs.grafana-alloy
Declared by:
<nixpkgs/nixos/modules/services/monitoring/alloy.nix>
|
services.alloy.configPath
Alloy configuration file/directory path.
We default to /etc/alloy
here, and expect the user to configure a
configuration file via environment.etc."alloy/config.alloy"
.
This allows config reload, contrary to specifying a store path.
All .alloy
files in the same directory (ignoring subdirs) are also
honored and are added to systemd.services.alloy.reloadTriggers
to
enable config reload during nixos-rebuild switch.
This can also point to another directory containing *.alloy
files, or
a single Alloy file in the Nix store (at the cost of reload).
Component names must be unique across all Alloy configuration files, and configuration blocks must not be repeated.
Alloy will continue to run if subsequent reloads of the configuration file fail, potentially marking components as unhealthy depending on the nature of the failure. When this happens, Alloy will continue functioning in the last valid state.
Type: absolute path
Default:
"/etc/alloy"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/alloy.nix>
|
services.alloy.extraFlags
Extra command-line flags passed to alloy run.
See https://grafana.com/docs/alloy/latest/reference/cli/run/
Type: list of string
Default:
[ ]
Example:
[
"--server.http.listen-addr=127.0.0.1:12346"
"--disable-reporting"
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/alloy.nix>
|
services.alps.enable
Whether to enable alps.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/alps.nix>
|
services.alps.bindIP
The IP the service should listen on.
Type: string
Default:
"[::]"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/alps.nix>
|
services.alps.imaps.host
The IMAPS server address.
Type: string
Default:
"[::1]"
Example:
"mail.example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/alps.nix>
|
services.alps.imaps.port
The IMAPS server port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
993
Declared by:
<nixpkgs/nixos/modules/services/web-apps/alps.nix>
|
services.alps.port
TCP port the service should listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
1323
Declared by:
<nixpkgs/nixos/modules/services/web-apps/alps.nix>
|
services.alps.smtps.host
The SMTPS server address.
Type: string
Default:
"services.alps.imaps.host"
Example:
"mail.example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/alps.nix>
|
services.alps.smtps.port
The SMTPS server port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
465
Declared by:
<nixpkgs/nixos/modules/services/web-apps/alps.nix>
|
services.alps.theme
The frontend’s theme to use.
Type: one of “alps”, “sourcehut”
Default:
"sourcehut"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/alps.nix>
|
services.amazon-cloudwatch-agent.enable
Whether to enable Amazon CloudWatch Agent.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/amazon-cloudwatch-agent.nix>
|
services.amazon-cloudwatch-agent.package
The amazon-cloudwatch-agent package to use.
Type: package
Default:
pkgs.amazon-cloudwatch-agent
Declared by:
<nixpkgs/nixos/modules/services/monitoring/amazon-cloudwatch-agent.nix>
|
services.amazon-cloudwatch-agent.commonConfiguration
See commonConfigurationFile
.
commonConfigurationFile
takes precedence over commonConfiguration
.
Type: TOML value
Default:
{ }
Example:
{
credentials = {
shared_credential_file = "/path/to/credentials";
shared_credential_profile = "profile_name";
};
proxy = {
http_proxy = "http_url";
https_proxy = "https_url";
no_proxy = "domain";
};
}
Declared by:
<nixpkgs/nixos/modules/services/monitoring/amazon-cloudwatch-agent.nix>
|
services.amazon-cloudwatch-agent.commonConfigurationFile
Amazon CloudWatch Agent common configuration. See https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/install-CloudWatch-Agent-commandline-fleet.html#CloudWatch-Agent-profile-instance-first for supported values.
commonConfigurationFile
takes precedence over commonConfiguration
.
Note: Restricted evaluation blocks access to paths outside the Nix store.
This means detecting content changes for mutable paths (i.e. not input or content-addressed) can’t be done.
As a result, nixos-rebuild
won’t reload/restart the systemd unit when mutable path contents change.
systemctl restart amazon-cloudwatch-agent.service
must be used instead.
Type: absolute path
Default:
tomlFormat.generate "common-config.toml" cfg.commonConfiguration
Example:
"/etc/amazon-cloudwatch-agent/amazon-cloudwatch-agent.json"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/amazon-cloudwatch-agent.nix>
|
services.amazon-cloudwatch-agent.configuration
See configurationFile
.
configurationFile
takes precedence over configuration
.
Type: JSON value
Default:
{ }
Example:
{
agent = {
logfile = "/var/log/amazon-cloudwatch-agent/amazon-cloudwatch-agent.log";
metrics_collection_interval = 10;
};
logs = {
force_flush_interval = 15;
log_stream_name = "log_stream_name";
logs_collected = {
files = {
collect_list = [
{
file_path = "/var/log/amazon-cloudwatch-agent/amazon-cloudwatch-agent.log";
log_group_name = "amazon-cloudwatch-agent.log";
log_stream_name = "{instance_id}";
timezone = "UTC";
}
];
};
};
};
metrics = {
metrics_collected = {
cpu = {
append_dimensions = {
customized_dimension_key_1 = "customized_dimension_value_1";
customized_dimension_key_2 = "customized_dimension_value_2";
};
measurement = [
{
name = "cpu_usage_idle";
rename = "CPU_USAGE_IDLE";
unit = "Percent";
}
{
name = "cpu_usage_nice";
unit = "Percent";
}
"cpu_usage_guest"
];
metrics_collection_interval = 10;
resource = [
"*"
];
totalcpu = false;
};
};
namespace = "MyCustomNamespace";
};
traces = {
traces_collected = {
oltp = { };
xray = { };
};
};
}
Declared by:
<nixpkgs/nixos/modules/services/monitoring/amazon-cloudwatch-agent.nix>
|
services.amazon-cloudwatch-agent.configurationFile
Amazon CloudWatch Agent configuration file. See https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Agent-Configuration-File-Details.html for supported values.
The following options aren’t supported:
agent.run_as_user
Use user
instead.
configurationFile
takes precedence over configuration
.
Note: Restricted evaluation blocks access to paths outside the Nix store.
This means detecting content changes for mutable paths (i.e. not input or content-addressed) can’t be done.
As a result, nixos-rebuild
won’t reload/restart the systemd unit when mutable path contents change.
systemctl restart amazon-cloudwatch-agent.service
must be used instead.
Type: absolute path
Default:
jsonFormat.generate "amazon-cloudwatch-agent.json" cfg.configuration
Example:
"/etc/amazon-cloudwatch-agent/amazon-cloudwatch-agent.json"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/amazon-cloudwatch-agent.nix>
|
services.amazon-cloudwatch-agent.mode
Amazon CloudWatch Agent mode. Indicates whether the agent is running in EC2 (“ec2”), on-premises (“onPremise”), or if it should guess based on metadata endpoints like IMDS or the ECS task metadata endpoint (“auto”).
Type: string
Default:
"auto"
Example:
"onPremise"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/amazon-cloudwatch-agent.nix>
|
services.amazon-cloudwatch-agent.user
The user that runs the Amazon CloudWatch Agent.
Type: string
Default:
"root"
Example:
"amazon-cloudwatch-agent"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/amazon-cloudwatch-agent.nix>
|
services.amazon-ssm-agent.enable
Whether to enable Amazon SSM agent.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/amazon-ssm-agent.nix>
|
services.amazon-ssm-agent.package
The amazon-ssm-agent package to use.
Type: package
Default:
pkgs.amazon-ssm-agent
Declared by:
<nixpkgs/nixos/modules/services/misc/amazon-ssm-agent.nix>
|
services.amule.enable
Whether to run the AMule daemon. You need to manually run “amuled --ec-config” to configure the service for the first time.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/amuled.nix>
|
services.amule.dataDir
The directory holding configuration, incoming and temporary files.
Type: string
Default:
"/home/${config.services.amule.user}/"
Declared by:
<nixpkgs/nixos/modules/services/networking/amuled.nix>
|
services.amule.user
The user the AMule daemon should run as.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/amuled.nix>
|
services.ananicy.enable
Whether to enable Ananicy, an auto nice daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/ananicy.nix>
|
services.ananicy.package
The ananicy package to use.
Type: package
Default:
pkgs.ananicy
Example:
ananicy-cpp
Declared by:
<nixpkgs/nixos/modules/services/misc/ananicy.nix>
|
services.ananicy.extraCgroups
Cgroups to write in ‘nixCgroups.cgroups’. See: https://gitlab.com/ananicy-cpp/ananicy-cpp/#cgroups
Type: list of (attribute set)
Default:
[ ]
Example:
[
{
CPUQuota = 80;
cgroup = "cpu80";
}
]
Declared by:
<nixpkgs/nixos/modules/services/misc/ananicy.nix>
|
services.ananicy.extraRules
Rules to write in ‘nixRules.rules’. See: https://github.com/Nefelim4ag/Ananicy#configuration https://gitlab.com/ananicy-cpp/ananicy-cpp/#global-configuration
Type: list of (attribute set)
Default:
[ ]
Example:
[
{
name = "eog";
type = "Image-Viewer";
}
{
name = "fdupes";
type = "BG_CPUIO";
}
]
Declared by:
<nixpkgs/nixos/modules/services/misc/ananicy.nix>
|
services.ananicy.extraTypes
Types to write in ‘nixTypes.types’. See: https://gitlab.com/ananicy-cpp/ananicy-cpp/#types
Type: list of (attribute set)
Default:
[ ]
Example:
[
{
nice = 19;
other_parameter = "value";
type = "my_type";
}
{
ioclass = "idle";
nice = 19;
sched = "batch";
type = "compiler";
}
]
Declared by:
<nixpkgs/nixos/modules/services/misc/ananicy.nix>
|
services.ananicy.rulesProvider
Which package to copy default rules,types,cgroups from.
Type: package
Default:
pkgs.ananicy
Example:
ananicy-cpp
Declared by:
<nixpkgs/nixos/modules/services/misc/ananicy.nix>
|
services.ananicy.settings
See https://github.com/Nefelim4ag/Ananicy/blob/master/ananicy.d/ananicy.conf
Type: attribute set of (signed integer or boolean or string)
Default:
{ }
Example:
{
apply_nice = false;
}
Declared by:
<nixpkgs/nixos/modules/services/misc/ananicy.nix>
|
services.anki-sync-server.enable
Whether to enable anki-sync-server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/anki-sync-server.nix>
|
services.anki-sync-server.package
The anki-sync-server package to use.
Type: package
Default:
pkgs.anki-sync-server
Declared by:
<nixpkgs/nixos/modules/services/misc/anki-sync-server.nix>
|
services.anki-sync-server.address
IP address anki-sync-server listens to. Note host names are not resolved.
Type: string
Default:
"::1"
Declared by:
<nixpkgs/nixos/modules/services/misc/anki-sync-server.nix>
|
services.anki-sync-server.baseDirectory
Base directory where user(s) synchronized data will be stored.
Type: string
Default:
"%S/%N"
Declared by:
<nixpkgs/nixos/modules/services/misc/anki-sync-server.nix>
|
services.anki-sync-server.openFirewall
Whether to open the firewall for the specified port.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/anki-sync-server.nix>
|
services.anki-sync-server.port
Port number anki-sync-server listens to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
27701
Declared by:
<nixpkgs/nixos/modules/services/misc/anki-sync-server.nix>
|
services.anki-sync-server.users
List of user-password pairs to provide to the sync server.
Type: list of (submodule)
Declared by:
<nixpkgs/nixos/modules/services/misc/anki-sync-server.nix>
|
services.anki-sync-server.users.*.password
Password accepted by anki-sync-server for the associated username.
WARNING: This option is not secure. This password will
be stored in plaintext and will be visible to all users.
See services.anki-sync-server.users.passwordFile
for
a more secure option.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/anki-sync-server.nix>
|
services.anki-sync-server.users.*.passwordFile
File containing the password accepted by anki-sync-server for the associated username. Make sure to make readable only by root.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/anki-sync-server.nix>
|
services.anki-sync-server.users.*.username
User name accepted by anki-sync-server.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/anki-sync-server.nix>
|
services.anuko-time-tracker.enable
Whether to enable Anuko Time Tracker.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.package
The anuko-time-tracker package to use.
Type: package
Default:
pkgs.anuko-time-tracker
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.dataDir
Default data folder for Anuko Time Tracker.
Type: string
Default:
"/var/lib/anuko-time-tracker"
Example:
"/mnt/anuko-time-tracker"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.database.createLocally
Create the database and database user locally.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.database.host
Database host.
Type: string
Default:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.database.name
Database name.
Type: string
Default:
"anuko_time_tracker"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.database.passwordFile
Database user password file.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.database.user
Database username.
Type: string
Default:
"anuko_time_tracker"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.hostname
The hostname to serve Anuko Time Tracker on.
Type: string
Default:
config.networking.fqdn
Example:
"anuko.example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx
With this option, you can customize the Nginx virtualHost settings.
Type: submodule
Default:
{ }
Example:
{
serverAliases = [
"anuko.${config.networking.domain}"
];
# To enable encryption and let let's encrypt take care of certificate
forceSSL = true;
enableACME = true;
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.enableACME
Whether to ask Let’s Encrypt to sign a certificate for this vhost.
Alternately, you can use an existing certificate through useACMEHost
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.acmeFallbackHost
Host which to proxy requests to if ACME challenge is not found. Useful if you want multiple hosts to be able to verify the same domain name.
With this option, you could request certificates for the present domain with an ACME client that is running on another host, which you would specify here.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.acmeRoot
Directory for the ACME challenge, which is public. Don’t put certs or keys in here. Set to null to inherit from config.security.acme.
Type: null or string
Default:
"/var/lib/acme/acme-challenge"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.addSSL
Whether to enable HTTPS in addition to plain HTTP. This will set defaults for
listen
to listen on all interfaces on the respective default
ports (80, 443).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.basicAuth
Basic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the Nix store.
Type: attribute set of string
Default:
{ }
Example:
{
user = "password";
};
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.basicAuthFile
Basic Auth password file for a vhost. Can be created by running nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.default
Makes this vhost the default.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.extraConfig
These lines go to the end of the vhost verbatim.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.forceSSL
Whether to add a separate nginx server block that redirects (defaults
to 301, configurable with redirectCode
) all plain HTTP traffic to
HTTPS. This will set defaults for listen
to listen on all interfaces
on the respective default ports (80, 443), where the non-SSL listens
are used for the redirect vhosts.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.globalRedirect
If set, all requests for this host are redirected (defaults to 301,
configurable with redirectCode
) to the given hostname.
Type: null or string
Default:
null
Example:
"newserver.example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.http2
Whether to enable the HTTP/2 protocol. Note that (as of writing) due to nginx’s implementation, to disable HTTP/2 you have to disable it on all vhosts that use a given IP address / port. If there is one server block configured to enable http2, then it is enabled for all server blocks on this IP. See https://stackoverflow.com/a/39466948/263061.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.http3
Whether to enable the HTTP/3 protocol.
This requires using pkgs.nginxQuic
package
which can be achieved by setting services.nginx.package = pkgs.nginxQuic;
and activate the QUIC transport protocol
services.nginx.virtualHosts.<name>.quic = true;
.
Note that HTTP/3 support is experimental and not yet recommended for production.
Read more at https://quic.nginx.org/
HTTP/3 availability must be manually advertised, preferably in each location block.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.http3_hq
Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests.
This requires using pkgs.nginxQuic
package
which can be achieved by setting services.nginx.package = pkgs.nginxQuic;
and activate the QUIC transport protocol
services.nginx.virtualHosts.<name>.quic = true;
.
Note that special application protocol support is experimental and not yet recommended for production.
Read more at https://quic.nginx.org/
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.kTLS
Whether to enable kTLS support. Implementing TLS in the kernel (kTLS) improves performance by significantly reducing the need for copying operations between user space and the kernel. Required Nginx version 1.21.4 or later.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.listen
Listen addresses and ports for this virtual host.
IPv6 addresses must be enclosed in square brackets.
Note: this option overrides addSSL
and onlySSL
.
If you only want to set the addresses manually and not
the ports, take a look at listenAddresses
.
Type: list of (submodule)
Default:
[ ]
Example:
[
{
addr = "195.154.1.1";
port = 443;
ssl = true;
}
{
addr = "192.154.1.1";
port = 80;
}
{
addr = "unix:/var/run/nginx.sock";
}
]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.listen.*.addr
Listen address.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.listen.*.extraParameters
Extra parameters of this listen directive.
Type: list of string
Default:
[ ]
Example:
[
"backlog=1024"
"deferred"
]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.listen.*.port
Port number to listen on. If unset and the listen address is not a socket then nginx defaults to 80.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.listen.*.proxyProtocol
Enable PROXY protocol.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.listen.*.ssl
Enable SSL.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.listenAddresses
Listen addresses for this virtual host.
Compared to listen
this only sets the addresses
and the ports are chosen automatically.
Note: This option overrides enableIPv6
Type: list of string
Default:
[ ]
Example:
[
"127.0.0.1"
"[::1]"
]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.locations
Declarative location config
Type: attribute set of (submodule)
Default:
{ }
Example:
{
"/" = {
proxyPass = "http://localhost:3000";
};
};
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.locations.<name>.alias
Alias directory for requests.
Type: null or absolute path
Default:
null
Example:
"/your/alias/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.locations.<name>.basicAuth
Basic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the Nix store.
Type: attribute set of string
Default:
{ }
Example:
{
user = "password";
};
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.locations.<name>.basicAuthFile
Basic Auth password file for a vhost. Can be created by running nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.locations.<name>.extraConfig
These lines go to the end of the location verbatim.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.locations.<name>.fastcgiParams
FastCGI parameters to override. Unlike in the Nginx configuration file, overriding only some default parameters won’t unset the default values for other parameters.
Type: attribute set of (string or absolute path)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.locations.<name>.index
Adds index directive.
Type: null or string
Default:
null
Example:
"index.php index.html"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.locations.<name>.priority
Order of this location block in relation to the others in the vhost.
The semantics are the same as with lib.mkOrder
. Smaller values have
a greater priority.
Type: signed integer
Default:
1000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.locations.<name>.proxyPass
Adds proxy_pass directive and sets recommended proxy headers if recommendedProxySettings is enabled.
Type: null or string
Default:
null
Example:
"http://www.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.locations.<name>.proxyWebsockets
Whether to support proxying websocket connections with HTTP/1.1.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.locations.<name>.recommendedProxySettings
Enable recommended proxy settings.
Type: boolean
Default:
config.services.nginx.recommendedProxySettings
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.locations.<name>.recommendedUwsgiSettings
Enable recommended uwsgi settings.
Type: boolean
Default:
config.services.nginx.recommendedUwsgiSettings
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.locations.<name>.return
Adds a return directive, for e.g. redirections.
Type: null or string or signed integer
Default:
null
Example:
"301 http://example.com$request_uri"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.locations.<name>.root
Root directory for requests.
Type: null or absolute path
Default:
null
Example:
"/your/root/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.locations.<name>.tryFiles
Adds try_files directive.
Type: null or string
Default:
null
Example:
"$uri =404"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.locations.<name>.uwsgiPass
Adds uwsgi_pass directive and sets recommended proxy headers if recommendedUwsgiSettings is enabled.
Type: null or string
Default:
null
Example:
"unix:/run/example/example.sock"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.onlySSL
Whether to enable HTTPS and reject plain HTTP connections. This will set
defaults for listen
to listen on all interfaces on port 443.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.quic
Whether to enable the QUIC transport protocol.
This requires using pkgs.nginxQuic
package
which can be achieved by setting services.nginx.package = pkgs.nginxQuic;
.
Note that QUIC support is experimental and
not yet recommended for production.
Read more at https://quic.nginx.org/
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.redirectCode
HTTP status used by globalRedirect
and forceSSL
. Possible usecases
include temporary (302, 307) redirects, keeping the request method and
body (307, 308), or explicitly resetting the method to GET (303).
See https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections.
Type: integer between 300 and 399 (both inclusive)
Default:
301
Example:
308
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.rejectSSL
Whether to listen for and reject all HTTPS connections to this vhost. Useful in
default
server blocks to avoid serving the certificate for another vhost. Uses the
ssl_reject_handshake
directive available in nginx versions
1.19.4 and above.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.reuseport
Create an individual listening socket . It is required to specify only once on one of the hosts.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.root
The path of the web root directory.
Type: null or absolute path
Default:
null
Example:
"/data/webserver/docs"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.serverAliases
Additional names of virtual hosts served by this virtual host configuration.
Type: list of string
Default:
[ ]
Example:
[
"www.example.org"
"example.org"
]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.serverName
Name of this virtual host. Defaults to attribute name in virtualHosts.
Type: null or string
Default:
null
Example:
"example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.sslCertificate
Path to server SSL certificate.
Type: absolute path
Example:
"/var/host.cert"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.sslCertificateKey
Path to server SSL certificate key.
Type: absolute path
Example:
"/var/host.key"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.sslTrustedCertificate
Path to root SSL certificate for stapling and client certificates.
Type: null or absolute path
Default:
null
Example:
"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.nginx.useACMEHost
A host of an existing Let’s Encrypt certificate to use.
This is useful if you have many subdomains and want to avoid hitting the
rate limit.
Alternately, you can generate a certificate through enableACME
.
Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using security.acme.certs
.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.poolConfig
Options for Anuko Time Tracker’s PHP-FPM pool.
Type: attribute set of (string or signed integer or boolean)
Default:
{
pm = "dynamic";
"pm.max_children" = 32;
"pm.max_requests" = 500;
"pm.max_spare_servers" = 4;
"pm.min_spare_servers" = 2;
"pm.start_servers" = 2;
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.settings.defaultCurrency
Defines a default currency symbol for new groups. Use €, £, a more specific dollar like US$, CAD, etc.
Type: string
Default:
"$"
Example:
"€"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.settings.defaultLanguage
Defines Anuko Time Tracker default language. It is used on Time Tracker login page. After login, a language set for user group is used. Empty string means the language is defined by user browser.
Type: string
Default:
""
Example:
"nl"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.settings.email.mode
Mail sending mode. Can be ‘mail’ or ‘smtp’.
Type: string
Default:
"smtp"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.settings.email.sender
Default sender for mail.
Type: string
Default:
"Anuko Time Tracker <bounces@example.com>"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.settings.email.smtpAuth
MTA requires authentication.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.settings.email.smtpDebug
Debug mail sending.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.settings.email.smtpHost
MTA hostname.
Type: string
Default:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.settings.email.smtpPasswordFile
Path to file containing the MTA authentication password.
Type: null or absolute path
Default:
null
Example:
"/var/lib/anuko-time-tracker/secrets/smtp-password"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.settings.email.smtpPort
MTA port.
Type: signed integer
Default:
25
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.settings.email.smtpUser
MTA authentication username.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.settings.emailRequired
Defines whether an email is required for new registrations.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.settings.exportDecimalDuration
Defines whether time duration values are decimal in CSV and XML data exports (1.25 vs 1:15).
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.settings.forumLink
Forum link from the main menu.
Type: string
Default:
"https://www.anuko.com/forum/viewforum.php?f=4"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.settings.helpLink
Help link from the main menu.
Type: string
Default:
"https://www.anuko.com/time-tracker/user-guide/index.htm"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.settings.multiorgMode
Defines whether users see the Register option in the menu of Time Tracker that allows them to self-register and create new organizations (top groups).
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.settings.reportFooter
Defines whether to use a footer on reports.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.settings.weekendStartDay
This option defines which days are highlighted with weekend color. 6 means Saturday. For Saudi Arabia, etc. set it to 4 for Thursday and Friday to be weekend days.
Type: signed integer
Default:
6
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.anuko-time-tracker.user
User under which Anuko Time Tracker runs.
Type: string
Default:
"anuko_time_tracker"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/anuko-time-tracker.nix>
|
services.apache-kafka.enable
Whether to enable Apache Kafka event streaming broker.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
|
services.apache-kafka.package
The apacheKafka package to use.
Type: package
Default:
pkgs.apacheKafka
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
|
services.apache-kafka.clusterId
KRaft mode ClusterId used for formatting log directories. Can be generated with kafka-storage.sh random-uuid
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
|
services.apache-kafka.configFiles.log4jProperties
Kafka log4j property configuration file path
Type: absolute path
Default:
"pkgs.writeText \"log4j.properties\" cfg.log4jProperties"
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
|
services.apache-kafka.configFiles.serverProperties
Kafka server.properties configuration file path.
Defaults to the rendered settings
.
Type: absolute path
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
|
services.apache-kafka.formatLogDirs
Whether to format log dirs in KRaft mode if all log dirs are unformatted, ie. they contain no meta.properties.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
|
services.apache-kafka.formatLogDirsIgnoreFormatted
Whether to ignore already formatted log dirs when formatting log dirs, instead of failing. Useful when replacing or adding disks.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
|
services.apache-kafka.jre
The JRE with which to run Kafka
Type: package
Default:
pkgs.apacheKafka.passthru.jre
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
|
services.apache-kafka.jvmOptions
Extra command line options for the JVM running Kafka.
Type: list of string
Default:
[ ]
Example:
[
"-Djava.net.preferIPv4Stack=true"
"-Dcom.sun.management.jmxremote"
"-Dcom.sun.management.jmxremote.local.only=true"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
|
services.apache-kafka.log4jProperties
Kafka log4j property configuration.
Type: strings concatenated with “\n”
Default:
''
log4j.rootLogger=INFO, stdout
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=[%d] %p %m (%c)%n
''
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
|
services.apache-kafka.settings
Kafka broker configuration
server.properties
.
Note that .properties files contain mappings from string to string.
Keys with dots are NOT represented by nested attrs in these settings,
but instead as quoted strings (ie. settings."broker.id"
, NOT
settings.broker.id
).
Type: lazy attribute set of (null or boolean or signed integer or string or list of (boolean or signed integer or string))
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
|
services.apache-kafka.settings."broker.id"
Broker ID. -1 or null to auto-allocate in zookeeper mode.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
|
services.apache-kafka.settings.listeners
Kafka Listener List. See listeners.
Type: list of string
Default:
[
"PLAINTEXT://localhost:9092"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
|
services.apache-kafka.settings."log.dirs"
Log file directories.
Type: list of absolute path
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
|
services.apcupsd.enable
Whether to enable the APC UPS daemon. apcupsd monitors your UPS and permits orderly shutdown of your computer in the event of a power failure. User manual: http://www.apcupsd.com/manual/manual.html. Note that apcupsd runs as root (to allow shutdown of computer). You can check the status of your UPS with the “apcaccess” command.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/apcupsd.nix>
|
services.apcupsd.configText
Contents of the runtime configuration file, apcupsd.conf. The default settings makes apcupsd autodetect USB UPSes, limit network access to localhost and shutdown the system when the battery level is below 50 percent, or when the UPS has calculated that it has 5 minutes or less of remaining power-on time. See man apcupsd.conf for details.
Type: strings concatenated with “\n”
Default:
''
UPSTYPE usb
NISIP 127.0.0.1
BATTERYLEVEL 50
MINUTES 5
''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/apcupsd.nix>
|
services.apcupsd.hooks
Each attribute in this option names an apcupsd event and the string value it contains will be executed in a shell, in response to that event (prior to the default action). See “man apccontrol” for the list of events and what they represent.
A hook script can stop apccontrol from doing its default action by exiting with value 99. Do not do this unless you know what you’re doing.
Type: attribute set of strings concatenated with “\n”
Default:
{ }
Example:
{
doshutdown = "# shell commands to notify that the computer is shutting down";
}
Declared by:
<nixpkgs/nixos/modules/services/monitoring/apcupsd.nix>
|
services.arbtt.enable
Whether to enable Arbtt statistics capture service.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/arbtt.nix>
|
services.arbtt.package
The arbtt package to use.
Type: package
Default:
pkgs.haskellPackages.arbtt
Declared by:
<nixpkgs/nixos/modules/services/monitoring/arbtt.nix>
|
services.arbtt.logFile
The log file for captured samples.
Type: string
Default:
"%h/.arbtt/capture.log"
Example:
"/home/username/.arbtt-capture.log"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/arbtt.nix>
|
services.arbtt.sampleRate
The sampling interval in seconds.
Type: signed integer
Default:
60
Example:
120
Declared by:
<nixpkgs/nixos/modules/services/monitoring/arbtt.nix>
|
services.archisteamfarm.enable
If enabled, starts the ArchisSteamFarm service. For configuring the SteamGuard token you will need to use the web-ui, which is enabled by default over on 127.0.0.1:1242. You cannot configure ASF in any way outside of nix, since all the config files get wiped on restart and replaced with the programnatically set ones by nix.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/games/archisteamfarm.nix>
|
services.archisteamfarm.package
The ArchiSteamFarm package to use. ::: {.warning} Should always be the latest version, for security reasons, since this module uses very new features and to not get out of sync with the Steam API. :::
Type: package
Default:
pkgs.ArchiSteamFarm
Declared by:
<nixpkgs/nixos/modules/services/games/archisteamfarm.nix>
|
services.archisteamfarm.bots
Bots name and configuration.
Type: attribute set of (submodule)
Default:
{ }
Example:
{
exampleBot = {
passwordFile = "/var/lib/archisteamfarm/secrets/password";
settings = {
SteamParentalCode = "1234";
};
username = "alice";
};
}
Declared by:
<nixpkgs/nixos/modules/services/games/archisteamfarm.nix>
|
services.archisteamfarm.bots.<name>.enabled
Whether to enable the bot on startup.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/games/archisteamfarm.nix>
|
services.archisteamfarm.bots.<name>.passwordFile
Path to a file containing the password. The file must be readable by the archisteamfarm
user/group.
Omit or set to null to provide the password a different way, such as through the web-ui.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/games/archisteamfarm.nix>
|
services.archisteamfarm.bots.<name>.settings
Additional settings that are documented here.
Type: attribute set
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/games/archisteamfarm.nix>
|
services.archisteamfarm.bots.<name>.username
Name of the user to log in. Default is attribute name.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/games/archisteamfarm.nix>
|
services.archisteamfarm.dataDir
The ASF home directory used to store all data. If left as the default value this directory will automatically be created before the ASF server starts, otherwise the sysadmin is responsible for ensuring the directory exists with appropriate ownership and permissions.
Type: absolute path
Default:
"/var/lib/archisteamfarm"
Declared by:
<nixpkgs/nixos/modules/services/games/archisteamfarm.nix>
|
services.archisteamfarm.ipcPasswordFile
Path to a file containing the password. The file must be readable by the archisteamfarm
user/group.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/games/archisteamfarm.nix>
|
services.archisteamfarm.ipcSettings
Settings to write to IPC.config. All options can be found here.
Type: JSON value
Default:
{ }
Example:
{
Kestrel = {
Endpoints = {
HTTP = {
Url = "http://*:1242";
};
};
};
}
Declared by:
<nixpkgs/nixos/modules/services/games/archisteamfarm.nix>
|
services.archisteamfarm.settings
The ASF.json file, all the options are documented here.
Do note that AutoRestart
and UpdateChannel
is always to false
respectively 0
because NixOS takes care of updating everything.
Headless
is also always set to true
because there is no way to provide inputs via a systemd service.
You should try to keep ASF up to date since upstream does not provide support for anything but the latest version and you’re exposing yourself to all kinds of issues - as is outlined here.
Type: JSON value
Default:
{ }
Example:
{
Statistics = false;
}
Declared by:
<nixpkgs/nixos/modules/services/games/archisteamfarm.nix>
|
services.archisteamfarm.web-ui
The Web-UI hosted on 127.0.0.1:1242.
Type: submodule
Default:
{
enable = true;
}
Example:
{
enable = false;
}
Declared by:
<nixpkgs/nixos/modules/services/games/archisteamfarm.nix>
|
services.archisteamfarm.web-ui.enable
Whether to start the web-ui. This is the preferred way of configuring things such as the steam guard token.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/games/archisteamfarm.nix>
|
services.archisteamfarm.web-ui.package
The ui package to use. ::: {.note} Contents must be in lib/dist :::
Type: package
Default:
pkgs.ArchiSteamFarm.ui
Declared by:
<nixpkgs/nixos/modules/services/games/archisteamfarm.nix>
|
services.archtika.enable
Whether to enable Whether to enable the archtika service.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/archtika.nix>
|
services.archtika.package
The archtika package to use.
Type: package
Default:
pkgs.archtika
Declared by:
<nixpkgs/nixos/modules/services/web-apps/archtika.nix>
|
services.archtika.apiAdminPort
Port on which the API admin server runs.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
7500
Declared by:
<nixpkgs/nixos/modules/services/web-apps/archtika.nix>
|
services.archtika.apiPort
Port on which the API runs.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
5000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/archtika.nix>
|
services.archtika.databaseName
Name of the PostgreSQL database for archtika.
Type: string
Default:
"archtika"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/archtika.nix>
|
services.archtika.domain
Domain to use for the application.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/archtika.nix>
|
services.archtika.group
Group under which archtika runs.
Type: string
Default:
"archtika"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/archtika.nix>
|
services.archtika.settings
Settings for the running archtika application.
Type: submodule
Declared by:
<nixpkgs/nixos/modules/services/web-apps/archtika.nix>
|
services.archtika.settings.disableRegistration
By default any user can create an account. That behavior can be disabled with this option.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/archtika.nix>
|
services.archtika.settings.maxUserWebsites
Maximum number of websites allowed per user by default.
Type: positive integer, meaning >0
Default:
2
Declared by:
<nixpkgs/nixos/modules/services/web-apps/archtika.nix>
|
services.archtika.settings.maxWebsiteStorageSize
Maximum amount of disk space in MB allowed per user website by default.
Type: positive integer, meaning >0
Default:
50
Declared by:
<nixpkgs/nixos/modules/services/web-apps/archtika.nix>
|
services.archtika.user
User account under which archtika runs.
Type: string
Default:
"archtika"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/archtika.nix>
|
services.archtika.webAppPort
Port on which the web application runs.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
10000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/archtika.nix>
|
services.aria2.enable
Whether or not to enable the headless Aria2 daemon service.
Aria2 daemon can be controlled via the RPC interface using one of many WebUIs (http://localhost:6800/ by default).
Targets are downloaded to /var/lib/aria2/Downloads
by default and are
accessible to users in the aria2
group.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/aria2.nix>
|
services.aria2.downloadDirPermission
The permission for settings.dir
.
The default is 0770, which denies access for users not in the aria2
group.
You may want to adjust serviceUMask
as well, which further restricts
the file permission for newly created files (i.e. the downloads).
Type: string
Default:
"0770"
Declared by:
<nixpkgs/nixos/modules/services/networking/aria2.nix>
|
services.aria2.openPorts
Open listen and RPC ports found in settings.listen-port
and
settings.rpc-listen-port
options in the firewall.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/aria2.nix>
|
services.aria2.rpcSecretFile
A file containing the RPC secret authorization token. Read https://aria2.github.io/manual/en/html/aria2c.html#rpc-auth to know how this option value is used.
Type: absolute path
Example:
"/run/secrets/aria2-rpc-token.txt"
Declared by:
<nixpkgs/nixos/modules/services/networking/aria2.nix>
|
services.aria2.serviceUMask
The file mode creation mask for Aria2 service.
The default is 0022 for compatibility reason, as this is the default
used by systemd. However, this results in file permission 0644 for new
files, and denies aria2
group member from modifying the file.
You may want to set this value to 0002
so you can manage the file
more easily.
Type: string
Default:
"0022"
Example:
"0002"
Declared by:
<nixpkgs/nixos/modules/services/networking/aria2.nix>
|
services.aria2.settings
Generates the aria2.conf
file. Refer to the documentation for
all possible settings.
Type: attribute set of (boolean or signed integer or floating point number or (optionally newline-terminated) single-line string)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/networking/aria2.nix>
|
services.aria2.settings.enable-rpc
Enable JSON-RPC/XML-RPC server.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/aria2.nix>
|
services.aria2.settings.conf-path
Configuration file path.
Type: (optionally newline-terminated) single-line string
Default:
"/var/lib/aria2/aria2.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/aria2.nix>
|
services.aria2.settings.dir
Directory to store downloaded files.
Type: (optionally newline-terminated) single-line string
Default:
"/var/lib/aria2/Downloads"
Declared by:
<nixpkgs/nixos/modules/services/networking/aria2.nix>
|
services.aria2.settings.listen-port
Set UDP listening port range used by DHT(IPv4, IPv6) and UDP tracker.
Type: list of attribute set of 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
[
{
from = 6881;
to = 6999;
}
]
Declared by:
<nixpkgs/nixos/modules/services/networking/aria2.nix>
|
services.aria2.settings.rpc-listen-port
Specify a port number for JSON-RPC/XML-RPC server to listen to. Possible Values: 1024-65535
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
6800
Declared by:
<nixpkgs/nixos/modules/services/networking/aria2.nix>
|
services.aria2.settings.save-session
Save error/unfinished downloads to FILE on exit.
Type: (optionally newline-terminated) single-line string
Default:
"/var/lib/aria2/aria2.session"
Declared by:
<nixpkgs/nixos/modules/services/networking/aria2.nix>
|
services.armagetronad.servers
Armagetron server definitions.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/games/armagetronad.nix>
|
services.armagetronad.servers.<name>.enable
Whether to enable armagetronad.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/games/armagetronad.nix>
|
services.armagetronad.servers.<name>.package
The armagetronad-dedicated package to use. Ensure that you use a derivation which contains the path bin/armagetronad-dedicated
.
Type: package
Default:
pkgs.armagetronad-dedicated
Example:
pkgs.armagetronad."0.2.9-sty+ct+ap".dedicated
Declared by:
<nixpkgs/nixos/modules/services/games/armagetronad.nix>
|
services.armagetronad.servers.<name>.dns
DNS address to use for this server. Optional.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/games/armagetronad.nix>
|
services.armagetronad.servers.<name>.host
Host to listen on. Used for SERVER_IP.
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/games/armagetronad.nix>
|
services.armagetronad.servers.<name>.name
The name of this server.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/games/armagetronad.nix>
|
services.armagetronad.servers.<name>.openFirewall
Set to true to open the configured UDP port for Armagetron Advanced.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/games/armagetronad.nix>
|
services.armagetronad.servers.<name>.port
Port to listen on. Used for SERVER_PORT.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
4534
Declared by:
<nixpkgs/nixos/modules/services/games/armagetronad.nix>
|
services.armagetronad.servers.<name>.roundSettings
Armagetron Advanced server per-round configuration. Refer to:
https://wiki.armagetronad.org/index.php?title=Console_Commands
or armagetronad-dedicated --doc
for a list.
This attrset is used to populate everytime.cfg
; see:
https://wiki.armagetronad.org/index.php/Configuration_Files
Type: attribute set of (atom (null, bool, int, float or string) or a list of them for duplicate keys)
Default:
{ }
Example:
{
SAY = [
"Hosted on NixOS"
"https://nixos.org"
"iD Tech High Rubber rul3z!! Happy New Year 2008!!1"
];
}
Declared by:
<nixpkgs/nixos/modules/services/games/armagetronad.nix>
|
services.armagetronad.servers.<name>.settings
Armagetron Advanced server rules configuration. Refer to:
https://wiki.armagetronad.org/index.php?title=Console_Commands
or armagetronad-dedicated --doc
for a list.
This attrset is used to populate settings_custom.cfg
; see:
https://wiki.armagetronad.org/index.php/Configuration_Files
Type: attribute set of (atom (null, bool, int, float or string) or a list of them for duplicate keys)
Default:
{ }
Example:
{
CYCLE_RUBBER = 40;
}
Declared by:
<nixpkgs/nixos/modules/services/games/armagetronad.nix>
|
services.artalk.enable
Whether to enable artalk, a comment system.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/artalk.nix>
|
services.artalk.package
The artalk package to use.
Type: package
Default:
pkgs.artalk
Declared by:
<nixpkgs/nixos/modules/services/web-apps/artalk.nix>
|
services.artalk.allowModify
allow Artalk store the settings to config file persistently
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/artalk.nix>
|
services.artalk.configFile
Artalk config file path. If it is not exist, Artalk will generate one.
Type: string
Default:
"/etc/artalk/config.yml"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/artalk.nix>
|
services.artalk.group
Artalk group name.
Type: string
Default:
"artalk"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/artalk.nix>
|
services.artalk.settings
The artalk configuration.
If you set allowModify to true, Artalk will be able to store the settings in the config file persistently. This section’s content will update in the config file after the service restarts.
Options containing secret data should be set to an attribute set
containing the attribute _secret
- a string pointing to a file
containing the value the option should be set to.
Type: JSON value
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/artalk.nix>
|
services.artalk.settings.host
Artalk server listen host
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/artalk.nix>
|
services.artalk.settings.port
Artalk server listen port
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
23366
Declared by:
<nixpkgs/nixos/modules/services/web-apps/artalk.nix>
|
services.artalk.user
Artalk user name.
Type: string
Default:
"artalk"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/artalk.nix>
|
services.artalk.workdir
Artalk working directory
Type: string
Default:
"/var/lib/artalk"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/artalk.nix>
|
services.asterisk.enable
Whether to enable the Asterisk PBX server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/asterisk.nix>
|
services.asterisk.package
The asterisk package to use.
Type: package
Default:
pkgs.asterisk
Declared by:
<nixpkgs/nixos/modules/services/networking/asterisk.nix>
|
services.asterisk.confFiles
Sets the content of config files (typically ending with
.conf
) in the Asterisk configuration directory.
Note that if you want to change asterisk.conf
, it
is preferable to use the services.asterisk.extraConfig
option over this option. If "asterisk.conf"
is
specified with the confFiles
option (not recommended),
you must be prepared to set your own astetcdir
path.
See https://www.asterisk.org/community/documentation/ for more examples of what is possible here.
Type: attribute set of string
Default:
{ }
Example:
{
"extensions.conf" = ''
[tests]
; Dial 100 for "hello, world"
exten => 100,1,Answer()
same => n,Wait(1)
same => n,Playback(hello-world)
same => n,Hangup()
[softphones]
include => tests
[unauthorized]
'';
"sip.conf" = ''
[general]
allowguest=no ; Require authentication
context=unauthorized ; Send unauthorized users to /dev/null
srvlookup=no ; Don't do DNS lookup
udpbindaddr=0.0.0.0 ; Listen on all interfaces
nat=force_rport,comedia ; Assume device is behind NAT
[softphone](!)
type=friend ; Match on username first, IP second
context=softphones ; Send to softphones context in
; extensions.conf file
host=dynamic ; Device will register with asterisk
disallow=all ; Manually specify codecs to allow
allow=g722
allow=ulaw
allow=alaw
[myphone](softphone)
secret=GhoshevFew ; Change this password!
'';
"logger.conf" = ''
[general]
[logfiles]
; Add debug output to log
syslog.local0 => notice,warning,error,debug
'';
}
Declared by:
<nixpkgs/nixos/modules/services/networking/asterisk.nix>
|
services.asterisk.extraArguments
Additional command line arguments to pass to Asterisk.
Type: list of string
Default:
[ ]
Example:
[
"-vvvddd"
"-e"
"1024"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/asterisk.nix>
|
services.asterisk.extraConfig
Extra configuration options appended to the default
asterisk.conf
file.
Type: strings concatenated with “\n”
Default:
""
Example:
''
[options]
verbose=3
debug=3
''
Declared by:
<nixpkgs/nixos/modules/services/networking/asterisk.nix>
|
services.asterisk.useTheseDefaultConfFiles
Sets these config files to the default content. The default value for
this option contains all necesscary files to avoid errors at startup.
This does not override settings via services.asterisk.confFiles
.
Type: list of string
Default:
[
"ari.conf"
"acl.conf"
"agents.conf"
"amd.conf"
"calendar.conf"
"cdr.conf"
"cdr_syslog.conf"
"cdr_custom.conf"
"cel.conf"
"cel_custom.conf"
"cli_aliases.conf"
"confbridge.conf"
"dundi.conf"
"features.conf"
"hep.conf"
"iax.conf"
"pjsip.conf"
"pjsip_wizard.conf"
"phone.conf"
"phoneprov.conf"
"queues.conf"
"res_config_sqlite3.conf"
"res_parking.conf"
"statsd.conf"
"udptl.conf"
"unistim.conf"
]
Example:
[
"sip.conf"
"dundi.conf"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/asterisk.nix>
|
services.asusd.enable
Whether to enable the asusd service for ASUS ROG laptops.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/hardware/asusd.nix>
|
services.asusd.enableUserService
Activate the asusd-user service.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/asusd.nix>
|
services.asusd.package
The asusctl package to use.
Type: package
Default:
pkgs.asusctl
Declared by:
<nixpkgs/nixos/modules/services/hardware/asusd.nix>
|
services.asusd.animeConfig
The content of /etc/asusd/anime.ron. See https://asus-linux.org/asusctl/#anime-control.
Type: null or (submodule)
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/hardware/asusd.nix>
|
services.asusd.animeConfig.source
Path of the source file.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/hardware/asusd.nix>
|
services.asusd.animeConfig.text
Text of the file.
Type: null or strings concatenated with “\n”
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/hardware/asusd.nix>
|
services.asusd.asusdConfig
The content of /etc/asusd/asusd.ron. See https://asus-linux.org/asusctl/.
Type: null or (submodule)
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/hardware/asusd.nix>
|
services.asusd.asusdConfig.source
Path of the source file.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/hardware/asusd.nix>
|
services.asusd.asusdConfig.text
Text of the file.
Type: null or strings concatenated with “\n”
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/hardware/asusd.nix>
|
services.asusd.auraConfigs
The content of /etc/asusd/aura_<name>.ron. See https://asus-linux.org/asusctl/#led-keyboard-control.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/hardware/asusd.nix>
|
services.asusd.auraConfigs.<name>.source
Path of the source file.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/hardware/asusd.nix>
|
services.asusd.auraConfigs.<name>.text
Text of the file.
Type: null or strings concatenated with “\n”
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/hardware/asusd.nix>
|
services.asusd.fanCurvesConfig
The content of /etc/asusd/fan_curves.ron. See https://asus-linux.org/asusctl/#fan-curves.
Type: null or (submodule)
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/hardware/asusd.nix>
|
services.asusd.fanCurvesConfig.source
Path of the source file.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/hardware/asusd.nix>
|
services.asusd.fanCurvesConfig.text
Text of the file.
Type: null or strings concatenated with “\n”
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/hardware/asusd.nix>
|
services.asusd.profileConfig
The content of /etc/asusd/profile.ron. See https://asus-linux.org/asusctl/#profiles.
Type: null or (submodule)
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/hardware/asusd.nix>
|
services.asusd.profileConfig.source
Path of the source file.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/hardware/asusd.nix>
|
services.asusd.profileConfig.text
Text of the file.
Type: null or strings concatenated with “\n”
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/hardware/asusd.nix>
|
services.asusd.userLedModesConfig
The content of /etc/asusd/asusd-user-ledmodes.ron. See https://asus-linux.org/asusctl/#led-keyboard-control.
Type: null or (submodule)
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/hardware/asusd.nix>
|
services.asusd.userLedModesConfig.source
Path of the source file.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/hardware/asusd.nix>
|
services.asusd.userLedModesConfig.text
Text of the file.
Type: null or strings concatenated with “\n”
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/hardware/asusd.nix>
|
services.atd.enable
Whether to enable the at daemon, a command scheduler.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/scheduling/atd.nix>
|
services.atd.allowEveryone
Whether to make /var/spool/at{jobs,spool}
writeable by everyone (and sticky). This is normally not
needed since the at commands are
setuid/setgid atd
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/scheduling/atd.nix>
|
services.atftpd.enable
Whether to enable the atftpd TFTP server. By default, the server binds to address 0.0.0.0.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/atftpd.nix>
|
services.atftpd.extraOptions
Extra command line arguments to pass to atftp.
Type: list of string
Default:
[ ]
Example:
[ "--bind-address 192.168.9.1"
"--verbose=7"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/atftpd.nix>
|
services.atftpd.root
Document root directory for the atftpd.
Type: absolute path
Default:
"/srv/tftp"
Declared by:
<nixpkgs/nixos/modules/services/networking/atftpd.nix>
|
services.athens.enable
Whether to enable Go module datastore and proxy.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.enablePprof
Enable pprof endpoints.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.package
Which athens derivation to use
Type: package
Default:
pkgs.athens
Example:
"pkgs.athens"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.basicAuthPass
Password for basic auth. Warning: this is stored in plain text in the config file.
Type: null or string
Default:
null
Example:
"swordfish"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.basicAuthUser
Username for basic auth.
Type: null or string
Default:
null
Example:
"user"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.cloudRuntime
Specifies the Cloud Provider on which the Proxy/registry is running.
Type: one of “GCP”, “none”
Default:
"none"
Example:
"GCP"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.downloadMode
Defines how Athens behaves when a module@version is not found in storage. There are 7 options:
“sync”: download the module synchronously and return the results to the client.
“async”: return 404, but asynchronously store the module in the storage backend.
“redirect”: return a 301 redirect status to the client with the base URL as the DownloadRedirectURL from below.
“async_redirect”: same as option number 3 but it will asynchronously store the module to the backend.
“none”: return 404 if a module is not found and do nothing.
“file:<path>”: will point to an HCL file that specifies any of the 5 options above based on different import paths.
“custom:<base64-encoded-hcl>” is the same as option 6 but the file is fully encoded in the option. This is useful for using an environment variable in serverless deployments.
Type: one of “sync”, “async”, “redirect”, “async_redirect”, “none” or string matching the pattern ^file:.*$|^custom:.*$
Default:
"async_redirect"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.downloadURL
URL used if DownloadMode is set to redirect.
Type: string
Default:
"https://proxy.golang.org"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.extraConfig
Extra configuration options for the athens config file.
Type: attribute set
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.filterFile
Filename for the include exclude filter.
Type: null or absolute path
Default:
null
Example:
pkgs.writeText "filterFile" ''
- github.com/azure
+ github.com/azure/azure-sdk-for-go
D golang.org/x/tools
''
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.forceSSL
Force SSL redirects for incoming requests.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.githubToken
Creates .netrc file with the given token to be used for GitHub. Warning: this is stored in plain text in the config file.
Type: null or string
Default:
null
Example:
"ghp_1234567890"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.globalEndpoint
Endpoint for a package registry in case of a proxy cache miss.
Type: string
Default:
""
Example:
"http://upstream-athens.example.com:3000"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.goBinary
The Go package used by Athens at runtime.
Athens primarily runs two Go commands:
go mod download -json <module>@<version>
go list -m -json <module>@latest
Type: package
Default:
pkgs.go
Example:
"pkgs.go_1_23"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.goBinaryEnvVars
Environment variables to pass to the Go binary.
Type: attribute set
Default:
{ }
Example:
''
{ "GOPROXY" = "direct", "GODEBUG" = "true" }
''
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.goEnv
Specifies the type of environment to run. One of ‘development’ or ‘production’.
Type: one of “development”, “production”
Default:
"development"
Example:
"production"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.goGetDir
Temporary directory that Athens will use to fetch modules from VCS prior to persisting them to a storage backend.
If the value is empty, Athens will use the default OS temp directory.
Type: null or absolute path
Default:
null
Example:
"/tmp/athens"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.goGetWorkers
Number of workers concurrently downloading modules.
Type: signed integer
Default:
10
Example:
32
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.hgrcPath
Path to the .hgrc file.
Type: null or absolute path
Default:
null
Example:
"/home/user/.hgrc"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.index.mysql.database
Database name for the MySQL database.
Type: string
Default:
"athens"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.index.mysql.host
Host for the MySQL database.
Type: string
Default:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.index.mysql.params.parseTime
Parse time for the MySQL database.
Type: null or string
Default:
"true"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.index.mysql.params.timeout
Timeout for the MySQL database.
Type: null or string
Default:
"30s"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.index.mysql.password
Password for the MySQL database. Warning: this is stored in plain text in the config file.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.index.mysql.port
Port for the MySQL database.
Type: signed integer
Default:
3306
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.index.mysql.protocol
Protocol for the MySQL database.
Type: string
Default:
"tcp"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.index.mysql.user
User for the MySQL database.
Type: string
Default:
"root"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.index.postgres.database
Database name for the Postgres database.
Type: string
Default:
"athens"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.index.postgres.host
Host for the Postgres database.
Type: string
Default:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.index.postgres.params.connect_timeout
Connect timeout for the Postgres database.
Type: null or string
Default:
"30s"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.index.postgres.params.sslmode
SSL mode for the Postgres database.
Type: null or string
Default:
"disable"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.index.postgres.password
Password for the Postgres database. Warning: this is stored in plain text in the config file.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.index.postgres.port
Port for the Postgres database.
Type: signed integer
Default:
5432
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.index.postgres.user
User for the Postgres database.
Type: string
Default:
"postgres"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.indexType
Type of index backend Athens will use.
Type: one of “none”, “memory”, “mysql”, “postgres”
Default:
"none"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.logLevel
Log level for Athens. Supports all logrus log levels (https://github.com/Sirupsen/logrus#level-logging)".
Type: null or one of “panic”, “fatal”, “error”, “warning”, “info”, “debug”, “trace”
Default:
"warning"
Example:
"debug"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.netrcPath
Path to the .netrc file.
Type: null or absolute path
Default:
null
Example:
"/home/user/.netrc"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.networkMode
Configures how Athens will return the results of the /list endpoint as it can be assembled from both its own storage and the upstream VCS.
Note, that for better error messaging, this would also affect how other endpoints behave.
Modes:
strict: merge VCS versions with storage versions, but fail if either of them fails.
offline: only get storage versions, never reach out to VCS.
fallback: only return storage versions, if VCS fails. Note this means that you may see inconsistent results since fallback mode does a best effort of giving you what’s available at the time of requesting versions.
Type: one of “strict”, “offline”, “fallback”
Default:
"strict"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.noSumPatterns
List of patterns that Athens sum db proxy will return a 403 for.
Type: list of string
Default:
[ ]
Example:
[
"github.com/mycompany/*"
]
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.pathPrefix
Sets basepath for all routes.
Type: null or string
Default:
null
Example:
"/athens"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.port
Port number Athens listens on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
3000
Example:
443
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.pprofPort
Port number for pprof endpoints.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
3301
Example:
443
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.protocolWorkers
Number of workers concurrently serving protocol paths.
Type: signed integer
Default:
30
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.robotsFile
Provides /robots.txt for net crawlers.
Type: null or absolute path
Default:
null
Example:
pkgs.writeText "robots.txt" "# my custom robots.txt ..."
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.shutdownTimeout
Number of seconds to wait for the server to shutdown gracefully.
Type: signed integer
Default:
60
Example:
1
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.singleFlight.etcd.endpoints
URLs that determine all distributed etcd servers.
Type: list of string
Default:
[ ]
Example:
[
"localhost:2379"
]
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.singleFlight.redis.endpoint
URL of the redis server.
Type: string
Default:
""
Example:
"localhost:6379"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.singleFlight.redis.lockConfig.maxRetries
Maximum number of retries for the lock.
Type: signed integer
Default:
10
Example:
1
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.singleFlight.redis.lockConfig.timeout
Timeout for the lock in seconds.
Type: signed integer
Default:
15
Example:
1
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.singleFlight.redis.lockConfig.ttl
TTL for the lock in seconds.
Type: signed integer
Default:
900
Example:
1
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.singleFlight.redis.password
Password for the redis server. Warning: this is stored in plain text in the config file.
Type: string
Default:
""
Example:
"swordfish"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.singleFlight.redisSentinel.endpoints
URLs that determine all distributed redis servers.
Type: list of string
Default:
[ ]
Example:
[
"localhost:26379"
]
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.singleFlight.redisSentinel.lockConfig.maxRetries
Maximum number of retries for the lock.
Type: signed integer
Default:
10
Example:
1
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.singleFlight.redisSentinel.lockConfig.timeout
Timeout for the lock in seconds.
Type: signed integer
Default:
15
Example:
1
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.singleFlight.redisSentinel.lockConfig.ttl
TTL for the lock in seconds.
Type: signed integer
Default:
900
Example:
1
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.singleFlight.redisSentinel.masterName
Name of the sentinel master server.
Type: string
Default:
""
Example:
"redis-1"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.singleFlight.redisSentinel.sentinelPassword
Password for the sentinel server. Warning: this is stored in plain text in the config file.
Type: string
Default:
""
Example:
"swordfish"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.singleFlightType
Determines what mechanism Athens uses to manage concurrency flowing into the Athens backend.
Type: one of “memory”, “etcd”, “redis”, “redis-sentinel”, “gcp”, “azureblob”
Default:
"memory"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.statsExporter
Stats exporter to use.
Type: null or value “prometheus” (singular enum)
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.storage.azureblob.accountKey
Account key for the Azure Blob storage backend. Warning: this is stored in plain text in the config file.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.storage.azureblob.accountName
Account name for the Azure Blob storage backend.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.storage.azureblob.containerName
Container name for the Azure Blob storage backend.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.storage.cdn.endpoint
hostname of the CDN server.
Type: null or string
Default:
null
Example:
"cdn.example.com"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.storage.disk.rootPath
Athens disk root folder.
Type: null or absolute path
Default:
"/var/lib/athens"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.storage.external.url
URL of the backend storage layer.
Type: null or string
Default:
null
Example:
"https://athens.example.com"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.storage.gcp.bucket
GCP backend storage bucket.
Type: null or string
Default:
null
Example:
"my-bucket"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.storage.gcp.jsonKey
Base64 encoded GCP service account key. Warning: this is stored in plain text in the config file.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.storage.gcp.projectID
GCP project ID.
Type: null or string
Default:
null
Example:
"my-project"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.storage.minio.enableSSL
Enable SSL for the minio storage backend.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.storage.minio.bucket
Bucket name for the minio storage backend.
Type: null or string
Default:
null
Example:
"gomods"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.storage.minio.endpoint
Endpoint of the minio storage backend.
Type: null or string
Default:
null
Example:
"minio.example.com:9001"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.storage.minio.key
Access key id for the minio storage backend.
Type: null or string
Default:
null
Example:
"minio"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.storage.minio.region
Region for the minio storage backend.
Type: null or string
Default:
null
Example:
"us-east-1"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.storage.minio.secret
Secret key for the minio storage backend. Warning: this is stored in plain text in the config file.
Type: null or string
Default:
null
Example:
"minio123"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.storage.mongo.certPath
Path to the certificate file for the mongo database.
Type: null or absolute path
Default:
null
Example:
"/etc/ssl/mongo.pem"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.storage.mongo.defaultDBName
Name of the mongo database.
Type: null or string
Default:
null
Example:
"athens"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.storage.mongo.insecure
Allow insecure connections to the mongo database.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.storage.mongo.url
URL of the mongo database.
Type: null or string
Default:
null
Example:
"mongodb://localhost:27017"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.storage.s3.awsContainerCredentialsRelativeURI
Container relative url (used by fargate).
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.storage.s3.bucket
Bucket name for the S3 storage backend.
Type: null or string
Default:
null
Example:
"gomods"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.storage.s3.credentialsEndpoint
Credentials endpoint for the S3 storage backend.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.storage.s3.endpoint
Endpoint for the S3 storage backend.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.storage.s3.forcePathStyle
Force path style for the S3 storage backend.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.storage.s3.key
Access key id for the S3 storage backend.
Type: null or string
Default:
null
Example:
"minio"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.storage.s3.region
Region of the S3 storage backend.
Type: null or string
Default:
null
Example:
"eu-west-3"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.storage.s3.secret
Secret key for the S3 storage backend. Warning: this is stored in plain text in the config file.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.storage.s3.token
Token for the S3 storage backend. Warning: this is stored in plain text in the config file.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.storage.s3.useDefaultConfiguration
Use default configuration for the S3 storage backend.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.storageType
Specifies the type of storage backend to use.
Type: one of “memory”, “disk”, “mongo”, “gcp”, “minio”, “s3”, “azureblob”, “external”
Default:
"disk"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.sumDBs
List of fully qualified URLs that Athens will proxy that the go command can use a checksum verifier.
Type: list of string
Default:
[
"https://sum.golang.org"
]
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.timeout
Timeout for external network calls in seconds.
Type: signed integer
Default:
300
Example:
3
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.tlsCertFile
Path to the TLS certificate file.
Type: null or absolute path
Default:
null
Example:
"/etc/ssl/certs/athens.crt"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.tlsKeyFile
Path to the TLS key file.
Type: null or absolute path
Default:
null
Example:
"/etc/ssl/certs/athens.key"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.traceExporter
Trace exporter to use.
Type: null or one of “jaeger”, “datadog”
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.traceExporterURL
URL endpoint that traces will be sent to.
Type: null or string
Default:
null
Example:
"http://localhost:14268"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.unixSocket
Path to the unix socket file. If set, Athens will listen on the unix socket instead of TCP socket.
Type: null or absolute path
Default:
null
Example:
"/run/athens.sock"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.athens.validatorHook
Endpoint to validate modules against.
Not used if empty.
Type: null or string
Default:
null
Example:
"https://validation.example.com"
Declared by:
<nixpkgs/nixos/modules/services/development/athens.nix>
|
services.atticd.enable
Whether to enable the atticd, the Nix Binary Cache server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/atticd.nix>
|
services.atticd.package
The attic-server package to use.
Type: package
Default:
pkgs.attic-server
Declared by:
<nixpkgs/nixos/modules/services/networking/atticd.nix>
|
services.atticd.environmentFile
Path to an EnvironmentFile containing required environment variables:
ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64: The base64-encoded RSA PEM PKCS1 of the
RS256 JWT secret. Generate it with openssl genrsa -traditional 4096 | base64 -w0
.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/atticd.nix>
|
services.atticd.group
The user under which attic runs.
Type: string
Default:
"atticd"
Declared by:
<nixpkgs/nixos/modules/services/networking/atticd.nix>
|
services.atticd.mode
Mode in which to run the server.
‘monolithic’ runs all components, and is suitable for single-node deployments.
‘api-server’ runs only the API server, and is suitable for clustering.
‘garbage-collector’ only runs the garbage collector periodically.
A simple NixOS-based Attic deployment will typically have one ‘monolithic’ and any number of ‘api-server’ nodes.
There are several other supported modes that perform one-off operations, but these are the only ones that make sense to run via the NixOS module.
Type: one of “monolithic”, “api-server”, “garbage-collector”
Default:
"monolithic"
Declared by:
<nixpkgs/nixos/modules/services/networking/atticd.nix>
|
services.atticd.settings
Structured configurations of atticd. See https://github.com/zhaofengli/attic/blob/main/server/src/config-template.toml
Type: TOML value
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/networking/atticd.nix>
|
services.atticd.user
The group under which attic runs.
Type: string
Default:
"atticd"
Declared by:
<nixpkgs/nixos/modules/services/networking/atticd.nix>
|
services.atuin.enable
Whether to enable Atuin server for shell history sync.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/atuin.nix>
|
services.atuin.package
The atuin package to use.
Type: package
Default:
pkgs.atuin
Declared by:
<nixpkgs/nixos/modules/services/misc/atuin.nix>
|
services.atuin.database.createLocally
Create the database and database user locally.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/atuin.nix>
|
services.atuin.database.uri
URI to the database. Can be set to null in which case ATUIN_DB_URI should be set through an EnvironmentFile
Type: null or string
Default:
"postgresql:///atuin?host=/run/postgresql"
Example:
"postgresql://atuin@localhost:5432/atuin"
Declared by:
<nixpkgs/nixos/modules/services/misc/atuin.nix>
|
services.atuin.host
The host address the atuin server should listen on.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/misc/atuin.nix>
|
services.atuin.maxHistoryLength
The max length of each history item the atuin server should store.
Type: signed integer
Default:
8192
Declared by:
<nixpkgs/nixos/modules/services/misc/atuin.nix>
|
services.atuin.openFirewall
Open ports in the firewall for the atuin server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/atuin.nix>
|
services.atuin.openRegistration
Allow new user registrations with the atuin server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/atuin.nix>
|
services.atuin.path
A path to prepend to all the routes of the server.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/atuin.nix>
|
services.atuin.port
The port the atuin server should listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
8888
Declared by:
<nixpkgs/nixos/modules/services/misc/atuin.nix>
|
services.audiobookshelf.enable
Whether to enable Audiobookshelf, self-hosted audiobook and podcast server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/audiobookshelf.nix>
|
services.audiobookshelf.package
The audiobookshelf package to use.
Type: package
Default:
pkgs.audiobookshelf
Declared by:
<nixpkgs/nixos/modules/services/web-apps/audiobookshelf.nix>
|
services.audiobookshelf.dataDir
Path to Audiobookshelf config and metadata inside of /var/lib.
Type: string
Default:
"audiobookshelf"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/audiobookshelf.nix>
|
services.audiobookshelf.group
Group under which Audiobookshelf runs.
Type: string
Default:
"audiobookshelf"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/audiobookshelf.nix>
|
services.audiobookshelf.host
The host Audiobookshelf binds to.
Type: string
Default:
"127.0.0.1"
Example:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/audiobookshelf.nix>
|
services.audiobookshelf.openFirewall
Open ports in the firewall for the Audiobookshelf web interface.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/audiobookshelf.nix>
|
services.audiobookshelf.port
The TCP port Audiobookshelf will listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
8000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/audiobookshelf.nix>
|
services.audiobookshelf.user
User account under which Audiobookshelf runs.
Type: string
Default:
"audiobookshelf"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/audiobookshelf.nix>
|
services.authelia.instances
Multi-domain protection currently requires multiple instances of Authelia. If you don’t require multiple instances of Authelia you can define just the one.
https://www.authelia.com/roadmap/active/multi-domain-protection/
Type: attribute set of (submodule)
Default:
{ }
Example:
''
{
main = {
enable = true;
secrets.storageEncryptionKeyFile = "/etc/authelia/storageEncryptionKeyFile";
secrets.jwtSecretFile = "/etc/authelia/jwtSecretFile";
settings = {
theme = "light";
default_2fa_method = "totp";
log.level = "debug";
server.disable_healthcheck = true;
};
};
preprod = {
enable = false;
secrets.storageEncryptionKeyFile = "/mnt/pre-prod/authelia/storageEncryptionKeyFile";
secrets.jwtSecretFile = "/mnt/pre-prod/jwtSecretFile";
settings = {
theme = "dark";
default_2fa_method = "webauthn";
server.host = "0.0.0.0";
};
};
test.enable = true;
test.secrets.manual = true;
test.settings.theme = "grey";
test.settings.server.disable_healthcheck = true;
test.settingsFiles = [ "/mnt/test/authelia" "/mnt/test-authelia.conf" ];
};
}
''
Declared by:
<nixpkgs/nixos/modules/services/security/authelia.nix>
|
services.authelia.instances.<name>.enable
Whether to enable Authelia instance.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/security/authelia.nix>
|
services.authelia.instances.<name>.package
The authelia package to use.
Type: package
Default:
pkgs.authelia
Declared by:
<nixpkgs/nixos/modules/services/security/authelia.nix>
|
services.authelia.instances.<name>.environmentVariables
Additional environment variables to provide to authelia.
If you are providing secrets please consider the options under services.authelia.<instance>.secrets
or make sure you use the _FILE
suffix.
If you provide the raw secret rather than the location of a secret file that secret will be preserved in the nix store.
For more details: https://www.authelia.com/configuration/methods/secrets/
Type: attribute set of string
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/security/authelia.nix>
|
services.authelia.instances.<name>.group
The name of the group for this authelia instance.
Type: string
Default:
"authelia-‹name›"
Declared by:
<nixpkgs/nixos/modules/services/security/authelia.nix>
|
services.authelia.instances.<name>.name
Name is used as a suffix for the service name, user, and group.
By default it takes the value you use for <instance>
in:
services.authelia.<instance>
Type: string
Default:
"‹name›"
Declared by:
<nixpkgs/nixos/modules/services/security/authelia.nix>
|
services.authelia.instances.<name>.secrets
It is recommended you keep your secrets separate from the configuration. It’s especially important to keep the raw secrets out of your nix configuration, as the values will be preserved in your nix store. This attribute allows you to configure the location of secret files to be loaded at runtime.
https://www.authelia.com/configuration/methods/secrets/
Type: submodule
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/security/authelia.nix>
|
services.authelia.instances.<name>.secrets.jwtSecretFile
Path to your JWT secret used during identity verificaton.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/authelia.nix>
|
services.authelia.instances.<name>.secrets.manual
Configuring authelia’s secret files via the secrets attribute set is intended to be convenient and help catch cases where values are required to run at all. If a user wants to set these values themselves and bypass the validation they can set this value to true.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/security/authelia.nix>
|
services.authelia.instances.<name>.secrets.oidcHmacSecretFile
Path to your HMAC secret used to sign OIDC JWTs.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/authelia.nix>
|
services.authelia.instances.<name>.secrets.oidcIssuerPrivateKeyFile
Path to your private key file used to encrypt OIDC JWTs.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/authelia.nix>
|
services.authelia.instances.<name>.secrets.sessionSecretFile
Path to your session secret. Only used when redis is used as session storage.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/authelia.nix>
|
services.authelia.instances.<name>.secrets.storageEncryptionKeyFile
Path to your storage encryption key.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/authelia.nix>
|
services.authelia.instances.<name>.settings
Your Authelia config.yml as a Nix attribute set.
There are several values that are defined and documented in nix such as default_2fa_method
,
but additional items can also be included.
https://github.com/authelia/authelia/blob/master/config.template.yml
Type: YAML value
Default:
{ }
Example:
''
{
theme = "light";
default_2fa_method = "totp";
log.level = "debug";
server.disable_healthcheck = true;
}
''
Declared by:
<nixpkgs/nixos/modules/services/security/authelia.nix>
|
services.authelia.instances.<name>.settings.default_2fa_method
Default 2FA method for new users and fallback for preferred but disabled methods.
Type: one of “”, “totp”, “webauthn”, “mobile_push”
Default:
""
Example:
"webauthn"
Declared by:
<nixpkgs/nixos/modules/services/security/authelia.nix>
|
services.authelia.instances.<name>.settings.log.file_path
File path where the logs will be written. If not set logs are written to stdout.
Type: null or absolute path
Default:
null
Example:
"/var/log/authelia/authelia.log"
Declared by:
<nixpkgs/nixos/modules/services/security/authelia.nix>
|
services.authelia.instances.<name>.settings.log.format
Format the logs are written as.
Type: one of “json”, “text”
Default:
"json"
Example:
"text"
Declared by:
<nixpkgs/nixos/modules/services/security/authelia.nix>
|
services.authelia.instances.<name>.settings.log.keep_stdout
Whether to also log to stdout when a file_path
is defined.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/security/authelia.nix>
|
services.authelia.instances.<name>.settings.log.level
Level of verbosity for logs.
Type: one of “trace”, “debug”, “info”, “warn”, “error”
Default:
"debug"
Example:
"info"
Declared by:
<nixpkgs/nixos/modules/services/security/authelia.nix>
|
services.authelia.instances.<name>.settings.server.address
The address to listen on.
Type: string
Default:
"tcp://:9091/"
Example:
"unix:///var/run/authelia.sock?path=authelia&umask=0117"
Declared by:
<nixpkgs/nixos/modules/services/security/authelia.nix>
|
services.authelia.instances.<name>.settings.telemetry.metrics.enabled
Enable Metrics.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/security/authelia.nix>
|
services.authelia.instances.<name>.settings.telemetry.metrics.address
The address to listen on for metrics. This should be on a different port to the main server.port
value.
Type: string
Default:
"tcp://127.0.0.1:9959"
Example:
"tcp://0.0.0.0:8888"
Declared by:
<nixpkgs/nixos/modules/services/security/authelia.nix>
|
services.authelia.instances.<name>.settings.theme
The theme to display.
Type: one of “light”, “dark”, “grey”, “auto”
Default:
"light"
Example:
"dark"
Declared by:
<nixpkgs/nixos/modules/services/security/authelia.nix>
|
services.authelia.instances.<name>.settingsFiles
Here you can provide authelia with configuration files or directories.
It is possible to give authelia multiple files and use the nix generated configuration
file set via services.authelia.<instance>.settings
.
Type: list of absolute path
Default:
[ ]
Example:
[
"/etc/authelia/config.yml"
"/etc/authelia/access-control.yml"
"/etc/authelia/config/"
]
Declared by:
<nixpkgs/nixos/modules/services/security/authelia.nix>
|
services.authelia.instances.<name>.user
The name of the user for this authelia instance.
Type: string
Default:
"authelia-‹name›"
Declared by:
<nixpkgs/nixos/modules/services/security/authelia.nix>
|
services.auto-cpufreq.enable
Whether to enable auto-cpufreq daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/hardware/auto-cpufreq.nix>
|
services.auto-cpufreq.settings
Configuration for auto-cpufreq
.
The available options can be found in the example configuration file.
Type: attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/hardware/auto-cpufreq.nix>
|
services.auto-epp.enable
Whether to enable auto-epp for amd active pstate.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/hardware/auto-epp.nix>
|
services.auto-epp.package
The auto-epp package to use.
Type: package
Default:
pkgs.auto-epp
Declared by:
<nixpkgs/nixos/modules/services/hardware/auto-epp.nix>
|
services.auto-epp.settings
Settings for the auto-epp application. See upstream example: https://github.com/jothi-prasath/auto-epp/blob/master/sample-auto-epp.conf
Type: attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/hardware/auto-epp.nix>
|
services.auto-epp.settings.Settings.epp_state_for_AC
energy_performance_preference when on plugged in
See available epp states by running: cat /sys/devices/system/cpu/cpu0/cpufreq/energy_performance_available_preferences
Type: string
Default:
"balance_performance"
Declared by:
<nixpkgs/nixos/modules/services/hardware/auto-epp.nix>
|
services.auto-epp.settings.Settings.epp_state_for_BAT
energy_performance_preference
when on battery
See available epp states by running: cat /sys/devices/system/cpu/cpu0/cpufreq/energy_performance_available_preferences
Type: string
Default:
"power"
Declared by:
<nixpkgs/nixos/modules/services/hardware/auto-epp.nix>
|
services.autobrr.enable
Whether to enable Autobrr.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/autobrr.nix>
|
services.autobrr.package
The autobrr package to use.
Type: package
Default:
pkgs.autobrr
Declared by:
<nixpkgs/nixos/modules/services/misc/autobrr.nix>
|
services.autobrr.openFirewall
Open ports in the firewall for the Autobrr web interface.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/autobrr.nix>
|
services.autobrr.secretFile
File containing the session secret for the Autobrr web interface.
Type: absolute path
Declared by:
<nixpkgs/nixos/modules/services/misc/autobrr.nix>
|
services.autobrr.settings
Autobrr configuration options.
Refer to https://autobrr.com/configuration/autobrr for a full list.
Type: TOML value
Default:
{
checkForUpdates = true;
host = "127.0.0.1";
port = 7474;
}
Example:
{
logLevel = "DEBUG";
}
Declared by:
<nixpkgs/nixos/modules/services/misc/autobrr.nix>
|
services.autofs.enable
Mount filesystems on demand. Unmount them automatically. You may also be interested in afuse.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/autofs.nix>
|
services.autofs.autoMaster
Contents of /etc/auto.master
file. See auto.master(5) and autofs(5).
Type: string
Example:
let
mapConf = pkgs.writeText "auto" ''
kernel -ro,soft,intr ftp.kernel.org:/pub/linux
boot -fstype=ext2 :/dev/hda1
windoze -fstype=smbfs ://windoze/c
removable -fstype=ext2 :/dev/hdd
cd -fstype=iso9660,ro :/dev/hdc
floppy -fstype=auto :/dev/fd0
server -rw,hard,intr / -ro myserver.me.org:/ \
/usr myserver.me.org:/usr \
/home myserver.me.org:/home
'';
in ''
/auto file:${mapConf}
''
Declared by:
<nixpkgs/nixos/modules/services/misc/autofs.nix>
|
services.autofs.debug
Pass -d and -7 to automount and write log to the system journal.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/autofs.nix>
|
services.autofs.timeout
Set the global minimum timeout, in seconds, until directories are unmounted
Type: signed integer
Default:
600
Declared by:
<nixpkgs/nixos/modules/services/misc/autofs.nix>
|
services.automatic-timezoned.enable
Enable automatic-timezoned
, simple daemon for keeping the system
timezone up-to-date based on the current location. It uses geoclue2 to
determine the current location and systemd-timedated to actually set
the timezone.
To avoid silent overriding by the service, if you have explicitly set a
timezone, either remove it or ensure that it is set with a lower priority
than the default value using lib.mkDefault
or lib.mkOverride
. This is
to make the choice deliberate. An error will be presented otherwise.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/system/automatic-timezoned.nix>
|
services.automatic-timezoned.package
The automatic-timezoned package to use.
Type: package
Default:
pkgs.automatic-timezoned
Declared by:
<nixpkgs/nixos/modules/services/system/automatic-timezoned.nix>
|
services.automx2.enable
Whether to enable automx2.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/mail/automx2.nix>
|
services.automx2.package
The automx2 package to use.
Type: package
Default:
pkgs.python3Packages.automx2
Declared by:
<nixpkgs/nixos/modules/services/mail/automx2.nix>
|
services.automx2.domain
E-Mail-Domain for which mail client autoconfig/autoconfigure should be set up.
The autoconfig
and autodiscover
subdomains are automatically prepended and set up with ACME.
The names of those domains are hardcoded in the mail clients and are not configurable.
Type: string
Example:
"example.com"
Declared by:
<nixpkgs/nixos/modules/services/mail/automx2.nix>
|
services.automx2.port
Port used by automx2.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
4243
Declared by:
<nixpkgs/nixos/modules/services/mail/automx2.nix>
|
services.automx2.settings
Bootstrap json to populate database. See docs for details.
Type: JSON value
Declared by:
<nixpkgs/nixos/modules/services/mail/automx2.nix>
|
services.automysqlbackup.enable
Whether to enable AutoMySQLBackup.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/backup/automysqlbackup.nix>
|
services.automysqlbackup.calendar
Configured when to run the backup service systemd unit (DayOfWeek Year-Month-Day Hour:Minute:Second).
Type: string
Default:
"01:15:00"
Declared by:
<nixpkgs/nixos/modules/services/backup/automysqlbackup.nix>
|
services.automysqlbackup.settings
automysqlbackup configuration. Refer to
${pkgs.automysqlbackup}/etc/automysqlbackup.conf
for details on supported values.
Type: attribute set of (string or signed integer or boolean or list of string)
Default:
{ }
Example:
{
db_names = [ "nextcloud" "matomo" ];
table_exclude = [ "nextcloud.oc_users" "nextcloud.oc_whats_new" ];
mailcontent = "log";
mail_address = "admin@example.org";
}
Declared by:
<nixpkgs/nixos/modules/services/backup/automysqlbackup.nix>
|
services.autorandr.enable
Whether to enable handling of hotplug and sleep events by autorandr.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.defaultTarget
Fallback if no monitor layout can be detected. See the docs (https://github.com/phillipberndt/autorandr/blob/v1.0/README.md#how-to-use) for further reference.
Type: string
Default:
"default"
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.hooks
Global hook scripts
Type: submodule
Default:
{ }
Example:
{
postswitch = {
"notify-i3" = "${pkgs.i3}/bin/i3-msg restart";
"change-background" = readFile ./change-background.sh;
"change-dpi" = ''
case "$AUTORANDR_CURRENT_PROFILE" in
default)
DPI=120
;;
home)
DPI=192
;;
work)
DPI=144
;;
*)
echo "Unknown profle: $AUTORANDR_CURRENT_PROFILE"
exit 1
esac
echo "Xft.dpi: $DPI" | ${pkgs.xorg.xrdb}/bin/xrdb -merge
'';
};
}
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.hooks.postswitch
Postswitch hook executed after mode switch.
Type: attribute set of strings concatenated with “\n”
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.hooks.predetect
Predetect hook executed before autorandr attempts to run xrandr.
Type: attribute set of strings concatenated with “\n”
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.hooks.preswitch
Preswitch hook executed before mode switch.
Type: attribute set of strings concatenated with “\n”
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.ignoreLid
Treat outputs as connected even if their lids are closed
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.matchEdid
Match displays based on edid instead of name
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.profiles
Autorandr profiles specification.
Type: attribute set of (submodule)
Default:
{ }
Example:
{
"work" = {
fingerprint = {
eDP1 = "<EDID>";
DP1 = "<EDID>";
};
config = {
eDP1.enable = false;
DP1 = {
enable = true;
crtc = 0;
primary = true;
position = "0x0";
mode = "3840x2160";
gamma = "1.0:0.909:0.833";
rate = "60.00";
rotate = "left";
};
};
hooks.postswitch = readFile ./work-postswitch.sh;
};
}
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.profiles.<name>.config
Per output profile configuration.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.profiles.<name>.config.<name>.enable
Whether to enable the output.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.profiles.<name>.config.<name>.crtc
Output video display controller.
Type: null or (unsigned integer, meaning >=0)
Default:
null
Example:
0
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.profiles.<name>.config.<name>.dpi
Output DPI configuration.
Type: null or (positive integer, meaning >0)
Default:
null
Example:
96
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.profiles.<name>.config.<name>.gamma
Output gamma configuration.
Type: string
Default:
""
Example:
"1.0:0.909:0.833"
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.profiles.<name>.config.<name>.mode
Output resolution.
Type: string
Default:
""
Example:
"3840x2160"
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.profiles.<name>.config.<name>.position
Output position
Type: string
Default:
""
Example:
"5760x0"
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.profiles.<name>.config.<name>.primary
Whether output should be marked as primary
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.profiles.<name>.config.<name>.rate
Output framerate.
Type: string
Default:
""
Example:
"60.00"
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.profiles.<name>.config.<name>.rotate
Output rotate configuration.
Type: null or one of “normal”, “left”, “right”, “inverted”
Default:
null
Example:
"left"
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.profiles.<name>.config.<name>.scale
Output scale configuration.
Either configure by pixels or a scaling factor. When using pixel method the
xrandr(1)
option
--scale-from
will be used; when using factor method the option
--scale
will be used.
This option is a shortcut version of the transform option and they are mutually exclusive.
Type: null or (submodule)
Default:
null
Example:
{
x = 1.25;
y = 1.25;
}
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.profiles.<name>.config.<name>.scale.method
Output scaling method.
Type: one of “factor”, “pixel”
Default:
"factor"
Example:
"pixel"
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.profiles.<name>.config.<name>.scale.x
Horizontal scaling factor/pixels.
Type: floating point number or (positive integer, meaning >0)
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.profiles.<name>.config.<name>.scale.y
Vertical scaling factor/pixels.
Type: floating point number or (positive integer, meaning >0)
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.profiles.<name>.config.<name>.transform
Refer to xrandr(1) for the documentation of the transform matrix.
Type: null or (3×3 matrix of floating point numbers)
Default:
null
Example:
[
[ 0.6 0.0 0.0 ]
[ 0.0 0.6 0.0 ]
[ 0.0 0.0 1.0 ]
]
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.profiles.<name>.fingerprint
Output name to EDID mapping.
Use autorandr --fingerprint
to get current setup values.
Type: attribute set of string
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.profiles.<name>.hooks
Profile hook scripts.
Type: submodule
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.profiles.<name>.hooks.postswitch
Postswitch hook executed after mode switch.
Type: attribute set of strings concatenated with “\n”
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.profiles.<name>.hooks.predetect
Predetect hook executed before autorandr attempts to run xrandr.
Type: attribute set of strings concatenated with “\n”
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.profiles.<name>.hooks.preswitch
Preswitch hook executed before mode switch.
Type: attribute set of strings concatenated with “\n”
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autossh.sessions
List of AutoSSH sessions to start as systemd services. Each service is named ‘autossh-{session.name}’.
Type: list of (submodule)
Default:
[ ]
Example:
[
{
extraArguments = "-N -D4343 billremote@socks.host.net";
monitoringPort = 20000;
name = "socks-peer";
user = "bill";
}
]
Declared by:
<nixpkgs/nixos/modules/services/networking/autossh.nix>
|
services.autossh.sessions.*.extraArguments
Arguments to be passed to AutoSSH and retransmitted to SSH process. Some meaningful options include -N (don’t run remote command), -D (open SOCKS proxy on local port), -R (forward remote port), -L (forward local port), -v (Enable debug). Check ssh manual for the complete list.
Type: strings concatenated with " "
Example:
"-N -D4343 bill@socks.example.net"
Declared by:
<nixpkgs/nixos/modules/services/networking/autossh.nix>
|
services.autossh.sessions.*.monitoringPort
Port to be used by AutoSSH for peer monitoring. Note, that AutoSSH also uses mport+1. Value of 0 disables the keep-alive style monitoring
Type: signed integer
Default:
0
Example:
20000
Declared by:
<nixpkgs/nixos/modules/services/networking/autossh.nix>
|
services.autossh.sessions.*.name
Name of the local AutoSSH session
Type: string
Example:
"socks-peer"
Declared by:
<nixpkgs/nixos/modules/services/networking/autossh.nix>
|
services.autossh.sessions.*.user
Name of the user the AutoSSH session should run as
Type: string
Example:
"bill"
Declared by:
<nixpkgs/nixos/modules/services/networking/autossh.nix>
|
services.autosuspend.enable
Whether to enable the autosuspend daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/autosuspend.nix>
|
services.autosuspend.package
The autosuspend package to use.
Type: package
Default:
pkgs.autosuspend
Declared by:
<nixpkgs/nixos/modules/services/misc/autosuspend.nix>
|
services.autosuspend.checks
Checks for activity. For more information, see:
Type: attribute set of (section of an INI file (attrs of INI atom (null, bool, int, float or string)))
Default:
{ }
Example:
{
# Basic activity check configuration.
# The check class name is derived from the section header (Ping in this case).
# Remember to enable desired checks. They are disabled by default.
Ping = {
hosts = "192.168.0.7";
};
# This check is disabled.
Smb.enabled = false;
# Example for a custom check name.
# This will use the Users check with the custom name RemoteUsers.
# Custom names are necessary in case a check class is used multiple times.
# Custom names can also be used for clarification.
RemoteUsers = {
class = "Users";
name = ".*";
terminal = ".*";
host = "[0-9].*";
};
# Here the Users activity check is used again with different settings and a different name
LocalUsers = {
class = "Users";
name = ".*";
terminal = ".*";
host = "localhost";
};
}
Declared by:
<nixpkgs/nixos/modules/services/misc/autosuspend.nix>
|
services.autosuspend.checks.<name>.enabled
Whether to enable this activity check.
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/autosuspend.nix>
|
services.autosuspend.checks.<name>.class
Name of the class implementing the check. If this option is not specified, the check’s name must represent a valid internal check class.
Type: null or one of “ActiveCalendarEvent”, “ActiveConnection”, “ExternalCommand”, “JsonPath”, “Kodi”, “KodiIdleTime”, “LastLogActivity”, “Load”, “LogindSessionsIdle”, “Mpd”, “NetworkBandwidth”, “Ping”, “Processes”, “Smb”, “Users”, “XIdleTime”, “XPath”
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/autosuspend.nix>
|
services.autosuspend.settings
Configuration for autosuspend, see https://autosuspend.readthedocs.io/en/latest/configuration_file.html#general-configuration for supported values.
Type: section of an INI file (attrs of INI atom (null, bool, int, float or string))
Default:
{ }
Example:
{
enable = true;
interval = 30;
idle_time = 120;
}
Declared by:
<nixpkgs/nixos/modules/services/misc/autosuspend.nix>
|
services.autosuspend.settings.suspend_cmd
The command to execute in case the host shall be suspended. This line can contain additional command line arguments to the command to execute.
Type: string
Default:
"systemctl suspend"
Declared by:
<nixpkgs/nixos/modules/services/misc/autosuspend.nix>
|
services.autosuspend.settings.wakeup_cmd
The command to execute for scheduling a wake up of the system. The given string is
processed using Python’s str.format()
and a format argument called timestamp
encodes the UTC timestamp of the planned wake up time (float). Additionally iso
can be used to acquire the timestamp in ISO 8601 format.
Type: string
Default:
"sh -c 'echo 0 > /sys/class/rtc/rtc0/wakealarm && echo {timestamp:.0f} > /sys/class/rtc/rtc0/wakealarm' "
Declared by:
<nixpkgs/nixos/modules/services/misc/autosuspend.nix>
|
services.autosuspend.wakeups
Checks for wake up. For more information, see:
Type: attribute set of (section of an INI file (attrs of INI atom (null, bool, int, float or string)))
Default:
{ }
Example:
{
# Wake up checks reuse the same configuration mechanism as activity checks.
Calendar = {
url = "http://example.org/test.ics";
};
}
Declared by:
<nixpkgs/nixos/modules/services/misc/autosuspend.nix>
|
services.autosuspend.wakeups.<name>.enabled
Whether to enable this wake-up check.
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/autosuspend.nix>
|
services.autosuspend.wakeups.<name>.class
Name of the class implementing the check. If this option is not specified, the check’s name must represent a valid internal check class.
Type: null or one of “Calendar”, “Command”, “File”, “Periodic”, “SystemdTimer”, “XPath”, “XPathDelta”
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/autosuspend.nix>
|
services.autotierfs.enable
Whether to enable the autotier passthrough tiering filesystem.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/autotierfs.nix>
|
services.autotierfs.package
The autotier package to use.
Type: package
Default:
pkgs.autotier
Declared by:
<nixpkgs/nixos/modules/services/autotierfs.nix>
|
services.autotierfs.settings
The contents of the configuration file for autotier. See the autotier repo for supported values.
Type: attribute set of attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))
Default:
{ }
Example:
{
"/mnt/autotier" = {
Global = {
"Log Level" = 1;
"Tier Period" = 1000;
"Copy Buffer Size" = "1 MiB";
};
"Tier 1" = {
Path = "/mnt/tier1";
Quota = "30GiB";
};
"Tier 2" = {
Path = "/mnt/tier2";
Quota = "200GiB";
};
};
}
Declared by:
<nixpkgs/nixos/modules/services/autotierfs.nix>
|
services.avahi.enable
Whether to run the Avahi daemon, which allows Avahi clients
to use Avahi’s service discovery facilities and also allows
the local machine to advertise its presence and services
(through the mDNS responder implemented by avahi-daemon
).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.package
The avahi package to use.
Type: package
Default:
pkgs.avahi
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.allowInterfaces
List of network interfaces that should be used by the avahi-daemon.
Other interfaces will be ignored. If null
, all local interfaces
except loopback and point-to-point will be used.
Type: null or (list of string)
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.allowPointToPoint
Whether to use POINTTOPOINT interfaces. Might make mDNS unreliable due to usually large latencies with such links and opens a potential security hole by allowing mDNS access from Internet connections.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.browseDomains
List of non-local DNS domains to be browsed.
Type: list of string
Default:
[ ]
Example:
[
"0pointer.de"
"zeroconf.org"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.cacheEntriesMax
Number of resource records to be cached per interface. Use 0 to disable caching. Avahi daemon defaults to 4096 if not set.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.denyInterfaces
List of network interfaces that should be ignored by the
avahi-daemon. Other unspecified interfaces will be used,
unless allowInterfaces
is set. This option takes precedence
over allowInterfaces
.
Type: null or (list of string)
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.domainName
Domain name for all advertisements.
Type: string
Default:
"local"
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.extraConfig
Extra config to append to avahi-daemon.conf.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.extraServiceFiles
Specify custom service definitions which are placed in the avahi service directory. See the avahi.service(5) manpage for detailed information.
Type: attribute set of (string or absolute path)
Default:
{ }
Example:
{
ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service";
smb = ''
<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
<name replace-wildcards="yes">%h</name>
<service>
<type>_smb._tcp</type>
<port>445</port>
</service>
</service-group>
'';
}
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.hostName
Host name advertised on the LAN. If not set, avahi will use the value
of config.networking.hostName
.
Type: string
Default:
config.networking.hostName
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.ipv4
Whether to use IPv4.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.ipv6
Whether to use IPv6.
Type: boolean
Default:
config.networking.enableIPv6
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.nssmdns4
Whether to enable the mDNS NSS (Name Service Switch) plug-in for IPv4.
Enabling it allows applications to resolve names in the .local
domain by transparently querying the Avahi daemon.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.nssmdns6
Whether to enable the mDNS NSS (Name Service Switch) plug-in for IPv6.
Enabling it allows applications to resolve names in the .local
domain by transparently querying the Avahi daemon.
Due to the fact that most mDNS responders only register local IPv4 addresses, most user want to leave this option disabled to avoid long timeouts when applications first resolve the none existing IPv6 address.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.openFirewall
Whether to open the firewall for UDP port 5353. Disabling this setting also disables discovering of network devices.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.publish.enable
Whether to allow publishing in general.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.publish.addresses
Whether to register mDNS address records for all local IP addresses.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.publish.domain
Whether to announce the locally used domain name for browsing by other hosts.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.publish.hinfo
Whether to register a mDNS HINFO record which contains information about the local operating system and CPU.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.publish.userServices
Whether to publish user services. Will set addresses=true
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.publish.workstation
Whether to register a service of type “_workstation._tcp” on the local LAN.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.reflector
Reflect incoming mDNS requests to all allowed network interfaces.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.wideArea
Whether to enable wide-area service discovery.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.awstats.enable
Whether to enable awstats, a real-time logfile analyzer.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/logging/awstats.nix>
|
services.awstats.configs
Attribute set of domains to collect stats for.
Type: attribute set of (submodule)
Default:
{ }
Example:
{
"mysite" = {
domain = "example.com";
logFile = "/var/log/nginx/access.log";
};
}
Declared by:
<nixpkgs/nixos/modules/services/logging/awstats.nix>
|
services.awstats.configs.<name>.domain
The domain name to collect stats for.
Type: string
Default:
"‹name›"
Example:
"example.com"
Declared by:
<nixpkgs/nixos/modules/services/logging/awstats.nix>
|
services.awstats.configs.<name>.extraConfig
Extra configuration to be appended to awstats.${name}.conf.
Type: attribute set of string
Default:
{ }
Example:
{
"ValidHTTPCodes" = "404";
}
Declared by:
<nixpkgs/nixos/modules/services/logging/awstats.nix>
|
services.awstats.configs.<name>.hostAliases
List of aliases the site has.
Type: list of string
Default:
[ ]
Example:
[
"www.example.org"
]
Declared by:
<nixpkgs/nixos/modules/services/logging/awstats.nix>
|
services.awstats.configs.<name>.logFile
The log file to be scanned.
For mail, set this to
journalctl $OLD_CURSOR -u postfix.service | ${pkgs.perl}/bin/perl ${pkgs.awstats.out}/share/awstats/tools/maillogconvert.pl standard |
Type: string
Example:
"/var/log/nginx/access.log"
Declared by:
<nixpkgs/nixos/modules/services/logging/awstats.nix>
|
services.awstats.configs.<name>.logFormat
The log format being used.
For mail, set this to
%time2 %email %email_r %host %host_r %method %url %code %bytesd
Type: string
Default:
"1"
Declared by:
<nixpkgs/nixos/modules/services/logging/awstats.nix>
|
services.awstats.configs.<name>.type
The type of log being collected.
Type: one of “mail”, “web”
Default:
"web"
Example:
"mail"
Declared by:
<nixpkgs/nixos/modules/services/logging/awstats.nix>
|
services.awstats.configs.<name>.webService.enable
Whether to enable awstats web service.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/logging/awstats.nix>
|
services.awstats.configs.<name>.webService.hostname
The hostname the web service appears under.
Type: string
Default:
"‹name›"
Declared by:
<nixpkgs/nixos/modules/services/logging/awstats.nix>
|
services.awstats.configs.<name>.webService.urlPrefix
The URL prefix under which the awstats pages appear.
Type: string
Default:
"/awstats"
Declared by:
<nixpkgs/nixos/modules/services/logging/awstats.nix>
|
services.awstats.dataDir
The directory where awstats data will be stored.
Type: absolute path
Default:
"/var/lib/awstats"
Declared by:
<nixpkgs/nixos/modules/services/logging/awstats.nix>
|
services.awstats.updateAt
Specification of the time at which awstats will get updated. (in the format described by systemd.time(7))
Type: null or string
Default:
null
Example:
"hourly"
Declared by:
<nixpkgs/nixos/modules/services/logging/awstats.nix>
|
services.ayatana-indicators.enable
Whether to enable Ayatana Indicators, a continuation of Canonical’s Application Indicators .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/desktops/ayatana-indicators.nix>
|
services.ayatana-indicators.packages
List of packages containing Ayatana Indicator services that should be brought up by a SystemD “ayatana-indicators” user target.
Packages specified here must have passthru.ayatana-indicators set correctly.
If, how, and where these indicators are displayed will depend on your DE. Which target they will be brought up by depends on the packages’ passthru.ayatana-indicators.
Type: list of package
Default:
[ ]
Example:
with pkgs; [ ayatana-indicator-messages ]
Declared by:
<nixpkgs/nixos/modules/services/desktops/ayatana-indicators.nix>
|
services.babeld.enable
Whether to enable the babeld network routing daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/babeld.nix>
|
services.babeld.extraConfig
Options that will be copied to babeld.conf. See babeld(8) for details.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/babeld.nix>
|
services.babeld.interfaceDefaults
A set describing default parameters for babeld interfaces. See babeld(8) for options.
Type: null or (attribute set of unspecified value)
Default:
null
Example:
{
split-horizon = true;
type = "tunnel";
}
Declared by:
<nixpkgs/nixos/modules/services/networking/babeld.nix>
|
services.babeld.interfaces
A set describing babeld interfaces. See babeld(8) for options.
Type: attribute set of attribute set of unspecified value
Default:
{ }
Example:
{
enp0s2 = {
hello-interval = 5;
split-horizon = "auto";
type = "wired";
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/babeld.nix>
|
services.bacula-dir.enable
Whether to enable Bacula Director Daemon.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-dir.extraConfig
Extra configuration for Bacula Director Daemon.
Type: strings concatenated with “\n”
Default:
""
Example:
''
TODO
''
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-dir.extraDirectorConfig
Extra configuration to be passed in Director directive.
Type: strings concatenated with “\n”
Default:
""
Example:
''
Maximum Concurrent Jobs = 20;
Heartbeat Interval = 30;
''
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-dir.extraMessagesConfig
Extra configuration to be passed in Messages directive.
Type: strings concatenated with “\n”
Default:
""
Example:
''
console = all
''
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-dir.name
The director name used by the system administrator. This directive is required.
Type: string
Default:
"${config.networking.hostName}-dir"
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-dir.password
Specifies the password that must be supplied for a Director.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-dir.port
Specify the port (a positive integer) on which the Director daemon will listen for Bacula Console connections. This same port number must be specified in the Director resource of the Console configuration file. The default is 9101, so normally this directive need not be specified. This directive should not be used if you specify DirAddresses (N.B plural) directive.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
9101
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-dir.tls
TLS Options for the Director. Important notice: The backup won’t be encrypted.
Type: submodule
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-dir.tls.enable
Specifies if TLS should be enabled.
If this set to false
TLS will be completely disabled, even if services.bacula-dir.tls.require is true.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-dir.tls.allowedCN
Common name attribute of allowed peer certificates. This directive is valid for a server and in a client context. If this directive is specified, the peer certificate will be verified against this list. In the case this directive is configured on a server side, the allowed CN list will not be checked if services.bacula-dir.tls.verifyPeer is false.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-dir.tls.caCertificateFile
The path specifying a PEM encoded TLS CA certificate(s). Multiple certificates are permitted in the file. One of TLS CA Certificate File or TLS CA Certificate Dir are required in a server context, unless services.bacula-dir.tls.verifyPeer is false, and are always required in a client context.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-dir.tls.certificate
The full path to the PEM encoded TLS certificate.
It will be used as either a client or server certificate,
depending on the connection direction.
This directive is required in a server context, but it may
not be specified in a client context if services.bacula-dir.tls.verifyPeer is
false
in the corresponding server context.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-dir.tls.key
The path of a PEM encoded TLS private key. It must correspond to the TLS certificate.
Type: absolute path
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-dir.tls.require
Require TLS or TLS-PSK encryption.
This directive is ignored unless one of services.bacula-dir.tls.enable is true or TLS PSK Enable is set to yes
.
If TLS is not required while TLS or TLS-PSK are enabled, then the Bacula component
will connect with other components either with or without TLS or TLS-PSK
If services.bacula-dir.tls.enable or TLS-PSK is enabled and TLS is required, then the Bacula component will refuse any connection request that does not use TLS.
Type: null or boolean
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-dir.tls.verifyPeer
Verify peer certificate. Instructs server to request and verify the client’s X.509 certificate. Any client certificate signed by a known-CA will be accepted. Additionally, the client’s X509 certificate Common Name must meet the value of the Address directive. If services.bacula-dir.tls.allowedCN is used, the client’s x509 certificate Common Name must also correspond to one of the CN specified in the services.bacula-dir.tls.allowedCN directive. This directive is valid only for a server and not in client context.
Standard from Bacula is true
.
Type: null or boolean
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-fd.enable
Whether to enable the Bacula File Daemon.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-fd.director
This option defines director resources in Bacula File Daemon.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-fd.director.<name>.monitor
If Monitor is set to no
, this director will have
full access to this Storage daemon. If Monitor is set to
yes
, this director will only be able to fetch the
current status of this Storage daemon.
Please note that if this director is being used by a Monitor, we highly recommend to set this directive to yes to avoid serious security problems.
Type: one of “no”, “yes”
Default:
"no"
Example:
"yes"
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-fd.director.<name>.password
Specifies the password that must be supplied for the default Bacula Console to be authorized. The same password must appear in the Director resource of the Console configuration file. For added security, the password is never passed across the network but instead a challenge response hash code created with the password. This directive is required. If you have either /dev/random or bc on your machine, Bacula will generate a random password during the configuration process, otherwise it will be left blank and you must manually supply it.
The password is plain text. It is not generated through any special process but as noted above, it is better to use random text for security reasons.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-fd.director.<name>.tls
TLS Options for the Director in this Configuration.
Type: submodule
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-fd.director.<name>.tls.enable
Specifies if TLS should be enabled.
If this set to false
TLS will be completely disabled, even if services.bacula-fd.director.<name>.tls.require is true.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-fd.director.<name>.tls.allowedCN
Common name attribute of allowed peer certificates. This directive is valid for a server and in a client context. If this directive is specified, the peer certificate will be verified against this list. In the case this directive is configured on a server side, the allowed CN list will not be checked if services.bacula-fd.director.<name>.tls.verifyPeer is false.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-fd.director.<name>.tls.caCertificateFile
The path specifying a PEM encoded TLS CA certificate(s). Multiple certificates are permitted in the file. One of TLS CA Certificate File or TLS CA Certificate Dir are required in a server context, unless services.bacula-fd.director.<name>.tls.verifyPeer is false, and are always required in a client context.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-fd.director.<name>.tls.certificate
The full path to the PEM encoded TLS certificate.
It will be used as either a client or server certificate,
depending on the connection direction.
This directive is required in a server context, but it may
not be specified in a client context if services.bacula-fd.director.<name>.tls.verifyPeer is
false
in the corresponding server context.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-fd.director.<name>.tls.key
The path of a PEM encoded TLS private key. It must correspond to the TLS certificate.
Type: absolute path
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-fd.director.<name>.tls.require
Require TLS or TLS-PSK encryption.
This directive is ignored unless one of services.bacula-fd.director.<name>.tls.enable is true or TLS PSK Enable is set to yes
.
If TLS is not required while TLS or TLS-PSK are enabled, then the Bacula component
will connect with other components either with or without TLS or TLS-PSK
If services.bacula-fd.director.<name>.tls.enable or TLS-PSK is enabled and TLS is required, then the Bacula component will refuse any connection request that does not use TLS.
Type: null or boolean
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-fd.director.<name>.tls.verifyPeer
Verify peer certificate. Instructs server to request and verify the client’s X.509 certificate. Any client certificate signed by a known-CA will be accepted. Additionally, the client’s X509 certificate Common Name must meet the value of the Address directive. If services.bacula-fd.director.<name>.tls.allowedCN is used, the client’s x509 certificate Common Name must also correspond to one of the CN specified in the services.bacula-fd.director.<name>.tls.allowedCN directive. This directive is valid only for a server and not in client context.
Standard from Bacula is true
.
Type: null or boolean
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-fd.extraClientConfig
Extra configuration to be passed in Client directive.
Type: strings concatenated with “\n”
Default:
""
Example:
''
Maximum Concurrent Jobs = 20;
Heartbeat Interval = 30;
''
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-fd.extraMessagesConfig
Extra configuration to be passed in Messages directive.
Type: strings concatenated with “\n”
Default:
""
Example:
''
console = all
''
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-fd.name
The client name that must be used by the Director when connecting. Generally, it is a good idea to use a name related to the machine so that error messages can be easily identified if you have multiple Clients. This directive is required.
Type: string
Default:
"${config.networking.hostName}-fd"
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-fd.port
This specifies the port number on which the Client listens for Director connections. It must agree with the FDPort specified in the Client resource of the Director’s configuration file.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
9102
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-fd.tls
TLS Options for the File Daemon. Important notice: The backup won’t be encrypted.
Type: submodule
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-fd.tls.enable
Specifies if TLS should be enabled.
If this set to false
TLS will be completely disabled, even if services.bacula-fd.tls.require is true.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-fd.tls.allowedCN
Common name attribute of allowed peer certificates. This directive is valid for a server and in a client context. If this directive is specified, the peer certificate will be verified against this list. In the case this directive is configured on a server side, the allowed CN list will not be checked if services.bacula-fd.tls.verifyPeer is false.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-fd.tls.caCertificateFile
The path specifying a PEM encoded TLS CA certificate(s). Multiple certificates are permitted in the file. One of TLS CA Certificate File or TLS CA Certificate Dir are required in a server context, unless services.bacula-fd.tls.verifyPeer is false, and are always required in a client context.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-fd.tls.certificate
The full path to the PEM encoded TLS certificate.
It will be used as either a client or server certificate,
depending on the connection direction.
This directive is required in a server context, but it may
not be specified in a client context if services.bacula-fd.tls.verifyPeer is
false
in the corresponding server context.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-fd.tls.key
The path of a PEM encoded TLS private key. It must correspond to the TLS certificate.
Type: absolute path
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-fd.tls.require
Require TLS or TLS-PSK encryption.
This directive is ignored unless one of services.bacula-fd.tls.enable is true or TLS PSK Enable is set to yes
.
If TLS is not required while TLS or TLS-PSK are enabled, then the Bacula component
will connect with other components either with or without TLS or TLS-PSK
If services.bacula-fd.tls.enable or TLS-PSK is enabled and TLS is required, then the Bacula component will refuse any connection request that does not use TLS.
Type: null or boolean
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-fd.tls.verifyPeer
Verify peer certificate. Instructs server to request and verify the client’s X.509 certificate. Any client certificate signed by a known-CA will be accepted. Additionally, the client’s X509 certificate Common Name must meet the value of the Address directive. If services.bacula-fd.tls.allowedCN is used, the client’s x509 certificate Common Name must also correspond to one of the CN specified in the services.bacula-fd.tls.allowedCN directive. This directive is valid only for a server and not in client context.
Standard from Bacula is true
.
Type: null or boolean
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.enable
Whether to enable Bacula Storage Daemon.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.autochanger
This option defines Autochanger resources in Bacula Storage Daemon.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.autochanger.<name>.changerCommand
The name-string specifies an external program to be called that will automatically change volumes as required by Bacula. Normally, this directive will be specified only in the AutoChanger resource, which is then used for all devices. However, you may also specify the different Changer Command in each Device resource. Most frequently, you will specify the Bacula supplied mtx-changer script as follows:
"/path/mtx-changer %c %o %S %a %d"
and you will install the mtx on your system (found in the depkgs release). An example of this command is in the default bacula-sd.conf file. For more details on the substitution characters that may be specified to configure your autochanger please see the AutochangersAutochangersChapter chapter of this manual. For FreeBSD users, you might want to see one of the several chio scripts in examples/autochangers.
Type: string
Default:
"/etc/bacula/mtx-changer %c %o %S %a %d"
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.autochanger.<name>.changerDevice
The specified name-string must be the generic SCSI device name of the
autochanger that corresponds to the normal read/write Archive Device
specified in the Device resource. This generic SCSI device name
should be specified if you have an autochanger or if you have a
standard tape drive and want to use the Alert Command (see below).
For example, on Linux systems, for an Archive Device name of
/dev/nst0
, you would specify
/dev/sg0
for the Changer Device name. Depending
on your exact configuration, and the number of autochangers or the
type of autochanger, what you specify here can vary. This directive
is optional. See the Using AutochangersAutochangersChapter chapter of
this manual for more details of using this and the following
autochanger directives.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.autochanger.<name>.devices
Type: list of string
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.autochanger.<name>.extraAutochangerConfig
Extra configuration to be passed in Autochanger directive.
Type: strings concatenated with “\n”
Default:
""
Example:
''
''
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.device
This option defines Device resources in Bacula Storage Daemon.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.device.<name>.archiveDevice
The specified name-string gives the system file name of the storage
device managed by this storage daemon. This will usually be the
device file name of a removable storage device (tape drive), for
example /dev/nst0
or
/dev/rmt/0mbn
. For a DVD-writer, it will be for
example /dev/hdc
. It may also be a directory name
if you are archiving to disk storage. In this case, you must supply
the full absolute path to the directory. When specifying a tape
device, it is preferable that the “non-rewind” variant of the device
file name be given.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.device.<name>.extraDeviceConfig
Extra configuration to be passed in Device directive.
Type: strings concatenated with “\n”
Default:
""
Example:
''
LabelMedia = yes
Random Access = no
AutomaticMount = no
RemovableMedia = no
MaximumOpenWait = 60
AlwaysOpen = no
''
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.device.<name>.mediaType
The specified name-string names the type of media supported by this
device, for example, DLT7000
. Media type names are
arbitrary in that you set them to anything you want, but they must be
known to the volume database to keep track of which storage daemons
can read which volumes. In general, each different storage type
should have a unique Media Type associated with it. The same
name-string must appear in the appropriate Storage resource
definition in the Director’s configuration file.
Even though the names you assign are arbitrary (i.e. you choose the name you want), you should take care in specifying them because the Media Type is used to determine which storage device Bacula will select during restore. Thus you should probably use the same Media Type specification for all drives where the Media can be freely interchanged. This is not generally an issue if you have a single Storage daemon, but it is with multiple Storage daemons, especially if they have incompatible media.
For example, if you specify a Media Type of DDS-4
then during the restore, Bacula will be able to choose any Storage
Daemon that handles DDS-4
. If you have an
autochanger, you might want to name the Media Type in a way that is
unique to the autochanger, unless you wish to possibly use the
Volumes in other drives. You should also ensure to have unique Media
Type names if the Media is not compatible between drives. This
specification is required for all devices.
In addition, if you are using disk storage, each Device resource will generally have a different mount point or directory. In order for Bacula to select the correct Device resource, each one must have a unique Media Type.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.director
This option defines Director resources in Bacula Storage Daemon.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.director.<name>.monitor
If Monitor is set to no
, this director will have
full access to this Storage daemon. If Monitor is set to
yes
, this director will only be able to fetch the
current status of this Storage daemon.
Please note that if this director is being used by a Monitor, we highly recommend to set this directive to yes to avoid serious security problems.
Type: one of “no”, “yes”
Default:
"no"
Example:
"yes"
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.director.<name>.password
Specifies the password that must be supplied for the default Bacula Console to be authorized. The same password must appear in the Director resource of the Console configuration file. For added security, the password is never passed across the network but instead a challenge response hash code created with the password. This directive is required. If you have either /dev/random or bc on your machine, Bacula will generate a random password during the configuration process, otherwise it will be left blank and you must manually supply it.
The password is plain text. It is not generated through any special process but as noted above, it is better to use random text for security reasons.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.director.<name>.tls
TLS Options for the Director in this Configuration.
Type: submodule
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.director.<name>.tls.enable
Specifies if TLS should be enabled.
If this set to false
TLS will be completely disabled, even if services.bacula-sd.director.<name>.tls.require is true.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.director.<name>.tls.allowedCN
Common name attribute of allowed peer certificates. This directive is valid for a server and in a client context. If this directive is specified, the peer certificate will be verified against this list. In the case this directive is configured on a server side, the allowed CN list will not be checked if services.bacula-sd.director.<name>.tls.verifyPeer is false.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.director.<name>.tls.caCertificateFile
The path specifying a PEM encoded TLS CA certificate(s). Multiple certificates are permitted in the file. One of TLS CA Certificate File or TLS CA Certificate Dir are required in a server context, unless services.bacula-sd.director.<name>.tls.verifyPeer is false, and are always required in a client context.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.director.<name>.tls.certificate
The full path to the PEM encoded TLS certificate.
It will be used as either a client or server certificate,
depending on the connection direction.
This directive is required in a server context, but it may
not be specified in a client context if services.bacula-sd.director.<name>.tls.verifyPeer is
false
in the corresponding server context.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.director.<name>.tls.key
The path of a PEM encoded TLS private key. It must correspond to the TLS certificate.
Type: absolute path
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.director.<name>.tls.require
Require TLS or TLS-PSK encryption.
This directive is ignored unless one of services.bacula-sd.director.<name>.tls.enable is true or TLS PSK Enable is set to yes
.
If TLS is not required while TLS or TLS-PSK are enabled, then the Bacula component
will connect with other components either with or without TLS or TLS-PSK
If services.bacula-sd.director.<name>.tls.enable or TLS-PSK is enabled and TLS is required, then the Bacula component will refuse any connection request that does not use TLS.
Type: null or boolean
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.director.<name>.tls.verifyPeer
Verify peer certificate. Instructs server to request and verify the client’s X.509 certificate. Any client certificate signed by a known-CA will be accepted. Additionally, the client’s X509 certificate Common Name must meet the value of the Address directive. If services.bacula-sd.director.<name>.tls.allowedCN is used, the client’s x509 certificate Common Name must also correspond to one of the CN specified in the services.bacula-sd.director.<name>.tls.allowedCN directive. This directive is valid only for a server and not in client context.
Standard from Bacula is true
.
Type: null or boolean
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.extraMessagesConfig
Extra configuration to be passed in Messages directive.
Type: strings concatenated with “\n”
Default:
""
Example:
''
console = all
''
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.extraStorageConfig
Extra configuration to be passed in Storage directive.
Type: strings concatenated with “\n”
Default:
""
Example:
''
Maximum Concurrent Jobs = 20;
Heartbeat Interval = 30;
''
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.name
Specifies the Name of the Storage daemon.
Type: string
Default:
"${config.networking.hostName}-sd"
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.port
Specifies port number on which the Storage daemon listens for Director connections.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
9103
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.tls
TLS Options for the Storage Daemon. Important notice: The backup won’t be encrypted.
Type: submodule
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.tls.enable
Specifies if TLS should be enabled.
If this set to false
TLS will be completely disabled, even if services.bacula-sd.tls.require is true.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.tls.allowedCN
Common name attribute of allowed peer certificates. This directive is valid for a server and in a client context. If this directive is specified, the peer certificate will be verified against this list. In the case this directive is configured on a server side, the allowed CN list will not be checked if services.bacula-sd.tls.verifyPeer is false.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.tls.caCertificateFile
The path specifying a PEM encoded TLS CA certificate(s). Multiple certificates are permitted in the file. One of TLS CA Certificate File or TLS CA Certificate Dir are required in a server context, unless services.bacula-sd.tls.verifyPeer is false, and are always required in a client context.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.tls.certificate
The full path to the PEM encoded TLS certificate.
It will be used as either a client or server certificate,
depending on the connection direction.
This directive is required in a server context, but it may
not be specified in a client context if services.bacula-sd.tls.verifyPeer is
false
in the corresponding server context.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.tls.key
The path of a PEM encoded TLS private key. It must correspond to the TLS certificate.
Type: absolute path
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.tls.require
Require TLS or TLS-PSK encryption.
This directive is ignored unless one of services.bacula-sd.tls.enable is true or TLS PSK Enable is set to yes
.
If TLS is not required while TLS or TLS-PSK are enabled, then the Bacula component
will connect with other components either with or without TLS or TLS-PSK
If services.bacula-sd.tls.enable or TLS-PSK is enabled and TLS is required, then the Bacula component will refuse any connection request that does not use TLS.
Type: null or boolean
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.tls.verifyPeer
Verify peer certificate. Instructs server to request and verify the client’s X.509 certificate. Any client certificate signed by a known-CA will be accepted. Additionally, the client’s X509 certificate Common Name must meet the value of the Address directive. If services.bacula-sd.tls.allowedCN is used, the client’s x509 certificate Common Name must also correspond to one of the CN specified in the services.bacula-sd.tls.allowedCN directive. This directive is valid only for a server and not in client context.
Standard from Bacula is true
.
Type: null or boolean
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bamf.enable
Whether to enable bamf.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/desktops/bamf.nix>
|
services.bazarr.enable
Whether to enable bazarr, a subtitle manager for Sonarr and Radarr.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/bazarr.nix>
|
services.bazarr.package
The bazarr package to use.
Type: package
Default:
pkgs.bazarr
Declared by:
<nixpkgs/nixos/modules/services/misc/bazarr.nix>
|
services.bazarr.group
Group under which bazarr runs.
Type: string
Default:
"bazarr"
Declared by:
<nixpkgs/nixos/modules/services/misc/bazarr.nix>
|
services.bazarr.listenPort
Port on which the bazarr web interface should listen
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
6767
Declared by:
<nixpkgs/nixos/modules/services/misc/bazarr.nix>
|
services.bazarr.openFirewall
Open ports in the firewall for the bazarr web interface.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/bazarr.nix>
|
services.bazarr.user
User account under which bazarr runs.
Type: string
Default:
"bazarr"
Declared by:
<nixpkgs/nixos/modules/services/misc/bazarr.nix>
|
services.bcg.enable
Whether to enable BigClown gateway.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/bcg.nix>
|
services.bcg.package
The bcg package to use.
Type: package
Default:
pkgs.python3Packages.bcg
Declared by:
<nixpkgs/nixos/modules/services/misc/bcg.nix>
|
services.bcg.automaticRemoveKitFromNames
Automatically remove kits.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/bcg.nix>
|
services.bcg.automaticRenameGenericNodes
Automatically rename generic nodes.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/bcg.nix>
|
services.bcg.automaticRenameKitNodes
Automatically rename kit’s nodes.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/bcg.nix>
|
services.bcg.automaticRenameNodes
Automatically rename all nodes.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/bcg.nix>
|
services.bcg.baseTopicPrefix
Topic prefix added to all MQTT messages.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/bcg.nix>
|
services.bcg.device
Device name to configure gateway to use.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/bcg.nix>
|
services.bcg.environmentFiles
File to load as environment file. Environment variables from this file
will be interpolated into the config file using envsubst with this
syntax: $ENVIRONMENT
or ${VARIABLE}
.
This is useful to avoid putting secrets into the nix store.
Type: list of absolute path
Default:
[ ]
Example:
[
"/run/keys/bcg.env"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/bcg.nix>
|
services.bcg.mqtt.cafile
Certificate Authority file for MQTT server access.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/bcg.nix>
|
services.bcg.mqtt.certfile
Certificate file for MQTT server access.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/bcg.nix>
|
services.bcg.mqtt.host
Host where MQTT server is running.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/misc/bcg.nix>
|
services.bcg.mqtt.keyfile
Key file for MQTT server access.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/bcg.nix>
|
services.bcg.mqtt.password
MQTT server access password.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/bcg.nix>
|
services.bcg.mqtt.port
Port of MQTT server.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
1883
Declared by:
<nixpkgs/nixos/modules/services/misc/bcg.nix>
|
services.bcg.mqtt.username
MQTT server access username.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/bcg.nix>
|
services.bcg.name
Name for the device.
Supported variables:
{ip}
IP address
{id}
The ID of the connected usb-dongle or core-module
null
can be used for automatic detection from gateway firmware.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/bcg.nix>
|
services.bcg.qosNodeMessages
Set the guarantee of MQTT message delivery.
Type: signed integer
Default:
1
Declared by:
<nixpkgs/nixos/modules/services/misc/bcg.nix>
|
services.bcg.rename
Rename nodes to different name.
Type: attribute set of string
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/misc/bcg.nix>
|
services.bcg.retainNodeMessages
Specify that node messages should be retaied in MQTT broker.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/bcg.nix>
|
services.bcg.verbose
Verbosity level.
Type: one of “CRITICAL”, “ERROR”, “WARNING”, “INFO”, “DEBUG”
Default:
"WARNING"
Declared by:
<nixpkgs/nixos/modules/services/misc/bcg.nix>
|
services.beanstalkd.enable
Whether to enable the Beanstalk work queue.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/beanstalkd.nix>
|
services.beanstalkd.listen.address
IP address to listen on.
Type: string
Default:
"127.0.0.1"
Example:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/misc/beanstalkd.nix>
|
services.beanstalkd.listen.port
TCP port that will be used to accept client connections.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
11300
Declared by:
<nixpkgs/nixos/modules/services/misc/beanstalkd.nix>
|
services.beanstalkd.openFirewall
Whether to open ports in the firewall for the server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/beanstalkd.nix>
|
services.bee.enable
Whether to enable Ethereum Swarm Bee.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/bee.nix>
|
services.bee.package
The bee package to use.
Type: package
Default:
pkgs.bee
Example:
bee-unstable
Declared by:
<nixpkgs/nixos/modules/services/networking/bee.nix>
|
services.bee.daemonNiceLevel
Daemon process priority for bee. 0 is the default Unix process priority, 19 is the lowest.
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/networking/bee.nix>
|
services.bee.group
Group the bee binary should execute under.
Type: string
Default:
"bee"
Declared by:
<nixpkgs/nixos/modules/services/networking/bee.nix>
|
services.bee.settings
Ethereum Swarm Bee configuration. Refer to https://gateway.ethswarm.org/bzz/docs.swarm.eth/docs/installation/configuration/ for details on supported values.
Type: YAML value
Declared by:
<nixpkgs/nixos/modules/services/networking/bee.nix>
|
services.bee.user
User the bee binary should execute under.
Type: string
Default:
"bee"
Declared by:
<nixpkgs/nixos/modules/services/networking/bee.nix>
|
services.beesd.filesystems
BTRFS filesystems to run block-level deduplication on.
Type: attribute set of (submodule)
Default:
{ }
Example:
{
root = {
spec = "LABEL=root";
hashTableSizeMB = 2048;
verbosity = "crit";
extraOptions = [ "--loadavg-target" "5.0" ];
};
}
Declared by:
<nixpkgs/nixos/modules/services/misc/bees.nix>
|
services.beesd.filesystems.<name>.extraOptions
Extra command-line options passed to the daemon. See upstream bees documentation.
Type: list of string
Default:
[ ]
Example:
[ "--thread-count" "4" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/bees.nix>
|
services.beesd.filesystems.<name>.hashTableSizeMB
Hash table size in MB; must be a multiple of 16.
A larger ratio of index size to storage size means smaller blocks of duplicate content are recognized.
If you have 1TB of data, a 4GB hash table (which is to say, a value of 4096) will permit 4KB extents (the smallest possible size) to be recognized, whereas a value of 1024 – creating a 1GB hash table – will recognize only aligned duplicate blocks of 16KB.
Type: signed integer
Default:
1024
Declared by:
<nixpkgs/nixos/modules/services/misc/bees.nix>
|
services.beesd.filesystems.<name>.spec
Description of how to identify the filesystem to be duplicated by this instance of bees. Note that deduplication crosses subvolumes; one must not configure multiple instances for subvolumes of the same filesystem (or block devices which are part of the same filesystem), but only for completely independent btrfs filesystems.
This must be in a format usable by findmnt; that could be a key=value pair, or a bare path to a mount point. Using bare paths will allow systemd to start the beesd service only after mounting the associated path.
Type: string
Example:
"LABEL=MyBulkDataDrive"
Declared by:
<nixpkgs/nixos/modules/services/misc/bees.nix>
|
services.beesd.filesystems.<name>.verbosity
Log verbosity (syslog keyword/level).
Type: one of “alert”, “crit”, “debug”, “emerg”, “err”, “info”, “notice”, “warning”, 1, 2, 7, 0, 3, 6, 5, 4
Default:
"info"
Declared by:
<nixpkgs/nixos/modules/services/misc/bees.nix>
|
services.beesd.filesystems.<name>.workDir
Name (relative to the root of the filesystem) of the subvolume where the hash table will be stored.
Type: string
Default:
".beeshome"
Declared by:
<nixpkgs/nixos/modules/services/misc/bees.nix>
|
services.below.enable
Whether to enable ‘below’ resource monitor.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/below.nix>
|
services.below.cgroupFilterOut
A regexp matching the full paths of cgroups whose data shouldn’t be collected
Type: null or string
Default:
null
Example:
"user.slice.*"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/below.nix>
|
services.below.collect.diskStats
Whether to enable dist_stat collection.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/below.nix>
|
services.below.collect.exitStats
Whether to enable eBPF-based exitstats.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/below.nix>
|
services.below.collect.ioStats
Whether to enable io.stat collection for cgroups.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/below.nix>
|
services.below.compression.enable
Whether to enable data compression.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/below.nix>
|
services.below.dirs.log
Where to store below’s logs
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/below.nix>
|
services.below.dirs.store
Where to store below’s data
Type: null or absolute path
Default:
null
Example:
"/var/lib/below"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/below.nix>
|
services.below.retention.size
Size limit for below’s data, in bytes. Data is deleted oldest-first, in 24h ‘shards’.
The size limit may be exceeded by at most the size of the active shard, as:
the active shard cannot be deleted;
the size limit is only enforced when a new shard is created.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/below.nix>
|
services.below.retention.time
Retention time, in seconds.
As data is stored in 24 hour shards which are discarded as a whole, only data expired by 24h (or more) is guaranteed to be discarded.
If retention.size
is set, data may be discarded earlier than the specified time.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/below.nix>
|
services.bepasty.enable
Whether to enable bepasty, a binary pastebin server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/bepasty.nix>
|
services.bepasty.servers
configure a number of bepasty servers which will be started with gunicorn.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/misc/bepasty.nix>
|
services.bepasty.servers.<name>.bind
Bind address to be used for this server.
Type: string
Default:
"127.0.0.1:8000"
Example:
"0.0.0.0:8000"
Declared by:
<nixpkgs/nixos/modules/services/misc/bepasty.nix>
|
services.bepasty.servers.<name>.dataDir
Path to the directory where the pastes will be saved to
Type: string
Default:
"/var/lib/bepasty/data"
Declared by:
<nixpkgs/nixos/modules/services/misc/bepasty.nix>
|
services.bepasty.servers.<name>.defaultPermissions
default permissions for all unauthenticated accesses.
Type: string
Default:
"read"
Example:
"read,create,delete"
Declared by:
<nixpkgs/nixos/modules/services/misc/bepasty.nix>
|
services.bepasty.servers.<name>.extraConfig
Extra configuration for bepasty server to be appended on the configuration. see https://bepasty-server.readthedocs.org/en/latest/quickstart.html#configuring-bepasty for all options.
Type: strings concatenated with “\n”
Default:
""
Example:
''
PERMISSIONS = {
'myadminsecret': 'admin,list,create,read,delete',
}
MAX_ALLOWED_FILE_SIZE = 5 * 1000 * 1000
''
Declared by:
<nixpkgs/nixos/modules/services/misc/bepasty.nix>
|
services.bepasty.servers.<name>.secretKey
server secret for safe session cookies, must be set.
Warning: this secret is stored in the WORLD-READABLE Nix store!
It’s recommended to use secretKeyFile
which takes precedence over secretKey
.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/bepasty.nix>
|
services.bepasty.servers.<name>.secretKeyFile
A file that contains the server secret for safe session cookies, must be set.
secretKeyFile
takes precedence over secretKey
.
Warning: when secretKey
is non-empty secretKeyFile
defaults to a file in the WORLD-READABLE Nix store containing that secret.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/bepasty.nix>
|
services.bepasty.servers.<name>.workDir
Path to the working directory (used for config and pidfile). Defaults to the users home directory.
Type: string
Default:
"/var/lib/bepasty"
Declared by:
<nixpkgs/nixos/modules/services/misc/bepasty.nix>
|
services.biboumi.enable
Whether to enable the Biboumi XMPP gateway to IRC.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
|
services.biboumi.package
The biboumi package to use.
Type: package
Default:
pkgs.biboumi
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
|
services.biboumi.credentialsFile
Path to a configuration file to be merged with the settings. Beware not to surround “=” with spaces when setting biboumi’s options in this file. Useful to merge a file which is better kept out of the Nix store because it contains sensible data like password.
Type: absolute path
Default:
"/dev/null"
Example:
"/run/keys/biboumi.cfg"
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
|
services.biboumi.openFirewall
Whether to enable opening of the identd port in the firewall.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
|
services.biboumi.settings
See biboumi 9.0
for documentation.
Type: settings option
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
|
services.biboumi.settings.admin
The bare JID of the gateway administrator. This JID will have more privileges than other standard users, for example some administration ad-hoc commands will only be available to that JID.
Type: list of string
Default:
[ ]
Example:
[
"admin@example.org"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
|
services.biboumi.settings.ca_file
Specifies which file should be used as the list of trusted CA when negotiating a TLS session.
Type: absolute path
Default:
config.security.pki.caBundle
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
|
services.biboumi.settings.db_name
The name of the database to use.
Set it to null and use credentialsFile if you do not want this connection string to go into the Nix store.
Type: null or absolute path or string
Default:
"/var/lib/biboumi/biboumi.sqlite"
Example:
"postgresql://user:secret@localhost"
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
|
services.biboumi.settings.hostname
The hostname served by the XMPP gateway. This domain must be configured in the XMPP server as an external component.
Type: string
Example:
"biboumi.example.org"
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
|
services.biboumi.settings.identd_port
The TCP port on which to listen for identd queries.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
113
Example:
0
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
|
services.biboumi.settings.log_level
Indicate what type of log messages to write in the logs. 0 is debug, 1 is info, 2 is warning, 3 is error.
Type: integer between 0 and 3 (both inclusive)
Default:
1
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
|
services.biboumi.settings.password
The password used to authenticate the XMPP component to your XMPP server. This password must be configured in the XMPP server, associated with the external component on hostname.
Set it to null and use credentialsFile if you do not want this password to go into the Nix store.
Type: null or string
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
|
services.biboumi.settings.persistent_by_default
Whether all rooms will be persistent by default: the value of the “persistent” option in the global configuration of each user will be “true”, but the value of each individual room will still default to false. This means that a user just needs to change the global “persistent” configuration option to false in order to override this.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
|
services.biboumi.settings.policy_directory
A directory that should contain the policy files, used to customize Botan’s behaviour when negotiating the TLS connections with the IRC servers.
Type: absolute path
Default:
"${pkgs.biboumi}/etc/biboumi"
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
|
services.biboumi.settings.port
The TCP port to use to connect to the local XMPP component.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
5347
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
|
services.biboumi.settings.realname_customization
Whether the users will be able to use the ad-hoc commands that lets them configure their realname and username.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
|
services.biboumi.settings.realname_from_jid
Whether the realname and username of each biboumi user will be extracted from their JID. Otherwise they will be set to the nick they used to connect to the IRC server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
|
services.biboumi.settings.xmpp_server_ip
The IP address to connect to the XMPP server on. The connection to the XMPP server is unencrypted, so the biboumi instance and the server should normally be on the same host.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
|
services.bind.enable
Whether to enable BIND domain name server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.package
The bind package to use.
Type: package
Default:
pkgs.bind
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.blockedNetworks
What networks are just blocked.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.cacheNetworks
What networks are allowed to use us as a resolver. Note
that this is for recursive queries – all networks are
allowed to query zones configured with the zones
option
by default (although this may be overridden within each
zone’s configuration, via the allowQuery
option).
It is recommended that you limit cacheNetworks to avoid your
server being used for DNS amplification attacks.
Type: list of string
Default:
[
"127.0.0.0/24"
"::1/128"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.configFile
Overridable config file to use for named. By default, that generated by nixos.
Type: absolute path
Default:
confFile
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.directory
Working directory of BIND.
Type: string
Default:
"/run/named"
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.extraConfig
Extra lines to be added verbatim to the generated named configuration file.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.extraOptions
Extra lines to be added verbatim to the options section of the generated named configuration file.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.forward
Whether to forward ‘first’ (try forwarding but lookup directly if forwarding fails) or ‘only’.
Type: one of “first”, “only”
Default:
"first"
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.forwarders
List of servers we should forward requests to.
Type: list of string
Default:
config.networking.nameservers
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.ipv4Only
Only use ipv4, even if the host supports ipv6.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.listenOn
Interfaces to listen on.
Type: list of string
Default:
[
"any"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.listenOnIpv6
Ipv6 interfaces to listen on.
Type: list of string
Default:
[
"any"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.zones
List of zones we claim authority over.
Type: (attribute set of (submodule)) or (list of (attribute set)) convertible to it
Default:
[ ]
Example:
{
"example.com" = {
extraConfig = "";
file = "/var/dns/example.com";
master = false;
masters = [
"192.168.0.1"
];
slaves = [ ];
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.zones.<name>.allowQuery
List of address ranges allowed to query this zone. Instead of the address(es), this may instead contain the single string “any”.
Type: list of string
Default:
[
"any"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.zones.<name>.extraConfig
Extra zone config to be appended at the end of the zone section.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.zones.<name>.file
Zone file resource records contain columns of data, separated by whitespace, that define the record.
Type: string or absolute path
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.zones.<name>.master
Master=false means slave server
Type: boolean
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.zones.<name>.masters
List of servers for inclusion in stub and secondary zones.
Type: list of string
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.zones.<name>.name
Name of the zone.
Type: string
Default:
"‹name›"
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.zones.<name>.slaves
Addresses who may request zone transfers.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bird.enable
Whether to enable BIRD Internet Routing Daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/bird.nix>
|
services.bird.package
The bird3 package to use.
Type: package
Default:
pkgs.bird3
Declared by:
<nixpkgs/nixos/modules/services/networking/bird.nix>
|
services.bird.autoReload
Whether bird should be automatically reloaded when the configuration changes.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/bird.nix>
|
services.bird.checkConfig
Whether the config should be checked at build time.
When the config can’t be checked during build time, for example when it includes
other files, either disable this option or use preCheckConfig
to create
the included files before checking.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/bird.nix>
|
services.bird.config
BIRD Internet Routing Daemon configuration file. http://bird.network.cz/
Type: strings concatenated with “\n”
Declared by:
<nixpkgs/nixos/modules/services/networking/bird.nix>
|
services.bird.preCheckConfig
Commands to execute before the config file check. The file to be checked will be
available as bird.conf
in the current directory.
Files created with this option will not be available at service runtime, only during build time checking.
Type: strings concatenated with “\n”
Default:
""
Example:
''
echo "cost 100;" > include.conf
''
Declared by:
<nixpkgs/nixos/modules/services/networking/bird.nix>
|
services.bird-lg.package
The bird-lg package to use.
Type: package
Default:
pkgs.bird-lg
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.frontend.enable
Whether to enable Bird Looking Glass Frontend Webserver.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.frontend.bgpMapInfo
Information displayed in bgpmap.
Type: list of string
Default:
[
"asn"
"as-name"
"ASName"
"descr"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.frontend.dnsInterface
DNS zone to query ASN information.
Type: string
Default:
"asn.cymru.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.frontend.domain
Server name domain suffixes.
Type: string
Example:
"dn42.lantian.pub"
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.frontend.extraArgs
Extra parameters documented here.
Passing lines (plain strings) is deprecated in favour of passing lists of strings.
Type: strings concatenated with “\n” or list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.frontend.listenAddress
Address to listen on.
Type: string
Default:
"127.0.0.1:5000"
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.frontend.nameFilter
Protocol names to hide in summary tables (RE2 syntax),
Type: string
Default:
""
Example:
"^ospf"
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.frontend.navbar.allServers
Text of ‘All server’ button in the navigation bar.
Type: string
Default:
"ALL Servers"
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.frontend.navbar.allServersURL
URL of ‘All servers’ button.
Type: string
Default:
"all"
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.frontend.navbar.brand
Brand to show in the navigation bar .
Type: string
Default:
"Bird-lg Go"
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.frontend.navbar.brandURL
URL of the brand to show in the navigation bar.
Type: string
Default:
"/"
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.frontend.netSpecificMode
Apply network-specific changes for some networks.
Type: string
Default:
""
Example:
"dn42"
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.frontend.protocolFilter
Information displayed in bgpmap.
Type: list of string
Default:
[ ]
Example:
[
"ospf"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.frontend.proxyPort
Port bird-lg-proxy is running on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
8000
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.frontend.servers
Server name prefixes.
Type: list of string
Example:
[
"gigsgigscloud"
"hostdare"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.frontend.timeout
Time before request timed out, in seconds.
Type: signed integer
Default:
120
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.frontend.titleBrand
Prefix of page titles in browser tabs.
Type: string
Default:
"Bird-lg Go"
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.frontend.whois
Whois server for queries.
Type: string
Default:
"whois.verisign-grs.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.group
Group to run the service.
Type: string
Default:
"bird-lg"
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.proxy.enable
Whether to enable Bird Looking Glass Proxy.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.proxy.allowedIPs
List of IPs or networks to allow (default all allowed).
Type: list of string
Default:
[ ]
Example:
[
"192.168.25.52"
"192.168.25.53"
"192.168.0.0/24"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.proxy.birdSocket
Bird control socket path.
Type: string
Default:
"/var/run/bird/bird.ctl"
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.proxy.extraArgs
Extra parameters documented here.
Passing lines (plain strings) is deprecated in favour of passing lists of strings.
Type: strings concatenated with “\n” or list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.proxy.listenAddress
Address to listen on.
Type: string
Default:
"127.0.0.1:8000"
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.proxy.traceroute.binary
Traceroute’s binary path.
Type: string
Default:
"${pkgs.traceroute}/bin/traceroute"
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.proxy.traceroute.flags
Flags for traceroute process
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.proxy.traceroute.rawOutput
Display traceroute output in raw format.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.user
User to run the service.
Type: string
Default:
"bird-lg"
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.birdwatcher.enable
Whether to enable Birdwatcher.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/birdwatcher.nix>
|
services.birdwatcher.package
The birdwatcher package to use.
Type: package
Default:
pkgs.birdwatcher
Declared by:
<nixpkgs/nixos/modules/services/networking/birdwatcher.nix>
|
services.birdwatcher.flags
Flags to append to the program call
Type: list of string
Default:
[ ]
Example:
[
"-worker-pool-size 16"
"-6"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/birdwatcher.nix>
|
services.birdwatcher.settings
birdwatcher configuration, for configuration options see the example on github
Type: strings concatenated with “\n”
Default:
{ }
Example:
[server]
allow_from = []
allow_uncached = false
modules_enabled = ["status",
"protocols",
"protocols_bgp",
"protocols_short",
"routes_protocol",
"routes_peer",
"routes_table",
"routes_table_filtered",
"routes_table_peer",
"routes_filtered",
"routes_prefixed",
"routes_noexport",
"routes_pipe_filtered_count",
"routes_pipe_filtered"
]
[status]
reconfig_timestamp_source = "bird"
reconfig_timestamp_match = "# created: (.*)"
filter_fields = []
[bird]
listen = "0.0.0.0:29184"
config = "/etc/bird/bird.conf"
birdc = "${pkgs.bird2}/bin/birdc"
ttl = 5 # time to live (in minutes) for caching of cli output
[parser]
filter_fields = []
[cache]
use_redis = false # if not using redis cache, activate housekeeping to save memory!
[housekeeping]
interval = 5
force_release_memory = true
Declared by:
<nixpkgs/nixos/modules/services/networking/birdwatcher.nix>
|
services.bitcoind
Specification of one or more bitcoind instances.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
|
services.bitcoind.<name>.enable
Whether to enable Bitcoin daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
|
services.bitcoind.<name>.package
The bitcoind package to use.
Type: package
Default:
pkgs.bitcoind
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
|
services.bitcoind.<name>.configFile
The configuration file path to supply bitcoind.
Type: null or absolute path
Default:
null
Example:
"/var/lib/‹name›/bitcoin.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
|
services.bitcoind.<name>.dataDir
The data directory for bitcoind.
Type: absolute path
Default:
"/var/lib/bitcoind-‹name›"
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
|
services.bitcoind.<name>.dbCache
Override the default database cache size in MiB.
Type: null or integer between 4 and 16384 (both inclusive)
Default:
null
Example:
4000
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
|
services.bitcoind.<name>.extraCmdlineOptions
Extra command line options to pass to bitcoind. Run bitcoind --help to list all available options.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
|
services.bitcoind.<name>.extraConfig
Additional configurations to be appended to bitcoin.conf
.
Type: strings concatenated with “\n”
Default:
""
Example:
''
par=16
rpcthreads=16
logips=1
''
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
|
services.bitcoind.<name>.group
The group as which to run bitcoind.
Type: string
Default:
"bitcoind-‹name›"
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
|
services.bitcoind.<name>.pidFile
Location of bitcoind pid file.
Type: absolute path
Default:
"/var/lib/bitcoind-‹name›/bitcoind.pid"
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
|
services.bitcoind.<name>.port
Override the default port on which to listen for connections.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
|
services.bitcoind.<name>.prune
Reduce storage requirements by enabling pruning (deleting) of old blocks. This allows the pruneblockchain RPC to be called to delete specific blocks, and enables automatic pruning of old blocks if a target size in MiB is provided. This mode is incompatible with -txindex and -rescan. Warning: Reverting this setting requires re-downloading the entire blockchain. (“disable” = disable pruning blocks, “manual” = allow manual pruning via RPC, >=550 = automatically prune block files to stay under the specified target size in MiB).
Type: null or ((unsigned integer, meaning >=0) or (one of “disable”, “manual”) convertible to it)
Default:
null
Example:
10000
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
|
services.bitcoind.<name>.rpc.port
Override the default port on which to listen for JSON-RPC connections.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
|
services.bitcoind.<name>.rpc.users
RPC user information for JSON-RPC connections.
Type: attribute set of (submodule)
Default:
{ }
Example:
{
alice.passwordHMAC = "f7efda5c189b999524f151318c0c86$d5b51b3beffbc02b724e5d095828e0bc8b2456e9ac8757ae3211a5d9b16a22ae";
bob.passwordHMAC = "b2dd077cb54591a2f3139e69a897ac$4e71f08d48b4347cf8eff3815c0e25ae2e9a4340474079f55705f40574f4ec99";
}
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
|
services.bitcoind.<name>.rpc.users.<name>.name
Username for JSON-RPC connections.
Type: string
Example:
"alice"
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
|
services.bitcoind.<name>.rpc.users.<name>.passwordHMAC
Password HMAC-SHA-256 for JSON-RPC connections. Must be a string of the format <SALT-HEX>$<HMAC-HEX>.
Tool (Python script) for HMAC generation is available here: https://github.com/bitcoin/bitcoin/blob/master/share/rpcauth/rpcauth.py
Type: string matching the pattern [0-9a-f]+\$[0-9a-f]{64}
Example:
"f7efda5c189b999524f151318c0c86$d5b51b3beffbc02b724e5d095828e0bc8b2456e9ac8757ae3211a5d9b16a22ae"
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
|
services.bitcoind.<name>.testnet
Whether to use the testnet instead of mainnet.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
|
services.bitcoind.<name>.user
The user as which to run bitcoind.
Type: string
Default:
"bitcoind-‹name›"
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
|
services.bitlbee.enable
Whether to run the BitlBee IRC to other chat network gateway. Running it allows you to access the MSN, Jabber, Yahoo! and ICQ chat networks via an IRC client.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
|
services.bitlbee.authBackend
How users are authenticated storage – save passwords internally pam – Linux PAM authentication
Type: one of “storage”, “pam”
Default:
"storage"
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
|
services.bitlbee.authMode
The following authentication modes are available: Open – Accept connections from anyone, use NickServ for user authentication. Closed – Require authorization (using the PASS command during login) before allowing the user to connect at all. Registered – Only allow registered users to use this server; this disables the register- and the account command until the user identifies himself.
Type: one of “Open”, “Closed”, “Registered”
Default:
"Open"
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
|
services.bitlbee.configDir
Specify an alternative directory to store all the per-user configuration files.
Type: absolute path
Default:
"/var/lib/bitlbee"
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
|
services.bitlbee.extraDefaults
Will be inserted in the Default section of the config file.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
|
services.bitlbee.extraSettings
Will be inserted in the Settings section of the config file.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
|
services.bitlbee.hostName
Normally, BitlBee gets a hostname using getsockname(). If you have a nicer alias for your BitlBee daemon, you can set it here and BitlBee will identify itself with that name instead.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
|
services.bitlbee.interface
The interface the BitlBee daemon will be listening to. If 127.0.0.1
,
only clients on the local host can connect to it; if 0.0.0.0
, clients
can access it from any network interface.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
|
services.bitlbee.libpurple_plugins
The list of libpurple plugins to install.
Type: list of package
Default:
[ ]
Example:
[ pkgs.purple-matrix ]
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
|
services.bitlbee.plugins
The list of bitlbee plugins to install.
Type: list of package
Default:
[ ]
Example:
[ pkgs.bitlbee-facebook ]
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
|
services.bitlbee.portNumber
Number of the port BitlBee will be listening to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
6667
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
|
services.bitlbee.protocols
This option allows to remove the support of protocol, even if compiled in. If nothing is given, there are no restrictions.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
|
services.bitmagnet.enable
Whether to enable Bitmagnet service.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/torrent/bitmagnet.nix>
|
services.bitmagnet.package
The bitmagnet package to use.
Type: package
Default:
pkgs.bitmagnet
Declared by:
<nixpkgs/nixos/modules/services/torrent/bitmagnet.nix>
|
services.bitmagnet.group
Group of user running bitmagnet
Type: string
Default:
"bitmagnet"
Declared by:
<nixpkgs/nixos/modules/services/torrent/bitmagnet.nix>
|
services.bitmagnet.openFirewall
Open DHT ports in firewall
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/torrent/bitmagnet.nix>
|
services.bitmagnet.settings
Bitmagnet configuration (https://bitmagnet.io/setup/configuration.html).
Type: YAML value
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/torrent/bitmagnet.nix>
|
services.bitmagnet.settings.dht_server
DHT server settings
Type: YAML value
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/torrent/bitmagnet.nix>
|
services.bitmagnet.settings.dht_server.port
DHT listen port
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
3334
Declared by:
<nixpkgs/nixos/modules/services/torrent/bitmagnet.nix>
|
services.bitmagnet.settings.http_server
HTTP server settings
Type: YAML value
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/torrent/bitmagnet.nix>
|
services.bitmagnet.settings.http_server.port
HTTP server listen port
Type: string
Default:
":3333"
Declared by:
<nixpkgs/nixos/modules/services/torrent/bitmagnet.nix>
|
services.bitmagnet.settings.postgres
PostgreSQL database configuration
Type: YAML value
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/torrent/bitmagnet.nix>
|
services.bitmagnet.settings.postgres.host
Address, hostname or Unix socket path of the database server
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/torrent/bitmagnet.nix>
|
services.bitmagnet.settings.postgres.name
Database name to connect to
Type: string
Default:
"bitmagnet"
Declared by:
<nixpkgs/nixos/modules/services/torrent/bitmagnet.nix>
|
services.bitmagnet.settings.postgres.password
Password for database user
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/torrent/bitmagnet.nix>
|
services.bitmagnet.settings.postgres.user
User to connect as
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/torrent/bitmagnet.nix>
|
services.bitmagnet.useLocalPostgresDB
Use a local postgresql database, create user and database
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/torrent/bitmagnet.nix>
|
services.bitmagnet.user
User running bitmagnet
Type: string
Default:
"bitmagnet"
Declared by:
<nixpkgs/nixos/modules/services/torrent/bitmagnet.nix>
|
services.bitwarden-directory-connector-cli.enable
Whether to enable Bitwarden Directory Connector.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/security/bitwarden-directory-connector-cli.nix>
|
services.bitwarden-directory-connector-cli.package
The bitwarden-directory-connector-cli package to use.
Type: package
Default:
pkgs.bitwarden-directory-connector-cli
Declared by:
<nixpkgs/nixos/modules/services/security/bitwarden-directory-connector-cli.nix>
|
services.bitwarden-directory-connector-cli.domain
The domain the Bitwarden/Vaultwarden is accessible on.
Type: string
Example:
"https://vaultwarden.example.com"
Declared by:
<nixpkgs/nixos/modules/services/security/bitwarden-directory-connector-cli.nix>
|
services.bitwarden-directory-connector-cli.interval
The interval when to run the connector. This uses systemd’s OnCalendar syntax.
Type: string
Default:
"*:0,15,30,45"
Declared by:
<nixpkgs/nixos/modules/services/security/bitwarden-directory-connector-cli.nix>
|
services.bitwarden-directory-connector-cli.ldap
Options to configure the LDAP connection.
If you used the desktop application to test the configuration you can find the settings by searching for ldap
in ~/.config/Bitwarden\ Directory\ Connector/data.json
.
Type: attribute set of (JSON value)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/security/bitwarden-directory-connector-cli.nix>
|
services.bitwarden-directory-connector-cli.ldap.ad
Whether the LDAP Server is an Active Directory.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/security/bitwarden-directory-connector-cli.nix>
|
services.bitwarden-directory-connector-cli.ldap.hostname
The host the LDAP is accessible on.
Type: string
Example:
"ldap.example.com"
Declared by:
<nixpkgs/nixos/modules/services/security/bitwarden-directory-connector-cli.nix>
|
services.bitwarden-directory-connector-cli.ldap.pagedSearch
Whether the LDAP server paginates search results.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/security/bitwarden-directory-connector-cli.nix>
|
services.bitwarden-directory-connector-cli.ldap.port
Port LDAP is accessible on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
389
Declared by:
<nixpkgs/nixos/modules/services/security/bitwarden-directory-connector-cli.nix>
|
services.bitwarden-directory-connector-cli.ldap.rootPath
Root path for LDAP.
Type: string
Example:
"dc=example,dc=com"
Declared by:
<nixpkgs/nixos/modules/services/security/bitwarden-directory-connector-cli.nix>
|
services.bitwarden-directory-connector-cli.ldap.ssl
Whether to use TLS.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/security/bitwarden-directory-connector-cli.nix>
|
services.bitwarden-directory-connector-cli.ldap.startTls
Whether to use STARTTLS.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/security/bitwarden-directory-connector-cli.nix>
|
services.bitwarden-directory-connector-cli.ldap.username
The user to authenticate as.
Type: string
Example:
"cn=admin,dc=example,dc=com"
Declared by:
<nixpkgs/nixos/modules/services/security/bitwarden-directory-connector-cli.nix>
|
services.bitwarden-directory-connector-cli.secrets.bitwarden.client_path_id
Path to file that contains Client ID.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/security/bitwarden-directory-connector-cli.nix>
|
services.bitwarden-directory-connector-cli.secrets.bitwarden.client_path_secret
Path to file that contains Client Secret.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/security/bitwarden-directory-connector-cli.nix>
|
services.bitwarden-directory-connector-cli.secrets.ldap
Path to file that contains LDAP password for user in {option}`ldap.username
Type: string
Declared by:
<nixpkgs/nixos/modules/services/security/bitwarden-directory-connector-cli.nix>
|
services.bitwarden-directory-connector-cli.sync
Options to configure what gets synced.
If you used the desktop application to test the configuration you can find the settings by searching for sync
in ~/.config/Bitwarden\ Directory\ Connector/data.json
.
Type: attribute set of (JSON value)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/security/bitwarden-directory-connector-cli.nix>
|
services.bitwarden-directory-connector-cli.sync.creationDateAttribute
Attribute that lists a user’s creation date.
Type: string
Example:
"whenCreated"
Declared by:
<nixpkgs/nixos/modules/services/security/bitwarden-directory-connector-cli.nix>
|
services.bitwarden-directory-connector-cli.sync.emailPrefixAttribute
The attribute that contains the users username.
Type: string
Example:
"accountName"
Declared by:
<nixpkgs/nixos/modules/services/security/bitwarden-directory-connector-cli.nix>
|
services.bitwarden-directory-connector-cli.sync.emailSuffix
Suffix for the email, normally @example.com.
Type: string
Example:
"@example.com"
Declared by:
<nixpkgs/nixos/modules/services/security/bitwarden-directory-connector-cli.nix>
|
services.bitwarden-directory-connector-cli.sync.groupFilter
LDAP filter for groups.
Type: string
Default:
""
Example:
"(cn=sales)"
Declared by:
<nixpkgs/nixos/modules/services/security/bitwarden-directory-connector-cli.nix>
|
services.bitwarden-directory-connector-cli.sync.groupNameAttribute
Attribute for a name of group.
Type: string
Default:
"cn"
Declared by:
<nixpkgs/nixos/modules/services/security/bitwarden-directory-connector-cli.nix>
|
services.bitwarden-directory-connector-cli.sync.groupObjectClass
A class that groups will have.
Type: string
Default:
"groupOfNames"
Declared by:
<nixpkgs/nixos/modules/services/security/bitwarden-directory-connector-cli.nix>
|
services.bitwarden-directory-connector-cli.sync.groupPath
Group directory, relative to root.
Type: string
Default:
"ou=groups"
Declared by:
<nixpkgs/nixos/modules/services/security/bitwarden-directory-connector-cli.nix>
|
services.bitwarden-directory-connector-cli.sync.groups
Whether to sync ldap groups into BitWarden.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/security/bitwarden-directory-connector-cli.nix>
|
services.bitwarden-directory-connector-cli.sync.largeImport
Enable if you are syncing more than 2000 users/groups.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/security/bitwarden-directory-connector-cli.nix>
|
services.bitwarden-directory-connector-cli.sync.memberAttribute
Attribute that lists members in a LDAP group.
Type: string
Example:
"uniqueMember"
Declared by:
<nixpkgs/nixos/modules/services/security/bitwarden-directory-connector-cli.nix>
|
services.bitwarden-directory-connector-cli.sync.overwriteExisting
Remove and re-add users/groups, See https://bitwarden.com/help/user-group-filters/#overwriting-syncs for more details.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/security/bitwarden-directory-connector-cli.nix>
|
services.bitwarden-directory-connector-cli.sync.removeDisabled
Remove users from bitwarden groups if no longer in the ldap group.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/security/bitwarden-directory-connector-cli.nix>
|
services.bitwarden-directory-connector-cli.sync.useEmailPrefixSuffix
If a user has no email address, combine a username prefix with a suffix value to form an email.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/security/bitwarden-directory-connector-cli.nix>
|
services.bitwarden-directory-connector-cli.sync.userEmailAttribute
Attribute for a users email.
Type: string
Default:
"mail"
Declared by:
<nixpkgs/nixos/modules/services/security/bitwarden-directory-connector-cli.nix>
|
services.bitwarden-directory-connector-cli.sync.userFilter
LDAP filter for users.
Type: string
Default:
""
Example:
"(memberOf=cn=sales,ou=groups,dc=example,dc=com)"
Declared by:
<nixpkgs/nixos/modules/services/security/bitwarden-directory-connector-cli.nix>
|
services.bitwarden-directory-connector-cli.sync.userObjectClass
Class that users must have.
Type: string
Default:
"inetOrgPerson"
Declared by:
<nixpkgs/nixos/modules/services/security/bitwarden-directory-connector-cli.nix>
|
services.bitwarden-directory-connector-cli.sync.userPath
User directory, relative to root.
Type: string
Default:
"ou=users"
Declared by:
<nixpkgs/nixos/modules/services/security/bitwarden-directory-connector-cli.nix>
|
services.bitwarden-directory-connector-cli.sync.users
Sync users.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/security/bitwarden-directory-connector-cli.nix>
|
services.bitwarden-directory-connector-cli.user
User to run the program.
Type: string
Default:
"bwdc"
Declared by:
<nixpkgs/nixos/modules/services/security/bitwarden-directory-connector-cli.nix>
|
services.blackfire-agent.enable
Whether to enable Blackfire profiler agent.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/development/blackfire.nix>
|
services.blackfire-agent.settings
See https://blackfire.io/docs/up-and-running/configuration/agent
Type: attribute set of string
Declared by:
<nixpkgs/nixos/modules/services/development/blackfire.nix>
|
services.blackfire-agent.settings.server-id
Sets the server id used to authenticate with Blackfire
You can find your personal server-id at https://blackfire.io/my/settings/credentials
Type: string
Declared by:
<nixpkgs/nixos/modules/services/development/blackfire.nix>
|
services.blackfire-agent.settings.server-token
Sets the server token used to authenticate with Blackfire
You can find your personal server-token at https://blackfire.io/my/settings/credentials
Type: string
Declared by:
<nixpkgs/nixos/modules/services/development/blackfire.nix>
|
services.blendfarm.enable
Whether to enable Blendfarm, a render farm management software for Blender.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/blenderfarm.nix>
|
services.blendfarm.package
The blendfarm package to use.
Type: package
Default:
pkgs.blendfarm
Declared by:
<nixpkgs/nixos/modules/services/misc/blenderfarm.nix>
|
services.blendfarm.basicSecurityPasswordFile
Path to the password file the client needs to connect to the server. The password must not contain a forward slash.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/blenderfarm.nix>
|
services.blendfarm.blenderPackage
The blender package to use.
Type: package
Default:
pkgs.blender
Declared by:
<nixpkgs/nixos/modules/services/misc/blenderfarm.nix>
|
services.blendfarm.group
Group under which blendfarm runs.
Type: string
Default:
"blendfarm"
Declared by:
<nixpkgs/nixos/modules/services/misc/blenderfarm.nix>
|
services.blendfarm.openFirewall
Whether to enable allowing blendfarm network access through the firewall.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/blenderfarm.nix>
|
services.blendfarm.serverConfig
Server configuration
Type: attribute set of anything
Default:
{
BasicSecurityPassword = null;
BroadcastPort = 16342;
BypassScriptUpdate = false;
Port = 15000;
}
Declared by:
<nixpkgs/nixos/modules/services/misc/blenderfarm.nix>
|
services.blendfarm.serverConfig.BroadcastPort
Default port blendfarm server advertises itself on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
16342
Declared by:
<nixpkgs/nixos/modules/services/misc/blenderfarm.nix>
|
services.blendfarm.serverConfig.BypassScriptUpdate
Prevents blendfarm from replacing the .py self-generated scripts.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/blenderfarm.nix>
|
services.blendfarm.serverConfig.Port
Default port blendfarm server listens on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
15000
Declared by:
<nixpkgs/nixos/modules/services/misc/blenderfarm.nix>
|
services.blendfarm.user
User under which blendfarm runs.
Type: string
Default:
"blendfarm"
Declared by:
<nixpkgs/nixos/modules/services/misc/blenderfarm.nix>
|
services.blockbook-frontend
Specification of one or more blockbook-frontend instances.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
|
services.blockbook-frontend.<name>.enable
Whether to enable blockbook-frontend application.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
|
services.blockbook-frontend.<name>.package
The blockbook package to use.
Type: package
Default:
pkgs.blockbook
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
|
services.blockbook-frontend.<name>.certFile
To enable SSL, specify path to the name of certificate files without extension.
Expecting certFile.crt
and certFile.key
.
Type: null or absolute path
Default:
null
Example:
"/etc/secrets/blockbook-frontend-‹name›/certFile"
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
|
services.blockbook-frontend.<name>.coinName
See https://github.com/trezor/blockbook/blob/master/bchain/coins/blockchain.go#L61 for current of coins supported in master (Note: may differ from release).
Type: string
Default:
"Bitcoin"
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
|
services.blockbook-frontend.<name>.configFile
Location of the blockbook configuration file.
Type: null or absolute path
Default:
null
Example:
"/var/lib/blockbook-frontend-‹name›/config.json"
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
|
services.blockbook-frontend.<name>.cssDir
Location of the dir with main.css
CSS file.
By default, the one shipped with the package is used.
Type: absolute path
Default:
"${package}/share/css/"
Example:
"${dataDir}/static/css/"
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
|
services.blockbook-frontend.<name>.dataDir
Location of blockbook-frontend-‹name› data directory.
Type: absolute path
Default:
"/var/lib/blockbook-frontend-‹name›"
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
|
services.blockbook-frontend.<name>.debug
Debug mode, return more verbose errors, reload templates on each request.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
|
services.blockbook-frontend.<name>.extraCmdLineOptions
Extra command line options to pass to Blockbook. Run blockbook --help to list all available options.
Type: list of string
Default:
[ ]
Example:
[
"-workers=1"
"-dbcache=0"
"-logtosderr"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
|
services.blockbook-frontend.<name>.extraConfig
Additional configurations to be appended to coin.conf
.
Overrides any already defined configuration options.
See https://github.com/trezor/blockbook/tree/master/configs/coins
for current configuration options supported in master (Note: may differ from release).
Type: attribute set
Default:
{ }
Example:
{
"alternative_estimate_fee" = "whatthefee-disabled";
"alternative_estimate_fee_params" = "{\"url\": \"https://whatthefee.io/data.json\", \"periodSeconds\": 60}";
"fiat_rates" = "coingecko";
"fiat_rates_params" = "{\"url\": \"https://api.coingecko.com/api/v3\", \"coin\": \"bitcoin\", \"periodSeconds\": 60}";
"coin_shortcut" = "BTC";
"coin_label" = "Bitcoin";
"parse" = true;
"subversion" = "";
"address_format" = "";
"xpub_magic" = 76067358;
"xpub_magic_segwit_p2sh" = 77429938;
"xpub_magic_segwit_native" = 78792518;
"mempool_workers" = 8;
"mempool_sub_workers" = 2;
"block_addresses_to_keep" = 300;
}
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
|
services.blockbook-frontend.<name>.group
The group as which to run blockbook-frontend-‹name›.
Type: string
Default:
"blockbook-frontend-‹name›"
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
|
services.blockbook-frontend.<name>.internal
Internal http server binding [address]:port
.
Type: null or string
Default:
":9030"
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
|
services.blockbook-frontend.<name>.messageQueueBinding
Message Queue Binding address:port
.
Type: string
Default:
"tcp://127.0.0.1:38330"
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
|
services.blockbook-frontend.<name>.public
Public http server binding [address]:port
.
Type: null or string
Default:
":9130"
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
|
services.blockbook-frontend.<name>.rpc.password
RPC password for JSON-RPC connections.
Warning: this is stored in cleartext in the Nix store!!!
Use configFile
or passwordFile
if needed.
Type: string
Default:
"rpc"
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
|
services.blockbook-frontend.<name>.rpc.passwordFile
File containing password of the RPC user.
Note: This options is ignored when configFile
is used.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
|
services.blockbook-frontend.<name>.rpc.port
Port for JSON-RPC connections.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
8030
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
|
services.blockbook-frontend.<name>.rpc.url
URL for JSON-RPC connections.
Type: string
Default:
"http://127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
|
services.blockbook-frontend.<name>.rpc.user
Username for JSON-RPC connections.
Type: string
Default:
"rpc"
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
|
services.blockbook-frontend.<name>.sync
Synchronizes until tip, if together with zeromq, keeps index synchronized.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
|
services.blockbook-frontend.<name>.templateDir
Location of the HTML templates. By default, ones shipped with the package are used.
Type: absolute path
Default:
"${package}/share/templates/"
Example:
"${dataDir}/templates/static/"
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
|
services.blockbook-frontend.<name>.user
The user as which to run blockbook-frontend-‹name›.
Type: string
Default:
"blockbook-frontend-‹name›"
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
|
services.blocky.enable
Whether to enable blocky, a fast and lightweight DNS proxy as ad-blocker for local network with many features.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/blocky.nix>
|
services.blocky.package
The blocky package to use.
Type: package
Default:
pkgs.blocky
Declared by:
<nixpkgs/nixos/modules/services/networking/blocky.nix>
|
services.blocky.settings
Blocky configuration. Refer to https://0xerr0r.github.io/blocky/configuration/ for details on supported values.
Type: YAML value
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/networking/blocky.nix>
|
services.bloop.extraOptions
Specifies additional command line argument to pass to bloop java process.
Type: list of string
Default:
[ ]
Example:
[
"-J-Xmx2G"
"-J-XX:MaxInlineLevel=20"
"-J-XX:+UseParallelGC"
]
Declared by:
<nixpkgs/nixos/modules/services/development/bloop.nix>
|
services.bloop.install
Whether to install a user service for the Bloop server.
The service must be manually started for each user with “systemctl --user start bloop”.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/development/bloop.nix>
|
services.blueman.enable
Whether to enable blueman, a bluetooth manager.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/desktops/blueman.nix>
|
services.bluemap.enable
Whether to enable bluemap.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bluemap.nix>
|
services.bluemap.enableNginx
Enable configuring a virtualHost for serving the bluemap webapp
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bluemap.nix>
|
services.bluemap.enableRender
Enable rendering
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bluemap.nix>
|
services.bluemap.addons
A set of jar addons to be loaded.
See https://bluemap.bluecolored.de/3rdPartySupport.html for a list of officially recognized addons.
Type: attribute set of path in the Nix store
Default:
{ }
Example:
{
blueBridge = ./blueBridge.jar;
blueBorder = pkgs.fetchurl {
url = "https://github.com/pop4959/BlueBorder/releases/download/1.1.1/BlueBorder-1.1.1.jar";
hash = "...";
};
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bluemap.nix>
|
services.bluemap.coreSettings
Settings for the core.conf file, see upstream docs.
Type: HOCON value
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bluemap.nix>
|
services.bluemap.coreSettings.data
Folder for where bluemap stores its data
Type: absolute path
Default:
"/var/lib/bluemap"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bluemap.nix>
|
services.bluemap.coreSettings.metrics
Whether to enable Sending usage metrics containing the version of bluemap in use.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bluemap.nix>
|
services.bluemap.defaultWorld
The world used by the default map ruleset. If you configure your own maps you do not need to set this.
Type: absolute path
Example:
${config.services.minecraft.dataDir}/world
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bluemap.nix>
|
services.bluemap.eula
By changing this option to true you confirm that you own a copy of minecraft Java Edition, and that you agree to minecrafts EULA.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bluemap.nix>
|
services.bluemap.host
Domain on which nginx will serve the bluemap webapp
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bluemap.nix>
|
services.bluemap.maps
Settings for files in maps/
.
If you define anything here you must define everything yourself.
See the default for an example with good options for the different world types.
For valid values consult upstream docs.
Type: attribute set of (HOCON value)
Default:
{
"overworld" = {
world = "${cfg.defaultWorld}";
ambient-light = 0.1;
cave-detection-ocean-floor = -5;
};
"nether" = {
world = "${cfg.defaultWorld}/DIM-1";
sorting = 100;
sky-color = "#290000";
void-color = "#150000";
ambient-light = 0.6;
world-sky-light = 0;
remove-caves-below-y = -10000;
cave-detection-ocean-floor = -5;
cave-detection-uses-block-light = true;
max-y = 90;
};
"end" = {
world = "${cfg.defaultWorld}/DIM1";
sorting = 200;
sky-color = "#080010";
void-color = "#080010";
ambient-light = 0.6;
world-sky-light = 0;
remove-caves-below-y = -10000;
cave-detection-ocean-floor = -5;
};
};
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bluemap.nix>
|
services.bluemap.maps.<name>.world
Path to world folder containing the dimension to render
Type: absolute path
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bluemap.nix>
|
services.bluemap.onCalendar
How often to trigger rendering the map, in the format of a systemd timer onCalendar configuration. See systemd.timer(5).
Type: string
Default:
"*-*-* 03:10:00"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bluemap.nix>
|
services.bluemap.packs
A set of resourcepacks, datapacks, and mods to extract resources from, loaded in alphabetical order.
Type: attribute set of path in the Nix store
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bluemap.nix>
|
services.bluemap.storage
Where the rendered map will be stored. Unless you are doing something advanced you should probably leave this alone and configure webRoot instead. See upstream docs
Type: attribute set of (HOCON value)
Default:
{
"file" = {
root = "${config.services.bluemap.webRoot}/maps";
};
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bluemap.nix>
|
services.bluemap.storage.<name>.storage-type
Type of storage config
Type: one of “FILE”, “SQL”
Default:
"FILE"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bluemap.nix>
|
services.bluemap.webRoot
The directory for saving and serving the webapp and the maps
Type: absolute path
Default:
"/var/lib/bluemap/web"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bluemap.nix>
|
services.bluemap.webappSettings
Settings for the webapp.conf file, see upstream docs.
Type: HOCON value
Default:
{
enabled = true;
webroot = config.services.bluemap.webRoot;
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bluemap.nix>
|
services.bluemap.webserverSettings
Settings for the webserver.conf file, usually not required. See upstream docs.
Type: HOCON value
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bluemap.nix>
|
services.bluemap.webserverSettings.enabled
Enable bluemap’s built-in webserver. Disabled by default in nixos for use of nginx directly.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bluemap.nix>
|
services.boinc.enable
Whether to enable the BOINC distributed computing client. If this option is set to true, the boinc_client daemon will be run as a background service. The boinccmd command can be used to control the daemon.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/computing/boinc/client.nix>
|
services.boinc.package
The boinc package to use.
Type: package
Default:
pkgs.boinc
Example:
boinc-headless
Declared by:
<nixpkgs/nixos/modules/services/computing/boinc/client.nix>
|
services.boinc.allowRemoteGuiRpc
If set to true, any remote host can connect to and control this BOINC
client (subject to password authentication). If instead set to false,
only the hosts listed in dataDir
/remote_hosts.cfg will be allowed to
connect.
See also: https://boinc.berkeley.edu/wiki/Controlling_BOINC_remotely#Remote_access
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/computing/boinc/client.nix>
|
services.boinc.dataDir
The directory in which to store BOINC’s configuration and data files.
Type: absolute path
Default:
"/var/lib/boinc"
Declared by:
<nixpkgs/nixos/modules/services/computing/boinc/client.nix>
|
services.boinc.extraEnvPackages
Additional packages to make available in the environment in which BOINC will run. Common choices are:
pkgs.virtualbox
:
The VirtualBox virtual machine framework. Required by some BOINC
projects, such as ATLAS@home.
pkgs.ocl-icd
:
OpenCL infrastructure library. Required by BOINC projects that
use OpenCL, in addition to a device-specific OpenCL driver.
pkgs.linuxPackages.nvidia_x11
:
Provides CUDA libraries. Required by BOINC projects that use
CUDA. Note that this requires an NVIDIA graphics device to be
present on the system.
Also provides OpenCL drivers for NVIDIA GPUs;
pkgs.ocl-icd
is also needed in this case.
Type: list of package
Default:
[ ]
Example:
[ pkgs.virtualbox ]
Declared by:
<nixpkgs/nixos/modules/services/computing/boinc/client.nix>
|
services.bonsaid.enable
Whether to enable bonsaid.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/desktops/bonsaid.nix>
|
services.bonsaid.package
The bonsai package to use.
Type: package
Default:
pkgs.bonsai
Declared by:
<nixpkgs/nixos/modules/services/desktops/bonsaid.nix>
|
services.bonsaid.configFile
Path to a .json file specifying the state transitions.
You don’t need to set this unless you prefer to provide the json file
yourself instead of using the settings
option.
Type: absolute path
Declared by:
<nixpkgs/nixos/modules/services/desktops/bonsaid.nix>
|
services.bonsaid.extraFlags
Extra flags to pass to bonsaid
, such as [ "-v" ]
to enable verbose logging.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/desktops/bonsaid.nix>
|
services.bonsaid.settings
State transition definitions. See the upstream README for extended documentation and a more complete example.
Type: list of (JSON value)
Example:
[
{
event_name = "power_button_pressed";
transitions = [
{
delay_duration = 600000000;
transitions = [
{
command = [
"swaymsg"
"--"
"output"
"*"
"power"
"off"
];
transitions = [ ];
type = "exec";
}
];
type = "delay";
}
{
event_name = "power_button_released";
transitions = [ ];
type = "event";
}
];
type = "event";
}
]
Declared by:
<nixpkgs/nixos/modules/services/desktops/bonsaid.nix>
|
services.bonsaid.settings.*.command
Command to run when this transition is taken.
This is executed inline by bonsaid
and blocks handling of any other events until completion.
To perform the command asynchronously, specify it like [ "setsid" "-f" "my-command" ]
.
Only effects transitions with type = "exec"
.
Type: null or (list of string)
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/desktops/bonsaid.nix>
|
services.bonsaid.settings.*.delay_duration
Nanoseconds to wait after the previous state change before performing this transition.
This can be placed at the same level as a type = "event"
transition to achieve a
timeout mechanism.
Only effects transitions with type = "delay"
.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/desktops/bonsaid.nix>
|
services.bonsaid.settings.*.event_name
Name of the event which should trigger this transition when received by bonsaid
.
Events are sent to bonsaid
by running bonsaictl -e <event_name>
.
Only effects transitions with type = "event"
.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/desktops/bonsaid.nix>
|
services.bonsaid.settings.*.transitions
List of transitions out of this state. If left empty, then this state is considered a terminal state and entering it will trigger an immediate transition back to the root state (after processing side effects).
Type: list of (JSON value)
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/desktops/bonsaid.nix>
|
services.bonsaid.settings.*.type
Type of transition. Determines how bonsaid interprets the other options in this transition.
Type: one of “delay”, “event”, “exec”
Declared by:
<nixpkgs/nixos/modules/services/desktops/bonsaid.nix>
|
services.bookstack.enable
Whether to enable BookStack.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.package
The bookstack package to use.
Type: package
Default:
pkgs.bookstack
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.appKeyFile
A file containing the Laravel APP_KEY - a 32 character long,
base64 encoded key used for encryption where needed. Can be
generated with head -c 32 /dev/urandom | base64
.
Type: absolute path
Example:
"/run/keys/bookstack-appkey"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.appURL
The root URL that you want to host BookStack on. All URLs in BookStack will be generated using this value.
If you change this in the future you may need to run a command to update stored URLs in the database. Command example: php artisan bookstack:update-url https://old.example.com https://new.example.com
Type: string
Default:
"http\${lib.optionalString tlsEnabled \"s\"}://\${cfg.hostname}"
Example:
"https://example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.config
BookStack configuration options to set in the
.env
file.
Refer to https://www.bookstackapp.com/docs/ for details on supported values.
Settings containing secret data should be set to an attribute
set containing the attribute _secret
- a
string pointing to a file containing the value the option
should be set to. See the example to get a better picture of
this: in the resulting .env
file, the
OIDC_CLIENT_SECRET
key will be set to the
contents of the /run/keys/oidc_secret
file.
Type: attribute set of (null or boolean or signed integer or 16 bit unsigned integer; between 0 and 65535 (both inclusive) or absolute path or string or (submodule))
Default:
{ }
Example:
{
ALLOWED_IFRAME_HOSTS = "https://example.com";
WKHTMLTOPDF = "/home/user/bins/wkhtmltopdf";
AUTH_METHOD = "oidc";
OIDC_NAME = "MyLogin";
OIDC_DISPLAY_NAME_CLAIMS = "name";
OIDC_CLIENT_ID = "bookstack";
OIDC_CLIENT_SECRET = {_secret = "/run/keys/oidc_secret";};
OIDC_ISSUER = "https://keycloak.example.com/auth/realms/My%20Realm";
OIDC_ISSUER_DISCOVER = true;
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.dataDir
BookStack data directory
Type: absolute path
Default:
"/var/lib/bookstack"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.database.createLocally
Create the database and database user locally.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.database.host
Database host address.
Type: string
Default:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.database.name
Database name.
Type: string
Default:
"bookstack"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.database.passwordFile
A file containing the password corresponding to
database.user
.
Type: null or absolute path
Default:
null
Example:
"/run/keys/bookstack-dbpassword"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.database.port
Database host port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
3306
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.database.user
Database username.
Type: string
Default:
user
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.group
Group bookstack runs as.
Type: string
Default:
"bookstack"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.hostname
The hostname to serve BookStack on.
Type: string
Default:
config.networking.fqdnOrHostName
Example:
"bookstack.example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.mail.driver
Mail driver to use.
Type: one of “smtp”, “sendmail”
Default:
"smtp"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.mail.encryption
SMTP encryption mechanism to use.
Type: null or value “tls” (singular enum)
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.mail.from
Mail “from” email.
Type: string
Default:
"mail@bookstackapp.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.mail.fromName
Mail “from” name.
Type: string
Default:
"BookStack"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.mail.host
Mail host address.
Type: string
Default:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.mail.passwordFile
A file containing the password corresponding to
mail.user
.
Type: null or absolute path
Default:
null
Example:
"/run/keys/bookstack-mailpassword"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.mail.port
Mail host port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
1025
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.mail.user
Mail username.
Type: null or string
Default:
null
Example:
"bookstack"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.maxUploadSize
The maximum size for uploads (e.g. images).
Type: string
Default:
"18M"
Example:
"1G"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx
With this option, you can customize the nginx virtualHost settings.
Type: submodule
Default:
{ }
Example:
{
serverAliases = [
"bookstack.${config.networking.domain}"
];
# To enable encryption and let let's encrypt take care of certificate
forceSSL = true;
enableACME = true;
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.enableACME
Whether to ask Let’s Encrypt to sign a certificate for this vhost.
Alternately, you can use an existing certificate through useACMEHost
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.acmeFallbackHost
Host which to proxy requests to if ACME challenge is not found. Useful if you want multiple hosts to be able to verify the same domain name.
With this option, you could request certificates for the present domain with an ACME client that is running on another host, which you would specify here.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.acmeRoot
Directory for the ACME challenge, which is public. Don’t put certs or keys in here. Set to null to inherit from config.security.acme.
Type: null or string
Default:
"/var/lib/acme/acme-challenge"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.addSSL
Whether to enable HTTPS in addition to plain HTTP. This will set defaults for
listen
to listen on all interfaces on the respective default
ports (80, 443).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.basicAuth
Basic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the Nix store.
Type: attribute set of string
Default:
{ }
Example:
{
user = "password";
};
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.basicAuthFile
Basic Auth password file for a vhost. Can be created by running nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.default
Makes this vhost the default.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.extraConfig
These lines go to the end of the vhost verbatim.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.forceSSL
Whether to add a separate nginx server block that redirects (defaults
to 301, configurable with redirectCode
) all plain HTTP traffic to
HTTPS. This will set defaults for listen
to listen on all interfaces
on the respective default ports (80, 443), where the non-SSL listens
are used for the redirect vhosts.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.globalRedirect
If set, all requests for this host are redirected (defaults to 301,
configurable with redirectCode
) to the given hostname.
Type: null or string
Default:
null
Example:
"newserver.example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.http2
Whether to enable the HTTP/2 protocol. Note that (as of writing) due to nginx’s implementation, to disable HTTP/2 you have to disable it on all vhosts that use a given IP address / port. If there is one server block configured to enable http2, then it is enabled for all server blocks on this IP. See https://stackoverflow.com/a/39466948/263061.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.http3
Whether to enable the HTTP/3 protocol.
This requires using pkgs.nginxQuic
package
which can be achieved by setting services.nginx.package = pkgs.nginxQuic;
and activate the QUIC transport protocol
services.nginx.virtualHosts.<name>.quic = true;
.
Note that HTTP/3 support is experimental and not yet recommended for production.
Read more at https://quic.nginx.org/
HTTP/3 availability must be manually advertised, preferably in each location block.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.http3_hq
Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests.
This requires using pkgs.nginxQuic
package
which can be achieved by setting services.nginx.package = pkgs.nginxQuic;
and activate the QUIC transport protocol
services.nginx.virtualHosts.<name>.quic = true;
.
Note that special application protocol support is experimental and not yet recommended for production.
Read more at https://quic.nginx.org/
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.kTLS
Whether to enable kTLS support. Implementing TLS in the kernel (kTLS) improves performance by significantly reducing the need for copying operations between user space and the kernel. Required Nginx version 1.21.4 or later.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.listen
Listen addresses and ports for this virtual host.
IPv6 addresses must be enclosed in square brackets.
Note: this option overrides addSSL
and onlySSL
.
If you only want to set the addresses manually and not
the ports, take a look at listenAddresses
.
Type: list of (submodule)
Default:
[ ]
Example:
[
{
addr = "195.154.1.1";
port = 443;
ssl = true;
}
{
addr = "192.154.1.1";
port = 80;
}
{
addr = "unix:/var/run/nginx.sock";
}
]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.listen.*.addr
Listen address.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.listen.*.extraParameters
Extra parameters of this listen directive.
Type: list of string
Default:
[ ]
Example:
[
"backlog=1024"
"deferred"
]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.listen.*.port
Port number to listen on. If unset and the listen address is not a socket then nginx defaults to 80.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.listen.*.proxyProtocol
Enable PROXY protocol.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.listen.*.ssl
Enable SSL.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.listenAddresses
Listen addresses for this virtual host.
Compared to listen
this only sets the addresses
and the ports are chosen automatically.
Note: This option overrides enableIPv6
Type: list of string
Default:
[ ]
Example:
[
"127.0.0.1"
"[::1]"
]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.locations
Declarative location config
Type: attribute set of (submodule)
Default:
{ }
Example:
{
"/" = {
proxyPass = "http://localhost:3000";
};
};
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.locations.<name>.alias
Alias directory for requests.
Type: null or absolute path
Default:
null
Example:
"/your/alias/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.locations.<name>.basicAuth
Basic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the Nix store.
Type: attribute set of string
Default:
{ }
Example:
{
user = "password";
};
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.locations.<name>.basicAuthFile
Basic Auth password file for a vhost. Can be created by running nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.locations.<name>.extraConfig
These lines go to the end of the location verbatim.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.locations.<name>.fastcgiParams
FastCGI parameters to override. Unlike in the Nginx configuration file, overriding only some default parameters won’t unset the default values for other parameters.
Type: attribute set of (string or absolute path)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.locations.<name>.index
Adds index directive.
Type: null or string
Default:
null
Example:
"index.php index.html"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.locations.<name>.priority
Order of this location block in relation to the others in the vhost.
The semantics are the same as with lib.mkOrder
. Smaller values have
a greater priority.
Type: signed integer
Default:
1000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.locations.<name>.proxyPass
Adds proxy_pass directive and sets recommended proxy headers if recommendedProxySettings is enabled.
Type: null or string
Default:
null
Example:
"http://www.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.locations.<name>.proxyWebsockets
Whether to support proxying websocket connections with HTTP/1.1.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.locations.<name>.recommendedProxySettings
Enable recommended proxy settings.
Type: boolean
Default:
config.services.nginx.recommendedProxySettings
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.locations.<name>.recommendedUwsgiSettings
Enable recommended uwsgi settings.
Type: boolean
Default:
config.services.nginx.recommendedUwsgiSettings
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.locations.<name>.return
Adds a return directive, for e.g. redirections.
Type: null or string or signed integer
Default:
null
Example:
"301 http://example.com$request_uri"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.locations.<name>.root
Root directory for requests.
Type: null or absolute path
Default:
null
Example:
"/your/root/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.locations.<name>.tryFiles
Adds try_files directive.
Type: null or string
Default:
null
Example:
"$uri =404"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.locations.<name>.uwsgiPass
Adds uwsgi_pass directive and sets recommended proxy headers if recommendedUwsgiSettings is enabled.
Type: null or string
Default:
null
Example:
"unix:/run/example/example.sock"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.onlySSL
Whether to enable HTTPS and reject plain HTTP connections. This will set
defaults for listen
to listen on all interfaces on port 443.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.quic
Whether to enable the QUIC transport protocol.
This requires using pkgs.nginxQuic
package
which can be achieved by setting services.nginx.package = pkgs.nginxQuic;
.
Note that QUIC support is experimental and
not yet recommended for production.
Read more at https://quic.nginx.org/
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.redirectCode
HTTP status used by globalRedirect
and forceSSL
. Possible usecases
include temporary (302, 307) redirects, keeping the request method and
body (307, 308), or explicitly resetting the method to GET (303).
See https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections.
Type: integer between 300 and 399 (both inclusive)
Default:
301
Example:
308
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.rejectSSL
Whether to listen for and reject all HTTPS connections to this vhost. Useful in
default
server blocks to avoid serving the certificate for another vhost. Uses the
ssl_reject_handshake
directive available in nginx versions
1.19.4 and above.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.reuseport
Create an individual listening socket . It is required to specify only once on one of the hosts.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.root
The path of the web root directory.
Type: null or absolute path
Default:
null
Example:
"/data/webserver/docs"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.serverAliases
Additional names of virtual hosts served by this virtual host configuration.
Type: list of string
Default:
[ ]
Example:
[
"www.example.org"
"example.org"
]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.serverName
Name of this virtual host. Defaults to attribute name in virtualHosts.
Type: null or string
Default:
null
Example:
"example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.sslCertificate
Path to server SSL certificate.
Type: absolute path
Example:
"/var/host.cert"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.sslCertificateKey
Path to server SSL certificate key.
Type: absolute path
Example:
"/var/host.key"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.sslTrustedCertificate
Path to root SSL certificate for stapling and client certificates.
Type: null or absolute path
Default:
null
Example:
"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.useACMEHost
A host of an existing Let’s Encrypt certificate to use.
This is useful if you have many subdomains and want to avoid hitting the
rate limit.
Alternately, you can generate a certificate through enableACME
.
Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using security.acme.certs
.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.poolConfig
Options for the bookstack PHP pool. See the documentation on php-fpm.conf
for details on configuration directives.
Type: attribute set of (string or signed integer or boolean)
Default:
{
pm = "dynamic";
"pm.max_children" = 32;
"pm.max_requests" = 500;
"pm.max_spare_servers" = 4;
"pm.min_spare_servers" = 2;
"pm.start_servers" = 2;
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.user
User bookstack runs as.
Type: string
Default:
"bookstack"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.borgbackup.package
The borgbackup package to use.
Type: package
Default:
pkgs.borgbackup
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs
Deduplicating backups using BorgBackup. Adding a job will cause a borg-job-NAME wrapper to be added to your system path, so that you can perform maintenance easily. See also the chapter about BorgBackup in the NixOS manual.
Type: attribute set of (submodule)
Default:
{ }
Example:
{ # for a local backup
rootBackup = {
paths = "/";
exclude = [ "/nix" ];
repo = "/path/to/local/repo";
encryption = {
mode = "repokey";
passphrase = "secret";
};
compression = "auto,lzma";
startAt = "weekly";
};
}
{ # Root backing each day up to a remote backup server. We assume that you have
# * created a password less key: ssh-keygen -N "" -t ed25519 -f /path/to/ssh_key
# best practices are: use -t ed25519, /path/to = /run/keys
# * the passphrase is in the file /run/keys/borgbackup_passphrase
# * you have initialized the repository manually
paths = [ "/etc" "/home" ];
exclude = [ "/nix" "'**/.cache'" ];
doInit = false;
repo = "user3@arep.repo.borgbase.com:repo";
encryption = {
mode = "repokey-blake2";
passCommand = "cat /path/to/passphrase";
};
environment = { BORG_RSH = "ssh -i /path/to/ssh_key"; };
compression = "auto,lzma";
startAt = "daily";
};
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.appendFailedSuffix
Append a .failed
suffix
to the archive name, which is only removed if
borg create has a zero exit status.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.archiveBaseName
How to name the created archives. A timestamp, whose format is
determined by dateFormat
, will be appended. The full
name can be modified at runtime ($archiveName
).
Placeholders like {hostname}
must not be used.
Use null
for no base name.
Type: null or string matching the pattern [^/{}]+
Default:
"${config.networking.hostName}-<name>"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.compression
Compression method to use. Refer to borg help compression for all available options.
Type: string matching the pattern none|(auto,)?(lz4|zstd|zlib|lzma)(,[[:digit:]]{1,2})?
Default:
"lz4"
Example:
"auto,lzma"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.dateFormat
Arguments passed to date to create a timestamp suffix for the archive name.
Type: string
Default:
"+%Y-%m-%dT%H:%M:%S"
Example:
"-u +%s"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.doInit
Run borg init if the
specified repo
does not exist.
You should set this to false
if the repository is located on an external drive
that might not always be mounted.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.dumpCommand
Backup the stdout of this program instead of filesystem paths.
Mutually exclusive with paths
.
Type: null or absolute path
Default:
null
Example:
"/path/to/createZFSsend.sh"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.encryption.mode
Encryption mode to use. Setting a mode
other than "none"
requires
you to specify a passCommand
or a passphrase
.
Type: one of “repokey”, “keyfile”, “repokey-blake2”, “keyfile-blake2”, “authenticated”, “authenticated-blake2”, “none”
Example:
"repokey-blake2"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.encryption.passCommand
A command which prints the passphrase to stdout.
Mutually exclusive with passphrase
.
Type: null or string
Default:
null
Example:
"cat /path/to/passphrase_file"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.encryption.passphrase
The passphrase the backups are encrypted with.
Mutually exclusive with passCommand
.
If you do not want the passphrase to be stored in the
world-readable Nix store, use passCommand
.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.environment
Environment variables passed to the backup script. You can for example specify which SSH key to use.
Type: attribute set of string
Default:
{ }
Example:
{
BORG_RSH = "ssh -i /path/to/key";
}
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.exclude
Exclude paths matching any of the given patterns. See borg help patterns for pattern syntax.
Type: list of string
Default:
[ ]
Example:
[
"/home/*/.cache"
"/nix"
]
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.extraArgs
Additional arguments for all borg calls the service has. Handle with care.
Type: string or (list of string) convertible to it
Default:
[ ]
Example:
[
"--remote-path=/path/to/borg"
]
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.extraCompactArgs
Additional arguments for borg compact.
Can also be set at runtime using $extraCompactArgs
.
Type: string or (list of string) convertible to it
Default:
[ ]
Example:
[
"--cleanup-commits"
]
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.extraCreateArgs
Additional arguments for borg create.
Can also be set at runtime using $extraCreateArgs
.
Type: string or (list of string) convertible to it
Default:
[ ]
Example:
[
"--stats"
"--checkpoint-interval 600"
]
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.extraInitArgs
Additional arguments for borg init.
Can also be set at runtime using $extraInitArgs
.
Type: string or (list of string) convertible to it
Default:
[ ]
Example:
[
"--append-only"
]
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.extraPruneArgs
Additional arguments for borg prune.
Can also be set at runtime using $extraPruneArgs
.
Type: string or (list of string) convertible to it
Default:
[ ]
Example:
[
"--save-space"
]
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.failOnWarnings
Fail the whole backup job if any borg command returns a warning (exit code 1), for example because a file changed during backup.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.group
The group borg is run as. User or group needs read permission
for the specified paths
.
Type: string
Default:
"root"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.inhibitsSleep
Prevents the system from sleeping while backing up.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.paths
Path(s) to back up.
Mutually exclusive with dumpCommand
.
Type: null or ((list of string) or string convertible to it)
Default:
null
Example:
"/home/user"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.patterns
Include/exclude paths matching the given patterns. The first
matching patterns is used, so if an include pattern (prefix +
)
matches before an exclude pattern (prefix -
), the file is
backed up. See borg help patterns for pattern syntax.
Type: list of string
Default:
[ ]
Example:
[
"+ /home/susan"
"- /home/*"
]
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.persistentTimer
Set the Persistent
option for the
systemd.timer(5)
which triggers the backup immediately if the last trigger
was missed (e.g. if the system was powered down).
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.postCreate
Shell commands to run after borg create. The name
of the created archive is stored in $archiveName
.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.postHook
Shell commands to run just before exit. They are executed
even if a previous command exits with a non-zero exit code.
The latter is available as $exitStatus
.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.postInit
Shell commands to run after borg init.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.postPrune
Shell commands to run after borg prune.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.preHook
Shell commands to run before the backup. This can for example be used to mount file systems.
Type: strings concatenated with “\n”
Default:
""
Example:
''
# To add excluded paths at runtime
extraCreateArgs+=("--exclude" "/some/path")
''
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.privateTmp
Set the PrivateTmp
option for
the systemd-service. Set to false if you need sockets
or other files from global /tmp.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.prune.keep
Prune a repository by deleting all archives not matching any of the specified retention options. See borg help prune for the available options.
Type: attribute set of (signed integer or string matching the pattern [[:digit:]]+[Hdwmy])
Default:
{ }
Example:
{
within = "1d"; # Keep all archives from the last day
daily = 7;
weekly = 4;
monthly = -1; # Keep at least one archive for each month
}
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.prune.prefix
Only consider archive names starting with this prefix for pruning.
By default, only archives created by this job are considered.
Use ""
or null
to consider all archives.
Type: null or string
Default:
archiveBaseName
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.readWritePaths
By default, borg cannot write anywhere on the system but
$HOME/.config/borg
and $HOME/.cache/borg
.
If, for example, your preHook script needs to dump files
somewhere, put those directories here.
Type: list of absolute path
Default:
[ ]
Example:
[
"/var/backup/mysqldump"
]
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.removableDevice
Whether the repo (which must be local) is a removable device.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.repo
Remote or local repository to back up to.
Type: string
Example:
"user@machine:/path/to/repo"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.startAt
When or how often the backup should run.
Must be in the format described in
systemd.time(7).
If you do not want the backup to start
automatically, use [ ]
.
It will generate a systemd service borgbackup-job-NAME.
You may trigger it manually via systemctl restart borgbackup-job-NAME.
Type: string or list of string
Default:
"daily"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.user
The user borg is run as.
User or group need read permission
for the specified paths
.
Type: string
Default:
"root"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.repos
Serve BorgBackup repositories to given public SSH keys,
restricting their access to the repository only.
See also the chapter about BorgBackup in the NixOS manual.
Also, clients do not need to specify the absolute path when accessing the repository,
i.e. user@machine:.
is enough. (Note colon and dot.)
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.repos.<name>.allowSubRepos
Allow clients to create repositories in subdirectories of the
specified path
. These can be accessed using
user@machine:path/to/subrepo
. Note that a
quota
applies to repositories independently.
Therefore, if this is enabled, clients can create multiple
repositories and upload an arbitrary amount of data.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.repos.<name>.authorizedKeys
Public SSH keys that are given full write access to this repository. You should use a different SSH key for each repository you write to, because the specified keys are restricted to running borg serve and can only access this single repository.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.repos.<name>.authorizedKeysAppendOnly
Public SSH keys that can only be used to append new data (archives) to the repository. Note that archives can still be marked as deleted and are subsequently removed from disk upon accessing the repo with full write access, e.g. when pruning.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.repos.<name>.group
The group borg serve is run as.
User or group needs write permission
for the specified path
.
Type: string
Default:
"borg"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.repos.<name>.path
Where to store the backups. Note that the directory is created automatically, with correct permissions.
Type: absolute path
Default:
"/var/lib/borgbackup"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.repos.<name>.quota
Storage quota for the repository. This quota is ensured for all
sub-repositories if allowSubRepos
is enabled
but not for the overall storage space used.
Type: null or string matching the pattern [[:digit:].]+[KMGTP]?
Default:
null
Example:
"100G"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.repos.<name>.user
The user borg serve is run as.
User or group needs write permission
for the specified path
.
Type: string
Default:
"borg"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgmatic.enable
Whether to enable borgmatic.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/backup/borgmatic.nix>
|
services.borgmatic.enableConfigCheck
Whether to enable checking all configurations during build time.
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/backup/borgmatic.nix>
|
services.borgmatic.configurations
Set of borgmatic configurations, see https://torsion.org/borgmatic/docs/reference/configuration/
Type: attribute set of (YAML value)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/backup/borgmatic.nix>
|
services.borgmatic.configurations.<name>.repositories
A required list of local or remote repositories with paths and optional labels (which can be used with the --repository flag to select a repository). Tildes are expanded. Multiple repositories are backed up to in sequence. Borg placeholders can be used. See the output of “borg help placeholders” for details. See ssh_command for SSH options like identity file or port. If systemd service is used, then add local repository paths in the systemd service file to the ReadWritePaths list.
Type: list of (submodule)
Default:
[ ]
Example:
[
{
label = "backupserver";
path = "ssh://user@backupserver/./sourcehostname.borg";
}
{
label = "local";
path = "/mnt/backup";
}
]
Declared by:
<nixpkgs/nixos/modules/services/backup/borgmatic.nix>
|
services.borgmatic.configurations.<name>.repositories.*.label
Label to the repository
Type: string
Declared by:
<nixpkgs/nixos/modules/services/backup/borgmatic.nix>
|
services.borgmatic.configurations.<name>.repositories.*.path
Path to the repository
Type: string
Declared by:
<nixpkgs/nixos/modules/services/backup/borgmatic.nix>
|
services.borgmatic.configurations.<name>.source_directories
List of source directories and files to backup. Globs and tildes are expanded. Do not backslash spaces in path names.
Type: list of string
Default:
[ ]
Example:
[
"/home"
"/etc"
"/var/log/syslog*"
"/home/user/path with spaces"
]
Declared by:
<nixpkgs/nixos/modules/services/backup/borgmatic.nix>
|
services.borgmatic.settings
See https://torsion.org/borgmatic/docs/reference/configuration/
Type: null or (YAML value)
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/backup/borgmatic.nix>
|
services.borgmatic.settings.repositories
A required list of local or remote repositories with paths and optional labels (which can be used with the --repository flag to select a repository). Tildes are expanded. Multiple repositories are backed up to in sequence. Borg placeholders can be used. See the output of “borg help placeholders” for details. See ssh_command for SSH options like identity file or port. If systemd service is used, then add local repository paths in the systemd service file to the ReadWritePaths list.
Type: list of (submodule)
Default:
[ ]
Example:
[
{
label = "backupserver";
path = "ssh://user@backupserver/./sourcehostname.borg";
}
{
label = "local";
path = "/mnt/backup";
}
]
Declared by:
<nixpkgs/nixos/modules/services/backup/borgmatic.nix>
|
services.borgmatic.settings.repositories.*.label
Label to the repository
Type: string
Declared by:
<nixpkgs/nixos/modules/services/backup/borgmatic.nix>
|
services.borgmatic.settings.repositories.*.path
Path to the repository
Type: string
Declared by:
<nixpkgs/nixos/modules/services/backup/borgmatic.nix>
|
services.borgmatic.settings.source_directories
List of source directories and files to backup. Globs and tildes are expanded. Do not backslash spaces in path names.
Type: list of string
Default:
[ ]
Example:
[
"/home"
"/etc"
"/var/log/syslog*"
"/home/user/path with spaces"
]
Declared by:
<nixpkgs/nixos/modules/services/backup/borgmatic.nix>
|
services.bosun.enable
Whether to enable bosun.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
|
services.bosun.package
The bosun package to use.
Type: package
Default:
pkgs.bosun
Declared by:
<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
|
services.bosun.checkFrequency
Bosun’s check frequency
Type: string
Default:
"5m"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
|
services.bosun.extraConfig
Extra configuration options for Bosun. You should describe your desired templates, alerts, macros, etc through this configuration option.
A detailed description of the supported syntax can be found at-spi2-atk https://bosun.org/configuration.html
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
|
services.bosun.group
Group account under which bosun runs.
Type: string
Default:
"bosun"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
|
services.bosun.influxHost
Host and port of the influxdb database.
Type: null or string
Default:
null
Example:
"localhost:8086"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
|
services.bosun.ledisDir
Path to bosun’s ledis data dir
Type: absolute path
Default:
"/var/lib/bosun/ledis_data"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
|
services.bosun.listenAddress
The host address and port that bosun’s web interface will listen on.
Type: string
Default:
":8070"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
|
services.bosun.opentsdbHost
Host and port of the OpenTSDB database that stores bosun data. To disable opentsdb you can pass null as parameter.
Type: null or string
Default:
"localhost:4242"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
|
services.bosun.stateFile
Path to bosun’s state file.
Type: absolute path
Default:
"/var/lib/bosun/bosun.state"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
|
services.bosun.user
User account under which bosun runs.
Type: string
Default:
"bosun"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
|
services.botamusique.enable
Whether to enable botamusique, a bot to play audio streams on mumble.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/audio/botamusique.nix>
|
services.botamusique.package
The botamusique package to use.
Type: package
Default:
pkgs.botamusique
Declared by:
<nixpkgs/nixos/modules/services/audio/botamusique.nix>
|
services.botamusique.settings
Your configuration.ini
as a Nix attribute set. Look up
possible options in the configuration.example.ini.
Type: attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/audio/botamusique.nix>
|
services.botamusique.settings.bot.comment
Comment displayed for the bot.
Type: string
Default:
"Hi, I'm here to play radio, local music or youtube/soundcloud music. Have fun!"
Declared by:
<nixpkgs/nixos/modules/services/audio/botamusique.nix>
|
services.botamusique.settings.bot.username
Name the bot should appear with.
Type: string
Default:
"botamusique"
Declared by:
<nixpkgs/nixos/modules/services/audio/botamusique.nix>
|
services.botamusique.settings.server.host
Hostname of the mumble server to connect to.
Type: string
Default:
"localhost"
Example:
"mumble.example.com"
Declared by:
<nixpkgs/nixos/modules/services/audio/botamusique.nix>
|
services.botamusique.settings.server.port
Port of the mumble server to connect to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
64738
Declared by:
<nixpkgs/nixos/modules/services/audio/botamusique.nix>
|
services.bpftune.enable
Whether to enable bpftune BPF driven auto-tuning.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/system/bpftune.nix>
|
services.bpftune.package
The bpftune package to use.
Type: package
Default:
pkgs.bpftune
Declared by:
<nixpkgs/nixos/modules/services/system/bpftune.nix>
|
services.brltty.enable
Whether to enable the BRLTTY daemon.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/hardware/brltty.nix>
|
services.btrbk.extraPackages
Extra packages for btrbk, like compression utilities for stream_compress
.
Note: This option will get deprecated in future releases.
Required compression programs will get automatically provided to btrbk
depending on configured compression method in
services.btrbk.instances.<name>.settings
option.
Type: list of package
Default:
[ ]
Example:
[ pkgs.xz ]
Declared by:
<nixpkgs/nixos/modules/services/backup/btrbk.nix>
|
services.btrbk.instances
Set of btrbk instances. The instance named btrbk
is the default one.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/backup/btrbk.nix>
|
services.btrbk.instances.<name>.onCalendar
How often this btrbk instance is started. See systemd.time(7) for more information about the format. Setting it to null disables the timer, thus this instance can only be started manually.
Type: null or string
Default:
"daily"
Declared by:
<nixpkgs/nixos/modules/services/backup/btrbk.nix>
|
services.btrbk.instances.<name>.settings
configuration options for btrbk. Nested attrsets translate to subsections.
Type: attribute set of (string or instances of this type recursively)
Default:
{ }
Example:
{
snapshot_preserve = "14d";
snapshot_preserve_min = "2d";
volume = {
"/mnt/btr_pool" = {
subvolume = {
home = {
snapshot_create = "always";
};
rootfs = { };
};
target = "/mnt/btr_backup/mylaptop";
};
};
}
Declared by:
<nixpkgs/nixos/modules/services/backup/btrbk.nix>
|
services.btrbk.instances.<name>.settings.stream_compress
Compress the btrfs send stream before transferring it from/to remote locations using a compression command.
Type: one of “gzip”, “pigz”, “bzip2”, “pbzip2”, “bzip3”, “xz”, “lzo”, “lz4”, “zstd”, “no”
Default:
"no"
Declared by:
<nixpkgs/nixos/modules/services/backup/btrbk.nix>
|
services.btrbk.instances.<name>.snapshotOnly
Whether to run in snapshot only mode. This skips backup creation and deletion steps.
Useful when you want to manually backup to an external drive that might not always be connected.
Use btrbk -c /path/to/conf resume
to trigger manual backups.
More examples here.
See also snapshot
subcommand in btrbk(1).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/backup/btrbk.nix>
|
services.btrbk.ioSchedulingClass
IO scheduling class for btrbk (see ionice(1) for a quick description). Applies to local instances, and remote ones connecting by ssh if set to idle.
Type: one of “idle”, “best-effort”, “realtime”
Default:
"best-effort"
Declared by:
<nixpkgs/nixos/modules/services/backup/btrbk.nix>
|
services.btrbk.niceness
Niceness for local instances of btrbk. Also applies to remote ones connecting via ssh when positive.
Type: integer between -20 and 19 (both inclusive)
Default:
10
Declared by:
<nixpkgs/nixos/modules/services/backup/btrbk.nix>
|
services.btrbk.sshAccess
SSH keys that should be able to make or push snapshots on this system remotely with btrbk
Type: list of (submodule)
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/backup/btrbk.nix>
|
services.btrbk.sshAccess.*.key
SSH public key allowed to login as user btrbk
to run remote backups.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/backup/btrbk.nix>
|
services.btrbk.sshAccess.*.roles
What actions can be performed with this SSH key. See ssh_filter_btrbk(1) for details
Type: list of (one of “info”, “source”, “target”, “delete”, “snapshot”, “send”, “receive”)
Example:
[
"source"
"info"
"send"
]
Declared by:
<nixpkgs/nixos/modules/services/backup/btrbk.nix>
|
services.btrfs.autoScrub.enable
Whether to enable regular btrfs scrub.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/btrfs.nix>
|
services.btrfs.autoScrub.fileSystems
List of paths to btrfs filesystems to regularly call btrfs scrub on. Defaults to all mount points with btrfs filesystems. Note that if you have filesystems that span multiple devices (e.g. RAID), you should take care to use the same device for any given mount point and let btrfs take care of automatically mounting the rest, in order to avoid scrubbing the same data multiple times.
Type: list of absolute path
Example:
[
"/"
]
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/btrfs.nix>
|
services.btrfs.autoScrub.interval
Systemd calendar expression for when to scrub btrfs filesystems. The recommended period is a month but could be less (btrfs-scrub(8)). See systemd.time(7) for more information on the syntax.
Type: string
Default:
"monthly"
Example:
"weekly"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/btrfs.nix>
|
services.buffyboard.enable
Whether to enable buffyboard framebuffer keyboard (on-screen keyboard).
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/hardware/buffyboard.nix>
|
services.buffyboard.package
The buffybox package to use.
Type: package
Default:
pkgs.buffybox
Declared by:
<nixpkgs/nixos/modules/services/hardware/buffyboard.nix>
|
services.buffyboard.configFile
Path to an INI format configuration file to provide Buffyboard.
By default, this is generated from whatever you’ve set in settings
.
If specified manually, then settings
is ignored.
For an example config file see here
Type: absolute path
Default:
ini.generate "buffyboard.conf" cfg.settings
Declared by:
<nixpkgs/nixos/modules/services/hardware/buffyboard.nix>
|
services.buffyboard.extraFlags
Extra CLI arguments to pass to buffyboard.
Type: list of string
Default:
[ ]
Example:
[
"--geometry=1920x1080@640,0"
"--dpi=192"
"--rotate=2"
"--verbose"
]
Declared by:
<nixpkgs/nixos/modules/services/hardware/buffyboard.nix>
|
services.buffyboard.settings
Settings to include in /etc/buffyboard.conf. Every option here is strictly optional: Buffyboard will use its own baked-in defaults for those options left unset.
Type: attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/hardware/buffyboard.nix>
|
services.buffyboard.settings.input.pointer
Enable or disable the use of a hardware mouse or other pointing device.
Type: null or boolean
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/hardware/buffyboard.nix>
|
services.buffyboard.settings.input.touchscreen
Enable or disable the use of the touchscreen.
Type: null or boolean
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/hardware/buffyboard.nix>
|
services.buffyboard.settings.quirks.fbdev_force_refresh
If true and using the framebuffer backend, this triggers a display refresh after every draw operation. This has a negative performance impact.
Type: null or boolean
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/hardware/buffyboard.nix>
|
services.buffyboard.settings.theme.default
Selects the default theme on boot. Can be changed at runtime to the alternative theme.
Type: string or one of <null>, “adwaita-dark”, “breezy-dark”, “breezy-light”, “nord-dark”, “nord-light”, “pmos-dark”, “pmos-light”
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/hardware/buffyboard.nix>
|
services.buildbot-master.enable
Whether to enable the Buildbot continuous integration server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.package
The buildbot-full package to use.
Type: package
Default:
pkgs.buildbot-full
Example:
buildbot
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.packages
Packages to add to PATH for the buildbot process.
Type: list of package
Default:
[ pkgs.git ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.buildbotDir
Specifies the Buildbot directory.
Type: absolute path
Default:
"${config.services.buildbot-master.home}/master"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.buildbotUrl
Specifies the Buildbot URL.
Type: string
Default:
"http://localhost:8010/"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.builders
List of Builders.
Type: list of string
Default:
[
"util.BuilderConfig(name='runtests',workernames=['example-worker'],factory=factory)"
]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.changeSource
List of Change Sources.
Type: list of string
Default:
[ ]
Example:
[
"changes.GitPoller('https://github.com/buildbot/pyflakes.git', workdir='gitpoller-workdir', branch='master', pollinterval=300)"
]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.configurators
Configurator Steps, see https://docs.buildbot.net/latest/manual/configuration/configurators.html
Type: list of string
Default:
[ ]
Example:
[
"util.JanitorConfigurator(logHorizon=timedelta(weeks=4), hour=12, dayOfWeek=6)"
]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.dbUrl
Specifies the database connection string.
Type: string
Default:
"sqlite:///state.sqlite"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.extraConfig
Extra configuration to append to master.cfg
Type: strings concatenated with “\n”
Default:
"c['buildbotNetUsageData'] = None"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.extraGroups
List of extra groups that the buildbot user should be a part of.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.extraImports
Extra python imports to prepend to master.cfg
Type: strings concatenated with “\n”
Default:
""
Example:
"from buildbot.process.project import Project"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.factorySteps
Factory Steps
Type: list of string
Default:
[ ]
Example:
[
"steps.Git(repourl='https://github.com/buildbot/pyflakes.git', mode='incremental')"
"steps.ShellCommand(command=['trial', 'pyflakes'])"
]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.group
Primary group of buildbot user.
Type: string
Default:
"buildbot"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.home
Buildbot home directory.
Type: absolute path
Default:
"/home/buildbot"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.listenAddress
Specifies the bind address on which the buildbot HTTP interface listens.
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.masterCfg
Optionally pass master.cfg path. Other options in this configuration will be ignored.
Type: absolute path
Default: generated configuration file
Example:
"/etc/nixos/buildbot/master.cfg"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.pbPort
The buildmaster will listen on a TCP port of your choosing for connections from workers. It can also use this port for connections from remote Change Sources, status clients, and debug tools. This port should be visible to the outside world, and you’ll need to tell your worker admins about your choice. If put in (single) quotes, this can also be used as a connection string, as defined in the ConnectionStrings guide.
Type: string or signed integer
Default:
9989
Example:
"'tcp:9990:interface=127.0.0.1'"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.port
Specifies port number on which the buildbot HTTP interface listens.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
8010
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.pythonPackages
Packages to add the to the PYTHONPATH of the buildbot process.
Type: function that evaluates to a(n) list of package
Default:
pythonPackages: with pythonPackages; [ ]
Example:
pythonPackages: with pythonPackages; [ requests ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.reporters
List of reporter objects used to present build status to various users.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.schedulers
List of Schedulers.
Type: list of string
Default:
[
"schedulers.SingleBranchScheduler(name='all', change_filter=util.ChangeFilter(branch='master'), treeStableTimer=None, builderNames=['runtests'])"
"schedulers.ForceScheduler(name='force',builderNames=['runtests'])"
]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.title
Specifies the Buildbot Title.
Type: string
Default:
"Buildbot"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.titleUrl
Specifies the Buildbot TitleURL.
Type: string
Default:
"Buildbot"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.user
User the buildbot server should execute under.
Type: string
Default:
"buildbot"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.workers
List of Workers.
Type: list of string
Default:
[
"worker.Worker('example-worker', 'pass')"
]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-worker.enable
Whether to enable the Buildbot Worker.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
|
services.buildbot-worker.package
The buildbot-worker package to use.
Type: package
Default:
pkgs.buildbot-worker
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
|
services.buildbot-worker.packages
Packages to add to PATH for the buildbot process.
Type: list of package
Default:
[ pkgs.git ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
|
services.buildbot-worker.adminMessage
Name of the administrator of this worker
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
|
services.buildbot-worker.buildbotDir
Specifies the Buildbot directory.
Type: absolute path
Default:
"${config.services.buildbot-worker.home}/worker"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
|
services.buildbot-worker.extraGroups
List of extra groups that the Buildbot Worker user should be a part of.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
|
services.buildbot-worker.group
Primary group of buildbot Worker user.
Type: string
Default:
"bbworker"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
|
services.buildbot-worker.home
Buildbot home directory.
Type: absolute path
Default:
"/home/bbworker"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
|
services.buildbot-worker.hostMessage
Description of this worker
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
|
services.buildbot-worker.keepalive
This is a number that indicates how frequently keepalive messages should be sent from the worker to the buildmaster, expressed in seconds.
Type: signed integer
Default:
600
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
|
services.buildbot-worker.masterUrl
Specifies the Buildbot Worker connection string.
Type: string
Default:
"localhost:9989"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
|
services.buildbot-worker.user
User the buildbot Worker should execute under.
Type: string
Default:
"bbworker"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
|
services.buildbot-worker.workerPass
Specifies the Buildbot Worker password.
Type: string
Default:
"pass"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
|
services.buildbot-worker.workerPassFile
File used to store the Buildbot Worker password
Type: absolute path
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
|
services.buildbot-worker.workerUser
Specifies the Buildbot Worker user.
Type: string
Default:
"example-worker"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
|
services.buildkite-agents
Attribute set of buildkite agents.
The attribute key is combined with the hostname and a unique integer to
create the final agent name. This can be overridden by setting the name
attribute.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
|
services.buildkite-agents.<name>.enable
Whether to enable this buildkite agent
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
|
services.buildkite-agents.<name>.package
Which buildkite-agent derivation to use
Type: package
Default:
pkgs.buildkite-agent
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
|
services.buildkite-agents.<name>.dataDir
The workdir for the agent
Type: string
Default:
"/var/lib/buildkite-agent-‹name›"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
|
services.buildkite-agents.<name>.extraConfig
Extra lines to be added verbatim to the configuration file.
Type: strings concatenated with “\n”
Default:
""
Example:
"debug=true"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
|
services.buildkite-agents.<name>.extraGroups
Groups the user for this buildkite agent should belong to
Type: list of string
Default:
[
"keys"
]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
|
services.buildkite-agents.<name>.hooks
“Agent” hooks to install. See https://buildkite.com/docs/agent/v3/hooks for possible options.
Type: attribute set of strings concatenated with “\n”
Default:
{ }
Example:
{
environment = ''
export SECRET_VAR=`head -1 /run/keys/secret`
'';
}
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
|
services.buildkite-agents.<name>.hooksPath
Path to the directory storing the hooks.
Consider using services.buildkite-agents.<name>.hooks.<name>
instead.
Type: absolute path
Default:
generated from services.buildkite-agents.<name>.hooks
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
|
services.buildkite-agents.<name>.name
The name of the agent as seen in the buildkite dashboard.
Type: string
Default:
"%hostname-‹name›-%n"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
|
services.buildkite-agents.<name>.privateSshKeyPath
OpenSSH private key
A run-time path to the key file, which is supposed to be provisioned outside of Nix store.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
|
services.buildkite-agents.<name>.runtimePackages
Add programs to the buildkite-agent environment
Type: list of package
Default:
[ pkgs.bash pkgs.gnutar pkgs.gzip pkgs.git pkgs.nix ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
|
services.buildkite-agents.<name>.shell
Command that buildkite-agent 3 will execute when it spawns a shell.
Type: string
Default:
"${pkgs.bash}/bin/bash -e -c"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
|
services.buildkite-agents.<name>.tags
Tags for the agent.
Type: attribute set of (string or list of string)
Default:
{ }
Example:
{
docker = "true";
queue = "default";
ruby2 = "true";
}
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
|
services.buildkite-agents.<name>.tokenPath
The token from your Buildkite “Agents” page.
A run-time path to the token file, which is supposed to be provisioned outside of Nix store.
Type: absolute path
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
|
services.c2fmzq-server.enable
Whether to enable c2fmzq-server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/c2fmzq-server.nix>
|
services.c2fmzq-server.package
The c2fmzq package to use.
Type: package
Default:
pkgs.c2fmzq
Declared by:
<nixpkgs/nixos/modules/services/web-apps/c2fmzq-server.nix>
|
services.c2fmzq-server.bindIP
The local address to use.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/c2fmzq-server.nix>
|
services.c2fmzq-server.passphraseFile
Path to file containing the database passphrase
Type: string
Example:
"/run/secrets/c2fmzq/pwfile"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/c2fmzq-server.nix>
|
services.c2fmzq-server.port
The local port to use.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
8080
Declared by:
<nixpkgs/nixos/modules/services/web-apps/c2fmzq-server.nix>
|
services.c2fmzq-server.settings
Configuration for c2FmZQ-server passed as CLI arguments. Run c2FmZQ-server help for supported values.
Type: attribute set of (null or boolean or signed integer or string)
Example:
{
allow-new-accounts = true;
auto-approve-new-accounts = true;
enable-webapp = true;
encrypt-metadata = true;
verbose = 3;
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/c2fmzq-server.nix>
|
services.c2fmzq-server.settings.database
Path of the database
Type: string
Default:
"%S/c2fmzq-server/data"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/c2fmzq-server.nix>
|
services.c2fmzq-server.settings.verbose
The level of logging verbosity: 1:Error 2:Info 3:Debug
Type: integer between 1 and 3 (both inclusive)
Default:
2
Declared by:
<nixpkgs/nixos/modules/services/web-apps/c2fmzq-server.nix>
|
services.cachefilesd.enable
Whether to enable cachefilesd network filesystems caching daemon.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/cachefilesd.nix>
|
services.cachefilesd.cacheDir
Directory to contain filesystem cache.
Type: string
Default:
"/var/cache/fscache"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/cachefilesd.nix>
|
services.cachefilesd.extraConfig
Additional configuration file entries. See cachefilesd.conf(5) for more information.
Type: strings concatenated with “\n”
Default:
""
Example:
"brun 10%"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/cachefilesd.nix>
|
services.cachix-agent.enable
Whether to enable Cachix Deploy Agent: https://docs.cachix.org/deploy/.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/system/cachix-agent/default.nix>
|
services.cachix-agent.package
The cachix package to use.
Type: package
Default:
pkgs.cachix
Declared by:
<nixpkgs/nixos/modules/services/system/cachix-agent/default.nix>
|
services.cachix-agent.credentialsFile
Required file that needs to contain CACHIX_AGENT_TOKEN=…
Type: absolute path
Default:
"/etc/cachix-agent.token"
Declared by:
<nixpkgs/nixos/modules/services/system/cachix-agent/default.nix>
|
services.cachix-agent.host
Cachix uri to use.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/system/cachix-agent/default.nix>
|
services.cachix-agent.name
Agent name, usually same as the hostname
Type: string
Default:
"config.networking.hostName"
Declared by:
<nixpkgs/nixos/modules/services/system/cachix-agent/default.nix>
|
services.cachix-agent.profile
Profile name, defaults to ‘system’ (NixOS).
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/system/cachix-agent/default.nix>
|
services.cachix-agent.verbose
Enable verbose output
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/system/cachix-agent/default.nix>
|
services.cachix-watch-store.enable
Whether to enable Cachix Watch Store: https://docs.cachix.org.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/system/cachix-watch-store.nix>
|
services.cachix-watch-store.package
The cachix package to use.
Type: package
Default:
pkgs.cachix
Declared by:
<nixpkgs/nixos/modules/services/system/cachix-watch-store.nix>
|
services.cachix-watch-store.cacheName
Cachix binary cache name
Type: string
Declared by:
<nixpkgs/nixos/modules/services/system/cachix-watch-store.nix>
|
services.cachix-watch-store.cachixTokenFile
Required file that needs to contain the cachix auth token.
Type: absolute path
Declared by:
<nixpkgs/nixos/modules/services/system/cachix-watch-store.nix>
|
services.cachix-watch-store.compressionLevel
The compression level for ZSTD compression (between 0 and 16)
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/system/cachix-watch-store.nix>
|
services.cachix-watch-store.host
Cachix host to connect to
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/system/cachix-watch-store.nix>
|
services.cachix-watch-store.jobs
Number of threads used for pushing store paths
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/system/cachix-watch-store.nix>
|
services.cachix-watch-store.signingKeyFile
Optional file containing a self-managed signing key to sign uploaded store paths.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/system/cachix-watch-store.nix>
|
services.cachix-watch-store.verbose
Enable verbose output
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/system/cachix-watch-store.nix>
|
services.caddy.enable
Whether to enable Caddy web server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
|
services.caddy.enableReload
Reload Caddy instead of restarting it when configuration file changes.
Note that enabling this option requires the admin API to not be turned off.
If you enable this option, consider setting grace_period
to a non-infinite value in services.caddy.globalConfig
to prevent Caddy waiting for active connections to finish,
which could delay the reload essentially indefinitely.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
|
services.caddy.package
The caddy package to use.
Type: package
Default:
pkgs.caddy
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
|
services.caddy.acmeCA
Sets the acme_ca
option
in the global options block of the resulting Caddyfile.
The URL to the ACME CA’s directory. It is strongly recommended to set
this to https://acme-staging-v02.api.letsencrypt.org/directory
for
Let’s Encrypt’s staging endpoint
while testing or in development.
Value null
should be prefered for production setups,
as it omits the acme_ca
option to enable
automatic issuer fallback.
Type: null or string
Default:
null
Example:
"https://acme-v02.api.letsencrypt.org/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
|
services.caddy.adapter
Name of the config adapter to use. See https://caddyserver.com/docs/config-adapters for the full list.
If null
is specified, the --adapter
argument is omitted when
starting or restarting Caddy. Notably, this allows specification of a
configuration file in Caddy’s native JSON format, as long as the
filename does not start with Caddyfile
(in which case the caddyfile
adapter is implicitly enabled). See
https://caddyserver.com/docs/command-line#caddy-run for details.
Any value other than null
or caddyfile
is only valid when providing
your own configFile
.
Type: null or string
Default:
if ((cfg.configFile != configFile) || (builtins.baseNameOf cfg.configFile) == "Caddyfile") then "caddyfile" else null
Example:
nginx
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
|
services.caddy.configFile
Override the configuration file used by Caddy. By default, NixOS generates one automatically.
The configuration file is exposed at /etc/caddy/caddy_config
.
Type: absolute path
Default:
"A Caddyfile automatically generated by values from services.caddy.*"
Example:
pkgs.writeText "Caddyfile" ''
example.com
root * /var/www/wordpress
php_fastcgi unix//run/php/php-version-fpm.sock
file_server
'';
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
|
services.caddy.dataDir
The data directory for caddy.
If left as the default value this directory will automatically be created before the Caddy server starts, otherwise you are responsible for ensuring the directory exists with appropriate ownership and permissions.
Caddy v2 replaced CADDYPATH
with XDG directories.
See https://caddyserver.com/docs/conventions#file-locations.
Type: absolute path
Default:
"/var/lib/caddy"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
|
services.caddy.email
Your email address. Mainly used when creating an ACME account with your CA, and is highly recommended in case there are problems with your certificates.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
|
services.caddy.environmentFile
Environment file as defined in systemd.exec(5).
You can use environment variables to pass secrets to the service without adding them to the world-redable nix store.
# in configuration.nix
services.caddy.environmentFile = "/run/secrets/caddy.env";
services.caddy.globalConfig = ''
{
acme_ca https://acme.zerossl.com/v2/DV90
acme_eab {
key_id {$EAB_KEY_ID}
mac_key {$EAB_MAC_KEY}
}
}
'';
# in /run/secrets/caddy.env
EAB_KEY_ID=secret
EAB_MAC_KEY=secret
Find more examples here
Type: null or absolute path
Default:
null
Example:
"/run/secrets/caddy.env"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
|
services.caddy.extraConfig
Additional lines of configuration appended to the automatically
generated Caddyfile
.
Type: strings concatenated with “\n”
Default:
""
Example:
''
example.com {
encode gzip
log
root /srv/http
}
''
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
|
services.caddy.globalConfig
Additional lines of configuration appended to the global config section
of the Caddyfile
.
Refer to https://caddyserver.com/docs/caddyfile/options#global-options for details on supported values.
Type: strings concatenated with “\n”
Default:
""
Example:
''
debug
servers {
protocol {
experimental_http3
}
}
''
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
|
services.caddy.group
Group under which caddy runs.
If left as the default value this group will automatically be created on system activation, otherwise you are responsible for ensuring the group exists before the Caddy service starts.
Type: string
Default:
"caddy"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
|
services.caddy.logDir
Directory for storing Caddy access logs.
If left as the default value this directory will automatically be created before the Caddy server starts, otherwise the sysadmin is responsible for ensuring the directory exists with appropriate ownership and permissions.
Type: absolute path
Default:
"/var/log/caddy"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
|
services.caddy.logFormat
Configuration for the default logger. See https://caddyserver.com/docs/caddyfile/options#log for details.
Type: strings concatenated with “\n”
Default:
''
level ERROR
''
Example:
mkForce "level INFO";
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
|
services.caddy.resume
Use saved config, if any (and prefer over any specified configuration passed with --config
).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
|
services.caddy.settings
Structured configuration for Caddy to generate a Caddy JSON configuration file. See https://caddyserver.com/docs/json/ for available options.
Using a Caddyfile instead of a JSON config is highly recommended by upstream. There are only very few exception to this.
Please use a Caddyfile via services.caddy.configFile
, services.caddy.virtualHosts
or
services.caddy.extraConfig
with services.caddy.globalConfig
instead.
Takes presence over most services.caddy.*
options, such as services.caddy.configFile
and services.caddy.virtualHosts
, if specified.
Type: JSON value
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
|
services.caddy.user
User account under which caddy runs.
If left as the default value this user will automatically be created on system activation, otherwise you are responsible for ensuring the user exists before the Caddy service starts.
Type: string
Default:
"caddy"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
|
services.caddy.virtualHosts
Declarative specification of virtual hosts served by Caddy.
Type: attribute set of (submodule)
Default:
{ }
Example:
{
"hydra.example.com" = {
serverAliases = [ "www.hydra.example.com" ];
extraConfig = ''
encode gzip
root * /srv/http
'';
};
};
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
|
services.caddy.virtualHosts.<name>.extraConfig
Additional lines of configuration appended to this virtual host in the
automatically generated Caddyfile
.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
|
services.caddy.virtualHosts.<name>.hostName
Canonical hostname for the server.
Type: string
Default:
"‹name›"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
|
services.caddy.virtualHosts.<name>.listenAddresses
A list of host interfaces to bind to for this virtual host.
Type: list of string
Default:
[ ]
Example:
[
"127.0.0.1"
"::1"
]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
|
services.caddy.virtualHosts.<name>.logFormat
Configuration for HTTP request logging (also known as access logs). See https://caddyserver.com/docs/caddyfile/directives/log#log for details.
Type: strings concatenated with “\n”
Default:
''
output file ''${config.services.caddy.logDir}/access-''${hostName}.log
''
Example:
mkForce ''
output discard
'';
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
|
services.caddy.virtualHosts.<name>.serverAliases
Additional names of virtual hosts served by this virtual host configuration.
Type: list of string
Default:
[ ]
Example:
[
"www.example.org"
"example.org"
]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
|
services.caddy.virtualHosts.<name>.useACMEHost
A host of an existing Let’s Encrypt certificate to use. This is mostly useful if you use DNS challenges but Caddy does not currently support your provider.
Note that this option does not create any certificates, nor
does it add subdomains to existing ones – you will need to create them
manually using security.acme.certs
.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
|
services.cadvisor.enable
Whether to enable Cadvisor service.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
|
services.cadvisor.extraOptions
Additional cadvisor options.
See https://github.com/google/cadvisor/blob/master/docs/runtime_options.md for available options.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
|
services.cadvisor.listenAddress
Cadvisor listening host
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
|
services.cadvisor.port
Cadvisor listening port
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
8080
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
|
services.cadvisor.storageDriver
Cadvisor storage driver.
Type: null or string
Default:
null
Example:
"influxdb"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
|
services.cadvisor.storageDriverDb
Cadvisord storage driver database name.
Type: string
Default:
"root"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
|
services.cadvisor.storageDriverHost
Cadvisor storage driver host.
Type: string
Default:
"localhost:8086"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
|
services.cadvisor.storageDriverPassword
Cadvisor storage driver password.
Warning: this password is stored in the world-readable Nix store. It’s
recommended to use the storageDriverPasswordFile
option
since that gives you control over the security of the password.
storageDriverPasswordFile
also takes precedence over storageDriverPassword
.
Type: string
Default:
"root"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
|
services.cadvisor.storageDriverPasswordFile
File that contains the cadvisor storage driver password.
storageDriverPasswordFile
takes precedence over storageDriverPassword
Warning: when storageDriverPassword
is non-empty this defaults to a file in the
world-readable Nix store that contains the value of storageDriverPassword
.
It’s recommended to override this with a path not in the Nix store. Tip: use nixops key management
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
|
services.cadvisor.storageDriverSecure
Cadvisor storage driver, enable secure communication.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
|
services.cadvisor.storageDriverUser
Cadvisor storage driver username.
Type: string
Default:
"root"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
|
services.cage.enable
Whether to enable cage kiosk service.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/wayland/cage.nix>
|
services.cage.package
The cage package to use.
Type: package
Default:
pkgs.cage
Declared by:
<nixpkgs/nixos/modules/services/wayland/cage.nix>
|
services.cage.environment
Additional environment variables to pass to Cage.
Type: attribute set of string
Default:
{ }
Example:
{
WLR_LIBINPUT_NO_DEVICES = "1";
}
Declared by:
<nixpkgs/nixos/modules/services/wayland/cage.nix>
|
services.cage.extraArguments
Additional command line arguments to pass to Cage.
Type: list of string
Default:
[]
Example:
[
"-d"
]
Declared by:
<nixpkgs/nixos/modules/services/wayland/cage.nix>
|
services.cage.program
Program to run in cage.
Type: absolute path
Default:
"${pkgs.xterm}/bin/xterm"
Declared by:
<nixpkgs/nixos/modules/services/wayland/cage.nix>
|
services.cage.user
User to log-in as.
Type: string
Default:
"demo"
Declared by:
<nixpkgs/nixos/modules/services/wayland/cage.nix>
|
services.calibre-server.enable
Whether to enable calibre-server (e-book software).
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/calibre-server.nix>
|
services.calibre-server.package
The calibre package to use.
Type: package
Default:
pkgs.calibre
Declared by:
<nixpkgs/nixos/modules/services/misc/calibre-server.nix>
|
services.calibre-server.auth.enable
Password based authentication to access the server. See the calibre-server documentation for details.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/calibre-server.nix>
|
services.calibre-server.auth.mode
Choose the type of authentication used. Set the HTTP authentication mode used by the server. See the calibre-server documentation for details.
Type: one of “auto”, “basic”, “digest”
Default:
"auto"
Declared by:
<nixpkgs/nixos/modules/services/misc/calibre-server.nix>
|
services.calibre-server.auth.userDb
Choose users database file to use for authentication. Make sure users database file is initialized before service startup. See the calibre-server documentation for details.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/calibre-server.nix>
|
services.calibre-server.extraFlags
Extra flags to pass to the calibre-server command. See the calibre-server documentation for details.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/misc/calibre-server.nix>
|
services.calibre-server.group
The group under which calibre-server runs.
Type: string
Default:
"calibre-server"
Declared by:
<nixpkgs/nixos/modules/services/misc/calibre-server.nix>
|
services.calibre-server.host
The interface on which to listen for connections. See the calibre-server documentation for details.
Type: string
Default:
"0.0.0.0"
Example:
"::1"
Declared by:
<nixpkgs/nixos/modules/services/misc/calibre-server.nix>
|
services.calibre-server.libraries
Make sure each library path is initialized before service startup. The directories of the libraries to serve. They must be readable for the user under which the server runs. See the calibredb documentation for details.
Type: list of absolute path
Default:
[
"/var/lib/calibre-server"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/calibre-server.nix>
|
services.calibre-server.openFirewall
Open ports in the firewall for the Calibre Server web interface.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/calibre-server.nix>
|
services.calibre-server.port
The port on which to listen for connections. See the calibre-server documentation for details.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
8080
Declared by:
<nixpkgs/nixos/modules/services/misc/calibre-server.nix>
|
services.calibre-server.user
The user under which calibre-server runs.
Type: string
Default:
"calibre-server"
Declared by:
<nixpkgs/nixos/modules/services/misc/calibre-server.nix>
|
services.calibre-web.enable
Whether to enable Calibre-Web.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/calibre-web.nix>
|
services.calibre-web.package
The calibre-web package to use.
Type: package
Default:
pkgs.calibre-web
Declared by:
<nixpkgs/nixos/modules/services/web-apps/calibre-web.nix>
|
services.calibre-web.dataDir
Where Calibre-Web stores its data.
Either an absolute path, or the directory name below /var/lib
.
Type: string
Default:
"calibre-web"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/calibre-web.nix>
|
services.calibre-web.group
Group account under which Calibre-Web runs.
Type: string
Default:
"calibre-web"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/calibre-web.nix>
|
services.calibre-web.listen.ip
IP address that Calibre-Web should listen on.
Type: string
Default:
"::1"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/calibre-web.nix>
|
services.calibre-web.listen.port
Listen port for Calibre-Web.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
8083
Declared by:
<nixpkgs/nixos/modules/services/web-apps/calibre-web.nix>
|
services.calibre-web.openFirewall
Open ports in the firewall for the server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/calibre-web.nix>
|
services.calibre-web.options.enableBookConversion
Configure path to the Calibre’s ebook-convert in the DB.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/calibre-web.nix>
|
services.calibre-web.options.enableBookUploading
Allow books to be uploaded via Calibre-Web UI.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/calibre-web.nix>
|
services.calibre-web.options.enableKepubify
Whether to enable kebup conversion support.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/calibre-web.nix>
|
services.calibre-web.options.calibreLibrary
Path to Calibre library.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/calibre-web.nix>
|
services.calibre-web.options.reverseProxyAuth.enable
Enable authorization using auth proxy.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/calibre-web.nix>
|
services.calibre-web.options.reverseProxyAuth.header
Auth proxy header name.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/calibre-web.nix>
|
services.calibre-web.user
User account under which Calibre-Web runs.
Type: string
Default:
"calibre-web"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/calibre-web.nix>
|
services.canaille.enable
Whether to enable Canaille.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/security/canaille.nix>
|
services.canaille.package
The canaille package to use.
Type: package
Default:
pkgs.canaille
Declared by:
<nixpkgs/nixos/modules/services/security/canaille.nix>
|
services.canaille.jwtPrivateKeyFile
File containing the JWT private key. Make sure it has appropriate permissions.
You can generate one using
openssl genrsa -out private.pem 4096
openssl rsa -in private.pem -pubout -outform PEM -out public.pem
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/canaille.nix>
|
services.canaille.ldapBindPasswordFile
File containing the LDAP bind password.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/canaille.nix>
|
services.canaille.secretKeyFile
File containing the Flask secret key. Its content is going to be
provided to Canaille as SECRET_KEY
. Make sure it has appropriate
permissions. For example, copy the output of this to the specified
file:
python3 -c 'import secrets; print(secrets.token_hex())'
Type: absolute path
Declared by:
<nixpkgs/nixos/modules/services/security/canaille.nix>
|
services.canaille.settings
Settings for Canaille. See the documentation for details.
Type: TOML value
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/security/canaille.nix>
|
services.canaille.settings.CANAILLE.ACL
Access Control Lists.
See also the documentation.
Type: null or (TOML value)
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/canaille.nix>
|
services.canaille.settings.CANAILLE.SMTP
SMTP configuration. By default, sending emails is not enabled.
Set to an empty attrs to send emails from localhost without authentication.
See also the documentation.
Type: null or (TOML value)
Default:
null
Example:
{ }
Declared by:
<nixpkgs/nixos/modules/services/security/canaille.nix>
|
services.canaille.settings.CANAILLE.SMTP.PASSWORD
SMTP Password. Can’t be set and has to be provided using
services.canaille.smtpPasswordFile
.
Type: null or string (read only)
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/canaille.nix>
|
services.canaille.settings.CANAILLE_LDAP
Configuration for the LDAP backend. This storage backend is not yet supported by the module, so use at your own risk!
Type: null or (TOML value)
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/canaille.nix>
|
services.canaille.settings.CANAILLE_LDAP.BIND_PW
The LDAP bind password. Can’t be set and has to be provided using
services.canaille.ldapBindPasswordFile
.
Type: null or string (read only)
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/canaille.nix>
|
services.canaille.settings.CANAILLE_OIDC
OpenID Connect settings. See the documentation.
Type: null or (TOML value)
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/canaille.nix>
|
services.canaille.settings.CANAILLE_OIDC.JWT.PRIVATE_KEY
JWT private key. Can’t be set and has to be provided using
services.canaille.jwtPrivateKeyFile
.
Type: null or string (read only)
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/canaille.nix>
|
services.canaille.settings.CANAILLE_SQL.DATABASE_URI
The SQL server URI. Will configure a local PostgreSQL db if left to default. Please note that the NixOS module only really supports PostgreSQL for now. Change at your own risk!
Type: string
Default:
"postgresql://localhost/canaille?host=/run/postgresql"
Declared by:
<nixpkgs/nixos/modules/services/security/canaille.nix>
|
services.canaille.settings.PREFERRED_URL_SCHEME
The url scheme by which canaille will be served.
Type: one of “http”, “https”
Default:
"https"
Declared by:
<nixpkgs/nixos/modules/services/security/canaille.nix>
|
services.canaille.settings.SECRET_KEY
Flask Secret Key. Can’t be set and must be provided through
services.canaille.settings.secretKeyFile
.
Type: null or string (read only)
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/canaille.nix>
|
services.canaille.settings.SERVER_NAME
The domain name on which canaille will be served.
Type: string
Example:
"auth.example.org"
Declared by:
<nixpkgs/nixos/modules/services/security/canaille.nix>
|
services.canaille.smtpPasswordFile
File containing the SMTP password. Make sure it has appropriate permissions.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/canaille.nix>
|
services.canto-daemon.enable
Whether to enable the canto RSS daemon.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/canto-daemon.nix>
|
services.cassandra.enable
Whether to enable Apache Cassandra – Scalable and highly available database .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.package
The cassandra package to use.
Type: package
Default:
pkgs.cassandra
Example:
cassandra_3_11
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.allowClients
Enables or disables the native transport server (CQL binary protocol).
This server uses the same address as the rpcAddress
,
but the port it uses is not rpc_port
but
native_transport_port
. See the official Cassandra
docs for more information on these variables and set them using
extraConfig
.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.clusterName
The name of the cluster. This setting prevents nodes in one logical cluster from joining another. All nodes in a cluster must have the same value.
Type: string
Default:
"Test Cluster"
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.extraConfig
Extra options to be merged into cassandra.yaml
as nix attribute set.
Type: attribute set
Default:
{ }
Example:
{
commitlog_sync_batch_window_in_ms = 3;
}
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.extraEnvSh
Extra shell lines to be appended onto cassandra-env.sh
.
Type: strings concatenated with “\n”
Default:
""
Example:
"CLASSPATH=$CLASSPATH:${extraJar}"
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.fullRepairInterval
Set the interval how often full repairs are run, i.e. nodetool repair --full is executed. See https://cassandra.apache.org/doc/latest/operating/repair.html for more information.
Set to null
to disable full repairs.
Type: null or string
Default:
"3w"
Example:
null
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.fullRepairOptions
Options passed through to the full repair command.
Type: list of string
Default:
[ ]
Example:
[
"--partitioner-range"
]
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.group
Run Apache Cassandra under this group.
Type: string
Default:
"cassandra"
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.heapNewSize
Must be left blank or set together with heapNewSize
.
If left blank a sensible value for the available amount of RAM and CPU
cores is calculated.
Override to set the amount of memory to allocate to the JVM at
start-up. For production use you may wish to adjust this for your
environment. HEAP_NEWSIZE
refers to the size of the young
generation.
The main trade-off for the young generation is that the larger it is, the longer GC pause times will be. The shorter it is, the more expensive GC will be (usually).
The example HEAP_NEWSIZE
assumes a modern 8-core+ machine for decent pause
times. If in doubt, and if you do not particularly want to tweak, go with
100 MB per physical CPU core.
Type: null or string
Default:
null
Example:
"800M"
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.homeDir
Home directory for Apache Cassandra.
Type: absolute path
Default:
"/var/lib/cassandra"
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.incrementalRepairInterval
Set the interval how often incremental repairs are run, i.e. nodetool repair is executed. See https://cassandra.apache.org/doc/latest/operating/repair.html for more information.
Set to null
to disable incremental repairs.
Type: null or string
Default:
"3d"
Example:
null
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.incrementalRepairOptions
Options passed through to the incremental repair command.
Type: list of string
Default:
[ ]
Example:
[
"--partitioner-range"
]
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.jmxPort
Specifies the default port over which Cassandra will be available for JMX connections. For security reasons, you should not expose this port to the internet. Firewall it if needed.
Type: signed integer
Default:
7199
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.jmxRoles
Roles that are allowed to access the JMX (e.g. nodetool)
BEWARE: The passwords will be stored world readable in the nix store.
It’s recommended to use your own protected file using
jmxRolesFile
Doesn’t work in versions older than 3.11 because they don’t like that it’s world readable.
Type: list of (submodule)
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.jmxRoles.*.password
Password for JMX
Type: string
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.jmxRoles.*.username
Username for JMX
Type: string
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.jmxRolesFile
Specify your own jmx roles file.
Make sure the permissions forbid “others” from reading the file if you’re using Cassandra below version 3.11.
Type: null or absolute path
Default:
generated configuration file if version is at least 3.11, otherwise null
Example:
"/var/lib/cassandra/jmx.password"
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.jvmOpts
Populate the JVM_OPT
environment variable.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.listenAddress
Address or interface to bind to and tell other Cassandra nodes to connect to. You must change this if you want multiple nodes to be able to communicate!
Set listenAddress
OR listenInterface
, not both.
Leaving it blank leaves it up to
InetAddress.getLocalHost()
. This will always do the “Right
Thing” if the node is properly configured (hostname, name
resolution, etc), and the Right Thing is to use the address
associated with the hostname (it might not be).
Setting listenAddress
to 0.0.0.0
is always wrong.
Type: null or string
Default:
"127.0.0.1"
Example:
null
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.listenInterface
Set listenAddress
OR listenInterface
, not both. Interfaces
must correspond to a single address, IP aliasing is not
supported.
Type: null or string
Default:
null
Example:
"eth1"
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.logbackConfig
XML logback configuration for cassandra
Type: strings concatenated with “\n”
Default:
''
<configuration scan="false">
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%-5level %date{HH:mm:ss,SSS} %msg%n</pattern>
</encoder>
</appender>
<root level="INFO">
<appender-ref ref="STDOUT" />
</root>
<logger name="com.thinkaurelius.thrift" level="ERROR"/>
</configuration>
''
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.mallocArenaMax
Set this to control the amount of arenas per-thread in glibc.
Type: null or signed integer
Default:
null
Example:
4
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.maxHeapSize
Must be left blank or set together with heapNewSize
.
If left blank a sensible value for the available amount of RAM and CPU
cores is calculated.
Override to set the amount of memory to allocate to the JVM at
start-up. For production use you may wish to adjust this for your
environment. MAX_HEAP_SIZE
is the total amount of memory dedicated
to the Java heap. HEAP_NEWSIZE
refers to the size of the young
generation.
The main trade-off for the young generation is that the larger it is, the longer GC pause times will be. The shorter it is, the more expensive GC will be (usually).
Type: null or string
Default:
null
Example:
"4G"
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.remoteJmx
Cassandra ships with JMX accessible only from localhost. To enable remote JMX connections set to true.
Be sure to also enable authentication and/or TLS. See: https://wiki.apache.org/cassandra/JmxSecurity
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.rpcAddress
The address or interface to bind the native transport server to.
Set rpcAddress
OR rpcInterface
, not both.
Leaving rpcAddress
blank has the same effect as on
listenAddress
(i.e. it will be based on the configured hostname
of the node).
Note that unlike listenAddress
, you can specify "0.0.0.0"
, but you
must also set extraConfig.broadcast_rpc_address
to a value other
than "0.0.0.0"
.
For security reasons, you should not expose this port to the internet. Firewall it if needed.
Type: null or string
Default:
"127.0.0.1"
Example:
null
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.rpcInterface
Set rpcAddress
OR rpcInterface
, not both. Interfaces must
correspond to a single address, IP aliasing is not supported.
Type: null or string
Default:
null
Example:
"eth1"
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.seedAddresses
The addresses of hosts designated as contact points in the cluster. A
joining node contacts one of the nodes in the seeds list to learn the
topology of the ring.
Set to [ "127.0.0.1" ]
for a single node cluster.
Type: list of string
Default:
[
"127.0.0.1"
]
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.user
Run Apache Cassandra under this user.
Type: string
Default:
"cassandra"
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.castopod.enable
Whether to enable Castopod, a hosting platform for podcasters.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/castopod.nix>
|
services.castopod.package
Which Castopod package to use.
Type: package
Default: pkgs.castopod
Declared by:
<nixpkgs/nixos/modules/services/web-apps/castopod.nix>
|
services.castopod.configureNginx
Configure nginx as a reverse proxy for CastoPod.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/castopod.nix>
|
services.castopod.dataDir
The path where castopod stores all data. This path must be in sync
with the castopod package (where it is hardcoded during the build in
accordance with its own dataDir
argument).
Type: absolute path
Default:
"/var/lib/castopod"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/castopod.nix>
|
services.castopod.database.createLocally
Create the database and database user locally.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/castopod.nix>
|
services.castopod.database.hostname
Database hostname.
Type: string
Default:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/castopod.nix>
|
services.castopod.database.name
Database name.
Type: string
Default:
"castopod"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/castopod.nix>
|
services.castopod.database.passwordFile
A file containing the password corresponding to
services.castopod.database.user
.
This file is loaded using systemd LoadCredentials.
Type: null or absolute path
Default:
null
Example:
"/run/keys/castopod-dbpassword"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/castopod.nix>
|
services.castopod.database.user
Database user.
Type: string
Default:
"castopod"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/castopod.nix>
|
services.castopod.environmentFile
Environment file to inject e.g. secrets into the configuration. See for available environment variables.
This file is loaded using systemd LoadCredentials.
Type: null or absolute path
Default:
null
Example:
"/run/keys/castopod-env"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/castopod.nix>
|
services.castopod.localDomain
The domain serving your CastoPod instance.
Type: string
Example:
"castopod.example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/castopod.nix>
|
services.castopod.maxUploadSize
Maximum supported size for a file upload in. Maximum HTTP body size is set to this value for nginx and PHP (because castopod doesn’t support chunked uploads yet: https://code.castopod.org/adaures/castopod/-/issues/330).
Note, that practical upload size limit is smaller. For example, with 512 MiB setting - around 500 MiB is possible.
Type: string
Default:
"512M"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/castopod.nix>
|
services.castopod.poolSettings
Options for Castopod’s PHP pool. See the documentation on php-fpm.conf
for details on configuration directives.
Type: attribute set of (string or signed integer or boolean)
Default:
{
pm = "dynamic";
"pm.max_children" = "32";
"pm.max_requests" = "500";
"pm.max_spare_servers" = "4";
"pm.min_spare_servers" = "2";
"pm.start_servers" = "2";
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/castopod.nix>
|
services.castopod.settings
Environment variables used for Castopod. See for available environment variables.
Type: attribute set of (string or signed integer or boolean)
Default:
{ }
Example:
{
"email.SMTPHost" = "localhost";
"email.SMTPUser" = "myuser";
"email.fromEmail" = "castopod@example.com";
"email.protocol" = "smtp";
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/castopod.nix>
|
services.centrifugo.enable
Whether to enable Centrifugo messaging server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/centrifugo.nix>
|
services.centrifugo.package
The centrifugo package to use.
Type: package
Default:
pkgs.centrifugo
Declared by:
<nixpkgs/nixos/modules/services/networking/centrifugo.nix>
|
services.centrifugo.credentials
Environment variables with absolute paths to credentials files to load on service startup.
Type: attribute set of absolute path
Default:
{ }
Example:
{
CENTRIFUGO_UNI_GRPC_TLS_KEY = "/run/keys/centrifugo-uni-grpc-tls.key";
}
Declared by:
<nixpkgs/nixos/modules/services/networking/centrifugo.nix>
|
services.centrifugo.environmentFiles
Files to load environment variables from. Options set via environment
variables take precedence over settings
.
See the Centrifugo documentation for the environment variable name format.
Type: list of absolute path
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/centrifugo.nix>
|
services.centrifugo.extraGroups
Additional groups for the systemd service.
Type: list of string
Default:
[ ]
Example:
[
"redis-centrifugo"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/centrifugo.nix>
|
services.centrifugo.settings
Declarative Centrifugo configuration. See the Centrifugo documentation for a list of options.
Type: JSON value
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/networking/centrifugo.nix>
|
services.ceph.enable
Whether to enable Ceph global configuration.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.client.enable
Whether to enable Ceph client configuration.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.client.extraConfig
Extra configuration to add to the client section. Configuration for rados gateways would be added here, with their own sections, see example.
Type: attribute set of attribute set of string
Default:
{ }
Example:
{
# This would create a section for a radosgw daemon named node0 and related
# configuration for it
"client.radosgw.node0" = { "some config option" = "true"; };
};
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.extraConfig
Extra configuration to add to the global section. Use for setting values that are common for all daemons in the cluster.
Type: attribute set of string
Default:
{ }
Example:
{
"ms bind ipv6" = "true";
}
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.global.authClientRequired
Enables requiring the cluster to authenticate itself to the client.
Type: one of “cephx”, “none”
Default:
"cephx"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.global.authClusterRequired
Enables requiring daemons to authenticate with eachother in the cluster.
Type: one of “cephx”, “none”
Default:
"cephx"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.global.authServiceRequired
Enables requiring clients to authenticate with the cluster to access services in the cluster (e.g. radosgw, mds or osd).
Type: one of “cephx”, “none”
Default:
"cephx"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.global.clusterName
Name of cluster
Type: string
Default:
"ceph"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.global.clusterNetwork
A comma-separated list of subnets that will be used as cluster networks in the cluster.
Type: null or strings concatenated with “,”
Default:
null
Example:
''
10.10.0.0/24, 192.168.0.0/24
''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.global.fsid
Filesystem ID, a generated uuid, its must be generated and set before attempting to start a cluster
Type: string
Example:
''
433a2193-4f8a-47a0-95d2-209d7ca2cca5
''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.global.maxOpenFiles
Max open files for each OSD daemon.
Type: signed integer
Default:
131072
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.global.mgrModulePath
Path at which to find ceph-mgr modules.
Type: absolute path
Default:
"${pkgs.ceph.lib}/lib/ceph/mgr"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.global.monHost
List of hostname shortnames/IP addresses of the initial monitors.
Type: null or strings concatenated with “,”
Default:
null
Example:
''
10.10.0.1, 10.10.0.2, 10.10.0.3
''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.global.monInitialMembers
List of hosts that will be used as monitors at startup.
Type: null or strings concatenated with “,”
Default:
null
Example:
''
node0, node1, node2
''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.global.publicNetwork
A comma-separated list of subnets that will be used as public networks in the cluster.
Type: null or strings concatenated with “,”
Default:
null
Example:
''
10.20.0.0/24, 192.168.1.0/24
''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.global.rgwMimeTypesFile
Path to mime types used by radosgw.
Type: null or absolute path
Default:
"${pkgs.mailcap}/etc/mime.types"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.mds.enable
Whether to enable Ceph MDS daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.mds.package
The ceph package to use.
Type: package
Default:
pkgs.ceph
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.mds.daemons
A list of metadata service daemons that should have a service created. The names correspond to the id part in ceph i.e. [ “name1” ] would result in mds.name1
Type: list of string
Default:
[ ]
Example:
[
"name1"
"name2"
]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.mds.extraConfig
Extra configuration to add to the MDS section.
Type: attribute set of string
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.mgr.enable
Whether to enable Ceph MGR daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.mgr.package
The ceph package to use.
Type: package
Default:
pkgs.ceph
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.mgr.daemons
A list of names for manager daemons that should have a service created. The names correspond to the id part in ceph i.e. [ “name1” ] would result in mgr.name1
Type: list of string
Default:
[ ]
Example:
[
"name1"
"name2"
]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.mgr.extraConfig
Extra configuration to add to the global section for manager daemons.
Type: attribute set of string
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.mon.enable
Whether to enable Ceph MON daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.mon.package
The ceph package to use.
Type: package
Default:
pkgs.ceph
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.mon.daemons
A list of monitor daemons that should have a service created. The names correspond to the id part in ceph i.e. [ “name1” ] would result in mon.name1
Type: list of string
Default:
[ ]
Example:
[
"name1"
"name2"
]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.mon.extraConfig
Extra configuration to add to the monitor section.
Type: attribute set of string
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.osd.enable
Whether to enable Ceph OSD daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.osd.package
The ceph package to use.
Type: package
Default:
pkgs.ceph
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.osd.daemons
A list of OSD daemons that should have a service created. The names correspond to the id part in ceph i.e. [ “name1” ] would result in osd.name1
Type: list of string
Default:
[ ]
Example:
[
"name1"
"name2"
]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.osd.extraConfig
Extra configuration to add to the OSD section.
Type: attribute set of string
Default:
{
"osd crush chooseleaf type" = "1";
"osd journal size" = "10000";
"osd pool default min size" = "2";
"osd pool default pg num" = "200";
"osd pool default pgp num" = "200";
"osd pool default size" = "3";
}
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.rgw.enable
Whether to enable Ceph RadosGW daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.rgw.package
The ceph package to use.
Type: package
Default:
pkgs.ceph
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.rgw.daemons
A list of rados gateway daemons that should have a service created. The names correspond to the id part in ceph i.e. [ “name1” ] would result in client.name1, radosgw daemons aren’t daemons to cluster in the sense that OSD, MGR or MON daemons are. They are simply daemons, from ceph, that uses the cluster as a backend.
Type: list of string
Default:
[ ]
Example:
[
"name1"
"name2"
]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.certmgr.enable
Whether to enable certmgr.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/security/certmgr.nix>
|
services.certmgr.package
The certmgr package to use.
Type: package
Default:
pkgs.certmgr
Declared by:
<nixpkgs/nixos/modules/services/security/certmgr.nix>
|
services.certmgr.defaultRemote
The default CA host:port to use.
Type: string
Default:
"127.0.0.1:8888"
Declared by:
<nixpkgs/nixos/modules/services/security/certmgr.nix>
|
services.certmgr.metricsAddress
The address for the Prometheus HTTP endpoint.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/security/certmgr.nix>
|
services.certmgr.metricsPort
The port for the Prometheus HTTP endpoint.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
9488
Declared by:
<nixpkgs/nixos/modules/services/security/certmgr.nix>
|
services.certmgr.renewInterval
How often to check certificate expirations and how often to update the cert_next_expires metric.
Type: string
Default:
"30m"
Declared by:
<nixpkgs/nixos/modules/services/security/certmgr.nix>
|
services.certmgr.specs
Certificate specs as described by: https://github.com/cloudflare/certmgr#certificate-specs These will be added to the Nix store, so they will be world readable.
Type: attribute set of (absolute path or (submodule))
Default:
{ }
Example:
{
exampleCert =
let
domain = "example.com";
secret = name: "/var/lib/secrets/${name}.pem";
in {
service = "nginx";
action = "reload";
authority = {
file.path = secret "ca";
};
certificate = {
path = secret domain;
};
private_key = {
owner = "root";
group = "root";
mode = "0600";
path = secret "${domain}-key";
};
request = {
CN = domain;
hosts = [ "mail.${domain}" "www.${domain}" ];
key = {
algo = "rsa";
size = 2048;
};
names = {
O = "Example Organization";
C = "USA";
};
};
};
otherCert = "/var/certmgr/specs/other-cert.json";
}
Declared by:
<nixpkgs/nixos/modules/services/security/certmgr.nix>
|
services.certmgr.svcManager
This specifies the service manager to use for restarting or reloading services. See: https://github.com/cloudflare/certmgr#certmgryaml. For how to use the “command” service manager in particular, see: https://github.com/cloudflare/certmgr#command-svcmgr-and-how-to-use-it.
Type: one of “circus”, “command”, “dummy”, “openrc”, “systemd”, “sysv”
Default:
"systemd"
Declared by:
<nixpkgs/nixos/modules/services/security/certmgr.nix>
|
services.certmgr.validMin
The interval before a certificate expires to start attempting to renew it.
Type: string
Default:
"72h"
Declared by:
<nixpkgs/nixos/modules/services/security/certmgr.nix>
|
services.certspotter.enable
Whether to enable Cert Spotter, a Certificate Transparency log monitor.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/certspotter.nix>
|
services.certspotter.package
The certspotter package to use.
Type: package
Default:
pkgs.certspotter
Declared by:
<nixpkgs/nixos/modules/services/monitoring/certspotter.nix>
|
services.certspotter.emailRecipients
A list of email addresses to send certificate updates to.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/certspotter.nix>
|
services.certspotter.extraFlags
Extra command-line arguments to pass to Cert Spotter
Type: list of string
Default:
[ ]
Example:
[
"-no_save"
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/certspotter.nix>
|
services.certspotter.hooks
Scripts to run upon the detection of a new certificate. See man 8 certspotter-script
or
the GitHub page
for more info.
Type: list of absolute path
Default:
[ ]
Example:
[
(pkgs.writeShellScript "certspotter-hook" ''
echo "Event summary: $SUMMARY."
'')
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/certspotter.nix>
|
services.certspotter.sendmailPath
Path to the sendmail
binary. By default, the local sendmail wrapper is used
(see services.mail.sendmailSetuidWrapper
}).
Type: null or absolute path
Example:
"${pkgs.system-sendmail}/bin/sendmail"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/certspotter.nix>
|
services.certspotter.startAtEnd
Whether to skip certificates issued before the first launch of Cert Spotter.
Setting this to false
will cause Cert Spotter to download tens of terabytes of data.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/certspotter.nix>
|
services.certspotter.watchlist
Domain names to watch. To monitor a domain with all subdomains, prefix its name with .
(e.g. .example.org
).
Type: list of string
Default:
[ ]
Example:
[
".example.org"
"another.example.com"
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/certspotter.nix>
|
services.cfdyndns.enable
Whether to enable Cloudflare Dynamic DNS Client.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/cfdyndns.nix>
|
services.cfdyndns.apiTokenFile
The path to a file containing the API Token used to authenticate with CloudFlare.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/cfdyndns.nix>
|
services.cfdyndns.apikeyFile
The path to a file containing the API Key used to authenticate with CloudFlare.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/cfdyndns.nix>
|
services.cfdyndns.email
The email address to use to authenticate to CloudFlare.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/cfdyndns.nix>
|
services.cfdyndns.records
The records to update in CloudFlare.
Type: list of string
Default:
[ ]
Example:
[
"host.tld"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/cfdyndns.nix>
|
services.cfssl.enable
Whether to enable the CFSSL CA api-server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.address
Address to bind.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.ca
CA used to sign the new certificate – accepts ‘[file:]fname’ or ‘env:varname’.
Type: string
Default:
"${cfg.dataDir}/ca.pem"
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.caBundle
Path to root certificate store.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.caKey
CA private key – accepts ‘[file:]fname’ or ‘env:varname’.
Type: string
Default:
"file:${cfg.dataDir}/ca-key.pem"
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.configFile
Path to configuration file. Do not put this in nix-store as it might contain secrets.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.dataDir
The work directory for CFSSL.
If left as the default value this directory will automatically be created before the CFSSL server starts, otherwise you are responsible for ensuring the directory exists with appropriate ownership and permissions.
Type: absolute path
Default:
"/var/lib/cfssl"
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.dbConfig
Certificate db configuration file. Path must be writeable.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.intBundle
Path to intermediate certificate store.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.intDir
Intermediates directory.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.logLevel
Log level (0 = DEBUG, 5 = FATAL).
Type: one of 0, 1, 2, 3, 4, 5
Default:
1
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.metadata
Metadata file for root certificate presence. The content of the file is a json dictionary (k,v): each key k is a SHA-1 digest of a root certificate while value v is a list of key store filenames.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.mutualTlsCa
Mutual TLS - require clients be signed by this CA.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.mutualTlsClientCert
Mutual TLS - client certificate to call remote instance requiring client certs.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.mutualTlsClientKey
Mutual TLS - client key to call remote instance requiring client certs. Do not put this in nix-store.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.mutualTlsCn
Mutual TLS - regex for whitelist of allowed client CNs.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.port
Port to bind.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
8888
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.remote
Remote CFSSL server.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.responder
Certificate for OCSP responder.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.responderKey
Private key for OCSP responder certificate. Do not put this in nix-store.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.tlsCert
Other endpoint’s CA to set up TLS protocol.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.tlsKey
Other endpoint’s CA private key. Do not put this in nix-store.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.tlsRemoteCa
CAs to trust for remote TLS requests.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cgit
Configure cgit instances.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/networking/cgit.nix>
|
services.cgit.<name>.enable
Whether to enable cgit.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/cgit.nix>
|
services.cgit.<name>.package
The cgit package to use.
Type: package
Default:
pkgs.cgit
Declared by:
<nixpkgs/nixos/modules/services/networking/cgit.nix>
|
services.cgit.<name>.extraConfig
These lines go to the end of cgitrc verbatim.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/cgit.nix>
|
services.cgit.<name>.group
Group to run the cgit service as.
Type: string
Default:
"cgit"
Declared by:
<nixpkgs/nixos/modules/services/networking/cgit.nix>
|
services.cgit.<name>.nginx.location
Location to serve cgit under.
Type: string
Default:
"/"
Example:
"/git/"
Declared by:
<nixpkgs/nixos/modules/services/networking/cgit.nix>
|
services.cgit.<name>.nginx.virtualHost
VirtualHost to serve cgit on, defaults to the attribute name.
Type: string
Default:
"‹name›"
Example:
"git.example.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/cgit.nix>
|
services.cgit.<name>.repos
cgit repository settings, see cgitrc(5)
Type: attribute set of attribute set of (boolean or signed integer or string)
Default:
{ }
Example:
{
blah = {
desc = "An example repository";
path = "/var/lib/git/example";
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/cgit.nix>
|
services.cgit.<name>.scanPath
A path which will be scanned for repositories.
Type: null or absolute path
Default:
null
Example:
"/var/lib/git"
Declared by:
<nixpkgs/nixos/modules/services/networking/cgit.nix>
|
services.cgit.<name>.settings
cgit configuration, see cgitrc(5)
Type: attribute set of (boolean or signed integer or string or list of (boolean or signed integer or string))
Default:
{ }
Example:
{
enable-follow-links = true;
source-filter = "${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py";
}
Declared by:
<nixpkgs/nixos/modules/services/networking/cgit.nix>
|
services.cgit.<name>.user
User to run the cgit service as.
Type: string
Default:
"cgit"
Declared by:
<nixpkgs/nixos/modules/services/networking/cgit.nix>
|
services.cgminer.enable
Whether to enable cgminer, an ASIC/FPGA/GPU miner for bitcoin and litecoin.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/cgminer.nix>
|
services.cgminer.package
The cgminer package to use.
Type: package
Default:
pkgs.cgminer
Declared by:
<nixpkgs/nixos/modules/services/misc/cgminer.nix>
|
services.cgminer.config
Additional config
Type: attribute set of (boolean or signed integer)
Default:
{ }
Example:
{
auto-fan = true;
auto-gpu = true;
expiry = 120;
failover-only = true;
gpu-threads = 2;
log = 5;
queue = 1;
scan-time = 60;
temp-histeresys = 3;
}
Declared by:
<nixpkgs/nixos/modules/services/misc/cgminer.nix>
|
services.cgminer.hardware
List of config options for every GPU
Type: list of attribute set of (string or signed integer)
Default:
[ ]
Example:
[
{
gpu-engine = "0-985";
gpu-fan = "0-85";
gpu-memclock = 860;
gpu-powertune = 20;
intensity = 9;
temp-cutoff = 95;
temp-overheat = 85;
temp-target = 75;
}
{
gpu-engine = "0-950";
gpu-fan = "0-85";
gpu-memclock = 825;
gpu-powertune = 20;
intensity = 9;
temp-cutoff = 95;
temp-overheat = 85;
temp-target = 75;
}
]
Declared by:
<nixpkgs/nixos/modules/services/misc/cgminer.nix>
|
services.cgminer.pools
List of pools where to mine
Type: list of attribute set of string
Default:
[ ]
Example:
[
{
password = "X";
url = "http://p2pool.org:9332";
username = "17EUZxTvs9uRmPsjPZSYUU3zCz9iwstudk";
}
]
Declared by:
<nixpkgs/nixos/modules/services/misc/cgminer.nix>
|
services.cgminer.user
User account under which cgminer runs
Type: string
Default:
"cgminer"
Declared by:
<nixpkgs/nixos/modules/services/misc/cgminer.nix>
|
services.changedetection-io.enable
Whether to enable changedetection-io.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/changedetection-io.nix>
|
services.changedetection-io.baseURL
The base url used in notifications and {base_url}
token.
Type: null or string
Default:
null
Example:
"https://changedetection-io.example"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/changedetection-io.nix>
|
services.changedetection-io.behindProxy
Enable this option when changedetection-io runs behind a reverse proxy, so that it trusts X-* headers. It is recommend to run changedetection-io behind a TLS reverse proxy.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/changedetection-io.nix>
|
services.changedetection-io.chromePort
A free port on which webDriverSupport or playwrightSupport listen on localhost.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
4444
Declared by:
<nixpkgs/nixos/modules/services/web-apps/changedetection-io.nix>
|
services.changedetection-io.datastorePath
The directory used to store all data for changedetection-io.
Type: string
Default:
"/var/lib/changedetection-io"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/changedetection-io.nix>
|
services.changedetection-io.environmentFile
Securely pass environment variables to changedetection-io.
This can be used to set for example a frontend password reproducible via SALTED_PASS
which convinetly also deactivates nags about the hosted version.
SALTED_PASS
should be 64 characters long while the first 32 are the salt and the second the frontend password.
It can easily be retrieved from the settings file when first set via the frontend with the following command:
jq -r .settings.application.password /var/lib/changedetection-io/url-watches.json
Type: null or absolute path
Default:
null
Example:
"/run/secrets/changedetection-io.env"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/changedetection-io.nix>
|
services.changedetection-io.group
Group account under which changedetection-io runs.
Type: string
Default:
"changedetection-io"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/changedetection-io.nix>
|
services.changedetection-io.listenAddress
Address the server will listen on.
Type: string
Default:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/changedetection-io.nix>
|
services.changedetection-io.playwrightSupport
Enable support for fetching web pages using playwright and Chromium. This starts a headless Chromium controlled by puppeteer in an oci container.
Playwright can currently leak memory. See https://github.com/dgtlmoon/changedetection.io/wiki/Playwright-content-fetcher#playwright-memory-leak
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/changedetection-io.nix>
|
services.changedetection-io.port
Port the server will listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
5000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/changedetection-io.nix>
|
services.changedetection-io.user
User account under which changedetection-io runs.
Type: string
Default:
"changedetection-io"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/changedetection-io.nix>
|
services.changedetection-io.webDriverSupport
Enable support for fetching web pages using WebDriver and Chromium. This starts a headless chromium controlled by puppeteer in an oci container.
Playwright can currently leak memory. See https://github.com/dgtlmoon/changedetection.io/wiki/Playwright-content-fetcher#playwright-memory-leak
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/changedetection-io.nix>
|
services.charybdis.enable
Whether to enable Charybdis IRC daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/charybdis.nix>
|
services.charybdis.config
Charybdis IRC daemon configuration file.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/charybdis.nix>
|
services.charybdis.group
Charybdis IRC daemon group.
Type: string
Default:
"ircd"
Declared by:
<nixpkgs/nixos/modules/services/networking/charybdis.nix>
|
services.charybdis.motd
Charybdis MOTD text.
Charybdis will read its MOTD from /etc/charybdis/ircd.motd . If set, the value of this option will be written to this path.
Type: null or strings concatenated with “\n”
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/charybdis.nix>
|
services.charybdis.statedir
Location of the state directory of charybdis.
Type: absolute path
Default:
"/var/lib/charybdis"
Declared by:
<nixpkgs/nixos/modules/services/networking/charybdis.nix>
|
services.charybdis.user
Charybdis IRC daemon user.
Type: string
Default:
"ircd"
Declared by:
<nixpkgs/nixos/modules/services/networking/charybdis.nix>
|
services.chatgpt-retrieval-plugin.enable
Whether to enable chatgpt-retrieval-plugin service.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/chatgpt-retrieval-plugin.nix>
|
services.chatgpt-retrieval-plugin.bearerTokenPath
Path to the secret bearer token used for the http api authentication.
Type: absolute path
Default:
""
Example:
"config.age.secrets.CHATGPT_RETRIEVAL_PLUGIN_BEARER_TOKEN.path"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/chatgpt-retrieval-plugin.nix>
|
services.chatgpt-retrieval-plugin.datastore
This specifies the vector database provider you want to use to store and query embeddings.
Type: one of “pinecone”, “weaviate”, “zilliz”, “milvus”, “qdrant”, “redis”
Default:
"qdrant"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/chatgpt-retrieval-plugin.nix>
|
services.chatgpt-retrieval-plugin.host
The hostname or IP address for chatgpt-retrieval-plugin to bind to.
Type: string
Default:
"127.0.0.1"
Example:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/chatgpt-retrieval-plugin.nix>
|
services.chatgpt-retrieval-plugin.openaiApiKeyPath
Path to the secret openai api key used for embeddings.
Type: absolute path
Default:
""
Example:
"config.age.secrets.CHATGPT_RETRIEVAL_PLUGIN_OPENAI_API_KEY.path"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/chatgpt-retrieval-plugin.nix>
|
services.chatgpt-retrieval-plugin.port
Port the chatgpt-retrieval-plugin service listens on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
8080
Declared by:
<nixpkgs/nixos/modules/services/web-apps/chatgpt-retrieval-plugin.nix>
|
services.chatgpt-retrieval-plugin.qdrantCollection
name of the qdrant collection used to store documents.
Type: string
Default:
"document_chunks"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/chatgpt-retrieval-plugin.nix>
|
services.chisel-server.enable
Whether to enable Chisel Tunnel Server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/chisel-server.nix>
|
services.chisel-server.authfile
Path to auth.json file
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/chisel-server.nix>
|
services.chisel-server.backend
HTTP server to proxy normal requests to
Type: null or string
Default:
null
Example:
"http://127.0.0.1:8888"
Declared by:
<nixpkgs/nixos/modules/services/networking/chisel-server.nix>
|
services.chisel-server.host
Address to listen on, falls back to 0.0.0.0
Type: null or string
Default:
null
Example:
"[::1]"
Declared by:
<nixpkgs/nixos/modules/services/networking/chisel-server.nix>
|
services.chisel-server.keepalive
Keepalive interval, falls back to 25s
Type: null or string
Default:
null
Example:
"5s"
Declared by:
<nixpkgs/nixos/modules/services/networking/chisel-server.nix>
|
services.chisel-server.port
Port to listen on, falls back to 8080
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/chisel-server.nix>
|
services.chisel-server.reverse
Allow clients reverse port forwarding
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/chisel-server.nix>
|
services.chisel-server.socks5
Allow clients access to internal SOCKS5 proxy
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/chisel-server.nix>
|
services.chromadb.enable
Whether to enable ChromaDB, an open-source AI application database…
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/databases/chromadb.nix>
|
services.chromadb.package
ChromaDB package to use.
Type: package
Default:
"pkgs.python3Packages.chromadb"
Example:
pkgs.python3Packages.chromadb
Declared by:
<nixpkgs/nixos/modules/services/databases/chromadb.nix>
|
services.chromadb.dbpath
Location where ChromaDB stores its files
Type: string
Default:
"/var/lib/chromadb"
Declared by:
<nixpkgs/nixos/modules/services/databases/chromadb.nix>
|
services.chromadb.host
Defines the IP address by which ChromaDB will be accessible.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/databases/chromadb.nix>
|
services.chromadb.logFile
Specifies the location of file for logging output.
Type: absolute path
Default:
"/var/log/chromadb/chromadb.log"
Declared by:
<nixpkgs/nixos/modules/services/databases/chromadb.nix>
|
services.chromadb.openFirewall
Whether to automatically open the specified TCP port in the firewall.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/chromadb.nix>
|
services.chromadb.port
Defined the port number to listen.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
8000
Declared by:
<nixpkgs/nixos/modules/services/databases/chromadb.nix>
|
services.chrony.enable
Whether to synchronise your machine’s time using chrony. Make sure you disable NTP if you enable this service.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/chrony.nix>
|
services.chrony.enableMemoryLocking
Whether to add the -m
flag to lock memory.
Type: boolean
Default:
"config.environment.memoryAllocator.provider != \"graphene-hardened\" && config.environment.memoryAllocator.provider != \"graphene-hardened-light\""
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/chrony.nix>
|
services.chrony.enableNTS
Whether to enable Network Time Security authentication. Make sure it is supported by your selected NTP server(s).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/chrony.nix>
|
services.chrony.enableRTCTrimming
Enable tracking of the RTC offset to the system clock and automatic trimming.
See also services.chrony.autotrimThreshold
This is not compatible with the rtcsync
directive, which naively syncs the RTC time every 11 minutes.
Tracking the RTC drift will allow more precise timekeeping, especially on intermittently running devices, where the RTC is very relevant.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/chrony.nix>
|
services.chrony.package
The chrony package to use.
Type: package
Default:
pkgs.chrony
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/chrony.nix>
|
services.chrony.autotrimThreshold
Maximum estimated error threshold for the rtcautotrim
command.
When reached, the RTC will be trimmed.
Only used when services.chrony.enableRTCTrimming
is enabled.
Type: positive integer, meaning >0
Default:
30
Example:
10
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/chrony.nix>
|
services.chrony.directory
Directory where chrony state is stored.
Type: string
Default:
"/var/lib/chrony"
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/chrony.nix>
|
services.chrony.extraConfig
Extra configuration directives that should be added to
chrony.conf
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/chrony.nix>
|
services.chrony.extraFlags
Extra flags passed to the chronyd command.
Type: list of string
Default:
[ ]
Example:
[
"-s"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/chrony.nix>
|
services.chrony.initstepslew.enabled
Allow chronyd to make a rapid measurement of the system clock error at boot time, and to correct the system clock by stepping before normal operation begins.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/chrony.nix>
|
services.chrony.initstepslew.threshold
The threshold of system clock error (in seconds) above which the clock will be stepped. If the correction required is less than the threshold, a slew is used instead.
Type: floating point number or signed integer
Default:
1000
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/chrony.nix>
|
services.chrony.serverOption
Set option for server directives.
Use “iburst” to rapidly poll on startup. Recommended if your machine is consistently online.
Use “offline” to prevent polling on startup. Recommended if your machine boots offline or is otherwise frequently offline.
Type: one of “iburst”, “offline”
Default:
"iburst"
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/chrony.nix>
|
services.chrony.servers
The set of NTP servers from which to synchronise.
Type: list of string
Default:
config.networking.timeServers
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/chrony.nix>
|
services.cinnamon.apps.enable
Whether to enable Cinnamon default applications.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/cinnamon.nix>
|
services.cjdns.enable
Whether to enable the cjdns network encryption and routing engine. A file at /etc/cjdns.keys will be created if it does not exist to contain a random secret key that your IPv6 address will be derived from.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.ETHInterface.beacon
Auto-connect to other cjdns nodes on the same network. Options: 0: Disabled. 1: Accept beacons, this will cause cjdns to accept incoming beacon messages and try connecting to the sender. 2: Accept and send beacons, this will cause cjdns to broadcast messages on the local network which contain a randomly generated per-session password, other nodes which have this set to 1 or 2 will hear the beacon messages and connect automatically.
Type: signed integer
Default:
2
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.ETHInterface.bind
Bind to this device for native ethernet operation.
all
is a pseudo-name which will try to connect to all devices.
Type: string
Default:
""
Example:
"eth0"
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.ETHInterface.connectTo
Credentials for connecting look similar to UDP credientials except they begin with the mac address.
Type: attribute set of (submodule)
Default:
{ }
Example:
{
"01:02:03:04:05:06" = {
hostname = "homer.hype";
password = "5kG15EfpdcKNX3f2GSQ0H1HC7yIfxoCoImnO5FHM";
publicKey = "371zpkgs8ss387tmr81q04mp0hg1skb51hw34vk1cq644mjqhup0.k";
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.ETHInterface.connectTo.<name>.hostname
Optional hostname to add to /etc/hosts; prevents reverse lookup failures.
Type: string
Default:
""
Example:
"foobar.hype"
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.ETHInterface.connectTo.<name>.login
(optional) name your peer has for you
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.ETHInterface.connectTo.<name>.password
Authorized password to the opposite end of the tunnel.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.ETHInterface.connectTo.<name>.peerName
(optional) human-readable name for peer
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.ETHInterface.connectTo.<name>.publicKey
Public key at the opposite end of the tunnel.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.UDPInterface.bind
Address and port to bind UDP tunnels to.
Type: string
Default:
""
Example:
"192.168.1.32:43211"
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.UDPInterface.connectTo
Credentials for making UDP tunnels.
Type: attribute set of (submodule)
Default:
{ }
Example:
{
"192.168.1.1:27313" = {
hostname = "homer.hype";
password = "5kG15EfpdcKNX3f2GSQ0H1HC7yIfxoCoImnO5FHM";
publicKey = "371zpkgs8ss387tmr81q04mp0hg1skb51hw34vk1cq644mjqhup0.k";
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.UDPInterface.connectTo.<name>.hostname
Optional hostname to add to /etc/hosts; prevents reverse lookup failures.
Type: string
Default:
""
Example:
"foobar.hype"
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.UDPInterface.connectTo.<name>.login
(optional) name your peer has for you
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.UDPInterface.connectTo.<name>.password
Authorized password to the opposite end of the tunnel.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.UDPInterface.connectTo.<name>.peerName
(optional) human-readable name for peer
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.UDPInterface.connectTo.<name>.publicKey
Public key at the opposite end of the tunnel.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.addExtraHosts
Whether to add cjdns peers with an associated hostname to
/etc/hosts
. Beware that enabling this
incurs heavy eval-time costs.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.admin.bind
Bind the administration port to this address and port.
Type: string
Default:
"127.0.0.1:11234"
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.authorizedPasswords
Any remote cjdns nodes that offer these passwords on connection will be allowed to route through this node.
Type: list of string
Default:
[ ]
Example:
[
"snyrfgkqsc98qh1y4s5hbu0j57xw5s0"
"z9md3t4p45mfrjzdjurxn4wuj0d8swv"
"49275fut6tmzu354pq70sr5b95qq0vj"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.confFile
Ignore all other cjdns options and load configuration from this file.
Type: null or absolute path
Default:
null
Example:
"/etc/cjdroute.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.extraConfig
Extra configuration, given as attrs, that will be merged recursively with the rest of the JSON generated by this module, at the root node.
Type: attribute set
Default:
{ }
Example:
{
router = {
interface = {
tunDevice = "tun10";
};
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.clamav.package
The clamav package to use.
Type: package
Default:
pkgs.clamav
Declared by:
<nixpkgs/nixos/modules/services/security/clamav.nix>
|
services.clamav.daemon.enable
Whether to enable ClamAV clamd daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/security/clamav.nix>
|
services.clamav.daemon.settings
ClamAV configuration. Refer to https://linux.die.net/man/5/clamd.conf, for details on supported values.
Type: attribute set of (boolean or signed integer or string or list of string)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/security/clamav.nix>
|
services.clamav.fangfrisch.enable
Whether to enable ClamAV fangfrisch updater.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/security/clamav.nix>
|
services.clamav.fangfrisch.interval
How often freshclam is invoked. See systemd.time(7) for more information about the format.
Type: string
Default:
"hourly"
Declared by:
<nixpkgs/nixos/modules/services/security/clamav.nix>
|
services.clamav.fangfrisch.settings
fangfrisch configuration. Refer to https://rseichter.github.io/fangfrisch/#_configuration, for details on supported values. Note that by default urlhaus and sanesecurity are enabled.
Type: attribute set of attribute set of (string or signed integer or boolean)
Default:
{ }
Example:
{
securiteinfo = {
customer_id = "your customer_id";
enabled = "yes";
};
}
Declared by:
<nixpkgs/nixos/modules/services/security/clamav.nix>
|
services.clamav.scanner.enable
Whether to enable ClamAV scanner.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/security/clamav.nix>
|
services.clamav.scanner.interval
How often clamdscan is invoked. See systemd.time(7) for more information about the format. By default this runs using 10 cores at most, be sure to run it at a time of low traffic.
Type: string
Default:
"*-*-* 04:00:00"
Declared by:
<nixpkgs/nixos/modules/services/security/clamav.nix>
|
services.clamav.scanner.scanDirectories
List of directories to scan. The default includes everything I could think of that is valid for nixos. Feel free to contribute a PR to add to the default if you see something missing.
Type: list of string
Default:
[
"/home"
"/var/lib"
"/tmp"
"/etc"
"/var/tmp"
]
Declared by:
<nixpkgs/nixos/modules/services/security/clamav.nix>
|
services.clamav.updater.enable
Whether to enable ClamAV freshclam updater.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/security/clamav.nix>
|
services.clamav.updater.frequency
Number of database checks per day.
Type: signed integer
Default:
12
Declared by:
<nixpkgs/nixos/modules/services/security/clamav.nix>
|
services.clamav.updater.interval
How often freshclam is invoked. See systemd.time(7) for more information about the format.
Type: string
Default:
"hourly"
Declared by:
<nixpkgs/nixos/modules/services/security/clamav.nix>
|
services.clamav.updater.settings
freshclam configuration. Refer to https://linux.die.net/man/5/freshclam.conf, for details on supported values.
Type: attribute set of (boolean or signed integer or string or list of string)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/security/clamav.nix>
|
services.clamsmtp.enable
Whether to enable clamsmtp.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
|
services.clamsmtp.instances
Instances of clamsmtp to run.
Type: list of (submodule)
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
|
services.clamsmtp.instances.*.action
Action to take when a virus is detected.
Note that viruses often spoof sender addresses, so bouncing is in most cases not a good idea.
Type: one of “bounce”, “drop”, “pass”
Default:
"drop"
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
|
services.clamsmtp.instances.*.header
A header to add to scanned messages. See clamsmtpd.conf(5) for more details. Empty means no header.
Type: string
Default:
""
Example:
"X-Virus-Scanned: ClamAV using ClamSMTP"
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
|
services.clamsmtp.instances.*.keepAlives
Number of seconds to wait between each NOOP sent to the sending server. 0 to disable.
This is meant for slow servers where the sending MTA times out waiting for clamd to scan the file.
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
|
services.clamsmtp.instances.*.listen
Address to wait for incoming SMTP connections on. See clamsmtpd.conf(5) for more details.
Type: string
Example:
"127.0.0.1:10025"
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
|
services.clamsmtp.instances.*.maxConnections
Maximum number of connections to accept at once.
Type: signed integer
Default:
64
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
|
services.clamsmtp.instances.*.outAddress
Address of the SMTP server to send email to once it has been scanned.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
|
services.clamsmtp.instances.*.quarantine
Whether to quarantine files that contain viruses by leaving them in the temporary directory.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
|
services.clamsmtp.instances.*.tempDirectory
Temporary directory that needs to be accessible to both clamd and clamsmtpd.
Type: string
Default:
"/tmp"
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
|
services.clamsmtp.instances.*.timeout
Time-out for network connections.
Type: signed integer
Default:
180
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
|
services.clamsmtp.instances.*.transparentProxy
Enable clamsmtp’s transparent proxy support.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
|
services.clamsmtp.instances.*.virusAction
Command to run when a virus is found. Please see VIRUS ACTION in clamsmtpd(8) for a discussion of this option and its safe use.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
|
services.clamsmtp.instances.*.xClient
Send the XCLIENT command to the receiving server, for forwarding client addresses and connection information if the receiving server supports this feature.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
|
services.clatd.enable
Whether to enable clatd.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/clatd.nix>
|
services.clatd.enableNetworkManagerIntegration
Whether to enable NetworkManager integration.
Type: boolean
Default:
"config.networking.networkmanager.enable"
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/clatd.nix>
|
services.clatd.package
The clatd package to use.
Type: package
Default:
pkgs.clatd
Declared by:
<nixpkgs/nixos/modules/services/networking/clatd.nix>
|
services.clatd.settings
Configuration of clatd. See clatd Documentation.
Type: attribute set of (atom (null, bool, int, float or string))
Default:
{ }
Example:
{
plat-prefix = "64:ff9b::/96";
}
Declared by:
<nixpkgs/nixos/modules/services/networking/clatd.nix>
|
services.clickhouse.enable
Whether to enable ClickHouse database server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/databases/clickhouse.nix>
|
services.clickhouse.package
The clickhouse package to use.
Type: package
Default:
pkgs.clickhouse
Declared by:
<nixpkgs/nixos/modules/services/databases/clickhouse.nix>
|
services.clight.enable
Whether to enable clight.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/clight.nix>
|
services.clight.settings
Additional configuration to extend clight.conf. See https://github.com/FedeDP/Clight/blob/master/Extra/clight.conf for a sample configuration file.
Type: attribute set of (null or signed integer or string or boolean or floating point number or list of (signed integer or string or boolean or floating point number) or attribute set of (signed integer or string or boolean or floating point number or list of (signed integer or string or boolean or floating point number)))
Default:
{ }
Example:
{
ac_capture_timeouts = [
120
300
60
];
captures = 20;
gamma_long_transition = true;
}
Declared by:
<nixpkgs/nixos/modules/services/x11/clight.nix>
|
services.clight.temperature.day
Colour temperature to use during the day, between
1000
and 25000
K.
Type: signed integer
Default:
5500
Declared by:
<nixpkgs/nixos/modules/services/x11/clight.nix>
|
services.clight.temperature.night
Colour temperature to use at night, between
1000
and 25000
K.
Type: signed integer
Default:
3700
Declared by:
<nixpkgs/nixos/modules/services/x11/clight.nix>
|
services.clipcat.enable
Whether to enable Clipcat clipboard daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/clipcat.nix>
|
services.clipcat.package
The clipcat package to use.
Type: package
Default:
pkgs.clipcat
Declared by:
<nixpkgs/nixos/modules/services/misc/clipcat.nix>
|
services.clipmenu.enable
Whether to enable clipmenu, the clipboard management daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/clipmenu.nix>
|
services.clipmenu.package
The clipmenu package to use.
Type: package
Default:
pkgs.clipmenu
Declared by:
<nixpkgs/nixos/modules/services/misc/clipmenu.nix>
|
services.cloud-init.enable
Enable the cloud-init service. This services reads configuration metadata in a cloud environment and configures the machine according to this metadata.
This configuration is not completely compatible with the NixOS way of doing configuration, as configuration done by cloud-init might be overridden by a subsequent nixos-rebuild call. However, some parts of cloud-init fall outside of NixOS’s responsibility, like filesystem resizing and ssh public key provisioning, and cloud-init is useful for that parts. Thus, be wary that using cloud-init in NixOS might come as some cost.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/system/cloud-init.nix>
|
services.cloud-init.btrfs.enable
Allow the cloud-init service to operate btrfs
filesystem.
Type: boolean
Default:
hasFs "btrfs"
Declared by:
<nixpkgs/nixos/modules/services/system/cloud-init.nix>
|
services.cloud-init.config
raw cloud-init configuration.
Takes precedence over the settings
option if set.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/system/cloud-init.nix>
|
services.cloud-init.ext4.enable
Allow the cloud-init service to operate ext4
filesystem.
Type: boolean
Default:
hasFs "ext4"
Declared by:
<nixpkgs/nixos/modules/services/system/cloud-init.nix>
|
services.cloud-init.extraPackages
List of additional packages to be available within cloud-init jobs.
Type: list of package
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/system/cloud-init.nix>
|
services.cloud-init.network.enable
Allow the cloud-init service to configure network interfaces through systemd-networkd.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/system/cloud-init.nix>
|
services.cloud-init.settings
Structured cloud-init configuration.
Type: YAML value
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/system/cloud-init.nix>
|
services.cloud-init.xfs.enable
Allow the cloud-init service to operate xfs
filesystem.
Type: boolean
Default:
hasFs "xfs"
Declared by:
<nixpkgs/nixos/modules/services/system/cloud-init.nix>
|
services.cloudflare-dyndns.enable
Whether to enable Cloudflare Dynamic DNS Client.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflare-dyndns.nix>
|
services.cloudflare-dyndns.package
The cloudflare-dyndns package to use.
Type: package
Default:
pkgs.cloudflare-dyndns
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflare-dyndns.nix>
|
services.cloudflare-dyndns.apiTokenFile
The path to a file containing the CloudFlare API token.
The file must have the form CLOUDFLARE_API_TOKEN=...
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflare-dyndns.nix>
|
services.cloudflare-dyndns.deleteMissing
Whether to delete the record when no IP address is found.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflare-dyndns.nix>
|
services.cloudflare-dyndns.domains
List of domain names to update records for.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflare-dyndns.nix>
|
services.cloudflare-dyndns.frequency
Run cloudflare-dyndns with the given frequency (see systemd.time(7) for the format). If null, do not run automatically.
Type: null or string
Default:
"*:0/5"
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflare-dyndns.nix>
|
services.cloudflare-dyndns.ipv4
Whether to enable setting IPv4 A records.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflare-dyndns.nix>
|
services.cloudflare-dyndns.ipv6
Whether to enable setting IPv6 AAAA records.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflare-dyndns.nix>
|
services.cloudflare-dyndns.proxied
Whether this is a DNS-only record, or also being proxied through CloudFlare.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflare-dyndns.nix>
|
services.cloudflare-warp.enable
Whether to enable Cloudflare Zero Trust client daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflare-warp.nix>
|
services.cloudflare-warp.package
The cloudflare-warp package to use.
Type: package
Default:
pkgs.cloudflare-warp
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflare-warp.nix>
|
services.cloudflare-warp.openFirewall
Whether to enable opening UDP ports in the firewall.
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflare-warp.nix>
|
services.cloudflare-warp.rootDir
Working directory for the warp-svc daemon.
Type: string
Default:
"/var/lib/cloudflare-warp"
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflare-warp.nix>
|
services.cloudflare-warp.udpPort
The UDP port to open in the firewall. Warp uses port 2408 by default, but fallback ports can be used if that conflicts with another service. See the firewall documentation for the pre-configured available fallback ports.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
2408
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflare-warp.nix>
|
services.cloudflared.enable
Whether to enable Cloudflare Tunnel client daemon (formerly Argo Tunnel).
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflared.nix>
|
services.cloudflared.package
The cloudflared package to use.
Type: package
Default:
pkgs.cloudflared
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflared.nix>
|
services.cloudflared.certificateFile
Account certificate file, necessary to create, delete and manage tunnels. It can be obtained by running cloudflared login
.
Note that this is necessary for a fully declarative set up, as routes can not otherwise be created outside of the Cloudflare interface.
See Cert.pem for information about the file, and Tunnel permissions for a comparison between the account certificate and the tunnel credentials file.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflared.nix>
|
services.cloudflared.tunnels
Cloudflare tunnels.
Type: attribute set of (submodule)
Default:
{ }
Example:
{
"00000000-0000-0000-0000-000000000000" = {
credentialsFile = "/tmp/test";
default = "http_status:404";
ingress = {
"*.domain1.com" = {
service = "http://localhost:80";
};
};
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflared.nix>
|
services.cloudflared.tunnels.<name>.certificateFile
Account certificate file, necessary to create, delete and manage tunnels. It can be obtained by running cloudflared login
.
Note that this is necessary for a fully declarative set up, as routes can not otherwise be created outside of the Cloudflare interface.
See Cert.pem for information about the file, and Tunnel permissions for a comparison between the account certificate and the tunnel credentials file.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflared.nix>
|
services.cloudflared.tunnels.<name>.credentialsFile
Credential file.
See Credentials file.
Type: absolute path
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflared.nix>
|
services.cloudflared.tunnels.<name>.default
Catch-all service if no ingress matches.
See service
.
Type: string
Example:
"http_status:404"
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflared.nix>
|
services.cloudflared.tunnels.<name>.ingress
Ingress rules.
See Ingress rules.
Type: attribute set of (string or (submodule))
Default:
{ }
Example:
{
"*.anotherone.com" = "http://localhost:80";
"*.domain.com" = "http://localhost:80";
}
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflared.nix>
|
services.cloudflared.tunnels.<name>.originRequest.caPool
Path to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.
Type: null or string or absolute path
Default:
null
Example:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflared.nix>
|
services.cloudflared.tunnels.<name>.originRequest.connectTimeout
Timeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by tlsTimeout.
Type: null or string
Default:
null
Example:
"30s"
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflared.nix>
|
services.cloudflared.tunnels.<name>.originRequest.disableChunkedEncoding
Disables chunked transfer encoding. Useful if you are running a WSGI server.
Type: null or boolean
Default:
null
Example:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflared.nix>
|
services.cloudflared.tunnels.<name>.originRequest.httpHostHeader
Sets the HTTP Host
header on requests sent to the local service.
Type: null or string
Default:
null
Example:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflared.nix>
|
services.cloudflared.tunnels.<name>.originRequest.keepAliveConnections
Maximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.
Type: null or signed integer
Default:
null
Example:
100
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflared.nix>
|
services.cloudflared.tunnels.<name>.originRequest.keepAliveTimeout
Timeout after which an idle keepalive connection can be discarded.
Type: null or string
Default:
null
Example:
"1m30s"
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflared.nix>
|
services.cloudflared.tunnels.<name>.originRequest.noHappyEyeballs
Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.
Type: null or boolean
Default:
null
Example:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflared.nix>
|
services.cloudflared.tunnels.<name>.originRequest.noTLSVerify
Disables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.
Type: null or boolean
Default:
null
Example:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflared.nix>
|
services.cloudflared.tunnels.<name>.originRequest.originServerName
Hostname that cloudflared
should expect from your origin server certificate.
Type: null or string
Default:
null
Example:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflared.nix>
|
services.cloudflared.tunnels.<name>.originRequest.proxyAddress
cloudflared
starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures the listen address for that proxy.
Type: null or string
Default:
null
Example:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflared.nix>
|
services.cloudflared.tunnels.<name>.originRequest.proxyPort
cloudflared
starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures the listen port for that proxy. If set to zero, an unused port will randomly be chosen.
Type: null or signed integer
Default:
null
Example:
0
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflared.nix>
|
services.cloudflared.tunnels.<name>.originRequest.proxyType
cloudflared
starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are:
""
for the regular proxy
"socks"
for a SOCKS5 proxy. Refer to the tutorial on connecting through Cloudflare Access using kubectl for more information.
Type: null or one of “”, “socks”
Default:
null
Example:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflared.nix>
|
services.cloudflared.tunnels.<name>.originRequest.tcpKeepAlive
The timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.
Type: null or string
Default:
null
Example:
"30s"
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflared.nix>
|
services.cloudflared.tunnels.<name>.originRequest.tlsTimeout
Timeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.
Type: null or string
Default:
null
Example:
"10s"
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflared.nix>
|
services.cloudflared.tunnels.<name>.warp-routing.enabled
Enable warp routing.
See Connect from WARP to a private network on Cloudflare using Cloudflare Tunnel.
Type: null or boolean
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflared.nix>
|
services.cloudlog.enable
Whether to enable Cloudlog.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/cloudlog.nix>
|
services.cloudlog.baseUrl
Cloudlog base URL
Type: string
Default:
"http://localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/cloudlog.nix>
|
services.cloudlog.dataDir
Cloudlog data directory.
Type: string
Default:
"/var/lib/cloudlog"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/cloudlog.nix>
|
services.cloudlog.database.createLocally
Create the database and database user locally.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/cloudlog.nix>
|
services.cloudlog.database.host
MySQL database host
Type: string
Default:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/cloudlog.nix>
|
services.cloudlog.database.name
MySQL database name.
Type: string
Default:
"cloudlog"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/cloudlog.nix>
|
services.cloudlog.database.passwordFile
MySQL user password file.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/cloudlog.nix>
|
services.cloudlog.database.user
MySQL user name.
Type: string
Default:
"cloudlog"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/cloudlog.nix>
|
services.cloudlog.extraConfig
Any additional text to be appended to the config.php configuration file. This is a PHP script. For configuration settings, see https://github.com/magicbug/Cloudlog/wiki/Cloudlog.php-Configuration-File.
Type: string
Default:
""
Example:
''
$config['show_time'] = TRUE;
''
Declared by:
<nixpkgs/nixos/modules/services/web-apps/cloudlog.nix>
|
services.cloudlog.poolConfig
Options for Cloudlog’s PHP-FPM pool.
Type: attribute set of (string or signed integer or boolean)
Default:
{
pm = "dynamic";
"pm.max_children" = 32;
"pm.max_requests" = 500;
"pm.max_spare_servers" = 4;
"pm.min_spare_servers" = 2;
"pm.start_servers" = 2;
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/cloudlog.nix>
|
services.cloudlog.update-clublog-scp.enable
Whether to periodically update the Clublog SCP database. If enabled, a systemd timer will run the update task as specified by the interval option.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/cloudlog.nix>
|
services.cloudlog.update-clublog-scp.interval
Specification (in the format described by systemd.time(7)) of the time at which the Clublog SCP update will occur.
Type: string
Default:
"monthly"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/cloudlog.nix>
|
services.cloudlog.update-dok.enable
Whether to periodically update the DOK resource file. If enabled, a systemd timer will run the update task as specified by the interval option.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/cloudlog.nix>
|
services.cloudlog.update-dok.interval
Specification (in the format described by systemd.time(7)) of the time at which the DOK update will occur.
Type: string
Default:
"monthly"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/cloudlog.nix>
|
services.cloudlog.update-lotw-users.enable
Whether to periodically update the list of LoTW users. If enabled, a systemd timer will run the update task as specified by the interval option.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/cloudlog.nix>
|
services.cloudlog.update-lotw-users.interval
Specification (in the format described by systemd.time(7)) of the time at which the LoTW user update will occur.
Type: string
Default:
"weekly"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/cloudlog.nix>
|
services.cloudlog.update-sota.enable
Whether to periodically update the SOTA database. If enabled, a systemd timer will run the update task as specified by the interval option.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/cloudlog.nix>
|
services.cloudlog.update-sota.interval
Specification (in the format described by systemd.time(7)) of the time at which the SOTA update will occur.
Type: string
Default:
"monthly"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/cloudlog.nix>
|
services.cloudlog.update-wwff.enable
Whether to periodically update the WWFF database. If enabled, a systemd timer will run the update task as specified by the interval option.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/cloudlog.nix>
|
services.cloudlog.update-wwff.interval
Specification (in the format described by systemd.time(7)) of the time at which the WWFF update will occur.
Type: string
Default:
"monthly"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/cloudlog.nix>
|
services.cloudlog.upload-clublog.enable
Whether to periodically upload logs to Clublog. If enabled, a systemd timer will run the log upload task as specified by the interval option.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/cloudlog.nix>
|
services.cloudlog.upload-clublog.interval
Specification (in the format described by systemd.time(7)) of the time at which the Clublog upload will occur.
Type: string
Default:
"daily"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/cloudlog.nix>
|
services.cloudlog.upload-lotw.enable
Whether to periodically upload logs to LoTW. If enabled, a systemd timer will run the log upload task as specified by the interval option.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/cloudlog.nix>
|
services.cloudlog.upload-lotw.interval
Specification (in the format described by systemd.time(7)) of the time at which the LoTW upload will occur.
Type: string
Default:
"daily"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/cloudlog.nix>
|
services.cloudlog.upload-qrz.enable
Whether to periodically upload logs to QRZ. If enabled, a systemd timer will run the update task as specified by the interval option.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/cloudlog.nix>
|
services.cloudlog.upload-qrz.interval
Specification (in the format described by systemd.time(7)) of the time at which the QRZ upload will occur.
Type: string
Default:
"daily"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/cloudlog.nix>
|
services.cloudlog.user
User account under which Cloudlog runs.
Type: string
Default:
"cloudlog"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/cloudlog.nix>
|
services.cloudlog.virtualHost
Name of the nginx virtualhost to use and setup. If null, do not setup any virtualhost.
Type: null or string
Default:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/cloudlog.nix>
|
services.cntlm.enable
Whether to enable cntlm, which starts a local proxy.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
|
services.cntlm.configText
Verbatim contents of cntlm.conf
.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
|
services.cntlm.domain
Proxy account domain/workgroup name.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
|
services.cntlm.extraConfig
Additional config appended to the end of the generated cntlm.conf
.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
|
services.cntlm.netbios_hostname
The hostname of your machine.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
|
services.cntlm.noproxy
A list of domains where the proxy is skipped.
Type: list of string
Default:
[ ]
Example:
[
"*.example.com"
"example.com"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
|
services.cntlm.password
Proxy account password. Note: use chmod 0600 on /etc/cntlm.password for security.
Type: string
Default:
"/etc/cntlm.password"
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
|
services.cntlm.port
Specifies on which ports the cntlm daemon listens.
Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
[
3128
]
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
|
services.cntlm.proxy
A list of NTLM/NTLMv2 authenticating HTTP proxies.
Parent proxy, which requires authentication. The same as proxy on the command-line, can be used more than once to specify unlimited number of proxies. Should one proxy fail, cntlm automatically moves on to the next one. The connect request fails only if the whole list of proxies is scanned and (for each request) and found to be invalid. Command-line takes precedence over the configuration file.
Type: list of string
Example:
[
"proxy.example.com:81"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
|
services.cntlm.username
Proxy account name, without the possibility to include domain name (‘at’ sign is interpreted literally).
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
|
services.cockpit.enable
Whether to enable Cockpit.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cockpit.nix>
|
services.cockpit.package
The Cockpit package to use.
Type: package
Default:
pkgs.cockpit
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cockpit.nix>
|
services.cockpit.openFirewall
Open port for cockpit.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cockpit.nix>
|
services.cockpit.port
Port where cockpit will listen.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
9090
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cockpit.nix>
|
services.cockpit.settings
Settings for cockpit that will be saved in /etc/cockpit/cockpit.conf.
See the documentation, that is also available with man cockpit.conf.5
for details.
Type: attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cockpit.nix>
|
services.cockroachdb.enable
Whether to enable CockroachDB Server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/databases/cockroachdb.nix>
|
services.cockroachdb.package
The cockroachdb package to use. This would primarily be useful to enable Enterprise Edition features in your own custom CockroachDB build (Nixpkgs CockroachDB binaries only contain open source features and open source code).
Type: package
Default:
pkgs.cockroachdb
Declared by:
<nixpkgs/nixos/modules/services/databases/cockroachdb.nix>
|
services.cockroachdb.cache
The total size for caches.
This can be a percentage, expressed with a fraction sign or as a
decimal-point number, or any bytes-based unit. For example,
"25%"
, "0.25"
both represent
25% of the available system memory. The values
"1000000000"
and "1GB"
both
represent 1 gigabyte of memory.
Type: string
Default:
"25%"
Declared by:
<nixpkgs/nixos/modules/services/databases/cockroachdb.nix>
|
services.cockroachdb.certsDir
The path to the certificate directory.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/databases/cockroachdb.nix>
|
services.cockroachdb.extraArgs
Extra CLI arguments passed to cockroach start. For the full list of supported arguments, check https://www.cockroachlabs.com/docs/stable/cockroach-start.html#flags
Type: list of string
Default:
[ ]
Example:
[
"--advertise-addr"
"[fe80::f6f2:::]"
]
Declared by:
<nixpkgs/nixos/modules/services/databases/cockroachdb.nix>
|
services.cockroachdb.group
User account under which CockroachDB runs
Type: string
Default:
"cockroachdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/cockroachdb.nix>
|
services.cockroachdb.http.address
Address to bind to for http-based Admin UI
Type: string
Default:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/databases/cockroachdb.nix>
|
services.cockroachdb.http.port
Port to bind to for http-based Admin UI
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
8080
Declared by:
<nixpkgs/nixos/modules/services/databases/cockroachdb.nix>
|
services.cockroachdb.insecure
Run in insecure mode.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/cockroachdb.nix>
|
services.cockroachdb.join
The addresses for connecting the node to a cluster.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/databases/cockroachdb.nix>
|
services.cockroachdb.listen.address
Address to bind to for intra-cluster communication
Type: string
Default:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/databases/cockroachdb.nix>
|
services.cockroachdb.listen.port
Port to bind to for intra-cluster communication
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
26257
Declared by:
<nixpkgs/nixos/modules/services/databases/cockroachdb.nix>
|
services.cockroachdb.locality
An ordered, comma-separated list of key-value pairs that describe the topography of the machine. Topography might include country, datacenter or rack designations. Data is automatically replicated to maximize diversities of each tier. The order of tiers is used to determine the priority of the diversity, so the more inclusive localities like country should come before less inclusive localities like datacenter. The tiers and order must be the same on all nodes. Including more tiers is better than including fewer. For example:
country=us,region=us-west,datacenter=us-west-1b,rack=12
country=ca,region=ca-east,datacenter=ca-east-2,rack=4
planet=earth,province=manitoba,colo=secondary,power=3
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/databases/cockroachdb.nix>
|
services.cockroachdb.maxSqlMemory
The maximum in-memory storage capacity available to store temporary data for SQL queries.
This can be a percentage, expressed with a fraction sign or as a
decimal-point number, or any bytes-based unit. For example,
"25%"
, "0.25"
both represent
25% of the available system memory. The values
"1000000000"
and "1GB"
both
represent 1 gigabyte of memory.
Type: string
Default:
"25%"
Declared by:
<nixpkgs/nixos/modules/services/databases/cockroachdb.nix>
|
services.cockroachdb.openPorts
Open firewall ports for cluster communication by default
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/databases/cockroachdb.nix>
|
services.cockroachdb.user
User account under which CockroachDB runs
Type: string
Default:
"cockroachdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/cockroachdb.nix>
|
services.code-server.enable
Whether to enable code-server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/code-server.nix>
|
services.code-server.package
The code-server package to use.
Type: package
Default:
pkgs.code-server
Example:
pkgs.vscode-with-extensions.override {
vscode = pkgs.code-server;
vscodeExtensions = with pkgs.vscode-extensions; [
bbenoist.nix
dracula-theme.theme-dracula
];
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/code-server.nix>
|
services.code-server.auth
The type of authentication to use.
Type: one of “none”, “password”
Default:
"password"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/code-server.nix>
|
services.code-server.disableFileDownloads
Disable file downloads from Code.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/code-server.nix>
|
services.code-server.disableGettingStartedOverride
Disable the coder/coder override in the Help: Getting Started page.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/code-server.nix>
|
services.code-server.disableTelemetry
Disable telemetry.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/code-server.nix>
|
services.code-server.disableUpdateCheck
Disable update check. Without this flag, code-server checks every 6 hours against the latest github release and then notifies you once every week that a new release is available.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/code-server.nix>
|
services.code-server.disableWorkspaceTrust
Disable Workspace Trust feature.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/code-server.nix>
|
services.code-server.extensionsDir
Path to the extensions directory.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/code-server.nix>
|
services.code-server.extraArguments
Additional arguments to pass to code-server.
Type: list of string
Default:
[ ]
Example:
[ "--log=info" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/code-server.nix>
|
services.code-server.extraEnvironment
Additional environment variables to pass to code-server.
Type: attribute set of string
Default:
{ }
Example:
{
PKG_CONFIG_PATH = "/run/current-system/sw/lib/pkgconfig";
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/code-server.nix>
|
services.code-server.extraGroups
An array of additional groups for the code-server
user.
Type: list of string
Default:
[ ]
Example:
[
"docker"
]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/code-server.nix>
|
services.code-server.extraPackages
Additional packages to add to the code-server PATH
.
Type: list of package
Default:
[ ]
Example:
[ pkgs.go ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/code-server.nix>
|
services.code-server.group
The group to run code-server under.
By default, a group named code-server
will be created.
Type: string
Default:
"code-server"
Example:
"yourGroup"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/code-server.nix>
|
services.code-server.hashedPassword
Create the password with: echo -n 'thisismypassword' | npx argon2-cli -e
.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/code-server.nix>
|
services.code-server.host
The host name or IP address the server should listen to.
Type: string
Default:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/code-server.nix>
|
services.code-server.port
The port the server should listen to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
4444
Declared by:
<nixpkgs/nixos/modules/services/web-apps/code-server.nix>
|
services.code-server.proxyDomain
Domain used for proxying ports.
Type: null or string
Default:
null
Example:
"code-server.lan"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/code-server.nix>
|
services.code-server.socket
Path to a socket (bind-addr will be ignored).
Type: null or string
Default:
null
Example:
"/run/code-server/socket"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/code-server.nix>
|
services.code-server.socketMode
File mode of the socket.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/code-server.nix>
|
services.code-server.user
The user to run code-server as.
By default, a user named code-server
will be created.
Type: string
Default:
"code-server"
Example:
"yourUser"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/code-server.nix>
|
services.code-server.userDataDir
Path to the user data directory.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/code-server.nix>
|
services.coder.enable
Whether to enable Coder service.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/coder.nix>
|
services.coder.package
The coder package to use.
Type: package
Default:
pkgs.coder
Declared by:
<nixpkgs/nixos/modules/services/web-apps/coder.nix>
|
services.coder.accessUrl
Access URL should be a external IP address or domain with DNS records pointing to Coder.
Type: null or string
Default:
null
Example:
"https://coder.example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/coder.nix>
|
services.coder.database.createLocally
Create the database and database user locally.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/coder.nix>
|
services.coder.database.database
Name of database.
Type: string
Default:
"coder"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/coder.nix>
|
services.coder.database.host
Hostname hosting the database.
Type: string
Default:
"/run/postgresql"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/coder.nix>
|
services.coder.database.password
Password for accessing the database.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/coder.nix>
|
services.coder.database.sslmode
Password for accessing the database.
Type: null or string
Default:
"disable"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/coder.nix>
|
services.coder.database.username
Username for accessing the database.
Type: string
Default:
"coder"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/coder.nix>
|
services.coder.environment.extra
Extra environment variables to pass run Coder’s server with. See Coder documentation.
Type: attribute set
Default:
{ }
Example:
{
CODER_OAUTH2_GITHUB_ALLOWED_ORGS = "your-org";
CODER_OAUTH2_GITHUB_ALLOW_SIGNUPS = true;
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/coder.nix>
|
services.coder.environment.file
Systemd environment file to add to Coder.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/coder.nix>
|
services.coder.group
Group under which the coder service runs.
If left as the default value this group will automatically be created on system activation, otherwise it needs to be configured manually.
Type: string
Default:
"coder"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/coder.nix>
|
services.coder.homeDir
Home directory for coder user.
Type: string
Default:
"/var/lib/coder"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/coder.nix>
|
services.coder.listenAddress
Listen address.
Type: string
Default:
"127.0.0.1:3000"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/coder.nix>
|
services.coder.tlsCert
The path to the TLS certificate.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/coder.nix>
|
services.coder.tlsKey
The path to the TLS key.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/coder.nix>
|
services.coder.user
User under which the coder service runs.
If left as the default value this user will automatically be created on system activation, otherwise it needs to be configured manually.
Type: string
Default:
"coder"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/coder.nix>
|
services.coder.wildcardAccessUrl
If you are providing TLS certificates directly to the Coder server, you must use a single certificate for the root and wildcard domains.
Type: null or string
Default:
null
Example:
"*.coder.example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/coder.nix>
|
services.collabora-online.enable
Whether to enable collabora-online.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/collabora-online.nix>
|
services.collabora-online.package
The Collabora Online package to use.
Type: package
Default:
pkgs.collabora-online
Declared by:
<nixpkgs/nixos/modules/services/web-apps/collabora-online.nix>
|
services.collabora-online.aliasGroups
Alias groups to use.
Type: list of (submodule)
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/collabora-online.nix>
|
services.collabora-online.aliasGroups.*.aliases
A list of regex pattern of aliasname.
Type: list of string
Default:
[ ]
Example:
[
"scheme://aliasname1:port"
"scheme://aliasname2:port"
]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/collabora-online.nix>
|
services.collabora-online.aliasGroups.*.host
Hostname to allow or deny.
Type: string
Example:
"scheme://hostname:port"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/collabora-online.nix>
|
services.collabora-online.extraArgs
Extra arguments to pass to the service.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/collabora-online.nix>
|
services.collabora-online.port
Listening port
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
9980
Declared by:
<nixpkgs/nixos/modules/services/web-apps/collabora-online.nix>
|
services.collabora-online.settings
Configuration for Collabora Online WebSocket Daemon, see https://sdk.collaboraonline.com/docs/installation/Configuration.html, or https://github.com/CollaboraOnline/online/blob/master/coolwsd.xml.in for the default configuration.
Type: `coolwsd.xml` configuration type, used to override values in the default configuration.
Attribute names correspond to XML tags unless prefixed with `@`. Nested attribute sets correspond to nested XML tags. Attribute prefixed with `@` correspond to XML attributes. E.g., `{ storage.wopi.“@allow” = true; }` in Nix corresponds to `<storage><wopi allow=“true”/></storage>` in `coolwsd.xml`, or `–o:storage.wopi[@allow]=true` in the command line.
Arrays correspond to multiple elements with the same tag name. E.g. `{ host = [ ‘‘127\.0\.0\.1’’ “::1” ]; }` in Nix corresponds to ```xml <net><post_allow> <host>127\.0\.0\.1</host> <host>::1</host> </post_allow></net> ``` in `coolwsd.xml`, or `–o:net.post_allow.host[0]='127\.0\.0\.1 --o:net.post_allow.host[1]=::1` in the command line.
Null values could be used to remove an element from the default configuration.
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/collabora-online.nix>
|
services.collectd.enable
Whether to enable collectd agent.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
|
services.collectd.package
The collectd package to use.
Type: package
Default:
pkgs.collectd
Declared by:
<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
|
services.collectd.autoLoadPlugin
Enable plugin autoloading.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
|
services.collectd.buildMinimalPackage
Build a minimal collectd package with only the configured services.collectd.plugins
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
|
services.collectd.dataDir
Data directory for collectd agent.
Type: absolute path
Default:
"/var/lib/collectd"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
|
services.collectd.extraConfig
Extra configuration for collectd. Use mkBefore to add lines before the default config, and mkAfter to add them below.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
|
services.collectd.include
Additional paths to load config from.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
|
services.collectd.plugins
Attribute set of plugin names to plugin config segments
Type: attribute set of strings concatenated with “\n”
Default:
{ }
Example:
{
cpu = "";
memory = "";
network = "Server 192.168.1.1 25826";
}
Declared by:
<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
|
services.collectd.user
User under which to run collectd.
Type: null or string
Default:
"collectd"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
|
services.collectd.validateConfig
Validate the syntax of collectd configuration file at build time. Disable this if you use the Include directive on files unavailable in the build sandbox, or when cross-compiling.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
|
services.colord.enable
Whether to enable colord, the color management daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/x11/colord.nix>
|
services.commafeed.enable
Whether to enable CommaFeed.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/commafeed.nix>
|
services.commafeed.package
The commafeed package to use.
Type: package
Default:
pkgs.commafeed
Declared by:
<nixpkgs/nixos/modules/services/web-apps/commafeed.nix>
|
services.commafeed.environment
Extra environment variables passed to CommaFeed, refer to
https://github.com/Athou/commafeed/blob/master/commafeed-server/config.yml.example
for supported values. The default user is admin
and the default password is admin
.
Correct configuration for H2 database is already provided.
Type: attribute set of (boolean or signed integer or string)
Default:
{ }
Example:
{
CF_SERVER_APPLICATIONCONNECTORS_0_PORT = 9090;
CF_SERVER_APPLICATIONCONNECTORS_0_TYPE = "http";
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/commafeed.nix>
|
services.commafeed.environmentFile
Environment file as defined in systemd.exec(5).
Type: null or absolute path
Default:
null
Example:
"/var/lib/commafeed/commafeed.env"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/commafeed.nix>
|
services.commafeed.group
Group under which CommaFeed runs.
Type: string
Default:
"commafeed"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/commafeed.nix>
|
services.commafeed.stateDir
Directory holding all state for CommaFeed to run.
Type: absolute path
Default:
"/var/lib/commafeed"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/commafeed.nix>
|
services.commafeed.user
User under which CommaFeed runs.
Type: string
Default:
"commafeed"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/commafeed.nix>
|
services.compton
Alias of services.picom
.
Type: submodule
Declared by:
<nixpkgs/nixos/modules/services/x11/picom.nix>
|
services.conduwuit.enable
Whether to enable conduwuit.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/matrix/conduwuit.nix>
|
services.conduwuit.package
The conduwuit package to use.
Type: package
Default:
pkgs.conduwuit
Declared by:
<nixpkgs/nixos/modules/services/matrix/conduwuit.nix>
|
services.conduwuit.extraEnvironment
Extra Environment variables to pass to the conduwuit server.
Type: attribute set of string
Default:
{ }
Example:
{
RUST_BACKTRACE = "yes";
}
Declared by:
<nixpkgs/nixos/modules/services/matrix/conduwuit.nix>
|
services.conduwuit.group
The group conduwuit is run as.
Type: non-empty string
Default:
"conduwuit"
Declared by:
<nixpkgs/nixos/modules/services/matrix/conduwuit.nix>
|
services.conduwuit.settings
Generates the conduwuit.toml configuration file. Refer to https://conduwuit.puppyirl.gay/configuration.html for details on supported values.
Type: TOML value
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/matrix/conduwuit.nix>
|
services.conduwuit.settings.global.address
Addresses (IPv4 or IPv6) to listen on for connections by the reverse proxy/tls terminator.
If set to null
, conduwuit will listen on IPv4 and IPv6 localhost.
Must be null
if unix_socket_path
is set.
Type: null or (list of non-empty string)
Default:
null
Example:
[
"127.0.0.1"
"::1"
]
Declared by:
<nixpkgs/nixos/modules/services/matrix/conduwuit.nix>
|
services.conduwuit.settings.global.allow_check_for_updates
If enabled, conduwuit will send a simple GET request periodically to https://pupbrain.dev/check-for-updates/stable for any new announcements made. Despite the name, this is not an update check endpoint, it is simply an announcement check endpoint.
Disabled by default.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/matrix/conduwuit.nix>
|
services.conduwuit.settings.global.allow_encryption
Whether new encrypted rooms can be created. Note: existing rooms will continue to work.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/matrix/conduwuit.nix>
|
services.conduwuit.settings.global.allow_federation
Whether this server federates with other servers.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/matrix/conduwuit.nix>
|
services.conduwuit.settings.global.allow_registration
Whether new users can register on this server.
Registration with token requires registration_token
or registration_token_file
to be set.
If set to true without a token configured, and
yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse
is set to true, users can freely register.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/matrix/conduwuit.nix>
|
services.conduwuit.settings.global.database_path
Path to the conduwuit database, the directory where conduwuit will save its data. Note that database_path cannot be edited because of the service’s reliance on systemd StateDir.
Type: absolute path (read only)
Default:
"/var/lib/conduwuit/"
Declared by:
<nixpkgs/nixos/modules/services/matrix/conduwuit.nix>
|
services.conduwuit.settings.global.max_request_size
Max request size in bytes. Don’t forget to also change it in the proxy.
Type: positive integer, meaning >0
Default:
20000000
Declared by:
<nixpkgs/nixos/modules/services/matrix/conduwuit.nix>
|
services.conduwuit.settings.global.port
The port(s) conduwuit will be running on. You need to set up a reverse proxy in your web server (e.g. apache or nginx), so all requests to /_matrix on port 443 and 8448 will be forwarded to the conduwuit instance running on this port.
Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
[
6167
]
Declared by:
<nixpkgs/nixos/modules/services/matrix/conduwuit.nix>
|
services.conduwuit.settings.global.server_name
The server_name is the name of this server. It is used as a suffix for user and room ids.
Type: non-empty string
Example:
"example.com"
Declared by:
<nixpkgs/nixos/modules/services/matrix/conduwuit.nix>
|
services.conduwuit.settings.global.trusted_servers
Servers listed here will be used to gather public keys of other servers (notary trusted key servers).
Currently, conduwuit doesn’t support inbound batched key requests, so this list should only contain other Synapse servers.
Example: [ "matrix.org" "constellatory.net" "tchncs.de" ]
Type: list of non-empty string
Default:
[
"matrix.org"
]
Declared by:
<nixpkgs/nixos/modules/services/matrix/conduwuit.nix>
|
services.conduwuit.settings.global.unix_socket_path
Listen on a UNIX socket at the specified path. If listening on a UNIX socket,
listening on an address will be disabled. The address
option must be set to
null
(the default value). The option services.conduwuit.group
must
be set to a group your reverse proxy is part of.
This will automatically add a system user “conduwuit” to your system if
services.conduwuit.user
is left at the default, and a “conduwuit”
group if services.conduwuit.group
is left at the default.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/matrix/conduwuit.nix>
|
services.conduwuit.settings.global.unix_socket_perms
The default permissions (in octal) to create the UNIX socket with.
Type: positive integer, meaning >0
Default:
660
Declared by:
<nixpkgs/nixos/modules/services/matrix/conduwuit.nix>
|
services.conduwuit.user
The user conduwuit is run as.
Type: non-empty string
Default:
"conduwuit"
Declared by:
<nixpkgs/nixos/modules/services/matrix/conduwuit.nix>
|
services.confd.enable
Whether to enable confd, a service to manage local application configuration files using templates and data from etcd/consul/redis/zookeeper.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/confd.nix>
|
services.confd.package
The confd package to use.
Type: package
Default:
pkgs.confd
Declared by:
<nixpkgs/nixos/modules/services/misc/confd.nix>
|
services.confd.backend
Confd config storage backend to use.
Type: one of “etcd”, “consul”, “redis”, “zookeeper”
Default:
"etcd"
Declared by:
<nixpkgs/nixos/modules/services/misc/confd.nix>
|
services.confd.confDir
The path to the confd configs.
Type: absolute path
Default:
"/etc/confd"
Declared by:
<nixpkgs/nixos/modules/services/misc/confd.nix>
|
services.confd.interval
Confd check interval.
Type: signed integer
Default:
10
Declared by:
<nixpkgs/nixos/modules/services/misc/confd.nix>
|
services.confd.logLevel
Confd log level.
Type: one of “info”, “debug”
Default:
"info"
Declared by:
<nixpkgs/nixos/modules/services/misc/confd.nix>
|
services.confd.nodes
Confd list of nodes to connect to.
Type: list of string
Default:
[
"http://127.0.0.1:2379"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/confd.nix>
|
services.confd.prefix
The string to prefix to keys.
Type: absolute path
Default:
"/"
Declared by:
<nixpkgs/nixos/modules/services/misc/confd.nix>
|
services.confd.watch
Confd, whether to watch etcd config for changes.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/confd.nix>
|
services.connman.enable
Whether to use ConnMan for managing your network connections.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/connman.nix>
|
services.connman.enableVPN
Whether to enable ConnMan VPN service.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/connman.nix>
|
services.connman.package
The connman package / build flavor
Type: package
Default:
pkgs.connman
Example:
pkgs.connmanFull
Declared by:
<nixpkgs/nixos/modules/services/networking/connman.nix>
|
services.connman.extraConfig
Configuration lines appended to the generated connman configuration file.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/connman.nix>
|
services.connman.extraFlags
Extra flags to pass to connmand
Type: list of string
Default:
[ ]
Example:
[
"--nodnsproxy"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/connman.nix>
|
services.connman.networkInterfaceBlacklist
Default blacklisted interfaces, this includes NixOS containers interfaces (ve).
Type: list of string
Default:
[
"vmnet"
"vboxnet"
"virbr"
"ifb"
"ve"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/connman.nix>
|
services.connman.wifi.backend
Specify the Wi-Fi backend used.
Currently supported are wpa_supplicant
or iwd
.
Type: one of “wpa_supplicant”, “iwd”
Default:
"wpa_supplicant"
Declared by:
<nixpkgs/nixos/modules/services/networking/connman.nix>
|
services.consul.enable
Enables the consul daemon.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul.package
The consul package to use.
Type: package
Default:
pkgs.consul
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul.alerts.enable
Whether to enable consul-alerts.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul.alerts.package
The consul-alerts package to use.
Type: package
Default:
pkgs.consul-alerts
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul.alerts.consulAddr
Consul api listening address
Type: string
Default:
"localhost:8500"
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul.alerts.listenAddr
Api listening address.
Type: string
Default:
"localhost:9000"
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul.alerts.watchChecks
Whether to enable check watcher.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul.alerts.watchEvents
Whether to enable event watcher.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul.dropPrivileges
Whether the consul agent should be run as a non-root consul user.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul.extraConfig
Extra configuration options which are serialized to json and added to the config.json file.
Type: attribute set of anything
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul.extraConfigFiles
Additional configuration files to pass to consul NOTE: These will not trigger the service to be restarted when altered.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul.forceAddrFamily
Whether to bind ipv4/ipv6 or both kind of addresses.
Type: one of “any”, “ipv4”, “ipv6”
Default:
"any"
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul.forceIpv4
Deprecated: Use consul.forceAddrFamily instead. Whether we should force the interfaces to only pull ipv4 addresses.
Type: null or boolean
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul.interface.advertise
The name of the interface to pull the advertise_addr from.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul.interface.bind
The name of the interface to pull the bind_addr from.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul.leaveOnStop
If enabled, causes a leave action to be sent when closing consul. This allows a clean termination of the node, but permanently removes it from the cluster. You probably don’t want this option unless you are running a node which going offline in a permanent / semi-permanent fashion.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul.webUi
Enables the web interface on the consul http port.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul-template.instances
Attribute set of consul-template instances.
Creates independent consul-template-${name}.service
systemd units for each instance defined here.
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/security/vault-agent.nix>
|
services.consul-template.instances.<name>.enable
Whether to enable this consul-template instance.
Type: boolean
Default:
true
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/security/vault-agent.nix>
|
services.consul-template.instances.<name>.package
The consul-template package to use.
Type: package
Default:
pkgs.consul-template
Declared by:
<nixpkgs/nixos/modules/services/security/vault-agent.nix>
|
services.consul-template.instances.<name>.group
Group under which this instance runs.
Type: string
Default:
"root"
Declared by:
<nixpkgs/nixos/modules/services/security/vault-agent.nix>
|
services.consul-template.instances.<name>.settings
Free-form settings written directly to the config.json
file.
Refer to https://github.com/hashicorp/consul-template/blob/main/docs/configuration.md#configuration-file for supported values.
Resulting format is JSON not HCL. Refer to https://www.hcl2json.com/ if you are unsure how to convert HCL options to JSON.
Type: JSON value
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/security/vault-agent.nix>
|
services.consul-template.instances.<name>.settings.pid_file
Path to use for the pid file.
Type: string
Default:
"/run/consul-template/‹name›.pid"
Declared by:
<nixpkgs/nixos/modules/services/security/vault-agent.nix>
|
services.consul-template.instances.<name>.settings.template
Template section of consul-template. Refer to https://github.com/hashicorp/consul-template/blob/main/docs/configuration.md#templates for supported values.
Type: null or (list of attribute set of anything)
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/security/vault-agent.nix>
|
services.consul-template.instances.<name>.user
User under which this instance runs.
Type: string
Default:
"root"
Declared by:
<nixpkgs/nixos/modules/services/security/vault-agent.nix>
|
services.convos.enable
Whether to enable Convos.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/convos.nix>
|
services.convos.listenAddress
Address or host the web interface should listen on
Type: string
Default:
"*"
Example:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/convos.nix>
|
services.convos.listenPort
Port the web interface should listen on
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
3000
Example:
8080
Declared by:
<nixpkgs/nixos/modules/services/web-apps/convos.nix>
|
services.convos.reverseProxy
Enables reverse proxy support. This will allow Convos to automatically
pick up the X-Forwarded-For
and
X-Request-Base
HTTP headers set in your reverse proxy
web server. Note that enabling this option without a reverse proxy in
front will be a security issue.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/convos.nix>
|
services.coredns.enable
Whether to enable Coredns dns server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/coredns.nix>
|
services.coredns.package
The coredns package to use.
Type: package
Default:
pkgs.coredns
Declared by:
<nixpkgs/nixos/modules/services/networking/coredns.nix>
|
services.coredns.config
Verbatim Corefile to use. See https://coredns.io/manual/toc/#configuration for details.
Type: strings concatenated with “\n”
Default:
""
Example:
''
. {
whoami
}
''
Declared by:
<nixpkgs/nixos/modules/services/networking/coredns.nix>
|
services.coredns.extraArgs
Extra arguments to pass to coredns.
Type: list of string
Default:
[ ]
Example:
[
"-dns.port=53"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/coredns.nix>
|
services.corerad.enable
Whether to enable CoreRAD IPv6 NDP RA daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/corerad.nix>
|
services.corerad.package
The corerad package to use.
Type: package
Default:
pkgs.corerad
Declared by:
<nixpkgs/nixos/modules/services/networking/corerad.nix>
|
services.corerad.configFile
Path to CoreRAD TOML configuration file.
Type: absolute path
Example:
"${pkgs.corerad}/etc/corerad/corerad.toml"
Declared by:
<nixpkgs/nixos/modules/services/networking/corerad.nix>
|
services.corerad.settings
Configuration for CoreRAD, see https://github.com/mdlayher/corerad/blob/main/internal/config/reference.toml for supported values. Ignored if configFile is set.
Type: TOML value
Example:
{
interfaces = [
# eth0 is an upstream interface monitoring for IPv6 router advertisements.
{
name = "eth0";
monitor = true;
}
# eth1 is a downstream interface advertising IPv6 prefixes for SLAAC.
{
name = "eth1";
advertise = true;
prefix = [{ prefix = "::/64"; }];
}
];
# Optionally enable Prometheus metrics.
debug = {
address = "localhost:9430";
prometheus = true;
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/corerad.nix>
|
services.corosync.enable
Whether to enable corosync.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/cluster/corosync/default.nix>
|
services.corosync.package
The corosync package to use.
Type: package
Default:
pkgs.corosync
Declared by:
<nixpkgs/nixos/modules/services/cluster/corosync/default.nix>
|
services.corosync.clusterName
Name of the corosync cluster.
Type: string
Default:
"nixcluster"
Declared by:
<nixpkgs/nixos/modules/services/cluster/corosync/default.nix>
|
services.corosync.extraOptions
Additional options with which to start corosync.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/cluster/corosync/default.nix>
|
services.corosync.nodelist
Corosync nodelist: all cluster members.
Type: list of (submodule)
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/cluster/corosync/default.nix>
|
services.corosync.nodelist.*.name
Node name
Type: string
Declared by:
<nixpkgs/nixos/modules/services/cluster/corosync/default.nix>
|
services.corosync.nodelist.*.nodeid
Node ID number
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/services/cluster/corosync/default.nix>
|
services.corosync.nodelist.*.ring_addrs
List of addresses, one for each ring.
Type: list of string
Declared by:
<nixpkgs/nixos/modules/services/cluster/corosync/default.nix>
|
services.coturn.enable
Whether to enable coturn TURN server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.alt-listening-port
Alternative listening port for UDP and TCP listeners; default (or zero) value means “listening port plus one”. This is needed for RFC 5780 support (STUN extension specs, NAT behavior discovery). The TURN Server supports RFC 5780 only if it is started with more than one listening IP address of the same family (IPv4 or IPv6). RFC 5780 is supported only by UDP protocol, other protocols are listening to that endpoint only for “symmetry”.
Type: signed integer
Default:
listening-port + 1
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.alt-tls-listening-port
Alternative listening port for TLS and DTLS protocols.
Type: signed integer
Default:
tls-listening-port + 1
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.cert
Certificate file in PEM format.
Type: null or string
Default:
null
Example:
"/var/lib/acme/example.com/fullchain.pem"
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.cli-ip
Local system IP address to be used for CLI server endpoint.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.cli-password
CLI access password. For the security reasons, it is recommended to use the encrypted for of the password (see the -P command in the turnadmin utility).
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.cli-port
CLI server port.
Type: signed integer
Default:
5766
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.dh-file
Use custom DH TLS key, stored in PEM format in the file.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.extraConfig
Additional configuration options
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.listening-ips
Listener IP addresses of relay server. If no IP(s) specified in the config file or in the command line options, then all IPv4 and IPv6 system IPs will be used for listening.
Type: list of string
Default:
[ ]
Example:
[
"203.0.113.42"
"2001:DB8::42"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.listening-port
TURN listener port for UDP and TCP. Note: actually, TLS and DTLS sessions can connect to the “plain” TCP and UDP port(s), too - if allowed by configuration.
Type: signed integer
Default:
3478
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.lt-cred-mech
Use long-term credential mechanism.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.max-port
Upper bound of UDP relay endpoints
Type: signed integer
Default:
65535
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.min-port
Lower bound of UDP relay endpoints
Type: signed integer
Default:
49152
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.no-auth
This option is opposite to lt-cred-mech. (TURN Server with no-auth option allows anonymous access). If neither option is defined, and no users are defined, then no-auth is default. If at least one user is defined, in this file or in command line or in usersdb file, then lt-cred-mech is default.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.no-cli
Turn OFF the CLI support.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.no-dtls
Disable DTLS client listener
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.no-tcp
Disable TCP client listener
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.no-tcp-relay
Disable TCP relay endpoints
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.no-tls
Disable TLS client listener
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.no-udp
Disable UDP client listener
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.no-udp-relay
Disable UDP relay endpoints
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.pkey
Private key file in PEM format.
Type: null or string
Default:
null
Example:
"/var/lib/acme/example.com/key.pem"
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.realm
The default realm to be used for the users when no explicit origin/realm relationship was found in the database, or if the TURN server is not using any database (just the commands-line settings and the userdb file). Must be used with long-term credentials mechanism or with TURN REST API.
Type: string
Default:
config.networking.hostName
Example:
"example.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.relay-ips
Relay address (the local IP address that will be used to relay the packets to the peer). Multiple relay addresses may be used. The same IP(s) can be used as both listening IP(s) and relay IP(s).
If no relay IP(s) specified, then the turnserver will apply the default policy: it will decide itself which relay addresses to be used, and it will always be using the client socket IP address as the relay IP address of the TURN session (if the requested relay address family is the same as the family of the client socket).
Type: list of string
Default:
[ ]
Example:
[
"203.0.113.42"
"2001:DB8::42"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.secure-stun
Require authentication of the STUN Binding request. By default, the clients are allowed anonymous access to the STUN Binding functionality.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.static-auth-secret
‘Static’ authentication secret value (a string) for TURN REST API only. If not set, then the turn server will try to use the ‘dynamic’ value in turn_secret table in user database (if present). The database-stored value can be changed on-the-fly by a separate program, so this is why that other mode is ‘dynamic’.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.static-auth-secret-file
Path to the file containing the static authentication secret.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.tls-listening-port
TURN listener port for TLS. Note: actually, “plain” TCP and UDP sessions can connect to the TLS and DTLS port(s), too - if allowed by configuration. The TURN server “automatically” recognizes the type of traffic. Actually, two listening endpoints (the “plain” one and the “tls” one) are equivalent in terms of functionality; but we keep both endpoints to satisfy the RFC 5766 specs. For secure TCP connections, we currently support SSL version 3 and TLS version 1.0, 1.1 and 1.2. For secure UDP connections, we support DTLS version 1.
Type: signed integer
Default:
5349
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.use-auth-secret
TURN REST API flag. Flag that sets a special authorization option that is based upon authentication secret. This feature can be used with the long-term authentication mechanism, only. This feature purpose is to support “TURN Server REST API”, see “TURN REST API” link in the project’s page https://github.com/coturn/coturn/
This option is used with timestamp:
usercombo -> “timestamp:userid” turn user -> usercombo turn password -> base64(hmac(secret key, usercombo))
This allows TURN credentials to be accounted for a specific user id. If you don’t have a suitable id, the timestamp alone can be used. This option is just turning on secret-based authentication. The actual value of the secret is defined either by option static-auth-secret, or can be found in the turn_secret table in the database.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.couchdb.enable
Whether to enable CouchDB Server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.package
The couchdb3 package to use.
Type: package
Default:
pkgs.couchdb3
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.adminPass
Couchdb (i.e. fauxton) account with permission for all dbs and tasks.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.adminUser
Couchdb (i.e. fauxton) account with permission for all dbs and tasks.
Type: string
Default:
"admin"
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.argsFile
vm.args configuration. Overrides Couchdb’s Erlang VM parameters file.
Type: absolute path
Default:
"config.services.couchdb.package/etc/vm.args"
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.bindAddress
Defines the IP address by which CouchDB will be accessible.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.configFile
Configuration file for persisting runtime changes. File needs to be readable and writable from couchdb user/group.
Type: absolute path
Default:
"/var/lib/couchdb/local.ini"
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.databaseDir
Specifies location of CouchDB database files (*.couch named). This location should be writable and readable for the user the CouchDB service runs as (couchdb by default).
Type: absolute path
Default:
"/var/lib/couchdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.extraConfig
Extra configuration options for CouchDB
Type: attribute set
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.extraConfigFiles
Extra configuration files. Overrides any other configuration. You can use this to setup the Admin user without putting the password in your nix store.
Type: list of absolute path
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.group
Group account under which couchdb runs.
Type: string
Default:
"couchdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.logFile
Specifies the location of file for logging output.
Type: absolute path
Default:
"/var/log/couchdb.log"
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.port
Defined the port number to listen.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
5984
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.uriFile
This file contains the full URI that can be used to access this instance of CouchDB. It is used to help discover the port CouchDB is running on (if it was set to 0 (e.g. automatically assigned any free one). This file should be writable and readable for the user that runs the CouchDB service (couchdb by default).
Type: absolute path
Default:
"/run/couchdb/couchdb.uri"
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.user
User account under which couchdb runs.
Type: string
Default:
"couchdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.viewIndexDir
Specifies location of CouchDB view index files. This location should be writable and readable for the user that runs the CouchDB service (couchdb by default).
Type: absolute path
Default:
"/var/lib/couchdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.cpuminer-cryptonight.enable
Whether to enable the cpuminer cryptonight miner.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/cpuminer-cryptonight.nix>
|
services.cpuminer-cryptonight.pass
Password for mining server
Type: string
Default:
"x"
Declared by:
<nixpkgs/nixos/modules/services/misc/cpuminer-cryptonight.nix>
|
services.cpuminer-cryptonight.threads
Number of miner threads, defaults to available processors
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/misc/cpuminer-cryptonight.nix>
|
services.cpuminer-cryptonight.url
URL of mining server
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/cpuminer-cryptonight.nix>
|
services.cpuminer-cryptonight.user
Username for mining server
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/cpuminer-cryptonight.nix>
|
services.cpupower-gui.enable
Enables dbus/systemd service needed by cpupower-gui. These services are responsible for retrieving and modifying cpu power saving settings.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/desktops/cpupower-gui.nix>
|
services.crab-hole.enable
Whether to enable Crab-hole Service.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/crab-hole.nix>
|
services.crab-hole.package
The crab-hole package to use.
Type: package
Default:
pkgs.crab-hole
Declared by:
<nixpkgs/nixos/modules/services/networking/crab-hole.nix>
|
services.crab-hole.configFile
The config file of crab-hole.
If files are added via url, make sure the service has access to them. Setting this option will override any configuration applied by the settings option.
Type: absolute path
Declared by:
<nixpkgs/nixos/modules/services/networking/crab-hole.nix>
|
services.crab-hole.settings
Crab-holes config. See big example https://github.com/LuckyTurtleDev/crab-hole/blob/main/example-config.toml
Type: TOML value
Example:
{
api = {
admin_key = "1234";
listen = "127.0.0.1";
port = 8080;
show_doc = true;
};
blocklist = {
allow_list = [
"file:///allowed.txt"
];
include_subdomains = true;
lists = [
"https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling-porn/hosts"
"https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt"
"file:///blocked.txt"
];
};
downstream = [
{
listen = "localhost";
port = 8080;
protocol = "udp";
}
{
certificate = "dns.example.com.crt";
dns_hostname = "dns.example.com";
key = "dns.example.com.key";
listen = "[::]";
port = 8055;
protocol = "https";
timeout_ms = 3000;
}
];
upstream = {
name_servers = [
{
protocol = "tls";
socket_addr = "[2606:4700:4700::1111]:853";
tls_dns_name = "1dot1dot1dot1.cloudflare-dns.com";
trust_nx_responses = false;
}
{
protocol = "tls";
socket_addr = "1.1.1.1:853";
tls_dns_name = "1dot1dot1dot1.cloudflare-dns.com";
trust_nx_responses = false;
}
];
options = {
validate = false;
};
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/crab-hole.nix>
|
services.crab-hole.settings.blocklist.allow_list
List of allowlists. If files are added via url, make sure the service has access to them!
Type: list of (string or absolute path)
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/crab-hole.nix>
|
services.crab-hole.settings.blocklist.include_subdomains
Whether to enable Include subdomains.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/crab-hole.nix>
|
services.crab-hole.settings.blocklist.lists
List of blocklists. If files are added via url, make sure the service has access to them!
Type: list of (string or absolute path)
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/crab-hole.nix>
|
services.crab-hole.supplementaryGroups
Adds additional groups to the crab-hole service. Can be useful to prevent permission issues.
Type: list of string
Default:
[ ]
Example:
[
"acme"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/crab-hole.nix>
|
services.crabfit.enable
Whether to enable Crab Fit, a meeting scheduler based on peoples’ availability.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/crabfit.nix>
|
services.crabfit.api.package
The crabfit-api package to use.
Type: package
Default:
pkgs.crabfit-api
Declared by:
<nixpkgs/nixos/modules/services/web-apps/crabfit.nix>
|
services.crabfit.api.environment
Environment variables for the crabfit API.
Type: attribute set of string
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/crabfit.nix>
|
services.crabfit.api.host
The hostname of the API.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/crabfit.nix>
|
services.crabfit.api.port
The internal listening port of the API.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
3000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/crabfit.nix>
|
services.crabfit.frontend.package
The crabfit-frontend package to use.
Type: package
Default:
pkgs.crabfit-frontend
Declared by:
<nixpkgs/nixos/modules/services/web-apps/crabfit.nix>
|
services.crabfit.frontend.environment
Environment variables for the crabfit frontend.
Type: attribute set of string
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/crabfit.nix>
|
services.crabfit.frontend.finalDrv
The patched frontend, using the correct urls for the API and frontend.
Type: package (read only)
Default:
cfg.package.override {
api_url = "https://${cfg.api.host}";
frontend_url = cfg.frontend.host;
};
Declared by:
<nixpkgs/nixos/modules/services/web-apps/crabfit.nix>
|
services.crabfit.frontend.host
The hostname of the frontend.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/crabfit.nix>
|
services.crabfit.frontend.port
The internal listening port of the frontend.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
3001
Declared by:
<nixpkgs/nixos/modules/services/web-apps/crabfit.nix>
|
services.create_ap.enable
Whether to enable setting up wifi hotspots using create_ap.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/create_ap.nix>
|
services.create_ap.settings
Configuration for create_ap
.
See upstream example configuration
for supported values.
Type: attribute set of (signed integer or boolean or string)
Default:
{ }
Example:
{
INTERNET_IFACE = "eth0";
PASSPHRASE = "12345678";
SSID = "My Wifi Hotspot";
WIFI_IFACE = "wlan0";
}
Declared by:
<nixpkgs/nixos/modules/services/networking/create_ap.nix>
|
services.croc.enable
Whether to enable croc relay.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/croc.nix>
|
services.croc.debug
Whether to enable debug logs.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/croc.nix>
|
services.croc.openFirewall
Whether to enable opening of the peer port(s) in the firewall.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/croc.nix>
|
services.croc.pass
Password or passwordfile for the relay.
Type: absolute path or string
Default:
"pass123"
Declared by:
<nixpkgs/nixos/modules/services/networking/croc.nix>
|
services.croc.ports
Ports of the relay.
Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
[
9009
9010
9011
9012
9013
]
Declared by:
<nixpkgs/nixos/modules/services/networking/croc.nix>
|
services.cron.enable
Whether to enable the Vixie cron daemon.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/scheduling/cron.nix>
|
services.cron.cronFiles
A list of extra crontab files that will be read and appended to the main crontab file when the cron service starts.
Type: list of absolute path
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/scheduling/cron.nix>
|
services.cron.mailto
Email address to which job output will be mailed.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/scheduling/cron.nix>
|
services.cron.systemCronJobs
A list of Cron jobs to be appended to the system-wide
crontab. See the manual page for crontab for the expected
format. If you want to get the results mailed you must setuid
sendmail. See security.wrappers
If neither /var/cron/cron.deny nor /var/cron/cron.allow exist only root is allowed to have its own crontab file. The /var/cron/cron.deny file is created automatically for you, so every user can use a crontab.
Many nixos modules set systemCronJobs, so if you decide to disable vixie cron and enable another cron daemon, you may want it to get its system crontab based on systemCronJobs.
Type: list of string
Default:
[ ]
Example:
[ "* * * * * test ls -l / > /tmp/cronout 2>&1"
"* * * * * eelco echo Hello World > /home/eelco/cronout"
]
Declared by:
<nixpkgs/nixos/modules/services/scheduling/cron.nix>
|
services.cross-seed.enable
Whether to enable cross-seed.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/torrent/cross-seed.nix>
|
services.cross-seed.package
The cross-seed package to use.
Type: package
Default:
pkgs.cross-seed
Declared by:
<nixpkgs/nixos/modules/services/torrent/cross-seed.nix>
|
services.cross-seed.configDir
Cross-seed config directory
Type: absolute path
Default:
"/var/lib/cross-seed"
Declared by:
<nixpkgs/nixos/modules/services/torrent/cross-seed.nix>
|
services.cross-seed.group
Group to run cross-seed as.
Type: string
Default:
"cross-seed"
Example:
"torrents"
Declared by:
<nixpkgs/nixos/modules/services/torrent/cross-seed.nix>
|
services.cross-seed.settings
Configuration options for cross-seed.
Secrets should not be set in this option, as they will be available in the Nix store. For secrets, please use settingsFile.
For more details, see the cross-seed documentation.
Type: JSON value
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/torrent/cross-seed.nix>
|
services.cross-seed.settings.dataDirs
Paths to be searched for matching data.
If you use Injection, cross-seed will use the specified linkType to create a link to the original file in the linkDirs.
If linkType is hardlink, these must be on the same volume as the data.
Type: list of absolute path
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/torrent/cross-seed.nix>
|
services.cross-seed.settings.linkDirs
List of directories where cross-seed will create links.
If linkType is hardlink, these must be on the same volume as the data.
Type: list of absolute path
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/torrent/cross-seed.nix>
|
services.cross-seed.settings.outputDir
Directory where cross-seed will place torrent files it finds.
Type: absolute path
Default:
"\${cfg.configDir}/output"
Declared by:
<nixpkgs/nixos/modules/services/torrent/cross-seed.nix>
|
services.cross-seed.settings.port
Port the cross-seed daemon listens on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
2468
Example:
3000
Declared by:
<nixpkgs/nixos/modules/services/torrent/cross-seed.nix>
|
services.cross-seed.settings.torrentDir
Directory containing torrent files, or if you’re using a torrent client integration and injection - your torrent client’s .torrent file store/cache.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/torrent/cross-seed.nix>
|
services.cross-seed.settingsFile
Path to a JSON file containing settings that will be merged with the settings option. This is suitable for storing secrets, as they will not be exposed on the Nix store.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/torrent/cross-seed.nix>
|
services.cross-seed.user
User to run cross-seed as.
Type: string
Default:
"cross-seed"
Declared by:
<nixpkgs/nixos/modules/services/torrent/cross-seed.nix>
|
services.crossfire-server.enable
If enabled, the Crossfire game server will be started at boot.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/games/crossfire-server.nix>
|
services.crossfire-server.package
The crossfire-server package to use. ::: {.note}
This will also be used for map/arch data, if you don’t change dataDir
:::
Type: package
Default:
pkgs.crossfire-server
Declared by:
<nixpkgs/nixos/modules/services/games/crossfire-server.nix>
|
services.crossfire-server.configFiles
Text to append to the corresponding configuration files. Note that the files given in the example are not the complete set of files available to customize; look in /etc/crossfire after enabling the server to see the available files, and read the comments in each file for detailed documentation on the format and what settings are available.
Note that the motd, rules, and news files, if configured here, will overwrite the example files that come with the server, rather than being appended to them as the other configuration files are.
Type: attribute set of string
Default:
{ }
Example:
{
dm_file = ''
admin:secret_password:localhost
alice:xyzzy:*
'';
ban_file = ''
# Bob is a jerk
bob@*
# So is everyone on 192.168.86.255/24
*@192.168.86.
'';
metaserver2 = ''
metaserver2_notification on
localhostname crossfire.example.net
'';
motd = "Welcome to CrossFire!";
news = "No news yet.";
rules = "Don't be a jerk.";
settings = ''
# be nicer to newbies and harsher to experienced players
balanced_stat_loss true
# don't let players pick up and use admin-created items
real_wiz false
'';
}
Declared by:
<nixpkgs/nixos/modules/services/games/crossfire-server.nix>
|
services.crossfire-server.dataDir
Where to load readonly data from – maps, archetypes, treasure tables, and the like. If you plan to edit the data on the live server (rather than overlaying the crossfire-maps and crossfire-arch packages and nixos-rebuilding), point this somewhere read-write and copy the data there before starting the server.
Type: string
Default:
"${config.services.crossfire.package}/share/crossfire"
Declared by:
<nixpkgs/nixos/modules/services/games/crossfire-server.nix>
|
services.crossfire-server.openFirewall
Whether to open ports in the firewall for the server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/games/crossfire-server.nix>
|
services.crossfire-server.stateDir
Where to store runtime data (save files, persistent items, etc).
If left at the default, this will be automatically created on server
startup if it does not already exist. If changed, it is the admin’s
responsibility to make sure that the directory exists and is writeable
by the crossfire
user.
Type: string
Default:
"/var/lib/crossfire"
Declared by:
<nixpkgs/nixos/modules/services/games/crossfire-server.nix>
|
services.cryptpad.enable
Whether to enable cryptpad.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/cryptpad.nix>
|
services.cryptpad.package
The cryptpad package to use.
Type: package
Default:
pkgs.cryptpad
Declared by:
<nixpkgs/nixos/modules/services/web-apps/cryptpad.nix>
|
services.cryptpad.configureNginx
Configure Nginx as a reverse proxy for Cryptpad. Note that this makes some assumptions on your setup, and sets settings that will affect other virtualHosts running on your Nginx instance, if any. Alternatively you can configure a reverse-proxy of your choice.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/cryptpad.nix>
|
services.cryptpad.settings
Cryptpad configuration settings.
See https://github.com/cryptpad/cryptpad/blob/main/config/config.example.js for a more extensive
reference documentation.
Test your deployed instance through https://<domain>/checkup/
.
Type: JSON value
Declared by:
<nixpkgs/nixos/modules/services/web-apps/cryptpad.nix>
|
services.cryptpad.settings.adminKeys
List of public signing keys of users that can access the admin panel
Type: list of string
Default:
[ ]
Example:
[
"[cryptpad-user1@my.awesome.website/YZgXQxKR0Rcb6r6CmxHPdAGLVludrAF2lEnkbx1vVOo=]"
]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/cryptpad.nix>
|
services.cryptpad.settings.blockDailyCheck
Disable telemetry. This setting is only effective if the ‘Disable server telemetry’ setting in the admin menu has been untouched, and will be ignored by cryptpad once that option is set either way. Note that due to the service confinement, just enabling the option in the admin menu will not be able to resolve DNS and fail; this setting must be set as well.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/cryptpad.nix>
|
services.cryptpad.settings.httpAddress
Address on which the Node.js server should listen
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/cryptpad.nix>
|
services.cryptpad.settings.httpPort
Port on which the Node.js server should listen
Type: signed integer
Default:
3000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/cryptpad.nix>
|
services.cryptpad.settings.httpSafeOrigin
Cryptpad sandbox URL
Type: null or string
Example:
"https://cryptpad-ui.example.com. Apparently optional but recommended."
Declared by:
<nixpkgs/nixos/modules/services/web-apps/cryptpad.nix>
|
services.cryptpad.settings.httpUnsafeOrigin
This is the URL that users will enter to load your instance
Type: string
Default:
""
Example:
"https://cryptpad.example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/cryptpad.nix>
|
services.cryptpad.settings.installMethod
Install method is listed in telemetry if you agree to it through the consentToContact setting in the admin panel.
Type: string
Default:
"nixos"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/cryptpad.nix>
|
services.cryptpad.settings.logLevel
Controls log level
Type: string
Default:
"info"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/cryptpad.nix>
|
services.cryptpad.settings.logToStdout
Controls whether log output should go to stdout of the systemd service
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/cryptpad.nix>
|
services.cryptpad.settings.maxWorkers
Number of child processes, defaults to number of cores available
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/cryptpad.nix>
|
services.cryptpad.settings.websocketPort
Port for the websocket that needs to be separate
Type: signed integer
Default:
3003
Declared by:
<nixpkgs/nixos/modules/services/web-apps/cryptpad.nix>
|
services.cyrus-imap.enable
Whether to enable Cyrus IMAP, an email, contacts and calendar server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/mail/cyrus-imap.nix>
|
services.cyrus-imap.cyrusConfigFile
Path to the configuration file used for Cyrus.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/mail/cyrus-imap.nix>
|
services.cyrus-imap.cyrusSettings
Cyrus configuration settings. See cyrus.conf(5)
Type: attribute set of attribute set of (boolean or signed integer or list of string)
Declared by:
<nixpkgs/nixos/modules/services/mail/cyrus-imap.nix>
|
services.cyrus-imap.cyrusSettings.DAEMON
This section lists long running daemons to start before any SERVICES are spawned. master(8) will ensure that these processes are running, restarting any process which dies or forks. All listed processes will be shutdown when master(8) is exiting.
Type: unspecified value
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/mail/cyrus-imap.nix>
|
services.cyrus-imap.cyrusSettings.EVENTS
This section lists processes that should be run at specific intervals, similar to cron jobs. This section is typically used to perform scheduled cleanup/maintenance.
Type: unspecified value
Default:
{
checkpoint = {
cmd = [
"ctl_cyrusdb"
"-c"
];
period = 30;
};
deleteprune = {
at = 430;
cmd = [
"cyr_expire"
"-E"
"4"
"-D"
"28"
];
};
delprune = {
at = 400;
cmd = [
"cyr_expire"
"-E"
"3"
];
};
expungeprune = {
at = 445;
cmd = [
"cyr_expire"
"-E"
"4"
"-X"
"28"
];
};
tlsprune = {
at = 400;
cmd = [
"tls_prune"
];
};
}
Declared by:
<nixpkgs/nixos/modules/services/mail/cyrus-imap.nix>
|
services.cyrus-imap.cyrusSettings.SERVICES
This section is the heart of the cyrus.conf file. It lists the processes that should be spawned to handle client connections made on certain Internet/UNIX sockets.
Type: unspecified value
Default:
{
imap = {
cmd = [
"imapd"
];
listen = "imap";
prefork = 0;
};
lmtpunix = {
cmd = [
"lmtpd"
];
listen = "/run/cyrus/lmtp";
prefork = 0;
};
notify = {
cmd = [
"notifyd"
];
listen = "/run/cyrus/notify";
prefork = 0;
proto = "udp";
};
pop3 = {
cmd = [
"pop3d"
];
listen = "pop3";
prefork = 0;
};
}
Declared by:
<nixpkgs/nixos/modules/services/mail/cyrus-imap.nix>
|
services.cyrus-imap.cyrusSettings.START
This section lists the processes to run before any SERVICES are spawned. This section is typically used to initialize databases. Master itself will not startup until all tasks in START have completed, so put no blocking commands here.
Type: unspecified value
Default:
{
recover = {
cmd = [
"ctl_cyrusdb"
"-r"
];
};
}
Declared by:
<nixpkgs/nixos/modules/services/mail/cyrus-imap.nix>
|
services.cyrus-imap.debug
Whether to enable debugging messages for the Cyrus master process.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/mail/cyrus-imap.nix>
|
services.cyrus-imap.group
Cyrus IMAP group name. If this is not set, a group named cyrus
will be created.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/mail/cyrus-imap.nix>
|
services.cyrus-imap.imapdConfigFile
Path to the configuration file used for cyrus-imap.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/mail/cyrus-imap.nix>
|
services.cyrus-imap.imapdSettings
IMAP configuration settings. See imapd.conf(5)
Type: attribute set of (string or signed integer or boolean or list of string)
Default:
{
admins = [
"cyrus"
];
allowplaintext = true;
defaultdomain = "localhost";
defaultpartition = "default";
duplicate_db_path = "/run/cyrus/db/deliver.db";
hashimapspool = true;
httpmodules = [
"carddav"
"caldav"
];
mboxname_lockpath = "/run/cyrus/lock";
partition-default = "/var/lib/cyrus/storage";
popminpoll = 1;
proc_path = "/run/cyrus/proc";
ptscache_db_path = "/run/cyrus/db/ptscache.db";
sasl_auto_transition = true;
sasl_pwcheck_method = [
"saslauthd"
];
sievedir = "/var/lib/cyrus/sieve";
statuscache_db_path = "/run/cyrus/db/statuscache.db";
syslog_prefix = "cyrus";
tls_client_ca_dir = "/etc/ssl/certs";
tls_session_timeout = 1440;
tls_sessions_db_path = "/run/cyrus/db/tls_sessions.db";
virtdomains = "on";
}
Declared by:
<nixpkgs/nixos/modules/services/mail/cyrus-imap.nix>
|
services.cyrus-imap.imapdSettings.configdirectory
The pathname of the IMAP configuration directory.
Type: absolute path
Default:
"/var/lib/cyrus"
Declared by:
<nixpkgs/nixos/modules/services/mail/cyrus-imap.nix>
|
services.cyrus-imap.imapdSettings.idlesocket
Unix socket that idled listens on.
Type: absolute path
Default:
"/run/cyrus/idle"
Declared by:
<nixpkgs/nixos/modules/services/mail/cyrus-imap.nix>
|
services.cyrus-imap.imapdSettings.lmtpsocket
Unix socket that lmtpd listens on, used by deliver(8). This should match the path specified in cyrus.conf(5).
Type: absolute path
Default:
"/run/cyrus/lmtp"
Declared by:
<nixpkgs/nixos/modules/services/mail/cyrus-imap.nix>
|
services.cyrus-imap.imapdSettings.notifysocket
Unix domain socket that the mail notification daemon listens on.
Type: absolute path
Default:
"/run/cyrus/notify"
Declared by:
<nixpkgs/nixos/modules/services/mail/cyrus-imap.nix>
|
services.cyrus-imap.listenQueue
Socket listen queue backlog size. See listen(2) for more information about a backlog. Default is 32, which may be increased if you have a very high connection rate.
Type: signed integer
Default:
32
Declared by:
<nixpkgs/nixos/modules/services/mail/cyrus-imap.nix>
|
services.cyrus-imap.sslCACert
File path which containing one or more CA certificates to use.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/mail/cyrus-imap.nix>
|
services.cyrus-imap.sslServerCert
File containing the global certificate used for all services (IMAP, POP3, LMTP, Sieve)
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/mail/cyrus-imap.nix>
|
services.cyrus-imap.sslServerKey
File containing the private key belonging to the global server certificate.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/mail/cyrus-imap.nix>
|
services.cyrus-imap.tmpDBDir
Location where DB files are stored. Databases in this directory are recreated upon startup, so ideally they should live in ephemeral storage for best performance.
Type: absolute path
Default:
"/run/cyrus/db"
Declared by:
<nixpkgs/nixos/modules/services/mail/cyrus-imap.nix>
|
services.cyrus-imap.user
Cyrus IMAP user name. If this is not set, a user named cyrus
will be created.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/mail/cyrus-imap.nix>
|
services.dae.enable
Whether to enable dae, a Linux high-performance transparent proxy solution based on eBPF.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/dae.nix>
|
services.dae.package
The dae package to use.
Type: package
Default:
pkgs.dae
Declared by:
<nixpkgs/nixos/modules/services/networking/dae.nix>
|
services.dae.assets
Assets required to run dae.
Type: list of absolute path
Default:
with pkgs; [ v2ray-geoip v2ray-domain-list-community ]
Declared by:
<nixpkgs/nixos/modules/services/networking/dae.nix>
|
services.dae.assetsPath
The path which contains geolocation database.
This option will override assets
.
Type: string
Default:
(symlinkJoin {
name = "dae-assets";
paths = assets;
})/share/v2ray
Declared by:
<nixpkgs/nixos/modules/services/networking/dae.nix>
|
services.dae.config
WARNING: This option will expose store your config unencrypted world-readable in the nix store. Config text for dae.
See https://github.com/daeuniverse/dae/blob/main/example.dae.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/dae.nix>
|
services.dae.configFile
The path of dae config file, end with .dae
.
Type: null or absolute path
Default:
null
Example:
"/path/to/your/config.dae"
Declared by:
<nixpkgs/nixos/modules/services/networking/dae.nix>
|
services.dae.disableTxChecksumIpGeneric
See https://github.com/daeuniverse/dae/issues/43
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/dae.nix>
|
services.dae.openFirewall
Open the firewall port.
Type: submodule
Default:
{
enable = true;
port = 12345;
}
Declared by:
<nixpkgs/nixos/modules/services/networking/dae.nix>
|
services.dae.openFirewall.enable
Whether to enable opening port
in the firewall.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/dae.nix>
|
services.dae.openFirewall.port
Port to be opened. Consist with field tproxy_port
in config file.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Declared by:
<nixpkgs/nixos/modules/services/networking/dae.nix>
|
services.dante.enable
Whether to enable Dante SOCKS proxy.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/dante.nix>
|
services.dante.config
Contents of Dante’s configuration file. NOTE: user.privileged, user.unprivileged and logoutput are set by the service.
Type: strings concatenated with “\n”
Declared by:
<nixpkgs/nixos/modules/services/networking/dante.nix>
|
services.darkhttpd.enable
Whether to enable DarkHTTPd web server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/darkhttpd.nix>
|
services.darkhttpd.address
Address to listen on.
Pass all
to listen on all interfaces.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/darkhttpd.nix>
|
services.darkhttpd.extraArgs
Additional configuration passed to the executable.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/darkhttpd.nix>
|
services.darkhttpd.hideServerId
Don’t identify the server type in headers or directory listings.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/darkhttpd.nix>
|
services.darkhttpd.port
Port to listen on. Pass 0 to let the system choose any free port for you.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
80
Declared by:
<nixpkgs/nixos/modules/services/web-servers/darkhttpd.nix>
|
services.darkhttpd.rootDir
Path from which to serve files.
Type: absolute path
Declared by:
<nixpkgs/nixos/modules/services/web-servers/darkhttpd.nix>
|
services.das_watchdog.enable
Whether to enable realtime watchdog.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/das_watchdog.nix>
|
services.dashy.enable
Whether to enable Dashy, a highly customizable, easy to use, privacy-respecting dashboard app.
Note that this builds a static web app as opposed to running a full node server, unlike the default docker image.
Writing config changes to disk through the UI, triggering a rebuild through the UI and application status checks are unavailable without the node server; Everything else will work fine.
See the deployment docs for building from source, hosting with a CDN and CDN cloud deploy for more information. .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dashy.nix>
|
services.dashy.package
The dashy-ui package to use.
Type: package
Default:
pkgs.dashy-ui
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dashy.nix>
|
services.dashy.finalDrv
Final derivation containing the fully built static files
Type: package (read only)
Default:
''
if cfg.settings != {}
then cfg.package.override {inherit (cfg) settings;}
else cfg.package;
''
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dashy.nix>
|
services.dashy.settings
Settings serialized into user-data/conf.yml
before build.
If left empty, the default configuration shipped with the package will be used instead.
Note that the full configuration will be written to the nix store as world readable, which may include secrets such as password hashes.
To add files such as icons or backgrounds, you can reference them in line such as
icon = "$\{./icon.png}";
This will add the file to the nix store upon build, referencing it by file path as expected by Dashy.
Type: JSON value
Default:
{ }
Example:
''
{
appConfig = {
cssThemes = [
"example-theme-1"
"example-theme-2"
];
enableFontAwesome = true;
fontAwesomeKey = "e9076c7025";
theme = "thebe";
};
pageInfo = {
description = "My Awesome Dashboard";
navLinks = [
{
path = "/";
title = "Home";
}
{
path = "https://example.com";
title = "Example 1";
}
{
path = "https://example.com";
title = "Example 2";
}
];
title = "Dashy";
};
sections = [
{
displayData = {
collapsed = true;
cols = 2;
customStyles = "border: 2px dashed red;";
itemSize = "large";
};
items = [
{
backgroundColor = "#0079ff";
color = "#00ffc9";
description = "Source code and documentation on GitHub";
icon = "fab fa-github";
target = "sametab";
title = "Source";
url = "https://github.com/Lissy93/dashy";
}
{
description = "View currently open issues, or raise a new one";
icon = "fas fa-bug";
title = "Issues";
url = "https://github.com/Lissy93/dashy/issues";
}
{
description = "Live Demo #1";
icon = "fas fa-rocket";
target = "iframe";
title = "Demo 1";
url = "https://dashy-demo-1.as93.net";
}
{
description = "Live Demo #2";
icon = "favicon";
target = "newtab";
title = "Demo 2";
url = "https://dashy-demo-2.as93.net";
}
];
name = "Getting Started";
}
];
}
''
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dashy.nix>
|
services.dashy.virtualHost.enableNginx
Whether to enable a virtualhost to serve dashy through nginx.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dashy.nix>
|
services.dashy.virtualHost.domain
Domain to use for the virtual host.
This can be used to change nginx options like
services.nginx.virtualHosts."$\{config.services.dashy.virtualHost.domain}".listen = [ ... ]
or
services.nginx.virtualHosts."example.com".listen = [ ... ]
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dashy.nix>
|
services.datadog-agent.enable
Whether to enable Datadog-agent v7 monitoring service.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
|
services.datadog-agent.enableLiveProcessCollection
Whether to enable the live process collection agent.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
|
services.datadog-agent.enableTraceAgent
Whether to enable the trace agent.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
|
services.datadog-agent.package
The datadog-agent package to use. ::: {.note}
The provided package is expected to have an overridable pythonPackages
-attribute
which configures the Python environment with the Datadog checks.
:::
Type: package
Default:
pkgs.datadog-agent
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
|
services.datadog-agent.apiKeyFile
Path to a file containing the Datadog API key to associate the agent with your account.
Type: absolute path
Example:
"/run/keys/datadog_api_key"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
|
services.datadog-agent.checks
Configuration for all Datadog checks. Keys of this attribute
set will be used as the name of the check to create the
appropriate configuration in conf.d/$check.d/conf.yaml
.
The configuration is converted into JSON from the plain Nix language configuration, meaning that you should write configuration adhering to Datadog’s documentation - but in Nix language.
Refer to the implementation of this module (specifically the
definition of defaultChecks
) for an example.
Note: The ‘disk’ and ‘network’ check are configured in separate options because they exist by default. Attempting to override their configuration here will have no effect.
Type: attribute set of (attribute set)
Default:
{ }
Example:
{
http_check = {
init_config = null;
instances = [
{
name = "some-service";
tags = [
"some-service"
];
url = "http://localhost:1337/healthz";
}
];
};
}
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
|
services.datadog-agent.ddUrl
Custom dd_url to configure the agent with. Useful if traffic to datadog needs to go through a proxy. Don’t use this to point to another datadog site (EU) - use site instead.
Type: null or string
Default:
null
Example:
"http://haproxy.example.com:3834"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
|
services.datadog-agent.diskCheck
Disk check config
Type: attribute set
Default:
{
init_config = { };
instances = [
{
use_mount = "false";
}
];
}
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
|
services.datadog-agent.extraConfig
Extra configuration options that will be merged into the
main config file datadog.yaml
.
Type: attribute set
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
|
services.datadog-agent.extraIntegrations
Extra integrations from the Datadog core-integrations repository that should be built and included.
By default the included integrations are disk, mongo, network, nginx and postgres.
To include additional integrations the name of the derivation and a function to filter its dependencies from the Python package set must be provided.
Type: attribute set
Default:
{ }
Example:
{
ntp = pythonPackages: [ pythonPackages.ntplib ];
}
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
|
services.datadog-agent.hostname
The hostname to show in the Datadog dashboard (optional)
Type: null or string
Default:
null
Example:
"mymachine.mydomain"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
|
services.datadog-agent.logLevel
Logging verbosity.
Type: null or one of “DEBUG”, “INFO”, “WARN”, “ERROR”
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
|
services.datadog-agent.networkCheck
Network check config
Type: attribute set
Default:
{
init_config = { };
instances = [
{
collect_connection_state = false;
excluded_interfaces = [
"lo"
"lo0"
];
}
];
}
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
|
services.datadog-agent.processAgentPackage
Which DataDog v7 agent package to use. Note that the provided
package is expected to have an overridable pythonPackages
-attribute
which configures the Python environment with the Datadog
checks.
Type: package
Default:
pkgs.datadog-process-agent
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
|
services.datadog-agent.site
The datadog site to point the agent towards. Set to datadoghq.eu to point it to their EU site.
Type: null or string
Default:
null
Example:
"datadoghq.eu"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
|
services.datadog-agent.tags
The tags to mark this Datadog agent
Type: null or (list of string)
Default:
null
Example:
[
"test"
"service"
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
|
services.davfs2.enable
Whether to enable davfs2.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/davfs2.nix>
|
services.davfs2.davGroup
The group of the running mount.davfs daemon. Ordinary users must be member of this group in order to mount a davfs2 file system. Value must be given as name, not as numerical id.
Type: string
Default:
"davfs2"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/davfs2.nix>
|
services.davfs2.davUser
When invoked by root the mount.davfs daemon will run as this user. Value must be given as name, not as numerical id.
Type: string
Default:
"davfs2"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/davfs2.nix>
|
services.davfs2.settings
Extra settings appended to the configuration of davfs2. See davfs2.conf(5) for available settings.
Type: attribute set of attribute set of (boolean or signed integer or string or attribute set of (boolean or signed integer or string))
Default:
{ }
Example:
{
globalSection = {
proxy = "foo.bar:8080";
use_locks = false;
};
sections = {
"/media/dav" = {
use_locks = true;
};
"/home/otto/mywebspace" = {
gui_optimize = true;
};
};
}
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/davfs2.nix>
|
services.davis.enable
Whether to enable Davis is a caldav and carddav server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.package
The davis package to use.
Type: package
Default:
pkgs.davis
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.adminLogin
Username for the admin account.
Type: string
Default:
"root"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.adminPasswordFile
The full path to a file that contains the admin’s password. Must be readable by the user.
Type: absolute path
Example:
"/run/secrets/davis-admin-pass"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.appSecretFile
A file containing the Symfony APP_SECRET - Its value should be a series of characters, numbers and symbols chosen randomly and the recommended length is around 32 characters. Can be generated with <code>cat /dev/urandom | tr -dc a-zA-Z0-9 | fold -w 48 | head -n 1</code>.
Type: absolute path
Example:
"/run/secrets/davis-appsecret"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.config
Type: attribute set of (null or boolean or signed integer or 16 bit unsigned integer; between 0 and 65535 (both inclusive) or absolute path or string or (submodule))
Default:
{ }
Example:
""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.dataDir
Davis data directory.
Type: absolute path
Default:
"/var/lib/davis"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.database.createLocally
Create the database and database user locally.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.database.driver
Database type, required in all circumstances.
Type: one of “sqlite”, “postgresql”, “mysql”
Default:
"sqlite"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.database.name
Database name, only used when the databse is created locally.
Type: null or string
Default:
"davis"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.database.urlFile
A file containing the database connection url. If set then it
overrides all other database settings (except driver). This is
mandatory if you want to use an external database, that is when
services.davis.database.createLocally
is false
.
Type: null or absolute path
Default:
null
Example:
"/run/secrets/davis-db-url"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.group
Group davis runs as.
Type: string
Default:
"davis"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.hostname
Domain of the host to serve davis under. You may want to change it if you run Davis on a different URL than davis.yourdomain.
Type: string
Example:
"davis.yourdomain.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.mail.dsn
Mail DSN for sending emails. Mutually exclusive with services.davis.mail.dsnFile
.
Type: null or string
Default:
null
Example:
"smtp://username:password@example.com:25"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.mail.dsnFile
A file containing the mail DSN for sending emails. Mutually exclusive with servies.davis.mail.dsn
.
Type: null or string
Default:
null
Example:
"/run/secrets/davis-mail-dsn"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.mail.inviteFromAddress
Email address to send invitations from.
Type: null or string
Default:
null
Example:
"no-reply@dav.example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx
With this option, you can customize the nginx virtualHost settings.
Type: submodule
Default:
null
Example:
''
{
serverAliases = [
"dav.''${config.networking.domain}"
];
# To enable encryption and let let's encrypt take care of certificate
forceSSL = true;
enableACME = true;
}
''
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.enableACME
Whether to ask Let’s Encrypt to sign a certificate for this vhost.
Alternately, you can use an existing certificate through useACMEHost
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.acmeFallbackHost
Host which to proxy requests to if ACME challenge is not found. Useful if you want multiple hosts to be able to verify the same domain name.
With this option, you could request certificates for the present domain with an ACME client that is running on another host, which you would specify here.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.acmeRoot
Directory for the ACME challenge, which is public. Don’t put certs or keys in here. Set to null to inherit from config.security.acme.
Type: null or string
Default:
"/var/lib/acme/acme-challenge"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.addSSL
Whether to enable HTTPS in addition to plain HTTP. This will set defaults for
listen
to listen on all interfaces on the respective default
ports (80, 443).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.basicAuth
Basic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the Nix store.
Type: attribute set of string
Default:
{ }
Example:
{
user = "password";
};
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.basicAuthFile
Basic Auth password file for a vhost. Can be created by running nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.default
Makes this vhost the default.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.extraConfig
These lines go to the end of the vhost verbatim.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.forceSSL
Whether to add a separate nginx server block that redirects (defaults
to 301, configurable with redirectCode
) all plain HTTP traffic to
HTTPS. This will set defaults for listen
to listen on all interfaces
on the respective default ports (80, 443), where the non-SSL listens
are used for the redirect vhosts.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.globalRedirect
If set, all requests for this host are redirected (defaults to 301,
configurable with redirectCode
) to the given hostname.
Type: null or string
Default:
null
Example:
"newserver.example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.http2
Whether to enable the HTTP/2 protocol. Note that (as of writing) due to nginx’s implementation, to disable HTTP/2 you have to disable it on all vhosts that use a given IP address / port. If there is one server block configured to enable http2, then it is enabled for all server blocks on this IP. See https://stackoverflow.com/a/39466948/263061.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.http3
Whether to enable the HTTP/3 protocol.
This requires using pkgs.nginxQuic
package
which can be achieved by setting services.nginx.package = pkgs.nginxQuic;
and activate the QUIC transport protocol
services.nginx.virtualHosts.<name>.quic = true;
.
Note that HTTP/3 support is experimental and not yet recommended for production.
Read more at https://quic.nginx.org/
HTTP/3 availability must be manually advertised, preferably in each location block.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.http3_hq
Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests.
This requires using pkgs.nginxQuic
package
which can be achieved by setting services.nginx.package = pkgs.nginxQuic;
and activate the QUIC transport protocol
services.nginx.virtualHosts.<name>.quic = true;
.
Note that special application protocol support is experimental and not yet recommended for production.
Read more at https://quic.nginx.org/
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.kTLS
Whether to enable kTLS support. Implementing TLS in the kernel (kTLS) improves performance by significantly reducing the need for copying operations between user space and the kernel. Required Nginx version 1.21.4 or later.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.listen
Listen addresses and ports for this virtual host.
IPv6 addresses must be enclosed in square brackets.
Note: this option overrides addSSL
and onlySSL
.
If you only want to set the addresses manually and not
the ports, take a look at listenAddresses
.
Type: list of (submodule)
Default:
[ ]
Example:
[
{
addr = "195.154.1.1";
port = 443;
ssl = true;
}
{
addr = "192.154.1.1";
port = 80;
}
{
addr = "unix:/var/run/nginx.sock";
}
]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.listen.*.addr
Listen address.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.listen.*.extraParameters
Extra parameters of this listen directive.
Type: list of string
Default:
[ ]
Example:
[
"backlog=1024"
"deferred"
]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.listen.*.port
Port number to listen on. If unset and the listen address is not a socket then nginx defaults to 80.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.listen.*.proxyProtocol
Enable PROXY protocol.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.listen.*.ssl
Enable SSL.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.listenAddresses
Listen addresses for this virtual host.
Compared to listen
this only sets the addresses
and the ports are chosen automatically.
Note: This option overrides enableIPv6
Type: list of string
Default:
[ ]
Example:
[
"127.0.0.1"
"[::1]"
]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.locations
Declarative location config
Type: attribute set of (submodule)
Default:
{ }
Example:
{
"/" = {
proxyPass = "http://localhost:3000";
};
};
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.locations.<name>.alias
Alias directory for requests.
Type: null or absolute path
Default:
null
Example:
"/your/alias/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.locations.<name>.basicAuth
Basic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the Nix store.
Type: attribute set of string
Default:
{ }
Example:
{
user = "password";
};
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.locations.<name>.basicAuthFile
Basic Auth password file for a vhost. Can be created by running nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.locations.<name>.extraConfig
These lines go to the end of the location verbatim.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.locations.<name>.fastcgiParams
FastCGI parameters to override. Unlike in the Nginx configuration file, overriding only some default parameters won’t unset the default values for other parameters.
Type: attribute set of (string or absolute path)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.locations.<name>.index
Adds index directive.
Type: null or string
Default:
null
Example:
"index.php index.html"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.locations.<name>.priority
Order of this location block in relation to the others in the vhost.
The semantics are the same as with lib.mkOrder
. Smaller values have
a greater priority.
Type: signed integer
Default:
1000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.locations.<name>.proxyPass
Adds proxy_pass directive and sets recommended proxy headers if recommendedProxySettings is enabled.
Type: null or string
Default:
null
Example:
"http://www.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.locations.<name>.proxyWebsockets
Whether to support proxying websocket connections with HTTP/1.1.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.locations.<name>.recommendedProxySettings
Enable recommended proxy settings.
Type: boolean
Default:
config.services.nginx.recommendedProxySettings
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.locations.<name>.recommendedUwsgiSettings
Enable recommended uwsgi settings.
Type: boolean
Default:
config.services.nginx.recommendedUwsgiSettings
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.locations.<name>.return
Adds a return directive, for e.g. redirections.
Type: null or string or signed integer
Default:
null
Example:
"301 http://example.com$request_uri"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.locations.<name>.root
Root directory for requests.
Type: null or absolute path
Default:
null
Example:
"/your/root/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.locations.<name>.tryFiles
Adds try_files directive.
Type: null or string
Default:
null
Example:
"$uri =404"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.locations.<name>.uwsgiPass
Adds uwsgi_pass directive and sets recommended proxy headers if recommendedUwsgiSettings is enabled.
Type: null or string
Default:
null
Example:
"unix:/run/example/example.sock"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.onlySSL
Whether to enable HTTPS and reject plain HTTP connections. This will set
defaults for listen
to listen on all interfaces on port 443.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.quic
Whether to enable the QUIC transport protocol.
This requires using pkgs.nginxQuic
package
which can be achieved by setting services.nginx.package = pkgs.nginxQuic;
.
Note that QUIC support is experimental and
not yet recommended for production.
Read more at https://quic.nginx.org/
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.redirectCode
HTTP status used by globalRedirect
and forceSSL
. Possible usecases
include temporary (302, 307) redirects, keeping the request method and
body (307, 308), or explicitly resetting the method to GET (303).
See https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections.
Type: integer between 300 and 399 (both inclusive)
Default:
301
Example:
308
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.rejectSSL
Whether to listen for and reject all HTTPS connections to this vhost. Useful in
default
server blocks to avoid serving the certificate for another vhost. Uses the
ssl_reject_handshake
directive available in nginx versions
1.19.4 and above.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.reuseport
Create an individual listening socket . It is required to specify only once on one of the hosts.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.root
The path of the web root directory.
Type: null or absolute path
Default:
null
Example:
"/data/webserver/docs"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.serverAliases
Additional names of virtual hosts served by this virtual host configuration.
Type: list of string
Default:
[ ]
Example:
[
"www.example.org"
"example.org"
]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.serverName
Name of this virtual host. Defaults to attribute name in virtualHosts.
Type: null or string
Default:
null
Example:
"example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.sslCertificate
Path to server SSL certificate.
Type: absolute path
Example:
"/var/host.cert"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.sslCertificateKey
Path to server SSL certificate key.
Type: absolute path
Example:
"/var/host.key"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.sslTrustedCertificate
Path to root SSL certificate for stapling and client certificates.
Type: null or absolute path
Default:
null
Example:
"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.nginx.useACMEHost
A host of an existing Let’s Encrypt certificate to use.
This is useful if you have many subdomains and want to avoid hitting the
rate limit.
Alternately, you can generate a certificate through enableACME
.
Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using security.acme.certs
.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.poolConfig
Options for the davis PHP pool. See the documentation on <literal>php-fpm.conf</literal> for details on configuration directives.
Type: attribute set of (string or signed integer or boolean)
Default:
{
pm = "dynamic";
"pm.max_children" = 32;
"pm.max_requests" = 500;
"pm.max_spare_servers" = 4;
"pm.min_spare_servers" = 2;
"pm.start_servers" = 2;
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davis.user
User davis runs as.
Type: string
Default:
"davis"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/davis.nix>
|
services.davmail.enable
Whether to enable davmail, an MS Exchange gateway.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/mail/davmail.nix>
|
services.davmail.config
Davmail configuration. Refer to http://davmail.sourceforge.net/serversetup.html and http://davmail.sourceforge.net/advanced.html for details on supported values.
Type: davmail config type (str, int, bool or attribute set thereof)
Default:
{ }
Example:
{
davmail.allowRemote = true;
davmail.imapPort = 55555;
davmail.bindAddress = "10.0.1.2";
davmail.smtpSaveInSent = true;
davmail.folderSizeLimit = 10;
davmail.caldavAutoSchedule = false;
log4j.logger.rootLogger = "DEBUG";
}
Declared by:
<nixpkgs/nixos/modules/services/mail/davmail.nix>
|
services.davmail.url
Outlook Web Access URL to access the exchange server, i.e. the base webmail URL.
Type: string
Example:
"https://outlook.office365.com/EWS/Exchange.asmx"
Declared by:
<nixpkgs/nixos/modules/services/mail/davmail.nix>
|
services.db-rest.enable
Whether to enable db-rest service.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/db-rest.nix>
|
services.db-rest.package
The db-rest package to use.
Type: package
Default:
pkgs.db-rest
Declared by:
<nixpkgs/nixos/modules/services/misc/db-rest.nix>
|
services.db-rest.group
Group under which db-rest runs.
Type: string
Default:
"db-rest"
Declared by:
<nixpkgs/nixos/modules/services/misc/db-rest.nix>
|
services.db-rest.host
The host address the db-rest server should listen on.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/misc/db-rest.nix>
|
services.db-rest.port
The port the db-rest server should listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
3000
Declared by:
<nixpkgs/nixos/modules/services/misc/db-rest.nix>
|
services.db-rest.redis.enable
Enable caching with redis for db-rest.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/db-rest.nix>
|
services.db-rest.redis.createLocally
Configure a local redis server for db-rest.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/db-rest.nix>
|
services.db-rest.redis.host
Redis host.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/db-rest.nix>
|
services.db-rest.redis.passwordFile
Path to a file containing the redis password.
Type: null or absolute path
Default:
null
Example:
"/run/keys/db-rest/pasword-redis-db"
Declared by:
<nixpkgs/nixos/modules/services/misc/db-rest.nix>
|
services.db-rest.redis.port
Redis port.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/db-rest.nix>
|
services.db-rest.redis.useSSL
Use SSL if using a redis network connection.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/db-rest.nix>
|
services.db-rest.redis.user
Optional username used for authentication with redis.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/db-rest.nix>
|
services.db-rest.user
User account under which db-rest runs.
Type: string
Default:
"db-rest"
Declared by:
<nixpkgs/nixos/modules/services/misc/db-rest.nix>
|
services.dbus.packages
Packages whose D-Bus configuration files should be included in
the configuration of the D-Bus system-wide or session-wide
message bus. Specifically, files in the following directories
will be included into their respective DBus configuration paths:
«pkg»/etc/dbus-1/system.d
«pkg»/share/dbus-1/system.d
«pkg»/share/dbus-1/system-services
«pkg»/etc/dbus-1/session.d
«pkg»/share/dbus-1/session.d
«pkg»/share/dbus-1/services
Type: list of absolute path
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/system/dbus.nix>
|
services.dbus.apparmor
AppArmor mode for dbus.
enabled
enables mediation when it’s
supported in the kernel, disabled
always disables AppArmor even with kernel support, and
required
fails when AppArmor was not found
in the kernel.
Type: one of “enabled”, “disabled”, “required”
Default:
"disabled"
Declared by:
<nixpkgs/nixos/modules/services/system/dbus.nix>
|
services.dbus.brokerPackage
The dbus-broker package to use.
Type: package
Default:
pkgs.dbus-broker
Declared by:
<nixpkgs/nixos/modules/services/system/dbus.nix>
|
services.dbus.dbusPackage
The dbus package to use.
Type: package
Default:
pkgs.dbus
Declared by:
<nixpkgs/nixos/modules/services/system/dbus.nix>
|
services.dbus.implementation
The implementation to use for the message bus defined by the D-Bus specification. Can be either the classic dbus daemon or dbus-broker, which aims to provide high performance and reliability, while keeping compatibility to the D-Bus reference implementation.
Type: one of “dbus”, “broker”
Default:
"dbus"
Declared by:
<nixpkgs/nixos/modules/services/system/dbus.nix>
|
services.ddccontrol.enable
Whether to enable ddccontrol for controlling displays.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/hardware/ddccontrol.nix>
|
services.ddclient.enable
Whether to synchronise your machine’s IP address with a dynamic DNS provider (e.g. dyndns.org).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.package
The ddclient executable package run by the service.
Type: package
Default:
pkgs.ddclient
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.configFile
Path to configuration file. When set this overrides the generated configuration from module options.
Type: null or absolute path
Default:
null
Example:
"/root/nixos/secrets/ddclient.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.domains
Domain name(s) to synchronize.
Type: list of string
Default:
[
""
]
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.extraConfig
Extra configuration. Contents will be added verbatim to the configuration file.
daemon
should not be added here because it does not work great with the systemd-timer approach the service uses.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.interval
The interval at which to run the check and update. See man 7 systemd.time for the format.
Type: string
Default:
"10min"
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.passwordFile
A file containing the password or a TSIG key in named format when using the nsupdate protocol.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.protocol
Protocol to use with dynamic DNS provider (see https://ddclient.net/protocols.html ).
Type: string
Default:
"dyndns2"
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.quiet
Print no messages for unnecessary updates.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.script
script as required by some providers.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.server
Server address.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.ssl
Whether to use SSL/TLS to connect to dynamic DNS provider.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.use
Method to determine the IP address to send to the dynamic DNS provider.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.username
User name.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.usev4
Method to determine the IPv4 address to send to the dynamic DNS provider. Only used if use
is not set.
Type: string
Default:
"webv4, webv4=ipify-ipv4"
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.usev6
Method to determine the IPv6 address to send to the dynamic DNS provider. Only used if use
is not set.
Type: string
Default:
"webv6, webv6=ipify-ipv6"
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.verbose
Print verbose information.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.zone
zone as required by some providers.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddns-updater.enable
Whether to enable Container to update DNS records periodically with WebUI for many DNS providers.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/ddns-updater.nix>
|
services.ddns-updater.package
The ddns-updater package to use.
Type: package
Default:
pkgs.ddns-updater
Declared by:
<nixpkgs/nixos/modules/services/networking/ddns-updater.nix>
|
services.ddns-updater.environment
Environment variables to be set for the ddns-updater service. DATADIR is ignored to enable using systemd DynamicUser. For full list see https://github.com/qdm12/ddns-updater
Type: attribute set of string
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/networking/ddns-updater.nix>
|
services.deconz.enable
Whether to enable deCONZ, a Zigbee gateway for use with ConBee/RaspBee hardware (https://phoscon.de/).
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/deconz.nix>
|
services.deconz.package
Which deCONZ package to use.
Type: package
Default:
pkgs.deconz
Declared by:
<nixpkgs/nixos/modules/services/networking/deconz.nix>
|
services.deconz.allowRebootSystem
Whether to enable rebooting the system.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/deconz.nix>
|
services.deconz.allowRestartService
Whether to enable killing/restarting processes.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/deconz.nix>
|
services.deconz.allowSetSystemTime
Whether to enable setting the system time.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/deconz.nix>
|
services.deconz.device
Force deCONZ to use a specific USB device (e.g. /dev/ttyACM0). By default it does a search.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/deconz.nix>
|
services.deconz.extraArgs
Extra command line arguments for deCONZ, see https://github.com/dresden-elektronik/deconz-rest-plugin/wiki/deCONZ-command-line-parameters.
Type: list of string
Default:
[ ]
Example:
[
"--dbg-info=1"
"--dbg-err=2"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/deconz.nix>
|
services.deconz.httpPort
TCP port for the web server.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
80
Declared by:
<nixpkgs/nixos/modules/services/networking/deconz.nix>
|
services.deconz.listenAddress
Pin deCONZ to the network interface specified through the provided IP address. This applies for the webserver as well as the websocket notifications.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/deconz.nix>
|
services.deconz.openFirewall
Whether to enable opening up the service ports in the firewall.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/deconz.nix>
|
services.deconz.wsPort
TCP port for the WebSocket.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
443
Declared by:
<nixpkgs/nixos/modules/services/networking/deconz.nix>
|
services.deepin.app-services.enable
Whether to enable service collection of DDE applications, including dconfig-center.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/desktops/deepin/app-services.nix>
|
services.deepin.dde-api.enable
Whether to enable the DDE API, which provides some dbus interfaces that is used for screen zone detecting, thumbnail generating, and sound playing in Deepin Desktop Environment .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/desktops/deepin/dde-api.nix>
|
services.deepin.dde-daemon.enable
Whether to enable daemon for handling the deepin session settings.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/desktops/deepin/dde-daemon.nix>
|
services.deepin.deepin-anything.enable
Whether to enable deepin anything file search tool.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/desktops/deepin/deepin-anything.nix>
|
services.deliantra-server.enable
If enabled, the Deliantra game server will be started at boot.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/games/deliantra-server.nix>
|
services.deliantra-server.package
The deliantra-server package to use. ::: {.note}
This will also be used for map/arch data, if you don’t change dataDir
:::
Type: package
Default:
pkgs.deliantra-server
Declared by:
<nixpkgs/nixos/modules/services/games/deliantra-server.nix>
|
services.deliantra-server.configFiles
Contents of the server configuration files. These will be appended to the example configurations the server comes with and overwrite any default settings defined therein.
The example here is not comprehensive. See the files in /etc/deliantra-server after enabling this module for full documentation.
Type: attribute set of string
Default:
{
motd = "";
}
Example:
{
dm_file = ''
admin:secret_password:localhost
alice:xyzzy:*
'';
motd = "Welcome to Deliantra!";
settings = ''
# Settings for game mechanics.
stat_loss_on_death true
armor_max_enchant 7
'';
config = ''
# Settings for the server daemon.
hiscore_url https://deliantra.example.net/scores/
max_map_reset 86400
'';
}
Declared by:
<nixpkgs/nixos/modules/services/games/deliantra-server.nix>
|
services.deliantra-server.dataDir
Where to store readonly data (maps, archetypes, sprites, etc). Note that if you plan to use the live map editor (rather than editing the maps offline and then nixos-rebuilding), THIS MUST BE WRITEABLE – copy the deliantra-data someplace writeable (say, /var/lib/deliantra/data) and update this option accordingly.
Type: string
Default:
"${pkgs.deliantra-data}"
Declared by:
<nixpkgs/nixos/modules/services/games/deliantra-server.nix>
|
services.deliantra-server.openFirewall
Whether to open ports in the firewall for the server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/games/deliantra-server.nix>
|
services.deliantra-server.stateDir
Where to store runtime data (save files, persistent items, etc).
If left at the default, this will be automatically created on server
startup if it does not already exist. If changed, it is the admin’s
responsibility to make sure that the directory exists and is writeable
by the crossfire
user.
Type: string
Default:
"/var/lib/deliantra"
Declared by:
<nixpkgs/nixos/modules/services/games/deliantra-server.nix>
|
services.deluge.enable
Whether to enable Deluge daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/torrent/deluge.nix>
|
services.deluge.package
The deluge-2_x package to use.
Type: package
Default:
pkgs.deluge-2_x
Declared by:
<nixpkgs/nixos/modules/services/torrent/deluge.nix>
|
services.deluge.authFile
The file managing the authentication for deluge, the format of this
file is straightforward, each line contains a
username:password:level tuple in plaintext. It only has an effect
when services.deluge.declarative
is set to
true
.
See https://dev.deluge-torrent.org/wiki/UserGuide/Authentication for
more information.
Type: absolute path
Example:
"/run/keys/deluge-auth"
Declared by:
<nixpkgs/nixos/modules/services/torrent/deluge.nix>
|
services.deluge.config
Deluge core configuration for the core.conf file. Only has an effect
when services.deluge.declarative
is set to
true
. String values must be quoted, integer and
boolean values must not. See
https://git.deluge-torrent.org/deluge/tree/deluge/core/preferencesmanager.py#n41
for the available options.
Type: attribute set
Default:
{ }
Example:
{
download_location = "/srv/torrents/";
max_upload_speed = "1000.0";
share_ratio_limit = "2.0";
allow_remote = true;
daemon_port = 58846;
listen_ports = [ 6881 6889 ];
}
Declared by:
<nixpkgs/nixos/modules/services/torrent/deluge.nix>
|
services.deluge.dataDir
The directory where deluge will create files.
Type: absolute path
Default:
"/var/lib/deluge"
Declared by:
<nixpkgs/nixos/modules/services/torrent/deluge.nix>
|
services.deluge.declarative
Whether to use a declarative deluge configuration.
Only if set to true
, the options
services.deluge.config
,
services.deluge.openFirewall
and
services.deluge.authFile
will be
applied.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/torrent/deluge.nix>
|
services.deluge.extraPackages
Extra packages available at runtime to enable Deluge’s plugins. For example, extraction utilities are required for the built-in “Extractor” plugin. This always contains unzip, gnutar, xz and bzip2.
Type: list of package
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/torrent/deluge.nix>
|
services.deluge.group
Group under which deluge runs.
Type: string
Default:
"deluge"
Declared by:
<nixpkgs/nixos/modules/services/torrent/deluge.nix>
|
services.deluge.openFilesLimit
Number of files to allow deluged to open.
Type: signed integer or string
Default:
4096
Declared by:
<nixpkgs/nixos/modules/services/torrent/deluge.nix>
|
services.deluge.openFirewall
Whether to open the firewall for the ports in
services.deluge.config.listen_ports
. It only takes effet if
services.deluge.declarative
is set to
true
.
It does NOT apply to the daemon port nor the web UI port. To access those ports securely check the documentation https://dev.deluge-torrent.org/wiki/UserGuide/ThinClient#CreateSSHTunnel or use a VPN or configure certificates for deluge.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/torrent/deluge.nix>
|
services.deluge.user
User account under which deluge runs.
Type: string
Default:
"deluge"
Declared by:
<nixpkgs/nixos/modules/services/torrent/deluge.nix>
|
services.deluge.web.enable
Whether to enable Deluge Web daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/torrent/deluge.nix>
|
services.deluge.web.openFirewall
Open ports in the firewall for deluge web daemon
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/torrent/deluge.nix>
|
services.deluge.web.port
Deluge web UI port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
8112
Declared by:
<nixpkgs/nixos/modules/services/torrent/deluge.nix>
|
services.dendrite.enable
Whether to enable matrix.org dendrite.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.environmentFile
Environment file as defined in systemd.exec(5). Secrets may be passed to the service without adding them to the world-readable Nix store, by specifying placeholder variables as the option value in Nix and setting these variables accordingly in the environment file. Currently only used for the registration secret to allow secure registration when client_api.registration_disabled is true.
# snippet of dendrite-related config
services.dendrite.settings.client_api.registration_shared_secret = "$REGISTRATION_SHARED_SECRET";
# content of the environment file
REGISTRATION_SHARED_SECRET=verysecretpassword
Note that this file needs to be available on the host on which
dendrite
is running.
Type: null or absolute path
Default:
null
Example:
"/var/lib/dendrite/registration_secret"
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.httpPort
The port to listen for HTTP requests on.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
8008
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.httpsPort
The port to listen for HTTPS requests on.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.loadCredential
This can be used to pass secrets to the systemd service without adding them to
the nix store.
To use the example setting, see the example of
services.dendrite.settings.global.private_key
.
See the LoadCredential section of systemd.exec manual for more information.
Type: list of string
Default:
[ ]
Example:
[
"private_key:/path/to/my_private_key"
]
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.openRegistration
Allow open registration without secondary verification (reCAPTCHA).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.settings
Configuration for dendrite, see: https://github.com/matrix-org/dendrite/blob/main/dendrite-sample.yaml for available options with which to populate settings.
Type: YAML value
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.settings.app_service_api.database.connection_string
Database for the Appservice API.
Type: string
Default:
"file:federationapi.db"
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.settings.client_api.registration_disabled
Whether to disable user registration to the server without the shared secret.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.settings.federation_api.database.connection_string
Database for the Federation API.
Type: string
Default:
"file:federationapi.db"
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.settings.global.private_key
The path to the signing private key file, used to sign requests and events.
nix-shell -p dendrite --command "generate-keys --private-key matrix_key.pem"
Type: absolute path or string matching the pattern ^\$CREDENTIALS_DIRECTORY/.+
Example:
"$CREDENTIALS_DIRECTORY/private_key"
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.settings.global.server_name
The domain name of the server, with optional explicit port. This is used by remote servers to connect to this server. This is also the last part of your UserID.
Type: string
Example:
"example.com"
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.settings.global.trusted_third_party_id_servers
Lists of domains that the server will trust as identity servers to verify third party identifiers such as phone numbers and email addresses
Type: list of string
Default:
[
"matrix.org"
"vector.im"
]
Example:
[
"matrix.org"
]
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.settings.key_server.database.connection_string
Database for the Key Server (for end-to-end encryption).
Type: string
Default:
"file:keyserver.db"
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.settings.media_api.base_path
Storage path for uploaded media.
Type: string
Default:
"/var/lib/dendrite/media_store"
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.settings.media_api.database.connection_string
Database for the Media API.
Type: string
Default:
"file:mediaapi.db"
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.settings.mscs.database.connection_string
Database for exerimental MSC’s.
Type: string
Default:
"file:mscs.db"
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.settings.relay_api.database.connection_string
Database for the Relay Server.
Type: string
Default:
"file:relayapi.db"
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.settings.room_server.database.connection_string
Database for the Room Server.
Type: string
Default:
"file:roomserver.db"
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.settings.sync_api.database.connection_string
Database for the Sync API.
Type: string
Default:
"file:syncserver.db"
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.settings.sync_api.search.enabled
Whether to enable Dendrite’s full-text search engine.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.settings.sync_api.search.index_path
The path the search index will be created in.
Type: string
Default:
"/var/lib/dendrite/searchindex"
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.settings.sync_api.search.language
The language most likely to be used on the server - used when indexing, to ensure the returned results match expectations. A full list of possible languages can be found at https://github.com/blevesearch/bleve/tree/master/analysis/lang
Type: string
Default:
"en"
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.settings.user_api.account_database.connection_string
Database for the User API, accounts.
Type: string
Default:
"file:userapi_accounts.db"
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.settings.user_api.device_database.connection_string
Database for the User API, devices.
Type: string
Default:
"file:userapi_devices.db"
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.tlsCert
The path to the TLS certificate.
nix-shell -p dendrite --command "generate-keys --tls-cert server.crt --tls-key server.key"
Type: null or absolute path
Default:
null
Example:
"/var/lib/dendrite/server.cert"
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.tlsKey
The path to the TLS key.
nix-shell -p dendrite --command "generate-keys --tls-cert server.crt --tls-key server.key"
Type: null or absolute path
Default:
null
Example:
"/var/lib/dendrite/server.key"
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dependency-track.enable
Whether to enable dependency-track.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dependency-track.nix>
|
services.dependency-track.package
The dependency-track package to use.
Type: package
Default:
pkgs.dependency-track
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dependency-track.nix>
|
services.dependency-track.database.createLocally
Whether a database should be automatically created on the local host. Set this to false if you plan on provisioning a local database yourself.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dependency-track.nix>
|
services.dependency-track.database.databaseName
Database name to use when connecting to an external or manually provisioned database; has no effect when a local database is automatically provisioned.
To use this with a local database, set services.dependency-track.database.createLocally
to false
and create the database and user.
Type: string
Default:
"dependency-track"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dependency-track.nix>
|
services.dependency-track.database.passwordFile
The path to a file containing the database password.
Type: absolute path
Example:
"/run/keys/db_password"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dependency-track.nix>
|
services.dependency-track.database.type
h2
database is not recommended for a production setup.
postgresql
this settings it recommended for production setups.
manual
the module doesn’t handle database settings.
Type: one of “h2”, “postgresql”, “manual”
Default:
"postgresql"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dependency-track.nix>
|
services.dependency-track.database.username
Username to use when connecting to an external or manually provisioned database; has no effect when a local database is automatically provisioned.
To use this with a local database, set services.dependency-track.database.createLocally
to false
and create the database and user.
Type: string
Default:
"dependency-track"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dependency-track.nix>
|
services.dependency-track.frontend.baseUrl
The base URL of the API server.
NOTE:
This URL must be reachable by the browsers of your users.
The frontend container itself does NOT communicate with the API server directly, it just serves static files.
When deploying to dedicated servers, please use the external IP or domain of the API server.
Type: string
Default:
lib.optionalString config.services.dependency-track.nginx.enable "${
if sslEnabled then "https" else "http"
}://${config.services.dependency-track.nginx.domain}";
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dependency-track.nix>
|
services.dependency-track.javaArgs
Java options passed to JVM
Type: list of string
Default:
[
"-Xmx4G"
]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dependency-track.nix>
|
services.dependency-track.ldap.bindPasswordFile
The path to a file containing the LDAP bind password.
Type: absolute path
Example:
"/run/keys/ldap_bind_password"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dependency-track.nix>
|
services.dependency-track.logLevel
Log level for dependency-track
Type: one of “INFO”, “WARN”, “ERROR”, “DEBUG”, “TRACE”
Default:
"INFO"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dependency-track.nix>
|
services.dependency-track.nginx.enable
Whether to set up an nginx virtual host.
Type: boolean
Default:
true
Example:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dependency-track.nix>
|
services.dependency-track.nginx.domain
The domain name under which to set up the virtual host.
Type: string
Example:
"dtrack.example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dependency-track.nix>
|
services.dependency-track.oidc.enable
Whether to enable oidc support.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dependency-track.nix>
|
services.dependency-track.oidc.clientId
Defines the client ID for OpenID Connect.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dependency-track.nix>
|
services.dependency-track.oidc.flow
Specifies the OpenID Connect flow to use. Values other than “implicit” will result in the Code+PKCE flow to be used. Usage of the implicit flow is strongly discouraged, but may be necessary when the IdP of choice does not support the Code+PKCE flow. See also:
Type: one of “code”, “implicit”
Default:
"code"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dependency-track.nix>
|
services.dependency-track.oidc.issuer
Defines the issuer URL to be used for OpenID Connect. See alpine.oidc.issuer property of the API server.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dependency-track.nix>
|
services.dependency-track.oidc.loginButtonText
Defines the scopes to request for OpenID Connect. See also: https://openid.net/specs/openid-connect-basic-1_0.html#Scopes
Type: string
Default:
"Login with OpenID Connect"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dependency-track.nix>
|
services.dependency-track.oidc.scope
Defines the scopes to request for OpenID Connect. See also: https://openid.net/specs/openid-connect-basic-1_0.html#Scopes
Type: string
Default:
"openid profile email"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dependency-track.nix>
|
services.dependency-track.oidc.teamSynchronization
This option will ensure that team memberships for OpenID Connect users are dynamic and synchronized with membership of OpenID Connect groups or assigned roles. When a team is mapped to an OpenID Connect group, all local OpenID Connect users will automatically be assigned to the team if they are a member of the group the team is mapped to. If the user is later removed from the OpenID Connect group, they will also be removed from the team. This option provides the ability to dynamically control user permissions via the identity provider. Note that team synchronization is only performed during user provisioning and after successful authentication.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dependency-track.nix>
|
services.dependency-track.oidc.teams.claim
Defines the name of the claim that contains group memberships or role assignments in the provider’s userinfo endpoint. The claim must be an array of strings. Most public identity providers do not support group or role management. When using a customizable / on-demand hosted identity provider, name, content, and inclusion in the userinfo endpoint will most likely need to be configured.
Type: string
Default:
"groups"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dependency-track.nix>
|
services.dependency-track.oidc.teams.default
Defines one or more team names that auto-provisioned OIDC users shall be added to. Multiple team names may be provided as comma-separated list.
Has no effect when services.dependency-track.oidc.userProvisioning
=false,
or services.dependency-track.oidc.teamSynchronization
=true.
Type: null or strings concatenated with “,”
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dependency-track.nix>
|
services.dependency-track.oidc.userProvisioning
Specifies if mapped OpenID Connect accounts are automatically created upon successful authentication. When a user logs in with a valid access token but an account has not been previously provisioned, an authentication failure will be returned. This allows admins to control specifically which OpenID Connect users can access the system and which users cannot. When this value is set to true, a local OpenID Connect user will be created and mapped to the OpenID Connect account automatically. This automatic provisioning only affects authentication, not authorization.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dependency-track.nix>
|
services.dependency-track.oidc.usernameClaim
Defines the name of the claim that contains the username in the provider’s userinfo endpoint. Common claims are “name”, “username”, “preferred_username” or “nickname”. See also: https://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse
Type: string
Default:
"name"
Example:
"preferred_username"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dependency-track.nix>
|
services.dependency-track.port
On which port dependency-track should listen for new HTTP connections.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
8080
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dependency-track.nix>
|
services.dependency-track.settings
See https://docs.dependencytrack.org/getting-started/configuration/#default-configuration for possible options
Type: attribute set of (string, package, bool, int or float)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dependency-track.nix>
|
services.dependency-track.settings."alpine.data.directory"
Defines the path to the data directory. This directory will hold logs, keys, and any database or index files along with application-specific files or directories.
Type: absolute path
Default:
"/var/lib/dependency-track"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dependency-track.nix>
|
services.dependency-track.settings."alpine.database.driver"
Specifies the JDBC driver class to use.
Type: one of “org.h2.Driver”, “org.postgresql.Driver”, “com.microsoft.sqlserver.jdbc.SQLServerDriver”, “com.mysql.cj.jdbc.Driver”
Default:
if config.services.dependency-track.database.type == "h2" then "org.h2.Driver"
else if config.services.dependency-track.database.type == "postgresql" then "org.postgresql.Driver"
else null;
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dependency-track.nix>
|
services.dependency-track.settings."alpine.database.mode"
Defines the database mode of operation. Valid choices are: ‘server’, ‘embedded’, and ‘external’. In server mode, the database will listen for connections from remote hosts. In embedded mode, the system will be more secure and slightly faster. External mode should be used when utilizing an external database server (i.e. mysql, postgresql, etc).
Type: one of “server”, “embedded”, “external”
Default:
if config.services.dependency-track.database.type == "h2" then "embedded"
else if config.services.dependency-track.database.type == "postgresql" then "external"
else null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dependency-track.nix>
|
services.dependency-track.settings."alpine.database.url"
Specifies the JDBC URL to use when connecting to the database.
Type: string
Default:
if config.services.dependency-track.database.type == "h2" then "jdbc:h2:/var/lib/dependency-track/db"
else if config.services.dependency-track.database.type == "postgresql" then "jdbc:postgresql:${config.services.dependency-track.database.name}?socketFactory=org.newsclub.net.unix.AFUNIXSocketFactory$FactoryArg&socketFactoryArg=/run/postgresql/.s.PGSQL.5432"
else null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dependency-track.nix>
|
services.dependency-track.settings."alpine.database.username"
Specifies the username to use when authenticating to the database.
Type: string
Default:
if config.services.dependency-track.database.createLocally then "dependency-track"
else config.services.dependency-track.database.username
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dependency-track.nix>
|
services.dependency-track.settings."alpine.ldap.enabled"
Defines if LDAP will be used for user authentication. If enabled, alpine.ldap.* properties should be set accordingly.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dependency-track.nix>
|
services.dependency-track.settings."alpine.oidc.client.id"
Defines the client ID to be used for OpenID Connect. The client ID should be the same as the one configured for the frontend, and will only be used to validate ID tokens.
Type: string
Default:
config.services.dependency-track.oidc.clientId
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dependency-track.nix>
|
services.dependency-track.settings."alpine.oidc.enabled"
Defines if OpenID Connect will be used for user authentication. If enabled, alpine.oidc.* properties should be set accordingly.
Type: boolean
Default:
config.services.dependency-track.oidc.enable
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dependency-track.nix>
|
services.dependency-track.settings."alpine.oidc.issuer"
Defines the issuer URL to be used for OpenID Connect. This issuer MUST support provider configuration via the /.well-known/openid-configuration endpoint. See also:
Type: string
Default:
config.services.dependency-track.oidc.issuer
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dependency-track.nix>
|
services.dependency-track.settings."alpine.oidc.team.synchronization"
This option will ensure that team memberships for OpenID Connect users are dynamic and synchronized with membership of OpenID Connect groups or assigned roles. When a team is mapped to an OpenID Connect group, all local OpenID Connect users will automatically be assigned to the team if they are a member of the group the team is mapped to. If the user is later removed from the OpenID Connect group, they will also be removed from the team. This option provides the ability to dynamically control user permissions via the identity provider. Note that team synchronization is only performed during user provisioning and after successful authentication.
Type: boolean
Default:
config.services.dependency-track.oidc.teamSynchronization
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dependency-track.nix>
|
services.dependency-track.settings."alpine.oidc.teams.claim"
Defines the name of the claim that contains group memberships or role assignments in the provider’s userinfo endpoint. The claim must be an array of strings. Most public identity providers do not support group or role management. When using a customizable / on-demand hosted identity provider, name, content, and inclusion in the userinfo endpoint will most likely need to be configured.
Type: string
Default:
config.services.dependency-track.oidc.teams.claim
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dependency-track.nix>
|
services.dependency-track.settings."alpine.oidc.teams.default"
Defines one or more team names that auto-provisioned OIDC users shall be added to. Multiple team names may be provided as comma-separated list.
Has no effect when services.dependency-track.oidc.userProvisioning
=false,
or services.dependency-track.oidc.teamSynchronization
=true.
Type: null or strings concatenated with “,”
Default:
config.services.dependency-track.oidc.teams.default
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dependency-track.nix>
|
services.dependency-track.settings."alpine.oidc.user.provisioning"
Specifies if mapped OpenID Connect accounts are automatically created upon successful authentication. When a user logs in with a valid access token but an account has not been previously provisioned, an authentication failure will be returned. This allows admins to control specifically which OpenID Connect users can access the system and which users cannot. When this value is set to true, a local OpenID Connect user will be created and mapped to the OpenID Connect account automatically. This automatic provisioning only affects authentication, not authorization.
Type: boolean
Default:
config.services.dependency-track.oidc.userProvisioning
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dependency-track.nix>
|
services.dependency-track.settings."alpine.oidc.username.claim"
Defines the name of the claim that contains the username in the provider’s userinfo endpoint. Common claims are “name”, “username”, “preferred_username” or “nickname”. See also: https://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse
Type: string
Default:
config.services.dependency-track.oidc.usernameClaim
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dependency-track.nix>
|
services.desktopManager.lomiri.enable
Whether to enable the Lomiri graphical shell (formerly known as Unity8) .
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/desktop-managers/lomiri.nix>
|
services.desktopManager.plasma6.enable
Enable the Plasma 6 (KDE 6) desktop environment.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/desktop-managers/plasma6.nix>
|
services.desktopManager.plasma6.enableQt5Integration
Enable Qt 5 integration (theming, etc). Disable for a pure Qt 6 system.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/desktop-managers/plasma6.nix>
|
services.desktopManager.plasma6.notoPackage
The Noto fonts - used for UI by default package to use.
Type: package
Default:
pkgs.noto-fonts
Example:
noto-fonts-lgc-plus
Declared by:
<nixpkgs/nixos/modules/services/desktop-managers/plasma6.nix>
|
services.devmon.enable
Whether to enable devmon, an automatic device mounting daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/devmon.nix>
|
services.devpi-server.enable
Whether to enable Devpi Server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/devpi-server.nix>
|
services.devpi-server.package
The devpi-server package to use.
Type: package
Default:
pkgs.devpi-server
Declared by:
<nixpkgs/nixos/modules/services/misc/devpi-server.nix>
|
services.devpi-server.host
domain/ip address to listen on
Type: string
Default:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/devpi-server.nix>
|
services.devpi-server.openFirewall
Whether to enable opening the default ports in the firewall for Devpi Server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/devpi-server.nix>
|
services.devpi-server.port
The port on which Devpi Server will listen.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
3141
Declared by:
<nixpkgs/nixos/modules/services/misc/devpi-server.nix>
|
services.devpi-server.primaryUrl
Url for the primary node. Required option for replica nodes.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/devpi-server.nix>
|
services.devpi-server.replica
Run node as a replica. Requires the secretFile option and the primaryUrl to be enabled.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/devpi-server.nix>
|
services.devpi-server.secretFile
Path to a shared secret file used for synchronization, Required for all nodes in a replica/primary setup.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/misc/devpi-server.nix>
|
services.dex.enable
Whether to enable the OpenID Connect and OAuth2 identity provider.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dex.nix>
|
services.dex.environmentFile
Environment file (see systemd.exec(5) “EnvironmentFile=” section for the syntax) to define variables for dex. This option can be used to safely include secret keys into the dex configuration.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dex.nix>
|
services.dex.settings
The available options can be found in the example configuration.
It’s also possible to refer to environment variables (defined in services.dex.environmentFile)
using the syntax $VARIABLE_NAME
.
Type: YAML value
Default:
{ }
Example:
{
# External url
issuer = "http://127.0.0.1:5556/dex";
storage = {
type = "postgres";
config.host = "/var/run/postgres";
};
web = {
http = "127.0.0.1:5556";
};
enablePasswordDB = true;
staticClients = [
{
id = "oidcclient";
name = "Client";
redirectURIs = [ "https://example.com/callback" ];
secretFile = "/etc/dex/oidcclient"; # The content of `secretFile` will be written into to the config as `secret`.
}
];
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dex.nix>
|
services.dgraph.enable
Whether to enable Dgraph native GraphQL database with a graph backend.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/databases/dgraph.nix>
|
services.dgraph.package
The dgraph package to use.
Type: package
Default:
pkgs.dgraph
Declared by:
<nixpkgs/nixos/modules/services/databases/dgraph.nix>
|
services.dgraph.alpha.host
The host which dgraph alpha will be run on.
Type: string
Default:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/databases/dgraph.nix>
|
services.dgraph.alpha.port
The port which to run dgraph alpha on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
7080
Declared by:
<nixpkgs/nixos/modules/services/databases/dgraph.nix>
|
services.dgraph.settings
Contents of the dgraph config. For more details see https://dgraph.io/docs/deploy/config
Type: JSON value
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/databases/dgraph.nix>
|
services.dgraph.zero.host
The host which dgraph zero will be run on.
Type: string
Default:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/databases/dgraph.nix>
|
services.dgraph.zero.port
The port which to run dgraph zero on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
5080
Declared by:
<nixpkgs/nixos/modules/services/databases/dgraph.nix>
|
services.dictd.enable
Whether to enable the DICT.org dictionary server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/dictd.nix>
|
services.dictd.DBs
List of databases to make available.
Type: list of package
Default:
with pkgs.dictdDBs; [ wiktionary wordnet ]
Example:
[ pkgs.dictdDBs.nld2eng ]
Declared by:
<nixpkgs/nixos/modules/services/misc/dictd.nix>
|
services.diod.enable
Whether to enable the diod 9P file server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
|
services.diod.allsquash
Remap all users to “nobody”. The attaching user need not be present in the password file.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
|
services.diod.authRequired
Allow clients to connect without authentication, i.e. without a valid MUNGE credential.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
|
services.diod.exportall
Export all file systems listed in /proc/mounts. If new file systems are mounted after diod has started, they will become immediately mountable. If there is a duplicate entry for a file system in the exports list, any options listed in the exports entry will apply.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
|
services.diod.exportopts
Establish a default set of export options. These are overridden, not appended to, by opts attributes in an “exports” entry.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
|
services.diod.exports
List the file systems that clients will be allowed to mount. All paths should be fully qualified. The exports table can include two types of element: a string element (as above), or an alternate table element form { path=“/path”, opts=“ro” }. In the alternate form, the (optional) opts attribute is a comma-separated list of export options. The two table element forms can be mixed in the exports table. Note that although diod will not traverse file system boundaries for a given mount due to inode uniqueness constraints, subdirectories of a file system can be separately exported.
Type: list of string
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
|
services.diod.extraConfig
Extra configuration options for diod.conf.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
|
services.diod.listen
[ “IP:PORT” [,“IP:PORT”,…] ] List the interfaces and ports that diod should listen on.
Type: list of string
Default:
[
"0.0.0.0:564"
]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
|
services.diod.logdest
Set the destination for logging. The value has the form of “syslog:facility:level” or “filename”.
Type: string
Default:
"syslog:daemon:err"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
|
services.diod.nwthreads
Sets the (fixed) number of worker threads created to handle 9P requests for a unique aname.
Type: signed integer
Default:
16
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
|
services.diod.squashuser
Change the squash user. The squash user must be present in the password file.
Type: string
Default:
"nobody"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
|
services.diod.statfsPassthru
This option configures statfs to return the host file system’s type rather than V9FS_MAGIC.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
|
services.diod.userdb
This option disables password/group lookups. It allows any uid to attach and assumes gid=uid, and supplementary groups contain only the primary gid.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
|
services.discourse.enable
Whether to enable Discourse, an open source discussion platform.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.enableACME
Whether an ACME certificate should be used to secure connections to the server.
Type: boolean
Default:
true
, unless services.discourse.sslCertificate
and services.discourse.sslCertificateKey
are set.
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.package
The discourse package to use.
Type: package
Default:
pkgs.discourse
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.admin.email
The admin user email address.
Type: string
Example:
"admin@example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.admin.fullName
The admin user’s full name.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.admin.passwordFile
A path to a file containing the admin user’s password.
This should be a string, not a nix path, since nix paths are copied into the world-readable nix store.
Type: absolute path
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.admin.skipCreate
Do not create the admin account, instead rely on other existing admin accounts.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.admin.username
The admin user username.
Type: string
Example:
"admin"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.backendSettings
Additional settings to put in the
discourse.conf
file.
Look in the discourse_defaults.conf file in the upstream distribution to find available options.
Setting an option to null
means
“define variable, but leave right-hand side empty”.
Type: attribute set of (null or string or signed integer or boolean or floating point number)
Default:
{ }
Example:
{
max_reqs_per_ip_per_minute = 300;
max_reqs_per_ip_per_10_seconds = 60;
max_asset_reqs_per_ip_per_10_seconds = 250;
max_reqs_per_ip_mode = "warn+block";
};
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.database.createLocally
Whether a database should be automatically created on the
local host. Set this to false
if you plan
on provisioning a local database yourself. This has no effect
if services.discourse.database.host
is customized.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.database.host
Discourse database hostname. null
means
“prefer local unix socket connection”.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.database.ignorePostgresqlVersion
Whether to allow other versions of PostgreSQL than the
recommended one. Only effective when
services.discourse.database.createLocally
is enabled.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.database.name
Discourse database name.
Type: string
Default:
"discourse"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.database.passwordFile
File containing the Discourse database user password.
This should be a string, not a nix path, since nix paths are copied into the world-readable nix store.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.database.pool
Database connection pool size.
Type: signed integer
Default:
8
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.database.username
Discourse database user.
Type: string
Default:
"discourse"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.hostname
The hostname to serve Discourse on.
Type: string
Default:
config.networking.fqdnOrHostName
Example:
"discourse.example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.mail.contactEmailAddress
Email address of key contact responsible for this
site. Used for critical notifications, as well as on the
/about
contact form for urgent matters.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.mail.incoming.enable
Whether to set up Postfix to receive incoming mail.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.mail.incoming.apiKeyFile
A file containing the Discourse API key used to add
posts and messages from mail. If left at its default
value null
, one will be automatically
generated.
This should be a string, not a nix path, since nix paths are copied into the world-readable nix store.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.mail.incoming.mailReceiverPackage
The discourse-mail-receiver package to use.
Type: package
Default:
pkgs.discourse-mail-receiver
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.mail.incoming.replyEmailAddress
Template for reply by email incoming email address, for example: %{reply_key}@reply.example.com or replies+%{reply_key}@example.com
Type: string
Default:
"%{reply_key}@${config.services.discourse.hostname}"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.mail.notificationEmailAddress
The from:
email address used when
sending all essential system emails. The domain specified
here must have SPF, DKIM and reverse PTR records set
correctly for email to arrive.
Type: string
Default:
"${if config.services.discourse.mail.incoming.enable then "notifications" else "noreply"}@${config.services.discourse.hostname}"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.mail.outgoing.enableStartTLSAuto
Whether to try to use StartTLS.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.mail.outgoing.authentication
Authentication type to use, see https://api.rubyonrails.org/classes/ActionMailer/Base.html
Type: null or one of “plain”, “login”, “cram_md5”
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.mail.outgoing.domain
HELO domain to use for outgoing mail.
Type: string
Default:
config.services.discourse.hostname
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.mail.outgoing.forceTLS
Force implicit TLS as per RFC 8314 3.3.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.mail.outgoing.opensslVerifyMode
How OpenSSL checks the certificate, see https://api.rubyonrails.org/classes/ActionMailer/Base.html
Type: string
Default:
"peer"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.mail.outgoing.passwordFile
A file containing the password of the SMTP server account.
This should be a string, not a nix path, since nix paths are copied into the world-readable nix store.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.mail.outgoing.port
The port of the SMTP server Discourse should use to send email.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
25
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.mail.outgoing.serverAddress
The address of the SMTP server Discourse should use to send email.
Type: string
Default:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.mail.outgoing.username
The username of the SMTP server.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.nginx.enable
Whether an nginx
virtual host should be
set up to serve Discourse. Only disable if you’re planning
to use a different web server, which is not recommended.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.plugins
Plugins to install as part of Discourse, expressed as a list of derivations.
Type: list of package
Default:
[ ]
Example:
with config.services.discourse.package.plugins; [
discourse-canned-replies
discourse-github
];
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.redis.dbNumber
Redis database number.
Type: signed integer
Default:
0
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.redis.host
Redis server hostname.
Type: string
Default:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.redis.passwordFile
File containing the Redis password.
This should be a string, not a nix path, since nix paths are copied into the world-readable nix store.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.redis.useSSL
Connect to Redis with SSL.
Type: boolean
Default:
config.services.discourse.redis.host != "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.secretKeyBaseFile
The path to a file containing the
secret_key_base
secret.
Discourse uses secret_key_base
to encrypt
the cookie store, which contains session data, and to digest
user auth tokens.
Needs to be a 64 byte long string of hexadecimal characters. You can generate one by running
openssl rand -hex 64 >/path/to/secret_key_base_file
This should be a string, not a nix path, since nix paths are copied into the world-readable nix store.
Type: null or absolute path
Default:
null
Example:
"/run/keys/secret_key_base"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.sidekiqProcesses
How many Sidekiq processes should be spawned.
Type: signed integer
Default:
1
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.siteSettings
Discourse site settings. These are the settings that can be changed from the UI. This only defines their default values: they can still be overridden from the UI.
Available settings can be found by looking in the site_settings.yml file of the upstream distribution. To find a setting’s path, you only need to care about the first two levels; i.e. its category and name. See the example.
Settings containing secret data should be set to an
attribute set containing the attribute
_secret
- a string pointing to a file
containing the value the option should be set to. See the
example to get a better picture of this: in the resulting
config/nixos_site_settings.json
file,
the login.github_client_secret
key will
be set to the contents of the
/run/keys/discourse_github_client_secret
file.
Type: JSON value
Default:
{ }
Example:
{
required = {
title = "My Cats";
site_description = "Discuss My Cats (and be nice plz)";
};
login = {
enable_github_logins = true;
github_client_id = "a2f6dfe838cb3206ce20";
github_client_secret._secret = /run/keys/discourse_github_client_secret;
};
};
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.sslCertificate
The path to the server SSL certificate. Set this to enable SSL.
Type: null or absolute path
Default:
null
Example:
"/run/keys/ssl.cert"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.sslCertificateKey
The path to the server SSL certificate key. Set this to enable SSL.
Type: null or absolute path
Default:
null
Example:
"/run/keys/ssl.key"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.unicornTimeout
Time in seconds before a request to Unicorn times out.
This can be raised if the system Discourse is running on is too slow to handle many requests within 30 seconds.
Type: signed integer
Default:
30
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.disnix.enable
Whether to enable Disnix.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/disnix.nix>
|
services.disnix.enableMultiUser
Whether to support multi-user mode by enabling the Disnix D-Bus service
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/disnix.nix>
|
services.disnix.enableProfilePath
Whether to enable exposing the Disnix profiles in the system’s PATH.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/disnix.nix>
|
services.disnix.package
The disnix package to use.
Type: package
Default:
pkgs.disnix
Declared by:
<nixpkgs/nixos/modules/services/misc/disnix.nix>
|
services.disnix.profiles
Names of the Disnix profiles to expose in the system’s PATH
Type: list of string
Default:
[
"default"
]
Declared by:
<nixpkgs/nixos/modules/services/misc/disnix.nix>
|
services.disnix.useWebServiceInterface
Whether to enable the DisnixWebService interface running on Apache Tomcat.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/disnix.nix>
|
services.displayManager.enable
Whether to enable systemd’s display-manager service.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/display-managers/default.nix>
|
services.displayManager.autoLogin
Auto login configuration attrset.
Type: submodule
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/display-managers/default.nix>
|
services.displayManager.autoLogin.enable
Automatically log in as autoLogin.user
.
Type: boolean
Default:
config.services.displayManager.autoLogin.user != null
Declared by:
<nixpkgs/nixos/modules/services/display-managers/default.nix>
|
services.displayManager.autoLogin.user
User to be used for the automatic login.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/display-managers/default.nix>
|
services.displayManager.defaultSession
Graphical session to pre-select in the session chooser (only effective for GDM, LightDM and SDDM).
On GDM, LightDM and SDDM, it will also be used as a session for auto-login.
Set this option to empty string to get an error with a list of currently available sessions.
Type: session name
Default:
null
Example:
"gnome"
Declared by:
<nixpkgs/nixos/modules/services/display-managers/default.nix>
|
services.displayManager.environment
Additional environment variables needed by the display manager.
Type: attribute set of unspecified value
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/display-managers/default.nix>
|
services.displayManager.execCmd
Command to start the display manager.
Type: string
Example:
"${pkgs.lightdm}/bin/lightdm"
Declared by:
<nixpkgs/nixos/modules/services/display-managers/default.nix>
|
services.displayManager.hiddenUsers
A list of users which will not be shown in the display manager.
Type: list of string
Default:
[
"nobody"
]
Declared by:
<nixpkgs/nixos/modules/services/display-managers/default.nix>
|
services.displayManager.logToFile
Whether the display manager redirects the output of the
session script to ~/.xsession-errors
.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/display-managers/default.nix>
|
services.displayManager.logToJournal
Whether the display manager redirects the output of the session script to the systemd journal.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/display-managers/default.nix>
|
services.displayManager.ly.enable
Whether to enable ly as the display manager.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/display-managers/ly.nix>
|
services.displayManager.ly.package
The ly package to use.
Type: package
Default:
pkgs.ly
Declared by:
<nixpkgs/nixos/modules/services/display-managers/ly.nix>
|
services.displayManager.ly.settings
Extra settings merged in and overwriting defaults in config.ini.
Type: attribute set of (string or signed integer or boolean)
Default:
{ }
Example:
{
load = false;
save = false;
}
Declared by:
<nixpkgs/nixos/modules/services/display-managers/ly.nix>
|
services.displayManager.preStart
Script executed before the display manager is started.
Type: strings concatenated with “\n”
Default:
""
Example:
"rm -f /var/log/my-display-manager.log"
Declared by:
<nixpkgs/nixos/modules/services/display-managers/default.nix>
|
services.displayManager.sddm.enable
Whether to enable sddm as the display manager.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/display-managers/sddm.nix>
|
services.displayManager.sddm.enableHidpi
Whether to enable automatic HiDPI mode.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/display-managers/sddm.nix>
|
services.displayManager.sddm.package
The sddm package to use.
Type: package
Default:
pkgs.plasma5Packages.sddm
Declared by:
<nixpkgs/nixos/modules/services/display-managers/sddm.nix>
|
services.displayManager.sddm.autoLogin.minimumUid
Minimum user ID for auto-login user.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
1000
Declared by:
<nixpkgs/nixos/modules/services/display-managers/sddm.nix>
|
services.displayManager.sddm.autoLogin.relogin
If true automatic login will kick in again on session exit (logout), otherwise it will only log in automatically when the display-manager is started.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/display-managers/sddm.nix>
|
services.displayManager.sddm.autoNumlock
Enable numlock at login.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/display-managers/sddm.nix>
|
services.displayManager.sddm.extraPackages
Extra Qt plugins / QML libraries to add to the environment.
Type: list of package
Default:
"[]"
Declared by:
<nixpkgs/nixos/modules/services/display-managers/sddm.nix>
|
services.displayManager.sddm.settings
Extra settings merged in and overwriting defaults in sddm.conf.
Type: attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string))
Default:
{ }
Example:
{
Autologin = {
Session = "plasma.desktop";
User = "john";
};
}
Declared by:
<nixpkgs/nixos/modules/services/display-managers/sddm.nix>
|
services.displayManager.sddm.setupScript
A script to execute when starting the display server. DEPRECATED, please
use services.xserver.displayManager.setupCommands
.
Type: string
Default:
""
Example:
''
# workaround for using NVIDIA Optimus without Bumblebee
xrandr --setprovideroutputsource modesetting NVIDIA-0
xrandr --auto
''
Declared by:
<nixpkgs/nixos/modules/services/display-managers/sddm.nix>
|
services.displayManager.sddm.stopScript
A script to execute when stopping the display server.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/display-managers/sddm.nix>
|
services.displayManager.sddm.theme
Greeter theme to use.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/display-managers/sddm.nix>
|
services.displayManager.sddm.wayland.enable
Whether to enable experimental Wayland support.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/display-managers/sddm.nix>
|
services.displayManager.sddm.wayland.compositor
The compositor to use: kwin, weston
Type: one of “kwin”, “weston”
Default:
"weston"
Declared by:
<nixpkgs/nixos/modules/services/display-managers/sddm.nix>
|
services.displayManager.sessionPackages
A list of packages containing x11 or wayland session files to be passed to the display manager.
Type: list of package with provided sessions
Default:
[ ]
Declared by:
<nixpkgs/nixos/modules/services/display-managers/default.nix>
|
services.distccd.enable
Whether to enable distccd, a distributed C/C++ compiler.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/development/distccd.nix>
|
services.distccd.package
The distcc package to use.
Type: package
Default:
pkgs.distcc
Declared by:
<nixpkgs/nixos/modules/services/development/distccd.nix>
|
services.distccd.allowedClients
Client IPs which are allowed to connect to distccd in CIDR notation.
Anyone who can connect to the distccd server can run arbitrary commands on that system as the distcc user, therefore you should use this judiciously.
Type: list of string
Default:
[
"127.0.0.1"
]
Example:
[
"127.0.0.1"
"192.168.0.0/24"
"10.0.0.0/24"
]
Declared by:
<nixpkgs/nixos/modules/services/development/distccd.nix>
|
services.distccd.jobTimeout
Maximum duration, in seconds, of a single compilation request.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/development/distccd.nix>
|
services.distccd.logLevel
Set the minimum severity of error that will be included in the log file. Useful if you only want to see error messages rather than an entry for each connection.
Type: null or one of “critical”, “error”, “warning”, “notice”, “info”, “debug”
Default:
"warning"
Declared by:
<nixpkgs/nixos/modules/services/development/distccd.nix>
|
services.distccd.maxJobs
Maximum number of tasks distccd should execute at lib.any time.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/development/distccd.nix>
|
services.distccd.nice
Niceness of the compilation tasks.
Type: null or signed integer
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/development/distccd.nix>
|
services.distccd.openFirewall
Opens the specified TCP port for distcc.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/development/distccd.nix>
|
services.distccd.port
The TCP port which distccd will listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
3632
Declared by:
<nixpkgs/nixos/modules/services/development/distccd.nix>
|
services.distccd.stats.enable
Whether to enable statistics reporting via HTTP server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/development/distccd.nix>
|
services.distccd.stats.port
The TCP port which the distccd statistics HTTP server will listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
3633
Declared by:
<nixpkgs/nixos/modules/services/development/distccd.nix>
|
services.distccd.zeroconf
Whether to register via mDNS/DNS-SD
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/development/distccd.nix>
|
services.dkimproxy-out.enable
Whether to enable dkimproxy_out.
Note that a key will be auto-generated, and can be found in /var/lib/dkimproxy-out.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/mail/dkimproxy-out.nix>
|
services.dkimproxy-out.domains
List of domains DKIMproxy can sign for.
Type: list of string
Example:
[
"example.org"
"example.com"
]
Declared by:
<nixpkgs/nixos/modules/services/mail/dkimproxy-out.nix>
|
services.dkimproxy-out.keySize
Size of the RSA key to use to sign outgoing emails. Note that the maximum mandatorily verified as per RFC6376 is 2048.
Type: signed integer
Default:
2048
Declared by:
<nixpkgs/nixos/modules/services/mail/dkimproxy-out.nix>
|
services.dkimproxy-out.listen
Address:port DKIMproxy should listen on.
Type: string
Example:
"127.0.0.1:10027"
Declared by:
<nixpkgs/nixos/modules/services/mail/dkimproxy-out.nix>
|
services.dkimproxy-out.relay
Address:port DKIMproxy should forward mail to.
Type: string
Example:
"127.0.0.1:10028"
Declared by:
<nixpkgs/nixos/modules/services/mail/dkimproxy-out.nix>
|
services.dkimproxy-out.selector
The selector to use for DKIM key identification.
For example, if ‘selector1’ is used here, then for each domain
‘example.org’ given in domain
, ‘selector1._domainkey.example.org’
should contain the TXT record indicating the public key is the one
in /var/lib/dkimproxy-out/public.key: “v=DKIM1; t=s; p=[THE PUBLIC KEY]”.
Type: string
Example:
"selector1"
Declared by:
<nixpkgs/nixos/modules/services/mail/dkimproxy-out.nix>
|
services.dleyna-renderer.enable
Whether to enable dleyna-renderer service, a DBus service for handling DLNA renderers.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/desktops/dleyna-renderer.nix>
|
services.dleyna-server.enable
Whether to enable dleyna-server service, a DBus service for handling DLNA servers.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/desktops/dleyna-server.nix>
|
services.dnscache.enable
Whether to run the dnscache caching dns server.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscache.nix>
|
services.dnscache.clientIps
Client IP addresses (or prefixes) from which to accept connections.
Type: list of string
Default:
[
"127.0.0.1"
]
Example:
[
"192.168"
"172.23.75.82"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscache.nix>
|
services.dnscache.domainServers
Table of {hostname: server} pairs to use as authoritative servers for hosts (and subhosts). If entry for @ is not specified predefined list of root servers is used.
Type: attribute set of list of string
Default:
{ }
Example:
{
"@" = ["8.8.8.8" "8.8.4.4"];
"example.com" = ["192.168.100.100"];
}
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscache.nix>
|
services.dnscache.forwardOnly
Whether to treat root servers (for @) as caching servers, requesting addresses the same way a client does. This is needed if you want to use e.g. Google DNS as your upstream DNS.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscache.nix>
|
services.dnscache.ip
IP address on which to listen for connections.
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscache.nix>
|
services.dnscrypt-proxy2.enable
Whether to enable dnscrypt-proxy2.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-proxy2.nix>
|
services.dnscrypt-proxy2.configFile
Path to TOML config file. See: https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/dnscrypt-proxy/example-dnscrypt-proxy.toml If this option is set, it will override any configuration done in options.services.dnscrypt-proxy2.settings.
Type: absolute path
Default:
TOML file generated from services.dnscrypt-proxy2.settings
Example:
"/etc/dnscrypt-proxy/dnscrypt-proxy.toml"
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-proxy2.nix>
|
services.dnscrypt-proxy2.settings
Attrset that is converted and passed as TOML config file. For available params, see: https://github.com/DNSCrypt/dnscrypt-proxy/blob/2.1.7/dnscrypt-proxy/example-dnscrypt-proxy.toml
Type: attribute set
Default:
{ }
Example:
{
sources.public-resolvers = {
urls = [ "https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md" ];
cache_file = "public-resolvers.md";
minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
refresh_delay = 72;
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-proxy2.nix>
|
services.dnscrypt-proxy2.upstreamDefaults
Whether to base the config declared in services.dnscrypt-proxy2.settings
on the upstream example config (https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/dnscrypt-proxy/example-dnscrypt-proxy.toml)
Disable this if you want to declare your dnscrypt config from scratch.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-proxy2.nix>
|
services.dnsdist.enable
Whether to enable dnsdist domain name server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsdist.nix>
|
services.dnsdist.dnscrypt.enable
Whether to enable a DNSCrypt endpoint to dnsdist.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsdist.nix>
|
services.dnsdist.dnscrypt.certLifetime
The lifetime (in minutes) of the resolver certificate. This will be automatically rotated before expiration.
Type: positive integer, meaning >0
Default:
15
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsdist.nix>
|
services.dnsdist.dnscrypt.listenAddress
Listen IP address of the endpoint
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsdist.nix>
|
services.dnsdist.dnscrypt.listenPort
Listen port of the endpoint
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
443
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsdist.nix>
|
services.dnsdist.dnscrypt.providerKey
The filepath to the provider secret key. If not given a new provider key pair will be generated in /var/lib/dnsdist on the first run.
The file must be readable by the dnsdist user/group.
Type: null or absolute path
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsdist.nix>
|
services.dnsdist.dnscrypt.providerName
The name that will be given to this DNSCrypt resolver.
The provider name must start with 2.dnscrypt-cert.
.
Type: string
Default:
2.dnscrypt-cert.${config.networking.hostName}
Example:
"2.dnscrypt-cert.myresolver"
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsdist.nix>
|
services.dnsdist.extraConfig
Extra lines to be added verbatim to dnsdist.conf.
Type: strings concatenated with “\n”
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsdist.nix>
|
services.dnsdist.listenAddress
Listen IP address
Type: string
Default:
"0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsdist.nix>
|
services.dnsdist.listenPort
Listen port
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
53
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsdist.nix>
|
services.dnsmasq.enable
Whether to run dnsmasq.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsmasq.nix>
|
services.dnsmasq.package
The dnsmasq package to use.
Type: package
Default:
pkgs.dnsmasq
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsmasq.nix>
|
services.dnsmasq.alwaysKeepRunning
If enabled, systemd will always respawn dnsmasq even if shut down manually. The default, disabled, will only restart it on error.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsmasq.nix>
|
services.dnsmasq.resolveLocalQueries
Whether dnsmasq should resolve local queries (i.e. add 127.0.0.1 to /etc/resolv.conf).
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsmasq.nix>
|
services.dnsmasq.settings
Configuration of dnsmasq. Lists get added one value per line (empty lists and false values don’t get added, though false values get turned to comments). Gets merged with
{
dhcp-leasefile = "/var/lib/dnsmasq/dnsmasq.leases";
conf-file = optional cfg.resolveLocalQueries "/etc/dnsmasq-conf.conf";
resolv-file = optional cfg.resolveLocalQueries "/etc/dnsmasq-resolv.conf";
}
Type: attribute set of (atom (null, bool, int, float or string) or a list of them for duplicate keys)
Default:
{ }
Example:
{
domain-needed = true;
dhcp-range = [ "192.168.0.2,192.168.0.254" ];
}
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsmasq.nix>
|
services.dnsmasq.settings.server
The DNS servers which dnsmasq should query.
Type: list of string
Default:
[ ]
Example:
[
"8.8.8.8"
"8.8.4.4"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsmasq.nix>
|
services.dnsproxy.enable
Whether to enable dnsproxy.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsproxy.nix>
|
services.dnsproxy.package
The dnsproxy package to use.
Type: package
Default:
pkgs.dnsproxy
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsproxy.nix>
|
services.dnsproxy.flags
A list of extra command-line flags to pass to dnsproxy. For details on the available options, see https://github.com/AdguardTeam/dnsproxy#usage. Keep in mind that options passed through command-line flags override config options.
Type: list of string
Default:
[ ]
Example:
[
"--upstream=1.1.1.1:53"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsproxy.nix>
|
services.dnsproxy.settings
Contents of the config.yaml
config file.
The --config-path
argument will only be passed if this set is not empty.
See https://github.com/AdguardTeam/dnsproxy/blob/master/config.yaml.dist.
Type: YAML value
Default:
{ }
Example:
{
bootstrap = [
"8.8.8.8:53"
];
listen-addrs = [
"0.0.0.0"
];
listen-ports = [
53
];
upstream = [
"1.1.1.1:53"
];
}
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsproxy.nix>
|
services.do-agent.enable
Whether to enable do-agent, the DigitalOcean droplet metrics agent.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/do-agent.nix>
|
services.dockerRegistry.enable
Whether to enable Docker Registry.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
|
services.dockerRegistry.enableDelete
Enable delete for manifests and blobs.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
|
services.dockerRegistry.enableGarbageCollect
Whether to enable garbage collect.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
|
services.dockerRegistry.enableRedisCache
Whether to enable redis as blob cache.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
|
services.dockerRegistry.package
The docker-distribution package to use.
Type: package
Default:
pkgs.docker-distribution
Example:
gitlab-container-registry
Declared by:
<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
|
services.dockerRegistry.configFile
Path to CNCF distribution config file.
Setting this option will override any configuration applied by the extraConfig option.
Type: absolute path
Default:
pkgs.writeText "docker-registry-config.yml" "# my custom docker-registry-config.yml ..."
Declared by:
<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
|
services.dockerRegistry.extraConfig
Docker extra registry configuration.
Type: attribute set
Default:
{ }
Example:
{
log.level = "debug";
}
Declared by:
<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
|
services.dockerRegistry.garbageCollectDates
Specification (in the format described by systemd.time(7)) of the time at which the garbage collect will occur.
Type: string
Default:
"daily"
Declared by:
<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
|
services.dockerRegistry.listenAddress
Docker registry host or ip to bind to.
Type: string
Default:
"127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
|
services.dockerRegistry.openFirewall
Opens the port used by the firewall.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
|
services.dockerRegistry.port
Docker registry port to bind to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
5000
Declared by:
<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
|
services.dockerRegistry.redisPassword
Set redis password.
Type: string
Default:
""
Declared by:
<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
|
services.dockerRegistry.redisUrl
Set redis host and port.
Type: string
Default:
"localhost:6379"
Declared by:
<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
|
services.dockerRegistry.storagePath
Docker registry storage path for the filesystem storage backend. Set to null to configure another backend via extraConfig.
Type: null or absolute path
Default:
"/var/lib/docker-registry"
Declared by:
<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
|
services.documize.enable
Whether to enable Documize Wiki.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/documize.nix>
|
services.documize.package
The documize-community package to use.
Type: package
Default:
pkgs.documize-community
Declared by:
<nixpkgs/nixos/modules/services/web-apps/documize.nix>
|
services.documize.cert
The cert.pem
file used for https.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/documize.nix>
|
services.documize.db
Database specific connection string for example:
MySQL/Percona/MariaDB:
user:password@tcp(host:3306)/documize
MySQLv8+:
user:password@tcp(host:3306)/documize?allowNativePasswords=true
PostgreSQL:
host=localhost port=5432 dbname=documize user=admin password=secret sslmode=disable
MSSQL:
sqlserver://username:password@localhost:1433?database=Documize
or
sqlserver://sa@localhost/SQLExpress?database=Documize
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/documize.nix>
|
services.documize.dbtype
Specify the database provider: mysql
, percona
, mariadb
, postgresql
, sqlserver
Type: one of “mysql”, “percona”, “mariadb”, “postgresql”, “sqlserver”
Default:
"postgresql"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/documize.nix>
|
services.documize.forcesslport
Redirect given http port number to TLS.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/documize.nix>
|
services.documize.key
The key.pem
file used for https.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/documize.nix>
|
services.documize.location
reserved
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/documize.nix>
|
services.documize.offline
Set true
for offline mode.
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/documize.nix>
|
services.documize.port
The http/https port number.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
5001
Declared by:
<nixpkgs/nixos/modules/services/web-apps/documize.nix>
|
services.documize.salt
The salt string used to encode JWT tokens, if not set a random value will be generated.
Type: null or string
Default:
null
Example:
"3edIYV6c8B28b19fh"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/documize.nix>
|
services.documize.stateDirectoryName
The name of the directory below /var/lib/private
where documize runs in and stores, for example, backups.
Type: string
Default:
"documize"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/documize.nix>
|
services.docuum.enable
Whether to enable docuum daemon.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/admin/docuum.nix>
|
services.docuum.deletionChunkSize
Removes specified quantity of images at a time.
Type: signed integer
Default:
1
Example:
10
Declared by:
<nixpkgs/nixos/modules/services/admin/docuum.nix>
|
services.docuum.keep
Prevents deletion of images for which repository:tag matches the specified regex.
Type: list of string
Default:
[ ]
Example:
[
"^my-image"
]
Declared by:
<nixpkgs/nixos/modules/services/admin/docuum.nix>
|
services.docuum.minAge
Sets the minimum age of images to be considered for deletion.
Type: null or string
Default:
null
Example:
"1d"
Declared by:
<nixpkgs/nixos/modules/services/admin/docuum.nix>
|
services.docuum.threshold
Threshold for deletion in bytes, like 10 GB
, 10 GiB
, 10GB
or percentage-based thresholds like 50%
Type: string
Default:
"10 GB"
Example:
"50%"
Declared by:
<nixpkgs/nixos/modules/services/admin/docuum.nix>
|
services.doh-proxy-rust.enable
Whether to enable doh-proxy-rust.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/doh-proxy-rust.nix>
|
services.doh-proxy-rust.flags
A list of command-line flags to pass to doh-proxy. For details on the available options, see https://github.com/jedisct1/doh-server#usage.
Type: list of string
Default:
[ ]
Example:
[
"--server-address=9.9.9.9:53"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/doh-proxy-rust.nix>
|
services.doh-server.enable
Whether to enable DNS-over-HTTPS server.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/doh-server.nix>
|
services.doh-server.package
The dns-over-https package to use.
Type: package
Default:
pkgs.dns-over-https
Declared by:
<nixpkgs/nixos/modules/services/networking/doh-server.nix>
|
services.doh-server.configFile
The config file for the doh-server.
Setting this option will override any configuration applied by the settings
option.
Type: absolute path
Example:
"/path/to/doh-server.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/doh-server.nix>
|
services.doh-server.settings
Configuration of doh-server in toml. See example in https://github.com/m13253/dns-over-https/blob/master/doh-server/doh-server.conf
Type: TOML value
Default:
{ }
Example:
{
listen = [
":8153"
];
upstream = [
"udp:127.0.0.1:53"
];
}
Declared by:
<nixpkgs/nixos/modules/services/networking/doh-server.nix>
|
services.doh-server.settings.ecs_allow_non_global_ip
By default, non global IP addresses are never forwarded to upstream servers. This is to prevent two things from happening:
the upstream server knowing your private LAN addresses;
the upstream server unable to provide geographically near results, or even fail to provide any result. However, if you are deploying a split tunnel corporation network environment, or for any other reason you want to inhibit this behavior and allow local (eg RFC1918) address to be forwarded, change the following option to “true”.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/doh-server.nix>
|
services.doh-server.settings.ecs_use_precise_ip
If ECS is added to the request, let the full IP address or cap it to 24 or 128 mask. This option is to be used only on private networks where knowledge of the terminal endpoint may be required for security purposes (eg. DNS Firewalling). Not a good option on the internet where IP address may be used to identify the user and not only the approximate location.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/doh-server.nix>
|
services.doh-server.settings.listen
HTTP listen address and port
Type: list of string
Default:
[
"127.0.0.1:8053"
"[::1]:8053"
]
Example:
[
":443"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/doh-server.nix>
|
services.doh-server.settings.log_guessed_client_ip
Enable log IP from HTTPS-reverse proxy header: X-Forwarded-For or X-Real-IP Note: http uri/useragent log cannot be controlled by this config
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/doh-server.nix>
|
services.doh-server.settings.path
HTTP path for resolve application
Type: string
Default:
"/dns-query"
Example:
"/dns-query"
Declared by:
<nixpkgs/nixos/modules/services/networking/doh-server.nix>
|
services.doh-server.settings.timeout
Upstream timeout
Type: signed integer
Default:
10
Example:
15
Declared by:
<nixpkgs/nixos/modules/services/networking/doh-server.nix>
|
services.doh-server.settings.tries
Number of tries if upstream DNS fails
Type: signed integer
Default:
3
Example:
5
Declared by:
<nixpkgs/nixos/modules/services/networking/doh-server.nix>
|
services.doh-server.settings.upstream
Upstream DNS resolver. If multiple servers are specified, a random one will be chosen each time. You can use “udp”, “tcp” or “tcp-tls” for the type prefix. For “udp”, UDP will first be used, and switch to TCP when the server asks to or the response is too large. For “tcp”, only TCP will be used. For “tcp-tls”, DNS-over-TLS (RFC 7858) will be used to secure the upstream connection.
Type: list of string
Default:
[
"udp:1.1.1.1:53"
"udp:1.0.0.1:53"
"udp:8.8.8.8:53"
"udp:8.8.4.4:53"
]
Example:
[
"udp:127.0.0.1:53"
]
Declared by:
<nixpkgs/nixos/modules/services/networking/doh-server.nix>
|
services.doh-server.settings.verbose
Enable logging
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/networking/doh-server.nix>
|
services.doh-server.useACMEHost
A host of an existing Let’s Encrypt certificate to use.
Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using security.acme.certs
.
Type: null or string
Default:
null
Example:
"doh.example.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/doh-server.nix>
|
services.dokuwiki.sites
Specification of one or more DokuWiki sites to serve
Type: attribute set of (submodule)
Default:
{ }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
|
services.dokuwiki.sites.<name>.enable
Whether to enable DokuWiki web application.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
|
services.dokuwiki.sites.<name>.package
The dokuwiki package to use.
Type: package
Default:
pkgs.dokuwiki
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
|
services.dokuwiki.sites.<name>.acl
Access Control Lists: see https://www.dokuwiki.org/acl Mutually exclusive with services.dokuwiki.aclFile Set this to a value other than null to take precedence over aclFile option.
Warning: Consider using aclFile instead if you do not want to store the ACL in the world-readable Nix store.
Type: null or (list of (submodule))
Default:
null
Example:
[
{
page = "start";
actor = "@external";
level = "read";
}
{
page = "*";
actor = "@users";
level = "upload";
}
]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
|
services.dokuwiki.sites.<name>.acl.*.actor
User or group to restrict
Type: string
Example:
"@external"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
|
services.dokuwiki.sites.<name>.acl.*.level
Permission level to restrict the actor(s) to. See https://www.dokuwiki.org/acl#background_info for explanation
Type: one of 4, 16, 2, 0, 1, 8, “create”, “delete”, “edit”, “none”, “read”, “upload”
Example:
"read"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
|
services.dokuwiki.sites.<name>.acl.*.page
Page or namespace to restrict
Type: string
Example:
"start"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
|
services.dokuwiki.sites.<name>.aclFile
Location of the dokuwiki acl rules. Mutually exclusive with services.dokuwiki.acl Mutually exclusive with services.dokuwiki.acl which is preferred. Consult documentation https://www.dokuwiki.org/acl for further instructions. Example: https://github.com/splitbrain/dokuwiki/blob/master/conf/acl.auth.php.dist
Type: null or string
Default:
"/var/lib/dokuwiki/‹name›/acl.auth.php"
Example:
"/var/lib/dokuwiki/‹name›/acl.auth.php"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
|
services.dokuwiki.sites.<name>.mergedConfig
Read only representation of the final configuration.
Type: unspecified value (read only)
Default:
{
useacl = true;
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
|
services.dokuwiki.sites.<name>.phpOptions
Options for PHP’s php.ini file for this dokuwiki site.
Type: attribute set of string
Default:
{ }
Example:
{
"opcache.interned_strings_buffer" = "8";
"opcache.max_accelerated_files" = "10000";
"opcache.memory_consumption" = "128";
"opcache.revalidate_freq" = "15";
"opcache.fast_shutdown" = "1";
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
|
services.dokuwiki.sites.<name>.phpPackage
The php package to use.
Type: package
Default:
pkgs.php81
Example:
php82
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
|
services.dokuwiki.sites.<name>.plugins
List of path(s) to respective plugin(s) which are copied from the ‘plugin’ directory.
These plugins need to be packaged before use, see example.
Type: list of absolute path
Default:
[ ]
Example:
let
plugin-icalevents = pkgs.stdenv.mkDerivation rec {
name = "icalevents";
version = "2017-06-16";
src = pkgs.fetchzip {
stripRoot = false;
url = "https://github.com/real-or-random/dokuwiki-plugin-icalevents/releases/download/${version}/dokuwiki-plugin-icalevents-${version}.zip";
hash = "sha256-IPs4+qgEfe8AAWevbcCM9PnyI0uoyamtWeg4rEb+9Wc=";
};
installPhase = "mkdir -p $out; cp -R * $out/";
};
# And then pass this theme to the plugin list like this:
in [ plugin-icalevents ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
|
services.dokuwiki.sites.<name>.pluginsConfig
List of the dokuwiki (un)loaded plugins.
Type: attribute set of boolean
Default:
{
authad = false;
authldap = false;
authmysql = false;
authpgsql = false;
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
|
services.dokuwiki.sites.<name>.poolConfig
Options for the DokuWiki PHP pool. See the documentation on php-fpm.conf
for details on configuration directives.
Type: attribute set of (string or signed integer or boolean)
Default:
{
pm = "dynamic";
"pm.max_children" = 32;
"pm.max_requests" = 500;
"pm.max_spare_servers" = 4;
"pm.min_spare_servers" = 2;
"pm.start_servers" = 2;
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
|
services.dokuwiki.sites.<name>.settings
Structural DokuWiki configuration.
Refer to https://www.dokuwiki.org/config
for details and supported values.
Settings can either be directly set from nix,
loaded from a file using ._file
or obtained from any
PHP function calls using ._raw
.
Type: attribute set of anything
Default:
{
superuser = "admin";
useacl = true;
}
Example:
{
title = "My Wiki";
userewrite = 1;
disableactions = [ "register" ]; # Will be concatenated with commas
plugin.smtp = {
smtp_pass._file = "/var/run/secrets/dokuwiki/smtp_pass";
smtp_user._raw = "getenv('DOKUWIKI_SMTP_USER')";
};
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
|
services.dokuwiki.sites.<name>.stateDir
Location of the DokuWiki state directory.
Type: absolute path
Default:
"/var/lib/dokuwiki/‹name›/data"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
|
services.dokuwiki.sites.<name>.templates
List of path(s) to respective template(s) which are copied from the ‘tpl’ directory.
These templates need to be packaged before use, see example.
Type: list of absolute path
Default:
[ ]
Example:
let
template-bootstrap3 = pkgs.stdenv.mkDerivation rec {
name = "bootstrap3";
version = "2022-07-27";
src = pkgs.fetchFromGitHub {
owner = "giterlizzi";
repo = "dokuwiki-template-bootstrap3";
rev = "v${version}";
hash = "sha256-B3Yd4lxdwqfCnfmZdp+i/Mzwn/aEuZ0ovagDxuR6lxo=";
};
installPhase = "mkdir -p $out; cp -R * $out/";
};
# And then pass this theme to the template list like this:
in [ template-bootstrap3 ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
|
services.dokuwiki.sites.<name>.usersFile
Location of the dokuwiki users file. List of users. Format:
login:passwordhash:Real Name:email:groups,comma,separated
Create passwordHash easily by using:
mkpasswd -5 password `pwgen 8 1`
Example: https://github.com/splitbrain/dokuwiki/blob/master/conf/users.auth.php.dist
Type: null or string
Default:
"/var/lib/dokuwiki/‹name›/users.auth.php"
Example:
"/var/lib/dokuwiki/‹name›/users.auth.php"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
|
services.dokuwiki.webserver
Whether to use nginx or caddy for virtual host management.
Further nginx configuration can be done by adapting services.nginx.virtualHosts.<name>
.
See services.nginx.virtualHosts
for further information.
Further caddy configuration can be done by adapting services.caddy.virtualHosts.<name>
.
See services.caddy.virtualHosts
for further information.
Type: one of “nginx”, “caddy”
Default:
"nginx"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
|
services.dolibarr.enable
Whether to enable dolibarr.
Type: boolean
Default:
false
Example:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.package
The dolibarr package to use.
Type: package
Default:
pkgs.dolibarr
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.database.createLocally
Create the database and database user locally.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.database.host
Database host address.
Type: string
Default:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.database.name
Database name.
Type: string
Default:
"dolibarr"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.database.passwordFile
Database password file.
Type: null or absolute path
Default:
null
Example:
"/run/keys/dolibarr-dbpassword"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.database.port
Database host port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
3306
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.database.user
Database username.
Type: string
Default:
"dolibarr"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.domain
Domain name of your server.
Type: string
Default:
"localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.group
Group account under which dolibarr runs.
If left as the default value this group will automatically be created on system activation, otherwise you are responsible for ensuring the group exists before the dolibarr application starts.
Type: string
Default:
"dolibarr"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx
With this option, you can customize an nginx virtual host which already has sensible defaults for Dolibarr.
Set to {} if you do not need any customization to the virtual host.
If enabled, then by default, the serverName
is
${domain}
,
SSL is active, and certificates are acquired via ACME.
If this is set to null (the default), no nginx virtualHost will be configured.
Type: null or (submodule)
Default:
null
Example:
{
serverAliases = [
"dolibarr.${config.networking.domain}"
"erp.${config.networking.domain}"
];
enableACME = false;
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.enableACME
Whether to ask Let’s Encrypt to sign a certificate for this vhost.
Alternately, you can use an existing certificate through useACMEHost
.
Type: boolean
Default:
true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.acmeFallbackHost
Host which to proxy requests to if ACME challenge is not found. Useful if you want multiple hosts to be able to verify the same domain name.
With this option, you could request certificates for the present domain with an ACME client that is running on another host, which you would specify here.
Type: null or string
Default:
null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.acmeRoot
Directory for the ACME challenge, which is public. Don’t put certs or keys in here. Set to null to inherit from config.security.acme.
Type: null or string
Default:
"/var/lib/acme/acme-challenge"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.addSSL
Whether to enable HTTPS in addition to plain HTTP. This will set defaults for
listen
to listen on all interfaces on the respective default
ports (80, 443).
Type: boolean
Default:
false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.basicAuth
Basic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the Nix store.
Type: attribute set of string
Default:
{ }
Example:
{
user = "password";
};
Declared by:
<nixpkgs/nixos/modules/services/web-apps/ |